| 754 | } |
| 755 | |
| 756 | ::CORBA::Boolean AccessControlBuiltInImpl::check_remote_datareader( |
| 757 | ::DDS::Security::PermissionsHandle permissions_handle, |
| 758 | ::DDS::Security::DomainId_t domain_id, |
| 759 | const ::DDS::Security::SubscriptionBuiltinTopicDataSecure & subscription_data, |
| 760 | ::CORBA::Boolean & relay_only, |
| 761 | ::DDS::Security::SecurityException & ex) |
| 762 | { |
| 763 | if (DDS::HANDLE_NIL == permissions_handle) { |
| 764 | return CommonUtilities::set_security_error(ex, -1, 0, "AccessControlBuiltInImpl::check_remote_datareader: Invalid permissions handle"); |
| 765 | } |
| 766 | |
| 767 | ACE_GUARD_RETURN(ACE_Thread_Mutex, guard, handle_mutex_, false); |
| 768 | |
| 769 | ACPermsMap::iterator ac_iter = local_ac_perms_.find(permissions_handle); |
| 770 | |
| 771 | if (ac_iter == local_ac_perms_.end()) { |
| 772 | return CommonUtilities::set_security_error(ex, -1, 0, "AccessControlBuiltInImpl::check_create_datareader: No matching permissions handle present"); |
| 773 | } |
| 774 | |
| 775 | // Default this to false for now |
| 776 | relay_only = false; |
| 777 | |
| 778 | gov_iter begin = ac_iter->second.gov->access_rules().begin(); |
| 779 | gov_iter end = ac_iter->second.gov->access_rules().end(); |
| 780 | |
| 781 | for (gov_iter giter = begin; giter != end; ++giter) { |
| 782 | |
| 783 | if (giter->domains.has(domain_id)) { |
| 784 | Governance::TopicAccessRules::iterator tr_iter; |
| 785 | |
| 786 | for (tr_iter = giter->topic_rules.begin(); tr_iter != giter->topic_rules.end(); ++tr_iter) { |
| 787 | if (pattern_match(subscription_data.base.base.topic_name, tr_iter->topic_expression.c_str())) { |
| 788 | if (!tr_iter->topic_attrs.is_read_protected) { |
| 789 | return true; |
| 790 | } |
| 791 | } |
| 792 | } |
| 793 | } |
| 794 | } |
| 795 | |
| 796 | const Permissions::Grant_rch grant = ac_iter->second.perm->find_grant(ac_iter->second.subject); |
| 797 | if (!grant) { |
| 798 | return CommonUtilities::set_security_error(ex, -1, 0, "AccessControlBuiltInImpl::check_remote_datareader: Permissions grant not found"); |
| 799 | } |
| 800 | |
| 801 | const time_t now_utc = utc_now(); |
| 802 | if (!validate_date_time(grant->validity, now_utc, ex)) { |
| 803 | return false; |
| 804 | } |
| 805 | |
| 806 | time_t expiration_time = grant->validity.not_after; |
| 807 | if (!search_permissions(subscription_data.base.base.topic_name, domain_id, |
| 808 | subscription_data.base.base.partition, Permissions::SUBSCRIBE, |
| 809 | *grant, now_utc, expiration_time, ex)) { |
| 810 | return false; |
| 811 | } |
| 812 | |
| 813 | make_task(remote_rp_task_)->insert(permissions_handle, expiration_time); |
no test coverage detected