Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Switch to one Participant per Context #515

Merged
merged 30 commits into from
Apr 3, 2020
Merged
Changes from 1 commit
Commits
Show all changes
30 commits
Select commit Hold shift + click to select a range
31d3acc
Rename security_directory.* to security.*
ivanpauno Jan 31, 2020
f9aa67e
Switch to one participant per context
ivanpauno Oct 10, 2019
7009480
Add context name and namespace, allow configuring security directory …
ivanpauno Jan 24, 2020
d160c8d
Only destroy security options when they were created
ivanpauno Jan 31, 2020
d8cd5d5
Avoid mentioning node in security.*
ivanpauno Jan 31, 2020
9c5d594
Fix test_info_by_topic
ivanpauno Feb 4, 2020
61acc14
Add const where possible
ivanpauno Feb 4, 2020
859929c
Please linters
ivanpauno Feb 5, 2020
48864b8
Address peer review comments
ivanpauno Feb 17, 2020
deb4f94
Support overriding the security directory
ivanpauno Feb 18, 2020
08653d0
Rename test_security_directory to test_security
ivanpauno Feb 18, 2020
9134305
Reenable tests for security directory override
ivanpauno Feb 18, 2020
b4fe23a
Add test case for 'rcl_get_security_options_from_environment'
ivanpauno Feb 18, 2020
f7d9406
Delete unused local variable
ivanpauno Feb 27, 2020
717c444
Address peer review comments
ivanpauno Feb 28, 2020
ea4575f
Latest update after discussion about supporting sros2
ivanpauno Mar 12, 2020
4e48a4d
Delete namespace from security root path functions. Delete security d…
ivanpauno Mar 13, 2020
8680864
Delete unused headers
ivanpauno Mar 13, 2020
0fe8a0b
Correct rebasing error
ivanpauno Mar 13, 2020
c4807ba
Correct error in comment
ivanpauno Mar 16, 2020
7f1b51e
Naming: replace context_name with security_context
ivanpauno Mar 17, 2020
eb2e187
Addrees peer review comments
ivanpauno Mar 20, 2020
daad168
Please linters
ivanpauno Mar 20, 2020
50035e3
Replace RCL_CONTEXT_NAME_* with RCL_SECURITY_CONTEXT_NAME_*
ivanpauno Mar 20, 2020
b4d4738
* Use security_context instead of context_name everywhere
ivanpauno Mar 23, 2020
4c239f6
Please linters
ivanpauno Mar 23, 2020
86da265
Address peer review comments
ivanpauno Mar 26, 2020
46322dc
Address more reviewers' comments
ivanpauno Mar 26, 2020
000e2e3
Address reviewer comment
ivanpauno Mar 26, 2020
77aad14
Address peer review comments
ivanpauno Mar 30, 2020
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Delete namespace from security root path functions. Delete security d…
…irectory prefix lookup strategy. Add context name validation

Signed-off-by: Ivan Santiago Paunovic <[email protected]>
ivanpauno committed Mar 27, 2020
commit 4e48a4dadecf6d8a1d0db8b91c19e9e9f341dd8e
1 change: 1 addition & 0 deletions rcl/CMakeLists.txt
Original file line number Diff line number Diff line change
@@ -59,6 +59,7 @@ set(${PROJECT_NAME}_sources
src/rcl/subscription.c
src/rcl/time.c
src/rcl/timer.c
src/rcl/validate_context_name.c
src/rcl/validate_topic_name.c
src/rcl/wait.c
)
31 changes: 8 additions & 23 deletions rcl/include/rcl/security.h
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright 2018 Open Source Robotics Foundation, Inc.
// Copyright 2018-2020 Open Source Robotics Foundation, Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -35,10 +35,6 @@ extern "C"
# define ROS_SECURITY_ROOT_DIRECTORY_VAR_NAME "ROS_SECURITY_ROOT_DIRECTORY"
#endif

#ifndef ROS_SECURITY_LOOKUP_TYPE_VAR_NAME
# define ROS_SECURITY_LOOKUP_TYPE_VAR_NAME "ROS_SECURITY_LOOKUP_TYPE"
#endif

#ifndef ROS_SECURITY_STRATEGY_VAR_NAME
# define ROS_SECURITY_STRATEGY_VAR_NAME "ROS_SECURITY_STRATEGY"
#endif
@@ -56,7 +52,6 @@ extern "C"
* \sa rcl_get_secure_root
*
* \param[in] name name used to find the securiy root path.
* \param[in] namespace_ namespace_ used to find the security root path.
* \param[in] allocator used to do allocations.
* \param[out] security_options security options that will be configured according to
* the environment.
@@ -65,7 +60,6 @@ RCL_PUBLIC
rcl_ret_t
rcl_get_security_options_from_environment(
const char * name,
const char * namespace_,
const rcutils_allocator_t * allocator,
rmw_security_options_t * security_options);

@@ -98,38 +92,29 @@ RCL_PUBLIC
rcl_ret_t
rcl_get_enforcement_policy(rmw_security_enforcement_policy_t * policy);

/// Return the secure root given a name and namespace.
/// Return the secure root given a context name.
/**
* The returned security directory is associated with the node or context depending on the
* rmw implementation.
* Return the security directory associated with the context name.
*
* The value of the environment variable `ROS_SECURITY_ROOT_DIRECTORY` is used as a root.
* The specific directory to be used, is found from that root using the `name` and `namespace_`
* passed.
* E.g. for a node/context named "c" in namespace "/a/b" root "/r", the secure root path will be
* The specific directory to be used, is found from that root using the `name` passed.
* E.g. for a context named "a/b/c" and root "/r", the secure root path will be
* "/r/a/b/c", where the delimiter "/" is native for target file system (e.g. "\\" for _WIN32).
*
* If `ROS_SECURITY_LOOKUP_TYPE_VAR_NAME` is set to `MATCH_PREFIX`, when no exact match is found for
* the node/context name, a best match would be used instead
* (by performing longest-prefix matching).
*
* However, this expansion can be overridden by setting the secure directory override environment
* (`ROS_SECURITY_DIRECTORY_OVERRIDE`) variable, allowing users to explicitly specify the exact secure
* root directory to be utilized.
* Such an override is useful for where the FQN of a node/context is non-deterministic before runtime,
* Such an override is useful for where the context name is non-deterministic before runtime,
* or when testing and using additional tools that may not otherwise be easily provisioned.
*
* \param[in] name validated name (a single token)
* \param[in] namespace_ validated, absolute namespace (starting with "/")
* \param[in] allocator the allocator to use for allocation
* \returns Machine specific (absolute) secure root path or NULL on failure.
* Returned pointer must be deallocated by the caller of this function
*/
RCL_PUBLIC
char * rcl_get_secure_root(
const char * name,
const char * namespace_,
const rcl_allocator_t * allocator);
char *
rcl_get_secure_root(const char * name, const rcl_allocator_t * allocator);

#ifdef __cplusplus
}
91 changes: 91 additions & 0 deletions rcl/include/rcl/validate_context_name.h
Original file line number Diff line number Diff line change
@@ -0,0 +1,91 @@
// Copyright 2020 Open Source Robotics Foundation, Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

#ifndef RCL__VALIDATE_CONTEXT_NAME_H_
#define RCL__VALIDATE_CONTEXT_NAME_H_

#ifdef __cplusplus
extern "C"
{
#endif

#include "rmw/validate_namespace.h"
#include "rmw/validate_node_name.h"

#include "rcl/macros.h"
#include "rcl/types.h"
#include "rcl/visibility_control.h"

#define RCL_CONTEXT_NAME_VALID RMW_NAMESPACE_VALID
#define RCL_CONTEXT_NAME_INVALID_IS_EMPTY_STRING RMW_NAMESPACE_INVALID_IS_EMPTY_STRING
#define RCL_CONTEXT_NAME_INVALID_NOT_ABSOLUTE RMW_NAMESPACE_INVALID_NOT_ABSOLUTE
#define RCL_CONTEXT_NAME_INVALID_ENDS_WITH_FORWARD_SLASH \
RMW_NAMESPACE_INVALID_ENDS_WITH_FORWARD_SLASH
#define RCL_CONTEXT_NAME_INVALID_CONTAINS_UNALLOWED_CHARACTERS \
RMW_NAMESPACE_INVALID_CONTAINS_UNALLOWED_CHARACTERS
#define RCL_CONTEXT_NAME_INVALID_CONTAINS_REPEATED_FORWARD_SLASH \
RMW_NAMESPACE_INVALID_CONTAINS_REPEATED_FORWARD_SLASH
#define RCL_CONTEXT_NAME_INVALID_NAME_TOKEN_STARTS_WITH_NUMBER \
RMW_NAMESPACE_INVALID_NAME_TOKEN_STARTS_WITH_NUMBER
#define RCL_CONTEXT_NAME_INVALID_TOO_LONG RMW_NAMESPACE_INVALID_TOO_LONG

#define RCL_CONTEXT_NAME_MAX_LENGTH RMW_NODE_NAME_MAX_NAME_LENGTH

/// Determine if a given context name is valid.
/**
* /sa The same rules as rmw_validate_namespace are used.
* The only difference is the maximum length, which can be 255 characters.
*
* \param[in] context_name context_name to be validated
* \param[out] validation_result int in which the result of the check is stored
* \param[out] invalid_index index of the input string where an error occurred
* \returns `RMW_RET_OK` on successfully running the check, or
* \returns `RMW_RET_INVALID_ARGUMENT` on invalid parameters, or
* \returns `RMW_RET_ERROR` when an unspecified error occurs.
*/
RCL_PUBLIC
RCL_WARN_UNUSED
rcl_ret_t
rcl_validate_context_name(
const char * context_name,
int * validation_result,
size_t * invalid_index);

/// Deterimine if a given context name is valid.
/**
* This is an overload with an extra parameter for the length of context_name.
* \param[in] context_name The number of characters in context_name.
*
* \sa rcl_validate_context_name(const char *, int *, size_t *)
*/
RCL_PUBLIC
RCL_WARN_UNUSED
rcl_ret_t
rcl_validate_context_name_with_size(
const char * context_name,
size_t context_name_length,
int * validation_result,
size_t * invalid_index);

/// Return a validation result description, or NULL if unknown or RCL_CONTEXT_NAME_VALID.
RCL_PUBLIC
RCL_WARN_UNUSED
const char *
rcl_context_name_validation_result_string(int validation_result);

#ifdef __cplusplus
}
#endif

#endif // RCL__VALIDATE_CONTEXT_NAME_H_
22 changes: 21 additions & 1 deletion rcl/src/rcl/init.c
Original file line number Diff line number Diff line change
@@ -34,6 +34,7 @@ extern "C"
#include "rcl/localhost.h"
#include "rcl/logging.h"
#include "rcl/security.h"
#include "rcl/validate_context_name.h"

#include "./arguments_impl.h"
#include "./common.h"
@@ -182,6 +183,26 @@ rcl_init(
context->impl->init_options.impl->rmw_init_options.name = rcutils_strdup(
"/", context->impl->allocator);
}
int validation_result;
size_t invalid_index;
ret = rcl_validate_context_name(
context->impl->init_options.impl->rmw_init_options.name,
&validation_result,
&invalid_index);
if (RCL_RET_OK != ret) {
RCL_SET_ERROR_MSG("rcl_validate_context_name() failed");
fail_ret = ret;
goto fail;
}
if (RCL_CONTEXT_NAME_VALID != validation_result) {
RCL_SET_ERROR_MSG_WITH_FORMAT_STRING(
"rcl_validate_context_name result is not valid: '%s'. Invalid index: %zu",
rcl_context_name_validation_result_string(validation_result),
invalid_index);
fail_ret = RMW_RET_ERROR;
goto fail;
}

if (!context->impl->init_options.impl->rmw_init_options.name) {
RCL_SET_ERROR_MSG("failed to set context name");
fail_ret = RMW_RET_BAD_ALLOC;
@@ -191,7 +212,6 @@ rcl_init(
rmw_security_options_t * security_options =
&context->impl->init_options.impl->rmw_init_options.security_options;
ret = rcl_get_security_options_from_environment(
"",
context->impl->init_options.impl->rmw_init_options.name,
&context->impl->allocator,
security_options);
Loading