Yair Zaslavsky has uploaded a new change for review. Change subject: aaa: two providers produce the same "domain id" ......................................................................
aaa: two providers produce the same "domain id" This may occur if two authz names have the same prefix that gets converted to the same Guid. This happens as the Guid ctor that receives an array of bytes needs only the first 16 bytes to consturct a guid and ignores the rest. The fix suggest an id that is based on base64 encoding of the entire string. Change-Id: Ieddb2c31645d7276652db17df190bc4f2cfdaacb Bug-Url: https://bugzilla.redhat.com/1172187 Topic: AAA Signed-off-by: Yair Zaslavsky <yzasl...@redhat.com> --- M backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/resource/aaa/BackendDomainGroupsResource.java M backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/resource/aaa/BackendDomainResource.java M backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/resource/aaa/BackendDomainUsersResource.java M backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/resource/aaa/BackendDomainsResource.java M backend/manager/modules/restapi/types/src/main/java/org/ovirt/engine/api/restapi/types/GroupMapper.java M backend/manager/modules/restapi/types/src/main/java/org/ovirt/engine/api/restapi/types/UserMapper.java 6 files changed, 29 insertions(+), 15 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/92/36092/1 diff --git a/backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/resource/aaa/BackendDomainGroupsResource.java b/backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/resource/aaa/BackendDomainGroupsResource.java index 14faa78..07bc5e3 100644 --- a/backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/resource/aaa/BackendDomainGroupsResource.java +++ b/backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/resource/aaa/BackendDomainGroupsResource.java @@ -15,6 +15,7 @@ import org.ovirt.engine.api.restapi.resource.SingleEntityResource; import org.ovirt.engine.core.aaa.DirectoryGroup; import org.ovirt.engine.core.common.interfaces.SearchType; +import org.ovirt.engine.core.compat.Guid; /** * This resource corresponds to the groups that exist in a directory accessible to the engine. Those groups may or may @@ -90,4 +91,9 @@ return model; } + @Override + protected Guid asGuidOr404(String id) { + return null; + } + } diff --git a/backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/resource/aaa/BackendDomainResource.java b/backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/resource/aaa/BackendDomainResource.java index 2812c31..74d252d 100644 --- a/backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/resource/aaa/BackendDomainResource.java +++ b/backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/resource/aaa/BackendDomainResource.java @@ -1,7 +1,7 @@ package org.ovirt.engine.api.restapi.resource.aaa; -import static org.ovirt.engine.api.utils.ReflectionHelper.assignChildModel; import static org.ovirt.engine.api.restapi.resource.aaa.BackendDomainsResource.SUB_COLLECTIONS; +import static org.ovirt.engine.api.utils.ReflectionHelper.assignChildModel; import org.ovirt.engine.api.model.Domain; import org.ovirt.engine.api.resource.aaa.DomainGroupsResource; @@ -9,6 +9,7 @@ import org.ovirt.engine.api.resource.aaa.DomainUsersResource; import org.ovirt.engine.api.restapi.model.Directory; import org.ovirt.engine.api.restapi.resource.AbstractBackendSubResource; +import org.ovirt.engine.core.compat.Guid; public class BackendDomainResource extends AbstractBackendSubResource<Domain, Directory> implements DomainResource { @@ -53,4 +54,9 @@ protected Domain doPopulate(Domain model, Directory entity) { return model; } + + @Override + protected Guid asGuidOr404(String id) { + return null; + } } diff --git a/backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/resource/aaa/BackendDomainUsersResource.java b/backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/resource/aaa/BackendDomainUsersResource.java index a7a783f..befbb9b 100644 --- a/backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/resource/aaa/BackendDomainUsersResource.java +++ b/backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/resource/aaa/BackendDomainUsersResource.java @@ -15,6 +15,7 @@ import org.ovirt.engine.api.restapi.resource.SingleEntityResource; import org.ovirt.engine.core.aaa.DirectoryUser; import org.ovirt.engine.core.common.interfaces.SearchType; +import org.ovirt.engine.core.compat.Guid; /** * This resource corresponds to the users that exist in a directory accessible @@ -84,4 +85,9 @@ return model; } + @Override + protected Guid asGuidOr404(String id) { + return null; + } + } diff --git a/backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/resource/aaa/BackendDomainsResource.java b/backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/resource/aaa/BackendDomainsResource.java index a7b4f35..a6770df 100644 --- a/backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/resource/aaa/BackendDomainsResource.java +++ b/backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/resource/aaa/BackendDomainsResource.java @@ -14,9 +14,9 @@ import org.ovirt.engine.api.restapi.model.Directory; import org.ovirt.engine.api.restapi.resource.AbstractBackendCollectionResource; import org.ovirt.engine.api.restapi.resource.SingleEntityResource; +import org.ovirt.engine.api.restapi.utils.DirectoryEntryIdUtils; import org.ovirt.engine.core.common.queries.VdcQueryParametersBase; import org.ovirt.engine.core.common.queries.VdcQueryType; -import org.ovirt.engine.core.compat.Guid; public class BackendDomainsResource extends AbstractBackendCollectionResource<Domain, Directory> implements DomainsResource { @@ -53,8 +53,7 @@ for(String domain : getDomainList()){ Directory ds = new Directory(); ds.setDomain(domain); - Guid guid = asGuid(domain.getBytes(), true); - ds.setId(guid.toString()); + ds.setId(DirectoryEntryIdUtils.encode(domain)); dsl.add(ds); } return dsl; diff --git a/backend/manager/modules/restapi/types/src/main/java/org/ovirt/engine/api/restapi/types/GroupMapper.java b/backend/manager/modules/restapi/types/src/main/java/org/ovirt/engine/api/restapi/types/GroupMapper.java index a376a73..58e5158 100644 --- a/backend/manager/modules/restapi/types/src/main/java/org/ovirt/engine/api/restapi/types/GroupMapper.java +++ b/backend/manager/modules/restapi/types/src/main/java/org/ovirt/engine/api/restapi/types/GroupMapper.java @@ -1,7 +1,5 @@ package org.ovirt.engine.api.restapi.types; -import java.nio.charset.Charset; - import org.apache.commons.lang.StringUtils; import org.ovirt.engine.api.model.Domain; import org.ovirt.engine.api.model.Group; @@ -9,7 +7,6 @@ import org.ovirt.engine.api.restapi.utils.GuidUtils; import org.ovirt.engine.core.aaa.DirectoryGroup; import org.ovirt.engine.core.common.businessentities.aaa.DbGroup; -import org.ovirt.engine.core.compat.Guid; public class GroupMapper { @@ -20,8 +17,8 @@ model.setId(entity.getId().toString()); if (!StringUtils.isEmpty(entity.getDomain())) { Domain dom = new Domain(); - dom.setId(new Guid(entity.getDomain().getBytes(Charset.forName("UTF-8")), true).toString()); - model.setDomain(dom); + dom.setName(entity.getDomain()); + dom.setId(DirectoryEntryIdUtils.encode(dom.getName())); } model.setDomainEntryId(DirectoryEntryIdUtils.encode(entity.getExternalId())); model.setNamespace(entity.getNamespace()); @@ -34,7 +31,8 @@ model.setName(entity.getName()); if (!StringUtils.isEmpty(entity.getDirectoryName())) { Domain dom = new Domain(); - dom.setId(new Guid(entity.getDirectoryName().getBytes(Charset.forName("UTF-8")), true).toString()); + dom.setName(entity.getDirectoryName()); + dom.setId(DirectoryEntryIdUtils.encode(dom.getName())); model.setDomain(dom); } model.setId(DirectoryEntryIdUtils.encode(entity.getId())); diff --git a/backend/manager/modules/restapi/types/src/main/java/org/ovirt/engine/api/restapi/types/UserMapper.java b/backend/manager/modules/restapi/types/src/main/java/org/ovirt/engine/api/restapi/types/UserMapper.java index 172f83a..a3dd0d9 100644 --- a/backend/manager/modules/restapi/types/src/main/java/org/ovirt/engine/api/restapi/types/UserMapper.java +++ b/backend/manager/modules/restapi/types/src/main/java/org/ovirt/engine/api/restapi/types/UserMapper.java @@ -1,7 +1,5 @@ package org.ovirt.engine.api.restapi.types; -import java.nio.charset.Charset; - import org.apache.commons.lang.StringUtils; import org.ovirt.engine.api.model.Domain; import org.ovirt.engine.api.model.Group; @@ -12,7 +10,6 @@ import org.ovirt.engine.core.aaa.DirectoryGroup; import org.ovirt.engine.core.aaa.DirectoryUser; import org.ovirt.engine.core.common.businessentities.aaa.DbUser; -import org.ovirt.engine.core.compat.Guid; public class UserMapper { @@ -38,7 +35,8 @@ } if (!StringUtils.isEmpty(entity.getDomain())) { Domain dom = new Domain(); - dom.setId(new Guid(entity.getDomain().getBytes(Charset.forName("UTF-8")), true).toString()); + dom.setName(entity.getDomain()); + dom.setId(DirectoryEntryIdUtils.encode(dom.getName())); model.setDomain(dom); } return model; @@ -65,7 +63,8 @@ } if (!StringUtils.isEmpty(entity.getDirectoryName())) { Domain dom = new Domain(); - dom.setId(new Guid(entity.getDirectoryName().getBytes(Charset.forName("UTF-8")), true).toString()); + dom.setName(entity.getDirectoryName()); + dom.setId(DirectoryEntryIdUtils.encode(dom.getName())); model.setDomain(dom); } return model; -- To view, visit http://gerrit.ovirt.org/36092 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ieddb2c31645d7276652db17df190bc4f2cfdaacb Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Yair Zaslavsky <yzasl...@redhat.com> _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
