niklas/cyclonedds
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Clean up plugin loading

Browse source 
Signed-off-by: Erik Boasson <eb@ilities.com>
This commit is contained in:
Erik Boasson 2020-01-10 15:16:47 +01:00 committed by eboasson
parent 37db2dc6c3
commit 5748f72c90
12 changed files with 898 additions and 1316 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/core/ddsc/tests/lifespan.c
View file

@ -161,4 +161,4 @@ CU_Test(ddsc_lifespan, basic, .init=lifespan_init, .fini=lifespan_fini)
check_whc_state(g_writer, -1, -1); check_whc_state(g_writer, -1, -1);
dds_delete_qos(qos); dds_delete_qos(qos);
} }

32
src/core/ddsi/include/dds/ddsi/ddsi_security_omg.h
View file

@ -181,7 +181,7 @@ is_proxy_participant_deletion_allowed(
*/ */
bool bool
q_omg_security_is_remote_rtps_protected( q_omg_security_is_remote_rtps_protected(
struct proxy_participant *proxy_pp, const struct proxy_participant *proxy_pp,
ddsi_entityid_t entityid); ddsi_entityid_t entityid);
/** /**
@ -197,7 +197,7 @@ q_omg_security_is_remote_rtps_protected(
*/ */
bool bool
q_omg_security_is_local_rtps_protected( q_omg_security_is_local_rtps_protected(
struct participant *pp, const struct participant *pp,
ddsi_entityid_t entityid); ddsi_entityid_t entityid);
/** /**
@ -256,10 +256,10 @@ q_omg_security_encode_rtps_message(
int64_t src_handle, int64_t src_handle,
ddsi_guid_t *src_guid, ddsi_guid_t *src_guid,
const unsigned char *src_buf, const unsigned char *src_buf,
const unsigned int src_len, size_t src_len,
unsigned char **dst_buf, unsigned char **dst_buf,
unsigned int *dst_len, size_t *dst_len,
int64_t dst_handle); int64_t dst_handle);
/** /**
* @brief Encode payload when necessary. * @brief Encode payload when necessary.
@ -406,8 +406,8 @@ bool
validate_msg_decoding( validate_msg_decoding(
const struct entity_common *e, const struct entity_common *e,
const struct proxy_endpoint_common *c, const struct proxy_endpoint_common *c,
struct proxy_participant *proxypp, const struct proxy_participant *proxypp,
struct receiver_state *rst, const struct receiver_state *rst,
SubmessageKind_t prev_smid); SubmessageKind_t prev_smid);
/** /**
@ -426,13 +426,13 @@ validate_msg_decoding(
* @param[in] dst_prefix Prefix of the destination entity. * @param[in] dst_prefix Prefix of the destination entity.
* @param[in] byteswap Do the bytes need swapping? * @param[in] byteswap Do the bytes need swapping?
* *
* @returns int * @returns bool
* @retval >= 0 Decoding succeeded. * @retval true Decoding succeeded.
* @retval < 0 Decoding failed. * @retval false Decoding failed.
*/ */
int bool
decode_SecPrefix( decode_SecPrefix(
struct receiver_state *rst, const struct receiver_state *rst,
unsigned char *submsg, unsigned char *submsg,
size_t submsg_size, size_t submsg_size,
unsigned char * const msg_end, unsigned char * const msg_end,
@ -500,7 +500,7 @@ secure_conn_write(
bool dst_one, bool dst_one,
nn_msg_sec_info_t *sec_info, nn_msg_sec_info_t *sec_info,
ddsi_tran_write_fn_t conn_write_cb); ddsi_tran_write_fn_t conn_write_cb);
/** /**
* @brief Loads the security plugins with the given configuration. * @brief Loads the security plugins with the given configuration.
@ -518,12 +518,12 @@ secure_conn_write(
dds_return_t q_omg_security_load( struct dds_security_context *security_context, const dds_qos_t *qos ); dds_return_t q_omg_security_load( struct dds_security_context *security_context, const dds_qos_t *qos );
void q_omg_security_init( struct dds_security_context **sc); void q_omg_security_init( struct dds_security_context **sc, const struct ddsrt_log_cfg *logcfg);
void q_omg_security_deinit( struct dds_security_context **sc); void q_omg_security_deinit( struct dds_security_context **sc);
bool q_omg_is_security_loaded( struct dds_security_context *sc ); bool q_omg_is_security_loaded( struct dds_security_context *sc );
/** /**
* @brief Check if the participant and the proxy participant * @brief Check if the participant and the proxy participant

1
src/core/ddsi/include/dds/ddsi/q_globals.h
View file

@ -302,7 +302,6 @@ struct q_globals {
#ifdef DDSI_INCLUDE_SECURITY #ifdef DDSI_INCLUDE_SECURITY
struct dds_security_context *security_context; struct dds_security_context *security_context;
#endif #endif
}; };
#if defined (__cplusplus) #if defined (__cplusplus)

1605
src/core/ddsi/src/ddsi_security_omg.c
View file

File diff suppressed because it is too large Load diff

2
src/core/ddsi/src/q_init.c
View file

@ -1084,7 +1084,7 @@ int rtps_init (struct q_globals *gv)
add_property_to_xqos(&gv->builtin_volatile_xqos_rd, "dds.sec.builtin_endpoint_name", "BuiltinParticipantVolatileMessageSecureReader"); add_property_to_xqos(&gv->builtin_volatile_xqos_rd, "dds.sec.builtin_endpoint_name", "BuiltinParticipantVolatileMessageSecureReader");
add_property_to_xqos(&gv->builtin_volatile_xqos_wr, "dds.sec.builtin_endpoint_name", "BuiltinParticipantVolatileMessageSecureWriter"); add_property_to_xqos(&gv->builtin_volatile_xqos_wr, "dds.sec.builtin_endpoint_name", "BuiltinParticipantVolatileMessageSecureWriter");
q_omg_security_init( &gv->security_context ); q_omg_security_init( &gv->security_context, &gv->logconfig );
#endif #endif
make_special_topics (gv); make_special_topics (gv);

2
src/core/ddsi/src/q_receive.c
View file

@ -3068,7 +3068,7 @@ static int handle_submsg_sequence
state = "parse:sec_prefix"; state = "parse:sec_prefix";
{ {
GVTRACE ("SEC_PREFIX"); GVTRACE ("SEC_PREFIX");
if (decode_SecPrefix(rst, submsg, submsg_size, end, &rst->src_guid_prefix, &rst->dst_guid_prefix, byteswap) < 0) if (!decode_SecPrefix(rst, submsg, submsg_size, end, &rst->src_guid_prefix, &rst->dst_guid_prefix, byteswap))
goto malformed; goto malformed;
} }
break; break;

2
src/security/builtin_plugins/cryptographic/src/crypto_defs.h
View file

@ -111,4 +111,4 @@ typedef enum RTPS_Message_Type
RTPS_Message_Type_SRTPS_POSTFIX = 0x34 RTPS_Message_Type_SRTPS_POSTFIX = 0x34
} RTPS_Message_Type; } RTPS_Message_Type;
#endif /* CRYPTO_DEFS_H */ #endif /* CRYPTO_DEFS_H */

3
src/security/builtin_plugins/tests/common/src/crypto_helper.h
View file

@ -35,4 +35,5 @@ int master_salt_not_empty(master_key_material *keymat);
int master_key_not_empty(master_key_material *keymat); int master_key_not_empty(master_key_material *keymat);
int master_receiver_specific_key_not_empty(master_key_material *keymat); int master_receiver_specific_key_not_empty(master_key_material *keymat);
#endif /* DDS_SECURITY_BUITIN_TEST_CRYPTO_HELPER_H */ #endif /* DDS_SECURITY_BUITIN_TEST_CRYPTO_HELPER_H */

2
src/security/builtin_plugins/tests/common/src/handshake_helper.h
View file

@ -87,4 +87,4 @@ check_shared_secret(
EVP_PKEY *dh_local_private, EVP_PKEY *dh_local_private,
DDS_Security_HandshakeHandle handshake_handle); DDS_Security_HandshakeHandle handshake_handle);
#endif #endif

2
src/security/builtin_plugins/tests/validate_local_identity/src/validate_local_identity_utests.c
View file

@ -2106,4 +2106,4 @@ CU _ Test(validate_local_identity,with_extended_certificate_check)
} }
#endif #endif

11
src/security/core/include/dds/security/core/dds_security_plugins.h
View file

@ -20,6 +20,8 @@
#include <stdint.h> #include <stdint.h>
#include "dds/security/dds_security_api.h" #include "dds/security/dds_security_api.h"
struct ddsrt_log_cfg;
typedef struct dds_security_plugin { typedef struct dds_security_plugin {
ddsrt_dynlib_t lib_handle; ddsrt_dynlib_t lib_handle;
plugin_init func_init; plugin_init func_init;
@ -50,16 +52,19 @@ DDS_EXPORT dds_return_t dds_security_plugin_release(
void *context ); void *context );
DDS_EXPORT dds_return_t dds_security_check_plugin_configuration( DDS_EXPORT dds_return_t dds_security_check_plugin_configuration(
const dds_security_plugin_suite_config *security_suite_config ); const dds_security_plugin_suite_config *security_suite_config,
const struct ddsrt_log_cfg *logcfg);
DDS_EXPORT dds_return_t dds_security_load_security_library( DDS_EXPORT dds_return_t dds_security_load_security_library(
const dds_security_plugin_config *plugin_config, const dds_security_plugin_config *plugin_config,
dds_security_plugin *security_plugin, void **security_plugin_context); dds_security_plugin *security_plugin, void **security_plugin_context,
const struct ddsrt_log_cfg *logcfg);
DDS_EXPORT dds_return_t dds_security_verify_plugin_functions( DDS_EXPORT dds_return_t dds_security_verify_plugin_functions(
dds_security_authentication *authentication_context, dds_security_plugin *auth_plugin, dds_security_authentication *authentication_context, dds_security_plugin *auth_plugin,
dds_security_cryptography *crypto_context, dds_security_plugin *crypto_plugin, dds_security_cryptography *crypto_context, dds_security_plugin *crypto_plugin,
dds_security_access_control *access_control_context, dds_security_plugin *ac_plugin); dds_security_access_control *access_control_context, dds_security_plugin *ac_plugin,
const struct ddsrt_log_cfg *logcfg);
#endif /* SECURITY_CORE_PLUGINS_H_ */ #endif /* SECURITY_CORE_PLUGINS_H_ */

550
src/security/core/src/dds_security_plugins.c
View file

@ -10,395 +10,257 @@
* SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
*/ */
#include <string.h> #include <string.h>
#include <assert.h>
#include "dds/ddsrt/misc.h"
#include "dds/security/core/dds_security_utils.h"
#include "dds/security/core/dds_security_plugins.h" #include "dds/security/core/dds_security_plugins.h"
#include "dds/security/dds_security_api.h" #include "dds/ddsrt/log.h"
#include "dds/ddsi/q_unused.h"
#include "dds/ddsi/ddsi_security_msg.h"
#include "dds/ddsi/ddsi_security_omg.h"
#include "dds/ddsi/q_config.h"
#include "dds/ddsi/q_log.h"
#include "dds/ddsrt/atomics.h" #include "dds/ddsrt/atomics.h"
#include "dds/ddsrt/heap.h" #include "dds/ddsrt/heap.h"
#include "dds/ddsrt/dynlib.h" #include "dds/ddsrt/dynlib.h"
#include "dds/ddsrt/process.h"
#include "dds/ddsrt/string.h"
#include "dds/ddsrt/sync.h"
#include "dds/ddsrt/hopscotch.h"
#include "dds/ddsi/q_entity.h"
#include "dds/ddsi/q_bswap.h"
#include "dds/ddsi/q_xevent.h"
#include "dds/ddsi/q_time.h"
#include "dds/ddsi/q_plist.h"
#include "dds/ddsrt/io.h" #include "dds/ddsrt/io.h"
static bool check_plugin_configuration (const dds_security_plugin_config *config, const char *name, const struct ddsrt_log_cfg *logcfg)
#define AUTH_NAME "Authentication"
#define AC_NAME "Access Control"
#define CRYPTO_NAME "Cryptographic"
dds_return_t dds_security_check_plugin_configuration(
const dds_security_plugin_suite_config *security_suite_config )
{ {
if (config->library_path == NULL || *config->library_path == 0) {
dds_return_t result = DDS_RETCODE_ERROR; DDS_CERROR (logcfg, "%s security plugin library path is undefined or empty\n", name);
if (security_suite_config->access_control.library_path == NULL) {
DDS_ERROR("AccessControl security plugin library path is not defined");
} else if (strlen(security_suite_config->access_control.library_path)
== 0) {
DDS_ERROR("AccessControl security plugin library path is empty ");
} else if (security_suite_config->access_control.library_init == NULL) {
DDS_ERROR("AccessControl security plugin init function is not defined");
} else if (strlen(security_suite_config->access_control.library_init)
== 0) {
DDS_ERROR("AccessControl security plugin init function is empty ");
} else if (security_suite_config->access_control.library_finalize == NULL) {
DDS_ERROR(
"AccessControl security plugin finalize function is not defined ");
} else if (strlen(security_suite_config->access_control.library_finalize)
== 0) {
DDS_ERROR("AccessControl security plugin finalize function is empty");
} else if (security_suite_config->authentication.library_path == NULL) {
DDS_ERROR(
"Authentication security plugin library path is not defined in the configuration ");
} else if (strlen(security_suite_config->authentication.library_path)
== 0) {
DDS_ERROR("Authentication security plugin library path is empty ");
} else if (security_suite_config->authentication.library_init == NULL) {
DDS_ERROR("Authentication security plugin init function is not defined ");
} else if (strlen(security_suite_config->authentication.library_init)
== 0) {
DDS_ERROR("Authentication security plugin init function is empty ");
} else if (security_suite_config->authentication.library_finalize == NULL) {
DDS_ERROR(
"Authentication security plugin finalize function is not defined ");
} else if (strlen(security_suite_config->authentication.library_finalize)
== 0) {
DDS_ERROR("Authentication security plugin finalize function is empty");
} else if (security_suite_config->cryptography.library_path == NULL) {
DDS_ERROR(
"Cryptography security plugin library path is not defined in the configuration ");
} else if (strlen(security_suite_config->cryptography.library_path)
== 0) {
DDS_ERROR("Cryptography security plugin library path is empty ");
} else if (security_suite_config->cryptography.library_init == NULL) {
DDS_ERROR("Cryptography security plugin init function is not defined ");
} else if (strlen(security_suite_config->cryptography.library_init)
== 0) {
DDS_ERROR("Cryptography security plugin init function is empty ");
} else if (security_suite_config->cryptography.library_finalize == NULL) {
DDS_ERROR("Cryptography security plugin finalize function is not defined ");
} else if (strlen(security_suite_config->cryptography.library_finalize)
== 0) {
DDS_ERROR("Cryptography security plugin finalize function is empty");
} else {
result = DDS_RETCODE_OK;
}
return result;
}
/*
* checks the function pointer value and CHANGES the out-result value if it is NULL
*/
static bool verify_function(void *function_ptr, dds_security_plugin *plugin,
const char *function_name)
{
if ( function_ptr == NULL ) {
DDS_ERROR("Could not find the function for %s: %s \n", plugin->name,
function_name);
return false; return false;
} }
else { if (config->library_init == NULL || *config->library_init == 0) {
return true; DDS_CERROR (logcfg, "%s security plugin init function is undefined or empty\n", name);
return false;
} }
if (config->library_finalize == NULL || *config->library_finalize == 0) {
DDS_CERROR (logcfg, "%s security plugin finalize function is undefined or empty\n", name);
return false;
}
return true;
}
dds_return_t dds_security_check_plugin_configuration (const dds_security_plugin_suite_config *security_suite_config, const struct ddsrt_log_cfg *logcfg)
{
if (check_plugin_configuration (&security_suite_config->access_control, "AccessControl", logcfg) &&
check_plugin_configuration (&security_suite_config->authentication, "Authentication", logcfg) &&
check_plugin_configuration (&security_suite_config->cryptography, "Cryptography", logcfg))
return DDS_RETCODE_OK;
else
return DDS_RETCODE_ERROR;
}
static bool verify_function (const void *function_ptr, dds_security_plugin *plugin, const char *function_name, const struct ddsrt_log_cfg *logcfg)
{
if (function_ptr != NULL)
return true;
else
{
DDS_CERROR (logcfg, "Could not find the function for %s: %s\n", plugin->name, function_name);
return false;
}
}
struct verify_plugin_functions_tab {
size_t off;
const char *name;
};
static bool verify_plugin_functions (const void *context, dds_security_plugin *plugin, const struct verify_plugin_functions_tab *entries, size_t nentries, const struct ddsrt_log_cfg *logcfg)
{
for (size_t i = 0; i < nentries; i++)
{
const char *p = (const char *) context + entries[i].off;
if (!verify_function (*((void **) p), plugin, entries[i].name, logcfg))
return false;
}
return true;
} }
dds_return_t dds_security_verify_plugin_functions( dds_return_t dds_security_verify_plugin_functions(
dds_security_authentication *authentication_context, dds_security_plugin *auth_plugin, dds_security_authentication *authentication_context, dds_security_plugin *auth_plugin,
dds_security_cryptography *crypto_context, dds_security_plugin *crypto_plugin, dds_security_cryptography *crypto_context, dds_security_plugin *crypto_plugin,
dds_security_access_control *access_control_context, dds_security_plugin *ac_plugin) dds_security_access_control *access_control_context, dds_security_plugin *ac_plugin,
const struct ddsrt_log_cfg *logcfg)
{ {
#define FGEN(context, name) { offsetof (context, name), #name }
if( #define F(name) FGEN (dds_security_authentication, name)
verify_function(authentication_context->validate_local_identity, auth_plugin, static const struct verify_plugin_functions_tab auth[] = {
"validate_local_identity" ) && F (validate_local_identity),
verify_function(authentication_context->get_identity_token, auth_plugin, F (get_identity_token),
"get_identity_token" ) && F (get_identity_status_token),
verify_function(authentication_context->get_identity_status_token, F (set_permissions_credential_and_token),
auth_plugin, "get_identity_status_token" ) && F (validate_remote_identity),
verify_function(authentication_context->set_permissions_credential_and_token, F (begin_handshake_request),
auth_plugin, "set_permissions_credential_and_token" ) && F (begin_handshake_reply),
verify_function(authentication_context->validate_remote_identity, F (process_handshake),
auth_plugin, "validate_remote_identity" ) && F (get_shared_secret),
verify_function(authentication_context->begin_handshake_request, auth_plugin, F (get_authenticated_peer_credential_token),
"begin_handshake_request" ) && F (set_listener),
verify_function(authentication_context->begin_handshake_reply, auth_plugin, F (return_identity_token),
"begin_handshake_reply" ) && F (return_identity_status_token),
verify_function(authentication_context->process_handshake, auth_plugin, F (return_authenticated_peer_credential_token),
"process_handshake" ) && F (return_handshake_handle),
verify_function(authentication_context->get_shared_secret, auth_plugin, F (return_sharedsecret_handle)
"get_shared_secret" ) && };
verify_function( #undef F
authentication_context->get_authenticated_peer_credential_token, #define F(name) FGEN (dds_security_access_control, name)
auth_plugin, "get_authenticated_peer_credential_token" ) && static const struct verify_plugin_functions_tab ac[] = {
verify_function(authentication_context->set_listener, auth_plugin, F (validate_local_permissions),
"set_listener" ) && F (validate_remote_permissions),
verify_function(authentication_context->return_identity_token, auth_plugin, F (check_create_participant),
"return_identity_token" ) && F (check_create_datawriter),
verify_function(authentication_context->return_identity_status_token, F (check_create_datareader),
auth_plugin, "return_identity_status_token" ) && F (check_create_topic),
F (check_local_datawriter_register_instance),
verify_function( F (check_local_datawriter_dispose_instance),
authentication_context->return_authenticated_peer_credential_token, F (check_remote_participant),
auth_plugin, "return_authenticated_peer_credential_token" ) && F (check_remote_datawriter),
verify_function(authentication_context->return_handshake_handle, auth_plugin, F (check_remote_datareader),
"return_handshake_handle" ) && F (check_remote_topic),
verify_function(authentication_context->return_identity_handle, auth_plugin, F (check_local_datawriter_match),
"return_identity_handle" ) && F (check_local_datareader_match),
verify_function(authentication_context->return_sharedsecret_handle, F (check_remote_datawriter_register_instance),
auth_plugin, "return_sharedsecret_handle" ) && F (check_remote_datawriter_dispose_instance),
F (get_permissions_token),
verify_function(access_control_context->validate_local_permissions, F (get_permissions_credential_token),
ac_plugin, "validate_local_permissions" ) && F (set_listener),
verify_function(access_control_context->validate_remote_permissions, F (return_permissions_token),
ac_plugin, "validate_remote_permissions" ) && F (return_permissions_credential_token),
verify_function(access_control_context->check_create_participant, ac_plugin, F (get_participant_sec_attributes),
"check_create_participant" ) && F (get_topic_sec_attributes),
verify_function(access_control_context->check_create_datawriter, ac_plugin, F (get_datawriter_sec_attributes),
"check_create_datawriter" ) && F (get_datareader_sec_attributes),
verify_function(access_control_context->check_create_datareader, ac_plugin, F (return_participant_sec_attributes),
"check_create_datareader" ) && F (return_datawriter_sec_attributes),
F (return_datareader_sec_attributes),
verify_function(access_control_context->check_create_topic, ac_plugin, F (return_permissions_handle)
"check_create_topic" ) && };
verify_function( #undef F
access_control_context->check_local_datawriter_register_instance, #define F(name) FGEN (dds_security_crypto_key_factory, name)
ac_plugin, "check_local_datawriter_register_instance" ) && static const struct verify_plugin_functions_tab cryptoF[] = {
verify_function( F (register_local_participant),
access_control_context->check_local_datawriter_dispose_instance, F (register_matched_remote_participant),
ac_plugin, "check_local_datawriter_dispose_instance" ) && F (register_local_datawriter),
verify_function(access_control_context->check_remote_participant, ac_plugin, F (register_matched_remote_datareader),
"check_remote_participant" ) && F (register_local_datareader),
verify_function(access_control_context->check_remote_datawriter, ac_plugin, F (register_matched_remote_datawriter),
"check_remote_datawriter" ) && F (unregister_participant),
verify_function(access_control_context->check_remote_datareader, ac_plugin, F (unregister_datawriter),
"check_remote_datareader" ) && F (unregister_datareader)
verify_function(access_control_context->check_remote_topic, ac_plugin, };
"check_remote_topic" ) && #undef F
verify_function(access_control_context->check_local_datawriter_match, #define F(name) FGEN (dds_security_crypto_key_exchange, name)
ac_plugin, "check_local_datawriter_match" ) && static const struct verify_plugin_functions_tab cryptoX[] = {
verify_function(access_control_context->check_local_datareader_match, F (create_local_participant_crypto_tokens),
ac_plugin, "check_local_datareader_match" ) && F (set_remote_participant_crypto_tokens),
verify_function( F (create_local_datawriter_crypto_tokens),
access_control_context->check_remote_datawriter_register_instance, F (set_remote_datawriter_crypto_tokens),
ac_plugin, "check_remote_datawriter_register_instance" ) && F (create_local_datareader_crypto_tokens),
verify_function( F (set_remote_datareader_crypto_tokens),
access_control_context->check_remote_datawriter_dispose_instance, F (return_crypto_tokens)
ac_plugin, "check_remote_datawriter_dispose_instance" ) && };
verify_function(access_control_context->get_permissions_token, ac_plugin, #undef F
"get_permissions_token" ) && #define F(name) FGEN (dds_security_crypto_transform, name)
verify_function(access_control_context->get_permissions_credential_token, static const struct verify_plugin_functions_tab cryptoT[] = {
ac_plugin, "get_permissions_credential_token" ) && F (encode_serialized_payload),
verify_function(access_control_context->set_listener, ac_plugin, F (encode_datawriter_submessage),
"set_listener" ) && F (encode_datareader_submessage),
verify_function(access_control_context->return_permissions_token, ac_plugin, F (encode_rtps_message),
"return_permissions_token" ) && F (decode_rtps_message),
verify_function(access_control_context->return_permissions_credential_token, F (preprocess_secure_submsg),
ac_plugin, "return_permissions_credential_token" ) && F (decode_datawriter_submessage),
verify_function(access_control_context->get_participant_sec_attributes, F (decode_datareader_submessage),
ac_plugin, "get_participant_sec_attributes" ) && F (decode_serialized_payload)
verify_function(access_control_context->get_topic_sec_attributes, ac_plugin, };
"get_topic_sec_attributes" ) && #undef F
verify_function(access_control_context->get_datawriter_sec_attributes, #define C(context, plugin, table) verify_plugin_functions (context, plugin, table, sizeof (table) / sizeof (table[0]), logcfg)
ac_plugin, "get_datawriter_sec_attributes" ) && if (C (authentication_context, auth_plugin, auth) &&
verify_function(access_control_context->get_datareader_sec_attributes, C (access_control_context, ac_plugin, ac) &&
ac_plugin, "get_datareader_sec_attributes" ) && C (crypto_context->crypto_key_factory, crypto_plugin, cryptoF) &&
verify_function(access_control_context->return_participant_sec_attributes, C (crypto_context->crypto_key_exchange, crypto_plugin, cryptoX) &&
ac_plugin, "return_participant_sec_attributes" ) && C (crypto_context->crypto_transform, crypto_plugin, cryptoT))
verify_function(access_control_context->return_datawriter_sec_attributes, {
ac_plugin, "return_datawriter_sec_attributes" ) &&
verify_function(access_control_context->return_datareader_sec_attributes,
ac_plugin, "return_datareader_sec_attributes" ) &&
verify_function(access_control_context->return_permissions_handle,
ac_plugin, "return_permissions_handle" ) &&
verify_function(
crypto_context->crypto_key_factory->register_local_participant,
crypto_plugin, "register_local_participant" ) &&
verify_function(
crypto_context->crypto_key_factory->register_matched_remote_participant,
crypto_plugin, "register_matched_remote_participant" ) &&
verify_function(crypto_context->crypto_key_factory->register_local_datawriter,
crypto_plugin, "register_local_datawriter" ) &&
verify_function(
crypto_context->crypto_key_factory->register_matched_remote_datareader,
crypto_plugin, "register_matched_remote_datareader" ) &&
verify_function(crypto_context->crypto_key_factory->register_local_datareader,
crypto_plugin, "register_local_datareader" ) &&
verify_function(
crypto_context->crypto_key_factory->register_matched_remote_datawriter,
crypto_plugin, "register_matched_remote_datawriter" ) &&
verify_function(crypto_context->crypto_key_factory->unregister_participant,
crypto_plugin, "unregister_participant" ) &&
verify_function(crypto_context->crypto_key_factory->unregister_datawriter,
crypto_plugin, "unregister_datawriter" ) &&
verify_function(crypto_context->crypto_key_factory->unregister_datareader,
crypto_plugin, "unregister_datareader" ) &&
verify_function(
crypto_context->crypto_key_exchange->create_local_participant_crypto_tokens,
crypto_plugin, "create_local_participant_crypto_tokens" ) &&
verify_function(
crypto_context->crypto_key_exchange->set_remote_participant_crypto_tokens,
crypto_plugin, "set_remote_participant_crypto_tokens" ) &&
verify_function(
crypto_context->crypto_key_exchange->create_local_datawriter_crypto_tokens,
crypto_plugin, "create_local_datawriter_crypto_tokens" ) &&
verify_function(
crypto_context->crypto_key_exchange->set_remote_datawriter_crypto_tokens,
crypto_plugin, "set_remote_datawriter_crypto_tokens" ) &&
verify_function(
crypto_context->crypto_key_exchange->create_local_datareader_crypto_tokens,
crypto_plugin, "create_local_datareader_crypto_tokens" ) &&
verify_function(
crypto_context->crypto_key_exchange->set_remote_datareader_crypto_tokens,
crypto_plugin, "set_remote_datareader_crypto_tokens" ) &&
verify_function(crypto_context->crypto_key_exchange->return_crypto_tokens,
crypto_plugin, "return_crypto_tokens" ) &&
verify_function(crypto_context->crypto_transform->encode_serialized_payload,
crypto_plugin, "encode_serialized_payload" ) &&
verify_function(
crypto_context->crypto_transform->encode_datawriter_submessage,
crypto_plugin, "encode_datawriter_submessage" ) &&
verify_function(
crypto_context->crypto_transform->encode_datareader_submessage,
crypto_plugin, "encode_datareader_submessage" ) &&
verify_function(crypto_context->crypto_transform->encode_rtps_message,
crypto_plugin, "encode_rtps_message" ) &&
verify_function(crypto_context->crypto_transform->decode_rtps_message,
crypto_plugin, "decode_rtps_message" ) &&
verify_function(crypto_context->crypto_transform->preprocess_secure_submsg,
crypto_plugin, "preprocess_secure_submsg" ) &&
verify_function(
crypto_context->crypto_transform->decode_datawriter_submessage,
crypto_plugin, "decode_datawriter_submessage" ) &&
verify_function(
crypto_context->crypto_transform->decode_datareader_submessage,
crypto_plugin, "decode_datareader_submessage" ) &&
verify_function(crypto_context->crypto_transform->decode_serialized_payload,
crypto_plugin, "decode_serialized_payload" ) ){
return DDS_RETCODE_OK; return DDS_RETCODE_OK;
} }
else { else
{
return DDS_RETCODE_ERROR; return DDS_RETCODE_ERROR;
} }
#undef C
} }
/** /**
* All fields of the library properties are supposed to be non-empty * All fields of the library properties are supposed to be non-empty
*/ */
dds_return_t dds_security_load_security_library( dds_return_t dds_security_load_security_library (const dds_security_plugin_config *plugin_config, dds_security_plugin *security_plugin, void **security_plugin_context, const struct ddsrt_log_cfg *logcfg)
const dds_security_plugin_config *plugin_config,
dds_security_plugin *security_plugin,
void **security_plugin_context)
{ {
dds_return_t ret = DDS_RETCODE_ERROR; dds_return_t lib_ret;
dds_return_t lib_ret = DDS_RETCODE_ERROR; char *init_parameters = "";
char * init_parameters = "";
char *library_str; char *library_str;
assert( plugin_config->library_path ); assert (plugin_config->library_path);
assert( plugin_config->library_init ); assert (plugin_config->library_init);
assert( plugin_config->library_finalize ); assert (plugin_config->library_finalize);
if ( strlen(plugin_config->library_path) > 0 ) { security_plugin->lib_handle = NULL;
if (*plugin_config->library_path == 0)
return DDS_RETCODE_ERROR;
//library_str = ddsrt_malloc(strlen(plugin_config->library_path) + 1); const size_t poff = (strncmp (plugin_config->library_path, "file://", 7) == 0) ? 7 : 0;
(void) ddsrt_asprintf (&library_str, "%s", plugin_config->library_path + poff);
if (strncmp(plugin_config->library_path, "file://", 7) == 0) { lib_ret = ddsrt_dlopen (library_str, true, &security_plugin->lib_handle);
(void)ddsrt_asprintf(&library_str, "%s", &plugin_config->library_path[7]); ddsrt_free (library_str);
} else { if (lib_ret != DDS_RETCODE_OK)
(void)ddsrt_asprintf(&library_str, "%s", plugin_config->library_path); {
} char buffer[256];
ddsrt_dlerror (buffer, sizeof (buffer));
lib_ret = ddsrt_dlopen( library_str, true, &security_plugin->lib_handle); DDS_CERROR (logcfg, "Could not load %s library: %s\n", security_plugin->name, buffer);
ddsrt_free(library_str); goto load_error;
if( lib_ret == DDS_RETCODE_OK && security_plugin->lib_handle){
/* Get init and fini functions . */
if ( ddsrt_dlsym(security_plugin->lib_handle, plugin_config->library_init, (void **)&security_plugin->func_init) == DDS_RETCODE_OK){
if ( ddsrt_dlsym(security_plugin->lib_handle, plugin_config->library_finalize, (void **)&security_plugin->func_finalize) == DDS_RETCODE_OK){
/* Initialize plugin. */
if ( security_plugin->func_init != NULL) {
lib_ret = security_plugin->func_init(init_parameters, (void **) security_plugin_context);
if (lib_ret == DDS_RETCODE_OK){ /* error occured on init */
return DDS_RETCODE_OK;
} else{
DDS_ERROR("Error occured while initializing %s plugin\n",
security_plugin->name);
goto library_error;
}
}
}
else {
DDS_ERROR("Could not find the function: %s\n", plugin_config->library_finalize);
goto library_error;
}
}
else{
DDS_ERROR("Could not find the function: %s\n",plugin_config->library_init);
goto library_error;
}
} else {
char buffer[256];
ddsrt_dlerror(buffer, sizeof(buffer));
DDS_ERROR("Could not load %s library: %s\n", security_plugin->name, buffer);
goto load_error;
}
return ret;
} }
void *tmp;
if (ddsrt_dlsym (security_plugin->lib_handle, plugin_config->library_init, &tmp) != DDS_RETCODE_OK)
{
DDS_CERROR (logcfg, "Could not find the function: %s\n", plugin_config->library_init);
goto library_error;
}
security_plugin->func_init = (plugin_init) tmp;
if (ddsrt_dlsym (security_plugin->lib_handle, plugin_config->library_finalize, &tmp) != DDS_RETCODE_OK)
{
DDS_CERROR (logcfg, "Could not find the function: %s\n", plugin_config->library_finalize);
goto library_error;
}
security_plugin->func_finalize = (plugin_finalize) tmp;
if (security_plugin->func_init != 0)
{
if (security_plugin->func_init (init_parameters, (void **) security_plugin_context) != DDS_RETCODE_OK)
{
DDS_CERROR (logcfg, "Error occured while initializing %s plugin\n", security_plugin->name);
goto library_error;
}
}
return DDS_RETCODE_OK;
library_error: library_error:
ddsrt_dlclose(security_plugin->lib_handle); ddsrt_dlclose (security_plugin->lib_handle);
security_plugin->lib_handle = NULL; security_plugin->lib_handle = NULL;
load_error: load_error:
return ret; return DDS_RETCODE_ERROR;
} }
dds_return_t dds_security_plugin_release( const dds_security_plugin *security_plugin, void *context ){ dds_return_t dds_security_plugin_release (const dds_security_plugin *security_plugin, void *context)
dds_return_t result= DDS_RETCODE_OK; {
assert( security_plugin->lib_handle ); dds_return_t result = DDS_RETCODE_OK;
assert( security_plugin->func_finalize ); assert (security_plugin->lib_handle);
assert (security_plugin->func_finalize);
/* if get error from either finalize OR close, return error */ /* if get error from either finalize OR close, return error */
if( security_plugin->func_finalize( context ) != DDS_RETCODE_OK){ if (security_plugin->func_finalize (context) != DDS_RETCODE_OK)
{
DDS_ERROR("Error occured while finaizing %s plugin", security_plugin->name); DDS_ERROR("Error occured while finaizing %s plugin", security_plugin->name);
result = DDS_RETCODE_ERROR; result = DDS_RETCODE_ERROR;
} }
if( ddsrt_dlclose( security_plugin->lib_handle ) != DDS_RETCODE_OK){ if (ddsrt_dlclose (security_plugin->lib_handle) != DDS_RETCODE_OK){
result = DDS_RETCODE_ERROR; result = DDS_RETCODE_ERROR;
} }
return result; return result;
} }