niklas/cyclonedds
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add domaingv pointer to security plugins, as a preparation for supporting the permissions_expiry callback (which needs the gv to enumerate participants.

Browse source 
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
This commit is contained in:
Dennis Potman 2020-03-26 13:40:28 +01:00 committed by eboasson
parent a6a9d1f7c1
commit e6500b6528
26 changed files with 682 additions and 915 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/core/ddsi/include/dds/ddsi/ddsi_security_omg.h
View file

@ -1092,7 +1092,7 @@ secure_conn_write(
* @retval DDS_RETCODE_OK All plugins are successfully loaded * @retval DDS_RETCODE_OK All plugins are successfully loaded
* @retval DDS_RETCODE_ERROR One or more security plugins are not loaded. * @retval DDS_RETCODE_ERROR One or more security plugins are not loaded.
*/ */
dds_return_t q_omg_security_load( struct dds_security_context *security_context, const dds_qos_t *qos ); dds_return_t q_omg_security_load( struct dds_security_context *security_context, const dds_qos_t *qos, struct ddsi_domaingv *gv );
void q_omg_security_init( struct ddsi_domaingv *gv ); void q_omg_security_init( struct ddsi_domaingv *gv );
@ -1389,7 +1389,7 @@ decode_rtps_message(
return NN_RTPS_MSG_STATE_PLAIN; return NN_RTPS_MSG_STATE_PLAIN;
} }
inline dds_return_t q_omg_security_load( UNUSED_ARG( struct dds_security_context *security_context ), UNUSED_ARG( const dds_qos_t *property_seq) ) inline dds_return_t q_omg_security_load( UNUSED_ARG( struct dds_security_context *security_context ), UNUSED_ARG( const dds_qos_t *property_seq), UNUSED_ARG ( struct ddsi_domaingv *gv ) )
{ {
return DDS_RETCODE_ERROR; return DDS_RETCODE_ERROR;
} }

201
src/core/ddsi/src/ddsi_security_omg.c
View file

@ -53,11 +53,11 @@
*/ */
#define PENDING_MATCH_EXPIRY_TIME 300 #define PENDING_MATCH_EXPIRY_TIME 300
#define EXCEPTION_LOG(sc,e,cat, ...) \ #define EXCEPTION_LOG(gv,e,cat,...) \
q_omg_log_exception(sc->logcfg, cat, e, __FILE__, __LINE__, DDS_FUNCTION, __VA_ARGS__) q_omg_log_exception(&gv->logconfig, cat, e, __FILE__, __LINE__, DDS_FUNCTION, __VA_ARGS__)
#define EXCEPTION_ERROR(s, e, ...) EXCEPTION_LOG(s, e, DDS_LC_ERROR, __VA_ARGS__) #define EXCEPTION_ERROR(gv,e,...) EXCEPTION_LOG(gv, e, DDS_LC_ERROR, __VA_ARGS__)
#define EXCEPTION_WARNING(s, e, ...) EXCEPTION_LOG(s, e, DDS_LC_WARNING, __VA_ARGS__) #define EXCEPTION_WARNING(gv,e,...) EXCEPTION_LOG(gv, e, DDS_LC_WARNING, __VA_ARGS__)
#define SECURITY_ATTR_IS_VALID(attr) \ #define SECURITY_ATTR_IS_VALID(attr) \
@ -212,8 +212,6 @@ struct dds_security_context {
struct pending_match_index security_matches; struct pending_match_index security_matches;
struct participant_sec_index partiticpant_index; struct participant_sec_index partiticpant_index;
const struct ddsrt_log_cfg *logcfg;
}; };
typedef struct dds_security_context dds_security_context; typedef struct dds_security_context dds_security_context;
@ -357,7 +355,7 @@ static struct pending_match * find_or_create_pending_entity_match(struct pending
return match; return match;
} }
static void unregister_and_free_pending_match(dds_security_context *sc, struct pending_match *match) static void unregister_and_free_pending_match(const struct ddsi_domaingv * gv, dds_security_context *sc, struct pending_match *match)
{ {
if (match->crypto_handle != 0) if (match->crypto_handle != 0)
{ {
@ -382,7 +380,7 @@ static void unregister_and_free_pending_match(dds_security_context *sc, struct p
break; break;
} }
if (!r) if (!r)
EXCEPTION_ERROR(sc, &exception, "Failed to unregister remote %s crypto "PGUIDFMT" related to "PGUIDFMT, ename, PGUID(match->guids.remote_guid), PGUID(match->guids.local_guid)); EXCEPTION_ERROR(gv, &exception, "Failed to unregister remote %s crypto "PGUIDFMT" related to "PGUIDFMT, ename, PGUID(match->guids.remote_guid), PGUID(match->guids.local_guid));
} }
free_pending_match(match); free_pending_match(match);
} }
@ -407,7 +405,7 @@ static void pending_match_expiry_cb(struct xevent *xev, void *varg, ddsrt_mtime_
{ {
ddsrt_fibheap_delete(&pending_match_expiry_fhdef, &index->expiry_timers, match); ddsrt_fibheap_delete(&pending_match_expiry_fhdef, &index->expiry_timers, match);
ddsrt_avl_delete(&pending_match_index_treedef, &index->pending_matches, match); ddsrt_avl_delete(&pending_match_index_treedef, &index->pending_matches, match);
unregister_and_free_pending_match(index->gv->security_context, match); unregister_and_free_pending_match(index->gv, index->gv->security_context, match);
match = ddsrt_fibheap_min(&pending_match_expiry_fhdef, &index->expiry_timers); match = ddsrt_fibheap_min(&pending_match_expiry_fhdef, &index->expiry_timers);
} }
if (match) if (match)
@ -430,7 +428,7 @@ static void clear_pending_matches_by_local_guid(dds_security_context *sc, struct
if (match->expiry.v != DDS_NEVER) if (match->expiry.v != DDS_NEVER)
ddsrt_fibheap_delete(&pending_match_expiry_fhdef, &index->expiry_timers, match); ddsrt_fibheap_delete(&pending_match_expiry_fhdef, &index->expiry_timers, match);
next = ddsrt_avl_lookup_succ(&pending_match_index_treedef, &index->pending_matches, &match->guids); next = ddsrt_avl_lookup_succ(&pending_match_index_treedef, &index->pending_matches, &match->guids);
unregister_and_free_pending_match(sc, match); unregister_and_free_pending_match(index->gv, sc, match);
} }
match = next; match = next;
} }
@ -450,7 +448,7 @@ static void clear_pending_matches_by_remote_guid(dds_security_context *sc, struc
ddsrt_avl_delete(&pending_match_index_treedef, &index->pending_matches, match); ddsrt_avl_delete(&pending_match_index_treedef, &index->pending_matches, match);
if (match->expiry.v != DDS_NEVER) if (match->expiry.v != DDS_NEVER)
ddsrt_fibheap_delete(&pending_match_expiry_fhdef, &index->expiry_timers, match); ddsrt_fibheap_delete(&pending_match_expiry_fhdef, &index->expiry_timers, match);
unregister_and_free_pending_match(sc, match); unregister_and_free_pending_match(index->gv, sc, match);
match = next; match = next;
} }
ddsrt_mutex_unlock(&index->lock); ddsrt_mutex_unlock(&index->lock);
@ -505,7 +503,7 @@ static struct proxypp_pp_match * proxypp_pp_match_new(struct participant *pp, DD
return pm; return pm;
} }
static void proxypp_pp_match_free(struct dds_security_context *sc, struct proxypp_pp_match *pm) static void proxypp_pp_match_free(struct ddsi_domaingv *gv, struct dds_security_context *sc, struct proxypp_pp_match *pm)
{ {
DDS_Security_SecurityException exception = DDS_SECURITY_EXCEPTION_INIT; DDS_Security_SecurityException exception = DDS_SECURITY_EXCEPTION_INIT;
@ -517,8 +515,9 @@ static void proxypp_pp_match_free(struct dds_security_context *sc, struct proxyp
* matching local and remote participant. * matching local and remote participant.
*/ */
#if 0 #if 0
EXCEPTION_ERROR(sc, &exception, "Failed to return remote permissions handle"); EXCEPTION_ERROR(gv, &exception, "Failed to return remote permissions handle");
#else #else
DDSRT_UNUSED_ARG (gv);
DDS_Security_Exception_reset(&exception); DDS_Security_Exception_reset(&exception);
#endif #endif
} }
@ -552,7 +551,7 @@ static void proxypp_pp_unrelate(struct dds_security_context *sc, struct proxy_pa
if ((pm = ddsrt_avl_lookup_dpath(&proxypp_pp_treedef, &proxypp->sec_attr->participants, &pp_crypto_handle, &dpath)) != NULL) if ((pm = ddsrt_avl_lookup_dpath(&proxypp_pp_treedef, &proxypp->sec_attr->participants, &pp_crypto_handle, &dpath)) != NULL)
{ {
ddsrt_avl_delete_dpath(&proxypp_pp_treedef, &proxypp->sec_attr->participants, pm, &dpath); ddsrt_avl_delete_dpath(&proxypp_pp_treedef, &proxypp->sec_attr->participants, pm, &dpath);
proxypp_pp_match_free(sc, pm); proxypp_pp_match_free(proxypp->e.gv, sc, pm);
} }
ddsrt_mutex_unlock(&proxypp->sec_attr->lock); ddsrt_mutex_unlock(&proxypp->sec_attr->lock);
} }
@ -715,8 +714,6 @@ void q_omg_security_init (struct ddsi_domaingv *gv)
pending_match_index_init(gv, &sc->security_matches); pending_match_index_init(gv, &sc->security_matches);
ddsrt_mutex_init (&sc->omg_security_lock); ddsrt_mutex_init (&sc->omg_security_lock);
sc->logcfg = &gv->logconfig;
gv->security_context = sc; gv->security_context = sc;
ddsi_handshake_admin_init(gv); ddsi_handshake_admin_init(gv);
@ -725,16 +722,16 @@ void q_omg_security_init (struct ddsi_domaingv *gv)
/** /**
* Releases all plugins * Releases all plugins
*/ */
static void release_plugins (dds_security_context *sc) static void release_plugins (struct ddsi_domaingv *gv, dds_security_context *sc)
{ {
if (dds_security_plugin_release (&sc->auth_plugin, sc->authentication_context)) if (dds_security_plugin_release (&sc->auth_plugin, sc->authentication_context))
DDS_CERROR (sc->logcfg, "Error occurred releasing %s plugin", sc->auth_plugin.name); GVERROR ("Error occurred releasing %s plugin", sc->auth_plugin.name);
if (dds_security_plugin_release (&sc->crypto_plugin, sc->crypto_context)) if (dds_security_plugin_release (&sc->crypto_plugin, sc->crypto_context))
DDS_CERROR (sc->logcfg, "Error occurred releasing %s plugin", sc->crypto_plugin.name); GVERROR ("Error occurred releasing %s plugin", sc->crypto_plugin.name);
if (dds_security_plugin_release (&sc->ac_plugin, sc->access_control_context)) if (dds_security_plugin_release (&sc->ac_plugin, sc->access_control_context))
DDS_CERROR (sc->logcfg, "Error occurred releasing %s plugin", sc->ac_plugin.name); GVERROR ("Error occurred releasing %s plugin", sc->ac_plugin.name);
sc->authentication_context = NULL; sc->authentication_context = NULL;
sc->access_control_context = NULL; sc->access_control_context = NULL;
@ -758,9 +755,9 @@ void q_omg_security_free (struct ddsi_domaingv *gv)
ddsrt_avl_cfree(&participant_index_treedef, &sc->partiticpant_index.participants, 0); ddsrt_avl_cfree(&participant_index_treedef, &sc->partiticpant_index.participants, 0);
ddsrt_mutex_destroy(&sc->partiticpant_index.lock); ddsrt_mutex_destroy(&sc->partiticpant_index.lock);
if (sc->authentication_context != NULL && sc->access_control_context != NULL && sc->crypto_context != NULL){ if (sc->authentication_context != NULL && sc->access_control_context != NULL && sc->crypto_context != NULL)
release_plugins (sc); release_plugins (gv, sc);
}
ddsi_handshake_admin_deinit(gv); ddsi_handshake_admin_deinit(gv);
ddsrt_mutex_destroy (&sc->omg_security_lock); ddsrt_mutex_destroy (&sc->omg_security_lock);
ddsrt_free(sc); ddsrt_free(sc);
@ -801,7 +798,7 @@ static void deinit_plugin_suite_config (dds_security_plugin_suite_config *suite_
deinit_plugin_config (&suite_config->cryptography); deinit_plugin_config (&suite_config->cryptography);
} }
dds_return_t q_omg_security_load (dds_security_context *sc, const dds_qos_t *qos) dds_return_t q_omg_security_load (dds_security_context *sc, const dds_qos_t *qos, struct ddsi_domaingv *gv)
{ {
dds_security_plugin_suite_config psc; dds_security_plugin_suite_config psc;
memset (&psc, 0, sizeof (psc)); memset (&psc, 0, sizeof (psc));
@ -812,31 +809,28 @@ dds_return_t q_omg_security_load (dds_security_context *sc, const dds_qos_t *qos
dds_qos_to_security_plugin_configuration (qos, &psc); dds_qos_to_security_plugin_configuration (qos, &psc);
/* Check configuration content */ /* Check configuration content */
if (dds_security_check_plugin_configuration (&psc, sc->logcfg) != DDS_RETCODE_OK) if (dds_security_check_plugin_configuration (&psc, gv) != DDS_RETCODE_OK)
goto error; goto error;
if (dds_security_load_security_library (&psc.authentication, &sc->auth_plugin, (void **) &sc->authentication_context, sc->logcfg) != DDS_RETCODE_OK) if (dds_security_load_security_library (&psc.authentication, &sc->auth_plugin, (void **) &sc->authentication_context, gv) != DDS_RETCODE_OK)
{ {
DDS_CERROR (sc->logcfg, "Could not load %s plugin.\n", sc->auth_plugin.name); GVERROR ("Could not load %s plugin.\n", sc->auth_plugin.name);
goto error; goto error;
} }
if (dds_security_load_security_library (&psc.access_control, &sc->ac_plugin, (void **) &sc->access_control_context, sc->logcfg) != DDS_RETCODE_OK) if (dds_security_load_security_library (&psc.access_control, &sc->ac_plugin, (void **) &sc->access_control_context, gv) != DDS_RETCODE_OK)
{ {
DDS_CERROR (sc->logcfg, "Could not load %s library\n", sc->ac_plugin.name); GVERROR ("Could not load %s library\n", sc->ac_plugin.name);
goto error; goto error;
} }
if (dds_security_load_security_library (&psc.cryptography, &sc->crypto_plugin, (void **) &sc->crypto_context, sc->logcfg) != DDS_RETCODE_OK) if (dds_security_load_security_library (&psc.cryptography, &sc->crypto_plugin, (void **) &sc->crypto_context, gv) != DDS_RETCODE_OK)
{ {
DDS_CERROR (sc->logcfg, "Could not load %s library\n", sc->crypto_plugin.name); GVERROR ("Could not load %s library\n", sc->crypto_plugin.name);
goto error; goto error;
} }
/* now check if all plugin functions are implemented */ /* now check if all plugin functions are implemented */
if (dds_security_verify_plugin_functions ( if (dds_security_verify_plugin_functions (sc->authentication_context, &sc->auth_plugin, sc->crypto_context, &sc->crypto_plugin,
sc->authentication_context, &sc->auth_plugin, sc->access_control_context, &sc->ac_plugin, gv) != DDS_RETCODE_OK)
sc->crypto_context, &sc->crypto_plugin,
sc->access_control_context, &sc->ac_plugin,
sc->logcfg) != DDS_RETCODE_OK)
{ {
goto error_verify; goto error_verify;
} }
@ -845,12 +839,12 @@ dds_return_t q_omg_security_load (dds_security_context *sc, const dds_qos_t *qos
#if LISTENERS_IMPLEMENTED #if LISTENERS_IMPLEMENTED
if (!access_control_context->set_listener (access_control_context, &listener_ac, &ex)) if (!access_control_context->set_listener (access_control_context, &listener_ac, &ex))
{ {
DDS_CERROR (sc->logcfg, "Could not set access_control listener: %s\n", ex.message ? ex.message : "<unknown error>"); GVERROR ("Could not set access_control listener: %s\n", ex.message ? ex.message : "<unknown error>");
goto error_set_ac_listener; goto error_set_ac_listener;
} }
if (!authentication_context->set_listener (authentication_context, &listener_auth, &ex)) if (!authentication_context->set_listener (authentication_context, &listener_auth, &ex))
{ {
DDS_CERROR (sc->logcfg, "Could not set authentication listener: %s\n", ex.message ? ex.message : "<unknown error>"); GVERROR ("Could not set authentication listener: %s\n", ex.message ? ex.message : "<unknown error>");
goto err_set_auth_listener; goto err_set_auth_listener;
} }
#endif #endif
@ -861,7 +855,7 @@ dds_return_t q_omg_security_load (dds_security_context *sc, const dds_qos_t *qos
deinit_plugin_suite_config (&psc); deinit_plugin_suite_config (&psc);
ddsrt_mutex_unlock (&sc->omg_security_lock); ddsrt_mutex_unlock (&sc->omg_security_lock);
DDS_CLOG (DDS_LC_TRACE, sc->logcfg, "DDS Security plugins have been loaded\n"); GVTRACE ("DDS Security plugins have been loaded\n");
return DDS_RETCODE_OK; return DDS_RETCODE_OK;
#if LISTENERS_IMPLEMENTED #if LISTENERS_IMPLEMENTED
@ -870,7 +864,7 @@ error_set_auth_listener:
error_set_ac_listener: error_set_ac_listener:
#endif #endif
error_verify: error_verify:
release_plugins (sc); release_plugins (gv, sc);
error: error:
deinit_plugin_suite_config (&psc); deinit_plugin_suite_config (&psc);
ddsrt_mutex_unlock (&sc->omg_security_lock); ddsrt_mutex_unlock (&sc->omg_security_lock);
@ -907,6 +901,7 @@ dds_return_t q_omg_security_check_create_participant(struct participant *pp, uin
{ {
dds_return_t ret = DDS_RETCODE_NOT_ALLOWED_BY_SECURITY; dds_return_t ret = DDS_RETCODE_NOT_ALLOWED_BY_SECURITY;
struct dds_security_context *sc = q_omg_security_get_secure_context(pp); struct dds_security_context *sc = q_omg_security_get_secure_context(pp);
struct ddsi_domaingv *gv = pp->e.gv;
DDS_Security_IdentityHandle identity_handle = DDS_SECURITY_HANDLE_NIL; DDS_Security_IdentityHandle identity_handle = DDS_SECURITY_HANDLE_NIL;
DDS_Security_SecurityException exception = DDS_SECURITY_EXCEPTION_INIT; DDS_Security_SecurityException exception = DDS_SECURITY_EXCEPTION_INIT;
DDS_Security_ValidationResult_t result = 0; DDS_Security_ValidationResult_t result = 0;
@ -933,7 +928,7 @@ dds_return_t q_omg_security_check_create_participant(struct participant *pp, uin
(DDS_Security_GUID_t *) &candidate_guid, &exception); (DDS_Security_GUID_t *) &candidate_guid, &exception);
if (result != DDS_SECURITY_VALIDATION_OK) if (result != DDS_SECURITY_VALIDATION_OK)
{ {
EXCEPTION_ERROR(sc, &exception, "Error occurred while validating local permission"); EXCEPTION_ERROR(gv, &exception, "Error occurred while validating local permission");
goto validation_failed; goto validation_failed;
} }
pp->e.guid = nn_ntoh_guid(adjusted_guid); pp->e.guid = nn_ntoh_guid(adjusted_guid);
@ -946,7 +941,7 @@ dds_return_t q_omg_security_check_create_participant(struct participant *pp, uin
/* Get the identity token and add this to the plist of the participant */ /* Get the identity token and add this to the plist of the participant */
if (!sc->authentication_context->get_identity_token(sc->authentication_context, &identity_token, identity_handle, &exception)) if (!sc->authentication_context->get_identity_token(sc->authentication_context, &identity_token, identity_handle, &exception))
{ {
EXCEPTION_ERROR(sc, &exception, "Error occurred while retrieving the identity token"); EXCEPTION_ERROR(gv, &exception, "Error occurred while retrieving the identity token");
goto validation_failed; goto validation_failed;
} }
assert(exception.code == 0); assert(exception.code == 0);
@ -958,23 +953,24 @@ dds_return_t q_omg_security_check_create_participant(struct participant *pp, uin
sec_attr->permissions_handle = sc->access_control_context->validate_local_permissions( sec_attr->permissions_handle = sc->access_control_context->validate_local_permissions(
sc->access_control_context, sc->authentication_context, identity_handle, sc->access_control_context, sc->authentication_context, identity_handle,
(DDS_Security_DomainId)domain_id, &par_qos, &exception); (DDS_Security_DomainId)domain_id, &par_qos, &exception);
if (sec_attr->permissions_handle == DDS_SECURITY_HANDLE_NIL) if (sec_attr->permissions_handle == DDS_SECURITY_HANDLE_NIL)
{ {
EXCEPTION_ERROR(sc, &exception, "Error occurred while validating local permissions"); EXCEPTION_ERROR(gv, &exception, "Error occurred while validating local permissions");
goto not_allowed; goto not_allowed;
} }
/* ask to access control security plugin for create participant permissions related to this identity*/ /* ask to access control security plugin for create participant permissions related to this identity*/
if (!sc->access_control_context->check_create_participant(sc->access_control_context, sec_attr->permissions_handle, (DDS_Security_DomainId) domain_id, &par_qos, &exception)) if (!sc->access_control_context->check_create_participant(sc->access_control_context, sec_attr->permissions_handle, (DDS_Security_DomainId) domain_id, &par_qos, &exception))
{ {
EXCEPTION_ERROR(sc, &exception, "It is not allowed to create participant"); EXCEPTION_ERROR(gv, &exception, "It is not allowed to create participant");
goto not_allowed; goto not_allowed;
} }
/* Get the identity token and add this to the plist of the participant */ /* Get the identity token and add this to the plist of the participant */
if (!sc->access_control_context->get_permissions_token(sc->access_control_context, &permissions_token, sec_attr->permissions_handle, &exception)) if (!sc->access_control_context->get_permissions_token(sc->access_control_context, &permissions_token, sec_attr->permissions_handle, &exception))
{ {
EXCEPTION_ERROR(sc, &exception, "Error occurred while retrieving the permissions token"); EXCEPTION_ERROR(gv, &exception, "Error occurred while retrieving the permissions token");
goto not_allowed; goto not_allowed;
} }
@ -983,19 +979,19 @@ dds_return_t q_omg_security_check_create_participant(struct participant *pp, uin
if (!sc->access_control_context->get_permissions_credential_token(sc->access_control_context, &credential_token, sec_attr->permissions_handle, &exception)) if (!sc->access_control_context->get_permissions_credential_token(sc->access_control_context, &credential_token, sec_attr->permissions_handle, &exception))
{ {
EXCEPTION_ERROR(sc, &exception, "Error occurred while retrieving the permissions credential token"); EXCEPTION_ERROR(gv, &exception, "Error occurred while retrieving the permissions credential token");
goto no_credentials; goto no_credentials;
} }
if (!sc->authentication_context->set_permissions_credential_and_token(sc->authentication_context, sec_attr->local_identity_handle, &credential_token, &permissions_token, &exception)) if (!sc->authentication_context->set_permissions_credential_and_token(sc->authentication_context, sec_attr->local_identity_handle, &credential_token, &permissions_token, &exception))
{ {
EXCEPTION_ERROR(sc, &exception, "Error occurred while setting the permissions credential token"); EXCEPTION_ERROR(gv, &exception, "Error occurred while setting the permissions credential token");
goto no_credentials; goto no_credentials;
} }
if (!sc->access_control_context->get_participant_sec_attributes(sc->access_control_context, sec_attr->permissions_handle, &sec_attr->attr, &exception)) if (!sc->access_control_context->get_participant_sec_attributes(sc->access_control_context, sec_attr->permissions_handle, &sec_attr->attr, &exception))
{ {
EXCEPTION_ERROR(sc, &exception, "Failed to get participant security attributes"); EXCEPTION_ERROR(gv, &exception, "Failed to get participant security attributes");
goto no_sec_attr; goto no_sec_attr;
} }
@ -1003,7 +999,7 @@ dds_return_t q_omg_security_check_create_participant(struct participant *pp, uin
sec_attr->crypto_handle = sc->crypto_context->crypto_key_factory->register_local_participant( sec_attr->crypto_handle = sc->crypto_context->crypto_key_factory->register_local_participant(
sc->crypto_context->crypto_key_factory, sec_attr->local_identity_handle, sec_attr->permissions_handle, NULL, &sec_attr->attr, &exception); sc->crypto_context->crypto_key_factory, sec_attr->local_identity_handle, sec_attr->permissions_handle, NULL, &sec_attr->attr, &exception);
if (!sec_attr->crypto_handle) { if (!sec_attr->crypto_handle) {
EXCEPTION_ERROR(sc, &exception, "Failed to register participant with crypto key factory"); EXCEPTION_ERROR(gv, &exception, "Failed to register participant with crypto key factory");
goto no_crypto; goto no_crypto;
} }
@ -1089,21 +1085,21 @@ static void cleanup_participant_sec_attributes(void *arg)
if (attr->permissions_handle != DDS_SECURITY_HANDLE_NIL) if (attr->permissions_handle != DDS_SECURITY_HANDLE_NIL)
{ {
if (!sc->access_control_context->return_permissions_handle(sc->access_control_context, attr->permissions_handle, &exception)) if (!sc->access_control_context->return_permissions_handle(sc->access_control_context, attr->permissions_handle, &exception))
EXCEPTION_ERROR(sc, &exception, "Failed to return local permissions handle"); EXCEPTION_ERROR(gv, &exception, "Failed to return local permissions handle");
} }
if (attr->local_identity_handle != DDS_SECURITY_HANDLE_NIL) if (attr->local_identity_handle != DDS_SECURITY_HANDLE_NIL)
{ {
if (!sc->authentication_context->return_identity_handle(sc->authentication_context, attr->local_identity_handle, &exception)) if (!sc->authentication_context->return_identity_handle(sc->authentication_context, attr->local_identity_handle, &exception))
EXCEPTION_ERROR(sc, &exception, "Failed to return local identity handle"); EXCEPTION_ERROR(gv, &exception, "Failed to return local identity handle");
} }
if (attr->plugin_attr) if (attr->plugin_attr)
{ {
if (!sc->access_control_context->return_participant_sec_attributes(sc->access_control_context, &attr->attr, &exception)) if (!sc->access_control_context->return_participant_sec_attributes(sc->access_control_context, &attr->attr, &exception))
EXCEPTION_ERROR(sc, &exception, "Failed to return participant security attributes"); EXCEPTION_ERROR(gv, &exception, "Failed to return participant security attributes");
} }
if (!sc->crypto_context->crypto_key_factory->unregister_participant(sc->crypto_context->crypto_key_factory, attr->crypto_handle, &exception)) if (!sc->crypto_context->crypto_key_factory->unregister_participant(sc->crypto_context->crypto_key_factory, attr->crypto_handle, &exception))
EXCEPTION_ERROR(sc, &exception, "Failed to unregister participant"); EXCEPTION_ERROR(gv, &exception, "Failed to unregister participant");
ddsrt_avl_cfree(&pp_proxypp_treedef, &attr->proxy_participants, NULL); ddsrt_avl_cfree(&pp_proxypp_treedef, &attr->proxy_participants, NULL);
ddsrt_mutex_unlock(&attr->lock); ddsrt_mutex_unlock(&attr->lock);
@ -1286,7 +1282,7 @@ bool q_omg_security_check_create_topic(const struct ddsi_domaingv *gv, const dds
{ {
/*log if the topic discovery is not protected*/ /*log if the topic discovery is not protected*/
if (!is_topic_discovery_protected(pp->sec_attr->permissions_handle, sc->access_control_context, topic_name)) if (!is_topic_discovery_protected(pp->sec_attr->permissions_handle, sc->access_control_context, topic_name))
EXCEPTION_ERROR(sc, &exception, "Local topic permission denied"); EXCEPTION_ERROR(gv, &exception, "Local topic permission denied");
else else
DDS_Security_Exception_reset(&exception); DDS_Security_Exception_reset(&exception);
} }
@ -1320,7 +1316,7 @@ bool q_omg_security_check_create_writer(struct participant *pp, uint32_t domain_
{ {
/*log if the topic discovery is not protected*/ /*log if the topic discovery is not protected*/
if (!is_topic_discovery_protected( pp->sec_attr->permissions_handle, sc->access_control_context, topic_name)) if (!is_topic_discovery_protected( pp->sec_attr->permissions_handle, sc->access_control_context, topic_name))
EXCEPTION_ERROR(sc, &exception, "Local topic permission denied"); EXCEPTION_ERROR(pp->e.gv, &exception, "Local topic permission denied");
else else
DDS_Security_Exception_reset(&exception); DDS_Security_Exception_reset(&exception);
} }
@ -1350,7 +1346,7 @@ void q_omg_security_register_writer(struct writer *wr)
wr->sec_attr = writer_sec_attributes_new(); wr->sec_attr = writer_sec_attributes_new();
if (!sc->access_control_context->get_datawriter_sec_attributes(sc->access_control_context, pp->sec_attr->permissions_handle, wr->topic->name, &partitions, NULL, &wr->sec_attr->attr, &exception)) if (!sc->access_control_context->get_datawriter_sec_attributes(sc->access_control_context, pp->sec_attr->permissions_handle, wr->topic->name, &partitions, NULL, &wr->sec_attr->attr, &exception))
{ {
EXCEPTION_ERROR(sc, &exception, "Failed to retrieve writer security attributes"); EXCEPTION_ERROR(pp->e.gv, &exception, "Failed to retrieve writer security attributes");
goto no_attr; goto no_attr;
} }
wr->sec_attr->plugin_attr = true; wr->sec_attr->plugin_attr = true;
@ -1367,7 +1363,7 @@ void q_omg_security_register_writer(struct writer *wr)
DDS_Security_PropertySeq_freebuf(&properties); DDS_Security_PropertySeq_freebuf(&properties);
if (wr->sec_attr->crypto_handle == DDS_SECURITY_HANDLE_NIL) if (wr->sec_attr->crypto_handle == DDS_SECURITY_HANDLE_NIL)
{ {
EXCEPTION_ERROR(sc, &exception, "Failed to register writer with crypto"); EXCEPTION_ERROR(pp->e.gv, &exception, "Failed to register writer with crypto");
goto not_registered; goto not_registered;
} }
} }
@ -1392,12 +1388,12 @@ void q_omg_security_deregister_writer(struct writer *wr)
if (wr->sec_attr->crypto_handle != DDS_SECURITY_HANDLE_NIL) if (wr->sec_attr->crypto_handle != DDS_SECURITY_HANDLE_NIL)
{ {
if (!sc->crypto_context->crypto_key_factory->unregister_datawriter(sc->crypto_context->crypto_key_factory, wr->sec_attr->crypto_handle, &exception)) if (!sc->crypto_context->crypto_key_factory->unregister_datawriter(sc->crypto_context->crypto_key_factory, wr->sec_attr->crypto_handle, &exception))
EXCEPTION_ERROR(sc, &exception, "Failed to unregister writer with crypto"); EXCEPTION_ERROR(wr->e.gv, &exception, "Failed to unregister writer with crypto");
} }
if (wr->sec_attr->plugin_attr) if (wr->sec_attr->plugin_attr)
{ {
if (!sc->access_control_context->return_datawriter_sec_attributes(sc->access_control_context, &wr->sec_attr->attr, &exception)) if (!sc->access_control_context->return_datawriter_sec_attributes(sc->access_control_context, &wr->sec_attr->attr, &exception))
EXCEPTION_ERROR(sc, &exception, "Failed to return writer security attributes"); EXCEPTION_ERROR(wr->e.gv, &exception, "Failed to return writer security attributes");
} }
writer_sec_attributes_free(wr->sec_attr); writer_sec_attributes_free(wr->sec_attr);
wr->sec_attr = NULL; wr->sec_attr = NULL;
@ -1441,7 +1437,7 @@ bool q_omg_security_check_create_reader(struct participant *pp, uint32_t domain_
{ {
/*log if the topic discovery is not protected*/ /*log if the topic discovery is not protected*/
if (!is_topic_discovery_protected( pp->sec_attr->permissions_handle, sc->access_control_context, topic_name)) if (!is_topic_discovery_protected( pp->sec_attr->permissions_handle, sc->access_control_context, topic_name))
EXCEPTION_ERROR(sc, &exception, "Reader is not permitted"); EXCEPTION_ERROR(pp->e.gv, &exception, "Reader is not permitted");
else else
DDS_Security_Exception_reset(&exception); DDS_Security_Exception_reset(&exception);
} }
@ -1472,7 +1468,7 @@ void q_omg_security_register_reader(struct reader *rd)
if (!sc->access_control_context->get_datareader_sec_attributes(sc->access_control_context, pp->sec_attr->permissions_handle, rd->topic->name, &partitions, NULL, &rd->sec_attr->attr, &exception)) if (!sc->access_control_context->get_datareader_sec_attributes(sc->access_control_context, pp->sec_attr->permissions_handle, rd->topic->name, &partitions, NULL, &rd->sec_attr->attr, &exception))
{ {
EXCEPTION_ERROR(sc, &exception, "Failed to retrieve reader security attributes"); EXCEPTION_ERROR(pp->e.gv, &exception, "Failed to retrieve reader security attributes");
goto no_attr; goto no_attr;
} }
rd->sec_attr->plugin_attr = true; rd->sec_attr->plugin_attr = true;
@ -1489,7 +1485,7 @@ void q_omg_security_register_reader(struct reader *rd)
DDS_Security_PropertySeq_freebuf(&properties); DDS_Security_PropertySeq_freebuf(&properties);
if (rd->sec_attr->crypto_handle == DDS_SECURITY_HANDLE_NIL) if (rd->sec_attr->crypto_handle == DDS_SECURITY_HANDLE_NIL)
{ {
EXCEPTION_ERROR(sc, &exception, "Failed to register reader with crypto"); EXCEPTION_ERROR(pp->e.gv, &exception, "Failed to register reader with crypto");
goto not_registered; goto not_registered;
} }
} }
@ -1514,14 +1510,14 @@ void q_omg_security_deregister_reader(struct reader *rd)
{ {
if (!sc->crypto_context->crypto_key_factory->unregister_datareader(sc->crypto_context->crypto_key_factory, rd->sec_attr->crypto_handle, &exception)) if (!sc->crypto_context->crypto_key_factory->unregister_datareader(sc->crypto_context->crypto_key_factory, rd->sec_attr->crypto_handle, &exception))
{ {
EXCEPTION_ERROR(sc, &exception, "Failed to unregister reader with crypto"); EXCEPTION_ERROR(rd->e.gv, &exception, "Failed to unregister reader with crypto");
} }
} }
if (rd->sec_attr->plugin_attr) if (rd->sec_attr->plugin_attr)
{ {
if (!sc->access_control_context->return_datareader_sec_attributes(sc->access_control_context, &rd->sec_attr->attr, &exception)) if (!sc->access_control_context->return_datareader_sec_attributes(sc->access_control_context, &rd->sec_attr->attr, &exception))
{ {
EXCEPTION_ERROR(sc, &exception, "Failed to return reader security attributes"); EXCEPTION_ERROR(rd->e.gv, &exception, "Failed to return reader security attributes");
} }
} }
reader_sec_attributes_free(rd->sec_attr); reader_sec_attributes_free(rd->sec_attr);
@ -1567,6 +1563,7 @@ static int64_t check_remote_participant_permissions(uint32_t domain_id, struct p
DDS_Security_PermissionsToken permissions_token = DDS_SECURITY_TOKEN_INIT; DDS_Security_PermissionsToken permissions_token = DDS_SECURITY_TOKEN_INIT;
DDS_Security_AuthenticatedPeerCredentialToken peer_credential_token = DDS_SECURITY_TOKEN_INIT; DDS_Security_AuthenticatedPeerCredentialToken peer_credential_token = DDS_SECURITY_TOKEN_INIT;
int64_t permissions_hdl = DDS_SECURITY_HANDLE_NIL; int64_t permissions_hdl = DDS_SECURITY_HANDLE_NIL;
struct ddsi_domaingv *gv = pp->e.gv;
if (proxypp->plist->present & PP_PERMISSIONS_TOKEN) if (proxypp->plist->present & PP_PERMISSIONS_TOKEN)
q_omg_shallow_copyin_DataHolder(&permissions_token, &proxypp->plist->permissions_token); q_omg_shallow_copyin_DataHolder(&permissions_token, &proxypp->plist->permissions_token);
@ -1576,8 +1573,7 @@ static int64_t check_remote_participant_permissions(uint32_t domain_id, struct p
handshake = ddsi_handshake_find(pp, proxypp); handshake = ddsi_handshake_find(pp, proxypp);
if (!handshake) if (!handshake)
{ {
ELOG(DDS_LC_ERROR, pp, "Could not find handshake local participant "PGUIDFMT" and remote participant "PGUIDFMT, GVTRACE("Could not find handshake local participant "PGUIDFMT" and remote participant "PGUIDFMT, PGUID(pp->e.guid), PGUID(proxypp->e.guid));
PGUID(pp->e.guid), PGUID(proxypp->e.guid));
goto no_handshake; goto no_handshake;
} }
@ -1585,12 +1581,12 @@ static int64_t check_remote_participant_permissions(uint32_t domain_id, struct p
{ {
if (q_omg_participant_is_access_protected(pp)) if (q_omg_participant_is_access_protected(pp))
{ {
EXCEPTION_ERROR(sc, &exception, "Could not authenticate_peer_credential_token for local participan1152t "PGUIDFMT" and remote participant "PGUIDFMT, EXCEPTION_ERROR(gv, &exception, "Could not authenticate_peer_credential_token for local participan1152t "PGUIDFMT" and remote participant "PGUIDFMT,
PGUID(pp->e.guid), PGUID(proxypp->e.guid)); PGUID(pp->e.guid), PGUID(proxypp->e.guid));
goto no_credentials; goto no_credentials;
} }
/* Failing is allowed due to the non-protection of access. */ /* Failing is allowed due to the non-protection of access. */
EXCEPTION_WARNING(sc, &exception, "Could not authenticate_peer_credential_token for local participant "PGUIDFMT" and remote participant "PGUIDFMT , EXCEPTION_WARNING(gv, &exception, "Could not authenticate_peer_credential_token for local participant "PGUIDFMT" and remote participant "PGUIDFMT ,
PGUID(pp->e.guid), PGUID(proxypp->e.guid)); PGUID(pp->e.guid), PGUID(proxypp->e.guid));
} }
@ -1600,11 +1596,11 @@ static int64_t check_remote_participant_permissions(uint32_t domain_id, struct p
{ {
if (q_omg_participant_is_access_protected(pp)) if (q_omg_participant_is_access_protected(pp))
{ {
EXCEPTION_ERROR(sc, &exception, "Could not get remote participant "PGUIDFMT" permissions from plugin", PGUID(proxypp->e.guid)); EXCEPTION_ERROR(gv, &exception, "Could not get remote participant "PGUIDFMT" permissions from plugin", PGUID(proxypp->e.guid));
goto no_permissions; goto no_permissions;
} }
/* Failing is allowed due to the non-protection of access. */ /* Failing is allowed due to the non-protection of access. */
EXCEPTION_WARNING(sc, &exception, "Could not get remote participant "PGUIDFMT" permissions from plugin", PGUID(proxypp->e.guid)); EXCEPTION_WARNING(gv, &exception, "Could not get remote participant "PGUIDFMT" permissions from plugin", PGUID(proxypp->e.guid));
} }
/* Only check remote participant if joining access is protected. */ /* Only check remote participant if joining access is protected. */
@ -1615,11 +1611,9 @@ static int64_t check_remote_participant_permissions(uint32_t domain_id, struct p
q_omg_shallow_copy_ParticipantBuiltinTopicDataSecure(&participant_data, &(proxypp->e.guid), proxypp->plist); q_omg_shallow_copy_ParticipantBuiltinTopicDataSecure(&participant_data, &(proxypp->e.guid), proxypp->plist);
if (!sc->access_control_context->check_remote_participant(sc->access_control_context, permissions_hdl, (DDS_Security_DomainId)domain_id, &participant_data, &exception)) if (!sc->access_control_context->check_remote_participant(sc->access_control_context, permissions_hdl, (DDS_Security_DomainId)domain_id, &participant_data, &exception))
{ {
EXCEPTION_WARNING(sc, &exception, "Plugin does not allow remote participant "PGUIDFMT, PGUID(proxypp->e.guid)); EXCEPTION_WARNING(gv, &exception, "Plugin does not allow remote participant "PGUIDFMT, PGUID(proxypp->e.guid));
if (!sc->access_control_context->return_permissions_handle(sc->access_control_context, permissions_hdl, &exception)) if (!sc->access_control_context->return_permissions_handle(sc->access_control_context, permissions_hdl, &exception))
{ EXCEPTION_ERROR(gv, &exception, "Failed to return remote permissions handle");
EXCEPTION_ERROR(sc, &exception, "Failed to return remote permissions handle");
}
permissions_hdl = DDS_SECURITY_HANDLE_NIL; permissions_hdl = DDS_SECURITY_HANDLE_NIL;
} }
q_omg_shallow_free_ParticipantBuiltinTopicDataSecure(&participant_data); q_omg_shallow_free_ParticipantBuiltinTopicDataSecure(&participant_data);
@ -1627,9 +1621,7 @@ static int64_t check_remote_participant_permissions(uint32_t domain_id, struct p
no_permissions: no_permissions:
if (!sc->authentication_context->return_authenticated_peer_credential_token(sc->authentication_context, &peer_credential_token, &exception)) if (!sc->authentication_context->return_authenticated_peer_credential_token(sc->authentication_context, &peer_credential_token, &exception))
{ EXCEPTION_ERROR(gv, &exception, "Failed to return peer credential token");
EXCEPTION_ERROR(sc, &exception, "Failed to return peer credential token");
}
no_credentials: no_credentials:
ddsi_handshake_release(handshake); ddsi_handshake_release(handshake);
no_handshake: no_handshake:
@ -1646,7 +1638,7 @@ static void send_participant_crypto_tokens(struct participant *pp, struct proxy_
r = sc->crypto_context->crypto_key_exchange->create_local_participant_crypto_tokens(sc->crypto_context->crypto_key_exchange, &tokens, local_crypto, remote_crypto, &exception); r = sc->crypto_context->crypto_key_exchange->create_local_participant_crypto_tokens(sc->crypto_context->crypto_key_exchange, &tokens, local_crypto, remote_crypto, &exception);
if (!r) if (!r)
EXCEPTION_ERROR(sc, &exception, "Failed to create local participant crypto tokens "PGUIDFMT" for remote participant "PGUIDFMT, PGUID(pp->e.guid), PGUID(proxypp->e.guid)); EXCEPTION_ERROR(pp->e.gv, &exception, "Failed to create local participant crypto tokens "PGUIDFMT" for remote participant "PGUIDFMT, PGUID(pp->e.guid), PGUID(proxypp->e.guid));
else if (tokens._length > 0) else if (tokens._length > 0)
{ {
nn_dataholderseq_t tholder; nn_dataholderseq_t tholder;
@ -1656,7 +1648,7 @@ static void send_participant_crypto_tokens(struct participant *pp, struct proxy_
q_omg_shallow_free_nn_dataholderseq(&tholder); q_omg_shallow_free_nn_dataholderseq(&tholder);
if (!sc->crypto_context->crypto_key_exchange->return_crypto_tokens(sc->crypto_context->crypto_key_exchange, &tokens, &exception)) if (!sc->crypto_context->crypto_key_exchange->return_crypto_tokens(sc->crypto_context->crypto_key_exchange, &tokens, &exception))
EXCEPTION_ERROR(sc, &exception, "Failed to return local participant crypto tokens "PGUIDFMT" for remote participant "PGUIDFMT, PGUID(pp->e.guid), PGUID(proxypp->e.guid)); EXCEPTION_ERROR(pp->e.gv, &exception, "Failed to return local participant crypto tokens "PGUIDFMT" for remote participant "PGUIDFMT, PGUID(pp->e.guid), PGUID(proxypp->e.guid));
} }
} }
@ -1758,7 +1750,7 @@ bool q_omg_security_register_remote_participant(struct participant *pp, struct p
sc->crypto_context->crypto_key_factory, pp->sec_attr->crypto_handle, proxypp->sec_attr->remote_identity_handle, permissions_handle, shared_secret, &exception); sc->crypto_context->crypto_key_factory, pp->sec_attr->crypto_handle, proxypp->sec_attr->remote_identity_handle, permissions_handle, shared_secret, &exception);
if (crypto_handle == DDS_SECURITY_HANDLE_NIL) if (crypto_handle == DDS_SECURITY_HANDLE_NIL)
{ {
EXCEPTION_ERROR(sc, &exception, "Failed to register matched remote participant "PGUIDFMT" with participant "PGUIDFMT, PGUID(proxypp->e.guid), PGUID(pp->e.guid)); EXCEPTION_ERROR(gv, &exception, "Failed to register matched remote participant "PGUIDFMT" with participant "PGUIDFMT, PGUID(proxypp->e.guid), PGUID(pp->e.guid));
ret = false; ret = false;
goto register_failed; goto register_failed;
} }
@ -1779,7 +1771,7 @@ bool q_omg_security_register_remote_participant(struct participant *pp, struct p
{ {
ret = sc->crypto_context->crypto_key_exchange->set_remote_participant_crypto_tokens(sc->crypto_context->crypto_key_exchange, pp->sec_attr->crypto_handle, crypto_handle, match->tokens, &exception); ret = sc->crypto_context->crypto_key_exchange->set_remote_participant_crypto_tokens(sc->crypto_context->crypto_key_exchange, pp->sec_attr->crypto_handle, crypto_handle, match->tokens, &exception);
if (!ret) if (!ret)
EXCEPTION_ERROR(sc, &exception, " Failed to set remote participant crypto tokens "PGUIDFMT" --> "PGUIDFMT, PGUID(proxypp->e.guid), PGUID(pp->e.guid)); EXCEPTION_ERROR(gv, &exception, " Failed to set remote participant crypto tokens "PGUIDFMT" --> "PGUIDFMT, PGUID(proxypp->e.guid), PGUID(pp->e.guid));
else else
GVTRACE(" set participant tokens src("PGUIDFMT") to dst("PGUIDFMT") (by registering remote)\n", PGUID(proxypp->e.guid), PGUID(pp->e.guid)); GVTRACE(" set participant tokens src("PGUIDFMT") to dst("PGUIDFMT") (by registering remote)\n", PGUID(proxypp->e.guid), PGUID(pp->e.guid));
delete_pending_match(&sc->security_matches, match); delete_pending_match(&sc->security_matches, match);
@ -1832,7 +1824,8 @@ void q_omg_security_deregister_remote_participant(struct proxy_participant *prox
struct ddsi_domaingv *gv = proxypp->e.gv; struct ddsi_domaingv *gv = proxypp->e.gv;
DDS_Security_SecurityException exception = DDS_SECURITY_EXCEPTION_INIT; DDS_Security_SecurityException exception = DDS_SECURITY_EXCEPTION_INIT;
if (proxypp->sec_attr) { if (proxypp->sec_attr)
{
dds_security_context *sc = proxypp->sec_attr->sc; dds_security_context *sc = proxypp->sec_attr->sc;
struct proxypp_pp_match *pm; struct proxypp_pp_match *pm;
struct participant *pp; struct participant *pp;
@ -1841,12 +1834,10 @@ void q_omg_security_deregister_remote_participant(struct proxy_participant *prox
while (pm) while (pm)
{ {
struct proxypp_pp_match *next = ddsrt_avl_find_succ(&proxypp_pp_treedef, &proxypp->sec_attr->participants, pm); struct proxypp_pp_match *next = ddsrt_avl_find_succ(&proxypp_pp_treedef, &proxypp->sec_attr->participants, pm);
ddsrt_avl_delete(&proxypp_pp_treedef, &proxypp->sec_attr->participants, pm); ddsrt_avl_delete(&proxypp_pp_treedef, &proxypp->sec_attr->participants, pm);
pp = entidx_lookup_participant_guid(gv->entity_index, &pm->pp_guid); if ((pp = entidx_lookup_participant_guid(gv->entity_index, &pm->pp_guid)) != NULL)
if (pp)
pp_proxypp_unrelate(sc, pp, &proxypp->e.guid); pp_proxypp_unrelate(sc, pp, &proxypp->e.guid);
proxypp_pp_match_free(sc, pm); proxypp_pp_match_free(gv, sc, pm);
pm = next; pm = next;
} }
@ -1855,13 +1846,13 @@ void q_omg_security_deregister_remote_participant(struct proxy_participant *prox
if (proxypp->sec_attr->crypto_handle != DDS_SECURITY_HANDLE_NIL) if (proxypp->sec_attr->crypto_handle != DDS_SECURITY_HANDLE_NIL)
{ {
if (!sc->crypto_context->crypto_key_factory->unregister_participant(sc->crypto_context->crypto_key_factory, proxypp->sec_attr->crypto_handle, &exception)) if (!sc->crypto_context->crypto_key_factory->unregister_participant(sc->crypto_context->crypto_key_factory, proxypp->sec_attr->crypto_handle, &exception))
EXCEPTION_ERROR(sc, &exception, "2:Failed to return remote crypto handle"); EXCEPTION_ERROR(gv, &exception, "2:Failed to return remote crypto handle");
} }
if (proxypp->sec_attr->remote_identity_handle != DDS_SECURITY_HANDLE_NIL) if (proxypp->sec_attr->remote_identity_handle != DDS_SECURITY_HANDLE_NIL)
{ {
if (!sc->authentication_context->return_identity_handle(sc->authentication_context, proxypp->sec_attr->remote_identity_handle, &exception)) if (!sc->authentication_context->return_identity_handle(sc->authentication_context, proxypp->sec_attr->remote_identity_handle, &exception))
EXCEPTION_ERROR(sc, &exception, "Failed to return remote identity handle"); EXCEPTION_ERROR(gv, &exception, "Failed to return remote identity handle");
} }
ddsrt_mutex_destroy(&proxypp->sec_attr->lock); ddsrt_mutex_destroy(&proxypp->sec_attr->lock);
@ -1960,7 +1951,7 @@ void q_omg_security_set_participant_crypto_tokens(struct participant *pp, struct
DDS_Security_DataHolderSeq_free(tseq); DDS_Security_DataHolderSeq_free(tseq);
} }
else else
EXCEPTION_ERROR(sc, &exception, " Failed to set remote participant crypto tokens "PGUIDFMT" for participant "PGUIDFMT, PGUID(proxypp->e.guid), PGUID(pp->e.guid)); EXCEPTION_ERROR(gv, &exception, " Failed to set remote participant crypto tokens "PGUIDFMT" for participant "PGUIDFMT, PGUID(proxypp->e.guid), PGUID(pp->e.guid));
} }
ddsrt_mutex_unlock(&pp->e.lock); ddsrt_mutex_unlock(&pp->e.lock);
@ -2054,7 +2045,7 @@ bool q_omg_security_check_remote_writer_permissions(const struct proxy_writer *p
if (!ok) if (!ok)
{ {
if (!is_topic_discovery_protected(pp->sec_attr->permissions_handle, sc->access_control_context, publication_data.topic_name)) if (!is_topic_discovery_protected(pp->sec_attr->permissions_handle, sc->access_control_context, publication_data.topic_name))
EXCEPTION_ERROR(sc, &exception, "Access control does not allow remote writer "PGUIDFMT": %s", PGUID(pwr->e.guid)); EXCEPTION_ERROR(gv, &exception, "Access control does not allow remote writer "PGUIDFMT": %s", PGUID(pwr->e.guid));
else else
DDS_Security_Exception_reset(&exception); DDS_Security_Exception_reset(&exception);
} }
@ -2076,7 +2067,7 @@ static void send_reader_crypto_tokens(struct reader *rd, struct proxy_writer *pw
r = sc->crypto_context->crypto_key_exchange->create_local_datareader_crypto_tokens(sc->crypto_context->crypto_key_exchange, &tokens, local_crypto, remote_crypto, &exception); r = sc->crypto_context->crypto_key_exchange->create_local_datareader_crypto_tokens(sc->crypto_context->crypto_key_exchange, &tokens, local_crypto, remote_crypto, &exception);
if (!r) if (!r)
EXCEPTION_ERROR(sc, &exception,"Failed to create local reader crypto tokens "PGUIDFMT" for remote writer "PGUIDFMT, PGUID(rd->e.guid), PGUID(pwr->e.guid)); EXCEPTION_ERROR(gv, &exception,"Failed to create local reader crypto tokens "PGUIDFMT" for remote writer "PGUIDFMT, PGUID(rd->e.guid), PGUID(pwr->e.guid));
else if (tokens._length > 0) else if (tokens._length > 0)
{ {
nn_dataholderseq_t tholder; nn_dataholderseq_t tholder;
@ -2086,7 +2077,7 @@ static void send_reader_crypto_tokens(struct reader *rd, struct proxy_writer *pw
q_omg_shallow_free_nn_dataholderseq(&tholder); q_omg_shallow_free_nn_dataholderseq(&tholder);
if (!sc->crypto_context->crypto_key_exchange->return_crypto_tokens(sc->crypto_context->crypto_key_exchange, &tokens, &exception)) if (!sc->crypto_context->crypto_key_exchange->return_crypto_tokens(sc->crypto_context->crypto_key_exchange, &tokens, &exception))
EXCEPTION_ERROR(sc, &exception, "Failed to return local reader crypto tokens "PGUIDFMT" for remote writer "PGUIDFMT, PGUID(rd->e.guid), PGUID(pwr->e.guid)); EXCEPTION_ERROR(gv, &exception, "Failed to return local reader crypto tokens "PGUIDFMT" for remote writer "PGUIDFMT, PGUID(rd->e.guid), PGUID(pwr->e.guid));
} }
} }
@ -2121,7 +2112,7 @@ static bool q_omg_security_register_remote_writer_match(struct proxy_writer *pwr
allowed = true; allowed = true;
} }
else else
EXCEPTION_ERROR(sc, &exception, "Failed to register remote writer "PGUIDFMT" with reader "PGUIDFMT, PGUID(pwr->e.guid), PGUID(rd->e.guid)); EXCEPTION_ERROR(gv, &exception, "Failed to register remote writer "PGUIDFMT" with reader "PGUIDFMT, PGUID(pwr->e.guid), PGUID(rd->e.guid));
} }
else else
{ {
@ -2133,7 +2124,7 @@ static bool q_omg_security_register_remote_writer_match(struct proxy_writer *pwr
*crypto_handle = sc->crypto_context->crypto_key_factory->register_matched_remote_datawriter( *crypto_handle = sc->crypto_context->crypto_key_factory->register_matched_remote_datawriter(
sc->crypto_context->crypto_key_factory, rd->sec_attr->crypto_handle, proxypp->sec_attr->crypto_handle, proxypp_match->shared_secret, &exception); sc->crypto_context->crypto_key_factory, rd->sec_attr->crypto_handle, proxypp->sec_attr->crypto_handle, proxypp_match->shared_secret, &exception);
if (*crypto_handle == 0) if (*crypto_handle == 0)
EXCEPTION_ERROR(sc, &exception, "Failed to register remote writer "PGUIDFMT" with reader "PGUIDFMT, PGUID(pwr->e.guid), PGUID(rd->e.guid)); EXCEPTION_ERROR(gv, &exception, "Failed to register remote writer "PGUIDFMT" with reader "PGUIDFMT, PGUID(pwr->e.guid), PGUID(rd->e.guid));
else else
{ {
pending_match->crypto_handle = *crypto_handle; pending_match->crypto_handle = *crypto_handle;
@ -2142,7 +2133,7 @@ static bool q_omg_security_register_remote_writer_match(struct proxy_writer *pwr
{ {
if (!sc->crypto_context->crypto_key_exchange->set_remote_datawriter_crypto_tokens( if (!sc->crypto_context->crypto_key_exchange->set_remote_datawriter_crypto_tokens(
sc->crypto_context->crypto_key_exchange, rd->sec_attr->crypto_handle, *crypto_handle, pending_match->tokens, &exception)) sc->crypto_context->crypto_key_exchange, rd->sec_attr->crypto_handle, *crypto_handle, pending_match->tokens, &exception))
EXCEPTION_ERROR(sc, &exception, "Failed to set remote writer crypto tokens "PGUIDFMT" --> "PGUIDFMT, PGUID(pwr->e.guid), PGUID(rd->e.guid)); EXCEPTION_ERROR(gv, &exception, "Failed to set remote writer crypto tokens "PGUIDFMT" --> "PGUIDFMT, PGUID(pwr->e.guid), PGUID(rd->e.guid));
else else
{ {
GVTRACE("match_remote_writer "PGUIDFMT" with reader "PGUIDFMT": tokens available\n", PGUID(pwr->e.guid), PGUID(rd->e.guid)); GVTRACE("match_remote_writer "PGUIDFMT" with reader "PGUIDFMT": tokens available\n", PGUID(pwr->e.guid), PGUID(rd->e.guid));
@ -2227,7 +2218,7 @@ void q_omg_security_deregister_remote_writer_match(const struct ddsi_domaingv *g
if (m->crypto_handle != 0) if (m->crypto_handle != 0)
{ {
if (!sc->crypto_context->crypto_key_factory->unregister_datawriter(sc->crypto_context->crypto_key_factory, m->crypto_handle, &exception)) if (!sc->crypto_context->crypto_key_factory->unregister_datawriter(sc->crypto_context->crypto_key_factory, m->crypto_handle, &exception))
EXCEPTION_ERROR(sc, &exception, "Failed to unregister remote writer "PGUIDFMT" for reader "PGUIDFMT, PGUID(m->pwr_guid), PGUID(*rd_guid)); EXCEPTION_ERROR(gv, &exception, "Failed to unregister remote writer "PGUIDFMT" for reader "PGUIDFMT, PGUID(m->pwr_guid), PGUID(*rd_guid));
} }
} }
@ -2289,7 +2280,7 @@ bool q_omg_security_check_remote_reader_permissions(const struct proxy_reader *p
else else
{ {
if (!is_topic_discovery_protected(pp->sec_attr->permissions_handle, sc->access_control_context, subscription_data.topic_name)) if (!is_topic_discovery_protected(pp->sec_attr->permissions_handle, sc->access_control_context, subscription_data.topic_name))
EXCEPTION_ERROR(sc, &exception, "Access control does not allow remote reader "PGUIDFMT": %s", PGUID(prd->e.guid)); EXCEPTION_ERROR(gv, &exception, "Access control does not allow remote reader "PGUIDFMT": %s", PGUID(prd->e.guid));
else else
DDS_Security_Exception_reset(&exception); DDS_Security_Exception_reset(&exception);
} }
@ -2383,7 +2374,7 @@ void q_omg_security_deregister_remote_reader_match(const struct ddsi_domaingv *g
if (m->crypto_handle != 0) if (m->crypto_handle != 0)
{ {
if (!sc->crypto_context->crypto_key_factory->unregister_datareader(sc->crypto_context->crypto_key_factory, m->crypto_handle, &exception)) if (!sc->crypto_context->crypto_key_factory->unregister_datareader(sc->crypto_context->crypto_key_factory, m->crypto_handle, &exception))
EXCEPTION_ERROR(sc, &exception, "Failed to unregister remote reader "PGUIDFMT" for writer "PGUIDFMT, PGUID(m->prd_guid), PGUID(*wr_guid)); EXCEPTION_ERROR(gv, &exception, "Failed to unregister remote reader "PGUIDFMT" for writer "PGUIDFMT, PGUID(m->prd_guid), PGUID(*wr_guid));
} }
} }
@ -2408,7 +2399,7 @@ static void send_writer_crypto_tokens(struct writer *wr, struct proxy_reader *pr
r = sc->crypto_context->crypto_key_exchange->create_local_datawriter_crypto_tokens(sc->crypto_context->crypto_key_exchange, &tokens, local_crypto, remote_crypto, &exception); r = sc->crypto_context->crypto_key_exchange->create_local_datawriter_crypto_tokens(sc->crypto_context->crypto_key_exchange, &tokens, local_crypto, remote_crypto, &exception);
if (!r) if (!r)
EXCEPTION_ERROR(sc, &exception,"Failed to create local writer crypto tokens "PGUIDFMT" for remote reader "PGUIDFMT, PGUID(wr->e.guid), PGUID(prd->e.guid)); EXCEPTION_ERROR(gv, &exception,"Failed to create local writer crypto tokens "PGUIDFMT" for remote reader "PGUIDFMT, PGUID(wr->e.guid), PGUID(prd->e.guid));
else if (tokens._length > 0) else if (tokens._length > 0)
{ {
nn_dataholderseq_t tholder; nn_dataholderseq_t tholder;
@ -2418,7 +2409,7 @@ static void send_writer_crypto_tokens(struct writer *wr, struct proxy_reader *pr
q_omg_shallow_free_nn_dataholderseq(&tholder); q_omg_shallow_free_nn_dataholderseq(&tholder);
if (!sc->crypto_context->crypto_key_exchange->return_crypto_tokens(sc->crypto_context->crypto_key_exchange, &tokens, &exception)) if (!sc->crypto_context->crypto_key_exchange->return_crypto_tokens(sc->crypto_context->crypto_key_exchange, &tokens, &exception))
EXCEPTION_ERROR(sc, &exception, "Failed to return local writer crypto tokens "PGUIDFMT" for remote reader "PGUIDFMT, PGUID(wr->e.guid), PGUID(prd->e.guid)); EXCEPTION_ERROR(gv, &exception, "Failed to return local writer crypto tokens "PGUIDFMT" for remote reader "PGUIDFMT, PGUID(wr->e.guid), PGUID(prd->e.guid));
} }
} }
@ -2454,7 +2445,7 @@ static bool q_omg_security_register_remote_reader_match(struct proxy_reader *prd
allowed = true; allowed = true;
} }
else else
EXCEPTION_ERROR(sc, &exception, "Failed to register remote reader "PGUIDFMT" with writer "PGUIDFMT, PGUID(prd->e.guid), PGUID(wr->e.guid)); EXCEPTION_ERROR(gv, &exception, "Failed to register remote reader "PGUIDFMT" with writer "PGUIDFMT, PGUID(prd->e.guid), PGUID(wr->e.guid));
} }
else else
{ {
@ -2466,7 +2457,7 @@ static bool q_omg_security_register_remote_reader_match(struct proxy_reader *prd
*crypto_handle = sc->crypto_context->crypto_key_factory->register_matched_remote_datareader( *crypto_handle = sc->crypto_context->crypto_key_factory->register_matched_remote_datareader(
sc->crypto_context->crypto_key_factory, wr->sec_attr->crypto_handle, proxypp->sec_attr->crypto_handle, proxypp_match->shared_secret, relay_only, &exception); sc->crypto_context->crypto_key_factory, wr->sec_attr->crypto_handle, proxypp->sec_attr->crypto_handle, proxypp_match->shared_secret, relay_only, &exception);
if (*crypto_handle == 0) if (*crypto_handle == 0)
EXCEPTION_ERROR(sc, &exception, "Failed to register remote reader "PGUIDFMT" with writer "PGUIDFMT, PGUID(prd->e.guid), PGUID(wr->e.guid)); EXCEPTION_ERROR(gv, &exception, "Failed to register remote reader "PGUIDFMT" with writer "PGUIDFMT, PGUID(prd->e.guid), PGUID(wr->e.guid));
else else
{ {
pending_match->crypto_handle = *crypto_handle; pending_match->crypto_handle = *crypto_handle;
@ -2476,7 +2467,7 @@ static bool q_omg_security_register_remote_reader_match(struct proxy_reader *prd
{ {
if (!sc->crypto_context->crypto_key_exchange->set_remote_datareader_crypto_tokens( if (!sc->crypto_context->crypto_key_exchange->set_remote_datareader_crypto_tokens(
sc->crypto_context->crypto_key_exchange, wr->sec_attr->crypto_handle, *crypto_handle, pending_match->tokens, &exception)) sc->crypto_context->crypto_key_exchange, wr->sec_attr->crypto_handle, *crypto_handle, pending_match->tokens, &exception))
EXCEPTION_ERROR(sc, &exception, "Failed to set remote reader crypto tokens "PGUIDFMT" --> "PGUIDFMT, PGUID(prd->e.guid), PGUID(wr->e.guid)); EXCEPTION_ERROR(gv, &exception, "Failed to set remote reader crypto tokens "PGUIDFMT" --> "PGUIDFMT, PGUID(prd->e.guid), PGUID(wr->e.guid));
else else
{ {
GVTRACE(" match_remote_reader "PGUIDFMT" with writer "PGUIDFMT": tokens available\n", PGUID(prd->e.guid), PGUID(wr->e.guid)); GVTRACE(" match_remote_reader "PGUIDFMT" with writer "PGUIDFMT": tokens available\n", PGUID(prd->e.guid), PGUID(wr->e.guid));
@ -2575,7 +2566,7 @@ void q_omg_security_set_remote_writer_crypto_tokens(struct reader *rd, const dds
else else
{ {
if (!sc->crypto_context->crypto_key_exchange->set_remote_datawriter_crypto_tokens(sc->crypto_context->crypto_key_exchange, rd->sec_attr->crypto_handle, match->crypto_handle, tseq, &exception)) if (!sc->crypto_context->crypto_key_exchange->set_remote_datawriter_crypto_tokens(sc->crypto_context->crypto_key_exchange, rd->sec_attr->crypto_handle, match->crypto_handle, tseq, &exception))
EXCEPTION_ERROR(sc, &exception, "Failed to set remote writer crypto tokens "PGUIDFMT" for reader "PGUIDFMT, PGUID(pwr->e.guid), PGUID(rd->e.guid)); EXCEPTION_ERROR(gv, &exception, "Failed to set remote writer crypto tokens "PGUIDFMT" for reader "PGUIDFMT, PGUID(pwr->e.guid), PGUID(rd->e.guid));
else else
{ {
GVTRACE("set_remote_writer_crypto_tokens "PGUIDFMT" with reader "PGUIDFMT"\n", PGUID(pwr->e.guid), PGUID(rd->e.guid)); GVTRACE("set_remote_writer_crypto_tokens "PGUIDFMT" with reader "PGUIDFMT"\n", PGUID(pwr->e.guid), PGUID(rd->e.guid));
@ -2614,7 +2605,7 @@ void q_omg_security_set_remote_reader_crypto_tokens(struct writer *wr, const dds
else else
{ {
if (!sc->crypto_context->crypto_key_exchange->set_remote_datareader_crypto_tokens(sc->crypto_context->crypto_key_exchange, wr->sec_attr->crypto_handle, match->crypto_handle, tseq, &exception)) if (!sc->crypto_context->crypto_key_exchange->set_remote_datareader_crypto_tokens(sc->crypto_context->crypto_key_exchange, wr->sec_attr->crypto_handle, match->crypto_handle, tseq, &exception))
EXCEPTION_ERROR(sc, &exception, "Failed to set remote reader crypto tokens "PGUIDFMT" for writer "PGUIDFMT, PGUID(prd->e.guid), PGUID(wr->e.guid)); EXCEPTION_ERROR(gv, &exception, "Failed to set remote reader crypto tokens "PGUIDFMT" for writer "PGUIDFMT, PGUID(prd->e.guid), PGUID(wr->e.guid));
else else
{ {
GVTRACE("set_remote_reader_crypto_tokens "PGUIDFMT" with writer "PGUIDFMT"\n", PGUID(prd->e.guid), PGUID(wr->e.guid)); GVTRACE("set_remote_reader_crypto_tokens "PGUIDFMT" with writer "PGUIDFMT"\n", PGUID(prd->e.guid), PGUID(wr->e.guid));

2
src/core/ddsi/src/q_entity.c
View file

@ -858,7 +858,7 @@ static dds_return_t check_and_load_security_config (struct ddsi_domaingv * const
GVLOGDISC ("new_participant("PGUIDFMT"): security is already loaded for this domain\n", PGUID (*ppguid)); GVLOGDISC ("new_participant("PGUIDFMT"): security is already loaded for this domain\n", PGUID (*ppguid));
return DDS_RETCODE_OK; return DDS_RETCODE_OK;
} }
else if (q_omg_security_load (gv->security_context, qos) < 0) else if (q_omg_security_load (gv->security_context, qos, gv) < 0)
{ {
GVERROR ("Could not load security\n"); GVERROR ("Could not load security\n");
return DDS_RETCODE_NOT_ALLOWED_BY_SECURITY; return DDS_RETCODE_NOT_ALLOWED_BY_SECURITY;

1
src/security/api/CMakeLists.txt
View file

@ -17,6 +17,7 @@ target_include_directories(
security_api INTERFACE security_api INTERFACE
"$<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/include>" "$<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/include>"
"$<BUILD_INTERFACE:${CMAKE_CURRENT_BINARY_DIR}/include>" "$<BUILD_INTERFACE:${CMAKE_CURRENT_BINARY_DIR}/include>"
"$<BUILD_INTERFACE:${CMAKE_CURRENT_LIST_DIR}/../../core/ddsi/include>"
) )
install( install(

22
src/security/api/include/dds/security/dds_security_api.h
View file

@ -13,8 +13,7 @@
#ifndef DDS_SECURITY_API_H #ifndef DDS_SECURITY_API_H
#define DDS_SECURITY_API_H #define DDS_SECURITY_API_H
#include "dds/ddsi/ddsi_domaingv.h"
/* Various security plugins. */
#include "dds_security_api_access_control.h" #include "dds_security_api_access_control.h"
#include "dds_security_api_authentication.h" #include "dds_security_api_authentication.h"
#include "dds_security_api_cryptography.h" #include "dds_security_api_cryptography.h"
@ -24,25 +23,12 @@
extern "C" { extern "C" {
#endif #endif
/* Integration functions for Security plugins */
/** typedef int (*plugin_init)(const char *argument, void **context, struct ddsi_domaingv *gv);
* Integration functions for Security plugins typedef int (*plugin_finalize)(void *context);
*
*/
typedef int (*plugin_init)(
const char *argument,
void **context
);
typedef int (*plugin_finalize)(
void *context
);
#if defined (__cplusplus) #if defined (__cplusplus)
} }
#endif #endif
#endif /* DDS_SECURITY_API_H */ #endif /* DDS_SECURITY_API_H */

223
src/security/api/include/dds/security/dds_security_api_access_control.h
View file

@ -16,30 +16,21 @@
#include "dds_security_api_types.h" #include "dds_security_api_types.h"
#include "dds_security_api_authentication.h" #include "dds_security_api_authentication.h"
#if defined (__cplusplus) #if defined(__cplusplus)
extern "C" { extern "C"
{
#endif #endif
/* AccessControl Component */
/**
* AccessControl Component
*/
struct dds_security_access_control; struct dds_security_access_control;
typedef struct dds_security_access_control dds_security_access_control; typedef struct dds_security_access_control dds_security_access_control;
/* AccessControlListener Interface */
struct dds_security_access_control_listener; struct dds_security_access_control_listener;
typedef struct dds_security_access_control_listener dds_security_access_control_listener; typedef struct dds_security_access_control_listener dds_security_access_control_listener;
typedef DDS_Security_boolean (*DDS_Security_access_control_listener_on_revoke_permissions)(
/**
* AccessControlListener Interface
* */
typedef DDS_Security_boolean
(*DDS_Security_access_control_listener_on_revoke_permissions)
( dds_security_access_control_listener *instance,
const dds_security_access_control *plugin, const dds_security_access_control *plugin,
const DDS_Security_PermissionsHandle handle); const DDS_Security_PermissionsHandle handle);
@ -48,23 +39,17 @@ struct dds_security_access_control_listener
DDS_Security_access_control_listener_on_revoke_permissions on_revoke_permissions; DDS_Security_access_control_listener_on_revoke_permissions on_revoke_permissions;
}; };
/* AccessControl Interface */
/** typedef DDS_Security_PermissionsHandle (*DDS_Security_access_control_validate_local_permissions)(
* AccessControl Interface dds_security_access_control *instance,
*/
typedef DDS_Security_PermissionsHandle
(*DDS_Security_access_control_validate_local_permissions)
( dds_security_access_control *instance,
const dds_security_authentication *auth_plugin, const dds_security_authentication *auth_plugin,
const DDS_Security_IdentityHandle identity, const DDS_Security_IdentityHandle identity,
const DDS_Security_DomainId domain_id, const DDS_Security_DomainId domain_id,
const DDS_Security_Qos *participant_qos, const DDS_Security_Qos *participant_qos,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
typedef DDS_Security_PermissionsHandle typedef DDS_Security_PermissionsHandle (*DDS_Security_access_control_validate_remote_permissions)(
(*DDS_Security_access_control_validate_remote_permissions) dds_security_access_control *instance,
( dds_security_access_control *instance,
const dds_security_authentication *auth_plugin, const dds_security_authentication *auth_plugin,
const DDS_Security_IdentityHandle local_identity_handle, const DDS_Security_IdentityHandle local_identity_handle,
const DDS_Security_IdentityHandle remote_identity_handle, const DDS_Security_IdentityHandle remote_identity_handle,
@ -72,17 +57,15 @@ typedef DDS_Security_PermissionsHandle
const DDS_Security_AuthenticatedPeerCredentialToken *remote_credential_token, const DDS_Security_AuthenticatedPeerCredentialToken *remote_credential_token,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
typedef DDS_Security_boolean typedef DDS_Security_boolean (*DDS_Security_access_control_check_create_participant)(
(*DDS_Security_access_control_check_create_participant) dds_security_access_control *instance,
( dds_security_access_control *instance,
const DDS_Security_PermissionsHandle permissions_handle, const DDS_Security_PermissionsHandle permissions_handle,
const DDS_Security_DomainId domain_id, const DDS_Security_DomainId domain_id,
const DDS_Security_Qos *participant_qos, const DDS_Security_Qos *participant_qos,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
typedef DDS_Security_boolean typedef DDS_Security_boolean (*DDS_Security_access_control_check_create_datawriter)(
(*DDS_Security_access_control_check_create_datawriter) dds_security_access_control *instance,
( dds_security_access_control *instance,
const DDS_Security_PermissionsHandle permissions_handle, const DDS_Security_PermissionsHandle permissions_handle,
const DDS_Security_DomainId domain_id, const DDS_Security_DomainId domain_id,
const DDS_Security_char *topic_name, const DDS_Security_char *topic_name,
@ -91,9 +74,8 @@ typedef DDS_Security_boolean
const DDS_Security_DataTags *data_tag, const DDS_Security_DataTags *data_tag,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
typedef DDS_Security_boolean typedef DDS_Security_boolean (*DDS_Security_access_control_check_create_datareader)(
(*DDS_Security_access_control_check_create_datareader) dds_security_access_control *instance,
( dds_security_access_control *instance,
const DDS_Security_PermissionsHandle permissions_handle, const DDS_Security_PermissionsHandle permissions_handle,
const DDS_Security_DomainId domain_id, const DDS_Security_DomainId domain_id,
const DDS_Security_char *topic_name, const DDS_Security_char *topic_name,
@ -102,88 +84,75 @@ typedef DDS_Security_boolean
const DDS_Security_DataTags *data_tag, const DDS_Security_DataTags *data_tag,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
typedef DDS_Security_boolean (*DDS_Security_access_control_check_create_topic)(
typedef DDS_Security_boolean dds_security_access_control *instance,
(*DDS_Security_access_control_check_create_topic)
( dds_security_access_control *instance,
const DDS_Security_PermissionsHandle permissions_handle, const DDS_Security_PermissionsHandle permissions_handle,
const DDS_Security_DomainId domain_id, const DDS_Security_DomainId domain_id,
const DDS_Security_char *topic_name, const DDS_Security_char *topic_name,
const DDS_Security_Qos *topic_qos, const DDS_Security_Qos *topic_qos,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
typedef DDS_Security_boolean typedef DDS_Security_boolean (*DDS_Security_access_control_check_local_datawriter_register_instance)(
(*DDS_Security_access_control_check_local_datawriter_register_instance) dds_security_access_control *instance,
( dds_security_access_control *instance,
const DDS_Security_PermissionsHandle permissions_handle, const DDS_Security_PermissionsHandle permissions_handle,
const DDS_Security_Entity *writer, const DDS_Security_Entity *writer,
const DDS_Security_DynamicData *key, const DDS_Security_DynamicData *key,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
typedef DDS_Security_boolean typedef DDS_Security_boolean (*DDS_Security_access_control_check_local_datawriter_dispose_instance)(
(*DDS_Security_access_control_check_local_datawriter_dispose_instance) dds_security_access_control *instance,
( dds_security_access_control *instance,
const DDS_Security_PermissionsHandle permissions_handle, const DDS_Security_PermissionsHandle permissions_handle,
const DDS_Security_Entity *writer, const DDS_Security_Entity *writer,
const DDS_Security_DynamicData key, const DDS_Security_DynamicData key,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
typedef DDS_Security_boolean typedef DDS_Security_boolean (*DDS_Security_access_control_check_remote_participant)(
(*DDS_Security_access_control_check_remote_participant) dds_security_access_control *instance,
( dds_security_access_control *instance,
const DDS_Security_PermissionsHandle permissions_handle, const DDS_Security_PermissionsHandle permissions_handle,
const DDS_Security_DomainId domain_id, const DDS_Security_DomainId domain_id,
const DDS_Security_ParticipantBuiltinTopicDataSecure *participant_data, const DDS_Security_ParticipantBuiltinTopicDataSecure *participant_data,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
typedef DDS_Security_boolean typedef DDS_Security_boolean (*DDS_Security_access_control_check_remote_datawriter)(
(*DDS_Security_access_control_check_remote_datawriter) dds_security_access_control *instance,
( dds_security_access_control *instance,
const DDS_Security_PermissionsHandle permissions_handle, const DDS_Security_PermissionsHandle permissions_handle,
const DDS_Security_DomainId domain_id, const DDS_Security_DomainId domain_id,
const DDS_Security_PublicationBuiltinTopicDataSecure *publication_data, const DDS_Security_PublicationBuiltinTopicDataSecure *publication_data,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
typedef DDS_Security_boolean typedef DDS_Security_boolean (*DDS_Security_access_control_check_remote_datareader)(
(*DDS_Security_access_control_check_remote_datareader) dds_security_access_control *instance,
( dds_security_access_control *instance,
const DDS_Security_PermissionsHandle permissions_handle, const DDS_Security_PermissionsHandle permissions_handle,
const DDS_Security_DomainId domain_id, const DDS_Security_DomainId domain_id,
const DDS_Security_SubscriptionBuiltinTopicDataSecure *subscription_data, const DDS_Security_SubscriptionBuiltinTopicDataSecure *subscription_data,
DDS_Security_boolean *relay_only, DDS_Security_boolean *relay_only,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
typedef DDS_Security_boolean typedef DDS_Security_boolean (*DDS_Security_access_control_check_remote_topic)(
(*DDS_Security_access_control_check_remote_topic) dds_security_access_control *instance,
( dds_security_access_control *instance,
const DDS_Security_PermissionsHandle permissions_handle, const DDS_Security_PermissionsHandle permissions_handle,
const DDS_Security_DomainId domain_id, const DDS_Security_DomainId domain_id,
const DDS_Security_TopicBuiltinTopicData *topic_data, const DDS_Security_TopicBuiltinTopicData *topic_data,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
typedef DDS_Security_boolean (*DDS_Security_access_control_check_local_datawriter_match)(
typedef DDS_Security_boolean dds_security_access_control *instance,
(*DDS_Security_access_control_check_local_datawriter_match)
( dds_security_access_control *instance,
const DDS_Security_PermissionsHandle writer_permissions_handle, const DDS_Security_PermissionsHandle writer_permissions_handle,
const DDS_Security_PermissionsHandle reader_permissions_handle, const DDS_Security_PermissionsHandle reader_permissions_handle,
const DDS_Security_PublicationBuiltinTopicDataSecure *publication_data, const DDS_Security_PublicationBuiltinTopicDataSecure *publication_data,
const DDS_Security_SubscriptionBuiltinTopicDataSecure *subscription_data, const DDS_Security_SubscriptionBuiltinTopicDataSecure *subscription_data,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
typedef DDS_Security_boolean (*DDS_Security_access_control_check_local_datareader_match)(
typedef DDS_Security_boolean dds_security_access_control *instance,
(*DDS_Security_access_control_check_local_datareader_match)
( dds_security_access_control *instance,
const DDS_Security_PermissionsHandle reader_permissions_handle, const DDS_Security_PermissionsHandle reader_permissions_handle,
const DDS_Security_PermissionsHandle writer_permissions_handle, const DDS_Security_PermissionsHandle writer_permissions_handle,
const DDS_Security_SubscriptionBuiltinTopicDataSecure *subscription_data, const DDS_Security_SubscriptionBuiltinTopicDataSecure *subscription_data,
const DDS_Security_PublicationBuiltinTopicDataSecure *publication_data, const DDS_Security_PublicationBuiltinTopicDataSecure *publication_data,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
typedef DDS_Security_boolean typedef DDS_Security_boolean (*DDS_Security_access_control_check_remote_datawriter_register_instance)(
(*DDS_Security_access_control_check_remote_datawriter_register_instance) dds_security_access_control *instance,
( dds_security_access_control *instance,
const DDS_Security_PermissionsHandle permissions_handle, const DDS_Security_PermissionsHandle permissions_handle,
const DDS_Security_Entity *reader, const DDS_Security_Entity *reader,
const DDS_Security_InstanceHandle publication_handle, const DDS_Security_InstanceHandle publication_handle,
@ -191,67 +160,56 @@ typedef DDS_Security_boolean
const DDS_Security_InstanceHandle instance_handle, const DDS_Security_InstanceHandle instance_handle,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
typedef DDS_Security_boolean typedef DDS_Security_boolean (*DDS_Security_access_control_check_remote_datawriter_dispose_instance)(
(*DDS_Security_access_control_check_remote_datawriter_dispose_instance) dds_security_access_control *instance,
( dds_security_access_control *instance,
const DDS_Security_PermissionsHandle permissions_handle, const DDS_Security_PermissionsHandle permissions_handle,
const DDS_Security_Entity *reader, const DDS_Security_Entity *reader,
const DDS_Security_InstanceHandle publication_handle, const DDS_Security_InstanceHandle publication_handle,
const DDS_Security_DynamicData key, const DDS_Security_DynamicData key,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
typedef DDS_Security_boolean typedef DDS_Security_boolean (*DDS_Security_access_control_get_permissions_token)(
(*DDS_Security_access_control_get_permissions_token) dds_security_access_control *instance,
( dds_security_access_control *instance,
DDS_Security_PermissionsToken *permissions_token, DDS_Security_PermissionsToken *permissions_token,
const DDS_Security_PermissionsHandle handle, const DDS_Security_PermissionsHandle handle,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
typedef DDS_Security_boolean typedef DDS_Security_boolean (*DDS_Security_access_control_get_permissions_credential_token)(
(*DDS_Security_access_control_get_permissions_credential_token) dds_security_access_control *instance,
( dds_security_access_control *instance,
DDS_Security_PermissionsCredentialToken *permissions_credential_token, DDS_Security_PermissionsCredentialToken *permissions_credential_token,
const DDS_Security_PermissionsHandle handle, const DDS_Security_PermissionsHandle handle,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
typedef DDS_Security_boolean typedef DDS_Security_boolean (*DDS_Security_access_control_set_listener)(
(*DDS_Security_access_control_set_listener) dds_security_access_control *instance,
( dds_security_access_control *instance,
const dds_security_access_control_listener *listener, const dds_security_access_control_listener *listener,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
typedef DDS_Security_boolean typedef DDS_Security_boolean (*DDS_Security_access_control_return_permissions_token)(
(*DDS_Security_access_control_return_permissions_token) dds_security_access_control *instance,
( dds_security_access_control *instance,
const DDS_Security_PermissionsToken *token, const DDS_Security_PermissionsToken *token,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
typedef DDS_Security_boolean typedef DDS_Security_boolean (*DDS_Security_access_control_return_permissions_credential_token)(
(*DDS_Security_access_control_return_permissions_credential_token) dds_security_access_control *instance,
( dds_security_access_control *instance,
const DDS_Security_PermissionsCredentialToken *permissions_credential_token, const DDS_Security_PermissionsCredentialToken *permissions_credential_token,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
typedef DDS_Security_boolean typedef DDS_Security_boolean (*DDS_Security_access_control_get_participant_sec_attributes)(
(*DDS_Security_access_control_get_participant_sec_attributes) dds_security_access_control *instance,
( dds_security_access_control *instance,
const DDS_Security_PermissionsHandle permissions_handle, const DDS_Security_PermissionsHandle permissions_handle,
DDS_Security_ParticipantSecurityAttributes *attributes, DDS_Security_ParticipantSecurityAttributes *attributes,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
typedef DDS_Security_boolean (*DDS_Security_access_control_get_topic_sec_attributes)(
typedef DDS_Security_boolean dds_security_access_control *instance,
(*DDS_Security_access_control_get_topic_sec_attributes)
( dds_security_access_control *instance,
const DDS_Security_PermissionsHandle permissions_handle, const DDS_Security_PermissionsHandle permissions_handle,
const DDS_Security_char *topic_name, const DDS_Security_char *topic_name,
DDS_Security_TopicSecurityAttributes *attributes, DDS_Security_TopicSecurityAttributes *attributes,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
typedef DDS_Security_boolean (*DDS_Security_access_control_get_datawriter_sec_attributes)(
typedef DDS_Security_boolean dds_security_access_control *instance,
(*DDS_Security_access_control_get_datawriter_sec_attributes)
( dds_security_access_control *instance,
const DDS_Security_PermissionsHandle permissions_handle, const DDS_Security_PermissionsHandle permissions_handle,
const DDS_Security_char *topic_name, const DDS_Security_char *topic_name,
const DDS_Security_PartitionQosPolicy *partition, const DDS_Security_PartitionQosPolicy *partition,
@ -259,10 +217,8 @@ typedef DDS_Security_boolean
DDS_Security_EndpointSecurityAttributes *attributes, DDS_Security_EndpointSecurityAttributes *attributes,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
typedef DDS_Security_boolean (*DDS_Security_access_control_get_datareader_sec_attributes)(
typedef DDS_Security_boolean dds_security_access_control *instance,
(*DDS_Security_access_control_get_datareader_sec_attributes)
( dds_security_access_control *instance,
const DDS_Security_PermissionsHandle permissions_handle, const DDS_Security_PermissionsHandle permissions_handle,
const DDS_Security_char *topic_name, const DDS_Security_char *topic_name,
const DDS_Security_PartitionQosPolicy *partition, const DDS_Security_PartitionQosPolicy *partition,
@ -270,105 +226,68 @@ typedef DDS_Security_boolean
DDS_Security_EndpointSecurityAttributes *attributes, DDS_Security_EndpointSecurityAttributes *attributes,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
typedef DDS_Security_boolean (*DDS_Security_access_control_return_participant_sec_attributes)(
typedef DDS_Security_boolean dds_security_access_control *instance,
(*DDS_Security_access_control_return_participant_sec_attributes)
( dds_security_access_control *instance,
const DDS_Security_ParticipantSecurityAttributes *attributes, const DDS_Security_ParticipantSecurityAttributes *attributes,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
typedef DDS_Security_boolean typedef DDS_Security_boolean (*DDS_Security_access_control_return_topic_sec_attributes)(
(*DDS_Security_access_control_return_topic_sec_attributes) dds_security_access_control *instance,
( dds_security_access_control *instance,
const DDS_Security_TopicSecurityAttributes *attributes, const DDS_Security_TopicSecurityAttributes *attributes,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
typedef DDS_Security_boolean typedef DDS_Security_boolean (*DDS_Security_access_control_return_datawriter_sec_attributes)(
(*DDS_Security_access_control_return_datawriter_sec_attributes) dds_security_access_control *instance,
( dds_security_access_control *instance,
const DDS_Security_EndpointSecurityAttributes *attributes, const DDS_Security_EndpointSecurityAttributes *attributes,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
typedef DDS_Security_boolean (*DDS_Security_access_control_return_datareader_sec_attributes)(
typedef DDS_Security_boolean dds_security_access_control *instance,
(*DDS_Security_access_control_return_datareader_sec_attributes)
( dds_security_access_control *instance,
const DDS_Security_EndpointSecurityAttributes *attributes, const DDS_Security_EndpointSecurityAttributes *attributes,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
typedef DDS_Security_boolean typedef DDS_Security_boolean (*DDS_Security_access_control_return_permissions_handle)(
(*DDS_Security_access_control_return_permissions_handle) dds_security_access_control *instance,
( dds_security_access_control *instance,
DDS_Security_PermissionsHandle permissions_handle, DDS_Security_PermissionsHandle permissions_handle,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
struct dds_security_access_control struct dds_security_access_control
{ {
struct ddsi_domaingv *gv;
DDS_Security_access_control_validate_local_permissions validate_local_permissions; DDS_Security_access_control_validate_local_permissions validate_local_permissions;
DDS_Security_access_control_validate_remote_permissions validate_remote_permissions; DDS_Security_access_control_validate_remote_permissions validate_remote_permissions;
DDS_Security_access_control_check_create_participant check_create_participant; DDS_Security_access_control_check_create_participant check_create_participant;
DDS_Security_access_control_check_create_datawriter check_create_datawriter; DDS_Security_access_control_check_create_datawriter check_create_datawriter;
DDS_Security_access_control_check_create_datareader check_create_datareader; DDS_Security_access_control_check_create_datareader check_create_datareader;
DDS_Security_access_control_check_create_topic check_create_topic; DDS_Security_access_control_check_create_topic check_create_topic;
DDS_Security_access_control_check_local_datawriter_register_instance check_local_datawriter_register_instance; DDS_Security_access_control_check_local_datawriter_register_instance check_local_datawriter_register_instance;
DDS_Security_access_control_check_local_datawriter_dispose_instance check_local_datawriter_dispose_instance; DDS_Security_access_control_check_local_datawriter_dispose_instance check_local_datawriter_dispose_instance;
DDS_Security_access_control_check_remote_participant check_remote_participant; DDS_Security_access_control_check_remote_participant check_remote_participant;
DDS_Security_access_control_check_remote_datawriter check_remote_datawriter; DDS_Security_access_control_check_remote_datawriter check_remote_datawriter;
DDS_Security_access_control_check_remote_datareader check_remote_datareader; DDS_Security_access_control_check_remote_datareader check_remote_datareader;
DDS_Security_access_control_check_remote_topic check_remote_topic; DDS_Security_access_control_check_remote_topic check_remote_topic;
DDS_Security_access_control_check_local_datawriter_match check_local_datawriter_match; DDS_Security_access_control_check_local_datawriter_match check_local_datawriter_match;
DDS_Security_access_control_check_local_datareader_match check_local_datareader_match; DDS_Security_access_control_check_local_datareader_match check_local_datareader_match;
DDS_Security_access_control_check_remote_datawriter_register_instance check_remote_datawriter_register_instance; DDS_Security_access_control_check_remote_datawriter_register_instance check_remote_datawriter_register_instance;
DDS_Security_access_control_check_remote_datawriter_dispose_instance check_remote_datawriter_dispose_instance; DDS_Security_access_control_check_remote_datawriter_dispose_instance check_remote_datawriter_dispose_instance;
DDS_Security_access_control_get_permissions_token get_permissions_token; DDS_Security_access_control_get_permissions_token get_permissions_token;
DDS_Security_access_control_get_permissions_credential_token get_permissions_credential_token; DDS_Security_access_control_get_permissions_credential_token get_permissions_credential_token;
DDS_Security_access_control_set_listener set_listener; DDS_Security_access_control_set_listener set_listener;
DDS_Security_access_control_return_permissions_token return_permissions_token; DDS_Security_access_control_return_permissions_token return_permissions_token;
DDS_Security_access_control_return_permissions_credential_token return_permissions_credential_token; DDS_Security_access_control_return_permissions_credential_token return_permissions_credential_token;
DDS_Security_access_control_get_participant_sec_attributes get_participant_sec_attributes; DDS_Security_access_control_get_participant_sec_attributes get_participant_sec_attributes;
DDS_Security_access_control_get_topic_sec_attributes get_topic_sec_attributes; DDS_Security_access_control_get_topic_sec_attributes get_topic_sec_attributes;
DDS_Security_access_control_get_datawriter_sec_attributes get_datawriter_sec_attributes; DDS_Security_access_control_get_datawriter_sec_attributes get_datawriter_sec_attributes;
DDS_Security_access_control_get_datareader_sec_attributes get_datareader_sec_attributes; DDS_Security_access_control_get_datareader_sec_attributes get_datareader_sec_attributes;
DDS_Security_access_control_return_participant_sec_attributes return_participant_sec_attributes; DDS_Security_access_control_return_participant_sec_attributes return_participant_sec_attributes;
DDS_Security_access_control_return_topic_sec_attributes return_topic_sec_attributes; DDS_Security_access_control_return_topic_sec_attributes return_topic_sec_attributes;
DDS_Security_access_control_return_datawriter_sec_attributes return_datawriter_sec_attributes; DDS_Security_access_control_return_datawriter_sec_attributes return_datawriter_sec_attributes;
DDS_Security_access_control_return_datareader_sec_attributes return_datareader_sec_attributes; DDS_Security_access_control_return_datareader_sec_attributes return_datareader_sec_attributes;
DDS_Security_access_control_return_permissions_handle return_permissions_handle; DDS_Security_access_control_return_permissions_handle return_permissions_handle;
}; };
#if defined(__cplusplus)
#if defined (__cplusplus)
} }
#endif #endif

149
src/security/api/include/dds/security/dds_security_api_authentication.h
View file

@ -15,87 +15,66 @@
#include "dds_security_api_types.h" #include "dds_security_api_types.h"
#if defined (__cplusplus) #if defined(__cplusplus)
extern "C" { extern "C"
{
#endif #endif
/* Authentication Component */
/**
* Authentication Component
*/
struct dds_security_authentication; struct dds_security_authentication;
typedef struct dds_security_authentication dds_security_authentication; typedef struct dds_security_authentication dds_security_authentication;
struct dds_security_authentication_listener; struct dds_security_authentication_listener;
typedef struct dds_security_authentication_listener dds_security_authentication_listener; typedef struct dds_security_authentication_listener dds_security_authentication_listener;
/* AuthenticationListener interface */
/** typedef DDS_Security_boolean (*DDS_Security_authentication_listener_on_revoke_identity)(
* AuthenticationListener interface dds_security_authentication_listener *context,
*/
typedef DDS_Security_boolean
(*DDS_Security_authentication_listener_on_revoke_identity)
( dds_security_authentication_listener *context,
const dds_security_authentication *plugin, const dds_security_authentication *plugin,
const DDS_Security_IdentityHandle handle const DDS_Security_IdentityHandle handle);
);
typedef DDS_Security_boolean typedef DDS_Security_boolean (*DDS_Security_authentication_listener_on_status_changed)(
(*DDS_Security_authentication_listener_on_status_changed) dds_security_authentication_listener *context,
( dds_security_authentication_listener *context,
const dds_security_authentication *plugin, const dds_security_authentication *plugin,
const DDS_Security_IdentityHandle handle, const DDS_Security_IdentityHandle handle,
const DDS_Security_AuthStatusKind status_kind const DDS_Security_AuthStatusKind status_kind);
);
struct dds_security_authentication_listener struct dds_security_authentication_listener
{ {
DDS_Security_authentication_listener_on_revoke_identity on_revoke_identity; DDS_Security_authentication_listener_on_revoke_identity on_revoke_identity;
DDS_Security_authentication_listener_on_status_changed on_status_changed; DDS_Security_authentication_listener_on_status_changed on_status_changed;
}; };
typedef DDS_Security_ValidationResult_t typedef DDS_Security_ValidationResult_t (*DDS_Security_authentication_validate_local_identity)(
(*DDS_Security_authentication_validate_local_identity) dds_security_authentication *instance,
( dds_security_authentication *instance,
DDS_Security_IdentityHandle *local_identity_handle, DDS_Security_IdentityHandle *local_identity_handle,
DDS_Security_GUID_t *adjusted_participant_guid, DDS_Security_GUID_t *adjusted_participant_guid,
const DDS_Security_DomainId domain_id, const DDS_Security_DomainId domain_id,
const DDS_Security_Qos *participant_qos, const DDS_Security_Qos *participant_qos,
const DDS_Security_GUID_t *candidate_participant_guid, const DDS_Security_GUID_t *candidate_participant_guid,
DDS_Security_SecurityException *ex DDS_Security_SecurityException *ex);
);
typedef DDS_Security_boolean (*DDS_Security_authentication_get_identity_token)(
typedef DDS_Security_boolean dds_security_authentication *instance,
(*DDS_Security_authentication_get_identity_token)
( dds_security_authentication *instance,
DDS_Security_IdentityToken *identity_token, DDS_Security_IdentityToken *identity_token,
const DDS_Security_IdentityHandle handle, const DDS_Security_IdentityHandle handle,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
typedef DDS_Security_boolean (*DDS_Security_authentication_get_identity_status_token)(
typedef DDS_Security_boolean dds_security_authentication *instance,
(*DDS_Security_authentication_get_identity_status_token)
( dds_security_authentication *instance,
DDS_Security_IdentityStatusToken *identity_status_token, DDS_Security_IdentityStatusToken *identity_status_token,
const DDS_Security_IdentityHandle handle, const DDS_Security_IdentityHandle handle,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
typedef DDS_Security_boolean typedef DDS_Security_boolean (*DDS_Security_authentication_set_permissions_credential_and_token)(
(*DDS_Security_authentication_set_permissions_credential_and_token) dds_security_authentication *instance,
( dds_security_authentication *instance,
const DDS_Security_IdentityHandle handle, const DDS_Security_IdentityHandle handle,
const DDS_Security_PermissionsCredentialToken *permissions_credential, const DDS_Security_PermissionsCredentialToken *permissions_credential,
const DDS_Security_PermissionsToken *permissions_token, const DDS_Security_PermissionsToken *permissions_token,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
typedef DDS_Security_ValidationResult_t (*DDS_Security_authentication_validate_remote_identity)(
typedef DDS_Security_ValidationResult_t dds_security_authentication *instance,
(*DDS_Security_authentication_validate_remote_identity)
( dds_security_authentication *instance,
DDS_Security_IdentityHandle *remote_identity_handle, DDS_Security_IdentityHandle *remote_identity_handle,
DDS_Security_AuthRequestMessageToken *local_auth_request_token, DDS_Security_AuthRequestMessageToken *local_auth_request_token,
const DDS_Security_AuthRequestMessageToken *remote_auth_request_token, const DDS_Security_AuthRequestMessageToken *remote_auth_request_token,
@ -104,10 +83,8 @@ typedef DDS_Security_ValidationResult_t
const DDS_Security_GUID_t *remote_participant_guid, const DDS_Security_GUID_t *remote_participant_guid,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
typedef DDS_Security_ValidationResult_t (*DDS_Security_authentication_begin_handshake_request)(
typedef DDS_Security_ValidationResult_t dds_security_authentication *instance,
(*DDS_Security_authentication_begin_handshake_request)
( dds_security_authentication *instance,
DDS_Security_HandshakeHandle *handshake_handle, DDS_Security_HandshakeHandle *handshake_handle,
DDS_Security_HandshakeMessageToken *handshake_message, DDS_Security_HandshakeMessageToken *handshake_message,
const DDS_Security_IdentityHandle initiator_identity_handle, const DDS_Security_IdentityHandle initiator_identity_handle,
@ -115,10 +92,8 @@ typedef DDS_Security_ValidationResult_t
const DDS_Security_OctetSeq *serialized_local_participant_data, const DDS_Security_OctetSeq *serialized_local_participant_data,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
typedef DDS_Security_ValidationResult_t (*DDS_Security_authentication_begin_handshake_reply)(
typedef DDS_Security_ValidationResult_t dds_security_authentication *instance,
(*DDS_Security_authentication_begin_handshake_reply)
( dds_security_authentication *instance,
DDS_Security_HandshakeHandle *handshake_handle, DDS_Security_HandshakeHandle *handshake_handle,
DDS_Security_HandshakeMessageToken *handshake_message_out, DDS_Security_HandshakeMessageToken *handshake_message_out,
const DDS_Security_HandshakeMessageToken *handshake_message_in, const DDS_Security_HandshakeMessageToken *handshake_message_in,
@ -127,111 +102,83 @@ typedef DDS_Security_ValidationResult_t
const DDS_Security_OctetSeq *serialized_local_participant_data, const DDS_Security_OctetSeq *serialized_local_participant_data,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
typedef DDS_Security_ValidationResult_t typedef DDS_Security_ValidationResult_t (*DDS_Security_authentication_process_handshake)(
(*DDS_Security_authentication_process_handshake) dds_security_authentication *instance,
( dds_security_authentication *instance,
DDS_Security_HandshakeMessageToken *handshake_message_out, DDS_Security_HandshakeMessageToken *handshake_message_out,
const DDS_Security_HandshakeMessageToken *handshake_message_in, const DDS_Security_HandshakeMessageToken *handshake_message_in,
const DDS_Security_HandshakeHandle handshake_handle, const DDS_Security_HandshakeHandle handshake_handle,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
typedef DDS_Security_SharedSecretHandle typedef DDS_Security_SharedSecretHandle (*DDS_Security_authentication_get_shared_secret)(
(*DDS_Security_authentication_get_shared_secret) dds_security_authentication *instance,
( dds_security_authentication *instance,
const DDS_Security_HandshakeHandle handshake_handle, const DDS_Security_HandshakeHandle handshake_handle,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
typedef DDS_Security_boolean typedef DDS_Security_boolean (*DDS_Security_authentication_get_authenticated_peer_credential_token)(
(*DDS_Security_authentication_get_authenticated_peer_credential_token) dds_security_authentication *instance,
( dds_security_authentication *instance,
DDS_Security_AuthenticatedPeerCredentialToken *peer_credential_token, DDS_Security_AuthenticatedPeerCredentialToken *peer_credential_token,
const DDS_Security_HandshakeHandle handshake_handle, const DDS_Security_HandshakeHandle handshake_handle,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
typedef DDS_Security_boolean typedef DDS_Security_boolean (*DDS_Security_authentication_set_listener)(
(*DDS_Security_authentication_set_listener) dds_security_authentication *instance,
( dds_security_authentication *instance,
const dds_security_authentication_listener *listener, const dds_security_authentication_listener *listener,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
typedef DDS_Security_boolean typedef DDS_Security_boolean (*DDS_Security_authentication_return_identity_token)(
(*DDS_Security_authentication_return_identity_token) dds_security_authentication *instance,
( dds_security_authentication *instance,
const DDS_Security_IdentityToken *token, const DDS_Security_IdentityToken *token,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
typedef DDS_Security_boolean (*DDS_Security_authentication_return_identity_status_token)(
typedef DDS_Security_boolean dds_security_authentication *instance,
(*DDS_Security_authentication_return_identity_status_token)
( dds_security_authentication *instance,
const DDS_Security_IdentityStatusToken *token, const DDS_Security_IdentityStatusToken *token,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
typedef DDS_Security_boolean typedef DDS_Security_boolean (*DDS_Security_authentication_return_authenticated_peer_credential_token)(
(*DDS_Security_authentication_return_authenticated_peer_credential_token) dds_security_authentication *instance,
( dds_security_authentication *instance,
const DDS_Security_AuthenticatedPeerCredentialToken *peer_credential_token, const DDS_Security_AuthenticatedPeerCredentialToken *peer_credential_token,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
typedef DDS_Security_boolean typedef DDS_Security_boolean (*DDS_Security_authentication_return_handshake_handle)(
(*DDS_Security_authentication_return_handshake_handle) dds_security_authentication *instance,
( dds_security_authentication *instance,
const DDS_Security_HandshakeHandle handshake_handle, const DDS_Security_HandshakeHandle handshake_handle,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
typedef DDS_Security_boolean typedef DDS_Security_boolean (*DDS_Security_authentication_return_identity_handle)(
(*DDS_Security_authentication_return_identity_handle) dds_security_authentication *instance,
( dds_security_authentication *instance,
const DDS_Security_IdentityHandle identity_handle, const DDS_Security_IdentityHandle identity_handle,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
typedef DDS_Security_boolean typedef DDS_Security_boolean (*DDS_Security_authentication_return_sharedsecret_handle)(
(*DDS_Security_authentication_return_sharedsecret_handle) dds_security_authentication *instance,
( dds_security_authentication *instance,
const DDS_Security_SharedSecretHandle sharedsecret_handle, const DDS_Security_SharedSecretHandle sharedsecret_handle,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
struct dds_security_authentication struct dds_security_authentication
{ {
struct ddsi_domaingv *gv;
DDS_Security_authentication_validate_local_identity validate_local_identity; DDS_Security_authentication_validate_local_identity validate_local_identity;
DDS_Security_authentication_get_identity_token get_identity_token; DDS_Security_authentication_get_identity_token get_identity_token;
DDS_Security_authentication_get_identity_status_token get_identity_status_token; DDS_Security_authentication_get_identity_status_token get_identity_status_token;
DDS_Security_authentication_set_permissions_credential_and_token set_permissions_credential_and_token; DDS_Security_authentication_set_permissions_credential_and_token set_permissions_credential_and_token;
DDS_Security_authentication_validate_remote_identity validate_remote_identity; DDS_Security_authentication_validate_remote_identity validate_remote_identity;
DDS_Security_authentication_begin_handshake_request begin_handshake_request; DDS_Security_authentication_begin_handshake_request begin_handshake_request;
DDS_Security_authentication_begin_handshake_reply begin_handshake_reply; DDS_Security_authentication_begin_handshake_reply begin_handshake_reply;
DDS_Security_authentication_process_handshake process_handshake; DDS_Security_authentication_process_handshake process_handshake;
DDS_Security_authentication_get_shared_secret get_shared_secret; DDS_Security_authentication_get_shared_secret get_shared_secret;
DDS_Security_authentication_get_authenticated_peer_credential_token get_authenticated_peer_credential_token; DDS_Security_authentication_get_authenticated_peer_credential_token get_authenticated_peer_credential_token;
DDS_Security_authentication_set_listener set_listener; DDS_Security_authentication_set_listener set_listener;
DDS_Security_authentication_return_identity_token return_identity_token; DDS_Security_authentication_return_identity_token return_identity_token;
DDS_Security_authentication_return_identity_status_token return_identity_status_token; DDS_Security_authentication_return_identity_status_token return_identity_status_token;
DDS_Security_authentication_return_authenticated_peer_credential_token return_authenticated_peer_credential_token; DDS_Security_authentication_return_authenticated_peer_credential_token return_authenticated_peer_credential_token;
DDS_Security_authentication_return_handshake_handle return_handshake_handle; DDS_Security_authentication_return_handshake_handle return_handshake_handle;
DDS_Security_authentication_return_identity_handle return_identity_handle; DDS_Security_authentication_return_identity_handle return_identity_handle;
DDS_Security_authentication_return_sharedsecret_handle return_sharedsecret_handle; DDS_Security_authentication_return_sharedsecret_handle return_sharedsecret_handle;
}; };
#if defined(__cplusplus)
#if defined (__cplusplus)
} }
#endif #endif

193
src/security/api/include/dds/security/dds_security_api_cryptography.h
View file

@ -15,14 +15,12 @@
#include "dds_security_api_types.h" #include "dds_security_api_types.h"
#if defined (__cplusplus) #if defined(__cplusplus)
extern "C" { extern "C"
{
#endif #endif
/** /* Crypto Component */
* Crypto Component
*/
struct dds_security_crypto_key_factory; struct dds_security_crypto_key_factory;
typedef struct dds_security_crypto_key_factory dds_security_crypto_key_factory; typedef struct dds_security_crypto_key_factory dds_security_crypto_key_factory;
@ -32,195 +30,150 @@ typedef struct dds_security_crypto_key_exchange dds_security_crypto_key_exchange
struct dds_security_crypto_transform; struct dds_security_crypto_transform;
typedef struct dds_security_crypto_transform dds_security_crypto_transform; typedef struct dds_security_crypto_transform dds_security_crypto_transform;
/** /* CryptoKeyFactory interface */
* CryptoKeyFactory interface typedef DDS_Security_ParticipantCryptoHandle (*DDS_Security_crypto_key_factory_register_local_participant)(
*/ dds_security_crypto_key_factory *instance,
typedef DDS_Security_ParticipantCryptoHandle
(*DDS_Security_crypto_key_factory_register_local_participant)
( dds_security_crypto_key_factory *instance,
const DDS_Security_IdentityHandle participant_identity, const DDS_Security_IdentityHandle participant_identity,
const DDS_Security_PermissionsHandle participant_permissions, const DDS_Security_PermissionsHandle participant_permissions,
const DDS_Security_PropertySeq *participant_properties, const DDS_Security_PropertySeq *participant_properties,
const DDS_Security_ParticipantSecurityAttributes *participant_security_attributes, const DDS_Security_ParticipantSecurityAttributes *participant_security_attributes,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
typedef DDS_Security_ParticipantCryptoHandle typedef DDS_Security_ParticipantCryptoHandle (*DDS_Security_crypto_key_factory_register_matched_remote_participant)(
(*DDS_Security_crypto_key_factory_register_matched_remote_participant) dds_security_crypto_key_factory *instance,
( dds_security_crypto_key_factory *instance,
const DDS_Security_ParticipantCryptoHandle local_participant_crypto_handle, const DDS_Security_ParticipantCryptoHandle local_participant_crypto_handle,
const DDS_Security_IdentityHandle remote_participant_identity, const DDS_Security_IdentityHandle remote_participant_identity,
const DDS_Security_PermissionsHandle remote_participant_permissions, const DDS_Security_PermissionsHandle remote_participant_permissions,
const DDS_Security_SharedSecretHandle shared_secret, const DDS_Security_SharedSecretHandle shared_secret,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
typedef DDS_Security_DatawriterCryptoHandle (*DDS_Security_crypto_key_factory_register_local_datawriter)(
typedef DDS_Security_DatawriterCryptoHandle dds_security_crypto_key_factory *instance,
(*DDS_Security_crypto_key_factory_register_local_datawriter)
( dds_security_crypto_key_factory *instance,
const DDS_Security_ParticipantCryptoHandle participant_crypto, const DDS_Security_ParticipantCryptoHandle participant_crypto,
const DDS_Security_PropertySeq *datawriter_properties, const DDS_Security_PropertySeq *datawriter_properties,
const DDS_Security_EndpointSecurityAttributes *datawriter_security_attributes, const DDS_Security_EndpointSecurityAttributes *datawriter_security_attributes,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
typedef DDS_Security_DatareaderCryptoHandle typedef DDS_Security_DatareaderCryptoHandle (*DDS_Security_crypto_key_factory_register_matched_remote_datareader)(
(*DDS_Security_crypto_key_factory_register_matched_remote_datareader) dds_security_crypto_key_factory *instance,
( dds_security_crypto_key_factory *instance,
const DDS_Security_DatawriterCryptoHandle local_datawriter_crypto_handle, const DDS_Security_DatawriterCryptoHandle local_datawriter_crypto_handle,
const DDS_Security_ParticipantCryptoHandle remote_participant_crypto, const DDS_Security_ParticipantCryptoHandle remote_participant_crypto,
const DDS_Security_SharedSecretHandle shared_secret, const DDS_Security_SharedSecretHandle shared_secret,
const DDS_Security_boolean relay_only, const DDS_Security_boolean relay_only,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
typedef DDS_Security_DatareaderCryptoHandle (*DDS_Security_crypto_key_factory_register_local_datareader)(
typedef DDS_Security_DatareaderCryptoHandle dds_security_crypto_key_factory *instance,
(*DDS_Security_crypto_key_factory_register_local_datareader)
( dds_security_crypto_key_factory *instance,
const DDS_Security_ParticipantCryptoHandle participant_crypto_handle, const DDS_Security_ParticipantCryptoHandle participant_crypto_handle,
const DDS_Security_PropertySeq *datareader_properties, const DDS_Security_PropertySeq *datareader_properties,
const DDS_Security_EndpointSecurityAttributes *datareader_security_attributes, const DDS_Security_EndpointSecurityAttributes *datareader_security_attributes,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
typedef DDS_Security_DatawriterCryptoHandle typedef DDS_Security_DatawriterCryptoHandle (*DDS_Security_crypto_key_factory_register_matched_remote_datawriter)(
(*DDS_Security_crypto_key_factory_register_matched_remote_datawriter) dds_security_crypto_key_factory *instance,
( dds_security_crypto_key_factory *instance,
const DDS_Security_DatareaderCryptoHandle local_datareader_crypto_handle, const DDS_Security_DatareaderCryptoHandle local_datareader_crypto_handle,
const DDS_Security_ParticipantCryptoHandle remote_participant_crypt, const DDS_Security_ParticipantCryptoHandle remote_participant_crypt,
const DDS_Security_SharedSecretHandle shared_secret, const DDS_Security_SharedSecretHandle shared_secret,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
typedef DDS_Security_boolean typedef DDS_Security_boolean (*DDS_Security_crypto_key_factory_unregister_participant)(
(*DDS_Security_crypto_key_factory_unregister_participant) dds_security_crypto_key_factory *instance,
( dds_security_crypto_key_factory *instance,
const DDS_Security_ParticipantCryptoHandle participant_crypto_handle, const DDS_Security_ParticipantCryptoHandle participant_crypto_handle,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
typedef DDS_Security_boolean typedef DDS_Security_boolean (*DDS_Security_crypto_key_factory_unregister_datawriter)(
(*DDS_Security_crypto_key_factory_unregister_datawriter) dds_security_crypto_key_factory *instance,
( dds_security_crypto_key_factory *instance,
const DDS_Security_DatawriterCryptoHandle datawriter_crypto_handle, const DDS_Security_DatawriterCryptoHandle datawriter_crypto_handle,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
typedef DDS_Security_boolean typedef DDS_Security_boolean (*DDS_Security_crypto_key_factory_unregister_datareader)(
(*DDS_Security_crypto_key_factory_unregister_datareader) dds_security_crypto_key_factory *instance,
( dds_security_crypto_key_factory *instance,
const DDS_Security_DatareaderCryptoHandle datareader_crypto_handle, const DDS_Security_DatareaderCryptoHandle datareader_crypto_handle,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
struct dds_security_crypto_key_factory struct dds_security_crypto_key_factory
{ {
DDS_Security_crypto_key_factory_register_local_participant register_local_participant; DDS_Security_crypto_key_factory_register_local_participant register_local_participant;
DDS_Security_crypto_key_factory_register_matched_remote_participant register_matched_remote_participant; DDS_Security_crypto_key_factory_register_matched_remote_participant register_matched_remote_participant;
DDS_Security_crypto_key_factory_register_local_datawriter register_local_datawriter; DDS_Security_crypto_key_factory_register_local_datawriter register_local_datawriter;
DDS_Security_crypto_key_factory_register_matched_remote_datareader register_matched_remote_datareader; DDS_Security_crypto_key_factory_register_matched_remote_datareader register_matched_remote_datareader;
DDS_Security_crypto_key_factory_register_local_datareader register_local_datareader; DDS_Security_crypto_key_factory_register_local_datareader register_local_datareader;
DDS_Security_crypto_key_factory_register_matched_remote_datawriter register_matched_remote_datawriter; DDS_Security_crypto_key_factory_register_matched_remote_datawriter register_matched_remote_datawriter;
DDS_Security_crypto_key_factory_unregister_participant unregister_participant; DDS_Security_crypto_key_factory_unregister_participant unregister_participant;
DDS_Security_crypto_key_factory_unregister_datawriter unregister_datawriter; DDS_Security_crypto_key_factory_unregister_datawriter unregister_datawriter;
DDS_Security_crypto_key_factory_unregister_datareader unregister_datareader; DDS_Security_crypto_key_factory_unregister_datareader unregister_datareader;
} ; };
/* CryptoKeyExchange Interface */
/** typedef DDS_Security_boolean (*DDS_Security_crypto_key_exchange_create_local_participant_crypto_tokens)(
* CryptoKeyExchange Interface dds_security_crypto_key_exchange *instance,
*/
typedef DDS_Security_boolean
(*DDS_Security_crypto_key_exchange_create_local_participant_crypto_tokens)
( dds_security_crypto_key_exchange *instance,
DDS_Security_ParticipantCryptoTokenSeq *local_participant_crypto_tokens, DDS_Security_ParticipantCryptoTokenSeq *local_participant_crypto_tokens,
const DDS_Security_ParticipantCryptoHandle local_participant_crypto, const DDS_Security_ParticipantCryptoHandle local_participant_crypto,
const DDS_Security_ParticipantCryptoHandle remote_participant_crypto, const DDS_Security_ParticipantCryptoHandle remote_participant_crypto,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
typedef DDS_Security_boolean typedef DDS_Security_boolean (*DDS_Security_crypto_key_exchange_set_remote_participant_crypto_tokens)(
(*DDS_Security_crypto_key_exchange_set_remote_participant_crypto_tokens) dds_security_crypto_key_exchange *instance,
( dds_security_crypto_key_exchange *instance,
const DDS_Security_ParticipantCryptoHandle local_participant_crypto, const DDS_Security_ParticipantCryptoHandle local_participant_crypto,
const DDS_Security_ParticipantCryptoHandle remote_participant_crypto, const DDS_Security_ParticipantCryptoHandle remote_participant_crypto,
const DDS_Security_ParticipantCryptoTokenSeq *remote_participant_tokens, const DDS_Security_ParticipantCryptoTokenSeq *remote_participant_tokens,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
typedef DDS_Security_boolean typedef DDS_Security_boolean (*DDS_Security_crypto_key_exchange_create_local_datawriter_crypto_tokens)(
(*DDS_Security_crypto_key_exchange_create_local_datawriter_crypto_tokens) dds_security_crypto_key_exchange *instance,
( dds_security_crypto_key_exchange *instance,
DDS_Security_DatawriterCryptoTokenSeq *local_datawriter_crypto_tokens, DDS_Security_DatawriterCryptoTokenSeq *local_datawriter_crypto_tokens,
const DDS_Security_DatawriterCryptoHandle local_datawriter_crypto, const DDS_Security_DatawriterCryptoHandle local_datawriter_crypto,
const DDS_Security_DatareaderCryptoHandle remote_datareader_crypto, const DDS_Security_DatareaderCryptoHandle remote_datareader_crypto,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
typedef DDS_Security_boolean typedef DDS_Security_boolean (*DDS_Security_crypto_key_exchange_set_remote_datawriter_crypto_tokens)(
(*DDS_Security_crypto_key_exchange_set_remote_datawriter_crypto_tokens) dds_security_crypto_key_exchange *instance,
( dds_security_crypto_key_exchange *instance,
const DDS_Security_DatareaderCryptoHandle local_datareader_crypto, const DDS_Security_DatareaderCryptoHandle local_datareader_crypto,
const DDS_Security_DatawriterCryptoHandle remote_datawriter_crypto, const DDS_Security_DatawriterCryptoHandle remote_datawriter_crypto,
const DDS_Security_DatawriterCryptoTokenSeq *remote_datawriter_tokens, const DDS_Security_DatawriterCryptoTokenSeq *remote_datawriter_tokens,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
typedef DDS_Security_boolean typedef DDS_Security_boolean (*DDS_Security_crypto_key_exchange_create_local_datareader_crypto_tokens)(
(*DDS_Security_crypto_key_exchange_create_local_datareader_crypto_tokens) dds_security_crypto_key_exchange *instance,
( dds_security_crypto_key_exchange *instance,
DDS_Security_DatareaderCryptoTokenSeq *local_datareader_cryto_tokens, DDS_Security_DatareaderCryptoTokenSeq *local_datareader_cryto_tokens,
const DDS_Security_DatareaderCryptoHandle local_datareader_crypto, const DDS_Security_DatareaderCryptoHandle local_datareader_crypto,
const DDS_Security_DatawriterCryptoHandle remote_datawriter_crypto, const DDS_Security_DatawriterCryptoHandle remote_datawriter_crypto,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
typedef DDS_Security_boolean typedef DDS_Security_boolean (*DDS_Security_crypto_key_exchange_set_remote_datareader_crypto_tokens)(
(*DDS_Security_crypto_key_exchange_set_remote_datareader_crypto_tokens) dds_security_crypto_key_exchange *instance,
( dds_security_crypto_key_exchange *instance,
const DDS_Security_DatawriterCryptoHandle local_datawriter_crypto, const DDS_Security_DatawriterCryptoHandle local_datawriter_crypto,
const DDS_Security_DatareaderCryptoHandle remote_datareader_crypto, const DDS_Security_DatareaderCryptoHandle remote_datareader_crypto,
const DDS_Security_DatareaderCryptoTokenSeq *remote_datareader_tokens, const DDS_Security_DatareaderCryptoTokenSeq *remote_datareader_tokens,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
typedef DDS_Security_boolean typedef DDS_Security_boolean (*DDS_Security_crypto_key_exchange_return_crypto_tokens)(
(*DDS_Security_crypto_key_exchange_return_crypto_tokens) dds_security_crypto_key_exchange *instance,
( dds_security_crypto_key_exchange *instance,
DDS_Security_CryptoTokenSeq *crypto_tokens, DDS_Security_CryptoTokenSeq *crypto_tokens,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
struct dds_security_crypto_key_exchange struct dds_security_crypto_key_exchange
{ {
DDS_Security_crypto_key_exchange_create_local_participant_crypto_tokens create_local_participant_crypto_tokens; DDS_Security_crypto_key_exchange_create_local_participant_crypto_tokens create_local_participant_crypto_tokens;
DDS_Security_crypto_key_exchange_set_remote_participant_crypto_tokens set_remote_participant_crypto_tokens; DDS_Security_crypto_key_exchange_set_remote_participant_crypto_tokens set_remote_participant_crypto_tokens;
DDS_Security_crypto_key_exchange_create_local_datawriter_crypto_tokens create_local_datawriter_crypto_tokens; DDS_Security_crypto_key_exchange_create_local_datawriter_crypto_tokens create_local_datawriter_crypto_tokens;
DDS_Security_crypto_key_exchange_set_remote_datawriter_crypto_tokens set_remote_datawriter_crypto_tokens; DDS_Security_crypto_key_exchange_set_remote_datawriter_crypto_tokens set_remote_datawriter_crypto_tokens;
DDS_Security_crypto_key_exchange_create_local_datareader_crypto_tokens create_local_datareader_crypto_tokens; DDS_Security_crypto_key_exchange_create_local_datareader_crypto_tokens create_local_datareader_crypto_tokens;
DDS_Security_crypto_key_exchange_set_remote_datareader_crypto_tokens set_remote_datareader_crypto_tokens; DDS_Security_crypto_key_exchange_set_remote_datareader_crypto_tokens set_remote_datareader_crypto_tokens;
DDS_Security_crypto_key_exchange_return_crypto_tokens return_crypto_tokens; DDS_Security_crypto_key_exchange_return_crypto_tokens return_crypto_tokens;
} ; };
/* CryptoTransform Interface */
/** typedef DDS_Security_boolean (*DDS_Security_crypto_transform_encode_serialized_payload)(
* CryptoTransform Interface dds_security_crypto_transform *instance,
*/
typedef DDS_Security_boolean
(*DDS_Security_crypto_transform_encode_serialized_payload)
( dds_security_crypto_transform *instance,
DDS_Security_OctetSeq *encoded_buffer, DDS_Security_OctetSeq *encoded_buffer,
DDS_Security_OctetSeq *extra_inline_qos, DDS_Security_OctetSeq *extra_inline_qos,
const DDS_Security_OctetSeq *plain_buffer, const DDS_Security_OctetSeq *plain_buffer,
const DDS_Security_DatawriterCryptoHandle sending_datawriter_crypto, const DDS_Security_DatawriterCryptoHandle sending_datawriter_crypto,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
typedef DDS_Security_boolean typedef DDS_Security_boolean (*DDS_Security_crypto_transform_encode_datawriter_submessage)(
(*DDS_Security_crypto_transform_encode_datawriter_submessage) dds_security_crypto_transform *instance,
( dds_security_crypto_transform *instance,
DDS_Security_OctetSeq *encoded_rtps_submessage, DDS_Security_OctetSeq *encoded_rtps_submessage,
const DDS_Security_OctetSeq *plain_rtps_submessage, const DDS_Security_OctetSeq *plain_rtps_submessage,
const DDS_Security_DatawriterCryptoHandle sending_datawriter_crypto, const DDS_Security_DatawriterCryptoHandle sending_datawriter_crypto,
@ -228,19 +181,16 @@ typedef DDS_Security_boolean
DDS_Security_long *receiving_datareader_crypto_list_index, DDS_Security_long *receiving_datareader_crypto_list_index,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
typedef DDS_Security_boolean typedef DDS_Security_boolean (*DDS_Security_crypto_transform_encode_datareader_submessage)(
(*DDS_Security_crypto_transform_encode_datareader_submessage) dds_security_crypto_transform *instance,
( dds_security_crypto_transform *instance,
DDS_Security_OctetSeq *encoded_rtps_submessage, DDS_Security_OctetSeq *encoded_rtps_submessage,
const DDS_Security_OctetSeq *plain_rtps_submessage, const DDS_Security_OctetSeq *plain_rtps_submessage,
const DDS_Security_DatareaderCryptoHandle sending_datareader_crypto, const DDS_Security_DatareaderCryptoHandle sending_datareader_crypto,
const DDS_Security_DatawriterCryptoHandleSeq *receiving_datawriter_crypto_list, const DDS_Security_DatawriterCryptoHandleSeq *receiving_datawriter_crypto_list,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
typedef DDS_Security_boolean (*DDS_Security_crypto_transform_encode_rtps_message)(
typedef DDS_Security_boolean dds_security_crypto_transform *instance,
(*DDS_Security_crypto_transform_encode_rtps_message)
( dds_security_crypto_transform *instance,
DDS_Security_OctetSeq *encoded_rtps_message, DDS_Security_OctetSeq *encoded_rtps_message,
const DDS_Security_OctetSeq *plain_rtps_message, const DDS_Security_OctetSeq *plain_rtps_message,
const DDS_Security_ParticipantCryptoHandle sending_participant_crypto, const DDS_Security_ParticipantCryptoHandle sending_participant_crypto,
@ -248,18 +198,16 @@ typedef DDS_Security_boolean
DDS_Security_long *receiving_participant_crypto_list_index, DDS_Security_long *receiving_participant_crypto_list_index,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
typedef DDS_Security_boolean typedef DDS_Security_boolean (*DDS_Security_crypto_transform_decode_rtps_message)(
(*DDS_Security_crypto_transform_decode_rtps_message) dds_security_crypto_transform *instance,
( dds_security_crypto_transform *instance,
DDS_Security_OctetSeq *plain_buffer, DDS_Security_OctetSeq *plain_buffer,
const DDS_Security_OctetSeq *encoded_buffer, const DDS_Security_OctetSeq *encoded_buffer,
const DDS_Security_ParticipantCryptoHandle receiving_participant_crypto, const DDS_Security_ParticipantCryptoHandle receiving_participant_crypto,
const DDS_Security_ParticipantCryptoHandle sending_participant_crypto, const DDS_Security_ParticipantCryptoHandle sending_participant_crypto,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
typedef DDS_Security_boolean typedef DDS_Security_boolean (*DDS_Security_crypto_transform_preprocess_secure_submsg)(
(*DDS_Security_crypto_transform_preprocess_secure_submsg) dds_security_crypto_transform *instance,
( dds_security_crypto_transform *instance,
DDS_Security_DatawriterCryptoHandle *datawriter_crypto, DDS_Security_DatawriterCryptoHandle *datawriter_crypto,
DDS_Security_DatareaderCryptoHandle *datareader_crypto, DDS_Security_DatareaderCryptoHandle *datareader_crypto,
DDS_Security_SecureSubmessageCategory_t *secure_submessage_category, DDS_Security_SecureSubmessageCategory_t *secure_submessage_category,
@ -268,28 +216,24 @@ typedef DDS_Security_boolean
const DDS_Security_ParticipantCryptoHandle sending_participant_crypto, const DDS_Security_ParticipantCryptoHandle sending_participant_crypto,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
typedef DDS_Security_boolean typedef DDS_Security_boolean (*DDS_Security_crypto_transform_decode_datawriter_submessage)(
(*DDS_Security_crypto_transform_decode_datawriter_submessage) dds_security_crypto_transform *instance,
( dds_security_crypto_transform *instance,
DDS_Security_OctetSeq *plain_rtps_submessage, DDS_Security_OctetSeq *plain_rtps_submessage,
const DDS_Security_OctetSeq *encoded_rtps_submessage, const DDS_Security_OctetSeq *encoded_rtps_submessage,
const DDS_Security_DatareaderCryptoHandle receiving_datareader_crypto, const DDS_Security_DatareaderCryptoHandle receiving_datareader_crypto,
const DDS_Security_DatawriterCryptoHandle sending_datawriter_crypto, const DDS_Security_DatawriterCryptoHandle sending_datawriter_crypto,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
typedef DDS_Security_boolean typedef DDS_Security_boolean (*DDS_Security_crypto_transform_decode_datareader_submessage)(
(*DDS_Security_crypto_transform_decode_datareader_submessage) dds_security_crypto_transform *instance,
( dds_security_crypto_transform *instance,
DDS_Security_OctetSeq *plain_rtps_message, DDS_Security_OctetSeq *plain_rtps_message,
const DDS_Security_OctetSeq *encoded_rtps_message, const DDS_Security_OctetSeq *encoded_rtps_message,
const DDS_Security_DatawriterCryptoHandle receiving_datawriter_crypto, const DDS_Security_DatawriterCryptoHandle receiving_datawriter_crypto,
const DDS_Security_DatareaderCryptoHandle sending_datareader_crypto, const DDS_Security_DatareaderCryptoHandle sending_datareader_crypto,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
typedef DDS_Security_boolean (*DDS_Security_crypto_transform_decode_serialized_payload)(
typedef DDS_Security_boolean dds_security_crypto_transform *instance,
(*DDS_Security_crypto_transform_decode_serialized_payload)
( dds_security_crypto_transform *instance,
DDS_Security_OctetSeq *plain_buffer, DDS_Security_OctetSeq *plain_buffer,
const DDS_Security_OctetSeq *encoded_buffer, const DDS_Security_OctetSeq *encoded_buffer,
const DDS_Security_OctetSeq *inline_qos, const DDS_Security_OctetSeq *inline_qos,
@ -297,40 +241,29 @@ typedef DDS_Security_boolean
const DDS_Security_DatawriterCryptoHandle sending_datawriter_crypto, const DDS_Security_DatawriterCryptoHandle sending_datawriter_crypto,
DDS_Security_SecurityException *ex); DDS_Security_SecurityException *ex);
struct dds_security_crypto_transform struct dds_security_crypto_transform
{ {
DDS_Security_crypto_transform_encode_serialized_payload encode_serialized_payload; DDS_Security_crypto_transform_encode_serialized_payload encode_serialized_payload;
DDS_Security_crypto_transform_encode_datawriter_submessage encode_datawriter_submessage; DDS_Security_crypto_transform_encode_datawriter_submessage encode_datawriter_submessage;
DDS_Security_crypto_transform_encode_datareader_submessage encode_datareader_submessage; DDS_Security_crypto_transform_encode_datareader_submessage encode_datareader_submessage;
DDS_Security_crypto_transform_encode_rtps_message encode_rtps_message; DDS_Security_crypto_transform_encode_rtps_message encode_rtps_message;
DDS_Security_crypto_transform_decode_rtps_message decode_rtps_message; DDS_Security_crypto_transform_decode_rtps_message decode_rtps_message;
DDS_Security_crypto_transform_preprocess_secure_submsg preprocess_secure_submsg; DDS_Security_crypto_transform_preprocess_secure_submsg preprocess_secure_submsg;
DDS_Security_crypto_transform_decode_datawriter_submessage decode_datawriter_submessage; DDS_Security_crypto_transform_decode_datawriter_submessage decode_datawriter_submessage;
DDS_Security_crypto_transform_decode_datareader_submessage decode_datareader_submessage; DDS_Security_crypto_transform_decode_datareader_submessage decode_datareader_submessage;
DDS_Security_crypto_transform_decode_serialized_payload decode_serialized_payload; DDS_Security_crypto_transform_decode_serialized_payload decode_serialized_payload;
} ; };
typedef struct dds_security_cryptography typedef struct dds_security_cryptography
{ {
struct ddsi_domaingv *gv;
dds_security_crypto_transform *crypto_transform; dds_security_crypto_transform *crypto_transform;
dds_security_crypto_key_factory *crypto_key_factory; dds_security_crypto_key_factory *crypto_key_factory;
dds_security_crypto_key_exchange *crypto_key_exchange; dds_security_crypto_key_exchange *crypto_key_exchange;
} dds_security_cryptography; } dds_security_cryptography;
#if defined(__cplusplus)
#if defined (__cplusplus)
} }
#endif #endif

25
src/security/builtin_plugins/access_control/src/access_control.c
View file

@ -20,13 +20,14 @@
#include "dds/ddsrt/string.h" #include "dds/ddsrt/string.h"
#include "dds/ddsrt/sync.h" #include "dds/ddsrt/sync.h"
#include "dds/ddsrt/types.h" #include "dds/ddsrt/types.h"
#include "dds/ddsi/ddsi_domaingv.h"
#include "dds/security/dds_security_api.h" #include "dds/security/dds_security_api.h"
#include "dds/security/core/dds_security_utils.h" #include "dds/security/core/dds_security_utils.h"
#include "dds/security/core/dds_security_timed_cb.h"
#include "access_control.h" #include "access_control.h"
#include "access_control_utils.h" #include "access_control_utils.h"
#include "access_control_objects.h" #include "access_control_objects.h"
#include "access_control_parser.h" #include "access_control_parser.h"
#include "dds/security/core/dds_security_timed_cb.h"
#if OPENSSL_VERSION_NUMBER >= 0x10000000L && OPENSSL_VERSION_NUMBER < 0x10100000L #if OPENSSL_VERSION_NUMBER >= 0x10000000L && OPENSSL_VERSION_NUMBER < 0x10100000L
#define REMOVE_THREAD_STATE() ERR_remove_thread_state(NULL); #define REMOVE_THREAD_STATE() ERR_remove_thread_state(NULL);
@ -82,7 +83,6 @@ typedef struct dds_security_access_control_impl
struct dds_security_timed_cb_data *timed_callbacks; struct dds_security_timed_cb_data *timed_callbacks;
struct dds_security_timed_dispatcher_t *dispatcher; struct dds_security_timed_dispatcher_t *dispatcher;
} dds_security_access_control_impl; } dds_security_access_control_impl;
static bool get_sec_attributes(dds_security_access_control_impl *ac, const DDS_Security_PermissionsHandle permissions_handle, const char *topic_name, static bool get_sec_attributes(dds_security_access_control_impl *ac, const DDS_Security_PermissionsHandle permissions_handle, const char *topic_name,
@ -162,12 +162,9 @@ validate_local_permissions(
} }
#endif #endif
permissions_handle = ACCESS_CONTROL_OBJECT_HANDLE(rights); if ((permissions_handle = ACCESS_CONTROL_OBJECT_HANDLE(rights)) != DDS_SECURITY_HANDLE_NIL)
if (permissions_handle != DDS_SECURITY_HANDLE_NIL)
{ {
assert (rights->permissions_expiry != DDS_TIME_INVALID); assert (rights->permissions_expiry != DDS_TIME_INVALID);
if (rights->permissions_expiry != 0) if (rights->permissions_expiry != 0)
add_validity_end_trigger(ac, permissions_handle, rights->permissions_expiry); add_validity_end_trigger(ac, permissions_handle, rights->permissions_expiry);
} }
@ -228,10 +225,12 @@ validate_remote_permissions(
remote_rights = check_and_create_remote_participant_rights(remote_identity_handle, local_rights, remote_permissions_token, remote_credential_token, ex); remote_rights = check_and_create_remote_participant_rights(remote_identity_handle, local_rights, remote_permissions_token, remote_credential_token, ex);
#endif #endif
permissions_handle = ACCESS_CONTROL_OBJECT_HANDLE(remote_rights); if ((permissions_handle = ACCESS_CONTROL_OBJECT_HANDLE(remote_rights)) != DDS_SECURITY_HANDLE_NIL)
{
if (permissions_handle != DDS_SECURITY_HANDLE_NIL) assert (remote_rights->permissions_expiry != DDS_TIME_INVALID);
if (remote_rights->permissions_expiry != 0)
add_validity_end_trigger(ac, permissions_handle, remote_rights->permissions_expiry); add_validity_end_trigger(ac, permissions_handle, remote_rights->permissions_expiry);
}
if (remote_rights) if (remote_rights)
access_control_table_insert(ac->remote_permissions, (AccessControlObject *)remote_rights); access_control_table_insert(ac->remote_permissions, (AccessControlObject *)remote_rights);
@ -1475,14 +1474,13 @@ return_permissions_handle(
return true; return true;
} }
int init_access_control(const char *argument, void **context) int init_access_control(const char *argument, void **context, struct ddsi_domaingv *gv)
{ {
DDSRT_UNUSED_ARG(argument); DDSRT_UNUSED_ARG(argument);
dds_security_access_control_impl *access_control = ddsrt_malloc(sizeof(*access_control)); dds_security_access_control_impl *access_control = ddsrt_malloc(sizeof(*access_control));
memset(access_control, 0, sizeof(*access_control)); memset(access_control, 0, sizeof(*access_control));
access_control->base.gv = gv;
access_control->timed_callbacks = dds_security_timed_cb_new(); access_control->timed_callbacks = dds_security_timed_cb_new();
access_control->dispatcher = dds_security_timed_dispatcher_new(access_control->timed_callbacks); access_control->dispatcher = dds_security_timed_dispatcher_new(access_control->timed_callbacks);
access_control->base.validate_local_permissions = &validate_local_permissions; access_control->base.validate_local_permissions = &validate_local_permissions;
@ -1881,7 +1879,6 @@ validity_callback(struct dds_security_timed_dispatcher_t *d,
void *arg) void *arg)
{ {
validity_cb_info *info = arg; validity_cb_info *info = arg;
DDSRT_UNUSED_ARG(d); DDSRT_UNUSED_ARG(d);
assert(d); assert(d);
assert(arg); assert(arg);
@ -1892,7 +1889,7 @@ validity_callback(struct dds_security_timed_dispatcher_t *d,
{ {
dds_security_access_control_listener *ac_listener = (dds_security_access_control_listener *)listener; dds_security_access_control_listener *ac_listener = (dds_security_access_control_listener *)listener;
if (ac_listener->on_revoke_permissions) if (ac_listener->on_revoke_permissions)
ac_listener->on_revoke_permissions(ac_listener, (dds_security_access_control *)info->ac, info->hdl); ac_listener->on_revoke_permissions((dds_security_access_control *)info->ac, info->hdl);
} }
} }
ddsrt_free(arg); ddsrt_free(arg);

3
src/security/builtin_plugins/access_control/src/access_control.h
View file

@ -12,10 +12,11 @@
#ifndef ACCESS_CONTROL_H #ifndef ACCESS_CONTROL_H
#define ACCESS_CONTROL_H #define ACCESS_CONTROL_H
#include "dds/ddsi/ddsi_domaingv.h"
#include "dds/security/dds_security_api.h" #include "dds/security/dds_security_api.h"
#include "dds/security/export.h" #include "dds/security/export.h"
SECURITY_EXPORT int init_access_control(const char *argument, void **context); SECURITY_EXPORT int init_access_control(const char *argument, void **context, struct ddsi_domaingv *gv);
SECURITY_EXPORT int finalize_access_control(void *context); SECURITY_EXPORT int finalize_access_control(void *context);
#endif /* ACCESS_CONTROL_H */ #endif /* ACCESS_CONTROL_H */

1
src/security/builtin_plugins/authentication/CMakeLists.txt
View file

@ -43,6 +43,7 @@ target_include_directories(dds_security_auth
"$<BUILD_INTERFACE:$<TARGET_PROPERTY:security_core,INTERFACE_INCLUDE_DIRECTORIES>>" "$<BUILD_INTERFACE:$<TARGET_PROPERTY:security_core,INTERFACE_INCLUDE_DIRECTORIES>>"
"$<BUILD_INTERFACE:$<TARGET_PROPERTY:ddsrt,INTERFACE_INCLUDE_DIRECTORIES>>" "$<BUILD_INTERFACE:$<TARGET_PROPERTY:ddsrt,INTERFACE_INCLUDE_DIRECTORIES>>"
"$<BUILD_INTERFACE:${CMAKE_CURRENT_BINARY_DIR}/include>" "$<BUILD_INTERFACE:${CMAKE_CURRENT_BINARY_DIR}/include>"
"$<BUILD_INTERFACE:${CMAKE_CURRENT_LIST_DIR}/../../../core/ddsi/include>"
) )
install( install(

5
src/security/builtin_plugins/authentication/src/authentication.c
View file

@ -41,6 +41,7 @@
#include "dds/ddsrt/string.h" #include "dds/ddsrt/string.h"
#include "dds/ddsrt/sync.h" #include "dds/ddsrt/sync.h"
#include "dds/ddsrt/hopscotch.h" #include "dds/ddsrt/hopscotch.h"
#include "dds/ddsi/ddsi_domaingv.h"
#include "dds/security/dds_security_api.h" #include "dds/security/dds_security_api.h"
#include "dds/security/core/dds_security_timed_cb.h" #include "dds/security/core/dds_security_timed_cb.h"
#include "dds/security/core/dds_security_utils.h" #include "dds/security/core/dds_security_utils.h"
@ -2229,14 +2230,14 @@ DDS_Security_boolean return_sharedsecret_handle(dds_security_authentication *ins
return true; return true;
} }
int32_t init_authentication(const char *argument, void **context) int32_t init_authentication(const char *argument, void **context, struct ddsi_domaingv *gv)
{ {
DDSRT_UNUSED_ARG(argument); DDSRT_UNUSED_ARG(argument);
dds_security_authentication_impl *authentication; dds_security_authentication_impl *authentication;
authentication = (dds_security_authentication_impl *)ddsrt_malloc(sizeof(dds_security_authentication_impl)); authentication = (dds_security_authentication_impl *)ddsrt_malloc(sizeof(dds_security_authentication_impl));
memset(authentication, 0, sizeof(dds_security_authentication_impl)); memset(authentication, 0, sizeof(dds_security_authentication_impl));
authentication->base.gv = gv;
authentication->timed_callbacks = dds_security_timed_cb_new(); authentication->timed_callbacks = dds_security_timed_cb_new();
authentication->dispatcher = dds_security_timed_dispatcher_new(authentication->timed_callbacks); authentication->dispatcher = dds_security_timed_dispatcher_new(authentication->timed_callbacks);

2
src/security/builtin_plugins/authentication/src/authentication.h
View file

@ -17,7 +17,7 @@
#include "dds/security/dds_security_api.h" #include "dds/security/dds_security_api.h"
#include "dds/security/export.h" #include "dds/security/export.h"
SECURITY_EXPORT int32_t init_authentication(const char *argument, void **context); SECURITY_EXPORT int32_t init_authentication(const char *argument, void **context, struct ddsi_domaingv *gv);
SECURITY_EXPORT int32_t finalize_authentication(void *context); SECURITY_EXPORT int32_t finalize_authentication(void *context);
DDS_Security_ValidationResult_t validate_local_identity(dds_security_authentication *instance, DDS_Security_IdentityHandle *local_identity_handle, DDS_Security_GUID_t *adjusted_participant_guid, DDS_Security_ValidationResult_t validate_local_identity(dds_security_authentication *instance, DDS_Security_IdentityHandle *local_identity_handle, DDS_Security_GUID_t *adjusted_participant_guid,

1
src/security/builtin_plugins/cryptographic/CMakeLists.txt
View file

@ -42,6 +42,7 @@ target_include_directories(dds_security_crypto
"$<BUILD_INTERFACE:$<TARGET_PROPERTY:security_core,INTERFACE_INCLUDE_DIRECTORIES>>" "$<BUILD_INTERFACE:$<TARGET_PROPERTY:security_core,INTERFACE_INCLUDE_DIRECTORIES>>"
"$<BUILD_INTERFACE:$<TARGET_PROPERTY:ddsrt,INTERFACE_INCLUDE_DIRECTORIES>>" "$<BUILD_INTERFACE:$<TARGET_PROPERTY:ddsrt,INTERFACE_INCLUDE_DIRECTORIES>>"
"$<BUILD_INTERFACE:${CMAKE_CURRENT_BINARY_DIR}/include>" "$<BUILD_INTERFACE:${CMAKE_CURRENT_BINARY_DIR}/include>"
"$<BUILD_INTERFACE:${CMAKE_CURRENT_LIST_DIR}/../../../core/ddsi/include>"
) )
install( install(

5
src/security/builtin_plugins/cryptographic/src/cryptography.c
View file

@ -11,6 +11,7 @@
*/ */
#include "dds/ddsrt/heap.h" #include "dds/ddsrt/heap.h"
#include "dds/ddsrt/types.h" #include "dds/ddsrt/types.h"
#include "dds/ddsi/ddsi_domaingv.h"
#include "dds/security/dds_security_api.h" #include "dds/security/dds_security_api.h"
#include "cryptography.h" #include "cryptography.h"
#include "crypto_key_exchange.h" #include "crypto_key_exchange.h"
@ -24,6 +25,7 @@
typedef struct dds_security_cryptography_impl { typedef struct dds_security_cryptography_impl {
dds_security_cryptography base; dds_security_cryptography base;
struct ddsi_domaingv *gv;
} dds_security_cryptography_impl; } dds_security_cryptography_impl;
dds_security_crypto_key_factory *cryptography_get_crypto_key_factory (const struct dds_security_cryptography *crypto) dds_security_crypto_key_factory *cryptography_get_crypto_key_factory (const struct dds_security_cryptography *crypto)
@ -45,7 +47,7 @@ dds_security_crypto_transform *cryptography_get_crypto_transform (const struct d
} }
int init_crypto (const char *argument, void **context) int init_crypto (const char *argument, void **context, struct ddsi_domaingv *gv)
{ {
dds_security_cryptography_impl *cryptography; dds_security_cryptography_impl *cryptography;
dds_security_crypto_key_exchange *crypto_key_exchange; dds_security_crypto_key_exchange *crypto_key_exchange;
@ -56,6 +58,7 @@ int init_crypto (const char *argument, void **context)
/* allocate new instance */ /* allocate new instance */
cryptography = ddsrt_malloc (sizeof(*cryptography)); cryptography = ddsrt_malloc (sizeof(*cryptography));
cryptography->base.gv = gv;
/* assign the sub components */ /* assign the sub components */
crypto_key_exchange = dds_security_crypto_key_exchange__alloc ((dds_security_cryptography *)cryptography); crypto_key_exchange = dds_security_crypto_key_exchange__alloc ((dds_security_cryptography *)cryptography);

17
src/security/builtin_plugins/cryptographic/src/cryptography.h
View file

@ -12,22 +12,15 @@
#ifndef CRYPTOGRAPHY_H #ifndef CRYPTOGRAPHY_H
#define CRYPTOGRAPHY_H #define CRYPTOGRAPHY_H
#include "dds/ddsi/ddsi_domaingv.h"
#include "dds/security/dds_security_api.h" #include "dds/security/dds_security_api.h"
#include "dds/security/export.h" #include "dds/security/export.h"
SECURITY_EXPORT int init_crypto(const char *argument, void **context); SECURITY_EXPORT int init_crypto(const char *argument, void **context, struct ddsi_domaingv *gv);
SECURITY_EXPORT int finalize_crypto(void *instance); SECURITY_EXPORT int finalize_crypto(void *instance);
dds_security_crypto_key_factory * dds_security_crypto_key_factory *cryptography_get_crypto_key_factory(const dds_security_cryptography *crypto);
cryptography_get_crypto_key_factory( dds_security_crypto_key_exchange * cryptography_get_crypto_key_exchange(const dds_security_cryptography *crypto);
const dds_security_cryptography *crypto); dds_security_crypto_transform *cryptography_get_crypto_transform(const dds_security_cryptography *crypto);
dds_security_crypto_key_exchange *
cryptography_get_crypto_key_exchange(
const dds_security_cryptography *crypto);
dds_security_crypto_transform *
cryptography_get_crypto_transform(
const dds_security_cryptography *crypto);
#endif /* CRYPTOGRAPHY_H */ #endif /* CRYPTOGRAPHY_H */

2
src/security/builtin_plugins/tests/common/src/loader.c
View file

@ -64,7 +64,7 @@ load_plugin(
} }
char * init_parameters = ""; char * init_parameters = "";
(void)info->func_init(init_parameters, &plugin); (void)info->func_init(init_parameters, &plugin, NULL);
if (plugin) { if (plugin) {
info->context = plugin; info->context = plugin;
} else { } else {

3
src/security/builtin_plugins/tests/listeners_access_control/src/listeners_access_control_utests.c
View file

@ -568,9 +568,8 @@ CU_Clean(ddssec_builtin_listeners_access_control)
return 0; return 0;
} }
static DDS_Security_boolean on_revoke_permissions_cb(dds_security_access_control_listener *instance, const dds_security_access_control *plugin, const DDS_Security_PermissionsHandle handle) static DDS_Security_boolean on_revoke_permissions_cb(const dds_security_access_control *plugin, const DDS_Security_PermissionsHandle handle)
{ {
DDSRT_UNUSED_ARG(instance);
DDSRT_UNUSED_ARG(plugin); DDSRT_UNUSED_ARG(plugin);
if (permission_handle_for_callback1 == DDS_SECURITY_HANDLE_NIL) if (permission_handle_for_callback1 == DDS_SECURITY_HANDLE_NIL)
permission_handle_for_callback1 = handle; permission_handle_for_callback1 = handle;

23
src/security/core/include/dds/security/core/dds_security_plugins.h
View file

@ -14,10 +14,11 @@
#ifndef SECURITY_CORE_PLUGINS_H_ #ifndef SECURITY_CORE_PLUGINS_H_
#define SECURITY_CORE_PLUGINS_H_ #define SECURITY_CORE_PLUGINS_H_
#include <stdint.h>
#include "dds/export.h" #include "dds/export.h"
#include "dds/ddsrt/retcode.h" #include "dds/ddsrt/retcode.h"
#include "dds/ddsrt/dynlib.h" #include "dds/ddsrt/dynlib.h"
#include <stdint.h> #include "dds/ddsi/ddsi_domaingv.h"
#include "dds/security/dds_security_api.h" #include "dds/security/dds_security_api.h"
struct ddsrt_log_cfg; struct ddsrt_log_cfg;
@ -47,24 +48,14 @@ typedef struct dds_security_plugin_suite_config{
dds_security_plugin_config access_control; dds_security_plugin_config access_control;
} dds_security_plugin_suite_config; } dds_security_plugin_suite_config;
DDS_EXPORT dds_return_t dds_security_plugin_release( DDS_EXPORT dds_return_t dds_security_plugin_release(const dds_security_plugin *security_plugin, void *context);
const dds_security_plugin *security_plugin, DDS_EXPORT dds_return_t dds_security_check_plugin_configuration(const dds_security_plugin_suite_config *security_suite_config, struct ddsi_domaingv *gv);
void *context ); DDS_EXPORT dds_return_t dds_security_load_security_library(const dds_security_plugin_config *plugin_config, dds_security_plugin *security_plugin,
void **security_plugin_context, struct ddsi_domaingv *gv);
DDS_EXPORT dds_return_t dds_security_check_plugin_configuration(
const dds_security_plugin_suite_config *security_suite_config,
const struct ddsrt_log_cfg *logcfg);
DDS_EXPORT dds_return_t dds_security_load_security_library(
const dds_security_plugin_config *plugin_config,
dds_security_plugin *security_plugin, void **security_plugin_context,
const struct ddsrt_log_cfg *logcfg);
DDS_EXPORT dds_return_t dds_security_verify_plugin_functions( DDS_EXPORT dds_return_t dds_security_verify_plugin_functions(
dds_security_authentication *authentication_context, dds_security_plugin *auth_plugin, dds_security_authentication *authentication_context, dds_security_plugin *auth_plugin,
dds_security_cryptography *crypto_context, dds_security_plugin *crypto_plugin, dds_security_cryptography *crypto_context, dds_security_plugin *crypto_plugin,
dds_security_access_control *access_control_context, dds_security_plugin *ac_plugin, dds_security_access_control *access_control_context, dds_security_plugin *ac_plugin,
const struct ddsrt_log_cfg *logcfg); struct ddsi_domaingv *gv);
#endif /* SECURITY_CORE_PLUGINS_H_ */ #endif /* SECURITY_CORE_PLUGINS_H_ */

41
src/security/core/src/dds_security_plugins.c
View file

@ -19,40 +19,40 @@
#include "dds/ddsrt/dynlib.h" #include "dds/ddsrt/dynlib.h"
#include "dds/ddsrt/io.h" #include "dds/ddsrt/io.h"
static bool check_plugin_configuration (const dds_security_plugin_config *config, const char *name, const struct ddsrt_log_cfg *logcfg) static bool check_plugin_configuration (const dds_security_plugin_config *config, const char *name, struct ddsi_domaingv *gv)
{ {
if (config->library_path == NULL || *config->library_path == 0) { if (config->library_path == NULL || *config->library_path == 0) {
DDS_CERROR (logcfg, "%s security plugin library path is undefined or empty\n", name); GVERROR ("%s security plugin library path is undefined or empty\n", name);
return false; return false;
} }
if (config->library_init == NULL || *config->library_init == 0) { if (config->library_init == NULL || *config->library_init == 0) {
DDS_CERROR (logcfg, "%s security plugin init function is undefined or empty\n", name); GVERROR ("%s security plugin init function is undefined or empty\n", name);
return false; return false;
} }
if (config->library_finalize == NULL || *config->library_finalize == 0) { if (config->library_finalize == NULL || *config->library_finalize == 0) {
DDS_CERROR (logcfg, "%s security plugin finalize function is undefined or empty\n", name); GVERROR ("%s security plugin finalize function is undefined or empty\n", name);
return false; return false;
} }
return true; return true;
} }
dds_return_t dds_security_check_plugin_configuration (const dds_security_plugin_suite_config *security_suite_config, const struct ddsrt_log_cfg *logcfg) dds_return_t dds_security_check_plugin_configuration (const dds_security_plugin_suite_config *security_suite_config, struct ddsi_domaingv *gv)
{ {
if (check_plugin_configuration (&security_suite_config->access_control, "AccessControl", logcfg) && if (check_plugin_configuration (&security_suite_config->access_control, "AccessControl", gv) &&
check_plugin_configuration (&security_suite_config->authentication, "Authentication", logcfg) && check_plugin_configuration (&security_suite_config->authentication, "Authentication", gv) &&
check_plugin_configuration (&security_suite_config->cryptography, "Cryptography", logcfg)) check_plugin_configuration (&security_suite_config->cryptography, "Cryptography", gv))
return DDS_RETCODE_OK; return DDS_RETCODE_OK;
else else
return DDS_RETCODE_ERROR; return DDS_RETCODE_ERROR;
} }
static bool verify_function (const void *function_ptr, dds_security_plugin *plugin, const char *function_name, const struct ddsrt_log_cfg *logcfg) static bool verify_function (const void *function_ptr, dds_security_plugin *plugin, const char *function_name, struct ddsi_domaingv *gv)
{ {
if (function_ptr != NULL) if (function_ptr != NULL)
return true; return true;
else else
{ {
DDS_CERROR (logcfg, "Could not find the function for %s: %s\n", plugin->name, function_name); GVERROR ("Could not find the function for %s: %s\n", plugin->name, function_name);
return false; return false;
} }
} }
@ -62,12 +62,12 @@ struct verify_plugin_functions_tab {
const char *name; const char *name;
}; };
static bool verify_plugin_functions (const void *context, dds_security_plugin *plugin, const struct verify_plugin_functions_tab *entries, size_t nentries, const struct ddsrt_log_cfg *logcfg) static bool verify_plugin_functions (const void *context, dds_security_plugin *plugin, const struct verify_plugin_functions_tab *entries, size_t nentries, struct ddsi_domaingv *gv)
{ {
for (size_t i = 0; i < nentries; i++) for (size_t i = 0; i < nentries; i++)
{ {
const char *p = (const char *) context + entries[i].off; const char *p = (const char *) context + entries[i].off;
if (!verify_function (*((void **) p), plugin, entries[i].name, logcfg)) if (!verify_function (*((void **) p), plugin, entries[i].name, gv))
return false; return false;
} }
return true; return true;
@ -77,7 +77,7 @@ dds_return_t dds_security_verify_plugin_functions(
dds_security_authentication *authentication_context, dds_security_plugin *auth_plugin, dds_security_authentication *authentication_context, dds_security_plugin *auth_plugin,
dds_security_cryptography *crypto_context, dds_security_plugin *crypto_plugin, dds_security_cryptography *crypto_context, dds_security_plugin *crypto_plugin,
dds_security_access_control *access_control_context, dds_security_plugin *ac_plugin, dds_security_access_control *access_control_context, dds_security_plugin *ac_plugin,
const struct ddsrt_log_cfg *logcfg) struct ddsi_domaingv *gv)
{ {
#define FGEN(context, name) { offsetof (context, name), #name } #define FGEN(context, name) { offsetof (context, name), #name }
#define F(name) FGEN (dds_security_authentication, name) #define F(name) FGEN (dds_security_authentication, name)
@ -170,7 +170,7 @@ dds_return_t dds_security_verify_plugin_functions(
F (decode_serialized_payload) F (decode_serialized_payload)
}; };
#undef F #undef F
#define C(context, plugin, table) verify_plugin_functions (context, plugin, table, sizeof (table) / sizeof (table[0]), logcfg) #define C(context, plugin, table) verify_plugin_functions (context, plugin, table, sizeof (table) / sizeof (table[0]), gv)
if (C (authentication_context, auth_plugin, auth) && if (C (authentication_context, auth_plugin, auth) &&
C (access_control_context, ac_plugin, ac) && C (access_control_context, ac_plugin, ac) &&
C (crypto_context->crypto_key_factory, crypto_plugin, cryptoF) && C (crypto_context->crypto_key_factory, crypto_plugin, cryptoF) &&
@ -189,7 +189,8 @@ dds_return_t dds_security_verify_plugin_functions(
/** /**
* All fields of the library properties are supposed to be non-empty * All fields of the library properties are supposed to be non-empty
*/ */
dds_return_t dds_security_load_security_library (const dds_security_plugin_config *plugin_config, dds_security_plugin *security_plugin, void **security_plugin_context, const struct ddsrt_log_cfg *logcfg) dds_return_t dds_security_load_security_library (const dds_security_plugin_config *plugin_config, dds_security_plugin *security_plugin,
void **security_plugin_context, struct ddsi_domaingv *gv)
{ {
dds_return_t lib_ret; dds_return_t lib_ret;
char *init_parameters = ""; char *init_parameters = "";
@ -211,30 +212,30 @@ dds_return_t dds_security_load_security_library (const dds_security_plugin_confi
{ {
char buffer[256]; char buffer[256];
ddsrt_dlerror (buffer, sizeof (buffer)); ddsrt_dlerror (buffer, sizeof (buffer));
DDS_CERROR (logcfg, "Could not load %s library: %s\n", security_plugin->name, buffer); GVERROR ("Could not load %s library: %s\n", security_plugin->name, buffer);
goto load_error; goto load_error;
} }
void *tmp; void *tmp;
if (ddsrt_dlsym (security_plugin->lib_handle, plugin_config->library_init, &tmp) != DDS_RETCODE_OK) if (ddsrt_dlsym (security_plugin->lib_handle, plugin_config->library_init, &tmp) != DDS_RETCODE_OK)
{ {
DDS_CERROR (logcfg, "Could not find the function: %s\n", plugin_config->library_init); GVERROR ("Could not find the function: %s\n", plugin_config->library_init);
goto library_error; goto library_error;
} }
security_plugin->func_init = (plugin_init) tmp; security_plugin->func_init = (plugin_init) tmp;
if (ddsrt_dlsym (security_plugin->lib_handle, plugin_config->library_finalize, &tmp) != DDS_RETCODE_OK) if (ddsrt_dlsym (security_plugin->lib_handle, plugin_config->library_finalize, &tmp) != DDS_RETCODE_OK)
{ {
DDS_CERROR (logcfg, "Could not find the function: %s\n", plugin_config->library_finalize); GVERROR ("Could not find the function: %s\n", plugin_config->library_finalize);
goto library_error; goto library_error;
} }
security_plugin->func_finalize = (plugin_finalize) tmp; security_plugin->func_finalize = (plugin_finalize) tmp;
if (security_plugin->func_init != 0) if (security_plugin->func_init != 0)
{ {
if (security_plugin->func_init (init_parameters, (void **) security_plugin_context) != DDS_RETCODE_OK) if (security_plugin->func_init (init_parameters, (void **) security_plugin_context, gv) != DDS_RETCODE_OK)
{ {
DDS_CERROR (logcfg, "Error occured while initializing %s plugin\n", security_plugin->name); GVERROR ("Error occured while initializing %s plugin\n", security_plugin->name);
goto library_error; goto library_error;
} }
} }

6
src/security/core/tests/common/access_control_wrapper.c
View file

@ -514,10 +514,11 @@ static struct dds_security_access_control_impl * init_test_access_control_common
return impl; return impl;
} }
int32_t init_test_access_control_all_ok(const char *argument, void **context) int32_t init_test_access_control_all_ok(const char *argument, void **context, struct ddsi_domaingv *gv)
{ {
DDSRT_UNUSED_ARG(argument); DDSRT_UNUSED_ARG(argument);
DDSRT_UNUSED_ARG(context); DDSRT_UNUSED_ARG(context);
DDSRT_UNUSED_ARG(gv);
struct dds_security_access_control_impl *impl = init_test_access_control_common(); struct dds_security_access_control_impl *impl = init_test_access_control_common();
impl->mode = PLUGIN_MODE_ALL_OK; impl->mode = PLUGIN_MODE_ALL_OK;
*context = impl; *context = impl;
@ -531,10 +532,11 @@ int32_t finalize_test_access_control_all_ok(void *context)
return 0; return 0;
} }
int32_t init_test_access_control_missing_func(const char *argument, void **context) int32_t init_test_access_control_missing_func(const char *argument, void **context, struct ddsi_domaingv *gv)
{ {
DDSRT_UNUSED_ARG(argument); DDSRT_UNUSED_ARG(argument);
DDSRT_UNUSED_ARG(context); DDSRT_UNUSED_ARG(context);
DDSRT_UNUSED_ARG(gv);
struct dds_security_access_control_impl *impl = init_test_access_control_common(); struct dds_security_access_control_impl *impl = init_test_access_control_common();
impl->base.check_create_datareader = NULL; impl->base.check_create_datareader = NULL;
impl->mode = PLUGIN_MODE_MISSING_FUNC; impl->mode = PLUGIN_MODE_MISSING_FUNC;

5
src/security/core/tests/common/access_control_wrapper.h
View file

@ -12,15 +12,16 @@
#ifndef SECURITY_CORE_TEST_ACCESS_CONTROL_WRAPPER_H_ #ifndef SECURITY_CORE_TEST_ACCESS_CONTROL_WRAPPER_H_
#define SECURITY_CORE_TEST_ACCESS_CONTROL_WRAPPER_H_ #define SECURITY_CORE_TEST_ACCESS_CONTROL_WRAPPER_H_
#include "dds/ddsi/ddsi_domaingv.h"
#include "dds/security/dds_security_api.h" #include "dds/security/dds_security_api.h"
#include "dds/security/access_control_wrapper_export.h" #include "dds/security/access_control_wrapper_export.h"
/* Init in all-ok mode: all functions return success without calling the actual plugin */ /* Init in all-ok mode: all functions return success without calling the actual plugin */
SECURITY_EXPORT int32_t init_test_access_control_all_ok(const char *argument, void **context); SECURITY_EXPORT int32_t init_test_access_control_all_ok(const char *argument, void **context, struct ddsi_domaingv *gv);
SECURITY_EXPORT int32_t finalize_test_access_control_all_ok(void *context); SECURITY_EXPORT int32_t finalize_test_access_control_all_ok(void *context);
/* Init in missing function mode: one of the function pointers is null */ /* Init in missing function mode: one of the function pointers is null */
SECURITY_EXPORT int32_t init_test_access_control_missing_func(const char *argument, void **context); SECURITY_EXPORT int32_t init_test_access_control_missing_func(const char *argument, void **context, struct ddsi_domaingv *gv);
SECURITY_EXPORT int32_t finalize_test_access_control_missing_func(void *context); SECURITY_EXPORT int32_t finalize_test_access_control_missing_func(void *context);
#endif /* SECURITY_CORE_TEST_ACCESS_CONTROL_WRAPPER_H_ */ #endif /* SECURITY_CORE_TEST_ACCESS_CONTROL_WRAPPER_H_ */

23
src/security/core/tests/common/authentication_wrapper.c
View file

@ -22,7 +22,7 @@
#include "test_identity.h" #include "test_identity.h"
#include "plugin_wrapper_msg_q.h" #include "plugin_wrapper_msg_q.h"
int32_t init_authentication(const char *argument, void **context); int32_t init_authentication(const char *argument, void **context, struct ddsi_domaingv *gv);
int32_t finalize_authentication(void *context); int32_t finalize_authentication(void *context);
enum auth_plugin_mode { enum auth_plugin_mode {
@ -41,7 +41,6 @@ struct dds_security_authentication_impl
dds_security_authentication base; dds_security_authentication base;
dds_security_authentication *instance; dds_security_authentication *instance;
struct message_queue msg_queue; struct message_queue msg_queue;
const struct ddsi_domaingv *gv;
enum auth_plugin_mode mode; enum auth_plugin_mode mode;
}; };
@ -439,7 +438,7 @@ static struct dds_security_authentication_impl * get_impl_for_domain(dds_domaini
{ {
for (size_t i = 0; i < auth_impl_idx; i++) for (size_t i = 0; i < auth_impl_idx; i++)
{ {
if (auth_impl[i] && auth_impl[i]->gv->config.domainId == domain_id) if (auth_impl[i] && auth_impl[i]->instance->gv->config.domainId == domain_id)
{ {
return auth_impl[i]; return auth_impl[i];
} }
@ -483,10 +482,11 @@ static struct dds_security_authentication_impl * init_test_authentication_common
return impl; return impl;
} }
int32_t init_test_authentication_all_ok(const char *argument, void **context) int32_t init_test_authentication_all_ok(const char *argument, void **context, struct ddsi_domaingv *gv)
{ {
DDSRT_UNUSED_ARG(argument); DDSRT_UNUSED_ARG(argument);
DDSRT_UNUSED_ARG(context); DDSRT_UNUSED_ARG(context);
DDSRT_UNUSED_ARG(gv);
struct dds_security_authentication_impl *impl = init_test_authentication_common(); struct dds_security_authentication_impl *impl = init_test_authentication_common();
impl->mode = PLUGIN_MODE_ALL_OK; impl->mode = PLUGIN_MODE_ALL_OK;
*context = impl; *context = impl;
@ -500,10 +500,11 @@ int32_t finalize_test_authentication_all_ok(void *context)
return 0; return 0;
} }
int32_t init_test_authentication_missing_func(const char *argument, void **context) int32_t init_test_authentication_missing_func(const char *argument, void **context, struct ddsi_domaingv *gv)
{ {
DDSRT_UNUSED_ARG(argument); DDSRT_UNUSED_ARG(argument);
DDSRT_UNUSED_ARG(context); DDSRT_UNUSED_ARG(context);
DDSRT_UNUSED_ARG(gv);
struct dds_security_authentication_impl *impl = init_test_authentication_common(); struct dds_security_authentication_impl *impl = init_test_authentication_common();
impl->base.get_shared_secret = NULL; impl->base.get_shared_secret = NULL;
impl->mode = PLUGIN_MODE_MISSING_FUNC; impl->mode = PLUGIN_MODE_MISSING_FUNC;
@ -518,10 +519,11 @@ int32_t finalize_test_authentication_missing_func(void *context)
return 0; return 0;
} }
int32_t init_test_authentication_init_error(const char *argument, void **context) int32_t init_test_authentication_init_error(const char *argument, void **context, struct ddsi_domaingv *gv)
{ {
DDSRT_UNUSED_ARG(argument); DDSRT_UNUSED_ARG(argument);
DDSRT_UNUSED_ARG(context); DDSRT_UNUSED_ARG(context);
DDSRT_UNUSED_ARG(gv);
return 1; return 1;
} }
@ -535,19 +537,14 @@ int32_t finalize_test_authentication_init_error(void *context)
* Init and fini functions for using wrapped mode for the authentication plugin. * Init and fini functions for using wrapped mode for the authentication plugin.
* These functions assumes that there are no concurrent calls, as the static * These functions assumes that there are no concurrent calls, as the static
* variables used here are not protected by a lock. */ * variables used here are not protected by a lock. */
int32_t init_test_authentication_wrapped(const char *argument, void **context) int32_t init_test_authentication_wrapped(const char *argument, void **context, struct ddsi_domaingv *gv)
{ {
int32_t ret; int32_t ret;
struct dds_security_authentication_impl *impl = init_test_authentication_common(); struct dds_security_authentication_impl *impl = init_test_authentication_common();
impl->mode = PLUGIN_MODE_WRAPPED; impl->mode = PLUGIN_MODE_WRAPPED;
init_message_queue(&impl->msg_queue); init_message_queue(&impl->msg_queue);
struct thread_state1 * const ts1 = lookup_thread_state (); ret = init_authentication(argument, (void **)&impl->instance, gv);
struct ddsi_domaingv const * const gv = ddsrt_atomic_ldvoidp (&ts1->gv);
impl->gv = gv;
ret = init_authentication(argument, (void **)&impl->instance);
auth_impl_idx++; auth_impl_idx++;
auth_impl = ddsrt_realloc(auth_impl, auth_impl_idx * sizeof(*auth_impl)); auth_impl = ddsrt_realloc(auth_impl, auth_impl_idx * sizeof(*auth_impl));
auth_impl[auth_impl_idx - 1] = impl; auth_impl[auth_impl_idx - 1] = impl;

9
src/security/core/tests/common/authentication_wrapper.h
View file

@ -12,24 +12,25 @@
#ifndef SECURITY_CORE_TEST_AUTHENTICATION_WRAPPER_H_ #ifndef SECURITY_CORE_TEST_AUTHENTICATION_WRAPPER_H_
#define SECURITY_CORE_TEST_AUTHENTICATION_WRAPPER_H_ #define SECURITY_CORE_TEST_AUTHENTICATION_WRAPPER_H_
#include "dds/ddsi/ddsi_domaingv.h"
#include "dds/security/dds_security_api.h" #include "dds/security/dds_security_api.h"
#include "dds/security/authentication_wrapper_export.h" #include "dds/security/authentication_wrapper_export.h"
#include "plugin_wrapper_msg_q.h" #include "plugin_wrapper_msg_q.h"
/* Init in wrapper mode */ /* Init in wrapper mode */
SECURITY_EXPORT int32_t init_test_authentication_wrapped(const char *argument, void **context); SECURITY_EXPORT int32_t init_test_authentication_wrapped(const char *argument, void **context, struct ddsi_domaingv *gv);
SECURITY_EXPORT int32_t finalize_test_authentication_wrapped(void *context); SECURITY_EXPORT int32_t finalize_test_authentication_wrapped(void *context);
/* Init in all-ok mode: all functions return success without calling the actual plugin */ /* Init in all-ok mode: all functions return success without calling the actual plugin */
SECURITY_EXPORT int32_t init_test_authentication_all_ok(const char *argument, void **context); SECURITY_EXPORT int32_t init_test_authentication_all_ok(const char *argument, void **context, struct ddsi_domaingv *gv);
SECURITY_EXPORT int32_t finalize_test_authentication_all_ok(void *context); SECURITY_EXPORT int32_t finalize_test_authentication_all_ok(void *context);
/* Init in missing function mode: one of the function pointers is null */ /* Init in missing function mode: one of the function pointers is null */
SECURITY_EXPORT int32_t init_test_authentication_missing_func(const char *argument, void **context); SECURITY_EXPORT int32_t init_test_authentication_missing_func(const char *argument, void **context, struct ddsi_domaingv *gv);
SECURITY_EXPORT int32_t finalize_test_authentication_missing_func(void *context); SECURITY_EXPORT int32_t finalize_test_authentication_missing_func(void *context);
/* Init function fails */ /* Init function fails */
SECURITY_EXPORT int32_t init_test_authentication_init_error(const char *argument, void **context); SECURITY_EXPORT int32_t init_test_authentication_init_error(const char *argument, void **context, struct ddsi_domaingv *gv);
SECURITY_EXPORT int32_t finalize_test_authentication_init_error(void *context); SECURITY_EXPORT int32_t finalize_test_authentication_init_error(void *context);
SECURITY_EXPORT struct message * test_authentication_plugin_take_msg(dds_domainid_t domain_id, message_kind_t kind, DDS_Security_IdentityHandle lidHandle, DDS_Security_IdentityHandle ridHandle, DDS_Security_IdentityHandle hsHandle, dds_duration_t timeout); SECURITY_EXPORT struct message * test_authentication_plugin_take_msg(dds_domainid_t domain_id, message_kind_t kind, DDS_Security_IdentityHandle lidHandle, DDS_Security_IdentityHandle ridHandle, DDS_Security_IdentityHandle hsHandle, dds_duration_t timeout);

18
src/security/core/tests/common/cryptography_wrapper.c
View file

@ -22,7 +22,7 @@
#include "dds/security/core/dds_security_utils.h" #include "dds/security/core/dds_security_utils.h"
#include "cryptography_wrapper.h" #include "cryptography_wrapper.h"
int32_t init_crypto(const char *argument, void **context); int32_t init_crypto(const char *argument, void **context, struct ddsi_domaingv *gv);
int32_t finalize_crypto(void *context); int32_t finalize_crypto(void *context);
enum crypto_plugin_mode { enum crypto_plugin_mode {
@ -700,14 +700,14 @@ static DDS_Security_boolean decode_serialized_payload(
/** /**
* Init and finalize functions * Init and finalize functions
*/ */
static struct dds_security_cryptography_impl * init_test_cryptography_common(const char *argument, bool wrapped) static struct dds_security_cryptography_impl * init_test_cryptography_common(const char *argument, bool wrapped, struct ddsi_domaingv *gv)
{ {
struct dds_security_cryptography_impl *impl = (struct dds_security_cryptography_impl*) ddsrt_malloc(sizeof(*impl)); struct dds_security_cryptography_impl *impl = (struct dds_security_cryptography_impl*) ddsrt_malloc(sizeof(*impl));
memset(impl, 0, sizeof(*impl)); memset(impl, 0, sizeof(*impl));
if (wrapped) if (wrapped)
{ {
if (init_crypto(argument, (void **)&impl->instance) != DDS_SECURITY_SUCCESS) if (init_crypto(argument, (void **)&impl->instance, gv) != DDS_SECURITY_SUCCESS)
return NULL; return NULL;
impl->transform_wrap.instance = impl->instance->crypto_transform; impl->transform_wrap.instance = impl->instance->crypto_transform;
@ -763,9 +763,9 @@ static int32_t finalize_test_cryptography_common(struct dds_security_cryptograph
return DDS_SECURITY_SUCCESS; return DDS_SECURITY_SUCCESS;
} }
int32_t init_test_cryptography_all_ok(const char *argument, void **context) int32_t init_test_cryptography_all_ok(const char *argument, void **context, struct ddsi_domaingv *gv)
{ {
struct dds_security_cryptography_impl *impl = init_test_cryptography_common(argument, false); struct dds_security_cryptography_impl *impl = init_test_cryptography_common(argument, false, gv);
if (!impl) if (!impl)
return DDS_SECURITY_FAILED; return DDS_SECURITY_FAILED;
impl->mode = PLUGIN_MODE_ALL_OK; impl->mode = PLUGIN_MODE_ALL_OK;
@ -780,9 +780,9 @@ int32_t finalize_test_cryptography_all_ok(void *context)
return finalize_test_cryptography_common(impl, false); return finalize_test_cryptography_common(impl, false);
} }
int32_t init_test_cryptography_missing_func(const char *argument, void **context) int32_t init_test_cryptography_missing_func(const char *argument, void **context, struct ddsi_domaingv *gv)
{ {
struct dds_security_cryptography_impl *impl = init_test_cryptography_common(argument, false); struct dds_security_cryptography_impl *impl = init_test_cryptography_common(argument, false, gv);
if (!impl) if (!impl)
return DDS_SECURITY_FAILED; return DDS_SECURITY_FAILED;
impl->base.crypto_key_exchange->set_remote_participant_crypto_tokens = NULL; impl->base.crypto_key_exchange->set_remote_participant_crypto_tokens = NULL;
@ -798,9 +798,9 @@ int32_t finalize_test_cryptography_missing_func(void *context)
return finalize_test_cryptography_common(impl, false); return finalize_test_cryptography_common(impl, false);
} }
int32_t init_test_cryptography_wrapped(const char *argument, void **context) int32_t init_test_cryptography_wrapped(const char *argument, void **context, struct ddsi_domaingv *gv)
{ {
struct dds_security_cryptography_impl *impl = init_test_cryptography_common(argument, true); struct dds_security_cryptography_impl *impl = init_test_cryptography_common(argument, true, gv);
if (!impl) if (!impl)
return DDS_SECURITY_FAILED; return DDS_SECURITY_FAILED;
impl->mode = PLUGIN_MODE_WRAPPED; impl->mode = PLUGIN_MODE_WRAPPED;

7
src/security/core/tests/common/cryptography_wrapper.h
View file

@ -12,6 +12,7 @@
#ifndef SECURITY_CORE_TEST_CRYPTO_WRAPPER_H_ #ifndef SECURITY_CORE_TEST_CRYPTO_WRAPPER_H_
#define SECURITY_CORE_TEST_CRYPTO_WRAPPER_H_ #define SECURITY_CORE_TEST_CRYPTO_WRAPPER_H_
#include "dds/ddsi/ddsi_domaingv.h"
#include "dds/security/dds_security_api.h" #include "dds/security/dds_security_api.h"
#include "dds/security/dds_security_api_defs.h" #include "dds/security/dds_security_api_defs.h"
#include "dds/security/cryptography_wrapper_export.h" #include "dds/security/cryptography_wrapper_export.h"
@ -34,15 +35,15 @@ SECURITY_EXPORT void set_disc_protection_kinds(
SECURITY_EXPORT void set_entity_data_secret(struct dds_security_cryptography_impl * impl, const char * pp_secret, const char * groupdata_secret, const char * ep_secret); SECURITY_EXPORT void set_entity_data_secret(struct dds_security_cryptography_impl * impl, const char * pp_secret, const char * groupdata_secret, const char * ep_secret);
/* Init in all-ok mode: all functions return success without calling the actual plugin */ /* Init in all-ok mode: all functions return success without calling the actual plugin */
SECURITY_EXPORT int32_t init_test_cryptography_all_ok(const char *argument, void **context); SECURITY_EXPORT int32_t init_test_cryptography_all_ok(const char *argument, void **context, struct ddsi_domaingv *gv);
SECURITY_EXPORT int32_t finalize_test_cryptography_all_ok(void *context); SECURITY_EXPORT int32_t finalize_test_cryptography_all_ok(void *context);
/* Init in missing function mode: one of the function pointers is null */ /* Init in missing function mode: one of the function pointers is null */
SECURITY_EXPORT int32_t init_test_cryptography_missing_func(const char *argument, void **context); SECURITY_EXPORT int32_t init_test_cryptography_missing_func(const char *argument, void **context, struct ddsi_domaingv *gv);
SECURITY_EXPORT int32_t finalize_test_cryptography_missing_func(void *context); SECURITY_EXPORT int32_t finalize_test_cryptography_missing_func(void *context);
/* Init in wrapper mode */ /* Init in wrapper mode */
SECURITY_EXPORT int32_t init_test_cryptography_wrapped(const char *argument, void **context); SECURITY_EXPORT int32_t init_test_cryptography_wrapped(const char *argument, void **context, struct ddsi_domaingv *gv);
SECURITY_EXPORT int32_t finalize_test_cryptography_wrapped(void *context); SECURITY_EXPORT int32_t finalize_test_cryptography_wrapped(void *context);
#endif /* SECURITY_CORE_TEST_CRYPTO_WRAPPER_H_ */ #endif /* SECURITY_CORE_TEST_CRYPTO_WRAPPER_H_ */