[Freeipa-devel] [PATCH 0024] Add OTP support to ipalib CLI

Jan Cholasta jcholast at redhat.com
Wed Dec 11 12:24:07 UTC 2013 

On 14.11.2013 20:23, Nathaniel McCallum wrote:
> On Wed, 2013-10-30 at 08:57 +0100, Jan Cholasta wrote:
>> On 8.10.2013 16:35, Nathaniel McCallum wrote:
>>> On Tue, 2013-10-08 at 09:19 +0200, Jan Cholasta wrote:
>>>>
>>>> +class Base32DecodeError(ExecutionError):
>>>>
>>>> Is this really necessary? Are we going to add <encoding>DecodeError for
>>>> every kind of new encoding in IPA? Can't we just have generic
>>>> DecodeError? (This is not an issue in your patch per se, I'm just
>>>> wondering if we can do it better in the framework.)
>>>
>>> I added the new error due to the existence of a Base64DecodeError. I
>>> figured changing the existing error to be more generic would break api.
>>>
>>> Nathaniel
>>>
>>
>> I think you can use ConversionError instead. I don't see any reason why
>> base32/64 decoding errors should be special cased like this and would
>> like to see Base64DecodeError gone.
>
> Fixed.
>
>

Thanks.

      format = _("invalid '%(name)s': %(error)s")

-
  class ValidationError(InvocationError):
      """
      **3009** Raised when a parameter value fails a validation rule.
@@ -1306,6 +1305,7 @@ class PosixGroupViolation(ExecutionError):
      errno = 4030
      format = _('This is already a posix group and cannot be converted 
to external one')

+
  class BuiltinError(ExecutionError):

This white space shuffling is not necessary.


+def _normalize_owner(userobj, entry_attrs):
+    if 'ipatokenowner' in entry_attrs:
+        entry_attrs['ipatokenowner'] = map(userobj.get_primary_key_from_dn,
+                                           entry_attrs['ipatokenowner'])

If the --raw option is specified, ipatokenowner value should be full DN.


+        # Resolve the user's dn
+        owner = entry_attrs.get('ipatokenowner', None)
+        if owner is not None:
+            owner = self.api.Object.user.get_dn(owner)
+            entry_attrs['ipatokenowner'] = owner

You have a _normalize_owner function, I think the code above should go 
into a _convert_owner function (use the function in 
otptoken_{mod,show,find} as well).


+        # Get the issuer for the URI
+        issuer = api.env.realm
+        if owner is not None:
+            try:
+                issuer = ldap.get_entry(owner, 
['krbprincipalname'])['krbprincipalname'][0]
+            except:
+                pass

Please use "except PublicError" here, we don't want internal errors to 
be ignored.


+        # Delete all tokens owned by this user
+        owner = self.api.Object.user.get_primary_key_from_dn(dn)
+        results = 
self.api.Command.otptoken_find(ipatokenowner=owner)['result']
+        for token in results:
+            token = 
self.api.Object.otptoken.get_primary_key_from_dn(token['dn'])
+            self.api.Command.otptoken_del(token)

This should probably be handled by the referint plugin.

Honza

-- 
Jan Cholasta

More information about the Freeipa-devel mailing list