On Friday 26 of July 2013 11:07:05 Tomas Babej wrote: > Hi, > > In DomainValidator, we store a dictionary containing information > for trusted domains. This is a case-sensitive dictionary keyed by > the domain name. > > We need to use case-insensitive dictionary since domain names > are generally case-insensitive. > > https://fedorahosted.org/freeipa/ticket/3816 > > Tomas > > _______________________________________________ > Freeipa-devel mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-devel
Yes, I know. Tomas
>From 11a562849bf3d1f744cd5c37bb285a0f6ed15e79 Mon Sep 17 00:00:00 2001 From: Tomas Babej <[email protected]> Date: Thu, 25 Jul 2013 13:54:39 +0200 Subject: [PATCH] Use case-insensitive dict for trusted domain info In DomainValidator, we store a dictionary containing information for trusted domains. This is a case-sensitive dictionary keyed by the domain name. We need to use case-insensitive dictionary since domain names are generally case-insensitive. https://fedorahosted.org/freeipa/ticket/3816 --- ipaserver/dcerpc.py | 36 ++++++++++++++++++++++++------------ 1 file changed, 24 insertions(+), 12 deletions(-) diff --git a/ipaserver/dcerpc.py b/ipaserver/dcerpc.py index 4660842fc478508a9d693b4b2a539e8c77296f84..3ef81a6dbbf23b70fe53784999adb974def5c527 100644 --- a/ipaserver/dcerpc.py +++ b/ipaserver/dcerpc.py @@ -150,18 +150,29 @@ class DomainValidator(object): return True def get_trusted_domains(self): - """Returns dict of trusted domain tuples (flatname, sid, trust_auth_outgoing), keyed by domain name""" - cn_trust = DN(('cn', 'ad'), self.api.env.container_trusts, self.api.env.basedn) + """ + Returns case-insensitive dict of trusted domain tuples + (flatname, sid, trust_auth_outgoing), keyed by domain name. + """ + cn_trust = DN(('cn', 'ad'), self.api.env.container_trusts, + self.api.env.basedn) + try: search_kw = {'objectClass': 'ipaNTTrustedDomain'} filter = self.ldap.make_filter(search_kw, rules=self.ldap.MATCH_ALL) - (entries, truncated) = self.ldap.find_entries(filter=filter, base_dn=cn_trust, - attrs_list=[self.ATTR_TRUSTED_SID, - self.ATTR_FLATNAME, - self.ATTR_TRUST_PARTNER, - self.ATTR_TRUST_AUTHOUT]) + (entries, truncated) = self.ldap.find_entries( + filter=filter, + base_dn=cn_trust, + attrs_list=[self.ATTR_TRUSTED_SID, + self.ATTR_FLATNAME, + self.ATTR_TRUST_PARTNER, + self.ATTR_TRUST_AUTHOUT] + ) + + # We need to use case-insensitive dictionary since we use + # domain names as keys and those are generally case-insensitive + result = ipautil.CIDict() - result = dict() for dn, entry in entries: try: trust_partner = entry[self.ATTR_TRUST_PARTNER][0] @@ -170,13 +181,14 @@ class DomainValidator(object): except KeyError, e: # Some piece of trusted domain info in LDAP is missing # Skip the domain, but leave log entry for investigation - api.log.warn("Trusted domain '%s' entry misses an attribute: %s", - dn, e) + api.log.warn("Trusted domain '%s' entry misses an " + "attribute: %s", dn, e) continue + trust_authout = entry.get(self.ATTR_TRUST_AUTHOUT, [None])[0] - # We were able to read all Trusted domain attributes but the secret - # User is not member of trust admins group + # We were able to read all Trusted domain attributes but the + # secret User is not member of trust admins group if trust_authout is None: raise errors.ACIError( info=_('communication with trusted domains is allowed ' -- 1.8.3.1
_______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
