[devel] [PATCH 1 of 1] imm: Provide validation for config changes on imm service objects [#951]

Wed, 09 Jul 2014 02:49:35 -0700 

 osaf/services/saf/immsv/immnd/ImmModel.cc |  94 ++++++++++++++++++++++++++++--
 1 files changed, 86 insertions(+), 8 deletions(-)


The six validation cases described in the ticket are implemented by this
changeset:

For the object 'opensafImm=opensafImm,safApp=safImmService':

1) 0PBE reject delete of the object.
2) 0PBE reject creates using class 'OpensafImm'
(All modifications to current config attributes are allowed after #934)
(For 1PBE and 2PBE, the validation for this object is handled by the PBE-OI.


For the object 'safRdn=immManagement,safApp=safImmService':

3) Reject delete of the object.
4) Reject create using class 'SaImmMngt'
5) Validate modifications to attribute 'saImmRepositoryInit'
6) Reject use/modification of 'saImmOiTimeout'(not supported).

diff --git a/osaf/services/saf/immsv/immnd/ImmModel.cc 
b/osaf/services/saf/immsv/immnd/ImmModel.cc
--- a/osaf/services/saf/immsv/immnd/ImmModel.cc
+++ b/osaf/services/saf/immsv/immnd/ImmModel.cc
@@ -441,8 +441,10 @@ static const std::string immSyncBatchSiz
 static const std::string immPbeBSlaveName(OPENSAF_IMM_2PBE_APPL_NAME);
 static const std::string immLongDnsAllowed(OPENSAF_IMM_LONG_DNS_ALLOWED);
 
+static const std::string immMngtClass("SaImmMngt");
 static const std::string 
immManagementDn("safRdn=immManagement,safApp=safImmService");
 static const std::string saImmRepositoryInit("saImmRepositoryInit");
+static const std::string saImmOiTimeout("saImmOiTimeout");
 
 static SaImmRepositoryInitModeT immInitMode = SA_IMM_INIT_FROM_FILE;
 
@@ -7126,19 +7128,45 @@ SaAisErrorT ImmModel::ccbObjectCreate(Im
                     object->mImplementer->mImplementerName.c_str());
                 ccb->mWaitStartTime = time(NULL);
                 osafassert(ccb->mWaitStartTime > ((time_t) 0));
+            } else if(className == immMngtClass) {
+                if(sImmNodeState == IMM_NODE_LOADING) {
+                    if(objectName != immManagementDn) {
+                        /* Backwards compatibility for loading. */
+                        LOG_WA("Imm loading encountered bogus object '%s' of 
class '%s'",
+                            objectName.c_str(), immMngtClass.c_str());
+                    }
+                } else {
+                    setCcbErrorString(ccb,
+                        "ERR_BAD_OPERATION: Imm not allowing creates of 
instances of class '%s'",
+                        immMngtClass.c_str());
+                    err = SA_AIS_ERR_BAD_OPERATION;
+                }
+            } else if(className == immClassName) {
+                if(sImmNodeState == IMM_NODE_LOADING) {
+                    if(objectName != immObjectDn) {
+                        /* Backwards compatibility for loading. */
+                        LOG_WA("Imm loading encountered bogus object '%s' of 
class '%s'",
+                            objectName.c_str(), immClassName.c_str());
+                    }
+                } else {
+                    setCcbErrorString(ccb,
+                        "ERR_BAD_OPERATION: Imm not allowing creates of 
instances of class '%s'",
+                        immClassName.c_str());
+                    err = SA_AIS_ERR_BAD_OPERATION;
+                }
             } else if(ccb->mCcbFlags & SA_IMM_CCB_REGISTERED_OI) {
                 if((object->mImplementer == NULL) && 
                    (ccb->mCcbFlags & SA_IMM_CCB_ALLOW_NULL_OI)) {
                     TRACE_7("Null implementer, SA_IMM_CCB_REGISTERED_OI set, "
                         "but SA_IMM_CCB_ALLOW_NULL_OI set => safe relaxation");
                 } else {
-                    TRACE_7("ERR_NOT_EXIST: object '%s' does not have an "
+                    TRACE_7("ERR_NOT_EXIST: class '%s' does not have an "
                         "implementer and flag SA_IMM_CCB_REGISTERED_OI is 
set", 
-                        objectName.c_str());
+                        className.c_str());
                     setCcbErrorString(ccb,
-                            "ERR_NOT_EXIST: object '%s' exist but "
-                            "no implementer (which is required)",
-                            objectName.c_str());
+                            "ERR_NOT_EXIST: class '%s' does not have an "
+                            "implementer and flag SA_IMM_CCB_REGISTERED_OI is 
set",
+                            className.c_str());
                     err = SA_AIS_ERR_NOT_EXIST;
                 }
             } else { /* SA_IMM_CCB_REGISTERED_OI NOT set */
@@ -7152,7 +7180,7 @@ SaAisErrorT ImmModel::ccbObjectCreate(Im
                     TRACE_7("Object '%s' has NULL implementer, flag 
SA_IMM_CCB_REGISTERED_OI "
                         "is NOT set - moderately safe.", objectName.c_str());
                 }
-            } 
+            }
         }
 
     bypass_impl:
@@ -7384,6 +7412,7 @@ ImmModel::ccbObjectModify(const ImmsvOmC
 
     ObjectNameSet afimPreOpNDRefs;  // Set of NO_DANGLING references from 
after image before CCB operation
     bool hasNoDanglingRefs = false;
+    bool modifiedImmMngt = false;  /* true => modification of the SAF 
immManagement object. */
     
     if(! (nameCheck(objectName)||nameToInternal(objectName)) ) {
         LOG_NO("ERR_INVALID_PARAM: Not a proper object name");
@@ -7445,6 +7474,8 @@ ImmModel::ccbObjectModify(const ImmsvOmC
     }
     
     object = oi->second;
+
+    modifiedImmMngt = (objectName == immManagementDn);
     
     object->getAdminOwnerName(&objAdminOwnerName);
     if(objAdminOwnerName != adminOwner->mAdminOwnerName)
@@ -7564,6 +7595,19 @@ ImmModel::ccbObjectModify(const ImmsvOmC
         sz = strnlen((char *) p->attrValue.attrName.buf,
             (size_t) p->attrValue.attrName.size);
         std::string attrName((const char *) p->attrValue.attrName.buf, sz);
+        bool modifiedRim = modifiedImmMngt && (attrName == 
saImmRepositoryInit);
+        bool modifiedOiTimeout = modifiedImmMngt && (attrName == 
saImmOiTimeout);
+
+        if(modifiedOiTimeout) {
+            /* Currently the IMM does not support this attribute. */
+            TRACE_7("ERR_BAD_OPERATION: attr '%s' in IMM object %s is not 
supported",
+                attrName.c_str(), objectName.c_str());
+            setCcbErrorString(ccb,
+                "ERR_BAD_OPERATION: attr '%s' in IMM object %s is not 
supported",
+                attrName.c_str(), objectName.c_str());
+            err = SA_AIS_ERR_BAD_OPERATION;
+            break; //out of for-loop
+        }
         
         i4 = classInfo->mAttrMap.find(attrName);
         if(i4==classInfo->mAttrMap.end()) {
@@ -7709,7 +7753,22 @@ ImmModel::ccbObjectModify(const ImmsvOmC
 
                     multiattr->setExtraValue(tmpos);
                 }
-                
+
+                if (modifiedRim) {
+                    SaImmRepositoryInitModeT newRim = 
(SaImmRepositoryInitModeT) attrValue->getValue_int();
+                    if((newRim != SA_IMM_INIT_FROM_FILE) && (newRim != 
SA_IMM_KEEP_REPOSITORY)) {
+                        TRACE_7("ERR_INVALID_PARAM: attr '%s' in IMM object %s 
can not have value %u",
+                            attrName.c_str(), objectName.c_str(), newRim);
+                        setCcbErrorString(ccb,
+                            "ERR_BAD_OPERATION: attr '%s' in IMM object %s can 
not have value %u",
+                            attrName.c_str(), objectName.c_str(), newRim);
+                        err = SA_AIS_ERR_BAD_OPERATION;
+                        break;
+                   }
+                }
+
+
+
                 if(p->attrValue.attrValuesNumber > 1) {
                     if(!(attr->mFlags & SA_IMM_ATTR_MULTI_VALUE)) {
                         LOG_NO("ERR_INVALID_PARAM: attr '%s' is not 
multivalued, yet "
@@ -7760,6 +7819,17 @@ ImmModel::ccbObjectModify(const ImmsvOmC
                     break;
                 }
                 
+                if (modifiedRim) {
+                    TRACE_7("ERR_BAD_OPERATION: attr '%s' in IMM object %s 
must not be empty",
+                        attrName.c_str(), objectName.c_str());
+                    setCcbErrorString(ccb,
+                        "ERR_BAD_OPERATION: attr '%s' in IMM object %s must 
not be empty",
+                        attrName.c_str(), objectName.c_str());
+                    err = SA_AIS_ERR_BAD_OPERATION;
+                    break;
+                }
+
+
                 if(!attrValue->empty()) {
                     eduAtValToOs(&tmpos, &(p->attrValue.attrValue),
                         (SaImmValueTypeT) p->attrValue.attrValueType);
@@ -7804,7 +7874,7 @@ ImmModel::ccbObjectModify(const ImmsvOmC
                     p->attrModType);
                 break;
         }
-        
+
         if(err != SA_AIS_OK) {
             break; //out of for-loop
         }
@@ -8388,6 +8458,14 @@ ImmModel::deleteObject(ObjectMap::iterat
     if(!doIt &&
         !(oi->second->mImplementer && oi->second->mImplementer->mNodeId) && 
configObj) {
         /* Implementer is not present. */
+        /* Prevent delete of imm service objects, even when there is no OI for 
them */
+        if(oi->first == immManagementDn || oi->first == immObjectDn) {
+            setCcbErrorString(ccb,
+                "ERR_BAD_OPERATION: Imm not allowing delete of object '%s'",
+                oi->first.c_str());
+            return SA_AIS_ERR_BAD_OPERATION;
+        }
+
         if(ccb->mCcbFlags & SA_IMM_CCB_REGISTERED_OI){
             if((oi->second->mImplementer == NULL) &&
                (ccb->mCcbFlags & SA_IMM_CCB_ALLOW_NULL_OI)) {

------------------------------------------------------------------------------
Open source business process management suite built on Java and Eclipse
Turn processes into business applications with Bonita BPM Community Edition
Quickly connect people, data, and systems into organized workflows
Winner of BOSSIE, CODIE, OW2 and Gartner awards
http://p.sf.net/sfu/Bonitasoft
_______________________________________________
Opensaf-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/opensaf-devel

Reply via email to