Add the ZMQAuth class

phuedx · phuedx · commit bcd105cec4dc · 2014-10-08T13:55:14.000+01:00
The ZMQAuth class wraps the CZMQ zauth API.

Instances of the ZMQAuth class can:

* install a ZAP handler for a ZMQContext
* whitelist/blacklist IP addresses
* use plain or curve authentication for one or more domains
diff --git a/api.php b/api.php
@@ -625,6 +625,7 @@ public function __construct(ZMQContext $context) {}
      * whitelisted addresses are treated as if they were blacklisted.
      *
      * @param string $address
+     * @return ZMQAuth Provides a fluent interface
      */
     public function allow($address) {}
 
@@ -638,6 +639,7 @@ public function allow($address) {}
      * whitelist will be used to authenticate incoming connections.
      *
      * @param string $address
+     * @return ZMQAuth Provides a fluent interface
      */
     public function deny($address) {}
 
@@ -659,6 +661,7 @@ public function deny($address) {}
      * @param string $domain The ZAP domain. Use "*" to configure the PLAIN or
      *     CURVE authentication mechanism for all domains
      * @param string $filename
+     * @return ZMQAuth Provides a fluent interface
      */
     public function configure($type, $domain, $filename) {}
 }
diff --git a/package.xml b/package.xml
@@ -96,7 +96,10 @@
       <file name="041-cert-meta.phpt" role="test" />
       <file name="042-cert-save.phpt" role="test" />
       <file name="043-cert-load.phpt" role="test" />
+      <file name="044-auth-construct.phpt" role="test" />
+      <file name="045-auth-allow-deny.phpt" role="test" />
       <file name="046-cert-apply.phpt" role="test" />
+      <file name="047-auth-configure.phpt" role="test" />
       <file name="bug_gh_43.phpt" role="test" />
       <file name="bug_gh_49.phpt" role="test" />
       <file name="bug_gh_50.phpt" role="test" />
diff --git a/php_zmq_private.h b/php_zmq_private.h
@@ -245,6 +245,11 @@ typedef struct _php_zmq_device_object  {
 
 #define PHP_ZMQ_VERSION_LEN 24
 
+#ifdef HAVE_CZMQ_2
+# define PHP_ZMQ_AUTH_TYPE_PLAIN 0
+# define PHP_ZMQ_AUTH_TYPE_CURVE 1
+#endif
+
 PHP_METHOD(zmqsocket, getsockopt);
 PHP_METHOD(zmqsocket, setsockopt);
 zend_bool php_zmq_device(php_zmq_device_object *intern TSRMLS_DC);
@@ -275,6 +280,12 @@ typedef struct _php_zmq_cert {
 	zend_object zend_object;
 	zcert_t *zcert;
 } php_zmq_cert;
+
+typedef struct _php_zmq_auth {
+	zend_object zend_object;
+	zctx_t *shadow_context;
+	zauth_t *zauth;
+} php_zmq_auth;
 #endif
 
 #endif /* _PHP_ZMQ_PRIVATE_H_ */
diff --git a/tests/044-auth-construct.phpt b/tests/044-auth-construct.phpt
@@ -0,0 +1,17 @@
+--TEST--
+Test a ZMQAuth can be constructed.
+--SKIPIF--
+<?php
+	require_once __DIR__ . '/skipif.inc';
+
+	if (!class_exists('ZMQAuth')) {
+		die('skip');
+	}
+--FILE--
+<?php
+
+$context = new ZMQContext();
+$auth = new ZMQAuth($context);
+var_dump((bool)$auth);
+--EXPECT--
+bool(true)
diff --git a/tests/045-auth-allow-deny.phpt b/tests/045-auth-allow-deny.phpt
@@ -0,0 +1,19 @@
+--TEST--
+Test a ZMQAuth can whitelist or blacklist an IP address.
+--SKIPIF--
+<?php
+	require_once __DIR__ . '/skipif.inc';
+
+	if (!class_exists('ZMQAuth')) {
+		die('skip');
+	}
+--FILE--
+<?php
+
+$context = new ZMQContext();
+$auth = new ZMQAuth($context);
+var_dump($auth->allow('127.0.0.1') === $auth);
+var_dump($auth->deny('192.168.0.1') === $auth);
+--EXPECT--
+bool(true)
+bool(true)
diff --git a/tests/047-auth-configure.phpt b/tests/047-auth-configure.phpt
@@ -0,0 +1,47 @@
+--TEST--
+Test a ZMQAuth can be configured.
+--SKIPIF--
+<?php
+	require_once __DIR__ . '/skipif.inc';
+
+	if (!class_exists('ZMQAuth')) {
+		die('skip');
+	}
+--FILE--
+<?php
+
+define('TEST_DIR', '/tmp');
+define('PASSWORDS_FILE', TEST_DIR . '/passwords');
+define('CERTS_DIR', '/tmp/certs');
+define('CERT_FILE', CERTS_DIR . '/cert');
+
+$context = new ZMQContext();
+$auth = new ZMQAuth($context);
+
+// Test a ZMQAuth can be configured to use PLAIN authentication.
+touch(PASSWORDS_FILE);
+var_dump($auth->configure(ZMQAuth::AUTH_TYPE_PLAIN, '*', PASSWORDS_FILE) === $auth);
+unlink(PASSWORDS_FILE);
+
+// Test a ZMQAuth can be configured to use CURVE authentication.
+mkdir(CERTS_DIR);
+$cert = new ZMQCert();
+$cert->save(CERT_FILE);
+
+var_dump($auth->configure(ZMQAuth::AUTH_TYPE_CURVE, '*', CERTS_DIR) === $auth);
+
+// Test ZMQAuth#configure throws an exception when the auth type isn't
+// recognised.
+try {
+	$auth->configure(-1, '*', CERTS_DIR);
+} catch (ZMQAuthException $e) {
+	var_dump($e->getMessage());
+}
+
+unlink(CERT_FILE);
+unlink(CERT_FILE . '_secret');
+rmdir(CERTS_DIR);
+--EXPECT--
+bool(true)
+bool(true)
+string(62) "Unknown auth type. Are you using one of the ZMQAuth constants?"
diff --git a/zmq.c b/zmq.c
