diff options
| author | Martin Kosek <mkosek@redhat.com> | 2011-10-17 14:26:13 +0200 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2011-10-17 17:09:57 +0200 |
| commit | 5a3268fc7d731232844eb9391be722db2179f24c (patch) | |
| tree | 14fcdc0c4bf8c4c867017a51711547360df7e7b9 | |
| parent | e365bc5379e38e2deb0e7ce88033e9e263cbd671 (diff) | |
| download | freeipa-5a3268fc7d731232844eb9391be722db2179f24c.tar.gz freeipa-5a3268fc7d731232844eb9391be722db2179f24c.tar.xz freeipa-5a3268fc7d731232844eb9391be722db2179f24c.zip | |
Improve hostgroup/netgroup collision checks
When the NGP plugin is enabled, a managed netgroup is created for
every hostgroup. We already check that netgroup with the same
name does not exist and provide a meaningful error message.
However, this error message was also printed when a duplicate
hostgroup existed.
This patch checks for duplicate hostgroup existence first and
netgroup on the second place. It also makes sure that when NGP
plugin is (temporarily) disabled, a colliding netgroup cannot
be created.
https://fedorahosted.org/freeipa/ticket/1914
| -rw-r--r-- | ipalib/plugins/hostgroup.py | 14 | ||||
| -rw-r--r-- | ipalib/plugins/netgroup.py | 20 |
2 files changed, 32 insertions, 2 deletions
diff --git a/ipalib/plugins/hostgroup.py b/ipalib/plugins/hostgroup.py index 0560bd7d2..4e6dbbdae 100644 --- a/ipalib/plugins/hostgroup.py +++ b/ipalib/plugins/hostgroup.py @@ -117,10 +117,20 @@ class hostgroup_add(LDAPCreate): def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): try: + # check duplicity with hostgroups first to provide proper error + netgroup = api.Command['hostgroup_show'](keys[-1]) + self.obj.handle_duplicate_entry(*keys) + except errors.NotFound: + pass + + try: + # when enabled, a managed netgroup is created for every hostgroup + # make sure that the netgroup can be created netgroup = api.Command['netgroup_show'](keys[-1]) raise errors.DuplicateEntry(message=unicode(_(\ - u'netgroup with name "%s" already exists' % keys[-1]\ - ))) + u'netgroup with name "%s" already exists. ' \ + u'Hostgroups and netgroups share a common namespace'\ + ) % keys[-1])) except errors.NotFound: pass diff --git a/ipalib/plugins/netgroup.py b/ipalib/plugins/netgroup.py index 8901ac92c..d8c3c4707 100644 --- a/ipalib/plugins/netgroup.py +++ b/ipalib/plugins/netgroup.py @@ -145,6 +145,26 @@ class netgroup_add(LDAPCreate): msg_summary = _('Added netgroup "%(value)s"') def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): entry_attrs.setdefault('nisdomainname', self.api.env.domain) + + try: + # check duplicity with netgroups first to provide proper error + netgroup = api.Command['netgroup_show'](keys[-1]) + self.obj.handle_duplicate_entry(*keys) + except errors.NotFound: + pass + + try: + # when enabled, a managed netgroup is created for every hostgroup + # make sure that we don't create a collision if the plugin is + # (temporarily) disabled + netgroup = api.Command['hostgroup_show'](keys[-1]) + raise errors.DuplicateEntry(message=unicode(_(\ + u'hostgroup with name "%s" already exists. ' \ + u'Hostgroups and netgroups share a common namespace'\ + ) % keys[-1])) + except errors.NotFound: + pass + return dn api.register(netgroup_add) |