From 45adb6f0c7c4c1cfa1f365f304e2ac7671bcb3a7 Mon Sep 17 00:00:00 2001 From: Dennis Potman Date: Tue, 28 Apr 2020 21:25:57 +0200 Subject: [PATCH] Extend access-control tests with validate_local_permissions Add validate_local_permissions to the set of access control plugin hooks tests, and add discovery_protection_enabled as an additional parameter for the access control hook tests. Signed-off-by: Dennis Potman --- src/security/core/tests/access_control.c | 122 ++++++++++-------- .../tests/common/access_control_wrapper.c | 36 ++++-- .../tests/common/access_control_wrapper.h | 7 +- 3 files changed, 92 insertions(+), 73 deletions(-) diff --git a/src/security/core/tests/access_control.c b/src/security/core/tests/access_control.c index a4f44f6..4e5b54e 100644 --- a/src/security/core/tests/access_control.c +++ b/src/security/core/tests/access_control.c @@ -439,72 +439,80 @@ CU_Test(ddssec_access_control, permissions_expiry_multiple, .timeout=20) CU_TheoryDataPoints(ddssec_access_control, hooks) = { CU_DataPoints(const char *, /* */"init_test_access_control_local_participant_not_allowed", - /* | */"init_test_access_control_local_topic_not_allowed", - /* | | */"init_test_access_control_local_publishing_not_allowed", - /* | | | */"init_test_access_control_local_subscribing_not_allowed", - /* | | | | */"init_test_access_control_remote_permissions_invalidate", - /* | | | | | */"init_test_access_control_remote_participant_not_allowed", - /* | | | | | | */"init_test_access_control_remote_topic_not_allowed", - /* | | | | | | | */"init_test_access_control_remote_writer_not_allowed", - /* | | | | | | | | */"init_test_access_control_remote_reader_not_allowed", - /* | | | | | | | | | */"init_test_access_control_remote_reader_relay_only"), - CU_DataPoints(bool, true, false, false, false, false, false, false, false, false, false), // exp_pp_fail - CU_DataPoints(bool, na, true, false, false, false, false, false, false, false, false), // exp_local_topic_fail - CU_DataPoints(bool, na, false, false, false, false, false, false, false, false, false), // exp_remote_topic_fail - CU_DataPoints(bool, na, na, true, false, false, false, false, false, false, false), // exp_wr_fail - CU_DataPoints(bool, na, na, false, true, false, false, false, false, false, false), // exp_rd_fail - CU_DataPoints(bool, na, na, na, na, true, true, true, false, true, true), // exp_wr_rd_sync_fail - CU_DataPoints(bool, na, na, false, na, true, true, true, true, false, false), // exp_rd_wr_sync_fail + /* | */"init_test_access_control_local_permissions_not_allowed", + /* | | */"init_test_access_control_local_topic_not_allowed", + /* | | | */"init_test_access_control_local_writer_not_allowed", + /* | | | | */"init_test_access_control_local_reader_not_allowed", + /* | | | | | */"init_test_access_control_remote_permissions_not_allowed", + /* | | | | | | */"init_test_access_control_remote_participant_not_allowed", + /* | | | | | | | */"init_test_access_control_remote_topic_not_allowed", + /* | | | | | | | | */"init_test_access_control_remote_writer_not_allowed", + /* | | | | | | | | | */"init_test_access_control_remote_reader_not_allowed", + /* | | | | | | | | | | */"init_test_access_control_remote_reader_relay_only"), + CU_DataPoints(bool, true, true, false, false, false, false, false, false, false, false, false), // exp_pp_fail + CU_DataPoints(bool, na, na, true, false, false, false, false, false, false, false, false), // exp_local_topic_fail + CU_DataPoints(bool, na, na, false, false, false, false, false, false, false, false, false), // exp_remote_topic_fail + CU_DataPoints(bool, na, na, na, true, false, false, false, false, false, false, false), // exp_wr_fail + CU_DataPoints(bool, na, na, na, false, true, false, false, false, false, false, false), // exp_rd_fail + CU_DataPoints(bool, na, na, na, na, na, true, true, true, false, true, true), // exp_wr_rd_sync_fail + CU_DataPoints(bool, na, na, na, false, na, true, true, true, true, false, false), // exp_rd_wr_sync_fail }; #undef na + CU_Theory( (const char * init_fn, bool exp_pp_fail, bool exp_local_topic_fail, bool exp_remote_topic_fail, bool exp_wr_fail, bool exp_rd_fail, bool exp_wr_rd_sync_fail, bool exp_rd_wr_sync_fail), - ddssec_access_control, hooks, .timeout=40) + ddssec_access_control, hooks, .timeout=60) { - print_test_msg ("running test access_control_hooks: %s\n", init_fn); - - const char * def_gov = PF_F COMMON_ETC_PATH("default_governance.p7s"); - const char * def_perm = PF_F COMMON_ETC_PATH("default_permissions.p7s"); - const char * def_perm_ca = PF_F COMMON_ETC_PATH("default_permissions_ca.pem"); - - access_control_init ( - 2, - (const char *[]) { TEST_IDENTITY1_CERTIFICATE, TEST_IDENTITY1_CERTIFICATE }, - (const char *[]) { TEST_IDENTITY1_PRIVATE_KEY, TEST_IDENTITY1_PRIVATE_KEY }, - (const char *[]) { TEST_IDENTITY_CA1_CERTIFICATE, TEST_IDENTITY_CA1_CERTIFICATE }, - (bool []) { exp_pp_fail, false }, - (const char *[]) { init_fn, "init_test_access_control_wrapped" }, (const char *[]) { "finalize_test_access_control_not_allowed", "finalize_test_access_control_wrapped" }, - (bool []) { true, true, true }, (const char *[]) { def_gov, def_gov }, - (bool []) { true, true, true }, (const char *[]) { def_perm, def_perm }, - (bool []) { true, true, true }, (const char *[]) { def_perm_ca, def_perm_ca }); - - if (!exp_pp_fail) + for (int i = 0; i <= 1; i++) { - dds_entity_t lwr = 0, rwr = 0, lrd = 0, rrd = 0; - dds_entity_t ltopic[2], rtopic[2]; - dds_entity_t lpub, lsub, rpub, rsub; - char topic_name[100]; + bool discovery_protection = (i == 0); + print_test_msg ("running test access_control_hooks: %s with discovery protection %s\n", init_fn, discovery_protection ? "enabled" : "disabled"); - // Local writer, remote reader - create_topic_name (AC_WRAPPER_TOPIC_PREFIX, g_topic_nr++, topic_name, sizeof (topic_name)); - rd_wr_init_fail ( - g_participant[0], &lpub, <opic[0], &lwr, - g_participant[1], &rsub, &rtopic[0], &rrd, - topic_name, exp_local_topic_fail, exp_wr_fail, exp_remote_topic_fail, false); - if (!exp_local_topic_fail && !exp_remote_topic_fail && !exp_wr_fail) - sync_writer_to_readers (g_participant[0], lwr, exp_wr_rd_sync_fail ? 0 : 1, DDS_SECS(2)); + char * gov_topic_rule = get_governance_topic_rule ("*", discovery_protection, false, true, true, NULL, NULL); + char * gov_config = get_governance_config (false, true, "ENCRYPT", NULL, NULL, gov_topic_rule, true); - // Local reader, remote writer - create_topic_name (AC_WRAPPER_TOPIC_PREFIX, g_topic_nr++, topic_name, sizeof (topic_name)); - rd_wr_init_fail ( - g_participant[1], &rpub, &rtopic[1], &rwr, - g_participant[0], &lsub, <opic[1], &lrd, - topic_name, exp_remote_topic_fail, false, exp_local_topic_fail, exp_rd_fail); - if (!exp_local_topic_fail && !exp_remote_topic_fail && !exp_rd_fail) - sync_reader_to_writers (g_participant[0], lrd, exp_rd_wr_sync_fail ? 0 : 1, DDS_SECS(2)); + const char * def_perm = PF_F COMMON_ETC_PATH("default_permissions.p7s"); + const char * def_perm_ca = PF_F COMMON_ETC_PATH("default_permissions_ca.pem"); + + access_control_init ( + 2, + (const char *[]) { TEST_IDENTITY1_CERTIFICATE, TEST_IDENTITY1_CERTIFICATE }, + (const char *[]) { TEST_IDENTITY1_PRIVATE_KEY, TEST_IDENTITY1_PRIVATE_KEY }, + (const char *[]) { TEST_IDENTITY_CA1_CERTIFICATE, TEST_IDENTITY_CA1_CERTIFICATE }, + (bool []) { exp_pp_fail, false }, + (const char *[]) { init_fn, "init_test_access_control_wrapped" }, (const char *[]) { "finalize_test_access_control_not_allowed", "finalize_test_access_control_wrapped" }, + (bool []) { true, true, true }, (const char *[]) { gov_config, gov_config }, + (bool []) { true, true, true }, (const char *[]) { def_perm, def_perm }, + (bool []) { true, true, true }, (const char *[]) { def_perm_ca, def_perm_ca }); + + if (!exp_pp_fail) + { + dds_entity_t lwr = 0, rwr = 0, lrd = 0, rrd = 0; + dds_entity_t ltopic[2], rtopic[2]; + dds_entity_t lpub, lsub, rpub, rsub; + char topic_name[100]; + + // Local writer, remote reader + create_topic_name (AC_WRAPPER_TOPIC_PREFIX, g_topic_nr++, topic_name, sizeof (topic_name)); + rd_wr_init_fail ( + g_participant[0], &lpub, <opic[0], &lwr, + g_participant[1], &rsub, &rtopic[0], &rrd, + topic_name, exp_local_topic_fail, exp_wr_fail, exp_remote_topic_fail, false); + if (!exp_local_topic_fail && !exp_remote_topic_fail && !exp_wr_fail) + sync_writer_to_readers (g_participant[0], lwr, exp_wr_rd_sync_fail ? 0 : 1, DDS_SECS(2)); + + // Local reader, remote writer + create_topic_name (AC_WRAPPER_TOPIC_PREFIX, g_topic_nr++, topic_name, sizeof (topic_name)); + rd_wr_init_fail ( + g_participant[1], &rpub, &rtopic[1], &rwr, + g_participant[0], &lsub, <opic[1], &lrd, + topic_name, exp_remote_topic_fail, false, exp_local_topic_fail, exp_rd_fail); + if (!exp_local_topic_fail && !exp_remote_topic_fail && !exp_rd_fail) + sync_reader_to_writers (g_participant[0], lrd, exp_rd_wr_sync_fail ? 0 : 1, DDS_SECS(1)); + } + + access_control_fini (2, (void * []) { gov_topic_rule, gov_config }, 2); } - - access_control_fini (2, NULL, 0); } #define na false diff --git a/src/security/core/tests/common/access_control_wrapper.c b/src/security/core/tests/common/access_control_wrapper.c index aead7e6..327dae3 100644 --- a/src/security/core/tests/common/access_control_wrapper.c +++ b/src/security/core/tests/common/access_control_wrapper.c @@ -33,26 +33,28 @@ enum ac_plugin_mode { enum ac_plugin_not_allowed { NOT_ALLOWED_ID_LOCAL_PP, NOT_ALLOWED_ID_LOCAL_TOPIC, - NOT_ALLOWED_ID_LOCAL_PUB, - NOT_ALLOWED_ID_LOCAL_SUB, - NOT_ALLOWED_ID_REMOTE_PERM, + NOT_ALLOWED_ID_LOCAL_WRITER, + NOT_ALLOWED_ID_LOCAL_READER, + NOT_ALLOWED_ID_LOCAL_PERM, NOT_ALLOWED_ID_REMOTE_PP, NOT_ALLOWED_ID_REMOTE_TOPIC, NOT_ALLOWED_ID_REMOTE_WRITER, NOT_ALLOWED_ID_REMOTE_READER, - NOT_ALLOWED_ID_REMOTE_READER_RELAY_ONLY + NOT_ALLOWED_ID_REMOTE_READER_RELAY_ONLY, + NOT_ALLOWED_ID_REMOTE_PERM, }; #define NOT_ALLOWED_LOCAL_PP (1u << NOT_ALLOWED_ID_LOCAL_PP) #define NOT_ALLOWED_LOCAL_TOPIC (1u << NOT_ALLOWED_ID_LOCAL_TOPIC) -#define NOT_ALLOWED_LOCAL_PUB (1u << NOT_ALLOWED_ID_LOCAL_PUB) -#define NOT_ALLOWED_LOCAL_SUB (1u << NOT_ALLOWED_ID_LOCAL_SUB) -#define NOT_ALLOWED_REMOTE_PERM (1u << NOT_ALLOWED_ID_REMOTE_PERM) +#define NOT_ALLOWED_LOCAL_WRITER (1u << NOT_ALLOWED_ID_LOCAL_WRITER) +#define NOT_ALLOWED_LOCAL_READER (1u << NOT_ALLOWED_ID_LOCAL_READER) +#define NOT_ALLOWED_LOCAL_PERM (1u << NOT_ALLOWED_ID_LOCAL_PERM) #define NOT_ALLOWED_REMOTE_PP (1u << NOT_ALLOWED_ID_REMOTE_PP) #define NOT_ALLOWED_REMOTE_TOPIC (1u << NOT_ALLOWED_ID_REMOTE_TOPIC) #define NOT_ALLOWED_REMOTE_WRITER (1u << NOT_ALLOWED_ID_REMOTE_WRITER) #define NOT_ALLOWED_REMOTE_READER (1u << NOT_ALLOWED_ID_REMOTE_READER) #define NOT_ALLOWED_REMOTE_READER_RELAY_ONLY (1u << NOT_ALLOWED_ID_REMOTE_READER_RELAY_ONLY) +#define NOT_ALLOWED_REMOTE_PERM (1u << NOT_ALLOWED_ID_REMOTE_PERM) /** * Implementation structure for storing encapsulated members of the instance @@ -76,8 +78,15 @@ static DDS_Security_PermissionsHandle validate_local_permissions( struct dds_security_access_control_impl *impl = (struct dds_security_access_control_impl *)instance; switch (impl->mode) { - case PLUGIN_MODE_WRAPPED: case PLUGIN_MODE_NOT_ALLOWED: + if (impl->not_allowed_mask & NOT_ALLOWED_LOCAL_PERM) + { + ex->code = 1; + ex->message = ddsrt_strdup ("not_allowed: validate_local_permissions"); + return 0; + } + /* fall through */ + case PLUGIN_MODE_WRAPPED: return impl->instance->validate_local_permissions(impl->instance, auth_plugin, identity, domain_id, participant_qos, ex); default: @@ -154,7 +163,7 @@ static DDS_Security_boolean check_create_datawriter( switch (impl->mode) { case PLUGIN_MODE_NOT_ALLOWED: - if (impl->not_allowed_mask & NOT_ALLOWED_LOCAL_PUB) + if (impl->not_allowed_mask & NOT_ALLOWED_LOCAL_WRITER) { if (topic_name && strncmp (topic_name, AC_WRAPPER_TOPIC_PREFIX, strlen (AC_WRAPPER_TOPIC_PREFIX)) == 0) { @@ -186,7 +195,7 @@ static DDS_Security_boolean check_create_datareader( switch (impl->mode) { case PLUGIN_MODE_NOT_ALLOWED: - if (impl->not_allowed_mask & NOT_ALLOWED_LOCAL_SUB) + if (impl->not_allowed_mask & NOT_ALLOWED_LOCAL_READER) { ex->code = 1; ex->message = ddsrt_strdup ("not_allowed: check_create_datareader"); @@ -838,14 +847,15 @@ int finalize_test_access_control_missing_func(void *context) INIT_NOT_ALLOWED(local_participant_not_allowed, NOT_ALLOWED_LOCAL_PP) INIT_NOT_ALLOWED(local_topic_not_allowed, NOT_ALLOWED_LOCAL_TOPIC) -INIT_NOT_ALLOWED(local_publishing_not_allowed, NOT_ALLOWED_LOCAL_PUB) -INIT_NOT_ALLOWED(local_subscribing_not_allowed, NOT_ALLOWED_LOCAL_SUB) -INIT_NOT_ALLOWED(remote_permissions_invalidate, NOT_ALLOWED_REMOTE_PERM) +INIT_NOT_ALLOWED(local_writer_not_allowed, NOT_ALLOWED_LOCAL_WRITER) +INIT_NOT_ALLOWED(local_reader_not_allowed, NOT_ALLOWED_LOCAL_READER) +INIT_NOT_ALLOWED(local_permissions_not_allowed, NOT_ALLOWED_LOCAL_PERM) INIT_NOT_ALLOWED(remote_participant_not_allowed, NOT_ALLOWED_REMOTE_PP) INIT_NOT_ALLOWED(remote_topic_not_allowed, NOT_ALLOWED_REMOTE_TOPIC) INIT_NOT_ALLOWED(remote_writer_not_allowed, NOT_ALLOWED_REMOTE_WRITER) INIT_NOT_ALLOWED(remote_reader_not_allowed, NOT_ALLOWED_REMOTE_READER) INIT_NOT_ALLOWED(remote_reader_relay_only, NOT_ALLOWED_REMOTE_READER_RELAY_ONLY) +INIT_NOT_ALLOWED(remote_permissions_not_allowed, NOT_ALLOWED_REMOTE_PERM) int finalize_test_access_control_not_allowed(void *context) { diff --git a/src/security/core/tests/common/access_control_wrapper.h b/src/security/core/tests/common/access_control_wrapper.h index 3fb04bf..6f733fc 100644 --- a/src/security/core/tests/common/access_control_wrapper.h +++ b/src/security/core/tests/common/access_control_wrapper.h @@ -37,14 +37,15 @@ SECURITY_EXPORT int finalize_test_access_control_wrapped(void *context); INIT_NOT_ALLOWED_DECL(local_participant_not_allowed) INIT_NOT_ALLOWED_DECL(local_topic_not_allowed) -INIT_NOT_ALLOWED_DECL(local_publishing_not_allowed) -INIT_NOT_ALLOWED_DECL(local_subscribing_not_allowed) -INIT_NOT_ALLOWED_DECL(remote_permissions_invalidate) +INIT_NOT_ALLOWED_DECL(local_writer_not_allowed) +INIT_NOT_ALLOWED_DECL(local_reader_not_allowed) +INIT_NOT_ALLOWED_DECL(local_permissions_not_allowed) INIT_NOT_ALLOWED_DECL(remote_participant_not_allowed) INIT_NOT_ALLOWED_DECL(remote_topic_not_allowed) INIT_NOT_ALLOWED_DECL(remote_writer_not_allowed) INIT_NOT_ALLOWED_DECL(remote_reader_not_allowed) INIT_NOT_ALLOWED_DECL(remote_reader_relay_only) +INIT_NOT_ALLOWED_DECL(remote_permissions_not_allowed) SECURITY_EXPORT int finalize_test_access_control_not_allowed(void *context);