rpms / freeipa

Clone
Source Code
GIT

Files

  1.   5c0f47e71d1a56b3442445d301f597f081e7b247
  2.   freeipa-3.0.0.pre1-044-rework-task-naming-in-ldap-updates-to-avoid-conflict.patch
Blob Blame History Raw 
From cc42d19e35ee54b9fcf82e70b7897a6d386d08b9 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy@redhat.com>
Date: Tue, 24 Jul 2012 12:07:23 +0300
Subject: [PATCH 44/79] Rework task naming in LDAP updates to avoid
 conflicting names in certain cases

There are two problems in task naming in LDAP updates:

1. Randomness may be scarce in virtual machines
2. Random number is added to the time value rounded to a second

The second issue leads to values that may repeat themselves as time
only grows and random number is non-negative as well, so
t2+r2 can be equal to t1+t2 generated earlier.

Since task name is a DN, there is no strict requirement to use an integer value.
Instead, we generate an UUID and use its 60-bit time, 14-bit sequential number,
and attribute name.

https://fedorahosted.org/freeipa/ticket/2942
---
 ipaserver/install/ldapupdate.py | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/ipaserver/install/ldapupdate.py b/ipaserver/install/ldapupdate.py
index c64139889d9f84866ac0cd358ed3a3a7d95af7dc..949b86ad99bce97fe3d09baef7fa42dbbc55ac26 100644
--- a/ipaserver/install/ldapupdate.py
+++ b/ipaserver/install/ldapupdate.py
@@ -29,9 +29,11 @@ from ipaserver.install import installutils
 from ipaserver.install import service
 from ipaserver import ipaldap
 from ipapython import entity, ipautil
+import uuid
 from ipalib import util
 from ipalib import errors
 from ipalib import api
+from ipalib.dn import DN
 import ldap
 from ldap.dn import escape_dn_chars
 from ipapython.ipa_log_manager import *
@@ -328,16 +330,14 @@ class LDAPUpdate:
         if self.live_run:
             time.sleep(5)
 
-        r = random.SystemRandom()
+        cn_uuid = uuid.uuid1()
+        # cn_uuid.time is in nanoseconds, but other users of LDAPUpdate expect
+        # seconds in 'TIME' so scale the value down
+        self.sub_dict['TIME'] = int(cn_uuid.time/1e9)
+        cn = "indextask_%s_%s_%s" % (attribute, cn_uuid.time, cn_uuid.clock_seq)
+        dn = DN(('cn', cn), ('cn', 'index'), ('cn', 'tasks'), ('cn', 'config'))
 
-        # Refresh the time to make uniqueness more probable. Add on some
-        # randomness for good measure.
-        self.sub_dict['TIME'] = int(time.time()) + r.randint(0,10000)
-
-        cn = self._template_str("indextask_$TIME")
-        dn = "cn=%s, cn=index, cn=tasks, cn=config" % cn
-
-        e = ipaldap.Entry(dn)
+        e = ipaldap.Entry(str(dn))
 
         e.setValues('objectClass', ['top', 'extensibleObject'])
         e.setValue('cn', cn)
-- 
1.7.11.2
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.