rpms / ipa

Clone
Source Code
GIT

Files

  1.   590d180adcbf36133f0b1a25f8e6e746d9658a53
  2.   SOURCES
  3.   0078-Prohibit-deletion-of-predefined-profiles.patch
Blob Blame History Raw 
From ba321efe715dbbb3b4be22cb786995cf441e1a74 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftweedal@redhat.com>
Date: Thu, 13 Aug 2015 02:32:54 -0400
Subject: [PATCH] Prohibit deletion of predefined profiles

Deletion of predefined profiles, including the default profile,
should not be allowed.  Detect this case and raise an error.

Also update the predefined profiles collection to use namedtuple,
making it easier to access the various components.

Fixes: https://fedorahosted.org/freeipa/ticket/5198
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
---
 ipalib/plugins/certprofile.py | 13 +++++++++++--
 ipapython/dogtag.py           |  8 +++++---
 2 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/ipalib/plugins/certprofile.py b/ipalib/plugins/certprofile.py
index 1dd4f403ee4461b83c053eb36019a8896506bb81..007cc543406b7e5705fd7474f3685cd6a9ce6aca 100644
--- a/ipalib/plugins/certprofile.py
+++ b/ipalib/plugins/certprofile.py
@@ -3,6 +3,7 @@
 #
 
 import re
+from operator import attrgetter
 
 from ipalib import api, Bool, File, Str
 from ipalib import output, util
@@ -14,6 +15,7 @@ from ipalib.plugins.baseldap import (
 from ipalib.request import context
 from ipalib import ngettext
 from ipalib.text import _
+from ipapython.dogtag import INCLUDED_PROFILES
 from ipapython.version import API_VERSION
 
 from ipalib import errors
@@ -287,9 +289,16 @@ class certprofile_del(LDAPDelete):
     __doc__ = _("Delete a Certificate Profile.")
     msg_summary = _('Deleted profile "%(value)s"')
 
-    def execute(self, *args, **kwargs):
+    def pre_callback(self, ldap, dn, *keys, **options):
         ca_enabled_check()
-        return super(certprofile_del, self).execute(*args, **kwargs)
+
+        if keys[0] in map(attrgetter('profile_id'), INCLUDED_PROFILES):
+            raise errors.ValidationError(name='profile_id',
+                error=_("Predefined profile '%(profile_id)s' cannot be deleted")
+                    % {'profile_id': keys[0]}
+            )
+
+        return dn
 
     def post_callback(self, ldap, dn, *keys, **options):
         with self.api.Backend.ra_certprofile as profile_api:
diff --git a/ipapython/dogtag.py b/ipapython/dogtag.py
index 0782d360ccf2ce2c90c4e9cfa66b5159e437e77c..3f0d08154d21a3072e344c311c3e70e414d9dee4 100644
--- a/ipapython/dogtag.py
+++ b/ipapython/dogtag.py
@@ -17,6 +17,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #
 
+import collections
 import os
 import httplib
 import xml.dom.minidom
@@ -42,10 +43,11 @@ from ipapython.ipa_log_manager import *
 # the configured version.
 
 
+Profile = collections.namedtuple('Profile', ['profile_id', 'description', 'store_issued'])
+
 INCLUDED_PROFILES = {
-    # ( profile_id    ,         description      ,      store_issued)
-    (u'caIPAserviceCert', u'Standard profile for network services', True),
-    (u'IECUserRoles', u'User profile that includes IECUserRoles extension from request', True),
+    Profile(u'caIPAserviceCert', u'Standard profile for network services', True),
+    Profile(u'IECUserRoles', u'User profile that includes IECUserRoles extension from request', True),
     }
 
 DEFAULT_PROFILE = u'caIPAserviceCert'
-- 
2.4.3

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation