diff options
author | Alexander Bokovoy <abokovoy@redhat.com> | 2013-05-06 17:10:56 +0200 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2013-05-06 20:44:00 +0200 |
commit | 03cdc22c940e82199c2afa8b4a69708237ee0a7a (patch) | |
tree | 110721c903eb032702f9980e354eec848fcbaef1 /ipalib | |
parent | aedded862dce2c8450d0eef5eca3d854166af06b (diff) | |
download | freeipa.git-03cdc22c940e82199c2afa8b4a69708237ee0a7a.tar.gz freeipa.git-03cdc22c940e82199c2afa8b4a69708237ee0a7a.tar.xz freeipa.git-03cdc22c940e82199c2afa8b4a69708237ee0a7a.zip |
Resolve SIDs in Web UI
Introduce new command, 'trust-resolve', to aid resolving SIDs to names
in the Web UI.
The command uses new SSSD interface, nss_idmap, to resolve actual SIDs.
SSSD caches resolved data so that future requests to resolve same SIDs
are returned from a memory cache.
Web UI code is using Dojo/Deferred to deliver result of SID resolution
out of band. Once resolved names are available, they replace SID values.
Since Web UI only shows ~20 records per page, up to 20 SIDs are resolved
at the same time. They all sent within the single request to the server.
https://fedorahosted.org/freeipa/ticket/3302
Diffstat (limited to 'ipalib')
-rw-r--r-- | ipalib/plugins/trust.py | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/ipalib/plugins/trust.py b/ipalib/plugins/trust.py index a252ad63..9bcfb417 100644 --- a/ipalib/plugins/trust.py +++ b/ipalib/plugins/trust.py @@ -32,6 +32,12 @@ try: except Exception, e: _murmur_installed = False +try: + import pysss_nss_idmap #pylint: disable=F0401 + _nss_idmap_installed = True +except Exception, e: + _nss_idmap_installed = False + if api.env.in_server and api.env.context in ['lite', 'server']: try: import ipaserver.dcerpc #pylint: disable=F0401 @@ -687,3 +693,52 @@ class trustconfig_show(LDAPRetrieve): return dn api.register(trustconfig_show) + +if _nss_idmap_installed: + _idmap_type_dict = { + pysss_nss_idmap.ID_USER : 'user', + pysss_nss_idmap.ID_GROUP : 'group', + pysss_nss_idmap.ID_BOTH : 'both', + } + def idmap_type_string(level): + string = _idmap_type_dict.get(int(level), 'unknown') + return unicode(string) + +class trust_resolve(Command): + __doc__ = _('Resolve security identifiers of users and groups in trusted domains') + + takes_options = ( + Str('sids+', + label = _('Security Identifiers (SIDs)'), + csv = True, + ), + ) + + has_output_params = ( + Str('name', label= _('Name')), + Str('sid', label= _('SID')), + ) + + has_output = ( + output.ListOfEntries('result'), + ) + + def execute(self, *keys, **options): + result = list() + if not _nss_idmap_installed: + return dict(result=result) + try: + sids = map(lambda x: str(x), options['sids']) + xlate = pysss_nss_idmap.getnamebysid(sids) + for sid in xlate: + entry = dict() + entry['sid'] = [unicode(sid)] + entry['name'] = [unicode(xlate[sid][pysss_nss_idmap.NAME_KEY])] + entry['type'] = [idmap_type_string(xlate[sid][pysss_nss_idmap.TYPE_KEY])] + result.append(entry) + except ValueError, e: + pass + + return dict(result=result) + +api.register(trust_resolve) |