IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Use case-insensitive dict for trusted domain info

Browse Source 
In DomainValidator, we store a dictionary containing information
for trusted domains. This is a case-sensitive dictionary keyed by
the domain name.

We need to use case-insensitive dictionary since domain names
are generally case-insensitive.

https://fedorahosted.org/freeipa/ticket/3816
This commit is contained in:
Tomas Babej
2013-07-25 13:54:39 +02:00
committed by Martin Kosek
parent fb08402b71
commit 8122d74596
1 changed files with 24 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
ipaserver/dcerpc.py
View File

@@ -150,18 +150,29 @@ class DomainValidator(object):
return True return True
def get_trusted_domains(self): def get_trusted_domains(self):
"""Returns dict of trusted domain tuples (flatname, sid, trust_auth_outgoing), keyed by domain name""" """
cn_trust = DN(('cn', 'ad'), self.api.env.container_trusts, self.api.env.basedn) Returns case-insensitive dict of trusted domain tuples
(flatname, sid, trust_auth_outgoing), keyed by domain name.
"""
cn_trust = DN(('cn', 'ad'), self.api.env.container_trusts,
self.api.env.basedn)
try: try:
search_kw = {'objectClass': 'ipaNTTrustedDomain'} search_kw = {'objectClass': 'ipaNTTrustedDomain'}
filter = self.ldap.make_filter(search_kw, rules=self.ldap.MATCH_ALL) filter = self.ldap.make_filter(search_kw, rules=self.ldap.MATCH_ALL)
(entries, truncated) = self.ldap.find_entries(filter=filter, base_dn=cn_trust, (entries, truncated) = self.ldap.find_entries(
filter=filter,
base_dn=cn_trust,
attrs_list=[self.ATTR_TRUSTED_SID, attrs_list=[self.ATTR_TRUSTED_SID,
self.ATTR_FLATNAME, self.ATTR_FLATNAME,
self.ATTR_TRUST_PARTNER, self.ATTR_TRUST_PARTNER,
self.ATTR_TRUST_AUTHOUT]) self.ATTR_TRUST_AUTHOUT]
)
# We need to use case-insensitive dictionary since we use
# domain names as keys and those are generally case-insensitive
result = ipautil.CIDict()
result = dict()
for dn, entry in entries: for dn, entry in entries:
try: try:
trust_partner = entry[self.ATTR_TRUST_PARTNER][0] trust_partner = entry[self.ATTR_TRUST_PARTNER][0]
@@ -170,13 +181,14 @@ class DomainValidator(object):
except KeyError, e: except KeyError, e:
# Some piece of trusted domain info in LDAP is missing # Some piece of trusted domain info in LDAP is missing
# Skip the domain, but leave log entry for investigation # Skip the domain, but leave log entry for investigation
api.log.warn("Trusted domain '%s' entry misses an attribute: %s", api.log.warn("Trusted domain '%s' entry misses an "
dn, e) "attribute: %s", dn, e)
continue continue
trust_authout = entry.get(self.ATTR_TRUST_AUTHOUT, [None])[0] trust_authout = entry.get(self.ATTR_TRUST_AUTHOUT, [None])[0]
# We were able to read all Trusted domain attributes but the secret # We were able to read all Trusted domain attributes but the
# User is not member of trust admins group # secret User is not member of trust admins group
if trust_authout is None: if trust_authout is None:
raise errors.ACIError( raise errors.ACIError(
info=_('communication with trusted domains is allowed ' info=_('communication with trusted domains is allowed '