IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Test for forwarded Kerberos credentials cache in wsgi code.

Browse Source 
We should more gracefully handle if the TGT has not been forwarded
than returning a 500 error.

Also catch and display KerberosErrors from ping() in the client better.

ticket 1101
This commit is contained in:
Rob Crittenden
2011-05-17 15:09:39 -04:00
committed by Martin Kosek
parent 95b4040f6b
commit 4027b12371
2 changed files with 16 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
ipalib/rpc.py
View File

@@ -346,7 +346,19 @@ class xmlclient(Connectible):
return serverproxy
try:
command = getattr(serverproxy, 'ping')
response = command()
try:
response = command()
except Fault, e:
e = decode_fault(e)
if e.faultCode in self.__errors:
error = self.__errors[e.faultCode]
raise error(message=e.faultString)
else:
raise UnknownError(
code=e.faultCode,
error=e.faultString,
server=server,
)
# We don't care about the response, just that we got one
break
except KerberosError, krberr:

4
ipaserver/rpcserver.py
View File

@@ -27,7 +27,7 @@ from cgi import parse_qs
from xml.sax.saxutils import escape
from xmlrpclib import Fault
from ipalib.backend import Executioner
from ipalib.errors import PublicError, InternalError, CommandError, JSONError, ConversionError
from ipalib.errors import PublicError, InternalError, CommandError, JSONError, ConversionError, CCacheError
from ipalib.request import context, Connection, destroy_context
from ipalib.rpc import xml_dumps, xml_loads
from ipalib.util import make_repr
@@ -195,6 +195,8 @@ class WSGIExecutioner(Executioner):
error = None
_id = None
lang = os.environ['LANG']
if not 'KRB5CCNAME' in environ:
return self.marshal(result, CCacheError(), _id)
try:
if ('HTTP_ACCEPT_LANGUAGE' in environ):
lang_reg_w_q = environ['HTTP_ACCEPT_LANGUAGE'].split(',')[0]