From cc5f21eee58d129e6039fd8c4783769832da2d51 Mon Sep 17 00:00:00 2001
From: Sebastiano Tocci <seba.tocci@gmail.com>
Date: Tue, 13 Jun 2023 11:46:41 +0200
Subject: [PATCH] added pre_cand entries to both pre_modify and
 pre_batch_modify plugin functions (#1732)

---
 server/lib/src/plugins/attrunique.rs  |  3 ++
 server/lib/src/plugins/base.rs        |  3 ++
 server/lib/src/plugins/cred_import.rs |  3 ++
 server/lib/src/plugins/domain.rs      |  3 ++
 server/lib/src/plugins/gidnumber.rs   |  3 ++
 server/lib/src/plugins/jwskeygen.rs   |  3 ++
 server/lib/src/plugins/mod.rs         | 40 +++++++++++++++------------
 server/lib/src/plugins/protected.rs   |  3 ++
 server/lib/src/plugins/session.rs     |  3 ++
 server/lib/src/plugins/spn.rs         |  2 ++
 server/lib/src/server/batch_modify.rs |  2 +-
 server/lib/src/server/modify.rs       |  2 +-
 server/lib/src/server/recycle.rs      |  2 +-
 13 files changed, 51 insertions(+), 21 deletions(-)

diff --git a/server/lib/src/plugins/attrunique.rs b/server/lib/src/plugins/attrunique.rs
index 21c061a6f..b2437b654 100644
--- a/server/lib/src/plugins/attrunique.rs
+++ b/server/lib/src/plugins/attrunique.rs
@@ -6,6 +6,7 @@
 //
 use std::collections::BTreeMap;
 use std::collections::VecDeque;
+use std::sync::Arc;
 
 use kanidm_proto::v1::{ConsistencyError, PluginError};
 use tracing::trace;
@@ -203,6 +204,7 @@ impl Plugin for AttrUnique {
     #[instrument(level = "debug", name = "attrunique_pre_modify", skip_all)]
     fn pre_modify(
         qs: &mut QueryServerWriteTransaction,
+        _pre_cand: &[Arc<EntrySealedCommitted>],
         cand: &mut Vec<Entry<EntryInvalid, EntryCommitted>>,
         _me: &ModifyEvent,
     ) -> Result<(), OperationError> {
@@ -220,6 +222,7 @@ impl Plugin for AttrUnique {
     #[instrument(level = "debug", name = "attrunique_pre_batch_modify", skip_all)]
     fn pre_batch_modify(
         qs: &mut QueryServerWriteTransaction,
+        _pre_cand: &[Arc<EntrySealedCommitted>],
         cand: &mut Vec<Entry<EntryInvalid, EntryCommitted>>,
         _me: &BatchModifyEvent,
     ) -> Result<(), OperationError> {
diff --git a/server/lib/src/plugins/base.rs b/server/lib/src/plugins/base.rs
index c56319e41..3debbf234 100644
--- a/server/lib/src/plugins/base.rs
+++ b/server/lib/src/plugins/base.rs
@@ -1,5 +1,6 @@
 use std::collections::BTreeSet;
 use std::iter::once;
+use std::sync::Arc;
 
 use hashbrown::HashSet;
 use kanidm_proto::v1::{ConsistencyError, PluginError};
@@ -154,6 +155,7 @@ impl Plugin for Base {
     #[instrument(level = "debug", name = "base_pre_modify", skip(_qs, _cand, me))]
     fn pre_modify(
         _qs: &mut QueryServerWriteTransaction,
+        _pre_cand: &[Arc<EntrySealedCommitted>],
         _cand: &mut Vec<Entry<EntryInvalid, EntryCommitted>>,
         me: &ModifyEvent,
     ) -> Result<(), OperationError> {
@@ -177,6 +179,7 @@ impl Plugin for Base {
     #[instrument(level = "debug", name = "base_pre_modify", skip(_qs, _cand, me))]
     fn pre_batch_modify(
         _qs: &mut QueryServerWriteTransaction,
+        _pre_cand: &[Arc<EntrySealedCommitted>],
         _cand: &mut Vec<Entry<EntryInvalid, EntryCommitted>>,
         me: &BatchModifyEvent,
     ) -> Result<(), OperationError> {
diff --git a/server/lib/src/plugins/cred_import.rs b/server/lib/src/plugins/cred_import.rs
index 3c9d0069d..0f089cced 100644
--- a/server/lib/src/plugins/cred_import.rs
+++ b/server/lib/src/plugins/cred_import.rs
@@ -1,6 +1,7 @@
 // Transform password import requests into proper kanidm credentials.
 use std::convert::TryFrom;
 use std::iter::once;
+use std::sync::Arc;
 
 use kanidm_proto::v1::PluginError;
 
@@ -36,6 +37,7 @@ impl Plugin for CredImport {
     )]
     fn pre_modify(
         _qs: &mut QueryServerWriteTransaction,
+        _pre_cand: &[Arc<EntrySealedCommitted>],
         cand: &mut Vec<Entry<EntryInvalid, EntryCommitted>>,
         _me: &ModifyEvent,
     ) -> Result<(), OperationError> {
@@ -45,6 +47,7 @@ impl Plugin for CredImport {
     #[instrument(level = "debug", name = "password_import_pre_batch_modify", skip_all)]
     fn pre_batch_modify(
         _qs: &mut QueryServerWriteTransaction,
+        _pre_cand: &[Arc<EntrySealedCommitted>],
         cand: &mut Vec<Entry<EntryInvalid, EntryCommitted>>,
         _me: &BatchModifyEvent,
     ) -> Result<(), OperationError> {
diff --git a/server/lib/src/plugins/domain.rs b/server/lib/src/plugins/domain.rs
index 0d68d7182..604be85ae 100644
--- a/server/lib/src/plugins/domain.rs
+++ b/server/lib/src/plugins/domain.rs
@@ -5,6 +5,7 @@
 // which is importart for management of the replication topo and trust
 // relationships.
 use std::iter::once;
+use std::sync::Arc;
 
 use compact_jwt::JwsSigner;
 use kanidm_proto::v1::OperationError;
@@ -43,6 +44,7 @@ impl Plugin for Domain {
     #[instrument(level = "debug", name = "domain_pre_modify", skip_all)]
     fn pre_modify(
         qs: &mut QueryServerWriteTransaction,
+        _pre_cand: &[Arc<EntrySealedCommitted>],
         cand: &mut Vec<Entry<EntryInvalid, EntryCommitted>>,
         _me: &ModifyEvent,
     ) -> Result<(), OperationError> {
@@ -52,6 +54,7 @@ impl Plugin for Domain {
     #[instrument(level = "debug", name = "domain_pre_batch_modify", skip_all)]
     fn pre_batch_modify(
         qs: &mut QueryServerWriteTransaction,
+        _pre_cand: &[Arc<EntrySealedCommitted>],
         cand: &mut Vec<Entry<EntryInvalid, EntryCommitted>>,
         _me: &BatchModifyEvent,
     ) -> Result<(), OperationError> {
diff --git a/server/lib/src/plugins/gidnumber.rs b/server/lib/src/plugins/gidnumber.rs
index 091075962..9262d5947 100644
--- a/server/lib/src/plugins/gidnumber.rs
+++ b/server/lib/src/plugins/gidnumber.rs
@@ -2,6 +2,7 @@
 // support.
 
 use std::iter::once;
+use std::sync::Arc;
 
 use crate::event::{CreateEvent, ModifyEvent};
 use crate::plugins::Plugin;
@@ -74,6 +75,7 @@ impl Plugin for GidNumber {
     #[instrument(level = "debug", name = "gidnumber_pre_modify", skip_all)]
     fn pre_modify(
         _qs: &mut QueryServerWriteTransaction,
+        _pre_cand: &[Arc<EntrySealedCommitted>],
         cand: &mut Vec<Entry<EntryInvalid, EntryCommitted>>,
         _me: &ModifyEvent,
     ) -> Result<(), OperationError> {
@@ -83,6 +85,7 @@ impl Plugin for GidNumber {
     #[instrument(level = "debug", name = "gidnumber_pre_batch_modify", skip_all)]
     fn pre_batch_modify(
         _qs: &mut QueryServerWriteTransaction,
+        _pre_cand: &[Arc<EntrySealedCommitted>],
         cand: &mut Vec<Entry<EntryInvalid, EntryCommitted>>,
         _me: &BatchModifyEvent,
     ) -> Result<(), OperationError> {
diff --git a/server/lib/src/plugins/jwskeygen.rs b/server/lib/src/plugins/jwskeygen.rs
index 9d73b5473..31517c61a 100644
--- a/server/lib/src/plugins/jwskeygen.rs
+++ b/server/lib/src/plugins/jwskeygen.rs
@@ -1,4 +1,5 @@
 use compact_jwt::JwsSigner;
+use std::sync::Arc;
 
 use crate::event::{CreateEvent, ModifyEvent};
 use crate::plugins::Plugin;
@@ -24,6 +25,7 @@ impl Plugin for JwsKeygen {
     #[instrument(level = "debug", name = "jwskeygen_pre_modify", skip_all)]
     fn pre_modify(
         _qs: &mut QueryServerWriteTransaction,
+        _pre_cand: &[Arc<EntrySealedCommitted>],
         cand: &mut Vec<Entry<EntryInvalid, EntryCommitted>>,
         _me: &ModifyEvent,
     ) -> Result<(), OperationError> {
@@ -33,6 +35,7 @@ impl Plugin for JwsKeygen {
     #[instrument(level = "debug", name = "jwskeygen_pre_batch_modify", skip_all)]
     fn pre_batch_modify(
         _qs: &mut QueryServerWriteTransaction,
+        _pre_cand: &[Arc<EntrySealedCommitted>],
         cand: &mut Vec<Entry<EntryInvalid, EntryCommitted>>,
         _me: &BatchModifyEvent,
     ) -> Result<(), OperationError> {
diff --git a/server/lib/src/plugins/mod.rs b/server/lib/src/plugins/mod.rs
index 58845e2d8..1650ada09 100644
--- a/server/lib/src/plugins/mod.rs
+++ b/server/lib/src/plugins/mod.rs
@@ -61,6 +61,7 @@ trait Plugin {
 
     fn pre_modify(
         _qs: &mut QueryServerWriteTransaction,
+        _pre_cand: &[Arc<EntrySealedCommitted>],
         _cand: &mut Vec<EntryInvalidCommitted>,
         _me: &ModifyEvent,
     ) -> Result<(), OperationError> {
@@ -81,6 +82,7 @@ trait Plugin {
 
     fn pre_batch_modify(
         _qs: &mut QueryServerWriteTransaction,
+        _pre_cand: &[Arc<EntrySealedCommitted>],
         _cand: &mut Vec<EntryInvalidCommitted>,
         _me: &BatchModifyEvent,
     ) -> Result<(), OperationError> {
@@ -231,19 +233,20 @@ impl Plugins {
     #[instrument(level = "debug", name = "plugins::run_pre_modify", skip_all)]
     pub fn run_pre_modify(
         qs: &mut QueryServerWriteTransaction,
+        pre_cand: &[Arc<EntrySealedCommitted>],
         cand: &mut Vec<Entry<EntryInvalid, EntryCommitted>>,
         me: &ModifyEvent,
     ) -> Result<(), OperationError> {
-        protected::Protected::pre_modify(qs, cand, me)
-            .and_then(|_| base::Base::pre_modify(qs, cand, me))
-            .and_then(|_| cred_import::CredImport::pre_modify(qs, cand, me))
-            .and_then(|_| jwskeygen::JwsKeygen::pre_modify(qs, cand, me))
-            .and_then(|_| gidnumber::GidNumber::pre_modify(qs, cand, me))
-            .and_then(|_| domain::Domain::pre_modify(qs, cand, me))
-            .and_then(|_| spn::Spn::pre_modify(qs, cand, me))
-            .and_then(|_| session::SessionConsistency::pre_modify(qs, cand, me))
+        protected::Protected::pre_modify(qs, pre_cand, cand, me)
+            .and_then(|_| base::Base::pre_modify(qs, pre_cand, cand, me))
+            .and_then(|_| cred_import::CredImport::pre_modify(qs, pre_cand, cand, me))
+            .and_then(|_| jwskeygen::JwsKeygen::pre_modify(qs, pre_cand, cand, me))
+            .and_then(|_| gidnumber::GidNumber::pre_modify(qs, pre_cand, cand, me))
+            .and_then(|_| domain::Domain::pre_modify(qs, pre_cand, cand, me))
+            .and_then(|_| spn::Spn::pre_modify(qs, pre_cand, cand, me))
+            .and_then(|_| session::SessionConsistency::pre_modify(qs, pre_cand, cand, me))
             // attr unique should always be last
-            .and_then(|_| attrunique::AttrUnique::pre_modify(qs, cand, me))
+            .and_then(|_| attrunique::AttrUnique::pre_modify(qs, pre_cand, cand, me))
     }
 
     #[instrument(level = "debug", name = "plugins::run_post_modify", skip_all)]
@@ -261,19 +264,20 @@ impl Plugins {
     #[instrument(level = "debug", name = "plugins::run_pre_batch_modify", skip_all)]
     pub fn run_pre_batch_modify(
         qs: &mut QueryServerWriteTransaction,
+        pre_cand: &[Arc<EntrySealedCommitted>],
         cand: &mut Vec<Entry<EntryInvalid, EntryCommitted>>,
         me: &BatchModifyEvent,
     ) -> Result<(), OperationError> {
-        protected::Protected::pre_batch_modify(qs, cand, me)
-            .and_then(|_| base::Base::pre_batch_modify(qs, cand, me))
-            .and_then(|_| cred_import::CredImport::pre_batch_modify(qs, cand, me))
-            .and_then(|_| jwskeygen::JwsKeygen::pre_batch_modify(qs, cand, me))
-            .and_then(|_| gidnumber::GidNumber::pre_batch_modify(qs, cand, me))
-            .and_then(|_| domain::Domain::pre_batch_modify(qs, cand, me))
-            .and_then(|_| spn::Spn::pre_batch_modify(qs, cand, me))
-            .and_then(|_| session::SessionConsistency::pre_batch_modify(qs, cand, me))
+        protected::Protected::pre_batch_modify(qs, pre_cand, cand, me)
+            .and_then(|_| base::Base::pre_batch_modify(qs, pre_cand, cand, me))
+            .and_then(|_| cred_import::CredImport::pre_batch_modify(qs, pre_cand, cand, me))
+            .and_then(|_| jwskeygen::JwsKeygen::pre_batch_modify(qs, pre_cand, cand, me))
+            .and_then(|_| gidnumber::GidNumber::pre_batch_modify(qs, pre_cand, cand, me))
+            .and_then(|_| domain::Domain::pre_batch_modify(qs, pre_cand, cand, me))
+            .and_then(|_| spn::Spn::pre_batch_modify(qs, pre_cand, cand, me))
+            .and_then(|_| session::SessionConsistency::pre_batch_modify(qs, pre_cand, cand, me))
             // attr unique should always be last
-            .and_then(|_| attrunique::AttrUnique::pre_batch_modify(qs, cand, me))
+            .and_then(|_| attrunique::AttrUnique::pre_batch_modify(qs, pre_cand, cand, me))
     }
 
     #[instrument(level = "debug", name = "plugins::run_post_batch_modify", skip_all)]
diff --git a/server/lib/src/plugins/protected.rs b/server/lib/src/plugins/protected.rs
index 566f8842f..d0e47932b 100644
--- a/server/lib/src/plugins/protected.rs
+++ b/server/lib/src/plugins/protected.rs
@@ -2,6 +2,7 @@
 // may only have certain modifications performed.
 
 use hashbrown::HashSet;
+use std::sync::Arc;
 
 use crate::event::{CreateEvent, DeleteEvent, ModifyEvent};
 use crate::modify::Modify;
@@ -69,6 +70,7 @@ impl Plugin for Protected {
     #[instrument(level = "debug", name = "protected_pre_modify", skip(_qs, cand, me))]
     fn pre_modify(
         _qs: &mut QueryServerWriteTransaction,
+        _pre_cand: &[Arc<EntrySealedCommitted>],
         cand: &mut Vec<EntryInvalidCommitted>,
         me: &ModifyEvent,
     ) -> Result<(), OperationError> {
@@ -144,6 +146,7 @@ impl Plugin for Protected {
 
     fn pre_batch_modify(
         _qs: &mut QueryServerWriteTransaction,
+        _pre_cand: &[Arc<EntrySealedCommitted>],
         cand: &mut Vec<EntryInvalidCommitted>,
         me: &BatchModifyEvent,
     ) -> Result<(), OperationError> {
diff --git a/server/lib/src/plugins/session.rs b/server/lib/src/plugins/session.rs
index e6415bfac..e4d05643d 100644
--- a/server/lib/src/plugins/session.rs
+++ b/server/lib/src/plugins/session.rs
@@ -11,6 +11,7 @@ use crate::event::ModifyEvent;
 use crate::plugins::Plugin;
 use crate::prelude::*;
 use std::collections::BTreeSet;
+use std::sync::Arc;
 use time::OffsetDateTime;
 
 pub struct SessionConsistency {}
@@ -23,6 +24,7 @@ impl Plugin for SessionConsistency {
     #[instrument(level = "debug", name = "session_consistency", skip_all)]
     fn pre_modify(
         qs: &mut QueryServerWriteTransaction,
+        _pre_cand: &[Arc<EntrySealedCommitted>],
         cand: &mut Vec<Entry<EntryInvalid, EntryCommitted>>,
         _me: &ModifyEvent,
     ) -> Result<(), OperationError> {
@@ -32,6 +34,7 @@ impl Plugin for SessionConsistency {
     #[instrument(level = "debug", name = "session_consistency", skip_all)]
     fn pre_batch_modify(
         qs: &mut QueryServerWriteTransaction,
+        _pre_cand: &[Arc<EntrySealedCommitted>],
         cand: &mut Vec<Entry<EntryInvalid, EntryCommitted>>,
         _me: &BatchModifyEvent,
     ) -> Result<(), OperationError> {
diff --git a/server/lib/src/plugins/spn.rs b/server/lib/src/plugins/spn.rs
index 8d611de24..f87753a57 100644
--- a/server/lib/src/plugins/spn.rs
+++ b/server/lib/src/plugins/spn.rs
@@ -34,6 +34,7 @@ impl Plugin for Spn {
     #[instrument(level = "debug", name = "spn_pre_modify", skip_all)]
     fn pre_modify(
         qs: &mut QueryServerWriteTransaction,
+        _pre_cand: &[Arc<EntrySealedCommitted>],
         cand: &mut Vec<Entry<EntryInvalid, EntryCommitted>>,
         _me: &ModifyEvent,
     ) -> Result<(), OperationError> {
@@ -43,6 +44,7 @@ impl Plugin for Spn {
     #[instrument(level = "debug", name = "spn_pre_batch_modify", skip_all)]
     fn pre_batch_modify(
         qs: &mut QueryServerWriteTransaction,
+        _pre_cand: &[Arc<EntrySealedCommitted>],
         cand: &mut Vec<Entry<EntryInvalid, EntryCommitted>>,
         _me: &BatchModifyEvent,
     ) -> Result<(), OperationError> {
diff --git a/server/lib/src/server/batch_modify.rs b/server/lib/src/server/batch_modify.rs
index 0ce53e3cd..4a9ee58bf 100644
--- a/server/lib/src/server/batch_modify.rs
+++ b/server/lib/src/server/batch_modify.rs
@@ -143,7 +143,7 @@ impl<'a> QueryServerWriteTransaction<'a> {
 
         // Pre mod plugins
         // We should probably supply the pre-post cands here.
-        Plugins::run_pre_batch_modify(self, &mut candidates, me).map_err(|e| {
+        Plugins::run_pre_batch_modify(self, &pre_candidates, &mut candidates, me).map_err(|e| {
             admin_error!("Pre-Modify operation failed (plugin), {:?}", e);
             e
         })?;
diff --git a/server/lib/src/server/modify.rs b/server/lib/src/server/modify.rs
index 60aab0611..8b9aeeaa8 100644
--- a/server/lib/src/server/modify.rs
+++ b/server/lib/src/server/modify.rs
@@ -122,7 +122,7 @@ impl<'a> QueryServerWriteTransaction<'a> {
 
         // Pre mod plugins
         // We should probably supply the pre-post cands here.
-        Plugins::run_pre_modify(self, &mut candidates, me).map_err(|e| {
+        Plugins::run_pre_modify(self, &pre_candidates, &mut candidates, me).map_err(|e| {
             admin_error!("Pre-Modify operation failed (plugin), {:?}", e);
             e
         })?;
diff --git a/server/lib/src/server/recycle.rs b/server/lib/src/server/recycle.rs
index bcc14e1b9..34d95958a 100644
--- a/server/lib/src/server/recycle.rs
+++ b/server/lib/src/server/recycle.rs
@@ -177,7 +177,7 @@ impl<'a> QueryServerWriteTransaction<'a> {
 
         // Do we need to apply pre-mod?
         // Very likely, in case domain has renamed etc.
-        Plugins::run_pre_modify(self, &mut candidates, &me).map_err(|e| {
+        Plugins::run_pre_modify(self, &pre_candidates, &mut candidates, &me).map_err(|e| {
             admin_error!("Revive operation failed (plugin), {:?}", e);
             e
         })?;