On 04/28/2014 11:14 AM, Alexander Bokovoy wrote:
On Fri, 18 Apr 2014, Petr Viktorin wrote:
From 00756cf2c9682b32dba3388e07dda3fad916e284 Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pvikt...@redhat.com>
Date: Thu, 17 Apr 2014 19:06:52 +0200
Subject: [PATCH] trust plugin: Remove ipatrustauth{incoming,outgoing}
from
default attrs
These attributes contain secrets for the trusts and should not be
returned
by default.
---
ipalib/plugins/trust.py | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/ipalib/plugins/trust.py b/ipalib/plugins/trust.py
index
f57cf7d891928903fdbee67697b96db4ad2679b7..8fff1cae306559fb42209cbd1aaabcbd9046a27b
100644
--- a/ipalib/plugins/trust.py
+++ b/ipalib/plugins/trust.py
@@ -306,12 +306,11 @@ class trust(LDAPObject):
object_name_plural = _('trusts')
object_class = ['ipaNTTrustedDomain']
default_attributes = ['cn', 'ipantflatname', 'ipanttrusteddomainsid',
- 'ipanttrusttype', 'ipanttrustattributes',
'ipanttrustdirection', 'ipanttrustpartner',
- 'ipantauthtrustoutgoing', 'ipanttrustauthincoming',
'ipanttrustforesttrustinfo',
+ 'ipanttrusttype', 'ipanttrustattributes', 'ipanttrustdirection',
+ 'ipanttrustpartner', 'ipanttrustforesttrustinfo',
'ipanttrustposixoffset', 'ipantsupportedencryptiontypes' ]
search_display_attributes = ['cn', 'ipantflatname',
- 'ipanttrusteddomainsid',
'ipanttrusttype',
- 'ipantsidblacklistincoming',
'ipantsidblacklistoutgoing' ]
+ 'ipanttrusteddomainsid',
'ipanttrusttype']
label = _('Trusts')
label_singular = _('Trust')
ACK.
Thanks, pushed to master: e31688909cbc5f7ab6c8d03bb28786a2dd29efe4
This all looks fine, I only have one question -- SID blacklists now
became invisible by default to anyone. Even admins can't see them other
than with --all. I'm not sure they are really that important to deny
access to, but it makes sense to reduce their visibility to normal
users.
--
PetrĀ³
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel