|
|
5d81fc |
From b2e0a1d405d15383064e547fd15008bc136d3efe Mon Sep 17 00:00:00 2001
|
|
|
5d81fc |
From: Firstyear <william@blackhats.net.au>
|
|
|
5d81fc |
Date: Thu, 17 Dec 2020 08:22:23 +1000
|
|
|
5d81fc |
Subject: [PATCH 05/12] Issue 4498 - BUG - entryuuid replication may not work
|
|
|
5d81fc |
(#4503)
|
|
|
5d81fc |
|
|
|
5d81fc |
Bug Description: EntryUUID can be duplicated in replication,
|
|
|
5d81fc |
due to a missing check in assign_uuid
|
|
|
5d81fc |
|
|
|
5d81fc |
Fix Description: Add a test case to determine how this occurs,
|
|
|
5d81fc |
and add the correct check for existing entryUUID.
|
|
|
5d81fc |
|
|
|
5d81fc |
fixes: https://github.com/389ds/389-ds-base/issues/4498
|
|
|
5d81fc |
|
|
|
5d81fc |
Author: William Brown <william@blackhats.net.au>
|
|
|
5d81fc |
|
|
|
5d81fc |
Review by: @mreynolds389
|
|
|
5d81fc |
---
|
|
|
5d81fc |
.../tests/suites/entryuuid/replicated_test.py | 77 +++++++++++++++++++
|
|
|
5d81fc |
rpm.mk | 2 +-
|
|
|
5d81fc |
src/plugins/entryuuid/src/lib.rs | 20 ++++-
|
|
|
5d81fc |
src/slapi_r_plugin/src/constants.rs | 2 +
|
|
|
5d81fc |
src/slapi_r_plugin/src/pblock.rs | 7 ++
|
|
|
5d81fc |
5 files changed, 106 insertions(+), 2 deletions(-)
|
|
|
5d81fc |
create mode 100644 dirsrvtests/tests/suites/entryuuid/replicated_test.py
|
|
|
5d81fc |
|
|
|
5d81fc |
diff --git a/dirsrvtests/tests/suites/entryuuid/replicated_test.py b/dirsrvtests/tests/suites/entryuuid/replicated_test.py
|
|
|
5d81fc |
new file mode 100644
|
|
|
5d81fc |
index 000000000..a2ebc8ff7
|
|
|
5d81fc |
--- /dev/null
|
|
|
5d81fc |
+++ b/dirsrvtests/tests/suites/entryuuid/replicated_test.py
|
|
|
5d81fc |
@@ -0,0 +1,77 @@
|
|
|
5d81fc |
+# --- BEGIN COPYRIGHT BLOCK ---
|
|
|
5d81fc |
+# Copyright (C) 2020 William Brown <william@blackhats.net.au>
|
|
|
5d81fc |
+# All rights reserved.
|
|
|
5d81fc |
+#
|
|
|
5d81fc |
+# License: GPL (version 3 or any later version).
|
|
|
5d81fc |
+# See LICENSE for details.
|
|
|
5d81fc |
+# --- END COPYRIGHT BLOCK ---
|
|
|
5d81fc |
+
|
|
|
5d81fc |
+import ldap
|
|
|
5d81fc |
+import pytest
|
|
|
5d81fc |
+import logging
|
|
|
5d81fc |
+from lib389.topologies import topology_m2 as topo_m2
|
|
|
5d81fc |
+from lib389.idm.user import nsUserAccounts
|
|
|
5d81fc |
+from lib389.paths import Paths
|
|
|
5d81fc |
+from lib389.utils import ds_is_older
|
|
|
5d81fc |
+from lib389._constants import *
|
|
|
5d81fc |
+from lib389.replica import ReplicationManager
|
|
|
5d81fc |
+
|
|
|
5d81fc |
+default_paths = Paths()
|
|
|
5d81fc |
+
|
|
|
5d81fc |
+pytestmark = pytest.mark.tier1
|
|
|
5d81fc |
+
|
|
|
5d81fc |
+@pytest.mark.skipif(not default_paths.rust_enabled or ds_is_older('1.4.2.0'), reason="Entryuuid is not available in older versions")
|
|
|
5d81fc |
+
|
|
|
5d81fc |
+def test_entryuuid_with_replication(topo_m2):
|
|
|
5d81fc |
+ """ Check that entryuuid works with replication
|
|
|
5d81fc |
+
|
|
|
5d81fc |
+ :id: a5f15bf9-7f63-473a-840c-b9037b787024
|
|
|
5d81fc |
+
|
|
|
5d81fc |
+ :setup: two node mmr
|
|
|
5d81fc |
+
|
|
|
5d81fc |
+ :steps:
|
|
|
5d81fc |
+ 1. Create an entry on one server
|
|
|
5d81fc |
+ 2. Wait for replication
|
|
|
5d81fc |
+ 3. Assert it is on the second
|
|
|
5d81fc |
+
|
|
|
5d81fc |
+ :expectedresults:
|
|
|
5d81fc |
+ 1. Success
|
|
|
5d81fc |
+ 1. Success
|
|
|
5d81fc |
+ 1. Success
|
|
|
5d81fc |
+ """
|
|
|
5d81fc |
+
|
|
|
5d81fc |
+ server_a = topo_m2.ms["supplier1"]
|
|
|
5d81fc |
+ server_b = topo_m2.ms["supplier2"]
|
|
|
5d81fc |
+ server_a.config.loglevel(vals=(ErrorLog.DEFAULT,ErrorLog.TRACE))
|
|
|
5d81fc |
+ server_b.config.loglevel(vals=(ErrorLog.DEFAULT,ErrorLog.TRACE))
|
|
|
5d81fc |
+
|
|
|
5d81fc |
+ repl = ReplicationManager(DEFAULT_SUFFIX)
|
|
|
5d81fc |
+
|
|
|
5d81fc |
+ account_a = nsUserAccounts(server_a, DEFAULT_SUFFIX).create_test_user(uid=2000)
|
|
|
5d81fc |
+ euuid_a = account_a.get_attr_vals_utf8('entryUUID')
|
|
|
5d81fc |
+ print("🧩 %s" % euuid_a)
|
|
|
5d81fc |
+ assert(euuid_a is not None)
|
|
|
5d81fc |
+ assert(len(euuid_a) == 1)
|
|
|
5d81fc |
+
|
|
|
5d81fc |
+ repl.wait_for_replication(server_a, server_b)
|
|
|
5d81fc |
+
|
|
|
5d81fc |
+ account_b = nsUserAccounts(server_b, DEFAULT_SUFFIX).get("test_user_2000")
|
|
|
5d81fc |
+ euuid_b = account_b.get_attr_vals_utf8('entryUUID')
|
|
|
5d81fc |
+ print("🧩 %s" % euuid_b)
|
|
|
5d81fc |
+
|
|
|
5d81fc |
+ server_a.config.loglevel(vals=(ErrorLog.DEFAULT,))
|
|
|
5d81fc |
+ server_b.config.loglevel(vals=(ErrorLog.DEFAULT,))
|
|
|
5d81fc |
+
|
|
|
5d81fc |
+ assert(euuid_b is not None)
|
|
|
5d81fc |
+ assert(len(euuid_b) == 1)
|
|
|
5d81fc |
+ assert(euuid_b == euuid_a)
|
|
|
5d81fc |
+
|
|
|
5d81fc |
+ account_b.set("description", "update")
|
|
|
5d81fc |
+ repl.wait_for_replication(server_b, server_a)
|
|
|
5d81fc |
+
|
|
|
5d81fc |
+ euuid_c = account_a.get_attr_vals_utf8('entryUUID')
|
|
|
5d81fc |
+ print("🧩 %s" % euuid_c)
|
|
|
5d81fc |
+ assert(euuid_c is not None)
|
|
|
5d81fc |
+ assert(len(euuid_c) == 1)
|
|
|
5d81fc |
+ assert(euuid_c == euuid_a)
|
|
|
5d81fc |
+
|
|
|
5d81fc |
diff --git a/rpm.mk b/rpm.mk
|
|
|
5d81fc |
index 02f5bba37..d1cdff7df 100644
|
|
|
5d81fc |
--- a/rpm.mk
|
|
|
5d81fc |
+++ b/rpm.mk
|
|
|
5d81fc |
@@ -25,7 +25,7 @@ TSAN_ON = 0
|
|
|
5d81fc |
# Undefined Behaviour Sanitizer
|
|
|
5d81fc |
UBSAN_ON = 0
|
|
|
5d81fc |
|
|
|
5d81fc |
-RUST_ON = 0
|
|
|
5d81fc |
+RUST_ON = 1
|
|
|
5d81fc |
|
|
|
5d81fc |
# PERL_ON is deprecated and turns on the LEGACY_ON, this for not breaking people's workflows.
|
|
|
5d81fc |
PERL_ON = 1
|
|
|
5d81fc |
diff --git a/src/plugins/entryuuid/src/lib.rs b/src/plugins/entryuuid/src/lib.rs
|
|
|
5d81fc |
index 92977db05..0197c5e83 100644
|
|
|
5d81fc |
--- a/src/plugins/entryuuid/src/lib.rs
|
|
|
5d81fc |
+++ b/src/plugins/entryuuid/src/lib.rs
|
|
|
5d81fc |
@@ -30,6 +30,16 @@ slapi_r_search_callback_mapfn!(entryuuid, entryuuid_fixup_cb, entryuuid_fixup_ma
|
|
|
5d81fc |
fn assign_uuid(e: &mut EntryRef) {
|
|
|
5d81fc |
let sdn = e.get_sdnref();
|
|
|
5d81fc |
|
|
|
5d81fc |
+ // 🚧 safety barrier 🚧
|
|
|
5d81fc |
+ if e.contains_attr("entryUUID") {
|
|
|
5d81fc |
+ log_error!(
|
|
|
5d81fc |
+ ErrorLevel::Trace,
|
|
|
5d81fc |
+ "assign_uuid -> entryUUID exists, skipping dn {}",
|
|
|
5d81fc |
+ sdn.to_dn_string()
|
|
|
5d81fc |
+ );
|
|
|
5d81fc |
+ return;
|
|
|
5d81fc |
+ }
|
|
|
5d81fc |
+
|
|
|
5d81fc |
// We could consider making these lazy static.
|
|
|
5d81fc |
let config_sdn = Sdn::try_from("cn=config").expect("Invalid static dn");
|
|
|
5d81fc |
let schema_sdn = Sdn::try_from("cn=schema").expect("Invalid static dn");
|
|
|
5d81fc |
@@ -66,7 +76,15 @@ impl SlapiPlugin3 for EntryUuid {
|
|
|
5d81fc |
}
|
|
|
5d81fc |
|
|
|
5d81fc |
fn betxn_pre_add(pb: &mut PblockRef) -> Result<(), PluginError> {
|
|
|
5d81fc |
- log_error!(ErrorLevel::Trace, "betxn_pre_add");
|
|
|
5d81fc |
+ if pb.get_is_replicated_operation() {
|
|
|
5d81fc |
+ log_error!(
|
|
|
5d81fc |
+ ErrorLevel::Trace,
|
|
|
5d81fc |
+ "betxn_pre_add -> replicated operation, will not change"
|
|
|
5d81fc |
+ );
|
|
|
5d81fc |
+ return Ok(());
|
|
|
5d81fc |
+ }
|
|
|
5d81fc |
+
|
|
|
5d81fc |
+ log_error!(ErrorLevel::Trace, "betxn_pre_add -> start");
|
|
|
5d81fc |
|
|
|
5d81fc |
let mut e = pb.get_op_add_entryref().map_err(|_| PluginError::Pblock)?;
|
|
|
5d81fc |
assign_uuid(&mut e);
|
|
|
5d81fc |
diff --git a/src/slapi_r_plugin/src/constants.rs b/src/slapi_r_plugin/src/constants.rs
|
|
|
5d81fc |
index 34845c2f4..aa0691acc 100644
|
|
|
5d81fc |
--- a/src/slapi_r_plugin/src/constants.rs
|
|
|
5d81fc |
+++ b/src/slapi_r_plugin/src/constants.rs
|
|
|
5d81fc |
@@ -164,6 +164,8 @@ pub(crate) enum PblockType {
|
|
|
5d81fc |
AddEntry = 60,
|
|
|
5d81fc |
/// SLAPI_BACKEND
|
|
|
5d81fc |
Backend = 130,
|
|
|
5d81fc |
+ /// SLAPI_IS_REPLICATED_OPERATION
|
|
|
5d81fc |
+ IsReplicationOperation = 142,
|
|
|
5d81fc |
/// SLAPI_PLUGIN_MR_NAMES
|
|
|
5d81fc |
MRNames = 624,
|
|
|
5d81fc |
/// SLAPI_PLUGIN_SYNTAX_NAMES
|
|
|
5d81fc |
diff --git a/src/slapi_r_plugin/src/pblock.rs b/src/slapi_r_plugin/src/pblock.rs
|
|
|
5d81fc |
index 0f83914f3..718ff2ca7 100644
|
|
|
5d81fc |
--- a/src/slapi_r_plugin/src/pblock.rs
|
|
|
5d81fc |
+++ b/src/slapi_r_plugin/src/pblock.rs
|
|
|
5d81fc |
@@ -279,4 +279,11 @@ impl PblockRef {
|
|
|
5d81fc |
pub fn get_op_result(&mut self) -> i32 {
|
|
|
5d81fc |
self.get_value_i32(PblockType::OpResult).unwrap_or(-1)
|
|
|
5d81fc |
}
|
|
|
5d81fc |
+
|
|
|
5d81fc |
+ pub fn get_is_replicated_operation(&mut self) -> bool {
|
|
|
5d81fc |
+ let i = self.get_value_i32(PblockType::IsReplicationOperation).unwrap_or(0);
|
|
|
5d81fc |
+ // Because rust returns the result of the last evaluation, we can
|
|
|
5d81fc |
+ // just return if not equal 0.
|
|
|
5d81fc |
+ i != 0
|
|
|
5d81fc |
+ }
|
|
|
5d81fc |
}
|
|
|
5d81fc |
--
|
|
|
5d81fc |
2.26.3
|
|
|
5d81fc |
|