[devel] [PATCH 0 of 2] Review Request for IMM: Validation for longDnsAllowed & access control for imm service objects [#1009]

[Anders B. <and...@er...>]

Summary: IMM: Validation for longDnsAllowed & access control for imm service objects [#1009]
Review request for Trac Ticket(s): 1009
Peer Reviewer(s): Neel, Zoran, HansF (access control patch)
Pull request to: 
Affected branch(es): 4.5; default(4.6
Development branch: 

--------------------------------
Impacted area       Impact y/n
--------------------------------
 Docs                    n
 Build system            n
 RPM/packaging           n
 Configuration files     n
 Startup scripts         n
 SAF services            n
 OpenSAF services        y
 Core libraries          n
 Samples                 n
 Tests                   n
 Other                   n


Comments (indicate scope for each "y" above):
---------------------------------------------

changeset ea38da749f5ac89f16349fb133a4786303f849a1
Author:	Anders Bjornerstedt <and...@er...>
Date:	Fri, 05 Sep 2014 15:33:00 +0200

	#1009 IMM: Add checks of all reference attributes when zeroing
	longDnsAllowed

	When the attribute 'longDnsAllowed' is changed form non-zero to zero, this
	implies that the imm is transitoning from allowing long DNs to not allowing
	long DNs. Such a configuration change must be validated that the imm-db
	currently has no long DNs. Only if such a check passes will the CCB modify
	operation assigning zero to 'longDnsAllowed' be allowed.

	The validation is done locally in the modify operation. This is sufficent
	because the IMM service itself is the "OI" for the object:

	 opensafImm=opensafImm,safApp=safImmService

	The imm service will bar any other CCB from modifying that object untill a
	current ccb that is modifying it has either comitted or aborted.

	Prior to this patch, the only check done was that no object *exists*
	currently with a long DN.

	This patch adds a check also for reference attributes. Specifically the
	attributes checked are the ones that:

	 a) Are defined on the type SA_IMM_ATTR_SANAMET. Because currently
	references are only recognized as references when they have this
	attribute type.

	 b) Do not have the attribute flag SA_IMM_ATTR_NO_DANGLING set. Because
	if that flag is set the reference can only point to an existing object,
	thus covered by the pre-existing check.

	 c) Do not have the attribute flag SA_IMM_ATTR_RDN set. Because the RDN
	attribute is simply a copy of the RDN part of the objects DN, thus
	coverd by the pre-existing check.

changeset bc501c05515dd033a1135bb6daecffea98971b39
Author:	Anders Bjornerstedt <and...@er...>
Date:	Fri, 05 Sep 2014 16:18:42 +0200

	#1009 IMM: Only allow root users to modify imm service objects.

	Access controll for the imm service has been generalized to cover any
	modifications of the two imm service objects:

	 opensafImm=opensafImm,safApp=safImmService
	safRdn=immManagement,safApp=safImmService

	Only root users are allowed to modify these objects.


Complete diffstat:
------------------
 osaf/services/saf/immsv/immnd/ImmModel.cc |  67 ++++++++++++++++++++++++++++++++++++++++++++++++-------------------
 osaf/services/saf/immsv/immnd/immnd_evt.c |  40 +++++++++++++++++++++-------------------
 2 files changed, 69 insertions(+), 38 deletions(-)


Testing Commands:
-----------------


Testing, Expected Results:
--------------------------


Conditions of Submission:
-------------------------
Ack from Neel



Arch      Built     Started    Linux distro
-------------------------------------------
mips        n          n
mips64      n          n
x86         n          n
x86_64      n          n
powerpc     n          n
powerpc64   n          n


Reviewer Checklist:
-------------------
[Submitters: make sure that your review doesn't trigger any checkmarks!]


Your checkin has not passed review because (see checked entries):

___ Your RR template is generally incomplete; it has too many blank entries
    that need proper data filled in.

___ You have failed to nominate the proper persons for review and push.

___ Your patches do not have proper short+long header

___ You have grammar/spelling in your header that is unacceptable.

___ You have exceeded a sensible line length in your headers/comments/text.

___ You have failed to put in a proper Trac Ticket # into your commits.

___ You have incorrectly put/left internal data in your comments/files
    (i.e. internal bug tracking tool IDs, product names etc)

___ You have not given any evidence of testing beyond basic build tests.
    Demonstrate some level of runtime or other sanity testing.

___ You have ^M present in some of your files. These have to be removed.

___ You have needlessly changed whitespace or added whitespace crimes
    like trailing spaces, or spaces before tabs.

___ You have mixed real technical changes with whitespace and other
    cosmetic code cleanup changes. These have to be separate commits.

___ You need to refactor your submission into logical chunks; there is
    too much content into a single commit.

___ You have extraneous garbage in your review (merge commits etc)

___ You have giant attachments which should never have been sent;
    Instead you should place your content in a public tree to be pulled.

___ You have too many commits attached to an e-mail; resend as threaded
    commits, or place in a public tree for a pull.

___ You have resent this content multiple times without a clear indication
    of what has changed between each re-send.

___ You have failed to adequately and individually address all of the
    comments and change requests that were proposed in the initial review.

___ You have a misconfigured ~/.hgrc file (i.e. username, email etc)

___ Your computer have a badly configured date and time; confusing the
    the threaded patch review.

___ Your changes affect IPC mechanism, and you don't present any results
    for in-service upgradability test.

___ Your changes affect user manual and documentation, your patch series
    do not contain the patch that updates the Doxygen manual.