diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/core/listener.c | 9 | ||||
| -rw-r--r-- | src/core/listener.h | 1 | ||||
| -rw-r--r-- | src/core/stream.c | 10 | ||||
| -rw-r--r-- | src/core/stream.h | 7 | ||||
| -rw-r--r-- | src/nng.c | 13 | ||||
| -rw-r--r-- | src/platform/posix/posix_ipcwinsec_test.c | 7 | ||||
| -rw-r--r-- | src/platform/windows/win_ipc_sec_test.c | 40 | ||||
| -rw-r--r-- | src/platform/windows/win_ipclisten.c | 11 | ||||
| -rw-r--r-- | src/sp/transport.h | 3 | ||||
| -rw-r--r-- | src/sp/transport/ipc/ipc.c | 25 | ||||
| -rw-r--r-- | src/sp/transport/ipc/ipc_test.c | 21 |
11 files changed, 93 insertions, 54 deletions
diff --git a/src/core/listener.c b/src/core/listener.c index 76d9848e..9107e3a4 100644 --- a/src/core/listener.c +++ b/src/core/listener.c @@ -532,6 +532,15 @@ nni_listener_set_tls(nni_listener *l, nng_tls_config *cfg) return (l->l_ops.l_set_tls(l->l_data, cfg)); } +int +nni_listener_set_security_descriptor(nni_listener *l, void *desc) +{ + if (l->l_ops.l_set_security_descriptor == NULL) { + return (NNG_ENOTSUP); + } + return (l->l_ops.l_set_security_descriptor(l->l_data, desc)); +} + nng_url * nni_listener_url(nni_listener *l) { diff --git a/src/core/listener.h b/src/core/listener.h index eec98f2e..5902d4bc 100644 --- a/src/core/listener.h +++ b/src/core/listener.h @@ -29,6 +29,7 @@ extern int nni_listener_getopt( nni_listener *, const char *, void *, size_t *, nni_type); extern int nni_listener_get_tls(nni_listener *, nng_tls_config **); extern int nni_listener_set_tls(nni_listener *, nng_tls_config *); +extern int nni_listener_set_security_descriptor(nni_listener *, void *); extern nng_url *nni_listener_url(nni_listener *); extern void nni_listener_add_stat(nni_listener *, nni_stat_item *); extern void nni_listener_bump_error(nni_listener *, int); diff --git a/src/core/stream.c b/src/core/stream.c index d900329a..e46eb59a 100644 --- a/src/core/stream.c +++ b/src/core/stream.c @@ -280,6 +280,16 @@ nni_stream_listener_set_tls(nng_stream_listener *l, nng_tls_config *cfg) } int +nng_stream_listener_set_security_descriptor( + nng_stream_listener *l, void *pdesc) +{ + if (l->sl_set_security_descriptor == NULL) { + return (NNG_ENOTSUP); + } + return (l->sl_set_security_descriptor(l, pdesc)); +} + +int nng_stream_listener_alloc_url(nng_stream_listener **lp, const nng_url *url) { for (int i = 0; stream_drivers[i].scheme != NULL; i++) { diff --git a/src/core/stream.h b/src/core/stream.h index 0fa79a47..9ea65834 100644 --- a/src/core/stream.h +++ b/src/core/stream.h @@ -32,8 +32,10 @@ extern int nni_stream_listener_get( nng_stream_listener *, const char *, void *, size_t *, nni_type); extern int nni_stream_listener_set( nng_stream_listener *, const char *, const void *, size_t, nni_type); -extern int nni_stream_listener_set_tls(nng_stream_listener *, nng_tls_config *); -extern int nni_stream_listener_get_tls(nng_stream_listener *, nng_tls_config **); +extern int nni_stream_listener_set_tls( + nng_stream_listener *, nng_tls_config *); +extern int nni_stream_listener_get_tls( + nng_stream_listener *, nng_tls_config **); // This is the common implementation of a connected byte stream. It should be // the first element of any implementation. Applications are not permitted to @@ -69,6 +71,7 @@ struct nng_stream_listener { int (*sl_set)(void *, const char *, const void *, size_t, nni_type); int (*sl_get_tls)(void *, nng_tls_config **); int (*sl_set_tls)(void *, nng_tls_config *); + int (*sl_set_security_descriptor)(void *, void *); }; #endif // CORE_STREAM_H @@ -1024,6 +1024,19 @@ nng_listener_set_tls(nng_listener id, nng_tls_config *cfg) } int +nng_listener_set_security_descriptor(nng_listener id, void *cfg) +{ + int rv; + nni_listener *l; + if ((rv = nni_listener_find(&l, id.id)) != 0) { + return (rv); + } + rv = nni_listener_set_security_descriptor(l, cfg); + nni_listener_rele(l); + return (rv); +} + +int nng_dialer_get_url(nng_dialer id, const nng_url **urlp) { int rv; diff --git a/src/platform/posix/posix_ipcwinsec_test.c b/src/platform/posix/posix_ipcwinsec_test.c index 934eeea9..b79e887c 100644 --- a/src/platform/posix/posix_ipcwinsec_test.c +++ b/src/platform/posix/posix_ipcwinsec_test.c @@ -1,5 +1,5 @@ // -// Copyright 2021 Staysail Systems, Inc. <info@staysail.tech> +// Copyright 2024 Staysail Systems, Inc. <info@staysail.tech> // Copyright 2018 Capitar IT Group BV <info@capitar.com> // // This software is supplied under the terms of the MIT License, a @@ -19,9 +19,8 @@ test_ipc_win_sec(void) nuts_scratch_addr("ipc", sizeof(address), address); NUTS_PASS(nng_stream_listener_alloc(&l, address)); - NUTS_FAIL(nng_stream_listener_set_ptr( - l, NNG_OPT_IPC_SECURITY_DESCRIPTOR, &x), - NNG_ENOTSUP); + NUTS_FAIL( + nng_stream_listener_set_security_descriptor(l, &x), NNG_ENOTSUP); nng_stream_listener_free(l); } diff --git a/src/platform/windows/win_ipc_sec_test.c b/src/platform/windows/win_ipc_sec_test.c index ab65533b..8b76770e 100644 --- a/src/platform/windows/win_ipc_sec_test.c +++ b/src/platform/windows/win_ipc_sec_test.c @@ -1,5 +1,5 @@ // -// Copyright 2021 Staysail Systems, Inc. <info@staysail.tech> +// Copyright 2024 Staysail Systems, Inc. <info@staysail.tech> // Copyright 2018 Capitar IT Group BV <info@capitar.com> // // This software is supplied under the terms of the MIT License, a @@ -72,12 +72,12 @@ test_ipc_security_descriptor(void) NUTS_ASSERT(acl != NULL); NUTS_PASS(nng_aio_alloc(&aio, NULL, NULL)); - NUTS_PASS(nng_stream_listener_set_ptr( - l, NNG_OPT_IPC_SECURITY_DESCRIPTOR, sd)); + NUTS_PASS(nng_stream_listener_set_security_descriptor(l, sd)); NUTS_PASS(nng_stream_listener_listen(l)); nng_stream_listener_accept(l, aio); - (void) snprintf(pipe, sizeof(pipe), "\\\\.\\pipe\\%s", address+strlen("ipc://")); + (void) snprintf( + pipe, sizeof(pipe), "\\\\.\\pipe\\%s", address + strlen("ipc://")); HANDLE ph = CreateFileA(pipe, READ_CONTROL, 0, NULL, OPEN_EXISTING, FILE_FLAG_OVERLAPPED, NULL); @@ -132,9 +132,8 @@ test_ipc_security_descriptor_busy(void) NUTS_PASS(nng_stream_listener_listen(l)); - NUTS_FAIL(nng_stream_listener_set_ptr( - l, NNG_OPT_IPC_SECURITY_DESCRIPTOR, sd), - NNG_EBUSY); + NUTS_FAIL( + nng_stream_listener_set_security_descriptor(l, sd), NNG_EBUSY); free(sd); nng_stream_listener_close(l); @@ -151,40 +150,17 @@ test_ipc_security_descriptor_bogus(void) NUTS_PASS(nng_stream_listener_alloc(&l, address)); - NUTS_FAIL(nng_stream_listener_set_ptr( - l, NNG_OPT_IPC_SECURITY_DESCRIPTOR, NULL), - NNG_EINVAL); + NUTS_FAIL( + nng_stream_listener_set_security_descriptor(l, NULL), NNG_EINVAL); nng_stream_listener_close(l); nng_stream_listener_free(l); } -void -test_ipc_security_descriptor_dialer(void) -{ - nng_stream_dialer *d; - char address[64]; - SECURITY_DESCRIPTOR *sdesc; - - nuts_scratch_addr("ipc", sizeof(address), address); - NUTS_PASS(nng_stream_dialer_alloc(&d, address)); - - sdesc = calloc(SECURITY_DESCRIPTOR_MIN_LENGTH, 1); - NUTS_ASSERT(sdesc != NULL); - InitializeSecurityDescriptor(sdesc, SECURITY_DESCRIPTOR_REVISION); - NUTS_FAIL(nng_stream_dialer_set_ptr( - d, NNG_OPT_IPC_SECURITY_DESCRIPTOR, sdesc), - NNG_ENOTSUP); - free(sdesc); - nng_stream_dialer_free(d); -} - NUTS_TESTS = { { "ipc security descriptor", test_ipc_security_descriptor }, { "ipc security descriptor busy", test_ipc_security_descriptor_busy }, { "ipc security descriptor bogus", test_ipc_security_descriptor_bogus }, - { "ipc security descriptor dialer", - test_ipc_security_descriptor_dialer }, { NULL, NULL }, }; diff --git a/src/platform/windows/win_ipclisten.c b/src/platform/windows/win_ipclisten.c index e81f4b46..3d39ed71 100644 --- a/src/platform/windows/win_ipclisten.c +++ b/src/platform/windows/win_ipclisten.c @@ -132,15 +132,11 @@ ipc_accept_cb(nni_win_io *io, int rv, size_t cnt) } static int -ipc_listener_set_sec_desc(void *arg, const void *buf, size_t sz, nni_type t) +ipc_listener_set_sec_desc(void *arg, void *desc) { ipc_listener *l = arg; - void *desc; int rv; - if ((rv = nni_copyin_ptr(&desc, buf, sz, t)) != 0) { - return (rv); - } if (!IsValidSecurityDescriptor((SECURITY_DESCRIPTOR *) desc)) { return (NNG_EINVAL); } @@ -163,10 +159,6 @@ ipc_listener_get_addr(void *arg, void *buf, size_t *szp, nni_type t) static const nni_option ipc_listener_options[] = { { - .o_name = NNG_OPT_IPC_SECURITY_DESCRIPTOR, - .o_set = ipc_listener_set_sec_desc, - }, - { .o_name = NNG_OPT_LOCADDR, .o_get = ipc_listener_get_addr, }, @@ -339,6 +331,7 @@ nni_ipc_listener_alloc(nng_stream_listener **lp, const nng_url *url) l->sl.sl_accept = ipc_listener_accept; l->sl.sl_get = ipc_listener_get; l->sl.sl_set = ipc_listener_set; + l->sl.sl_set_security_descriptor = ipc_listener_set_sec_desc; snprintf(l->sa.s_ipc.sa_path, NNG_MAXADDRLEN, "%s", url->u_path); nni_aio_list_init(&l->aios); nni_mtx_init(&l->mtx); diff --git a/src/sp/transport.h b/src/sp/transport.h index b65486ed..b7134595 100644 --- a/src/sp/transport.h +++ b/src/sp/transport.h @@ -103,6 +103,9 @@ struct nni_sp_listener_ops { // This may be NULL if this listener does not support TLS. int (*l_set_tls)(void *, nng_tls_config *); + // l_set_security_descriptor is used exclusively on Windows. + int (*l_set_security_descriptor)(void *, void *); + // l_options is an array of listener options. The final // element must have a NULL name. If this member is NULL, then // no dialer specific options are available. diff --git a/src/sp/transport/ipc/ipc.c b/src/sp/transport/ipc/ipc.c index 69efa741..803c4b4b 100644 --- a/src/sp/transport/ipc/ipc.c +++ b/src/sp/transport/ipc/ipc.c @@ -13,6 +13,7 @@ #include "core/defs.h" #include "core/nng_impl.h" +#include "nng/nng.h" // IPC transport. Platform specific IPC operations must be // supplied as well. Normally the IPC is UNIX domain sockets or @@ -1106,6 +1107,15 @@ ipc_listener_set( return (rv); } +static int +ipc_listener_set_sec_desc(void *arg, void *pdesc) +{ + ipc_ep *ep = arg; + + return ( + nng_stream_listener_set_security_descriptor(ep->listener, pdesc)); +} + static nni_sp_dialer_ops ipc_dialer_ops = { .d_init = ipc_ep_init_dialer, .d_fini = ipc_ep_fini, @@ -1116,13 +1126,14 @@ static nni_sp_dialer_ops ipc_dialer_ops = { }; static nni_sp_listener_ops ipc_listener_ops = { - .l_init = ipc_ep_init_listener, - .l_fini = ipc_ep_fini, - .l_bind = ipc_ep_bind, - .l_accept = ipc_ep_accept, - .l_close = ipc_ep_close, - .l_getopt = ipc_listener_get, - .l_setopt = ipc_listener_set, + .l_init = ipc_ep_init_listener, + .l_fini = ipc_ep_fini, + .l_bind = ipc_ep_bind, + .l_accept = ipc_ep_accept, + .l_close = ipc_ep_close, + .l_getopt = ipc_listener_get, + .l_setopt = ipc_listener_set, + .l_set_security_descriptor = ipc_listener_set_sec_desc, }; static nni_sp_tran ipc_tran = { diff --git a/src/sp/transport/ipc/ipc_test.c b/src/sp/transport/ipc/ipc_test.c index 6a4021a0..51eb975d 100644 --- a/src/sp/transport/ipc/ipc_test.c +++ b/src/sp/transport/ipc/ipc_test.c @@ -674,6 +674,26 @@ test_ipc_pipe_peer(void) #endif // NNG_PLATFORM_POSIX } +void +test_ipc_security_descriptor(void) +{ + nng_socket s; + nng_listener l; + char *addr; + + NUTS_ADDR(addr, "ipc"); + NUTS_OPEN(s); + NUTS_PASS(nng_listener_create(&l, s, addr)); +#ifdef NNG_PLATFORM_WINDOWS + // not a security descriptor + NUTS_FAIL(nng_listener_set_security_descriptor(l, addr), NNG_EINVAL); +#else + // not appropriate + NUTS_FAIL(nng_listener_set_security_descriptor(l, addr), NNG_ENOTSUP); +#endif + NUTS_CLOSE(s); +} + TEST_LIST = { { "ipc path too long", test_path_too_long }, { "ipc dialer perms", test_ipc_dialer_perms }, @@ -696,5 +716,6 @@ TEST_LIST = { { "ipc abstract embedded null", test_abstract_null }, { "ipc unix alias", test_unix_alias }, { "ipc peer id", test_ipc_pipe_peer }, + { "ipc security descriptor", test_ipc_security_descriptor }, { NULL, NULL }, }; |