[Freeipa-devel] [PATCH 27/27] get_primary_key_from_dn returns decoded value
John Dennis
jdennis at redhat.com
Wed Jun 15 20:02:48 UTC 2011
DN's may be encoded. If we're going to return the value from one of the
RDN's in the DN then we must decode the DN first, otherwise the returned
value won't be what we're expecting. Specifically the value getting
passed back through the RPC interface was not the value set because it
included escaping specific only to DN's. We want to treat the value as
the value set by the user, the fact it happens to live as part of a DN
is an irrelevant implementation detail which shouldn't be visible in the
values we exchange through the RPC mechanism.
This patch takes the DN as returned by an ldap search and creates a DN
object from it. The DN object allows us to robustly extract the value by
name. The DN object also assures the components in the DN have been
decoded back into normal unicode strings.
There are many other places where we need to properly handle DN's by
using a DN object, this is just one place, the minimum needed to get
comma's working in privileges. I'd rather make very small incremental
changes in the DN handling rather than introducing too many changes in
this critical area of the code, let's be conservative at this juncture.
--
John Dennis <jdennis at redhat.com>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0027-get_primary_key_from_dn-returns-decoded-value.patch
Type: text/x-patch
Size: 1195 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20110615/8aab495e/attachment.bin>
More information about the Freeipa-devel
mailing list