diff options
author | Ondrej Kos <okos@redhat.com> | 2013-06-04 14:54:05 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-06-09 13:58:18 +0200 |
commit | fbd63f8f920a2591310d601b01c7b79aa4023a95 (patch) | |
tree | 6753da8635fc14eab0e09937bafb21abca590d2d /src/db | |
parent | e293fba4f5459f3c2dad254dcc966407d8fc3312 (diff) | |
download | sssd-fbd63f8f920a2591310d601b01c7b79aa4023a95.tar.gz sssd-fbd63f8f920a2591310d601b01c7b79aa4023a95.tar.xz sssd-fbd63f8f920a2591310d601b01c7b79aa4023a95.zip |
DB: Don't add invalid ranges
https://fedorahosted.org/sssd/ticket/1816
When saving or updating ranges, skip those which are invalid (not
provided ipaNTTrustedDomainSID or ipaSecondaryBaseRID, or both provided
at the same time)
Diffstat (limited to 'src/db')
-rw-r--r-- | src/db/sysdb_ranges.c | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/src/db/sysdb_ranges.c b/src/db/sysdb_ranges.c index 07f53ac1f..cc72033eb 100644 --- a/src/db/sysdb_ranges.c +++ b/src/db/sysdb_ranges.c @@ -158,6 +158,16 @@ errno_t sysdb_range_create(struct sysdb_ctx *sysdb, struct range_info *range) int ret; TALLOC_CTX *tmp_ctx; + /* if both or none are set, skip */ + if ((range->trusted_dom_sid == NULL && range->secondary_base_rid == 0) || + (range->trusted_dom_sid != NULL && range->secondary_base_rid != 0)) { + + DEBUG(SSSDBG_OP_FAILURE, ("Invalid range, skipping. Expected that " + "either the secondary base RID or the SID of the trusted " + "domain is set, but not both or none of them.\n")); + return EOK; + } + tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; @@ -197,13 +207,6 @@ errno_t sysdb_range_create(struct sysdb_ctx *sysdb, struct range_info *range) ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_DOMAIN_ID, range->trusted_dom_sid); if (ret) goto done; - } else { - DEBUG(SSSDBG_OP_FAILURE, ("Invalid range, expected that either " - "the secondary base rid or the SID of the " - "trusted domain is set, but not both or " - "none of them.\n")); - ret = EINVAL; - goto done; } ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_NAME, range->name); |