[Freeipa-devel] [PATCH] 0040 certprofile: prevent rename (modrdn)
Alexander Bokovoy
abokovoy at redhat.com
Tue Aug 25 05:37:11 UTC 2015
On Tue, 25 Aug 2015, Fraser Tweedale wrote:
>The attached patch fixes
>https://fedorahosted.org/freeipa/ticket/5247.
>
>Thanks,
>Fraser
>From 2cb4ab6eeedccc3471ed9bf983add4687ecd5c1a Mon Sep 17 00:00:00 2001
>From: Fraser Tweedale <ftweedal at redhat.com>
>Date: Mon, 24 Aug 2015 20:25:10 -0400
>Subject: [PATCH] certprofile: prevent rename (modrdn)
>
>Fixes: https://fedorahosted.org/freeipa/ticket/5247
>---
> ipalib/plugins/certprofile.py | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
>diff --git a/ipalib/plugins/certprofile.py b/ipalib/plugins/certprofile.py
>index 007cc543406b7e5705fd7474f3685cd6a9ce6aca..a0ffa38608400860994c771e4eba81304ead27be 100644
>--- a/ipalib/plugins/certprofile.py
>+++ b/ipalib/plugins/certprofile.py
>@@ -323,8 +323,9 @@ class certprofile_mod(LDAPUpdate):
> def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
> ca_enabled_check()
> # Once a profile id is set it cannot be changed
>- if 'cn' in entry_attrs:
>- raise errors.ACIError(info=_('cn is immutable'))
>+ if 'rename' in options or 'cn' in entry_attrs:
>+ raise errors.ProtectedEntryError(label='certprofile', key=keys[0],
>+ reason=_('Certificate profiles cannot be renamed'))
> if 'file' in options:
> with self.api.Backend.ra_certprofile as profile_api:
> profile_api.disable_profile(keys[0])
ACK
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list