diff options
author | Petr Viktorin <pviktori@redhat.com> | 2013-02-14 07:23:06 -0500 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2013-02-22 17:25:18 +0100 |
commit | 621c247d00f98b2a6999771f930d121e9096d9eb (patch) | |
tree | c314dc2cbd9798a68fbed96426f565147631dd8f | |
parent | fd1cfd38e2cf0b9b8730f6d68c9fc3283a0872a1 (diff) | |
download | freeipa-621c247d00f98b2a6999771f930d121e9096d9eb.tar.gz freeipa-621c247d00f98b2a6999771f930d121e9096d9eb.tar.xz freeipa-621c247d00f98b2a6999771f930d121e9096d9eb.zip |
Fix permission validation and normalization in aci.py
The code split the permission string on commas, essentially doing
poor man's CSV parsing. So if a permission contained a
comma-separated list of valid permissions, validation would pass
but we'd get errors later.
https://fedorahosted.org/freeipa/ticket/3420
-rw-r--r-- | ipalib/plugins/aci.py | 23 |
1 files changed, 10 insertions, 13 deletions
diff --git a/ipalib/plugins/aci.py b/ipalib/plugins/aci.py index a97bb48b0..665a7ec46 100644 --- a/ipalib/plugins/aci.py +++ b/ipalib/plugins/aci.py @@ -392,21 +392,18 @@ def _find_aci_by_name(acis, aciprefix, aciname): return a raise errors.NotFound(reason=_('ACI with name "%s" not found') % aciname) -def validate_permissions(ugettext, permissions): - valid_permissions = [] - permissions = permissions.split(',') - for p in permissions: - p = p.strip().lower() - if not p in _valid_permissions_values: - return '"%s" is not a valid permission' % p -def _normalize_permissions(permissions): +def validate_permissions(ugettext, perm): + perm = perm.strip().lower() + if perm not in _valid_permissions_values: + return '"%s" is not a valid permission' % perm + + +def _normalize_permissions(perm): valid_permissions = [] - permissions = permissions.split(',') - for p in permissions: - p = p.strip().lower() - if p not in valid_permissions: - valid_permissions.append(p) + perm = perm.strip().lower() + if perm not in valid_permissions: + valid_permissions.append(perm) return ','.join(valid_permissions) _prefix_option = StrEnum('aciprefix', |