diff options
author | Rob Crittenden <rcritten@redhat.com> | 2012-02-22 17:42:38 -0500 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2012-02-23 20:17:12 +0100 |
commit | d4a1dc5712cd2fa9e028a43e5b7146891e5012f0 (patch) | |
tree | 7259092817babb11ba0ea02022d8b9f6a199f467 /ipalib/plugins/service.py | |
parent | 915286fed2771415b48f5476047b283b8a5fed3c (diff) | |
download | freeipa-d4a1dc5712cd2fa9e028a43e5b7146891e5012f0.tar.gz freeipa-d4a1dc5712cd2fa9e028a43e5b7146891e5012f0.tar.xz freeipa-d4a1dc5712cd2fa9e028a43e5b7146891e5012f0.zip |
Don't allow IPA master hosts or important services be deleted.
Deleting these would cause the IPA master to blow up.
For services I'm taking a conservative approach and only limiting the
deletion of known services we care about.
https://fedorahosted.org/freeipa/ticket/2425
Diffstat (limited to 'ipalib/plugins/service.py')
-rw-r--r-- | ipalib/plugins/service.py | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/ipalib/plugins/service.py b/ipalib/plugins/service.py index dad3ded43..71e4ac465 100644 --- a/ipalib/plugins/service.py +++ b/ipalib/plugins/service.py @@ -288,6 +288,16 @@ class service_del(LDAPDelete): msg_summary = _('Deleted service "%(value)s"') member_attributes = ['managedby'] def pre_callback(self, ldap, dn, *keys, **options): + # In the case of services we don't want IPA master services to be + # deleted. This is a limited few though. If the user has their own + # custom services allow them to manage them. + (service, hostname, realm) = split_principal(keys[-1]) + try: + host_is_master(ldap, hostname) + except errors.ValidationError, e: + service_types = ['HTTP', 'ldap', 'DNS' 'dogtagldap'] + if service in service_types: + raise errors.ValidationError(name='principal', error=_('This principal is required by the IPA master')) if self.api.env.enable_ra: (dn, entry_attrs) = ldap.get_entry(dn, ['usercertificate']) cert = entry_attrs.get('usercertificate') |