[Freeipa-devel] [PATCH 0053] Implement OTP token importing

Wed Jun 25 11:03:02 UTC 2014

On 06/25/2014 12:40 PM, Alexander Bokovoy wrote:
> On Wed, 18 Jun 2014, Nathaniel McCallum wrote:
>> On Wed, 2014-06-18 at 17:48 -0400, Simo Sorce wrote:
>>> On Wed, 2014-06-18 at 17:34 -0400, Nathaniel McCallum wrote:
>>> > On Tue, 2014-05-13 at 12:38 -0400, Nathaniel McCallum wrote:
>>> > > This patch adds support for importing tokens using RFC 6030 key
>>> > > container files. This includes decryption support. For sysadmin sanity,
>>> > > any tokens which fail to add will be written to the output file for
>>> > > examination. The main use case here is where a small subset of a large
>>> > > set of tokens fails to validate or add. Using the output file, the
>>> > > sysadmin can attempt to recover these specific tokens.
>>> > >
>>> > > This code is implemented as a server-side script. However, it doesn't
>>> > > actually need to run on the server. This was done because importing is
>>> > > an odd fit for the IPA command framework:
>>> > > 1. We need to write an output file.
>>> > > 2. The operation may be long-running (thousands of tokens).
>>> > > 3. Only admins need to perform this task and it only happens
>>> > > infrequently.
>>> >
>>> > Attached is revision 4. I believe this addresses all the points given
>>> > over the last few days in all emails. The ipa_otptoken_import.py has
>>> > been significantly reworked to make it simpler and easy to test, but
>>> > none of the logic has changed.
>>> >
>>> > I have removed most of the inheritance and sorted out most of the style
>>> > issues (like map() vs comprehension). I did not change the XML parsing
>>> > because it appears that network access is disabled by default.
>>> >
>>> > I have also included a test suite which should have 100% code coverage.
>>> > It even tests for features we don't support yet (like X.509). All tests
>>> > pass for me.
>>> >
>>> > Nathaniel
>>>
>>> +++ b/install/tools/man/ipa-otptoken-import.1
>>> @@ -0,0 +1,36 @@
>>> +.\" A man page for ipa-compat-manage
>>>
>>> Bad Copy&paste here ^^^
>>
>> Thanks! Fixed.
> There is whitespace warning in the man page, needs to be fixed.
> Also, spec file changes are incomplete, man page is not there.
> 
> The patch itself works fine for me with the test suite.
> 
> Attached is the specfile fix, with that one and whitespace removal --
> ACK.
> 
> Attached also is a small fix for ipaplatform changes as specfile now has
> wrong scoping for the platform files.

I pushed all 3 patches to master. (I did not realize you want to just fixup
your patch 0008 before I pushed the first, so I chosen a better name for it.)

Martin