subject:"\[Freeipa\-devel\] \[PATCHES 301\-302\] ID override sshpubkey handling"

Re: [Freeipa-devel] [PATCHES 301-302] ID override sshpubkey handling

2015-01-27 Thread David Kupka


On 01/26/2015 04:33 PM, Tomas Babej wrote:

Hi,

the following two patches make sure that sshpubkeys work both with -mod and 
-add commands of ipaoverrideuser objects. Also covers the use cases with unit 
tests.

https://fedorahosted.org/freeipa/ticket/4868

Tomas



___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel


Hi,

thanks for the patches but right now we need just a small fix for 
ipa-4-1 (attached). Your patches will latter go into ipa-4-2.



--
David Kupka
From 02c42c4935013e711563da88bb2da75700ba6e11 Mon Sep 17 00:00:00 2001
From: David Kupka dku...@redhat.com
Date: Tue, 27 Jan 2015 16:12:19 +0100
Subject: [PATCH] idviews: Allow setting ssh public key on ipauseroverride-add

https://fedorahosted.org/freeipa/ticket/4868
---
 ipalib/plugins/idviews.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/ipalib/plugins/idviews.py b/ipalib/plugins/idviews.py
index df6b80fee6239c97e2133885234408c2816b3774..df403b1193fe18dfadf437a18a3e0b6ffb7575b4 100644
--- a/ipalib/plugins/idviews.py
+++ b/ipalib/plugins/idviews.py
@@ -672,6 +672,7 @@ class idoverrideuser(baseidoverride):
 }
 
 object_class = baseidoverride.object_class + ['ipaUserOverride']
+possible_objectclasses = ['ipasshuser', 'ipaSshGroupOfPubKeys']
 default_attributes = baseidoverride.default_attributes + [
'homeDirectory', 'uidNumber', 'uid', 'ipaOriginalUid', 'loginShell',
'ipaSshPubkey', 'gidNumber', 'gecos',
@@ -786,6 +787,8 @@ class idoverrideuser_add(baseidoverride_add):
 dn = super(idoverrideuser_add, self).pre_callback(ldap, dn,
  entry_attrs, attrs_list, *keys, **options)
 
+entry_attrs['objectclass'].append('ipasshuser')
+
 # Update the ipaOriginalUid
 self.obj.update_original_uid_reference(entry_attrs)
 return dn
-- 
2.1.0

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCHES 301-302] ID override sshpubkey handling

2015-01-27 Thread Jan Cholasta


Dne 27.1.2015 v 16:22 David Kupka napsal(a):

On 01/26/2015 04:33 PM, Tomas Babej wrote:

Hi,

the following two patches make sure that sshpubkeys work both with
-mod and -add commands of ipaoverrideuser objects. Also covers the use
cases with unit tests.

https://fedorahosted.org/freeipa/ticket/4868

Tomas



___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel


Hi,

thanks for the patches but right now we need just a small fix for
ipa-4-1 (attached).


Thanks, ACK.

Pushed to:
master: 3b87302f5a280c044a8e6a8b4aa08a29e3b4b0d5
ipa-4-1: 0dc7448b3634be443806db45ffead57107213ad6


Your patches will latter go into ipa-4-2.


+1

--
Jan Cholasta

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCHES 301-302] ID override sshpubkey handling

2015-01-26 Thread Tomas Babej

Hi,

the following two patches make sure that sshpubkeys work both with -mod and 
-add commands of ipaoverrideuser objects. Also covers the use cases with unit 
tests.

https://fedorahosted.org/freeipa/ticket/4868

TomasFrom ec60a1c2cd04a71725cf86c5926f749795cfe20a Mon Sep 17 00:00:00 2001
From: Tomas Babej tba...@redhat.com
Date: Mon, 26 Jan 2015 16:27:56 +0100
Subject: [PATCH] idviews: Make sure ssh public key can be set on
 ipauseroverride-add

Clears up and generalizes ssh public key handling so that it
can be used in ipaoverrideuser-add as well as ipaoverrideuser-mod
commands.

Also properly deals with the situation when user removes the
ssh public key from the override, where original implementation
would leave stray objectclasses behind.

https://fedorahosted.org/freeipa/ticket/4868
---
 ipalib/plugins/idviews.py | 57 +--
 1 file changed, 50 insertions(+), 7 deletions(-)

diff --git a/ipalib/plugins/idviews.py b/ipalib/plugins/idviews.py
index df6b80fee6239c97e2133885234408c2816b3774..887616dd044e2c79dfabcbbef5ce5cde7b0508c6 100644
--- a/ipalib/plugins/idviews.py
+++ b/ipalib/plugins/idviews.py
@@ -729,6 +729,51 @@ class idoverrideuser(baseidoverride):
  anchor)
 entry_attrs['ipaOriginalUid'] = original_uid
 
+def handle_sshpubkey_update(self, dn, ldap, entry_attrs, modify=False):
+
+Handles adding sshpubkey value on idoverrideuser-add or
+idoverrideuser-mod. Makes sure that 'ipasshuser' objectclass
+is added/removed.
+
+
+def get_objectclasses():
+
+Returns a list of objectclasses that will be saved in the entry
+after this modification. Modifing this list changes the actual
+list of objeclasses being assigned to the entry.
+
+
+# If objectclasses are not in entry_attrs, fetch them from LDAP
+# and inject them there
+if 'objectclass' not in entry_attrs and modify:
+fromldap = ldap.get_entry(dn, ['objectclass'])['objectclass']
+entry_attrs['objectclass'] = fromldap
+elif 'objectclass' not in entry_attrs:
+entry_attrs['objectclass'] = [c for c in self.object_class]
+
+return entry_attrs['objectclass']
+
+# Let's deal with this only if modification to ipasshpubkey attribute
+# is being performed
+if 'ipasshpubkey' not in entry_attrs:
+return
+
+classes = get_objectclasses()
+sshpubkey_removed = entry_attrs['ipasshpubkey'] is None
+
+if sshpubkey_removed:
+# If sshpubkey value is being removed, remove the ipasshuser class
+# and ipaSshGroupOfPubKeys (superclass of ipasshuser) class too
+if 'ipasshuser' in classes:
+del classes[classes.index('ipasshuser')]
+if 'ipaSshGroupOfPubKeys' in classes:
+del classes[classes.index('ipaSshGroupOfPubKeys')]
+else:
+# If sshpubkey value is being added, make sure ipasshuser class
+# is present too
+if 'ipasshuser' not in classes:
+classes.append('ipasshuser')
+
 
 @register()
 class idoverridegroup(baseidoverride):
@@ -788,6 +833,9 @@ class idoverrideuser_add(baseidoverride_add):
 
 # Update the ipaOriginalUid
 self.obj.update_original_uid_reference(entry_attrs)
+
+# Handle the objectclass changes related to sshpubkey
+self.obj.handle_sshpubkey_update(dn, ldap, entry_attrs)
 return dn
 
 def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
@@ -816,14 +864,9 @@ class idoverrideuser_mod(baseidoverride_mod):
 # Update the ipaOriginalUid
 self.obj.set_anchoruuid_from_dn(dn, entry_attrs)
 self.obj.update_original_uid_reference(entry_attrs)
-if 'objectclass' in entry_attrs:
-obj_classes = entry_attrs['objectclass']
-else:
-_entry_attrs = ldap.get_entry(dn, ['objectclass'])
-obj_classes = entry_attrs['objectclass'] = _entry_attrs['objectclass']
 
-if 'ipasshpubkey' in entry_attrs and 'ipasshuser' not in obj_classes:
-obj_classes.append('ipasshuser')
+# Handle the objectclass changes related to sshpubkey
+self.obj.handle_sshpubkey_update(dn, ldap, entry_attrs, modify=True)
 return dn
 
 def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
-- 
2.1.0

From 50766894a633b07fa90e68ce9bd5771b387521f0 Mon Sep 17 00:00:00 2001
From: Tomas Babej tba...@redhat.com
Date: Mon, 26 Jan 2015 16:29:29 +0100
Subject: [PATCH] ipatests: Add coverage for adding and removing sshpubkeys in
 ID overrides

Adds xmlrpc tests for:
  - Adding a user ID override with sshpubkey
  - Modifying a user ID override to contain sshpubkey
  - Removing a sshpubkey value from a user ID override

Re: [Freeipa-devel] [PATCHES 301-302] ID override sshpubkey handling

Re: [Freeipa-devel] [PATCHES 301-302] ID override sshpubkey handling

[Freeipa-devel] [PATCHES 301-302] ID override sshpubkey handling

3 matches

Site Navigation

Mail list logo

Footer information