This is a quick fix for https://fedorahosted.org/freeipa/ticket/5037
-- Martin^3 Babinsky
From 72ef56f5673152c91a1de571518d8ea232d35143 Mon Sep 17 00:00:00 2001 From: Martin Babinsky <[email protected]> Date: Thu, 23 Jul 2015 15:45:35 +0200 Subject: [PATCH] ACI plugin: correctly parse bind rules enclosed in parentheses Since bind rule such as `(userdn = "ldap:///anyone";)` is also a valid statement, the ipalib ACI parser was updated to handle this case. https://fedorahosted.org/freeipa/ticket/5037 --- ipalib/aci.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/ipalib/aci.py b/ipalib/aci.py index a55732bf19e58d8a4b36fa18bee2725d5b6584da..fd15db89ca9e5f93738dee05bb2bccbed3b78daa 100755 --- a/ipalib/aci.py +++ b/ipalib/aci.py @@ -26,10 +26,11 @@ import re ACIPat = re.compile(r'\(version\s+3.0\s*;\s*ac[li]\s+\"([^\"]*)\"\s*;\s*([^;]*);\s*\)', re.UNICODE) # Break the permissions/bind_rules out -PermPat = re.compile(r'(\w+)\s*\((.*)\)\s+(.*)', re.UNICODE) +PermPat = re.compile(r'(\w+)\s*\(([a-zA-z0-9,\s]+)\)\s*(.*)', re.UNICODE) # Break the bind rule out -BindPat = re.compile(r'([a-zA-Z0-9;\.]+)\s*(\!?=)\s*(.*)', re.UNICODE) +BindPat = re.compile(r'\(?([a-zA-Z0-9;\.]+)\s*(\!?=)\s*\"(.*)\"\)?', + re.UNICODE) ACTIONS = ["allow", "deny"] @@ -193,6 +194,9 @@ class ACI: self.target['target']['operator'] = operator def set_bindrule(self, bindrule): + if bindrule.startswith('(') != bindrule.endswith(')'): + raise SyntaxError("non-matching parentheses in bindrule") + match = BindPat.match(bindrule) if not match or len(match.groups()) < 3: raise SyntaxError, "malformed bind rule" -- 2.4.3
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
