diff --git a/src/remote/codec.cpp b/src/remote/codec.cpp index 8e8b5ce..cffe3fe 100644 --- a/src/remote/codec.cpp +++ b/src/remote/codec.cpp @@ -1622,7 +1622,7 @@ namespace epics { buffer->putShort(0x7FFF); // list of authNZ plugin names - map securityPlugins; + map& securityPlugins = _context->getSecurityPlugins(); vector validSPNames; validSPNames.reserve(securityPlugins.size()); @@ -1764,11 +1764,22 @@ namespace epics { LOG(logLevelDebug, "Accepted security plug-in '%s' for PVA client: %s.", initData->securityPluginName.c_str(), ipAddrStr); } - // create session - SecurityPluginControl::shared_pointer spc = std::tr1::dynamic_pointer_cast(shared_from_this()); - - // TODO sync - _securitySession = securityPlugin->createSession(_socketAddress, spc, initData->data); + try + { + // create session + SecurityPluginControl::shared_pointer spc = std::tr1::dynamic_pointer_cast(shared_from_this()); + // TODO sync + _securitySession = securityPlugin->createSession(_socketAddress, spc, initData->data); + } catch (SecurityException &se) { + if (IS_LOGGABLE(logLevelDebug)) + { + char ipAddrStr[48]; + ipAddrToDottedIP(&_socketAddress.ia, ipAddrStr, sizeof(ipAddrStr)); + LOG(logLevelDebug, "Security plug-in '%s' failed to create a session for PVA client: %s.", initData->securityPluginName.c_str(), ipAddrStr); + } + Status status(Status::STATUSTYPE_ERROR, se.what()); + verified(status); + } } diff --git a/src/remote/security.cpp b/src/remote/security.cpp index 6f17c6a..a8dfa6c 100644 --- a/src/remote/security.cpp +++ b/src/remote/security.cpp @@ -50,4 +50,3 @@ CAClientSecurityPlugin::CAClientSecurityPlugin() m_userAndHost->getSubField("host")->put(buffer); } - diff --git a/src/remote/security.h b/src/remote/security.h index df4b760..ea19691 100644 --- a/src/remote/security.h +++ b/src/remote/security.h @@ -27,6 +27,7 @@ #include #include +#include #include @@ -465,16 +466,18 @@ namespace epics { void installClientSecurityPlugin(std::tr1::shared_ptr plugin) { m_clientSecurityPlugins[plugin->getId()] = plugin; + LOG(epics::pvAccess::logLevelDebug, "Client security plug-in '%s' installed.", plugin->getId().c_str()); } void installServerSecurityPlugin(std::tr1::shared_ptr plugin) { m_serverSecurityPlugins[plugin->getId()] = plugin; + LOG(epics::pvAccess::logLevelDebug, "Server security plug-in '%s' installed.", plugin->getId().c_str()); } private: SecurityPluginRegistry() { - // install CA client secutiry plugin by default + // install CA client security plugin by default installClientSecurityPlugin(CAClientSecurityPlugin::INSTANCE); } @@ -482,7 +485,6 @@ namespace epics { std::map > m_serverSecurityPlugins; }; - } } diff --git a/src/remoteClient/clientContextImpl.cpp b/src/remoteClient/clientContextImpl.cpp index 0592d93..70a19f4 100644 --- a/src/remoteClient/clientContextImpl.cpp +++ b/src/remoteClient/clientContextImpl.cpp @@ -4247,7 +4247,10 @@ TODO m_connector.reset(new BlockingTCPConnector(thisPointer, m_receiveBufferSize, m_connectionTimeout)); m_transportRegistry.reset(new TransportRegistry()); - // TODO put memory barrier here... (if not already called withing a lock?) + // preinitialize security plugins + SecurityPluginRegistry::instance(); + + // TODO put memory barrier here... (if not already called within a lock?) // setup UDP transport initializeUDPTransport(); diff --git a/src/server/responseHandlers.cpp b/src/server/responseHandlers.cpp index a462eff..27b51f6 100644 --- a/src/server/responseHandlers.cpp +++ b/src/server/responseHandlers.cpp @@ -160,7 +160,7 @@ void ServerConnectionValidationHandler::handleResponse( // optional authNZ plug-in initialization data PVField::shared_pointer data; if (payloadBuffer->getRemaining()) - SerializationHelper::deserializeFull(payloadBuffer, transport.get()); + data = SerializationHelper::deserializeFull(payloadBuffer, transport.get()); struct { std::string securityPluginName;