Close connection after each request, avoid NSS shutdown problem.

The unit tests were failing when executed against an Apache server in F-18 due to dangling references causing NSS shutdown to fail. https://fedorahosted.org/freeipa/ticket/3180
2025-02-25 18:55:28 -06:00 · 2012-10-17 16:58:54 -04:00 · 2012-10-17 16:58:54 -04:00 · fb7575d6b7
commit fb7575d6b7
parent 445744206b
2 changed files with 30 additions and 5 deletions
--- a/ipalib/rpc.py
+++ b/ipalib/rpc.py
@ -257,16 +257,24 @@ class SSLTransport(LanguageAwareTransport):
        # If we an existing connection exists using the same NSS database
        # there is no need to re-initialize. Pass thsi into the NSS
        # connection creator.
+        if sys.version_info >= (2, 7):
+            if self._connection and host == self._connection[0]:
+                return self._connection[1]
+
        dbdir = '/etc/pki/nssdb'
        no_init = self.__nss_initialized(dbdir)
-        (major, minor, micro, releaselevel, serial) = sys.version_info
-        if major == 2 and minor < 7:
+        if sys.version_info < (2, 7):
            conn = NSSHTTPS(host, 443, dbdir=dbdir, no_init=no_init)
        else:
            conn = NSSConnection(host, 443, dbdir=dbdir, no_init=no_init)
        self.dbdir=dbdir
+
        conn.connect()
-        return conn
+        if sys.version_info < (2, 7):
+            return conn
+        else:
+            self._connection = host, conn
+            return self._connection[1]


 class KerbTransport(SSLTransport):
@ -331,6 +339,12 @@ class KerbTransport(SSLTransport):

        return (host, extra_headers, x509)

+    def single_request(self, host, handler, request_body, verbose=0):
+        try:
+            return SSLTransport.single_request(self, host, handler, request_body, verbose)
+        finally:
+            self.close()
+
    def parse_response(self, response):
        session_cookie = response.getheader('Set-Cookie')
        if session_cookie:
@ -371,7 +385,8 @@ class xmlclient(Connectible):
        """
        if not hasattr(self.conn, '_ServerProxy__transport'):
            return None
-        if type(self.conn._ServerProxy__transport) in (KerbTransport, DelegatedKerbTransport):
+        if (isinstance(self.conn._ServerProxy__transport, KerbTransport) or
+            isinstance(self.conn._ServerProxy__transport, DelegatedKerbTransport)):
            scheme = "https"
        else:
            scheme = "http"
@ -493,7 +508,11 @@ class xmlclient(Connectible):
        return serverproxy

    def destroy_connection(self):
-        pass
+        if sys.version_info >= (2, 7):
+            conn = getattr(context, self.id, None)
+            if conn is not None:
+                conn = conn.conn._ServerProxy__transport
+                conn.close()

    def forward(self, name, *args, **kw):
        """
--- a/ipapython/nsslib.py
+++ b/ipapython/nsslib.py
@ -238,6 +238,12 @@ class NSSConnection(httplib.HTTPConnection, NSSAddressFamilyFallback):
    def connect(self):
        self.connect_socket(self.host, self.port)

+    def close(self):
+        """Close the connection to the HTTP server."""
+        if self.sock:
+            self.sock.close()   # close it manually... there may be other refs
+            self.sock = None
+
    def endheaders(self, message=None):
        """
        Explicitly close the connection if an error is returned after the