niklas/cyclonedds
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Enable matching local non-secure participants with remote secure participants that allow unauthenticated participants

Browse source 
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
This commit is contained in:
Dennis Potman 2020-05-11 21:33:47 +02:00 committed by eboasson
parent 155f8c059d
commit 2fc2cdc225
1 changed files with 11 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

20
src/core/ddsi/src/q_entity.c
View file

@ -4774,21 +4774,21 @@ void handshake_end_cb(struct ddsi_handshake *handshake, struct participant *pp,
} }
} }
static int proxy_participant_check_security_info(struct ddsi_domaingv *gv, struct proxy_participant *proxypp) static bool proxy_participant_has_pp_match(struct ddsi_domaingv *gv, struct proxy_participant *proxypp)
{ {
int r = 0; bool match = false;
struct participant *pp; struct participant *pp;
struct entidx_enum_participant est; struct entidx_enum_participant est;
entidx_enum_participant_init (&est, gv->entity_index); entidx_enum_participant_init (&est, gv->entity_index);
while (((pp = entidx_enum_participant_next (&est)) != NULL) && (r == 0)) { while ((pp = entidx_enum_participant_next (&est)) != NULL && !match)
if (q_omg_is_similar_participant_security_info(pp, proxypp)) { {
r = 1; /* remote secure pp can possibly match with local non-secured pp in case allow-unauthenticated pp
break; is enabled in the remote pp's security settings */
} match = !q_omg_participant_is_secure (pp) || q_omg_is_similar_participant_security_info (pp, proxypp);
} }
entidx_enum_participant_fini (&est); entidx_enum_participant_fini (&est);
return r; return match;
} }
static void proxy_participant_create_handshakes(struct ddsi_domaingv *gv, struct proxy_participant *proxypp) static void proxy_participant_create_handshakes(struct ddsi_domaingv *gv, struct proxy_participant *proxypp)
@ -4955,9 +4955,9 @@ void new_proxy_participant (struct ddsi_domaingv *gv, const struct ddsi_guid *pp
{ {
q_omg_security_init_remote_participant (proxypp); q_omg_security_init_remote_participant (proxypp);
/* check if the proxy participant has a match with a local participant */ /* check if the proxy participant has a match with a local participant */
if (!proxy_participant_check_security_info (gv, proxypp)) if (!proxy_participant_has_pp_match (gv, proxypp))
{ {
// GVWARNING ("Remote secure participant "PGUIDFMT" not allowed\n", PGUID (*ppguid)); GVWARNING ("Remote secure participant "PGUIDFMT" not allowed\n", PGUID (*ppguid));
free_proxy_participant (proxypp); free_proxy_participant (proxypp);
return; return;
} }