[Freeipa-devel] [PATCHES] 0562-0563 ix internal error when global policy is not readable

[Petr Viktorin]

When investigating this issue I became very annoyed by the star import 
hiding where names come from, so I did some cleanup first.


In krbtpolicy, an ACIError is now raised if:
- the user doesn't have permission to read any one of the ticket policy
   attributes on the requested entry
   (checked using attribute-level rights)
- any ticket policy attribute from the default policy is not available
   (either not readable, or not there at all)
   (only checked if these are accessed, i.e. when the user entry doesn't
    override all of the defaults, or when requesting the global policy)

That means if the user is not available at all, you get a NotFound, but 
if global policy is not found it's assumed that it's just unreadable.

-- 
Petr³
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pviktori-0562-krbtpolicy-plugin-Code-cleanup.patch
Type: text/x-patch
Size: 3203 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140529/d2b465cb/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pviktori-0563-krbtpolicy-plugin-Fix-internal-error-when-global-pol.patch
Type: text/x-patch
Size: 3239 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140529/d2b465cb/attachment-0001.bin>