[Freeipa-devel] [PATCH 0355] Fix incorrect type comparison in trust-fetch-domains
Alexander Bokovoy
abokovoy at redhat.com
Wed Aug 5 18:23:02 UTC 2015
On Wed, 05 Aug 2015, Tomas Babej wrote:
>Hi,
>
> Value needs to be unpacked from the list and converted before comparison.
>
>https://fedorahosted.org/freeipa/ticket/5182
>From dee59d971acb733c1dee06a61cc0d79ac2f4fdb7 Mon Sep 17 00:00:00 2001
>From: Tomas Babej <tbabej at redhat.com>
>Date: Wed, 5 Aug 2015 17:31:47 +0200
>Subject: [PATCH] Fix incorrect type comparison in trust-fetch-domains
>
>Value needs to be unpacked from the list and converted before comparison.
>
>https://fedorahosted.org/freeipa/ticket/5182
>---
> ipalib/plugins/trust.py | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
>diff --git a/ipalib/plugins/trust.py b/ipalib/plugins/trust.py
>index 91ffaf7feadba0d180e0e95c54f7187cf71d0170..940e06a5ffa387c6cc18983d7b56f089f58a236e 100644
>--- a/ipalib/plugins/trust.py
>+++ b/ipalib/plugins/trust.py
>@@ -1487,7 +1487,7 @@ class trust_fetch_domains(LDAPRetrieve):
> result['truncated'] = False
>
> # For one-way trust fetch over DBus. we don't get the list in this case.
>- if trust['ipanttrustdirection'] & TRUST_BIDIRECTIONAL != TRUST_BIDIRECTIONAL:
>+ if int(trust['ipanttrustdirection'][0]) != TRUST_BIDIRECTIONAL:
> fetch_trusted_domains_over_dbus(self.api, self.log, keys[0])
> result['summary'] = unicode(_('List of trust domains successfully refreshed. Use trustdomain-find command to list them.'))
> return result
On one hand, ipanttrustdirection is a bitmask with only two possible
bits could be set (TRUST_BIDIRECTIONAL is 00000011 for that reason). You
could have AD as a trusted, not trusting domain (e.g. AD trusts us but
we don't trust AD) in future. But we should be able to use the same dbus
fetcher for both these cases and shouldn't use it for bidirectional yet
because we can rely on Kerberos cross-realm TGTs.
So, ACK.
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list