Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Backport][ipa-4-6] rpc: always read response #2519

Closed
wants to merge 1 commit into from
Closed

[Backport][ipa-4-6] rpc: always read response #2519

wants to merge 1 commit into from

Conversation

tiran
Copy link
Member

@tiran tiran commented Nov 7, 2018

This PR was opened automatically because PR #2517 was pushed to master and backport to ipa-4-6 is required.

@frasertweedale @tiran
rpc: always read response
7d3645b 
If the server responds 401 and the response body is empty, the
client raises ResponseNotReady.  This occurs because:

1. For a non-200 response, the response read only if the
   Content-Length header occurs.

2. The response must be read before another request (e.g. the
   follow-up request with WWW-Authenticate header set), and this
   condition was not met.  For details see
   https://github.com/python/cpython/blob/v3.6.7/Lib/http/client.py#L1305-L1321.

This situation should not arise in regular use, because the client
either has a session cookie, or, knowing the details of the server
it is contacting, it establishes the GSS-API context and includes
the WWW-Authenticate header in the initial request.

Nevertheless, this problem has been observed in the wild.  I do not
know its ordinary cause(s), but one can force the issue by removing
an authenticated user's session cache from /run/ipa/ccaches, then
performing a request.

Resolve the issue by always reading the response.  It is safe to
call response.read() regardless of whether the Content-Length header
appears, or whether the body is empty.

Fixes: https://pagure.io/freeipa/issue/7752
@tiran
Copy link
Member Author

tiran commented Nov 7, 2018

PR was ACKed automatically because this is backport of PR #2517. Wait for CI to finish before pushing. In case of questions or problems contact @frasertweedale who is author of the original PR.

@tiran tiran added ack Pull Request approved, can be merged pushed Pull Request has already been pushed labels Nov 7, 2018
@tiran
Copy link
Member Author

tiran commented Nov 7, 2018

ipa-4-6:

  • a877dbe rpc: always read response

@tiran tiran closed this Nov 7, 2018
@tiran tiran deleted the backport_pr2517_ipa-4-6 branch March 29, 2019 09:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
ack Pull Request approved, can be merged pushed Pull Request has already been pushed
Projects
None yet
Milestone
No milestone
2 participants
@tiran @frasertweedale