summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/scripting/python/samba/netcmd/delegation.py8
-rw-r--r--source4/scripting/python/samba/samdb.py10
2 files changed, 12 insertions, 6 deletions
diff --git a/source4/scripting/python/samba/netcmd/delegation.py b/source4/scripting/python/samba/netcmd/delegation.py
index 49849870dd..469579e58c 100644
--- a/source4/scripting/python/samba/netcmd/delegation.py
+++ b/source4/scripting/python/samba/netcmd/delegation.py
@@ -104,7 +104,9 @@ class cmd_delegation_for_any_service(Command):
search_filter = "sAMAccountName=%s" % ldb.binary_encode(cleanedaccount)
flag = dsdb.UF_TRUSTED_FOR_DELEGATION
try:
- sam.toggle_userAccountFlags(search_filter, flag, on=on, strict=True)
+ sam.toggle_userAccountFlags(search_filter, flag,
+ flags_str="Trusted-for-Delegation",
+ on=on, strict=True)
except Exception, err:
raise CommandError(err)
@@ -138,7 +140,9 @@ class cmd_delegation_for_any_protocol(Command):
search_filter = "sAMAccountName=%s" % ldb.binary_encode(cleanedaccount)
flag = dsdb.UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION
try:
- sam.toggle_userAccountFlags(search_filter, flag, on=on, strict=True)
+ sam.toggle_userAccountFlags(search_filter, flag,
+ flags_str="Trusted-to-Authenticate-for-Delegation",
+ on=on, strict=True)
except Exception, err:
raise CommandError(err)
diff --git a/source4/scripting/python/samba/samdb.py b/source4/scripting/python/samba/samdb.py
index 5cceb062ea..df05a5208b 100644
--- a/source4/scripting/python/samba/samdb.py
+++ b/source4/scripting/python/samba/samdb.py
@@ -6,6 +6,7 @@
#
# Based on the original in EJS:
# Copyright (C) Andrew Tridgell <tridge@samba.org> 2005
+# Copyright (C) Giampaolo Lauria <lauria2@yahoo.com> 2011
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -89,7 +90,8 @@ class SamDB(samba.Ldb):
flags = samba.dsdb.UF_ACCOUNTDISABLE | samba.dsdb.UF_PASSWD_NOTREQD
self.toggle_userAccountFlags(search_filter, flags, on=False)
- def toggle_userAccountFlags(self, search_filter, flags, on=True, strict=False):
+ def toggle_userAccountFlags(self, search_filter, flags, flags_str=None,
+ on=True, strict=False):
"""toggle_userAccountFlags
:param search_filter: LDAP filter to find the user (eg
@@ -102,20 +104,20 @@ class SamDB(samba.Ldb):
res = self.search(base=self.domain_dn(), scope=ldb.SCOPE_SUBTREE,
expression=search_filter, attrs=["userAccountControl"])
if len(res) == 0:
- raise Exception('Unable to find user "%s"' % search_filter)
+ raise Exception("Unable to find account where '%s'" % search_filter)
assert(len(res) == 1)
account_dn = res[0].dn
old_uac = int(res[0]["userAccountControl"][0])
if on:
if strict and (old_uac & flags):
- error = 'userAccountFlags[%d:0x%08X] already contain 0x%X' % (old_uac, old_uac, flags)
+ error = "Account flag(s) '%s' already set" % flags_str
raise Exception(error)
new_uac = old_uac | flags
else:
if strict and not (old_uac & flags):
- error = 'userAccountFlags[%d:0x%08X] not contain 0x%X' % (old_uac, old_uac, flags)
+ error = "Account flag(s) '%s' already unset" % flags_str
raise Exception(error)
new_uac = old_uac & ~flags