Add domaingv pointer to security plugins, as a preparation for supporting the permissions_expiry callback (which needs the gv to enumerate participants.
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
This commit is contained in:
parent
a6a9d1f7c1
commit
e6500b6528
26 changed files with 682 additions and 915 deletions
|
@ -1092,7 +1092,7 @@ secure_conn_write(
|
||||||
* @retval DDS_RETCODE_OK All plugins are successfully loaded
|
* @retval DDS_RETCODE_OK All plugins are successfully loaded
|
||||||
* @retval DDS_RETCODE_ERROR One or more security plugins are not loaded.
|
* @retval DDS_RETCODE_ERROR One or more security plugins are not loaded.
|
||||||
*/
|
*/
|
||||||
dds_return_t q_omg_security_load( struct dds_security_context *security_context, const dds_qos_t *qos );
|
dds_return_t q_omg_security_load( struct dds_security_context *security_context, const dds_qos_t *qos, struct ddsi_domaingv *gv );
|
||||||
|
|
||||||
|
|
||||||
void q_omg_security_init( struct ddsi_domaingv *gv );
|
void q_omg_security_init( struct ddsi_domaingv *gv );
|
||||||
|
@ -1389,7 +1389,7 @@ decode_rtps_message(
|
||||||
return NN_RTPS_MSG_STATE_PLAIN;
|
return NN_RTPS_MSG_STATE_PLAIN;
|
||||||
}
|
}
|
||||||
|
|
||||||
inline dds_return_t q_omg_security_load( UNUSED_ARG( struct dds_security_context *security_context ), UNUSED_ARG( const dds_qos_t *property_seq) )
|
inline dds_return_t q_omg_security_load( UNUSED_ARG( struct dds_security_context *security_context ), UNUSED_ARG( const dds_qos_t *property_seq), UNUSED_ARG ( struct ddsi_domaingv *gv ) )
|
||||||
{
|
{
|
||||||
return DDS_RETCODE_ERROR;
|
return DDS_RETCODE_ERROR;
|
||||||
}
|
}
|
||||||
|
|
|
@ -53,11 +53,11 @@
|
||||||
*/
|
*/
|
||||||
#define PENDING_MATCH_EXPIRY_TIME 300
|
#define PENDING_MATCH_EXPIRY_TIME 300
|
||||||
|
|
||||||
#define EXCEPTION_LOG(sc,e,cat, ...) \
|
#define EXCEPTION_LOG(gv,e,cat,...) \
|
||||||
q_omg_log_exception(sc->logcfg, cat, e, __FILE__, __LINE__, DDS_FUNCTION, __VA_ARGS__)
|
q_omg_log_exception(&gv->logconfig, cat, e, __FILE__, __LINE__, DDS_FUNCTION, __VA_ARGS__)
|
||||||
|
|
||||||
#define EXCEPTION_ERROR(s, e, ...) EXCEPTION_LOG(s, e, DDS_LC_ERROR, __VA_ARGS__)
|
#define EXCEPTION_ERROR(gv,e,...) EXCEPTION_LOG(gv, e, DDS_LC_ERROR, __VA_ARGS__)
|
||||||
#define EXCEPTION_WARNING(s, e, ...) EXCEPTION_LOG(s, e, DDS_LC_WARNING, __VA_ARGS__)
|
#define EXCEPTION_WARNING(gv,e,...) EXCEPTION_LOG(gv, e, DDS_LC_WARNING, __VA_ARGS__)
|
||||||
|
|
||||||
|
|
||||||
#define SECURITY_ATTR_IS_VALID(attr) \
|
#define SECURITY_ATTR_IS_VALID(attr) \
|
||||||
|
@ -212,8 +212,6 @@ struct dds_security_context {
|
||||||
|
|
||||||
struct pending_match_index security_matches;
|
struct pending_match_index security_matches;
|
||||||
struct participant_sec_index partiticpant_index;
|
struct participant_sec_index partiticpant_index;
|
||||||
|
|
||||||
const struct ddsrt_log_cfg *logcfg;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
typedef struct dds_security_context dds_security_context;
|
typedef struct dds_security_context dds_security_context;
|
||||||
|
@ -357,7 +355,7 @@ static struct pending_match * find_or_create_pending_entity_match(struct pending
|
||||||
return match;
|
return match;
|
||||||
}
|
}
|
||||||
|
|
||||||
static void unregister_and_free_pending_match(dds_security_context *sc, struct pending_match *match)
|
static void unregister_and_free_pending_match(const struct ddsi_domaingv * gv, dds_security_context *sc, struct pending_match *match)
|
||||||
{
|
{
|
||||||
if (match->crypto_handle != 0)
|
if (match->crypto_handle != 0)
|
||||||
{
|
{
|
||||||
|
@ -382,7 +380,7 @@ static void unregister_and_free_pending_match(dds_security_context *sc, struct p
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
if (!r)
|
if (!r)
|
||||||
EXCEPTION_ERROR(sc, &exception, "Failed to unregister remote %s crypto "PGUIDFMT" related to "PGUIDFMT, ename, PGUID(match->guids.remote_guid), PGUID(match->guids.local_guid));
|
EXCEPTION_ERROR(gv, &exception, "Failed to unregister remote %s crypto "PGUIDFMT" related to "PGUIDFMT, ename, PGUID(match->guids.remote_guid), PGUID(match->guids.local_guid));
|
||||||
}
|
}
|
||||||
free_pending_match(match);
|
free_pending_match(match);
|
||||||
}
|
}
|
||||||
|
@ -407,7 +405,7 @@ static void pending_match_expiry_cb(struct xevent *xev, void *varg, ddsrt_mtime_
|
||||||
{
|
{
|
||||||
ddsrt_fibheap_delete(&pending_match_expiry_fhdef, &index->expiry_timers, match);
|
ddsrt_fibheap_delete(&pending_match_expiry_fhdef, &index->expiry_timers, match);
|
||||||
ddsrt_avl_delete(&pending_match_index_treedef, &index->pending_matches, match);
|
ddsrt_avl_delete(&pending_match_index_treedef, &index->pending_matches, match);
|
||||||
unregister_and_free_pending_match(index->gv->security_context, match);
|
unregister_and_free_pending_match(index->gv, index->gv->security_context, match);
|
||||||
match = ddsrt_fibheap_min(&pending_match_expiry_fhdef, &index->expiry_timers);
|
match = ddsrt_fibheap_min(&pending_match_expiry_fhdef, &index->expiry_timers);
|
||||||
}
|
}
|
||||||
if (match)
|
if (match)
|
||||||
|
@ -430,7 +428,7 @@ static void clear_pending_matches_by_local_guid(dds_security_context *sc, struct
|
||||||
if (match->expiry.v != DDS_NEVER)
|
if (match->expiry.v != DDS_NEVER)
|
||||||
ddsrt_fibheap_delete(&pending_match_expiry_fhdef, &index->expiry_timers, match);
|
ddsrt_fibheap_delete(&pending_match_expiry_fhdef, &index->expiry_timers, match);
|
||||||
next = ddsrt_avl_lookup_succ(&pending_match_index_treedef, &index->pending_matches, &match->guids);
|
next = ddsrt_avl_lookup_succ(&pending_match_index_treedef, &index->pending_matches, &match->guids);
|
||||||
unregister_and_free_pending_match(sc, match);
|
unregister_and_free_pending_match(index->gv, sc, match);
|
||||||
}
|
}
|
||||||
match = next;
|
match = next;
|
||||||
}
|
}
|
||||||
|
@ -450,7 +448,7 @@ static void clear_pending_matches_by_remote_guid(dds_security_context *sc, struc
|
||||||
ddsrt_avl_delete(&pending_match_index_treedef, &index->pending_matches, match);
|
ddsrt_avl_delete(&pending_match_index_treedef, &index->pending_matches, match);
|
||||||
if (match->expiry.v != DDS_NEVER)
|
if (match->expiry.v != DDS_NEVER)
|
||||||
ddsrt_fibheap_delete(&pending_match_expiry_fhdef, &index->expiry_timers, match);
|
ddsrt_fibheap_delete(&pending_match_expiry_fhdef, &index->expiry_timers, match);
|
||||||
unregister_and_free_pending_match(sc, match);
|
unregister_and_free_pending_match(index->gv, sc, match);
|
||||||
match = next;
|
match = next;
|
||||||
}
|
}
|
||||||
ddsrt_mutex_unlock(&index->lock);
|
ddsrt_mutex_unlock(&index->lock);
|
||||||
|
@ -505,7 +503,7 @@ static struct proxypp_pp_match * proxypp_pp_match_new(struct participant *pp, DD
|
||||||
return pm;
|
return pm;
|
||||||
}
|
}
|
||||||
|
|
||||||
static void proxypp_pp_match_free(struct dds_security_context *sc, struct proxypp_pp_match *pm)
|
static void proxypp_pp_match_free(struct ddsi_domaingv *gv, struct dds_security_context *sc, struct proxypp_pp_match *pm)
|
||||||
{
|
{
|
||||||
DDS_Security_SecurityException exception = DDS_SECURITY_EXCEPTION_INIT;
|
DDS_Security_SecurityException exception = DDS_SECURITY_EXCEPTION_INIT;
|
||||||
|
|
||||||
|
@ -517,8 +515,9 @@ static void proxypp_pp_match_free(struct dds_security_context *sc, struct proxyp
|
||||||
* matching local and remote participant.
|
* matching local and remote participant.
|
||||||
*/
|
*/
|
||||||
#if 0
|
#if 0
|
||||||
EXCEPTION_ERROR(sc, &exception, "Failed to return remote permissions handle");
|
EXCEPTION_ERROR(gv, &exception, "Failed to return remote permissions handle");
|
||||||
#else
|
#else
|
||||||
|
DDSRT_UNUSED_ARG (gv);
|
||||||
DDS_Security_Exception_reset(&exception);
|
DDS_Security_Exception_reset(&exception);
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
@ -552,7 +551,7 @@ static void proxypp_pp_unrelate(struct dds_security_context *sc, struct proxy_pa
|
||||||
if ((pm = ddsrt_avl_lookup_dpath(&proxypp_pp_treedef, &proxypp->sec_attr->participants, &pp_crypto_handle, &dpath)) != NULL)
|
if ((pm = ddsrt_avl_lookup_dpath(&proxypp_pp_treedef, &proxypp->sec_attr->participants, &pp_crypto_handle, &dpath)) != NULL)
|
||||||
{
|
{
|
||||||
ddsrt_avl_delete_dpath(&proxypp_pp_treedef, &proxypp->sec_attr->participants, pm, &dpath);
|
ddsrt_avl_delete_dpath(&proxypp_pp_treedef, &proxypp->sec_attr->participants, pm, &dpath);
|
||||||
proxypp_pp_match_free(sc, pm);
|
proxypp_pp_match_free(proxypp->e.gv, sc, pm);
|
||||||
}
|
}
|
||||||
ddsrt_mutex_unlock(&proxypp->sec_attr->lock);
|
ddsrt_mutex_unlock(&proxypp->sec_attr->lock);
|
||||||
}
|
}
|
||||||
|
@ -715,8 +714,6 @@ void q_omg_security_init (struct ddsi_domaingv *gv)
|
||||||
pending_match_index_init(gv, &sc->security_matches);
|
pending_match_index_init(gv, &sc->security_matches);
|
||||||
|
|
||||||
ddsrt_mutex_init (&sc->omg_security_lock);
|
ddsrt_mutex_init (&sc->omg_security_lock);
|
||||||
sc->logcfg = &gv->logconfig;
|
|
||||||
|
|
||||||
gv->security_context = sc;
|
gv->security_context = sc;
|
||||||
|
|
||||||
ddsi_handshake_admin_init(gv);
|
ddsi_handshake_admin_init(gv);
|
||||||
|
@ -725,16 +722,16 @@ void q_omg_security_init (struct ddsi_domaingv *gv)
|
||||||
/**
|
/**
|
||||||
* Releases all plugins
|
* Releases all plugins
|
||||||
*/
|
*/
|
||||||
static void release_plugins (dds_security_context *sc)
|
static void release_plugins (struct ddsi_domaingv *gv, dds_security_context *sc)
|
||||||
{
|
{
|
||||||
if (dds_security_plugin_release (&sc->auth_plugin, sc->authentication_context))
|
if (dds_security_plugin_release (&sc->auth_plugin, sc->authentication_context))
|
||||||
DDS_CERROR (sc->logcfg, "Error occurred releasing %s plugin", sc->auth_plugin.name);
|
GVERROR ("Error occurred releasing %s plugin", sc->auth_plugin.name);
|
||||||
|
|
||||||
if (dds_security_plugin_release (&sc->crypto_plugin, sc->crypto_context))
|
if (dds_security_plugin_release (&sc->crypto_plugin, sc->crypto_context))
|
||||||
DDS_CERROR (sc->logcfg, "Error occurred releasing %s plugin", sc->crypto_plugin.name);
|
GVERROR ("Error occurred releasing %s plugin", sc->crypto_plugin.name);
|
||||||
|
|
||||||
if (dds_security_plugin_release (&sc->ac_plugin, sc->access_control_context))
|
if (dds_security_plugin_release (&sc->ac_plugin, sc->access_control_context))
|
||||||
DDS_CERROR (sc->logcfg, "Error occurred releasing %s plugin", sc->ac_plugin.name);
|
GVERROR ("Error occurred releasing %s plugin", sc->ac_plugin.name);
|
||||||
|
|
||||||
sc->authentication_context = NULL;
|
sc->authentication_context = NULL;
|
||||||
sc->access_control_context = NULL;
|
sc->access_control_context = NULL;
|
||||||
|
@ -758,9 +755,9 @@ void q_omg_security_free (struct ddsi_domaingv *gv)
|
||||||
ddsrt_avl_cfree(&participant_index_treedef, &sc->partiticpant_index.participants, 0);
|
ddsrt_avl_cfree(&participant_index_treedef, &sc->partiticpant_index.participants, 0);
|
||||||
ddsrt_mutex_destroy(&sc->partiticpant_index.lock);
|
ddsrt_mutex_destroy(&sc->partiticpant_index.lock);
|
||||||
|
|
||||||
if (sc->authentication_context != NULL && sc->access_control_context != NULL && sc->crypto_context != NULL){
|
if (sc->authentication_context != NULL && sc->access_control_context != NULL && sc->crypto_context != NULL)
|
||||||
release_plugins (sc);
|
release_plugins (gv, sc);
|
||||||
}
|
|
||||||
ddsi_handshake_admin_deinit(gv);
|
ddsi_handshake_admin_deinit(gv);
|
||||||
ddsrt_mutex_destroy (&sc->omg_security_lock);
|
ddsrt_mutex_destroy (&sc->omg_security_lock);
|
||||||
ddsrt_free(sc);
|
ddsrt_free(sc);
|
||||||
|
@ -801,7 +798,7 @@ static void deinit_plugin_suite_config (dds_security_plugin_suite_config *suite_
|
||||||
deinit_plugin_config (&suite_config->cryptography);
|
deinit_plugin_config (&suite_config->cryptography);
|
||||||
}
|
}
|
||||||
|
|
||||||
dds_return_t q_omg_security_load (dds_security_context *sc, const dds_qos_t *qos)
|
dds_return_t q_omg_security_load (dds_security_context *sc, const dds_qos_t *qos, struct ddsi_domaingv *gv)
|
||||||
{
|
{
|
||||||
dds_security_plugin_suite_config psc;
|
dds_security_plugin_suite_config psc;
|
||||||
memset (&psc, 0, sizeof (psc));
|
memset (&psc, 0, sizeof (psc));
|
||||||
|
@ -812,31 +809,28 @@ dds_return_t q_omg_security_load (dds_security_context *sc, const dds_qos_t *qos
|
||||||
dds_qos_to_security_plugin_configuration (qos, &psc);
|
dds_qos_to_security_plugin_configuration (qos, &psc);
|
||||||
|
|
||||||
/* Check configuration content */
|
/* Check configuration content */
|
||||||
if (dds_security_check_plugin_configuration (&psc, sc->logcfg) != DDS_RETCODE_OK)
|
if (dds_security_check_plugin_configuration (&psc, gv) != DDS_RETCODE_OK)
|
||||||
goto error;
|
goto error;
|
||||||
|
|
||||||
if (dds_security_load_security_library (&psc.authentication, &sc->auth_plugin, (void **) &sc->authentication_context, sc->logcfg) != DDS_RETCODE_OK)
|
if (dds_security_load_security_library (&psc.authentication, &sc->auth_plugin, (void **) &sc->authentication_context, gv) != DDS_RETCODE_OK)
|
||||||
{
|
{
|
||||||
DDS_CERROR (sc->logcfg, "Could not load %s plugin.\n", sc->auth_plugin.name);
|
GVERROR ("Could not load %s plugin.\n", sc->auth_plugin.name);
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
if (dds_security_load_security_library (&psc.access_control, &sc->ac_plugin, (void **) &sc->access_control_context, sc->logcfg) != DDS_RETCODE_OK)
|
if (dds_security_load_security_library (&psc.access_control, &sc->ac_plugin, (void **) &sc->access_control_context, gv) != DDS_RETCODE_OK)
|
||||||
{
|
{
|
||||||
DDS_CERROR (sc->logcfg, "Could not load %s library\n", sc->ac_plugin.name);
|
GVERROR ("Could not load %s library\n", sc->ac_plugin.name);
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
if (dds_security_load_security_library (&psc.cryptography, &sc->crypto_plugin, (void **) &sc->crypto_context, sc->logcfg) != DDS_RETCODE_OK)
|
if (dds_security_load_security_library (&psc.cryptography, &sc->crypto_plugin, (void **) &sc->crypto_context, gv) != DDS_RETCODE_OK)
|
||||||
{
|
{
|
||||||
DDS_CERROR (sc->logcfg, "Could not load %s library\n", sc->crypto_plugin.name);
|
GVERROR ("Could not load %s library\n", sc->crypto_plugin.name);
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* now check if all plugin functions are implemented */
|
/* now check if all plugin functions are implemented */
|
||||||
if (dds_security_verify_plugin_functions (
|
if (dds_security_verify_plugin_functions (sc->authentication_context, &sc->auth_plugin, sc->crypto_context, &sc->crypto_plugin,
|
||||||
sc->authentication_context, &sc->auth_plugin,
|
sc->access_control_context, &sc->ac_plugin, gv) != DDS_RETCODE_OK)
|
||||||
sc->crypto_context, &sc->crypto_plugin,
|
|
||||||
sc->access_control_context, &sc->ac_plugin,
|
|
||||||
sc->logcfg) != DDS_RETCODE_OK)
|
|
||||||
{
|
{
|
||||||
goto error_verify;
|
goto error_verify;
|
||||||
}
|
}
|
||||||
|
@ -845,12 +839,12 @@ dds_return_t q_omg_security_load (dds_security_context *sc, const dds_qos_t *qos
|
||||||
#if LISTENERS_IMPLEMENTED
|
#if LISTENERS_IMPLEMENTED
|
||||||
if (!access_control_context->set_listener (access_control_context, &listener_ac, &ex))
|
if (!access_control_context->set_listener (access_control_context, &listener_ac, &ex))
|
||||||
{
|
{
|
||||||
DDS_CERROR (sc->logcfg, "Could not set access_control listener: %s\n", ex.message ? ex.message : "<unknown error>");
|
GVERROR ("Could not set access_control listener: %s\n", ex.message ? ex.message : "<unknown error>");
|
||||||
goto error_set_ac_listener;
|
goto error_set_ac_listener;
|
||||||
}
|
}
|
||||||
if (!authentication_context->set_listener (authentication_context, &listener_auth, &ex))
|
if (!authentication_context->set_listener (authentication_context, &listener_auth, &ex))
|
||||||
{
|
{
|
||||||
DDS_CERROR (sc->logcfg, "Could not set authentication listener: %s\n", ex.message ? ex.message : "<unknown error>");
|
GVERROR ("Could not set authentication listener: %s\n", ex.message ? ex.message : "<unknown error>");
|
||||||
goto err_set_auth_listener;
|
goto err_set_auth_listener;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
@ -861,7 +855,7 @@ dds_return_t q_omg_security_load (dds_security_context *sc, const dds_qos_t *qos
|
||||||
|
|
||||||
deinit_plugin_suite_config (&psc);
|
deinit_plugin_suite_config (&psc);
|
||||||
ddsrt_mutex_unlock (&sc->omg_security_lock);
|
ddsrt_mutex_unlock (&sc->omg_security_lock);
|
||||||
DDS_CLOG (DDS_LC_TRACE, sc->logcfg, "DDS Security plugins have been loaded\n");
|
GVTRACE ("DDS Security plugins have been loaded\n");
|
||||||
return DDS_RETCODE_OK;
|
return DDS_RETCODE_OK;
|
||||||
|
|
||||||
#if LISTENERS_IMPLEMENTED
|
#if LISTENERS_IMPLEMENTED
|
||||||
|
@ -870,7 +864,7 @@ error_set_auth_listener:
|
||||||
error_set_ac_listener:
|
error_set_ac_listener:
|
||||||
#endif
|
#endif
|
||||||
error_verify:
|
error_verify:
|
||||||
release_plugins (sc);
|
release_plugins (gv, sc);
|
||||||
error:
|
error:
|
||||||
deinit_plugin_suite_config (&psc);
|
deinit_plugin_suite_config (&psc);
|
||||||
ddsrt_mutex_unlock (&sc->omg_security_lock);
|
ddsrt_mutex_unlock (&sc->omg_security_lock);
|
||||||
|
@ -907,6 +901,7 @@ dds_return_t q_omg_security_check_create_participant(struct participant *pp, uin
|
||||||
{
|
{
|
||||||
dds_return_t ret = DDS_RETCODE_NOT_ALLOWED_BY_SECURITY;
|
dds_return_t ret = DDS_RETCODE_NOT_ALLOWED_BY_SECURITY;
|
||||||
struct dds_security_context *sc = q_omg_security_get_secure_context(pp);
|
struct dds_security_context *sc = q_omg_security_get_secure_context(pp);
|
||||||
|
struct ddsi_domaingv *gv = pp->e.gv;
|
||||||
DDS_Security_IdentityHandle identity_handle = DDS_SECURITY_HANDLE_NIL;
|
DDS_Security_IdentityHandle identity_handle = DDS_SECURITY_HANDLE_NIL;
|
||||||
DDS_Security_SecurityException exception = DDS_SECURITY_EXCEPTION_INIT;
|
DDS_Security_SecurityException exception = DDS_SECURITY_EXCEPTION_INIT;
|
||||||
DDS_Security_ValidationResult_t result = 0;
|
DDS_Security_ValidationResult_t result = 0;
|
||||||
|
@ -933,7 +928,7 @@ dds_return_t q_omg_security_check_create_participant(struct participant *pp, uin
|
||||||
(DDS_Security_GUID_t *) &candidate_guid, &exception);
|
(DDS_Security_GUID_t *) &candidate_guid, &exception);
|
||||||
if (result != DDS_SECURITY_VALIDATION_OK)
|
if (result != DDS_SECURITY_VALIDATION_OK)
|
||||||
{
|
{
|
||||||
EXCEPTION_ERROR(sc, &exception, "Error occurred while validating local permission");
|
EXCEPTION_ERROR(gv, &exception, "Error occurred while validating local permission");
|
||||||
goto validation_failed;
|
goto validation_failed;
|
||||||
}
|
}
|
||||||
pp->e.guid = nn_ntoh_guid(adjusted_guid);
|
pp->e.guid = nn_ntoh_guid(adjusted_guid);
|
||||||
|
@ -946,7 +941,7 @@ dds_return_t q_omg_security_check_create_participant(struct participant *pp, uin
|
||||||
/* Get the identity token and add this to the plist of the participant */
|
/* Get the identity token and add this to the plist of the participant */
|
||||||
if (!sc->authentication_context->get_identity_token(sc->authentication_context, &identity_token, identity_handle, &exception))
|
if (!sc->authentication_context->get_identity_token(sc->authentication_context, &identity_token, identity_handle, &exception))
|
||||||
{
|
{
|
||||||
EXCEPTION_ERROR(sc, &exception, "Error occurred while retrieving the identity token");
|
EXCEPTION_ERROR(gv, &exception, "Error occurred while retrieving the identity token");
|
||||||
goto validation_failed;
|
goto validation_failed;
|
||||||
}
|
}
|
||||||
assert(exception.code == 0);
|
assert(exception.code == 0);
|
||||||
|
@ -958,23 +953,24 @@ dds_return_t q_omg_security_check_create_participant(struct participant *pp, uin
|
||||||
sec_attr->permissions_handle = sc->access_control_context->validate_local_permissions(
|
sec_attr->permissions_handle = sc->access_control_context->validate_local_permissions(
|
||||||
sc->access_control_context, sc->authentication_context, identity_handle,
|
sc->access_control_context, sc->authentication_context, identity_handle,
|
||||||
(DDS_Security_DomainId)domain_id, &par_qos, &exception);
|
(DDS_Security_DomainId)domain_id, &par_qos, &exception);
|
||||||
|
|
||||||
if (sec_attr->permissions_handle == DDS_SECURITY_HANDLE_NIL)
|
if (sec_attr->permissions_handle == DDS_SECURITY_HANDLE_NIL)
|
||||||
{
|
{
|
||||||
EXCEPTION_ERROR(sc, &exception, "Error occurred while validating local permissions");
|
EXCEPTION_ERROR(gv, &exception, "Error occurred while validating local permissions");
|
||||||
goto not_allowed;
|
goto not_allowed;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* ask to access control security plugin for create participant permissions related to this identity*/
|
/* ask to access control security plugin for create participant permissions related to this identity*/
|
||||||
if (!sc->access_control_context->check_create_participant(sc->access_control_context, sec_attr->permissions_handle, (DDS_Security_DomainId) domain_id, &par_qos, &exception))
|
if (!sc->access_control_context->check_create_participant(sc->access_control_context, sec_attr->permissions_handle, (DDS_Security_DomainId) domain_id, &par_qos, &exception))
|
||||||
{
|
{
|
||||||
EXCEPTION_ERROR(sc, &exception, "It is not allowed to create participant");
|
EXCEPTION_ERROR(gv, &exception, "It is not allowed to create participant");
|
||||||
goto not_allowed;
|
goto not_allowed;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Get the identity token and add this to the plist of the participant */
|
/* Get the identity token and add this to the plist of the participant */
|
||||||
if (!sc->access_control_context->get_permissions_token(sc->access_control_context, &permissions_token, sec_attr->permissions_handle, &exception))
|
if (!sc->access_control_context->get_permissions_token(sc->access_control_context, &permissions_token, sec_attr->permissions_handle, &exception))
|
||||||
{
|
{
|
||||||
EXCEPTION_ERROR(sc, &exception, "Error occurred while retrieving the permissions token");
|
EXCEPTION_ERROR(gv, &exception, "Error occurred while retrieving the permissions token");
|
||||||
goto not_allowed;
|
goto not_allowed;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -983,19 +979,19 @@ dds_return_t q_omg_security_check_create_participant(struct participant *pp, uin
|
||||||
|
|
||||||
if (!sc->access_control_context->get_permissions_credential_token(sc->access_control_context, &credential_token, sec_attr->permissions_handle, &exception))
|
if (!sc->access_control_context->get_permissions_credential_token(sc->access_control_context, &credential_token, sec_attr->permissions_handle, &exception))
|
||||||
{
|
{
|
||||||
EXCEPTION_ERROR(sc, &exception, "Error occurred while retrieving the permissions credential token");
|
EXCEPTION_ERROR(gv, &exception, "Error occurred while retrieving the permissions credential token");
|
||||||
goto no_credentials;
|
goto no_credentials;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!sc->authentication_context->set_permissions_credential_and_token(sc->authentication_context, sec_attr->local_identity_handle, &credential_token, &permissions_token, &exception))
|
if (!sc->authentication_context->set_permissions_credential_and_token(sc->authentication_context, sec_attr->local_identity_handle, &credential_token, &permissions_token, &exception))
|
||||||
{
|
{
|
||||||
EXCEPTION_ERROR(sc, &exception, "Error occurred while setting the permissions credential token");
|
EXCEPTION_ERROR(gv, &exception, "Error occurred while setting the permissions credential token");
|
||||||
goto no_credentials;
|
goto no_credentials;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!sc->access_control_context->get_participant_sec_attributes(sc->access_control_context, sec_attr->permissions_handle, &sec_attr->attr, &exception))
|
if (!sc->access_control_context->get_participant_sec_attributes(sc->access_control_context, sec_attr->permissions_handle, &sec_attr->attr, &exception))
|
||||||
{
|
{
|
||||||
EXCEPTION_ERROR(sc, &exception, "Failed to get participant security attributes");
|
EXCEPTION_ERROR(gv, &exception, "Failed to get participant security attributes");
|
||||||
goto no_sec_attr;
|
goto no_sec_attr;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1003,7 +999,7 @@ dds_return_t q_omg_security_check_create_participant(struct participant *pp, uin
|
||||||
sec_attr->crypto_handle = sc->crypto_context->crypto_key_factory->register_local_participant(
|
sec_attr->crypto_handle = sc->crypto_context->crypto_key_factory->register_local_participant(
|
||||||
sc->crypto_context->crypto_key_factory, sec_attr->local_identity_handle, sec_attr->permissions_handle, NULL, &sec_attr->attr, &exception);
|
sc->crypto_context->crypto_key_factory, sec_attr->local_identity_handle, sec_attr->permissions_handle, NULL, &sec_attr->attr, &exception);
|
||||||
if (!sec_attr->crypto_handle) {
|
if (!sec_attr->crypto_handle) {
|
||||||
EXCEPTION_ERROR(sc, &exception, "Failed to register participant with crypto key factory");
|
EXCEPTION_ERROR(gv, &exception, "Failed to register participant with crypto key factory");
|
||||||
goto no_crypto;
|
goto no_crypto;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1089,21 +1085,21 @@ static void cleanup_participant_sec_attributes(void *arg)
|
||||||
if (attr->permissions_handle != DDS_SECURITY_HANDLE_NIL)
|
if (attr->permissions_handle != DDS_SECURITY_HANDLE_NIL)
|
||||||
{
|
{
|
||||||
if (!sc->access_control_context->return_permissions_handle(sc->access_control_context, attr->permissions_handle, &exception))
|
if (!sc->access_control_context->return_permissions_handle(sc->access_control_context, attr->permissions_handle, &exception))
|
||||||
EXCEPTION_ERROR(sc, &exception, "Failed to return local permissions handle");
|
EXCEPTION_ERROR(gv, &exception, "Failed to return local permissions handle");
|
||||||
}
|
}
|
||||||
if (attr->local_identity_handle != DDS_SECURITY_HANDLE_NIL)
|
if (attr->local_identity_handle != DDS_SECURITY_HANDLE_NIL)
|
||||||
{
|
{
|
||||||
if (!sc->authentication_context->return_identity_handle(sc->authentication_context, attr->local_identity_handle, &exception))
|
if (!sc->authentication_context->return_identity_handle(sc->authentication_context, attr->local_identity_handle, &exception))
|
||||||
EXCEPTION_ERROR(sc, &exception, "Failed to return local identity handle");
|
EXCEPTION_ERROR(gv, &exception, "Failed to return local identity handle");
|
||||||
}
|
}
|
||||||
if (attr->plugin_attr)
|
if (attr->plugin_attr)
|
||||||
{
|
{
|
||||||
if (!sc->access_control_context->return_participant_sec_attributes(sc->access_control_context, &attr->attr, &exception))
|
if (!sc->access_control_context->return_participant_sec_attributes(sc->access_control_context, &attr->attr, &exception))
|
||||||
EXCEPTION_ERROR(sc, &exception, "Failed to return participant security attributes");
|
EXCEPTION_ERROR(gv, &exception, "Failed to return participant security attributes");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!sc->crypto_context->crypto_key_factory->unregister_participant(sc->crypto_context->crypto_key_factory, attr->crypto_handle, &exception))
|
if (!sc->crypto_context->crypto_key_factory->unregister_participant(sc->crypto_context->crypto_key_factory, attr->crypto_handle, &exception))
|
||||||
EXCEPTION_ERROR(sc, &exception, "Failed to unregister participant");
|
EXCEPTION_ERROR(gv, &exception, "Failed to unregister participant");
|
||||||
|
|
||||||
ddsrt_avl_cfree(&pp_proxypp_treedef, &attr->proxy_participants, NULL);
|
ddsrt_avl_cfree(&pp_proxypp_treedef, &attr->proxy_participants, NULL);
|
||||||
ddsrt_mutex_unlock(&attr->lock);
|
ddsrt_mutex_unlock(&attr->lock);
|
||||||
|
@ -1286,7 +1282,7 @@ bool q_omg_security_check_create_topic(const struct ddsi_domaingv *gv, const dds
|
||||||
{
|
{
|
||||||
/*log if the topic discovery is not protected*/
|
/*log if the topic discovery is not protected*/
|
||||||
if (!is_topic_discovery_protected(pp->sec_attr->permissions_handle, sc->access_control_context, topic_name))
|
if (!is_topic_discovery_protected(pp->sec_attr->permissions_handle, sc->access_control_context, topic_name))
|
||||||
EXCEPTION_ERROR(sc, &exception, "Local topic permission denied");
|
EXCEPTION_ERROR(gv, &exception, "Local topic permission denied");
|
||||||
else
|
else
|
||||||
DDS_Security_Exception_reset(&exception);
|
DDS_Security_Exception_reset(&exception);
|
||||||
}
|
}
|
||||||
|
@ -1320,7 +1316,7 @@ bool q_omg_security_check_create_writer(struct participant *pp, uint32_t domain_
|
||||||
{
|
{
|
||||||
/*log if the topic discovery is not protected*/
|
/*log if the topic discovery is not protected*/
|
||||||
if (!is_topic_discovery_protected( pp->sec_attr->permissions_handle, sc->access_control_context, topic_name))
|
if (!is_topic_discovery_protected( pp->sec_attr->permissions_handle, sc->access_control_context, topic_name))
|
||||||
EXCEPTION_ERROR(sc, &exception, "Local topic permission denied");
|
EXCEPTION_ERROR(pp->e.gv, &exception, "Local topic permission denied");
|
||||||
else
|
else
|
||||||
DDS_Security_Exception_reset(&exception);
|
DDS_Security_Exception_reset(&exception);
|
||||||
}
|
}
|
||||||
|
@ -1350,7 +1346,7 @@ void q_omg_security_register_writer(struct writer *wr)
|
||||||
wr->sec_attr = writer_sec_attributes_new();
|
wr->sec_attr = writer_sec_attributes_new();
|
||||||
if (!sc->access_control_context->get_datawriter_sec_attributes(sc->access_control_context, pp->sec_attr->permissions_handle, wr->topic->name, &partitions, NULL, &wr->sec_attr->attr, &exception))
|
if (!sc->access_control_context->get_datawriter_sec_attributes(sc->access_control_context, pp->sec_attr->permissions_handle, wr->topic->name, &partitions, NULL, &wr->sec_attr->attr, &exception))
|
||||||
{
|
{
|
||||||
EXCEPTION_ERROR(sc, &exception, "Failed to retrieve writer security attributes");
|
EXCEPTION_ERROR(pp->e.gv, &exception, "Failed to retrieve writer security attributes");
|
||||||
goto no_attr;
|
goto no_attr;
|
||||||
}
|
}
|
||||||
wr->sec_attr->plugin_attr = true;
|
wr->sec_attr->plugin_attr = true;
|
||||||
|
@ -1367,7 +1363,7 @@ void q_omg_security_register_writer(struct writer *wr)
|
||||||
DDS_Security_PropertySeq_freebuf(&properties);
|
DDS_Security_PropertySeq_freebuf(&properties);
|
||||||
if (wr->sec_attr->crypto_handle == DDS_SECURITY_HANDLE_NIL)
|
if (wr->sec_attr->crypto_handle == DDS_SECURITY_HANDLE_NIL)
|
||||||
{
|
{
|
||||||
EXCEPTION_ERROR(sc, &exception, "Failed to register writer with crypto");
|
EXCEPTION_ERROR(pp->e.gv, &exception, "Failed to register writer with crypto");
|
||||||
goto not_registered;
|
goto not_registered;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -1392,12 +1388,12 @@ void q_omg_security_deregister_writer(struct writer *wr)
|
||||||
if (wr->sec_attr->crypto_handle != DDS_SECURITY_HANDLE_NIL)
|
if (wr->sec_attr->crypto_handle != DDS_SECURITY_HANDLE_NIL)
|
||||||
{
|
{
|
||||||
if (!sc->crypto_context->crypto_key_factory->unregister_datawriter(sc->crypto_context->crypto_key_factory, wr->sec_attr->crypto_handle, &exception))
|
if (!sc->crypto_context->crypto_key_factory->unregister_datawriter(sc->crypto_context->crypto_key_factory, wr->sec_attr->crypto_handle, &exception))
|
||||||
EXCEPTION_ERROR(sc, &exception, "Failed to unregister writer with crypto");
|
EXCEPTION_ERROR(wr->e.gv, &exception, "Failed to unregister writer with crypto");
|
||||||
}
|
}
|
||||||
if (wr->sec_attr->plugin_attr)
|
if (wr->sec_attr->plugin_attr)
|
||||||
{
|
{
|
||||||
if (!sc->access_control_context->return_datawriter_sec_attributes(sc->access_control_context, &wr->sec_attr->attr, &exception))
|
if (!sc->access_control_context->return_datawriter_sec_attributes(sc->access_control_context, &wr->sec_attr->attr, &exception))
|
||||||
EXCEPTION_ERROR(sc, &exception, "Failed to return writer security attributes");
|
EXCEPTION_ERROR(wr->e.gv, &exception, "Failed to return writer security attributes");
|
||||||
}
|
}
|
||||||
writer_sec_attributes_free(wr->sec_attr);
|
writer_sec_attributes_free(wr->sec_attr);
|
||||||
wr->sec_attr = NULL;
|
wr->sec_attr = NULL;
|
||||||
|
@ -1441,7 +1437,7 @@ bool q_omg_security_check_create_reader(struct participant *pp, uint32_t domain_
|
||||||
{
|
{
|
||||||
/*log if the topic discovery is not protected*/
|
/*log if the topic discovery is not protected*/
|
||||||
if (!is_topic_discovery_protected( pp->sec_attr->permissions_handle, sc->access_control_context, topic_name))
|
if (!is_topic_discovery_protected( pp->sec_attr->permissions_handle, sc->access_control_context, topic_name))
|
||||||
EXCEPTION_ERROR(sc, &exception, "Reader is not permitted");
|
EXCEPTION_ERROR(pp->e.gv, &exception, "Reader is not permitted");
|
||||||
else
|
else
|
||||||
DDS_Security_Exception_reset(&exception);
|
DDS_Security_Exception_reset(&exception);
|
||||||
}
|
}
|
||||||
|
@ -1472,7 +1468,7 @@ void q_omg_security_register_reader(struct reader *rd)
|
||||||
|
|
||||||
if (!sc->access_control_context->get_datareader_sec_attributes(sc->access_control_context, pp->sec_attr->permissions_handle, rd->topic->name, &partitions, NULL, &rd->sec_attr->attr, &exception))
|
if (!sc->access_control_context->get_datareader_sec_attributes(sc->access_control_context, pp->sec_attr->permissions_handle, rd->topic->name, &partitions, NULL, &rd->sec_attr->attr, &exception))
|
||||||
{
|
{
|
||||||
EXCEPTION_ERROR(sc, &exception, "Failed to retrieve reader security attributes");
|
EXCEPTION_ERROR(pp->e.gv, &exception, "Failed to retrieve reader security attributes");
|
||||||
goto no_attr;
|
goto no_attr;
|
||||||
}
|
}
|
||||||
rd->sec_attr->plugin_attr = true;
|
rd->sec_attr->plugin_attr = true;
|
||||||
|
@ -1489,7 +1485,7 @@ void q_omg_security_register_reader(struct reader *rd)
|
||||||
DDS_Security_PropertySeq_freebuf(&properties);
|
DDS_Security_PropertySeq_freebuf(&properties);
|
||||||
if (rd->sec_attr->crypto_handle == DDS_SECURITY_HANDLE_NIL)
|
if (rd->sec_attr->crypto_handle == DDS_SECURITY_HANDLE_NIL)
|
||||||
{
|
{
|
||||||
EXCEPTION_ERROR(sc, &exception, "Failed to register reader with crypto");
|
EXCEPTION_ERROR(pp->e.gv, &exception, "Failed to register reader with crypto");
|
||||||
goto not_registered;
|
goto not_registered;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -1514,14 +1510,14 @@ void q_omg_security_deregister_reader(struct reader *rd)
|
||||||
{
|
{
|
||||||
if (!sc->crypto_context->crypto_key_factory->unregister_datareader(sc->crypto_context->crypto_key_factory, rd->sec_attr->crypto_handle, &exception))
|
if (!sc->crypto_context->crypto_key_factory->unregister_datareader(sc->crypto_context->crypto_key_factory, rd->sec_attr->crypto_handle, &exception))
|
||||||
{
|
{
|
||||||
EXCEPTION_ERROR(sc, &exception, "Failed to unregister reader with crypto");
|
EXCEPTION_ERROR(rd->e.gv, &exception, "Failed to unregister reader with crypto");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (rd->sec_attr->plugin_attr)
|
if (rd->sec_attr->plugin_attr)
|
||||||
{
|
{
|
||||||
if (!sc->access_control_context->return_datareader_sec_attributes(sc->access_control_context, &rd->sec_attr->attr, &exception))
|
if (!sc->access_control_context->return_datareader_sec_attributes(sc->access_control_context, &rd->sec_attr->attr, &exception))
|
||||||
{
|
{
|
||||||
EXCEPTION_ERROR(sc, &exception, "Failed to return reader security attributes");
|
EXCEPTION_ERROR(rd->e.gv, &exception, "Failed to return reader security attributes");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
reader_sec_attributes_free(rd->sec_attr);
|
reader_sec_attributes_free(rd->sec_attr);
|
||||||
|
@ -1567,6 +1563,7 @@ static int64_t check_remote_participant_permissions(uint32_t domain_id, struct p
|
||||||
DDS_Security_PermissionsToken permissions_token = DDS_SECURITY_TOKEN_INIT;
|
DDS_Security_PermissionsToken permissions_token = DDS_SECURITY_TOKEN_INIT;
|
||||||
DDS_Security_AuthenticatedPeerCredentialToken peer_credential_token = DDS_SECURITY_TOKEN_INIT;
|
DDS_Security_AuthenticatedPeerCredentialToken peer_credential_token = DDS_SECURITY_TOKEN_INIT;
|
||||||
int64_t permissions_hdl = DDS_SECURITY_HANDLE_NIL;
|
int64_t permissions_hdl = DDS_SECURITY_HANDLE_NIL;
|
||||||
|
struct ddsi_domaingv *gv = pp->e.gv;
|
||||||
|
|
||||||
if (proxypp->plist->present & PP_PERMISSIONS_TOKEN)
|
if (proxypp->plist->present & PP_PERMISSIONS_TOKEN)
|
||||||
q_omg_shallow_copyin_DataHolder(&permissions_token, &proxypp->plist->permissions_token);
|
q_omg_shallow_copyin_DataHolder(&permissions_token, &proxypp->plist->permissions_token);
|
||||||
|
@ -1576,8 +1573,7 @@ static int64_t check_remote_participant_permissions(uint32_t domain_id, struct p
|
||||||
handshake = ddsi_handshake_find(pp, proxypp);
|
handshake = ddsi_handshake_find(pp, proxypp);
|
||||||
if (!handshake)
|
if (!handshake)
|
||||||
{
|
{
|
||||||
ELOG(DDS_LC_ERROR, pp, "Could not find handshake local participant "PGUIDFMT" and remote participant "PGUIDFMT,
|
GVTRACE("Could not find handshake local participant "PGUIDFMT" and remote participant "PGUIDFMT, PGUID(pp->e.guid), PGUID(proxypp->e.guid));
|
||||||
PGUID(pp->e.guid), PGUID(proxypp->e.guid));
|
|
||||||
goto no_handshake;
|
goto no_handshake;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1585,12 +1581,12 @@ static int64_t check_remote_participant_permissions(uint32_t domain_id, struct p
|
||||||
{
|
{
|
||||||
if (q_omg_participant_is_access_protected(pp))
|
if (q_omg_participant_is_access_protected(pp))
|
||||||
{
|
{
|
||||||
EXCEPTION_ERROR(sc, &exception, "Could not authenticate_peer_credential_token for local participan1152t "PGUIDFMT" and remote participant "PGUIDFMT,
|
EXCEPTION_ERROR(gv, &exception, "Could not authenticate_peer_credential_token for local participan1152t "PGUIDFMT" and remote participant "PGUIDFMT,
|
||||||
PGUID(pp->e.guid), PGUID(proxypp->e.guid));
|
PGUID(pp->e.guid), PGUID(proxypp->e.guid));
|
||||||
goto no_credentials;
|
goto no_credentials;
|
||||||
}
|
}
|
||||||
/* Failing is allowed due to the non-protection of access. */
|
/* Failing is allowed due to the non-protection of access. */
|
||||||
EXCEPTION_WARNING(sc, &exception, "Could not authenticate_peer_credential_token for local participant "PGUIDFMT" and remote participant "PGUIDFMT ,
|
EXCEPTION_WARNING(gv, &exception, "Could not authenticate_peer_credential_token for local participant "PGUIDFMT" and remote participant "PGUIDFMT ,
|
||||||
PGUID(pp->e.guid), PGUID(proxypp->e.guid));
|
PGUID(pp->e.guid), PGUID(proxypp->e.guid));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1600,11 +1596,11 @@ static int64_t check_remote_participant_permissions(uint32_t domain_id, struct p
|
||||||
{
|
{
|
||||||
if (q_omg_participant_is_access_protected(pp))
|
if (q_omg_participant_is_access_protected(pp))
|
||||||
{
|
{
|
||||||
EXCEPTION_ERROR(sc, &exception, "Could not get remote participant "PGUIDFMT" permissions from plugin", PGUID(proxypp->e.guid));
|
EXCEPTION_ERROR(gv, &exception, "Could not get remote participant "PGUIDFMT" permissions from plugin", PGUID(proxypp->e.guid));
|
||||||
goto no_permissions;
|
goto no_permissions;
|
||||||
}
|
}
|
||||||
/* Failing is allowed due to the non-protection of access. */
|
/* Failing is allowed due to the non-protection of access. */
|
||||||
EXCEPTION_WARNING(sc, &exception, "Could not get remote participant "PGUIDFMT" permissions from plugin", PGUID(proxypp->e.guid));
|
EXCEPTION_WARNING(gv, &exception, "Could not get remote participant "PGUIDFMT" permissions from plugin", PGUID(proxypp->e.guid));
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Only check remote participant if joining access is protected. */
|
/* Only check remote participant if joining access is protected. */
|
||||||
|
@ -1615,11 +1611,9 @@ static int64_t check_remote_participant_permissions(uint32_t domain_id, struct p
|
||||||
q_omg_shallow_copy_ParticipantBuiltinTopicDataSecure(&participant_data, &(proxypp->e.guid), proxypp->plist);
|
q_omg_shallow_copy_ParticipantBuiltinTopicDataSecure(&participant_data, &(proxypp->e.guid), proxypp->plist);
|
||||||
if (!sc->access_control_context->check_remote_participant(sc->access_control_context, permissions_hdl, (DDS_Security_DomainId)domain_id, &participant_data, &exception))
|
if (!sc->access_control_context->check_remote_participant(sc->access_control_context, permissions_hdl, (DDS_Security_DomainId)domain_id, &participant_data, &exception))
|
||||||
{
|
{
|
||||||
EXCEPTION_WARNING(sc, &exception, "Plugin does not allow remote participant "PGUIDFMT, PGUID(proxypp->e.guid));
|
EXCEPTION_WARNING(gv, &exception, "Plugin does not allow remote participant "PGUIDFMT, PGUID(proxypp->e.guid));
|
||||||
if (!sc->access_control_context->return_permissions_handle(sc->access_control_context, permissions_hdl, &exception))
|
if (!sc->access_control_context->return_permissions_handle(sc->access_control_context, permissions_hdl, &exception))
|
||||||
{
|
EXCEPTION_ERROR(gv, &exception, "Failed to return remote permissions handle");
|
||||||
EXCEPTION_ERROR(sc, &exception, "Failed to return remote permissions handle");
|
|
||||||
}
|
|
||||||
permissions_hdl = DDS_SECURITY_HANDLE_NIL;
|
permissions_hdl = DDS_SECURITY_HANDLE_NIL;
|
||||||
}
|
}
|
||||||
q_omg_shallow_free_ParticipantBuiltinTopicDataSecure(&participant_data);
|
q_omg_shallow_free_ParticipantBuiltinTopicDataSecure(&participant_data);
|
||||||
|
@ -1627,9 +1621,7 @@ static int64_t check_remote_participant_permissions(uint32_t domain_id, struct p
|
||||||
|
|
||||||
no_permissions:
|
no_permissions:
|
||||||
if (!sc->authentication_context->return_authenticated_peer_credential_token(sc->authentication_context, &peer_credential_token, &exception))
|
if (!sc->authentication_context->return_authenticated_peer_credential_token(sc->authentication_context, &peer_credential_token, &exception))
|
||||||
{
|
EXCEPTION_ERROR(gv, &exception, "Failed to return peer credential token");
|
||||||
EXCEPTION_ERROR(sc, &exception, "Failed to return peer credential token");
|
|
||||||
}
|
|
||||||
no_credentials:
|
no_credentials:
|
||||||
ddsi_handshake_release(handshake);
|
ddsi_handshake_release(handshake);
|
||||||
no_handshake:
|
no_handshake:
|
||||||
|
@ -1646,7 +1638,7 @@ static void send_participant_crypto_tokens(struct participant *pp, struct proxy_
|
||||||
|
|
||||||
r = sc->crypto_context->crypto_key_exchange->create_local_participant_crypto_tokens(sc->crypto_context->crypto_key_exchange, &tokens, local_crypto, remote_crypto, &exception);
|
r = sc->crypto_context->crypto_key_exchange->create_local_participant_crypto_tokens(sc->crypto_context->crypto_key_exchange, &tokens, local_crypto, remote_crypto, &exception);
|
||||||
if (!r)
|
if (!r)
|
||||||
EXCEPTION_ERROR(sc, &exception, "Failed to create local participant crypto tokens "PGUIDFMT" for remote participant "PGUIDFMT, PGUID(pp->e.guid), PGUID(proxypp->e.guid));
|
EXCEPTION_ERROR(pp->e.gv, &exception, "Failed to create local participant crypto tokens "PGUIDFMT" for remote participant "PGUIDFMT, PGUID(pp->e.guid), PGUID(proxypp->e.guid));
|
||||||
else if (tokens._length > 0)
|
else if (tokens._length > 0)
|
||||||
{
|
{
|
||||||
nn_dataholderseq_t tholder;
|
nn_dataholderseq_t tholder;
|
||||||
|
@ -1656,7 +1648,7 @@ static void send_participant_crypto_tokens(struct participant *pp, struct proxy_
|
||||||
q_omg_shallow_free_nn_dataholderseq(&tholder);
|
q_omg_shallow_free_nn_dataholderseq(&tholder);
|
||||||
|
|
||||||
if (!sc->crypto_context->crypto_key_exchange->return_crypto_tokens(sc->crypto_context->crypto_key_exchange, &tokens, &exception))
|
if (!sc->crypto_context->crypto_key_exchange->return_crypto_tokens(sc->crypto_context->crypto_key_exchange, &tokens, &exception))
|
||||||
EXCEPTION_ERROR(sc, &exception, "Failed to return local participant crypto tokens "PGUIDFMT" for remote participant "PGUIDFMT, PGUID(pp->e.guid), PGUID(proxypp->e.guid));
|
EXCEPTION_ERROR(pp->e.gv, &exception, "Failed to return local participant crypto tokens "PGUIDFMT" for remote participant "PGUIDFMT, PGUID(pp->e.guid), PGUID(proxypp->e.guid));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1758,7 +1750,7 @@ bool q_omg_security_register_remote_participant(struct participant *pp, struct p
|
||||||
sc->crypto_context->crypto_key_factory, pp->sec_attr->crypto_handle, proxypp->sec_attr->remote_identity_handle, permissions_handle, shared_secret, &exception);
|
sc->crypto_context->crypto_key_factory, pp->sec_attr->crypto_handle, proxypp->sec_attr->remote_identity_handle, permissions_handle, shared_secret, &exception);
|
||||||
if (crypto_handle == DDS_SECURITY_HANDLE_NIL)
|
if (crypto_handle == DDS_SECURITY_HANDLE_NIL)
|
||||||
{
|
{
|
||||||
EXCEPTION_ERROR(sc, &exception, "Failed to register matched remote participant "PGUIDFMT" with participant "PGUIDFMT, PGUID(proxypp->e.guid), PGUID(pp->e.guid));
|
EXCEPTION_ERROR(gv, &exception, "Failed to register matched remote participant "PGUIDFMT" with participant "PGUIDFMT, PGUID(proxypp->e.guid), PGUID(pp->e.guid));
|
||||||
ret = false;
|
ret = false;
|
||||||
goto register_failed;
|
goto register_failed;
|
||||||
}
|
}
|
||||||
|
@ -1779,7 +1771,7 @@ bool q_omg_security_register_remote_participant(struct participant *pp, struct p
|
||||||
{
|
{
|
||||||
ret = sc->crypto_context->crypto_key_exchange->set_remote_participant_crypto_tokens(sc->crypto_context->crypto_key_exchange, pp->sec_attr->crypto_handle, crypto_handle, match->tokens, &exception);
|
ret = sc->crypto_context->crypto_key_exchange->set_remote_participant_crypto_tokens(sc->crypto_context->crypto_key_exchange, pp->sec_attr->crypto_handle, crypto_handle, match->tokens, &exception);
|
||||||
if (!ret)
|
if (!ret)
|
||||||
EXCEPTION_ERROR(sc, &exception, " Failed to set remote participant crypto tokens "PGUIDFMT" --> "PGUIDFMT, PGUID(proxypp->e.guid), PGUID(pp->e.guid));
|
EXCEPTION_ERROR(gv, &exception, " Failed to set remote participant crypto tokens "PGUIDFMT" --> "PGUIDFMT, PGUID(proxypp->e.guid), PGUID(pp->e.guid));
|
||||||
else
|
else
|
||||||
GVTRACE(" set participant tokens src("PGUIDFMT") to dst("PGUIDFMT") (by registering remote)\n", PGUID(proxypp->e.guid), PGUID(pp->e.guid));
|
GVTRACE(" set participant tokens src("PGUIDFMT") to dst("PGUIDFMT") (by registering remote)\n", PGUID(proxypp->e.guid), PGUID(pp->e.guid));
|
||||||
delete_pending_match(&sc->security_matches, match);
|
delete_pending_match(&sc->security_matches, match);
|
||||||
|
@ -1832,7 +1824,8 @@ void q_omg_security_deregister_remote_participant(struct proxy_participant *prox
|
||||||
struct ddsi_domaingv *gv = proxypp->e.gv;
|
struct ddsi_domaingv *gv = proxypp->e.gv;
|
||||||
DDS_Security_SecurityException exception = DDS_SECURITY_EXCEPTION_INIT;
|
DDS_Security_SecurityException exception = DDS_SECURITY_EXCEPTION_INIT;
|
||||||
|
|
||||||
if (proxypp->sec_attr) {
|
if (proxypp->sec_attr)
|
||||||
|
{
|
||||||
dds_security_context *sc = proxypp->sec_attr->sc;
|
dds_security_context *sc = proxypp->sec_attr->sc;
|
||||||
struct proxypp_pp_match *pm;
|
struct proxypp_pp_match *pm;
|
||||||
struct participant *pp;
|
struct participant *pp;
|
||||||
|
@ -1841,12 +1834,10 @@ void q_omg_security_deregister_remote_participant(struct proxy_participant *prox
|
||||||
while (pm)
|
while (pm)
|
||||||
{
|
{
|
||||||
struct proxypp_pp_match *next = ddsrt_avl_find_succ(&proxypp_pp_treedef, &proxypp->sec_attr->participants, pm);
|
struct proxypp_pp_match *next = ddsrt_avl_find_succ(&proxypp_pp_treedef, &proxypp->sec_attr->participants, pm);
|
||||||
|
|
||||||
ddsrt_avl_delete(&proxypp_pp_treedef, &proxypp->sec_attr->participants, pm);
|
ddsrt_avl_delete(&proxypp_pp_treedef, &proxypp->sec_attr->participants, pm);
|
||||||
pp = entidx_lookup_participant_guid(gv->entity_index, &pm->pp_guid);
|
if ((pp = entidx_lookup_participant_guid(gv->entity_index, &pm->pp_guid)) != NULL)
|
||||||
if (pp)
|
|
||||||
pp_proxypp_unrelate(sc, pp, &proxypp->e.guid);
|
pp_proxypp_unrelate(sc, pp, &proxypp->e.guid);
|
||||||
proxypp_pp_match_free(sc, pm);
|
proxypp_pp_match_free(gv, sc, pm);
|
||||||
pm = next;
|
pm = next;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1855,13 +1846,13 @@ void q_omg_security_deregister_remote_participant(struct proxy_participant *prox
|
||||||
if (proxypp->sec_attr->crypto_handle != DDS_SECURITY_HANDLE_NIL)
|
if (proxypp->sec_attr->crypto_handle != DDS_SECURITY_HANDLE_NIL)
|
||||||
{
|
{
|
||||||
if (!sc->crypto_context->crypto_key_factory->unregister_participant(sc->crypto_context->crypto_key_factory, proxypp->sec_attr->crypto_handle, &exception))
|
if (!sc->crypto_context->crypto_key_factory->unregister_participant(sc->crypto_context->crypto_key_factory, proxypp->sec_attr->crypto_handle, &exception))
|
||||||
EXCEPTION_ERROR(sc, &exception, "2:Failed to return remote crypto handle");
|
EXCEPTION_ERROR(gv, &exception, "2:Failed to return remote crypto handle");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (proxypp->sec_attr->remote_identity_handle != DDS_SECURITY_HANDLE_NIL)
|
if (proxypp->sec_attr->remote_identity_handle != DDS_SECURITY_HANDLE_NIL)
|
||||||
{
|
{
|
||||||
if (!sc->authentication_context->return_identity_handle(sc->authentication_context, proxypp->sec_attr->remote_identity_handle, &exception))
|
if (!sc->authentication_context->return_identity_handle(sc->authentication_context, proxypp->sec_attr->remote_identity_handle, &exception))
|
||||||
EXCEPTION_ERROR(sc, &exception, "Failed to return remote identity handle");
|
EXCEPTION_ERROR(gv, &exception, "Failed to return remote identity handle");
|
||||||
}
|
}
|
||||||
|
|
||||||
ddsrt_mutex_destroy(&proxypp->sec_attr->lock);
|
ddsrt_mutex_destroy(&proxypp->sec_attr->lock);
|
||||||
|
@ -1960,7 +1951,7 @@ void q_omg_security_set_participant_crypto_tokens(struct participant *pp, struct
|
||||||
DDS_Security_DataHolderSeq_free(tseq);
|
DDS_Security_DataHolderSeq_free(tseq);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
EXCEPTION_ERROR(sc, &exception, " Failed to set remote participant crypto tokens "PGUIDFMT" for participant "PGUIDFMT, PGUID(proxypp->e.guid), PGUID(pp->e.guid));
|
EXCEPTION_ERROR(gv, &exception, " Failed to set remote participant crypto tokens "PGUIDFMT" for participant "PGUIDFMT, PGUID(proxypp->e.guid), PGUID(pp->e.guid));
|
||||||
}
|
}
|
||||||
ddsrt_mutex_unlock(&pp->e.lock);
|
ddsrt_mutex_unlock(&pp->e.lock);
|
||||||
|
|
||||||
|
@ -2054,7 +2045,7 @@ bool q_omg_security_check_remote_writer_permissions(const struct proxy_writer *p
|
||||||
if (!ok)
|
if (!ok)
|
||||||
{
|
{
|
||||||
if (!is_topic_discovery_protected(pp->sec_attr->permissions_handle, sc->access_control_context, publication_data.topic_name))
|
if (!is_topic_discovery_protected(pp->sec_attr->permissions_handle, sc->access_control_context, publication_data.topic_name))
|
||||||
EXCEPTION_ERROR(sc, &exception, "Access control does not allow remote writer "PGUIDFMT": %s", PGUID(pwr->e.guid));
|
EXCEPTION_ERROR(gv, &exception, "Access control does not allow remote writer "PGUIDFMT": %s", PGUID(pwr->e.guid));
|
||||||
else
|
else
|
||||||
DDS_Security_Exception_reset(&exception);
|
DDS_Security_Exception_reset(&exception);
|
||||||
}
|
}
|
||||||
|
@ -2076,7 +2067,7 @@ static void send_reader_crypto_tokens(struct reader *rd, struct proxy_writer *pw
|
||||||
|
|
||||||
r = sc->crypto_context->crypto_key_exchange->create_local_datareader_crypto_tokens(sc->crypto_context->crypto_key_exchange, &tokens, local_crypto, remote_crypto, &exception);
|
r = sc->crypto_context->crypto_key_exchange->create_local_datareader_crypto_tokens(sc->crypto_context->crypto_key_exchange, &tokens, local_crypto, remote_crypto, &exception);
|
||||||
if (!r)
|
if (!r)
|
||||||
EXCEPTION_ERROR(sc, &exception,"Failed to create local reader crypto tokens "PGUIDFMT" for remote writer "PGUIDFMT, PGUID(rd->e.guid), PGUID(pwr->e.guid));
|
EXCEPTION_ERROR(gv, &exception,"Failed to create local reader crypto tokens "PGUIDFMT" for remote writer "PGUIDFMT, PGUID(rd->e.guid), PGUID(pwr->e.guid));
|
||||||
else if (tokens._length > 0)
|
else if (tokens._length > 0)
|
||||||
{
|
{
|
||||||
nn_dataholderseq_t tholder;
|
nn_dataholderseq_t tholder;
|
||||||
|
@ -2086,7 +2077,7 @@ static void send_reader_crypto_tokens(struct reader *rd, struct proxy_writer *pw
|
||||||
q_omg_shallow_free_nn_dataholderseq(&tholder);
|
q_omg_shallow_free_nn_dataholderseq(&tholder);
|
||||||
|
|
||||||
if (!sc->crypto_context->crypto_key_exchange->return_crypto_tokens(sc->crypto_context->crypto_key_exchange, &tokens, &exception))
|
if (!sc->crypto_context->crypto_key_exchange->return_crypto_tokens(sc->crypto_context->crypto_key_exchange, &tokens, &exception))
|
||||||
EXCEPTION_ERROR(sc, &exception, "Failed to return local reader crypto tokens "PGUIDFMT" for remote writer "PGUIDFMT, PGUID(rd->e.guid), PGUID(pwr->e.guid));
|
EXCEPTION_ERROR(gv, &exception, "Failed to return local reader crypto tokens "PGUIDFMT" for remote writer "PGUIDFMT, PGUID(rd->e.guid), PGUID(pwr->e.guid));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2121,7 +2112,7 @@ static bool q_omg_security_register_remote_writer_match(struct proxy_writer *pwr
|
||||||
allowed = true;
|
allowed = true;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
EXCEPTION_ERROR(sc, &exception, "Failed to register remote writer "PGUIDFMT" with reader "PGUIDFMT, PGUID(pwr->e.guid), PGUID(rd->e.guid));
|
EXCEPTION_ERROR(gv, &exception, "Failed to register remote writer "PGUIDFMT" with reader "PGUIDFMT, PGUID(pwr->e.guid), PGUID(rd->e.guid));
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
@ -2133,7 +2124,7 @@ static bool q_omg_security_register_remote_writer_match(struct proxy_writer *pwr
|
||||||
*crypto_handle = sc->crypto_context->crypto_key_factory->register_matched_remote_datawriter(
|
*crypto_handle = sc->crypto_context->crypto_key_factory->register_matched_remote_datawriter(
|
||||||
sc->crypto_context->crypto_key_factory, rd->sec_attr->crypto_handle, proxypp->sec_attr->crypto_handle, proxypp_match->shared_secret, &exception);
|
sc->crypto_context->crypto_key_factory, rd->sec_attr->crypto_handle, proxypp->sec_attr->crypto_handle, proxypp_match->shared_secret, &exception);
|
||||||
if (*crypto_handle == 0)
|
if (*crypto_handle == 0)
|
||||||
EXCEPTION_ERROR(sc, &exception, "Failed to register remote writer "PGUIDFMT" with reader "PGUIDFMT, PGUID(pwr->e.guid), PGUID(rd->e.guid));
|
EXCEPTION_ERROR(gv, &exception, "Failed to register remote writer "PGUIDFMT" with reader "PGUIDFMT, PGUID(pwr->e.guid), PGUID(rd->e.guid));
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
pending_match->crypto_handle = *crypto_handle;
|
pending_match->crypto_handle = *crypto_handle;
|
||||||
|
@ -2142,7 +2133,7 @@ static bool q_omg_security_register_remote_writer_match(struct proxy_writer *pwr
|
||||||
{
|
{
|
||||||
if (!sc->crypto_context->crypto_key_exchange->set_remote_datawriter_crypto_tokens(
|
if (!sc->crypto_context->crypto_key_exchange->set_remote_datawriter_crypto_tokens(
|
||||||
sc->crypto_context->crypto_key_exchange, rd->sec_attr->crypto_handle, *crypto_handle, pending_match->tokens, &exception))
|
sc->crypto_context->crypto_key_exchange, rd->sec_attr->crypto_handle, *crypto_handle, pending_match->tokens, &exception))
|
||||||
EXCEPTION_ERROR(sc, &exception, "Failed to set remote writer crypto tokens "PGUIDFMT" --> "PGUIDFMT, PGUID(pwr->e.guid), PGUID(rd->e.guid));
|
EXCEPTION_ERROR(gv, &exception, "Failed to set remote writer crypto tokens "PGUIDFMT" --> "PGUIDFMT, PGUID(pwr->e.guid), PGUID(rd->e.guid));
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
GVTRACE("match_remote_writer "PGUIDFMT" with reader "PGUIDFMT": tokens available\n", PGUID(pwr->e.guid), PGUID(rd->e.guid));
|
GVTRACE("match_remote_writer "PGUIDFMT" with reader "PGUIDFMT": tokens available\n", PGUID(pwr->e.guid), PGUID(rd->e.guid));
|
||||||
|
@ -2227,7 +2218,7 @@ void q_omg_security_deregister_remote_writer_match(const struct ddsi_domaingv *g
|
||||||
if (m->crypto_handle != 0)
|
if (m->crypto_handle != 0)
|
||||||
{
|
{
|
||||||
if (!sc->crypto_context->crypto_key_factory->unregister_datawriter(sc->crypto_context->crypto_key_factory, m->crypto_handle, &exception))
|
if (!sc->crypto_context->crypto_key_factory->unregister_datawriter(sc->crypto_context->crypto_key_factory, m->crypto_handle, &exception))
|
||||||
EXCEPTION_ERROR(sc, &exception, "Failed to unregister remote writer "PGUIDFMT" for reader "PGUIDFMT, PGUID(m->pwr_guid), PGUID(*rd_guid));
|
EXCEPTION_ERROR(gv, &exception, "Failed to unregister remote writer "PGUIDFMT" for reader "PGUIDFMT, PGUID(m->pwr_guid), PGUID(*rd_guid));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2289,7 +2280,7 @@ bool q_omg_security_check_remote_reader_permissions(const struct proxy_reader *p
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
if (!is_topic_discovery_protected(pp->sec_attr->permissions_handle, sc->access_control_context, subscription_data.topic_name))
|
if (!is_topic_discovery_protected(pp->sec_attr->permissions_handle, sc->access_control_context, subscription_data.topic_name))
|
||||||
EXCEPTION_ERROR(sc, &exception, "Access control does not allow remote reader "PGUIDFMT": %s", PGUID(prd->e.guid));
|
EXCEPTION_ERROR(gv, &exception, "Access control does not allow remote reader "PGUIDFMT": %s", PGUID(prd->e.guid));
|
||||||
else
|
else
|
||||||
DDS_Security_Exception_reset(&exception);
|
DDS_Security_Exception_reset(&exception);
|
||||||
}
|
}
|
||||||
|
@ -2383,7 +2374,7 @@ void q_omg_security_deregister_remote_reader_match(const struct ddsi_domaingv *g
|
||||||
if (m->crypto_handle != 0)
|
if (m->crypto_handle != 0)
|
||||||
{
|
{
|
||||||
if (!sc->crypto_context->crypto_key_factory->unregister_datareader(sc->crypto_context->crypto_key_factory, m->crypto_handle, &exception))
|
if (!sc->crypto_context->crypto_key_factory->unregister_datareader(sc->crypto_context->crypto_key_factory, m->crypto_handle, &exception))
|
||||||
EXCEPTION_ERROR(sc, &exception, "Failed to unregister remote reader "PGUIDFMT" for writer "PGUIDFMT, PGUID(m->prd_guid), PGUID(*wr_guid));
|
EXCEPTION_ERROR(gv, &exception, "Failed to unregister remote reader "PGUIDFMT" for writer "PGUIDFMT, PGUID(m->prd_guid), PGUID(*wr_guid));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2408,7 +2399,7 @@ static void send_writer_crypto_tokens(struct writer *wr, struct proxy_reader *pr
|
||||||
|
|
||||||
r = sc->crypto_context->crypto_key_exchange->create_local_datawriter_crypto_tokens(sc->crypto_context->crypto_key_exchange, &tokens, local_crypto, remote_crypto, &exception);
|
r = sc->crypto_context->crypto_key_exchange->create_local_datawriter_crypto_tokens(sc->crypto_context->crypto_key_exchange, &tokens, local_crypto, remote_crypto, &exception);
|
||||||
if (!r)
|
if (!r)
|
||||||
EXCEPTION_ERROR(sc, &exception,"Failed to create local writer crypto tokens "PGUIDFMT" for remote reader "PGUIDFMT, PGUID(wr->e.guid), PGUID(prd->e.guid));
|
EXCEPTION_ERROR(gv, &exception,"Failed to create local writer crypto tokens "PGUIDFMT" for remote reader "PGUIDFMT, PGUID(wr->e.guid), PGUID(prd->e.guid));
|
||||||
else if (tokens._length > 0)
|
else if (tokens._length > 0)
|
||||||
{
|
{
|
||||||
nn_dataholderseq_t tholder;
|
nn_dataholderseq_t tholder;
|
||||||
|
@ -2418,7 +2409,7 @@ static void send_writer_crypto_tokens(struct writer *wr, struct proxy_reader *pr
|
||||||
q_omg_shallow_free_nn_dataholderseq(&tholder);
|
q_omg_shallow_free_nn_dataholderseq(&tholder);
|
||||||
|
|
||||||
if (!sc->crypto_context->crypto_key_exchange->return_crypto_tokens(sc->crypto_context->crypto_key_exchange, &tokens, &exception))
|
if (!sc->crypto_context->crypto_key_exchange->return_crypto_tokens(sc->crypto_context->crypto_key_exchange, &tokens, &exception))
|
||||||
EXCEPTION_ERROR(sc, &exception, "Failed to return local writer crypto tokens "PGUIDFMT" for remote reader "PGUIDFMT, PGUID(wr->e.guid), PGUID(prd->e.guid));
|
EXCEPTION_ERROR(gv, &exception, "Failed to return local writer crypto tokens "PGUIDFMT" for remote reader "PGUIDFMT, PGUID(wr->e.guid), PGUID(prd->e.guid));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2454,7 +2445,7 @@ static bool q_omg_security_register_remote_reader_match(struct proxy_reader *prd
|
||||||
allowed = true;
|
allowed = true;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
EXCEPTION_ERROR(sc, &exception, "Failed to register remote reader "PGUIDFMT" with writer "PGUIDFMT, PGUID(prd->e.guid), PGUID(wr->e.guid));
|
EXCEPTION_ERROR(gv, &exception, "Failed to register remote reader "PGUIDFMT" with writer "PGUIDFMT, PGUID(prd->e.guid), PGUID(wr->e.guid));
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
@ -2466,7 +2457,7 @@ static bool q_omg_security_register_remote_reader_match(struct proxy_reader *prd
|
||||||
*crypto_handle = sc->crypto_context->crypto_key_factory->register_matched_remote_datareader(
|
*crypto_handle = sc->crypto_context->crypto_key_factory->register_matched_remote_datareader(
|
||||||
sc->crypto_context->crypto_key_factory, wr->sec_attr->crypto_handle, proxypp->sec_attr->crypto_handle, proxypp_match->shared_secret, relay_only, &exception);
|
sc->crypto_context->crypto_key_factory, wr->sec_attr->crypto_handle, proxypp->sec_attr->crypto_handle, proxypp_match->shared_secret, relay_only, &exception);
|
||||||
if (*crypto_handle == 0)
|
if (*crypto_handle == 0)
|
||||||
EXCEPTION_ERROR(sc, &exception, "Failed to register remote reader "PGUIDFMT" with writer "PGUIDFMT, PGUID(prd->e.guid), PGUID(wr->e.guid));
|
EXCEPTION_ERROR(gv, &exception, "Failed to register remote reader "PGUIDFMT" with writer "PGUIDFMT, PGUID(prd->e.guid), PGUID(wr->e.guid));
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
pending_match->crypto_handle = *crypto_handle;
|
pending_match->crypto_handle = *crypto_handle;
|
||||||
|
@ -2476,7 +2467,7 @@ static bool q_omg_security_register_remote_reader_match(struct proxy_reader *prd
|
||||||
{
|
{
|
||||||
if (!sc->crypto_context->crypto_key_exchange->set_remote_datareader_crypto_tokens(
|
if (!sc->crypto_context->crypto_key_exchange->set_remote_datareader_crypto_tokens(
|
||||||
sc->crypto_context->crypto_key_exchange, wr->sec_attr->crypto_handle, *crypto_handle, pending_match->tokens, &exception))
|
sc->crypto_context->crypto_key_exchange, wr->sec_attr->crypto_handle, *crypto_handle, pending_match->tokens, &exception))
|
||||||
EXCEPTION_ERROR(sc, &exception, "Failed to set remote reader crypto tokens "PGUIDFMT" --> "PGUIDFMT, PGUID(prd->e.guid), PGUID(wr->e.guid));
|
EXCEPTION_ERROR(gv, &exception, "Failed to set remote reader crypto tokens "PGUIDFMT" --> "PGUIDFMT, PGUID(prd->e.guid), PGUID(wr->e.guid));
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
GVTRACE(" match_remote_reader "PGUIDFMT" with writer "PGUIDFMT": tokens available\n", PGUID(prd->e.guid), PGUID(wr->e.guid));
|
GVTRACE(" match_remote_reader "PGUIDFMT" with writer "PGUIDFMT": tokens available\n", PGUID(prd->e.guid), PGUID(wr->e.guid));
|
||||||
|
@ -2575,7 +2566,7 @@ void q_omg_security_set_remote_writer_crypto_tokens(struct reader *rd, const dds
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
if (!sc->crypto_context->crypto_key_exchange->set_remote_datawriter_crypto_tokens(sc->crypto_context->crypto_key_exchange, rd->sec_attr->crypto_handle, match->crypto_handle, tseq, &exception))
|
if (!sc->crypto_context->crypto_key_exchange->set_remote_datawriter_crypto_tokens(sc->crypto_context->crypto_key_exchange, rd->sec_attr->crypto_handle, match->crypto_handle, tseq, &exception))
|
||||||
EXCEPTION_ERROR(sc, &exception, "Failed to set remote writer crypto tokens "PGUIDFMT" for reader "PGUIDFMT, PGUID(pwr->e.guid), PGUID(rd->e.guid));
|
EXCEPTION_ERROR(gv, &exception, "Failed to set remote writer crypto tokens "PGUIDFMT" for reader "PGUIDFMT, PGUID(pwr->e.guid), PGUID(rd->e.guid));
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
GVTRACE("set_remote_writer_crypto_tokens "PGUIDFMT" with reader "PGUIDFMT"\n", PGUID(pwr->e.guid), PGUID(rd->e.guid));
|
GVTRACE("set_remote_writer_crypto_tokens "PGUIDFMT" with reader "PGUIDFMT"\n", PGUID(pwr->e.guid), PGUID(rd->e.guid));
|
||||||
|
@ -2614,7 +2605,7 @@ void q_omg_security_set_remote_reader_crypto_tokens(struct writer *wr, const dds
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
if (!sc->crypto_context->crypto_key_exchange->set_remote_datareader_crypto_tokens(sc->crypto_context->crypto_key_exchange, wr->sec_attr->crypto_handle, match->crypto_handle, tseq, &exception))
|
if (!sc->crypto_context->crypto_key_exchange->set_remote_datareader_crypto_tokens(sc->crypto_context->crypto_key_exchange, wr->sec_attr->crypto_handle, match->crypto_handle, tseq, &exception))
|
||||||
EXCEPTION_ERROR(sc, &exception, "Failed to set remote reader crypto tokens "PGUIDFMT" for writer "PGUIDFMT, PGUID(prd->e.guid), PGUID(wr->e.guid));
|
EXCEPTION_ERROR(gv, &exception, "Failed to set remote reader crypto tokens "PGUIDFMT" for writer "PGUIDFMT, PGUID(prd->e.guid), PGUID(wr->e.guid));
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
GVTRACE("set_remote_reader_crypto_tokens "PGUIDFMT" with writer "PGUIDFMT"\n", PGUID(prd->e.guid), PGUID(wr->e.guid));
|
GVTRACE("set_remote_reader_crypto_tokens "PGUIDFMT" with writer "PGUIDFMT"\n", PGUID(prd->e.guid), PGUID(wr->e.guid));
|
||||||
|
|
|
@ -858,7 +858,7 @@ static dds_return_t check_and_load_security_config (struct ddsi_domaingv * const
|
||||||
GVLOGDISC ("new_participant("PGUIDFMT"): security is already loaded for this domain\n", PGUID (*ppguid));
|
GVLOGDISC ("new_participant("PGUIDFMT"): security is already loaded for this domain\n", PGUID (*ppguid));
|
||||||
return DDS_RETCODE_OK;
|
return DDS_RETCODE_OK;
|
||||||
}
|
}
|
||||||
else if (q_omg_security_load (gv->security_context, qos) < 0)
|
else if (q_omg_security_load (gv->security_context, qos, gv) < 0)
|
||||||
{
|
{
|
||||||
GVERROR ("Could not load security\n");
|
GVERROR ("Could not load security\n");
|
||||||
return DDS_RETCODE_NOT_ALLOWED_BY_SECURITY;
|
return DDS_RETCODE_NOT_ALLOWED_BY_SECURITY;
|
||||||
|
|
|
@ -17,6 +17,7 @@ target_include_directories(
|
||||||
security_api INTERFACE
|
security_api INTERFACE
|
||||||
"$<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/include>"
|
"$<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/include>"
|
||||||
"$<BUILD_INTERFACE:${CMAKE_CURRENT_BINARY_DIR}/include>"
|
"$<BUILD_INTERFACE:${CMAKE_CURRENT_BINARY_DIR}/include>"
|
||||||
|
"$<BUILD_INTERFACE:${CMAKE_CURRENT_LIST_DIR}/../../core/ddsi/include>"
|
||||||
)
|
)
|
||||||
|
|
||||||
install(
|
install(
|
||||||
|
|
|
@ -13,8 +13,7 @@
|
||||||
#ifndef DDS_SECURITY_API_H
|
#ifndef DDS_SECURITY_API_H
|
||||||
#define DDS_SECURITY_API_H
|
#define DDS_SECURITY_API_H
|
||||||
|
|
||||||
|
#include "dds/ddsi/ddsi_domaingv.h"
|
||||||
/* Various security plugins. */
|
|
||||||
#include "dds_security_api_access_control.h"
|
#include "dds_security_api_access_control.h"
|
||||||
#include "dds_security_api_authentication.h"
|
#include "dds_security_api_authentication.h"
|
||||||
#include "dds_security_api_cryptography.h"
|
#include "dds_security_api_cryptography.h"
|
||||||
|
@ -24,25 +23,12 @@
|
||||||
extern "C" {
|
extern "C" {
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
/* Integration functions for Security plugins */
|
||||||
/**
|
typedef int (*plugin_init)(const char *argument, void **context, struct ddsi_domaingv *gv);
|
||||||
* Integration functions for Security plugins
|
typedef int (*plugin_finalize)(void *context);
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
typedef int (*plugin_init)(
|
|
||||||
const char *argument,
|
|
||||||
void **context
|
|
||||||
);
|
|
||||||
|
|
||||||
typedef int (*plugin_finalize)(
|
|
||||||
void *context
|
|
||||||
);
|
|
||||||
|
|
||||||
|
|
||||||
#if defined (__cplusplus)
|
#if defined (__cplusplus)
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
||||||
#endif /* DDS_SECURITY_API_H */
|
#endif /* DDS_SECURITY_API_H */
|
||||||
|
|
|
@ -17,29 +17,20 @@
|
||||||
#include "dds_security_api_authentication.h"
|
#include "dds_security_api_authentication.h"
|
||||||
|
|
||||||
#if defined(__cplusplus)
|
#if defined(__cplusplus)
|
||||||
extern "C" {
|
extern "C"
|
||||||
|
{
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
/* AccessControl Component */
|
||||||
|
|
||||||
/**
|
|
||||||
* AccessControl Component
|
|
||||||
*/
|
|
||||||
struct dds_security_access_control;
|
struct dds_security_access_control;
|
||||||
typedef struct dds_security_access_control dds_security_access_control;
|
typedef struct dds_security_access_control dds_security_access_control;
|
||||||
|
|
||||||
|
|
||||||
|
/* AccessControlListener Interface */
|
||||||
struct dds_security_access_control_listener;
|
struct dds_security_access_control_listener;
|
||||||
typedef struct dds_security_access_control_listener dds_security_access_control_listener;
|
typedef struct dds_security_access_control_listener dds_security_access_control_listener;
|
||||||
|
|
||||||
|
typedef DDS_Security_boolean (*DDS_Security_access_control_listener_on_revoke_permissions)(
|
||||||
/**
|
|
||||||
* AccessControlListener Interface
|
|
||||||
* */
|
|
||||||
|
|
||||||
|
|
||||||
typedef DDS_Security_boolean
|
|
||||||
(*DDS_Security_access_control_listener_on_revoke_permissions)
|
|
||||||
( dds_security_access_control_listener *instance,
|
|
||||||
const dds_security_access_control *plugin,
|
const dds_security_access_control *plugin,
|
||||||
const DDS_Security_PermissionsHandle handle);
|
const DDS_Security_PermissionsHandle handle);
|
||||||
|
|
||||||
|
@ -48,23 +39,17 @@ struct dds_security_access_control_listener
|
||||||
DDS_Security_access_control_listener_on_revoke_permissions on_revoke_permissions;
|
DDS_Security_access_control_listener_on_revoke_permissions on_revoke_permissions;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
/* AccessControl Interface */
|
||||||
/**
|
typedef DDS_Security_PermissionsHandle (*DDS_Security_access_control_validate_local_permissions)(
|
||||||
* AccessControl Interface
|
dds_security_access_control *instance,
|
||||||
*/
|
|
||||||
|
|
||||||
typedef DDS_Security_PermissionsHandle
|
|
||||||
(*DDS_Security_access_control_validate_local_permissions)
|
|
||||||
( dds_security_access_control *instance,
|
|
||||||
const dds_security_authentication *auth_plugin,
|
const dds_security_authentication *auth_plugin,
|
||||||
const DDS_Security_IdentityHandle identity,
|
const DDS_Security_IdentityHandle identity,
|
||||||
const DDS_Security_DomainId domain_id,
|
const DDS_Security_DomainId domain_id,
|
||||||
const DDS_Security_Qos *participant_qos,
|
const DDS_Security_Qos *participant_qos,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
typedef DDS_Security_PermissionsHandle
|
typedef DDS_Security_PermissionsHandle (*DDS_Security_access_control_validate_remote_permissions)(
|
||||||
(*DDS_Security_access_control_validate_remote_permissions)
|
dds_security_access_control *instance,
|
||||||
( dds_security_access_control *instance,
|
|
||||||
const dds_security_authentication *auth_plugin,
|
const dds_security_authentication *auth_plugin,
|
||||||
const DDS_Security_IdentityHandle local_identity_handle,
|
const DDS_Security_IdentityHandle local_identity_handle,
|
||||||
const DDS_Security_IdentityHandle remote_identity_handle,
|
const DDS_Security_IdentityHandle remote_identity_handle,
|
||||||
|
@ -72,17 +57,15 @@ typedef DDS_Security_PermissionsHandle
|
||||||
const DDS_Security_AuthenticatedPeerCredentialToken *remote_credential_token,
|
const DDS_Security_AuthenticatedPeerCredentialToken *remote_credential_token,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
typedef DDS_Security_boolean
|
typedef DDS_Security_boolean (*DDS_Security_access_control_check_create_participant)(
|
||||||
(*DDS_Security_access_control_check_create_participant)
|
dds_security_access_control *instance,
|
||||||
( dds_security_access_control *instance,
|
|
||||||
const DDS_Security_PermissionsHandle permissions_handle,
|
const DDS_Security_PermissionsHandle permissions_handle,
|
||||||
const DDS_Security_DomainId domain_id,
|
const DDS_Security_DomainId domain_id,
|
||||||
const DDS_Security_Qos *participant_qos,
|
const DDS_Security_Qos *participant_qos,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
typedef DDS_Security_boolean
|
typedef DDS_Security_boolean (*DDS_Security_access_control_check_create_datawriter)(
|
||||||
(*DDS_Security_access_control_check_create_datawriter)
|
dds_security_access_control *instance,
|
||||||
( dds_security_access_control *instance,
|
|
||||||
const DDS_Security_PermissionsHandle permissions_handle,
|
const DDS_Security_PermissionsHandle permissions_handle,
|
||||||
const DDS_Security_DomainId domain_id,
|
const DDS_Security_DomainId domain_id,
|
||||||
const DDS_Security_char *topic_name,
|
const DDS_Security_char *topic_name,
|
||||||
|
@ -91,9 +74,8 @@ typedef DDS_Security_boolean
|
||||||
const DDS_Security_DataTags *data_tag,
|
const DDS_Security_DataTags *data_tag,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
typedef DDS_Security_boolean
|
typedef DDS_Security_boolean (*DDS_Security_access_control_check_create_datareader)(
|
||||||
(*DDS_Security_access_control_check_create_datareader)
|
dds_security_access_control *instance,
|
||||||
( dds_security_access_control *instance,
|
|
||||||
const DDS_Security_PermissionsHandle permissions_handle,
|
const DDS_Security_PermissionsHandle permissions_handle,
|
||||||
const DDS_Security_DomainId domain_id,
|
const DDS_Security_DomainId domain_id,
|
||||||
const DDS_Security_char *topic_name,
|
const DDS_Security_char *topic_name,
|
||||||
|
@ -102,88 +84,75 @@ typedef DDS_Security_boolean
|
||||||
const DDS_Security_DataTags *data_tag,
|
const DDS_Security_DataTags *data_tag,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
|
typedef DDS_Security_boolean (*DDS_Security_access_control_check_create_topic)(
|
||||||
typedef DDS_Security_boolean
|
dds_security_access_control *instance,
|
||||||
(*DDS_Security_access_control_check_create_topic)
|
|
||||||
( dds_security_access_control *instance,
|
|
||||||
const DDS_Security_PermissionsHandle permissions_handle,
|
const DDS_Security_PermissionsHandle permissions_handle,
|
||||||
const DDS_Security_DomainId domain_id,
|
const DDS_Security_DomainId domain_id,
|
||||||
const DDS_Security_char *topic_name,
|
const DDS_Security_char *topic_name,
|
||||||
const DDS_Security_Qos *topic_qos,
|
const DDS_Security_Qos *topic_qos,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
typedef DDS_Security_boolean
|
typedef DDS_Security_boolean (*DDS_Security_access_control_check_local_datawriter_register_instance)(
|
||||||
(*DDS_Security_access_control_check_local_datawriter_register_instance)
|
dds_security_access_control *instance,
|
||||||
( dds_security_access_control *instance,
|
|
||||||
const DDS_Security_PermissionsHandle permissions_handle,
|
const DDS_Security_PermissionsHandle permissions_handle,
|
||||||
const DDS_Security_Entity *writer,
|
const DDS_Security_Entity *writer,
|
||||||
const DDS_Security_DynamicData *key,
|
const DDS_Security_DynamicData *key,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
typedef DDS_Security_boolean
|
typedef DDS_Security_boolean (*DDS_Security_access_control_check_local_datawriter_dispose_instance)(
|
||||||
(*DDS_Security_access_control_check_local_datawriter_dispose_instance)
|
dds_security_access_control *instance,
|
||||||
( dds_security_access_control *instance,
|
|
||||||
const DDS_Security_PermissionsHandle permissions_handle,
|
const DDS_Security_PermissionsHandle permissions_handle,
|
||||||
const DDS_Security_Entity *writer,
|
const DDS_Security_Entity *writer,
|
||||||
const DDS_Security_DynamicData key,
|
const DDS_Security_DynamicData key,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
typedef DDS_Security_boolean
|
typedef DDS_Security_boolean (*DDS_Security_access_control_check_remote_participant)(
|
||||||
(*DDS_Security_access_control_check_remote_participant)
|
dds_security_access_control *instance,
|
||||||
( dds_security_access_control *instance,
|
|
||||||
const DDS_Security_PermissionsHandle permissions_handle,
|
const DDS_Security_PermissionsHandle permissions_handle,
|
||||||
const DDS_Security_DomainId domain_id,
|
const DDS_Security_DomainId domain_id,
|
||||||
const DDS_Security_ParticipantBuiltinTopicDataSecure *participant_data,
|
const DDS_Security_ParticipantBuiltinTopicDataSecure *participant_data,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
typedef DDS_Security_boolean
|
typedef DDS_Security_boolean (*DDS_Security_access_control_check_remote_datawriter)(
|
||||||
(*DDS_Security_access_control_check_remote_datawriter)
|
dds_security_access_control *instance,
|
||||||
( dds_security_access_control *instance,
|
|
||||||
const DDS_Security_PermissionsHandle permissions_handle,
|
const DDS_Security_PermissionsHandle permissions_handle,
|
||||||
const DDS_Security_DomainId domain_id,
|
const DDS_Security_DomainId domain_id,
|
||||||
const DDS_Security_PublicationBuiltinTopicDataSecure *publication_data,
|
const DDS_Security_PublicationBuiltinTopicDataSecure *publication_data,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
typedef DDS_Security_boolean
|
typedef DDS_Security_boolean (*DDS_Security_access_control_check_remote_datareader)(
|
||||||
(*DDS_Security_access_control_check_remote_datareader)
|
dds_security_access_control *instance,
|
||||||
( dds_security_access_control *instance,
|
|
||||||
const DDS_Security_PermissionsHandle permissions_handle,
|
const DDS_Security_PermissionsHandle permissions_handle,
|
||||||
const DDS_Security_DomainId domain_id,
|
const DDS_Security_DomainId domain_id,
|
||||||
const DDS_Security_SubscriptionBuiltinTopicDataSecure *subscription_data,
|
const DDS_Security_SubscriptionBuiltinTopicDataSecure *subscription_data,
|
||||||
DDS_Security_boolean *relay_only,
|
DDS_Security_boolean *relay_only,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
typedef DDS_Security_boolean
|
typedef DDS_Security_boolean (*DDS_Security_access_control_check_remote_topic)(
|
||||||
(*DDS_Security_access_control_check_remote_topic)
|
dds_security_access_control *instance,
|
||||||
( dds_security_access_control *instance,
|
|
||||||
const DDS_Security_PermissionsHandle permissions_handle,
|
const DDS_Security_PermissionsHandle permissions_handle,
|
||||||
const DDS_Security_DomainId domain_id,
|
const DDS_Security_DomainId domain_id,
|
||||||
const DDS_Security_TopicBuiltinTopicData *topic_data,
|
const DDS_Security_TopicBuiltinTopicData *topic_data,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
|
typedef DDS_Security_boolean (*DDS_Security_access_control_check_local_datawriter_match)(
|
||||||
typedef DDS_Security_boolean
|
dds_security_access_control *instance,
|
||||||
(*DDS_Security_access_control_check_local_datawriter_match)
|
|
||||||
( dds_security_access_control *instance,
|
|
||||||
const DDS_Security_PermissionsHandle writer_permissions_handle,
|
const DDS_Security_PermissionsHandle writer_permissions_handle,
|
||||||
const DDS_Security_PermissionsHandle reader_permissions_handle,
|
const DDS_Security_PermissionsHandle reader_permissions_handle,
|
||||||
const DDS_Security_PublicationBuiltinTopicDataSecure *publication_data,
|
const DDS_Security_PublicationBuiltinTopicDataSecure *publication_data,
|
||||||
const DDS_Security_SubscriptionBuiltinTopicDataSecure *subscription_data,
|
const DDS_Security_SubscriptionBuiltinTopicDataSecure *subscription_data,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
|
typedef DDS_Security_boolean (*DDS_Security_access_control_check_local_datareader_match)(
|
||||||
typedef DDS_Security_boolean
|
dds_security_access_control *instance,
|
||||||
(*DDS_Security_access_control_check_local_datareader_match)
|
|
||||||
( dds_security_access_control *instance,
|
|
||||||
const DDS_Security_PermissionsHandle reader_permissions_handle,
|
const DDS_Security_PermissionsHandle reader_permissions_handle,
|
||||||
const DDS_Security_PermissionsHandle writer_permissions_handle,
|
const DDS_Security_PermissionsHandle writer_permissions_handle,
|
||||||
const DDS_Security_SubscriptionBuiltinTopicDataSecure *subscription_data,
|
const DDS_Security_SubscriptionBuiltinTopicDataSecure *subscription_data,
|
||||||
const DDS_Security_PublicationBuiltinTopicDataSecure *publication_data,
|
const DDS_Security_PublicationBuiltinTopicDataSecure *publication_data,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
typedef DDS_Security_boolean
|
typedef DDS_Security_boolean (*DDS_Security_access_control_check_remote_datawriter_register_instance)(
|
||||||
(*DDS_Security_access_control_check_remote_datawriter_register_instance)
|
dds_security_access_control *instance,
|
||||||
( dds_security_access_control *instance,
|
|
||||||
const DDS_Security_PermissionsHandle permissions_handle,
|
const DDS_Security_PermissionsHandle permissions_handle,
|
||||||
const DDS_Security_Entity *reader,
|
const DDS_Security_Entity *reader,
|
||||||
const DDS_Security_InstanceHandle publication_handle,
|
const DDS_Security_InstanceHandle publication_handle,
|
||||||
|
@ -191,67 +160,56 @@ typedef DDS_Security_boolean
|
||||||
const DDS_Security_InstanceHandle instance_handle,
|
const DDS_Security_InstanceHandle instance_handle,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
typedef DDS_Security_boolean
|
typedef DDS_Security_boolean (*DDS_Security_access_control_check_remote_datawriter_dispose_instance)(
|
||||||
(*DDS_Security_access_control_check_remote_datawriter_dispose_instance)
|
dds_security_access_control *instance,
|
||||||
( dds_security_access_control *instance,
|
|
||||||
const DDS_Security_PermissionsHandle permissions_handle,
|
const DDS_Security_PermissionsHandle permissions_handle,
|
||||||
const DDS_Security_Entity *reader,
|
const DDS_Security_Entity *reader,
|
||||||
const DDS_Security_InstanceHandle publication_handle,
|
const DDS_Security_InstanceHandle publication_handle,
|
||||||
const DDS_Security_DynamicData key,
|
const DDS_Security_DynamicData key,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
typedef DDS_Security_boolean
|
typedef DDS_Security_boolean (*DDS_Security_access_control_get_permissions_token)(
|
||||||
(*DDS_Security_access_control_get_permissions_token)
|
dds_security_access_control *instance,
|
||||||
( dds_security_access_control *instance,
|
|
||||||
DDS_Security_PermissionsToken *permissions_token,
|
DDS_Security_PermissionsToken *permissions_token,
|
||||||
const DDS_Security_PermissionsHandle handle,
|
const DDS_Security_PermissionsHandle handle,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
typedef DDS_Security_boolean
|
typedef DDS_Security_boolean (*DDS_Security_access_control_get_permissions_credential_token)(
|
||||||
(*DDS_Security_access_control_get_permissions_credential_token)
|
dds_security_access_control *instance,
|
||||||
( dds_security_access_control *instance,
|
|
||||||
DDS_Security_PermissionsCredentialToken *permissions_credential_token,
|
DDS_Security_PermissionsCredentialToken *permissions_credential_token,
|
||||||
const DDS_Security_PermissionsHandle handle,
|
const DDS_Security_PermissionsHandle handle,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
typedef DDS_Security_boolean
|
typedef DDS_Security_boolean (*DDS_Security_access_control_set_listener)(
|
||||||
(*DDS_Security_access_control_set_listener)
|
dds_security_access_control *instance,
|
||||||
( dds_security_access_control *instance,
|
|
||||||
const dds_security_access_control_listener *listener,
|
const dds_security_access_control_listener *listener,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
typedef DDS_Security_boolean
|
typedef DDS_Security_boolean (*DDS_Security_access_control_return_permissions_token)(
|
||||||
(*DDS_Security_access_control_return_permissions_token)
|
dds_security_access_control *instance,
|
||||||
( dds_security_access_control *instance,
|
|
||||||
const DDS_Security_PermissionsToken *token,
|
const DDS_Security_PermissionsToken *token,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
typedef DDS_Security_boolean
|
typedef DDS_Security_boolean (*DDS_Security_access_control_return_permissions_credential_token)(
|
||||||
(*DDS_Security_access_control_return_permissions_credential_token)
|
dds_security_access_control *instance,
|
||||||
( dds_security_access_control *instance,
|
|
||||||
const DDS_Security_PermissionsCredentialToken *permissions_credential_token,
|
const DDS_Security_PermissionsCredentialToken *permissions_credential_token,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
typedef DDS_Security_boolean
|
typedef DDS_Security_boolean (*DDS_Security_access_control_get_participant_sec_attributes)(
|
||||||
(*DDS_Security_access_control_get_participant_sec_attributes)
|
dds_security_access_control *instance,
|
||||||
( dds_security_access_control *instance,
|
|
||||||
const DDS_Security_PermissionsHandle permissions_handle,
|
const DDS_Security_PermissionsHandle permissions_handle,
|
||||||
DDS_Security_ParticipantSecurityAttributes *attributes,
|
DDS_Security_ParticipantSecurityAttributes *attributes,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
|
typedef DDS_Security_boolean (*DDS_Security_access_control_get_topic_sec_attributes)(
|
||||||
typedef DDS_Security_boolean
|
dds_security_access_control *instance,
|
||||||
(*DDS_Security_access_control_get_topic_sec_attributes)
|
|
||||||
( dds_security_access_control *instance,
|
|
||||||
const DDS_Security_PermissionsHandle permissions_handle,
|
const DDS_Security_PermissionsHandle permissions_handle,
|
||||||
const DDS_Security_char *topic_name,
|
const DDS_Security_char *topic_name,
|
||||||
DDS_Security_TopicSecurityAttributes *attributes,
|
DDS_Security_TopicSecurityAttributes *attributes,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
|
typedef DDS_Security_boolean (*DDS_Security_access_control_get_datawriter_sec_attributes)(
|
||||||
typedef DDS_Security_boolean
|
dds_security_access_control *instance,
|
||||||
(*DDS_Security_access_control_get_datawriter_sec_attributes)
|
|
||||||
( dds_security_access_control *instance,
|
|
||||||
const DDS_Security_PermissionsHandle permissions_handle,
|
const DDS_Security_PermissionsHandle permissions_handle,
|
||||||
const DDS_Security_char *topic_name,
|
const DDS_Security_char *topic_name,
|
||||||
const DDS_Security_PartitionQosPolicy *partition,
|
const DDS_Security_PartitionQosPolicy *partition,
|
||||||
|
@ -259,10 +217,8 @@ typedef DDS_Security_boolean
|
||||||
DDS_Security_EndpointSecurityAttributes *attributes,
|
DDS_Security_EndpointSecurityAttributes *attributes,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
|
typedef DDS_Security_boolean (*DDS_Security_access_control_get_datareader_sec_attributes)(
|
||||||
typedef DDS_Security_boolean
|
dds_security_access_control *instance,
|
||||||
(*DDS_Security_access_control_get_datareader_sec_attributes)
|
|
||||||
( dds_security_access_control *instance,
|
|
||||||
const DDS_Security_PermissionsHandle permissions_handle,
|
const DDS_Security_PermissionsHandle permissions_handle,
|
||||||
const DDS_Security_char *topic_name,
|
const DDS_Security_char *topic_name,
|
||||||
const DDS_Security_PartitionQosPolicy *partition,
|
const DDS_Security_PartitionQosPolicy *partition,
|
||||||
|
@ -270,104 +226,67 @@ typedef DDS_Security_boolean
|
||||||
DDS_Security_EndpointSecurityAttributes *attributes,
|
DDS_Security_EndpointSecurityAttributes *attributes,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
|
typedef DDS_Security_boolean (*DDS_Security_access_control_return_participant_sec_attributes)(
|
||||||
typedef DDS_Security_boolean
|
dds_security_access_control *instance,
|
||||||
(*DDS_Security_access_control_return_participant_sec_attributes)
|
|
||||||
( dds_security_access_control *instance,
|
|
||||||
const DDS_Security_ParticipantSecurityAttributes *attributes,
|
const DDS_Security_ParticipantSecurityAttributes *attributes,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
typedef DDS_Security_boolean
|
typedef DDS_Security_boolean (*DDS_Security_access_control_return_topic_sec_attributes)(
|
||||||
(*DDS_Security_access_control_return_topic_sec_attributes)
|
dds_security_access_control *instance,
|
||||||
( dds_security_access_control *instance,
|
|
||||||
const DDS_Security_TopicSecurityAttributes *attributes,
|
const DDS_Security_TopicSecurityAttributes *attributes,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
typedef DDS_Security_boolean
|
typedef DDS_Security_boolean (*DDS_Security_access_control_return_datawriter_sec_attributes)(
|
||||||
(*DDS_Security_access_control_return_datawriter_sec_attributes)
|
dds_security_access_control *instance,
|
||||||
( dds_security_access_control *instance,
|
|
||||||
const DDS_Security_EndpointSecurityAttributes *attributes,
|
const DDS_Security_EndpointSecurityAttributes *attributes,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
|
typedef DDS_Security_boolean (*DDS_Security_access_control_return_datareader_sec_attributes)(
|
||||||
typedef DDS_Security_boolean
|
dds_security_access_control *instance,
|
||||||
(*DDS_Security_access_control_return_datareader_sec_attributes)
|
|
||||||
( dds_security_access_control *instance,
|
|
||||||
const DDS_Security_EndpointSecurityAttributes *attributes,
|
const DDS_Security_EndpointSecurityAttributes *attributes,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
typedef DDS_Security_boolean
|
typedef DDS_Security_boolean (*DDS_Security_access_control_return_permissions_handle)(
|
||||||
(*DDS_Security_access_control_return_permissions_handle)
|
dds_security_access_control *instance,
|
||||||
( dds_security_access_control *instance,
|
|
||||||
DDS_Security_PermissionsHandle permissions_handle,
|
DDS_Security_PermissionsHandle permissions_handle,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
|
|
||||||
struct dds_security_access_control
|
struct dds_security_access_control
|
||||||
{
|
{
|
||||||
|
struct ddsi_domaingv *gv;
|
||||||
|
|
||||||
DDS_Security_access_control_validate_local_permissions validate_local_permissions;
|
DDS_Security_access_control_validate_local_permissions validate_local_permissions;
|
||||||
|
|
||||||
DDS_Security_access_control_validate_remote_permissions validate_remote_permissions;
|
DDS_Security_access_control_validate_remote_permissions validate_remote_permissions;
|
||||||
|
|
||||||
DDS_Security_access_control_check_create_participant check_create_participant;
|
DDS_Security_access_control_check_create_participant check_create_participant;
|
||||||
|
|
||||||
DDS_Security_access_control_check_create_datawriter check_create_datawriter;
|
DDS_Security_access_control_check_create_datawriter check_create_datawriter;
|
||||||
|
|
||||||
DDS_Security_access_control_check_create_datareader check_create_datareader;
|
DDS_Security_access_control_check_create_datareader check_create_datareader;
|
||||||
|
|
||||||
DDS_Security_access_control_check_create_topic check_create_topic;
|
DDS_Security_access_control_check_create_topic check_create_topic;
|
||||||
|
|
||||||
DDS_Security_access_control_check_local_datawriter_register_instance check_local_datawriter_register_instance;
|
DDS_Security_access_control_check_local_datawriter_register_instance check_local_datawriter_register_instance;
|
||||||
|
|
||||||
DDS_Security_access_control_check_local_datawriter_dispose_instance check_local_datawriter_dispose_instance;
|
DDS_Security_access_control_check_local_datawriter_dispose_instance check_local_datawriter_dispose_instance;
|
||||||
|
|
||||||
DDS_Security_access_control_check_remote_participant check_remote_participant;
|
DDS_Security_access_control_check_remote_participant check_remote_participant;
|
||||||
|
|
||||||
DDS_Security_access_control_check_remote_datawriter check_remote_datawriter;
|
DDS_Security_access_control_check_remote_datawriter check_remote_datawriter;
|
||||||
|
|
||||||
DDS_Security_access_control_check_remote_datareader check_remote_datareader;
|
DDS_Security_access_control_check_remote_datareader check_remote_datareader;
|
||||||
|
|
||||||
DDS_Security_access_control_check_remote_topic check_remote_topic;
|
DDS_Security_access_control_check_remote_topic check_remote_topic;
|
||||||
|
|
||||||
DDS_Security_access_control_check_local_datawriter_match check_local_datawriter_match;
|
DDS_Security_access_control_check_local_datawriter_match check_local_datawriter_match;
|
||||||
|
|
||||||
DDS_Security_access_control_check_local_datareader_match check_local_datareader_match;
|
DDS_Security_access_control_check_local_datareader_match check_local_datareader_match;
|
||||||
|
|
||||||
DDS_Security_access_control_check_remote_datawriter_register_instance check_remote_datawriter_register_instance;
|
DDS_Security_access_control_check_remote_datawriter_register_instance check_remote_datawriter_register_instance;
|
||||||
|
|
||||||
DDS_Security_access_control_check_remote_datawriter_dispose_instance check_remote_datawriter_dispose_instance;
|
DDS_Security_access_control_check_remote_datawriter_dispose_instance check_remote_datawriter_dispose_instance;
|
||||||
|
|
||||||
DDS_Security_access_control_get_permissions_token get_permissions_token;
|
DDS_Security_access_control_get_permissions_token get_permissions_token;
|
||||||
|
|
||||||
DDS_Security_access_control_get_permissions_credential_token get_permissions_credential_token;
|
DDS_Security_access_control_get_permissions_credential_token get_permissions_credential_token;
|
||||||
|
|
||||||
DDS_Security_access_control_set_listener set_listener;
|
DDS_Security_access_control_set_listener set_listener;
|
||||||
|
|
||||||
DDS_Security_access_control_return_permissions_token return_permissions_token;
|
DDS_Security_access_control_return_permissions_token return_permissions_token;
|
||||||
|
|
||||||
DDS_Security_access_control_return_permissions_credential_token return_permissions_credential_token;
|
DDS_Security_access_control_return_permissions_credential_token return_permissions_credential_token;
|
||||||
|
|
||||||
DDS_Security_access_control_get_participant_sec_attributes get_participant_sec_attributes;
|
DDS_Security_access_control_get_participant_sec_attributes get_participant_sec_attributes;
|
||||||
|
|
||||||
DDS_Security_access_control_get_topic_sec_attributes get_topic_sec_attributes;
|
DDS_Security_access_control_get_topic_sec_attributes get_topic_sec_attributes;
|
||||||
|
|
||||||
DDS_Security_access_control_get_datawriter_sec_attributes get_datawriter_sec_attributes;
|
DDS_Security_access_control_get_datawriter_sec_attributes get_datawriter_sec_attributes;
|
||||||
|
|
||||||
DDS_Security_access_control_get_datareader_sec_attributes get_datareader_sec_attributes;
|
DDS_Security_access_control_get_datareader_sec_attributes get_datareader_sec_attributes;
|
||||||
|
|
||||||
DDS_Security_access_control_return_participant_sec_attributes return_participant_sec_attributes;
|
DDS_Security_access_control_return_participant_sec_attributes return_participant_sec_attributes;
|
||||||
|
|
||||||
DDS_Security_access_control_return_topic_sec_attributes return_topic_sec_attributes;
|
DDS_Security_access_control_return_topic_sec_attributes return_topic_sec_attributes;
|
||||||
|
|
||||||
DDS_Security_access_control_return_datawriter_sec_attributes return_datawriter_sec_attributes;
|
DDS_Security_access_control_return_datawriter_sec_attributes return_datawriter_sec_attributes;
|
||||||
|
|
||||||
DDS_Security_access_control_return_datareader_sec_attributes return_datareader_sec_attributes;
|
DDS_Security_access_control_return_datareader_sec_attributes return_datareader_sec_attributes;
|
||||||
|
|
||||||
DDS_Security_access_control_return_permissions_handle return_permissions_handle;
|
DDS_Security_access_control_return_permissions_handle return_permissions_handle;
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
#if defined(__cplusplus)
|
#if defined(__cplusplus)
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
|
@ -16,86 +16,65 @@
|
||||||
#include "dds_security_api_types.h"
|
#include "dds_security_api_types.h"
|
||||||
|
|
||||||
#if defined(__cplusplus)
|
#if defined(__cplusplus)
|
||||||
extern "C" {
|
extern "C"
|
||||||
|
{
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
/* Authentication Component */
|
||||||
/**
|
|
||||||
* Authentication Component
|
|
||||||
*/
|
|
||||||
struct dds_security_authentication;
|
struct dds_security_authentication;
|
||||||
typedef struct dds_security_authentication dds_security_authentication;
|
typedef struct dds_security_authentication dds_security_authentication;
|
||||||
|
|
||||||
struct dds_security_authentication_listener;
|
struct dds_security_authentication_listener;
|
||||||
typedef struct dds_security_authentication_listener dds_security_authentication_listener;
|
typedef struct dds_security_authentication_listener dds_security_authentication_listener;
|
||||||
|
|
||||||
|
/* AuthenticationListener interface */
|
||||||
/**
|
typedef DDS_Security_boolean (*DDS_Security_authentication_listener_on_revoke_identity)(
|
||||||
* AuthenticationListener interface
|
dds_security_authentication_listener *context,
|
||||||
*/
|
|
||||||
|
|
||||||
typedef DDS_Security_boolean
|
|
||||||
(*DDS_Security_authentication_listener_on_revoke_identity)
|
|
||||||
( dds_security_authentication_listener *context,
|
|
||||||
const dds_security_authentication *plugin,
|
const dds_security_authentication *plugin,
|
||||||
const DDS_Security_IdentityHandle handle
|
const DDS_Security_IdentityHandle handle);
|
||||||
);
|
|
||||||
|
|
||||||
typedef DDS_Security_boolean
|
typedef DDS_Security_boolean (*DDS_Security_authentication_listener_on_status_changed)(
|
||||||
(*DDS_Security_authentication_listener_on_status_changed)
|
dds_security_authentication_listener *context,
|
||||||
( dds_security_authentication_listener *context,
|
|
||||||
const dds_security_authentication *plugin,
|
const dds_security_authentication *plugin,
|
||||||
const DDS_Security_IdentityHandle handle,
|
const DDS_Security_IdentityHandle handle,
|
||||||
const DDS_Security_AuthStatusKind status_kind
|
const DDS_Security_AuthStatusKind status_kind);
|
||||||
);
|
|
||||||
|
|
||||||
|
|
||||||
struct dds_security_authentication_listener
|
struct dds_security_authentication_listener
|
||||||
{
|
{
|
||||||
DDS_Security_authentication_listener_on_revoke_identity on_revoke_identity;
|
DDS_Security_authentication_listener_on_revoke_identity on_revoke_identity;
|
||||||
|
|
||||||
DDS_Security_authentication_listener_on_status_changed on_status_changed;
|
DDS_Security_authentication_listener_on_status_changed on_status_changed;
|
||||||
};
|
};
|
||||||
|
|
||||||
typedef DDS_Security_ValidationResult_t
|
typedef DDS_Security_ValidationResult_t (*DDS_Security_authentication_validate_local_identity)(
|
||||||
(*DDS_Security_authentication_validate_local_identity)
|
dds_security_authentication *instance,
|
||||||
( dds_security_authentication *instance,
|
|
||||||
DDS_Security_IdentityHandle *local_identity_handle,
|
DDS_Security_IdentityHandle *local_identity_handle,
|
||||||
DDS_Security_GUID_t *adjusted_participant_guid,
|
DDS_Security_GUID_t *adjusted_participant_guid,
|
||||||
const DDS_Security_DomainId domain_id,
|
const DDS_Security_DomainId domain_id,
|
||||||
const DDS_Security_Qos *participant_qos,
|
const DDS_Security_Qos *participant_qos,
|
||||||
const DDS_Security_GUID_t *candidate_participant_guid,
|
const DDS_Security_GUID_t *candidate_participant_guid,
|
||||||
DDS_Security_SecurityException *ex
|
DDS_Security_SecurityException *ex);
|
||||||
);
|
|
||||||
|
|
||||||
|
typedef DDS_Security_boolean (*DDS_Security_authentication_get_identity_token)(
|
||||||
typedef DDS_Security_boolean
|
dds_security_authentication *instance,
|
||||||
(*DDS_Security_authentication_get_identity_token)
|
|
||||||
( dds_security_authentication *instance,
|
|
||||||
DDS_Security_IdentityToken *identity_token,
|
DDS_Security_IdentityToken *identity_token,
|
||||||
const DDS_Security_IdentityHandle handle,
|
const DDS_Security_IdentityHandle handle,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
|
typedef DDS_Security_boolean (*DDS_Security_authentication_get_identity_status_token)(
|
||||||
typedef DDS_Security_boolean
|
dds_security_authentication *instance,
|
||||||
(*DDS_Security_authentication_get_identity_status_token)
|
|
||||||
( dds_security_authentication *instance,
|
|
||||||
DDS_Security_IdentityStatusToken *identity_status_token,
|
DDS_Security_IdentityStatusToken *identity_status_token,
|
||||||
const DDS_Security_IdentityHandle handle,
|
const DDS_Security_IdentityHandle handle,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
typedef DDS_Security_boolean
|
typedef DDS_Security_boolean (*DDS_Security_authentication_set_permissions_credential_and_token)(
|
||||||
(*DDS_Security_authentication_set_permissions_credential_and_token)
|
dds_security_authentication *instance,
|
||||||
( dds_security_authentication *instance,
|
|
||||||
const DDS_Security_IdentityHandle handle,
|
const DDS_Security_IdentityHandle handle,
|
||||||
const DDS_Security_PermissionsCredentialToken *permissions_credential,
|
const DDS_Security_PermissionsCredentialToken *permissions_credential,
|
||||||
const DDS_Security_PermissionsToken *permissions_token,
|
const DDS_Security_PermissionsToken *permissions_token,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
|
typedef DDS_Security_ValidationResult_t (*DDS_Security_authentication_validate_remote_identity)(
|
||||||
typedef DDS_Security_ValidationResult_t
|
dds_security_authentication *instance,
|
||||||
(*DDS_Security_authentication_validate_remote_identity)
|
|
||||||
( dds_security_authentication *instance,
|
|
||||||
DDS_Security_IdentityHandle *remote_identity_handle,
|
DDS_Security_IdentityHandle *remote_identity_handle,
|
||||||
DDS_Security_AuthRequestMessageToken *local_auth_request_token,
|
DDS_Security_AuthRequestMessageToken *local_auth_request_token,
|
||||||
const DDS_Security_AuthRequestMessageToken *remote_auth_request_token,
|
const DDS_Security_AuthRequestMessageToken *remote_auth_request_token,
|
||||||
|
@ -104,10 +83,8 @@ typedef DDS_Security_ValidationResult_t
|
||||||
const DDS_Security_GUID_t *remote_participant_guid,
|
const DDS_Security_GUID_t *remote_participant_guid,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
|
typedef DDS_Security_ValidationResult_t (*DDS_Security_authentication_begin_handshake_request)(
|
||||||
typedef DDS_Security_ValidationResult_t
|
dds_security_authentication *instance,
|
||||||
(*DDS_Security_authentication_begin_handshake_request)
|
|
||||||
( dds_security_authentication *instance,
|
|
||||||
DDS_Security_HandshakeHandle *handshake_handle,
|
DDS_Security_HandshakeHandle *handshake_handle,
|
||||||
DDS_Security_HandshakeMessageToken *handshake_message,
|
DDS_Security_HandshakeMessageToken *handshake_message,
|
||||||
const DDS_Security_IdentityHandle initiator_identity_handle,
|
const DDS_Security_IdentityHandle initiator_identity_handle,
|
||||||
|
@ -115,10 +92,8 @@ typedef DDS_Security_ValidationResult_t
|
||||||
const DDS_Security_OctetSeq *serialized_local_participant_data,
|
const DDS_Security_OctetSeq *serialized_local_participant_data,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
|
typedef DDS_Security_ValidationResult_t (*DDS_Security_authentication_begin_handshake_reply)(
|
||||||
typedef DDS_Security_ValidationResult_t
|
dds_security_authentication *instance,
|
||||||
(*DDS_Security_authentication_begin_handshake_reply)
|
|
||||||
( dds_security_authentication *instance,
|
|
||||||
DDS_Security_HandshakeHandle *handshake_handle,
|
DDS_Security_HandshakeHandle *handshake_handle,
|
||||||
DDS_Security_HandshakeMessageToken *handshake_message_out,
|
DDS_Security_HandshakeMessageToken *handshake_message_out,
|
||||||
const DDS_Security_HandshakeMessageToken *handshake_message_in,
|
const DDS_Security_HandshakeMessageToken *handshake_message_in,
|
||||||
|
@ -127,110 +102,82 @@ typedef DDS_Security_ValidationResult_t
|
||||||
const DDS_Security_OctetSeq *serialized_local_participant_data,
|
const DDS_Security_OctetSeq *serialized_local_participant_data,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
typedef DDS_Security_ValidationResult_t
|
typedef DDS_Security_ValidationResult_t (*DDS_Security_authentication_process_handshake)(
|
||||||
(*DDS_Security_authentication_process_handshake)
|
dds_security_authentication *instance,
|
||||||
( dds_security_authentication *instance,
|
|
||||||
DDS_Security_HandshakeMessageToken *handshake_message_out,
|
DDS_Security_HandshakeMessageToken *handshake_message_out,
|
||||||
const DDS_Security_HandshakeMessageToken *handshake_message_in,
|
const DDS_Security_HandshakeMessageToken *handshake_message_in,
|
||||||
const DDS_Security_HandshakeHandle handshake_handle,
|
const DDS_Security_HandshakeHandle handshake_handle,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
typedef DDS_Security_SharedSecretHandle
|
typedef DDS_Security_SharedSecretHandle (*DDS_Security_authentication_get_shared_secret)(
|
||||||
(*DDS_Security_authentication_get_shared_secret)
|
dds_security_authentication *instance,
|
||||||
( dds_security_authentication *instance,
|
|
||||||
const DDS_Security_HandshakeHandle handshake_handle,
|
const DDS_Security_HandshakeHandle handshake_handle,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
typedef DDS_Security_boolean
|
typedef DDS_Security_boolean (*DDS_Security_authentication_get_authenticated_peer_credential_token)(
|
||||||
(*DDS_Security_authentication_get_authenticated_peer_credential_token)
|
dds_security_authentication *instance,
|
||||||
( dds_security_authentication *instance,
|
|
||||||
DDS_Security_AuthenticatedPeerCredentialToken *peer_credential_token,
|
DDS_Security_AuthenticatedPeerCredentialToken *peer_credential_token,
|
||||||
const DDS_Security_HandshakeHandle handshake_handle,
|
const DDS_Security_HandshakeHandle handshake_handle,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
typedef DDS_Security_boolean
|
typedef DDS_Security_boolean (*DDS_Security_authentication_set_listener)(
|
||||||
(*DDS_Security_authentication_set_listener)
|
dds_security_authentication *instance,
|
||||||
( dds_security_authentication *instance,
|
|
||||||
const dds_security_authentication_listener *listener,
|
const dds_security_authentication_listener *listener,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
typedef DDS_Security_boolean
|
typedef DDS_Security_boolean (*DDS_Security_authentication_return_identity_token)(
|
||||||
(*DDS_Security_authentication_return_identity_token)
|
dds_security_authentication *instance,
|
||||||
( dds_security_authentication *instance,
|
|
||||||
const DDS_Security_IdentityToken *token,
|
const DDS_Security_IdentityToken *token,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
|
typedef DDS_Security_boolean (*DDS_Security_authentication_return_identity_status_token)(
|
||||||
typedef DDS_Security_boolean
|
dds_security_authentication *instance,
|
||||||
(*DDS_Security_authentication_return_identity_status_token)
|
|
||||||
( dds_security_authentication *instance,
|
|
||||||
const DDS_Security_IdentityStatusToken *token,
|
const DDS_Security_IdentityStatusToken *token,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
typedef DDS_Security_boolean
|
typedef DDS_Security_boolean (*DDS_Security_authentication_return_authenticated_peer_credential_token)(
|
||||||
(*DDS_Security_authentication_return_authenticated_peer_credential_token)
|
dds_security_authentication *instance,
|
||||||
( dds_security_authentication *instance,
|
|
||||||
const DDS_Security_AuthenticatedPeerCredentialToken *peer_credential_token,
|
const DDS_Security_AuthenticatedPeerCredentialToken *peer_credential_token,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
typedef DDS_Security_boolean
|
typedef DDS_Security_boolean (*DDS_Security_authentication_return_handshake_handle)(
|
||||||
(*DDS_Security_authentication_return_handshake_handle)
|
dds_security_authentication *instance,
|
||||||
( dds_security_authentication *instance,
|
|
||||||
const DDS_Security_HandshakeHandle handshake_handle,
|
const DDS_Security_HandshakeHandle handshake_handle,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
typedef DDS_Security_boolean
|
typedef DDS_Security_boolean (*DDS_Security_authentication_return_identity_handle)(
|
||||||
(*DDS_Security_authentication_return_identity_handle)
|
dds_security_authentication *instance,
|
||||||
( dds_security_authentication *instance,
|
|
||||||
const DDS_Security_IdentityHandle identity_handle,
|
const DDS_Security_IdentityHandle identity_handle,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
typedef DDS_Security_boolean
|
typedef DDS_Security_boolean (*DDS_Security_authentication_return_sharedsecret_handle)(
|
||||||
(*DDS_Security_authentication_return_sharedsecret_handle)
|
dds_security_authentication *instance,
|
||||||
( dds_security_authentication *instance,
|
|
||||||
const DDS_Security_SharedSecretHandle sharedsecret_handle,
|
const DDS_Security_SharedSecretHandle sharedsecret_handle,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
|
|
||||||
struct dds_security_authentication
|
struct dds_security_authentication
|
||||||
{
|
{
|
||||||
|
struct ddsi_domaingv *gv;
|
||||||
|
|
||||||
DDS_Security_authentication_validate_local_identity validate_local_identity;
|
DDS_Security_authentication_validate_local_identity validate_local_identity;
|
||||||
|
|
||||||
DDS_Security_authentication_get_identity_token get_identity_token;
|
DDS_Security_authentication_get_identity_token get_identity_token;
|
||||||
|
|
||||||
DDS_Security_authentication_get_identity_status_token get_identity_status_token;
|
DDS_Security_authentication_get_identity_status_token get_identity_status_token;
|
||||||
|
|
||||||
DDS_Security_authentication_set_permissions_credential_and_token set_permissions_credential_and_token;
|
DDS_Security_authentication_set_permissions_credential_and_token set_permissions_credential_and_token;
|
||||||
|
|
||||||
DDS_Security_authentication_validate_remote_identity validate_remote_identity;
|
DDS_Security_authentication_validate_remote_identity validate_remote_identity;
|
||||||
|
|
||||||
DDS_Security_authentication_begin_handshake_request begin_handshake_request;
|
DDS_Security_authentication_begin_handshake_request begin_handshake_request;
|
||||||
|
|
||||||
DDS_Security_authentication_begin_handshake_reply begin_handshake_reply;
|
DDS_Security_authentication_begin_handshake_reply begin_handshake_reply;
|
||||||
|
|
||||||
DDS_Security_authentication_process_handshake process_handshake;
|
DDS_Security_authentication_process_handshake process_handshake;
|
||||||
|
|
||||||
DDS_Security_authentication_get_shared_secret get_shared_secret;
|
DDS_Security_authentication_get_shared_secret get_shared_secret;
|
||||||
|
|
||||||
DDS_Security_authentication_get_authenticated_peer_credential_token get_authenticated_peer_credential_token;
|
DDS_Security_authentication_get_authenticated_peer_credential_token get_authenticated_peer_credential_token;
|
||||||
|
|
||||||
DDS_Security_authentication_set_listener set_listener;
|
DDS_Security_authentication_set_listener set_listener;
|
||||||
|
|
||||||
DDS_Security_authentication_return_identity_token return_identity_token;
|
DDS_Security_authentication_return_identity_token return_identity_token;
|
||||||
|
|
||||||
DDS_Security_authentication_return_identity_status_token return_identity_status_token;
|
DDS_Security_authentication_return_identity_status_token return_identity_status_token;
|
||||||
|
|
||||||
DDS_Security_authentication_return_authenticated_peer_credential_token return_authenticated_peer_credential_token;
|
DDS_Security_authentication_return_authenticated_peer_credential_token return_authenticated_peer_credential_token;
|
||||||
|
|
||||||
DDS_Security_authentication_return_handshake_handle return_handshake_handle;
|
DDS_Security_authentication_return_handshake_handle return_handshake_handle;
|
||||||
|
|
||||||
DDS_Security_authentication_return_identity_handle return_identity_handle;
|
DDS_Security_authentication_return_identity_handle return_identity_handle;
|
||||||
|
|
||||||
DDS_Security_authentication_return_sharedsecret_handle return_sharedsecret_handle;
|
DDS_Security_authentication_return_sharedsecret_handle return_sharedsecret_handle;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
#if defined(__cplusplus)
|
#if defined(__cplusplus)
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
|
@ -16,13 +16,11 @@
|
||||||
#include "dds_security_api_types.h"
|
#include "dds_security_api_types.h"
|
||||||
|
|
||||||
#if defined(__cplusplus)
|
#if defined(__cplusplus)
|
||||||
extern "C" {
|
extern "C"
|
||||||
|
{
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/**
|
/* Crypto Component */
|
||||||
* Crypto Component
|
|
||||||
*/
|
|
||||||
|
|
||||||
struct dds_security_crypto_key_factory;
|
struct dds_security_crypto_key_factory;
|
||||||
typedef struct dds_security_crypto_key_factory dds_security_crypto_key_factory;
|
typedef struct dds_security_crypto_key_factory dds_security_crypto_key_factory;
|
||||||
|
|
||||||
|
@ -32,195 +30,150 @@ typedef struct dds_security_crypto_key_exchange dds_security_crypto_key_exchange
|
||||||
struct dds_security_crypto_transform;
|
struct dds_security_crypto_transform;
|
||||||
typedef struct dds_security_crypto_transform dds_security_crypto_transform;
|
typedef struct dds_security_crypto_transform dds_security_crypto_transform;
|
||||||
|
|
||||||
/**
|
/* CryptoKeyFactory interface */
|
||||||
* CryptoKeyFactory interface
|
typedef DDS_Security_ParticipantCryptoHandle (*DDS_Security_crypto_key_factory_register_local_participant)(
|
||||||
*/
|
dds_security_crypto_key_factory *instance,
|
||||||
|
|
||||||
typedef DDS_Security_ParticipantCryptoHandle
|
|
||||||
(*DDS_Security_crypto_key_factory_register_local_participant)
|
|
||||||
( dds_security_crypto_key_factory *instance,
|
|
||||||
const DDS_Security_IdentityHandle participant_identity,
|
const DDS_Security_IdentityHandle participant_identity,
|
||||||
const DDS_Security_PermissionsHandle participant_permissions,
|
const DDS_Security_PermissionsHandle participant_permissions,
|
||||||
const DDS_Security_PropertySeq *participant_properties,
|
const DDS_Security_PropertySeq *participant_properties,
|
||||||
const DDS_Security_ParticipantSecurityAttributes *participant_security_attributes,
|
const DDS_Security_ParticipantSecurityAttributes *participant_security_attributes,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
typedef DDS_Security_ParticipantCryptoHandle
|
typedef DDS_Security_ParticipantCryptoHandle (*DDS_Security_crypto_key_factory_register_matched_remote_participant)(
|
||||||
(*DDS_Security_crypto_key_factory_register_matched_remote_participant)
|
dds_security_crypto_key_factory *instance,
|
||||||
( dds_security_crypto_key_factory *instance,
|
|
||||||
const DDS_Security_ParticipantCryptoHandle local_participant_crypto_handle,
|
const DDS_Security_ParticipantCryptoHandle local_participant_crypto_handle,
|
||||||
const DDS_Security_IdentityHandle remote_participant_identity,
|
const DDS_Security_IdentityHandle remote_participant_identity,
|
||||||
const DDS_Security_PermissionsHandle remote_participant_permissions,
|
const DDS_Security_PermissionsHandle remote_participant_permissions,
|
||||||
const DDS_Security_SharedSecretHandle shared_secret,
|
const DDS_Security_SharedSecretHandle shared_secret,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
|
typedef DDS_Security_DatawriterCryptoHandle (*DDS_Security_crypto_key_factory_register_local_datawriter)(
|
||||||
typedef DDS_Security_DatawriterCryptoHandle
|
dds_security_crypto_key_factory *instance,
|
||||||
(*DDS_Security_crypto_key_factory_register_local_datawriter)
|
|
||||||
( dds_security_crypto_key_factory *instance,
|
|
||||||
const DDS_Security_ParticipantCryptoHandle participant_crypto,
|
const DDS_Security_ParticipantCryptoHandle participant_crypto,
|
||||||
const DDS_Security_PropertySeq *datawriter_properties,
|
const DDS_Security_PropertySeq *datawriter_properties,
|
||||||
const DDS_Security_EndpointSecurityAttributes *datawriter_security_attributes,
|
const DDS_Security_EndpointSecurityAttributes *datawriter_security_attributes,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
typedef DDS_Security_DatareaderCryptoHandle
|
typedef DDS_Security_DatareaderCryptoHandle (*DDS_Security_crypto_key_factory_register_matched_remote_datareader)(
|
||||||
(*DDS_Security_crypto_key_factory_register_matched_remote_datareader)
|
dds_security_crypto_key_factory *instance,
|
||||||
( dds_security_crypto_key_factory *instance,
|
|
||||||
const DDS_Security_DatawriterCryptoHandle local_datawriter_crypto_handle,
|
const DDS_Security_DatawriterCryptoHandle local_datawriter_crypto_handle,
|
||||||
const DDS_Security_ParticipantCryptoHandle remote_participant_crypto,
|
const DDS_Security_ParticipantCryptoHandle remote_participant_crypto,
|
||||||
const DDS_Security_SharedSecretHandle shared_secret,
|
const DDS_Security_SharedSecretHandle shared_secret,
|
||||||
const DDS_Security_boolean relay_only,
|
const DDS_Security_boolean relay_only,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
|
typedef DDS_Security_DatareaderCryptoHandle (*DDS_Security_crypto_key_factory_register_local_datareader)(
|
||||||
typedef DDS_Security_DatareaderCryptoHandle
|
dds_security_crypto_key_factory *instance,
|
||||||
(*DDS_Security_crypto_key_factory_register_local_datareader)
|
|
||||||
( dds_security_crypto_key_factory *instance,
|
|
||||||
const DDS_Security_ParticipantCryptoHandle participant_crypto_handle,
|
const DDS_Security_ParticipantCryptoHandle participant_crypto_handle,
|
||||||
const DDS_Security_PropertySeq *datareader_properties,
|
const DDS_Security_PropertySeq *datareader_properties,
|
||||||
const DDS_Security_EndpointSecurityAttributes *datareader_security_attributes,
|
const DDS_Security_EndpointSecurityAttributes *datareader_security_attributes,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
typedef DDS_Security_DatawriterCryptoHandle
|
typedef DDS_Security_DatawriterCryptoHandle (*DDS_Security_crypto_key_factory_register_matched_remote_datawriter)(
|
||||||
(*DDS_Security_crypto_key_factory_register_matched_remote_datawriter)
|
dds_security_crypto_key_factory *instance,
|
||||||
( dds_security_crypto_key_factory *instance,
|
|
||||||
const DDS_Security_DatareaderCryptoHandle local_datareader_crypto_handle,
|
const DDS_Security_DatareaderCryptoHandle local_datareader_crypto_handle,
|
||||||
const DDS_Security_ParticipantCryptoHandle remote_participant_crypt,
|
const DDS_Security_ParticipantCryptoHandle remote_participant_crypt,
|
||||||
const DDS_Security_SharedSecretHandle shared_secret,
|
const DDS_Security_SharedSecretHandle shared_secret,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
typedef DDS_Security_boolean
|
typedef DDS_Security_boolean (*DDS_Security_crypto_key_factory_unregister_participant)(
|
||||||
(*DDS_Security_crypto_key_factory_unregister_participant)
|
dds_security_crypto_key_factory *instance,
|
||||||
( dds_security_crypto_key_factory *instance,
|
|
||||||
const DDS_Security_ParticipantCryptoHandle participant_crypto_handle,
|
const DDS_Security_ParticipantCryptoHandle participant_crypto_handle,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
typedef DDS_Security_boolean
|
typedef DDS_Security_boolean (*DDS_Security_crypto_key_factory_unregister_datawriter)(
|
||||||
(*DDS_Security_crypto_key_factory_unregister_datawriter)
|
dds_security_crypto_key_factory *instance,
|
||||||
( dds_security_crypto_key_factory *instance,
|
|
||||||
const DDS_Security_DatawriterCryptoHandle datawriter_crypto_handle,
|
const DDS_Security_DatawriterCryptoHandle datawriter_crypto_handle,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
typedef DDS_Security_boolean
|
typedef DDS_Security_boolean (*DDS_Security_crypto_key_factory_unregister_datareader)(
|
||||||
(*DDS_Security_crypto_key_factory_unregister_datareader)
|
dds_security_crypto_key_factory *instance,
|
||||||
( dds_security_crypto_key_factory *instance,
|
|
||||||
const DDS_Security_DatareaderCryptoHandle datareader_crypto_handle,
|
const DDS_Security_DatareaderCryptoHandle datareader_crypto_handle,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
struct dds_security_crypto_key_factory
|
struct dds_security_crypto_key_factory
|
||||||
{
|
{
|
||||||
|
|
||||||
DDS_Security_crypto_key_factory_register_local_participant register_local_participant;
|
DDS_Security_crypto_key_factory_register_local_participant register_local_participant;
|
||||||
|
|
||||||
DDS_Security_crypto_key_factory_register_matched_remote_participant register_matched_remote_participant;
|
DDS_Security_crypto_key_factory_register_matched_remote_participant register_matched_remote_participant;
|
||||||
|
|
||||||
DDS_Security_crypto_key_factory_register_local_datawriter register_local_datawriter;
|
DDS_Security_crypto_key_factory_register_local_datawriter register_local_datawriter;
|
||||||
|
|
||||||
DDS_Security_crypto_key_factory_register_matched_remote_datareader register_matched_remote_datareader;
|
DDS_Security_crypto_key_factory_register_matched_remote_datareader register_matched_remote_datareader;
|
||||||
|
|
||||||
DDS_Security_crypto_key_factory_register_local_datareader register_local_datareader;
|
DDS_Security_crypto_key_factory_register_local_datareader register_local_datareader;
|
||||||
|
|
||||||
DDS_Security_crypto_key_factory_register_matched_remote_datawriter register_matched_remote_datawriter;
|
DDS_Security_crypto_key_factory_register_matched_remote_datawriter register_matched_remote_datawriter;
|
||||||
|
|
||||||
DDS_Security_crypto_key_factory_unregister_participant unregister_participant;
|
DDS_Security_crypto_key_factory_unregister_participant unregister_participant;
|
||||||
|
|
||||||
DDS_Security_crypto_key_factory_unregister_datawriter unregister_datawriter;
|
DDS_Security_crypto_key_factory_unregister_datawriter unregister_datawriter;
|
||||||
|
|
||||||
DDS_Security_crypto_key_factory_unregister_datareader unregister_datareader;
|
DDS_Security_crypto_key_factory_unregister_datareader unregister_datareader;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
/* CryptoKeyExchange Interface */
|
||||||
/**
|
typedef DDS_Security_boolean (*DDS_Security_crypto_key_exchange_create_local_participant_crypto_tokens)(
|
||||||
* CryptoKeyExchange Interface
|
dds_security_crypto_key_exchange *instance,
|
||||||
*/
|
|
||||||
typedef DDS_Security_boolean
|
|
||||||
(*DDS_Security_crypto_key_exchange_create_local_participant_crypto_tokens)
|
|
||||||
( dds_security_crypto_key_exchange *instance,
|
|
||||||
DDS_Security_ParticipantCryptoTokenSeq *local_participant_crypto_tokens,
|
DDS_Security_ParticipantCryptoTokenSeq *local_participant_crypto_tokens,
|
||||||
const DDS_Security_ParticipantCryptoHandle local_participant_crypto,
|
const DDS_Security_ParticipantCryptoHandle local_participant_crypto,
|
||||||
const DDS_Security_ParticipantCryptoHandle remote_participant_crypto,
|
const DDS_Security_ParticipantCryptoHandle remote_participant_crypto,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
typedef DDS_Security_boolean
|
typedef DDS_Security_boolean (*DDS_Security_crypto_key_exchange_set_remote_participant_crypto_tokens)(
|
||||||
(*DDS_Security_crypto_key_exchange_set_remote_participant_crypto_tokens)
|
dds_security_crypto_key_exchange *instance,
|
||||||
( dds_security_crypto_key_exchange *instance,
|
|
||||||
const DDS_Security_ParticipantCryptoHandle local_participant_crypto,
|
const DDS_Security_ParticipantCryptoHandle local_participant_crypto,
|
||||||
const DDS_Security_ParticipantCryptoHandle remote_participant_crypto,
|
const DDS_Security_ParticipantCryptoHandle remote_participant_crypto,
|
||||||
const DDS_Security_ParticipantCryptoTokenSeq *remote_participant_tokens,
|
const DDS_Security_ParticipantCryptoTokenSeq *remote_participant_tokens,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
typedef DDS_Security_boolean
|
typedef DDS_Security_boolean (*DDS_Security_crypto_key_exchange_create_local_datawriter_crypto_tokens)(
|
||||||
(*DDS_Security_crypto_key_exchange_create_local_datawriter_crypto_tokens)
|
dds_security_crypto_key_exchange *instance,
|
||||||
( dds_security_crypto_key_exchange *instance,
|
|
||||||
DDS_Security_DatawriterCryptoTokenSeq *local_datawriter_crypto_tokens,
|
DDS_Security_DatawriterCryptoTokenSeq *local_datawriter_crypto_tokens,
|
||||||
const DDS_Security_DatawriterCryptoHandle local_datawriter_crypto,
|
const DDS_Security_DatawriterCryptoHandle local_datawriter_crypto,
|
||||||
const DDS_Security_DatareaderCryptoHandle remote_datareader_crypto,
|
const DDS_Security_DatareaderCryptoHandle remote_datareader_crypto,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
typedef DDS_Security_boolean
|
typedef DDS_Security_boolean (*DDS_Security_crypto_key_exchange_set_remote_datawriter_crypto_tokens)(
|
||||||
(*DDS_Security_crypto_key_exchange_set_remote_datawriter_crypto_tokens)
|
dds_security_crypto_key_exchange *instance,
|
||||||
( dds_security_crypto_key_exchange *instance,
|
|
||||||
const DDS_Security_DatareaderCryptoHandle local_datareader_crypto,
|
const DDS_Security_DatareaderCryptoHandle local_datareader_crypto,
|
||||||
const DDS_Security_DatawriterCryptoHandle remote_datawriter_crypto,
|
const DDS_Security_DatawriterCryptoHandle remote_datawriter_crypto,
|
||||||
const DDS_Security_DatawriterCryptoTokenSeq *remote_datawriter_tokens,
|
const DDS_Security_DatawriterCryptoTokenSeq *remote_datawriter_tokens,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
typedef DDS_Security_boolean
|
typedef DDS_Security_boolean (*DDS_Security_crypto_key_exchange_create_local_datareader_crypto_tokens)(
|
||||||
(*DDS_Security_crypto_key_exchange_create_local_datareader_crypto_tokens)
|
dds_security_crypto_key_exchange *instance,
|
||||||
( dds_security_crypto_key_exchange *instance,
|
|
||||||
DDS_Security_DatareaderCryptoTokenSeq *local_datareader_cryto_tokens,
|
DDS_Security_DatareaderCryptoTokenSeq *local_datareader_cryto_tokens,
|
||||||
const DDS_Security_DatareaderCryptoHandle local_datareader_crypto,
|
const DDS_Security_DatareaderCryptoHandle local_datareader_crypto,
|
||||||
const DDS_Security_DatawriterCryptoHandle remote_datawriter_crypto,
|
const DDS_Security_DatawriterCryptoHandle remote_datawriter_crypto,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
typedef DDS_Security_boolean
|
typedef DDS_Security_boolean (*DDS_Security_crypto_key_exchange_set_remote_datareader_crypto_tokens)(
|
||||||
(*DDS_Security_crypto_key_exchange_set_remote_datareader_crypto_tokens)
|
dds_security_crypto_key_exchange *instance,
|
||||||
( dds_security_crypto_key_exchange *instance,
|
|
||||||
const DDS_Security_DatawriterCryptoHandle local_datawriter_crypto,
|
const DDS_Security_DatawriterCryptoHandle local_datawriter_crypto,
|
||||||
const DDS_Security_DatareaderCryptoHandle remote_datareader_crypto,
|
const DDS_Security_DatareaderCryptoHandle remote_datareader_crypto,
|
||||||
const DDS_Security_DatareaderCryptoTokenSeq *remote_datareader_tokens,
|
const DDS_Security_DatareaderCryptoTokenSeq *remote_datareader_tokens,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
typedef DDS_Security_boolean
|
typedef DDS_Security_boolean (*DDS_Security_crypto_key_exchange_return_crypto_tokens)(
|
||||||
(*DDS_Security_crypto_key_exchange_return_crypto_tokens)
|
dds_security_crypto_key_exchange *instance,
|
||||||
( dds_security_crypto_key_exchange *instance,
|
|
||||||
DDS_Security_CryptoTokenSeq *crypto_tokens,
|
DDS_Security_CryptoTokenSeq *crypto_tokens,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
struct dds_security_crypto_key_exchange
|
struct dds_security_crypto_key_exchange
|
||||||
{
|
{
|
||||||
DDS_Security_crypto_key_exchange_create_local_participant_crypto_tokens create_local_participant_crypto_tokens;
|
DDS_Security_crypto_key_exchange_create_local_participant_crypto_tokens create_local_participant_crypto_tokens;
|
||||||
|
|
||||||
DDS_Security_crypto_key_exchange_set_remote_participant_crypto_tokens set_remote_participant_crypto_tokens;
|
DDS_Security_crypto_key_exchange_set_remote_participant_crypto_tokens set_remote_participant_crypto_tokens;
|
||||||
|
|
||||||
DDS_Security_crypto_key_exchange_create_local_datawriter_crypto_tokens create_local_datawriter_crypto_tokens;
|
DDS_Security_crypto_key_exchange_create_local_datawriter_crypto_tokens create_local_datawriter_crypto_tokens;
|
||||||
|
|
||||||
DDS_Security_crypto_key_exchange_set_remote_datawriter_crypto_tokens set_remote_datawriter_crypto_tokens;
|
DDS_Security_crypto_key_exchange_set_remote_datawriter_crypto_tokens set_remote_datawriter_crypto_tokens;
|
||||||
|
|
||||||
DDS_Security_crypto_key_exchange_create_local_datareader_crypto_tokens create_local_datareader_crypto_tokens;
|
DDS_Security_crypto_key_exchange_create_local_datareader_crypto_tokens create_local_datareader_crypto_tokens;
|
||||||
|
|
||||||
DDS_Security_crypto_key_exchange_set_remote_datareader_crypto_tokens set_remote_datareader_crypto_tokens;
|
DDS_Security_crypto_key_exchange_set_remote_datareader_crypto_tokens set_remote_datareader_crypto_tokens;
|
||||||
|
|
||||||
DDS_Security_crypto_key_exchange_return_crypto_tokens return_crypto_tokens;
|
DDS_Security_crypto_key_exchange_return_crypto_tokens return_crypto_tokens;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
/* CryptoTransform Interface */
|
||||||
/**
|
typedef DDS_Security_boolean (*DDS_Security_crypto_transform_encode_serialized_payload)(
|
||||||
* CryptoTransform Interface
|
dds_security_crypto_transform *instance,
|
||||||
*/
|
|
||||||
|
|
||||||
typedef DDS_Security_boolean
|
|
||||||
(*DDS_Security_crypto_transform_encode_serialized_payload)
|
|
||||||
( dds_security_crypto_transform *instance,
|
|
||||||
DDS_Security_OctetSeq *encoded_buffer,
|
DDS_Security_OctetSeq *encoded_buffer,
|
||||||
DDS_Security_OctetSeq *extra_inline_qos,
|
DDS_Security_OctetSeq *extra_inline_qos,
|
||||||
const DDS_Security_OctetSeq *plain_buffer,
|
const DDS_Security_OctetSeq *plain_buffer,
|
||||||
const DDS_Security_DatawriterCryptoHandle sending_datawriter_crypto,
|
const DDS_Security_DatawriterCryptoHandle sending_datawriter_crypto,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
typedef DDS_Security_boolean
|
typedef DDS_Security_boolean (*DDS_Security_crypto_transform_encode_datawriter_submessage)(
|
||||||
(*DDS_Security_crypto_transform_encode_datawriter_submessage)
|
dds_security_crypto_transform *instance,
|
||||||
( dds_security_crypto_transform *instance,
|
|
||||||
DDS_Security_OctetSeq *encoded_rtps_submessage,
|
DDS_Security_OctetSeq *encoded_rtps_submessage,
|
||||||
const DDS_Security_OctetSeq *plain_rtps_submessage,
|
const DDS_Security_OctetSeq *plain_rtps_submessage,
|
||||||
const DDS_Security_DatawriterCryptoHandle sending_datawriter_crypto,
|
const DDS_Security_DatawriterCryptoHandle sending_datawriter_crypto,
|
||||||
|
@ -228,19 +181,16 @@ typedef DDS_Security_boolean
|
||||||
DDS_Security_long *receiving_datareader_crypto_list_index,
|
DDS_Security_long *receiving_datareader_crypto_list_index,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
typedef DDS_Security_boolean
|
typedef DDS_Security_boolean (*DDS_Security_crypto_transform_encode_datareader_submessage)(
|
||||||
(*DDS_Security_crypto_transform_encode_datareader_submessage)
|
dds_security_crypto_transform *instance,
|
||||||
( dds_security_crypto_transform *instance,
|
|
||||||
DDS_Security_OctetSeq *encoded_rtps_submessage,
|
DDS_Security_OctetSeq *encoded_rtps_submessage,
|
||||||
const DDS_Security_OctetSeq *plain_rtps_submessage,
|
const DDS_Security_OctetSeq *plain_rtps_submessage,
|
||||||
const DDS_Security_DatareaderCryptoHandle sending_datareader_crypto,
|
const DDS_Security_DatareaderCryptoHandle sending_datareader_crypto,
|
||||||
const DDS_Security_DatawriterCryptoHandleSeq *receiving_datawriter_crypto_list,
|
const DDS_Security_DatawriterCryptoHandleSeq *receiving_datawriter_crypto_list,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
|
typedef DDS_Security_boolean (*DDS_Security_crypto_transform_encode_rtps_message)(
|
||||||
typedef DDS_Security_boolean
|
dds_security_crypto_transform *instance,
|
||||||
(*DDS_Security_crypto_transform_encode_rtps_message)
|
|
||||||
( dds_security_crypto_transform *instance,
|
|
||||||
DDS_Security_OctetSeq *encoded_rtps_message,
|
DDS_Security_OctetSeq *encoded_rtps_message,
|
||||||
const DDS_Security_OctetSeq *plain_rtps_message,
|
const DDS_Security_OctetSeq *plain_rtps_message,
|
||||||
const DDS_Security_ParticipantCryptoHandle sending_participant_crypto,
|
const DDS_Security_ParticipantCryptoHandle sending_participant_crypto,
|
||||||
|
@ -248,18 +198,16 @@ typedef DDS_Security_boolean
|
||||||
DDS_Security_long *receiving_participant_crypto_list_index,
|
DDS_Security_long *receiving_participant_crypto_list_index,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
typedef DDS_Security_boolean
|
typedef DDS_Security_boolean (*DDS_Security_crypto_transform_decode_rtps_message)(
|
||||||
(*DDS_Security_crypto_transform_decode_rtps_message)
|
dds_security_crypto_transform *instance,
|
||||||
( dds_security_crypto_transform *instance,
|
|
||||||
DDS_Security_OctetSeq *plain_buffer,
|
DDS_Security_OctetSeq *plain_buffer,
|
||||||
const DDS_Security_OctetSeq *encoded_buffer,
|
const DDS_Security_OctetSeq *encoded_buffer,
|
||||||
const DDS_Security_ParticipantCryptoHandle receiving_participant_crypto,
|
const DDS_Security_ParticipantCryptoHandle receiving_participant_crypto,
|
||||||
const DDS_Security_ParticipantCryptoHandle sending_participant_crypto,
|
const DDS_Security_ParticipantCryptoHandle sending_participant_crypto,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
typedef DDS_Security_boolean
|
typedef DDS_Security_boolean (*DDS_Security_crypto_transform_preprocess_secure_submsg)(
|
||||||
(*DDS_Security_crypto_transform_preprocess_secure_submsg)
|
dds_security_crypto_transform *instance,
|
||||||
( dds_security_crypto_transform *instance,
|
|
||||||
DDS_Security_DatawriterCryptoHandle *datawriter_crypto,
|
DDS_Security_DatawriterCryptoHandle *datawriter_crypto,
|
||||||
DDS_Security_DatareaderCryptoHandle *datareader_crypto,
|
DDS_Security_DatareaderCryptoHandle *datareader_crypto,
|
||||||
DDS_Security_SecureSubmessageCategory_t *secure_submessage_category,
|
DDS_Security_SecureSubmessageCategory_t *secure_submessage_category,
|
||||||
|
@ -268,28 +216,24 @@ typedef DDS_Security_boolean
|
||||||
const DDS_Security_ParticipantCryptoHandle sending_participant_crypto,
|
const DDS_Security_ParticipantCryptoHandle sending_participant_crypto,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
typedef DDS_Security_boolean
|
typedef DDS_Security_boolean (*DDS_Security_crypto_transform_decode_datawriter_submessage)(
|
||||||
(*DDS_Security_crypto_transform_decode_datawriter_submessage)
|
dds_security_crypto_transform *instance,
|
||||||
( dds_security_crypto_transform *instance,
|
|
||||||
DDS_Security_OctetSeq *plain_rtps_submessage,
|
DDS_Security_OctetSeq *plain_rtps_submessage,
|
||||||
const DDS_Security_OctetSeq *encoded_rtps_submessage,
|
const DDS_Security_OctetSeq *encoded_rtps_submessage,
|
||||||
const DDS_Security_DatareaderCryptoHandle receiving_datareader_crypto,
|
const DDS_Security_DatareaderCryptoHandle receiving_datareader_crypto,
|
||||||
const DDS_Security_DatawriterCryptoHandle sending_datawriter_crypto,
|
const DDS_Security_DatawriterCryptoHandle sending_datawriter_crypto,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
typedef DDS_Security_boolean
|
typedef DDS_Security_boolean (*DDS_Security_crypto_transform_decode_datareader_submessage)(
|
||||||
(*DDS_Security_crypto_transform_decode_datareader_submessage)
|
dds_security_crypto_transform *instance,
|
||||||
( dds_security_crypto_transform *instance,
|
|
||||||
DDS_Security_OctetSeq *plain_rtps_message,
|
DDS_Security_OctetSeq *plain_rtps_message,
|
||||||
const DDS_Security_OctetSeq *encoded_rtps_message,
|
const DDS_Security_OctetSeq *encoded_rtps_message,
|
||||||
const DDS_Security_DatawriterCryptoHandle receiving_datawriter_crypto,
|
const DDS_Security_DatawriterCryptoHandle receiving_datawriter_crypto,
|
||||||
const DDS_Security_DatareaderCryptoHandle sending_datareader_crypto,
|
const DDS_Security_DatareaderCryptoHandle sending_datareader_crypto,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
|
typedef DDS_Security_boolean (*DDS_Security_crypto_transform_decode_serialized_payload)(
|
||||||
typedef DDS_Security_boolean
|
dds_security_crypto_transform *instance,
|
||||||
(*DDS_Security_crypto_transform_decode_serialized_payload)
|
|
||||||
( dds_security_crypto_transform *instance,
|
|
||||||
DDS_Security_OctetSeq *plain_buffer,
|
DDS_Security_OctetSeq *plain_buffer,
|
||||||
const DDS_Security_OctetSeq *encoded_buffer,
|
const DDS_Security_OctetSeq *encoded_buffer,
|
||||||
const DDS_Security_OctetSeq *inline_qos,
|
const DDS_Security_OctetSeq *inline_qos,
|
||||||
|
@ -297,39 +241,28 @@ typedef DDS_Security_boolean
|
||||||
const DDS_Security_DatawriterCryptoHandle sending_datawriter_crypto,
|
const DDS_Security_DatawriterCryptoHandle sending_datawriter_crypto,
|
||||||
DDS_Security_SecurityException *ex);
|
DDS_Security_SecurityException *ex);
|
||||||
|
|
||||||
|
|
||||||
struct dds_security_crypto_transform
|
struct dds_security_crypto_transform
|
||||||
{
|
{
|
||||||
DDS_Security_crypto_transform_encode_serialized_payload encode_serialized_payload;
|
DDS_Security_crypto_transform_encode_serialized_payload encode_serialized_payload;
|
||||||
|
|
||||||
DDS_Security_crypto_transform_encode_datawriter_submessage encode_datawriter_submessage;
|
DDS_Security_crypto_transform_encode_datawriter_submessage encode_datawriter_submessage;
|
||||||
|
|
||||||
DDS_Security_crypto_transform_encode_datareader_submessage encode_datareader_submessage;
|
DDS_Security_crypto_transform_encode_datareader_submessage encode_datareader_submessage;
|
||||||
|
|
||||||
DDS_Security_crypto_transform_encode_rtps_message encode_rtps_message;
|
DDS_Security_crypto_transform_encode_rtps_message encode_rtps_message;
|
||||||
|
|
||||||
DDS_Security_crypto_transform_decode_rtps_message decode_rtps_message;
|
DDS_Security_crypto_transform_decode_rtps_message decode_rtps_message;
|
||||||
|
|
||||||
DDS_Security_crypto_transform_preprocess_secure_submsg preprocess_secure_submsg;
|
DDS_Security_crypto_transform_preprocess_secure_submsg preprocess_secure_submsg;
|
||||||
|
|
||||||
DDS_Security_crypto_transform_decode_datawriter_submessage decode_datawriter_submessage;
|
DDS_Security_crypto_transform_decode_datawriter_submessage decode_datawriter_submessage;
|
||||||
|
|
||||||
DDS_Security_crypto_transform_decode_datareader_submessage decode_datareader_submessage;
|
DDS_Security_crypto_transform_decode_datareader_submessage decode_datareader_submessage;
|
||||||
|
|
||||||
DDS_Security_crypto_transform_decode_serialized_payload decode_serialized_payload;
|
DDS_Security_crypto_transform_decode_serialized_payload decode_serialized_payload;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
typedef struct dds_security_cryptography
|
typedef struct dds_security_cryptography
|
||||||
{
|
{
|
||||||
|
struct ddsi_domaingv *gv;
|
||||||
|
|
||||||
dds_security_crypto_transform *crypto_transform;
|
dds_security_crypto_transform *crypto_transform;
|
||||||
dds_security_crypto_key_factory *crypto_key_factory;
|
dds_security_crypto_key_factory *crypto_key_factory;
|
||||||
dds_security_crypto_key_exchange *crypto_key_exchange;
|
dds_security_crypto_key_exchange *crypto_key_exchange;
|
||||||
} dds_security_cryptography;
|
} dds_security_cryptography;
|
||||||
|
|
||||||
|
|
||||||
#if defined(__cplusplus)
|
#if defined(__cplusplus)
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
|
@ -20,13 +20,14 @@
|
||||||
#include "dds/ddsrt/string.h"
|
#include "dds/ddsrt/string.h"
|
||||||
#include "dds/ddsrt/sync.h"
|
#include "dds/ddsrt/sync.h"
|
||||||
#include "dds/ddsrt/types.h"
|
#include "dds/ddsrt/types.h"
|
||||||
|
#include "dds/ddsi/ddsi_domaingv.h"
|
||||||
#include "dds/security/dds_security_api.h"
|
#include "dds/security/dds_security_api.h"
|
||||||
#include "dds/security/core/dds_security_utils.h"
|
#include "dds/security/core/dds_security_utils.h"
|
||||||
|
#include "dds/security/core/dds_security_timed_cb.h"
|
||||||
#include "access_control.h"
|
#include "access_control.h"
|
||||||
#include "access_control_utils.h"
|
#include "access_control_utils.h"
|
||||||
#include "access_control_objects.h"
|
#include "access_control_objects.h"
|
||||||
#include "access_control_parser.h"
|
#include "access_control_parser.h"
|
||||||
#include "dds/security/core/dds_security_timed_cb.h"
|
|
||||||
|
|
||||||
#if OPENSSL_VERSION_NUMBER >= 0x10000000L && OPENSSL_VERSION_NUMBER < 0x10100000L
|
#if OPENSSL_VERSION_NUMBER >= 0x10000000L && OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||||
#define REMOVE_THREAD_STATE() ERR_remove_thread_state(NULL);
|
#define REMOVE_THREAD_STATE() ERR_remove_thread_state(NULL);
|
||||||
|
@ -82,7 +83,6 @@ typedef struct dds_security_access_control_impl
|
||||||
|
|
||||||
struct dds_security_timed_cb_data *timed_callbacks;
|
struct dds_security_timed_cb_data *timed_callbacks;
|
||||||
struct dds_security_timed_dispatcher_t *dispatcher;
|
struct dds_security_timed_dispatcher_t *dispatcher;
|
||||||
|
|
||||||
} dds_security_access_control_impl;
|
} dds_security_access_control_impl;
|
||||||
|
|
||||||
static bool get_sec_attributes(dds_security_access_control_impl *ac, const DDS_Security_PermissionsHandle permissions_handle, const char *topic_name,
|
static bool get_sec_attributes(dds_security_access_control_impl *ac, const DDS_Security_PermissionsHandle permissions_handle, const char *topic_name,
|
||||||
|
@ -162,12 +162,9 @@ validate_local_permissions(
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
permissions_handle = ACCESS_CONTROL_OBJECT_HANDLE(rights);
|
if ((permissions_handle = ACCESS_CONTROL_OBJECT_HANDLE(rights)) != DDS_SECURITY_HANDLE_NIL)
|
||||||
|
|
||||||
if (permissions_handle != DDS_SECURITY_HANDLE_NIL)
|
|
||||||
{
|
{
|
||||||
assert (rights->permissions_expiry != DDS_TIME_INVALID);
|
assert (rights->permissions_expiry != DDS_TIME_INVALID);
|
||||||
|
|
||||||
if (rights->permissions_expiry != 0)
|
if (rights->permissions_expiry != 0)
|
||||||
add_validity_end_trigger(ac, permissions_handle, rights->permissions_expiry);
|
add_validity_end_trigger(ac, permissions_handle, rights->permissions_expiry);
|
||||||
}
|
}
|
||||||
|
@ -228,10 +225,12 @@ validate_remote_permissions(
|
||||||
remote_rights = check_and_create_remote_participant_rights(remote_identity_handle, local_rights, remote_permissions_token, remote_credential_token, ex);
|
remote_rights = check_and_create_remote_participant_rights(remote_identity_handle, local_rights, remote_permissions_token, remote_credential_token, ex);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
permissions_handle = ACCESS_CONTROL_OBJECT_HANDLE(remote_rights);
|
if ((permissions_handle = ACCESS_CONTROL_OBJECT_HANDLE(remote_rights)) != DDS_SECURITY_HANDLE_NIL)
|
||||||
|
{
|
||||||
if (permissions_handle != DDS_SECURITY_HANDLE_NIL)
|
assert (remote_rights->permissions_expiry != DDS_TIME_INVALID);
|
||||||
|
if (remote_rights->permissions_expiry != 0)
|
||||||
add_validity_end_trigger(ac, permissions_handle, remote_rights->permissions_expiry);
|
add_validity_end_trigger(ac, permissions_handle, remote_rights->permissions_expiry);
|
||||||
|
}
|
||||||
|
|
||||||
if (remote_rights)
|
if (remote_rights)
|
||||||
access_control_table_insert(ac->remote_permissions, (AccessControlObject *)remote_rights);
|
access_control_table_insert(ac->remote_permissions, (AccessControlObject *)remote_rights);
|
||||||
|
@ -1475,14 +1474,13 @@ return_permissions_handle(
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
int init_access_control(const char *argument, void **context)
|
int init_access_control(const char *argument, void **context, struct ddsi_domaingv *gv)
|
||||||
{
|
{
|
||||||
DDSRT_UNUSED_ARG(argument);
|
DDSRT_UNUSED_ARG(argument);
|
||||||
|
|
||||||
dds_security_access_control_impl *access_control = ddsrt_malloc(sizeof(*access_control));
|
dds_security_access_control_impl *access_control = ddsrt_malloc(sizeof(*access_control));
|
||||||
memset(access_control, 0, sizeof(*access_control));
|
memset(access_control, 0, sizeof(*access_control));
|
||||||
|
access_control->base.gv = gv;
|
||||||
|
|
||||||
access_control->timed_callbacks = dds_security_timed_cb_new();
|
access_control->timed_callbacks = dds_security_timed_cb_new();
|
||||||
access_control->dispatcher = dds_security_timed_dispatcher_new(access_control->timed_callbacks);
|
access_control->dispatcher = dds_security_timed_dispatcher_new(access_control->timed_callbacks);
|
||||||
access_control->base.validate_local_permissions = &validate_local_permissions;
|
access_control->base.validate_local_permissions = &validate_local_permissions;
|
||||||
|
@ -1881,7 +1879,6 @@ validity_callback(struct dds_security_timed_dispatcher_t *d,
|
||||||
void *arg)
|
void *arg)
|
||||||
{
|
{
|
||||||
validity_cb_info *info = arg;
|
validity_cb_info *info = arg;
|
||||||
|
|
||||||
DDSRT_UNUSED_ARG(d);
|
DDSRT_UNUSED_ARG(d);
|
||||||
assert(d);
|
assert(d);
|
||||||
assert(arg);
|
assert(arg);
|
||||||
|
@ -1892,7 +1889,7 @@ validity_callback(struct dds_security_timed_dispatcher_t *d,
|
||||||
{
|
{
|
||||||
dds_security_access_control_listener *ac_listener = (dds_security_access_control_listener *)listener;
|
dds_security_access_control_listener *ac_listener = (dds_security_access_control_listener *)listener;
|
||||||
if (ac_listener->on_revoke_permissions)
|
if (ac_listener->on_revoke_permissions)
|
||||||
ac_listener->on_revoke_permissions(ac_listener, (dds_security_access_control *)info->ac, info->hdl);
|
ac_listener->on_revoke_permissions((dds_security_access_control *)info->ac, info->hdl);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
ddsrt_free(arg);
|
ddsrt_free(arg);
|
||||||
|
|
|
@ -12,10 +12,11 @@
|
||||||
#ifndef ACCESS_CONTROL_H
|
#ifndef ACCESS_CONTROL_H
|
||||||
#define ACCESS_CONTROL_H
|
#define ACCESS_CONTROL_H
|
||||||
|
|
||||||
|
#include "dds/ddsi/ddsi_domaingv.h"
|
||||||
#include "dds/security/dds_security_api.h"
|
#include "dds/security/dds_security_api.h"
|
||||||
#include "dds/security/export.h"
|
#include "dds/security/export.h"
|
||||||
|
|
||||||
SECURITY_EXPORT int init_access_control(const char *argument, void **context);
|
SECURITY_EXPORT int init_access_control(const char *argument, void **context, struct ddsi_domaingv *gv);
|
||||||
SECURITY_EXPORT int finalize_access_control(void *context);
|
SECURITY_EXPORT int finalize_access_control(void *context);
|
||||||
|
|
||||||
#endif /* ACCESS_CONTROL_H */
|
#endif /* ACCESS_CONTROL_H */
|
||||||
|
|
|
@ -43,6 +43,7 @@ target_include_directories(dds_security_auth
|
||||||
"$<BUILD_INTERFACE:$<TARGET_PROPERTY:security_core,INTERFACE_INCLUDE_DIRECTORIES>>"
|
"$<BUILD_INTERFACE:$<TARGET_PROPERTY:security_core,INTERFACE_INCLUDE_DIRECTORIES>>"
|
||||||
"$<BUILD_INTERFACE:$<TARGET_PROPERTY:ddsrt,INTERFACE_INCLUDE_DIRECTORIES>>"
|
"$<BUILD_INTERFACE:$<TARGET_PROPERTY:ddsrt,INTERFACE_INCLUDE_DIRECTORIES>>"
|
||||||
"$<BUILD_INTERFACE:${CMAKE_CURRENT_BINARY_DIR}/include>"
|
"$<BUILD_INTERFACE:${CMAKE_CURRENT_BINARY_DIR}/include>"
|
||||||
|
"$<BUILD_INTERFACE:${CMAKE_CURRENT_LIST_DIR}/../../../core/ddsi/include>"
|
||||||
)
|
)
|
||||||
|
|
||||||
install(
|
install(
|
||||||
|
|
|
@ -41,6 +41,7 @@
|
||||||
#include "dds/ddsrt/string.h"
|
#include "dds/ddsrt/string.h"
|
||||||
#include "dds/ddsrt/sync.h"
|
#include "dds/ddsrt/sync.h"
|
||||||
#include "dds/ddsrt/hopscotch.h"
|
#include "dds/ddsrt/hopscotch.h"
|
||||||
|
#include "dds/ddsi/ddsi_domaingv.h"
|
||||||
#include "dds/security/dds_security_api.h"
|
#include "dds/security/dds_security_api.h"
|
||||||
#include "dds/security/core/dds_security_timed_cb.h"
|
#include "dds/security/core/dds_security_timed_cb.h"
|
||||||
#include "dds/security/core/dds_security_utils.h"
|
#include "dds/security/core/dds_security_utils.h"
|
||||||
|
@ -2229,14 +2230,14 @@ DDS_Security_boolean return_sharedsecret_handle(dds_security_authentication *ins
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
int32_t init_authentication(const char *argument, void **context)
|
int32_t init_authentication(const char *argument, void **context, struct ddsi_domaingv *gv)
|
||||||
{
|
{
|
||||||
DDSRT_UNUSED_ARG(argument);
|
DDSRT_UNUSED_ARG(argument);
|
||||||
dds_security_authentication_impl *authentication;
|
dds_security_authentication_impl *authentication;
|
||||||
|
|
||||||
authentication = (dds_security_authentication_impl *)ddsrt_malloc(sizeof(dds_security_authentication_impl));
|
authentication = (dds_security_authentication_impl *)ddsrt_malloc(sizeof(dds_security_authentication_impl));
|
||||||
memset(authentication, 0, sizeof(dds_security_authentication_impl));
|
memset(authentication, 0, sizeof(dds_security_authentication_impl));
|
||||||
|
authentication->base.gv = gv;
|
||||||
authentication->timed_callbacks = dds_security_timed_cb_new();
|
authentication->timed_callbacks = dds_security_timed_cb_new();
|
||||||
authentication->dispatcher = dds_security_timed_dispatcher_new(authentication->timed_callbacks);
|
authentication->dispatcher = dds_security_timed_dispatcher_new(authentication->timed_callbacks);
|
||||||
|
|
||||||
|
|
|
@ -17,7 +17,7 @@
|
||||||
#include "dds/security/dds_security_api.h"
|
#include "dds/security/dds_security_api.h"
|
||||||
#include "dds/security/export.h"
|
#include "dds/security/export.h"
|
||||||
|
|
||||||
SECURITY_EXPORT int32_t init_authentication(const char *argument, void **context);
|
SECURITY_EXPORT int32_t init_authentication(const char *argument, void **context, struct ddsi_domaingv *gv);
|
||||||
SECURITY_EXPORT int32_t finalize_authentication(void *context);
|
SECURITY_EXPORT int32_t finalize_authentication(void *context);
|
||||||
|
|
||||||
DDS_Security_ValidationResult_t validate_local_identity(dds_security_authentication *instance, DDS_Security_IdentityHandle *local_identity_handle, DDS_Security_GUID_t *adjusted_participant_guid,
|
DDS_Security_ValidationResult_t validate_local_identity(dds_security_authentication *instance, DDS_Security_IdentityHandle *local_identity_handle, DDS_Security_GUID_t *adjusted_participant_guid,
|
||||||
|
|
|
@ -42,6 +42,7 @@ target_include_directories(dds_security_crypto
|
||||||
"$<BUILD_INTERFACE:$<TARGET_PROPERTY:security_core,INTERFACE_INCLUDE_DIRECTORIES>>"
|
"$<BUILD_INTERFACE:$<TARGET_PROPERTY:security_core,INTERFACE_INCLUDE_DIRECTORIES>>"
|
||||||
"$<BUILD_INTERFACE:$<TARGET_PROPERTY:ddsrt,INTERFACE_INCLUDE_DIRECTORIES>>"
|
"$<BUILD_INTERFACE:$<TARGET_PROPERTY:ddsrt,INTERFACE_INCLUDE_DIRECTORIES>>"
|
||||||
"$<BUILD_INTERFACE:${CMAKE_CURRENT_BINARY_DIR}/include>"
|
"$<BUILD_INTERFACE:${CMAKE_CURRENT_BINARY_DIR}/include>"
|
||||||
|
"$<BUILD_INTERFACE:${CMAKE_CURRENT_LIST_DIR}/../../../core/ddsi/include>"
|
||||||
)
|
)
|
||||||
|
|
||||||
install(
|
install(
|
||||||
|
|
|
@ -11,6 +11,7 @@
|
||||||
*/
|
*/
|
||||||
#include "dds/ddsrt/heap.h"
|
#include "dds/ddsrt/heap.h"
|
||||||
#include "dds/ddsrt/types.h"
|
#include "dds/ddsrt/types.h"
|
||||||
|
#include "dds/ddsi/ddsi_domaingv.h"
|
||||||
#include "dds/security/dds_security_api.h"
|
#include "dds/security/dds_security_api.h"
|
||||||
#include "cryptography.h"
|
#include "cryptography.h"
|
||||||
#include "crypto_key_exchange.h"
|
#include "crypto_key_exchange.h"
|
||||||
|
@ -24,6 +25,7 @@
|
||||||
|
|
||||||
typedef struct dds_security_cryptography_impl {
|
typedef struct dds_security_cryptography_impl {
|
||||||
dds_security_cryptography base;
|
dds_security_cryptography base;
|
||||||
|
struct ddsi_domaingv *gv;
|
||||||
} dds_security_cryptography_impl;
|
} dds_security_cryptography_impl;
|
||||||
|
|
||||||
dds_security_crypto_key_factory *cryptography_get_crypto_key_factory (const struct dds_security_cryptography *crypto)
|
dds_security_crypto_key_factory *cryptography_get_crypto_key_factory (const struct dds_security_cryptography *crypto)
|
||||||
|
@ -45,7 +47,7 @@ dds_security_crypto_transform *cryptography_get_crypto_transform (const struct d
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
int init_crypto (const char *argument, void **context)
|
int init_crypto (const char *argument, void **context, struct ddsi_domaingv *gv)
|
||||||
{
|
{
|
||||||
dds_security_cryptography_impl *cryptography;
|
dds_security_cryptography_impl *cryptography;
|
||||||
dds_security_crypto_key_exchange *crypto_key_exchange;
|
dds_security_crypto_key_exchange *crypto_key_exchange;
|
||||||
|
@ -56,6 +58,7 @@ int init_crypto (const char *argument, void **context)
|
||||||
|
|
||||||
/* allocate new instance */
|
/* allocate new instance */
|
||||||
cryptography = ddsrt_malloc (sizeof(*cryptography));
|
cryptography = ddsrt_malloc (sizeof(*cryptography));
|
||||||
|
cryptography->base.gv = gv;
|
||||||
|
|
||||||
/* assign the sub components */
|
/* assign the sub components */
|
||||||
crypto_key_exchange = dds_security_crypto_key_exchange__alloc ((dds_security_cryptography *)cryptography);
|
crypto_key_exchange = dds_security_crypto_key_exchange__alloc ((dds_security_cryptography *)cryptography);
|
||||||
|
|
|
@ -12,22 +12,15 @@
|
||||||
#ifndef CRYPTOGRAPHY_H
|
#ifndef CRYPTOGRAPHY_H
|
||||||
#define CRYPTOGRAPHY_H
|
#define CRYPTOGRAPHY_H
|
||||||
|
|
||||||
|
#include "dds/ddsi/ddsi_domaingv.h"
|
||||||
#include "dds/security/dds_security_api.h"
|
#include "dds/security/dds_security_api.h"
|
||||||
#include "dds/security/export.h"
|
#include "dds/security/export.h"
|
||||||
|
|
||||||
SECURITY_EXPORT int init_crypto(const char *argument, void **context);
|
SECURITY_EXPORT int init_crypto(const char *argument, void **context, struct ddsi_domaingv *gv);
|
||||||
SECURITY_EXPORT int finalize_crypto(void *instance);
|
SECURITY_EXPORT int finalize_crypto(void *instance);
|
||||||
|
|
||||||
dds_security_crypto_key_factory *
|
dds_security_crypto_key_factory *cryptography_get_crypto_key_factory(const dds_security_cryptography *crypto);
|
||||||
cryptography_get_crypto_key_factory(
|
dds_security_crypto_key_exchange * cryptography_get_crypto_key_exchange(const dds_security_cryptography *crypto);
|
||||||
const dds_security_cryptography *crypto);
|
dds_security_crypto_transform *cryptography_get_crypto_transform(const dds_security_cryptography *crypto);
|
||||||
|
|
||||||
dds_security_crypto_key_exchange *
|
|
||||||
cryptography_get_crypto_key_exchange(
|
|
||||||
const dds_security_cryptography *crypto);
|
|
||||||
|
|
||||||
dds_security_crypto_transform *
|
|
||||||
cryptography_get_crypto_transform(
|
|
||||||
const dds_security_cryptography *crypto);
|
|
||||||
|
|
||||||
#endif /* CRYPTOGRAPHY_H */
|
#endif /* CRYPTOGRAPHY_H */
|
||||||
|
|
|
@ -64,7 +64,7 @@ load_plugin(
|
||||||
}
|
}
|
||||||
|
|
||||||
char * init_parameters = "";
|
char * init_parameters = "";
|
||||||
(void)info->func_init(init_parameters, &plugin);
|
(void)info->func_init(init_parameters, &plugin, NULL);
|
||||||
if (plugin) {
|
if (plugin) {
|
||||||
info->context = plugin;
|
info->context = plugin;
|
||||||
} else {
|
} else {
|
||||||
|
|
|
@ -568,9 +568,8 @@ CU_Clean(ddssec_builtin_listeners_access_control)
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static DDS_Security_boolean on_revoke_permissions_cb(dds_security_access_control_listener *instance, const dds_security_access_control *plugin, const DDS_Security_PermissionsHandle handle)
|
static DDS_Security_boolean on_revoke_permissions_cb(const dds_security_access_control *plugin, const DDS_Security_PermissionsHandle handle)
|
||||||
{
|
{
|
||||||
DDSRT_UNUSED_ARG(instance);
|
|
||||||
DDSRT_UNUSED_ARG(plugin);
|
DDSRT_UNUSED_ARG(plugin);
|
||||||
if (permission_handle_for_callback1 == DDS_SECURITY_HANDLE_NIL)
|
if (permission_handle_for_callback1 == DDS_SECURITY_HANDLE_NIL)
|
||||||
permission_handle_for_callback1 = handle;
|
permission_handle_for_callback1 = handle;
|
||||||
|
|
|
@ -14,10 +14,11 @@
|
||||||
#ifndef SECURITY_CORE_PLUGINS_H_
|
#ifndef SECURITY_CORE_PLUGINS_H_
|
||||||
#define SECURITY_CORE_PLUGINS_H_
|
#define SECURITY_CORE_PLUGINS_H_
|
||||||
|
|
||||||
|
#include <stdint.h>
|
||||||
#include "dds/export.h"
|
#include "dds/export.h"
|
||||||
#include "dds/ddsrt/retcode.h"
|
#include "dds/ddsrt/retcode.h"
|
||||||
#include "dds/ddsrt/dynlib.h"
|
#include "dds/ddsrt/dynlib.h"
|
||||||
#include <stdint.h>
|
#include "dds/ddsi/ddsi_domaingv.h"
|
||||||
#include "dds/security/dds_security_api.h"
|
#include "dds/security/dds_security_api.h"
|
||||||
|
|
||||||
struct ddsrt_log_cfg;
|
struct ddsrt_log_cfg;
|
||||||
|
@ -47,24 +48,14 @@ typedef struct dds_security_plugin_suite_config{
|
||||||
dds_security_plugin_config access_control;
|
dds_security_plugin_config access_control;
|
||||||
} dds_security_plugin_suite_config;
|
} dds_security_plugin_suite_config;
|
||||||
|
|
||||||
DDS_EXPORT dds_return_t dds_security_plugin_release(
|
DDS_EXPORT dds_return_t dds_security_plugin_release(const dds_security_plugin *security_plugin, void *context);
|
||||||
const dds_security_plugin *security_plugin,
|
DDS_EXPORT dds_return_t dds_security_check_plugin_configuration(const dds_security_plugin_suite_config *security_suite_config, struct ddsi_domaingv *gv);
|
||||||
void *context );
|
DDS_EXPORT dds_return_t dds_security_load_security_library(const dds_security_plugin_config *plugin_config, dds_security_plugin *security_plugin,
|
||||||
|
void **security_plugin_context, struct ddsi_domaingv *gv);
|
||||||
DDS_EXPORT dds_return_t dds_security_check_plugin_configuration(
|
|
||||||
const dds_security_plugin_suite_config *security_suite_config,
|
|
||||||
const struct ddsrt_log_cfg *logcfg);
|
|
||||||
|
|
||||||
DDS_EXPORT dds_return_t dds_security_load_security_library(
|
|
||||||
const dds_security_plugin_config *plugin_config,
|
|
||||||
dds_security_plugin *security_plugin, void **security_plugin_context,
|
|
||||||
const struct ddsrt_log_cfg *logcfg);
|
|
||||||
|
|
||||||
DDS_EXPORT dds_return_t dds_security_verify_plugin_functions(
|
DDS_EXPORT dds_return_t dds_security_verify_plugin_functions(
|
||||||
dds_security_authentication *authentication_context, dds_security_plugin *auth_plugin,
|
dds_security_authentication *authentication_context, dds_security_plugin *auth_plugin,
|
||||||
dds_security_cryptography *crypto_context, dds_security_plugin *crypto_plugin,
|
dds_security_cryptography *crypto_context, dds_security_plugin *crypto_plugin,
|
||||||
dds_security_access_control *access_control_context, dds_security_plugin *ac_plugin,
|
dds_security_access_control *access_control_context, dds_security_plugin *ac_plugin,
|
||||||
const struct ddsrt_log_cfg *logcfg);
|
struct ddsi_domaingv *gv);
|
||||||
|
|
||||||
#endif /* SECURITY_CORE_PLUGINS_H_ */
|
#endif /* SECURITY_CORE_PLUGINS_H_ */
|
||||||
|
|
||||||
|
|
|
@ -19,40 +19,40 @@
|
||||||
#include "dds/ddsrt/dynlib.h"
|
#include "dds/ddsrt/dynlib.h"
|
||||||
#include "dds/ddsrt/io.h"
|
#include "dds/ddsrt/io.h"
|
||||||
|
|
||||||
static bool check_plugin_configuration (const dds_security_plugin_config *config, const char *name, const struct ddsrt_log_cfg *logcfg)
|
static bool check_plugin_configuration (const dds_security_plugin_config *config, const char *name, struct ddsi_domaingv *gv)
|
||||||
{
|
{
|
||||||
if (config->library_path == NULL || *config->library_path == 0) {
|
if (config->library_path == NULL || *config->library_path == 0) {
|
||||||
DDS_CERROR (logcfg, "%s security plugin library path is undefined or empty\n", name);
|
GVERROR ("%s security plugin library path is undefined or empty\n", name);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
if (config->library_init == NULL || *config->library_init == 0) {
|
if (config->library_init == NULL || *config->library_init == 0) {
|
||||||
DDS_CERROR (logcfg, "%s security plugin init function is undefined or empty\n", name);
|
GVERROR ("%s security plugin init function is undefined or empty\n", name);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
if (config->library_finalize == NULL || *config->library_finalize == 0) {
|
if (config->library_finalize == NULL || *config->library_finalize == 0) {
|
||||||
DDS_CERROR (logcfg, "%s security plugin finalize function is undefined or empty\n", name);
|
GVERROR ("%s security plugin finalize function is undefined or empty\n", name);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
dds_return_t dds_security_check_plugin_configuration (const dds_security_plugin_suite_config *security_suite_config, const struct ddsrt_log_cfg *logcfg)
|
dds_return_t dds_security_check_plugin_configuration (const dds_security_plugin_suite_config *security_suite_config, struct ddsi_domaingv *gv)
|
||||||
{
|
{
|
||||||
if (check_plugin_configuration (&security_suite_config->access_control, "AccessControl", logcfg) &&
|
if (check_plugin_configuration (&security_suite_config->access_control, "AccessControl", gv) &&
|
||||||
check_plugin_configuration (&security_suite_config->authentication, "Authentication", logcfg) &&
|
check_plugin_configuration (&security_suite_config->authentication, "Authentication", gv) &&
|
||||||
check_plugin_configuration (&security_suite_config->cryptography, "Cryptography", logcfg))
|
check_plugin_configuration (&security_suite_config->cryptography, "Cryptography", gv))
|
||||||
return DDS_RETCODE_OK;
|
return DDS_RETCODE_OK;
|
||||||
else
|
else
|
||||||
return DDS_RETCODE_ERROR;
|
return DDS_RETCODE_ERROR;
|
||||||
}
|
}
|
||||||
|
|
||||||
static bool verify_function (const void *function_ptr, dds_security_plugin *plugin, const char *function_name, const struct ddsrt_log_cfg *logcfg)
|
static bool verify_function (const void *function_ptr, dds_security_plugin *plugin, const char *function_name, struct ddsi_domaingv *gv)
|
||||||
{
|
{
|
||||||
if (function_ptr != NULL)
|
if (function_ptr != NULL)
|
||||||
return true;
|
return true;
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
DDS_CERROR (logcfg, "Could not find the function for %s: %s\n", plugin->name, function_name);
|
GVERROR ("Could not find the function for %s: %s\n", plugin->name, function_name);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -62,12 +62,12 @@ struct verify_plugin_functions_tab {
|
||||||
const char *name;
|
const char *name;
|
||||||
};
|
};
|
||||||
|
|
||||||
static bool verify_plugin_functions (const void *context, dds_security_plugin *plugin, const struct verify_plugin_functions_tab *entries, size_t nentries, const struct ddsrt_log_cfg *logcfg)
|
static bool verify_plugin_functions (const void *context, dds_security_plugin *plugin, const struct verify_plugin_functions_tab *entries, size_t nentries, struct ddsi_domaingv *gv)
|
||||||
{
|
{
|
||||||
for (size_t i = 0; i < nentries; i++)
|
for (size_t i = 0; i < nentries; i++)
|
||||||
{
|
{
|
||||||
const char *p = (const char *) context + entries[i].off;
|
const char *p = (const char *) context + entries[i].off;
|
||||||
if (!verify_function (*((void **) p), plugin, entries[i].name, logcfg))
|
if (!verify_function (*((void **) p), plugin, entries[i].name, gv))
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
return true;
|
return true;
|
||||||
|
@ -77,7 +77,7 @@ dds_return_t dds_security_verify_plugin_functions(
|
||||||
dds_security_authentication *authentication_context, dds_security_plugin *auth_plugin,
|
dds_security_authentication *authentication_context, dds_security_plugin *auth_plugin,
|
||||||
dds_security_cryptography *crypto_context, dds_security_plugin *crypto_plugin,
|
dds_security_cryptography *crypto_context, dds_security_plugin *crypto_plugin,
|
||||||
dds_security_access_control *access_control_context, dds_security_plugin *ac_plugin,
|
dds_security_access_control *access_control_context, dds_security_plugin *ac_plugin,
|
||||||
const struct ddsrt_log_cfg *logcfg)
|
struct ddsi_domaingv *gv)
|
||||||
{
|
{
|
||||||
#define FGEN(context, name) { offsetof (context, name), #name }
|
#define FGEN(context, name) { offsetof (context, name), #name }
|
||||||
#define F(name) FGEN (dds_security_authentication, name)
|
#define F(name) FGEN (dds_security_authentication, name)
|
||||||
|
@ -170,7 +170,7 @@ dds_return_t dds_security_verify_plugin_functions(
|
||||||
F (decode_serialized_payload)
|
F (decode_serialized_payload)
|
||||||
};
|
};
|
||||||
#undef F
|
#undef F
|
||||||
#define C(context, plugin, table) verify_plugin_functions (context, plugin, table, sizeof (table) / sizeof (table[0]), logcfg)
|
#define C(context, plugin, table) verify_plugin_functions (context, plugin, table, sizeof (table) / sizeof (table[0]), gv)
|
||||||
if (C (authentication_context, auth_plugin, auth) &&
|
if (C (authentication_context, auth_plugin, auth) &&
|
||||||
C (access_control_context, ac_plugin, ac) &&
|
C (access_control_context, ac_plugin, ac) &&
|
||||||
C (crypto_context->crypto_key_factory, crypto_plugin, cryptoF) &&
|
C (crypto_context->crypto_key_factory, crypto_plugin, cryptoF) &&
|
||||||
|
@ -189,7 +189,8 @@ dds_return_t dds_security_verify_plugin_functions(
|
||||||
/**
|
/**
|
||||||
* All fields of the library properties are supposed to be non-empty
|
* All fields of the library properties are supposed to be non-empty
|
||||||
*/
|
*/
|
||||||
dds_return_t dds_security_load_security_library (const dds_security_plugin_config *plugin_config, dds_security_plugin *security_plugin, void **security_plugin_context, const struct ddsrt_log_cfg *logcfg)
|
dds_return_t dds_security_load_security_library (const dds_security_plugin_config *plugin_config, dds_security_plugin *security_plugin,
|
||||||
|
void **security_plugin_context, struct ddsi_domaingv *gv)
|
||||||
{
|
{
|
||||||
dds_return_t lib_ret;
|
dds_return_t lib_ret;
|
||||||
char *init_parameters = "";
|
char *init_parameters = "";
|
||||||
|
@ -211,30 +212,30 @@ dds_return_t dds_security_load_security_library (const dds_security_plugin_confi
|
||||||
{
|
{
|
||||||
char buffer[256];
|
char buffer[256];
|
||||||
ddsrt_dlerror (buffer, sizeof (buffer));
|
ddsrt_dlerror (buffer, sizeof (buffer));
|
||||||
DDS_CERROR (logcfg, "Could not load %s library: %s\n", security_plugin->name, buffer);
|
GVERROR ("Could not load %s library: %s\n", security_plugin->name, buffer);
|
||||||
goto load_error;
|
goto load_error;
|
||||||
}
|
}
|
||||||
|
|
||||||
void *tmp;
|
void *tmp;
|
||||||
if (ddsrt_dlsym (security_plugin->lib_handle, plugin_config->library_init, &tmp) != DDS_RETCODE_OK)
|
if (ddsrt_dlsym (security_plugin->lib_handle, plugin_config->library_init, &tmp) != DDS_RETCODE_OK)
|
||||||
{
|
{
|
||||||
DDS_CERROR (logcfg, "Could not find the function: %s\n", plugin_config->library_init);
|
GVERROR ("Could not find the function: %s\n", plugin_config->library_init);
|
||||||
goto library_error;
|
goto library_error;
|
||||||
}
|
}
|
||||||
security_plugin->func_init = (plugin_init) tmp;
|
security_plugin->func_init = (plugin_init) tmp;
|
||||||
|
|
||||||
if (ddsrt_dlsym (security_plugin->lib_handle, plugin_config->library_finalize, &tmp) != DDS_RETCODE_OK)
|
if (ddsrt_dlsym (security_plugin->lib_handle, plugin_config->library_finalize, &tmp) != DDS_RETCODE_OK)
|
||||||
{
|
{
|
||||||
DDS_CERROR (logcfg, "Could not find the function: %s\n", plugin_config->library_finalize);
|
GVERROR ("Could not find the function: %s\n", plugin_config->library_finalize);
|
||||||
goto library_error;
|
goto library_error;
|
||||||
}
|
}
|
||||||
security_plugin->func_finalize = (plugin_finalize) tmp;
|
security_plugin->func_finalize = (plugin_finalize) tmp;
|
||||||
|
|
||||||
if (security_plugin->func_init != 0)
|
if (security_plugin->func_init != 0)
|
||||||
{
|
{
|
||||||
if (security_plugin->func_init (init_parameters, (void **) security_plugin_context) != DDS_RETCODE_OK)
|
if (security_plugin->func_init (init_parameters, (void **) security_plugin_context, gv) != DDS_RETCODE_OK)
|
||||||
{
|
{
|
||||||
DDS_CERROR (logcfg, "Error occured while initializing %s plugin\n", security_plugin->name);
|
GVERROR ("Error occured while initializing %s plugin\n", security_plugin->name);
|
||||||
goto library_error;
|
goto library_error;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -514,10 +514,11 @@ static struct dds_security_access_control_impl * init_test_access_control_common
|
||||||
return impl;
|
return impl;
|
||||||
}
|
}
|
||||||
|
|
||||||
int32_t init_test_access_control_all_ok(const char *argument, void **context)
|
int32_t init_test_access_control_all_ok(const char *argument, void **context, struct ddsi_domaingv *gv)
|
||||||
{
|
{
|
||||||
DDSRT_UNUSED_ARG(argument);
|
DDSRT_UNUSED_ARG(argument);
|
||||||
DDSRT_UNUSED_ARG(context);
|
DDSRT_UNUSED_ARG(context);
|
||||||
|
DDSRT_UNUSED_ARG(gv);
|
||||||
struct dds_security_access_control_impl *impl = init_test_access_control_common();
|
struct dds_security_access_control_impl *impl = init_test_access_control_common();
|
||||||
impl->mode = PLUGIN_MODE_ALL_OK;
|
impl->mode = PLUGIN_MODE_ALL_OK;
|
||||||
*context = impl;
|
*context = impl;
|
||||||
|
@ -531,10 +532,11 @@ int32_t finalize_test_access_control_all_ok(void *context)
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
int32_t init_test_access_control_missing_func(const char *argument, void **context)
|
int32_t init_test_access_control_missing_func(const char *argument, void **context, struct ddsi_domaingv *gv)
|
||||||
{
|
{
|
||||||
DDSRT_UNUSED_ARG(argument);
|
DDSRT_UNUSED_ARG(argument);
|
||||||
DDSRT_UNUSED_ARG(context);
|
DDSRT_UNUSED_ARG(context);
|
||||||
|
DDSRT_UNUSED_ARG(gv);
|
||||||
struct dds_security_access_control_impl *impl = init_test_access_control_common();
|
struct dds_security_access_control_impl *impl = init_test_access_control_common();
|
||||||
impl->base.check_create_datareader = NULL;
|
impl->base.check_create_datareader = NULL;
|
||||||
impl->mode = PLUGIN_MODE_MISSING_FUNC;
|
impl->mode = PLUGIN_MODE_MISSING_FUNC;
|
||||||
|
|
|
@ -12,15 +12,16 @@
|
||||||
#ifndef SECURITY_CORE_TEST_ACCESS_CONTROL_WRAPPER_H_
|
#ifndef SECURITY_CORE_TEST_ACCESS_CONTROL_WRAPPER_H_
|
||||||
#define SECURITY_CORE_TEST_ACCESS_CONTROL_WRAPPER_H_
|
#define SECURITY_CORE_TEST_ACCESS_CONTROL_WRAPPER_H_
|
||||||
|
|
||||||
|
#include "dds/ddsi/ddsi_domaingv.h"
|
||||||
#include "dds/security/dds_security_api.h"
|
#include "dds/security/dds_security_api.h"
|
||||||
#include "dds/security/access_control_wrapper_export.h"
|
#include "dds/security/access_control_wrapper_export.h"
|
||||||
|
|
||||||
/* Init in all-ok mode: all functions return success without calling the actual plugin */
|
/* Init in all-ok mode: all functions return success without calling the actual plugin */
|
||||||
SECURITY_EXPORT int32_t init_test_access_control_all_ok(const char *argument, void **context);
|
SECURITY_EXPORT int32_t init_test_access_control_all_ok(const char *argument, void **context, struct ddsi_domaingv *gv);
|
||||||
SECURITY_EXPORT int32_t finalize_test_access_control_all_ok(void *context);
|
SECURITY_EXPORT int32_t finalize_test_access_control_all_ok(void *context);
|
||||||
|
|
||||||
/* Init in missing function mode: one of the function pointers is null */
|
/* Init in missing function mode: one of the function pointers is null */
|
||||||
SECURITY_EXPORT int32_t init_test_access_control_missing_func(const char *argument, void **context);
|
SECURITY_EXPORT int32_t init_test_access_control_missing_func(const char *argument, void **context, struct ddsi_domaingv *gv);
|
||||||
SECURITY_EXPORT int32_t finalize_test_access_control_missing_func(void *context);
|
SECURITY_EXPORT int32_t finalize_test_access_control_missing_func(void *context);
|
||||||
|
|
||||||
#endif /* SECURITY_CORE_TEST_ACCESS_CONTROL_WRAPPER_H_ */
|
#endif /* SECURITY_CORE_TEST_ACCESS_CONTROL_WRAPPER_H_ */
|
||||||
|
|
|
@ -22,7 +22,7 @@
|
||||||
#include "test_identity.h"
|
#include "test_identity.h"
|
||||||
#include "plugin_wrapper_msg_q.h"
|
#include "plugin_wrapper_msg_q.h"
|
||||||
|
|
||||||
int32_t init_authentication(const char *argument, void **context);
|
int32_t init_authentication(const char *argument, void **context, struct ddsi_domaingv *gv);
|
||||||
int32_t finalize_authentication(void *context);
|
int32_t finalize_authentication(void *context);
|
||||||
|
|
||||||
enum auth_plugin_mode {
|
enum auth_plugin_mode {
|
||||||
|
@ -41,7 +41,6 @@ struct dds_security_authentication_impl
|
||||||
dds_security_authentication base;
|
dds_security_authentication base;
|
||||||
dds_security_authentication *instance;
|
dds_security_authentication *instance;
|
||||||
struct message_queue msg_queue;
|
struct message_queue msg_queue;
|
||||||
const struct ddsi_domaingv *gv;
|
|
||||||
enum auth_plugin_mode mode;
|
enum auth_plugin_mode mode;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -439,7 +438,7 @@ static struct dds_security_authentication_impl * get_impl_for_domain(dds_domaini
|
||||||
{
|
{
|
||||||
for (size_t i = 0; i < auth_impl_idx; i++)
|
for (size_t i = 0; i < auth_impl_idx; i++)
|
||||||
{
|
{
|
||||||
if (auth_impl[i] && auth_impl[i]->gv->config.domainId == domain_id)
|
if (auth_impl[i] && auth_impl[i]->instance->gv->config.domainId == domain_id)
|
||||||
{
|
{
|
||||||
return auth_impl[i];
|
return auth_impl[i];
|
||||||
}
|
}
|
||||||
|
@ -483,10 +482,11 @@ static struct dds_security_authentication_impl * init_test_authentication_common
|
||||||
return impl;
|
return impl;
|
||||||
}
|
}
|
||||||
|
|
||||||
int32_t init_test_authentication_all_ok(const char *argument, void **context)
|
int32_t init_test_authentication_all_ok(const char *argument, void **context, struct ddsi_domaingv *gv)
|
||||||
{
|
{
|
||||||
DDSRT_UNUSED_ARG(argument);
|
DDSRT_UNUSED_ARG(argument);
|
||||||
DDSRT_UNUSED_ARG(context);
|
DDSRT_UNUSED_ARG(context);
|
||||||
|
DDSRT_UNUSED_ARG(gv);
|
||||||
struct dds_security_authentication_impl *impl = init_test_authentication_common();
|
struct dds_security_authentication_impl *impl = init_test_authentication_common();
|
||||||
impl->mode = PLUGIN_MODE_ALL_OK;
|
impl->mode = PLUGIN_MODE_ALL_OK;
|
||||||
*context = impl;
|
*context = impl;
|
||||||
|
@ -500,10 +500,11 @@ int32_t finalize_test_authentication_all_ok(void *context)
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
int32_t init_test_authentication_missing_func(const char *argument, void **context)
|
int32_t init_test_authentication_missing_func(const char *argument, void **context, struct ddsi_domaingv *gv)
|
||||||
{
|
{
|
||||||
DDSRT_UNUSED_ARG(argument);
|
DDSRT_UNUSED_ARG(argument);
|
||||||
DDSRT_UNUSED_ARG(context);
|
DDSRT_UNUSED_ARG(context);
|
||||||
|
DDSRT_UNUSED_ARG(gv);
|
||||||
struct dds_security_authentication_impl *impl = init_test_authentication_common();
|
struct dds_security_authentication_impl *impl = init_test_authentication_common();
|
||||||
impl->base.get_shared_secret = NULL;
|
impl->base.get_shared_secret = NULL;
|
||||||
impl->mode = PLUGIN_MODE_MISSING_FUNC;
|
impl->mode = PLUGIN_MODE_MISSING_FUNC;
|
||||||
|
@ -518,10 +519,11 @@ int32_t finalize_test_authentication_missing_func(void *context)
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
int32_t init_test_authentication_init_error(const char *argument, void **context)
|
int32_t init_test_authentication_init_error(const char *argument, void **context, struct ddsi_domaingv *gv)
|
||||||
{
|
{
|
||||||
DDSRT_UNUSED_ARG(argument);
|
DDSRT_UNUSED_ARG(argument);
|
||||||
DDSRT_UNUSED_ARG(context);
|
DDSRT_UNUSED_ARG(context);
|
||||||
|
DDSRT_UNUSED_ARG(gv);
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -535,19 +537,14 @@ int32_t finalize_test_authentication_init_error(void *context)
|
||||||
* Init and fini functions for using wrapped mode for the authentication plugin.
|
* Init and fini functions for using wrapped mode for the authentication plugin.
|
||||||
* These functions assumes that there are no concurrent calls, as the static
|
* These functions assumes that there are no concurrent calls, as the static
|
||||||
* variables used here are not protected by a lock. */
|
* variables used here are not protected by a lock. */
|
||||||
int32_t init_test_authentication_wrapped(const char *argument, void **context)
|
int32_t init_test_authentication_wrapped(const char *argument, void **context, struct ddsi_domaingv *gv)
|
||||||
{
|
{
|
||||||
int32_t ret;
|
int32_t ret;
|
||||||
struct dds_security_authentication_impl *impl = init_test_authentication_common();
|
struct dds_security_authentication_impl *impl = init_test_authentication_common();
|
||||||
impl->mode = PLUGIN_MODE_WRAPPED;
|
impl->mode = PLUGIN_MODE_WRAPPED;
|
||||||
|
|
||||||
init_message_queue(&impl->msg_queue);
|
init_message_queue(&impl->msg_queue);
|
||||||
struct thread_state1 * const ts1 = lookup_thread_state ();
|
ret = init_authentication(argument, (void **)&impl->instance, gv);
|
||||||
struct ddsi_domaingv const * const gv = ddsrt_atomic_ldvoidp (&ts1->gv);
|
|
||||||
impl->gv = gv;
|
|
||||||
|
|
||||||
ret = init_authentication(argument, (void **)&impl->instance);
|
|
||||||
|
|
||||||
auth_impl_idx++;
|
auth_impl_idx++;
|
||||||
auth_impl = ddsrt_realloc(auth_impl, auth_impl_idx * sizeof(*auth_impl));
|
auth_impl = ddsrt_realloc(auth_impl, auth_impl_idx * sizeof(*auth_impl));
|
||||||
auth_impl[auth_impl_idx - 1] = impl;
|
auth_impl[auth_impl_idx - 1] = impl;
|
||||||
|
|
|
@ -12,24 +12,25 @@
|
||||||
#ifndef SECURITY_CORE_TEST_AUTHENTICATION_WRAPPER_H_
|
#ifndef SECURITY_CORE_TEST_AUTHENTICATION_WRAPPER_H_
|
||||||
#define SECURITY_CORE_TEST_AUTHENTICATION_WRAPPER_H_
|
#define SECURITY_CORE_TEST_AUTHENTICATION_WRAPPER_H_
|
||||||
|
|
||||||
|
#include "dds/ddsi/ddsi_domaingv.h"
|
||||||
#include "dds/security/dds_security_api.h"
|
#include "dds/security/dds_security_api.h"
|
||||||
#include "dds/security/authentication_wrapper_export.h"
|
#include "dds/security/authentication_wrapper_export.h"
|
||||||
#include "plugin_wrapper_msg_q.h"
|
#include "plugin_wrapper_msg_q.h"
|
||||||
|
|
||||||
/* Init in wrapper mode */
|
/* Init in wrapper mode */
|
||||||
SECURITY_EXPORT int32_t init_test_authentication_wrapped(const char *argument, void **context);
|
SECURITY_EXPORT int32_t init_test_authentication_wrapped(const char *argument, void **context, struct ddsi_domaingv *gv);
|
||||||
SECURITY_EXPORT int32_t finalize_test_authentication_wrapped(void *context);
|
SECURITY_EXPORT int32_t finalize_test_authentication_wrapped(void *context);
|
||||||
|
|
||||||
/* Init in all-ok mode: all functions return success without calling the actual plugin */
|
/* Init in all-ok mode: all functions return success without calling the actual plugin */
|
||||||
SECURITY_EXPORT int32_t init_test_authentication_all_ok(const char *argument, void **context);
|
SECURITY_EXPORT int32_t init_test_authentication_all_ok(const char *argument, void **context, struct ddsi_domaingv *gv);
|
||||||
SECURITY_EXPORT int32_t finalize_test_authentication_all_ok(void *context);
|
SECURITY_EXPORT int32_t finalize_test_authentication_all_ok(void *context);
|
||||||
|
|
||||||
/* Init in missing function mode: one of the function pointers is null */
|
/* Init in missing function mode: one of the function pointers is null */
|
||||||
SECURITY_EXPORT int32_t init_test_authentication_missing_func(const char *argument, void **context);
|
SECURITY_EXPORT int32_t init_test_authentication_missing_func(const char *argument, void **context, struct ddsi_domaingv *gv);
|
||||||
SECURITY_EXPORT int32_t finalize_test_authentication_missing_func(void *context);
|
SECURITY_EXPORT int32_t finalize_test_authentication_missing_func(void *context);
|
||||||
|
|
||||||
/* Init function fails */
|
/* Init function fails */
|
||||||
SECURITY_EXPORT int32_t init_test_authentication_init_error(const char *argument, void **context);
|
SECURITY_EXPORT int32_t init_test_authentication_init_error(const char *argument, void **context, struct ddsi_domaingv *gv);
|
||||||
SECURITY_EXPORT int32_t finalize_test_authentication_init_error(void *context);
|
SECURITY_EXPORT int32_t finalize_test_authentication_init_error(void *context);
|
||||||
|
|
||||||
SECURITY_EXPORT struct message * test_authentication_plugin_take_msg(dds_domainid_t domain_id, message_kind_t kind, DDS_Security_IdentityHandle lidHandle, DDS_Security_IdentityHandle ridHandle, DDS_Security_IdentityHandle hsHandle, dds_duration_t timeout);
|
SECURITY_EXPORT struct message * test_authentication_plugin_take_msg(dds_domainid_t domain_id, message_kind_t kind, DDS_Security_IdentityHandle lidHandle, DDS_Security_IdentityHandle ridHandle, DDS_Security_IdentityHandle hsHandle, dds_duration_t timeout);
|
||||||
|
|
|
@ -22,7 +22,7 @@
|
||||||
#include "dds/security/core/dds_security_utils.h"
|
#include "dds/security/core/dds_security_utils.h"
|
||||||
#include "cryptography_wrapper.h"
|
#include "cryptography_wrapper.h"
|
||||||
|
|
||||||
int32_t init_crypto(const char *argument, void **context);
|
int32_t init_crypto(const char *argument, void **context, struct ddsi_domaingv *gv);
|
||||||
int32_t finalize_crypto(void *context);
|
int32_t finalize_crypto(void *context);
|
||||||
|
|
||||||
enum crypto_plugin_mode {
|
enum crypto_plugin_mode {
|
||||||
|
@ -700,14 +700,14 @@ static DDS_Security_boolean decode_serialized_payload(
|
||||||
/**
|
/**
|
||||||
* Init and finalize functions
|
* Init and finalize functions
|
||||||
*/
|
*/
|
||||||
static struct dds_security_cryptography_impl * init_test_cryptography_common(const char *argument, bool wrapped)
|
static struct dds_security_cryptography_impl * init_test_cryptography_common(const char *argument, bool wrapped, struct ddsi_domaingv *gv)
|
||||||
{
|
{
|
||||||
struct dds_security_cryptography_impl *impl = (struct dds_security_cryptography_impl*) ddsrt_malloc(sizeof(*impl));
|
struct dds_security_cryptography_impl *impl = (struct dds_security_cryptography_impl*) ddsrt_malloc(sizeof(*impl));
|
||||||
memset(impl, 0, sizeof(*impl));
|
memset(impl, 0, sizeof(*impl));
|
||||||
|
|
||||||
if (wrapped)
|
if (wrapped)
|
||||||
{
|
{
|
||||||
if (init_crypto(argument, (void **)&impl->instance) != DDS_SECURITY_SUCCESS)
|
if (init_crypto(argument, (void **)&impl->instance, gv) != DDS_SECURITY_SUCCESS)
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
||||||
impl->transform_wrap.instance = impl->instance->crypto_transform;
|
impl->transform_wrap.instance = impl->instance->crypto_transform;
|
||||||
|
@ -763,9 +763,9 @@ static int32_t finalize_test_cryptography_common(struct dds_security_cryptograph
|
||||||
return DDS_SECURITY_SUCCESS;
|
return DDS_SECURITY_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
int32_t init_test_cryptography_all_ok(const char *argument, void **context)
|
int32_t init_test_cryptography_all_ok(const char *argument, void **context, struct ddsi_domaingv *gv)
|
||||||
{
|
{
|
||||||
struct dds_security_cryptography_impl *impl = init_test_cryptography_common(argument, false);
|
struct dds_security_cryptography_impl *impl = init_test_cryptography_common(argument, false, gv);
|
||||||
if (!impl)
|
if (!impl)
|
||||||
return DDS_SECURITY_FAILED;
|
return DDS_SECURITY_FAILED;
|
||||||
impl->mode = PLUGIN_MODE_ALL_OK;
|
impl->mode = PLUGIN_MODE_ALL_OK;
|
||||||
|
@ -780,9 +780,9 @@ int32_t finalize_test_cryptography_all_ok(void *context)
|
||||||
return finalize_test_cryptography_common(impl, false);
|
return finalize_test_cryptography_common(impl, false);
|
||||||
}
|
}
|
||||||
|
|
||||||
int32_t init_test_cryptography_missing_func(const char *argument, void **context)
|
int32_t init_test_cryptography_missing_func(const char *argument, void **context, struct ddsi_domaingv *gv)
|
||||||
{
|
{
|
||||||
struct dds_security_cryptography_impl *impl = init_test_cryptography_common(argument, false);
|
struct dds_security_cryptography_impl *impl = init_test_cryptography_common(argument, false, gv);
|
||||||
if (!impl)
|
if (!impl)
|
||||||
return DDS_SECURITY_FAILED;
|
return DDS_SECURITY_FAILED;
|
||||||
impl->base.crypto_key_exchange->set_remote_participant_crypto_tokens = NULL;
|
impl->base.crypto_key_exchange->set_remote_participant_crypto_tokens = NULL;
|
||||||
|
@ -798,9 +798,9 @@ int32_t finalize_test_cryptography_missing_func(void *context)
|
||||||
return finalize_test_cryptography_common(impl, false);
|
return finalize_test_cryptography_common(impl, false);
|
||||||
}
|
}
|
||||||
|
|
||||||
int32_t init_test_cryptography_wrapped(const char *argument, void **context)
|
int32_t init_test_cryptography_wrapped(const char *argument, void **context, struct ddsi_domaingv *gv)
|
||||||
{
|
{
|
||||||
struct dds_security_cryptography_impl *impl = init_test_cryptography_common(argument, true);
|
struct dds_security_cryptography_impl *impl = init_test_cryptography_common(argument, true, gv);
|
||||||
if (!impl)
|
if (!impl)
|
||||||
return DDS_SECURITY_FAILED;
|
return DDS_SECURITY_FAILED;
|
||||||
impl->mode = PLUGIN_MODE_WRAPPED;
|
impl->mode = PLUGIN_MODE_WRAPPED;
|
||||||
|
|
|
@ -12,6 +12,7 @@
|
||||||
#ifndef SECURITY_CORE_TEST_CRYPTO_WRAPPER_H_
|
#ifndef SECURITY_CORE_TEST_CRYPTO_WRAPPER_H_
|
||||||
#define SECURITY_CORE_TEST_CRYPTO_WRAPPER_H_
|
#define SECURITY_CORE_TEST_CRYPTO_WRAPPER_H_
|
||||||
|
|
||||||
|
#include "dds/ddsi/ddsi_domaingv.h"
|
||||||
#include "dds/security/dds_security_api.h"
|
#include "dds/security/dds_security_api.h"
|
||||||
#include "dds/security/dds_security_api_defs.h"
|
#include "dds/security/dds_security_api_defs.h"
|
||||||
#include "dds/security/cryptography_wrapper_export.h"
|
#include "dds/security/cryptography_wrapper_export.h"
|
||||||
|
@ -34,15 +35,15 @@ SECURITY_EXPORT void set_disc_protection_kinds(
|
||||||
SECURITY_EXPORT void set_entity_data_secret(struct dds_security_cryptography_impl * impl, const char * pp_secret, const char * groupdata_secret, const char * ep_secret);
|
SECURITY_EXPORT void set_entity_data_secret(struct dds_security_cryptography_impl * impl, const char * pp_secret, const char * groupdata_secret, const char * ep_secret);
|
||||||
|
|
||||||
/* Init in all-ok mode: all functions return success without calling the actual plugin */
|
/* Init in all-ok mode: all functions return success without calling the actual plugin */
|
||||||
SECURITY_EXPORT int32_t init_test_cryptography_all_ok(const char *argument, void **context);
|
SECURITY_EXPORT int32_t init_test_cryptography_all_ok(const char *argument, void **context, struct ddsi_domaingv *gv);
|
||||||
SECURITY_EXPORT int32_t finalize_test_cryptography_all_ok(void *context);
|
SECURITY_EXPORT int32_t finalize_test_cryptography_all_ok(void *context);
|
||||||
|
|
||||||
/* Init in missing function mode: one of the function pointers is null */
|
/* Init in missing function mode: one of the function pointers is null */
|
||||||
SECURITY_EXPORT int32_t init_test_cryptography_missing_func(const char *argument, void **context);
|
SECURITY_EXPORT int32_t init_test_cryptography_missing_func(const char *argument, void **context, struct ddsi_domaingv *gv);
|
||||||
SECURITY_EXPORT int32_t finalize_test_cryptography_missing_func(void *context);
|
SECURITY_EXPORT int32_t finalize_test_cryptography_missing_func(void *context);
|
||||||
|
|
||||||
/* Init in wrapper mode */
|
/* Init in wrapper mode */
|
||||||
SECURITY_EXPORT int32_t init_test_cryptography_wrapped(const char *argument, void **context);
|
SECURITY_EXPORT int32_t init_test_cryptography_wrapped(const char *argument, void **context, struct ddsi_domaingv *gv);
|
||||||
SECURITY_EXPORT int32_t finalize_test_cryptography_wrapped(void *context);
|
SECURITY_EXPORT int32_t finalize_test_cryptography_wrapped(void *context);
|
||||||
|
|
||||||
#endif /* SECURITY_CORE_TEST_CRYPTO_WRAPPER_H_ */
|
#endif /* SECURITY_CORE_TEST_CRYPTO_WRAPPER_H_ */
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue