Commit 29a8f14b authored by Kishen Maloor's avatar Kishen Maloor

Expose /oic/sec/sp in non OC_PKI builds

Signed-off-by: Kishen Maloor's avatarKishen Maloor <kishen.maloor@intel.com>
parent 9b74a88f
Pipeline #127 passed with stage
in 49 seconds
...@@ -597,13 +597,13 @@ oc_core_get_resource_by_uri(const char *uri, size_t device) ...@@ -597,13 +597,13 @@ oc_core_get_resource_by_uri(const char *uri, size_t device)
} else if (memcmp(uri + skip, "oic/sec/cred", 12) == 0) { } else if (memcmp(uri + skip, "oic/sec/cred", 12) == 0) {
type = OCF_SEC_CRED; type = OCF_SEC_CRED;
} }
} else if ((strlen(uri) - skip) == 10 &&
memcmp(uri + skip, "oic/sec/sp", 10) == 0) {
type = OCF_SEC_SP;
} }
#ifdef OC_PKI #ifdef OC_PKI
else if ((strlen(uri) - skip) == 10 && else if ((strlen(uri) - skip) == 11 &&
memcmp(uri + skip, "oic/sec/sp", 10) == 0) { memcmp(uri + skip, "oic/sec/csr", 11) == 0) {
type = OCF_SEC_SP;
} else if ((strlen(uri) - skip) == 11 &&
memcmp(uri + skip, "oic/sec/csr", 11) == 0) {
type = OCF_SEC_CSR; type = OCF_SEC_CSR;
} else if ((strlen(uri) - skip) == 13 && } else if ((strlen(uri) - skip) == 13 &&
memcmp(uri + skip, "oic/sec/roles", 13) == 0) { memcmp(uri + skip, "oic/sec/roles", 13) == 0) {
......
...@@ -42,9 +42,9 @@ ...@@ -42,9 +42,9 @@
#include "security/oc_store.h" #include "security/oc_store.h"
#include "security/oc_svr.h" #include "security/oc_svr.h"
#include "security/oc_tls.h" #include "security/oc_tls.h"
#include "security/oc_sp.h"
#ifdef OC_PKI #ifdef OC_PKI
#include "security/oc_keypair.h" #include "security/oc_keypair.h"
#include "security/oc_sp.h"
#endif /* OC_PKI */ #endif /* OC_PKI */
#endif /* OC_SECURITY */ #endif /* OC_SECURITY */
...@@ -237,8 +237,8 @@ oc_main_init(const oc_handler_t *handler) ...@@ -237,8 +237,8 @@ oc_main_init(const oc_handler_t *handler)
oc_sec_load_doxm(device); oc_sec_load_doxm(device);
oc_sec_load_cred(device); oc_sec_load_cred(device);
oc_sec_load_acl(device); oc_sec_load_acl(device);
#ifdef OC_PKI
oc_sec_load_sp(device); oc_sec_load_sp(device);
#ifdef OC_PKI
oc_sec_load_ecdsa_keypair(device); oc_sec_load_ecdsa_keypair(device);
#endif /* OC_PKI */ #endif /* OC_PKI */
} }
...@@ -293,8 +293,8 @@ oc_main_shutdown(void) ...@@ -293,8 +293,8 @@ oc_main_shutdown(void)
oc_sec_cred_free(); oc_sec_cred_free();
oc_sec_doxm_free(); oc_sec_doxm_free();
oc_sec_pstat_free(); oc_sec_pstat_free();
#ifdef OC_PKI
oc_sec_sp_free(); oc_sec_sp_free();
#ifdef OC_PKI
oc_free_ecdsa_keypairs(); oc_free_ecdsa_keypairs();
#endif /* OC_PKI */ #endif /* OC_PKI */
oc_tls_shutdown(); oc_tls_shutdown();
......
...@@ -37,7 +37,7 @@ extern int strncasecmp(const char *s1, const char *s2, size_t n); ...@@ -37,7 +37,7 @@ extern int strncasecmp(const char *s1, const char *s2, size_t n);
#ifdef OC_DYNAMIC_ALLOCATION #ifdef OC_DYNAMIC_ALLOCATION
#include "port/oc_assert.h" #include "port/oc_assert.h"
static oc_sec_acl_t *aclist; static oc_sec_acl_t *aclist;
#else /* OC_DYNAMIC_ALLOCATION */ #else /* OC_DYNAMIC_ALLOCATION */
static oc_sec_acl_t aclist[OC_MAX_NUM_DEVICES]; static oc_sec_acl_t aclist[OC_MAX_NUM_DEVICES];
#endif /* !OC_DYNAMIC_ALLOCATION */ #endif /* !OC_DYNAMIC_ALLOCATION */
...@@ -197,8 +197,8 @@ oc_sec_acl_find_subject(oc_sec_ace_t *start, oc_ace_subject_type_t type, ...@@ -197,8 +197,8 @@ oc_sec_acl_find_subject(oc_sec_ace_t *start, oc_ace_subject_type_t type,
} }
static uint16_t static uint16_t
oc_ace_get_permission(oc_sec_ace_t *ace, oc_resource_t *resource, oc_ace_get_permission(oc_sec_ace_t *ace, oc_resource_t *resource, bool is_DCR,
bool is_DCR, bool is_public) bool is_public)
{ {
uint16_t permission = 0; uint16_t permission = 0;
...@@ -222,8 +222,8 @@ oc_ace_get_permission(oc_sec_ace_t *ace, oc_resource_t *resource, ...@@ -222,8 +222,8 @@ oc_ace_get_permission(oc_sec_ace_t *ace, oc_resource_t *resource,
} }
} }
oc_ace_res_t *res = oc_sec_ace_find_resource( oc_ace_res_t *res =
NULL, ace, oc_string(resource->uri), wc); oc_sec_ace_find_resource(NULL, ace, oc_string(resource->uri), wc);
while (res != NULL) { while (res != NULL) {
permission |= ace->permission; permission |= ace->permission;
...@@ -307,8 +307,7 @@ get_role_permissions(oc_sec_cred_t *role_cred, oc_resource_t *resource, ...@@ -307,8 +307,7 @@ get_role_permissions(oc_sec_cred_t *role_cred, oc_resource_t *resource,
device); device);
if (match) { if (match) {
permission |= permission |= oc_ace_get_permission(match, resource, is_DCR, is_public);
oc_ace_get_permission(match, resource, is_DCR, is_public);
OC_DBG("oc_check_acl: Found ACE with permission %d for matching role", OC_DBG("oc_check_acl: Found ACE with permission %d for matching role",
permission); permission);
} }
...@@ -385,8 +384,7 @@ oc_sec_check_acl(oc_method_t method, oc_resource_t *resource, ...@@ -385,8 +384,7 @@ oc_sec_check_acl(oc_method_t method, oc_resource_t *resource,
endpoint->device); endpoint->device);
if (match) { if (match) {
permission |= permission |= oc_ace_get_permission(match, resource, is_DCR, is_public);
oc_ace_get_permission(match, resource, is_DCR, is_public);
OC_DBG("oc_check_acl: Found ACE with permission %d for subject UUID", OC_DBG("oc_check_acl: Found ACE with permission %d for subject UUID",
permission); permission);
} }
...@@ -432,8 +430,7 @@ oc_sec_check_acl(oc_method_t method, oc_resource_t *resource, ...@@ -432,8 +430,7 @@ oc_sec_check_acl(oc_method_t method, oc_resource_t *resource,
match = oc_sec_acl_find_subject(match, OC_SUBJECT_CONN, &_auth_crypt, -1, match = oc_sec_acl_find_subject(match, OC_SUBJECT_CONN, &_auth_crypt, -1,
0, endpoint->device); 0, endpoint->device);
if (match) { if (match) {
permission |= permission |= oc_ace_get_permission(match, resource, is_DCR, is_public);
oc_ace_get_permission(match, resource, is_DCR, is_public);
OC_DBG("oc_check_acl: Found ACE with permission %d for auth-crypt " OC_DBG("oc_check_acl: Found ACE with permission %d for auth-crypt "
"connection", "connection",
permission); permission);
...@@ -448,8 +445,7 @@ oc_sec_check_acl(oc_method_t method, oc_resource_t *resource, ...@@ -448,8 +445,7 @@ oc_sec_check_acl(oc_method_t method, oc_resource_t *resource,
match = oc_sec_acl_find_subject(match, OC_SUBJECT_CONN, &_anon_clear, -1, 0, match = oc_sec_acl_find_subject(match, OC_SUBJECT_CONN, &_anon_clear, -1, 0,
endpoint->device); endpoint->device);
if (match) { if (match) {
permission |= permission |= oc_ace_get_permission(match, resource, is_DCR, is_public);
oc_ace_get_permission(match, resource, is_DCR, is_public);
OC_DBG("oc_check_acl: Found ACE with permission %d for anon-clear " OC_DBG("oc_check_acl: Found ACE with permission %d for anon-clear "
"connection", "connection",
permission); permission);
...@@ -558,8 +554,8 @@ oc_sec_encode_acl(size_t device) ...@@ -558,8 +554,8 @@ oc_sec_encode_acl(size_t device)
static oc_ace_res_t * static oc_ace_res_t *
oc_sec_ace_get_res(oc_ace_subject_type_t type, oc_ace_subject_t *subject, oc_sec_ace_get_res(oc_ace_subject_type_t type, oc_ace_subject_t *subject,
const char *href, oc_ace_wildcard_t wildcard, const char *href, oc_ace_wildcard_t wildcard, int aceid,
int aceid, uint16_t permission, size_t device, bool create) uint16_t permission, size_t device, bool create)
{ {
oc_sec_ace_t *ace = oc_sec_ace_t *ace =
oc_sec_acl_find_subject(NULL, type, subject, aceid, permission, device); oc_sec_acl_find_subject(NULL, type, subject, aceid, permission, device);
...@@ -673,8 +669,8 @@ oc_sec_ace_update_res(oc_ace_subject_type_t type, oc_ace_subject_t *subject, ...@@ -673,8 +669,8 @@ oc_sec_ace_update_res(oc_ace_subject_type_t type, oc_ace_subject_t *subject,
int aceid, uint16_t permission, const char *href, int aceid, uint16_t permission, const char *href,
oc_ace_wildcard_t wildcard, size_t device) oc_ace_wildcard_t wildcard, size_t device)
{ {
if (oc_sec_ace_get_res(type, subject, href, wildcard, aceid, if (oc_sec_ace_get_res(type, subject, href, wildcard, aceid, permission,
permission, device, true)) device, true))
return true; return true;
return false; return false;
} }
...@@ -817,8 +813,7 @@ oc_sec_acl_add_created_resource_ace(const char *href, oc_endpoint_t *client, ...@@ -817,8 +813,7 @@ oc_sec_acl_add_created_resource_ace(const char *href, oc_endpoint_t *client,
perm |= OC_PERM_CREATE; perm |= OC_PERM_CREATE;
} }
oc_sec_ace_update_res(OC_SUBJECT_UUID, &subject, -1, perm, href, 0, oc_sec_ace_update_res(OC_SUBJECT_UUID, &subject, -1, perm, href, 0, device);
device);
return true; return true;
} }
...@@ -843,20 +838,18 @@ oc_sec_acl_default(size_t device) ...@@ -843,20 +838,18 @@ oc_sec_acl_default(size_t device)
continue; continue;
} }
if (i <= OCF_RES || i == OCF_D) { if (i <= OCF_RES || i == OCF_D) {
success &= success &= oc_sec_ace_update_res(OC_SUBJECT_CONN, &_anon_clear, 1, 2,
oc_sec_ace_update_res(OC_SUBJECT_CONN, &_anon_clear, 1, 2, oc_string(resource->uri), 0, device);
oc_string(resource->uri), 0, device);
} }
if (i >= OCF_SEC_DOXM && if (i >= OCF_SEC_DOXM &&
#ifdef OC_PKI #ifdef OC_PKI
i < OCF_SEC_ROLES) i < OCF_SEC_ROLES)
#else /* OC_PKI */ #else /* OC_PKI */
i <= OCF_SEC_CRED) i <= OCF_SEC_SP)
#endif /* !OC_PKI */ #endif /* !OC_PKI */
{ {
success &= success &= oc_sec_ace_update_res(OC_SUBJECT_CONN, &_anon_clear, 2, 14,
oc_sec_ace_update_res(OC_SUBJECT_CONN, &_anon_clear, 2, 14, oc_string(resource->uri), -1, device);
oc_string(resource->uri), -1, device);
} }
} }
OC_DBG("ACL for core resources initialized %d", success); OC_DBG("ACL for core resources initialized %d", success);
......
...@@ -156,8 +156,8 @@ oc_pstat_handle_state(oc_sec_pstat_t *ps, size_t device, bool from_storage, ...@@ -156,8 +156,8 @@ oc_pstat_handle_state(oc_sec_pstat_t *ps, size_t device, bool from_storage,
} }
#ifdef OC_PKI #ifdef OC_PKI
oc_sec_free_roles_for_device(device); oc_sec_free_roles_for_device(device);
oc_sec_sp_default(device);
#endif /* OC_PKI */ #endif /* OC_PKI */
oc_sec_sp_default(device);
#ifdef OC_SERVER #ifdef OC_SERVER
#ifdef OC_CLIENT #ifdef OC_CLIENT
#ifdef OC_CLOUD #ifdef OC_CLOUD
......
...@@ -132,7 +132,6 @@ oc_sec_load_pstat(size_t device) ...@@ -132,7 +132,6 @@ oc_sec_load_pstat(size_t device)
} }
} }
#ifdef OC_PKI
void void
oc_sec_load_sp(size_t device) oc_sec_load_sp(size_t device)
{ {
...@@ -205,6 +204,7 @@ oc_sec_dump_sp(size_t device) ...@@ -205,6 +204,7 @@ oc_sec_dump_sp(size_t device)
#endif /* OC_DYNAMIC_ALLOCATION */ #endif /* OC_DYNAMIC_ALLOCATION */
} }
#ifdef OC_PKI
void void
oc_sec_load_ecdsa_keypair(size_t device) oc_sec_load_ecdsa_keypair(size_t device)
{ {
......
...@@ -35,10 +35,7 @@ oc_sec_create_svr(void) ...@@ -35,10 +35,7 @@ oc_sec_create_svr(void)
oc_sec_pstat_init(); oc_sec_pstat_init();
oc_sec_cred_init(); oc_sec_cred_init();
oc_sec_acl_init(); oc_sec_acl_init();
#ifdef OC_PKI
oc_sec_sp_init(); oc_sec_sp_init();
#endif /* OC_PKI */
size_t i; size_t i;
for (i = 0; i < oc_core_get_num_devices(); i++) { for (i = 0; i < oc_core_get_num_devices(); i++) {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment