summaryrefslogtreecommitdiffstats
path: root/src/db
diff options
context:
space:
mode:
authorOndrej Kos <okos@redhat.com>2013-06-04 14:54:05 +0200
committerJakub Hrozek <jhrozek@redhat.com>2013-06-09 13:58:18 +0200
commitfbd63f8f920a2591310d601b01c7b79aa4023a95 (patch)
tree6753da8635fc14eab0e09937bafb21abca590d2d /src/db
parente293fba4f5459f3c2dad254dcc966407d8fc3312 (diff)
downloadsssd-fbd63f8f920a2591310d601b01c7b79aa4023a95.tar.gz
sssd-fbd63f8f920a2591310d601b01c7b79aa4023a95.tar.xz
sssd-fbd63f8f920a2591310d601b01c7b79aa4023a95.zip
DB: Don't add invalid ranges
https://fedorahosted.org/sssd/ticket/1816 When saving or updating ranges, skip those which are invalid (not provided ipaNTTrustedDomainSID or ipaSecondaryBaseRID, or both provided at the same time)
Diffstat (limited to 'src/db')
-rw-r--r--src/db/sysdb_ranges.c17
1 files changed, 10 insertions, 7 deletions
diff --git a/src/db/sysdb_ranges.c b/src/db/sysdb_ranges.c
index 07f53ac1f..cc72033eb 100644
--- a/src/db/sysdb_ranges.c
+++ b/src/db/sysdb_ranges.c
@@ -158,6 +158,16 @@ errno_t sysdb_range_create(struct sysdb_ctx *sysdb, struct range_info *range)
int ret;
TALLOC_CTX *tmp_ctx;
+ /* if both or none are set, skip */
+ if ((range->trusted_dom_sid == NULL && range->secondary_base_rid == 0) ||
+ (range->trusted_dom_sid != NULL && range->secondary_base_rid != 0)) {
+
+ DEBUG(SSSDBG_OP_FAILURE, ("Invalid range, skipping. Expected that "
+ "either the secondary base RID or the SID of the trusted "
+ "domain is set, but not both or none of them.\n"));
+ return EOK;
+ }
+
tmp_ctx = talloc_new(NULL);
if (!tmp_ctx) {
return ENOMEM;
@@ -197,13 +207,6 @@ errno_t sysdb_range_create(struct sysdb_ctx *sysdb, struct range_info *range)
ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_DOMAIN_ID,
range->trusted_dom_sid);
if (ret) goto done;
- } else {
- DEBUG(SSSDBG_OP_FAILURE, ("Invalid range, expected that either "
- "the secondary base rid or the SID of the "
- "trusted domain is set, but not both or "
- "none of them.\n"));
- ret = EINVAL;
- goto done;
}
ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_NAME, range->name);