Catch public exceptions when creating the LDAP context in WSGI.

Made specifically for the case where S4U2Proxy delegation fails. https://fedorahosted.org/freeipa/ticket/2414
2025-01-11 08:41:55 -06:00 · 2012-02-23 17:25:53 -05:00 · 2012-02-23 17:25:53 -05:00 · b241e828a9
commit b241e828a9
parent 1c898e388b
2 changed files with 10 additions and 1 deletions
--- a/ipaserver/plugins/ldap2.py
+++ b/ipaserver/plugins/ldap2.py
@ -241,6 +241,9 @@ def _handle_errors(e, **kw):
    except _ldap.SUCCESS:
        pass
    except _ldap.LDAPError, e:
+        if 'NOT_ALLOWED_TO_DELEGATE' in info:
+            raise errors.ACIError(info="KDC returned NOT_ALLOWED_TO_DELEGATE")
+        root_logger.info('Unhandled LDAPError: %s' % str(e))
        raise errors.DatabaseError(desc=desc, info=info)


--- a/ipaserver/rpcserver.py
+++ b/ipaserver/rpcserver.py
@ -317,9 +317,15 @@ class xmlserver(WSGIExecutioner):
        '''

        self.debug('WSGI xmlserver.__call__:')
-        self.create_context(ccache=environ.get('KRB5CCNAME'))
        try:
+            self.create_context(ccache=environ.get('KRB5CCNAME'))
            response = super(xmlserver, self).__call__(environ, start_response)
+        except PublicError, e:
+            status = '200 OK'
+            response = status
+            headers = [('Content-Type', 'text/plain')]
+            start_response(status, headers)
+            return self.marshal(None, e)
        finally:
            destroy_context()
        return response