niklas/cyclonedds
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Processed review comments: added missing return topic_sec_attr in function is_topic_discovery_protected, moved returns-logging in access plugin to wrapper mode and removed specific test for this (as it will be tested in other access control tests now). Some cleanup in circular list usage in crypto and access control plugins

Browse source 
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
This commit is contained in:
Dennis Potman 2020-05-14 21:27:29 +02:00 committed by eboasson
parent 32bba389c8
commit a151c5f184
6 changed files with 72 additions and 165 deletions
Download patch file Download diff file Expand all files Collapse all files

44
src/security/core/tests/access_control.c
View file

@ -837,50 +837,6 @@ CU_Test(ddssec_access_control, readwrite_protection, .timeout=60)
}
}
/* Test that all attributes and token retrieved from the access control plugin
are correctly returned. */
CU_Test(ddssec_access_control, check_returns)
{
char topic_name[100];
create_topic_name ("ddssec_access_control_", g_topic_nr++, topic_name, sizeof (topic_name));
char *ca, *id1, *id2, *id1_subj, *id2_subj;
ca = generate_ca ("ca1", TEST_IDENTITY_CA1_PRIVATE_KEY, 0, 3600);
id1 = generate_identity (ca, TEST_IDENTITY_CA1_PRIVATE_KEY, "id1", TEST_IDENTITY1_PRIVATE_KEY, 0, 3600, &id1_subj);
id2 = generate_identity (ca, TEST_IDENTITY_CA1_PRIVATE_KEY, "id2", TEST_IDENTITY1_PRIVATE_KEY, 0, 3600, &id2_subj);
char * grants[] = {
get_permissions_default_grant ("id1", id1_subj, topic_name),
get_permissions_default_grant ("id2", id2_subj, topic_name) };
char * perm_config = get_permissions_config (grants, 2, true);
char * gov_topic_rule = get_governance_topic_rule (NULL, true, true, true, true, PK_E, BPK_E);
char * gov_config = get_governance_config (false, true, PK_E, PK_E, PK_E, gov_topic_rule, true);
const char * def_perm_ca = PF_F COMMON_ETC_PATH("default_permissions_ca.pem");
access_control_init (
2,
(const char *[]) { id1, id2 },
(const char *[]) { TEST_IDENTITY1_PRIVATE_KEY, TEST_IDENTITY1_PRIVATE_KEY },
(const char *[]) { ca, ca },
(bool []) { false, false },
(const char *[]) { "init_test_access_control_check_returns", "init_test_access_control_wrapped" },
(const char *[]) { "finalize_test_access_control_check_returns", "finalize_test_access_control_wrapped" },
(bool []) { true, true }, (const char *[]) { gov_config, gov_config },
(bool []) { true, true }, (const char *[]) { perm_config, perm_config },
(bool []) { true, true }, (const char *[]) { def_perm_ca, def_perm_ca });
dds_entity_t pub, sub, pub_tp, sub_tp, wr, rd;
rd_wr_init (g_participant[0], &pub, &pub_tp, &wr, g_participant[1], &sub, &sub_tp, &rd, topic_name);
sync_writer_to_readers (g_participant[0], wr, 1, DDS_SECS (1));
sync_reader_to_writers (g_participant[1], rd, 1, DDS_SECS (1));
struct dds_security_access_control_impl * ac_context = get_access_control_context (g_participant[0]);
CU_ASSERT_FATAL (check_returns (ac_context));
access_control_fini (2, (void * []) { gov_config, gov_topic_rule, grants[0], grants[1], perm_config, ca, id1_subj, id2_subj, id1, id2 }, 10);
}
/* Check that communication for a topic that is allowed in the permissions config
keeps working in case the publisher also creates a writer for a non-allowed topic */
CU_Test(ddssec_access_control, denied_topic)