Switch to one Participant per Context (#515)

Signed-off-by: Ivan Santiago Paunovic <ivanpauno@ekumenlabs.com>
ros2 · Apr 3, 2020 · 72ecb5f · 72ecb5f
1 parent 73948da
commit 72ecb5f
Show file tree

Hide file tree

Showing 30 changed files with 1,315 additions and 666 deletions.
diff --git a/rcl/CMakeLists.txt b/rcl/CMakeLists.txt
@@ -37,6 +37,7 @@ set(${PROJECT_NAME}_sources
   src/rcl/client.c
   src/rcl/common.c
   src/rcl/context.c
+  src/rcl/domain_id.c
   src/rcl/event.c
   src/rcl/expand_topic_name.c
   src/rcl/graph.c
@@ -53,13 +54,14 @@ set(${PROJECT_NAME}_sources
   src/rcl/publisher.c
   src/rcl/remap.c
   src/rcl/rmw_implementation_identifier_check.c
+  src/rcl/security.c
   src/rcl/service.c
   src/rcl/subscription.c
   src/rcl/time.c
   src/rcl/timer.c
+  src/rcl/validate_security_context_name.c
   src/rcl/validate_topic_name.c
   src/rcl/wait.c
-  src/rcl/security_directory.c
 )
 
 add_library(${PROJECT_NAME} ${${PROJECT_NAME}_sources})

diff --git a/rcl/include/rcl/arguments.h b/rcl/include/rcl/arguments.h
@@ -42,6 +42,7 @@ typedef struct rcl_arguments_t
 #define RCL_PARAM_FILE_FLAG "--params-file"
 #define RCL_REMAP_FLAG "--remap"
 #define RCL_SHORT_REMAP_FLAG "-r"
+#define RCL_SECURITY_CONTEXT_FLAG "--security-context"
 #define RCL_LOG_LEVEL_FLAG "--log-level"
 #define RCL_EXTERNAL_LOG_CONFIG_FLAG "--log-config-file"
 // To be prefixed with --enable- or --disable-

diff --git a/rcl/include/rcl/domain_id.h b/rcl/include/rcl/domain_id.h
@@ -0,0 +1,48 @@
+// Copyright 2019 Open Source Robotics Foundation, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef RCL__DOMAIN_ID_H_
+#define RCL__DOMAIN_ID_H_
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+#include <stddef.h>
+
+#include "rcl/types.h"
+#include "rcl/visibility_control.h"
+#include "rmw/domain_id.h"
+
+#define RCL_DEFAULT_DOMAIN_ID RMW_DEFAULT_DOMAIN_ID
+
+extern const char * const RCL_DOMAIN_ID_ENV_VAR;
+
+/// Determine the default domain ID, based on the environment.
+/**
+ * \param[out] domain_id Must not be NULL.
+ * \returns RCL_RET_INVALID_ARGUMENT if an argument is invalid, or,
+ * \returns RCL_RET_ERROR in case of an unexpected error, or,
+ * \returns RCL_RET_OK.
+ */
+RCL_PUBLIC
+rcl_ret_t
+rcl_get_default_domain_id(size_t * domain_id);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif  // RCL__DOMAIN_ID_H_
diff --git a/rcl/include/rcl/graph.h b/rcl/include/rcl/graph.h
@@ -429,6 +429,7 @@ rcl_names_and_types_fini(rcl_names_and_types_t * names_and_types);
  * \param[out] node_names struct storing discovered node names
  * \param[out] node_namesspaces struct storing discovered node namespaces
  * \return `RCL_RET_OK` if the query was successful, or
+ * \return `RCL_RET_BAD_ALLOC` if an error occurred while allocating memory, or
  * \return `RCL_RET_ERROR` if an unspecified error occurs.
  */
 RCL_PUBLIC
@@ -440,6 +441,39 @@ rcl_get_node_names(
   rcutils_string_array_t * node_names,
   rcutils_string_array_t * node_namespaces);
 
+/// Return a list of available nodes in the ROS graph, including their security context names.
+/**
+ * An \ref rcl_get_node_names equivalent, but including in its output the security context
+ * name the node is using.
+ *
+ * <hr>
+ * Attribute          | Adherence
+ * ------------------ | -------------
+ * Allocates Memory   | Yes
+ * Thread-Safe        | No
+ * Uses Atomics       | No
+ * Lock-Free          | Maybe [1]
+ * <i>[1] RMW implementation in use may need to protect the data structure with a lock</i>
+ *
+ * \param[in] node the handle to the node being used to query the ROS graph
+ * \param[in] allocator used to control allocation and deallocation of names
+ * \param[out] node_names struct storing discovered node names
+ * \param[out] node_namesspaces struct storing discovered node namespaces
+ * \param[out] security_contexts struct storing discovered node security contexts
+ * \return `RCL_RET_OK` if the query was successful, or
+ * \return `RCL_RET_BAD_ALLOC` if an error occurred while allocating memory, or
+ * \return `RCL_RET_ERROR` if an unspecified error occurs.
+ */
+RCL_PUBLIC
+RCL_WARN_UNUSED
+rcl_ret_t
+rcl_get_node_names_with_security_contexts(
+  const rcl_node_t * node,
+  rcl_allocator_t allocator,
+  rcutils_string_array_t * node_names,
+  rcutils_string_array_t * node_namespaces,
+  rcutils_string_array_t * security_contexts);
+
 /// Return the number of publishers on a given topic.
 /**
  * The `node` parameter must point to a valid node.

diff --git a/rcl/include/rcl/localhost.h b/rcl/include/rcl/localhost.h
@@ -22,18 +22,22 @@ extern "C"
 
 #include "rcl/types.h"
 #include "rcl/visibility_control.h"
+#include "rmw/localhost.h"
 
 extern const char * const RCL_LOCALHOST_ENV_VAR;
 
 /// Determine if the user wants to communicate using loopback only.
 /**
- * Checks if localhost should be used for network communication checking ROS_LOCALHOST_ONLY env
- * variable
- * \returns true if ROS_LOCALHOST_ONLY is set and is 1, false otherwise.
+ * Checks if localhost should be used for network communication based on environment.
+ *
+ * \param[out] localhost_only Must not be NULL.
+ * \returns RCL_RET_INVALID_ARGUMENT if an argument is invalid, or
+ * \returns RCL_RET_ERROR if an unexpected error happened, or
+ * \returns RCL_RET_OK.
  */
 RCL_PUBLIC
-bool
-rcl_localhost_only();
+rcl_ret_t
+rcl_get_localhost_only(rmw_localhost_only_t * localhost_only);
 
 #ifdef __cplusplus
 }

diff --git a/rcl/include/rcl/node.h b/rcl/include/rcl/node.h
@@ -336,7 +336,7 @@ rcl_node_get_options(const rcl_node_t * node);
  * This function returns the ROS domain ID that the node is in.
  *
  * This function should be used to determine what `domain_id` was used rather
- * than checking the domin_id field in the node options, because if
+ * than checking the domain_id field in the node options, because if
  * `RCL_NODE_OPTIONS_DEFAULT_DOMAIN_ID` is used when creating the node then
  * it is not changed after creation, but this function will return the actual
  * `domain_id` used.

diff --git a/rcl/include/rcl/node_options.h b/rcl/include/rcl/node_options.h
@@ -23,8 +23,10 @@ extern "C"
 #include "rcl/allocator.h"
 #include "rcl/arguments.h"
 
+#include "rcl/domain_id.h"
+
 /// Constant which indicates that the default domain id should be used.
-#define RCL_NODE_OPTIONS_DEFAULT_DOMAIN_ID SIZE_MAX
+#define RCL_NODE_OPTIONS_DEFAULT_DOMAIN_ID RCL_DEFAULT_DOMAIN_ID
 
 /// Structure which encapsulates the options for creating a rcl_node_t.
 typedef struct rcl_node_options_t

diff --git a/rcl/include/rcl/security.h b/rcl/include/rcl/security.h
@@ -0,0 +1,124 @@
+// Copyright 2018-2020 Open Source Robotics Foundation, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef RCL__SECURITY_H_
+#define RCL__SECURITY_H_
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+#include <stdbool.h>
+
+#include "rcl/allocator.h"
+#include "rcl/types.h"
+#include "rcl/visibility_control.h"
+#include "rmw/security_options.h"
+
+#ifndef ROS_SECURITY_DIRECTORY_OVERRIDE
+# define ROS_SECURITY_DIRECTORY_OVERRIDE "ROS_SECURITY_DIRECTORY_OVERRIDE"
+#endif
+
+#ifndef ROS_SECURITY_ROOT_DIRECTORY_VAR_NAME
+# define ROS_SECURITY_ROOT_DIRECTORY_VAR_NAME "ROS_SECURITY_ROOT_DIRECTORY"
+#endif
+
+#ifndef ROS_SECURITY_STRATEGY_VAR_NAME
+# define ROS_SECURITY_STRATEGY_VAR_NAME "ROS_SECURITY_STRATEGY"
+#endif
+
+#ifndef ROS_SECURITY_ENABLE_VAR_NAME
+# define ROS_SECURITY_ENABLE_VAR_NAME "ROS_SECURITY_ENABLE"
+#endif
+
+/// Initialize security options from values in the environment variables and given names.
+/**
+ * Initialize the given security options based on the environment.
+ * For more details:
+ *  \sa rcl_security_enabled
+ *  \sa rcl_get_enforcement_policy
+ *  \sa rcl_get_secure_root
+ *
+ * \param[in] name name used to find the securiy root path.
+ * \param[in] allocator used to do allocations.
+ * \param[out] security_options security options that will be configured according to
+ *  the environment.
+ */
+RCL_PUBLIC
+rcl_ret_t
+rcl_get_security_options_from_environment(
+  const char * name,
+  const rcutils_allocator_t * allocator,
+  rmw_security_options_t * security_options);
+
+/// Check if security has to be used, according to the environment.
+/**
+ * If `ROS_SECURITY_ENABLE` environment variable is set to "true", `use_security` will be set to
+ * true.
+ *
+ * \param[out] use_security Must not be NULL.
+ * \returns RCL_RET_INVALID_ARGUMENT if an argument is not valid, or
+ * \returns RCL_RET_ERROR if an unexpected error happened, or
+ * \returns RCL_RET_OK.
+ */
+RCL_PUBLIC
+rcl_ret_t
+rcl_security_enabled(bool * use_security);
+
+/// Get security enforcement policy from the environment.
+/**
+ * Sets `policy` based on the value of `ROS_SECURITY_STRATEGY` environment variable.
+ * If `ROS_SECURITY_STRATEGY` is "Enforce", `policy` will be `RMW_SECURITY_ENFORCEMENT_ENFORCE`.
+ * If not, `policy` will be `RMW_SECURITY_ENFORCEMENT_PERMISSIVE`.
+ *
+ * \param[out] policy Must not be NULL.
+ * \returns RCL_RET_INVALID_ARGUMENT if an argument is not valid, or
+ * \returns RCL_RET_ERROR if an unexpected error happened, or
+ * \returns RCL_RET_OK.
+ */
+RCL_PUBLIC
+rcl_ret_t
+rcl_get_enforcement_policy(rmw_security_enforcement_policy_t * policy);
+
+/// Return the secure root given a security context name.
+/**
+ * Return the security directory associated with the security context name.
+ *
+ * The value of the environment variable `ROS_SECURITY_ROOT_DIRECTORY` is used as a root.
+ * The specific directory to be used, is found from that root using the `name` passed.
+ * E.g. for a context named "/a/b/c" and root "/r", the secure root path will be
+ * "/r/a/b/c", where the delimiter "/" is native for target file system (e.g. "\\" for _WIN32).
+ *
+ * However, this expansion can be overridden by setting the secure directory override environment
+ * (`ROS_SECURITY_DIRECTORY_OVERRIDE`) variable, allowing users to explicitly specify the exact secure
+ * root directory to be utilized.
+ * Such an override is useful for applications where the security context is non-deterministic
+ * before runtime, or when testing and using additional tools that may not otherwise be easily
+ * provisioned.
+ *
+ * \param[in] name validated name (a single token)
+ * \param[in] allocator the allocator to use for allocation
+ * \returns Machine specific (absolute) secure root path or NULL on failure.
+ *  Returned pointer must be deallocated by the caller of this function
+ */
+RCL_PUBLIC
+char *
+rcl_get_secure_root(const char * name, const rcl_allocator_t * allocator);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif  // RCL__SECURITY_H_
diff --git a/rcl/include/rcl/security_directory.h b/rcl/include/rcl/security_directory.h