From 301e56c06192649bc33ddbda77ac55c0fb69f2a0 Mon Sep 17 00:00:00 2001 From: Nalin Dahyabhai Date: Tue, 14 Jun 2016 15:59:10 -0400 Subject: [PATCH] ipa-submit: Retry without "ca" on OptionError Add a fallback for when the IPA server returns error 3005 ("OptionError") when we've tried to use the "ca" named argument in a request. As we did with "profile_id" earlier, take a guess that it didn't understand the most recently-added option that we're setting, and retry without it set. --- src/ipa.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/ipa.c b/src/ipa.c index f2736c6f37948df902b65157480fc0c29ec58c3e..f8abe609a603b614067e56ebe9935472b647ed99 100644 --- a/src/ipa.c +++ b/src/ipa.c @@ -387,6 +387,14 @@ submit: switch (i / 1000) { case 2: /* authorization error - permanent */ case 3: /* invocation error - permanent */ + if ((i == 3005) && (issuer != NULL)) { + /* Most likely the server didn't understand the + * "ca" argument. At least, at this + * point. Randomly dropping arguments is not + * really an extensible solution, though. */ + issuer = NULL; + goto submit; + } if ((i == 3005) && (profile != NULL)) { /* Most likely the server didn't understand the * "profile_id" argument. At least, at this -- 2.9.0