From c42f32722447cc52810b25decee634210f09d70e Mon Sep 17 00:00:00 2001 From: Garrett D'Amore Date: Wed, 27 Oct 2021 22:34:41 -0700 Subject: fixes #1346 windows ipc winsec fails frequently in CI/CD --- tests/CMakeLists.txt | 1 - tests/ipcwinsec.c | 192 --------------------------------------------------- 2 files changed, 193 deletions(-) delete mode 100644 tests/ipcwinsec.c (limited to 'tests') diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 856ce387..f9f9ee6e 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -131,7 +131,6 @@ add_nng_test1(httpserver 30 NNG_SUPP_HTTP) add_nng_test(inproc 5) add_nng_test(ipc 5) add_nng_test(ipcsupp 10) -add_nng_test(ipcwinsec 5) add_nng_test(multistress 60) add_nng_test(nonblock 60) add_nng_test(options 5) diff --git a/tests/ipcwinsec.c b/tests/ipcwinsec.c deleted file mode 100644 index 533dfe37..00000000 --- a/tests/ipcwinsec.c +++ /dev/null @@ -1,192 +0,0 @@ -// -// Copyright 2021 Staysail Systems, Inc. -// Copyright 2018 Capitar IT Group BV -// -// This software is supplied under the terms of the MIT License, a -// copy of which should be located in the distribution where this -// file was obtained (LICENSE.txt). A copy of the license may also be -// found online at https://opensource.org/licenses/MIT. -// - -#include -#include -#include -#include - -#include "convey.h" -#include "stubs.h" -#include "trantest.h" - -#define ADDR "/tmp/ipc_winsec_test" - -// Inproc tests. - -#ifndef _WIN32 -TestMain("IPC Security Descriptor", { - Convey("Given a socket and an IPC listener", { - nng_socket s; - nng_listener l; - int x; - - So(nng_rep0_open(&s) == 0); - Reset({ nng_close(s); }); - So(nng_listener_create(&l, s, "ipc://" ADDR) == 0); - Convey("We cannot set Windows SECURITY_DESCRIPTOR on POSIX", { - So(nng_listener_setopt_ptr(l, - NNG_OPT_IPC_SECURITY_DESCRIPTOR, - &x) == NNG_ENOTSUP); - }); - }); -}) -#else - -#include - -// Microsoft prefers CamelCase header names, but relies on case insensitive -// file systems to make that work. The rest of the world (min-gw64 included) -// uses case sensitive names and lowercase. - -#include - -#include - -#include - -SECURITY_DESCRIPTOR * -sdescAuthUsers(PSID sid, PACL *aclp) -{ - SECURITY_DESCRIPTOR *sdesc; - EXPLICIT_ACCESS xa; - ACL * acl; - - sdesc = calloc(SECURITY_DESCRIPTOR_MIN_LENGTH, 1); - assert(sdesc != NULL); - - InitializeSecurityDescriptor(sdesc, SECURITY_DESCRIPTOR_REVISION); - - xa.grfAccessPermissions = GENERIC_READ | GENERIC_WRITE; - xa.grfAccessMode = SET_ACCESS; - xa.grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT; - xa.Trustee.TrusteeForm = TRUSTEE_IS_SID; - xa.Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP; - xa.Trustee.ptstrName = (LPSTR) sid; - - SetEntriesInAcl(1, &xa, NULL, &acl); - *aclp = acl; - - SetSecurityDescriptorDacl(sdesc, TRUE, acl, FALSE); - return (sdesc); -} - -TestMain("IPC Security Descriptor", { - Convey("Given a socket and an IPC listener", { - nng_socket s; - nng_listener l; - - So(nng_rep0_open(&s) == 0); - Reset({ nng_close(s); }); - - So(nng_listener_create(&l, s, "ipc://" ADDR) == 0); - Convey("We can set security descriptor on Windows", { - SECURITY_DESCRIPTOR *sdesc; - SID users; - DWORD size; - PACL acl = NULL; - - size = sizeof(users); - CreateWellKnownSid( - WinAuthenticatedUserSid, NULL, &users, &size); - - sdesc = sdescAuthUsers(&users, &acl); - assert(sdesc != NULL); - assert(acl != NULL); - Reset({ - free(sdesc); - LocalFree(acl); - }); - - So(nng_listener_setopt_ptr(l, - NNG_OPT_IPC_SECURITY_DESCRIPTOR, sdesc) == 0); - So(nng_listener_start(l, 0) == 0); - - Convey("And they are effective", { - PACL dacl; - PSECURITY_DESCRIPTOR sd; - PACE_HEADER ace; - PSID asid; - PACCESS_ALLOWED_ACE allowed; - - HANDLE ph = CreateFileA("\\\\.\\\\pipe\\" ADDR, - READ_CONTROL, 0, NULL, OPEN_EXISTING, - FILE_FLAG_OVERLAPPED, NULL); - - So(ph != INVALID_HANDLE_VALUE); - Reset({ CloseHandle(ph); }); - - So(GetSecurityInfo(ph, SE_KERNEL_OBJECT, - DACL_SECURITY_INFORMATION, NULL, NULL, - &dacl, NULL, &sd) == ERROR_SUCCESS); - Reset({ LocalFree(sd); }); - - So(dacl->AceCount == 1); - So(GetAce(dacl, 0, (void **) &ace) == TRUE); - allowed = (PACCESS_ALLOWED_ACE) ace; - asid = (PSID) &allowed->SidStart; - So(IsValidSid(asid)); - So(EqualSid(asid, &users) == TRUE); - }); - }); - - Convey("We cannot set security descriptor after started", { - SECURITY_DESCRIPTOR *sdesc; - SID users; - DWORD size; - PACL acl = NULL; - - size = sizeof(users); - CreateWellKnownSid( - WinAuthenticatedUserSid, NULL, &users, &size); - - sdesc = sdescAuthUsers(&users, &acl); - assert(sdesc != NULL); - assert(acl != NULL); - Reset({ - free(sdesc); - LocalFree(acl); - }); - - So(nng_listener_start(l, 0) == 0); - So(nng_listener_setopt_ptr(l, - NNG_OPT_IPC_SECURITY_DESCRIPTOR, - sdesc) == NNG_EBUSY); - }); - - Convey("We cannot set bogus security", { - So(nng_listener_setopt_ptr(l, - NNG_OPT_IPC_SECURITY_DESCRIPTOR, - NULL) == NNG_EINVAL); - }); - }); - - Convey("We cannot set security descriptor on an IPC dialer", { - nng_socket s; - nng_dialer d; - SECURITY_DESCRIPTOR *sdesc; - - sdesc = calloc(SECURITY_DESCRIPTOR_MIN_LENGTH, 1); - assert(sdesc != NULL); - InitializeSecurityDescriptor( - sdesc, SECURITY_DESCRIPTOR_REVISION); - - So(nng_rep0_open(&s) == 0); - Reset({ - nng_close(s); - free(sdesc); - }); - - So(nng_dialer_create(&d, s, "ipc://" ADDR) == 0); - So(nng_dialer_setopt_ptr(d, NNG_OPT_IPC_SECURITY_DESCRIPTOR, - sdesc) == NNG_ENOTSUP); - }); -}) -#endif -- cgit v1.2.3-70-g09d2