access security
This commit is contained in:
Matej Sekoranja
@@ -13,13 +13,13 @@ namespace epics {
|
||||
namespace pvAccess {
|
||||
|
||||
const Status BaseChannelRequester::okStatus = Status();
|
||||
const Status BaseChannelRequester::badCIDStatus = Status(Status::STATUSTYPE_ERROR, "bad channel id");
|
||||
const Status BaseChannelRequester::badIOIDStatus = Status(Status::STATUSTYPE_ERROR, "bad request id");
|
||||
const Status BaseChannelRequester::noReadACLStatus = Status(Status::STATUSTYPE_ERROR, "no read access");
|
||||
const Status BaseChannelRequester::noWriteACLStatus = Status(Status::STATUSTYPE_ERROR, "no write access");
|
||||
const Status BaseChannelRequester::noProcessACLStatus = Status(Status::STATUSTYPE_ERROR, "no process access");
|
||||
const Status BaseChannelRequester::otherRequestPendingStatus = Status(Status::STATUSTYPE_ERROR, "other request pending");
|
||||
const Status BaseChannelRequester::notAChannelRequestStatus = Status(Status::STATUSTYPE_ERROR, "not a channel request");
|
||||
const Status BaseChannelRequester::badCIDStatus(Status::STATUSTYPE_ERROR, "bad channel id");
|
||||
const Status BaseChannelRequester::badIOIDStatus(Status::STATUSTYPE_ERROR, "bad request id");
|
||||
const Status BaseChannelRequester::noReadACLStatus(Status::STATUSTYPE_ERROR, "no read access");
|
||||
const Status BaseChannelRequester::noWriteACLStatus(Status::STATUSTYPE_ERROR, "no write access");
|
||||
const Status BaseChannelRequester::noProcessACLStatus(Status::STATUSTYPE_ERROR, "no process access");
|
||||
const Status BaseChannelRequester::otherRequestPendingStatus(Status::STATUSTYPE_ERROR, "other request pending");
|
||||
const Status BaseChannelRequester::notAChannelRequestStatus(Status::STATUSTYPE_ERROR, "not a channel request");
|
||||
|
||||
const int32 BaseChannelRequester::NULL_REQUEST = -1;
|
||||
|
||||
|
||||
@@ -19,6 +19,7 @@
|
||||
|
||||
#include <pv/pvAccessMB.h>
|
||||
#include <pv/rpcServer.h>
|
||||
#include <pv/security.h>
|
||||
|
||||
using std::string;
|
||||
using std::ostringstream;
|
||||
@@ -92,8 +93,8 @@ ServerResponseHandler::ServerResponseHandler(ServerContextImpl::shared_pointer c
|
||||
m_handlerTable[CMD_ECHO].reset(new ServerEchoHandler(context)); /* 2 */
|
||||
m_handlerTable[CMD_SEARCH].reset(new ServerSearchHandler(context)); /* 3 */
|
||||
m_handlerTable[CMD_SEARCH_RESPONSE] = badResponse;
|
||||
m_handlerTable[CMD_AUTHNZ] = badResponse; /* 5 */
|
||||
m_handlerTable[CMD_ACL_CHANGE] = badResponse; /* 6 - introspection search */
|
||||
m_handlerTable[CMD_AUTHNZ].reset(new AuthNZHandler(context.get())); /* 5 */
|
||||
m_handlerTable[CMD_ACL_CHANGE] = badResponse; /* 6 - access right change */
|
||||
m_handlerTable[CMD_CREATE_CHANNEL].reset(new ServerCreateChannelHandler(context)); /* 7 */
|
||||
m_handlerTable[CMD_DESTROY_CHANNEL].reset(new ServerDestroyChannelHandler(context)); /* 8 */
|
||||
m_handlerTable[CMD_CONNECTION_VALIDATED] = badResponse; /* 9 */
|
||||
@@ -152,13 +153,28 @@ void ServerConnectionValidationHandler::handleResponse(
|
||||
/* int clientIntrospectionRegistryMaxSize = */ payloadBuffer->getShort();
|
||||
// TODO connectionQoS
|
||||
/* int16 connectionQoS = */ payloadBuffer->getShort();
|
||||
// TODO authNZ
|
||||
/*std::string authNZ = */ SerializeHelper::deserializeString(payloadBuffer, transport.get());
|
||||
|
||||
// TODO call this after authNZ has done their work
|
||||
transport->verified(Status::Ok);
|
||||
// authNZ
|
||||
std::string securityPluginName = SerializeHelper::deserializeString(payloadBuffer, transport.get());
|
||||
|
||||
// optional authNZ plug-in initialization data
|
||||
PVField::shared_pointer data;
|
||||
if (payloadBuffer->getRemaining())
|
||||
SerializationHelper::deserializeFull(payloadBuffer, transport.get());
|
||||
|
||||
struct {
|
||||
std::string securityPluginName;
|
||||
PVField::shared_pointer data;
|
||||
} initData = { securityPluginName, data };
|
||||
|
||||
transport->authNZInitialize(&initData);
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
void ServerEchoHandler::handleResponse(osiSockAddr* responseFrom,
|
||||
Transport::shared_pointer const & transport, int8 version, int8 command,
|
||||
size_t payloadSize, ByteBuffer* payloadBuffer)
|
||||
@@ -630,7 +646,7 @@ void ServerChannelRequesterImpl::channelCreated(const Status& status, Channel::s
|
||||
pvAccessID sid = casTransport->preallocateChannelSID();
|
||||
try
|
||||
{
|
||||
epics::pvData::PVField::shared_pointer securityToken = casTransport->getSecurityToken();
|
||||
epics::pvData::PVField::shared_pointer securityToken; // TODO replace with security session
|
||||
serverChannel.reset(new ServerChannelImpl(channel, _cid, sid, securityToken));
|
||||
|
||||
// ack allocation and register
|
||||
|
||||
@@ -10,6 +10,7 @@
|
||||
#include <pv/responseHandlers.h>
|
||||
#include <pv/logger.h>
|
||||
#include <pv/serverContext.h>
|
||||
#include <pv/security.h>
|
||||
|
||||
using namespace std;
|
||||
using namespace epics::pvData;
|
||||
@@ -673,6 +674,11 @@ void ServerContextImpl::newServerDetected()
|
||||
// not used
|
||||
}
|
||||
|
||||
std::map<std::string, std::tr1::shared_ptr<SecurityPlugin> >& ServerContextImpl::getSecurityPlugins()
|
||||
{
|
||||
return SecurityPluginRegistry::instance().getServerSecurityPlugins();
|
||||
}
|
||||
|
||||
|
||||
|
||||
struct ThreadRunnerParam {
|
||||
|
||||
@@ -138,6 +138,7 @@ public:
|
||||
Transport::shared_pointer getSearchTransport();
|
||||
Configuration::shared_pointer getConfiguration();
|
||||
TransportRegistry::shared_pointer getTransportRegistry();
|
||||
std::map<std::string, std::tr1::shared_ptr<SecurityPlugin> >& getSecurityPlugins();
|
||||
|
||||
std::auto_ptr<ResponseHandler> createResponseHandler();
|
||||
virtual void newServerDetected();
|
||||
|
||||
Reference in New Issue
Block a user