diff options
author | Rob Crittenden <rcritten@redhat.com> | 2009-02-05 13:12:11 -0500 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2009-02-06 15:25:34 -0500 |
commit | 412104e34c0f85f32a4991bed0393b22e7cdf345 (patch) | |
tree | f7077c00161b4b7985f3d43a2ecac7231cb0f55d | |
parent | 31866db9221970ae30d3296cebd2ee92099a7d13 (diff) | |
download | freeipa-412104e34c0f85f32a4991bed0393b22e7cdf345.tar.gz freeipa-412104e34c0f85f32a4991bed0393b22e7cdf345.tar.xz freeipa-412104e34c0f85f32a4991bed0393b22e7cdf345.zip |
Remove more unused files and functions, replace ipaerror with new error classes
-rwxr-xr-x | install/tools/ipa-compat-manage | 13 | ||||
-rwxr-xr-x | install/tools/ipa-ldap-updater | 2 | ||||
-rw-r--r-- | ipa-python/README | 12 | ||||
-rw-r--r-- | ipa-python/ipaadminutil.py | 96 | ||||
-rw-r--r-- | ipa-python/ipaclient.py | 471 | ||||
-rw-r--r-- | ipa-python/ipaerror.py | 259 | ||||
-rw-r--r-- | ipa-python/ipautil.py | 36 | ||||
-rw-r--r-- | ipaserver/install/krbinstance.py | 4 | ||||
-rw-r--r-- | ipaserver/install/ldapupdate.py | 15 | ||||
-rw-r--r-- | ipaserver/install/replication.py | 10 | ||||
-rw-r--r-- | ipaserver/ipaldap.py | 6 |
11 files changed, 34 insertions, 890 deletions
diff --git a/install/tools/ipa-compat-manage b/install/tools/ipa-compat-manage index 648e2c3ab..233c78b5f 100755 --- a/install/tools/ipa-compat-manage +++ b/install/tools/ipa-compat-manage @@ -23,9 +23,10 @@ import sys try: from optparse import OptionParser from ipaserver import ipaldap - from ipa import entity, ipaerror, ipautil, config - from ipaserver import installutils - from ipaserver.ldapupdate import LDAPUpdate, BadSyntax, UPDATES_DIR + from ipa import entity, ipautil, config + from ipaserver.install import installutils + from ipaserver.install.ldapupdate import LDAPUpdate, BadSyntax, UPDATES_DIR + from ipalib import errors, errors2 import ldap import logging import re @@ -109,7 +110,7 @@ def main(): ldap.SCOPE_BASE, "(objectclass=*)") print "Plugin already Enabled" retval = 2 - except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND): + except errors2.NotFound: print "Enabling plugin" except ldap.LDAPError, e: print "An error occurred while talking to the server." @@ -131,7 +132,7 @@ def main(): conn.deleteEntry("cn=groups,cn=Schema Compatibility,cn=plugins,cn=config") conn.deleteEntry("cn=users,cn=Schema Compatibility,cn=plugins,cn=config") conn.deleteEntry("cn=Schema Compatibility,cn=plugins,cn=config") - except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND): + except errors2.NotFound: print "Plugin is already disabled" retval = 2 except ldap.LDAPError, e: @@ -166,6 +167,6 @@ except config.IPAConfigError, e: print "An IPA server to update cannot be found. Has one been configured yet?" print "The error was: %s" % e sys.exit(1) -except ipaerror, e: +except ldap.LDAPError, e: print "An error occurred while performing operations: %s" % e sys.exit(1) diff --git a/install/tools/ipa-ldap-updater b/install/tools/ipa-ldap-updater index a704d8fc6..7487fa0f4 100755 --- a/install/tools/ipa-ldap-updater +++ b/install/tools/ipa-ldap-updater @@ -27,7 +27,7 @@ import sys try: from optparse import OptionParser from ipaserver import ipaldap - from ipa import entity, ipaerror, ipautil, config + from ipa import entity, ipautil, config from ipaserver.install import installutils from ipaserver.install.ldapupdate import LDAPUpdate, BadSyntax, UPDATES_DIR import ldap diff --git a/ipa-python/README b/ipa-python/README index 99fcccc71..c966e44bf 100644 --- a/ipa-python/README +++ b/ipa-python/README @@ -3,28 +3,16 @@ geared currently towards command-line tools. A brief overview: -aci.py - a basic LDAP ACI parser for doing delegations. config.py - identify the IPA server domain and realm. It uses dnsclient to try to detect this information first and will fall back to /etc/ipa/ipa.conf if that fails. -ipaadminutil.py - routines to help reduce the number of entries from a search dnsclient.py - find IPA information via DNS -ipaclient.py - the main interface for any command-line tools. When initialized - if transport is True then it means the IPA server is on the - same machine so no need to use the XML-RPC interface. -rpcclient.py - the XML-RPC client API. Callers should use ipaclient instead - of this directly. - ipautil.py - helper functions radius_util.py - helper functions for Radius -user.py -group.py entity.py - entity is the main data type. User and Group extend this class (but don't add anything currently). ipavalidate.py - basic data validation routines -ipaerror.py - our own error types -krbtransport.py - do Kerberos auth over HTTP/S diff --git a/ipa-python/ipaadminutil.py b/ipa-python/ipaadminutil.py deleted file mode 100644 index 5f0b2fa98..000000000 --- a/ipa-python/ipaadminutil.py +++ /dev/null @@ -1,96 +0,0 @@ -# Authors: Rob Crittenden <rcritten@redhat.com> -# -# Copyright (C) 2007 Red Hat -# see file 'COPYING' for use and warranty information -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation; version 2 only -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -# - -import string -import tempfile -import logging -import subprocess -import os -import ipa.ipavalidate as ipavalidate - -def select_user(counter, users): - """counter is the number of User objects in users - users is a list of User objects - - This purposely doesn't catch KeyboardInterrupt - """ - i = 1 - print "%s entries were found. Which one would you like to display?" % counter - for ent in users: - if (ent.getValues('givenname')) is not None: - print "%s: %s %s (%s)" % (i, ent.getValues('givenname'), ent.getValues('sn'), ent.getValues('uid')) - else: - print "%s: %s (%s)" % (i, ent.getValues('sn'), ent.getValues('uid')) - i += 1 - while True: - resp = raw_input("Choose one: (1 - %s), 0 for all, q to quit: " % counter) - if resp == "q": - return "q" - if resp == "0": - userindex = -1 - break - try: - userindex = int(resp) - 1 - if (userindex >= 0 and userindex < counter): - break - except: - # fall through to the error msg - pass - - print "Please enter a number between 1 and %s" % counter - - return userindex - -def select_group(counter, groups): - """counter is the number of Group objects in users - users is a list of Group objects - - This purposely doesn't catch KeyboardInterrupt - """ - i = 1 - print "%s entries were found. Which one would you like to display?" % counter - for ent in groups: - print "%s: %s" % (i, ent.getValues('cn')) - i += 1 - while True: - resp = raw_input("Choose one: (1 - %s), 0 for all, q to quit: " % counter) - if resp == "q": - return "q" - if resp == "0": - groupindex = -1 - break - try: - groupindex = int(resp) - 1 - if (groupindex >= 0 and groupindex < counter): - break - except: - # fall through to the error msg - pass - - print "Please enter a number between 1 and %s" % counter - - return groupindex - -def check_name(name): - """Helper to ensure that a user or group name is legal""" - - if (not ipavalidate.GoodName(name, notEmpty=True)): - raise ValueError("may only include letters, numbers, _, -, . and $") - - return diff --git a/ipa-python/ipaclient.py b/ipa-python/ipaclient.py deleted file mode 100644 index 6f31dd8f0..000000000 --- a/ipa-python/ipaclient.py +++ /dev/null @@ -1,471 +0,0 @@ -# Authors: Rob Crittenden <rcritten@redhat.com> -# -# Copyright (C) 2007 Red Hat -# see file 'COPYING' for use and warranty information -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation; version 2 only -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -# - -import ipa.rpcclient as rpcclient -import entity -import user -import group -import radius_util - -class IPAClient: - - def __init__(self,transport=None,verbose=False): - if transport: - self.local = True - self.transport = transport - else: - self.local = False - self.transport = rpcclient.RPCClient(verbose) - - def set_principal(self,princ): - """Set the name of the principal that will be used for - LDAP proxy authentication""" - if self.local: - self.transport.set_principal(princ) - - def set_krbccache(self,krbccache): - """Set the file location of the Kerberos credentials cache to be used - for LDAP authentication""" - if self.local: - self.transport.set_krbccache(krbccache) - -# Higher-level API - - def get_aci_entry(self, sattrs=None): - """Returns the entry containing access control ACIs.""" - - result = self.transport.get_aci_entry(sattrs) - return entity.Entity(result) - -# General searches - - def get_entry_by_dn(self,dn,sattrs=None): - """Get a specific entry by dn. If sattrs is set then only those - attributes will be returned, otherwise all available attributes - are returned.""" - result = self.transport.get_entry_by_dn(dn,sattrs) - return entity.Entity(result) - - def get_entry_by_cn(self,cn,sattrs=None): - """Get a specific entry by cn. If sattrs is set then only those - attributes will be returned, otherwise all available attributes - are returned.""" - result = self.transport.get_entry_by_cn(cn,sattrs) - return entity.Entity(result) - - def update_entry(self,entry): - """Update a entry.""" - - result = self.transport.update_entry(entry.origDataDict(), entry.toDict()) - return result - -# User support - def get_user_by_uid(self,uid,sattrs=None): - """Get a specific user by uid. If sattrs is set then only those - attributes will be returned, otherwise all available attributes - are returned.""" - result = self.transport.get_user_by_uid(uid,sattrs) - return user.User(result) - - def get_user_by_principal(self,principal,sattrs=None): - """Get a specific user by uid. If sattrs is set then only those - attributes will be returned, otherwise all available attributes - are returned.""" - result = self.transport.get_user_by_principal(principal,sattrs) - return user.User(result) - - def get_user_by_email(self,email,sattrs=None): - """Get a specific user's entry. Return as a dict of values. - Multi-valued fields are represented as lists. - """ - result = self.transport.get_user_by_email(email,sattrs) - return user.User(result) - - def get_users_by_manager(self,manager_dn,sattrs=None): - """Gets the users the report to a particular manager. - If sattrs is not None then only those - attributes will be returned, otherwise all available - attributes are returned. The result is a list of groups.""" - results = self.transport.get_users_by_manager(manager_dn, sattrs) - - return map(lambda result: user.User(result), results) - - def add_user(self,user,user_container=None): - """Add a user. user is a ipa.user.User object""" - - user_dict = user.toDict() - - # convert to a regular dict before sending - result = self.transport.add_user(user_dict, user_container) - return result - - def get_all_users(self): - """Get as a list of User objects all users in the directory""" - result = self.transport.get_all_users() - - all_users = [] - for attrs in result: - if attrs is not None: - all_users.append(user.User(attrs)) - - return all_users - - def get_custom_fields(self): - """Get custom user fields""" - result = self.transport.get_custom_fields() - return result - - def set_custom_fields(self, schema): - """Set custom user fields""" - result = self.transport.set_custom_fields(schema) - return result - - def find_users(self, criteria, sattrs=None, sizelimit=-1, timelimit=-1): - """Return a list: counter followed by a User object for each user that - matches the criteria. If the results are truncated, counter will - be set to -1""" - result = self.transport.find_users(criteria, sattrs, sizelimit, timelimit) - counter = result[0] - - users = [counter] - for attrs in result[1:]: - if attrs is not None: - users.append(user.User(attrs)) - - return users - - def update_user(self,user): - """Update a user entry.""" - - result = self.transport.update_user(user.origDataDict(), user.toDict()) - return result - - def delete_user(self,uid): - """Delete a user entry.""" - - result = self.transport.delete_user(uid) - return result - - def modifyPassword(self,principal,oldpass,newpass): - """Modify a user's password""" - - result = self.transport.modifyPassword(principal,oldpass,newpass) - - return result - - def mark_user_active(self,uid): - """Set a user as active by uid.""" - - result = self.transport.mark_user_active(uid) - return result - - def mark_user_inactive(self,uid): - """Set a user as inactive by uid.""" - - result = self.transport.mark_user_inactive(uid) - return result - -# Groups support - - def get_groups_by_member(self,member_dn,sattrs=None): - """Gets the groups that member_dn belongs to. - If sattrs is not None then only those - attributes will be returned, otherwise all available - attributes are returned. The result is a list of groups.""" - results = self.transport.get_groups_by_member(member_dn,sattrs) - - return map(lambda result: group.Group(result), results) - - def add_group(self,group,group_container=None): - """Add a group. group is a ipa.group.Group object""" - - group_dict = group.toDict() - - # dn is set on the server-side - del group_dict['dn'] - - # convert to a regular dict before sending - result = self.transport.add_group(group_dict, group_container) - return result - - def find_groups(self, criteria, sattrs=None, sizelimit=-1, timelimit=-1): - """Find groups whose cn matches the criteria. Wildcards are - acceptable. Returns a list of Group objects.""" - result = self.transport.find_groups(criteria, sattrs, sizelimit, timelimit) - counter = result[0] - - groups = [counter] - for attrs in result[1:]: - if attrs is not None: - groups.append(group.Group(attrs)) - - return groups - - def add_member_to_group(self, member_dn, group_dn): - """Add a member to an existing group. - """ - - return self.transport.add_member_to_group(member_dn, group_dn) - - def add_members_to_group(self, member_dns, group_dn): - """Add several members to an existing group. - member_dns is a list of dns to add - - Returns a list of the dns that were not added. - """ - - return self.transport.add_members_to_group(member_dns, group_dn) - - def remove_member_from_group(self, member_dn, group_dn): - """Remove a member from an existing group. - """ - - return self.transport.remove_member_from_group(member_dn, group_dn) - - def remove_members_from_group(self, member_dns, group_dn): - """Remove several members from an existing group. - member_dns is a list of dns to remove - - Returns a list of the dns that were not removed. - """ - - return self.transport.remove_members_from_group(member_dns, group_dn) - - def add_user_to_group(self, user_uid, group_dn): - """Add a user to an existing group. - user is a uid of the user to add - group is the cn of the group to be added to - """ - - return self.transport.add_user_to_group(user_uid, group_dn) - - def add_users_to_group(self, user_uids, group_dn): - """Add several users to an existing group. - user_uids is a list of uids of the users to add - - Returns a list of the user uids that were not added. - """ - - return self.transport.add_users_to_group(user_uids, group_dn) - - def remove_user_from_group(self, user_uid, group_dn): - """Remove a user from an existing group. - user is a uid of the user to remove - group is the cn of the group to be removed from - """ - - return self.transport.remove_user_from_group(user_uid, group_dn) - - def remove_users_from_group(self, user_uids, group_dn): - """Remove several users from an existing group. - user_uids is a list of uids of the users to remove - - Returns a list of the user uids that were not removed. - """ - - return self.transport.remove_users_from_group(user_uids, group_dn) - - def add_groups_to_user(self, group_dns, user_dn): - """Given a list of group dn's add them to the user. - - Returns a list of the group dns that were not added. - """ - return self.transport.add_groups_to_user(group_dns, user_dn) - - def remove_groups_from_user(self, group_dns, user_dn): - """Given a list of group dn's remove them from the user. - - Returns a list of the group dns that were not removed. - """ - - return self.transport.remove_groups_from_user(group_dns, user_dn) - - def update_group(self,group): - """Update a group entry.""" - - return self.transport.update_group(group.origDataDict(), group.toDict()) - - def delete_group(self,group_dn): - """Delete a group entry.""" - - return self.transport.delete_group(group_dn) - - def add_group_to_group(self, group_cn, tgroup_cn): - """Add a group to an existing group. - group_cn is a cn of the group to add - tgroup_cn is the cn of the group to be added to - """ - - return self.transport.add_group_to_group(group_cn, tgroup_cn) - - def attrs_to_labels(self,attrs): - """Convert a list of LDAP attributes into a more readable form.""" - - return self.transport.attrs_to_labels(attrs) - - def get_all_attrs(self): - """We have a list of hardcoded attributes -> readable labels. Return - that complete list if someone wants it. - """ - - return self.transport.get_all_attrs() - - def group_members(self, groupdn, attr_list, membertype): - """Do a memberOf search of groupdn and return the attributes in - attr_list (an empty list returns everything).""" - - results = self.transport.group_members(groupdn, attr_list, membertype) - - counter = results[0] - - entries = [counter] - for e in results[1:]: - if e is not None: - entries.append(user.User(e)) - - return entries - - def mark_group_active(self,cn): - """Set a group as active by cn.""" - - result = self.transport.mark_group_active(cn) - return result - - def mark_group_inactive(self,cn): - """Set a group as inactive by cn.""" - - result = self.transport.mark_group_inactive(cn) - return result - -# Configuration - - def get_ipa_config(self): - """Get the IPA configuration""" - result = self.transport.get_ipa_config() - return entity.Entity(result) - - def update_ipa_config(self, config): - """Updates the IPA configuration. - - config is an Entity object. - """ - result = self.transport.update_ipa_config(config.origDataDict(), config.toDict()) - return result - - def get_password_policy(self): - """Get the IPA password policy""" - result = self.transport.get_password_policy() - return entity.Entity(result) - - def update_password_policy(self, policy): - """Updates the IPA password policy. - - policy is an Entity object. - """ - result = self.transport.update_password_policy(policy.origDataDict(), policy.toDict()) - return result - - def add_service_principal(self, princ_name, force): - return self.transport.add_service_principal(princ_name, force) - - def delete_service_principal(self, principal_dn): - return self.transport.delete_service_principal(principal_dn) - - def find_service_principal(self, criteria, sattrs=None, sizelimit=-1, timelimit=-1): - """Return a list: counter followed by a Entity object for each host that - matches the criteria. If the results are truncated, counter will - be set to -1""" - result = self.transport.find_service_principal(criteria, sattrs, sizelimit, timelimit) - counter = result[0] - - hosts = [counter] - for attrs in result[1:]: - if attrs is not None: - hosts.append(entity.Entity(attrs)) - - return hosts - - def get_keytab(self, princ_name): - return self.transport.get_keytab(princ_name) - -# radius support - def get_radius_client_by_ip_addr(self, ip_addr, container=None, sattrs=None): - result = self.transport.get_radius_client_by_ip_addr(ip_addr, container, sattrs) - return radius_util.RadiusClient(result) - - def add_radius_client(self, client, container=None): - client_dict = client.toDict() - - # dn is set on the server-side - del client_dict['dn'] - - # convert to a regular dict before sending - result = self.transport.add_radius_client(client_dict, container) - return result - - def update_radius_client(self, client): - result = self.transport.update_radius_client(client.origDataDict(), client.toDict()) - return result - - def delete_radius_client(self, ip_addr, container=None): - return self.transport.delete_radius_client(ip_addr, container) - - def find_radius_clients(self, criteria, container=None, sattrs=None, sizelimit=-1, timelimit=-1): - result = self.transport.find_radius_clients(criteria, container, sattrs, sizelimit, timelimit) - counter = result[0] - - users = [counter] - for attrs in result[1:]: - if attrs is not None: - users.append(user.User(attrs)) - - return users - - def get_radius_profile_by_uid(self, uid, user_profile=None, sattrs=None): - result = self.transport.get_radius_profile_by_uid(uid, user_profile, sattrs) - return radius_util.RadiusClient(result) - - def add_radius_profile(self, profile, user_profile=None): - profile_dict = profile.toDict() - - # dn is set on the server-side - del profile_dict['dn'] - - # convert to a regular dict before sending - result = self.transport.add_radius_profile(profile_dict, user_profile) - return result - - def update_radius_profile(self, profile): - result = self.transport.update_radius_profile(profile.origDataDict(), profile.toDict()) - return result - - def delete_radius_profile(self, ip_addr, user_profile=None): - return self.transport.delete_radius_profile(ip_addr, user_profile) - - def find_radius_profiles(self, criteria, user_profile=None, sattrs=None, sizelimit=-1, timelimit=-1): - result = self.transport.find_radius_profiles(criteria, user_profile, sattrs, sizelimit, timelimit) - counter = result[0] - - users = [counter] - for attrs in result[1:]: - if attrs is not None: - users.append(user.User(attrs)) - - return users - diff --git a/ipa-python/ipaerror.py b/ipa-python/ipaerror.py deleted file mode 100644 index 9357bd741..000000000 --- a/ipa-python/ipaerror.py +++ /dev/null @@ -1,259 +0,0 @@ -# Copyright (C) 2007 Red Hat -# see file 'COPYING' for use and warranty information -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation; version 2 only -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -# - -import exceptions -import types - -class IPAError(exceptions.Exception): - """Base error class for IPA Code""" - - def __init__(self, code, message="", detail=None): - """code is the IPA error code. - message is a human viewable error message. - detail is an optional exception that provides more detail about the - error.""" - self.code = code - self.message = message - # Fill this in as an empty LDAP error message so we don't have a lot - # of "if e.detail ..." everywhere - if detail is None: - detail = [] - detail.append({'desc':'','info':''}) - self.detail = detail - - def __str__(self): - return self.message - - def __repr__(self): - repr = "%d: %s" % (self.code, self.message) - if self.detail: - repr += "\n%s" % str(self.detail) - return repr - - -############### -# Error codes # -############### - -code_map_dict = {} - -def gen_exception(code, message=None, nested_exception=None): - """This should be used by IPA code to translate error codes into the - correct exception/message to throw. - - message is an optional argument which overrides the default message. - - nested_exception is an optional argument providing more details - about the error.""" - (default_message, exception) = code_map_dict.get(code, ("unknown", IPAError)) - if not message: - message = default_message - return exception(code, message, nested_exception) - -def exception_for(code): - """Used to look up the corresponding exception for an error code. - Will usually be used for an except block.""" - (default_message, exception) = code_map_dict.get(code, ("unknown", IPAError)) - return exception - -def gen_error_code(category, detail, message): - """Private method used to generate exception codes. - category is one of the 16 bit error code category constants. - detail is a 16 bit code within the category. - message is a human readable description on the error. - exception is the exception to throw for this error code.""" - code = (category << 16) + detail - exception = types.ClassType("IPAError%d" % code, - (IPAError,), - {}) - code_map_dict[code] = (message, exception) - - return code - -# -# Error codes are broken into two 16-bit values: category and detail -# - -# -# LDAP Errors: 0x0001 -# -LDAP_CATEGORY = 0x0001 - -LDAP_DATABASE_ERROR = gen_error_code( - LDAP_CATEGORY, - 0x0001, - "A database error occurred") - -LDAP_MIDAIR_COLLISION = gen_error_code( - LDAP_CATEGORY, - 0x0002, - "Change collided with another change") - -LDAP_NOT_FOUND = gen_error_code( - LDAP_CATEGORY, - 0x0003, - "Entry not found") - -LDAP_DUPLICATE = gen_error_code( - LDAP_CATEGORY, - 0x0004, - "This entry already exists") - -LDAP_MISSING_DN = gen_error_code( - LDAP_CATEGORY, - 0x0005, - "Entry missing dn") - -LDAP_EMPTY_MODLIST = gen_error_code( - LDAP_CATEGORY, - 0x0006, - "No modifications to be performed") - -LDAP_NO_CONFIG = gen_error_code( - LDAP_CATEGORY, - 0x0007, - "IPA configuration not found") - -# -# Function input errors -# -INPUT_CATEGORY = 0x0002 - -INPUT_INVALID_PARAMETER = gen_error_code( - INPUT_CATEGORY, - 0x0001, - "Invalid parameter(s)") - -INPUT_SAME_GROUP = gen_error_code( - INPUT_CATEGORY, - 0x0002, - "You can't add a group to itself") - -INPUT_NOT_DNS_A_RECORD = gen_error_code( - INPUT_CATEGORY, - 0x0003, - "The requested hostname is not a DNS A record. This is required by Kerberos.") - -INPUT_ADMINS_IMMUTABLE = gen_error_code( - INPUT_CATEGORY, - 0x0004, - "The admins group cannot be renamed.") - -INPUT_MALFORMED_SERVICE_PRINCIPAL = gen_error_code( - INPUT_CATEGORY, - 0x0005, - "The requested service principal is not of the form: service/fully-qualified host name") - -INPUT_REALM_MISMATCH = gen_error_code( - INPUT_CATEGORY, - 0x0006, - "The realm for the principal does not match the realm for this IPA server.") - -INPUT_ADMIN_REQUIRED = gen_error_code( - INPUT_CATEGORY, - 0x0007, - "The admin user cannot be deleted.") - -INPUT_CANT_INACTIVATE = gen_error_code( - INPUT_CATEGORY, - 0x0008, - "This entry cannot be inactivated.") - -INPUT_ADMIN_REQUIRED_IN_ADMINS = gen_error_code( - INPUT_CATEGORY, - 0x0009, - "The admin user cannot be removed from the admins group.") - -INPUT_SERVICE_PRINCIPAL_REQUIRED = gen_error_code( - INPUT_CATEGORY, - 0x000A, - "You cannot remove IPA server service principals.") - -INPUT_UID_TOO_LONG = gen_error_code( - INPUT_CATEGORY, - 0x0009, - "The requested username is too long.") - -# -# Connection errors -# -CONNECTION_CATEGORY = 0x0003 - -CONNECTION_NO_CONN = gen_error_code( - CONNECTION_CATEGORY, - 0x0001, - "Connection to database failed") - -CONNECTION_NO_CCACHE = gen_error_code( - CONNECTION_CATEGORY, - 0x0002, - "No Kerberos credentials cache is available. Connection cannot be made.") - -CONNECTION_GSSAPI_CREDENTIALS = gen_error_code( - CONNECTION_CATEGORY, - 0x0003, - "GSSAPI Authorization error") - -CONNECTION_UNWILLING = gen_error_code( - CONNECTION_CATEGORY, - 0x0004, - "Account inactivated. Server is unwilling to perform.") - -# -# Configuration errors -# -CONFIGURATION_CATEGORY = 0x0004 - -CONFIG_REQUIRED_GROUPS = gen_error_code( - CONFIGURATION_CATEGORY, - 0x0001, - "The admins and editors groups are required.") - -CONFIG_DEFAULT_GROUP = gen_error_code( - CONFIGURATION_CATEGORY, - 0x0002, - "You cannot remove the default users group.") - -CONFIG_INVALID_OC = gen_error_code( - CONFIGURATION_CATEGORY, - 0x0003, - "Invalid object class.") - -# -# Entry status errors -# -STATUS_CATEGORY = 0x0005 - -STATUS_ALREADY_ACTIVE = gen_error_code( - STATUS_CATEGORY, - 0x0001, - "This entry is already active.") - -STATUS_ALREADY_INACTIVE = gen_error_code( - STATUS_CATEGORY, - 0x0002, - "This entry is already inactive.") - -STATUS_HAS_NSACCOUNTLOCK = gen_error_code( - STATUS_CATEGORY, - 0x0003, - "This entry appears to have the nsAccountLock attribute in it so the Class of Service activation/inactivation will not work. You will need to remove the attribute nsAccountLock for this to work.") - -STATUS_NOT_GROUP_MEMBER = gen_error_code( - STATUS_CATEGORY, - 0x0004, - "This entry is not a member of the group.") diff --git a/ipa-python/ipautil.py b/ipa-python/ipautil.py index 780fef3d0..aa49c3ba3 100644 --- a/ipa-python/ipautil.py +++ b/ipa-python/ipautil.py @@ -30,7 +30,6 @@ import stat import shutil from ipa import ipavalidate -from ipa import ipaadminutil from types import * import re @@ -446,11 +445,11 @@ def ipa_generate_password(): def format_list(items, quote=None, page_width=80): '''Format a list of items formatting them so they wrap to fit the - available width. The items will be sorted. + available width. The items will be sorted. The items may optionally be quoted. The quote parameter may either be a string, in which case it is added before and after the item. Or the - quote parameter may be a pair (either a tuple or list). In this case + quote parameter may be a pair (either a tuple or list). In this case quote[0] is left hand quote and quote[1] is the right hand quote. ''' left_quote = right_quote = '' @@ -501,8 +500,8 @@ def parse_key_value_pairs(input): Example: The string - arg0 = '' arg1 = 1 arg2='two' arg3 = "three's a crowd" arg4 = "this is a \" quote" - + arg0 = '' arg1 = 1 arg2='two' arg3 = "three's a crowd" arg4 = "this is a \" quote" + will produce arg0= arg1=1 @@ -562,7 +561,7 @@ def user_input(prompt, default = None, allow_empty = True): ret = raw_input("%s: " % prompt) if allow_empty or ret.strip(): return ret - + if isinstance(default, basestring): while True: ret = raw_input("%s [%s]: " % (prompt, default)) @@ -595,16 +594,6 @@ def user_input(prompt, default = None, allow_empty = True): else: return ret -def user_input_email(prompt, default = None, allow_empty = False): - if default != None and allow_empty: - prompt += " (enter \"none\" for empty)" - while True: - ret = user_input(prompt, default, allow_empty) - if allow_empty and ret.lower() == "none": - return "" - if ipavalidate.Email(ret, not allow_empty): - return ret.strip() - def user_input_plain(prompt, default = None, allow_empty = True, allow_spaces = True): while True: ret = user_input(prompt, default, allow_empty) @@ -621,15 +610,6 @@ def user_input_path(prompt, default = None, allow_empty = True): if ipavalidate.Path(ret, not allow_empty): return ret -def user_input_name(prompt, default = None): - while True: - ret = user_input(prompt, default, False) - try: - ipaadminutil.check_name(ret) - return ret - except ValueError, e: - print prompt + " " + str(e) - class AttributeValueCompleter: ''' Gets input from the user in the form "lhs operator rhs" @@ -722,7 +702,7 @@ class AttributeValueCompleter: # Restore previous state readline.set_completer_delims(self.prev_completer_delims) readline.set_completer(self.prev_completer) - + def parse_input(self): '''We are looking for 3 tokens: <lhs,op,rhs> Extract as much of each token as possible. @@ -918,7 +898,7 @@ class ItemCompleter: # Restore previous state readline.set_completer_delims(self.prev_completer_delims) readline.set_completer(self.prev_completer) - + def get_item_completions(self, text): if text: self.completions = [lhs for lhs in self.items if lhs.startswith(text)] @@ -940,7 +920,7 @@ class ItemCompleter: def read_input(self, prompt, initial_input=None): items = [] - + self.initial_input = initial_input try: if initial_input is None: diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py index fb99604c7..4efa4e9b5 100644 --- a/ipaserver/install/krbinstance.py +++ b/ipaserver/install/krbinstance.py @@ -34,8 +34,8 @@ import service import installutils from ipa import sysrestore from ipa import ipautil -from ipa import ipaerror from ipalib import util +from ipalib import errors2 from ipaserver import ipaldap @@ -322,7 +322,7 @@ class KrbInstance(service.Service): def __write_stash_from_ds(self): try: entry = self.conn.getEntry("cn=%s, cn=kerberos, %s" % (self.realm, self.suffix), ldap.SCOPE_SUBTREE) - except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND), e: + except errors2.NotFound: logging.critical("Could not find master key in DS") raise e diff --git a/ipaserver/install/ldapupdate.py b/ipaserver/install/ldapupdate.py index b9efe84ab..3690b75bb 100644 --- a/ipaserver/install/ldapupdate.py +++ b/ipaserver/install/ldapupdate.py @@ -27,8 +27,9 @@ UPDATES_DIR="/usr/share/ipa/updates/" import sys from ipaserver.install import installutils from ipaserver import ipaldap -from ipa import entity, ipaerror, ipautil +from ipa import entity, ipautil from ipalib import util +from ipalib import errors, errors2 import ldap import logging import krbV @@ -326,10 +327,10 @@ class LDAPUpdate: while True: try: entry = self.conn.getEntry(dn, ldap.SCOPE_BASE, "(objectclass=*)", attrlist) - except ldap.NO_SUCH_OBJECT: + except errors2.NotFound: logging.error("Task not found: %s", dn) return - except ipaerror.exception_for(ipaerror.LDAP_DATABASE_ERROR), e: + except errors.DatabaseError, e: logging.error("Task lookup failure %s: %s", e, self.__detail_error(e.detail)) return @@ -496,11 +497,11 @@ class LDAPUpdate: entry = self.__entry_to_entity(e[0]) found = True logging.info("Updating existing entry: %s", entry.dn) - except ldap.NO_SUCH_OBJECT: + except errors2.NotFound: # Doesn't exist, start with the default entry entry = new_entry logging.info("New entry: %s", entry.dn) - except ipaerror.exception_for(ipaerror.LDAP_DATABASE_ERROR): + except errors.DatabaseError: # Doesn't exist, start with the default entry entry = new_entry logging.info("New entry, using default value: %s", entry.dn) @@ -536,10 +537,10 @@ class LDAPUpdate: if self.live_run and updated: self.conn.updateEntry(entry.dn, entry.origDataDict(), entry.toDict()) logging.info("Done") - except ipaerror.exception_for(ipaerror.LDAP_EMPTY_MODLIST), e: + except errors.EmptyModlist: logging.info("Entry already up-to-date") updated = False - except ipaerror.exception_for(ipaerror.LDAP_DATABASE_ERROR), e: + except errors.DatabaseError, e: logging.error("Update failed: %s: %s", e, self.__detail_error(e.detail)) updated = False diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py index 33ed9c8ac..12db0eb0c 100644 --- a/ipaserver/install/replication.py +++ b/ipaserver/install/replication.py @@ -23,8 +23,8 @@ import ldap from ipaserver.install import dsinstance from ipaserver import ipaldap from ldap import modlist -from ipa import ipaerror from ipalib import util +from ipalib import errors2 DIRMAN_CN = "cn=directory manager" CACERT="/usr/share/ipa/html/ca.crt" @@ -148,7 +148,7 @@ class ReplicationManager: conn.getEntry(dn, ldap.SCOPE_BASE) # replication is already configured return - except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND): + except errors2.NotFound: pass replica_type = self.get_replica_type() @@ -220,7 +220,7 @@ class ReplicationManager: try: entry = self.conn.getEntry("cn=mapping tree,cn=config", ldap.SCOPE_ONELEVEL, "(cn=\"%s\")" % (self.suffix)) - except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND), e: + except errors2.NotFound, e: logging.debug("failed to find mappting tree entry for %s" % self.suffix) raise e @@ -256,7 +256,7 @@ class ReplicationManager: conn.getEntry(pass_dn, ldap.SCOPE_BASE) print "Windows PassSync entry exists, not resetting password" return - except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND): + except errors2.NotFound: pass # The user doesn't exist, add it @@ -315,7 +315,7 @@ class ReplicationManager: try: a.getEntry(dn, ldap.SCOPE_BASE) return - except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND): + except errors2.NotFound: pass iswinsync = kargs.get("winsync", False) diff --git a/ipaserver/ipaldap.py b/ipaserver/ipaldap.py index e7177b3e2..a490c3407 100644 --- a/ipaserver/ipaldap.py +++ b/ipaserver/ipaldap.py @@ -320,7 +320,7 @@ class IPAdmin(SimpleLDAPObject): # Too many results returned by search raise e except ldap.LDAPError, e: - raise e + raise errors.DatabaseError, e if not obj: raise errors2.NotFound(msg=notfound(args)) @@ -357,7 +357,7 @@ class IPAdmin(SimpleLDAPObject): ldap.TIMELIMIT_EXCEEDED), e: partial = 1 except ldap.LDAPError, e: - raise e + raise errors.DatabaseError, e if not entries: raise errors2.NotFound(msg=notfound(args)) @@ -514,7 +514,7 @@ class IPAdmin(SimpleLDAPObject): self.set_option(ldap.OPT_SERVER_CONTROLS, sctrl) self.passwd_s(dn, oldpass, newpass) except ldap.LDAPError, e: - raise e + raise errors.DatabaseError, e return True def __wrapmethods(self): |