From 292d48e0ade7d9291e7f962e7df9b6fe401971f8 Mon Sep 17 00:00:00 2001 From: Andrii Shtompel Date: Tue, 4 Jul 2017 15:21:38 +0300 Subject: [PATCH] Use 1+ aceid values + properly duplicate them Change-Id: I144f989c15b0b04e17815e241fbf108397bc86cd Signed-off-by: Andrii Shtompel Reviewed-on: https://gerrit.iotivity.org/gerrit/21229 Tested-by: jenkins-iotivity Reviewed-by: Jongmin Choi Reviewed-by: Oleksii Beketov Reviewed-by: Aleksey Volkov Reviewed-by: Randeep Singh --- resource/csdk/security/src/aclresource.c | 28 ++++++++++++++++++++++++---- 1 file changed, 24 insertions(+), 4 deletions(-) diff --git a/resource/csdk/security/src/aclresource.c b/resource/csdk/security/src/aclresource.c index 1abfb04..bdb88ce 100644 --- a/resource/csdk/security/src/aclresource.c +++ b/resource/csdk/security/src/aclresource.c @@ -70,6 +70,22 @@ static OicSecAcl_t *gAcl = NULL; static OCResourceHandle gAclHandle = NULL; static OCResourceHandle gAcl2Handle = NULL; +/** + * List of known ace ids + */ +enum +{ + ACE_ID1 = 1, + ACE_ID2, + ACE_ID3, + ACE_ID4, + ACE_ID5, + ACE_ID_FIRST_FREE +}; + +//global aceid counter to assign unique ace id to new/duplicated aces +static uint16_t ACE_ID_COUNTER = ACE_ID_FIRST_FREE; + void FreeRsrc(OicSecRsrc_t *rsrc) { //Clean each member of resource @@ -172,6 +188,8 @@ OicSecAce_t* DuplicateACE(const OicSecAce_t* ace) newAce = (OicSecAce_t*)OICCalloc(1, sizeof(OicSecAce_t)); VERIFY_NOT_NULL(TAG, newAce, ERROR); + newAce->aceid = ACE_ID_COUNTER++; + //Subject newAce->subjectType = ace->subjectType; switch (newAce->subjectType) @@ -2974,7 +2992,7 @@ OCStackResult GetDefaultACL(OicSecAcl_t** defaultAcl) // ACE allowing read-only access to /res, /d and /p by "ANON_CLEAR" subjects readOnlyAceAnon = (OicSecAce_t *) OICCalloc(1, sizeof(OicSecAce_t)); VERIFY_NOT_NULL(TAG, readOnlyAceAnon, ERROR); - readOnlyAceAnon->aceid = 1; + readOnlyAceAnon->aceid = ACE_ID1; readOnlyAceAnon->permission = PERMISSION_READ; readOnlyAceAnon->validities = NULL; LL_APPEND(acl->aces, readOnlyAceAnon); @@ -3008,7 +3026,7 @@ OCStackResult GetDefaultACL(OicSecAcl_t** defaultAcl) // ACE allowing read-only access to /res, /d and /p by "AUTH_CRYPT" subjects readOnlyAceAuth = (OicSecAce_t *) OICCalloc(1, sizeof(OicSecAce_t)); VERIFY_NOT_NULL(TAG, readOnlyAceAuth, ERROR); - readOnlyAceAuth->aceid = 2; + readOnlyAceAuth->aceid = ACE_ID2; readOnlyAceAuth->permission = PERMISSION_READ; readOnlyAceAuth->validities = NULL; LL_APPEND(acl->aces, readOnlyAceAuth); @@ -3043,7 +3061,7 @@ OCStackResult GetDefaultACL(OicSecAcl_t** defaultAcl) // to "ANON_CLEAR" (e.g. CoAP) subjects, for ownership transfer readWriteDeleteAceAnon = (OicSecAce_t *) OICCalloc(1, sizeof(OicSecAce_t)); VERIFY_NOT_NULL(TAG, readWriteDeleteAceAnon, ERROR); - readWriteDeleteAceAnon->aceid = 3; + readWriteDeleteAceAnon->aceid = ACE_ID3; readWriteDeleteAceAnon->permission = PERMISSION_READ | PERMISSION_WRITE | PERMISSION_DELETE; readWriteDeleteAceAnon->validities = NULL; LL_APPEND(acl->aces, readWriteDeleteAceAnon); @@ -3064,7 +3082,7 @@ OCStackResult GetDefaultACL(OicSecAcl_t** defaultAcl) // to "AUTH_CRYPT" (e.g. CoAPS) subjects, for ownership transfer readWriteDeleteAceAuth = (OicSecAce_t *) OICCalloc(1, sizeof(OicSecAce_t)); VERIFY_NOT_NULL(TAG, readWriteDeleteAceAuth, ERROR); - readWriteDeleteAceAuth->aceid = 4; + readWriteDeleteAceAuth->aceid = ACE_ID4; readWriteDeleteAceAuth->permission = PERMISSION_READ | PERMISSION_WRITE | PERMISSION_DELETE; readWriteDeleteAceAuth->validities = NULL; LL_APPEND(acl->aces, readWriteDeleteAceAuth); @@ -3502,6 +3520,8 @@ static OicSecAce_t* GetSecDefaultACE() OicSecAce_t* newAce = (OicSecAce_t*)OICCalloc(1, sizeof(OicSecAce_t)); VERIFY_NOT_NULL(TAG, newAce, ERROR); + newAce->aceid = ACE_ID5; + // Subject -- Mandatory newAce->subjectType = OicSecAceUuidSubject; memcpy(&newAce->subjectuuid, &WILDCARD_SUBJECT_ID, WILDCARD_SUBJECT_ID_LEN); -- 2.7.4