diff options
Diffstat (limited to 'src/transport')
| -rw-r--r-- | src/transport/ipc/ipc.c | 47 | ||||
| -rw-r--r-- | src/transport/ipc/ipc.h | 16 |
2 files changed, 61 insertions, 2 deletions
diff --git a/src/transport/ipc/ipc.c b/src/transport/ipc/ipc.c index 61b89f20..3dbccb50 100644 --- a/src/transport/ipc/ipc.c +++ b/src/transport/ipc/ipc.c @@ -13,6 +13,7 @@ #include <string.h> #include "core/nng_impl.h" +#include "ipc.h" // IPC transport. Platform specific IPC operations must be // supplied as well. Normally the IPC is UNIX domain sockets or @@ -739,6 +740,40 @@ nni_ipc_ep_get_addr(void *arg, void *data, size_t *szp, int typ) return (nni_copyout_sockaddr(&ep->sa, data, szp, typ)); } +static int +nni_ipc_ep_setopt_permissions(void *arg, const void *data, size_t sz, int typ) +{ + nni_ipc_ep *ep = arg; + int val; + int rv; + + // Probably we could further limit this -- most systems don't have + // meaningful chmod beyond the lower 9 bits. + rv = nni_copyin_int(&val, data, sz, 0, 0x7FFFFFFF, typ); + if ((rv == 0) && (ep != NULL)) { + rv = nni_plat_ipc_ep_set_permissions(ep->iep, val); + } + return (rv); +} + +static int +nni_ipc_ep_setopt_security_desc( + void *arg, const void *data, size_t sz, int typ) +{ + nni_ipc_ep *ep = arg; + void * ptr; + int rv; + + if ((rv = nni_copyin_ptr((void **) &ptr, data, sz, typ)) != 0) { + return (rv); + } + + if (ep == NULL) { + return (0); + } + return (nni_plat_ipc_ep_set_security_descriptor(ep->iep, ptr)); +} + static nni_tran_pipe_option nni_ipc_pipe_options[] = { { .po_name = NNG_OPT_REMADDR, @@ -779,6 +814,18 @@ static nni_tran_ep_option nni_ipc_ep_options[] = { .eo_getopt = nni_ipc_ep_get_addr, .eo_setopt = NULL, }, + { + .eo_name = NNG_OPT_IPC_SECURITY_DESCRIPTOR, + .eo_type = NNI_TYPE_POINTER, + .eo_getopt = NULL, + .eo_setopt = nni_ipc_ep_setopt_security_desc, + }, + { + .eo_name = NNG_OPT_IPC_PERMISSIONS, + .eo_type = NNI_TYPE_INT32, + .eo_getopt = NULL, + .eo_setopt = nni_ipc_ep_setopt_permissions, + }, // terminate list { .eo_name = NULL, diff --git a/src/transport/ipc/ipc.h b/src/transport/ipc/ipc.h index 4c4c5708..42cbdb08 100644 --- a/src/transport/ipc/ipc.h +++ b/src/transport/ipc/ipc.h @@ -1,6 +1,6 @@ // -// Copyright 2017 Garrett D'Amore <garrett@damore.org> -// Copyright 2017 Capitar IT Group BV <info@capitar.com> +// Copyright 2018 Staysail Systems, Inc. <info@staysail.tech> +// Copyright 2018 Capitar IT Group BV <info@capitar.com> // // This software is supplied under the terms of the MIT License, a // copy of which should be located in the distribution where this @@ -16,4 +16,16 @@ NNG_DECL int nng_ipc_register(void); +// Security Descriptor. This option may only be set on listeners +// on the Windows platform, where the object is a pointer to a +// a Windows SECURITY_DESCRIPTOR. +#define NNG_OPT_IPC_SECURITY_DESCRIPTOR "ipc:security-descriptor" + +// Permissions bits. This option is only valid for listeners on +// POSIX platforms and others that honor UNIX style permission bits. +// Note that some platforms may not honor the permissions here, although +// at least Linux and macOS seem to do so. Check before you rely on +// this for security. +#define NNG_OPT_IPC_PERMISSIONS "ipc:permissions" + #endif // NNG_TRANSPORT_IPC_IPC_H |