diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2011-05-17 15:09:39 -0400 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2011-05-18 09:35:04 +0200 |
| commit | 4027b12371051c2e9f53b1b6cd2c4e4fbc333731 (patch) | |
| tree | b0ad75c5c107e73e9be5bf7547cf93348d793a43 | |
| parent | 95b4040f6b4f43b864dce86648f09a1402889af9 (diff) | |
| download | freeipa-4027b12371051c2e9f53b1b6cd2c4e4fbc333731.tar.gz freeipa-4027b12371051c2e9f53b1b6cd2c4e4fbc333731.tar.xz freeipa-4027b12371051c2e9f53b1b6cd2c4e4fbc333731.zip | |
Test for forwarded Kerberos credentials cache in wsgi code.
We should more gracefully handle if the TGT has not been forwarded
than returning a 500 error.
Also catch and display KerberosErrors from ping() in the client better.
ticket 1101
| -rw-r--r-- | ipalib/rpc.py | 14 | ||||
| -rw-r--r-- | ipaserver/rpcserver.py | 4 |
2 files changed, 16 insertions, 2 deletions
diff --git a/ipalib/rpc.py b/ipalib/rpc.py index 051d2c3de..d667df71e 100644 --- a/ipalib/rpc.py +++ b/ipalib/rpc.py @@ -346,7 +346,19 @@ class xmlclient(Connectible): return serverproxy try: command = getattr(serverproxy, 'ping') - response = command() + try: + response = command() + except Fault, e: + e = decode_fault(e) + if e.faultCode in self.__errors: + error = self.__errors[e.faultCode] + raise error(message=e.faultString) + else: + raise UnknownError( + code=e.faultCode, + error=e.faultString, + server=server, + ) # We don't care about the response, just that we got one break except KerberosError, krberr: diff --git a/ipaserver/rpcserver.py b/ipaserver/rpcserver.py index 9c08bb8ee..718b76180 100644 --- a/ipaserver/rpcserver.py +++ b/ipaserver/rpcserver.py @@ -27,7 +27,7 @@ from cgi import parse_qs from xml.sax.saxutils import escape from xmlrpclib import Fault from ipalib.backend import Executioner -from ipalib.errors import PublicError, InternalError, CommandError, JSONError, ConversionError +from ipalib.errors import PublicError, InternalError, CommandError, JSONError, ConversionError, CCacheError from ipalib.request import context, Connection, destroy_context from ipalib.rpc import xml_dumps, xml_loads from ipalib.util import make_repr @@ -195,6 +195,8 @@ class WSGIExecutioner(Executioner): error = None _id = None lang = os.environ['LANG'] + if not 'KRB5CCNAME' in environ: + return self.marshal(result, CCacheError(), _id) try: if ('HTTP_ACCEPT_LANGUAGE' in environ): lang_reg_w_q = environ['HTTP_ACCEPT_LANGUAGE'].split(',')[0] |