On Mon, 23 Feb 2015, Tomas Babej wrote:
Hi,

The usage of lowercased varsion of 'Default Trust View' can no
longer be used to bypass the validation.

https://fedorahosted.org/freeipa/ticket/4915
I'm fine with the direction of the fix but please make a constant string
and compare with it.



Tomas

From 549bb9a93c07ecf7ffdb913c094700129828017d Mon Sep 17 00:00:00 2001
From: Tomas Babej <tba...@redhat.com>
Date: Mon, 23 Feb 2015 16:16:01 +0100
Subject: [PATCH] idviews: Use case-insensitive detection of Default Trust View

The usage of lowercased varsion of 'Default Trust View' can no
longer be used to bypass the validation.

https://fedorahosted.org/freeipa/ticket/4915
---
ipalib/plugins/idviews.py | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/ipalib/plugins/idviews.py b/ipalib/plugins/idviews.py
index 
df403b1193fe18dfadf437a18a3e0b6ffb7575b4..f59dd06e8afc1da7efce321efaa94523ed8a3e53
 100644
--- a/ipalib/plugins/idviews.py
+++ b/ipalib/plugins/idviews.py
@@ -106,8 +106,9 @@ class idview_del(LDAPDelete):
    msg_summary = _('Deleted ID View "%(value)s"')

    def pre_callback(self, ldap, dn, *keys, **options):
-        if "Default Trust View" in keys:
-            raise protected_default_trust_view_error
+        for key in keys:
+            if key.lower() == "default trust view":
+                raise protected_default_trust_view_error

        return dn

@@ -118,8 +119,9 @@ class idview_mod(LDAPUpdate):
    msg_summary = _('Modified an ID View "%(value)s"')

    def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
-        if "Default Trust View" in keys:
-            raise protected_default_trust_view_error
+        for key in keys:
+            if key.lower() == "default trust view":
+                raise protected_default_trust_view_error

        return dn

@@ -240,7 +242,7 @@ class baseidview_apply(LDAPQuery):
            # the ipaAssignedIDView to None
            view_dn = None

-        if view == 'Default Trust View':
+        if view.lower() == 'default trust view':
            raise errors.ValidationError(
                name=_('ID View'),
                error=_('Default Trust View cannot be applied on hosts')
@@ -584,7 +586,7 @@ class baseidoverride(LDAPObject):
        # Check if parent object is Default Trust View, if so, prohibit
        # adding overrides for IPA objects

-        if dn[1].value == 'Default Trust View':
+        if dn[1].value.lower() == 'default trust view':
            if dn[0].value.startswith(IPA_ANCHOR_PREFIX):
                raise errors.ValidationError(
                    name=_('ID View'),
--
2.1.0


_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel


--
/ Alexander Bokovoy

Attachment: pgpIzBikRZXs9.pgp
Description: PGP signature

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to