[Freeipa-devel] [PATCH] 530 trust plugin: Fix typo in attribute name
Petr Viktorin
pviktori at redhat.com
Mon Apr 28 11:46:02 UTC 2014
On 04/28/2014 11:14 AM, Alexander Bokovoy wrote:
> On Fri, 18 Apr 2014, Petr Viktorin wrote:
>> From 00756cf2c9682b32dba3388e07dda3fad916e284 Mon Sep 17 00:00:00 2001
>> From: Petr Viktorin <pviktori at redhat.com>
>> Date: Thu, 17 Apr 2014 19:06:52 +0200
>> Subject: [PATCH] trust plugin: Remove ipatrustauth{incoming,outgoing}
>> from
>> default attrs
>>
>> These attributes contain secrets for the trusts and should not be
>> returned
>> by default.
>> ---
>> ipalib/plugins/trust.py | 7 +++----
>> 1 file changed, 3 insertions(+), 4 deletions(-)
>>
>> diff --git a/ipalib/plugins/trust.py b/ipalib/plugins/trust.py
>> index
>> f57cf7d891928903fdbee67697b96db4ad2679b7..8fff1cae306559fb42209cbd1aaabcbd9046a27b
>> 100644
>> --- a/ipalib/plugins/trust.py
>> +++ b/ipalib/plugins/trust.py
>> @@ -306,12 +306,11 @@ class trust(LDAPObject):
>> object_name_plural = _('trusts')
>> object_class = ['ipaNTTrustedDomain']
>> default_attributes = ['cn', 'ipantflatname', 'ipanttrusteddomainsid',
>> - 'ipanttrusttype', 'ipanttrustattributes',
>> 'ipanttrustdirection', 'ipanttrustpartner',
>> - 'ipantauthtrustoutgoing', 'ipanttrustauthincoming',
>> 'ipanttrustforesttrustinfo',
>> + 'ipanttrusttype', 'ipanttrustattributes', 'ipanttrustdirection',
>> + 'ipanttrustpartner', 'ipanttrustforesttrustinfo',
>> 'ipanttrustposixoffset', 'ipantsupportedencryptiontypes' ]
>> search_display_attributes = ['cn', 'ipantflatname',
>> - 'ipanttrusteddomainsid',
>> 'ipanttrusttype',
>> - 'ipantsidblacklistincoming',
>> 'ipantsidblacklistoutgoing' ]
>> + 'ipanttrusteddomainsid',
>> 'ipanttrusttype']
>>
>> label = _('Trusts')
>> label_singular = _('Trust')
>
> ACK.
Thanks, pushed to master: e31688909cbc5f7ab6c8d03bb28786a2dd29efe4
> This all looks fine, I only have one question -- SID blacklists now
> became invisible by default to anyone. Even admins can't see them other
> than with --all. I'm not sure they are really that important to deny
> access to, but it makes sense to reduce their visibility to normal
> users.
--
Petr³
More information about the Freeipa-devel
mailing list