[Freeipa-devel] [PATCH 27/27] get_primary_key_from_dn returns decoded value
Rob Crittenden
rcritten at redhat.com
Wed Jun 22 21:07:12 UTC 2011
John Dennis wrote:
> DN's may be encoded. If we're going to return the value from one of the
> RDN's in the DN then we must decode the DN first, otherwise the returned
> value won't be what we're expecting. Specifically the value getting
> passed back through the RPC interface was not the value set because it
> included escaping specific only to DN's. We want to treat the value as
> the value set by the user, the fact it happens to live as part of a DN
> is an irrelevant implementation detail which shouldn't be visible in the
> values we exchange through the RPC mechanism.
>
> This patch takes the DN as returned by an ldap search and creates a DN
> object from it. The DN object allows us to robustly extract the value by
> name. The DN object also assures the components in the DN have been
> decoded back into normal unicode strings.
>
> There are many other places where we need to properly handle DN's by
> using a DN object, this is just one place, the minimum needed to get
> comma's working in privileges. I'd rather make very small incremental
> changes in the DN handling rather than introducing too many changes in
> this critical area of the code, let's be conservative at this juncture.
>
ack, pushed to master and ipa-2-0
More information about the Freeipa-devel
mailing list