[Freeipa-devel] [PATCHES 377-379] Hardening of ipa-adtrust-install

[Tomas Babej]

On 11/10/2015 03:35 PM, Martin Babinsky wrote:
> On 10/27/2015 04:24 PM, Tomas Babej wrote:
>> Hi,
>>
>> this couple of patches harden the adtrust installer.
>>
>> Details in the commit messages.
>>
>> Fixes: https://fedorahosted.org/freeipa/ticket/5134
>>
>> Tomas
>>
>>
>>
> NACK,
> 
> in the first patch you forgot to instantiate the caught exception in the
> following snippet:
> 
> +        except Exception:
> +            root_logger.debug("Exception occured during SID generation:
> {0}"
> +                              .format(str(e)))
> 
> You should use 'except Exception as e:'.
> 
> I'm also not quite sure that it is enough to log the error at debug level.
> 
> If the sidgen task somehow fails, isn't it something which should
> interest the user and deserve at least warning-level message?
> 

Thanks for catching this. Inappropriate message level indeed, I probably
wasn't using my brain much when writing that snippet :)

Updated patchset attached.

Tomas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-tbabej-0377-2-adtrustinstance-Wait-for-sidgen-task-completion.patch
Type: text/x-patch
Size: 2205 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20151110/f87e7538/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-tbabej-0378-2-adtrustinstance-Restart-samba-service-at-the-end-of-.patch
Type: text/x-patch
Size: 1542 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20151110/f87e7538/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-tbabej-0379-2-adtrustinstance-Do-not-use-bare-except-clauses.patch
Type: text/x-patch
Size: 3115 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20151110/f87e7538/attachment-0002.bin>