1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
|
# Copyright (C) 2007 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; version 2 only
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
import exceptions
import types
class IPAError(exceptions.Exception):
"""Base error class for IPA Code"""
def __init__(self, code, message="", detail=None):
"""code is the IPA error code.
message is a human viewable error message.
detail is an optional exception that provides more detail about the
error."""
self.code = code
self.message = message
# Fill this in as an empty LDAP error message so we don't have a lot
# of "if e.detail ..." everywhere
if detail is None:
detail = []
detail.append({'desc':'','info':''})
self.detail = detail
def __str__(self):
return self.message
def __repr__(self):
repr = "%d: %s" % (self.code, self.message)
if self.detail:
repr += "\n%s" % str(self.detail)
return repr
###############
# Error codes #
###############
code_map_dict = {}
def gen_exception(code, message=None, nested_exception=None):
"""This should be used by IPA code to translate error codes into the
correct exception/message to throw.
message is an optional argument which overrides the default message.
nested_exception is an optional argument providing more details
about the error."""
(default_message, exception) = code_map_dict.get(code, ("unknown", IPAError))
if not message:
message = default_message
return exception(code, message, nested_exception)
def exception_for(code):
"""Used to look up the corresponding exception for an error code.
Will usually be used for an except block."""
(default_message, exception) = code_map_dict.get(code, ("unknown", IPAError))
return exception
def gen_error_code(category, detail, message):
"""Private method used to generate exception codes.
category is one of the 16 bit error code category constants.
detail is a 16 bit code within the category.
message is a human readable description on the error.
exception is the exception to throw for this error code."""
code = (category << 16) + detail
exception = types.ClassType("IPAError%d" % code,
(IPAError,),
{})
code_map_dict[code] = (message, exception)
return code
#
# Error codes are broken into two 16-bit values: category and detail
#
#
# LDAP Errors: 0x0001
#
LDAP_CATEGORY = 0x0001
LDAP_DATABASE_ERROR = gen_error_code(
LDAP_CATEGORY,
0x0001,
"A database error occurred")
LDAP_MIDAIR_COLLISION = gen_error_code(
LDAP_CATEGORY,
0x0002,
"Change collided with another change")
LDAP_NOT_FOUND = gen_error_code(
LDAP_CATEGORY,
0x0003,
"Entry not found")
LDAP_DUPLICATE = gen_error_code(
LDAP_CATEGORY,
0x0004,
"This entry already exists")
LDAP_MISSING_DN = gen_error_code(
LDAP_CATEGORY,
0x0005,
"Entry missing dn")
LDAP_EMPTY_MODLIST = gen_error_code(
LDAP_CATEGORY,
0x0006,
"No modifications to be performed")
LDAP_NO_CONFIG = gen_error_code(
LDAP_CATEGORY,
0x0007,
"IPA configuration not found")
#
# Function input errors
#
INPUT_CATEGORY = 0x0002
INPUT_INVALID_PARAMETER = gen_error_code(
INPUT_CATEGORY,
0x0001,
"Invalid parameter(s)")
INPUT_SAME_GROUP = gen_error_code(
INPUT_CATEGORY,
0x0002,
"You can't add a group to itself")
INPUT_NOT_DNS_A_RECORD = gen_error_code(
INPUT_CATEGORY,
0x0003,
"The requested hostname is not a DNS A record. This is required by Kerberos.")
INPUT_ADMINS_IMMUTABLE = gen_error_code(
INPUT_CATEGORY,
0x0004,
"The admins group cannot be renamed.")
INPUT_MALFORMED_SERVICE_PRINCIPAL = gen_error_code(
INPUT_CATEGORY,
0x0005,
"The requested service principal is not of the form: service/fully-qualified host name")
INPUT_REALM_MISMATCH = gen_error_code(
INPUT_CATEGORY,
0x0006,
"The realm for the principal does not match the realm for this IPA server.")
INPUT_ADMIN_REQUIRED = gen_error_code(
INPUT_CATEGORY,
0x0007,
"The admin user cannot be deleted.")
INPUT_CANT_INACTIVATE = gen_error_code(
INPUT_CATEGORY,
0x0008,
"This entry cannot be inactivated.")
INPUT_ADMIN_REQUIRED_IN_ADMINS = gen_error_code(
INPUT_CATEGORY,
0x0009,
"The admin user cannot be removed from the admins group.")
INPUT_SERVICE_PRINCIPAL_REQUIRED = gen_error_code(
INPUT_CATEGORY,
0x000A,
"You cannot remove IPA server service principals.")
INPUT_UID_TOO_LONG = gen_error_code(
INPUT_CATEGORY,
0x0009,
"The requested username is too long.")
#
# Connection errors
#
CONNECTION_CATEGORY = 0x0003
CONNECTION_NO_CONN = gen_error_code(
CONNECTION_CATEGORY,
0x0001,
"Connection to database failed")
CONNECTION_NO_CCACHE = gen_error_code(
CONNECTION_CATEGORY,
0x0002,
"No Kerberos credentials cache is available. Connection cannot be made.")
CONNECTION_GSSAPI_CREDENTIALS = gen_error_code(
CONNECTION_CATEGORY,
0x0003,
"GSSAPI Authorization error")
CONNECTION_UNWILLING = gen_error_code(
CONNECTION_CATEGORY,
0x0004,
"Account inactivated. Server is unwilling to perform.")
#
# Configuration errors
#
CONFIGURATION_CATEGORY = 0x0004
CONFIG_REQUIRED_GROUPS = gen_error_code(
CONFIGURATION_CATEGORY,
0x0001,
"The admins and editors groups are required.")
CONFIG_DEFAULT_GROUP = gen_error_code(
CONFIGURATION_CATEGORY,
0x0002,
"You cannot remove the default users group.")
CONFIG_INVALID_OC = gen_error_code(
CONFIGURATION_CATEGORY,
0x0003,
"Invalid object class.")
#
# Entry status errors
#
STATUS_CATEGORY = 0x0005
STATUS_ALREADY_ACTIVE = gen_error_code(
STATUS_CATEGORY,
0x0001,
"This entry is already active.")
STATUS_ALREADY_INACTIVE = gen_error_code(
STATUS_CATEGORY,
0x0002,
"This entry is already inactive.")
STATUS_HAS_NSACCOUNTLOCK = gen_error_code(
STATUS_CATEGORY,
0x0003,
"This entry appears to have the nsAccountLock attribute in it so the Class of Service activation/inactivation will not work. You will need to remove the attribute nsAccountLock for this to work.")
STATUS_NOT_GROUP_MEMBER = gen_error_code(
STATUS_CATEGORY,
0x0004,
"This entry is not a member of the group.")
|