diff options
author | Rob Crittenden <rcritten@redhat.com> | 2012-03-03 19:50:21 -0500 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2012-03-04 17:23:01 -0500 |
commit | 55f89dc68940e3a4376fb80e97dbd0f2773c6ed1 (patch) | |
tree | cd47a00d33f641bae0e1281046c74deaec843155 /ipalib/rpc.py | |
parent | 356823d270a33b65ef4a34133f5d65100b5f59e4 (diff) | |
download | freeipa-55f89dc68940e3a4376fb80e97dbd0f2773c6ed1.tar.gz freeipa-55f89dc68940e3a4376fb80e97dbd0f2773c6ed1.tar.xz freeipa-55f89dc68940e3a4376fb80e97dbd0f2773c6ed1.zip |
Do kinit in client before connecting to backend
The client installer was failing because a backend connection could be
created before a kinit was done.
Allow multiple simultaneous connections. This could fail with an NSS
shutdown error when the second connection was created (objects still
in use). If all connections currently use the same database then there
is no need to initialize, let it be skipped.
Add additional logging to client installer.
https://fedorahosted.org/freeipa/ticket/2478
Diffstat (limited to 'ipalib/rpc.py')
-rw-r--r-- | ipalib/rpc.py | 31 |
1 files changed, 27 insertions, 4 deletions
diff --git a/ipalib/rpc.py b/ipalib/rpc.py index d8fee5639..16c095cb7 100644 --- a/ipalib/rpc.py +++ b/ipalib/rpc.py @@ -42,7 +42,7 @@ import kerberos from ipalib.backend import Connectible from ipalib.errors import public_errors, PublicError, UnknownError, NetworkError, KerberosError, XMLRPCMarshallError from ipalib import errors -from ipalib.request import context +from ipalib.request import context, Connection from ipapython import ipautil, dnsclient import httplib import socket @@ -215,16 +215,39 @@ class LanguageAwareTransport(Transport): class SSLTransport(LanguageAwareTransport): """Handles an HTTPS transaction to an XML-RPC server.""" + def __nss_initialized(self, dbdir): + """ + If there is another connections open it may have already + initialized NSS. This is likely to lead to an NSS shutdown + failure. One way to mitigate this is to tell NSS to not + initialize if it has already been done in another open connection. + + Returns True if another connection is using the same db. + """ + for value in context.__dict__.values(): + if not isinstance(value, Connection): + continue + if not isinstance(value.conn._ServerProxy__transport, SSLTransport): + continue + if value.conn._ServerProxy__transport.dbdir == dbdir: + return True + return False + def make_connection(self, host): host, self._extra_headers, x509 = self.get_host_info(host) - host, self._extra_headers, x509 = self.get_host_info(host) # Python 2.7 changed the internal class used in xmlrpclib from # HTTP to HTTPConnection. We need to use the proper subclass + + # If we an existing connection exists using the same NSS database + # there is no need to re-initialize. Pass thsi into the NSS + # connection creator. + self.dbdir='/etc/pki/nssdb' + no_init = self.__nss_initialized(self.dbdir) (major, minor, micro, releaselevel, serial) = sys.version_info if major == 2 and minor < 7: - conn = NSSHTTPS(host, 443, dbdir="/etc/pki/nssdb") + conn = NSSHTTPS(host, 443, dbdir=self.dbdir, no_init=no_init) else: - conn = NSSConnection(host, 443, dbdir="/etc/pki/nssdb") + conn = NSSConnection(host, 443, dbdir=self.dbdir, no_init=no_init) conn.connect() return conn |