diff options
| author | Garrett D'Amore <garrett@damore.org> | 2018-04-27 14:14:08 -0700 |
|---|---|---|
| committer | Garrett D'Amore <garrett@damore.org> | 2018-04-30 11:33:10 -0700 |
| commit | 2b0d31553e542c130e2595ff9a3ac9756a2c1619 (patch) | |
| tree | f9ef54cfe7c4336e4765091445aa4d86a53645b5 /tests/ipcperms.c | |
| parent | 88c7a328dfaca4a9fce13ebbc4bce6b24d048c3e (diff) | |
| download | nng-2b0d31553e542c130e2595ff9a3ac9756a2c1619.tar.gz nng-2b0d31553e542c130e2595ff9a3ac9756a2c1619.tar.bz2 nng-2b0d31553e542c130e2595ff9a3ac9756a2c1619.zip | |
fixes #6 Security attributes support
fixes #382 Permissions support for IPC on POSIX
This adds support for permission management on Windows and
POSIX systems. There are two different properties, and they
are very different.
Tests and documentation are included.
Diffstat (limited to 'tests/ipcperms.c')
| -rw-r--r-- | tests/ipcperms.c | 114 |
1 files changed, 114 insertions, 0 deletions
diff --git a/tests/ipcperms.c b/tests/ipcperms.c new file mode 100644 index 00000000..84801efd --- /dev/null +++ b/tests/ipcperms.c @@ -0,0 +1,114 @@ +// +// Copyright 2018 Staysail Systems, Inc. <info@staysail.tech> +// Copyright 2018 Capitar IT Group BV <info@capitar.com> +// +// This software is supplied under the terms of the MIT License, a +// copy of which should be located in the distribution where this +// file was obtained (LICENSE.txt). A copy of the license may also be +// found online at https://opensource.org/licenses/MIT. +// + +#include "convey.h" +#include "trantest.h" + +#include "nng.h" + +#include "protocol/reqrep0/rep.h" +#include "protocol/reqrep0/req.h" +#include "transport/ipc/ipc.h" + +#include "stubs.h" + +#ifndef _WIN32 +#include <errno.h> +#include <string.h> +#include <sys/socket.h> +#include <sys/stat.h> +#include <sys/un.h> +#include <unistd.h> +#endif + +#define ADDR "/tmp/ipc_perms_test" + +// Inproc tests. + +#ifdef _WIN32 +TestMain("IPC Permissions", { + + atexit(nng_fini); + Convey("Given a socket and an IPC listener", { + nng_socket s; + nng_listener l; + + So(nng_rep0_open(&s) == 0); + Reset({ nng_close(s); }); + So(nng_listener_create(&l, s, "ipc://" ADDR) == 0); + Convey("We cannot set perms on Windows", { + So(nng_listener_setopt_int(l, NNG_OPT_IPC_PERMISSIONS, + 0444) == NNG_ENOTSUP); + }); + }); +}) +#else +TestMain("IPC Permissions", { + atexit(nng_fini); + + Convey("Given a socket and an IPC listener", { + nng_socket s; + nng_listener l; + + So(nng_rep0_open(&s) == 0); + Reset({ + nng_close(s); + unlink(ADDR); + }); + So(nng_listener_create(&l, s, "ipc://" ADDR) == 0); + Convey("We can set perms on POSIX", { + struct stat st; + So(nng_listener_setopt_int( + l, NNG_OPT_IPC_PERMISSIONS, 0444) == 0); + So(nng_listener_start(l, 0) == 0); + So(stat(ADDR, &st) == 0); + So((st.st_mode & 0777) == 0444); + + Convey("And permissions are honored", { + struct sockaddr_un sa; + int cfd; + + if (geteuid() == 0) { + Skip("Running as root"); + } + strcpy(sa.sun_path, ADDR); + sa.sun_family = AF_UNIX; + So((cfd = socket(AF_UNIX, SOCK_STREAM, 0)) >= + 0); + Reset({ close(cfd); }); + So(connect(cfd, (void *) &sa, sizeof(sa)) < 0); + So(errno == EACCES); + }); + }); + + Convey("We cannot set perms after it is started", { + So(nng_listener_start(l, 0) == 0); + So(nng_listener_setopt_int( + l, NNG_OPT_IPC_PERMISSIONS, 0444) == NNG_EBUSY); + }); + + Convey("We cannot set bogus permissions", { + So(nng_listener_setopt_int(l, NNG_OPT_IPC_PERMISSIONS, + S_IFREG) == NNG_EINVAL); + }); + }); + + Convey("We cannot set perms on an IPC dialer", { + nng_socket s; + nng_dialer d; + + So(nng_rep0_open(&s) == 0); + Reset({ nng_close(s); }); + So(nng_dialer_create(&d, s, "ipc://" ADDR) == 0); + So(nng_dialer_setopt_int(d, NNG_OPT_IPC_PERMISSIONS, 0444) == + NNG_ENOTSUP); + }); +}) +#endif
\ No newline at end of file |