Removed ZMQ_ZAP_IPC_CREDS option

- This seems redundant; is there a use case for NOT providing the IPC credentials to the ZAP authenticator? - More, why is IPC authentication done via libzmq instead of ZAP? Is it because we're missing the transport type on the ZAP request?

Removed ZMQ_ZAP_IPC_CREDS option
- This seems redundant; is there a use case for NOT providing the IPC credentials to the ZAP authenticator? - More, why is IPC authentication done via libzmq instead of ZAP? Is it because we're missing the transport type on the ZAP request?
5bf96f64 · Pieter Hintjens · adf5b45d · 5bf96f64 · 5bf96f64 · 5bf96f64
Commit 5bf96f64 authored Jan 01, 2014 by Pieter Hintjens
8 changed files
--- a/.gitignore
+++ b/.gitignore
@@ -88,7 +88,6 @@ tests/test_many_sockets
 tests/test_diffserv
 tests/test*.log
 tests/test*.trs
-tests/test_zap_ipc_creds
 src/platform.hpp*
 src/stamp-h1
 perf/local_lat

--- a/doc/zmq_getsockopt.txt
+++ b/doc/zmq_getsockopt.txt
@@ -606,25 +606,6 @@ Default value:: not set
 Applicable socket types:: all, when using TCP transport


-ZMQ_ZAP_IPC_CREDS: Retrieve IPC peer credentials state
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-The 'ZMQ_ZAP_IPC_CREDS' option shall return True (1) if credentials of IPC
-peers will be appended to the address sent in ZAP request messages and False
-(0) otherwise.
-
-Refer to linkzmq:zmq_setsockopt[3] for more information.
-
-NOTE: IPC peer credentials are only available on platforms supporting the
-SO_PEERCRED or LOCAL_PEERCRED socket options.
-
-[horizontal]
-Option value type:: int
-Option value unit:: boolean
-Default value:: 0 (false)
-Applicable socket types:: all listening sockets, when using IPC transports.
-
-
 RETURN VALUE
 ------------
 The _zmq_getsockopt()_ function shall return zero if successful. Otherwise it

--- a/doc/zmq_setsockopt.txt
+++ b/doc/zmq_setsockopt.txt
@@ -777,24 +777,6 @@ Default value:: not set
 Applicable socket types:: all, when using TCP transport


-ZMQ_ZAP_IPC_CREDS: Append IPC peer credentials to ZAP address
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-If set, the credentials of IPC peers will be appended to the address sent in
-ZAP request messages.  The new address will be formatted as ADDRESS:UID:GID:PID
-where UID and GID are the effective group and user IDs of the user owning the
-peer process and PID is the process ID.  PID will be empty on systems not
-supporting SO_PEERCRED.
-
-NOTE: IPC peer credentials are only available on platforms supporting the
-SO_PEERCRED or LOCAL_PEERCRED socket options.
-
-[horizontal]
-Option value type:: int
-Option value unit:: boolean
-Default value:: 0 (false)
-Applicable socket types:: all listening sockets, when using IPC transports.
-
-
 RETURN VALUE
 ------------
 The _zmq_setsockopt()_ function shall return zero if successful. Otherwise it

--- a/include/zmq.h
+++ b/include/zmq.h
@@ -293,7 +293,6 @@ ZMQ_EXPORT int zmq_msg_set (zmq_msg_t *msg, int option, int optval);
 #define ZMQ_IPC_FILTER_PID 58
 #define ZMQ_IPC_FILTER_UID 59
 #define ZMQ_IPC_FILTER_GID 60
-#define ZMQ_ZAP_IPC_CREDS 61

 /*  Message options                                                           */
 #define ZMQ_MORE 1

--- a/src/options.cpp
+++ b/src/options.cpp
@@ -51,9 +51,6 @@ zmq::options_t::options_t () :
    tcp_keepalive_cnt (-1),
    tcp_keepalive_idle (-1),
    tcp_keepalive_intvl (-1),
-#   if defined ZMQ_HAVE_SO_PEERCRED || defined ZMQ_HAVE_LOCAL_PEERCRED
-    zap_ipc_creds (false),
-#   endif
    mechanism (ZMQ_NULL),
    as_server (0),
    socket_id (0),
@@ -261,13 +258,6 @@ int zmq::options_t::setsockopt (int option_, const void *optval_,
            break;

 #       if defined ZMQ_HAVE_SO_PEERCRED || defined ZMQ_HAVE_LOCAL_PEERCRED
-        case ZMQ_ZAP_IPC_CREDS:
-            if (is_int && (value == 0 || value == 1)) {
-                zap_ipc_creds = (value != 0);
-                return 0;
-            }
-            break;
-
        case ZMQ_IPC_FILTER_UID:
            if (optvallen_ == 0 && optval_ == NULL) {
                ipc_uid_accept_filters.clear ();
@@ -601,15 +591,6 @@ int zmq::options_t::getsockopt (int option_, void *optval_, size_t *optvallen_)
            }
            break;

-#       if defined ZMQ_HAVE_SO_PEERCRED || defined ZMQ_HAVE_LOCAL_PEERCRED
-        case ZMQ_ZAP_IPC_CREDS:
-            if (is_int) {
-                *value = zap_ipc_creds;
-                return 0;
-            }
-            break;
-#       endif
-
        case ZMQ_MECHANISM:
            if (is_int) {
                *value = mechanism;

--- a/src/stream_engine.cpp
+++ b/src/stream_engine.cpp
@@ -89,7 +89,8 @@ zmq::stream_engine_t::stream_engine_t (fd_t fd_, const options_t &options_,
    if (family == 0)
        peer_address = "";
 #if defined ZMQ_HAVE_SO_PEERCRED
-    else if (family == PF_UNIX && options.zap_ipc_creds) {
+    else
+    if (family == PF_UNIX) {
        struct ucred cred;
        socklen_t size = sizeof (cred);
        if (!getsockopt (s, SOL_SOCKET, SO_PEERCRED, &cred, &size)) {
@@ -99,7 +100,8 @@ zmq::stream_engine_t::stream_engine_t (fd_t fd_, const options_t &options_,
        }
    }
 #elif defined ZMQ_HAVE_LOCAL_PEERCRED
-    else if (family == PF_UNIX && options.zap_ipc_creds) {
+    else
+    if (family == PF_UNIX) {
        struct xucred cred;
        socklen_t size = sizeof (cred);
        if (!getsockopt (s, 0, LOCAL_PEERCRED, &cred, &size)

--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -53,8 +53,7 @@ noinst_PROGRAMS += test_shutdown_stress \
                   test_reqrep_ipc \
                   test_timeo \
                   test_fork \
-                   test_filter_ipc \
-                   test_zap_ipc_creds
+                   test_filter_ipc 
 endif

 if BUILD_TIPC

--- a/tests/test_zap_ipc_creds.cpp
+++ b/tests/test_zap_ipc_creds.cpp
-/*
-    Copyright (c) 2007-2013 Contributors as noted in the AUTHORS file
-
-    This file is part of 0MQ.
-
-    0MQ is free software; you can redistribute it and/or modify it under
-    the terms of the GNU Lesser General Public License as published by
-    the Free Software Foundation; either version 3 of the License, or
-    (at your option) any later version.
-
-    0MQ is distributed in the hope that it will be useful,
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU Lesser General Public License for more details.
-
-    You should have received a copy of the GNU Lesser General Public License
-    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include <string.h>
-
-#include <sstream>
-
-#include "testutil.hpp"
-
-static void zap_handler (void *handler)
-{
-    //  Process ZAP requests forever
-    while (true) {
-        char *version = s_recv (handler);
-        if (!version)
-            break;          //  Terminating
-        char *sequence = s_recv (handler);
-        char *domain = s_recv (handler);
-        char *address = s_recv (handler);
-        char *identity = s_recv (handler);
-        char *mechanism = s_recv (handler);
-
-        assert (streq (version, "1.0"));
-        assert (streq (mechanism, "NULL"));
-        
-        if (streq (domain, "creds")) {
-            std::ostringstream buf;
-            buf << "localhost:" << getuid () << ":" << getgid () << ":";
-#           ifdef ZMQ_HAVE_SO_PEERCRED
-            buf << getpid ();
-#           endif
-            assert (streq (address, buf.str ().c_str ()));
-        } else
-            assert (streq (address, "localhost"));
-
-        s_sendmore (handler, version);
-        s_sendmore (handler, sequence);
-        s_sendmore (handler, "200");
-        s_sendmore (handler, "OK");
-        s_sendmore (handler, "anonymous");
-        s_send     (handler, "");
-
-        free (version);
-        free (sequence);
-        free (domain);
-        free (address);
-        free (identity);
-        free (mechanism);
-    }
-    zmq_close (handler);
-}
-
-static void run_test (bool with_creds)
-{
-    void *ctx = zmq_ctx_new ();
-    assert (ctx);
-
-    //  Spawn ZAP handler
-    //  We create and bind ZAP socket in main thread to avoid case
-    //  where child thread does not start up fast enough.
-    void *handler = zmq_socket (ctx, ZMQ_REP);
-    assert (handler);
-    int rc = zmq_bind (handler, "inproc://zeromq.zap.01");
-    assert (rc == 0);
-    void *zap_thread = zmq_threadstart (&zap_handler, handler);
-
-    void *sb = zmq_socket (ctx, ZMQ_PAIR);
-    assert (sb);
-
-    void *sc = zmq_socket (ctx, ZMQ_PAIR);
-    assert (sc);
-
-    //  Now use the right domain, the test must pass
-    if (with_creds) {
-        rc = zmq_setsockopt (sb, ZMQ_ZAP_DOMAIN, "creds", 5);
-        assert (rc == 0);
-        int ipc_creds = 1;
-        rc = zmq_setsockopt (sb, ZMQ_ZAP_IPC_CREDS, &ipc_creds, sizeof (int));
-        assert (rc == 0);
-    } else {
-        rc = zmq_setsockopt (sb, ZMQ_ZAP_DOMAIN, "none", 4);
-        assert (rc == 0);
-        int ipc_creds = 1;
-        size_t size = sizeof (int);
-        rc = zmq_getsockopt (sb, ZMQ_ZAP_IPC_CREDS, &ipc_creds, &size);
-        assert (rc == 0);
-        assert (ipc_creds == 0);
-    }
-
-    rc = zmq_bind (sb, "ipc://@/tmp/test");
-    assert (rc == 0);
-
-    rc = zmq_connect (sc, "ipc://@/tmp/test");
-    assert (rc == 0);
-        
-    bounce (sb, sc);
-
-    rc = zmq_close (sc);
-    assert (rc == 0);
-    rc = zmq_close (sb);
-    assert (rc == 0);
-
-    rc = zmq_ctx_term (ctx);
-    assert (rc == 0);
-
-    //  Wait until ZAP handler terminates.
-    zmq_threadclose (zap_thread);
-}
-
-int main (void)
-{
-    setup_test_environment();
-
-    run_test(false);
-    run_test(true);
-
-    return 0 ;
-}
-