mirror/iopsys-feed
1
0
Fork 0
mirror of https://dev.iopsys.eu/feed/iopsys.git synced 2025-12-10 07:44:50 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

obuspa: Updated SecuredRole only for bbfdm

Browse source
This commit is contained in:
Vivek Kumar Dutta 2025-05-01 19:18:13 +05:30
parent 4c6f70342a
commit 29e9ba389a
No known key found for this signature in database
GPG key ID: 4E09F5AD8265FD4C
6 changed files with 550 additions and 585 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
obuspa/Makefile
View file

@ -5,7 +5,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=obuspa
PKG_VERSION:=10.0.0.2
PKG_VERSION:=10.0.0.3
LOCAL_DEV:=0
ifneq ($(LOCAL_DEV),1)

562
obuspa/patches/0005-CTrust-SecureRoles.patch
View file

@ -1,562 +0,0 @@
Index: obuspa-10.0.0.1/src/core/data_model.c
===================================================================
--- obuspa-10.0.0.1.orig/src/core/data_model.c
+++ obuspa-10.0.0.1/src/core/data_model.c
@@ -59,6 +59,7 @@
#include "group_get_vector.h"
#include "inst_sel_vector.h"
#include "plugin.h"
+#include "device_ctrust.h"
#ifdef ENABLE_COAP
#include "usp_coap.h"
@@ -510,6 +511,14 @@ int DATA_MODEL_GetParameterValue(char *p
return USP_ERR_INVALID_PATH;
}
+ // Check if the parameter is secured and the controller has a secured role, and if the SHOW_PASSWORD flag is not set
+ if (!(flags & SHOW_PASSWORD) && node->registered.param_info.type_flags & DM_SECURE && !DEVICE_CTRUST_IsControllerSecured())
+ {
+ // Return an empty string for secured parameters when controller doesn't have secured role
+ *buf = '\0';
+ return USP_ERR_OK;
+ }
+
// NOTE: We do not check 'is_qualified_instance' here, because the only time it would be unqualified, is if the
// path represented a multi-instance object. If path does represent this, then it will be caught below (switch statement)
@@ -541,8 +550,8 @@ int DATA_MODEL_GetParameterValue(char *p
break;
case kDMNodeType_DBParam_Secure:
- // Return an empty string, if special flag is not set
- if ((flags & SHOW_PASSWORD)==0)
+ // Return an empty string if the parameter is secured and the controller has a secured role, and if the SHOW_PASSWORD flag is not set
+ if (!(flags & SHOW_PASSWORD) && node->registered.param_info.type_flags & DM_SECURE && !DEVICE_CTRUST_IsControllerSecured())
{
*buf = '\0';
break;
Index: obuspa-10.0.0.1/src/core/device_ctrust.c
===================================================================
--- obuspa-10.0.0.1.orig/src/core/device_ctrust.c
+++ obuspa-10.0.0.1/src/core/device_ctrust.c
@@ -66,6 +66,7 @@
#include "dm_inst_vector.h"
#include "inst_sel_vector.h"
#include "database.h"
+#include "device_ctrust.h"
//------------------------------------------------------------------------------
// Location of the controller trust tables within the data model
@@ -235,6 +236,7 @@ credential_t *FindCredentialByCertInstan
int Get_CredentialRole(dm_req_t *req, char *buf, int len);
int Get_CredentialCertificate(dm_req_t *req, char *buf, int len);
int Get_CredentialNumEntries(dm_req_t *req, char *buf, int len);
+int Validate_SecuredRoles(dm_req_t *req, char *value);
#ifndef REMOVE_DEVICE_SECURITY
int InitChallengeTable();
@@ -354,6 +356,10 @@ int DEVICE_CTRUST_Init(void)
challenge_response_input_args, NUM_ELEM(challenge_response_input_args),
NULL, 0);
#endif
+
+ // Register Device.LocalAgent.ControllerTrust.SecuredRoles parameter
+ err |= USP_REGISTER_DBParam_ReadWrite(DEVICE_CTRUST_ROOT ".SecuredRoles", "", Validate_SecuredRoles, NULL, DM_STRING);
+
// Exit if any errors occurred
if (err != USP_ERR_OK)
{
@@ -2908,3 +2914,128 @@ exit:
return err;
}
#endif // REMOVE_DEVICE_SECURITY
+
+
+/*********************************************************************//**
+**
+** Validate_SecuredRoles
+**
+** Validates Device.LocalAgent.ControllerTrust.SecuredRoles
+** Each list item MUST be the Path Name of a row in the Device.LocalAgent.ControllerTrust.Role table
+**
+** \param req - pointer to structure identifying the parameter
+** \param value - value that the controller would like to set the parameter to
+**
+** \return USP_ERR_OK if successful
+**
+**************************************************************************/
+int Validate_SecuredRoles(dm_req_t *req, char *value)
+{
+ char *role_path;
+ char *saveptr;
+ char *str;
+ char temp[MAX_DM_PATH];
+ int role_instance;
+ int err;
+
+ // Empty string is valid
+ if (*value == '\0')
+ {
+ return USP_ERR_OK;
+ }
+
+ // Copy the value as strtok_r modifies the string
+ USP_STRNCPY(temp, value, sizeof(temp));
+
+ // Iterate through comma-separated list
+ str = temp;
+ role_path = strtok_r(str, ",", &saveptr);
+ while (role_path != NULL)
+ {
+ // Trim whitespace
+ role_path = TEXT_UTILS_TrimBuffer(role_path);
+
+ // Verify that this path exists in the Role table using DM_ACCESS_ValidateReference
+ err = DM_ACCESS_ValidateReference(role_path, "Device.LocalAgent.ControllerTrust.Role.{i}", &role_instance);
+ if (err != USP_ERR_OK)
+ {
+ USP_ERR_SetMessage("%s: Role path '%s' does not exist in Device.LocalAgent.ControllerTrust.Role table", __FUNCTION__, role_path);
+ return USP_ERR_INVALID_VALUE;
+ }
+
+ role_path = strtok_r(NULL, ",", &saveptr);
+ }
+
+ return USP_ERR_OK;
+}
+
+/*********************************************************************//**
+**
+** DEVICE_CTRUST_IsControllerSecured
+**
+** Determines whether the specified controller has a secured role
+**
+** \param combined_role - pointer to structure containing the role indexes for this controller
+**
+** \return true if the controller has a secured role, false otherwise
+**
+**************************************************************************/
+bool DEVICE_CTRUST_IsControllerSecured()
+{
+ char secured_roles[MAX_DM_PATH];
+ char *role_path;
+ char *saveptr;
+ char *str;
+ char temp[MAX_DM_PATH];
+ int err;
+ role_t *role;
+ int role_instance;
+ combined_role_t combined_role;
+
+ // Exit if unable to get the secured roles
+ err = DATA_MODEL_GetParameterValue("Device.LocalAgent.ControllerTrust.SecuredRoles", secured_roles, sizeof(secured_roles), 0);
+ if (err != USP_ERR_OK)
+ {
+ return false;
+ }
+
+ // Empty string means no secured roles
+ if (*secured_roles == '\0')
+ {
+ return false;
+ }
+
+ MSG_HANDLER_GetMsgRole(&combined_role);
+ // Copy the value as strtok_r modifies the string
+ USP_STRNCPY(temp, secured_roles, sizeof(temp));
+
+ // Iterate through comma-separated list
+ str = temp;
+ role_path = strtok_r(str, ",", &saveptr);
+ while (role_path != NULL)
+ {
+ // Trim whitespace
+ role_path = TEXT_UTILS_TrimBuffer(role_path);
+
+ // Extract the instance number from the role path
+ err = DM_ACCESS_ValidateReference(role_path, "Device.LocalAgent.ControllerTrust.Role.{i}", &role_instance);
+ if (err == USP_ERR_OK)
+ {
+ // Find the role in our internal array
+ role = FindRoleByInstance(role_instance);
+ if (role != NULL)
+ {
+ // Check if this role matches either the inherited or assigned role
+ if ((role - roles == combined_role.inherited_index) ||
+ (role - roles == combined_role.assigned_index))
+ {
+ return true;
+ }
+ }
+ }
+
+ role_path = strtok_r(NULL, ",", &saveptr);
+ }
+
+ return false;
+}
Index: obuspa-10.0.0.1/src/core/device_ctrust.h
===================================================================
--- /dev/null
+++ obuspa-10.0.0.1/src/core/device_ctrust.h
@@ -0,0 +1,48 @@
+/*
+ *
+ * Copyright (C) 2019-2025, Broadband Forum
+ * Copyright (C) 2016-2025, CommScope, Inc
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the copyright holder nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+/**
+ * \file device_ctrust.h
+ *
+ * Header file containing the API functions provided by Controller Trust component
+ *
+ */
+#ifndef DEVICE_CTRUST_H
+#define DEVICE_CTRUST_H
+
+#include "device.h"
+
+bool DEVICE_CTRUST_IsControllerSecured(void);
+
+#endif
Index: obuspa-10.0.0.1/src/include/usp_api.h
===================================================================
--- obuspa-10.0.0.1.orig/src/include/usp_api.h
+++ obuspa-10.0.0.1/src/include/usp_api.h
@@ -422,6 +422,7 @@ typedef struct
#define DM_DECIMAL 0x00000100 // 64 bit floating point number (double)
#define DM_LONG 0x00000200 // 64 bit signed integer (long long)
#define DM_VALUE_CHANGE_WILL_IGNORE 0x00000400 // Do not emit value change notifications for this parameter
+#define DM_SECURE 0x00000800 // secure parameter
//-------------------------------------------------------------------------
// Functions to register the data model
Index: obuspa-10.0.0.1/src/core/group_get_vector.c
===================================================================
--- obuspa-10.0.0.1.orig/src/core/group_get_vector.c
+++ obuspa-10.0.0.1/src/core/group_get_vector.c
@@ -50,6 +50,16 @@
#include "group_get_vector.h"
#include "int_vector.h"
#include "data_model.h"
+#include "device_ctrust.h" // Added to use DEVICE_CTRUST_IsControllerSecured()
+
+//------------------------------------------------------------------------------
+// New function to check secure flag and controller state
+static int IsSecuredParamNotAccessible(char *path)
+{
+ dm_instances_t inst;
+ dm_node_t *node = DM_PRIV_GetNodeFromPath(path, &inst, NULL, 0);
+ return (node && (node->registered.param_info.type_flags & DM_SECURE) && !DEVICE_CTRUST_IsControllerSecured());
+}
//------------------------------------------------------------------------------
// Forward declarations. Note these are not static, because we need them in the symbol table for USP_LOG_Callstack() to show them
@@ -283,14 +293,14 @@ void GROUP_GET_VECTOR_GetValues(group_ge
return;
#endif
- // Iterate over all parameters, getting them if non grouped, otherwise adding them to the relevant group to get
+ // Iterate over all parameters, getting them if non-grouped, otherwise adding them to the relevant group to get
memset(ggv_indexes, 0, sizeof(ggv_indexes));
for (i=0; i < ggv->num_entries; i++)
{
gge = &ggv->vector[i];
if (gge->group_id == NON_GROUPED)
{
- // If the parameter is not grouped, then get its value now.
+ // For non-grouped parameters, directly call DATA_MODEL_GetParameterValue which handles secure parameters internally
gge->err_code = DATA_MODEL_GetParameterValue(gge->path, buf, sizeof(buf), 0);
if (gge->err_code != USP_ERR_OK)
{
@@ -321,7 +331,6 @@ void GROUP_GET_VECTOR_GetValues(group_ge
chunk_size = MIN(GROUP_GET_CHUNK_SIZE, iv->num_entries - start_index);
GetParameterGroup(i, ggv, iv, start_index, chunk_size);
}
-
}
}
@@ -379,88 +388,101 @@ void GetParameterGroup(int group_id, gro
return;
}
- // Add all parameters to get in this group to a key value vector
- // NOTE: We form the key value vector manually to avoid copying the param paths.
- // Ownership of the param paths stay with the group get vector
- params.num_entries = chunk_size;
- params.vector = USP_MALLOC(sizeof(kv_pair_t) * chunk_size);
+ // Prepare a mapping for non-secure parameters and process secure ones directly
+ int non_secure_count = 0;
+ int *non_secure_map = USP_MALLOC(chunk_size * sizeof(int));
for (i=0; i < chunk_size; i++)
{
index = iv->vector[start_index + i];
gge = &ggv->vector[index];
USP_ASSERT(gge->path != NULL);
-
- kv = &params.vector[i];
- kv->key = gge->path;
- kv->value = NULL;
+ if (IsSecuredParamNotAccessible(gge->path))
+ {
+ // For secure parameter when controller is not secured, return empty value
+ gge->value = USP_STRDUP("");
+ gge->err_code = USP_ERR_OK;
+ }
+ else
+ {
+ non_secure_map[non_secure_count] = index;
+ non_secure_count++;
+ }
}
- // Exit if group callback fails
- USP_ERR_ClearMessage();
- err = get_group_cb(group_id, &params);
- if (err != USP_ERR_OK)
+ // If there are non-secure parameters, call the group callback for them
+ if (non_secure_count > 0)
{
- // Mark all results for params in this group with an error
- usp_err_msg = USP_ERR_GetMessage();
- for (i=0; i < chunk_size; i++)
+ params.num_entries = non_secure_count;
+ params.vector = USP_MALLOC(sizeof(kv_pair_t) * non_secure_count);
+ for (i=0; i < non_secure_count; i++)
{
- index = iv->vector[start_index + i];
+ index = non_secure_map[i];
gge = &ggv->vector[index];
- gge->err_code = USP_ERR_INTERNAL_ERROR;
+ USP_ASSERT(gge->path != NULL);
+ kv = &params.vector[i];
+ kv->key = gge->path;
+ kv->value = NULL;
+ }
- // Assign an error message to this param
- if (usp_err_msg[0] != '\0')
- {
- gge->err_msg = USP_STRDUP(usp_err_msg);
- }
- else
+ USP_ERR_ClearMessage();
+ err = get_group_cb(group_id, &params);
+ if (err != USP_ERR_OK)
+ {
+ // Mark all non-secure results with an error
+ usp_err_msg = USP_ERR_GetMessage();
+ for (i=0; i < non_secure_count; i++)
{
- // Form an error message if none was provided
- USP_SNPRINTF(err_msg, sizeof(err_msg), "%s: Get group callback failed for param %s", __FUNCTION__, gge->path);
- gge->err_msg = USP_STRDUP(err_msg);
+ index = non_secure_map[i];
+ gge = &ggv->vector[index];
+ gge->err_code = USP_ERR_INTERNAL_ERROR;
+ if (usp_err_msg[0] != '\0')
+ {
+ gge->err_msg = USP_STRDUP(usp_err_msg);
+ }
+ else
+ {
+ USP_SNPRINTF(err_msg, sizeof(err_msg), "%s: Get group callback failed for param %s", __FUNCTION__, gge->path);
+ gge->err_msg = USP_STRDUP(err_msg);
+ }
+ USP_SAFE_FREE(params.vector[i].value);
}
-
- // NOTE: The group get might have populated a value for some params, so free these values
- USP_SAFE_FREE(params.vector[i].value);
+ USP_FREE(params.vector);
+ USP_FREE(non_secure_map);
+ return;
}
- goto exit;
- }
- // Move all parameter values obtained to the group get vector
- // NOTE: Ownership of the value string transfers from the params vector to the group get vector
- usp_err_msg = USP_ERR_GetMessage();
- empty_count = 0;
- for (i=0; i < chunk_size; i++)
- {
- kv = &params.vector[i];
- index = iv->vector[start_index + i];
- gge = &ggv->vector[index];
-
- if (kv->value != NULL)
- {
- gge->value = kv->value;
- }
- else
+ // Move all parameter values obtained to the group get vector for non-secure parameters
+ usp_err_msg = USP_ERR_GetMessage();
+ empty_count = 0;
+ for (i=0; i < non_secure_count; i++)
{
- // If this is the first parameter with no value, and an error message has been set, then use the error message
- if ((usp_err_msg[0] != '\0') && (empty_count == 0))
+ index = non_secure_map[i];
+ gge = &ggv->vector[index];
+ kv = &params.vector[i];
+
+ if (kv->value != NULL)
{
- USP_SNPRINTF(err_msg, sizeof(err_msg), "%s", usp_err_msg);
+ gge->value = kv->value;
}
else
{
- USP_SNPRINTF(err_msg, sizeof(err_msg), "%s: Get group callback did not provide a value for param %s", __FUNCTION__, gge->path);
+ if ((usp_err_msg[0] != '\0') && (empty_count == 0))
+ {
+ USP_SNPRINTF(err_msg, sizeof(err_msg), "%s", usp_err_msg);
+ }
+ else
+ {
+ USP_SNPRINTF(err_msg, sizeof(err_msg), "%s: Get group callback did not provide a value for param %s", __FUNCTION__, gge->path);
+ }
+ gge->err_code = USP_ERR_INTERNAL_ERROR;
+ gge->err_msg = USP_STRDUP(err_msg);
+ empty_count++;
}
- gge->err_code = USP_ERR_INTERNAL_ERROR;
- gge->err_msg = USP_STRDUP(err_msg);
- empty_count++;
}
+ USP_FREE(params.vector);
}
-exit:
- // Destroy the key-value vector.
- // As ownership of all strings in it have transferred to the group get vector, we only have to free the array itself
- USP_FREE(params.vector);
+ USP_FREE(non_secure_map);
}
/*********************************************************************//**
@@ -487,9 +509,10 @@ void GetParametersIndividually(group_get
for (i=0; i < ggv->num_entries; i++)
{
gge = &ggv->vector[i];
+
if (gge->group_id == NON_GROUPED)
{
- // Non-grouped parameters can directly call DATA_MODEL_GetParameterValue()
+ // For non-grouped parameters, directly call DATA_MODEL_GetParameterValue which handles secure parameters internally
gge->err_code = DATA_MODEL_GetParameterValue(gge->path, buf, sizeof(buf), 0);
if (gge->err_code == USP_ERR_OK)
{
@@ -498,42 +521,51 @@ void GetParametersIndividually(group_get
}
else
{
- // Grouped parameters cannot call DATA_MODEL_GetParameterValue(), as that would cause infinite recursion
- get_group_cb = group_vendor_hooks[gge->group_id].get_group_cb;
- if (get_group_cb == NULL)
+ // For grouped parameters, check if the parameter is secure and the controller is not secured
+ if (IsSecuredParamNotAccessible(gge->path))
{
- // Set an error message, if no group callback registered for this parameter
- USP_ERR_SetMessage("%s: No registered group callback to get param %s", __FUNCTION__, gge->path);
- gge->err_code = USP_ERR_INTERNAL_ERROR;
+ gge->value = USP_STRDUP("");
+ gge->err_code = USP_ERR_OK;
}
else
{
- // Get this grouped parameter individually using the group get callback
- pv.num_entries = 1;
- pv.vector = &param;
- param.key = gge->path;
- param.value = NULL;
-
- USP_ERR_ClearMessage();
- gge->err_code = get_group_cb(gge->group_id, &pv);
- if (gge->err_code != USP_ERR_OK)
+ // Grouped parameters cannot call DATA_MODEL_GetParameterValue(), as that would cause infinite recursion
+ get_group_cb = group_vendor_hooks[gge->group_id].get_group_cb;
+ if (get_group_cb == NULL)
{
- USP_ERR_ReplaceEmptyMessage("%s: group get failed for '%s' (%s)", __FUNCTION__, gge->path, USP_ERR_UspErrToString(gge->err_code));
- USP_SAFE_FREE(param.value)
+ // Set an error message, if no group callback registered for this parameter
+ USP_ERR_SetMessage("%s: No registered group callback to get param %s", __FUNCTION__, gge->path);
+ gge->err_code = USP_ERR_INTERNAL_ERROR;
}
else
{
- if (param.value != NULL)
+ // Get this grouped parameter individually using the group get callback
+ pv.num_entries = 1;
+ pv.vector = &param;
+ param.key = gge->path;
+ param.value = NULL;
+
+ USP_ERR_ClearMessage();
+ gge->err_code = get_group_cb(gge->group_id, &pv);
+ if (gge->err_code != USP_ERR_OK)
{
- // Move ownership of the returned string from param.value to gge->value
- gge->value = param.value;
- param.value = NULL; // not strictly necessary
+ USP_ERR_ReplaceEmptyMessage("%s: group get failed for '%s' (%s)", __FUNCTION__, gge->path, USP_ERR_UspErrToString(gge->err_code));
+ USP_SAFE_FREE(param.value)
}
else
{
- // If no value was returned, then this is also reported as an error in the group get array
- USP_ERR_ReplaceEmptyMessage("%s: Get group callback did not provide a value for param %s", __FUNCTION__, gge->path);
- gge->err_code = USP_ERR_INTERNAL_ERROR;
+ if (param.value != NULL)
+ {
+ // Move ownership of the returned string from param.value to gge->value
+ gge->value = param.value;
+ param.value = NULL; // not strictly necessary
+ }
+ else
+ {
+ // If no value was returned, then this is also reported as an error in the group get array
+ USP_ERR_ReplaceEmptyMessage("%s: Get group callback did not provide a value for param %s", __FUNCTION__, gge->path);
+ gge->err_code = USP_ERR_INTERNAL_ERROR;
+ }
}
}
}
@@ -546,3 +578,4 @@ void GetParametersIndividually(group_get
}
}
}
+

527
obuspa/patches/1000-SecuredRole-bbfdm.patch Normal file
View file

@ -0,0 +1,527 @@
Index: obuspa-10.0.0.2/src/core/device.h
===================================================================
--- obuspa-10.0.0.2.orig/src/core/device.h
+++ obuspa-10.0.0.2/src/core/device.h
@@ -305,6 +305,8 @@ void DEVICE_CTRUST_ApplyPermissionsToSub
char *DEVICE_CTRUST_InstSelToPermTarget(int role_index, void *is, int *perm_instance);
int DEVICE_CTRUST_SetRoleParameter(int instance, char *param_name, char *new_value);
int DEVICE_CTRUST_SetPermissionParameter(int instance1, int instance2, char *param_name, char *new_value);
+bool DEVICE_CTRUST_IsControllerSecured(void);
+
int DEVICE_REQUEST_Init(void);
int DEVICE_REQUEST_Add(char *path, char *command_key, int *instance);
void DEVICE_REQUEST_OperationComplete(int instance, int err_code, char *err_msg, kv_vector_t *output_args);
Index: obuspa-10.0.0.2/src/core/device_ctrust.c
===================================================================
--- obuspa-10.0.0.2.orig/src/core/device_ctrust.c
+++ obuspa-10.0.0.2/src/core/device_ctrust.c
@@ -235,6 +235,7 @@ credential_t *FindCredentialByCertInstan
int Get_CredentialRole(dm_req_t *req, char *buf, int len);
int Get_CredentialCertificate(dm_req_t *req, char *buf, int len);
int Get_CredentialNumEntries(dm_req_t *req, char *buf, int len);
+int Validate_SecuredRoles(dm_req_t *req, char *value);
#ifndef REMOVE_DEVICE_SECURITY
int InitChallengeTable();
@@ -354,6 +355,10 @@ int DEVICE_CTRUST_Init(void)
challenge_response_input_args, NUM_ELEM(challenge_response_input_args),
NULL, 0);
#endif
+
+ // Register Device.LocalAgent.ControllerTrust.SecuredRoles parameter
+ err |= USP_REGISTER_DBParam_ReadWrite(DEVICE_CTRUST_ROOT ".SecuredRoles", "", Validate_SecuredRoles, NULL, DM_STRING);
+
// Exit if any errors occurred
if (err != USP_ERR_OK)
{
@@ -2908,3 +2913,139 @@ exit:
return err;
}
#endif // REMOVE_DEVICE_SECURITY
+
+
+/*********************************************************************//**
+**
+** Validate_SecuredRoles
+**
+** Validates Device.LocalAgent.ControllerTrust.SecuredRoles
+** Each list item MUST be the Path Name of a row in the Device.LocalAgent.ControllerTrust.Role table
+**
+** \param req - pointer to structure identifying the parameter
+** \param value - value that the controller would like to set the parameter to
+**
+** \return USP_ERR_OK if successful
+**
+**************************************************************************/
+int Validate_SecuredRoles(dm_req_t *req, char *value)
+{
+ char *role_path;
+ char *saveptr;
+ char *str;
+ char temp[MAX_DM_PATH];
+ int role_instance;
+ int err;
+
+ // Empty string is valid
+ if (*value == '\0')
+ {
+ return USP_ERR_OK;
+ }
+
+ // Copy the value as strtok_r modifies the string
+ USP_STRNCPY(temp, value, sizeof(temp));
+
+ // Iterate through comma-separated list
+ str = temp;
+ role_path = strtok_r(str, ",", &saveptr);
+ while (role_path != NULL)
+ {
+ // Trim whitespace
+ role_path = TEXT_UTILS_TrimBuffer(role_path);
+
+ // Verify that this path exists in the Role table using DM_ACCESS_ValidateReference
+ err = DM_ACCESS_ValidateReference(role_path, "Device.LocalAgent.ControllerTrust.Role.{i}", &role_instance);
+ if (err != USP_ERR_OK)
+ {
+ USP_ERR_SetMessage("%s: Role path '%s' does not exist in Device.LocalAgent.ControllerTrust.Role table", __FUNCTION__, role_path);
+ return USP_ERR_INVALID_VALUE;
+ }
+
+ role_path = strtok_r(NULL, ",", &saveptr);
+ }
+
+ return USP_ERR_OK;
+}
+
+/*********************************************************************//**
+**
+** DEVICE_CTRUST_IsControllerSecured
+**
+** Determines whether the specified controller has a secured role
+**
+** \param combined_role - pointer to structure containing the role indexes for this controller
+**
+** \return true if the controller has a secured role, false otherwise
+**
+**************************************************************************/
+bool DEVICE_CTRUST_IsControllerSecured()
+{
+ char secured_roles[MAX_DM_PATH];
+ char *role_path;
+ char *saveptr;
+ char *str;
+ char temp[MAX_DM_PATH];
+ int err;
+ role_t *role;
+ int role_instance;
+ combined_role_t combined_role;
+ controller_info_t ci;
+
+ // Exit if unable to get the secured roles
+ err = DATA_MODEL_GetParameterValue("Device.LocalAgent.ControllerTrust.SecuredRoles", secured_roles, sizeof(secured_roles), 0);
+ if (err != USP_ERR_OK)
+ {
+ return false;
+ }
+
+ // Empty string means no secured roles
+ if (*secured_roles == '\0')
+ {
+ return false;
+ }
+
+ MSG_HANDLER_GetControllerInfo(&ci);
+ if (ci.endpoint_id == NULL)
+ {
+ return false;
+ }
+ if(strlen(ci.endpoint_id) == 0)
+ {
+ return false;
+ }
+
+ MSG_HANDLER_GetMsgRole(&combined_role);
+ // Copy the value as strtok_r modifies the string
+ USP_STRNCPY(temp, secured_roles, sizeof(temp));
+
+ // Iterate through comma-separated list
+ str = temp;
+ role_path = strtok_r(str, ",", &saveptr);
+ while (role_path != NULL)
+ {
+ // Trim whitespace
+ role_path = TEXT_UTILS_TrimBuffer(role_path);
+
+ // Extract the instance number from the role path
+ err = DM_ACCESS_ValidateReference(role_path, "Device.LocalAgent.ControllerTrust.Role.{i}", &role_instance);
+ if (err == USP_ERR_OK)
+ {
+ // Find the role in our internal array
+ role = FindRoleByInstance(role_instance);
+ if (role != NULL)
+ {
+ // Check if this role matches either the inherited or assigned role
+ if ((role - roles == combined_role.inherited_index) ||
+ (role - roles == combined_role.assigned_index))
+ {
+ return true;
+ }
+ }
+ }
+
+ role_path = strtok_r(NULL, ",", &saveptr);
+ }
+
+ return false;
+}
Index: obuspa-10.0.0.2/src/vendor/bbf_plugin/stomp_dm.c
===================================================================
--- obuspa-10.0.0.2.orig/src/vendor/bbf_plugin/stomp_dm.c
+++ obuspa-10.0.0.2/src/vendor/bbf_plugin/stomp_dm.c
@@ -661,44 +661,6 @@ static int set_STOMPConnection_EnableEnc
return ret;
}
-static int get_STOMPConnection_ArrisEnableEncryption(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
-{
- struct dm_data *ob_data = (struct dm_data *)data;
-
- *value = dmjson_get_value(ob_data->json_object, 1, "X_ARRIS-COM_EnableEncryption");
- return 0;
-}
-
-static int set_STOMPConnection_ArrisEnableEncryption(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action)
-{
- char param_path[MAX_PATH_LEN] = {0};
- int ret = FAULT_9002;
-
- struct dm_data *ob_data = (struct dm_data *)data;
- char *dm_path = (char *)ob_data->additional_data;
-
- if (DM_STRLEN(dm_path) == 0) {
- return ret;
- }
-
- switch (action) {
- case VALUECHECK:
- if (bbfdm_validate_boolean(ctx, value)) {
- ret = FAULT_9007;
- break;
- }
-
- ret = 0;
- break;
- case VALUESET:
- snprintf(param_path, sizeof(param_path), "%s.X_ARRIS-COM_EnableEncryption", dm_path);
- ret = set_succeed(param_path, value);
- break;
- }
-
- return ret;
-}
-
/**********************************************************************************************************************************
* OBJ & PARAM DEFINITION
***********************************************************************************************************************************/
@@ -734,7 +696,6 @@ DMLEAF tSTOMPConnectionParams[] = {
{"ServerRetryIntervalMultiplier", &DMWRITE, DMT_UNINT, get_STOMPConnection_ServerRetryIntervalMultiplier, set_STOMPConnection_ServerRetryIntervalMultiplier, BBFDM_CWMP},
{"ServerRetryMaxInterval", &DMWRITE, DMT_UNINT, get_STOMPConnection_ServerRetryMaxInterval, set_STOMPConnection_ServerRetryMaxInterval, BBFDM_CWMP},
{"EnableEncryption", &DMWRITE, DMT_BOOL, get_STOMPConnection_EnableEncryption, set_STOMPConnection_EnableEncryption, BBFDM_CWMP},
-{"X_ARRIS-COM_EnableEncryption", &DMWRITE, DMT_BOOL, get_STOMPConnection_ArrisEnableEncryption, set_STOMPConnection_ArrisEnableEncryption, BBFDM_CWMP},
{0}
};
#endif
Index: obuspa-10.0.0.2/src/vendor/vendor_datamodel_ext.c
===================================================================
--- obuspa-10.0.0.2.orig/src/vendor/vendor_datamodel_ext.c
+++ obuspa-10.0.0.2/src/vendor/vendor_datamodel_ext.c
@@ -694,7 +694,7 @@ int session_start(dm_req_t *req, char *c
USP_ARG_GetUnsigned(input_args, "Timeout", 300, &timeout);
arg.len = (int) timeout;
- _get_controller_id(arg.ceid);
+ _get_controller_info(&arg);
ubus_enqueue_cmd(&arg);
@@ -708,7 +708,7 @@ int session_commit(dm_req_t *req, char *
memset(&arg, 0, sizeof(vendor_data_t));
arg.cmd = CMD_SESSION_MGMT;
arg.path = "commit";
- _get_controller_id(arg.ceid);
+ _get_controller_info(&arg);
ubus_enqueue_cmd(&arg);
@@ -722,7 +722,7 @@ int session_abort(dm_req_t *req, char *c
memset(&arg, 0, sizeof(vendor_data_t));
arg.cmd = CMD_SESSION_MGMT;
arg.path = "abort";
- _get_controller_id(arg.ceid);
+ _get_controller_info(&arg);
// check and reset session
ubus_enqueue_cmd(&arg);
Index: obuspa-10.0.0.2/src/vendor/vendor_ubus_thread.c
===================================================================
--- obuspa-10.0.0.2.orig/src/vendor/vendor_ubus_thread.c
+++ obuspa-10.0.0.2/src/vendor/vendor_ubus_thread.c
@@ -94,6 +94,8 @@ static struct ubus_thread_global g_ubus_
#define USP_PROTO "usp"
#define MIN_NUM_TO_GROUP (10)
+extern int vendor_create_dm_cache(char *paths[], int num_paths);
+
static void _pull_instances(const char *path, str_vector_t *inst_vec);
static int _uspd_call(struct ubus_context *ctx, const char *object, const char *method,
struct blob_buf *data, ubus_data_handler_t callback,
@@ -489,16 +491,25 @@ static void _get_value_single_cb(struct
blobmsg_for_each_attr(cur, params, rem) {
char path[MAX_DM_PATH] = {0}, val[MAX_DM_VALUE_LEN] = {0};
int fault;
+ str_vector_t flags_vec;
- fault = get_details_from_blob(cur, path, val, NULL, NULL, NULL);
+ STR_VECTOR_Init(&flags_vec);
+ fault = get_details_from_blob(cur, path, val, NULL, NULL, &flags_vec);
if (fault != USP_ERR_OK) {
arg->fault = fault;
}
if (strcmp(path, arg->path) == 0) {
+ if (STR_VECTOR_Find(&flags_vec, DM_FLAG_SECURE) != INVALID) {
+ if (arg->is_secured == false) {
+ val[0]='\0';
+ }
+ }
USP_STRNCPY(arg->p_value, val, arg->len);
+ STR_VECTOR_Destroy(&flags_vec);
break;
}
+ STR_VECTOR_Destroy(&flags_vec);
}
}
@@ -548,12 +559,20 @@ static void _get_value_group_cb(struct u
blobmsg_for_each_attr(cur, params, rem) {
char path[MAX_DM_PATH], val[MAX_DM_VALUE_LEN];
int fault;
+ str_vector_t flags_vec;
- fault = get_details_from_blob(cur, path, val, NULL, NULL, NULL);
+ STR_VECTOR_Init(&flags_vec);
+ fault = get_details_from_blob(cur, path, val, NULL, NULL, &flags_vec);
if (fault != USP_ERR_OK) {
arg->fault = fault;
}
+ if (STR_VECTOR_Find(&flags_vec, DM_FLAG_SECURE) != INVALID) {
+ if (arg->is_secured == false) {
+ val[0]='\0';
+ }
+ }
USP_ARG_Add(&pv_set, path, val);
+ STR_VECTOR_Destroy(&flags_vec);
}
if (arg->kv) {
@@ -1648,22 +1667,27 @@ int ubus_thread_cleanup(void)
return USP_ERR_OK;
}
-int _get_controller_id(char *id)
+int _get_controller_info(vendor_data_t *argp)
{
- if (!id)
+ if (!argp)
return INVALID;
controller_info_t ci;
- id[0] = '\0'; // init with the empty value
+ argp->ceid[0] = '\0'; // init with the empty value
memset(&ci, 0, sizeof(controller_info_t));
MSG_HANDLER_GetControllerInfo(&ci);
if (ci.endpoint_id != NULL) {
if (ci.endpoint_id[0] > 'A' && ci.endpoint_id[0] < 'z') {
- USP_STRNCPY(id, ci.endpoint_id, MAX_DM_PATH); // Only copy if its a valid string
+ USP_STRNCPY(argp->ceid, ci.endpoint_id, MAX_DM_PATH); // Only copy if its a valid string
}
}
+ if (DEVICE_CTRUST_IsControllerSecured()) {
+ USP_LOG_Debug("Controller [%s] is secured", argp->ceid);
+ argp->is_secured = true;
+ }
+
return USP_ERR_OK;
}
Index: obuspa-10.0.0.2/src/vendor/vendor_ubus_thread.h
===================================================================
--- obuspa-10.0.0.2.orig/src/vendor/vendor_ubus_thread.h
+++ obuspa-10.0.0.2/src/vendor/vendor_ubus_thread.h
@@ -73,6 +73,7 @@ typedef struct
int inst;
int fault;
int ipc_timeout;
+ bool is_secured;
str_vector_t *vec;
kv_vector_t *kv;
kv_vector_t *kv_out;
@@ -90,7 +91,7 @@ int ubus_thread_cleanup(void);
int ubus_enqueue_cmd(vendor_data_t *arg);
// Utility functions
-int _get_controller_id(char *id);
+int _get_controller_info(vendor_data_t *arg);
int uspd_call(struct ubus_context *ctx, const char *method, struct blob_buf *data, ubus_data_handler_t callback, vendor_data_t *arg);
int uspd_call_async(const char *method, struct blob_buf *data, ubus_data_handler_t callback, void *priv);
#endif // VENDOR_UBUS_THREAD_H
Index: obuspa-10.0.0.2/src/vendor/vendor_uspd.c
===================================================================
--- obuspa-10.0.0.2.orig/src/vendor/vendor_uspd.c
+++ obuspa-10.0.0.2/src/vendor/vendor_uspd.c
@@ -35,6 +35,7 @@
#include <stdbool.h>
#include "vendor_uspd.h"
+#include "msg_handler.h"
#include "os_utils.h"
#include "common_defs.h"
#include "str_vector.h"
@@ -116,7 +117,7 @@ static int uspd_operate_async(dm_req_t *
arg.path = req->path;
arg.kv = input_args;
arg.inst = instance;
- _get_controller_id(arg.ceid);
+ _get_controller_info(&arg);
ubus_enqueue_cmd(&arg);
@@ -135,7 +136,7 @@ static int uspd_operate_sync(dm_req_t *r
arg.p_value = command_key;
arg.kv = input_args;
arg.kv_out = output_args;
- _get_controller_id(arg.ceid);
+ _get_controller_info(&arg);
ubus_enqueue_cmd(&arg);
@@ -266,7 +267,7 @@ static int group_get(int group_id, kv_ve
arg.ipc_timeout = g_uspd.ipc_timeout;
arg.path = group_path;
arg.kv = params;
- _get_controller_id(arg.ceid);
+ _get_controller_info(&arg);
ubus_enqueue_cmd(&arg);
}
USP_LOG_Debug("Group %s, cached index %d, is_cached %d, fault %d",g_uspd.group_vec.vector[group_id], g_uspd.cached_dm.num_entries, ret, arg.fault);
@@ -284,7 +285,7 @@ static int uspd_set_value(dm_req_t *req,
arg.path = req->path;
arg.p_value = buf;
arg.len = strlen(buf);
- _get_controller_id(arg.ceid);
+ _get_controller_info(&arg);
ubus_enqueue_cmd(&arg);
@@ -305,7 +306,7 @@ static int group_set(int group_id, kv_ve
arg.ipc_timeout = g_uspd.ipc_timeout;
arg.kv = params;
arg.p_failure_index = failure_index;
- _get_controller_id(arg.ceid);
+ _get_controller_info(&arg);
ubus_enqueue_cmd(&arg);
@@ -329,7 +330,7 @@ static int group_add(int group_id, char
arg.ipc_timeout = g_uspd.ipc_timeout;
arg.path = temp;
arg.p_instance = instance;
- _get_controller_id(arg.ceid);
+ _get_controller_info(&arg);
ubus_enqueue_cmd(&arg);
@@ -355,7 +356,7 @@ static int group_del(int group_id, char
arg.cmd = CMD_DEL;
arg.ipc_timeout = g_uspd.ipc_timeout;
arg.path = temp;
- _get_controller_id(arg.ceid);
+ _get_controller_info(&arg);
ubus_enqueue_cmd(&arg);
@@ -608,7 +609,7 @@ static int initiate_data_caching(str_vec
arg.ipc_timeout = 10 * g_uspd.ipc_timeout;
arg.path = path_vec->vector[i];
arg.vec = &g_uspd.cached_instances;
- _get_controller_id(arg.ceid);
+ _get_controller_info(&arg);
ubus_enqueue_cmd(&arg);
// Caching with datamodel kv
@@ -617,7 +618,7 @@ static int initiate_data_caching(str_vec
arg.ipc_timeout = 10 * g_uspd.ipc_timeout;
arg.path = path_vec->vector[i];
arg.kv_out = &g_uspd.cached_dm;
- _get_controller_id(arg.ceid);
+ _get_controller_info(&arg);
ubus_enqueue_cmd(&arg);
}
@@ -640,7 +641,7 @@ static int uspd_get_value(dm_req_t *req,
arg.path = req->path;
arg.p_value = buf;
arg.len = len;
- _get_controller_id(arg.ceid);
+ _get_controller_info(&arg);
ubus_enqueue_cmd(&arg);
} else {
USP_STRNCPY(buf, kv_param.vector[0].value, len)
@@ -710,9 +711,6 @@ static void uspd_register_leaf(char *spa
int type;
type = convert_dmt_to_dmtype(bbf_dmt);
- if (flags_vec && STR_VECTOR_Find(flags_vec, DM_FLAG_SECURE) != INVALID) {
- type |= DM_SECURE;
- }
group = get_associated_group(spath);
if (group == INVALID) {
@@ -768,7 +766,7 @@ static int cache_const_dm(kv_vector_t *c
arg.cmd = CMD_GROUP_GET;
arg.ipc_timeout = g_uspd.ipc_timeout;
arg.path = "Device.DeviceInfo.";
- _get_controller_id(arg.ceid);
+ _get_controller_info(&arg);
ubus_enqueue_cmd(&arg);
@@ -1033,7 +1031,7 @@ static int uspd_tran_start()
memset(&arg, 0, sizeof(vendor_data_t));
arg.cmd = CMD_TRAN_START;
arg.ipc_timeout = g_uspd.ipc_timeout;
- _get_controller_id(arg.ceid);
+ _get_controller_info(&arg);
ubus_enqueue_cmd(&arg);
@@ -1047,7 +1045,7 @@ static int uspd_tran_commit()
memset(&arg, 0, sizeof(vendor_data_t));
arg.cmd = CMD_TRAN_COMMIT;
arg.ipc_timeout = g_uspd.ipc_timeout;
- _get_controller_id(arg.ceid);
+ _get_controller_info(&arg);
ubus_enqueue_cmd(&arg);
@@ -1061,7 +1059,7 @@ static int uspd_tran_abort()
memset(&arg, 0, sizeof(vendor_data_t));
arg.cmd = CMD_TRAN_ABORT;
arg.ipc_timeout = g_uspd.ipc_timeout;
- _get_controller_id(arg.ceid);
+ _get_controller_info(&arg);
ubus_enqueue_cmd(&arg);

16
obuspa/patches/1000-suppress-logs.patch
View file

@ -1,7 +1,7 @@
Index: obuspa-10.0.0.1/src/core/cli_server.c
Index: obuspa-10.0.0.2/src/core/cli_server.c
===================================================================
--- obuspa-10.0.0.1.orig/src/core/cli_server.c
+++ obuspa-10.0.0.1/src/core/cli_server.c
--- obuspa-10.0.0.2.orig/src/core/cli_server.c
+++ obuspa-10.0.0.2/src/core/cli_server.c
@@ -724,10 +724,6 @@ int ExecuteCli_Get(str_vector_t *args)
USP_ASSERT(gge->value != NULL);
SendCliResponse("%s => %s\n", gge->path, gge->value);
@ -13,11 +13,11 @@ Index: obuspa-10.0.0.1/src/core/cli_server.c
}
GROUP_GET_VECTOR_Destroy(&ggv);
Index: obuspa-10.0.0.1/src/core/data_model.c
Index: obuspa-10.0.0.2/src/core/data_model.c
===================================================================
--- obuspa-10.0.0.1.orig/src/core/data_model.c
+++ obuspa-10.0.0.1/src/core/data_model.c
@@ -1330,7 +1330,7 @@ int DATA_MODEL_NotifyInstanceAdded(char
--- obuspa-10.0.0.2.orig/src/core/data_model.c
+++ obuspa-10.0.0.2/src/core/data_model.c
@@ -1321,7 +1321,7 @@ int DATA_MODEL_NotifyInstanceAdded(char
// Exit if instance already exists - nothing to do
if (exists)
{
@ -26,7 +26,7 @@ Index: obuspa-10.0.0.1/src/core/data_model.c
return USP_ERR_CREATION_FAILURE;
}
@@ -1418,7 +1418,7 @@ int DATA_MODEL_NotifyInstanceDeleted(cha
@@ -1409,7 +1409,7 @@ int DATA_MODEL_NotifyInstanceDeleted(cha
// Exit if instance does not exist - nothing to do
if (exists == false)
{

8
obuspa/patches/1003-ct-full-access-rename.patch
View file

@ -1,8 +1,8 @@
Index: obuspa-10.0.0.1/src/core/data_model.c
Index: obuspa-10.0.0.2/src/core/data_model.c
===================================================================
--- obuspa-10.0.0.1.orig/src/core/data_model.c
+++ obuspa-10.0.0.1/src/core/data_model.c
@@ -5356,7 +5356,7 @@ int RegisterDefaultControllerTrust(void)
--- obuspa-10.0.0.2.orig/src/core/data_model.c
+++ obuspa-10.0.0.2/src/core/data_model.c
@@ -5347,7 +5347,7 @@ int RegisterDefaultControllerTrust(void)
int err = USP_ERR_OK;
// Register 'Full Access' role

20
obuspa/patches/2001-validate-controller-mtp.patch
View file

@ -1,8 +1,8 @@
Index: obuspa-10.0.0.1/src/core/device.h
Index: obuspa-10.0.0.2/src/core/device.h
===================================================================
--- obuspa-10.0.0.1.orig/src/core/device.h
+++ obuspa-10.0.0.1/src/core/device.h
@@ -344,6 +344,10 @@ void DEVICE_CONTROLLER_SetInheritedRole(
--- obuspa-10.0.0.2.orig/src/core/device.h
+++ obuspa-10.0.0.2/src/core/device.h
@@ -346,6 +346,10 @@ void DEVICE_CONTROLLER_SetInheritedRole(
int DEVICE_CONTROLLER_CountEnabledWebsockClientConnections(void);
#endif
@ -13,10 +13,10 @@ Index: obuspa-10.0.0.1/src/core/device.h
#ifndef REMOVE_USP_BROKER
int DEVICE_SUBSCRIPTION_RouteNotification(Usp__Msg *usp, int instance, char *subscribed_path);
bool DEVICE_SUBSCRIPTION_MarkVendorLayerSubs(int broker_instance, subs_notify_t notify_type, char *path, int group_id);
Index: obuspa-10.0.0.1/src/core/device_controller.c
Index: obuspa-10.0.0.2/src/core/device_controller.c
===================================================================
--- obuspa-10.0.0.1.orig/src/core/device_controller.c
+++ obuspa-10.0.0.1/src/core/device_controller.c
--- obuspa-10.0.0.2.orig/src/core/device_controller.c
+++ obuspa-10.0.0.2/src/core/device_controller.c
@@ -968,6 +968,78 @@ int DEVICE_CONTROLLER_QueueBinaryMessage
return USP_ERR_OK;
}
@ -96,10 +96,10 @@ Index: obuspa-10.0.0.1/src/core/device_controller.c
/*********************************************************************//**
**
** DEVICE_CONTROLLER_IsMTPConfigured
Index: obuspa-10.0.0.1/src/core/msg_handler.c
Index: obuspa-10.0.0.2/src/core/msg_handler.c
===================================================================
--- obuspa-10.0.0.1.orig/src/core/msg_handler.c
+++ obuspa-10.0.0.1/src/core/msg_handler.c
--- obuspa-10.0.0.2.orig/src/core/msg_handler.c
+++ obuspa-10.0.0.2/src/core/msg_handler.c
@@ -1220,6 +1220,15 @@ int ValidateUspRecord(UspRecord__Record
usp_service_instance = USP_BROKER_GetUspServiceInstance(rec->from_id, 0);
#endif