diff options
| author | Tomas Babej <tbabej@redhat.com> | 2013-07-25 13:54:39 +0200 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2013-08-06 12:25:39 +0200 |
| commit | 8122d74596457530ce794916bafb1c7fcdb56ada (patch) | |
| tree | ee064357524cec2ed39d4c2095fbe6e478aa6c41 | |
| parent | fb08402b718b3e05fa11031f04237eaa12ce4f85 (diff) | |
| download | freeipa.git-8122d74596457530ce794916bafb1c7fcdb56ada.tar.gz freeipa.git-8122d74596457530ce794916bafb1c7fcdb56ada.tar.xz freeipa.git-8122d74596457530ce794916bafb1c7fcdb56ada.zip | |
Use case-insensitive dict for trusted domain info
In DomainValidator, we store a dictionary containing information
for trusted domains. This is a case-sensitive dictionary keyed by
the domain name.
We need to use case-insensitive dictionary since domain names
are generally case-insensitive.
https://fedorahosted.org/freeipa/ticket/3816
| -rw-r--r-- | ipaserver/dcerpc.py | 36 |
1 files changed, 24 insertions, 12 deletions
diff --git a/ipaserver/dcerpc.py b/ipaserver/dcerpc.py index 4660842f..3ef81a6d 100644 --- a/ipaserver/dcerpc.py +++ b/ipaserver/dcerpc.py @@ -150,18 +150,29 @@ class DomainValidator(object): return True def get_trusted_domains(self): - """Returns dict of trusted domain tuples (flatname, sid, trust_auth_outgoing), keyed by domain name""" - cn_trust = DN(('cn', 'ad'), self.api.env.container_trusts, self.api.env.basedn) + """ + Returns case-insensitive dict of trusted domain tuples + (flatname, sid, trust_auth_outgoing), keyed by domain name. + """ + cn_trust = DN(('cn', 'ad'), self.api.env.container_trusts, + self.api.env.basedn) + try: search_kw = {'objectClass': 'ipaNTTrustedDomain'} filter = self.ldap.make_filter(search_kw, rules=self.ldap.MATCH_ALL) - (entries, truncated) = self.ldap.find_entries(filter=filter, base_dn=cn_trust, - attrs_list=[self.ATTR_TRUSTED_SID, - self.ATTR_FLATNAME, - self.ATTR_TRUST_PARTNER, - self.ATTR_TRUST_AUTHOUT]) + (entries, truncated) = self.ldap.find_entries( + filter=filter, + base_dn=cn_trust, + attrs_list=[self.ATTR_TRUSTED_SID, + self.ATTR_FLATNAME, + self.ATTR_TRUST_PARTNER, + self.ATTR_TRUST_AUTHOUT] + ) + + # We need to use case-insensitive dictionary since we use + # domain names as keys and those are generally case-insensitive + result = ipautil.CIDict() - result = dict() for dn, entry in entries: try: trust_partner = entry[self.ATTR_TRUST_PARTNER][0] @@ -170,13 +181,14 @@ class DomainValidator(object): except KeyError, e: # Some piece of trusted domain info in LDAP is missing # Skip the domain, but leave log entry for investigation - api.log.warn("Trusted domain '%s' entry misses an attribute: %s", - dn, e) + api.log.warn("Trusted domain '%s' entry misses an " + "attribute: %s", dn, e) continue + trust_authout = entry.get(self.ATTR_TRUST_AUTHOUT, [None])[0] - # We were able to read all Trusted domain attributes but the secret - # User is not member of trust admins group + # We were able to read all Trusted domain attributes but the + # secret User is not member of trust admins group if trust_authout is None: raise errors.ACIError( info=_('communication with trusted domains is allowed ' |