[Freeipa-devel] [PATCH 0039] Enforce exact SID match when adding or modifying a ID range
Martin Kosek
mkosek at redhat.com
Thu Mar 14 14:22:06 UTC 2013
On 03/14/2013 10:48 AM, Tomas Babej wrote:
> On 03/13/2013 05:23 PM, Martin Kosek wrote:
>> On 03/13/2013 09:50 AM, Tomas Babej wrote:
>>> On Wed 13 Mar 2013 09:47:09 AM CET, Tomas Babej wrote:
>>>> Hi,
>>>>
>>>> SID validation in idrange.py now enforces exact match on SIDs, thus
>>>> one can no longer use SID of an object in a trusted domain as a
>>>> trusted domain SID.
>>>>
>>>> https://fedorahosted.org/freeipa/ticket/3432
>>>>
>>>> Tomas
>>>>
>>>>
>>>> _______________________________________________
>>>> Freeipa-devel mailing list
>>>> Freeipa-devel at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>>> Just renamed the patch filename to follow the convention.
>>>
>>> Tomas
>>>
>> I do not think that the debug message is needed:
>>
>> + root_logger.error('No trusted domain with given SID found, '
>> + 'listing SIDS for all the trusted domains:')
>> + for domain in self._domains:
>> + root_logger.error('SID: %s' % self._domains[domain][1])
>>
>> User will not see it anyway and he can easily get list of SIDs/domains with
>> "ipa trust-find".
>>
>> Otherwise the patch looks and works fine. I would just consider renaming the
>> method from is_trusted_sid_valid_domain to is_trusted_domain_sid_valid. Sounds
>> better to me, but I have no strong feelings about that.
>>
>> Martin
> Both fixed.
>
> Tomas
>
ACK. Pushed to master, ipa-3-1.
Martin
More information about the Freeipa-devel
mailing list