summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRob Crittenden <rcritten@redhat.com>2009-02-05 13:12:11 -0500
committerRob Crittenden <rcritten@redhat.com>2009-02-06 15:25:34 -0500
commit412104e34c0f85f32a4991bed0393b22e7cdf345 (patch)
treef7077c00161b4b7985f3d43a2ecac7231cb0f55d
parent31866db9221970ae30d3296cebd2ee92099a7d13 (diff)
downloadfreeipa-412104e34c0f85f32a4991bed0393b22e7cdf345.tar.gz
freeipa-412104e34c0f85f32a4991bed0393b22e7cdf345.tar.xz
freeipa-412104e34c0f85f32a4991bed0393b22e7cdf345.zip
Remove more unused files and functions, replace ipaerror with new error classes
-rwxr-xr-xinstall/tools/ipa-compat-manage13
-rwxr-xr-xinstall/tools/ipa-ldap-updater2
-rw-r--r--ipa-python/README12
-rw-r--r--ipa-python/ipaadminutil.py96
-rw-r--r--ipa-python/ipaclient.py471
-rw-r--r--ipa-python/ipaerror.py259
-rw-r--r--ipa-python/ipautil.py36
-rw-r--r--ipaserver/install/krbinstance.py4
-rw-r--r--ipaserver/install/ldapupdate.py15
-rw-r--r--ipaserver/install/replication.py10
-rw-r--r--ipaserver/ipaldap.py6
11 files changed, 34 insertions, 890 deletions
diff --git a/install/tools/ipa-compat-manage b/install/tools/ipa-compat-manage
index 648e2c3ab..233c78b5f 100755
--- a/install/tools/ipa-compat-manage
+++ b/install/tools/ipa-compat-manage
@@ -23,9 +23,10 @@ import sys
try:
from optparse import OptionParser
from ipaserver import ipaldap
- from ipa import entity, ipaerror, ipautil, config
- from ipaserver import installutils
- from ipaserver.ldapupdate import LDAPUpdate, BadSyntax, UPDATES_DIR
+ from ipa import entity, ipautil, config
+ from ipaserver.install import installutils
+ from ipaserver.install.ldapupdate import LDAPUpdate, BadSyntax, UPDATES_DIR
+ from ipalib import errors, errors2
import ldap
import logging
import re
@@ -109,7 +110,7 @@ def main():
ldap.SCOPE_BASE, "(objectclass=*)")
print "Plugin already Enabled"
retval = 2
- except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND):
+ except errors2.NotFound:
print "Enabling plugin"
except ldap.LDAPError, e:
print "An error occurred while talking to the server."
@@ -131,7 +132,7 @@ def main():
conn.deleteEntry("cn=groups,cn=Schema Compatibility,cn=plugins,cn=config")
conn.deleteEntry("cn=users,cn=Schema Compatibility,cn=plugins,cn=config")
conn.deleteEntry("cn=Schema Compatibility,cn=plugins,cn=config")
- except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND):
+ except errors2.NotFound:
print "Plugin is already disabled"
retval = 2
except ldap.LDAPError, e:
@@ -166,6 +167,6 @@ except config.IPAConfigError, e:
print "An IPA server to update cannot be found. Has one been configured yet?"
print "The error was: %s" % e
sys.exit(1)
-except ipaerror, e:
+except ldap.LDAPError, e:
print "An error occurred while performing operations: %s" % e
sys.exit(1)
diff --git a/install/tools/ipa-ldap-updater b/install/tools/ipa-ldap-updater
index a704d8fc6..7487fa0f4 100755
--- a/install/tools/ipa-ldap-updater
+++ b/install/tools/ipa-ldap-updater
@@ -27,7 +27,7 @@ import sys
try:
from optparse import OptionParser
from ipaserver import ipaldap
- from ipa import entity, ipaerror, ipautil, config
+ from ipa import entity, ipautil, config
from ipaserver.install import installutils
from ipaserver.install.ldapupdate import LDAPUpdate, BadSyntax, UPDATES_DIR
import ldap
diff --git a/ipa-python/README b/ipa-python/README
index 99fcccc71..c966e44bf 100644
--- a/ipa-python/README
+++ b/ipa-python/README
@@ -3,28 +3,16 @@ geared currently towards command-line tools.
A brief overview:
-aci.py - a basic LDAP ACI parser for doing delegations.
config.py - identify the IPA server domain and realm. It uses dnsclient to
try to detect this information first and will fall back to
/etc/ipa/ipa.conf if that fails.
-ipaadminutil.py - routines to help reduce the number of entries from a search
dnsclient.py - find IPA information via DNS
-ipaclient.py - the main interface for any command-line tools. When initialized
- if transport is True then it means the IPA server is on the
- same machine so no need to use the XML-RPC interface.
-rpcclient.py - the XML-RPC client API. Callers should use ipaclient instead
- of this directly.
-
ipautil.py - helper functions
radius_util.py - helper functions for Radius
-user.py
-group.py
entity.py - entity is the main data type. User and Group extend this class
(but don't add anything currently).
ipavalidate.py - basic data validation routines
-ipaerror.py - our own error types
-krbtransport.py - do Kerberos auth over HTTP/S
diff --git a/ipa-python/ipaadminutil.py b/ipa-python/ipaadminutil.py
deleted file mode 100644
index 5f0b2fa98..000000000
--- a/ipa-python/ipaadminutil.py
+++ /dev/null
@@ -1,96 +0,0 @@
-# Authors: Rob Crittenden <rcritten@redhat.com>
-#
-# Copyright (C) 2007 Red Hat
-# see file 'COPYING' for use and warranty information
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License as
-# published by the Free Software Foundation; version 2 only
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-#
-
-import string
-import tempfile
-import logging
-import subprocess
-import os
-import ipa.ipavalidate as ipavalidate
-
-def select_user(counter, users):
- """counter is the number of User objects in users
- users is a list of User objects
-
- This purposely doesn't catch KeyboardInterrupt
- """
- i = 1
- print "%s entries were found. Which one would you like to display?" % counter
- for ent in users:
- if (ent.getValues('givenname')) is not None:
- print "%s: %s %s (%s)" % (i, ent.getValues('givenname'), ent.getValues('sn'), ent.getValues('uid'))
- else:
- print "%s: %s (%s)" % (i, ent.getValues('sn'), ent.getValues('uid'))
- i += 1
- while True:
- resp = raw_input("Choose one: (1 - %s), 0 for all, q to quit: " % counter)
- if resp == "q":
- return "q"
- if resp == "0":
- userindex = -1
- break
- try:
- userindex = int(resp) - 1
- if (userindex >= 0 and userindex < counter):
- break
- except:
- # fall through to the error msg
- pass
-
- print "Please enter a number between 1 and %s" % counter
-
- return userindex
-
-def select_group(counter, groups):
- """counter is the number of Group objects in users
- users is a list of Group objects
-
- This purposely doesn't catch KeyboardInterrupt
- """
- i = 1
- print "%s entries were found. Which one would you like to display?" % counter
- for ent in groups:
- print "%s: %s" % (i, ent.getValues('cn'))
- i += 1
- while True:
- resp = raw_input("Choose one: (1 - %s), 0 for all, q to quit: " % counter)
- if resp == "q":
- return "q"
- if resp == "0":
- groupindex = -1
- break
- try:
- groupindex = int(resp) - 1
- if (groupindex >= 0 and groupindex < counter):
- break
- except:
- # fall through to the error msg
- pass
-
- print "Please enter a number between 1 and %s" % counter
-
- return groupindex
-
-def check_name(name):
- """Helper to ensure that a user or group name is legal"""
-
- if (not ipavalidate.GoodName(name, notEmpty=True)):
- raise ValueError("may only include letters, numbers, _, -, . and $")
-
- return
diff --git a/ipa-python/ipaclient.py b/ipa-python/ipaclient.py
deleted file mode 100644
index 6f31dd8f0..000000000
--- a/ipa-python/ipaclient.py
+++ /dev/null
@@ -1,471 +0,0 @@
-# Authors: Rob Crittenden <rcritten@redhat.com>
-#
-# Copyright (C) 2007 Red Hat
-# see file 'COPYING' for use and warranty information
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License as
-# published by the Free Software Foundation; version 2 only
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-#
-
-import ipa.rpcclient as rpcclient
-import entity
-import user
-import group
-import radius_util
-
-class IPAClient:
-
- def __init__(self,transport=None,verbose=False):
- if transport:
- self.local = True
- self.transport = transport
- else:
- self.local = False
- self.transport = rpcclient.RPCClient(verbose)
-
- def set_principal(self,princ):
- """Set the name of the principal that will be used for
- LDAP proxy authentication"""
- if self.local:
- self.transport.set_principal(princ)
-
- def set_krbccache(self,krbccache):
- """Set the file location of the Kerberos credentials cache to be used
- for LDAP authentication"""
- if self.local:
- self.transport.set_krbccache(krbccache)
-
-# Higher-level API
-
- def get_aci_entry(self, sattrs=None):
- """Returns the entry containing access control ACIs."""
-
- result = self.transport.get_aci_entry(sattrs)
- return entity.Entity(result)
-
-# General searches
-
- def get_entry_by_dn(self,dn,sattrs=None):
- """Get a specific entry by dn. If sattrs is set then only those
- attributes will be returned, otherwise all available attributes
- are returned."""
- result = self.transport.get_entry_by_dn(dn,sattrs)
- return entity.Entity(result)
-
- def get_entry_by_cn(self,cn,sattrs=None):
- """Get a specific entry by cn. If sattrs is set then only those
- attributes will be returned, otherwise all available attributes
- are returned."""
- result = self.transport.get_entry_by_cn(cn,sattrs)
- return entity.Entity(result)
-
- def update_entry(self,entry):
- """Update a entry."""
-
- result = self.transport.update_entry(entry.origDataDict(), entry.toDict())
- return result
-
-# User support
- def get_user_by_uid(self,uid,sattrs=None):
- """Get a specific user by uid. If sattrs is set then only those
- attributes will be returned, otherwise all available attributes
- are returned."""
- result = self.transport.get_user_by_uid(uid,sattrs)
- return user.User(result)
-
- def get_user_by_principal(self,principal,sattrs=None):
- """Get a specific user by uid. If sattrs is set then only those
- attributes will be returned, otherwise all available attributes
- are returned."""
- result = self.transport.get_user_by_principal(principal,sattrs)
- return user.User(result)
-
- def get_user_by_email(self,email,sattrs=None):
- """Get a specific user's entry. Return as a dict of values.
- Multi-valued fields are represented as lists.
- """
- result = self.transport.get_user_by_email(email,sattrs)
- return user.User(result)
-
- def get_users_by_manager(self,manager_dn,sattrs=None):
- """Gets the users the report to a particular manager.
- If sattrs is not None then only those
- attributes will be returned, otherwise all available
- attributes are returned. The result is a list of groups."""
- results = self.transport.get_users_by_manager(manager_dn, sattrs)
-
- return map(lambda result: user.User(result), results)
-
- def add_user(self,user,user_container=None):
- """Add a user. user is a ipa.user.User object"""
-
- user_dict = user.toDict()
-
- # convert to a regular dict before sending
- result = self.transport.add_user(user_dict, user_container)
- return result
-
- def get_all_users(self):
- """Get as a list of User objects all users in the directory"""
- result = self.transport.get_all_users()
-
- all_users = []
- for attrs in result:
- if attrs is not None:
- all_users.append(user.User(attrs))
-
- return all_users
-
- def get_custom_fields(self):
- """Get custom user fields"""
- result = self.transport.get_custom_fields()
- return result
-
- def set_custom_fields(self, schema):
- """Set custom user fields"""
- result = self.transport.set_custom_fields(schema)
- return result
-
- def find_users(self, criteria, sattrs=None, sizelimit=-1, timelimit=-1):
- """Return a list: counter followed by a User object for each user that
- matches the criteria. If the results are truncated, counter will
- be set to -1"""
- result = self.transport.find_users(criteria, sattrs, sizelimit, timelimit)
- counter = result[0]
-
- users = [counter]
- for attrs in result[1:]:
- if attrs is not None:
- users.append(user.User(attrs))
-
- return users
-
- def update_user(self,user):
- """Update a user entry."""
-
- result = self.transport.update_user(user.origDataDict(), user.toDict())
- return result
-
- def delete_user(self,uid):
- """Delete a user entry."""
-
- result = self.transport.delete_user(uid)
- return result
-
- def modifyPassword(self,principal,oldpass,newpass):
- """Modify a user's password"""
-
- result = self.transport.modifyPassword(principal,oldpass,newpass)
-
- return result
-
- def mark_user_active(self,uid):
- """Set a user as active by uid."""
-
- result = self.transport.mark_user_active(uid)
- return result
-
- def mark_user_inactive(self,uid):
- """Set a user as inactive by uid."""
-
- result = self.transport.mark_user_inactive(uid)
- return result
-
-# Groups support
-
- def get_groups_by_member(self,member_dn,sattrs=None):
- """Gets the groups that member_dn belongs to.
- If sattrs is not None then only those
- attributes will be returned, otherwise all available
- attributes are returned. The result is a list of groups."""
- results = self.transport.get_groups_by_member(member_dn,sattrs)
-
- return map(lambda result: group.Group(result), results)
-
- def add_group(self,group,group_container=None):
- """Add a group. group is a ipa.group.Group object"""
-
- group_dict = group.toDict()
-
- # dn is set on the server-side
- del group_dict['dn']
-
- # convert to a regular dict before sending
- result = self.transport.add_group(group_dict, group_container)
- return result
-
- def find_groups(self, criteria, sattrs=None, sizelimit=-1, timelimit=-1):
- """Find groups whose cn matches the criteria. Wildcards are
- acceptable. Returns a list of Group objects."""
- result = self.transport.find_groups(criteria, sattrs, sizelimit, timelimit)
- counter = result[0]
-
- groups = [counter]
- for attrs in result[1:]:
- if attrs is not None:
- groups.append(group.Group(attrs))
-
- return groups
-
- def add_member_to_group(self, member_dn, group_dn):
- """Add a member to an existing group.
- """
-
- return self.transport.add_member_to_group(member_dn, group_dn)
-
- def add_members_to_group(self, member_dns, group_dn):
- """Add several members to an existing group.
- member_dns is a list of dns to add
-
- Returns a list of the dns that were not added.
- """
-
- return self.transport.add_members_to_group(member_dns, group_dn)
-
- def remove_member_from_group(self, member_dn, group_dn):
- """Remove a member from an existing group.
- """
-
- return self.transport.remove_member_from_group(member_dn, group_dn)
-
- def remove_members_from_group(self, member_dns, group_dn):
- """Remove several members from an existing group.
- member_dns is a list of dns to remove
-
- Returns a list of the dns that were not removed.
- """
-
- return self.transport.remove_members_from_group(member_dns, group_dn)
-
- def add_user_to_group(self, user_uid, group_dn):
- """Add a user to an existing group.
- user is a uid of the user to add
- group is the cn of the group to be added to
- """
-
- return self.transport.add_user_to_group(user_uid, group_dn)
-
- def add_users_to_group(self, user_uids, group_dn):
- """Add several users to an existing group.
- user_uids is a list of uids of the users to add
-
- Returns a list of the user uids that were not added.
- """
-
- return self.transport.add_users_to_group(user_uids, group_dn)
-
- def remove_user_from_group(self, user_uid, group_dn):
- """Remove a user from an existing group.
- user is a uid of the user to remove
- group is the cn of the group to be removed from
- """
-
- return self.transport.remove_user_from_group(user_uid, group_dn)
-
- def remove_users_from_group(self, user_uids, group_dn):
- """Remove several users from an existing group.
- user_uids is a list of uids of the users to remove
-
- Returns a list of the user uids that were not removed.
- """
-
- return self.transport.remove_users_from_group(user_uids, group_dn)
-
- def add_groups_to_user(self, group_dns, user_dn):
- """Given a list of group dn's add them to the user.
-
- Returns a list of the group dns that were not added.
- """
- return self.transport.add_groups_to_user(group_dns, user_dn)
-
- def remove_groups_from_user(self, group_dns, user_dn):
- """Given a list of group dn's remove them from the user.
-
- Returns a list of the group dns that were not removed.
- """
-
- return self.transport.remove_groups_from_user(group_dns, user_dn)
-
- def update_group(self,group):
- """Update a group entry."""
-
- return self.transport.update_group(group.origDataDict(), group.toDict())
-
- def delete_group(self,group_dn):
- """Delete a group entry."""
-
- return self.transport.delete_group(group_dn)
-
- def add_group_to_group(self, group_cn, tgroup_cn):
- """Add a group to an existing group.
- group_cn is a cn of the group to add
- tgroup_cn is the cn of the group to be added to
- """
-
- return self.transport.add_group_to_group(group_cn, tgroup_cn)
-
- def attrs_to_labels(self,attrs):
- """Convert a list of LDAP attributes into a more readable form."""
-
- return self.transport.attrs_to_labels(attrs)
-
- def get_all_attrs(self):
- """We have a list of hardcoded attributes -> readable labels. Return
- that complete list if someone wants it.
- """
-
- return self.transport.get_all_attrs()
-
- def group_members(self, groupdn, attr_list, membertype):
- """Do a memberOf search of groupdn and return the attributes in
- attr_list (an empty list returns everything)."""
-
- results = self.transport.group_members(groupdn, attr_list, membertype)
-
- counter = results[0]
-
- entries = [counter]
- for e in results[1:]:
- if e is not None:
- entries.append(user.User(e))
-
- return entries
-
- def mark_group_active(self,cn):
- """Set a group as active by cn."""
-
- result = self.transport.mark_group_active(cn)
- return result
-
- def mark_group_inactive(self,cn):
- """Set a group as inactive by cn."""
-
- result = self.transport.mark_group_inactive(cn)
- return result
-
-# Configuration
-
- def get_ipa_config(self):
- """Get the IPA configuration"""
- result = self.transport.get_ipa_config()
- return entity.Entity(result)
-
- def update_ipa_config(self, config):
- """Updates the IPA configuration.
-
- config is an Entity object.
- """
- result = self.transport.update_ipa_config(config.origDataDict(), config.toDict())
- return result
-
- def get_password_policy(self):
- """Get the IPA password policy"""
- result = self.transport.get_password_policy()
- return entity.Entity(result)
-
- def update_password_policy(self, policy):
- """Updates the IPA password policy.
-
- policy is an Entity object.
- """
- result = self.transport.update_password_policy(policy.origDataDict(), policy.toDict())
- return result
-
- def add_service_principal(self, princ_name, force):
- return self.transport.add_service_principal(princ_name, force)
-
- def delete_service_principal(self, principal_dn):
- return self.transport.delete_service_principal(principal_dn)
-
- def find_service_principal(self, criteria, sattrs=None, sizelimit=-1, timelimit=-1):
- """Return a list: counter followed by a Entity object for each host that
- matches the criteria. If the results are truncated, counter will
- be set to -1"""
- result = self.transport.find_service_principal(criteria, sattrs, sizelimit, timelimit)
- counter = result[0]
-
- hosts = [counter]
- for attrs in result[1:]:
- if attrs is not None:
- hosts.append(entity.Entity(attrs))
-
- return hosts
-
- def get_keytab(self, princ_name):
- return self.transport.get_keytab(princ_name)
-
-# radius support
- def get_radius_client_by_ip_addr(self, ip_addr, container=None, sattrs=None):
- result = self.transport.get_radius_client_by_ip_addr(ip_addr, container, sattrs)
- return radius_util.RadiusClient(result)
-
- def add_radius_client(self, client, container=None):
- client_dict = client.toDict()
-
- # dn is set on the server-side
- del client_dict['dn']
-
- # convert to a regular dict before sending
- result = self.transport.add_radius_client(client_dict, container)
- return result
-
- def update_radius_client(self, client):
- result = self.transport.update_radius_client(client.origDataDict(), client.toDict())
- return result
-
- def delete_radius_client(self, ip_addr, container=None):
- return self.transport.delete_radius_client(ip_addr, container)
-
- def find_radius_clients(self, criteria, container=None, sattrs=None, sizelimit=-1, timelimit=-1):
- result = self.transport.find_radius_clients(criteria, container, sattrs, sizelimit, timelimit)
- counter = result[0]
-
- users = [counter]
- for attrs in result[1:]:
- if attrs is not None:
- users.append(user.User(attrs))
-
- return users
-
- def get_radius_profile_by_uid(self, uid, user_profile=None, sattrs=None):
- result = self.transport.get_radius_profile_by_uid(uid, user_profile, sattrs)
- return radius_util.RadiusClient(result)
-
- def add_radius_profile(self, profile, user_profile=None):
- profile_dict = profile.toDict()
-
- # dn is set on the server-side
- del profile_dict['dn']
-
- # convert to a regular dict before sending
- result = self.transport.add_radius_profile(profile_dict, user_profile)
- return result
-
- def update_radius_profile(self, profile):
- result = self.transport.update_radius_profile(profile.origDataDict(), profile.toDict())
- return result
-
- def delete_radius_profile(self, ip_addr, user_profile=None):
- return self.transport.delete_radius_profile(ip_addr, user_profile)
-
- def find_radius_profiles(self, criteria, user_profile=None, sattrs=None, sizelimit=-1, timelimit=-1):
- result = self.transport.find_radius_profiles(criteria, user_profile, sattrs, sizelimit, timelimit)
- counter = result[0]
-
- users = [counter]
- for attrs in result[1:]:
- if attrs is not None:
- users.append(user.User(attrs))
-
- return users
-
diff --git a/ipa-python/ipaerror.py b/ipa-python/ipaerror.py
deleted file mode 100644
index 9357bd741..000000000
--- a/ipa-python/ipaerror.py
+++ /dev/null
@@ -1,259 +0,0 @@
-# Copyright (C) 2007 Red Hat
-# see file 'COPYING' for use and warranty information
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License as
-# published by the Free Software Foundation; version 2 only
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-#
-
-import exceptions
-import types
-
-class IPAError(exceptions.Exception):
- """Base error class for IPA Code"""
-
- def __init__(self, code, message="", detail=None):
- """code is the IPA error code.
- message is a human viewable error message.
- detail is an optional exception that provides more detail about the
- error."""
- self.code = code
- self.message = message
- # Fill this in as an empty LDAP error message so we don't have a lot
- # of "if e.detail ..." everywhere
- if detail is None:
- detail = []
- detail.append({'desc':'','info':''})
- self.detail = detail
-
- def __str__(self):
- return self.message
-
- def __repr__(self):
- repr = "%d: %s" % (self.code, self.message)
- if self.detail:
- repr += "\n%s" % str(self.detail)
- return repr
-
-
-###############
-# Error codes #
-###############
-
-code_map_dict = {}
-
-def gen_exception(code, message=None, nested_exception=None):
- """This should be used by IPA code to translate error codes into the
- correct exception/message to throw.
-
- message is an optional argument which overrides the default message.
-
- nested_exception is an optional argument providing more details
- about the error."""
- (default_message, exception) = code_map_dict.get(code, ("unknown", IPAError))
- if not message:
- message = default_message
- return exception(code, message, nested_exception)
-
-def exception_for(code):
- """Used to look up the corresponding exception for an error code.
- Will usually be used for an except block."""
- (default_message, exception) = code_map_dict.get(code, ("unknown", IPAError))
- return exception
-
-def gen_error_code(category, detail, message):
- """Private method used to generate exception codes.
- category is one of the 16 bit error code category constants.
- detail is a 16 bit code within the category.
- message is a human readable description on the error.
- exception is the exception to throw for this error code."""
- code = (category << 16) + detail
- exception = types.ClassType("IPAError%d" % code,
- (IPAError,),
- {})
- code_map_dict[code] = (message, exception)
-
- return code
-
-#
-# Error codes are broken into two 16-bit values: category and detail
-#
-
-#
-# LDAP Errors: 0x0001
-#
-LDAP_CATEGORY = 0x0001
-
-LDAP_DATABASE_ERROR = gen_error_code(
- LDAP_CATEGORY,
- 0x0001,
- "A database error occurred")
-
-LDAP_MIDAIR_COLLISION = gen_error_code(
- LDAP_CATEGORY,
- 0x0002,
- "Change collided with another change")
-
-LDAP_NOT_FOUND = gen_error_code(
- LDAP_CATEGORY,
- 0x0003,
- "Entry not found")
-
-LDAP_DUPLICATE = gen_error_code(
- LDAP_CATEGORY,
- 0x0004,
- "This entry already exists")
-
-LDAP_MISSING_DN = gen_error_code(
- LDAP_CATEGORY,
- 0x0005,
- "Entry missing dn")
-
-LDAP_EMPTY_MODLIST = gen_error_code(
- LDAP_CATEGORY,
- 0x0006,
- "No modifications to be performed")
-
-LDAP_NO_CONFIG = gen_error_code(
- LDAP_CATEGORY,
- 0x0007,
- "IPA configuration not found")
-
-#
-# Function input errors
-#
-INPUT_CATEGORY = 0x0002
-
-INPUT_INVALID_PARAMETER = gen_error_code(
- INPUT_CATEGORY,
- 0x0001,
- "Invalid parameter(s)")
-
-INPUT_SAME_GROUP = gen_error_code(
- INPUT_CATEGORY,
- 0x0002,
- "You can't add a group to itself")
-
-INPUT_NOT_DNS_A_RECORD = gen_error_code(
- INPUT_CATEGORY,
- 0x0003,
- "The requested hostname is not a DNS A record. This is required by Kerberos.")
-
-INPUT_ADMINS_IMMUTABLE = gen_error_code(
- INPUT_CATEGORY,
- 0x0004,
- "The admins group cannot be renamed.")
-
-INPUT_MALFORMED_SERVICE_PRINCIPAL = gen_error_code(
- INPUT_CATEGORY,
- 0x0005,
- "The requested service principal is not of the form: service/fully-qualified host name")
-
-INPUT_REALM_MISMATCH = gen_error_code(
- INPUT_CATEGORY,
- 0x0006,
- "The realm for the principal does not match the realm for this IPA server.")
-
-INPUT_ADMIN_REQUIRED = gen_error_code(
- INPUT_CATEGORY,
- 0x0007,
- "The admin user cannot be deleted.")
-
-INPUT_CANT_INACTIVATE = gen_error_code(
- INPUT_CATEGORY,
- 0x0008,
- "This entry cannot be inactivated.")
-
-INPUT_ADMIN_REQUIRED_IN_ADMINS = gen_error_code(
- INPUT_CATEGORY,
- 0x0009,
- "The admin user cannot be removed from the admins group.")
-
-INPUT_SERVICE_PRINCIPAL_REQUIRED = gen_error_code(
- INPUT_CATEGORY,
- 0x000A,
- "You cannot remove IPA server service principals.")
-
-INPUT_UID_TOO_LONG = gen_error_code(
- INPUT_CATEGORY,
- 0x0009,
- "The requested username is too long.")
-
-#
-# Connection errors
-#
-CONNECTION_CATEGORY = 0x0003
-
-CONNECTION_NO_CONN = gen_error_code(
- CONNECTION_CATEGORY,
- 0x0001,
- "Connection to database failed")
-
-CONNECTION_NO_CCACHE = gen_error_code(
- CONNECTION_CATEGORY,
- 0x0002,
- "No Kerberos credentials cache is available. Connection cannot be made.")
-
-CONNECTION_GSSAPI_CREDENTIALS = gen_error_code(
- CONNECTION_CATEGORY,
- 0x0003,
- "GSSAPI Authorization error")
-
-CONNECTION_UNWILLING = gen_error_code(
- CONNECTION_CATEGORY,
- 0x0004,
- "Account inactivated. Server is unwilling to perform.")
-
-#
-# Configuration errors
-#
-CONFIGURATION_CATEGORY = 0x0004
-
-CONFIG_REQUIRED_GROUPS = gen_error_code(
- CONFIGURATION_CATEGORY,
- 0x0001,
- "The admins and editors groups are required.")
-
-CONFIG_DEFAULT_GROUP = gen_error_code(
- CONFIGURATION_CATEGORY,
- 0x0002,
- "You cannot remove the default users group.")
-
-CONFIG_INVALID_OC = gen_error_code(
- CONFIGURATION_CATEGORY,
- 0x0003,
- "Invalid object class.")
-
-#
-# Entry status errors
-#
-STATUS_CATEGORY = 0x0005
-
-STATUS_ALREADY_ACTIVE = gen_error_code(
- STATUS_CATEGORY,
- 0x0001,
- "This entry is already active.")
-
-STATUS_ALREADY_INACTIVE = gen_error_code(
- STATUS_CATEGORY,
- 0x0002,
- "This entry is already inactive.")
-
-STATUS_HAS_NSACCOUNTLOCK = gen_error_code(
- STATUS_CATEGORY,
- 0x0003,
- "This entry appears to have the nsAccountLock attribute in it so the Class of Service activation/inactivation will not work. You will need to remove the attribute nsAccountLock for this to work.")
-
-STATUS_NOT_GROUP_MEMBER = gen_error_code(
- STATUS_CATEGORY,
- 0x0004,
- "This entry is not a member of the group.")
diff --git a/ipa-python/ipautil.py b/ipa-python/ipautil.py
index 780fef3d0..aa49c3ba3 100644
--- a/ipa-python/ipautil.py
+++ b/ipa-python/ipautil.py
@@ -30,7 +30,6 @@ import stat
import shutil
from ipa import ipavalidate
-from ipa import ipaadminutil
from types import *
import re
@@ -446,11 +445,11 @@ def ipa_generate_password():
def format_list(items, quote=None, page_width=80):
'''Format a list of items formatting them so they wrap to fit the
- available width. The items will be sorted.
+ available width. The items will be sorted.
The items may optionally be quoted. The quote parameter may either be
a string, in which case it is added before and after the item. Or the
- quote parameter may be a pair (either a tuple or list). In this case
+ quote parameter may be a pair (either a tuple or list). In this case
quote[0] is left hand quote and quote[1] is the right hand quote.
'''
left_quote = right_quote = ''
@@ -501,8 +500,8 @@ def parse_key_value_pairs(input):
Example: The string
- arg0 = '' arg1 = 1 arg2='two' arg3 = "three's a crowd" arg4 = "this is a \" quote"
-
+ arg0 = '' arg1 = 1 arg2='two' arg3 = "three's a crowd" arg4 = "this is a \" quote"
+
will produce
arg0= arg1=1
@@ -562,7 +561,7 @@ def user_input(prompt, default = None, allow_empty = True):
ret = raw_input("%s: " % prompt)
if allow_empty or ret.strip():
return ret
-
+
if isinstance(default, basestring):
while True:
ret = raw_input("%s [%s]: " % (prompt, default))
@@ -595,16 +594,6 @@ def user_input(prompt, default = None, allow_empty = True):
else:
return ret
-def user_input_email(prompt, default = None, allow_empty = False):
- if default != None and allow_empty:
- prompt += " (enter \"none\" for empty)"
- while True:
- ret = user_input(prompt, default, allow_empty)
- if allow_empty and ret.lower() == "none":
- return ""
- if ipavalidate.Email(ret, not allow_empty):
- return ret.strip()
-
def user_input_plain(prompt, default = None, allow_empty = True, allow_spaces = True):
while True:
ret = user_input(prompt, default, allow_empty)
@@ -621,15 +610,6 @@ def user_input_path(prompt, default = None, allow_empty = True):
if ipavalidate.Path(ret, not allow_empty):
return ret
-def user_input_name(prompt, default = None):
- while True:
- ret = user_input(prompt, default, False)
- try:
- ipaadminutil.check_name(ret)
- return ret
- except ValueError, e:
- print prompt + " " + str(e)
-
class AttributeValueCompleter:
'''
Gets input from the user in the form "lhs operator rhs"
@@ -722,7 +702,7 @@ class AttributeValueCompleter:
# Restore previous state
readline.set_completer_delims(self.prev_completer_delims)
readline.set_completer(self.prev_completer)
-
+
def parse_input(self):
'''We are looking for 3 tokens: <lhs,op,rhs>
Extract as much of each token as possible.
@@ -918,7 +898,7 @@ class ItemCompleter:
# Restore previous state
readline.set_completer_delims(self.prev_completer_delims)
readline.set_completer(self.prev_completer)
-
+
def get_item_completions(self, text):
if text:
self.completions = [lhs for lhs in self.items if lhs.startswith(text)]
@@ -940,7 +920,7 @@ class ItemCompleter:
def read_input(self, prompt, initial_input=None):
items = []
-
+
self.initial_input = initial_input
try:
if initial_input is None:
diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py
index fb99604c7..4efa4e9b5 100644
--- a/ipaserver/install/krbinstance.py
+++ b/ipaserver/install/krbinstance.py
@@ -34,8 +34,8 @@ import service
import installutils
from ipa import sysrestore
from ipa import ipautil
-from ipa import ipaerror
from ipalib import util
+from ipalib import errors2
from ipaserver import ipaldap
@@ -322,7 +322,7 @@ class KrbInstance(service.Service):
def __write_stash_from_ds(self):
try:
entry = self.conn.getEntry("cn=%s, cn=kerberos, %s" % (self.realm, self.suffix), ldap.SCOPE_SUBTREE)
- except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND), e:
+ except errors2.NotFound:
logging.critical("Could not find master key in DS")
raise e
diff --git a/ipaserver/install/ldapupdate.py b/ipaserver/install/ldapupdate.py
index b9efe84ab..3690b75bb 100644
--- a/ipaserver/install/ldapupdate.py
+++ b/ipaserver/install/ldapupdate.py
@@ -27,8 +27,9 @@ UPDATES_DIR="/usr/share/ipa/updates/"
import sys
from ipaserver.install import installutils
from ipaserver import ipaldap
-from ipa import entity, ipaerror, ipautil
+from ipa import entity, ipautil
from ipalib import util
+from ipalib import errors, errors2
import ldap
import logging
import krbV
@@ -326,10 +327,10 @@ class LDAPUpdate:
while True:
try:
entry = self.conn.getEntry(dn, ldap.SCOPE_BASE, "(objectclass=*)", attrlist)
- except ldap.NO_SUCH_OBJECT:
+ except errors2.NotFound:
logging.error("Task not found: %s", dn)
return
- except ipaerror.exception_for(ipaerror.LDAP_DATABASE_ERROR), e:
+ except errors.DatabaseError, e:
logging.error("Task lookup failure %s: %s", e, self.__detail_error(e.detail))
return
@@ -496,11 +497,11 @@ class LDAPUpdate:
entry = self.__entry_to_entity(e[0])
found = True
logging.info("Updating existing entry: %s", entry.dn)
- except ldap.NO_SUCH_OBJECT:
+ except errors2.NotFound:
# Doesn't exist, start with the default entry
entry = new_entry
logging.info("New entry: %s", entry.dn)
- except ipaerror.exception_for(ipaerror.LDAP_DATABASE_ERROR):
+ except errors.DatabaseError:
# Doesn't exist, start with the default entry
entry = new_entry
logging.info("New entry, using default value: %s", entry.dn)
@@ -536,10 +537,10 @@ class LDAPUpdate:
if self.live_run and updated:
self.conn.updateEntry(entry.dn, entry.origDataDict(), entry.toDict())
logging.info("Done")
- except ipaerror.exception_for(ipaerror.LDAP_EMPTY_MODLIST), e:
+ except errors.EmptyModlist:
logging.info("Entry already up-to-date")
updated = False
- except ipaerror.exception_for(ipaerror.LDAP_DATABASE_ERROR), e:
+ except errors.DatabaseError, e:
logging.error("Update failed: %s: %s", e, self.__detail_error(e.detail))
updated = False
diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py
index 33ed9c8ac..12db0eb0c 100644
--- a/ipaserver/install/replication.py
+++ b/ipaserver/install/replication.py
@@ -23,8 +23,8 @@ import ldap
from ipaserver.install import dsinstance
from ipaserver import ipaldap
from ldap import modlist
-from ipa import ipaerror
from ipalib import util
+from ipalib import errors2
DIRMAN_CN = "cn=directory manager"
CACERT="/usr/share/ipa/html/ca.crt"
@@ -148,7 +148,7 @@ class ReplicationManager:
conn.getEntry(dn, ldap.SCOPE_BASE)
# replication is already configured
return
- except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND):
+ except errors2.NotFound:
pass
replica_type = self.get_replica_type()
@@ -220,7 +220,7 @@ class ReplicationManager:
try:
entry = self.conn.getEntry("cn=mapping tree,cn=config", ldap.SCOPE_ONELEVEL,
"(cn=\"%s\")" % (self.suffix))
- except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND), e:
+ except errors2.NotFound, e:
logging.debug("failed to find mappting tree entry for %s" % self.suffix)
raise e
@@ -256,7 +256,7 @@ class ReplicationManager:
conn.getEntry(pass_dn, ldap.SCOPE_BASE)
print "Windows PassSync entry exists, not resetting password"
return
- except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND):
+ except errors2.NotFound:
pass
# The user doesn't exist, add it
@@ -315,7 +315,7 @@ class ReplicationManager:
try:
a.getEntry(dn, ldap.SCOPE_BASE)
return
- except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND):
+ except errors2.NotFound:
pass
iswinsync = kargs.get("winsync", False)
diff --git a/ipaserver/ipaldap.py b/ipaserver/ipaldap.py
index e7177b3e2..a490c3407 100644
--- a/ipaserver/ipaldap.py
+++ b/ipaserver/ipaldap.py
@@ -320,7 +320,7 @@ class IPAdmin(SimpleLDAPObject):
# Too many results returned by search
raise e
except ldap.LDAPError, e:
- raise e
+ raise errors.DatabaseError, e
if not obj:
raise errors2.NotFound(msg=notfound(args))
@@ -357,7 +357,7 @@ class IPAdmin(SimpleLDAPObject):
ldap.TIMELIMIT_EXCEEDED), e:
partial = 1
except ldap.LDAPError, e:
- raise e
+ raise errors.DatabaseError, e
if not entries:
raise errors2.NotFound(msg=notfound(args))
@@ -514,7 +514,7 @@ class IPAdmin(SimpleLDAPObject):
self.set_option(ldap.OPT_SERVER_CONTROLS, sctrl)
self.passwd_s(dn, oldpass, newpass)
except ldap.LDAPError, e:
- raise e
+ raise errors.DatabaseError, e
return True
def __wrapmethods(self):