diff options
author | Michael Simacek <msimacek@redhat.com> | 2015-08-31 14:04:33 +0200 |
---|---|---|
committer | Jan Cholasta <jcholast@redhat.com> | 2015-09-22 13:29:55 +0200 |
commit | bdccebbcdb9eb7da476762743121c1e73f95fa10 (patch) | |
tree | 38108d6426dfc4dee960b9dba055dc49a1ae38f1 /ipalib/rpc.py | |
parent | cfeea91828ad47e1d321947d04f5f6de0e3d1c8c (diff) | |
download | freeipa-bdccebbcdb9eb7da476762743121c1e73f95fa10.tar.gz freeipa-bdccebbcdb9eb7da476762743121c1e73f95fa10.tar.xz freeipa-bdccebbcdb9eb7da476762743121c1e73f95fa10.zip |
Rewrap errors in get_principal to CCacheError
Causes nicer error message when kerberos credentials are not available.
https://fedorahosted.org/freeipa/ticket/5272
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Tomas Babej <tbabej@redhat.com>
Diffstat (limited to 'ipalib/rpc.py')
-rw-r--r-- | ipalib/rpc.py | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/ipalib/rpc.py b/ipalib/rpc.py index 4d3914d6b..cac1e1de1 100644 --- a/ipalib/rpc.py +++ b/ipalib/rpc.py @@ -67,7 +67,7 @@ import ipapython.nsslib from ipapython.nsslib import NSSHTTPS, NSSConnection from ipalib.krb_utils import KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN, KRB5KRB_AP_ERR_TKT_EXPIRED, \ KRB5_FCC_PERM, KRB5_FCC_NOFILE, KRB5_CC_FORMAT, \ - KRB5_REALM_CANT_RESOLVE, get_principal + KRB5_REALM_CANT_RESOLVE, KRB5_CC_NOTFOUND, get_principal from ipapython.dn import DN from ipalib.capabilities import VERSION_WITHOUT_CAPABILITIES from ipalib import api @@ -535,8 +535,10 @@ class KerbTransport(SSLTransport): raise errors.BadCCacheFormat() elif minor == KRB5_REALM_CANT_RESOLVE: raise errors.CannotResolveKDC() + elif minor == KRB5_CC_NOTFOUND: + raise errors.CCacheError() else: - raise errors.KerberosError(major=e.maj_code, minor=minor) + raise errors.KerberosError(message=unicode(e)) def get_host_info(self, host): """ @@ -842,7 +844,7 @@ class RPCClient(Connectible): # is still valid if not delegate: rpc_uri = self.apply_session_cookie(rpc_uri) - except ValueError: + except (errors.CCacheError, ValueError): # No session key, do full Kerberos auth pass # This might be dangerous. Use at your own risk! @@ -888,7 +890,7 @@ class RPCClient(Connectible): break except KerberosError as krberr: # kerberos error on one server is likely on all - raise errors.KerberosError(major=str(krberr), minor='') + raise errors.KerberosError(message=unicode(krberr)) except ProtocolError as e: if hasattr(context, 'session_cookie') and e.errcode == 401: # Unauthorized. Remove the session and try again. |