[PATCH 0 of 2] Make VSMigrationService validate reference keys
As described earlier, this adds strict checking of classname, prefix, and CCN against the reference of the method call to avoid migrating a domain for the wrong service.
# HG changeset patch # User Dan Smith <danms@us.ibm.com> # Date 1201194986 28800 # Node ID b0b9833dfa219a3e9a7898c0b6f5bab7afaf460a # Parent adf18661f7948a0287a4586d97572793e8e03826 Add ref class/prefix compare to misc_util Signed-off-by: Dan Smith <danms@us.ibm.com> diff -r adf18661f794 -r b0b9833dfa21 libxkutil/misc_util.c --- a/libxkutil/misc_util.c Thu Jan 24 12:56:45 2008 +0100 +++ b/libxkutil/misc_util.c Thu Jan 24 09:16:26 2008 -0800 @@ -435,6 +435,60 @@ bool libvirt_cim_init(void) return virInitialize == 0; } +bool check_refs_pfx_match(const CMPIObjectPath *refa, + const CMPIObjectPath *refb) +{ + bool result = false; + const char *refa_cn; + const char *refb_cn; + const char *ccn; + char *refa_pfx = NULL; + char *refb_pfx = NULL; + + refa_cn = CLASSNAME(refa); + refb_cn = CLASSNAME(refb); + + if ((refa_cn == NULL) || (refb_cn == NULL)) { + CU_DEBUG("Error getting ref classes %s:%s", + refa_cn, refb_cn); + goto out; + } + + refa_pfx = class_prefix_name(refa_cn); + refb_pfx = class_prefix_name(refb_cn); + + if ((refa_pfx == NULL) || (refb_pfx == NULL)) { + CU_DEBUG("Error getting ref prefixes %s:%s %s:%s", + refa_pfx, refb_pfx, + refa_cn, refb_cn); + goto out; + } + + if (!STREQC(refa_pfx, refb_pfx)) { + CU_DEBUG("Ref mismatch: %s != %s", + refa_pfx, + refb_pfx); + goto out; + } + + if (cu_get_str_path(refb, "CreationClassName", &ccn) == CMPI_RC_OK) { + if (!STREQC(ccn, refb_cn)) { + CU_DEBUG("ClassName(%s) != CreationClassName(%s)", + refb_cn, + ccn); + goto out; + } + } + + result = true; + + out: + free(refa_pfx); + free(refb_pfx); + + return result; +} + /* * Local Variables: * mode: C diff -r adf18661f794 -r b0b9833dfa21 libxkutil/misc_util.h --- a/libxkutil/misc_util.h Thu Jan 24 12:56:45 2008 +0100 +++ b/libxkutil/misc_util.h Thu Jan 24 09:16:26 2008 -0800 @@ -115,6 +115,8 @@ CMPIInstance *make_reference(const CMPIB struct std_assoc_info *info, struct std_assoc *assoc); +bool check_refs_pfx_match(const CMPIObjectPath *refa, + const CMPIObjectPath *refb); #define LIBVIRT_CIM_DEFAULT_MAKEREF() \ static CMPIInstance* make_ref(const CMPIObjectPath *source_ref, \
# HG changeset patch # User Dan Smith <danms@us.ibm.com> # Date 1201194993 28800 # Node ID 3717fb3202ecf289ffb05a94f7d2375658c4191b # Parent b0b9833dfa219a3e9a7898c0b6f5bab7afaf460a Check CreationClassName in MigrationService Signed-off-by: Dan Smith <danms@us.ibm.com> diff -r b0b9833dfa21 -r 3717fb3202ec src/Virt_VSMigrationService.c --- a/src/Virt_VSMigrationService.c Thu Jan 24 09:16:26 2008 -0800 +++ b/src/Virt_VSMigrationService.c Thu Jan 24 09:16:33 2008 -0800 @@ -204,6 +204,15 @@ static CMPIStatus vs_migratable_host(CMP return s; } + if (!check_refs_pfx_match(ref, system)) { + printf("Classname: %s\n", CLASSNAME(system)); + cu_statusf(_BROKER, &s, + CMPI_RC_ERR_FAILED, + "Invalid REF in ComputerSystem"); + METHOD_RETURN(results, 1); + return s; + } + return vs_migratable(ref, name, dhost, results); } @@ -235,6 +244,14 @@ static CMPIStatus vs_migratable_system(C cu_statusf(_BROKER, &s, CMPI_RC_ERR_FAILED, "Missing key (Name) in ComputerSystem"); + METHOD_RETURN(results, 1); + return s; + } + + if (!check_refs_pfx_match(ref, sys)) { + cu_statusf(_BROKER, &s, + CMPI_RC_ERR_FAILED, + "Invalid REF in ComputerSystem"); METHOD_RETURN(results, 1); return s; } @@ -549,6 +566,14 @@ static CMPIStatus migrate_vs_host(CMPIMe return s; } + if (!check_refs_pfx_match(ref, system)) { + cu_statusf(_BROKER, &s, + CMPI_RC_ERR_FAILED, + "Invalid REF in ComputerSystem"); + METHOD_RETURN(results, 1); + return s; + } + return migrate_do(ref, ctx, name, dhost, results, argsout); } @@ -580,6 +605,14 @@ static CMPIStatus migrate_vs_system(CMPI cu_statusf(_BROKER, &s, CMPI_RC_ERR_FAILED, "Missing key (Name) in ComputerSystem"); + METHOD_RETURN(results, 1); + return s; + } + + if (!check_refs_pfx_match(ref, sys)) { + cu_statusf(_BROKER, &s, + CMPI_RC_ERR_FAILED, + "Invalid REF in ComputerSystem"); METHOD_RETURN(results, 1); return s; }
Dan Smith wrote:
# HG changeset patch # User Dan Smith <danms@us.ibm.com> # Date 1201194993 28800 # Node ID 3717fb3202ecf289ffb05a94f7d2375658c4191b # Parent b0b9833dfa219a3e9a7898c0b6f5bab7afaf460a Check CreationClassName in MigrationService
Signed-off-by: Dan Smith <danms@us.ibm.com>
diff -r b0b9833dfa21 -r 3717fb3202ec src/Virt_VSMigrationService.c --- a/src/Virt_VSMigrationService.c Thu Jan 24 09:16:26 2008 -0800 +++ b/src/Virt_VSMigrationService.c Thu Jan 24 09:16:33 2008 -0800 @@ -204,6 +204,15 @@ static CMPIStatus vs_migratable_host(CMP return s; }
+ if (!check_refs_pfx_match(ref, system)) { + printf("Classname: %s\n", CLASSNAME(system));
This should be a CU_DEBUG(). I was also going to comment that the check_refs_pfx_match() name is a bit misleading since we also check the classname. But it never hurts to verify the classname (even if you just want to verify the prefix), so the function name is fine. -- Kaitlin Rupert IBM Linux Technology Center kaitlin@linux.vnet.ibm.com
Kaitlin Rupert wrote:
Dan Smith wrote:
# HG changeset patch # User Dan Smith <danms@us.ibm.com> # Date 1201194993 28800 # Node ID 3717fb3202ecf289ffb05a94f7d2375658c4191b # Parent b0b9833dfa219a3e9a7898c0b6f5bab7afaf460a Check CreationClassName in MigrationService
Signed-off-by: Dan Smith <danms@us.ibm.com>
diff -r b0b9833dfa21 -r 3717fb3202ec src/Virt_VSMigrationService.c --- a/src/Virt_VSMigrationService.c Thu Jan 24 09:16:26 2008 -0800 +++ b/src/Virt_VSMigrationService.c Thu Jan 24 09:16:33 2008 -0800 @@ -204,6 +204,15 @@ static CMPIStatus vs_migratable_host(CMP return s; }
+ if (!check_refs_pfx_match(ref, system)) { + printf("Classname: %s\n", CLASSNAME(system));
This should be a CU_DEBUG().
I think she's got a Thunderbird plugin that makes CU_DEBUG show up as 32-point, blood red text. I think that's like the fourth one I've gone right past that she's got. :) -- -Jay
Jay Gagnon wrote:
Kaitlin Rupert wrote:
Dan Smith wrote:
# HG changeset patch # User Dan Smith <danms@us.ibm.com> # Date 1201194993 28800 # Node ID 3717fb3202ecf289ffb05a94f7d2375658c4191b # Parent b0b9833dfa219a3e9a7898c0b6f5bab7afaf460a Check CreationClassName in MigrationService
Signed-off-by: Dan Smith <danms@us.ibm.com>
diff -r b0b9833dfa21 -r 3717fb3202ec src/Virt_VSMigrationService.c --- a/src/Virt_VSMigrationService.c Thu Jan 24 09:16:26 2008 -0800 +++ b/src/Virt_VSMigrationService.c Thu Jan 24 09:16:33 2008 -0800 @@ -204,6 +204,15 @@ static CMPIStatus vs_migratable_host(CMP return s; }
+ if (!check_refs_pfx_match(ref, system)) { + printf("Classname: %s\n", CLASSNAME(system)); This should be a CU_DEBUG().
I think she's got a Thunderbird plugin that makes CU_DEBUG show up as 32-point, blood red text. I think that's like the fourth one I've gone right past that she's got. :)
*laugh* Yeah, it seems to be one of the few things I can catch in a patch =) -- Kaitlin Rupert IBM Linux Technology Center kaitlin@linux.vnet.ibm.com
KR> This should be a CU_DEBUG(). Actually, it should be removed. That was left in there from debugging (as is usually the case when you catch me :)) I'll resend shortly... -- Dan Smith IBM Linux Technology Center Open Hypervisor Team email: danms@us.ibm.com
participants (3)
-
Dan Smith -
Jay Gagnon -
Kaitlin Rupert