[Freeipa-devel] [PATCHES 0351-0353] Improvements to ID override type validation
Alexander Bokovoy
abokovoy at redhat.com
Thu Jul 23 13:32:39 UTC 2015
On Thu, 23 Jul 2015, Tomas Babej wrote:
>>> + def get_trusted_domain_object_type(self, name_or_sid):
>>> + """
>>> + Return the type of the object corresponding to the given name in
>>> + the trusted domain, which is either 'user', 'group' or 'both'.
>>> + The 'both' types is used for users with magic private groups.
>>> + """
>>> +
>>> + object_type = None
>>> +
>>> + if is_sid_valid(name_or_sid):
>>> + result = pysss_nss_idmap.getnamebysid(name_or_sid)
>>> + else:
>>> + result = pysss_nss_idmap.getsidbyname(name_or_sid)
>>> +
>>> + if name_or_sid in result:
>>> + object_type =
>>> result[name_or_sid].get(pysss_nss_idmap.TYPE_KEY)
>> If user or group not found, pysss_nss_idmap.getsidbyname() will return
>> empty dict and the line above will fail:
>>>>> import pysss_nss_idmap
>>>>> pysss_nss_idmap.getsidbyname('some-name')
>> {}
>
>It will return {}, however, that line is prefixed by the
>
>+ if name_or_sid in result:
>
>condition, hence it won't get executed in this case.
Ok, and then you get conversion dict.get(None) -> None which then
wouldn't match anything in the caller.
Sounds good. The rest was fine.
ACK.
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list