Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update security environment variables #617

Merged
merged 13 commits into from
Apr 16, 2020
+88 −63
Merged

Update security environment variables #617

Changes from 1 commit
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
f045feb
Rename security override env from
ruffsl Apr 13, 2020
38597f2
Update variables and functions
ruffsl Apr 13, 2020
f7149a3
Update docs and comments
ruffsl Apr 13, 2020
ad38f8f
Rename keystore root env from
ruffsl Apr 14, 2020
549913b
Update variables and functions
ruffsl Apr 14, 2020
c72dffe
Update docs and comments
ruffsl Apr 14, 2020
8574ad6
Change enclave overide to set name instead dir
ruffsl Apr 14, 2020
74b727e
Store security env values with separate variables
ruffsl Apr 14, 2020
1ee7094
Bubble up errors from rcutils_get_env
ruffsl Apr 15, 2020
802d3c6
Deallocate enclave override env char upon error
ruffsl Apr 15, 2020
3e067b4
Fix tests for multiple tokens
ruffsl Apr 15, 2020
68a356e
Fix redefinition of get_env_error_str
ruffsl Apr 16, 2020
0df6603
Fix linter error
ruffsl Apr 16, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Store security env values with separate variables 
Signed-off-by: ruffsl <[email protected]>
@ruffsl
ruffsl committed Apr 14, 2020
commit 74b727e21c22a8361c638bc930559d7eeb4ffbc4
35 changes: 22 additions & 13 deletions rcl/src/rcl/security.c
View file
Original file line number Diff line number Diff line change
@@ -140,34 +140,42 @@ char * rcl_get_secure_root(
return NULL;
}

// check if enclave override environment variable is empty
if (rcutils_get_env(ROS_SECURITY_ENCLAVE_OVERRIDE, &env_buf)) {
return NULL;
}
if (!env_buf) {
return NULL;
}
if (0 == strcmp("", env_buf)) {
// check keystore directory if override enclave environment variable is empty
if (rcutils_get_env(ROS_SECURITY_KEYSTORE_VAR_NAME, &env_buf)) {
return NULL;
}
if (!env_buf) {
return NULL;
}
if (0 == strcmp("", env_buf)) {
return NULL; // environment variable was empty
}
ros_secure_enclave_override = false;
}
char * ros_secure_enclave_override_env = rcutils_strdup(env_buf, *allocator);

// found a usable environment variable, copy into our memory before overwriting with next lookup
// check if keystore environment variable is empty
if (rcutils_get_env(ROS_SECURITY_KEYSTORE_VAR_NAME, &env_buf)) {
return NULL;
}
if (!env_buf) {
return NULL;
}
if (0 == strcmp("", env_buf)) {
return NULL; // environment variable was empty
}
char * ros_secure_keystore_env = rcutils_strdup(env_buf, *allocator);

// given usable environment variables, overwrite with next lookup
char * secure_root = NULL;
if (ros_secure_enclave_override) {
secure_root = exact_match_lookup(ros_secure_keystore_env, ros_secure_keystore_env, allocator);
secure_root = exact_match_lookup(
ros_secure_enclave_override_env,
ros_secure_keystore_env,
allocator);
} else {
secure_root = exact_match_lookup(name, ros_secure_keystore_env, allocator);
secure_root = exact_match_lookup(
name,
ros_secure_keystore_env,
allocator);
}

if (NULL == secure_root || !rcutils_is_directory(secure_root)) {
@@ -180,6 +188,7 @@ char * rcl_get_secure_root(
RCL_SET_ERROR_MSG_WITH_FORMAT_STRING(
"SECURITY ERROR: directory '%s' does not exist.", secure_root);
}
allocator->deallocate(ros_secure_enclave_override_env, allocator->state);
allocator->deallocate(ros_secure_keystore_env, allocator->state);
allocator->deallocate(secure_root, allocator->state);
return NULL;