OCGetLinkedStatus
OCInitPM
OCProvisionACL
+OCSaveACL
OCProvisionCredentials
OCProvisionDirectPairing
OCProvisionPairwiseDevices
*/
OicSecAce_t* DuplicateACE(const OicSecAce_t* ace);
+
+/**
+ * This function check the duplication with pre-installed ACL and installs only new ACEs.
+ *
+ * @param acl acl to install.
+ *
+ * @return ::OC_STACK_OK for Success, otherwise some error value
+ */
+OCStackResult InstallACL(const OicSecAcl_t* acl);
+
/**
- * This function installs a new ACL.
+ * This function appends a new ACL.
*
* @param payload cbor value representing a new ACL.
* @param size of the cbor payload.
*
* @return ::OC_STACK_OK for Success, otherwise some error value
*/
-OCStackResult InstallNewACL(const uint8_t* payload, const size_t size);
+OCStackResult AppendACL(const uint8_t* payload, const size_t size);
/**
- * This function installs a new ACL.
+ * This function appends a new ACL.
*
- * @param acl new acl to install.
+ * @param acl new acl to append.
*
* @return ::OC_STACK_OK for Success, otherwise some error value
*/
-OCStackResult InstallNewACL2(const OicSecAcl_t* acl);
+OCStackResult AppendACL2(const OicSecAcl_t* acl);
+
/**
* This function updates default ACE which is required for ownership transfer.
* This function should be invoked after OTM is complete to prevent anonymous user access.
OCStackResult SRPProvisionACL(void *ctx, const OCProvisionDev_t *selectedDeviceInfo,
OicSecAcl_t *acl, OCProvisionResultCB resultCallback);
+/**
+ * API to save ACL which has several ACE into Acl of SVR.
+ *
+ * @param acl ACL to be saved in Acl of SVR.
+ * @return OC_STACK_OK in case of success and other value otherwise.
+ */
+OCStackResult SRPSaveACL(const OicSecAcl_t *acl);
+
/**
* API to request CRED information to resource.
*
OCStackResult OCProvisionACL(void *ctx, const OCProvisionDev_t *selectedDeviceInfo, OicSecAcl_t *acl,\r
OCProvisionResultCB resultCallback);\r
\r
+/**\r
+ * function to save ACL which has several ACE into Acl of SVR.\r
+ *\r
+ * @param acl ACL to be saved in Acl of SVR.\r
+ * @return OC_STACK_OK in case of success and other value otherwise.\r
+ */\r
+OCStackResult OCSaveACL(const OicSecAcl_t* acl);\r
+\r
/**\r
* this function requests CRED information to resource.\r
*\r
#define _32_PROVIS_ACL_ 32
#define _33_PROVIS_DP_ 33
#define _34_CHECK_LINK_STATUS_ 34
+#define _35_SAVE_ACL_ 35
#define _40_UNLINK_PAIR_DEVS_ 40
#define _50_REMOVE_SELEC_DEV_ 50
#define _51_REMOVE_DEV_WITH_UUID_ 51
#endif
// function declaration(s) for calling them before implementing
static OicSecAcl_t* createAcl(const int);
+static OicSecAcl_t* createSimpleAcl(const OicUuid_t uuid);
static OicSecPdAcl_t* createPdAcl(const int);
static OCProvisionDev_t* getDevInst(const OCProvisionDev_t*, const int);
static int printDevList(const OCProvisionDev_t*);
return -1;
}
+static int saveAcl(void)
+{
+ // create ACL to save into local SVR DB
+ OicSecAcl_t* acl = NULL;
+ OicUuid_t uuid = {.id={0}};
+ char strUuid[64] = {0};
+
+ printf("[1] Use a test UUID [11111111-2222-3333-4444-555555555555]\n");
+ printf("[2] Use a user input\n");
+ int sel_num = 0;
+ for( ; ; )
+ {
+ printf(" > Select Number, for Subject UUID of new ACE: ");
+ for(int ret=0; 1!=ret; )
+ {
+ ret = scanf("%d", &sel_num);
+ for( ; 0x20<=getchar(); ); // for removing overflow garbages
+ // '0x20<=code' is character region
+ }
+ if(1 == sel_num)
+ {
+ OICStrcpy(strUuid, sizeof(strUuid), "11111111-2222-3333-4444-555555555555");
+ break;
+ }
+ else if(2 == sel_num)
+ {
+ printf(" > Input the UUID : ");
+ for(int ret=0; 1!=ret; )
+ {
+ ret = scanf("%64s", strUuid);
+ for( ; 0x20<=getchar(); ); // for removing overflow garbages
+ // '0x20<=code' is character region
+ }
+ break;
+ }
+ printf(" Entered Wrong Number. Please Enter Again\n");
+ }
+
+
+ printf("Selected Subject UUID : %s\n", strUuid);
+ OCStackResult rst = ConvertStrToUuid(strUuid, &uuid);
+ if(OC_STACK_OK != rst)
+ {
+ OIC_LOG_V(ERROR, TAG, "ConvertStrToUuid API error: %d", rst);
+ goto SVACL_ERROR;
+ }
+
+ acl = createSimpleAcl(uuid);
+ if(!acl)
+ {
+ OIC_LOG(ERROR, TAG, "createAcl error return");
+ goto SVACL_ERROR;
+ }
+
+ // call |OCSaveACL| API actually
+ rst = OCSaveACL(acl);
+ if(OC_STACK_OK != rst)
+ {
+ OIC_LOG_V(ERROR, TAG, "OCSaveACL API error: %d", rst);
+ goto SVACL_ERROR;
+ }
+ OCDeleteACLList(acl); // after here |acl| points nothing
+
+ // display the ACL-provisioned result
+ printf(" > Saved Selected ACL\n");
+
+ return 0;
+
+SVACL_ERROR:
+ OCDeleteACLList(acl); // after here |acl| points nothing
+ return -1;
+}
+
static int getCred(void)
{
// check |own_list| for checking selected link status on PRVN DB
return NULL;
}
+static OicSecAcl_t* createSimpleAcl(const OicUuid_t uuid)
+{
+ OIC_LOG(DEBUG, TAG, "createSimpleAcl IN");
+
+ // allocate memory for |acl| struct
+ OicSecAcl_t* acl = (OicSecAcl_t*) OICCalloc(1, sizeof(OicSecAcl_t));
+ if(!acl)
+ {
+ OIC_LOG(DEBUG, TAG, "OICCalloc error return");
+ return NULL; // not need to 'goto' |ERROR| before allocating |acl|
+ }
+ OicSecAce_t* ace = (OicSecAce_t*) OICCalloc(1, sizeof(OicSecAce_t));
+ if(!ace)
+ {
+ OIC_LOG(DEBUG, TAG, "OICCalloc error return");
+ return NULL; // not need to 'goto' |ERROR| before allocating |acl|
+ }
+ LL_APPEND(acl->aces, ace);
+
+ memcpy(&ace->subjectuuid, &uuid, UUID_LENGTH);
+
+ OicSecRsrc_t* rsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
+ if(!rsrc)
+ {
+ OIC_LOG(DEBUG, TAG, "OICCalloc error return");
+ OCDeleteACLList(acl);
+ return NULL;
+ }
+
+ char href[] = "*";
+ size_t len = strlen(href)+1; // '1' for null termination
+ rsrc->href = (char*) OICCalloc(len, sizeof(char));
+ if(!rsrc->href)
+ {
+ OIC_LOG(DEBUG, TAG, "OICCalloc error return");
+ OCDeleteACLList(acl);
+ return NULL;
+ }
+ OICStrcpy(rsrc->href, len, href);
+
+ size_t arrLen = 1;
+ rsrc->typeLen = arrLen;
+ rsrc->types = (char**)OICCalloc(arrLen, sizeof(char*));
+ rsrc->interfaceLen = 1;
+ rsrc->interfaces = (char**)OICCalloc(arrLen, sizeof(char*));
+ rsrc->types[0] = OICStrdup(""); // ignore
+ rsrc->interfaces[0] = OICStrdup("oic.if.baseline"); // ignore
+
+ LL_APPEND(ace->resources, rsrc);
+
+ ace->permission = 31; // R/W/U/D
+
+ OIC_LOG(DEBUG, TAG, "createSimpleAcl OUT");
+
+ return acl;
+}
+
static OicSecPdAcl_t* createPdAcl(const int dev_num)
{
if(0>=dev_num || g_own_cnt<dev_num)
printf("** 31. Provision Credentials for Pairwise Things\n");
printf("** 32. Provision the Selected Access Control List(ACL)\n");
printf("** 33. Provision Direct-Pairing Configuration\n");
- printf("** 34. Check Linked Status of the Selected Device on PRVN DB\n\n");
+ printf("** 34. Check Linked Status of the Selected Device on PRVN DB\n");
+ printf("** 35. Save the Selected Access Control List(ACL) into local SVR DB\n\n");
printf("** [D] UNLINK PAIRWISE THINGS\n");
printf("** 40. Unlink Pairwise Things\n\n");
OIC_LOG(ERROR, TAG, "_34_CHECK_LINK_STATUS_: error");
}
break;
+ case _35_SAVE_ACL_:
+ if(saveAcl())
+ {
+ OIC_LOG(ERROR, TAG, "_35_SAVE_ACL_: error");
+ }
+ break;
case _40_UNLINK_PAIR_DEVS_:
if(unlinkPairwise())
{
printACL(acl);
- result = InstallNewACL2(acl);
+ result = InstallACL(acl);
if (result != OC_STACK_OK)
{
OIC_LOG(ERROR, TAG, "Can't update ACL resource");
return SRPProvisionACL(ctx, selectedDeviceInfo, acl, resultCallback);
}
+/**
+ * function to save ACL which has several ACE into Acl of SVR.
+ *
+ * @param acl ACL to be saved in Acl of SVR.
+ * @return OC_STACK_OK in case of success and other value otherwise.
+ */
+OCStackResult OCSaveACL(const OicSecAcl_t* acl)
+{
+ return SRPSaveACL(acl);
+}
+
/**
* this function requests CRED information to resource.
*
return OC_STACK_OK;
}
+OCStackResult SRPSaveACL(const OicSecAcl_t *acl)
+{
+ OIC_LOG(DEBUG, TAG, "IN SRPSaveACL");
+ VERIFY_NON_NULL(TAG, acl, ERROR, OC_STACK_INVALID_PARAM);
+
+ OCStackResult res = InstallACL(acl);
+
+ OIC_LOG(DEBUG, TAG, "OUT SRPSaveACL");
+ return res;
+}
+
/**
* Internal Function to store results in result array during Direct-Pairing provisioning.
*/
}
}
-OCStackResult InstallNewACL2(const OicSecAcl_t* acl)
+OCStackResult AppendACL2(const OicSecAcl_t* acl)
{
OCStackResult ret = OC_STACK_ERROR;
return ret;
}
-OCStackResult InstallNewACL(const uint8_t *cborPayload, const size_t size)
+OCStackResult AppendACL(const uint8_t *cborPayload, const size_t size)
{
// Convert CBOR format to ACL data. This will also validate the ACL data received.
OicSecAcl_t* newAcl = CBORPayloadToAcl(cborPayload, size);
- return InstallNewACL2(newAcl);
+ return AppendACL2(newAcl);
+}
+
+OCStackResult InstallACL(const OicSecAcl_t* acl)
+{
+ OCStackResult ret = OC_STACK_ERROR;
+
+ if (!acl)
+ {
+ return OC_STACK_INVALID_PARAM;
+ }
+
+ bool isNewAce = true;
+ OicSecAce_t* existAce = NULL;
+ OicSecAce_t* newAce = NULL;
+ OicSecAce_t* tempAce1 = NULL;
+ OicSecAce_t* tempAce2 = NULL;
+ OicSecAcl_t* newInstallAcl = NULL;
+
+ LL_FOREACH_SAFE(acl->aces, newAce, tempAce1)
+ {
+ isNewAce = true;
+ LL_FOREACH_SAFE(gAcl->aces, existAce, tempAce2)
+ {
+ if(IsSameACE(newAce, existAce))
+ {
+ OIC_LOG(DEBUG, TAG, "Duplicated ACE dectected.");
+ ret = OC_STACK_DUPLICATE_REQUEST;
+ isNewAce = false;
+ }
+ }
+ if(isNewAce)
+ {
+ // Append new ACE to existing ACL
+ OIC_LOG(DEBUG, TAG, "NEW ACE dectected.");
+
+ OicSecAce_t* insertAce = DuplicateACE(newAce);
+ if(insertAce)
+ {
+ OIC_LOG(DEBUG, TAG, "Appending new ACE..");
+
+ if (!newInstallAcl)
+ {
+ newInstallAcl = (OicSecAcl_t *) OICCalloc(1, sizeof(OicSecAcl_t));
+ if (NULL == newInstallAcl)
+ {
+ OIC_LOG(ERROR, TAG, "Failed to acllocate ACL");
+ return OC_STACK_NO_MEMORY;
+ }
+ }
+ LL_PREPEND(newInstallAcl->aces, insertAce);
+ }
+ else
+ {
+ OIC_LOG(ERROR, TAG, "Failed to duplicate ACE");
+ DeleteACLList(newInstallAcl);
+ return OC_STACK_ERROR;
+ }
+ }
+ }
+
+ if (newInstallAcl)
+ {
+ ret = AppendACL2(newInstallAcl);
+ if (OC_STACK_OK != ret)
+ {
+ OIC_LOG(ERROR, TAG, "Failed to append ACL");
+ }
+ OICFree(newInstallAcl);
+ }
+
+ return ret;
}
/**
{
size_t size = ((OCSecurityPayload*)clientResponse->payload)->payloadSize;
OCStackResult ret =
- InstallNewACL(((OCSecurityPayload*)clientResponse->payload)->securityData, size);
+ AppendACL(((OCSecurityPayload*)clientResponse->payload)->securityData, size);
VERIFY_SUCCESS(TAG, OC_STACK_OK == ret, ERROR);
OIC_LOG_V(INFO, TAG, "%s : Calling checkPermission", __func__);
uint8_t *payload = NULL;
if (OC_STACK_OK == AclToCBORPayload(acl, &payload, &size))
{
- InstallNewACL(payload, size);
+ AppendACL(payload, size);
OICFree(payload);
}
DeleteACLList(acl);
std::string uuid,
ResultCallBack resultCallback);
+ /**
+ * API to save ACL which has several ACE into Acl of SVR.
+ *
+ * @param acl ACL to be saved in Acl of SVR.
+ * @return OC_STACK_OK in case of success and other value otherwise.
+ */
+ static OCStackResult saveACL(const OicSecAcl_t* acl);
+
#if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
/**
* API to save Trust certificate chain into Cred of SVR.
return result;
}
+ OCStackResult OCSecure::saveACL(const OicSecAcl_t* acl)
+ {
+ if (!acl)
+ {
+ oclog() <<"ACL can't be null";
+ return OC_STACK_INVALID_PARAM;
+ }
+
+ OCStackResult result;
+ auto cLock = OCPlatform_impl::Instance().csdkLock().lock();
+
+ if (cLock)
+ {
+ std::lock_guard<std::recursive_mutex> lock(*cLock);
+ result = OCSaveACL(const_cast<OicSecAcl_t*>(acl));
+ }
+ else
+ {
+ oclog() <<"Mutex not found";
+ result = OC_STACK_ERROR;
+ }
+ return result;
+ }
+
#if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
OCStackResult OCSecure::saveTrustCertChain(uint8_t *trustCertChain, size_t chainSize,
OicEncodingType_t encodingType, uint16_t *credId)
projects / platform / upstream / iotivity.git / commitdiff