[Freeipa-devel] [PATCH] some input validation

Rob Crittenden rcritten at redhat.com
Mon Dec 3 16:00:02 UTC 2007 

Karl MacMillan wrote:
> On Fri, 2007-11-30 at 13:29 -0500, Rob Crittenden wrote:
>> Require that the default users group exists
>> Fix some copy-paste errors from the password policy update
> 
> I pushed this with the logging change below reverted.
> 
> [...]
> 
>>  
>>  # FIXME: need to check the ipadebug option in ipa.conf
>> -#logging.basicConfig(level=logging.DEBUG,
>> -#    format='%(asctime)s %(levelname)s %(message)s',
>> -#    stream=sys.stderr)
>> +logging.basicConfig(level=logging.DEBUG,
>> +    format='%(asctime)s %(levelname)s %(message)s',
>> +    stream=sys.stderr)
>>  
> 
> This was commented out because it causes the logging config to change
> simply on import of funcs.py. That, for example, caused all output to go
> to the console during setup. We should avoid side-effects on import if
> possible I think. Is there some function that this can be called from
> instead?

This was my mistake, I forgot to re-omment them.

We need a debugging capability of the XML-RPC Interface. This is my 
first attempt at it. It needs to be tied into Apache so once I do that 
we can uncomment this and it won't affect setup.

rob

> 
> 
>>  #
>>  # Apache runs in multi-process mode so each process will have its own
>> @@ -1380,14 +1380,22 @@ class IPAServer:
>>          # The LDAP routines want strings, not ints, so convert a few
>>          # things. Otherwise it sees a string -> int conversion as a
>> change.
>>          try:
>> -            newconfig['krbmaxpwdlife'] =
>> str(newconfig.get('krbmaxpwdlife'))
>> -            newconfig['krbminpwdlife'] =
>> str(newconfig.get('krbminpwdlife'))
>> -            newconfig['krbpwdmindiffchars'] =
>> str(newconfig.get('krbpwdmindiffchars'))
>> -            newconfig['krbpwdminlength'] =
>> str(newconfig.get('krbpwdminlength'))
>> -            newconfig['krbpwdhistorylength'] =
>> str(newconfig.get('krbpwdhistorylength'))
>> +            newconfig['ipapwdexpadvnotify'] =
>> str(newconfig.get('ipapwdexpadvnotify'))
>> +            newconfig['ipasearchtimelimit'] =
>> str(newconfig.get('ipasearchtimelimit'))
>> +            newconfig['ipasearchrecordslimit'] =
>> str(newconfig.get('ipasearchrecordslimit'))
>> +            newconfig['ipamaxusernamelength'] =
>> str(newconfig.get('ipamaxusernamelength'))
>>          except KeyError:
>>              # These should all be there but if not, let things
>> proceed
>>              pass
>> +
>> +        # Ensure that the default group for users exists
>> +        try:
>> +            group =
>> self.get_entry_by_cn(newconfig.get('ipadefaultprimarygroup'), None,
>> opts)
>> +        except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND):
>> +            raise
>> +        except:
>> +            raise 
>> +
>>          return self.update_entry(oldconfig, newconfig, opts)
>>  
>>      def get_password_policy(self, opts=None):
>> @@ -1413,6 +1421,9 @@ class IPAServer:
>>          except KeyError:
>>              # These should all be there but if not, let things
>> proceed
>>              pass
>> +        except:
>> +            # Anything else raise an error
>> +            raise
>>  
>>          return self.update_entry(oldpolicy, newpolicy, opts)
>>  
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20071203/5df0b371/attachment.bin>

More information about the Freeipa-devel mailing list