On Mon, 2014-11-10 at 09:08 +0100, Martin Kosek wrote: > On 11/10/2014 08:31 AM, Alexander Bokovoy wrote: > > On Mon, 10 Nov 2014, Jan Cholasta wrote: > >> Hi, > >> > >> Dne 7.11.2014 v 16:51 Nathaniel McCallum napsal(a): > >>> https://fedorahosted.org/freeipa/ticket/4693 > >> > >> Is it good enough to just say "No YubiKey found"? Would it make sense to > >> log > >> the original message, for the sake of debugging why the yubikey was not > >> found? > > This is logged on the client side so it only would be visible if you > > would run 'ipa' tool with -v. Perhaps useful but my practice with > > yubikeys says that most of issues are basically permission-related: > > you've inserted the key and udev rules didn't change access to allow > > getting to it via libusb. In this case our debugging will hardly be > > helpful beyond 'yes, it is not accessible' which is already conveyed by > > the original message. > > Ok. Though IMO, passing the USBError string to the error would still be a good > thing to do - unless we have a strong reason to hide it. Error stating "Access > denied (insufficient permissions)" would steer the person closer to the root > cause that just "No YubiKey found".
It took a bit to figure out exactly how to handle the errors, but the attached patch passes the error codes through.
From b8b7a4e34309120c012a8ec466f1b66d3a2bff9d Mon Sep 17 00:00:00 2001 From: Nathaniel McCallum <npmccal...@redhat.com> Date: Fri, 7 Nov 2014 10:47:43 -0500 Subject: [PATCH] Catch USBError during YubiKey location https://fedorahosted.org/freeipa/ticket/4693 --- ipalib/plugins/otptoken_yubikey.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/ipalib/plugins/otptoken_yubikey.py b/ipalib/plugins/otptoken_yubikey.py index e70ddb6e42b5ea34d7ebecb252d6bbd73ac64d03..1540117093386ef29c6ec47c07731d7a432d26bf 100644 --- a/ipalib/plugins/otptoken_yubikey.py +++ b/ipalib/plugins/otptoken_yubikey.py @@ -25,6 +25,7 @@ from ipalib.plugins.otptoken import otptoken import os +import usb.core import yubico __doc__ = _(""" @@ -81,8 +82,10 @@ class otptoken_add_yubikey(Command): # Open the YubiKey try: yk = yubico.find_yubikey() - except yubico.yubikey.YubiKeyError, e: - raise NotFound(reason=_('No YubiKey found')) + except usb.core.USBError as e: + raise NotFound(reason="No YubiKey found: %s" % e.strerror) + except yubico.yubikey.YubiKeyError as e: + raise NotFound(reason=e.reason) assert yk.version_num() >= (2, 1) -- 2.1.0
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel