[Freeipa-devel] [PATCH] 798 Fix indirect member calculation
Rob Crittenden
rcritten at redhat.com
Tue Jun 14 18:28:09 UTC 2011
Endi Sukma Dewata wrote:
> On 6/14/2011 8:46 AM, Rob Crittenden wrote:
>> Endi Sukma Dewata wrote:
>>> On 6/13/2011 10:28 PM, Rob Crittenden wrote:
>>>> Endi Sukma Dewata wrote:
>>>>> NACK. If there's a circular membership the code will run into an
>>>>> infinite loop. Here's a test scenario:
>>>>>
>>>>> Group 1 has 2 members: group 2 and group 3.
>>>>> Group 2 is a member of group 3.
>>>>> Group 3 is a member of group 2.
>>>>> Run ipa group-show on group 1, the command doesn't return until it's
>>>>> killed.
>>>
>>>> I think the solution will be to deny creating circular groups.
>>>
>>> It might be possible to avoid infinite loop this way:
>>>
>>> for member in checkmembers:
>>>
>>> (result, truncated) = self.find_entries(...)
>>>
>>> for m in result[0][1].get('member', []):
>>>
>>> # make sure the member is only added once
>>> if m in checkmembers:
>>> continue
>>>
>>> checkmembers.append(m)
>>
>> I came to the same conclusion but I did:
>>
>> if m not in checkmembers:
>> checkmembers.append(m)
>>
>> Updated patch attached
>
> ACK and pushed to master.
>
pushed to ipa-2-0 as well
More information about the Freeipa-devel
mailing list