MCPcopy Create free account
hub / github.com/OpenDDS/OpenDDS / check_remote_datareader

Method check_remote_datareader

dds/DCPS/security/AccessControlBuiltInImpl.cpp:756–816  ·  view source on GitHub ↗

Source from the content-addressed store, hash-verified

754}
755
756::CORBA::Boolean AccessControlBuiltInImpl::check_remote_datareader(
757 ::DDS::Security::PermissionsHandle permissions_handle,
758 ::DDS::Security::DomainId_t domain_id,
759 const ::DDS::Security::SubscriptionBuiltinTopicDataSecure & subscription_data,
760 ::CORBA::Boolean & relay_only,
761 ::DDS::Security::SecurityException & ex)
762{
763 if (DDS::HANDLE_NIL == permissions_handle) {
764 return CommonUtilities::set_security_error(ex, -1, 0, "AccessControlBuiltInImpl::check_remote_datareader: Invalid permissions handle");
765 }
766
767 ACE_GUARD_RETURN(ACE_Thread_Mutex, guard, handle_mutex_, false);
768
769 ACPermsMap::iterator ac_iter = local_ac_perms_.find(permissions_handle);
770
771 if (ac_iter == local_ac_perms_.end()) {
772 return CommonUtilities::set_security_error(ex, -1, 0, "AccessControlBuiltInImpl::check_create_datareader: No matching permissions handle present");
773 }
774
775 // Default this to false for now
776 relay_only = false;
777
778 gov_iter begin = ac_iter->second.gov->access_rules().begin();
779 gov_iter end = ac_iter->second.gov->access_rules().end();
780
781 for (gov_iter giter = begin; giter != end; ++giter) {
782
783 if (giter->domains.has(domain_id)) {
784 Governance::TopicAccessRules::iterator tr_iter;
785
786 for (tr_iter = giter->topic_rules.begin(); tr_iter != giter->topic_rules.end(); ++tr_iter) {
787 if (pattern_match(subscription_data.base.base.topic_name, tr_iter->topic_expression.c_str())) {
788 if (!tr_iter->topic_attrs.is_read_protected) {
789 return true;
790 }
791 }
792 }
793 }
794 }
795
796 const Permissions::Grant_rch grant = ac_iter->second.perm->find_grant(ac_iter->second.subject);
797 if (!grant) {
798 return CommonUtilities::set_security_error(ex, -1, 0, "AccessControlBuiltInImpl::check_remote_datareader: Permissions grant not found");
799 }
800
801 const time_t now_utc = utc_now();
802 if (!validate_date_time(grant->validity, now_utc, ex)) {
803 return false;
804 }
805
806 time_t expiration_time = grant->validity.not_after;
807 if (!search_permissions(subscription_data.base.base.topic_name, domain_id,
808 subscription_data.base.base.partition, Permissions::SUBSCRIBE,
809 *grant, now_utc, expiration_time, ex)) {
810 return false;
811 }
812
813 make_task(remote_rp_task_)->insert(permissions_handle, expiration_time);

Callers 2

TEST_FFunction · 0.80

Calls 7

set_security_errorFunction · 0.85
find_grantMethod · 0.80
findMethod · 0.45
endMethod · 0.45
beginMethod · 0.45
hasMethod · 0.45
insertMethod · 0.45

Tested by

no test coverage detected