Perform secondary rid range overlap check for local ranges only

Any of the following checks: - overlap between primary RID range and secondary RID range - overlap between secondary RID range and secondary RID range is performed now only if both of the ranges involved are local domain ranges. https://fedorahosted.org/freeipa/ticket/3391
2025-02-25 18:55:28 -06:00 · 2013-03-05 09:17:20 +01:00 · 2013-03-05 09:17:20 +01:00 · 8d432353cc
commit 8d432353cc
parent 6ff20ca2d9
1 changed files with 23 additions and 14 deletions
--- a/daemons/ipa-slapi-plugins/ipa-range-check/ipa_range_check.c
+++ b/daemons/ipa-slapi-plugins/ipa-range-check/ipa_range_check.c
@ -178,6 +178,11 @@ static int ranges_overlap(struct range_info *r1, struct range_info *r2)
    bool rid_ranges_set = (r1->base_rid != 0 || r1->secondary_base_rid != 0) &&
                          (r2->base_rid != 0 || r2->secondary_base_rid != 0);

+    /**
+     * ipaNTTrustedDomainSID is not set for local ranges, use it to
+     * determine the type of the range **/
+    bool local_ranges = r1->domain_id == NULL && r2->domain_id == NULL;
+
    bool ranges_from_same_domain =
         (r1->domain_id == NULL && r2->domain_id == NULL) ||
         (r1->domain_id != NULL && r2->domain_id != NULL &&
@ -185,8 +190,7 @@ static int ranges_overlap(struct range_info *r1, struct range_info *r2)

    /**
     * in case rid range is not set or ranges belong to different domains
-     * we can skip rid range tests as they are irrelevant
-     */
+     * we can skip rid range tests as they are irrelevant **/
    if (rid_ranges_set && ranges_from_same_domain){

        /* check if rid range overlaps with existing rid range */
@ -194,20 +198,25 @@ static int ranges_overlap(struct range_info *r1, struct range_info *r2)
            r1->id_range_size, r2->id_range_size))
            return 2;

-        /* check if secondary rid range overlaps with existing secondary rid range */
-        if (intervals_overlap(r1->secondary_base_rid, r2->secondary_base_rid,
-            r1->id_range_size, r2->id_range_size))
-            return 3;
+        /**
+         * The following 3 checks are relevant only if both ranges are local.
+         * Check if secondary rid range overlaps with existing secondary rid
+         * range. **/
+        if (local_ranges){
+            if (intervals_overlap(r1->secondary_base_rid,
+                r2->secondary_base_rid, r1->id_range_size, r2->id_range_size))
+                return 3;

-        /* check if rid range overlaps with existing secondary rid range */
-        if (intervals_overlap(r1->base_rid, r2->secondary_base_rid,
-            r1->id_range_size, r2->id_range_size))
-            return 4;
+            /* check if rid range overlaps with existing secondary rid range */
+            if (intervals_overlap(r1->base_rid, r2->secondary_base_rid,
+                r1->id_range_size, r2->id_range_size))
+                return 4;

-        /* check if secondary rid range overlaps with existing rid range */
-        if (intervals_overlap(r1->secondary_base_rid, r2->base_rid,
-            r1->id_range_size, r2->id_range_size))
-            return 5;
+            /* check if secondary rid range overlaps with existing rid range */
+            if (intervals_overlap(r1->secondary_base_rid, r2->base_rid,
+                r1->id_range_size, r2->id_range_size))
+                return 5;
+            }
    }

    return 0;