Hi Minh, Please see comments inline with [Praveen]. Thanks, Praveen
On 24-Sep-14 9:24 AM, Minh Hon Chau wrote: > The following NTF APIs need to add the protection for unadapted > producer/consumer against the notification containing any extended > SaNameT, which hereby is known as long DN notification: > 1 - saNtfNotificationSend returns SA_AIS_ERR_INVALID_PARAM if one of the > following statements is true: > . Notification header contains notificationObject or notifyingObject as > long DN, or any extended SaNameT exists in additionalInfo > . As alarm notification, any field of > specificProblems/thresholdInformation/proposedRepairActions/monitoredAttributes > contains extended SaNameT > . As security alarm notification, any field of > serviceUser/serviceProvider contains extended SaNameT > Execeptionally, the changedAttributes of AttributeChange notification > and the objectAttributes of ObjectCreateDelete notification, have > currently treated the value type SA_NTF_VALUE_LDAP_NAME as > SA_NTF_VALUE_STRING, so that there’s no need to add the protection for > unadapted producer against changeAttributes and objectAttributes. > [Praveen]For using long Dns in the notification, a notification producer (sender) will either set "SA_ENABLE_EXTENDED_NAMES" for using long Dns or compile application with "-DSA_EXTENDED_NAME_SOURCE". If an application is unadapted to long Dns it means it is neither compiled with the flag not it setting the "SA_ENABLE_EXTENDED_NAMES" and hence it is sending the shot Dn only. The how such an application can fill long DN as it cannot use Lend() and Borrow() APIs. > 2 - saNtfNotificationReadInitialize returns SA_AIS_ERR_INVALID_PARAM if > the reader specifies the filter header containing any long DN object in > notificationObjects or notifyingObjects. > [Praveen] same as above. > 3 - saNtfNotificationReadNext skips any notification containing > notificationObject/notifyingObject as long DN, and continue reading next > until finding the notification without long DN > notificationObject/notifyingObject then returns SA_AIS_OK, or no more > notification satisfying the criteria then returns SA_AIS_ERR_NOT_EXIST. > > 4 - saNtfNotificationSubscribe returns SA_AIS_ERR_INVALID_PARAM if the > subscriber specifies the filter header containing any long DN object in > notificationObjects or notifyingObjects. > [Praveen] same as above. > 5 - Any Notification callback containing > notificationObject/notifyingObject as long DN is dropped at Agent and > SA_AIS_NAME_TOO_LONG error code is returned to subscriber. > > 6 - saNtfPtrValGet returns SA_AIS_ERR_NAME_TOO_LONG if any extended > SaNameT presents in additionalInfo, specificProblems, > thresholdInformation, proposedRepairActions, monitoredAttributes, > serviceUser and serviceProvider. > > ------------------------------------------------------------------------ > > *[tickets:#1114] <http://sourceforge.net/p/opensaf/tickets/1114> NTF: > Unadapted LongDns consumer crashes due to read/subsribe long dn > notification* > > *Status:* accepted > *Milestone:* 4.5.0 > *Created:* Fri Sep 19, 2014 05:15 AM UTC by Minh Hon Chau > *Last Updated:* Tue Sep 23, 2014 11:18 AM UTC > *Owner:* Minh Hon Chau > > In a long dn upgraded system, currently if an unadapted producer by > somehow receives the long dn objects then sends out within a > notification, the producer is not able to send this notification and > receives the IN_VALID_PARAM return code. > > Similarly, the unadapted consumer should fail to read/subscribe for a > long dn notification, rather than crash > > ------------------------------------------------------------------------ > > Sent from sourceforge.net because [email protected] > is subscribed to https://sourceforge.net/p/opensaf/tickets/ > <https://sourceforge.net/p/opensaf/tickets> > > To unsubscribe from further messages, a project admin can change > settings at https://sourceforge.net/p/opensaf/admin/tickets/options. Or, > if this is a mailing list, you can unsubscribe from the mailing list. > > > > ------------------------------------------------------------------------------ > Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer > Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports > Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper > Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer > http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk > > > > _______________________________________________ > Opensaf-tickets mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/opensaf-tickets > ------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk _______________________________________________ Opensaf-tickets mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/opensaf-tickets
