# HG changeset patch # User Marcus Granado # Date 1265040437 0 # Node ID b3c4de44c72e5a85d70e3b94178fa8c83ed2db33 # Parent 7ed4bfa16208f5574246fa4bcf486bc53332fe54 CA-36252: non-RBAC errors in xapi_http should pass through Signed-off-by: Marcus Granado diff -r 7ed4bfa16208 -r b3c4de44c72e ocaml/xapi/xapi_http.ml --- a/ocaml/xapi/xapi_http.ml Mon Feb 01 14:09:52 2010 +0000 +++ b/ocaml/xapi/xapi_http.ml Mon Feb 01 16:07:17 2010 +0000 @@ -89,7 +89,7 @@ then Some (Ref.of_string (List.assoc "task_id" all)) else None in - let rbac_raise permission msg = + let rbac_raise permission msg exc = (match task_id with | None -> () | Some task_id -> @@ -97,7 +97,7 @@ ~__context:(Context.from_forwarded_task task_id) (Api_errors.rbac_permission_denied,[permission;msg]) ); - raise (Http.Forbidden) + raise exc in let rbac_task_desc = "handler" in let rbac_check session_id = @@ -107,8 +107,8 @@ with | Api_errors.Server_error (err,[perm;msg]) when err = Api_errors.rbac_permission_denied - -> rbac_raise perm msg - | e -> rbac_raise http_permission (ExnHelper.string_of_exn e) + -> rbac_raise perm msg Http.Forbidden + | e -> rbac_raise http_permission (ExnHelper.string_of_exn e) e ) in if List.mem_assoc "session_id" all @@ -228,15 +228,16 @@ | Http_svr.BufIO callback -> Http_svr.BufIO (fun req ic -> (try - (try if check_rbac then (* rbac checks *) + (try assert_credentials_ok name req ~fn:(fun () -> callback req ic) + with e -> + debug "Leaving RBAC-handler in xapi_http after: %s" (ExnHelper.string_of_exn e); + raise e + ) else (* no rbac checks *) callback req ic - with e -> - error "RBAC: %s" (ExnHelper.string_of_exn e); - raise e) with | Api_errors.Server_error(name, params) as e -> error "Unhandled Api_errors.Server_error(%s, [ %s ])" name (String.concat "; " params);