mirror of
https://github.com/zeromq/libzmq.git
synced 2025-01-14 17:58:01 +08:00
Shortened ZMQ_IPC_ACCEPT_FILTER_[UGP]ID to ZMQ_IPC_FILTER_[UGP]ID.
This commit is contained in:
parent
0a9a4fa904
commit
dc9b1309b9
@ -601,15 +601,15 @@ Default value:: no filters (allow from all)
|
|||||||
Applicable socket types:: all listening sockets, when using TCP transports.
|
Applicable socket types:: all listening sockets, when using TCP transports.
|
||||||
|
|
||||||
|
|
||||||
ZMQ_IPC_ACCEPT_FILTER_UID: Assign user ID filters to allow new IPC connections
|
ZMQ_IPC_FILTER_UID: Assign user ID filters to allow new IPC connections
|
||||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
Assign an arbitrary number of filters that will be applied for each new IPC
|
Assign an arbitrary number of filters that will be applied for each new IPC
|
||||||
transport connection on a listening socket. If no IPC filters are applied, then
|
transport connection on a listening socket. If no IPC filters are applied, then
|
||||||
the IPC transport allows connections from any process. If at least one UID,
|
the IPC transport allows connections from any process. If at least one UID,
|
||||||
GID, or PID filter is applied then new connection credentials should be
|
GID, or PID filter is applied then new connection credentials should be
|
||||||
matched. To clear all UID filters call zmq_setsockopt(socket,
|
matched. To clear all UID filters call zmq_setsockopt(socket,
|
||||||
ZMQ_IPC_ACCEPT_FILTER_UID, NULL, 0).
|
ZMQ_IPC_FILTER_UID, NULL, 0).
|
||||||
|
|
||||||
NOTE: UID filters are only available on platforms supporting SO_PEERCRED or
|
NOTE: UID filters are only available on platforms supporting SO_PEERCRED or
|
||||||
LOCAL_PEERCRED socket options (currently only Linux and later versions of
|
LOCAL_PEERCRED socket options (currently only Linux and later versions of
|
||||||
@ -622,15 +622,15 @@ Default value:: no filters (allow from all)
|
|||||||
Applicable socket types:: all listening sockets, when using IPC transports.
|
Applicable socket types:: all listening sockets, when using IPC transports.
|
||||||
|
|
||||||
|
|
||||||
ZMQ_IPC_ACCEPT_FILTER_GID: Assign group ID filters to allow new IPC connections
|
ZMQ_IPC_FILTER_GID: Assign group ID filters to allow new IPC connections
|
||||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
Assign an arbitrary number of filters that will be applied for each new IPC
|
Assign an arbitrary number of filters that will be applied for each new IPC
|
||||||
transport connection on a listening socket. If no IPC filters are applied, then
|
transport connection on a listening socket. If no IPC filters are applied, then
|
||||||
the IPC transport allows connections from any process. If at least one UID,
|
the IPC transport allows connections from any process. If at least one UID,
|
||||||
GID, or PID filter is applied then new connection credentials should be
|
GID, or PID filter is applied then new connection credentials should be
|
||||||
matched. To clear all GID filters call zmq_setsockopt(socket,
|
matched. To clear all GID filters call zmq_setsockopt(socket,
|
||||||
ZMQ_IPC_ACCEPT_FILTER_GID, NULL, 0).
|
ZMQ_IPC_FILTER_GID, NULL, 0).
|
||||||
|
|
||||||
NOTE: GID filters are only available on platforms supporting SO_PEERCRED or
|
NOTE: GID filters are only available on platforms supporting SO_PEERCRED or
|
||||||
LOCAL_PEERCRED socket options (currently only Linux and later versions of
|
LOCAL_PEERCRED socket options (currently only Linux and later versions of
|
||||||
@ -643,15 +643,15 @@ Default value:: no filters (allow from all)
|
|||||||
Applicable socket types:: all listening sockets, when using IPC transports.
|
Applicable socket types:: all listening sockets, when using IPC transports.
|
||||||
|
|
||||||
|
|
||||||
ZMQ_IPC_ACCEPT_FILTER_PID: Assign process ID filters to new IPC connections
|
ZMQ_IPC_FILTER_PID: Assign process ID filters to allow new IPC connections
|
||||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
Assign an arbitrary number of filters that will be applied for each new IPC
|
Assign an arbitrary number of filters that will be applied for each new IPC
|
||||||
transport connection on a listening socket. If no IPC filters are applied, then
|
transport connection on a listening socket. If no IPC filters are applied, then
|
||||||
the IPC transport allows connections from any process. If at least one UID,
|
the IPC transport allows connections from any process. If at least one UID,
|
||||||
GID, or PID filter is applied then new connection credentials should be
|
GID, or PID filter is applied then new connection credentials should be
|
||||||
matched. To clear all PID filters call zmq_setsockopt(socket,
|
matched. To clear all PID filters call zmq_setsockopt(socket,
|
||||||
ZMQ_IPC_ACCEPT_FILTER_PID, NULL, 0).
|
ZMQ_IPC_FILTER_PID, NULL, 0).
|
||||||
|
|
||||||
NOTE: PID filters are only available on platforms supporting the SO_PEERCRED
|
NOTE: PID filters are only available on platforms supporting the SO_PEERCRED
|
||||||
socket option (currently only Linux).
|
socket option (currently only Linux).
|
||||||
|
@ -290,9 +290,9 @@ ZMQ_EXPORT int zmq_msg_set (zmq_msg_t *msg, int option, int optval);
|
|||||||
#define ZMQ_ZAP_DOMAIN 55
|
#define ZMQ_ZAP_DOMAIN 55
|
||||||
#define ZMQ_ROUTER_HANDOVER 56
|
#define ZMQ_ROUTER_HANDOVER 56
|
||||||
#define ZMQ_TOS 57
|
#define ZMQ_TOS 57
|
||||||
#define ZMQ_IPC_ACCEPT_FILTER_PID 58
|
#define ZMQ_IPC_FILTER_PID 58
|
||||||
#define ZMQ_IPC_ACCEPT_FILTER_UID 59
|
#define ZMQ_IPC_FILTER_UID 59
|
||||||
#define ZMQ_IPC_ACCEPT_FILTER_GID 60
|
#define ZMQ_IPC_FILTER_GID 60
|
||||||
|
|
||||||
/* Message options */
|
/* Message options */
|
||||||
#define ZMQ_MORE 1
|
#define ZMQ_MORE 1
|
||||||
|
@ -258,7 +258,7 @@ int zmq::options_t::setsockopt (int option_, const void *optval_,
|
|||||||
break;
|
break;
|
||||||
|
|
||||||
# if defined ZMQ_HAVE_SO_PEERCRED || defined ZMQ_HAVE_LOCAL_PEERCRED
|
# if defined ZMQ_HAVE_SO_PEERCRED || defined ZMQ_HAVE_LOCAL_PEERCRED
|
||||||
case ZMQ_IPC_ACCEPT_FILTER_UID:
|
case ZMQ_IPC_FILTER_UID:
|
||||||
if (optvallen_ == 0 && optval_ == NULL) {
|
if (optvallen_ == 0 && optval_ == NULL) {
|
||||||
ipc_uid_accept_filters.clear ();
|
ipc_uid_accept_filters.clear ();
|
||||||
return 0;
|
return 0;
|
||||||
@ -270,7 +270,7 @@ int zmq::options_t::setsockopt (int option_, const void *optval_,
|
|||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case ZMQ_IPC_ACCEPT_FILTER_GID:
|
case ZMQ_IPC_FILTER_GID:
|
||||||
if (optvallen_ == 0 && optval_ == NULL) {
|
if (optvallen_ == 0 && optval_ == NULL) {
|
||||||
ipc_gid_accept_filters.clear ();
|
ipc_gid_accept_filters.clear ();
|
||||||
return 0;
|
return 0;
|
||||||
@ -284,7 +284,7 @@ int zmq::options_t::setsockopt (int option_, const void *optval_,
|
|||||||
# endif
|
# endif
|
||||||
|
|
||||||
# if defined ZMQ_HAVE_SO_PEERCRED
|
# if defined ZMQ_HAVE_SO_PEERCRED
|
||||||
case ZMQ_IPC_ACCEPT_FILTER_PID:
|
case ZMQ_IPC_FILTER_PID:
|
||||||
if (optvallen_ == 0 && optval_ == NULL) {
|
if (optvallen_ == 0 && optval_ == NULL) {
|
||||||
ipc_pid_accept_filters.clear ();
|
ipc_pid_accept_filters.clear ();
|
||||||
return 0;
|
return 0;
|
||||||
|
@ -131,28 +131,28 @@ int main (void)
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Test filter with UID of process owner
|
// Test filter with UID of process owner
|
||||||
run_test<uid_t> (ZMQ_IPC_ACCEPT_FILTER_UID, getuid(), 0, 1);
|
run_test<uid_t> (ZMQ_IPC_FILTER_UID, getuid(), 0, 1);
|
||||||
// Test filter with UID of another (possibly non-existent) user
|
// Test filter with UID of another (possibly non-existent) user
|
||||||
run_test<uid_t> (ZMQ_IPC_ACCEPT_FILTER_UID, getuid() + 1, 0, -1);
|
run_test<uid_t> (ZMQ_IPC_FILTER_UID, getuid() + 1, 0, -1);
|
||||||
// Test filter with GID of process owner
|
// Test filter with GID of process owner
|
||||||
run_test<gid_t> (ZMQ_IPC_ACCEPT_FILTER_GID, group, 0, 1);
|
run_test<gid_t> (ZMQ_IPC_FILTER_GID, group, 0, 1);
|
||||||
// Test filter with supplimental group of process owner
|
// Test filter with supplimental group of process owner
|
||||||
run_test<gid_t> (ZMQ_IPC_ACCEPT_FILTER_GID, supgroup, 0, 1);
|
run_test<gid_t> (ZMQ_IPC_FILTER_GID, supgroup, 0, 1);
|
||||||
// Test filter with GID of another (possibly non-existent) group
|
// Test filter with GID of another (possibly non-existent) group
|
||||||
run_test<gid_t> (ZMQ_IPC_ACCEPT_FILTER_GID, notgroup, 0, -1);
|
run_test<gid_t> (ZMQ_IPC_FILTER_GID, notgroup, 0, -1);
|
||||||
# if defined ZMQ_HAVE_SO_PEERCRED
|
# if defined ZMQ_HAVE_SO_PEERCRED
|
||||||
// Test filter with PID of current process
|
// Test filter with PID of current process
|
||||||
run_test<pid_t> (ZMQ_IPC_ACCEPT_FILTER_PID, getpid(), 0, 1);
|
run_test<pid_t> (ZMQ_IPC_FILTER_PID, getpid(), 0, 1);
|
||||||
// Test filter with PID of another (possibly non-existent) process
|
// Test filter with PID of another (possibly non-existent) process
|
||||||
run_test<pid_t> (ZMQ_IPC_ACCEPT_FILTER_PID, getpid() + 1, 0, -1);
|
run_test<pid_t> (ZMQ_IPC_FILTER_PID, getpid() + 1, 0, -1);
|
||||||
# else
|
# else
|
||||||
// Setup of PID filter should fail with operation not supported error
|
// Setup of PID filter should fail with operation not supported error
|
||||||
run_test<pid_t> (ZMQ_IPC_ACCEPT_FILTER_PID, getpid(), EINVAL, 0);
|
run_test<pid_t> (ZMQ_IPC_FILTER_PID, getpid(), EINVAL, 0);
|
||||||
# endif
|
# endif
|
||||||
#else
|
#else
|
||||||
run_test<uid_t> (ZMQ_IPC_ACCEPT_FILTER_UID, 0, EINVAL, 0);
|
run_test<uid_t> (ZMQ_IPC_FILTER_UID, 0, EINVAL, 0);
|
||||||
run_test<gid_t> (ZMQ_IPC_ACCEPT_FILTER_GID, 0, EINVAL, 0);
|
run_test<gid_t> (ZMQ_IPC_FILTER_GID, 0, EINVAL, 0);
|
||||||
run_test<pid_t> (ZMQ_IPC_ACCEPT_FILTER_PID, 0, EINVAL, 0);
|
run_test<pid_t> (ZMQ_IPC_FILTER_PID, 0, EINVAL, 0);
|
||||||
#endif // defined ZMQ_HAVE_SO_PEERCRED || defined ZMQ_HAVE_LOCAL_PEERCRED
|
#endif // defined ZMQ_HAVE_SO_PEERCRED || defined ZMQ_HAVE_LOCAL_PEERCRED
|
||||||
|
|
||||||
return 0 ;
|
return 0 ;
|
||||||
|
Loading…
x
Reference in New Issue
Block a user