Commit f65b2f7b authored by Nathan Heldt-Sheller's avatar Nathan Heldt-Sheller Committed by Kevin Kane

[IOT-2409] IUT rejects /acl2 Update from CTT

The CTT was posting an Update to /acl2 that included only
rowneruuid in the payload.  The IUT was rejecting because it
could not determine that the payload was /acl2 (vs. /acl v1).

This is wrong behavior by IUT because such a payload is actually
valid /acl2 and/or /acl v1 payload.

This patch changes the logic so that it only rejects an Update
based on version if it can determine it is an incompatible version -
in this case, v1 - and accepts it otherwise.

A similar problem exists in the /cred Update handler, which
(in a particular state) treats a payload containing just rowneruuid
as a failed attempt to Update the Owner credential.

This patch changes that logic too, to no longer treat a "NO_SECURITY_MODE"
credType as an Owner credential.

Change-Id: Ica9bde112cb87bd6ad6ee014cf7526928545d786
Signed-off-by: Nathan Heldt-Sheller's avatarNathan Heldt-Sheller <nathan.heldt-sheller@intel.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/20779Tested-by: default avatarjenkins-iotivity <jenkins@iotivity.org>
Reviewed-by: default avatarDan Mihai <Daniel.Mihai@microsoft.com>
Reviewed-by: Randeep's avatarRandeep Singh <randeep.s@samsung.com>
Reviewed-by: default avatarMushfiqul Islam <i.mushfiq@samsung.com>
Reviewed-by: default avatarKevin Kane <kkane@microsoft.com>
parent 16b8f713
......@@ -1416,6 +1416,17 @@ static OicSecAcl_t* CBORPayloadToAclVersionOpt(const uint8_t *cborPayload, const
aclistVersion = OIC_SEC_ACL_V2;
aclistTagJustFound = true;
}
else
{
if (NULL != versionCheck)
{
OIC_LOG_V(DEBUG, TAG, "%s Unable to determine ACL version, could be either v1 or v2!"
" Assigning 'versionCheck' to OIC_SEC_ACL_UNKNOWN and returning NULL.", __func__);
*versionCheck = OIC_SEC_ACL_UNKNOWN;
OICFree(acl);
return NULL;
}
}
CborValue aclistMap = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
if (aclistTagJustFound && OIC_SEC_ACL_V1 == aclistVersion)
......@@ -2684,9 +2695,9 @@ static OCEntityHandlerResult HandleACLPostRequest(const OCEntityHandlerRequest *
// Clients should not POST v1 ACL to OCF 1.0 Server
OicSecAclVersion_t payloadVersionReceived = OIC_SEC_ACL_V1;
CBORPayloadToAclVersionOpt(payload, size, &payloadVersionReceived);
if (OIC_SEC_ACL_V2 != payloadVersionReceived)
if (OIC_SEC_ACL_V1 == payloadVersionReceived)
{
OIC_LOG_V(WARNING, TAG, "%s /acl Resource is v2; POST of v1 ACL not acceptable.", __func__);
OIC_LOG_V(WARNING, TAG, "%s /acl2 Resource Update with v1 ACL payload not acceptable.", __func__);
ehRet = OC_EH_NOT_ACCEPTABLE;
goto exit;
}
......
......@@ -1754,7 +1754,7 @@ OCStackResult AddCredential(OicSecCred_t * newCred)
OicUuid_t emptyOwner = { .id = {0} };
#if ((defined(__WITH_DTLS__) || defined(__WITH_TLS__)) && defined(MULTIPLE_OWNER))
uint16_t staleCredId = 0;
#endif //(__WITH_DTLS__ or __WITH_TLS__) and MULTIPLE_OWNER
#endif //(__WITH_DTLS__ or __WITH_TLS__) and MULTIPLE_OWNER
OIC_LOG(DEBUG, TAG, "IN AddCredential");
......@@ -2113,7 +2113,7 @@ static OCEntityHandlerResult HandlePostRequest(OCEntityHandlerRequest * ehReques
#if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
OicUuid_t emptyUuid = {.id={0}};
const OicSecDoxm_t* doxm = GetDoxmResourceData();
if(doxm && false == doxm->owned && memcmp(&(doxm->owner), &emptyUuid, sizeof(OicUuid_t)) != 0)
if(NO_SECURITY_MODE != cred->credType && doxm && false == doxm->owned && memcmp(&(doxm->owner), &emptyUuid, sizeof(OicUuid_t)) != 0)
{
//in case of owner PSK
switch(cred->credType)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment