diff options
author | Fraser Tweedale <ftweedal@redhat.com> | 2015-11-30 14:04:08 +1100 |
---|---|---|
committer | Fraser Tweedale <ftweedal@redhat.com> | 2016-01-19 10:48:57 +1100 |
commit | 81af68d3e3b1a89f799693e7f7ecda59f57abfe4 (patch) | |
tree | 87b5e8c56e74d77f6403de27e7a431070372254f /base/ca/src | |
parent | 2bd89f148b4b347fc80285ec521d2af0299da746 (diff) | |
download | pki-81af68d3e3b1a89f799693e7f7ecda59f57abfe4.tar.gz pki-81af68d3e3b1a89f799693e7f7ecda59f57abfe4.tar.xz pki-81af68d3e3b1a89f799693e7f7ecda59f57abfe4.zip |
Avoid profile race conditions by tracking entryUSN
Avoid race conditions in the LDAPProfileSubsystem by tracking the
most recently known entryUSN of profiles' LDAP entries.
As part of this change, add the commitProfile method to the
IProfileSubsystem interface, remove commit behaviour from the
enableProfile and disableProfile methods and update ProfileService
and ProfileApproveServlet to commit the profile (using the
commitProfile method) where needed.
Part of: https://fedorahosted.org/pki/ticket/1700
Diffstat (limited to 'base/ca/src')
-rw-r--r-- | base/ca/src/org/dogtagpki/server/ca/rest/ProfileService.java | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/base/ca/src/org/dogtagpki/server/ca/rest/ProfileService.java b/base/ca/src/org/dogtagpki/server/ca/rest/ProfileService.java index 488dd5ab9..807c3f98b 100644 --- a/base/ca/src/org/dogtagpki/server/ca/rest/ProfileService.java +++ b/base/ca/src/org/dogtagpki/server/ca/rest/ProfileService.java @@ -419,6 +419,7 @@ public class ProfileService extends PKIService implements ProfileResource { } try { ps.enableProfile(profileId, principal.getName()); + ps.commitProfile(profileId); auditProfileChangeState(profileId, "approve", ILogger.SUCCESS); } catch (EProfileException e) { CMS.debug("modifyProfileState: error enabling profile. " + e); @@ -436,6 +437,7 @@ public class ProfileService extends PKIService implements ProfileResource { if (ps.checkOwner()) { if (ps.getProfileEnableBy(profileId).equals(userid)) { ps.disableProfile(profileId); + ps.commitProfile(profileId); auditProfileChangeState(profileId, "disapprove", ILogger.SUCCESS); } else { auditProfileChangeState(profileId, "disapprove", ILogger.FAILURE); @@ -444,6 +446,7 @@ public class ProfileService extends PKIService implements ProfileResource { } } else { ps.disableProfile(profileId); + ps.commitProfile(profileId); auditProfileChangeState(profileId, "disapprove", ILogger.SUCCESS); } } catch (EProfileException e) { @@ -493,7 +496,7 @@ public class ProfileService extends PKIService implements ProfileResource { profile.setName(getLocale(headers), data.getName()); profile.setDescription(getLocale(headers), data.getDescription()); profile.setVisible(data.isVisible()); - profile.getConfigStore().commit(false); + ps.commitProfile(profileId); if (profile instanceof IProfileEx) { // populates profile specific plugins such as @@ -606,7 +609,8 @@ public class ProfileService extends PKIService implements ProfileResource { // no error thrown, proceed with profile creation profile = ps.createProfile(profileId, classId, className); profile.getConfigStore().load(new ByteArrayInputStream(data)); - ps.disableProfile(profileId); // also commits + ps.disableProfile(profileId); + ps.commitProfile(profileId); auditProfileChange( ScopeDef.SC_PROFILE_RULES, @@ -740,7 +744,7 @@ public class ProfileService extends PKIService implements ProfileResource { // no error thrown, so commit updated profile config profile.getConfigStore().load(new ByteArrayInputStream(data)); ps.disableProfile(profileId); - profile.getConfigStore().commit(false); + ps.commitProfile(profileId); return createOKResponse(data); } catch (EBaseException | IOException e) { @@ -817,7 +821,7 @@ public class ProfileService extends PKIService implements ProfileResource { populateProfileInputs(data, profile); populateProfileOutputs(data, profile); populateProfilePolicies(data, profile); - profile.getConfigStore().commit(false); + ps.commitProfile(profileId); } catch (EBaseException e) { CMS.debug("changeProfileData: Error changing profile inputs/outputs/policies: " + e); e.printStackTrace(); |