Manually merge Drive-Trust-Alliance#272

icomrade · Aug 7, 2022 · 6f07df7 · 6f07df7
1 parent 297c254
commit 6f07df7
Show file tree

Hide file tree

Showing 12 changed files with 385 additions and 97 deletions.
diff --git a/Common/DtaDev.h b/Common/DtaDev.h
@@ -159,11 +159,12 @@ class DtaDev {
 	virtual uint8_t loadPBA(char * password, char * filename) = 0;
 	/** Change the locking state of a locking range
 	 * @param lockingrange The number of the locking range (0 = global)
-	 * @param lockingstate  the locking state to set
-	 * @param Admin1Password password of administrative authority for locking range
+	 * @param lockingstate The locking state to set
+	 * @param userid The userid which will lock/unlock the locking range
+	 * @param password Password of the authority for locking range
 	 */
 	virtual uint8_t setLockingRange(uint8_t lockingrange, uint8_t lockingstate,
-		char * Admin1Password) = 0;
+		const char *userid, char * password) = 0;
 	/** Change the locking state of a locking range in Single User Mode
          * @param lockingrange The number of the locking range (0 = global)
          * @param lockingstate  the locking state to set
@@ -211,9 +212,10 @@ class DtaDev {
 	virtual uint8_t setBandsEnabled(int16_t rangeid, char * password) = 0;
 	/** Primitive to set the MBRDone flag.
 	 * @param state 0 or 1
-	 * @param Admin1Password Locking SP authority with access to flag
+	 * @param userid the authority name
+	 * @param password Locking SP authority with access to flag
 	 */
-	virtual uint8_t setMBRDone(uint8_t state, char * Admin1Password) = 0;
+	virtual uint8_t setMBRDone(uint8_t state, const char *userid, char * password) = 0;
 	/** Primitive to set the MBREnable flag.
 	 * @param state 0 or 1
 	 * @param Admin1Password Locking SP authority with access to flag
@@ -293,6 +295,11 @@ class DtaDev {
 	virtual uint8_t exec(DtaCommand * cmd, DtaResponse & resp, uint8_t protocol = 0x01) = 0;
 	/** return the communications ID to be used for sessions to this device */
 	virtual uint16_t comID() = 0;
+	/** Add the UserX authority to Locking (Rd/RW) ACEs
+	 * @param userid The user to add to Locking ACEs
+	 * @param Admin1Password Password of the LockingSP authority
+	 */
+    virtual uint8_t addUserToLockingACEs(const char *userid, char* Admin1Password) = 0;
 	bool no_hash_passwords; /** disables hashing of passwords */
 	sedutiloutput output_format; /** standard, readable, JSON */
 protected:

diff --git a/Common/DtaDevEnterprise.cpp b/Common/DtaDevEnterprise.cpp
@@ -181,7 +181,7 @@ uint8_t DtaDevEnterprise::initialSetup(char * password)
 		return lastRC;
 	}
 	if ((lastRC = setLockingRange(0,
-        OPAL_LOCKINGSTATE::READWRITE, password)) != 0) {
+        OPAL_LOCKINGSTATE::READWRITE, "Admin1", password)) != 0) {
 		LOG(E) << "Initial setup failed - unable to unlock for read/write";
 		return lastRC;
 	}
@@ -365,13 +365,13 @@ uint8_t DtaDevEnterprise::revertLockingSP(char * password, uint8_t keep)
 	cmd->addToken(OPAL_TOKEN::ENDNAME);
 	cmd->addToken(OPAL_TOKEN::ENDLIST);
 	cmd->complete();
+	session->expectAbort();
 	if ((lastRC = session->sendCommand(cmd, response)) != 0) {
 		delete cmd;
 		delete session;
 		return lastRC;
 	}
 	LOG(I) << "revertLockingSP completed successfully";
-	session->expectAbort();
 	delete cmd;
 	delete session;
 	LOG(D1) << "Exiting DtaDevEnterprise::revertLockingSP()";
@@ -435,20 +435,28 @@ uint8_t DtaDevEnterprise::setPassword(char * password, char * userid, char * new
 		return lastRC;
 	}
 
-	std::vector<uint8_t> hash;
 	if ((newpassword == NULL) || (*newpassword == '\0')) {
-		hash.push_back(0xd0);
-		hash.push_back((uint8_t)strnlen(newpwd, 255));
+		std::vector<uint8_t> tmppwd;
+
+		tmppwd.push_back(0xd0);
+		tmppwd.push_back((uint8_t)strnlen(newpwd, 255));
 		for (unsigned int i = 0; i < strnlen(newpwd, 255); i++) {
-			hash.push_back(newpwd[i]);
+			tmppwd.push_back(newpwd[i]);
+		}
+
+		if ((lastRC = setTable(usercpin, "PIN", tmppwd)) != 0) {
+			LOG(E) << "Unable to set user " << userid << " new password ";
+			delete session;
+			return lastRC;
 		}
 	} else {
+		std::vector<uint8_t> hash;
 		DtaHashPwd(hash, newpwd, this);
-	}
-	if ((lastRC = setTable(usercpin, "PIN", hash)) != 0) {
-		LOG(E) << "Unable to set user " << userid << " new password ";
-		delete session;
-		return lastRC;
+		if ((lastRC = setTable(usercpin, "PIN", hash)) != 0) {
+			LOG(E) << "Unable to set user " << userid << " new password ";
+			delete session;
+			return lastRC;
+		}
 	}
 	LOG(I) << userid << " password changed";
 	delete session;
@@ -470,10 +478,10 @@ uint8_t DtaDevEnterprise::setMBREnable(uint8_t mbrstate,	char * Admin1Password)
 	LOG(D1) << "Exiting DtaDevEnterprise::setMBREnable";
 	return 0;
 }
-uint8_t DtaDevEnterprise::setMBRDone(uint8_t mbrstate, char * Admin1Password)
+uint8_t DtaDevEnterprise::setMBRDone(uint8_t mbrstate, const char *userid, char * password)
 {
 	LOG(D1) << "Entering DtaDevEnterprise::setMBRDone";
-	if (NULL == Admin1Password) { LOG(E) << "This shouldn't happen " << mbrstate; }
+	if (NULL == password) { LOG(E) << "This shouldn't happen " << mbrstate; }
 	LOG(I) << "MBR shadowing is optional in the Enterprise SSC and not supported";
 	LOG(D1) << "Exiting DtaDevEnterprise::setMBRDone";
 	return 0;
@@ -749,7 +757,7 @@ uint8_t DtaDevEnterprise::listLockingRanges(char * password, int16_t rangeid)
 }
 
 uint8_t DtaDevEnterprise::setLockingRange(uint8_t lockingrange, uint8_t lockingstate,
-	char * password)
+	const char *userid, char * password)
 {
 	LOG(D1) << "Entering DtaDevEnterprise::setLockingRange";
 	uint8_t lastRC;
@@ -889,13 +897,13 @@ uint8_t DtaDevEnterprise::revertTPer(char * password, uint8_t PSID, uint8_t Admi
 	cmd->addToken(OPAL_TOKEN::STARTLIST);
 	cmd->addToken(OPAL_TOKEN::ENDLIST);
 	cmd->complete();
+	session->expectAbort();
 	if ((lastRC = session->sendCommand(cmd, response)) != 0) {
 		delete cmd;
 		delete session;
 		return lastRC;
 	}
 	LOG(I) << "revertTper completed successfully";
-	session->expectAbort();
 	delete cmd;
 	delete session;
 	LOG(D1) << "Exiting DtaDevEnterprise::revertTPer()";
@@ -1266,61 +1274,64 @@ uint8_t DtaDevEnterprise::setSIDPassword(char * oldpassword, char * newpassword,
 {
 	LOG(D1) << "Entering DtaDevEnterprise::setSIDPassword()";
 	uint8_t lastRC;
-	string defaultPassword;
-	char *pwd = oldpassword, *newpwd = newpassword;
 
-	std::vector<uint8_t> user;
-	set8(user, OPALUID[OPAL_SID_UID]);
+	vector<uint8_t> user;
+    set8(user, OPALUID[OPAL_SID_UID]);
 
-	std::vector<uint8_t> usercpin;
-	set8(usercpin, OPALUID[OPAL_C_PIN_SID]);
+    vector<uint8_t> usercpin;
+    set8(usercpin, OPALUID[OPAL_C_PIN_SID]);
 
-	if ((oldpassword == NULL) || (*oldpassword == '\0') ||
-	  (newpassword == NULL) || (*newpassword == '\0')) {
+	if (*oldpassword == '\0')
+	{
 		if ((lastRC = getDefaultPassword()) != 0) {
-			LOG(E) << "setSIDPassword failed to retrieve MSID";
+			LOG(E) << "setPassword failed to retrieve MSID";
 			return lastRC;
 		}
-		defaultPassword = response.getString(5);
-		if ((oldpassword == NULL) || (*oldpassword == '\0')) {
-			pwd = (char *)defaultPassword.c_str();
-			hasholdpwd = 0;
+		string defaultPassword = response.getString(5);
+		session = new DtaSession(this);
+		if (session == NULL) {
+			LOG(E) << "Unable to create session object ";
+			return DTAERROR_OBJECT_CREATE_FAILED;
 		}
-
-		if ((newpassword == NULL) || (*newpassword == '\0')) {
-			newpwd = (char *)defaultPassword.c_str();
-			hashnewpwd = 0;
+		session->dontHashPwd();
+		if ((lastRC = session->start(OPAL_UID::OPAL_ADMINSP_UID, (char *)defaultPassword.c_str(), user)) != 0) {
+			delete session;
+			return lastRC;
 		}
 	}
-
-	session = new DtaSession(this);
-	if (session == NULL) {
-		LOG(E) << "Unable to create session object ";
-		return DTAERROR_OBJECT_CREATE_FAILED;
-	}
-	if (!hasholdpwd)
+	else
+	{
+		session = new DtaSession(this);
+		if (session == NULL) {
+			LOG(E) << "Unable to create session object ";
+			return DTAERROR_OBJECT_CREATE_FAILED;
+		}
 		session->dontHashPwd();
-	if ((lastRC = session->start(OPAL_UID::OPAL_ADMINSP_UID, pwd, user)) != 0) {
-		delete session;
-		return lastRC;
+		if (!hasholdpwd) session->dontHashPwd();
+		if ((lastRC = session->start(OPAL_UID::OPAL_ADMINSP_UID, oldpassword, user)) != 0) {
+			delete session;
+			return lastRC;
+		}
 	}
-
-	std::vector<uint8_t> hash;
-	if (hashnewpwd) {
-		DtaHashPwd(hash, newpwd, this);
-	} else {
+	vector<uint8_t> hash;
+	if (hashnewpwd)
+    {
+		DtaHashPwd(hash, newpassword, this);
+	}
+	else
+    {
 		hash.push_back(0xd0);
-		hash.push_back((uint8_t)strnlen(newpwd, 255));
-		for (uint16_t i = 0; i < strnlen(newpwd, 255); i++) {
-			hash.push_back(newpwd[i]);
+		hash.push_back((uint8_t)strnlen(newpassword, 255));
+		for (uint16_t i = 0; i < strnlen(newpassword, 255); i++)
+        {
+			hash.push_back(newpassword[i]);
 		}
 	}
 	if ((lastRC = setTable(usercpin, "PIN", hash)) != 0) {
 		LOG(E) << "Unable to set new SID password ";
 		delete session;
 		return lastRC;
 	}
-	LOG(I) << "SID password changed";
 	delete session;
 	LOG(D1) << "Exiting DtaDevEnterprise::setSIDPassword()";
 	return 0;
@@ -1666,6 +1677,13 @@ uint8_t DtaDevEnterprise::objDump(char *sp, char * auth, char *pass,
 	LOG(D1) << "Exiting DtaDevEnterprise::objDump";
 	return 0;
 }
+uint8_t DtaDevEnterprise::addUserToLockingACEs(const char *userid, char * Admin1Password)
+{
+	LOG(D1) << "Entering DtaDevEnterprise::addUserLockingACEs";
+	LOG(I) << "Enable User1 Locking ACES in the Enterprise SSC is not supported";
+	LOG(D1) << "Exiting DtaDevEnterprise::addUserLockingACEs";
+	return 0;
+}
 #ifdef _MSC_VER
 #pragma warning(pop)
 #endif
diff --git a/Common/DtaDevEnterprise.h b/Common/DtaDevEnterprise.h
@@ -113,7 +113,7 @@ class DtaDevEnterprise : public DtaDevOS {
          * @param state 0 or 1  
          * @param Admin1Password Locking SP authority with access to flag
          */
-	uint8_t setMBRDone(uint8_t state, char * Admin1Password);
+	uint8_t setMBRDone(uint8_t state, const char *userid, char * password);
         /** Primitive to set the MBREnable flag.
          * @param state 0 or 1  
          * @param Admin1Password Locking SP authority with access to flag
@@ -129,7 +129,7 @@ class DtaDevEnterprise : public DtaDevOS {
 	/** dummy code not implemented in the enterprise SSC*/
 	uint8_t setNewPassword_SUM(char * password, char * userid, char * newpassword);
 	uint8_t setLockingRange(uint8_t lockingrange, uint8_t lockingstate,
-		char * password);
+		const char *userid, char * password);
 	/** dummy code not implemented in the enterprise SSC*/
 	uint8_t setLockingRange_SUM(uint8_t lockingrange, uint8_t lockingstate,
 		char * password);
@@ -205,6 +205,12 @@ class DtaDevEnterprise : public DtaDevOS {
 	uint8_t rawCmd(char *sp, char *hexauth, char *pass,
 		char *hexinvokingUID, char *hexmethod, char *hexparms);
 
+	/** Add the UserX authority to Locking (Rd/RW) ACEs
+	 * @param userid The user to add to Locking ACEs
+	 * @param Admin1Password Password of the LockingSP authority
+	 */
+    uint8_t addUserToLockingACEs(const char *userid, char *Admin1Password);
+
 protected:
 	uint8_t getDefaultPassword();
 private:

diff --git a/Common/DtaDevGeneric.cpp b/Common/DtaDevGeneric.cpp
@@ -70,9 +70,9 @@ uint8NOCODE(setup_SUM, uint8_t lockingrange, uint64_t start, uint64_t length, ch
 uint8NOCODE(setPassword,char * password, char * userid, char * newpassword)
 uint8NOCODE(setNewPassword_SUM,char * password, char * userid, char * newpassword)
 uint8NOCODE(setMBREnable,uint8_t mbrstate, char * Admin1Password)
-uint8NOCODE(setMBRDone,uint8_t mbrstate, char * Admin1Password)
+uint8NOCODE(setMBRDone,uint8_t mbrstate, const char *userid, char * password)
 uint8NOCODE(setLockingRange,uint8_t lockingrange, uint8_t lockingstate,
-	char * Admin1Password)
+	const char *userid, char * password)
 uint8NOCODE(setLockingRange_SUM, uint8_t lockingrange, uint8_t lockingstate,
 	char * password)
 uint8NOCODE(setupLockingRange,uint8_t lockingrange, uint64_t start,
@@ -93,6 +93,7 @@ uint8NOCODE(eraseLockingRange_SUM, uint8_t lockingrange, char * password)
 uint8NOCODE(takeOwnership, char * newpassword)
 uint8NOCODE(setSIDPassword,char * oldpassword, char * newpassword,
 	uint8_t hasholdpwd, uint8_t hashnewpwd)
+uint8NOCODE(addUserToLockingACEs, const char* userid, char * Admin1Password)
 uint16_t DtaDevGeneric::comID()
 {
 	LOG(E) << "Generic Device class does not support function " << "comID" << std::endl; 

diff --git a/Common/DtaDevGeneric.h b/Common/DtaDevGeneric.h
@@ -97,7 +97,7 @@ class DtaDevGeneric : public DtaDevOS {
          * @param Admin1Password password of administrative authority for locking range 
          */
 	 uint8_t setLockingRange(uint8_t lockingrange, uint8_t lockingstate,
-		char * Admin1Password) ;
+		const char *userid, char * password) ;
 	 /** Change the locking state of a locking range in Single User Mode
          * @param lockingrange The number of the locking range (0 = global)
          * @param lockingstate  the locking state to set
@@ -147,7 +147,7 @@ class DtaDevGeneric : public DtaDevOS {
 	 * @param lockingrange locking range number
 	 */
 	 uint8_t setBandsEnabled(int16_t rangeid, char * password);
-	 uint8_t setMBRDone(uint8_t state, char * Admin1Password) ;
+	 uint8_t setMBRDone(uint8_t state, const char *userid, char * password) ;
          /** Primitive to set the MBREnable flag.
          * @param state 0 or 1  
          * @param Admin1Password Locking SP authority with access to flag
@@ -224,4 +224,9 @@ class DtaDevGeneric : public DtaDevOS {
 	 uint8_t exec(DtaCommand * cmd, DtaResponse & resp, uint8_t protocol = 1) ;
          /** return the communications ID to be used for sessions to this device */
 	 uint16_t comID() ;
+	/** Add the UserX authority to Locking (Rd/RW) ACEs
+	 * @param userid The user to add to Locking ACEs
+	 * @param Admin1Password Password of the LockingSP authority
+	 */
+	 uint8_t addUserToLockingACEs(const char *userid, char *Admin1Password);
 };