niklas/rcl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

security-context -> enclave (#612)

Browse source 
Signed-off-by: Mikael Arguedas <mikael.arguedas@gmail.com>
This commit is contained in:
Mikael Arguedas 2020-04-13 15:30:29 +02:00 committed by GitHub
parent 94b5a1d7d0
commit ccb4ec7a71
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
15 changed files with 162 additions and 161 deletions
Download patch file Download diff file Expand all files Collapse all files

2
rcl/CMakeLists.txt
View file

@ -58,7 +58,7 @@ set(${PROJECT_NAME}_sources
src/rcl/subscription.c
src/rcl/time.c
src/rcl/timer.c
src/rcl/validate_security_context_name.c
src/rcl/validate_enclave_name.c
src/rcl/validate_topic_name.c
src/rcl/wait.c
)

3
rcl/include/rcl/arguments.h
View file

@ -42,7 +42,8 @@ typedef struct rcl_arguments_t
#define RCL_PARAM_FILE_FLAG "--params-file"
#define RCL_REMAP_FLAG "--remap"
#define RCL_SHORT_REMAP_FLAG "-r"
#define RCL_SECURITY_CONTEXT_FLAG "--security-context"
#define RCL_ENCLAVE_FLAG "--enclave"
#define RCL_SHORT_ENCLAVE_FLAG "-e"
#define RCL_LOG_LEVEL_FLAG "--log-level"
#define RCL_EXTERNAL_LOG_CONFIG_FLAG "--log-config-file"
// To be prefixed with --enable- or --disable-

10
rcl/include/rcl/graph.h
View file

@ -441,9 +441,9 @@ rcl_get_node_names(
rcutils_string_array_t * node_names,
rcutils_string_array_t * node_namespaces);
/// Return a list of available nodes in the ROS graph, including their security context names.
/// Return a list of available nodes in the ROS graph, including their enclave names.
/**
* An \ref rcl_get_node_names equivalent, but including in its output the security context
* An \ref rcl_get_node_names equivalent, but including in its output the enclave
* name the node is using.
*
* <hr>
@ -459,7 +459,7 @@ rcl_get_node_names(
* \param[in] allocator used to control allocation and deallocation of names
* \param[out] node_names struct storing discovered node names
* \param[out] node_namesspaces struct storing discovered node namespaces
* \param[out] security_contexts struct storing discovered node security contexts
* \param[out] enclaves struct storing discovered node enclaves
* \return `RCL_RET_OK` if the query was successful, or
* \return `RCL_RET_BAD_ALLOC` if an error occurred while allocating memory, or
* \return `RCL_RET_ERROR` if an unspecified error occurs.
@ -467,12 +467,12 @@ rcl_get_node_names(
RCL_PUBLIC
RCL_WARN_UNUSED
rcl_ret_t
rcl_get_node_names_with_security_contexts(
rcl_get_node_names_with_enclaves(
const rcl_node_t * node,
rcl_allocator_t allocator,
rcutils_string_array_t * node_names,
rcutils_string_array_t * node_namespaces,
rcutils_string_array_t * security_contexts);
rcutils_string_array_t * enclaves);
/// Return the number of publishers on a given topic.
/**

6
rcl/include/rcl/security.h
View file

@ -92,9 +92,9 @@ RCL_PUBLIC
rcl_ret_t
rcl_get_enforcement_policy(rmw_security_enforcement_policy_t * policy);
/// Return the secure root given a security context name.
/// Return the secure root given a enclave name.
/**
* Return the security directory associated with the security context name.
* Return the security directory associated with the enclave name.
*
* The value of the environment variable `ROS_SECURITY_ROOT_DIRECTORY` is used as a root.
* The specific directory to be used, is found from that root using the `name` passed.
@ -104,7 +104,7 @@ rcl_get_enforcement_policy(rmw_security_enforcement_policy_t * policy);
* However, this expansion can be overridden by setting the secure directory override environment
* (`ROS_SECURITY_DIRECTORY_OVERRIDE`) variable, allowing users to explicitly specify the exact secure
* root directory to be utilized.
* Such an override is useful for applications where the security context is non-deterministic
* Such an override is useful for applications where the enclave is non-deterministic
* before runtime, or when testing and using additional tools that may not otherwise be easily
* provisioned.
*

50
rcl/include/rcl/validate_security_context_name.h → rcl/include/rcl/validate_enclave_name.h
View file

@ -12,8 +12,8 @@
// See the License for the specific language governing permissions and
// limitations under the License.
#ifndef RCL__VALIDATE_SECURITY_CONTEXT_NAME_H_
#define RCL__VALIDATE_SECURITY_CONTEXT_NAME_H_
#ifndef RCL__VALIDATE_ENCLAVE_NAME_H_
#define RCL__VALIDATE_ENCLAVE_NAME_H_
#ifdef __cplusplus
extern "C"
@ -27,27 +27,27 @@ extern "C"
#include "rcl/types.h"
#include "rcl/visibility_control.h"
#define RCL_SECURITY_CONTEXT_NAME_VALID RMW_NAMESPACE_VALID
#define RCL_SECURITY_CONTEXT_NAME_INVALID_IS_EMPTY_STRING RMW_NAMESPACE_INVALID_IS_EMPTY_STRING
#define RCL_SECURITY_CONTEXT_NAME_INVALID_NOT_ABSOLUTE RMW_NAMESPACE_INVALID_NOT_ABSOLUTE
#define RCL_SECURITY_CONTEXT_NAME_INVALID_ENDS_WITH_FORWARD_SLASH \
#define RCL_ENCLAVE_NAME_VALID RMW_NAMESPACE_VALID
#define RCL_ENCLAVE_NAME_INVALID_IS_EMPTY_STRING RMW_NAMESPACE_INVALID_IS_EMPTY_STRING
#define RCL_ENCLAVE_NAME_INVALID_NOT_ABSOLUTE RMW_NAMESPACE_INVALID_NOT_ABSOLUTE
#define RCL_ENCLAVE_NAME_INVALID_ENDS_WITH_FORWARD_SLASH \
RMW_NAMESPACE_INVALID_ENDS_WITH_FORWARD_SLASH
#define RCL_SECURITY_CONTEXT_NAME_INVALID_CONTAINS_UNALLOWED_CHARACTERS \
#define RCL_ENCLAVE_NAME_INVALID_CONTAINS_UNALLOWED_CHARACTERS \
RMW_NAMESPACE_INVALID_CONTAINS_UNALLOWED_CHARACTERS
#define RCL_SECURITY_CONTEXT_NAME_INVALID_CONTAINS_REPEATED_FORWARD_SLASH \
#define RCL_ENCLAVE_NAME_INVALID_CONTAINS_REPEATED_FORWARD_SLASH \
RMW_NAMESPACE_INVALID_CONTAINS_REPEATED_FORWARD_SLASH
#define RCL_SECURITY_CONTEXT_NAME_INVALID_NAME_TOKEN_STARTS_WITH_NUMBER \
#define RCL_ENCLAVE_NAME_INVALID_NAME_TOKEN_STARTS_WITH_NUMBER \
RMW_NAMESPACE_INVALID_NAME_TOKEN_STARTS_WITH_NUMBER
#define RCL_SECURITY_CONTEXT_NAME_INVALID_TOO_LONG RMW_NAMESPACE_INVALID_TOO_LONG
#define RCL_ENCLAVE_NAME_INVALID_TOO_LONG RMW_NAMESPACE_INVALID_TOO_LONG
#define RCL_SECURITY_CONTEXT_NAME_MAX_LENGTH RMW_NODE_NAME_MAX_NAME_LENGTH
#define RCL_ENCLAVE_NAME_MAX_LENGTH RMW_NODE_NAME_MAX_NAME_LENGTH
/// Determine if a given security context name is valid.
/// Determine if a given enclave name is valid.
/**
* The same rules as \ref rmw_validate_namespace are used.
* The only difference is in the maximum allowed length, which can be up to 255 characters.
*
* \param[in] security_context security_context to be validated
* \param[in] enclave enclave to be validated
* \param[out] validation_result int in which the result of the check is stored
* \param[out] invalid_index index of the input string where an error occurred
* \returns `RMW_RET_OK` on successfully running the check, or
@ -57,35 +57,35 @@ extern "C"
RCL_PUBLIC
RCL_WARN_UNUSED
rcl_ret_t
rcl_validate_security_context_name(
const char * security_context,
rcl_validate_enclave_name(
const char * enclave,
int * validation_result,
size_t * invalid_index);
/// Deterimine if a given security context name is valid.
/// Deterimine if a given enclave name is valid.
/**
* This is an overload of \ref rcl_validate_security_context_name with an extra parameter
* for the length of security_context.
* This is an overload of \ref rcl_validate_enclave_name with an extra parameter
* for the length of enclave.
*
* \param[in] security_context The number of characters in security_context.
* \param[in] enclave The number of characters in enclave.
*/
RCL_PUBLIC
RCL_WARN_UNUSED
rcl_ret_t
rcl_validate_security_context_name_with_size(
const char * security_context,
size_t security_context_length,
rcl_validate_enclave_name_with_size(
const char * enclave,
size_t enclave_length,
int * validation_result,
size_t * invalid_index);
/// Return a validation result description, or NULL if unknown or RCL_SECURITY_CONTEXT_NAME_VALID.
/// Return a validation result description, or NULL if unknown or RCL_ENCLAVE_NAME_VALID.
RCL_PUBLIC
RCL_WARN_UNUSED
const char *
rcl_security_context_name_validation_result_string(int validation_result);
rcl_enclave_name_validation_result_string(int validation_result);
#ifdef __cplusplus
}
#endif
#endif // RCL__VALIDATE_SECURITY_CONTEXT_NAME_H_
#endif // RCL__VALIDATE_ENCLAVE_NAME_H_

60
rcl/src/rcl/arguments.c
View file

@ -190,21 +190,21 @@ _rcl_parse_param_file(
rcl_params_t * params,
char ** param_file);
/// Parse a security context argument.
/// Parse an enclave argument.
/**
* \param[in] arg the argument to parse
* \param[in] allocator an allocator to use
* \param[in,out] security_context parsed security context
* \return RCL_RET_OK if a valid security context was parsed, or
* \param[in,out] enclave parsed security enclave
* \return RCL_RET_OK if a valid security enclave was parsed, or
* \return RCL_RET_BAD_ALLOC if an allocation failed, or
* \return RLC_RET_ERROR if an unspecified error occurred.
*/
RCL_LOCAL
rcl_ret_t
_rcl_parse_security_context(
_rcl_parse_enclave(
const char * arg,
rcl_allocator_t allocator,
char ** security_context);
char ** enclave);
#define RCL_ENABLE_FLAG_PREFIX "--enable-"
#define RCL_DISABLE_FLAG_PREFIX "--disable-"
@ -495,33 +495,33 @@ rcl_parse_arguments(
goto fail;
}
// Attempt to parse argument as a security context
if (strcmp(RCL_SECURITY_CONTEXT_FLAG, argv[i]) == 0) {
// Attempt to parse argument as a security enclave
if (strcmp(RCL_ENCLAVE_FLAG, argv[i]) == 0 || strcmp(RCL_SHORT_ENCLAVE_FLAG, argv[i]) == 0) {
if (i + 1 < argc) {
if (NULL != args_impl->security_context) {
if (NULL != args_impl->enclave) {
RCUTILS_LOG_DEBUG_NAMED(
ROS_PACKAGE_NAME, "Overriding security context name : %s\n",
args_impl->security_context);
allocator.deallocate(args_impl->security_context, allocator.state);
args_impl->security_context = NULL;
ROS_PACKAGE_NAME, "Overriding security enclave : %s\n",
args_impl->enclave);
allocator.deallocate(args_impl->enclave, allocator.state);
args_impl->enclave = NULL;
}
if (RCL_RET_OK == _rcl_parse_security_context(
argv[i + 1], allocator, &args_impl->security_context))
if (RCL_RET_OK == _rcl_parse_enclave(
argv[i + 1], allocator, &args_impl->enclave))
{
RCUTILS_LOG_DEBUG_NAMED(
ROS_PACKAGE_NAME, "Got security context : %s\n",
args_impl->security_context);
ROS_PACKAGE_NAME, "Got enclave: %s\n",
args_impl->enclave);
++i; // Skip flag here, for loop will skip value.
continue;
}
rcl_error_string_t prev_error_string = rcl_get_error_string();
rcl_reset_error();
RCL_SET_ERROR_MSG_WITH_FORMAT_STRING(
"Couldn't parse security context name: '%s %s'. Error: %s", argv[i], argv[i + 1],
"Couldn't parse enclave name: '%s %s'. Error: %s", argv[i], argv[i + 1],
prev_error_string.str);
} else {
RCL_SET_ERROR_MSG_WITH_FORMAT_STRING(
"Couldn't parse trailing %s flag. No security context path provided.", argv[i]);
"Couldn't parse trailing %s flag. No enclave path provided.", argv[i]);
}
ret = RCL_RET_INVALID_ROS_ARGS;
goto fail;
@ -920,16 +920,16 @@ rcl_arguments_copy(
}
}
}
char * security_context_copy = rcutils_strdup(args->impl->security_context, allocator);
if (args->impl->security_context && !security_context_copy) {
char * enclave_copy = rcutils_strdup(args->impl->enclave, allocator);
if (args->impl->enclave && !enclave_copy) {
if (RCL_RET_OK != rcl_arguments_fini(args_out)) {
RCL_SET_ERROR_MSG("Error while finalizing arguments due to another error");
} else {
RCL_SET_ERROR_MSG("Error while copying security context argument");
RCL_SET_ERROR_MSG("Error while copying enclave argument");
}
return RCL_RET_BAD_ALLOC;
}
args_out->impl->security_context = security_context_copy;
args_out->impl->enclave = enclave_copy;
return RCL_RET_OK;
}
@ -977,7 +977,7 @@ rcl_arguments_fini(
args->impl->num_param_files_args = 0;
args->impl->parameter_files = NULL;
}
args->impl->allocator.deallocate(args->impl->security_context, args->impl->allocator.state);
args->impl->allocator.deallocate(args->impl->enclave, args->impl->allocator.state);
if (NULL != args->impl->external_log_config_file) {
args->impl->allocator.deallocate(
@ -1807,17 +1807,17 @@ _rcl_parse_external_log_config_file(
}
rcl_ret_t
_rcl_parse_security_context(
_rcl_parse_enclave(
const char * arg,
rcl_allocator_t allocator,
char ** security_context)
char ** enclave)
{
RCL_CHECK_ARGUMENT_FOR_NULL(arg, RCL_RET_INVALID_ARGUMENT);
RCL_CHECK_ARGUMENT_FOR_NULL(security_context, RCL_RET_INVALID_ARGUMENT);
RCL_CHECK_ARGUMENT_FOR_NULL(enclave, RCL_RET_INVALID_ARGUMENT);
*security_context = rcutils_strdup(arg, allocator);
if (NULL == *security_context) {
RCL_SET_ERROR_MSG("Failed to allocate memory for security context name");
*enclave = rcutils_strdup(arg, allocator);
if (NULL == *enclave) {
RCL_SET_ERROR_MSG("Failed to allocate memory for enclave name");
return RCL_RET_BAD_ALLOC;
}
return RCL_RET_OK;
@ -1925,7 +1925,7 @@ _rcl_allocate_initialized_arguments_impl(rcl_arguments_t * args, rcl_allocator_t
args_impl->log_stdout_disabled = false;
args_impl->log_rosout_disabled = false;
args_impl->log_ext_lib_disabled = false;
args_impl->security_context = NULL;
args_impl->enclave = NULL;
args_impl->allocator = *allocator;
return RCL_RET_OK;

4
rcl/src/rcl/arguments_impl.h
View file

@ -61,8 +61,8 @@ typedef struct rcl_arguments_impl_t
/// A boolean value indicating if the external lib handler should be used for log output
bool log_ext_lib_disabled;
/// Security context to be used.
char * security_context;
/// Enclave to be used.
char * enclave;
/// Allocator used to allocate objects in this struct
rcl_allocator_t allocator;

18
rcl/src/rcl/graph.c
View file

@ -340,12 +340,12 @@ rcl_get_node_names(
}
rcl_ret_t
rcl_get_node_names_with_security_contexts(
rcl_get_node_names_with_enclaves(
const rcl_node_t * node,
rcl_allocator_t allocator,
rcutils_string_array_t * node_names,
rcutils_string_array_t * node_namespaces,
rcutils_string_array_t * security_contexts)
rcutils_string_array_t * enclaves)
{
if (!rcl_node_is_valid(node)) {
return RCL_RET_NODE_INVALID; // error already set
@ -368,21 +368,21 @@ rcl_get_node_names_with_security_contexts(
RCL_SET_ERROR_MSG("node_namespaces is not null");
return RCL_RET_INVALID_ARGUMENT;
}
RCL_CHECK_ARGUMENT_FOR_NULL(security_contexts, RCL_RET_INVALID_ARGUMENT);
if (security_contexts->size != 0) {
RCL_SET_ERROR_MSG("security_contexts size is not zero");
RCL_CHECK_ARGUMENT_FOR_NULL(enclaves, RCL_RET_INVALID_ARGUMENT);
if (enclaves->size != 0) {
RCL_SET_ERROR_MSG("enclaves size is not zero");
return RCL_RET_INVALID_ARGUMENT;
}
if (security_contexts->data) {
RCL_SET_ERROR_MSG("security_contexts is not null");
if (enclaves->data) {
RCL_SET_ERROR_MSG("enclaves is not null");
return RCL_RET_INVALID_ARGUMENT;
}
(void)allocator; // to be used in rmw_get_node_names in the future
rmw_ret_t rmw_ret = rmw_get_node_names_with_security_contexts(
rmw_ret_t rmw_ret = rmw_get_node_names_with_enclaves(
rcl_node_get_rmw_handle(node),
node_names,
node_namespaces,
security_contexts);
enclaves);
return rcl_convert_rmw_ret_to_rcl_ret(rmw_ret);
}

26
rcl/src/rcl/init.c
View file

@ -33,7 +33,7 @@ extern "C"
#include "rcl/localhost.h"
#include "rcl/logging.h"
#include "rcl/security.h"
#include "rcl/validate_security_context_name.h"
#include "rcl/validate_enclave_name.h"
#include "./arguments_impl.h"
#include "./common.h"
@ -174,35 +174,35 @@ rcl_init(
}
}
if (context->global_arguments.impl->security_context) {
context->impl->init_options.impl->rmw_init_options.security_context = rcutils_strdup(
context->global_arguments.impl->security_context,
if (context->global_arguments.impl->enclave) {
context->impl->init_options.impl->rmw_init_options.enclave = rcutils_strdup(
context->global_arguments.impl->enclave,
context->impl->allocator);
} else {
context->impl->init_options.impl->rmw_init_options.security_context = rcutils_strdup(
context->impl->init_options.impl->rmw_init_options.enclave = rcutils_strdup(
"/", context->impl->allocator);
}
int validation_result;
size_t invalid_index;
ret = rcl_validate_security_context_name(
context->impl->init_options.impl->rmw_init_options.security_context,
ret = rcl_validate_enclave_name(
context->impl->init_options.impl->rmw_init_options.enclave,
&validation_result,
&invalid_index);
if (RCL_RET_OK != ret) {
RCL_SET_ERROR_MSG("rcl_validate_security_context_name() failed");
RCL_SET_ERROR_MSG("rcl_validate_enclave_name() failed");
fail_ret = ret;
goto fail;
}
if (RCL_SECURITY_CONTEXT_NAME_VALID != validation_result) {
if (RCL_ENCLAVE_NAME_VALID != validation_result) {
RCL_SET_ERROR_MSG_WITH_FORMAT_STRING(
"Security context name is not valid: '%s'. Invalid index: %zu",
rcl_security_context_name_validation_result_string(validation_result),
"Enclave name is not valid: '%s'. Invalid index: %zu",
rcl_enclave_name_validation_result_string(validation_result),
invalid_index);
fail_ret = RMW_RET_ERROR;
goto fail;
}
if (!context->impl->init_options.impl->rmw_init_options.security_context) {
if (!context->impl->init_options.impl->rmw_init_options.enclave) {
RCL_SET_ERROR_MSG("failed to set context name");
fail_ret = RMW_RET_BAD_ALLOC;
goto fail;
@ -211,7 +211,7 @@ rcl_init(
rmw_security_options_t * security_options =
&context->impl->init_options.impl->rmw_init_options.security_options;
ret = rcl_get_security_options_from_environment(
context->impl->init_options.impl->rmw_init_options.security_context,
context->impl->init_options.impl->rmw_init_options.enclave,
&context->impl->allocator,
security_options);
if (RMW_RET_OK != ret) {

12
rcl/src/rcl/security.c
View file

@ -109,21 +109,21 @@ char * exact_match_lookup(
const char * ros_secure_root_env,
const rcl_allocator_t * allocator)
{
// Perform an exact match for the context name in directory <root dir>.
// Perform an exact match for the enclave name in directory <root dir>.
char * secure_root = NULL;
char * contexts_dir = NULL;
contexts_dir = rcutils_join_path(ros_secure_root_env, "contexts", *allocator);
char * enclaves_dir = NULL;
enclaves_dir = rcutils_join_path(ros_secure_root_env, "enclaves", *allocator);
// "/" case when root namespace is explicitly passed in
if (0 == strcmp(name, "/")) {
secure_root = contexts_dir;
secure_root = enclaves_dir;
} else {
char * relative_path = NULL;
// Get native path, ignore the leading forward slash
// TODO(ros2team): remove the hard-coded length, use the length of the root namespace instead
relative_path = rcutils_to_native_path(name + 1, *allocator);
secure_root = rcutils_join_path(contexts_dir, relative_path, *allocator);
secure_root = rcutils_join_path(enclaves_dir, relative_path, *allocator);
allocator->deallocate(relative_path, allocator->state);
allocator->deallocate(contexts_dir, allocator->state);
allocator->deallocate(enclaves_dir, allocator->state);
}
return secure_root;
}

70
rcl/src/rcl/validate_security_context_name.c → rcl/src/rcl/validate_enclave_name.c
View file

@ -12,7 +12,7 @@
// See the License for the specific language governing permissions and
// limitations under the License.
#include "rcl/validate_security_context_name.h"
#include "rcl/validate_enclave_name.h"
#include <ctype.h>
#include <stdio.h>
@ -27,26 +27,26 @@
#include "./common.h"
rcl_ret_t
rcl_validate_security_context_name(
const char * security_context,
rcl_validate_enclave_name(
const char * enclave,
int * validation_result,
size_t * invalid_index)
{
if (!security_context) {
if (!enclave) {
return RCL_RET_INVALID_ARGUMENT;
}
return rcl_validate_security_context_name_with_size(
security_context, strlen(security_context), validation_result, invalid_index);
return rcl_validate_enclave_name_with_size(
enclave, strlen(enclave), validation_result, invalid_index);
}
rcl_ret_t
rcl_validate_security_context_name_with_size(
const char * security_context,
size_t security_context_length,
rcl_validate_enclave_name_with_size(
const char * enclave,
size_t enclave_length,
int * validation_result,
size_t * invalid_index)
{
if (!security_context) {
if (!enclave) {
return RCL_RET_INVALID_ARGUMENT;
}
if (!validation_result) {
@ -56,7 +56,7 @@ rcl_validate_security_context_name_with_size(
int tmp_validation_result;
size_t tmp_invalid_index;
rmw_ret_t ret = rmw_validate_namespace_with_size(
security_context, security_context_length, &tmp_validation_result, &tmp_invalid_index);
enclave, enclave_length, &tmp_validation_result, &tmp_invalid_index);
if (ret != RMW_RET_OK) {
return rcl_convert_rmw_ret_to_rcl_ret(ret);
}
@ -66,22 +66,22 @@ rcl_validate_security_context_name_with_size(
{
switch (tmp_validation_result) {
case RMW_NAMESPACE_INVALID_IS_EMPTY_STRING:
*validation_result = RCL_SECURITY_CONTEXT_NAME_INVALID_IS_EMPTY_STRING;
*validation_result = RCL_ENCLAVE_NAME_INVALID_IS_EMPTY_STRING;
break;
case RMW_NAMESPACE_INVALID_NOT_ABSOLUTE:
*validation_result = RCL_SECURITY_CONTEXT_NAME_INVALID_NOT_ABSOLUTE;
*validation_result = RCL_ENCLAVE_NAME_INVALID_NOT_ABSOLUTE;
break;
case RMW_NAMESPACE_INVALID_ENDS_WITH_FORWARD_SLASH:
*validation_result = RCL_SECURITY_CONTEXT_NAME_INVALID_ENDS_WITH_FORWARD_SLASH;
*validation_result = RCL_ENCLAVE_NAME_INVALID_ENDS_WITH_FORWARD_SLASH;
break;
case RMW_NAMESPACE_INVALID_CONTAINS_UNALLOWED_CHARACTERS:
*validation_result = RCL_SECURITY_CONTEXT_NAME_INVALID_CONTAINS_UNALLOWED_CHARACTERS;
*validation_result = RCL_ENCLAVE_NAME_INVALID_CONTAINS_UNALLOWED_CHARACTERS;
break;
case RMW_NAMESPACE_INVALID_CONTAINS_REPEATED_FORWARD_SLASH:
*validation_result = RCL_SECURITY_CONTEXT_NAME_INVALID_CONTAINS_REPEATED_FORWARD_SLASH;
*validation_result = RCL_ENCLAVE_NAME_INVALID_CONTAINS_REPEATED_FORWARD_SLASH;
break;
case RMW_NAMESPACE_INVALID_NAME_TOKEN_STARTS_WITH_NUMBER:
*validation_result = RCL_SECURITY_CONTEXT_NAME_INVALID_NAME_TOKEN_STARTS_WITH_NUMBER;
*validation_result = RCL_ENCLAVE_NAME_INVALID_NAME_TOKEN_STARTS_WITH_NUMBER;
break;
default:
{
@ -89,12 +89,12 @@ rcl_validate_security_context_name_with_size(
// explicitly not taking return value which is number of bytes written
int ret = rcutils_snprintf(
default_err_msg, sizeof(default_err_msg),
"rcl_validate_security_context_name_with_size(): "
"rcl_validate_enclave_name_with_size(): "
"unknown rmw_validate_namespace_with_size() result '%d'",
tmp_validation_result);
if (ret < 0) {
RCL_SET_ERROR_MSG(
"rcl_validate_security_context_name_with_size(): "
"rcl_validate_enclave_name_with_size(): "
"rcutils_snprintf() failed while reporting an unknown validation result");
} else {
RCL_SET_ERROR_MSG(default_err_msg);
@ -108,45 +108,45 @@ rcl_validate_security_context_name_with_size(
return RCL_RET_OK;
}
// security_context might be longer that namespace length, check false positives and correct
// enclave might be longer that namespace length, check false positives and correct
if (RMW_NAMESPACE_INVALID_TOO_LONG == tmp_validation_result) {
if (RCL_SECURITY_CONTEXT_NAME_MAX_LENGTH >= security_context_length) {
*validation_result = RCL_SECURITY_CONTEXT_NAME_VALID;
if (RCL_ENCLAVE_NAME_MAX_LENGTH >= enclave_length) {
*validation_result = RCL_ENCLAVE_NAME_VALID;
} else {
*validation_result = RCL_SECURITY_CONTEXT_NAME_INVALID_TOO_LONG;
*validation_result = RCL_ENCLAVE_NAME_INVALID_TOO_LONG;
if (invalid_index) {
*invalid_index = RCL_SECURITY_CONTEXT_NAME_MAX_LENGTH - 1;
*invalid_index = RCL_ENCLAVE_NAME_MAX_LENGTH - 1;
}
}
return RCL_RET_OK;
}
// everything was ok, set result to valid namespace, avoid setting invalid_index, and return
*validation_result = RCL_SECURITY_CONTEXT_NAME_VALID;
*validation_result = RCL_ENCLAVE_NAME_VALID;
return RCL_RET_OK;
}
const char *
rcl_security_context_name_validation_result_string(int validation_result)
rcl_enclave_name_validation_result_string(int validation_result)
{
switch (validation_result) {
case RCL_SECURITY_CONTEXT_NAME_VALID:
case RCL_ENCLAVE_NAME_VALID:
return NULL;
case RCL_SECURITY_CONTEXT_NAME_INVALID_IS_EMPTY_STRING:
case RCL_ENCLAVE_NAME_INVALID_IS_EMPTY_STRING:
return "context name must not be empty";
case RCL_SECURITY_CONTEXT_NAME_INVALID_NOT_ABSOLUTE:
case RCL_ENCLAVE_NAME_INVALID_NOT_ABSOLUTE:
return "context name must be absolute, it must lead with a '/'";
case RCL_SECURITY_CONTEXT_NAME_INVALID_ENDS_WITH_FORWARD_SLASH:
case RCL_ENCLAVE_NAME_INVALID_ENDS_WITH_FORWARD_SLASH:
return "context name must not end with a '/', unless only a '/'";
case RCL_SECURITY_CONTEXT_NAME_INVALID_CONTAINS_UNALLOWED_CHARACTERS:
case RCL_ENCLAVE_NAME_INVALID_CONTAINS_UNALLOWED_CHARACTERS:
return "context name must not contain characters other than alphanumerics, '_', or '/'";
case RCL_SECURITY_CONTEXT_NAME_INVALID_CONTAINS_REPEATED_FORWARD_SLASH:
case RCL_ENCLAVE_NAME_INVALID_CONTAINS_REPEATED_FORWARD_SLASH:
return "context name must not contain repeated '/'";
case RCL_SECURITY_CONTEXT_NAME_INVALID_NAME_TOKEN_STARTS_WITH_NUMBER:
case RCL_ENCLAVE_NAME_INVALID_NAME_TOKEN_STARTS_WITH_NUMBER:
return "context name must not have a token that starts with a number";
case RCL_SECURITY_CONTEXT_NAME_INVALID_TOO_LONG:
case RCL_ENCLAVE_NAME_INVALID_TOO_LONG:
return "context name should not exceed '"
RCUTILS_STRINGIFY(RCL_SECURITY_CONTEXT_NAME_MAX_NAME_LENGTH) "'";
RCUTILS_STRINGIFY(RCL_ENCLAVE_NAME_MAX_NAME_LENGTH) "'";
default:
return "unknown result code for rcl context name validation";
}

24
rcl/test/rcl/test_get_node_names.cpp
View file

@ -165,7 +165,7 @@ TEST_F(CLASSNAME(TestGetNodeNames, RMW_IMPLEMENTATION), test_rcl_get_node_names)
}
TEST_F(
CLASSNAME(TestGetNodeNames, RMW_IMPLEMENTATION), test_rcl_get_node_names_with_security_contexts)
CLASSNAME(TestGetNodeNames, RMW_IMPLEMENTATION), test_rcl_get_node_names_with_enclave)
{
rcl_ret_t ret;
rcl_init_options_t init_options = rcl_get_zero_initialized_init_options();
@ -176,8 +176,8 @@ TEST_F(
EXPECT_EQ(RCL_RET_OK, rcl_init_options_fini(&init_options)) << rcl_get_error_string().str;
});
rcl_context_t context = rcl_get_zero_initialized_context();
const char * security_context_name = "/default";
const char * argv[] = {"--ros-args", "--security-context", security_context_name};
const char * enclave_name = "/enclave";
const char * argv[] = {"--ros-args", "--enclave", enclave_name};
ret = rcl_init(3, argv, &init_options, &context);
ASSERT_EQ(RCL_RET_OK, ret) << rcl_get_error_string().str;
OSRF_TESTING_TOOLS_CPP_SCOPE_EXIT(
@ -198,7 +198,7 @@ TEST_F(
std::make_tuple(
std::string(node1_name),
std::string(node1_namespace),
std::string(security_context_name)));
std::string(enclave_name)));
rcl_node_t node2 = rcl_get_zero_initialized_node();
const char * node2_name = "node2";
@ -210,7 +210,7 @@ TEST_F(
std::make_tuple(
std::string(node2_name),
std::string(node2_namespace),
std::string(security_context_name)));
std::string(enclave_name)));
rcl_node_t node3 = rcl_get_zero_initialized_node();
const char * node3_name = "node3";
@ -222,7 +222,7 @@ TEST_F(
std::make_tuple(
std::string(node3_name),
std::string(node3_namespace),
std::string(security_context_name)));
std::string(enclave_name)));
rcl_node_t node4 = rcl_get_zero_initialized_node();
const char * node4_name = "node2";
@ -234,7 +234,7 @@ TEST_F(
std::make_tuple(
std::string(node4_name),
std::string(node4_namespace),
std::string(security_context_name)));
std::string(enclave_name)));
rcl_node_t node5 = rcl_get_zero_initialized_node();
const char * node5_name = "node1";
@ -246,15 +246,15 @@ TEST_F(
std::make_tuple(
std::string(node5_name),
std::string(node5_namespace),
std::string(security_context_name)));
std::string(enclave_name)));
std::this_thread::sleep_for(1s);
rcutils_string_array_t node_names = rcutils_get_zero_initialized_string_array();
rcutils_string_array_t node_namespaces = rcutils_get_zero_initialized_string_array();
rcutils_string_array_t security_contexts = rcutils_get_zero_initialized_string_array();
ret = rcl_get_node_names_with_security_contexts(
&node1, node1_options.allocator, &node_names, &node_namespaces, &security_contexts);
rcutils_string_array_t enclaves = rcutils_get_zero_initialized_string_array();
ret = rcl_get_node_names_with_enclaves(
&node1, node1_options.allocator, &node_names, &node_namespaces, &enclaves);
ASSERT_EQ(RCUTILS_RET_OK, ret) << rcl_get_error_string().str;
std::stringstream ss;
@ -269,7 +269,7 @@ TEST_F(
std::make_tuple(
std::string(node_names.data[i]),
std::string(node_namespaces.data[i]),
std::string(security_contexts.data[i])));
std::string(enclaves.data[i])));
}
EXPECT_EQ(discovered_nodes, expected_nodes);

38
rcl/test/rcl/test_security.cpp
View file

@ -29,8 +29,8 @@
#define TEST_SECURITY_DIRECTORY_RESOURCES_DIR_NAME "/test_security_directory"
#define TEST_SECURITY_CONTEXT "dummy_security_context"
#define TEST_SECURITY_CONTEXT_ABSOLUTE "/" TEST_SECURITY_CONTEXT
#define TEST_ENCLAVE "dummy_enclave"
#define TEST_ENCLAVE_ABSOLUTE "/" TEST_ENCLAVE
#ifndef _WIN32
# define PATH_SEPARATOR "/"
@ -38,8 +38,8 @@
# define PATH_SEPARATOR "\\"
#endif
#define TEST_SECURITY_CONTEXT_MULTIPLE_TOKENS \
"/group1" PATH_SEPARATOR TEST_SECURITY_CONTEXT
#define TEST_ENCLAVE_MULTIPLE_TOKENS \
"/group1" PATH_SEPARATOR TEST_ENCLAVE
char g_envstring[512] = {0};
@ -120,21 +120,21 @@ protected:
TEST_F(TestGetSecureRoot, failureScenarios) {
EXPECT_EQ(
rcl_get_secure_root(TEST_SECURITY_CONTEXT_ABSOLUTE, &allocator),
rcl_get_secure_root(TEST_ENCLAVE_ABSOLUTE, &allocator),
(char *) NULL);
rcl_reset_error();
putenv_wrapper(ROS_SECURITY_ROOT_DIRECTORY_VAR_NAME "=" TEST_RESOURCES_DIRECTORY);
/* Security directory is set, but there's no matching directory */
/// Wrong security context
/// Wrong enclave
EXPECT_EQ(
rcl_get_secure_root("some_other_security_context", &allocator),
rcl_get_secure_root("some_other_enclave", &allocator),
(char *) NULL);
rcl_reset_error();
}
TEST_F(TestGetSecureRoot, successScenarios_local_root_security_context) {
TEST_F(TestGetSecureRoot, successScenarios_local_root_enclave) {
putenv_wrapper(
ROS_SECURITY_ROOT_DIRECTORY_VAR_NAME "="
TEST_RESOURCES_DIRECTORY TEST_SECURITY_DIRECTORY_RESOURCES_DIR_NAME);
@ -142,7 +142,7 @@ TEST_F(TestGetSecureRoot, successScenarios_local_root_security_context) {
secure_root = rcl_get_secure_root("/", &allocator);
ASSERT_NE(nullptr, secure_root);
ASSERT_STREQ(
TEST_RESOURCES_DIRECTORY TEST_SECURITY_DIRECTORY_RESOURCES_DIR_NAME PATH_SEPARATOR "contexts",
TEST_RESOURCES_DIRECTORY TEST_SECURITY_DIRECTORY_RESOURCES_DIR_NAME PATH_SEPARATOR "enclaves",
secure_root);
}
@ -151,12 +151,12 @@ TEST_F(TestGetSecureRoot, successScenarios_local_exactMatch) {
ROS_SECURITY_ROOT_DIRECTORY_VAR_NAME "="
TEST_RESOURCES_DIRECTORY TEST_SECURITY_DIRECTORY_RESOURCES_DIR_NAME);
secure_root = rcl_get_secure_root(TEST_SECURITY_CONTEXT_ABSOLUTE, &allocator);
secure_root = rcl_get_secure_root(TEST_ENCLAVE_ABSOLUTE, &allocator);
ASSERT_NE(nullptr, secure_root);
std::string secure_root_str(secure_root);
ASSERT_STREQ(
TEST_SECURITY_CONTEXT,
secure_root_str.substr(secure_root_str.size() - strlen(TEST_SECURITY_CONTEXT)).c_str());
TEST_ENCLAVE,
secure_root_str.substr(secure_root_str.size() - strlen(TEST_ENCLAVE)).c_str());
}
TEST_F(TestGetSecureRoot, successScenarios_local_exactMatch_multipleTokensName) {
@ -165,12 +165,12 @@ TEST_F(TestGetSecureRoot, successScenarios_local_exactMatch_multipleTokensName)
TEST_RESOURCES_DIRECTORY TEST_SECURITY_DIRECTORY_RESOURCES_DIR_NAME);
secure_root = rcl_get_secure_root(
TEST_SECURITY_CONTEXT_MULTIPLE_TOKENS, &allocator);
TEST_ENCLAVE_MULTIPLE_TOKENS, &allocator);
ASSERT_NE(nullptr, secure_root);
std::string secure_root_str(secure_root);
ASSERT_STREQ(
TEST_SECURITY_CONTEXT,
secure_root_str.substr(secure_root_str.size() - strlen(TEST_SECURITY_CONTEXT)).c_str());
TEST_ENCLAVE,
secure_root_str.substr(secure_root_str.size() - strlen(TEST_ENCLAVE)).c_str());
}
TEST_F(TestGetSecureRoot, nodeSecurityDirectoryOverride_validDirectory) {
@ -198,12 +198,12 @@ TEST_F(TestGetSecureRoot, nodeSecurityDirectoryOverride_invalidDirectory) {
ROS_SECURITY_DIRECTORY_OVERRIDE
"=TheresN_oWayThi_sDirectory_Exists_hence_this_should_fail");
EXPECT_EQ(
rcl_get_secure_root(TEST_SECURITY_CONTEXT_ABSOLUTE, &allocator),
rcl_get_secure_root(TEST_ENCLAVE_ABSOLUTE, &allocator),
(char *) NULL);
}
TEST_F(TestGetSecureRoot, test_get_security_options) {
/* The override provided should exist. Providing correct security context name/root dir
/* The override provided should exist. Providing correct enclave name/root dir
* won't help if the node override is invalid. */
rmw_security_options_t options = rmw_get_zero_initialized_security_options();
putenv_wrapper(ROS_SECURITY_ENABLE_VAR_NAME "=false");
@ -231,11 +231,11 @@ TEST_F(TestGetSecureRoot, test_get_security_options) {
ROS_SECURITY_ROOT_DIRECTORY_VAR_NAME "="
TEST_RESOURCES_DIRECTORY TEST_SECURITY_DIRECTORY_RESOURCES_DIR_NAME);
ret = rcl_get_security_options_from_environment(
TEST_SECURITY_CONTEXT_ABSOLUTE, &allocator, &options);
TEST_ENCLAVE_ABSOLUTE, &allocator, &options);
ASSERT_EQ(RMW_RET_OK, ret) << rmw_get_error_string().str;
EXPECT_EQ(RMW_SECURITY_ENFORCEMENT_ENFORCE, options.enforce_security);
EXPECT_STREQ(
TEST_RESOURCES_DIRECTORY TEST_SECURITY_DIRECTORY_RESOURCES_DIR_NAME
PATH_SEPARATOR "contexts" PATH_SEPARATOR TEST_SECURITY_CONTEXT,
PATH_SEPARATOR "enclaves" PATH_SEPARATOR TEST_ENCLAVE,
options.security_root_path);
}

0
rcl/test/resources/test_security_directory/contexts/dummy_security_context/.gitkeep → rcl/test/resources/test_security_directory/enclaves/dummy_enclave/.gitkeep
View file

0
rcl/test/resources/test_security_directory/contexts/group1/dummy_security_context/.gitkeep → rcl/test/resources/test_security_directory/enclaves/group1/dummy_enclave/.gitkeep
View file