From a03deb8ef3c940bac125e35442ba00bd2e6f51bb Mon Sep 17 00:00:00 2001
From: Juha Heiskanen <juha.heiskanen@nordicsemi.no>
Date: Tue, 1 Feb 2022 02:45:52 -0800
Subject: [PATCH] net: lwm2m: Fix Server Object SSID access

Server Object SSID should only have Read access.
LightweightM2M-1.1-int-256 confirmance test validate
that write operation to SSID should return error.
Overwrite SSID affect dead block for lwm2m engine and
only reset will heal.

Fix by adding bootstrap overwrite access for Security and
Server object when bootstrap is active.

Signed-off-by: Juha Heiskanen <juha.heiskanen@nordicsemi.no>
---
 subsys/net/lib/lwm2m/lwm2m_engine.c        | 15 +++++++++++++++
 subsys/net/lib/lwm2m/lwm2m_engine.h        |  2 ++
 subsys/net/lib/lwm2m/lwm2m_obj_server.c    |  7 +------
 subsys/net/lib/lwm2m/lwm2m_rw_json.c       |  3 ++-
 subsys/net/lib/lwm2m/lwm2m_rw_oma_tlv.c    |  3 ++-
 subsys/net/lib/lwm2m/lwm2m_rw_plain_text.c |  3 ++-
 6 files changed, 24 insertions(+), 9 deletions(-)

diff --git a/subsys/net/lib/lwm2m/lwm2m_engine.c b/subsys/net/lib/lwm2m/lwm2m_engine.c
index 4431e71507d..fbe2eeee579 100644
--- a/subsys/net/lib/lwm2m/lwm2m_engine.c
+++ b/subsys/net/lib/lwm2m/lwm2m_engine.c
@@ -2485,6 +2485,21 @@ static int lwm2m_write_handler_opaque(struct lwm2m_engine_obj_inst *obj_inst,
 	return opaque_ctx.len;
 }
 
+bool lwm2m_engine_bootstrap_override(struct lwm2m_ctx *client_ctx, struct lwm2m_obj_path *path)
+{
+	if (!client_ctx->bootstrap_mode) {
+		/* Bootstrap is not active override is not possible then */
+		return false;
+	}
+
+	if (path->obj_id == LWM2M_OBJECT_SECURITY_ID || path->obj_id == LWM2M_OBJECT_SERVER_ID) {
+		/* Bootstrap server have a access to Security and Server object */
+		return true;
+	}
+
+	return false;
+}
+
 /* This function is exposed for the content format writers */
 int lwm2m_write_handler(struct lwm2m_engine_obj_inst *obj_inst,
 			struct lwm2m_engine_res *res,
diff --git a/subsys/net/lib/lwm2m/lwm2m_engine.h b/subsys/net/lib/lwm2m/lwm2m_engine.h
index e33b307cb35..a8b16d5dde9 100644
--- a/subsys/net/lib/lwm2m/lwm2m_engine.h
+++ b/subsys/net/lib/lwm2m/lwm2m_engine.h
@@ -104,6 +104,8 @@ int lwm2m_write_handler(struct lwm2m_engine_obj_inst *obj_inst,
 			struct lwm2m_engine_obj_field *obj_field,
 			struct lwm2m_message *msg);
 
+bool lwm2m_engine_bootstrap_override(struct lwm2m_ctx *client_ctx, struct lwm2m_obj_path *path);
+
 int lwm2m_discover_handler(struct lwm2m_message *msg, bool is_bootstrap);
 
 enum coap_block_size lwm2m_default_block_size(void);
diff --git a/subsys/net/lib/lwm2m/lwm2m_obj_server.c b/subsys/net/lib/lwm2m/lwm2m_obj_server.c
index 510310a524e..f1507bdce62 100644
--- a/subsys/net/lib/lwm2m/lwm2m_obj_server.c
+++ b/subsys/net/lib/lwm2m/lwm2m_obj_server.c
@@ -85,12 +85,7 @@ static char  transport_binding[MAX_INSTANCE_COUNT][TRANSPORT_BINDING_LEN];
 
 static struct lwm2m_engine_obj server;
 static struct lwm2m_engine_obj_field fields[] = {
-	/*
-	 * LwM2M TS "E.2 LwM2M Object: LwM2M Server" page 107, describes
-	 * Short Server ID as READ-ONLY, but BOOTSTRAP server will attempt
-	 * to write it, so it needs to be RW
-	 */
-	OBJ_FIELD_DATA(SERVER_SHORT_SERVER_ID, RW, U16),
+	OBJ_FIELD_DATA(SERVER_SHORT_SERVER_ID, R, U16),
 	OBJ_FIELD_DATA(SERVER_LIFETIME_ID, RW, U32),
 	OBJ_FIELD_DATA(SERVER_DEFAULT_MIN_PERIOD_ID, RW_OPT, U32),
 	OBJ_FIELD_DATA(SERVER_DEFAULT_MAX_PERIOD_ID, RW_OPT, U32),
diff --git a/subsys/net/lib/lwm2m/lwm2m_rw_json.c b/subsys/net/lib/lwm2m/lwm2m_rw_json.c
index bfeee93e61a..0c0943eefe1 100644
--- a/subsys/net/lib/lwm2m/lwm2m_rw_json.c
+++ b/subsys/net/lib/lwm2m/lwm2m_rw_json.c
@@ -1028,7 +1028,8 @@ int do_write_op_json(struct lwm2m_message *msg)
 			 * resources are ignored
 			 */
 
-			if (!LWM2M_HAS_PERM(obj_field, LWM2M_PERM_W)) {
+			if (!LWM2M_HAS_PERM(obj_field, LWM2M_PERM_W) &&
+			    !lwm2m_engine_bootstrap_override(msg->ctx, &msg->path)) {
 				ret = -EPERM;
 				break;
 			}
diff --git a/subsys/net/lib/lwm2m/lwm2m_rw_oma_tlv.c b/subsys/net/lib/lwm2m/lwm2m_rw_oma_tlv.c
index 148174a57b7..11789775aa2 100644
--- a/subsys/net/lib/lwm2m/lwm2m_rw_oma_tlv.c
+++ b/subsys/net/lib/lwm2m/lwm2m_rw_oma_tlv.c
@@ -821,7 +821,8 @@ static int do_write_op_tlv_item(struct lwm2m_message *msg)
 		goto error;
 	}
 
-	if (!LWM2M_HAS_PERM(obj_field, LWM2M_PERM_W)) {
+	if (!LWM2M_HAS_PERM(obj_field, LWM2M_PERM_W) &&
+	    !lwm2m_engine_bootstrap_override(msg->ctx, &msg->path)) {
 		ret = -EPERM;
 		goto error;
 	}
diff --git a/subsys/net/lib/lwm2m/lwm2m_rw_plain_text.c b/subsys/net/lib/lwm2m/lwm2m_rw_plain_text.c
index c79500bed39..36de09a4e95 100644
--- a/subsys/net/lib/lwm2m/lwm2m_rw_plain_text.c
+++ b/subsys/net/lib/lwm2m/lwm2m_rw_plain_text.c
@@ -446,7 +446,8 @@ int do_write_op_plain_text(struct lwm2m_message *msg)
 		return -ENOENT;
 	}
 
-	if (!LWM2M_HAS_PERM(obj_field, LWM2M_PERM_W)) {
+	if (!LWM2M_HAS_PERM(obj_field, LWM2M_PERM_W) &&
+	    !lwm2m_engine_bootstrap_override(msg->ctx, &msg->path)) {
 		return -EPERM;
 	}