On 11/21/2012 03:00 PM, Michal Židek wrote:
On 11/21/2012 11:04 AM, Jakub Hrozek wrote:
On Tue, Nov 20, 2012 at 03:20:06PM +0100, Pavel Březina wrote:
We should propagate the built-in sid error instead of misusing id. Maybe
return IDMAP* directly and return errno value in new output parameter.
I actually think that using a special ID value is OK. We've been
treating the UID and GID 0 as a special case before anyway for the fake
users and groups. Also sdap_idmap_sid_to_unix() is supposed to return
errno and not IDMAP* anyway, so even if we introduced a new IDMAP*
return code, we would have to translate it into an (errno, id) tuple.
The NSS responder would skip groups with a zero GID anyway.
I let this as it was in the previous patch. The other things are fixed.
New patch attached.
Thanks
Michal
Nack.
+static bool sss_idmap_sid_is_builtin(const char *sid)
+{
+ if (strncmp(sid, "S-1-5-32-", 9) == 0) {
+ return true;
+ }
+
+ return true;
should say false ^
It looks good otherwise.
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
