|
 |
bf4f0e |
diff -up authconfig-6.2.8/authconfig-gtk.py.ldap-uris authconfig-6.2.8/authconfig-gtk.py
|
|
|
bf4f0e |
--- authconfig-6.2.8/authconfig-gtk.py.ldap-uris 2014-09-29 15:41:20.000000000 +0200
|
|
|
bf4f0e |
+++ authconfig-6.2.8/authconfig-gtk.py 2014-09-29 15:49:09.277372121 +0200
|
|
|
bf4f0e |
@@ -526,6 +526,7 @@ class Authconfig:
|
|
|
bf4f0e |
if not ldapserver:
|
|
|
bf4f0e |
return True
|
|
|
bf4f0e |
uritovalidate = ldapserver.get_text()
|
|
|
bf4f0e |
+ uritovalidate = self.info.ldapHostsToURIs(uritovalidate, False)
|
|
|
bf4f0e |
return self.info.validateLDAPURI(uritovalidate)
|
|
|
bf4f0e |
|
|
|
bf4f0e |
def enable_cacert_download(self, active, xml):
|
|
|
bf4f0e |
diff -up authconfig-6.2.8/authinfo.py.ldap-uris authconfig-6.2.8/authinfo.py
|
|
|
bf4f0e |
--- authconfig-6.2.8/authinfo.py.ldap-uris 2014-09-29 15:44:28.000000000 +0200
|
|
|
bf4f0e |
+++ authconfig-6.2.8/authinfo.py 2014-09-29 15:49:48.156249829 +0200
|
|
|
bf4f0e |
@@ -1588,20 +1588,24 @@ class AuthInfo:
|
|
|
bf4f0e |
|
|
|
bf4f0e |
def validateLDAPURI(self, s):
|
|
|
bf4f0e |
"""
|
|
|
bf4f0e |
- Check LDAP URI provided in the form of literal IPv6 address
|
|
|
bf4f0e |
- for correctness.
|
|
|
bf4f0e |
-
|
|
|
bf4f0e |
- Return False if IPv6 valid is invalid or urlparse failed to
|
|
|
bf4f0e |
- obtain integer port value, True otherwise.
|
|
|
bf4f0e |
+ Check whether LDAP URI is valid.
|
|
|
bf4f0e |
"""
|
|
|
bf4f0e |
- try:
|
|
|
bf4f0e |
- p = urlparse.urlparse(s).port
|
|
|
bf4f0e |
- return True
|
|
|
bf4f0e |
- except ValueError:
|
|
|
bf4f0e |
- return False
|
|
|
bf4f0e |
+ if ',' in s:
|
|
|
bf4f0e |
+ uris = s.split(',')
|
|
|
bf4f0e |
+ else:
|
|
|
bf4f0e |
+ uris = s.split()
|
|
|
bf4f0e |
+ for uri in uris:
|
|
|
bf4f0e |
+ try:
|
|
|
bf4f0e |
+ p = urlparse.urlparse(uri).port
|
|
|
bf4f0e |
+ except (ValueError, socket.error):
|
|
|
bf4f0e |
+ return False
|
|
|
bf4f0e |
+ return True
|
|
|
bf4f0e |
|
|
|
bf4f0e |
- def ldapHostsToURIs(self, s):
|
|
|
bf4f0e |
- l = s.split(",")
|
|
|
bf4f0e |
+ def ldapHostsToURIs(self, s, validate):
|
|
|
bf4f0e |
+ if ',' in s:
|
|
|
bf4f0e |
+ l = s.split(',')
|
|
|
bf4f0e |
+ else:
|
|
|
bf4f0e |
+ l = s.split()
|
|
|
bf4f0e |
ret = ""
|
|
|
bf4f0e |
for item in l:
|
|
|
bf4f0e |
if item:
|
|
|
bf4f0e |
@@ -1611,9 +1615,8 @@ class AuthInfo:
|
|
|
bf4f0e |
ret += item
|
|
|
bf4f0e |
else:
|
|
|
bf4f0e |
ret += "ldap://" + item + "/"
|
|
|
bf4f0e |
- if not self.validateLDAPURI(ret):
|
|
|
bf4f0e |
+ if validate and not self.validateLDAPURI(ret):
|
|
|
bf4f0e |
self.messageCB(_("Invalid LDAP URI."))
|
|
|
bf4f0e |
- return ""
|
|
|
bf4f0e |
return ret
|
|
|
bf4f0e |
|
|
|
bf4f0e |
# Read LDAP setup from /etc/ldap.conf.
|
|
|
bf4f0e |
@@ -1669,7 +1672,7 @@ class AuthInfo:
|
|
|
bf4f0e |
# We'll pull MD5/DES crypt ("pam_password") from the config
|
|
|
bf4f0e |
# file, or from the pam_unix PAM config lines.
|
|
|
bf4f0e |
|
|
|
bf4f0e |
- self.ldapServer = self.ldapHostsToURIs(cleanList(self.ldapServer))
|
|
|
bf4f0e |
+ self.ldapServer = self.ldapHostsToURIs(cleanList(self.ldapServer), False)
|
|
|
bf4f0e |
f.close()
|
|
|
bf4f0e |
return True
|
|
|
bf4f0e |
|
|
|
bf4f0e |
@@ -2456,12 +2459,12 @@ class AuthInfo:
|
|
|
bf4f0e |
# suggestions we "know". The second case is when the user has just made a
|
|
|
bf4f0e |
# change to one field and we need to update another field to somehow
|
|
|
bf4f0e |
# compensate for the change.
|
|
|
bf4f0e |
- def update(self):
|
|
|
bf4f0e |
+ def update(self, validate=False):
|
|
|
bf4f0e |
self.smbServers = cleanList(self.smbServers)
|
|
|
bf4f0e |
self.ipav2Server = cleanList(self.ipav2Server)
|
|
|
bf4f0e |
self.kerberosKDC = cleanList(self.kerberosKDC)
|
|
|
bf4f0e |
self.kerberosAdminServer = cleanList(self.kerberosAdminServer)
|
|
|
bf4f0e |
- self.ldapServer = self.ldapHostsToURIs(self.ldapServer)
|
|
|
bf4f0e |
+ self.ldapServer = self.ldapHostsToURIs(self.ldapServer, validate)
|
|
|
bf4f0e |
if self.smbSecurity == "ads":
|
|
|
bf4f0e |
# As of this writing, an ADS implementation always
|
|
|
bf4f0e |
# upper-cases the realm name, even if only internally,
|
|
|
bf4f0e |
@@ -4024,7 +4027,7 @@ class AuthInfo:
|
|
|
bf4f0e |
self.ipaUninstall = True
|
|
|
bf4f0e |
|
|
|
bf4f0e |
def write(self):
|
|
|
bf4f0e |
- self.update()
|
|
|
bf4f0e |
+ self.update(True)
|
|
|
bf4f0e |
self.prewriteUpdate()
|
|
|
bf4f0e |
self.setupBackup(PATH_CONFIG_BACKUPS + "/last")
|
|
|
bf4f0e |
try:
|
|
|
bf4f0e |
@@ -4064,7 +4067,7 @@ class AuthInfo:
|
|
|
bf4f0e |
|
|
|
bf4f0e |
def writeChanged(self, ref):
|
|
|
bf4f0e |
self.checkPAMLinked()
|
|
|
bf4f0e |
- self.update()
|
|
|
bf4f0e |
+ self.update(True)
|
|
|
bf4f0e |
self.prewriteUpdate()
|
|
|
bf4f0e |
self.setupBackup(PATH_CONFIG_BACKUPS + "/last")
|
|
|
bf4f0e |
ret = True
|