From f9a68917f72a416161450ec16f3140056cfad1df Mon Sep 17 00:00:00 2001 From: Vivek Kumar Dutta Date: Wed, 16 Jul 2025 12:16:48 +0530 Subject: [PATCH] draft usp role changes --- obuspa/Makefile | 4 +-- obuspa/files/etc/init.d/obuspa | 28 ++++++++------- .../uci-defaults/60-generate-ctrust-defaults | 6 ++-- .../etc/uci-defaults/61-override-ct-roles | 2 +- .../{full_access.json => 01_full_access.json} | 0 .../files/etc/users/roles/02_untrusted.json | 35 +++++++++++++++++++ .../roles/{extender.json => 03_extender.json} | 0 obuspa/files/etc/users/roles/untrusted.json | 6 ---- 8 files changed, 57 insertions(+), 24 deletions(-) rename obuspa/files/etc/users/roles/{full_access.json => 01_full_access.json} (100%) create mode 100644 obuspa/files/etc/users/roles/02_untrusted.json rename obuspa/files/etc/users/roles/{extender.json => 03_extender.json} (100%) delete mode 100644 obuspa/files/etc/users/roles/untrusted.json diff --git a/obuspa/Makefile b/obuspa/Makefile index aafeb2bcb..951c2aaaa 100644 --- a/obuspa/Makefile +++ b/obuspa/Makefile @@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=obuspa PKG_VERSION:=10.0.4.1 -LOCAL_DEV:=0 +LOCAL_DEV:=1 ifneq ($(LOCAL_DEV),1) PKG_SOURCE_PROTO:=git PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/obuspa.git @@ -35,7 +35,7 @@ define Package/obuspa DEPENDS:=+libopenssl +libuci +libblobmsg-json +libcurl +libsqlite3 +libubox +libubus +libmosquitto-ssl +libwebsockets-openssl +ca-certificates \ +OBUSPA_ENABLE_TEST_CONTROLLER_LOCAL:mosquitto-ssl +OBUSPA_ENABLE_TEST_CONTROLLER_LOCAL:mosquitto-client-ssl \ +OBUSPA_ENABLE_TEST_CONTROLLER:mosquitto-auth-shadow +libjson-c - DEPENDS+=+libbbfdm-api +libbbfdm-ubus +dm-service + DEPENDS+=+libbbfdm-api +libbbfdm-ubus +dm-service +bbfdmd endef define Package/obuspa/description diff --git a/obuspa/files/etc/init.d/obuspa b/obuspa/files/etc/init.d/obuspa index 85e5ddb1e..6b044cab5 100755 --- a/obuspa/files/etc/init.d/obuspa +++ b/obuspa/files/etc/init.d/obuspa @@ -13,6 +13,7 @@ KEEP_FILE="/lib/upgrade/keep.d/obuspa" RESET_FILE="/tmp/obuspa/fw_defaults" SQL_DB_FILE="/tmp/obuspa/usp.db" DB_DUMP="/tmp/obuspa/usp.dump_$(date +%s)" +CTRUST_ROLE_MAP="/tmp/obuspa/usp.role.map" BASEPATH="" INSTANCE_COUNT=0 @@ -283,6 +284,14 @@ update_dual_stack_pref() db_set Internal.DualStackPreference "${1}" } +create_ctrust_role_map() +{ + echo ""> ${CTRUST_ROLE_MAP} + for file in $(ls -1 /etc/users/roles/*.json); do + cat ${file} |jq -r '.tr181| [.instance, .name]|@tsv' >> ${CTRUST_ROLE_MAP} + done +} + get_role_index() { local name drole @@ -306,14 +315,9 @@ get_role_index() fi # Get if from CTRUST file first if present, then from dbdump and then use default Untrusted role - if [ -f "${CTRUST_RESET_FILE}" ]; then - val="$(grep "Device.LocalAgent.ControllerTrust.Role.\d.Name" ${CTRUST_RESET_FILE} |grep $name)" - val="$(echo ${val/.Name /,}|cut -d, -f 1)" - echo "$val" - elif [ -f "${DB_DUMP}" ]; then - val="$(grep "Device.LocalAgent.ControllerTrust.Role.\d.Name" ${DB_DUMP} |grep $name)" - val="$(echo ${val/.Name /,}|cut -d, -f 1)" - echo "$val" + if [ -f "${CTRUST_ROLE_MAP}" ]; then + rindex="$(grep "${name}" ${CTRUST_ROLE_MAP} |cut -f 1)" + echo "Device.LocalAgent.ControllerTrust.Role.${rindex}" else log "Not able to get role ${name}, use Untrusted role" echo "${drole}" @@ -969,7 +973,7 @@ db_init() # Dump datamodel parameters from DB if [ -f "${SQL_DB_FILE}" ]; then - dump_db + return 0 fi # In case of Reboot or service restart update the uci @@ -996,6 +1000,7 @@ db_init() config_load $CONFIGURATION config_get dualstack_pref global dualstack_pref "IPv6" + create_ctrust_role_map global_init config_foreach configure_localagent localagent global_init @@ -1022,9 +1027,8 @@ db_init() mv ${DB_DUMP} ${RESET_FILE} fi - if [ -f "${CTRUST_RESET_FILE}" ]; then - cat ${CTRUST_RESET_FILE} >> ${RESET_FILE} - rm ${CTRUST_RESET_FILE} + if [ -f "${CTRUST_ROLE_MAP}" ]; then + rm ${CTRUST_ROLE_MAP} fi } diff --git a/obuspa/files/etc/uci-defaults/60-generate-ctrust-defaults b/obuspa/files/etc/uci-defaults/60-generate-ctrust-defaults index 02bd0678e..a0a3d45d7 100644 --- a/obuspa/files/etc/uci-defaults/60-generate-ctrust-defaults +++ b/obuspa/files/etc/uci-defaults/60-generate-ctrust-defaults @@ -10,8 +10,8 @@ if [ -n "${rfile}" ]; then uci -q set obuspa.global.role_file="" fi -if [ ! -f "${db_file}" ]; then - configure_ctrust_role -fi +#if [ ! -f "${db_file}" ]; then + #configure_ctrust_role +#fi exit 0 diff --git a/obuspa/files/etc/uci-defaults/61-override-ct-roles b/obuspa/files/etc/uci-defaults/61-override-ct-roles index 0da8cb9e7..4011cc1a9 100644 --- a/obuspa/files/etc/uci-defaults/61-override-ct-roles +++ b/obuspa/files/etc/uci-defaults/61-override-ct-roles @@ -3,6 +3,6 @@ . /lib/functions.sh . /etc/obuspa/usp_utils.sh -configure_ctrust_role +#configure_ctrust_role exit 0 diff --git a/obuspa/files/etc/users/roles/full_access.json b/obuspa/files/etc/users/roles/01_full_access.json similarity index 100% rename from obuspa/files/etc/users/roles/full_access.json rename to obuspa/files/etc/users/roles/01_full_access.json diff --git a/obuspa/files/etc/users/roles/02_untrusted.json b/obuspa/files/etc/users/roles/02_untrusted.json new file mode 100644 index 000000000..255326963 --- /dev/null +++ b/obuspa/files/etc/users/roles/02_untrusted.json @@ -0,0 +1,35 @@ +{ + "tr181": { + "name": "Untrusted", + "instance": 2, + "permission": [ + { + "object": "Device.", + "perm": [ + "PERMIT_NONE" + ] + }, + { + "object": "Device.DeviceInfo.", + "perm": [ + "PERMIT_GET", + "PERMIT_OBJ_INFO" + ] + }, + { + "object": "Device.LocalAgent.ControllerTrust.RequestChallenge()", + "perm": [ + "PERMIT_OPER", + "PERMIT_CMD_INFO" + ] + }, + { + "object": "Device.LocalAgent.ControllerTrust.RequestChallenge()", + "perm": [ + "PERMIT_OPER", + "PERMIT_CMD_INFO" + ] + } + ] + } +} diff --git a/obuspa/files/etc/users/roles/extender.json b/obuspa/files/etc/users/roles/03_extender.json similarity index 100% rename from obuspa/files/etc/users/roles/extender.json rename to obuspa/files/etc/users/roles/03_extender.json diff --git a/obuspa/files/etc/users/roles/untrusted.json b/obuspa/files/etc/users/roles/untrusted.json deleted file mode 100644 index c82a4f69e..000000000 --- a/obuspa/files/etc/users/roles/untrusted.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "tr181": { - "name": "Untrusted", - "instance": 2 - } -}