summaryrefslogtreecommitdiffstats
path: root/ipalib/errors.py
Commit message (Collapse)AuthorAgeFilesLines
* Add new parameter type IA5Str and use this to enforce the right charset.Rob Crittenden2010-12-071-0/+16
| | | | ticket 496
* Re-implement access control using an updated model.Rob Crittenden2010-12-011-4/+4
| | | | | | | | | | | | | | | | | | | The new model is based on permssions, privileges and roles. Most importantly it corrects the reverse membership that caused problems in the previous implementation. You add permission to privileges and privileges to roles, not the other way around (even though it works that way behind the scenes). A permission object is a combination of a simple group and an aci. The linkage between the aci and the permission is the description of the permission. This shows as the name/description of the aci. ldap:///self and groups granting groups (v1-style) are not supported by this model (it will be provided separately). This makes the aci plugin internal only. ticket 445
* Add ability to add/remove DNS records when adding/removing a host entry.Rob Crittenden2010-11-231-0/+17
| | | | | | | | | | | | | | | | | | A host in DNS must have an IP address so a valid IP address is required when adding a host. The --force flag will be needed too since you are adding a host that isn't in DNS. For IPv4 it will create an A and a PTR DNS record. IPv6 isn't quite supported yet. Some basic work in the DNS installer is needed to get this working. Once the get_reverse_zone() returns the right value then this should start working and create an AAAA record and the appropriate reverse entry. When deleting a host with the --updatedns flag it will try to remove all records it can find in the zone for this host. ticket 238
* Fix typo in exception sample causing a doctest to failRob Crittenden2010-11-051-1/+1
|
* user-enable/disable improvementsRob Crittenden2010-11-041-6/+6
| | | | | | | | | | | | | Always display the account enable/disable status. Don't ignore the exceptions when a user is already enabled or disabled. Fix the exception error messages to use the right terminology. In baseldap when retrieving all attributes include the default attributes in case they include some operational attributes. ticket 392
* Don't allow managed groups to have group password policy.Rob Crittenden2010-10-281-0/+15
| | | | | | | UPG cannot have members and we use memberOf in class of service to determine which policy to apply. ticket 160
* Fix two failing tests.Rob Crittenden2010-10-221-1/+1
| | | | | | The first test is a mismatch in the sample output of an exception. The second test adds certificate information output to the service plugin.
* Disallow RDN change and single-value bypass using setattr/addattr.Pavel Zuna2010-10-181-3/+34
| | | | | | | | | | | When setting or adding an attribute wiht setatt/addattr check to see if there is a Param for the attribute and enforce the multi-value. If there is no Param check the LDAP schema for SINGLE-VALUE. Catch RDN mods and try to return a more reasonable error message. Ticket #230 Ticket #246
* Add Requires on ipa-client to ipa-admintools, ensure ipa client is configuredRob Crittenden2010-10-151-0/+10
| | | | | | | | | | It makes little sense to install ipa-admintools without ipa-client, require it. Also see if the client has been configured. This is a bit tricky since we have a full set of defaults. Add a new env option that gets set if at least one configuration file is loaded. ticket 213
* Accept an incoming certificate as either DER or base64 in the service plugin.Rob Crittenden2010-10-081-1/+17
| | | | | | | | | | | | | The plugin required a base64-encoded certificate and always decoded it before processing. This doesn't work with the UI because the json module decodes binary values already. Try to detect if the incoming value is base64-encoded and decode if necessary. Finally, try to pull the cert apart to validate it. This will tell us for sure that the data is a certificate, regardless of the format it came in as. ticket 348
* If an HBAC category is 'all' don't allow individual objects to be added.Rob Crittenden2010-10-081-0/+17
| | | | | | | | Basically, make 'all' mutually exclusive. This makes debugging lots easier. If say usercat='all' there is no point adding specific users to the rule because it will always apply to everyone. ticket 164
* Allow decoupling of user-private groups.Rob Crittenden2010-08-101-0/+15
| | | | | | | | | | | To do this we need to break the link manually on both sides, the user and the group. We also have to verify in advance that the user performing this is allowed to do both. Otherwise the user could be decoupled but not the group leaving it in a quasi broken state that only ldapmodify could fix. ticket 75
* Require that hosts be resolvable in DNS. Use --force to ignore warnings.Rob Crittenden2010-08-061-0/+16
| | | | | | | | | | | | | This also requires a resolvable hostname on services as well. I want people to think long and hard about adding things that aren't resolvable. The cert plugin can automatically create services on the user's behalf when issuing a cert. It will always set the force flag to True. We use a lot of made-up host names in the test system, all of which require the force flag now. ticket #25
* Add NotImplementedError type so CA plugins can return client-friendly errorsRob Crittenden2009-12-011-0/+8
| | | | | | | | Ignore NotImplementedError when revoking a certificate as this isn't implemented in the selfsign plugin. Also use the new type argument in x509.load_certificate(). Certificates are coming out of LDAP as binary instead of base64-encoding.
* add new error class for certificate operationsJohn Dennis2009-11-191-1/+28
| | | | add new error class for certificate operations
* error strings in documentation were missing unicode specifierJohn Dennis2009-11-191-3/+3
| | | | error strings in documentation were missing unicode specifier
* Change Password param so (password, confirm_password) can be passed to ↵Jason Gerard DeRose2009-10-181-0/+9
| | | | _convert_scalar()
* Giant webui patch take 2Jason Gerard DeRose2009-10-131-0/+11
|
* Raise more specific error when an Objectclass Violation occurs Fix the ↵Rob Crittenden2009-09-141-0/+15
| | | | virtual plugin to work with the new backend
* Remove Python 2.6 BaseException.message deprecation warningRob Crittenden2009-08-201-5/+5
|
* Clean up additional issues discovered with pylint and pycheckerRob Crittenden2009-08-201-0/+16
|
* Clean up some problems discovered with pylint and pycheckerRob Crittenden2009-08-121-0/+16
| | | | | Much of this is formatting to make pylint happy but it also fixes some real bugs.
* Add a return value to exceptions.Rob Crittenden2009-07-101-0/+2
| | | | | | | | Returning the exception value doesn't work because a shell return value is in the range of 0-255. The default return value is 1 which means "something went wrong." The only specific return value implemented so far is 2 which is "not found".
* Implement support for non-LDAP-based actions that use the LDAP ACI subsystem.Rob Crittenden2009-07-101-1/+1
| | | | | | | | | | | | There are some operations, like those for the certificate system, that don't need to write to the directory server. So instead we have an entry that we test against to determine whether the operation is allowed or not. This is done by attempting a write on the entry. If it would succeed then permission is granted. If not then denied. The write we attempt is actually invalid so the write itself will fail but the attempt will fail first if access is not permitted, so we can distinguish between the two without polluting the entry.
* Fix typo, occured -> occurredRob Crittenden2009-05-211-4/+4
|
* Add a format to the generic KerberosError classRob Crittenden2009-05-211-0/+9
|
* Raise an exception if the certificate chain is not returned from the CARob Crittenden2009-05-211-0/+16
|
* Fixed doctest for errors.NotFoundJason Gerard DeRose2009-05-191-3/+3
|
* Re-enable doctest, fix broken docstringsJason Gerard DeRose2009-05-131-9/+9
|
* Add a reason to the NotFound exception so we can provide more robust errorsRob Crittenden2009-05-131-1/+1
|
* Make MalformedServicePrincipal take a reason arg and add Base64DecodeErrorRob Crittenden2009-05-061-3/+19
|
* Rename errors2.py to errors.py. Modify all affected files.Pavel Zuna2009-04-231-0/+1077
|
* Finish work replacing the errors module with errors2Rob Crittenden2009-04-201-441/+0
| | | | | | Once this is committed we can start the process of renaming errors2 as errors. I thought that combinig this into one commit would be more difficult to review.
* Raise a more specific error when a user lacks the proper permissions.Rob Crittenden2009-03-251-4/+0
| | | | | The info part of the message will contain details on what permission failed on what attribute.
* Applied Rob's errors patchRob Crittenden2009-02-031-20/+0
|
* Started fleshing out reoganization of errors in errors.py (with gettext support)Jason Gerard DeRose2009-01-031-15/+0
|
* Improved Plugin.call() method and added its unit testJason Gerard DeRose2008-12-211-0/+8
|
* Merge branch 'master' of ↵Jason Gerard DeRose2008-12-201-0/+8
|\ | | | | | | git://git.engineering.redhat.com/users/rcritten/freeipa2
| * Raise an error on bad principals instead of printing one when changing passwordsRob Crittenden2008-12-111-0/+4
| | | | | | | | Fix logic in determining what to do with an incoming principal
| * Port plugins to use the new output_for_cli() argument listRob Crittenden2008-12-101-0/+4
| | | | | | | | Fix some errors uncovered by the nosetests
* | Fix show_api commandJakub Hrozek2008-12-171-0/+3
| |
* | Add body for the NameSpaceError exceptionJakub Hrozek2008-12-171-0/+11
|/
* Fixed Warning messages about log dir in unit testJason Gerard DeRose2008-12-081-3/+4
|
* Started fleshing out doodles in xmlrpc.execute()Jason Gerard DeRose2008-11-251-1/+14
|
* Stared some RPC-related error cleanup; started work on ipa_server.rcp.xmlrpc ↵Jason Gerard DeRose2008-11-241-0/+24
| | | | plugin
* Started work on cleaning up how exceptions are caught and sys.exit() is ↵Jason Gerard DeRose2008-11-131-0/+11
| | | | called in ipalib.cli.CLI
* Don't allow service-add to create host/ principalsRob Crittenden2008-10-241-0/+4
|
* IPAError now more appropriately subclasses from StandardError instead of ↵Jason Gerard DeRose2008-10-231-1/+1
| | | | Exception
* Add mod_python-based XML-RPC server.Rob Crittenden2008-10-161-0/+2
| | | | | Use -e kerberos on the command-line to use the mod_python server, otherwise it defaults to use the simple-server URL.
* Implement user lock and unlockRob Crittenden2008-10-131-13/+29
|
generated by cgit (git 2.34.1) at 2024-06-19 14:34:17 +0000