[Freeipa-devel] [PATCH] 530 trust plugin: Fix typo in attribute name

Petr Viktorin pviktori at redhat.com
Mon Apr 28 11:46:02 UTC 2014 

On 04/28/2014 11:14 AM, Alexander Bokovoy wrote:
> On Fri, 18 Apr 2014, Petr Viktorin wrote:
>> From 00756cf2c9682b32dba3388e07dda3fad916e284 Mon Sep 17 00:00:00 2001
>> From: Petr Viktorin <pviktori at redhat.com>
>> Date: Thu, 17 Apr 2014 19:06:52 +0200
>> Subject: [PATCH] trust plugin: Remove ipatrustauth{incoming,outgoing}
>> from
>> default attrs
>>
>> These attributes contain secrets for the trusts and should not be
>> returned
>> by default.
>> ---
>> ipalib/plugins/trust.py | 7 +++----
>> 1 file changed, 3 insertions(+), 4 deletions(-)
>>
>> diff --git a/ipalib/plugins/trust.py b/ipalib/plugins/trust.py
>> index
>> f57cf7d891928903fdbee67697b96db4ad2679b7..8fff1cae306559fb42209cbd1aaabcbd9046a27b
>> 100644
>> --- a/ipalib/plugins/trust.py
>> +++ b/ipalib/plugins/trust.py
>> @@ -306,12 +306,11 @@ class trust(LDAPObject):
>>     object_name_plural = _('trusts')
>>     object_class = ['ipaNTTrustedDomain']
>>     default_attributes = ['cn', 'ipantflatname', 'ipanttrusteddomainsid',
>> -        'ipanttrusttype', 'ipanttrustattributes',
>> 'ipanttrustdirection', 'ipanttrustpartner',
>> -        'ipantauthtrustoutgoing', 'ipanttrustauthincoming',
>> 'ipanttrustforesttrustinfo',
>> +        'ipanttrusttype', 'ipanttrustattributes', 'ipanttrustdirection',
>> +        'ipanttrustpartner', 'ipanttrustforesttrustinfo',
>>         'ipanttrustposixoffset', 'ipantsupportedencryptiontypes' ]
>>     search_display_attributes = ['cn', 'ipantflatname',
>> -                                 'ipanttrusteddomainsid',
>> 'ipanttrusttype',
>> -                                 'ipantsidblacklistincoming',
>> 'ipantsidblacklistoutgoing' ]
>> +                                 'ipanttrusteddomainsid',
>> 'ipanttrusttype']
>>
>>     label = _('Trusts')
>>     label_singular = _('Trust')
>
> ACK.

Thanks, pushed to master: e31688909cbc5f7ab6c8d03bb28786a2dd29efe4

> This all looks fine, I only have one question -- SID blacklists now
> became invisible by default to anyone. Even admins can't see them other
> than with --all. I'm not sure they are really that important to deny
> access to, but it makes sense to reduce their visibility to normal
> users.


-- 
Petr³

More information about the Freeipa-devel mailing list