Menu
▾
▴
[devel] [PATCH 1 of 1] imm: Provide validation for config changes on imm service objects [#951]
|
From: Anders B. <and...@er...> - 2014-07-09 09:48:24
|
osaf/services/saf/immsv/immnd/ImmModel.cc | 94 ++++++++++++++++++++++++++++--
1 files changed, 86 insertions(+), 8 deletions(-)
The six validation cases described in the ticket are implemented by this
changeset:
For the object 'opensafImm=opensafImm,safApp=safImmService':
1) 0PBE reject delete of the object.
2) 0PBE reject creates using class 'OpensafImm'
(All modifications to current config attributes are allowed after #934)
(For 1PBE and 2PBE, the validation for this object is handled by the PBE-OI.
For the object 'safRdn=immManagement,safApp=safImmService':
3) Reject delete of the object.
4) Reject create using class 'SaImmMngt'
5) Validate modifications to attribute 'saImmRepositoryInit'
6) Reject use/modification of 'saImmOiTimeout'(not supported).
diff --git a/osaf/services/saf/immsv/immnd/ImmModel.cc b/osaf/services/saf/immsv/immnd/ImmModel.cc
--- a/osaf/services/saf/immsv/immnd/ImmModel.cc
+++ b/osaf/services/saf/immsv/immnd/ImmModel.cc
@@ -441,8 +441,10 @@ static const std::string immSyncBatchSiz
static const std::string immPbeBSlaveName(OPENSAF_IMM_2PBE_APPL_NAME);
static const std::string immLongDnsAllowed(OPENSAF_IMM_LONG_DNS_ALLOWED);
+static const std::string immMngtClass("SaImmMngt");
static const std::string immManagementDn("safRdn=immManagement,safApp=safImmService");
static const std::string saImmRepositoryInit("saImmRepositoryInit");
+static const std::string saImmOiTimeout("saImmOiTimeout");
static SaImmRepositoryInitModeT immInitMode = SA_IMM_INIT_FROM_FILE;
@@ -7126,19 +7128,45 @@ SaAisErrorT ImmModel::ccbObjectCreate(Im
object->mImplementer->mImplementerName.c_str());
ccb->mWaitStartTime = time(NULL);
osafassert(ccb->mWaitStartTime > ((time_t) 0));
+ } else if(className == immMngtClass) {
+ if(sImmNodeState == IMM_NODE_LOADING) {
+ if(objectName != immManagementDn) {
+ /* Backwards compatibility for loading. */
+ LOG_WA("Imm loading encountered bogus object '%s' of class '%s'",
+ objectName.c_str(), immMngtClass.c_str());
+ }
+ } else {
+ setCcbErrorString(ccb,
+ "ERR_BAD_OPERATION: Imm not allowing creates of instances of class '%s'",
+ immMngtClass.c_str());
+ err = SA_AIS_ERR_BAD_OPERATION;
+ }
+ } else if(className == immClassName) {
+ if(sImmNodeState == IMM_NODE_LOADING) {
+ if(objectName != immObjectDn) {
+ /* Backwards compatibility for loading. */
+ LOG_WA("Imm loading encountered bogus object '%s' of class '%s'",
+ objectName.c_str(), immClassName.c_str());
+ }
+ } else {
+ setCcbErrorString(ccb,
+ "ERR_BAD_OPERATION: Imm not allowing creates of instances of class '%s'",
+ immClassName.c_str());
+ err = SA_AIS_ERR_BAD_OPERATION;
+ }
} else if(ccb->mCcbFlags & SA_IMM_CCB_REGISTERED_OI) {
if((object->mImplementer == NULL) &&
(ccb->mCcbFlags & SA_IMM_CCB_ALLOW_NULL_OI)) {
TRACE_7("Null implementer, SA_IMM_CCB_REGISTERED_OI set, "
"but SA_IMM_CCB_ALLOW_NULL_OI set => safe relaxation");
} else {
- TRACE_7("ERR_NOT_EXIST: object '%s' does not have an "
+ TRACE_7("ERR_NOT_EXIST: class '%s' does not have an "
"implementer and flag SA_IMM_CCB_REGISTERED_OI is set",
- objectName.c_str());
+ className.c_str());
setCcbErrorString(ccb,
- "ERR_NOT_EXIST: object '%s' exist but "
- "no implementer (which is required)",
- objectName.c_str());
+ "ERR_NOT_EXIST: class '%s' does not have an "
+ "implementer and flag SA_IMM_CCB_REGISTERED_OI is set",
+ className.c_str());
err = SA_AIS_ERR_NOT_EXIST;
}
} else { /* SA_IMM_CCB_REGISTERED_OI NOT set */
@@ -7152,7 +7180,7 @@ SaAisErrorT ImmModel::ccbObjectCreate(Im
TRACE_7("Object '%s' has NULL implementer, flag SA_IMM_CCB_REGISTERED_OI "
"is NOT set - moderately safe.", objectName.c_str());
}
- }
+ }
}
bypass_impl:
@@ -7384,6 +7412,7 @@ ImmModel::ccbObjectModify(const ImmsvOmC
ObjectNameSet afimPreOpNDRefs; // Set of NO_DANGLING references from after image before CCB operation
bool hasNoDanglingRefs = false;
+ bool modifiedImmMngt = false; /* true => modification of the SAF immManagement object. */
if(! (nameCheck(objectName)||nameToInternal(objectName)) ) {
LOG_NO("ERR_INVALID_PARAM: Not a proper object name");
@@ -7445,6 +7474,8 @@ ImmModel::ccbObjectModify(const ImmsvOmC
}
object = oi->second;
+
+ modifiedImmMngt = (objectName == immManagementDn);
object->getAdminOwnerName(&objAdminOwnerName);
if(objAdminOwnerName != adminOwner->mAdminOwnerName)
@@ -7564,6 +7595,19 @@ ImmModel::ccbObjectModify(const ImmsvOmC
sz = strnlen((char *) p->attrValue.attrName.buf,
(size_t) p->attrValue.attrName.size);
std::string attrName((const char *) p->attrValue.attrName.buf, sz);
+ bool modifiedRim = modifiedImmMngt && (attrName == saImmRepositoryInit);
+ bool modifiedOiTimeout = modifiedImmMngt && (attrName == saImmOiTimeout);
+
+ if(modifiedOiTimeout) {
+ /* Currently the IMM does not support this attribute. */
+ TRACE_7("ERR_BAD_OPERATION: attr '%s' in IMM object %s is not supported",
+ attrName.c_str(), objectName.c_str());
+ setCcbErrorString(ccb,
+ "ERR_BAD_OPERATION: attr '%s' in IMM object %s is not supported",
+ attrName.c_str(), objectName.c_str());
+ err = SA_AIS_ERR_BAD_OPERATION;
+ break; //out of for-loop
+ }
i4 = classInfo->mAttrMap.find(attrName);
if(i4==classInfo->mAttrMap.end()) {
@@ -7709,7 +7753,22 @@ ImmModel::ccbObjectModify(const ImmsvOmC
multiattr->setExtraValue(tmpos);
}
-
+
+ if (modifiedRim) {
+ SaImmRepositoryInitModeT newRim = (SaImmRepositoryInitModeT) attrValue->getValue_int();
+ if((newRim != SA_IMM_INIT_FROM_FILE) && (newRim != SA_IMM_KEEP_REPOSITORY)) {
+ TRACE_7("ERR_INVALID_PARAM: attr '%s' in IMM object %s can not have value %u",
+ attrName.c_str(), objectName.c_str(), newRim);
+ setCcbErrorString(ccb,
+ "ERR_BAD_OPERATION: attr '%s' in IMM object %s can not have value %u",
+ attrName.c_str(), objectName.c_str(), newRim);
+ err = SA_AIS_ERR_BAD_OPERATION;
+ break;
+ }
+ }
+
+
+
if(p->attrValue.attrValuesNumber > 1) {
if(!(attr->mFlags & SA_IMM_ATTR_MULTI_VALUE)) {
LOG_NO("ERR_INVALID_PARAM: attr '%s' is not multivalued, yet "
@@ -7760,6 +7819,17 @@ ImmModel::ccbObjectModify(const ImmsvOmC
break;
}
+ if (modifiedRim) {
+ TRACE_7("ERR_BAD_OPERATION: attr '%s' in IMM object %s must not be empty",
+ attrName.c_str(), objectName.c_str());
+ setCcbErrorString(ccb,
+ "ERR_BAD_OPERATION: attr '%s' in IMM object %s must not be empty",
+ attrName.c_str(), objectName.c_str());
+ err = SA_AIS_ERR_BAD_OPERATION;
+ break;
+ }
+
+
if(!attrValue->empty()) {
eduAtValToOs(&tmpos, &(p->attrValue.attrValue),
(SaImmValueTypeT) p->attrValue.attrValueType);
@@ -7804,7 +7874,7 @@ ImmModel::ccbObjectModify(const ImmsvOmC
p->attrModType);
break;
}
-
+
if(err != SA_AIS_OK) {
break; //out of for-loop
}
@@ -8388,6 +8458,14 @@ ImmModel::deleteObject(ObjectMap::iterat
if(!doIt &&
!(oi->second->mImplementer && oi->second->mImplementer->mNodeId) && configObj) {
/* Implementer is not present. */
+ /* Prevent delete of imm service objects, even when there is no OI for them */
+ if(oi->first == immManagementDn || oi->first == immObjectDn) {
+ setCcbErrorString(ccb,
+ "ERR_BAD_OPERATION: Imm not allowing delete of object '%s'",
+ oi->first.c_str());
+ return SA_AIS_ERR_BAD_OPERATION;
+ }
+
if(ccb->mCcbFlags & SA_IMM_CCB_REGISTERED_OI){
if((oi->second->mImplementer == NULL) &&
(ccb->mCcbFlags & SA_IMM_CCB_ALLOW_NULL_OI)) {
|