When the NGP plugin is enabled, a managed netgroup is created for every hostgroup. We already check that netgroup with the same name does not exist and provide a meaningful error message. However, this error message was also printed when a duplicate hostgroup existed.
This patch checks for duplicate hostgroup existence first and netgroup on the second place. It also makes sure that when NGP plugin is (temporarily) disabled, a colliding netgroup cannot be created. https://fedorahosted.org/freeipa/ticket/1914
>From 025f9fa5de4f14b68aa2a3c2ee93d4745b03dfe7 Mon Sep 17 00:00:00 2001 From: Martin Kosek <mko...@redhat.com> Date: Mon, 17 Oct 2011 14:26:13 +0200 Subject: [PATCH] Improve hostgroup/netgroup collision checks When the NGP plugin is enabled, a managed netgroup is created for every hostgroup. We already check that netgroup with the same name does not exist and provide a meaningful error message. However, this error message was also printed when a duplicate hostgroup existed. This patch checks for duplicate hostgroup existence first and netgroup on the second place. It also makes sure that when NGP plugin is (temporarily) disabled, a colliding netgroup cannot be created. https://fedorahosted.org/freeipa/ticket/1914 --- ipalib/plugins/hostgroup.py | 14 ++++++++++++-- ipalib/plugins/netgroup.py | 20 ++++++++++++++++++++ 2 files changed, 32 insertions(+), 2 deletions(-) diff --git a/ipalib/plugins/hostgroup.py b/ipalib/plugins/hostgroup.py index 0560bd7d2c95baa59720c41b982cac7a4bc1efe5..4e6dbbdae2107b903cd5749c696969c852a67f3a 100644 --- a/ipalib/plugins/hostgroup.py +++ b/ipalib/plugins/hostgroup.py @@ -117,10 +117,20 @@ class hostgroup_add(LDAPCreate): def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): try: + # check duplicity with hostgroups first to provide proper error + netgroup = api.Command['hostgroup_show'](keys[-1]) + self.obj.handle_duplicate_entry(*keys) + except errors.NotFound: + pass + + try: + # when enabled, a managed netgroup is created for every hostgroup + # make sure that the netgroup can be created netgroup = api.Command['netgroup_show'](keys[-1]) raise errors.DuplicateEntry(message=unicode(_(\ - u'netgroup with name "%s" already exists' % keys[-1]\ - ))) + u'netgroup with name "%s" already exists. ' \ + u'Hostgroups and netgroups share a common namespace'\ + ) % keys[-1])) except errors.NotFound: pass diff --git a/ipalib/plugins/netgroup.py b/ipalib/plugins/netgroup.py index 8901ac92c183a42db28e464799e73d18d8cdd7ff..d8c3c4707a1f8a657ba2cc82aa94173147953b04 100644 --- a/ipalib/plugins/netgroup.py +++ b/ipalib/plugins/netgroup.py @@ -145,6 +145,26 @@ class netgroup_add(LDAPCreate): msg_summary = _('Added netgroup "%(value)s"') def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): entry_attrs.setdefault('nisdomainname', self.api.env.domain) + + try: + # check duplicity with netgroups first to provide proper error + netgroup = api.Command['netgroup_show'](keys[-1]) + self.obj.handle_duplicate_entry(*keys) + except errors.NotFound: + pass + + try: + # when enabled, a managed netgroup is created for every hostgroup + # make sure that we don't create a collision if the plugin is + # (temporarily) disabled + netgroup = api.Command['hostgroup_show'](keys[-1]) + raise errors.DuplicateEntry(message=unicode(_(\ + u'hostgroup with name "%s" already exists. ' \ + u'Hostgroups and netgroups share a common namespace'\ + ) % keys[-1])) + except errors.NotFound: + pass + return dn api.register(netgroup_add) -- 1.7.6.4
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
