diff options
author | Rob Crittenden <rcritten@redhat.com> | 2008-03-28 15:28:28 -0400 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2008-03-28 15:28:28 -0400 |
commit | b7924139d895c7ebe019fbfc9c85fed3baae642e (patch) | |
tree | 9f9ba4ac56ecb9c7a3209fe903e7d44371d0fbe2 | |
parent | 034d9d6753c22db6fb38a9cf85f550a0b376ca9f (diff) | |
download | freeipa-b7924139d895c7ebe019fbfc9c85fed3baae642e.tar.gz freeipa-b7924139d895c7ebe019fbfc9c85fed3baae642e.tar.xz freeipa-b7924139d895c7ebe019fbfc9c85fed3baae642e.zip |
Don't allow the admin user to be removed using the XML-RPC Interface.
If a site really wants it gone then can delete it via LDAP.
439281
-rw-r--r-- | ipa-python/ipaerror.py | 5 | ||||
-rw-r--r-- | ipa-server/xmlrpc-server/funcs.py | 2 |
2 files changed, 7 insertions, 0 deletions
diff --git a/ipa-python/ipaerror.py b/ipa-python/ipaerror.py index 256c87891..9b9cefccf 100644 --- a/ipa-python/ipaerror.py +++ b/ipa-python/ipaerror.py @@ -163,6 +163,11 @@ INPUT_REALM_MISMATCH = gen_error_code( 0x0006, "The realm for the principal does not match the realm for this IPA server.") +INPUT_ADMIN_REQUIRED = gen_error_code( + INPUT_CATEGORY, + 0x0007, + "The admin user cannot be deleted.") + # # Connection errors # diff --git a/ipa-server/xmlrpc-server/funcs.py b/ipa-server/xmlrpc-server/funcs.py index 11b4e9fb5..5190b09f7 100644 --- a/ipa-server/xmlrpc-server/funcs.py +++ b/ipa-server/xmlrpc-server/funcs.py @@ -1105,6 +1105,8 @@ class IPAServer: """ if not isinstance(uid,basestring) or len(uid) == 0: raise ipaerror.gen_exception(ipaerror.INPUT_INVALID_PARAMETER) + if uid == "admin": + raise ipaerror.gen_exception(ipaerror.INPUT_ADMIN_REQUIRED) user = self.get_user_by_uid(uid, ['dn', 'uid', 'objectclass'], opts) if user is None: raise ipaerror.gen_exception(ipaerror.LDAP_NOT_FOUND) |