Re: [Freeipa-devel] [PATCH] Validate/Normalize user attributes if set using krbtpolicy set/add-attr.

Thu, 07 Apr 2011 06:43:48 -0700 

On 04/06/2011 05:08 PM, Pavel Zuna wrote:

Ticket #744

Pavel



New fixed version of patch attached.

Pavel

>From c61c329c1fd4f806a64f4fa6b660b0baeea38377 Mon Sep 17 00:00:00 2001
From: Pavel Zuna <pz...@redhat.com>
Date: Wed, 6 Apr 2011 09:08:03 -0400
Subject: [PATCH] Validate/Normalize user attributes if set using krbtpolicy set/add-attr.

Ticket #744
---
 ipalib/plugins/krbtpolicy.py |   20 ++++++++++++++++++++
 ipalib/plugins/user.py       |    1 +
 2 files changed, 21 insertions(+), 0 deletions(-)

diff --git a/ipalib/plugins/krbtpolicy.py b/ipalib/plugins/krbtpolicy.py
index c9d86ea..8cefc90 100644
--- a/ipalib/plugins/krbtpolicy.py
+++ b/ipalib/plugins/krbtpolicy.py
@@ -83,6 +83,10 @@ class krbtpolicy(LDAPObject):
             label=_('User name'),
             doc=_('Manage ticket policy for specific user'),
             primary_key=True,
+            pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,252}[a-zA-Z0-9_.$-]?$',
+            pattern_errmsg='may only include letters, numbers, _, -, . and $',
+            maxlength=255,
+            normalizer=lambda value: value.lower(),
         ),
         Int('krbmaxticketlife?',
             cli_name='maxlife',
@@ -96,6 +100,14 @@ class krbtpolicy(LDAPObject):
             doc=_('Maximum renewable age (seconds)'),
             minvalue=1,
         ),
+        Int('uidnumber?',
+            minvalue=1,
+            flags=['no_create', 'no_update', 'no_search'],
+        ),
+        Int('gidnumber?',
+            minvalue=1,
+            flags=['no_create', 'no_update', 'no_search'],
+        ),
     )
 
     def get_dn(self, *keys, **kwargs):
@@ -115,6 +127,14 @@ class krbtpolicy_mod(LDAPUpdate):
         #  ticket policies are attached to objects with unrelated attributes
         if options.get('all'):
             options['all'] = False
+        if keys[-1] is not None:
+            # we're modifying an user entry and it's possible to change its
+            # attribute unrelated to ticket policy using --{set,add}-attr
+            # we need to validate/normalize them here:
+            if 'mail' in entry_attrs:
+                entry_attrs['mail'] = self.api.Object['user']._normalize_email(
+                    entry_attrs['mail']
+                )
         return dn
 
 api.register(krbtpolicy_mod)
diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py
index e71c21b..d18ba18 100644
--- a/ipalib/plugins/user.py
+++ b/ipalib/plugins/user.py
@@ -176,6 +176,7 @@ class user(LDAPObject):
             label=_('GID'),
             doc=_('Group ID Number'),
             default_from=lambda uid: uid,
+            minvalue=1,
         ),
         Str('street?',
             cli_name='street',
-- 
1.7.4


_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to