On Mon, Jan 20, 2014 at 03:07:06PM -0800, Brandon Carpenter wrote: > I am using a PULL socket to receive messages which are subsequently > forwarded to a PUB socket. Each client may have a list of allowed topics > associated with it's CURVE public key. When incoming messages are > published, I need to filter topics using the source's approved topic > list to restrict the topics a client may publish, which means I must > somehow associate incoming messages with the authenticated client. The > ZAP RFC makes it sound like that is what the user identifier is for. > > The authenticator replies with an OK/NOT OK response, with a user id > > that the server can use to identify the user to internal application code. > Looking through the code and documentation, there doesn't appear to be > any method for the application to retrieve the user identifier. Is this > correct or am I missing something? Is there another way to accomplish > the above scenario of associating messages with an authenticated client? > If not, then I will post my ideas for implementing such a feature. > > Thanks, > > Brandon
I played around with that and you can test it: https://github.com/mrvn/libzmq/tree/mrvn So far the code compiles (for me). I haven't had time to write a proper test case for it yet. But I've modifed tests/test_security_curve.cpp to call zmq_msg_get_user_id() and that seems to work: char user_id[256]; size_t user_id_size = sizeof(user_id); rc = zmq_msg_get_user_id(&server_msg, user_id, &user_id_size); assert(rc != -1); printf("got user_id '%*s'\n", (int)user_id_size, user_id); The feature modifies the size of zmq_msg_t, which means it breaks the ABI. So I'm not happy with it yet. I've added a pointer to the security mechanism used for the message so the messag structure grows by 8. The pointer should probably only be set for messages with content (not control messages) and put into the union. I think there would be enough space there to hide the pointer so the ABI doesn't break. But its a first attempt. Have a look. MfG Goswin PS: I've added a pointer to the mechanism so potentially the identity, properties and metadata set there could be accessed as well. PPS: If you use czmq then you need to recompile it because of the ABI change. _______________________________________________ zeromq-dev mailing list [email protected] http://lists.zeromq.org/mailman/listinfo/zeromq-dev
