[Freeipa-devel] [PATCH] 0017 configure DNA shared config entry to allow connection with GSSAPI
Rob Crittenden
rcritten at redhat.com
Thu Jan 21 16:22:28 UTC 2016
Martin Babinsky wrote:
> On 01/21/2016 01:37 PM, thierry bordaz wrote:
> 6.)
>
> + while attempt != MAX_WAIT:
> + try:
> + entries = conn.get_entries(sharedcfgdn,
> scope=ldap.SCOPE_ONELEVEL, filter='dnaHostname=%s' % self.fqdn)
> + break
> + except errors.NotFound:
> + root_logger.debug("So far enable not find DNA shared
> config entry for dnaHostname=%s under %s. Retry in 2sec" % (self.fqdn,
> sharedcfgdn))
> + attempt = attempt + 1
> + time.sleep(2)
> + continue
> +
> + # safety checking
> + # there is no return, if there are several entries, as a
> workaround of #5510
> + if len(entries) != 1:
>
> I am quite afraid what would happen if the server does not return any
> entries until 30 s timeout. The code will then continue to the condition
> which can potentially test an uninitialized variable and blow up with
> 'NameError'. This should be handled more robustly, e. g. raise an
> exception when a timeout is reached and no entries were returned.
I agree, but note that it is a 60s timeout (30 tries x 2 second sleeps).
This will blow up if something other than NotFound is returned (e.g.
connection error), and maybe that's ok.
The continue is not needed.
rob
More information about the Freeipa-devel
mailing list