Acked by alee: https://github.com/frasertweedale/pki/commit/037c16e3e78bccfa16e3d50ef840675ad2e0f3ec
Pushed to master (7ab1bbb708d539d4db4e494418fedb952e4880bc) Thanks, Fraser On Tue, Nov 29, 2016 at 07:08:48PM +1000, Fraser Tweedale wrote: > With current ACL parsing, if you have a ':' in a group name (as > occurs with FreeIPA permissions, which matter for upcoming external > principal support) you are stuffed. This commit fixes that. > > It is really a band aid - the existing parsing code is poor and > should be replaced with a nice combinatorial parser... but who has > the time for that right now? ¯\_(ツ)_/¯ > > Note that if there is a ':' in any of the ACL descriptions/comments > (the final field) this change breaks it. We don't have any > occurrences of that in our codebase. > > Thanks, > Fraser > From 4e13cd0c960558b0f590c5f74ef0b52f0eb667f2 Mon Sep 17 00:00:00 2001 > From: Fraser Tweedale <ftwee...@redhat.com> > Date: Fri, 25 Nov 2016 18:04:22 +1000 > Subject: [PATCH 140/141] Allow ':' to appear in ACL expressions > > Currently if ':' appears in an ACL expression (e.g. a group name, as > occurs in FreeIPA permissions), the ACL gets parsed incorrectly. > > Look backwards from end of string for the final ':', so that the ACL > parses correctly. > > Part of: https://fedorahosted.org/pki/ticket/1359 > --- > base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java > b/base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java > index > e37ba25e0446108e266a1b068a7ba2a6e60fb769..9b87f6e2437a398ffd6c4956a8e91809918ab8b9 > 100644 > --- a/base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java > +++ b/base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java > @@ -681,8 +681,10 @@ public class CMSEngine implements ICMSEngine { > > acl = new ACL(resource, rights, resACLs); > > + // search *backwards* for final instance of ':', to handle case > + // where acl expressions contain colon, e.g. in a group name. > String stx = st.substring(idx2 + 1); > - int idx3 = stx.indexOf(":"); > + int idx3 = stx.lastIndexOf(":"); > String aclStr = stx.substring(0, idx3); > > // getting list of acl entries > -- > 2.7.4 > > _______________________________________________ > Pki-devel mailing list > Pki-devel@redhat.com > https://www.redhat.com/mailman/listinfo/pki-devel _______________________________________________ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mailman/listinfo/pki-devel
