On Friday 26 of July 2013 11:07:05 Tomas Babej wrote:
> Hi,
> 
> In DomainValidator, we store a dictionary containing information
> for trusted domains. This is a case-sensitive dictionary keyed by
> the domain name.
> 
> We need to use case-insensitive dictionary since domain names
> are generally case-insensitive.
> 
> https://fedorahosted.org/freeipa/ticket/3816
> 
> Tomas
> 
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel

Yes, I know.

Tomas

>From 11a562849bf3d1f744cd5c37bb285a0f6ed15e79 Mon Sep 17 00:00:00 2001
From: Tomas Babej <tba...@redhat.com>
Date: Thu, 25 Jul 2013 13:54:39 +0200
Subject: [PATCH] Use case-insensitive dict for trusted domain info

In DomainValidator, we store a dictionary containing information
for trusted domains. This is a case-sensitive dictionary keyed by
the domain name.

We need to use case-insensitive dictionary since domain names
are generally case-insensitive.

https://fedorahosted.org/freeipa/ticket/3816
---
 ipaserver/dcerpc.py | 36 ++++++++++++++++++++++++------------
 1 file changed, 24 insertions(+), 12 deletions(-)

diff --git a/ipaserver/dcerpc.py b/ipaserver/dcerpc.py
index 4660842fc478508a9d693b4b2a539e8c77296f84..3ef81a6dbbf23b70fe53784999adb974def5c527 100644
--- a/ipaserver/dcerpc.py
+++ b/ipaserver/dcerpc.py
@@ -150,18 +150,29 @@ class DomainValidator(object):
         return True
 
     def get_trusted_domains(self):
-        """Returns dict of trusted domain tuples (flatname, sid, trust_auth_outgoing), keyed by domain name"""
-        cn_trust = DN(('cn', 'ad'), self.api.env.container_trusts, self.api.env.basedn)
+        """
+        Returns case-insensitive dict of trusted domain tuples
+        (flatname, sid, trust_auth_outgoing), keyed by domain name.
+        """
+        cn_trust = DN(('cn', 'ad'), self.api.env.container_trusts,
+                      self.api.env.basedn)
+
         try:
             search_kw = {'objectClass': 'ipaNTTrustedDomain'}
             filter = self.ldap.make_filter(search_kw, rules=self.ldap.MATCH_ALL)
-            (entries, truncated) = self.ldap.find_entries(filter=filter, base_dn=cn_trust,
-                                                          attrs_list=[self.ATTR_TRUSTED_SID,
-                                                                      self.ATTR_FLATNAME,
-                                                                      self.ATTR_TRUST_PARTNER,
-                                                                      self.ATTR_TRUST_AUTHOUT])
+            (entries, truncated) = self.ldap.find_entries(
+                filter=filter,
+                base_dn=cn_trust,
+                attrs_list=[self.ATTR_TRUSTED_SID,
+                            self.ATTR_FLATNAME,
+                            self.ATTR_TRUST_PARTNER,
+                            self.ATTR_TRUST_AUTHOUT]
+                )
+
+            # We need to use case-insensitive dictionary since we use
+            # domain names as keys and those are generally case-insensitive
+            result = ipautil.CIDict()
 
-            result = dict()
             for dn, entry in entries:
                 try:
                     trust_partner = entry[self.ATTR_TRUST_PARTNER][0]
@@ -170,13 +181,14 @@ class DomainValidator(object):
                 except KeyError, e:
                     # Some piece of trusted domain info in LDAP is missing
                     # Skip the domain, but leave log entry for investigation
-                    api.log.warn("Trusted domain '%s' entry misses an attribute: %s",
-                            dn, e)
+                    api.log.warn("Trusted domain '%s' entry misses an "
+                                 "attribute: %s", dn, e)
                     continue
+
                 trust_authout = entry.get(self.ATTR_TRUST_AUTHOUT, [None])[0]
 
-                # We were able to read all Trusted domain attributes but the secret
-                # User is not member of trust admins group
+                # We were able to read all Trusted domain attributes but the
+                # secret User is not member of trust admins group
                 if trust_authout is None:
                     raise errors.ACIError(
                         info=_('communication with trusted domains is allowed '
-- 
1.8.3.1

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to