diff options
| author | Marlena Marlenowska <stolarek.marcin@gmail.com> | 2017-09-14 03:54:40 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2017-09-19 12:35:51 +0200 |
| commit | 0526dde7f3d4089617c0f4a6a85f83e9d266c9f1 (patch) | |
| tree | da5d817cf6cc241ffe87f7169792a01943aabdc8 | |
| parent | 3ec6f2902a89d97ad3af5df400a45217fe764f4e (diff) | |
| download | sssd-0526dde7f3d4089617c0f4a6a85f83e9d266c9f1.tar.gz sssd-0526dde7f3d4089617c0f4a6a85f83e9d266c9f1.tar.xz sssd-0526dde7f3d4089617c0f4a6a85f83e9d266c9f1.zip | |
IDMAP: Prevent colision for explicitly defined slice.
Currently it happens for default domain, if someone configures
different ldap_idmap_default_domain_sid for two domains in
sssd.conf. There is no check preventing this in sdap_idmap.c, it's simply:
sdap_idmap_add_domain(idmap_ctx, dom_name,sid_str, 0). However, I believe
here is the best place to check it since there may be different use of
sss_idmap_calculate_ranges in the future.
Reviewed-by: Sumit Bose <sbose@redhat.com>
| -rw-r--r-- | src/lib/idmap/sss_idmap.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/src/lib/idmap/sss_idmap.c b/src/lib/idmap/sss_idmap.c index 56ba904bc..57e9d3087 100644 --- a/src/lib/idmap/sss_idmap.c +++ b/src/lib/idmap/sss_idmap.c @@ -426,6 +426,16 @@ enum idmap_error_code sss_idmap_calculate_range(struct sss_idmap_ctx *ctx, * explicitly. */ new_slice = *slice_num; + min = (rangesize * new_slice) + idmap_lower; + max = min + rangesize - 1; + for (dom = ctx->idmap_domain_info; dom != NULL; dom = dom->next) { + if (check_dom_overlap(&dom->range_params,min, max)) { + /* This range overlaps one already registered + * Fail, because the slice was manually configured + */ + return IDMAP_COLLISION; + } + } } else { /* If slice is -1, we're being asked to pick a new slice */ |