Re: [Freeipa-devel] [PATCH] otptoken_yubikey, append CR by default and add a option for not doing so

Wed, 08 Apr 2015 08:48:12 -0700 

On 04/08/2015 05:14 PM, Martin Basti wrote:

On 08/04/15 17:12, Luc de Louw wrote:


On 04/08/2015 05:05 PM, Martin Basti wrote:

On 08/04/15 16:55, Nathaniel McCallum wrote:

On Wed, 2015-04-08 at 11:57 +0200, Luc de Louw wrote:

Hi there,

At the moment ipa otptoken-add-yubikey does not add the parameter
"APPEND_CR". This prevents submit the password+OTP. APPEND_CR is
usually
very handy, most people use this functionality.

The patch changes the behavior to set APPEND_CR by default and let
the
user override this by using the the --do-not-append-cr option.

This patch is very helpful and I would like to see it merged. Thanks
Luc!

1. This patch needs to be formatted according to the FreeIPA
formatting. See: https://www.freeipa.org/page/Contribute/Patch_Format

2. The flag should be named "no_cr" instead of "do_not_append_cr".

3. The comment is not necessary since what the code does is obvious.

Nathaniel


Hello,

4) this patch changes API, so please run ./makeapi to regenerate API.txt
file and add changes into patch + please bum API minor version in
VERSION file

thanks.




Hi,

When running makeaip, I get the following error:
  File "/home/luc/freeipa/ipalib/constants.py", line 25, in <module>
    from ipaplatform.paths import paths
ImportError: No module named paths

Any hints?

The other changes are ready to submit.

Thanks,

Luc

You may need to run 'make version-upgrade' or 'make' to prepare the module.

If it will not work, you can send incomplete patch, I will add API
changes there, just bump VERSION please



Martin,

Thanks for your hints, seems to work, please have a look at it...

Thanks,

Luc



>From f1a01a7f984e60df6978a506af94ea9e1d8098ea Mon Sep 17 00:00:00 2001
From: Luc de Louw <ldel...@redhat.com>
Date: Wed, 8 Apr 2015 17:41:33 +0200
Subject: [PATCH] At the moment ipa otptoken-add-yubikey does not add the
 parameter "APPEND_CR". This prevents submit the password+OTP. APPEND_CR is
 usually very handy, most people use this functionality.

The patch changes the behavior to set APPEND_CR by default and let
the user override this by using the the --no-cr option.
---
 API.txt                            |  3 ++-
 VERSION                            |  2 +-
 ipalib/plugins/otptoken_yubikey.py | 13 ++++++++++++-
 3 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/API.txt b/API.txt
index f747765d7f9c87761fed0277cd59d1bc3fbd57e9..d2c57e48e775dacdfe70fbd1eae6249f1c82e1ad 100644
--- a/API.txt
+++ b/API.txt
@@ -2661,7 +2661,7 @@ output: Output('completed', <type 'int'>, None)
 output: Output('failed', <type 'dict'>, None)
 output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
 command: otptoken_add_yubikey
-args: 1,8,1
+args: 1,9,1
 arg: Str('ipatokenuniqueid?', cli_name='id', primary_key=True)
 option: Str('description?', cli_name='desc')
 option: Bool('ipatokendisabled?', cli_name='disabled')
@@ -2669,6 +2669,7 @@ option: DateTime('ipatokennotafter?', cli_name='not_after')
 option: DateTime('ipatokennotbefore?', cli_name='not_before')
 option: IntEnum('ipatokenotpdigits?', autofill=True, cli_name='digits', default=6, values=(6, 8))
 option: Str('ipatokenowner?', cli_name='owner')
+option: Flag('no_cr?', autofill=True, cli_name='no_cr', default=False, required=False)
 option: IntEnum('slot?', cli_name='slot', values=(1, 2))
 option: Str('version?', exclude='webui')
 output: Output('result', None, None)
diff --git a/VERSION b/VERSION
index b584eb4584ea45881e5329a846dae0df7e231844..5acbdf1caa287d664df00260620809d06f5e5eb1 100644
--- a/VERSION
+++ b/VERSION
@@ -90,5 +90,5 @@ IPA_DATA_VERSION=20100614120000
 #                                                      #
 ########################################################
 IPA_API_VERSION_MAJOR=2
-IPA_API_VERSION_MINOR=116
+IPA_API_VERSION_MINOR=117
 # Last change: tbordaz - Add stageuser_add command"
diff --git a/ipalib/plugins/otptoken_yubikey.py b/ipalib/plugins/otptoken_yubikey.py
index 58fc18308f0cfe407881b5fbb5e653c5afbd0eba..a48a1294a6349a1721601e2100088a0a458c5e84 100644
--- a/ipalib/plugins/otptoken_yubikey.py
+++ b/ipalib/plugins/otptoken_yubikey.py
@@ -17,7 +17,7 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-from ipalib import _, Str, IntEnum
+from ipalib import _, Str, IntEnum, Flag
 from ipalib.errors import NotFound
 from ipalib.plugable import Registry
 from ipalib.frontend import Command
@@ -65,6 +65,12 @@ class otptoken_add_yubikey(Command):
             label=_('YubiKey slot'),
             values=(1, 2),
         ),
+       Flag('no_cr?',
+           cli_name='no_cr',
+           label=_('Do not append a CR after sending the OTP (default: false)'),
+	   default=False,
+	   required=False,
+       ),
     ) + tuple(x for x in otptoken.takes_params if x.name in (
         'description',
         'ipatokenowner',
@@ -107,6 +113,11 @@ class otptoken_add_yubikey(Command):
         cfg = yk.init_config()
         cfg.mode_oath_hotp(key, kwargs['ipatokenotpdigits'])
         cfg.extended_flag('SERIAL_API_VISIBLE', True)
+
+	# If the no_cr flag was not specified, add the parameter APPEND_CR to the config
+	if kwargs.get('no_cr') is False:
+		cfg.ticket_flag('APPEND_CR', True)
+
         yk.write_config(cfg, slot=kwargs['slot'])
 
         # Filter the options we want to pass.
-- 
2.1.0


-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code





















					Reply via email to