#1009 IMM: Validation done for 'longDnsAllowed' needs to be improved.

[Anders Bjornerstedt]

Validation for the attribute 'londDnsAllowed' in the class 'openSafImm'
for the single object 'opensafImm=opensafImm,safApp=safImmService' needs to be
improved. Curently a local validation is made as part of ccbObjectModify
that checks that if longDnsAllowed is changed to '0' meaning no long DNs
are allowed, that no object exists with a long DN.

But this misses attributes of type SaNameT that contain a dangling reference,
i.e. a DN that currently matches no object in the database. The value may then
be a long DN without any such object existing. Such attributes can
be fetched by users and if longDnsAllowed is false, then the user should never
be exposed to a long DN from IMM.

Classic validation against longDnsAllowed as part of apply/completed is
actually not needed. This because it is covered by the 'ccbIdLongDnGuard'.
This is a static boolean set to true as soon as a ccb adds a modify
operation that proposes to set the config attribute 'longDnsAllowed' to true
(non-zero). A global check is made there and then that no long Dns exists
in the IMM. After this and untill this ccb commits or aborts, the
ccbIdLongDnGuard will stop any ccb from adding long Dns already in the
operation phase (crreate or modify).

[Hans Feldt]

please also reject all changes to the IMM service object by non root users

[Anders Bjornerstedt]

https://sourceforge.net/p/opensaf/mailman/message/32799986/

[Anders Bjornerstedt]

changeset: 5753:a070c5206574
tag: tip
user: Anders Bjornerstedt anders.bjornerstedt@ericsson.com
date: Fri Sep 05 16:18:42 2014 +0200
summary: #1009 IMM: Only allow root users to modify imm service objects.

changeset: 5752:9a34520be67f
parent: 5749:4e114380bc34
user: Anders Bjornerstedt anders.bjornerstedt@ericsson.com
date: Tue Sep 09 12:11:21 2014 +0200
summary: #1009 IMM: Add checks of all reference attributes when zeroing longDnsAllowed

changeset: 5751:e76a6a91e564
branch: opensaf-4.5.x
user: Anders Bjornerstedt anders.bjornerstedt@ericsson.com
date: Fri Sep 05 16:18:42 2014 +0200
summary: #1009 IMM: Only allow root users to modify imm service objects.

changeset: 5750:275423dcea16
branch: opensaf-4.5.x
parent: 5748:34dd92423752
user: Anders Bjornerstedt anders.bjornerstedt@ericsson.com
date: Tue Sep 09 12:11:21 2014 +0200
summary: #1009 IMM: Add checks of all reference attributes when zeroing longDnsAllowed

[Anders Bjornerstedt]

When transitioning 'longDnsAllowed' from 1 to 0, there also needs to be a check on RDN length never exceeding 64 bytes.

[Anders Bjornerstedt]

https://sourceforge.net/p/opensaf/mailman/message/32905179/

[Anders Bjornerstedt]

changeset: 6020:f4d653dcd2cb
tag: tip
parent: 6018:1b4c8e3fee0f
user: Anders Bjornerstedt anders.bjornerstedt@ericsson.com
date: Tue Oct 07 13:53:42 2014 +0200
summary: IMM: Validating longDnsAllowed=0 checks normal RDNs are at most 64 bytes [#1009]

changeset: 6019:3d0fc4b03f9e
branch: opensaf-4.5.x
parent: 6012:c315f4b53f92
user: Anders Bjornerstedt anders.bjornerstedt@ericsson.com
date: Tue Oct 07 13:53:42 2014 +0200
summary: IMM: Validating longDnsAllowed=0 checks normal RDNs are at most 64 bytes [#1009]