epics/pvAccess
0
0
Fork 0
Code Issues Pull Requests Projects Wiki Activity

security plugin handling

Browse Source
This commit is contained in:
Matej Sekoranja
2014-09-11 09:41:20 +02:00
parent e12cf946a5
commit 0b0bf32c19
5 changed files with 26 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
src/remote/codec.cpp
View File

@@ -1622,7 +1622,7 @@ namespace epics {
buffer->putShort(0x7FFF);
// list of authNZ plugin names
map<string, SecurityPlugin::shared_pointer> securityPlugins;
map<string, SecurityPlugin::shared_pointer>& securityPlugins = _context->getSecurityPlugins();
vector<string> validSPNames;
validSPNames.reserve(securityPlugins.size());
@@ -1764,11 +1764,22 @@ namespace epics {
LOG(logLevelDebug, "Accepted security plug-in '%s' for PVA client: %s.", initData->securityPluginName.c_str(), ipAddrStr);
}
// create session
SecurityPluginControl::shared_pointer spc = std::tr1::dynamic_pointer_cast<SecurityPluginControl>(shared_from_this());
// TODO sync
_securitySession = securityPlugin->createSession(_socketAddress, spc, initData->data);
try
{
// create session
SecurityPluginControl::shared_pointer spc = std::tr1::dynamic_pointer_cast<SecurityPluginControl>(shared_from_this());
// TODO sync
_securitySession = securityPlugin->createSession(_socketAddress, spc, initData->data);
} catch (SecurityException &se) {
if (IS_LOGGABLE(logLevelDebug))
{
char ipAddrStr[48];
ipAddrToDottedIP(&_socketAddress.ia, ipAddrStr, sizeof(ipAddrStr));
LOG(logLevelDebug, "Security plug-in '%s' failed to create a session for PVA client: %s.", initData->securityPluginName.c_str(), ipAddrStr);
}
Status status(Status::STATUSTYPE_ERROR, se.what());
verified(status);
}
}

1
src/remote/security.cpp
View File

@@ -50,4 +50,3 @@ CAClientSecurityPlugin::CAClientSecurityPlugin()
m_userAndHost->getSubField<PVString>("host")->put(buffer);
}

6
src/remote/security.h
View File

@@ -27,6 +27,7 @@
#include <pv/remote.h>
#include <pv/serializationHelper.h>
#include <pv/logger.h>
#include <shareLib.h>
@@ -465,16 +466,18 @@ namespace epics {
void installClientSecurityPlugin(std::tr1::shared_ptr<SecurityPlugin> plugin)
{
m_clientSecurityPlugins[plugin->getId()] = plugin;
LOG(epics::pvAccess::logLevelDebug, "Client security plug-in '%s' installed.", plugin->getId().c_str());
}
void installServerSecurityPlugin(std::tr1::shared_ptr<SecurityPlugin> plugin)
{
m_serverSecurityPlugins[plugin->getId()] = plugin;
LOG(epics::pvAccess::logLevelDebug, "Server security plug-in '%s' installed.", plugin->getId().c_str());
}
private:
SecurityPluginRegistry() {
// install CA client secutiry plugin by default
// install CA client security plugin by default
installClientSecurityPlugin(CAClientSecurityPlugin::INSTANCE);
}
@@ -482,7 +485,6 @@ namespace epics {
std::map<std::string, std::tr1::shared_ptr<SecurityPlugin> > m_serverSecurityPlugins;
};
}
}

5
src/remoteClient/clientContextImpl.cpp
View File

@@ -4247,7 +4247,10 @@ TODO
m_connector.reset(new BlockingTCPConnector(thisPointer, m_receiveBufferSize, m_connectionTimeout));
m_transportRegistry.reset(new TransportRegistry());
// TODO put memory barrier here... (if not already called withing a lock?)
// preinitialize security plugins
SecurityPluginRegistry::instance();
// TODO put memory barrier here... (if not already called within a lock?)
// setup UDP transport
initializeUDPTransport();

2
src/server/responseHandlers.cpp
View File

@@ -160,7 +160,7 @@ void ServerConnectionValidationHandler::handleResponse(
// optional authNZ plug-in initialization data
PVField::shared_pointer data;
if (payloadBuffer->getRemaining())
SerializationHelper::deserializeFull(payloadBuffer, transport.get());
data = SerializationHelper::deserializeFull(payloadBuffer, transport.get());
struct {
std::string securityPluginName;