diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2009-04-20 13:58:26 -0400 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2009-04-20 13:58:26 -0400 |
| commit | 64fa3dd4c3a03e7a677453c9150f84ffc4e91c7a (patch) | |
| tree | a4543df175f8bf0efcd200662a9e7f00fea7bf52 /ipaserver | |
| parent | a9387b48e66ca93cc8323869de25fe3f777567b6 (diff) | |
| download | freeipa-64fa3dd4c3a03e7a677453c9150f84ffc4e91c7a.tar.gz freeipa-64fa3dd4c3a03e7a677453c9150f84ffc4e91c7a.tar.xz freeipa-64fa3dd4c3a03e7a677453c9150f84ffc4e91c7a.zip | |
Finish work replacing the errors module with errors2
Once this is committed we can start the process of renaming errors2 as errors.
I thought that combinig this into one commit would be more difficult to
review.
Diffstat (limited to 'ipaserver')
| -rw-r--r-- | ipaserver/install/ldapupdate.py | 12 | ||||
| -rw-r--r-- | ipaserver/ipaldap.py | 110 | ||||
| -rw-r--r-- | ipaserver/plugins/ldap2.py | 94 | ||||
| -rw-r--r-- | ipaserver/servercore.py | 32 |
4 files changed, 153 insertions, 95 deletions
diff --git a/ipaserver/install/ldapupdate.py b/ipaserver/install/ldapupdate.py index f002595d..17b519b3 100644 --- a/ipaserver/install/ldapupdate.py +++ b/ipaserver/install/ldapupdate.py @@ -29,7 +29,7 @@ from ipaserver.install import installutils from ipaserver import ipaldap from ipapython import entity, ipautil from ipalib import util -from ipalib import errors, errors2 +from ipalib import errors2 import ldap import logging import krbV @@ -310,10 +310,10 @@ class LDAPUpdate: while True: try: entry = self.conn.getEntry(dn, ldap.SCOPE_BASE, "(objectclass=*)", attrlist) - except errors2.NotFound: + except errors2.NotFound, e: logging.error("Task not found: %s", dn) return - except errors.DatabaseError, e: + except errors2.DatabaseError, e: logging.error("Task lookup failure %s", e) return @@ -484,7 +484,7 @@ class LDAPUpdate: # Doesn't exist, start with the default entry entry = new_entry logging.info("New entry: %s", entry.dn) - except errors.DatabaseError: + except errors2.DatabaseError: # Doesn't exist, start with the default entry entry = new_entry logging.info("New entry, using default value: %s", entry.dn) @@ -521,10 +521,10 @@ class LDAPUpdate: if self.live_run and updated: self.conn.updateEntry(entry.dn, entry.origDataDict(), entry.toDict()) logging.info("Done") - except errors.EmptyModlist: + except errors2.EmptyModlist: logging.info("Entry already up-to-date") updated = False - except errors.DatabaseError, e: + except errors2.DatabaseError, e: logging.error("Update failed: %s", e) updated = False diff --git a/ipaserver/ipaldap.py b/ipaserver/ipaldap.py index 01370b86..e63fe55b 100644 --- a/ipaserver/ipaldap.py +++ b/ipaserver/ipaldap.py @@ -32,7 +32,7 @@ import ldap.sasl from ldap.controls import LDAPControl,DecodeControlTuples,EncodeControlTuples from ldap.ldapobject import SimpleLDAPObject from ipaserver import ipautil -from ipalib import errors, errors2 +from ipalib import errors2 # Global variable to define SASL auth sasl_auth = ldap.sasl.sasl({},'GSSAPI') @@ -264,6 +264,50 @@ class IPAdmin(SimpleLDAPObject): return sctrl + def __handle_errors(self, e, **kw): + """ + Centralize error handling in one place. + + e is the error to be raised + **kw is an exception-specific list of options + """ + if not isinstance(e,ldap.TIMEOUT): + desc = e.args[0]['desc'].strip() + info = e.args[0].get('info','').strip() + else: + desc = '' + info = '' + + try: + # re-raise the error so we can handle it + raise e + except ldap.NO_SUCH_OBJECT, e: + args = kw.get('args', '') + raise errors2.NotFound(msg=notfound(args)) + except ldap.ALREADY_EXISTS, e: + raise errors2.DuplicateEntry() + except ldap.CONSTRAINT_VIOLATION, e: + # This error gets thrown by the uniqueness plugin + if info == 'Another entry with the same attribute value already exists': + raise errors2.DuplicateEntry() + else: + raise errors2.DatabaseError(desc=desc,info=info) + except ldap.INSUFFICIENT_ACCESS, e: + raise errors2.ACIError(info=info) + except ldap.NO_SUCH_ATTRIBUTE: + # this is raised when a 'delete' attribute isn't found. + # it indicates the previous attribute was removed by another + # update, making the oldentry stale. + raise errors2.MidairCollision() + except ldap.ADMINLIMIT_EXCEEDED, e: + raise errors2.LimitsExceeded() + except ldap.SIZELIMIT_EXCEEDED, e: + raise errors2.LimitsExceeded() + except ldap.TIMELIMIT_EXCEEDED, e: + raise errors2.LimitsExceeded() + except ldap.LDAPError, e: + raise errors2.DatabaseError(desc=desc,info=info) + def toLDAPURL(self): return "ldap://%s:%d/" % (self.host,self.port) @@ -271,11 +315,14 @@ class IPAdmin(SimpleLDAPObject): self.proxydn = proxydn def set_krbccache(self, krbccache, principal): - if krbccache is not None: - os.environ["KRB5CCNAME"] = krbccache - self.sasl_interactive_bind_s("", sasl_auth) - self.principal = principal - self.proxydn = None + try: + if krbccache is not None: + os.environ["KRB5CCNAME"] = krbccache + self.sasl_interactive_bind_s("", sasl_auth) + self.principal = principal + self.proxydn = None + except ldap.LDAPError, e: + self.__handle_errors(e, **{}) def do_simple_bind(self, binddn="cn=directory manager", bindpw=""): self.binddn = binddn @@ -293,10 +340,9 @@ class IPAdmin(SimpleLDAPObject): try: res = self.search(*args) objtype, obj = self.result(res) - except ldap.NO_SUCH_OBJECT, e: - raise errors2.NotFound(msg=notfound(args)) except ldap.LDAPError, e: - raise errors.DatabaseError, e + kw = {'args': args} + self.__handle_errors(e, **kw) if not obj: raise errors2.NotFound(msg=notfound(args)) @@ -316,11 +362,9 @@ class IPAdmin(SimpleLDAPObject): try: res = self.search(*args) objtype, obj = self.result(res) - except (ldap.ADMINLIMIT_EXCEEDED, ldap.SIZELIMIT_EXCEEDED), e: - # Too many results returned by search - raise e except ldap.LDAPError, e: - raise errors.DatabaseError, e + kw = {'args': args} + self.__handle_errors(e, **kw) if not obj: raise errors2.NotFound(msg=notfound(args)) @@ -357,7 +401,8 @@ class IPAdmin(SimpleLDAPObject): ldap.TIMELIMIT_EXCEEDED), e: partial = 1 except ldap.LDAPError, e: - raise errors.DatabaseError, e + kw = {'args': args} + self.__handle_errors(e, **kw) if not entries: raise errors2.NotFound(msg=notfound(args)) @@ -379,18 +424,9 @@ class IPAdmin(SimpleLDAPObject): if sctrl is not None: self.set_option(ldap.OPT_SERVER_CONTROLS, sctrl) self.add_s(*args) - except ldap.ALREADY_EXISTS, e: - raise errors2.DuplicateEntry - except ldap.CONSTRAINT_VIOLATION, e: - # This error gets thrown by the uniqueness plugin - if e.args[0].get('info','') == 'Another entry with the same attribute value already exists': - raise errors2.DuplicateEntry - else: - raise errors.DatabaseError, e - except ldap.INSUFFICIENT_ACCESS, e: - raise errors2.ACIError(info=e.args[0].get('info','')) except ldap.LDAPError, e: - raise errors.DatabaseError, e + kw = {'args': args} + self.__handle_errors(e, **kw) return True def updateRDN(self, dn, newrdn): @@ -407,7 +443,8 @@ class IPAdmin(SimpleLDAPObject): self.set_option(ldap.OPT_SERVER_CONTROLS, sctrl) self.modrdn_s(dn, newrdn, delold=1) except ldap.LDAPError, e: - raise errors.DatabaseError, e + kw = {'args': args} + self.__handle_errors(e, **kw) return True def updateEntry(self,dn,oldentry,newentry): @@ -425,15 +462,9 @@ class IPAdmin(SimpleLDAPObject): if sctrl is not None: self.set_option(ldap.OPT_SERVER_CONTROLS, sctrl) self.modify_s(dn, modlist) - # this is raised when a 'delete' attribute isn't found. - # it indicates the previous attribute was removed by another - # update, making the oldentry stale. - except ldap.NO_SUCH_ATTRIBUTE: - raise errors.MidairCollision - except ldap.INSUFFICIENT_ACCESS, e: - raise errors2.ACIError(info=e.args[0].get('info','')) except ldap.LDAPError, e: - raise errors.DatabaseError, e + kw = {'args': args} + self.__handle_errors(e, **kw) return True def generateModList(self, old_entry, new_entry): @@ -491,7 +522,8 @@ class IPAdmin(SimpleLDAPObject): self.set_option(ldap.OPT_SERVER_CONTROLS, sctrl) self.modify_s(dn, modlist) except ldap.LDAPError, e: - raise errors.DatabaseError, e + kw = {'args': args} + self.__handle_errors(e, **kw) return True def deleteEntry(self,*args): @@ -503,10 +535,9 @@ class IPAdmin(SimpleLDAPObject): if sctrl is not None: self.set_option(ldap.OPT_SERVER_CONTROLS, sctrl) self.delete_s(*args) - except ldap.INSUFFICIENT_ACCESS, e: - raise errors2.ACIError(info=e.args[0].get('info','')) except ldap.LDAPError, e: - raise errors.DatabaseError, e + kw = {'args': args} + self.__handle_errors(e, **kw) return True def modifyPassword(self,dn,oldpass,newpass): @@ -524,7 +555,8 @@ class IPAdmin(SimpleLDAPObject): self.set_option(ldap.OPT_SERVER_CONTROLS, sctrl) self.passwd_s(dn, oldpass, newpass) except ldap.LDAPError, e: - raise errors.DatabaseError, e + kw = {'args': args} + self.__handle_errors(e, **kw) return True def __wrapmethods(self): diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py index ca084902..b823c2ac 100644 --- a/ipaserver/plugins/ldap2.py +++ b/ipaserver/plugins/ldap2.py @@ -44,7 +44,7 @@ from ldap.controls import LDAPControl from ldap.ldapobject import SimpleLDAPObject from ipalib import api -from ipalib import errors, errors2 +from ipalib import errors2 from ipalib.crud import CrudBackend # attribute syntax to python type mapping, 'SYNTAX OID': type @@ -87,7 +87,7 @@ def _load_schema(host, port): conn.unbind_s() except _ldap.LDAPError, e: # TODO: raise a more appropriate exception - raise errors.DatabaseError + self.__handle_errors(e, **{}) except IndexError: # no 'cn=schema' entry in LDAP? some servers use 'cn=subschema' # TODO: DS uses 'cn=schema', support for other server? @@ -168,6 +168,51 @@ class ldap2(CrudBackend): else: entry_attrs[k] = attr_type(v) + def __handle_errors(self, e, **kw): + """ + Centralize error handling in one place. + + e is the error to be raised + **kw is an exception-specific list of options + """ + if not isinstance(e,ldap.TIMEOUT): + desc = e.args[0]['desc'].strip() + info = e.args[0].get('info','').strip() + else: + desc = '' + info = '' + + try: + # re-raise the error so we can handle it + raise e + except _ldap.NO_SUCH_OBJECT, e: + # args = kw.get('args', '') + # raise errors2.NotFound(msg=notfound(args)) + raise errors2.NotFound() + except _ldap.ALREADY_EXISTS, e: + raise errors2.DuplicateEntry() + except _ldap.CONSTRAINT_VIOLATION, e: + # This error gets thrown by the uniqueness plugin + if info == 'Another entry with the same attribute value already exists': + raise errors2.DuplicateEntry() + else: + raise errors2.DatabaseError(desc=desc,info=info) + except _ldap.INSUFFICIENT_ACCESS, e: + raise errors2.ACIError(info=info) + except _ldap.NO_SUCH_ATTRIBUTE: + # this is raised when a 'delete' attribute isn't found. + # it indicates the previous attribute was removed by another + # update, making the oldentry stale. + raise errors2.MidairCollision() + except _ldap.ADMINLIMIT_EXCEEDED, e: + raise errors2.LimitsExceeded() + except _ldap.SIZELIMIT_EXCEEDED, e: + raise errors2.LimitsExceeded() + except _ldap.TIMELIMIT_EXCEEDED, e: + raise errors2.LimitsExceeded() + except _ldap.LDAPError, e: + raise errors2.DatabaseError(desc=desc,info=info) + def create_connection(self, host=None, port=None, ccache=None, bind_dn='', bind_pw='', debug_level=255, tls_cacertfile=None, tls_certfile=None, tls_keyfile=None): @@ -291,15 +336,8 @@ class ldap2(CrudBackend): # pass arguments to python-ldap try: self.conn.add_s(dn, list(entry_attrs_copy.iteritems())) - except _ldap.ALREADY_EXISTS, e: - raise errors2.DuplicateEntry - except _ldap.CONSTRAINT_VIOLATION, e: - if e.args[0].get('info', '') == _uniqueness_plugin_error: - raise errors2.DuplicateEntry - else: - raise errors.DatabaseError, e except _ldap.LDAPError, e: - raise errors.DatabaseError, e + self.__handle_errors(e, **{}) # generating filters for find_entry # some examples: @@ -403,7 +441,7 @@ class ldap2(CrudBackend): _ldap.SIZELIMIT_EXCEEDED), e: raise e except _ldap.LDAPError, e: - raise errors.DatabaseError, e + self.__handle_errors(e, **{}) if not res: raise errors2.NotFound() @@ -450,7 +488,7 @@ class ldap2(CrudBackend): try: self.conn.rename_s(dn, new_rdn, delold=int(del_old)) except _ldap.LDAPError, e: - raise errors.DatabaseError, e + self.__handle_errors(e, **{}) def _generate_modlist(self, dn, entry_attrs): # get original entry @@ -500,15 +538,13 @@ class ldap2(CrudBackend): # generate modlist modlist = self._generate_modlist(dn, entry_attrs_copy) if not modlist: - raise errors.EmptyModlist + raise errors2.EmptyModlist() # pass arguments to python-ldap try: self.conn.modify_s(dn, modlist) - except _ldap.NO_SUCH_ATTRIBUTE: - raise errors.MidairCollision except _ldap.LDAPError, e: - raise errors.DatabaseError, e + self.__handle_errors(e, **{}) def delete_entry(self, dn): """Delete entry.""" @@ -519,10 +555,8 @@ class ldap2(CrudBackend): # pass arguments to python-ldap try: self.conn.delete_s(dn) - except _ldap.INSUFFICIENT_ACCESS, e: - raise errors.InsuficientAccess, e except _ldap.LDAPError, e: - raise errors.DatabaseError, e + self.__handle_errors(e, **{}) def modify_password(self, dn, old_pass, new_pass): """Set user password.""" @@ -536,7 +570,7 @@ class ldap2(CrudBackend): try: self.passwd_s(dn, odl_pass, new_pass) except _ldap.LDAPError, e: - raise errors.DatabaseError, e + self.__handle_errors(e, **{}) def add_entry_to_group(self, dn, group_dn, member_attr='member'): """Add entry to group.""" @@ -545,7 +579,7 @@ class ldap2(CrudBackend): group_dn = self.normalize_dn(group_dn) # check if we're not trying to add group into itself if dn == group_dn: - raise errors.SameGroupError + raise errors2.SameGroupError() # check if the entry exists (dn, entry_attrs) = self.get_entry(dn, ['objectClass']) @@ -575,7 +609,7 @@ class ldap2(CrudBackend): try: members.remove(dn) except ValueError: - raise errors.NotGroupMember + raise errors2.NotGroupMember() group_entry_attrs[member_attr] = members # update group entry @@ -592,11 +626,11 @@ class ldap2(CrudBackend): account_lock_attr = account_lock_attr[0].lower() if active: if account_lock_attr == 'false': - raise errors.AlreadyActiveError + raise errors2.AlreadyActive() else: if account_lock_attr == 'true': - raise errors.AlreadyInactiveError - + raise errors2.AlreadyInactive() + # check if nsAccountLock attribute is in the entry itself is_member = False member_of_attr = entry_attrs.get('memberOf', []) @@ -605,7 +639,7 @@ class ldap2(CrudBackend): is_member = True break if not is_member and entry_attrs.has_key('nsAccountLock'): - raise errors.HasNSAccountLock + raise errors2.HasNSAccountLock() activated_filter = '(cn=activated)' inactivated_filter = '(cn=inactivated)' @@ -619,7 +653,7 @@ class ldap2(CrudBackend): (group_dn, group_entry_attrs) = entries[0] try: self.remove_entry_from_group(dn, group_dn) - except errors.NotGroupMember: + except errors2.NotGroupMember: pass # add the entry to the activated/inactivated group if necessary @@ -638,11 +672,11 @@ class ldap2(CrudBackend): (group_dn, group_entry_attrs) = entries[0] try: self.add_entry_to_group(dn, group_dn) - except errors.EmptyModlist: + except errors2.EmptyModlist: if active: - raise errors.AlreadyActiveError + raise errors2.AlreadyActive() else: - raise errors.AlreadyInactiveError + raise errors2.AlreadyInactive() def activate_entry(self, dn): """Mark entry active.""" diff --git a/ipaserver/servercore.py b/ipaserver/servercore.py index bf3b457f..ee0e518d 100644 --- a/ipaserver/servercore.py +++ b/ipaserver/servercore.py @@ -23,7 +23,7 @@ import re from ipalib.request import context from ipaserver import ipaldap import ipautil -from ipalib import errors, errors2 +from ipalib import errors2 from ipalib import api def convert_entry(ent): @@ -341,16 +341,16 @@ def mark_entry_active (dn): if entry.get('nsaccountlock', 'false').lower() == "false": api.log.debug("IPA: already active") - raise errors.AlreadyActiveError + raise errors2.AlreadyActive() if has_nsaccountlock(dn): api.log.debug("IPA: appears to have the nsaccountlock attribute") - raise errors.HasNSAccountLock + raise errors2.HasNSAccountLock() group = get_entry_by_cn("inactivated", None) try: remove_member_from_group(entry.get('dn'), group.get('dn')) - except errors.NotGroupMember: + except errors2.NotGroupMember: # Perhaps the user is there as a result of group membership pass @@ -377,18 +377,18 @@ def mark_entry_inactive (dn): if entry.get('nsaccountlock', 'false').lower() == "true": api.log.debug("IPA: already marked as inactive") - raise errors.AlreadyInactiveError + raise errors2.AlreadyInactive() if has_nsaccountlock(dn): api.log.debug("IPA: appears to have the nsaccountlock attribute") - raise errors.HasNSAccountLock + raise errors2.HasNSAccountLock() # First see if they are in the activated group as this will override # the our inactivation. group = get_entry_by_cn("activated", None) try: remove_member_from_group(dn, group.get('dn')) - except errors.NotGroupMember: + except errors2.NotGroupMember: # this is fine, they may not be explicitly in this group pass @@ -405,7 +405,7 @@ def add_member_to_group(member_dn, group_dn, memberattr='member'): api.log.info("IPA: add_member_to_group '%s' to '%s'" % (member_dn, group_dn)) if member_dn.lower() == group_dn.lower(): # You can't add a group to itself - raise errors.SameGroupError + raise errors2.RecursiveGroup() group = get_entry_by_dn(group_dn, None) if group is None: @@ -423,10 +423,7 @@ def add_member_to_group(member_dn, group_dn, memberattr='member'): members.append(member_dn) group[memberattr] = members - try: - return update_entry(group) - except errors.EmptyModlist: - raise + return update_entry(group) def remove_member_from_group(member_dn, group_dn, memberattr='member'): """Remove a member_dn from an existing group.""" @@ -444,7 +441,7 @@ def remove_member_from_group(member_dn, group_dn, memberattr='member'): members = group.get(memberattr, False) if not members: - raise errors.NotGroupMember + raise errors2.NotGroupMember() if isinstance(members,basestring): members = [members] @@ -453,15 +450,10 @@ def remove_member_from_group(member_dn, group_dn, memberattr='member'): try: members.remove(member_dn) except ValueError: - # member is not in the group - # FIXME: raise more specific error? - raise errors.NotGroupMember + raise errors2.NotGroupMember() except Exception, e: raise e group[memberattr] = members - try: - return update_entry(group) - except errors.EmptyModlist: - raise + return update_entry(group) |