Commit 737cc606 authored by Iurii Metelytsia's avatar Iurii Metelytsia

[LITE-84] Remove "rt" and "if" matching

	Сode that compares "rt" and "if" in the ACL entries removed.
Signed-off-by: default avatarIurii Metelytsia <i.metelytsia@samsung.com>
Change-Id: I50116f9fda78b2d0d88d5caafdf192bbd5efccb0
parent 803fec91
......@@ -753,7 +753,6 @@ oc_handle_collection_request(oc_method_t method, oc_request_t *request,
#ifdef OC_SECURITY
if (request && request->origin &&
!oc_sec_check_acl(method, link->resource,
link->resource->default_interface,
request->origin)) {
response_buffer.code = oc_status_code(OC_STATUS_FORBIDDEN);
} else
......
......@@ -850,7 +850,7 @@ oc_ri_invoke_coap_entity_handler(void *request, void *response, uint8_t *buffer,
* the requestor (the subject) is authorized to issue this request to
* the resource.
*/
if (!oc_sec_check_acl(method, cur_resource, iface_mask, endpoint)) {
if (!oc_sec_check_acl(method, cur_resource, endpoint)) {
authorized = false;
} else
#endif /* OC_SECURITY */
......@@ -983,7 +983,6 @@ oc_ri_invoke_coap_entity_handler(void *request, void *response, uint8_t *buffer,
if (links->resource &&
links->resource->properties & OC_OBSERVABLE) {
if (!oc_sec_check_acl(OC_GET, links->resource,
links->resource->default_interface,
endpoint)) {
set_observe_option = false;
break;
......
......@@ -86,10 +86,6 @@ oc_sec_ace_t *oc_obt_new_ace_for_connection(oc_ace_connection_type_t conn);
oc_sec_ace_t *oc_obt_new_ace_for_role(const char *role, const char *authority);
oc_ace_res_t *oc_obt_ace_new_resource(oc_sec_ace_t *ace);
void oc_obt_ace_resource_set_href(oc_ace_res_t *resource, const char *href);
void oc_obt_ace_resource_set_num_rt(oc_ace_res_t *resource, int num_resources);
void oc_obt_ace_resource_bind_rt(oc_ace_res_t *resource, const char *rt);
void oc_obt_ace_resource_bind_if(oc_ace_res_t *resource,
oc_interface_mask_t iface_mask);
void oc_obt_ace_resource_set_wc(oc_ace_res_t *resource, oc_ace_wildcard_t wc);
void oc_obt_ace_add_permission(oc_sec_ace_t *ace,
oc_ace_permissions_t permission);
......
......@@ -355,6 +355,7 @@ coap_notify_collection_observers(oc_resource_t *resource,
response_buf->response_length);
}
coap_set_status_code(notification, response_buf->code);
if (notification->code < BAD_REQUEST_4_00 && obs->resource->num_observers) {
coap_set_header_observe(notification, (obs->obs_counter)++);
observe_counter++;
......@@ -480,8 +481,7 @@ coap_remove_observers_on_dos_change(size_t device, bool reset)
while (obs != NULL) {
if (obs->endpoint.device == device &&
(reset ||
!oc_sec_check_acl(OC_GET, obs->resource,
obs->resource->default_interface, &obs->endpoint))) {
!oc_sec_check_acl(OC_GET, obs->resource, &obs->endpoint))) {
coap_observer_t *o = obs;
coap_packet_t notification[1];
#ifdef OC_TCP
......
......@@ -1130,61 +1130,6 @@ provision_ace2(void)
}
}
PRINT("Enter number of resource types [0-None]: ");
SCANF("%d", &c);
if (c > 0 && c <= MAX_NUM_RT) {
oc_obt_ace_resource_set_num_rt(res, c);
char rt[128];
int j = 0;
while (j < c) {
PRINT("Enter resource type [%d]: ", j + 1);
SCANF("%127s", rt);
oc_obt_ace_resource_bind_rt(res, rt);
j++;
}
}
PRINT("Enter number of interfaces [0-None]");
SCANF("%d", &c);
if (c > 0 && c <= 7) {
int j = 0;
while (j < c) {
int k;
PRINT("\n[1]: oic.if.baseline\n[2]: oic.if.ll\n[3]: oic.if.b\n[4]: "
"oic.if.r\n[5]: oic.if.rw\n[6]: oic.if.a\n[7]: oic.if.s\n");
PRINT("\nSelect interface [%d]:", j + 1);
SCANF("%d", &k);
switch (k) {
case 1:
oc_obt_ace_resource_bind_if(res, OC_IF_BASELINE);
break;
case 2:
oc_obt_ace_resource_bind_if(res, OC_IF_LL);
break;
case 3:
oc_obt_ace_resource_bind_if(res, OC_IF_B);
break;
case 4:
oc_obt_ace_resource_bind_if(res, OC_IF_R);
break;
case 5:
oc_obt_ace_resource_bind_if(res, OC_IF_RW);
break;
case 6:
oc_obt_ace_resource_bind_if(res, OC_IF_A);
break;
case 7:
oc_obt_ace_resource_bind_if(res, OC_IF_S);
break;
default:
break;
}
j++;
}
} else if (c < 0 || c > 7) {
PRINT("\nWARNING: Invalid number of interfaces.. skipping interface "
"selection\n");
}
i++;
}
......
......@@ -97,9 +97,7 @@ get_new_aceid(size_t device)
static oc_ace_res_t *
oc_sec_ace_find_resource(oc_ace_res_t *start, oc_sec_ace_t *ace,
const char *href, oc_string_array_t *rt,
oc_interface_mask_t iface_mask,
oc_ace_wildcard_t wildcard)
const char *href, oc_ace_wildcard_t wildcard)
{
int skip = 0;
if (href && href[0] != '/')
......@@ -123,37 +121,6 @@ oc_sec_ace_find_resource(oc_ace_res_t *start, oc_sec_ace_t *ace,
}
}
if (match && rt && oc_string_array_get_allocated_size(res->types) > 0) {
size_t i, j;
bool rt_match = false;
for (i = 0; i < oc_string_array_get_allocated_size(*rt); i++) {
const char *t = oc_string_array_get_item(*rt, i);
for (j = 0; j < oc_string_array_get_allocated_size(res->types); j++) {
const char *u = oc_string_array_get_item(res->types, j);
if (strlen(u) == 1 && u[0] == '*') {
break;
}
if (strlen(t) == strlen(u) && memcmp(t, u, strlen(t)) == 0) {
rt_match = true;
break;
}
}
}
if (!rt_match) {
match = false;
} else {
positive = true;
}
}
if (match && iface_mask != 0 && res->interfaces != 0) {
if ((iface_mask & res->interfaces) == 0) {
match = false;
} else {
positive = true;
}
}
if (match && wildcard != 0 && res->wildcard != 0) {
if (wildcard != OC_ACE_WC_ALL && (wildcard & res->wildcard) != 0) {
positive = true;
......@@ -231,8 +198,7 @@ oc_sec_acl_find_subject(oc_sec_ace_t *start, oc_ace_subject_type_t type,
static uint16_t
oc_ace_get_permission(oc_sec_ace_t *ace, oc_resource_t *resource,
oc_interface_mask_t iface_mask, bool is_DCR,
bool is_public)
bool is_DCR, bool is_public)
{
uint16_t permission = 0;
......@@ -257,13 +223,12 @@ oc_ace_get_permission(oc_sec_ace_t *ace, oc_resource_t *resource,
}
oc_ace_res_t *res = oc_sec_ace_find_resource(
NULL, ace, oc_string(resource->uri), &resource->types, iface_mask, wc);
NULL, ace, oc_string(resource->uri), wc);
while (res != NULL) {
permission |= ace->permission;
res = oc_sec_ace_find_resource(res, ace, oc_string(resource->uri),
&resource->types, iface_mask, wc);
res = oc_sec_ace_find_resource(res, ace, oc_string(resource->uri), wc);
}
return permission;
......@@ -332,8 +297,7 @@ dump_acl(size_t device)
static uint16_t
get_role_permissions(oc_sec_cred_t *role_cred, oc_resource_t *resource,
oc_interface_mask_t iface_mask, size_t device, bool is_DCR,
bool is_public)
size_t device, bool is_DCR, bool is_public)
{
uint16_t permission = 0;
oc_sec_ace_t *match = NULL;
......@@ -344,7 +308,7 @@ get_role_permissions(oc_sec_cred_t *role_cred, oc_resource_t *resource,
if (match) {
permission |=
oc_ace_get_permission(match, resource, iface_mask, is_DCR, is_public);
oc_ace_get_permission(match, resource, is_DCR, is_public);
OC_DBG("oc_check_acl: Found ACE with permission %d for matching role",
permission);
}
......@@ -354,7 +318,7 @@ get_role_permissions(oc_sec_cred_t *role_cred, oc_resource_t *resource,
bool
oc_sec_check_acl(oc_method_t method, oc_resource_t *resource,
oc_interface_mask_t iface_mask, oc_endpoint_t *endpoint)
oc_endpoint_t *endpoint)
{
#ifdef OC_DEBUG
dump_acl(endpoint->device);
......@@ -422,7 +386,7 @@ oc_sec_check_acl(oc_method_t method, oc_resource_t *resource,
if (match) {
permission |=
oc_ace_get_permission(match, resource, iface_mask, is_DCR, is_public);
oc_ace_get_permission(match, resource, is_DCR, is_public);
OC_DBG("oc_check_acl: Found ACE with permission %d for subject UUID",
permission);
}
......@@ -432,7 +396,7 @@ oc_sec_check_acl(oc_method_t method, oc_resource_t *resource,
oc_sec_cred_t *role_cred = oc_sec_find_cred(
uuid, OC_CREDTYPE_PSK, OC_CREDUSAGE_NULL, endpoint->device);
if (role_cred && oc_string_len(role_cred->role.role) > 0) {
permission |= get_role_permissions(role_cred, resource, iface_mask,
permission |= get_role_permissions(role_cred, resource,
endpoint->device, is_DCR, is_public);
}
}
......@@ -452,7 +416,7 @@ oc_sec_check_acl(oc_method_t method, oc_resource_t *resource,
OC_DBG("oc_acl: peer's role matches \"oic.role.owner\"");
return true;
}
permission |= get_role_permissions(role_cred, resource, iface_mask,
permission |= get_role_permissions(role_cred, resource,
endpoint->device, is_DCR, is_public);
role_cred = role_cred->next;
}
......@@ -469,7 +433,7 @@ oc_sec_check_acl(oc_method_t method, oc_resource_t *resource,
0, endpoint->device);
if (match) {
permission |=
oc_ace_get_permission(match, resource, iface_mask, is_DCR, is_public);
oc_ace_get_permission(match, resource, is_DCR, is_public);
OC_DBG("oc_check_acl: Found ACE with permission %d for auth-crypt "
"connection",
permission);
......@@ -485,7 +449,7 @@ oc_sec_check_acl(oc_method_t method, oc_resource_t *resource,
endpoint->device);
if (match) {
permission |=
oc_ace_get_permission(match, resource, iface_mask, is_DCR, is_public);
oc_ace_get_permission(match, resource, is_DCR, is_public);
OC_DBG("oc_check_acl: Found ACE with permission %d for anon-clear "
"connection",
permission);
......@@ -558,13 +522,6 @@ oc_sec_encode_acl(size_t device)
while (res != NULL) {
oc_rep_object_array_start_item(resources);
if (res->interfaces != 0) {
oc_core_encode_interfaces_mask(oc_rep_object(resources),
res->interfaces);
}
if (oc_string_array_get_allocated_size(res->types) > 0) {
oc_rep_set_string_array(resources, rt, res->types);
}
if (oc_string_len(res->href) > 0) {
oc_rep_set_text_string(resources, href, oc_string(res->href));
} else {
......@@ -602,7 +559,6 @@ oc_sec_encode_acl(size_t device)
static oc_ace_res_t *
oc_sec_ace_get_res(oc_ace_subject_type_t type, oc_ace_subject_t *subject,
const char *href, oc_ace_wildcard_t wildcard,
oc_string_array_t *rt, oc_interface_mask_t iface_mask,
int aceid, uint16_t permission, size_t device, bool create)
{
oc_sec_ace_t *ace =
......@@ -620,7 +576,7 @@ oc_sec_ace_get_res(oc_ace_subject_type_t type, oc_ace_subject_t *subject,
goto done;
got_ace:
res = oc_sec_ace_find_resource(NULL, ace, href, rt, iface_mask, wildcard);
res = oc_sec_ace_find_resource(NULL, ace, href, wildcard);
if (!res && create) {
goto new_res;
}
......@@ -703,16 +659,6 @@ new_res:
OC_DBG("Adding resource %s with permission %d", href, permission);
}
if (rt) {
oc_new_string_array(&res->types, oc_string_array_get_allocated_size(*rt));
int i;
for (i = 0; i < (int)oc_string_array_get_allocated_size(*rt); i++) {
oc_string_array_add_item(res->types, oc_string_array_get_item(*rt, i));
}
}
res->interfaces = iface_mask;
oc_list_add(ace->resources, res);
} else {
OC_WRN("insufficient memory to add new resource to ACE");
......@@ -725,10 +671,9 @@ done:
static bool
oc_sec_ace_update_res(oc_ace_subject_type_t type, oc_ace_subject_t *subject,
int aceid, uint16_t permission, const char *href,
oc_ace_wildcard_t wildcard, oc_string_array_t *rt,
oc_interface_mask_t iface_mask, size_t device)
oc_ace_wildcard_t wildcard, size_t device)
{
if (oc_sec_ace_get_res(type, subject, href, wildcard, rt, iface_mask, aceid,
if (oc_sec_ace_get_res(type, subject, href, wildcard, aceid,
permission, device, true))
return true;
return false;
......@@ -744,9 +689,6 @@ oc_ace_free_resources(size_t device, oc_sec_ace_t **ace, const char *href)
if (href == NULL ||
(oc_string_len(res->href) == strlen(href) &&
memcmp(href, oc_string(res->href), strlen(href)) == 0)) {
if (oc_string_array_get_allocated_size(res->types) > 0) {
oc_free_string_array(&res->types);
}
if (oc_string_len(res->href) > 0) {
oc_free_string(&res->href);
}
......@@ -875,7 +817,7 @@ oc_sec_acl_add_created_resource_ace(const char *href, oc_endpoint_t *client,
perm |= OC_PERM_CREATE;
}
oc_sec_ace_update_res(OC_SUBJECT_UUID, &subject, -1, perm, href, 0, 0, 0,
oc_sec_ace_update_res(OC_SUBJECT_UUID, &subject, -1, perm, href, 0,
device);
return true;
......@@ -903,7 +845,7 @@ oc_sec_acl_default(size_t device)
if (i <= OCF_RES || i == OCF_D) {
success &=
oc_sec_ace_update_res(OC_SUBJECT_CONN, &_anon_clear, 1, 2,
oc_string(resource->uri), 0, NULL, 0, device);
oc_string(resource->uri), 0, device);
}
if (i >= OCF_SEC_DOXM &&
#ifdef OC_PKI
......@@ -914,7 +856,7 @@ oc_sec_acl_default(size_t device)
{
success &=
oc_sec_ace_update_res(OC_SUBJECT_CONN, &_anon_clear, 2, 14,
oc_string(resource->uri), -1, NULL, 0, device);
oc_string(resource->uri), -1, device);
}
}
OC_DBG("ACL for core resources initialized %d", success);
......@@ -1040,9 +982,6 @@ oc_sec_decode_acl(oc_rep_t *rep, bool from_storage, size_t device)
oc_resource_properties_t wc_r = 0;
#endif
*/
oc_interface_mask_t iface_mask = 0;
oc_string_array_t *rt = 0;
int i;
while (resource != NULL) {
switch (resource->type) {
......@@ -1078,27 +1017,6 @@ oc_sec_decode_acl(oc_rep_t *rep, bool from_storage, size_t device)
}
}
break;
case OC_REP_STRING_ARRAY: {
if (oc_string_len(resource->name) == 2) {
if (memcmp(oc_string(resource->name), "if", 2) == 0) {
for (i = 0; i < (int)oc_string_array_get_allocated_size(
resource->value.array);
i++) {
const char *f =
oc_string_array_get_item(resource->value.array, i);
if (strlen(f) == 1 && f[0] == '*') {
iface_mask |= 0xFE;
break;
}
iface_mask |=
oc_ri_get_interface_mask((char *)f, strlen(f));
}
} else if (strncasecmp(oc_string(resource->name), "rt", 2) ==
0) {
rt = &resource->value.array;
}
}
} break;
default:
break;
}
......@@ -1107,7 +1025,7 @@ oc_sec_decode_acl(oc_rep_t *rep, bool from_storage, size_t device)
}
oc_sec_ace_update_res(subject_type, &subject, aceid, permission, href,
wc, rt, iface_mask, device);
wc, device);
/* The following code block attaches "coap" endpoints to
resources linked to an anon-clear ACE. This logic is being
......
......@@ -43,7 +43,7 @@ void get_acl(oc_request_t *request, oc_interface_mask_t iface_mask, void *data);
void delete_acl(oc_request_t *request, oc_interface_mask_t iface_mask,
void *data);
bool oc_sec_check_acl(oc_method_t method, oc_resource_t *resource,
oc_interface_mask_t iface_mask, oc_endpoint_t *endpoint);
oc_endpoint_t *endpoint);
void oc_sec_set_post_otm_acl(size_t device);
void oc_sec_ace_clear_bootstrap_aces(size_t device);
bool oc_sec_acl_add_created_resource_ace(const char *href,
......
......@@ -1620,34 +1620,6 @@ oc_obt_ace_resource_set_href(oc_ace_res_t *resource, const char *href)
}
}
void
oc_obt_ace_resource_set_num_rt(oc_ace_res_t *resource, int num_resources)
{
if (resource) {
if (oc_string_array_get_allocated_size(resource->types) > 0) {
oc_free_string_array(&resource->types);
}
oc_new_string_array(&resource->types, num_resources);
}
}
void
oc_obt_ace_resource_bind_rt(oc_ace_res_t *resource, const char *rt)
{
if (resource) {
oc_string_array_add_item(resource->types, rt);
}
}
void
oc_obt_ace_resource_bind_if(oc_ace_res_t *resource,
oc_interface_mask_t interface)
{
if (resource) {
resource->interfaces = interface;
}
}
void
oc_obt_ace_resource_set_wc(oc_ace_res_t *resource, oc_ace_wildcard_t wc)
{
......@@ -1673,9 +1645,6 @@ free_ace(oc_sec_ace_t *ace)
if (oc_string_len(res->href) > 0) {
oc_free_string(&res->href);
}
if (oc_string_array_get_allocated_size(res->types) > 0) {
oc_free_string_array(&res->types);
}
oc_memb_free(&oc_res_m, res);
res = (oc_ace_res_t *)oc_list_pop(ace->resources);
}
......@@ -1821,13 +1790,6 @@ provision_ace(int status, void *data)
oc_rep_set_array(aclist2, resources);
while (res != NULL) {
oc_rep_object_array_start_item(resources);
if (res->interfaces != 0) {
oc_core_encode_interfaces_mask(oc_rep_object(resources),
res->interfaces);
}
if (oc_string_array_get_allocated_size(res->types) > 0) {
oc_rep_set_string_array(resources, rt, res->types);
}
if (oc_string_len(res->href) > 0) {
oc_rep_set_text_string(resources, href, oc_string(res->href));
} else {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment