From 57e8d1c6ff58bc58d50d0b1d501820f55a6f2837 Mon Sep 17 00:00:00 2001 From: Martin Babinsky Date: Thu, 21 Jul 2016 09:42:01 +0200 Subject: [PATCH] prevent search for RADIUS proxy servers by secret radiusproxy-find should not allow search by proxy secret even for privileged users so we should hide it from CLI. https://fedorahosted.org/freeipa/ticket/6078 Reviewed-By: Jan Cholasta --- ipaserver/plugins/radiusproxy.py | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/ipaserver/plugins/radiusproxy.py b/ipaserver/plugins/radiusproxy.py index 5657e002c1ce66335b7697b98f95a49207c61d87..3391b8aed77205fb1a586d5472d8cfdbc9fd1cd5 100644 --- a/ipaserver/plugins/radiusproxy.py +++ b/ipaserver/plugins/radiusproxy.py @@ -169,6 +169,14 @@ class radiusproxy_find(LDAPSearch): '%(count)d RADIUS proxy server matched', '%(count)d RADIUS proxy servers matched', 0 ) + def get_options(self): + for option in super(radiusproxy_find, self).get_options(): + if option.name == 'ipatokenradiussecret': + option = option.clone(flags={'no_option'}) + + yield option + + @register() class radiusproxy_show(LDAPRetrieve): __doc__ = _('Display information about a RADIUS proxy server.') -- 2.7.4