Enforce exact SID match when adding or modifying a ID range

SID validation in idrange.py now enforces exact match on SIDs, thus one can no longer use SID of an object in a trusted domain as a trusted domain SID. https://fedorahosted.org/freeipa/ticket/3432
author: Tomas Babej <tbabej@redhat.com> 2013-03-06 12:17:28 +0100
committer: Martin Kosek <mkosek@redhat.com> 2013-03-14 15:20:30 +0100
commit: 04a17f00b7a991297cc4f7441512a4f5ca436271 (patch)
tree: aa497d1601251b2a32f5aa274d267a0bc0f4959f /ipalib/plugins/idrange.py
parent: 354a5db38e46aaf7ff4ecb0b6ee54a18194c376e (diff)
download: freeipa-04a17f00b7a991297cc4f7441512a4f5ca436271.tar.gz
freeipa-04a17f00b7a991297cc4f7441512a4f5ca436271.tar.xz
freeipa-04a17f00b7a991297cc4f7441512a4f5ca436271.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/ipalib/plugins/idrange.py b/ipalib/plugins/idrange.py
index d8989327a..54f6fbb3e 100644
--- a/ipalib/plugins/idrange.py
+++ b/ipalib/plugins/idrange.py
@@ -289,7 +289,7 @@ class idrange(LDAPObject):
 
         domain_validator = self.get_domain_validator()
 
-        if not domain_validator.is_trusted_sid_valid(sid):
+        if not domain_validator.is_trusted_domain_sid_valid(sid):
             raise errors.ValidationError(name='domain SID',
                   error=_('SID is not recognized as a valid SID for a '
                           'trusted domain'))
author	Tomas Babej <tbabej@redhat.com>	2013-03-06 12:17:28 +0100
committer	Martin Kosek <mkosek@redhat.com>	2013-03-14 15:20:30 +0100
commit	04a17f00b7a991297cc4f7441512a4f5ca436271 (patch)
tree	aa497d1601251b2a32f5aa274d267a0bc0f4959f /ipalib/plugins/idrange.py
parent	354a5db38e46aaf7ff4ecb0b6ee54a18194c376e (diff)
download	freeipa-04a17f00b7a991297cc4f7441512a4f5ca436271.tar.gz freeipa-04a17f00b7a991297cc4f7441512a4f5ca436271.tar.xz freeipa-04a17f00b7a991297cc4f7441512a4f5ca436271.zip