diff --git a/src/core/ddsi/include/dds/ddsi/ddsi_security_omg.h b/src/core/ddsi/include/dds/ddsi/ddsi_security_omg.h index ff81274..f87629a 100644 --- a/src/core/ddsi/include/dds/ddsi/ddsi_security_omg.h +++ b/src/core/ddsi/include/dds/ddsi/ddsi_security_omg.h @@ -1092,7 +1092,7 @@ secure_conn_write( * @retval DDS_RETCODE_OK All plugins are successfully loaded * @retval DDS_RETCODE_ERROR One or more security plugins are not loaded. */ -dds_return_t q_omg_security_load( struct dds_security_context *security_context, const dds_qos_t *qos ); +dds_return_t q_omg_security_load( struct dds_security_context *security_context, const dds_qos_t *qos, struct ddsi_domaingv *gv ); void q_omg_security_init( struct ddsi_domaingv *gv ); @@ -1389,7 +1389,7 @@ decode_rtps_message( return NN_RTPS_MSG_STATE_PLAIN; } -inline dds_return_t q_omg_security_load( UNUSED_ARG( struct dds_security_context *security_context ), UNUSED_ARG( const dds_qos_t *property_seq) ) +inline dds_return_t q_omg_security_load( UNUSED_ARG( struct dds_security_context *security_context ), UNUSED_ARG( const dds_qos_t *property_seq), UNUSED_ARG ( struct ddsi_domaingv *gv ) ) { return DDS_RETCODE_ERROR; } diff --git a/src/core/ddsi/src/ddsi_security_omg.c b/src/core/ddsi/src/ddsi_security_omg.c index 057cdf4..096608c 100644 --- a/src/core/ddsi/src/ddsi_security_omg.c +++ b/src/core/ddsi/src/ddsi_security_omg.c @@ -53,11 +53,11 @@ */ #define PENDING_MATCH_EXPIRY_TIME 300 -#define EXCEPTION_LOG(sc,e,cat, ...) \ - q_omg_log_exception(sc->logcfg, cat, e, __FILE__, __LINE__, DDS_FUNCTION, __VA_ARGS__) +#define EXCEPTION_LOG(gv,e,cat,...) \ + q_omg_log_exception(&gv->logconfig, cat, e, __FILE__, __LINE__, DDS_FUNCTION, __VA_ARGS__) -#define EXCEPTION_ERROR(s, e, ...) EXCEPTION_LOG(s, e, DDS_LC_ERROR, __VA_ARGS__) -#define EXCEPTION_WARNING(s, e, ...) EXCEPTION_LOG(s, e, DDS_LC_WARNING, __VA_ARGS__) +#define EXCEPTION_ERROR(gv,e,...) EXCEPTION_LOG(gv, e, DDS_LC_ERROR, __VA_ARGS__) +#define EXCEPTION_WARNING(gv,e,...) EXCEPTION_LOG(gv, e, DDS_LC_WARNING, __VA_ARGS__) #define SECURITY_ATTR_IS_VALID(attr) \ @@ -212,8 +212,6 @@ struct dds_security_context { struct pending_match_index security_matches; struct participant_sec_index partiticpant_index; - - const struct ddsrt_log_cfg *logcfg; }; typedef struct dds_security_context dds_security_context; @@ -357,7 +355,7 @@ static struct pending_match * find_or_create_pending_entity_match(struct pending return match; } -static void unregister_and_free_pending_match(dds_security_context *sc, struct pending_match *match) +static void unregister_and_free_pending_match(const struct ddsi_domaingv * gv, dds_security_context *sc, struct pending_match *match) { if (match->crypto_handle != 0) { @@ -382,7 +380,7 @@ static void unregister_and_free_pending_match(dds_security_context *sc, struct p break; } if (!r) - EXCEPTION_ERROR(sc, &exception, "Failed to unregister remote %s crypto "PGUIDFMT" related to "PGUIDFMT, ename, PGUID(match->guids.remote_guid), PGUID(match->guids.local_guid)); + EXCEPTION_ERROR(gv, &exception, "Failed to unregister remote %s crypto "PGUIDFMT" related to "PGUIDFMT, ename, PGUID(match->guids.remote_guid), PGUID(match->guids.local_guid)); } free_pending_match(match); } @@ -407,7 +405,7 @@ static void pending_match_expiry_cb(struct xevent *xev, void *varg, ddsrt_mtime_ { ddsrt_fibheap_delete(&pending_match_expiry_fhdef, &index->expiry_timers, match); ddsrt_avl_delete(&pending_match_index_treedef, &index->pending_matches, match); - unregister_and_free_pending_match(index->gv->security_context, match); + unregister_and_free_pending_match(index->gv, index->gv->security_context, match); match = ddsrt_fibheap_min(&pending_match_expiry_fhdef, &index->expiry_timers); } if (match) @@ -430,7 +428,7 @@ static void clear_pending_matches_by_local_guid(dds_security_context *sc, struct if (match->expiry.v != DDS_NEVER) ddsrt_fibheap_delete(&pending_match_expiry_fhdef, &index->expiry_timers, match); next = ddsrt_avl_lookup_succ(&pending_match_index_treedef, &index->pending_matches, &match->guids); - unregister_and_free_pending_match(sc, match); + unregister_and_free_pending_match(index->gv, sc, match); } match = next; } @@ -450,7 +448,7 @@ static void clear_pending_matches_by_remote_guid(dds_security_context *sc, struc ddsrt_avl_delete(&pending_match_index_treedef, &index->pending_matches, match); if (match->expiry.v != DDS_NEVER) ddsrt_fibheap_delete(&pending_match_expiry_fhdef, &index->expiry_timers, match); - unregister_and_free_pending_match(sc, match); + unregister_and_free_pending_match(index->gv, sc, match); match = next; } ddsrt_mutex_unlock(&index->lock); @@ -505,7 +503,7 @@ static struct proxypp_pp_match * proxypp_pp_match_new(struct participant *pp, DD return pm; } -static void proxypp_pp_match_free(struct dds_security_context *sc, struct proxypp_pp_match *pm) +static void proxypp_pp_match_free(struct ddsi_domaingv *gv, struct dds_security_context *sc, struct proxypp_pp_match *pm) { DDS_Security_SecurityException exception = DDS_SECURITY_EXCEPTION_INIT; @@ -517,8 +515,9 @@ static void proxypp_pp_match_free(struct dds_security_context *sc, struct proxyp * matching local and remote participant. */ #if 0 - EXCEPTION_ERROR(sc, &exception, "Failed to return remote permissions handle"); + EXCEPTION_ERROR(gv, &exception, "Failed to return remote permissions handle"); #else + DDSRT_UNUSED_ARG (gv); DDS_Security_Exception_reset(&exception); #endif } @@ -552,7 +551,7 @@ static void proxypp_pp_unrelate(struct dds_security_context *sc, struct proxy_pa if ((pm = ddsrt_avl_lookup_dpath(&proxypp_pp_treedef, &proxypp->sec_attr->participants, &pp_crypto_handle, &dpath)) != NULL) { ddsrt_avl_delete_dpath(&proxypp_pp_treedef, &proxypp->sec_attr->participants, pm, &dpath); - proxypp_pp_match_free(sc, pm); + proxypp_pp_match_free(proxypp->e.gv, sc, pm); } ddsrt_mutex_unlock(&proxypp->sec_attr->lock); } @@ -715,8 +714,6 @@ void q_omg_security_init (struct ddsi_domaingv *gv) pending_match_index_init(gv, &sc->security_matches); ddsrt_mutex_init (&sc->omg_security_lock); - sc->logcfg = &gv->logconfig; - gv->security_context = sc; ddsi_handshake_admin_init(gv); @@ -725,16 +722,16 @@ void q_omg_security_init (struct ddsi_domaingv *gv) /** * Releases all plugins */ -static void release_plugins (dds_security_context *sc) +static void release_plugins (struct ddsi_domaingv *gv, dds_security_context *sc) { if (dds_security_plugin_release (&sc->auth_plugin, sc->authentication_context)) - DDS_CERROR (sc->logcfg, "Error occurred releasing %s plugin", sc->auth_plugin.name); + GVERROR ("Error occurred releasing %s plugin", sc->auth_plugin.name); if (dds_security_plugin_release (&sc->crypto_plugin, sc->crypto_context)) - DDS_CERROR (sc->logcfg, "Error occurred releasing %s plugin", sc->crypto_plugin.name); + GVERROR ("Error occurred releasing %s plugin", sc->crypto_plugin.name); if (dds_security_plugin_release (&sc->ac_plugin, sc->access_control_context)) - DDS_CERROR (sc->logcfg, "Error occurred releasing %s plugin", sc->ac_plugin.name); + GVERROR ("Error occurred releasing %s plugin", sc->ac_plugin.name); sc->authentication_context = NULL; sc->access_control_context = NULL; @@ -758,9 +755,9 @@ void q_omg_security_free (struct ddsi_domaingv *gv) ddsrt_avl_cfree(&participant_index_treedef, &sc->partiticpant_index.participants, 0); ddsrt_mutex_destroy(&sc->partiticpant_index.lock); - if (sc->authentication_context != NULL && sc->access_control_context != NULL && sc->crypto_context != NULL){ - release_plugins (sc); - } + if (sc->authentication_context != NULL && sc->access_control_context != NULL && sc->crypto_context != NULL) + release_plugins (gv, sc); + ddsi_handshake_admin_deinit(gv); ddsrt_mutex_destroy (&sc->omg_security_lock); ddsrt_free(sc); @@ -801,7 +798,7 @@ static void deinit_plugin_suite_config (dds_security_plugin_suite_config *suite_ deinit_plugin_config (&suite_config->cryptography); } -dds_return_t q_omg_security_load (dds_security_context *sc, const dds_qos_t *qos) +dds_return_t q_omg_security_load (dds_security_context *sc, const dds_qos_t *qos, struct ddsi_domaingv *gv) { dds_security_plugin_suite_config psc; memset (&psc, 0, sizeof (psc)); @@ -812,31 +809,28 @@ dds_return_t q_omg_security_load (dds_security_context *sc, const dds_qos_t *qos dds_qos_to_security_plugin_configuration (qos, &psc); /* Check configuration content */ - if (dds_security_check_plugin_configuration (&psc, sc->logcfg) != DDS_RETCODE_OK) + if (dds_security_check_plugin_configuration (&psc, gv) != DDS_RETCODE_OK) goto error; - if (dds_security_load_security_library (&psc.authentication, &sc->auth_plugin, (void **) &sc->authentication_context, sc->logcfg) != DDS_RETCODE_OK) + if (dds_security_load_security_library (&psc.authentication, &sc->auth_plugin, (void **) &sc->authentication_context, gv) != DDS_RETCODE_OK) { - DDS_CERROR (sc->logcfg, "Could not load %s plugin.\n", sc->auth_plugin.name); + GVERROR ("Could not load %s plugin.\n", sc->auth_plugin.name); goto error; } - if (dds_security_load_security_library (&psc.access_control, &sc->ac_plugin, (void **) &sc->access_control_context, sc->logcfg) != DDS_RETCODE_OK) + if (dds_security_load_security_library (&psc.access_control, &sc->ac_plugin, (void **) &sc->access_control_context, gv) != DDS_RETCODE_OK) { - DDS_CERROR (sc->logcfg, "Could not load %s library\n", sc->ac_plugin.name); + GVERROR ("Could not load %s library\n", sc->ac_plugin.name); goto error; } - if (dds_security_load_security_library (&psc.cryptography, &sc->crypto_plugin, (void **) &sc->crypto_context, sc->logcfg) != DDS_RETCODE_OK) + if (dds_security_load_security_library (&psc.cryptography, &sc->crypto_plugin, (void **) &sc->crypto_context, gv) != DDS_RETCODE_OK) { - DDS_CERROR (sc->logcfg, "Could not load %s library\n", sc->crypto_plugin.name); + GVERROR ("Could not load %s library\n", sc->crypto_plugin.name); goto error; } /* now check if all plugin functions are implemented */ - if (dds_security_verify_plugin_functions ( - sc->authentication_context, &sc->auth_plugin, - sc->crypto_context, &sc->crypto_plugin, - sc->access_control_context, &sc->ac_plugin, - sc->logcfg) != DDS_RETCODE_OK) + if (dds_security_verify_plugin_functions (sc->authentication_context, &sc->auth_plugin, sc->crypto_context, &sc->crypto_plugin, + sc->access_control_context, &sc->ac_plugin, gv) != DDS_RETCODE_OK) { goto error_verify; } @@ -845,12 +839,12 @@ dds_return_t q_omg_security_load (dds_security_context *sc, const dds_qos_t *qos #if LISTENERS_IMPLEMENTED if (!access_control_context->set_listener (access_control_context, &listener_ac, &ex)) { - DDS_CERROR (sc->logcfg, "Could not set access_control listener: %s\n", ex.message ? ex.message : ""); + GVERROR ("Could not set access_control listener: %s\n", ex.message ? ex.message : ""); goto error_set_ac_listener; } if (!authentication_context->set_listener (authentication_context, &listener_auth, &ex)) { - DDS_CERROR (sc->logcfg, "Could not set authentication listener: %s\n", ex.message ? ex.message : ""); + GVERROR ("Could not set authentication listener: %s\n", ex.message ? ex.message : ""); goto err_set_auth_listener; } #endif @@ -861,7 +855,7 @@ dds_return_t q_omg_security_load (dds_security_context *sc, const dds_qos_t *qos deinit_plugin_suite_config (&psc); ddsrt_mutex_unlock (&sc->omg_security_lock); - DDS_CLOG (DDS_LC_TRACE, sc->logcfg, "DDS Security plugins have been loaded\n"); + GVTRACE ("DDS Security plugins have been loaded\n"); return DDS_RETCODE_OK; #if LISTENERS_IMPLEMENTED @@ -870,7 +864,7 @@ error_set_auth_listener: error_set_ac_listener: #endif error_verify: - release_plugins (sc); + release_plugins (gv, sc); error: deinit_plugin_suite_config (&psc); ddsrt_mutex_unlock (&sc->omg_security_lock); @@ -907,6 +901,7 @@ dds_return_t q_omg_security_check_create_participant(struct participant *pp, uin { dds_return_t ret = DDS_RETCODE_NOT_ALLOWED_BY_SECURITY; struct dds_security_context *sc = q_omg_security_get_secure_context(pp); + struct ddsi_domaingv *gv = pp->e.gv; DDS_Security_IdentityHandle identity_handle = DDS_SECURITY_HANDLE_NIL; DDS_Security_SecurityException exception = DDS_SECURITY_EXCEPTION_INIT; DDS_Security_ValidationResult_t result = 0; @@ -933,7 +928,7 @@ dds_return_t q_omg_security_check_create_participant(struct participant *pp, uin (DDS_Security_GUID_t *) &candidate_guid, &exception); if (result != DDS_SECURITY_VALIDATION_OK) { - EXCEPTION_ERROR(sc, &exception, "Error occurred while validating local permission"); + EXCEPTION_ERROR(gv, &exception, "Error occurred while validating local permission"); goto validation_failed; } pp->e.guid = nn_ntoh_guid(adjusted_guid); @@ -946,7 +941,7 @@ dds_return_t q_omg_security_check_create_participant(struct participant *pp, uin /* Get the identity token and add this to the plist of the participant */ if (!sc->authentication_context->get_identity_token(sc->authentication_context, &identity_token, identity_handle, &exception)) { - EXCEPTION_ERROR(sc, &exception, "Error occurred while retrieving the identity token"); + EXCEPTION_ERROR(gv, &exception, "Error occurred while retrieving the identity token"); goto validation_failed; } assert(exception.code == 0); @@ -958,23 +953,24 @@ dds_return_t q_omg_security_check_create_participant(struct participant *pp, uin sec_attr->permissions_handle = sc->access_control_context->validate_local_permissions( sc->access_control_context, sc->authentication_context, identity_handle, (DDS_Security_DomainId)domain_id, &par_qos, &exception); + if (sec_attr->permissions_handle == DDS_SECURITY_HANDLE_NIL) { - EXCEPTION_ERROR(sc, &exception, "Error occurred while validating local permissions"); + EXCEPTION_ERROR(gv, &exception, "Error occurred while validating local permissions"); goto not_allowed; } /* ask to access control security plugin for create participant permissions related to this identity*/ if (!sc->access_control_context->check_create_participant(sc->access_control_context, sec_attr->permissions_handle, (DDS_Security_DomainId) domain_id, &par_qos, &exception)) { - EXCEPTION_ERROR(sc, &exception, "It is not allowed to create participant"); + EXCEPTION_ERROR(gv, &exception, "It is not allowed to create participant"); goto not_allowed; } /* Get the identity token and add this to the plist of the participant */ if (!sc->access_control_context->get_permissions_token(sc->access_control_context, &permissions_token, sec_attr->permissions_handle, &exception)) { - EXCEPTION_ERROR(sc, &exception, "Error occurred while retrieving the permissions token"); + EXCEPTION_ERROR(gv, &exception, "Error occurred while retrieving the permissions token"); goto not_allowed; } @@ -983,19 +979,19 @@ dds_return_t q_omg_security_check_create_participant(struct participant *pp, uin if (!sc->access_control_context->get_permissions_credential_token(sc->access_control_context, &credential_token, sec_attr->permissions_handle, &exception)) { - EXCEPTION_ERROR(sc, &exception, "Error occurred while retrieving the permissions credential token"); + EXCEPTION_ERROR(gv, &exception, "Error occurred while retrieving the permissions credential token"); goto no_credentials; } if (!sc->authentication_context->set_permissions_credential_and_token(sc->authentication_context, sec_attr->local_identity_handle, &credential_token, &permissions_token, &exception)) { - EXCEPTION_ERROR(sc, &exception, "Error occurred while setting the permissions credential token"); + EXCEPTION_ERROR(gv, &exception, "Error occurred while setting the permissions credential token"); goto no_credentials; } if (!sc->access_control_context->get_participant_sec_attributes(sc->access_control_context, sec_attr->permissions_handle, &sec_attr->attr, &exception)) { - EXCEPTION_ERROR(sc, &exception, "Failed to get participant security attributes"); + EXCEPTION_ERROR(gv, &exception, "Failed to get participant security attributes"); goto no_sec_attr; } @@ -1003,7 +999,7 @@ dds_return_t q_omg_security_check_create_participant(struct participant *pp, uin sec_attr->crypto_handle = sc->crypto_context->crypto_key_factory->register_local_participant( sc->crypto_context->crypto_key_factory, sec_attr->local_identity_handle, sec_attr->permissions_handle, NULL, &sec_attr->attr, &exception); if (!sec_attr->crypto_handle) { - EXCEPTION_ERROR(sc, &exception, "Failed to register participant with crypto key factory"); + EXCEPTION_ERROR(gv, &exception, "Failed to register participant with crypto key factory"); goto no_crypto; } @@ -1089,21 +1085,21 @@ static void cleanup_participant_sec_attributes(void *arg) if (attr->permissions_handle != DDS_SECURITY_HANDLE_NIL) { if (!sc->access_control_context->return_permissions_handle(sc->access_control_context, attr->permissions_handle, &exception)) - EXCEPTION_ERROR(sc, &exception, "Failed to return local permissions handle"); + EXCEPTION_ERROR(gv, &exception, "Failed to return local permissions handle"); } if (attr->local_identity_handle != DDS_SECURITY_HANDLE_NIL) { if (!sc->authentication_context->return_identity_handle(sc->authentication_context, attr->local_identity_handle, &exception)) - EXCEPTION_ERROR(sc, &exception, "Failed to return local identity handle"); + EXCEPTION_ERROR(gv, &exception, "Failed to return local identity handle"); } if (attr->plugin_attr) { if (!sc->access_control_context->return_participant_sec_attributes(sc->access_control_context, &attr->attr, &exception)) - EXCEPTION_ERROR(sc, &exception, "Failed to return participant security attributes"); + EXCEPTION_ERROR(gv, &exception, "Failed to return participant security attributes"); } if (!sc->crypto_context->crypto_key_factory->unregister_participant(sc->crypto_context->crypto_key_factory, attr->crypto_handle, &exception)) - EXCEPTION_ERROR(sc, &exception, "Failed to unregister participant"); + EXCEPTION_ERROR(gv, &exception, "Failed to unregister participant"); ddsrt_avl_cfree(&pp_proxypp_treedef, &attr->proxy_participants, NULL); ddsrt_mutex_unlock(&attr->lock); @@ -1286,7 +1282,7 @@ bool q_omg_security_check_create_topic(const struct ddsi_domaingv *gv, const dds { /*log if the topic discovery is not protected*/ if (!is_topic_discovery_protected(pp->sec_attr->permissions_handle, sc->access_control_context, topic_name)) - EXCEPTION_ERROR(sc, &exception, "Local topic permission denied"); + EXCEPTION_ERROR(gv, &exception, "Local topic permission denied"); else DDS_Security_Exception_reset(&exception); } @@ -1320,7 +1316,7 @@ bool q_omg_security_check_create_writer(struct participant *pp, uint32_t domain_ { /*log if the topic discovery is not protected*/ if (!is_topic_discovery_protected( pp->sec_attr->permissions_handle, sc->access_control_context, topic_name)) - EXCEPTION_ERROR(sc, &exception, "Local topic permission denied"); + EXCEPTION_ERROR(pp->e.gv, &exception, "Local topic permission denied"); else DDS_Security_Exception_reset(&exception); } @@ -1350,7 +1346,7 @@ void q_omg_security_register_writer(struct writer *wr) wr->sec_attr = writer_sec_attributes_new(); if (!sc->access_control_context->get_datawriter_sec_attributes(sc->access_control_context, pp->sec_attr->permissions_handle, wr->topic->name, &partitions, NULL, &wr->sec_attr->attr, &exception)) { - EXCEPTION_ERROR(sc, &exception, "Failed to retrieve writer security attributes"); + EXCEPTION_ERROR(pp->e.gv, &exception, "Failed to retrieve writer security attributes"); goto no_attr; } wr->sec_attr->plugin_attr = true; @@ -1367,7 +1363,7 @@ void q_omg_security_register_writer(struct writer *wr) DDS_Security_PropertySeq_freebuf(&properties); if (wr->sec_attr->crypto_handle == DDS_SECURITY_HANDLE_NIL) { - EXCEPTION_ERROR(sc, &exception, "Failed to register writer with crypto"); + EXCEPTION_ERROR(pp->e.gv, &exception, "Failed to register writer with crypto"); goto not_registered; } } @@ -1392,12 +1388,12 @@ void q_omg_security_deregister_writer(struct writer *wr) if (wr->sec_attr->crypto_handle != DDS_SECURITY_HANDLE_NIL) { if (!sc->crypto_context->crypto_key_factory->unregister_datawriter(sc->crypto_context->crypto_key_factory, wr->sec_attr->crypto_handle, &exception)) - EXCEPTION_ERROR(sc, &exception, "Failed to unregister writer with crypto"); + EXCEPTION_ERROR(wr->e.gv, &exception, "Failed to unregister writer with crypto"); } if (wr->sec_attr->plugin_attr) { if (!sc->access_control_context->return_datawriter_sec_attributes(sc->access_control_context, &wr->sec_attr->attr, &exception)) - EXCEPTION_ERROR(sc, &exception, "Failed to return writer security attributes"); + EXCEPTION_ERROR(wr->e.gv, &exception, "Failed to return writer security attributes"); } writer_sec_attributes_free(wr->sec_attr); wr->sec_attr = NULL; @@ -1441,7 +1437,7 @@ bool q_omg_security_check_create_reader(struct participant *pp, uint32_t domain_ { /*log if the topic discovery is not protected*/ if (!is_topic_discovery_protected( pp->sec_attr->permissions_handle, sc->access_control_context, topic_name)) - EXCEPTION_ERROR(sc, &exception, "Reader is not permitted"); + EXCEPTION_ERROR(pp->e.gv, &exception, "Reader is not permitted"); else DDS_Security_Exception_reset(&exception); } @@ -1472,7 +1468,7 @@ void q_omg_security_register_reader(struct reader *rd) if (!sc->access_control_context->get_datareader_sec_attributes(sc->access_control_context, pp->sec_attr->permissions_handle, rd->topic->name, &partitions, NULL, &rd->sec_attr->attr, &exception)) { - EXCEPTION_ERROR(sc, &exception, "Failed to retrieve reader security attributes"); + EXCEPTION_ERROR(pp->e.gv, &exception, "Failed to retrieve reader security attributes"); goto no_attr; } rd->sec_attr->plugin_attr = true; @@ -1489,7 +1485,7 @@ void q_omg_security_register_reader(struct reader *rd) DDS_Security_PropertySeq_freebuf(&properties); if (rd->sec_attr->crypto_handle == DDS_SECURITY_HANDLE_NIL) { - EXCEPTION_ERROR(sc, &exception, "Failed to register reader with crypto"); + EXCEPTION_ERROR(pp->e.gv, &exception, "Failed to register reader with crypto"); goto not_registered; } } @@ -1514,14 +1510,14 @@ void q_omg_security_deregister_reader(struct reader *rd) { if (!sc->crypto_context->crypto_key_factory->unregister_datareader(sc->crypto_context->crypto_key_factory, rd->sec_attr->crypto_handle, &exception)) { - EXCEPTION_ERROR(sc, &exception, "Failed to unregister reader with crypto"); + EXCEPTION_ERROR(rd->e.gv, &exception, "Failed to unregister reader with crypto"); } } if (rd->sec_attr->plugin_attr) { if (!sc->access_control_context->return_datareader_sec_attributes(sc->access_control_context, &rd->sec_attr->attr, &exception)) { - EXCEPTION_ERROR(sc, &exception, "Failed to return reader security attributes"); + EXCEPTION_ERROR(rd->e.gv, &exception, "Failed to return reader security attributes"); } } reader_sec_attributes_free(rd->sec_attr); @@ -1567,6 +1563,7 @@ static int64_t check_remote_participant_permissions(uint32_t domain_id, struct p DDS_Security_PermissionsToken permissions_token = DDS_SECURITY_TOKEN_INIT; DDS_Security_AuthenticatedPeerCredentialToken peer_credential_token = DDS_SECURITY_TOKEN_INIT; int64_t permissions_hdl = DDS_SECURITY_HANDLE_NIL; + struct ddsi_domaingv *gv = pp->e.gv; if (proxypp->plist->present & PP_PERMISSIONS_TOKEN) q_omg_shallow_copyin_DataHolder(&permissions_token, &proxypp->plist->permissions_token); @@ -1576,21 +1573,20 @@ static int64_t check_remote_participant_permissions(uint32_t domain_id, struct p handshake = ddsi_handshake_find(pp, proxypp); if (!handshake) { - ELOG(DDS_LC_ERROR, pp, "Could not find handshake local participant "PGUIDFMT" and remote participant "PGUIDFMT, - PGUID(pp->e.guid), PGUID(proxypp->e.guid)); - goto no_handshake; + GVTRACE("Could not find handshake local participant "PGUIDFMT" and remote participant "PGUIDFMT, PGUID(pp->e.guid), PGUID(proxypp->e.guid)); + goto no_handshake; } if (!sc->authentication_context->get_authenticated_peer_credential_token(sc->authentication_context, &peer_credential_token, ddsi_handshake_get_handle(handshake), &exception)) { if (q_omg_participant_is_access_protected(pp)) { - EXCEPTION_ERROR(sc, &exception, "Could not authenticate_peer_credential_token for local participan1152t "PGUIDFMT" and remote participant "PGUIDFMT, + EXCEPTION_ERROR(gv, &exception, "Could not authenticate_peer_credential_token for local participan1152t "PGUIDFMT" and remote participant "PGUIDFMT, PGUID(pp->e.guid), PGUID(proxypp->e.guid)); goto no_credentials; } /* Failing is allowed due to the non-protection of access. */ - EXCEPTION_WARNING(sc, &exception, "Could not authenticate_peer_credential_token for local participant "PGUIDFMT" and remote participant "PGUIDFMT , + EXCEPTION_WARNING(gv, &exception, "Could not authenticate_peer_credential_token for local participant "PGUIDFMT" and remote participant "PGUIDFMT , PGUID(pp->e.guid), PGUID(proxypp->e.guid)); } @@ -1600,11 +1596,11 @@ static int64_t check_remote_participant_permissions(uint32_t domain_id, struct p { if (q_omg_participant_is_access_protected(pp)) { - EXCEPTION_ERROR(sc, &exception, "Could not get remote participant "PGUIDFMT" permissions from plugin", PGUID(proxypp->e.guid)); + EXCEPTION_ERROR(gv, &exception, "Could not get remote participant "PGUIDFMT" permissions from plugin", PGUID(proxypp->e.guid)); goto no_permissions; } /* Failing is allowed due to the non-protection of access. */ - EXCEPTION_WARNING(sc, &exception, "Could not get remote participant "PGUIDFMT" permissions from plugin", PGUID(proxypp->e.guid)); + EXCEPTION_WARNING(gv, &exception, "Could not get remote participant "PGUIDFMT" permissions from plugin", PGUID(proxypp->e.guid)); } /* Only check remote participant if joining access is protected. */ @@ -1615,11 +1611,9 @@ static int64_t check_remote_participant_permissions(uint32_t domain_id, struct p q_omg_shallow_copy_ParticipantBuiltinTopicDataSecure(&participant_data, &(proxypp->e.guid), proxypp->plist); if (!sc->access_control_context->check_remote_participant(sc->access_control_context, permissions_hdl, (DDS_Security_DomainId)domain_id, &participant_data, &exception)) { - EXCEPTION_WARNING(sc, &exception, "Plugin does not allow remote participant "PGUIDFMT, PGUID(proxypp->e.guid)); + EXCEPTION_WARNING(gv, &exception, "Plugin does not allow remote participant "PGUIDFMT, PGUID(proxypp->e.guid)); if (!sc->access_control_context->return_permissions_handle(sc->access_control_context, permissions_hdl, &exception)) - { - EXCEPTION_ERROR(sc, &exception, "Failed to return remote permissions handle"); - } + EXCEPTION_ERROR(gv, &exception, "Failed to return remote permissions handle"); permissions_hdl = DDS_SECURITY_HANDLE_NIL; } q_omg_shallow_free_ParticipantBuiltinTopicDataSecure(&participant_data); @@ -1627,9 +1621,7 @@ static int64_t check_remote_participant_permissions(uint32_t domain_id, struct p no_permissions: if (!sc->authentication_context->return_authenticated_peer_credential_token(sc->authentication_context, &peer_credential_token, &exception)) - { - EXCEPTION_ERROR(sc, &exception, "Failed to return peer credential token"); - } + EXCEPTION_ERROR(gv, &exception, "Failed to return peer credential token"); no_credentials: ddsi_handshake_release(handshake); no_handshake: @@ -1646,7 +1638,7 @@ static void send_participant_crypto_tokens(struct participant *pp, struct proxy_ r = sc->crypto_context->crypto_key_exchange->create_local_participant_crypto_tokens(sc->crypto_context->crypto_key_exchange, &tokens, local_crypto, remote_crypto, &exception); if (!r) - EXCEPTION_ERROR(sc, &exception, "Failed to create local participant crypto tokens "PGUIDFMT" for remote participant "PGUIDFMT, PGUID(pp->e.guid), PGUID(proxypp->e.guid)); + EXCEPTION_ERROR(pp->e.gv, &exception, "Failed to create local participant crypto tokens "PGUIDFMT" for remote participant "PGUIDFMT, PGUID(pp->e.guid), PGUID(proxypp->e.guid)); else if (tokens._length > 0) { nn_dataholderseq_t tholder; @@ -1656,7 +1648,7 @@ static void send_participant_crypto_tokens(struct participant *pp, struct proxy_ q_omg_shallow_free_nn_dataholderseq(&tholder); if (!sc->crypto_context->crypto_key_exchange->return_crypto_tokens(sc->crypto_context->crypto_key_exchange, &tokens, &exception)) - EXCEPTION_ERROR(sc, &exception, "Failed to return local participant crypto tokens "PGUIDFMT" for remote participant "PGUIDFMT, PGUID(pp->e.guid), PGUID(proxypp->e.guid)); + EXCEPTION_ERROR(pp->e.gv, &exception, "Failed to return local participant crypto tokens "PGUIDFMT" for remote participant "PGUIDFMT, PGUID(pp->e.guid), PGUID(proxypp->e.guid)); } } @@ -1758,7 +1750,7 @@ bool q_omg_security_register_remote_participant(struct participant *pp, struct p sc->crypto_context->crypto_key_factory, pp->sec_attr->crypto_handle, proxypp->sec_attr->remote_identity_handle, permissions_handle, shared_secret, &exception); if (crypto_handle == DDS_SECURITY_HANDLE_NIL) { - EXCEPTION_ERROR(sc, &exception, "Failed to register matched remote participant "PGUIDFMT" with participant "PGUIDFMT, PGUID(proxypp->e.guid), PGUID(pp->e.guid)); + EXCEPTION_ERROR(gv, &exception, "Failed to register matched remote participant "PGUIDFMT" with participant "PGUIDFMT, PGUID(proxypp->e.guid), PGUID(pp->e.guid)); ret = false; goto register_failed; } @@ -1779,7 +1771,7 @@ bool q_omg_security_register_remote_participant(struct participant *pp, struct p { ret = sc->crypto_context->crypto_key_exchange->set_remote_participant_crypto_tokens(sc->crypto_context->crypto_key_exchange, pp->sec_attr->crypto_handle, crypto_handle, match->tokens, &exception); if (!ret) - EXCEPTION_ERROR(sc, &exception, " Failed to set remote participant crypto tokens "PGUIDFMT" --> "PGUIDFMT, PGUID(proxypp->e.guid), PGUID(pp->e.guid)); + EXCEPTION_ERROR(gv, &exception, " Failed to set remote participant crypto tokens "PGUIDFMT" --> "PGUIDFMT, PGUID(proxypp->e.guid), PGUID(pp->e.guid)); else GVTRACE(" set participant tokens src("PGUIDFMT") to dst("PGUIDFMT") (by registering remote)\n", PGUID(proxypp->e.guid), PGUID(pp->e.guid)); delete_pending_match(&sc->security_matches, match); @@ -1832,7 +1824,8 @@ void q_omg_security_deregister_remote_participant(struct proxy_participant *prox struct ddsi_domaingv *gv = proxypp->e.gv; DDS_Security_SecurityException exception = DDS_SECURITY_EXCEPTION_INIT; - if (proxypp->sec_attr) { + if (proxypp->sec_attr) + { dds_security_context *sc = proxypp->sec_attr->sc; struct proxypp_pp_match *pm; struct participant *pp; @@ -1841,12 +1834,10 @@ void q_omg_security_deregister_remote_participant(struct proxy_participant *prox while (pm) { struct proxypp_pp_match *next = ddsrt_avl_find_succ(&proxypp_pp_treedef, &proxypp->sec_attr->participants, pm); - ddsrt_avl_delete(&proxypp_pp_treedef, &proxypp->sec_attr->participants, pm); - pp = entidx_lookup_participant_guid(gv->entity_index, &pm->pp_guid); - if (pp) + if ((pp = entidx_lookup_participant_guid(gv->entity_index, &pm->pp_guid)) != NULL) pp_proxypp_unrelate(sc, pp, &proxypp->e.guid); - proxypp_pp_match_free(sc, pm); + proxypp_pp_match_free(gv, sc, pm); pm = next; } @@ -1854,14 +1845,14 @@ void q_omg_security_deregister_remote_participant(struct proxy_participant *prox if (proxypp->sec_attr->crypto_handle != DDS_SECURITY_HANDLE_NIL) { - if (!sc->crypto_context->crypto_key_factory->unregister_participant(sc->crypto_context->crypto_key_factory, proxypp->sec_attr->crypto_handle, &exception)) - EXCEPTION_ERROR(sc, &exception, "2:Failed to return remote crypto handle"); + if (!sc->crypto_context->crypto_key_factory->unregister_participant(sc->crypto_context->crypto_key_factory, proxypp->sec_attr->crypto_handle, &exception)) + EXCEPTION_ERROR(gv, &exception, "2:Failed to return remote crypto handle"); } if (proxypp->sec_attr->remote_identity_handle != DDS_SECURITY_HANDLE_NIL) { - if (!sc->authentication_context->return_identity_handle(sc->authentication_context, proxypp->sec_attr->remote_identity_handle, &exception)) - EXCEPTION_ERROR(sc, &exception, "Failed to return remote identity handle"); + if (!sc->authentication_context->return_identity_handle(sc->authentication_context, proxypp->sec_attr->remote_identity_handle, &exception)) + EXCEPTION_ERROR(gv, &exception, "Failed to return remote identity handle"); } ddsrt_mutex_destroy(&proxypp->sec_attr->lock); @@ -1960,7 +1951,7 @@ void q_omg_security_set_participant_crypto_tokens(struct participant *pp, struct DDS_Security_DataHolderSeq_free(tseq); } else - EXCEPTION_ERROR(sc, &exception, " Failed to set remote participant crypto tokens "PGUIDFMT" for participant "PGUIDFMT, PGUID(proxypp->e.guid), PGUID(pp->e.guid)); + EXCEPTION_ERROR(gv, &exception, " Failed to set remote participant crypto tokens "PGUIDFMT" for participant "PGUIDFMT, PGUID(proxypp->e.guid), PGUID(pp->e.guid)); } ddsrt_mutex_unlock(&pp->e.lock); @@ -2054,7 +2045,7 @@ bool q_omg_security_check_remote_writer_permissions(const struct proxy_writer *p if (!ok) { if (!is_topic_discovery_protected(pp->sec_attr->permissions_handle, sc->access_control_context, publication_data.topic_name)) - EXCEPTION_ERROR(sc, &exception, "Access control does not allow remote writer "PGUIDFMT": %s", PGUID(pwr->e.guid)); + EXCEPTION_ERROR(gv, &exception, "Access control does not allow remote writer "PGUIDFMT": %s", PGUID(pwr->e.guid)); else DDS_Security_Exception_reset(&exception); } @@ -2076,7 +2067,7 @@ static void send_reader_crypto_tokens(struct reader *rd, struct proxy_writer *pw r = sc->crypto_context->crypto_key_exchange->create_local_datareader_crypto_tokens(sc->crypto_context->crypto_key_exchange, &tokens, local_crypto, remote_crypto, &exception); if (!r) - EXCEPTION_ERROR(sc, &exception,"Failed to create local reader crypto tokens "PGUIDFMT" for remote writer "PGUIDFMT, PGUID(rd->e.guid), PGUID(pwr->e.guid)); + EXCEPTION_ERROR(gv, &exception,"Failed to create local reader crypto tokens "PGUIDFMT" for remote writer "PGUIDFMT, PGUID(rd->e.guid), PGUID(pwr->e.guid)); else if (tokens._length > 0) { nn_dataholderseq_t tholder; @@ -2086,7 +2077,7 @@ static void send_reader_crypto_tokens(struct reader *rd, struct proxy_writer *pw q_omg_shallow_free_nn_dataholderseq(&tholder); if (!sc->crypto_context->crypto_key_exchange->return_crypto_tokens(sc->crypto_context->crypto_key_exchange, &tokens, &exception)) - EXCEPTION_ERROR(sc, &exception, "Failed to return local reader crypto tokens "PGUIDFMT" for remote writer "PGUIDFMT, PGUID(rd->e.guid), PGUID(pwr->e.guid)); + EXCEPTION_ERROR(gv, &exception, "Failed to return local reader crypto tokens "PGUIDFMT" for remote writer "PGUIDFMT, PGUID(rd->e.guid), PGUID(pwr->e.guid)); } } @@ -2121,7 +2112,7 @@ static bool q_omg_security_register_remote_writer_match(struct proxy_writer *pwr allowed = true; } else - EXCEPTION_ERROR(sc, &exception, "Failed to register remote writer "PGUIDFMT" with reader "PGUIDFMT, PGUID(pwr->e.guid), PGUID(rd->e.guid)); + EXCEPTION_ERROR(gv, &exception, "Failed to register remote writer "PGUIDFMT" with reader "PGUIDFMT, PGUID(pwr->e.guid), PGUID(rd->e.guid)); } else { @@ -2133,7 +2124,7 @@ static bool q_omg_security_register_remote_writer_match(struct proxy_writer *pwr *crypto_handle = sc->crypto_context->crypto_key_factory->register_matched_remote_datawriter( sc->crypto_context->crypto_key_factory, rd->sec_attr->crypto_handle, proxypp->sec_attr->crypto_handle, proxypp_match->shared_secret, &exception); if (*crypto_handle == 0) - EXCEPTION_ERROR(sc, &exception, "Failed to register remote writer "PGUIDFMT" with reader "PGUIDFMT, PGUID(pwr->e.guid), PGUID(rd->e.guid)); + EXCEPTION_ERROR(gv, &exception, "Failed to register remote writer "PGUIDFMT" with reader "PGUIDFMT, PGUID(pwr->e.guid), PGUID(rd->e.guid)); else { pending_match->crypto_handle = *crypto_handle; @@ -2142,7 +2133,7 @@ static bool q_omg_security_register_remote_writer_match(struct proxy_writer *pwr { if (!sc->crypto_context->crypto_key_exchange->set_remote_datawriter_crypto_tokens( sc->crypto_context->crypto_key_exchange, rd->sec_attr->crypto_handle, *crypto_handle, pending_match->tokens, &exception)) - EXCEPTION_ERROR(sc, &exception, "Failed to set remote writer crypto tokens "PGUIDFMT" --> "PGUIDFMT, PGUID(pwr->e.guid), PGUID(rd->e.guid)); + EXCEPTION_ERROR(gv, &exception, "Failed to set remote writer crypto tokens "PGUIDFMT" --> "PGUIDFMT, PGUID(pwr->e.guid), PGUID(rd->e.guid)); else { GVTRACE("match_remote_writer "PGUIDFMT" with reader "PGUIDFMT": tokens available\n", PGUID(pwr->e.guid), PGUID(rd->e.guid)); @@ -2227,7 +2218,7 @@ void q_omg_security_deregister_remote_writer_match(const struct ddsi_domaingv *g if (m->crypto_handle != 0) { if (!sc->crypto_context->crypto_key_factory->unregister_datawriter(sc->crypto_context->crypto_key_factory, m->crypto_handle, &exception)) - EXCEPTION_ERROR(sc, &exception, "Failed to unregister remote writer "PGUIDFMT" for reader "PGUIDFMT, PGUID(m->pwr_guid), PGUID(*rd_guid)); + EXCEPTION_ERROR(gv, &exception, "Failed to unregister remote writer "PGUIDFMT" for reader "PGUIDFMT, PGUID(m->pwr_guid), PGUID(*rd_guid)); } } @@ -2289,7 +2280,7 @@ bool q_omg_security_check_remote_reader_permissions(const struct proxy_reader *p else { if (!is_topic_discovery_protected(pp->sec_attr->permissions_handle, sc->access_control_context, subscription_data.topic_name)) - EXCEPTION_ERROR(sc, &exception, "Access control does not allow remote reader "PGUIDFMT": %s", PGUID(prd->e.guid)); + EXCEPTION_ERROR(gv, &exception, "Access control does not allow remote reader "PGUIDFMT": %s", PGUID(prd->e.guid)); else DDS_Security_Exception_reset(&exception); } @@ -2383,7 +2374,7 @@ void q_omg_security_deregister_remote_reader_match(const struct ddsi_domaingv *g if (m->crypto_handle != 0) { if (!sc->crypto_context->crypto_key_factory->unregister_datareader(sc->crypto_context->crypto_key_factory, m->crypto_handle, &exception)) - EXCEPTION_ERROR(sc, &exception, "Failed to unregister remote reader "PGUIDFMT" for writer "PGUIDFMT, PGUID(m->prd_guid), PGUID(*wr_guid)); + EXCEPTION_ERROR(gv, &exception, "Failed to unregister remote reader "PGUIDFMT" for writer "PGUIDFMT, PGUID(m->prd_guid), PGUID(*wr_guid)); } } @@ -2408,7 +2399,7 @@ static void send_writer_crypto_tokens(struct writer *wr, struct proxy_reader *pr r = sc->crypto_context->crypto_key_exchange->create_local_datawriter_crypto_tokens(sc->crypto_context->crypto_key_exchange, &tokens, local_crypto, remote_crypto, &exception); if (!r) - EXCEPTION_ERROR(sc, &exception,"Failed to create local writer crypto tokens "PGUIDFMT" for remote reader "PGUIDFMT, PGUID(wr->e.guid), PGUID(prd->e.guid)); + EXCEPTION_ERROR(gv, &exception,"Failed to create local writer crypto tokens "PGUIDFMT" for remote reader "PGUIDFMT, PGUID(wr->e.guid), PGUID(prd->e.guid)); else if (tokens._length > 0) { nn_dataholderseq_t tholder; @@ -2418,7 +2409,7 @@ static void send_writer_crypto_tokens(struct writer *wr, struct proxy_reader *pr q_omg_shallow_free_nn_dataholderseq(&tholder); if (!sc->crypto_context->crypto_key_exchange->return_crypto_tokens(sc->crypto_context->crypto_key_exchange, &tokens, &exception)) - EXCEPTION_ERROR(sc, &exception, "Failed to return local writer crypto tokens "PGUIDFMT" for remote reader "PGUIDFMT, PGUID(wr->e.guid), PGUID(prd->e.guid)); + EXCEPTION_ERROR(gv, &exception, "Failed to return local writer crypto tokens "PGUIDFMT" for remote reader "PGUIDFMT, PGUID(wr->e.guid), PGUID(prd->e.guid)); } } @@ -2454,7 +2445,7 @@ static bool q_omg_security_register_remote_reader_match(struct proxy_reader *prd allowed = true; } else - EXCEPTION_ERROR(sc, &exception, "Failed to register remote reader "PGUIDFMT" with writer "PGUIDFMT, PGUID(prd->e.guid), PGUID(wr->e.guid)); + EXCEPTION_ERROR(gv, &exception, "Failed to register remote reader "PGUIDFMT" with writer "PGUIDFMT, PGUID(prd->e.guid), PGUID(wr->e.guid)); } else { @@ -2466,7 +2457,7 @@ static bool q_omg_security_register_remote_reader_match(struct proxy_reader *prd *crypto_handle = sc->crypto_context->crypto_key_factory->register_matched_remote_datareader( sc->crypto_context->crypto_key_factory, wr->sec_attr->crypto_handle, proxypp->sec_attr->crypto_handle, proxypp_match->shared_secret, relay_only, &exception); if (*crypto_handle == 0) - EXCEPTION_ERROR(sc, &exception, "Failed to register remote reader "PGUIDFMT" with writer "PGUIDFMT, PGUID(prd->e.guid), PGUID(wr->e.guid)); + EXCEPTION_ERROR(gv, &exception, "Failed to register remote reader "PGUIDFMT" with writer "PGUIDFMT, PGUID(prd->e.guid), PGUID(wr->e.guid)); else { pending_match->crypto_handle = *crypto_handle; @@ -2476,7 +2467,7 @@ static bool q_omg_security_register_remote_reader_match(struct proxy_reader *prd { if (!sc->crypto_context->crypto_key_exchange->set_remote_datareader_crypto_tokens( sc->crypto_context->crypto_key_exchange, wr->sec_attr->crypto_handle, *crypto_handle, pending_match->tokens, &exception)) - EXCEPTION_ERROR(sc, &exception, "Failed to set remote reader crypto tokens "PGUIDFMT" --> "PGUIDFMT, PGUID(prd->e.guid), PGUID(wr->e.guid)); + EXCEPTION_ERROR(gv, &exception, "Failed to set remote reader crypto tokens "PGUIDFMT" --> "PGUIDFMT, PGUID(prd->e.guid), PGUID(wr->e.guid)); else { GVTRACE(" match_remote_reader "PGUIDFMT" with writer "PGUIDFMT": tokens available\n", PGUID(prd->e.guid), PGUID(wr->e.guid)); @@ -2575,7 +2566,7 @@ void q_omg_security_set_remote_writer_crypto_tokens(struct reader *rd, const dds else { if (!sc->crypto_context->crypto_key_exchange->set_remote_datawriter_crypto_tokens(sc->crypto_context->crypto_key_exchange, rd->sec_attr->crypto_handle, match->crypto_handle, tseq, &exception)) - EXCEPTION_ERROR(sc, &exception, "Failed to set remote writer crypto tokens "PGUIDFMT" for reader "PGUIDFMT, PGUID(pwr->e.guid), PGUID(rd->e.guid)); + EXCEPTION_ERROR(gv, &exception, "Failed to set remote writer crypto tokens "PGUIDFMT" for reader "PGUIDFMT, PGUID(pwr->e.guid), PGUID(rd->e.guid)); else { GVTRACE("set_remote_writer_crypto_tokens "PGUIDFMT" with reader "PGUIDFMT"\n", PGUID(pwr->e.guid), PGUID(rd->e.guid)); @@ -2614,7 +2605,7 @@ void q_omg_security_set_remote_reader_crypto_tokens(struct writer *wr, const dds else { if (!sc->crypto_context->crypto_key_exchange->set_remote_datareader_crypto_tokens(sc->crypto_context->crypto_key_exchange, wr->sec_attr->crypto_handle, match->crypto_handle, tseq, &exception)) - EXCEPTION_ERROR(sc, &exception, "Failed to set remote reader crypto tokens "PGUIDFMT" for writer "PGUIDFMT, PGUID(prd->e.guid), PGUID(wr->e.guid)); + EXCEPTION_ERROR(gv, &exception, "Failed to set remote reader crypto tokens "PGUIDFMT" for writer "PGUIDFMT, PGUID(prd->e.guid), PGUID(wr->e.guid)); else { GVTRACE("set_remote_reader_crypto_tokens "PGUIDFMT" with writer "PGUIDFMT"\n", PGUID(prd->e.guid), PGUID(wr->e.guid)); diff --git a/src/core/ddsi/src/q_entity.c b/src/core/ddsi/src/q_entity.c index dfd2433..2669c09 100644 --- a/src/core/ddsi/src/q_entity.c +++ b/src/core/ddsi/src/q_entity.c @@ -858,7 +858,7 @@ static dds_return_t check_and_load_security_config (struct ddsi_domaingv * const GVLOGDISC ("new_participant("PGUIDFMT"): security is already loaded for this domain\n", PGUID (*ppguid)); return DDS_RETCODE_OK; } - else if (q_omg_security_load (gv->security_context, qos) < 0) + else if (q_omg_security_load (gv->security_context, qos, gv) < 0) { GVERROR ("Could not load security\n"); return DDS_RETCODE_NOT_ALLOWED_BY_SECURITY; diff --git a/src/security/api/CMakeLists.txt b/src/security/api/CMakeLists.txt index 02586c6..fe9e0b4 100644 --- a/src/security/api/CMakeLists.txt +++ b/src/security/api/CMakeLists.txt @@ -17,6 +17,7 @@ target_include_directories( security_api INTERFACE "$" "$" + "$" ) install( diff --git a/src/security/api/include/dds/security/dds_security_api.h b/src/security/api/include/dds/security/dds_security_api.h index ba29184..55ab6a0 100644 --- a/src/security/api/include/dds/security/dds_security_api.h +++ b/src/security/api/include/dds/security/dds_security_api.h @@ -13,8 +13,7 @@ #ifndef DDS_SECURITY_API_H #define DDS_SECURITY_API_H - -/* Various security plugins. */ +#include "dds/ddsi/ddsi_domaingv.h" #include "dds_security_api_access_control.h" #include "dds_security_api_authentication.h" #include "dds_security_api_cryptography.h" @@ -24,25 +23,12 @@ extern "C" { #endif - -/** - * Integration functions for Security plugins - * - */ - -typedef int (*plugin_init)( - const char *argument, - void **context - ); - -typedef int (*plugin_finalize)( - void *context - ); - +/* Integration functions for Security plugins */ +typedef int (*plugin_init)(const char *argument, void **context, struct ddsi_domaingv *gv); +typedef int (*plugin_finalize)(void *context); #if defined (__cplusplus) } #endif - #endif /* DDS_SECURITY_API_H */ diff --git a/src/security/api/include/dds/security/dds_security_api_access_control.h b/src/security/api/include/dds/security/dds_security_api_access_control.h index 8b908b5..5bc7f26 100644 --- a/src/security/api/include/dds/security/dds_security_api_access_control.h +++ b/src/security/api/include/dds/security/dds_security_api_access_control.h @@ -16,359 +16,278 @@ #include "dds_security_api_types.h" #include "dds_security_api_authentication.h" -#if defined (__cplusplus) -extern "C" { +#if defined(__cplusplus) +extern "C" +{ #endif - - -/** - * AccessControl Component - */ +/* AccessControl Component */ struct dds_security_access_control; typedef struct dds_security_access_control dds_security_access_control; + +/* AccessControlListener Interface */ struct dds_security_access_control_listener; typedef struct dds_security_access_control_listener dds_security_access_control_listener; - -/** - * AccessControlListener Interface - * */ - - -typedef DDS_Security_boolean -(*DDS_Security_access_control_listener_on_revoke_permissions) - ( dds_security_access_control_listener *instance, - const dds_security_access_control *plugin, - const DDS_Security_PermissionsHandle handle); +typedef DDS_Security_boolean (*DDS_Security_access_control_listener_on_revoke_permissions)( + const dds_security_access_control *plugin, + const DDS_Security_PermissionsHandle handle); struct dds_security_access_control_listener { DDS_Security_access_control_listener_on_revoke_permissions on_revoke_permissions; }; +/* AccessControl Interface */ +typedef DDS_Security_PermissionsHandle (*DDS_Security_access_control_validate_local_permissions)( + dds_security_access_control *instance, + const dds_security_authentication *auth_plugin, + const DDS_Security_IdentityHandle identity, + const DDS_Security_DomainId domain_id, + const DDS_Security_Qos *participant_qos, + DDS_Security_SecurityException *ex); -/** - * AccessControl Interface - */ +typedef DDS_Security_PermissionsHandle (*DDS_Security_access_control_validate_remote_permissions)( + dds_security_access_control *instance, + const dds_security_authentication *auth_plugin, + const DDS_Security_IdentityHandle local_identity_handle, + const DDS_Security_IdentityHandle remote_identity_handle, + const DDS_Security_PermissionsToken *remote_permissions_token, + const DDS_Security_AuthenticatedPeerCredentialToken *remote_credential_token, + DDS_Security_SecurityException *ex); -typedef DDS_Security_PermissionsHandle -(*DDS_Security_access_control_validate_local_permissions) - ( dds_security_access_control *instance, - const dds_security_authentication *auth_plugin, - const DDS_Security_IdentityHandle identity, - const DDS_Security_DomainId domain_id, - const DDS_Security_Qos *participant_qos, - DDS_Security_SecurityException *ex); +typedef DDS_Security_boolean (*DDS_Security_access_control_check_create_participant)( + dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_DomainId domain_id, + const DDS_Security_Qos *participant_qos, + DDS_Security_SecurityException *ex); -typedef DDS_Security_PermissionsHandle -(*DDS_Security_access_control_validate_remote_permissions) - ( dds_security_access_control *instance, - const dds_security_authentication *auth_plugin, - const DDS_Security_IdentityHandle local_identity_handle, - const DDS_Security_IdentityHandle remote_identity_handle, - const DDS_Security_PermissionsToken *remote_permissions_token, - const DDS_Security_AuthenticatedPeerCredentialToken *remote_credential_token, - DDS_Security_SecurityException *ex); +typedef DDS_Security_boolean (*DDS_Security_access_control_check_create_datawriter)( + dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_DomainId domain_id, + const DDS_Security_char *topic_name, + const DDS_Security_Qos *writer_qos, + const DDS_Security_PartitionQosPolicy *partition, + const DDS_Security_DataTags *data_tag, + DDS_Security_SecurityException *ex); -typedef DDS_Security_boolean -(*DDS_Security_access_control_check_create_participant) - ( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_DomainId domain_id, - const DDS_Security_Qos *participant_qos, - DDS_Security_SecurityException *ex); +typedef DDS_Security_boolean (*DDS_Security_access_control_check_create_datareader)( + dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_DomainId domain_id, + const DDS_Security_char *topic_name, + const DDS_Security_Qos *reader_qos, + const DDS_Security_PartitionQosPolicy *partition, + const DDS_Security_DataTags *data_tag, + DDS_Security_SecurityException *ex); -typedef DDS_Security_boolean -(*DDS_Security_access_control_check_create_datawriter) - ( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_DomainId domain_id, - const DDS_Security_char *topic_name, - const DDS_Security_Qos *writer_qos, - const DDS_Security_PartitionQosPolicy *partition, - const DDS_Security_DataTags *data_tag, - DDS_Security_SecurityException *ex); +typedef DDS_Security_boolean (*DDS_Security_access_control_check_create_topic)( + dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_DomainId domain_id, + const DDS_Security_char *topic_name, + const DDS_Security_Qos *topic_qos, + DDS_Security_SecurityException *ex); -typedef DDS_Security_boolean -(*DDS_Security_access_control_check_create_datareader) - ( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_DomainId domain_id, - const DDS_Security_char *topic_name, - const DDS_Security_Qos *reader_qos, - const DDS_Security_PartitionQosPolicy *partition, - const DDS_Security_DataTags *data_tag, - DDS_Security_SecurityException *ex); +typedef DDS_Security_boolean (*DDS_Security_access_control_check_local_datawriter_register_instance)( + dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_Entity *writer, + const DDS_Security_DynamicData *key, + DDS_Security_SecurityException *ex); +typedef DDS_Security_boolean (*DDS_Security_access_control_check_local_datawriter_dispose_instance)( + dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_Entity *writer, + const DDS_Security_DynamicData key, + DDS_Security_SecurityException *ex); -typedef DDS_Security_boolean -(*DDS_Security_access_control_check_create_topic) - ( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_DomainId domain_id, - const DDS_Security_char *topic_name, - const DDS_Security_Qos *topic_qos, - DDS_Security_SecurityException *ex); +typedef DDS_Security_boolean (*DDS_Security_access_control_check_remote_participant)( + dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_DomainId domain_id, + const DDS_Security_ParticipantBuiltinTopicDataSecure *participant_data, + DDS_Security_SecurityException *ex); -typedef DDS_Security_boolean -(*DDS_Security_access_control_check_local_datawriter_register_instance) - ( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_Entity *writer, - const DDS_Security_DynamicData *key, - DDS_Security_SecurityException *ex); +typedef DDS_Security_boolean (*DDS_Security_access_control_check_remote_datawriter)( + dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_DomainId domain_id, + const DDS_Security_PublicationBuiltinTopicDataSecure *publication_data, + DDS_Security_SecurityException *ex); -typedef DDS_Security_boolean -(*DDS_Security_access_control_check_local_datawriter_dispose_instance) - ( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_Entity *writer, - const DDS_Security_DynamicData key, - DDS_Security_SecurityException *ex); +typedef DDS_Security_boolean (*DDS_Security_access_control_check_remote_datareader)( + dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_DomainId domain_id, + const DDS_Security_SubscriptionBuiltinTopicDataSecure *subscription_data, + DDS_Security_boolean *relay_only, + DDS_Security_SecurityException *ex); -typedef DDS_Security_boolean -(*DDS_Security_access_control_check_remote_participant) - ( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_DomainId domain_id, - const DDS_Security_ParticipantBuiltinTopicDataSecure *participant_data, - DDS_Security_SecurityException *ex); +typedef DDS_Security_boolean (*DDS_Security_access_control_check_remote_topic)( + dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_DomainId domain_id, + const DDS_Security_TopicBuiltinTopicData *topic_data, + DDS_Security_SecurityException *ex); -typedef DDS_Security_boolean -(*DDS_Security_access_control_check_remote_datawriter) - ( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_DomainId domain_id, - const DDS_Security_PublicationBuiltinTopicDataSecure *publication_data, - DDS_Security_SecurityException *ex); +typedef DDS_Security_boolean (*DDS_Security_access_control_check_local_datawriter_match)( + dds_security_access_control *instance, + const DDS_Security_PermissionsHandle writer_permissions_handle, + const DDS_Security_PermissionsHandle reader_permissions_handle, + const DDS_Security_PublicationBuiltinTopicDataSecure *publication_data, + const DDS_Security_SubscriptionBuiltinTopicDataSecure *subscription_data, + DDS_Security_SecurityException *ex); -typedef DDS_Security_boolean -(*DDS_Security_access_control_check_remote_datareader) - ( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_DomainId domain_id, - const DDS_Security_SubscriptionBuiltinTopicDataSecure *subscription_data, - DDS_Security_boolean *relay_only, - DDS_Security_SecurityException *ex); +typedef DDS_Security_boolean (*DDS_Security_access_control_check_local_datareader_match)( + dds_security_access_control *instance, + const DDS_Security_PermissionsHandle reader_permissions_handle, + const DDS_Security_PermissionsHandle writer_permissions_handle, + const DDS_Security_SubscriptionBuiltinTopicDataSecure *subscription_data, + const DDS_Security_PublicationBuiltinTopicDataSecure *publication_data, + DDS_Security_SecurityException *ex); -typedef DDS_Security_boolean -(*DDS_Security_access_control_check_remote_topic) - ( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_DomainId domain_id, - const DDS_Security_TopicBuiltinTopicData *topic_data, - DDS_Security_SecurityException *ex); +typedef DDS_Security_boolean (*DDS_Security_access_control_check_remote_datawriter_register_instance)( + dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_Entity *reader, + const DDS_Security_InstanceHandle publication_handle, + const DDS_Security_DynamicData key, + const DDS_Security_InstanceHandle instance_handle, + DDS_Security_SecurityException *ex); +typedef DDS_Security_boolean (*DDS_Security_access_control_check_remote_datawriter_dispose_instance)( + dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_Entity *reader, + const DDS_Security_InstanceHandle publication_handle, + const DDS_Security_DynamicData key, + DDS_Security_SecurityException *ex); -typedef DDS_Security_boolean -(*DDS_Security_access_control_check_local_datawriter_match) - ( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle writer_permissions_handle, - const DDS_Security_PermissionsHandle reader_permissions_handle, - const DDS_Security_PublicationBuiltinTopicDataSecure *publication_data, - const DDS_Security_SubscriptionBuiltinTopicDataSecure *subscription_data, - DDS_Security_SecurityException *ex); +typedef DDS_Security_boolean (*DDS_Security_access_control_get_permissions_token)( + dds_security_access_control *instance, + DDS_Security_PermissionsToken *permissions_token, + const DDS_Security_PermissionsHandle handle, + DDS_Security_SecurityException *ex); +typedef DDS_Security_boolean (*DDS_Security_access_control_get_permissions_credential_token)( + dds_security_access_control *instance, + DDS_Security_PermissionsCredentialToken *permissions_credential_token, + const DDS_Security_PermissionsHandle handle, + DDS_Security_SecurityException *ex); -typedef DDS_Security_boolean -(*DDS_Security_access_control_check_local_datareader_match) - ( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle reader_permissions_handle, - const DDS_Security_PermissionsHandle writer_permissions_handle, - const DDS_Security_SubscriptionBuiltinTopicDataSecure *subscription_data, - const DDS_Security_PublicationBuiltinTopicDataSecure *publication_data, - DDS_Security_SecurityException *ex); +typedef DDS_Security_boolean (*DDS_Security_access_control_set_listener)( + dds_security_access_control *instance, + const dds_security_access_control_listener *listener, + DDS_Security_SecurityException *ex); -typedef DDS_Security_boolean -(*DDS_Security_access_control_check_remote_datawriter_register_instance) - ( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_Entity *reader, - const DDS_Security_InstanceHandle publication_handle, - const DDS_Security_DynamicData key, - const DDS_Security_InstanceHandle instance_handle, - DDS_Security_SecurityException *ex); +typedef DDS_Security_boolean (*DDS_Security_access_control_return_permissions_token)( + dds_security_access_control *instance, + const DDS_Security_PermissionsToken *token, + DDS_Security_SecurityException *ex); -typedef DDS_Security_boolean -(*DDS_Security_access_control_check_remote_datawriter_dispose_instance) - ( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_Entity *reader, - const DDS_Security_InstanceHandle publication_handle, - const DDS_Security_DynamicData key, - DDS_Security_SecurityException *ex); +typedef DDS_Security_boolean (*DDS_Security_access_control_return_permissions_credential_token)( + dds_security_access_control *instance, + const DDS_Security_PermissionsCredentialToken *permissions_credential_token, + DDS_Security_SecurityException *ex); -typedef DDS_Security_boolean -(*DDS_Security_access_control_get_permissions_token) - ( dds_security_access_control *instance, - DDS_Security_PermissionsToken *permissions_token, - const DDS_Security_PermissionsHandle handle, - DDS_Security_SecurityException *ex); +typedef DDS_Security_boolean (*DDS_Security_access_control_get_participant_sec_attributes)( + dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + DDS_Security_ParticipantSecurityAttributes *attributes, + DDS_Security_SecurityException *ex); -typedef DDS_Security_boolean -(*DDS_Security_access_control_get_permissions_credential_token) - ( dds_security_access_control *instance, - DDS_Security_PermissionsCredentialToken *permissions_credential_token, - const DDS_Security_PermissionsHandle handle, - DDS_Security_SecurityException *ex); +typedef DDS_Security_boolean (*DDS_Security_access_control_get_topic_sec_attributes)( + dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_char *topic_name, + DDS_Security_TopicSecurityAttributes *attributes, + DDS_Security_SecurityException *ex); -typedef DDS_Security_boolean -(*DDS_Security_access_control_set_listener) - ( dds_security_access_control *instance, - const dds_security_access_control_listener *listener, - DDS_Security_SecurityException *ex); +typedef DDS_Security_boolean (*DDS_Security_access_control_get_datawriter_sec_attributes)( + dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_char *topic_name, + const DDS_Security_PartitionQosPolicy *partition, + const DDS_Security_DataTagQosPolicy *data_tag, + DDS_Security_EndpointSecurityAttributes *attributes, + DDS_Security_SecurityException *ex); -typedef DDS_Security_boolean -(*DDS_Security_access_control_return_permissions_token) - ( dds_security_access_control *instance, - const DDS_Security_PermissionsToken *token, - DDS_Security_SecurityException *ex); +typedef DDS_Security_boolean (*DDS_Security_access_control_get_datareader_sec_attributes)( + dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_char *topic_name, + const DDS_Security_PartitionQosPolicy *partition, + const DDS_Security_DataTagQosPolicy *data_tag, + DDS_Security_EndpointSecurityAttributes *attributes, + DDS_Security_SecurityException *ex); -typedef DDS_Security_boolean -(*DDS_Security_access_control_return_permissions_credential_token) - ( dds_security_access_control *instance, - const DDS_Security_PermissionsCredentialToken *permissions_credential_token, - DDS_Security_SecurityException *ex); +typedef DDS_Security_boolean (*DDS_Security_access_control_return_participant_sec_attributes)( + dds_security_access_control *instance, + const DDS_Security_ParticipantSecurityAttributes *attributes, + DDS_Security_SecurityException *ex); -typedef DDS_Security_boolean -(*DDS_Security_access_control_get_participant_sec_attributes) - ( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - DDS_Security_ParticipantSecurityAttributes *attributes, - DDS_Security_SecurityException *ex); +typedef DDS_Security_boolean (*DDS_Security_access_control_return_topic_sec_attributes)( + dds_security_access_control *instance, + const DDS_Security_TopicSecurityAttributes *attributes, + DDS_Security_SecurityException *ex); +typedef DDS_Security_boolean (*DDS_Security_access_control_return_datawriter_sec_attributes)( + dds_security_access_control *instance, + const DDS_Security_EndpointSecurityAttributes *attributes, + DDS_Security_SecurityException *ex); -typedef DDS_Security_boolean -(*DDS_Security_access_control_get_topic_sec_attributes) - ( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_char *topic_name, - DDS_Security_TopicSecurityAttributes *attributes, - DDS_Security_SecurityException *ex); - - -typedef DDS_Security_boolean -(*DDS_Security_access_control_get_datawriter_sec_attributes) - ( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_char *topic_name, - const DDS_Security_PartitionQosPolicy *partition, - const DDS_Security_DataTagQosPolicy *data_tag, - DDS_Security_EndpointSecurityAttributes *attributes, - DDS_Security_SecurityException *ex); - - -typedef DDS_Security_boolean -(*DDS_Security_access_control_get_datareader_sec_attributes) - ( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_char *topic_name, - const DDS_Security_PartitionQosPolicy *partition, - const DDS_Security_DataTagQosPolicy *data_tag, - DDS_Security_EndpointSecurityAttributes *attributes, - DDS_Security_SecurityException *ex); - - -typedef DDS_Security_boolean -(*DDS_Security_access_control_return_participant_sec_attributes) - ( dds_security_access_control *instance, - const DDS_Security_ParticipantSecurityAttributes *attributes, - DDS_Security_SecurityException *ex); - -typedef DDS_Security_boolean -(*DDS_Security_access_control_return_topic_sec_attributes) - ( dds_security_access_control *instance, - const DDS_Security_TopicSecurityAttributes *attributes, - DDS_Security_SecurityException *ex); - -typedef DDS_Security_boolean -(*DDS_Security_access_control_return_datawriter_sec_attributes) - ( dds_security_access_control *instance, - const DDS_Security_EndpointSecurityAttributes *attributes, - DDS_Security_SecurityException *ex); - - -typedef DDS_Security_boolean -(*DDS_Security_access_control_return_datareader_sec_attributes) - ( dds_security_access_control *instance, - const DDS_Security_EndpointSecurityAttributes *attributes, - DDS_Security_SecurityException *ex); - -typedef DDS_Security_boolean -(*DDS_Security_access_control_return_permissions_handle) - ( dds_security_access_control *instance, - DDS_Security_PermissionsHandle permissions_handle, - DDS_Security_SecurityException *ex); +typedef DDS_Security_boolean (*DDS_Security_access_control_return_datareader_sec_attributes)( + dds_security_access_control *instance, + const DDS_Security_EndpointSecurityAttributes *attributes, + DDS_Security_SecurityException *ex); +typedef DDS_Security_boolean (*DDS_Security_access_control_return_permissions_handle)( + dds_security_access_control *instance, + DDS_Security_PermissionsHandle permissions_handle, + DDS_Security_SecurityException *ex); struct dds_security_access_control { + struct ddsi_domaingv *gv; + DDS_Security_access_control_validate_local_permissions validate_local_permissions; - DDS_Security_access_control_validate_remote_permissions validate_remote_permissions; - DDS_Security_access_control_check_create_participant check_create_participant; - DDS_Security_access_control_check_create_datawriter check_create_datawriter; - DDS_Security_access_control_check_create_datareader check_create_datareader; - DDS_Security_access_control_check_create_topic check_create_topic; - DDS_Security_access_control_check_local_datawriter_register_instance check_local_datawriter_register_instance; - DDS_Security_access_control_check_local_datawriter_dispose_instance check_local_datawriter_dispose_instance; - DDS_Security_access_control_check_remote_participant check_remote_participant; - DDS_Security_access_control_check_remote_datawriter check_remote_datawriter; - DDS_Security_access_control_check_remote_datareader check_remote_datareader; - DDS_Security_access_control_check_remote_topic check_remote_topic; - DDS_Security_access_control_check_local_datawriter_match check_local_datawriter_match; - DDS_Security_access_control_check_local_datareader_match check_local_datareader_match; - DDS_Security_access_control_check_remote_datawriter_register_instance check_remote_datawriter_register_instance; - DDS_Security_access_control_check_remote_datawriter_dispose_instance check_remote_datawriter_dispose_instance; - DDS_Security_access_control_get_permissions_token get_permissions_token; - DDS_Security_access_control_get_permissions_credential_token get_permissions_credential_token; - DDS_Security_access_control_set_listener set_listener; - DDS_Security_access_control_return_permissions_token return_permissions_token; - DDS_Security_access_control_return_permissions_credential_token return_permissions_credential_token; - DDS_Security_access_control_get_participant_sec_attributes get_participant_sec_attributes; - DDS_Security_access_control_get_topic_sec_attributes get_topic_sec_attributes; - DDS_Security_access_control_get_datawriter_sec_attributes get_datawriter_sec_attributes; - DDS_Security_access_control_get_datareader_sec_attributes get_datareader_sec_attributes; - DDS_Security_access_control_return_participant_sec_attributes return_participant_sec_attributes; - DDS_Security_access_control_return_topic_sec_attributes return_topic_sec_attributes; - DDS_Security_access_control_return_datawriter_sec_attributes return_datawriter_sec_attributes; - DDS_Security_access_control_return_datareader_sec_attributes return_datareader_sec_attributes; - DDS_Security_access_control_return_permissions_handle return_permissions_handle; - }; - -#if defined (__cplusplus) +#if defined(__cplusplus) } #endif diff --git a/src/security/api/include/dds/security/dds_security_api_authentication.h b/src/security/api/include/dds/security/dds_security_api_authentication.h index 4913985..c0d9298 100644 --- a/src/security/api/include/dds/security/dds_security_api_authentication.h +++ b/src/security/api/include/dds/security/dds_security_api_authentication.h @@ -15,223 +15,170 @@ #include "dds_security_api_types.h" -#if defined (__cplusplus) -extern "C" { +#if defined(__cplusplus) +extern "C" +{ #endif - -/** - * Authentication Component - */ +/* Authentication Component */ struct dds_security_authentication; typedef struct dds_security_authentication dds_security_authentication; struct dds_security_authentication_listener; typedef struct dds_security_authentication_listener dds_security_authentication_listener; +/* AuthenticationListener interface */ +typedef DDS_Security_boolean (*DDS_Security_authentication_listener_on_revoke_identity)( + dds_security_authentication_listener *context, + const dds_security_authentication *plugin, + const DDS_Security_IdentityHandle handle); -/** - * AuthenticationListener interface - */ - -typedef DDS_Security_boolean -(*DDS_Security_authentication_listener_on_revoke_identity) - ( dds_security_authentication_listener *context, - const dds_security_authentication *plugin, - const DDS_Security_IdentityHandle handle - ); - -typedef DDS_Security_boolean -(*DDS_Security_authentication_listener_on_status_changed) - ( dds_security_authentication_listener *context, - const dds_security_authentication *plugin, - const DDS_Security_IdentityHandle handle, - const DDS_Security_AuthStatusKind status_kind - ); - +typedef DDS_Security_boolean (*DDS_Security_authentication_listener_on_status_changed)( + dds_security_authentication_listener *context, + const dds_security_authentication *plugin, + const DDS_Security_IdentityHandle handle, + const DDS_Security_AuthStatusKind status_kind); struct dds_security_authentication_listener { DDS_Security_authentication_listener_on_revoke_identity on_revoke_identity; - DDS_Security_authentication_listener_on_status_changed on_status_changed; }; -typedef DDS_Security_ValidationResult_t -(*DDS_Security_authentication_validate_local_identity) - ( dds_security_authentication *instance, - DDS_Security_IdentityHandle *local_identity_handle, - DDS_Security_GUID_t *adjusted_participant_guid, - const DDS_Security_DomainId domain_id, - const DDS_Security_Qos *participant_qos, - const DDS_Security_GUID_t *candidate_participant_guid, - DDS_Security_SecurityException *ex - ); +typedef DDS_Security_ValidationResult_t (*DDS_Security_authentication_validate_local_identity)( + dds_security_authentication *instance, + DDS_Security_IdentityHandle *local_identity_handle, + DDS_Security_GUID_t *adjusted_participant_guid, + const DDS_Security_DomainId domain_id, + const DDS_Security_Qos *participant_qos, + const DDS_Security_GUID_t *candidate_participant_guid, + DDS_Security_SecurityException *ex); +typedef DDS_Security_boolean (*DDS_Security_authentication_get_identity_token)( + dds_security_authentication *instance, + DDS_Security_IdentityToken *identity_token, + const DDS_Security_IdentityHandle handle, + DDS_Security_SecurityException *ex); -typedef DDS_Security_boolean -(*DDS_Security_authentication_get_identity_token) - ( dds_security_authentication *instance, - DDS_Security_IdentityToken *identity_token, - const DDS_Security_IdentityHandle handle, - DDS_Security_SecurityException *ex); +typedef DDS_Security_boolean (*DDS_Security_authentication_get_identity_status_token)( + dds_security_authentication *instance, + DDS_Security_IdentityStatusToken *identity_status_token, + const DDS_Security_IdentityHandle handle, + DDS_Security_SecurityException *ex); +typedef DDS_Security_boolean (*DDS_Security_authentication_set_permissions_credential_and_token)( + dds_security_authentication *instance, + const DDS_Security_IdentityHandle handle, + const DDS_Security_PermissionsCredentialToken *permissions_credential, + const DDS_Security_PermissionsToken *permissions_token, + DDS_Security_SecurityException *ex); -typedef DDS_Security_boolean -(*DDS_Security_authentication_get_identity_status_token) - ( dds_security_authentication *instance, - DDS_Security_IdentityStatusToken *identity_status_token, - const DDS_Security_IdentityHandle handle, - DDS_Security_SecurityException *ex); +typedef DDS_Security_ValidationResult_t (*DDS_Security_authentication_validate_remote_identity)( + dds_security_authentication *instance, + DDS_Security_IdentityHandle *remote_identity_handle, + DDS_Security_AuthRequestMessageToken *local_auth_request_token, + const DDS_Security_AuthRequestMessageToken *remote_auth_request_token, + const DDS_Security_IdentityHandle local_identity_handle, + const DDS_Security_IdentityToken *remote_identity_token, + const DDS_Security_GUID_t *remote_participant_guid, + DDS_Security_SecurityException *ex); -typedef DDS_Security_boolean -(*DDS_Security_authentication_set_permissions_credential_and_token) - ( dds_security_authentication *instance, - const DDS_Security_IdentityHandle handle, - const DDS_Security_PermissionsCredentialToken *permissions_credential, - const DDS_Security_PermissionsToken *permissions_token, - DDS_Security_SecurityException *ex); +typedef DDS_Security_ValidationResult_t (*DDS_Security_authentication_begin_handshake_request)( + dds_security_authentication *instance, + DDS_Security_HandshakeHandle *handshake_handle, + DDS_Security_HandshakeMessageToken *handshake_message, + const DDS_Security_IdentityHandle initiator_identity_handle, + const DDS_Security_IdentityHandle replier_identity_handle, + const DDS_Security_OctetSeq *serialized_local_participant_data, + DDS_Security_SecurityException *ex); +typedef DDS_Security_ValidationResult_t (*DDS_Security_authentication_begin_handshake_reply)( + dds_security_authentication *instance, + DDS_Security_HandshakeHandle *handshake_handle, + DDS_Security_HandshakeMessageToken *handshake_message_out, + const DDS_Security_HandshakeMessageToken *handshake_message_in, + const DDS_Security_IdentityHandle initiator_identity_handle, + const DDS_Security_IdentityHandle replier_identity_handle, + const DDS_Security_OctetSeq *serialized_local_participant_data, + DDS_Security_SecurityException *ex); -typedef DDS_Security_ValidationResult_t -(*DDS_Security_authentication_validate_remote_identity) - ( dds_security_authentication *instance, - DDS_Security_IdentityHandle *remote_identity_handle, - DDS_Security_AuthRequestMessageToken *local_auth_request_token, - const DDS_Security_AuthRequestMessageToken *remote_auth_request_token, - const DDS_Security_IdentityHandle local_identity_handle, - const DDS_Security_IdentityToken *remote_identity_token, - const DDS_Security_GUID_t *remote_participant_guid, - DDS_Security_SecurityException *ex); +typedef DDS_Security_ValidationResult_t (*DDS_Security_authentication_process_handshake)( + dds_security_authentication *instance, + DDS_Security_HandshakeMessageToken *handshake_message_out, + const DDS_Security_HandshakeMessageToken *handshake_message_in, + const DDS_Security_HandshakeHandle handshake_handle, + DDS_Security_SecurityException *ex); +typedef DDS_Security_SharedSecretHandle (*DDS_Security_authentication_get_shared_secret)( + dds_security_authentication *instance, + const DDS_Security_HandshakeHandle handshake_handle, + DDS_Security_SecurityException *ex); -typedef DDS_Security_ValidationResult_t -(*DDS_Security_authentication_begin_handshake_request) - ( dds_security_authentication *instance, - DDS_Security_HandshakeHandle *handshake_handle, - DDS_Security_HandshakeMessageToken *handshake_message, - const DDS_Security_IdentityHandle initiator_identity_handle, - const DDS_Security_IdentityHandle replier_identity_handle, - const DDS_Security_OctetSeq *serialized_local_participant_data, - DDS_Security_SecurityException *ex); +typedef DDS_Security_boolean (*DDS_Security_authentication_get_authenticated_peer_credential_token)( + dds_security_authentication *instance, + DDS_Security_AuthenticatedPeerCredentialToken *peer_credential_token, + const DDS_Security_HandshakeHandle handshake_handle, + DDS_Security_SecurityException *ex); +typedef DDS_Security_boolean (*DDS_Security_authentication_set_listener)( + dds_security_authentication *instance, + const dds_security_authentication_listener *listener, + DDS_Security_SecurityException *ex); -typedef DDS_Security_ValidationResult_t -(*DDS_Security_authentication_begin_handshake_reply) - ( dds_security_authentication *instance, - DDS_Security_HandshakeHandle *handshake_handle, - DDS_Security_HandshakeMessageToken *handshake_message_out, - const DDS_Security_HandshakeMessageToken *handshake_message_in, - const DDS_Security_IdentityHandle initiator_identity_handle, - const DDS_Security_IdentityHandle replier_identity_handle, - const DDS_Security_OctetSeq *serialized_local_participant_data, - DDS_Security_SecurityException *ex); +typedef DDS_Security_boolean (*DDS_Security_authentication_return_identity_token)( + dds_security_authentication *instance, + const DDS_Security_IdentityToken *token, + DDS_Security_SecurityException *ex); -typedef DDS_Security_ValidationResult_t -(*DDS_Security_authentication_process_handshake) - ( dds_security_authentication *instance, - DDS_Security_HandshakeMessageToken *handshake_message_out, - const DDS_Security_HandshakeMessageToken *handshake_message_in, - const DDS_Security_HandshakeHandle handshake_handle, - DDS_Security_SecurityException *ex); +typedef DDS_Security_boolean (*DDS_Security_authentication_return_identity_status_token)( + dds_security_authentication *instance, + const DDS_Security_IdentityStatusToken *token, + DDS_Security_SecurityException *ex); -typedef DDS_Security_SharedSecretHandle -(*DDS_Security_authentication_get_shared_secret) - ( dds_security_authentication *instance, - const DDS_Security_HandshakeHandle handshake_handle, - DDS_Security_SecurityException *ex); +typedef DDS_Security_boolean (*DDS_Security_authentication_return_authenticated_peer_credential_token)( + dds_security_authentication *instance, + const DDS_Security_AuthenticatedPeerCredentialToken *peer_credential_token, + DDS_Security_SecurityException *ex); -typedef DDS_Security_boolean -(*DDS_Security_authentication_get_authenticated_peer_credential_token) - ( dds_security_authentication *instance, - DDS_Security_AuthenticatedPeerCredentialToken *peer_credential_token, - const DDS_Security_HandshakeHandle handshake_handle, - DDS_Security_SecurityException *ex); +typedef DDS_Security_boolean (*DDS_Security_authentication_return_handshake_handle)( + dds_security_authentication *instance, + const DDS_Security_HandshakeHandle handshake_handle, + DDS_Security_SecurityException *ex); -typedef DDS_Security_boolean -(*DDS_Security_authentication_set_listener) - ( dds_security_authentication *instance, - const dds_security_authentication_listener *listener, - DDS_Security_SecurityException *ex); - -typedef DDS_Security_boolean -(*DDS_Security_authentication_return_identity_token) - ( dds_security_authentication *instance, - const DDS_Security_IdentityToken *token, - DDS_Security_SecurityException *ex); - - -typedef DDS_Security_boolean -(*DDS_Security_authentication_return_identity_status_token) - ( dds_security_authentication *instance, - const DDS_Security_IdentityStatusToken *token, - DDS_Security_SecurityException *ex); - -typedef DDS_Security_boolean -(*DDS_Security_authentication_return_authenticated_peer_credential_token) - ( dds_security_authentication *instance, - const DDS_Security_AuthenticatedPeerCredentialToken *peer_credential_token, - DDS_Security_SecurityException *ex); - -typedef DDS_Security_boolean -(*DDS_Security_authentication_return_handshake_handle) - ( dds_security_authentication *instance, - const DDS_Security_HandshakeHandle handshake_handle, - DDS_Security_SecurityException *ex); - -typedef DDS_Security_boolean -(*DDS_Security_authentication_return_identity_handle) - ( dds_security_authentication *instance, - const DDS_Security_IdentityHandle identity_handle, - DDS_Security_SecurityException *ex); - -typedef DDS_Security_boolean -(*DDS_Security_authentication_return_sharedsecret_handle) - ( dds_security_authentication *instance, - const DDS_Security_SharedSecretHandle sharedsecret_handle, - DDS_Security_SecurityException *ex); +typedef DDS_Security_boolean (*DDS_Security_authentication_return_identity_handle)( + dds_security_authentication *instance, + const DDS_Security_IdentityHandle identity_handle, + DDS_Security_SecurityException *ex); +typedef DDS_Security_boolean (*DDS_Security_authentication_return_sharedsecret_handle)( + dds_security_authentication *instance, + const DDS_Security_SharedSecretHandle sharedsecret_handle, + DDS_Security_SecurityException *ex); struct dds_security_authentication { + struct ddsi_domaingv *gv; DDS_Security_authentication_validate_local_identity validate_local_identity; - DDS_Security_authentication_get_identity_token get_identity_token; - DDS_Security_authentication_get_identity_status_token get_identity_status_token; - DDS_Security_authentication_set_permissions_credential_and_token set_permissions_credential_and_token; - DDS_Security_authentication_validate_remote_identity validate_remote_identity; - DDS_Security_authentication_begin_handshake_request begin_handshake_request; - DDS_Security_authentication_begin_handshake_reply begin_handshake_reply; - DDS_Security_authentication_process_handshake process_handshake; - DDS_Security_authentication_get_shared_secret get_shared_secret; - DDS_Security_authentication_get_authenticated_peer_credential_token get_authenticated_peer_credential_token; - DDS_Security_authentication_set_listener set_listener; - DDS_Security_authentication_return_identity_token return_identity_token; - DDS_Security_authentication_return_identity_status_token return_identity_status_token; - DDS_Security_authentication_return_authenticated_peer_credential_token return_authenticated_peer_credential_token; - DDS_Security_authentication_return_handshake_handle return_handshake_handle; - DDS_Security_authentication_return_identity_handle return_identity_handle; - DDS_Security_authentication_return_sharedsecret_handle return_sharedsecret_handle; }; - -#if defined (__cplusplus) +#if defined(__cplusplus) } #endif diff --git a/src/security/api/include/dds/security/dds_security_api_cryptography.h b/src/security/api/include/dds/security/dds_security_api_cryptography.h index 5203d3d..2f3144e 100644 --- a/src/security/api/include/dds/security/dds_security_api_cryptography.h +++ b/src/security/api/include/dds/security/dds_security_api_cryptography.h @@ -15,14 +15,12 @@ #include "dds_security_api_types.h" -#if defined (__cplusplus) -extern "C" { +#if defined(__cplusplus) +extern "C" +{ #endif -/** - * Crypto Component - */ - +/* Crypto Component */ struct dds_security_crypto_key_factory; typedef struct dds_security_crypto_key_factory dds_security_crypto_key_factory; @@ -32,305 +30,240 @@ typedef struct dds_security_crypto_key_exchange dds_security_crypto_key_exchange struct dds_security_crypto_transform; typedef struct dds_security_crypto_transform dds_security_crypto_transform; -/** - * CryptoKeyFactory interface - */ +/* CryptoKeyFactory interface */ +typedef DDS_Security_ParticipantCryptoHandle (*DDS_Security_crypto_key_factory_register_local_participant)( + dds_security_crypto_key_factory *instance, + const DDS_Security_IdentityHandle participant_identity, + const DDS_Security_PermissionsHandle participant_permissions, + const DDS_Security_PropertySeq *participant_properties, + const DDS_Security_ParticipantSecurityAttributes *participant_security_attributes, + DDS_Security_SecurityException *ex); -typedef DDS_Security_ParticipantCryptoHandle -(*DDS_Security_crypto_key_factory_register_local_participant) - ( dds_security_crypto_key_factory *instance, - const DDS_Security_IdentityHandle participant_identity, - const DDS_Security_PermissionsHandle participant_permissions, - const DDS_Security_PropertySeq *participant_properties, - const DDS_Security_ParticipantSecurityAttributes *participant_security_attributes, - DDS_Security_SecurityException *ex); +typedef DDS_Security_ParticipantCryptoHandle (*DDS_Security_crypto_key_factory_register_matched_remote_participant)( + dds_security_crypto_key_factory *instance, + const DDS_Security_ParticipantCryptoHandle local_participant_crypto_handle, + const DDS_Security_IdentityHandle remote_participant_identity, + const DDS_Security_PermissionsHandle remote_participant_permissions, + const DDS_Security_SharedSecretHandle shared_secret, + DDS_Security_SecurityException *ex); -typedef DDS_Security_ParticipantCryptoHandle -(*DDS_Security_crypto_key_factory_register_matched_remote_participant) - ( dds_security_crypto_key_factory *instance, - const DDS_Security_ParticipantCryptoHandle local_participant_crypto_handle, - const DDS_Security_IdentityHandle remote_participant_identity, - const DDS_Security_PermissionsHandle remote_participant_permissions, - const DDS_Security_SharedSecretHandle shared_secret, - DDS_Security_SecurityException *ex); +typedef DDS_Security_DatawriterCryptoHandle (*DDS_Security_crypto_key_factory_register_local_datawriter)( + dds_security_crypto_key_factory *instance, + const DDS_Security_ParticipantCryptoHandle participant_crypto, + const DDS_Security_PropertySeq *datawriter_properties, + const DDS_Security_EndpointSecurityAttributes *datawriter_security_attributes, + DDS_Security_SecurityException *ex); +typedef DDS_Security_DatareaderCryptoHandle (*DDS_Security_crypto_key_factory_register_matched_remote_datareader)( + dds_security_crypto_key_factory *instance, + const DDS_Security_DatawriterCryptoHandle local_datawriter_crypto_handle, + const DDS_Security_ParticipantCryptoHandle remote_participant_crypto, + const DDS_Security_SharedSecretHandle shared_secret, + const DDS_Security_boolean relay_only, + DDS_Security_SecurityException *ex); -typedef DDS_Security_DatawriterCryptoHandle -(*DDS_Security_crypto_key_factory_register_local_datawriter) - ( dds_security_crypto_key_factory *instance, - const DDS_Security_ParticipantCryptoHandle participant_crypto, - const DDS_Security_PropertySeq *datawriter_properties, - const DDS_Security_EndpointSecurityAttributes *datawriter_security_attributes, - DDS_Security_SecurityException *ex); +typedef DDS_Security_DatareaderCryptoHandle (*DDS_Security_crypto_key_factory_register_local_datareader)( + dds_security_crypto_key_factory *instance, + const DDS_Security_ParticipantCryptoHandle participant_crypto_handle, + const DDS_Security_PropertySeq *datareader_properties, + const DDS_Security_EndpointSecurityAttributes *datareader_security_attributes, + DDS_Security_SecurityException *ex); -typedef DDS_Security_DatareaderCryptoHandle -(*DDS_Security_crypto_key_factory_register_matched_remote_datareader) - ( dds_security_crypto_key_factory *instance, - const DDS_Security_DatawriterCryptoHandle local_datawriter_crypto_handle, - const DDS_Security_ParticipantCryptoHandle remote_participant_crypto, - const DDS_Security_SharedSecretHandle shared_secret, - const DDS_Security_boolean relay_only, - DDS_Security_SecurityException *ex); +typedef DDS_Security_DatawriterCryptoHandle (*DDS_Security_crypto_key_factory_register_matched_remote_datawriter)( + dds_security_crypto_key_factory *instance, + const DDS_Security_DatareaderCryptoHandle local_datareader_crypto_handle, + const DDS_Security_ParticipantCryptoHandle remote_participant_crypt, + const DDS_Security_SharedSecretHandle shared_secret, + DDS_Security_SecurityException *ex); +typedef DDS_Security_boolean (*DDS_Security_crypto_key_factory_unregister_participant)( + dds_security_crypto_key_factory *instance, + const DDS_Security_ParticipantCryptoHandle participant_crypto_handle, + DDS_Security_SecurityException *ex); -typedef DDS_Security_DatareaderCryptoHandle -(*DDS_Security_crypto_key_factory_register_local_datareader) - ( dds_security_crypto_key_factory *instance, - const DDS_Security_ParticipantCryptoHandle participant_crypto_handle, - const DDS_Security_PropertySeq *datareader_properties, - const DDS_Security_EndpointSecurityAttributes *datareader_security_attributes, - DDS_Security_SecurityException *ex); +typedef DDS_Security_boolean (*DDS_Security_crypto_key_factory_unregister_datawriter)( + dds_security_crypto_key_factory *instance, + const DDS_Security_DatawriterCryptoHandle datawriter_crypto_handle, + DDS_Security_SecurityException *ex); -typedef DDS_Security_DatawriterCryptoHandle -(*DDS_Security_crypto_key_factory_register_matched_remote_datawriter) - ( dds_security_crypto_key_factory *instance, - const DDS_Security_DatareaderCryptoHandle local_datareader_crypto_handle, - const DDS_Security_ParticipantCryptoHandle remote_participant_crypt, - const DDS_Security_SharedSecretHandle shared_secret, - DDS_Security_SecurityException *ex); - -typedef DDS_Security_boolean -(*DDS_Security_crypto_key_factory_unregister_participant) - ( dds_security_crypto_key_factory *instance, - const DDS_Security_ParticipantCryptoHandle participant_crypto_handle, - DDS_Security_SecurityException *ex); - -typedef DDS_Security_boolean -(*DDS_Security_crypto_key_factory_unregister_datawriter) - ( dds_security_crypto_key_factory *instance, - const DDS_Security_DatawriterCryptoHandle datawriter_crypto_handle, - DDS_Security_SecurityException *ex); - -typedef DDS_Security_boolean -(*DDS_Security_crypto_key_factory_unregister_datareader) - ( dds_security_crypto_key_factory *instance, - const DDS_Security_DatareaderCryptoHandle datareader_crypto_handle, - DDS_Security_SecurityException *ex); +typedef DDS_Security_boolean (*DDS_Security_crypto_key_factory_unregister_datareader)( + dds_security_crypto_key_factory *instance, + const DDS_Security_DatareaderCryptoHandle datareader_crypto_handle, + DDS_Security_SecurityException *ex); struct dds_security_crypto_key_factory { - DDS_Security_crypto_key_factory_register_local_participant register_local_participant; - DDS_Security_crypto_key_factory_register_matched_remote_participant register_matched_remote_participant; - DDS_Security_crypto_key_factory_register_local_datawriter register_local_datawriter; - DDS_Security_crypto_key_factory_register_matched_remote_datareader register_matched_remote_datareader; - DDS_Security_crypto_key_factory_register_local_datareader register_local_datareader; - DDS_Security_crypto_key_factory_register_matched_remote_datawriter register_matched_remote_datawriter; - DDS_Security_crypto_key_factory_unregister_participant unregister_participant; - DDS_Security_crypto_key_factory_unregister_datawriter unregister_datawriter; - DDS_Security_crypto_key_factory_unregister_datareader unregister_datareader; -} ; +}; +/* CryptoKeyExchange Interface */ +typedef DDS_Security_boolean (*DDS_Security_crypto_key_exchange_create_local_participant_crypto_tokens)( + dds_security_crypto_key_exchange *instance, + DDS_Security_ParticipantCryptoTokenSeq *local_participant_crypto_tokens, + const DDS_Security_ParticipantCryptoHandle local_participant_crypto, + const DDS_Security_ParticipantCryptoHandle remote_participant_crypto, + DDS_Security_SecurityException *ex); -/** - * CryptoKeyExchange Interface - */ -typedef DDS_Security_boolean -(*DDS_Security_crypto_key_exchange_create_local_participant_crypto_tokens) - ( dds_security_crypto_key_exchange *instance, - DDS_Security_ParticipantCryptoTokenSeq *local_participant_crypto_tokens, - const DDS_Security_ParticipantCryptoHandle local_participant_crypto, - const DDS_Security_ParticipantCryptoHandle remote_participant_crypto, - DDS_Security_SecurityException *ex); +typedef DDS_Security_boolean (*DDS_Security_crypto_key_exchange_set_remote_participant_crypto_tokens)( + dds_security_crypto_key_exchange *instance, + const DDS_Security_ParticipantCryptoHandle local_participant_crypto, + const DDS_Security_ParticipantCryptoHandle remote_participant_crypto, + const DDS_Security_ParticipantCryptoTokenSeq *remote_participant_tokens, + DDS_Security_SecurityException *ex); -typedef DDS_Security_boolean -(*DDS_Security_crypto_key_exchange_set_remote_participant_crypto_tokens) - ( dds_security_crypto_key_exchange *instance, - const DDS_Security_ParticipantCryptoHandle local_participant_crypto, - const DDS_Security_ParticipantCryptoHandle remote_participant_crypto, - const DDS_Security_ParticipantCryptoTokenSeq *remote_participant_tokens, - DDS_Security_SecurityException *ex); +typedef DDS_Security_boolean (*DDS_Security_crypto_key_exchange_create_local_datawriter_crypto_tokens)( + dds_security_crypto_key_exchange *instance, + DDS_Security_DatawriterCryptoTokenSeq *local_datawriter_crypto_tokens, + const DDS_Security_DatawriterCryptoHandle local_datawriter_crypto, + const DDS_Security_DatareaderCryptoHandle remote_datareader_crypto, + DDS_Security_SecurityException *ex); -typedef DDS_Security_boolean -(*DDS_Security_crypto_key_exchange_create_local_datawriter_crypto_tokens) - ( dds_security_crypto_key_exchange *instance, - DDS_Security_DatawriterCryptoTokenSeq *local_datawriter_crypto_tokens, - const DDS_Security_DatawriterCryptoHandle local_datawriter_crypto, - const DDS_Security_DatareaderCryptoHandle remote_datareader_crypto, - DDS_Security_SecurityException *ex); +typedef DDS_Security_boolean (*DDS_Security_crypto_key_exchange_set_remote_datawriter_crypto_tokens)( + dds_security_crypto_key_exchange *instance, + const DDS_Security_DatareaderCryptoHandle local_datareader_crypto, + const DDS_Security_DatawriterCryptoHandle remote_datawriter_crypto, + const DDS_Security_DatawriterCryptoTokenSeq *remote_datawriter_tokens, + DDS_Security_SecurityException *ex); -typedef DDS_Security_boolean -(*DDS_Security_crypto_key_exchange_set_remote_datawriter_crypto_tokens) - ( dds_security_crypto_key_exchange *instance, - const DDS_Security_DatareaderCryptoHandle local_datareader_crypto, - const DDS_Security_DatawriterCryptoHandle remote_datawriter_crypto, - const DDS_Security_DatawriterCryptoTokenSeq *remote_datawriter_tokens, - DDS_Security_SecurityException *ex); +typedef DDS_Security_boolean (*DDS_Security_crypto_key_exchange_create_local_datareader_crypto_tokens)( + dds_security_crypto_key_exchange *instance, + DDS_Security_DatareaderCryptoTokenSeq *local_datareader_cryto_tokens, + const DDS_Security_DatareaderCryptoHandle local_datareader_crypto, + const DDS_Security_DatawriterCryptoHandle remote_datawriter_crypto, + DDS_Security_SecurityException *ex); -typedef DDS_Security_boolean -(*DDS_Security_crypto_key_exchange_create_local_datareader_crypto_tokens) - ( dds_security_crypto_key_exchange *instance, - DDS_Security_DatareaderCryptoTokenSeq *local_datareader_cryto_tokens, - const DDS_Security_DatareaderCryptoHandle local_datareader_crypto, - const DDS_Security_DatawriterCryptoHandle remote_datawriter_crypto, - DDS_Security_SecurityException *ex); +typedef DDS_Security_boolean (*DDS_Security_crypto_key_exchange_set_remote_datareader_crypto_tokens)( + dds_security_crypto_key_exchange *instance, + const DDS_Security_DatawriterCryptoHandle local_datawriter_crypto, + const DDS_Security_DatareaderCryptoHandle remote_datareader_crypto, + const DDS_Security_DatareaderCryptoTokenSeq *remote_datareader_tokens, + DDS_Security_SecurityException *ex); -typedef DDS_Security_boolean -(*DDS_Security_crypto_key_exchange_set_remote_datareader_crypto_tokens) - ( dds_security_crypto_key_exchange *instance, - const DDS_Security_DatawriterCryptoHandle local_datawriter_crypto, - const DDS_Security_DatareaderCryptoHandle remote_datareader_crypto, - const DDS_Security_DatareaderCryptoTokenSeq *remote_datareader_tokens, - DDS_Security_SecurityException *ex); - -typedef DDS_Security_boolean -(*DDS_Security_crypto_key_exchange_return_crypto_tokens) - ( dds_security_crypto_key_exchange *instance, - DDS_Security_CryptoTokenSeq *crypto_tokens, - DDS_Security_SecurityException *ex); +typedef DDS_Security_boolean (*DDS_Security_crypto_key_exchange_return_crypto_tokens)( + dds_security_crypto_key_exchange *instance, + DDS_Security_CryptoTokenSeq *crypto_tokens, + DDS_Security_SecurityException *ex); struct dds_security_crypto_key_exchange { DDS_Security_crypto_key_exchange_create_local_participant_crypto_tokens create_local_participant_crypto_tokens; - DDS_Security_crypto_key_exchange_set_remote_participant_crypto_tokens set_remote_participant_crypto_tokens; - DDS_Security_crypto_key_exchange_create_local_datawriter_crypto_tokens create_local_datawriter_crypto_tokens; - DDS_Security_crypto_key_exchange_set_remote_datawriter_crypto_tokens set_remote_datawriter_crypto_tokens; - DDS_Security_crypto_key_exchange_create_local_datareader_crypto_tokens create_local_datareader_crypto_tokens; - DDS_Security_crypto_key_exchange_set_remote_datareader_crypto_tokens set_remote_datareader_crypto_tokens; - DDS_Security_crypto_key_exchange_return_crypto_tokens return_crypto_tokens; -} ; +}; +/* CryptoTransform Interface */ +typedef DDS_Security_boolean (*DDS_Security_crypto_transform_encode_serialized_payload)( + dds_security_crypto_transform *instance, + DDS_Security_OctetSeq *encoded_buffer, + DDS_Security_OctetSeq *extra_inline_qos, + const DDS_Security_OctetSeq *plain_buffer, + const DDS_Security_DatawriterCryptoHandle sending_datawriter_crypto, + DDS_Security_SecurityException *ex); -/** - * CryptoTransform Interface - */ +typedef DDS_Security_boolean (*DDS_Security_crypto_transform_encode_datawriter_submessage)( + dds_security_crypto_transform *instance, + DDS_Security_OctetSeq *encoded_rtps_submessage, + const DDS_Security_OctetSeq *plain_rtps_submessage, + const DDS_Security_DatawriterCryptoHandle sending_datawriter_crypto, + const DDS_Security_DatareaderCryptoHandleSeq *receiving_datareader_crypto_list, + DDS_Security_long *receiving_datareader_crypto_list_index, + DDS_Security_SecurityException *ex); -typedef DDS_Security_boolean -(*DDS_Security_crypto_transform_encode_serialized_payload) - ( dds_security_crypto_transform *instance, - DDS_Security_OctetSeq *encoded_buffer, - DDS_Security_OctetSeq *extra_inline_qos, - const DDS_Security_OctetSeq *plain_buffer, - const DDS_Security_DatawriterCryptoHandle sending_datawriter_crypto, - DDS_Security_SecurityException *ex); +typedef DDS_Security_boolean (*DDS_Security_crypto_transform_encode_datareader_submessage)( + dds_security_crypto_transform *instance, + DDS_Security_OctetSeq *encoded_rtps_submessage, + const DDS_Security_OctetSeq *plain_rtps_submessage, + const DDS_Security_DatareaderCryptoHandle sending_datareader_crypto, + const DDS_Security_DatawriterCryptoHandleSeq *receiving_datawriter_crypto_list, + DDS_Security_SecurityException *ex); -typedef DDS_Security_boolean -(*DDS_Security_crypto_transform_encode_datawriter_submessage) - ( dds_security_crypto_transform *instance, - DDS_Security_OctetSeq *encoded_rtps_submessage, - const DDS_Security_OctetSeq *plain_rtps_submessage, - const DDS_Security_DatawriterCryptoHandle sending_datawriter_crypto, - const DDS_Security_DatareaderCryptoHandleSeq *receiving_datareader_crypto_list, - DDS_Security_long *receiving_datareader_crypto_list_index, - DDS_Security_SecurityException *ex); +typedef DDS_Security_boolean (*DDS_Security_crypto_transform_encode_rtps_message)( + dds_security_crypto_transform *instance, + DDS_Security_OctetSeq *encoded_rtps_message, + const DDS_Security_OctetSeq *plain_rtps_message, + const DDS_Security_ParticipantCryptoHandle sending_participant_crypto, + const DDS_Security_ParticipantCryptoHandleSeq *receiving_participant_crypto_list, + DDS_Security_long *receiving_participant_crypto_list_index, + DDS_Security_SecurityException *ex); -typedef DDS_Security_boolean -(*DDS_Security_crypto_transform_encode_datareader_submessage) - ( dds_security_crypto_transform *instance, - DDS_Security_OctetSeq *encoded_rtps_submessage, - const DDS_Security_OctetSeq *plain_rtps_submessage, - const DDS_Security_DatareaderCryptoHandle sending_datareader_crypto, - const DDS_Security_DatawriterCryptoHandleSeq *receiving_datawriter_crypto_list, - DDS_Security_SecurityException *ex); +typedef DDS_Security_boolean (*DDS_Security_crypto_transform_decode_rtps_message)( + dds_security_crypto_transform *instance, + DDS_Security_OctetSeq *plain_buffer, + const DDS_Security_OctetSeq *encoded_buffer, + const DDS_Security_ParticipantCryptoHandle receiving_participant_crypto, + const DDS_Security_ParticipantCryptoHandle sending_participant_crypto, + DDS_Security_SecurityException *ex); +typedef DDS_Security_boolean (*DDS_Security_crypto_transform_preprocess_secure_submsg)( + dds_security_crypto_transform *instance, + DDS_Security_DatawriterCryptoHandle *datawriter_crypto, + DDS_Security_DatareaderCryptoHandle *datareader_crypto, + DDS_Security_SecureSubmessageCategory_t *secure_submessage_category, + const DDS_Security_OctetSeq *encoded_rtps_submessage, + const DDS_Security_ParticipantCryptoHandle receiving_participant_crypto, + const DDS_Security_ParticipantCryptoHandle sending_participant_crypto, + DDS_Security_SecurityException *ex); -typedef DDS_Security_boolean -(*DDS_Security_crypto_transform_encode_rtps_message) - ( dds_security_crypto_transform *instance, - DDS_Security_OctetSeq *encoded_rtps_message, - const DDS_Security_OctetSeq *plain_rtps_message, - const DDS_Security_ParticipantCryptoHandle sending_participant_crypto, - const DDS_Security_ParticipantCryptoHandleSeq *receiving_participant_crypto_list, - DDS_Security_long *receiving_participant_crypto_list_index, - DDS_Security_SecurityException *ex); +typedef DDS_Security_boolean (*DDS_Security_crypto_transform_decode_datawriter_submessage)( + dds_security_crypto_transform *instance, + DDS_Security_OctetSeq *plain_rtps_submessage, + const DDS_Security_OctetSeq *encoded_rtps_submessage, + const DDS_Security_DatareaderCryptoHandle receiving_datareader_crypto, + const DDS_Security_DatawriterCryptoHandle sending_datawriter_crypto, + DDS_Security_SecurityException *ex); -typedef DDS_Security_boolean -(*DDS_Security_crypto_transform_decode_rtps_message) - ( dds_security_crypto_transform *instance, - DDS_Security_OctetSeq *plain_buffer, - const DDS_Security_OctetSeq *encoded_buffer, - const DDS_Security_ParticipantCryptoHandle receiving_participant_crypto, - const DDS_Security_ParticipantCryptoHandle sending_participant_crypto, - DDS_Security_SecurityException *ex); - -typedef DDS_Security_boolean -(*DDS_Security_crypto_transform_preprocess_secure_submsg) - ( dds_security_crypto_transform *instance, - DDS_Security_DatawriterCryptoHandle *datawriter_crypto, - DDS_Security_DatareaderCryptoHandle *datareader_crypto, - DDS_Security_SecureSubmessageCategory_t *secure_submessage_category, - const DDS_Security_OctetSeq *encoded_rtps_submessage, - const DDS_Security_ParticipantCryptoHandle receiving_participant_crypto, - const DDS_Security_ParticipantCryptoHandle sending_participant_crypto, - DDS_Security_SecurityException *ex); - -typedef DDS_Security_boolean -(*DDS_Security_crypto_transform_decode_datawriter_submessage) - ( dds_security_crypto_transform *instance, - DDS_Security_OctetSeq *plain_rtps_submessage, - const DDS_Security_OctetSeq *encoded_rtps_submessage, - const DDS_Security_DatareaderCryptoHandle receiving_datareader_crypto, - const DDS_Security_DatawriterCryptoHandle sending_datawriter_crypto, - DDS_Security_SecurityException *ex); - -typedef DDS_Security_boolean -(*DDS_Security_crypto_transform_decode_datareader_submessage) - ( dds_security_crypto_transform *instance, - DDS_Security_OctetSeq *plain_rtps_message, - const DDS_Security_OctetSeq *encoded_rtps_message, - const DDS_Security_DatawriterCryptoHandle receiving_datawriter_crypto, - const DDS_Security_DatareaderCryptoHandle sending_datareader_crypto, - DDS_Security_SecurityException *ex); - - -typedef DDS_Security_boolean -(*DDS_Security_crypto_transform_decode_serialized_payload) - ( dds_security_crypto_transform *instance, - DDS_Security_OctetSeq *plain_buffer, - const DDS_Security_OctetSeq *encoded_buffer, - const DDS_Security_OctetSeq *inline_qos, - const DDS_Security_DatareaderCryptoHandle receiving_datareader_crypto, - const DDS_Security_DatawriterCryptoHandle sending_datawriter_crypto, - DDS_Security_SecurityException *ex); +typedef DDS_Security_boolean (*DDS_Security_crypto_transform_decode_datareader_submessage)( + dds_security_crypto_transform *instance, + DDS_Security_OctetSeq *plain_rtps_message, + const DDS_Security_OctetSeq *encoded_rtps_message, + const DDS_Security_DatawriterCryptoHandle receiving_datawriter_crypto, + const DDS_Security_DatareaderCryptoHandle sending_datareader_crypto, + DDS_Security_SecurityException *ex); +typedef DDS_Security_boolean (*DDS_Security_crypto_transform_decode_serialized_payload)( + dds_security_crypto_transform *instance, + DDS_Security_OctetSeq *plain_buffer, + const DDS_Security_OctetSeq *encoded_buffer, + const DDS_Security_OctetSeq *inline_qos, + const DDS_Security_DatareaderCryptoHandle receiving_datareader_crypto, + const DDS_Security_DatawriterCryptoHandle sending_datawriter_crypto, + DDS_Security_SecurityException *ex); struct dds_security_crypto_transform { DDS_Security_crypto_transform_encode_serialized_payload encode_serialized_payload; - DDS_Security_crypto_transform_encode_datawriter_submessage encode_datawriter_submessage; - DDS_Security_crypto_transform_encode_datareader_submessage encode_datareader_submessage; - DDS_Security_crypto_transform_encode_rtps_message encode_rtps_message; - DDS_Security_crypto_transform_decode_rtps_message decode_rtps_message; - DDS_Security_crypto_transform_preprocess_secure_submsg preprocess_secure_submsg; - DDS_Security_crypto_transform_decode_datawriter_submessage decode_datawriter_submessage; - DDS_Security_crypto_transform_decode_datareader_submessage decode_datareader_submessage; - DDS_Security_crypto_transform_decode_serialized_payload decode_serialized_payload; -} ; - - - +}; typedef struct dds_security_cryptography { - dds_security_crypto_transform *crypto_transform; - dds_security_crypto_key_factory *crypto_key_factory; - dds_security_crypto_key_exchange *crypto_key_exchange; + struct ddsi_domaingv *gv; + + dds_security_crypto_transform *crypto_transform; + dds_security_crypto_key_factory *crypto_key_factory; + dds_security_crypto_key_exchange *crypto_key_exchange; } dds_security_cryptography; - -#if defined (__cplusplus) +#if defined(__cplusplus) } #endif diff --git a/src/security/builtin_plugins/access_control/src/access_control.c b/src/security/builtin_plugins/access_control/src/access_control.c index 1728a9b..df27ea7 100644 --- a/src/security/builtin_plugins/access_control/src/access_control.c +++ b/src/security/builtin_plugins/access_control/src/access_control.c @@ -20,13 +20,14 @@ #include "dds/ddsrt/string.h" #include "dds/ddsrt/sync.h" #include "dds/ddsrt/types.h" +#include "dds/ddsi/ddsi_domaingv.h" #include "dds/security/dds_security_api.h" #include "dds/security/core/dds_security_utils.h" +#include "dds/security/core/dds_security_timed_cb.h" #include "access_control.h" #include "access_control_utils.h" #include "access_control_objects.h" #include "access_control_parser.h" -#include "dds/security/core/dds_security_timed_cb.h" #if OPENSSL_VERSION_NUMBER >= 0x10000000L && OPENSSL_VERSION_NUMBER < 0x10100000L #define REMOVE_THREAD_STATE() ERR_remove_thread_state(NULL); @@ -82,7 +83,6 @@ typedef struct dds_security_access_control_impl struct dds_security_timed_cb_data *timed_callbacks; struct dds_security_timed_dispatcher_t *dispatcher; - } dds_security_access_control_impl; static bool get_sec_attributes(dds_security_access_control_impl *ac, const DDS_Security_PermissionsHandle permissions_handle, const char *topic_name, @@ -162,12 +162,9 @@ validate_local_permissions( } #endif - permissions_handle = ACCESS_CONTROL_OBJECT_HANDLE(rights); - - if (permissions_handle != DDS_SECURITY_HANDLE_NIL) + if ((permissions_handle = ACCESS_CONTROL_OBJECT_HANDLE(rights)) != DDS_SECURITY_HANDLE_NIL) { assert (rights->permissions_expiry != DDS_TIME_INVALID); - if (rights->permissions_expiry != 0) add_validity_end_trigger(ac, permissions_handle, rights->permissions_expiry); } @@ -228,10 +225,12 @@ validate_remote_permissions( remote_rights = check_and_create_remote_participant_rights(remote_identity_handle, local_rights, remote_permissions_token, remote_credential_token, ex); #endif - permissions_handle = ACCESS_CONTROL_OBJECT_HANDLE(remote_rights); - - if (permissions_handle != DDS_SECURITY_HANDLE_NIL) - add_validity_end_trigger(ac, permissions_handle, remote_rights->permissions_expiry); + if ((permissions_handle = ACCESS_CONTROL_OBJECT_HANDLE(remote_rights)) != DDS_SECURITY_HANDLE_NIL) + { + assert (remote_rights->permissions_expiry != DDS_TIME_INVALID); + if (remote_rights->permissions_expiry != 0) + add_validity_end_trigger(ac, permissions_handle, remote_rights->permissions_expiry); + } if (remote_rights) access_control_table_insert(ac->remote_permissions, (AccessControlObject *)remote_rights); @@ -1475,14 +1474,13 @@ return_permissions_handle( return true; } -int init_access_control(const char *argument, void **context) +int init_access_control(const char *argument, void **context, struct ddsi_domaingv *gv) { DDSRT_UNUSED_ARG(argument); dds_security_access_control_impl *access_control = ddsrt_malloc(sizeof(*access_control)); memset(access_control, 0, sizeof(*access_control)); - - + access_control->base.gv = gv; access_control->timed_callbacks = dds_security_timed_cb_new(); access_control->dispatcher = dds_security_timed_dispatcher_new(access_control->timed_callbacks); access_control->base.validate_local_permissions = &validate_local_permissions; @@ -1881,7 +1879,6 @@ validity_callback(struct dds_security_timed_dispatcher_t *d, void *arg) { validity_cb_info *info = arg; - DDSRT_UNUSED_ARG(d); assert(d); assert(arg); @@ -1892,7 +1889,7 @@ validity_callback(struct dds_security_timed_dispatcher_t *d, { dds_security_access_control_listener *ac_listener = (dds_security_access_control_listener *)listener; if (ac_listener->on_revoke_permissions) - ac_listener->on_revoke_permissions(ac_listener, (dds_security_access_control *)info->ac, info->hdl); + ac_listener->on_revoke_permissions((dds_security_access_control *)info->ac, info->hdl); } } ddsrt_free(arg); diff --git a/src/security/builtin_plugins/access_control/src/access_control.h b/src/security/builtin_plugins/access_control/src/access_control.h index b98d2d7..e89ca00 100644 --- a/src/security/builtin_plugins/access_control/src/access_control.h +++ b/src/security/builtin_plugins/access_control/src/access_control.h @@ -12,10 +12,11 @@ #ifndef ACCESS_CONTROL_H #define ACCESS_CONTROL_H +#include "dds/ddsi/ddsi_domaingv.h" #include "dds/security/dds_security_api.h" #include "dds/security/export.h" -SECURITY_EXPORT int init_access_control(const char *argument, void **context); +SECURITY_EXPORT int init_access_control(const char *argument, void **context, struct ddsi_domaingv *gv); SECURITY_EXPORT int finalize_access_control(void *context); #endif /* ACCESS_CONTROL_H */ diff --git a/src/security/builtin_plugins/authentication/CMakeLists.txt b/src/security/builtin_plugins/authentication/CMakeLists.txt index d6cb40c..c6716e7 100644 --- a/src/security/builtin_plugins/authentication/CMakeLists.txt +++ b/src/security/builtin_plugins/authentication/CMakeLists.txt @@ -43,6 +43,7 @@ target_include_directories(dds_security_auth "$>" "$>" "$" + "$" ) install( diff --git a/src/security/builtin_plugins/authentication/src/authentication.c b/src/security/builtin_plugins/authentication/src/authentication.c index 127357a..937aa7e 100644 --- a/src/security/builtin_plugins/authentication/src/authentication.c +++ b/src/security/builtin_plugins/authentication/src/authentication.c @@ -41,6 +41,7 @@ #include "dds/ddsrt/string.h" #include "dds/ddsrt/sync.h" #include "dds/ddsrt/hopscotch.h" +#include "dds/ddsi/ddsi_domaingv.h" #include "dds/security/dds_security_api.h" #include "dds/security/core/dds_security_timed_cb.h" #include "dds/security/core/dds_security_utils.h" @@ -2229,14 +2230,14 @@ DDS_Security_boolean return_sharedsecret_handle(dds_security_authentication *ins return true; } -int32_t init_authentication(const char *argument, void **context) +int32_t init_authentication(const char *argument, void **context, struct ddsi_domaingv *gv) { DDSRT_UNUSED_ARG(argument); dds_security_authentication_impl *authentication; authentication = (dds_security_authentication_impl *)ddsrt_malloc(sizeof(dds_security_authentication_impl)); memset(authentication, 0, sizeof(dds_security_authentication_impl)); - + authentication->base.gv = gv; authentication->timed_callbacks = dds_security_timed_cb_new(); authentication->dispatcher = dds_security_timed_dispatcher_new(authentication->timed_callbacks); diff --git a/src/security/builtin_plugins/authentication/src/authentication.h b/src/security/builtin_plugins/authentication/src/authentication.h index 4e56a12..900d1eb 100644 --- a/src/security/builtin_plugins/authentication/src/authentication.h +++ b/src/security/builtin_plugins/authentication/src/authentication.h @@ -17,7 +17,7 @@ #include "dds/security/dds_security_api.h" #include "dds/security/export.h" -SECURITY_EXPORT int32_t init_authentication(const char *argument, void **context); +SECURITY_EXPORT int32_t init_authentication(const char *argument, void **context, struct ddsi_domaingv *gv); SECURITY_EXPORT int32_t finalize_authentication(void *context); DDS_Security_ValidationResult_t validate_local_identity(dds_security_authentication *instance, DDS_Security_IdentityHandle *local_identity_handle, DDS_Security_GUID_t *adjusted_participant_guid, diff --git a/src/security/builtin_plugins/cryptographic/CMakeLists.txt b/src/security/builtin_plugins/cryptographic/CMakeLists.txt index e7d97f5..180e7f3 100644 --- a/src/security/builtin_plugins/cryptographic/CMakeLists.txt +++ b/src/security/builtin_plugins/cryptographic/CMakeLists.txt @@ -42,6 +42,7 @@ target_include_directories(dds_security_crypto "$>" "$>" "$" + "$" ) install( diff --git a/src/security/builtin_plugins/cryptographic/src/cryptography.c b/src/security/builtin_plugins/cryptographic/src/cryptography.c index a8aee67..6e4f780 100644 --- a/src/security/builtin_plugins/cryptographic/src/cryptography.c +++ b/src/security/builtin_plugins/cryptographic/src/cryptography.c @@ -11,6 +11,7 @@ */ #include "dds/ddsrt/heap.h" #include "dds/ddsrt/types.h" +#include "dds/ddsi/ddsi_domaingv.h" #include "dds/security/dds_security_api.h" #include "cryptography.h" #include "crypto_key_exchange.h" @@ -24,6 +25,7 @@ typedef struct dds_security_cryptography_impl { dds_security_cryptography base; + struct ddsi_domaingv *gv; } dds_security_cryptography_impl; dds_security_crypto_key_factory *cryptography_get_crypto_key_factory (const struct dds_security_cryptography *crypto) @@ -45,7 +47,7 @@ dds_security_crypto_transform *cryptography_get_crypto_transform (const struct d } -int init_crypto (const char *argument, void **context) +int init_crypto (const char *argument, void **context, struct ddsi_domaingv *gv) { dds_security_cryptography_impl *cryptography; dds_security_crypto_key_exchange *crypto_key_exchange; @@ -56,6 +58,7 @@ int init_crypto (const char *argument, void **context) /* allocate new instance */ cryptography = ddsrt_malloc (sizeof(*cryptography)); + cryptography->base.gv = gv; /* assign the sub components */ crypto_key_exchange = dds_security_crypto_key_exchange__alloc ((dds_security_cryptography *)cryptography); diff --git a/src/security/builtin_plugins/cryptographic/src/cryptography.h b/src/security/builtin_plugins/cryptographic/src/cryptography.h index eb114d4..a74b771 100644 --- a/src/security/builtin_plugins/cryptographic/src/cryptography.h +++ b/src/security/builtin_plugins/cryptographic/src/cryptography.h @@ -12,22 +12,15 @@ #ifndef CRYPTOGRAPHY_H #define CRYPTOGRAPHY_H +#include "dds/ddsi/ddsi_domaingv.h" #include "dds/security/dds_security_api.h" #include "dds/security/export.h" -SECURITY_EXPORT int init_crypto(const char *argument, void **context); +SECURITY_EXPORT int init_crypto(const char *argument, void **context, struct ddsi_domaingv *gv); SECURITY_EXPORT int finalize_crypto(void *instance); -dds_security_crypto_key_factory * -cryptography_get_crypto_key_factory( - const dds_security_cryptography *crypto); - -dds_security_crypto_key_exchange * -cryptography_get_crypto_key_exchange( - const dds_security_cryptography *crypto); - -dds_security_crypto_transform * -cryptography_get_crypto_transform( - const dds_security_cryptography *crypto); +dds_security_crypto_key_factory *cryptography_get_crypto_key_factory(const dds_security_cryptography *crypto); +dds_security_crypto_key_exchange * cryptography_get_crypto_key_exchange(const dds_security_cryptography *crypto); +dds_security_crypto_transform *cryptography_get_crypto_transform(const dds_security_cryptography *crypto); #endif /* CRYPTOGRAPHY_H */ diff --git a/src/security/builtin_plugins/tests/common/src/loader.c b/src/security/builtin_plugins/tests/common/src/loader.c index c6584f2..023e2c5 100644 --- a/src/security/builtin_plugins/tests/common/src/loader.c +++ b/src/security/builtin_plugins/tests/common/src/loader.c @@ -64,7 +64,7 @@ load_plugin( } char * init_parameters = ""; - (void)info->func_init(init_parameters, &plugin); + (void)info->func_init(init_parameters, &plugin, NULL); if (plugin) { info->context = plugin; } else { diff --git a/src/security/builtin_plugins/tests/listeners_access_control/src/listeners_access_control_utests.c b/src/security/builtin_plugins/tests/listeners_access_control/src/listeners_access_control_utests.c index f215738..bd7eab6 100644 --- a/src/security/builtin_plugins/tests/listeners_access_control/src/listeners_access_control_utests.c +++ b/src/security/builtin_plugins/tests/listeners_access_control/src/listeners_access_control_utests.c @@ -568,9 +568,8 @@ CU_Clean(ddssec_builtin_listeners_access_control) return 0; } -static DDS_Security_boolean on_revoke_permissions_cb(dds_security_access_control_listener *instance, const dds_security_access_control *plugin, const DDS_Security_PermissionsHandle handle) +static DDS_Security_boolean on_revoke_permissions_cb(const dds_security_access_control *plugin, const DDS_Security_PermissionsHandle handle) { - DDSRT_UNUSED_ARG(instance); DDSRT_UNUSED_ARG(plugin); if (permission_handle_for_callback1 == DDS_SECURITY_HANDLE_NIL) permission_handle_for_callback1 = handle; diff --git a/src/security/core/include/dds/security/core/dds_security_plugins.h b/src/security/core/include/dds/security/core/dds_security_plugins.h index 3a28e43..ffc48f5 100644 --- a/src/security/core/include/dds/security/core/dds_security_plugins.h +++ b/src/security/core/include/dds/security/core/dds_security_plugins.h @@ -14,10 +14,11 @@ #ifndef SECURITY_CORE_PLUGINS_H_ #define SECURITY_CORE_PLUGINS_H_ +#include #include "dds/export.h" #include "dds/ddsrt/retcode.h" #include "dds/ddsrt/dynlib.h" -#include +#include "dds/ddsi/ddsi_domaingv.h" #include "dds/security/dds_security_api.h" struct ddsrt_log_cfg; @@ -47,24 +48,14 @@ typedef struct dds_security_plugin_suite_config{ dds_security_plugin_config access_control; } dds_security_plugin_suite_config; -DDS_EXPORT dds_return_t dds_security_plugin_release( - const dds_security_plugin *security_plugin, - void *context ); - -DDS_EXPORT dds_return_t dds_security_check_plugin_configuration( - const dds_security_plugin_suite_config *security_suite_config, - const struct ddsrt_log_cfg *logcfg); - -DDS_EXPORT dds_return_t dds_security_load_security_library( - const dds_security_plugin_config *plugin_config, - dds_security_plugin *security_plugin, void **security_plugin_context, - const struct ddsrt_log_cfg *logcfg); - +DDS_EXPORT dds_return_t dds_security_plugin_release(const dds_security_plugin *security_plugin, void *context); +DDS_EXPORT dds_return_t dds_security_check_plugin_configuration(const dds_security_plugin_suite_config *security_suite_config, struct ddsi_domaingv *gv); +DDS_EXPORT dds_return_t dds_security_load_security_library(const dds_security_plugin_config *plugin_config, dds_security_plugin *security_plugin, + void **security_plugin_context, struct ddsi_domaingv *gv); DDS_EXPORT dds_return_t dds_security_verify_plugin_functions( - dds_security_authentication *authentication_context, dds_security_plugin *auth_plugin, - dds_security_cryptography *crypto_context, dds_security_plugin *crypto_plugin, - dds_security_access_control *access_control_context, dds_security_plugin *ac_plugin, - const struct ddsrt_log_cfg *logcfg); + dds_security_authentication *authentication_context, dds_security_plugin *auth_plugin, + dds_security_cryptography *crypto_context, dds_security_plugin *crypto_plugin, + dds_security_access_control *access_control_context, dds_security_plugin *ac_plugin, + struct ddsi_domaingv *gv); #endif /* SECURITY_CORE_PLUGINS_H_ */ - diff --git a/src/security/core/src/dds_security_plugins.c b/src/security/core/src/dds_security_plugins.c index bfc75a4..15c5fb5 100644 --- a/src/security/core/src/dds_security_plugins.c +++ b/src/security/core/src/dds_security_plugins.c @@ -19,40 +19,40 @@ #include "dds/ddsrt/dynlib.h" #include "dds/ddsrt/io.h" -static bool check_plugin_configuration (const dds_security_plugin_config *config, const char *name, const struct ddsrt_log_cfg *logcfg) +static bool check_plugin_configuration (const dds_security_plugin_config *config, const char *name, struct ddsi_domaingv *gv) { if (config->library_path == NULL || *config->library_path == 0) { - DDS_CERROR (logcfg, "%s security plugin library path is undefined or empty\n", name); + GVERROR ("%s security plugin library path is undefined or empty\n", name); return false; } if (config->library_init == NULL || *config->library_init == 0) { - DDS_CERROR (logcfg, "%s security plugin init function is undefined or empty\n", name); + GVERROR ("%s security plugin init function is undefined or empty\n", name); return false; } if (config->library_finalize == NULL || *config->library_finalize == 0) { - DDS_CERROR (logcfg, "%s security plugin finalize function is undefined or empty\n", name); + GVERROR ("%s security plugin finalize function is undefined or empty\n", name); return false; } return true; } -dds_return_t dds_security_check_plugin_configuration (const dds_security_plugin_suite_config *security_suite_config, const struct ddsrt_log_cfg *logcfg) +dds_return_t dds_security_check_plugin_configuration (const dds_security_plugin_suite_config *security_suite_config, struct ddsi_domaingv *gv) { - if (check_plugin_configuration (&security_suite_config->access_control, "AccessControl", logcfg) && - check_plugin_configuration (&security_suite_config->authentication, "Authentication", logcfg) && - check_plugin_configuration (&security_suite_config->cryptography, "Cryptography", logcfg)) + if (check_plugin_configuration (&security_suite_config->access_control, "AccessControl", gv) && + check_plugin_configuration (&security_suite_config->authentication, "Authentication", gv) && + check_plugin_configuration (&security_suite_config->cryptography, "Cryptography", gv)) return DDS_RETCODE_OK; else return DDS_RETCODE_ERROR; } -static bool verify_function (const void *function_ptr, dds_security_plugin *plugin, const char *function_name, const struct ddsrt_log_cfg *logcfg) +static bool verify_function (const void *function_ptr, dds_security_plugin *plugin, const char *function_name, struct ddsi_domaingv *gv) { if (function_ptr != NULL) return true; else { - DDS_CERROR (logcfg, "Could not find the function for %s: %s\n", plugin->name, function_name); + GVERROR ("Could not find the function for %s: %s\n", plugin->name, function_name); return false; } } @@ -62,12 +62,12 @@ struct verify_plugin_functions_tab { const char *name; }; -static bool verify_plugin_functions (const void *context, dds_security_plugin *plugin, const struct verify_plugin_functions_tab *entries, size_t nentries, const struct ddsrt_log_cfg *logcfg) +static bool verify_plugin_functions (const void *context, dds_security_plugin *plugin, const struct verify_plugin_functions_tab *entries, size_t nentries, struct ddsi_domaingv *gv) { for (size_t i = 0; i < nentries; i++) { const char *p = (const char *) context + entries[i].off; - if (!verify_function (*((void **) p), plugin, entries[i].name, logcfg)) + if (!verify_function (*((void **) p), plugin, entries[i].name, gv)) return false; } return true; @@ -77,7 +77,7 @@ dds_return_t dds_security_verify_plugin_functions( dds_security_authentication *authentication_context, dds_security_plugin *auth_plugin, dds_security_cryptography *crypto_context, dds_security_plugin *crypto_plugin, dds_security_access_control *access_control_context, dds_security_plugin *ac_plugin, - const struct ddsrt_log_cfg *logcfg) + struct ddsi_domaingv *gv) { #define FGEN(context, name) { offsetof (context, name), #name } #define F(name) FGEN (dds_security_authentication, name) @@ -170,7 +170,7 @@ dds_return_t dds_security_verify_plugin_functions( F (decode_serialized_payload) }; #undef F -#define C(context, plugin, table) verify_plugin_functions (context, plugin, table, sizeof (table) / sizeof (table[0]), logcfg) +#define C(context, plugin, table) verify_plugin_functions (context, plugin, table, sizeof (table) / sizeof (table[0]), gv) if (C (authentication_context, auth_plugin, auth) && C (access_control_context, ac_plugin, ac) && C (crypto_context->crypto_key_factory, crypto_plugin, cryptoF) && @@ -189,7 +189,8 @@ dds_return_t dds_security_verify_plugin_functions( /** * All fields of the library properties are supposed to be non-empty */ -dds_return_t dds_security_load_security_library (const dds_security_plugin_config *plugin_config, dds_security_plugin *security_plugin, void **security_plugin_context, const struct ddsrt_log_cfg *logcfg) +dds_return_t dds_security_load_security_library (const dds_security_plugin_config *plugin_config, dds_security_plugin *security_plugin, + void **security_plugin_context, struct ddsi_domaingv *gv) { dds_return_t lib_ret; char *init_parameters = ""; @@ -211,30 +212,30 @@ dds_return_t dds_security_load_security_library (const dds_security_plugin_confi { char buffer[256]; ddsrt_dlerror (buffer, sizeof (buffer)); - DDS_CERROR (logcfg, "Could not load %s library: %s\n", security_plugin->name, buffer); + GVERROR ("Could not load %s library: %s\n", security_plugin->name, buffer); goto load_error; } void *tmp; if (ddsrt_dlsym (security_plugin->lib_handle, plugin_config->library_init, &tmp) != DDS_RETCODE_OK) { - DDS_CERROR (logcfg, "Could not find the function: %s\n", plugin_config->library_init); + GVERROR ("Could not find the function: %s\n", plugin_config->library_init); goto library_error; } security_plugin->func_init = (plugin_init) tmp; if (ddsrt_dlsym (security_plugin->lib_handle, plugin_config->library_finalize, &tmp) != DDS_RETCODE_OK) { - DDS_CERROR (logcfg, "Could not find the function: %s\n", plugin_config->library_finalize); + GVERROR ("Could not find the function: %s\n", plugin_config->library_finalize); goto library_error; } security_plugin->func_finalize = (plugin_finalize) tmp; if (security_plugin->func_init != 0) { - if (security_plugin->func_init (init_parameters, (void **) security_plugin_context) != DDS_RETCODE_OK) + if (security_plugin->func_init (init_parameters, (void **) security_plugin_context, gv) != DDS_RETCODE_OK) { - DDS_CERROR (logcfg, "Error occured while initializing %s plugin\n", security_plugin->name); + GVERROR ("Error occured while initializing %s plugin\n", security_plugin->name); goto library_error; } } diff --git a/src/security/core/tests/common/access_control_wrapper.c b/src/security/core/tests/common/access_control_wrapper.c index 83b88f6..3ba5b68 100644 --- a/src/security/core/tests/common/access_control_wrapper.c +++ b/src/security/core/tests/common/access_control_wrapper.c @@ -514,10 +514,11 @@ static struct dds_security_access_control_impl * init_test_access_control_common return impl; } -int32_t init_test_access_control_all_ok(const char *argument, void **context) +int32_t init_test_access_control_all_ok(const char *argument, void **context, struct ddsi_domaingv *gv) { DDSRT_UNUSED_ARG(argument); DDSRT_UNUSED_ARG(context); + DDSRT_UNUSED_ARG(gv); struct dds_security_access_control_impl *impl = init_test_access_control_common(); impl->mode = PLUGIN_MODE_ALL_OK; *context = impl; @@ -531,10 +532,11 @@ int32_t finalize_test_access_control_all_ok(void *context) return 0; } -int32_t init_test_access_control_missing_func(const char *argument, void **context) +int32_t init_test_access_control_missing_func(const char *argument, void **context, struct ddsi_domaingv *gv) { DDSRT_UNUSED_ARG(argument); DDSRT_UNUSED_ARG(context); + DDSRT_UNUSED_ARG(gv); struct dds_security_access_control_impl *impl = init_test_access_control_common(); impl->base.check_create_datareader = NULL; impl->mode = PLUGIN_MODE_MISSING_FUNC; diff --git a/src/security/core/tests/common/access_control_wrapper.h b/src/security/core/tests/common/access_control_wrapper.h index 70c9c2c..a7c2e7c 100644 --- a/src/security/core/tests/common/access_control_wrapper.h +++ b/src/security/core/tests/common/access_control_wrapper.h @@ -12,15 +12,16 @@ #ifndef SECURITY_CORE_TEST_ACCESS_CONTROL_WRAPPER_H_ #define SECURITY_CORE_TEST_ACCESS_CONTROL_WRAPPER_H_ +#include "dds/ddsi/ddsi_domaingv.h" #include "dds/security/dds_security_api.h" #include "dds/security/access_control_wrapper_export.h" /* Init in all-ok mode: all functions return success without calling the actual plugin */ -SECURITY_EXPORT int32_t init_test_access_control_all_ok(const char *argument, void **context); +SECURITY_EXPORT int32_t init_test_access_control_all_ok(const char *argument, void **context, struct ddsi_domaingv *gv); SECURITY_EXPORT int32_t finalize_test_access_control_all_ok(void *context); /* Init in missing function mode: one of the function pointers is null */ -SECURITY_EXPORT int32_t init_test_access_control_missing_func(const char *argument, void **context); +SECURITY_EXPORT int32_t init_test_access_control_missing_func(const char *argument, void **context, struct ddsi_domaingv *gv); SECURITY_EXPORT int32_t finalize_test_access_control_missing_func(void *context); #endif /* SECURITY_CORE_TEST_ACCESS_CONTROL_WRAPPER_H_ */ diff --git a/src/security/core/tests/common/authentication_wrapper.c b/src/security/core/tests/common/authentication_wrapper.c index 0ab9882..a2d3709 100644 --- a/src/security/core/tests/common/authentication_wrapper.c +++ b/src/security/core/tests/common/authentication_wrapper.c @@ -22,7 +22,7 @@ #include "test_identity.h" #include "plugin_wrapper_msg_q.h" -int32_t init_authentication(const char *argument, void **context); +int32_t init_authentication(const char *argument, void **context, struct ddsi_domaingv *gv); int32_t finalize_authentication(void *context); enum auth_plugin_mode { @@ -41,7 +41,6 @@ struct dds_security_authentication_impl dds_security_authentication base; dds_security_authentication *instance; struct message_queue msg_queue; - const struct ddsi_domaingv *gv; enum auth_plugin_mode mode; }; @@ -439,7 +438,7 @@ static struct dds_security_authentication_impl * get_impl_for_domain(dds_domaini { for (size_t i = 0; i < auth_impl_idx; i++) { - if (auth_impl[i] && auth_impl[i]->gv->config.domainId == domain_id) + if (auth_impl[i] && auth_impl[i]->instance->gv->config.domainId == domain_id) { return auth_impl[i]; } @@ -483,10 +482,11 @@ static struct dds_security_authentication_impl * init_test_authentication_common return impl; } -int32_t init_test_authentication_all_ok(const char *argument, void **context) +int32_t init_test_authentication_all_ok(const char *argument, void **context, struct ddsi_domaingv *gv) { DDSRT_UNUSED_ARG(argument); DDSRT_UNUSED_ARG(context); + DDSRT_UNUSED_ARG(gv); struct dds_security_authentication_impl *impl = init_test_authentication_common(); impl->mode = PLUGIN_MODE_ALL_OK; *context = impl; @@ -500,10 +500,11 @@ int32_t finalize_test_authentication_all_ok(void *context) return 0; } -int32_t init_test_authentication_missing_func(const char *argument, void **context) +int32_t init_test_authentication_missing_func(const char *argument, void **context, struct ddsi_domaingv *gv) { DDSRT_UNUSED_ARG(argument); DDSRT_UNUSED_ARG(context); + DDSRT_UNUSED_ARG(gv); struct dds_security_authentication_impl *impl = init_test_authentication_common(); impl->base.get_shared_secret = NULL; impl->mode = PLUGIN_MODE_MISSING_FUNC; @@ -518,10 +519,11 @@ int32_t finalize_test_authentication_missing_func(void *context) return 0; } -int32_t init_test_authentication_init_error(const char *argument, void **context) +int32_t init_test_authentication_init_error(const char *argument, void **context, struct ddsi_domaingv *gv) { DDSRT_UNUSED_ARG(argument); DDSRT_UNUSED_ARG(context); + DDSRT_UNUSED_ARG(gv); return 1; } @@ -535,19 +537,14 @@ int32_t finalize_test_authentication_init_error(void *context) * Init and fini functions for using wrapped mode for the authentication plugin. * These functions assumes that there are no concurrent calls, as the static * variables used here are not protected by a lock. */ -int32_t init_test_authentication_wrapped(const char *argument, void **context) +int32_t init_test_authentication_wrapped(const char *argument, void **context, struct ddsi_domaingv *gv) { int32_t ret; struct dds_security_authentication_impl *impl = init_test_authentication_common(); impl->mode = PLUGIN_MODE_WRAPPED; init_message_queue(&impl->msg_queue); - struct thread_state1 * const ts1 = lookup_thread_state (); - struct ddsi_domaingv const * const gv = ddsrt_atomic_ldvoidp (&ts1->gv); - impl->gv = gv; - - ret = init_authentication(argument, (void **)&impl->instance); - + ret = init_authentication(argument, (void **)&impl->instance, gv); auth_impl_idx++; auth_impl = ddsrt_realloc(auth_impl, auth_impl_idx * sizeof(*auth_impl)); auth_impl[auth_impl_idx - 1] = impl; diff --git a/src/security/core/tests/common/authentication_wrapper.h b/src/security/core/tests/common/authentication_wrapper.h index be4854a..d784454 100644 --- a/src/security/core/tests/common/authentication_wrapper.h +++ b/src/security/core/tests/common/authentication_wrapper.h @@ -12,24 +12,25 @@ #ifndef SECURITY_CORE_TEST_AUTHENTICATION_WRAPPER_H_ #define SECURITY_CORE_TEST_AUTHENTICATION_WRAPPER_H_ +#include "dds/ddsi/ddsi_domaingv.h" #include "dds/security/dds_security_api.h" #include "dds/security/authentication_wrapper_export.h" #include "plugin_wrapper_msg_q.h" /* Init in wrapper mode */ -SECURITY_EXPORT int32_t init_test_authentication_wrapped(const char *argument, void **context); +SECURITY_EXPORT int32_t init_test_authentication_wrapped(const char *argument, void **context, struct ddsi_domaingv *gv); SECURITY_EXPORT int32_t finalize_test_authentication_wrapped(void *context); /* Init in all-ok mode: all functions return success without calling the actual plugin */ -SECURITY_EXPORT int32_t init_test_authentication_all_ok(const char *argument, void **context); +SECURITY_EXPORT int32_t init_test_authentication_all_ok(const char *argument, void **context, struct ddsi_domaingv *gv); SECURITY_EXPORT int32_t finalize_test_authentication_all_ok(void *context); /* Init in missing function mode: one of the function pointers is null */ -SECURITY_EXPORT int32_t init_test_authentication_missing_func(const char *argument, void **context); +SECURITY_EXPORT int32_t init_test_authentication_missing_func(const char *argument, void **context, struct ddsi_domaingv *gv); SECURITY_EXPORT int32_t finalize_test_authentication_missing_func(void *context); /* Init function fails */ -SECURITY_EXPORT int32_t init_test_authentication_init_error(const char *argument, void **context); +SECURITY_EXPORT int32_t init_test_authentication_init_error(const char *argument, void **context, struct ddsi_domaingv *gv); SECURITY_EXPORT int32_t finalize_test_authentication_init_error(void *context); SECURITY_EXPORT struct message * test_authentication_plugin_take_msg(dds_domainid_t domain_id, message_kind_t kind, DDS_Security_IdentityHandle lidHandle, DDS_Security_IdentityHandle ridHandle, DDS_Security_IdentityHandle hsHandle, dds_duration_t timeout); diff --git a/src/security/core/tests/common/cryptography_wrapper.c b/src/security/core/tests/common/cryptography_wrapper.c index 7af5c1b..a3d1508 100644 --- a/src/security/core/tests/common/cryptography_wrapper.c +++ b/src/security/core/tests/common/cryptography_wrapper.c @@ -22,7 +22,7 @@ #include "dds/security/core/dds_security_utils.h" #include "cryptography_wrapper.h" -int32_t init_crypto(const char *argument, void **context); +int32_t init_crypto(const char *argument, void **context, struct ddsi_domaingv *gv); int32_t finalize_crypto(void *context); enum crypto_plugin_mode { @@ -700,14 +700,14 @@ static DDS_Security_boolean decode_serialized_payload( /** * Init and finalize functions */ -static struct dds_security_cryptography_impl * init_test_cryptography_common(const char *argument, bool wrapped) +static struct dds_security_cryptography_impl * init_test_cryptography_common(const char *argument, bool wrapped, struct ddsi_domaingv *gv) { struct dds_security_cryptography_impl *impl = (struct dds_security_cryptography_impl*) ddsrt_malloc(sizeof(*impl)); memset(impl, 0, sizeof(*impl)); if (wrapped) { - if (init_crypto(argument, (void **)&impl->instance) != DDS_SECURITY_SUCCESS) + if (init_crypto(argument, (void **)&impl->instance, gv) != DDS_SECURITY_SUCCESS) return NULL; impl->transform_wrap.instance = impl->instance->crypto_transform; @@ -763,9 +763,9 @@ static int32_t finalize_test_cryptography_common(struct dds_security_cryptograph return DDS_SECURITY_SUCCESS; } -int32_t init_test_cryptography_all_ok(const char *argument, void **context) +int32_t init_test_cryptography_all_ok(const char *argument, void **context, struct ddsi_domaingv *gv) { - struct dds_security_cryptography_impl *impl = init_test_cryptography_common(argument, false); + struct dds_security_cryptography_impl *impl = init_test_cryptography_common(argument, false, gv); if (!impl) return DDS_SECURITY_FAILED; impl->mode = PLUGIN_MODE_ALL_OK; @@ -780,9 +780,9 @@ int32_t finalize_test_cryptography_all_ok(void *context) return finalize_test_cryptography_common(impl, false); } -int32_t init_test_cryptography_missing_func(const char *argument, void **context) +int32_t init_test_cryptography_missing_func(const char *argument, void **context, struct ddsi_domaingv *gv) { - struct dds_security_cryptography_impl *impl = init_test_cryptography_common(argument, false); + struct dds_security_cryptography_impl *impl = init_test_cryptography_common(argument, false, gv); if (!impl) return DDS_SECURITY_FAILED; impl->base.crypto_key_exchange->set_remote_participant_crypto_tokens = NULL; @@ -798,9 +798,9 @@ int32_t finalize_test_cryptography_missing_func(void *context) return finalize_test_cryptography_common(impl, false); } -int32_t init_test_cryptography_wrapped(const char *argument, void **context) +int32_t init_test_cryptography_wrapped(const char *argument, void **context, struct ddsi_domaingv *gv) { - struct dds_security_cryptography_impl *impl = init_test_cryptography_common(argument, true); + struct dds_security_cryptography_impl *impl = init_test_cryptography_common(argument, true, gv); if (!impl) return DDS_SECURITY_FAILED; impl->mode = PLUGIN_MODE_WRAPPED; diff --git a/src/security/core/tests/common/cryptography_wrapper.h b/src/security/core/tests/common/cryptography_wrapper.h index 44e0501..f379727 100644 --- a/src/security/core/tests/common/cryptography_wrapper.h +++ b/src/security/core/tests/common/cryptography_wrapper.h @@ -12,6 +12,7 @@ #ifndef SECURITY_CORE_TEST_CRYPTO_WRAPPER_H_ #define SECURITY_CORE_TEST_CRYPTO_WRAPPER_H_ +#include "dds/ddsi/ddsi_domaingv.h" #include "dds/security/dds_security_api.h" #include "dds/security/dds_security_api_defs.h" #include "dds/security/cryptography_wrapper_export.h" @@ -34,15 +35,15 @@ SECURITY_EXPORT void set_disc_protection_kinds( SECURITY_EXPORT void set_entity_data_secret(struct dds_security_cryptography_impl * impl, const char * pp_secret, const char * groupdata_secret, const char * ep_secret); /* Init in all-ok mode: all functions return success without calling the actual plugin */ -SECURITY_EXPORT int32_t init_test_cryptography_all_ok(const char *argument, void **context); +SECURITY_EXPORT int32_t init_test_cryptography_all_ok(const char *argument, void **context, struct ddsi_domaingv *gv); SECURITY_EXPORT int32_t finalize_test_cryptography_all_ok(void *context); /* Init in missing function mode: one of the function pointers is null */ -SECURITY_EXPORT int32_t init_test_cryptography_missing_func(const char *argument, void **context); +SECURITY_EXPORT int32_t init_test_cryptography_missing_func(const char *argument, void **context, struct ddsi_domaingv *gv); SECURITY_EXPORT int32_t finalize_test_cryptography_missing_func(void *context); /* Init in wrapper mode */ -SECURITY_EXPORT int32_t init_test_cryptography_wrapped(const char *argument, void **context); +SECURITY_EXPORT int32_t init_test_cryptography_wrapped(const char *argument, void **context, struct ddsi_domaingv *gv); SECURITY_EXPORT int32_t finalize_test_cryptography_wrapped(void *context); #endif /* SECURITY_CORE_TEST_CRYPTO_WRAPPER_H_ */