rpms / 389-ds-base

Clone
Source Code
GIT

Blame SOURCES/0002-Issue-4877-RFE-EntryUUID-to-validate-UUIDs-on-fixup-.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-armhfp c7-beta c8-beta-stream-1.4 c8-stream-1.4 c8s-stream-1.4 c8s-stream-ds c9 c9-beta
  1.   0a50785d731fadfc8c1670fc0ecd6cb7206ad657
  2.   SOURCES
  3.   0002-Issue-4877-RFE-EntryUUID-to-validate-UUIDs-on-fixup-.patch
Blob History Raw
0a5078 
From 6c8906559cd049b14b08e4d3158338f6611f04e4 Mon Sep 17 00:00:00 2001
0a5078 
From: Firstyear <william@blackhats.net.au>
0a5078 
Date: Fri, 20 Aug 2021 09:18:50 +1000
0a5078 
Subject: [PATCH] Issue 4877 - RFE - EntryUUID to validate UUIDs on fixup
0a5078 
 (#4878)
0a5078
0a5078 
Bug Description: Due to changing the syntax of EntryUUID's
0a5078 
to string, we may have invalid EntryUUID's imported into
0a5078 
the database.
0a5078
0a5078 
Fix Description: To resolve this during a fixup we validate
0a5078 
that Uuid's have a valid syntax. If they do not, we regenerate
0a5078 
them.
0a5078
0a5078 
fixes: https://github.com/389ds/389-ds-base/issues/4877
0a5078
0a5078 
Author: William Brown <william@blackhats.net.au>
0a5078
0a5078 
Review by: @mreynolds389
0a5078 
---
0a5078 
 src/plugins/entryuuid/src/lib.rs | 28 ++++++++++++++++++++--------
0a5078 
 1 file changed, 20 insertions(+), 8 deletions(-)
0a5078
0a5078 
diff --git a/src/plugins/entryuuid/src/lib.rs b/src/plugins/entryuuid/src/lib.rs
0a5078 
index 29a9f1258..ad3faef4b 100644
0a5078 
--- a/src/plugins/entryuuid/src/lib.rs
0a5078 
+++ b/src/plugins/entryuuid/src/lib.rs
0a5078 
@@ -144,11 +144,17 @@ impl SlapiPlugin3 for EntryUuid {
0a5078 
         // Error if the first filter is empty?
0a5078
0a5078 
         // Now, to make things faster, we wrap the filter in a exclude term.
0a5078 
+
0a5078 
+        // 2021 - #4877 because we allow entryuuid to be strings, on import these may
0a5078 
+        // be invalid. As a result, we DO need to allow the fixup to check the entryuuid
0a5078 
+        // value is correct, so we can not exclude these during the search.
0a5078 
+        /*
0a5078 
         let raw_filter = if !raw_filter.starts_with('(') && !raw_filter.ends_with('(') {
0a5078 
             format!("(&({})(!(entryuuid=*)))", raw_filter)
0a5078 
         } else {
0a5078 
             format!("(&{}(!(entryuuid=*)))", raw_filter)
0a5078 
         };
0a5078 
+        */
0a5078
0a5078 
         Ok(FixupData { basedn, raw_filter })
0a5078 
     }
0a5078 
@@ -213,14 +219,20 @@ pub fn entryuuid_fixup_mapfn(e: &EntryRef, _data: &()) -> Result<(), PluginError
0a5078 
     /* Supply a modification to the entry. */
0a5078 
     let sdn = e.get_sdnref();
0a5078
0a5078 
-    /* Sanity check that entryuuid doesn't already exist */
0a5078 
-    if e.contains_attr("entryUUID") {
0a5078 
-        log_error!(
0a5078 
-            ErrorLevel::Plugin,
0a5078 
-            "skipping fixup for -> {}",
0a5078 
-            sdn.to_dn_string()
0a5078 
-        );
0a5078 
-        return Ok(());
0a5078 
+    /* Check that entryuuid doesn't already exist, and is valid */
0a5078 
+    if let Some(valueset) = e.get_attr("entryUUID") {
0a5078 
+        if valueset.iter().all(|v| {
0a5078 
+            let u: Result<Uuid, _> = (&v).try_into();
0a5078 
+            u.is_ok()
0a5078 
+        }) {
0a5078 
+            // All values were valid uuid, move on!
0a5078 
+            log_error!(
0a5078 
+                ErrorLevel::Plugin,
0a5078 
+                "skipping fixup for -> {}",
0a5078 
+                sdn.to_dn_string()
0a5078 
+            );
0a5078 
+            return Ok(());
0a5078 
+        }
0a5078 
     }
0a5078
0a5078 
     // Setup the modifications
0a5078 
--
0a5078 
2.31.1
0a5078

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation