On 04/28/2014 11:14 AM, Alexander Bokovoy wrote:
On Fri, 18 Apr 2014, Petr Viktorin wrote:From 00756cf2c9682b32dba3388e07dda3fad916e284 Mon Sep 17 00:00:00 2001 From: Petr Viktorin <pvikt...@redhat.com> Date: Thu, 17 Apr 2014 19:06:52 +0200 Subject: [PATCH] trust plugin: Remove ipatrustauth{incoming,outgoing} from default attrsThese attributes contain secrets for the trusts and should not be returned by default. --- ipalib/plugins/trust.py | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/ipalib/plugins/trust.py b/ipalib/plugins/trust.py index f57cf7d891928903fdbee67697b96db4ad2679b7..8fff1cae306559fb42209cbd1aaabcbd9046a27b 100644 --- a/ipalib/plugins/trust.py +++ b/ipalib/plugins/trust.py @@ -306,12 +306,11 @@ class trust(LDAPObject): object_name_plural = _('trusts') object_class = ['ipaNTTrustedDomain'] default_attributes = ['cn', 'ipantflatname', 'ipanttrusteddomainsid', - 'ipanttrusttype', 'ipanttrustattributes', 'ipanttrustdirection', 'ipanttrustpartner', - 'ipantauthtrustoutgoing', 'ipanttrustauthincoming', 'ipanttrustforesttrustinfo', + 'ipanttrusttype', 'ipanttrustattributes', 'ipanttrustdirection', + 'ipanttrustpartner', 'ipanttrustforesttrustinfo', 'ipanttrustposixoffset', 'ipantsupportedencryptiontypes' ] search_display_attributes = ['cn', 'ipantflatname', - 'ipanttrusteddomainsid', 'ipanttrusttype', - 'ipantsidblacklistincoming', 'ipantsidblacklistoutgoing' ] + 'ipanttrusteddomainsid', 'ipanttrusttype'] label = _('Trusts') label_singular = _('Trust')ACK.
Thanks, pushed to master: e31688909cbc5f7ab6c8d03bb28786a2dd29efe4
This all looks fine, I only have one question -- SID blacklists now became invisible by default to anyone. Even admins can't see them other than with --all. I'm not sure they are really that important to deny access to, but it makes sense to reduce their visibility to normal users.
-- PetrĀ³ _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
