From 440c61dc40353833cad3a5fc509821ce1f23757f Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka Date: Wed, 7 Jun 2017 08:10:20 +0200 Subject: [PATCH] adtrustinstance: fix ID range comparison The ID range comparison was comparing numbers to a string or possibly to `None` and was tailored in such a way that the check would always pass although it went directly against the definition of the absolute value of a substitution. https://pagure.io/freeipa/issue/7002 Reviewed-By: Martin Basti Reviewed-By: Alexander Bokovoy --- ipaserver/install/adtrustinstance.py | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/ipaserver/install/adtrustinstance.py b/ipaserver/install/adtrustinstance.py index 66dd6b57b..b5d575127 100644 --- a/ipaserver/install/adtrustinstance.py +++ b/ipaserver/install/adtrustinstance.py @@ -345,9 +345,14 @@ class ADTRUSTInstance(service.Service): # Abort if RID bases are too close local_range = ranges_with_no_rid_base[0] - size = local_range.single_value.get('ipaIDRangeSize') + try: + size = int(local_range.single_value.get('ipaIDRangeSize')) + except ValueError: + raise RuntimeError('ipaIDRangeSize is set to a non-integer ' + 'value or is not set at all (got {val})' + .format(val=size)) - if abs(self.rid_base - self.secondary_rid_base) > size: + if abs(self.rid_base - self.secondary_rid_base) < size: self.print_msg("Primary and secondary RID base are too close. " "They have to differ at least by %d." % size) raise RuntimeError("RID bases too close.\n")