diff options
author | Rob Crittenden <rcritten@redhat.com> | 2011-05-17 15:09:39 -0400 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2011-05-18 09:35:04 +0200 |
commit | 4027b12371051c2e9f53b1b6cd2c4e4fbc333731 (patch) | |
tree | b0ad75c5c107e73e9be5bf7547cf93348d793a43 | |
parent | 95b4040f6b4f43b864dce86648f09a1402889af9 (diff) | |
download | freeipa.git-4027b12371051c2e9f53b1b6cd2c4e4fbc333731.tar.gz freeipa.git-4027b12371051c2e9f53b1b6cd2c4e4fbc333731.tar.xz freeipa.git-4027b12371051c2e9f53b1b6cd2c4e4fbc333731.zip |
Test for forwarded Kerberos credentials cache in wsgi code.
We should more gracefully handle if the TGT has not been forwarded
than returning a 500 error.
Also catch and display KerberosErrors from ping() in the client better.
ticket 1101
-rw-r--r-- | ipalib/rpc.py | 14 | ||||
-rw-r--r-- | ipaserver/rpcserver.py | 4 |
2 files changed, 16 insertions, 2 deletions
diff --git a/ipalib/rpc.py b/ipalib/rpc.py index 051d2c3d..d667df71 100644 --- a/ipalib/rpc.py +++ b/ipalib/rpc.py @@ -346,7 +346,19 @@ class xmlclient(Connectible): return serverproxy try: command = getattr(serverproxy, 'ping') - response = command() + try: + response = command() + except Fault, e: + e = decode_fault(e) + if e.faultCode in self.__errors: + error = self.__errors[e.faultCode] + raise error(message=e.faultString) + else: + raise UnknownError( + code=e.faultCode, + error=e.faultString, + server=server, + ) # We don't care about the response, just that we got one break except KerberosError, krberr: diff --git a/ipaserver/rpcserver.py b/ipaserver/rpcserver.py index 9c08bb8e..718b7618 100644 --- a/ipaserver/rpcserver.py +++ b/ipaserver/rpcserver.py @@ -27,7 +27,7 @@ from cgi import parse_qs from xml.sax.saxutils import escape from xmlrpclib import Fault from ipalib.backend import Executioner -from ipalib.errors import PublicError, InternalError, CommandError, JSONError, ConversionError +from ipalib.errors import PublicError, InternalError, CommandError, JSONError, ConversionError, CCacheError from ipalib.request import context, Connection, destroy_context from ipalib.rpc import xml_dumps, xml_loads from ipalib.util import make_repr @@ -195,6 +195,8 @@ class WSGIExecutioner(Executioner): error = None _id = None lang = os.environ['LANG'] + if not 'KRB5CCNAME' in environ: + return self.marshal(result, CCacheError(), _id) try: if ('HTTP_ACCEPT_LANGUAGE' in environ): lang_reg_w_q = environ['HTTP_ACCEPT_LANGUAGE'].split(',')[0] |