ipa trust bugfix and improvement of handling unknown trust type error#8258
Conversation
There was a problem hiding this comment.
Code Review
This pull request introduces two important bug fixes for IPA trust handling. The first change in src/providers/ipa/ipa_subdomains_id.c corrects the error handling for unknown trust types, ensuring it returns a more accurate EINVAL error code instead of ENOMEM. The second change in src/providers/ipa/ipa_subdomains_server.c fixes a logical bug by correcting a condition to check for IPA_TRUST_IPA, which was previously checking for IPA_TRUST_AD twice. Both changes are correct and improve the stability and correctness of the provider. My review did not find any further issues.
|
Note to self @justin-stephenson to cherry-pick d865ac3 into sssd 2-11 after this automatic backport for 2-11 is opened. |
Hi, maybe it would be easier if you pick my one-liner and include it into this PR and I close mine? bye, |
Oh, I'm late to the game, Alexey made me aware that my PR is already merged and backported. |
1e19417 to
47c5b2b
Compare
sumit-bose
left a comment
There was a problem hiding this comment.
Hi,
thank you for the fixes, both changes make sense, ACK.
bye,
Sumit
|
Note: Covscan is green. |
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com>
If trust type is unknown for an IPA subdomain request, return EINVAL instead of ENOMEM, and improve the logged error message. Trust type should always be IPA_TRUST_IPA, or IPA_TRUST_AD, if trust discovery and initialization fails early on we can reach this codepath however. Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com>
47c5b2b to
0d2e38c
Compare
No description provided.