IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

idviews: Use case-insensitive detection of Default Trust View

Browse Source 
The usage of lowercased varsion of 'Default Trust View' can no
longer be used to bypass the validation.

https://fedorahosted.org/freeipa/ticket/4915

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
This commit is contained in:
Tomas Babej 2015-02-23 16:16:01 +01:00
parent 8b199b813d
commit 93f3bb3ddd
1 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
ipalib/plugins/idviews.py
View File

@ -53,6 +53,7 @@ protected_default_trust_view_error = errors.ProtectedEntryError(
reason=_('system ID View') reason=_('system ID View')
) )
DEFAULT_TRUST_VIEW_NAME = "default trust view"
@register() @register()
class idview(LDAPObject): class idview(LDAPObject):
@ -106,8 +107,9 @@ class idview_del(LDAPDelete):
msg_summary = _('Deleted ID View "%(value)s"') msg_summary = _('Deleted ID View "%(value)s"')
def pre_callback(self, ldap, dn, *keys, **options): def pre_callback(self, ldap, dn, *keys, **options):
if "Default Trust View" in keys: for key in keys:
raise protected_default_trust_view_error if key.lower() == DEFAULT_TRUST_VIEW_NAME:
raise protected_default_trust_view_error
return dn return dn
@ -118,8 +120,9 @@ class idview_mod(LDAPUpdate):
msg_summary = _('Modified an ID View "%(value)s"') msg_summary = _('Modified an ID View "%(value)s"')
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
if "Default Trust View" in keys: for key in keys:
raise protected_default_trust_view_error if key.lower() == DEFAULT_TRUST_VIEW_NAME:
raise protected_default_trust_view_error
return dn return dn
@ -240,7 +243,7 @@ class baseidview_apply(LDAPQuery):
# the ipaAssignedIDView to None # the ipaAssignedIDView to None
view_dn = None view_dn = None
if view == 'Default Trust View': if view.lower() == DEFAULT_TRUST_VIEW_NAME:
raise errors.ValidationError( raise errors.ValidationError(
name=_('ID View'), name=_('ID View'),
error=_('Default Trust View cannot be applied on hosts') error=_('Default Trust View cannot be applied on hosts')
@ -584,7 +587,7 @@ class baseidoverride(LDAPObject):
# Check if parent object is Default Trust View, if so, prohibit # Check if parent object is Default Trust View, if so, prohibit
# adding overrides for IPA objects # adding overrides for IPA objects
if dn[1].value == 'Default Trust View': if dn[1].value.lower() == DEFAULT_TRUST_VIEW_NAME:
if dn[0].value.startswith(IPA_ANCHOR_PREFIX): if dn[0].value.startswith(IPA_ANCHOR_PREFIX):
raise errors.ValidationError( raise errors.ValidationError(
name=_('ID View'), name=_('ID View'),