diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2016-10-03 16:58:42 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2016-10-04 21:26:09 +0200 |
| commit | 41cd6072648bb7a9e14e56ed38004a2947f67657 (patch) | |
| tree | cd7cc26222ba8bca1ac87f18455f9ee7ee4644c9 | |
| parent | f931864f46cb19346be45f3b6f55da54c8dc7078 (diff) | |
| download | sssd-41cd6072648bb7a9e14e56ed38004a2947f67657.tar.gz sssd-41cd6072648bb7a9e14e56ed38004a2947f67657.tar.xz sssd-41cd6072648bb7a9e14e56ed38004a2947f67657.zip | |
SECRETS: Use HTTP error code 504 when a proxy server cannot be reached
Previously, a generic 500 error code was returned. This patch adds a new
error message on a failure to contact the proxy server and returns 504,
"Gateway timeout" instead.
Resolves:
https://fedorahosted.org/sssd/ticket/3212
Reviewed-by: Fabiano FidĂȘncio <fidencio@redhat.com>
| -rw-r--r-- | src/responder/secrets/providers.c | 4 | ||||
| -rw-r--r-- | src/responder/secrets/proxy.c | 2 | ||||
| -rw-r--r-- | src/responder/secrets/secsrv_private.h | 1 | ||||
| -rw-r--r-- | src/util/util_errors.c | 1 | ||||
| -rw-r--r-- | src/util/util_errors.h | 1 |
5 files changed, 8 insertions, 1 deletions
diff --git a/src/responder/secrets/providers.c b/src/responder/secrets/providers.c index 404d08277..8cbc6152b 100644 --- a/src/responder/secrets/providers.c +++ b/src/responder/secrets/providers.c @@ -180,6 +180,8 @@ static struct sec_http_status_format_table { "The requested resource already exists." }, { 500, "Internal Server Error", "The server encountered an internal error." }, + { 504, "Gateway timeout", + "No response from a proxy server." }, }; int sec_http_status_reply(TALLOC_CTX *mem_ctx, struct sec_data *reply, @@ -348,6 +350,8 @@ enum sec_http_status_codes sec_errno_to_http_status(errno_t err) return STATUS_406; case EEXIST: return STATUS_409; + case ERR_SEC_NO_PROXY: + return STATUS_504; default: return STATUS_500; } diff --git a/src/responder/secrets/proxy.c b/src/responder/secrets/proxy.c index 3d3cae87d..3ed03e608 100644 --- a/src/responder/secrets/proxy.c +++ b/src/responder/secrets/proxy.c @@ -494,7 +494,7 @@ static void proxy_http_req_connect_step(struct tevent_req *req) if (!state->hostent->addr_list[state->hostidx]) { DEBUG(SSSDBG_CRIT_FAILURE, "No more addresses to try.\n"); - ret = ENXIO; + ret = ERR_SEC_NO_PROXY; goto done; } diff --git a/src/responder/secrets/secsrv_private.h b/src/responder/secrets/secsrv_private.h index c3b663996..ef7e299d5 100644 --- a/src/responder/secrets/secsrv_private.h +++ b/src/responder/secrets/secsrv_private.h @@ -47,6 +47,7 @@ enum sec_http_status_codes { STATUS_406, STATUS_409, STATUS_500, + STATUS_504, }; struct sec_proto_ctx { diff --git a/src/util/util_errors.c b/src/util/util_errors.c index 7d4a7f559..9cd562cd8 100644 --- a/src/util/util_errors.c +++ b/src/util/util_errors.c @@ -99,6 +99,7 @@ struct err_string error_to_str[] = { { "The user is not handled by SSSD" }, /* ERR_NON_SSSD_USER */ { "The internal name format cannot be parsed" }, /* ERR_WRONG_NAME_FORMAT */ { "The maximum level of nested containers has been reached" }, /* ERR_SEC_INVALID_CONTAINERS_NEST_LEVEL */ + { "No proxy server for secrets available"}, /* ERR_SEC_NO_PROXY */ { "ERR_LAST" } /* ERR_LAST */ }; diff --git a/src/util/util_errors.h b/src/util/util_errors.h index 2cd55e19a..ebb9920c8 100644 --- a/src/util/util_errors.h +++ b/src/util/util_errors.h @@ -121,6 +121,7 @@ enum sssd_errors { ERR_NON_SSSD_USER, ERR_WRONG_NAME_FORMAT, ERR_SEC_INVALID_CONTAINERS_NEST_LEVEL, + ERR_SEC_NO_PROXY, ERR_LAST /* ALWAYS LAST */ }; |