diff options
| author | Garrett D'Amore <garrett@damore.org> | 2021-10-27 22:34:41 -0700 |
|---|---|---|
| committer | Garrett D'Amore <garrett@damore.org> | 2021-11-02 22:56:39 -0700 |
| commit | c42f32722447cc52810b25decee634210f09d70e (patch) | |
| tree | 0e3c460138b619f2f9bad2476d5f474c20edbd6e | |
| parent | db3d5562e723a6d2e4efd190bd3f1360126f5b10 (diff) | |
| download | nng-c42f32722447cc52810b25decee634210f09d70e.tar.gz nng-c42f32722447cc52810b25decee634210f09d70e.tar.bz2 nng-c42f32722447cc52810b25decee634210f09d70e.zip | |
fixes #1346 windows ipc winsec fails frequently in CI/CD
| -rw-r--r-- | .clang-format | 2 | ||||
| -rw-r--r-- | src/core/id_test.c | 22 | ||||
| -rw-r--r-- | src/platform/posix/CMakeLists.txt | 3 | ||||
| -rw-r--r-- | src/platform/posix/posix_ipcwinsec_test.c | 31 | ||||
| -rw-r--r-- | src/platform/windows/CMakeLists.txt | 5 | ||||
| -rw-r--r-- | src/platform/windows/win_ipc_sec_test.c | 190 | ||||
| -rw-r--r-- | src/platform/windows/win_thread.c | 3 | ||||
| -rw-r--r-- | src/sp/protocol/pair0/pair.c | 70 | ||||
| -rw-r--r-- | src/sp/protocol/pair1/pair.c | 28 | ||||
| -rw-r--r-- | src/sp/protocol/pipeline0/push.c | 16 | ||||
| -rw-r--r-- | src/supplemental/websocket/websocket_test.c | 70 | ||||
| -rw-r--r-- | tests/CMakeLists.txt | 1 | ||||
| -rw-r--r-- | tests/ipcwinsec.c | 192 |
13 files changed, 334 insertions, 299 deletions
diff --git a/.clang-format b/.clang-format index ff7c2f08..02137561 100644 --- a/.clang-format +++ b/.clang-format @@ -5,7 +5,7 @@ ColumnLimit: 79 AlignConsecutiveAssignments: true AlignConsecutiveDeclarations: true AlignTrailingComments: true -AlignEscapedNewlinesLeft: true +AlignEscapedNewlines: Left PointerAlignment: Right ForEachMacros: ['NNI_LIST_FOREACH'] AlwaysBreakAfterReturnType: TopLevelDefinitions diff --git a/src/core/id_test.c b/src/core/id_test.c index 51872e69..b948cc13 100644 --- a/src/core/id_test.c +++ b/src/core/id_test.c @@ -1,5 +1,5 @@ // -// Copyright 2020 Staysail Systems, Inc. <info@staysail.tech> +// Copyright 2021 Staysail Systems, Inc. <info@staysail.tech> // // This software is supplied under the terms of the MIT License, a // copy of which should be located in the distribution where this @@ -15,8 +15,8 @@ void test_basic(void) { nni_id_map m; - char * five = "five"; - char * four = "four"; + char *five = "five"; + char *four = "four"; nni_id_map_init(&m, 0, 0, false); @@ -60,8 +60,8 @@ void test_collision(void) { nni_id_map m; - char * five = "five"; - char * four = "four"; + char *five = "five"; + char *four = "four"; nni_id_map_init(&m, 0, 0, false); @@ -141,7 +141,7 @@ test_dynamic(void) nni_id_map_init(&m, 10, 13, false); - // We can fill the table. + // We can fill the table. NUTS_PASS(nni_id_alloc(&m, &id, &expect[0])); NUTS_TRUE(id == 10); NUTS_PASS(nni_id_alloc(&m, &id, &expect[1])); @@ -186,11 +186,11 @@ test_set_out_of_range(void) void test_stress(void) { - void * values[NUM_VALUES]; + void *values[NUM_VALUES]; nni_id_map m; size_t i; int rv; - void * x; + void *x; int v; nni_id_map_init(&m, 0, 0, false); @@ -240,15 +240,15 @@ out: // Post stress check. for (i = 0; i < NUM_VALUES; i++) { - x = nni_id_get(&m, i); + x = nni_id_get(&m, (uint32_t) i); if (x != values[i]) { NUTS_TRUE(x == values[i]); break; } // We only use the test macros if we know they are going - // to fail. Otherwise there will be too many errors reported. - rv = nni_id_remove(&m, i); + // to fail. Otherwise, there will be too many errors reported. + rv = nni_id_remove(&m, (uint32_t) i); if ((x == NULL) && (rv != NNG_ENOENT)) { NUTS_FAIL(rv, NNG_ENOENT); } else if ((x != NULL) && (rv != 0)) { diff --git a/src/platform/posix/CMakeLists.txt b/src/platform/posix/CMakeLists.txt index 02a8cb53..7b619fa2 100644 --- a/src/platform/posix/CMakeLists.txt +++ b/src/platform/posix/CMakeLists.txt @@ -105,4 +105,7 @@ if (NNG_PLATFORM_POSIX) else () nng_sources(posix_rand_urandom.c) endif () + + nng_test(posix_ipcwinsec_test) + endif ()
\ No newline at end of file diff --git a/src/platform/posix/posix_ipcwinsec_test.c b/src/platform/posix/posix_ipcwinsec_test.c new file mode 100644 index 00000000..934eeea9 --- /dev/null +++ b/src/platform/posix/posix_ipcwinsec_test.c @@ -0,0 +1,31 @@ +// +// Copyright 2021 Staysail Systems, Inc. <info@staysail.tech> +// Copyright 2018 Capitar IT Group BV <info@capitar.com> +// +// This software is supplied under the terms of the MIT License, a +// copy of which should be located in the distribution where this +// file was obtained (LICENSE.txt). A copy of the license may also be +// found online at https://opensource.org/licenses/MIT. +// +#include <nng/nng.h> +#include <nuts.h> + +void +test_ipc_win_sec(void) +{ + char address[64]; + nng_stream_listener *l; + int x; + + nuts_scratch_addr("ipc", sizeof(address), address); + NUTS_PASS(nng_stream_listener_alloc(&l, address)); + NUTS_FAIL(nng_stream_listener_set_ptr( + l, NNG_OPT_IPC_SECURITY_DESCRIPTOR, &x), + NNG_ENOTSUP); + nng_stream_listener_free(l); +} + +NUTS_TESTS = { + { "ipc security descriptor", test_ipc_win_sec }, + { NULL, NULL }, +}; diff --git a/src/platform/windows/CMakeLists.txt b/src/platform/windows/CMakeLists.txt index 174e77f8..d1d158e0 100644 --- a/src/platform/windows/CMakeLists.txt +++ b/src/platform/windows/CMakeLists.txt @@ -1,5 +1,5 @@ # -# Copyright 2020 Staysail Systems, Inc. <info@staystail.tech> +# Copyright 2021 Staysail Systems, Inc. <info@staystail.tech> # # This software is supplied under the terms of the MIT License, a # copy of which should be located in the distribution where this @@ -46,4 +46,7 @@ if (NNG_PLATFORM_WINDOWS) win_thread.c win_udp.c ) + + nng_test(win_ipc_sec_test) + endif ()
\ No newline at end of file diff --git a/src/platform/windows/win_ipc_sec_test.c b/src/platform/windows/win_ipc_sec_test.c new file mode 100644 index 00000000..ab65533b --- /dev/null +++ b/src/platform/windows/win_ipc_sec_test.c @@ -0,0 +1,190 @@ +// +// Copyright 2021 Staysail Systems, Inc. <info@staysail.tech> +// Copyright 2018 Capitar IT Group BV <info@capitar.com> +// +// This software is supplied under the terms of the MIT License, a +// copy of which should be located in the distribution where this +// file was obtained (LICENSE.txt). A copy of the license may also be +// found online at https://opensource.org/licenses/MIT. +// + +#include <nng/nng.h> +#include <nuts.h> + +// Microsoft prefers CamelCase header names, but relies on case-insensitive +// file systems to make that work. The rest of the world (min-gw64 included) +// uses case-sensitive names and lowercase. + +#include <accctrl.h> +#include <aclapi.h> + +SECURITY_DESCRIPTOR * +sdescAuthUsers(PSID sid, PACL *aclp) +{ + SECURITY_DESCRIPTOR *sdesc; + EXPLICIT_ACCESS xa; + ACL *acl; + + sdesc = calloc(SECURITY_DESCRIPTOR_MIN_LENGTH, 1); + NUTS_ASSERT(sdesc != NULL); + + InitializeSecurityDescriptor(sdesc, SECURITY_DESCRIPTOR_REVISION); + + xa.grfAccessPermissions = GENERIC_READ | GENERIC_WRITE; + xa.grfAccessMode = SET_ACCESS; + xa.grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT; + xa.Trustee.TrusteeForm = TRUSTEE_IS_SID; + xa.Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP; + xa.Trustee.ptstrName = (LPSTR) sid; + + SetEntriesInAcl(1, &xa, NULL, &acl); + *aclp = acl; + + SetSecurityDescriptorDacl(sdesc, TRUE, acl, FALSE); + return (sdesc); +} + +void +test_ipc_security_descriptor(void) +{ + nng_stream_listener *l; + char address[64]; + char pipe[64]; + SECURITY_DESCRIPTOR *sd; + SID users; + DWORD size; + PACL acl = NULL; + PACL dacl; + PSECURITY_DESCRIPTOR psd; + PACE_HEADER ace; + PSID psid; + PACCESS_ALLOWED_ACE allowed; + nng_aio *aio; + + nuts_scratch_addr("ipc", sizeof(address), address); + + NUTS_PASS(nng_stream_listener_alloc(&l, address)); + size = sizeof(users); + CreateWellKnownSid(WinAuthenticatedUserSid, NULL, &users, &size); + sd = sdescAuthUsers(&users, &acl); + + NUTS_ASSERT(sd != NULL); + NUTS_ASSERT(acl != NULL); + NUTS_PASS(nng_aio_alloc(&aio, NULL, NULL)); + + NUTS_PASS(nng_stream_listener_set_ptr( + l, NNG_OPT_IPC_SECURITY_DESCRIPTOR, sd)); + NUTS_PASS(nng_stream_listener_listen(l)); + nng_stream_listener_accept(l, aio); + + (void) snprintf(pipe, sizeof(pipe), "\\\\.\\pipe\\%s", address+strlen("ipc://")); + HANDLE ph = CreateFileA(pipe, READ_CONTROL, 0, NULL, OPEN_EXISTING, + FILE_FLAG_OVERLAPPED, NULL); + + nng_aio_wait(aio); + NUTS_PASS(nng_aio_result(aio)); + HANDLE pd = (HANDLE) nng_aio_get_output(aio, 0); + + NUTS_ASSERT(ph != INVALID_HANDLE_VALUE); + NUTS_ASSERT(pd != INVALID_HANDLE_VALUE); + + NUTS_ASSERT( + GetSecurityInfo(ph, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, + NULL, NULL, &dacl, NULL, &psd) == ERROR_SUCCESS); + + NUTS_ASSERT(dacl->AceCount == 1); + NUTS_ASSERT(GetAce(dacl, 0, (void **) &ace) == TRUE); + allowed = (PACCESS_ALLOWED_ACE) ace; + psid = (PSID) &allowed->SidStart; + NUTS_ASSERT(IsValidSid(psid)); + NUTS_ASSERT(EqualSid(psid, &users) == TRUE); + + CloseHandle(pd); + CloseHandle(ph); + free(sd); + LocalFree(acl); + LocalFree(psd); + nng_stream_listener_close(l); + nng_stream_listener_free(l); +} + +void +test_ipc_security_descriptor_busy(void) +{ + // This test ensures that the descriptor can only be set before + // the listener is started. + nng_stream_listener *l; + char address[64]; + SECURITY_DESCRIPTOR *sd; + SID users; + DWORD size; + PACL acl = NULL; + + nuts_scratch_addr("ipc", sizeof(address), address); + + NUTS_PASS(nng_stream_listener_alloc(&l, address)); + size = sizeof(users); + CreateWellKnownSid(WinAuthenticatedUserSid, NULL, &users, &size); + sd = sdescAuthUsers(&users, &acl); + + NUTS_ASSERT(sd != NULL); + NUTS_ASSERT(acl != NULL); + + NUTS_PASS(nng_stream_listener_listen(l)); + + NUTS_FAIL(nng_stream_listener_set_ptr( + l, NNG_OPT_IPC_SECURITY_DESCRIPTOR, sd), + NNG_EBUSY); + + free(sd); + nng_stream_listener_close(l); + nng_stream_listener_free(l); +} + +void +test_ipc_security_descriptor_bogus(void) +{ + nng_stream_listener *l; + char address[64]; + + nuts_scratch_addr("ipc", sizeof(address), address); + + NUTS_PASS(nng_stream_listener_alloc(&l, address)); + + NUTS_FAIL(nng_stream_listener_set_ptr( + l, NNG_OPT_IPC_SECURITY_DESCRIPTOR, NULL), + NNG_EINVAL); + + nng_stream_listener_close(l); + nng_stream_listener_free(l); +} + +void +test_ipc_security_descriptor_dialer(void) +{ + nng_stream_dialer *d; + char address[64]; + SECURITY_DESCRIPTOR *sdesc; + + nuts_scratch_addr("ipc", sizeof(address), address); + NUTS_PASS(nng_stream_dialer_alloc(&d, address)); + + sdesc = calloc(SECURITY_DESCRIPTOR_MIN_LENGTH, 1); + NUTS_ASSERT(sdesc != NULL); + InitializeSecurityDescriptor(sdesc, SECURITY_DESCRIPTOR_REVISION); + NUTS_FAIL(nng_stream_dialer_set_ptr( + d, NNG_OPT_IPC_SECURITY_DESCRIPTOR, sdesc), + NNG_ENOTSUP); + free(sdesc); + nng_stream_dialer_free(d); +} + +NUTS_TESTS = { + { "ipc security descriptor", test_ipc_security_descriptor }, + { "ipc security descriptor busy", test_ipc_security_descriptor_busy }, + { "ipc security descriptor bogus", + test_ipc_security_descriptor_bogus }, + { "ipc security descriptor dialer", + test_ipc_security_descriptor_dialer }, + { NULL, NULL }, +}; diff --git a/src/platform/windows/win_thread.c b/src/platform/windows/win_thread.c index dc9ed12a..9c7c09d3 100644 --- a/src/platform/windows/win_thread.c +++ b/src/platform/windows/win_thread.c @@ -381,7 +381,8 @@ nni_plat_thr_set_name(nni_plat_thr *thr, const char *name) if ((wcs = nni_alloc(len * 2)) == NULL) { return; } - (void) MultiByteToWideChar(CP_UTF8, 0, name, len, wcs, len); + (void) MultiByteToWideChar( + CP_UTF8, 0, name, (int) len, wcs, (int) len); set_thread_desc(h, wcs); nni_free(wcs, len * 2); } diff --git a/src/sp/protocol/pair0/pair.c b/src/sp/protocol/pair0/pair.c index c2407d81..c6470b7b 100644 --- a/src/sp/protocol/pair0/pair.c +++ b/src/sp/protocol/pair0/pair.c @@ -32,7 +32,7 @@ static void pair0_pipe_send(pair0_pipe *, nni_msg *); // pair0_sock is our per-socket protocol private structure. struct pair0_sock { - pair0_pipe * p; + pair0_pipe *p; nni_mtx mtx; nni_lmq wmq; nni_list waq; @@ -44,12 +44,12 @@ struct pair0_sock { bool wr_ready; // pipe ready for write }; -// An pair0_pipe is our per-pipe protocol private structure. We keep +// A pair0_pipe is our per-pipe protocol private structure. We keep // one of these even though in theory we'd only have a single underlying // pipe. The separate data structure is more like other protocols that do // manage multiple pipes. struct pair0_pipe { - nni_pipe * pipe; + nni_pipe *pipe; pair0_sock *pair; nni_aio aio_send; nni_aio aio_recv; @@ -190,8 +190,8 @@ pair0_pipe_recv_cb(void *arg) { pair0_pipe *p = arg; pair0_sock *s = p->pair; - nni_msg * msg; - nni_aio * a; + nni_msg *msg; + nni_aio *a; if (nni_aio_result(&p->aio_recv) != 0) { nni_pipe_close(p->pipe); @@ -231,8 +231,8 @@ static void pair0_send_sched(pair0_sock *s) { pair0_pipe *p; - nni_msg * m; - nni_aio * a = NULL; + nni_msg *m; + nni_aio *a = NULL; size_t l = 0; nni_mtx_lock(&s->mtx); @@ -303,8 +303,8 @@ static void pair0_sock_close(void *arg) { pair0_sock *s = arg; - nni_aio * a; - nni_msg * m; + nni_aio *a; + nni_msg *m; nni_mtx_lock(&s->mtx); while (((a = nni_list_first(&s->raq)) != NULL) || ((a = nni_list_first(&s->waq)) != NULL)) { @@ -334,7 +334,7 @@ static void pair0_sock_send(void *arg, nni_aio *aio) { pair0_sock *s = arg; - nni_msg * m; + nni_msg *m; size_t len; int rv; @@ -384,7 +384,7 @@ pair0_sock_recv(void *arg, nni_aio *aio) { pair0_sock *s = arg; pair0_pipe *p; - nni_msg * m; + nni_msg *m; int rv; if (nni_aio_begin(aio) != 0) { @@ -463,7 +463,7 @@ pair0_get_send_buf_len(void *arg, void *buf, size_t *szp, nni_opt_type t) int val; nni_mtx_lock(&s->mtx); - val = nni_lmq_cap(&s->wmq); + val = (int) nni_lmq_cap(&s->wmq); nni_mtx_unlock(&s->mtx); return (nni_copyout_int(val, buf, szp, t)); @@ -498,7 +498,7 @@ pair0_get_recv_buf_len(void *arg, void *buf, size_t *szp, nni_opt_type t) int val; nni_mtx_lock(&s->mtx); - val = nni_lmq_cap(&s->rmq); + val = (int) nni_lmq_cap(&s->rmq); nni_mtx_unlock(&s->mtx); return (nni_copyout_int(val, buf, szp, t)); @@ -531,28 +531,28 @@ pair0_sock_get_send_fd(void *arg, void *buf, size_t *szp, nni_opt_type t) } static nni_option pair0_sock_options[] = { - { - .o_name = NNG_OPT_RECVFD, - .o_get = pair0_sock_get_recv_fd, - }, - { - .o_name = NNG_OPT_SENDFD, - .o_get = pair0_sock_get_send_fd, - }, - { - .o_name = NNG_OPT_SENDBUF, - .o_get = pair0_get_send_buf_len, - .o_set = pair0_set_send_buf_len, - }, - { - .o_name = NNG_OPT_RECVBUF, - .o_get = pair0_get_recv_buf_len, - .o_set = pair0_set_recv_buf_len, - }, - // terminate list - { - .o_name = NULL, - }, + { + .o_name = NNG_OPT_RECVFD, + .o_get = pair0_sock_get_recv_fd, + }, + { + .o_name = NNG_OPT_SENDFD, + .o_get = pair0_sock_get_send_fd, + }, + { + .o_name = NNG_OPT_SENDBUF, + .o_get = pair0_get_send_buf_len, + .o_set = pair0_set_send_buf_len, + }, + { + .o_name = NNG_OPT_RECVBUF, + .o_get = pair0_get_recv_buf_len, + .o_set = pair0_set_recv_buf_len, + }, + // terminate list + { + .o_name = NULL, + }, }; static nni_proto_pipe_ops pair0_pipe_ops = { diff --git a/src/sp/protocol/pair1/pair.c b/src/sp/protocol/pair1/pair.c index 4a909888..e6be4628 100644 --- a/src/sp/protocol/pair1/pair.c +++ b/src/sp/protocol/pair1/pair.c @@ -32,9 +32,9 @@ static void pair1_pipe_send(pair1_pipe *, nni_msg *); // pair1_sock is our per-socket protocol private structure. struct pair1_sock { - nni_sock * sock; + nni_sock *sock; bool raw; - pair1_pipe * p; + pair1_pipe *p; nni_atomic_int ttl; nni_mtx mtx; nni_lmq wmq; @@ -63,7 +63,7 @@ struct pair1_sock { // pair1_pipe is our per-pipe protocol private structure. struct pair1_pipe { - nni_pipe * pipe; + nni_pipe *pipe; pair1_sock *pair; nni_aio aio_send; nni_aio aio_recv; @@ -302,11 +302,11 @@ pair1_pipe_recv_cb(void *arg) { pair1_pipe *p = arg; pair1_sock *s = p->pair; - nni_msg * msg; + nni_msg *msg; uint32_t hdr; - nni_pipe * pipe = p->pipe; + nni_pipe *pipe = p->pipe; size_t len; - nni_aio * a; + nni_aio *a; if (nni_aio_result(&p->aio_recv) != 0) { nni_pipe_close(p->pipe); @@ -372,8 +372,8 @@ static void pair1_send_sched(pair1_sock *s) { pair1_pipe *p; - nni_msg * m; - nni_aio * a = NULL; + nni_msg *m; + nni_aio *a = NULL; size_t l = 0; nni_mtx_lock(&s->mtx); @@ -444,8 +444,8 @@ static void pair1_sock_close(void *arg) { pair1_sock *s = arg; - nni_aio * a; - nni_msg * m; + nni_aio *a; + nni_msg *m; nni_mtx_lock(&s->mtx); while (((a = nni_list_first(&s->raq)) != NULL) || ((a = nni_list_first(&s->waq)) != NULL)) { @@ -521,7 +521,7 @@ static void pair1_sock_send(void *arg, nni_aio *aio) { pair1_sock *s = arg; - nni_msg * m; + nni_msg *m; size_t len; int rv; @@ -599,7 +599,7 @@ pair1_sock_recv(void *arg, nni_aio *aio) { pair1_sock *s = arg; pair1_pipe *p; - nni_msg * m; + nni_msg *m; int rv; if (nni_aio_begin(aio) != 0) { @@ -678,7 +678,7 @@ pair1_get_send_buf_len(void *arg, void *buf, size_t *szp, nni_opt_type t) int val; nni_mtx_lock(&s->mtx); - val = nni_lmq_cap(&s->wmq); + val = (int) nni_lmq_cap(&s->wmq); nni_mtx_unlock(&s->mtx); return (nni_copyout_int(val, buf, szp, t)); @@ -713,7 +713,7 @@ pair1_get_recv_buf_len(void *arg, void *buf, size_t *szp, nni_opt_type t) int val; nni_mtx_lock(&s->mtx); - val = nni_lmq_cap(&s->rmq); + val = (int) nni_lmq_cap(&s->rmq); nni_mtx_unlock(&s->mtx); return (nni_copyout_int(val, buf, szp, t)); diff --git a/src/sp/protocol/pipeline0/push.c b/src/sp/protocol/pipeline0/push.c index ad43d967..028104cd 100644 --- a/src/sp/protocol/pipeline0/push.c +++ b/src/sp/protocol/pipeline0/push.c @@ -1,5 +1,5 @@ // -// Copyright 2020 Staysail Systems, Inc. <info@staysail.tech> +// Copyright 2021 Staysail Systems, Inc. <info@staysail.tech> // Copyright 2018 Capitar IT Group BV <info@capitar.com> // // This software is supplied under the terms of the MIT License, a @@ -43,8 +43,8 @@ struct push0_sock { // push0_pipe is our per-pipe protocol private structure. struct push0_pipe { - nni_pipe * pipe; - push0_sock * push; + nni_pipe *pipe; + push0_sock *push; nni_list_node node; nni_aio aio_recv; @@ -85,7 +85,7 @@ static void push0_sock_close(void *arg) { push0_sock *s = arg; - nni_aio * a; + nni_aio *a; nni_mtx_lock(&s->m); while ((a = nni_list_first(&s->aq)) != NULL) { nni_aio_list_remove(a); @@ -182,8 +182,8 @@ static void push0_pipe_ready(push0_pipe *p) { push0_sock *s = p->push; - nni_msg * m; - nni_aio * a = NULL; + nni_msg *m; + nni_aio *a = NULL; size_t l; bool blocked; @@ -266,7 +266,7 @@ push0_sock_send(void *arg, nni_aio *aio) { push0_sock *s = arg; push0_pipe *p; - nni_msg * m; + nni_msg *m; size_t l; int rv; @@ -356,7 +356,7 @@ push0_get_send_buf_len(void *arg, void *buf, size_t *szp, nni_opt_type t) int val; nni_mtx_lock(&s->m); - val = nni_lmq_cap(&s->wq); + val = (int) nni_lmq_cap(&s->wq); nni_mtx_unlock(&s->m); return (nni_copyout_int(val, buf, szp, t)); diff --git a/src/supplemental/websocket/websocket_test.c b/src/supplemental/websocket/websocket_test.c index 9ea68017..be4e1b30 100644 --- a/src/supplemental/websocket/websocket_test.c +++ b/src/supplemental/websocket/websocket_test.c @@ -17,17 +17,17 @@ void test_websocket_wildcard(void) { - nng_stream_dialer * d = NULL; + nng_stream_dialer *d = NULL; nng_stream_listener *l = NULL; nng_sockaddr sa1; nng_sockaddr sa2; size_t sz; - nng_aio * daio = NULL; - nng_aio * laio = NULL; - nng_aio * aio1 = NULL; - nng_aio * aio2 = NULL; - nng_stream * c1 = NULL; - nng_stream * c2 = NULL; + nng_aio *daio = NULL; + nng_aio *laio = NULL; + nng_aio *aio1 = NULL; + nng_aio *aio2 = NULL; + nng_stream *c1 = NULL; + nng_stream *c2 = NULL; nng_iov iov; char buf1[8]; char buf2[8]; @@ -125,18 +125,18 @@ test_websocket_wildcard(void) void test_websocket_conn_props(void) { - nng_stream_dialer * d = NULL; + nng_stream_dialer *d = NULL; nng_stream_listener *l = NULL; nng_sockaddr sa1; nng_sockaddr sa2; size_t sz; - nng_aio * daio = NULL; - nng_aio * laio = NULL; - nng_stream * c1 = NULL; - nng_stream * c2 = NULL; + nng_aio *daio = NULL; + nng_aio *laio = NULL; + nng_stream *c1 = NULL; + nng_stream *c2 = NULL; char uri[64]; bool on; - char * str; + char *str; uint16_t port = nuts_next_port(); (void) snprintf(uri, sizeof(uri), "ws://127.0.0.1:%d/test", port); @@ -219,14 +219,14 @@ test_websocket_conn_props(void) void test_websocket_text_mode(void) { - nng_stream_dialer * d = NULL; + nng_stream_dialer *d = NULL; nng_stream_listener *l = NULL; - nng_aio * daio = NULL; - nng_aio * laio = NULL; - nng_aio * aio1 = NULL; - nng_aio * aio2 = NULL; - nng_stream * c1 = NULL; - nng_stream * c2 = NULL; + nng_aio *daio = NULL; + nng_aio *laio = NULL; + nng_aio *aio1 = NULL; + nng_aio *aio2 = NULL; + nng_stream *c1 = NULL; + nng_stream *c2 = NULL; char uri[64]; char txb[5]; char rxb[5]; @@ -342,16 +342,16 @@ test_websocket_text_mode(void) } typedef struct recv_state { - nng_stream * c; + nng_stream *c; int total; int xfr; - nng_mtx * lock; - nng_cv * cv; - nng_aio * aio; + nng_mtx *lock; + nng_cv *cv; + nng_aio *aio; int err; bool done; - uint8_t * send_buf; - uint8_t * buf; + uint8_t *send_buf; + uint8_t *buf; nni_sha1_ctx sum; } recv_state; @@ -393,20 +393,20 @@ void test_websocket_fragmentation(void) { nng_stream_listener *l = NULL; - nng_stream_dialer * d = NULL; - nng_stream * c = NULL; + nng_stream_dialer *d = NULL; + nng_stream *c = NULL; uint16_t port; char url[64]; - nng_aio * daio = NULL; - nng_aio * laio = NULL; - nng_aio * caio = NULL; + nng_aio *daio = NULL; + nng_aio *laio = NULL; + nng_aio *caio = NULL; int resid; recv_state state; uint8_t sum1[20]; uint8_t sum2[20]; - uint8_t * recv_buf; - uint8_t * send_buf; - uint8_t * buf; + uint8_t *recv_buf; + uint8_t *send_buf; + uint8_t *buf; nng_iov iov; memset(&state, 0, sizeof(state)); @@ -475,7 +475,7 @@ test_websocket_fragmentation(void) nng_aio_wait(caio); NUTS_PASS(nng_aio_result(caio)); NUTS_TRUE(nng_aio_count(caio) > 0); - len = nng_aio_count(caio); + len = (int) nng_aio_count(caio); resid -= len; buf += len; diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 856ce387..f9f9ee6e 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -131,7 +131,6 @@ add_nng_test1(httpserver 30 NNG_SUPP_HTTP) add_nng_test(inproc 5) add_nng_test(ipc 5) add_nng_test(ipcsupp 10) -add_nng_test(ipcwinsec 5) add_nng_test(multistress 60) add_nng_test(nonblock 60) add_nng_test(options 5) diff --git a/tests/ipcwinsec.c b/tests/ipcwinsec.c deleted file mode 100644 index 533dfe37..00000000 --- a/tests/ipcwinsec.c +++ /dev/null @@ -1,192 +0,0 @@ -// -// Copyright 2021 Staysail Systems, Inc. <info@staysail.tech> -// Copyright 2018 Capitar IT Group BV <info@capitar.com> -// -// This software is supplied under the terms of the MIT License, a -// copy of which should be located in the distribution where this -// file was obtained (LICENSE.txt). A copy of the license may also be -// found online at https://opensource.org/licenses/MIT. -// - -#include <nng/nng.h> -#include <nng/protocol/reqrep0/rep.h> -#include <nng/protocol/reqrep0/req.h> -#include <nng/transport/ipc/ipc.h> - -#include "convey.h" -#include "stubs.h" -#include "trantest.h" - -#define ADDR "/tmp/ipc_winsec_test" - -// Inproc tests. - -#ifndef _WIN32 -TestMain("IPC Security Descriptor", { - Convey("Given a socket and an IPC listener", { - nng_socket s; - nng_listener l; - int x; - - So(nng_rep0_open(&s) == 0); - Reset({ nng_close(s); }); - So(nng_listener_create(&l, s, "ipc://" ADDR) == 0); - Convey("We cannot set Windows SECURITY_DESCRIPTOR on POSIX", { - So(nng_listener_setopt_ptr(l, - NNG_OPT_IPC_SECURITY_DESCRIPTOR, - &x) == NNG_ENOTSUP); - }); - }); -}) -#else - -#include <assert.h> - -// Microsoft prefers CamelCase header names, but relies on case insensitive -// file systems to make that work. The rest of the world (min-gw64 included) -// uses case sensitive names and lowercase. - -#include <accctrl.h> - -#include <sddl.h> - -#include <aclapi.h> - -SECURITY_DESCRIPTOR * -sdescAuthUsers(PSID sid, PACL *aclp) -{ - SECURITY_DESCRIPTOR *sdesc; - EXPLICIT_ACCESS xa; - ACL * acl; - - sdesc = calloc(SECURITY_DESCRIPTOR_MIN_LENGTH, 1); - assert(sdesc != NULL); - - InitializeSecurityDescriptor(sdesc, SECURITY_DESCRIPTOR_REVISION); - - xa.grfAccessPermissions = GENERIC_READ | GENERIC_WRITE; - xa.grfAccessMode = SET_ACCESS; - xa.grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT; - xa.Trustee.TrusteeForm = TRUSTEE_IS_SID; - xa.Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP; - xa.Trustee.ptstrName = (LPSTR) sid; - - SetEntriesInAcl(1, &xa, NULL, &acl); - *aclp = acl; - - SetSecurityDescriptorDacl(sdesc, TRUE, acl, FALSE); - return (sdesc); -} - -TestMain("IPC Security Descriptor", { - Convey("Given a socket and an IPC listener", { - nng_socket s; - nng_listener l; - - So(nng_rep0_open(&s) == 0); - Reset({ nng_close(s); }); - - So(nng_listener_create(&l, s, "ipc://" ADDR) == 0); - Convey("We can set security descriptor on Windows", { - SECURITY_DESCRIPTOR *sdesc; - SID users; - DWORD size; - PACL acl = NULL; - - size = sizeof(users); - CreateWellKnownSid( - WinAuthenticatedUserSid, NULL, &users, &size); - - sdesc = sdescAuthUsers(&users, &acl); - assert(sdesc != NULL); - assert(acl != NULL); - Reset({ - free(sdesc); - LocalFree(acl); - }); - - So(nng_listener_setopt_ptr(l, - NNG_OPT_IPC_SECURITY_DESCRIPTOR, sdesc) == 0); - So(nng_listener_start(l, 0) == 0); - - Convey("And they are effective", { - PACL dacl; - PSECURITY_DESCRIPTOR sd; - PACE_HEADER ace; - PSID asid; - PACCESS_ALLOWED_ACE allowed; - - HANDLE ph = CreateFileA("\\\\.\\\\pipe\\" ADDR, - READ_CONTROL, 0, NULL, OPEN_EXISTING, - FILE_FLAG_OVERLAPPED, NULL); - - So(ph != INVALID_HANDLE_VALUE); - Reset({ CloseHandle(ph); }); - - So(GetSecurityInfo(ph, SE_KERNEL_OBJECT, - DACL_SECURITY_INFORMATION, NULL, NULL, - &dacl, NULL, &sd) == ERROR_SUCCESS); - Reset({ LocalFree(sd); }); - - So(dacl->AceCount == 1); - So(GetAce(dacl, 0, (void **) &ace) == TRUE); - allowed = (PACCESS_ALLOWED_ACE) ace; - asid = (PSID) &allowed->SidStart; - So(IsValidSid(asid)); - So(EqualSid(asid, &users) == TRUE); - }); - }); - - Convey("We cannot set security descriptor after started", { - SECURITY_DESCRIPTOR *sdesc; - SID users; - DWORD size; - PACL acl = NULL; - - size = sizeof(users); - CreateWellKnownSid( - WinAuthenticatedUserSid, NULL, &users, &size); - - sdesc = sdescAuthUsers(&users, &acl); - assert(sdesc != NULL); - assert(acl != NULL); - Reset({ - free(sdesc); - LocalFree(acl); - }); - - So(nng_listener_start(l, 0) == 0); - So(nng_listener_setopt_ptr(l, - NNG_OPT_IPC_SECURITY_DESCRIPTOR, - sdesc) == NNG_EBUSY); - }); - - Convey("We cannot set bogus security", { - So(nng_listener_setopt_ptr(l, - NNG_OPT_IPC_SECURITY_DESCRIPTOR, - NULL) == NNG_EINVAL); - }); - }); - - Convey("We cannot set security descriptor on an IPC dialer", { - nng_socket s; - nng_dialer d; - SECURITY_DESCRIPTOR *sdesc; - - sdesc = calloc(SECURITY_DESCRIPTOR_MIN_LENGTH, 1); - assert(sdesc != NULL); - InitializeSecurityDescriptor( - sdesc, SECURITY_DESCRIPTOR_REVISION); - - So(nng_rep0_open(&s) == 0); - Reset({ - nng_close(s); - free(sdesc); - }); - - So(nng_dialer_create(&d, s, "ipc://" ADDR) == 0); - So(nng_dialer_setopt_ptr(d, NNG_OPT_IPC_SECURITY_DESCRIPTOR, - sdesc) == NNG_ENOTSUP); - }); -}) -#endif |