9:11 a.m.
Hi,
Attached patch adresses issue https://fedorahosted.org/sssd/ticket/1816
I thought about ignoring these right after fetching from ldap, but the
solution to just ignore the range while updating sysdb seems more
appropriate, than going through whole range list.
Ondra
--
Ondrej Kos
Associate Software Engineer
Identity Management - SSSD
Red Hat Czech
10:24 a.m.
On Tue, Jun 04, 2013 at 04:11:51PM +0200, Ondrej Kos wrote:
Hi,
Attached patch adresses issue https://fedorahosted.org/sssd/ticket/1816
I thought about ignoring these right after fetching from ldap, but
the solution to just ignore the range while updating sysdb seems
more appropriate, than going through whole range list.
Ondra
--
Ondrej Kos
Associate Software Engineer
Identity Management - SSSD
Red Hat Czech
From 119b9674e087378efb450906b07712dce076224b Mon Sep 17 00:00:00
2001
From: Ondrej Kos <okos(a)redhat.com>
Date: Tue, 4 Jun 2013 14:54:05 +0200
Subject: [PATCH] DB: Don't add invalid ranges
https://fedorahosted.org/sssd/ticket/1816
When saving or updating ranges, skip those which are invalid (not
provided ipaNTTrustedDomainSID or ipaSecondaryBaseRID)
---
src/db/sysdb_ranges.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/src/db/sysdb_ranges.c b/src/db/sysdb_ranges.c
index 07f53ac1f3a098671eaf947d8e0b02352de19ede..edea7f06a53a7a7258ac6b9ef0df31c21289274c
100644
--- a/src/db/sysdb_ranges.c
+++ b/src/db/sysdb_ranges.c
@@ -158,6 +158,15 @@ errno_t sysdb_range_create(struct sysdb_ctx *sysdb, struct
range_info *range)
int ret;
TALLOC_CTX *tmp_ctx;
+ if (range->trusted_dom_sid == NULL &&
+ range->secondary_base_rid == 0) {
+
if an idrange has both of these set it is invalid as well, can you add a
condition for this, too?
bye,
Sumit
+ DEBUG(SSSDBG_TRACE_FUNC, ("Neither
[ipaNTTrustedDomainSID] or "
+ "[ipaSecondaryBaseRID] was provided for range [%s], "
+ "skipping.\n", range->name));
+ return EOK;
+ }
+
tmp_ctx = talloc_new(NULL);
if (!tmp_ctx) {
return ENOMEM;
--
1.8.1.4
_______________________________________________
sssd-devel mailing list
sssd-devel(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
10:54 a.m.
On 06/04/2013 05:24 PM, Sumit Bose wrote:
if an idrange has both of these set it is invalid as well, can you
add a
condition for this, too?
bye,
Sumit
After off-list discussion with Sumit, here's new patch.
Ondra
--
Ondrej Kos
Associate Software Engineer
Identity Management - SSSD
Red Hat Czech
6:49 a.m.
On Tue, Jun 04, 2013 at 05:54:34PM +0200, Ondrej Kos wrote:
On 06/04/2013 05:24 PM, Sumit Bose wrote:
>if an idrange has both of these set it is invalid as well, can you add a
>condition for this, too?
>
>bye,
>Sumit
After off-list discussion with Sumit, here's new patch.
Ondra
Ack
6:59 a.m.
On Sun, Jun 09, 2013 at 01:49:07PM +0200, Jakub Hrozek wrote:
On Tue, Jun 04, 2013 at 05:54:34PM +0200, Ondrej Kos wrote:
> On 06/04/2013 05:24 PM, Sumit Bose wrote:
> >if an idrange has both of these set it is invalid as well, can you add a
> >condition for this, too?
> >
> >bye,
> >Sumit
>
> After off-list discussion with Sumit, here's new patch.
>
> Ondra
Ack
Pushed to master.
3972
days inactive
3977
days old
sssd-devel@lists.fedorahosted.org
4 comments
3 participants
participants (3)
-
Jakub Hrozek -
Ondrej Kos -
Sumit Bose