Hi Petr,

good catch. I didn't check for self referential segments. There is a check for existing segments, but unfortuantely the entry lookup in the pblock was incorrect and the test always passed.


For the removal, there is teh assumption that no duplicate segments exist and so removal of A->B only succeeds if there is another path from A to B.

I'm building a patch and will sen to the list soon

Ludwig

On 06/03/2015 12:51 PM, Petr Vobornik wrote:
On 06/03/2015 11:37 AM, Martin Babinsky wrote:
Hi everyone,

I have been playing with the topology related patches and I have
encountered a few issues that I would like to address in this thread:


Additional stuff:

1. was able to add duplicate segment
- same left and right node
- same direction
- different cn

It did not allow me to remove it:
"""
Server is unwilling to perform: Removal of Segment disconnects topology.Deletion not allowed.
"""

2. topology plugin allows to create reflexive relation from the invalid duplicates(#1):

A -> B
A -> B
to
A -> A
B -> B

I.E. effective disconnect

it is forbidden in `ipa topologysegment-mod` but I think that even the plugin should not allow that

3. attempt to delete the invalid reflexive or duplicate segment ends with:
"""
Server is unwilling to perform: Removal of Segment disconnects topology.Deletion not allowed.""



--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to