[Freeipa-devel] [PATCH 0158] Extend ipa-range-check DS plugin to handle range types

Petr Viktorin pviktori at redhat.com
Thu Apr 10 16:03:11 UTC 2014 

On 04/08/2014 02:26 PM, Martin Kosek wrote:
> On 04/01/2014 10:52 AM, Tomas Babej wrote:
>>
>> On 04/01/2014 10:40 AM, Alexander Bokovoy wrote:
>>> On Tue, 01 Apr 2014, Tomas Babej wrote:
>>>>  From 736b3f747188696fd4a46ca63d91a6cca942fd56 Mon Sep 17 00:00:00 2001
>>>> From: Tomas Babej <tbabej at redhat.com>
>>>> Date: Wed, 5 Mar 2014 12:28:18 +0100
>>>> Subject: [PATCH] Extend ipa-range-check DS plugin to handle range types
>>>>
>>>> The ipa-range-check plugin used to determine the range type depending
>>>> on the value of the attributes such as RID or secondary RID base. This
>>>> approached caused variety of issues since the portfolio of ID range
>>>> types expanded.
>>>>
>>>> The patch makes sure the following rules are implemented:
>>>>     * No ID range pair can overlap on base ranges, with exception
>>>>       of two ipa-ad-trust-posix ranges belonging to the same forest
>>>>     * For any ID range pair of ranges belonging to the same domain:
>>>>         * Both ID ranges must be of the same type
>>>>         * For ranges of ipa-ad-trust type or ipa-local type:
>>>>             * Primary RID ranges can not overlap
>>>>         * For ranges of ipa-local type:
>>>>             * Primary and secondary RID ranges can not overlap
>>>>             * Secondary RID ranges cannot overlap
>>>>
>>>> For the implementation part, the plugin was extended with a domain ID
>>>> to forest root domain ID mapping derivation capabilities.
>>>>
>>>> https://fedorahosted.org/freeipa/ticket/4137
>>>>
>>>> -static int slapi_entry_to_range_info(struct slapi_entry *entry,
>>>> +struct domain_info {
>>>> +    char *domain_id;
>>>> +    char *forest_root_id;
>>>> +    struct domain_info *next;
>>>> +};
>>>> +
>>>> +static void free_domain_info(struct domain_info *info) {
>>>> +    if (info != NULL) {
>>>> +        slapi_ch_free_string(&(info->domain_id));
>>>> +        slapi_ch_free_string(&(info->forest_root_id));
>>>> +        free_domain_info(info->next);
>>>> +        free(info);
>>>> +    }
>>>> +}
>>> Please, don't use recursion in the freeing part, there is really no
>>> pressing need to do so. Just use while() like you do in
>>> get_forest_root_id():
>>>
>>>> +/* Searches for the domain_info struct with the specified domain_id
>>>> + * in the linked list. Returns the forest root domain's ID, or NULL for
>>>> + * local ranges. */
>>>> +
>>>> +static char* get_forest_root_id(struct domain_info *head, char*
>>>> domain_id) {
>>>> +
>>>> +    /* For local ranges there is no forest root domain,
>>>> +     * so consider only ranges with domain_id set */
>>>> +    if (domain_id != NULL) {
>>>> +        while(head) {
>>>> +            if (strcasecmp(head->domain_id, domain_id) == 0) {
>>>> +                return head->forest_root_id;
>>>> +            }
>>>> +            head = head->next;
>>>> +        }
>>>> +     }
>>>> +
>>>> +    return NULL;
>>>> +}
>>>> +
>>>
>>>
>>
>> Fixed, updated patch attached.
>>
>
> Pushed to master based on Alexander's ACK in patch 161.


I keep seeing a test failure that's probably caused by this change:

======================================================================
ERROR: test suite for <class 
'ipatests.test_xmlrpc.test_range_plugin.test_range'>
----------------------------------------------------------------------
Traceback (most recent call last):
   File "/usr/lib/python2.7/site-packages/nose/suite.py", line 208, in run
     self.setUp()
   File "/usr/lib/python2.7/site-packages/nose/suite.py", line 291, in setUp
     self.setupContext(ancestor)
   File "/usr/lib/python2.7/site-packages/nose/suite.py", line 314, in 
setupContext
     try_run(context, names)
   File "/usr/lib/python2.7/site-packages/nose/util.py", line 469, in 
try_run
     return func()
   File 
"/var/lib/jenkins/workspace/freeipa-intree-tests-f20/ipatests/test_xmlrpc/test_range_plugin.py", 
line 163, in setUpClass
     cls.mockldap.add_entry(testrange9_dn, testrange9_add)
   File 
"/var/lib/jenkins/workspace/freeipa-intree-tests-f20/ipatests/util.py", 
line 650, in add_entry
     self.connection.add_s(dn, ldif)
   File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 
195, in add_s
     return self.result(msgid,all=1,timeout=self.timeout)
   File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 
458, in result
     resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout)
   File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 
462, in result2
     resp_type, resp_data, resp_msgid, resp_ctrls = 
self.result3(msgid,all,timeout)
   File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 
469, in result3
     resp_ctrl_classes=resp_ctrl_classes
   File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 
476, in result4
     ldap_result = 
self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
   File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 
99, in _ldap_call
     result = func(*args,**kwargs)
OPERATIONS_ERROR: {'info': 'Range Check error', 'desc': 'Operations error'}


-- 
Petr³

More information about the Freeipa-devel mailing list