|
 |
bbecb6 |
From 97fc368df2db3b559a9def236d3c3e0a12bcdd0a Mon Sep 17 00:00:00 2001
|
|
|
bbecb6 |
From: Florence Blanc-Renaud <flo@redhat.com>
|
|
|
bbecb6 |
Date: Mon, 23 Jan 2023 20:28:17 +0100
|
|
|
bbecb6 |
Subject: [PATCH] trust-add: handle missing msSFU30MaxGidNumber
|
|
|
bbecb6 |
|
|
|
bbecb6 |
When ipa trust-add is executed with --range-type ad-trust-posix,
|
|
|
bbecb6 |
the server tries to find the max uidnumber and max gidnumber
|
|
|
bbecb6 |
from AD domain controller.
|
|
|
bbecb6 |
The values are extracted from the entry
|
|
|
bbecb6 |
CN=<domain>,CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,<AD suffix>
|
|
|
bbecb6 |
in the msSFU30MaxUidNumber and msSFU30MaxGidNumber attributes.
|
|
|
bbecb6 |
|
|
|
bbecb6 |
msSFU30MaxUidNumber is required but not msSFU30MaxGidNumber.
|
|
|
bbecb6 |
In case msSFU30MaxGidNumber is missing, the code is currently assigning
|
|
|
bbecb6 |
a "None" value and later on evaluates the max between this value and
|
|
|
bbecb6 |
msSFU30MaxUidNumber. The max function cannot compare None and a list
|
|
|
bbecb6 |
of string and triggers an exception.
|
|
|
bbecb6 |
|
|
|
bbecb6 |
To avoid the exception, assign [b'0'] to max gid if msSFU30MaxGidNumber
|
|
|
bbecb6 |
is missing. This way, the comparison succeeds and max returns the
|
|
|
bbecb6 |
value from msSFU30MaxUidNumber.
|
|
|
bbecb6 |
|
|
|
bbecb6 |
Fixes: https://pagure.io/freeipa/issue/9310
|
|
|
bbecb6 |
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
|
|
|
bbecb6 |
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
|
|
bbecb6 |
---
|
|
|
bbecb6 |
ipaserver/plugins/trust.py | 5 ++++-
|
|
|
bbecb6 |
1 file changed, 4 insertions(+), 1 deletion(-)
|
|
|
bbecb6 |
|
|
|
bbecb6 |
diff --git a/ipaserver/plugins/trust.py b/ipaserver/plugins/trust.py
|
|
|
bbecb6 |
index c074f6d6e609476e416c95bcbe607654718ae9ce..79264b8d8a3b15dd4e5d0553e4ce42194b0ae044 100644
|
|
|
bbecb6 |
--- a/ipaserver/plugins/trust.py
|
|
|
bbecb6 |
+++ b/ipaserver/plugins/trust.py
|
|
|
bbecb6 |
@@ -379,7 +379,10 @@ def add_range(myapi, trustinstance, range_name, dom_sid, *keys, **options):
|
|
|
bbecb6 |
range_type = u'ipa-ad-trust-posix'
|
|
|
bbecb6 |
|
|
|
bbecb6 |
max_uid = info.get('msSFU30MaxUidNumber')
|
|
|
bbecb6 |
- max_gid = info.get('msSFU30MaxGidNumber', None)
|
|
|
bbecb6 |
+ # if max_gid is missing, assume 0 and the max will
|
|
|
bbecb6 |
+ # be obtained from max_uid. We just checked that
|
|
|
bbecb6 |
+ # msSFU30MaxUidNumber is defined
|
|
|
bbecb6 |
+ max_gid = info.get('msSFU30MaxGidNumber', [b'0'])
|
|
|
bbecb6 |
max_id = int(max(max_uid, max_gid)[0])
|
|
|
bbecb6 |
|
|
|
bbecb6 |
base_id = int(info.get('msSFU30OrderNumber')[0])
|
|
|
bbecb6 |
--
|
|
|
bbecb6 |
2.39.1
|
|
|
bbecb6 |
|