From 4027b12371051c2e9f53b1b6cd2c4e4fbc333731 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Tue, 17 May 2011 15:09:39 -0400
Subject: Test for forwarded Kerberos credentials cache in wsgi code.

We should more gracefully handle if the TGT has not been forwarded
than returning a 500 error.

Also catch and display KerberosErrors from ping() in the client better.

ticket 1101
---
 ipalib/rpc.py          | 14 +++++++++++++-
 ipaserver/rpcserver.py |  4 +++-
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/ipalib/rpc.py b/ipalib/rpc.py
index 051d2c3de..d667df71e 100644
--- a/ipalib/rpc.py
+++ b/ipalib/rpc.py
@@ -346,7 +346,19 @@ class xmlclient(Connectible):
                 return serverproxy
             try:
                 command = getattr(serverproxy, 'ping')
-                response = command()
+                try:
+                    response = command()
+                except Fault, e:
+                    e = decode_fault(e)
+                    if e.faultCode in self.__errors:
+                        error = self.__errors[e.faultCode]
+                        raise error(message=e.faultString)
+                    else:
+                        raise UnknownError(
+                            code=e.faultCode,
+                            error=e.faultString,
+                            server=server,
+                        )
                 # We don't care about the response, just that we got one
                 break
             except KerberosError, krberr:
diff --git a/ipaserver/rpcserver.py b/ipaserver/rpcserver.py
index 9c08bb8ee..718b76180 100644
--- a/ipaserver/rpcserver.py
+++ b/ipaserver/rpcserver.py
@@ -27,7 +27,7 @@ from cgi import parse_qs
 from xml.sax.saxutils import escape
 from xmlrpclib import Fault
 from ipalib.backend import Executioner
-from ipalib.errors import PublicError, InternalError, CommandError, JSONError, ConversionError
+from ipalib.errors import PublicError, InternalError, CommandError, JSONError, ConversionError, CCacheError
 from ipalib.request import context, Connection, destroy_context
 from ipalib.rpc import xml_dumps, xml_loads
 from ipalib.util import make_repr
@@ -195,6 +195,8 @@ class WSGIExecutioner(Executioner):
         error = None
         _id = None
         lang = os.environ['LANG']
+        if not 'KRB5CCNAME' in environ:
+            return self.marshal(result, CCacheError(), _id)
         try:
             if ('HTTP_ACCEPT_LANGUAGE' in environ):
                 lang_reg_w_q = environ['HTTP_ACCEPT_LANGUAGE'].split(',')[0]
-- 
cgit