this patch prevents https://fedorahosted.org/freeipa/ticket/5234 from happening.

--
Martin^3 Babinsky
From a01ceb4906cb35141c664ba94c088f4e29209b68 Mon Sep 17 00:00:00 2001
From: Martin Babinsky <mbabi...@redhat.com>
Date: Wed, 19 Aug 2015 14:43:14 +0200
Subject: [PATCH] raise an error when trying to preserve an already preserved
 user

this also fixes a case when a user is permanently deleted when `ipa user-del
--preserve` is accidentally called multiple times on the same uid.

https://fedorahosted.org/freeipa/ticket/5234
---
 ipalib/plugins/user.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py
index 1d6073b4240d963e2b047c20fe5b8be702ef3184..1659830d77c822887ea7e6d0f293db02bffb3250 100644
--- a/ipalib/plugins/user.py
+++ b/ipalib/plugins/user.py
@@ -639,12 +639,16 @@ class user_del(baseuser_del):
         delete_container = DN(self.obj.delete_container_dn, self.api.env.basedn)
         user_from_delete_container = dn.endswith(delete_container)
 
-        if not options.get('preserve', True) or user_from_delete_container:
+        if not options.get('preserve', False):
             # Remove any ID overrides tied with this user
             remove_ipaobject_overrides(self.obj.backend, self.obj.api, dn)
 
             # Issue a true DEL on that entry
             return super(user_del, self).execute(*keys, **options)
+        elif user_from_delete_container:
+            raise errors.ExecutionError(
+                _('One or more users are already preserved')
+            )
 
         # The user to delete is active and there is no 'no_preserve' option
         if options.get('preserve', False):
-- 
2.4.3

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to