Added ServiceError (KerberosError) and make rpc.KerbTransport raise it if appropriate

2025-02-25 18:55:28 -06:00 · 2009-01-23 12:51:48 -07:00
parent 114b6b8577
commit 0313f03277
3 changed files with 28 additions and 3 deletions
--- a/ipalib/errors2.py
+++ b/ipalib/errors2.py
@@ -410,6 +410,23 @@ class KerberosError(AuthenticationError):
    errno = 1100


+class ServiceError(KerberosError):
+    """
+    **1101** Raised when service is not found in Kerberos DB.
+
+    For example:
+
+    >>> raise ServiceError(service='HTTP@localhost')
+    Traceback (most recent call last):
+      ...
+    ServiceError: Service 'HTTP@localhost' not found in Kerberos database
+
+    """
+
+    errno = 1101
+    format = _('Service %(service)r not found in Kerberos database')
+
+

 ##############################################################################
 # 2000 - 2999: Authorization errors
--- a/ipalib/frontend.py
+++ b/ipalib/frontend.py
@@ -98,11 +98,14 @@ class Command(plugable.Plugin):
        """
        params = self.args_options_2_params(*args, **options)
        self.info(
-            '%s(%s)', self.name, ', '.join(self._repr_iter(**params))
+            'raw: %s(%s)', self.name, ', '.join(self._repr_iter(**params))
        )
        params = self.normalize(**params)
        params = self.convert(**params)
        params.update(self.get_default(**params))
+        self.info(
+            'processed: %s(%s)', self.name, ', '.join(self._repr_iter(**params))
+        )
        self.validate(**params)
        (args, options) = self.params_2_args_options(**params)
        result = self.run(*args, **options)
--- a/ipalib/rpc.py
+++ b/ipalib/rpc.py
@@ -37,6 +37,7 @@ from xmlrpclib import Binary, Fault, dumps, loads, ServerProxy, SafeTransport
 import kerberos
 from ipalib.backend import Backend
 from ipalib.errors2 import public_errors, PublicError, UnknownError, NetworkError
+from ipalib import errors2
 from ipalib.request import context


@@ -178,7 +179,6 @@ class KerbTransport(SafeTransport):
    """

    def get_host_info(self, host):
-
        (host, extra_headers, x509) = SafeTransport.get_host_info(self, host)

        # Set the remote host principal
@@ -192,7 +192,11 @@ class KerbTransport(SafeTransport):
        try:
            kerberos.authGSSClientStep(vc, "")
        except kerberos.GSSError, e:
-            raise e  # FIXME: raise a PublicError
+            (major, minor) = e.args
+            if minor[1] == -1765328377:
+                raise errors2.ServiceError(service=service)
+            else:
+                raise e

        extra_headers += [
            ('Authorization', 'negotiate %s' % kerberos.authGSSClientResponse(vc))
@@ -220,6 +224,7 @@ class xmlclient(Backend):
                )
            )
        conn = ServerProxy(self.env.xmlrpc_uri,
+            transport=KerbTransport(),
            allow_none=True,
            encoding='UTF-8',
        )