From fbd63f8f920a2591310d601b01c7b79aa4023a95 Mon Sep 17 00:00:00 2001 From: Ondrej Kos Date: Tue, 4 Jun 2013 14:54:05 +0200 Subject: DB: Don't add invalid ranges https://fedorahosted.org/sssd/ticket/1816 When saving or updating ranges, skip those which are invalid (not provided ipaNTTrustedDomainSID or ipaSecondaryBaseRID, or both provided at the same time) --- src/db/sysdb_ranges.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/src/db/sysdb_ranges.c b/src/db/sysdb_ranges.c index 07f53ac1f..cc72033eb 100644 --- a/src/db/sysdb_ranges.c +++ b/src/db/sysdb_ranges.c @@ -158,6 +158,16 @@ errno_t sysdb_range_create(struct sysdb_ctx *sysdb, struct range_info *range) int ret; TALLOC_CTX *tmp_ctx; + /* if both or none are set, skip */ + if ((range->trusted_dom_sid == NULL && range->secondary_base_rid == 0) || + (range->trusted_dom_sid != NULL && range->secondary_base_rid != 0)) { + + DEBUG(SSSDBG_OP_FAILURE, ("Invalid range, skipping. Expected that " + "either the secondary base RID or the SID of the trusted " + "domain is set, but not both or none of them.\n")); + return EOK; + } + tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; @@ -197,13 +207,6 @@ errno_t sysdb_range_create(struct sysdb_ctx *sysdb, struct range_info *range) ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_DOMAIN_ID, range->trusted_dom_sid); if (ret) goto done; - } else { - DEBUG(SSSDBG_OP_FAILURE, ("Invalid range, expected that either " - "the secondary base rid or the SID of the " - "trusted domain is set, but not both or " - "none of them.\n")); - ret = EINVAL; - goto done; } ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_NAME, range->name); -- cgit