Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update security environment variables #617

Merged
merged 13 commits into from
Apr 16, 2020
Prev Previous commit
Next Next commit
Store security env values with separate variables
Signed-off-by: ruffsl <[email protected]>
ruffsl committed Apr 14, 2020
commit 74b727e21c22a8361c638bc930559d7eeb4ffbc4
35 changes: 22 additions & 13 deletions rcl/src/rcl/security.c
Original file line number Diff line number Diff line change
@@ -140,34 +140,42 @@ char * rcl_get_secure_root(
return NULL;
}

// check if enclave override environment variable is empty
if (rcutils_get_env(ROS_SECURITY_ENCLAVE_OVERRIDE, &env_buf)) {
return NULL;
}
if (!env_buf) {
return NULL;
}
if (0 == strcmp("", env_buf)) {
// check keystore directory if override enclave environment variable is empty
if (rcutils_get_env(ROS_SECURITY_KEYSTORE_VAR_NAME, &env_buf)) {
return NULL;
}
if (!env_buf) {
return NULL;
}
if (0 == strcmp("", env_buf)) {
return NULL; // environment variable was empty
}
ros_secure_enclave_override = false;
}
char * ros_secure_enclave_override_env = rcutils_strdup(env_buf, *allocator);

// found a usable environment variable, copy into our memory before overwriting with next lookup
// check if keystore environment variable is empty
if (rcutils_get_env(ROS_SECURITY_KEYSTORE_VAR_NAME, &env_buf)) {
return NULL;
}
if (!env_buf) {
return NULL;
}
if (0 == strcmp("", env_buf)) {
return NULL; // environment variable was empty
}
char * ros_secure_keystore_env = rcutils_strdup(env_buf, *allocator);

// given usable environment variables, overwrite with next lookup
char * secure_root = NULL;
if (ros_secure_enclave_override) {
secure_root = exact_match_lookup(ros_secure_keystore_env, ros_secure_keystore_env, allocator);
secure_root = exact_match_lookup(
ros_secure_enclave_override_env,
ros_secure_keystore_env,
allocator);
} else {
secure_root = exact_match_lookup(name, ros_secure_keystore_env, allocator);
secure_root = exact_match_lookup(
name,
ros_secure_keystore_env,
allocator);
}

if (NULL == secure_root || !rcutils_is_directory(secure_root)) {
@@ -180,6 +188,7 @@ char * rcl_get_secure_root(
RCL_SET_ERROR_MSG_WITH_FORMAT_STRING(
"SECURITY ERROR: directory '%s' does not exist.", secure_root);
}
allocator->deallocate(ros_secure_enclave_override_env, allocator->state);
allocator->deallocate(ros_secure_keystore_env, allocator->state);
allocator->deallocate(secure_root, allocator->state);
return NULL;