Skip to content

Commit

Permalink
Add in conditional compile based on ENABLE_SECURITY make flag
Browse files Browse the repository at this point in the history
and Cyclone DDS feature availability.  Also addressed review
comments.

Signed-off-by: Sid Faber <sid.faber@canonical.com>
  • Loading branch information
SidFaber committed Mar 26, 2020
1 parent 99d2738 commit 99071d4
Showing 1 changed file with 32 additions and 16 deletions.
48 changes: 32 additions & 16 deletions rmw_cyclonedds_cpp/src/rmw_node.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -27,10 +27,10 @@
#include <regex>

#include "rcutils/filesystem.h"
#include "rcutils/format_string.h"
#include "rcutils/get_env.h"
#include "rcutils/logging_macros.h"
#include "rcutils/strdup.h"
#include "rcutils/format_string.h"

#include "rmw/allocators.h"
#include "rmw/convert_rcutils_ret_to_rmw_ret.h"
Expand Down Expand Up @@ -61,6 +61,7 @@
#include "namespace_prefix.hpp"

#include "dds/dds.h"
#include "dds/features.h"
#include "dds/ddsi/ddsi_sertopic.h"
#include "rmw_cyclonedds_cpp/serdes.hpp"
#include "serdata.hpp"
Expand All @@ -81,6 +82,13 @@
#define SUPPORT_LOCALHOST 0
#endif

/* QOS Property List support exists in Cyclone if and only if security features are available */
#if DDS_HAS_SECURITY && DDS_HAS_QOS_PROPERTY_LIST
#define RMW_SUPPORT_SECURITY 1
#else
#define RMW_SUPPORT_SECURITY 0
#endif

/* Set to > 0 for printing warnings to stderr for each messages that was taken more than this many
ms after writing */
#define REPORT_LATE_MESSAGES 0
Expand Down Expand Up @@ -644,6 +652,7 @@ static std::string get_node_user_data(const char * node_name, const char * node_
std::string(";");
}

#if RMW_SUPPORT_SECURITY
/* Returns the full URI of a security file properly formatted for DDS */
char * get_security_file_URI(
const char * security_filename, const char * node_secure_root,
Expand Down Expand Up @@ -680,11 +689,13 @@ void store_security_filepath_in_qos(
allocator.deallocate(security_file_path, allocator.state);
}
}
#endif /* RMW_SUPPORT_SECURITY */

/* Set all the qos properties needed to enable DDS security */
void configure_qos_for_security(
rmw_ret_t configure_qos_for_security(
dds_qos_t * qos, const rmw_node_security_options_t * security_options)
{
#if RMW_SUPPORT_SECURITY
/* File path is set to nullptr if file does not exist or is not readable */
store_security_filepath_in_qos(
qos, "dds.sec.auth.identity_ca", "identity_ca.cert.pem",
Expand All @@ -705,17 +716,27 @@ void configure_qos_for_security(
qos, "dds.sec.access.permissions", "permissions.p7s",
security_options);

dds_qset_prop(qos, "dds.sec.auth.library.path", "libdds_security_auth.so");
dds_qset_prop(qos, "dds.sec.auth.library.path", "dds_security_auth");
dds_qset_prop(qos, "dds.sec.auth.library.init", "init_authentication");
dds_qset_prop(qos, "dds.sec.auth.library.finalize", "finalize_authentication");

dds_qset_prop(qos, "dds.sec.crypto.library.path", "libdds_security_crypto.so");
dds_qset_prop(qos, "dds.sec.crypto.library.path", "dds_security_crypto");
dds_qset_prop(qos, "dds.sec.crypto.library.init", "init_crypto");
dds_qset_prop(qos, "dds.sec.crypto.library.finalize", "finalize_crypto");

dds_qset_prop(qos, "dds.sec.access.library.path", "libdds_security_ac.so");
dds_qset_prop(qos, "dds.sec.access.library.path", "dds_security_ac");
dds_qset_prop(qos, "dds.sec.access.library.init", "init_access_control");
dds_qset_prop(qos, "dds.sec.access.library.finalize", "finalize_access_control");

return RMW_RET_OK;
#else
(void) qos;
(void) security_options;
RMW_SET_ERROR_MSG(
"Security was requested but the Cyclone DDS being used does not have security "
"support enabled. Recompile with CMake option '-DENABLE_SECURITY' Cmake option.");
return RMW_RET_UNSUPPORTED;
#endif
}

extern "C" rmw_node_t * rmw_create_node(
Expand Down Expand Up @@ -743,11 +764,7 @@ extern "C" rmw_node_t * rmw_create_node(
const dds_domainid_t did = DDS_DOMAIN_DEFAULT;
#endif

if (security_options == nullptr) {
RCUTILS_LOG_ERROR_NAMED(
"rmw_cyclonedds_cpp", "rmw_create_node: security options null");
return nullptr;
}
RCUTILS_CHECK_ARGUMENT_FOR_NULL(security_options, nullptr);

rmw_ret_t ret;
int dummy_validation_result;
Expand All @@ -770,16 +787,15 @@ extern "C" rmw_node_t * rmw_create_node(
#endif

dds_qos_t * qos = dds_create_qos();
if (qos == nullptr) {
RCUTILS_LOG_ERROR_NAMED(
"rmw_cyclonedds_cpp", "rmw_create_node: Unable to create qos");
return nullptr;
}
RCUTILS_CHECK_FOR_NULL_WITH_MSG(
security_options, "rmw_create_node: Unable to create qos", return nullptr);
std::string user_data = get_node_user_data(name, namespace_);
dds_qset_userdata(qos, user_data.c_str(), user_data.size());

if (security_options->enforce_security) {
configure_qos_for_security(qos, security_options);
if (configure_qos_for_security(qos, security_options) != RMW_RET_OK) {
return nullptr;
}
}

dds_entity_t pp = dds_create_participant(did, qos, nullptr);
Expand Down

0 comments on commit 99071d4

Please sign in to comment.