From fe282611598ebdd97e9ca64d4da43c8916b5eb4a Mon Sep 17 00:00:00 2001
From: David Kupka <dkupka@redhat.com>
Date: Sun, 11 Jan 2015 18:45:11 -0500
Subject: [PATCH] Abort backup restoration on not matching host.

When restoring backup on master other than it was created there is high risk
of unexpected and hard-to-debug behavior. Refuse such restore.

https://fedorahosted.org/freeipa/ticket/4823

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
---
 ipaserver/install/ipa_restore.py | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/ipaserver/install/ipa_restore.py b/ipaserver/install/ipa_restore.py
index 097703938a7ba3820f4acae2148760146464fa08..3b4cf6a7c05245076abde7a9c13e53bc9636b69a 100644
--- a/ipaserver/install/ipa_restore.py
+++ b/ipaserver/install/ipa_restore.py
@@ -249,11 +249,9 @@ class Restore(admintool.AdminTool):
                 (options.instance or options.backend)):
                 raise admintool.ScriptError('Restore must be in data-only mode when restoring a specific instance or backend.')
             if self.backup_host != api.env.host:
-                self.log.warning('Host name %s does not match backup name %s' %
+                raise admintool.ScriptError(
+                    'Host name %s does not match backup name %s' %
                     (api.env.host, self.backup_host))
-                if (not options.unattended and
-                    not user_input("Continue to restore?", False)):
-                    raise admintool.ScriptError("Aborted")
             if self.backup_ipa_version != str(version.VERSION):
                 self.log.warning(
                     "Restoring data from a different release of IPA.\n"
-- 
2.1.0