etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

coverity 1116612: update network cidrs firewall rules and acls

This commit is contained in:
Daan Hoogland 2015-07-28 17:12:28 +02:00
parent 0290f3ed6a
commit 49cb56bbca
1 changed files with 116 additions and 131 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

247
engine/schema/src/com/cloud/upgrade/dao/Upgrade410to420.java
View File

@ -1040,129 +1040,131 @@ public class Upgrade410to420 implements DbUpgrade {
s_logger.debug("Updating network ACLs");
PreparedStatement pstmt = null;
PreparedStatement pstmtDelete = null;
ResultSet rs = null;
ResultSet rsAcls = null;
ResultSet rsCidr = null;
//1,2 are default acl Ids, start acl Ids from 3
long nextAclId = 3;
String sqlSelectNetworkIds = "SELECT id, vpc_id, uuid FROM `cloud`.`networks` where vpc_id is not null and removed is null";
String sqlSelectFirewallRules = "SELECT id, uuid, start_port, end_port, state, protocol, icmp_code, icmp_type, created, traffic_type FROM `cloud`.`firewall_rules` where network_id = ? and purpose = 'NetworkACL'";
String sqlInsertNetworkAcl = "INSERT INTO `cloud`.`network_acl` (id, uuid, vpc_id, description, name) values (?, UUID(), ? , ?, ?)";
String sqlSelectFirewallCidrs = "SELECT id, source_cidr FROM `cloud`.`firewall_rules_cidrs` where firewall_rule_id = ?";
String sqlDeleteFirewallCidr = "DELETE FROM `cloud`.`firewall_rules_cidrs` where id = ?";
String sqlInsertNetworkAclItem = "INSERT INTO `cloud`.`network_acl_item` (uuid, acl_id, start_port, end_port, state, protocol, icmp_code, icmp_type, created, traffic_type, cidr, number, action) values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ? )";
String sqlDeleteFirewallRules = "DELETE FROM `cloud`.`firewall_rules` where id = ?";
String sqlUpdateNetworks = "UPDATE `cloud`.`networks` set network_acl_id=? where id=?";
try {
try (
PreparedStatement pstmtSelectNetworkIds = conn.prepareStatement(sqlSelectNetworkIds);
PreparedStatement pstmtUpdate = conn.prepareStatement(sqlUpdateNetworks);
PreparedStatement pstmtInsertNetworkAclItem = conn.prepareStatement(sqlInsertNetworkAclItem);
PreparedStatement pstmtSelectFirewallRules = conn.prepareStatement(sqlSelectFirewallRules);
PreparedStatement pstmtInsertNetworkAcl = conn.prepareStatement(sqlInsertNetworkAcl);
PreparedStatement pstmtSelectFirewallCidrs = conn.prepareStatement(sqlSelectFirewallCidrs);
PreparedStatement pstmtDeleteFirewallCidr = conn.prepareStatement(sqlDeleteFirewallCidr);
PreparedStatement pstmtDeleteFirewallRules = conn.prepareStatement(sqlDeleteFirewallRules);
ResultSet rsNetworkIds = pstmtSelectNetworkIds.executeQuery();) {
//Get all VPC tiers
pstmt = conn.prepareStatement("SELECT id, vpc_id, uuid FROM `cloud`.`networks` where vpc_id is not null and removed is null");
rs = pstmt.executeQuery();
while (rs.next()) {
Long networkId = rs.getLong(1);
while (rsNetworkIds.next()) {
Long networkId = rsNetworkIds.getLong(1);
s_logger.debug("Updating network ACLs for network: " + networkId);
Long vpcId = rs.getLong(2);
String tierUuid = rs.getString(3);
pstmt =
conn.prepareStatement("SELECT id, uuid, start_port, end_port, state, protocol, icmp_code, icmp_type, created, traffic_type FROM `cloud`.`firewall_rules` where network_id = ? and purpose = 'NetworkACL'");
pstmt.setLong(1, networkId);
rsAcls = pstmt.executeQuery();
Long vpcId = rsNetworkIds.getLong(2);
String tierUuid = rsNetworkIds.getString(3);
pstmtSelectFirewallRules.setLong(1, networkId);
boolean hasAcls = false;
Long aclId = null;
int number = 1;
while (rsAcls.next()) {
if (!hasAcls) {
hasAcls = true;
aclId = nextAclId++;
//create ACL for the tier
s_logger.debug("Creating network ACL for tier: " + tierUuid);
pstmt = conn.prepareStatement("INSERT INTO `cloud`.`network_acl` (id, uuid, vpc_id, description, name) values (?, UUID(), ? , ?, ?)");
pstmt.setLong(1, aclId);
pstmt.setLong(2, vpcId);
pstmt.setString(3, "ACL for tier " + tierUuid);
pstmt.setString(4, "tier_" + tierUuid);
pstmt.executeUpdate();
}
Long fwRuleId = rsAcls.getLong(1);
String cidr = null;
//get cidr from firewall_rules_cidrs
pstmt = conn.prepareStatement("SELECT id, source_cidr FROM `cloud`.`firewall_rules_cidrs` where firewall_rule_id = ?");
pstmt.setLong(1, fwRuleId);
rsCidr = pstmt.executeQuery();
while (rsCidr.next()) {
Long cidrId = rsCidr.getLong(1);
String sourceCidr = rsCidr.getString(2);
if (cidr == null) {
cidr = sourceCidr;
} else {
cidr += "," + sourceCidr;
try (ResultSet rsAcls = pstmtSelectFirewallRules.executeQuery();) {
while (rsAcls.next()) {
if (!hasAcls) {
hasAcls = true;
aclId = nextAclId++;
//create ACL for the tier
s_logger.debug("Creating network ACL for tier: " + tierUuid);
pstmtInsertNetworkAcl.setLong(1, aclId);
pstmtInsertNetworkAcl.setLong(2, vpcId);
pstmtInsertNetworkAcl.setString(3, "ACL for tier " + tierUuid);
pstmtInsertNetworkAcl.setString(4, "tier_" + tierUuid);
pstmtInsertNetworkAcl.executeUpdate();
}
//Delete cidr entry
pstmtDelete = conn.prepareStatement("DELETE FROM `cloud`.`firewall_rules_cidrs` where id = ?");
pstmtDelete.setLong(1, cidrId);
pstmtDelete.executeUpdate();
}
String aclItemUuid = rsAcls.getString(2);
//Move acl to network_acl_item table
s_logger.debug("Moving firewall rule: " + aclItemUuid);
pstmt =
conn.prepareStatement("INSERT INTO `cloud`.`network_acl_item` (uuid, acl_id, start_port, end_port, state, protocol, icmp_code, icmp_type, created, traffic_type, cidr, number, action) values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ? )");
//uuid
pstmt.setString(1, aclItemUuid);
//aclId
pstmt.setLong(2, aclId);
//Start port
Integer startPort = rsAcls.getInt(3);
if (rsAcls.wasNull()) {
pstmt.setNull(3, Types.INTEGER);
} else {
pstmt.setLong(3, startPort);
}
//End port
Integer endPort = rsAcls.getInt(4);
if (rsAcls.wasNull()) {
pstmt.setNull(4, Types.INTEGER);
} else {
pstmt.setLong(4, endPort);
}
//State
String state = rsAcls.getString(5);
pstmt.setString(5, state);
//protocol
String protocol = rsAcls.getString(6);
pstmt.setString(6, protocol);
//icmp_code
Integer icmpCode = rsAcls.getInt(7);
if (rsAcls.wasNull()) {
pstmt.setNull(7, Types.INTEGER);
} else {
pstmt.setLong(7, icmpCode);
}
Long fwRuleId = rsAcls.getLong(1);
String cidr = null;
//get cidr from firewall_rules_cidrs
pstmtSelectFirewallCidrs.setLong(1, fwRuleId);
try (ResultSet rsCidr = pstmtSelectFirewallCidrs.executeQuery();) {
while (rsCidr.next()) {
Long cidrId = rsCidr.getLong(1);
String sourceCidr = rsCidr.getString(2);
if (cidr == null) {
cidr = sourceCidr;
} else {
cidr += "," + sourceCidr;
}
//Delete cidr entry
pstmtDeleteFirewallCidr.setLong(1, cidrId);
pstmtDeleteFirewallCidr.executeUpdate();
}
}
String aclItemUuid = rsAcls.getString(2);
//Move acl to network_acl_item table
s_logger.debug("Moving firewall rule: " + aclItemUuid);
//uuid
pstmtInsertNetworkAclItem.setString(1, aclItemUuid);
//aclId
pstmtInsertNetworkAclItem.setLong(2, aclId);
//Start port
Integer startPort = rsAcls.getInt(3);
if (rsAcls.wasNull()) {
pstmtInsertNetworkAclItem.setNull(3, Types.INTEGER);
} else {
pstmtInsertNetworkAclItem.setLong(3, startPort);
}
//End port
Integer endPort = rsAcls.getInt(4);
if (rsAcls.wasNull()) {
pstmtInsertNetworkAclItem.setNull(4, Types.INTEGER);
} else {
pstmtInsertNetworkAclItem.setLong(4, endPort);
}
//State
String state = rsAcls.getString(5);
pstmtInsertNetworkAclItem.setString(5, state);
//protocol
String protocol = rsAcls.getString(6);
pstmtInsertNetworkAclItem.setString(6, protocol);
//icmp_code
Integer icmpCode = rsAcls.getInt(7);
if (rsAcls.wasNull()) {
pstmtInsertNetworkAclItem.setNull(7, Types.INTEGER);
} else {
pstmtInsertNetworkAclItem.setLong(7, icmpCode);
}
//icmp_type
Integer icmpType = rsAcls.getInt(8);
if (rsAcls.wasNull()) {
pstmt.setNull(8, Types.INTEGER);
} else {
pstmt.setLong(8, icmpType);
//icmp_type
Integer icmpType = rsAcls.getInt(8);
if (rsAcls.wasNull()) {
pstmtInsertNetworkAclItem.setNull(8, Types.INTEGER);
} else {
pstmtInsertNetworkAclItem.setLong(8, icmpType);
}
//created
Date created = rsAcls.getDate(9);
pstmtInsertNetworkAclItem.setDate(9, created);
//traffic type
String trafficType = rsAcls.getString(10);
pstmtInsertNetworkAclItem.setString(10, trafficType);
//cidr
pstmtInsertNetworkAclItem.setString(11, cidr);
//number
pstmtInsertNetworkAclItem.setInt(12, number++);
//action
pstmtInsertNetworkAclItem.setString(13, "Allow");
pstmtInsertNetworkAclItem.executeUpdate();
//Delete firewall rule
pstmtDeleteFirewallRules.setLong(1, fwRuleId);
pstmtDeleteFirewallRules.executeUpdate();
}
//created
Date created = rsAcls.getDate(9);
pstmt.setDate(9, created);
//traffic type
String trafficType = rsAcls.getString(10);
pstmt.setString(10, trafficType);
//cidr
pstmt.setString(11, cidr);
//number
pstmt.setInt(12, number++);
//action
pstmt.setString(13, "Allow");
pstmt.executeUpdate();
//Delete firewall rule
pstmtDelete = conn.prepareStatement("DELETE FROM `cloud`.`firewall_rules` where id = ?");
pstmtDelete.setLong(1, fwRuleId);
pstmtDelete.executeUpdate();
}
if (!hasAcls) {
//no network ACls for this network.
@ -1170,30 +1172,13 @@ public class Upgrade410to420 implements DbUpgrade {
aclId = NetworkACL.DEFAULT_DENY;
}
//Assign acl to network
pstmt = conn.prepareStatement("UPDATE `cloud`.`networks` set network_acl_id=? where id=?");
pstmt.setLong(1, aclId);
pstmt.setLong(2, networkId);
pstmt.executeUpdate();
pstmtUpdate.setLong(1, aclId);
pstmtUpdate.setLong(2, networkId);
pstmtUpdate.executeUpdate();
}
s_logger.debug("Done updating network ACLs ");
} catch (SQLException e) {
throw new CloudRuntimeException("Unable to move network acls from firewall rules table to network_acl_item table", e);
} finally {
try {
if (rs != null) {
rs.close();
}
if (rsAcls != null) {
rsAcls.close();
}
if (rsCidr != null) {
rsCidr.close();
}
if (pstmt != null) {
pstmt.close();
}
} catch (SQLException e) {
}
}
}