 Home |
Products |
Support |
Community |
News |
xen-api
[Xen-API] [PATCH] CA-36252: non-RBAC errors in xapi_http should pass thr
| To: | xen-api <xen-api@xxxxxxxxxxxxxxxxxxx> |
|---|---|
| Subject: | [Xen-API] [PATCH] CA-36252: non-RBAC errors in xapi_http should pass through |
| From: | Marcus Granado <marcus.granado@xxxxxxxxxx> |
| Date: | Mon, 1 Feb 2010 16:29:26 +0000 |
| Delivery-date: | Mon, 01 Feb 2010 08:31:57 -0800 |
| Envelope-to: | www-data@xxxxxxxxxxxxxxxxxxx |
| List-help: | <mailto:xen-api-request@lists.xensource.com?subject=help> |
| List-id: | Discussion of API issues surrounding Xen <xen-api.lists.xensource.com> |
| List-post: | <mailto:xen-api@lists.xensource.com> |
| List-subscribe: | <http://lists.xensource.com/mailman/listinfo/xen-api>, <mailto:xen-api-request@lists.xensource.com?subject=subscribe> |
| List-unsubscribe: | <http://lists.xensource.com/mailman/listinfo/xen-api>, <mailto:xen-api-request@lists.xensource.com?subject=unsubscribe> |
| Sender: | xen-api-bounces@xxxxxxxxxxxxxxxxxxx |
# HG changeset patch
# User Marcus Granado <marcus.granado@xxxxxxxxxx>
# Date 1265040437 0
# Node ID b3c4de44c72e5a85d70e3b94178fa8c83ed2db33
# Parent 7ed4bfa16208f5574246fa4bcf486bc53332fe54
CA-36252: non-RBAC errors in xapi_http should pass through
Signed-off-by: Marcus Granado <marcus.granado@xxxxxxxxxxxxx>
diff -r 7ed4bfa16208 -r b3c4de44c72e ocaml/xapi/xapi_http.ml
--- a/ocaml/xapi/xapi_http.ml Mon Feb 01 14:09:52 2010 +0000
+++ b/ocaml/xapi/xapi_http.ml Mon Feb 01 16:07:17 2010 +0000
@@ -89,7 +89,7 @@
then Some (Ref.of_string (List.assoc "task_id" all))
else None
in
- let rbac_raise permission msg =
+ let rbac_raise permission msg exc =
(match task_id with
| None -> ()
| Some task_id ->
@@ -97,7 +97,7 @@
~__context:(Context.from_forwarded_task task_id)
(Api_errors.rbac_permission_denied,[permission;msg])
);
- raise (Http.Forbidden)
+ raise exc
in
let rbac_task_desc = "handler" in
let rbac_check session_id =
@@ -107,8 +107,8 @@
with
| Api_errors.Server_error (err,[perm;msg])
when err = Api_errors.rbac_permission_denied
- -> rbac_raise perm msg
- | e -> rbac_raise http_permission
(ExnHelper.string_of_exn e)
+ -> rbac_raise perm msg Http.Forbidden
+ | e -> rbac_raise http_permission
(ExnHelper.string_of_exn e) e
)
in
if List.mem_assoc "session_id" all
@@ -228,15 +228,16 @@
| Http_svr.BufIO callback ->
Http_svr.BufIO (fun req ic ->
(try
- (try
if check_rbac
then (* rbac checks *)
+ (try
assert_credentials_ok name req ~fn:(fun
() -> callback req ic)
+ with e ->
+ debug "Leaving RBAC-handler in xapi_http after:
%s" (ExnHelper.string_of_exn e);
+ raise e
+ )
else (* no rbac checks *)
callback req ic
- with e ->
- error "RBAC: %s" (ExnHelper.string_of_exn e);
- raise e)
with
| Api_errors.Server_error(name, params) as e ->
error "Unhandled Api_errors.Server_error(%s, [
%s ])" name (String.concat "; " params);
1 file changed, 9 insertions(+), 8 deletions(-)
ocaml/xapi/xapi_http.ml | 17 +++++++++--------
_______________________________________________ xen-api mailing list xen-api@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/mailman/listinfo/xen-api |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | RE: [Xen-API] Remus in XCP, Stephen Spector |
|---|---|
| Next by Date: | [Xen-API] [PATCH 04 of 12] [PCR0047] Adds to Ocamltest a new test case constructor "make_function_test_case", useful for making a test case that tests a single function, Jonathan Knowles |
| Previous by Thread: | [Xen-API] [PATCH] CA-35968: read-only roles can call pool.ha_compute_hypothetical_max_host_failures_to_tolerate, Marcus Granado |
| Next by Thread: | [Xen-API] [PATCH 00 of 12] [PCR-0047] Enhances XCP guest-memory-field-checking logic so that XCP can choose the most appropriate set of constraints to apply for the current context., Jonathan Knowles |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
