reject old ZMTP connections if auth enabled

auth mechanisms were only enabled when ZMTP handshake
is latest version, meaning that connections from old sockets
would skip authentication altogether
This commit is contained in:
Min RK 2014-12-03 12:39:28 -08:00
parent c35c0ca1bb
commit 6cf120eaad

View File

@ -534,6 +534,12 @@ bool zmq::stream_engine_t::handshake ()
// Is the peer using ZMTP/1.0 with no revision number? // Is the peer using ZMTP/1.0 with no revision number?
// If so, we send and receive rest of identity message // If so, we send and receive rest of identity message
if (greeting_recv [0] != 0xff || !(greeting_recv [9] & 0x01)) { if (greeting_recv [0] != 0xff || !(greeting_recv [9] & 0x01)) {
if (session->zap_connect () == 0) {
// reject ZMTP 1.0 connections if ZAP is enabled
error (protocol_error);
return false;
}
encoder = new (std::nothrow) v1_encoder_t (out_batch_size); encoder = new (std::nothrow) v1_encoder_t (out_batch_size);
alloc_assert (encoder); alloc_assert (encoder);
@ -575,6 +581,12 @@ bool zmq::stream_engine_t::handshake ()
} }
else else
if (greeting_recv [revision_pos] == ZMTP_1_0) { if (greeting_recv [revision_pos] == ZMTP_1_0) {
if (session->zap_connect () == 0) {
// reject ZMTP 1.0 connections if ZAP is enabled
error (protocol_error);
return false;
}
encoder = new (std::nothrow) v1_encoder_t ( encoder = new (std::nothrow) v1_encoder_t (
out_batch_size); out_batch_size);
alloc_assert (encoder); alloc_assert (encoder);
@ -585,6 +597,12 @@ bool zmq::stream_engine_t::handshake ()
} }
else else
if (greeting_recv [revision_pos] == ZMTP_2_0) { if (greeting_recv [revision_pos] == ZMTP_2_0) {
if (session->zap_connect () == 0) {
// reject ZMTP 2.0 connections if ZAP is enabled
error (protocol_error);
return false;
}
encoder = new (std::nothrow) v2_encoder_t (out_batch_size); encoder = new (std::nothrow) v2_encoder_t (out_batch_size);
alloc_assert (encoder); alloc_assert (encoder);