On Thu, Nov 22, 2012 at 10:38:28AM +0100, Michal Židek wrote:
> On 11/22/2012 10:27 AM, Pavel Březina wrote:
> >On 11/21/2012 03:00 PM, Michal Židek wrote:
> >>On 11/21/2012 11:04 AM, Jakub Hrozek wrote:
> >>>On Tue, Nov 20, 2012 at 03:20:06PM +0100, Pavel Březina wrote:
> >>>>We should propagate the built-in sid error instead of misusing id.
> >>>>Maybe
> >>>>return IDMAP* directly and return errno value in new output parameter.
> >>>>
> >>>
> >>>I actually think that using a special ID value is OK. We've been
> >>>treating the UID and GID 0 as a special case before anyway for the fake
> >>>users and groups. Also sdap_idmap_sid_to_unix() is supposed to return
> >>>errno and not IDMAP* anyway, so even if we introduced a new IDMAP*
> >>>return code, we would have to translate it into an (errno, id) tuple.
> >>>
> >>>The NSS responder would skip groups with a zero GID anyway.
> >>>
> >>
> >>I let this as it was in the previous patch. The other things are fixed.
> >>
> >>New patch attached.
> >>
> >>Thanks
> >>Michal
> >
> >Nack.
> >
> >>+static bool sss_idmap_sid_is_builtin(const char *sid)
> >>+{
> >>+ if (strncmp(sid, "S-1-5-32-", 9) == 0) {
> >>+ return true;
> >>+ }
> >>+
> >>+ return true;
> >
> >should say false ^
> >
> >It looks good otherwise.
> >
>
> New patch attached.
>
> Thanks
> Michal
>
I was thinking about it some more and I think that Pavel is right, a special
errno code would make the caller's code more readable. Maybe ENOTSUP would
be usable?
Sorry I steered you in the wrong direction.
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
