[Freeipa-devel] [PATCHES 0351-0353] Improvements to ID override type validation
Tomas Babej
tbabej at redhat.com
Thu Jul 23 13:37:43 UTC 2015
On 07/23/2015 03:32 PM, Alexander Bokovoy wrote:
> On Thu, 23 Jul 2015, Tomas Babej wrote:
>>>> + def get_trusted_domain_object_type(self, name_or_sid):
>>>> + """
>>>> + Return the type of the object corresponding to the given
>>>> name in
>>>> + the trusted domain, which is either 'user', 'group' or 'both'.
>>>> + The 'both' types is used for users with magic private groups.
>>>> + """
>>>> +
>>>> + object_type = None
>>>> +
>>>> + if is_sid_valid(name_or_sid):
>>>> + result = pysss_nss_idmap.getnamebysid(name_or_sid)
>>>> + else:
>>>> + result = pysss_nss_idmap.getsidbyname(name_or_sid)
>>>> +
>>>> + if name_or_sid in result:
>>>> + object_type =
>>>> result[name_or_sid].get(pysss_nss_idmap.TYPE_KEY)
>>> If user or group not found, pysss_nss_idmap.getsidbyname() will return
>>> empty dict and the line above will fail:
>>>>>> import pysss_nss_idmap
>>>>>> pysss_nss_idmap.getsidbyname('some-name')
>>> {}
>>
>> It will return {}, however, that line is prefixed by the
>>
>> + if name_or_sid in result:
>>
>> condition, hence it won't get executed in this case.
> Ok, and then you get conversion dict.get(None) -> None which then
> wouldn't match anything in the caller.
>
> Sounds good. The rest was fine.
>
> ACK.
>
Pushed to:
master: aa066f31a5341079197f7b5a79fe2fa1045688bb
ipa-4-2: a60f4ad7d0bbdaca2fbec2c9c491e976bf935f7e
More information about the Freeipa-devel
mailing list