summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRob Crittenden <rcritten@redhat.com>2011-05-17 15:09:39 -0400
committerMartin Kosek <mkosek@redhat.com>2011-05-18 09:35:04 +0200
commit4027b12371051c2e9f53b1b6cd2c4e4fbc333731 (patch)
treeb0ad75c5c107e73e9be5bf7547cf93348d793a43
parent95b4040f6b4f43b864dce86648f09a1402889af9 (diff)
downloadfreeipa.git-4027b12371051c2e9f53b1b6cd2c4e4fbc333731.tar.gz
freeipa.git-4027b12371051c2e9f53b1b6cd2c4e4fbc333731.tar.xz
freeipa.git-4027b12371051c2e9f53b1b6cd2c4e4fbc333731.zip
Test for forwarded Kerberos credentials cache in wsgi code.
We should more gracefully handle if the TGT has not been forwarded than returning a 500 error. Also catch and display KerberosErrors from ping() in the client better. ticket 1101
-rw-r--r--ipalib/rpc.py14
-rw-r--r--ipaserver/rpcserver.py4
2 files changed, 16 insertions, 2 deletions
diff --git a/ipalib/rpc.py b/ipalib/rpc.py
index 051d2c3d..d667df71 100644
--- a/ipalib/rpc.py
+++ b/ipalib/rpc.py
@@ -346,7 +346,19 @@ class xmlclient(Connectible):
return serverproxy
try:
command = getattr(serverproxy, 'ping')
- response = command()
+ try:
+ response = command()
+ except Fault, e:
+ e = decode_fault(e)
+ if e.faultCode in self.__errors:
+ error = self.__errors[e.faultCode]
+ raise error(message=e.faultString)
+ else:
+ raise UnknownError(
+ code=e.faultCode,
+ error=e.faultString,
+ server=server,
+ )
# We don't care about the response, just that we got one
break
except KerberosError, krberr:
diff --git a/ipaserver/rpcserver.py b/ipaserver/rpcserver.py
index 9c08bb8e..718b7618 100644
--- a/ipaserver/rpcserver.py
+++ b/ipaserver/rpcserver.py
@@ -27,7 +27,7 @@ from cgi import parse_qs
from xml.sax.saxutils import escape
from xmlrpclib import Fault
from ipalib.backend import Executioner
-from ipalib.errors import PublicError, InternalError, CommandError, JSONError, ConversionError
+from ipalib.errors import PublicError, InternalError, CommandError, JSONError, ConversionError, CCacheError
from ipalib.request import context, Connection, destroy_context
from ipalib.rpc import xml_dumps, xml_loads
from ipalib.util import make_repr
@@ -195,6 +195,8 @@ class WSGIExecutioner(Executioner):
error = None
_id = None
lang = os.environ['LANG']
+ if not 'KRB5CCNAME' in environ:
+ return self.marshal(result, CCacheError(), _id)
try:
if ('HTTP_ACCEPT_LANGUAGE' in environ):
lang_reg_w_q = environ['HTTP_ACCEPT_LANGUAGE'].split(',')[0]