From d4a1dc5712cd2fa9e028a43e5b7146891e5012f0 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Wed, 22 Feb 2012 17:42:38 -0500
Subject: Don't allow IPA master hosts or important services be deleted.

Deleting these would cause the IPA master to blow up.

For services I'm taking a conservative approach and only limiting the
deletion of known services we care about.

https://fedorahosted.org/freeipa/ticket/2425
---
 ipalib/plugins/baseldap.py | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'ipalib/plugins/baseldap.py')

diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py
index d619f14e..725704ee 100644
--- a/ipalib/plugins/baseldap.py
+++ b/ipalib/plugins/baseldap.py
@@ -387,6 +387,20 @@ def remove_external_post_callback(memberattr, membertype, externalattr, ldap, co
 
     return (completed + completed_external, dn)
 
+def host_is_master(ldap, fqdn):
+    """
+    Check to see if this host is a master.
+
+    Raises an exception if a master, otherwise returns nothing.
+    """
+    master_dn = str(DN('cn=%s' % fqdn, 'cn=masters,cn=ipa,cn=etc', api.env.basedn))
+    try:
+        (dn, entry_attrs) = ldap.get_entry(master_dn, ['objectclass'])
+        raise errors.ValidationError(name='hostname', error=_('An IPA master host cannot be deleted'))
+    except errors.NotFound:
+        # Good, not a master
+        return
+
 
 class LDAPObject(Object):
     """
-- 
cgit