IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2024-12-27 09:21:59 -06:00
Code Issues Packages Projects Releases Wiki Activity

Fix permission validation and normalization in aci.py

Browse Source 
The code split the permission string on commas, essentially doing
poor man's CSV parsing. So if a permission contained a
comma-separated list of valid permissions, validation would pass
but we'd get errors later.

https://fedorahosted.org/freeipa/ticket/3420
This commit is contained in:
Petr Viktorin 2013-02-14 07:23:06 -05:00 committed by Martin Kosek
parent 49beb8cd3a
commit da42daac29
1 changed files with 10 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
ipalib/plugins/aci.py
View File

@ -392,21 +392,18 @@ def _find_aci_by_name(acis, aciprefix, aciname):
return a
raise errors.NotFound(reason=_('ACI with name "%s" not found') % aciname)
def validate_permissions(ugettext, permissions):
valid_permissions = []
permissions = permissions.split(',')
for p in permissions:
p = p.strip().lower()
if not p in _valid_permissions_values:
return '"%s" is not a valid permission' % p
def _normalize_permissions(permissions):
def validate_permissions(ugettext, perm):
perm = perm.strip().lower()
if perm not in _valid_permissions_values:
return '"%s" is not a valid permission' % perm
def _normalize_permissions(perm):
valid_permissions = []
permissions = permissions.split(',')
for p in permissions:
p = p.strip().lower()
if p not in valid_permissions:
valid_permissions.append(p)
perm = perm.strip().lower()
if perm not in valid_permissions:
valid_permissions.append(perm)
return ','.join(valid_permissions)
_prefix_option = StrEnum('aciprefix',