niklas/cyclonedds
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add security authentication handshake and encoding and decoding

Browse source 
Signed-off-by: Marcel Jordense <marcel.jordense@adlinktech.com>
This commit is contained in:
Marcel Jordense 2019-11-22 17:50:35 +01:00 committed by eboasson
parent 1c77aad39c
commit 4960fbf94c
48 changed files with 7473 additions and 1539 deletions
Download patch file Download diff file Expand all files Collapse all files

19
src/core/ddsc/src/dds_topic.c
View file

@ -32,6 +32,7 @@
#include "dds/ddsi/ddsi_plist.h"
#include "dds/ddsi/ddsi_domaingv.h"
#include "dds/ddsi/ddsi_cdrstream.h"
#include "dds/ddsi/ddsi_security_omg.h"
#include "dds__serdata_builtintopic.h"
DECL_ENTITY_LOCK_UNLOCK (extern inline, dds_topic)
@ -317,10 +318,12 @@ dds_entity_t dds_create_topic_impl (dds_entity_t participant, struct ddsi_sertop
* reliable ... (and keep behaviour unchanged) */
struct ddsi_domaingv * const gv = &pp->m_entity.m_domain->gv;
if ((rc = ddsi_xqos_valid (&gv->logconfig, new_qos)) != DDS_RETCODE_OK)
goto error;
if (!q_omg_security_check_create_topic (&pp->m_entity.m_domain->gv, &pp->m_entity.m_guid, sertopic->name, new_qos))
{
dds_delete_qos (new_qos);
dds_entity_unpin (&pp->m_entity);
return rc;
rc = DDS_RETCODE_NOT_ALLOWED_BY_SECURITY;
goto error;
}
/* See if we're allowed to create the topic; ktp is returned pinned & locked
@ -333,9 +336,8 @@ dds_entity_t dds_create_topic_impl (dds_entity_t participant, struct ddsi_sertop
if ((rc = lookup_and_check_ktopic (&ktp, pp, sertopic->name, sertopic->type_name, new_qos)) != DDS_RETCODE_OK)
{
GVTRACE ("dds_create_topic_arbitrary: failed after compatibility check: %s\n", dds_strretcode (rc));
dds_participant_unlock (pp);
dds_delete_qos (new_qos);
return rc;
ddsrt_mutex_unlock (&pp->m_entity.m_mutex);
goto error;
}
/* Create a ktopic if it doesn't exist yet, else reference existing one and delete the
@ -378,6 +380,11 @@ dds_entity_t dds_create_topic_impl (dds_entity_t participant, struct ddsi_sertop
dds_participant_unlock (pp);
GVTRACE ("dds_create_topic_arbitrary: new topic %"PRId32"\n", hdl);
return hdl;
error:
dds_entity_unpin (&pp->m_entity);
dds_delete_qos (new_qos);
return rc;
}
dds_entity_t dds_create_topic_arbitrary (dds_entity_t participant, struct ddsi_sertopic *sertopic, const dds_qos_t *qos, const dds_listener_t *listener, const ddsi_plist_t *sedp_plist)

8
src/core/ddsi/CMakeLists.txt
View file

@ -18,6 +18,7 @@ PREPEND(srcs_ddsi "${CMAKE_CURRENT_LIST_DIR}/src"
ddsi_raweth.c
ddsi_ipaddr.c
ddsi_mcgroup.c
ddsi_security_util.c
ddsi_security_omg.c
ddsi_portmapping.c
ddsi_handshake.c
@ -83,6 +84,7 @@ PREPEND(hdrs_private_ddsi "${CMAKE_CURRENT_LIST_DIR}/include/dds/ddsi"
ddsi_ipaddr.h
ddsi_mcgroup.h
ddsi_plist_generic.h
ddsi_security_util.h
ddsi_security_omg.h
ddsi_portmapping.h
ddsi_handshake.h
@ -148,10 +150,12 @@ target_sources(ddsc
if(ENABLE_SECURITY)
PREPEND(security_srcs "${CMAKE_CURRENT_LIST_DIR}/src"
ddsi_security_msg.c)
ddsi_security_msg.c
ddsi_security_exchange.c)
PREPEND(security_hdrs "${CMAKE_CURRENT_LIST_DIR}/include/dds/ddsi"
ddsi_security_msg.h)
ddsi_security_msg.h
ddsi_security_exchange.h)
target_sources(ddsc
PRIVATE ${security_srcs} ${security_hdrs})

5
src/core/ddsi/include/dds/ddsi/ddsi_domaingv.h
View file

@ -47,6 +47,8 @@ struct ddsrt_thread_pool_s;
struct debug_monitor;
struct ddsi_tkmap;
struct dds_security_context;
struct dds_security_match_index;
struct ddsi_hsadmin;
typedef struct config_in_addr_node {
nn_locator_t loc;
@ -299,7 +301,10 @@ struct ddsi_domaingv {
/* security globals */
#ifdef DDSI_INCLUDE_SECURITY
struct dds_security_context *security_context;
struct dds_security_match_index *security_matches;
struct ddsi_hsadmin *hsadmin;
#endif
};
#if defined (__cplusplus)

53
src/core/ddsi/include/dds/ddsi/ddsi_handshake.h
View file

@ -12,9 +12,7 @@
#ifndef DDSI_HANDSHAKE_H
#define DDSI_HANDSHAKE_H
#include "q_unused.h"
#include "q_entity.h"
#include "ddsi_security_msg.h"
#include "dds/ddsi/q_entity.h"
#if defined (__cplusplus)
extern "C" {
@ -37,10 +35,9 @@ enum ddsi_handshake_state {
/* The handshake will not use the related handshake object after this callback
* was executed. This means that it can be deleted in this callback. */
typedef void (*ddsi_handshake_end_cb_t)(
struct ddsi_domaingv const * const gv,
struct ddsi_handshake *handshake,
const ddsi_guid_t *lpguid, /* Local participant */
const ddsi_guid_t *ppguid, /* Proxy participant */
struct participant *pp,
struct proxy_participant *proxypp,
enum ddsi_handshake_state result);
#ifdef DDSI_INCLUDE_SECURITY
@ -123,7 +120,7 @@ int64_t ddsi_handshake_get_handle(const struct ddsi_handshake *handshake);
* @param[in] callback The callback function.
*
*/
void ddsi_handshake_register(const struct participant *pp, const struct proxy_participant *proxypp, ddsi_handshake_end_cb_t callback);
void ddsi_handshake_register(struct participant *pp, struct proxy_participant *proxypp, ddsi_handshake_end_cb_t callback);
/**
* @brief Remove the handshake associated with the specified participants.
@ -137,7 +134,7 @@ void ddsi_handshake_register(const struct participant *pp, const struct proxy_pa
* @param[in] handshake The handshake.
*
*/
void ddsi_handshake_remove(const struct participant *pp, const struct proxy_participant *proxypp, struct ddsi_handshake *handshake);
void ddsi_handshake_remove(struct participant *pp, struct proxy_participant *proxypp, struct ddsi_handshake *handshake);
/**
* @brief Searches for the handshake associated with the specified participants
@ -150,12 +147,42 @@ void ddsi_handshake_remove(const struct participant *pp, const struct proxy_part
*
* @returns The handshake
*/
struct ddsi_handshake * ddsi_handshake_find(const struct participant *pp, const struct proxy_participant *proxypp);
struct ddsi_handshake * ddsi_handshake_find(struct participant *pp, struct proxy_participant *proxypp);
/**
* @brief Searches for the handshake associated with the specified participants
*
* This function will search through the handshake administration to find the handshake
* corresponding the to specified local and remote participant.
*
* @param[in] pp The local participant.
* @param[in] proxypp The remote participant.
*
* @returns The handshake
*/
struct ddsi_handshake * ddsi_handshake_find(struct participant *pp, struct proxy_participant *proxypp);
/**
* @brief Initialize the handshake administration
*
* @param[in] gv The global parameters
*/
void ddsi_handshake_admin_init(struct ddsi_domaingv *gv);
/**
* @brief Deinitialze the handshake administration.
*
* @param[in] gv The global parameters
*/
void ddsi_handshake_admin_deinit(struct ddsi_domaingv *gv);
#else /* DDSI_INCLUDE_SECURITY */
#include "dds/ddsi/q_unused.h"
inline void ddsi_handshake_register(UNUSED_ARG(struct participant *pp), UNUSED_ARG(struct proxy_participant *proxypp), UNUSED_ARG(ddsi_handshake_end_cb_t callback))
{
}
inline void ddsi_handshake_release(UNUSED_ARG(struct ddsi_handshake *handshake))
{
@ -175,15 +202,11 @@ inline int64_t ddsi_handshake_get_handle(UNUSED_ARG(const struct ddsi_handshake
return 0;
}
inline void ddsi_handshake_register(UNUSED_ARG(const struct participant *pp), UNUSED_ARG(const struct proxy_participant *proxypp), UNUSED_ARG(ddsi_handshake_end_cb_t callback))
inline void ddsi_handshake_remove(UNUSED_ARG(struct participant *pp), UNUSED_ARG(struct proxy_participant *proxypp), UNUSED_ARG(struct ddsi_handshake *handshake))
{
}
inline void ddsi_handshake_remove(UNUSED_ARG(const struct participant *pp), UNUSED_ARG(const struct proxy_participant *proxypp), UNUSED_ARG(struct ddsi_handshake *handshake))
{
}
inline struct ddsi_handshake * ddsi_handshake_find(UNUSED_ARG(const struct participant *pp), UNUSED_ARG(const struct proxy_participant *proxypp))
inline struct ddsi_handshake * ddsi_handshake_find(UNUSED_ARG(struct participant *pp), UNUSED_ARG(struct proxy_participant *proxypp))
{
return NULL;
}

1
src/core/ddsi/include/dds/ddsi/ddsi_plist.h
View file

@ -309,6 +309,7 @@ DDS_EXPORT void ddsi_plist_fini (ddsi_plist_t *ps);
DDS_EXPORT void ddsi_plist_fini_mask (ddsi_plist_t *plist, uint64_t pmask, uint64_t qmask);
DDS_EXPORT void ddsi_plist_unalias (ddsi_plist_t *plist);
DDS_EXPORT void ddsi_plist_addtomsg (struct nn_xmsg *m, const ddsi_plist_t *ps, uint64_t pwanted, uint64_t qwanted);
DDS_EXPORT void ddsi_plist_addtomsg_bo (struct nn_xmsg *m, const ddsi_plist_t *ps, uint64_t pwanted, uint64_t qwanted, bool be);
DDS_EXPORT void ddsi_plist_init_default_participant (ddsi_plist_t *plist);
DDS_EXPORT void ddsi_plist_delta (uint64_t *pdelta, uint64_t *qdelta, const ddsi_plist_t *x, const ddsi_plist_t *y, uint64_t pmask, uint64_t qmask);
DDS_EXPORT void ddsi_plist_log (uint32_t cat, const struct ddsrt_log_cfg *logcfg, const ddsi_plist_t *plist);

49
src/core/ddsi/include/dds/ddsi/ddsi_security_exchange.h Normal file
View file

@ -0,0 +1,49 @@
/*
* Copyright(c) 2006 to 2018 ADLINK Technology Limited and others
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License v. 2.0 which is available at
* http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License
* v. 1.0 which is available at
* http://www.eclipse.org/org/documents/edl-v10.php.
*
* SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
*/
#ifndef DDSI_SECURITY_EXCHANGE_H
#define DDSI_SECURITY_EXCHANGE_H
#ifdef DDSI_INCLUDE_SECURITY
#if defined (__cplusplus)
extern "C" {
#endif
#include "dds/ddsi/q_rtps.h"
#include "dds/ddsi/q_radmin.h"
#include "dds/ddsi/q_entity.h"
#include "dds/ddsi/ddsi_security_msg.h"
#define GMCLASSID_SECURITY_PARTICIPANT_CRYPTO_TOKENS "dds.sec.participant_crypto_tokens"
#define GMCLASSID_SECURITY_DATAWRITER_CRYPTO_TOKENS "dds.sec.datawriter_crypto_tokens"
#define GMCLASSID_SECURITY_DATAREADER_CRYPTO_TOKENS "dds.sec.datareader_crypto_tokens"
bool write_auth_handshake_message(const struct participant *pp, const struct proxy_participant *proxypp, nn_dataholderseq_t *mdata, bool request, const nn_message_identity_t *related_message_id);
void handle_auth_handshake_message(const struct receiver_state *rst, ddsi_entityid_t wr_entity_id, nn_wctime_t timestamp, unsigned statusinfo, const void *vdata, size_t len);
void handle_crypto_exchange_message(const struct receiver_state *rst, ddsi_entityid_t wr_entity_id, nn_wctime_t timestamp, unsigned statusinfo, const void *vdata, unsigned len);
void auth_get_serialized_participant_data(struct participant *pp, ddsi_octetseq_t *seq);
bool write_crypto_participant_tokens(const struct participant *pp, const struct proxy_participant *proxypp, const nn_dataholderseq_t *tokens);
bool write_crypto_writer_tokens(const struct writer *wr, const struct proxy_reader *prd, const nn_dataholderseq_t *tokens);
bool write_crypto_reader_tokens(const struct reader *rd, const struct proxy_writer *pwr, const nn_dataholderseq_t *tokens);
#if defined (__cplusplus)
}
#endif
#else /* DDSI_INCLUDE_SECURITY */
#define volatile_secure_data_filter NULL
#endif /* DDSI_INCLUDE_SECURITY */
#endif /* DDSI_SECURITY_EXCHANGE_H */

18
src/core/ddsi/include/dds/ddsi/ddsi_security_msg.h
View file

@ -28,8 +28,13 @@ struct writer;
struct proxy_reader;
struct ddsi_serdata;
#define GMCLASSID_SECURITY_AUTH_REQUEST "dds.sec.auth_request"
#define GMCLASSID_SECURITY_AUTH_HANDSHAKE "dds.sec.auth"
#define DDS_SECURITY_AUTH_REQUEST "dds.sec.auth_request"
#define DDS_SECURITY_AUTH_HANDSHAKE "dds.sec.auth"
#define DDS_SECURITY_AUTH_REQUEST_TOKEN_CLASS_ID "DDS:Auth:PKI-DH:1.0+AuthReq"
#define DDS_SECURITY_AUTH_HANDSHAKE_REQUEST_TOKEN_ID "DDS:Auth:PKI-DH:1.0+Req"
#define DDS_SECURITY_AUTH_HANDSHAKE_REPLY_TOKEN_ID "DDS:Auth:PKI-DH:1.0+Reply"
#define DDS_SECURITY_AUTH_HANDSHAKE_FINAL_TOKEN_ID "DDS:Auth:PKI-DH:1.0+Final"
typedef struct nn_message_identity {
ddsi_guid_t source_guid;
@ -91,15 +96,6 @@ nn_participant_generic_message_serialize(
DDS_EXPORT extern const enum pserop pserop_participant_generic_message[];
DDS_EXPORT int
write_crypto_exchange_message(
const struct participant *pp,
const ddsi_guid_t *dst_pguid,
const ddsi_guid_t *src_eguid,
const ddsi_guid_t *dst_eguid,
const char *classid,
const nn_dataholderseq_t *tokens);
DDS_EXPORT int
volatile_secure_data_filter(
struct writer *wr,

1153
src/core/ddsi/include/dds/ddsi/ddsi_security_omg.h
View file

File diff suppressed because it is too large Load diff

91
src/core/ddsi/include/dds/ddsi/ddsi_security_util.h Normal file
View file

@ -0,0 +1,91 @@
/*
* Copyright(c) 2006 to 2018 ADLINK Technology Limited and others
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License v. 2.0 which is available at
* http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License
* v. 1.0 which is available at
* http://www.eclipse.org/org/documents/edl-v10.php.
*
* SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
*/
#ifndef DDSI_SECURITY_UTIL_H
#define DDSI_SECURITY_UTIL_H
#ifdef DDSI_INCLUDE_SECURITY
#include "dds/ddsi/ddsi_plist.h"
#include "dds/security/core/dds_security_utils.h"
#if defined (__cplusplus)
extern "C" {
#endif
void g_omg_shallow_copy_StringSeq(DDS_Security_StringSeq *dst, const ddsi_stringseq_t *src);
void g_omg_shallow_free_StringSeq(DDS_Security_StringSeq *obj);
void q_omg_copy_PropertySeq(DDS_Security_PropertySeq *dst, const dds_propertyseq_t *src);
void q_omg_shallow_copyin_PropertySeq(DDS_Security_PropertySeq *dst, const dds_propertyseq_t *src);
void q_omg_shallow_copyout_PropertySeq(dds_propertyseq_t *dst, const DDS_Security_PropertySeq *src);
void q_omg_shallow_free_PropertySeq(DDS_Security_PropertySeq *obj);
void q_omg_shallow_copyin_BinaryPropertySeq(DDS_Security_BinaryPropertySeq *dst, const dds_binarypropertyseq_t *src);
void q_omg_shallow_copyout_BinaryPropertySeq(dds_binarypropertyseq_t *dst, const DDS_Security_BinaryPropertySeq *src);
void q_omg_shallow_free_BinaryPropertySeq(DDS_Security_BinaryPropertySeq *obj);
void q_omg_shallow_copy_PropertyQosPolicy(DDS_Security_PropertyQosPolicy *dst, const dds_property_qospolicy_t *src);
void q_omg_shallow_copy_security_qos(DDS_Security_Qos *dst, const struct dds_qos *src);
void q_omg_shallow_free_PropertyQosPolicy(DDS_Security_PropertyQosPolicy *obj);
void q_omg_shallow_free_security_qos(DDS_Security_Qos *obj);
void q_omg_security_dataholder_copyin(nn_dataholder_t *dh, const DDS_Security_DataHolder *holder);
void q_omg_security_dataholder_copyout(DDS_Security_DataHolder *holder, const nn_dataholder_t *dh);
void q_omg_shallow_copyin_DataHolder(DDS_Security_DataHolder *dst, const nn_dataholder_t *src);
void q_omg_shallow_copyout_DataHolder(nn_dataholder_t *dst, const DDS_Security_DataHolder *src);
void q_omg_shallow_free_DataHolder(DDS_Security_DataHolder *obj);
void q_omg_shallow_free_nn_dataholder(nn_dataholder_t *holder);
void q_omg_shallow_copyin_DataHolderSeq(DDS_Security_DataHolderSeq *dst, const nn_dataholderseq_t *src);
void q_omg_copyin_DataHolderSeq(DDS_Security_DataHolderSeq *dst, const nn_dataholderseq_t *src);
void q_omg_shallow_copyout_DataHolderSeq(nn_dataholderseq_t *dst, const DDS_Security_DataHolderSeq *src);
void q_omg_shallow_free_DataHolderSeq(DDS_Security_DataHolderSeq *obj);
void q_omg_shallow_free_nn_dataholderseq(nn_dataholderseq_t *obj);
void q_omg_shallow_copy_ParticipantBuiltinTopicDataSecure(DDS_Security_ParticipantBuiltinTopicDataSecure *dst, const ddsi_guid_t *guid, const ddsi_plist_t *plist);
void q_omg_shallow_free_ParticipantBuiltinTopicDataSecure(DDS_Security_ParticipantBuiltinTopicDataSecure *obj);
void q_omg_shallow_copy_SubscriptionBuiltinTopicDataSecure(DDS_Security_SubscriptionBuiltinTopicDataSecure *dst, const ddsi_guid_t *guid, const struct dds_qos *qos, const nn_security_info_t *secinfo);
void q_omg_shallow_free_SubscriptionBuiltinTopicDataSecure(DDS_Security_SubscriptionBuiltinTopicDataSecure *obj);
void q_omg_shallow_copy_PublicationBuiltinTopicDataSecure(DDS_Security_PublicationBuiltinTopicDataSecure *dst, const ddsi_guid_t *guid, const struct dds_qos *qos, const nn_security_info_t *secinfo);
void q_omg_shallow_free_PublicationBuiltinTopicDataSecure(DDS_Security_PublicationBuiltinTopicDataSecure *obj);
#if defined (__cplusplus)
}
#endif
#endif /* DDSI_INCLUDE_SECURITY */
#endif /* DDSI_SECURITY_UTIL_H */

2
src/core/ddsi/include/dds/ddsi/q_ddsi_discovery.h
View file

@ -25,6 +25,8 @@ struct nn_rsample_info;
struct nn_rdata;
struct ddsi_plist;
void get_participant_builtin_topic_data(const struct participant *pp, struct nn_xmsg *mpayload, bool be);
int spdp_write (struct participant *pp);
int spdp_dispose_unregister (struct participant *pp);

43
src/core/ddsi/include/dds/ddsi/q_entity.h
View file

@ -45,6 +45,10 @@ struct whc;
struct dds_qos;
struct ddsi_plist;
struct lease;
struct participant_sec_attributes;
struct proxy_participant_sec_attributes;
struct writer_sec_attributes;
struct reader_sec_attributes;
struct proxy_group;
struct proxy_endpoint_common;
@ -83,6 +87,9 @@ typedef void (*status_cb_t) (void *entity, const status_cb_data_t *data);
struct prd_wr_match {
ddsrt_avl_node_t avlnode;
ddsi_guid_t wr_guid;
#ifdef DDSI_INCLUDE_SECURITY
int64_t crypto_handle;
#endif
};
struct rd_pwr_match {
@ -94,6 +101,9 @@ struct rd_pwr_match {
nn_locator_t ssm_mc_loc;
nn_locator_t ssm_src_loc;
#endif
#ifdef DDSI_INCLUDE_SECURITY
int64_t crypto_handle;
#endif
};
struct wr_rd_match {
@ -128,6 +138,9 @@ struct wr_prd_match {
nn_wctime_t hb_to_ack_latency_tlastlog;
uint32_t non_responsive_count;
uint32_t rexmit_requests;
#ifdef DDSI_INCLUDE_SECURITY
int64_t crypto_handle;
#endif
};
enum pwr_rd_match_syncstate {
@ -156,6 +169,9 @@ struct pwr_rd_match {
struct nn_reorder *reorder; /* can be done (mostly) per proxy writer, but that is harder; only when state=OUT_OF_SYNC */
} not_in_sync;
} u;
#ifdef DDSI_INCLUDE_SECURITY
int64_t crypto_handle;
#endif
};
struct nn_rsample_info;
@ -218,8 +234,6 @@ struct participant
ddsrt_atomic_voidp_t minl_man; /* lease object for shortest manual-by-participant liveliness writer's lease */
ddsrt_fibheap_t leaseheap_man; /* keeps leases for this participant's writers (with liveliness manual-by-participant) */
#ifdef DDSI_INCLUDE_SECURITY
int64_t local_identity_handle; /* OMG DDS Security related member */
int64_t permissions_handle; /* OMG DDS Security related member */
struct participant_sec_attributes *sec_attr;
nn_security_info_t security_info;
#endif
@ -286,6 +300,7 @@ struct writer
uint32_t whc_low, whc_high; /* watermarks for WHC in bytes (counting only unack'd data) */
nn_etime_t t_rexmit_end; /* time of last 1->0 transition of "retransmitting" */
nn_etime_t t_whc_high_upd; /* time "whc_high" was last updated for controlled ramp-up of throughput */
uint32_t num_readers; /* total number of matching PROXY readers */
int32_t num_reliable_readers; /* number of matching reliable PROXY readers */
ddsrt_avl_tree_t readers; /* all matching PROXY readers, see struct wr_prd_match */
ddsrt_avl_tree_t local_readers; /* all matching LOCAL readers, see struct wr_rd_match */
@ -301,6 +316,9 @@ struct writer
struct xeventq *evq; /* timed event queue to be used by this writer */
struct local_reader_ary rdary; /* LOCAL readers for fast-pathing; if not fast-pathed, fall back to scanning local_readers */
struct lease *lease; /* for liveliness administration (writer can only become inactive when using manual liveliness) */
#ifdef DDSI_INCLUDE_SECURITY
struct writer_sec_attributes *sec_attr;
#endif
};
inline seqno_t writer_read_seq_xmit (const struct writer *wr) {
@ -333,10 +351,14 @@ struct reader
struct addrset *as;
#endif
const struct ddsi_sertopic * topic; /* topic is NULL for built-in readers */
uint32_t num_writers; /* total number of matching PROXY writers */
ddsrt_avl_tree_t writers; /* all matching PROXY writers, see struct rd_pwr_match */
ddsrt_avl_tree_t local_writers; /* all matching LOCAL writers, see struct rd_wr_match */
ddsi2direct_directread_cb_t ddsi2direct_cb;
void *ddsi2direct_cbarg;
#ifdef DDSI_INCLUDE_SECURITY
struct reader_sec_attributes *sec_attr;
#endif
};
struct proxy_participant
@ -366,7 +388,6 @@ struct proxy_participant
unsigned proxypp_have_spdp: 1;
unsigned owns_lease: 1;
#ifdef DDSI_INCLUDE_SECURITY
int64_t remote_identity_handle; /* OMG DDS Security related member */
nn_security_info_t security_info;
struct proxy_participant_sec_attributes *sec_attr;
#endif
@ -435,6 +456,9 @@ struct proxy_writer {
ddsi2direct_directread_cb_t ddsi2direct_cb;
void *ddsi2direct_cbarg;
struct lease *lease;
#ifdef DDSI_INCLUDE_SECURITY
nn_security_info_t security_info;
#endif
};
@ -450,6 +474,9 @@ struct proxy_reader {
#endif
ddsrt_avl_tree_t writers; /* matching LOCAL writers */
filter_fn_t filter;
#ifdef DDSI_INCLUDE_SECURITY
nn_security_info_t security_info;
#endif
};
DDS_EXPORT extern const ddsrt_avl_treedef_t wr_readers_treedef;
@ -533,8 +560,8 @@ nn_vendorid_t get_entity_vendorid (const struct entity_common *e);
/**
* @brief Create a new participant with a given GUID in the domain.
*
* @param[in] ppguid
* The GUID of the new participant.
* @param[in,out] ppguid
* The GUID of the new participant, may be adjusted by security.
* @param[in] flags
* Zero or more of:
* - RTPS_PF_NO_BUILTIN_READERS do not create discovery readers in new ppant
@ -555,7 +582,7 @@ nn_vendorid_t get_entity_vendorid (const struct entity_common *e);
* @retval DDS_RETCODE_OUT_OF_RESOURCES
* The configured maximum number of participants has been reached.
*/
dds_return_t new_participant_guid (const ddsi_guid_t *ppguid, struct ddsi_domaingv *gv, unsigned flags, const struct ddsi_plist *plist);
dds_return_t new_participant_guid (ddsi_guid_t *ppguid, struct ddsi_domaingv *gv, unsigned flags, const struct ddsi_plist *plist);
/**
* @brief Create a new participant in the domain. See also new_participant_guid.
@ -720,8 +747,8 @@ void rebuild_or_clear_writer_addrsets(struct ddsi_domaingv *gv, int rebuild);
void local_reader_ary_setfastpath_ok (struct local_reader_ary *x, bool fastpath_ok);
void connect_writer_with_proxy_reader_secure(struct writer *wr, struct proxy_reader *prd, nn_mtime_t tnow);
void connect_reader_with_proxy_writer_secure(struct reader *rd, struct proxy_writer *pwr, nn_mtime_t tnow);
void connect_writer_with_proxy_reader_secure(struct writer *wr, struct proxy_reader *prd, nn_mtime_t tnow, int64_t crypto_handle);
void connect_reader_with_proxy_writer_secure(struct reader *rd, struct proxy_writer *pwr, nn_mtime_t tnow, int64_t crypto_handle);
struct ddsi_writer_info;

1
src/core/ddsi/include/dds/ddsi/q_misc.h
View file

@ -35,6 +35,7 @@ unsigned char normalize_data_datafrag_flags (const SubmessageHeader_t *smhdr);
int WildcardOverlap(char * p1, char * p2);
#endif
DDS_EXPORT bool guid_prefix_zero (const ddsi_guid_prefix_t *a);
DDS_EXPORT int guid_prefix_eq (const ddsi_guid_prefix_t *a, const ddsi_guid_prefix_t *b);
DDS_EXPORT int guid_eq (const struct ddsi_guid *a, const struct ddsi_guid *b);
DDS_EXPORT int ddsi2_patmatch (const char *pat, const char *str);

2
src/core/ddsi/include/dds/ddsi/q_xevent.h
View file

@ -50,8 +50,10 @@ DDS_EXPORT dds_return_t xeventq_start (struct xeventq *evq, const char *name); /
DDS_EXPORT void xeventq_stop (struct xeventq *evq);
DDS_EXPORT void qxev_msg (struct xeventq *evq, struct nn_xmsg *msg);
DDS_EXPORT void qxev_pwr_entityid (struct proxy_writer * pwr, const ddsi_guid_t *guid);
DDS_EXPORT void qxev_prd_entityid (struct proxy_reader * prd, const ddsi_guid_t *guid);
DDS_EXPORT void qxev_nt_callback (struct xeventq *evq, void (*cb) (void *arg), void *arg);
/* Returns 1 if queued, 0 otherwise (no point in returning the
event, you can't do anything with it anyway) */

2
src/core/ddsi/include/dds/ddsi/q_xmsg.h
View file

@ -128,10 +128,12 @@ void nn_xmsg_submsg_setnext (struct nn_xmsg *msg, struct nn_xmsg_marker marker);
void nn_xmsg_submsg_init (struct nn_xmsg *msg, struct nn_xmsg_marker marker, SubmessageKind_t smkind);
void nn_xmsg_add_timestamp (struct nn_xmsg *m, nn_wctime_t t);
void nn_xmsg_add_entityid (struct nn_xmsg * m);
void *nn_xmsg_addpar_bo (struct nn_xmsg *m, nn_parameterid_t pid, size_t len, bool be);
void *nn_xmsg_addpar (struct nn_xmsg *m, nn_parameterid_t pid, size_t len);
void nn_xmsg_addpar_keyhash (struct nn_xmsg *m, const struct ddsi_serdata *serdata, bool force_md5);
void nn_xmsg_addpar_statusinfo (struct nn_xmsg *m, unsigned statusinfo);
void nn_xmsg_addpar_sentinel (struct nn_xmsg *m);
void nn_xmsg_addpar_sentinel_bo (struct nn_xmsg * m, bool be);
int nn_xmsg_addpar_sentinel_ifparam (struct nn_xmsg *m);
/* XPACK */

1189
src/core/ddsi/src/ddsi_handshake.c
View file

File diff suppressed because it is too large Load diff

82
src/core/ddsi/src/ddsi_plist.c
View file

@ -106,7 +106,7 @@ struct piddesc {
const enum pserop desc[12];
struct {
dds_return_t (*deser) (void * __restrict dst, size_t * __restrict dstoff, struct flagset *flagset, uint64_t flag, const struct dd * __restrict dd, size_t * __restrict srcoff);
dds_return_t (*ser) (struct nn_xmsg *xmsg, nn_parameterid_t pid, const void *src, size_t srcoff);
dds_return_t (*ser) (struct nn_xmsg *xmsg, nn_parameterid_t pid, const void *src, size_t srcoff, bool be);
dds_return_t (*unalias) (void * __restrict dst, size_t * __restrict dstoff);
dds_return_t (*fini) (void * __restrict dst, size_t * __restrict dstoff, struct flagset *flagset, uint64_t flag);
dds_return_t (*valid) (const void *src, size_t srcoff);
@ -289,17 +289,19 @@ static dds_return_t deser_reliability (void * __restrict dst, size_t * __restric
return 0;
}
static dds_return_t ser_reliability (struct nn_xmsg *xmsg, nn_parameterid_t pid, const void *src, size_t srcoff)
static dds_return_t ser_reliability (struct nn_xmsg *xmsg, nn_parameterid_t pid, const void *src, size_t srcoff, bool be)
{
#define BO4U(x) ((be) ? ddsrt_toBE4u((x)) : (x))
DDSRT_STATIC_ASSERT (DDS_EXTERNAL_RELIABILITY_BEST_EFFORT == 1 && DDS_EXTERNAL_RELIABILITY_RELIABLE == 2 &&
DDS_RELIABILITY_BEST_EFFORT == 0 && DDS_RELIABILITY_RELIABLE == 1);
dds_reliability_qospolicy_t const * const x = deser_generic_src (src, &srcoff, alignof (dds_reliability_qospolicy_t));
ddsi_duration_t mbt = nn_to_ddsi_duration (x->max_blocking_time);
uint32_t * const p = nn_xmsg_addpar (xmsg, pid, 3 * sizeof (uint32_t));
p[0] = 1 + (uint32_t) x->kind;
p[1] = (uint32_t) mbt.seconds;
p[2] = mbt.fraction;
uint32_t * const p = nn_xmsg_addpar_bo (xmsg, pid, 3 * sizeof (uint32_t), be);
p[0] = BO4U(1 + (uint32_t) x->kind);
p[1] = BO4U((uint32_t) mbt.seconds);
p[2] = BO4U(mbt.fraction);
return 0;
#undef BO4U
}
static dds_return_t valid_reliability (const void *src, size_t srcoff)
@ -340,10 +342,10 @@ static dds_return_t deser_statusinfo (void * __restrict dst, size_t * __restrict
return 0;
}
static dds_return_t ser_statusinfo (struct nn_xmsg *xmsg, nn_parameterid_t pid, const void *src, size_t srcoff)
static dds_return_t ser_statusinfo (struct nn_xmsg *xmsg, nn_parameterid_t pid, const void *src, size_t srcoff, bool be)
{
uint32_t const * const x = deser_generic_src (src, &srcoff, alignof (uint32_t));
uint32_t * const p = nn_xmsg_addpar (xmsg, pid, sizeof (uint32_t));
uint32_t * const p = nn_xmsg_addpar_bo (xmsg, pid, sizeof (uint32_t), be);
*p = ddsrt_toBE4u (*x);
return 0;
}
@ -374,14 +376,16 @@ static dds_return_t deser_locator (void * __restrict dst, size_t * __restrict ds
return 0;
}
static dds_return_t ser_locator (struct nn_xmsg *xmsg, nn_parameterid_t pid, const void *src, size_t srcoff)
static dds_return_t ser_locator (struct nn_xmsg *xmsg, nn_parameterid_t pid, const void *src, size_t srcoff, bool be)
{
nn_locators_t const * const x = deser_generic_src (src, &srcoff, alignof (nn_locators_t));
for (const struct nn_locators_one *l = x->first; l != NULL; l = l->next)
{
char * const p = nn_xmsg_addpar (xmsg, pid, 24);
memcpy (p, &l->loc.kind, 4);
memcpy (p + 4, &l->loc.port, 4);
char * const p = nn_xmsg_addpar_bo (xmsg, pid, 24, be);
const int32_t kind = be ? ddsrt_toBE4 (l->loc.kind) : l->loc.kind;
const uint32_t port = be ? ddsrt_toBE4u (l->loc.port) : l->loc.port;
memcpy (p, &kind, 4);
memcpy (p + 4, &port, 4);
memcpy (p + 8, l->loc.address, 16);
}
return 0;
@ -854,8 +858,12 @@ static uint32_t ser_generic_count (const ddsi_octetseq_t *src, size_t elem_size,
return count;
}
static dds_return_t ser_generic_embeddable (char * const data, size_t *dstoff, const void *src, size_t srcoff, const enum pserop * __restrict desc)
static dds_return_t ser_generic_embeddable (char * const data, size_t *dstoff, const void *src, size_t srcoff, const enum pserop * __restrict desc, bool be)
{
#define BO4(x) (be ? ddsrt_toBE4((x)) : (x))
#define BO4U(x) (be ? ddsrt_toBE4u((x)) : (x))
#define BO8(x) (be ? ddsrt_toBE8((x)) : (x))
while (true)
{
switch (*desc)
@ -865,7 +873,7 @@ static dds_return_t ser_generic_embeddable (char * const data, size_t *dstoff, c
case XO: { /* octet sequence */
ddsi_octetseq_t const * const x = deser_generic_src (src, &srcoff, alignof (ddsi_octetseq_t));
char * const p = ser_generic_align4 (data, dstoff);
*((uint32_t *) p) = x->length;
*((uint32_t *) p) = BO4U(x->length);
if (x->length) memcpy (p + 4, x->value, x->length);
*dstoff += 4 + x->length;
srcoff += sizeof (*x);
@ -875,7 +883,7 @@ static dds_return_t ser_generic_embeddable (char * const data, size_t *dstoff, c
char const * const * const x = deser_generic_src (src, &srcoff, alignof (char *));
const uint32_t size = (uint32_t) (strlen (*x) + 1);
char * const p = ser_generic_align4 (data, dstoff);
*((uint32_t *) p) = size;
*((uint32_t *) p) = BO4U(size);
memcpy (p + 4, *x, size);
*dstoff += 4 + size;
srcoff += sizeof (*x);
@ -884,7 +892,7 @@ static dds_return_t ser_generic_embeddable (char * const data, size_t *dstoff, c
case XE1: case XE2: case XE3: { /* enum */
unsigned const * const x = deser_generic_src (src, &srcoff, alignof (unsigned));
uint32_t * const p = ser_generic_align4 (data, dstoff);
*p = (uint32_t) *x;
*p = BO4U((uint32_t) *x);
*dstoff += 4;
srcoff += sizeof (*x);
break;
@ -894,7 +902,7 @@ static dds_return_t ser_generic_embeddable (char * const data, size_t *dstoff, c
const uint32_t cnt = 1 + (uint32_t) (*desc - Xi);
int32_t * const p = ser_generic_align4 (data, dstoff);
for (uint32_t i = 0; i < cnt; i++)
p[i] = x[i];
p[i] = BO4(x[i]);
*dstoff += cnt * sizeof (*x);
srcoff += cnt * sizeof (*x);
break;
@ -904,7 +912,7 @@ static dds_return_t ser_generic_embeddable (char * const data, size_t *dstoff, c
const uint32_t cnt = 1 + (uint32_t) (*desc - Xu);
uint32_t * const p = ser_generic_align4 (data, dstoff);
for (uint32_t i = 0; i < cnt; i++)
p[i] = x[i];
p[i] = BO4U(x[i]);
*dstoff += cnt * sizeof (*x);
srcoff += cnt * sizeof (*x);
break;
@ -912,7 +920,7 @@ static dds_return_t ser_generic_embeddable (char * const data, size_t *dstoff, c
case Xl: { /* int64_t */
int64_t const * const x = deser_generic_src (src, &srcoff, alignof (int64_t));
int64_t * const p = ser_generic_align8 (data, dstoff);
*p = *x;
*p = BO8(*x);
*dstoff += sizeof (*x);
srcoff += sizeof (*x);
break;
@ -924,8 +932,8 @@ static dds_return_t ser_generic_embeddable (char * const data, size_t *dstoff, c
for (uint32_t i = 0; i < cnt; i++)
{
ddsi_duration_t tmp = nn_to_ddsi_duration (x[i]);
p[2 * i + 0] = (uint32_t) tmp.seconds;
p[2 * i + 1] = tmp.fraction;
p[2 * i + 0] = BO4U((uint32_t) tmp.seconds);
p[2 * i + 1] = BO4U(tmp.fraction);
}
*dstoff += 2 * cnt * sizeof (uint32_t);
srcoff += cnt * sizeof (*x);
@ -981,9 +989,9 @@ static dds_return_t ser_generic_embeddable (char * const data, size_t *dstoff, c
else
{
const size_t elem_size = ser_generic_srcsize (desc + 1);
*((uint32_t *) p) = ser_generic_count (x, elem_size, desc + 1);
*((uint32_t *) p) = BO4U(ser_generic_count (x, elem_size, desc + 1));
for (uint32_t i = 0; i < x->length; i++)
ser_generic_embeddable (data, dstoff, x->value, i * elem_size, desc + 1);
ser_generic_embeddable (data, dstoff, x->value, i * elem_size, desc + 1, be);
}
srcoff += sizeof (*x);
break;
@ -993,13 +1001,18 @@ static dds_return_t ser_generic_embeddable (char * const data, size_t *dstoff, c
}
desc = pserop_advance(desc);
}
#undef BO4
#undef BO4U
#undef BO8
}
static dds_return_t ser_generic (struct nn_xmsg *xmsg, nn_parameterid_t pid, const void *src, size_t srcoff, const enum pserop * __restrict desc)
static dds_return_t ser_generic (struct nn_xmsg *xmsg, nn_parameterid_t pid, const void *src, size_t srcoff, const enum pserop * __restrict desc, bool be)
{
char * const data = nn_xmsg_addpar (xmsg, pid, ser_generic_size (src, srcoff, desc));
char * const data = nn_xmsg_addpar_bo (xmsg, pid, ser_generic_size (src, srcoff, desc), be);
size_t dstoff = 0;
return ser_generic_embeddable (data, &dstoff, src, srcoff, desc);
return ser_generic_embeddable (data, &dstoff, src, srcoff, desc, be);
}
dds_return_t plist_ser_generic (void **dst, size_t *dstsize, const void *src, const enum pserop * __restrict desc)
@ -1010,7 +1023,7 @@ dds_return_t plist_ser_generic (void **dst, size_t *dstsize, const void *src, co
*dstsize = ser_generic_size (src, srcoff, desc);
if ((*dst = ddsrt_malloc (*dstsize == 0 ? 1 : *dstsize)) == NULL)
return DDS_RETCODE_OUT_OF_RESOURCES;
ret = ser_generic_embeddable (*dst, &dstoff, src, srcoff, desc);
ret = ser_generic_embeddable (*dst, &dstoff, src, srcoff, desc, false);
assert (dstoff == *dstsize);
return ret;
}
@ -1987,7 +2000,7 @@ static void plist_or_xqos_mergein_missing (void * __restrict dst, const void * _
assert ((*qfs_dst.aliased & ~ aliased_dst_inq) == 0);
}
static void plist_or_xqos_addtomsg (struct nn_xmsg *xmsg, const void * __restrict src, size_t shift, uint64_t pwanted, uint64_t qwanted)
static void plist_or_xqos_addtomsg (struct nn_xmsg *xmsg, const void * __restrict src, size_t shift, uint64_t pwanted, uint64_t qwanted, bool be)
{
/* shift == 0: plist, shift > 0: just qos */
uint64_t pw, qw;
@ -2017,9 +2030,9 @@ static void plist_or_xqos_addtomsg (struct nn_xmsg *xmsg, const void * __restric
assert (shift == 0 || entry->plist_offset - shift < sizeof (dds_qos_t));
size_t srcoff = entry->plist_offset - shift;
if (!(entry->flags & PDF_FUNCTION))
ser_generic (xmsg, entry->pid, src, srcoff, entry->op.desc);
ser_generic (xmsg, entry->pid, src, srcoff, entry->op.desc, be);
else
entry->op.f.ser (xmsg, entry->pid, src, srcoff);
entry->op.f.ser (xmsg, entry->pid, src, srcoff, be);
}
}
}
@ -3333,12 +3346,17 @@ static int partitions_equal (const void *srca, const void *srcb, size_t off)
void ddsi_xqos_addtomsg (struct nn_xmsg *m, const dds_qos_t *xqos, uint64_t wanted)
{
plist_or_xqos_addtomsg (m, xqos, offsetof (struct ddsi_plist, qos), 0, wanted);
plist_or_xqos_addtomsg (m, xqos, offsetof (struct ddsi_plist, qos), 0, wanted, false);
}
void ddsi_plist_addtomsg_bo (struct nn_xmsg *m, const ddsi_plist_t *ps, uint64_t pwanted, uint64_t qwanted, bool be)
{
plist_or_xqos_addtomsg (m, ps, 0, pwanted, qwanted, be);
}
void ddsi_plist_addtomsg (struct nn_xmsg *m, const ddsi_plist_t *ps, uint64_t pwanted, uint64_t qwanted)
{
plist_or_xqos_addtomsg (m, ps, 0, pwanted, qwanted);
plist_or_xqos_addtomsg (m, ps, 0, pwanted, qwanted, false);
}
/*************************/

428
src/core/ddsi/src/ddsi_security_exchange.c Normal file
View file

@ -0,0 +1,428 @@
/*
* Copyright(c) 2006 to 2018 ADLINK Technology Limited and others
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License v. 2.0 which is available at
* http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License
* v. 1.0 which is available at
* http://www.eclipse.org/org/documents/edl-v10.php.
*
* SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
*/
#ifdef DDSI_INCLUDE_SECURITY
#include <string.h>
#include "dds/ddsrt/heap.h"
#include "dds/ddsrt/md5.h"
#include "dds/ddsi/ddsi_domaingv.h"
#include "dds/ddsi/ddsi_entity_index.h"
#include "dds/ddsi/ddsi_security_exchange.h"
#include "dds/ddsi/ddsi_serdata_default.h"
#include "dds/ddsi/ddsi_security_omg.h"
#include "dds/ddsi/ddsi_handshake.h"
#include "dds/ddsi/q_ddsi_discovery.h"
#include "dds/ddsi/ddsi_tkmap.h"
#include "dds/ddsi/q_xmsg.h"
#include "dds/ddsi/q_transmit.h"
#include "dds/ddsi/q_log.h"
#include "dds/ddsi/q_bswap.h"
//#define SECURITY_LOG_MESSAGE_DATA
#ifdef SECURITY_LOG_MESSAGE_DATA
static void nn_property_seq_log(struct ddsi_domaingv *gv, const dds_propertyseq_t *seq)
{
uint32_t i;
GVTRACE("{");
for (i = 0; i < seq->n; i++) {
GVTRACE("n=%s,v=%s", seq->props[i].name, seq->props[i].value);
}
GVTRACE("}");
}
static void nn_binary_property_seq_log(struct ddsi_domaingv *gv, const dds_binarypropertyseq_t *seq)
{
uint32_t i;
GVTRACE("{");
for (i = 0; i < seq->n; i++) {
uint32_t j;
GVTRACE("n=%s,v={", seq->props[i].name);
for (j = 0; j < seq->props[i].value.length; j++) {
GVTRACE("%02x", seq->props[i].value.value[j]);
}
GVTRACE("}");
}
GVTRACE("}");
}
static void nn_dataholder_seq_log(struct ddsi_domaingv *gv, const char *prefix, const nn_dataholderseq_t *dhseq)
{
uint32_t i;
GVTRACE("%s={", prefix);
for (i = 0; i < dhseq->n; i++) {
GVTRACE("cid=%s,", dhseq->tags[i].class_id);
nn_property_seq_log(gv, &dhseq->tags[i].properties);
GVTRACE(",");
nn_binary_property_seq_log(gv, &dhseq->tags[i].binary_properties);
}
GVTRACE("}");
}
#endif
static void nn_participant_generic_message_log(struct ddsi_domaingv *gv, const struct nn_participant_generic_message *msg, int conv)
{
ddsi_guid_t spguid = conv ? nn_ntoh_guid(msg->message_identity.source_guid ): msg->message_identity.source_guid;
ddsi_guid_t rmguid = conv ? nn_ntoh_guid(msg->related_message_identity.source_guid) : msg->related_message_identity.source_guid;
ddsi_guid_t dpguid = conv ? nn_ntoh_guid(msg->destination_participant_guid) : msg->destination_participant_guid;
ddsi_guid_t deguid = conv ? nn_ntoh_guid(msg->destination_endpoint_guid) : msg->destination_endpoint_guid;
ddsi_guid_t seguid = conv ? nn_ntoh_guid(msg->source_endpoint_guid) : msg->source_endpoint_guid;
GVTRACE (" msg=");
GVTRACE("mi=" PGUIDFMT "#%" PRId64 ",", PGUID(spguid), msg->message_identity.sequence_number);
GVTRACE("rmi=" PGUIDFMT "#%" PRId64 ",", PGUID(rmguid), msg->related_message_identity.sequence_number);
GVTRACE("dpg=" PGUIDFMT ",", PGUID(dpguid));
GVTRACE("deg=" PGUIDFMT ",", PGUID(deguid));
GVTRACE("seg=" PGUIDFMT ",", PGUID(seguid));
GVTRACE("cid=%s", msg->message_class_id);
#ifdef SECURITY_LOG_MESSAGE_DATA
nn_dataholder_seq_log(gv, ",mdata", &msg->message_data);
#endif
GVTRACE ("\n");
}
bool write_auth_handshake_message(const struct participant *pp, const struct proxy_participant *proxypp, nn_dataholderseq_t *mdata, bool request, const nn_message_identity_t *related_message_id)
{
struct ddsi_domaingv *gv = pp->e.gv;
struct nn_participant_generic_message pmg;
struct ddsi_serdata *serdata;
unsigned char *blob;
size_t len;
struct writer *wr;
int64_t seq;
struct proxy_reader *prd;
ddsi_guid_t prd_guid;
bool result = false;
if ((wr = get_builtin_writer (pp, NN_ENTITYID_P2P_BUILTIN_PARTICIPANT_STATELESS_MESSAGE_WRITER)) == NULL) {
GVTRACE ("write_handshake("PGUIDFMT") - builtin stateless message writer not found", PGUID (pp->e.guid));
return false;
}
prd_guid.prefix = proxypp->e.guid.prefix;
prd_guid.entityid.u = NN_ENTITYID_P2P_BUILTIN_PARTICIPANT_STATELESS_MESSAGE_READER;
if ((prd = entidx_lookup_proxy_reader_guid (gv->entity_index, &prd_guid)) == NULL) {
GVTRACE ("write_handshake("PGUIDFMT") - builtin stateless message proxy reader not found", PGUID (prd_guid));
return false;
}
ddsrt_mutex_lock (&wr->e.lock);
seq = ++wr->seq;
if (request) {
nn_participant_generic_message_init(&pmg, &wr->e.guid, seq, &proxypp->e.guid, NULL, NULL, DDS_SECURITY_AUTH_REQUEST, mdata, NULL);
} else {
nn_participant_generic_message_init(&pmg, &wr->e.guid, seq, &proxypp->e.guid, NULL, NULL, DDS_SECURITY_AUTH_HANDSHAKE, mdata, related_message_id);
}
if (nn_participant_generic_message_serialize(&pmg, &blob, &len) != DDS_RETCODE_OK)
return false;
GVTRACE("write_handshake("PGUIDFMT" --> "PGUIDFMT")(lguid="PGUIDFMT" rguid="PGUIDFMT") ",
PGUID (wr->e.guid), PGUID (prd_guid),
PGUID (pp->e.guid), PGUID (proxypp->e.guid));
nn_participant_generic_message_log(gv, &pmg, 1);
struct ddsi_rawcdr_sample raw = {
.blob = blob,
.size = len,
.key = NULL,
.keysize = 0
};
serdata = ddsi_serdata_from_sample (gv->rawcdr_topic, SDK_DATA, &raw);
serdata->timestamp = now ();
result = enqueue_sample_wrlock_held (wr, seq, NULL, serdata, prd, 1) == 0;
ddsi_serdata_unref (serdata);
dds_free(blob);
ddsrt_mutex_unlock (&wr->e.lock);
nn_participant_generic_message_deinit(&pmg);
return result;
}
void auth_get_serialized_participant_data(struct participant *pp, ddsi_octetseq_t *seq)
{
struct nn_xmsg *mpayload;
size_t sz;
char *payload;
mpayload = nn_xmsg_new (pp->e.gv->xmsgpool, &pp->e.guid, pp, 0, NN_XMSG_KIND_DATA);
get_participant_builtin_topic_data(pp, mpayload, true);
payload = nn_xmsg_payload (&sz, mpayload);
seq->length = (uint32_t)sz;
seq->value = ddsrt_malloc(sz);
memcpy(seq->value, payload, sz);
nn_xmsg_free (mpayload);
}
void handle_auth_handshake_message(const struct receiver_state *rst, ddsi_entityid_t wr_entity_id, nn_wctime_t timestamp, unsigned statusinfo, const void *vdata, size_t len)
{
const struct CDRHeader *hdr = vdata; /* built-ins not deserialized (yet) */
const bool bswap = (hdr->identifier == CDR_LE) ^ DDSRT_LITTLE_ENDIAN;
const void *data = (void *) (hdr + 1);
size_t size = (len - sizeof(struct CDRHeader));
struct nn_participant_generic_message msg;
struct participant *pp = NULL;
struct proxy_writer *pwr = NULL;
ddsi_guid_t guid;
ddsi_guid_t *pwr_guid;
struct ddsi_handshake *handshake;
DDSRT_UNUSED_ARG(wr_entity_id);
DDSRT_UNUSED_ARG(timestamp);
RSTTRACE ("recv_handshake ST%x", statusinfo);
if ((hdr->identifier != CDR_LE) && (hdr->identifier != PL_CDR_LE) &&
(hdr->identifier != CDR_BE) && (hdr->identifier != PL_CDR_BE))
{
RSTTRACE (" data->identifier %d !?\n", ntohs (hdr->identifier));
return;
}
if (nn_participant_generic_message_deseralize(&msg, data, size, bswap) < 0)
{
RSTTRACE ("deserialize failed\n");
goto err_deser;
}
nn_participant_generic_message_log(rst->gv, &msg, 0);
if (msg.message_identity.source_guid.entityid.u == NN_ENTITYID_PARTICIPANT)
{
guid = msg.message_identity.source_guid;
guid.entityid.u = NN_ENTITYID_P2P_BUILTIN_PARTICIPANT_STATELESS_MESSAGE_WRITER;
pwr_guid= &guid;
}
else if (msg.message_identity.source_guid.entityid.u == NN_ENTITYID_P2P_BUILTIN_PARTICIPANT_STATELESS_MESSAGE_WRITER)
{
pwr_guid= &msg.message_identity.source_guid;
}
else
{
RSTTRACE ("invalid source entity id\n");
goto invalid_source;
}
if ((pp = entidx_lookup_participant_guid(rst->gv->entity_index, &msg.destination_participant_guid)) == NULL)
{
RSTTRACE ("destination participant ("PGUIDFMT") not found\n", PGUID(msg.destination_participant_guid));
}
else if ((pwr = entidx_lookup_proxy_writer_guid(rst->gv->entity_index, pwr_guid)) == NULL)
{
RSTTRACE ("proxy writer ("PGUIDFMT") not found\n", PGUID(*pwr_guid));
}
else if ((handshake = ddsi_handshake_find(pp, pwr->c.proxypp)) == NULL)
{
RSTTRACE ("handshake not found ("PGUIDFMT" --> "PGUIDFMT")\n", PGUID (pwr->c.proxypp->e.guid), PGUID(pp->e.guid));
}
else
{
// RSTTRACE (" ("PGUIDFMT" --> "PGUIDFMT")\n", PGUID (pwr->c.proxypp->e.guid), PGUID (pp->e.guid));
ddsi_handshake_handle_message(handshake, pp, pwr->c.proxypp, &msg);
ddsi_handshake_release(handshake);
}
invalid_source:
nn_participant_generic_message_deinit(&msg);
err_deser:
return;
}
static bool write_crypto_exchange_message(const struct participant *pp, const ddsi_guid_t *dst_pguid, const ddsi_guid_t *src_eguid, const ddsi_guid_t *dst_eguid, const char *classid, const nn_dataholderseq_t *tokens)
{
struct ddsi_domaingv * const gv = pp->e.gv;
struct nn_participant_generic_message pmg;
struct ddsi_tkmap_instance *tk;
struct ddsi_serdata *serdata;
struct proxy_reader *prd;
ddsi_guid_t prd_guid;
unsigned char *data;
size_t len;
struct writer *wr;
seqno_t seq;
int r;
if ((wr = get_builtin_writer (pp, NN_ENTITYID_P2P_BUILTIN_PARTICIPANT_VOLATILE_SECURE_WRITER)) == NULL)
{
GVLOG (DDS_LC_DISCOVERY, "write_crypto_exchange_message("PGUIDFMT") - builtin volatile secure writer not found\n", PGUID (pp->e.guid));
return false;
}
prd_guid.prefix = dst_pguid->prefix;
prd_guid.entityid.u = NN_ENTITYID_P2P_BUILTIN_PARTICIPANT_VOLATILE_SECURE_READER;
if ((prd = entidx_lookup_proxy_reader_guid (gv->entity_index, &prd_guid)) == NULL)
return false;
GVLOG (DDS_LC_DISCOVERY, "send crypto tokens("PGUIDFMT" --> "PGUIDFMT")\n", PGUID (wr->e.guid), PGUID (prd_guid));
ddsrt_mutex_lock (&wr->e.lock);
seq = ++wr->seq;
/* Get serialized message. */
nn_participant_generic_message_init(&pmg, &wr->e.guid, seq, dst_pguid, dst_eguid, src_eguid, classid, tokens, NULL);
nn_participant_generic_message_serialize(&pmg, &data, &len);
/* Get the key value. */
ddsrt_md5_state_t md5st;
ddsrt_md5_byte_t digest[16];
ddsrt_md5_init (&md5st);
ddsrt_md5_append (&md5st, (const ddsrt_md5_byte_t *)data, sizeof (nn_message_identity_t));
ddsrt_md5_finish (&md5st, digest);
/* Write the sample. */
struct ddsi_rawcdr_sample raw = {
.blob = data,
.size = len,
.key = digest,
.keysize = 16
};
serdata = ddsi_serdata_from_sample (gv->rawcdr_topic, SDK_DATA, &raw);
tk = ddsi_tkmap_lookup_instance_ref (gv->m_tkmap, serdata);
ddsrt_mutex_unlock (&wr->e.lock);
ddsrt_free(data);
r = write_sample_p2p_wrlock_held(wr, seq, NULL, serdata, tk, prd);
ddsi_tkmap_instance_unref (gv->m_tkmap, tk);
ddsi_serdata_unref (serdata);
nn_participant_generic_message_deinit(&pmg);
return (r < 0 ? false : true);
}
bool write_crypto_participant_tokens(const struct participant *pp, const struct proxy_participant *proxypp, const nn_dataholderseq_t *tokens)
{
return write_crypto_exchange_message(pp, &proxypp->e.guid, NULL, NULL, GMCLASSID_SECURITY_PARTICIPANT_CRYPTO_TOKENS, tokens);
}
bool write_crypto_writer_tokens(const struct writer *wr, const struct proxy_reader *prd, const nn_dataholderseq_t *tokens)
{
struct participant *pp = wr->c.pp;
struct proxy_participant *proxypp = prd->c.proxypp;
return write_crypto_exchange_message(pp, &proxypp->e.guid, &wr->e.guid, &prd->e.guid, GMCLASSID_SECURITY_DATAWRITER_CRYPTO_TOKENS, tokens);
}
bool write_crypto_reader_tokens(const struct reader *rd, const struct proxy_writer *pwr, const nn_dataholderseq_t *tokens)
{
struct participant *pp = rd->c.pp;
struct proxy_participant *proxypp = pwr->c.proxypp;
return write_crypto_exchange_message(pp, &proxypp->e.guid, &rd->e.guid, &pwr->e.guid, GMCLASSID_SECURITY_DATAREADER_CRYPTO_TOKENS, tokens);
}
void handle_crypto_exchange_message(const struct receiver_state *rst, ddsi_entityid_t wr_entity_id, nn_wctime_t timestamp, unsigned statusinfo, const void *vdata, unsigned len)
{
struct ddsi_domaingv *gv = rst->gv;
const struct CDRHeader *hdr = vdata; /* built-ins not deserialized (yet) */
const int bswap = (hdr->identifier == CDR_LE) ^ DDSRT_LITTLE_ENDIAN;
const void *data = (void *) (hdr + 1);
unsigned size = (unsigned)(len - sizeof(struct CDRHeader));
struct nn_participant_generic_message msg;
ddsi_guid_t rd_guid;
ddsi_guid_t pwr_guid;
ddsi_guid_t proxypp_guid;
struct participant *pp;
struct proxy_participant *proxypp;
DDSRT_UNUSED_ARG(timestamp);
rd_guid.prefix = rst->dst_guid_prefix;
rd_guid.entityid.u = NN_ENTITYID_P2P_BUILTIN_PARTICIPANT_VOLATILE_SECURE_READER;
pwr_guid.prefix = rst->src_guid_prefix;
pwr_guid.entityid = wr_entity_id;
GVTRACE ("recv crypto tokens ("PGUIDFMT" --> "PGUIDFMT") ST%x", PGUID (pwr_guid), PGUID (rd_guid), statusinfo);
memset(&msg, 0, sizeof(msg));
if (nn_participant_generic_message_deseralize(&msg, data, size, bswap) < 0)
goto deser_msg_failed;
nn_participant_generic_message_log(gv, &msg, 0);
if (!msg.message_class_id)
{
ddsi_guid_t guid;
guid.prefix = rst->dst_guid_prefix;
guid.entityid.u = NN_ENTITYID_PARTICIPANT;
GVWARNING("participant "PGUIDFMT" received a crypto exchange message with empty class_id", PGUID(guid));
goto invalid_msg;
}
proxypp_guid.prefix = msg.message_identity.source_guid.prefix;
proxypp_guid.entityid.u = NN_ENTITYID_PARTICIPANT;
if (strcmp(GMCLASSID_SECURITY_PARTICIPANT_CRYPTO_TOKENS, msg.message_class_id) == 0)
{
pp = entidx_lookup_participant_guid(gv->entity_index, &msg.destination_participant_guid);
if (!pp)
{
GVWARNING("received a crypto exchange message from "PGUIDFMT" with participant unknown "PGUIDFMT, PGUID(proxypp_guid), PGUID(msg.destination_participant_guid));
goto invalid_msg;
}
proxypp = entidx_lookup_proxy_participant_guid(gv->entity_index, &proxypp_guid);
if (!proxypp)
{
GVWARNING("received a crypto exchange message from "PGUIDFMT" with proxy participant unknown "PGUIDFMT, PGUID(proxypp_guid), PGUID(msg.destination_participant_guid));
goto invalid_msg;
}
q_omg_security_set_participant_crypto_tokens(pp, proxypp, &msg.message_data);
}
else if (strcmp(GMCLASSID_SECURITY_DATAWRITER_CRYPTO_TOKENS, msg.message_class_id) == 0)
{
struct reader *rd;
rd = entidx_lookup_reader_guid(gv->entity_index, &msg.destination_endpoint_guid);
if (!rd)
{
GVWARNING("received a crypto exchange message from "PGUIDFMT" with reader unknown "PGUIDFMT, PGUID(proxypp_guid), PGUID(msg.destination_participant_guid));
goto invalid_msg;
}
q_omg_security_set_remote_writer_crypto_tokens(rd, &msg.source_endpoint_guid, &msg.message_data);
}
else if (strcmp(GMCLASSID_SECURITY_DATAREADER_CRYPTO_TOKENS, msg.message_class_id) == 0)
{
struct writer *wr;
wr = entidx_lookup_writer_guid(gv->entity_index, &msg.destination_endpoint_guid);
if (!wr)
{
GVWARNING("received a crypto exchange message from "PGUIDFMT" with writer unknown "PGUIDFMT, PGUID(proxypp_guid), PGUID(msg.destination_participant_guid));
goto invalid_msg;
}
q_omg_security_set_remote_reader_crypto_tokens(wr, &msg.source_endpoint_guid, &msg.message_data);
}
else
{
ddsi_guid_t guid;
guid.prefix = rst->dst_guid_prefix;
guid.entityid.u = NN_ENTITYID_PARTICIPANT;
GVWARNING("participant "PGUIDFMT" received a crypto exchange message with unknown class_id", PGUID(guid));
}
invalid_msg:
nn_participant_generic_message_deinit(&msg);
deser_msg_failed:
return;
}
#endif /* DDSI_INCLUDE_SECURITY */

81
src/core/ddsi/src/ddsi_security_msg.c
View file

@ -14,7 +14,6 @@
#include "dds/ddsrt/md5.h"
#include "dds/ddsrt/heap.h"
#include "dds/ddsrt/string.h"
#include "dds/ddsi/ddsi_plist.h"
#include "dds/ddsi/q_bswap.h"
#include "dds/ddsi/q_entity.h"
#include "dds/ddsi/q_transmit.h"
@ -23,6 +22,9 @@
#include "dds/ddsi/ddsi_entity_index.h"
#include "dds/ddsi/ddsi_security_msg.h"
#include "dds/ddsi/ddsi_plist_generic.h"
#include "dds/ddsi/ddsi_plist.h"
#include "dds/security/core/dds_security_utils.h"
const enum pserop pserop_participant_generic_message[] =
{
@ -56,6 +58,8 @@ alias_simple_sequence(ddsi_octetseq_t *dst, const ddsi_octetseq_t *src, size_t e
/* Even when aliased, sequence buffers are not shared. */
dst->value = ddsrt_memdup(src->value, src->length * elem_size);
}
else
dst->value = NULL;
}
static void
@ -83,6 +87,8 @@ alias_dataholderseq(nn_dataholderseq_t *dst, const nn_dataholderseq_t *src)
alias_dataholder(&(dst->tags[i]), &(src->tags[i]));
}
}
else
dst->tags = NULL;
}
void
@ -155,76 +161,6 @@ nn_participant_generic_message_deseralize(
return plist_deser_generic (msg, data, len, bswap, pserop_participant_generic_message);
}
int
write_crypto_exchange_message(
const struct participant *pp,
const ddsi_guid_t *dst_pguid,
const ddsi_guid_t *src_eguid,
const ddsi_guid_t *dst_eguid,
const char *classid,
const nn_dataholderseq_t *tokens)
{
struct ddsi_domaingv * const gv = pp->e.gv;
struct nn_participant_generic_message pmg;
struct ddsi_tkmap_instance *tk;
struct ddsi_serdata *serdata;
struct proxy_reader *prd;
ddsi_guid_t prd_guid;
unsigned char *data;
size_t len;
struct writer *wr;
seqno_t seq;
int r;
if ((wr = get_builtin_writer (pp, NN_ENTITYID_P2P_BUILTIN_PARTICIPANT_VOLATILE_SECURE_WRITER)) == NULL)
{
GVLOG (DDS_LC_DISCOVERY, "write_crypto_exchange_message("PGUIDFMT") - builtin volatile secure writer not found\n", PGUID (pp->e.guid));
return -1;
}
prd_guid.prefix = dst_pguid->prefix;
prd_guid.entityid.u = NN_ENTITYID_P2P_BUILTIN_PARTICIPANT_VOLATILE_SECURE_READER;
if ((prd = entidx_lookup_proxy_reader_guid (gv->entity_index, &prd_guid)) == NULL)
{
return -1;
}
GVLOG (DDS_LC_DISCOVERY, "send crypto tokens("PGUIDFMT" --> "PGUIDFMT")\n", PGUID (wr->e.guid), PGUID (prd_guid));
ddsrt_mutex_lock (&wr->e.lock);
seq = ++wr->seq;
/* Get serialized message. */
nn_participant_generic_message_init(&pmg, &wr->e.guid, seq, dst_pguid, dst_eguid, src_eguid, classid, tokens, NULL);
nn_participant_generic_message_serialize(&pmg, &data, &len);
/* Get the key value. */
ddsrt_md5_state_t md5st;
ddsrt_md5_byte_t digest[16];
ddsrt_md5_init (&md5st);
ddsrt_md5_append (&md5st, (const ddsrt_md5_byte_t *)data, sizeof (nn_message_identity_t));
ddsrt_md5_finish (&md5st, digest);
/* Write the sample. */
struct ddsi_rawcdr_sample raw = {
.blob = data,
.size = len,
.key = digest,
.keysize = 16
};
serdata = ddsi_serdata_from_sample (gv->rawcdr_topic, SDK_DATA, &raw);
tk = ddsi_tkmap_lookup_instance_ref (gv->m_tkmap, serdata);
r = write_sample_p2p_wrlock_held(wr, seq, NULL, serdata, tk, prd);
ddsi_tkmap_instance_unref (gv->m_tkmap, tk);
ddsi_serdata_unref (serdata);
nn_participant_generic_message_deinit(&pmg);
ddsrt_mutex_unlock (&wr->e.lock);
return r;
}
int volatile_secure_data_filter(struct writer *wr, struct proxy_reader *prd, struct ddsi_serdata *serdata)
{
static const size_t guid_offset = offsetof(nn_participant_generic_message_t, destination_participant_guid);
@ -239,7 +175,8 @@ int volatile_secure_data_filter(struct writer *wr, struct proxy_reader *prd, str
assert(prd);
assert(serdata);
(void)ddsi_serdata_to_ser_ref(serdata, guid_offset, sizeof(ddsi_guid_t), &guid_ref);
/* guid_offset + 4 because 4 bytes header is at 0 */
(void)ddsi_serdata_to_ser_ref(serdata, guid_offset + 4, sizeof(ddsi_guid_t), &guid_ref);
assert(guid_ref.iov_len == sizeof(ddsi_guid_t));
assert(guid_ref.iov_base);
msg_guid = (ddsi_guid_t*)guid_ref.iov_base;

3077
src/core/ddsi/src/ddsi_security_omg.c
View file

File diff suppressed because it is too large Load diff

708
src/core/ddsi/src/ddsi_security_util.c Normal file
View file

@ -0,0 +1,708 @@
/*
* Copyright(c) 2006 to 2018 ADLINK Technology Limited and others
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License v. 2.0 which is available at
* http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License
* v. 1.0 which is available at
* http://www.eclipse.org/org/documents/edl-v10.php.
*
* SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
*/
#ifdef DDSI_INCLUDE_SECURITY
#include <string.h>
#include <stdarg.h>
#include "dds/ddsrt/heap.h"
#include "dds/ddsrt/string.h"
#include "dds/ddsrt/bswap.h"
#include "dds/ddsi/ddsi_security_util.h"
void
g_omg_shallow_copy_StringSeq(
DDS_Security_StringSeq *dst,
const ddsi_stringseq_t *src)
{
unsigned i;
assert(dst);
assert(src);
dst->_length = src->n;
dst->_maximum = src->n;
dst->_buffer = NULL;
if (src->n > 0)
{
dst->_buffer = ddsrt_malloc(src->n * sizeof(DDS_Security_string));
for (i = 0; i < src->n; i++)
dst->_buffer[i] = src->strs[i];
}
}
void
g_omg_shallow_free_StringSeq(
DDS_Security_StringSeq *obj)
{
if (obj)
ddsrt_free(obj->_buffer);
}
void
q_omg_copy_PropertySeq(
DDS_Security_PropertySeq *dst,
const dds_propertyseq_t *src)
{
uint32_t i;
if (src)
{
dst->_length = dst->_maximum = src->n;
if (src->n > 0)
dst->_buffer = DDS_Security_PropertySeq_allocbuf(src->n);
else
dst->_buffer = NULL;
for (i = 0; i < src->n; i++)
{
dst->_buffer[i].name = src->props->name ? ddsrt_strdup(src->props->name) : ddsrt_strdup("");
dst->_buffer[i].value = src->props->value ? ddsrt_strdup(src->props->value) : ddsrt_strdup("");
}
}
else
memset(dst, 0, sizeof(*dst));
}
void
q_omg_shallow_copyin_PropertySeq(
DDS_Security_PropertySeq *dst,
const dds_propertyseq_t *src)
{
unsigned i;
assert(dst);
assert(src);
dst->_length = src->n;
dst->_maximum = src->n;
dst->_buffer = NULL;
if (src->n > 0)
{
dst->_buffer = ddsrt_malloc(src->n * sizeof(DDS_Security_Property_t));
for (i = 0; i < src->n; i++)
{
dst->_buffer[i].name = src->props[i].name;
dst->_buffer[i].value = src->props[i].value;
dst->_buffer[i].propagate = src->props[i].propagate;
}
}
}
void
q_omg_shallow_copyout_PropertySeq(
dds_propertyseq_t *dst,
const DDS_Security_PropertySeq *src)
{
unsigned i;
assert(dst);
assert(src);
dst->n = src->_length;
dst->props = NULL;
if (src->_length > 0)
{
dst->props = ddsrt_malloc(src->_length * sizeof(dds_property_t));
for (i = 0; i < src->_length; i++)
{
dst->props[i].name = src->_buffer[i].name;
dst->props[i].value = src->_buffer[i].value;
// dst->props[i].propagate = src->_buffer[i].propagate;
dst->props[i].propagate = true;
}
}
}
void
q_omg_shallow_free_PropertySeq(
DDS_Security_PropertySeq *obj)
{
assert(obj);
ddsrt_free(obj->_buffer);
obj->_length = 0;
obj->_maximum = 0;
obj->_buffer = NULL;
}
static void
q_omg_shallow_free_dds_propertyseq(
dds_propertyseq_t *obj)
{
ddsrt_free(obj->props);
obj->n = 0;
obj->props = NULL;
}
void
q_omg_shallow_copyin_BinaryPropertySeq(
DDS_Security_BinaryPropertySeq *dst,
const dds_binarypropertyseq_t *src)
{
unsigned i;
assert(dst);
assert(src);
dst->_length = src->n;
dst->_maximum = src->n;
dst->_buffer = NULL;
if (src->n > 0)
{
dst->_buffer = ddsrt_malloc(src->n * sizeof(DDS_Security_BinaryProperty_t));
for (i = 0; i < src->n; i++)
{
dst->_buffer[i].name = src->props[i].name;
dst->_buffer[i].value._length = src->props[i].value.length;
dst->_buffer[i].value._maximum = src->props[i].value.length;
dst->_buffer[i].value._buffer = src->props[i].value.value;
// dst->_buffer[i].propagate = src->props[i].propagate;
dst->_buffer[i].propagate = true;
}
}
}
void
q_omg_shallow_copyout_BinaryPropertySeq(
dds_binarypropertyseq_t *dst,
const DDS_Security_BinaryPropertySeq *src)
{
unsigned i;
assert(dst);
assert(src);
dst->n = src->_length;
dst->props = NULL;
if (src->_length > 0)
{
dst->props = ddsrt_malloc(src->_length * sizeof(dds_binaryproperty_t));
for (i = 0; i < src->_length; i++)
{
dst->props[i].name = src->_buffer[i].name;
dst->props[i].value.length = src->_buffer[i].value._length;
dst->props[i].value.value = src->_buffer[i].value._buffer;
dst->props[i].propagate = src->_buffer[i].propagate;
}
}
}
void
q_omg_shallow_free_BinaryPropertySeq(
DDS_Security_BinaryPropertySeq *obj)
{
ddsrt_free(obj->_buffer);
obj->_length = 0;
obj->_maximum = 0;
obj->_buffer = NULL;
}
static void
q_omg_shallow_free_dds_binarypropertyseq(
dds_binarypropertyseq_t *obj)
{
ddsrt_free(obj->props);
obj->n = 0;
obj->props = NULL;
}
void
q_omg_shallow_copy_PropertyQosPolicy(
DDS_Security_PropertyQosPolicy *dst,
const dds_property_qospolicy_t *src)
{
assert(dst);
assert(src);
q_omg_shallow_copyin_PropertySeq(&(dst->value), &(src->value));
q_omg_shallow_copyin_BinaryPropertySeq(&(dst->binary_value), &(src->binary_value));
}
void
q_omg_shallow_copy_security_qos(
DDS_Security_Qos *dst,
const struct dds_qos *src)
{
assert(src);
assert(dst);
/* DataTags not supported yet. */
memset(&(dst->data_tags), 0, sizeof(DDS_Security_DataTagQosPolicy));
if (src->present & QP_PROPERTY_LIST)
q_omg_shallow_copy_PropertyQosPolicy(&(dst->property), &(src->property));
else
memset(&(dst->property), 0, sizeof(DDS_Security_PropertyQosPolicy));
}
void
q_omg_shallow_free_PropertyQosPolicy(
DDS_Security_PropertyQosPolicy *obj)
{
q_omg_shallow_free_PropertySeq(&(obj->value));
q_omg_shallow_free_BinaryPropertySeq(&(obj->binary_value));
}
void
q_omg_shallow_free_security_qos(
DDS_Security_Qos *obj)
{
q_omg_shallow_free_PropertyQosPolicy(&(obj->property));
}
void
q_omg_security_dataholder_copyin(
nn_dataholder_t *dh,
const DDS_Security_DataHolder *holder)
{
uint32_t i;
dh->class_id = holder->class_id ? ddsrt_strdup(holder->class_id) : NULL;
dh->properties.n = holder->properties._length;
dh->properties.props = dh->properties.n ? ddsrt_malloc(dh->properties.n * sizeof(dds_property_t)) : NULL;
for (i = 0; i < dh->properties.n; i++)
{
DDS_Security_Property_t *prop = &(holder->properties._buffer[i]);
dh->properties.props[i].name = prop->name ? ddsrt_strdup(prop->name) : NULL;
dh->properties.props[i].value = prop->value ? ddsrt_strdup(prop->value) : NULL;
dh->properties.props[i].propagate = prop->propagate;
}
dh->binary_properties.n = holder->binary_properties._length;
dh->binary_properties.props = dh->binary_properties.n ? ddsrt_malloc(dh->binary_properties.n * sizeof(dds_binaryproperty_t)) : NULL;
for (i = 0; i < dh->binary_properties.n; i++)
{
DDS_Security_BinaryProperty_t *prop = &(holder->binary_properties._buffer[i]);
dh->binary_properties.props[i].name = prop->name ? ddsrt_strdup(prop->name) : NULL;
dh->binary_properties.props[i].value.length = prop->value._length;
if (dh->binary_properties.props[i].value.length)
{
dh->binary_properties.props[i].value.value = ddsrt_malloc(prop->value._length);
memcpy(dh->binary_properties.props[i].value.value, prop->value._buffer, prop->value._length);
}
else
{
dh->binary_properties.props[i].value.value = NULL;
}
dh->binary_properties.props[i].propagate = prop->propagate;
}
}
void
q_omg_security_dataholder_copyout(
DDS_Security_DataHolder *holder,
const nn_dataholder_t *dh)
{
uint32_t i;
holder->class_id = dh->class_id ? ddsrt_strdup(dh->class_id) : NULL;
holder->properties._length = holder->properties._maximum = dh->properties.n;
holder->properties._buffer = dh->properties.n ? DDS_Security_PropertySeq_allocbuf(dh->properties.n) : NULL;
for (i = 0; i < dh->properties.n; i++)
{
dds_property_t *props = &(dh->properties.props[i]);
holder->properties._buffer[i].name = props->name ? ddsrt_strdup(props->name) : NULL;
holder->properties._buffer[i].value = props->value ? ddsrt_strdup(props->value) : NULL;
holder->properties._buffer[i].propagate = props->propagate;
}
holder->binary_properties._length = holder->binary_properties._maximum = dh->binary_properties.n;
holder->binary_properties._buffer = dh->binary_properties.n ? DDS_Security_BinaryPropertySeq_allocbuf(dh->binary_properties.n) : NULL;
for (i = 0; i < dh->binary_properties.n; i++)
{
dds_binaryproperty_t *props = &(dh->binary_properties.props[i]);
holder->binary_properties._buffer[i].name = props->name ? ddsrt_strdup(props->name) : NULL;
holder->binary_properties._buffer[i].value._length = holder->binary_properties._buffer[i].value._maximum = props->value.length;
if (props->value.length)
{
holder->binary_properties._buffer[i].value._buffer = ddsrt_malloc(props->value.length);
memcpy(holder->binary_properties._buffer[i].value._buffer, props->value.value, props->value.length);
}
else
{
holder->binary_properties._buffer[i].value._buffer= NULL;
}
holder->binary_properties._buffer[i].propagate = props->propagate;
}
}
void
q_omg_shallow_copyin_DataHolder(
DDS_Security_DataHolder *dst,
const nn_dataholder_t *src)
{
assert(dst);
assert(src);
dst->class_id = src->class_id;
q_omg_shallow_copyin_PropertySeq(&dst->properties, &src->properties);
q_omg_shallow_copyin_BinaryPropertySeq(&dst->binary_properties, &src->binary_properties);
}
void
q_omg_shallow_copyout_DataHolder(
nn_dataholder_t *dst,
const DDS_Security_DataHolder *src)
{
assert(dst);
assert(src);
dst->class_id = src->class_id;
q_omg_shallow_copyout_PropertySeq(&dst->properties, &src->properties);
q_omg_shallow_copyout_BinaryPropertySeq(&dst->binary_properties, &src->binary_properties);
}
void
q_omg_shallow_free_DataHolder(
DDS_Security_DataHolder *obj)
{
q_omg_shallow_free_PropertySeq(&obj->properties);
q_omg_shallow_free_BinaryPropertySeq(&obj->binary_properties);
}
void
q_omg_shallow_free_nn_dataholder(
nn_dataholder_t *holder)
{
q_omg_shallow_free_dds_propertyseq(&holder->properties);
q_omg_shallow_free_dds_binarypropertyseq(&holder->binary_properties);
}
void
q_omg_shallow_copyin_DataHolderSeq(
DDS_Security_DataHolderSeq *dst,
const nn_dataholderseq_t *src)
{
unsigned i;
dst->_length = src->n;
dst->_maximum = src->n;
dst->_buffer = NULL;
if (src->n > 0)
{
dst->_buffer = ddsrt_malloc(src->n * sizeof(DDS_Security_DataHolder));
for (i = 0; i < src->n; i++)
{
q_omg_shallow_copyin_DataHolder(&dst->_buffer[i], &src->tags[i]);
}
}
}
void
q_omg_copyin_DataHolderSeq(
DDS_Security_DataHolderSeq *dst,
const nn_dataholderseq_t *src)
{
unsigned i;
dst->_length = src->n;
dst->_maximum = src->n;
dst->_buffer = NULL;
if (src->n > 0)
{
dst->_buffer = ddsrt_malloc(src->n * sizeof(DDS_Security_DataHolder));
for (i = 0; i < src->n; i++)
{
q_omg_security_dataholder_copyout(&dst->_buffer[i], &src->tags[i]);
}
}
}
void
q_omg_shallow_copyout_DataHolderSeq(
nn_dataholderseq_t *dst,
const DDS_Security_DataHolderSeq *src)
{
unsigned i;
dst->n = src->_length;
dst->tags = NULL;
if (src->_length > 0)
{
dst->tags = ddsrt_malloc(src->_length * sizeof(nn_dataholder_t));
for (i = 0; i < src->_length; i++)
{
q_omg_shallow_copyout_DataHolder(&dst->tags[i], &src->_buffer[i]);
}
}
}
void
q_omg_shallow_free_DataHolderSeq(
DDS_Security_DataHolderSeq *obj)
{
unsigned i;
for (i = 0; i < obj->_length; i++)
{
q_omg_shallow_free_DataHolder(&(obj->_buffer[i]));
}
}
void
q_omg_shallow_free_nn_dataholderseq(
nn_dataholderseq_t *obj)
{
unsigned i;
for (i = 0; i < obj->n; i++)
{
q_omg_shallow_free_nn_dataholder(&(obj->tags[i]));
}
if (obj->n > 0)
ddsrt_free(obj->tags);
}
static DDS_Security_Duration_t convert_duration(dds_duration_t d)
{
DDS_Security_Duration_t sd;
if (d == DDS_INFINITY)
{
sd.sec = INT32_MAX;
sd.nanosec = INT32_MAX;
}
else
{
sd.sec = ((int)(d/DDS_NSECS_IN_SEC));
sd.nanosec = ((uint32_t)((d)%DDS_NSECS_IN_SEC));
}
return sd;
}
static void
g_omg_shallow_copy_octSeq(
DDS_Security_OctetSeq *dst,
const ddsi_octetseq_t *src)
{
dst->_length = src->length;
dst->_maximum = src->length;
dst->_buffer = src->value;
}
static void
g_omg_shallow_free_octSeq(
DDS_Security_OctetSeq *obj)
{
DDSRT_UNUSED_ARG(obj);
/* Nothing to free. */
}
void
q_omg_shallow_copy_ParticipantBuiltinTopicDataSecure(
DDS_Security_ParticipantBuiltinTopicDataSecure *dst,
const ddsi_guid_t *guid,
const ddsi_plist_t *plist)
{
assert(dst);
assert(guid);
assert(plist);
memset(dst, 0, sizeof(DDS_Security_ParticipantBuiltinTopicDataSecure));
/* The participant guid is the key. */
dst->key[0] = guid->prefix.u[0];
dst->key[1] = guid->prefix.u[1];
dst->key[2] = guid->prefix.u[2];
/* Copy the DDS_Security_OctetSeq content (length, pointer, etc), not the buffer content. */
if (plist->qos.present & QP_USER_DATA)
memcpy(&(dst->user_data.value), &(plist->qos.user_data.value), sizeof(DDS_Security_OctetSeq));
/* Tokens are actually DataHolders. */
if (plist->present & PP_IDENTITY_TOKEN)
q_omg_shallow_copyin_DataHolder(&(dst->identity_token), &(plist->identity_token));
if (plist->present & PP_PERMISSIONS_TOKEN)
q_omg_shallow_copyin_DataHolder(&(dst->permissions_token), &(plist->permissions_token));
if (plist->present & PP_IDENTITY_STATUS_TOKEN)
q_omg_shallow_copyin_DataHolder(&(dst->identity_status_token), &(plist->identity_status_token));
if (plist->qos.present & QP_PROPERTY_LIST)
q_omg_shallow_copy_PropertyQosPolicy(&(dst->property), &(plist->qos.property));
if (plist->present & PP_PARTICIPANT_SECURITY_INFO)
{
dst->security_info.participant_security_attributes = plist->participant_security_info.security_attributes;
dst->security_info.plugin_participant_security_attributes = plist->participant_security_info.plugin_security_attributes;
}
}
void
q_omg_shallow_free_ParticipantBuiltinTopicDataSecure(
DDS_Security_ParticipantBuiltinTopicDataSecure *obj)
{
assert(obj);
q_omg_shallow_free_DataHolder(&(obj->identity_token));
q_omg_shallow_free_DataHolder(&(obj->permissions_token));
q_omg_shallow_free_DataHolder(&(obj->identity_status_token));
q_omg_shallow_free_PropertyQosPolicy(&(obj->property));
}
void
q_omg_shallow_copy_SubscriptionBuiltinTopicDataSecure(
DDS_Security_SubscriptionBuiltinTopicDataSecure *dst,
const ddsi_guid_t *guid,
const struct dds_qos *qos,
const nn_security_info_t *secinfo)
{
memset(dst, 0, sizeof(DDS_Security_SubscriptionBuiltinTopicDataSecure));
/* Keys are inspired by write_builtin_topic_copyin_subscriptionInfo() */
dst->key[0] = ddsrt_toBE4u(guid->prefix.u[0]);
dst->key[1] = ddsrt_toBE4u(guid->prefix.u[1]);
dst->key[2] = ddsrt_toBE4u(guid->prefix.u[2]);
dst->participant_key[0] = ddsrt_toBE4u(guid->prefix.u[0]);
dst->participant_key[1] = ddsrt_toBE4u(guid->prefix.u[1]);
dst->participant_key[2] = ddsrt_toBE4u(guid->prefix.u[2]);
if (qos->present & QP_TOPIC_NAME)
dst->topic_name = (DDS_Security_string)qos->topic_name;
if (qos->present & QP_TYPE_NAME)
dst->type_name = (DDS_Security_string)qos->type_name;
dst->security_info.endpoint_security_mask = secinfo->security_attributes;
dst->security_info.plugin_endpoint_security_mask = secinfo->plugin_security_attributes;
if (qos->present & QP_DURABILITY)
dst->durability.kind = (DDS_Security_DurabilityQosPolicyKind)qos->durability.kind;
if (qos->present & QP_DEADLINE)
dst->deadline.period = convert_duration(qos->deadline.deadline);
if (qos->present & QP_LATENCY_BUDGET)
dst->latency_budget.duration = convert_duration(qos->latency_budget.duration);
if (qos->present & QP_LIVELINESS)
{
dst->liveliness.kind = (DDS_Security_LivelinessQosPolicyKind)qos->liveliness.kind;
dst->liveliness.lease_duration = convert_duration(qos->liveliness.lease_duration);
}
if (qos->present & QP_OWNERSHIP)
dst->ownership.kind = qos->ownership.kind == DDS_OWNERSHIP_SHARED ? DDS_SECURITY_SHARED_OWNERSHIP_QOS : DDS_SECURITY_EXCLUSIVE_OWNERSHIP_QOS;
if (qos->present & QP_DESTINATION_ORDER)
dst->destination_order.kind = (DDS_Security_DestinationOrderQosPolicyKind)qos->destination_order.kind;
if (qos->present & QP_PRESENTATION)
{
dst->presentation.access_scope = (DDS_Security_PresentationQosPolicyAccessScopeKind)qos->presentation.access_scope;
dst->presentation.coherent_access = qos->presentation.coherent_access;
dst->presentation.ordered_access = qos->presentation.ordered_access;
}
if (qos->present & QP_TIME_BASED_FILTER)
dst->time_based_filter.minimum_separation = convert_duration(qos->time_based_filter.minimum_separation);
if (qos->present & QP_RELIABILITY)
{
dst->reliability.kind = (DDS_Security_ReliabilityQosPolicyKind)(qos->reliability.kind);
dst->reliability.max_blocking_time = convert_duration(qos->reliability.max_blocking_time);
dst->reliability.synchronous = 0;
}
if (qos->present & QP_PARTITION)
g_omg_shallow_copy_StringSeq(&dst->partition.name, &qos->partition);
if (qos->present & QP_USER_DATA)
g_omg_shallow_copy_octSeq(&dst->user_data.value, &qos->user_data);
if (qos->present & QP_TOPIC_DATA)
g_omg_shallow_copy_octSeq(&dst->topic_data.value, &qos->topic_data);
if (qos->present & QP_GROUP_DATA)
g_omg_shallow_copy_octSeq(&dst->group_data.value, &qos->group_data);
/* The dst->data_tags is not supported yet. It is memset to 0, so ok. */
}
void
q_omg_shallow_free_SubscriptionBuiltinTopicDataSecure(
DDS_Security_SubscriptionBuiltinTopicDataSecure *obj)
{
g_omg_shallow_free_octSeq(&obj->user_data.value);
g_omg_shallow_free_octSeq(&obj->topic_data.value);
g_omg_shallow_free_octSeq(&obj->group_data.value);
g_omg_shallow_free_StringSeq(&obj->partition.name);
}
void
q_omg_shallow_copy_PublicationBuiltinTopicDataSecure(
DDS_Security_PublicationBuiltinTopicDataSecure *dst,
const ddsi_guid_t *guid,
const struct dds_qos *qos,
const nn_security_info_t *secinfo)
{
memset(dst, 0, sizeof(DDS_Security_PublicationBuiltinTopicDataSecure));
/* Keys are inspired by write_builtin_topic_copyin_subscriptionInfo() */
dst->key[0] = ddsrt_toBE4u(guid->prefix.u[0]);
dst->key[1] = ddsrt_toBE4u(guid->prefix.u[1]);
dst->key[2] = ddsrt_toBE4u(guid->prefix.u[2]);
dst->participant_key[0] = ddsrt_toBE4u(guid->prefix.u[0]);
dst->participant_key[1] = ddsrt_toBE4u(guid->prefix.u[1]);
dst->participant_key[2] = ddsrt_toBE4u(guid->prefix.u[2]);
if (qos->present & QP_TOPIC_NAME)
dst->topic_name = (DDS_Security_string)qos->topic_name;
if (qos->present & QP_TYPE_NAME)
dst->type_name = (DDS_Security_string)qos->type_name;
dst->security_info.endpoint_security_mask = secinfo->security_attributes;
dst->security_info.plugin_endpoint_security_mask = secinfo->plugin_security_attributes;
if (qos->present & QP_DURABILITY)
dst->durability.kind = (DDS_Security_DurabilityQosPolicyKind)qos->durability.kind;
if (qos->present & QP_DEADLINE)
dst->deadline.period = convert_duration(qos->deadline.deadline);
if (qos->present & QP_LATENCY_BUDGET)
dst->latency_budget.duration = convert_duration(qos->latency_budget.duration);
if (qos->present & QP_LIVELINESS)
{
dst->liveliness.kind = (DDS_Security_LivelinessQosPolicyKind)qos->liveliness.kind;
dst->liveliness.lease_duration = convert_duration(qos->liveliness.lease_duration);
}
if (qos->present & QP_OWNERSHIP)
dst->ownership.kind = qos->ownership.kind == DDS_OWNERSHIP_SHARED ? DDS_SECURITY_SHARED_OWNERSHIP_QOS : DDS_SECURITY_EXCLUSIVE_OWNERSHIP_QOS;
if (qos->present & QP_DESTINATION_ORDER)
dst->destination_order.kind = (DDS_Security_DestinationOrderQosPolicyKind)qos->destination_order.kind;
if (qos->present & QP_PRESENTATION)
{
dst->presentation.access_scope = (DDS_Security_PresentationQosPolicyAccessScopeKind)qos->presentation.access_scope;
dst->presentation.coherent_access = qos->presentation.coherent_access;
dst->presentation.ordered_access = qos->presentation.ordered_access;
}
if (qos->present & QP_OWNERSHIP_STRENGTH)
dst->ownership_strength.value = qos->ownership_strength.value;
if (qos->present & QP_RELIABILITY)
{
dst->reliability.kind = (DDS_Security_ReliabilityQosPolicyKind)(qos->reliability.kind);
dst->reliability.max_blocking_time = convert_duration(qos->reliability.max_blocking_time);
dst->reliability.synchronous = 0;
}
if (qos->present & QP_LIFESPAN)
dst->lifespan.duration = convert_duration(qos->lifespan.duration);
if (qos->present & QP_PARTITION)
g_omg_shallow_copy_StringSeq(&dst->partition.name, &qos->partition);
if (qos->present & QP_USER_DATA)
g_omg_shallow_copy_octSeq(&dst->user_data.value, &qos->user_data);
if (qos->present & QP_TOPIC_DATA)
g_omg_shallow_copy_octSeq(&dst->topic_data.value, &qos->topic_data);
if (qos->present & QP_GROUP_DATA)
g_omg_shallow_copy_octSeq(&dst->group_data.value, &qos->group_data);
/* The dst->data_tags is not supported yet. It is memset to 0, so ok. */
}
void
q_omg_shallow_free_PublicationBuiltinTopicDataSecure(
DDS_Security_PublicationBuiltinTopicDataSecure *obj)
{
g_omg_shallow_free_octSeq(&obj->user_data.value);
g_omg_shallow_free_octSeq(&obj->topic_data.value);
g_omg_shallow_free_octSeq(&obj->group_data.value);
g_omg_shallow_free_StringSeq(&obj->partition.name);
}
#endif /* DDSI_INCLUDE_SECURITY */

254
src/core/ddsi/src/q_ddsi_discovery.c
View file

@ -45,6 +45,9 @@
#include "dds/ddsi/q_feature_check.h"
#include "dds/ddsi/ddsi_security_omg.h"
#include "dds/ddsi/ddsi_pmd.h"
#ifdef DDSI_INCLUDE_SECURITY
#include "dds/ddsi/ddsi_security_exchange.h"
#endif
static int get_locator (const struct ddsi_domaingv *gv, nn_locator_t *loc, const nn_locators_t *locs, int uc_same_subnet)
{
@ -184,37 +187,13 @@ static int write_mpayload (struct writer *wr, int alive, nn_parameterid_t keypar
return write_sample_nogc_notk (ts1, NULL, wr, serdata);
}
int spdp_write (struct participant *pp)
void get_participant_builtin_topic_data(const struct participant *pp, struct nn_xmsg *mpayload, bool be)
{
struct nn_xmsg *mpayload;
struct nn_locators_one def_uni_loc_one, def_multi_loc_one, meta_uni_loc_one, meta_multi_loc_one;
ddsi_plist_t ps;
struct writer *wr;
size_t size;
char node[64];
uint64_t qosdiff;
int ret;
if (pp->e.onlylocal) {
/* This topic is only locally available. */
return 0;
}
ETRACE (pp, "spdp_write("PGUIDFMT")\n", PGUID (pp->e.guid));
if ((wr = get_builtin_writer (pp, NN_ENTITYID_SPDP_BUILTIN_PARTICIPANT_WRITER)) == NULL)
{
ETRACE (pp, "spdp_write("PGUIDFMT") - builtin participant writer not found\n", PGUID (pp->e.guid));
return 0;
}
/* First create a fake message for the payload: we can add plists to
xmsgs easily, but not to serdata. But it is rather easy to copy
the payload of an xmsg over to a serdata ... Expected size isn't
terribly important, the msg will grow as needed, address space is
essentially meaningless because we only use the message to
construct the payload. */
mpayload = nn_xmsg_new (pp->e.gv->xmsgpool, &pp->e.guid, NULL, 0, NN_XMSG_KIND_DATA);
ddsi_plist_init_empty (&ps);
ps.present |= PP_PARTICIPANT_GUID | PP_BUILTIN_ENDPOINT_SET |
@ -321,6 +300,210 @@ int spdp_write (struct participant *pp)
ETRACE (pp, "spdp_write("PGUIDFMT") - internals: %s\n", PGUID (pp->e.guid), ps.prismtech_participant_version_info.internals);
}
#ifdef DDSI_INCLUDE_SECURITY
/* Add Security specific information. */
if (q_omg_get_participant_security_info(pp, &(ps.participant_security_info))) {
ps.present |= PP_PARTICIPANT_SECURITY_INFO;
ps.aliased |= PP_PARTICIPANT_SECURITY_INFO;
}
#endif
/* Participant QoS's insofar as they are set, different from the default, and mapped to the SPDP data, rather than to the PrismTech-specific CMParticipant endpoint. Currently, that means just USER_DATA. */
qosdiff = ddsi_xqos_delta (&pp->plist->qos, &pp->e.gv->default_plist_pp.qos, QP_USER_DATA);
if (pp->e.gv->config.explicitly_publish_qos_set_to_default)
qosdiff |= ~QP_UNRECOGNIZED_INCOMPATIBLE_MASK;
assert (ps.qos.present == 0);
ddsi_plist_addtomsg_bo (mpayload, &ps, ~(uint64_t)0, 0, be);
ddsi_plist_addtomsg_bo (mpayload, pp->plist, 0, qosdiff, be);
#ifdef DDSI_INCLUDE_SECURITY
if (q_omg_participant_is_secure(pp))
ddsi_plist_addtomsg_bo (mpayload, pp->plist, PP_IDENTITY_TOKEN | PP_PERMISSIONS_TOKEN, 0, be);
#endif
nn_xmsg_addpar_sentinel_bo (mpayload, be);
ddsi_plist_fini (&ps);
}
int spdp_write (struct participant *pp)
{
struct nn_xmsg *mpayload;
struct writer *wr;
int ret;
if (pp->e.onlylocal) {
/* This topic is only locally available. */
return 0;
}
ETRACE (pp, "spdp_write("PGUIDFMT")\n", PGUID (pp->e.guid));
if ((wr = get_builtin_writer (pp, NN_ENTITYID_SPDP_BUILTIN_PARTICIPANT_WRITER)) == NULL)
{
ETRACE (pp, "spdp_write("PGUIDFMT") - builtin participant writer not found\n", PGUID (pp->e.guid));
return 0;
}
/* First create a fake message for the payload: we can add plists to
xmsgs easily, but not to serdata. But it is rather easy to copy
the payload of an xmsg over to a serdata ... Expected size isn't
terribly important, the msg will grow as needed, address space is
essentially meaningless because we only use the message to
construct the payload. */
mpayload = nn_xmsg_new (pp->e.gv->xmsgpool, &pp->e.guid, pp, 0, NN_XMSG_KIND_DATA);
get_participant_builtin_topic_data(pp, mpayload, false);
ret = write_mpayload (wr, 1, PID_PARTICIPANT_GUID, mpayload);
nn_xmsg_free (mpayload);
return ret;
}
#if 0
int spdp_write (struct participant *pp)
{
struct nn_xmsg *mpayload;
struct nn_locators_one def_uni_loc_one, def_multi_loc_one, meta_uni_loc_one, meta_multi_loc_one;
ddsi_plist_t ps;
struct writer *wr;
size_t size;
char node[64];
uint64_t qosdiff;
int ret;
if (pp->e.onlylocal) {
/* This topic is only locally available. */
return 0;
}
ETRACE (pp, "spdp_write("PGUIDFMT")\n", PGUID (pp->e.guid));
if ((wr = get_builtin_writer (pp, NN_ENTITYID_SPDP_BUILTIN_PARTICIPANT_WRITER)) == NULL)
{
ETRACE (pp, "spdp_write("PGUIDFMT") - builtin participant writer not found\n", PGUID (pp->e.guid));
return 0;
}
/* First create a fake message for the payload: we can add plists to
xmsgs easily, but not to serdata. But it is rather easy to copy
the payload of an xmsg over to a serdata ... Expected size isn't
terribly important, the msg will grow as needed, address space is
essentially meaningless because we only use the message to
construct the payload. */
mpayload = nn_xmsg_new (pp->e.gv->xmsgpool, &pp->e.guid, pp, 0, NN_XMSG_KIND_DATA);
ddsi_plist_init_empty (&ps);
ps.present |= PP_PARTICIPANT_GUID | PP_BUILTIN_ENDPOINT_SET |
PP_PROTOCOL_VERSION | PP_VENDORID | PP_PARTICIPANT_LEASE_DURATION |
PP_DOMAIN_ID;
ps.participant_guid = pp->e.guid;
ps.builtin_endpoint_set = pp->bes;
ps.protocol_version.major = RTPS_MAJOR;
ps.protocol_version.minor = RTPS_MINOR;
ps.vendorid = NN_VENDORID_ECLIPSE;
ps.domain_id = pp->e.gv->config.extDomainId.value;
/* Be sure not to send a DOMAIN_TAG when it is the default (an empty)
string: it is an "incompatible-if-unrecognized" parameter, and so
implementations that don't understand the parameter will refuse to
discover us, and so sending the default would break backwards
compatibility. */
if (strcmp (pp->e.gv->config.domainTag, "") != 0)
{
ps.present |= PP_DOMAIN_TAG;
ps.aliased |= PP_DOMAIN_TAG;
ps.domain_tag = pp->e.gv->config.domainTag;
}
ps.default_unicast_locators.n = 1;
ps.default_unicast_locators.first =
ps.default_unicast_locators.last = &def_uni_loc_one;
ps.metatraffic_unicast_locators.n = 1;
ps.metatraffic_unicast_locators.first =
ps.metatraffic_unicast_locators.last = &meta_uni_loc_one;
def_uni_loc_one.next = NULL;
meta_uni_loc_one.next = NULL;
if (pp->e.gv->config.many_sockets_mode == MSM_MANY_UNICAST)
{
def_uni_loc_one.loc = pp->m_locator;
meta_uni_loc_one.loc = pp->m_locator;
}
else
{
def_uni_loc_one.loc = pp->e.gv->loc_default_uc;
meta_uni_loc_one.loc = pp->e.gv->loc_meta_uc;
}
if (pp->e.gv->config.publish_uc_locators)
{
ps.present |= PP_DEFAULT_UNICAST_LOCATOR | PP_METATRAFFIC_UNICAST_LOCATOR;
ps.aliased |= PP_DEFAULT_UNICAST_LOCATOR | PP_METATRAFFIC_UNICAST_LOCATOR;
}
if (pp->e.gv->config.allowMulticast)
{
int include = 0;
#ifdef DDSI_INCLUDE_SSM
/* Note that if the default multicast address is an SSM address,
we will simply advertise it. The recipients better understand
it means the writers will publish to address and the readers
favour SSM. */
if (ddsi_is_ssm_mcaddr (pp->e.gv, &pp->e.gv->loc_default_mc))
include = (pp->e.gv->config.allowMulticast & AMC_SSM) != 0;
else
include = (pp->e.gv->config.allowMulticast & AMC_ASM) != 0;
#else
if (pp->e.gv->config.allowMulticast & AMC_ASM)
include = 1;
#endif
if (include)
{
ps.present |= PP_DEFAULT_MULTICAST_LOCATOR | PP_METATRAFFIC_MULTICAST_LOCATOR;
ps.aliased |= PP_DEFAULT_MULTICAST_LOCATOR | PP_METATRAFFIC_MULTICAST_LOCATOR;
ps.default_multicast_locators.n = 1;
ps.default_multicast_locators.first =
ps.default_multicast_locators.last = &def_multi_loc_one;
ps.metatraffic_multicast_locators.n = 1;
ps.metatraffic_multicast_locators.first =
ps.metatraffic_multicast_locators.last = &meta_multi_loc_one;
def_multi_loc_one.next = NULL;
def_multi_loc_one.loc = pp->e.gv->loc_default_mc;
meta_multi_loc_one.next = NULL;
meta_multi_loc_one.loc = pp->e.gv->loc_meta_mc;
}
}
ps.participant_lease_duration = pp->lease_duration;
/* Add PrismTech specific version information */
{
ps.present |= PP_PRISMTECH_PARTICIPANT_VERSION_INFO;
memset (&ps.prismtech_participant_version_info, 0, sizeof (ps.prismtech_participant_version_info));
ps.prismtech_participant_version_info.version = 0;
ps.prismtech_participant_version_info.flags =
NN_PRISMTECH_FL_DDSI2_PARTICIPANT_FLAG |
NN_PRISMTECH_FL_PTBES_FIXED_0 |
NN_PRISMTECH_FL_SUPPORTS_STATUSINFOX;
if (pp->e.gv->config.besmode == BESMODE_MINIMAL)
ps.prismtech_participant_version_info.flags |= NN_PRISMTECH_FL_MINIMAL_BES_MODE;
ddsrt_mutex_lock (&pp->e.gv->privileged_pp_lock);
if (pp->is_ddsi2_pp)
ps.prismtech_participant_version_info.flags |= NN_PRISMTECH_FL_PARTICIPANT_IS_DDSI2;
ddsrt_mutex_unlock (&pp->e.gv->privileged_pp_lock);
if (ddsrt_gethostname(node, sizeof(node)-1) < 0)
(void) ddsrt_strlcpy (node, "unknown", sizeof (node));
size = strlen(node) + strlen(DDS_VERSION) + strlen(DDS_HOST_NAME) + strlen(DDS_TARGET_NAME) + 4; /* + ///'\0' */
ps.prismtech_participant_version_info.internals = ddsrt_malloc(size);
(void) snprintf(ps.prismtech_participant_version_info.internals, size, "%s/%s/%s/%s", node, DDS_VERSION, DDS_HOST_NAME, DDS_TARGET_NAME);
ETRACE (pp, "spdp_write("PGUIDFMT") - internals: %s\n", PGUID (pp->e.guid), ps.prismtech_participant_version_info.internals);
}
#ifdef DDSI_INCLUDE_SECURITY
/* Add Security specific information. */
if (q_omg_get_participant_security_info(pp, &(ps.participant_security_info))) {
ps.present |= PP_PARTICIPANT_SECURITY_INFO;
ps.aliased |= PP_PARTICIPANT_SECURITY_INFO;
}
#endif
/* Participant QoS's insofar as they are set, different from the default, and mapped to the SPDP data, rather than to the PrismTech-specific CMParticipant endpoint. Currently, that means just USER_DATA. */
qosdiff = ddsi_xqos_delta (&pp->plist->qos, &pp->e.gv->default_plist_pp.qos, QP_USER_DATA);
if (pp->e.gv->config.explicitly_publish_qos_set_to_default)
@ -329,6 +512,10 @@ int spdp_write (struct participant *pp)
assert (ps.qos.present == 0);
ddsi_plist_addtomsg (mpayload, &ps, ~(uint64_t)0, 0);
ddsi_plist_addtomsg (mpayload, pp->plist, 0, qosdiff);
#ifdef DDSI_INCLUDE_SECURITY
if (q_omg_participant_is_secure(pp))
ddsi_plist_addtomsg (mpayload, pp->plist, PP_IDENTITY_TOKEN | PP_PERMISSIONS_TOKEN, 0);
#endif
nn_xmsg_addpar_sentinel (mpayload);
ddsi_plist_fini (&ps);
@ -336,6 +523,7 @@ int spdp_write (struct participant *pp)
nn_xmsg_free (mpayload);
return ret;
}
#endif
static int spdp_dispose_unregister_with_wr (struct participant *pp, unsigned entityid)
{
@ -352,7 +540,7 @@ static int spdp_dispose_unregister_with_wr (struct participant *pp, unsigned ent
return 0;
}
mpayload = nn_xmsg_new (pp->e.gv->xmsgpool, &pp->e.guid, NULL, 0, NN_XMSG_KIND_DATA);
mpayload = nn_xmsg_new (pp->e.gv->xmsgpool, &pp->e.guid, pp, 0, NN_XMSG_KIND_DATA);
ddsi_plist_init_empty (&ps);
ps.present |= PP_PARTICIPANT_GUID;
ps.participant_guid = pp->e.guid;
@ -1009,7 +1197,7 @@ static int sedp_write_endpoint
the QoS and other settings. So the header fields aren't really
important, except that they need to be set to reasonable things
or it'll crash */
mpayload = nn_xmsg_new (gv->xmsgpool, &wr->e.guid, NULL, 0, NN_XMSG_KIND_DATA);
mpayload = nn_xmsg_new (gv->xmsgpool, &wr->e.guid, wr->c.pp, 0, NN_XMSG_KIND_DATA);
ddsi_plist_addtomsg (mpayload, &ps, ~(uint64_t)0, ~(uint64_t)0);
if (xqos) ddsi_xqos_addtomsg (mpayload, xqos, qosdiff);
nn_xmsg_addpar_sentinel (mpayload);
@ -1268,6 +1456,12 @@ static void handle_SEDP_alive (const struct receiver_state *rst, seqno_t seq, dd
E ("******* AARGH - it expects inline QoS ********\n", err);
}
q_omg_log_endpoint_protection(gv, datap);
if (q_omg_is_endpoint_protected(datap) && !q_omg_proxy_participant_is_secure(pp))
{
E (" remote endpoint is protected while local federation is not secure\n", err);
}
if (is_writer)
{
pwr = entidx_lookup_proxy_writer_guid (gv->entity_index, &datap->endpoint_guid);
@ -1472,7 +1666,7 @@ int sedp_write_topic (struct participant *pp, const struct ddsi_plist *datap)
sedp_wr = get_sedp_writer (pp, NN_ENTITYID_SEDP_BUILTIN_TOPIC_WRITER);
mpayload = nn_xmsg_new (sedp_wr->e.gv->xmsgpool, &sedp_wr->e.guid, NULL, 0, NN_XMSG_KIND_DATA);
mpayload = nn_xmsg_new (sedp_wr->e.gv->xmsgpool, &sedp_wr->e.guid, pp, 0, NN_XMSG_KIND_DATA);
delta = ddsi_xqos_delta (&datap->qos, &sedp_wr->e.gv->default_xqos_tp, ~(uint64_t)0);
if (sedp_wr->e.gv->config.explicitly_publish_qos_set_to_default)
delta |= ~QP_UNRECOGNIZED_INCOMPATIBLE_MASK;
@ -1718,10 +1912,10 @@ int builtins_dqueue_handler (const struct nn_rsample_info *sampleinfo, const str
break;
#ifdef DDSI_INCLUDE_SECURITY
case NN_ENTITYID_P2P_BUILTIN_PARTICIPANT_STATELESS_MESSAGE_WRITER:
/* TODO: Handshake */
handle_auth_handshake_message(sampleinfo->rst, srcguid.entityid, timestamp, statusinfo, datap, datasz);
break;
case NN_ENTITYID_P2P_BUILTIN_PARTICIPANT_VOLATILE_SECURE_WRITER:
/* TODO: Key exchange */
handle_crypto_exchange_message(sampleinfo->rst, srcguid.entityid, timestamp, statusinfo, datap, datasz);
break;
#endif
default:

253
src/core/ddsi/src/q_entity.c
View file

@ -109,7 +109,7 @@ static void unref_participant (struct participant *pp, const struct ddsi_guid *g
static struct entity_common *entity_common_from_proxy_endpoint_common (const struct proxy_endpoint_common *c);
#ifdef DDSI_INCLUDE_SECURITY
static void handshake_end_cb(struct ddsi_domaingv const * const gv, struct ddsi_handshake *handshake, const struct ddsi_guid *lpguid, const struct ddsi_guid *ppguid, enum ddsi_handshake_state result);
static void handshake_end_cb(struct ddsi_handshake *handshake, struct participant *pp, struct proxy_participant *proxypp, enum ddsi_handshake_state result);
static void downgrade_to_nonsecure(struct proxy_participant *proxypp);
#endif
@ -217,6 +217,13 @@ static int is_builtin_volatile_endpoint (ddsi_entityid_t id)
}
return 0;
}
#else
static int is_builtin_volatile_endpoint (ddsi_entityid_t id)
{
DDSRT_UNUSED_ARG(id);
return 0;
}
#endif
@ -637,14 +644,14 @@ static void connect_participant_secure(struct ddsi_domaingv *gv, struct particip
if (q_omg_participant_is_secure(pp))
{
q_omg_security_participant_set_initialized(pp);
entidx_enum_proxy_participant_init (&it, gv->entity_index);
while ((proxypp = entidx_enum_proxy_participant_next (&it)) != NULL)
{
/* Do not start handshaking when security info doesn't match. */
if (q_omg_is_similar_participant_security_info(pp, proxypp))
{
if (q_omg_security_remote_participant_is_initialized(proxypp) && q_omg_is_similar_participant_security_info(pp, proxypp))
ddsi_handshake_register(pp, proxypp, handshake_end_cb);
}
}
entidx_enum_proxy_participant_fini (&it);
}
@ -743,7 +750,7 @@ static void participant_remove_wr_lease_locked (struct participant * pp, struct
}
}
dds_return_t new_participant_guid (const ddsi_guid_t *ppguid, struct ddsi_domaingv *gv, unsigned flags, const ddsi_plist_t *plist)
dds_return_t new_participant_guid (ddsi_guid_t *ppguid, struct ddsi_domaingv *gv, unsigned flags, const ddsi_plist_t *plist)
{
struct participant *pp;
ddsi_guid_t subguid, group_guid;
@ -806,6 +813,7 @@ dds_return_t new_participant_guid (const ddsi_guid_t *ppguid, struct ddsi_domain
ddsi_plist_mergein_missing (pp->plist, &gv->default_local_plist_pp, ~(uint64_t)0, ~(uint64_t)0);
#ifdef DDSI_INCLUDE_SECURITY
pp->sec_attr = NULL;
/*
* if there there are security properties check them .
* if there are no security properties, then merge from security configuration if there is
@ -876,6 +884,7 @@ dds_return_t new_participant_guid (const ddsi_guid_t *ppguid, struct ddsi_domain
ret = DDS_RETCODE_NOT_ALLOWED_BY_SECURITY;
goto not_allowed;
}
*ppguid = pp->e.guid;
}
#endif
@ -1257,6 +1266,9 @@ static void unref_participant (struct participant *pp, const struct ddsi_guid *g
while longer for it to wakeup. */
ddsi_conn_free (pp->m_conn);
}
#ifdef DDSI_INCLUDE_SECURITY
q_omg_security_deregister_participant(pp);
#endif
ddsi_plist_fini (pp->plist);
ddsrt_free (pp->plist);
ddsrt_mutex_destroy (&pp->refc_lock);
@ -1735,19 +1747,30 @@ void rebuild_or_clear_writer_addrsets (struct ddsi_domaingv *gv, int rebuild)
GVLOGDISC ("rebuild_or_delete_writer_addrsets(%d) done\n", rebuild);
}
static void free_wr_prd_match (struct wr_prd_match *m)
static void free_wr_prd_match (const struct ddsi_domaingv *gv, const ddsi_guid_t *wr_guid, struct wr_prd_match *m)
{
if (m)
{
#ifdef DDSI_INCLUDE_SECURITY
q_omg_security_deregister_remote_reader_match (gv, wr_guid, m);
#else
(void) gv;
(void) wr_guid;
#endif
nn_lat_estim_fini (&m->hb_to_ack_latency);
ddsrt_free (m);
}
}
static void free_rd_pwr_match (struct ddsi_domaingv *gv, struct rd_pwr_match *m)
static void free_rd_pwr_match (struct ddsi_domaingv *gv, const ddsi_guid_t *rd_guid, struct rd_pwr_match *m)
{
if (m)
{
#ifdef DDSI_INCLUDE_SECURITY
q_omg_security_deregister_remote_writer_match (gv, rd_guid, m);
#else
(void) rd_guid;
#endif
#ifdef DDSI_INCLUDE_SSM
if (!is_unspec_locator (&m->ssm_mc_loc))
{
@ -1756,7 +1779,8 @@ static void free_rd_pwr_match (struct ddsi_domaingv *gv, struct rd_pwr_match *m)
if (ddsi_leave_mc (gv, gv->mship, gv->data_conn_mc, &m->ssm_src_loc, &m->ssm_mc_loc) < 0)
GVWARNING ("failed to leave network partition ssm group\n");
}
#else
#endif
#if !(defined DDSI_INCLUDE_SECURITY || defined DDSI_INCLUDE_SSM)
(void) gv;
#endif
ddsrt_free (m);
@ -1829,8 +1853,10 @@ static void writer_drop_connection (const struct ddsi_guid *wr_guid, const struc
ddsrt_avl_delete (&wr_readers_treedef, &wr->readers, m);
rebuild_writer_addrset (wr);
remove_acked_messages (wr, &whcst, &deferred_free_list);
wr->num_readers--;
wr->num_reliable_readers -= m->is_reliable;
}
ddsrt_mutex_unlock (&wr->e.lock);
if (m != NULL && wr->status_cb)
{
@ -1841,7 +1867,7 @@ static void writer_drop_connection (const struct ddsi_guid *wr_guid, const struc
(wr->status_cb) (wr->status_cb_entity, &data);
}
whc_free_deferred_free_list (wr->whc, deferred_free_list);
free_wr_prd_match (m);
free_wr_prd_match (wr->e.gv, &wr->e.guid, m);
}
}
@ -1981,7 +2007,11 @@ static void reader_drop_connection (const struct ddsi_guid *rd_guid, const struc
struct rd_pwr_match *m;
ddsrt_mutex_lock (&rd->e.lock);
if ((m = ddsrt_avl_lookup (&rd_writers_treedef, &rd->writers, &pwr->e.guid)) != NULL)
{
ddsrt_avl_delete (&rd_writers_treedef, &rd->writers, m);
rd->num_writers--;
}
ddsrt_mutex_unlock (&rd->e.lock);
if (m != NULL)
{
@ -2005,7 +2035,7 @@ static void reader_drop_connection (const struct ddsi_guid *rd_guid, const struc
(rd->status_cb) (rd->status_cb_entity, &data);
}
}
free_rd_pwr_match (pwr->e.gv, m);
free_rd_pwr_match (pwr->e.gv, &rd->e.guid, m);
}
}
@ -2122,7 +2152,7 @@ static void proxy_reader_drop_connection (const struct ddsi_guid *prd_guid, stru
}
}
static void writer_add_connection (struct writer *wr, struct proxy_reader *prd)
static void writer_add_connection (struct writer *wr, struct proxy_reader *prd, int64_t crypto_handle)
{
struct wr_prd_match *m = ddsrt_malloc (sizeof (*m));
ddsrt_avl_ipath_t path;
@ -2134,6 +2164,11 @@ static void writer_add_connection (struct writer *wr, struct proxy_reader *prd)
m->all_have_replied_to_hb = 0;
m->non_responsive_count = 0;
m->rexmit_requests = 0;
#ifdef DDSI_INCLUDE_SECURITY
m->crypto_handle = crypto_handle;
#else
DDSRT_UNUSED_ARG(crypto_handle);
#endif
/* m->demoted: see below */
ddsrt_mutex_lock (&prd->e.lock);
if (prd->deleting)
@ -2179,6 +2214,7 @@ static void writer_add_connection (struct writer *wr, struct proxy_reader *prd)
PGUID (wr->e.guid), PGUID (prd->e.guid), m->seq);
ddsrt_avl_insert_ipath (&wr_readers_treedef, &wr->readers, m, &path);
rebuild_writer_addrset (wr);
wr->num_readers++;
wr->num_reliable_readers += m->is_reliable;
ddsrt_mutex_unlock (&wr->e.lock);
@ -2275,7 +2311,7 @@ static void writer_add_local_connection (struct writer *wr, struct reader *rd)
}
}
static void reader_add_connection (struct reader *rd, struct proxy_writer *pwr, nn_count_t *init_count, const struct alive_state *alive_state)
static void reader_add_connection (struct reader *rd, struct proxy_writer *pwr, nn_count_t *init_count, const struct alive_state *alive_state, int64_t crypto_handle)
{
struct rd_pwr_match *m = ddsrt_malloc (sizeof (*m));
ddsrt_avl_ipath_t path;
@ -2283,6 +2319,11 @@ static void reader_add_connection (struct reader *rd, struct proxy_writer *pwr,
m->pwr_guid = pwr->e.guid;
m->pwr_alive = alive_state->alive;
m->pwr_alive_vclock = alive_state->vclock;
#ifdef DDSI_INCLUDE_SECURITY
m->crypto_handle = crypto_handle;
#else
DDSRT_UNUSED_ARG(crypto_handle);
#endif
ddsrt_mutex_lock (&rd->e.lock);
@ -2307,7 +2348,9 @@ static void reader_add_connection (struct reader *rd, struct proxy_writer *pwr,
{
ELOGDISC (rd, " reader_add_connection(pwr "PGUIDFMT" rd "PGUIDFMT")\n",
PGUID (pwr->e.guid), PGUID (rd->e.guid));
ddsrt_avl_insert_ipath (&rd_writers_treedef, &rd->writers, m, &path);
rd->num_writers++;
ddsrt_mutex_unlock (&rd->e.lock);
#ifdef DDSI_INCLUDE_SSM
@ -2390,7 +2433,7 @@ static void reader_add_local_connection (struct reader *rd, struct writer *wr, c
}
}
static void proxy_writer_add_connection (struct proxy_writer *pwr, struct reader *rd, nn_mtime_t tnow, nn_count_t init_count)
static void proxy_writer_add_connection (struct proxy_writer *pwr, struct reader *rd, nn_mtime_t tnow, nn_count_t init_count, int64_t crypto_handle)
{
struct pwr_rd_match *m = ddsrt_malloc (sizeof (*m));
ddsrt_avl_ipath_t path;
@ -2428,6 +2471,12 @@ static void proxy_writer_add_connection (struct proxy_writer *pwr, struct reader
m->last_seq = 0;
m->filtered = 0;
#ifdef DDSI_INCLUDE_SECURITY
m->crypto_handle = crypto_handle;
#else
DDSRT_UNUSED_ARG(crypto_handle);
#endif
/* These can change as a consequence of handling data and/or
discovery activities. The safe way of dealing with them is to
lock the proxy writer */
@ -2525,12 +2574,18 @@ already_matched:
static void proxy_reader_add_connection (struct proxy_reader *prd, struct writer *wr)
static void proxy_reader_add_connection (struct proxy_reader *prd, struct writer *wr, int64_t crypto_handle)
{
struct prd_wr_match *m = ddsrt_malloc (sizeof (*m));
ddsrt_avl_ipath_t path;
m->wr_guid = wr->e.guid;
#ifdef DDSI_INCLUDE_SECURITY
m->crypto_handle = crypto_handle;
#else
DDSRT_UNUSED_ARG(crypto_handle);
#endif
ddsrt_mutex_lock (&prd->e.lock);
if (ddsrt_avl_lookup_ipath (&prd_writers_treedef, &prd->writers, &wr->e.guid, &path))
{
@ -2547,6 +2602,7 @@ static void proxy_reader_add_connection (struct proxy_reader *prd, struct writer
ddsrt_avl_insert_ipath (&prd_writers_treedef, &prd->writers, m, &path);
ddsrt_mutex_unlock (&prd->e.lock);
qxev_prd_entityid (prd, &wr->e.guid);
}
}
@ -2680,14 +2736,14 @@ static bool topickind_qos_match_p_lock (struct entity_common *rd, const dds_qos_
return ret;
}
void connect_writer_with_proxy_reader_secure(struct writer *wr, struct proxy_reader *prd, nn_mtime_t tnow)
void connect_writer_with_proxy_reader_secure(struct writer *wr, struct proxy_reader *prd, nn_mtime_t tnow, int64_t crypto_handle)
{
DDSRT_UNUSED_ARG(tnow);
proxy_reader_add_connection (prd, wr);
writer_add_connection (wr, prd);
proxy_reader_add_connection (prd, wr, crypto_handle);
writer_add_connection (wr, prd, crypto_handle);
}
void connect_reader_with_proxy_writer_secure(struct reader *rd, struct proxy_writer *pwr, nn_mtime_t tnow)
void connect_reader_with_proxy_writer_secure(struct reader *rd, struct proxy_writer *pwr, nn_mtime_t tnow, int64_t crypto_handle)
{
nn_count_t init_count;
struct alive_state alive_state;
@ -2696,8 +2752,8 @@ void connect_reader_with_proxy_writer_secure(struct reader *rd, struct proxy_wri
sensible, but that may be outdated by the time the reader gets added to the writer's list
of matching readers. */
proxy_writer_get_alive_state (pwr, &alive_state);
reader_add_connection (rd, pwr, &init_count, &alive_state);
proxy_writer_add_connection (pwr, rd, tnow, init_count);
reader_add_connection (rd, pwr, &init_count, &alive_state, crypto_handle);
proxy_writer_add_connection (pwr, rd, tnow, init_count, crypto_handle);
/* Once everything is set up: update with the latest state, any updates to the alive state
happening in parallel will cause this to become a no-op. */
@ -2710,6 +2766,8 @@ static void connect_writer_with_proxy_reader (struct writer *wr, struct proxy_re
const int isb0 = (is_builtin_entityid (wr->e.guid.entityid, NN_VENDORID_ECLIPSE) != 0);
const int isb1 = (is_builtin_entityid (prd->e.guid.entityid, prd->c.vendor) != 0);
dds_qos_policy_id_t reason;
int64_t crypto_handle;
DDSRT_UNUSED_ARG(tnow);
if (isb0 != isb1)
return;
@ -2726,15 +2784,15 @@ static void connect_writer_with_proxy_reader (struct writer *wr, struct proxy_re
EELOGDISC (&wr->e, "connect_writer_with_proxy_reader (wr "PGUIDFMT") with (prd "PGUIDFMT") not allowed by security\n",
PGUID (wr->e.guid), PGUID (prd->e.guid));
}
else if (!q_omg_security_match_remote_reader_enabled (wr, prd))
else if (!q_omg_security_match_remote_reader_enabled (wr, prd, &crypto_handle))
{
EELOGDISC (&wr->e, "connect_writer_with_proxy_reader (wr "PGUIDFMT") with (prd "PGUIDFMT") waiting for approval by security\n",
PGUID (wr->e.guid), PGUID (prd->e.guid));
}
else
{
proxy_reader_add_connection (prd, wr);
writer_add_connection (wr, prd);
proxy_reader_add_connection (prd, wr, crypto_handle);
writer_add_connection (wr, prd, crypto_handle);
}
}
@ -2745,6 +2803,8 @@ static void connect_proxy_writer_with_reader (struct proxy_writer *pwr, struct r
dds_qos_policy_id_t reason;
nn_count_t init_count;
struct alive_state alive_state;
int64_t crypto_handle;
if (isb0 != isb1)
return;
if (rd->e.onlylocal)
@ -2760,7 +2820,7 @@ static void connect_proxy_writer_with_reader (struct proxy_writer *pwr, struct r
EELOGDISC (&rd->e, "connect_proxy_writer_with_reader (pwr "PGUIDFMT") with (rd "PGUIDFMT") not allowed by security\n",
PGUID (pwr->e.guid), PGUID (rd->e.guid));
}
else if (!q_omg_security_match_remote_writer_enabled(rd, pwr))
else if (!q_omg_security_match_remote_writer_enabled(rd, pwr, &crypto_handle))
{
EELOGDISC (&rd->e, "connect_proxy_writer_with_reader (pwr "PGUIDFMT") with (rd "PGUIDFMT") waiting for approval by security\n",
PGUID (pwr->e.guid), PGUID (rd->e.guid));
@ -2771,8 +2831,8 @@ static void connect_proxy_writer_with_reader (struct proxy_writer *pwr, struct r
sensible, but that may be outdated by the time the reader gets added to the writer's list
of matching readers. */
proxy_writer_get_alive_state (pwr, &alive_state);
reader_add_connection (rd, pwr, &init_count, &alive_state);
proxy_writer_add_connection (pwr, rd, tnow, init_count);
reader_add_connection (rd, pwr, &init_count, &alive_state, crypto_handle);
proxy_writer_add_connection (pwr, rd, tnow, init_count, crypto_handle);
/* Once everything is set up: update with the latest state, any updates to the alive state
happening in parallel will cause this to become a no-op. */
@ -3108,7 +3168,7 @@ static void update_proxy_participant_endpoint_matching (struct proxy_participant
enum entity_kind mkind;
guid.entityid = endpoint_ids[i];
if ((e = entidx_lookup_guid_untyped(proxypp->e.gv->entity_index, &guid)) == NULL)
if ((e = entidx_lookup_guid_untyped(entidx, &guid)) == NULL)
continue;
mkind = generic_do_match_mkind (e->kind, false);
@ -3119,10 +3179,10 @@ static void update_proxy_participant_endpoint_matching (struct proxy_participant
struct match_entities_range_key max;
const char *tp = entity_topic_name (e);
entidx_enum_init_topic_w_prefix (&it, entidx, mkind, tp, &pp->e.guid.prefix, &max);
entidx_enum_init_topic(&it, entidx, mkind, tp, &max);
while ((em = entidx_enum_next_max (&it, &max)) != NULL)
{
if (&pp->e == get_entity_parent(e))
if (&pp->e == get_entity_parent(em))
generic_do_match_connect (e, em, tnow, false);
}
entidx_enum_fini (&it);
@ -3498,6 +3558,7 @@ static void new_writer_guid_common_init (struct writer *wr, const struct ddsi_se
wr->retransmitting = 0;
wr->t_rexmit_end.v = 0;
wr->t_whc_high_upd.v = 0;
wr->num_readers = 0;
wr->num_reliable_readers = 0;
wr->num_acks_received = 0;
wr->num_nacks_received = 0;
@ -3511,6 +3572,9 @@ static void new_writer_guid_common_init (struct writer *wr, const struct ddsi_se
wr->status_cb = status_cb;
wr->status_cb_entity = status_entity;
#ifdef DDSI_INCLUDE_SECURITY
wr->sec_attr = NULL;
#endif
/* Copy QoS, merging in defaults */
@ -3646,8 +3710,7 @@ static void new_writer_guid_common_init (struct writer *wr, const struct ddsi_se
wr->whc_low = wr->e.gv->config.whc_lowwater_mark;
wr->whc_high = wr->e.gv->config.whc_init_highwater_mark.value;
}
assert (!(wr->e.guid.entityid.u == NN_ENTITYID_P2P_BUILTIN_PARTICIPANT_VOLATILE_SECURE_WRITER)
||
assert (!(is_builtin_entityid(wr->e.guid.entityid, NN_VENDORID_ECLIPSE) && !is_builtin_volatile_endpoint(wr->e.guid.entityid)) ||
(wr->whc_low == wr->whc_high && wr->whc_low == INT32_MAX));
/* Connection admin */
@ -3679,6 +3742,10 @@ static dds_return_t new_writer_guid (struct writer **wr_out, const struct ddsi_g
endpoint_common_init (&wr->e, &wr->c, pp->e.gv, EK_WRITER, guid, group_guid, pp, onlylocal);
new_writer_guid_common_init(wr, topic, xqos, whc, status_cb, status_entity);
#ifdef DDSI_INCLUDE_SECURITY
q_omg_security_register_writer(wr);
#endif
/* entity_index needed for protocol handling, so add it before we send
out our first message. Also: needed for matching, and swapping
the order if hash insert & matching creates a window during which
@ -3745,6 +3812,16 @@ dds_return_t new_writer (struct writer **wr_out, struct ddsi_domaingv *gv, struc
return DDS_RETCODE_BAD_PARAMETER;
}
#ifdef DDSI_INCLUDE_SECURITY
/* Check if DDS Security is enabled */
if (q_omg_participant_is_secure (pp))
{
/* ask to access control security plugin for create writer permissions */
if (!q_omg_security_check_create_writer (pp, gv->config.domainId, topic->name, xqos))
return DDS_RETCODE_NOT_ALLOWED_BY_SECURITY;
}
#endif
/* participant can't be freed while we're mucking around cos we are
awake and do not touch the thread's vtime (entidx_lookup already
verifies we're awake) */
@ -3811,7 +3888,7 @@ static void gc_delete_writer (struct gcreq *gcreq)
struct wr_prd_match *m = ddsrt_avl_root_non_empty (&wr_readers_treedef, &wr->readers);
ddsrt_avl_delete (&wr_readers_treedef, &wr->readers, m);
proxy_reader_drop_connection (&m->prd_guid, wr);
free_wr_prd_match (m);
free_wr_prd_match (wr->e.gv, &wr->e.guid, m);
}
while (!ddsrt_avl_is_empty (&wr->local_readers))
{
@ -3835,6 +3912,9 @@ static void gc_delete_writer (struct gcreq *gcreq)
if (wr->status_cb)
(wr->status_cb) (wr->status_cb_entity, NULL);
#ifdef DDSI_INCLUDE_SECURITY
q_omg_security_deregister_writer(wr);
#endif
#ifdef DDSI_INCLUDE_SSM
if (wr->ssm_as)
unref_addrset (wr->ssm_as);
@ -3956,6 +4036,9 @@ dds_return_t delete_writer_nolinger (struct ddsi_domaingv *gv, const struct ddsi
return DDS_RETCODE_BAD_PARAMETER;
}
GVLOGDISC ("delete_writer_nolinger(guid "PGUIDFMT") ...\n", PGUID (*guid));
#ifdef DDSI_INCLUDE_SECURITY
q_omg_security_deregister_writer(wr);
#endif
ddsrt_mutex_lock (&wr->e.lock);
delete_writer_nolinger_locked (wr);
ddsrt_mutex_unlock (&wr->e.lock);
@ -4174,8 +4257,12 @@ static dds_return_t new_reader_guid
rd->ddsi2direct_cb = 0;
rd->ddsi2direct_cbarg = 0;
rd->init_acknack_count = 0;
rd->num_writers = 0;
#ifdef DDSI_INCLUDE_SSM
rd->favours_ssm = 0;
#endif
#ifdef DDSI_INCLUDE_SECURITY
rd->sec_attr = NULL;
#endif
if (topic == NULL)
{
@ -4191,6 +4278,10 @@ static dds_return_t new_reader_guid
}
assert (rd->xqos->present & QP_LIVELINESS);
#ifdef DDSI_INCLUDE_SECURITY
q_omg_security_register_reader(rd);
#endif
#ifdef DDSI_INCLUDE_NETWORK_PARTITIONS
rd->as = new_addrset ();
if (pp->e.gv->config.allowMulticast & ~AMC_SPDP)
@ -4282,6 +4373,17 @@ dds_return_t new_reader
GVLOGDISC ("new_reader - participant "PGUIDFMT" not found\n", PGUID (*ppguid));
return DDS_RETCODE_BAD_PARAMETER;
}
#ifdef DDSI_INCLUDE_SECURITY
/* Check if DDS Security is enabled */
if (q_omg_participant_is_secure (pp))
{
/* ask to access control security plugin for create writer permissions */
if (!q_omg_security_check_create_reader (pp, gv->config.domainId, topic->name, xqos))
return DDS_RETCODE_NOT_ALLOWED_BY_SECURITY;
}
#endif
rdguid->prefix = pp->e.guid.prefix;
kind = topic->topickind_no_key ? NN_ENTITYID_KIND_READER_NO_KEY : NN_ENTITYID_KIND_READER_WITH_KEY;
if ((rc = pp_allocate_entityid (&rdguid->entityid, kind, pp)) < 0)
@ -4301,7 +4403,7 @@ static void gc_delete_reader (struct gcreq *gcreq)
struct rd_pwr_match *m = ddsrt_avl_root_non_empty (&rd_writers_treedef, &rd->writers);
ddsrt_avl_delete (&rd_writers_treedef, &rd->writers, m);
proxy_writer_drop_connection (&m->pwr_guid, rd);
free_rd_pwr_match (rd->e.gv, m);
free_rd_pwr_match (rd->e.gv, &rd->e.guid, m);
}
while (!ddsrt_avl_is_empty (&rd->local_writers))
{
@ -4311,6 +4413,10 @@ static void gc_delete_reader (struct gcreq *gcreq)
free_rd_wr_match (m);
}
#ifdef DDSI_INCLUDE_SECURITY
q_omg_security_deregister_reader(rd);
#endif
if (!is_builtin_entityid (rd->e.guid.entityid, NN_VENDORID_ECLIPSE))
sedp_dispose_unregister_reader (rd);
#ifdef DDSI_INCLUDE_NETWORK_PARTITIONS
@ -4353,6 +4459,9 @@ dds_return_t delete_reader (struct ddsi_domaingv *gv, const struct ddsi_guid *gu
GVLOGDISC ("delete_reader_guid(guid "PGUIDFMT") ...\n", PGUID (*guid));
builtintopic_write (rd->e.gv->builtin_topic_interface, &rd->e, now(), false);
entidx_remove_reader_guid (gv->entity_index, rd);
#ifdef DDSI_INCLUDE_SECURITY
q_omg_security_deregister_reader(rd);
#endif
gcreq_reader (rd);
return 0;
}
@ -4639,58 +4748,34 @@ static void proxy_participant_remove_pwr_lease_locked (struct proxy_participant
#ifdef DDSI_INCLUDE_SECURITY
void handshake_end_cb
(
struct ddsi_domaingv const * const gv,
struct ddsi_handshake *handshake,
const struct ddsi_guid *lpguid,
const struct ddsi_guid *ppguid,
enum ddsi_handshake_state result)
void handshake_end_cb(struct ddsi_handshake *handshake, struct participant *pp, struct proxy_participant *proxypp, enum ddsi_handshake_state result)
{
struct proxy_participant *proxypp;
struct participant *pp;
const struct ddsi_domaingv * const gv = pp->e.gv;
int64_t shared_secret;
int64_t permissions_hdl;
assert(handshake);
assert(lpguid);
assert(ppguid);
assert(gv);
proxypp = entidx_lookup_proxy_participant_guid (gv->entity_index, ppguid);
if (!proxypp)
return;
pp = entidx_lookup_participant_guid (gv->entity_index, lpguid);
if (!pp)
return;
switch(result)
{
case STATE_HANDSHAKE_PROCESSED:
shared_secret = ddsi_handshake_get_shared_secret(handshake);
DDS_CLOG (DDS_LC_DISCOVERY, &gv->logconfig, "handshake (lguid="PGUIDFMT" rguid="PGUIDFMT") processed\n", PGUID (*lpguid), PGUID (*ppguid));
permissions_hdl = q_omg_security_check_remote_participant_permissions(gv->config.domainId, pp, proxypp);
if (permissions_hdl != 0) {
q_omg_security_register_remote_participant(pp, proxypp, shared_secret, permissions_hdl);
DDS_CLOG (DDS_LC_DISCOVERY, &gv->logconfig, "handshake (lguid="PGUIDFMT" rguid="PGUIDFMT") processed\n", PGUID (pp->e.guid), PGUID (proxypp->e.guid));
if (q_omg_security_register_remote_participant(pp, proxypp, shared_secret)) {
match_volatile_secure_endpoints(pp, proxypp);
}
break;
case STATE_HANDSHAKE_SEND_TOKENS:
DDS_CLOG (DDS_LC_DISCOVERY, &gv->logconfig, "handshake (lguid="PGUIDFMT" rguid="PGUIDFMT") send tokens\n", PGUID (*lpguid), PGUID (*ppguid));
DDS_CLOG (DDS_LC_DISCOVERY, &gv->logconfig, "handshake (lguid="PGUIDFMT" rguid="PGUIDFMT") send tokens\n", PGUID (pp->e.guid), PGUID (proxypp->e.guid));
q_omg_security_participant_send_tokens(pp, proxypp);
break;
case STATE_HANDSHAKE_OK:
DDS_CLOG (DDS_LC_DISCOVERY, &gv->logconfig, "handshake (lguid="PGUIDFMT" rguid="PGUIDFMT") succeeded\n", PGUID (*lpguid), PGUID (*ppguid));
DDS_CLOG (DDS_LC_DISCOVERY, &gv->logconfig, "handshake (lguid="PGUIDFMT" rguid="PGUIDFMT") succeeded\n", PGUID (pp->e.guid), PGUID (proxypp->e.guid));
update_proxy_participant_endpoint_matching(proxypp, pp);
ddsi_handshake_remove(pp, proxypp, handshake);
break;
case STATE_HANDSHAKE_TIMED_OUT:
DDS_CERROR (&gv->logconfig, "handshake (lguid="PGUIDFMT" rguid="PGUIDFMT") failed: (%d) Timed out\n", PGUID (*lpguid), PGUID (*ppguid), (int)result);
DDS_CERROR (&gv->logconfig, "handshake (lguid="PGUIDFMT" rguid="PGUIDFMT") failed: (%d) Timed out\n", PGUID (pp->e.guid), PGUID (proxypp->e.guid), (int)result);
if (q_omg_participant_allow_unauthenticated(pp)) {
downgrade_to_nonsecure(proxypp);
update_proxy_participant_endpoint_matching(proxypp, pp);
@ -4698,7 +4783,7 @@ void handshake_end_cb
ddsi_handshake_remove(pp, proxypp, handshake);
break;
case STATE_HANDSHAKE_FAILED:
DDS_CERROR (&gv->logconfig, "handshake (lguid="PGUIDFMT" rguid="PGUIDFMT") failed: (%d) Failed\n", PGUID (*lpguid), PGUID (*ppguid), (int)result);
DDS_CERROR (&gv->logconfig, "handshake (lguid="PGUIDFMT" rguid="PGUIDFMT") failed: (%d) Failed\n", PGUID (pp->e.guid), PGUID (proxypp->e.guid), (int)result);
if (q_omg_participant_allow_unauthenticated(pp)) {
downgrade_to_nonsecure(proxypp);
update_proxy_participant_endpoint_matching(proxypp, pp);
@ -4706,7 +4791,7 @@ void handshake_end_cb
ddsi_handshake_remove(pp, proxypp, handshake);
break;
default:
DDS_CERROR (&gv->logconfig, "handshake (lguid="PGUIDFMT" rguid="PGUIDFMT") failed: (%d) Unknown failure\n", PGUID (*lpguid), PGUID (*ppguid), (int)result);
DDS_CERROR (&gv->logconfig, "handshake (lguid="PGUIDFMT" rguid="PGUIDFMT") failed: (%d) Unknown failure\n", PGUID (pp->e.guid), PGUID (proxypp->e.guid), (int)result);
ddsi_handshake_remove(pp, proxypp, handshake);
break;
}
@ -4729,22 +4814,37 @@ static int proxy_participant_check_security_info(struct ddsi_domaingv *gv, struc
return r;
}
static void proxy_participant_create_handshakes(struct ddsi_domaingv *gv, struct proxy_participant *proxypp)
{
struct participant *pp;
struct entidx_enum_participant est;
q_omg_security_remote_participant_set_initialized(proxypp);
entidx_enum_participant_init (&est, gv->entity_index);
while (((pp = entidx_enum_participant_next (&est)) != NULL)) {
if (q_omg_participant_is_secure(pp))
{
if (q_omg_security_participant_is_initialized(pp))
ddsi_handshake_register(pp, proxypp, handshake_end_cb);
}
}
entidx_enum_participant_fini(&est);
}
static void disconnect_proxy_participant_secure(struct proxy_participant *proxypp)
{
struct participant *pp;
struct entidx_enum_participant it;
struct ddsi_domaingv * const gv = proxypp->e.gv;
if (q_omg_proxy_participant_is_secure(proxypp))
{
entidx_enum_participant_init (&it, gv->entity_index);
while ((pp = entidx_enum_participant_next (&it)) != NULL)
{
ddsi_handshake_remove(pp, proxypp, NULL);
}
entidx_enum_participant_fini (&it);
}
}
#endif
static void free_proxy_participant(struct proxy_participant *proxypp)
@ -4765,6 +4865,7 @@ static void free_proxy_participant(struct proxy_participant *proxypp)
lease_free (proxypp->lease);
}
#ifdef DDSI_INCLUDE_SECURITY
disconnect_proxy_participant_secure(proxypp);
q_omg_security_deregister_remote_participant(proxypp);
#endif
unref_addrset (proxypp->as_default);
@ -4870,7 +4971,6 @@ void new_proxy_participant (struct ddsi_domaingv *gv, const struct ddsi_guid *pp
ddsrt_avl_init (&proxypp_groups_treedef, &proxypp->groups);
#ifdef DDSI_INCLUDE_SECURITY
proxypp->remote_identity_handle = 0;
proxypp->sec_attr = NULL;
set_proxy_participant_security_info (proxypp, plist);
if (is_secure)
@ -4879,7 +4979,7 @@ void new_proxy_participant (struct ddsi_domaingv *gv, const struct ddsi_guid *pp
/* check if the proxy participant has a match with a local participant */
if (!proxy_participant_check_security_info (gv, proxypp))
{
GVWARNING ("Remote secure participant "PGUIDFMT" not allowed\n", PGUID (*ppguid));
// GVWARNING ("Remote secure participant "PGUIDFMT" not allowed\n", PGUID (*ppguid));
free_proxy_participant (proxypp);
return;
}
@ -4903,7 +5003,9 @@ void new_proxy_participant (struct ddsi_domaingv *gv, const struct ddsi_guid *pp
#ifdef DDSI_INCLUDE_SECURITY
if (is_secure)
{
proxy_participant_create_handshakes (gv, proxypp);
}
#endif
}
@ -5399,7 +5501,10 @@ int new_proxy_writer (struct ddsi_domaingv *gv, const struct ddsi_guid *ppguid,
pwr->ddsi2direct_cb = 0;
pwr->ddsi2direct_cbarg = 0;
#ifdef DDSI_INCLUDE_SECURITY
set_proxy_writer_security_info(pwr, plist);
q_omg_get_proxy_writer_security_info(pwr, plist, &(pwr->security_info));
#endif
local_reader_ary_init (&pwr->rdary);
@ -5678,11 +5783,14 @@ int new_proxy_reader (struct ddsi_domaingv *gv, const struct ddsi_guid *ppguid,
#endif
prd->is_fict_trans_reader = 0;
#ifdef DDSI_INCLUDE_SECURITY
set_proxy_reader_security_info(prd, plist);
#endif
ddsrt_avl_init (&prd_writers_treedef, &prd->writers);
#ifdef DDSI_INCLUDE_SECURITY
q_omg_get_proxy_reader_security_info(prd, plist, &(prd->security_info));
if (prd->e.guid.entityid.u == NN_ENTITYID_P2P_BUILTIN_PARTICIPANT_VOLATILE_SECURE_READER)
prd->filter = volatile_secure_data_filter;
else
@ -5762,7 +5870,6 @@ static void gc_delete_proxy_reader (struct gcreq *gcreq)
writer_drop_connection (&m->wr_guid, prd);
free_prd_wr_match (m);
}
proxy_endpoint_common_fini (&prd->e, &prd->c);
ddsrt_free (prd);
}

7
src/core/ddsi/src/q_init.c
View file

@ -57,6 +57,7 @@
#include "dds/ddsi/ddsi_raweth.h"
#include "dds/ddsi/ddsi_mcgroup.h"
#include "dds/ddsi/ddsi_serdata_default.h"
#include "dds/ddsi/ddsi_security_omg.h"
#include "dds/ddsi/ddsi_tkmap.h"
#include "dds__whc.h"
@ -1131,7 +1132,7 @@ int rtps_init (struct ddsi_domaingv *gv)
add_property_to_xqos(&gv->builtin_volatile_xqos_rd, "dds.sec.builtin_endpoint_name", "BuiltinParticipantVolatileMessageSecureReader");
add_property_to_xqos(&gv->builtin_volatile_xqos_wr, "dds.sec.builtin_endpoint_name", "BuiltinParticipantVolatileMessageSecureWriter");
q_omg_security_init( &gv->security_context, &gv->logconfig );
q_omg_security_init(gv);
#endif
ddsrt_mutex_init (&gv->sertopics_lock);
@ -1482,7 +1483,7 @@ err_unicast_sockets:
ddsi_xqos_fini (&gv->builtin_volatile_xqos_wr);
ddsi_xqos_fini (&gv->builtin_volatile_xqos_rd);
q_omg_security_deinit( &gv->security_context );
q_omg_security_deinit (gv);
#endif
ddsi_xqos_fini (&gv->builtin_endpoint_xqos_wr);
ddsi_xqos_fini (&gv->builtin_endpoint_xqos_rd);
@ -1838,7 +1839,7 @@ void rtps_fini (struct ddsi_domaingv *gv)
ddsi_xqos_fini (&gv->builtin_volatile_xqos_wr);
ddsi_xqos_fini (&gv->builtin_volatile_xqos_rd);
q_omg_security_deinit( &gv->security_context);
q_omg_security_deinit (gv);
#endif
ddsi_xqos_fini (&gv->builtin_endpoint_xqos_wr);
ddsi_xqos_fini (&gv->builtin_endpoint_xqos_rd);

5
src/core/ddsi/src/q_misc.c
View file

@ -42,6 +42,11 @@ int WildcardOverlap(char * p1, char * p2)
}
#endif
bool guid_prefix_zero (const ddsi_guid_prefix_t *a)
{
return a->u[0] == 0 && a->u[1] == 0 && a->u[2] == 0;
}
int guid_prefix_eq (const ddsi_guid_prefix_t *a, const ddsi_guid_prefix_t *b)
{
return a->u[0] == b->u[0] && a->u[1] == b->u[1] && a->u[2] == b->u[2];

26
src/core/ddsi/src/q_receive.c
View file

@ -80,11 +80,6 @@ static void deliver_user_data_synchronously (struct nn_rsample_chain *sc, const
static void maybe_set_reader_in_sync (struct proxy_writer *pwr, struct pwr_rd_match *wn, seqno_t last_deliv_seq)
{
if (wn->filtered)
{
wn->in_sync = PRMSS_OUT_OF_SYNC;
return;
}
switch (wn->in_sync)
{
case PRMSS_SYNC:
@ -99,12 +94,15 @@ static void maybe_set_reader_in_sync (struct proxy_writer *pwr, struct pwr_rd_ma
}
break;
case PRMSS_OUT_OF_SYNC:
assert (nn_reorder_next_seq (wn->u.not_in_sync.reorder) <= nn_reorder_next_seq (pwr->reorder));
if (pwr->have_seen_heartbeat && nn_reorder_next_seq (wn->u.not_in_sync.reorder) == nn_reorder_next_seq (pwr->reorder))
if (!wn->filtered)
{
ETRACE (pwr, " msr_in_sync("PGUIDFMT" out-of-sync to tlcatchup)", PGUID (wn->rd_guid));
wn->in_sync = PRMSS_TLCATCHUP;
maybe_set_reader_in_sync (pwr, wn, last_deliv_seq);
assert (nn_reorder_next_seq (wn->u.not_in_sync.reorder) <= nn_reorder_next_seq (pwr->reorder));
if (pwr->have_seen_heartbeat && nn_reorder_next_seq (wn->u.not_in_sync.reorder) == nn_reorder_next_seq (pwr->reorder))
{
ETRACE (pwr, " msr_in_sync("PGUIDFMT" out-of-sync to tlcatchup)", PGUID (wn->rd_guid));
wn->in_sync = PRMSS_TLCATCHUP;
maybe_set_reader_in_sync (pwr, wn, last_deliv_seq);
}
}
break;
}
@ -1929,6 +1927,12 @@ static struct ddsi_serdata *remote_make_sample (struct ddsi_tkmap_instance **tk,
failmsg = "no content";
else if (!(qos->present & PP_KEYHASH))
failmsg = "qos present but without keyhash";
else if (q_omg_plist_keyhash_is_protected(qos))
{
/* If the keyhash is protected, then it is forced to be an actual MD5
* hash. This means the keyhash can't be decoded into a sample. */
failmsg = "keyhash is protected";
}
else if ((sample = ddsi_serdata_from_keyhash (topic, &qos->keyhash)) == NULL)
failmsg = "keyhash is MD5 and can't be converted to key value";
else
@ -3018,7 +3022,7 @@ static int handle_submsg_sequence
case SMID_SEC_PREFIX:
state = "parse:sec_prefix";
{
GVTRACE ("SEC_PREFIX");
GVTRACE ("SEC_PREFIX ");
if (!decode_SecPrefix(rst, submsg, submsg_size, end, &rst->src_guid_prefix, &rst->dst_guid_prefix, byteswap))
goto malformed;
}

2
src/core/ddsi/src/q_transmit.c
View file

@ -867,7 +867,7 @@ static void transmit_sample_unlocks_wr (struct nn_xpack *xp, struct writer *wr,
assert((wr->heartbeat_xevent != NULL) == (whcst != NULL));
sz = ddsi_serdata_size (serdata);
if (sz > gv->config.fragment_size || !isnew || plist != NULL || prd != NULL)
if (sz > gv->config.fragment_size || !isnew || plist != NULL || prd != NULL || q_omg_writer_is_submessage_protected(wr))
{
uint32_t nfrags;
ddsrt_mutex_unlock (&wr->e.lock);

34
src/core/ddsi/src/q_xevent.c
View file

@ -104,7 +104,8 @@ enum xeventkind_nt
{
XEVK_MSG,
XEVK_MSG_REXMIT,
XEVK_ENTITYID
XEVK_ENTITYID,
XEVK_NT_CALLBACK
};
struct untimed_listelem {
@ -131,6 +132,10 @@ struct xevent_nt
/* xmsg is self-contained / relies on reference counts */
struct nn_xmsg *msg;
} entityid;
struct {
void (*cb) (void *arg);
void *arg;
} callback;
} u;
};
@ -972,12 +977,16 @@ static void handle_xevk_acknack (struct nn_xpack *xp, struct xevent *ev, nn_mtim
if (addrset_any_uc (pwr->c.as, &loc) || addrset_any_mc (pwr->c.as, &loc))
{
struct participant *pp = NULL;
seqno_t nack_seq;
struct participant *pp = NULL;
struct reader *rd = entidx_lookup_reader_guid(pwr->e.gv->entity_index, &ev->u.acknack.rd_guid);
if (rd)
pp = rd->c.pp;
if (q_omg_proxy_participant_is_secure(pwr->c.proxypp))
{
struct reader *rd = entidx_lookup_reader_guid(pwr->e.gv->entity_index, &ev->u.acknack.rd_guid);
if (rd)
pp = rd->c.pp;
}
if ((msg = nn_xmsg_new (gv->xmsgpool, &ev->u.acknack.rd_guid, pp, ACKNACK_SIZE_MAX, NN_XMSG_KIND_CONTROL)) == NULL)
goto outofmem;
@ -1303,6 +1312,9 @@ static void handle_individual_xevent_nt (struct xevent_nt *xev, struct nn_xpack
case XEVK_ENTITYID:
handle_xevk_entityid (xp, xev);
break;
case XEVK_NT_CALLBACK:
xev->u.callback.cb (xev->u.callback.arg);
break;
}
ddsrt_free (xev);
}
@ -1459,6 +1471,18 @@ void qxev_msg (struct xeventq *evq, struct nn_xmsg *msg)
ddsrt_mutex_unlock (&evq->lock);
}
void qxev_nt_callback (struct xeventq *evq, void (*cb) (void *arg), void *arg)
{
struct xevent_nt *ev;
assert (evq);
ddsrt_mutex_lock (&evq->lock);
ev = qxev_common_nt (evq, XEVK_NT_CALLBACK);
ev->u.callback.cb = cb;
ev->u.callback.arg = arg;
qxev_insert_nt (ev);
ddsrt_mutex_unlock (&evq->lock);
}
void qxev_prd_entityid (struct proxy_reader *prd, const ddsi_guid_t *guid)
{
struct ddsi_domaingv * const gv = prd->e.gv;

21
src/core/ddsi/src/q_xmsg.c
View file

@ -920,22 +920,31 @@ void nn_xmsg_setwriterseq_fragid (struct nn_xmsg *msg, const ddsi_guid_t *wrguid
msg->kindspecific.data.wrfragid = wrfragid;
}
void *nn_xmsg_addpar (struct nn_xmsg *m, nn_parameterid_t pid, size_t len)
void *nn_xmsg_addpar_bo (struct nn_xmsg *m, nn_parameterid_t pid, size_t len, bool be)
{
#define BO2U(x) (be ? ddsrt_toBE2u((x)) : (x))
const size_t len4 = (len + 3) & ~(size_t)3; /* must alloc a multiple of 4 */
nn_parameter_t *phdr;
char *p;
assert (len4 < UINT16_MAX); /* FIXME: return error */
m->have_params = 1;
phdr = nn_xmsg_append (m, NULL, sizeof (nn_parameter_t) + len4);
phdr->parameterid = pid;
phdr->length = (uint16_t) len4;
phdr->parameterid = BO2U(pid);
phdr->length = BO2U((uint16_t) len4);
p = (char *) (phdr + 1);
/* zero out padding bytes added to satisfy parameter alignment: this way
valgrind can tell us where we forgot to initialize something */
while (len < len4)
p[len++] = 0;
return p;
#undef BO2U
}
void *nn_xmsg_addpar (struct nn_xmsg *m, nn_parameterid_t pid, size_t len)
{
return nn_xmsg_addpar_bo(m, pid, len, false);
}
void nn_xmsg_addpar_keyhash (struct nn_xmsg *m, const struct ddsi_serdata *serdata, bool force_md5)
@ -974,6 +983,11 @@ void nn_xmsg_addpar_sentinel (struct nn_xmsg * m)
nn_xmsg_addpar (m, PID_SENTINEL, 0);
}
void nn_xmsg_addpar_sentinel_bo (struct nn_xmsg * m, bool be)
{
nn_xmsg_addpar_bo (m, PID_SENTINEL, 0, be);
}
int nn_xmsg_addpar_sentinel_ifparam (struct nn_xmsg * m)
{
if (m->have_params)
@ -1188,6 +1202,7 @@ static ssize_t nn_xpack_send_rtps(struct nn_xpack * xp, const nn_locator_t *loc)
if (xp->sec_info.use_rtps_encoding)
{
ret = secure_conn_write(
xp->gv,
xp->conn,
loc,
xp->niov,

2
src/security/builtin_plugins/access_control/src/access_control_parser.c
View file

@ -958,8 +958,10 @@ static int permissions_element_open_cb(void *varg, uintptr_t parentinfo, uintptr
{
parser->current = new_element(ELEMENT_KIND_IGNORED, parser->current, sizeof(struct element));
/*if this is the first element in the IGNORED branch, then give warning for the user*/
#if 0
if (parser->current->parent->kind != ELEMENT_KIND_IGNORED)
printf("Warning: Unsupported element \"%s\" has been ignored in permissions file.\n", name);
#endif
}
else
{

3
src/security/builtin_plugins/authentication/src/auth_utils.c
View file

@ -1225,7 +1225,8 @@ get_trusted_ca_list ( const char* trusted_ca_dir,
if( loading_result == DDS_SECURITY_VALIDATION_OK ){
ca_buffer_array[ca_buffer_array_size] = identityCA;
ca_buffer_array_size++;
} else {
DDS_Security_Exception_reset(ex);
}
}
}

590
src/security/builtin_plugins/authentication/src/authentication.c
View file

File diff suppressed because it is too large Load diff

73
src/security/builtin_plugins/cryptographic/src/crypto_key_exchange.c
View file

@ -71,21 +71,35 @@ static bool check_not_data_empty(const DDS_Security_OctetSeq *seq)
return false;
}
static bool check_crypto_keymaterial(const DDS_Security_KeyMaterial_AES_GCM_GMAC *keymat)
static bool check_crypto_keymaterial(
const dds_security_crypto_key_exchange_impl *impl,
const DDS_Security_KeyMaterial_AES_GCM_GMAC *keymat,
const int64_t handle)
{
bool status;
bool status = false;
uint32_t transform_kind = CRYPTO_TRANSFORM_KIND(keymat->transformation_kind);
uint32_t key_sz = CRYPTO_KEY_SIZE_BYTES(transform_kind);
status = (transform_kind >= CRYPTO_TRANSFORMATION_KIND_AES128_GMAC && transform_kind <= CRYPTO_TRANSFORMATION_KIND_AES256_GCM &&
keymat->master_salt._length == key_sz && keymat->master_salt._buffer != NULL && check_not_data_empty(&keymat->master_salt) &&
keymat->master_sender_key._length == key_sz && keymat->master_sender_key._buffer != NULL && check_not_data_empty(&keymat->master_sender_key));
if (status && CRYPTO_TRANSFORM_ID(keymat->receiver_specific_key_id))
if (transform_kind != CRYPTO_TRANSFORMATION_KIND_NONE)
{
status = (keymat->master_receiver_specific_key._length == key_sz &&
keymat->master_receiver_specific_key._buffer != NULL && check_not_data_empty(&keymat->master_receiver_specific_key));
status = (transform_kind <= CRYPTO_TRANSFORMATION_KIND_AES256_GCM &&
keymat->master_salt._length == key_sz && keymat->master_salt._buffer != NULL && check_not_data_empty(&keymat->master_salt) &&
keymat->master_sender_key._length == key_sz && keymat->master_sender_key._buffer != NULL && check_not_data_empty(&keymat->master_sender_key));
if (status && CRYPTO_TRANSFORM_ID(keymat->receiver_specific_key_id))
{
status = (keymat->master_receiver_specific_key._length == key_sz &&
keymat->master_receiver_specific_key._buffer != NULL && check_not_data_empty(&keymat->master_receiver_specific_key));
}
}
else
{
const dds_security_crypto_key_factory *factory;
DDS_Security_ProtectionKind kind;
factory = cryptography_get_crypto_key_factory(impl->crypto);
if (crypto_factory_get_protection_kind(factory, handle, &kind))
status = (kind == DDS_SECURITY_PROTECTION_KIND_NONE);
}
return status;
@ -179,12 +193,34 @@ create_local_participant_crypto_tokens(
tokens->_buffer[0].binary_properties._buffer[0].value._length =
tokens->_buffer[0].binary_properties._buffer[0].value._maximum = length;
tokens->_buffer[0].binary_properties._buffer[0].value._buffer = buffer;
tokens->_buffer[0].binary_properties._buffer[0].propagate = true;
return true;
fail_invalid_arg:
return false;
}
static DDS_Security_boolean
allow_empty_tokens(
const dds_security_crypto_key_exchange_impl *impl,
const DDS_Security_ParticipantCryptoTokenSeq *tokens,
const int64_t handle)
{
const dds_security_crypto_key_factory *factory;
DDS_Security_ProtectionKind kind;
if (tokens->_length > 0)
return false;
factory = cryptography_get_crypto_key_factory(impl->crypto);
if (crypto_factory_get_protection_kind(factory, handle, &kind))
return (kind == DDS_SECURITY_PROTECTION_KIND_NONE);
return false;
}
static DDS_Security_boolean
set_remote_participant_crypto_tokens(
dds_security_crypto_key_exchange *instance,
@ -207,6 +243,9 @@ set_remote_participant_crypto_tokens(
return false;
}
if (allow_empty_tokens(impl, tokens, remote_id))
return true;
if (!check_crypto_tokens(tokens))
{
DDS_Security_Exception_set(ex, DDS_CRYPTO_PLUGIN_CONTEXT, DDS_SECURITY_ERR_INVALID_CRYPTO_ARGUMENT_CODE, 0,
@ -229,7 +268,7 @@ set_remote_participant_crypto_tokens(
"set_remote_participant_crypto_tokens: " DDS_SECURITY_ERR_INVALID_CRYPTO_TOKEN_MESSAGE);
result = false;
}
else if (!check_crypto_keymaterial(&remote_key_mat))
else if (!check_crypto_keymaterial(impl, &remote_key_mat, remote_id))
{
DDS_Security_Exception_set(ex, DDS_CRYPTO_PLUGIN_CONTEXT, DDS_SECURITY_ERR_INVALID_CRYPTO_TOKEN_CODE, 0,
"set_remote_participant_crypto_tokens: " DDS_SECURITY_ERR_INVALID_CRYPTO_TOKEN_MESSAGE);
@ -290,6 +329,7 @@ create_local_datawriter_crypto_tokens(
tokens->_buffer[i].binary_properties._buffer[0].value._length =
tokens->_buffer[i].binary_properties._buffer[0].value._maximum = length;
tokens->_buffer[i].binary_properties._buffer[0].value._buffer = buffer;
tokens->_buffer[i].binary_properties._buffer[0].propagate = true;
CRYPTO_OBJECT_RELEASE(key_mat[i]);
}
@ -317,6 +357,9 @@ set_remote_datawriter_crypto_tokens(
return false;
}
if (allow_empty_tokens(impl, tokens, remote_writer_handle))
return true;
if (!check_crypto_tokens(tokens))
{
DDS_Security_Exception_set(ex, DDS_CRYPTO_PLUGIN_CONTEXT, DDS_SECURITY_ERR_INVALID_CRYPTO_ARGUMENT_CODE, 0,
@ -347,7 +390,7 @@ set_remote_datawriter_crypto_tokens(
"set_remote_datawriter_crypto_tokens: " DDS_SECURITY_ERR_INVALID_CRYPTO_TOKEN_MESSAGE);
result = false;
}
else if (!check_crypto_keymaterial(&remote_key_mat[i]))
else if (!check_crypto_keymaterial(impl, &remote_key_mat[i], remote_writer_handle))
{
DDS_Security_Exception_set(ex, DDS_CRYPTO_PLUGIN_CONTEXT, DDS_SECURITY_ERR_INVALID_CRYPTO_TOKEN_CODE, 0,
"set_remote_datawriter_crypto_tokens: " DDS_SECURITY_ERR_INVALID_CRYPTO_TOKEN_MESSAGE);
@ -409,6 +452,7 @@ create_local_datareader_crypto_tokens(
tokens->_buffer[0].binary_properties._buffer[0].value._length =
tokens->_buffer[0].binary_properties._buffer[0].value._maximum = length;
tokens->_buffer[0].binary_properties._buffer[0].value._buffer = buffer;
tokens->_buffer[0].binary_properties._buffer[0].propagate = true;
CRYPTO_OBJECT_RELEASE(key_mat);
}
@ -444,6 +488,9 @@ set_remote_datareader_crypto_tokens(
return false;
}
if (allow_empty_tokens(impl, tokens, remote_reader_handle))
return true;
if (!check_crypto_tokens(tokens))
{
DDS_Security_Exception_set(ex, DDS_CRYPTO_PLUGIN_CONTEXT, DDS_SECURITY_ERR_INVALID_CRYPTO_ARGUMENT_CODE, 0,
@ -466,7 +513,7 @@ set_remote_datareader_crypto_tokens(
"set_remote_datareader_crypto_tokens: " DDS_SECURITY_ERR_INVALID_CRYPTO_TOKEN_MESSAGE);
result = false;
}
else if (!check_crypto_keymaterial(&remote_key_mat))
else if (!check_crypto_keymaterial(impl, &remote_key_mat, remote_reader_handle))
{
DDS_Security_Exception_set(ex, DDS_CRYPTO_PLUGIN_CONTEXT, DDS_SECURITY_ERR_INVALID_CRYPTO_TOKEN_CODE, 0,
"set_remote_datareader_crypto_tokens: " DDS_SECURITY_ERR_INVALID_CRYPTO_TOKEN_MESSAGE);

105
src/security/builtin_plugins/cryptographic/src/crypto_key_factory.c
View file

@ -245,6 +245,7 @@ remove_relation_from_keymaterial(
CryptoObject *remote_crypto)
{
endpoint_relation *relation;
relation = crypto_endpoint_relation_find_by_crypto(key_material->endpoint_relations, local_crypto, remote_crypto);
if (relation)
{
@ -258,24 +259,21 @@ remove_remote_writer_relation(
dds_security_crypto_key_factory_impl *implementation,
remote_datawriter_crypto *remote_writer)
{
local_datareader_crypto *local_reader;
remote_participant_crypto *remote_participant;
participant_key_material *key_material;
DDSRT_UNUSED_ARG(implementation);
assert(remote_writer);
remote_participant = remote_writer->participant;
assert(remote_participant);
local_reader = (local_datareader_crypto *)crypto_object_table_find(implementation->crypto_objects, remote_writer->local_reader_handle);
if (local_reader)
key_material = (participant_key_material *)crypto_object_table_find(
remote_participant->key_material, CRYPTO_OBJECT_HANDLE(remote_writer->local_reader->participant));
if (key_material)
{
key_material = (participant_key_material *)crypto_object_table_find(
remote_participant->key_material, CRYPTO_OBJECT_HANDLE(local_reader->participant));
if (key_material)
{
remove_relation_from_keymaterial(key_material, (CryptoObject *)local_reader, (CryptoObject *)remote_writer);
CRYPTO_OBJECT_RELEASE(key_material);
}
CRYPTO_OBJECT_RELEASE(local_reader);
remove_relation_from_keymaterial(key_material, (CryptoObject *)remote_writer->local_reader, (CryptoObject *)remote_writer);
CRYPTO_OBJECT_RELEASE(key_material);
}
}
@ -284,24 +282,21 @@ remove_remote_reader_relation(
dds_security_crypto_key_factory_impl *implementation,
remote_datareader_crypto *remote_reader)
{
local_datawriter_crypto *local_writer;
remote_participant_crypto *remote_participant;
participant_key_material *key_material;
DDSRT_UNUSED_ARG(implementation);
assert(remote_reader);
remote_participant = remote_reader->participant;
assert(remote_participant);
local_writer = (local_datawriter_crypto *)crypto_object_table_find(implementation->crypto_objects, remote_reader->local_writer_handle);
if (local_writer)
key_material = (participant_key_material *)crypto_object_table_find(
remote_participant->key_material, CRYPTO_OBJECT_HANDLE(remote_reader->local_writer->participant));
if (key_material)
{
key_material = (participant_key_material *)crypto_object_table_find(
remote_participant->key_material, CRYPTO_OBJECT_HANDLE(local_writer->participant));
if (key_material)
{
remove_relation_from_keymaterial(key_material, (CryptoObject *)local_writer, (CryptoObject *)remote_reader);
CRYPTO_OBJECT_RELEASE(key_material);
}
CRYPTO_OBJECT_RELEASE(local_writer);
remove_relation_from_keymaterial(key_material, (CryptoObject *)remote_reader->local_writer, (CryptoObject *)remote_reader);
CRYPTO_OBJECT_RELEASE(key_material);
}
}
@ -562,6 +557,7 @@ register_local_datawriter(
crypto_object_table_insert(implementation->crypto_objects, (CryptoObject *)writer_crypto);
CRYPTO_OBJECT_RELEASE(participant_crypto);
CRYPTO_OBJECT_RELEASE(writer_crypto);
return writer_crypto->_parent.handle;
err_random_generation:
@ -619,7 +615,7 @@ register_matched_remote_datareader(
data_protectionKind = local_writer->data_protectionKind;
metadata_protectionKind = local_writer->metadata_protectionKind;
reader_crypto = crypto_remote_datareader_crypto__new(remote_participant, metadata_protectionKind, data_protectionKind, local_datawriter_crypto_handle);
reader_crypto = crypto_remote_datareader_crypto__new(remote_participant, metadata_protectionKind, data_protectionKind, local_writer);
/* check if the writer is BuiltinParticipantVolatileMessageSecureWriter */
if (local_writer->is_builtin_participant_volatile_message_secure_writer)
@ -667,6 +663,7 @@ register_matched_remote_datareader(
CRYPTO_OBJECT_RELEASE(remote_participant);
CRYPTO_OBJECT_RELEASE(local_writer);
CRYPTO_OBJECT_RELEASE(reader_crypto);
return DATAREADER_CRYPTO_HANDLE(reader_crypto);
err_random_generation:
@ -736,6 +733,7 @@ register_local_datareader(
crypto_object_table_insert(implementation->crypto_objects, (CryptoObject *)reader_crypto);
CRYPTO_OBJECT_RELEASE(participant_crypto);
CRYPTO_OBJECT_RELEASE(reader_crypto);
return DATAREADER_CRYPTO_HANDLE(reader_crypto);
err_random_generation:
@ -786,8 +784,7 @@ register_matched_remote_datawriter(
goto err_invalid_parameter;
}
writer_crypto = crypto_remote_datawriter_crypto__new(remote_participant, local_reader->metadata_protectionKind,
local_reader->data_protectionKind, local_datareader_crypto_handle);
writer_crypto = crypto_remote_datawriter_crypto__new(remote_participant, local_reader->metadata_protectionKind, local_reader->data_protectionKind, local_reader);
/* check if the writer is BuiltinParticipantVolatileMessageSecureWriter */
if (local_reader->is_builtin_participant_volatile_message_secure_reader)
@ -833,6 +830,7 @@ register_matched_remote_datawriter(
CRYPTO_OBJECT_RELEASE(remote_participant);
CRYPTO_OBJECT_RELEASE(local_reader);
CRYPTO_OBJECT_RELEASE(writer_crypto);
return DATAREADER_CRYPTO_HANDLE(writer_crypto);
err_random_generation:
@ -983,6 +981,51 @@ void dds_security_crypto_key_factory__dealloc(dds_security_crypto_key_factory *i
ddsrt_free(implementation);
}
bool
crypto_factory_get_protection_kind(
const dds_security_crypto_key_factory *factory,
int64_t handle,
DDS_Security_ProtectionKind *kind)
{
const dds_security_crypto_key_factory_impl *impl = (const dds_security_crypto_key_factory_impl *)factory;
CryptoObject *obj;
bool result = true;
obj = crypto_object_table_find(impl->crypto_objects, handle);
if (!obj)
{
return false;
}
switch (obj->kind)
{
case CRYPTO_OBJECT_KIND_LOCAL_CRYPTO:
*kind = ((local_participant_crypto *)obj)->rtps_protection_kind;
break;
case CRYPTO_OBJECT_KIND_REMOTE_CRYPTO:
*kind = ((remote_participant_crypto *)obj)->rtps_protection_kind;
break;
case CRYPTO_OBJECT_KIND_LOCAL_WRITER_CRYPTO:
*kind = ((local_datawriter_crypto *)obj)->metadata_protectionKind;
break;
case CRYPTO_OBJECT_KIND_REMOTE_WRITER_CRYPTO:
*kind = ((remote_datawriter_crypto *)obj)->metadata_protectionKind;
break;
case CRYPTO_OBJECT_KIND_LOCAL_READER_CRYPTO:
*kind = ((local_datareader_crypto *)obj)->metadata_protectionKind;
break;
case CRYPTO_OBJECT_KIND_REMOTE_READER_CRYPTO:
*kind = ((remote_datareader_crypto *)obj)->metadata_protectionKind;
break;
default:
result = false;
break;
}
CRYPTO_OBJECT_RELEASE(obj);
return result;
}
bool
crypto_factory_get_participant_crypto_tokens(
const dds_security_crypto_key_factory *factory,
@ -1110,7 +1153,7 @@ crypto_factory_get_datawriter_crypto_tokens(
goto err_inv_remote;
}
if (remote_reader_crypto->local_writer_handle != local_writer_handle)
if (CRYPTO_OBJECT_HANDLE(remote_reader_crypto->local_writer) != local_writer_handle)
{
DDS_Security_Exception_set(ex, DDS_CRYPTO_PLUGIN_CONTEXT, DDS_SECURITY_ERR_INVALID_CRYPTO_HANDLE_CODE, 0,
DDS_SECURITY_ERR_INVALID_CRYPTO_HANDLE_MESSAGE);
@ -1180,7 +1223,7 @@ crypto_factory_set_datawriter_crypto_tokens(
goto err_inv_local;
}
if (remote_writer_crypto->local_reader_handle != local_reader_handle)
if (CRYPTO_OBJECT_HANDLE(remote_writer_crypto->local_reader) != local_reader_handle)
{
DDS_Security_Exception_set(ex, DDS_CRYPTO_PLUGIN_CONTEXT, DDS_SECURITY_ERR_INVALID_CRYPTO_HANDLE_CODE, 0,
DDS_SECURITY_ERR_INVALID_CRYPTO_HANDLE_MESSAGE);
@ -1254,7 +1297,7 @@ crypto_factory_get_datareader_crypto_tokens(
goto err_inv_remote;
}
if (remote_writer_crypto->local_reader_handle != local_reader_handle)
if (CRYPTO_OBJECT_HANDLE(remote_writer_crypto->local_reader) != local_reader_handle)
{
DDS_Security_Exception_set(ex, DDS_CRYPTO_PLUGIN_CONTEXT, DDS_SECURITY_ERR_INVALID_CRYPTO_HANDLE_CODE, 0,
DDS_SECURITY_ERR_INVALID_CRYPTO_HANDLE_MESSAGE);
@ -1317,7 +1360,7 @@ crypto_factory_set_datareader_crypto_tokens(
goto err_inv_local;
}
if (remote_reader_crypto->local_writer_handle != local_writer_handle)
if (CRYPTO_OBJECT_HANDLE(remote_reader_crypto->local_writer) != local_writer_handle)
{
DDS_Security_Exception_set(ex, DDS_CRYPTO_PLUGIN_CONTEXT, DDS_SECURITY_ERR_INVALID_CRYPTO_HANDLE_CODE, 0,
DDS_SECURITY_ERR_INVALID_CRYPTO_HANDLE_MESSAGE);
@ -1582,7 +1625,7 @@ crypto_factory_get_remote_writer_key_material(
DDS_SECURITY_ERR_INVALID_CRYPTO_HANDLE_MESSAGE);
goto err_inv_crypto;
}
if (writer_crypto->local_reader_handle != reader_id)
if (CRYPTO_OBJECT_HANDLE(writer_crypto->local_reader) != reader_id)
{
DDS_Security_Exception_set(ex, DDS_CRYPTO_PLUGIN_CONTEXT, DDS_SECURITY_ERR_INVALID_CRYPTO_HANDLE_CODE, 0,
DDS_SECURITY_ERR_INVALID_CRYPTO_HANDLE_MESSAGE);
@ -1646,7 +1689,7 @@ crypto_factory_get_remote_reader_key_material(
DDS_SECURITY_ERR_INVALID_CRYPTO_HANDLE_MESSAGE);
goto err_inv_crypto;
}
if (reader_crypto->local_writer_handle != writer_id)
if (CRYPTO_OBJECT_HANDLE(reader_crypto->local_writer) != writer_id)
{
DDS_Security_Exception_set(ex, DDS_CRYPTO_PLUGIN_CONTEXT,
DDS_SECURITY_ERR_INVALID_CRYPTO_HANDLE_CODE, 0,

5
src/security/builtin_plugins/cryptographic/src/crypto_key_factory.h
View file

@ -29,6 +29,11 @@ int generate_key_pairs(
char **private_key,
char **public_key);
bool crypto_factory_get_protection_kind(
const dds_security_crypto_key_factory *factory,
int64_t handle,
DDS_Security_ProtectionKind *kind);
bool crypto_factory_get_participant_crypto_tokens(
const dds_security_crypto_key_factory *factory,
DDS_Security_ParticipantCryptoHandle local_id,

13
src/security/builtin_plugins/cryptographic/src/crypto_objects.c
View file

@ -11,6 +11,7 @@
*/
#include <assert.h>
#include <string.h>
#include <stdio.h>
#include "dds/ddsrt/heap.h"
#include "dds/ddsrt/hopscotch.h"
#include "dds/ddsrt/types.h"
@ -63,7 +64,9 @@ void crypto_object_free(CryptoObject *obj)
CryptoObject * crypto_object_keep(CryptoObject *obj)
{
if (obj)
{
ddsrt_atomic_inc32(&obj->refcount);
}
return obj;
}
@ -455,6 +458,7 @@ static void remote_datawriter_crypto__free(CryptoObject *obj)
CRYPTO_OBJECT_RELEASE(datawriter_crypto->reader2writer_key_material);
CRYPTO_OBJECT_RELEASE(datawriter_crypto->writer2reader_key_material[0]);
CRYPTO_OBJECT_RELEASE(datawriter_crypto->writer2reader_key_material[1]);
CRYPTO_OBJECT_RELEASE(datawriter_crypto->local_reader);
CRYPTO_OBJECT_RELEASE(datawriter_crypto->participant);
crypto_object_deinit((CryptoObject *)datawriter_crypto);
ddsrt_free(datawriter_crypto);
@ -462,14 +466,14 @@ static void remote_datawriter_crypto__free(CryptoObject *obj)
}
remote_datawriter_crypto * crypto_remote_datawriter_crypto__new(const remote_participant_crypto *participant,
DDS_Security_ProtectionKind meta_protection, DDS_Security_BasicProtectionKind data_protection, DDS_Security_DatareaderCryptoHandle local_reader_handle)
DDS_Security_ProtectionKind meta_protection, DDS_Security_BasicProtectionKind data_protection, local_datareader_crypto *local_reader)
{
remote_datawriter_crypto *writer_crypto = ddsrt_calloc(1, sizeof(*writer_crypto));
crypto_object_init((CryptoObject *)writer_crypto, CRYPTO_OBJECT_KIND_REMOTE_WRITER_CRYPTO, remote_datawriter_crypto__free);
writer_crypto->participant = (remote_participant_crypto *)CRYPTO_OBJECT_KEEP(participant);
writer_crypto->metadata_protectionKind = meta_protection;
writer_crypto->data_protectionKind = data_protection;
writer_crypto->local_reader_handle = local_reader_handle;
writer_crypto->local_reader = (local_datareader_crypto *)CRYPTO_OBJECT_KEEP(local_reader);
writer_crypto->is_builtin_participant_volatile_message_secure_writer = false;
return writer_crypto;
@ -514,6 +518,7 @@ static void remote_datareader_crypto__free(CryptoObject *obj)
CRYPTO_OBJECT_RELEASE(datareader_crypto->reader2writer_key_material);
CRYPTO_OBJECT_RELEASE(datareader_crypto->writer2reader_key_material_message);
CRYPTO_OBJECT_RELEASE(datareader_crypto->writer2reader_key_material_payload);
CRYPTO_OBJECT_RELEASE(datareader_crypto->local_writer);
CRYPTO_OBJECT_RELEASE(datareader_crypto->participant);
crypto_object_deinit((CryptoObject *)datareader_crypto);
ddsrt_free(datareader_crypto);
@ -521,14 +526,14 @@ static void remote_datareader_crypto__free(CryptoObject *obj)
}
remote_datareader_crypto *crypto_remote_datareader_crypto__new(const remote_participant_crypto *participant, DDS_Security_ProtectionKind metadata_protectionKind,
DDS_Security_BasicProtectionKind data_protectionKind, DDS_Security_DatawriterCryptoHandle local_writer_handle)
DDS_Security_BasicProtectionKind data_protectionKind, local_datawriter_crypto *local_writer)
{
remote_datareader_crypto *reader_crypto = ddsrt_calloc(1, sizeof(*reader_crypto));
crypto_object_init((CryptoObject *)reader_crypto, CRYPTO_OBJECT_KIND_REMOTE_READER_CRYPTO, remote_datareader_crypto__free);
reader_crypto->participant = (remote_participant_crypto *)CRYPTO_OBJECT_KEEP(participant);
reader_crypto->metadata_protectionKind = metadata_protectionKind;
reader_crypto->data_protectionKind = data_protectionKind;
reader_crypto->local_writer_handle = local_writer_handle;
reader_crypto->local_writer = (local_datawriter_crypto *)CRYPTO_OBJECT_KEEP(local_writer);
reader_crypto->is_builtin_participant_volatile_message_secure_reader = false;
return reader_crypto;

8
src/security/builtin_plugins/cryptographic/src/crypto_objects.h
View file

@ -165,7 +165,7 @@ typedef struct remote_datawriter_crypto
master_key_material *reader2writer_key_material;
master_key_material *writer2reader_key_material[2];
session_key_material *reader_session; /* reference to the session key used by the reader */
DDS_Security_DatareaderCryptoHandle local_reader_handle;
struct local_datareader_crypto *local_reader;
bool is_builtin_participant_volatile_message_secure_writer;
} remote_datawriter_crypto;
@ -190,7 +190,7 @@ typedef struct remote_datareader_crypto
master_key_material *writer2reader_key_material_message;
master_key_material *writer2reader_key_material_payload;
session_key_material *writer_session; /* reference to the session key used by the writer */
DDS_Security_DatawriterCryptoHandle local_writer_handle;
local_datawriter_crypto *local_writer;
bool is_builtin_participant_volatile_message_secure_reader;
} remote_datareader_crypto;
@ -257,7 +257,7 @@ crypto_remote_datareader_crypto__new(
const remote_participant_crypto *participant,
DDS_Security_ProtectionKind metadata_protectionKind,
DDS_Security_BasicProtectionKind data_protectionKind,
DDS_Security_DatawriterCryptoHandle local_writer_handle);
local_datawriter_crypto *local_writer);
local_datareader_crypto *
crypto_local_datareader_crypto__new(
@ -270,7 +270,7 @@ crypto_remote_datawriter_crypto__new(
const remote_participant_crypto *participant,
DDS_Security_ProtectionKind meta_protection,
DDS_Security_BasicProtectionKind data_protection,
DDS_Security_DatareaderCryptoHandle local_reader_handle);
local_datareader_crypto *local_reader);
CryptoObject *
crypto_object_keep(

1
src/security/builtin_plugins/tests/set_remote_datareader_crypto_tokens/src/set_remote_datareader_crypto_tokens_utests.c
View file

@ -149,6 +149,7 @@ register_local_datawriter(void)
memset(&datawriter_security_attributes, 0, sizeof(DDS_Security_EndpointSecurityAttributes));
datawriter_security_attributes.is_discovery_protected = true;
datawriter_security_attributes.is_submessage_protected = true;
local_writer_crypto =
crypto->crypto_key_factory->register_local_datawriter(

1
src/security/builtin_plugins/tests/set_remote_datawriter_crypto_tokens/src/set_remote_datawriter_crypto_tokens_utests.c
View file

@ -141,6 +141,7 @@ static int register_local_datareader(void)
memset(&datareader_properties, 0, sizeof(datareader_properties));
memset(&datareader_security_attributes, 0, sizeof(datareader_security_attributes));
datareader_security_attributes.is_discovery_protected = true;
datareader_security_attributes.is_submessage_protected = true;
local_reader_crypto =
crypto->crypto_key_factory->register_local_datareader(

3
src/security/core/CMakeLists.txt
View file

@ -53,7 +53,8 @@ target_include_directories(security_core
if(BUILD_TESTING)
add_subdirectory(tests)
add_subdirectory(tests/plugin_loading)
# Temporarily disabled because needs refractoring w.r.t. security implementation
# add_subdirectory(tests/plugin_loading)
endif()
install(

4
src/security/core/include/dds/security/core/dds_security_utils.h
View file

@ -26,8 +26,8 @@ typedef DDS_Security_long_long DDS_Security_Handle;
typedef DDS_Security_LongLongSeq DDS_Security_HandleSeq;
#define DDS_SECURITY_SEQUENCE_INIT {0, 0, NULL}
#define DDS_SECURITY_TOKEN_INIT {NULL, DDS_SECURITY_SEQUENCE_INIT, DDS_SECURITY_SEQUENCE_INIT}
#define DDS_SECURITY_TOKEN_INIT {NULL, DDS_SECURITY_SEQUENCE_INIT, DDS_SECURITY_SEQUENCE_INIT}
#define DDS_SECURITY_EXCEPTION_INIT {NULL, 0, 0}
typedef enum {
DDS_SECURITY_CONFIG_ITEM_PREFIX_UNKNOWN,

227
src/security/core/src/dds_security_fsm.c
View file

@ -49,7 +49,8 @@ struct dds_security_fsm
{
struct dds_security_fsm *next_fsm;
struct dds_security_fsm *prev_fsm;
bool active;
bool busy;
bool deleting;
struct dds_security_fsm_control *control;
const dds_security_fsm_transition *transitions;
uint32_t size;
@ -69,8 +70,10 @@ struct dds_security_fsm_control
struct ddsi_domaingv *gv;
struct dds_security_fsm *first_fsm;
struct dds_security_fsm *last_fsm;
struct fsm_event *event_queue;
struct fsm_event *first_event;
struct fsm_event *last_event;
ddsrt_fibheap_t timers;
ddsrt_thread_t tid;
bool running;
};
@ -86,6 +89,68 @@ static int compare_timer_event (const void *va, const void *vb)
return (a->endtime == b->endtime) ? 0 : (a->endtime < b->endtime) ? -1 : 1;
}
static void append_event(struct dds_security_fsm_control *control, struct fsm_event *event)
{
event->next = NULL;
event->prev = control->last_event;
if (control->last_event)
control->last_event->next = event;
else
control->first_event = event;
control->last_event = event;
}
static void insert_event(struct dds_security_fsm_control *control, struct fsm_event *event)
{
event->prev = NULL;
event->next = control->first_event;
if (control->first_event)
control->first_event->prev = event;
else
control->last_event = event;
control->first_event = event;
}
static struct fsm_event *get_event(struct dds_security_fsm_control *control)
{
struct fsm_event *event = control->first_event;
if (event)
{
control->first_event = event->next;
if (event->next)
event->next->prev = NULL;
else
control->last_event = NULL;
event->next = NULL;
event->prev = NULL;
}
return event;
}
static void remove_events(struct dds_security_fsm_control *control, struct dds_security_fsm *fsm)
{
struct fsm_event *event = control->first_event;
while (event)
{
struct fsm_event *next = event->next;
if (event->fsm == fsm)
{
if (event->prev)
event->prev->next = event->next;
else
control->first_event = event->next;
if (event->next)
event->next->prev = event->prev;
else
control->last_event = event->prev;
ddsrt_free(event);
}
event = next;
}
}
static void fsm_dispatch (struct dds_security_fsm *fsm, int event_id, bool lifo)
{
struct dds_security_fsm_control *control = fsm->control;
@ -103,26 +168,10 @@ static void fsm_dispatch (struct dds_security_fsm *fsm, int event_id, bool lifo)
event->next = NULL;
event->prev = NULL;
if (lifo) {
/* Insert event at the top of the event list */
if (control->event_queue) {
control->event_queue->prev = event;
}
event->next = control->event_queue;
control->event_queue = event;
} else {
/* Insert FIFO event */
if (control->event_queue) {
struct fsm_event *last = control->event_queue;
while (last->next != NULL ) {
last = last->next;
}
last->next = event;
event->prev = last;
} else {
control->event_queue = event;
}
}
if (lifo)
insert_event(control, event);
else
append_event(control, event);
}
static void set_state_timer (struct dds_security_fsm *fsm)
@ -142,16 +191,18 @@ static void clear_state_timer (struct dds_security_fsm *fsm)
{
struct dds_security_fsm_control *control = fsm->control;
if (fsm->current && fsm->state_timeout_event.endtime != DDS_NEVER)
if (fsm->state_timeout_event.endtime != DDS_NEVER)
ddsrt_fibheap_delete (&timer_events_fhdef, &control->timers, &fsm->state_timeout_event);
fsm->state_timeout_event.endtime = DDS_NEVER;
}
static void clear_overall_timer (struct dds_security_fsm *fsm)
{
struct dds_security_fsm_control *control = fsm->control;
if (fsm->current && fsm->overall_timeout_event.endtime != DDS_NEVER)
if (fsm->overall_timeout_event.endtime != DDS_NEVER)
ddsrt_fibheap_delete (&timer_events_fhdef, &control->timers, &fsm->overall_timeout_event);
fsm->overall_timeout_event.endtime = DDS_NEVER;
}
static dds_time_t first_timeout (struct dds_security_fsm_control *control)
@ -185,57 +236,57 @@ static void fsm_state_change (struct thread_state1 *ts1, struct dds_security_fsm
int event_id = event->event_id;
uint32_t i;
if (fsm->active)
if (fsm->debug_func)
fsm->debug_func (fsm, DDS_SECURITY_FSM_DEBUG_ACT_HANDLING, fsm->current, event_id, fsm->arg);
for (i = 0; i < fsm->size; i++)
{
if (fsm->debug_func)
fsm->debug_func (fsm, DDS_SECURITY_FSM_DEBUG_ACT_HANDLING, fsm->current, event_id, fsm->arg);
for (i = 0; i < fsm->size; i++)
if ((fsm->transitions[i].begin == fsm->current) && (fsm->transitions[i].event_id == event_id))
{
if ((fsm->transitions[i].begin == fsm->current) && (fsm->transitions[i].event_id == event_id))
{
clear_state_timer (fsm);
fsm->current = fsm->transitions[i].end;
set_state_timer (fsm);
clear_state_timer (fsm);
fsm->current = fsm->transitions[i].end;
set_state_timer (fsm);
fsm->busy = true;
ddsrt_mutex_unlock (&control->lock);
ddsrt_mutex_unlock (&control->lock);
thread_state_asleep (ts1);
if (fsm->transitions[i].func)
fsm->transitions[i].func (fsm, fsm->arg);
if (fsm->current && fsm->current->func)
fsm->current->func (fsm, fsm->arg);
thread_state_awake (ts1, control->gv);
if (fsm->transitions[i].func)
fsm->transitions[i].func (fsm, fsm->arg);
if (fsm->current && fsm->current->func)
fsm->current->func (fsm, fsm->arg);
thread_state_awake (ts1, control->gv);
ddsrt_mutex_lock (&control->lock);
thread_state_asleep (ts1);
ddsrt_mutex_lock (&control->lock);
fsm->busy = false;
if (!fsm->deleting)
fsm_check_auto_state_change (fsm);
break;
}
else
ddsrt_cond_broadcast(&control->cond);
break;
}
}
else if (event_id == DDS_SECURITY_FSM_EVENT_DELETE)
fsm_delete (control, fsm);
}
static void fsm_handle_timeout (struct dds_security_fsm_control *control, struct fsm_timer_event *timer_event)
{
struct dds_security_fsm *fsm = timer_event->fsm;
if (fsm->active)
switch (timer_event->kind)
{
switch (timer_event->kind)
{
case FSM_TIMEOUT_STATE:
fsm_dispatch (fsm, DDS_SECURITY_FSM_EVENT_TIMEOUT, true);
break;
case FSM_TIMEOUT_OVERALL:
ddsrt_mutex_unlock (&control->lock);
if (fsm->overall_timeout_action)
fsm->overall_timeout_action (fsm, fsm->arg);
ddsrt_mutex_lock (&control->lock);
break;
}
case FSM_TIMEOUT_STATE:
fsm_dispatch (fsm, DDS_SECURITY_FSM_EVENT_TIMEOUT, true);
break;
case FSM_TIMEOUT_OVERALL:
fsm->busy = true;
ddsrt_mutex_unlock (&control->lock);
if (fsm->overall_timeout_action)
fsm->overall_timeout_action (fsm, fsm->arg);
ddsrt_mutex_lock (&control->lock);
fsm->busy = false;
if (fsm->deleting)
ddsrt_cond_broadcast(&control->cond);
break;
}
/* mark timer event as being processed */
@ -245,17 +296,16 @@ static void fsm_handle_timeout (struct dds_security_fsm_control *control, struct
static uint32_t handle_events (struct dds_security_fsm_control *control)
{
struct thread_state1 * const ts1 = lookup_thread_state ();
struct fsm_event *event;
control->tid = ddsrt_thread_self();
thread_state_awake (ts1, control->gv);
ddsrt_mutex_lock (&control->lock);
while (control->running)
{
if (control->event_queue)
if ((event = get_event(control)) != NULL)
{
struct fsm_event *event = control->event_queue;
control->event_queue = event->next;
if (control->event_queue)
control->event_queue->prev = NULL;
fsm_state_change (ts1, control, event);
ddsrt_free (event);
}
@ -288,7 +338,7 @@ void dds_security_fsm_set_timeout (struct dds_security_fsm *fsm, dds_security_fs
assert(timeout > 0);
ddsrt_mutex_lock (&fsm->control->lock);
if (fsm->active)
if (!fsm->deleting)
{
if (timeout != DDS_NEVER)
{
@ -297,7 +347,7 @@ void dds_security_fsm_set_timeout (struct dds_security_fsm *fsm, dds_security_fs
fsm->overall_timeout_event.endtime = ddsrt_time_add_duration(dds_time(), timeout);
ddsrt_fibheap_insert (&timer_events_fhdef, &fsm->control->timers, &fsm->overall_timeout_event);
if (fsm->overall_timeout_event.endtime < first_timeout(fsm->control))
ddsrt_cond_signal (&fsm->control->cond);
ddsrt_cond_broadcast (&fsm->control->cond);
}
else
clear_overall_timer (fsm);
@ -311,10 +361,10 @@ void dds_security_fsm_dispatch (struct dds_security_fsm *fsm, int32_t event_id,
assert(fsm->control);
ddsrt_mutex_lock (&fsm->control->lock);
if (fsm->active)
if (!fsm->deleting)
{
fsm_dispatch (fsm, event_id, prio);
ddsrt_cond_signal (&fsm->control->cond);
ddsrt_cond_broadcast (&fsm->control->cond);
}
ddsrt_mutex_unlock (&fsm->control->lock);
}
@ -324,7 +374,6 @@ const dds_security_fsm_state * dds_security_fsm_current_state (struct dds_securi
const dds_security_fsm_state *state;
assert(fsm);
assert(fsm->active);
ddsrt_mutex_lock (&fsm->control->lock);
state = fsm->current;
@ -407,7 +456,8 @@ struct dds_security_fsm * dds_security_fsm_create (struct dds_security_fsm_contr
fsm->overall_timeout_event.kind = FSM_TIMEOUT_OVERALL;
fsm->overall_timeout_event.endtime = DDS_NEVER;
fsm->overall_timeout_event.fsm = fsm;
fsm->active = true;
fsm->busy = false;
fsm->deleting = false;
fsm->next_fsm = NULL;
fsm->prev_fsm = NULL;
fsm->control = control;
@ -425,16 +475,17 @@ dds_security_fsm_start (struct dds_security_fsm *fsm)
dds_security_fsm_dispatch(fsm, DDS_SECURITY_FSM_EVENT_AUTO, false);
}
static void fsm_deactivate (struct dds_security_fsm *fsm, bool gen_del_event)
static void fsm_deactivate (struct dds_security_fsm_control *control, struct dds_security_fsm *fsm)
{
if (fsm->active)
fsm->deleting = true;
remove_events(control, fsm);
clear_state_timer (fsm);
clear_overall_timer (fsm);
fsm->current = NULL;
if (!ddsrt_thread_equal(control->tid, ddsrt_thread_self()))
{
fsm->active = false;
clear_state_timer (fsm);
clear_overall_timer (fsm);
fsm->current = NULL;
if (gen_del_event)
fsm_dispatch (fsm, DDS_SECURITY_FSM_EVENT_DELETE, false);
while (fsm->busy)
ddsrt_cond_wait(&control->cond, &control->lock);
}
}
@ -447,14 +498,14 @@ void dds_security_fsm_free (struct dds_security_fsm *fsm)
control = fsm->control;
ddsrt_mutex_lock (&control->lock);
fsm_deactivate (fsm, true);
fsm_deactivate (control, fsm);
ddsrt_mutex_unlock (&control->lock);
}
static void fsm_delete (struct dds_security_fsm_control *control, struct dds_security_fsm *fsm)
{
fsm_deactivate (fsm, false);
remove_fsm_from_list (control, fsm);
fsm_deactivate (control, fsm);
ddsrt_free(fsm);
}
@ -464,7 +515,8 @@ struct dds_security_fsm_control * dds_security_fsm_control_create (struct ddsi_d
control = ddsrt_malloc (sizeof(*control));
control->running = false;
control->event_queue = NULL;
control->first_event = NULL;
control->last_event = NULL;
control->first_fsm = NULL;
control->last_fsm = NULL;
control->gv = gv;
@ -486,12 +538,11 @@ void dds_security_fsm_control_free (struct dds_security_fsm_control *control)
while ((fsm = control->first_fsm) != NULL)
{
control->first_fsm = fsm->next_fsm;
fsm_deactivate (fsm, false);
ddsrt_free (fsm);
fsm_delete (control, fsm);
}
while ((event = control->event_queue) != NULL)
while ((event = control->first_event) != NULL)
{
control->event_queue = event->next;
control->first_event = event->next;
ddsrt_free (event);
}
@ -520,7 +571,7 @@ void dds_security_fsm_control_stop (struct dds_security_fsm_control *control)
ddsrt_mutex_lock (&control->lock);
control->running = false;
ddsrt_cond_signal (&control->cond);
ddsrt_cond_broadcast (&control->cond);
ddsrt_mutex_unlock (&control->lock);
join_thread (control->ts);

8
src/security/core/src/dds_security_utils.c
View file

@ -124,6 +124,7 @@ DDS_Security_BinaryProperty_set_by_value(
bp->name = ddsrt_strdup(name);
bp->value._length = length;
bp->value._maximum = length;
bp->propagate = true;
if (length) {
bp->value._buffer = ddsrt_malloc(length);
memcpy(bp->value._buffer, data, length);
@ -164,6 +165,7 @@ DDS_Security_BinaryProperty_set_by_ref(
bp->value._length = length;
bp->value._maximum = length;
bp->value._buffer = data;
bp->propagate = true;
}
DDS_Security_BinaryPropertySeq *
@ -840,7 +842,7 @@ DDS_Security_Exception_set_with_openssl_error(
void
DDS_Security_Exception_reset(
DDS_Security_SecurityException *ex)
DDS_Security_SecurityException *ex)
{
if (ex) {
if (ex->message) {
@ -855,7 +857,9 @@ DDS_Security_Exception_clean(
DDS_Security_SecurityException *ex)
{
if (ex) {
memset(ex, 0, sizeof(DDS_Security_SecurityException));
ex->code = 0;
ex->minor_code = 0;
ex->message = NULL;
}
}

17
src/security/core/tests/plugin_loading/plugin_loading.c
View file

@ -20,6 +20,7 @@
#include "dds/ddsrt/cdtors.h"
#include "dds/ddsrt/environ.h"
#include "dds/ddsrt/heap.h"
#include "plugin_mock_common.h"
//#include "dds/ddsi/ddsi_security_omg.h"
#define FORCE_ENV
@ -87,7 +88,7 @@ static uint32_t found;
static void logger(void *ptr, const dds_log_data_t *data) {
char **expected = (char **) ptr;
if (print_log) {
printf("%s\n", data->message);
fputs(data->message, stdout);
}
for (uint32_t i = 0; expected[i] != NULL; i++) {
if (patmatch(expected[i], data->message)) {
@ -112,9 +113,9 @@ CU_Test(ddssec_security_plugin_loading, all_ok, .init = ddsrt_init, .fini = ddsr
"<DDSSecurity>"
"<Authentication>"
"<Library path=\"dds_security_authentication_all_ok\" initFunction=\"init_authentication\" finalizeFunction=\"finalize_authentication\" />"
"<IdentityCertificate>testtext_IdentityCertificate_testtext</IdentityCertificate>"
"<IdentityCA>testtext_IdentityCA_testtext</IdentityCA>"
"<PrivateKey>testtext_PrivateKey_testtext</PrivateKey>"
"<IdentityCertificate>"TEST_IDENTITY_CERTIFICATE_ALL_OK"</IdentityCertificate>"
"<IdentityCA>"TEST_CA_CERTIFICATE_ALL_OK"</IdentityCA>"
"<PrivateKey>"TEST_PRIVATE_KEY_ALL_OK"</PrivateKey>"
"<Password>testtext_Password_testtext</Password>"
"<TrustedCADirectory>testtext_Dir_testtext</TrustedCADirectory>"
"</Authentication>"
@ -469,7 +470,7 @@ CU_Test(ddssec_security_plugin_loading, no_library_in_path, .init = ddsrt_init,
#else
dds_delete(participant);
#endif
CU_ASSERT_FATAL(found == 0xd || found == 0xe);
dds_delete(participant);
@ -551,13 +552,13 @@ CU_Test(ddssec_security_plugin_loading, all_ok_with_props, .init = ddsrt_init, .
dds_entity_t participant;
dds_qos_t * qos;
/* Set up the trace sinks to detect the config parsing. */
dds_set_log_mask(DDS_LC_INFO);
dds_set_log_sink(&logger, (void*)log_expected);
dds_set_trace_sink(&logger, (void*)log_expected);
/* Create the qos */
unsigned char bvalue[3] = { 0x01, 0x02, 0x03 };
CU_ASSERT_FATAL ((qos = dds_create_qos()) != NULL);

12
src/security/core/tests/plugin_loading/plugin_mock/authentication_all_ok/mock_authentication.c
View file

@ -28,6 +28,11 @@ typedef struct dds_security_authentication_impl {
int id; //sample internal member
} dds_security_authentication_impl;
static const char *test_identity_certificate = TEST_IDENTITY_CERTIFICATE_ALL_OK;
static const char *test_ca_certificate = TEST_CA_CERTIFICATE_ALL_OK;
static const char *test_private_key = TEST_PRIVATE_KEY_ALL_OK;
DDS_Security_ValidationResult_t validate_local_identity(
dds_security_authentication *instance,
DDS_Security_IdentityHandle *local_identity_handle,
@ -76,14 +81,17 @@ DDS_Security_ValidationResult_t validate_local_identity(
}
if( strcmp(identity_certificate, test_identity_certificate) != 0){
printf("identity received=%s\n", identity_certificate);
printf("identity expected=%s\n", test_identity_certificate);
result = DDS_SECURITY_VALIDATION_FAILED;
printf("FAILED: Could not get identity_certificate value properly\n");
}
else if( strcmp(identity_ca, test_ca_certificate) != 0){
printf("ca received=%s\n", identity_ca);
printf("ca expected=%s\n", test_ca_certificate);
printf("FAILED: Could not get identity_ca value properly\n");
result = DDS_SECURITY_VALIDATION_FAILED;
}else if( strcmp(private_key, test_privatekey) != 0){
}else if( strcmp(private_key, test_private_key) != 0){
printf("FAILED: Could not get private_key value properly\n");
result = DDS_SECURITY_VALIDATION_FAILED;
}

78
src/security/core/tests/plugin_loading/plugin_mock/authentication_all_ok/mock_authentication.h
View file

@ -9,6 +9,7 @@
#define SECURITY_BUILTIN_PLUGINS_AUTHENTICATION_H_
#include "dds/security/authentication_all_ok_export.h"
#include "../../plugin_mock_common.h"
SECURITY_EXPORT int32_t
init_authentication(const char *argument, void **context);
@ -16,83 +17,6 @@ init_authentication(const char *argument, void **context);
SECURITY_EXPORT int32_t
finalize_authentication(void *context);
char *test_identity_certificate="data:,-----BEGIN CERTIFICATE-----\n\
MIIDYDCCAkigAwIBAgIBBDANBgkqhkiG9w0BAQsFADByMQswCQYDVQQGEwJOTDEL\n\
MAkGA1UECBMCT1YxEzARBgNVBAoTCkFETGluayBJU1QxGTAXBgNVBAMTEElkZW50\n\
aXR5IENBIFRlc3QxJjAkBgkqhkiG9w0BCQEWF2luZm9AaXN0LmFkbGlua3RlY2gu\n\
Y29tMB4XDTE4MDMxMjAwMDAwMFoXDTI3MDMxMTIzNTk1OVowdTELMAkGA1UEBhMC\n\
TkwxCzAJBgNVBAgTAk9WMRAwDgYDVQQKEwdBRExpbmsgMREwDwYDVQQLEwhJU1Qg\n\
VGVzdDETMBEGA1UEAxMKQWxpY2UgVGVzdDEfMB0GCSqGSIb3DQEJARYQYWxpY2VA\n\
YWRsaW5rLmlzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANBW+tEZ\n\
Baw7EQCEXyzH9n7IkZ8PQIKe8hG1LAOGYOF/oUYQZJO/HxbWoC4rFqOC20+A6is6\n\
kFwr1Zzp/Wurk9CrFXo5Nomi6ActH6LUM57nYqN68w6U38z/XkQxVY/ESZ5dySfD\n\
9Q1C8R+zdE8gwbimdYmwX7ioz336nghM2CoAHPDRthQeJupl8x4V7isOltr9CGx8\n\
+imJXbGr39OK6u87cNLeu23sUkOIC0lSRMIqIQK3oJtHS70J2qecXdqp9MhE7Xky\n\
/GPlI8ptQ1gJ8A3cAOvtI9mtMJMszs2EKWTLfeTcmfJHKKhKjvCgDdh3Jan4x5YP\n\
Yg7HG6H+ceOUkMMCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAkvuqZzyJ3Nu4/Eo5\n\
kD0nVgYGBUl7cspu+636q39zPSrxLEDMUWz+u8oXLpyGcgiZ8lZulPTV8dmOn+3C\n\
Vg55c5C+gbnbX3MDyb3wB17296RmxYf6YNul4sFOmj6+g2i+Dw9WH0PBCVKbA84F\n\
jR3Gx2Pfoifor3DvT0YFSsjNIRt090u4dQglbIb6cWEafC7O24t5jFhGPvJ7L9SE\n\
gB0Drh/HmKTVuaqaRkoOKkKaKuWoXsszK1ZFda1DHommnR5LpYPsDRQ2fVM4EuBF\n\
By03727uneuG8HLuNcLEV9H0i7LxtyfFkyCPUQvWG5jehb7xPOz/Ml26NAwwjlTJ\n\
xEEFrw==\n\
-----END CERTIFICATE-----";
char *test_ca_certificate="data:,-----BEGIN CERTIFICATE-----\n\
MIIEKTCCAxGgAwIBAgIBATANBgkqhkiG9w0BAQsFADByMQswCQYDVQQGEwJOTDEL\n\
MAkGA1UECBMCT1YxEzARBgNVBAoTCkFETGluayBJU1QxGTAXBgNVBAMTEElkZW50\n\
aXR5IENBIFRlc3QxJjAkBgkqhkiG9w0BCQEWF2luZm9AaXN0LmFkbGlua3RlY2gu\n\
Y29tMB4XDTE4MDMxMjAwMDAwMFoXDTI3MDMxMTIzNTk1OVowcjELMAkGA1UEBhMC\n\
TkwxCzAJBgNVBAgTAk9WMRMwEQYDVQQKEwpBRExpbmsgSVNUMRkwFwYDVQQDExBJ\n\
ZGVudGl0eSBDQSBUZXN0MSYwJAYJKoZIhvcNAQkBFhdpbmZvQGlzdC5hZGxpbmt0\n\
ZWNoLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANa/ENFfGVXg\n\
bPLTzBdDfiZQcp5dWZ//Pb8ErFOJu8uosVHFv8t69dgjHgNHB4OsjmjnR7GfKUZT\n\
0cMvWJnjsC7DDlBwFET9rj4k40n96bbVCH9I7+tNhsoqzc6Eu+5h4sk7VfNGTM2Z\n\
SyCd4GiSZRuA44rRbhXI7/LDpr4hY5J9ZDo5AM9ZyoLAoh774H3CZWD67S35XvUs\n\
72dzE6uKG/vxBbvZ7eW2GLO6ewa9UxlnLVMPfJdpkp/xYXwwcPW2+2YXCge1ujxs\n\
tjrOQJ5HUySh6DkE/kZpx8zwYWm9AaCrsvCIX1thsqgvKy+U5v1FS1L58eGc6s//\n\
9yMgNhU29R0CAwEAAaOByTCBxjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBRNVUJN\n\
FzhJPReYT4QSx6dK53CXCTAfBgNVHSMEGDAWgBRNVUJNFzhJPReYT4QSx6dK53CX\n\
CTAPBgNVHQ8BAf8EBQMDB/+AMGUGA1UdJQEB/wRbMFkGCCsGAQUFBwMBBggrBgEF\n\
BQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCAYIKwYBBQUHAwkGCCsG\n\
AQUFBwMNBggrBgEFBQcDDgYHKwYBBQIDBTANBgkqhkiG9w0BAQsFAAOCAQEAcOLF\n\
ZYdJguj0uxeXB8v3xnUr1AWz9+gwg0URdfNLU2KvF2lsb/uznv6168b3/FcPgezN\n\
Ihl9GqB+RvGwgXS/1UelCGbQiIUdsNxk246P4uOGPIyW32RoJcYPWZcpY+cw11tQ\n\
NOnk994Y5/8ad1DmcxVLLqq5kwpXGWQufV1zOONq8B+mCvcVAmM4vkyF/de56Lwa\n\
sAMpk1p77uhaDnuq2lIR4q3QHX2wGctFid5Q375DRscFQteY01r/dtwBBrMn0wuL\n\
AMNx9ZGD+zAoOUaslpIlEQ+keAxk3jgGMWFMxF81YfhEnXzevSQXWpyek86XUyFL\n\
O9IAQi5pa15gXjSbUg==\n\
-----END CERTIFICATE-----";
char *test_privatekey = "data:,-----BEGIN RSA PRIVATE KEY-----\n\
MIIEowIBAAKCAQEA0Fb60RkFrDsRAIRfLMf2fsiRnw9Agp7yEbUsA4Zg4X+hRhBk\n\
k78fFtagLisWo4LbT4DqKzqQXCvVnOn9a6uT0KsVejk2iaLoBy0fotQznudio3rz\n\
DpTfzP9eRDFVj8RJnl3JJ8P1DULxH7N0TyDBuKZ1ibBfuKjPffqeCEzYKgAc8NG2\n\
FB4m6mXzHhXuKw6W2v0IbHz6KYldsavf04rq7ztw0t67bexSQ4gLSVJEwiohAreg\n\
m0dLvQnap5xd2qn0yETteTL8Y+Ujym1DWAnwDdwA6+0j2a0wkyzOzYQpZMt95NyZ\n\
8kcoqEqO8KAN2HclqfjHlg9iDscbof5x45SQwwIDAQABAoIBAG0dYPeqd0IhHWJ7\n\
8azufbchLMN1pX/D51xG2uptssfnpHuhkkufSZUYi4QipRS2ME6PYhWJ8pmTi6lH\n\
E6cUkbI0KGd/F4U2gPdhNrR9Fxwea5bbifkVF7Gx/ZkRjZJiZ3w9+mCNTQbJDKhh\n\
wITAzzT6WYznhvqbzzBX1fTa6kv0GAQtX7aHKM+XIwkhX2gzU5TU80bvH8aMrT05\n\
tAMGQqkUeRnpo0yucBl4VmTZzd/+X/d2UyXR0my15jE5iH5o+p+E6qTRE9D+MGUd\n\
MQ6Ftj0Untqy1lcog1ZLL6zPlnwcD4jgY5VCYDgvabnrSwymOJapPLsAEdWdq+U5\n\
ec44BMECgYEA/+3qPUrd4XxA517qO3fCGBvf2Gkr7w5ZDeATOTHGuD8QZeK0nxPl\n\
CWhRjdgkqo0fyf1cjczL5XgYayo+YxkO1Z4RUU+8lJAHlVx9izOQo+MTQfkwH4BK\n\
LYlHxMoHJwAOXXoE+dmBaDh5xT0mDUGU750r763L6EFovE4qRBn9hxkCgYEA0GWz\n\
rpOPNxb419WxG9npoQYdCZ5IbmEOGDH3ReggVzWHmW8sqtkqTZm5srcyDpqAc1Gu\n\
paUveMblEBbU+NFJjLWOfwB5PCp8jsrqRgCQSxolShiVkc3Vu3oyzMus9PDge1eo\n\
9mwVGO7ojQKWRu/WVAakENPaAjeyyhv4dqSNnjsCgYEAlwe8yszqoY1k8+U0T0G+\n\
HeIdOCXgkmOiNCj+zyrLvaEhuS6PLq1b5TBVqGJcSPWdQ+MrglbQIKu9pUg5ptt7\n\
wJ5WU+i9PeK9Ruxc/g/BFKYFkFJQjtZzb+nqm3wpul8zGwDN/O/ZiTqCyd3rHbmM\n\
/dZ/viKPCZHIEBAEq0m3LskCgYBndzcAo+5k8ZjWwBfQth5SfhCIp/daJgGzbYtR\n\
P/BenAsY2KOap3tjT8Fsw5usuHSxzIojX6H0Gvu7Qzq11mLn43Q+BeQrRQTWeFRc\n\
MQdy4iZFZXNNEp7dF8yE9VKHwdgSJPGUdxD6chMvf2tRCN6mlS171VLV6wVvZvez\n\
H/vX5QKBgD2Dq/NHpjCpAsECP9awmNF5Akn5WJbRGmegwXIih2mOtgtYYDeuQyxY\n\
ZCrdJFfIUjUVPagshEmUklKhkYMYpzy2PQDVtaVcm6UNFroxT5h+J+KDs1LN1H8G\n\
LsASrzyAg8EpRulwXEfLrWKiu9DKv8bMEgO4Ovgz8zTKJZIFhcac\n\
-----END RSA PRIVATE KEY-----";
DDS_Security_ValidationResult_t
validate_local_identity(
dds_security_authentication *instance,

98
src/security/core/tests/plugin_loading/plugin_mock_common.h Normal file
View file

@ -0,0 +1,98 @@
/*
* Copyright(c) 2006 to 2019 ADLINK Technology Limited and others
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License v. 2.0 which is available at
* http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License
* v. 1.0 which is available at
* http://www.eclipse.org/org/documents/edl-v10.php.
*
* SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
*/
#ifndef PLUGIN_MOCK_COMMON_H_
#define PLUGIN_MOCK_COMMON_H_
#define TEST_IDENTITY_CERTIFICATE_ALL_OK "testtext_IdentityCertificate_testtext"
#define TEST_CA_CERTIFICATE_ALL_OK "testtext_IdentityCA_testtext"
#define TEST_PRIVATE_KEY_ALL_OK "testtext_PrivateKey_testtext"
#define TEST_IDENTITY_CERTIFICATE "data:,-----BEGIN CERTIFICATE-----\n\
MIIDYDCCAkigAwIBAgIBBDANBgkqhkiG9w0BAQsFADByMQswCQYDVQQGEwJOTDEL\n\
MAkGA1UECBMCT1YxEzARBgNVBAoTCkFETGluayBJU1QxGTAXBgNVBAMTEElkZW50\n\
aXR5IENBIFRlc3QxJjAkBgkqhkiG9w0BCQEWF2luZm9AaXN0LmFkbGlua3RlY2gu\n\
Y29tMB4XDTE4MDMxMjAwMDAwMFoXDTI3MDMxMTIzNTk1OVowdTELMAkGA1UEBhMC\n\
TkwxCzAJBgNVBAgTAk9WMRAwDgYDVQQKEwdBRExpbmsgMREwDwYDVQQLEwhJU1Qg\n\
VGVzdDETMBEGA1UEAxMKQWxpY2UgVGVzdDEfMB0GCSqGSIb3DQEJARYQYWxpY2VA\n\
YWRsaW5rLmlzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANBW+tEZ\n\
Baw7EQCEXyzH9n7IkZ8PQIKe8hG1LAOGYOF/oUYQZJO/HxbWoC4rFqOC20+A6is6\n\
kFwr1Zzp/Wurk9CrFXo5Nomi6ActH6LUM57nYqN68w6U38z/XkQxVY/ESZ5dySfD\n\
9Q1C8R+zdE8gwbimdYmwX7ioz336nghM2CoAHPDRthQeJupl8x4V7isOltr9CGx8\n\
+imJXbGr39OK6u87cNLeu23sUkOIC0lSRMIqIQK3oJtHS70J2qecXdqp9MhE7Xky\n\
/GPlI8ptQ1gJ8A3cAOvtI9mtMJMszs2EKWTLfeTcmfJHKKhKjvCgDdh3Jan4x5YP\n\
Yg7HG6H+ceOUkMMCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAkvuqZzyJ3Nu4/Eo5\n\
kD0nVgYGBUl7cspu+636q39zPSrxLEDMUWz+u8oXLpyGcgiZ8lZulPTV8dmOn+3C\n\
Vg55c5C+gbnbX3MDyb3wB17296RmxYf6YNul4sFOmj6+g2i+Dw9WH0PBCVKbA84F\n\
jR3Gx2Pfoifor3DvT0YFSsjNIRt090u4dQglbIb6cWEafC7O24t5jFhGPvJ7L9SE\n\
gB0Drh/HmKTVuaqaRkoOKkKaKuWoXsszK1ZFda1DHommnR5LpYPsDRQ2fVM4EuBF\n\
By03727uneuG8HLuNcLEV9H0i7LxtyfFkyCPUQvWG5jehb7xPOz/Ml26NAwwjlTJ\n\
xEEFrw==\n\
-----END CERTIFICATE-----"
#define TEST_CA_CERTIFICATE_ALL "data:,-----BEGIN CERTIFICATE-----\n\
MIIEKTCCAxGgAwIBAgIBATANBgkqhkiG9w0BAQsFADByMQswCQYDVQQGEwJOTDEL\n\
MAkGA1UECBMCT1YxEzARBgNVBAoTCkFETGluayBJU1QxGTAXBgNVBAMTEElkZW50\n\
aXR5IENBIFRlc3QxJjAkBgkqhkiG9w0BCQEWF2luZm9AaXN0LmFkbGlua3RlY2gu\n\
Y29tMB4XDTE4MDMxMjAwMDAwMFoXDTI3MDMxMTIzNTk1OVowcjELMAkGA1UEBhMC\n\
TkwxCzAJBgNVBAgTAk9WMRMwEQYDVQQKEwpBRExpbmsgSVNUMRkwFwYDVQQDExBJ\n\
ZGVudGl0eSBDQSBUZXN0MSYwJAYJKoZIhvcNAQkBFhdpbmZvQGlzdC5hZGxpbmt0\n\
ZWNoLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANa/ENFfGVXg\n\
bPLTzBdDfiZQcp5dWZ//Pb8ErFOJu8uosVHFv8t69dgjHgNHB4OsjmjnR7GfKUZT\n\
0cMvWJnjsC7DDlBwFET9rj4k40n96bbVCH9I7+tNhsoqzc6Eu+5h4sk7VfNGTM2Z\n\
SyCd4GiSZRuA44rRbhXI7/LDpr4hY5J9ZDo5AM9ZyoLAoh774H3CZWD67S35XvUs\n\
72dzE6uKG/vxBbvZ7eW2GLO6ewa9UxlnLVMPfJdpkp/xYXwwcPW2+2YXCge1ujxs\n\
tjrOQJ5HUySh6DkE/kZpx8zwYWm9AaCrsvCIX1thsqgvKy+U5v1FS1L58eGc6s//\n\
9yMgNhU29R0CAwEAAaOByTCBxjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBRNVUJN\n\
FzhJPReYT4QSx6dK53CXCTAfBgNVHSMEGDAWgBRNVUJNFzhJPReYT4QSx6dK53CX\n\
CTAPBgNVHQ8BAf8EBQMDB/+AMGUGA1UdJQEB/wRbMFkGCCsGAQUFBwMBBggrBgEF\n\
BQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCAYIKwYBBQUHAwkGCCsG\n\
AQUFBwMNBggrBgEFBQcDDgYHKwYBBQIDBTANBgkqhkiG9w0BAQsFAAOCAQEAcOLF\n\
ZYdJguj0uxeXB8v3xnUr1AWz9+gwg0URdfNLU2KvF2lsb/uznv6168b3/FcPgezN\n\
Ihl9GqB+RvGwgXS/1UelCGbQiIUdsNxk246P4uOGPIyW32RoJcYPWZcpY+cw11tQ\n\
NOnk994Y5/8ad1DmcxVLLqq5kwpXGWQufV1zOONq8B+mCvcVAmM4vkyF/de56Lwa\n\
sAMpk1p77uhaDnuq2lIR4q3QHX2wGctFid5Q375DRscFQteY01r/dtwBBrMn0wuL\n\
AMNx9ZGD+zAoOUaslpIlEQ+keAxk3jgGMWFMxF81YfhEnXzevSQXWpyek86XUyFL\n\
O9IAQi5pa15gXjSbUg==\n\
-----END CERTIFICATE-----"
#define TEST_PRIVATE_KEY_ALL "data:,-----BEGIN RSA PRIVATE KEY-----\n\
MIIEowIBAAKCAQEA0Fb60RkFrDsRAIRfLMf2fsiRnw9Agp7yEbUsA4Zg4X+hRhBk\n\
k78fFtagLisWo4LbT4DqKzqQXCvVnOn9a6uT0KsVejk2iaLoBy0fotQznudio3rz\n\
DpTfzP9eRDFVj8RJnl3JJ8P1DULxH7N0TyDBuKZ1ibBfuKjPffqeCEzYKgAc8NG2\n\
FB4m6mXzHhXuKw6W2v0IbHz6KYldsavf04rq7ztw0t67bexSQ4gLSVJEwiohAreg\n\
m0dLvQnap5xd2qn0yETteTL8Y+Ujym1DWAnwDdwA6+0j2a0wkyzOzYQpZMt95NyZ\n\
8kcoqEqO8KAN2HclqfjHlg9iDscbof5x45SQwwIDAQABAoIBAG0dYPeqd0IhHWJ7\n\
8azufbchLMN1pX/D51xG2uptssfnpHuhkkufSZUYi4QipRS2ME6PYhWJ8pmTi6lH\n\
E6cUkbI0KGd/F4U2gPdhNrR9Fxwea5bbifkVF7Gx/ZkRjZJiZ3w9+mCNTQbJDKhh\n\
wITAzzT6WYznhvqbzzBX1fTa6kv0GAQtX7aHKM+XIwkhX2gzU5TU80bvH8aMrT05\n\
tAMGQqkUeRnpo0yucBl4VmTZzd/+X/d2UyXR0my15jE5iH5o+p+E6qTRE9D+MGUd\n\
MQ6Ftj0Untqy1lcog1ZLL6zPlnwcD4jgY5VCYDgvabnrSwymOJapPLsAEdWdq+U5\n\
ec44BMECgYEA/+3qPUrd4XxA517qO3fCGBvf2Gkr7w5ZDeATOTHGuD8QZeK0nxPl\n\
CWhRjdgkqo0fyf1cjczL5XgYayo+YxkO1Z4RUU+8lJAHlVx9izOQo+MTQfkwH4BK\n\
LYlHxMoHJwAOXXoE+dmBaDh5xT0mDUGU750r763L6EFovE4qRBn9hxkCgYEA0GWz\n\
rpOPNxb419WxG9npoQYdCZ5IbmEOGDH3ReggVzWHmW8sqtkqTZm5srcyDpqAc1Gu\n\
paUveMblEBbU+NFJjLWOfwB5PCp8jsrqRgCQSxolShiVkc3Vu3oyzMus9PDge1eo\n\
9mwVGO7ojQKWRu/WVAakENPaAjeyyhv4dqSNnjsCgYEAlwe8yszqoY1k8+U0T0G+\n\
HeIdOCXgkmOiNCj+zyrLvaEhuS6PLq1b5TBVqGJcSPWdQ+MrglbQIKu9pUg5ptt7\n\
wJ5WU+i9PeK9Ruxc/g/BFKYFkFJQjtZzb+nqm3wpul8zGwDN/O/ZiTqCyd3rHbmM\n\
/dZ/viKPCZHIEBAEq0m3LskCgYBndzcAo+5k8ZjWwBfQth5SfhCIp/daJgGzbYtR\n\
P/BenAsY2KOap3tjT8Fsw5usuHSxzIojX6H0Gvu7Qzq11mLn43Q+BeQrRQTWeFRc\n\
MQdy4iZFZXNNEp7dF8yE9VKHwdgSJPGUdxD6chMvf2tRCN6mlS171VLV6wVvZvez\n\
H/vX5QKBgD2Dq/NHpjCpAsECP9awmNF5Akn5WJbRGmegwXIih2mOtgtYYDeuQyxY\n\
ZCrdJFfIUjUVPagshEmUklKhkYMYpzy2PQDVtaVcm6UNFroxT5h+J+KDs1LN1H8G\n\
LsASrzyAg8EpRulwXEfLrWKiu9DKv8bMEgO4Ovgz8zTKJZIFhcac\n\
-----END RSA PRIVATE KEY-----"
#endif

81
src/security/core/tests/plugin_loading/security_config.c
View file

@ -21,6 +21,7 @@
#include "dds/ddsrt/heap.h"
#include "dds/ddsi/q_misc.h"
#include "dds/ddsi/ddsi_xqos.h"
#include "plugin_mock_common.h"
#include "dds/security/dds_security_api_defs.h"
@ -50,9 +51,9 @@
"0:\"dds.sec.access.library.path\":\""ac"\"," \
"0:\"dds.sec.access.library.init\":\"init_access_control\"," \
"0:\"dds.sec.access.library.finalize\":\"finalize_access_control\"," \
"0:\"dds.sec.auth.identity_ca\":\"testtext_IdentityCA_testtext\"," \
"0:\"dds.sec.auth.private_key\":\"testtext_PrivateKey_testtext\"," \
"0:\"dds.sec.auth.identity_certificate\":\"testtext_IdentityCertificate_testtext\"," \
"0:\"dds.sec.auth.identity_ca\":\"" TEST_CA_CERTIFICATE_ALL_OK "\"," \
"0:\"dds.sec.auth.private_key\":\"" TEST_PRIVATE_KEY_ALL_OK "\"," \
"0:\"dds.sec.auth.identity_certificate\":\"" TEST_IDENTITY_CERTIFICATE_ALL_OK "\"," \
"0:\"dds.sec.access.permissions_ca\":\"file:Permissions_CA.pem\"," \
"0:\"dds.sec.access.governance\":\"file:Governance.p7s\"," \
"0:\"dds.sec.access.permissions\":\"file:Permissions.p7s\"" \
@ -206,9 +207,9 @@ CU_Test(ddsc_security_config, all, .init = ddsrt_init, .fini = ddsrt_fini)
"config: Domain/DDSSecurity/Authentication/Library[@path]: "MOCKLIB_PATH("dds_security_authentication_all_ok")"*",
"config: Domain/DDSSecurity/Authentication/Library[@initFunction]: init_authentication*",
"config: Domain/DDSSecurity/Authentication/Library[@finalizeFunction]: finalize_authentication*",
"config: Domain/DDSSecurity/Authentication/IdentityCertificate/#text: testtext_IdentityCertificate_testtext*",
"config: Domain/DDSSecurity/Authentication/IdentityCA/#text: testtext_IdentityCA_testtext*",
"config: Domain/DDSSecurity/Authentication/PrivateKey/#text: testtext_PrivateKey_testtext*",
"config: Domain/DDSSecurity/Authentication/IdentityCertificate/#text: "TEST_IDENTITY_CERTIFICATE_ALL_OK"*",
"config: Domain/DDSSecurity/Authentication/IdentityCA/#text: "TEST_CA_CERTIFICATE_ALL_OK"*",
"config: Domain/DDSSecurity/Authentication/PrivateKey/#text: "TEST_PRIVATE_KEY_ALL_OK"*",
"config: Domain/DDSSecurity/Authentication/Password/#text: testtext_Password_testtext*",
"config: Domain/DDSSecurity/Authentication/TrustedCADirectory/#text: testtext_Dir_testtext*",
"config: Domain/DDSSecurity/AccessControl/Library/#text: "MOCKLIB_PATH("dds_security_access_control_all_ok")"*",
@ -233,9 +234,9 @@ CU_Test(ddsc_security_config, all, .init = ddsrt_init, .fini = ddsrt_fini)
" <DDSSecurity>"
" <Authentication>"
" "MOCKLIB_ELEM_AUTH("dds_security_authentication_all_ok")
" <IdentityCertificate>testtext_IdentityCertificate_testtext</IdentityCertificate>"
" <IdentityCA>testtext_IdentityCA_testtext</IdentityCA>"
" <PrivateKey>testtext_PrivateKey_testtext</PrivateKey>"
" <IdentityCertificate>"TEST_IDENTITY_CERTIFICATE_ALL_OK"</IdentityCertificate>"
" <IdentityCA>"TEST_CA_CERTIFICATE_ALL_OK"</IdentityCA>"
" <PrivateKey>"TEST_PRIVATE_KEY_ALL_OK"</PrivateKey>"
" <Password>testtext_Password_testtext</Password>"
" <TrustedCADirectory>testtext_Dir_testtext</TrustedCADirectory>"
" </Authentication>"
@ -281,9 +282,9 @@ CU_Test(ddsc_security_config, security, .init = ddsrt_init, .fini = ddsrt_fini)
"config: Domain/DDSSecurity/Authentication/Library[@path]: "MOCKLIB_PATH("dds_security_authentication_all_ok")"*",
"config: Domain/DDSSecurity/Authentication/Library[@initFunction]: init_authentication*",
"config: Domain/DDSSecurity/Authentication/Library[@finalizeFunction]: finalize_authentication*",
"config: Domain/DDSSecurity/Authentication/IdentityCertificate/#text: testtext_IdentityCertificate_testtext*",
"config: Domain/DDSSecurity/Authentication/IdentityCA/#text: testtext_IdentityCA_testtext*",
"config: Domain/DDSSecurity/Authentication/PrivateKey/#text: testtext_PrivateKey_testtext*",
"config: Domain/DDSSecurity/Authentication/IdentityCertificate/#text: "TEST_IDENTITY_CERTIFICATE_ALL_OK"*",
"config: Domain/DDSSecurity/Authentication/IdentityCA/#text: "TEST_CA_CERTIFICATE_ALL_OK"*",
"config: Domain/DDSSecurity/Authentication/PrivateKey/#text: "TEST_PRIVATE_KEY_ALL_OK"*",
"config: Domain/DDSSecurity/Authentication/Password/#text: {}*",
"config: Domain/DDSSecurity/Authentication/TrustedCADirectory/#text: {}*",
"config: Domain/DDSSecurity/AccessControl/Library/#text: "MOCKLIB_PATH("dds_security_access_control_all_ok")"*",
@ -307,9 +308,9 @@ CU_Test(ddsc_security_config, security, .init = ddsrt_init, .fini = ddsrt_fini)
"<DDSSecurity>"
" <Authentication>"
" "MOCKLIB_ELEM_AUTH("dds_security_authentication_all_ok")
" <IdentityCertificate>testtext_IdentityCertificate_testtext</IdentityCertificate>"
" <IdentityCA>testtext_IdentityCA_testtext</IdentityCA>"
" <PrivateKey>testtext_PrivateKey_testtext</PrivateKey>"
" <IdentityCertificate>"TEST_IDENTITY_CERTIFICATE_ALL_OK"</IdentityCertificate>"
" <IdentityCA>"TEST_CA_CERTIFICATE_ALL_OK"</IdentityCA>"
" <PrivateKey>"TEST_PRIVATE_KEY_ALL_OK"</PrivateKey>"
" </Authentication>"
" <Cryptographic>"
" "MOCKLIB_ELEM_CRYPTO("dds_security_cryptography_all_ok")
@ -351,9 +352,9 @@ CU_Test(ddsc_security_config, deprecated, .init = ddsrt_init, .fini = ddsrt_fini
"config: Domain/DDSSecurity/Authentication/Library[@path]: "MOCKLIB_PATH("dds_security_authentication_all_ok")"*",
"config: Domain/DDSSecurity/Authentication/Library[@initFunction]: init_authentication*",
"config: Domain/DDSSecurity/Authentication/Library[@finalizeFunction]: finalize_authentication*",
"config: Domain/DDSSecurity/Authentication/IdentityCertificate/#text: testtext_IdentityCertificate_testtext*",
"config: Domain/DDSSecurity/Authentication/IdentityCA/#text: testtext_IdentityCA_testtext*",
"config: Domain/DDSSecurity/Authentication/PrivateKey/#text: testtext_PrivateKey_testtext*",
"config: Domain/DDSSecurity/Authentication/IdentityCertificate/#text: "TEST_IDENTITY_CERTIFICATE_ALL_OK"*",
"config: Domain/DDSSecurity/Authentication/IdentityCA/#text: "TEST_CA_CERTIFICATE_ALL_OK"*",
"config: Domain/DDSSecurity/Authentication/PrivateKey/#text: "TEST_PRIVATE_KEY_ALL_OK"*",
"config: Domain/DDSSecurity/Authentication/Password/#text: testtext_Password_testtext*",
"config: Domain/DDSSecurity/Authentication/TrustedCADirectory/#text: testtext_Dir_testtext*",
"config: Domain/DDSSecurity/AccessControl/Library/#text: "MOCKLIB_PATH("dds_security_access_control_all_ok")"*",
@ -378,9 +379,9 @@ CU_Test(ddsc_security_config, deprecated, .init = ddsrt_init, .fini = ddsrt_fini
" <DDSSecurity>"
" <Authentication>"
" "MOCKLIB_ELEM_AUTH("dds_security_authentication_all_ok")
" <IdentityCertificate>testtext_IdentityCertificate_testtext</IdentityCertificate>"
" <IdentityCA>testtext_IdentityCA_testtext</IdentityCA>"
" <PrivateKey>testtext_PrivateKey_testtext</PrivateKey>"
" <IdentityCertificate>"TEST_IDENTITY_CERTIFICATE_ALL_OK"</IdentityCertificate>"
" <IdentityCA>"TEST_CA_CERTIFICATE_ALL_OK"</IdentityCA>"
" <PrivateKey>"TEST_PRIVATE_KEY_ALL_OK"</PrivateKey>"
" <Password>testtext_Password_testtext</Password>"
" <TrustedCADirectory>testtext_Dir_testtext</TrustedCADirectory>"
" </Authentication>"
@ -448,9 +449,9 @@ CU_Test(ddsc_security_config, qos, .init = ddsrt_init, .fini = ddsrt_fini)
dds_qset_prop(qos, "dds.sec.access.library.path", ""MOCKLIB_PATH("dds_security_access_control_all_ok")"");
dds_qset_prop(qos, "dds.sec.access.library.init", "init_access_control");
dds_qset_prop(qos, "dds.sec.access.library.finalize", "finalize_access_control");
dds_qset_prop(qos, "dds.sec.auth.identity_ca", "testtext_IdentityCA_testtext");
dds_qset_prop(qos, "dds.sec.auth.private_key", "testtext_PrivateKey_testtext");
dds_qset_prop(qos, "dds.sec.auth.identity_certificate", "testtext_IdentityCertificate_testtext");
dds_qset_prop(qos, "dds.sec.auth.identity_ca", TEST_CA_CERTIFICATE_ALL_OK);
dds_qset_prop(qos, "dds.sec.auth.private_key", TEST_PRIVATE_KEY_ALL_OK);
dds_qset_prop(qos, "dds.sec.auth.identity_certificate", TEST_IDENTITY_CERTIFICATE_ALL_OK);
dds_qset_prop(qos, "dds.sec.access.permissions_ca", "file:Permissions_CA.pem");
dds_qset_prop(qos, "dds.sec.access.governance", "file:Governance.p7s");
dds_qset_prop(qos, "dds.sec.access.permissions", "file:Permissions.p7s");
@ -494,6 +495,7 @@ CU_Test(ddsc_security_config, qos_props, .init = ddsrt_init, .fini = ddsrt_fini)
PARTICIPANT_QOS_ALL_OK to work, the order must match that one */
unsigned char bvalue[3] = { 0x01, 0x02, 0x03 };
CU_ASSERT_FATAL((qos = dds_create_qos()) != NULL);
dds_qset_prop(qos, "dds.sec.auth.library.path", ""MOCKLIB_PATH("dds_security_authentication_all_ok")"");
dds_qset_prop(qos, "dds.sec.auth.library.init", "init_authentication");
dds_qset_prop(qos, "dds.sec.auth.library.finalize", "finalize_authentication");
@ -503,9 +505,9 @@ CU_Test(ddsc_security_config, qos_props, .init = ddsrt_init, .fini = ddsrt_fini)
dds_qset_prop(qos, "dds.sec.access.library.path", ""MOCKLIB_PATH("dds_security_access_control_all_ok")"");
dds_qset_prop(qos, "dds.sec.access.library.init", "init_access_control");
dds_qset_prop(qos, "dds.sec.access.library.finalize", "finalize_access_control");
dds_qset_prop(qos, "dds.sec.auth.identity_ca", "testtext_IdentityCA_testtext");
dds_qset_prop(qos, "dds.sec.auth.private_key", "testtext_PrivateKey_testtext");
dds_qset_prop(qos, "dds.sec.auth.identity_certificate", "testtext_IdentityCertificate_testtext");
dds_qset_prop(qos, "dds.sec.auth.identity_ca", TEST_CA_CERTIFICATE_ALL_OK);
dds_qset_prop(qos, "dds.sec.auth.private_key", TEST_PRIVATE_KEY_ALL_OK);
dds_qset_prop(qos, "dds.sec.auth.identity_certificate", TEST_IDENTITY_CERTIFICATE_ALL_OK);
dds_qset_prop(qos, "dds.sec.access.permissions_ca", "file:Permissions_CA.pem");
dds_qset_prop(qos, "dds.sec.access.governance", "file:Governance.p7s");
dds_qset_prop(qos, "dds.sec.access.permissions", "file:Permissions.p7s");
@ -514,7 +516,6 @@ CU_Test(ddsc_security_config, qos_props, .init = ddsrt_init, .fini = ddsrt_fini)
dds_qset_prop(qos, "test.prop1", "testtext_value1_testtext");
dds_qset_prop(qos, "test.prop2", "testtext_value2_testtext");
dds_qset_bprop(qos, "test.bprop1", bvalue, 3);
/* Create participant with security config in qos. */
@ -546,9 +547,9 @@ CU_Test(ddsc_security_config, config_qos, .init = ddsrt_init, .fini = ddsrt_fini
"<Tracing><Verbosity>finest</></>"
"<DDSSecurity>"
" <Authentication>"
" <IdentityCertificate>testtext_IdentityCertificate_testtext</IdentityCertificate>"
" <IdentityCA>testtext_IdentityCA_testtext</IdentityCA>"
" <PrivateKey>testtext_PrivateKey_testtext</PrivateKey>"
" <IdentityCertificate>"TEST_IDENTITY_CERTIFICATE_ALL_OK"</IdentityCertificate>"
" <IdentityCA>"TEST_CA_CERTIFICATE_ALL_OK"</IdentityCA>"
" <PrivateKey>"TEST_PRIVATE_KEY_ALL_OK"</PrivateKey>"
" </Authentication>"
" <AccessControl>"
" <Governance>file:Governance.p7s</Governance>"
@ -572,9 +573,9 @@ CU_Test(ddsc_security_config, config_qos, .init = ddsrt_init, .fini = ddsrt_fini
dds_qset_prop(qos, "dds.sec.access.library.path", ""MOCKLIB_PATH("dds_security_access_control_all_ok")"");
dds_qset_prop(qos, "dds.sec.access.library.init", "init_access_control");
dds_qset_prop(qos, "dds.sec.access.library.finalize", "finalize_access_control");
dds_qset_prop(qos, "dds.sec.auth.identity_ca", "testtext_IdentityCA_testtext");
dds_qset_prop(qos, "dds.sec.auth.private_key", "testtext_PrivateKey_testtext");
dds_qset_prop(qos, "dds.sec.auth.identity_certificate", "testtext_IdentityCertificate_testtext");
dds_qset_prop(qos, "dds.sec.auth.identity_ca", TEST_CA_CERTIFICATE_ALL_OK);
dds_qset_prop(qos, "dds.sec.auth.private_key", TEST_PRIVATE_KEY_ALL_OK);
dds_qset_prop(qos, "dds.sec.auth.identity_certificate", TEST_IDENTITY_CERTIFICATE_ALL_OK);
dds_qset_prop(qos, "dds.sec.access.permissions_ca", "file:Permissions_CA.pem");
dds_qset_prop(qos, "dds.sec.access.governance", "file:Governance.p7s");
dds_qset_prop(qos, "dds.sec.access.permissions", "file:Permissions.p7s");
@ -614,9 +615,9 @@ CU_Test(ddsc_security_config, other_prop, .init = ddsrt_init, .fini = ddsrt_fini
"<DDSSecurity>"
" <Authentication>"
" "MOCKLIB_ELEM_AUTH("dds_security_authentication_all_ok")
" <IdentityCertificate>testtext_IdentityCertificate_testtext</IdentityCertificate>"
" <IdentityCA>testtext_IdentityCA_testtext</IdentityCA>"
" <PrivateKey>testtext_PrivateKey_testtext</PrivateKey>"
" <IdentityCertificate>"TEST_IDENTITY_CERTIFICATE_ALL_OK"</IdentityCertificate>"
" <IdentityCA>"TEST_CA_CERTIFICATE_ALL_OK"</IdentityCA>"
" <PrivateKey>"TEST_PRIVATE_KEY_ALL_OK"</PrivateKey>"
" <Password>testtext_Password_testtext</Password>"
" <TrustedCADirectory>testtext_Dir_testtext</TrustedCADirectory>"
" </Authentication>"
@ -685,9 +686,9 @@ CU_Test(ddsc_security_config, qos_invalid, .init = ddsrt_init, .fini = ddsrt_fin
"<Tracing><Verbosity>finest</></>"
"<DDSSecurity>"
" <Authentication>"
" <IdentityCertificate>testtext_IdentityCertificate_testtext</IdentityCertificate>"
" <IdentityCA>testtext_IdentityCA_testtext</IdentityCA>"
" <PrivateKey>testtext_PrivateKey_testtext</PrivateKey>"
" <IdentityCertificate>"TEST_IDENTITY_CERTIFICATE_ALL_OK"</IdentityCertificate>"
" <IdentityCA>"TEST_CA_CERTIFICATE_ALL_OK"</IdentityCA>"
" <PrivateKey>"TEST_PRIVATE_KEY_ALL_OK"</PrivateKey>"
" </Authentication>"
" <AccessControl>"
" <Governance>file:Governance.p7s</Governance>"

69
src/security/core/tests/tc_fsm.c
View file

@ -369,16 +369,19 @@ static const uint32_t TransitionsSize = sizeof(Transitions)/sizeof(Transitions[0
**********************************************************************/
typedef enum {
eventToTimeout, eventToEnd,
eventToTimeout, eventToInterupt, eventToEnd,
} timeout_events;
struct fsm_timeout_arg {
int id;
};
static struct dds_security_fsm *fsm_timeout;
static uint32_t visited_timeout = 0;
static uint32_t correct_fsm_timeout = 0;
static uint32_t correct_arg_timeout = 0;
static ddsrt_cond_t stop_timeout_cond;
static ddsrt_mutex_t stop_timeout_cond_mutex;
static uint32_t stop_timeout_cond_cnt = 0;
static struct fsm_timeout_arg fsm_arg = { .id = FSM_AUTH_ARG };
/* The functions called from the state-machine. */
static void doInterupt(struct dds_security_fsm *fsm, void *arg)
@ -393,24 +396,15 @@ static void doInterupt(struct dds_security_fsm *fsm, void *arg)
static void doTimeout(struct dds_security_fsm *fsm, void *arg)
{
dds_duration_t delay4 = 4 * DDS_NSECS_IN_SEC;
DDSRT_UNUSED_ARG(arg);
if (DB_TC_PRINT_DEBUG) {
printf("Transition >>>> %s %d\n", __FUNCTION__, stop_timeout_cond_cnt);
printf("Transition >>>> %s\n", __FUNCTION__);
}
visited_timeout |= 1UL << 1;
stop_timeout_cond_cnt++;
ddsrt_mutex_lock(&stop_timeout_cond_mutex);
(void) ddsrt_cond_waitfor(&stop_timeout_cond, &stop_timeout_cond_mutex,
delay4);
ddsrt_mutex_unlock(&stop_timeout_cond_mutex);
stop_timeout_cond_cnt--;
if (DB_TC_PRINT_DEBUG) {
printf("Transition <<<< %s %d\n", __FUNCTION__, stop_timeout_cond_cnt);
printf("Transition <<<< %s\n", __FUNCTION__);
}
dds_security_fsm_dispatch(fsm, eventToTimeout, false);
@ -418,7 +412,7 @@ static void doTimeout(struct dds_security_fsm *fsm, void *arg)
static void TimeoutCallback(struct dds_security_fsm *fsm, void *arg)
{
int *fsm_arg;
struct fsm_timeout_arg *farg = arg;
if (DB_TC_PRINT_DEBUG) {
printf("TimeoutCallback\n");
@ -426,10 +420,8 @@ static void TimeoutCallback(struct dds_security_fsm *fsm, void *arg)
visited_timeout |= 1UL << 2;
if (arg != NULL) {
fsm_arg = (int *) arg;
if (*fsm_arg == FSM_AUTH_ARG) {
if (farg != NULL) {
if (farg->id == FSM_AUTH_ARG) {
correct_arg_timeout = 1;
} else {
correct_arg_timeout = 0;
@ -452,14 +444,17 @@ static void TimeoutCallback2(struct dds_security_fsm *fsm, void *arg)
visited_timeout |= 1UL << 3;
}
static dds_security_fsm_state StateTimeout = {doTimeout, 0};static int fsm_arg = FSM_AUTH_ARG;
static dds_security_fsm_state StateInitial = {doTimeout, 0};
static dds_security_fsm_state StateWaitTimeout = {NULL, DDS_SECS(4)};
static dds_security_fsm_state StateInterupt = {doInterupt, 0};
static dds_security_fsm_state StateInterupt = {doInterupt, 0};
static const dds_security_fsm_transition TimeoutTransitions[] = {
{NULL, DDS_SECURITY_FSM_EVENT_AUTO, NULL, &StateTimeout}, // NULL state is the start state
{&StateTimeout, eventToTimeout, NULL, &StateInterupt},
{&StateInterupt,eventToEnd, NULL, NULL}, // Reaching NULL means end of state-diagram
{NULL, DDS_SECURITY_FSM_EVENT_AUTO, NULL, &StateInitial}, // NULL state is the start state
{&StateInitial, eventToTimeout, NULL, &StateWaitTimeout},
{&StateWaitTimeout, DDS_SECURITY_FSM_EVENT_TIMEOUT, NULL, &StateInterupt},
{&StateWaitTimeout, eventToInterupt, NULL, &StateInterupt},
{&StateInterupt, eventToEnd, NULL, NULL}, // Reaching NULL means end of state-diagram
};
static const uint32_t TimeoutTransitionsSize = sizeof(TimeoutTransitions)/sizeof(TimeoutTransitions[0]);
@ -541,16 +536,10 @@ static void fsm_control_init(void)
rc = dds_security_fsm_control_start (g_fsm_control, NULL);
CU_ASSERT_FATAL(rc == 0);
ddsrt_mutex_init(&stop_timeout_cond_mutex);
ddsrt_cond_init(&stop_timeout_cond);
}
static void fsm_control_fini(void)
{
ddsrt_cond_destroy(&stop_timeout_cond);
ddsrt_mutex_destroy(&stop_timeout_cond_mutex);
dds_security_fsm_control_stop(g_fsm_control);
dds_security_fsm_control_free(g_fsm_control);
@ -697,12 +686,10 @@ CU_Test(ddssec_fsm, timeout, .init = fsm_control_init, .fini = fsm_control_fini)
timeout--;
}
CU_ASSERT(timeout > 0);
CU_ASSERT(
CHECK_BIT(visited_timeout, 0) && CHECK_BIT(visited_timeout, 1) && CHECK_BIT(visited_timeout, 2));
CU_ASSERT(CHECK_BIT(visited_timeout, 0) && CHECK_BIT(visited_timeout, 1) && CHECK_BIT(visited_timeout, 2));
CU_ASSERT(correct_arg_timeout && correct_fsm_timeout);
dds_security_fsm_free(fsm_timeout);
}
/**
@ -740,10 +727,6 @@ CU_Test(ddssec_fsm, double_timeout, .init = fsm_control_init, .fini = fsm_contro
CU_ASSERT(CHECK_BIT(visited_timeout, 3));
dds_security_fsm_free(fsm_timeout);
dds_security_fsm_free(fsm_timeout2);
ddsrt_mutex_lock(&stop_timeout_cond_mutex);
ddsrt_cond_signal(&stop_timeout_cond);
ddsrt_mutex_unlock(&stop_timeout_cond_mutex);
}
/**
@ -840,15 +823,5 @@ CU_Test(ddssec_fsm, delete_with_timeout, .init = fsm_control_init, .fini = fsm_c
}
dds_security_fsm_free(fsm_timeout);
dds_sleepfor(100 * DDS_NSECS_IN_MSEC);
/* Just for safety to be certain that the condition isn't used anymore before destroying it. */
while (stop_timeout_cond_cnt > 0) {
dds_time_t d = DDS_NSECS_IN_SEC;
ddsrt_cond_signal(&stop_timeout_cond);
dds_sleepfor(d);
}
}