On 12/11/2012 09:27 AM, Martin Kosek wrote:
On 12/11/2012 09:24 AM, Lynn Root wrote:
The following raises ACIError because of failed authorization check, I think
its ok.

RequirementError is only thrown when a command option that is required is not
passed by the user. I am not fond of expanding its use to the validation of
user content, like CSR file.

NotFound error is used when an _entry_ is not found - so not an ideal candidate
either for this case.

IMHO, ValidationError is fine for this situation - but maybe somebody else may
have other opinion...

I assume no one is up in arms about electing to go for ValidationError :)

New patch attached.  Thanks for your help, Martin!

This is better. Though this raise statement would raise a different exception
that one would expect...

from ipalib import errors, _
raise errors.ValidationError(info=_("No hostname was found in subject of
Traceback (most recent call last):
   File "<stdin>", line 1, in <module>
   File "ipalib/errors.py", line 268, in __init__
     self.msg = self.format % kw
KeyError: 'name'

Try #3: added 'name' and 'error' parameters to ValidationError. Thanks again, Martin!

Lynn Root

Associate Software Engineer
Red Hat, Inc

>From 9f4272276d945ef5bade4a0ede0263b311a331c3 Mon Sep 17 00:00:00 2001
From: Lynn Root <lr...@redhat.com>
Date: Mon, 10 Dec 2012 09:13:13 -0500
Subject: [PATCH] Raise ValidationError when CSR does not have a subject

Raise ValidationError when CSR does not have a subject hostname.

Ticket: https://fedorahosted.org/freeipa/ticket/3123
 ipalib/plugins/cert.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/ipalib/plugins/cert.py b/ipalib/plugins/cert.py
index c4bbf8215341d1fdbf8b84cf70ee7ebd8e2b96c4..3aa01621dbb519a2f0f671a8df2489c03faa6f34 100644
--- a/ipalib/plugins/cert.py
+++ b/ipalib/plugins/cert.py
@@ -296,6 +296,10 @@ class cert_request(VirtualCommand):
         # Ensure that the hostname in the CSR matches the principal
         subject_host = get_csr_hostname(csr)
+        if not subject_host:
+            raise errors.ValidationError(name='csr',
+                error=_("No hostname was found in subject of request."))
         (servicename, hostname, realm) = split_principal(principal)
         if subject_host.lower() != hostname.lower():
             raise errors.ACIError(

Freeipa-devel mailing list

Reply via email to