Target branches: master, ipa-2-0 --- Most of the pwpolicy_* commands do include cospriority in the result and potentially in the attribute rights (--all --rights). Especially when --raw output is requested. This patch fixes it for all pwpolicy commands.
https://fedorahosted.org/freeipa/ticket/1103
>From e6ded2455a43b3e71641193c061337e288d7d87a Mon Sep 17 00:00:00 2001 From: Martin Kosek <mko...@redhat.com> Date: Thu, 24 Mar 2011 16:30:10 +0100 Subject: [PATCH] Password policy commands do not include cospriority Most of the pwpolicy_* commands do include cospriority in the result and potentially in the attribute rights (--all --rights). Especially when --raw output is requested. This patch fixes it for all pwpolicy commands. https://fedorahosted.org/freeipa/ticket/1103 --- ipalib/plugins/pwpolicy.py | 58 +++++++++++++++++++------------------------ 1 files changed, 26 insertions(+), 32 deletions(-) diff --git a/ipalib/plugins/pwpolicy.py b/ipalib/plugins/pwpolicy.py index caf918c7af655510dd4311fa8e2c2a0b67a125e9..01805d43775f600a72dbdc8f952654469d1aed0f 100644 --- a/ipalib/plugins/pwpolicy.py +++ b/ipalib/plugins/pwpolicy.py @@ -156,7 +156,8 @@ class cosentry_find(LDAPSearch): api.register(cosentry_find) -global_policy_dn = 'cn=global_policy,cn=%s,cn=kerberos,%s' % (api.env.realm, api.env.basedn) +global_policy_name = 'global_policy' +global_policy_dn = 'cn=%s,cn=%s,cn=kerberos,%s' % (global_policy_name, api.env.realm, api.env.basedn) class pwpolicy(LDAPObject): """ @@ -304,6 +305,22 @@ class pwpolicy(LDAPObject): error=_('Maximum password life must be greater than minimum.'), ) + def add_cospriority(self, entry, pwpolicy_name, rights=True): + try: + cos_entry = self.api.Command.cosentry_show( + pwpolicy_name + )['result'] + if cos_entry.get('cospriority') is not None: + entry['cospriority'] = cos_entry['cospriority'] + except errors.NotFound: + # will not be found for global_policy + pass + + if rights and pwpolicy_name != global_policy_name: + cos_entry = self.api.Command.cosentry_show(pwpolicy_name, rights=True, all=True)['result'] + entry['attributelevelrights']['cospriority'] = cos_entry['attributelevelrights']['cospriority'] + + api.register(pwpolicy) @@ -327,9 +344,7 @@ class pwpolicy_add(LDAPCreate): def post_callback(self, ldap, dn, entry_attrs, *keys, **options): self.log.info('%r' % entry_attrs) - if not options.get('raw', False): - if options.get('cospriority') is not None: - entry_attrs['cospriority'] = [unicode(options['cospriority'])] + self.obj.add_cospriority(entry_attrs, keys[-1], False) self.obj.convert_time_for_output(entry_attrs, **options) return dn @@ -381,9 +396,8 @@ class pwpolicy_mod(LDAPUpdate): return dn def post_callback(self, ldap, dn, entry_attrs, *keys, **options): - if not options.get('raw', False): - if options.get('cospriority') is not None: - entry_attrs['cospriority'] = [unicode(options['cospriority'])] + rights = options.get('all', False) and options.get('rights', False) + self.obj.add_cospriority(entry_attrs, keys[-1], rights) self.obj.convert_time_for_output(entry_attrs, **options) return dn @@ -418,20 +432,8 @@ class pwpolicy_show(LDAPRetrieve): return dn def post_callback(self, ldap, dn, entry_attrs, *keys, **options): - if not options.get('raw', False): - if keys[-1] is not None and keys[-1] != 'global_policy': - try: - cos_entry = self.api.Command.cosentry_show( - keys[-1] - )['result'] - if cos_entry.get('cospriority') is not None: - entry_attrs['cospriority'] = cos_entry['cospriority'] - except errors.NotFound: - pass - if options.get('rights', False) and options.get('all', False) and \ - (keys[-1] is not None and keys[-1] != 'global_policy'): - cos_entry = self.api.Command.cosentry_show(keys[-1], rights=True, all=True)['result'] - entry_attrs['attributelevelrights']['cospriority'] = cos_entry['attributelevelrights']['cospriority'] + rights = options.get('all', False) and options.get('rights', False) + self.obj.add_cospriority(entry_attrs, keys[-1], rights) self.obj.convert_time_for_output(entry_attrs, **options) return dn @@ -443,17 +445,9 @@ class pwpolicy_find(LDAPSearch): Search for group password policies. """ def post_callback(self, ldap, entries, truncated, *args, **options): - if not options.get('raw', False): - for e in entries: - try: - cos_entry = self.api.Command.cosentry_show( - e[1]['cn'][0] - )['result'] - if cos_entry.get('cospriority') is not None: - e[1]['cospriority'] = cos_entry['cospriority'] - except errors.NotFound: - pass - self.obj.convert_time_for_output(e[1], **options) + for e in entries: + self.obj.add_cospriority(e[1], e[1]['cn'][0], False) + self.obj.convert_time_for_output(e[1], **options) api.register(pwpolicy_find) -- 1.7.4
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel