From 7d0c90f7aa0fa1e03610f754ab73c6d41d7e2087 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Wed, 16 Jun 2010 14:01:05 -0400
Subject: Handle (ignore) unknown options in get_domain() and get_service()

We will now eliminate any unknown options and providers to
guarantee that the domain is safe for use.
---
 src/config/SSSDConfig.py | 36 ++++++++++++++++++++++++++++--------
 1 file changed, 28 insertions(+), 8 deletions(-)

(limited to 'src/config/SSSDConfig.py')

diff --git a/src/config/SSSDConfig.py b/src/config/SSSDConfig.py
index a05b5334..f1ff02aa 100644
--- a/src/config/SSSDConfig.py
+++ b/src/config/SSSDConfig.py
@@ -944,7 +944,10 @@ class SSSDDomain(SSSDConfigObject):
         is_provider = option.rfind('_provider')
         if (is_provider > 0):
             provider = option[:is_provider]
-            self.add_provider(value, provider)
+            try:
+                self.add_provider(value, provider)
+            except NoSuchProviderError:
+                raise NoOptionError
         else:
             self.options[option] = value
 
@@ -1251,8 +1254,13 @@ class SSSDConfig(SSSDChangeConf):
             raise NoServiceError
 
         service = SSSDService(name, self.schema)
-        [service.set_option(opt['name'], opt['value'])
-         for opt in self.strip_comments_empty(self.options(name)) ]
+        for opt in self.strip_comments_empty(self.options(name)):
+            try:
+                service.set_option(opt['name'], opt['value'])
+            except NoOptionError:
+                # If we come across an option that we don't recognize,
+                # we should just ignore it and continue
+                pass
 
         return service
 
@@ -1448,12 +1456,24 @@ class SSSDConfig(SSSDChangeConf):
         # errors trying to read in their options
         providers = [ (x['name'],x['value']) for x in self.strip_comments_empty(self.options('domain/%s' % name))
                      if x['name'].rfind('_provider') > 0]
-        [domain.set_option(option, value)
-         for (option, value) in providers]
 
-        [domain.set_option(opt['name'], opt['value'])
-         for opt in self.strip_comments_empty(self.options('domain/%s' % name))
-         if (opt['name'], opt['value']) not in providers]
+        for (option, value) in providers:
+            try:
+                domain.set_option(option, value)
+            except NoOptionError:
+                # If we come across an option that we don't recognize,
+                # we should just ignore it and continue
+                pass
+
+        # Read in all the options from the configuration
+        for opt in self.strip_comments_empty(self.options('domain/%s' % name)):
+            if (opt['name'], opt['value']) not in providers:
+                try:
+                    domain.set_option(opt['name'], opt['value'])
+                except NoOptionError:
+                    # If we come across an option that we don't recognize,
+                    # we should just ignore it and continue
+                    pass
 
         # Determine if this domain is currently active
         domain.active = self.is_domain_active(name)
-- 
cgit