[IOT-2409] IUT rejects /acl2 Update from CTT 79/20779/4
authorNathan Heldt-Sheller <nathan.heldt-sheller@intel.com>
Wed, 14 Jun 2017 00:59:48 +0000 (17:59 -0700)
committerKevin Kane <kkane@microsoft.com>
Thu, 15 Jun 2017 16:12:58 +0000 (16:12 +0000)
The CTT was posting an Update to /acl2 that included only
rowneruuid in the payload.  The IUT was rejecting because it
could not determine that the payload was /acl2 (vs. /acl v1).

This is wrong behavior by IUT because such a payload is actually
valid /acl2 and/or /acl v1 payload.

This patch changes the logic so that it only rejects an Update
based on version if it can determine it is an incompatible version -
in this case, v1 - and accepts it otherwise.

A similar problem exists in the /cred Update handler, which
(in a particular state) treats a payload containing just rowneruuid
as a failed attempt to Update the Owner credential.

This patch changes that logic too, to no longer treat a "NO_SECURITY_MODE"
credType as an Owner credential.

Change-Id: Ica9bde112cb87bd6ad6ee014cf7526928545d786
Signed-off-by: Nathan Heldt-Sheller <nathan.heldt-sheller@intel.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/20779
Tested-by: jenkins-iotivity <jenkins@iotivity.org>
Reviewed-by: Dan Mihai <Daniel.Mihai@microsoft.com>
Reviewed-by: Randeep Singh <randeep.s@samsung.com>
Reviewed-by: Mushfiqul Islam <i.mushfiq@samsung.com>
Reviewed-by: Kevin Kane <kkane@microsoft.com>
resource/csdk/security/src/aclresource.c
resource/csdk/security/src/credresource.c

index 88b1df1..1abfb04 100644 (file)
@@ -1416,6 +1416,17 @@ static OicSecAcl_t* CBORPayloadToAclVersionOpt(const uint8_t *cborPayload, const
                 aclistVersion = OIC_SEC_ACL_V2;
                 aclistTagJustFound = true;
             }
+            else
+            {
+                if (NULL != versionCheck)
+                {
+                    OIC_LOG_V(DEBUG, TAG, "%s Unable to determine ACL version, could be either v1 or v2!"
+                        " Assigning 'versionCheck' to OIC_SEC_ACL_UNKNOWN and returning NULL.", __func__);
+                    *versionCheck = OIC_SEC_ACL_UNKNOWN;
+                    OICFree(acl);
+                    return NULL;
+                }
+            }
 
             CborValue aclistMap = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
             if (aclistTagJustFound && OIC_SEC_ACL_V1 == aclistVersion)
@@ -2684,9 +2695,9 @@ static OCEntityHandlerResult HandleACLPostRequest(const OCEntityHandlerRequest *
         // Clients should not POST v1 ACL to OCF 1.0 Server
         OicSecAclVersion_t payloadVersionReceived = OIC_SEC_ACL_V1;
         CBORPayloadToAclVersionOpt(payload, size, &payloadVersionReceived);
-        if (OIC_SEC_ACL_V2 != payloadVersionReceived)
+        if (OIC_SEC_ACL_V1 == payloadVersionReceived)
         {
-            OIC_LOG_V(WARNING, TAG, "%s /acl Resource is v2; POST of v1 ACL not acceptable.", __func__);
+            OIC_LOG_V(WARNING, TAG, "%s /acl2 Resource Update with v1 ACL payload not acceptable.", __func__);
             ehRet = OC_EH_NOT_ACCEPTABLE;
             goto exit;
         }
index 45315c4..bfe88d5 100644 (file)
@@ -1754,7 +1754,7 @@ OCStackResult AddCredential(OicSecCred_t * newCred)
     OicUuid_t emptyOwner = { .id = {0} };
 #if ((defined(__WITH_DTLS__) || defined(__WITH_TLS__)) && defined(MULTIPLE_OWNER))
     uint16_t staleCredId = 0;
-#endif //(__WITH_DTLS__ or __WITH_TLS__) and MULTIPLE_OWNER  
+#endif //(__WITH_DTLS__ or __WITH_TLS__) and MULTIPLE_OWNER
 
     OIC_LOG(DEBUG, TAG, "IN AddCredential");
 
@@ -2113,7 +2113,7 @@ static OCEntityHandlerResult HandlePostRequest(OCEntityHandlerRequest * ehReques
 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
         OicUuid_t emptyUuid = {.id={0}};
         const OicSecDoxm_t* doxm = GetDoxmResourceData();
-        if(doxm && false == doxm->owned && memcmp(&(doxm->owner), &emptyUuid, sizeof(OicUuid_t)) != 0)
+        if(NO_SECURITY_MODE != cred->credType && doxm && false == doxm->owned && memcmp(&(doxm->owner), &emptyUuid, sizeof(OicUuid_t)) != 0)
         {
             //in case of owner PSK
             switch(cred->credType)