*/
static OCStackResult PutProvisioningStatus(OTMContext_t* otmCtx);
-/*
- * Function to finalize provisioning.
- * This function will send default ACL and commit hash.
- *
- * @param[in] otmCtx Context value of ownership transfer.
- * @return OC_STACK_OK on success
- */
-static OCStackResult FinalizeProvisioning(OTMContext_t* otmCtx);
-
-
static bool IsComplete(OTMContext_t* otmCtx)
{
for(size_t i = 0; i < otmCtx->ctxResultArraySize; i++)
VERIFY_NON_NULL(TAG, clientResponse, ERROR);
VERIFY_NON_NULL(TAG, ctx, ERROR);
- OTMContext_t* otmCtx = (OTMContext_t*)ctx;
- (void)UNUSED;
- if(OC_STACK_OK == clientResponse->result)
- {
- OCStackResult res = FinalizeProvisioning(otmCtx);
- if (OC_STACK_OK != res)
- {
- OIC_LOG_V(INFO, TAG, "Failed to finalize provisioning.");
- SetResult(otmCtx, res);
- return OC_STACK_DELETE_TRANSACTION;
- }
- }
-
-exit:
- OIC_LOG_V(INFO, TAG, "OUT ProvisioningStatusHandler.");
- return OC_STACK_DELETE_TRANSACTION;
-}
-
-/**
- * Callback handler of finalize provisioning.
- *
- * @param[in] ctx ctx value passed to callback from calling function.
- * @param[in] UNUSED handle to an invocation
- * @param[in] clientResponse Response from queries to remote servers.
- * @return OC_STACK_DELETE_TRANSACTION to delete the transaction
- * and OC_STACK_KEEP_TRANSACTION to keep it.
- */
-static OCStackApplicationResult FinalizeProvisioningCB(void *ctx, OCDoHandle UNUSED,
- OCClientResponse *clientResponse)
-{
- OIC_LOG_V(INFO, TAG, "IN ProvisionDefaultACLCB.");
-
- VERIFY_NON_NULL(TAG, clientResponse, ERROR);
- VERIFY_NON_NULL(TAG, ctx, ERROR);
-
OTMContext_t* otmCtx = (OTMContext_t*) ctx;
(void)UNUSED;
- if (OC_STACK_RESOURCE_CREATED == clientResponse->result)
+ if (OC_STACK_OK == clientResponse->result)
{
OCStackResult res = PDMAddDevice(&otmCtx->selectedDeviceInfo->doxm->deviceID);
if (OC_STACK_OK == res)
clientResponse->result);
SetResult(otmCtx, clientResponse->result);
}
+
+
exit:
+ OIC_LOG_V(INFO, TAG, "OUT ProvisioningStatusHandler.");
return OC_STACK_DELETE_TRANSACTION;
}
return ret;
}
-OCStackResult FinalizeProvisioning(OTMContext_t* otmCtx)
-{
- OIC_LOG(INFO, TAG, "IN FinalizeProvisioning");
-
- if(!otmCtx)
- {
- OIC_LOG(ERROR, TAG, "OTMContext is NULL");
- return OC_STACK_INVALID_PARAM;
- }
- if(!otmCtx->selectedDeviceInfo)
- {
- OIC_LOG(ERROR, TAG, "Can't find device information in OTMContext");
- OICFree(otmCtx);
- return OC_STACK_INVALID_PARAM;
- }
- // Provision Default ACL to device
- OicSecAcl_t defaultAcl =
- { {.id={0}},
- 1,
- NULL,
- 0x001F,
- 0,
- NULL,
- NULL,
- 1,
- NULL,
- NULL,
- };
-
- OicUuid_t provTooldeviceID = {.id={0}};
- if (OC_STACK_OK != GetDoxmDeviceID(&provTooldeviceID))
- {
- OIC_LOG(ERROR, TAG, "Error while retrieving provisioning tool's device ID");
- SetResult(otmCtx, OC_STACK_ERROR);
- return OC_STACK_ERROR;
- }
- OIC_LOG(INFO, TAG, "Retieved deviceID");
- memcpy(defaultAcl.subject.id, provTooldeviceID.id, sizeof(defaultAcl.subject.id));
- char *wildCardResource = "*";
- defaultAcl.resources = &wildCardResource;
-
- defaultAcl.owners = (OicUuid_t *) OICCalloc(1, UUID_LENGTH);
- if(!defaultAcl.owners)
- {
- OIC_LOG(ERROR, TAG, "Failed to memory allocation for default ACL");
- SetResult(otmCtx, OC_STACK_NO_MEMORY);
- return OC_STACK_NO_MEMORY;
- }
- memcpy(defaultAcl.owners->id, provTooldeviceID.id, UUID_LENGTH);
- OIC_LOG(INFO, TAG, "Provisioning default ACL");
-
- OCSecurityPayload* secPayload = (OCSecurityPayload*)OICCalloc(1, sizeof(OCSecurityPayload));
- if(!secPayload)
- {
- OIC_LOG(ERROR, TAG, "Failed to memory allocation");
- return OC_STACK_NO_MEMORY;
- }
- secPayload->base.type = PAYLOAD_TYPE_SECURITY;
- secPayload->securityData = BinToAclJSON(&defaultAcl);
- OICFree(defaultAcl.owners);
- if(!secPayload->securityData)
- {
- OICFree(secPayload);
- OIC_LOG(INFO, TAG, "FinalizeProvisioning : Failed to BinToAclJSON");
- SetResult(otmCtx, OC_STACK_ERROR);
- return OC_STACK_ERROR;
- }
- OIC_LOG_V(INFO, TAG, "Provisioning default ACL : %s",secPayload->securityData);
-
- char query[MAX_URI_LENGTH + MAX_QUERY_LENGTH] = {0};
- if(!PMGenerateQuery(true,
- otmCtx->selectedDeviceInfo->endpoint.addr,
- otmCtx->selectedDeviceInfo->securePort,
- otmCtx->selectedDeviceInfo->connType,
- query, sizeof(query), OIC_RSRC_ACL_URI))
- {
- OIC_LOG(ERROR, TAG, "FinalizeProvisioning : Failed to generate query");
- return OC_STACK_ERROR;
- }
- OIC_LOG_V(DEBUG, TAG, "Query=%s", query);
-
- OIC_LOG_V(INFO, TAG, "Request URI for Provisioning default ACL : %s", query);
-
- OCCallbackData cbData = {.context=NULL, .cb=NULL, .cd=NULL};
- cbData.cb = &FinalizeProvisioningCB;
- cbData.context = (void *)otmCtx;
- cbData.cd = NULL;
- OCStackResult ret = OCDoResource(NULL, OC_REST_POST, query,
- &otmCtx->selectedDeviceInfo->endpoint, (OCPayload*)secPayload,
- otmCtx->selectedDeviceInfo->connType, OC_HIGH_QOS, &cbData, NULL, 0);
- if (OC_STACK_OK != ret)
- {
- SetResult(otmCtx, ret);
- return ret;
- }
-
- OIC_LOG(INFO, TAG, "OUT FinalizeProvisioning");
-
- return ret;
-
-}
-
#endif
#define TAG "SRM-ACL"
+#define NUMBER_OF_SEC_PROV_RSCS 4
+#define NUMBER_OF_DEFAULT_SEC_RSCS 2
OicSecAcl_t *gAcl = NULL;
static OCResourceHandle gAclHandle = NULL;
return ret;
}
+
+/**
+ * This function generates default ACL for security resource in case of owned status.
+ *
+ * @retval Default ACL for security resource.
+ */
+static OicSecAcl_t* GetSecDefaultACL()
+{
+ const char *sec_rsrcs[] = {
+ OIC_RSRC_DOXM_URI,
+ OIC_RSRC_PSTAT_URI
+ };
+
+ OicSecAcl_t* newDefaultAcl = (OicSecAcl_t*)OICCalloc(1, sizeof(OicSecAcl_t));
+ VERIFY_NON_NULL(TAG, newDefaultAcl, ERROR);
+
+ // Subject -- Mandatory
+ memcpy(&(newDefaultAcl->subject), &WILDCARD_SUBJECT_ID, WILDCARD_SUBJECT_ID_LEN);
+
+ // Resources -- Mandatory
+ newDefaultAcl->resourcesLen = NUMBER_OF_DEFAULT_SEC_RSCS;
+ newDefaultAcl->resources = (char**)OICCalloc(NUMBER_OF_DEFAULT_SEC_RSCS, sizeof(char*));
+ VERIFY_NON_NULL(TAG, (newDefaultAcl->resources), ERROR);
+
+ for (size_t i = 0; i < NUMBER_OF_DEFAULT_SEC_RSCS; i++)
+ {
+ size_t len = strlen(sec_rsrcs[i]) + 1;
+ newDefaultAcl->resources[i] = (char*)OICMalloc(len * sizeof(char));
+ VERIFY_NON_NULL(TAG, (newDefaultAcl->resources[i]), ERROR);
+ OICStrcpy(newDefaultAcl->resources[i], len, sec_rsrcs[i]);
+ }
+
+ // Permissions -- Mandatory
+ newDefaultAcl->permission = PERMISSION_READ;
+
+ //Period -- Not Mandatory
+ newDefaultAcl->prdRecrLen = 0;
+ newDefaultAcl->periods = NULL;
+
+ //Recurrence -- Not Mandatory
+ newDefaultAcl->recurrences = NULL;
+
+ // Device ID is the owner of this default ACL
+ OicUuid_t ownerId = {.id = {0}};
+ OCStackResult res = GetDoxmDeviceID(&ownerId);
+ VERIFY_SUCCESS(TAG, OC_STACK_OK == res, FATAL);
+
+ // Owners -- Mandatory
+ newDefaultAcl->ownersLen = 1;
+ newDefaultAcl->owners = (OicUuid_t*)OICMalloc(sizeof(OicUuid_t));
+ VERIFY_NON_NULL(TAG, (newDefaultAcl->owners), ERROR);
+ memcpy(newDefaultAcl->owners, &ownerId, sizeof(OicUuid_t));
+
+ return newDefaultAcl;
+exit:
+ DeleteACLList(newDefaultAcl);
+ return NULL;
+
+}
+
+OCStackResult UpdateDefaultSecProvACL()
+{
+ OCStackResult ret = OC_STACK_OK;
+ OicSecAcl_t *acl = NULL;
+ OicSecAcl_t *tmp = NULL;
+
+ if(gAcl)
+ {
+ int matchedRsrc = 0;
+ bool isRemoved = false;
+
+ LL_FOREACH_SAFE(gAcl, acl, tmp)
+ {
+ //Find default security resource ACL
+ if(memcmp(&acl->subject, &WILDCARD_SUBJECT_ID, sizeof(OicUuid_t)) == 0 &&
+ ((PERMISSION_READ | PERMISSION_WRITE) == acl->permission))
+ {
+ matchedRsrc = 0;
+
+ for(size_t i = 0; i < acl->resourcesLen; i++)
+ {
+ if(strncmp(acl->resources[i], OIC_RSRC_DOXM_URI,
+ strlen(OIC_RSRC_DOXM_URI) + 1) == 0 ||
+ strncmp(acl->resources[i], OIC_RSRC_CRED_URI,
+ strlen(OIC_RSRC_CRED_URI) + 1) == 0 ||
+ strncmp(acl->resources[i], OIC_RSRC_ACL_URI,
+ strlen(OIC_RSRC_ACL_URI) + 1) == 0 ||
+ strncmp(acl->resources[i], OIC_RSRC_PSTAT_URI,
+ strlen(OIC_RSRC_PSTAT_URI) + 1) == 0)
+ {
+ matchedRsrc++;
+ }
+ }
+
+ //If default security resource ACL is detected, delete it.
+ if(NUMBER_OF_SEC_PROV_RSCS == matchedRsrc)
+ {
+ LL_DELETE(gAcl, acl);
+ FreeACE(acl);
+ isRemoved = true;
+ }
+ }
+ }
+
+ if(isRemoved)
+ {
+ /*
+ * Generate new security resource ACL as follows :
+ * subject : "*"
+ * resources : '/oic/sec/doxm', '/oic/sec/pstat'
+ * permission : READ
+ */
+ OicSecAcl_t* newDefaultAcl = GetSecDefaultACL();
+ if(newDefaultAcl)
+ {
+ LL_APPEND(gAcl, newDefaultAcl);
+
+ char *jsonStr = BinToAclJSON(gAcl);
+ if(jsonStr)
+ {
+ cJSON *jsonAcl = cJSON_Parse(jsonStr);
+ OICFree(jsonStr);
+
+ //Update SVR DB
+ if (jsonAcl)
+ {
+ ret = UpdateSVRDatabase(OIC_JSON_ACL_NAME, jsonAcl);
+ if(OC_STACK_OK != ret)
+ {
+ OIC_LOG(WARNING, TAG, "Failed to update SVR DB");
+ }
+ }
+ cJSON_Delete(jsonAcl);
+ }
+ }
+ }
+ }
+
+ return ret;
+}