Hi Zoran,
Reviewed and tested the patch.
Following are the comments:
" err = 1 " need to be set appropriately for the below functions , since
err will be returned as "rc" the audit is failing for simple imm.db
(basic imm.xml file)
rc |= pbeAuditAttributeFlags((sqlite3 *)db_handle);
rc |= pbeAuditObjectRdnFlag((sqlite3 *)db_handle);
rc |= pbeAuditObjectDn((sqlite3 *)db_handle);
rc |= pbeAuditClasses((sqlite3 *)db_handle);
/Neel.
On Thursday 16 July 2015 06:26 PM, Zoran Milinkovic wrote:
> osaf/libs/common/immsv/immpbe_dump.cc | 425
> +++++++++++++++++++++++++++++++++-
> 1 files changed, 421 insertions(+), 4 deletions(-)
>
>
> Add new checks for objects and classes for PBE audit.
>
> diff --git a/osaf/libs/common/immsv/immpbe_dump.cc
> b/osaf/libs/common/immsv/immpbe_dump.cc
> --- a/osaf/libs/common/immsv/immpbe_dump.cc
> +++ b/osaf/libs/common/immsv/immpbe_dump.cc
> @@ -3168,7 +3168,7 @@ static int pbeAuditNoDangling(sqlite3 *d
>
> step2:
> if(stmt) {
> - sqlite3_reset(stmt);
> + sqlite3_finalize(stmt);
> stmt = NULL;
> }
>
> @@ -3206,7 +3206,7 @@ step2:
> err = 1;
> }
>
> - sqlite3_reset(tblStmt);
> + sqlite3_finalize(tblStmt);
> }
>
> if(rc != SQLITE_DONE) {
> @@ -3217,14 +3217,431 @@ step2:
>
> end:
> if(stmt) {
> - sqlite3_reset(stmt);
> + sqlite3_finalize(stmt);
> }
>
> return err;
> }
>
> +static int pbeAuditAttributeFlags(sqlite3 *dbHandle) {
> + uint64_t allAttributes = SA_IMM_ATTR_MULTI_VALUE
> + | SA_IMM_ATTR_RDN
> + | SA_IMM_ATTR_CONFIG
> + | SA_IMM_ATTR_WRITABLE
> + | SA_IMM_ATTR_INITIALIZED
> + | SA_IMM_ATTR_RUNTIME
> + | SA_IMM_ATTR_PERSISTENT
> + | SA_IMM_ATTR_CACHED
> + | SA_IMM_ATTR_NO_DUPLICATES
> + | SA_IMM_ATTR_NOTIFY
> + | SA_IMM_ATTR_NO_DANGLING
> + | SA_IMM_ATTR_DN;
> + const char *sql = "select class_name, attr_name, attr_flags "
> + "from attr_def, classes "
> + "where ((attr_flags | %lu) & ~%lu) != 0 "
> + "and attr_def.class_id = classes.class_id";
> + char query[1024];
> + sqlite3_stmt *stmt = NULL;
> + int err = 0;
> + int rc;
> +
> + sprintf(query, sql, allAttributes, allAttributes);
> +
> + rc = sqlite3_prepare_v2(dbHandle, query, -1, &stmt, NULL);
> + if(rc != SQLITE_OK) {
> + LOG_ER("Failed to prepare SQL statement for(%d): %s", rc,
> query);
> + err = 1;
> + goto done;
> + }
> +
> + while((rc = sqlite3_step(stmt)) == SQLITE_ROW) {
> + LOG_ER("Invalid attribute value (%s) in attribute '%s' in class
> '%s'",
> + sqlite3_column_text(stmt, 2),
> + sqlite3_column_text(stmt, 1),
> + sqlite3_column_text(stmt, 0));
> + err = 1;
> + }
> +
> + if(rc != SQLITE_DONE) {
> + LOG_ER("SQL statement ('%s') failed with error code: %d\n",
> query, rc);
> + err = 1;
> + }
> +
> +done:
> + if(stmt) {
> + sqlite3_finalize(stmt);
> + }
> +
> + return err;
> +}
> +
> +static int pbeAuditObjectRdnFlag(sqlite3 *dbHandle) {
> + const char *sql = "select class_name, count(attr_name) "
> + "from classes cl "
> + "left outer join attr_def ad "
> + "on cl.class_id = ad.class_id "
> + "and (attr_flags & 2) > 0 "
> + "group by class_name "
> + "having count(attr_name) != 1";
> + sqlite3_stmt *stmt = NULL;
> + int err = 0;
> + int rc;
> +
> + rc = sqlite3_prepare_v2(dbHandle, sql, -1, &stmt, NULL);
> + if(rc != SQLITE_OK) {
> + LOG_ER("Failed to prepare SQL statement for(%d): %s", rc, sql);
> + err = 1;
> + goto done;
> + }
> +
> + while((rc = sqlite3_step(stmt)) == SQLITE_ROW) {
> + if(sqlite3_column_int(stmt, 1) == 0) {
> + LOG_ER("Class (%s) definition with no RDN attribute",
> + sqlite3_column_text(stmt, 0));
> + } else {
> + LOG_ER("Class (%s) definition with more RDN attributes",
> + sqlite3_column_text(stmt, 0));
> + }
> + err = 1;
> + }
> +
> + if(rc != SQLITE_DONE) {
> + LOG_ER("SQL statement ('%s') failed with error code: %d\n",
> sql, rc);
> + err = 1;
> + }
> +
> +done:
> + if(stmt) {
> + sqlite3_finalize(stmt);
> + }
> +
> + return err;
> +}
> +
> +static int pbeAuditObjectDn(sqlite3 *dbHandle) {
> + const char *sql = "select obj.obj_id, obj.dn, cl.class_name,
> ad.attr_name "
> + "from objects obj "
> + "inner join classes cl "
> + "on cl.class_id = obj.class_id "
> + "inner join attr_def ad "
> + "on ad.class_id = obj.class_id "
> + "and (ad.attr_flags & 2) = 2";
> + sqlite3_stmt *stmt = NULL;
> + sqlite3_stmt *stmt2 = NULL;
> + int err = 0;
> + int rc;
> + char *dn;
> + char *rdn;
> + char *parent;
> + char *t;
> + std::string query;
> +
> + rc = sqlite3_prepare_v2(dbHandle, sql, -1, &stmt, NULL);
> + if(rc != SQLITE_OK) {
> + LOG_ER("Failed to prepare SQL statement for(%d): %s", rc, sql);
> + err = 1;
> + goto done;
> + }
> +
> + while((rc = sqlite3_step(stmt)) == SQLITE_ROW) {
> + parent = NULL;
> +
> + // Split DN to RDN and parent
> + dn = (char *)sqlite3_column_text(stmt, 1);
> + t = dn;
> + while(*t) {
> + if(t == dn && *t == ',') {
> + LOG_ER("Invalid DN: '%s'", dn);
> + dn = NULL;
> + err =1;
> + break;
> + }
> + if(*t == ',' && *(t - 1) != '\\') {
> + t++;
> + if(*t) {
> + parent = t;
> + }
> + break;
> + }
> + t++;
> + }
> +
> + if(!dn) {
> + continue;
> + }
> +
> + // Check that RDN attribute has the right RDN from DN
> + query.clear();
> + query.append("select ").append((char
> *)sqlite3_column_text(stmt, 3))
> + .append(" from ").append((char
> *)sqlite3_column_text(stmt, 2))
> + .append(" where obj_id = ").append((char
> *)sqlite3_column_text(stmt, 0));
> +
> + stmt2 = NULL;
> + rc = sqlite3_prepare_v2(dbHandle, query.c_str(), -1, &stmt2,
> NULL);
> + if(rc == SQLITE_OK) {
> + if((rc = sqlite3_step(stmt2)) == SQLITE_ROW) {
> + rdn = (char *)sqlite3_column_text(stmt2, 0);
> + if(strstr(dn, rdn) != dn || (parent && *(dn +
> strlen(rdn)) != ',')) {
> + LOG_ER("Object RDN ('%s') does not
> match RDN in object DN ('%s')",
> + rdn, dn);
> + err = 1;
> + }
> + } else {
> + LOG_ER("Failed to get results from '%s'",
> query.c_str());
> + err = 1;
> + }
> + } else {
> + LOG_ER("Failed to prepare SQL statement for(%d): %s",
> rc, sql);
> + err = 1;
> + }
> +
> + if(stmt2) {
> + sqlite3_finalize(stmt2);
> + }
> +
> + // Check if parent of selected object exists
> + if(parent) {
> + query.clear();
> + query.append("select 1 from objects where dn =
> '").append(parent).append("'");
> +
> + stmt2 = NULL;
> + rc = sqlite3_prepare_v2(dbHandle, query.c_str(), -1,
> &stmt2, NULL);
> + if(rc == SQLITE_OK) {
> + if(sqlite3_step(stmt) != SQLITE_ROW) {
> + LOG_ER("Parent is missing for object
> '%s'", dn);
> + err = 1;
> + }
> + } else {
> + LOG_ER("Failed to prepare SQL statement
> for(%d): %s", rc, sql);
> + err = 1;
> + }
> +
> + if(stmt2) {
> + sqlite3_finalize(stmt2);
> + }
> + }
> + }
> +
> + if(rc != SQLITE_DONE) {
> + LOG_ER("SQL statement ('%s') failed with error code: %d\n",
> sql, rc);
> + err = 1;
> + }
> +
> +done:
> + if(stmt) {
> + sqlite3_finalize(stmt);
> + }
> +
> + return err;
> +}
> +
> +static int pbeAuditClasses(sqlite3 *dbHandle) {
> + const char *sql = "select class_id, class_category, class_name from
> classes;";
> + sqlite3_stmt *stmt = NULL;
> + sqlite3_stmt *stmt2;
> + int err = 0;
> + int rc;
> + int attr_type;
> + sqlite3_int64 attr_flags;
> + std::string query;
> +
> + rc = sqlite3_prepare_v2(dbHandle, sql, -1, &stmt, NULL);
> + if(rc != SQLITE_OK) {
> + LOG_ER("Failed to prepare SQL statement for(%d): %s", rc, sql);
> + err = 1;
> + goto done;
> + }
> +
> + while((rc = sqlite3_step(stmt)) == SQLITE_ROW) {
> + // Config class
> + if(sqlite3_column_int(stmt, 1) == 1) {
> + // Check that table exists for config class
> + query.clear();
> + query.append("select 1 from sqlite_master where type =
> 'table' and tbl_name = '")
> + .append((char
> *)sqlite3_column_text(stmt, 2))
> + .append("'");
> +
> + rc = sqlite3_prepare_v2(dbHandle, query.c_str(), -1,
> &stmt2, NULL);
> + if(rc != SQLITE_OK) {
> + LOG_ER("Failed to prepare SQL statement
> for(%d): %s", rc, query.c_str());
> + err = 1;
> + continue;
> + }
> +
> + if(sqlite3_step(stmt2) != SQLITE_ROW) {
> + sqlite3_finalize(stmt2);
> + LOG_ER("Config class '%s' does not have
> corresponding table in PBE",
> + (char
> *)sqlite3_column_text(stmt, 2));
> + err = 1;
> + continue;
> + }
> +
> + sqlite3_finalize(stmt2);
> +
> + // Check that RDN attribute is config attribute
> + query.clear();
> + query.append("select attr_type, attr_flags, attr_name
> from attr_def where class_id = ")
> + .append((char
> *)sqlite3_column_text(stmt, 0))
> + .append(" and (attr_flags & 2) = 2");
> +
> + rc = sqlite3_prepare_v2(dbHandle, query.c_str(), -1,
> &stmt2, NULL);
> + if(rc != SQLITE_OK) {
> + LOG_ER("Failed to prepare SQL statement
> for(%d): %s", rc, query.c_str());
> + err = 1;
> + continue;
> + }
> +
> + if(sqlite3_step(stmt2) != SQLITE_ROW) {
> + sqlite3_finalize(stmt2);
> + LOG_ER("Class '%s' does not have RDN attribute",
> + (char
> *)sqlite3_column_text(stmt, 2));
> + err = 1;
> + continue;
> + }
> +
> + attr_type = sqlite3_column_int(stmt2, 0);
> + if(attr_type != SA_IMM_ATTR_SANAMET && attr_type !=
> SA_IMM_ATTR_SASTRINGT) {
> + sqlite3_finalize(stmt2);
> + LOG_ER("RDN attribute '%s' of class '%s' is not
> type of SaNameT or SaStringT",
> + (char
> *)sqlite3_column_text(stmt2, 2),
> + (char
> *)sqlite3_column_text(stmt, 2));
> + err = 1;
> + continue;
> + }
> +
> + attr_flags = sqlite3_column_int64(stmt2, 1);
> + if((attr_flags & SA_IMM_ATTR_CONFIG) !=
> SA_IMM_ATTR_CONFIG) {
> + sqlite3_finalize(stmt2);
> + LOG_ER("RDN attribute '%s' of class '%s' is not
> a config attribute. Flags: %lld",
> + (char
> *)sqlite3_column_text(stmt2, 2),
> + (char
> *)sqlite3_column_text(stmt, 2),
> + attr_flags);
> + err = 1;
> + continue;
> + }
> +
> + if((attr_flags & SA_IMM_ATTR_INITIALIZED) !=
> SA_IMM_ATTR_INITIALIZED) {
> + sqlite3_finalize(stmt2);
> + LOG_ER("RDN attribute '%s' of class '%s' does
> not have SA_IMM_ATTR_INITIALIZED flag. Flags: %lld",
> + (char
> *)sqlite3_column_text(stmt2, 2),
> + (char
> *)sqlite3_column_text(stmt, 2),
> + attr_flags);
> + err = 1;
> + continue;
> + }
> +
> + sqlite3_finalize(stmt2);
> + } else if(sqlite3_column_int(stmt, 1) == 2) {
> + // Runtime object
> + query.clear();
> + query.append("select attr_type, attr_flags, attr_name
> from attr_def where class_id = ")
> + .append((char
> *)sqlite3_column_text(stmt, 0));
> +
> + rc = sqlite3_prepare_v2(dbHandle, query.c_str(), -1,
> &stmt2, NULL);
> + if(rc != SQLITE_OK) {
> + LOG_ER("Failed to prepare SQL statement
> for(%d): %s", rc, query.c_str());
> + err = 1;
> + continue;
> + }
> +
> + bool isPersistent = false;
> + bool rdnExist = false;
> + while((rc = sqlite3_step(stmt2)) == SQLITE_ROW) {
> + attr_flags = sqlite3_column_int64(stmt2, 1);
> + // Check if the attribute has RDN flag
> + if((attr_flags & SA_IMM_ATTR_RDN) ==
> SA_IMM_ATTR_RDN) {
> + if(rdnExist) {
> + LOG_ER("Multiple definition for
> RDN attribute in class '%s' for attribute '%s'",
> + (char
> *)sqlite3_column_text(stmt, 2),
> + (char
> *)sqlite3_column_text(stmt2, 2));
> + err = 1;
> + }
> + rdnExist = true;
> + }
> + if((attr_flags & SA_IMM_ATTR_CONFIG) ==
> SA_IMM_ATTR_CONFIG) {
> + LOG_ER("In runtime class '%s' attribute
> '%s' is a config attribute",
> + (char
> *)sqlite3_column_text(stmt, 2),
> + (char
> *)sqlite3_column_text(stmt2, 2));
> + err = 1;
> + }
> + if((attr_flags & SA_IMM_ATTR_RUNTIME) !=
> SA_IMM_ATTR_RUNTIME) {
> + LOG_ER("In class '%s' attribute '%s' is
> not a runtime attribute",
> + (char
> *)sqlite3_column_text(stmt, 2),
> + (char
> *)sqlite3_column_text(stmt2, 2));
> + err = 1;
> + }
> + if((attr_flags & SA_IMM_ATTR_PERSISTENT) ==
> SA_IMM_ATTR_PERSISTENT) {
> + isPersistent = true;
> + }
> + }
> +
> + if(!rdnExist) {
> + LOG_ER("RDN attribute is missing in class '%s'",
> + (char
> *)sqlite3_column_text(stmt, 2));
> + err = 1;
> + }
> +
> + sqlite3_finalize(stmt2);
> +
> + query.clear();
> + query.append("select 1 from sqlite_master where type =
> 'table' and tbl_name = '")
> + .append((char
> *)sqlite3_column_text(stmt, 2))
> + .append("'");
> +
> + rc = sqlite3_prepare_v2(dbHandle, query.c_str(), -1,
> &stmt2, NULL);
> + if(rc != SQLITE_OK) {
> + LOG_ER("Failed to prepare SQL statement
> for(%d): %s", rc, query.c_str());
> + err = 1;
> + continue;
> + }
> +
> + rc = sqlite3_step(stmt2);
> + if(rc == SQLITE_ROW && !isPersistent) {
> + LOG_ER("Table of non-perisistent runtime class
> '%s' exists in PBE",
> + (char
> *)sqlite3_column_text(stmt, 2));
> + err = 1;
> + } else if(rc == SQLITE_DONE && isPersistent) {
> + LOG_ER("Missing table in PBE for persistent
> runtime class '%s'",
> + (char
> *)sqlite3_column_text(stmt, 2));
> + err = 1;
> + } else if(rc != SQLITE_ROW && rc != SQLITE_DONE) {
> + LOG_ER("SQL statement ('%s') failed with error
> code: %d\n", query.c_str(), rc);
> + err = 1;
> + }
> +
> + sqlite3_finalize(stmt2);
> + } else {
> + LOG_ER("Unknown class category (%d) for class '%s'",
> + sqlite3_column_int(stmt, 1),
> + (char *)sqlite3_column_text(stmt, 2));
> + err = 1;
> + }
> + err = 1;
> + }
> +
> + if(rc != SQLITE_DONE) {
> + LOG_ER("SQL statement ('%s') failed with error code: %d\n",
> sql, rc);
> + err = 1;
> + }
> +
> +done:
> + if(stmt) {
> + sqlite3_finalize(stmt);
> + }
> +
> + return err;
> +}
> +
> int pbeAudit(void *db_handle) {
> - return pbeAuditNoDangling((sqlite3 *)db_handle);
> + int rc;
> +
> + rc = pbeAuditNoDangling((sqlite3 *)db_handle);
> + rc |= pbeAuditAttributeFlags((sqlite3 *)db_handle);
> + rc |= pbeAuditObjectRdnFlag((sqlite3 *)db_handle);
> + rc |= pbeAuditObjectDn((sqlite3 *)db_handle);
> + rc |= pbeAuditClasses((sqlite3 *)db_handle);
> +
> + return rc;
> }
>
> int pbeAuditFile(const char *filename) {
------------------------------------------------------------------------------
_______________________________________________
Opensaf-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/opensaf-devel
