rpms / ipa

Clone
Source Code
GIT

Blame SOURCES/0104-Replication-Administrators-cannot-remove-replication.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-DL1 c8-beta-stream-client c8-stream-DL1 c8-stream-client c8s-stream-DL1 c8s-stream-client c9 c9-beta
  1.   e3ffaba991846b3d30db421b233d97e0de702b6f
  2.   SOURCES
  3.   0104-Replication-Administrators-cannot-remove-replication.patch
Blob History Raw
e3ffab 
From 0bea7bc245fe1471008d20c78626c2fa2572e91c Mon Sep 17 00:00:00 2001
e3ffab 
From: Martin Kosek <mkosek@redhat.com>
e3ffab 
Date: Mon, 19 Jan 2015 12:42:11 +0100
e3ffab 
Subject: [PATCH] Replication Administrators cannot remove replication
e3ffab 
 agreements
e3ffab
e3ffab 
Replication agreement deletion requires read access to DNA range
e3ffab 
setting. The read access was accidently removed during PermissionV2
e3ffab 
refactoring.
e3ffab
e3ffab 
Add the read ACI back as a special SYSTEM permission.
e3ffab
e3ffab 
https://fedorahosted.org/freeipa/ticket/4848
e3ffab
e3ffab 
Reviewed-By: Martin Basti <mbasti@redhat.com>
e3ffab 
---
e3ffab 
 install/updates/40-replication.update | 11 +++++++++++
e3ffab 
 1 file changed, 11 insertions(+)
e3ffab
e3ffab 
diff --git a/install/updates/40-replication.update b/install/updates/40-replication.update
e3ffab 
index 619d14663eeb6f692864c960dfd3542fc22cb581..f46ab19f0090ba313880e6d99636f50397f8d33b 100644
e3ffab 
--- a/install/updates/40-replication.update
e3ffab 
+++ b/install/updates/40-replication.update
e3ffab 
@@ -14,3 +14,14 @@ default:member: cn=Replication Administrators,cn=privileges,cn=pbac,$SUFFIX
e3ffab
e3ffab 
 dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config
e3ffab 
 add:aci: '(targetattr=dnaNextRange || dnaNextValue || dnaMaxValue)(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,$SUFFIX";)'
e3ffab 
+
e3ffab 
+dn: cn=Read DNA Range,cn=permissions,cn=pbac,$SUFFIX
e3ffab 
+default:objectClass: top
e3ffab 
+default:objectClass: groupofnames
e3ffab 
+default:objectClass: ipapermission
e3ffab 
+default:cn: Read DNA Range
e3ffab 
+default:ipapermissiontype: SYSTEM
e3ffab 
+default:member: cn=Replication Administrators,cn=privileges,cn=pbac,$SUFFIX
e3ffab 
+
e3ffab 
+dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config
e3ffab 
+add:aci: '(targetattr=cn || dnaMaxValue || dnaNextRange || dnaNextValue  || dnaThreshold || dnaType || objectclass)(version 3.0;acl "permission:Read DNA Range";allow (read, search, compare) groupdn = "ldap:///cn=Read DNA Range,cn=permissions,cn=pbac,$SUFFIX";)'
e3ffab 
--
e3ffab 
2.1.0
e3ffab

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation