Commit 170dceb6 authored by Nathan Heldt-Sheller's avatar Nathan Heldt-Sheller

[IOT-1958] CR 22 State Specific Property Access for /acl Resource

Implementation of CR 22 feature to deny UPDATE to /acl if any
Property in the POST representation is read-only in the current
/pstat.dos.s state.

Change-Id: I3e0ecca464e94002439f8a8f785d63d503ff1f9f
Signed-off-by: Nathan Heldt-Sheller's avatarNathan Heldt-Sheller <nathan.heldt-sheller@intel.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/19483Reviewed-by: default avatarKevin Kane <kkane@microsoft.com>
Tested-by: default avatarjenkins-iotivity <jenkins@iotivity.org>
parent 19dedcbd
......@@ -43,6 +43,16 @@ typedef enum {
*/
OCStackResult InitPstatResource();
/**
* Load just the default pstat into gPstat, so that other functions
* such as GetDos() can function. Intended for unit testing. Use
* @see InitPstatResource() for regular initialization from persistent
* storage.
*
* @return ::OC_STACK_OK for Success, otherwise ::OC_STACK_ERROR.
*/
OCStackResult InitPstatResourceToDefault();
/**
* Perform cleanup for Pstat resources.
*
......
......@@ -46,6 +46,7 @@
#include "psinterface.h"
#include "ocpayloadcbor.h"
#include "secureresourcemanager.h"
#include "deviceonboardingstate.h"
#include "security_internals.h"
......@@ -2107,11 +2108,22 @@ exit:
static OCEntityHandlerResult HandleACLPostRequest(const OCEntityHandlerRequest *ehRequest)
{
OIC_LOG(INFO, TAG, "HandleACLPostRequest processing the request");
OCEntityHandlerResult ehRet = OC_EH_OK;
OCEntityHandlerResult ehRet = OC_EH_INTERNAL_SERVER_ERROR;
// Convert CBOR into ACL data and update to SVR buffers. This will also validate the ACL data received.
uint8_t *payload = ((OCSecurityPayload *) ehRequest->payload)->securityData;
size_t size = ((OCSecurityPayload *) ehRequest->payload)->payloadSize;
OicSecDostype_t dos;
VERIFY_SUCCESS(TAG, OC_STACK_OK == GetDos(&dos), ERROR);
if ((DOS_RESET == dos.state) ||
(DOS_RFNOP == dos.state))
{
OIC_LOG_V(WARNING, TAG, "%s /acl resource is read-only in RESET and RFNOP.", __func__);
ehRet = OC_EH_NOT_ACCEPTABLE;
goto exit;
}
if (payload)
{
OicSecAcl_t *newAcl = NULL;
......@@ -2186,6 +2198,8 @@ static OCEntityHandlerResult HandleACLPostRequest(const OCEntityHandlerRequest *
ehRet = OC_EH_ERROR;
}
exit:
//Send response to request originator
ehRet = ((SendSRMResponse(ehRequest, ehRet, NULL, 0)) == OC_STACK_OK) ?
OC_EH_OK : OC_EH_ERROR;
......
......@@ -1042,6 +1042,16 @@ exit:
return ret;
}
OCStackResult InitPstatResourceToDefault()
{
gPstat = GetPstatDefault();
VERIFY_NOT_NULL(TAG, gPstat, FATAL);
return OC_STACK_OK;
exit:
return OC_STACK_ERROR;
}
OCStackResult DeInitPstatResource()
{
if (gPstat != &gDefaultPstat)
......
......@@ -31,6 +31,7 @@
#include "securevirtualresourcetypes.h"
#include "srmresourcestrings.h"
#include "aclresource.h"
#include "pstatresource.h"
#include "srmtestcommon.h"
#include "srmutility.h"
#include "logger.h"
......@@ -291,6 +292,11 @@ TEST(ACLResourceTest, GetDefaultACLTests)
// 'POST' ACL tests
TEST(ACLResourceTest, ACLPostTest)
{
// Intialize /pstat global, so that the GetDos() calls in aclresource.c
// can succeed, or all UPDATE requests will be rejected based on DOS.
OCStackResult res = InitPstatResourceToDefault();
ASSERT_TRUE(OC_STACK_OK == res);
// Read an ACL from the file
uint8_t *payload = NULL;
size_t size = 0;
......@@ -377,7 +383,7 @@ TEST(ACLResourceTest, DefaultAclAllowsRolesAccess)
int found = 0;
while((ace = GetACLResourceData(&subject, &savePtr)) != NULL)
{
{
ASSERT_TRUE(ace->resources != NULL);
OicSecRsrc_t* rsrc = NULL;
LL_FOREACH(ace->resources, rsrc)
......@@ -397,7 +403,7 @@ TEST(ACLResourceTest, DefaultAclAllowsRolesAccess)
}
static OCStackResult populateAcl(OicSecAcl_t *acl, int numRsrc)
static OCStackResult populateAcl(OicSecAcl_t *acl, int numRsrc)
{
OCStackResult ret = OC_STACK_ERROR;
OicSecAce_t* ace = (OicSecAce_t*)OICCalloc(1, sizeof(OicSecAce_t));
......@@ -425,6 +431,11 @@ exit:
//'DELETE' ACL test
TEST(ACLResourceTest, ACLDeleteWithSingleResourceTest)
{
// Intialize /pstat global, so that the GetDos() calls in aclresource.c
// can succeed, or all UPDATE requests will be rejected based on DOS.
OCStackResult res = InitPstatResourceToDefault();
ASSERT_TRUE(OC_STACK_OK == res);
static OCPersistentStorage ps = OCPersistentStorage();
SetPersistentHandler(&ps, true);
......@@ -480,6 +491,11 @@ TEST(ACLResourceTest, ACLDeleteWithSingleResourceTest)
TEST(ACLResourceTest, ACLDeleteWithMultiResourceTest)
{
// Intialize /pstat global, so that the GetDos() calls in aclresource.c
// can succeed, or all UPDATE requests will be rejected based on DOS.
OCStackResult res = InitPstatResourceToDefault();
ASSERT_TRUE(OC_STACK_OK == res);
static OCPersistentStorage ps = OCPersistentStorage();
SetPersistentHandler(&ps, true);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment