IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Remove more unused files and functions, replace ipaerror with new error classes

Browse Source
This commit is contained in:
Rob Crittenden 2009-02-05 13:12:11 -05:00
parent 31866db922
commit 412104e34c
11 changed files with 34 additions and 890 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
install/tools/ipa-compat-manage
View File

@ -23,9 +23,10 @@ import sys
try:
from optparse import OptionParser
from ipaserver import ipaldap
from ipa import entity, ipaerror, ipautil, config
from ipaserver import installutils
from ipaserver.ldapupdate import LDAPUpdate, BadSyntax, UPDATES_DIR
from ipa import entity, ipautil, config
from ipaserver.install import installutils
from ipaserver.install.ldapupdate import LDAPUpdate, BadSyntax, UPDATES_DIR
from ipalib import errors, errors2
import ldap
import logging
import re
@ -109,7 +110,7 @@ def main():
ldap.SCOPE_BASE, "(objectclass=*)")
print "Plugin already Enabled"
retval = 2
except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND):
except errors2.NotFound:
print "Enabling plugin"
except ldap.LDAPError, e:
print "An error occurred while talking to the server."
@ -131,7 +132,7 @@ def main():
conn.deleteEntry("cn=groups,cn=Schema Compatibility,cn=plugins,cn=config")
conn.deleteEntry("cn=users,cn=Schema Compatibility,cn=plugins,cn=config")
conn.deleteEntry("cn=Schema Compatibility,cn=plugins,cn=config")
except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND):
except errors2.NotFound:
print "Plugin is already disabled"
retval = 2
except ldap.LDAPError, e:
@ -166,6 +167,6 @@ except config.IPAConfigError, e:
print "An IPA server to update cannot be found. Has one been configured yet?"
print "The error was: %s" % e
sys.exit(1)
except ipaerror, e:
except ldap.LDAPError, e:
print "An error occurred while performing operations: %s" % e
sys.exit(1)

2
install/tools/ipa-ldap-updater
View File

@ -27,7 +27,7 @@ import sys
try:
from optparse import OptionParser
from ipaserver import ipaldap
from ipa import entity, ipaerror, ipautil, config
from ipa import entity, ipautil, config
from ipaserver.install import installutils
from ipaserver.install.ldapupdate import LDAPUpdate, BadSyntax, UPDATES_DIR
import ldap

12
ipa-python/README
View File

@ -3,28 +3,16 @@ geared currently towards command-line tools.
A brief overview:
aci.py - a basic LDAP ACI parser for doing delegations.
config.py - identify the IPA server domain and realm. It uses dnsclient to
try to detect this information first and will fall back to
/etc/ipa/ipa.conf if that fails.
ipaadminutil.py - routines to help reduce the number of entries from a search
dnsclient.py - find IPA information via DNS
ipaclient.py - the main interface for any command-line tools. When initialized
if transport is True then it means the IPA server is on the
same machine so no need to use the XML-RPC interface.
rpcclient.py - the XML-RPC client API. Callers should use ipaclient instead
of this directly.
ipautil.py - helper functions
radius_util.py - helper functions for Radius
user.py
group.py
entity.py - entity is the main data type. User and Group extend this class
(but don't add anything currently).
ipavalidate.py - basic data validation routines
ipaerror.py - our own error types
krbtransport.py - do Kerberos auth over HTTP/S

96
ipa-python/ipaadminutil.py
View File

@ -1,96 +0,0 @@
# Authors: Rob Crittenden <rcritten@redhat.com>
#
# Copyright (C) 2007 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; version 2 only
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
import string
import tempfile
import logging
import subprocess
import os
import ipa.ipavalidate as ipavalidate
def select_user(counter, users):
"""counter is the number of User objects in users
users is a list of User objects
This purposely doesn't catch KeyboardInterrupt
"""
i = 1
print "%s entries were found. Which one would you like to display?" % counter
for ent in users:
if (ent.getValues('givenname')) is not None:
print "%s: %s %s (%s)" % (i, ent.getValues('givenname'), ent.getValues('sn'), ent.getValues('uid'))
else:
print "%s: %s (%s)" % (i, ent.getValues('sn'), ent.getValues('uid'))
i += 1
while True:
resp = raw_input("Choose one: (1 - %s), 0 for all, q to quit: " % counter)
if resp == "q":
return "q"
if resp == "0":
userindex = -1
break
try:
userindex = int(resp) - 1
if (userindex >= 0 and userindex < counter):
break
except:
# fall through to the error msg
pass
print "Please enter a number between 1 and %s" % counter
return userindex
def select_group(counter, groups):
"""counter is the number of Group objects in users
users is a list of Group objects
This purposely doesn't catch KeyboardInterrupt
"""
i = 1
print "%s entries were found. Which one would you like to display?" % counter
for ent in groups:
print "%s: %s" % (i, ent.getValues('cn'))
i += 1
while True:
resp = raw_input("Choose one: (1 - %s), 0 for all, q to quit: " % counter)
if resp == "q":
return "q"
if resp == "0":
groupindex = -1
break
try:
groupindex = int(resp) - 1
if (groupindex >= 0 and groupindex < counter):
break
except:
# fall through to the error msg
pass
print "Please enter a number between 1 and %s" % counter
return groupindex
def check_name(name):
"""Helper to ensure that a user or group name is legal"""
if (not ipavalidate.GoodName(name, notEmpty=True)):
raise ValueError("may only include letters, numbers, _, -, . and $")
return

471
ipa-python/ipaclient.py
View File

@ -1,471 +0,0 @@
# Authors: Rob Crittenden <rcritten@redhat.com>
#
# Copyright (C) 2007 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; version 2 only
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
import ipa.rpcclient as rpcclient
import entity
import user
import group
import radius_util
class IPAClient:
def __init__(self,transport=None,verbose=False):
if transport:
self.local = True
self.transport = transport
else:
self.local = False
self.transport = rpcclient.RPCClient(verbose)
def set_principal(self,princ):
"""Set the name of the principal that will be used for
LDAP proxy authentication"""
if self.local:
self.transport.set_principal(princ)
def set_krbccache(self,krbccache):
"""Set the file location of the Kerberos credentials cache to be used
for LDAP authentication"""
if self.local:
self.transport.set_krbccache(krbccache)
# Higher-level API
def get_aci_entry(self, sattrs=None):
"""Returns the entry containing access control ACIs."""
result = self.transport.get_aci_entry(sattrs)
return entity.Entity(result)
# General searches
def get_entry_by_dn(self,dn,sattrs=None):
"""Get a specific entry by dn. If sattrs is set then only those
attributes will be returned, otherwise all available attributes
are returned."""
result = self.transport.get_entry_by_dn(dn,sattrs)
return entity.Entity(result)
def get_entry_by_cn(self,cn,sattrs=None):
"""Get a specific entry by cn. If sattrs is set then only those
attributes will be returned, otherwise all available attributes
are returned."""
result = self.transport.get_entry_by_cn(cn,sattrs)
return entity.Entity(result)
def update_entry(self,entry):
"""Update a entry."""
result = self.transport.update_entry(entry.origDataDict(), entry.toDict())
return result
# User support
def get_user_by_uid(self,uid,sattrs=None):
"""Get a specific user by uid. If sattrs is set then only those
attributes will be returned, otherwise all available attributes
are returned."""
result = self.transport.get_user_by_uid(uid,sattrs)
return user.User(result)
def get_user_by_principal(self,principal,sattrs=None):
"""Get a specific user by uid. If sattrs is set then only those
attributes will be returned, otherwise all available attributes
are returned."""
result = self.transport.get_user_by_principal(principal,sattrs)
return user.User(result)
def get_user_by_email(self,email,sattrs=None):
"""Get a specific user's entry. Return as a dict of values.
Multi-valued fields are represented as lists.
"""
result = self.transport.get_user_by_email(email,sattrs)
return user.User(result)
def get_users_by_manager(self,manager_dn,sattrs=None):
"""Gets the users the report to a particular manager.
If sattrs is not None then only those
attributes will be returned, otherwise all available
attributes are returned. The result is a list of groups."""
results = self.transport.get_users_by_manager(manager_dn, sattrs)
return map(lambda result: user.User(result), results)
def add_user(self,user,user_container=None):
"""Add a user. user is a ipa.user.User object"""
user_dict = user.toDict()
# convert to a regular dict before sending
result = self.transport.add_user(user_dict, user_container)
return result
def get_all_users(self):
"""Get as a list of User objects all users in the directory"""
result = self.transport.get_all_users()
all_users = []
for attrs in result:
if attrs is not None:
all_users.append(user.User(attrs))
return all_users
def get_custom_fields(self):
"""Get custom user fields"""
result = self.transport.get_custom_fields()
return result
def set_custom_fields(self, schema):
"""Set custom user fields"""
result = self.transport.set_custom_fields(schema)
return result
def find_users(self, criteria, sattrs=None, sizelimit=-1, timelimit=-1):
"""Return a list: counter followed by a User object for each user that
matches the criteria. If the results are truncated, counter will
be set to -1"""
result = self.transport.find_users(criteria, sattrs, sizelimit, timelimit)
counter = result[0]
users = [counter]
for attrs in result[1:]:
if attrs is not None:
users.append(user.User(attrs))
return users
def update_user(self,user):
"""Update a user entry."""
result = self.transport.update_user(user.origDataDict(), user.toDict())
return result
def delete_user(self,uid):
"""Delete a user entry."""
result = self.transport.delete_user(uid)
return result
def modifyPassword(self,principal,oldpass,newpass):
"""Modify a user's password"""
result = self.transport.modifyPassword(principal,oldpass,newpass)
return result
def mark_user_active(self,uid):
"""Set a user as active by uid."""
result = self.transport.mark_user_active(uid)
return result
def mark_user_inactive(self,uid):
"""Set a user as inactive by uid."""
result = self.transport.mark_user_inactive(uid)
return result
# Groups support
def get_groups_by_member(self,member_dn,sattrs=None):
"""Gets the groups that member_dn belongs to.
If sattrs is not None then only those
attributes will be returned, otherwise all available
attributes are returned. The result is a list of groups."""
results = self.transport.get_groups_by_member(member_dn,sattrs)
return map(lambda result: group.Group(result), results)
def add_group(self,group,group_container=None):
"""Add a group. group is a ipa.group.Group object"""
group_dict = group.toDict()
# dn is set on the server-side
del group_dict['dn']
# convert to a regular dict before sending
result = self.transport.add_group(group_dict, group_container)
return result
def find_groups(self, criteria, sattrs=None, sizelimit=-1, timelimit=-1):
"""Find groups whose cn matches the criteria. Wildcards are
acceptable. Returns a list of Group objects."""
result = self.transport.find_groups(criteria, sattrs, sizelimit, timelimit)
counter = result[0]
groups = [counter]
for attrs in result[1:]:
if attrs is not None:
groups.append(group.Group(attrs))
return groups
def add_member_to_group(self, member_dn, group_dn):
"""Add a member to an existing group.
"""
return self.transport.add_member_to_group(member_dn, group_dn)
def add_members_to_group(self, member_dns, group_dn):
"""Add several members to an existing group.
member_dns is a list of dns to add
Returns a list of the dns that were not added.
"""
return self.transport.add_members_to_group(member_dns, group_dn)
def remove_member_from_group(self, member_dn, group_dn):
"""Remove a member from an existing group.
"""
return self.transport.remove_member_from_group(member_dn, group_dn)
def remove_members_from_group(self, member_dns, group_dn):
"""Remove several members from an existing group.
member_dns is a list of dns to remove
Returns a list of the dns that were not removed.
"""
return self.transport.remove_members_from_group(member_dns, group_dn)
def add_user_to_group(self, user_uid, group_dn):
"""Add a user to an existing group.
user is a uid of the user to add
group is the cn of the group to be added to
"""
return self.transport.add_user_to_group(user_uid, group_dn)
def add_users_to_group(self, user_uids, group_dn):
"""Add several users to an existing group.
user_uids is a list of uids of the users to add
Returns a list of the user uids that were not added.
"""
return self.transport.add_users_to_group(user_uids, group_dn)
def remove_user_from_group(self, user_uid, group_dn):
"""Remove a user from an existing group.
user is a uid of the user to remove
group is the cn of the group to be removed from
"""
return self.transport.remove_user_from_group(user_uid, group_dn)
def remove_users_from_group(self, user_uids, group_dn):
"""Remove several users from an existing group.
user_uids is a list of uids of the users to remove
Returns a list of the user uids that were not removed.
"""
return self.transport.remove_users_from_group(user_uids, group_dn)
def add_groups_to_user(self, group_dns, user_dn):
"""Given a list of group dn's add them to the user.
Returns a list of the group dns that were not added.
"""
return self.transport.add_groups_to_user(group_dns, user_dn)
def remove_groups_from_user(self, group_dns, user_dn):
"""Given a list of group dn's remove them from the user.
Returns a list of the group dns that were not removed.
"""
return self.transport.remove_groups_from_user(group_dns, user_dn)
def update_group(self,group):
"""Update a group entry."""
return self.transport.update_group(group.origDataDict(), group.toDict())
def delete_group(self,group_dn):
"""Delete a group entry."""
return self.transport.delete_group(group_dn)
def add_group_to_group(self, group_cn, tgroup_cn):
"""Add a group to an existing group.
group_cn is a cn of the group to add
tgroup_cn is the cn of the group to be added to
"""
return self.transport.add_group_to_group(group_cn, tgroup_cn)
def attrs_to_labels(self,attrs):
"""Convert a list of LDAP attributes into a more readable form."""
return self.transport.attrs_to_labels(attrs)
def get_all_attrs(self):
"""We have a list of hardcoded attributes -> readable labels. Return
that complete list if someone wants it.
"""
return self.transport.get_all_attrs()
def group_members(self, groupdn, attr_list, membertype):
"""Do a memberOf search of groupdn and return the attributes in
attr_list (an empty list returns everything)."""
results = self.transport.group_members(groupdn, attr_list, membertype)
counter = results[0]
entries = [counter]
for e in results[1:]:
if e is not None:
entries.append(user.User(e))
return entries
def mark_group_active(self,cn):
"""Set a group as active by cn."""
result = self.transport.mark_group_active(cn)
return result
def mark_group_inactive(self,cn):
"""Set a group as inactive by cn."""
result = self.transport.mark_group_inactive(cn)
return result
# Configuration
def get_ipa_config(self):
"""Get the IPA configuration"""
result = self.transport.get_ipa_config()
return entity.Entity(result)
def update_ipa_config(self, config):
"""Updates the IPA configuration.
config is an Entity object.
"""
result = self.transport.update_ipa_config(config.origDataDict(), config.toDict())
return result
def get_password_policy(self):
"""Get the IPA password policy"""
result = self.transport.get_password_policy()
return entity.Entity(result)
def update_password_policy(self, policy):
"""Updates the IPA password policy.
policy is an Entity object.
"""
result = self.transport.update_password_policy(policy.origDataDict(), policy.toDict())
return result
def add_service_principal(self, princ_name, force):
return self.transport.add_service_principal(princ_name, force)
def delete_service_principal(self, principal_dn):
return self.transport.delete_service_principal(principal_dn)
def find_service_principal(self, criteria, sattrs=None, sizelimit=-1, timelimit=-1):
"""Return a list: counter followed by a Entity object for each host that
matches the criteria. If the results are truncated, counter will
be set to -1"""
result = self.transport.find_service_principal(criteria, sattrs, sizelimit, timelimit)
counter = result[0]
hosts = [counter]
for attrs in result[1:]:
if attrs is not None:
hosts.append(entity.Entity(attrs))
return hosts
def get_keytab(self, princ_name):
return self.transport.get_keytab(princ_name)
# radius support
def get_radius_client_by_ip_addr(self, ip_addr, container=None, sattrs=None):
result = self.transport.get_radius_client_by_ip_addr(ip_addr, container, sattrs)
return radius_util.RadiusClient(result)
def add_radius_client(self, client, container=None):
client_dict = client.toDict()
# dn is set on the server-side
del client_dict['dn']
# convert to a regular dict before sending
result = self.transport.add_radius_client(client_dict, container)
return result
def update_radius_client(self, client):
result = self.transport.update_radius_client(client.origDataDict(), client.toDict())
return result
def delete_radius_client(self, ip_addr, container=None):
return self.transport.delete_radius_client(ip_addr, container)
def find_radius_clients(self, criteria, container=None, sattrs=None, sizelimit=-1, timelimit=-1):
result = self.transport.find_radius_clients(criteria, container, sattrs, sizelimit, timelimit)
counter = result[0]
users = [counter]
for attrs in result[1:]:
if attrs is not None:
users.append(user.User(attrs))
return users
def get_radius_profile_by_uid(self, uid, user_profile=None, sattrs=None):
result = self.transport.get_radius_profile_by_uid(uid, user_profile, sattrs)
return radius_util.RadiusClient(result)
def add_radius_profile(self, profile, user_profile=None):
profile_dict = profile.toDict()
# dn is set on the server-side
del profile_dict['dn']
# convert to a regular dict before sending
result = self.transport.add_radius_profile(profile_dict, user_profile)
return result
def update_radius_profile(self, profile):
result = self.transport.update_radius_profile(profile.origDataDict(), profile.toDict())
return result
def delete_radius_profile(self, ip_addr, user_profile=None):
return self.transport.delete_radius_profile(ip_addr, user_profile)
def find_radius_profiles(self, criteria, user_profile=None, sattrs=None, sizelimit=-1, timelimit=-1):
result = self.transport.find_radius_profiles(criteria, user_profile, sattrs, sizelimit, timelimit)
counter = result[0]
users = [counter]
for attrs in result[1:]:
if attrs is not None:
users.append(user.User(attrs))
return users

259
ipa-python/ipaerror.py
View File

@ -1,259 +0,0 @@
# Copyright (C) 2007 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; version 2 only
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
import exceptions
import types
class IPAError(exceptions.Exception):
"""Base error class for IPA Code"""
def __init__(self, code, message="", detail=None):
"""code is the IPA error code.
message is a human viewable error message.
detail is an optional exception that provides more detail about the
error."""
self.code = code
self.message = message
# Fill this in as an empty LDAP error message so we don't have a lot
# of "if e.detail ..." everywhere
if detail is None:
detail = []
detail.append({'desc':'','info':''})
self.detail = detail
def __str__(self):
return self.message
def __repr__(self):
repr = "%d: %s" % (self.code, self.message)
if self.detail:
repr += "\n%s" % str(self.detail)
return repr
###############
# Error codes #
###############
code_map_dict = {}
def gen_exception(code, message=None, nested_exception=None):
"""This should be used by IPA code to translate error codes into the
correct exception/message to throw.
message is an optional argument which overrides the default message.
nested_exception is an optional argument providing more details
about the error."""
(default_message, exception) = code_map_dict.get(code, ("unknown", IPAError))
if not message:
message = default_message
return exception(code, message, nested_exception)
def exception_for(code):
"""Used to look up the corresponding exception for an error code.
Will usually be used for an except block."""
(default_message, exception) = code_map_dict.get(code, ("unknown", IPAError))
return exception
def gen_error_code(category, detail, message):
"""Private method used to generate exception codes.
category is one of the 16 bit error code category constants.
detail is a 16 bit code within the category.
message is a human readable description on the error.
exception is the exception to throw for this error code."""
code = (category << 16) + detail
exception = types.ClassType("IPAError%d" % code,
(IPAError,),
{})
code_map_dict[code] = (message, exception)
return code
#
# Error codes are broken into two 16-bit values: category and detail
#
#
# LDAP Errors: 0x0001
#
LDAP_CATEGORY = 0x0001
LDAP_DATABASE_ERROR = gen_error_code(
LDAP_CATEGORY,
0x0001,
"A database error occurred")
LDAP_MIDAIR_COLLISION = gen_error_code(
LDAP_CATEGORY,
0x0002,
"Change collided with another change")
LDAP_NOT_FOUND = gen_error_code(
LDAP_CATEGORY,
0x0003,
"Entry not found")
LDAP_DUPLICATE = gen_error_code(
LDAP_CATEGORY,
0x0004,
"This entry already exists")
LDAP_MISSING_DN = gen_error_code(
LDAP_CATEGORY,
0x0005,
"Entry missing dn")
LDAP_EMPTY_MODLIST = gen_error_code(
LDAP_CATEGORY,
0x0006,
"No modifications to be performed")
LDAP_NO_CONFIG = gen_error_code(
LDAP_CATEGORY,
0x0007,
"IPA configuration not found")
#
# Function input errors
#
INPUT_CATEGORY = 0x0002
INPUT_INVALID_PARAMETER = gen_error_code(
INPUT_CATEGORY,
0x0001,
"Invalid parameter(s)")
INPUT_SAME_GROUP = gen_error_code(
INPUT_CATEGORY,
0x0002,
"You can't add a group to itself")
INPUT_NOT_DNS_A_RECORD = gen_error_code(
INPUT_CATEGORY,
0x0003,
"The requested hostname is not a DNS A record. This is required by Kerberos.")
INPUT_ADMINS_IMMUTABLE = gen_error_code(
INPUT_CATEGORY,
0x0004,
"The admins group cannot be renamed.")
INPUT_MALFORMED_SERVICE_PRINCIPAL = gen_error_code(
INPUT_CATEGORY,
0x0005,
"The requested service principal is not of the form: service/fully-qualified host name")
INPUT_REALM_MISMATCH = gen_error_code(
INPUT_CATEGORY,
0x0006,
"The realm for the principal does not match the realm for this IPA server.")
INPUT_ADMIN_REQUIRED = gen_error_code(
INPUT_CATEGORY,
0x0007,
"The admin user cannot be deleted.")
INPUT_CANT_INACTIVATE = gen_error_code(
INPUT_CATEGORY,
0x0008,
"This entry cannot be inactivated.")
INPUT_ADMIN_REQUIRED_IN_ADMINS = gen_error_code(
INPUT_CATEGORY,
0x0009,
"The admin user cannot be removed from the admins group.")
INPUT_SERVICE_PRINCIPAL_REQUIRED = gen_error_code(
INPUT_CATEGORY,
0x000A,
"You cannot remove IPA server service principals.")
INPUT_UID_TOO_LONG = gen_error_code(
INPUT_CATEGORY,
0x0009,
"The requested username is too long.")
#
# Connection errors
#
CONNECTION_CATEGORY = 0x0003
CONNECTION_NO_CONN = gen_error_code(
CONNECTION_CATEGORY,
0x0001,
"Connection to database failed")
CONNECTION_NO_CCACHE = gen_error_code(
CONNECTION_CATEGORY,
0x0002,
"No Kerberos credentials cache is available. Connection cannot be made.")
CONNECTION_GSSAPI_CREDENTIALS = gen_error_code(
CONNECTION_CATEGORY,
0x0003,
"GSSAPI Authorization error")
CONNECTION_UNWILLING = gen_error_code(
CONNECTION_CATEGORY,
0x0004,
"Account inactivated. Server is unwilling to perform.")
#
# Configuration errors
#
CONFIGURATION_CATEGORY = 0x0004
CONFIG_REQUIRED_GROUPS = gen_error_code(
CONFIGURATION_CATEGORY,
0x0001,
"The admins and editors groups are required.")
CONFIG_DEFAULT_GROUP = gen_error_code(
CONFIGURATION_CATEGORY,
0x0002,
"You cannot remove the default users group.")
CONFIG_INVALID_OC = gen_error_code(
CONFIGURATION_CATEGORY,
0x0003,
"Invalid object class.")
#
# Entry status errors
#
STATUS_CATEGORY = 0x0005
STATUS_ALREADY_ACTIVE = gen_error_code(
STATUS_CATEGORY,
0x0001,
"This entry is already active.")
STATUS_ALREADY_INACTIVE = gen_error_code(
STATUS_CATEGORY,
0x0002,
"This entry is already inactive.")
STATUS_HAS_NSACCOUNTLOCK = gen_error_code(
STATUS_CATEGORY,
0x0003,
"This entry appears to have the nsAccountLock attribute in it so the Class of Service activation/inactivation will not work. You will need to remove the attribute nsAccountLock for this to work.")
STATUS_NOT_GROUP_MEMBER = gen_error_code(
STATUS_CATEGORY,
0x0004,
"This entry is not a member of the group.")

36
ipa-python/ipautil.py
View File

@ -30,7 +30,6 @@ import stat
import shutil
from ipa import ipavalidate
from ipa import ipaadminutil
from types import *
import re
@ -446,11 +445,11 @@ def ipa_generate_password():
def format_list(items, quote=None, page_width=80):
'''Format a list of items formatting them so they wrap to fit the
available width. The items will be sorted.
available width. The items will be sorted.
The items may optionally be quoted. The quote parameter may either be
a string, in which case it is added before and after the item. Or the
quote parameter may be a pair (either a tuple or list). In this case
quote parameter may be a pair (either a tuple or list). In this case
quote[0] is left hand quote and quote[1] is the right hand quote.
'''
left_quote = right_quote = ''
@ -501,8 +500,8 @@ def parse_key_value_pairs(input):
Example: The string
arg0 = '' arg1 = 1 arg2='two' arg3 = "three's a crowd" arg4 = "this is a \" quote"
arg0 = '' arg1 = 1 arg2='two' arg3 = "three's a crowd" arg4 = "this is a \" quote"
will produce
arg0= arg1=1
@ -562,7 +561,7 @@ def user_input(prompt, default = None, allow_empty = True):
ret = raw_input("%s: " % prompt)
if allow_empty or ret.strip():
return ret
if isinstance(default, basestring):
while True:
ret = raw_input("%s [%s]: " % (prompt, default))
@ -595,16 +594,6 @@ def user_input(prompt, default = None, allow_empty = True):
else:
return ret
def user_input_email(prompt, default = None, allow_empty = False):
if default != None and allow_empty:
prompt += " (enter \"none\" for empty)"
while True:
ret = user_input(prompt, default, allow_empty)
if allow_empty and ret.lower() == "none":
return ""
if ipavalidate.Email(ret, not allow_empty):
return ret.strip()
def user_input_plain(prompt, default = None, allow_empty = True, allow_spaces = True):
while True:
ret = user_input(prompt, default, allow_empty)
@ -621,15 +610,6 @@ def user_input_path(prompt, default = None, allow_empty = True):
if ipavalidate.Path(ret, not allow_empty):
return ret
def user_input_name(prompt, default = None):
while True:
ret = user_input(prompt, default, False)
try:
ipaadminutil.check_name(ret)
return ret
except ValueError, e:
print prompt + " " + str(e)
class AttributeValueCompleter:
'''
Gets input from the user in the form "lhs operator rhs"
@ -722,7 +702,7 @@ class AttributeValueCompleter:
# Restore previous state
readline.set_completer_delims(self.prev_completer_delims)
readline.set_completer(self.prev_completer)
def parse_input(self):
'''We are looking for 3 tokens: <lhs,op,rhs>
Extract as much of each token as possible.
@ -918,7 +898,7 @@ class ItemCompleter:
# Restore previous state
readline.set_completer_delims(self.prev_completer_delims)
readline.set_completer(self.prev_completer)
def get_item_completions(self, text):
if text:
self.completions = [lhs for lhs in self.items if lhs.startswith(text)]
@ -940,7 +920,7 @@ class ItemCompleter:
def read_input(self, prompt, initial_input=None):
items = []
self.initial_input = initial_input
try:
if initial_input is None:

4
ipaserver/install/krbinstance.py
View File

@ -34,8 +34,8 @@ import service
import installutils
from ipa import sysrestore
from ipa import ipautil
from ipa import ipaerror
from ipalib import util
from ipalib import errors2
from ipaserver import ipaldap
@ -322,7 +322,7 @@ class KrbInstance(service.Service):
def __write_stash_from_ds(self):
try:
entry = self.conn.getEntry("cn=%s, cn=kerberos, %s" % (self.realm, self.suffix), ldap.SCOPE_SUBTREE)
except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND), e:
except errors2.NotFound:
logging.critical("Could not find master key in DS")
raise e

15
ipaserver/install/ldapupdate.py
View File

@ -27,8 +27,9 @@ UPDATES_DIR="/usr/share/ipa/updates/"
import sys
from ipaserver.install import installutils
from ipaserver import ipaldap
from ipa import entity, ipaerror, ipautil
from ipa import entity, ipautil
from ipalib import util
from ipalib import errors, errors2
import ldap
import logging
import krbV
@ -326,10 +327,10 @@ class LDAPUpdate:
while True:
try:
entry = self.conn.getEntry(dn, ldap.SCOPE_BASE, "(objectclass=*)", attrlist)
except ldap.NO_SUCH_OBJECT:
except errors2.NotFound:
logging.error("Task not found: %s", dn)
return
except ipaerror.exception_for(ipaerror.LDAP_DATABASE_ERROR), e:
except errors.DatabaseError, e:
logging.error("Task lookup failure %s: %s", e, self.__detail_error(e.detail))
return
@ -496,11 +497,11 @@ class LDAPUpdate:
entry = self.__entry_to_entity(e[0])
found = True
logging.info("Updating existing entry: %s", entry.dn)
except ldap.NO_SUCH_OBJECT:
except errors2.NotFound:
# Doesn't exist, start with the default entry
entry = new_entry
logging.info("New entry: %s", entry.dn)
except ipaerror.exception_for(ipaerror.LDAP_DATABASE_ERROR):
except errors.DatabaseError:
# Doesn't exist, start with the default entry
entry = new_entry
logging.info("New entry, using default value: %s", entry.dn)
@ -536,10 +537,10 @@ class LDAPUpdate:
if self.live_run and updated:
self.conn.updateEntry(entry.dn, entry.origDataDict(), entry.toDict())
logging.info("Done")
except ipaerror.exception_for(ipaerror.LDAP_EMPTY_MODLIST), e:
except errors.EmptyModlist:
logging.info("Entry already up-to-date")
updated = False
except ipaerror.exception_for(ipaerror.LDAP_DATABASE_ERROR), e:
except errors.DatabaseError, e:
logging.error("Update failed: %s: %s", e, self.__detail_error(e.detail))
updated = False

10
ipaserver/install/replication.py
View File

@ -23,8 +23,8 @@ import ldap
from ipaserver.install import dsinstance
from ipaserver import ipaldap
from ldap import modlist
from ipa import ipaerror
from ipalib import util
from ipalib import errors2
DIRMAN_CN = "cn=directory manager"
CACERT="/usr/share/ipa/html/ca.crt"
@ -148,7 +148,7 @@ class ReplicationManager:
conn.getEntry(dn, ldap.SCOPE_BASE)
# replication is already configured
return
except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND):
except errors2.NotFound:
pass
replica_type = self.get_replica_type()
@ -220,7 +220,7 @@ class ReplicationManager:
try:
entry = self.conn.getEntry("cn=mapping tree,cn=config", ldap.SCOPE_ONELEVEL,
"(cn=\"%s\")" % (self.suffix))
except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND), e:
except errors2.NotFound, e:
logging.debug("failed to find mappting tree entry for %s" % self.suffix)
raise e
@ -256,7 +256,7 @@ class ReplicationManager:
conn.getEntry(pass_dn, ldap.SCOPE_BASE)
print "Windows PassSync entry exists, not resetting password"
return
except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND):
except errors2.NotFound:
pass
# The user doesn't exist, add it
@ -315,7 +315,7 @@ class ReplicationManager:
try:
a.getEntry(dn, ldap.SCOPE_BASE)
return
except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND):
except errors2.NotFound:
pass
iswinsync = kargs.get("winsync", False)

6
ipaserver/ipaldap.py
View File

@ -320,7 +320,7 @@ class IPAdmin(SimpleLDAPObject):
# Too many results returned by search
raise e
except ldap.LDAPError, e:
raise e
raise errors.DatabaseError, e
if not obj:
raise errors2.NotFound(msg=notfound(args))
@ -357,7 +357,7 @@ class IPAdmin(SimpleLDAPObject):
ldap.TIMELIMIT_EXCEEDED), e:
partial = 1
except ldap.LDAPError, e:
raise e
raise errors.DatabaseError, e
if not entries:
raise errors2.NotFound(msg=notfound(args))
@ -514,7 +514,7 @@ class IPAdmin(SimpleLDAPObject):
self.set_option(ldap.OPT_SERVER_CONTROLS, sctrl)
self.passwd_s(dn, oldpass, newpass)
except ldap.LDAPError, e:
raise e
raise errors.DatabaseError, e
return True
def __wrapmethods(self):