[Freeipa-devel] [PATCHES] 0562-0563 ix internal error when global policy is not readable
Petr Viktorin
pviktori at redhat.com
Thu May 29 15:37:34 UTC 2014
When investigating this issue I became very annoyed by the star import
hiding where names come from, so I did some cleanup first.
In krbtpolicy, an ACIError is now raised if:
- the user doesn't have permission to read any one of the ticket policy
attributes on the requested entry
(checked using attribute-level rights)
- any ticket policy attribute from the default policy is not available
(either not readable, or not there at all)
(only checked if these are accessed, i.e. when the user entry doesn't
override all of the defaults, or when requesting the global policy)
That means if the user is not available at all, you get a NotFound, but
if global policy is not found it's assumed that it's just unreadable.
--
Petr³
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pviktori-0562-krbtpolicy-plugin-Code-cleanup.patch
Type: text/x-patch
Size: 3203 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140529/d2b465cb/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pviktori-0563-krbtpolicy-plugin-Fix-internal-error-when-global-pol.patch
Type: text/x-patch
Size: 3239 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140529/d2b465cb/attachment-0001.bin>
More information about the Freeipa-devel
mailing list