vsomeip 2.10.20

vcomito-apexai · May 22, 2018 · 23b6a4b · 23b6a4b
1 parent f5d9ec2
commit 23b6a4b
Show file tree

Hide file tree

Showing 13 changed files with 314 additions and 68 deletions.
diff --git a/CHANGES b/CHANGES
@@ -1,6 +1,20 @@
 Changes
 =======
 
+v2.10.20
+- Add security config (i.e. vsomeip_security.json) to mandatory config files
+- Enable local_routing_test_starter.sh to use externally defined configuration
+  files
+- Reject malformed subscriptions with SubscribeEventgroupNACK if multiple
+  endpoint options are referenced
+- Use CMake define or environment variable to find gtest
+- Quit vsomeipd when Service Discovery is configured but module cannot be loaded
+- Added error message when Configuration module cannot be loaded
+- Export payload_impl to enable compilation with newer GCC versions
+- Avoid printing the same warning twice. Ensure all error paths are identifiable
+- Fixed security checks for policies without configured client ID
+- Fixed crash on auto config load in case of EOWNERDEAD caused by previous crashed/exited application
+
 v2.10.19
 - Catch exceptions on shutdown (especially from boost::log)
 - Fixed handling of malformed packets in TCP client endpoint in conjunction 

diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -8,11 +8,19 @@ project (vsomeip)
 
 set (VSOMEIP_MAJOR_VERSION 2)
 set (VSOMEIP_MINOR_VERSION 10)
-set (VSOMEIP_PATCH_VERSION 19)
+set (VSOMEIP_PATCH_VERSION 20)
 set (VSOMEIP_VERSION ${VSOMEIP_MAJOR_VERSION}.${VSOMEIP_MINOR_VERSION}.${VSOMEIP_PATCH_VERSION})
 set (PACKAGE_VERSION ${VSOMEIP_VERSION}) # Used in documentatin/doxygen.in
 set (CMAKE_VERBOSE_MAKEFILE off)
 
+if (NOT GTEST_ROOT)
+    if (DEFINED ENV{GTEST_ROOT})
+        set(GTEST_ROOT $ENV{GTEST_ROOT})
+    else()
+        set(GTEST_ROOT "n/a" CACHE STRING "Path to root folder of googletest. Must be set for building the tests.")
+    endif()
+endif()
+
 ###################################################################################################
 # see http://www.cmake.org/Wiki/CMake/Tutorials/How_to_create_a_ProjectConfig.cmake_file
 ###################################################################################################
@@ -407,13 +415,13 @@ endif()
 # google test
 
 # check for set environment variable
-if(DEFINED ENV{GTEST_ROOT})
-    message("GTEST_ROOT is set. GTEST_ROOT = $ENV{GTEST_ROOT}")
-else()
-    message("GTEST_ROOT is not defined. For building the tests environment variable
-             GTEST_ROOT have to be defined. Tests can not be built.")
+if(${GTEST_ROOT} STREQUAL "n/a")
+    message(STATUS "GTEST_ROOT is not defined. For building the tests the variable
+             GTEST_ROOT has to be defined. Tests can not be built.")
     # early exit
     return()  # test can not be build -> make commands build_tests and check are not available
+else()
+    message(STATUS "GTEST_ROOT is set. gtest root path set to ${GTEST_ROOT}")
 endif()
 
 # build google test as static library (always) -> therefore deactivate BUILD_SHARED_LIBS in case it is active
@@ -422,7 +430,7 @@ if ("${BUILD_SHARED_LIBS}" STREQUAL "ON")
     set(BUILD_SHARED_LIBS OFF)
     set(BUILD_SHARED_LIBS_AUTOMATIC_OFF 1)
 endif()
-add_subdirectory($ENV{GTEST_ROOT} ${CMAKE_CURRENT_BINARY_DIR}/gtest EXCLUDE_FROM_ALL)
+add_subdirectory(${GTEST_ROOT} ${CMAKE_CURRENT_BINARY_DIR}/gtest EXCLUDE_FROM_ALL)
 if ("${BUILD_SHARED_LIBS_AUTOMATIC_OFF}" STREQUAL "1")
     set(BUILD_SHARED_LIBS ON)
     set(BUILD_SHARED_LIBS_AUTOMATIC_OFF 0)

diff --git a/exportmap.gcc b/exportmap.gcc
@@ -23,6 +23,8 @@ global:
         *vsomeip::message_base_impl::*;
         *vsomeip::message_header_impl;
         *vsomeip::message_header_impl::*;
+        *vsomeip::payload_impl;
+	*vsomeip::payload_impl::*;
         *vsomeip::runtime;
         vsomeip::runtime::get*;
         vsomeip::runtime::set_property*;

diff --git a/implementation/configuration/include/configuration.hpp b/implementation/configuration/include/configuration.hpp
@@ -136,7 +136,8 @@ class configuration {
             instance_t _instance) const = 0;
     virtual bool is_offer_allowed(client_t _client, service_t _service,
             instance_t _instance) const = 0;
-    virtual bool check_credentials(client_t _client, uint32_t _uid, uint32_t _gid) const = 0;
+    virtual bool check_credentials(client_t _client,
+            uint32_t _uid, uint32_t _gid) = 0;
 
     // Plugins
     virtual std::map<plugin_type_e, std::set<std::string>> get_plugins(

diff --git a/implementation/configuration/include/configuration_impl.hpp b/implementation/configuration/include/configuration_impl.hpp
@@ -149,7 +149,8 @@ class configuration_impl:
             instance_t _instance) const;
     VSOMEIP_EXPORT bool is_offer_allowed(client_t _client, service_t _service,
             instance_t _instance) const;
-    VSOMEIP_EXPORT bool check_credentials(client_t _client, uint32_t _uid, uint32_t _gid) const;
+    VSOMEIP_EXPORT bool check_credentials(client_t _client,
+            uint32_t _uid, uint32_t _gid);
 
     VSOMEIP_EXPORT std::map<plugin_type_e, std::set<std::string>> get_plugins(
             const std::string &_name) const;
@@ -375,6 +376,8 @@ class configuration_impl:
     std::uint32_t umask_;
 
     std::map<client_t, std::shared_ptr<policy>> policies_;
+    std::vector<std::shared_ptr<policy> > any_client_policies_;
+    std::map<client_t, std::pair<uint32_t, uint32_t> > ids_;
     bool policy_enabled_;
     bool check_credentials_;
 

diff --git a/implementation/configuration/include/internal.hpp.in b/implementation/configuration/include/internal.hpp.in
@@ -20,7 +20,7 @@
 
 #define VSOMEIP_DEFAULT_CONFIGURATION_FILE      "/etc/vsomeip.json"
 #define VSOMEIP_LOCAL_CONFIGURATION_FILE        "./vsomeip.json"
-#define VSOMEIP_MANDATORY_CONFIGURATION_FILES   "vsomeip_std.json,vsomeip_app.json,vsomeip_plc.json,vsomeip_log.json"
+#define VSOMEIP_MANDATORY_CONFIGURATION_FILES   "vsomeip_std.json,vsomeip_app.json,vsomeip_plc.json,vsomeip_log.json,vsomeip_security.json"
 
 #define VSOMEIP_DEFAULT_CONFIGURATION_FOLDER    "/etc/vsomeip"
 #define VSOMEIP_DEBUG_CONFIGURATION_FOLDER      "/var/opt/public/sin/vsomeip/"

diff --git a/implementation/configuration/src/configuration_impl.cpp b/implementation/configuration/src/configuration_impl.cpp
@@ -1867,7 +1867,7 @@ void configuration_impl::load_policy(const boost::property_tree::ptree &_tree) {
     }
 
     if (!has_been_inserted) {
-        policies_[ANY_CLIENT] = policy;
+        any_client_policies_.push_back(policy);
     }
 }
 
@@ -2532,20 +2532,26 @@ bool configuration_impl::is_security_enabled() const {
 }
 
 bool configuration_impl::check_credentials(client_t _client, uint32_t _uid,
-        uint32_t _gid) const {
+        uint32_t _gid) {
     if (!policy_enabled_) {
         return true;
     }
 
+    // store the client -> (uid, gid) mapping
+    ids_[_client] = std::make_pair(_uid, _gid);
+
+    std::vector<std::shared_ptr<policy> > its_policies;
     bool has_id(false);
     auto its_client = policies_.find(_client);
 
-    // Search for generic policy if no specific could be found
-    if (its_client == policies_.end())
-        its_client = policies_.find(ANY_CLIENT);
+    // Use client specific policy if it does exist
+    if (its_client != policies_.end())
+        its_policies.push_back(its_client->second);
+    else
+        its_policies = any_client_policies_;
 
-    if (its_client != policies_.end()) {
-        for (auto its_credential : its_client->second->ids_) {
+    for (const auto &p : its_policies) {
+        for (auto its_credential : p->ids_) {
             bool has_uid(false), has_gid(false);
             for (auto its_range : std::get<0>(its_credential)) {
                 if (std::get<0>(its_range) <= _uid && _uid <= std::get<1>(its_range)) {
@@ -2566,8 +2572,7 @@ bool configuration_impl::check_credentials(client_t _client, uint32_t _uid,
             }
         }
 
-        if ((has_id && its_client->second->allow_who_)
-                || (!has_id && !its_client->second->allow_who_)) {
+        if ((has_id && p->allow_who_) || (!has_id && !p->allow_who_)) {
             return true;
         }
     }
@@ -2586,29 +2591,66 @@ bool configuration_impl::is_client_allowed(client_t _client, service_t _service,
     if (!policy_enabled_) {
         return true;
     }
-    auto its_client = policies_.find(_client);
 
-    // Search for generic policy if no specific could be found
-    if (its_client == policies_.end())
-            its_client = policies_.find(ANY_CLIENT);
+    uint32_t its_uid(0xffffffff), its_gid(0xffffffff);
+    bool must_apply(true);
+    std::vector<std::shared_ptr<policy> > its_policies;
+    auto its_client = policies_.find(_client);
 
-    if (its_client == policies_.end()) {
-        if (!check_credentials_) {
-            VSOMEIP_INFO << "vSomeIP Security: Client 0x" << std::hex << _client
-                    << " isn't allowed to communicate with service/instance "
-                    << _service << "/" << _instance
-                    << " but will be allowed due to audit mode is active!";
+    // Use client specific policy if it does exist
+    if (its_client != policies_.end())
+        its_policies.push_back(its_client->second);
+    else {
+        must_apply = false;
+        its_policies = any_client_policies_;
+
+        auto found_id = ids_.find(_client);
+        if (found_id != ids_.end()) {
+            its_uid = found_id->second.first;
+            its_gid = found_id->second.second;
+        } else {
+            if (!check_credentials_) {
+                VSOMEIP_INFO << "vSomeIP Security: Cannot determine uid/gid for"
+                        "client 0x" << std::hex << _client
+                        << ". Therefore it isn't allowed to communicate to service/instance "
+                        << _service << "/" << _instance
+                        << " but will be allowed due to audit mode is active!";
+            }
+            return !check_credentials_;
         }
-        return !check_credentials_;
     }
 
-    auto its_service = its_client->second->services_.find(std::make_pair(_service, _instance));
-    if (its_client->second->allow_what_
-            && its_service != its_client->second->services_.end()) {
-        return true;
-    } else if (!its_client->second->allow_what_
-            && its_service == its_client->second->services_.end()) {
-        return true;
+    for (const auto &p : its_policies) {
+        bool has_uid(false), has_gid(false);
+        if (must_apply) {
+            has_uid = has_gid = p->allow_what_;
+        } else {
+            for (auto its_credential : p->ids_) {
+                has_uid = has_gid = false;
+                for (auto its_range : std::get<0>(its_credential)) {
+                    if (std::get<0>(its_range) <= its_uid && its_uid <= std::get<1>(its_range)) {
+                        has_uid = true;
+                        break;
+                    }
+                }
+                for (auto its_range : std::get<1>(its_credential)) {
+                    if (std::get<0>(its_range) <= its_gid && its_gid <= std::get<1>(its_range)) {
+                        has_gid = true;
+                        break;
+                    }
+                }
+
+                if (has_uid && has_gid)
+                    break;
+            }
+        }
+
+        auto its_service = p->services_.find(std::make_pair(_service, _instance));
+        if (has_uid && has_gid && p->allow_what_ && its_service != p->services_.end()) {
+            return true;
+        } else if (!has_uid && !has_gid && !p->allow_what_ && its_service == p->services_.end()) {
+            return true;
+        }
     }
 
     if (!check_credentials_) {
@@ -2627,29 +2669,67 @@ bool configuration_impl::is_offer_allowed(client_t _client, service_t _service,
         return true;
     }
 
+    uint32_t its_uid(0xffffffff), its_gid(0xffffffff);
+    bool must_apply(true);
+    std::vector<std::shared_ptr<policy> > its_policies;
     auto its_client = policies_.find(_client);
 
-    // Search for generic policy if no specific could be found
-    if (its_client == policies_.end())
-        its_client = policies_.find(ANY_CLIENT);
-
-    if (its_client == policies_.end()) {
-        if (!check_credentials_) {
-            VSOMEIP_INFO << "vSomeIP Security: Client 0x" << std::hex << _client
-                    << " isn't allowed to offer service/instance "
-                    << _service << "/" << _instance
-                    << " but will be allowed due to audit mode is active!";
+    // Use client specific policy if it does exist
+    if (its_client != policies_.end())
+        its_policies.push_back(its_client->second);
+    else {
+        must_apply = false;
+        its_policies = any_client_policies_;
+
+        auto found_id = ids_.find(_client);
+        if (found_id != ids_.end()) {
+            its_uid = found_id->second.first;
+            its_gid = found_id->second.second;
+        } else {
+            if (!check_credentials_) {
+                VSOMEIP_INFO << "vSomeIP Security: Cannot determine uid/gid for"
+                        "client 0x" << std::hex << _client
+                        << ". Therefore it isn't allowed to offer service/instance "
+                        << _service << "/" << _instance
+                        << " but will be allowed due to audit mode is active!";
+            }
+            return !check_credentials_;
         }
-        return !check_credentials_;
     }
 
-    auto its_offer = its_client->second->offers_.find(std::make_pair(_service, _instance));
-    if (its_client->second->allow_what_
-            && its_offer != its_client->second->offers_.end()) {
-        return true;
-    } else if (!its_client->second->allow_what_
-            && its_offer == its_client->second->offers_.end()) {
-        return true;
+    for (const auto &p : its_policies) {
+        bool has_uid(false), has_gid(false);
+        if (must_apply) {
+            has_uid = has_gid = p->allow_what_;
+        } else {
+            for (auto its_credential : p->ids_) {
+                has_uid = has_gid = false;
+                for (auto its_range : std::get<0>(its_credential)) {
+                    if (std::get<0>(its_range) <= its_uid && its_uid <= std::get<1>(its_range)) {
+                        has_uid = true;
+                        break;
+                    }
+                }
+                for (auto its_range : std::get<1>(its_credential)) {
+                    if (std::get<0>(its_range) <= its_gid && its_gid <= std::get<1>(its_range)) {
+                        has_gid = true;
+                        break;
+                    }
+                }
+
+                if (has_uid && has_gid)
+                    break;
+            }
+        }
+
+        auto its_offer = p->offers_.find(std::make_pair(_service, _instance));
+        if (has_uid && has_gid
+                && p->allow_what_ && its_offer != p->offers_.end()) {
+            return true;
+        } else if (!has_uid && !has_gid
+                && !p->allow_what_ && its_offer == p->offers_.end()) {
+            return true;
+        }
     }
 
     if (!check_credentials_) {

diff --git a/implementation/endpoints/src/tcp_client_endpoint_impl.cpp b/implementation/endpoints/src/tcp_client_endpoint_impl.cpp
@@ -552,6 +552,7 @@ void tcp_client_endpoint_impl::receive_cbk(
                     VSOMEIP_WARNING << "tcp_client_endpoint receive_cbk already"
                             " restarting" << get_remote_information();
                 } else {
+                    VSOMEIP_WARNING << "tcp_client_endpoint receive_cbk restarting.";
                     state_ = cei_state_e::CONNECTING;
                     shutdown_and_close_socket_unlocked(false);
                     was_not_connected_ = true;
@@ -560,10 +561,6 @@ void tcp_client_endpoint_impl::receive_cbk(
                     restart(true);
                 }
             } else {
-                VSOMEIP_WARNING << "tcp_client_endpoint receive_cbk: "
-                        << _error.message() << "( " << std::dec << _error.value()
-                        << ") local: " << get_address_port_local()
-                        << " remote: " << get_address_port_remote();
                 its_lock.unlock();
                 receive(_recv_buffer, _recv_buffer_size, its_missing_capacity);
             }

diff --git a/implementation/routing/src/routing_manager_impl.cpp b/implementation/routing/src/routing_manager_impl.cpp
@@ -108,6 +108,9 @@ void routing_manager_impl::init() {
             VSOMEIP_INFO << "Service Discovery module loaded.";
             discovery_ = std::dynamic_pointer_cast<sd::runtime>(its_plugin)->create_service_discovery(this);
             discovery_->init();
+        } else {
+            VSOMEIP_ERROR << "Service Discovery module could not be loaded!";
+            std::exit(EXIT_FAILURE);
         }
     }
 

diff --git a/implementation/runtime/src/application_impl.cpp b/implementation/runtime/src/application_impl.cpp
@@ -101,7 +101,8 @@ bool application_impl::init() {
             configuration_->load(name_);
             VSOMEIP_INFO << "Default configuration module loaded.";
         } else {
-            exit(-1);
+            std::cerr << "Service Discovery module could not be loaded!" << std::endl;
+            std::exit(EXIT_FAILURE);
         }
     }