Go to file
John Dennis e1c1fcf543 Ticket #1879 - IPAdmin undefined anonymous parameter lists
The IPAdmin class in ipaserver/ipaldap.py has methods with anonymous
undefined parameter lists.

For example:

    def getList(self,*args):

In Python syntax this means you can call getList with any positional
parameter list you want.

This is bad because:

1) It's not true, *args gets passed to an ldap function with a well
defined parameter list, so you really do have to call it with a
defined parameter list. *args will let you pass anything, but once it
gets passed to the ldap function it will blow up if the parameters do
not match (what parameters are those you're wondering? see item 2).

2) The programmer does not know what the valid parameters are unless
they are defined in the formal parameter list.

3) Without a formal parameter list automatic documentation generators
cannot produce API documentation (see item 2)

4) The Python interpreter cannot validate the parameters being passed
because there is no formal parameter list. Note, Python does not
validate the type of parameters, but it does validate the correct
number of postitional parameters are passed and only defined keyword
parameters are passed. Bypassing the language support facilities leads
to programming errors.

5) Without a formal parameter list program checkers such as pylint
cannot validate the program which leads to progamming errors.

6) Without a formal parameter list which includes default keyword
parameters it's not possible to use keyword arguments nor to know what
their default values are (see item 2). One is forced to pass a keyword
argument as a positional argument, plus you must then pass every
keyword argument between the end of the positional argument list and
keyword arg of interest even of the other keyword arguments are not of
interest. This also demands you know what the default value of the
intermediate keyword arguments are (see item 2) and hope they don't
change.

Also the *args anonymous tuple get passed into the error handling code
so it can report what the called values were. But because the tuple is
anonymous the error handler cannot not describe what it was passed. In
addition the error handling code makes assumptions about the possible
contents of the anonymous tuple based on current practice instead of
actual defined values. Things like "if the number of items in the
tuple is 2 or less then the first tuple item must be a dn
(Distinguished Name)" or "if the number of items in the tuple is
greater than 2 then the 3rd item must be an ldap search filter". These
are constructs which are not robust and will fail at some point in the
future.

This patch also fixes the use of IPAdmin.addEntry(). It was sometimes
being called with (dn, modlist), sometimes a Entry object, or
sometimes a Entity object. Now it's always called with either a Entry
or Entity object and IPAdmin.addEntry() validates the type of the
parameter passed.
2011-11-29 13:30:57 +01:00
.tx Add Transifex tx client configuration file 2011-03-07 16:05:33 -05:00
checks Change FreeIPA license to GPLv3+ 2010-12-20 17:19:53 -05:00
contrib ticket 2022 - modify codebase to utilize IPALogManager, obsoletes logging 2011-11-23 09:36:18 +01:00
daemons ipa-cldap: send cldap reply 2011-11-21 18:52:59 -05:00
doc Rename included snippets to avoid problems with pylint 2011-11-22 17:04:03 +02:00
init Add support for systemd environments and use it to support Fedora 16 2011-10-24 15:10:11 +02:00
install Make ipa-server-install clean after itself 2011-11-29 09:18:03 +01:00
ipa-client Fix coverity issues in client CLI tools 2011-11-23 00:30:41 -05:00
ipalib Add --delattr option to complement --setattr/--addattr 2011-11-29 10:08:28 +01:00
ipapython ticket 2022 - modify codebase to utilize IPALogManager, obsoletes logging 2011-11-23 09:36:18 +01:00
ipaserver Ticket #1879 - IPAdmin undefined anonymous parameter lists 2011-11-29 13:30:57 +01:00
selinux daemons: Remove ipa_kpasswd 2011-08-26 08:26:08 -04:00
tests Add --delattr option to complement --setattr/--addattr 2011-11-29 10:08:28 +01:00
util Add missing copyright header 2011-11-17 16:15:24 -05:00
.bzrignore Added top-level tests/ package that will contain all unit tests 2008-10-07 20:36:44 -06:00
.gitignore daemons: Remove ipa_kpasswd 2011-08-26 08:26:08 -04:00
API.txt Add --delattr option to complement --setattr/--addattr 2011-11-29 10:08:28 +01:00
autogen.sh build tweaks - use automake's foreign mode, avoid creating empty files to satisfy gnu mode - run autoreconf -f to ensure that everything matches 2010-11-29 11:39:55 -05:00
BUILD.txt Rename ipa.spec.in to freeipa.spec.in in BUILD.txt. 2011-02-10 17:52:43 -05:00
Contributors.txt Add Ondrej Hamada to Contributors.txt 2011-11-10 19:57:31 -05:00
COPYING Change FreeIPA license to GPLv3+ 2010-12-20 17:19:53 -05:00
freeipa.spec.in Add plugin framework to LDAP updates. 2011-11-22 23:57:10 -05:00
ipa Execute /usr/bin/python directly instead of /usr/bin/env python 2011-01-14 16:27:48 -05:00
ipa-compliance.cron Add support for tracking and counting entitlements 2011-02-02 10:00:38 -05:00
ipa.1 daemons: Remove ipa_kpasswd 2011-08-26 08:26:08 -04:00
lite-server.py rename static to ui 2011-01-20 14:12:47 +00:00
make-doc This patch removes the existing UI functionality, as a prep for adding the Javascript based ui. 2010-07-29 10:44:56 -04:00
make-lint Several improvements of the lint script. 2011-05-05 11:54:07 +02:00
make-test Execute /usr/bin/python directly instead of /usr/bin/env python 2011-01-14 16:27:48 -05:00
make-testcert Make data type of certificates more obvious/predictable internally. 2011-06-21 19:09:50 -04:00
makeapi Finalize plugin initialization on demand. 2011-11-22 00:52:24 -05:00
Makefile Create directories for client install 2011-11-16 19:58:18 -05:00
MANIFEST.in Change FreeIPA license to GPLv3+ 2010-12-20 17:19:53 -05:00
README Change FreeIPA license to GPLv3+ 2010-12-20 17:19:53 -05:00
setup-client.py Change FreeIPA license to GPLv3+ 2010-12-20 17:19:53 -05:00
setup.py Add plugin framework to LDAP updates. 2011-11-22 23:57:10 -05:00
TODO Updated TODO based on discussion between Rob, Pavel, and Jason; put TODO in reStructuredText style formatting 2009-05-19 09:55:34 -04:00
VERSION Add --delattr option to complement --setattr/--addattr 2011-11-29 10:08:28 +01:00
version.m4.in Mass tree reorganization for IPAv2. To view previous history of files use: 2009-02-03 15:27:14 -05:00

                               IPA Server

  What is it?
  -----------

  For efficiency, compliance and risk mitigation, organizations need to
  centrally manage and correlate vital security information including:

    * Identity (machine, user, virtual machines, groups, authentication
      credentials)
    * Policy (configuration settings, access control information)
    * Audit (events, logs, analysis thereof) 

  Since these are not new problems. there exist many approaches and
  products focused on addressing them. However, these tend to have the
  following weaknesses:

    * Focus on solving identity management across the enterprise has meant
      less focus on policy and audit.
    * Vendor focus on Web identity management problems has meant less well
      developed solutions for central management of the Linux and Unix
      world's vital security info. Organizations are forced to maintain
      a hodgepodge of internal and proprietary solutions at high TCO.
    * Proprietary security products don't easily provide access to the
      vital security information they collect or manage. This makes it
      difficult to synchronize and analyze effectively. 

  The Latest Version
  ------------------

  Details of the latest version can be found on the IPA server project
  page under <http://www.freeipa.org/>.

  Documentation
  -------------

  The most up-to-date documentation can be found at
  <http://freeipa.org/page/Documentation/>.

  Quick Start
  -----------

  To get started quickly, start here:
  <https://fedorahosted.org/freeipa/wiki/QuickStartGuide>

  Licensing
  ---------

  Please see the file called COPYING.

  Contacts
  --------

     * If you want to be informed about new code releases, bug fixes,
       security fixes, general news and information about the IPA server
       subscribe to the freeipa-announce mailing list at
       <https://www.redhat.com/mailman/listinfo/freeipa-interest/>.

     * If you have a bug report please submit it at:
       <https://bugzilla.redhat.com>

     * If you want to participate in actively developing IPA please
       subscribe to the freeipa-devel mailing list at
       <https://www.redhat.com/mailman/listinfo/freeipa-devel/> or join
       us in IRC at irc://irc.freenode.net/freeipa