diff options
author | Rob Crittenden <rcritten@redhat.com> | 2008-04-25 17:01:31 -0400 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2008-05-08 12:57:48 -0400 |
commit | 34a615b069bc6ca8ef6238d642b02b57f60a6a36 (patch) | |
tree | 81a4a8fea749a1178deb6761e9ca4a56506f58d2 | |
parent | 561c3385acc76c1b89aaf5279cfc5ed4a834fb70 (diff) | |
download | freeipa-34a615b069bc6ca8ef6238d642b02b57f60a6a36.tar.gz freeipa-34a615b069bc6ca8ef6238d642b02b57f60a6a36.tar.xz freeipa-34a615b069bc6ca8ef6238d642b02b57f60a6a36.zip |
Don't allow the IPA server service principals to be removed.
440282
-rw-r--r-- | ipa-python/ipaerror.py | 5 | ||||
-rw-r--r-- | ipa-server/xmlrpc-server/funcs.py | 3 |
2 files changed, 8 insertions, 0 deletions
diff --git a/ipa-python/ipaerror.py b/ipa-python/ipaerror.py index 4f641f98..925f510f 100644 --- a/ipa-python/ipaerror.py +++ b/ipa-python/ipaerror.py @@ -178,6 +178,11 @@ INPUT_ADMIN_REQUIRED_IN_ADMINS = gen_error_code( 0x0009, "The admin user cannot be removed from the admins group.") +INPUT_SERVICE_PRINCIPAL_REQUIRED = gen_error_code( + INPUT_CATEGORY, + 0x000A, + "You cannot remove IPA server service principals.") + # # Connection errors # diff --git a/ipa-server/xmlrpc-server/funcs.py b/ipa-server/xmlrpc-server/funcs.py index 74a3030c..d83fed09 100644 --- a/ipa-server/xmlrpc-server/funcs.py +++ b/ipa-server/xmlrpc-server/funcs.py @@ -1974,6 +1974,9 @@ class IPAServer: entry = self.get_entry_by_dn(principal, ['dn', 'objectclass'], opts) if entry is None: raise ipaerror.gen_exception(ipaerror.LDAP_NOT_FOUND) + dn_list = ldap.explode_dn(entry['dn'].lower()) + if "cn=kerberos" in dn_list: + raise ipaerror.gen_exception(ipaerror.INPUT_SERVICE_PRINCIPAL_REQUIRED) conn = self.getConnection(opts) try: |