Hi,
I'm started playing around with the CURVE examples posted on [1] but
in python and everything looked promising. But when I implemented
something myself I run into some problems:
I first start a ZAP class as a seperate thread to handle
authentication and create the server socket and bind it. Next I create
a client class (again as thread), which creates its socket, and a
monitor class (and again a thread) that monitors the client socket. I
start the monitor and then the client threads, which then connects and
waits for a message. Last I have the server send out "Hello".
If the ZAP server authenticates the connection the following happens:
----------------------------------------------------------------------
% python3 test.py
server keys:
b'/L-mKOF=(8^?hIeKfv4FAv7N2dfj!t%4%c2H8}(K'
b'8Ya*P00E0NP[x*4rGf=WXp2tXF^{p!Bh@}=}abG('
Zap.run()
client keys:
b'4e33!IOc>APPz74^y<X@t{yPiu-UCB[o+uUJw&Cc'
b'&bQIT?.O]{D:=6lNjjK6.&YqKB5QuVsJ[1=I2XdR'
Monitor.run()
Client.run()
sending 'b'Hello''
monitor recieved EVENT_CONNECT_DELAYED:115 from b'tcp://127.0.0.1:9000'
monitor recieved EVENT_CONNECTED:15 from b'tcp://127.0.0.1:9000'
Zap request:
version = b'1.0'
req_id = b'1'
domain = b''
address = b'127.0.0.1'
identity = b''
mechanism = b'CURVE'
credentials = ['4e33!IOc>APPz74^y<X@t{yPiu-UCB[o+uUJw&Cc']
client recieved 'b'Hello''
client done
closing server
zap done
monitor done
context terminated
----------------------------------------------------------------------
So far so good. But what happens when the ZAP server rejects the
client? I've changed the code so the ZAP server replies with a 400
"login failure":
----------------------------------------------------------------------
% python3 test.py
server keys:
b'T#@vjjSBy&66a^Rs^c]oa&QS.h6$T#yBTr*qSL8O'
b'E]w#Htgb0/RJ/&rIGQA^I[wjd1=R&mvLaFjRC7:j'
Zap.run()
client keys:
b'/{ug}{Z(3Zy2P*n}64s#N[n@C&?VgqJ$]ndOYQaS'
b'h+s:7w0TROh*)Bw9AhE3aDb*aX>JnuvY{]aZ==WL'
Monitor.run()
Client.run()
sending 'b'Hello''
monitor recieved EVENT_CONNECT_DELAYED:115 from b'tcp://127.0.0.1:9000'
monitor recieved EVENT_CONNECTED:15 from b'tcp://127.0.0.1:9000'
Zap request:
version = b'1.0'
req_id = b'1'
domain = b''
address = b'127.0.0.1'
identity = b''
mechanism = b'CURVE'
credentials = ['/{ug}{Z(3Zy2P*n}64s#N[n@C&?VgqJ$]ndOYQaS']
monitor recieved DISCONNECTED:15 from b'tcp://127.0.0.1:9000'
monitor recieved CONNECT_RETRIED:125 from b'tcp://127.0.0.1:9000'
monitor recieved EVENT_CONNECT_DELAYED:115 from b'tcp://127.0.0.1:9000'
monitor recieved EVENT_CONNECTED:15 from b'tcp://127.0.0.1:9000'
Zap request:
version = b'1.0'
req_id = b'1'
domain = b''
address = b'127.0.0.1'
identity = b''
mechanism = b'CURVE'
credentials = ['/{ug}{Z(3Zy2P*n}64s#N[n@C&?VgqJ$]ndOYQaS']
monitor recieved DISCONNECTED:15 from b'tcp://127.0.0.1:9000'
monitor recieved CONNECT_RETRIED:141 from b'tcp://127.0.0.1:9000'
monitor recieved EVENT_CONNECT_DELAYED:115 from b'tcp://127.0.0.1:9000'
monitor recieved EVENT_CONNECTED:15 from b'tcp://127.0.0.1:9000'
Zap request:
version = b'1.0'
req_id = b'1'
domain = b''
address = b'127.0.0.1'
identity = b''
mechanism = b'CURVE'
credentials = ['/{ug}{Z(3Zy2P*n}64s#N[n@C&?VgqJ$]ndOYQaS']
monitor recieved DISCONNECTED:15 from b'tcp://127.0.0.1:9000'
...
----------------------------------------------------------------------
It looks like the result of ZAP rejecting a client is that the sockets
gets closed. And then zmq will just reconnect. Over and over and over
and over.
So here are my problems:
1) How does the client detect a login failure (as opposed to an
unreachable, unresponsive, crashing server?
2) How do I get at the status text from the ZAP reply in the client?
3) Why does ZMQ reconnect on a 400 status code at all? It should mark
the connection as bad and fail all further send/recv attempts.
4) The example from the wiki used PUSH/PULL from server to client and
that is what I started from. But what if the server has a PULL or REP
socket and gets messages from clients. How do I get at the credetials
from the ZAP request or user_id or metadata fields from the ZAP reply
on the server?
This is probably a duplicate of [2] but that doesn't have a
solution yet.
I think there could be an ZMQ_EVENT_SERVER_AUTH_SUCCESS/FAILED and
ZMQ_EVENT_CLIENT_AUTH_SUCCESS/FAILED events for the monitoring socket.
The server auth events would come in 9 frames, unlike previous events:
Frame 1: event_id + value
Frame 2: address string
Frame 3: client routing_id
Frame 4-9: ZAP reply
The client auth events would come as 4 frames:
Frame 1: event_id + value
Frame 2: address string
Frame 3: status code
Frame 4: status text
How does that sound?
The reason I suggest seperate SUCCESS/FAILED events is that simple
server will only want to know about success and clients generally will
only want to know about failure.
MfG
Goswin
[1] http://hintjens.com/blog:49
[2] http://lists.zeromq.org/pipermail/zeromq-dev/2014-January/024434.html
_______________________________________________
zeromq-dev mailing list
[email protected]
http://lists.zeromq.org/mailman/listinfo/zeromq-dev
