[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Freeipa-devel] [PATCH] Handle no credentials cache more gracefully



Don't continue if a kerberos credentials cache is not available. This used to throw a really cryptic error because it was getting into the very old proxy code.

Apache forked-model detection was incorrect.

Both of these return an error instead of raising one (so the user gets feedback instead of a 500 error).

rob
# HG changeset patch
# User Rob Crittenden <rcritten redhat com>
# Date 1194638141 18000
# Node ID 0890f516423c50a5ca2d79b322be6e6638e96cab
# Parent  b35ec95895bc32da3fb3aac08acc815240bcb770
Don't continue if a kerberos credentials cache is not available
forked-model detection was incorrect.
Both of these return an error instead of raising one

diff -r b35ec95895bc -r 0890f516423c ipa-server/xmlrpc-server/ipaxmlrpc.py
--- a/ipa-server/xmlrpc-server/ipaxmlrpc.py	Fri Nov 09 14:01:28 2007 -0500
+++ b/ipa-server/xmlrpc-server/ipaxmlrpc.py	Fri Nov 09 14:55:41 2007 -0500
@@ -141,8 +141,8 @@ class ModXMLRPCRequestHandler(object):
         if req.subprocess_env.get("KRB5CCNAME") is not None:
             opts['krbccache'] = req.subprocess_env.get("KRB5CCNAME")
         else:
-            sys.stderr.write("IPA: did not receive a Kerberos credentials cache. Expect problems")
-            sys.stderr.flush()
+            response = dumps(Fault(5, "Did not receive Kerberos credentials."))
+            return response
 
         if pythonopts.get("IPADebug"):
             opts['ipadebug'] = pythonopts.get("IPADebug")
@@ -277,17 +277,17 @@ class ModXMLRPCRequestHandler(object):
     def handle_request(self,req):
         """Handle a single XML-RPC request"""
 
-        # The LDAP connection pool is not thread-safe. Avoid problems and
-        # force the forked model for now.
-        if not apache.mpm_query(apache.AP_MPMQ_IS_FORKED):
-            raise Fault(3, "Apache must use the forked model")
-
         # XMLRPC uses POST only. Reject anything else
         if req.method != 'POST':
             req.allow_methods(['POST'],1)
             raise apache.SERVER_RETURN, apache.HTTP_METHOD_NOT_ALLOWED
 
-        response = self._marshaled_dispatch(req.read(), req)
+        # The LDAP connection pool is not thread-safe. Avoid problems and
+        # force the forked model for now.
+        if apache.mpm_query(apache.AP_MPMQ_IS_THREADED):
+            response = dumps(Fault(3, "Apache must use the forked model"))
+        else:
+            response = self._marshaled_dispatch(req.read(), req)
 
         req.content_type = "text/xml"
         req.set_content_length(len(response))

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]