[Engine-patches] Change in ovirt-engine[master]: aaa: sync: handle group loops

Alon Bar-Lev Thu, 27 Nov 2014 05:16:11 -0800

Alon Bar-Lev has uploaded a new change for review.

Change subject: aaa: sync: handle group loops
......................................................................


aaa: sync: handle group loops

Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1168631
Change-Id: Ie90ad3cbef9675be8c0ceba47c22609a9985b518
Signed-off-by: Alon Bar-Lev <alo...@redhat.com>
---
M 
backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/AuthzUtils.java
1 file changed, 29 insertions(+), 10 deletions(-)


  git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/63/35663/1

diff --git 
a/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/AuthzUtils.java
 
b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/AuthzUtils.java
index 8a9c561..6cdfc85 100644
--- 
a/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/AuthzUtils.java
+++ 
b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/AuthzUtils.java
@@ -1,13 +1,18 @@
 package org.ovirt.engine.core.aaa;
 
+import java.util.ArrayDeque;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
+import java.util.Deque;
 import java.util.HashMap;
 import java.util.List;
-import java.util.Map;
 import java.util.Map.Entry;
+import java.util.Map;
 import java.util.Set;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 import org.ovirt.engine.api.extensions.Base;
 import org.ovirt.engine.api.extensions.ExtKey;
@@ -25,6 +30,8 @@
     private static interface QueryResultHandler {
         public boolean handle(Collection<ExtMap> queryResults);
     }
+
+    private static final Logger log = 
LoggerFactory.getLogger(AuthzUtils.class);
 
     private static final int QUERIES_RESULTS_LIMIT = 1000;
     private static final int PAGE_SIZE = 500;
@@ -101,7 +108,8 @@
         }
         // After the groups are fetched, the "group membership" tree for the 
principals should be modified accordingly.
         for (ExtMap principal : principals) {
-            constructGroupsMembershipTree(principal, PrincipalRecord.GROUPS, 
groupsCache);
+            Deque<String> loopPrevention = new ArrayDeque<>();
+            constructGroupsMembershipTree(principal, PrincipalRecord.GROUPS, 
groupsCache, loopPrevention);
         }
         return principals;
     }
@@ -110,16 +118,27 @@
         
MultiValueMapUtils.addToMapOfSets(memberOf.<String>get(GroupRecord.NAMESPACE), 
memberOf.<String> get(GroupRecord.ID), idsToFetchPerNamespace);
     }
 
-    private static ExtMap constructGroupsMembershipTree(ExtMap entity, ExtKey 
key, Map<String, ExtMap> groupsCache) {
+    private static ExtMap constructGroupsMembershipTree(ExtMap entity, ExtKey 
key, Map<String, ExtMap> groupsCache, Deque<String> loopPrevention) {
         List<ExtMap> groups = new ArrayList<>();
         for (ExtMap memberOf : entity.get(key, Collections.<ExtMap> 
emptyList())) {
-            groups.add(
-                constructGroupsMembershipTree(
-                    groupsCache.get(memberOf.get(GroupRecord.ID)).clone(),
-                    GroupRecord.GROUPS,
-                    groupsCache
-                )
-            );
+            if (loopPrevention.contains(memberOf.get(GroupRecord.ID))) {
+                log.error(
+                    "Group recursion detected for group '{}' stack is {}",
+                    memberOf.get(GroupRecord.NAME),
+                    loopPrevention
+                );
+            } else {
+                loopPrevention.push(memberOf.<String>get(GroupRecord.ID));
+                groups.add(
+                    constructGroupsMembershipTree(
+                        groupsCache.get(memberOf.get(GroupRecord.ID)).clone(),
+                        GroupRecord.GROUPS,
+                        groupsCache,
+                        loopPrevention
+                    )
+                );
+                loopPrevention.pop();
+            }
         }
         entity.put(key, groups);
         return entity;


-- 
To view, visit http://gerrit.ovirt.org/35663
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ie90ad3cbef9675be8c0ceba47c22609a9985b518
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Alon Bar-Lev <alo...@redhat.com>
_______________________________________________
Engine-patches mailing list
Engine-patches@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-patches

[Engine-patches] Change in ovirt-engine[master]: aaa: sync: handle group loops

Reply via email to