-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature: Security Policies as Plugins #1003
Conversation
…into OPN_chunking
… if opn messages are longer than one chunk
…o remove asymmetric header decoding from processOPN
…N and into chunking
-Added todo for send chunking. probably needs major restructuring
-Added SecurityPolicy -Added SecurityContexts -Added SecurityPolicy_None -Modified SecureChannel and ServerConfig to accomodate for SecurityPolicies
If you like, i can remove the rest of the noise as well. Some files just have some includes changed. Those are mainly because the file was used, but not included directly. |
examples/server.c
Outdated
UA_ByteString cert = loadCertificate(); | ||
|
||
UA_ServerConfig *config = UA_ServerConfig_new_minimal(16664, &cert); | ||
if(config == NULL) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The cert
variable can already be deleted here, since it is copied in UA_ServerConfig_new_minimal
(as it is already in master).
This also avoids memleaks on the return -1
cases
plugins/ua_accesscontrol_default.h
Outdated
@@ -5,6 +5,7 @@ | |||
#define UA_ACCESSCONTROL_DEFAULT_H_ | |||
|
|||
#include "ua_server.h" | |||
#include "ua_types_generated.h" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this really needed here?
Sometimes CLion adds includes even if the are not needed here...
plugins/ua_config_standard.h
Outdated
@@ -12,6 +12,7 @@ extern "C" { | |||
#include "ua_server_config.h" | |||
#include "ua_client.h" | |||
#include "ua_client_highlevel.h" | |||
#include "ua_types.h" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this needed? Try to move it into .c file where it is needed or the specific header file
@@ -5,12 +5,14 @@ | |||
#include "ua_securechannel_manager.h" | |||
#include "ua_session.h" | |||
#include "ua_server_internal.h" | |||
#include "ua_transport_generated_handling.h" | |||
#include "ua_types_generated_handling.h" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same here, check if the additional includes are really needed.
src/server/ua_server_discovery.c
Outdated
@@ -5,6 +5,8 @@ | |||
#include "ua_server_internal.h" | |||
#include "ua_client.h" | |||
#include "ua_config_standard.h" | |||
#include "ua_types_generated.h" | |||
#include "ua_types_generated_handling.h" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same here... Porbably not needed, because the .c file did not change, so it should not require new includes?
@@ -5,6 +5,7 @@ | |||
#include "ua_server_internal.h" | |||
#include "ua_services.h" | |||
#include "ua_mdns_internal.h" | |||
#include "ua_connection_internal.h" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Check include
@@ -4,6 +4,8 @@ | |||
|
|||
#include "ua_server_internal.h" | |||
#include "ua_services.h" | |||
#include "ua_types_generated.h" | |||
#include "ua_types_generated_handling.h" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Check include
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These includes are needed afaik but can be omitted, since they are included in the other header files, that are included here. I can remove them.
…d error. This may need some further investigation
plugins/ua_config_standard.c
Outdated
@@ -9,6 +9,7 @@ | |||
#include "ua_securitypolicy_none.h" | |||
#include "ua_types.h" | |||
#include "ua_types_generated_handling.h" | |||
#include "ua_client_highlevel.h" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
CLion's fault? The config should not include client stuff.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No. This struct is only defined in the client file and is used in line 305 in the default config, since it supplies config for both server and client.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@jpfr Should we put the UA_SubscriptionSettings
struct into another more fitting header? E.g. ua_server_config.h
to avoid including client functionality here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Keep in mind, that the client config struct is needed as well. This is included through that header as well (although transitively)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm, right... 👍
Since the include is now in the source file it shouldn't have that much impact on compilation and Co. So IMHO we can leave it like this for now
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Though it might be worth a thought to split the default client and default server config into two separate files.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍 I would prefer that
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Separate PR or this one? I'd really prefer if this one is merged soon, since the conflicts are getting out of hand.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd create a new PR based on master for the separate configs and also integrate it in this PR.
IMHO this PR can then be merged, but let's wait for @jpfr
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, you're right. I'd forgotten that the config stuff is on master already.
Finally the CI tests run through again. @Infinity95 can you think of a few unit test which you could write? If yes, you could create them in a new PR |
Sure. Although I'd first like to change the certificate handling, since that is still somewhat ugly and non useful. I think i already mentioned this, but the certificates would get their own CertificateManager plugin, where certificates are stored and can be validated. |
Is there any further input needed from me before this can be merged? |
@Infinity95 if you have time, you could create the PR for the separate configurations to master. Because I think that we first need to merge that, and than we can finally merge this veeeeery nice PR |
You mean splitting the config into client and server part? |
Yes, that shouldn't be that much of a change but makes the code more understandable. |
@Infinity95 Can you hold your horses for a little bit? |
I finally found the bug i mentioned in this comment. Should i wait pushing the fix to this branch? (It's already pushed to my other branch: mlgiraud@32e280c) |
Merged via #1187 |
This PR implements a plugin architecture to support encryption with different security policies as plugins.
The architecture is mainly finished. Mainly error handling is still incomplete and im working on that.
Some encryption stuff still needs some work since im not quite sure about what the standard specifies.
I'm not quite done working on this, but thought it might be useful to already create a PR so others can see the current status. Also errors might get noticed earlier this way.