[Freeipa-devel] [PATCH 27/27] get_primary_key_from_dn returns decoded value

Wed, 15 Jun 2011 13:04:11 -0700

DN's may be encoded. If we're going to return the value from one of the RDN's in the DN then we must decode the DN first, otherwise the returned value won't be what we're expecting. Specifically the value getting passed back through the RPC interface was not the value set because it included escaping specific only to DN's. We want to treat the value as the value set by the user, the fact it happens to live as part of a DN is an irrelevant implementation detail which shouldn't be visible in the values we exchange through the RPC mechanism.
This patch takes the DN as returned by an ldap search and creates a DN object from it. The DN object allows us to robustly extract the value by name. The DN object also assures the components in the DN have been decoded back into normal unicode strings. 


There are many other places where we need to properly handle DN's by 
using a DN object, this is just one place, the minimum needed to get 
comma's working in privileges. I'd rather make very small incremental 
changes in the DN handling rather than introducing too many changes in 
this critical area of the code, let's be conservative at this juncture.


--
John Dennis <jden...@redhat.com>

Looking to carve out IT costs?
www.redhat.com/carveoutcosts/

>From a253c4a907e6f94b8b5193377d4009ddc94a2f20 Mon Sep 17 00:00:00 2001
From: John Dennis <jden...@redhat.com>
Date: Wed, 15 Jun 2011 15:43:26 -0400
Subject: [PATCH 27/27] get_primary_key_from_dn returns decoded value
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit

---
 ipalib/plugins/baseldap.py |    5 ++++-
 1 files changed, 4 insertions(+), 1 deletions(-)

diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py
index 7d45525..a832bea 100644
--- a/ipalib/plugins/baseldap.py
+++ b/ipalib/plugins/baseldap.py
@@ -33,6 +33,7 @@ from ipalib.cli import to_cli, from_cli
 from ipalib import output
 from ipalib.text import _
 from ipalib.util import json_serialize
+from ipalib.dn import *
 
 global_output_params = (
     Str('member',
@@ -318,7 +319,9 @@ class LDAPObject(Object):
                     return ''
         except errors.NotFound:
             pass
-        return dn[len(self.primary_key.name) + 1:dn.find(',')]
+        # DN object assures we're returning a decoded (unescaped) value
+        dn = DN(dn)
+        return dn[self.primary_key.name]
 
     def get_ancestor_primary_keys(self):
         if self.parent_object:
-- 
1.7.4.4


_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel





















					Reply via email to