#include "security_internals.h"
-#define TAG "SRM-ACL"
-#define NUMBER_OF_SEC_PROV_RSCS 4
+#define TAG "OIC_SRM_ACL"
+#define NUMBER_OF_SEC_PROV_RSCS 3
#define NUMBER_OF_DEFAULT_SEC_RSCS 2
#define STRING_UUID_SIZE (UUID_LENGTH * 2 + 5)
validity = NULL;
}
+#ifdef MULTIPLE_OWNER
+ OICFree(ace->eownerID);
+#endif
+
//Clean ACE
OICFree(ace);
ace = NULL;
}
}
+#ifdef MULTIPLE_OWNER
+ if (ace->eownerID)
+ {
+ if (NULL == newAce->eownerID)
+ {
+ newAce->eownerID = (OicUuid_t*)OICCalloc(1, sizeof(OicUuid_t));
+ VERIFY_NON_NULL(TAG, (newAce->eownerID), ERROR);
+ }
+ memcpy(newAce->eownerID->id, ace->eownerID->id, sizeof(ace->eownerID->id));
+ }
+#endif
+
newAce->next = NULL;
}
{
aclMapSize++;
}
+ validityElts = validityElts->next;
}
-#ifdef _ENABLE_MULTIPLE_OWNER_
+#ifdef MULTIPLE_OWNER
if(ace->eownerID)
{
aclMapSize++;
}
-#endif //_ENABLE_MULTIPLE_OWNER_
+#endif //MULTIPLE_OWNER
cborEncoderResult = cbor_encoder_create_map(&acesArray, &oicSecAclMap, aclMapSize);
VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Creating ACES Map");
VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Validities Array.");
}
-#ifdef _ENABLE_MULTIPLE_OWNER_
+#ifdef MULTIPLE_OWNER
// Eownerid -- Not Mandatory
if(ace->eownerID)
{
OICFree(eowner);
VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding eownerId Value.");
}
-#endif //_ENABLE_MULTIPLE_OWNER_
+#endif //MULTIPLE_OWNER
cborEncoderResult = cbor_encoder_close_container(&acesArray, &oicSecAclMap);
VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing ACES Map.");
if (CborNoError == cborEncoderResult)
{
OIC_LOG(DEBUG, TAG, "AclToCBORPayload Successed");
- *size = encoder.ptr - outPayload;
+ *size = cbor_encoder_get_buffer_size(&encoder, outPayload);
*payload = outPayload;
ret = OC_STACK_OK;
}
// reallocate and try again!
OICFree(outPayload);
// Since the allocated initial memory failed, double the memory.
- cborLen += encoder.ptr - encoder.end;
+ cborLen += cbor_encoder_get_buffer_size(&encoder, encoder.end);
cborEncoderResult = CborNoError;
ret = AclToCBORPayload(secAcl, payload, &cborLen);
*size = cborLen;
cbor_parser_init(cborPayload, size, 0, &parser, &aclCbor);
OicSecAcl_t *acl = (OicSecAcl_t *) OICCalloc(1, sizeof(OicSecAcl_t));
+ VERIFY_NON_NULL(TAG, acl, ERROR);
// Enter ACL Map
CborValue aclMap = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
VERIFY_NON_NULL(TAG, ace, ERROR);
LL_APPEND(acl->aces, ace);
- VERIFY_NON_NULL(TAG, acl, ERROR);
-
while (cbor_value_is_valid(&aceMap))
{
char* name = NULL;
}
}
-#ifdef _ENABLE_MULTIPLE_OWNER_
+#ifdef MULTIPLE_OWNER
// eowner uuid -- Not Mandatory
if (strcmp(name, OIC_JSON_EOWNERID_NAME) == 0)
{
OICFree(eowner);
VERIFY_SUCCESS(TAG, OC_STACK_OK == ret , ERROR);
}
-#endif //_ENABLE_MULTIPLE_OWNER_
+#endif //MULTIPLE_OWNER
OICFree(name);
}
return acl;
}
-#ifdef _ENABLE_MULTIPLE_OWNER_
+#ifdef MULTIPLE_OWNER
bool IsValidAclAccessForSubOwner(const OicUuid_t* uuid, const uint8_t *cborPayload, const size_t size)
{
bool retValue = false;
return retValue;
}
-#endif //_ENABLE_MULTIPLE_OWNER_
+#endif //MULTIPLE_OWNER
/**
* This method removes ACE for the subject and resource from the ACL
{
OIC_LOG(DEBUG, TAG, "IN RemoveACE");
+ if (!gAcl)
+ {
+ OIC_LOG_V(ERROR, TAG, "%s: gAcl is NULL", __func__);
+ return OC_STACK_INVALID_PARAM;
+ }
+
OicSecAce_t *ace = NULL;
OicSecAce_t *tempAce = NULL;
bool deleteFlag = false;
return false;
}
+#ifdef MULTIPLE_OWNER
+static bool IsSameEowner(OicUuid_t* eowner1, OicUuid_t* eowner2)
+{
+ if (NULL != eowner1 && NULL != eowner2)
+ {
+ if (memcmp(eowner1->id, eowner2->id, sizeof(eowner1->id)) == 0)
+ {
+ return true;
+ }
+ }
+ else if (NULL == eowner1 && NULL == eowner2)
+ {
+ OIC_LOG(DEBUG, TAG, "Both eowner1 and eowner2 are NULL");
+ return true;
+ }
+
+ return false;
+}
+#endif
+
static bool IsSameACE(OicSecAce_t* ace1, OicSecAce_t* ace2)
{
if(ace1 && ace2)
return false;
}
+#ifdef MULTIPLE_OWNER
+ if(false == IsSameEowner(ace1->eownerID, ace2->eownerID))
+ {
+ return false;
+ }
+#endif
+
return true;
}
static OCEntityHandlerResult HandleACLGetRequest(const OCEntityHandlerRequest *ehRequest)
{
OIC_LOG(INFO, TAG, "HandleACLGetRequest processing the request");
+
uint8_t* payload = NULL;
size_t size = 0;
OCEntityHandlerResult ehRet;
const OicSecAce_t *currentAce = NULL;
OicSecAcl_t targetAcl;
- memcpy(&targetAcl.rownerID, &gAcl->rownerID, sizeof(OicUuid_t));
+ if (NULL != gAcl)
+ {
+ memcpy(&targetAcl.rownerID, &gAcl->rownerID, sizeof(OicUuid_t));
+ }
+ else
+ {
+ OIC_LOG_V(ERROR, TAG, "%s: gAcl is NULL", __func__);
+ goto exit;
+ }
+
targetAcl.aces = NULL;
// 'Subject' field is MUST for processing a querystring in REST request.
OIC_LOG_BUFFER(DEBUG, TAG, payload, size);
newAcl = CBORPayloadToAcl(payload, size);
- if (newAcl)
+ if (NULL != newAcl && NULL != gAcl)
{
bool isNewAce = true;
OicSecAce_t* existAce = NULL;
}
}
}
+ else
+ {
+ OIC_LOG_V(ERROR, TAG, "%s: %s", __func__, (NULL == newAcl) ? "no new ACL" : "gAcl is NULL");
+ }
}
//Send response to request originator
OicSecAce_t *ace = NULL;
OicSecAce_t *begin = NULL;
- if (NULL == subjectId)
+ if (NULL == subjectId || NULL == savePtr || NULL == gAcl)
{
return NULL;
}
}
}
-OCStackResult InstallNewACL2(const OicSecAcl_t* acl)
+OCStackResult AppendACL2(const OicSecAcl_t* acl)
{
OCStackResult ret = OC_STACK_ERROR;
+ OIC_LOG_V(DEBUG, TAG, "IN: %s", __func__);
+
if (!acl)
{
+ OIC_LOG_V(ERROR, TAG, "%s: acl is NULL", __func__);
+ return OC_STACK_INVALID_PARAM;
+ }
+
+ if (!gAcl)
+ {
+ OIC_LOG_V(ERROR, TAG, "%s: gAcl is NULL", __func__);
return OC_STACK_INVALID_PARAM;
}
OICFree(payload);
}
+ OIC_LOG_V(DEBUG, TAG, "OUT: %s", __func__);
+
return ret;
}
-OCStackResult InstallNewACL(const uint8_t *cborPayload, const size_t size)
+OCStackResult AppendACL(const uint8_t *cborPayload, const size_t size)
{
// Convert CBOR format to ACL data. This will also validate the ACL data received.
OicSecAcl_t* newAcl = CBORPayloadToAcl(cborPayload, size);
- return InstallNewACL2(newAcl);
+ return AppendACL2(newAcl);
+}
+
+OCStackResult InstallACL(const OicSecAcl_t* acl)
+{
+ OIC_LOG_V(DEBUG, TAG, "IN: %s", __func__);
+
+ OCStackResult ret = OC_STACK_ERROR;
+
+ if (!acl)
+ {
+ OIC_LOG_V(ERROR, TAG, "%s: acl is NULL", __func__);
+ return OC_STACK_INVALID_PARAM;
+ }
+
+ if (!gAcl)
+ {
+ OIC_LOG_V(ERROR, TAG, "%s: gAcl is NULL", __func__);
+ return OC_STACK_INVALID_PARAM;
+ }
+
+ bool isNewAce = true;
+ OicSecAce_t* existAce = NULL;
+ OicSecAce_t* newAce = NULL;
+ OicSecAce_t* tempAce1 = NULL;
+ OicSecAce_t* tempAce2 = NULL;
+ OicSecAcl_t* newInstallAcl = NULL;
+
+ LL_FOREACH_SAFE(acl->aces, newAce, tempAce1)
+ {
+ isNewAce = true;
+ LL_FOREACH_SAFE(gAcl->aces, existAce, tempAce2)
+ {
+ if(IsSameACE(newAce, existAce))
+ {
+ OIC_LOG(DEBUG, TAG, "Duplicated ACE dectected.");
+ ret = OC_STACK_DUPLICATE_REQUEST;
+ isNewAce = false;
+ }
+ }
+ if(isNewAce)
+ {
+ // Append new ACE to existing ACL
+ OIC_LOG(DEBUG, TAG, "NEW ACE dectected.");
+
+ OicSecAce_t* insertAce = DuplicateACE(newAce);
+ if(insertAce)
+ {
+ OIC_LOG(DEBUG, TAG, "Appending new ACE..");
+
+ if (!newInstallAcl)
+ {
+ newInstallAcl = (OicSecAcl_t *) OICCalloc(1, sizeof(OicSecAcl_t));
+ if (NULL == newInstallAcl)
+ {
+ OIC_LOG(ERROR, TAG, "Failed to acllocate ACL");
+ return OC_STACK_NO_MEMORY;
+ }
+ }
+ LL_PREPEND(newInstallAcl->aces, insertAce);
+ }
+ else
+ {
+ OIC_LOG(ERROR, TAG, "Failed to duplicate ACE");
+ DeleteACLList(newInstallAcl);
+ return OC_STACK_ERROR;
+ }
+ }
+ }
+
+ if (newInstallAcl)
+ {
+ ret = AppendACL2(newInstallAcl);
+ if (OC_STACK_OK != ret)
+ {
+ OIC_LOG(ERROR, TAG, "Failed to append ACL");
+ }
+ OICFree(newInstallAcl);
+ }
+
+ OIC_LOG_V(DEBUG, TAG, "OUT: %s", __func__);
+
+ return ret;
}
/**
strlen(OIC_RSRC_DOXM_URI) + 1) == 0 ||
strncmp(rsrc->href, OIC_RSRC_CRED_URI,
strlen(OIC_RSRC_CRED_URI) + 1) == 0 ||
- strncmp(rsrc->href, OIC_RSRC_ACL_URI,
- strlen(OIC_RSRC_ACL_URI) + 1) == 0 ||
strncmp(rsrc->href, OIC_RSRC_PSTAT_URI,
strlen(OIC_RSRC_PSTAT_URI) + 1) == 0)
{