2009-01-03 03:35:36 -06:00
|
|
|
# Authors:
|
|
|
|
# Jason Gerard DeRose <jderose@redhat.com>
|
|
|
|
#
|
|
|
|
# Copyright (C) 2008 Red Hat
|
|
|
|
# see file 'COPYING' for use and warranty inmsgion
|
|
|
|
#
|
2010-12-09 06:59:11 -06:00
|
|
|
# This program is free software; you can redistribute it and/or modify
|
|
|
|
# it under the terms of the GNU General Public License as published by
|
|
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
|
|
# (at your option) any later version.
|
2009-01-03 03:35:36 -06:00
|
|
|
#
|
|
|
|
# This program is distributed in the hope that it will be useful,
|
|
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
# GNU General Public License for more details.
|
|
|
|
#
|
|
|
|
# You should have received a copy of the GNU General Public License
|
2010-12-09 06:59:11 -06:00
|
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
2009-01-03 03:35:36 -06:00
|
|
|
|
|
|
|
"""
|
2009-01-06 12:15:41 -06:00
|
|
|
Custom exception classes (some which are RPC transparent).
|
2009-01-03 03:35:36 -06:00
|
|
|
|
2009-01-06 12:15:41 -06:00
|
|
|
`PrivateError` and its subclasses are custom IPA excetions that will *never* be
|
|
|
|
forwarded in a Remote Procedure Call (RPC) response.
|
|
|
|
|
|
|
|
On the other hand, `PublicError` and its subclasses can be forwarded in an RPC
|
|
|
|
response. These public errors each carry a unique integer error code as well as
|
2009-01-06 14:33:22 -06:00
|
|
|
a gettext translated error message (translated at the time the exception is
|
2009-01-06 12:15:41 -06:00
|
|
|
raised). The purpose of the public errors is to relay information about
|
|
|
|
*expected* user errors, service availability errors, and so on. They should
|
|
|
|
*never* be used for *unexpected* programmatic or run-time errors.
|
|
|
|
|
|
|
|
For security reasons it is *extremely* important that arbitrary exceptions *not*
|
|
|
|
be forwarded in an RPC response. Unexpected exceptions can easily contain
|
|
|
|
compromising information in their error messages. Any time the server catches
|
|
|
|
any exception that isn't a `PublicError` subclass, it should raise an
|
|
|
|
`InternalError`, which itself always has the same, static error message (and
|
|
|
|
therefore cannot be populated with information about the true exception).
|
|
|
|
|
|
|
|
The public errors are arranging into five main blocks of error code ranges:
|
2009-01-03 03:35:36 -06:00
|
|
|
|
|
|
|
============= ========================================
|
|
|
|
Error codes Exceptions
|
|
|
|
============= ========================================
|
|
|
|
1000 - 1999 `AuthenticationError` and its subclasses
|
|
|
|
2000 - 2999 `AuthorizationError` and its subclasses
|
|
|
|
3000 - 3999 `InvocationError` and its subclasses
|
|
|
|
4000 - 4999 `ExecutionError` and its subclasses
|
|
|
|
5000 - 5999 `GenericError` and its subclasses
|
|
|
|
============= ========================================
|
2009-01-06 12:15:41 -06:00
|
|
|
|
|
|
|
Within these five blocks some sub-ranges are already allocated for certain types
|
|
|
|
of error messages, while others are reserved for future use. Here are the
|
|
|
|
current block assignments:
|
|
|
|
|
|
|
|
- **900-5999** `PublicError` and its subclasses
|
|
|
|
|
|
|
|
- **901 - 907** Assigned to special top-level public errors
|
|
|
|
|
|
|
|
- **908 - 999** *Reserved for future use*
|
|
|
|
|
|
|
|
- **1000 - 1999** `AuthenticationError` and its subclasses
|
|
|
|
|
|
|
|
- **1001 - 1099** Open for general authentication errors
|
|
|
|
|
|
|
|
- **1100 - 1199** `KerberosError` and its subclasses
|
|
|
|
|
add session manager and cache krb auth
This patch adds a session manager and support for caching
authentication in the session. Major elements of the patch are:
* Add a session manager to support cookie based sessions which
stores session data in a memcached entry.
* Add ipalib/krb_utils.py which contains functions to parse ccache
names, format principals, format KRB timestamps, and a KRB_CCache
class which reads ccache entry and allows one to extract information
such as the principal, credentials, credential timestamps, etc.
* Move krb constants defined in ipalib/rpc.py to ipa_krb_utils.py so
that all kerberos items are co-located.
* Modify javascript in ipa.js so that the IPA.command() RPC call
checks for authentication needed error response and if it receives
it sends a GET request to /ipa/login URL to refresh credentials.
* Add session_auth_duration config item to constants.py, used to
configure how long a session remains valid.
* Add parse_time_duration utility to ipalib/util.py. Used to parse the
session_auth_duration config item.
* Update the default.conf.5 man page to document session_auth_duration
config item (also added documentation for log_manager config items
which had been inadvertantly omitted from a previous commit).
* Add SessionError object to ipalib/errors.py
* Move Kerberos protection in Apache config from /ipa to /ipa/xml and
/ipa/login
* Add SessionCCache class to session.py to manage temporary Kerberos
ccache file in effect for the duration of an RPC command.
* Adds a krblogin plugin used to implement the /ipa/login
handler. login handler sets the session expiration time, currently
60 minutes or the expiration of the TGT, whichever is shorter. It
also copies the ccache provied by mod_auth_kerb into the session
data. The json handler will later extract and validate the ccache
belonging to the session.
* Refactored the WSGI handlers so that json and xlmrpc could have
independent behavior, this also moves where create and destroy
context occurs, now done in the individual handler rather than the
parent class.
* The json handler now looks up the session data, validates the ccache
bound to the session, if it's expired replies with authenicated
needed error.
* Add documentation to session.py. Fully documents the entire process,
got questions, read the doc.
* Add exclusions to make-lint as needed.
2012-02-06 12:29:56 -06:00
|
|
|
- **1200 - 1299** `SessionError` and its subclasses
|
|
|
|
|
|
|
|
- **1300 - 1999** *Reserved for future use*
|
2009-01-06 12:15:41 -06:00
|
|
|
|
|
|
|
- **2000 - 2999** `AuthorizationError` and its subclasses
|
|
|
|
|
|
|
|
- **2001 - 2099** Open for general authorization errors
|
|
|
|
|
|
|
|
- **2100 - 2199** `ACIError` and its subclasses
|
|
|
|
|
|
|
|
- **2200 - 2999** *Reserved for future use*
|
|
|
|
|
|
|
|
- **3000 - 3999** `InvocationError` and its subclasses
|
|
|
|
|
|
|
|
- **3001 - 3099** Open for general invocation errors
|
|
|
|
|
|
|
|
- **3100 - 3199** *Reserved for future use*
|
|
|
|
|
|
|
|
- **4000 - 4999** `ExecutionError` and its subclasses
|
|
|
|
|
|
|
|
- **4001 - 4099** Open for general execution errors
|
|
|
|
|
2009-01-22 19:48:21 -06:00
|
|
|
- **4100 - 4199** `BuiltinError` and its subclasses
|
|
|
|
|
|
|
|
- **4200 - 4299** `LDAPError` and its subclasses
|
2009-01-06 12:15:41 -06:00
|
|
|
|
2009-11-19 10:16:30 -06:00
|
|
|
- **4300 - 4399** `CertificateError` and its subclasses
|
|
|
|
|
|
|
|
- **4400 - 4999** *Reserved for future use*
|
2009-01-06 12:15:41 -06:00
|
|
|
|
|
|
|
- **5000 - 5999** `GenericError` and its subclasses
|
|
|
|
|
|
|
|
- **5001 - 5099** Open for generic errors
|
|
|
|
|
|
|
|
- **5100 - 5999** *Reserved for future use*
|
2009-01-03 03:35:36 -06:00
|
|
|
"""
|
|
|
|
|
2012-12-04 08:27:05 -06:00
|
|
|
from ipalib.text import ngettext as ungettext
|
2015-07-31 03:15:01 -05:00
|
|
|
from ipalib import messages
|
2014-05-29 07:47:17 -05:00
|
|
|
from ipaplatform.paths import paths
|
2009-01-03 03:35:36 -06:00
|
|
|
|
|
|
|
|
2015-08-24 05:40:33 -05:00
|
|
|
class PrivateError(Exception):
|
2009-01-03 03:35:36 -06:00
|
|
|
"""
|
2009-01-03 18:27:53 -06:00
|
|
|
Base class for exceptions that are *never* forwarded in an RPC response.
|
2009-01-03 03:35:36 -06:00
|
|
|
"""
|
|
|
|
|
2009-01-03 16:35:54 -06:00
|
|
|
format = ''
|
|
|
|
|
|
|
|
def __init__(self, **kw):
|
2009-08-20 09:15:57 -05:00
|
|
|
self.msg = self.format % kw
|
2009-10-13 12:28:00 -05:00
|
|
|
self.kw = kw
|
Use Python3-compatible dict method names
Python 2 has keys()/values()/items(), which return lists,
iterkeys()/itervalues()/iteritems(), which return iterators,
and viewkeys()/viewvalues()/viewitems() which return views.
Python 3 has only keys()/values()/items(), which return views.
To get iterators, one can use iter() or a for loop/comprehension;
for lists there's the list() constructor.
When iterating through the entire dict, without modifying the dict,
the difference between Python 2's items() and iteritems() is
negligible, especially on small dicts (the main overhead is
extra memory, not CPU time). In the interest of simpler code,
this patch changes many instances of iteritems() to items(),
iterkeys() to keys() etc.
In other cases, helpers like six.itervalues are used.
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2015-08-11 06:51:14 -05:00
|
|
|
for (key, value) in kw.items():
|
2009-01-03 16:35:54 -06:00
|
|
|
assert not hasattr(self, key), 'conflicting kwarg %s.%s = %r' % (
|
|
|
|
self.__class__.__name__, key, value,
|
|
|
|
)
|
|
|
|
setattr(self, key, value)
|
2015-08-24 05:40:33 -05:00
|
|
|
Exception.__init__(self, self.msg)
|
2009-01-03 16:35:54 -06:00
|
|
|
|
|
|
|
|
|
|
|
class SubprocessError(PrivateError):
|
|
|
|
"""
|
|
|
|
Raised when ``subprocess.call()`` returns a non-zero exit status.
|
|
|
|
|
|
|
|
This custom exception is needed because Python 2.4 doesn't have the
|
|
|
|
``subprocess.CalledProcessError`` exception (which was added in Python 2.5).
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
2009-01-03 19:02:58 -06:00
|
|
|
>>> raise SubprocessError(returncode=2, argv=('ls', '-lh', '/no-foo/'))
|
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
|
|
|
SubprocessError: return code 2 from ('ls', '-lh', '/no-foo/')
|
|
|
|
|
|
|
|
The exit code of the sub-process is available via the ``returncode``
|
|
|
|
instance attribute. For example:
|
|
|
|
|
2014-05-29 07:47:17 -05:00
|
|
|
>>> e = SubprocessError(returncode=1, argv=(paths.BIN_FALSE,))
|
2009-01-03 16:35:54 -06:00
|
|
|
>>> e.returncode
|
|
|
|
1
|
2009-01-03 19:02:58 -06:00
|
|
|
>>> e.argv # argv is also available
|
2009-01-03 16:35:54 -06:00
|
|
|
('/bin/false',)
|
|
|
|
"""
|
2009-01-03 18:27:53 -06:00
|
|
|
|
2009-01-03 16:35:54 -06:00
|
|
|
format = 'return code %(returncode)d from %(argv)r'
|
|
|
|
|
2009-01-03 03:35:36 -06:00
|
|
|
|
2009-01-03 18:27:53 -06:00
|
|
|
class PluginSubclassError(PrivateError):
|
|
|
|
"""
|
|
|
|
Raised when a plugin doesn't subclass from an allowed base.
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
|
|
>>> raise PluginSubclassError(plugin='bad', bases=('base1', 'base2'))
|
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
|
|
|
PluginSubclassError: 'bad' not subclass of any base in ('base1', 'base2')
|
|
|
|
|
|
|
|
"""
|
|
|
|
|
2012-11-08 09:06:35 -06:00
|
|
|
format = '%(plugin)r not subclass of any base in %(bases)r'
|
2009-01-03 18:27:53 -06:00
|
|
|
|
|
|
|
|
|
|
|
class PluginDuplicateError(PrivateError):
|
|
|
|
"""
|
|
|
|
Raised when the same plugin class is registered more than once.
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
|
|
>>> raise PluginDuplicateError(plugin='my_plugin')
|
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
|
|
|
PluginDuplicateError: 'my_plugin' was already registered
|
|
|
|
"""
|
|
|
|
|
|
|
|
format = '%(plugin)r was already registered'
|
|
|
|
|
|
|
|
|
|
|
|
class PluginOverrideError(PrivateError):
|
|
|
|
"""
|
|
|
|
Raised when a plugin overrides another without using ``override=True``.
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
|
|
>>> raise PluginOverrideError(base='Command', name='env', plugin='my_env')
|
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
|
|
|
PluginOverrideError: unexpected override of Command.env with 'my_env'
|
|
|
|
"""
|
|
|
|
|
|
|
|
format = 'unexpected override of %(base)s.%(name)s with %(plugin)r'
|
|
|
|
|
|
|
|
|
|
|
|
class PluginMissingOverrideError(PrivateError):
|
|
|
|
"""
|
|
|
|
Raised when a plugin overrides another that has not been registered.
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
|
|
>>> raise PluginMissingOverrideError(base='Command', name='env', plugin='my_env')
|
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
|
|
|
PluginMissingOverrideError: Command.env not registered, cannot override with 'my_env'
|
|
|
|
"""
|
|
|
|
|
|
|
|
format = '%(base)s.%(name)s not registered, cannot override with %(plugin)r'
|
|
|
|
|
|
|
|
|
2009-02-12 03:10:12 -06:00
|
|
|
class SkipPluginModule(PrivateError):
|
|
|
|
"""
|
|
|
|
Raised to abort the loading of a plugin module.
|
|
|
|
"""
|
|
|
|
|
|
|
|
format = '%(reason)s'
|
|
|
|
|
|
|
|
|
|
|
|
class PluginsPackageError(PrivateError):
|
|
|
|
"""
|
|
|
|
Raised when ``package.plugins`` is a module instead of a sub-package.
|
|
|
|
"""
|
|
|
|
|
|
|
|
format = '%(name)s must be sub-package, not module: %(file)r'
|
|
|
|
|
2009-01-03 18:27:53 -06:00
|
|
|
|
|
|
|
##############################################################################
|
|
|
|
# Public errors:
|
2009-01-08 01:07:18 -06:00
|
|
|
|
2012-12-04 08:27:05 -06:00
|
|
|
_texts = []
|
2009-01-08 01:07:18 -06:00
|
|
|
|
|
|
|
def _(message):
|
2012-12-04 08:27:05 -06:00
|
|
|
_texts.append(message)
|
2009-01-08 01:07:18 -06:00
|
|
|
return message
|
|
|
|
|
|
|
|
|
2015-08-24 05:40:33 -05:00
|
|
|
class PublicError(Exception):
|
2009-01-03 03:35:36 -06:00
|
|
|
"""
|
2009-01-03 18:27:53 -06:00
|
|
|
**900** Base class for exceptions that can be forwarded in an RPC response.
|
2009-01-03 03:35:36 -06:00
|
|
|
"""
|
2012-12-04 08:27:05 -06:00
|
|
|
def __init__(self, format=None, message=None, **kw):
|
|
|
|
messages.process_message_arguments(self, format, message, **kw)
|
|
|
|
super(PublicError, self).__init__(self.msg)
|
2009-01-03 03:35:36 -06:00
|
|
|
|
2009-01-06 14:33:22 -06:00
|
|
|
errno = 900
|
2009-06-09 14:24:23 -05:00
|
|
|
rval = 1
|
2009-01-08 01:07:18 -06:00
|
|
|
format = None
|
|
|
|
|
2009-01-03 03:35:36 -06:00
|
|
|
|
2009-01-04 19:20:39 -06:00
|
|
|
class VersionError(PublicError):
|
|
|
|
"""
|
|
|
|
**901** Raised when client and server versions are incompatible.
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
|
|
>>> raise VersionError(cver='2.0', sver='2.1', server='https://localhost')
|
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
|
|
|
VersionError: 2.0 client incompatible with 2.1 server at 'https://localhost'
|
|
|
|
|
|
|
|
"""
|
|
|
|
|
2009-01-06 14:33:22 -06:00
|
|
|
errno = 901
|
2012-11-08 09:06:35 -06:00
|
|
|
format = _("%(cver)s client incompatible with %(sver)s server at '%(server)s'")
|
2009-01-04 19:20:39 -06:00
|
|
|
|
|
|
|
|
2009-01-19 22:10:42 -06:00
|
|
|
class UnknownError(PublicError):
|
|
|
|
"""
|
|
|
|
**902** Raised when client does not know error it caught from server.
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
|
|
>>> raise UnknownError(code=57, server='localhost', error=u'a new error')
|
|
|
|
...
|
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
|
|
|
UnknownError: unknown error 57 from localhost: a new error
|
|
|
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 902
|
|
|
|
format = _('unknown error %(code)d from %(server)s: %(error)s')
|
|
|
|
|
2009-01-04 19:20:39 -06:00
|
|
|
|
2009-01-03 03:35:36 -06:00
|
|
|
class InternalError(PublicError):
|
|
|
|
"""
|
2009-01-19 22:10:42 -06:00
|
|
|
**903** Raised to conceal a non-public exception.
|
2009-01-04 04:52:08 -06:00
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
|
|
>>> raise InternalError()
|
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
2009-05-21 21:40:05 -05:00
|
|
|
InternalError: an internal error has occurred
|
2009-01-03 03:35:36 -06:00
|
|
|
"""
|
|
|
|
|
2009-01-19 22:10:42 -06:00
|
|
|
errno = 903
|
2009-05-21 21:40:05 -05:00
|
|
|
format = _('an internal error has occurred')
|
2009-01-03 03:35:36 -06:00
|
|
|
|
2009-01-04 04:52:08 -06:00
|
|
|
def __init__(self, message=None):
|
|
|
|
"""
|
|
|
|
Security issue: ignore any information given to constructor.
|
|
|
|
"""
|
2009-01-08 01:07:18 -06:00
|
|
|
PublicError.__init__(self)
|
2009-01-04 04:52:08 -06:00
|
|
|
|
|
|
|
|
2009-01-04 19:20:39 -06:00
|
|
|
class ServerInternalError(PublicError):
|
2009-01-04 04:52:08 -06:00
|
|
|
"""
|
2009-01-19 22:10:42 -06:00
|
|
|
**904** Raised when client catches an `InternalError` from server.
|
2009-01-04 04:52:08 -06:00
|
|
|
|
|
|
|
For example:
|
|
|
|
|
2009-01-04 19:20:39 -06:00
|
|
|
>>> raise ServerInternalError(server='https://localhost')
|
2009-01-04 04:52:08 -06:00
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
2009-05-21 21:40:05 -05:00
|
|
|
ServerInternalError: an internal error has occurred on server at 'https://localhost'
|
2009-01-04 04:52:08 -06:00
|
|
|
"""
|
|
|
|
|
2009-01-19 22:10:42 -06:00
|
|
|
errno = 904
|
2012-11-08 09:06:35 -06:00
|
|
|
format = _("an internal error has occurred on server at '%(server)s'")
|
2009-01-04 04:52:08 -06:00
|
|
|
|
|
|
|
|
2009-01-04 19:20:39 -06:00
|
|
|
class CommandError(PublicError):
|
2009-01-04 04:52:08 -06:00
|
|
|
"""
|
2009-01-19 22:10:42 -06:00
|
|
|
**905** Raised when an unknown command is called.
|
2009-01-04 04:52:08 -06:00
|
|
|
|
|
|
|
For example:
|
|
|
|
|
2009-01-04 19:20:39 -06:00
|
|
|
>>> raise CommandError(name='foobar')
|
2009-01-04 04:52:08 -06:00
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
2009-01-04 19:20:39 -06:00
|
|
|
CommandError: unknown command 'foobar'
|
|
|
|
"""
|
|
|
|
|
2009-01-19 22:10:42 -06:00
|
|
|
errno = 905
|
2012-11-08 09:06:35 -06:00
|
|
|
format = _("unknown command '%(name)s'")
|
2009-01-04 04:52:08 -06:00
|
|
|
|
2009-01-04 19:20:39 -06:00
|
|
|
|
|
|
|
class ServerCommandError(PublicError):
|
2009-01-04 04:52:08 -06:00
|
|
|
"""
|
2009-01-19 22:10:42 -06:00
|
|
|
**906** Raised when client catches a `CommandError` from server.
|
2009-01-04 04:52:08 -06:00
|
|
|
|
2009-01-04 19:20:39 -06:00
|
|
|
For example:
|
|
|
|
|
|
|
|
>>> e = CommandError(name='foobar')
|
|
|
|
>>> raise ServerCommandError(error=e.message, server='https://localhost')
|
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
|
|
|
ServerCommandError: error on server 'https://localhost': unknown command 'foobar'
|
|
|
|
"""
|
|
|
|
|
2009-01-19 22:10:42 -06:00
|
|
|
errno = 906
|
2012-11-08 09:06:35 -06:00
|
|
|
format = _("error on server '%(server)s': %(error)s")
|
2009-01-04 19:20:39 -06:00
|
|
|
|
|
|
|
|
|
|
|
class NetworkError(PublicError):
|
|
|
|
"""
|
2009-01-19 22:10:42 -06:00
|
|
|
**907** Raised when a network connection cannot be created.
|
2009-01-04 19:20:39 -06:00
|
|
|
|
|
|
|
For example:
|
|
|
|
|
2012-07-04 07:52:47 -05:00
|
|
|
>>> raise NetworkError(uri='ldap://localhost:389', error=_(u'Connection refused'))
|
2009-01-04 19:20:39 -06:00
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
2009-01-22 18:03:48 -06:00
|
|
|
NetworkError: cannot connect to 'ldap://localhost:389': Connection refused
|
2009-01-04 19:20:39 -06:00
|
|
|
"""
|
2009-01-04 04:52:08 -06:00
|
|
|
|
2009-01-19 22:10:42 -06:00
|
|
|
errno = 907
|
2012-11-08 09:06:35 -06:00
|
|
|
format = _("cannot connect to '%(uri)s': %(error)s")
|
2009-01-04 19:20:39 -06:00
|
|
|
|
|
|
|
|
|
|
|
class ServerNetworkError(PublicError):
|
|
|
|
"""
|
2009-01-19 22:10:42 -06:00
|
|
|
**908** Raised when client catches a `NetworkError` from server.
|
2009-01-04 19:20:39 -06:00
|
|
|
"""
|
2009-01-04 04:52:08 -06:00
|
|
|
|
2009-01-19 22:10:42 -06:00
|
|
|
errno = 908
|
2012-11-08 09:06:35 -06:00
|
|
|
format = _("error on server '%(server)s': %(error)s")
|
2009-01-04 04:52:08 -06:00
|
|
|
|
2009-01-03 03:35:36 -06:00
|
|
|
|
2009-10-13 12:28:00 -05:00
|
|
|
class JSONError(PublicError):
|
|
|
|
"""
|
|
|
|
**909** Raised when server recieved a malformed JSON-RPC request.
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 909
|
|
|
|
format = _('Invalid JSON-RPC request: %(error)s')
|
|
|
|
|
|
|
|
|
2011-01-17 15:23:53 -06:00
|
|
|
class XMLRPCMarshallError(PublicError):
|
|
|
|
"""
|
|
|
|
**910** Raised when the XML-RPC lib cannot marshall the request
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
2012-07-04 07:52:47 -05:00
|
|
|
>>> raise XMLRPCMarshallError(error=_('int exceeds XML-RPC limits'))
|
2011-01-17 15:23:53 -06:00
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
|
|
|
XMLRPCMarshallError: error marshalling data for XML-RPC transport: int exceeds XML-RPC limits
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 910
|
|
|
|
format = _('error marshalling data for XML-RPC transport: %(error)s')
|
2009-01-03 03:35:36 -06:00
|
|
|
|
2011-10-20 10:29:26 -05:00
|
|
|
|
|
|
|
class RefererError(PublicError):
|
|
|
|
"""
|
2012-09-16 11:35:56 -05:00
|
|
|
**911** Raised when the request does not contain an HTTP referer
|
2011-10-20 10:29:26 -05:00
|
|
|
|
|
|
|
For example:
|
|
|
|
|
2011-11-01 07:58:05 -05:00
|
|
|
>>> raise RefererError(referer='referer')
|
2011-10-20 10:29:26 -05:00
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
2011-11-01 07:58:05 -05:00
|
|
|
RefererError: Missing or invalid HTTP Referer, referer
|
2011-10-20 10:29:26 -05:00
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 911
|
|
|
|
format = _('Missing or invalid HTTP Referer, %(referer)s')
|
|
|
|
|
|
|
|
|
2009-01-03 03:35:36 -06:00
|
|
|
##############################################################################
|
2009-01-03 18:27:53 -06:00
|
|
|
# 1000 - 1999: Authentication errors
|
2009-01-03 03:35:36 -06:00
|
|
|
class AuthenticationError(PublicError):
|
|
|
|
"""
|
|
|
|
**1000** Base class for authentication errors (*1000 - 1999*).
|
|
|
|
"""
|
|
|
|
|
2009-01-06 14:33:22 -06:00
|
|
|
errno = 1000
|
2009-01-03 03:35:36 -06:00
|
|
|
|
|
|
|
|
2009-01-06 12:15:41 -06:00
|
|
|
class KerberosError(AuthenticationError):
|
|
|
|
"""
|
2009-01-06 12:54:58 -06:00
|
|
|
**1100** Base class for Kerberos authentication errors (*1100 - 1199*).
|
2009-05-21 14:25:29 -05:00
|
|
|
|
|
|
|
For example:
|
|
|
|
|
2012-07-04 07:52:47 -05:00
|
|
|
>>> raise KerberosError(major=_('Unspecified GSS failure. Minor code may provide more information'), minor=_('No credentials cache found'))
|
2009-05-21 14:25:29 -05:00
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
|
|
|
KerberosError: Kerberos error: Unspecified GSS failure. Minor code may provide more information/No credentials cache found
|
|
|
|
|
2009-01-06 12:15:41 -06:00
|
|
|
"""
|
|
|
|
|
2009-01-06 14:33:22 -06:00
|
|
|
errno = 1100
|
2009-05-21 14:25:29 -05:00
|
|
|
format= _('Kerberos error: %(major)s/%(minor)s')
|
2009-01-06 12:15:41 -06:00
|
|
|
|
|
|
|
|
2009-01-30 21:53:32 -06:00
|
|
|
class CCacheError(KerberosError):
|
|
|
|
"""
|
|
|
|
**1101** Raised when sever does not recieve Kerberose credentials.
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
|
|
>>> raise CCacheError()
|
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
|
|
|
CCacheError: did not receive Kerberos credentials
|
|
|
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 1101
|
|
|
|
format = _('did not receive Kerberos credentials')
|
|
|
|
|
|
|
|
|
2009-01-23 13:51:48 -06:00
|
|
|
class ServiceError(KerberosError):
|
|
|
|
"""
|
2009-01-30 21:53:32 -06:00
|
|
|
**1102** Raised when service is not found in Kerberos DB.
|
2009-01-23 13:51:48 -06:00
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
|
|
>>> raise ServiceError(service='HTTP@localhost')
|
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
|
|
|
ServiceError: Service 'HTTP@localhost' not found in Kerberos database
|
|
|
|
"""
|
|
|
|
|
2009-01-30 21:53:32 -06:00
|
|
|
errno = 1102
|
2012-11-08 09:06:35 -06:00
|
|
|
format = _("Service '%(service)s' not found in Kerberos database")
|
2009-01-23 13:51:48 -06:00
|
|
|
|
|
|
|
|
2009-04-13 17:01:58 -05:00
|
|
|
class NoCCacheError(KerberosError):
|
|
|
|
"""
|
|
|
|
**1103** Raised when a client attempts to use Kerberos without a ccache.
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
|
|
>>> raise NoCCacheError()
|
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
|
|
|
NoCCacheError: No credentials cache found
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 1103
|
|
|
|
format = _('No credentials cache found')
|
|
|
|
|
|
|
|
|
|
|
|
class TicketExpired(KerberosError):
|
|
|
|
"""
|
|
|
|
**1104** Raised when a client attempts to use an expired ticket
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
|
|
>>> raise TicketExpired()
|
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
|
|
|
TicketExpired: Ticket expired
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 1104
|
|
|
|
format = _('Ticket expired')
|
|
|
|
|
|
|
|
|
|
|
|
class BadCCachePerms(KerberosError):
|
|
|
|
"""
|
|
|
|
**1105** Raised when a client has bad permissions on their ccache
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
|
|
>>> raise BadCCachePerms()
|
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
|
|
|
BadCCachePerms: Credentials cache permissions incorrect
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 1105
|
|
|
|
format = _('Credentials cache permissions incorrect')
|
|
|
|
|
|
|
|
|
|
|
|
class BadCCacheFormat(KerberosError):
|
|
|
|
"""
|
|
|
|
**1106** Raised when a client has a misformated ccache
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
|
|
>>> raise BadCCacheFormat()
|
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
|
|
|
BadCCacheFormat: Bad format in credentials cache
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 1106
|
|
|
|
format = _('Bad format in credentials cache')
|
|
|
|
|
|
|
|
|
|
|
|
class CannotResolveKDC(KerberosError):
|
|
|
|
"""
|
|
|
|
**1107** Raised when the KDC can't be resolved
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
|
|
>>> raise CannotResolveKDC()
|
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
|
|
|
CannotResolveKDC: Cannot resolve KDC for requested realm
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 1107
|
|
|
|
format = _('Cannot resolve KDC for requested realm')
|
|
|
|
|
2009-01-03 03:35:36 -06:00
|
|
|
|
add session manager and cache krb auth
This patch adds a session manager and support for caching
authentication in the session. Major elements of the patch are:
* Add a session manager to support cookie based sessions which
stores session data in a memcached entry.
* Add ipalib/krb_utils.py which contains functions to parse ccache
names, format principals, format KRB timestamps, and a KRB_CCache
class which reads ccache entry and allows one to extract information
such as the principal, credentials, credential timestamps, etc.
* Move krb constants defined in ipalib/rpc.py to ipa_krb_utils.py so
that all kerberos items are co-located.
* Modify javascript in ipa.js so that the IPA.command() RPC call
checks for authentication needed error response and if it receives
it sends a GET request to /ipa/login URL to refresh credentials.
* Add session_auth_duration config item to constants.py, used to
configure how long a session remains valid.
* Add parse_time_duration utility to ipalib/util.py. Used to parse the
session_auth_duration config item.
* Update the default.conf.5 man page to document session_auth_duration
config item (also added documentation for log_manager config items
which had been inadvertantly omitted from a previous commit).
* Add SessionError object to ipalib/errors.py
* Move Kerberos protection in Apache config from /ipa to /ipa/xml and
/ipa/login
* Add SessionCCache class to session.py to manage temporary Kerberos
ccache file in effect for the duration of an RPC command.
* Adds a krblogin plugin used to implement the /ipa/login
handler. login handler sets the session expiration time, currently
60 minutes or the expiration of the TGT, whichever is shorter. It
also copies the ccache provied by mod_auth_kerb into the session
data. The json handler will later extract and validate the ccache
belonging to the session.
* Refactored the WSGI handlers so that json and xlmrpc could have
independent behavior, this also moves where create and destroy
context occurs, now done in the individual handler rather than the
parent class.
* The json handler now looks up the session data, validates the ccache
bound to the session, if it's expired replies with authenicated
needed error.
* Add documentation to session.py. Fully documents the entire process,
got questions, read the doc.
* Add exclusions to make-lint as needed.
2012-02-06 12:29:56 -06:00
|
|
|
class SessionError(AuthenticationError):
|
|
|
|
"""
|
|
|
|
**1200** Base class for Session errors (*1200 - 1299*).
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 1200
|
|
|
|
format= _('Session error')
|
|
|
|
|
|
|
|
|
2012-02-25 12:39:19 -06:00
|
|
|
class InvalidSessionPassword(SessionError):
|
|
|
|
"""
|
|
|
|
**1201** Raised when we cannot obtain a TGT for a principal.
|
|
|
|
"""
|
|
|
|
errno = 1201
|
|
|
|
format= _('Principal %(principal)s cannot be authenticated: %(message)s')
|
|
|
|
|
2014-07-14 13:39:00 -05:00
|
|
|
class PasswordExpired(InvalidSessionPassword):
|
|
|
|
"""
|
|
|
|
**1202** Raised when we cannot obtain a TGT for a principal because the password is expired.
|
|
|
|
"""
|
|
|
|
errno = 1202
|
|
|
|
|
2009-01-03 03:35:36 -06:00
|
|
|
##############################################################################
|
2009-01-03 18:27:53 -06:00
|
|
|
# 2000 - 2999: Authorization errors
|
2009-01-03 03:35:36 -06:00
|
|
|
class AuthorizationError(PublicError):
|
|
|
|
"""
|
|
|
|
**2000** Base class for authorization errors (*2000 - 2999*).
|
|
|
|
"""
|
|
|
|
|
2009-01-06 14:33:22 -06:00
|
|
|
errno = 2000
|
2009-01-03 03:35:36 -06:00
|
|
|
|
|
|
|
|
2009-01-06 12:15:41 -06:00
|
|
|
class ACIError(AuthorizationError):
|
|
|
|
"""
|
|
|
|
**2100** Base class for ACI authorization errors (*2100 - 2199*).
|
|
|
|
"""
|
|
|
|
|
2009-01-06 14:33:22 -06:00
|
|
|
errno = 2100
|
2009-07-10 15:40:39 -05:00
|
|
|
format = _('Insufficient access: %(info)s')
|
2009-01-06 12:15:41 -06:00
|
|
|
|
|
|
|
|
2009-01-03 03:35:36 -06:00
|
|
|
|
|
|
|
##############################################################################
|
2009-01-03 18:27:53 -06:00
|
|
|
# 3000 - 3999: Invocation errors
|
2009-01-03 03:35:36 -06:00
|
|
|
|
|
|
|
class InvocationError(PublicError):
|
|
|
|
"""
|
|
|
|
**3000** Base class for command invocation errors (*3000 - 3999*).
|
|
|
|
"""
|
|
|
|
|
2009-01-06 14:33:22 -06:00
|
|
|
errno = 3000
|
2009-01-03 03:35:36 -06:00
|
|
|
|
|
|
|
|
2009-01-04 19:20:39 -06:00
|
|
|
class EncodingError(InvocationError):
|
2009-01-03 03:35:36 -06:00
|
|
|
"""
|
2009-01-04 19:20:39 -06:00
|
|
|
**3001** Raised when received text is incorrectly encoded.
|
2009-01-03 03:35:36 -06:00
|
|
|
"""
|
|
|
|
|
2009-01-06 14:33:22 -06:00
|
|
|
errno = 3001
|
2009-01-03 03:35:36 -06:00
|
|
|
|
|
|
|
|
2009-01-04 19:20:39 -06:00
|
|
|
class BinaryEncodingError(InvocationError):
|
2009-01-03 03:35:36 -06:00
|
|
|
"""
|
2009-01-04 19:20:39 -06:00
|
|
|
**3002** Raised when received binary data is incorrectly encoded.
|
2009-01-03 03:35:36 -06:00
|
|
|
"""
|
|
|
|
|
2009-01-06 14:33:22 -06:00
|
|
|
errno = 3002
|
2009-01-03 03:35:36 -06:00
|
|
|
|
|
|
|
|
2009-01-22 00:39:17 -06:00
|
|
|
class ZeroArgumentError(InvocationError):
|
2009-01-03 03:35:36 -06:00
|
|
|
"""
|
2009-01-22 00:39:17 -06:00
|
|
|
**3003** Raised when a command is called with arguments but takes none.
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
|
|
>>> raise ZeroArgumentError(name='ping')
|
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
|
|
|
ZeroArgumentError: command 'ping' takes no arguments
|
2009-01-03 03:35:36 -06:00
|
|
|
"""
|
|
|
|
|
2009-01-06 14:33:22 -06:00
|
|
|
errno = 3003
|
2012-11-08 09:06:35 -06:00
|
|
|
format = _("command '%(name)s' takes no arguments")
|
2009-01-03 03:35:36 -06:00
|
|
|
|
|
|
|
|
2009-01-22 00:39:17 -06:00
|
|
|
class MaxArgumentError(InvocationError):
|
2009-01-03 03:35:36 -06:00
|
|
|
"""
|
2009-01-22 00:39:17 -06:00
|
|
|
**3004** Raised when a command is called with too many arguments.
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
|
|
>>> raise MaxArgumentError(name='user_add', count=2)
|
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
|
|
|
MaxArgumentError: command 'user_add' takes at most 2 arguments
|
2009-01-03 03:35:36 -06:00
|
|
|
"""
|
|
|
|
|
2009-01-06 14:33:22 -06:00
|
|
|
errno = 3004
|
2009-01-03 03:35:36 -06:00
|
|
|
|
2009-01-22 00:39:17 -06:00
|
|
|
def __init__(self, message=None, **kw):
|
|
|
|
if message is None:
|
|
|
|
format = ungettext(
|
2012-11-08 09:06:35 -06:00
|
|
|
"command '%(name)s' takes at most %(count)d argument",
|
|
|
|
"command '%(name)s' takes at most %(count)d arguments",
|
2009-01-22 00:39:17 -06:00
|
|
|
kw['count']
|
|
|
|
)
|
|
|
|
else:
|
|
|
|
format = None
|
|
|
|
InvocationError.__init__(self, format, message, **kw)
|
|
|
|
|
|
|
|
|
|
|
|
class OptionError(InvocationError):
|
|
|
|
"""
|
|
|
|
**3005** Raised when a command is called with unknown options.
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 3005
|
|
|
|
|
|
|
|
|
|
|
|
class OverlapError(InvocationError):
|
|
|
|
"""
|
|
|
|
**3006** Raised when arguments and options overlap.
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
|
|
>>> raise OverlapError(names=['givenname', 'login'])
|
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
|
|
|
OverlapError: overlapping arguments and options: ['givenname', 'login']
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 3006
|
2012-11-08 09:06:35 -06:00
|
|
|
format = _("overlapping arguments and options: %(names)s")
|
2009-01-22 00:39:17 -06:00
|
|
|
|
2009-01-03 03:35:36 -06:00
|
|
|
|
|
|
|
class RequirementError(InvocationError):
|
|
|
|
"""
|
2009-01-22 00:39:17 -06:00
|
|
|
**3007** Raised when a required parameter is not provided.
|
2009-01-12 17:14:46 -06:00
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
|
|
>>> raise RequirementError(name='givenname')
|
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
|
|
|
RequirementError: 'givenname' is required
|
2009-01-03 03:35:36 -06:00
|
|
|
"""
|
|
|
|
|
2009-01-22 00:39:17 -06:00
|
|
|
errno = 3007
|
2012-11-08 09:06:35 -06:00
|
|
|
format = _("'%(name)s' is required")
|
2009-01-03 03:35:36 -06:00
|
|
|
|
|
|
|
|
|
|
|
class ConversionError(InvocationError):
|
|
|
|
"""
|
2009-01-22 00:39:17 -06:00
|
|
|
**3008** Raised when parameter value can't be converted to correct type.
|
2009-01-13 03:17:16 -06:00
|
|
|
|
|
|
|
For example:
|
|
|
|
|
2012-07-04 07:52:47 -05:00
|
|
|
>>> raise ConversionError(name='age', error=_(u'must be an integer'))
|
2009-01-13 03:17:16 -06:00
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
|
|
|
ConversionError: invalid 'age': must be an integer
|
2009-01-03 03:35:36 -06:00
|
|
|
"""
|
|
|
|
|
2009-01-22 00:39:17 -06:00
|
|
|
errno = 3008
|
2012-11-08 09:06:35 -06:00
|
|
|
format = _("invalid '%(name)s': %(error)s")
|
2009-01-03 03:35:36 -06:00
|
|
|
|
|
|
|
|
|
|
|
class ValidationError(InvocationError):
|
|
|
|
"""
|
2009-01-22 00:39:17 -06:00
|
|
|
**3009** Raised when a parameter value fails a validation rule.
|
2009-01-12 17:14:46 -06:00
|
|
|
|
|
|
|
For example:
|
|
|
|
|
2012-07-04 07:52:47 -05:00
|
|
|
>>> raise ValidationError(name='sn', error=_(u'can be at most 128 characters'))
|
2009-01-12 17:14:46 -06:00
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
|
|
|
ValidationError: invalid 'sn': can be at most 128 characters
|
2009-01-03 03:35:36 -06:00
|
|
|
"""
|
|
|
|
|
2009-01-22 00:39:17 -06:00
|
|
|
errno = 3009
|
2012-11-08 09:06:35 -06:00
|
|
|
format = _("invalid '%(name)s': %(error)s")
|
2009-01-03 03:35:36 -06:00
|
|
|
|
|
|
|
|
2009-04-20 12:58:26 -05:00
|
|
|
class NoSuchNamespaceError(InvocationError):
|
|
|
|
"""
|
|
|
|
**3010** Raised when an unknown namespace is requested.
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
|
|
>>> raise NoSuchNamespaceError(name='Plugins')
|
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
2009-05-12 19:47:19 -05:00
|
|
|
NoSuchNamespaceError: api has no such namespace: 'Plugins'
|
2009-04-20 12:58:26 -05:00
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 3010
|
2012-11-08 09:06:35 -06:00
|
|
|
format = _("api has no such namespace: '%(name)s'")
|
2009-04-20 12:58:26 -05:00
|
|
|
|
2009-01-03 03:35:36 -06:00
|
|
|
|
2009-10-16 03:22:39 -05:00
|
|
|
class PasswordMismatch(InvocationError):
|
|
|
|
"""
|
|
|
|
**3011** Raise when password and password confirmation don't match.
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 3011
|
|
|
|
format = _('Passwords do not match')
|
|
|
|
|
2010-10-15 14:03:51 -05:00
|
|
|
|
2009-12-01 16:17:15 -06:00
|
|
|
class NotImplementedError(InvocationError):
|
|
|
|
"""
|
|
|
|
**3012** Raise when a function hasn't been implemented.
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 3012
|
|
|
|
format = _('Command not implemented')
|
|
|
|
|
2009-10-16 03:22:39 -05:00
|
|
|
|
2010-10-15 14:03:51 -05:00
|
|
|
class NotConfiguredError(InvocationError):
|
|
|
|
"""
|
|
|
|
**3013** Raise when there is no configuration
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 3013
|
|
|
|
format = _('Client is not configured. Run ipa-client-install.')
|
|
|
|
|
|
|
|
|
2012-02-09 08:09:03 -06:00
|
|
|
class PromptFailed(InvocationError):
|
|
|
|
"""
|
|
|
|
**3014** Raise when an interactive prompt failed.
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 3014
|
|
|
|
format = _('Could not get %(name)s interactively')
|
|
|
|
|
|
|
|
|
2013-04-12 10:38:09 -05:00
|
|
|
class DeprecationError(InvocationError):
|
|
|
|
"""
|
|
|
|
**3015** Raise when a command has been deprecated
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
|
|
>>> raise DeprecationError(name='hbacrule_add_sourcehost')
|
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
|
|
|
DeprecationError: Command 'hbacrule_add_sourcehost' has been deprecated
|
|
|
|
"""
|
|
|
|
errno = 3015
|
|
|
|
format = _("Command '%(name)s' has been deprecated")
|
|
|
|
|
2014-08-19 08:24:27 -05:00
|
|
|
class NotAForestRootError(InvocationError):
|
|
|
|
"""
|
|
|
|
**3016** Raised when an attempt to establish trust is done against non-root domain
|
|
|
|
Forest root domain has the same name as the forest itself
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
|
|
>>> raise NotAForestRootError(forest='example.test', domain='jointops.test')
|
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
|
|
|
NotAForestRootError: Domain 'jointops.test' is not a root domain for forest 'example.test'
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 3016
|
|
|
|
format = _("Domain '%(domain)s' is not a root domain for forest '%(forest)s'")
|
|
|
|
|
2013-04-12 10:38:09 -05:00
|
|
|
|
2009-01-03 03:35:36 -06:00
|
|
|
##############################################################################
|
2009-01-03 18:27:53 -06:00
|
|
|
# 4000 - 4999: Execution errors
|
2009-01-03 03:35:36 -06:00
|
|
|
|
|
|
|
class ExecutionError(PublicError):
|
|
|
|
"""
|
2009-01-06 12:54:58 -06:00
|
|
|
**4000** Base class for execution errors (*4000 - 4999*).
|
2009-01-03 03:35:36 -06:00
|
|
|
"""
|
|
|
|
|
2009-01-06 14:33:22 -06:00
|
|
|
errno = 4000
|
2009-01-03 03:35:36 -06:00
|
|
|
|
2009-01-28 22:47:21 -06:00
|
|
|
class NotFound(ExecutionError):
|
|
|
|
"""
|
|
|
|
**4001** Raised when an entry is not found.
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
2009-05-19 14:53:45 -05:00
|
|
|
>>> raise NotFound(reason='no such user')
|
2009-01-28 22:47:21 -06:00
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
2009-05-19 14:53:45 -05:00
|
|
|
NotFound: no such user
|
2009-01-28 22:47:21 -06:00
|
|
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 4001
|
2009-06-09 14:24:23 -05:00
|
|
|
rval = 2
|
2009-05-19 14:53:45 -05:00
|
|
|
format = _('%(reason)s')
|
2009-01-28 22:47:21 -06:00
|
|
|
|
|
|
|
class DuplicateEntry(ExecutionError):
|
|
|
|
"""
|
|
|
|
**4002** Raised when an entry already exists.
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
|
|
>>> raise DuplicateEntry
|
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
|
|
|
DuplicateEntry: This entry already exists
|
|
|
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 4002
|
|
|
|
format = _('This entry already exists')
|
|
|
|
|
|
|
|
class HostService(ExecutionError):
|
|
|
|
"""
|
|
|
|
**4003** Raised when a host service principal is requested
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
|
|
>>> raise HostService
|
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
|
|
|
HostService: You must enroll a host in order to create a host service
|
|
|
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 4003
|
|
|
|
format = _('You must enroll a host in order to create a host service')
|
|
|
|
|
|
|
|
class MalformedServicePrincipal(ExecutionError):
|
|
|
|
"""
|
|
|
|
**4004** Raised when a service principal is not of the form: service/fully-qualified host name
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
2012-07-04 07:52:47 -05:00
|
|
|
>>> raise MalformedServicePrincipal(reason=_('missing service'))
|
2009-01-28 22:47:21 -06:00
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
2009-05-05 13:46:47 -05:00
|
|
|
MalformedServicePrincipal: Service principal is not of the form: service/fully-qualified host name: missing service
|
2009-01-28 22:47:21 -06:00
|
|
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 4004
|
2009-05-12 19:47:19 -05:00
|
|
|
format = _('Service principal is not of the form: service/fully-qualified host name: %(reason)s')
|
2009-01-28 22:47:21 -06:00
|
|
|
|
|
|
|
class RealmMismatch(ExecutionError):
|
|
|
|
"""
|
|
|
|
**4005** Raised when the requested realm does not match the IPA realm
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
|
|
>>> raise RealmMismatch
|
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
|
|
|
RealmMismatch: The realm for the principal does not match the realm for this IPA server
|
|
|
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 4005
|
|
|
|
format = _('The realm for the principal does not match the realm for this IPA server')
|
2009-01-03 03:35:36 -06:00
|
|
|
|
2009-02-18 16:12:14 -06:00
|
|
|
class RequiresRoot(ExecutionError):
|
|
|
|
"""
|
|
|
|
**4006** Raised when a command requires the unix super-user to run
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
|
|
>>> raise RequiresRoot
|
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
|
|
|
RequiresRoot: This command requires root access
|
|
|
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 4006
|
|
|
|
format = _('This command requires root access')
|
|
|
|
|
2009-02-27 14:04:46 -06:00
|
|
|
class AlreadyPosixGroup(ExecutionError):
|
|
|
|
"""
|
|
|
|
**4007** Raised when a group is already a posix group
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
|
|
>>> raise AlreadyPosixGroup
|
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
|
|
|
AlreadyPosixGroup: This is already a posix group
|
|
|
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 4007
|
|
|
|
format = _('This is already a posix group')
|
|
|
|
|
2009-04-20 12:58:26 -05:00
|
|
|
class MalformedUserPrincipal(ExecutionError):
|
|
|
|
"""
|
|
|
|
**4008** Raised when a user principal is not of the form: user@REALM
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
2009-05-12 19:47:19 -05:00
|
|
|
>>> raise MalformedUserPrincipal(principal='jsmith@@EXAMPLE.COM')
|
2009-04-20 12:58:26 -05:00
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
2009-05-12 19:47:19 -05:00
|
|
|
MalformedUserPrincipal: Principal is not of the form user@REALM: 'jsmith@@EXAMPLE.COM'
|
2009-04-20 12:58:26 -05:00
|
|
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 4008
|
2012-11-08 09:06:35 -06:00
|
|
|
format = _("Principal is not of the form user@REALM: '%(principal)s'")
|
2009-04-20 12:58:26 -05:00
|
|
|
|
|
|
|
class AlreadyActive(ExecutionError):
|
|
|
|
"""
|
|
|
|
**4009** Raised when an entry is made active that is already active
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
|
|
>>> raise AlreadyActive()
|
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
2010-11-03 14:31:46 -05:00
|
|
|
AlreadyActive: This entry is already enabled
|
2009-04-20 12:58:26 -05:00
|
|
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 4009
|
2010-11-03 14:31:46 -05:00
|
|
|
format = _('This entry is already enabled')
|
2009-04-20 12:58:26 -05:00
|
|
|
|
|
|
|
class AlreadyInactive(ExecutionError):
|
|
|
|
"""
|
|
|
|
**4010** Raised when an entry is made inactive that is already inactive
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
|
|
>>> raise AlreadyInactive()
|
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
2010-11-03 14:31:46 -05:00
|
|
|
AlreadyInactive: This entry is already disabled
|
2009-04-20 12:58:26 -05:00
|
|
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 4010
|
2010-11-03 14:31:46 -05:00
|
|
|
format = _('This entry is already disabled')
|
2009-04-20 12:58:26 -05:00
|
|
|
|
|
|
|
class HasNSAccountLock(ExecutionError):
|
|
|
|
"""
|
|
|
|
**4011** Raised when an entry has the nsAccountLock attribute set
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
|
|
>>> raise HasNSAccountLock()
|
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
2010-11-05 11:17:09 -05:00
|
|
|
HasNSAccountLock: This entry cannot be enabled or disabled
|
2009-04-20 12:58:26 -05:00
|
|
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 4011
|
2010-11-03 14:31:46 -05:00
|
|
|
format = _('This entry cannot be enabled or disabled')
|
2009-04-20 12:58:26 -05:00
|
|
|
|
|
|
|
class NotGroupMember(ExecutionError):
|
|
|
|
"""
|
|
|
|
**4012** Raised when a non-member is attempted to be removed from a group
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
|
|
>>> raise NotGroupMember()
|
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
2010-12-01 10:23:52 -06:00
|
|
|
NotGroupMember: This entry is not a member
|
2009-04-20 12:58:26 -05:00
|
|
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 4012
|
2010-12-01 10:23:52 -06:00
|
|
|
format = _('This entry is not a member')
|
2009-04-20 12:58:26 -05:00
|
|
|
|
|
|
|
class RecursiveGroup(ExecutionError):
|
|
|
|
"""
|
|
|
|
**4013** Raised when a group is added as a member of itself
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
|
|
>>> raise RecursiveGroup()
|
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
|
|
|
RecursiveGroup: A group may not be a member of itself
|
|
|
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 4013
|
|
|
|
format = _('A group may not be a member of itself')
|
|
|
|
|
2009-04-22 04:04:29 -05:00
|
|
|
class AlreadyGroupMember(ExecutionError):
|
|
|
|
"""
|
|
|
|
**4014** Raised when a member is attempted to be re-added to a group
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
|
|
>>> raise AlreadyGroupMember()
|
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
2010-12-01 10:23:52 -06:00
|
|
|
AlreadyGroupMember: This entry is already a member
|
2009-04-22 04:04:29 -05:00
|
|
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 4014
|
2010-12-01 10:23:52 -06:00
|
|
|
format = _('This entry is already a member')
|
2009-04-22 04:04:29 -05:00
|
|
|
|
2009-05-05 13:46:47 -05:00
|
|
|
class Base64DecodeError(ExecutionError):
|
|
|
|
"""
|
|
|
|
**4015** Raised when a base64-encoded blob cannot decoded
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
2012-07-04 07:52:47 -05:00
|
|
|
>>> raise Base64DecodeError(reason=_('Incorrect padding'))
|
2009-05-05 13:46:47 -05:00
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
|
|
|
Base64DecodeError: Base64 decoding failed: Incorrect padding
|
|
|
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 4015
|
2009-05-12 19:47:19 -05:00
|
|
|
format = _('Base64 decoding failed: %(reason)s')
|
2009-05-05 13:46:47 -05:00
|
|
|
|
2009-05-21 16:34:00 -05:00
|
|
|
class RemoteRetrieveError(ExecutionError):
|
|
|
|
"""
|
|
|
|
**4016** Raised when retrieving data from a remote server fails
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
2012-07-04 07:52:47 -05:00
|
|
|
>>> raise RemoteRetrieveError(reason=_("Failed to get certificate chain."))
|
2009-05-21 16:34:00 -05:00
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
2012-07-04 07:52:47 -05:00
|
|
|
RemoteRetrieveError: Failed to get certificate chain.
|
2009-05-21 16:34:00 -05:00
|
|
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 4016
|
|
|
|
format = _('%(reason)s')
|
|
|
|
|
2009-08-11 16:08:09 -05:00
|
|
|
class SameGroupError(ExecutionError):
|
|
|
|
"""
|
|
|
|
**4017** Raised when adding a group as a member of itself
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
|
|
>>> raise SameGroupError()
|
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
|
|
|
SameGroupError: A group may not be added as a member of itself
|
|
|
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 4017
|
|
|
|
format = _('A group may not be added as a member of itself')
|
|
|
|
|
2009-08-13 08:27:13 -05:00
|
|
|
class DefaultGroupError(ExecutionError):
|
|
|
|
"""
|
|
|
|
**4018** Raised when removing the default user group
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
|
|
>>> raise DefaultGroupError()
|
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
|
|
|
DefaultGroupError: The default users group cannot be removed
|
|
|
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 4018
|
|
|
|
format = _('The default users group cannot be removed')
|
|
|
|
|
2010-07-22 13:16:22 -05:00
|
|
|
class DNSNotARecordError(ExecutionError):
|
|
|
|
"""
|
2014-07-09 11:10:50 -05:00
|
|
|
**4019** Raised when a hostname is not a DNS A/AAAA record
|
2010-07-22 13:16:22 -05:00
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
|
|
>>> raise DNSNotARecordError()
|
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
2014-07-09 11:10:50 -05:00
|
|
|
DNSNotARecordError: Host does not have corresponding DNS A/AAAA record
|
2010-07-22 13:16:22 -05:00
|
|
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 4019
|
2014-07-09 11:10:50 -05:00
|
|
|
format = _('Host does not have corresponding DNS A/AAAA record')
|
2010-07-22 13:16:22 -05:00
|
|
|
|
2010-08-09 15:40:51 -05:00
|
|
|
class ManagedGroupError(ExecutionError):
|
|
|
|
"""
|
|
|
|
**4020** Raised when a managed group is deleted
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
|
|
>>> raise ManagedGroupError()
|
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
|
|
|
ManagedGroupError: Deleting a managed group is not allowed. It must be detached first.
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 4020
|
|
|
|
format = _('Deleting a managed group is not allowed. It must be detached first.')
|
|
|
|
|
2010-10-26 13:31:00 -05:00
|
|
|
class ManagedPolicyError(ExecutionError):
|
|
|
|
"""
|
|
|
|
**4021** Raised when password policy is assigned to a managed group
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
|
|
>>> raise ManagedPolicyError()
|
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
|
|
|
ManagedPolicyError: A managed group cannot have a password policy.
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 4021
|
|
|
|
format = _('A managed group cannot have a password policy.')
|
|
|
|
|
2010-12-10 09:53:20 -06:00
|
|
|
|
|
|
|
class FileError(ExecutionError):
|
|
|
|
"""
|
|
|
|
**4022** Errors when dealing with files
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
2012-07-04 07:52:47 -05:00
|
|
|
>>> raise FileError(reason=_("cannot write file \'test\'"))
|
2010-12-10 09:53:20 -06:00
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
|
|
|
FileError: cannot write file 'test'
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 4022
|
|
|
|
format = _('%(reason)s')
|
|
|
|
|
|
|
|
|
|
|
|
class NoCertificateError(ExecutionError):
|
|
|
|
"""
|
|
|
|
**4023** Raised when trying to retrieve a certificate that doesn't exist.
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
2010-12-17 15:32:53 -06:00
|
|
|
>>> raise NoCertificateError(entry='ipa.example.com')
|
2010-12-10 09:53:20 -06:00
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
2010-12-17 15:32:53 -06:00
|
|
|
NoCertificateError: 'ipa.example.com' doesn't have a certificate.
|
2010-12-10 09:53:20 -06:00
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 4023
|
|
|
|
format = _('\'%(entry)s\' doesn\'t have a certificate.')
|
|
|
|
|
|
|
|
|
2010-12-13 08:53:29 -06:00
|
|
|
class ManagedGroupExistsError(ExecutionError):
|
|
|
|
"""
|
|
|
|
**4024** Raised when adding a user and its managed group exists
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
|
|
>>> raise ManagedGroupExistsError(group=u'engineering')
|
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
2010-12-17 15:32:53 -06:00
|
|
|
ManagedGroupExistsError: Unable to create private group. A group 'engineering' already exists.
|
2010-12-13 08:53:29 -06:00
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 4024
|
2010-12-17 15:32:53 -06:00
|
|
|
format = _('Unable to create private group. A group \'%(group)s\' already exists.')
|
2010-12-13 08:53:29 -06:00
|
|
|
|
2010-12-13 10:10:37 -06:00
|
|
|
|
|
|
|
class ReverseMemberError(ExecutionError):
|
|
|
|
"""
|
|
|
|
**4025** Raised when verifying that all reverse members have been added or removed.
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
2012-07-04 07:52:47 -05:00
|
|
|
>>> raise ReverseMemberError(verb=_('added'), exc=_("Group 'foo' not found."))
|
2010-12-13 10:10:37 -06:00
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
2010-12-17 15:32:53 -06:00
|
|
|
ReverseMemberError: A problem was encountered when verifying that all members were added: Group 'foo' not found.
|
2010-12-13 10:10:37 -06:00
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 4025
|
2010-12-17 15:32:53 -06:00
|
|
|
format = _('A problem was encountered when verifying that all members were %(verb)s: %(exc)s')
|
2010-12-13 10:10:37 -06:00
|
|
|
|
|
|
|
|
2011-06-16 13:57:13 -05:00
|
|
|
class AttrValueNotFound(ExecutionError):
|
|
|
|
"""
|
|
|
|
**4026** Raised when an Attribute/Value pair is not found.
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
2011-07-01 14:20:36 -05:00
|
|
|
>>> raise AttrValueNotFound(attr='ipasudoopt', value='authenticate')
|
2011-06-16 13:57:13 -05:00
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
2011-07-01 14:20:36 -05:00
|
|
|
AttrValueNotFound: ipasudoopt does not contain 'authenticate'
|
2011-06-16 13:57:13 -05:00
|
|
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 4026
|
|
|
|
rval = 1
|
|
|
|
format = _('%(attr)s does not contain \'%(value)s\'')
|
|
|
|
|
|
|
|
|
2011-07-05 12:36:48 -05:00
|
|
|
class SingleMatchExpected(ExecutionError):
|
|
|
|
"""
|
|
|
|
**4027** Raised when a search should return a single match
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
|
|
>>> raise SingleMatchExpected(found=9)
|
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
|
|
|
SingleMatchExpected: The search criteria was not specific enough. Expected 1 and found 9.
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 4027
|
|
|
|
rval = 1
|
|
|
|
format = _('The search criteria was not specific enough. Expected 1 and found %(found)d.')
|
|
|
|
|
|
|
|
|
2012-06-20 08:08:33 -05:00
|
|
|
class AlreadyExternalGroup(ExecutionError):
|
|
|
|
"""
|
|
|
|
**4028** Raised when a group is already an external member group
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
|
|
>>> raise AlreadyExternalGroup
|
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
|
|
|
AlreadyExternalGroup: This group already allows external members
|
|
|
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 4028
|
|
|
|
format = _('This group already allows external members')
|
|
|
|
|
|
|
|
class ExternalGroupViolation(ExecutionError):
|
|
|
|
"""
|
|
|
|
**4029** Raised when a group is already an external member group
|
|
|
|
and an attempt is made to use it as posix group
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
|
|
>>> raise ExternalGroupViolation
|
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
|
|
|
ExternalGroupViolation: This group cannot be posix because it is external
|
|
|
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 4029
|
|
|
|
format = _('This group cannot be posix because it is external')
|
|
|
|
|
|
|
|
class PosixGroupViolation(ExecutionError):
|
|
|
|
"""
|
|
|
|
**4030** Raised when a group is already a posix group
|
|
|
|
and cannot be converted to external
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
|
|
>>> raise PosixGroupViolation
|
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
|
|
|
PosixGroupViolation: This is already a posix group and cannot be converted to external one
|
|
|
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 4030
|
|
|
|
format = _('This is already a posix group and cannot be converted to external one')
|
|
|
|
|
2014-11-19 05:00:07 -06:00
|
|
|
class EmptyResult(NotFound):
|
|
|
|
"""
|
|
|
|
**4031** Raised when a LDAP search returned no results.
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
|
|
>>> raise EmptyResult(reason='no matching entry found')
|
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
|
|
|
EmptyResult: no matching entry found
|
|
|
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 4031
|
|
|
|
|
2015-05-14 03:49:55 -05:00
|
|
|
class InvalidDomainLevelError(ExecutionError):
|
|
|
|
"""
|
|
|
|
**4032** Raised when a operation could not be completed due to a invalid
|
|
|
|
domain level.
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
|
|
>>> raise InvalidDomainLevelError(reason='feature requires domain level 4')
|
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
|
|
|
InvalidDomainLevelError: feature requires domain level 4
|
|
|
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 4032
|
2015-07-10 07:59:21 -05:00
|
|
|
format = _('%(reason)s')
|
2015-05-14 03:49:55 -05:00
|
|
|
|
2009-01-22 19:48:21 -06:00
|
|
|
class BuiltinError(ExecutionError):
|
2009-01-06 12:15:41 -06:00
|
|
|
"""
|
2009-01-22 19:48:21 -06:00
|
|
|
**4100** Base class for builtin execution errors (*4100 - 4199*).
|
2009-01-06 12:15:41 -06:00
|
|
|
"""
|
|
|
|
|
2009-01-06 14:33:22 -06:00
|
|
|
errno = 4100
|
2009-01-06 12:15:41 -06:00
|
|
|
|
|
|
|
|
2009-01-22 19:48:21 -06:00
|
|
|
class HelpError(BuiltinError):
|
|
|
|
"""
|
|
|
|
**4101** Raised when requesting help for an unknown topic.
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
|
|
>>> raise HelpError(topic='newfeature')
|
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
|
|
|
HelpError: no command nor help topic 'newfeature'
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 4101
|
2012-11-08 09:06:35 -06:00
|
|
|
format = _("no command nor help topic '%(topic)s'")
|
2009-01-22 19:48:21 -06:00
|
|
|
|
|
|
|
|
|
|
|
class LDAPError(ExecutionError):
|
|
|
|
"""
|
|
|
|
**4200** Base class for LDAP execution errors (*4200 - 4299*).
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 4200
|
|
|
|
|
|
|
|
|
2009-04-20 12:58:26 -05:00
|
|
|
class MidairCollision(ExecutionError):
|
|
|
|
"""
|
|
|
|
**4201** Raised when a change collides with another change
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
|
|
>>> raise MidairCollision()
|
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
|
|
|
MidairCollision: change collided with another change
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 4201
|
|
|
|
format = _('change collided with another change')
|
|
|
|
|
|
|
|
|
|
|
|
class EmptyModlist(ExecutionError):
|
|
|
|
"""
|
|
|
|
**4202** Raised when an LDAP update makes no changes
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
|
|
>>> raise EmptyModlist()
|
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
|
|
|
EmptyModlist: no modifications to be performed
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 4202
|
|
|
|
format = _('no modifications to be performed')
|
|
|
|
|
|
|
|
|
|
|
|
class DatabaseError(ExecutionError):
|
|
|
|
"""
|
|
|
|
**4203** Raised when an LDAP error is not otherwise handled
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
2012-07-04 07:52:47 -05:00
|
|
|
>>> raise DatabaseError(desc=_("Can't contact LDAP server"), info=_('Info goes here'))
|
2009-04-20 12:58:26 -05:00
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
2010-10-14 12:05:43 -05:00
|
|
|
DatabaseError: Can't contact LDAP server: Info goes here
|
2009-04-20 12:58:26 -05:00
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 4203
|
2010-10-14 12:05:43 -05:00
|
|
|
format = _('%(desc)s: %(info)s')
|
2009-04-20 12:58:26 -05:00
|
|
|
|
|
|
|
|
|
|
|
class LimitsExceeded(ExecutionError):
|
|
|
|
"""
|
|
|
|
**4204** Raised when search limits are exceeded.
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
|
|
>>> raise LimitsExceeded()
|
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
|
|
|
LimitsExceeded: limits exceeded for this query
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 4204
|
|
|
|
format = _('limits exceeded for this query')
|
|
|
|
|
2009-09-10 15:10:30 -05:00
|
|
|
class ObjectclassViolation(ExecutionError):
|
|
|
|
"""
|
|
|
|
**4205** Raised when an entry is missing a required attribute or objectclass
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
2012-07-04 07:52:47 -05:00
|
|
|
>>> raise ObjectclassViolation(info=_('attribute "krbPrincipalName" not allowed'))
|
2009-09-10 15:10:30 -05:00
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
|
|
|
ObjectclassViolation: attribute "krbPrincipalName" not allowed
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 4205
|
|
|
|
format = _('%(info)s')
|
|
|
|
|
2010-10-14 12:05:43 -05:00
|
|
|
class NotAllowedOnRDN(ExecutionError):
|
|
|
|
"""
|
|
|
|
**4206** Raised when an RDN value is modified.
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
|
|
>>> raise NotAllowedOnRDN()
|
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
|
|
|
NotAllowedOnRDN: modifying primary key is not allowed
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 4206
|
|
|
|
format = _('modifying primary key is not allowed')
|
|
|
|
|
|
|
|
|
|
|
|
class OnlyOneValueAllowed(ExecutionError):
|
|
|
|
"""
|
|
|
|
**4207** Raised when trying to set more than one value to single-value attributes
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
|
|
>> raise OnlyOneValueAllowed(attr='ipasearchtimelimit')
|
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
|
|
|
OnlyOneValueAllowed: ipasearchtimelimit: Only one value allowed.
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 4207
|
|
|
|
format = _('%(attr)s: Only one value allowed.')
|
|
|
|
|
2009-01-03 03:35:36 -06:00
|
|
|
|
2010-12-06 14:09:03 -06:00
|
|
|
class InvalidSyntax(ExecutionError):
|
|
|
|
"""
|
2010-12-21 21:39:55 -06:00
|
|
|
**4208** Raised when an value does not match the required syntax
|
2010-12-06 14:09:03 -06:00
|
|
|
|
|
|
|
For example:
|
|
|
|
|
2010-12-21 21:39:55 -06:00
|
|
|
>> raise InvalidSyntax(attr='ipahomesrootdir')
|
2010-12-06 14:09:03 -06:00
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
|
|
|
InvalidSyntax: ipahomesrootdir: Invalid syntax
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 4208
|
|
|
|
format = _('%(attr)s: Invalid syntax.')
|
|
|
|
|
|
|
|
|
2011-01-20 15:35:34 -06:00
|
|
|
class BadSearchFilter(ExecutionError):
|
|
|
|
"""
|
|
|
|
**4209** Raised when an invalid LDAP search filter is used
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
2012-07-04 07:52:47 -05:00
|
|
|
>>> raise BadSearchFilter(info=_('invalid syntax'))
|
2011-01-20 15:35:34 -06:00
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
2011-01-24 09:41:20 -06:00
|
|
|
BadSearchFilter: Bad search filter invalid syntax
|
2011-01-20 15:35:34 -06:00
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 4209
|
|
|
|
format = _('Bad search filter %(info)s')
|
|
|
|
|
|
|
|
|
2012-09-25 10:19:44 -05:00
|
|
|
class NotAllowedOnNonLeaf(ExecutionError):
|
|
|
|
"""
|
|
|
|
**4210** Raised when operation is not allowed on a non-leaf entry
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
|
|
>>> raise NotAllowedOnNonLeaf()
|
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
|
|
|
NotAllowedOnNonLeaf: Not allowed on non-leaf entry
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 4210
|
|
|
|
format = _('Not allowed on non-leaf entry')
|
|
|
|
|
|
|
|
|
2013-01-31 07:26:38 -06:00
|
|
|
class DatabaseTimeout(DatabaseError):
|
|
|
|
"""
|
|
|
|
**4211** Raised when an LDAP call times out
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
|
|
>>> raise DatabaseTimeout()
|
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
|
|
|
DatabaseTimeout: LDAP timeout
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 4211
|
|
|
|
format = _('LDAP timeout')
|
|
|
|
|
|
|
|
|
2014-04-02 04:04:07 -05:00
|
|
|
class DNSDataMismatch(ExecutionError):
|
|
|
|
"""
|
|
|
|
**4212** Raised when an DNS query didn't return expected answer
|
|
|
|
in a configured time limit.
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
|
|
>>> raise DNSDataMismatch(expected="zone3.test. 86400 IN A 192.0.2.1", \
|
|
|
|
got="zone3.test. 86400 IN A 192.168.1.1")
|
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
|
|
|
DNSDataMismatch: DNS check failed: Expected {zone3.test. 86400 IN A 192.0.2.1} got {zone3.test. 86400 IN A 192.168.1.1}
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 4212
|
|
|
|
format = _('DNS check failed: Expected {%(expected)s} got {%(got)s}')
|
|
|
|
|
|
|
|
|
2014-03-25 08:47:03 -05:00
|
|
|
class TaskTimeout(DatabaseError):
|
|
|
|
"""
|
|
|
|
**4213** Raised when an LDAP task times out
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
2014-04-09 07:15:30 -05:00
|
|
|
>>> raise TaskTimeout(task='Automember', task_dn='')
|
2014-03-25 08:47:03 -05:00
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
|
|
|
TaskTimeout: Automember LDAP task timeout, Task DN: ''
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 4213
|
|
|
|
format = _("%(task)s LDAP task timeout, Task DN: '%(task_dn)s'")
|
|
|
|
|
|
|
|
|
2009-11-19 10:16:30 -06:00
|
|
|
class CertificateError(ExecutionError):
|
|
|
|
"""
|
|
|
|
**4300** Base class for Certificate execution errors (*4300 - 4399*).
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 4300
|
|
|
|
|
|
|
|
|
2010-10-08 12:15:03 -05:00
|
|
|
class CertificateOperationError(CertificateError):
|
2009-11-19 10:16:30 -06:00
|
|
|
"""
|
|
|
|
**4301** Raised when a certificate operation cannot be completed
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
2012-07-04 07:52:47 -05:00
|
|
|
>>> raise CertificateOperationError(error=_(u'bad serial number'))
|
2009-11-19 10:16:30 -06:00
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
|
|
|
CertificateOperationError: Certificate operation cannot be completed: bad serial number
|
|
|
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 4301
|
|
|
|
format = _('Certificate operation cannot be completed: %(error)s')
|
|
|
|
|
2010-10-08 12:15:03 -05:00
|
|
|
class CertificateFormatError(CertificateError):
|
|
|
|
"""
|
|
|
|
**4302** Raised when a certificate is badly formatted
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
2012-07-04 07:52:47 -05:00
|
|
|
>>> raise CertificateFormatError(error=_(u'improperly formated DER-encoded certificate'))
|
2010-10-08 12:15:03 -05:00
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
2010-10-20 12:14:22 -05:00
|
|
|
CertificateFormatError: Certificate format error: improperly formated DER-encoded certificate
|
2010-10-08 12:15:03 -05:00
|
|
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 4302
|
|
|
|
format = _('Certificate format error: %(error)s')
|
|
|
|
|
2009-11-19 10:16:30 -06:00
|
|
|
|
2010-09-15 08:20:14 -05:00
|
|
|
class MutuallyExclusiveError(ExecutionError):
|
|
|
|
"""
|
2011-02-01 13:24:46 -06:00
|
|
|
**4303** Raised when an operation would result in setting two attributes which are mutually exlusive.
|
2010-09-15 08:20:14 -05:00
|
|
|
|
|
|
|
For example:
|
|
|
|
|
2012-07-04 07:52:47 -05:00
|
|
|
>>> raise MutuallyExclusiveError(reason=_(u'hosts may not be added when hostcategory=all'))
|
2010-09-15 08:20:14 -05:00
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
|
|
|
MutuallyExclusiveError: hosts may not be added when hostcategory=all
|
|
|
|
|
|
|
|
"""
|
|
|
|
|
2011-02-01 13:24:46 -06:00
|
|
|
errno = 4303
|
2010-09-15 08:20:14 -05:00
|
|
|
format = _('%(reason)s')
|
|
|
|
|
|
|
|
|
2010-11-23 16:47:29 -06:00
|
|
|
class NonFatalError(ExecutionError):
|
|
|
|
"""
|
2011-02-01 13:24:46 -06:00
|
|
|
**4304** Raised when part of an operation succeeds and the part that failed isn't critical.
|
2010-11-23 16:47:29 -06:00
|
|
|
|
|
|
|
For example:
|
|
|
|
|
2012-07-04 07:52:47 -05:00
|
|
|
>>> raise NonFatalError(reason=_(u'The host was added but the DNS update failed'))
|
2010-11-23 16:47:29 -06:00
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
|
|
|
NonFatalError: The host was added but the DNS update failed
|
|
|
|
|
|
|
|
"""
|
|
|
|
|
2011-02-01 13:24:46 -06:00
|
|
|
errno = 4304
|
2010-11-23 16:47:29 -06:00
|
|
|
format = _('%(reason)s')
|
|
|
|
|
|
|
|
|
2011-02-01 13:24:46 -06:00
|
|
|
class AlreadyRegisteredError(ExecutionError):
|
|
|
|
"""
|
|
|
|
**4305** Raised when registering a user that is already registered.
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
|
|
>>> raise AlreadyRegisteredError()
|
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
|
|
|
AlreadyRegisteredError: Already registered
|
|
|
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 4305
|
|
|
|
format = _('Already registered')
|
|
|
|
|
|
|
|
|
|
|
|
class NotRegisteredError(ExecutionError):
|
|
|
|
"""
|
|
|
|
**4306** Raised when not registered and a registration is required
|
|
|
|
|
|
|
|
For example:
|
|
|
|
>>> raise NotRegisteredError()
|
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
|
|
|
NotRegisteredError: Not registered yet
|
|
|
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 4306
|
|
|
|
format = _('Not registered yet')
|
|
|
|
|
|
|
|
|
2011-11-23 15:59:21 -06:00
|
|
|
class DependentEntry(ExecutionError):
|
|
|
|
"""
|
|
|
|
**4307** Raised when an entry being deleted has dependencies
|
|
|
|
|
|
|
|
For example:
|
|
|
|
>>> raise DependentEntry(label=u'SELinux User Map', key=u'test', dependent=u'test1')
|
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
2011-11-01 07:58:05 -05:00
|
|
|
DependentEntry: test cannot be deleted because SELinux User Map test1 requires it
|
2011-11-23 15:59:21 -06:00
|
|
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 4307
|
|
|
|
format = _('%(key)s cannot be deleted because %(label)s %(dependent)s requires it')
|
|
|
|
|
|
|
|
|
2012-05-23 04:44:53 -05:00
|
|
|
class LastMemberError(ExecutionError):
|
|
|
|
"""
|
2012-08-16 19:28:44 -05:00
|
|
|
**4308** Raised when an entry being deleted or disabled is last member of a protected group
|
2012-05-23 04:44:53 -05:00
|
|
|
|
|
|
|
For example:
|
|
|
|
>>> raise LastMemberError(key=u'admin', label=u'group', container=u'admins')
|
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
2012-08-16 19:28:44 -05:00
|
|
|
LastMemberError: admin cannot be deleted or disabled because it is the last member of group admins
|
2012-05-23 04:44:53 -05:00
|
|
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 4308
|
2012-08-16 19:28:44 -05:00
|
|
|
format = _('%(key)s cannot be deleted or disabled because it is the last member of %(label)s %(container)s')
|
2012-05-23 04:44:53 -05:00
|
|
|
|
|
|
|
|
|
|
|
class ProtectedEntryError(ExecutionError):
|
|
|
|
"""
|
2012-09-25 07:14:57 -05:00
|
|
|
**4309** Raised when an entry being deleted or modified in a forbidden way is protected
|
2012-05-23 04:44:53 -05:00
|
|
|
|
|
|
|
For example:
|
2012-07-04 07:52:47 -05:00
|
|
|
>>> raise ProtectedEntryError(label=u'group', key=u'admins', reason=_(u'privileged group'))
|
2012-05-23 04:44:53 -05:00
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
2012-09-25 07:14:57 -05:00
|
|
|
ProtectedEntryError: group admins cannot be deleted/modified: privileged group
|
2012-05-23 04:44:53 -05:00
|
|
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 4309
|
2012-09-25 07:14:57 -05:00
|
|
|
format = _('%(label)s %(key)s cannot be deleted/modified: %(reason)s')
|
2012-05-23 04:44:53 -05:00
|
|
|
|
|
|
|
|
2012-11-15 13:57:52 -06:00
|
|
|
class CertificateInvalidError(CertificateError):
|
|
|
|
"""
|
|
|
|
**4310** Raised when a certificate is not valid
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
|
|
>>> raise CertificateInvalidError(name=_(u'CA'))
|
|
|
|
Traceback (most recent call last):
|
|
|
|
...
|
|
|
|
CertificateInvalidError: CA certificate is not valid
|
|
|
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
errno = 4310
|
|
|
|
format = _('%(name)s certificate is not valid')
|
|
|
|
|
|
|
|
|
2009-01-03 03:35:36 -06:00
|
|
|
##############################################################################
|
2009-01-03 18:27:53 -06:00
|
|
|
# 5000 - 5999: Generic errors
|
2009-01-03 03:35:36 -06:00
|
|
|
|
|
|
|
class GenericError(PublicError):
|
|
|
|
"""
|
2009-01-04 04:52:08 -06:00
|
|
|
**5000** Base class for errors that don't fit elsewhere (*5000 - 5999*).
|
2009-01-03 03:35:36 -06:00
|
|
|
"""
|
|
|
|
|
2009-01-06 14:33:22 -06:00
|
|
|
errno = 5000
|
2009-01-03 03:35:36 -06:00
|
|
|
|
|
|
|
|
|
|
|
|
2012-12-04 08:27:05 -06:00
|
|
|
public_errors = tuple(sorted(
|
|
|
|
messages.iter_messages(globals(), PublicError), key=lambda E: E.errno))
|
2009-01-03 03:35:36 -06:00
|
|
|
|
|
|
|
if __name__ == '__main__':
|
2012-12-04 08:27:05 -06:00
|
|
|
messages.print_report('public errors', public_errors)
|