From 7a5fadfc8d59885aca27ec89a9bbdf99fabd270b Mon Sep 17 00:00:00 2001
From: Thomas Woerner <twoerner@redhat.com>
Date: Fri, 5 Jul 2019 13:05:04 +0200
Subject: [PATCH] ipaclient/action_plugins/ipaclient_get_otp: Enhanced error
 reporting

If kinit_password call failed because of wrong password or even because
kinit was not found, there was a very unspecific error message. Now these
errors will be properly reported.

Fixes: RHBZ#1727277
---
 .../ipaclient/action_plugins/ipaclient_get_otp.py | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/roles/ipaclient/action_plugins/ipaclient_get_otp.py b/roles/ipaclient/action_plugins/ipaclient_get_otp.py
index 90086b9f..9e529f8e 100644
--- a/roles/ipaclient/action_plugins/ipaclient_get_otp.py
+++ b/roles/ipaclient/action_plugins/ipaclient_get_otp.py
@@ -52,7 +52,8 @@ def run_cmd(args, stdin=None):
                          close_fds=True)
     stdout, stderr = p.communicate(stdin)
 
-    return p.returncode
+    if p.returncode != 0:
+        raise RuntimeError(stderr)
 
 
 def kinit_password(principal, password, ccache_name, config):
@@ -197,12 +198,14 @@ class ActionModule(ActionBase):
             f.write(content)
 
         if password:
-            # perform kinit -c ccache_name -l 1h principal
-            res = kinit_password(principal, password, ccache_name,
-                                 krb5conf_name)
-            if res:
+            try:
+                # perform kinit -c ccache_name -l 1h principal
+                kinit_password(principal, password, ccache_name,
+                               krb5conf_name)
+            except Exception as e:
                 result['failed'] = True
-                result['msg'] = 'kinit %s with password failed' % principal
+                result['msg'] = 'kinit %s with password failed: %s' % \
+                    (principal, to_native(e))
                 return result
 
         else:
-- 
GitLab