|
|
590d18 |
From c21bb52f339a38aaf7d5b4285447e5a166fb4fcf Mon Sep 17 00:00:00 2001
|
|
|
590d18 |
From: Tomas Babej <tbabej@redhat.com>
|
|
|
590d18 |
Date: Wed, 22 Jul 2015 14:00:37 +0200
|
|
|
590d18 |
Subject: [PATCH] dcerpc: Add get_trusted_domain_object_type method
|
|
|
590d18 |
|
|
|
590d18 |
https://fedorahosted.org/freeipa/ticket/5029
|
|
|
590d18 |
|
|
|
590d18 |
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
590d18 |
---
|
|
|
590d18 |
ipaserver/dcerpc.py | 29 +++++++++++++++++++++++++++++
|
|
|
590d18 |
1 file changed, 29 insertions(+)
|
|
|
590d18 |
|
|
|
590d18 |
diff --git a/ipaserver/dcerpc.py b/ipaserver/dcerpc.py
|
|
|
590d18 |
index c0aa322c5d59e7d17a4ceb90448b397613284e38..c604fa3eae4cf94d719190a5a3e3de15d3841d24 100644
|
|
|
590d18 |
--- a/ipaserver/dcerpc.py
|
|
|
590d18 |
+++ b/ipaserver/dcerpc.py
|
|
|
590d18 |
@@ -107,6 +107,14 @@ dcerpc_error_messages = {
|
|
|
590d18 |
errors.RequirementError(name=_('At least the domain or IP address should be specified')),
|
|
|
590d18 |
}
|
|
|
590d18 |
|
|
|
590d18 |
+pysss_type_key_translation_dict = {
|
|
|
590d18 |
+ pysss_nss_idmap.ID_USER: 'user',
|
|
|
590d18 |
+ pysss_nss_idmap.ID_GROUP: 'group',
|
|
|
590d18 |
+ # Used for users with magic private groups
|
|
|
590d18 |
+ pysss_nss_idmap.ID_BOTH: 'both',
|
|
|
590d18 |
+}
|
|
|
590d18 |
+
|
|
|
590d18 |
+
|
|
|
590d18 |
def assess_dcerpc_exception(num=None,message=None):
|
|
|
590d18 |
"""
|
|
|
590d18 |
Takes error returned by Samba bindings and converts it into
|
|
|
590d18 |
@@ -368,6 +376,27 @@ class DomainValidator(object):
|
|
|
590d18 |
raise errors.ValidationError(name=_('trusted domain object'),
|
|
|
590d18 |
error= _('Trusted domain did not return a valid SID for the object'))
|
|
|
590d18 |
|
|
|
590d18 |
+ def get_trusted_domain_object_type(self, name_or_sid):
|
|
|
590d18 |
+ """
|
|
|
590d18 |
+ Return the type of the object corresponding to the given name in
|
|
|
590d18 |
+ the trusted domain, which is either 'user', 'group' or 'both'.
|
|
|
590d18 |
+ The 'both' types is used for users with magic private groups.
|
|
|
590d18 |
+ """
|
|
|
590d18 |
+
|
|
|
590d18 |
+ object_type = None
|
|
|
590d18 |
+
|
|
|
590d18 |
+ if is_sid_valid(name_or_sid):
|
|
|
590d18 |
+ result = pysss_nss_idmap.getnamebysid(name_or_sid)
|
|
|
590d18 |
+ else:
|
|
|
590d18 |
+ result = pysss_nss_idmap.getsidbyname(name_or_sid)
|
|
|
590d18 |
+
|
|
|
590d18 |
+ if name_or_sid in result:
|
|
|
590d18 |
+ object_type = result[name_or_sid].get(pysss_nss_idmap.TYPE_KEY)
|
|
|
590d18 |
+
|
|
|
590d18 |
+ # Do the translation to hide pysss_nss_idmap constants
|
|
|
590d18 |
+ # from higher-level code
|
|
|
590d18 |
+ return pysss_type_key_translation_dict.get(object_type)
|
|
|
590d18 |
+
|
|
|
590d18 |
def get_trusted_domain_object_from_sid(self, sid):
|
|
|
590d18 |
root_logger.debug("Converting SID to object name: %s" % sid)
|
|
|
590d18 |
|
|
|
590d18 |
--
|
|
|
590d18 |
2.4.3
|
|
|
590d18 |
|