[freeipa PR#2517][opened] rpc: always read response
by frasertweedale
URL: https://github.com/freeipa/freeipa/pull/2517
Author: frasertweedale
Title: #2517: rpc: always read response
Action: opened
PR body:
"""
If the server responds 401 and the response body is empty, the
client raises ResponseNotReady. This occurs because:
1. For a non-200 response, the response read only if the
Content-Length header occurs.
2. The response must be read before another request (e.g. the
follow-up request with WWW-Authenticate header set), and this
condition was not met. For details see
https://github.com/python/cpython/blob/v3.6.7/Lib/http/client.py#L1305-L1321.
This situation should not arise in regular use, because the client
either has a session cookie, or, knowing the details of the server
it is contacting, it establishes the GSS-API context and includes
the WWW-Authenticate header in the initial request.
Nevertheless, this problem has been observed in the wild. I do not
know its ordinary cause(s), but one can force the issue by removing
an authenticated user's session cache from /run/ipa/ccaches, then
performing a request.
Resolve the issue by always reading the response. It is safe to
call response.read() regardless of whether the Content-Length header
appears, or whether the body is empty.
Fixes: https://pagure.io/freeipa/issue/7752
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/2517/head:pr2517
git checkout pr2517
5 years, 5 months