Solution: add a crypto [de-]initialiser, refcounted and serialised
through critical sections.
This is necessary as utility APIs such as zmq_curve_keypair also
call into the sodium/tweetnacl libraries and need the initialisation
outside of the zmq context.
Also the libsodium documentation explicitly says that sodium_init
must not be called concurrently from multiple threads, which could
have happened until now. Also the randombytes_close function does
not appear to be thread safe either.
This change guarantees that the library is initialised only once at
any given time across the whole program.
Fixes#2632
Before this commit, xhas_out() was returning true regardless. This
was correct before the ZMQ_ROUTER_MANDATORY flag as introduced.
However, ZMQ_POLLOUT.
With this commit, _if_ ZMQ_ROUTER_MANDATORY is set, xhas_out() will
return false if ALL peer's outgoing pipes are full.
There is an outstanding high-level design question:
If ZMQ_ROUTER_MANDATORY is set, and zmq_poll() waits for ZMQ_POLLOUT
events, zmq_poll() will immediately wake up if only 1 pipe has
room to send, regardless of the peer, creating a busy loop of
zmq_poll() wake-up, zmq_send() (EAGAIN). There is no way for
the application to selectively wait for ZMQ_POLLOUT for specific
peer(s), which seems somehow necessary in ZMQ_ROUTER_MANDATORY.
This discussion will be addressed in a separate issue.
Signed-off-by: Marc Sune <marc@voltanet.io>
Signed-off-by: Fredi Raspall <fredi@voltanet.io>
Solution: if a CURVE server is using zmq_connect, the same session
will be used for any client "reconnect" (actual binds). This is
acceptable, so do not assert if zap_pipe already exists during the
handshake, but simply reuse it.
Fixes#2608
Solution: remove the pipe from the real trie when a peer disconnects.
Also add a unit test that exercises the behaviour by reconnecting
a different socket and sending a message that matches.
Fixes#2601 and introduced by #2042
Solution: revert change that made ZAP mandatory.
The "Stonehouse" pattern, where CURVE is used only for encryption and
without authentication, is a valid use case so we should still
support it.
Also restore CURVE testing in the test_heartbeat.
Fixes#2594
Solution: if inproc://zeromq.zap.01 exists, which means ZAP is
enabled, abort immediately if it cannot be used (eg: out of memory)
or it is configured incorrectly (eg: wrong socket type).
Otherwise authentication failures will simply be ignored and
unauthorised peers will be allowed to slip in.
problem: for zmq radio/dish pattern, if the radio process restarts, the dish will not resend subscriptions to radio. And the result is that the dish will never receive any more messages.
solution: in session_base_t::reconnect (), take ZMQ_DISH into consideration when invoking hiccup method.
In function session_base_t::reconnect, if we set immediate to 1 and set linger, we will get into first block of reconnect function, and set pipe to NULL, but we forget to cancel timer of linger. Once timer tiggered, we will get coredump. Solution: cancel timer in the end of set pipe to NULL
Solution: don't set thread name on Android
Setting a thread name on Android may fail with "permission
denied" error and abort the process due to failed assertion.
Tested on Android 5 and 6 (two phones).
Strangely enough, it only happens on signed APKs and is fine
in debug. Using JeroMQ is not an option as we need TCP keepalive
settings and authentication which JeroMQ doesn't support.
Solution: roll back the pipe if writing messages other than the
first fails in router::xsend. Roll it back also when the pipe is
terminating.
Also add test case that reproduces the memory leak when ran with
valgrind.
Fixes#2567
Solution: roll back the pipe if writing messages other than the
first fails in router::xsend.
Also add test case that reproduces the memory leak when ran with
valgrind.
Fixes#2567
Solution: do not define ZMQ_HAVE_POLLER in src/zmq_drafts.h otherwise
src/zmq.cpp will implement zmq_poll using the new poller classes.
Same for ZMQ_HAVE_TIMERS, even though it has no internal effect, but
to be safe against future development.
Problem: GSSAPI DRAFT code was made conditional on
ZMQ_BUILD_DRAFT_API, but zmq_draft.h duplicates the DRAFT
symbols definitions from zmq.h so this is unnecessary.
Solution: drop the extra ifdefs
Problem: GSSAPI NAMETYPE socket option numbers were modified
+1000 when moved to DRAFT section, but should use the definitive
values while in DRAFT to minimize disruption later.
Solution: renumber the socket options
Problem: The new GSSAPI NAMESPACE options should have been
added to the DRAFT section of the API so they can be changed
until stabilized.
Solution:
- Move defines to the DRAFT section of zmq.h
- Duplicate them in zmq_draft.h, as is the local custom
- Compile only if defined (ZMQ_BUILD_DRAFT_API)
- Refactor internals slightly to avoid #ifdef hell
Problem: principals are looked up unconditionally
with the GSS_C_NT_HOSTBASED_SERVICE name type.
Solution: Add two new socket options to set the name type
for ZMQ_GSSAPI_PRINCIPAL and ZMQ_GSSAPI_SERVICE_PRINCIPAL:
ZMQ_GSSAPI_PRINCIPAL_NAMETYPE
ZMQ_GSSAPI_SERVICE_PRINCIPAL_NAMETYPE
They take an integer argument which must be one of
ZMQ_GSSAPI_NT_HOSTBASED (0) - default
ZMQ_GSSAPI_NT_USER_NAME (1)
ZMQ_GSSAPI_NT_KRB5_PRINCIPAL (2)
These correspond to GSSAPI name types of:
GSS_C_NT_HOSTBASED_SERVICE
GSS_C_NT_USER_NAME
GSS_KRB5_NT_PRINCIPAL_NAME
Fixes#2542
Problem: one call to gss_import_name() includes the terminating
NULL in a gss_buffer_desc.length, and one doesn't.
According to the examples at:
http://docs.oracle.com/cd/E19253-01/816-4863/overview-22/index.html
the NULL should be included in the length.
Solution: Fix one case to include the terminating NULL in the length.
Problem: if client sets ZMQ_GSSAPI_PRINCIPAL to a name
for which credentials cannot be obtained, authentication
proceeds with default credentials.
Solution: Before initializing the security context, check
whether there was a failed attempt to acquire credentials
for a specific principal and bail out if so.
Fixes#2531
Problem: if client sets the ZMQ_GSSAPI_PRINCIPAL to a valid
principal, authentication fails.
When an application sets ZMQ_GSSAPI_PRINCIPAL, whether as a
client or a server, libzmq internally calls gss_acquire_cred()
with cred_usage=GSS_C_ACCEPT. This cred_usage setting is for
acceptors (servers) only, thus it doesn't work for initiators
(clients).
Solution: Change the cred_usage parameter to GSS_C_BOTH to allow
initiators to set ZMQ_GSSAPI_PRINCIPAL.
* change macOS < 10.12 clock to SYSTEM_CLOCK, fixes#2537
* remove clock_id option from alt_clock_gettime since we always want a monotonic clock.
* update header definition for alt_clock_gettime
* pass clock definition down to host_get_clock_service for macOS < 10.12
* change to monotonic clocks
Treat ECONNRESET, ENETRESET and EINTR as non-fatal
failures in TCP Tuning on Windows as they are in the
Unixes. Also adds ENETRESET to the Unix list that was missing.
Detect AI_V4MAPPED is not supported in getaddrinfo() on the fly
and retry query. This issue was seen on ancient FreeBSD releases
and current implementation does support this flag correctly.
