From 841c433b9e28239bd8e29e46f23d1269514f619e Mon Sep 17 00:00:00 2001 From: Dan Mihai Date: Mon, 23 Jan 2017 17:42:16 -0800 Subject: [PATCH] Change default settings to allow Ownership Transfer If a Device did not provide a CBOR file that includes appropriate ACLs, generate a CBOR file that allows Ownership Transfer, using the Random PIN method. The default read-only ACE for /oic/sec/acl has been removed, because it is not required by provisioningclient. There are new ACEs allowing read+write by default for /oic/sec/doxm, /oic/sec/pstat and /oic/sec/cred. Those are required by the current Onboarding design. Change-Id: I52a80bfc7f0a84ef19888d78eea9223fbf09241c Signed-off-by: Dan Mihai Reviewed-on: https://gerrit.iotivity.org/gerrit/13569 Tested-by: jenkins-iotivity Reviewed-by: Greg Zaverucha Reviewed-by: Kevin Kane --- resource/csdk/security/src/aclresource.c | 90 ++++++++++++++-------- resource/csdk/security/src/amsmgr.c | 2 +- resource/csdk/security/src/doxmresource.c | 6 +- resource/csdk/security/src/policyengine.c | 3 +- resource/csdk/security/src/pstatresource.c | 6 +- .../csdk/security/unittest/aclresourcetest.cpp | 2 +- .../security/unittest/oic_unittest_default_acl.dat | 2 +- .../unittest/oic_unittest_default_acl.json | 14 +++- 8 files changed, 80 insertions(+), 45 deletions(-) diff --git a/resource/csdk/security/src/aclresource.c b/resource/csdk/security/src/aclresource.c index 91b22e3..7d3ac32 100644 --- a/resource/csdk/security/src/aclresource.c +++ b/resource/csdk/security/src/aclresource.c @@ -2126,7 +2126,8 @@ OCStackResult GetDefaultACL(OicSecAcl_t** defaultAcl) OCStackResult ret = OC_STACK_ERROR; OicUuid_t ownerId = { .id = { 0 } }; OicSecAcl_t *acl = NULL; - OicSecAce_t *ace = NULL; + OicSecAce_t *readOnlyAce = NULL; + OicSecAce_t *readWriteAce = NULL; OicSecRsrc_t* resRsrc = NULL; OicSecRsrc_t* deviceRsrc = NULL; OicSecRsrc_t* platformRsrc = NULL; @@ -2149,19 +2150,18 @@ OCStackResult GetDefaultACL(OicSecAcl_t** defaultAcl) acl = (OicSecAcl_t *) OICCalloc(1, sizeof(OicSecAcl_t)); VERIFY_NON_NULL(TAG, acl, ERROR); - ace = (OicSecAce_t *) OICCalloc(1, sizeof(OicSecAce_t)); - VERIFY_NON_NULL(TAG, ace, ERROR); - - LL_APPEND(acl->aces, ace); + // Default ACE allowing read-only access, for discovery + readOnlyAce = (OicSecAce_t *) OICCalloc(1, sizeof(OicSecAce_t)); + VERIFY_NON_NULL(TAG, readOnlyAce, ERROR); // Subject -- Mandatory - memcpy(ace->subjectuuid.id, &WILDCARD_SUBJECT_ID, sizeof(OicUuid_t)); + memcpy(readOnlyAce->subjectuuid.id, &WILDCARD_SUBJECT_ID, sizeof(OicUuid_t)); // Resources -- Mandatory // /oic/res resRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t)); VERIFY_NON_NULL(TAG, resRsrc, ERROR); - LL_APPEND(ace->resources, resRsrc); + LL_APPEND(readOnlyAce->resources, resRsrc); resRsrc->href = OICStrdup(OC_RSRVD_WELL_KNOWN_URI); VERIFY_NON_NULL(TAG, (resRsrc->href), ERROR); resRsrc->typeLen = 1; @@ -2180,7 +2180,7 @@ OCStackResult GetDefaultACL(OicSecAcl_t** defaultAcl) // /oic/d deviceRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t)); VERIFY_NON_NULL(TAG, deviceRsrc, ERROR); - LL_APPEND(ace->resources, deviceRsrc); + LL_APPEND(readOnlyAce->resources, deviceRsrc); deviceRsrc->href = OICStrdup(OC_RSRVD_DEVICE_URI); VERIFY_NON_NULL(TAG, (deviceRsrc->href), ERROR); deviceRsrc->typeLen = 1; @@ -2199,7 +2199,7 @@ OCStackResult GetDefaultACL(OicSecAcl_t** defaultAcl) // /oic/p platformRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t)); VERIFY_NON_NULL(TAG, platformRsrc, ERROR); - LL_APPEND(ace->resources, platformRsrc); + LL_APPEND(readOnlyAce->resources, platformRsrc); platformRsrc->href = OICStrdup(OC_RSRVD_PLATFORM_URI); VERIFY_NON_NULL(TAG, (platformRsrc->href), ERROR); platformRsrc->typeLen = 1; @@ -2215,27 +2215,25 @@ OCStackResult GetDefaultACL(OicSecAcl_t** defaultAcl) platformRsrc->interfaces[1] = OICStrdup(OC_RSRVD_INTERFACE_READ); VERIFY_NON_NULL(TAG, platformRsrc->interfaces[1], ERROR); - // /oic/sec/acl - aclRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t)); - VERIFY_NON_NULL(TAG, aclRsrc, ERROR); - LL_APPEND(ace->resources, aclRsrc); - aclRsrc->href = OICStrdup(OIC_RSRC_ACL_URI); - VERIFY_NON_NULL(TAG, (aclRsrc->href), ERROR); - aclRsrc->typeLen = 1; - aclRsrc->types = (char**)OICCalloc(1, sizeof(char*)); - VERIFY_NON_NULL(TAG, aclRsrc->types, ERROR); - aclRsrc->types[0] = OICStrdup(OIC_RSRC_TYPE_SEC_ACL); - VERIFY_NON_NULL(TAG, aclRsrc->types[0], ERROR); - aclRsrc->interfaceLen = 1; - aclRsrc->interfaces = (char**)OICCalloc(aclRsrc->interfaceLen, sizeof(char*)); - VERIFY_NON_NULL(TAG, aclRsrc->interfaces, ERROR); - aclRsrc->interfaces[0] = OICStrdup(OC_RSRVD_INTERFACE_DEFAULT); - VERIFY_NON_NULL(TAG, aclRsrc->interfaces[0], ERROR); + readOnlyAce->permission = PERMISSION_READ; + readOnlyAce->validities = NULL; + LL_APPEND(acl->aces, readOnlyAce); + + // The entire list of ACEs will be freed later, by DeleteACLList. + readOnlyAce = NULL; + + // Default ACE allowing read + write access, for ownership transfer + readWriteAce = (OicSecAce_t *) OICCalloc(1, sizeof(OicSecAce_t)); + VERIFY_NON_NULL(TAG, readWriteAce, ERROR); + // Subject -- Mandatory + memcpy(readWriteAce->subjectuuid.id, &WILDCARD_SUBJECT_ID, sizeof(OicUuid_t)); + + // Resources -- Mandatory // /oic/sec/doxm doxmRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t)); VERIFY_NON_NULL(TAG, doxmRsrc, ERROR); - LL_APPEND(ace->resources, doxmRsrc); + LL_APPEND(readWriteAce->resources, doxmRsrc); doxmRsrc->href = OICStrdup(OIC_RSRC_DOXM_URI); VERIFY_NON_NULL(TAG, (doxmRsrc->href), ERROR); doxmRsrc->typeLen = 1; @@ -2252,7 +2250,7 @@ OCStackResult GetDefaultACL(OicSecAcl_t** defaultAcl) // /oic/sec/pstat pstatRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t)); VERIFY_NON_NULL(TAG, pstatRsrc, ERROR); - LL_APPEND(ace->resources, pstatRsrc); + LL_APPEND(readWriteAce->resources, pstatRsrc); pstatRsrc->href = OICStrdup(OIC_RSRC_PSTAT_URI); VERIFY_NON_NULL(TAG, (pstatRsrc->href), ERROR); pstatRsrc->typeLen = 1; @@ -2266,8 +2264,31 @@ OCStackResult GetDefaultACL(OicSecAcl_t** defaultAcl) pstatRsrc->interfaces[0] = OICStrdup(OC_RSRVD_INTERFACE_DEFAULT); VERIFY_NON_NULL(TAG, pstatRsrc->interfaces[0], ERROR); - ace->permission = PERMISSION_READ; - ace->validities = NULL; + // /oic/sec/cred + resRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t)); + VERIFY_NON_NULL(TAG, resRsrc, ERROR); + LL_APPEND(readWriteAce->resources, resRsrc); + resRsrc->href = OICStrdup(OIC_RSRC_CRED_URI); + VERIFY_NON_NULL(TAG, (resRsrc->href), ERROR); + resRsrc->typeLen = 1; + resRsrc->types = (char**)OICCalloc(1, sizeof(char*)); + VERIFY_NON_NULL(TAG, resRsrc->types, ERROR); + resRsrc->types[0] = OICStrdup(OIC_RSRC_TYPE_SEC_CRED); + VERIFY_NON_NULL(TAG, resRsrc->types[0], ERROR); + resRsrc->interfaceLen = 2; + resRsrc->interfaces = (char**)OICCalloc(resRsrc->interfaceLen, sizeof(char*)); + VERIFY_NON_NULL(TAG, resRsrc->interfaces, ERROR); + resRsrc->interfaces[0] = OICStrdup(OC_RSRVD_INTERFACE_DEFAULT); + VERIFY_NON_NULL(TAG, resRsrc->interfaces[0], ERROR); + resRsrc->interfaces[1] = OICStrdup(OC_RSRVD_INTERFACE_READ); + VERIFY_NON_NULL(TAG, resRsrc->interfaces[1], ERROR); + + readWriteAce->permission = PERMISSION_READ | PERMISSION_WRITE; + readWriteAce->validities = NULL; + LL_APPEND(acl->aces, readWriteAce); + + // The entire list of ACEs will be freed later, by DeleteACLList. + readWriteAce = NULL; // Device ID is the owner of this default ACL if (GetDoxmResourceData() != NULL) @@ -2289,8 +2310,17 @@ exit: if (ret != OC_STACK_OK) { + if (readOnlyAce != NULL) + { + FreeACE(readOnlyAce); + } + + if (readWriteAce != NULL) + { + FreeACE(readWriteAce); + } + DeleteACLList(acl); - acl = NULL; } return ret; diff --git a/resource/csdk/security/src/amsmgr.c b/resource/csdk/security/src/amsmgr.c index 775722f..c6b21b8 100644 --- a/resource/csdk/security/src/amsmgr.c +++ b/resource/csdk/security/src/amsmgr.c @@ -383,7 +383,7 @@ bool FoundAmaclForRequest(PEContext_t *context) } else { - OIC_LOG_V(INFO, TAG, "%s:AMACL found for the requested resource %s", + OIC_LOG_V(INFO, TAG, "%s:AMACL not found for the requested resource %s", __func__, context->resource); ret = false; } diff --git a/resource/csdk/security/src/doxmresource.c b/resource/csdk/security/src/doxmresource.c index bccf5c7..0844aaa 100644 --- a/resource/csdk/security/src/doxmresource.c +++ b/resource/csdk/security/src/doxmresource.c @@ -70,14 +70,14 @@ static const uint16_t CBOR_MAX_SIZE = 4400; static OicSecDoxm_t *gDoxm = NULL; static OCResourceHandle gDoxmHandle = NULL; -static OicSecOxm_t gOicSecDoxmJustWorks = OIC_JUST_WORKS; +static OicSecOxm_t gDoxmDefaultOxm = OIC_RANDOM_DEVICE_PIN; static OicSecDoxm_t gDefaultDoxm = { NULL, /* OicUrn_t *oxmType */ 0, /* size_t oxmTypeLen */ - &gOicSecDoxmJustWorks, /* uint16_t *oxm */ + &gDoxmDefaultOxm, /* uint16_t *oxm */ 1, /* size_t oxmLen */ - OIC_JUST_WORKS, /* uint16_t oxmSel */ + OIC_RANDOM_DEVICE_PIN, /* uint16_t oxmSel */ SYMMETRIC_PAIR_WISE_KEY,/* OicSecCredType_t sct */ false, /* bool owned */ {.id = {0}}, /* OicUuid_t deviceID */ diff --git a/resource/csdk/security/src/policyengine.c b/resource/csdk/security/src/policyengine.c index f0ba036..779688c 100644 --- a/resource/csdk/security/src/policyengine.c +++ b/resource/csdk/security/src/policyengine.c @@ -485,12 +485,13 @@ static bool IsAccessWithinValidTime(const OicSecAce_t *ace) */ static void ProcessAccessRequest(PEContext_t *context) { - OIC_LOG(DEBUG, TAG, "Entering ProcessAccessRequest()"); if (NULL != context) { const OicSecAce_t *currentAce = NULL; OicSecAce_t *savePtr = NULL; + OIC_LOG_V(DEBUG, TAG, "Entering ProcessAccessRequest(%s)", context->resource); + // Start out assuming subject not found. context->retVal = ACCESS_DENIED_SUBJECT_NOT_FOUND; diff --git a/resource/csdk/security/src/pstatresource.c b/resource/csdk/security/src/pstatresource.c index ef5bd5f..dee9fd8 100644 --- a/resource/csdk/security/src/pstatresource.c +++ b/resource/csdk/security/src/pstatresource.c @@ -52,10 +52,8 @@ static OicSecDpom_t gSm = SINGLE_SERVICE_CLIENT_DRIVEN; static OicSecPstat_t gDefaultPstat = { false, // bool isop - (OicSecDpm_t)(BOOTSTRAP_SERVICE | SECURITY_MANAGEMENT_SERVICES | - PROVISION_CREDENTIALS | PROVISION_ACLS), // OicSecDpm_t cm - (OicSecDpm_t)(TAKE_OWNER | BOOTSTRAP_SERVICE | SECURITY_MANAGEMENT_SERVICES | - PROVISION_CREDENTIALS | PROVISION_ACLS), // OicSecDpm_t tm + TAKE_OWNER, // OicSecDpm_t cm + NORMAL, // OicSecDpm_t tm {.id = {0}}, // OicUuid_t deviceID SINGLE_SERVICE_CLIENT_DRIVEN, // OicSecDpom_t om */ 1, // the number of elts in Sms diff --git a/resource/csdk/security/unittest/aclresourcetest.cpp b/resource/csdk/security/unittest/aclresourcetest.cpp index c20e297..3657ee5 100644 --- a/resource/csdk/security/unittest/aclresourcetest.cpp +++ b/resource/csdk/security/unittest/aclresourcetest.cpp @@ -48,7 +48,7 @@ using namespace std; const char* DEFAULT_ACL_FILE_NAME = "oic_unittest_default_acl.dat"; const char* ACL1_FILE_NAME = "oic_unittest_acl1.dat"; -#define NUM_ACE_FOR_WILDCARD_IN_ACL1_DAT (1) +#define NUM_ACE_FOR_WILDCARD_IN_ACL1_DAT (2) static bool AddResourceToACE(OicSecAce_t* ace, const char* rsrcName, const char* typeName, const char* interfaceName) diff --git a/resource/csdk/security/unittest/oic_unittest_default_acl.dat b/resource/csdk/security/unittest/oic_unittest_default_acl.dat index 064d997..b318f65 100644 --- a/resource/csdk/security/unittest/oic_unittest_default_acl.dat +++ b/resource/csdk/security/unittest/oic_unittest_default_acl.dat @@ -1 +1 @@ -¿caclYâfaclist¡daces£ksubjectuuida*iresources†¤dhrefh/oic/resbrtjoic.wk.resbifioic.if.llcrel`¤dhreff/oic/dbrthoic.wk.dbif‚ooic.if.baselinehoic.if.rcrel`¤dhreff/oic/pbrthoic.wk.pbif‚ooic.if.baselinehoic.if.rcrel`¤dhrefm/oic/sec/doxmbrtjoic.r.doxmbifooic.if.baselinecrel`¤dhrefn/oic/sec/pstatbrtkoic.r.pstatbifooic.if.baselinecrel`¤dhrefl/oic/sec/aclbrtioic.r.aclbifooic.if.baselinecrel`jpermissionjrowneruuidx$32323232-3232-3232-3232-323232323232ÿ \ No newline at end of file +¿caclY+¤faclist¡daces‚£ksubjectuuida*iresourcesƒ¤dhrefh/oic/resbrtjoic.wk.resbifioic.if.llcreleÍýýýý¤dhreff/oic/dbrthoic.wk.dbif‚ooic.if.baselinehoic.if.rcreleÍýýýý¤dhreff/oic/pbrthoic.wk.pbif‚ooic.if.baselinehoic.if.rcreleÍýýýýjpermission£ksubjectuuida*iresourcesƒ¤dhrefm/oic/sec/doxmbrtjoic.r.doxmbifooic.if.baselinecreleÍýýýý¤dhrefn/oic/sec/pstatbrtkoic.r.pstatbifooic.if.baselinecreleÍýýýý¤dhrefm/oic/sec/credbrtjoic.r.credbifooic.if.baselinecreleÍýýýýjpermissionjrowneruuidx$32323232-3232-3232-3232-323232323232brtioic.r.aclbifooic.if.baselineÿ \ No newline at end of file diff --git a/resource/csdk/security/unittest/oic_unittest_default_acl.json b/resource/csdk/security/unittest/oic_unittest_default_acl.json index df8739a..e182e82 100644 --- a/resource/csdk/security/unittest/oic_unittest_default_acl.json +++ b/resource/csdk/security/unittest/oic_unittest_default_acl.json @@ -22,7 +22,13 @@ "rel": "", "rt": ["oic.wk.p"], "if": ["oic.if.baseline", "oic.if.r"] - }, + } + ], + "permission": 2 + }, + { + "subjectuuid": "*", + "resources": [ { "href": "/oic/sec/doxm", "rel": "", @@ -36,13 +42,13 @@ "if": ["oic.if.baseline"] }, { - "href": "/oic/sec/acl", + "href": "/oic/sec/cred", "rel": "", - "rt": ["oic.r.acl"], + "rt": ["oic.r.cred"], "if": ["oic.if.baseline"] } ], - "permission": 2 + "permission": 6 } ] }, -- 2.7.4