net: lwm2m: Check access rights on composite operations

Composite operations need to check read/write access
rights as well.

Signed-off-by: Seppo Takalo <seppo.takalo@nordicsemi.no>

subsys/net/lib/lwm2m/lwm2m_message_handling.c

@@ -3305,6 +3305,16 @@ cleanup:
 int do_composite_read_op_for_parsed_list(struct lwm2m_message *msg, uint16_t content_format,
 					 sys_slist_t *path_list)
 {
+	struct lwm2m_obj_path_list *entry;
+
+	/* Check access rights */
+	SYS_SLIST_FOR_EACH_CONTAINER(path_list, entry, node) {
+		if (entry->path.level > LWM2M_PATH_LEVEL_NONE &&
+		    entry->path.obj_id == LWM2M_OBJECT_SECURITY_ID && !msg->ctx->bootstrap_mode) {
+			return -EACCES;
+		}
+	}
+
 	switch (content_format) {
 
 #if defined(CONFIG_LWM2M_RW_SENML_JSON_SUPPORT)

subsys/net/lib/lwm2m/lwm2m_rw_senml_cbor.c

@@ -940,10 +940,10 @@ int do_composite_read_op_senml_cbor(struct lwm2m_message *msg)
 
 	lwm2m_engine_clear_duplicate_path(&lwm_path_list, &lwm_path_free_list);
 
-	return do_composite_read_op_for_parsed_path_senml_cbor(msg, &lwm_path_list);
+	return do_composite_read_op_for_parsed_list(msg, LWM2M_FORMAT_APP_SENML_CBOR,
+						    &lwm_path_list);
 }
 
-
 int do_write_op_senml_cbor(struct lwm2m_message *msg)
 {
 	uint_fast8_t dret;

subsys/net/lib/lwm2m/lwm2m_rw_senml_json.c

@@ -1653,7 +1653,7 @@ int do_composite_read_op_senml_json(struct lwm2m_message *msg)
 	/* Clear path which are part are part of recursive path /1 will include /1/0/1 */
 	lwm2m_engine_clear_duplicate_path(&path_list, &free_list);
 
-	return do_composite_read_op_for_parsed_list_senml_json(msg, &path_list);
+	return do_composite_read_op_for_parsed_list(msg, LWM2M_FORMAT_APP_SEML_JSON, &path_list);
 }
 
 int do_send_op_senml_json(struct lwm2m_message *msg, sys_slist_t *lwm2m_path_list)