[pve-devel] [PATCH manager] Fix #1589: auth_handler: raise exception on init_request error

Thomas Lamprecht t.lamprecht at proxmox.com
Thu Dec 7 14:00:36 CET 2017


cfs_* methods cann now die (rightfully so) when the IPCC endpoint is
not connected, or another grave IPCC error arised.

As we did not catch those problems in the RPCEnvironments
init_request method, which loads the user config, this got
propagated to the anyevents auth_handler call in its
unshift_read_header method where then all errors where processed in
the same way => with an unauthorized response logging an logged in
user out.

So catch this error and raise an internal server errror exception
instead. Anyevent needs some minor modifiaction in a separate patch
to handle PVE::Exceptions correctly, so this is the partial fix for
bug #1589

Signed-off-by: Thomas Lamprecht <t.lamprecht at proxmox.com>
---
 PVE/HTTPServer.pm | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/PVE/HTTPServer.pm b/PVE/HTTPServer.pm
index bbea3198..9a02e799 100755
--- a/PVE/HTTPServer.pm
+++ b/PVE/HTTPServer.pm
@@ -7,7 +7,7 @@ use PVE::SafeSyslog;
 use PVE::INotify;
 use PVE::Tools;
 use PVE::APIServer::AnyEvent;
-use PVE::Exception qw(raise_param_exc);
+use PVE::Exception qw(raise_param_exc raise);
 
 use PVE::RPCEnvironment;
 use PVE::AccessControl;
@@ -61,7 +61,8 @@ sub auth_handler {
     $rpcenv->set_language('C');
     $rpcenv->set_client_ip($peer_host);
 
-    $rpcenv->init_request();
+    eval { $rpcenv->init_request() };
+    raise("RPCEnvironment init request failed: $@\n") if $@;
 
     my $require_auth = 1;
 
-- 
2.11.0





More information about the pve-devel mailing list