[Freeipa-devel] [PATCH] 798 Fix indirect member calculation
Endi Sukma Dewata
edewata at redhat.com
Tue Jun 14 13:44:05 UTC 2011
On 6/13/2011 10:28 PM, Rob Crittenden wrote:
> Endi Sukma Dewata wrote:
>> NACK. If there's a circular membership the code will run into an
>> infinite loop. Here's a test scenario:
>>
>> Group 1 has 2 members: group 2 and group 3.
>> Group 2 is a member of group 3.
>> Group 3 is a member of group 2.
>> Run ipa group-show on group 1, the command doesn't return until it's
>> killed.
> I think the solution will be to deny creating circular groups.
It might be possible to avoid infinite loop this way:
for member in checkmembers:
(result, truncated) = self.find_entries(...)
for m in result[0][1].get('member', []):
# make sure the member is only added once
if m in checkmembers:
continue
checkmembers.append(m)
--
Endi S. Dewata
More information about the Freeipa-devel
mailing list