Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Consistently use uid_t/gid_t for credentials
Browse files Browse the repository at this point in the history
@kheaactua
kheaactua committed Dec 14, 2023

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode
1 parent 02c199d commit 40f2c8f
Showing 12 changed files with 61 additions and 61 deletions.
4 changes: 2 additions & 2 deletions implementation/configuration/include/internal.hpp.in
View file
Original file line number Diff line number Diff line change
@@ -150,8 +150,8 @@ const std::uint32_t QUEUE_SIZE_UNLIMITED = (std::numeric_limits<std::uint32_t>::

const std::uint32_t MAX_RECONNECTS_UNLIMITED = (std::numeric_limits<std::uint32_t>::max)();

const std::uint32_t ANY_UID = 0xFFFFFFFF;
const std::uint32_t ANY_GID = 0xFFFFFFFF;
const uid_t ANY_UID = (std::numeric_limits<::uid_t>::max)();
const gid_t ANY_GID = (std::numeric_limits<::gid_t>::max)();

enum class port_type_e {
PT_OPTIONAL,
6 changes: 3 additions & 3 deletions implementation/endpoints/include/local_server_endpoint_impl_receive_op.hpp
View file
Original file line number Diff line number Diff line change
@@ -26,9 +26,9 @@ struct storage :
socket_type_t &socket_;
receive_handler_t handler_;
byte_t *buffer_;
std::size_t length_;
uid_t uid_;
gid_t gid_;
size_t length_;
uid_t uid_ = ANY_UID;
gid_t gid_ = ANY_GID;
size_t bytes_;

storage(
2 changes: 1 addition & 1 deletion implementation/endpoints/include/local_uds_server_endpoint_impl.hpp
View file
Original file line number Diff line number Diff line change
@@ -125,7 +125,7 @@ class local_uds_server_endpoint_impl: public local_uds_server_endpoint_base_impl
void receive_cbk(boost::system::error_code const &_error,
std::size_t _bytes
#if defined(__linux__) || defined(ANDROID) || defined(__QNX__)
, std::uint32_t const &_uid, std::uint32_t const &_gid
, uid_t const &_uid, gid_t const &_gid
#endif
);
void calculate_shrink_count();
2 changes: 1 addition & 1 deletion implementation/endpoints/include/udp_server_endpoint_impl_receive_op.hpp
View file
Original file line number Diff line number Diff line change
@@ -296,7 +296,7 @@ receive_cb (std::shared_ptr<storage> _data) {
_data->sender_ = endpoint_type_t(its_sender_address, its_sender_port);

// destination
struct in_pktinfo *its_pktinfo_v4;
struct in_pktinfo *its_pktinfo_v4 = nullptr;
for (struct cmsghdr *cmsg = CMSG_FIRSTHDR(&its_header);
cmsg != NULL;
cmsg = CMSG_NXTHDR(&its_header, cmsg)) {
6 changes: 3 additions & 3 deletions implementation/endpoints/src/local_uds_server_endpoint_impl.cpp
View file
Original file line number Diff line number Diff line change
@@ -489,8 +489,8 @@ void local_uds_server_endpoint_impl::connection::start() {
),
&recv_buffer_[recv_buffer_size_],
left_buffer_size,
std::numeric_limits<std::uint32_t>::max(),
std::numeric_limits<std::uint32_t>::max(),
std::numeric_limits<uid_t>::max(),
std::numeric_limits<gid_t>::max(),
std::numeric_limits<std::size_t>::min()
);

@@ -608,7 +608,7 @@ void local_uds_server_endpoint_impl::connection::send_cbk(const message_buffer_p

void local_uds_server_endpoint_impl::connection::receive_cbk(
boost::system::error_code const &_error, std::size_t _bytes,
std::uint32_t const &_uid, std::uint32_t const &_gid)
uid_t const &_uid, gid_t const &_gid)
{
std::shared_ptr<local_uds_server_endpoint_impl> its_server(server_.lock());
if (!its_server) {
16 changes: 8 additions & 8 deletions implementation/routing/include/routing_manager_stub.hpp
View file
Original file line number Diff line number Diff line change
@@ -110,24 +110,24 @@ class routing_manager_stub: public routing_host,
pending_remote_offer_id_t _id);

#ifndef VSOMEIP_DISABLE_SECURITY
bool update_security_policy_configuration(uint32_t _uid, uint32_t _gid,
bool update_security_policy_configuration(uid_t _uid, gid_t _gid,
const std::shared_ptr<policy> &_policy,
const std::shared_ptr<payload> &_payload,
const security_update_handler_t &_handler);
bool remove_security_policy_configuration(uint32_t _uid, uint32_t _gid,
bool remove_security_policy_configuration(uid_t _uid, gid_t _gid,
const security_update_handler_t &_handler);
void on_security_update_response(pending_security_update_id_t _id,
client_t _client);

void policy_cache_add(uint32_t _uid, const std::shared_ptr<payload>& _payload);
void policy_cache_remove(uint32_t _uid);
bool is_policy_cached(uint32_t _uid);
void policy_cache_add(uid_t _uid, const std::shared_ptr<payload>& _payload);
void policy_cache_remove(uid_t _uid);
bool is_policy_cached(uid_t _uid);

bool send_update_security_policy_request(client_t _client,
pending_security_update_id_t _update_id, uint32_t _uid,
pending_security_update_id_t _update_id, uid_t _uid,
const std::shared_ptr<payload>& _payload);
bool send_remove_security_policy_request(client_t _client,
pending_security_update_id_t _update_id, uint32_t _uid, uint32_t _gid);
pending_security_update_id_t _update_id, uid_t _uid, gid_t _gid);

bool send_cached_security_policies(client_t _client);

@@ -200,7 +200,7 @@ class routing_manager_stub: public routing_host,
protocol::routing_info_entry &_entry);
void send_client_routing_info(const client_t _target,
std::vector<protocol::routing_info_entry> &&_entries);
void send_client_credentials(client_t _target, std::set<std::pair<uint32_t, uint32_t>> &_credentials);
void send_client_credentials(client_t _target, std::set<std::pair<uid_t, gid_t>> &_credentials);

void on_client_id_timer_expired(boost::system::error_code const &_error);

6 changes: 3 additions & 3 deletions implementation/routing/src/routing_manager_client.cpp
View file
Original file line number Diff line number Diff line change
@@ -1643,8 +1643,8 @@ void routing_manager_client::on_message(
its_command.deserialize(its_buffer, its_error);
if (its_error == protocol::error_e::ERROR_OK) {
auto its_policy = its_command.get_policy();
uint32_t its_uid;
uint32_t its_gid;
uid_t its_uid;
gid_t its_gid;
if (its_policy->get_uid_gid(its_uid, its_gid)) {
if (is_internal_policy_update
|| its_security->is_policy_update_allowed(its_uid, its_policy)) {
@@ -2832,7 +2832,7 @@ void routing_manager_client::on_update_security_credentials(

for (const auto &c : _command.get_credentials()) {
std::shared_ptr<policy> its_policy(std::make_shared<policy>());
boost::icl::interval_set<uint32_t> its_gid_set;
boost::icl::interval_set<gid_t> its_gid_set;
uid_t its_uid(c.first);
gid_t its_gid(c.second);

22 changes: 11 additions & 11 deletions implementation/routing/src/routing_manager_stub.cpp
View file
Original file line number Diff line number Diff line change
@@ -1128,7 +1128,7 @@ void routing_manager_stub::on_stop_offer_service(client_t _client,
}

void routing_manager_stub::send_client_credentials(const client_t _target,
std::set<std::pair<uint32_t, uint32_t>> &_credentials) {
std::set<std::pair<uid_t, gid_t>> &_credentials) {

std::shared_ptr<endpoint> its_endpoint = host_->find_local(_target);
if (its_endpoint) {
@@ -1207,7 +1207,7 @@ void routing_manager_stub::send_client_routing_info(const client_t _target,
}

void routing_manager_stub::distribute_credentials(client_t _hoster, service_t _service, instance_t _instance) {
std::set<std::pair<uint32_t, uint32_t>> its_credentials;
std::set<std::pair<uid_t, gid_t>> its_credentials;
std::set<client_t> its_requesting_clients;
// search for clients which shall receive the credentials
for (auto its_requesting_client : service_requests_) {
@@ -1223,7 +1223,7 @@ void routing_manager_stub::distribute_credentials(client_t _hoster, service_t _s
// search for UID / GID linked with the client ID that offers the requested services
vsomeip_sec_client_t its_sec_client;
if (policy_manager_impl::get()->get_client_to_sec_client_mapping(_hoster, its_sec_client)) {
std::pair<uint32_t, uint32_t> its_uid_gid;
std::pair<uid_t, gid_t> its_uid_gid;
its_uid_gid.first = its_sec_client.user;
its_uid_gid.second = its_sec_client.group;
its_credentials.insert(its_uid_gid);
@@ -1843,7 +1843,7 @@ void routing_manager_stub::handle_credentials(const client_t _client, std::set<p
}

std::lock_guard<std::mutex> its_guard(routing_info_mutex_);
std::set<std::pair<uint32_t, uint32_t>> its_credentials;
std::set<std::pair<uid_t, gid_t>> its_credentials;
vsomeip_sec_client_t its_requester_sec_client;
if (policy_manager_impl::get()->get_client_to_sec_client_mapping(_client, its_requester_sec_client)) {
// determine credentials of offering clients using current routing info
@@ -2051,7 +2051,7 @@ bool routing_manager_stub::send_provided_event_resend_request(
}

#ifndef VSOMEIP_DISABLE_SECURITY
bool routing_manager_stub::is_policy_cached(uint32_t _uid) {
bool routing_manager_stub::is_policy_cached(uid_t _uid) {
{
std::lock_guard<std::mutex> its_lock(updated_security_policies_mutex_);
if (updated_security_policies_.find(_uid)
@@ -2065,23 +2065,23 @@ bool routing_manager_stub::is_policy_cached(uint32_t _uid) {
}
}

void routing_manager_stub::policy_cache_add(uint32_t _uid, const std::shared_ptr<payload>& _payload) {
void routing_manager_stub::policy_cache_add(uid_t _uid, const std::shared_ptr<payload>& _payload) {
// cache security policy payload for later distribution to new registering clients
{
std::lock_guard<std::mutex> its_lock(updated_security_policies_mutex_);
updated_security_policies_[_uid] = _payload;
}
}

void routing_manager_stub::policy_cache_remove(uint32_t _uid) {
void routing_manager_stub::policy_cache_remove(uid_t _uid) {
{
std::lock_guard<std::mutex> its_lock(updated_security_policies_mutex_);
updated_security_policies_.erase(_uid);
}
}

bool routing_manager_stub::send_update_security_policy_request(client_t _client, pending_security_update_id_t _update_id,
uint32_t _uid, const std::shared_ptr<payload>& _payload) {
uid_t _uid, const std::shared_ptr<payload>& _payload) {
(void)_uid;

std::shared_ptr<endpoint> its_endpoint = host_->find_local(_client);
@@ -2161,7 +2161,7 @@ bool routing_manager_stub::send_cached_security_policies(client_t _client) {

bool routing_manager_stub::send_remove_security_policy_request(
client_t _client, pending_security_update_id_t _update_id,
uint32_t _uid, uint32_t _gid) {
uid_t _uid, gid_t _gid) {

protocol::remove_security_policy_command its_command;
its_command.set_client(_client);
@@ -2380,7 +2380,7 @@ void routing_manager_stub::on_security_update_timeout(
}

bool routing_manager_stub::update_security_policy_configuration(
uint32_t _uid, uint32_t _gid,
uid_t _uid, gid_t _gid,
const std::shared_ptr<policy> &_policy,
const std::shared_ptr<payload> &_payload,
const security_update_handler_t &_handler) {
@@ -2448,7 +2448,7 @@ bool routing_manager_stub::update_security_policy_configuration(
}

bool routing_manager_stub::remove_security_policy_configuration(
uint32_t _uid, uint32_t _gid, const security_update_handler_t &_handler) {
uid_t _uid, gid_t _gid, const security_update_handler_t &_handler) {

bool ret(true);

20 changes: 10 additions & 10 deletions implementation/security/include/policy_manager_impl.hpp
View file
Original file line number Diff line number Diff line change
@@ -47,23 +47,23 @@ class VSOMEIP_IMPORT_EXPORT policy_manager_impl
void print_policy(const std::shared_ptr<policy> &_policy) const;

bool parse_uid_gid(const byte_t* &_buffer, uint32_t &_buffer_size,
uint32_t &_uid, uint32_t &_gid) const;
uid_t &_uid, gid_t &_gid) const;
bool parse_policy(const byte_t* &_buffer, uint32_t &_buffer_size,
uint32_t &_uid, uint32_t &_gid,
uid_t &_uid, gid_t &_gid,
const std::shared_ptr<policy> &_policy) const;

bool is_policy_update_allowed(uint32_t _uid,
bool is_policy_update_allowed(uid_t _uid,
std::shared_ptr<policy> &_policy) const;
bool is_policy_removal_allowed(uint32_t _uid) const;
bool is_policy_removal_allowed(uid_t _uid) const;

// extension
void load(const configuration_element &_element,
const bool _lazy_load = false);

void update_security_policy(uint32_t _uid, uint32_t _gid, const std::shared_ptr<policy>& _policy);
bool remove_security_policy(uint32_t _uid, uint32_t _gid);
void update_security_policy(uid_t _uid, gid_t _gid, const std::shared_ptr<policy>& _policy);
bool remove_security_policy(uid_t _uid, gid_t _gid);

void add_security_credentials(uint32_t _uid, uint32_t _gid,
void add_security_credentials(uid_t _uid, gid_t _gid,
const std::shared_ptr<policy>& _credentials_policy, client_t _client);

void get_requester_policies(const std::shared_ptr<policy> _policy,
@@ -106,7 +106,7 @@ class VSOMEIP_IMPORT_EXPORT policy_manager_impl
const vsomeip_sec_client_t *_sec_client);
bool check_routing_credentials(
const vsomeip_sec_client_t *_sec_client) const;
void set_routing_credentials(uint32_t _uid, uint32_t _gid,
void set_routing_credentials(uid_t _uid, gid_t _gid,
const std::string &_name);

bool is_client_allowed(const vsomeip_sec_client_t *_sec_client,
@@ -146,7 +146,7 @@ class VSOMEIP_IMPORT_EXPORT policy_manager_impl
boost::icl::interval_set<service_t> service_interface_whitelist_;

mutable std::mutex uid_whitelist_mutex_;
boost::icl::interval_set<uint32_t> uid_whitelist_;
boost::icl::interval_set<uid_t> uid_whitelist_;

mutable std::mutex policy_base_path_mutex_;
std::string policy_base_path_;
@@ -161,7 +161,7 @@ class VSOMEIP_IMPORT_EXPORT policy_manager_impl
bool is_configured_;

mutable std::mutex routing_credentials_mutex_;
std::pair<uint32_t, uint32_t> routing_credentials_;
std::pair<uid_t, gid_t> routing_credentials_;

mutable std::mutex ids_mutex_;
std::map<client_t, vsomeip_sec_client_t> ids_;
4 changes: 2 additions & 2 deletions implementation/security/src/policy.cpp
View file
Original file line number Diff line number Diff line change
@@ -40,11 +40,11 @@ policy::deserialize_uid_gid(const byte_t * &_data, uint32_t &_size,

bool its_result;

its_result = deserialize_u32(_data, _size, _uid);
its_result = deserialize_u32(_data, _size, reinterpret_cast<uint32_t&>(_uid));
if (its_result == false)
return false;

its_result = deserialize_u32(_data, _size, _gid);
its_result = deserialize_u32(_data, _size, reinterpret_cast<uint32_t&>(_gid));
if (its_result == false)
return false;

Loading

0 comments on commit 40f2c8f

Please sign in to comment.