Ticket #2512

In hbactest.py there is a name error wrapped inside a try/except block
that ignores all errors so the code block exits prematurely leaving a
critical variable uninitialized.

The name error is the result of a cut-n-paste error that references a
variable that had never been initialized in the scope of the code
block. Python generates an exception when this variable is referenced
but because it's wrapped in a try/except block that catches all errors
and ignores all errors there is no evidence that something went wrong.

The fix is to use the correct variables.

At some point we may want to revist if ignoring all errors and
proceding as if nothing happened is actually correct. Alexander tells
me this mimics what SSSD does in the hbac rule processing, thus the
ignoring of errors is intentional. But in a plugin whose purpose is to
test and exercise hbac rules I'm not sure ignoring all errors is
really the right behavior.

--
John Dennis <jden...@redhat.com>

Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
From e0bc546f8e35d5781f0edf58500abca2c8c424cc Mon Sep 17 00:00:00 2001
From: John Dennis <jden...@redhat.com>
Date: Thu, 19 Apr 2012 08:56:07 -0400
Subject: [PATCH 74] Fix name error in hbactest
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit

Ticket #2512

In hbactest.py there is a name error wrapped inside a try/except block
that ignores all errors so the code block exits prematurely leaving a
critical variable uninitialized.

The name error is the result of a cut-n-paste error that references a
variable that had never been initialized in the scope of the code
block. Python generates an exception when this variable is referenced
but because it's wrapped in a try/except block that catches all errors
and ignores all errors there is no evidence that something went wrong.

The fix is to use the correct variables.

At some point we may want to revist if ignoring all errors and
proceding as if nothing happened is actually correct. Alexander tells
me this mimics what SSSD does in the hbac rule processing, thus the
ignoring of errors is intentional. But in a plugin whose purpose is to
test and exercise hbac rules I'm not sure ignoring all errors is
really the right behavior.
---
 ipalib/plugins/hbactest.py |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/ipalib/plugins/hbactest.py b/ipalib/plugins/hbactest.py
index b81dca3..78fac02 100644
--- a/ipalib/plugins/hbactest.py
+++ b/ipalib/plugins/hbactest.py
@@ -325,7 +325,7 @@ class hbactest(Command):
                     srchost_result = self.api.Command.host_show(request.srchost.name)['result']
                     groups = srchost_result['memberof_hostgroup']
                     if 'memberofindirect_hostgroup' in srchost_result:
-                        groups += search_result['memberofindirect_hostgroup']
+                        groups += srchost_result['memberofindirect_hostgroup']
                     request.srchost.groups = sorted(set(groups))
                 except:
                      pass
@@ -338,7 +338,7 @@ class hbactest(Command):
                 tgthost_result = self.api.Command.host_show(request.targethost.name)['result']
                 groups = tgthost_result['memberof_hostgroup']
                 if 'memberofindirect_hostgroup' in tgthost_result:
-                    groups += search_result['memberofindirect_hostgroup']
+                    groups += tgthost_result['memberofindirect_hostgroup']
                 request.targethost.groups = sorted(set(groups))
             except:
                 pass
-- 
1.7.7.6

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to