[Freeipa-devel] [PATCH] some input validation
Rob Crittenden
rcritten at redhat.com
Mon Dec 3 16:00:02 UTC 2007
Karl MacMillan wrote:
> On Fri, 2007-11-30 at 13:29 -0500, Rob Crittenden wrote:
>> Require that the default users group exists
>> Fix some copy-paste errors from the password policy update
>
> I pushed this with the logging change below reverted.
>
> [...]
>
>>
>> # FIXME: need to check the ipadebug option in ipa.conf
>> -#logging.basicConfig(level=logging.DEBUG,
>> -# format='%(asctime)s %(levelname)s %(message)s',
>> -# stream=sys.stderr)
>> +logging.basicConfig(level=logging.DEBUG,
>> + format='%(asctime)s %(levelname)s %(message)s',
>> + stream=sys.stderr)
>>
>
> This was commented out because it causes the logging config to change
> simply on import of funcs.py. That, for example, caused all output to go
> to the console during setup. We should avoid side-effects on import if
> possible I think. Is there some function that this can be called from
> instead?
This was my mistake, I forgot to re-omment them.
We need a debugging capability of the XML-RPC Interface. This is my
first attempt at it. It needs to be tied into Apache so once I do that
we can uncomment this and it won't affect setup.
rob
>
>
>> #
>> # Apache runs in multi-process mode so each process will have its own
>> @@ -1380,14 +1380,22 @@ class IPAServer:
>> # The LDAP routines want strings, not ints, so convert a few
>> # things. Otherwise it sees a string -> int conversion as a
>> change.
>> try:
>> - newconfig['krbmaxpwdlife'] =
>> str(newconfig.get('krbmaxpwdlife'))
>> - newconfig['krbminpwdlife'] =
>> str(newconfig.get('krbminpwdlife'))
>> - newconfig['krbpwdmindiffchars'] =
>> str(newconfig.get('krbpwdmindiffchars'))
>> - newconfig['krbpwdminlength'] =
>> str(newconfig.get('krbpwdminlength'))
>> - newconfig['krbpwdhistorylength'] =
>> str(newconfig.get('krbpwdhistorylength'))
>> + newconfig['ipapwdexpadvnotify'] =
>> str(newconfig.get('ipapwdexpadvnotify'))
>> + newconfig['ipasearchtimelimit'] =
>> str(newconfig.get('ipasearchtimelimit'))
>> + newconfig['ipasearchrecordslimit'] =
>> str(newconfig.get('ipasearchrecordslimit'))
>> + newconfig['ipamaxusernamelength'] =
>> str(newconfig.get('ipamaxusernamelength'))
>> except KeyError:
>> # These should all be there but if not, let things
>> proceed
>> pass
>> +
>> + # Ensure that the default group for users exists
>> + try:
>> + group =
>> self.get_entry_by_cn(newconfig.get('ipadefaultprimarygroup'), None,
>> opts)
>> + except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND):
>> + raise
>> + except:
>> + raise
>> +
>> return self.update_entry(oldconfig, newconfig, opts)
>>
>> def get_password_policy(self, opts=None):
>> @@ -1413,6 +1421,9 @@ class IPAServer:
>> except KeyError:
>> # These should all be there but if not, let things
>> proceed
>> pass
>> + except:
>> + # Anything else raise an error
>> + raise
>>
>> return self.update_entry(oldpolicy, newpolicy, opts)
>>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20071203/5df0b371/attachment.bin>
More information about the Freeipa-devel
mailing list