diff --git a/CMakeLists.txt b/CMakeLists.txt index 9af932d84f..da2b1cce80 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -776,6 +776,7 @@ if (MSVC) else () if (BUILD_SHARED) add_library (libzmq SHARED ${sources} ${public_headers} ${html-docs} ${readme-docs} ${zmq-pkgconfig}) + target_link_libraries (libzmq ${OPTIONAL_LIBRARIES}) # NOTE: the SOVERSION MUST be the same as the one generated by libtool! set_target_properties (libzmq PROPERTIES COMPILE_DEFINITIONS "DLL_EXPORT" diff --git a/Makefile.am b/Makefile.am index bd971d49f8..2a2a448e7c 100644 --- a/Makefile.am +++ b/Makefile.am @@ -307,6 +307,11 @@ src_libzmq_la_CPPFLAGS += ${pgm_CFLAGS} src_libzmq_la_LIBADD += ${pgm_LIBS} endif +if BUILD_GSSAPI +src_libzmq_la_CPPFLAGS += ${gssapi_krb5_CFLAGS} +src_libzmq_la_LIBADD += ${gssapi_krb5_LIBS} +endif + if ENABLE_PERF noinst_PROGRAMS = \ perf/local_lat \ diff --git a/builds/cmake/platform.hpp.in b/builds/cmake/platform.hpp.in index 00d2a269cc..6a0e5e1c9c 100644 --- a/builds/cmake/platform.hpp.in +++ b/builds/cmake/platform.hpp.in @@ -19,6 +19,7 @@ #cmakedefine ZMQ_HAVE_EVENTFD #cmakedefine ZMQ_HAVE_EVENTFD_CLOEXEC #cmakedefine ZMQ_HAVE_IFADDRS +#cmakedefine ZMQ_HAVE_SO_BINDTODEVICE #cmakedefine ZMQ_HAVE_SO_PEERCRED #cmakedefine ZMQ_HAVE_LOCAL_PEERCRED diff --git a/configure.ac b/configure.ac index 7551f9a3e4..c7335ae508 100644 --- a/configure.ac +++ b/configure.ac @@ -442,10 +442,12 @@ AC_ARG_WITH([libgssapi_krb5], [AS_HELP_STRING([--with-libgssapi_krb5], # conditionally require libgssapi_krb5 if test "x$require_libgssapi_krb5_ext" != "xno"; then - AC_CHECK_HEADERS(gssapi/gssapi_generic.h) - AC_SEARCH_LIBS([gss_init_sec_context], [gssapi_krb5 gssapi], - AC_DEFINE(HAVE_LIBGSSAPI_KRB5, [1], [Enabled GSSAPI security]), - AC_MSG_ERROR(libgssapi_krb5 is needed for GSSAPI security)) + PKG_CHECK_MODULES([gssapi_krb5], [krb5-gssapi], [], [ + AC_CHECK_HEADERS(gssapi/gssapi_generic.h) + AC_SEARCH_LIBS([gss_init_sec_context], [gssapi_krb5 gssapi], + AC_DEFINE(HAVE_LIBGSSAPI_KRB5, [1], [Enabled GSSAPI security]), + AC_MSG_ERROR(libgssapi_krb5 is needed for GSSAPI security)) + ]) fi AM_CONDITIONAL(BUILD_GSSAPI, test "x$require_libgssapi_krb5_ext" != "xno") diff --git a/doc/zmq_socket.txt b/doc/zmq_socket.txt index 4f8309c26c..a6ce453a60 100644 --- a/doc/zmq_socket.txt +++ b/doc/zmq_socket.txt @@ -74,10 +74,6 @@ after which either peer can send messages asynchronously, to the other. The client-server pattern is formally defined by http://rfc.zeromq.org/spec:41. -Note: this pattern is meant to eventually deprecate the use of 'ZMQ_DEALER' and -'ZMQ_ROUTER' to build client-server architectures, as well as 'ZMQ_REP' and -'ZMQ_REQ' for request-reply. - ZMQ_CLIENT ^^^^^^^^^^ A 'ZMQ_CLIENT' socket talks to a 'ZMQ_SERVER' socket. Either peer can connect, @@ -166,9 +162,6 @@ Groups are matched using exact matching (vs prefix matching of PubSub). NOTE: Radio-dish is still in draft phase. -Note: this pattern is meant to eventually deprecate the use of 'ZMQ_PUB' and -'ZMQ_SUB' to build pub-sub architectures. - ZMQ_RADIO ^^^^^^^ A socket of type 'ZMQ_RADIO' is used by a _publisher_ to distribute data. @@ -429,8 +422,6 @@ request sent. The request-reply pattern is formally defined by http://rfc.zeromq.org/spec:28. -Note: this pattern will be deprecated in favor of the client-server pattern. - ZMQ_REQ ^^^^^^^ A socket of type 'ZMQ_REQ' is used by a _client_ to send requests to and diff --git a/src/gssapi_mechanism_base.cpp b/src/gssapi_mechanism_base.cpp index 049cb3e524..bc6f984eed 100644 --- a/src/gssapi_mechanism_base.cpp +++ b/src/gssapi_mechanism_base.cpp @@ -183,10 +183,8 @@ int zmq::gssapi_mechanism_base_t::decode_message (msg_t *msg_) if (maj_stat != GSS_S_COMPLETE) { - // TODO is it correct to release the plaintext buffer if gss_unwrap - // did not succeed? gss_release_buffer (&min_stat, &plaintext); - free (wrapped); + free (wrapped.value); session->get_socket ()->event_handshake_failed_protocol ( session->get_endpoint (), ZMQ_PROTOCOL_ERROR_ZMTP_CRYPTOGRAPHIC); diff --git a/src/ip.cpp b/src/ip.cpp index bdb42ddde8..f9c5e5dee1 100644 --- a/src/ip.cpp +++ b/src/ip.cpp @@ -228,5 +228,8 @@ void zmq::bind_to_device (fd_t s_, std::string &bound_device_) #else errno_assert (rc == 0); #endif +#else + LIBZMQ_UNUSED (s_); + LIBZMQ_UNUSED (bound_device_); #endif } diff --git a/src/pgm_receiver.cpp b/src/pgm_receiver.cpp index a5357c43ab..1842f8ebb3 100644 --- a/src/pgm_receiver.cpp +++ b/src/pgm_receiver.cpp @@ -67,6 +67,7 @@ int zmq::pgm_receiver_t::init (bool udp_encapsulation_, const char *network_) void zmq::pgm_receiver_t::plug (io_thread_t *io_thread_, session_base_t *session_) { + LIBZMQ_UNUSED (io_thread_); // Retrieve PGM fds and start polling. fd_t socket_fd = retired_fd; fd_t waiting_pipe_fd = retired_fd; diff --git a/src/pgm_sender.cpp b/src/pgm_sender.cpp index 0b0e8d6340..b49fcf6733 100644 --- a/src/pgm_sender.cpp +++ b/src/pgm_sender.cpp @@ -39,6 +39,7 @@ #include "err.hpp" #include "wire.hpp" #include "stdint.hpp" +#include "macros.hpp" zmq::pgm_sender_t::pgm_sender_t (io_thread_t *parent_, const options_t &options_) : @@ -73,6 +74,7 @@ int zmq::pgm_sender_t::init (bool udp_encapsulation_, const char *network_) void zmq::pgm_sender_t::plug (io_thread_t *io_thread_, session_base_t *session_) { + LIBZMQ_UNUSED (io_thread_); // Allocate 2 fds for PGM socket. fd_t downlink_socket_fd = retired_fd; fd_t uplink_socket_fd = retired_fd; diff --git a/tests/test_security_curve.cpp b/tests/test_security_curve.cpp index 89bc3f051f..57a2dc713b 100644 --- a/tests/test_security_curve.cpp +++ b/tests/test_security_curve.cpp @@ -140,6 +140,8 @@ void test_curve_security_with_valid_credentials ( void test_curve_security_with_bogus_client_credentials ( void *ctx, char *my_endpoint, void *server, void *server_mon, int timeout) { + LIBZMQ_UNUSED (timeout); + // This must be caught by the ZAP handler char bogus_public [41]; char bogus_secret [41]; @@ -278,6 +280,9 @@ void test_curve_security_invalid_hello_wrong_length (char *my_endpoint, void *server_mon, int timeout) { + LIBZMQ_UNUSED (server); + LIBZMQ_UNUSED (timeout); + int s = connect_vanilla_socket (my_endpoint); // send GREETING @@ -352,6 +357,9 @@ void test_curve_security_invalid_hello_command_name (char *my_endpoint, void *server_mon, int timeout) { + LIBZMQ_UNUSED (server); + LIBZMQ_UNUSED (timeout); + int s = connect_vanilla_socket (my_endpoint); send_greeting (s); @@ -380,6 +388,9 @@ void test_curve_security_invalid_hello_version (char *my_endpoint, void *server_mon, int timeout) { + LIBZMQ_UNUSED (server); + LIBZMQ_UNUSED (timeout); + int s = connect_vanilla_socket (my_endpoint); send_greeting (s); @@ -455,6 +466,8 @@ void test_curve_security_invalid_initiate_length (char *my_endpoint, void *server_mon, int timeout) { + LIBZMQ_UNUSED (server); + zmq::curve_client_tools_t tools = make_curve_client_tools (); int s = connect_exchange_greeting_and_send_hello (my_endpoint, tools); @@ -465,6 +478,8 @@ void test_curve_security_invalid_initiate_length (char *my_endpoint, #ifdef ZMQ_BUILD_DRAFT_API int res = get_monitor_event_with_timeout (server_mon, NULL, NULL, timeout); assert (res == -1); +#else + LIBZMQ_UNUSED (timeout); #endif send(s, "\x04\x09\x08INITIATE"); @@ -508,6 +523,8 @@ void test_curve_security_invalid_initiate_command_name (char *my_endpoint, void *server_mon, int timeout) { + LIBZMQ_UNUSED (server); + zmq::curve_client_tools_t tools = make_curve_client_tools (); int s = connect_exchange_greeting_and_hello_welcome ( my_endpoint, server_mon, timeout, tools); @@ -531,6 +548,8 @@ void test_curve_security_invalid_initiate_command_name (char *my_endpoint, void test_curve_security_invalid_initiate_command_encrypted_cookie ( char *my_endpoint, void *server, void *server_mon, int timeout) { + LIBZMQ_UNUSED (server); + zmq::curve_client_tools_t tools = make_curve_client_tools (); int s = connect_exchange_greeting_and_hello_welcome ( my_endpoint, server_mon, timeout, tools); @@ -554,6 +573,8 @@ void test_curve_security_invalid_initiate_command_encrypted_cookie ( void test_curve_security_invalid_initiate_command_encrypted_content ( char *my_endpoint, void *server, void *server_mon, int timeout) { + LIBZMQ_UNUSED (server); + zmq::curve_client_tools_t tools = make_curve_client_tools (); int s = connect_exchange_greeting_and_hello_welcome ( my_endpoint, server_mon, timeout, tools); diff --git a/tests/test_security_gssapi.cpp b/tests/test_security_gssapi.cpp index 71e8e0bcb2..38dc475f70 100644 --- a/tests/test_security_gssapi.cpp +++ b/tests/test_security_gssapi.cpp @@ -59,6 +59,7 @@ static volatile int zap_deny_all = 0; // by reference, if not null, and event number by value. Returns -1 // in case of error. +#ifdef ZMQ_BUILD_DRAFT_API static int get_monitor_event (void *monitor, int *value, char **address) { @@ -89,6 +90,7 @@ get_monitor_event (void *monitor, int *value, char **address) } return event; } +#endif // -------------------------------------------------------------------------- // This methods receives and validates ZAP requestes (allowing or denying @@ -151,10 +153,12 @@ void test_valid_creds (void *ctx, void *server, void *server_mon, char *endpoint rc = zmq_setsockopt (client, ZMQ_GSSAPI_PRINCIPAL, name, strlen (name) + 1); assert (rc == 0); +#ifdef ZMQ_BUILD_DRAFT_API int name_type = ZMQ_GSSAPI_NT_HOSTBASED; rc = zmq_setsockopt (client, ZMQ_GSSAPI_PRINCIPAL_NAMETYPE, &name_type, sizeof (name_type)); assert (rc == 0); +#endif rc = zmq_connect (client, endpoint); assert (rc == 0); @@ -162,8 +166,10 @@ void test_valid_creds (void *ctx, void *server, void *server_mon, char *endpoint rc = zmq_close (client); assert (rc == 0); +#ifdef ZMQ_BUILD_DRAFT_API int event = get_monitor_event (server_mon, NULL, NULL); - assert (event == ZMQ_EVENT_HANDSHAKE_SUCCEED); + assert (event == ZMQ_EVENT_HANDSHAKE_SUCCEEDED); +#endif } // Check security with valid but unauthorized credentials @@ -179,10 +185,12 @@ void test_unauth_creds (void *ctx, void *server, void *server_mon, char *endpoin rc = zmq_setsockopt (client, ZMQ_GSSAPI_PRINCIPAL, name, strlen (name) + 1); assert (rc == 0); +#ifdef ZMQ_BUILD_DRAFT_API int name_type = ZMQ_GSSAPI_NT_HOSTBASED; rc = zmq_setsockopt (client, ZMQ_GSSAPI_PRINCIPAL_NAMETYPE, &name_type, sizeof (name_type)); assert (rc == 0); +#endif zap_deny_all = 1; rc = zmq_connect (client, endpoint); assert (rc == 0); @@ -190,8 +198,10 @@ void test_unauth_creds (void *ctx, void *server, void *server_mon, char *endpoin expect_bounce_fail (server, client); close_zero_linger (client); +#ifdef ZMQ_BUILD_DRAFT_API int event = get_monitor_event (server_mon, NULL, NULL); - assert (event == ZMQ_EVENT_HANDSHAKE_FAILED); + assert (event == ZMQ_EVENT_HANDSHAKE_FAILED_AUTH); +#endif } // Check GSSAPI security with NULL client credentials @@ -205,8 +215,10 @@ void test_null_creds (void *ctx, void *server, void *server_mon, char *endpoint) expect_bounce_fail (server, client); close_zero_linger (client); +#ifdef ZMQ_BUILD_DRAFT_API int event = get_monitor_event (server_mon, NULL, NULL); - assert (event == ZMQ_EVENT_HANDSHAKE_FAILED); + assert (event == ZMQ_EVENT_HANDSHAKE_FAILED_AUTH); +#endif } // Check GSSAPI security with PLAIN client credentials @@ -242,7 +254,7 @@ void test_vanilla_socket (void *ctx, void *server, void *server_mon, char *endpo #endif s = socket (AF_INET, SOCK_STREAM, IPPROTO_TCP); - int rc = connect (s, (struct sockaddr*) &ip4addr, sizeof (ip4addr)); + rc = connect (s, (struct sockaddr*) &ip4addr, sizeof (ip4addr)); assert (rc > -1); // send anonymous ZMTP/1.0 greeting send (s, "\x01\x00", 2, 0); @@ -292,23 +304,30 @@ int main (void) rc = zmq_setsockopt (server, ZMQ_GSSAPI_PRINCIPAL, name, strlen (name) + 1); assert (rc == 0); +#ifdef ZMQ_BUILD_DRAFT_API int name_type = ZMQ_GSSAPI_NT_HOSTBASED; rc = zmq_setsockopt (server, ZMQ_GSSAPI_PRINCIPAL_NAMETYPE, &name_type, sizeof (name_type)); assert (rc == 0); +#endif rc = zmq_bind (server, "tcp://127.0.0.1:*"); assert (rc == 0); rc = zmq_getsockopt (server, ZMQ_LAST_ENDPOINT, my_endpoint, &len); assert (rc == 0); +#ifdef ZMQ_BUILD_DRAFT_API // Monitor handshake events on the server rc = zmq_socket_monitor (server, "inproc://monitor-server", - ZMQ_EVENT_HANDSHAKE_SUCCEED | ZMQ_EVENT_HANDSHAKE_FAILED); + ZMQ_EVENT_HANDSHAKE_SUCCEEDED | ZMQ_EVENT_HANDSHAKE_FAILED_AUTH); assert (rc == 0); +#endif // Create socket for collecting monitor events - void *server_mon = zmq_socket (ctx, ZMQ_PAIR); + void *server_mon = NULL; +#ifdef ZMQ_BUILD_DRAFT_API + server_mon = zmq_socket (ctx, ZMQ_PAIR); assert (server_mon); +#endif // Connect it to the inproc endpoints so they'll get events rc = zmq_connect (server_mon, "inproc://monitor-server"); @@ -322,7 +341,9 @@ int main (void) test_unauth_creds (ctx, server, server_mon, my_endpoint); // Shutdown +#ifdef ZMQ_BUILD_DRAFT_API close_zero_linger (server_mon); +#endif rc = zmq_close (server); assert (rc == 0); rc = zmq_ctx_term (ctx); diff --git a/tests/testutil.hpp b/tests/testutil.hpp index 4f38212e15..3061c8e876 100644 --- a/tests/testutil.hpp +++ b/tests/testutil.hpp @@ -86,6 +86,8 @@ # endif #endif +#define LIBZMQ_UNUSED(object) (void)object + // Bounce a message from client to server and back // For REQ/REP or DEALER/DEALER pairs only void diff --git a/tests/testutil_security.hpp b/tests/testutil_security.hpp index 811c14d322..61241d4371 100644 --- a/tests/testutil_security.hpp +++ b/tests/testutil_security.hpp @@ -41,10 +41,14 @@ const char *test_zap_domain = "ZAPTEST"; // NULL specific functions void socket_config_null_client (void *server, void *server_secret) { + LIBZMQ_UNUSED (server); + LIBZMQ_UNUSED (server_secret); } void socket_config_null_server (void *server, void *server_secret) { + LIBZMQ_UNUSED (server_secret); + int rc = zmq_setsockopt (server, ZMQ_ZAP_DOMAIN, test_zap_domain, 7); assert (rc == 0); } @@ -55,6 +59,8 @@ const char *test_plain_password = "testpass"; void socket_config_plain_client (void *server, void *server_secret) { + LIBZMQ_UNUSED (server_secret); + int rc = zmq_setsockopt (server, ZMQ_PLAIN_PASSWORD, test_plain_password, 8); assert (rc == 0); @@ -64,6 +70,8 @@ void socket_config_plain_client (void *server, void *server_secret) void socket_config_plain_server (void *server, void *server_secret) { + LIBZMQ_UNUSED (server_secret); + int as_server = 1; int rc = zmq_setsockopt (server, ZMQ_PLAIN_SERVER, &as_server, sizeof (int)); assert (rc == 0);