[Freeipa-devel] [PATCH] Don't segfault on adding user outside domains
Jakub Hrozek
jhrozek at redhat.com
Tue Jul 28 12:58:12 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 05/26/2009 01:44 PM, Stephen Gallagher wrote:
> On 05/25/2009 08:35 AM, Jakub Hrozek wrote:
>> Found this when working on tools testsuite..
>>
>> If the user enters UID outside any domain ranges, we invoke the legacy
>> tools. But that was broken since the code read on domain->xxx even in
>> this case, when domain == NULL. Fix attached.
>>
>> Jakub
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>
I'm sorry, I absolutely forgot about this thread. Luckily, Jenny
reminded me with ticket #86 :-)
> Nack.
> The only way to enter the useradd_legacy() function is for the domain to
> be NULL. There will never be a case where the USERADD_UID_MIN/MAX will
> be used. I think we need to rethink how to generate that portion of the
> parameter, because we want to ensure that the legacy useradd doesn't
> step on the toes of one of our domains.
>
I disagree, it you consider having two domains LEGACYLOCAL that handles
IDs of 500-999 and LOCAL that handles 1000-1999, there are two ways to
enter the useradd_legacy function:
1) specify UID in the LEGACYLOCAL range, i.e. "sss_useradd -u 999 foo"
2) specify UID outside any known domain
There will be a third way once I implement a fix for #513670 and that
would be "sss_useradd foo at LEGACYLOCAL" - where you really need to pass
USERADD_UID_MIN/MAX since you don't care about the specific UID, you
only want it to be in the range given by LEGACYLOCAL domain.
> Perhaps try creating local users where the USERADD_UID_MAX is the value
> of the lowest supported domain, except where this is impossible (we have
> a domain handling UID 1), in which case we set the USERADD_UID_MIN to
> the highest max domain range. If this is also impossible (such as having
> a domain with no maximum), then exit out and instruct the user to
> specify the uid and gid manually because no automatic value could be
> determined.
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkpu9eQACgkQHsardTLnvCUS1gCg3mxRf/mXSdF1gUo6oMbPePSS
+ysAnAqz2pEyy2Tl37VK9GIwY7waT9Hu
=qjU/
-----END PGP SIGNATURE-----
More information about the Freeipa-devel
mailing list