diff options
author | Rob Crittenden <rcritten@redhat.com> | 2012-02-23 17:25:53 -0500 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2012-02-24 16:53:24 +0100 |
commit | b241e828a9b47a6c706a3ac8378fd6e57b8202fb (patch) | |
tree | 3a4cb913043d3af6a580e2ad08cc133b21eabe83 /ipaserver | |
parent | 1c898e388b4777e0dfd0dd7577bbb4971e308605 (diff) | |
download | freeipa.git-b241e828a9b47a6c706a3ac8378fd6e57b8202fb.tar.gz freeipa.git-b241e828a9b47a6c706a3ac8378fd6e57b8202fb.tar.xz freeipa.git-b241e828a9b47a6c706a3ac8378fd6e57b8202fb.zip |
Catch public exceptions when creating the LDAP context in WSGI.
Made specifically for the case where S4U2Proxy delegation fails.
https://fedorahosted.org/freeipa/ticket/2414
Diffstat (limited to 'ipaserver')
-rw-r--r-- | ipaserver/plugins/ldap2.py | 3 | ||||
-rw-r--r-- | ipaserver/rpcserver.py | 8 |
2 files changed, 10 insertions, 1 deletions
diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py index 0a76670d..ffe2fba8 100644 --- a/ipaserver/plugins/ldap2.py +++ b/ipaserver/plugins/ldap2.py @@ -241,6 +241,9 @@ def _handle_errors(e, **kw): except _ldap.SUCCESS: pass except _ldap.LDAPError, e: + if 'NOT_ALLOWED_TO_DELEGATE' in info: + raise errors.ACIError(info="KDC returned NOT_ALLOWED_TO_DELEGATE") + root_logger.info('Unhandled LDAPError: %s' % str(e)) raise errors.DatabaseError(desc=desc, info=info) diff --git a/ipaserver/rpcserver.py b/ipaserver/rpcserver.py index 91e525a3..205dc765 100644 --- a/ipaserver/rpcserver.py +++ b/ipaserver/rpcserver.py @@ -317,9 +317,15 @@ class xmlserver(WSGIExecutioner): ''' self.debug('WSGI xmlserver.__call__:') - self.create_context(ccache=environ.get('KRB5CCNAME')) try: + self.create_context(ccache=environ.get('KRB5CCNAME')) response = super(xmlserver, self).__call__(environ, start_response) + except PublicError, e: + status = '200 OK' + response = status + headers = [('Content-Type', 'text/plain')] + start_response(status, headers) + return self.marshal(None, e) finally: destroy_context() return response |