diff options
author | Tomas Babej <tbabej@redhat.com> | 2013-03-06 12:17:28 +0100 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2013-03-14 15:20:30 +0100 |
commit | 04a17f00b7a991297cc4f7441512a4f5ca436271 (patch) | |
tree | aa497d1601251b2a32f5aa274d267a0bc0f4959f /ipalib/plugins | |
parent | 354a5db38e46aaf7ff4ecb0b6ee54a18194c376e (diff) | |
download | freeipa-04a17f00b7a991297cc4f7441512a4f5ca436271.tar.gz freeipa-04a17f00b7a991297cc4f7441512a4f5ca436271.tar.xz freeipa-04a17f00b7a991297cc4f7441512a4f5ca436271.zip |
Enforce exact SID match when adding or modifying a ID range
SID validation in idrange.py now enforces exact match on SIDs, thus
one can no longer use SID of an object in a trusted domain as a
trusted domain SID.
https://fedorahosted.org/freeipa/ticket/3432
Diffstat (limited to 'ipalib/plugins')
-rw-r--r-- | ipalib/plugins/idrange.py | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/ipalib/plugins/idrange.py b/ipalib/plugins/idrange.py index d8989327a..54f6fbb3e 100644 --- a/ipalib/plugins/idrange.py +++ b/ipalib/plugins/idrange.py @@ -289,7 +289,7 @@ class idrange(LDAPObject): domain_validator = self.get_domain_validator() - if not domain_validator.is_trusted_sid_valid(sid): + if not domain_validator.is_trusted_domain_sid_valid(sid): raise errors.ValidationError(name='domain SID', error=_('SID is not recognized as a valid SID for a ' 'trusted domain')) |