From dbd87af80b55af0454866260d24d7b3b1f5d9666 Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Tue, 17 Jan 2012 17:54:00 -0500 Subject: Fix deletion of HBAC Rules when there are SELinux user maps defined When deleting an HBAC rule we need to ensure that an SELinux user map isn't pointing at it. We need to take what is the cn of the HBAC rule and see if that rule exists, then return the dn to that rule. The search was not being done properly and wasn't enforcing uniqueness. It could have returned partial matches as well (so tests for the search test). https://fedorahosted.org/freeipa/ticket/2269 --- ipalib/plugins/hbacrule.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'ipalib/plugins/hbacrule.py') diff --git a/ipalib/plugins/hbacrule.py b/ipalib/plugins/hbacrule.py index 0fa44a59..53d25aac 100644 --- a/ipalib/plugins/hbacrule.py +++ b/ipalib/plugins/hbacrule.py @@ -243,7 +243,7 @@ class hbacrule_del(LDAPDelete): msg_summary = _('Deleted HBAC rule "%(value)s"') def pre_callback(self, ldap, dn, *keys, **options): - kw = dict(seealso=dn) + kw = dict(seealso=keys[0]) _entries = api.Command.selinuxusermap_find(None, **kw) if _entries['count']: raise errors.DependentEntry(key=keys[0], label=self.api.Object['selinuxusermap'].label_singular, dependent=_entries['result'][0]['cn'][0]) -- cgit