Blame SOURCES/0089-Fix-container-owner-should-be-able-to-add-vault.patch
|
 |
403b09 |
From d3e11b06bbb996b1605f15912be106dcf47b357a Mon Sep 17 00:00:00 2001
|
|
|
403b09 |
From: Martin Basti <mbasti@redhat.com>
|
|
|
403b09 |
Date: Thu, 18 Aug 2016 10:11:25 +0200
|
|
|
403b09 |
Subject: [PATCH] Fix: container owner should be able to add vault
|
|
|
403b09 |
|
|
|
403b09 |
With recent change in DS (CVE fix), ds is not returging DuplicatedEntry
|
|
|
403b09 |
error in case that user is not permitted by ACI to write, but ACIError instead.
|
|
|
403b09 |
|
|
|
403b09 |
Is safe to ignore ACI error in container, because it will be raised
|
|
|
403b09 |
again later if user has no access to container.
|
|
|
403b09 |
|
|
|
403b09 |
https://fedorahosted.org/freeipa/ticket/6159
|
|
|
403b09 |
|
|
|
403b09 |
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
|
|
403b09 |
---
|
|
|
403b09 |
ipaserver/plugins/vault.py | 2 +-
|
|
|
403b09 |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
403b09 |
|
|
|
403b09 |
diff --git a/ipaserver/plugins/vault.py b/ipaserver/plugins/vault.py
|
|
|
403b09 |
index c9b7cb942cfbca74134bce4ba039619b4f5f2845..5c4c09685ceb95c6634306c4275008d602099e12 100644
|
|
|
403b09 |
--- a/ipaserver/plugins/vault.py
|
|
|
403b09 |
+++ b/ipaserver/plugins/vault.py
|
|
|
403b09 |
@@ -783,7 +783,7 @@ class vault_add_internal(LDAPCreate):
|
|
|
403b09 |
|
|
|
403b09 |
try:
|
|
|
403b09 |
self.obj.create_container(parent_dn, owner_dn)
|
|
|
403b09 |
- except errors.DuplicateEntry as e:
|
|
|
403b09 |
+ except (errors.DuplicateEntry, errors.ACIError):
|
|
|
403b09 |
pass
|
|
|
403b09 |
|
|
|
403b09 |
# vault should be owned by the creator
|
|
|
403b09 |
--
|
|
|
403b09 |
2.7.4
|
|
|
403b09 |
|