summaryrefslogtreecommitdiffstats
path: root/ipalib
diff options
context:
space:
mode:
authorAlexander Bokovoy <abokovoy@redhat.com>2012-09-13 20:01:55 +0300
committerRob Crittenden <rcritten@redhat.com>2012-09-17 21:24:38 -0400
commit7269687822b019c209ed759ba42641586abcb2b0 (patch)
tree71d224b9fd3e9b7cafa43a80fafc1b105db68edd /ipalib
parentf0829efe1f93bc80695b1e26d0edf792b31afd89 (diff)
downloadfreeipa-7269687822b019c209ed759ba42641586abcb2b0.tar.gz
freeipa-7269687822b019c209ed759ba42641586abcb2b0.tar.xz
freeipa-7269687822b019c209ed759ba42641586abcb2b0.zip
Add verification of the AD trust
Since we only can perform verification when AD admin credentials are available, report that trust should be verified from the AD side in other cases, including unsuccessful verification. Once trust is added, status of it is never stored anywhere. https://fedorahosted.org/freeipa/ticket/2763
Diffstat (limited to 'ipalib')
-rw-r--r--ipalib/plugins/trust.py12
1 files changed, 7 insertions, 5 deletions
diff --git a/ipalib/plugins/trust.py b/ipalib/plugins/trust.py
index 9d77549ad..bced06f4d 100644
--- a/ipalib/plugins/trust.py
+++ b/ipalib/plugins/trust.py
@@ -60,8 +60,8 @@ _trust_type_dict = {1 : _('Non-Active Directory domain'),
_trust_direction_dict = {1 : _('Trusting forest'),
2 : _('Trusted forest'),
3 : _('Two-way trust')}
-_trust_status = {1 : _('Established and verified'),
- 2 : _('Waiting for confirmation by remote side')}
+_trust_status_dict = {True : _('Established and verified'),
+ False : _('Waiting for confirmation by remote side')}
_trust_type_dict_unknown = _('Unknown')
def trust_type_string(level):
@@ -84,7 +84,7 @@ def trust_direction_string(level):
return unicode(string)
def trust_status_string(level):
- string = _trust_direction_dict.get(int(level), _trust_type_dict_unknown)
+ string = _trust_status_dict.get(level, _trust_type_dict_unknown)
return unicode(string)
class trust(LDAPObject):
@@ -190,6 +190,8 @@ class trust_add(LDAPCreate):
result['result'] = trusts[0][1]
result['result']['trusttype'] = [trust_type_string(result['result']['ipanttrusttype'][0])]
result['result']['trustdirection'] = [trust_direction_string(result['result']['ipanttrustdirection'][0])]
+ result['result']['truststatus'] = [trust_status_string(result['verified'])]
+ del result['verified']
return result
@@ -272,14 +274,14 @@ class trust_add(LDAPCreate):
if result is None:
raise errors.ValidationError(name=_('AD Trust setup'), error=_('Unable to verify write permissions to the AD'))
- return dict(result=dict(), value=trustinstance.remote_domain.info['dns_domain'])
+ return dict(value=trustinstance.remote_domain.info['dns_domain'], verified=result['verified'])
# 2. We don't have access to the remote domain and trustdom password
# is provided. Do the work on our side and inform what to do on remote
# side.
if 'trust_secret' in options:
result = trustinstance.join_ad_ipa_half(keys[-1], realm_server, options['trust_secret'])
- return dict(result=dict(), value=trustinstance.remote_domain.info['dns_domain'])
+ return dict(value=trustinstance.remote_domain.info['dns_domain'], verified=result['verified'])
raise errors.ValidationError(name=_('AD Trust setup'), error=_('Not enough arguments specified to perform trust setup'))
class trust_del(LDAPDelete):