diff --git a/src/core/ddsi/src/ddsi_security_omg.c b/src/core/ddsi/src/ddsi_security_omg.c index d064105..79052b2 100644 --- a/src/core/ddsi/src/ddsi_security_omg.c +++ b/src/core/ddsi/src/ddsi_security_omg.c @@ -1401,12 +1401,18 @@ static bool is_topic_discovery_protected(DDS_Security_PermissionsHandle permissi { DDS_Security_TopicSecurityAttributes attributes = {0,0,0,0}; DDS_Security_SecurityException exception = DDS_SECURITY_EXCEPTION_INIT; + bool result = false; if (access_control->get_topic_sec_attributes(access_control, permission_handle, topic_name, &attributes, &exception)) - return attributes.is_discovery_protected; + { + result = attributes.is_discovery_protected; + access_control->return_topic_sec_attributes(access_control, &attributes, &exception); + } else + { DDS_Security_Exception_reset(&exception); - return false; + } + return result; } static void handle_not_allowed( diff --git a/src/security/core/tests/access_control.c b/src/security/core/tests/access_control.c index ed91c66..261fbdf 100644 --- a/src/security/core/tests/access_control.c +++ b/src/security/core/tests/access_control.c @@ -837,50 +837,6 @@ CU_Test(ddssec_access_control, readwrite_protection, .timeout=60) } } -/* Test that all attributes and token retrieved from the access control plugin - are correctly returned. */ -CU_Test(ddssec_access_control, check_returns) -{ - char topic_name[100]; - create_topic_name ("ddssec_access_control_", g_topic_nr++, topic_name, sizeof (topic_name)); - - char *ca, *id1, *id2, *id1_subj, *id2_subj; - ca = generate_ca ("ca1", TEST_IDENTITY_CA1_PRIVATE_KEY, 0, 3600); - id1 = generate_identity (ca, TEST_IDENTITY_CA1_PRIVATE_KEY, "id1", TEST_IDENTITY1_PRIVATE_KEY, 0, 3600, &id1_subj); - id2 = generate_identity (ca, TEST_IDENTITY_CA1_PRIVATE_KEY, "id2", TEST_IDENTITY1_PRIVATE_KEY, 0, 3600, &id2_subj); - - char * grants[] = { - get_permissions_default_grant ("id1", id1_subj, topic_name), - get_permissions_default_grant ("id2", id2_subj, topic_name) }; - char * perm_config = get_permissions_config (grants, 2, true); - - char * gov_topic_rule = get_governance_topic_rule (NULL, true, true, true, true, PK_E, BPK_E); - char * gov_config = get_governance_config (false, true, PK_E, PK_E, PK_E, gov_topic_rule, true); - const char * def_perm_ca = PF_F COMMON_ETC_PATH("default_permissions_ca.pem"); - - access_control_init ( - 2, - (const char *[]) { id1, id2 }, - (const char *[]) { TEST_IDENTITY1_PRIVATE_KEY, TEST_IDENTITY1_PRIVATE_KEY }, - (const char *[]) { ca, ca }, - (bool []) { false, false }, - (const char *[]) { "init_test_access_control_check_returns", "init_test_access_control_wrapped" }, - (const char *[]) { "finalize_test_access_control_check_returns", "finalize_test_access_control_wrapped" }, - (bool []) { true, true }, (const char *[]) { gov_config, gov_config }, - (bool []) { true, true }, (const char *[]) { perm_config, perm_config }, - (bool []) { true, true }, (const char *[]) { def_perm_ca, def_perm_ca }); - - dds_entity_t pub, sub, pub_tp, sub_tp, wr, rd; - rd_wr_init (g_participant[0], &pub, &pub_tp, &wr, g_participant[1], &sub, &sub_tp, &rd, topic_name); - sync_writer_to_readers (g_participant[0], wr, 1, DDS_SECS (1)); - sync_reader_to_writers (g_participant[1], rd, 1, DDS_SECS (1)); - - struct dds_security_access_control_impl * ac_context = get_access_control_context (g_participant[0]); - CU_ASSERT_FATAL (check_returns (ac_context)); - - access_control_fini (2, (void * []) { gov_config, gov_topic_rule, grants[0], grants[1], perm_config, ca, id1_subj, id2_subj, id1, id2 }, 10); -} - /* Check that communication for a topic that is allowed in the permissions config keeps working in case the publisher also creates a writer for a non-allowed topic */ CU_Test(ddssec_access_control, denied_topic) diff --git a/src/security/core/tests/common/access_control_wrapper.c b/src/security/core/tests/common/access_control_wrapper.c index 7a80087..ac9cbd9 100644 --- a/src/security/core/tests/common/access_control_wrapper.c +++ b/src/security/core/tests/common/access_control_wrapper.c @@ -11,6 +11,7 @@ */ #include #include +#include "CUnit/Test.h" #include "dds/dds.h" #include "dds/ddsrt/circlist.h" #include "dds/ddsrt/heap.h" @@ -29,7 +30,6 @@ enum ac_plugin_mode { PLUGIN_MODE_WRAPPED, PLUGIN_MODE_NOT_ALLOWED, PLUGIN_MODE_MISSING_FUNC, - PLUGIN_MODE_CHECK_RETURNS, }; enum ac_plugin_not_allowed { @@ -83,6 +83,7 @@ static void init_returns_log(struct dds_security_access_control_impl *impl) { ddsrt_mutex_init (&impl->returns_log_lock); ddsrt_circlist_init (&impl->returns_log); + impl->invalid_return = false; } static void fini_returns_log(struct dds_security_access_control_impl *impl) @@ -100,46 +101,55 @@ static void fini_returns_log(struct dds_security_access_control_impl *impl) static void register_return_obj (struct dds_security_access_control_impl * impl, void * obj) { - assert(impl->mode == PLUGIN_MODE_CHECK_RETURNS); + assert(impl->mode == PLUGIN_MODE_WRAPPED); ddsrt_mutex_lock (&impl->returns_log_lock); struct returns_log_data * attr_data = ddsrt_malloc (sizeof (*attr_data)); attr_data->obj = obj; ddsrt_circlist_append(&impl->returns_log, &attr_data->e); - printf("log obj %p\n", obj); ddsrt_mutex_unlock (&impl->returns_log_lock); } +static struct ddsrt_circlist_elem *find_return_obj_data (struct dds_security_access_control_impl * impl, void * obj) +{ + struct ddsrt_circlist_elem *elem0 = ddsrt_circlist_oldest (&impl->returns_log), *elem = elem0; + if (elem != NULL) + { + do + { + struct returns_log_data *data = DDSRT_FROM_CIRCLIST (struct returns_log_data, e, elem); + if (data->obj == obj) + return elem; + elem = elem->next; + } while (elem != elem0); + } + return NULL; +} + static void unregister_return_obj (struct dds_security_access_control_impl * impl, void * obj) { - assert(impl->mode == PLUGIN_MODE_CHECK_RETURNS); + struct ddsrt_circlist_elem *elem; + assert(impl->mode == PLUGIN_MODE_WRAPPED); ddsrt_mutex_lock (&impl->returns_log_lock); - struct ddsrt_circlist_elem *elem0 = ddsrt_circlist_oldest (&impl->returns_log), *elem = elem0; - while (elem != NULL) + if ((elem = find_return_obj_data (impl, obj)) != NULL) { - struct returns_log_data *data = DDSRT_FROM_CIRCLIST (struct returns_log_data, e, elem); - if (data->obj == obj) - { - ddsrt_circlist_remove (&impl->returns_log, elem); - ddsrt_mutex_unlock (&impl->returns_log_lock); - ddsrt_free (elem); - printf("return obj %p\n", obj); - return; - } - elem = elem->next; - if (elem == elem0) - break; + ddsrt_circlist_remove (&impl->returns_log, elem); + ddsrt_free (elem); + } + else + { + impl->invalid_return = true; + printf ("invalid return %p\n", obj); } - impl->invalid_return = true; ddsrt_mutex_unlock (&impl->returns_log_lock); } -bool check_returns (struct dds_security_access_control_impl * impl) +static bool all_returns_valid (struct dds_security_access_control_impl * impl) { - assert(impl->mode == PLUGIN_MODE_CHECK_RETURNS); + assert(impl->mode == PLUGIN_MODE_WRAPPED); ddsrt_mutex_lock (&impl->returns_log_lock); - bool result = impl->invalid_return || !ddsrt_circlist_isempty (&impl->returns_log); + bool valid = !impl->invalid_return && ddsrt_circlist_isempty (&impl->returns_log); ddsrt_mutex_unlock (&impl->returns_log_lock); - return result; + return valid; } static DDS_Security_PermissionsHandle validate_local_permissions( @@ -162,11 +172,8 @@ static DDS_Security_PermissionsHandle validate_local_permissions( } /* fall through */ case PLUGIN_MODE_WRAPPED: - case PLUGIN_MODE_CHECK_RETURNS: { DDS_Security_PermissionsHandle handle = impl->instance->validate_local_permissions(impl->instance, auth_plugin, identity, domain_id, participant_qos, ex); - if (impl->mode == PLUGIN_MODE_CHECK_RETURNS) - register_return_obj (impl, (void *) handle); return handle; } @@ -196,12 +203,9 @@ static DDS_Security_PermissionsHandle validate_remote_permissions( } /* fall through */ case PLUGIN_MODE_WRAPPED: - case PLUGIN_MODE_CHECK_RETURNS: { DDS_Security_PermissionsHandle handle = impl->instance->validate_remote_permissions(impl->instance, auth_plugin, local_identity_handle, remote_identity_handle, remote_permissions_token, remote_credential_token, ex); - if (impl->mode == PLUGIN_MODE_CHECK_RETURNS) - register_return_obj (impl, (void *) handle); return handle; } @@ -229,7 +233,6 @@ static DDS_Security_boolean check_create_participant( } /* fall through */ case PLUGIN_MODE_WRAPPED: - case PLUGIN_MODE_CHECK_RETURNS: return impl->instance->check_create_participant(impl->instance, permissions_handle, domain_id, participant_qos, ex); default: @@ -262,7 +265,6 @@ static DDS_Security_boolean check_create_datawriter( } /* fall through */ case PLUGIN_MODE_WRAPPED: - case PLUGIN_MODE_CHECK_RETURNS: return impl->instance->check_create_datawriter(impl->instance, permissions_handle, domain_id, topic_name, writer_qos, partition, data_tag, ex); default: @@ -292,7 +294,6 @@ static DDS_Security_boolean check_create_datareader( } /* fall through */ case PLUGIN_MODE_WRAPPED: - case PLUGIN_MODE_CHECK_RETURNS: return impl->instance->check_create_datareader(impl->instance, permissions_handle, domain_id, topic_name, reader_qos, partition, data_tag, ex); default: @@ -320,7 +321,6 @@ static DDS_Security_boolean check_create_topic( } /* fall through */ case PLUGIN_MODE_WRAPPED: - case PLUGIN_MODE_CHECK_RETURNS: return impl->instance->check_create_topic(impl->instance, permissions_handle, domain_id, topic_name, qos, ex); default: @@ -340,7 +340,6 @@ static DDS_Security_boolean check_local_datawriter_register_instance( { case PLUGIN_MODE_WRAPPED: case PLUGIN_MODE_NOT_ALLOWED: - case PLUGIN_MODE_CHECK_RETURNS: return impl->instance->check_local_datawriter_register_instance(impl->instance, permissions_handle, writer, key, ex); default: @@ -360,7 +359,6 @@ static DDS_Security_boolean check_local_datawriter_dispose_instance( { case PLUGIN_MODE_WRAPPED: case PLUGIN_MODE_NOT_ALLOWED: - case PLUGIN_MODE_CHECK_RETURNS: return impl->instance->check_local_datawriter_dispose_instance(impl->instance, permissions_handle, writer, key, ex); default: @@ -387,7 +385,6 @@ static DDS_Security_boolean check_remote_participant( } /* fall through */ case PLUGIN_MODE_WRAPPED: - case PLUGIN_MODE_CHECK_RETURNS: return impl->instance->check_remote_participant(impl->instance, permissions_handle, domain_id, participant_data, ex); default: @@ -414,7 +411,6 @@ static DDS_Security_boolean check_remote_datawriter( } /* fall through */ case PLUGIN_MODE_WRAPPED: - case PLUGIN_MODE_CHECK_RETURNS: return impl->instance->check_remote_datawriter(impl->instance, permissions_handle, domain_id, publication_data, ex); default: @@ -445,7 +441,6 @@ static DDS_Security_boolean check_remote_datareader( } /* fall through */ case PLUGIN_MODE_WRAPPED: - case PLUGIN_MODE_CHECK_RETURNS: { bool ret; if ((ret = impl->instance->check_remote_datareader(impl->instance, permissions_handle, domain_id, subscription_data, relay_only, ex))) @@ -485,7 +480,6 @@ static DDS_Security_boolean check_remote_topic( } /* fall through */ case PLUGIN_MODE_WRAPPED: - case PLUGIN_MODE_CHECK_RETURNS: return impl->instance->check_remote_topic(impl->instance, permissions_handle, domain_id, topic_data, ex); default: @@ -506,7 +500,6 @@ static DDS_Security_boolean check_local_datawriter_match( { case PLUGIN_MODE_WRAPPED: case PLUGIN_MODE_NOT_ALLOWED: - case PLUGIN_MODE_CHECK_RETURNS: return impl->instance->check_local_datawriter_match(impl->instance, writer_permissions_handle, reader_permissions_handle, publication_data, subscription_data, ex); default: @@ -527,7 +520,6 @@ static DDS_Security_boolean check_local_datareader_match( { case PLUGIN_MODE_WRAPPED: case PLUGIN_MODE_NOT_ALLOWED: - case PLUGIN_MODE_CHECK_RETURNS: return impl->instance->check_local_datareader_match(impl->instance, reader_permissions_handle, writer_permissions_handle, subscription_data, publication_data, ex); default: @@ -549,7 +541,6 @@ static DDS_Security_boolean check_remote_datawriter_register_instance( { case PLUGIN_MODE_WRAPPED: case PLUGIN_MODE_NOT_ALLOWED: - case PLUGIN_MODE_CHECK_RETURNS: return impl->instance->check_remote_datawriter_register_instance(impl->instance, permissions_handle, reader, publication_handle, key, instance_handle, ex); default: @@ -570,7 +561,6 @@ static DDS_Security_boolean check_remote_datawriter_dispose_instance( { case PLUGIN_MODE_WRAPPED: case PLUGIN_MODE_NOT_ALLOWED: - case PLUGIN_MODE_CHECK_RETURNS: return impl->instance->check_remote_datawriter_dispose_instance(impl->instance, permissions_handle, reader, publication_handle, key, ex); default: @@ -587,10 +577,9 @@ static DDS_Security_boolean get_permissions_token( struct dds_security_access_control_impl *impl = (struct dds_security_access_control_impl *)instance; switch (impl->mode) { - case PLUGIN_MODE_CHECK_RETURNS: + case PLUGIN_MODE_WRAPPED: register_return_obj (impl, (void*) permissions_token); /* fall through */ - case PLUGIN_MODE_WRAPPED: case PLUGIN_MODE_NOT_ALLOWED: return impl->instance->get_permissions_token(impl->instance, permissions_token, handle, ex); @@ -610,10 +599,9 @@ static DDS_Security_boolean get_permissions_credential_token( struct dds_security_access_control_impl *impl = (struct dds_security_access_control_impl *)instance; switch (impl->mode) { - case PLUGIN_MODE_CHECK_RETURNS: + case PLUGIN_MODE_WRAPPED: register_return_obj (impl, (void*) permissions_credential_token); /* fall through */ - case PLUGIN_MODE_WRAPPED: case PLUGIN_MODE_NOT_ALLOWED: return impl->instance->get_permissions_credential_token(impl->instance, permissions_credential_token, handle, ex); @@ -632,7 +620,6 @@ static DDS_Security_boolean set_listener( { case PLUGIN_MODE_WRAPPED: case PLUGIN_MODE_NOT_ALLOWED: - case PLUGIN_MODE_CHECK_RETURNS: return impl->instance->set_listener (impl->instance, listener, ex); default: @@ -648,10 +635,9 @@ static DDS_Security_boolean return_permissions_token( struct dds_security_access_control_impl *impl = (struct dds_security_access_control_impl *)instance; switch (impl->mode) { - case PLUGIN_MODE_CHECK_RETURNS: + case PLUGIN_MODE_WRAPPED: unregister_return_obj (impl, (void*) token); /* fall through */ - case PLUGIN_MODE_WRAPPED: case PLUGIN_MODE_NOT_ALLOWED: return impl->instance->return_permissions_token (impl->instance, token, ex); @@ -669,10 +655,9 @@ static DDS_Security_boolean return_permissions_credential_token( struct dds_security_access_control_impl *impl = (struct dds_security_access_control_impl *)instance; switch (impl->mode) { - case PLUGIN_MODE_CHECK_RETURNS: + case PLUGIN_MODE_WRAPPED: unregister_return_obj (impl, (void*) permissions_credential_token); /* fall through */ - case PLUGIN_MODE_WRAPPED: case PLUGIN_MODE_NOT_ALLOWED: return impl->instance->return_permissions_credential_token(impl->instance, permissions_credential_token, ex); @@ -690,10 +675,9 @@ static DDS_Security_boolean get_participant_sec_attributes( struct dds_security_access_control_impl *impl = (struct dds_security_access_control_impl *)instance; switch (impl->mode) { - case PLUGIN_MODE_CHECK_RETURNS: + case PLUGIN_MODE_WRAPPED: register_return_obj (impl, (void*) attributes); /* fall through */ - case PLUGIN_MODE_WRAPPED: case PLUGIN_MODE_NOT_ALLOWED: return impl->instance->get_participant_sec_attributes(impl->instance, permissions_handle, attributes, ex); @@ -712,10 +696,9 @@ static DDS_Security_boolean get_topic_sec_attributes( struct dds_security_access_control_impl *impl = (struct dds_security_access_control_impl *)instance; switch (impl->mode) { - case PLUGIN_MODE_CHECK_RETURNS: + case PLUGIN_MODE_WRAPPED: register_return_obj (impl, (void*) attributes); /* fall through */ - case PLUGIN_MODE_WRAPPED: case PLUGIN_MODE_NOT_ALLOWED: return impl->instance->get_topic_sec_attributes(impl->instance, permissions_handle, topic_name, attributes, ex); @@ -736,10 +719,9 @@ static DDS_Security_boolean get_datawriter_sec_attributes( struct dds_security_access_control_impl *impl = (struct dds_security_access_control_impl *)instance; switch (impl->mode) { - case PLUGIN_MODE_CHECK_RETURNS: + case PLUGIN_MODE_WRAPPED: register_return_obj (impl, (void*) attributes); /* fall through */ - case PLUGIN_MODE_WRAPPED: case PLUGIN_MODE_NOT_ALLOWED: return impl->instance->get_datawriter_sec_attributes(impl->instance, permissions_handle, topic_name, partition, data_tag, attributes, ex); @@ -760,10 +742,9 @@ static DDS_Security_boolean get_datareader_sec_attributes( struct dds_security_access_control_impl *impl = (struct dds_security_access_control_impl *)instance; switch (impl->mode) { - case PLUGIN_MODE_CHECK_RETURNS: + case PLUGIN_MODE_WRAPPED: register_return_obj (impl, (void*) attributes); /* fall through */ - case PLUGIN_MODE_WRAPPED: case PLUGIN_MODE_NOT_ALLOWED: return impl->instance->get_datareader_sec_attributes(impl->instance, permissions_handle, topic_name, partition, data_tag, attributes, ex); @@ -780,10 +761,9 @@ static DDS_Security_boolean return_participant_sec_attributes( struct dds_security_access_control_impl *impl = (struct dds_security_access_control_impl *)instance; switch (impl->mode) { - case PLUGIN_MODE_CHECK_RETURNS: + case PLUGIN_MODE_WRAPPED: unregister_return_obj (impl, (void*) attributes); /* fall through */ - case PLUGIN_MODE_WRAPPED: case PLUGIN_MODE_NOT_ALLOWED: return impl->instance->return_participant_sec_attributes(impl->instance, attributes, ex); @@ -800,10 +780,9 @@ static DDS_Security_boolean return_topic_sec_attributes( struct dds_security_access_control_impl *impl = (struct dds_security_access_control_impl *)instance; switch (impl->mode) { - case PLUGIN_MODE_CHECK_RETURNS: + case PLUGIN_MODE_WRAPPED: unregister_return_obj (impl, (void*) attributes); /* fall through */ - case PLUGIN_MODE_WRAPPED: case PLUGIN_MODE_NOT_ALLOWED: return impl->instance->return_topic_sec_attributes(impl->instance, attributes, ex); @@ -820,10 +799,9 @@ static DDS_Security_boolean return_datawriter_sec_attributes( struct dds_security_access_control_impl *impl = (struct dds_security_access_control_impl *)instance; switch (impl->mode) { - case PLUGIN_MODE_CHECK_RETURNS: + case PLUGIN_MODE_WRAPPED: unregister_return_obj (impl, (void*) attributes); /* fall through */ - case PLUGIN_MODE_WRAPPED: case PLUGIN_MODE_NOT_ALLOWED: return impl->instance->return_datawriter_sec_attributes(impl->instance, attributes, ex); @@ -840,10 +818,9 @@ static DDS_Security_boolean return_datareader_sec_attributes( struct dds_security_access_control_impl *impl = (struct dds_security_access_control_impl *)instance; switch (impl->mode) { - case PLUGIN_MODE_CHECK_RETURNS: + case PLUGIN_MODE_WRAPPED: unregister_return_obj (impl, (void*) attributes); /* fall through */ - case PLUGIN_MODE_WRAPPED: case PLUGIN_MODE_NOT_ALLOWED: return impl->instance->return_datareader_sec_attributes(impl->instance, attributes, ex); @@ -860,9 +837,6 @@ static DDS_Security_boolean return_permissions_handle( struct dds_security_access_control_impl *impl = (struct dds_security_access_control_impl *)instance; switch (impl->mode) { - case PLUGIN_MODE_CHECK_RETURNS: - unregister_return_obj (impl, (void*) permissions_handle); - /* fall through */ case PLUGIN_MODE_WRAPPED: case PLUGIN_MODE_NOT_ALLOWED: return impl->instance->return_permissions_handle(impl->instance, permissions_handle, ex); @@ -947,6 +921,7 @@ int init_test_access_control_wrapped(const char *argument, void **context, struc if (!impl) return DDS_SECURITY_FAILED; impl->mode = PLUGIN_MODE_WRAPPED; + init_returns_log (impl); *context = impl; return DDS_SECURITY_SUCCESS; } @@ -954,8 +929,12 @@ int init_test_access_control_wrapped(const char *argument, void **context, struc int finalize_test_access_control_wrapped(void *context) { struct dds_security_access_control_impl* impl = (struct dds_security_access_control_impl*) context; - assert(impl->mode == PLUGIN_MODE_WRAPPED); - return finalize_test_access_control_common(impl, true); + assert (impl->mode == PLUGIN_MODE_WRAPPED); + bool returns_valid = all_returns_valid (impl); + fini_returns_log (impl); + printf("returns result (impl %p): %s\n", impl, returns_valid ? "all valid" : "invalid"); + CU_ASSERT_FATAL (returns_valid); + return finalize_test_access_control_common (impl, true); } int init_test_access_control_missing_func(const char *argument, void **context, struct ddsi_domaingv *gv) @@ -1004,22 +983,3 @@ int finalize_test_access_control_not_allowed(void *context) assert(impl->mode == PLUGIN_MODE_NOT_ALLOWED); return finalize_test_access_control_common(impl, true); } - -int init_test_access_control_check_returns(const char *argument, void **context, struct ddsi_domaingv *gv) -{ - struct dds_security_access_control_impl *impl = init_test_access_control_common(argument, true, gv); - if (!impl) - return DDS_SECURITY_FAILED; - impl->mode = PLUGIN_MODE_CHECK_RETURNS; - init_returns_log (impl); - *context = impl; - return DDS_SECURITY_SUCCESS; -} - -int finalize_test_access_control_check_returns(void *context) -{ - struct dds_security_access_control_impl* impl = (struct dds_security_access_control_impl*) context; - assert(impl->mode == PLUGIN_MODE_CHECK_RETURNS); - fini_returns_log (impl); - return finalize_test_access_control_common(impl, true); -} diff --git a/src/security/core/tests/common/access_control_wrapper.h b/src/security/core/tests/common/access_control_wrapper.h index 8dc0ecd..a876311 100644 --- a/src/security/core/tests/common/access_control_wrapper.h +++ b/src/security/core/tests/common/access_control_wrapper.h @@ -22,8 +22,6 @@ struct dds_security_access_control_impl; -SECURITY_EXPORT bool check_returns (struct dds_security_access_control_impl * impl); - /* Init in all-ok mode: all functions return success without calling the actual plugin */ SECURITY_EXPORT int init_test_access_control_all_ok(const char *argument, void **context, struct ddsi_domaingv *gv); SECURITY_EXPORT int finalize_test_access_control_all_ok(void *context); @@ -53,9 +51,4 @@ INIT_NOT_ALLOWED_DECL(remote_permissions_not_allowed) SECURITY_EXPORT int finalize_test_access_control_not_allowed(void *context); -/* Init in attribute get and return logging mode */ -SECURITY_EXPORT int init_test_access_control_check_returns(const char *argument, void **context, struct ddsi_domaingv *gv); -SECURITY_EXPORT int finalize_test_access_control_check_returns(void *context); - - #endif /* SECURITY_CORE_TEST_ACCESS_CONTROL_WRAPPER_H_ */ diff --git a/src/security/core/tests/common/cryptography_wrapper.c b/src/security/core/tests/common/cryptography_wrapper.c index ada7591..47d06c7 100644 --- a/src/security/core/tests/common/cryptography_wrapper.c +++ b/src/security/core/tests/common/cryptography_wrapper.c @@ -195,7 +195,7 @@ static void add_tokens (struct ddsrt_circlist *list, enum crypto_tokens_type typ token_data->local_handle = lch; token_data->remote_handle = rch; token_data->n_tokens = tokens->_length; - assert (tokens->_length <= CRYPTO_TOKEN_MAXLEN); + assert (tokens->_length <= CRYPTO_TOKEN_MAXCOUNT); for (uint32_t i = 0; i < tokens->_length; i++) { size_t len = tokens->_buffer[i].binary_properties._buffer[0].value._length; @@ -235,16 +235,14 @@ struct ddsrt_circlist * get_crypto_tokens (struct dds_security_cryptography_impl } struct ddsrt_circlist_elem *elem0 = ddsrt_circlist_oldest (&impl->token_data_list), *elem = elem0; - while (elem != NULL) + do { struct crypto_token_data *elem_data = DDSRT_FROM_CIRCLIST (struct crypto_token_data, e, elem); struct crypto_token_data *token_data = ddsrt_malloc (sizeof (*token_data)); memcpy (token_data, elem_data, sizeof (*token_data)); ddsrt_circlist_append (tokens, &token_data->e); elem = elem->next; - if (elem == elem0) - break; - } + } while (elem != elem0); ddsrt_mutex_unlock (&impl->token_data_lock); return tokens; @@ -260,7 +258,7 @@ struct crypto_token_data * find_crypto_token (struct dds_security_cryptography_i return NULL; } struct ddsrt_circlist_elem *elem0 = ddsrt_circlist_oldest (&impl->token_data_list), *elem = elem0; - while (elem != NULL) + do { struct crypto_token_data *elem_data = DDSRT_FROM_CIRCLIST (struct crypto_token_data, e, elem); if (elem_data->type == type) @@ -277,9 +275,7 @@ struct crypto_token_data * find_crypto_token (struct dds_security_cryptography_i } } elem = elem->next; - if (elem == elem0) - break; - } + } while (elem != elem0); ddsrt_mutex_unlock (&impl->token_data_lock); return NULL; } @@ -290,7 +286,7 @@ static void log_encode_decode (struct dds_security_cryptography_impl * impl, enu if (!ddsrt_circlist_isempty (&impl->encode_decode_log)) { struct ddsrt_circlist_elem *elem0 = ddsrt_circlist_oldest (&impl->encode_decode_log), *elem = elem0; - while (elem != NULL) + do { struct crypto_encode_decode_data *data = DDSRT_FROM_CIRCLIST (struct crypto_encode_decode_data, e, elem); if (data->function == function && data->handle == handle) @@ -300,9 +296,7 @@ static void log_encode_decode (struct dds_security_cryptography_impl * impl, enu return; } elem = elem->next; - if (elem == elem0) - break; - } + } while (elem != elem0); } /* add new entry */ struct crypto_encode_decode_data *new_data = ddsrt_malloc (sizeof (*new_data)); @@ -319,7 +313,7 @@ struct crypto_encode_decode_data * get_encode_decode_log (struct dds_security_cr if (!ddsrt_circlist_isempty (&impl->encode_decode_log)) { struct ddsrt_circlist_elem *elem0 = ddsrt_circlist_oldest (&impl->encode_decode_log), *elem = elem0; - while (elem != NULL) + do { struct crypto_encode_decode_data *data = DDSRT_FROM_CIRCLIST (struct crypto_encode_decode_data, e, elem); if (data->function == function && data->handle == handle) @@ -330,9 +324,7 @@ struct crypto_encode_decode_data * get_encode_decode_log (struct dds_security_cr return result; } elem = elem->next; - if (elem == elem0) - break; - } + } while (elem != elem0); } ddsrt_mutex_unlock (&impl->encode_decode_log_lock); return NULL; diff --git a/src/security/core/tests/common/cryptography_wrapper.h b/src/security/core/tests/common/cryptography_wrapper.h index 98a6658..f466c55 100644 --- a/src/security/core/tests/common/cryptography_wrapper.h +++ b/src/security/core/tests/common/cryptography_wrapper.h @@ -18,7 +18,7 @@ #include "dds/security/dds_security_api_defs.h" #include "dds/security/cryptography_wrapper_export.h" -#define CRYPTO_TOKEN_MAXLEN 10 +#define CRYPTO_TOKEN_MAXCOUNT 10 #define CRYPTO_TOKEN_SIZE 256 struct dds_security_cryptography_impl; @@ -39,8 +39,8 @@ struct crypto_token_data { DDS_Security_ParticipantCryptoHandle local_handle; DDS_Security_ParticipantCryptoHandle remote_handle; uint32_t n_tokens; - unsigned char data[CRYPTO_TOKEN_MAXLEN][CRYPTO_TOKEN_SIZE]; - size_t data_len[CRYPTO_TOKEN_MAXLEN]; + unsigned char data[CRYPTO_TOKEN_MAXCOUNT][CRYPTO_TOKEN_SIZE]; + size_t data_len[CRYPTO_TOKEN_MAXCOUNT]; }; enum crypto_encode_decode_fn {