idviews: Use case-insensitive detection of Default Trust View

The usage of lowercased varsion of 'Default Trust View' can no longer be used to bypass the validation. https://fedorahosted.org/freeipa/ticket/4915 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
author: Tomas Babej <tbabej@redhat.com> 2015-02-23 16:16:01 +0100
committer: Tomas Babej <tbabej@redhat.com> 2015-02-23 17:51:21 +0100
commit: 93f3bb3ddd5b93a5eb731239d2c03c0a350367ca (patch)
tree: 021d2e99a9965fc878b772b4cf05f8e9607a4976 /ipalib
parent: 8b199b813d8c9e59b514311a0c1fc16eb935ecb9 (diff)
download: freeipa-93f3bb3ddd5b93a5eb731239d2c03c0a350367ca.tar.gz
freeipa-93f3bb3ddd5b93a5eb731239d2c03c0a350367ca.tar.xz
freeipa-93f3bb3ddd5b93a5eb731239d2c03c0a350367ca.zip
1 files changed, 9 insertions, 6 deletions
diff --git a/ipalib/plugins/idviews.py b/ipalib/plugins/idviews.py
index df403b119..57f0cce15 100644
--- a/ipalib/plugins/idviews.py
+++ b/ipalib/plugins/idviews.py
@@ -53,6 +53,7 @@ protected_default_trust_view_error = errors.ProtectedEntryError(
     reason=_('system ID View')
 )
 
+DEFAULT_TRUST_VIEW_NAME = "default trust view"
 
 @register()
 class idview(LDAPObject):
@@ -106,8 +107,9 @@ class idview_del(LDAPDelete):
     msg_summary = _('Deleted ID View "%(value)s"')
 
     def pre_callback(self, ldap, dn, *keys, **options):
-        if "Default Trust View" in keys:
-            raise protected_default_trust_view_error
+        for key in keys:
+            if key.lower() == DEFAULT_TRUST_VIEW_NAME:
+                raise protected_default_trust_view_error
 
         return dn
 
@@ -118,8 +120,9 @@ class idview_mod(LDAPUpdate):
     msg_summary = _('Modified an ID View "%(value)s"')
 
     def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
-        if "Default Trust View" in keys:
-            raise protected_default_trust_view_error
+        for key in keys:
+            if key.lower() == DEFAULT_TRUST_VIEW_NAME:
+                raise protected_default_trust_view_error
 
         return dn
 
@@ -240,7 +243,7 @@ class baseidview_apply(LDAPQuery):
             # the ipaAssignedIDView to None
             view_dn = None
 
-        if view == 'Default Trust View':
+        if view.lower() == DEFAULT_TRUST_VIEW_NAME:
             raise errors.ValidationError(
                 name=_('ID View'),
                 error=_('Default Trust View cannot be applied on hosts')
@@ -584,7 +587,7 @@ class baseidoverride(LDAPObject):
         # Check if parent object is Default Trust View, if so, prohibit
         # adding overrides for IPA objects
 
-        if dn[1].value == 'Default Trust View':
+        if dn[1].value.lower() == DEFAULT_TRUST_VIEW_NAME:
             if dn[0].value.startswith(IPA_ANCHOR_PREFIX):
                 raise errors.ValidationError(
                     name=_('ID View'),
author	Tomas Babej <tbabej@redhat.com>	2015-02-23 16:16:01 +0100
committer	Tomas Babej <tbabej@redhat.com>	2015-02-23 17:51:21 +0100
commit	93f3bb3ddd5b93a5eb731239d2c03c0a350367ca (patch)
tree	021d2e99a9965fc878b772b4cf05f8e9607a4976 /ipalib
parent	8b199b813d8c9e59b514311a0c1fc16eb935ecb9 (diff)
download	freeipa-93f3bb3ddd5b93a5eb731239d2c03c0a350367ca.tar.gz freeipa-93f3bb3ddd5b93a5eb731239d2c03c0a350367ca.tar.xz freeipa-93f3bb3ddd5b93a5eb731239d2c03c0a350367ca.zip