prevent search for RADIUS proxy servers by secret

radiusproxy-find should not allow search by proxy secret even for privileged users so we should hide it from CLI. https://fedorahosted.org/freeipa/ticket/6078 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
author: Martin Babinsky <mbabinsk@redhat.com> 2016-07-21 09:42:01 +0200
committer: Jan Cholasta <jcholast@redhat.com> 2016-07-21 10:49:10 +0200
commit: 66da08445370f7024a6a529a6659714c33b7525e (patch)
tree: 35df4501e153d19385842e31e7d0144a654c9376 /ipaserver
parent: 447feb7f37803b9bad8aab52841c4d1db293727a (diff)
download: freeipa-66da08445370f7024a6a529a6659714c33b7525e.tar.gz
freeipa-66da08445370f7024a6a529a6659714c33b7525e.tar.xz
freeipa-66da08445370f7024a6a529a6659714c33b7525e.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/ipaserver/plugins/radiusproxy.py b/ipaserver/plugins/radiusproxy.py
index 5657e002c..3391b8aed 100644
--- a/ipaserver/plugins/radiusproxy.py
+++ b/ipaserver/plugins/radiusproxy.py
@@ -169,6 +169,14 @@ class radiusproxy_find(LDAPSearch):
         '%(count)d RADIUS proxy server matched', '%(count)d RADIUS proxy servers matched', 0
     )
 
+    def get_options(self):
+        for option in super(radiusproxy_find, self).get_options():
+            if option.name == 'ipatokenradiussecret':
+                option = option.clone(flags={'no_option'})
+
+            yield option
+
+
 @register()
 class radiusproxy_show(LDAPRetrieve):
     __doc__ = _('Display information about a RADIUS proxy server.')
author	Martin Babinsky <mbabinsk@redhat.com>	2016-07-21 09:42:01 +0200
committer	Jan Cholasta <jcholast@redhat.com>	2016-07-21 10:49:10 +0200
commit	66da08445370f7024a6a529a6659714c33b7525e (patch)
tree	35df4501e153d19385842e31e7d0144a654c9376 /ipaserver
parent	447feb7f37803b9bad8aab52841c4d1db293727a (diff)
download	freeipa-66da08445370f7024a6a529a6659714c33b7525e.tar.gz freeipa-66da08445370f7024a6a529a6659714c33b7525e.tar.xz freeipa-66da08445370f7024a6a529a6659714c33b7525e.zip