[Freeipa-devel] [PATCH 0039] Enforce exact SID match when adding or modifying a ID range
Martin Kosek
mkosek at redhat.com
Wed Mar 13 16:23:22 UTC 2013
On 03/13/2013 09:50 AM, Tomas Babej wrote:
> On Wed 13 Mar 2013 09:47:09 AM CET, Tomas Babej wrote:
>> Hi,
>>
>> SID validation in idrange.py now enforces exact match on SIDs, thus
>> one can no longer use SID of an object in a trusted domain as a
>> trusted domain SID.
>>
>> https://fedorahosted.org/freeipa/ticket/3432
>>
>> Tomas
>>
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>
> Just renamed the patch filename to follow the convention.
>
> Tomas
>
I do not think that the debug message is needed:
+ root_logger.error('No trusted domain with given SID found, '
+ 'listing SIDS for all the trusted domains:')
+ for domain in self._domains:
+ root_logger.error('SID: %s' % self._domains[domain][1])
User will not see it anyway and he can easily get list of SIDs/domains with
"ipa trust-find".
Otherwise the patch looks and works fine. I would just consider renaming the
method from is_trusted_sid_valid_domain to is_trusted_domain_sid_valid. Sounds
better to me, but I have no strong feelings about that.
Martin
More information about the Freeipa-devel
mailing list