[PATCH 0 of 4] RAFP: Validation of client's given object path missing

The starting point for this patch series was the missing validation of the client's given object path of ResourceAllocationSettingData in the RAFP provider. This is fixed by patch #1. Patch #2 switches the return code for getInstance from FAILED to NOT_FOUND for ResourceAllocationSettingData. Patch #3 registeres the RASD provider for KVM. Patch #4 switches the return code for getInstance from FAILED to NOT_FOUND for DevicePools.

# HG changeset patch # User Heidi Eckhart <heidieck@linux.vnet.ibm.com> # Date 1199880495 -3600 # Node ID ae476a5a5ab9891f4fbd3591e4175173f6b55c8b # Parent a6edc1c843ecbc619dbd40da2f4cedc58e45ba27 RAFP: validation of client given object path is missing The validation of the client's given object path for a ResourceAllocationSettingData instance is missing. The provider accepts InstanceIDs that do not exist, instead of returning NOT_FOUND. Example: wbemcli ain -ac KVM_ResourceAllocationFromPool http://localhost/root/virt:KVM_ProcResourceAllocationSettingData.InstanceID="NetworkPool/me" returns localhost:5988/root/virt:KVM_ProcessorPool.InstanceID="ProcessorPool/0" Also removed unused inst_list _list. Signed-off-by: Heidi Eckhart <heidieck@linux.vnet.ibm.com> diff -r a6edc1c843ec -r ae476a5a5ab9 src/Virt_ResourceAllocationFromPool.c --- a/src/Virt_ResourceAllocationFromPool.c Tue Jan 08 13:23:53 2008 -0800 +++ b/src/Virt_ResourceAllocationFromPool.c Wed Jan 09 13:08:15 2008 +0100 @@ -37,6 +37,28 @@ const static CMPIBroker *_BROKER; +static CMPIStatus validate_rasd_ref(const CMPIContext *context, + const CMPIObjectPath *ref, + uint16_t type, + const char *id) +{ + CMPIStatus s = {CMPI_RC_OK, NULL}; + CMPIInstance *rasd = NULL; + + rasd = get_rasd_instance(context, + ref, + _BROKER, + id, + type); + + if (CMIsNullObject(rasd)) + cu_statusf(_BROKER, &s, + CMPI_RC_ERR_NOT_FOUND, + "No such instance (%s)", id); + + return s; +} + static CMPIStatus rasd_to_pool(const CMPIObjectPath *ref, struct std_assoc_info *info, struct inst_list *list) @@ -46,14 +68,11 @@ static CMPIStatus rasd_to_pool(const CMP const char *id = NULL; char *poolid = NULL; virConnectPtr conn = NULL; - struct inst_list _list; CMPIInstance *pool = NULL; if (!match_hypervisor_prefix(ref, info)) return s; - inst_list_init(&_list); - if (rasd_type_from_classname(CLASSNAME(ref), &type) != CMPI_RC_OK) { cu_statusf(_BROKER, &s, CMPI_RC_ERR_FAILED, @@ -67,6 +86,13 @@ static CMPIStatus rasd_to_pool(const CMP "Missing InstanceID"); goto out; } + + s = validate_rasd_ref(info->context, + ref, + type, + id); + if (s.rc != CMPI_RC_OK) + goto out; poolid = pool_member_of(_BROKER, CLASSNAME(ref), type, id); if (poolid == NULL) { @@ -96,7 +122,6 @@ static CMPIStatus rasd_to_pool(const CMP out: free(poolid); virConnectClose(conn); - inst_list_free(&_list); return s; }

# HG changeset patch # User Heidi Eckhart <heidieck@linux.vnet.ibm.com> # Date 1199880496 -3600 # Node ID 35a3c6dc22e139c28360611f4363a2c8ec9bab11 # Parent ae476a5a5ab9891f4fbd3591e4175173f6b55c8b getInstance of RASD returns FAILED in case of NOT_FOUND Signed-off-by: Heidi Eckhart <heidieck@linux.vnet.ibm.com> diff -r ae476a5a5ab9 -r 35a3c6dc22e1 src/Virt_RASD.c --- a/src/Virt_RASD.c Wed Jan 09 13:08:15 2008 +0100 +++ b/src/Virt_RASD.c Wed Jan 09 13:08:16 2008 +0100 @@ -294,8 +294,8 @@ static CMPIStatus GetInstance(CMPIInstan CMReturnInstance(results, inst); else cu_statusf(_BROKER, &s, - CMPI_RC_ERR_FAILED, - "Unknown instance"); + CMPI_RC_ERR_NOT_FOUND, + "No such instance (%s)", id); out: return s; }

# HG changeset patch # User Heidi Eckhart <heidieck@linux.vnet.ibm.com> # Date 1199880496 -3600 # Node ID 5a1645d367b15bd3c6d144f5098c5c2824875eb8 # Parent 35a3c6dc22e139c28360611f4363a2c8ec9bab11 Register RASD provider for KVM ResourceAllocationSettingData Signed-off-by: Heidi Eckhart <heidieck@linux.vnet.ibm.com> diff -r 35a3c6dc22e1 -r 5a1645d367b1 schema/ResourceAllocationSettingData.registration --- a/schema/ResourceAllocationSettingData.registration Wed Jan 09 13:08:16 2008 +0100 +++ b/schema/ResourceAllocationSettingData.registration Wed Jan 09 13:08:16 2008 +0100 @@ -4,3 +4,7 @@ Xen_NetResourceAllocationSettingData roo Xen_NetResourceAllocationSettingData root/virt Virt_RASDP Virt_RASD instance Xen_ProcResourceAllocationSettingData root/virt Virt_RASD Virt_RASD instance Xen_MemResourceAllocationSettingData root/virt Virt_RASD Virt_RASD instance +KVM_DiskResourceAllocationSettingData root/virt Virt_RASD Virt_RASD instance +KVM_NetResourceAllocationSettingData root/virt Virt_RASDP Virt_RASD instance +KVM_ProcResourceAllocationSettingData root/virt Virt_RASD Virt_RASD instance +KVM_MemResourceAllocationSettingData root/virt Virt_RASD Virt_RASD instance

# HG changeset patch # User Heidi Eckhart <heidieck@linux.vnet.ibm.com> # Date 1199880497 -3600 # Node ID 102f4ccc2080dbaddb62b61eb9409ba09922cefd # Parent 5a1645d367b15bd3c6d144f5098c5c2824875eb8 getInstance of DevicePool returns FAILED in case of NOT_FOUND Signed-off-by: Heidi Eckhart <heidieck@linux.vnet.ibm.com> diff -r 5a1645d367b1 -r 102f4ccc2080 src/Virt_DevicePool.c --- a/src/Virt_DevicePool.c Wed Jan 09 13:08:16 2008 +0100 +++ b/src/Virt_DevicePool.c Wed Jan 09 13:08:17 2008 +0100 @@ -817,7 +817,6 @@ CMPIStatus get_pool_inst(const CMPIBroke CMPIInstance *inst = NULL; virConnectPtr conn = NULL; const char *id = NULL; - const char *prop; if (cu_get_str_path(reference, "InstanceID", &id) != CMPI_RC_OK) { cu_statusf(broker, &s, @@ -831,19 +830,11 @@ CMPIStatus get_pool_inst(const CMPIBroke goto out; inst = get_pool_by_id(broker, conn, id, NAMESPACE(reference)); - if (inst) { - prop = cu_compare_ref(reference, inst); - if (prop != NULL) { - cu_statusf(broker, &s, - CMPI_RC_ERR_NOT_FOUND, - "No such ResourcePool instance (%s)", prop); - } - } else { + if (inst == NULL) cu_statusf(broker, &s, - CMPI_RC_ERR_FAILED, - "No such instance `%s'", id); - } - + CMPI_RC_ERR_NOT_FOUND, + "No such instance (%s)", id); + out: virConnectClose(conn); *instance = inst;

Heidi Eckhart wrote:
The starting point for this patch series was the missing validation of the client's given object path of ResourceAllocationSettingData in the RAFP provider. This is fixed by patch #1. Patch #2 switches the return code for getInstance from FAILED to NOT_FOUND for ResourceAllocationSettingData. Patch #3 registeres the RASD provider for KVM. Patch #4 switches the return code for getInstance from FAILED to NOT_FOUND for DevicePools.
This patch tested fine for me. Patch #4 confused me at first - wasn't sure why the cu_compare_ref() piece was being removed. But since DevicePools only have one key (which we use to grab the instance anyway), there's not need to revalidate the key again. -- Kaitlin Rupert IBM Linux Technology Center karupert@us.ibm.com
participants (2)
-
Heidi Eckhart
-
Kaitlin Rupert