These patches apply on top of the previous ipa_uuid related patches.

#1 handles automatic generation of the uuid when the uuid
attribute is the RDN (fixes #413).

#2 prevents cases of false positives when enforcing is set and we are
handling a simple modification of an object that falls into the plugin
scope.

#3 remove the python uuid plugin and changes all callers to always pass
in the special value 'autogenerate' for the ipauniqueid attribute. This
way uuids are generated server side.


#3 introduces a problem with the baseldap class LDAPCreate, because
that calss always tries to reuse the passed in DN to lookup the entry
after creation. Unfortunately when ipaUniqueID is part of the DN, the
DN is changed on add so the lookup using the special "autogenerate"
value will fail. Pavel is looking into it to provide an alternative way
to lookup the entry in these cases.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York
>From c6aa13c14280cc36fb3ad443b2f584d488d2fe53 Mon Sep 17 00:00:00 2001
From: Simo Sorce <sso...@redhat.com>
Date: Tue, 26 Oct 2010 11:29:53 -0400
Subject: [PATCH 1/3] ipa_uuid: Handle generation of the uuid when it is a RDN

---
 daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c |   60 ++++++++++++++++++++----
 1 files changed, 50 insertions(+), 10 deletions(-)

diff --git a/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c b/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c
index eb5b40d..c0fde90 100644
--- a/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c
+++ b/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c
@@ -987,17 +987,13 @@ static int ipauuid_pre_op(Slapi_PBlock *pb, int modtype)
                     bv = slapi_mod_get_first_value(smod);
                     /* If we have a value, see if it's the magic value. */
                     if (bv) {
-                        int len = strlen(cfgentry->generate);
-                        if (len == bv->bv_len) {
-                            if (!slapi_UTF8NCASECMP(bv->bv_val,
-                                                    cfgentry->generate,
-                                                    len)) {
-                                generate = true;
+                        if (!slapi_UTF8CASECMP(bv->bv_val,
+                                               cfgentry->generate)) {
+                            generate = true;
 
-                                /* also remove this mod, as we will add
-                                 * it again later */
-                                slapi_mod_remove_value(next_mod);
-                            }
+                            /* also remove this mod, as we will add
+                             * it again later */
+                            slapi_mod_remove_value(next_mod);
                         }
                     } else {
                         /* This is a replace with no new values, so we need
@@ -1054,8 +1050,52 @@ static int ipauuid_pre_op(Slapi_PBlock *pb, int modtype)
 
             /* do the mod */
             if (LDAP_CHANGETYPE_ADD == modtype) {
+                Slapi_DN *sdn;
+                Slapi_RDN *rdn;
+                char *attr;
+                char *nrdn;
+
                 /* add - set in entry */
                 slapi_entry_attr_set_charptr(e, cfgentry->attr, new_value);
+
+                /* check to see if we need to change the RDN too */
+                rdn = slapi_rdn_new();
+                if (!rdn) {
+                    LOG_OOM();
+                    ret = LDAP_OPERATIONS_ERROR;
+                    goto done;
+                }
+                sdn = slapi_sdn_new_dn_byval(dn);
+                if (!sdn) {
+                    LOG_OOM();
+                    ret = LDAP_OPERATIONS_ERROR;
+                    slapi_rdn_free(&rdn);
+                    goto done;
+                }
+                slapi_rdn_set_sdn(rdn, sdn);
+                ret = slapi_rdn_contains_attr(rdn, cfgentry->attr, &attr);
+                slapi_rdn_done(rdn);
+                if (ret == 1) {
+                    /* no need to recheck if it is valid, it will be handled
+                     * later by checking the value in the entry */
+                    nrdn = slapi_ch_smprintf("%s=%s",
+                                             cfgentry->attr, new_value);
+                    if (!nrdn) {
+                        LOG_OOM();
+                        ret = LDAP_OPERATIONS_ERROR;
+                        slapi_rdn_free(&rdn);
+                        slapi_sdn_free(&sdn);
+                        goto done;
+                    }
+
+                    slapi_rdn_set_dn(rdn, nrdn);
+                    slapi_ch_free_string(&nrdn);
+                    slapi_sdn_set_rdn(sdn, rdn);
+                    slapi_entry_set_sdn(e, sdn);
+                }
+                slapi_rdn_free(&rdn);
+                slapi_sdn_free(&sdn);
+
             } else {
                 /* mod - add to mods */
                 slapi_mods_add_string(smods, LDAP_MOD_REPLACE,
-- 
1.7.2.3

>From fe2796a37c54ff77c2642ce581e2c0c3b68f90b6 Mon Sep 17 00:00:00 2001
From: Simo Sorce <sso...@redhat.com>
Date: Tue, 26 Oct 2010 18:28:01 -0400
Subject: [PATCH 2/3] ipa_uuid: prevent false positives on modifies

If a modify operation does not specify our attribute then we need to short
circuit the loop, otherwise on enforcing we will return an error by mistake if
we are not Directory Manager because generate is false if the attr is not
found.
---
 daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c |   14 ++++++++++++++
 1 files changed, 14 insertions(+), 0 deletions(-)

diff --git a/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c b/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c
index c0fde90..e47151a 100644
--- a/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c
+++ b/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c
@@ -784,6 +784,7 @@ static int ipauuid_pre_op(Slapi_PBlock *pb, int modtype)
     bool generate;
     int ret = LDAP_SUCCESS;
     bool locked = false;
+    bool set_attr;
 
     LOG_TRACE("--in-->\n");
 
@@ -891,6 +892,7 @@ static int ipauuid_pre_op(Slapi_PBlock *pb, int modtype)
         cfgentry = (struct configEntry *) list;
 
         generate = false;
+        set_attr = false;
 
         /* Did we already service this attr? */
         if (ipauuid_list_contains_attr(generated_attrs,
@@ -936,6 +938,9 @@ static int ipauuid_pre_op(Slapi_PBlock *pb, int modtype)
             }
 
             slapi_ch_free_string(&value);
+
+            /* always true on add if we match the scope */
+            set_attr = true;
             break;
 
         case LDAP_CHANGETYPE_MODIFY:
@@ -952,6 +957,9 @@ static int ipauuid_pre_op(Slapi_PBlock *pb, int modtype)
                     continue;
                 }
 
+                /* ok we found the attr so that means we are going to set it */
+                set_attr = true;
+
                 /* If all values are being deleted, we need to
                  * generate a new value. */
                 if (SLAPI_IS_MOD_DELETE(slapi_mod_get_operation(smod))) {
@@ -1026,9 +1034,15 @@ static int ipauuid_pre_op(Slapi_PBlock *pb, int modtype)
             if (slapi_entry_attr_find(resulting_e,
                                       cfgentry->attr, &attr) != 0) {
                 generate = true;
+                set_attr = true;
             }
         }
 
+        /* nothing to do keep looping */
+        if (!set_attr) {
+            continue;
+        }
+
         if (generate) {
             char *new_value;
 
-- 
1.7.2.3

>From 959948e1df731899129bcd00537e8491b22f6a48 Mon Sep 17 00:00:00 2001
From: Simo Sorce <sso...@redhat.com>
Date: Tue, 26 Oct 2010 10:26:06 -0400
Subject: [PATCH 3/3] UUIDs: remove uuid python plugin and let DS always autogenerate

---
 install/share/bootstrap-template.ldif |    2 +
 install/share/default-hbac.ldif       |    4 +-
 install/share/uuid-ipauniqueid.ldif   |    3 +-
 install/updates/30-hbacsvc.update     |   16 +-
 ipalib/__init__.py                    |    5 -
 ipalib/ipauuid.py                     |  570 ---------------------------------
 ipalib/plugins/baseldap.py            |    4 +-
 ipalib/plugins/migration.py           |    6 +-
 ipaserver/install/dsinstance.py       |    4 +-
 ipaserver/install/krbinstance.py      |    3 +-
 ipaserver/install/ldapupdate.py       |    3 +-
 ipaserver/install/service.py          |    5 +-
 tests/test_xmlrpc/xmlrpc_test.py      |    2 +-
 13 files changed, 25 insertions(+), 602 deletions(-)
 delete mode 100644 ipalib/ipauuid.py

diff --git a/install/share/bootstrap-template.ldif b/install/share/bootstrap-template.ldif
index fda3ae2..03305f4 100644
--- a/install/share/bootstrap-template.ldif
+++ b/install/share/bootstrap-template.ldif
@@ -114,6 +114,7 @@ objectClass: posixaccount
 objectClass: krbprincipalaux
 objectClass: krbticketpolicyaux
 objectClass: inetuser
+objectClass: ipaobject
 uid: admin
 krbPrincipalName: ad...@$realm
 cn: Administrator
@@ -124,6 +125,7 @@ homeDirectory: /home/admin
 loginShell: /bin/bash
 gecos: Administrator
 nsAccountLock: False
+ipaUniqueID: 0
 
 dn: cn=radius,$SUFFIX
 changetype: add
diff --git a/install/share/default-hbac.ldif b/install/share/default-hbac.ldif
index 29ec888..b7b6ba2 100644
--- a/install/share/default-hbac.ldif
+++ b/install/share/default-hbac.ldif
@@ -1,5 +1,5 @@
 # default HBAC policy that grants permission to all services
-dn: ipauniqueid=$UUID,cn=hbac,$SUFFIX
+dn: ipauniqueid=autogenerate,cn=hbac,$SUFFIX
 changetype: add
 objectclass: ipaassociation
 objectclass: ipahbacrule
@@ -11,5 +11,5 @@ sourcehostcategory: all
 servicecategory: all
 ipaenabledflag: TRUE
 description: Allow all users to access any host from any host
-# ipauniqueid gets added for us by 389-ds
+ipauniqueid: autogenerate
 
diff --git a/install/share/uuid-ipauniqueid.ldif b/install/share/uuid-ipauniqueid.ldif
index 7041889..c8d08cd 100644
--- a/install/share/uuid-ipauniqueid.ldif
+++ b/install/share/uuid-ipauniqueid.ldif
@@ -5,6 +5,7 @@ objectclass: top
 objectclass: extensibleObject
 cn: IPA Unique IDs
 ipaUuidAttr: ipaUniqueID
-ipaUuidMagicRegen: 0
+ipaUuidMagicRegen: autogenerate
 ipaUuidFilter: (|(objectclass=ipaObject)(objectclass=ipaAssociation))
 ipaUuidScope: $SUFFIX
+ipaUuidEnforce: TRUE
diff --git a/install/updates/30-hbacsvc.update b/install/updates/30-hbacsvc.update
index 229c0f1..9bbdeac 100644
--- a/install/updates/30-hbacsvc.update
+++ b/install/updates/30-hbacsvc.update
@@ -3,49 +3,49 @@ default:objectclass: ipahbacservice
 default:objectclass: ipaobject
 default:cn: sshd
 default:description: sshd
-default:ipauniqueid:$UUID
+default:ipauniqueid:autogenerate
 
 dn: cn=ftp,cn=hbacservices,cn=accounts,$SUFFIX
 default:objectclass: ipahbacservice
 default:objectclass: ipaobject
 default:cn: ftp
 default:description: ftp
-default:ipauniqueid:$UUID
+default:ipauniqueid:autogenerate
 
 dn: cn=su,cn=hbacservices,cn=accounts,$SUFFIX
 default:objectclass: ipahbacservice
 default:objectclass: ipaobject
 default:cn: su
 default:description: su
-default:ipauniqueid:$UUID
+default:ipauniqueid:autogenerate
 
 dn: cn=login,cn=hbacservices,cn=accounts,$SUFFIX
 default:objectclass: ipahbacservice
 default:objectclass: ipaobject
 default:cn: login
 default:description: login
-default:ipauniqueid:$UUID
+default:ipauniqueid:autogenerate
 
 dn: cn=su-l,cn=hbacservices,cn=accounts,$SUFFIX
 default:objectclass: ipahbacservice
 default:objectclass: ipaobject
 default:cn: su-l
 default:description: su with login shell
-default:ipauniqueid:$UUID
+default:ipauniqueid:autogenerate
 
 dn: cn=sudo,cn=hbacservices,cn=accounts,$SUFFIX
 default:objectclass: ipahbacservice
 default:objectclass: ipaobject
 default:cn: sudo
 default:description: sudo
-default:ipauniqueid:$UUID
+default:ipauniqueid:autogenerate
 
 dn: cn=sudo-i,cn=hbacservices,cn=accounts,$SUFFIX
 default:objectclass: ipahbacservice
 default:objectclass: ipaobject
 default:cn: sudo-i
 default:description: sudo-i
-default:ipauniqueid:$UUID
+default:ipauniqueid:autogenerate
 
 dn: cn=SUDO,cn=hbacservicegroups,cn=accounts,$SUFFIX
 default:objectClass: ipaobject
@@ -54,7 +54,7 @@ default:objectClass: nestedGroup
 default:objectClass: groupOfNames
 default:objectClass: top
 default:cn: SUDO
-default:ipauniqueid:$UUID
+default:ipauniqueid:autogenerate
 default:description: Default group of SUDO related services
 default:member: cn=sudo,cn=hbacservices,cn=accounts,$SUFFIX
 default:member: cn=sudo-i,cn=hbacservices,cn=accounts,$SUFFIX
diff --git a/ipalib/__init__.py b/ipalib/__init__.py
index 6545bf7..2589cf1 100644
--- a/ipalib/__init__.py
+++ b/ipalib/__init__.py
@@ -883,11 +883,6 @@ from parameters import BytesEnum, StrEnum, AccessTime, File
 from errors import SkipPluginModule
 from text import _, ngettext, GettextFactory, NGettextFactory
 
-# We can't import the python uuid since it includes ctypes which makes
-# httpd throw up when run in in mod_python due to SELinux issues
-import ipauuid as uuid
-
-
 version_info = (2, 0, 0, 'alpha', 0)
 if version_info[3] == 'final':
     __version__ = '%d.%d.%d' % version_info[:3]
diff --git a/ipalib/ipauuid.py b/ipalib/ipauuid.py
deleted file mode 100644
index 59753d0..0000000
--- a/ipalib/ipauuid.py
+++ /dev/null
@@ -1,570 +0,0 @@
-# This is a backport of the Python2.5 uuid module.
-
-# IMPORTANT NOTE: All references to ctypes are commented out because
-#                 ctypes does all sorts of strange things that makes
-#                 it not work in httpd with SELinux enabled.
-
-r"""UUID objects (universally unique identifiers) according to RFC 4122.
-
-This module provides immutable UUID objects (class UUID) and the functions
-uuid1(), uuid3(), uuid4(), uuid5() for generating version 1, 3, 4, and 5
-UUIDs as specified in RFC 4122.
-
-If all you want is a unique ID, you should probably call uuid1() or uuid4().
-Note that uuid1() may compromise privacy since it creates a UUID containing
-the computer's network address.  uuid4() creates a random UUID.
-
-Typical usage:
-
-    **Important:** So that the freeIPA Python 2.4 ``uuid`` backport can be
-    automatically loaded when needed, import the ``uuid`` module like this:
-
-    >>> from ipalib import uuid
-
-    Make a UUID based on the host ID and current time:
-
-    >>> uuid.uuid1()  #doctest: +ELLIPSIS
-    UUID('...')
-
-    Make a UUID using an MD5 hash of a namespace UUID and a name:
-
-    >>> uuid.uuid3(uuid.NAMESPACE_DNS, 'python.org')
-    UUID('6fa459ea-ee8a-3ca4-894e-db77e160355e')
-
-    Make a random UUID:
-
-    >>> uuid.uuid4()  #doctest: +ELLIPSIS
-    UUID('...')
-
-    Make a UUID using a SHA-1 hash of a namespace UUID and a name:
-
-    >>> uuid.uuid5(uuid.NAMESPACE_DNS, 'python.org')
-    UUID('886313e1-3b8a-5372-9b90-0c9aee199e5d')
-
-    Make a UUID from a string of hex digits (braces and hyphens ignored):
-
-    >>> x = uuid.UUID('{00010203-0405-0607-0809-0a0b0c0d0e0f}')
-    >>> x
-    UUID('00010203-0405-0607-0809-0a0b0c0d0e0f')
-
-    Convert a UUID to a string of hex digits in standard form:
-
-    >>> str(x)
-    '00010203-0405-0607-0809-0a0b0c0d0e0f'
-
-    Get the raw 16 bytes of the UUID:
-
-    >>> x.bytes
-    '\x00\x01\x02\x03\x04\x05\x06\x07\x08\t\n\x0b\x0c\r\x0e\x0f'
-
-    Make a UUID from a 16-byte string:
-
-    >>> uuid.UUID(bytes=x.bytes)
-    UUID('00010203-0405-0607-0809-0a0b0c0d0e0f')
-"""
-
-__author__ = 'Ka-Ping Yee <p...@zesty.ca>'
-
-RESERVED_NCS, RFC_4122, RESERVED_MICROSOFT, RESERVED_FUTURE = [
-    'reserved for NCS compatibility', 'specified in RFC 4122',
-    'reserved for Microsoft compatibility', 'reserved for future definition']
-
-class UUID(object):
-    """Instances of the UUID class represent UUIDs as specified in RFC 4122.
-    UUID objects are immutable, hashable, and usable as dictionary keys.
-    Converting a UUID to a string with str() yields something in the form
-    '12345678-1234-1234-1234-123456789abc'.  The UUID constructor accepts
-    five possible forms: a similar string of hexadecimal digits, or a tuple
-    of six integer fields (with 32-bit, 16-bit, 16-bit, 8-bit, 8-bit, and
-    48-bit values respectively) as an argument named 'fields', or a string
-    of 16 bytes (with all the integer fields in big-endian order) as an
-    argument named 'bytes', or a string of 16 bytes (with the first three
-    fields in little-endian order) as an argument named 'bytes_le', or a
-    single 128-bit integer as an argument named 'int'.
-
-    UUIDs have these read-only attributes:
-
-        bytes       the UUID as a 16-byte string (containing the six
-                    integer fields in big-endian byte order)
-
-        bytes_le    the UUID as a 16-byte string (with time_low, time_mid,
-                    and time_hi_version in little-endian byte order)
-
-        fields      a tuple of the six integer fields of the UUID,
-                    which are also available as six individual attributes
-                    and two derived attributes:
-
-            time_low                the first 32 bits of the UUID
-            time_mid                the next 16 bits of the UUID
-            time_hi_version         the next 16 bits of the UUID
-            clock_seq_hi_variant    the next 8 bits of the UUID
-            clock_seq_low           the next 8 bits of the UUID
-            node                    the last 48 bits of the UUID
-
-            time                    the 60-bit timestamp
-            clock_seq               the 14-bit sequence number
-
-        hex         the UUID as a 32-character hexadecimal string
-
-        int         the UUID as a 128-bit integer
-
-        urn         the UUID as a URN as specified in RFC 4122
-
-        variant     the UUID variant (one of the constants RESERVED_NCS,
-                    RFC_4122, RESERVED_MICROSOFT, or RESERVED_FUTURE)
-
-        version     the UUID version number (1 through 5, meaningful only
-                    when the variant is RFC_4122)
-    """
-
-    def __init__(self, hex=None, bytes=None, bytes_le=None, fields=None,
-                       int=None, version=None):
-        r"""Create a UUID from either a string of 32 hexadecimal digits,
-        a string of 16 bytes as the 'bytes' argument, a string of 16 bytes
-        in little-endian order as the 'bytes_le' argument, a tuple of six
-        integers (32-bit time_low, 16-bit time_mid, 16-bit time_hi_version,
-        8-bit clock_seq_hi_variant, 8-bit clock_seq_low, 48-bit node) as
-        the 'fields' argument, or a single 128-bit integer as the 'int'
-        argument.  When a string of hex digits is given, curly braces,
-        hyphens, and a URN prefix are all optional.  For example, these
-        expressions all yield the same UUID:
-
-        UUID('{12345678-1234-5678-1234-567812345678}')
-        UUID('12345678123456781234567812345678')
-        UUID('urn:uuid:12345678-1234-5678-1234-567812345678')
-        UUID(bytes='\x12\x34\x56\x78'*4)
-        UUID(bytes_le='\x78\x56\x34\x12\x34\x12\x78\x56' +
-                      '\x12\x34\x56\x78\x12\x34\x56\x78')
-        UUID(fields=(0x12345678, 0x1234, 0x5678, 0x12, 0x34, 0x567812345678))
-        UUID(int=0x12345678123456781234567812345678)
-
-        Exactly one of 'hex', 'bytes', 'bytes_le', 'fields', or 'int' must
-        be given.  The 'version' argument is optional; if given, the resulting
-        UUID will have its variant and version set according to RFC 4122,
-        overriding the given 'hex', 'bytes', 'bytes_le', 'fields', or 'int'.
-        """
-
-        if [hex, bytes, bytes_le, fields, int].count(None) != 4:
-            raise TypeError('need one of hex, bytes, bytes_le, fields, or int')
-        if hex is not None:
-            hex = hex.replace('urn:', '').replace('uuid:', '')
-            hex = hex.strip('{}').replace('-', '')
-            if len(hex) != 32:
-                raise ValueError('badly formed hexadecimal UUID string')
-            int = long(hex, 16)
-        if bytes_le is not None:
-            if len(bytes_le) != 16:
-                raise ValueError('bytes_le is not a 16-char string')
-            bytes = (bytes_le[3] + bytes_le[2] + bytes_le[1] + bytes_le[0] +
-                     bytes_le[5] + bytes_le[4] + bytes_le[7] + bytes_le[6] +
-                     bytes_le[8:])
-        if bytes is not None:
-            if len(bytes) != 16:
-                raise ValueError('bytes is not a 16-char string')
-            int = long(('%02x'*16) % tuple(map(ord, bytes)), 16)
-        if fields is not None:
-            if len(fields) != 6:
-                raise ValueError('fields is not a 6-tuple')
-            (time_low, time_mid, time_hi_version,
-             clock_seq_hi_variant, clock_seq_low, node) = fields
-            if not 0 <= time_low < 1<<32L:
-                raise ValueError('field 1 out of range (need a 32-bit value)')
-            if not 0 <= time_mid < 1<<16L:
-                raise ValueError('field 2 out of range (need a 16-bit value)')
-            if not 0 <= time_hi_version < 1<<16L:
-                raise ValueError('field 3 out of range (need a 16-bit value)')
-            if not 0 <= clock_seq_hi_variant < 1<<8L:
-                raise ValueError('field 4 out of range (need an 8-bit value)')
-            if not 0 <= clock_seq_low < 1<<8L:
-                raise ValueError('field 5 out of range (need an 8-bit value)')
-            if not 0 <= node < 1<<48L:
-                raise ValueError('field 6 out of range (need a 48-bit value)')
-            clock_seq = (clock_seq_hi_variant << 8L) | clock_seq_low
-            int = ((time_low << 96L) | (time_mid << 80L) |
-                   (time_hi_version << 64L) | (clock_seq << 48L) | node)
-        if int is not None:
-            if not 0 <= int < 1<<128L:
-                raise ValueError('int is out of range (need a 128-bit value)')
-        if version is not None:
-            if not 1 <= version <= 5:
-                raise ValueError('illegal version number')
-            # Set the variant to RFC 4122.
-            int &= ~(0xc000 << 48L)
-            int |= 0x8000 << 48L
-            # Set the version number.
-            int &= ~(0xf000 << 64L)
-            int |= version << 76L
-        self.__dict__['int'] = int
-
-    def __cmp__(self, other):
-        if isinstance(other, UUID):
-            return cmp(self.int, other.int)
-        return NotImplemented
-
-    def __hash__(self):
-        return hash(self.int)
-
-    def __int__(self):
-        return self.int
-
-    def __repr__(self):
-        return 'UUID(%r)' % str(self)
-
-    def __setattr__(self, name, value):
-        raise TypeError('UUID objects are immutable')
-
-    def __str__(self):
-        hex = '%032x' % self.int
-        return '%s-%s-%s-%s-%s' % (
-            hex[:8], hex[8:12], hex[12:16], hex[16:20], hex[20:])
-
-    def get_bytes(self):
-        bytes = ''
-        for shift in range(0, 128, 8):
-            bytes = chr((self.int >> shift) & 0xff) + bytes
-        return bytes
-
-    bytes = property(get_bytes)
-
-    def get_bytes_le(self):
-        bytes = self.bytes
-        return (bytes[3] + bytes[2] + bytes[1] + bytes[0] +
-                bytes[5] + bytes[4] + bytes[7] + bytes[6] + bytes[8:])
-
-    bytes_le = property(get_bytes_le)
-
-    def get_fields(self):
-        return (self.time_low, self.time_mid, self.time_hi_version,
-                self.clock_seq_hi_variant, self.clock_seq_low, self.node)
-
-    fields = property(get_fields)
-
-    def get_time_low(self):
-        return self.int >> 96L
-
-    time_low = property(get_time_low)
-
-    def get_time_mid(self):
-        return (self.int >> 80L) & 0xffff
-
-    time_mid = property(get_time_mid)
-
-    def get_time_hi_version(self):
-        return (self.int >> 64L) & 0xffff
-
-    time_hi_version = property(get_time_hi_version)
-
-    def get_clock_seq_hi_variant(self):
-        return (self.int >> 56L) & 0xff
-
-    clock_seq_hi_variant = property(get_clock_seq_hi_variant)
-
-    def get_clock_seq_low(self):
-        return (self.int >> 48L) & 0xff
-
-    clock_seq_low = property(get_clock_seq_low)
-
-    def get_time(self):
-        return (((self.time_hi_version & 0x0fffL) << 48L) |
-                (self.time_mid << 32L) | self.time_low)
-
-    time = property(get_time)
-
-    def get_clock_seq(self):
-        return (((self.clock_seq_hi_variant & 0x3fL) << 8L) |
-                self.clock_seq_low)
-
-    clock_seq = property(get_clock_seq)
-
-    def get_node(self):
-        return self.int & 0xffffffffffff
-
-    node = property(get_node)
-
-    def get_hex(self):
-        return '%032x' % self.int
-
-    hex = property(get_hex)
-
-    def get_urn(self):
-        return 'urn:uuid:' + str(self)
-
-    urn = property(get_urn)
-
-    def get_variant(self):
-        if not self.int & (0x8000 << 48L):
-            return RESERVED_NCS
-        elif not self.int & (0x4000 << 48L):
-            return RFC_4122
-        elif not self.int & (0x2000 << 48L):
-            return RESERVED_MICROSOFT
-        else:
-            return RESERVED_FUTURE
-
-    variant = property(get_variant)
-
-    def get_version(self):
-        # The version bits are only meaningful for RFC 4122 UUIDs.
-        if self.variant == RFC_4122:
-            return int((self.int >> 76L) & 0xf)
-
-    version = property(get_version)
-
-def _find_mac(command, args, hw_identifiers, get_index):
-    import os
-    for dir in ['', '/sbin/', '/usr/sbin']:
-        executable = os.path.join(dir, command)
-        if not os.path.exists(executable):
-            continue
-
-        try:
-            # LC_ALL to get English output, 2>/dev/null to
-            # prevent output on stderr
-            cmd = 'LC_ALL=C %s %s 2>/dev/null' % (executable, args)
-            pipe = os.popen(cmd)
-        except IOError:
-            continue
-
-        for line in pipe:
-            words = line.lower().split()
-            for i in range(len(words)):
-                if words[i] in hw_identifiers:
-                    return int(words[get_index(i)].replace(':', ''), 16)
-    return None
-
-def _ifconfig_getnode():
-    """Get the hardware address on Unix by running ifconfig."""
-
-    # This works on Linux ('' or '-a'), Tru64 ('-av'), but not all Unixes.
-    for args in ('', '-a', '-av'):
-        mac = _find_mac('ifconfig', args, ['hwaddr', 'ether'], lambda i: i+1)
-        if mac:
-            return mac
-
-    import socket
-    ip_addr = socket.gethostbyname(socket.gethostname())
-
-    # Try getting the MAC addr from arp based on our IP address (Solaris).
-    mac = _find_mac('arp', '-an', [ip_addr], lambda i: -1)
-    if mac:
-        return mac
-
-    # This might work on HP-UX.
-    mac = _find_mac('lanscan', '-ai', ['lan0'], lambda i: 0)
-    if mac:
-        return mac
-
-    return None
-
-def _ipconfig_getnode():
-    """Get the hardware address on Windows by running ipconfig.exe."""
-    import os, re
-    dirs = ['', r'c:\windows\system32', r'c:\winnt\system32']
-    """
-    try:
-        import ctypes
-        buffer = ctypes.create_string_buffer(300)
-        ctypes.windll.kernel32.GetSystemDirectoryA(buffer, 300)
-        dirs.insert(0, buffer.value.decode('mbcs'))
-    except:
-        pass
-    """
-    for dir in dirs:
-        try:
-            pipe = os.popen(os.path.join(dir, 'ipconfig') + ' /all')
-        except IOError:
-            continue
-        for line in pipe:
-            value = line.split(':')[-1].strip().lower()
-            if re.match('([0-9a-f][0-9a-f]-){5}[0-9a-f][0-9a-f]', value):
-                return int(value.replace('-', ''), 16)
-
-def _netbios_getnode():
-    """Get the hardware address on Windows using NetBIOS calls.
-    See http://support.microsoft.com/kb/118623 for details."""
-    import win32wnet, netbios
-    ncb = netbios.NCB()
-    ncb.Command = netbios.NCBENUM
-    ncb.Buffer = adapters = netbios.LANA_ENUM()
-    adapters._pack()
-    if win32wnet.Netbios(ncb) != 0:
-        return
-    adapters._unpack()
-    for i in range(adapters.length):
-        ncb.Reset()
-        ncb.Command = netbios.NCBRESET
-        ncb.Lana_num = ord(adapters.lana[i])
-        if win32wnet.Netbios(ncb) != 0:
-            continue
-        ncb.Reset()
-        ncb.Command = netbios.NCBASTAT
-        ncb.Lana_num = ord(adapters.lana[i])
-        ncb.Callname = '*'.ljust(16)
-        ncb.Buffer = status = netbios.ADAPTER_STATUS()
-        if win32wnet.Netbios(ncb) != 0:
-            continue
-        status._unpack()
-        bytes = map(ord, status.adapter_address)
-        return ((bytes[0]<<40L) + (bytes[1]<<32L) + (bytes[2]<<24L) +
-                (bytes[3]<<16L) + (bytes[4]<<8L) + bytes[5])
-
-# Thanks to Thomas Heller for ctypes and for his help with its use here.
-
-# If ctypes is available, use it to find system routines for UUID generation.
-_uuid_generate_random = _uuid_generate_time = _UuidCreate = None
-"""
-try:
-    import ctypes, ctypes.util
-    _buffer = ctypes.create_string_buffer(16)
-
-    # The uuid_generate_* routines are provided by libuuid on at least
-    # Linux and FreeBSD, and provided by libc on Mac OS X.
-    for libname in ['uuid', 'c']:
-        try:
-            lib = ctypes.CDLL(ctypes.util.find_library(libname))
-        except:
-            continue
-        if hasattr(lib, 'uuid_generate_random'):
-            _uuid_generate_random = lib.uuid_generate_random
-        if hasattr(lib, 'uuid_generate_time'):
-            _uuid_generate_time = lib.uuid_generate_time
-
-    # On Windows prior to 2000, UuidCreate gives a UUID containing the
-    # hardware address.  On Windows 2000 and later, UuidCreate makes a
-    # random UUID and UuidCreateSequential gives a UUID containing the
-    # hardware address.  These routines are provided by the RPC runtime.
-    # NOTE:  at least on Tim's WinXP Pro SP2 desktop box, while the last
-    # 6 bytes returned by UuidCreateSequential are fixed, they don't appear
-    # to bear any relationship to the MAC address of any network device
-    # on the box.
-    try:
-        lib = ctypes.windll.rpcrt4
-    except:
-        lib = None
-    _UuidCreate = getattr(lib, 'UuidCreateSequential',
-                          getattr(lib, 'UuidCreate', None))
-except:
-    pass
-"""
-
-def _unixdll_getnode():
-    """Get the hardware address on Unix using ctypes."""
-    _uuid_generate_time(_buffer)
-    return UUID(bytes=_buffer.raw).node
-
-def _windll_getnode():
-    """Get the hardware address on Windows using ctypes."""
-    if _UuidCreate(_buffer) == 0:
-        return UUID(bytes=_buffer.raw).node
-
-def _random_getnode():
-    """Get a random node ID, with eighth bit set as suggested by RFC 4122."""
-    import random
-    return random.randrange(0, 1<<48L) | 0x010000000000L
-
-_node = None
-
-def getnode():
-    """Get the hardware address as a 48-bit positive integer.
-
-    The first time this runs, it may launch a separate program, which could
-    be quite slow.  If all attempts to obtain the hardware address fail, we
-    choose a random 48-bit number with its eighth bit set to 1 as recommended
-    in RFC 4122.
-    """
-
-    global _node
-    if _node is not None:
-        return _node
-
-    import sys
-    if sys.platform == 'win32':
-        getters = [_windll_getnode, _netbios_getnode, _ipconfig_getnode]
-    else:
-        getters = [_unixdll_getnode, _ifconfig_getnode]
-
-    for getter in getters + [_random_getnode]:
-        try:
-            _node = getter()
-        except:
-            continue
-        if _node is not None:
-            return _node
-
-_last_timestamp = None
-
-def uuid1(node=None, clock_seq=None):
-    """Generate a UUID from a host ID, sequence number, and the current time.
-    If 'node' is not given, getnode() is used to obtain the hardware
-    address.  If 'clock_seq' is given, it is used as the sequence number;
-    otherwise a random 14-bit sequence number is chosen."""
-
-    # When the system provides a version-1 UUID generator, use it (but don't
-    # use UuidCreate here because its UUIDs don't conform to RFC 4122).
-    if _uuid_generate_time and node is clock_seq is None:
-        _uuid_generate_time(_buffer)
-        return UUID(bytes=_buffer.raw)
-
-    global _last_timestamp
-    import time
-    nanoseconds = int(time.time() * 1e9)
-    # 0x01b21dd213814000 is the number of 100-ns intervals between the
-    # UUID epoch 1582-10-15 00:00:00 and the Unix epoch 1970-01-01 00:00:00.
-    timestamp = int(nanoseconds/100) + 0x01b21dd213814000L
-    if timestamp <= _last_timestamp:
-        timestamp = _last_timestamp + 1
-    _last_timestamp = timestamp
-    if clock_seq is None:
-        import random
-        clock_seq = random.randrange(1<<14L) # instead of stable storage
-    time_low = timestamp & 0xffffffffL
-    time_mid = (timestamp >> 32L) & 0xffffL
-    time_hi_version = (timestamp >> 48L) & 0x0fffL
-    clock_seq_low = clock_seq & 0xffL
-    clock_seq_hi_variant = (clock_seq >> 8L) & 0x3fL
-    if node is None:
-        node = getnode()
-    return UUID(fields=(time_low, time_mid, time_hi_version,
-                        clock_seq_hi_variant, clock_seq_low, node), version=1)
-
-def uuid3(namespace, name):
-    """Generate a UUID from the MD5 hash of a namespace UUID and a name."""
-    try:
-        from hashlib import md5
-    except ImportError:
-        from md5 import md5
-    hash = md5(namespace.bytes + name).digest()
-    return UUID(bytes=hash[:16], version=3)
-
-def uuid4():
-    """Generate a random UUID."""
-
-    # When the system provides a version-4 UUID generator, use it.
-    if _uuid_generate_random:
-        _uuid_generate_random(_buffer)
-        return UUID(bytes=_buffer.raw)
-
-    # Otherwise, get randomness from urandom or the 'random' module.
-    try:
-        import os
-        return UUID(bytes=os.urandom(16), version=4)
-    except:
-        import random
-        bytes = [chr(random.randrange(256)) for i in range(16)]
-        return UUID(bytes=bytes, version=4)
-
-def uuid5(namespace, name):
-    """Generate a UUID from the SHA-1 hash of a namespace UUID and a name."""
-    try:
-        from hashlib import sha1 as sha
-    except ImportError:
-        from sha import sha
-    hash = sha(namespace.bytes + name).digest()
-    return UUID(bytes=hash[:16], version=5)
-
-# The following standard UUIDs are for use with uuid3() or uuid5().
-
-NAMESPACE_DNS = UUID('6ba7b810-9dad-11d1-80b4-00c04fd430c8')
-NAMESPACE_URL = UUID('6ba7b811-9dad-11d1-80b4-00c04fd430c8')
-NAMESPACE_OID = UUID('6ba7b812-9dad-11d1-80b4-00c04fd430c8')
-NAMESPACE_X500 = UUID('6ba7b814-9dad-11d1-80b4-00c04fd430c8')
diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py
index caa616a..2445ef7 100644
--- a/ipalib/plugins/baseldap.py
+++ b/ipalib/plugins/baseldap.py
@@ -23,7 +23,7 @@ Base classes for LDAP plugins.
 import re
 import json
 
-from ipalib import crud, errors, uuid
+from ipalib import crud, errors
 from ipalib import Method, Object
 from ipalib import Flag, Int, List, Str
 from ipalib.base import NameSpace
@@ -266,7 +266,7 @@ class LDAPCreate(CallbackInterface, crud.Create):
             )
 
         if self.obj.uuid_attribute:
-            entry_attrs[self.obj.uuid_attribute] = str(uuid.uuid1())
+            entry_attrs[self.obj.uuid_attribute] = 'autogenerate'
 
         if options.get('all', False):
             attrs_list = ['*']
diff --git a/ipalib/plugins/migration.py b/ipalib/plugins/migration.py
index 39f09ee..6dc9934 100644
--- a/ipalib/plugins/migration.py
+++ b/ipalib/plugins/migration.py
@@ -27,7 +27,7 @@ Example: Migrate users and groups from DS to IPA
 import logging
 import re
 
-from ipalib import api, errors, output, uuid
+from ipalib import api, errors, output
 from ipalib import Command, List, Password, Str, Flag
 from ipalib.cli import to_cli
 if api.env.in_server and api.env.context in ['lite', 'server']:
@@ -58,7 +58,7 @@ def _pre_migrate_user(ldap, pkey, dn, entry_attrs, failed, config, ctx):
         ctx['def_group_gid'] = g_attrs['gidnumber'][0]
 
     # fill in required attributes by IPA
-    entry_attrs['ipauniqueid'] = str(uuid.uuid1())
+    entry_attrs['ipauniqueid'] = 'autogenerate'
     if 'homedirectory' not in entry_attrs:
         homes_root = config.get('ipahomesrootdir', ('/home', ))[0]
         home_dir = '%s/%s' % (homes_root, pkey)
@@ -112,7 +112,7 @@ def _pre_migrate_group(ldap, pkey, dn, entry_attrs, failed, config, ctx):
             entry_attrs['member'] = []
         entry_attrs['member'] += new_members
 
-    entry_attrs['ipauniqueid'] = str(uuid.uuid1())
+    entry_attrs['ipauniqueid'] = 'autogenerate'
     convert_members('member', overwrite=True)
     convert_members('uniquemember')
 
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index 26cf3d3..20f655a 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -39,7 +39,7 @@ from ldap.dn import escape_dn_chars
 from ipaserver import ipaldap
 from ipaserver.install import ldapupdate
 from ipaserver.install import httpinstance
-from ipalib import util, uuid, errors
+from ipalib import util, errors
 from ipaserver.plugins.ldap2 import ldap2
 
 SERVER_ROOT_64 = "/usr/lib64/dirsrv"
@@ -475,9 +475,7 @@ class DsInstance(service.Service):
         self._ldap_mod("ldapi.ldif", self.sub_dict)
 
     def add_hbac(self):
-        self.sub_dict['UUID'] = str(uuid.uuid1())
         self._ldap_mod("default-hbac.ldif", self.sub_dict)
-        del self.sub_dict['UUID']
 
     def change_admin_password(self, password):
         logging.debug("Changing admin password")
diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py
index 736ba73..e78155d 100644
--- a/ipaserver/install/krbinstance.py
+++ b/ipaserver/install/krbinstance.py
@@ -32,7 +32,6 @@ from ipapython import sysrestore
 from ipapython import ipautil
 from ipalib import util
 from ipalib import errors
-from ipalib import uuid
 
 from ipaserver import ipaldap
 
@@ -121,7 +120,7 @@ class KrbInstance(service.Service):
         host_entry.setValue('serverhostname', self.fqdn.split('.',1)[0])
         host_entry.setValue('cn', self.fqdn)
         host_entry.setValue('fqdn', self.fqdn)
-        host_entry.setValue('ipauniqueid', str(uuid.uuid1()))
+        host_entry.setValue('ipauniqueid', 'autogenerate')
         host_entry.setValue('managedby', host_dn)
         conn.addEntry(host_entry)
         conn.unbind()
diff --git a/ipaserver/install/ldapupdate.py b/ipaserver/install/ldapupdate.py
index 91ff80f..3ab5a0e 100644
--- a/ipaserver/install/ldapupdate.py
+++ b/ipaserver/install/ldapupdate.py
@@ -28,7 +28,7 @@ import sys
 from ipaserver.install import installutils
 from ipaserver import ipaldap
 from ipapython import entity, ipautil
-from ipalib import util, uuid
+from ipalib import util
 from ipalib import errors
 import ldap
 from ldap.dn import escape_dn_chars
@@ -143,7 +143,6 @@ class LDAPUpdate:
 
     def _template_str(self, s):
         try:
-            self.sub_dict["UUID"] = str(uuid.uuid1())
             return ipautil.template_str(s, self.sub_dict)
         except KeyError, e:
             raise BadSyntax("Unknown template keyword %s" % e)
diff --git a/ipaserver/install/service.py b/ipaserver/install/service.py
index 4affef4..4343730 100644
--- a/ipaserver/install/service.py
+++ b/ipaserver/install/service.py
@@ -22,7 +22,7 @@ import os
 import tempfile
 from ipapython import sysrestore
 from ipapython import ipautil
-from ipalib import uuid, errors
+from ipalib import errors
 import ldap
 from ipaserver import ipaldap
 import base64
@@ -104,7 +104,6 @@ class Service:
         path = ipautil.SHARE_DIR + ldif
 
         if sub_dict is not None:
-            sub_dict['UUID'] = str(uuid.uuid1())
             txt = ipautil.template_file(path, sub_dict)
             fd = ipautil.write_tmp_file(txt)
             path = fd.name
@@ -153,7 +152,7 @@ class Service:
         classes = entry.getValues("objectclass")
         classes = classes + ["ipaobject", "ipaservice", "pkiuser"]
         entry.setValues("objectclass", list(set(classes)))
-        entry.setValue("ipauniqueid", str(uuid.uuid1()))
+        entry.setValue("ipauniqueid", 'autogenerate')
         entry.setValue("managedby", hostdn)
         conn.addEntry(entry)
         conn.unbind()
diff --git a/tests/test_xmlrpc/xmlrpc_test.py b/tests/test_xmlrpc/xmlrpc_test.py
index 1e41bc4..25a3ac3 100644
--- a/tests/test_xmlrpc/xmlrpc_test.py
+++ b/tests/test_xmlrpc/xmlrpc_test.py
@@ -36,7 +36,7 @@ fuzzy_digits = Fuzzy('^\d+$', type=basestring)
 
 # Matches an ipauniqueid like u'784d85fd-eae7-11de-9d01-54520012478b'
 fuzzy_uuid = Fuzzy(
-    '^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$'
+    '^[0-9a-f]{8}-[0-9a-f]{8}-[0-9a-f]{8}-[0-9a-f]{8}$'
 )
 
 
-- 
1.7.2.3

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to