nsresult
KeyStoreConnector::AcceptStreamSocket(int aListenFd,
struct sockaddr* aAddress,
socklen_t* aAddressLength,
int& aStreamFd)
{
ScopedClose fd(
TEMP_FAILURE_RETRY(accept(aListenFd, aAddress, aAddressLength)));
if (fd < 0) {
NS_WARNING("Cannot accept file descriptor!");
return NS_ERROR_FAILURE;
}
nsresult rv = SetSocketFlags(fd);
if (NS_FAILED(rv)) {
return rv;
}
rv = CheckPermission(fd);
if (NS_FAILED(rv)) {
return rv;
}
aStreamFd = fd.forget();
return NS_OK;
}
static OCStackApplicationResult AmsMgrAclReqCallback(void *ctx, OCDoHandle handle,
OCClientResponse * clientResponse)
{
OC_LOG_V(INFO, TAG, "%s Begin", __func__ );
(void)handle;
PEContext_t *context = (PEContext_t *) ctx;
SRMAccessResponse_t rsps;
if (!ctx ||
!clientResponse ||
!clientResponse->payload||
(PAYLOAD_TYPE_SECURITY != clientResponse->payload->type) ||
(clientResponse->result != OC_STACK_OK))
{
SRMSendResponse(ACCESS_DENIED_AMS_SERVICE_ERROR);
goto exit;
}
if (context->state != AWAITING_AMS_RESPONSE)
{
OC_LOG_V(ERROR, TAG, "%s Invalid State ", __func__);
context->retVal = ACCESS_DENIED_AMS_SERVICE_ERROR;
SRMSendResponse(context->retVal);
return OC_STACK_DELETE_TRANSACTION;
}
// Verify before installing ACL if the ID of the sender of this ACL is an AMS
//service that this device trusts.
rsps = ACCESS_DENIED;
if((UUID_LENGTH == clientResponse->identity.id_length) &&
memcmp(context->amsMgrContext->amsDeviceId.id, clientResponse->identity.id,
sizeof(context->amsMgrContext->amsDeviceId.id)) == 0)
{
OCStackResult ret =
InstallNewACL(((OCSecurityPayload*)clientResponse->payload)->securityData);
VERIFY_SUCCESS(TAG, OC_STACK_OK == ret, ERROR);
OC_LOG_V(INFO, TAG, "%s : Calling checkPermission", __func__);
rsps = CheckPermission(context, &context->subject, context->resource, context->permission);
VERIFY_SUCCESS(TAG, (true == IsAccessGranted(rsps)), ERROR);
OC_LOG_V(INFO, TAG, "%sAccess granted, Calling SRMCallCARequestHandler", __func__);
context->retVal = ACCESS_GRANTED;
SRMSendResponse(context->retVal);
return OC_STACK_DELETE_TRANSACTION;
}
exit:
context->retVal = ACCESS_DENIED_AMS_SERVICE_ERROR;
SRMSendResponse(context->retVal);
FreeCARequestInfo(context->amsMgrContext->requestInfo);
OICFree(context->amsMgrContext->endpoint);
return OC_STACK_DELETE_TRANSACTION;
}
TError TContainerHolder::Create(TScopedLock &holder_lock, const std::string &name, const TCred &cred, std::shared_ptr<TContainer> &container) {
TError error;
error = ValidName(name);
if (error)
return error;
if (Containers.find(name) != Containers.end())
return TError(EError::ContainerAlreadyExists, "container " + name + " already exists");
if (Containers.size() + 1 > config().container().max_total())
return TError(EError::ResourceNotAvailable, "number of created containers exceeds limit");
auto parent = GetParent(name);
if (!parent && name != ROOT_CONTAINER)
return TError(EError::InvalidValue, "invalid parent container");
if (parent && parent->GetLevel() == CONTAINER_LEVEL_MAX)
return TError(EError::InvalidValue, "You shall not go deeper!");
if (parent && !parent->IsRoot() && !parent->IsPortoRoot()) {
error = parent->CheckPermission(cred);
if (error)
return error;
}
int id;
error = IdMap.Get(id);
if (error)
return error;
auto c = std::make_shared<TContainer>(shared_from_this(), Storage, name, parent, id);
error = c->Create(cred);
if (error)
return error;
Containers[name] = c;
Statistics->Created++;
if (parent)
parent->AddChild(c);
container = c;
return TError::Success();
}
// -----------------------------------------------------------------------------
// CDRMHelperServer::CheckExpirationL().
// This function check the time for rights to expire
// -----------------------------------------------------------------------------
//
void CDRMHelperServer::CheckExpirationL(
const TDesC8& aUri ,
const TUint8& aPermType ,
const TUint8& aRegType ,
TTime& aEndTime )
{
#ifdef _DRM_TESTING
WriteL(_L8("CheckExpiration"));
#endif
RPointerArray<CDRMPermission> rights;
RArray<TTimeBased> timeList;
TBool stop = EFalse;
TInt i = 0;
TInt err = 0;
TTimeIntervalYears years(KTimeIntervalYears);
TTime time = Time::MinTTime();
TTimeBased item;
TTimeIntervalSeconds interval = 0;
RPointerArray<HBufC8> imsi;
aEndTime = Time::MinTTime();
TRAP( err , iDrm.GetDBEntriesL(aUri, rights) );
CleanupClosePushL(rights);
if ( err == KErrCANoRights || err == KErrCANoPermission )
{
aEndTime = Time::MinTTime();
err = KErrNone;
stop = ETrue;
}
User::LeaveIfError(err);
TRAP( err, iDrm.GetSupportedIndividualsL( imsi ) );
if ( err )
{
imsi.ResetAndDestroy();
}
time.HomeTime();
// Goes through all the rights associated to this specific URI
CleanupClosePushL(timeList);
for (i = 0; i < rights.Count() && !stop; i++)
{
CheckPermission( rights[i], aPermType, item, interval ,imsi );
if (interval.Int()>0 ||
(item.StartTime()==Time::MinTTime()&&item.EndTime()==Time::MaxTTime()))
{
stop = ETrue;
aEndTime = Time::MaxTTime();
}
else
{
if (aRegType == CDRMHelperServer::EActive && item.StartTime()>time)
{
// dont count future time for active usage
}
else
{
err = timeList.Append( item );
if ( err )
{
rights.ResetAndDestroy();
imsi.ResetAndDestroy();
}
User::LeaveIfError(err);
}
}
}
rights.ResetAndDestroy();
imsi.ResetAndDestroy();
// if there were no inactivated interval- or full-rights then calculate the expiration date
// based on what we stored to timeList
if( !stop )
{
time.HomeTime(); // preset time to current time. This is what we compare against.
TTime temp;
TTime pastTime;
temp = time;
pastTime = Time::MinTTime();
TBool action = ETrue;
// Loop while there are still items in the list and we have done something
while( action && timeList.Count() > 0 )
{
action = EFalse;
for ( i = 0 ; i < timeList.Count() ; i++ ) // go through the whole timeList
{
#ifdef _DRM_TESTING
_LIT8(KCount , "time list count: %d");
TBuf8<40> buf;
buf.Format( KCount , timeList.Count());
WriteL( buf );
#endif
if ( timeList[i].StartTime() <= time && timeList[i].EndTime() > time )
{
// Case1: valid rights
time = timeList[i].EndTime();
timeList.Remove(i);
action = ETrue;
#ifdef _DRM_TESTING
WriteL(_L8("case 1:"));
WriteTimeL( time );
#endif
}
else if ( timeList[i].StartTime() <= time && timeList[i].EndTime() <= time )
{
// Case2: expired rights
if (timeList[i].EndTime()>pastTime) // just in case there is no valid rights
{
pastTime = timeList[i].EndTime(); // save the latest end time from the expired rights
}
timeList.Remove(i);
action = ETrue;
#ifdef _DRM_TESTING
WriteL(_L8("case 2:"));
#endif
}
else if ( timeList[i].StartTime() > time && timeList[i].EndTime() <= time )
{
// Case3: Illegal case. Start time after end-time.
timeList.Remove(i);
action = ETrue;
#ifdef _DRM_TESTING
WriteL(_L8("case 3:"));
#endif
}
else
{
// Case4: Only thing left is the not yet valid -rights
#ifdef _DRM_TESTING
WriteL(_L8("case 4:"));
#endif
}
}
}
if (temp<time)
{
aEndTime = time; // time has been changed, so we use it, otherwise it means there is no valid rights
}
else
{
aEndTime = pastTime;
}
#ifdef _DRM_TESTING
WriteL(_L8("expiration date:"));
WriteTimeL( aEndTime );
#endif
}
#ifdef _DRM_TESTING
WriteL(_L8("Endtime calculation is done:"));
WriteTimeL( aEndTime );
#endif
timeList.Reset();
CleanupStack::PopAndDestroy(&timeList); // timeList
CleanupStack::PopAndDestroy(&rights); // rights
}
