Merging release/4.1.0

Author: Richard Holme

RELEASES.md

@@ -1,4 +1,33 @@
 # Release History
+
+## Release 4.1.0
+  * New Features
+    * Search expressions supported in Bulk Data Collection
+    * 'obuspa -c show data model' includes USP command and event arguments
+  * Bug Fixes
+    * MQTT Connection failure over TLS with libmosquitto 1.6.13+
+    * Some ChallengeResponse parameters were not using base64
+    * Device.LocalAgent.CertificateNumberOfEntries returns empty string rather than 0
+    * Device.MQTT.Client.1.Status returns "Running" rather than "Connected"
+    * Device.Security.Certificate.1.Alias is not defined in TR181
+    * Probuf protocol trace does not indicate if truncated
+    * Removed unnecessary allowed_controllers code
+    * Untrusted role cannot issue a RequestChallenge() or ChallengeResponse() command
+    * Bulk Data Collection using USPNotif throws console error related to HTTP URL (GH Issue #20)
+    * Race hazard prevents changing MQTT connection parameters
+    * 'obuspa -e' option accepted, even if C library cannot print callstack
+    * Certificate validity dates reported incorrectly on 32 bit platforms for dates after 2038
+    * Object deletion notification not sent for nested objects (GH Issue #21)
+  * Data Model Enhancements
+    * Device.MQTT.Capabilities
+  * API Enhancements
+    * Table objects must now be registered before child parameters
+    * USP_REGISTER_Param_SupportedList()
+    * USP_DM_InformDataModelEvent()
+    * MQTT password via get_mtp_password_cb
+  * Known Issues
+    * ControllerTrust ChallengeResponse handling of retries
+
 ## Release 4.0.0
   * ControllerTrust support
     * Challenge/Response mechanism

src/core/coap_server.c

@@ -94,7 +94,6 @@ typedef struct
                             // (because the request was received on a new DTLS session, the response will likely need to be too)
 
     STACK_OF(X509) *cert_chain; // Full SSL certificate chain for the CoAP connection, collected in the SSL verify callback
-    char *allowed_controllers; // pattern describing the endpoint_id of controllers which is granted access to this agent
     ctrust_role_t role;     // role granted by the CA cert in the chain of trust with the CoAP client
 
     nu_ipaddr_t peer_addr;   // Current peer that sent the first block. Whilst building up a USP Record, only PDUs from this peer are accepted
@@ -801,7 +800,6 @@ void InitCoapSession(coap_server_session_t *css)
     css->wbio = NULL;
     css->is_first_usp_msg = true;
     css->cert_chain = NULL;
-    css->allowed_controllers = NULL;
     css->role = ROLE_DEFAULT;    // Set default role, if not determined from SSL certs
     memset(&css->peer_addr, 0, sizeof(css->peer_addr));
     css->peer_port = INVALID;
@@ -1034,7 +1032,7 @@ int PerformSessionDtlsConnect(coap_server_session_t *css)
     if (css->cert_chain != NULL)
     {
         // Exit if unable to determine the role associated with the trusted root cert that signed the peer cert
-        err = DEVICE_SECURITY_GetControllerTrust(css->cert_chain, &css->role, &css->allowed_controllers);
+        err = DEVICE_SECURITY_GetControllerTrust(css->cert_chain, &css->role);
         if (err != USP_ERR_OK)
         {
             USP_LOG_Error("%s: DEVICE_SECURITY_GetControllerTrust() failed. Resetting CoAP session", __FUNCTION__);
@@ -1084,7 +1082,6 @@ void StopCoapSession(coap_server_session_t *css)
         sk_X509_pop_free(css->cert_chain, X509_free);
         css->cert_chain = NULL;
     }
-    USP_SAFE_FREE(css->allowed_controllers);
 
     // Free the SSL object, gracefully shutting down the SSL connection
     // NOTE: This also frees the BIO object (if one exists) as it is owned by the SSL object
@@ -1247,7 +1244,7 @@ void ReceiveCoapBlock(coap_server_t *cs, coap_server_session_t *css)
             css->is_first_usp_msg = false;
 
             // Post the USP record for processing
-            DM_EXEC_PostUspRecord(css->usp_buf, css->usp_buf_len, css->role, css->allowed_controllers, &mtp_reply_to);
+            DM_EXEC_PostUspRecord(css->usp_buf, css->usp_buf_len, css->role, &mtp_reply_to);
             FreeReceivedUspRecord(css);
         }
     }

src/core/data_model.c

@@ -120,6 +120,7 @@ int DeleteChildParams_MultiInstanceObject(char *path, int path_len, dm_node_t *n
 int strncpy_path_segments(char *dst, char *src, int maxlen);
 void DumpSchemaFromRoot(dm_node_t *root, char *name);
 void AddChildNodes(dm_node_t *parent, str_vector_t *sv);
+void AddChildArgs(str_vector_t *sv, char *path, str_vector_t *args, char *arg_type);
 int SortSchemaPath(const void *p1, const void *p2);
 int RegisterDefaultControllerTrust(void);
 void DestroySchemaRecursive(dm_node_t *parent);
@@ -3065,6 +3066,14 @@ dm_node_t *DM_PRIV_AddSchemaPath(char *path, dm_node_type_t type, unsigned flags
         child = DM_PRIV_FindMatchingChild(parent, seg->name);
         if (child == NULL)
         {
+            // Do not allow tables to be registered implicitly by a parameter. Only allow them to be registered explicitly.
+            // Only non-table objects are registered implicitly
+            if ((seg->type == kDMNodeType_Object_MultiInstance) && (i != num_segments-1))
+            {
+                USP_ERR_SetMessage("%s: %s must be registered before %s", __FUNCTION__, schema_path, path);
+                return NULL;
+            }
+
             // Node has not yet been added, so add it
             child = CreateNode(seg->name, seg->type, schema_path);
             if (child == NULL)
@@ -3082,7 +3091,9 @@ dm_node_t *DM_PRIV_AddSchemaPath(char *path, dm_node_type_t type, unsigned flags
                 inst.order++;
             }
 
-            // Default the group_id, if this is an object which we are adding implicitly to the data model by registering a parameter
+            // Default the group_id
+            // For grouped table objects, this will be overridden by the caller
+            // For non table objects, the group_id is effectively 'don't care' as non-table objects are not accessible via the grouped vendor hook APIs
             if (IsObject(child))
             {
                 dm_object_info_t *info;
@@ -4187,6 +4198,7 @@ int DeleteChildParams_MultiInstanceObject(char *path, int path_len, dm_node_t *n
         DM_INST_VECTOR_Remove(inst);
 
         // Add this object instance to the list of instances which are pending notification to the vendor
+        path[path_len+len] = '\0';
         DM_TRANS_Add(kDMOp_Del, path, NULL, NULL, node, inst);
     }
 
@@ -4458,8 +4470,25 @@ int SortSchemaPath(const void *p1, const void *p2)
 void AddChildNodes(dm_node_t *parent, str_vector_t *sv)
 {
     dm_node_t *child;
+    char obj_path[MAX_DM_PATH];
+    char *path;
+
+    // Add this node to the string vector
+    USP_SNPRINTF(obj_path, sizeof(obj_path), "%s.", parent->path);
+    path = (IsObject(parent)) ? obj_path : parent->path;
+    STR_VECTOR_Add(sv, path);
+
+    // Add arguments (if applicable) to string vector
+    if (IsOperation(parent))
+    {
+        AddChildArgs(sv, parent->path, &parent->registered.oper_info.input_args, "input");
+        AddChildArgs(sv, parent->path, &parent->registered.oper_info.output_args, "output");
+    }
 
-    STR_VECTOR_Add(sv, parent->path);
+    if (parent->type == kDMNodeType_Event)
+    {
+        AddChildArgs(sv, parent->path, &parent->registered.event_info.event_args, "event_arg");
+    }
 
     // Iterate over list of children
     child = (dm_node_t *) parent->child_nodes.head;
@@ -4472,6 +4501,32 @@ void AddChildNodes(dm_node_t *parent, str_vector_t *sv)
     }
 }
 
+/*********************************************************************//**
+**
+** AddChildArgs
+**
+** Function called to add recursively to add the schema paths of all nodes to a string vector
+**
+** \param   sv - pointer to string vector in which to add the schema paths
+** \param   path - data model path of the USP command or event
+** \param   args - pointer to string vector containing arguments to add to the schema path vector
+** \param   arg_type - pointer to string describing type of argument (input, output, or event_arg)
+**
+** \return  None
+**
+**************************************************************************/
+void AddChildArgs(str_vector_t *sv, char *path, str_vector_t *args, char *arg_type)
+{
+    int i;
+    char buf[MAX_DM_PATH];
+
+    for (i=0; i < args->num_entries; i++)
+    {
+        USP_SNPRINTF(buf, sizeof(buf), "%s %s:%s", path, arg_type, args->vector[i]);
+        STR_VECTOR_Add(sv, buf);
+    }
+}
+
 /*********************************************************************//**
 **
 ** FindNodeFromHash
@@ -4525,6 +4580,8 @@ int RegisterDefaultControllerTrust(void)
     err |= USP_DM_RegisterRoleName(kCTrustRole_Untrusted,  "Untrusted");
     err |= USP_DM_AddControllerTrustPermission(kCTrustRole_Untrusted, "Device.", PERMIT_NONE);
     err |= USP_DM_AddControllerTrustPermission(kCTrustRole_Untrusted, "Device.DeviceInfo.", PERMIT_GET | PERMIT_OBJ_INFO);
+    err |= USP_DM_AddControllerTrustPermission(kCTrustRole_Untrusted, "Device.LocalAgent.ControllerTrust.RequestChallenge()", PERMIT_OPER);
+    err |= USP_DM_AddControllerTrustPermission(kCTrustRole_Untrusted, "Device.LocalAgent.ControllerTrust.ChallengeResponse()", PERMIT_OPER);
 
     if (err != USP_ERR_OK)
     {

src/core/data_model.h

@@ -266,6 +266,8 @@ extern char *reboot_cause_path;
                           (node->type == kDMNodeType_DBParam_ReadWriteAuto) || \
                           (node->type == kDMNodeType_DBParam_Secure))
 
+#define IsOperation(node)  ((node->type == kDMNodeType_SyncOperation) || (node->type == kDMNodeType_AsyncOperation))
+
 //------------------------------------------------------------------------------
 // Definitions for flags in DATA_MODEL_GetParameterValue()
 #define SHOW_PASSWORD 0x00000001        // Used internally by USP Agent to get the actual value of passwords (default behaviour is to return an empty string)

src/core/device.h

@@ -1,7 +1,7 @@
 /*
  *
  * Copyright (C) 2019-2021, Broadband Forum
- * Copyright (C) 2016-2020  CommScope, Inc
+ * Copyright (C) 2016-2021  CommScope, Inc
  * Copyright (C) 2020, BT PLC
  *
  * Redistribution and use in source and binary forms, with or without
@@ -148,7 +148,7 @@ int DEVICE_CONTROLLER_QueueBinaryMessage(Usp__Header__MsgType usp_msg_type, char
 char *DEVICE_CONTROLLER_FindEndpointIdByInstance(int instance);
 int DEVICE_CONTROLLER_GetCombinedRole(int instance, combined_role_t *combined_role);
 int DEVICE_CONTROLLER_GetCombinedRoleByEndpointId(char *endpoint_id, combined_role_t *combined_role);
-void DEVICE_CONTROLLER_SetRolesFromStomp(int stomp_instance, ctrust_role_t role, char *allowed_controllers);
+void DEVICE_CONTROLLER_SetRolesFromStomp(int stomp_instance, ctrust_role_t role);
 int DEVICE_CONTROLLER_GetSubsRetryParams(char *endpoint_id, unsigned *min_wait_interval, unsigned *interval_multiplier);
 void DEVICE_CONTROLLER_NotifyStompConnDeleted(int stomp_instance);
 int DEVICE_MTP_Init(void);
@@ -183,7 +183,7 @@ void DEVICE_SUBSCRIPTION_Dump(void);
 int DEVICE_SECURITY_Init(void);
 int DEVICE_SECURITY_Start(void);
 void DEVICE_SECURITY_Stop(void);
-int DEVICE_SECURITY_GetControllerTrust(STACK_OF(X509) *cert_chain, ctrust_role_t *role, char **allowed_controllers);
+int DEVICE_SECURITY_GetControllerTrust(STACK_OF(X509) *cert_chain, ctrust_role_t *role);
 bool DEVICE_SECURITY_IsClientCertAvailable(void);
 SSL_CTX *DEVICE_SECURITY_CreateSSLContext(const SSL_METHOD *method, int verify_mode, ssl_verify_callback_t verify_callback);
 int DEVICE_SECURITY_LoadTrustStore(SSL_CTX *ssl_ctx, int verify_mode, ssl_verify_callback_t verify_callback);
@@ -230,7 +230,7 @@ void DEVICE_CONTROLLER_NotifyMqttConnDeleted(int mqtt_instance);
 void DEVICE_MTP_NotifyMqttConnDeleted(int mqtt_instance);
 int DEVICE_MTP_ValidateMqttReference(dm_req_t *req, char *value);
 int DEVICE_MQTT_QueueBinaryMessage(Usp__Header__MsgType usp_msg_type, int instance, char *topic, char *response_topic, unsigned char *pbuf, int pbuf_len);
-void DEVICE_CONTROLLER_SetRolesFromMqtt(int mqtt_instance, ctrust_role_t role, char *allowed_controllers);
+void DEVICE_CONTROLLER_SetRolesFromMqtt(int mqtt_instance, ctrust_role_t role);
 char *DEVICE_CONTROLLER_GetControllerTopic(int mqtt_instance);
 
 //------------------------------------------------------------------------------