[Freeipa-devel] [PATCH 0039] Enforce exact SID match when adding or modifying a ID range
Tomas Babej
tbabej at redhat.com
Thu Mar 14 09:48:58 UTC 2013
On 03/13/2013 05:23 PM, Martin Kosek wrote:
> On 03/13/2013 09:50 AM, Tomas Babej wrote:
>> On Wed 13 Mar 2013 09:47:09 AM CET, Tomas Babej wrote:
>>> Hi,
>>>
>>> SID validation in idrange.py now enforces exact match on SIDs, thus
>>> one can no longer use SID of an object in a trusted domain as a
>>> trusted domain SID.
>>>
>>> https://fedorahosted.org/freeipa/ticket/3432
>>>
>>> Tomas
>>>
>>>
>>> _______________________________________________
>>> Freeipa-devel mailing list
>>> Freeipa-devel at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>> Just renamed the patch filename to follow the convention.
>>
>> Tomas
>>
> I do not think that the debug message is needed:
>
> + root_logger.error('No trusted domain with given SID found, '
> + 'listing SIDS for all the trusted domains:')
> + for domain in self._domains:
> + root_logger.error('SID: %s' % self._domains[domain][1])
>
> User will not see it anyway and he can easily get list of SIDs/domains with
> "ipa trust-find".
>
> Otherwise the patch looks and works fine. I would just consider renaming the
> method from is_trusted_sid_valid_domain to is_trusted_domain_sid_valid. Sounds
> better to me, but I have no strong feelings about that.
>
> Martin
Both fixed.
Tomas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-tbabej-0039-2-Enforce-exact-SID-match-when-adding-or-modifying-a-I.patch
Type: text/x-patch
Size: 5148 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20130314/0ffb14f4/attachment.bin>
More information about the Freeipa-devel
mailing list