samba-tool: Improve "delegation" command error handling

Change samdb toggle_userAccountFlags fcn to display more
meaningful error messages
Add flags string param to toggle_userAccountFlags
Change call to toggle_userAccountFlags in delegation command
to pass the flag name to be displayed in case of errors

diff --git a/source4/scripting/python/samba/netcmd/delegation.py b/source4/scripting/python/samba/netcmd/delegation.py
index 49849870ddcf3480fea3b53199ed6a0f98e2e0d3..469579e58c9c0b2c7f1410a41670a465d28f4180 100644 (file)
--- a/source4/scripting/python/samba/netcmd/delegation.py
+++ b/source4/scripting/python/samba/netcmd/delegation.py
@@ -104,7 +104,9 @@ class cmd_delegation_for_any_service(Command):
         search_filter = "sAMAccountName=%s" % ldb.binary_encode(cleanedaccount)
         flag = dsdb.UF_TRUSTED_FOR_DELEGATION
         try:
-            sam.toggle_userAccountFlags(search_filter, flag, on=on, strict=True)
+            sam.toggle_userAccountFlags(search_filter, flag,
+                                        flags_str="Trusted-for-Delegation",
+                                        on=on, strict=True)
         except Exception, err:
             raise CommandError(err)
 
@@ -138,7 +140,9 @@ class cmd_delegation_for_any_protocol(Command):
         search_filter = "sAMAccountName=%s" % ldb.binary_encode(cleanedaccount)
         flag = dsdb.UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION
         try:
-            sam.toggle_userAccountFlags(search_filter, flag, on=on, strict=True)
+            sam.toggle_userAccountFlags(search_filter, flag,
+                        flags_str="Trusted-to-Authenticate-for-Delegation",
+                        on=on, strict=True)
         except Exception, err:
             raise CommandError(err)
 

diff --git a/source4/scripting/python/samba/samdb.py b/source4/scripting/python/samba/samdb.py
index 5cceb062eaf074692c3a2d83e5c3143b7dd7db57..df05a5208b96da309bfb6e7fc1d2404d446f6e42 100644 (file)
--- a/source4/scripting/python/samba/samdb.py
+++ b/source4/scripting/python/samba/samdb.py
@@ -6,6 +6,7 @@
 #
 # Based on the original in EJS:
 # Copyright (C) Andrew Tridgell <tridge@samba.org> 2005
+# Copyright (C) Giampaolo Lauria <lauria2@yahoo.com> 2011
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -89,7 +90,8 @@ class SamDB(samba.Ldb):
         flags = samba.dsdb.UF_ACCOUNTDISABLE | samba.dsdb.UF_PASSWD_NOTREQD
         self.toggle_userAccountFlags(search_filter, flags, on=False)
 
-    def toggle_userAccountFlags(self, search_filter, flags, on=True, strict=False):
+    def toggle_userAccountFlags(self, search_filter, flags, flags_str=None,
+                                on=True, strict=False):
         """toggle_userAccountFlags
 
         :param search_filter: LDAP filter to find the user (eg
@@ -102,20 +104,20 @@ class SamDB(samba.Ldb):
         res = self.search(base=self.domain_dn(), scope=ldb.SCOPE_SUBTREE,
                           expression=search_filter, attrs=["userAccountControl"])
         if len(res) == 0:
-                raise Exception('Unable to find user "%s"' % search_filter)
+                raise Exception("Unable to find account where '%s'" % search_filter)
         assert(len(res) == 1)
         account_dn = res[0].dn
 
         old_uac = int(res[0]["userAccountControl"][0])
         if on:
             if strict and (old_uac & flags):
-                error = 'userAccountFlags[%d:0x%08X] already contain 0x%X' % (old_uac, old_uac, flags)
+                error = "Account flag(s) '%s' already set" % flags_str
                 raise Exception(error)
 
             new_uac = old_uac | flags
         else:
             if strict and not (old_uac & flags):
-                error = 'userAccountFlags[%d:0x%08X] not contain 0x%X' % (old_uac, old_uac, flags)
+                error = "Account flag(s) '%s' already unset" % flags_str
                 raise Exception(error)
 
             new_uac = old_uac & ~flags