freeipa/ipa-python/ipaerror.py
2008-05-14 09:48:21 -04:00

260 lines
7.2 KiB
Python

# Copyright (C) 2007 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; version 2 only
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
import exceptions
import types
class IPAError(exceptions.Exception):
"""Base error class for IPA Code"""
def __init__(self, code, message="", detail=None):
"""code is the IPA error code.
message is a human viewable error message.
detail is an optional exception that provides more detail about the
error."""
self.code = code
self.message = message
# Fill this in as an empty LDAP error message so we don't have a lot
# of "if e.detail ..." everywhere
if detail is None:
detail = []
detail.append({'desc':'','info':''})
self.detail = detail
def __str__(self):
return self.message
def __repr__(self):
repr = "%d: %s" % (self.code, self.message)
if self.detail:
repr += "\n%s" % str(self.detail)
return repr
###############
# Error codes #
###############
code_map_dict = {}
def gen_exception(code, message=None, nested_exception=None):
"""This should be used by IPA code to translate error codes into the
correct exception/message to throw.
message is an optional argument which overrides the default message.
nested_exception is an optional argument providing more details
about the error."""
(default_message, exception) = code_map_dict.get(code, ("unknown", IPAError))
if not message:
message = default_message
return exception(code, message, nested_exception)
def exception_for(code):
"""Used to look up the corresponding exception for an error code.
Will usually be used for an except block."""
(default_message, exception) = code_map_dict.get(code, ("unknown", IPAError))
return exception
def gen_error_code(category, detail, message):
"""Private method used to generate exception codes.
category is one of the 16 bit error code category constants.
detail is a 16 bit code within the category.
message is a human readable description on the error.
exception is the exception to throw for this error code."""
code = (category << 16) + detail
exception = types.ClassType("IPAError%d" % code,
(IPAError,),
{})
code_map_dict[code] = (message, exception)
return code
#
# Error codes are broken into two 16-bit values: category and detail
#
#
# LDAP Errors: 0x0001
#
LDAP_CATEGORY = 0x0001
LDAP_DATABASE_ERROR = gen_error_code(
LDAP_CATEGORY,
0x0001,
"A database error occurred")
LDAP_MIDAIR_COLLISION = gen_error_code(
LDAP_CATEGORY,
0x0002,
"Change collided with another change")
LDAP_NOT_FOUND = gen_error_code(
LDAP_CATEGORY,
0x0003,
"Entry not found")
LDAP_DUPLICATE = gen_error_code(
LDAP_CATEGORY,
0x0004,
"This entry already exists")
LDAP_MISSING_DN = gen_error_code(
LDAP_CATEGORY,
0x0005,
"Entry missing dn")
LDAP_EMPTY_MODLIST = gen_error_code(
LDAP_CATEGORY,
0x0006,
"No modifications to be performed")
LDAP_NO_CONFIG = gen_error_code(
LDAP_CATEGORY,
0x0007,
"IPA configuration not found")
#
# Function input errors
#
INPUT_CATEGORY = 0x0002
INPUT_INVALID_PARAMETER = gen_error_code(
INPUT_CATEGORY,
0x0001,
"Invalid parameter(s)")
INPUT_SAME_GROUP = gen_error_code(
INPUT_CATEGORY,
0x0002,
"You can't add a group to itself")
INPUT_NOT_DNS_A_RECORD = gen_error_code(
INPUT_CATEGORY,
0x0003,
"The requested hostname is not a DNS A record. This is required by Kerberos.")
INPUT_ADMINS_IMMUTABLE = gen_error_code(
INPUT_CATEGORY,
0x0004,
"The admins group cannot be renamed.")
INPUT_MALFORMED_SERVICE_PRINCIPAL = gen_error_code(
INPUT_CATEGORY,
0x0005,
"The requested service principal is not of the form: service/fully-qualified host name")
INPUT_REALM_MISMATCH = gen_error_code(
INPUT_CATEGORY,
0x0006,
"The realm for the principal does not match the realm for this IPA server.")
INPUT_ADMIN_REQUIRED = gen_error_code(
INPUT_CATEGORY,
0x0007,
"The admin user cannot be deleted.")
INPUT_CANT_INACTIVATE = gen_error_code(
INPUT_CATEGORY,
0x0008,
"This entry cannot be inactivated.")
INPUT_ADMIN_REQUIRED_IN_ADMINS = gen_error_code(
INPUT_CATEGORY,
0x0009,
"The admin user cannot be removed from the admins group.")
INPUT_SERVICE_PRINCIPAL_REQUIRED = gen_error_code(
INPUT_CATEGORY,
0x000A,
"You cannot remove IPA server service principals.")
INPUT_UID_TOO_LONG = gen_error_code(
INPUT_CATEGORY,
0x0009,
"The requested username is too long.")
#
# Connection errors
#
CONNECTION_CATEGORY = 0x0003
CONNECTION_NO_CONN = gen_error_code(
CONNECTION_CATEGORY,
0x0001,
"Connection to database failed")
CONNECTION_NO_CCACHE = gen_error_code(
CONNECTION_CATEGORY,
0x0002,
"No Kerberos credentials cache is available. Connection cannot be made.")
CONNECTION_GSSAPI_CREDENTIALS = gen_error_code(
CONNECTION_CATEGORY,
0x0003,
"GSSAPI Authorization error")
CONNECTION_UNWILLING = gen_error_code(
CONNECTION_CATEGORY,
0x0004,
"Account inactivated. Server is unwilling to perform.")
#
# Configuration errors
#
CONFIGURATION_CATEGORY = 0x0004
CONFIG_REQUIRED_GROUPS = gen_error_code(
CONFIGURATION_CATEGORY,
0x0001,
"The admins and editors groups are required.")
CONFIG_DEFAULT_GROUP = gen_error_code(
CONFIGURATION_CATEGORY,
0x0002,
"You cannot remove the default users group.")
CONFIG_INVALID_OC = gen_error_code(
CONFIGURATION_CATEGORY,
0x0003,
"Invalid object class.")
#
# Entry status errors
#
STATUS_CATEGORY = 0x0005
STATUS_ALREADY_ACTIVE = gen_error_code(
STATUS_CATEGORY,
0x0001,
"This entry is already active.")
STATUS_ALREADY_INACTIVE = gen_error_code(
STATUS_CATEGORY,
0x0002,
"This entry is already inactive.")
STATUS_HAS_NSACCOUNTLOCK = gen_error_code(
STATUS_CATEGORY,
0x0003,
"This entry appears to have the nsAccountLock attribute in it so the Class of Service activation/inactivation will not work. You will need to remove the attribute nsAccountLock for this to work.")
STATUS_NOT_GROUP_MEMBER = gen_error_code(
STATUS_CATEGORY,
0x0004,
"This entry is not a member of the group.")