niklas/cyclonedds
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Refactoring logic in q_omg_security_check_remote_reader_permissions

Browse source 
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
This commit is contained in:
Dennis Potman 2020-04-21 21:43:27 +02:00 committed by eboasson
parent 7e6039763b
commit b86e8ce0d3
1 changed files with 30 additions and 34 deletions
Download patch file Download diff file Expand all files Collapse all files

18
src/core/ddsi/src/ddsi_security_omg.c
View file

@ -2145,7 +2145,7 @@ bool q_omg_security_check_remote_writer_permissions(const struct proxy_writer *p
{ {
if (q_omg_participant_allow_unauthenticated(pp)) if (q_omg_participant_allow_unauthenticated(pp))
{ {
GVTRACE (" allow non-secure remote writer "PGUIDFMT, PGUID (pwr->e.guid)); GVTRACE(" allow non-secure remote writer "PGUIDFMT, PGUID(pwr->e.guid));
return true; return true;
} }
else else
@ -2376,7 +2376,6 @@ bool q_omg_security_check_remote_reader_permissions(const struct proxy_reader *p
DDS_Security_SubscriptionBuiltinTopicDataSecure subscription_data; DDS_Security_SubscriptionBuiltinTopicDataSecure subscription_data;
DDS_Security_TopicBuiltinTopicData topic_data; DDS_Security_TopicBuiltinTopicData topic_data;
DDS_Security_boolean sec_relay_only; DDS_Security_boolean sec_relay_only;
bool result = true;
/* relay_only is meaningless in all cases except the one where the access control plugin says otherwise */ /* relay_only is meaningless in all cases except the one where the access control plugin says otherwise */
*relay_only = false; *relay_only = false;
@ -2388,7 +2387,7 @@ bool q_omg_security_check_remote_reader_permissions(const struct proxy_reader *p
{ {
if (q_omg_participant_allow_unauthenticated(pp)) if (q_omg_participant_allow_unauthenticated(pp))
{ {
GVTRACE (" allow non-secure remote reader "PGUIDFMT, PGUID (prd->e.guid)); GVTRACE(" allow non-secure remote reader "PGUIDFMT, PGUID(prd->e.guid));
return true; return true;
} }
else else
@ -2398,19 +2397,18 @@ bool q_omg_security_check_remote_reader_permissions(const struct proxy_reader *p
} }
} }
if (SECURITY_INFO_IS_READ_PROTECTED(prd->c.security_info)) if (!SECURITY_INFO_IS_READ_PROTECTED(prd->c.security_info))
{ return true;
DDS_Security_PermissionsHandle permissions_handle;
DDS_Security_PermissionsHandle permissions_handle;
if ((permissions_handle = get_permissions_handle(pp, prd->c.proxypp)) == 0) if ((permissions_handle = get_permissions_handle(pp, prd->c.proxypp)) == 0)
{ {
GVTRACE("Secure remote reader "PGUIDFMT" proxypp does not have permissions handle yet\n", PGUID(prd->e.guid)); GVTRACE("Secure remote reader "PGUIDFMT" proxypp does not have permissions handle yet\n", PGUID(prd->e.guid));
return false; return false;
} }
else
{
q_omg_shallow_copy_SubscriptionBuiltinTopicDataSecure(&subscription_data, &prd->e.guid, prd->c.xqos, &prd->c.security_info); q_omg_shallow_copy_SubscriptionBuiltinTopicDataSecure(&subscription_data, &prd->e.guid, prd->c.xqos, &prd->c.security_info);
result = sc->access_control_context->check_remote_datareader(sc->access_control_context, permissions_handle, (int)domain_id, &subscription_data, &sec_relay_only, &exception); bool result = sc->access_control_context->check_remote_datareader(sc->access_control_context, permissions_handle, (int)domain_id, &subscription_data, &sec_relay_only, &exception);
if (!result) if (!result)
{ {
if (!is_topic_discovery_protected(pp->sec_attr->permissions_handle, sc->access_control_context, subscription_data.topic_name)) if (!is_topic_discovery_protected(pp->sec_attr->permissions_handle, sc->access_control_context, subscription_data.topic_name))
@ -2433,8 +2431,6 @@ bool q_omg_security_check_remote_reader_permissions(const struct proxy_reader *p
} }
} }
q_omg_shallow_free_SubscriptionBuiltinTopicDataSecure(&subscription_data); q_omg_shallow_free_SubscriptionBuiltinTopicDataSecure(&subscription_data);
}
}
return result; return result;
} }