pgreco / rpms / ipa

Forked from forks/areguera/rpms/ipa 4 years ago
Clone
Source Code
GIT

Blame SOURCES/0062-Prohibit-deletion-of-active-subdomain-range.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-DL1 c8-beta-stream-client c8-stream-DL1 c8-stream-client
  1.   ebac3863bb7db29ab482c96f0002c7f209b9f819
  2.   SOURCES
  3.   0062-Prohibit-deletion-of-active-subdomain-range.patch
Blob History Raw
9991ea 
From 35916294df8acc87e70c6b6796c644824caed64a Mon Sep 17 00:00:00 2001
9991ea 
From: Tomas Babej <tbabej@redhat.com>
9991ea 
Date: Thu, 13 Mar 2014 12:36:17 +0100
9991ea 
Subject: [PATCH] Prohibit deletion of active subdomain range
9991ea
9991ea 
Changes the code in the idrange_del method to not only check for
9991ea 
the root domains that match the SID in the IDRange, but for the
9991ea 
SIDs of subdomains of trusts as well.
9991ea
9991ea 
https://fedorahosted.org/freeipa/ticket/4247
9991ea
9991ea 
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
9991ea 
---
9991ea 
 ipalib/plugins/idrange.py | 20 ++++++++++++++++----
9991ea 
 1 file changed, 16 insertions(+), 4 deletions(-)
9991ea
9991ea 
diff --git a/ipalib/plugins/idrange.py b/ipalib/plugins/idrange.py
9991ea 
index cf74a75ffda42b2d2e40d2ab35c79ed069dd0f52..56ef4bba3ad0203d7d2462db6c4de90e1cb555cd 100644
9991ea 
--- a/ipalib/plugins/idrange.py
9991ea 
+++ b/ipalib/plugins/idrange.py
9991ea 
@@ -567,14 +567,26 @@ class idrange_del(LDAPDelete):
9991ea 
         range_sid = old_attrs.get('ipanttrusteddomainsid')
9991ea
9991ea 
         if range_sid is not None:
9991ea 
+            # Search for trusted domain with SID specified in the ID range entry
9991ea 
             range_sid = range_sid[0]
9991ea 
-            result = api.Command['trust_find'](ipanttrusteddomainsid=range_sid)
9991ea 
+            domain_filter=('(&(objectclass=ipaNTTrustedDomain)'
9991ea 
+                           '(ipanttrusteddomainsid=%s))' % range_sid)
9991ea
9991ea 
-            if result['count'] > 0:
9991ea 
+            try:
9991ea 
+                (trust_domains, truncated) = ldap.find_entries(
9991ea 
+                    base_dn=DN(api.env.container_trusts, api.env.basedn),
9991ea 
+                    filter=domain_filter)
9991ea 
+            except errors.NotFound:
9991ea 
+                pass
9991ea 
+            else:
9991ea 
+                # If there's an entry, it means that there's active domain
9991ea 
+                # of a trust that this range belongs to, so raise a
9991ea 
+                # DependentEntry error
9991ea 
                 raise errors.DependentEntry(
9991ea 
-                    label='Active Trust',
9991ea 
+                    label='Active Trust domain',
9991ea 
                     key=keys[0],
9991ea 
-                    dependent=result['result'][0]['cn'][0])
9991ea 
+                    dependent=trust_domains[0].dn[0].value)
9991ea 
+
9991ea
9991ea 
         return dn
9991ea
9991ea 
--
9991ea 
1.8.5.3
9991ea

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation