|
 |
590d18 |
From 80767a47c9eda6c82f172b87a6a901be9ebf0c9a Mon Sep 17 00:00:00 2001
|
|
|
590d18 |
From: Fraser Tweedale <ftweedal@redhat.com>
|
|
|
590d18 |
Date: Mon, 24 Aug 2015 20:25:10 -0400
|
|
|
590d18 |
Subject: [PATCH] certprofile: prevent rename (modrdn)
|
|
|
590d18 |
|
|
|
590d18 |
Fixes: https://fedorahosted.org/freeipa/ticket/5247
|
|
|
590d18 |
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
590d18 |
---
|
|
|
590d18 |
ipalib/plugins/certprofile.py | 5 +++--
|
|
|
590d18 |
1 file changed, 3 insertions(+), 2 deletions(-)
|
|
|
590d18 |
|
|
|
590d18 |
diff --git a/ipalib/plugins/certprofile.py b/ipalib/plugins/certprofile.py
|
|
|
590d18 |
index 007cc543406b7e5705fd7474f3685cd6a9ce6aca..a0ffa38608400860994c771e4eba81304ead27be 100644
|
|
|
590d18 |
--- a/ipalib/plugins/certprofile.py
|
|
|
590d18 |
+++ b/ipalib/plugins/certprofile.py
|
|
|
590d18 |
@@ -323,8 +323,9 @@ class certprofile_mod(LDAPUpdate):
|
|
|
590d18 |
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
|
|
|
590d18 |
ca_enabled_check()
|
|
|
590d18 |
# Once a profile id is set it cannot be changed
|
|
|
590d18 |
- if 'cn' in entry_attrs:
|
|
|
590d18 |
- raise errors.ACIError(info=_('cn is immutable'))
|
|
|
590d18 |
+ if 'rename' in options or 'cn' in entry_attrs:
|
|
|
590d18 |
+ raise errors.ProtectedEntryError(label='certprofile', key=keys[0],
|
|
|
590d18 |
+ reason=_('Certificate profiles cannot be renamed'))
|
|
|
590d18 |
if 'file' in options:
|
|
|
590d18 |
with self.api.Backend.ra_certprofile as profile_api:
|
|
|
590d18 |
profile_api.disable_profile(keys[0])
|
|
|
590d18 |
--
|
|
|
590d18 |
2.4.3
|
|
|
590d18 |
|