niklas/cyclonedds
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Clean up plugin loading

Browse source 
Signed-off-by: Erik Boasson <eb@ilities.com>
This commit is contained in:
Erik Boasson 2020-01-10 15:16:47 +01:00 committed by eboasson
parent 37db2dc6c3
commit 5748f72c90
12 changed files with 898 additions and 1316 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/core/ddsc/tests/lifespan.c
View file

@ -161,4 +161,4 @@ CU_Test(ddsc_lifespan, basic, .init=lifespan_init, .fini=lifespan_fini)
check_whc_state(g_writer, -1, -1);
dds_delete_qos(qos);
}
}

32
src/core/ddsi/include/dds/ddsi/ddsi_security_omg.h
View file

@ -181,7 +181,7 @@ is_proxy_participant_deletion_allowed(
*/
bool
q_omg_security_is_remote_rtps_protected(
struct proxy_participant *proxy_pp,
const struct proxy_participant *proxy_pp,
ddsi_entityid_t entityid);
/**
@ -197,7 +197,7 @@ q_omg_security_is_remote_rtps_protected(
*/
bool
q_omg_security_is_local_rtps_protected(
struct participant *pp,
const struct participant *pp,
ddsi_entityid_t entityid);
/**
@ -256,10 +256,10 @@ q_omg_security_encode_rtps_message(
int64_t src_handle,
ddsi_guid_t *src_guid,
const unsigned char *src_buf,
const unsigned int src_len,
unsigned char **dst_buf,
unsigned int *dst_len,
int64_t dst_handle);
size_t src_len,
unsigned char **dst_buf,
size_t *dst_len,
int64_t dst_handle);
/**
* @brief Encode payload when necessary.
@ -406,8 +406,8 @@ bool
validate_msg_decoding(
const struct entity_common *e,
const struct proxy_endpoint_common *c,
struct proxy_participant *proxypp,
struct receiver_state *rst,
const struct proxy_participant *proxypp,
const struct receiver_state *rst,
SubmessageKind_t prev_smid);
/**
@ -426,13 +426,13 @@ validate_msg_decoding(
* @param[in] dst_prefix Prefix of the destination entity.
* @param[in] byteswap Do the bytes need swapping?
*
* @returns int
* @retval >= 0 Decoding succeeded.
* @retval < 0 Decoding failed.
* @returns bool
* @retval true Decoding succeeded.
* @retval false Decoding failed.
*/
int
bool
decode_SecPrefix(
struct receiver_state *rst,
const struct receiver_state *rst,
unsigned char *submsg,
size_t submsg_size,
unsigned char * const msg_end,
@ -500,7 +500,7 @@ secure_conn_write(
bool dst_one,
nn_msg_sec_info_t *sec_info,
ddsi_tran_write_fn_t conn_write_cb);
/**
* @brief Loads the security plugins with the given configuration.
@ -518,12 +518,12 @@ secure_conn_write(
dds_return_t q_omg_security_load( struct dds_security_context *security_context, const dds_qos_t *qos );
void q_omg_security_init( struct dds_security_context **sc);
void q_omg_security_init( struct dds_security_context **sc, const struct ddsrt_log_cfg *logcfg);
void q_omg_security_deinit( struct dds_security_context **sc);
bool q_omg_is_security_loaded( struct dds_security_context *sc );
/**
* @brief Check if the participant and the proxy participant

1
src/core/ddsi/include/dds/ddsi/q_globals.h
View file

@ -302,7 +302,6 @@ struct q_globals {
#ifdef DDSI_INCLUDE_SECURITY
struct dds_security_context *security_context;
#endif
};
#if defined (__cplusplus)

1605
src/core/ddsi/src/ddsi_security_omg.c
View file

File diff suppressed because it is too large Load diff

2
src/core/ddsi/src/q_init.c
View file

@ -1084,7 +1084,7 @@ int rtps_init (struct q_globals *gv)
add_property_to_xqos(&gv->builtin_volatile_xqos_rd, "dds.sec.builtin_endpoint_name", "BuiltinParticipantVolatileMessageSecureReader");
add_property_to_xqos(&gv->builtin_volatile_xqos_wr, "dds.sec.builtin_endpoint_name", "BuiltinParticipantVolatileMessageSecureWriter");
q_omg_security_init( &gv->security_context );
q_omg_security_init( &gv->security_context, &gv->logconfig );
#endif
make_special_topics (gv);

2
src/core/ddsi/src/q_receive.c
View file

@ -3068,7 +3068,7 @@ static int handle_submsg_sequence
state = "parse:sec_prefix";
{
GVTRACE ("SEC_PREFIX");
if (decode_SecPrefix(rst, submsg, submsg_size, end, &rst->src_guid_prefix, &rst->dst_guid_prefix, byteswap) < 0)
if (!decode_SecPrefix(rst, submsg, submsg_size, end, &rst->src_guid_prefix, &rst->dst_guid_prefix, byteswap))
goto malformed;
}
break;

2
src/security/builtin_plugins/cryptographic/src/crypto_defs.h
View file

@ -111,4 +111,4 @@ typedef enum RTPS_Message_Type
RTPS_Message_Type_SRTPS_POSTFIX = 0x34
} RTPS_Message_Type;
#endif /* CRYPTO_DEFS_H */
#endif /* CRYPTO_DEFS_H */

3
src/security/builtin_plugins/tests/common/src/crypto_helper.h
View file

@ -35,4 +35,5 @@ int master_salt_not_empty(master_key_material *keymat);
int master_key_not_empty(master_key_material *keymat);
int master_receiver_specific_key_not_empty(master_key_material *keymat);
#endif /* DDS_SECURITY_BUITIN_TEST_CRYPTO_HELPER_H */
#endif /* DDS_SECURITY_BUITIN_TEST_CRYPTO_HELPER_H */

2
src/security/builtin_plugins/tests/common/src/handshake_helper.h
View file

@ -87,4 +87,4 @@ check_shared_secret(
EVP_PKEY *dh_local_private,
DDS_Security_HandshakeHandle handshake_handle);
#endif
#endif

2
src/security/builtin_plugins/tests/validate_local_identity/src/validate_local_identity_utests.c
View file

@ -2106,4 +2106,4 @@ CU _ Test(validate_local_identity,with_extended_certificate_check)
}
#endif
#endif

11
src/security/core/include/dds/security/core/dds_security_plugins.h
View file

@ -20,6 +20,8 @@
#include <stdint.h>
#include "dds/security/dds_security_api.h"
struct ddsrt_log_cfg;
typedef struct dds_security_plugin {
ddsrt_dynlib_t lib_handle;
plugin_init func_init;
@ -50,16 +52,19 @@ DDS_EXPORT dds_return_t dds_security_plugin_release(
void *context );
DDS_EXPORT dds_return_t dds_security_check_plugin_configuration(
const dds_security_plugin_suite_config *security_suite_config );
const dds_security_plugin_suite_config *security_suite_config,
const struct ddsrt_log_cfg *logcfg);
DDS_EXPORT dds_return_t dds_security_load_security_library(
const dds_security_plugin_config *plugin_config,
dds_security_plugin *security_plugin, void **security_plugin_context);
dds_security_plugin *security_plugin, void **security_plugin_context,
const struct ddsrt_log_cfg *logcfg);
DDS_EXPORT dds_return_t dds_security_verify_plugin_functions(
dds_security_authentication *authentication_context, dds_security_plugin *auth_plugin,
dds_security_cryptography *crypto_context, dds_security_plugin *crypto_plugin,
dds_security_access_control *access_control_context, dds_security_plugin *ac_plugin);
dds_security_access_control *access_control_context, dds_security_plugin *ac_plugin,
const struct ddsrt_log_cfg *logcfg);
#endif /* SECURITY_CORE_PLUGINS_H_ */

550
src/security/core/src/dds_security_plugins.c
View file

@ -10,395 +10,257 @@
* SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
*/
#include <string.h>
#include <assert.h>
#include "dds/ddsrt/misc.h"
#include "dds/security/core/dds_security_utils.h"
#include "dds/security/core/dds_security_plugins.h"
#include "dds/security/dds_security_api.h"
#include "dds/ddsi/q_unused.h"
#include "dds/ddsi/ddsi_security_msg.h"
#include "dds/ddsi/ddsi_security_omg.h"
#include "dds/ddsi/q_config.h"
#include "dds/ddsi/q_log.h"
#include "dds/ddsrt/log.h"
#include "dds/ddsrt/atomics.h"
#include "dds/ddsrt/heap.h"
#include "dds/ddsrt/dynlib.h"
#include "dds/ddsrt/process.h"
#include "dds/ddsrt/string.h"
#include "dds/ddsrt/sync.h"
#include "dds/ddsrt/hopscotch.h"
#include "dds/ddsi/q_entity.h"
#include "dds/ddsi/q_bswap.h"
#include "dds/ddsi/q_xevent.h"
#include "dds/ddsi/q_time.h"
#include "dds/ddsi/q_plist.h"
#include "dds/ddsrt/io.h"
#define AUTH_NAME "Authentication"
#define AC_NAME "Access Control"
#define CRYPTO_NAME "Cryptographic"
dds_return_t dds_security_check_plugin_configuration(
const dds_security_plugin_suite_config *security_suite_config )
static bool check_plugin_configuration (const dds_security_plugin_config *config, const char *name, const struct ddsrt_log_cfg *logcfg)
{
dds_return_t result = DDS_RETCODE_ERROR;
if (security_suite_config->access_control.library_path == NULL) {
DDS_ERROR("AccessControl security plugin library path is not defined");
} else if (strlen(security_suite_config->access_control.library_path)
== 0) {
DDS_ERROR("AccessControl security plugin library path is empty ");
} else if (security_suite_config->access_control.library_init == NULL) {
DDS_ERROR("AccessControl security plugin init function is not defined");
} else if (strlen(security_suite_config->access_control.library_init)
== 0) {
DDS_ERROR("AccessControl security plugin init function is empty ");
} else if (security_suite_config->access_control.library_finalize == NULL) {
DDS_ERROR(
"AccessControl security plugin finalize function is not defined ");
} else if (strlen(security_suite_config->access_control.library_finalize)
== 0) {
DDS_ERROR("AccessControl security plugin finalize function is empty");
} else if (security_suite_config->authentication.library_path == NULL) {
DDS_ERROR(
"Authentication security plugin library path is not defined in the configuration ");
} else if (strlen(security_suite_config->authentication.library_path)
== 0) {
DDS_ERROR("Authentication security plugin library path is empty ");
} else if (security_suite_config->authentication.library_init == NULL) {
DDS_ERROR("Authentication security plugin init function is not defined ");
} else if (strlen(security_suite_config->authentication.library_init)
== 0) {
DDS_ERROR("Authentication security plugin init function is empty ");
} else if (security_suite_config->authentication.library_finalize == NULL) {
DDS_ERROR(
"Authentication security plugin finalize function is not defined ");
} else if (strlen(security_suite_config->authentication.library_finalize)
== 0) {
DDS_ERROR("Authentication security plugin finalize function is empty");
} else if (security_suite_config->cryptography.library_path == NULL) {
DDS_ERROR(
"Cryptography security plugin library path is not defined in the configuration ");
} else if (strlen(security_suite_config->cryptography.library_path)
== 0) {
DDS_ERROR("Cryptography security plugin library path is empty ");
} else if (security_suite_config->cryptography.library_init == NULL) {
DDS_ERROR("Cryptography security plugin init function is not defined ");
} else if (strlen(security_suite_config->cryptography.library_init)
== 0) {
DDS_ERROR("Cryptography security plugin init function is empty ");
} else if (security_suite_config->cryptography.library_finalize == NULL) {
DDS_ERROR("Cryptography security plugin finalize function is not defined ");
} else if (strlen(security_suite_config->cryptography.library_finalize)
== 0) {
DDS_ERROR("Cryptography security plugin finalize function is empty");
} else {
result = DDS_RETCODE_OK;
}
return result;
}
/*
* checks the function pointer value and CHANGES the out-result value if it is NULL
*/
static bool verify_function(void *function_ptr, dds_security_plugin *plugin,
const char *function_name)
{
if ( function_ptr == NULL ) {
DDS_ERROR("Could not find the function for %s: %s \n", plugin->name,
function_name);
if (config->library_path == NULL || *config->library_path == 0) {
DDS_CERROR (logcfg, "%s security plugin library path is undefined or empty\n", name);
return false;
}
else {
return true;
if (config->library_init == NULL || *config->library_init == 0) {
DDS_CERROR (logcfg, "%s security plugin init function is undefined or empty\n", name);
return false;
}
if (config->library_finalize == NULL || *config->library_finalize == 0) {
DDS_CERROR (logcfg, "%s security plugin finalize function is undefined or empty\n", name);
return false;
}
return true;
}
dds_return_t dds_security_check_plugin_configuration (const dds_security_plugin_suite_config *security_suite_config, const struct ddsrt_log_cfg *logcfg)
{
if (check_plugin_configuration (&security_suite_config->access_control, "AccessControl", logcfg) &&
check_plugin_configuration (&security_suite_config->authentication, "Authentication", logcfg) &&
check_plugin_configuration (&security_suite_config->cryptography, "Cryptography", logcfg))
return DDS_RETCODE_OK;
else
return DDS_RETCODE_ERROR;
}
static bool verify_function (const void *function_ptr, dds_security_plugin *plugin, const char *function_name, const struct ddsrt_log_cfg *logcfg)
{
if (function_ptr != NULL)
return true;
else
{
DDS_CERROR (logcfg, "Could not find the function for %s: %s\n", plugin->name, function_name);
return false;
}
}
struct verify_plugin_functions_tab {
size_t off;
const char *name;
};
static bool verify_plugin_functions (const void *context, dds_security_plugin *plugin, const struct verify_plugin_functions_tab *entries, size_t nentries, const struct ddsrt_log_cfg *logcfg)
{
for (size_t i = 0; i < nentries; i++)
{
const char *p = (const char *) context + entries[i].off;
if (!verify_function (*((void **) p), plugin, entries[i].name, logcfg))
return false;
}
return true;
}
dds_return_t dds_security_verify_plugin_functions(
dds_security_authentication *authentication_context, dds_security_plugin *auth_plugin,
dds_security_cryptography *crypto_context, dds_security_plugin *crypto_plugin,
dds_security_access_control *access_control_context, dds_security_plugin *ac_plugin)
dds_security_access_control *access_control_context, dds_security_plugin *ac_plugin,
const struct ddsrt_log_cfg *logcfg)
{
if(
verify_function(authentication_context->validate_local_identity, auth_plugin,
"validate_local_identity" ) &&
verify_function(authentication_context->get_identity_token, auth_plugin,
"get_identity_token" ) &&
verify_function(authentication_context->get_identity_status_token,
auth_plugin, "get_identity_status_token" ) &&
verify_function(authentication_context->set_permissions_credential_and_token,
auth_plugin, "set_permissions_credential_and_token" ) &&
verify_function(authentication_context->validate_remote_identity,
auth_plugin, "validate_remote_identity" ) &&
verify_function(authentication_context->begin_handshake_request, auth_plugin,
"begin_handshake_request" ) &&
verify_function(authentication_context->begin_handshake_reply, auth_plugin,
"begin_handshake_reply" ) &&
verify_function(authentication_context->process_handshake, auth_plugin,
"process_handshake" ) &&
verify_function(authentication_context->get_shared_secret, auth_plugin,
"get_shared_secret" ) &&
verify_function(
authentication_context->get_authenticated_peer_credential_token,
auth_plugin, "get_authenticated_peer_credential_token" ) &&
verify_function(authentication_context->set_listener, auth_plugin,
"set_listener" ) &&
verify_function(authentication_context->return_identity_token, auth_plugin,
"return_identity_token" ) &&
verify_function(authentication_context->return_identity_status_token,
auth_plugin, "return_identity_status_token" ) &&
verify_function(
authentication_context->return_authenticated_peer_credential_token,
auth_plugin, "return_authenticated_peer_credential_token" ) &&
verify_function(authentication_context->return_handshake_handle, auth_plugin,
"return_handshake_handle" ) &&
verify_function(authentication_context->return_identity_handle, auth_plugin,
"return_identity_handle" ) &&
verify_function(authentication_context->return_sharedsecret_handle,
auth_plugin, "return_sharedsecret_handle" ) &&
verify_function(access_control_context->validate_local_permissions,
ac_plugin, "validate_local_permissions" ) &&
verify_function(access_control_context->validate_remote_permissions,
ac_plugin, "validate_remote_permissions" ) &&
verify_function(access_control_context->check_create_participant, ac_plugin,
"check_create_participant" ) &&
verify_function(access_control_context->check_create_datawriter, ac_plugin,
"check_create_datawriter" ) &&
verify_function(access_control_context->check_create_datareader, ac_plugin,
"check_create_datareader" ) &&
verify_function(access_control_context->check_create_topic, ac_plugin,
"check_create_topic" ) &&
verify_function(
access_control_context->check_local_datawriter_register_instance,
ac_plugin, "check_local_datawriter_register_instance" ) &&
verify_function(
access_control_context->check_local_datawriter_dispose_instance,
ac_plugin, "check_local_datawriter_dispose_instance" ) &&
verify_function(access_control_context->check_remote_participant, ac_plugin,
"check_remote_participant" ) &&
verify_function(access_control_context->check_remote_datawriter, ac_plugin,
"check_remote_datawriter" ) &&
verify_function(access_control_context->check_remote_datareader, ac_plugin,
"check_remote_datareader" ) &&
verify_function(access_control_context->check_remote_topic, ac_plugin,
"check_remote_topic" ) &&
verify_function(access_control_context->check_local_datawriter_match,
ac_plugin, "check_local_datawriter_match" ) &&
verify_function(access_control_context->check_local_datareader_match,
ac_plugin, "check_local_datareader_match" ) &&
verify_function(
access_control_context->check_remote_datawriter_register_instance,
ac_plugin, "check_remote_datawriter_register_instance" ) &&
verify_function(
access_control_context->check_remote_datawriter_dispose_instance,
ac_plugin, "check_remote_datawriter_dispose_instance" ) &&
verify_function(access_control_context->get_permissions_token, ac_plugin,
"get_permissions_token" ) &&
verify_function(access_control_context->get_permissions_credential_token,
ac_plugin, "get_permissions_credential_token" ) &&
verify_function(access_control_context->set_listener, ac_plugin,
"set_listener" ) &&
verify_function(access_control_context->return_permissions_token, ac_plugin,
"return_permissions_token" ) &&
verify_function(access_control_context->return_permissions_credential_token,
ac_plugin, "return_permissions_credential_token" ) &&
verify_function(access_control_context->get_participant_sec_attributes,
ac_plugin, "get_participant_sec_attributes" ) &&
verify_function(access_control_context->get_topic_sec_attributes, ac_plugin,
"get_topic_sec_attributes" ) &&
verify_function(access_control_context->get_datawriter_sec_attributes,
ac_plugin, "get_datawriter_sec_attributes" ) &&
verify_function(access_control_context->get_datareader_sec_attributes,
ac_plugin, "get_datareader_sec_attributes" ) &&
verify_function(access_control_context->return_participant_sec_attributes,
ac_plugin, "return_participant_sec_attributes" ) &&
verify_function(access_control_context->return_datawriter_sec_attributes,
ac_plugin, "return_datawriter_sec_attributes" ) &&
verify_function(access_control_context->return_datareader_sec_attributes,
ac_plugin, "return_datareader_sec_attributes" ) &&
verify_function(access_control_context->return_permissions_handle,
ac_plugin, "return_permissions_handle" ) &&
verify_function(
crypto_context->crypto_key_factory->register_local_participant,
crypto_plugin, "register_local_participant" ) &&
verify_function(
crypto_context->crypto_key_factory->register_matched_remote_participant,
crypto_plugin, "register_matched_remote_participant" ) &&
verify_function(crypto_context->crypto_key_factory->register_local_datawriter,
crypto_plugin, "register_local_datawriter" ) &&
verify_function(
crypto_context->crypto_key_factory->register_matched_remote_datareader,
crypto_plugin, "register_matched_remote_datareader" ) &&
verify_function(crypto_context->crypto_key_factory->register_local_datareader,
crypto_plugin, "register_local_datareader" ) &&
verify_function(
crypto_context->crypto_key_factory->register_matched_remote_datawriter,
crypto_plugin, "register_matched_remote_datawriter" ) &&
verify_function(crypto_context->crypto_key_factory->unregister_participant,
crypto_plugin, "unregister_participant" ) &&
verify_function(crypto_context->crypto_key_factory->unregister_datawriter,
crypto_plugin, "unregister_datawriter" ) &&
verify_function(crypto_context->crypto_key_factory->unregister_datareader,
crypto_plugin, "unregister_datareader" ) &&
verify_function(
crypto_context->crypto_key_exchange->create_local_participant_crypto_tokens,
crypto_plugin, "create_local_participant_crypto_tokens" ) &&
verify_function(
crypto_context->crypto_key_exchange->set_remote_participant_crypto_tokens,
crypto_plugin, "set_remote_participant_crypto_tokens" ) &&
verify_function(
crypto_context->crypto_key_exchange->create_local_datawriter_crypto_tokens,
crypto_plugin, "create_local_datawriter_crypto_tokens" ) &&
verify_function(
crypto_context->crypto_key_exchange->set_remote_datawriter_crypto_tokens,
crypto_plugin, "set_remote_datawriter_crypto_tokens" ) &&
verify_function(
crypto_context->crypto_key_exchange->create_local_datareader_crypto_tokens,
crypto_plugin, "create_local_datareader_crypto_tokens" ) &&
verify_function(
crypto_context->crypto_key_exchange->set_remote_datareader_crypto_tokens,
crypto_plugin, "set_remote_datareader_crypto_tokens" ) &&
verify_function(crypto_context->crypto_key_exchange->return_crypto_tokens,
crypto_plugin, "return_crypto_tokens" ) &&
verify_function(crypto_context->crypto_transform->encode_serialized_payload,
crypto_plugin, "encode_serialized_payload" ) &&
verify_function(
crypto_context->crypto_transform->encode_datawriter_submessage,
crypto_plugin, "encode_datawriter_submessage" ) &&
verify_function(
crypto_context->crypto_transform->encode_datareader_submessage,
crypto_plugin, "encode_datareader_submessage" ) &&
verify_function(crypto_context->crypto_transform->encode_rtps_message,
crypto_plugin, "encode_rtps_message" ) &&
verify_function(crypto_context->crypto_transform->decode_rtps_message,
crypto_plugin, "decode_rtps_message" ) &&
verify_function(crypto_context->crypto_transform->preprocess_secure_submsg,
crypto_plugin, "preprocess_secure_submsg" ) &&
verify_function(
crypto_context->crypto_transform->decode_datawriter_submessage,
crypto_plugin, "decode_datawriter_submessage" ) &&
verify_function(
crypto_context->crypto_transform->decode_datareader_submessage,
crypto_plugin, "decode_datareader_submessage" ) &&
verify_function(crypto_context->crypto_transform->decode_serialized_payload,
crypto_plugin, "decode_serialized_payload" ) ){
#define FGEN(context, name) { offsetof (context, name), #name }
#define F(name) FGEN (dds_security_authentication, name)
static const struct verify_plugin_functions_tab auth[] = {
F (validate_local_identity),
F (get_identity_token),
F (get_identity_status_token),
F (set_permissions_credential_and_token),
F (validate_remote_identity),
F (begin_handshake_request),
F (begin_handshake_reply),
F (process_handshake),
F (get_shared_secret),
F (get_authenticated_peer_credential_token),
F (set_listener),
F (return_identity_token),
F (return_identity_status_token),
F (return_authenticated_peer_credential_token),
F (return_handshake_handle),
F (return_sharedsecret_handle)
};
#undef F
#define F(name) FGEN (dds_security_access_control, name)
static const struct verify_plugin_functions_tab ac[] = {
F (validate_local_permissions),
F (validate_remote_permissions),
F (check_create_participant),
F (check_create_datawriter),
F (check_create_datareader),
F (check_create_topic),
F (check_local_datawriter_register_instance),
F (check_local_datawriter_dispose_instance),
F (check_remote_participant),
F (check_remote_datawriter),
F (check_remote_datareader),
F (check_remote_topic),
F (check_local_datawriter_match),
F (check_local_datareader_match),
F (check_remote_datawriter_register_instance),
F (check_remote_datawriter_dispose_instance),
F (get_permissions_token),
F (get_permissions_credential_token),
F (set_listener),
F (return_permissions_token),
F (return_permissions_credential_token),
F (get_participant_sec_attributes),
F (get_topic_sec_attributes),
F (get_datawriter_sec_attributes),
F (get_datareader_sec_attributes),
F (return_participant_sec_attributes),
F (return_datawriter_sec_attributes),
F (return_datareader_sec_attributes),
F (return_permissions_handle)
};
#undef F
#define F(name) FGEN (dds_security_crypto_key_factory, name)
static const struct verify_plugin_functions_tab cryptoF[] = {
F (register_local_participant),
F (register_matched_remote_participant),
F (register_local_datawriter),
F (register_matched_remote_datareader),
F (register_local_datareader),
F (register_matched_remote_datawriter),
F (unregister_participant),
F (unregister_datawriter),
F (unregister_datareader)
};
#undef F
#define F(name) FGEN (dds_security_crypto_key_exchange, name)
static const struct verify_plugin_functions_tab cryptoX[] = {
F (create_local_participant_crypto_tokens),
F (set_remote_participant_crypto_tokens),
F (create_local_datawriter_crypto_tokens),
F (set_remote_datawriter_crypto_tokens),
F (create_local_datareader_crypto_tokens),
F (set_remote_datareader_crypto_tokens),
F (return_crypto_tokens)
};
#undef F
#define F(name) FGEN (dds_security_crypto_transform, name)
static const struct verify_plugin_functions_tab cryptoT[] = {
F (encode_serialized_payload),
F (encode_datawriter_submessage),
F (encode_datareader_submessage),
F (encode_rtps_message),
F (decode_rtps_message),
F (preprocess_secure_submsg),
F (decode_datawriter_submessage),
F (decode_datareader_submessage),
F (decode_serialized_payload)
};
#undef F
#define C(context, plugin, table) verify_plugin_functions (context, plugin, table, sizeof (table) / sizeof (table[0]), logcfg)
if (C (authentication_context, auth_plugin, auth) &&
C (access_control_context, ac_plugin, ac) &&
C (crypto_context->crypto_key_factory, crypto_plugin, cryptoF) &&
C (crypto_context->crypto_key_exchange, crypto_plugin, cryptoX) &&
C (crypto_context->crypto_transform, crypto_plugin, cryptoT))
{
return DDS_RETCODE_OK;
}
else {
else
{
return DDS_RETCODE_ERROR;
}
#undef C
}
/**
* All fields of the library properties are supposed to be non-empty
*/
dds_return_t dds_security_load_security_library(
const dds_security_plugin_config *plugin_config,
dds_security_plugin *security_plugin,
void **security_plugin_context)
dds_return_t dds_security_load_security_library (const dds_security_plugin_config *plugin_config, dds_security_plugin *security_plugin, void **security_plugin_context, const struct ddsrt_log_cfg *logcfg)
{
dds_return_t ret = DDS_RETCODE_ERROR;
dds_return_t lib_ret = DDS_RETCODE_ERROR;
char * init_parameters = "";
dds_return_t lib_ret;
char *init_parameters = "";
char *library_str;
assert( plugin_config->library_path );
assert( plugin_config->library_init );
assert( plugin_config->library_finalize );
assert (plugin_config->library_path);
assert (plugin_config->library_init);
assert (plugin_config->library_finalize);
if ( strlen(plugin_config->library_path) > 0 ) {
security_plugin->lib_handle = NULL;
if (*plugin_config->library_path == 0)
return DDS_RETCODE_ERROR;
//library_str = ddsrt_malloc(strlen(plugin_config->library_path) + 1);
if (strncmp(plugin_config->library_path, "file://", 7) == 0) {
(void)ddsrt_asprintf(&library_str, "%s", &plugin_config->library_path[7]);
} else {
(void)ddsrt_asprintf(&library_str, "%s", plugin_config->library_path);
}
lib_ret = ddsrt_dlopen( library_str, true, &security_plugin->lib_handle);
ddsrt_free(library_str);
if( lib_ret == DDS_RETCODE_OK && security_plugin->lib_handle){
/* Get init and fini functions . */
if ( ddsrt_dlsym(security_plugin->lib_handle, plugin_config->library_init, (void **)&security_plugin->func_init) == DDS_RETCODE_OK){
if ( ddsrt_dlsym(security_plugin->lib_handle, plugin_config->library_finalize, (void **)&security_plugin->func_finalize) == DDS_RETCODE_OK){
/* Initialize plugin. */
if ( security_plugin->func_init != NULL) {
lib_ret = security_plugin->func_init(init_parameters, (void **) security_plugin_context);
if (lib_ret == DDS_RETCODE_OK){ /* error occured on init */
return DDS_RETCODE_OK;
} else{
DDS_ERROR("Error occured while initializing %s plugin\n",
security_plugin->name);
goto library_error;
}
}
}
else {
DDS_ERROR("Could not find the function: %s\n", plugin_config->library_finalize);
goto library_error;
}
}
else{
DDS_ERROR("Could not find the function: %s\n",plugin_config->library_init);
goto library_error;
}
} else {
char buffer[256];
ddsrt_dlerror(buffer, sizeof(buffer));
DDS_ERROR("Could not load %s library: %s\n", security_plugin->name, buffer);
goto load_error;
}
return ret;
const size_t poff = (strncmp (plugin_config->library_path, "file://", 7) == 0) ? 7 : 0;
(void) ddsrt_asprintf (&library_str, "%s", plugin_config->library_path + poff);
lib_ret = ddsrt_dlopen (library_str, true, &security_plugin->lib_handle);
ddsrt_free (library_str);
if (lib_ret != DDS_RETCODE_OK)
{
char buffer[256];
ddsrt_dlerror (buffer, sizeof (buffer));
DDS_CERROR (logcfg, "Could not load %s library: %s\n", security_plugin->name, buffer);
goto load_error;
}
void *tmp;
if (ddsrt_dlsym (security_plugin->lib_handle, plugin_config->library_init, &tmp) != DDS_RETCODE_OK)
{
DDS_CERROR (logcfg, "Could not find the function: %s\n", plugin_config->library_init);
goto library_error;
}
security_plugin->func_init = (plugin_init) tmp;
if (ddsrt_dlsym (security_plugin->lib_handle, plugin_config->library_finalize, &tmp) != DDS_RETCODE_OK)
{
DDS_CERROR (logcfg, "Could not find the function: %s\n", plugin_config->library_finalize);
goto library_error;
}
security_plugin->func_finalize = (plugin_finalize) tmp;
if (security_plugin->func_init != 0)
{
if (security_plugin->func_init (init_parameters, (void **) security_plugin_context) != DDS_RETCODE_OK)
{
DDS_CERROR (logcfg, "Error occured while initializing %s plugin\n", security_plugin->name);
goto library_error;
}
}
return DDS_RETCODE_OK;
library_error:
ddsrt_dlclose(security_plugin->lib_handle);
ddsrt_dlclose (security_plugin->lib_handle);
security_plugin->lib_handle = NULL;
load_error:
return ret;
return DDS_RETCODE_ERROR;
}
dds_return_t dds_security_plugin_release( const dds_security_plugin *security_plugin, void *context ){
dds_return_t result= DDS_RETCODE_OK;
assert( security_plugin->lib_handle );
assert( security_plugin->func_finalize );
dds_return_t dds_security_plugin_release (const dds_security_plugin *security_plugin, void *context)
{
dds_return_t result = DDS_RETCODE_OK;
assert (security_plugin->lib_handle);
assert (security_plugin->func_finalize);
/* if get error from either finalize OR close, return error */
if( security_plugin->func_finalize( context ) != DDS_RETCODE_OK){
if (security_plugin->func_finalize (context) != DDS_RETCODE_OK)
{
DDS_ERROR("Error occured while finaizing %s plugin", security_plugin->name);
result = DDS_RETCODE_ERROR;
}
if( ddsrt_dlclose( security_plugin->lib_handle ) != DDS_RETCODE_OK){
if (ddsrt_dlclose (security_plugin->lib_handle) != DDS_RETCODE_OK){
result = DDS_RETCODE_ERROR;
}
return result;
}