Closed Bug 1140214 Opened 6 years ago Closed 6 years ago

Make pash.py's root login code path clean

Categories

(Developer Services :: Mercurial: hg.mozilla.org, defect)

defect
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: gps, Assigned: gps)

Details

Attachments

(6 files, 1 obsolete file)

pash.py has a number of vectors where *all* SSH logins can be locked out. If any of these were to happen in production, we'd be in deep trouble. Let's refactor it so the root login code path is robust.
Attached file MozReview Request: bz://1140214/gps (obsolete) —
/r/4921 - pash: consistently format pash.py
/r/4923 - pash: store user in a variable
/r/4925 - pash: move QuoteForPOSIX into pash.py
/r/4927 - pash: move non-root login code path to isolated function (bug 1140214)

Pull down these commits:

hg pull review -r 1c6e1f3e23a6acd169dd11521f90a7ce7aa99016
Attachment #8573647 - Flags: review?(bkero)
Comment on attachment 8573647 [details]
MozReview Request: bz://1140214/gps

/r/4921 - pash: consistently format pash.py
/r/4923 - pash: store user in a variable
/r/4925 - pash: move QuoteForPOSIX into pash.py
/r/4927 - pash: move non-root login code path to isolated function (bug 1140214)
/r/4929 - pash: remove hg.ecmascript.org support

Pull down these commits:

hg pull review -r 2eb2296b18091d93b606b3a8ad8ea41ae1fac9d5
Comment on attachment 8573647 [details]
MozReview Request: bz://1140214/gps

/r/4921 - pash: consistently format pash.py
/r/4923 - pash: store user in a variable
/r/4925 - pash: move QuoteForPOSIX into pash.py
/r/4927 - pash: move non-root login code path to isolated function (bug 1140214)
/r/4929 - pash: remove hg.ecmascript.org support
/r/4959 - pash: replace doc_root with DOC_ROOT

Pull down these commits:

hg pull review -r 851a9a9422cca2c41b835e484d1c5960cc97d0a1
Comment on attachment 8573647 [details]
MozReview Request: bz://1140214/gps

https://reviewboard.mozilla.org/r/4919/#review4053

Ship It!
Attachment #8573647 - Flags: review?(bkero) → review+
A change listed to here backed out a change I made in bug 1116796, accidentally or otherwise.

http://tinyurl.com/2aveg9k points to a component that is going away shortly. It should point to http://tinyurl.com/njcfhma

sysadmins/puppet/trunk/modules/hg_new/files/pash/pash.py:
------------------------------------------------------------------------
r101780 | bkero@mozilla.com | 2015-03-09 21:21:58 +0000 (Mon, 09 Mar 2015) | 2 lines

hg_new: update pash.py, bugfixes for 1140214

------------------------------------------------------------------------
r101721 | pradcliffe@mozilla.com | 2015-03-09 12:10:57 +0000 (Mon, 09 Mar 2015) | 1 line

move tinyurl for bug creation to infra & ops :: moc: service requests. bug 116796
------------------------------------------------------------------------
pash changes deployed to prod by bkero.
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Sorry, I guess we had a merge conflict that I missed. Added the changed URL to pash.py. Deploying now.
Thanks!
Attachment #8573647 - Attachment is obsolete: true
Attachment #8619686 - Flags: review+
Attachment #8619687 - Flags: review+
Attachment #8619688 - Flags: review+
Attachment #8619689 - Flags: review+
Attachment #8619690 - Flags: review+
Attachment #8619691 - Flags: review+
You need to log in before you can comment on or make changes to this bug.