Bug 976716
Summary: | FreeIPAs XMLRPC server returns a wrong Content-Type | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Stephan Adig <stephan.adig> |
Component: | ipa | Assignee: | Martin Kosek <mkosek> |
Status: | CLOSED ERRATA | QA Contact: | Namita Soman <nsoman> |
Severity: | unspecified | Docs Contact: | |
Priority: | medium | ||
Version: | 6.5 | CC: | dpal, ksiddiqu, mkosek, pviktori, rcritten |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | ipa-3.0.0-31.el6 | Doc Type: | Bug Fix |
Doc Text: |
Cause: Identity Management XML-RPC interface sometimes did not return correct Content-Type header in it's replies.
Consequence: Programs or scripts processing the XML-RPC response may report validation error due and stop processing the response.
Fix: XML-RPC responder was fixed to return correct Content-Type in reported situations.
Result: Programs and scripts can call the Identity Management XML-RPC interface even with strict validation enabled.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2013-11-21 20:53:59 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Stephan Adig
2013-06-21 09:29:59 UTC
I found out that this issue only reproduces when the client is not using the FreeIPA sessions and is doing the full delegation: # ipa -vv user-show admin ipa: INFO: trying https://vm-133.idm.lab.bos.redhat.com/ipa/xml ... reply: 'HTTP/1.1 200 Success\r\n' ... header: Content-Type: text/plain; charset=UTF-8 ... header: WWW-Authenticate: Negotiate YIGYBgkqhkiG9x...JDIK9jtCPOA4JKDI= ... User login: admin Last name: Administrator Home directory: /home/admin Login shell: /bin/bash UID: 1059000000 GID: 1059000000 Account disabled: False Password: True Member of groups: admins, trust admins Kerberos keys available: True With second try the session is now used and correct Content-Type shows: # ipa -vv user-show admin ipa: INFO: trying https://vm-133.idm.lab.bos.redhat.com/ipa/session/xml ... reply: 'HTTP/1.1 200 Success\r\n' ... header: Set-Cookie: ipa_session=503afc96694e344c68d27fe680cd001c; Domain=vm-133.idm.lab.bos.redhat.com; Path=/ipa; Expires=Fri, 21 Jun 2013 10:37:56 GMT; Secure; HttpOnly ... header: Content-Type: text/xml; charset=utf-8 ... User login: admin Last name: Administrator Home directory: /home/admin Login shell: /bin/bash UID: 1059000000 GID: 1059000000 Account disabled: False Password: True Member of groups: admins, trust admins Kerberos keys available: True Your case can be easily reproducible the following way: # ipa --delegate -vv user-show admin ipa: INFO: trying https://vm-133.idm.lab.bos.redhat.com/ipa/xml ... reply: 'HTTP/1.1 200 Success\r\n' ... header: WWW-Authenticate: Negotiate ... header: Content-Type: text/plain; charset=UTF-8 To sum it up, it is indeed a bug and I will clone it to upstream ticket. Upstream ticket: https://fedorahosted.org/freeipa/ticket/3745 Fixed upstream: master: https://fedorahosted.org/freeipa/changeset/689399fce930fb9d28ca81dfffbad411d12186e3 ipa-3-2: https://fedorahosted.org/freeipa/changeset/10fac29e242d0903a31efdaa05c20894d1f8322a Verified. IPA version: ============ [root@rhel65-master ~]# rpm -q ipa-server ipa-server-3.0.0-37.el6.x86_64 [root@rhel65-master ~]# [root@rhel65-master ~]# ipa --delegate -vv user-show admin ipa: INFO: trying https://rhel65-master.testrelm.com/ipa/xml ipa: INFO: Forwarding 'user_show' to server u'https://rhel65-master.testrelm.com/ipa/xml' send: u'POST /ipa/xml HTTP/1.0\r\nHost: rhel65-master.testrelm.com\r\nAccept-Language: en-us\r\nReferer: https://rhel65-master.testrelm.com/ipa/xml\r\nAuthorization: negotiate YIIFDgYJKoZIhvcSAQICAQBuggT9MIIE .... reply: 'HTTP/1.1 200 Success\r\n' .... header: Content-Type: text/xml; charset=utf-8 [root@rhel65-master ~]# Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-1651.html |