New API for self ACL updating 00/221600/1
authorIurii Metelytsia <i.metelytsia@samsung.com>
Tue, 26 Nov 2019 15:13:42 +0000 (17:13 +0200)
committerSudipto Bal <sudipto.bal@samsung.com>
Mon, 6 Jan 2020 05:43:22 +0000 (05:43 +0000)
https://github.sec.samsung.net/RS7-IOTIVITY/IoTivity/commit/441765ad4ae9d09a2ff34023031e6e4f42edf917
(cherry-picked from 441765ad4ae9d09a2ff34023031e6e4f42edf917)

Change-Id: Ic9747cb71f669895ced90e442bcce1f090389e1c
Signed-off-by: Sudipto <sudipto.bal@samsung.com>
resource/csdk/security/include/internal/aclresource.h
resource/csdk/security/include/securevirtualresourcetypes.h
resource/csdk/security/src/aclresource.c
resource/csdk/stack/include/ocstack.h
resource/csdk/stack/include/octypes.h
resource/csdk/stack/src/ocstack.c
resource/src/OCDirectPairing.cpp

index 42c75a9..3ba5770 100644 (file)
@@ -191,6 +191,25 @@ void printACL(const OicSecAcl_t* acl);
  */
 OCStackResult CheckSecurityACEPermission(uint16_t permission);
 
+/**
+ * This method add new ACE to ACL
+ *
+ * @param subject of the ACE
+ * @param href resource string
+ * @param rel resource string
+ * @param types string array
+ * @param typeLen string array size
+ * @param interfaces string array
+ * @param interfaceLen string array size
+ * @param permission value
+ *
+ * @return ::OC_STACK_OK for Success, otherwise some error value.
+ */
+OCStackResult AddACE(const OicUuid_t *subject, const char *href, const char *rel,
+                     const char **types, size_t typeLen,
+                     const char **interfaces, size_t interfaceLen,
+                     uint16_t permission);
+
 #ifdef __cplusplus
 }
 #endif
index e6a2f7f..538faf0 100644 (file)
@@ -49,6 +49,8 @@
 #include "byte_array.h"
 #endif /* __WITH_DTLS__  or __WITH_TLS__*/
 
+#include "octypes.h"
+
 #ifdef __cplusplus
 extern "C" {
 #endif
@@ -318,8 +320,6 @@ typedef struct OicSecSacl OicSecSacl_t;
 
 typedef char *OicUrn_t; //TODO is URN type defined elsewhere?
 
-typedef struct OicUuid OicUuid_t; //TODO is UUID type defined elsewhere?
-
 #ifdef MULTIPLE_OWNER
 typedef struct OicSecSubOwner OicSecSubOwner_t;
 typedef struct OicSecMom OicSecMom_t;
@@ -333,22 +333,11 @@ typedef ByteArray_t OicSecCert_t;
 typedef void OicSecCert_t;
 #endif /* __WITH_DTLS__ or __WITH_TLS__*/
 
-/**
- * /oic/uuid (Universal Unique Identifier) data type.
- */
-#define UUID_LENGTH 128/8 // 128-bit GUID length
 //TODO: Confirm the length and type of ROLEID.
 #define ROLEID_LENGTH 128/8 // 128-bit ROLEID length
 #define OWNER_PSK_LENGTH_128 128/8 //byte size of 128-bit key size
 #define OWNER_PSK_LENGTH_256 256/8 //byte size of 256-bit key size
 
-struct OicUuid
-{
-    // <Attribute ID>:<Read/Write>:<Multiple/Single>:<Mandatory?>:<Type>
-    //TODO fill in unless this is defined elsewhere?
-    uint8_t             id[UUID_LENGTH];
-};
-
 /**
  * /oic/sec/jwk (JSON Web Key) data type.
  * See JSON Web Key (JWK)  draft-ietf-jose-json-web-key-41
index b1a3bc8..34b2ed2 100644 (file)
@@ -1149,20 +1149,21 @@ OicSecAcl_t* CBORPayloadToAcl(const uint8_t *cborPayload, const size_t size)
                                                             VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding RT array length.");
                                                         }
 
-                                                        VERIFY_SUCCESS(TAG, (0 != rsrc->typeLen), ERROR);
-
-                                                        rsrc->types = (char**)OICCalloc(rsrc->typeLen, sizeof(char*));
-                                                        VERIFY_NON_NULL(TAG, rsrc->types, ERROR);
+                                                        if (0 != rsrc->typeLen)
+                                                        {
+                                                            rsrc->types = (char**)OICCalloc(rsrc->typeLen, sizeof(char*));
+                                                            VERIFY_NON_NULL(TAG, rsrc->types, ERROR);
 
-                                                        cborFindResult = cbor_value_enter_container(&rMap, &resourceTypes);
-                                                        VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering RT Array.");
+                                                            cborFindResult = cbor_value_enter_container(&rMap, &resourceTypes);
+                                                            VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering RT Array.");
 
-                                                        for(size_t i = 0; cbor_value_is_valid(&resourceTypes) && cbor_value_is_text_string(&resourceTypes); i++)
-                                                        {
-                                                            cborFindResult = cbor_value_dup_text_string(&resourceTypes, &(rsrc->types[i]), &readLen, NULL);
-                                                            VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding resource type.");
-                                                            cborFindResult = cbor_value_advance(&resourceTypes);
-                                                            VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing resource type.");
+                                                            for(size_t i = 0; cbor_value_is_valid(&resourceTypes) && cbor_value_is_text_string(&resourceTypes); i++)
+                                                            {
+                                                                cborFindResult = cbor_value_dup_text_string(&resourceTypes, &(rsrc->types[i]), &readLen, NULL);
+                                                                VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding resource type.");
+                                                                cborFindResult = cbor_value_advance(&resourceTypes);
+                                                                VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing resource type.");
+                                                            }
                                                         }
                                                     }
 
@@ -1191,20 +1192,21 @@ OicSecAcl_t* CBORPayloadToAcl(const uint8_t *cborPayload, const size_t size)
                                                             VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding IF array length.");
                                                         }
 
-                                                        VERIFY_SUCCESS(TAG, (0 != rsrc->interfaceLen), ERROR);
-
-                                                        rsrc->interfaces = (char**)OICCalloc(rsrc->interfaceLen, sizeof(char*));
-                                                        VERIFY_NON_NULL(TAG, rsrc->interfaces, ERROR);
+                                                        if (0 != rsrc->interfaceLen)
+                                                        {
+                                                            rsrc->interfaces = (char**)OICCalloc(rsrc->interfaceLen, sizeof(char*));
+                                                            VERIFY_NON_NULL(TAG, rsrc->interfaces, ERROR);
 
-                                                        cborFindResult = cbor_value_enter_container(&rMap, &interfaces);
-                                                        VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering IF Array.");
+                                                            cborFindResult = cbor_value_enter_container(&rMap, &interfaces);
+                                                            VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering IF Array.");
 
-                                                        for(size_t i = 0; cbor_value_is_valid(&interfaces) && cbor_value_is_text_string(&interfaces); i++)
-                                                        {
-                                                            cborFindResult = cbor_value_dup_text_string(&interfaces, &(rsrc->interfaces[i]), &readLen, NULL);
-                                                            VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding IF type.");
-                                                            cborFindResult = cbor_value_advance(&interfaces);
-                                                            VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing IF type.");
+                                                            for(size_t i = 0; cbor_value_is_valid(&interfaces) && cbor_value_is_text_string(&interfaces); i++)
+                                                            {
+                                                                cborFindResult = cbor_value_dup_text_string(&interfaces, &(rsrc->interfaces[i]), &readLen, NULL);
+                                                                VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding IF type.");
+                                                                cborFindResult = cbor_value_advance(&interfaces);
+                                                                VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing IF type.");
+                                                            }
                                                         }
                                                     }
 
@@ -2515,7 +2517,7 @@ void printACL(const OicSecAcl_t* acl)
 
             for (size_t i = 0; i < res->typeLen; i++)
             {
-                OIC_LOG_V(INFO, TAG, "if[%zu] = %s", i, res->types[i]);
+                OIC_LOG_V(INFO, TAG, "rt[%zu] = %s", i, res->types[i]);
             }
             for (size_t i = 0; i < res->interfaceLen; i++)
             {
@@ -2537,6 +2539,8 @@ void printACL(const OicSecAcl_t* acl)
             {
                 OIC_LOG_V(INFO, TAG, "recurrences[%zu] = %s", i, vals->recurrences[i]);
             }
+
+            vals = vals->next;
         }
 
         ace = ace->next;
@@ -2943,3 +2947,106 @@ OCStackResult CheckSecurityACEPermission(uint16_t permission)
     OIC_LOG_V(DEBUG, TAG, "OUT: %s", __func__);
     return ret;
 }
+
+/**
+ * This method add new ACE to ACL
+ *
+ * @param subject of the ACE
+ * @param href resource string
+ * @param rel resource string
+ * @param types string array
+ * @param typeLen string array size
+ * @param interfaces string array
+ * @param interfaceLen string array size
+ * @param permission value
+ *
+ * @return ::OC_STACK_OK for Success, otherwise some error value.
+ */
+OCStackResult AddACE(const OicUuid_t *subject, const char *href, const char *rel,
+                     const char **types, size_t typeLen,
+                     const char **interfaces, size_t interfaceLen,
+                     uint16_t permission)
+{
+    OCStackResult ret = OC_EH_ERROR;
+
+    OIC_LOG_V(DEBUG, TAG, "IN: %s", __func__);
+
+    if (!gAcl)
+    {
+        OIC_LOG_V(ERROR, TAG, "%s: gAcl is NULL", __func__);
+        return OC_STACK_INVALID_PARAM;
+    }
+
+    if (!subject)
+    {
+        OIC_LOG_V(ERROR, TAG, "%s: Invalid Parameter", __func__);
+        return OC_STACK_INVALID_PARAM;
+    }
+
+    OicSecAce_t newAce;
+    OicSecRsrc_t resources;
+    memcpy(&newAce.subjectuuid, subject, sizeof(OicUuid_t));
+    resources.href = href;
+    resources.rel = rel;
+    resources.types = types;
+    resources.typeLen = typeLen;
+    resources.interfaces = interfaces;
+    resources.interfaceLen = interfaceLen;
+    resources.next = NULL;
+    newAce.resources = &resources;
+    newAce.permission = permission;
+    newAce.validities = NULL;
+#ifdef MULTIPLE_OWNER
+    newAce.eownerID = NULL;
+#endif
+    newAce.next = NULL;
+
+    //Check existing ACE's
+    OicSecAce_t *existAce = NULL;
+    OicSecAce_t *tempAce = NULL;
+    LL_FOREACH_SAFE(gAcl->aces, existAce, tempAce)
+    {
+        if (IsSameACE(&newAce, existAce))
+        {
+            OIC_LOG(DEBUG, TAG, "Duplicated ACE dectected.");
+            return OC_STACK_DUPLICATE_REQUEST;
+        }
+    }
+
+    // Add new ACE to ACL
+    OIC_LOG(DEBUG, TAG, "NEW ACE dectected.");
+    OicSecAce_t *insertAce = DuplicateACE(&newAce);
+    if (insertAce)
+    {
+        OIC_LOG(DEBUG, TAG, "Appending new ACE..");
+        LL_APPEND(gAcl->aces, insertAce);
+
+        // Update persistant storage
+        uint8_t *payload = NULL;
+        size_t size = 0;
+        if (OC_STACK_OK == AclToCBORPayload(gAcl, &payload, &size))
+        {
+            if (OC_STACK_OK == UpdateSecureResourceInPS(OIC_JSON_ACL_NAME, payload, size))
+            {
+                ret = OC_STACK_OK;
+            }
+            else
+            {
+                OIC_LOG(ERROR, TAG, "UpdateSecureResourceInPS failed");
+            }
+            OICFree(payload);
+        }
+        else
+        {
+            OIC_LOG(ERROR, TAG, "AclToCBORPayload failed");
+        }
+    }
+    else
+    {
+        OIC_LOG(ERROR, TAG, "Failed to duplicate ACE.");
+    }
+
+    OIC_LOG_V(DEBUG, TAG, "OUT: %s", __func__);
+
+    return ret;
+}
index 0ebe590..b6a3c25 100755 (executable)
@@ -926,6 +926,25 @@ OCStackResult OCSetOtmEventHandler(void *ctx, OCOtmEventHandler cb);
 
 OCStackResult OCGetDeviceOperationalState(bool* isOp);
 
+/**
+ * Helper method to add a new ACE to the ACL
+ *
+ * @param subjectuuid of the ACE
+ * @param href resource string
+ * @param rel resource string
+ * @param types string array
+ * @param typeLen string array size
+ * @param interfaces string array
+ * @param interfaceLen string array size
+ * @param permission value
+ *
+ * @return ::OC_STACK_OK for Success, otherwise some error value.
+ */
+OCStackResult AddACEToACL(const OicUuid_t *subjectuuid, const char *href, const char *rel,
+                          const char **types, size_t typeLen,
+                          const char **interfaces, size_t interfaceLen,
+                          uint16_t permission);
+
 #ifdef __cplusplus
 }
 #endif // __cplusplus
index 128470c..827b4c0 100644 (file)
@@ -1787,6 +1787,15 @@ typedef struct resetSVRDBCB
     ResetSVRDBCB callback;
 } resetSVRDBCB_t;
 
+/**
+ * Universal Unique Identifier data type.
+ */
+#define UUID_LENGTH (128/8) // 128-bit GUID length
+typedef struct OicUuid
+{
+    uint8_t id[UUID_LENGTH];
+} OicUuid_t;
+
 #ifdef __cplusplus
 }
 #endif // __cplusplus
index 4c799b1..ccbdc9b 100644 (file)
@@ -65,6 +65,7 @@
 #include "oicgroup.h"
 #include "pstatresource.h"
 #include "srmutility.h"
+#include "aclresource.h"
 
 #if defined (ROUTING_GATEWAY) || defined (ROUTING_EP)
 #include "routingutility.h"
@@ -5813,3 +5814,26 @@ OCStackResult OCSetOtmEventHandler(void *ctx, OCOtmEventHandler cb)
 #endif
     return OC_STACK_OK;
 }
+
+/**
+ * Helper method to add a new ACE to the ACL
+ *
+ * @param subjectuuid of the ACE
+ * @param href resource string
+ * @param rel resource string
+ * @param types string array
+ * @param typeLen string array size
+ * @param interfaces string array
+ * @param interfaceLen string array size
+ * @param permission value
+ *
+ * @return ::OC_STACK_OK for Success, otherwise some error value.
+ */
+OCStackResult AddACEToACL(const OicUuid_t *subjectuuid, const char *href, const char *rel,
+                          const char **types, size_t typeLen,
+                          const char **interfaces, size_t interfaceLen,
+                          uint16_t permission)
+{
+    return AddACE(subjectuuid, href, rel, types, typeLen,
+                  interfaces, interfaceLen, permission);
+}
index 4e50ac7..b66a300 100644 (file)
@@ -25,7 +25,6 @@ namespace OC
 {
     static const char COAP[] = "coap://";
     static const char COAPS[] = "coaps://";
-    static const int UUID_LENGTH = (128/8); //UUID length
 
     OCDirectPairing::OCDirectPairing(OCDPDev_t *ptr):m_devPtr(ptr)
     {