From 7e3e9a35fe6f4dee545144499b2655979879cbd4 Mon Sep 17 00:00:00 2001 From: Iurii Metelytsia Date: Tue, 26 Nov 2019 17:13:42 +0200 Subject: New API for self ACL updating https://github.sec.samsung.net/RS7-IOTIVITY/IoTivity/commit/441765ad4ae9d09a2ff34023031e6e4f42edf917 (cherry-picked from 441765ad4ae9d09a2ff34023031e6e4f42edf917) Change-Id: Ic9747cb71f669895ced90e442bcce1f090389e1c Signed-off-by: Sudipto --- .../csdk/security/include/internal/aclresource.h | 19 +++ .../security/include/securevirtualresourcetypes.h | 15 +- resource/csdk/security/src/aclresource.c | 157 +++++++++++++++++---- resource/csdk/stack/include/ocstack.h | 19 +++ resource/csdk/stack/include/octypes.h | 9 ++ resource/csdk/stack/src/ocstack.c | 24 ++++ resource/src/OCDirectPairing.cpp | 1 - 7 files changed, 205 insertions(+), 39 deletions(-) diff --git a/resource/csdk/security/include/internal/aclresource.h b/resource/csdk/security/include/internal/aclresource.h index 42c75a937..3ba5770a5 100644 --- a/resource/csdk/security/include/internal/aclresource.h +++ b/resource/csdk/security/include/internal/aclresource.h @@ -191,6 +191,25 @@ void printACL(const OicSecAcl_t* acl); */ OCStackResult CheckSecurityACEPermission(uint16_t permission); +/** + * This method add new ACE to ACL + * + * @param subject of the ACE + * @param href resource string + * @param rel resource string + * @param types string array + * @param typeLen string array size + * @param interfaces string array + * @param interfaceLen string array size + * @param permission value + * + * @return ::OC_STACK_OK for Success, otherwise some error value. + */ +OCStackResult AddACE(const OicUuid_t *subject, const char *href, const char *rel, + const char **types, size_t typeLen, + const char **interfaces, size_t interfaceLen, + uint16_t permission); + #ifdef __cplusplus } #endif diff --git a/resource/csdk/security/include/securevirtualresourcetypes.h b/resource/csdk/security/include/securevirtualresourcetypes.h index e6a2f7fa3..538faf0d0 100644 --- a/resource/csdk/security/include/securevirtualresourcetypes.h +++ b/resource/csdk/security/include/securevirtualresourcetypes.h @@ -49,6 +49,8 @@ #include "byte_array.h" #endif /* __WITH_DTLS__ or __WITH_TLS__*/ +#include "octypes.h" + #ifdef __cplusplus extern "C" { #endif @@ -318,8 +320,6 @@ typedef struct OicSecSacl OicSecSacl_t; typedef char *OicUrn_t; //TODO is URN type defined elsewhere? -typedef struct OicUuid OicUuid_t; //TODO is UUID type defined elsewhere? - #ifdef MULTIPLE_OWNER typedef struct OicSecSubOwner OicSecSubOwner_t; typedef struct OicSecMom OicSecMom_t; @@ -333,22 +333,11 @@ typedef ByteArray_t OicSecCert_t; typedef void OicSecCert_t; #endif /* __WITH_DTLS__ or __WITH_TLS__*/ -/** - * /oic/uuid (Universal Unique Identifier) data type. - */ -#define UUID_LENGTH 128/8 // 128-bit GUID length //TODO: Confirm the length and type of ROLEID. #define ROLEID_LENGTH 128/8 // 128-bit ROLEID length #define OWNER_PSK_LENGTH_128 128/8 //byte size of 128-bit key size #define OWNER_PSK_LENGTH_256 256/8 //byte size of 256-bit key size -struct OicUuid -{ - // :::: - //TODO fill in unless this is defined elsewhere? - uint8_t id[UUID_LENGTH]; -}; - /** * /oic/sec/jwk (JSON Web Key) data type. * See JSON Web Key (JWK) draft-ietf-jose-json-web-key-41 diff --git a/resource/csdk/security/src/aclresource.c b/resource/csdk/security/src/aclresource.c index b1a3bc8d4..34b2ed251 100644 --- a/resource/csdk/security/src/aclresource.c +++ b/resource/csdk/security/src/aclresource.c @@ -1149,20 +1149,21 @@ OicSecAcl_t* CBORPayloadToAcl(const uint8_t *cborPayload, const size_t size) VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding RT array length."); } - VERIFY_SUCCESS(TAG, (0 != rsrc->typeLen), ERROR); - - rsrc->types = (char**)OICCalloc(rsrc->typeLen, sizeof(char*)); - VERIFY_NON_NULL(TAG, rsrc->types, ERROR); + if (0 != rsrc->typeLen) + { + rsrc->types = (char**)OICCalloc(rsrc->typeLen, sizeof(char*)); + VERIFY_NON_NULL(TAG, rsrc->types, ERROR); - cborFindResult = cbor_value_enter_container(&rMap, &resourceTypes); - VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering RT Array."); + cborFindResult = cbor_value_enter_container(&rMap, &resourceTypes); + VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering RT Array."); - for(size_t i = 0; cbor_value_is_valid(&resourceTypes) && cbor_value_is_text_string(&resourceTypes); i++) - { - cborFindResult = cbor_value_dup_text_string(&resourceTypes, &(rsrc->types[i]), &readLen, NULL); - VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding resource type."); - cborFindResult = cbor_value_advance(&resourceTypes); - VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing resource type."); + for(size_t i = 0; cbor_value_is_valid(&resourceTypes) && cbor_value_is_text_string(&resourceTypes); i++) + { + cborFindResult = cbor_value_dup_text_string(&resourceTypes, &(rsrc->types[i]), &readLen, NULL); + VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding resource type."); + cborFindResult = cbor_value_advance(&resourceTypes); + VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing resource type."); + } } } @@ -1191,20 +1192,21 @@ OicSecAcl_t* CBORPayloadToAcl(const uint8_t *cborPayload, const size_t size) VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding IF array length."); } - VERIFY_SUCCESS(TAG, (0 != rsrc->interfaceLen), ERROR); - - rsrc->interfaces = (char**)OICCalloc(rsrc->interfaceLen, sizeof(char*)); - VERIFY_NON_NULL(TAG, rsrc->interfaces, ERROR); + if (0 != rsrc->interfaceLen) + { + rsrc->interfaces = (char**)OICCalloc(rsrc->interfaceLen, sizeof(char*)); + VERIFY_NON_NULL(TAG, rsrc->interfaces, ERROR); - cborFindResult = cbor_value_enter_container(&rMap, &interfaces); - VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering IF Array."); + cborFindResult = cbor_value_enter_container(&rMap, &interfaces); + VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering IF Array."); - for(size_t i = 0; cbor_value_is_valid(&interfaces) && cbor_value_is_text_string(&interfaces); i++) - { - cborFindResult = cbor_value_dup_text_string(&interfaces, &(rsrc->interfaces[i]), &readLen, NULL); - VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding IF type."); - cborFindResult = cbor_value_advance(&interfaces); - VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing IF type."); + for(size_t i = 0; cbor_value_is_valid(&interfaces) && cbor_value_is_text_string(&interfaces); i++) + { + cborFindResult = cbor_value_dup_text_string(&interfaces, &(rsrc->interfaces[i]), &readLen, NULL); + VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding IF type."); + cborFindResult = cbor_value_advance(&interfaces); + VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing IF type."); + } } } @@ -2515,7 +2517,7 @@ void printACL(const OicSecAcl_t* acl) for (size_t i = 0; i < res->typeLen; i++) { - OIC_LOG_V(INFO, TAG, "if[%zu] = %s", i, res->types[i]); + OIC_LOG_V(INFO, TAG, "rt[%zu] = %s", i, res->types[i]); } for (size_t i = 0; i < res->interfaceLen; i++) { @@ -2537,6 +2539,8 @@ void printACL(const OicSecAcl_t* acl) { OIC_LOG_V(INFO, TAG, "recurrences[%zu] = %s", i, vals->recurrences[i]); } + + vals = vals->next; } ace = ace->next; @@ -2943,3 +2947,106 @@ OCStackResult CheckSecurityACEPermission(uint16_t permission) OIC_LOG_V(DEBUG, TAG, "OUT: %s", __func__); return ret; } + +/** + * This method add new ACE to ACL + * + * @param subject of the ACE + * @param href resource string + * @param rel resource string + * @param types string array + * @param typeLen string array size + * @param interfaces string array + * @param interfaceLen string array size + * @param permission value + * + * @return ::OC_STACK_OK for Success, otherwise some error value. + */ +OCStackResult AddACE(const OicUuid_t *subject, const char *href, const char *rel, + const char **types, size_t typeLen, + const char **interfaces, size_t interfaceLen, + uint16_t permission) +{ + OCStackResult ret = OC_EH_ERROR; + + OIC_LOG_V(DEBUG, TAG, "IN: %s", __func__); + + if (!gAcl) + { + OIC_LOG_V(ERROR, TAG, "%s: gAcl is NULL", __func__); + return OC_STACK_INVALID_PARAM; + } + + if (!subject) + { + OIC_LOG_V(ERROR, TAG, "%s: Invalid Parameter", __func__); + return OC_STACK_INVALID_PARAM; + } + + OicSecAce_t newAce; + OicSecRsrc_t resources; + memcpy(&newAce.subjectuuid, subject, sizeof(OicUuid_t)); + resources.href = href; + resources.rel = rel; + resources.types = types; + resources.typeLen = typeLen; + resources.interfaces = interfaces; + resources.interfaceLen = interfaceLen; + resources.next = NULL; + newAce.resources = &resources; + newAce.permission = permission; + newAce.validities = NULL; +#ifdef MULTIPLE_OWNER + newAce.eownerID = NULL; +#endif + newAce.next = NULL; + + //Check existing ACE's + OicSecAce_t *existAce = NULL; + OicSecAce_t *tempAce = NULL; + LL_FOREACH_SAFE(gAcl->aces, existAce, tempAce) + { + if (IsSameACE(&newAce, existAce)) + { + OIC_LOG(DEBUG, TAG, "Duplicated ACE dectected."); + return OC_STACK_DUPLICATE_REQUEST; + } + } + + // Add new ACE to ACL + OIC_LOG(DEBUG, TAG, "NEW ACE dectected."); + OicSecAce_t *insertAce = DuplicateACE(&newAce); + if (insertAce) + { + OIC_LOG(DEBUG, TAG, "Appending new ACE.."); + LL_APPEND(gAcl->aces, insertAce); + + // Update persistant storage + uint8_t *payload = NULL; + size_t size = 0; + if (OC_STACK_OK == AclToCBORPayload(gAcl, &payload, &size)) + { + if (OC_STACK_OK == UpdateSecureResourceInPS(OIC_JSON_ACL_NAME, payload, size)) + { + ret = OC_STACK_OK; + } + else + { + OIC_LOG(ERROR, TAG, "UpdateSecureResourceInPS failed"); + } + OICFree(payload); + } + else + { + OIC_LOG(ERROR, TAG, "AclToCBORPayload failed"); + } + } + else + { + OIC_LOG(ERROR, TAG, "Failed to duplicate ACE."); + } + + OIC_LOG_V(DEBUG, TAG, "OUT: %s", __func__); + + return ret; +} diff --git a/resource/csdk/stack/include/ocstack.h b/resource/csdk/stack/include/ocstack.h index 0ebe590b1..b6a3c2588 100755 --- a/resource/csdk/stack/include/ocstack.h +++ b/resource/csdk/stack/include/ocstack.h @@ -926,6 +926,25 @@ OCStackResult OCSetOtmEventHandler(void *ctx, OCOtmEventHandler cb); OCStackResult OCGetDeviceOperationalState(bool* isOp); +/** + * Helper method to add a new ACE to the ACL + * + * @param subjectuuid of the ACE + * @param href resource string + * @param rel resource string + * @param types string array + * @param typeLen string array size + * @param interfaces string array + * @param interfaceLen string array size + * @param permission value + * + * @return ::OC_STACK_OK for Success, otherwise some error value. + */ +OCStackResult AddACEToACL(const OicUuid_t *subjectuuid, const char *href, const char *rel, + const char **types, size_t typeLen, + const char **interfaces, size_t interfaceLen, + uint16_t permission); + #ifdef __cplusplus } #endif // __cplusplus diff --git a/resource/csdk/stack/include/octypes.h b/resource/csdk/stack/include/octypes.h index 128470cf6..827b4c0fb 100644 --- a/resource/csdk/stack/include/octypes.h +++ b/resource/csdk/stack/include/octypes.h @@ -1787,6 +1787,15 @@ typedef struct resetSVRDBCB ResetSVRDBCB callback; } resetSVRDBCB_t; +/** + * Universal Unique Identifier data type. + */ +#define UUID_LENGTH (128/8) // 128-bit GUID length +typedef struct OicUuid +{ + uint8_t id[UUID_LENGTH]; +} OicUuid_t; + #ifdef __cplusplus } #endif // __cplusplus diff --git a/resource/csdk/stack/src/ocstack.c b/resource/csdk/stack/src/ocstack.c index 4c799b1bc..ccbdc9bac 100644 --- a/resource/csdk/stack/src/ocstack.c +++ b/resource/csdk/stack/src/ocstack.c @@ -65,6 +65,7 @@ #include "oicgroup.h" #include "pstatresource.h" #include "srmutility.h" +#include "aclresource.h" #if defined (ROUTING_GATEWAY) || defined (ROUTING_EP) #include "routingutility.h" @@ -5813,3 +5814,26 @@ OCStackResult OCSetOtmEventHandler(void *ctx, OCOtmEventHandler cb) #endif return OC_STACK_OK; } + +/** + * Helper method to add a new ACE to the ACL + * + * @param subjectuuid of the ACE + * @param href resource string + * @param rel resource string + * @param types string array + * @param typeLen string array size + * @param interfaces string array + * @param interfaceLen string array size + * @param permission value + * + * @return ::OC_STACK_OK for Success, otherwise some error value. + */ +OCStackResult AddACEToACL(const OicUuid_t *subjectuuid, const char *href, const char *rel, + const char **types, size_t typeLen, + const char **interfaces, size_t interfaceLen, + uint16_t permission) +{ + return AddACE(subjectuuid, href, rel, types, typeLen, + interfaces, interfaceLen, permission); +} diff --git a/resource/src/OCDirectPairing.cpp b/resource/src/OCDirectPairing.cpp index 4e50ac7c1..b66a30096 100644 --- a/resource/src/OCDirectPairing.cpp +++ b/resource/src/OCDirectPairing.cpp @@ -25,7 +25,6 @@ namespace OC { static const char COAP[] = "coap://"; static const char COAPS[] = "coaps://"; - static const int UUID_LENGTH = (128/8); //UUID length OCDirectPairing::OCDirectPairing(OCDPDev_t *ptr):m_devPtr(ptr) { -- cgit v1.2.3