From 4027b12371051c2e9f53b1b6cd2c4e4fbc333731 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Tue, 17 May 2011 15:09:39 -0400
Subject: Test for forwarded Kerberos credentials cache in wsgi code.

We should more gracefully handle if the TGT has not been forwarded
than returning a 500 error.

Also catch and display KerberosErrors from ping() in the client better.

ticket 1101
---
 ipaserver/rpcserver.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'ipaserver/rpcserver.py')

diff --git a/ipaserver/rpcserver.py b/ipaserver/rpcserver.py
index 9c08bb8ee..718b76180 100644
--- a/ipaserver/rpcserver.py
+++ b/ipaserver/rpcserver.py
@@ -27,7 +27,7 @@ from cgi import parse_qs
 from xml.sax.saxutils import escape
 from xmlrpclib import Fault
 from ipalib.backend import Executioner
-from ipalib.errors import PublicError, InternalError, CommandError, JSONError, ConversionError
+from ipalib.errors import PublicError, InternalError, CommandError, JSONError, ConversionError, CCacheError
 from ipalib.request import context, Connection, destroy_context
 from ipalib.rpc import xml_dumps, xml_loads
 from ipalib.util import make_repr
@@ -195,6 +195,8 @@ class WSGIExecutioner(Executioner):
         error = None
         _id = None
         lang = os.environ['LANG']
+        if not 'KRB5CCNAME' in environ:
+            return self.marshal(result, CCacheError(), _id)
         try:
             if ('HTTP_ACCEPT_LANGUAGE' in environ):
                 lang_reg_w_q = environ['HTTP_ACCEPT_LANGUAGE'].split(',')[0]
-- 
cgit