diff options
author | Tomas Babej <tbabej@redhat.com> | 2015-07-22 14:00:37 +0200 |
---|---|---|
committer | Tomas Babej <tbabej@redhat.com> | 2015-07-23 15:37:01 +0200 |
commit | 970a5535c09f382527af212e77e842a279a7ad9b (patch) | |
tree | 7b633cbcda42414e9d239febe2b2f477b27e9247 /ipaserver/dcerpc.py | |
parent | 7ceaa8e26c3073f3ff3f253025177d49259072f0 (diff) | |
download | freeipa-970a5535c09f382527af212e77e842a279a7ad9b.tar.gz freeipa-970a5535c09f382527af212e77e842a279a7ad9b.tar.xz freeipa-970a5535c09f382527af212e77e842a279a7ad9b.zip |
dcerpc: Add get_trusted_domain_object_type method
https://fedorahosted.org/freeipa/ticket/5029
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Diffstat (limited to 'ipaserver/dcerpc.py')
-rw-r--r-- | ipaserver/dcerpc.py | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/ipaserver/dcerpc.py b/ipaserver/dcerpc.py index 7220c440d..be6313e15 100644 --- a/ipaserver/dcerpc.py +++ b/ipaserver/dcerpc.py @@ -107,6 +107,14 @@ dcerpc_error_messages = { errors.RequirementError(name=_('At least the domain or IP address should be specified')), } +pysss_type_key_translation_dict = { + pysss_nss_idmap.ID_USER: 'user', + pysss_nss_idmap.ID_GROUP: 'group', + # Used for users with magic private groups + pysss_nss_idmap.ID_BOTH: 'both', +} + + def assess_dcerpc_exception(num=None,message=None): """ Takes error returned by Samba bindings and converts it into @@ -368,6 +376,27 @@ class DomainValidator(object): raise errors.ValidationError(name=_('trusted domain object'), error= _('Trusted domain did not return a valid SID for the object')) + def get_trusted_domain_object_type(self, name_or_sid): + """ + Return the type of the object corresponding to the given name in + the trusted domain, which is either 'user', 'group' or 'both'. + The 'both' types is used for users with magic private groups. + """ + + object_type = None + + if is_sid_valid(name_or_sid): + result = pysss_nss_idmap.getnamebysid(name_or_sid) + else: + result = pysss_nss_idmap.getsidbyname(name_or_sid) + + if name_or_sid in result: + object_type = result[name_or_sid].get(pysss_nss_idmap.TYPE_KEY) + + # Do the translation to hide pysss_nss_idmap constants + # from higher-level code + return pysss_type_key_translation_dict.get(object_type) + def get_trusted_domain_object_from_sid(self, sid): root_logger.debug("Converting SID to object name: %s" % sid) |