|
 |
cb1cc6 |
From 6c8906559cd049b14b08e4d3158338f6611f04e4 Mon Sep 17 00:00:00 2001
|
|
|
cb1cc6 |
From: Firstyear <william@blackhats.net.au>
|
|
|
cb1cc6 |
Date: Fri, 20 Aug 2021 09:18:50 +1000
|
|
|
cb1cc6 |
Subject: [PATCH] Issue 4877 - RFE - EntryUUID to validate UUIDs on fixup
|
|
|
cb1cc6 |
(#4878)
|
|
|
cb1cc6 |
|
|
|
cb1cc6 |
Bug Description: Due to changing the syntax of EntryUUID's
|
|
|
cb1cc6 |
to string, we may have invalid EntryUUID's imported into
|
|
|
cb1cc6 |
the database.
|
|
|
cb1cc6 |
|
|
|
cb1cc6 |
Fix Description: To resolve this during a fixup we validate
|
|
|
cb1cc6 |
that Uuid's have a valid syntax. If they do not, we regenerate
|
|
|
cb1cc6 |
them.
|
|
|
cb1cc6 |
|
|
|
cb1cc6 |
fixes: https://github.com/389ds/389-ds-base/issues/4877
|
|
|
cb1cc6 |
|
|
|
cb1cc6 |
Author: William Brown <william@blackhats.net.au>
|
|
|
cb1cc6 |
|
|
|
cb1cc6 |
Review by: @mreynolds389
|
|
|
cb1cc6 |
---
|
|
|
cb1cc6 |
src/plugins/entryuuid/src/lib.rs | 28 ++++++++++++++++++++--------
|
|
|
cb1cc6 |
1 file changed, 20 insertions(+), 8 deletions(-)
|
|
|
cb1cc6 |
|
|
|
cb1cc6 |
diff --git a/src/plugins/entryuuid/src/lib.rs b/src/plugins/entryuuid/src/lib.rs
|
|
|
cb1cc6 |
index 29a9f1258..ad3faef4b 100644
|
|
|
cb1cc6 |
--- a/src/plugins/entryuuid/src/lib.rs
|
|
|
cb1cc6 |
+++ b/src/plugins/entryuuid/src/lib.rs
|
|
|
cb1cc6 |
@@ -144,11 +144,17 @@ impl SlapiPlugin3 for EntryUuid {
|
|
|
cb1cc6 |
// Error if the first filter is empty?
|
|
|
cb1cc6 |
|
|
|
cb1cc6 |
// Now, to make things faster, we wrap the filter in a exclude term.
|
|
|
cb1cc6 |
+
|
|
|
cb1cc6 |
+ // 2021 - #4877 because we allow entryuuid to be strings, on import these may
|
|
|
cb1cc6 |
+ // be invalid. As a result, we DO need to allow the fixup to check the entryuuid
|
|
|
cb1cc6 |
+ // value is correct, so we can not exclude these during the search.
|
|
|
cb1cc6 |
+ /*
|
|
|
cb1cc6 |
let raw_filter = if !raw_filter.starts_with('(') && !raw_filter.ends_with('(') {
|
|
|
cb1cc6 |
format!("(&({})(!(entryuuid=*)))", raw_filter)
|
|
|
cb1cc6 |
} else {
|
|
|
cb1cc6 |
format!("(&{}(!(entryuuid=*)))", raw_filter)
|
|
|
cb1cc6 |
};
|
|
|
cb1cc6 |
+ */
|
|
|
cb1cc6 |
|
|
|
cb1cc6 |
Ok(FixupData { basedn, raw_filter })
|
|
|
cb1cc6 |
}
|
|
|
cb1cc6 |
@@ -213,14 +219,20 @@ pub fn entryuuid_fixup_mapfn(e: &EntryRef, _data: &()) -> Result<(), PluginError
|
|
|
cb1cc6 |
/* Supply a modification to the entry. */
|
|
|
cb1cc6 |
let sdn = e.get_sdnref();
|
|
|
cb1cc6 |
|
|
|
cb1cc6 |
- /* Sanity check that entryuuid doesn't already exist */
|
|
|
cb1cc6 |
- if e.contains_attr("entryUUID") {
|
|
|
cb1cc6 |
- log_error!(
|
|
|
cb1cc6 |
- ErrorLevel::Plugin,
|
|
|
cb1cc6 |
- "skipping fixup for -> {}",
|
|
|
cb1cc6 |
- sdn.to_dn_string()
|
|
|
cb1cc6 |
- );
|
|
|
cb1cc6 |
- return Ok(());
|
|
|
cb1cc6 |
+ /* Check that entryuuid doesn't already exist, and is valid */
|
|
|
cb1cc6 |
+ if let Some(valueset) = e.get_attr("entryUUID") {
|
|
|
cb1cc6 |
+ if valueset.iter().all(|v| {
|
|
|
cb1cc6 |
+ let u: Result<Uuid, _> = (&v).try_into();
|
|
|
cb1cc6 |
+ u.is_ok()
|
|
|
cb1cc6 |
+ }) {
|
|
|
cb1cc6 |
+ // All values were valid uuid, move on!
|
|
|
cb1cc6 |
+ log_error!(
|
|
|
cb1cc6 |
+ ErrorLevel::Plugin,
|
|
|
cb1cc6 |
+ "skipping fixup for -> {}",
|
|
|
cb1cc6 |
+ sdn.to_dn_string()
|
|
|
cb1cc6 |
+ );
|
|
|
cb1cc6 |
+ return Ok(());
|
|
|
cb1cc6 |
+ }
|
|
|
cb1cc6 |
}
|
|
|
cb1cc6 |
|
|
|
cb1cc6 |
// Setup the modifications
|
|
|
cb1cc6 |
--
|
|
|
cb1cc6 |
2.31.1
|
|
|
cb1cc6 |
|