freeipa

Clone
Source Code
GIT

#4202 wrong error message is returned when there are no permissions to re-create trust
Closed: Fixed None Opened 10 years ago by abbra.

Closed: Fixed
Reopen Issue

If trust was created and then we attempt to re-establish it with AD admin credentials that don't have enough privileges, we'll fail -- either at the attempt to delete previously created trust or at the attempt to create new trust.

When we delete existing trust, we silence any exception and don't see NT_STATUS_ACCESS_DENIED, so there will be name collision when we would next create the trust with the same name:

# echo Test1234 | ipa trust-add ad.test --admin abbra --passwordipa: ERROR: CIFS server communication error: code "-1073741771",
                  message "NT_STATUS_OBJECT_NAME_COLLISION" (both may be "None")

Actual cause for this collision is access denial at the trust delete stage, so we need to report proper error message by catching proper exception.

Patch is sent for review.

Starting review

master:

  • 3a7ba60 ipaserver/dcerpc: catch the case of insuffient permissions when establishing trust

ipa-3-3:

  • 42108d1 ipaserver/dcerpc: catch the case of insuffient permissions when establishing trust

Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1070926

Metadata Update from @abbra:
- Issue assigned to abbra
- Issue set to the milestone: FreeIPA 3.3.5 (bug fixing)
7 years ago

Login to comment on this ticket.

Metadata
None
None
None
normal
None
None
None
None
defect
None
None
IPA
None
1
None
None
mkosek
None
https://bugzilla.redhat.com/show_bug.cgi?id=1070926
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.