diff options
| author | Tomas Babej <tbabej@redhat.com> | 2015-10-23 10:43:47 +0200 |
|---|---|---|
| committer | Tomas Babej <tbabej@redhat.com> | 2015-10-26 14:10:53 +0100 |
| commit | c6a558c30eeac571323010c416798c8ebe7004fb (patch) | |
| tree | 0acc6e0bc7fab1ca149f6144a51d4089eedbe33e /ipalib | |
| parent | 4d0d5913dd2e86dabbe9592522298c42af648284 (diff) | |
| download | freeipa-c6a558c30eeac571323010c416798c8ebe7004fb.tar.gz freeipa-c6a558c30eeac571323010c416798c8ebe7004fb.tar.xz freeipa-c6a558c30eeac571323010c416798c8ebe7004fb.zip | |
trustdomain: Perform validation of the trust domain first
Makes sure that the first check that is performed when trustdomain-del
command is run is that the actual trusted domain exists. This is done to
prevent a subseqent error which might be misleading.
https://fedorahosted.org/freeipa/ticket/5389
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
Diffstat (limited to 'ipalib')
| -rw-r--r-- | ipalib/plugins/trust.py | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/ipalib/plugins/trust.py b/ipalib/plugins/trust.py index 0715713a7..61846dc11 100644 --- a/ipalib/plugins/trust.py +++ b/ipalib/plugins/trust.py @@ -1494,13 +1494,18 @@ class trustdomain_del(LDAPDelete): # to always receive empty keys. We need to catch the case when root domain is being deleted for domain in keys[1]: + # Fetch the trust to verify that the entered domain is trusted + self.api.Command.trust_show(domain) + if keys[0].lower() == domain: raise errors.ValidationError(name='domain', - error=_("cannot delete root domain of the trust, use trust-del to delete the trust itself")) + error=_("cannot delete root domain of the trust, " + "use trust-del to delete the trust itself")) try: res = self.api.Command.trustdomain_enable(keys[0], domain) except errors.AlreadyActive: pass + result = super(trustdomain_del, self).execute(*keys, **options) result['value'] = pkey_to_value(keys[1], options) return result |