[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-API] [PATCH] CA-36252: non-RBAC errors in xapi_http should pass through



# HG changeset patch
# User Marcus Granado <marcus.granado@xxxxxxxxxx>
# Date 1265040437 0
# Node ID b3c4de44c72e5a85d70e3b94178fa8c83ed2db33
# Parent  7ed4bfa16208f5574246fa4bcf486bc53332fe54
CA-36252: non-RBAC errors in xapi_http should pass through

Signed-off-by: Marcus Granado <marcus.granado@xxxxxxxxxxxxx>

diff -r 7ed4bfa16208 -r b3c4de44c72e ocaml/xapi/xapi_http.ml
--- a/ocaml/xapi/xapi_http.ml   Mon Feb 01 14:09:52 2010 +0000
+++ b/ocaml/xapi/xapi_http.ml   Mon Feb 01 16:07:17 2010 +0000
@@ -89,7 +89,7 @@
                then Some (Ref.of_string (List.assoc "task_id" all))
                else None
        in
-       let rbac_raise permission msg =
+       let rbac_raise permission msg exc =
     (match task_id with
                         | None -> ()
                         | Some task_id ->
@@ -97,7 +97,7 @@
                                                 
~__context:(Context.from_forwarded_task task_id)
                                                 
(Api_errors.rbac_permission_denied,[permission;msg])
     );
-    raise (Http.Forbidden)
+    raise exc
        in
        let rbac_task_desc = "handler" in
        let rbac_check session_id =
@@ -107,8 +107,8 @@
      with 
                         | Api_errors.Server_error (err,[perm;msg])
                                 when err = Api_errors.rbac_permission_denied
-                                -> rbac_raise perm msg
-                        | e -> rbac_raise http_permission 
(ExnHelper.string_of_exn e)
+                                -> rbac_raise perm msg Http.Forbidden
+                        | e -> rbac_raise http_permission 
(ExnHelper.string_of_exn e) e
                )
        in
   if List.mem_assoc "session_id" all
@@ -228,15 +228,16 @@
        | Http_svr.BufIO callback ->
                Http_svr.BufIO (fun req ic ->
                        (try 
-                          (try
                                if check_rbac 
                                then (* rbac checks *)
+                          (try
                                        assert_credentials_ok name req ~fn:(fun 
() -> callback req ic)
+                           with e ->
+                             debug "Leaving RBAC-handler in xapi_http after: 
%s" (ExnHelper.string_of_exn e);
+                             raise e
+                                )
                                else (* no rbac checks *)
                                        callback req ic
-                           with e ->
-                             error "RBAC: %s" (ExnHelper.string_of_exn e);
-                             raise e)
                        with
                        | Api_errors.Server_error(name, params) as e ->
                                error "Unhandled Api_errors.Server_error(%s, [ 
%s ])" name (String.concat "; " params);
1 file changed, 9 insertions(+), 8 deletions(-)
ocaml/xapi/xapi_http.ml |   17 +++++++++--------


Attachment: xen-api.hg.patch
Description: Text Data

_______________________________________________
xen-api mailing list
xen-api@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/mailman/listinfo/xen-api

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.