mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
Perform secondary rid range overlap check for local ranges only
Any of the following checks: - overlap between primary RID range and secondary RID range - overlap between secondary RID range and secondary RID range is performed now only if both of the ranges involved are local domain ranges. https://fedorahosted.org/freeipa/ticket/3391
This commit is contained in:
Tomas Babej
Martin Kosek
parent
6ff20ca2d9
commit
8d432353cc
@ -178,6 +178,11 @@ static int ranges_overlap(struct range_info *r1, struct range_info *r2)
|
|||||||
bool rid_ranges_set = (r1->base_rid != 0 || r1->secondary_base_rid != 0) &&
|
bool rid_ranges_set = (r1->base_rid != 0 || r1->secondary_base_rid != 0) &&
|
||||||
(r2->base_rid != 0 || r2->secondary_base_rid != 0);
|
(r2->base_rid != 0 || r2->secondary_base_rid != 0);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* ipaNTTrustedDomainSID is not set for local ranges, use it to
|
||||||
|
* determine the type of the range **/
|
||||||
|
bool local_ranges = r1->domain_id == NULL && r2->domain_id == NULL;
|
||||||
|
|
||||||
bool ranges_from_same_domain =
|
bool ranges_from_same_domain =
|
||||||
(r1->domain_id == NULL && r2->domain_id == NULL) ||
|
(r1->domain_id == NULL && r2->domain_id == NULL) ||
|
||||||
(r1->domain_id != NULL && r2->domain_id != NULL &&
|
(r1->domain_id != NULL && r2->domain_id != NULL &&
|
||||||
@ -185,8 +190,7 @@ static int ranges_overlap(struct range_info *r1, struct range_info *r2)
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* in case rid range is not set or ranges belong to different domains
|
* in case rid range is not set or ranges belong to different domains
|
||||||
* we can skip rid range tests as they are irrelevant
|
* we can skip rid range tests as they are irrelevant **/
|
||||||
*/
|
|
||||||
if (rid_ranges_set && ranges_from_same_domain){
|
if (rid_ranges_set && ranges_from_same_domain){
|
||||||
|
|
||||||
/* check if rid range overlaps with existing rid range */
|
/* check if rid range overlaps with existing rid range */
|
||||||
@ -194,20 +198,25 @@ static int ranges_overlap(struct range_info *r1, struct range_info *r2)
|
|||||||
r1->id_range_size, r2->id_range_size))
|
r1->id_range_size, r2->id_range_size))
|
||||||
return 2;
|
return 2;
|
||||||
|
|
||||||
/* check if secondary rid range overlaps with existing secondary rid range */
|
/**
|
||||||
if (intervals_overlap(r1->secondary_base_rid, r2->secondary_base_rid,
|
* The following 3 checks are relevant only if both ranges are local.
|
||||||
r1->id_range_size, r2->id_range_size))
|
* Check if secondary rid range overlaps with existing secondary rid
|
||||||
return 3;
|
* range. **/
|
||||||
|
if (local_ranges){
|
||||||
|
if (intervals_overlap(r1->secondary_base_rid,
|
||||||
|
r2->secondary_base_rid, r1->id_range_size, r2->id_range_size))
|
||||||
|
return 3;
|
||||||
|
|
||||||
/* check if rid range overlaps with existing secondary rid range */
|
/* check if rid range overlaps with existing secondary rid range */
|
||||||
if (intervals_overlap(r1->base_rid, r2->secondary_base_rid,
|
if (intervals_overlap(r1->base_rid, r2->secondary_base_rid,
|
||||||
r1->id_range_size, r2->id_range_size))
|
r1->id_range_size, r2->id_range_size))
|
||||||
return 4;
|
return 4;
|
||||||
|
|
||||||
/* check if secondary rid range overlaps with existing rid range */
|
/* check if secondary rid range overlaps with existing rid range */
|
||||||
if (intervals_overlap(r1->secondary_base_rid, r2->base_rid,
|
if (intervals_overlap(r1->secondary_base_rid, r2->base_rid,
|
||||||
r1->id_range_size, r2->id_range_size))
|
r1->id_range_size, r2->id_range_size))
|
||||||
return 5;
|
return 5;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user