search

solettaproject / soletta

Soletta Project is a framework for making IoT devices. With Soletta Project's libraries developers can easily write software for devices that control actuators/sensors and communicate using standard technologies. It enables adding smartness even on the smallest edge devices.
http://solettaproject.org
Apache License 2.0
225 stars 108 forks source link

LWM2M: Fix check_authorization() for Access Control Objects #2281

Closed bsmelo closed 8 years ago

bsmelo commented 8 years ago

I'm improving the src/test/test-lwm2m.c program to cover all new functionalities added during GSoC, and found this issue.

This patch fixes a bug when a given LWM2M Server who owns a given Access Control Object Instance tries to modify it (for instance, to add or remove an ACL for a given third-party LWM2M Server).

There was no way to modify an Access Control Object Instance, since the check_authorization() would fail, not finding an Access Control Object Instance related to the target instance - which should not exist anyway. To fix it, a new condition was added in case the target obj_id == ACCESS_CONTROL_OBJECT_ID, in which we should only look for the target instance_id itself and then inside the OWNER Resource, not looking for ACLs or anything else.

Signed-off-by: Bruno Melo bsilva.melo@gmail.com

cabelitos commented 8 years ago

lgtm

bsmelo commented 8 years ago

An updated version is at #2282. Thanks!