From 16437edf487f3159d74fea7caebe84d1c8cc07fe Mon Sep 17 00:00:00 2001 From: Giampaolo Lauria Date: Fri, 21 Oct 2011 12:05:07 -0400 Subject: samba-tool: Improve "delegation" command error handling Change samdb toggle_userAccountFlags fcn to display more meaningful error messages Add flags string param to toggle_userAccountFlags Change call to toggle_userAccountFlags in delegation command to pass the flag name to be displayed in case of errors --- source4/scripting/python/samba/netcmd/delegation.py | 8 ++++++-- source4/scripting/python/samba/samdb.py | 10 ++++++---- 2 files changed, 12 insertions(+), 6 deletions(-) (limited to 'source4/scripting/python') diff --git a/source4/scripting/python/samba/netcmd/delegation.py b/source4/scripting/python/samba/netcmd/delegation.py index 49849870dd..469579e58c 100644 --- a/source4/scripting/python/samba/netcmd/delegation.py +++ b/source4/scripting/python/samba/netcmd/delegation.py @@ -104,7 +104,9 @@ class cmd_delegation_for_any_service(Command): search_filter = "sAMAccountName=%s" % ldb.binary_encode(cleanedaccount) flag = dsdb.UF_TRUSTED_FOR_DELEGATION try: - sam.toggle_userAccountFlags(search_filter, flag, on=on, strict=True) + sam.toggle_userAccountFlags(search_filter, flag, + flags_str="Trusted-for-Delegation", + on=on, strict=True) except Exception, err: raise CommandError(err) @@ -138,7 +140,9 @@ class cmd_delegation_for_any_protocol(Command): search_filter = "sAMAccountName=%s" % ldb.binary_encode(cleanedaccount) flag = dsdb.UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION try: - sam.toggle_userAccountFlags(search_filter, flag, on=on, strict=True) + sam.toggle_userAccountFlags(search_filter, flag, + flags_str="Trusted-to-Authenticate-for-Delegation", + on=on, strict=True) except Exception, err: raise CommandError(err) diff --git a/source4/scripting/python/samba/samdb.py b/source4/scripting/python/samba/samdb.py index 5cceb062ea..df05a5208b 100644 --- a/source4/scripting/python/samba/samdb.py +++ b/source4/scripting/python/samba/samdb.py @@ -6,6 +6,7 @@ # # Based on the original in EJS: # Copyright (C) Andrew Tridgell 2005 +# Copyright (C) Giampaolo Lauria 2011 # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -89,7 +90,8 @@ class SamDB(samba.Ldb): flags = samba.dsdb.UF_ACCOUNTDISABLE | samba.dsdb.UF_PASSWD_NOTREQD self.toggle_userAccountFlags(search_filter, flags, on=False) - def toggle_userAccountFlags(self, search_filter, flags, on=True, strict=False): + def toggle_userAccountFlags(self, search_filter, flags, flags_str=None, + on=True, strict=False): """toggle_userAccountFlags :param search_filter: LDAP filter to find the user (eg @@ -102,20 +104,20 @@ class SamDB(samba.Ldb): res = self.search(base=self.domain_dn(), scope=ldb.SCOPE_SUBTREE, expression=search_filter, attrs=["userAccountControl"]) if len(res) == 0: - raise Exception('Unable to find user "%s"' % search_filter) + raise Exception("Unable to find account where '%s'" % search_filter) assert(len(res) == 1) account_dn = res[0].dn old_uac = int(res[0]["userAccountControl"][0]) if on: if strict and (old_uac & flags): - error = 'userAccountFlags[%d:0x%08X] already contain 0x%X' % (old_uac, old_uac, flags) + error = "Account flag(s) '%s' already set" % flags_str raise Exception(error) new_uac = old_uac | flags else: if strict and not (old_uac & flags): - error = 'userAccountFlags[%d:0x%08X] not contain 0x%X' % (old_uac, old_uac, flags) + error = "Account flag(s) '%s' already unset" % flags_str raise Exception(error) new_uac = old_uac & ~flags -- cgit