[Freeipa-devel] [PATCH] 798 Fix indirect member calculation
Endi Sukma Dewata
edewata at redhat.com
Tue Jun 14 17:16:49 UTC 2011
On 6/14/2011 8:46 AM, Rob Crittenden wrote:
> Endi Sukma Dewata wrote:
>> On 6/13/2011 10:28 PM, Rob Crittenden wrote:
>>> Endi Sukma Dewata wrote:
>>>> NACK. If there's a circular membership the code will run into an
>>>> infinite loop. Here's a test scenario:
>>>>
>>>> Group 1 has 2 members: group 2 and group 3.
>>>> Group 2 is a member of group 3.
>>>> Group 3 is a member of group 2.
>>>> Run ipa group-show on group 1, the command doesn't return until it's
>>>> killed.
>>
>>> I think the solution will be to deny creating circular groups.
>>
>> It might be possible to avoid infinite loop this way:
>>
>> for member in checkmembers:
>>
>> (result, truncated) = self.find_entries(...)
>>
>> for m in result[0][1].get('member', []):
>>
>> # make sure the member is only added once
>> if m in checkmembers:
>> continue
>>
>> checkmembers.append(m)
>
> I came to the same conclusion but I did:
>
> if m not in checkmembers:
> checkmembers.append(m)
>
> Updated patch attached
ACK and pushed to master.
--
Endi S. Dewata
More information about the Freeipa-devel
mailing list