niklas/cyclonedds
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Correct handshake tokens verification w.r.t. optional fields

Browse source 
Signed-off-by: Marcel Jordense <marcel.jordense@adlinktech.com>
This commit is contained in:
Marcel Jordense 2020-05-01 10:57:38 +02:00 committed by eboasson
parent 4ac06895f0
commit 623a5c02bd
10 changed files with 227 additions and 176 deletions
Download patch file Download diff file Expand all files Collapse all files

1
src/core/ddsi/include/dds/ddsi/ddsi_domaingv.h
View file

@ -330,6 +330,7 @@ struct ddsi_domaingv {
#ifdef DDSI_INCLUDE_SECURITY
struct dds_security_context *security_context;
struct ddsi_hsadmin *hsadmin;
bool handshake_include_optional;
#endif
};

1
src/core/ddsi/include/dds/ddsi/q_config.h
View file

@ -174,6 +174,7 @@ typedef struct authentication_properties_type{
char *private_key;
char *password;
char *trusted_ca_dir;
bool include_optional_fields;
} authentication_properties_type;
typedef struct access_control_properties_type{

5
src/core/ddsi/src/ddsi_security_omg.c
View file

@ -735,6 +735,11 @@ void q_omg_security_init (struct ddsi_domaingv *gv)
ddsrt_mutex_init (&sc->omg_security_lock);
gv->security_context = sc;
if (gv->config.omg_security_configuration)
gv->handshake_include_optional = gv->config.omg_security_configuration->cfg.authentication_properties.include_optional_fields;
else
gv->handshake_include_optional = false;
ddsi_handshake_admin_init(gv);
}

4
src/core/ddsi/src/q_config.c
View file

@ -353,7 +353,9 @@ The value of the password property shall be interpreted as the Base64 encoding o
If the password property is not present, then the value supplied in the private_key property must contain the unencrypted private key. </p>") },
{ LEAF ("TrustedCADirectory"), 1, "", RELOFF (config_omg_security_listelem, cfg.authentication_properties.trusted_ca_dir), 0, uf_string, ff_free, pf_string,
BLURB("<p>Trusted CA Directory which contains trusted CA certificates as separated files.</p>") },
{ LEAF ("IncludeOptionalFields"), 1, "false", RELOFF (config_omg_security_listelem, cfg.authentication_properties.include_optional_fields), 0, uf_boolean, 0, pf_boolean,
BLURB("<p>The authentication handshake tokens may contain optional fields to be included for finding interoperability problems.\n\
If this parameter is set to true the optional fields are included in the handshake token exchange.</p>") },
END_MARKER
};