BIND 10 #2641: Disable default account, require authentication setup during initialization
BIND 10 Development
do-not-reply at isc.org
Thu Feb 28 18:39:43 UTC 2013
#2641: Disable default account, require authentication setup during initialization
-------------------------------------+-------------------------------------
Reporter: shane | Owner:
Type: enhancement | jinmei
Priority: very high | Status:
Component: bind-ctl | reviewing
Keywords: | Milestone:
Sensitive: 0 | Sprint-20130305
Sub-Project: Core | Resolution:
Estimated Difficulty: 4 | CVSS Scoring:
Total Hours: 0 | Defect Severity: N/A
| Feature Depending on Ticket:
| Add Hours to Ticket: 0
| Internal?: 0
-------------------------------------+-------------------------------------
Comment (by jinmei):
Replying to [comment:23 muks]:
> Hi Jinmei
> > {{{#!python
> > except ssl.SSLError as err:
> > self._print("SSL error while sending login information: ",
err)
> > if err.errno == ssl.SSL_ERROR_EOF:
> > self.__print_check_ssl_msg()
> > except socket.error as err:
> > self._print("Socket error while sending login information:
", err)
> > # An SSL setup error can also bubble up as a plain
CONNRESET...
> > # (on some systems it usually does)
> > if err.errno == errno.ECONNRESET:
> > self.__print_check_ssl_msg()
> > pass
> > }}}
>
> If such exceptions are raised (due to any environmental reasons),
> they'll go unhandled. So maybe there's no harm in leaving them there.
Could you also explain this?
> Looks like so, but I now wonder why the socket or SSL error doesn't
> happen when, e.g., the account file exists but lacks permission.
And, depending on the answer for it, the message printed by
`__print_check_ssl_msg` shouldn't make sense any more.
> > There's one remaining open points: in cmdctl.py.in, I'd still like to
> > avoid hardconding 'tests/testdata':
> > {{{#!python
> > sysconf_path = os.environ["B10_FROM_SOURCE"] +
"/src/bin/cmdctl/"
> > accountsfile = sysconf_path + "tests/testdata/cmdctl-
accounts.csv"
> > }}}
> > one way is to keep it under
> > `os.environ["B10_FROM_SOURCE"] + "/src/bin/cmdctl/"` as before,
> > although you may not like it as this file is now also used in unit
> > tests. In that case, an alternative would be to copy
> > tests/testdata/cmdctl-accounts.csv to {top_builddir}/src/bin/cmdctl
> > (or even directly on top_builddir) and refer to it from cmdctl.py.in
> > when B10_FROM_BUILD is defined.
>
> I've moved it back to `os.environ["B10_FROM_SOURCE"] +
"/src/bin/cmdctl/"` as before.
Okay, but then cmdctl-accounts.csv should be re-created under
bin/cmdctl. In fact, unit test doesn't pass any more; if this means
you actually didn't test it on the revised branch, please make sure
everything including system/lettuce tests (and distcheck) pass.
--
Ticket URL: <http://bind10.isc.org/ticket/2641#comment:24>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development
More information about the bind10-tickets
mailing list