niklas/cyclonedds
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Processed review comments: added missing return topic_sec_attr in function is_topic_discovery_protected, moved returns-logging in access plugin to wrapper mode and removed specific test for this (as it will be tested in other access control tests now). Some cleanup in circular list usage in crypto and access control plugins

Browse source 
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
This commit is contained in:
Dennis Potman 2020-05-14 21:27:29 +02:00 committed by eboasson
parent 32bba389c8
commit a151c5f184
6 changed files with 72 additions and 165 deletions
Download patch file Download diff file Expand all files Collapse all files

10
src/core/ddsi/src/ddsi_security_omg.c
View file

@ -1401,12 +1401,18 @@ static bool is_topic_discovery_protected(DDS_Security_PermissionsHandle permissi
{
DDS_Security_TopicSecurityAttributes attributes = {0,0,0,0};
DDS_Security_SecurityException exception = DDS_SECURITY_EXCEPTION_INIT;
bool result = false;
if (access_control->get_topic_sec_attributes(access_control, permission_handle, topic_name, &attributes, &exception))
return attributes.is_discovery_protected;
{
result = attributes.is_discovery_protected;
access_control->return_topic_sec_attributes(access_control, &attributes, &exception);
}
else
{
DDS_Security_Exception_reset(&exception);
return false;
}
return result;
}
static void handle_not_allowed(

44
src/security/core/tests/access_control.c
View file

@ -837,50 +837,6 @@ CU_Test(ddssec_access_control, readwrite_protection, .timeout=60)
}
}
/* Test that all attributes and token retrieved from the access control plugin
are correctly returned. */
CU_Test(ddssec_access_control, check_returns)
{
char topic_name[100];
create_topic_name ("ddssec_access_control_", g_topic_nr++, topic_name, sizeof (topic_name));
char *ca, *id1, *id2, *id1_subj, *id2_subj;
ca = generate_ca ("ca1", TEST_IDENTITY_CA1_PRIVATE_KEY, 0, 3600);
id1 = generate_identity (ca, TEST_IDENTITY_CA1_PRIVATE_KEY, "id1", TEST_IDENTITY1_PRIVATE_KEY, 0, 3600, &id1_subj);
id2 = generate_identity (ca, TEST_IDENTITY_CA1_PRIVATE_KEY, "id2", TEST_IDENTITY1_PRIVATE_KEY, 0, 3600, &id2_subj);
char * grants[] = {
get_permissions_default_grant ("id1", id1_subj, topic_name),
get_permissions_default_grant ("id2", id2_subj, topic_name) };
char * perm_config = get_permissions_config (grants, 2, true);
char * gov_topic_rule = get_governance_topic_rule (NULL, true, true, true, true, PK_E, BPK_E);
char * gov_config = get_governance_config (false, true, PK_E, PK_E, PK_E, gov_topic_rule, true);
const char * def_perm_ca = PF_F COMMON_ETC_PATH("default_permissions_ca.pem");
access_control_init (
2,
(const char *[]) { id1, id2 },
(const char *[]) { TEST_IDENTITY1_PRIVATE_KEY, TEST_IDENTITY1_PRIVATE_KEY },
(const char *[]) { ca, ca },
(bool []) { false, false },
(const char *[]) { "init_test_access_control_check_returns", "init_test_access_control_wrapped" },
(const char *[]) { "finalize_test_access_control_check_returns", "finalize_test_access_control_wrapped" },
(bool []) { true, true }, (const char *[]) { gov_config, gov_config },
(bool []) { true, true }, (const char *[]) { perm_config, perm_config },
(bool []) { true, true }, (const char *[]) { def_perm_ca, def_perm_ca });
dds_entity_t pub, sub, pub_tp, sub_tp, wr, rd;
rd_wr_init (g_participant[0], &pub, &pub_tp, &wr, g_participant[1], &sub, &sub_tp, &rd, topic_name);
sync_writer_to_readers (g_participant[0], wr, 1, DDS_SECS (1));
sync_reader_to_writers (g_participant[1], rd, 1, DDS_SECS (1));
struct dds_security_access_control_impl * ac_context = get_access_control_context (g_participant[0]);
CU_ASSERT_FATAL (check_returns (ac_context));
access_control_fini (2, (void * []) { gov_config, gov_topic_rule, grants[0], grants[1], perm_config, ca, id1_subj, id2_subj, id1, id2 }, 10);
}
/* Check that communication for a topic that is allowed in the permissions config
keeps working in case the publisher also creates a writer for a non-allowed topic */
CU_Test(ddssec_access_control, denied_topic)

144
src/security/core/tests/common/access_control_wrapper.c
View file

@ -11,6 +11,7 @@
*/
#include <string.h>
#include <stdio.h>
#include "CUnit/Test.h"
#include "dds/dds.h"
#include "dds/ddsrt/circlist.h"
#include "dds/ddsrt/heap.h"
@ -29,7 +30,6 @@ enum ac_plugin_mode {
PLUGIN_MODE_WRAPPED,
PLUGIN_MODE_NOT_ALLOWED,
PLUGIN_MODE_MISSING_FUNC,
PLUGIN_MODE_CHECK_RETURNS,
};
enum ac_plugin_not_allowed {
@ -83,6 +83,7 @@ static void init_returns_log(struct dds_security_access_control_impl *impl)
{
ddsrt_mutex_init (&impl->returns_log_lock);
ddsrt_circlist_init (&impl->returns_log);
impl->invalid_return = false;
}
static void fini_returns_log(struct dds_security_access_control_impl *impl)
@ -100,46 +101,55 @@ static void fini_returns_log(struct dds_security_access_control_impl *impl)
static void register_return_obj (struct dds_security_access_control_impl * impl, void * obj)
{
assert(impl->mode == PLUGIN_MODE_CHECK_RETURNS);
assert(impl->mode == PLUGIN_MODE_WRAPPED);
ddsrt_mutex_lock (&impl->returns_log_lock);
struct returns_log_data * attr_data = ddsrt_malloc (sizeof (*attr_data));
attr_data->obj = obj;
ddsrt_circlist_append(&impl->returns_log, &attr_data->e);
printf("log obj %p\n", obj);
ddsrt_mutex_unlock (&impl->returns_log_lock);
}
static struct ddsrt_circlist_elem *find_return_obj_data (struct dds_security_access_control_impl * impl, void * obj)
{
struct ddsrt_circlist_elem *elem0 = ddsrt_circlist_oldest (&impl->returns_log), *elem = elem0;
if (elem != NULL)
{
do
{
struct returns_log_data *data = DDSRT_FROM_CIRCLIST (struct returns_log_data, e, elem);
if (data->obj == obj)
return elem;
elem = elem->next;
} while (elem != elem0);
}
return NULL;
}
static void unregister_return_obj (struct dds_security_access_control_impl * impl, void * obj)
{
assert(impl->mode == PLUGIN_MODE_CHECK_RETURNS);
struct ddsrt_circlist_elem *elem;
assert(impl->mode == PLUGIN_MODE_WRAPPED);
ddsrt_mutex_lock (&impl->returns_log_lock);
struct ddsrt_circlist_elem *elem0 = ddsrt_circlist_oldest (&impl->returns_log), *elem = elem0;
while (elem != NULL)
if ((elem = find_return_obj_data (impl, obj)) != NULL)
{
struct returns_log_data *data = DDSRT_FROM_CIRCLIST (struct returns_log_data, e, elem);
if (data->obj == obj)
{
ddsrt_circlist_remove (&impl->returns_log, elem);
ddsrt_mutex_unlock (&impl->returns_log_lock);
ddsrt_free (elem);
printf("return obj %p\n", obj);
return;
}
elem = elem->next;
if (elem == elem0)
break;
ddsrt_circlist_remove (&impl->returns_log, elem);
ddsrt_free (elem);
}
else
{
impl->invalid_return = true;
printf ("invalid return %p\n", obj);
}
impl->invalid_return = true;
ddsrt_mutex_unlock (&impl->returns_log_lock);
}
bool check_returns (struct dds_security_access_control_impl * impl)
static bool all_returns_valid (struct dds_security_access_control_impl * impl)
{
assert(impl->mode == PLUGIN_MODE_CHECK_RETURNS);
assert(impl->mode == PLUGIN_MODE_WRAPPED);
ddsrt_mutex_lock (&impl->returns_log_lock);
bool result = impl->invalid_return || !ddsrt_circlist_isempty (&impl->returns_log);
bool valid = !impl->invalid_return && ddsrt_circlist_isempty (&impl->returns_log);
ddsrt_mutex_unlock (&impl->returns_log_lock);
return result;
return valid;
}
static DDS_Security_PermissionsHandle validate_local_permissions(
@ -162,11 +172,8 @@ static DDS_Security_PermissionsHandle validate_local_permissions(
}
/* fall through */
case PLUGIN_MODE_WRAPPED:
case PLUGIN_MODE_CHECK_RETURNS:
{
DDS_Security_PermissionsHandle handle = impl->instance->validate_local_permissions(impl->instance, auth_plugin, identity, domain_id, participant_qos, ex);
if (impl->mode == PLUGIN_MODE_CHECK_RETURNS)
register_return_obj (impl, (void *) handle);
return handle;
}
@ -196,12 +203,9 @@ static DDS_Security_PermissionsHandle validate_remote_permissions(
}
/* fall through */
case PLUGIN_MODE_WRAPPED:
case PLUGIN_MODE_CHECK_RETURNS:
{
DDS_Security_PermissionsHandle handle = impl->instance->validate_remote_permissions(impl->instance, auth_plugin, local_identity_handle, remote_identity_handle,
remote_permissions_token, remote_credential_token, ex);
if (impl->mode == PLUGIN_MODE_CHECK_RETURNS)
register_return_obj (impl, (void *) handle);
return handle;
}
@ -229,7 +233,6 @@ static DDS_Security_boolean check_create_participant(
}
/* fall through */
case PLUGIN_MODE_WRAPPED:
case PLUGIN_MODE_CHECK_RETURNS:
return impl->instance->check_create_participant(impl->instance, permissions_handle, domain_id, participant_qos, ex);
default:
@ -262,7 +265,6 @@ static DDS_Security_boolean check_create_datawriter(
}
/* fall through */
case PLUGIN_MODE_WRAPPED:
case PLUGIN_MODE_CHECK_RETURNS:
return impl->instance->check_create_datawriter(impl->instance, permissions_handle, domain_id, topic_name, writer_qos, partition, data_tag, ex);
default:
@ -292,7 +294,6 @@ static DDS_Security_boolean check_create_datareader(
}
/* fall through */
case PLUGIN_MODE_WRAPPED:
case PLUGIN_MODE_CHECK_RETURNS:
return impl->instance->check_create_datareader(impl->instance, permissions_handle, domain_id, topic_name, reader_qos, partition, data_tag, ex);
default:
@ -320,7 +321,6 @@ static DDS_Security_boolean check_create_topic(
}
/* fall through */
case PLUGIN_MODE_WRAPPED:
case PLUGIN_MODE_CHECK_RETURNS:
return impl->instance->check_create_topic(impl->instance, permissions_handle, domain_id, topic_name, qos, ex);
default:
@ -340,7 +340,6 @@ static DDS_Security_boolean check_local_datawriter_register_instance(
{
case PLUGIN_MODE_WRAPPED:
case PLUGIN_MODE_NOT_ALLOWED:
case PLUGIN_MODE_CHECK_RETURNS:
return impl->instance->check_local_datawriter_register_instance(impl->instance, permissions_handle, writer, key, ex);
default:
@ -360,7 +359,6 @@ static DDS_Security_boolean check_local_datawriter_dispose_instance(
{
case PLUGIN_MODE_WRAPPED:
case PLUGIN_MODE_NOT_ALLOWED:
case PLUGIN_MODE_CHECK_RETURNS:
return impl->instance->check_local_datawriter_dispose_instance(impl->instance, permissions_handle, writer, key, ex);
default:
@ -387,7 +385,6 @@ static DDS_Security_boolean check_remote_participant(
}
/* fall through */
case PLUGIN_MODE_WRAPPED:
case PLUGIN_MODE_CHECK_RETURNS:
return impl->instance->check_remote_participant(impl->instance, permissions_handle, domain_id, participant_data, ex);
default:
@ -414,7 +411,6 @@ static DDS_Security_boolean check_remote_datawriter(
}
/* fall through */
case PLUGIN_MODE_WRAPPED:
case PLUGIN_MODE_CHECK_RETURNS:
return impl->instance->check_remote_datawriter(impl->instance, permissions_handle, domain_id, publication_data, ex);
default:
@ -445,7 +441,6 @@ static DDS_Security_boolean check_remote_datareader(
}
/* fall through */
case PLUGIN_MODE_WRAPPED:
case PLUGIN_MODE_CHECK_RETURNS:
{
bool ret;
if ((ret = impl->instance->check_remote_datareader(impl->instance, permissions_handle, domain_id, subscription_data, relay_only, ex)))
@ -485,7 +480,6 @@ static DDS_Security_boolean check_remote_topic(
}
/* fall through */
case PLUGIN_MODE_WRAPPED:
case PLUGIN_MODE_CHECK_RETURNS:
return impl->instance->check_remote_topic(impl->instance, permissions_handle, domain_id, topic_data, ex);
default:
@ -506,7 +500,6 @@ static DDS_Security_boolean check_local_datawriter_match(
{
case PLUGIN_MODE_WRAPPED:
case PLUGIN_MODE_NOT_ALLOWED:
case PLUGIN_MODE_CHECK_RETURNS:
return impl->instance->check_local_datawriter_match(impl->instance, writer_permissions_handle, reader_permissions_handle, publication_data, subscription_data, ex);
default:
@ -527,7 +520,6 @@ static DDS_Security_boolean check_local_datareader_match(
{
case PLUGIN_MODE_WRAPPED:
case PLUGIN_MODE_NOT_ALLOWED:
case PLUGIN_MODE_CHECK_RETURNS:
return impl->instance->check_local_datareader_match(impl->instance, reader_permissions_handle, writer_permissions_handle, subscription_data, publication_data, ex);
default:
@ -549,7 +541,6 @@ static DDS_Security_boolean check_remote_datawriter_register_instance(
{
case PLUGIN_MODE_WRAPPED:
case PLUGIN_MODE_NOT_ALLOWED:
case PLUGIN_MODE_CHECK_RETURNS:
return impl->instance->check_remote_datawriter_register_instance(impl->instance, permissions_handle, reader, publication_handle, key, instance_handle, ex);
default:
@ -570,7 +561,6 @@ static DDS_Security_boolean check_remote_datawriter_dispose_instance(
{
case PLUGIN_MODE_WRAPPED:
case PLUGIN_MODE_NOT_ALLOWED:
case PLUGIN_MODE_CHECK_RETURNS:
return impl->instance->check_remote_datawriter_dispose_instance(impl->instance, permissions_handle, reader, publication_handle, key, ex);
default:
@ -587,10 +577,9 @@ static DDS_Security_boolean get_permissions_token(
struct dds_security_access_control_impl *impl = (struct dds_security_access_control_impl *)instance;
switch (impl->mode)
{
case PLUGIN_MODE_CHECK_RETURNS:
case PLUGIN_MODE_WRAPPED:
register_return_obj (impl, (void*) permissions_token);
/* fall through */
case PLUGIN_MODE_WRAPPED:
case PLUGIN_MODE_NOT_ALLOWED:
return impl->instance->get_permissions_token(impl->instance, permissions_token, handle, ex);
@ -610,10 +599,9 @@ static DDS_Security_boolean get_permissions_credential_token(
struct dds_security_access_control_impl *impl = (struct dds_security_access_control_impl *)instance;
switch (impl->mode)
{
case PLUGIN_MODE_CHECK_RETURNS:
case PLUGIN_MODE_WRAPPED:
register_return_obj (impl, (void*) permissions_credential_token);
/* fall through */
case PLUGIN_MODE_WRAPPED:
case PLUGIN_MODE_NOT_ALLOWED:
return impl->instance->get_permissions_credential_token(impl->instance, permissions_credential_token, handle, ex);
@ -632,7 +620,6 @@ static DDS_Security_boolean set_listener(
{
case PLUGIN_MODE_WRAPPED:
case PLUGIN_MODE_NOT_ALLOWED:
case PLUGIN_MODE_CHECK_RETURNS:
return impl->instance->set_listener (impl->instance, listener, ex);
default:
@ -648,10 +635,9 @@ static DDS_Security_boolean return_permissions_token(
struct dds_security_access_control_impl *impl = (struct dds_security_access_control_impl *)instance;
switch (impl->mode)
{
case PLUGIN_MODE_CHECK_RETURNS:
case PLUGIN_MODE_WRAPPED:
unregister_return_obj (impl, (void*) token);
/* fall through */
case PLUGIN_MODE_WRAPPED:
case PLUGIN_MODE_NOT_ALLOWED:
return impl->instance->return_permissions_token (impl->instance, token, ex);
@ -669,10 +655,9 @@ static DDS_Security_boolean return_permissions_credential_token(
struct dds_security_access_control_impl *impl = (struct dds_security_access_control_impl *)instance;
switch (impl->mode)
{
case PLUGIN_MODE_CHECK_RETURNS:
case PLUGIN_MODE_WRAPPED:
unregister_return_obj (impl, (void*) permissions_credential_token);
/* fall through */
case PLUGIN_MODE_WRAPPED:
case PLUGIN_MODE_NOT_ALLOWED:
return impl->instance->return_permissions_credential_token(impl->instance, permissions_credential_token, ex);
@ -690,10 +675,9 @@ static DDS_Security_boolean get_participant_sec_attributes(
struct dds_security_access_control_impl *impl = (struct dds_security_access_control_impl *)instance;
switch (impl->mode)
{
case PLUGIN_MODE_CHECK_RETURNS:
case PLUGIN_MODE_WRAPPED:
register_return_obj (impl, (void*) attributes);
/* fall through */
case PLUGIN_MODE_WRAPPED:
case PLUGIN_MODE_NOT_ALLOWED:
return impl->instance->get_participant_sec_attributes(impl->instance, permissions_handle, attributes, ex);
@ -712,10 +696,9 @@ static DDS_Security_boolean get_topic_sec_attributes(
struct dds_security_access_control_impl *impl = (struct dds_security_access_control_impl *)instance;
switch (impl->mode)
{
case PLUGIN_MODE_CHECK_RETURNS:
case PLUGIN_MODE_WRAPPED:
register_return_obj (impl, (void*) attributes);
/* fall through */
case PLUGIN_MODE_WRAPPED:
case PLUGIN_MODE_NOT_ALLOWED:
return impl->instance->get_topic_sec_attributes(impl->instance, permissions_handle, topic_name, attributes, ex);
@ -736,10 +719,9 @@ static DDS_Security_boolean get_datawriter_sec_attributes(
struct dds_security_access_control_impl *impl = (struct dds_security_access_control_impl *)instance;
switch (impl->mode)
{
case PLUGIN_MODE_CHECK_RETURNS:
case PLUGIN_MODE_WRAPPED:
register_return_obj (impl, (void*) attributes);
/* fall through */
case PLUGIN_MODE_WRAPPED:
case PLUGIN_MODE_NOT_ALLOWED:
return impl->instance->get_datawriter_sec_attributes(impl->instance, permissions_handle, topic_name, partition, data_tag, attributes, ex);
@ -760,10 +742,9 @@ static DDS_Security_boolean get_datareader_sec_attributes(
struct dds_security_access_control_impl *impl = (struct dds_security_access_control_impl *)instance;
switch (impl->mode)
{
case PLUGIN_MODE_CHECK_RETURNS:
case PLUGIN_MODE_WRAPPED:
register_return_obj (impl, (void*) attributes);
/* fall through */
case PLUGIN_MODE_WRAPPED:
case PLUGIN_MODE_NOT_ALLOWED:
return impl->instance->get_datareader_sec_attributes(impl->instance, permissions_handle, topic_name, partition, data_tag, attributes, ex);
@ -780,10 +761,9 @@ static DDS_Security_boolean return_participant_sec_attributes(
struct dds_security_access_control_impl *impl = (struct dds_security_access_control_impl *)instance;
switch (impl->mode)
{
case PLUGIN_MODE_CHECK_RETURNS:
case PLUGIN_MODE_WRAPPED:
unregister_return_obj (impl, (void*) attributes);
/* fall through */
case PLUGIN_MODE_WRAPPED:
case PLUGIN_MODE_NOT_ALLOWED:
return impl->instance->return_participant_sec_attributes(impl->instance, attributes, ex);
@ -800,10 +780,9 @@ static DDS_Security_boolean return_topic_sec_attributes(
struct dds_security_access_control_impl *impl = (struct dds_security_access_control_impl *)instance;
switch (impl->mode)
{
case PLUGIN_MODE_CHECK_RETURNS:
case PLUGIN_MODE_WRAPPED:
unregister_return_obj (impl, (void*) attributes);
/* fall through */
case PLUGIN_MODE_WRAPPED:
case PLUGIN_MODE_NOT_ALLOWED:
return impl->instance->return_topic_sec_attributes(impl->instance, attributes, ex);
@ -820,10 +799,9 @@ static DDS_Security_boolean return_datawriter_sec_attributes(
struct dds_security_access_control_impl *impl = (struct dds_security_access_control_impl *)instance;
switch (impl->mode)
{
case PLUGIN_MODE_CHECK_RETURNS:
case PLUGIN_MODE_WRAPPED:
unregister_return_obj (impl, (void*) attributes);
/* fall through */
case PLUGIN_MODE_WRAPPED:
case PLUGIN_MODE_NOT_ALLOWED:
return impl->instance->return_datawriter_sec_attributes(impl->instance, attributes, ex);
@ -840,10 +818,9 @@ static DDS_Security_boolean return_datareader_sec_attributes(
struct dds_security_access_control_impl *impl = (struct dds_security_access_control_impl *)instance;
switch (impl->mode)
{
case PLUGIN_MODE_CHECK_RETURNS:
case PLUGIN_MODE_WRAPPED:
unregister_return_obj (impl, (void*) attributes);
/* fall through */
case PLUGIN_MODE_WRAPPED:
case PLUGIN_MODE_NOT_ALLOWED:
return impl->instance->return_datareader_sec_attributes(impl->instance, attributes, ex);
@ -860,9 +837,6 @@ static DDS_Security_boolean return_permissions_handle(
struct dds_security_access_control_impl *impl = (struct dds_security_access_control_impl *)instance;
switch (impl->mode)
{
case PLUGIN_MODE_CHECK_RETURNS:
unregister_return_obj (impl, (void*) permissions_handle);
/* fall through */
case PLUGIN_MODE_WRAPPED:
case PLUGIN_MODE_NOT_ALLOWED:
return impl->instance->return_permissions_handle(impl->instance, permissions_handle, ex);
@ -947,6 +921,7 @@ int init_test_access_control_wrapped(const char *argument, void **context, struc
if (!impl)
return DDS_SECURITY_FAILED;
impl->mode = PLUGIN_MODE_WRAPPED;
init_returns_log (impl);
*context = impl;
return DDS_SECURITY_SUCCESS;
}
@ -954,8 +929,12 @@ int init_test_access_control_wrapped(const char *argument, void **context, struc
int finalize_test_access_control_wrapped(void *context)
{
struct dds_security_access_control_impl* impl = (struct dds_security_access_control_impl*) context;
assert(impl->mode == PLUGIN_MODE_WRAPPED);
return finalize_test_access_control_common(impl, true);
assert (impl->mode == PLUGIN_MODE_WRAPPED);
bool returns_valid = all_returns_valid (impl);
fini_returns_log (impl);
printf("returns result (impl %p): %s\n", impl, returns_valid ? "all valid" : "invalid");
CU_ASSERT_FATAL (returns_valid);
return finalize_test_access_control_common (impl, true);
}
int init_test_access_control_missing_func(const char *argument, void **context, struct ddsi_domaingv *gv)
@ -1004,22 +983,3 @@ int finalize_test_access_control_not_allowed(void *context)
assert(impl->mode == PLUGIN_MODE_NOT_ALLOWED);
return finalize_test_access_control_common(impl, true);
}
int init_test_access_control_check_returns(const char *argument, void **context, struct ddsi_domaingv *gv)
{
struct dds_security_access_control_impl *impl = init_test_access_control_common(argument, true, gv);
if (!impl)
return DDS_SECURITY_FAILED;
impl->mode = PLUGIN_MODE_CHECK_RETURNS;
init_returns_log (impl);
*context = impl;
return DDS_SECURITY_SUCCESS;
}
int finalize_test_access_control_check_returns(void *context)
{
struct dds_security_access_control_impl* impl = (struct dds_security_access_control_impl*) context;
assert(impl->mode == PLUGIN_MODE_CHECK_RETURNS);
fini_returns_log (impl);
return finalize_test_access_control_common(impl, true);
}

7
src/security/core/tests/common/access_control_wrapper.h
View file

@ -22,8 +22,6 @@
struct dds_security_access_control_impl;
SECURITY_EXPORT bool check_returns (struct dds_security_access_control_impl * impl);
/* Init in all-ok mode: all functions return success without calling the actual plugin */
SECURITY_EXPORT int init_test_access_control_all_ok(const char *argument, void **context, struct ddsi_domaingv *gv);
SECURITY_EXPORT int finalize_test_access_control_all_ok(void *context);
@ -53,9 +51,4 @@ INIT_NOT_ALLOWED_DECL(remote_permissions_not_allowed)
SECURITY_EXPORT int finalize_test_access_control_not_allowed(void *context);
/* Init in attribute get and return logging mode */
SECURITY_EXPORT int init_test_access_control_check_returns(const char *argument, void **context, struct ddsi_domaingv *gv);
SECURITY_EXPORT int finalize_test_access_control_check_returns(void *context);
#endif /* SECURITY_CORE_TEST_ACCESS_CONTROL_WRAPPER_H_ */

26
src/security/core/tests/common/cryptography_wrapper.c
View file

@ -195,7 +195,7 @@ static void add_tokens (struct ddsrt_circlist *list, enum crypto_tokens_type typ
token_data->local_handle = lch;
token_data->remote_handle = rch;
token_data->n_tokens = tokens->_length;
assert (tokens->_length <= CRYPTO_TOKEN_MAXLEN);
assert (tokens->_length <= CRYPTO_TOKEN_MAXCOUNT);
for (uint32_t i = 0; i < tokens->_length; i++)
{
size_t len = tokens->_buffer[i].binary_properties._buffer[0].value._length;
@ -235,16 +235,14 @@ struct ddsrt_circlist * get_crypto_tokens (struct dds_security_cryptography_impl
}
struct ddsrt_circlist_elem *elem0 = ddsrt_circlist_oldest (&impl->token_data_list), *elem = elem0;
while (elem != NULL)
do
{
struct crypto_token_data *elem_data = DDSRT_FROM_CIRCLIST (struct crypto_token_data, e, elem);
struct crypto_token_data *token_data = ddsrt_malloc (sizeof (*token_data));
memcpy (token_data, elem_data, sizeof (*token_data));
ddsrt_circlist_append (tokens, &token_data->e);
elem = elem->next;
if (elem == elem0)
break;
}
} while (elem != elem0);
ddsrt_mutex_unlock (&impl->token_data_lock);
return tokens;
@ -260,7 +258,7 @@ struct crypto_token_data * find_crypto_token (struct dds_security_cryptography_i
return NULL;
}
struct ddsrt_circlist_elem *elem0 = ddsrt_circlist_oldest (&impl->token_data_list), *elem = elem0;
while (elem != NULL)
do
{
struct crypto_token_data *elem_data = DDSRT_FROM_CIRCLIST (struct crypto_token_data, e, elem);
if (elem_data->type == type)
@ -277,9 +275,7 @@ struct crypto_token_data * find_crypto_token (struct dds_security_cryptography_i
}
}
elem = elem->next;
if (elem == elem0)
break;
}
} while (elem != elem0);
ddsrt_mutex_unlock (&impl->token_data_lock);
return NULL;
}
@ -290,7 +286,7 @@ static void log_encode_decode (struct dds_security_cryptography_impl * impl, enu
if (!ddsrt_circlist_isempty (&impl->encode_decode_log))
{
struct ddsrt_circlist_elem *elem0 = ddsrt_circlist_oldest (&impl->encode_decode_log), *elem = elem0;
while (elem != NULL)
do
{
struct crypto_encode_decode_data *data = DDSRT_FROM_CIRCLIST (struct crypto_encode_decode_data, e, elem);
if (data->function == function && data->handle == handle)
@ -300,9 +296,7 @@ static void log_encode_decode (struct dds_security_cryptography_impl * impl, enu
return;
}
elem = elem->next;
if (elem == elem0)
break;
}
} while (elem != elem0);
}
/* add new entry */
struct crypto_encode_decode_data *new_data = ddsrt_malloc (sizeof (*new_data));
@ -319,7 +313,7 @@ struct crypto_encode_decode_data * get_encode_decode_log (struct dds_security_cr
if (!ddsrt_circlist_isempty (&impl->encode_decode_log))
{
struct ddsrt_circlist_elem *elem0 = ddsrt_circlist_oldest (&impl->encode_decode_log), *elem = elem0;
while (elem != NULL)
do
{
struct crypto_encode_decode_data *data = DDSRT_FROM_CIRCLIST (struct crypto_encode_decode_data, e, elem);
if (data->function == function && data->handle == handle)
@ -330,9 +324,7 @@ struct crypto_encode_decode_data * get_encode_decode_log (struct dds_security_cr
return result;
}
elem = elem->next;
if (elem == elem0)
break;
}
} while (elem != elem0);
}
ddsrt_mutex_unlock (&impl->encode_decode_log_lock);
return NULL;

6
src/security/core/tests/common/cryptography_wrapper.h
View file

@ -18,7 +18,7 @@
#include "dds/security/dds_security_api_defs.h"
#include "dds/security/cryptography_wrapper_export.h"
#define CRYPTO_TOKEN_MAXLEN 10
#define CRYPTO_TOKEN_MAXCOUNT 10
#define CRYPTO_TOKEN_SIZE 256
struct dds_security_cryptography_impl;
@ -39,8 +39,8 @@ struct crypto_token_data {
DDS_Security_ParticipantCryptoHandle local_handle;
DDS_Security_ParticipantCryptoHandle remote_handle;
uint32_t n_tokens;
unsigned char data[CRYPTO_TOKEN_MAXLEN][CRYPTO_TOKEN_SIZE];
size_t data_len[CRYPTO_TOKEN_MAXLEN];
unsigned char data[CRYPTO_TOKEN_MAXCOUNT][CRYPTO_TOKEN_SIZE];
size_t data_len[CRYPTO_TOKEN_MAXCOUNT];
};
enum crypto_encode_decode_fn {