3 files changed, 42 insertions, 7 deletions
diff --git a/src/sp/transport.h b/src/sp/transport.h
index b65486ed..b7134595 100644
--- a/src/sp/transport.h
+++ b/src/sp/transport.h
@@ -103,6 +103,9 @@ struct nni_sp_listener_ops {
 	// This may be NULL if this listener does not support TLS.
 	int (*l_set_tls)(void *, nng_tls_config *);
 
+	// l_set_security_descriptor is used exclusively on Windows.
+	int (*l_set_security_descriptor)(void *, void *);
+
 	// l_options is an array of listener options.  The final
 	// element must have a NULL name. If this member is NULL, then
 	// no dialer specific options are available.
diff --git a/src/sp/transport/ipc/ipc.c b/src/sp/transport/ipc/ipc.c
index 69efa741..803c4b4b 100644
--- a/src/sp/transport/ipc/ipc.c
+++ b/src/sp/transport/ipc/ipc.c
@@ -13,6 +13,7 @@
 
 #include "core/defs.h"
 #include "core/nng_impl.h"
+#include "nng/nng.h"
 
 // IPC transport.   Platform specific IPC operations must be
 // supplied as well.  Normally the IPC is UNIX domain sockets or
@@ -1106,6 +1107,15 @@ ipc_listener_set(
 	return (rv);
 }
 
+static int
+ipc_listener_set_sec_desc(void *arg, void *pdesc)
+{
+	ipc_ep *ep = arg;
+
+	return (
+	    nng_stream_listener_set_security_descriptor(ep->listener, pdesc));
+}
+
 static nni_sp_dialer_ops ipc_dialer_ops = {
 	.d_init    = ipc_ep_init_dialer,
 	.d_fini    = ipc_ep_fini,
@@ -1116,13 +1126,14 @@ static nni_sp_dialer_ops ipc_dialer_ops = {
 };
 
 static nni_sp_listener_ops ipc_listener_ops = {
-	.l_init   = ipc_ep_init_listener,
-	.l_fini   = ipc_ep_fini,
-	.l_bind   = ipc_ep_bind,
-	.l_accept = ipc_ep_accept,
-	.l_close  = ipc_ep_close,
-	.l_getopt = ipc_listener_get,
-	.l_setopt = ipc_listener_set,
+	.l_init                    = ipc_ep_init_listener,
+	.l_fini                    = ipc_ep_fini,
+	.l_bind                    = ipc_ep_bind,
+	.l_accept                  = ipc_ep_accept,
+	.l_close                   = ipc_ep_close,
+	.l_getopt                  = ipc_listener_get,
+	.l_setopt                  = ipc_listener_set,
+	.l_set_security_descriptor = ipc_listener_set_sec_desc,
 };
 
 static nni_sp_tran ipc_tran = {
diff --git a/src/sp/transport/ipc/ipc_test.c b/src/sp/transport/ipc/ipc_test.c
index 6a4021a0..51eb975d 100644
--- a/src/sp/transport/ipc/ipc_test.c
+++ b/src/sp/transport/ipc/ipc_test.c
@@ -674,6 +674,26 @@ test_ipc_pipe_peer(void)
 #endif // NNG_PLATFORM_POSIX
 }
 
+void
+test_ipc_security_descriptor(void)
+{
+	nng_socket   s;
+	nng_listener l;
+	char        *addr;
+
+	NUTS_ADDR(addr, "ipc");
+	NUTS_OPEN(s);
+	NUTS_PASS(nng_listener_create(&l, s, addr));
+#ifdef NNG_PLATFORM_WINDOWS
+	// not a security descriptor
+	NUTS_FAIL(nng_listener_set_security_descriptor(l, addr), NNG_EINVAL);
+#else
+	// not appropriate
+	NUTS_FAIL(nng_listener_set_security_descriptor(l, addr), NNG_ENOTSUP);
+#endif
+	NUTS_CLOSE(s);
+}
+
 TEST_LIST = {
 	{ "ipc path too long", test_path_too_long },
 	{ "ipc dialer perms", test_ipc_dialer_perms },
@@ -696,5 +716,6 @@ TEST_LIST = {
 	{ "ipc abstract embedded null", test_abstract_null },
 	{ "ipc unix alias", test_unix_alias },
 	{ "ipc peer id", test_ipc_pipe_peer },
+	{ "ipc security descriptor", test_ipc_security_descriptor },
 	{ NULL, NULL },
 };