git://git.onelab.eu / sfa.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
2to3 -f except
[sfa.git] / sfa / server / threadedserver.py
diff --git a/sfa/server/threadedserver.py b/sfa/server/threadedserver.py
index 8139b0c..daf40e4 100644 (file)
--- a/sfa/server/threadedserver.py
+++ b/sfa/server/threadedserver.py
@@ -11,6 +11,7 @@ import socket
 import traceback
 import threading
 from Queue import Queue
 import traceback
 import threading
 from Queue import Queue
+import xmlrpclib
 import SocketServer
 import BaseHTTPServer
 import SimpleXMLRPCServer
 import SocketServer
 import BaseHTTPServer
 import SimpleXMLRPCServer
@@ -21,8 +22,9 @@ from sfa.util.config import Config
 from sfa.util.cache import Cache 
 from sfa.trust.certificate import Certificate
 from sfa.trust.trustedroots import TrustedRoots
 from sfa.util.cache import Cache 
 from sfa.trust.certificate import Certificate
 from sfa.trust.trustedroots import TrustedRoots
-#can we get rid of that ?
-from sfa.plc.plcsfaapi import PlcSfaApi
+
+# don't hard code an api class anymore here
+from sfa.generic import Generic
 
 ##
 # Verification callback for pyOpenSSL. We do our own checking of keys because
 
 ##
 # Verification callback for pyOpenSSL. We do our own checking of keys because
@@ -41,6 +43,7 @@ def verify_callback(conn, x509, err, depth, preverify):
     # and ignore them
 
     # XXX SMBAKER: I don't know what this error is, but it's being returned
     # and ignore them
 
     # XXX SMBAKER: I don't know what this error is, but it's being returned
+    # xxx thierry: this most likely means the cert has a validity range in the future
     # by newer pl nodes.
     if err == 9:
        #print "  X509_V_ERR_CERT_NOT_YET_VALID"
     # by newer pl nodes.
     if err == 9:
        #print "  X509_V_ERR_CERT_NOT_YET_VALID"
@@ -70,7 +73,11 @@ def verify_callback(conn, x509, err, depth, preverify):
        #print "  X509_V_ERR_CERT_UNTRUSTED"
        return 1
 
        #print "  X509_V_ERR_CERT_UNTRUSTED"
        return 1
 
-    print "  error", err, "in verify_callback"
+    # ignore X509_V_ERR_CERT_SIGNATURE_FAILURE
+    if err == 7:
+       return 1         
+
+    logger.debug("  error %s in verify_callback"%err)
 
     return 0
 
 
     return 0
 
@@ -95,17 +102,24 @@ class SecureXMLRpcRequestHandler(SimpleXMLRPCServer.SimpleXMLRPCRequestHandler):
         try:
             peer_cert = Certificate()
             peer_cert.load_from_pyopenssl_x509(self.connection.get_peer_certificate())
         try:
             peer_cert = Certificate()
             peer_cert.load_from_pyopenssl_x509(self.connection.get_peer_certificate())
-            self.api = PlcSfaApi(peer_cert = peer_cert, 
-                              interface = self.server.interface, 
-                              key_file = self.server.key_file, 
-                              cert_file = self.server.cert_file,
-                              cache = self.cache)
+            generic=Generic.the_flavour()
+            self.api = generic.make_api (peer_cert = peer_cert, 
+                                         interface = self.server.interface, 
+                                         key_file = self.server.key_file, 
+                                         cert_file = self.server.cert_file,
+                                         cache = self.cache)
+            #logger.info("SecureXMLRpcRequestHandler.do_POST:")
+            #logger.info("interface=%s"%self.server.interface)
+            #logger.info("key_file=%s"%self.server.key_file)
+            #logger.info("api=%s"%self.api)
+            #logger.info("server=%s"%self.server)
+            #logger.info("handler=%s"%self)
             # get arguments
             request = self.rfile.read(int(self.headers["content-length"]))
             remote_addr = (remote_ip, remote_port) = self.connection.getpeername()
             self.api.remote_addr = remote_addr            
             response = self.api.handle(remote_addr, request, self.server.method_map)
             # get arguments
             request = self.rfile.read(int(self.headers["content-length"]))
             remote_addr = (remote_ip, remote_port) = self.connection.getpeername()
             self.api.remote_addr = remote_addr            
             response = self.api.handle(remote_addr, request, self.server.method_map)
-        except Exception, fault:
+        except Exception as fault:
             # This should only happen if the module is buggy
             # internal error, report as HTTP server error
             logger.log_exc("server.do_POST")
             # This should only happen if the module is buggy
             # internal error, report as HTTP server error
             logger.log_exc("server.do_POST")
@@ -113,26 +127,31 @@ class SecureXMLRpcRequestHandler(SimpleXMLRPCServer.SimpleXMLRPCRequestHandler):
             #self.send_response(500)
             #self.end_headers()
        
             #self.send_response(500)
             #self.end_headers()
        
-        # got a valid response
-        self.send_response(200)
-        self.send_header("Content-type", "text/xml")
-        self.send_header("Content-length", str(len(response)))
-        self.end_headers()
-        self.wfile.write(response)
-
-        # shut down the connection
-        self.wfile.flush()
-        self.connection.shutdown() # Modified here!
+        # avoid session/connection leaks : do this no matter what 
+        finally:
+            self.send_response(200)
+            self.send_header("Content-type", "text/xml")
+            self.send_header("Content-length", str(len(response)))
+            self.end_headers()
+            self.wfile.write(response)
+            self.wfile.flush()
+            # close db connection
+            self.api.close_dbsession()
+            # shut down the connection
+            self.connection.shutdown() # Modified here!
 
 ##
 # Taken from the web (XXX find reference). Implements an HTTPS xmlrpc server
 class SecureXMLRPCServer(BaseHTTPServer.HTTPServer,SimpleXMLRPCServer.SimpleXMLRPCDispatcher):
 
 ##
 # Taken from the web (XXX find reference). Implements an HTTPS xmlrpc server
 class SecureXMLRPCServer(BaseHTTPServer.HTTPServer,SimpleXMLRPCServer.SimpleXMLRPCDispatcher):
+
     def __init__(self, server_address, HandlerClass, key_file, cert_file, logRequests=True):
     def __init__(self, server_address, HandlerClass, key_file, cert_file, logRequests=True):
-        """Secure XML-RPC server.
+        """
+        Secure XML-RPC server.
 
         It it very similar to SimpleXMLRPCServer but it uses HTTPS for transporting XML data.
         """
 
         It it very similar to SimpleXMLRPCServer but it uses HTTPS for transporting XML data.
         """
-        logger.debug("SecureXMLRPCServer.__init__, server_address=%s, cert_file=%s"%(server_address,cert_file))
+        logger.debug("SecureXMLRPCServer.__init__, server_address=%s, " 
+                     "cert_file=%s, key_file=%s"%(server_address,cert_file,key_file))
         self.logRequests = logRequests
         self.interface = None
         self.key_file = key_file
         self.logRequests = logRequests
         self.interface = None
         self.key_file = key_file
sfa