pgreco / rpms / ipa

Forked from forks/areguera/rpms/ipa 4 years ago
Clone

Blame SOURCES/0003-Prevent-to-rename-certprofile-profile-id.patch

590d18
From 51f03f45f6cdab9da0479f48093951ccdd7cdab0 Mon Sep 17 00:00:00 2001
590d18
From: Martin Basti <mbasti@redhat.com>
590d18
Date: Thu, 9 Jul 2015 17:17:21 +0200
590d18
Subject: [PATCH] Prevent to rename certprofile profile id
590d18
590d18
https://fedorahosted.org/freeipa/ticket/5074
590d18
590d18
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
590d18
---
590d18
 ipalib/plugins/certprofile.py | 3 +++
590d18
 1 file changed, 3 insertions(+)
590d18
590d18
diff --git a/ipalib/plugins/certprofile.py b/ipalib/plugins/certprofile.py
590d18
index 6f9a41875b2a276b521219156e630817a9c41fdc..5550ed942521dbab2e783fba1570520268f9b378 100644
590d18
--- a/ipalib/plugins/certprofile.py
590d18
+++ b/ipalib/plugins/certprofile.py
590d18
@@ -291,6 +291,9 @@ class certprofile_mod(LDAPUpdate):
590d18
 
590d18
     def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
590d18
         ca_enabled_check()
590d18
+        # Once a profile id is set it cannot be changed
590d18
+        if 'cn' in entry_attrs:
590d18
+            raise errors.ACIError(info=_('cn is immutable'))
590d18
         if 'file' in options:
590d18
             with self.api.Backend.ra_certprofile as profile_api:
590d18
                 profile_api.disable_profile(keys[0])
590d18
-- 
590d18
2.1.0
590d18