278d7cf certprofile-mod: correctly authorise config update

1 file Authored by ftweedal 7 years ago, Committed by mbasti 7 years ago,
    certprofile-mod: correctly authorise config update
    
    Certificate profiles consist of an FreeIPA object, and a
    corresponding Dogtag configuration object.  When updating profile
    configuration, changes to the Dogtag configuration are not properly
    authorised, allowing unprivileged operators to modify (but not
    create or delete) profiles.  This could result in issuance of
    certificates with fraudulent subject naming information, improper
    key usage, or other badness.
    
    Update certprofile-mod to ensure that the operator has permission to
    modify FreeIPA certprofile objects before modifying the Dogtag
    configuration.
    
    https://fedorahosted.org/freeipa/ticket/6560
    
    Reviewed-By: Jan Cholasta <jcholast@redhat.com>