4 files changed, 49 insertions, 21 deletions

diff --git a/cpp/src/Glacier2/SessionRouterI.cpp b/cpp/src/Glacier2/SessionRouterI.cpp
index 63b61fb724d..68587d74a8c 100644
--- a/cpp/src/Glacier2/SessionRouterI.cpp
+++ b/cpp/src/Glacier2/SessionRouterI.cpp
@@ -345,7 +345,7 @@ public:
     {
         assert(_sessionRouter->_sslVerifier);
 
-        AMI_SSLPermissionsVerifier_authorizePtr cb = new AuthorizeCB(this, _sessionRouter->_sessionManager);
+        AMI_SSLPermissionsVerifier_authorizePtr cb = new AuthorizeCB(this, _sessionRouter->_sslSessionManager);
         _sessionRouter->_sslVerifier->authorize_async(cb, _sslInfo, _current.ctx);
     }
 
@@ -357,7 +357,7 @@ public:
             string reason;
             if(_sessionRouter->_sslVerifier->authorize(_sslInfo, reason, _current.ctx))
             {
-                authorized(_sessionRouter->_sessionManager);
+                authorized(_sessionRouter->_sslSessionManager);
             }
             else
             {
diff --git a/cpp/src/IceGrid/AdminSessionI.cpp b/cpp/src/IceGrid/AdminSessionI.cpp
index 7d6df65b559..a486629d5d0 100644
--- a/cpp/src/IceGrid/AdminSessionI.cpp
+++ b/cpp/src/IceGrid/AdminSessionI.cpp
@@ -417,25 +417,31 @@ AdminSessionFactory::createGlacier2Session(const string& sessionId, const Glacie
     int timeout = 0;
     if(ctl)
     {
-        if(_filters)
+        try
         {
-            try
+            if(_filters)
             {
                 Ice::IdentitySeq ids;
                 Ice::Identity queryId;
                 queryId.category = _database->getInstanceName();
                 queryId.name = "Query";
                 ids.push_back(queryId);
-
+                
                 _servantManager->setSessionControl(session, ctl, ids);
             }
-            catch(const Ice::LocalException&)
-            {
-                session->destroy(Ice::Current());
-                return 0;
-            }
+            timeout = ctl->getSessionTimeout();
+        }
+        catch(const Ice::LocalException& ex)
+        {
+            session->destroy(Ice::Current());
+
+            Ice::Warning out(_database->getTraceLevels()->logger);
+            out << "Failed to callback Glacier2 session control object:\n" << ex;
+
+            Glacier2::CannotCreateSessionException ex;
+            ex.reason = "internal server error";
+            throw ex;
         }
-        timeout = ctl->getSessionTimeout();
     }
 
     _reaper->add(new SessionReapable<AdminSessionI>(_database->getTraceLevels()->logger, session), timeout);
@@ -486,7 +492,10 @@ AdminSSLSessionManagerI::create(const Glacier2::SSLInfo& info,
             // This shouldn't happen, the SSLInfo is supposed to be encoded by Glacier2.
             Ice::Error out(_factory->getTraceLevels()->logger);
             out << "SSL session manager couldn't decode SSL certificates:\n" << ex;
-            return 0;
+
+            Glacier2::CannotCreateSessionException ex;
+            ex.reason = "internal server error";
+            throw ex;
         }
     }
 
diff --git a/cpp/src/IceGrid/Client.cpp b/cpp/src/IceGrid/Client.cpp
index f6fa90dff6c..05a91fc74c2 100644
--- a/cpp/src/IceGrid/Client.cpp
+++ b/cpp/src/IceGrid/Client.cpp
@@ -631,6 +631,16 @@ Client::run(int argc, char* argv[])
         cout << "permission denied:\n" << ex.reason << endl;
         return EXIT_FAILURE;
     }
+    catch(const Glacier2::PermissionDeniedException& ex)
+    {
+        cout << "permission denied:\n" << ex.reason << endl;
+        return EXIT_FAILURE;
+    }
+    catch(const Glacier2::CannotCreateSessionException& ex)
+    {
+        cout << "session creation failed:\n" << ex.reason << endl;
+        return EXIT_FAILURE;
+    }
     catch(...)
     {
         if(keepAlive)
diff --git a/cpp/src/IceGrid/SessionI.cpp b/cpp/src/IceGrid/SessionI.cpp
index dc13a8a4d70..8cc681ba469 100644
--- a/cpp/src/IceGrid/SessionI.cpp
+++ b/cpp/src/IceGrid/SessionI.cpp
@@ -319,9 +319,9 @@ ClientSessionFactory::createGlacier2Session(const string& sessionId, const Glaci
     int timeout = 0;
     if(ctl)
     {
-        if(_filters)
+        try
         {
-            try
+            if(_filters)
             {
                 Ice::IdentitySeq ids;
                 Ice::Identity queryId;
@@ -331,13 +331,19 @@ ClientSessionFactory::createGlacier2Session(const string& sessionId, const Glaci
 
                 _servantManager->setSessionControl(session, ctl, ids);
             }
-            catch(const Ice::LocalException&)
-            {
-                session->destroy(Ice::Current());
-                return 0;
-            }
+            timeout = ctl->getSessionTimeout();
+        }
+        catch(const Ice::LocalException& ex)
+        {
+            session->destroy(Ice::Current());
+
+            Ice::Warning out(_database->getTraceLevels()->logger);
+            out << "Failed to callback Glacier2 session control object:\n" << ex;
+
+            Glacier2::CannotCreateSessionException ex;
+            ex.reason = "internal server error";
+            throw ex;
         }
-        timeout = ctl->getSessionTimeout();
     }
 
     _reaper->add(new SessionReapable<SessionI>(_database->getTraceLevels()->logger, session), timeout);
@@ -388,7 +394,10 @@ ClientSSLSessionManagerI::create(const Glacier2::SSLInfo& info,
             // This shouldn't happen, the SSLInfo is supposed to be encoded by Glacier2.
             Ice::Error out(_factory->getTraceLevels()->logger);
             out << "SSL session manager couldn't decode SSL certificates:\n" << ex;
-            return 0;
+
+            Glacier2::CannotCreateSessionException ex;
+            ex.reason = "internal server error";
+            throw ex;
         }
     }