server: exclude Local commands from RPC

Local API commands are not supposed to be executed over RPC but only locally on the server. They are already excluded from API schema, exclude them also from RPC and `batch` and `json_metadata` commands. https://fedorahosted.org/freeipa/ticket/4739 Reviewed-By: David Kupka <dkupka@redhat.com>
2025-02-25 18:55:28 -06:00 · 2016-06-30 09:32:00 +02:00
parent 8278da6967
commit 2beb72ffa4
3 changed files with 23 additions and 10 deletions
--- a/ipaserver/plugins/batch.py
+++ b/ipaserver/plugins/batch.py
@@ -49,6 +49,7 @@ import six
 from ipalib import api, errors
 from ipalib import Command
 from ipalib.frontend import Local
 from ipalib.parameters import Str, Dict
 from ipalib.output import Output
 from ipalib.text import _
@@ -98,7 +99,8 @@ class batch(Command):
                if 'params' not in arg:
                    raise errors.RequirementError(name='params')
                name = arg['method']
-                if name not in self.Command:
+                if (name not in self.api.Command or
                        isinstance(self.api.Command[name], Local)):
                    raise errors.CommandError(name=name)
                # If params are not formated as a tuple(list, dict)
--- a/ipaserver/plugins/internal.py
+++ b/ipaserver/plugins/internal.py
@@ -24,6 +24,7 @@ Plugins not accessible directly through the CLI, commands used internally
 """
 from ipalib import Command
 from ipalib import Str
 from ipalib.frontend import Local
 from ipalib.output import Output
 from ipalib.text import _
 from ipalib.util import json_serialize
@@ -91,13 +92,15 @@ class json_metadata(Command):
        try:
            if not methodname:
                methodname = options['method']
-            if methodname in self.api.Method:
+            if (methodname in self.api.Method and
                    not isinstance(self.api.Method[methodname], Local)):
                m = self.api.Method[methodname]
                methods = dict([(m.name, json_serialize(m))])
            elif methodname == "all":
                methods = dict(
                    (m.name, json_serialize(m)) for m in self.api.Method()
-                    if m is self.api.Method[m.name]
+                    if (m is self.api.Method[m.name] and
                        not isinstance(m, Local))
                )
            empty = False
        except KeyError:
@@ -105,13 +108,15 @@ class json_metadata(Command):
        try:
            cmdname = options['command']
-            if cmdname in self.api.Command:
+            if (cmdname in self.api.Command and
                    not isinstance(self.api.Command[cmdname], Local)):
                c = self.api.Command[cmdname]
                commands = dict([(c.name, json_serialize(c))])
            elif cmdname == "all":
                commands = dict(
                    (c.name, json_serialize(c)) for c in self.api.Command()
-                    if c is self.api.Command[c.name]
+                    if (c is self.api.Command[c.name] and
                        not isinstance(c, Local))
                )
            empty = False
        except KeyError:
@@ -124,11 +129,13 @@ class json_metadata(Command):
            )
            methods = dict(
                (m.name, json_serialize(m)) for m in self.api.Method()
-                if m is self.api.Method[m.name]
+                if (m is self.api.Method[m.name] and
                    not isinstance(m, Local))
            )
            commands = dict(
                (c.name, json_serialize(c)) for c in self.api.Command()
-                if c is self.api.Command[c.name]
+                if (c is self.api.Command[c.name] and
                    not isinstance(c, Local))
            )
        retval = dict([
--- a/ipaserver/rpcserver.py
+++ b/ipaserver/rpcserver.py
@@ -40,6 +40,7 @@ from six.moves.urllib.parse import parse_qs
 from ipalib import plugable, errors
 from ipalib.capabilities import VERSION_WITHOUT_CAPABILITIES
 from ipalib.frontend import Local
 from ipalib.backend import Executioner
 from ipalib.errors import (PublicError, InternalError, CommandError, JSONError,
    CCacheError, RefererError, InvalidSessionPassword, NotFound, ACIError,
@@ -344,7 +345,8 @@ class WSGIExecutioner(Executioner):
                (name, args, options, _id) = self.simple_unmarshal(environ)
            if name in self._system_commands:
                result = self._system_commands[name](self, *args, **options)
-            elif name not in self.Command:
+            elif (name not in self.api.Command or
                    isinstance(self.api.Command[name], Local)):
                raise CommandError(name=name)
            else:
                result = self.Command[name](*args, **options)
@@ -696,7 +698,8 @@ class xmlserver(KerberosWSGIExecutioner):
            # TODO
            # for now let's not go out of our way to document standard XML-RPC
            return u'undef'
-        elif method_name in self.Command:
+        elif (method_name in self.api.Command and
                not isinstance(self.api.Command[method_name], Local)):
            # All IPA commands return a dict (struct),
            # and take a params, options - list and dict (array, struct)
            return [[u'struct', u'array', u'struct']]
@@ -708,7 +711,8 @@ class xmlserver(KerberosWSGIExecutioner):
        method_name = self._get_method_name('system.methodHelp', *params)
        if method_name in self._system_commands:
            return u''
-        elif method_name in self.Command:
+        elif (method_name in self.api.Command and
                not isinstance(self.api.Command[method_name], Local)):
            return unicode(self.Command[method_name].doc or '')
        else:
            raise errors.CommandError(name=method_name)