On Wed, 05 Aug 2015, Tomas Babej wrote:
Hi,

Value needs to be unpacked from the list and converted before comparison.

https://fedorahosted.org/freeipa/ticket/5182

From dee59d971acb733c1dee06a61cc0d79ac2f4fdb7 Mon Sep 17 00:00:00 2001
From: Tomas Babej <tba...@redhat.com>
Date: Wed, 5 Aug 2015 17:31:47 +0200
Subject: [PATCH] Fix incorrect type comparison in trust-fetch-domains

Value needs to be unpacked from the list and converted before comparison.

https://fedorahosted.org/freeipa/ticket/5182
---
ipalib/plugins/trust.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ipalib/plugins/trust.py b/ipalib/plugins/trust.py
index 
91ffaf7feadba0d180e0e95c54f7187cf71d0170..940e06a5ffa387c6cc18983d7b56f089f58a236e
 100644
--- a/ipalib/plugins/trust.py
+++ b/ipalib/plugins/trust.py
@@ -1487,7 +1487,7 @@ class trust_fetch_domains(LDAPRetrieve):
        result['truncated'] = False

        # For one-way trust fetch over DBus. we don't get the list in this case.
-        if trust['ipanttrustdirection'] & TRUST_BIDIRECTIONAL != 
TRUST_BIDIRECTIONAL:
+        if int(trust['ipanttrustdirection'][0]) != TRUST_BIDIRECTIONAL:
            fetch_trusted_domains_over_dbus(self.api, self.log, keys[0])
            result['summary'] = unicode(_('List of trust domains successfully 
refreshed. Use trustdomain-find command to list them.'))
            return result
On one hand, ipanttrustdirection is a bitmask with only two possible
bits could be set (TRUST_BIDIRECTIONAL is 00000011 for that reason). You
could have AD as a trusted, not trusting domain (e.g. AD trusts us but
we don't trust AD) in future. But we should be able to use the same dbus
fetcher for both these cases and shouldn't use it for bidirectional yet
because we can rely on Kerberos cross-realm TGTs.

So, ACK.

--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to