3party/libzmq
0
0
Fork 0
mirror of https://github.com/zeromq/libzmq.git synced 2025-03-10 07:56:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Removed ZMQ_ZAP_IPC_CREDS option

Browse Source 
- This seems redundant; is there a use case for NOT providing
  the IPC credentials to the ZAP authenticator?

- More, why is IPC authentication done via libzmq instead of ZAP?
  Is it because we're missing the transport type on the ZAP request?
This commit is contained in:
Pieter Hintjens 2014-01-01 17:11:40 +01:00
parent adf5b45d71
commit 5bf96f64b0
8 changed files with 5 additions and 197 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -88,7 +88,6 @@ tests/test_many_sockets
tests/test_diffserv tests/test_diffserv
tests/test*.log tests/test*.log
tests/test*.trs tests/test*.trs
tests/test_zap_ipc_creds
src/platform.hpp* src/platform.hpp*
src/stamp-h1 src/stamp-h1
perf/local_lat perf/local_lat

19
doc/zmq_getsockopt.txt
View File

@ -606,25 +606,6 @@ Default value:: not set
Applicable socket types:: all, when using TCP transport Applicable socket types:: all, when using TCP transport
ZMQ_ZAP_IPC_CREDS: Retrieve IPC peer credentials state
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The 'ZMQ_ZAP_IPC_CREDS' option shall return True (1) if credentials of IPC
peers will be appended to the address sent in ZAP request messages and False
(0) otherwise.
Refer to linkzmq:zmq_setsockopt[3] for more information.
NOTE: IPC peer credentials are only available on platforms supporting the
SO_PEERCRED or LOCAL_PEERCRED socket options.
[horizontal]
Option value type:: int
Option value unit:: boolean
Default value:: 0 (false)
Applicable socket types:: all listening sockets, when using IPC transports.
RETURN VALUE RETURN VALUE
------------ ------------
The _zmq_getsockopt()_ function shall return zero if successful. Otherwise it The _zmq_getsockopt()_ function shall return zero if successful. Otherwise it

18
doc/zmq_setsockopt.txt
View File

@ -777,24 +777,6 @@ Default value:: not set
Applicable socket types:: all, when using TCP transport Applicable socket types:: all, when using TCP transport
ZMQ_ZAP_IPC_CREDS: Append IPC peer credentials to ZAP address
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
If set, the credentials of IPC peers will be appended to the address sent in
ZAP request messages. The new address will be formatted as ADDRESS:UID:GID:PID
where UID and GID are the effective group and user IDs of the user owning the
peer process and PID is the process ID. PID will be empty on systems not
supporting SO_PEERCRED.
NOTE: IPC peer credentials are only available on platforms supporting the
SO_PEERCRED or LOCAL_PEERCRED socket options.
[horizontal]
Option value type:: int
Option value unit:: boolean
Default value:: 0 (false)
Applicable socket types:: all listening sockets, when using IPC transports.
RETURN VALUE RETURN VALUE
------------ ------------
The _zmq_setsockopt()_ function shall return zero if successful. Otherwise it The _zmq_setsockopt()_ function shall return zero if successful. Otherwise it

1
include/zmq.h
View File

@ -293,7 +293,6 @@ ZMQ_EXPORT int zmq_msg_set (zmq_msg_t *msg, int option, int optval);
#define ZMQ_IPC_FILTER_PID 58 #define ZMQ_IPC_FILTER_PID 58
#define ZMQ_IPC_FILTER_UID 59 #define ZMQ_IPC_FILTER_UID 59
#define ZMQ_IPC_FILTER_GID 60 #define ZMQ_IPC_FILTER_GID 60
#define ZMQ_ZAP_IPC_CREDS 61
/* Message options */ /* Message options */
#define ZMQ_MORE 1 #define ZMQ_MORE 1

19
src/options.cpp
View File

@ -51,9 +51,6 @@ zmq::options_t::options_t () :
tcp_keepalive_cnt (-1), tcp_keepalive_cnt (-1),
tcp_keepalive_idle (-1), tcp_keepalive_idle (-1),
tcp_keepalive_intvl (-1), tcp_keepalive_intvl (-1),
# if defined ZMQ_HAVE_SO_PEERCRED || defined ZMQ_HAVE_LOCAL_PEERCRED
zap_ipc_creds (false),
# endif
mechanism (ZMQ_NULL), mechanism (ZMQ_NULL),
as_server (0), as_server (0),
socket_id (0), socket_id (0),
@ -261,13 +258,6 @@ int zmq::options_t::setsockopt (int option_, const void *optval_,
break; break;
# if defined ZMQ_HAVE_SO_PEERCRED || defined ZMQ_HAVE_LOCAL_PEERCRED # if defined ZMQ_HAVE_SO_PEERCRED || defined ZMQ_HAVE_LOCAL_PEERCRED
case ZMQ_ZAP_IPC_CREDS:
if (is_int && (value == 0 || value == 1)) {
zap_ipc_creds = (value != 0);
return 0;
}
break;
case ZMQ_IPC_FILTER_UID: case ZMQ_IPC_FILTER_UID:
if (optvallen_ == 0 && optval_ == NULL) { if (optvallen_ == 0 && optval_ == NULL) {
ipc_uid_accept_filters.clear (); ipc_uid_accept_filters.clear ();
@ -601,15 +591,6 @@ int zmq::options_t::getsockopt (int option_, void *optval_, size_t *optvallen_)
} }
break; break;
# if defined ZMQ_HAVE_SO_PEERCRED || defined ZMQ_HAVE_LOCAL_PEERCRED
case ZMQ_ZAP_IPC_CREDS:
if (is_int) {
*value = zap_ipc_creds;
return 0;
}
break;
# endif
case ZMQ_MECHANISM: case ZMQ_MECHANISM:
if (is_int) { if (is_int) {
*value = mechanism; *value = mechanism;

6
src/stream_engine.cpp
View File

@ -89,7 +89,8 @@ zmq::stream_engine_t::stream_engine_t (fd_t fd_, const options_t &options_,
if (family == 0) if (family == 0)
peer_address = ""; peer_address = "";
#if defined ZMQ_HAVE_SO_PEERCRED #if defined ZMQ_HAVE_SO_PEERCRED
else if (family == PF_UNIX && options.zap_ipc_creds) { else
if (family == PF_UNIX) {
struct ucred cred; struct ucred cred;
socklen_t size = sizeof (cred); socklen_t size = sizeof (cred);
if (!getsockopt (s, SOL_SOCKET, SO_PEERCRED, &cred, &size)) { if (!getsockopt (s, SOL_SOCKET, SO_PEERCRED, &cred, &size)) {
@ -99,7 +100,8 @@ zmq::stream_engine_t::stream_engine_t (fd_t fd_, const options_t &options_,
} }
} }
#elif defined ZMQ_HAVE_LOCAL_PEERCRED #elif defined ZMQ_HAVE_LOCAL_PEERCRED
else if (family == PF_UNIX && options.zap_ipc_creds) { else
if (family == PF_UNIX) {
struct xucred cred; struct xucred cred;
socklen_t size = sizeof (cred); socklen_t size = sizeof (cred);
if (!getsockopt (s, 0, LOCAL_PEERCRED, &cred, &size) if (!getsockopt (s, 0, LOCAL_PEERCRED, &cred, &size)

3
tests/Makefile.am
View File

@ -53,8 +53,7 @@ noinst_PROGRAMS += test_shutdown_stress \
test_reqrep_ipc \ test_reqrep_ipc \
test_timeo \ test_timeo \
test_fork \ test_fork \
test_filter_ipc \ test_filter_ipc
test_zap_ipc_creds
endif endif
if BUILD_TIPC if BUILD_TIPC

135
tests/test_zap_ipc_creds.cpp
View File

@ -1,135 +0,0 @@
/*
Copyright (c) 2007-2013 Contributors as noted in the AUTHORS file
This file is part of 0MQ.
0MQ is free software; you can redistribute it and/or modify it under
the terms of the GNU Lesser General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
0MQ is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <string.h>
#include <sstream>
#include "testutil.hpp"
static void zap_handler (void *handler)
{
// Process ZAP requests forever
while (true) {
char *version = s_recv (handler);
if (!version)
break; // Terminating
char *sequence = s_recv (handler);
char *domain = s_recv (handler);
char *address = s_recv (handler);
char *identity = s_recv (handler);
char *mechanism = s_recv (handler);
assert (streq (version, "1.0"));
assert (streq (mechanism, "NULL"));
if (streq (domain, "creds")) {
std::ostringstream buf;
buf << "localhost:" << getuid () << ":" << getgid () << ":";
# ifdef ZMQ_HAVE_SO_PEERCRED
buf << getpid ();
# endif
assert (streq (address, buf.str ().c_str ()));
} else
assert (streq (address, "localhost"));
s_sendmore (handler, version);
s_sendmore (handler, sequence);
s_sendmore (handler, "200");
s_sendmore (handler, "OK");
s_sendmore (handler, "anonymous");
s_send (handler, "");
free (version);
free (sequence);
free (domain);
free (address);
free (identity);
free (mechanism);
}
zmq_close (handler);
}
static void run_test (bool with_creds)
{
void *ctx = zmq_ctx_new ();
assert (ctx);
// Spawn ZAP handler
// We create and bind ZAP socket in main thread to avoid case
// where child thread does not start up fast enough.
void *handler = zmq_socket (ctx, ZMQ_REP);
assert (handler);
int rc = zmq_bind (handler, "inproc://zeromq.zap.01");
assert (rc == 0);
void *zap_thread = zmq_threadstart (&zap_handler, handler);
void *sb = zmq_socket (ctx, ZMQ_PAIR);
assert (sb);
void *sc = zmq_socket (ctx, ZMQ_PAIR);
assert (sc);
// Now use the right domain, the test must pass
if (with_creds) {
rc = zmq_setsockopt (sb, ZMQ_ZAP_DOMAIN, "creds", 5);
assert (rc == 0);
int ipc_creds = 1;
rc = zmq_setsockopt (sb, ZMQ_ZAP_IPC_CREDS, &ipc_creds, sizeof (int));
assert (rc == 0);
} else {
rc = zmq_setsockopt (sb, ZMQ_ZAP_DOMAIN, "none", 4);
assert (rc == 0);
int ipc_creds = 1;
size_t size = sizeof (int);
rc = zmq_getsockopt (sb, ZMQ_ZAP_IPC_CREDS, &ipc_creds, &size);
assert (rc == 0);
assert (ipc_creds == 0);
}
rc = zmq_bind (sb, "ipc://@/tmp/test");
assert (rc == 0);
rc = zmq_connect (sc, "ipc://@/tmp/test");
assert (rc == 0);
bounce (sb, sc);
rc = zmq_close (sc);
assert (rc == 0);
rc = zmq_close (sb);
assert (rc == 0);
rc = zmq_ctx_term (ctx);
assert (rc == 0);
// Wait until ZAP handler terminates.
zmq_threadclose (zap_thread);
}
int main (void)
{
setup_test_environment();
run_test(false);
run_test(true);
return 0 ;
}