diff options
| author | Petr Viktorin <pviktori@redhat.com> | 2014-04-28 13:35:13 +0200 |
|---|---|---|
| committer | Petr Viktorin <pviktori@redhat.com> | 2014-04-30 22:16:28 +0200 |
| commit | c3d7e66291987149b3b9a019945179c54debfbf1 (patch) | |
| tree | 6d4ce7e3b675b57113abcf34a95ee8958f3a2f04 | |
| parent | be6edef6e48224e74344f48d25876b09cd263674 (diff) | |
| download | freeipa-c3d7e66291987149b3b9a019945179c54debfbf1.tar.gz freeipa-c3d7e66291987149b3b9a019945179c54debfbf1.tar.xz freeipa-c3d7e66291987149b3b9a019945179c54debfbf1.zip | |
ipalib.aci: Allow alternate "aci" keyword in ACIs
Dogtag adds some ACIs that use an alternate keyword:
version 3.0; aci
instead of
version 3.0; acl
Add support for this so the parser does not fail on these ACIs.
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
| -rwxr-xr-x | ipalib/aci.py | 2 | ||||
| -rw-r--r-- | ipatests/test_ipalib/test_aci.py | 4 |
2 files changed, 5 insertions, 1 deletions
diff --git a/ipalib/aci.py b/ipalib/aci.py index 5f33b81fe..cea61a9c4 100755 --- a/ipalib/aci.py +++ b/ipalib/aci.py @@ -23,7 +23,7 @@ import re # The Python re module doesn't do nested parenthesis # Break the ACI into 3 pieces: target, name, permissions/bind_rules -ACIPat = re.compile(r'\(version\s+3.0\s*;\s*acl\s+\"([^\"]*)\"\s*;\s*([^;]*);\s*\)', re.UNICODE) +ACIPat = re.compile(r'\(version\s+3.0\s*;\s*ac[li]\s+\"([^\"]*)\"\s*;\s*([^;]*);\s*\)', re.UNICODE) # Break the permissions/bind_rules out PermPat = re.compile(r'(\w+)\s*\((.*)\)\s+(.*)', re.UNICODE) diff --git a/ipatests/test_ipalib/test_aci.py b/ipatests/test_ipalib/test_aci.py index e89dbff0b..6b8e64e71 100644 --- a/ipatests/test_ipalib/test_aci.py +++ b/ipatests/test_ipalib/test_aci.py @@ -34,6 +34,10 @@ def test_aci_parsing_1(): check_aci_parsing('(targetattr="title")(targetfilter="(memberOf=cn=bar,cn=groups,cn=accounts ,dc=example,dc=com)")(version 3.0;acl "foobar";allow (write) groupdn="ldap:///cn=foo,cn=groups,cn=accounts,dc=example,dc=com";)', '(targetattr = "title")(targetfilter = "(memberOf=cn=bar,cn=groups,cn=accounts ,dc=example,dc=com)")(version 3.0;acl "foobar";allow (write) groupdn = "ldap:///cn=foo,cn=groups,cn=accounts,dc=example,dc=com";)') +def test_aci_parsing_1_with_aci_keyword(): + check_aci_parsing('(targetattr="title")(targetfilter="(memberOf=cn=bar,cn=groups,cn=accounts ,dc=example,dc=com)")(version 3.0;aci "foobar";allow (write) groupdn="ldap:///cn=foo,cn=groups,cn=accounts,dc=example,dc=com";)', + '(targetattr = "title")(targetfilter = "(memberOf=cn=bar,cn=groups,cn=accounts ,dc=example,dc=com)")(version 3.0;acl "foobar";allow (write) groupdn = "ldap:///cn=foo,cn=groups,cn=accounts,dc=example,dc=com";)') + def test_aci_parsing_2(): check_aci_parsing('(target="ldap:///uid=bjensen,dc=example,dc=com")(targetattr=*) (version 3.0;acl "aci1";allow (write) userdn="ldap:///self";)', '(targetattr = "*")(target = "ldap:///uid=bjensen,dc=example,dc=com")(version 3.0;acl "aci1";allow (write) userdn = "ldap:///self";)') |