From 99d938152fbef41f2d48d4088e5ba39bc820e9de Mon Sep 17 00:00:00 2001
From: Martin Kosek <mkosek@redhat.com>
Date: Mon, 17 Oct 2011 14:26:13 +0200
Subject: Improve hostgroup/netgroup collision checks

When the NGP plugin is enabled, a managed netgroup is created for
every hostgroup. We already check that netgroup with the same
name does not exist and provide a meaningful error message.
However, this error message was also printed when a duplicate
hostgroup existed.

This patch checks for duplicate hostgroup existence first and
netgroup on the second place. It also makes sure that when NGP
plugin is (temporarily) disabled, a colliding netgroup cannot
be created.

https://fedorahosted.org/freeipa/ticket/1914
---
 ipalib/plugins/hostgroup.py | 14 ++++++++++++--
 ipalib/plugins/netgroup.py  | 20 ++++++++++++++++++++
 2 files changed, 32 insertions(+), 2 deletions(-)

diff --git a/ipalib/plugins/hostgroup.py b/ipalib/plugins/hostgroup.py
index 0560bd7d2..4e6dbbdae 100644
--- a/ipalib/plugins/hostgroup.py
+++ b/ipalib/plugins/hostgroup.py
@@ -117,10 +117,20 @@ class hostgroup_add(LDAPCreate):
 
     def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
         try:
+            # check duplicity with hostgroups first to provide proper error
+            netgroup = api.Command['hostgroup_show'](keys[-1])
+            self.obj.handle_duplicate_entry(*keys)
+        except errors.NotFound:
+            pass
+
+        try:
+            # when enabled, a managed netgroup is created for every hostgroup
+            # make sure that the netgroup can be created
             netgroup = api.Command['netgroup_show'](keys[-1])
             raise errors.DuplicateEntry(message=unicode(_(\
-                    u'netgroup with name "%s" already exists' % keys[-1]\
-                    )))
+                    u'netgroup with name "%s" already exists. ' \
+                    u'Hostgroups and netgroups share a common namespace'\
+                    ) % keys[-1]))
         except errors.NotFound:
             pass
 
diff --git a/ipalib/plugins/netgroup.py b/ipalib/plugins/netgroup.py
index 8901ac92c..d8c3c4707 100644
--- a/ipalib/plugins/netgroup.py
+++ b/ipalib/plugins/netgroup.py
@@ -145,6 +145,26 @@ class netgroup_add(LDAPCreate):
     msg_summary = _('Added netgroup "%(value)s"')
     def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
         entry_attrs.setdefault('nisdomainname', self.api.env.domain)
+
+        try:
+            # check duplicity with netgroups first to provide proper error
+            netgroup = api.Command['netgroup_show'](keys[-1])
+            self.obj.handle_duplicate_entry(*keys)
+        except errors.NotFound:
+            pass
+
+        try:
+            # when enabled, a managed netgroup is created for every hostgroup
+            # make sure that we don't create a collision if the plugin is
+            # (temporarily) disabled
+            netgroup = api.Command['hostgroup_show'](keys[-1])
+            raise errors.DuplicateEntry(message=unicode(_(\
+                    u'hostgroup with name "%s" already exists. ' \
+                    u'Hostgroups and netgroups share a common namespace'\
+                    ) % keys[-1]))
+        except errors.NotFound:
+            pass
+
         return dn
 
 api.register(netgroup_add)
-- 
cgit