diff options
author | Alexander Bokovoy <abokovoy@redhat.com> | 2014-02-26 17:43:34 +0200 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2014-02-27 14:33:15 +0100 |
commit | 3a7ba6013ffe43176bcff2c716b33552853847ff (patch) | |
tree | beed9d5cb3d75ed58b1a2cea91afdc99f48eb455 /ipaserver/dcerpc.py | |
parent | 41ca5afba79110a8dfb9dd713df2d909b5210294 (diff) | |
download | freeipa-3a7ba6013ffe43176bcff2c716b33552853847ff.tar.gz freeipa-3a7ba6013ffe43176bcff2c716b33552853847ff.tar.xz freeipa-3a7ba6013ffe43176bcff2c716b33552853847ff.zip |
ipaserver/dcerpc: catch the case of insuffient permissions when establishing trust
We attempt to delete the trust that might exist already. If there are not enough
privileges to do so, we wouldn't be able to create trust at the next step and it will fail.
However, failure to create trust will be due to the name collision as we already had
the trust with the same name before. Thus, raise access denied exception here
to properly indicate wrong access level instead of returning NT_STATUS_OBJECT_NAME_COLLISION.
https://fedorahosted.org/freeipa/ticket/4202
Reviewed-By: Martin Kosek <mkosek@redhat.com>
Diffstat (limited to 'ipaserver/dcerpc.py')
-rw-r--r-- | ipaserver/dcerpc.py | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/ipaserver/dcerpc.py b/ipaserver/dcerpc.py index c3ae00ef3..9e03b34cf 100644 --- a/ipaserver/dcerpc.py +++ b/ipaserver/dcerpc.py @@ -892,8 +892,11 @@ class TrustDomainInstance(object): dname.string = another_domain.info['dns_domain'] res = self._pipe.QueryTrustedDomainInfoByName(self._policy_handle, dname, lsa.LSA_TRUSTED_DOMAIN_INFO_FULL_INFO) self._pipe.DeleteTrustedDomain(self._policy_handle, res.info_ex.sid) - except RuntimeError, e: - pass + except RuntimeError, (num, message): + # Ignore anything but access denied (NT_STATUS_ACCESS_DENIED) + if num == -1073741790: + raise access_denied_error + try: trustdom_handle = self._pipe.CreateTrustedDomainEx2(self._policy_handle, info, self.auth_info, security.SEC_STD_DELETE) except RuntimeError, (num, message): |