[Freeipa-devel] [PATCH] 374 Fixed vault container ownership.
Endi Sukma Dewata
edewata at redhat.com
Thu Aug 13 15:24:06 UTC 2015
On 8/13/2015 9:18 AM, Martin Basti wrote:
>> The vault-add command has been fixed such that if the user/service
>> private vault container does not exist yet it will be created and
>> owned by the user/service instead of the vault creator.
>>
>> https://fedorahosted.org/freeipa/ticket/5194
>
> I cannot apply this patch, are there any additional required patches?
>
> I have current ipa master branch
>
> git am freeipa-edewata-0374-Fixed-vault-container-ownership.patch -3
> Applying: Fixed vault container ownership.
> error: invalid object 100644 427b1ea1588af2fb09a99181b8773abdf8099b8d
> for 'ipalib/plugins/vault.py'
> fatal: git-write-tree: error building trees
> Repository lacks necessary blobs to fall back on 3-way merge.
> Cannot fall back to three-way merge.
Rebased. This patch doesn't have any dependency.
--
Endi S. Dewata
-------------- next part --------------
>From da35d235bc8196062b208095aa904e3b7a1905e2 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edewata at redhat.com>
Date: Mon, 10 Aug 2015 20:57:58 +0200
Subject: [PATCH] Fixed vault container ownership.
The vault-add command has been fixed such that if the user/service
private vault container does not exist yet it will be created and
owned by the user/service instead of the vault creator.
https://fedorahosted.org/freeipa/ticket/5194
---
ipalib/plugins/vault.py | 25 +++++++++++++++++++++++--
1 file changed, 23 insertions(+), 2 deletions(-)
diff --git a/ipalib/plugins/vault.py b/ipalib/plugins/vault.py
index 1150d5f3b8cd0001f24756548d7f280494161d19..9a2995ca04cb99b0be46076541cea2638bf3ca56 100644
--- a/ipalib/plugins/vault.py
+++ b/ipalib/plugins/vault.py
@@ -712,12 +712,33 @@ class vault_add_internal(LDAPCreate):
else:
owner_dn = self.api.Object.user.get_dn(name)
+ parent_dn = DN(*dn[1:])
+
+ container_dn = DN(self.api.Object.vault.container_dn,
+ self.api.env.basedn)
+
+ services_dn = DN(('cn', 'services'), container_dn)
+ users_dn = DN(('cn', 'users'), container_dn)
+
+ if dn.endswith(services_dn):
+ # service container should be owned by the service
+ service = parent_dn[0]['cn']
+ parent_owner_dn = self.api.Object.service.get_dn(service)
+
+ elif dn.endswith(users_dn):
+ # user container should be owned by the user
+ user = parent_dn[0]['cn']
+ parent_owner_dn = self.api.Object.user.get_dn(user)
+
+ else:
+ parent_owner_dn = owner_dn
+
try:
- parent_dn = DN(*dn[1:])
- self.obj.create_container(parent_dn, owner_dn)
+ self.obj.create_container(parent_dn, parent_owner_dn)
except errors.DuplicateEntry as e:
pass
+ # vault should be owned by the creator
entry_attrs['owner'] = owner_dn
return dn
--
2.1.0
More information about the Freeipa-devel
mailing list