28 Commits

Author SHA1 Message Date
Pieter Hintjens
b4ed3f5506 Problem: API violations are treated as recoverable errors
The example is applications passing invalid arguments to a socket option
and then failing to check the return code. The results can be very hard
to diagnose. Here are some threads that show the pain this causes:

* https://github.com/zeromq/zyre/issues/179
* http://lists.zeromq.org/pipermail/zeromq-dev/2014-June/026388.html

One common argument is that a library should never assert, and should
pass errors back to the calling application. The counter argument is
that when an application is broken enough to pass garbage to libzmq,
it cannot be trusted to handle the resulting errors properly. Empirical
evidence from CZMQ, where we systematically assert on bad arguments, is
that this militant approach makes applications more, not less, robust.

I don't see any valid use cases for returning errors on bad arguments,
with one exception: zmq_setsockopt can be used to probe whether libzmq
was e.g. built with CURVE security. I'd argue that it's nasty to use a
side effect like this. If apps need to probe how libzmq was built, this
should be done explicitly, and for ALL build options, not just CURVE.

There are/were no libzmq test cases that check the return code for an
invalid option.

For now I've enabled militant assertions using --with-militant at
configure time. However I'd like to make this the default setting.
2014-06-17 16:00:55 +02:00
Samuel Martin
6fdafc458a autotools: tests: disable test_fork if fork() is not available
fork() support is optional and its availability is correctly detected at
contfigure time.

But test_fork was all always built, preventing build for targets that do
not provide fork() from building successfully.

This pacth fixes the autotools on this point.
2014-05-03 21:55:03 +02:00
Pieter Hintjens
cac0f9838d Problem: generates incompatible libzmq.so.3.1.0
See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=743508

The ABI in fact changed in two significant ways, one with inproc
connects, and one with socket monitoring

Solution: generate libzmq.so.4.0.0 library instead.

This change should be backported to zeromq-4.x
2014-05-01 16:12:51 +02:00
Mike Gatny
1445516c41 Establishing GSSAPI sec context is working now 2014-04-24 14:17:36 -07:00
bebopagogo
33f22d0d04 added norm_engine 2014-03-15 10:48:12 -04:00
Drew Crawford
6009e2c6c4 Libsodium is now required if and only if --with-libsodium is used
This patch is proposed for https://github.com/zeromq/libzmq/issues/912.  If a user specifies that they want libzmq built with libsodium, and the requirement cannot be satisfied, we should error at the user so they can either A) install libsodium to a reasonable location or B) relax their requirement for libsodium support.

Previously a warning was issued in this case, causing users who wanted libsodium support not to get it, which may be discovered at a much later time when their programs didn't work as expected.

I release this patch under the LGPL v3 or any later version.
2014-03-10 13:59:33 -05:00
Brandon Carpenter
a018ef5e86 Add support for extending ZAP request address with IPC peer credentials.
Another take on LIBZMQ-568 to allow filtering IPC connections, this time
using ZAP.  This change is backward compatible.  If the
ZMQ_ZAP_IPC_CREDS option is set, the user, group, and process IDs of the
peer process are appended to the address (separated by colons) of a ZAP
request; otherwise, nothing changes.  See LIBZMQ-568 and zmq_setsockopt
documentation for more information.
2013-12-06 14:28:44 -08:00
Brandon Carpenter
f0bd333728 Move {SO,LOCAL}_PEERCRED checks to C++ context. 2013-12-06 10:59:07 -08:00
Brandon Carpenter
af808203d7 Fix failing test case in test_filter_ipc.
Add explicit check for primary group.
2013-12-06 00:46:14 -08:00
Brandon Carpenter
8662f44efa Intial IPC accept filter support.
Adds sets of process (Linux only), user, and group IDs for filtering
connections from peer processes over IPC transport.  If all of the
filter sets are empty, every connection is accepted.  Otherwise,
credentials for a connecting process are checked against the filter sets
and the connection is only accepted if a match is found.

This commit is part of LIBZMQ-568 and only adds the filter sets and
implements the filter in the IPC accept method.  The interface for
adding IDs to filter sets are included in a separate commit.

IPC accept filtering is supported only on Linux and OS X.
2013-12-04 14:12:29 -08:00
Erik Hugne
58ac87def1 zmq: narrow condition to include TIPC in build/test
As TIPC transport for 0MQ will only work on post 3.8
Linux kernels where nonblocking connect was added,
we add AC_RUN test to check for this functionality.
Should the test fail, tipc is excluded from build/test.

Signed-off-by: Erik Hugne <erik.hugne@ericsson.com>
2013-11-01 14:59:31 +01:00
Pieter Hintjens
65050b1b03 Added --with-relaxed to disable pedantic compiles 2013-10-24 03:31:02 +02:00
Brandon Carpenter
f499c89528 Add test for abstract namespace support in ipc sockets on Linux.
See issue 567.
2013-10-04 11:33:52 -07:00
Matt Connolly
7660b78e12 config for libsodium in alternate path, using CPP flags for both C and C++ sources. 2013-09-29 21:20:14 +10:00
Matt Connolly
848ce1adb1 Disable compiler warning for Solaris 2013-09-27 11:20:09 +00:00
Matt Connolly
aa84e85153 Add '-lssp' linker flag for Solaris. Check for libraries after host specific setup. 2013-09-27 11:12:16 +00:00
Richard Newton
5f0a8dcffe Merge pull request #680 from hintjens/master
Bumped library version and age
2013-09-24 00:24:45 -07:00
Pieter Hintjens
186b713aba Bumped library version and age 2013-09-24 09:10:39 +02:00
Matt Connolly
12eef06e45 Update configure: Allow libsodium to be installed in a custom path 2013-09-24 08:07:43 +10:00
Matt Connolly
0478ee04f4 Adding test showing failure to close socket/context in forked child 2013-09-01 20:42:10 +10:00
Pieter Hintjens
7041770108 Added Z85 support
The use of binary for CURVE keys is painful; you cannot easily copy
these in e.g. email, or use them directly in source code. There are
various encoding possibilities. Base16 and Base64 are not optimal.
Ascii85 is not safe for source (it generates quotes and escapes).

So, I've designed a new Base85 encoding, Z85, which is safe to use
in code and elsewhere, and I've modified libzmq to use this where
it also uses binary keys (in get/setsockopt).

Very simply, if you use a 32-byte value, it's Base256 (binary),
and if you use a 40-byte value, it's Base85 (Z85).

I've put the Z85 codec into z85_codec.hpp, it's not elegant C++
but it is minimal and it works. Feel free to rewrap as a real class
if this annoys you.
2013-06-28 22:10:22 +02:00
Ian Barber
211bf2b08e Added security curve test
Test is skipped if no libsodium.
Added warning if libsodium not configured
2013-06-22 16:17:25 +01:00
Jose Pedro Oliveira
42ab0e8217 Make
./configure --with-system-pgm
detect the OpenPGM 5.2 system library.

Note that OpenPGM installs a versioned pkgconfig file
(openpgm-5.2.pc, openpgm-5.1.pc).
2013-06-01 03:39:40 +01:00
Pieter Hintjens
e918fd4d69 Use correct libsodium call for detection 2013-05-07 14:47:07 +02:00
Pieter Hintjens
fa346fddd3 Added configure check for libsodium 2013-04-28 18:38:15 +02:00
Pieter Hintjens
cb69986d74 Comment change 2013-03-12 13:24:57 +01:00
MinRK
21c97f0cc2 AM_CONFIG_HEADER -> AC_CONFIG_HEADERS
AM_CONFIG_HEADER raises an 'obsolete error' with automake 1.13.
2013-01-17 16:00:38 -08:00
MinRK
64c019e24d move configure.in -> configure.ac
autotools warns that configure.in
should actually be named configure.ac
2013-01-17 15:59:11 -08:00