summaryrefslogtreecommitdiffstats
path: root/ipaserver/dcerpc.py
diff options
context:
space:
mode:
authorTomas Babej <tbabej@redhat.com>2013-07-25 13:54:39 +0200
committerMartin Kosek <mkosek@redhat.com>2013-08-06 12:25:39 +0200
commit8122d74596457530ce794916bafb1c7fcdb56ada (patch)
treeee064357524cec2ed39d4c2095fbe6e478aa6c41 /ipaserver/dcerpc.py
parentfb08402b718b3e05fa11031f04237eaa12ce4f85 (diff)
downloadfreeipa-8122d74596457530ce794916bafb1c7fcdb56ada.tar.gz
freeipa-8122d74596457530ce794916bafb1c7fcdb56ada.tar.xz
freeipa-8122d74596457530ce794916bafb1c7fcdb56ada.zip
Use case-insensitive dict for trusted domain info
In DomainValidator, we store a dictionary containing information for trusted domains. This is a case-sensitive dictionary keyed by the domain name. We need to use case-insensitive dictionary since domain names are generally case-insensitive. https://fedorahosted.org/freeipa/ticket/3816
Diffstat (limited to 'ipaserver/dcerpc.py')
-rw-r--r--ipaserver/dcerpc.py36
1 files changed, 24 insertions, 12 deletions
diff --git a/ipaserver/dcerpc.py b/ipaserver/dcerpc.py
index 4660842fc..3ef81a6db 100644
--- a/ipaserver/dcerpc.py
+++ b/ipaserver/dcerpc.py
@@ -150,18 +150,29 @@ class DomainValidator(object):
return True
def get_trusted_domains(self):
- """Returns dict of trusted domain tuples (flatname, sid, trust_auth_outgoing), keyed by domain name"""
- cn_trust = DN(('cn', 'ad'), self.api.env.container_trusts, self.api.env.basedn)
+ """
+ Returns case-insensitive dict of trusted domain tuples
+ (flatname, sid, trust_auth_outgoing), keyed by domain name.
+ """
+ cn_trust = DN(('cn', 'ad'), self.api.env.container_trusts,
+ self.api.env.basedn)
+
try:
search_kw = {'objectClass': 'ipaNTTrustedDomain'}
filter = self.ldap.make_filter(search_kw, rules=self.ldap.MATCH_ALL)
- (entries, truncated) = self.ldap.find_entries(filter=filter, base_dn=cn_trust,
- attrs_list=[self.ATTR_TRUSTED_SID,
- self.ATTR_FLATNAME,
- self.ATTR_TRUST_PARTNER,
- self.ATTR_TRUST_AUTHOUT])
+ (entries, truncated) = self.ldap.find_entries(
+ filter=filter,
+ base_dn=cn_trust,
+ attrs_list=[self.ATTR_TRUSTED_SID,
+ self.ATTR_FLATNAME,
+ self.ATTR_TRUST_PARTNER,
+ self.ATTR_TRUST_AUTHOUT]
+ )
+
+ # We need to use case-insensitive dictionary since we use
+ # domain names as keys and those are generally case-insensitive
+ result = ipautil.CIDict()
- result = dict()
for dn, entry in entries:
try:
trust_partner = entry[self.ATTR_TRUST_PARTNER][0]
@@ -170,13 +181,14 @@ class DomainValidator(object):
except KeyError, e:
# Some piece of trusted domain info in LDAP is missing
# Skip the domain, but leave log entry for investigation
- api.log.warn("Trusted domain '%s' entry misses an attribute: %s",
- dn, e)
+ api.log.warn("Trusted domain '%s' entry misses an "
+ "attribute: %s", dn, e)
continue
+
trust_authout = entry.get(self.ATTR_TRUST_AUTHOUT, [None])[0]
- # We were able to read all Trusted domain attributes but the secret
- # User is not member of trust admins group
+ # We were able to read all Trusted domain attributes but the
+ # secret User is not member of trust admins group
if trust_authout is None:
raise errors.ACIError(
info=_('communication with trusted domains is allowed '