Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Refactor ACL persistent storage and events #17357

Merged
merged 25 commits into from
Apr 29, 2022
Merged

Refactor ACL persistent storage and events #17357

Show file tree
Hide file tree
Changes from 18 commits
Commits
Show all changes
25 commits
Select commit Hold shift + click to select a range
428606a
Refactor ACL storage
mlepage-google Apr 13, 2022
5c37a59
Merge branch 'master' into refactor-acl-storage
mlepage-google Apr 13, 2022
32dfba4
Merge branch 'master' into refactor-acl-storage
mlepage-google Apr 14, 2022
8d690db
Add subject descriptor to access control APIs
mlepage-google Apr 14, 2022
6a1d7ad
More improvements
mlepage-google Apr 19, 2022
ccc9b64
Merge branch 'master' into refactor-acl-storage
mlepage-google Apr 19, 2022
4a49ffd
Fix function docs
mlepage-google Apr 19, 2022
f3fd46d
Merge branch 'master' into refactor-acl-storage
mlepage-google Apr 19, 2022
64c9fe7
Preserve deleted entry for notification (event)
mlepage-google Apr 19, 2022
ee77ff7
Calculate proper storage buffer size
mlepage-google Apr 20, 2022
ccd9c01
Merge branch 'master' into refactor-acl-storage
mlepage-google Apr 20, 2022
d864551
Merge branch 'master' into refactor-acl-storage
mlepage-google Apr 20, 2022
ba50715
Merge branch 'master' into refactor-acl-storage
mlepage-google Apr 21, 2022
0cffb8a
Address clang-tidy complaint
mlepage-google Apr 21, 2022
346d9da
Merge branch 'master' into refactor-acl-storage
mlepage-google Apr 26, 2022
f87957b
Revert change to server init log strings
mlepage-google Apr 26, 2022
fe8ef75
Minor nits from review
mlepage-google Apr 26, 2022
3c71264
Merge branch 'master' into refactor-acl-storage
mlepage-google Apr 27, 2022
2ba514a
Merge branch 'master' into refactor-acl-storage
mlepage-google Apr 28, 2022
906f4d2
Inject dependencies into AclStorage
mlepage-google Apr 28, 2022
022b830
Address feedback from review
mlepage-google Apr 28, 2022
d07b647
Merge branch 'master' into refactor-acl-storage
mlepage-google Apr 28, 2022
317d77c
Remove obsolete include
mlepage-google Apr 28, 2022
a97024d
Add a different include to replace obsolete one
mlepage-google Apr 29, 2022
e051690
Merge branch 'master' into refactor-acl-storage
mlepage-google Apr 29, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
134 changes: 125 additions & 9 deletions src/access/AccessControl.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -193,20 +193,49 @@ CHIP_ERROR AccessControl::Finish()
return retval;
}

CHIP_ERROR AccessControl::RemoveFabric(FabricIndex fabricIndex)
void AccessControl::AddEntryListener(EntryListener & listener)
{
ChipLogProgress(DataManagement, "AccessControl: removing fabric %u", fabricIndex);
if (mEntryListener == nullptr)
{
mEntryListener = &listener;
listener.mNext = nullptr;
return;
}

CHIP_ERROR err;
do
for (EntryListener * l = mEntryListener; /**/; l = l->mNext)
{
err = DeleteEntry(0, &fabricIndex);
} while (err == CHIP_NO_ERROR);
if (l == &listener)
{
return;
}

if (l->mNext == nullptr)
{
l->mNext = &listener;
listener.mNext = nullptr;
return;
}
}
}

// Sentinel error is OK, just means there was no such entry.
ReturnErrorCodeIf(err != CHIP_ERROR_SENTINEL, err);
void AccessControl::RemoveEntryListener(EntryListener & listener)
{
if (mEntryListener == &listener)
{
mEntryListener = listener.mNext;
listener.mNext = nullptr;
return;
}

return CHIP_NO_ERROR;
for (EntryListener * l = mEntryListener; l != nullptr; l = l->mNext)
{
if (l->mNext == &listener)
{
l->mNext = listener.mNext;
listener.mNext = nullptr;
return;
}
}
}

CHIP_ERROR AccessControl::Check(const SubjectDescriptor & subjectDescriptor, const RequestPath & requestPath,
Expand Down Expand Up @@ -368,6 +397,84 @@ CHIP_ERROR AccessControl::Check(const SubjectDescriptor & subjectDescriptor, con
return CHIP_ERROR_ACCESS_DENIED;
}

#if CHIP_ACCESS_CONTROL_DUMP_ENABLED
CHIP_ERROR AccessControl::Dump(const Entry & entry)
{
CHIP_ERROR err;

ChipLogProgress(DataManagement, "----- BEGIN ENTRY -----");
bzbarsky-apple marked this conversation as resolved.
Show resolved Hide resolved

{
FabricIndex fabricIndex;
SuccessOrExit(err = entry.GetFabricIndex(fabricIndex));
ChipLogProgress(DataManagement, "fabricIndex: %u", fabricIndex);
}

{
Privilege privilege;
SuccessOrExit(err = entry.GetPrivilege(privilege));
ChipLogProgress(DataManagement, "privilege: %d", static_cast<int>(privilege));
mlepage-google marked this conversation as resolved.
Show resolved Hide resolved
}

{
AuthMode authMode;
SuccessOrExit(err = entry.GetAuthMode(authMode));
ChipLogProgress(DataManagement, "authMode: %d", static_cast<int>(authMode));
mlepage-google marked this conversation as resolved.
Show resolved Hide resolved
}

{
size_t count;
SuccessOrExit(err = entry.GetSubjectCount(count));
if (count)
{
ChipLogProgress(DataManagement, "subjects: %u", static_cast<unsigned>(count));
for (size_t i = 0; i < count; ++i)
{
NodeId subject;
SuccessOrExit(err = entry.GetSubject(i, subject));
ChipLogProgress(DataManagement, " %u: 0x" ChipLogFormatX64, static_cast<unsigned>(i), ChipLogValueX64(subject));
}
}
}

{
size_t count;
SuccessOrExit(err = entry.GetTargetCount(count));
if (count)
{
ChipLogProgress(DataManagement, "targets: %u", static_cast<unsigned>(count));
for (size_t i = 0; i < count; ++i)
{
Entry::Target target;
SuccessOrExit(err = entry.GetTarget(i, target));
if (target.flags & Entry::Target::kCluster)
{
ChipLogProgress(DataManagement, " %u: cluster: 0x" ChipLogFormatMEI, static_cast<unsigned>(i),
ChipLogValueMEI(target.cluster));
}
if (target.flags & Entry::Target::kEndpoint)
{
ChipLogProgress(DataManagement, " %u: endpoint: %u", static_cast<unsigned>(i), target.endpoint);
}
if (target.flags & Entry::Target::kDeviceType)
{
ChipLogProgress(DataManagement, " %u: deviceType: 0x" ChipLogFormatMEI, static_cast<unsigned>(i),
ChipLogValueMEI(target.deviceType));
}
}
}
}

ChipLogProgress(DataManagement, "----- END ENTRY -----");

return CHIP_NO_ERROR;

exit:
ChipLogError(DataManagement, "AccessControl: dump failed %" CHIP_ERROR_FORMAT, err.Format());
return err;
}
#endif

bool AccessControl::IsValid(const Entry & entry)
{
const char * log = "unexpected error";
Expand Down Expand Up @@ -436,6 +543,15 @@ bool AccessControl::IsValid(const Entry & entry)
return false;
}

void AccessControl::NotifyEntryChanged(const SubjectDescriptor * subjectDescriptor, FabricIndex fabric, size_t index,
const Entry * entry, EntryListener::ChangeType changeType)
{
for (EntryListener * listener = mEntryListener; listener != nullptr; listener = listener->mNext)
{
listener->OnEntryChanged(subjectDescriptor, fabric, index, entry, changeType);
}
}

AccessControl & GetAccessControl()
{
return *globalAccessControl;
Expand Down
Loading