[Freeipa-devel] [PATCH] 0080 rewrite SID comparison to take into account different SID forms
Alexander Bokovoy
abokovoy at redhat.com
Tue Sep 25 14:46:58 UTC 2012
On Tue, 25 Sep 2012, Alexander Bokovoy wrote:
> Hi,
>
> Domain validator code in ipaserver/dcerpc.py verifies that a SID belongs
> to one of our trusted domains. This verification was expecting that SID
> is for some resource within trusted domain and ignored the case when it
> is the SID of the trusted domain, i.e. when sid has form like
> S-1-5-21-16904141-148189700-2149043814 rather than
> S-1-5-21-16904141-148189700-2149043814-512 (Domain Admins).
>
> The latter is what idrange-add command uses.
The *former*, sigh. :)
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list