[Freeipa-devel] [PATCH] 530 trust plugin: Fix typo in attribute name
Alexander Bokovoy
abokovoy at redhat.com
Mon Apr 28 09:14:51 UTC 2014
On Fri, 18 Apr 2014, Petr Viktorin wrote:
>From 00756cf2c9682b32dba3388e07dda3fad916e284 Mon Sep 17 00:00:00 2001
>From: Petr Viktorin <pviktori at redhat.com>
>Date: Thu, 17 Apr 2014 19:06:52 +0200
>Subject: [PATCH] trust plugin: Remove ipatrustauth{incoming,outgoing} from
> default attrs
>
>These attributes contain secrets for the trusts and should not be returned
>by default.
>---
> ipalib/plugins/trust.py | 7 +++----
> 1 file changed, 3 insertions(+), 4 deletions(-)
>
>diff --git a/ipalib/plugins/trust.py b/ipalib/plugins/trust.py
>index f57cf7d891928903fdbee67697b96db4ad2679b7..8fff1cae306559fb42209cbd1aaabcbd9046a27b 100644
>--- a/ipalib/plugins/trust.py
>+++ b/ipalib/plugins/trust.py
>@@ -306,12 +306,11 @@ class trust(LDAPObject):
> object_name_plural = _('trusts')
> object_class = ['ipaNTTrustedDomain']
> default_attributes = ['cn', 'ipantflatname', 'ipanttrusteddomainsid',
>- 'ipanttrusttype', 'ipanttrustattributes', 'ipanttrustdirection', 'ipanttrustpartner',
>- 'ipantauthtrustoutgoing', 'ipanttrustauthincoming', 'ipanttrustforesttrustinfo',
>+ 'ipanttrusttype', 'ipanttrustattributes', 'ipanttrustdirection',
>+ 'ipanttrustpartner', 'ipanttrustforesttrustinfo',
> 'ipanttrustposixoffset', 'ipantsupportedencryptiontypes' ]
> search_display_attributes = ['cn', 'ipantflatname',
>- 'ipanttrusteddomainsid', 'ipanttrusttype',
>- 'ipantsidblacklistincoming', 'ipantsidblacklistoutgoing' ]
>+ 'ipanttrusteddomainsid', 'ipanttrusttype']
>
> label = _('Trusts')
> label_singular = _('Trust')
ACK.
This all looks fine, I only have one question -- SID blacklists now
became invisible by default to anyone. Even admins can't see them other
than with --all. I'm not sure they are really that important to deny
access to, but it makes sense to reduce their visibility to normal
users.
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list