Close connection after each request, avoid NSS shutdown problem.
The unit tests were failing when executed against an Apache server
in F-18 due to dangling references causing NSS shutdown to fail, and
potentially other places like adding host keys during client enrollment.
rob
>From c53e283986f2b00db53e28009829ba09d62930aa Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcrit...@redhat.com>
Date: Wed, 17 Oct 2012 16:58:54 -0400
Subject: [PATCH] Close connection after each request, avoid NSS shutdown
problem.
The unit tests were failing when executed against an Apache server
in F-18 due to dangling references causing NSS shutdown to fail.
https://fedorahosted.org/freeipa/ticket/3180
---
ipalib/rpc.py | 30 +++++++++++++++++++++++++-----
ipapython/nsslib.py | 6 ++++++
2 files changed, 31 insertions(+), 5 deletions(-)
diff --git a/ipalib/rpc.py b/ipalib/rpc.py
index e97536d9de5c455d3ff58c081fca37f16d087370..8389396e0e23623b5edb60d634041949f95711ce 100644
--- a/ipalib/rpc.py
+++ b/ipalib/rpc.py
@@ -257,16 +257,24 @@ class SSLTransport(LanguageAwareTransport):
# If we an existing connection exists using the same NSS database
# there is no need to re-initialize. Pass thsi into the NSS
# connection creator.
+ if sys.version_info > (2, 6):
+ if self._connection and host == self._connection[0]:
+ return self._connection[1]
+
dbdir = '/etc/pki/nssdb'
no_init = self.__nss_initialized(dbdir)
- (major, minor, micro, releaselevel, serial) = sys.version_info
- if major == 2 and minor < 7:
+ if sys.version_info < (2, 7):
conn = NSSHTTPS(host, 443, dbdir=dbdir, no_init=no_init)
else:
conn = NSSConnection(host, 443, dbdir=dbdir, no_init=no_init)
self.dbdir=dbdir
+
conn.connect()
- return conn
+ if sys.version_info < (2, 7):
+ return conn
+ else:
+ self._connection = host, conn
+ return self._connection[1]
class KerbTransport(SSLTransport):
@@ -331,6 +339,13 @@ class KerbTransport(SSLTransport):
return (host, extra_headers, x509)
+
+ def single_request(self, host, handler, request_body, verbose=0):
+ try:
+ return SSLTransport.single_request(self, host, handler, request_body, verbose)
+ finally:
+ self.close()
+
def parse_response(self, response):
session_cookie = response.getheader('Set-Cookie')
if session_cookie:
@@ -371,7 +386,8 @@ class xmlclient(Connectible):
"""
if not hasattr(self.conn, '_ServerProxy__transport'):
return None
- if type(self.conn._ServerProxy__transport) in (KerbTransport, DelegatedKerbTransport):
+ if (isinstance(self.conn._ServerProxy__transport, KerbTransport) or
+ isinstance(self.conn._ServerProxy__transport, DelegatedKerbTransport)):
scheme = "https"
else:
scheme = "http"
@@ -493,7 +509,11 @@ class xmlclient(Connectible):
return serverproxy
def destroy_connection(self):
- pass
+ if sys.version_info > (2, 6):
+ conn = getattr(context, self.id, None)
+ if conn is not None:
+ conn = conn.conn._ServerProxy__transport
+ conn.close()
def forward(self, name, *args, **kw):
"""
diff --git a/ipapython/nsslib.py b/ipapython/nsslib.py
index 06bcba64895b0ba7a6b814ed6748eff8bf5ff9b3..7afccd5685baccdb8e9eff737cb7dd4b11d46630 100644
--- a/ipapython/nsslib.py
+++ b/ipapython/nsslib.py
@@ -238,6 +238,12 @@ class NSSConnection(httplib.HTTPConnection, NSSAddressFamilyFallback):
def connect(self):
self.connect_socket(self.host, self.port)
+ def close(self):
+ """Close the connection to the HTTP server."""
+ if self.sock:
+ self.sock.close() # close it manually... there may be other refs
+ self.sock = None
+
def endheaders(self, message=None):
"""
Explicitly close the connection if an error is returned after the
--
1.7.12.1
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
