diff options
-rw-r--r-- | ipalib/config.py | 9 | ||||
-rw-r--r-- | ipalib/errors2.py | 22 | ||||
-rw-r--r-- | ipalib/plugable.py | 2 | ||||
-rw-r--r-- | ipalib/plugins/f_ra.py | 10 | ||||
-rw-r--r-- | ipaserver/__init__.py | 28 | ||||
-rwxr-xr-x | ipaserver/mod_python_xmlrpc.py | 94 | ||||
-rw-r--r-- | ipaserver/plugins/b_ldap.py | 2 | ||||
-rw-r--r-- | ipaserver/plugins/b_ra.py | 3 | ||||
-rw-r--r-- | ipaserver/rpcserver.py | 26 | ||||
-rwxr-xr-x | setup.py | 2 |
10 files changed, 103 insertions, 95 deletions
diff --git a/ipalib/config.py b/ipalib/config.py index 735cf0a1f..42d7ab578 100644 --- a/ipalib/config.py +++ b/ipalib/config.py @@ -432,8 +432,9 @@ class Env(object): self.site_packages = path.dirname(self.ipalib) self.script = path.abspath(sys.argv[0]) self.bin = path.dirname(self.script) - self.home = path.abspath(os.environ['HOME']) - self.dot_ipa = path.join(self.home, '.ipa') + self.home = os.environ.get('HOME', None) + self.etc = path.join('/', 'etc', 'ipa') + self.dot_ipa = self._join('home', '.ipa') self._merge(**overrides) if 'in_tree' not in self: if self.bin == self.site_packages and \ @@ -454,6 +455,10 @@ class Env(object): if 'conf_dir' not in self: self.conf_dir = base + def _join(self, key, *parts): + if key in self and self[key] is not None: + return path.join(self[key], *parts) + def _finalize_core(self, **defaults): """ Complete initialization of standard IPA environment. diff --git a/ipalib/errors2.py b/ipalib/errors2.py index d1ece25d5..ebb1fdaf6 100644 --- a/ipalib/errors2.py +++ b/ipalib/errors2.py @@ -410,9 +410,26 @@ class KerberosError(AuthenticationError): errno = 1100 +class CCacheError(KerberosError): + """ + **1101** Raised when sever does not recieve Kerberose credentials. + + For example: + + >>> raise CCacheError() + Traceback (most recent call last): + ... + CCacheError: did not receive Kerberos credentials + + """ + + errno = 1101 + format = _('did not receive Kerberos credentials') + + class ServiceError(KerberosError): """ - **1101** Raised when service is not found in Kerberos DB. + **1102** Raised when service is not found in Kerberos DB. For example: @@ -420,10 +437,9 @@ class ServiceError(KerberosError): Traceback (most recent call last): ... ServiceError: Service 'HTTP@localhost' not found in Kerberos database - """ - errno = 1101 + errno = 1102 format = _('Service %(service)r not found in Kerberos database') diff --git a/ipalib/plugable.py b/ipalib/plugable.py index 5a0076972..cf2919f1f 100644 --- a/ipalib/plugable.py +++ b/ipalib/plugable.py @@ -561,6 +561,8 @@ class API(DictProxy): # Add file handler: if self.env.mode in ('dummy', 'unit_test'): return # But not if in unit-test mode + if self.env.log is None: + return log_dir = path.dirname(self.env.log) if not path.isdir(log_dir): try: diff --git a/ipalib/plugins/f_ra.py b/ipalib/plugins/f_ra.py index 7ac84e65f..6a5b3984c 100644 --- a/ipalib/plugins/f_ra.py +++ b/ipalib/plugins/f_ra.py @@ -41,7 +41,7 @@ class request_certificate(Command): else: textui.print_plain('Failed to submit a certificate request.') -api.register(request_certificate) +#api.register(request_certificate) class get_certificate(Command): @@ -58,7 +58,7 @@ class get_certificate(Command): else: textui.print_plain('Failed to obtain a certificate.') -api.register(get_certificate) +#api.register(get_certificate) class check_request_status(Command): @@ -76,7 +76,7 @@ class check_request_status(Command): else: textui.print_plain('Failed to retrieve a request status.') -api.register(check_request_status) +#api.register(check_request_status) class revoke_certificate(Command): @@ -97,7 +97,7 @@ class revoke_certificate(Command): else: textui.print_plain('Failed to revoke a certificate.') -api.register(revoke_certificate) +#api.register(revoke_certificate) class take_certificate_off_hold(Command): @@ -114,4 +114,4 @@ class take_certificate_off_hold(Command): else: textui.print_plain('Failed to take a revoked certificate off hold.') -api.register(take_certificate_off_hold) +#api.register(take_certificate_off_hold) diff --git a/ipaserver/__init__.py b/ipaserver/__init__.py index b0be96bd2..35f96c7f6 100644 --- a/ipaserver/__init__.py +++ b/ipaserver/__init__.py @@ -20,3 +20,31 @@ """ Package containing server backend. """ + +from xmlrpclib import dumps, Fault +from ipalib import api + +try: + from mod_python import apache + api.bootstrap(context='server', log=None, debug=True) + api.finalize() +except ImportError: + pass + + +def xmlrpc(req): + if req.method != 'POST': + req.allow_methods(['POST'], 1) + return apache.HTTP_METHOD_NOT_ALLOWED + + if apache.mpm_query(apache.AP_MPMQ_IS_THREADED): + response = dumps( + Fault(3, 'Apache must use the forked model'), methodresponse=True + ) + else: + response = api.Backend.xmlserver.marshaled_dispatch(req.read(), None) + + req.content_type = 'text/xml' + req.set_content_length(len(response)) + req.write(response) + return apache.OK diff --git a/ipaserver/mod_python_xmlrpc.py b/ipaserver/mod_python_xmlrpc.py index 372376aca..42a7c28c7 100755 --- a/ipaserver/mod_python_xmlrpc.py +++ b/ipaserver/mod_python_xmlrpc.py @@ -29,29 +29,21 @@ Production XML-RPC server using mod_python. import sys import os - - import time import traceback import pprint -from xmlrpclib import Marshaller,loads,dumps,Fault +import logging +import string +from ipalib import api + +# We only initialize api when actually running under mod_python: try: from mod_python import apache + api.bootstrap(context='server', in_server=True, log=None) + api.finalize() except ImportError: pass -import logging -import ldap -from ipalib import api -from ipalib import config -from ipaserver import conn -from ipaserver.servercore import context -from ipaserver.servercore import ipautil -from ipalib.util import xmlrpc_unmarshal - -import string - -api.load_plugins() # Global list of available functions gfunctions = {} @@ -116,57 +108,14 @@ class ModXMLRPCRequestHandler(object): context.opts['remoteuser'] = req.user - if req.subprocess_env.get("KRB5CCNAME") is not None: - krbccache = req.subprocess_env.get("KRB5CCNAME") - else: - response = dumps(Fault(5, "Did not receive Kerberos credentials.")) - return response - - debuglevel = logging.INFO - if pythonopts.get("IPADebug"): - context.opts['ipadebug'] = pythonopts.get("IPADebug").lower() - - if context.opts['ipadebug'] == "on": - debuglevel = logging.DEBUG - - if not context.opts.get('ipadebug'): - context.opts['ipadebug'] = "off" - - logging.basicConfig(level=debuglevel, - format='[%(asctime)s] [%(levelname)s] %(message)s', - datefmt='%a %b %d %H:%M:%S %Y', - stream=sys.stderr) - - logging.info("Interpreter: %s" % req.interpreter) - - -# if opts['ipadebug'] == "on": -# for o in opts: -# logging.debug("IPA: setting option %s: %s" % (o, opts[o])) -# for e in req.subprocess_env: -# logging.debug("IPA: environment %s: %s" % (e, req.subprocess_env[e])) - - context.conn = conn.IPAConn(api.env.ldaphost, api.env.ldapport, krbccache, context.opts.get('ipadebug')) - - start = time.time() - # generate response try: - response = self._dispatch(method, params) - # wrap response in a singleton tuple - response = (response,) - response = dumps(response, methodresponse=1, allow_none=1) - except Fault, e: - response = dumps(Fault(e.faultCode, e.faultString)) - except: - self.traceback = True - # report exception back to server - e_class, e = sys.exc_info()[:2] - faultCode = getattr(e_class,'faultCode',1) - tb_str = ''.join(traceback.format_exception(*sys.exc_info())) - faultString = tb_str - response = dumps(Fault(faultCode, faultString)) - - return response + ccache = req.subprocess_env.get('KRB5CCNAME') + return api.Backend.xmlserver.marshaled_dispatch(data, ccache) + except Exception, e: + api.log.exception( + 'mod_python_xmlrpc: caught error in _marshaled_dispatch()' + ) + raise e def _dispatch(self,method,params): func = self.funcs.get(method,None) @@ -347,22 +296,7 @@ def load_modules(): PythonHandler ipaxmlrpc """ - # setup up the logger with a DEBUG level. It may get reset to INFO - # once we start processing requests. We don't have access to the - # Apache configuration yet. - setup_logger(logging.DEBUG) - - api.finalize() - - # Initialize our environment - config.set_default_env(api.env) - env_dict = config.read_config() - env_dict['server_context'] = True - api.env.update(env_dict) - # Get and register all the methods for cmd in api.Command: logging.debug("registering XML-RPC call %s" % cmd) register_function(api.Command[cmd], cmd) - - return diff --git a/ipaserver/plugins/b_ldap.py b/ipaserver/plugins/b_ldap.py index c1262f528..f12e6155d 100644 --- a/ipaserver/plugins/b_ldap.py +++ b/ipaserver/plugins/b_ldap.py @@ -42,6 +42,8 @@ class ldap(CrudBackend): super(ldap, self).__init__() def create_connection(self, ccache): + if ccache is None: + raise errors2.CCacheError() conn = ipaldap.IPAdmin(self.env.ldap_host, self.env.ldap_port) principle = krbV.CCache( name=ccache, context=krbV.default_context() diff --git a/ipaserver/plugins/b_ra.py b/ipaserver/plugins/b_ra.py index f0363bf15..69674cd0a 100644 --- a/ipaserver/plugins/b_ra.py +++ b/ipaserver/plugins/b_ra.py @@ -67,6 +67,7 @@ class ra(Backend): self.__create_nss_db() self.__import_ca_chain() self.__request_ipa_certificate(self.__generate_ipa_request()) + assert False super(ra, self).__init__() @@ -404,4 +405,4 @@ class ra(Backend): # api.log.debug("IPA-RA: stderr: '%s'" % stderr) return (p.returncode, stdout, stderr) -api.register(ra) +#api.register(ra) diff --git a/ipaserver/rpcserver.py b/ipaserver/rpcserver.py index cb0a464cc..36742b094 100644 --- a/ipaserver/rpcserver.py +++ b/ipaserver/rpcserver.py @@ -46,15 +46,35 @@ class xmlserver(Executioner): Also see the `ipalib.rpc.xmlclient` plugin. """ + def finalize(self): + self.__system = { + 'system.listMethods': self.listMethods, + 'system.methodSignature': self.methodSignature, + 'system.methodHelp': self.methodHelp, + } + super(xmlserver, self).finalize() + + def listMethods(self, *params): + return tuple(name.encode('UTF-8') for name in self.Command) + + def methodSignature(self, *params): + return 'methodSignature not supported' + + def methodHelp(self, *params): + return 'methodHelp not supported' + def marshaled_dispatch(self, data, ccache): """ Execute the XML-RPC request in contained in ``data``. """ try: - self.create_context(ccache=ccache) + #self.create_context(ccache=ccache) (params, name) = xml_loads(data) - (args, options) = params_2_args_options(params) - response = (self.execute(name, *args, **options),) + if name in self.__system: + response = (self.__system[name](*params),) + else: + (args, options) = params_2_args_options(params) + response = (self.execute(name, *args, **options),) except PublicError, e: self.info('response: %s: %s', e.__class__.__name__, str(e)) response = Fault(e.errno, e.strerror) @@ -27,7 +27,7 @@ from distutils.core import setup setup( name='freeipa', - version='1.99.0', + version='1.99.1', license='GPLv2+', url='http://freeipa.org/', packages=[ |