Exemple #1
    def add_file(self, ks_file):
        h = rhnSQL.prepare("alter session set nls_date_format = 'YYYY-MM-DD HH24:MI:SS'")
        log_debug(3, 'trying to insert ' + str(self.id) + ' , ' + ks_file['relative_path'] + \
                     ' , ' + str(ks_file['checksum_type']) + ':'
                     ' , ' + str(ks_file['checksum']) + ' , ' + str(ks_file['file_size']) + \
                     ' , ' + ks_file['last_modified'])

        insert_file_q = rhnSQL.prepare("""
            insert into rhnKSTreeFile
            (kstree_id, relative_filename, checksum_id, file_size, last_modified)
            values (:kstree_id, :relative_filename, lookup_checksum(:checksum_type, :checksum),
                    :file_size, :last_modified)
        insert_file_q.execute(kstree_id = self.id,
                              relative_filename = ks_file['relative_path'],
                              checksum_type = ks_file['checksum_type'],
                              checksum = ks_file['checksum'],
                              file_size = ks_file['file_size'],
                              last_modified = ks_file['last_modified'])

        update_channel = rhnSQL.Procedure('rhn_channel.update_channel')
        invalidate_ss = 0

        update_channel(self.channel_id, invalidate_ss)
Exemple #2
def __reserve_user_db(user, password):
    encrypted_password = CFG.encrypted_passwords
    log_debug(3, user, CFG.disallow_user_creation, encrypted_password, CFG.pam_auth_service)
    user = str(user)
    h = rhnSQL.prepare("""
    select w.id, w.password, w.old_password, w.org_id, ui.use_pam_authentication
    from web_contact w, rhnUserInfo ui
    where w.login_uc = upper(:p1)
    and w.id = ui.user_id
    data = h.fetchone_dict()
    if data and data["id"]:
        # contact exists, check password
        if data['use_pam_authentication'] == 'Y' and CFG.pam_auth_service:
            # We use PAM for authentication
            import rhnAuthPAM
            if rhnAuthPAM.check_password(user, password, CFG.pam_auth_service) > 0:
                return 1
            return -1

        if check_password(password, data['password'], data['old_password']) > 0:
            return 1
        return -1

    # user doesn't exist.  now we fail, instead of reserving user.
    if CFG.disallow_user_creation:
        raise rhnFault(2001)

    # now check the reserved table
    h = rhnSQL.prepare("""
    select r.login, r.password from rhnUserReserved r
    where r.login_uc = upper(:p1)
    data = h.fetchone_dict()   
    if data and data["login"]:
        # found already reserved
        if check_password(password, data["password"], None) > 0: 
            return 1
        return -2

    log_debug(3, "calling validate_new_password" )

    # this is not reserved either, register it
    if encrypted_password:
        # Encrypt the password, let the function pick the salt
        password = encrypt_password(password)

    h = rhnSQL.prepare("""
    insert into rhnUserReserved (login, password)
    values (:username, :password)
    h.execute(username=user, password=password)
    # all should be dandy
    return 0
Exemple #3
def __new_user_db(username, password, email, org_id, org_password):
    encrypted_password = CFG.encrypted_passwords
    log_debug(3, username, email, encrypted_password)

    # now search it in the database
    h = rhnSQL.prepare("""
    select w.id, w.password, ui.use_pam_authentication
    from web_contact w, rhnUserInfo ui
    where w.login_uc = upper(:username)
    and w.id = ui.user_id
    data = h.fetchone_dict()

    pre_existing_user = 0

    if not data:
        # the username is not there, check the reserved user table
        h = rhnSQL.prepare("""
        select login, password from rhnUserReserved
        where login_uc = upper(:username)
        data = h.fetchone_dict()
        if not data:  # nope, not reserved either
            raise rhnFault(1,
                           _("Username `%s' has not been reserved") % username)
        pre_existing_user = 1

    if not pre_existing_user and not email:
        # New accounts have to specify an e-mail address
        raise rhnFault(30, _("E-mail address not specified"))

    # we have to perform PAM authentication if data has a field called
    # 'use_pam_authentication' and its value is 'Y', and we do have a PAM
    # service set in the config file.
    # Note that if the user is only reserved we don't do PAM authentication
    if data.get('use_pam_authentication') == 'Y' and CFG.pam_auth_service:
        # Check the password with PAM
        import rhnAuthPAM
        if rhnAuthPAM.check_password(username, password,
                                     CFG.pam_auth_service) <= 0:
            # Bad password
            raise rhnFault(2)
        # We don't care about the password anymore, replace it with something
        import time
        password = '******' % time.time()
        # Regular authentication
        if check_password(password, data["password"]) == 0:
            # Bad password
            raise rhnFault(2)

    # creation of user was never supported in spacewalk but this call was mis-used
    # to check username/password in the past
    # so let's skip other checks and return now
    return 0
Exemple #4
def __new_user_db(username, password, email, org_id, org_password):
    encrypted_password = CFG.encrypted_passwords
    log_debug(3, username, email, encrypted_password)

    # now search it in the database
    h = rhnSQL.prepare("""
    select w.id, w.password, ui.use_pam_authentication
    from web_contact w, rhnUserInfo ui
    where w.login_uc = upper(:username)
    and w.id = ui.user_id
    data = h.fetchone_dict()

    pre_existing_user = 0

    if not data:
        # the username is not there, check the reserved user table
        h = rhnSQL.prepare("""
        select login, password from rhnUserReserved
        where login_uc = upper(:username)
        data = h.fetchone_dict()
        if not data:  # nope, not reserved either
            raise rhnFault(1, _("Username `%s' has not been reserved") % username)
        pre_existing_user = 1

    if not pre_existing_user and not email:
        # New accounts have to specify an e-mail address
        raise rhnFault(30, _("E-mail address not specified"))

    # we have to perform PAM authentication if data has a field called
    # 'use_pam_authentication' and its value is 'Y', and we do have a PAM
    # service set in the config file.
    # Note that if the user is only reserved we don't do PAM authentication
    if data.get('use_pam_authentication') == 'Y' and CFG.pam_auth_service:
        # Check the password with PAM
        import rhnAuthPAM
        if rhnAuthPAM.check_password(username, password, CFG.pam_auth_service) <= 0:
            # Bad password
            raise rhnFault(2)
        # We don't care about the password anymore, replace it with something
        import time
        password = '******' % time.time()
        # Regular authentication
        if check_password(password, data["password"]) == 0:
            # Bad password
            raise rhnFault(2)

    # creation of user was never supported in spacewalk but this call was mis-used
    # to check username/password in the past
    # so let's skip other checks and return now
    return 0
Exemple #5
 def check_password(self, password):
     """ simple check for a password that might become more complex sometime """
     good_pwd = str(self.contact["password"])
     old_pwd = str(self.contact["old_password"])
     if CFG.pam_auth_service:
         # a PAM service is defined
         # We have to check the user's rhnUserInfo.use_pam_authentication
         # XXX Should we create yet another __init_blah function?
         # since it's the first time we had to lool at rhnUserInfo,
         # I'll assume it's not something to happen very frequently,
         # so I'll use a query for now
         # - misa
         h = rhnSQL.prepare("""
             select ui.use_pam_authentication
             from web_contact w, rhnUserInfo ui
             where w.login_uc = UPPER(:login)
             and w.id = ui.user_id""")
         data = h.fetchone_dict()
         if not data:
             # This should not happen
             raise rhnException("No entry found for user %s" %
         if data['use_pam_authentication'] == 'Y':
             # use PAM
             import rhnAuthPAM
             return rhnAuthPAM.check_password(self.contact["login"],
                 password, CFG.pam_auth_service)
         # If the entry in rhnUserInfo is 'N', perform regular
         # authentication
     return check_password(password, good_pwd, old_pwd)
def solve_dependencies(server_id, deps, version, nvre=None):
    """ The unchanged version of solve_dependencies.
           server_id := id info of the server
           deps := list of filenames that are needed by the caller
           version := version of the client

           Dictionary with key values being the filnames in deps and the values being a list of lists of package info.
           Example :=  {'filename1'    :   [['name', 'version', 'release', 'epoch'],
                                            ['name2', 'version2', 'release2', 'epoch2']]}
    if not nvre:
        # list of the keys to the values in each row of the recordset.
        nvre = ['name', 'version', 'release', 'epoch']

    # first, uniquify deps
    deplist = set(deps)

    # SQL statement.  It is a union of 3 statements:
    #  - Lookup by package name
    #  - Lookup by provides
    #  - Lookup by file name

    statement = "%s UNION ALL %s UNION ALL %s" % (
        __packages_sql, __provides_sql, __files_sql)
    h = rhnSQL.prepare(statement)

    # prepare return value
    packages = {}
    # Iterate through the dependency problems
    for dep in deplist:
        dict = {}
        h.execute(server_id=server_id, dep=dep)
        rs = h.fetchall_dict() or []
        if not rs:  # test shortcut
            log_error("Unable to solve dependency", server_id, dep)
            packages[dep] = []

        for p in rs:
            if p['epoch'] is None:
                p['epoch'] = ""
            entry = []
            list(map(lambda f, e=entry, p=p: e.append(p[f]), nvre))

            name_key = entry[0]
            if name_key in dict and dict[name_key][1] < p['preference']:
                # Already have it with a lower preference
            # The first time we see this package.
            dict[name_key] = (entry, p['preference'])

        packages[dep] = _avoid_compat_packages(dict)

    # v2 clients are done
    if version > 1:
        return packages
        return _v2packages_to_v1list(packages, deplist)
Exemple #7
    def clear_files(self):

        clear_files_q = rhnSQL.prepare("""
            delete from rhnKSTreeFile where kstree_id = :kstree_id

        clear_files_q.execute(kstree_id = self.id)
def solve_dependencies(server_id, deps, version, nvre=None):
    """ The unchanged version of solve_dependencies.
           server_id := id info of the server
           deps := list of filenames that are needed by the caller
           version := version of the client

           Dictionary with key values being the filnames in deps and the values being a list of lists of package info.
           Example :=  {'filename1'    :   [['name', 'version', 'release', 'epoch'],
                                            ['name2', 'version2', 'release2', 'epoch2']]}
    if not nvre:
        # list of the keys to the values in each row of the recordset.
        nvre = ['name', 'version', 'release', 'epoch']

    # first, uniquify deps
    deplist = set(deps)

    # SQL statement.  It is a union of 3 statements:
    #  - Lookup by package name
    #  - Lookup by provides
    #  - Lookup by file name

    statement = "%s UNION ALL %s UNION ALL %s" % (__packages_sql,
                                                  __provides_sql, __files_sql)
    h = rhnSQL.prepare(statement)

    # prepare return value
    packages = {}
    # Iterate through the dependency problems
    for dep in deplist:
        dict = {}
        h.execute(server_id=server_id, dep=dep)
        rs = h.fetchall_dict() or []
        if not rs:  # test shortcut
            log_error("Unable to solve dependency", server_id, dep)
            packages[dep] = []

        for p in rs:
            if p['epoch'] is None:
                p['epoch'] = ""
            entry = []
            list(map(lambda f, e=entry, p=p: e.append(p[f]), nvre))

            name_key = entry[0]
            if name_key in dict and dict[name_key][1] < p['preference']:
                # Already have it with a lower preference
            # The first time we see this package.
            dict[name_key] = (entry, p['preference'])

        packages[dep] = _avoid_compat_packages(dict)

    # v2 clients are done
    if version > 1:
        return packages
        return _v2packages_to_v1list(packages, deplist)
Exemple #9
def lookup_tree(ks_label, pkgs):    
    ks_label_query = rhnSQL.prepare ("""
        SELECT KT.id, KT.label, KT.base_path, KT.channel_id, KT.boot_image,
               KT.org_id, KTT.id AS TREE_TYPE, KTT.label AS TREE_TYPE_LABEL, KTT.name AS TREE_TYPE_NAME,
               KIT.id AS install_type, KIT.label AS install_type_label, KIT.name AS install_type_name,
               C.channel_arch_id, CA.label AS CHANNEL_ARCH_LABEL, CA.name AS CHANNEL_ARCH_NAME
          FROM rhnKSTreeType KTT,
               rhnKSInstallType KIT,
               rhnChannel C,
               rhnChannelArch CA,
               rhnKickstartableTree KT
         WHERE KT.label = :ks_label
           AND KTT.id = KT.kstree_type
           AND KIT.id = KT.install_type
           AND C.id = KT.channel_id
           AND CA.id = C.channel_arch_id

    ks_label_query.execute(ks_label = ks_label)

    ks_row = ks_label_query.fetchone_dict()

    if ks_row:
        kickstart = Kickstart(ks_row, pkgs)
        return kickstart
        return None
Exemple #10
def create_tree(ks_label, channel_label, path, boot_image, kstree_type, install_type, pkgs):
    channel = rhnChannel.channel_info(channel_label)

    if channel is '':
        raise rhnFault(40, 'Could not lookup channel ' + channel_label)

    channel_id = channel['id']
    create_ks_query = rhnSQL.prepare("""
        insert into rhnKickstartableTree (
            id, org_id, label, base_path, channel_id, boot_image, kstree_type,
        values (
            sequence_nextval('rhn_kstree_id_seq'), :org_id, :label, :base_path, :channel_id, 
            (select id from rhnKSTreeType where label = :kstree_type),
            (select id from rhnKSInstallType where label = :install_type))
    create_ks_query.execute(org_id = None,
                            label = ks_label,
                            base_path = path,
                            channel_id = channel_id,
                            boot_image = boot_image,
                            kstree_type = kstree_type,
                            install_type = install_type)

    return lookup_tree(ks_label, pkgs)
Exemple #11
    def load(self, session):
        arr = string.split(session, "x", 1)
        if len(arr) != 2:
            raise InvalidSessionError("Invalid session string")

        digest = arr[1]
        if len(digest) != 64:
            raise InvalidSessionError("Invalid session string (wrong length)")

            self.session_id = int(arr[0])
        except ValueError:
            raise_with_tb(InvalidSessionError("Invalid session identifier"), sys.exc_info()[2])

        if digest != self.digest():
            raise InvalidSessionError("Bad session checksum")

        h = rhnSQL.prepare(
            select web_user_id, expires, value
              from pxtSessions
             where id = :session_id

        row = h.fetchone_dict()
        if row:
            # Session is stored in the DB
            if time.time() < row["expires"]:
                # And it's not expired yet - good to go
                self.expires = row["expires"]
                self.uid = row["web_user_id"]
                return self

            # Old session - clean it up
            h = rhnSQL.prepare(
                    delete from pxtSessions where id = :session_id

        raise ExpiredSessionError("Session not found")
def __single_query_with_arch_and_id(server_id, deps, query):
    """ Run one of the queries and return the results along with the arch. """
    ret = {}
    h = rhnSQL.prepare(query)
    for dep in deps:
        h.execute(server_id=server_id, dep=dep)
        data = h.fetchall() or []
        ret[dep] = [a[:6] for a in data]
    return ret
Exemple #13
def __single_query_with_arch_and_id(server_id, deps, query):
    """ Run one of the queries and return the results along with the arch. """
    ret = {}
    h = rhnSQL.prepare(query)
    for dep in deps:
        h.execute(server_id=server_id, dep=dep)
        data = h.fetchall() or []
        ret[dep] = [a[:6] for a in data]
    return ret
Exemple #14
    def load(self, session):
        arr = string.split(session, 'x', 1)
        if len(arr) != 2:
            raise InvalidSessionError("Invalid session string")

        digest = arr[1]
        if len(digest) != 64:
            raise InvalidSessionError("Invalid session string (wrong length)")

            self.session_id = int(arr[0])
        except ValueError:
            raise_with_tb(InvalidSessionError("Invalid session identifier"),

        if digest != self.digest():
            raise InvalidSessionError("Bad session checksum")

        h = rhnSQL.prepare("""
            select web_user_id, expires, value
              from pxtSessions
             where id = :session_id

        row = h.fetchone_dict()
        if row:
            # Session is stored in the DB
            if time.time() < row['expires']:
                # And it's not expired yet - good to go
                self.expires = row['expires']
                self.uid = row['web_user_id']
                return self

            # Old session - clean it up
            h = rhnSQL.prepare("""
                    delete from pxtSessions where id = :session_id

        raise ExpiredSessionError("Session not found")
Exemple #15
    def save(self):
        expires = int(time.time()) + self.duration

        h = rhnSQL.prepare("""
                insert into PXTSessions (id, web_user_id, expires, value)
                values (:id, :web_user_id, :expires, :value)
        h.execute(id=self.session_id, web_user_id=self.uid,
                  expires=expires, value='RHNAPP')
        return self
Exemple #16
    def save(self):
        expires = int(time.time()) + self.duration

        h = rhnSQL.prepare("""
                insert into PXTSessions (id, web_user_id, expires, value)
                values (:id, :web_user_id, :expires, :value)
        h.execute(id=self.session_id, web_user_id=self.uid,
                  expires=expires, value='RHNAPP')
        return self
Exemple #17
def get_user_id(username):
    username = str(username)
    h = rhnSQL.prepare("""
    select w.id from web_contact w
    where w.login_uc = upper(:username)
    data = h.fetchone_dict()
    if data:
        return data["id"]
    return None
Exemple #18
def get_user_id(username):
    """ search for an userid """
    username = str(username)
    h = rhnSQL.prepare("""
    select w.id from web_contact w
    where w.login_uc = upper(:username)
    data = h.fetchone_dict()
    if data:
        return data["id"]
    return None
Exemple #19
def is_user_disabled(user):
    log_debug(3, user)
    username = str(user)
    h = rhnSQL.prepare("""
    select 1 from rhnWebContactDisabled
    where login_uc = upper(:username)
    row = h.fetchone_dict()
    if row:
        return 1
    return 0
Exemple #20
    def delete_tree(self):

        delete_query = rhnSQL.prepare("""
            delete from rhnKickstartableTree
            where id = :id
        delete_query.execute(id = self.id)

        update_channel = rhnSQL.Procedure('rhn_channel.update_channel')
        invalidate_ss = 0

        update_channel(self.channel_id, invalidate_ss)
Exemple #21
def is_user_disabled(user):
    log_debug(3, user)
    username = str(user)
    h = rhnSQL.prepare("""
    select 1 from rhnWebContactDisabled
    where login_uc = upper(:username)
    row = h.fetchone_dict()
    if row:
        return 1
    return 0
Exemple #22
def is_user_read_only(user):
    log_debug(3, user)
    username = str(user)
    h = rhnSQL.prepare("""
    select 1 from web_contact
    where login_uc = upper(:username)
    and read_only = 'Y'
    row = h.fetchone_dict()
    if row:
        return 1
    return 0
Exemple #23
def is_user_read_only(user):
    log_debug(3, user)
    username = str(user)
    h = rhnSQL.prepare("""
    select 1 from web_contact
    where login_uc = upper(:username)
    and read_only = 'Y'
    row = h.fetchone_dict()
    if row:
        return 1
    return 0
Exemple #24
    def get_roles(self):
        user_id = self.getid()

        h = rhnSQL.prepare("""
            select ugt.label as role
              from rhnUserGroup ug,
                   rhnUserGroupType ugt,
                   rhnUserGroupMembers ugm
             where ugm.user_id = :user_id
               and ugm.user_group_id = ug.id
               and ug.group_type = ugt.id
        return map(lambda x: x['role'], h.fetchall_dict() or [])
Exemple #25
    def get_roles(self):
        user_id = self.getid()

        h = rhnSQL.prepare("""
            select ugt.label as role
              from rhnUserGroup ug,
                   rhnUserGroupType ugt,
                   rhnUserGroupMembers ugm
             where ugm.user_id = :user_id
               and ugm.user_group_id = ug.id
               and ug.group_type = ugt.id
        return map(lambda x: x['role'], h.fetchall_dict() or [])
    def handler(self, req):
        """ main Apache handler """
        ret = apacheSession.handler(self, req)
        if ret != apache.OK:
            return ret

        if not CFG.SEND_MESSAGE_TO_ALL:
            # Need to get any string template overrides here, before any app
            # code gets executed, as the rhnFault error messages use the
            # templates
            # If send_message_to_all, we don't have DB connectivity though
            h = rhnSQL.prepare("select label, value from rhnTemplateString")

            templateStrings = {}
            while 1:
                row = h.fetchone_dict()
                if not row:

                templateStrings[row['label']] = row['value']

            if templateStrings:
                rhnFlags.set('templateOverrides', templateStrings)

            log_debug(4, "template strings:  %s" % templateStrings)

        if not CFG.SECRET_KEY:
            # Secret key not defined, complain loudly
                raise rhnException("Secret key not found!")
                rhnTB.Traceback(mail=1, req=req, severity="schema")
                req.status = 500
                return apache.OK

        # Try to authenticate the proxy if it this request passed
        # through a proxy.
        if self.proxyVersion:
                ret = self._req_processor.auth_proxy()
            except rhnFault, f:
                return self._req_processor.response(f.getxml())
    def handler(self, req):
        """ main Apache handler """
        ret = apacheSession.handler(self, req)
        if ret != apache.OK:
            return ret

        if not CFG.SEND_MESSAGE_TO_ALL:
            # Need to get any string template overrides here, before any app
            # code gets executed, as the rhnFault error messages use the
            # templates
            # If send_message_to_all, we don't have DB connectivity though
            h = rhnSQL.prepare("select label, value from rhnTemplateString")

            templateStrings = {}
            while 1:
                row = h.fetchone_dict()
                if not row:

                templateStrings[row['label']] = row['value']

            if templateStrings:
                rhnFlags.set('templateOverrides', templateStrings)

            log_debug(4, "template strings:  %s" % templateStrings)

        if not CFG.SECRET_KEY:
            # Secret key not defined, complain loudly
                raise rhnException("Secret key not found!")
                rhnTB.Traceback(mail=1, req=req, severity="schema")
                req.status = 500
                return apache.OK

        # Try to authenticate the proxy if it this request passed
        # through a proxy.
        if self.proxyVersion:
                ret = self._req_processor.auth_proxy()
            except rhnFault, f:
                return self._req_processor.response(f.getxml())
Exemple #28
    def _get_files(self, tree_id):

        files_query = rhnSQL.prepare("""
                TO_CHAR(last_modified, 'YYYY-MM-DD HH24:MI:SS') AS LAST_MODIFIED 
            FROM rhnKSTreeFile, rhnChecksumViev c
           WHERE kstree_id = :tree_id
             AND checksum_id = c.id
        files_query.execute(tree_id = tree_id)

        file_list = files_query.fetchall_dict()
        if file_list:
            return file_list
            return []
Exemple #29
 def check_password(self, password, allow_read_only=False):
     """ simple check for a password that might become more complex sometime """
     if not allow_read_only and is_user_read_only(self.contact["login"]):
         raise rhnFault(702)
     good_pwd = str(self.contact["password"])
     if CFG.pam_auth_service:
         # a PAM service is defined
         # We have to check the user's rhnUserInfo.use_pam_authentication
         # XXX Should we create yet another __init_blah function?
         # since it's the first time we had to lool at rhnUserInfo,
         # I'll assume it's not something to happen very frequently,
         # so I'll use a query for now
         # - misa
         h = rhnSQL.prepare("""
             select ui.use_pam_authentication
             from web_contact w, rhnUserInfo ui
             where w.login_uc = UPPER(:login)
             and w.id = ui.user_id""")
         data = h.fetchone_dict()
         if not data:
             # This should not happen
             raise rhnException("No entry found for user %s" %
         if data['use_pam_authentication'] == 'Y':
             # use PAM
             import rhnAuthPAM
             return rhnAuthPAM.check_password(self.contact["login"],
     # If the entry in rhnUserInfo is 'N', perform regular authentication
     ret = check_password(password, good_pwd)
     if ret and CFG.encrypted_passwords and self.contact['password'].find(
             '$1$') == 0:
         # If successfully authenticated and the current password is
         # MD5 encoded, convert the password to SHA-256 and save it in the DB.
         self.contact['password'] = encrypt_password(password)
     return ret
Exemple #30
def get_db_client_capabilities(server_id):
    h = rhnSQL.prepare("""
        select cc.capability_name_id, ccn.name capability, cc.version
        from rhnClientCapability cc, rhnClientCapabilityName ccn
        where cc.server_id = :server_id
        and cc.capability_name_id = ccn.id
    ret = {}
    while 1:
        row = h.fetchone_dict()
        if not row:
        name = row['capability']
        version = row['version']
        value = None
        ret[name] = {
            'version'   : version,
            'value'     : value,
    return ret
Exemple #31
    def check_password(self, password, allow_read_only=False):
        """ simple check for a password that might become more complex sometime """
        if not allow_read_only and is_user_read_only(self.contact["login"]):
            raise rhnFault(702)
        good_pwd = str(self.contact["password"])
        if CFG.pam_auth_service:
            # a PAM service is defined
            # We have to check the user's rhnUserInfo.use_pam_authentication
            # XXX Should we create yet another __init_blah function?
            # since it's the first time we had to lool at rhnUserInfo,
            # I'll assume it's not something to happen very frequently,
            # so I'll use a query for now
            # - misa
            h = rhnSQL.prepare(
                select ui.use_pam_authentication
                from web_contact w, rhnUserInfo ui
                where w.login_uc = UPPER(:login)
                and w.id = ui.user_id"""
            data = h.fetchone_dict()
            if not data:
                # This should not happen
                raise rhnException("No entry found for user %s" % self.contact["login"])
            if data["use_pam_authentication"] == "Y":
                # use PAM
                import rhnAuthPAM

                return rhnAuthPAM.check_password(self.contact["login"], password, CFG.pam_auth_service)
        # If the entry in rhnUserInfo is 'N', perform regular authentication
        ret = check_password(password, good_pwd)
        if ret and CFG.encrypted_passwords and self.contact["password"].find("$1$") == 0:
            # If successfully authenticated and the current password is
            # MD5 encoded, convert the password to SHA-256 and save it in the DB.
            self.contact["password"] = encrypt_password(password)
        return ret
Exemple #32
    def __save(self):
        is_admin = 0
        if self.customer.real:
            # get the org_id and the applicant group id for this org
            org_id = self.customer["id"]
            h = rhnSQL.prepare("""
            select ug.id
            from rhnUserGroup ug, rhnUserGroupType ugt
            where ugt.label = 'org_applicant'
            and ug.group_type = ugt.id
            and ug.org_id = :org_id
            data = h.fetchone_dict()
            # XXX: prone to errors, but we'll need to see them first
            grp_id = data["id"]
        else: # an org does not exist... create one
            create_new_org = rhnSQL.Procedure("create_new_org")
            ret = create_new_org(
                None, None, "B", 
            org_id, adm_grp_id, app_grp_id = ret[-3:]
            # We want to make sure we set the group limits right
            tbl = rhnSQL.Row("rhnUserGroup", "id")
            # Set the default admin limits to Null
            # bz:210230: this value should default to Null
            # Set the default applicats limit to 0
            tbl["max_members"] = 0
            # reload the customer table
            # and finally, we put this one in the admin group
            grp_id = adm_grp_id
            is_admin = 1
        # save the contact
        if self.contact.real:
            if not self.contact["org_id"]:
                raise rhnException("Undefined org_id for existing user entry",
            userid = self.contact["id"]
            userid = self.getid()
            self.contact["org_id"] = org_id
            # if not admin, obfuscate the password
            # (and leave the old_password set)
            if not is_admin: # we only do this for new users.
                log_debug(5, "Obfuscating user password")
                user_pwd = self.contact["password"]
                crypt_pwd = crypt.crypt(user_pwd, str(userid)[-2:])
                self.contact["password"] = crypt_pwd
            # rhnUserInfo
            h = rhnSQL.prepare("insert into rhnUserInfo (user_id) "
                               "values (:user_id)")
            # now add this user to the admin/applicant group for his org
            create_ugm = rhnSQL.Procedure("rhn_user.add_to_usergroup")
            # grp_id is the admin or the applicant, depending on whether we
            # just created the org or not
            create_ugm(userid, grp_id)
            # and now reload this data
        # do the same for the other structures indexed by web_user_id
        # personal info
        if self.info.real:      self.info.save()
        else:                   self.info.create(userid) 
        # contact permissions
        if self.perms.real:     self.perms.save()
        else:                   self.perms.create(userid)
        # And now save the site information
        if self.site.real:
            siteid = self.site["id"]
            siteid = rhnSQL.Sequence("web_user_site_info_id_seq")()
            self.site["web_user_id"] = userid            

        return 0
def solve_dependencies_with_limits(server_id,
    """ This version of solve_dependencies allows the caller to get all of the packages that solve a dependency and limit
        the packages that are returned to those that match the criteria defined by limit_operator and limit. This version
        of the function also returns the architecture label of the package[s] that get returned.

        limit_operator can be any of: '<', '<=', '==', '>=', or '>'.
        limit is a a string of the format [epoch:]name-version-release
        deps is a list of filenames that the packages that are returned must provide.
        version is the version of the client that is calling the function.

        Indexes for the tuple
        entry_index = 0
        preference_index = 1

        Indexes for the list of package fields.
        name_index = 0
        version_index = 1
        release_index = 2
        epoch_index = 3
    # Containers used while the packages get categorized, sorted, and filtered.
    packages_all = {}
    package_list = []

    # List of fields in a package. Corresponds to the keys for the dictionary that holds the package information.
    nvre = ['name', 'version', 'release', 'epoch', 'arch']

    # Make sure there are no duplicate dependencies.
    deplist = set(deps)

    statement = "%s UNION ALL %s UNION ALL %s" % (
        __packages_all_sql, __provides_all_sql, __files_all_sql)
    h = rhnSQL.prepare(statement)

    # prepare return value
    packages = {}

    for dep in deplist:
        dict = {}

        # Retrieve the package information from the database.
        h.execute(server_id=server_id, dep=dep)

        # Get a list of dictionaries containing row data.
        rs = h.fetchall_dict() or []  # rs = [{},{},... ]

        # Each package gets a list that may contain multiple versions of a package
        for record in rs:
            if record['name'] in packages_all:
                packages_all[record['name']] = [record]

        # sort all the package lists so the most recent version is first
        for pl in packages_all.keys():

            package_list = package_list + packages_all[pl]

        # Use the limit* parameters to filter out packages you don't want.
        if limit_operator is not None and limit is not None:
            keep_list = []

                limit = rhnLib.make_evr(limit)

            for package in package_list:
                    keep = test_evr(package, limit_operator, limit)

                if keep:

            package_list = keep_list

        list_of_tuples = []
        for p in package_list:
            if p['epoch'] is None:
                p['epoch'] = ""

            entry = []

            list(map(lambda f, e=entry, p=p: e.append(p[f]), nvre))

            # Added for readability
            name_key = entry[0]

            if all == 0:
                # NOTE: Remember that the values in dict are tuples that look like (entry, preference).
                # NOTE, Part Deux: the '<=' was a '<' originally. I changed it because if two packages
                # with the same preference but different versions came through, the second package was being used.
                # The changes I made above make it so that at this point the packages are sorted from highest nvre
                # to lowest nvre. Selecting the second package was causing the earlier package to be
                # returned, which is bad.
                if name_key in dict and dict[name_key][1] <= p['preference']:
                    # Already have it with a lower preference
                # The first time we see this package.
                dict[name_key] = (entry, p['preference'])
                name_key = entry[0]
                newtuple = (entry, p['preference'])

        if all == 0:
            packages[dep] = _avoid_compat_packages(dict)
            # filter out compats
            if len(list_of_tuples) > 1:
                filterstring = "compat-"
                len_filter = len(filterstring)
                tup_keep = []
                for tup in list_of_tuples:
                    if tup[0][0][:len_filter] != filterstring:
                list_of_tuples = tup_keep

            list_of_tuples.sort(lambda a, b: cmp(a[1], b[1]))
            packages[dep] = [x[0] for x in list_of_tuples]

    # v2 clients are done
    if version > 1:
        return packages
        return _v2packages_to_v1list(packages, deplist, all)
Exemple #34
    def handler(self, req):
        """ main Apache handler """
        ret = apacheSession.handler(self, req)
        if ret != apache.OK:
            return ret

        if not CFG.SEND_MESSAGE_TO_ALL:
            # Need to get any string template overrides here, before any app
            # code gets executed, as the rhnFault error messages use the
            # templates
            # If send_message_to_all, we don't have DB connectivity though
            h = rhnSQL.prepare("select label, value from rhnTemplateString")

            templateStrings = {}
            while 1:
                row = h.fetchone_dict()
                if not row:

                templateStrings[row['label']] = row['value']

            if templateStrings:
                rhnFlags.set('templateOverrides', templateStrings)

            log_debug(4, "template strings:  %s" % templateStrings)

        if not CFG.SECRET_KEY:
            # Secret key not defined, complain loudly
                raise rhnException("Secret key not found!")
                rhnTB.Traceback(mail=1, req=req, severity="schema")
                req.status = 500
                return apache.OK

        # Try to authenticate the proxy if it this request passed
        # through a proxy.
        if self.proxyVersion:
                ret = self._req_processor.auth_proxy()
            except rhnFault:
                f = sys.exc_info()[1]
                return self._req_processor.response(f.getxml())

        # Decide what to do with the request: try to authenticate the client.
        # NOTE: only upon GET requests is there Signature information to
        #       authenticate. XMLRPC requests DO NOT use signature
        #       authentication.
        if req.method == "GET":
                ret = self._req_processor.auth_client()
            except rhnFault:
                f = sys.exc_info()[1]
                return self._req_processor.response(f.getxml())
            # be safe rather than sorry
            if not ret:
                log_error("Got a GET call, but auth_client declined",
                return apache.HTTP_METHOD_NOT_ALLOWED

        # Avoid leaving Oracle deadlocks
            ret = self._req_processor.process()
            if not CFG.SEND_MESSAGE_TO_ALL:
        log_debug(4, "Leave with return value", ret)
        return ret
Exemple #35
def __new_user_db(username, password, email, org_id, org_password):
    encrypted_password = CFG.encrypted_passwords
    log_debug(3, username, email, encrypted_password)

    # now search it in the database        
    h = rhnSQL.prepare("""
    select w.id, w.password, w.old_password, ui.use_pam_authentication
    from web_contact w, rhnUserInfo ui
    where w.login_uc = upper(:username)
    and w.id = ui.user_id
    data = h.fetchone_dict()

    pre_existing_user = 0
    if not data:
        # the username is not there, check the reserved user table
        h = rhnSQL.prepare("""
        select login, password, password old_password from rhnUserReserved
        where login_uc = upper(:username)
        data = h.fetchone_dict()
        if not data: # nope, not reserved either
            raise rhnFault(1, _("Username `%s' has not been reserved") % username)
        pre_existing_user = 1

    if not pre_existing_user and not email:
        # New accounts have to specify an e-mail address
        raise rhnFault(30, _("E-mail address not specified"))

    # we have to perform PAM authentication if data has a field called
    # 'use_pam_authentication' and its value is 'Y', and we do have a PAM
    # service set in the config file.
    # Note that if the user is only reserved we don't do PAM authentication
    if data.get('use_pam_authentication') == 'Y' and CFG.pam_auth_service:
        # Check the password with PAM
        import rhnAuthPAM
        if rhnAuthPAM.check_password(username, password, CFG.pam_auth_service) <= 0:
            # Bad password
            raise rhnFault(2)
        # We don't care about the password anymore, replace it with something
        import time
        password = '******' % time.time()
        # Regular authentication
        if check_password(password, data["password"], data["old_password"]) == 0: 
            # Bad password
            raise rhnFault(2)
    # From this point on, the password may be encrypted
    if encrypted_password:
        password = encrypt_password(password)

    is_real = 0
    # the password matches, do we need to create a new entry?
    if not data.has_key("id"):
        user = User(username, password)
    else: # we have to reload this entry into a User structure
        user = User(username, password)
        if not user.reload(data["id"]) == 0:
            # something horked during reloading entry from database
            # we can not really say that the entry does not exist...
            raise rhnFault(10)
        is_real = 1
    # now we have user reloaded, check for updated email
    if email:

        # don't update the user's email address in the satellite context...
        # we *must* in the live context, but user creation through up2date --register
        # is disallowed in the satellite context anyway...
        if not pre_existing_user:
            user.set_info("email", email)
    # XXX This should go away eventually
    if org_id and org_password: # check out this org
        h = rhnSQL.prepare("""
        select id, password from web_customer
        where id = :org_id
        data = h.fetchone_dict()
        if not data: # wrong organization
            raise rhnFault(2, _("Invalid Organization Credentials"))
        # The org password is not encrypted, easy comparison
        if string.lower(org_password) != string.lower(data["password"]):
            # Invalid org password
            raise rhnFault(2, _("Invalid Organization Credentials"))
        if is_real: # this is a real entry, don't clobber the org_id
            old_org_id = user.contact["org_id"]
            new_org_id  = data["id"]
            if old_org_id != new_org_id:
                raise rhnFault(42, 
                    _("User `%s' not a member of organization %s") % 
                        (username, org_id))
        else: # new user, set its org
    # force the save if this is a new entry
    ret = user.save()
    if not ret == 0:
        raise rhnFault(5)
    # check if we need to remove the reservation
    if not data.has_key("id"):
        # remove reservation
        h = rhnSQL.prepare("""
        delete from rhnUserReserved where login_uc = upper(:username)
    return 0
Exemple #36
def __reserve_user_db(user, password):
    encrypted_password = CFG.encrypted_passwords
    log_debug(3, user, CFG.disallow_user_creation, encrypted_password,
    user = str(user)
    h = rhnSQL.prepare("""
    select w.id, w.password, w.org_id, ui.use_pam_authentication
    from web_contact w, rhnUserInfo ui
    where w.login_uc = upper(:p1)
    and w.id = ui.user_id
    data = h.fetchone_dict()
    if data and data["id"]:
        # contact exists, check password
        if data['use_pam_authentication'] == 'Y' and CFG.pam_auth_service:
            # We use PAM for authentication
            import rhnAuthPAM
            if rhnAuthPAM.check_password(user, password,
                                         CFG.pam_auth_service) > 0:
                return 1
            return -1

        if check_password(password, data['password']) > 0:
            return 1
        return -1

    # user doesn't exist.  now we fail, instead of reserving user.
    if CFG.disallow_user_creation:
        raise rhnFault(2001)
    user, password = check_user_password(user, password)

    # now check the reserved table
    h = rhnSQL.prepare("""
    select r.login, r.password from rhnUserReserved r
    where r.login_uc = upper(:p1)
    data = h.fetchone_dict()
    if data and data["login"]:
        # found already reserved
        if check_password(password, data["password"]) > 0:
            return 1
        return -2

    log_debug(3, "calling validate_new_password")

    # this is not reserved either, register it
    if encrypted_password:
        # Encrypt the password, let the function pick the salt
        password = encrypt_password(password)

    h = rhnSQL.prepare("""
    insert into rhnUserReserved (login, password)
    values (:username, :password)
    h.execute(username=user, password=password)

    # all should be dandy
    return 0
Exemple #37
def update_client_capabilities(server_id):
    caps = get_client_capabilities()

    if caps is None:
        caps = {}

    caps = caps.copy()

    h = rhnSQL.prepare(
        select cc.capability_name_id, ccn.name capability, cc.version
        from rhnClientCapability cc, rhnClientCapabilityName ccn
        where cc.server_id = :server_id
        and cc.capability_name_id = ccn.id

    updates = {"server_id": [], "capability_name_id": [], "version": []}
    deletes = {"server_id": [], "capability_name_id": []}
    inserts = {"server_id": [], "capability": [], "version": []}

    while 1:
        row = h.fetchone_dict()
        if not row:

        name = row["capability"]
        version = row["version"]
        capability_name_id = row["capability_name_id"]

        if caps.has_key(name):
            local_ver = caps[name]["version"]
            del caps[name]
            if local_ver == version:
                # Nothing to do - same version


        # Have to delete it

    # Everything else has to be inserted
    for name, hash in caps.items():

    log_debug(5, "Deletes:", deletes)
    log_debug(5, "Updates:", updates)
    log_debug(5, "Inserts:", inserts)

    if deletes["server_id"]:
        h = rhnSQL.prepare(
            delete from rhnClientCapability
            where server_id = :server_id
            and capability_name_id = :capability_name_id

    if updates["server_id"]:
        h = rhnSQL.prepare(
            update rhnClientCapability
            set version = :version
            where server_id = :server_id
            and capability_name_id = :capability_name_id

    if inserts["server_id"]:
        h = rhnSQL.prepare(
            insert into rhnClientCapability
            (server_id, capability_name_id, version)
            values (:server_id, LOOKUP_CLIENT_CAPABILITY(:capability), :version)

    # Commit work. This can be dangerous if there is previously uncommited
    # work
Exemple #38
def solve_dependencies_arch(server_id, deps, version):
    """ Does the same thing as solve_dependencies, but also returns the architecture label with the package info.
           server_id := id info of the server
           deps := list of filenames that are needed by the caller
           version := version of the client

           Dictionary with key values being the filnames in deps and the values being a list of lists of package info.
           Example :=  {'filename1'    :   [['name', 'version', 'release', 'epoch', 'architecture'],
                                            ['name2', 'version2', 'release2', 'epoch2', 'architecture2']]}

        Indexes for the tuple stored as the value in dict
        entry_index = 0
        preference_index = 1

        indexes for the list nvre
        name_index = 0
        version_index = 1
        release_index = 2
        epoch_index = 3
    #list of the keys to the values in each row of the recordset.
    nvre = ['name', 'version', 'release', 'epoch', 'arch']

    # first, uniquify deps
    deplist = []
    for dep in deps:
        if dep not in deplist:
    # SQL statement.  It is a union of 3 statements: 
    #  - Lookup by package name
    #  - Lookup by provides
    #  - Lookup by file name
    statement = "%s UNION ALL %s UNION ALL %s" % (
        __packages_sql, __provides_sql, __files_sql)
    h = rhnSQL.prepare(statement)

    # prepare return value
    packages = {}

    # Iterate through the dependency problems
    for dep in deplist:
        dict = {}               #Each value will be a tuple like (list, preference)
        h.execute(server_id = server_id, dep = dep)
        rs = h.fetchall_dict() or []

        if not rs: # test shortcut
            log_error("Unable to solve dependency", server_id, dep)
            packages[dep] = []
        for p in rs:
            if p['epoch'] == None:
                p['epoch'] = ""

            entry = []

            map(lambda f, e = entry, p = p: e.append(p[f]), nvre)

            #Exists for readability
            name_key = entry[0]

            if dict.has_key(name_key) and dict[name_key][1] < p['preference']:
                # Already have it with a lower preference
            # The first time we see this package.
            dict[name_key] = (entry, p['preference'])

        packages[dep] = _avoid_compat_packages(dict)
    # v2 clients are done
    if version > 1:
        return packages
        return _v2packages_to_v1list(packages, deplist)
Exemple #39
def solve_dependencies_with_limits(server_id, deps, version, all=0, limit_operator=None, limit=None):
    """ This version of solve_dependencies allows the caller to get all of the packages that solve a dependency and limit
        the packages that are returned to those that match the criteria defined by limit_operator and limit. This version
        of the function also returns the architecture label of the package[s] that get returned.

        limit_operator can be any of: '<', '<=', '==', '>=', or '>'.
        limit is a a string of the format [epoch:]name-version-release
        deps is a list of filenames that the packages that are returned must provide.
        version is the version of the client that is calling the function.

        Indexes for the tuple
        entry_index = 0
        preference_index = 1

        Indexes for the list of package fields.
        name_index = 0
        version_index = 1
        release_index = 2
        epoch_index = 3
    # Containers used while the packages get categorized, sorted, and filtered.
    packages_all = {}
    package_list = []

    # List of fields in a package. Corresponds to the keys for the dictionary that holds the package information.
    nvre = ['name', 'version', 'release', 'epoch', 'arch']

    # Make sure there are no duplicate dependencies.
    deplist = set(deps)

    statement = "%s UNION ALL %s UNION ALL %s" % (__packages_all_sql, __provides_all_sql, __files_all_sql)
    h = rhnSQL.prepare(statement)

    # prepare return value
    packages = {}

    for dep in deplist:
        dict = {}

        # Retrieve the package information from the database.
        h.execute(server_id=server_id, dep=dep)

        # Get a list of dictionaries containing row data.
        rs = h.fetchall_dict() or []  # rs = [{},{},... ]

        # Each package gets a list that may contain multiple versions of a package
        for record in rs:
            if record['name'] in packages_all:
                packages_all[record['name']] = [record]

        # sort all the package lists so the most recent version is first
        for pl in packages_all.keys():

            package_list = package_list + packages_all[pl]

        # Use the limit* parameters to filter out packages you don't want.
        if limit_operator is not None and limit is not None:
            keep_list = []

                limit = rhnLib.make_evr(limit)

            for package in package_list:
                    keep = test_evr(package, limit_operator,  limit)

                if keep:

            package_list = keep_list

        list_of_tuples = []
        for p in package_list:
            if p['epoch'] is None:
                p['epoch'] = ""

            entry = []

            list(map(lambda f, e=entry, p=p: e.append(p[f]), nvre))

            # Added for readability
            name_key = entry[0]

            if all == 0:
                # NOTE: Remember that the values in dict are tuples that look like (entry, preference).
                # NOTE, Part Deux: the '<=' was a '<' originally. I changed it because if two packages
                # with the same preference but different versions came through, the second package was being used.
                # The changes I made above make it so that at this point the packages are sorted from highest nvre
                # to lowest nvre. Selecting the second package was causing the earlier package to be
                # returned, which is bad.
                if name_key in dict and dict[name_key][1] <= p['preference']:
                    # Already have it with a lower preference
                # The first time we see this package.
                dict[name_key] = (entry, p['preference'])
                name_key = entry[0]
                newtuple = (entry, p['preference'])

        if all == 0:
            packages[dep] = _avoid_compat_packages(dict)
            # filter out compats
            if len(list_of_tuples) > 1:
                filterstring = "compat-"
                len_filter = len(filterstring)
                tup_keep = []
                for tup in list_of_tuples:
                    if tup[0][0][:len_filter] != filterstring:
                list_of_tuples = tup_keep

            list_of_tuples.sort(lambda a, b: cmp(a[1], b[1]))
            packages[dep] = [x[0] for x in list_of_tuples]

    # v2 clients are done
    if version > 1:
        return packages
        return _v2packages_to_v1list(packages, deplist, all)
Exemple #40
def update_client_capabilities(server_id):
    caps = get_client_capabilities()

    if caps is None:
        caps = {}

    caps = caps.copy()

    h = rhnSQL.prepare("""
        select cc.capability_name_id, ccn.name capability, cc.version
        from rhnClientCapability cc, rhnClientCapabilityName ccn
        where cc.server_id = :server_id
        and cc.capability_name_id = ccn.id

    updates = {'server_id': [], 'capability_name_id': [], 'version': []}
    deletes = {'server_id': [], 'capability_name_id': []}
    inserts = {'server_id': [], 'capability': [], 'version': []}

    while 1:
        row = h.fetchone_dict()
        if not row:

        name = row['capability']
        version = row['version']
        capability_name_id = row['capability_name_id']

        if name in caps:
            local_ver = caps[name]['version']
            del caps[name]
            if local_ver == version:
                # Nothing to do - same version


        # Have to delete it

    # Everything else has to be inserted
    for name, hash in caps.items():

    log_debug(5, "Deletes:", deletes)
    log_debug(5, "Updates:", updates)
    log_debug(5, "Inserts:", inserts)

    if deletes['server_id']:
        h = rhnSQL.prepare("""
            delete from rhnClientCapability
            where server_id = :server_id
            and capability_name_id = :capability_name_id

    if updates['server_id']:
        h = rhnSQL.prepare("""
            update rhnClientCapability
            set version = :version
            where server_id = :server_id
            and capability_name_id = :capability_name_id

    if inserts['server_id']:
        h = rhnSQL.prepare("""
            insert into rhnClientCapability
            (server_id, capability_name_id, version)
            values (:server_id, LOOKUP_CLIENT_CAPABILITY(:capability), :version)

    # Commit work. This can be dangerous if there is previously uncommited
    # work
    def handler(self, req):
        """ main Apache handler """
        ret = apacheSession.handler(self, req)
        if ret != apache.OK:
            return ret

        if not CFG.SEND_MESSAGE_TO_ALL:
            # Need to get any string template overrides here, before any app
            # code gets executed, as the rhnFault error messages use the
            # templates
            # If send_message_to_all, we don't have DB connectivity though
            h = rhnSQL.prepare("select label, value from rhnTemplateString")

            templateStrings = {}
            while 1:
                row = h.fetchone_dict()
                if not row:

                templateStrings[row['label']] = row['value']

            if templateStrings:
                rhnFlags.set('templateOverrides', templateStrings)

            log_debug(4, "template strings:  %s" % templateStrings)

        if not CFG.SECRET_KEY:
            # Secret key not defined, complain loudly
                raise rhnException("Secret key not found!")
                rhnTB.Traceback(mail=1, req=req, severity="schema")
                req.status = 500
                return apache.OK

        # Try to authenticate the proxy if it this request passed
        # through a proxy.
        if self.proxyVersion:
                ret = self._req_processor.auth_proxy()
            except rhnFault:
                f = sys.exc_info()[1]
                return self._req_processor.response(f.getxml())

        # Decide what to do with the request: try to authenticate the client.
        # NOTE: only upon GET requests is there Signature information to
        #       authenticate. XMLRPC requests DO NOT use signature
        #       authentication.
        if req.method == "GET":
                ret = self._req_processor.auth_client()
            except rhnFault:
                f = sys.exc_info()[1]
                return self._req_processor.response(f.getxml())
            # be safe rather than sorry
            if not ret:
                log_error("Got a GET call, but auth_client declined",
                return apache.HTTP_METHOD_NOT_ALLOWED

        # Avoid leaving Oracle deadlocks
            ret = self._req_processor.process()
            if not CFG.SEND_MESSAGE_TO_ALL:
        log_debug(4, "Leave with return value", ret)
        return ret