From 6ca654593358fd6977b4e37c75159a89c1a9aec7 Mon Sep 17 00:00:00 2001 From: Ivan Santiago Paunovic Date: Thu, 9 Apr 2020 13:44:45 -0300 Subject: [PATCH] Use keystore root as security root directory, and not contexts folder (#607) Signed-off-by: Ivan Santiago Paunovic --- rcl/src/rcl/security.c | 13 ++++++++----- rcl/test/rcl/test_security.cpp | 14 +++++++++++--- .../{ => contexts}/dummy_security_context/.gitkeep | 0 .../group1/dummy_security_context/.gitkeep | 0 4 files changed, 19 insertions(+), 8 deletions(-) rename rcl/test/resources/test_security_directory/{ => contexts}/dummy_security_context/.gitkeep (100%) create mode 100644 rcl/test/resources/test_security_directory/contexts/group1/dummy_security_context/.gitkeep diff --git a/rcl/src/rcl/security.c b/rcl/src/rcl/security.c index 515515d1c..c35586d8d 100644 --- a/rcl/src/rcl/security.c +++ b/rcl/src/rcl/security.c @@ -109,18 +109,21 @@ char * exact_match_lookup( const char * ros_secure_root_env, const rcl_allocator_t * allocator) { - // Perform an exact match for the node/context's name in directory /. + // Perform an exact match for the context name in directory . char * secure_root = NULL; // "/" case when root namespace is explicitly passed in if (0 == strcmp(name, "/")) { secure_root = rcutils_strdup(ros_secure_root_env, *allocator); } else { - char * root_path = NULL; + char * relative_path = NULL; + char * contexts_dir = NULL; // Get native path, ignore the leading forward slash // TODO(ros2team): remove the hard-coded length, use the length of the root namespace instead - root_path = rcutils_to_native_path(name + 1, *allocator); - secure_root = rcutils_join_path(ros_secure_root_env, root_path, *allocator); - allocator->deallocate(root_path, allocator->state); + relative_path = rcutils_to_native_path(name + 1, *allocator); + contexts_dir = rcutils_join_path(ros_secure_root_env, "contexts", *allocator); + secure_root = rcutils_join_path(contexts_dir, relative_path, *allocator); + allocator->deallocate(relative_path, allocator->state); + allocator->deallocate(contexts_dir, allocator->state); } return secure_root; } diff --git a/rcl/test/rcl/test_security.cpp b/rcl/test/rcl/test_security.cpp index 71c55b140..f1dca19a1 100644 --- a/rcl/test/rcl/test_security.cpp +++ b/rcl/test/rcl/test_security.cpp @@ -38,6 +38,9 @@ # define PATH_SEPARATOR "\\" #endif +#define TEST_SECURITY_CONTEXT_MULTIPLE_TOKENS \ + "/group1" PATH_SEPARATOR TEST_SECURITY_CONTEXT + char g_envstring[512] = {0}; static int putenv_wrapper(const char * env_var) @@ -137,6 +140,7 @@ TEST_F(TestGetSecureRoot, successScenarios_local_exactMatch) { TEST_RESOURCES_DIRECTORY TEST_SECURITY_DIRECTORY_RESOURCES_DIR_NAME); secure_root = rcl_get_secure_root(TEST_SECURITY_CONTEXT_ABSOLUTE, &allocator); + ASSERT_NE(nullptr, secure_root); std::string secure_root_str(secure_root); ASSERT_STREQ( TEST_SECURITY_CONTEXT, @@ -144,10 +148,13 @@ TEST_F(TestGetSecureRoot, successScenarios_local_exactMatch) { } TEST_F(TestGetSecureRoot, successScenarios_local_exactMatch_multipleTokensName) { - putenv_wrapper(ROS_SECURITY_ROOT_DIRECTORY_VAR_NAME "=" TEST_RESOURCES_DIRECTORY); + putenv_wrapper( + ROS_SECURITY_ROOT_DIRECTORY_VAR_NAME "=" + TEST_RESOURCES_DIRECTORY TEST_SECURITY_DIRECTORY_RESOURCES_DIR_NAME); secure_root = rcl_get_secure_root( - TEST_SECURITY_DIRECTORY_RESOURCES_DIR_NAME PATH_SEPARATOR TEST_SECURITY_CONTEXT, &allocator); + TEST_SECURITY_CONTEXT_MULTIPLE_TOKENS, &allocator); + ASSERT_NE(nullptr, secure_root); std::string secure_root_str(secure_root); ASSERT_STREQ( TEST_SECURITY_CONTEXT, @@ -217,5 +224,6 @@ TEST_F(TestGetSecureRoot, test_get_security_options) { EXPECT_EQ(RMW_SECURITY_ENFORCEMENT_ENFORCE, options.enforce_security); EXPECT_STREQ( TEST_RESOURCES_DIRECTORY TEST_SECURITY_DIRECTORY_RESOURCES_DIR_NAME - PATH_SEPARATOR TEST_SECURITY_CONTEXT, options.security_root_path); + PATH_SEPARATOR "contexts" PATH_SEPARATOR TEST_SECURITY_CONTEXT, + options.security_root_path); } diff --git a/rcl/test/resources/test_security_directory/dummy_security_context/.gitkeep b/rcl/test/resources/test_security_directory/contexts/dummy_security_context/.gitkeep similarity index 100% rename from rcl/test/resources/test_security_directory/dummy_security_context/.gitkeep rename to rcl/test/resources/test_security_directory/contexts/dummy_security_context/.gitkeep diff --git a/rcl/test/resources/test_security_directory/contexts/group1/dummy_security_context/.gitkeep b/rcl/test/resources/test_security_directory/contexts/group1/dummy_security_context/.gitkeep new file mode 100644 index 000000000..e69de29bb