From f6b064773072e34e9a7db5b82b60164b18c5a9fc 2015-03-08 11:19:36
From: Branko Majic <branko@majic.rs>
Date: 2015-03-08 11:19:36
Subject: [PATCH] MAR-1: Construct error messages in a safer way.

---

diff --git a/roles/ldap_server/library/ldap_entry.py b/roles/ldap_server/library/ldap_entry.py
index 73746697d7f2ee6eff75c051f4f2cb8904bab407..51720acfb5ee0b107541337d8efad61ab0b4e7f7 100755
--- a/roles/ldap_server/library/ldap_entry.py
+++ b/roles/ldap_server/library/ldap_entry.py
@@ -261,12 +261,7 @@ def main():
                                          module.params["bind_dn"],
                                          module.params["bind_password"])
     except ldap.LDAPError as e:
-        if e.info:
-            error_message = "%s: %s" % (e.desc, e.info)
-        else:
-            error_message = "%s" % e.desc
-
-        module.fail_json(msg=error_message)
+        module.fail_json(msg="LDAP error: %s" % str(e))
 
     entry = LDAPEntry(module.params["dn"],
                       attributes,
@@ -279,7 +274,7 @@ def main():
         else:
             changed = entry.remove()
     except ldap.LDAPError as e:
-        module.fail_json(msg=str(e))
+        module.fail_json(msg="LDAP error: %s" % str(e))
 
     module.exit_json(changed=changed)
 
diff --git a/roles/ldap_server/library/ldap_permissions.py b/roles/ldap_server/library/ldap_permissions.py
index bc4ccea16e828084b2fe58797cdf2ca06e62ae31..fe1858e56409565a5a61414eb1883a909ae2ce0b 100644
--- a/roles/ldap_server/library/ldap_permissions.py
+++ b/roles/ldap_server/library/ldap_permissions.py
@@ -277,12 +277,7 @@ def main():
                                          module.params["bind_dn"],
                                          module.params["bind_password"])
     except ldap.LDAPError as e:
-        if e.info:
-            error_message = "%s: %s" % (e.desc, e.info)
-        else:
-            error_message = "%s" % e.desc
-
-        module.fail_json(msg=error_message)
+        module.fail_json(msg="LDAP error: %s" % str(error_message))
 
     ldap_permissions = LDAPPermissions(module.params["filter"],
                                        module.params["rules"],
@@ -290,16 +285,12 @@ def main():
 
     try:
         changed = ldap_permissions.update()
-    except ldap.LDAPError as e:
-        if e.info:
-            error_message = "%s: %s" % (e.desc, e.info)
-        else:
-            error_message = "%s" % e.desc
 
-        module.fail_json(msg=error_message)
+    except ldap.LDAPError as e:
+        module.fail_json(msg="LDAP error: %s" % str(e))
 
     except DatabaseFilteringError as e:
-        module.fail_json(msg=DatabaseFilteringError)
+        module.fail_json(msg="Module error: %s" % str(e))
 
     module.exit_json(changed=changed)