diff options
author | Giampaolo Lauria <lauria2@yahoo.com> | 2011-10-21 11:49:29 -0400 |
---|---|---|
committer | Jelmer Vernooij <jelmer@samba.org> | 2011-11-03 15:12:27 +0100 |
commit | 9ff2874e5e89ac297be972e0a6ef793456480a56 (patch) | |
tree | 87c0dba35a94177b4f8b34f93854c70624a6c5d3 /source4/scripting/python | |
parent | 82c6599e154fcec7bb9c32829e092b96a3e90de7 (diff) | |
download | samba-9ff2874e5e89ac297be972e0a6ef793456480a56.tar.gz samba-9ff2874e5e89ac297be972e0a6ef793456480a56.tar.bz2 samba-9ff2874e5e89ac297be972e0a6ef793456480a56.zip |
samba-tool: Improve "delegation" command error handling
Display a more meaningful error msg when user account not found
Assert when returned number of entries is not 0 or 1
Diffstat (limited to 'source4/scripting/python')
-rw-r--r-- | source4/scripting/python/samba/netcmd/delegation.py | 48 |
1 files changed, 27 insertions, 21 deletions
diff --git a/source4/scripting/python/samba/netcmd/delegation.py b/source4/scripting/python/samba/netcmd/delegation.py index 9fccaf9536..ec84f671bc 100644 --- a/source4/scripting/python/samba/netcmd/delegation.py +++ b/source4/scripting/python/samba/netcmd/delegation.py @@ -52,13 +52,15 @@ class cmd_delegation_show(Command): # TODO once I understand how, use the domain info to naildown # to the correct domain (cleanedaccount, realm, domain) = _get_user_realm_domain(accountname) - self.outf.write("Searching for: %s\n" % (cleanedaccount)) - res = sam.search(expression="sAMAccountName=%s" % ldb.binary_encode(cleanedaccount), - scope=ldb.SCOPE_SUBTREE, - attrs=["userAccountControl", "msDS-AllowedToDelegateTo"]) - if len(res) != 1: - raise CommandError("Account %s found %d times" % (accountname, len(res))) - + + res = sam.search(expression="sAMAccountName=%s" % + ldb.binary_encode(cleanedaccount), + scope=ldb.SCOPE_SUBTREE, + attrs=["userAccountControl", "msDS-AllowedToDelegateTo"]) + if len(res) == 0: + raise CommandError("Unable to find account name '%s'" % accountname) + assert(len(res) == 1) + uac = int(res[0].get("userAccountControl")[0]) allowed = res[0].get("msDS-AllowedToDelegateTo") @@ -159,17 +161,19 @@ class cmd_delegation_add_service(Command): # to the correct domain (cleanedaccount, realm, domain) = _get_user_realm_domain(accountname) - res = sam.search(expression="sAMAccountName=%s" % ldb.binary_encode(cleanedaccount), - scope=ldb.SCOPE_SUBTREE, - attrs=["msDS-AllowedToDelegateTo"]) - if len(res) != 1: - raise CommandError("Account %s found %d times" % (accountname, len(res))) + res = sam.search(expression="sAMAccountName=%s" % + ldb.binary_encode(cleanedaccount), + scope=ldb.SCOPE_SUBTREE, + attrs=["msDS-AllowedToDelegateTo"]) + if len(res) == 0: + raise CommandError("Unable to find account name '%s'" % accountname) + assert(len(res) == 1) msg = ldb.Message() msg.dn = res[0].dn msg["msDS-AllowedToDelegateTo"] = ldb.MessageElement([principal], - ldb.FLAG_MOD_ADD, - "msDS-AllowedToDelegateTo") + ldb.FLAG_MOD_ADD, + "msDS-AllowedToDelegateTo") try: sam.modify(msg) except Exception, err: @@ -194,17 +198,19 @@ class cmd_delegation_del_service(Command): # to the correct domain (cleanedaccount, realm, domain) = _get_user_realm_domain(accountname) - res = sam.search(expression="sAMAccountName=%s" % ldb.binary_encode(cleanedaccount), - scope=ldb.SCOPE_SUBTREE, - attrs=["msDS-AllowedToDelegateTo"]) - if len(res) != 1: - raise CommandError("Account %s found %d times" % (accountname, len(res))) + res = sam.search(expression="sAMAccountName=%s" % + ldb.binary_encode(cleanedaccount), + scope=ldb.SCOPE_SUBTREE, + attrs=["msDS-AllowedToDelegateTo"]) + if len(res) == 0: + raise CommandError("Unable to find account name '%s'" % accountname) + assert(len(res) == 1) msg = ldb.Message() msg.dn = res[0].dn msg["msDS-AllowedToDelegateTo"] = ldb.MessageElement([principal], - ldb.FLAG_MOD_DELETE, - "msDS-AllowedToDelegateTo") + ldb.FLAG_MOD_DELETE, + "msDS-AllowedToDelegateTo") try: sam.modify(msg) except Exception, err: |