summaryrefslogtreecommitdiffstats
path: root/daemons/ipa-slapi-plugins/ipa-range-check
Commit message (Collapse)AuthorAgeFilesLines
* ipa-range-check: do not treat missing objects as errorSumit Bose2015-02-241-2/+3
| | | | | | | | | | | | Currently the range check plugin will return a 'Range Check error' message if a ldapmodify operation tries to change a non-existing object. Since the range check plugin does not need to care about non-existing objects we can just return 0 indicating that the range check plugin has done its work. Resolves https://fedorahosted.org/freeipa/ticket/4924 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Add missing breakLukas Slebodnik2014-07-141-0/+1
| | | | | | | | Wrong error message would be used for in case of RANGE_CHECK_DIFFERENT_TYPE_IN_DOMAIN. Missing break will cause fall through to the default section. Reviewed-By: Tomas Babej <tbabej@redhat.com>
* ipa_range_check: Change range_check return values from int to ↵Tomas Babej2014-04-231-16/+26
| | | | | | | | | | | | range_check_result_t enum Using integers for return values that are used for complex casing can be fragile and typo-prone. Change range_check function to return range_check_result_t enum, whose values properly describes each of the range_check results. Part of: https://fedorahosted.org/freeipa/ticket/4137 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* ipa_range_check: Fix typo when comparing strings using strcasecmpTomas Babej2014-04-231-4/+4
| | | | | | Part of: https://fedorahosted.org/freeipa/ticket/4137 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* ipa_range_check: Do not fail when no trusted domain is availableTomas Babej2014-04-231-2/+10
| | | | | | | | | | When building the domain to forest root map, we need to take the case of IPA server having no trusted domains configured at all. Do not abort the checks, but return an empty map instead. Part of: https://fedorahosted.org/freeipa/ticket/4137 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* ipa_range_check: Make a new copy of forest_root_id attribute for range_info ↵Tomas Babej2014-04-231-1/+1
| | | | | | | | | | | | struct Not making a new copy of this attribute creates multiple frees caused by multiple pointers to the same forest_root_id from all the range_info structs for all the domains belonging to given forest. Part of: https://fedorahosted.org/freeipa/ticket/4137 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* ipa_range_check: Connect the new node of the linked listTomas Babej2014-04-231-0/+1
| | | | | | Part of: https://fedorahosted.org/freeipa/ticket/4137 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* ipa_range_check: Use special attributes to determine presence of RID basesTomas Babej2014-04-231-9/+21
| | | | | | | | | | | | | | The slapi_entry_attr_get_ulong which is used to get value of the RID base attributes returns 0 in case the attribute is not set at all. We need to distinguish this situation from the situation where RID base attributes are present, but deliberately set to 0. Otherwise this can cause false negative results of checks in the range_check plugin. Part of: https://fedorahosted.org/freeipa/ticket/4137 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Extend ipa-range-check DS plugin to handle range typesTomas Babej2014-04-081-40/+260
| | | | | | | | | | | | | | | | | | | | | | | | | The ipa-range-check plugin used to determine the range type depending on the value of the attributes such as RID or secondary RID base. This approached caused variety of issues since the portfolio of ID range types expanded. The patch makes sure the following rules are implemented: * No ID range pair can overlap on base ranges, with exception of two ipa-ad-trust-posix ranges belonging to the same forest * For any ID range pair of ranges belonging to the same domain: * Both ID ranges must be of the same type * For ranges of ipa-ad-trust type or ipa-local type: * Primary RID ranges can not overlap * For ranges of ipa-local type: * Primary and secondary RID ranges can not overlap * Secondary RID ranges cannot overlap For the implementation part, the plugin was extended with a domain ID to forest root domain ID mapping derivation capabilities. https://fedorahosted.org/freeipa/ticket/4137 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* ipa-range-check: Fix memory leaks when freeing range objectTomas Babej2014-04-081-4/+12
| | | | | | | | When cleaning the range_info struct, simple free of the struct is not enough, we have to free contents of char pointers in the struct as well. https://fedorahosted.org/freeipa/ticket/4276
* Remove CFLAGS duplication.Jan Cholasta2013-12-061-1/+0
| | | | https://fedorahosted.org/freeipa/ticket/3896
* Remove build warningsMartin Kosek2013-03-291-1/+1
| | | | | | Fix rpm build warnings report in Fedora 19 build. https://fedorahosted.org/freeipa/ticket/3500
* Perform secondary rid range overlap check for local ranges onlyTomas Babej2013-03-111-16/+25
| | | | | | | | | | | Any of the following checks: - overlap between primary RID range and secondary RID range - overlap between secondary RID range and secondary RID range is performed now only if both of the ranges involved are local domain ranges. https://fedorahosted.org/freeipa/ticket/3391
* Forbid overlapping primary and secondary rid rangesTomas Babej2012-10-191-14/+97
| | | | | | | | | | | Commands ipa idrange-add / idrange-mod no longer allows the user to enter primary or secondary rid range such that has non-zero intersection with primary or secondary rid range of another existing id range, as this could cause collision. Unit tests added to test_range_plugin.py https://fedorahosted.org/freeipa/ticket/3086
* Fix various issues found by CoveritySumit Bose2012-10-171-1/+2
|
* Add range check preop pluginSumit Bose2012-06-293-0/+502
To make sure that ID ranges do not overlap this plugin checks new additions and changes for conflicts with existing ranges. https://fedorahosted.org/freeipa/ticket/2185
generated by cgit (git 2.34.1) at 2024-09-27 14:04:17 +0000