diff options
author | Martin Kosek <mkosek@redhat.com> | 2011-11-14 17:03:44 +0100 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2011-11-15 13:17:44 +0100 |
commit | 2a3a4ae64a9c3fa41520058e24f20f4d3d941e48 (patch) | |
tree | 3c51f7b993602df309269244c429f85974b86ec2 /ipalib/plugins | |
parent | 714b0d11ec5e6d756739bfca2cdf3bad31979615 (diff) | |
download | freeipa-2a3a4ae64a9c3fa41520058e24f20f4d3d941e48.tar.gz freeipa-2a3a4ae64a9c3fa41520058e24f20f4d3d941e48.tar.xz freeipa-2a3a4ae64a9c3fa41520058e24f20f4d3d941e48.zip |
Fix LDAP object parameter encoding
Parameters in LDAP objects missed an information if they are real
LDAP attributes or not. Real LDAP attributes are written to
entry_attrs dictionary in plugin callbacks and are being encoded.
This causes issues when plugin callbacks does not expect that
the parameters values are already encoded for submission to LDAP.
This patch introduces a new flag "noattribute" used to mark that
a parameter is not an LDAP attribute and thus should not be encoded
or added to entry_attrs. Param documentation is improved to describe
the meaning of this and other Param flags or attributes.
https://fedorahosted.org/freeipa/ticket/2097
Diffstat (limited to 'ipalib/plugins')
-rw-r--r-- | ipalib/plugins/aci.py | 11 | ||||
-rw-r--r-- | ipalib/plugins/dns.py | 9 | ||||
-rw-r--r-- | ipalib/plugins/host.py | 22 | ||||
-rw-r--r-- | ipalib/plugins/pwpolicy.py | 4 |
4 files changed, 22 insertions, 24 deletions
diff --git a/ipalib/plugins/aci.py b/ipalib/plugins/aci.py index 429ae6eb5..585dab837 100644 --- a/ipalib/plugins/aci.py +++ b/ipalib/plugins/aci.py @@ -416,16 +416,19 @@ class aci(Object): cli_name='name', label=_('ACI name'), primary_key=True, + flags=('virtual_attribute',), ), Str('permission?', cli_name='permission', label=_('Permission'), doc=_('Permission ACI grants access to'), + flags=('virtual_attribute',), ), Str('group?', cli_name='group', label=_('User group'), doc=_('User group ACI grants access to'), + flags=('virtual_attribute',), ), List('permissions', validate_permissions, cli_name='permissions', @@ -433,42 +436,50 @@ class aci(Object): doc=_('comma-separated list of permissions to grant' \ '(read, write, add, delete, all)'), normalizer=_normalize_permissions, + flags=('virtual_attribute',), ), List('attrs?', cli_name='attrs', label=_('Attributes'), doc=_('Comma-separated list of attributes'), + flags=('virtual_attribute',), ), StrEnum('type?', cli_name='type', label=_('Type'), doc=_('type of IPA object (user, group, host, hostgroup, service, netgroup)'), values=(u'user', u'group', u'host', u'service', u'hostgroup', u'netgroup', u'dnsrecord'), + flags=('virtual_attribute',), ), Str('memberof?', cli_name='memberof', label=_('Member of'), # FIXME: Does this label make sense? doc=_('Member of a group'), + flags=('virtual_attribute',), ), Str('filter?', cli_name='filter', label=_('Filter'), doc=_('Legal LDAP filter (e.g. ou=Engineering)'), + flags=('virtual_attribute',), ), Str('subtree?', cli_name='subtree', label=_('Subtree'), doc=_('Subtree to apply ACI to'), + flags=('virtual_attribute',), ), Str('targetgroup?', cli_name='targetgroup', label=_('Target group'), doc=_('Group to apply ACI to'), + flags=('virtual_attribute',), ), Flag('selfaci?', cli_name='self', label=_('Target your own entry (self)'), doc=_('Apply ACI to your own entry (self)'), + flags=('virtual_attribute',), ), ) diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py index 0a0bcb79c..bfc8090ca 100644 --- a/ipalib/plugins/dns.py +++ b/ipalib/plugins/dns.py @@ -665,6 +665,7 @@ class dnszone(LDAPObject): Str('name_from_ip?', _validate_ipnet, label=_('Reverse zone IP network'), doc=_('IP network to create reverse zone name from'), + flags=('virtual_attribute',), ), Str('idnssoamname', cli_name='name_server', @@ -780,9 +781,6 @@ class dnszone_add(LDAPCreate): if not dns_container_exists(self.api.Backend.ldap2): raise errors.NotFound(reason=_('DNS is not configured')) - if 'name_from_ip' in entry_attrs: - del entry_attrs['name_from_ip'] - entry_attrs['idnszoneactive'] = 'TRUE' # Check nameserver has a forward record @@ -832,11 +830,6 @@ class dnszone_mod(LDAPUpdate): self.obj.params['name_from_ip'](unicode(options['name_from_ip'])) return super(dnszone_mod, self).args_options_2_params(*args, **options) - def pre_callback(self, ldap, dn, entry_attrs, *keys, **options): - if 'name_from_ip' in entry_attrs: - del entry_attrs['name_from_ip'] - return dn - api.register(dnszone_mod) diff --git a/ipalib/plugins/host.py b/ipalib/plugins/host.py index 6557880aa..33d60ad1c 100644 --- a/ipalib/plugins/host.py +++ b/ipalib/plugins/host.py @@ -290,12 +290,12 @@ class host(LDAPObject): ), Flag('random?', doc=_('Generate a random password to be used in bulk enrollment'), - flags=['no_search'], + flags=('no_search', 'virtual_attribute'), default=False, ), Str('randompassword?', label=_('Random password'), - flags=['no_create', 'no_update', 'no_search'], + flags=('no_create', 'no_update', 'no_search', 'virtual_attribute'), ), Bytes('usercertificate?', validate_certificate, cli_name='certificate', @@ -432,12 +432,10 @@ class host_add(LDAPCreate): entry_attrs['objectclass'].remove('krbprincipalaux') if 'krbprincipal' in entry_attrs['objectclass']: entry_attrs['objectclass'].remove('krbprincipal') - if 'random' in options: - if options.get('random'): - entry_attrs['userpassword'] = ipa_generate_password() - # save the password so it can be displayed in post_callback - setattr(context, 'randompassword', entry_attrs['userpassword']) - del entry_attrs['random'] + if options.get('random'): + entry_attrs['userpassword'] = ipa_generate_password() + # save the password so it can be displayed in post_callback + setattr(context, 'randompassword', entry_attrs['userpassword']) cert = options.get('usercertificate') if cert: cert = x509.normalize_certificate(cert) @@ -680,11 +678,9 @@ class host_mod(LDAPUpdate): raise nsprerr entry_attrs['usercertificate'] = cert - if 'random' in options: - if options.get('random'): - entry_attrs['userpassword'] = ipa_generate_password() - setattr(context, 'randompassword', entry_attrs['userpassword']) - del entry_attrs['random'] + if options.get('random'): + entry_attrs['userpassword'] = ipa_generate_password() + setattr(context, 'randompassword', entry_attrs['userpassword']) return dn diff --git a/ipalib/plugins/pwpolicy.py b/ipalib/plugins/pwpolicy.py index 6c5e6c56b..db42bca04 100644 --- a/ipalib/plugins/pwpolicy.py +++ b/ipalib/plugins/pwpolicy.py @@ -263,6 +263,7 @@ class pwpolicy(LDAPObject): label=_('Priority'), doc=_('Priority of the policy (higher number means lower priority'), minvalue=0, + flags=('virtual_attribute',), ), ) + lockout_params @@ -344,8 +345,6 @@ class pwpolicy_add(LDAPCreate): keys[-1], krbpwdpolicyreference=dn, cospriority=options.get('cospriority') ) - if 'cospriority' in entry_attrs: - del entry_attrs['cospriority'] return dn def post_callback(self, ldap, dn, entry_attrs, *keys, **options): @@ -406,7 +405,6 @@ class pwpolicy_mod(LDAPUpdate): raise e else: setattr(context, 'cosupdate', True) - del entry_attrs['cospriority'] return dn def post_callback(self, ldap, dn, entry_attrs, *keys, **options): |