[Freeipa-devel] [PATCH 0305] idviews: Use case-insensitive detection of Default Trust View

Mon, 23 Feb 2015 08:05:43 -0800 

Hi,

The usage of lowercased varsion of 'Default Trust View' can no
longer be used to bypass the validation.

https://fedorahosted.org/freeipa/ticket/4915

Tomas

>From 549bb9a93c07ecf7ffdb913c094700129828017d Mon Sep 17 00:00:00 2001
From: Tomas Babej <[email protected]>
Date: Mon, 23 Feb 2015 16:16:01 +0100
Subject: [PATCH] idviews: Use case-insensitive detection of Default Trust View

The usage of lowercased varsion of 'Default Trust View' can no
longer be used to bypass the validation.

https://fedorahosted.org/freeipa/ticket/4915
---
 ipalib/plugins/idviews.py | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/ipalib/plugins/idviews.py b/ipalib/plugins/idviews.py
index df403b1193fe18dfadf437a18a3e0b6ffb7575b4..f59dd06e8afc1da7efce321efaa94523ed8a3e53 100644
--- a/ipalib/plugins/idviews.py
+++ b/ipalib/plugins/idviews.py
@@ -106,8 +106,9 @@ class idview_del(LDAPDelete):
     msg_summary = _('Deleted ID View "%(value)s"')
 
     def pre_callback(self, ldap, dn, *keys, **options):
-        if "Default Trust View" in keys:
-            raise protected_default_trust_view_error
+        for key in keys:
+            if key.lower() == "default trust view":
+                raise protected_default_trust_view_error
 
         return dn
 
@@ -118,8 +119,9 @@ class idview_mod(LDAPUpdate):
     msg_summary = _('Modified an ID View "%(value)s"')
 
     def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
-        if "Default Trust View" in keys:
-            raise protected_default_trust_view_error
+        for key in keys:
+            if key.lower() == "default trust view":
+                raise protected_default_trust_view_error
 
         return dn
 
@@ -240,7 +242,7 @@ class baseidview_apply(LDAPQuery):
             # the ipaAssignedIDView to None
             view_dn = None
 
-        if view == 'Default Trust View':
+        if view.lower() == 'default trust view':
             raise errors.ValidationError(
                 name=_('ID View'),
                 error=_('Default Trust View cannot be applied on hosts')
@@ -584,7 +586,7 @@ class baseidoverride(LDAPObject):
         # Check if parent object is Default Trust View, if so, prohibit
         # adding overrides for IPA objects
 
-        if dn[1].value == 'Default Trust View':
+        if dn[1].value.lower() == 'default trust view':
             if dn[0].value.startswith(IPA_ANCHOR_PREFIX):
                 raise errors.ValidationError(
                     name=_('ID View'),
-- 
2.1.0


_______________________________________________
Freeipa-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to