From ae8d12b2f764fa49bebf263ec646709900d90a6b Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka Date: Wed, 31 May 2017 15:45:19 +0200 Subject: [PATCH] rpc: preparations for recursion fix Made several improvements to coding style: - same use of KerberosError throughout the module - removed some unused variables - moved code from try-except blocks if it didn't have to be there - preparations for putting most of RPCClient.create_connection() to loop https://pagure.io/freeipa/issue/6796 Reviewed-By: Florence Blanc-Renaud --- ipalib/rpc.py | 27 +++++++++++++++++---------- 1 file changed, 17 insertions(+), 10 deletions(-) diff --git a/ipalib/rpc.py b/ipalib/rpc.py index 297ed80414fae3d8b27558567425fec704f3e862..b12ce4c5365299332587ad0d2990ca30070217bf 100644 --- a/ipalib/rpc.py +++ b/ipalib/rpc.py @@ -52,7 +52,7 @@ from six.moves import urllib from ipalib.backend import Connectible from ipalib.constants import LDAP_GENERALIZED_TIME_FORMAT from ipalib.errors import (public_errors, UnknownError, NetworkError, - KerberosError, XMLRPCMarshallError, JSONError) + XMLRPCMarshallError, JSONError) from ipalib import errors, capabilities from ipalib.request import context, Connection from ipapython.ipa_log_manager import root_logger @@ -653,7 +653,7 @@ class KerbTransport(SSLTransport): except (TypeError, UnicodeError): pass if not token: - raise KerberosError( + raise errors.KerberosError( message=u"No valid Negotiate header in server response") token = self._sec_context.step(token=token) if self._sec_context.complete: @@ -979,8 +979,10 @@ class RPCClient(Connectible): delegate = self.api.env.delegate if ca_certfile is None: ca_certfile = self.api.env.tls_ca_cert + context.ca_certfile = ca_certfile + + rpc_uri = self.env[self.env_rpc_uri_key] try: - rpc_uri = self.env[self.env_rpc_uri_key] principal = get_principal(ccache_name=ccache) stored_principal = getattr(context, 'principal', None) if principal != stored_principal: @@ -996,12 +998,14 @@ class RPCClient(Connectible): except (errors.CCacheError, ValueError): # No session key, do full Kerberos auth pass - context.ca_certfile = ca_certfile urls = self.get_url_list(rpc_uri) serverproxy = None for url in urls: - kw = dict(allow_none=True, encoding='UTF-8') - kw['verbose'] = verbose + kw = { + 'allow_none': True, + 'encoding': 'UTF-8', + 'verbose': verbose + } if url.startswith('https://'): if delegate: transport_class = DelegatedKerbTransport @@ -1036,21 +1040,24 @@ class RPCClient(Connectible): ) # We don't care about the response, just that we got one break - except KerberosError as krberr: + except errors.KerberosError: # kerberos error on one server is likely on all - raise errors.KerberosError(message=unicode(krberr)) + raise except ProtocolError as e: if hasattr(context, 'session_cookie') and e.errcode == 401: # Unauthorized. Remove the session and try again. delattr(context, 'session_cookie') try: delete_persistent_client_session_data(principal) - except Exception as e: + except Exception: # This shouldn't happen if we have a session but it isn't fatal. pass - return self.create_connection(ccache, verbose, fallback, delegate) + return self.create_connection( + ccache, verbose, fallback, delegate) if not fallback: raise + else: + self.log.info('Connection to %s failed with %s', url, e) serverproxy = None except Exception as e: if not fallback: -- 2.9.4