Skip to main content

AccessControlPlugin

zerodds_security::access_control

Trait AccessControlPlugin 

Source 
pub trait AccessControlPlugin: Send + Sync {
    // Required methods
    fn validate_local_permissions(
        &mut self,
        local: IdentityHandle,
        participant_guid: [u8; 16],
        props: &PropertyList,
    ) -> SecurityResult<PermissionsHandle>;
    fn validate_remote_permissions(
        &mut self,
        local: IdentityHandle,
        remote: IdentityHandle,
        remote_permissions_token: &[u8],
        remote_credential: &[u8],
    ) -> SecurityResult<PermissionsHandle>;
    fn check_create_datawriter(
        &self,
        perms: PermissionsHandle,
        topic_name: &str,
    ) -> SecurityResult<AccessDecision>;
    fn check_create_datareader(
        &self,
        perms: PermissionsHandle,
        topic_name: &str,
    ) -> SecurityResult<AccessDecision>;
    fn check_remote_datawriter_match(
        &self,
        local_perms: PermissionsHandle,
        remote_perms: PermissionsHandle,
        topic_name: &str,
    ) -> SecurityResult<AccessDecision>;
    fn check_remote_datareader_match(
        &self,
        local_perms: PermissionsHandle,
        remote_perms: PermissionsHandle,
        topic_name: &str,
    ) -> SecurityResult<AccessDecision>;
    fn plugin_class_id(&self) -> &str;

    // Provided methods
    fn check_create_participant(
        &self,
        _local_perms: PermissionsHandle,
        _domain_id: u32,
    ) -> SecurityResult<AccessDecision> { ... }
    fn check_remote_participant(
        &self,
        _local_perms: PermissionsHandle,
        _remote_perms: PermissionsHandle,
        _domain_id: u32,
    ) -> SecurityResult<AccessDecision> { ... }
    fn check_create_topic(
        &self,
        _local_perms: PermissionsHandle,
        _topic_name: &str,
    ) -> SecurityResult<AccessDecision> { ... }
    fn get_permissions_token(
        &self,
        _local_perms: PermissionsHandle,
    ) -> SecurityResult<Vec<u8>> { ... }
    fn get_permissions_credential_token(
        &self,
        _local_perms: PermissionsHandle,
    ) -> SecurityResult<Vec<u8>> { ... }
}
Expand description

Access-Control-Plugin-Trait (Spec §8.4.2.9).

Required Methods§

Source

fn validate_local_permissions( &mut self, local: IdentityHandle, participant_guid: [u8; 16], props: &PropertyList, ) -> SecurityResult<PermissionsHandle>

Validiert lokale Permissions (Governance.xml + Permissions.xml

  • Signatur-Check gegen Permissions-CA).
§Spec §8.4.2.9.1
Source

fn validate_remote_permissions( &mut self, local: IdentityHandle, remote: IdentityHandle, remote_permissions_token: &[u8], remote_credential: &[u8], ) -> SecurityResult<PermissionsHandle>

Validiert Remote-Permissions aus dem SEDP-Handshake.

§Spec §8.4.2.9.2
Source

fn check_create_datawriter( &self, perms: PermissionsHandle, topic_name: &str, ) -> SecurityResult<AccessDecision>

Darf dieser Participant einen DataWriter auf diesem Topic erzeugen?

§Spec §8.4.2.9.4 check_create_datawriter.
Source

fn check_create_datareader( &self, perms: PermissionsHandle, topic_name: &str, ) -> SecurityResult<AccessDecision>

Darf dieser Participant einen DataReader auf diesem Topic erzeugen?

§Spec §8.4.2.9.5 check_create_datareader.
Source

fn check_remote_datawriter_match( &self, local_perms: PermissionsHandle, remote_perms: PermissionsHandle, topic_name: &str, ) -> SecurityResult<AccessDecision>

Darf der lokale Reader die Publication des Remote matchen?

§Spec §8.4.2.9.17 check_remote_datawriter_match.
Source

fn check_remote_datareader_match( &self, local_perms: PermissionsHandle, remote_perms: PermissionsHandle, topic_name: &str, ) -> SecurityResult<AccessDecision>

Spiegelbildlich: darf Remote-Reader unseren Writer matchen?

Source

fn plugin_class_id(&self) -> &str

Plugin-Class-Id (z.B. “DDS:Access:Permissions:1.2”) fuer SPDP- Annoncierung.

Provided Methods§

Source

fn check_create_participant( &self, _local_perms: PermissionsHandle, _domain_id: u32, ) -> SecurityResult<AccessDecision>

Spec §9.4.2.5: check_create_participant. Default: permit (kein Plugin-spezifisches Filtern).

§Errors

Implementations-spezifisch.

Source

fn check_remote_participant( &self, _local_perms: PermissionsHandle, _remote_perms: PermissionsHandle, _domain_id: u32, ) -> SecurityResult<AccessDecision>

Spec §9.4.2.6: check_remote_participant — darf Remote- Participant in unsere Domain joinen? Default: permit.

§Errors

Implementations-spezifisch.

Source

fn check_create_topic( &self, _local_perms: PermissionsHandle, _topic_name: &str, ) -> SecurityResult<AccessDecision>

Spec §9.4.2.10: check_create_topic — darf der lokale Subject ein Topic mit dem Namen erzeugen? Default: permit.

§Errors

Implementations-spezifisch.

Source

fn get_permissions_token( &self, _local_perms: PermissionsHandle, ) -> SecurityResult<Vec<u8>>

Spec §9.4.2.13: get_permissions_token — opaker Permissions-Token fuer SPDP-Annoncierung (PID_PERMISSIONS_TOKEN 0x1002). Default: leer.

§Errors

Implementations-spezifisch.

Source

fn get_permissions_credential_token( &self, _local_perms: PermissionsHandle, ) -> SecurityResult<Vec<u8>>

Spec §9.4.2.14: get_permissions_credential_token — opake Credential, die im Authentication-Plugin via set_permissions_credential_and_token weitergereicht wird. Default: leer.

§Errors

Implementations-spezifisch.

Implementors§