From b7924139d895c7ebe019fbfc9c85fed3baae642e Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Fri, 28 Mar 2008 15:28:28 -0400 Subject: [PATCH] Don't allow the admin user to be removed using the XML-RPC Interface. If a site really wants it gone then can delete it via LDAP. 439281 --- ipa-python/ipaerror.py | 5 +++++ ipa-server/xmlrpc-server/funcs.py | 2 ++ 2 files changed, 7 insertions(+) diff --git a/ipa-python/ipaerror.py b/ipa-python/ipaerror.py index 256c87891..9b9cefccf 100644 --- a/ipa-python/ipaerror.py +++ b/ipa-python/ipaerror.py @@ -163,6 +163,11 @@ INPUT_REALM_MISMATCH = gen_error_code( 0x0006, "The realm for the principal does not match the realm for this IPA server.") +INPUT_ADMIN_REQUIRED = gen_error_code( + INPUT_CATEGORY, + 0x0007, + "The admin user cannot be deleted.") + # # Connection errors # diff --git a/ipa-server/xmlrpc-server/funcs.py b/ipa-server/xmlrpc-server/funcs.py index 11b4e9fb5..5190b09f7 100644 --- a/ipa-server/xmlrpc-server/funcs.py +++ b/ipa-server/xmlrpc-server/funcs.py @@ -1105,6 +1105,8 @@ class IPAServer: """ if not isinstance(uid,basestring) or len(uid) == 0: raise ipaerror.gen_exception(ipaerror.INPUT_INVALID_PARAMETER) + if uid == "admin": + raise ipaerror.gen_exception(ipaerror.INPUT_ADMIN_REQUIRED) user = self.get_user_by_uid(uid, ['dn', 'uid', 'objectclass'], opts) if user is None: raise ipaerror.gen_exception(ipaerror.LDAP_NOT_FOUND)