From 7176f98063cc4b19795d9cd25d51000a62279b74 Mon Sep 17 00:00:00 2001
From: Chul Lee <chuls.lee@samsung.com>
Date: Fri, 14 Oct 2016 14:00:23 +0900
Subject: [PATCH] Update the ACL delete mechanism as determined by OSWG.

After this patch,
If 'subject' not exist in the query string of DELETE request,
All ACE data will be removed.

Change-Id: Ife12c457b2029991168bf048bbfb90278ea4b3a2
Signed-off-by: Chul Lee <chuls.lee@samsung.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/13265
Tested-by: jenkins-iotivity <jenkins-iotivity@opendaylight.org>
Reviewed-by: dongik Lee <dongik.lee@samsung.com>
Reviewed-by: Randeep Singh <randeep.s@samsung.com>
(cherry picked from commit 8d7bb539d4325a857a8297a760348ccc0e1eb081)
Reviewed-on: https://gerrit.iotivity.org/gerrit/13297
---
 resource/csdk/security/src/aclresource.c | 100 +++++++++++++++++++++++++++++--
 1 file changed, 94 insertions(+), 6 deletions(-)

diff --git a/resource/csdk/security/src/aclresource.c b/resource/csdk/security/src/aclresource.c
index 8f8845f..0018be0 100644
--- a/resource/csdk/security/src/aclresource.c
+++ b/resource/csdk/security/src/aclresource.c
@@ -1634,6 +1634,83 @@ static bool IsSameACE(OicSecAce_t* ace1, OicSecAce_t* ace2)
     return false;
 }
 
+/**
+ * Internal function to remove all ACL data on ACL resource and persistent storage
+ *
+ * @retval
+ *     OC_STACK_RESOURCE_DELETED  - no errors
+ *     Otherwise                  - error
+ */
+static OCStackResult RemoveAllAce(void)
+{
+    OCStackResult ret = OC_STACK_ERROR;
+    uint8_t* aclBackup = NULL;
+    size_t backupSize = 0;
+    uint8_t* payload = NULL;
+    size_t size = 0;
+    OicSecAce_t* aceItem = NULL;
+    OicSecAce_t* tempAce = NULL;
+
+    OIC_LOG(INFO, TAG, "IN RemoveAllAce");
+
+    //Backup the current ACL
+    ret = AclToCBORPayload(gAcl, &aclBackup, &backupSize);
+    if(OC_STACK_OK == ret)
+    {
+        // Remove all ACE from ACL
+        LL_FOREACH_SAFE(gAcl->aces, aceItem, tempAce)
+        {
+            LL_DELETE(gAcl->aces, aceItem);
+            FreeACE(aceItem);
+        }
+
+        //Generate empty ACL payload
+        ret = AclToCBORPayload(gAcl, &payload, &size);
+        if (OC_STACK_OK == ret )
+        {
+            //Update the PS.
+            ret = UpdateSecureResourceInPS(OIC_JSON_ACL_NAME, payload, size);
+            if (OC_STACK_OK != ret)
+            {
+                OIC_LOG_V(ERROR, TAG, "Error in UpdateSecureResourceInPS : %d", ret);
+            }
+        }
+
+        if(OC_STACK_OK != ret)
+        {
+            OIC_LOG_V(ERROR, TAG, "Error while DELETE ACE : %d", ret);
+
+            //If some erorr is occured, revert back.
+            OicSecAcl_t* originAcl = CBORPayloadToAcl(aclBackup, backupSize);
+            if( originAcl )
+            {
+                ret = UpdateSecureResourceInPS(OIC_JSON_ACL_NAME, aclBackup, backupSize);
+                if (OC_STACK_OK == ret)
+                {
+                    DeleteACLList(gAcl);
+                    gAcl = originAcl;
+                }
+                else
+                {
+                    OIC_LOG_V(ERROR, TAG, "Error in UpdateSecureResourceInPS : %d", ret);
+                }
+            }
+            else
+            {
+                OIC_LOG(FATAL, TAG, "Error in CBORPayloadToAcl");
+                ret = OC_STACK_ERROR;
+            }
+        }
+    }
+
+    OICFree(aclBackup);
+    OICFree(payload);
+
+    OIC_LOG(INFO, TAG, "OUT RemoveAllAce");
+
+    return (OC_STACK_OK == ret ? OC_STACK_RESOURCE_DELETED : ret);
+}
+
 static OCEntityHandlerResult HandleACLGetRequest(const OCEntityHandlerRequest *ehRequest)
 {
     OIC_LOG(INFO, TAG, "HandleACLGetRequest processing the request");
@@ -1821,14 +1898,25 @@ static OCEntityHandlerResult HandleACLDeleteRequest(const OCEntityHandlerRequest
 
     VERIFY_NON_NULL(TAG, ehRequest->query, ERROR);
 
-    // 'Subject' field is MUST for processing a querystring in REST request.
-    VERIFY_SUCCESS(TAG, true == GetSubjectFromQueryString(ehRequest->query, &subject), ERROR);
-
-    GetResourceFromQueryString(ehRequest->query, resource, sizeof(resource));
+    // If 'Subject' field exist, processing a querystring in REST request.
+    if(GetSubjectFromQueryString(ehRequest->query, &subject))
+    {
+        GetResourceFromQueryString(ehRequest->query, resource, sizeof(resource));
 
-    if (OC_STACK_RESOURCE_DELETED == RemoveACE(&subject, resource))
+        if (OC_STACK_RESOURCE_DELETED == RemoveACE(&subject, resource))
+        {
+            ehRet = OC_EH_RESOURCE_DELETED;
+        }
+    }
+    // If 'subject field not exist, remove all ACL data from ACL resource
+    else
     {
-        ehRet = OC_EH_RESOURCE_DELETED;
+        OIC_LOG(WARNING, TAG, "Can not find the 'subject' in querystring, All ACL list will be removed.");
+
+        if(OC_STACK_RESOURCE_DELETED == RemoveAllAce())
+        {
+            ehRet = OC_EH_RESOURCE_DELETED;
+        }
     }
 
 exit:
-- 
2.7.4