Skip to content

Commit

Permalink
[DRLK] Bugfix: return INVALID_COMMAND when attempting to add/modify (#…
Browse files Browse the repository at this point in the history
…34120)

* [DRLK] Bugfix: return INVALID_COMMAND when attempting to add/modify
credential from a different fabric than the User/Credential's creator fabric

Add YAML test steps to verify correct behavior

Fixes #34119

* Restyled by prettier-yaml

* Update src/app/tests/suites/DL_UsersAndCredentials.yaml

Co-authored-by: Andrei Litvin <[email protected]>

---------

Co-authored-by: Restyled.io <[email protected]>
Co-authored-by: Andrei Litvin <[email protected]>
  • Loading branch information
3 people authored Aug 15, 2024
1 parent 9d8587d commit 0d71711
Show file tree
Hide file tree
Showing 2 changed files with 365 additions and 3 deletions.
35 changes: 35 additions & 0 deletions src/app/clusters/door-lock-server/door-lock-server.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -803,6 +803,19 @@ void DoorLockServer::setCredentialCommandHandler(
return;
}

// return INVALID_COMMAND if the accessing fabric index doesn’t match the
// CreatorFabricIndex of the credential being modified
if (existingCredential.createdBy != fabricIdx)
{
ChipLogProgress(Zcl,
"[createCredential] Unable to modify credential. Fabric index differs from creator fabric "
"[endpointId=%d,credentialIndex=%d,creatorIdx=%d,modifierIdx=%d]",
commandPath.mEndpointId, credentialIndex, existingCredential.createdBy, fabricIdx);

sendSetCredentialResponse(commandObj, commandPath, DlStatus::kInvalidField, 0, nextAvailableCredentialSlot);
return;
}

// if userIndex is NULL then we're changing the programming user PIN
if (userIndex.IsNull())
{
Expand Down Expand Up @@ -2218,6 +2231,17 @@ DlStatus DoorLockServer::createNewCredentialAndAddItToUser(chip::EndpointId endp
return DlStatus::kInvalidField;
}

// return INVALID_COMMAND if the accessing fabric index doesn’t match the
// CreatorFabricIndex in the user record pointed to by UserIndex
if (user.createdBy != modifierFabricIdx)
{
ChipLogProgress(Zcl,
"[createCredential] Unable to create credential for user created by different fabric "
"[endpointId=%d,userIndex=%d,creatorIdx=%d,fabricIdx=%d]",
endpointId, userIndex, user.createdBy, modifierFabricIdx);
return DlStatus::kInvalidField;
}

// Add new credential to the user
auto status = addCredentialToUser(endpointId, modifierFabricIdx, userIndex, credential);
if (DlStatus::kSuccess != status)
Expand Down Expand Up @@ -2338,6 +2362,17 @@ DlStatus DoorLockServer::modifyCredentialForUser(chip::EndpointId endpointId, ch
return DlStatus::kFailure;
}

// return INVALID_COMMAND if the accessing fabric index doesn’t match the
// CreatorFabricIndex in the user record pointed to by UserIndex
if (user.createdBy != modifierFabricIdx)
{
ChipLogProgress(Zcl,
"[createCredential] Unable to modify credential for user created by different fabric "
"[endpointId=%d,userIndex=%d,creatorIdx=%d,fabricIdx=%d]",
endpointId, userIndex, user.createdBy, modifierFabricIdx);
return DlStatus::kInvalidField;
}

for (size_t i = 0; i < user.credentials.size(); ++i)
{
// appclusters, 5.2.4.40: user should already be associated with given credential
Expand Down
Loading

0 comments on commit 0d71711

Please sign in to comment.