Skip to content

Commit

Permalink
security-context -> enclave (#612)
Browse files Browse the repository at this point in the history
Signed-off-by: Mikael Arguedas <mikael.arguedas@gmail.com>
  • Loading branch information
mikaelarguedas authored Apr 13, 2020
1 parent 94b5a1d commit ccb4ec7
Show file tree
Hide file tree
Showing 15 changed files with 162 additions and 161 deletions.
2 changes: 1 addition & 1 deletion rcl/CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ set(${PROJECT_NAME}_sources
src/rcl/subscription.c
src/rcl/time.c
src/rcl/timer.c
src/rcl/validate_security_context_name.c
src/rcl/validate_enclave_name.c
src/rcl/validate_topic_name.c
src/rcl/wait.c
)
Expand Down
3 changes: 2 additions & 1 deletion rcl/include/rcl/arguments.h
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,8 @@ typedef struct rcl_arguments_t
#define RCL_PARAM_FILE_FLAG "--params-file"
#define RCL_REMAP_FLAG "--remap"
#define RCL_SHORT_REMAP_FLAG "-r"
#define RCL_SECURITY_CONTEXT_FLAG "--security-context"
#define RCL_ENCLAVE_FLAG "--enclave"
#define RCL_SHORT_ENCLAVE_FLAG "-e"
#define RCL_LOG_LEVEL_FLAG "--log-level"
#define RCL_EXTERNAL_LOG_CONFIG_FLAG "--log-config-file"
// To be prefixed with --enable- or --disable-
Expand Down
10 changes: 5 additions & 5 deletions rcl/include/rcl/graph.h
Original file line number Diff line number Diff line change
Expand Up @@ -441,9 +441,9 @@ rcl_get_node_names(
rcutils_string_array_t * node_names,
rcutils_string_array_t * node_namespaces);

/// Return a list of available nodes in the ROS graph, including their security context names.
/// Return a list of available nodes in the ROS graph, including their enclave names.
/**
* An \ref rcl_get_node_names equivalent, but including in its output the security context
* An \ref rcl_get_node_names equivalent, but including in its output the enclave
* name the node is using.
*
* <hr>
Expand All @@ -459,20 +459,20 @@ rcl_get_node_names(
* \param[in] allocator used to control allocation and deallocation of names
* \param[out] node_names struct storing discovered node names
* \param[out] node_namesspaces struct storing discovered node namespaces
* \param[out] security_contexts struct storing discovered node security contexts
* \param[out] enclaves struct storing discovered node enclaves
* \return `RCL_RET_OK` if the query was successful, or
* \return `RCL_RET_BAD_ALLOC` if an error occurred while allocating memory, or
* \return `RCL_RET_ERROR` if an unspecified error occurs.
*/
RCL_PUBLIC
RCL_WARN_UNUSED
rcl_ret_t
rcl_get_node_names_with_security_contexts(
rcl_get_node_names_with_enclaves(
const rcl_node_t * node,
rcl_allocator_t allocator,
rcutils_string_array_t * node_names,
rcutils_string_array_t * node_namespaces,
rcutils_string_array_t * security_contexts);
rcutils_string_array_t * enclaves);

/// Return the number of publishers on a given topic.
/**
Expand Down
6 changes: 3 additions & 3 deletions rcl/include/rcl/security.h
Original file line number Diff line number Diff line change
Expand Up @@ -92,9 +92,9 @@ RCL_PUBLIC
rcl_ret_t
rcl_get_enforcement_policy(rmw_security_enforcement_policy_t * policy);

/// Return the secure root given a security context name.
/// Return the secure root given a enclave name.
/**
* Return the security directory associated with the security context name.
* Return the security directory associated with the enclave name.
*
* The value of the environment variable `ROS_SECURITY_ROOT_DIRECTORY` is used as a root.
* The specific directory to be used, is found from that root using the `name` passed.
Expand All @@ -104,7 +104,7 @@ rcl_get_enforcement_policy(rmw_security_enforcement_policy_t * policy);
* However, this expansion can be overridden by setting the secure directory override environment
* (`ROS_SECURITY_DIRECTORY_OVERRIDE`) variable, allowing users to explicitly specify the exact secure
* root directory to be utilized.
* Such an override is useful for applications where the security context is non-deterministic
* Such an override is useful for applications where the enclave is non-deterministic
* before runtime, or when testing and using additional tools that may not otherwise be easily
* provisioned.
*
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,8 @@
// See the License for the specific language governing permissions and
// limitations under the License.

#ifndef RCL__VALIDATE_SECURITY_CONTEXT_NAME_H_
#define RCL__VALIDATE_SECURITY_CONTEXT_NAME_H_
#ifndef RCL__VALIDATE_ENCLAVE_NAME_H_
#define RCL__VALIDATE_ENCLAVE_NAME_H_

#ifdef __cplusplus
extern "C"
Expand All @@ -27,27 +27,27 @@ extern "C"
#include "rcl/types.h"
#include "rcl/visibility_control.h"

#define RCL_SECURITY_CONTEXT_NAME_VALID RMW_NAMESPACE_VALID
#define RCL_SECURITY_CONTEXT_NAME_INVALID_IS_EMPTY_STRING RMW_NAMESPACE_INVALID_IS_EMPTY_STRING
#define RCL_SECURITY_CONTEXT_NAME_INVALID_NOT_ABSOLUTE RMW_NAMESPACE_INVALID_NOT_ABSOLUTE
#define RCL_SECURITY_CONTEXT_NAME_INVALID_ENDS_WITH_FORWARD_SLASH \
#define RCL_ENCLAVE_NAME_VALID RMW_NAMESPACE_VALID
#define RCL_ENCLAVE_NAME_INVALID_IS_EMPTY_STRING RMW_NAMESPACE_INVALID_IS_EMPTY_STRING
#define RCL_ENCLAVE_NAME_INVALID_NOT_ABSOLUTE RMW_NAMESPACE_INVALID_NOT_ABSOLUTE
#define RCL_ENCLAVE_NAME_INVALID_ENDS_WITH_FORWARD_SLASH \
RMW_NAMESPACE_INVALID_ENDS_WITH_FORWARD_SLASH
#define RCL_SECURITY_CONTEXT_NAME_INVALID_CONTAINS_UNALLOWED_CHARACTERS \
#define RCL_ENCLAVE_NAME_INVALID_CONTAINS_UNALLOWED_CHARACTERS \
RMW_NAMESPACE_INVALID_CONTAINS_UNALLOWED_CHARACTERS
#define RCL_SECURITY_CONTEXT_NAME_INVALID_CONTAINS_REPEATED_FORWARD_SLASH \
#define RCL_ENCLAVE_NAME_INVALID_CONTAINS_REPEATED_FORWARD_SLASH \
RMW_NAMESPACE_INVALID_CONTAINS_REPEATED_FORWARD_SLASH
#define RCL_SECURITY_CONTEXT_NAME_INVALID_NAME_TOKEN_STARTS_WITH_NUMBER \
#define RCL_ENCLAVE_NAME_INVALID_NAME_TOKEN_STARTS_WITH_NUMBER \
RMW_NAMESPACE_INVALID_NAME_TOKEN_STARTS_WITH_NUMBER
#define RCL_SECURITY_CONTEXT_NAME_INVALID_TOO_LONG RMW_NAMESPACE_INVALID_TOO_LONG
#define RCL_ENCLAVE_NAME_INVALID_TOO_LONG RMW_NAMESPACE_INVALID_TOO_LONG

#define RCL_SECURITY_CONTEXT_NAME_MAX_LENGTH RMW_NODE_NAME_MAX_NAME_LENGTH
#define RCL_ENCLAVE_NAME_MAX_LENGTH RMW_NODE_NAME_MAX_NAME_LENGTH

/// Determine if a given security context name is valid.
/// Determine if a given enclave name is valid.
/**
* The same rules as \ref rmw_validate_namespace are used.
* The only difference is in the maximum allowed length, which can be up to 255 characters.
*
* \param[in] security_context security_context to be validated
* \param[in] enclave enclave to be validated
* \param[out] validation_result int in which the result of the check is stored
* \param[out] invalid_index index of the input string where an error occurred
* \returns `RMW_RET_OK` on successfully running the check, or
Expand All @@ -57,35 +57,35 @@ extern "C"
RCL_PUBLIC
RCL_WARN_UNUSED
rcl_ret_t
rcl_validate_security_context_name(
const char * security_context,
rcl_validate_enclave_name(
const char * enclave,
int * validation_result,
size_t * invalid_index);

/// Deterimine if a given security context name is valid.
/// Deterimine if a given enclave name is valid.
/**
* This is an overload of \ref rcl_validate_security_context_name with an extra parameter
* for the length of security_context.
* This is an overload of \ref rcl_validate_enclave_name with an extra parameter
* for the length of enclave.
*
* \param[in] security_context The number of characters in security_context.
* \param[in] enclave The number of characters in enclave.
*/
RCL_PUBLIC
RCL_WARN_UNUSED
rcl_ret_t
rcl_validate_security_context_name_with_size(
const char * security_context,
size_t security_context_length,
rcl_validate_enclave_name_with_size(
const char * enclave,
size_t enclave_length,
int * validation_result,
size_t * invalid_index);

/// Return a validation result description, or NULL if unknown or RCL_SECURITY_CONTEXT_NAME_VALID.
/// Return a validation result description, or NULL if unknown or RCL_ENCLAVE_NAME_VALID.
RCL_PUBLIC
RCL_WARN_UNUSED
const char *
rcl_security_context_name_validation_result_string(int validation_result);
rcl_enclave_name_validation_result_string(int validation_result);

#ifdef __cplusplus
}
#endif

#endif // RCL__VALIDATE_SECURITY_CONTEXT_NAME_H_
#endif // RCL__VALIDATE_ENCLAVE_NAME_H_
60 changes: 30 additions & 30 deletions rcl/src/rcl/arguments.c
Original file line number Diff line number Diff line change
Expand Up @@ -190,21 +190,21 @@ _rcl_parse_param_file(
rcl_params_t * params,
char ** param_file);

/// Parse a security context argument.
/// Parse an enclave argument.
/**
* \param[in] arg the argument to parse
* \param[in] allocator an allocator to use
* \param[in,out] security_context parsed security context
* \return RCL_RET_OK if a valid security context was parsed, or
* \param[in,out] enclave parsed security enclave
* \return RCL_RET_OK if a valid security enclave was parsed, or
* \return RCL_RET_BAD_ALLOC if an allocation failed, or
* \return RLC_RET_ERROR if an unspecified error occurred.
*/
RCL_LOCAL
rcl_ret_t
_rcl_parse_security_context(
_rcl_parse_enclave(
const char * arg,
rcl_allocator_t allocator,
char ** security_context);
char ** enclave);

#define RCL_ENABLE_FLAG_PREFIX "--enable-"
#define RCL_DISABLE_FLAG_PREFIX "--disable-"
Expand Down Expand Up @@ -495,33 +495,33 @@ rcl_parse_arguments(
goto fail;
}

// Attempt to parse argument as a security context
if (strcmp(RCL_SECURITY_CONTEXT_FLAG, argv[i]) == 0) {
// Attempt to parse argument as a security enclave
if (strcmp(RCL_ENCLAVE_FLAG, argv[i]) == 0 || strcmp(RCL_SHORT_ENCLAVE_FLAG, argv[i]) == 0) {
if (i + 1 < argc) {
if (NULL != args_impl->security_context) {
if (NULL != args_impl->enclave) {
RCUTILS_LOG_DEBUG_NAMED(
ROS_PACKAGE_NAME, "Overriding security context name : %s\n",
args_impl->security_context);
allocator.deallocate(args_impl->security_context, allocator.state);
args_impl->security_context = NULL;
ROS_PACKAGE_NAME, "Overriding security enclave : %s\n",
args_impl->enclave);
allocator.deallocate(args_impl->enclave, allocator.state);
args_impl->enclave = NULL;
}
if (RCL_RET_OK == _rcl_parse_security_context(
argv[i + 1], allocator, &args_impl->security_context))
if (RCL_RET_OK == _rcl_parse_enclave(
argv[i + 1], allocator, &args_impl->enclave))
{
RCUTILS_LOG_DEBUG_NAMED(
ROS_PACKAGE_NAME, "Got security context : %s\n",
args_impl->security_context);
ROS_PACKAGE_NAME, "Got enclave: %s\n",
args_impl->enclave);
++i; // Skip flag here, for loop will skip value.
continue;
}
rcl_error_string_t prev_error_string = rcl_get_error_string();
rcl_reset_error();
RCL_SET_ERROR_MSG_WITH_FORMAT_STRING(
"Couldn't parse security context name: '%s %s'. Error: %s", argv[i], argv[i + 1],
"Couldn't parse enclave name: '%s %s'. Error: %s", argv[i], argv[i + 1],
prev_error_string.str);
} else {
RCL_SET_ERROR_MSG_WITH_FORMAT_STRING(
"Couldn't parse trailing %s flag. No security context path provided.", argv[i]);
"Couldn't parse trailing %s flag. No enclave path provided.", argv[i]);
}
ret = RCL_RET_INVALID_ROS_ARGS;
goto fail;
Expand Down Expand Up @@ -920,16 +920,16 @@ rcl_arguments_copy(
}
}
}
char * security_context_copy = rcutils_strdup(args->impl->security_context, allocator);
if (args->impl->security_context && !security_context_copy) {
char * enclave_copy = rcutils_strdup(args->impl->enclave, allocator);
if (args->impl->enclave && !enclave_copy) {
if (RCL_RET_OK != rcl_arguments_fini(args_out)) {
RCL_SET_ERROR_MSG("Error while finalizing arguments due to another error");
} else {
RCL_SET_ERROR_MSG("Error while copying security context argument");
RCL_SET_ERROR_MSG("Error while copying enclave argument");
}
return RCL_RET_BAD_ALLOC;
}
args_out->impl->security_context = security_context_copy;
args_out->impl->enclave = enclave_copy;
return RCL_RET_OK;
}

Expand Down Expand Up @@ -977,7 +977,7 @@ rcl_arguments_fini(
args->impl->num_param_files_args = 0;
args->impl->parameter_files = NULL;
}
args->impl->allocator.deallocate(args->impl->security_context, args->impl->allocator.state);
args->impl->allocator.deallocate(args->impl->enclave, args->impl->allocator.state);

if (NULL != args->impl->external_log_config_file) {
args->impl->allocator.deallocate(
Expand Down Expand Up @@ -1807,17 +1807,17 @@ _rcl_parse_external_log_config_file(
}

rcl_ret_t
_rcl_parse_security_context(
_rcl_parse_enclave(
const char * arg,
rcl_allocator_t allocator,
char ** security_context)
char ** enclave)
{
RCL_CHECK_ARGUMENT_FOR_NULL(arg, RCL_RET_INVALID_ARGUMENT);
RCL_CHECK_ARGUMENT_FOR_NULL(security_context, RCL_RET_INVALID_ARGUMENT);
RCL_CHECK_ARGUMENT_FOR_NULL(enclave, RCL_RET_INVALID_ARGUMENT);

*security_context = rcutils_strdup(arg, allocator);
if (NULL == *security_context) {
RCL_SET_ERROR_MSG("Failed to allocate memory for security context name");
*enclave = rcutils_strdup(arg, allocator);
if (NULL == *enclave) {
RCL_SET_ERROR_MSG("Failed to allocate memory for enclave name");
return RCL_RET_BAD_ALLOC;
}
return RCL_RET_OK;
Expand Down Expand Up @@ -1925,7 +1925,7 @@ _rcl_allocate_initialized_arguments_impl(rcl_arguments_t * args, rcl_allocator_t
args_impl->log_stdout_disabled = false;
args_impl->log_rosout_disabled = false;
args_impl->log_ext_lib_disabled = false;
args_impl->security_context = NULL;
args_impl->enclave = NULL;
args_impl->allocator = *allocator;

return RCL_RET_OK;
Expand Down
4 changes: 2 additions & 2 deletions rcl/src/rcl/arguments_impl.h
Original file line number Diff line number Diff line change
Expand Up @@ -61,8 +61,8 @@ typedef struct rcl_arguments_impl_t
/// A boolean value indicating if the external lib handler should be used for log output
bool log_ext_lib_disabled;

/// Security context to be used.
char * security_context;
/// Enclave to be used.
char * enclave;

/// Allocator used to allocate objects in this struct
rcl_allocator_t allocator;
Expand Down
18 changes: 9 additions & 9 deletions rcl/src/rcl/graph.c
Original file line number Diff line number Diff line change
Expand Up @@ -340,12 +340,12 @@ rcl_get_node_names(
}

rcl_ret_t
rcl_get_node_names_with_security_contexts(
rcl_get_node_names_with_enclaves(
const rcl_node_t * node,
rcl_allocator_t allocator,
rcutils_string_array_t * node_names,
rcutils_string_array_t * node_namespaces,
rcutils_string_array_t * security_contexts)
rcutils_string_array_t * enclaves)
{
if (!rcl_node_is_valid(node)) {
return RCL_RET_NODE_INVALID; // error already set
Expand All @@ -368,21 +368,21 @@ rcl_get_node_names_with_security_contexts(
RCL_SET_ERROR_MSG("node_namespaces is not null");
return RCL_RET_INVALID_ARGUMENT;
}
RCL_CHECK_ARGUMENT_FOR_NULL(security_contexts, RCL_RET_INVALID_ARGUMENT);
if (security_contexts->size != 0) {
RCL_SET_ERROR_MSG("security_contexts size is not zero");
RCL_CHECK_ARGUMENT_FOR_NULL(enclaves, RCL_RET_INVALID_ARGUMENT);
if (enclaves->size != 0) {
RCL_SET_ERROR_MSG("enclaves size is not zero");
return RCL_RET_INVALID_ARGUMENT;
}
if (security_contexts->data) {
RCL_SET_ERROR_MSG("security_contexts is not null");
if (enclaves->data) {
RCL_SET_ERROR_MSG("enclaves is not null");
return RCL_RET_INVALID_ARGUMENT;
}
(void)allocator; // to be used in rmw_get_node_names in the future
rmw_ret_t rmw_ret = rmw_get_node_names_with_security_contexts(
rmw_ret_t rmw_ret = rmw_get_node_names_with_enclaves(
rcl_node_get_rmw_handle(node),
node_names,
node_namespaces,
security_contexts);
enclaves);
return rcl_convert_rmw_ret_to_rcl_ret(rmw_ret);
}

Expand Down
Loading

0 comments on commit ccb4ec7

Please sign in to comment.