mirror/iopsys-feed
1
0
Fork 0
mirror of https://dev.iopsys.eu/feed/iopsys.git synced 2025-12-10 07:44:50 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

obuspa: Integrate v8.0.1

Browse source
This commit is contained in:
Vivek Kumar Dutta 2024-05-14 05:27:01 +00:00
parent 5ef2db2754
commit eeae93881d
12 changed files with 462 additions and 388 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
obuspa/Makefile
View file

@ -5,13 +5,13 @@
include $(TOPDIR)/rules.mk include $(TOPDIR)/rules.mk
PKG_NAME:=obuspa PKG_NAME:=obuspa
PKG_VERSION:=7.0.5.24 PKG_VERSION:=8.0.1.1
LOCAL_DEV:=0 LOCAL_DEV:=0
ifneq ($(LOCAL_DEV),1) ifneq ($(LOCAL_DEV),1)
PKG_SOURCE_PROTO:=git PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/obuspa.git PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/obuspa.git
PKG_SOURCE_VERSION:=371d2c96d1d410b3d52cfe65505750843f2d1d6e PKG_SOURCE_VERSION:=58158036ce83bacfe40a31254f910190d0d8afc0
PKG_MAINTAINER:=Vivek Dutta <vivek.dutta@iopsys.eu> PKG_MAINTAINER:=Vivek Dutta <vivek.dutta@iopsys.eu>
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
PKG_MIRROR_HASH:=skip PKG_MIRROR_HASH:=skip
@ -96,16 +96,19 @@ define Package/obuspa/install
$(INSTALL_DIR) $(1)/usr/sbin $(INSTALL_DIR) $(1)/usr/sbin
$(INSTALL_DIR) $(1)/etc/init.d $(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_DIR) $(1)/etc/config $(INSTALL_DIR) $(1)/etc/config
$(INSTALL_DIR) $(1)/etc/obuspa $(INSTALL_DIR) $(1)/etc/obuspa/roles
$(INSTALL_DIR) $(1)/etc/uci-defaults $(INSTALL_DIR) $(1)/etc/uci-defaults
$(INSTALL_DIR) $(1)/etc/udhcpc.user.d $(INSTALL_DIR) $(1)/etc/udhcpc.user.d
$(INSTALL_BIN) $(PKG_BUILD_DIR)/obuspa $(1)/usr/sbin/ $(INSTALL_BIN) $(PKG_BUILD_DIR)/obuspa $(1)/usr/sbin/
$(INSTALL_BIN) ./files/etc/init.d/obuspa $(1)/etc/init.d/ $(INSTALL_BIN) ./files/etc/init.d/obuspa $(1)/etc/init.d/
$(INSTALL_DATA) ./files/etc/config/obuspa $(1)/etc/config/ $(INSTALL_DATA) ./files/etc/config/obuspa $(1)/etc/config/
$(INSTALL_DATA) ./files/etc/obuspa/roles.json $(1)/etc/obuspa/roles.json $(INSTALL_DATA) ./files/etc/obuspa/roles/*.json $(1)/etc/obuspa/roles/
$(INSTALL_DATA) ./files/etc/obuspa/usp_utils.sh $(1)/etc/obuspa/
echo "$(CONFIG_BBF_VENDOR_PREFIX)" > $(1)/etc/obuspa/vendor_prefix
$(INSTALL_DATA) ./files/etc/obuspa/dmcaching_exclude.json $(1)/etc/obuspa/dmcaching_exclude.json $(INSTALL_DATA) ./files/etc/obuspa/dmcaching_exclude.json $(1)/etc/obuspa/dmcaching_exclude.json
$(INSTALL_BIN) ./files/etc/uci-defaults/01-fix-upgrade-uci $(1)/etc/uci-defaults/ $(INSTALL_BIN) ./files/etc/uci-defaults/01-fix-upgrade-uci $(1)/etc/uci-defaults/
$(INSTALL_BIN) ./files/etc/uci-defaults/02-obuspa-dhcp-option $(1)/etc/uci-defaults/ $(INSTALL_BIN) ./files/etc/uci-defaults/02-obuspa-dhcp-option $(1)/etc/uci-defaults/
$(INSTALL_BIN) ./files/etc/uci-defaults/60-generate-ctrust-defaults $(1)/etc/uci-defaults/
$(INSTALL_BIN) ./files/etc/udhcpc.user.d/udhcpc_obuspa_opt125.user $(1)/etc/udhcpc.user.d/udhcpc_obuspa_opt125.user $(INSTALL_BIN) ./files/etc/udhcpc.user.d/udhcpc_obuspa_opt125.user $(1)/etc/udhcpc.user.d/udhcpc_obuspa_opt125.user
$(BBFDM_INSTALL_CORE_PLUGIN) ./files/etc/bbfdm/json/USPAgent.json $(1) $(BBFDM_INSTALL_CORE_PLUGIN) ./files/etc/bbfdm/json/USPAgent.json $(1)
ifeq ($(CONFIG_OBUSPA_ENABLE_TEST_CONTROLLER),y) ifeq ($(CONFIG_OBUSPA_ENABLE_TEST_CONTROLLER),y)

1
obuspa/files/etc/config/obuspa
View file

@ -5,7 +5,6 @@ config obuspa 'global'
option log_level '2' option log_level '2'
option prototrace '0' option prototrace '0'
option db_file '/etc/obuspa/usp.db' option db_file '/etc/obuspa/usp.db'
option role_file '/etc/obuspa/roles.json'
option dm_caching_exclude '/etc/obuspa/dmcaching_exclude.json' option dm_caching_exclude '/etc/obuspa/dmcaching_exclude.json'
#option trust_cert '/etc/obuspa/ca.pem' #option trust_cert '/etc/obuspa/ca.pem'
#option client_cert '/etc/obuspa/client.pem' #option client_cert '/etc/obuspa/client.pem'

142
obuspa/files/etc/init.d/obuspa
View file

@ -10,7 +10,7 @@ CONFIGURATION=obuspa
ENV_PROFILE="/root/.profile" ENV_PROFILE="/root/.profile"
KEEP_FILE="/lib/upgrade/keep.d/obuspa" KEEP_FILE="/lib/upgrade/keep.d/obuspa"
RESET_FILE="/tmp/obuspa/obuspa_param_reset.txt" RESET_FILE="/tmp/obuspa/fw_defaults"
SQL_DB_FILE="/tmp/obuspa/usp.db" SQL_DB_FILE="/tmp/obuspa/usp.db"
DB_DUMP="/tmp/obuspa/usp.dump_$(date +%s)" DB_DUMP="/tmp/obuspa/usp.dump_$(date +%s)"
@ -19,6 +19,7 @@ INSTANCE_COUNT=0
. /lib/functions/network.sh . /lib/functions/network.sh
. /usr/share/libubox/jshn.sh . /usr/share/libubox/jshn.sh
. /etc/obuspa/usp_utils.sh
global_init() global_init()
{ {
@ -76,7 +77,7 @@ db_set()
dump_db() dump_db()
{ {
${PROG} -v0 -f ${SQL_DB_FILE} -c show database |awk '/^Device./ || /^Internal./ {print $1 " \"" $3 "\""}' | sort > ${DB_DUMP} ${PROG} -v0 -f ${SQL_DB_FILE} -c show database |grep "^Internal.\|^Device."|sed '{s/=> /"/g;s/$/"/g}' | sort > ${DB_DUMP}
} }
# if db present then check if it matches with existing instances # if db present then check if it matches with existing instances
@ -147,44 +148,6 @@ update_keep()
fi fi
} }
get_role_index_from_json()
{
local role="$1"
local role_def_file="$2"
local num=0
local roles_obj
# In case of role is empty or file not present
if [ -z "${role}" ] || [ ! -f "${role_def_file}" ]; then
echo "${num}"
return ${num}
fi
json_init
json_load_file "${role_def_file}"
json_select roles
json_get_keys roles_obj
for k in ${roles_obj}; do
local rname
json_select "$k"
json_get_var rname name
json_select ..
if [ "${rname}" != "Untrusted" ] && [ "${rname}" != "full_access" ]; then
num=$(( num + 1 ))
fi
if [ "${role}" = "${rname}" ]; then
echo "${num}"
return ${num}
fi
done
return ${num}
}
validate_obuspa_section() validate_obuspa_section()
{ {
uci_validate_section ${CONFIGURATION} obuspa "${1}" \ uci_validate_section ${CONFIGURATION} obuspa "${1}" \
@ -201,8 +164,7 @@ validate_obuspa_section()
'max_cache_time:uinteger' \ 'max_cache_time:uinteger' \
'ipc_timeout:uinteger' \ 'ipc_timeout:uinteger' \
'log_dest:string' \ 'log_dest:string' \
'db_file:string' \ 'db_file:string'
'role_file:file'
} }
validate_localagent_section() validate_localagent_section()
@ -316,6 +278,33 @@ update_reset_reason()
fi fi
} }
get_role_index()
{
local name drole
name="${1}"
drole="Device.LocalAgent.ControllerTrust.Role.2"
if [ -z "${name}" ]; then
log "No role name provided, use Untrusted role index 2"
echo "${drole}"
return 0
fi
# Get if from CTRUST file first if present, then from dbdump and then use default Untrusted role
if [ -f "${CTRUST_RESET_FILE}" ]; then
val="$(grep "Device.LocalAgent.ControllerTrust.Role.\d.Name" ${CTRUST_RESET_FILE} |grep $name)"
val="$(echo ${val/.Name /,}|cut -d, -f 1)"
echo "$val"
elif [ -f "${DB_DUMP}" ]; then
val="$(grep "Device.LocalAgent.ControllerTrust.Role.\d.Name" ${DB_DUMP} |grep $name)"
val="$(echo ${val/.Name /,}|cut -d, -f 1)"
echo "$val"
else
log "Not able to get role ${name}, use Untrusted role"
echo "${drole}"
fi
}
configure_controller() configure_controller()
{ {
local EndpointID Enable local EndpointID Enable
@ -447,49 +436,6 @@ configure_subscription()
uci_remove obuspa "${1}" uci_remove obuspa "${1}"
} }
check_json_load()
{
local ret
ret=0
if [ -f "${role_def_file}" ]; then
json_init
if json_load_file "${role_def_file}" 2>&1 |grep -q Failed; then
log "failed to load [${role_def_file}]"
ret=1
fi
fi
json_init
return ${ret}
}
get_role_index()
{
local role="Device.LocalAgent.ControllerTrust.Role"
local idx=0
local role_name="$1"
local role_def_file
role_def_file=$(uci -q get obuspa.global.role_file 2>/dev/null)
case "${role_name}" in
'full_access')
idx=1;
;;
'Untrusted')
idx=2;
;;
*)
local ji=0
if check_json_load; then
ji=$(get_role_index_from_json "${role_name}" "${role_def_file}")
fi
idx=$(( ji + 2 )) # Add predefined roles
esac
echo "${role}.${idx}"
}
configure_challenges() configure_challenges()
{ {
local Enable Description role_name Role Value Retries LockoutPeriod local Enable Description role_name Role Value Retries LockoutPeriod
@ -870,6 +816,7 @@ sync_update_sec()
config_get _sync "${1}" _sync "" config_get _sync "${1}" _sync ""
if [ -z "${_sync}" ]; then if [ -z "${_sync}" ]; then
uci_remove obuspa "${1}" uci_remove obuspa "${1}"
log "Deleting obuspa.${1} section ..."
else else
uci_remove obuspa "${1}" _sync uci_remove obuspa "${1}" _sync
fi fi
@ -950,7 +897,7 @@ reverse_update_db_with_uci()
# Create factory reset file # Create factory reset file
db_init() db_init()
{ {
local reason local reason role_file
reason="${1}" reason="${1}"
mkdir -p /tmp/obuspa/ mkdir -p /tmp/obuspa/
@ -958,12 +905,19 @@ db_init()
# Load configuration # Load configuration
config_load $CONFIGURATION config_load $CONFIGURATION
config_get SQL_DB_FILE global db_file "/tmp/obuspa/usp.db" config_get SQL_DB_FILE global db_file "/tmp/obuspa/usp.db"
config_get role_file global role_file ""
if [ -f "${SQL_DB_FILE}.old" ] && [ ! -f "${SQL_DB_FILE}" ]; then if [ -f "${SQL_DB_FILE}.old" ] && [ ! -f "${SQL_DB_FILE}" ]; then
log "Copying old db, since new db not present ..." log "Copying old db, since new db not present ..."
mv ${SQL_DB_FILE}.old ${SQL_DB_FILE} mv ${SQL_DB_FILE}.old ${SQL_DB_FILE}
fi fi
if [ -f "${role_file}" ]; then
configure_ctrust_role "${role_file}"
uci_set obuspa global role_file ""
uci commit ${CONFIGURATION}
fi
# Dump datamodel parameters from DB # Dump datamodel parameters from DB
if [ -f "${SQL_DB_FILE}" ]; then if [ -f "${SQL_DB_FILE}" ]; then
dump_db dump_db
@ -986,9 +940,6 @@ db_init()
reverse_update_db_with_uci reverse_update_db_with_uci
fi fi
# Remove ControllerTrust.Role., if present in db for backward compatibility
delete_sql_db_entry_with_pattern "Device.LocalAgent.ControllerTrust.Role."
# Remove reset file if present # Remove reset file if present
[ -f "${RESET_FILE}" ] && mv ${RESET_FILE} ${RESET_FILE}.old [ -f "${RESET_FILE}" ] && mv ${RESET_FILE} ${RESET_FILE}.old
@ -1017,21 +968,18 @@ db_init()
mv ${DB_DUMP} ${RESET_FILE} mv ${DB_DUMP} ${RESET_FILE}
fi fi
return 0; if [ -f "${CTRUST_RESET_FILE}" ]; then
cat ${CTRUST_RESET_FILE} >> ${RESET_FILE}
rm ${CTRUST_RESET_FILE}
fi
} }
start_service() { start_service() {
local enabled role_file local enabled
mkdir -p /tmp/obuspa/ mkdir -p /tmp/obuspa/
config_load obuspa config_load obuspa
config_get_bool enabled global enabled 0 config_get_bool enabled global enabled 0
config_get role_file global role_file ""
# Use the default role file if not defined in uci, but present in path
if [ -z "${role_file}" ] && [ -f "/etc/obuspa/roles.json" ] ; then
uci -q set obuspa.global.role_file="/etc/obuspa/roles.json"
uci_commit obuspa
fi
procd_open_instance ${CONFIGURATION} procd_open_instance ${CONFIGURATION}
if [ "${enabled}" -eq 1 ]; then if [ "${enabled}" -eq 1 ]; then

183
obuspa/files/etc/obuspa/roles.json → obuspa/files/etc/obuspa/roles/admin.json
View file

@ -1,60 +1,5 @@
{ {
"roles": [ "roles": [
{
"name": "full_access",
"permission": [
{
"object": "Device.",
"perm": [
"PERMIT_ALL"
]
}
]
},
{
"name": "Untrusted",
"permission": [
{
"object": "Device.",
"perm": [
"PERMIT_NONE"
]
},
{
"object": "Device.DeviceInfo.",
"perm": [
"PERMIT_GET",
"PERMIT_GET_INST",
"PERMIT_OBJ_INFO",
"PERMIT_CMD_INFO"
]
},
{
"object": "Device.DeviceInfo.ProcessStatus.",
"perm": [
"PERMIT_NONE"
]
},
{
"object": "Device.DeviceInfo.VendorConfigFile.",
"perm": [
"PERMIT_NONE"
]
},
{
"object": "Device.DeviceInfo.VendorLogFile.",
"perm": [
"PERMIT_NONE"
]
},
{
"object": "Device.DeviceInfo.Processor.",
"perm": [
"PERMIT_NONE"
]
}
]
},
{ {
"name": "admin", "name": "admin",
"permission": [ "permission": [
@ -591,134 +536,6 @@
] ]
} }
] ]
},
{
"name": "user",
"permission": [
{
"object": "Device.",
"perm": [
"PERMIT_NONE"
]
},
{
"object": "Device.DeviceInfo.",
"perm": [
"PERMIT_GET",
"PERMIT_GET_INST",
"PERMIT_OBJ_INFO",
"PERMIT_CMD_INFO",
"PERMIT_SUBS_EVT_OPER_COMP"
]
},
{
"object":"Device.Hosts.",
"perm": [
"PERMIT_GET",
"PERMIT_GET_INST",
"PERMIT_OBJ_INFO",
"PERMIT_CMD_INFO",
"PERMIT_SUBS_EVT_OPER_COMP"
]
},
{
"object":"Device.IEEE1905.",
"perm": [
"PERMIT_GET",
"PERMIT_GET_INST",
"PERMIT_OBJ_INFO",
"PERMIT_CMD_INFO",
"PERMIT_SUBS_EVT_OPER_COMP"
]
},
{
"object":"Device.DynamicDNS.",
"perm": [
"PERMIT_GET",
"PERMIT_GET_INST",
"PERMIT_OBJ_INFO",
"PERMIT_CMD_INFO",
"PERMIT_SUBS_EVT_OPER_COMP"
]
},
{
"object":"Device.PeriodicStatistics.",
"perm": [
"PERMIT_GET",
"PERMIT_GET_INST",
"PERMIT_OBJ_INFO",
"PERMIT_CMD_INFO",
"PERMIT_SUBS_EVT_OPER_COMP"
]
},
{
"object": "Device.LocalAgent.Subscription.",
"perm": [
"PERMIT_GET",
"PERMIT_GET_INST",
"PERMIT_OBJ_INFO",
"PERMIT_CMD_INFO",
"PERMIT_ADD",
"PERMIT_SET",
"PERMIT_DEL",
"PERMIT_SUBS_EVT_OPER_COMP"
]
},
{
"object": "Device.WiFi.",
"perm": [
"PERMIT_GET",
"PERMIT_GET_INST",
"PERMIT_OBJ_INFO",
"PERMIT_CMD_INFO",
"PERMIT_SUBS_VAL_CHANGE",
"PERMIT_SUBS_OBJ_ADD",
"PERMIT_SUBS_OBJ_DEL"
]
},
{
"object": "Device.WiFi.AccessPoint.{i}.WPS.InitiateWPSPBC()",
"perm": [
"PERMIT_OPER",
"PERMIT_SUBS_EVT_OPER_COMP"
]
},
{
"object": "Device.WiFi.DataElements.Network.SetSSID()",
"perm": [
"PERMIT_OPER",
"PERMIT_SUBS_EVT_OPER_COMP"
]
}
]
},
{
"name": "extender",
"permission": [
{
"object": "Device.",
"perm": [
"PERMIT_NONE"
]
},
{
"object": "Device.SSH.",
"perm": [
"PERMIT_GET",
"PERMIT_GET_INST",
"PERMIT_OBJ_INFO",
"PERMIT_CMD_INFO",
"PERMIT_OPER",
"PERMIT_SUBS_VAL_CHANGE",
"PERMIT_SUBS_OBJ_ADD",
"PERMIT_SUBS_OBJ_DEL",
"PERMIT_SUBS_EVT_OPER_COMP"
]
}
]
},
{
"name": "undefined-4"
} }
] ]
} }

29
obuspa/files/etc/obuspa/roles/extender.json Normal file
View file

@ -0,0 +1,29 @@
{
"roles": [
{
"name": "extender",
"permission": [
{
"object": "Device.",
"perm": [
"PERMIT_NONE"
]
},
{
"object": "Device.SSH.",
"perm": [
"PERMIT_GET",
"PERMIT_GET_INST",
"PERMIT_OBJ_INFO",
"PERMIT_CMD_INFO",
"PERMIT_OPER",
"PERMIT_SUBS_VAL_CHANGE",
"PERMIT_SUBS_OBJ_ADD",
"PERMIT_SUBS_OBJ_DEL",
"PERMIT_SUBS_EVT_OPER_COMP"
]
}
]
}
]
}

15
obuspa/files/etc/obuspa/roles/full_access.json Normal file
View file

@ -0,0 +1,15 @@
{
"roles": [
{
"name": "full_access",
"permission": [
{
"object": "Device.",
"perm": [
"PERMIT_ALL"
]
}
]
}
]
}

104
obuspa/files/etc/obuspa/roles/user.json Normal file
View file

@ -0,0 +1,104 @@
{
"roles": [
{
"name": "user",
"permission": [
{
"object": "Device.",
"perm": [
"PERMIT_NONE"
]
},
{
"object": "Device.DeviceInfo.",
"perm": [
"PERMIT_GET",
"PERMIT_GET_INST",
"PERMIT_OBJ_INFO",
"PERMIT_CMD_INFO",
"PERMIT_SUBS_EVT_OPER_COMP"
]
},
{
"object":"Device.Hosts.",
"perm": [
"PERMIT_GET",
"PERMIT_GET_INST",
"PERMIT_OBJ_INFO",
"PERMIT_CMD_INFO",
"PERMIT_SUBS_EVT_OPER_COMP"
]
},
{
"object":"Device.IEEE1905.",
"perm": [
"PERMIT_GET",
"PERMIT_GET_INST",
"PERMIT_OBJ_INFO",
"PERMIT_CMD_INFO",
"PERMIT_SUBS_EVT_OPER_COMP"
]
},
{
"object":"Device.DynamicDNS.",
"perm": [
"PERMIT_GET",
"PERMIT_GET_INST",
"PERMIT_OBJ_INFO",
"PERMIT_CMD_INFO",
"PERMIT_SUBS_EVT_OPER_COMP"
]
},
{
"object":"Device.PeriodicStatistics.",
"perm": [
"PERMIT_GET",
"PERMIT_GET_INST",
"PERMIT_OBJ_INFO",
"PERMIT_CMD_INFO",
"PERMIT_SUBS_EVT_OPER_COMP"
]
},
{
"object": "Device.LocalAgent.Subscription.",
"perm": [
"PERMIT_GET",
"PERMIT_GET_INST",
"PERMIT_OBJ_INFO",
"PERMIT_CMD_INFO",
"PERMIT_ADD",
"PERMIT_SET",
"PERMIT_DEL",
"PERMIT_SUBS_EVT_OPER_COMP"
]
},
{
"object": "Device.WiFi.",
"perm": [
"PERMIT_GET",
"PERMIT_GET_INST",
"PERMIT_OBJ_INFO",
"PERMIT_CMD_INFO",
"PERMIT_SUBS_VAL_CHANGE",
"PERMIT_SUBS_OBJ_ADD",
"PERMIT_SUBS_OBJ_DEL"
]
},
{
"object": "Device.WiFi.AccessPoint.{i}.WPS.InitiateWPSPBC()",
"perm": [
"PERMIT_OPER",
"PERMIT_SUBS_EVT_OPER_COMP"
]
},
{
"object": "Device.WiFi.DataElements.Network.SetSSID()",
"perm": [
"PERMIT_OPER",
"PERMIT_SUBS_EVT_OPER_COMP"
]
}
]
}
]
}

218
obuspa/files/etc/obuspa/usp_utils.sh Executable file
View file

@ -0,0 +1,218 @@
#!/bin/sh
CTRUST_RESET_FILE="/tmp/obuspa/ctrust_reset"
VENDOR_PREFIX_FILE="/etc/obuspa/vendor_prefix"
FW_DEFAULT_ROLE_DIR="/etc/obuspa/roles"
# include jshn.sh
if [ -f "/usr/local/share/libubox/jshn.sh" ]; then
. /usr/local/share/libubox/jshn.sh
else
. /usr/share/libubox/jshn.sh
fi
db_add()
{
local param value
param="${1}"
shift
value="$*"
if [ -n "${param}" ] && [ -n "${value}" ]; then
echo "${param} \"${value}\"">>${CTRUST_RESET_FILE}
else
echo >>${CTRUST_RESET_FILE}
fi
}
get_param_permission()
{
local input rinst pinst path prefix
local pperm operm cperm iperm
pperm="----"
operm="----"
cperm="----"
iperm="----"
path="${1}"
shift
rinst="${1}"
shift
pinst="${1}"
shift
input="${@}"
for p in ${input}; do
case ${p} in
PERMIT_GET)
pperm="r${pperm:1:4}"
;;
PERMIT_SET)
pperm="${pperm:0:1}w${pperm:2:4}"
;;
PERMIT_SUBS_VAL_CHANGE)
pperm="${pperm:0:3}n"
;;
PERMIT_OBJ_INFO)
operm="r${operm:1:4}"
;;
PERMIT_ADD)
operm="${operm:0:1}w${operm:2:4}"
;;
PERMIT_SUBS_OBJ_ADD)
operm="${operm:0:3}n"
;;
PERMIT_GET_INST)
iperm="r${iperm:1:4}"
;;
PERMIT_DEL)
iperm="${iperm:0:1}w${iperm:2:4}"
;;
PERMIT_SUBS_OBJ_DEL)
iperm="${iperm:0:3}n"
;;
PERMIT_CMD_INFO)
cperm="r${cperm:1:4}"
;;
PERMIT_OPER)
cperm="${cperm:0:2}x${cperm:3:4}"
;;
PERMIT_SUBS_EVT_OPER_COMP)
cperm="${cperm:0:3}n"
;;
PERMIT_NONE)
pperm="----"
iperm="----"
cperm="----"
operm="----"
;;
PERMIT_ALL)
pperm="rw-n"
iperm="rw-n"
operm="rw-n"
cperm="r-xn"
;;
esac
done
if [ -f "${VENDOR_PREFIX_FILE}" ]; then
prefix="$(cat ${VENDOR_PREFIX_FILE})"
else
prefix="X_IOPSYS_XX_"
fi
path="${path//\{i\}/*}"
path="${path//\{BBF_VENDOR_PREFIX\}/${prefix}}"
db_add Device.LocalAgent.ControllerTrust.Role.${rinst}.Permission.${pinst}.Alias cpe-${pinst}
db_add Device.LocalAgent.ControllerTrust.Role.${rinst}.Permission.${pinst}.Enable 1
db_add Device.LocalAgent.ControllerTrust.Role.${rinst}.Permission.${pinst}.Order ${pinst}
db_add Device.LocalAgent.ControllerTrust.Role.${rinst}.Permission.${pinst}.Targets ${path}
db_add Device.LocalAgent.ControllerTrust.Role.${rinst}.Permission.${pinst}.Param ${pperm}
db_add Device.LocalAgent.ControllerTrust.Role.${rinst}.Permission.${pinst}.Obj ${operm}
db_add Device.LocalAgent.ControllerTrust.Role.${rinst}.Permission.${pinst}.InstantiatedObj ${iperm}
db_add Device.LocalAgent.ControllerTrust.Role.${rinst}.Permission.${pinst}.CommandEvent ${cperm}
}
configure_permission()
{
local obj inst name rinst
obj="${1}"
inst="${2}"
name="${3}"
rinst="${4}"
if [ -z "${inst}" ]; then
return 0
fi
json_select ${inst}
json_get_var path object
json_get_values perm perm
get_param_permission "${path}" "${rinst}" "${inst}" "${perm}"
db_add
json_select ..
}
configure_roles()
{
local rinst rname
if [ "$#" -ne 2 ]; then
echo "Illegal number of parameters"
exit 1
fi
json_select $2
json_get_var rname name
if [ "${rname}" = "full_access" ]; then
rinst=1
rname="Full Access"
elif [ "${rname}" = "Untrusted" ]; then
rinst=2
else
rinst="$2"
fi
db_add Device.LocalAgent.ControllerTrust.Role.${rinst}.Alias cpe-${rinst}
db_add Device.LocalAgent.ControllerTrust.Role.${rinst}.Enable 1
db_add Device.LocalAgent.ControllerTrust.Role.${rinst}.Name ${rname}
json_for_each_item configure_permission permission "${name}" ${rinst}
json_select ..
}
configure_roles_dir()
{
local rinst rname
if [ "$#" -ne 3 ]; then
echo "Illegal number of parameters"
exit 1
fi
rinst="${3}"
json_select $2
json_get_var rname name
db_add Device.LocalAgent.ControllerTrust.Role.${rinst}.Alias cpe-${rinst}
db_add Device.LocalAgent.ControllerTrust.Role.${rinst}.Enable 1
db_add Device.LocalAgent.ControllerTrust.Role.${rinst}.Name ${rname}
json_for_each_item configure_permission permission "${name}" ${rinst}
json_select ..
break
}
configure_ctrust_role()
{
local num
local roles_obj
mkdir -p /tmp/obuspa/
if [ -f "${1}" ]; then
json_init
json_load_file "${1}"
json_for_each_item configure_roles roles
else
num=3
for f in $(ls -1 ${FW_DEFAULT_ROLE_DIR}); do
echo "Loading $f ....."
json_init
json_load_file "${FW_DEFAULT_ROLE_DIR}/${f}"
json_for_each_item configure_roles_dir roles ${num}
num=$((num + 1))
done
fi
}
# configure_ctrust_role "${@}"

15
obuspa/files/etc/uci-defaults/60-generate-ctrust-defaults Normal file
View file

@ -0,0 +1,15 @@
#!/bin/sh
. /lib/functions.sh
. /etc/obuspa/usp_utils.sh
rfile="$(uci -q get obuspa.global.role_file)"
# Reset the role_file if present
if [ -n "${rfile}" ]; then
uci -q set obuspa.global.role_file=""
fi
configure_ctrust_role "${rfile}"
exit 0

33
obuspa/patches/0001-validate-controller-mtp.patch
View file

@ -1,22 +1,23 @@
diff --git a/src/core/device.h b/src/core/device.h diff --git a/src/core/device.h b/src/core/device.h
index 5ca0782..ee6d88c 100644 index 5e367b7..db154a5 100644
--- a/src/core/device.h --- a/src/core/device.h
+++ b/src/core/device.h +++ b/src/core/device.h
@@ -157,6 +157,9 @@ int DEVICE_CONTROLLER_Start(void); @@ -330,6 +330,10 @@ int DEVICE_MTP_ValidateMqttReference(dm_req_t *req, char *value);
void DEVICE_CONTROLLER_Stop(void); void DEVICE_CONTROLLER_SetRolesFromMqtt(int mqtt_instance, int role_instance);
int DEVICE_CONTROLLER_FindInstanceByEndpointId(char *endpoint_id); char *DEVICE_CONTROLLER_GetControllerTopic(int mqtt_instance);
int DEVICE_CONTROLLER_QueueBinaryMessage(mtp_send_item_t *msi, char *endpoint_id, char *usp_msg_id, mtp_reply_to_t *mtp_reply_to, time_t expiry_time);
+#ifdef OBUSPA_CONTROLLER_MTP_VERIFY +#ifdef OBUSPA_CONTROLLER_MTP_VERIFY
+bool DEVICE_CONTROLLER_IsMTPAllowed(char *endpoint_id, mtp_reply_to_t *mrt); +bool DEVICE_CONTROLLER_IsMTPAllowed(char *endpoint_id, mtp_reply_to_t *mrt);
+#endif +#endif
bool DEVICE_CONTROLLER_IsMTPConfigured(char *endpoint_id, mtp_protocol_t protocol); +
char *DEVICE_CONTROLLER_FindEndpointIdByInstance(int instance); #ifndef REMOVE_USP_BROKER
char *DEVICE_CONTROLLER_FindEndpointByMTP(mtp_reply_to_t *mrt); int DEVICE_SUBSCRIPTION_RouteNotification(Usp__Msg *usp, int instance);
bool DEVICE_SUBSCRIPTION_MarkVendorLayerSubs(int broker_instance, subs_notify_t notify_type, char *path, int group_id);
diff --git a/src/core/device_controller.c b/src/core/device_controller.c diff --git a/src/core/device_controller.c b/src/core/device_controller.c
index ae609f5..a6335f5 100644 index 97ca11d..19c91f1 100644
--- a/src/core/device_controller.c --- a/src/core/device_controller.c
+++ b/src/core/device_controller.c +++ b/src/core/device_controller.c
@@ -900,6 +900,78 @@ int DEVICE_CONTROLLER_QueueBinaryMessage(mtp_send_item_t *msi, char *endpoint_id @@ -952,6 +952,78 @@ int DEVICE_CONTROLLER_QueueBinaryMessage(mtp_send_item_t *msi, char *endpoint_id
return USP_ERR_OK; return USP_ERR_OK;
} }
@ -96,12 +97,12 @@ index ae609f5..a6335f5 100644
** **
** DEVICE_CONTROLLER_IsMTPConfigured ** DEVICE_CONTROLLER_IsMTPConfigured
diff --git a/src/core/msg_handler.c b/src/core/msg_handler.c diff --git a/src/core/msg_handler.c b/src/core/msg_handler.c
index 8313342..a953562 100644 index 2a04d39..0b3074b 100644
--- a/src/core/msg_handler.c --- a/src/core/msg_handler.c
+++ b/src/core/msg_handler.c +++ b/src/core/msg_handler.c
@@ -759,6 +759,15 @@ int ValidateUspRecord(UspRecord__Record *rec, mtp_reply_to_t *mrt) @@ -1206,6 +1206,15 @@ int ValidateUspRecord(UspRecord__Record *rec, mtp_conn_t *mtpc)
return USP_ERR_RECORD_FIELD_INVALID; usp_service_instance = USP_BROKER_GetUspServiceInstance(rec->from_id, 0);
} #endif
+#ifdef OBUSPA_CONTROLLER_MTP_VERIFY +#ifdef OBUSPA_CONTROLLER_MTP_VERIFY
+ // Exit if the controller is not allowed to use the MTP on which the message was received + // Exit if the controller is not allowed to use the MTP on which the message was received
@ -112,6 +113,6 @@ index 8313342..a953562 100644
+ } + }
+#endif +#endif
+ +
// Exit if the controller is unknown // Exit if the endpoint sending the message is unknown
cur_msg_controller_instance = DEVICE_CONTROLLER_FindInstanceByEndpointId(rec->from_id); cur_msg_controller_instance = DEVICE_CONTROLLER_FindInstanceByEndpointId(rec->from_id);
if (cur_msg_controller_instance == INVALID) if ((cur_msg_controller_instance == INVALID) && (usp_service_instance == INVALID))

84
obuspa/patches/0003-set-internal-role-fix.patch
View file

@ -1,84 +0,0 @@
--- a/src/core/cli_server.c
+++ b/src/core/cli_server.c
@@ -780,6 +780,7 @@ int ExecuteCli_Set(char *arg1, char *arg
goto exit;
}
+ SetControllerRoleForInternal();
// Exit if unable to start a transaction
err = DM_TRANS_Start(&trans);
if (err != USP_ERR_OK)
@@ -865,6 +866,7 @@ int ExecuteCli_Add(char *arg1, char *arg
goto exit;
}
+ SetControllerRoleForInternal();
// Exit if unable to start a transaction
err = DM_TRANS_Start(&trans);
if (err != USP_ERR_OK)
@@ -976,6 +978,7 @@ int ExecuteCli_Del(char *arg1, char *arg
goto exit;
}
+ SetControllerRoleForInternal();
// Exit if unable to start a transaction
err = DM_TRANS_Start(&trans);
if (err != USP_ERR_OK)
--- a/src/core/data_model.h
+++ b/src/core/data_model.h
@@ -325,6 +325,8 @@ void DATA_MODEL_DumpSchema(void);
void DATA_MODEL_DumpInstances(void);
char DATA_MODEL_GetJSONParameterType(char *path);
int DATA_MODEL_SetParameterInDatabase(char *path, char *value);
+void SetControllerRoleForInternal();
+void SetControllerDummyID();
int DM_PRIV_InitSetRequest(dm_req_t *req, dm_node_t *node, char *path, dm_instances_t *inst, char *new_value);
void DM_PRIV_RequestInit(dm_req_t *req, dm_node_t *node, char *path, dm_instances_t *inst);
--- a/src/core/dm_exec.c
+++ b/src/core/dm_exec.c
@@ -1207,6 +1207,7 @@ void ProcessMessageQueueSocketActivity(s
return;
}
+ SetControllerDummyID(); // To make sure session handler does not break with internal services
switch(msg.type)
{
case kDmExecMsg_ProcessUspRecord:
--- a/src/core/msg_handler.c
+++ b/src/core/msg_handler.c
@@ -902,6 +902,34 @@ char *MtpSendItemToString(mtp_send_item_
/*********************************************************************//**
**
+** SetControllerDummyID
+**
+** Sets the role for internal user
+**
+**
+**************************************************************************/
+void SetControllerDummyID()
+{
+ cur_msg_controller_info.endpoint_id = "CLI_Utility";
+}
+
+/*********************************************************************//**
+**
+** SetControllerRoleForInternal
+**
+** Sets the role for internal user
+**
+**
+**************************************************************************/
+void SetControllerRoleForInternal()
+{
+ cur_msg_combined_role.inherited = kCTrustRole_Untrusted;
+ cur_msg_combined_role.assigned = kCTrustRole_FullAccess;
+ SetControllerDummyID();
+}
+
+/*********************************************************************//**
+**
** CacheControllerRoleForCurMsg
**
** Retrieves the role to use for the specified controller, and caches it locally, so that

15
obuspa/patches/0012-check_mqtt_host_alive.patch
View file

@ -1,8 +1,17 @@
diff --git a/src/core/mqtt.c b/src/core/mqtt.c diff --git a/src/core/mqtt.c b/src/core/mqtt.c
index 04a1a9c..00b95a4 100644 index 70a10c2..e8a39cf 100644
--- a/src/core/mqtt.c --- a/src/core/mqtt.c
+++ b/src/core/mqtt.c +++ b/src/core/mqtt.c
@@ -2124,6 +2124,75 @@ exit: @@ -63,6 +63,8 @@
#include <mosquitto.h>
+#include <curl/curl.h>
+
// Defines for MQTT Property Values
#define PUBLISH 0x30
#define CONTENT_TYPE 3
@@ -2180,6 +2182,75 @@ exit:
} }
} }
@ -78,7 +87,7 @@ index 04a1a9c..00b95a4 100644
/*********************************************************************//** /*********************************************************************//**
** **
** PerformMqttClientConnect ** PerformMqttClientConnect
@@ -2193,6 +2262,14 @@ int PerformMqttClientConnect(mqtt_client_t *client) @@ -2249,6 +2320,14 @@ int PerformMqttClientConnect(mqtt_client_t *client)
keep_alive = 5; keep_alive = 5;
} }