1 //******************************************************************
3 // Copyright 2015 Intel Mobile Communications GmbH All Rights Reserved.
5 //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
7 // Licensed under the Apache License, Version 2.0 (the "License");
8 // you may not use this file except in compliance with the License.
9 // You may obtain a copy of the License at
11 // http://www.apache.org/licenses/LICENSE-2.0
13 // Unless required by applicable law or agreed to in writing, software
14 // distributed under the License is distributed on an "AS IS" BASIS,
15 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 // See the License for the specific language governing permissions and
17 // limitations under the License.
19 //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
25 #include "oic_malloc.h"
26 #include "oic_string.h"
29 #include "resourcemanager.h"
30 #include "aclresource.h"
31 #include "psinterface.h"
33 #include "srmresourcestrings.h"
34 #include "doxmresource.h"
35 #include "srmutility.h"
36 #include "ocserverrequest.h"
46 OicSecAcl_t *gAcl = NULL;
47 static OCResourceHandle gAclHandle = NULL;
50 * This function frees OicSecAcl_t object's fields and object itself.
52 static void FreeACE(OicSecAcl_t *ace)
57 OC_LOG (INFO, TAG, "Invalid Parameter");
62 for (i = 0; i < ace->resourcesLen; i++)
64 OICFree(ace->resources[i]);
66 OICFree(ace->resources);
68 //Clean Period & Recurrence
69 for(i = 0; i < ace->prdRecrLen; i++)
71 OICFree(ace->periods[i]);
72 OICFree(ace->recurrences[i]);
74 OICFree(ace->periods);
75 OICFree(ace->recurrences);
80 // Clean ACL node itself
84 void DeleteACLList(OicSecAcl_t* acl)
88 OicSecAcl_t *aclTmp1 = NULL;
89 OicSecAcl_t *aclTmp2 = NULL;
90 LL_FOREACH_SAFE(acl, aclTmp1, aclTmp2)
92 LL_DELETE(acl, aclTmp1);
99 * This internal method converts ACL data into JSON format.
101 * Note: Caller needs to invoke 'free' when finished done using
104 char * BinToAclJSON(const OicSecAcl_t * acl)
106 cJSON *jsonRoot = NULL;
107 char *jsonStr = NULL;
111 jsonRoot = cJSON_CreateObject();
112 VERIFY_NON_NULL(TAG, jsonRoot, ERROR);
114 cJSON *jsonAclArray = NULL;
115 cJSON_AddItemToObject (jsonRoot, OIC_JSON_ACL_NAME, jsonAclArray = cJSON_CreateArray());
116 VERIFY_NON_NULL(TAG, jsonAclArray, ERROR);
120 char base64Buff[B64ENCODE_OUT_SAFESIZE(sizeof(((OicUuid_t*)0)->id)) + 1] = {};
123 B64Result b64Ret = B64_OK;
125 cJSON *jsonAcl = cJSON_CreateObject();
127 // Subject -- Mandatory
129 if (memcmp(&(acl->subject), &WILDCARD_SUBJECT_ID, sizeof(OicUuid_t)) == 0)
131 inLen = WILDCARD_SUBJECT_ID_LEN;
135 inLen = sizeof(OicUuid_t);
137 b64Ret = b64Encode(acl->subject.id, inLen, base64Buff,
138 sizeof(base64Buff), &outLen);
139 VERIFY_SUCCESS(TAG, b64Ret == B64_OK, ERROR);
140 cJSON_AddStringToObject(jsonAcl, OIC_JSON_SUBJECT_NAME, base64Buff );
142 // Resources -- Mandatory
143 cJSON *jsonRsrcArray = NULL;
144 cJSON_AddItemToObject (jsonAcl, OIC_JSON_RESOURCES_NAME, jsonRsrcArray = cJSON_CreateArray());
145 VERIFY_NON_NULL(TAG, jsonRsrcArray, ERROR);
146 for (size_t i = 0; i < acl->resourcesLen; i++)
148 cJSON_AddItemToArray (jsonRsrcArray, cJSON_CreateString(acl->resources[i]));
151 // Permissions -- Mandatory
152 cJSON_AddNumberToObject (jsonAcl, OIC_JSON_PERMISSION_NAME, acl->permission);
154 //Period & Recurrence -- Not Mandatory
155 if(0 != acl->prdRecrLen)
157 cJSON *jsonPeriodArray = NULL;
158 cJSON_AddItemToObject (jsonAcl, OIC_JSON_PERIODS_NAME,
159 jsonPeriodArray = cJSON_CreateArray());
160 VERIFY_NON_NULL(TAG, jsonPeriodArray, ERROR);
161 for (size_t i = 0; i < acl->prdRecrLen; i++)
163 cJSON_AddItemToArray (jsonPeriodArray,
164 cJSON_CreateString(acl->periods[i]));
168 //Recurrence -- Not Mandatory
169 if(0 != acl->prdRecrLen && acl->recurrences)
171 cJSON *jsonRecurArray = NULL;
172 cJSON_AddItemToObject (jsonAcl, OIC_JSON_RECURRENCES_NAME,
173 jsonRecurArray = cJSON_CreateArray());
174 VERIFY_NON_NULL(TAG, jsonRecurArray, ERROR);
175 for (size_t i = 0; i < acl->prdRecrLen; i++)
177 cJSON_AddItemToArray (jsonRecurArray,
178 cJSON_CreateString(acl->recurrences[i]));
182 // Owners -- Mandatory
183 cJSON *jsonOwnrArray = NULL;
184 cJSON_AddItemToObject (jsonAcl, OIC_JSON_OWNERS_NAME, jsonOwnrArray = cJSON_CreateArray());
185 VERIFY_NON_NULL(TAG, jsonOwnrArray, ERROR);
186 for (size_t i = 0; i < acl->ownersLen; i++)
190 b64Ret = b64Encode(acl->owners[i].id, sizeof(((OicUuid_t*)0)->id), base64Buff,
191 sizeof(base64Buff), &outLen);
192 VERIFY_SUCCESS(TAG, b64Ret == B64_OK, ERROR);
194 cJSON_AddItemToArray (jsonOwnrArray, cJSON_CreateString(base64Buff));
197 // Attach current acl node to Acl Array
198 cJSON_AddItemToArray(jsonAclArray, jsonAcl);
202 jsonStr = cJSON_PrintUnformatted(jsonRoot);
208 cJSON_Delete(jsonRoot);
214 * This internal method converts JSON ACL into binary ACL.
216 OicSecAcl_t * JSONToAclBin(const char * jsonStr)
218 OCStackResult ret = OC_STACK_ERROR;
219 OicSecAcl_t * headAcl = NULL;
220 OicSecAcl_t * prevAcl = NULL;
221 cJSON *jsonRoot = NULL;
222 cJSON *jsonAclArray = NULL;
224 VERIFY_NON_NULL(TAG, jsonStr, ERROR);
226 jsonRoot = cJSON_Parse(jsonStr);
227 VERIFY_NON_NULL(TAG, jsonRoot, ERROR);
229 jsonAclArray = cJSON_GetObjectItem(jsonRoot, OIC_JSON_ACL_NAME);
230 VERIFY_NON_NULL(TAG, jsonAclArray, ERROR);
232 if (cJSON_Array == jsonAclArray->type)
234 int numAcl = cJSON_GetArraySize(jsonAclArray);
237 VERIFY_SUCCESS(TAG, numAcl > 0, INFO);
240 cJSON *jsonAcl = cJSON_GetArrayItem(jsonAclArray, idx);
241 VERIFY_NON_NULL(TAG, jsonAcl, ERROR);
243 OicSecAcl_t *acl = (OicSecAcl_t*)OICCalloc(1, sizeof(OicSecAcl_t));
244 VERIFY_NON_NULL(TAG, acl, ERROR);
246 headAcl = (headAcl) ? headAcl : acl;
252 size_t jsonObjLen = 0;
253 cJSON *jsonObj = NULL;
255 unsigned char base64Buff[sizeof(((OicUuid_t*)0)->id)] = {};
257 B64Result b64Ret = B64_OK;
259 // Subject -- Mandatory
260 jsonObj = cJSON_GetObjectItem(jsonAcl, OIC_JSON_SUBJECT_NAME);
261 VERIFY_NON_NULL(TAG, jsonObj, ERROR);
262 VERIFY_SUCCESS(TAG, cJSON_String == jsonObj->type, ERROR);
264 b64Ret = b64Decode(jsonObj->valuestring, strlen(jsonObj->valuestring), base64Buff,
265 sizeof(base64Buff), &outLen);
266 VERIFY_SUCCESS(TAG, (b64Ret == B64_OK && outLen <= sizeof(acl->subject.id)), ERROR);
267 memcpy(acl->subject.id, base64Buff, outLen);
269 // Resources -- Mandatory
270 jsonObj = cJSON_GetObjectItem(jsonAcl, OIC_JSON_RESOURCES_NAME);
271 VERIFY_NON_NULL(TAG, jsonObj, ERROR);
272 VERIFY_SUCCESS(TAG, cJSON_Array == jsonObj->type, ERROR);
274 acl->resourcesLen = cJSON_GetArraySize(jsonObj);
275 VERIFY_SUCCESS(TAG, acl->resourcesLen > 0, ERROR);
276 acl->resources = (char**)OICCalloc(acl->resourcesLen, sizeof(char*));
277 VERIFY_NON_NULL(TAG, (acl->resources), ERROR);
282 cJSON *jsonRsrc = cJSON_GetArrayItem(jsonObj, idxx);
283 VERIFY_NON_NULL(TAG, jsonRsrc, ERROR);
285 jsonObjLen = strlen(jsonRsrc->valuestring) + 1;
286 acl->resources[idxx] = (char*)OICMalloc(jsonObjLen);
287 VERIFY_NON_NULL(TAG, (acl->resources[idxx]), ERROR);
288 OICStrcpy(acl->resources[idxx], jsonObjLen, jsonRsrc->valuestring);
289 } while ( ++idxx < acl->resourcesLen);
291 // Permissions -- Mandatory
292 jsonObj = cJSON_GetObjectItem(jsonAcl,
293 OIC_JSON_PERMISSION_NAME);
294 VERIFY_NON_NULL(TAG, jsonObj, ERROR);
295 VERIFY_SUCCESS(TAG, cJSON_Number == jsonObj->type, ERROR);
296 acl->permission = jsonObj->valueint;
298 //Period -- Not Mandatory
299 cJSON *jsonPeriodObj = cJSON_GetObjectItem(jsonAcl,
300 OIC_JSON_PERIODS_NAME);
303 VERIFY_SUCCESS(TAG, cJSON_Array == jsonPeriodObj->type,
305 acl->prdRecrLen = cJSON_GetArraySize(jsonPeriodObj);
306 if(acl->prdRecrLen > 0)
308 acl->periods = (char**)OICCalloc(acl->prdRecrLen,
310 VERIFY_NON_NULL(TAG, acl->periods, ERROR);
312 cJSON *jsonPeriod = NULL;
313 for(size_t i = 0; i < acl->prdRecrLen; i++)
315 jsonPeriod = cJSON_GetArrayItem(jsonPeriodObj, i);
316 VERIFY_NON_NULL(TAG, jsonPeriod, ERROR);
318 jsonObjLen = strlen(jsonPeriod->valuestring) + 1;
319 acl->periods[i] = (char*)OICMalloc(jsonObjLen);
320 VERIFY_NON_NULL(TAG, acl->periods[i], ERROR);
321 OICStrcpy(acl->periods[i], jsonObjLen,
322 jsonPeriod->valuestring);
327 //Recurrence -- Not mandatory
328 cJSON *jsonRecurObj = cJSON_GetObjectItem(jsonAcl,
329 OIC_JSON_RECURRENCES_NAME);
332 VERIFY_SUCCESS(TAG, cJSON_Array == jsonRecurObj->type,
334 if(acl->prdRecrLen > 0)
336 acl->recurrences = (char**)OICCalloc(acl->prdRecrLen,
338 VERIFY_NON_NULL(TAG, acl->recurrences, ERROR);
340 cJSON *jsonRecur = NULL;
341 for(size_t i = 0; i < acl->prdRecrLen; i++)
343 jsonRecur = cJSON_GetArrayItem(jsonRecurObj, i);
344 jsonObjLen = strlen(jsonRecur->valuestring) + 1;
345 acl->recurrences[i] = (char*)OICMalloc(jsonObjLen);
346 VERIFY_NON_NULL(TAG, acl->recurrences[i], ERROR);
347 OICStrcpy(acl->recurrences[i], jsonObjLen,
348 jsonRecur->valuestring);
353 // Owners -- Mandatory
354 jsonObj = cJSON_GetObjectItem(jsonAcl, OIC_JSON_OWNERS_NAME);
355 VERIFY_NON_NULL(TAG, jsonObj, ERROR);
356 VERIFY_SUCCESS(TAG, cJSON_Array == jsonObj->type, ERROR);
358 acl->ownersLen = cJSON_GetArraySize(jsonObj);
359 VERIFY_SUCCESS(TAG, acl->ownersLen > 0, ERROR);
360 acl->owners = (OicUuid_t*)OICCalloc(acl->ownersLen, sizeof(OicUuid_t));
361 VERIFY_NON_NULL(TAG, (acl->owners), ERROR);
366 cJSON *jsonOwnr = cJSON_GetArrayItem(jsonObj, idxx);
367 VERIFY_NON_NULL(TAG, jsonOwnr, ERROR);
368 VERIFY_SUCCESS(TAG, cJSON_String == jsonOwnr->type, ERROR);
371 b64Ret = b64Decode(jsonOwnr->valuestring, strlen(jsonOwnr->valuestring), base64Buff,
372 sizeof(base64Buff), &outLen);
374 VERIFY_SUCCESS(TAG, (b64Ret == B64_OK && outLen <= sizeof(acl->owners[idxx].id)),
376 memcpy(acl->owners[idxx].id, base64Buff, outLen);
377 } while ( ++idxx < acl->ownersLen);
380 } while( ++idx < numAcl);
386 cJSON_Delete(jsonRoot);
387 if (OC_STACK_OK != ret)
389 DeleteACLList(headAcl);
395 static bool UpdatePersistentStorage(const OicSecAcl_t *acl)
397 // Convert ACL data into JSON for update to persistent storage
398 char *jsonStr = BinToAclJSON(acl);
401 cJSON *jsonAcl = cJSON_Parse(jsonStr);
404 if ((jsonAcl) && (OC_STACK_OK == UpdateSVRDatabase(OIC_JSON_ACL_NAME, jsonAcl)))
408 cJSON_Delete(jsonAcl);
413 * This method removes ACE for the subject and resource from the ACL
415 * @param subject - subject of the ACE
416 * @param resource - resource of the ACE
419 * OC_STACK_RESOURCE_DELETED on success
420 * OC_STACK_NO_RESOURC on failure to find the appropriate ACE
421 * OC_STACK_INVALID_PARAM on invalid parameter
423 static OCStackResult RemoveACE(const OicUuid_t * subject,
424 const char * resource)
426 OC_LOG(INFO, TAG, "IN RemoveACE");
428 OicSecAcl_t *acl = NULL;
429 OicSecAcl_t *tempAcl = NULL;
430 bool deleteFlag = false;
431 OCStackResult ret = OC_STACK_NO_RESOURCE;
433 if(memcmp(subject->id, &WILDCARD_SUBJECT_ID, sizeof(subject->id)) == 0)
435 OC_LOG_V (INFO, TAG, "%s received invalid parameter", __func__ );
436 return OC_STACK_INVALID_PARAM;
439 //If resource is NULL then delete all the ACE for the subject.
440 if(NULL == resource || resource[0] == '\0')
442 LL_FOREACH_SAFE(gAcl, acl, tempAcl)
444 if(memcmp(acl->subject.id, subject->id, sizeof(subject->id)) == 0)
446 LL_DELETE(gAcl, acl);
454 //Looping through ACL to find the right ACE to delete. If the required resource is the only
455 //resource in the ACE for the subject then delete the whole ACE. If there are more resources
456 //than the required resource in the ACE, for the subject then just delete the resource from
458 LL_FOREACH_SAFE(gAcl, acl, tempAcl)
460 if(memcmp(acl->subject.id, subject->id, sizeof(subject->id)) == 0)
462 if(1 == acl->resourcesLen && strcmp(acl->resources[0], resource) == 0)
464 LL_DELETE(gAcl, acl);
473 for(i = 0; i < acl->resourcesLen; i++)
475 if(strcmp(acl->resources[i], resource) == 0)
483 OICFree(acl->resources[resPos]);
484 acl->resources[resPos] = NULL;
485 acl->resourcesLen -= 1;
486 for(i = resPos; i < acl->resourcesLen; i++)
488 acl->resources[i] = acl->resources[i+1];
500 if(UpdatePersistentStorage(gAcl))
502 ret = OC_STACK_RESOURCE_DELETED;
509 * This method parses the query string received for REST requests and
510 * retrieves the 'subject' field.
512 * @param query querystring passed in REST request
513 * @param subject subject UUID parsed from query string
515 * @return true if query parsed successfully and found 'subject', else false.
517 static bool GetSubjectFromQueryString(const char *query, OicUuid_t *subject)
519 OicParseQueryIter_t parseIter = {.attrPos=NULL};
521 ParseQueryIterInit((unsigned char *)query, &parseIter);
523 while(GetNextQuery(&parseIter))
525 if(strncasecmp((char *)parseIter.attrPos, OIC_JSON_SUBJECT_NAME, parseIter.attrLen) == 0)
527 VERIFY_SUCCESS(TAG, 0 != parseIter.valLen, ERROR);
528 unsigned char base64Buff[sizeof(((OicUuid_t*)0)->id)] = {};
530 B64Result b64Ret = B64_OK;
531 b64Ret = b64Decode((char *)parseIter.valPos, parseIter.valLen, base64Buff,
532 sizeof(base64Buff), &outLen);
533 VERIFY_SUCCESS(TAG, (B64_OK == b64Ret && outLen <= sizeof(subject->id)), ERROR);
534 memcpy(subject->id, base64Buff, outLen);
545 * This method parses the query string received for REST requests and
546 * retrieves the 'resource' field.
548 * @param query querystring passed in REST request
549 * @param resource resource parsed from query string
550 * @param resourceSize size of the memory pointed to resource
552 * @return true if query parsed successfully and found 'resource', else false.
554 static bool GetResourceFromQueryString(const char *query, char *resource, size_t resourceSize)
556 OicParseQueryIter_t parseIter = {.attrPos=NULL};
558 ParseQueryIterInit((unsigned char *)query, &parseIter);
560 while(GetNextQuery(&parseIter))
562 if(strncasecmp((char *)parseIter.attrPos, OIC_JSON_RESOURCES_NAME, parseIter.attrLen) == 0)
564 VERIFY_SUCCESS(TAG, 0 != parseIter.valLen, ERROR);
565 OICStrcpy(resource, resourceSize, (char *)parseIter.valPos);
577 static OCEntityHandlerResult HandleACLGetRequest (const OCEntityHandlerRequest * ehRequest)
579 OCEntityHandlerResult ehRet = OC_EH_ERROR;
580 char* jsonStr = NULL;
582 // Process the REST querystring parameters
585 OC_LOG (INFO, TAG, "HandleACLGetRequest processing query");
587 OicUuid_t subject = {.id={0}};
588 char resource[MAX_URI_LENGTH] = {0};
590 OicSecAcl_t *savePtr = NULL;
591 const OicSecAcl_t *currentAce = NULL;
593 // 'Subject' field is MUST for processing a querystring in REST request.
595 true == GetSubjectFromQueryString(ehRequest->query, &subject),
598 GetResourceFromQueryString(ehRequest->query, resource, sizeof(resource));
601 * TODO : Currently, this code only provides one ACE for a Subject.
602 * Below code needs to be updated for scenarios when Subject have
603 * multiple ACE's in ACL resource.
605 while((currentAce = GetACLResourceData(&subject, &savePtr)))
608 * If REST querystring contains a specific resource, we need
609 * to search for that resource in ACE.
611 if (resource[0] != '\0')
613 for(size_t n = 0; n < currentAce->resourcesLen; n++)
615 if((currentAce->resources[n]) &&
616 (0 == strcmp(resource, currentAce->resources[n]) ||
617 0 == strcmp(WILDCARD_RESOURCE_URI, currentAce->resources[n])))
619 // Convert ACL data into JSON for transmission
620 jsonStr = BinToAclJSON(currentAce);
627 // Convert ACL data into JSON for transmission
628 jsonStr = BinToAclJSON(currentAce);
635 // Convert ACL data into JSON for transmission
636 jsonStr = BinToAclJSON(gAcl);
640 ehRet = (jsonStr ? OC_EH_OK : OC_EH_ERROR);
642 // Send response payload to request originator
643 SendSRMResponse(ehRequest, ehRet, jsonStr);
647 OC_LOG_V (INFO, TAG, "%s RetVal %d", __func__ , ehRet);
651 static OCEntityHandlerResult HandleACLPostRequest (const OCEntityHandlerRequest * ehRequest)
653 OCEntityHandlerResult ehRet = OC_EH_ERROR;
655 // Convert JSON ACL data into binary. This will also validate the ACL data received.
656 OicSecAcl_t* newAcl = JSONToAclBin(((OCSecurityPayload*)ehRequest->payload)->securityData);
660 // Append the new ACL to existing ACL
661 LL_APPEND(gAcl, newAcl);
663 if(UpdatePersistentStorage(gAcl))
665 ehRet = OC_EH_RESOURCE_CREATED;
669 // Send payload to request originator
670 SendSRMResponse(ehRequest, ehRet, NULL);
672 OC_LOG_V (INFO, TAG, "%s RetVal %d", __func__ , ehRet);
676 static OCEntityHandlerResult HandleACLDeleteRequest(const OCEntityHandlerRequest *ehRequest)
678 OC_LOG (INFO, TAG, "Processing ACLDeleteRequest");
679 OCEntityHandlerResult ehRet = OC_EH_ERROR;
680 OicUuid_t subject = {.id={0}};
681 char resource[MAX_URI_LENGTH] = {0};
683 VERIFY_NON_NULL(TAG, ehRequest->query, ERROR);
685 // 'Subject' field is MUST for processing a querystring in REST request.
687 true == GetSubjectFromQueryString(ehRequest->query, &subject),
690 GetResourceFromQueryString(ehRequest->query, resource, sizeof(resource));
692 if(OC_STACK_RESOURCE_DELETED == RemoveACE(&subject, resource))
694 ehRet = OC_EH_RESOURCE_DELETED;
698 // Send payload to request originator
699 SendSRMResponse(ehRequest, ehRet, NULL);
705 * This internal method is the entity handler for ACL resources and
706 * will handle REST request (GET/PUT/POST/DEL) for them.
708 OCEntityHandlerResult ACLEntityHandler (OCEntityHandlerFlag flag,
709 OCEntityHandlerRequest * ehRequest,
710 void* callbackParameter)
712 OC_LOG(INFO, TAG, "Received request ACLEntityHandler");
713 (void)callbackParameter;
714 OCEntityHandlerResult ehRet = OC_EH_ERROR;
721 if (flag & OC_REQUEST_FLAG)
723 // TODO : Handle PUT method
724 OC_LOG (INFO, TAG, "Flag includes OC_REQUEST_FLAG");
725 switch (ehRequest->method)
728 ehRet = HandleACLGetRequest(ehRequest);
732 ehRet = HandleACLPostRequest(ehRequest);
736 ehRet = HandleACLDeleteRequest(ehRequest);
741 SendSRMResponse(ehRequest, ehRet, NULL);
749 * This internal method is used to create '/oic/sec/acl' resource.
751 OCStackResult CreateACLResource()
755 ret = OCCreateResource(&gAclHandle,
756 OIC_RSRC_TYPE_SEC_ACL,
761 OC_OBSERVABLE | OC_SECURE | OC_EXPLICIT_DISCOVERABLE);
763 if (OC_STACK_OK != ret)
765 OC_LOG (FATAL, TAG, "Unable to instantiate ACL resource");
772 * This internal method is to retrieve the default ACL.
773 * If SVR database in persistent storage got corrupted or
774 * is not available for some reason, a default ACL is created
775 * which allows user to initiate ACL provisioning again.
777 OCStackResult GetDefaultACL(OicSecAcl_t** defaultAcl)
779 OCStackResult ret = OC_STACK_ERROR;
781 OicUuid_t ownerId = {.id = {0}};
784 * TODO In future, when new virtual resources will be added in OIC
785 * specification, Iotivity stack should be able to add them in
786 * existing SVR database. To support this, we need to add 'versioning'
787 * mechanism in SVR database.
790 const char *rsrcs[] = {
791 OC_RSRVD_WELL_KNOWN_URI,
793 OC_RSRVD_PLATFORM_URI,
794 OC_RSRVD_RESOURCE_TYPES_URI,
796 OC_RSRVD_PRESENCE_URI,
797 #endif //WITH_PRESENCE
805 return OC_STACK_INVALID_PARAM;
808 OicSecAcl_t *acl = (OicSecAcl_t *)OICCalloc(1, sizeof(OicSecAcl_t));
809 VERIFY_NON_NULL(TAG, acl, ERROR);
811 // Subject -- Mandatory
812 memcpy(&(acl->subject), &WILDCARD_SUBJECT_ID, sizeof(acl->subject));
814 // Resources -- Mandatory
815 acl->resourcesLen = sizeof(rsrcs)/sizeof(rsrcs[0]);
817 acl->resources = (char**)OICCalloc(acl->resourcesLen, sizeof(char*));
818 VERIFY_NON_NULL(TAG, (acl->resources), ERROR);
820 for (size_t i = 0; i < acl->resourcesLen; i++)
822 size_t len = strlen(rsrcs[i]) + 1;
823 acl->resources[i] = (char*)OICMalloc(len * sizeof(char));
824 VERIFY_NON_NULL(TAG, (acl->resources[i]), ERROR);
825 OICStrcpy(acl->resources[i], len, rsrcs[i]);
828 acl->permission = PERMISSION_READ;
831 acl->recurrences = NULL;
833 // Device ID is the owner of this default ACL
834 ret = GetDoxmDeviceID( &ownerId);
835 VERIFY_SUCCESS(TAG, OC_STACK_OK == ret, FATAL);
838 acl->owners = (OicUuid_t*)OICMalloc(sizeof(OicUuid_t));
839 VERIFY_NON_NULL(TAG, (acl->owners), ERROR);
840 memcpy(acl->owners, &ownerId, sizeof(OicUuid_t));
849 if (ret != OC_STACK_OK)
859 * Initialize ACL resource by loading data from persistent storage.
861 * @retval OC_STACK_OK for Success, otherwise some error value
863 OCStackResult InitACLResource()
865 OCStackResult ret = OC_STACK_ERROR;
867 // Read ACL resource from PS
868 char* jsonSVRDatabase = GetSVRDatabase();
872 // Convert JSON ACL into binary format
873 gAcl = JSONToAclBin(jsonSVRDatabase);
874 OICFree(jsonSVRDatabase);
877 * If SVR database in persistent storage got corrupted or
878 * is not available for some reason, a default ACL is created
879 * which allows user to initiate ACL provisioning again.
881 if (!jsonSVRDatabase || !gAcl)
883 GetDefaultACL(&gAcl);
884 // TODO Needs to update persistent storage
886 VERIFY_NON_NULL(TAG, gAcl, FATAL);
888 // Instantiate 'oic.sec.acl'
889 ret = CreateACLResource();
892 if (OC_STACK_OK != ret)
900 * Perform cleanup for ACL resources.
904 void DeInitACLResource()
906 OCDeleteResource(gAclHandle);
914 * This method is used by PolicyEngine to retrieve ACL for a Subject.
916 * @param subjectId ID of the subject for which ACL is required.
917 * @param savePtr is used internally by @ref GetACLResourceData to maintain index between
918 * successive calls for same subjectId.
920 * @retval reference to @ref OicSecAcl_t if ACL is found, else NULL
922 * @note On the first call to @ref GetACLResourceData, savePtr should point to NULL
924 const OicSecAcl_t* GetACLResourceData(const OicUuid_t* subjectId, OicSecAcl_t **savePtr)
926 OicSecAcl_t *acl = NULL;
927 OicSecAcl_t *begin = NULL;
929 if ( NULL == subjectId)
935 * savePtr MUST point to NULL if this is the 'first' call to retrieve ACL for
938 if (NULL == *savePtr)
945 * If this is a 'successive' call, search for location pointed by
946 * savePtr and assign 'begin' to the next ACL after it in the linked
947 * list and start searching from there.
949 LL_FOREACH(gAcl, acl)
958 // Find the next ACL corresponding to the 'subjectID' and return it.
959 LL_FOREACH(begin, acl)
961 if (memcmp(&(acl->subject), subjectId, sizeof(OicUuid_t)) == 0)
968 // Cleanup in case no ACL is found
projects / platform / upstream / iotivity.git / blob