[SCM] Samba Shared Repository - branch master updated
Jelmer Vernooij
jelmer at samba.org
Thu Nov 3 09:54:04 MDT 2011
The branch, master has been updated
via fe6913a samba-tool: Fix short description and error msgs in domain level
via 64e7e44 samba-tool: Fix --quiet option in domain samba3upgrade
via 16437ed samba-tool: Improve "delegation" command error handling
via 967ac70 samba-tool: Improve "delegation" command error message
via 9ff2874 samba-tool: Improve "delegation" command error handling
via 82c6599 samba-tool: Fix "delegation show" command synopsis
from 0f61eb5 pkg: add comments to the systemd sysconfig file
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit fe6913ada3117eb38d46f57dbca2afba5a179696
Author: Giampaolo Lauria <lauria2 at yahoo.com>
Date: Tue Nov 1 15:21:32 2011 -0400
samba-tool: Fix short description and error msgs in domain level
Autobuild-User: Jelmer Vernooij <jelmer at samba.org>
Autobuild-Date: Thu Nov 3 16:53:16 CET 2011 on sn-devel-104
commit 64e7e448fb476952a02c46a524f13586cea71fae
Author: Giampaolo Lauria <lauria2 at yahoo.com>
Date: Tue Nov 1 15:16:53 2011 -0400
samba-tool: Fix --quiet option in domain samba3upgrade
--quiet option does not require an argument
commit 16437edf487f3159d74fea7caebe84d1c8cc07fe
Author: Giampaolo Lauria <lauria2 at yahoo.com>
Date: Fri Oct 21 12:05:07 2011 -0400
samba-tool: Improve "delegation" command error handling
Change samdb toggle_userAccountFlags fcn to display more
meaningful error messages
Add flags string param to toggle_userAccountFlags
Change call to toggle_userAccountFlags in delegation command
to pass the flag name to be displayed in case of errors
commit 967ac70a35e8f42d0687c5b46013820c0bec37f9
Author: Giampaolo Lauria <lauria2 at yahoo.com>
Date: Fri Oct 21 11:57:34 2011 -0400
samba-tool: Improve "delegation" command error message
Write a more specific error msg when the on|off arg is invalid
commit 9ff2874e5e89ac297be972e0a6ef793456480a56
Author: Giampaolo Lauria <lauria2 at yahoo.com>
Date: Fri Oct 21 11:49:29 2011 -0400
samba-tool: Improve "delegation" command error handling
Display a more meaningful error msg when user account not found
Assert when returned number of entries is not 0 or 1
commit 82c6599e154fcec7bb9c32829e092b96a3e90de7
Author: Giampaolo Lauria <lauria2 at yahoo.com>
Date: Fri Oct 21 11:35:36 2011 -0400
samba-tool: Fix "delegation show" command synopsis
Removed "show" from synopsis as it is no longer necessary
-----------------------------------------------------------------------
Summary of changes:
.../scripting/python/samba/netcmd/delegation.py | 62 +++++++++++--------
source4/scripting/python/samba/netcmd/domain.py | 14 ++--
source4/scripting/python/samba/samdb.py | 10 ++-
3 files changed, 49 insertions(+), 37 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/scripting/python/samba/netcmd/delegation.py b/source4/scripting/python/samba/netcmd/delegation.py
index 0aed394..469579e 100644
--- a/source4/scripting/python/samba/netcmd/delegation.py
+++ b/source4/scripting/python/samba/netcmd/delegation.py
@@ -39,7 +39,7 @@ from samba.netcmd import (
class cmd_delegation_show(Command):
"""Show the delegation setting of an account."""
- synopsis = "%prog show <accountname> [options]"
+ synopsis = "%prog <accountname> [options]"
takes_args = ["accountname"]
@@ -52,13 +52,15 @@ class cmd_delegation_show(Command):
# TODO once I understand how, use the domain info to naildown
# to the correct domain
(cleanedaccount, realm, domain) = _get_user_realm_domain(accountname)
- self.outf.write("Searching for: %s\n" % (cleanedaccount))
- res = sam.search(expression="sAMAccountName=%s" % ldb.binary_encode(cleanedaccount),
- scope=ldb.SCOPE_SUBTREE,
- attrs=["userAccountControl", "msDS-AllowedToDelegateTo"])
- if len(res) != 1:
- raise CommandError("Account %s found %d times" % (accountname, len(res)))
-
+
+ res = sam.search(expression="sAMAccountName=%s" %
+ ldb.binary_encode(cleanedaccount),
+ scope=ldb.SCOPE_SUBTREE,
+ attrs=["userAccountControl", "msDS-AllowedToDelegateTo"])
+ if len(res) == 0:
+ raise CommandError("Unable to find account name '%s'" % accountname)
+ assert(len(res) == 1)
+
uac = int(res[0].get("userAccountControl")[0])
allowed = res[0].get("msDS-AllowedToDelegateTo")
@@ -88,7 +90,7 @@ class cmd_delegation_for_any_service(Command):
elif onoff == "off":
on = False
else:
- raise CommandError("Invalid argument [%s]" % onoff)
+ raise CommandError("invalid argument: '%s' (choose from 'on', 'off')" % onoff)
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp)
@@ -102,7 +104,9 @@ class cmd_delegation_for_any_service(Command):
search_filter = "sAMAccountName=%s" % ldb.binary_encode(cleanedaccount)
flag = dsdb.UF_TRUSTED_FOR_DELEGATION
try:
- sam.toggle_userAccountFlags(search_filter, flag, on=on, strict=True)
+ sam.toggle_userAccountFlags(search_filter, flag,
+ flags_str="Trusted-for-Delegation",
+ on=on, strict=True)
except Exception, err:
raise CommandError(err)
@@ -122,7 +126,7 @@ class cmd_delegation_for_any_protocol(Command):
elif onoff == "off":
on = False
else:
- raise CommandError("Invalid argument [%s]" % onoff)
+ raise CommandError("invalid argument: '%s' (choose from 'on', 'off')" % onoff)
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp)
@@ -136,7 +140,9 @@ class cmd_delegation_for_any_protocol(Command):
search_filter = "sAMAccountName=%s" % ldb.binary_encode(cleanedaccount)
flag = dsdb.UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION
try:
- sam.toggle_userAccountFlags(search_filter, flag, on=on, strict=True)
+ sam.toggle_userAccountFlags(search_filter, flag,
+ flags_str="Trusted-to-Authenticate-for-Delegation",
+ on=on, strict=True)
except Exception, err:
raise CommandError(err)
@@ -159,17 +165,19 @@ class cmd_delegation_add_service(Command):
# to the correct domain
(cleanedaccount, realm, domain) = _get_user_realm_domain(accountname)
- res = sam.search(expression="sAMAccountName=%s" % ldb.binary_encode(cleanedaccount),
- scope=ldb.SCOPE_SUBTREE,
- attrs=["msDS-AllowedToDelegateTo"])
- if len(res) != 1:
- raise CommandError("Account %s found %d times" % (accountname, len(res)))
+ res = sam.search(expression="sAMAccountName=%s" %
+ ldb.binary_encode(cleanedaccount),
+ scope=ldb.SCOPE_SUBTREE,
+ attrs=["msDS-AllowedToDelegateTo"])
+ if len(res) == 0:
+ raise CommandError("Unable to find account name '%s'" % accountname)
+ assert(len(res) == 1)
msg = ldb.Message()
msg.dn = res[0].dn
msg["msDS-AllowedToDelegateTo"] = ldb.MessageElement([principal],
- ldb.FLAG_MOD_ADD,
- "msDS-AllowedToDelegateTo")
+ ldb.FLAG_MOD_ADD,
+ "msDS-AllowedToDelegateTo")
try:
sam.modify(msg)
except Exception, err:
@@ -194,17 +202,19 @@ class cmd_delegation_del_service(Command):
# to the correct domain
(cleanedaccount, realm, domain) = _get_user_realm_domain(accountname)
- res = sam.search(expression="sAMAccountName=%s" % ldb.binary_encode(cleanedaccount),
- scope=ldb.SCOPE_SUBTREE,
- attrs=["msDS-AllowedToDelegateTo"])
- if len(res) != 1:
- raise CommandError("Account %s found %d times" % (accountname, len(res)))
+ res = sam.search(expression="sAMAccountName=%s" %
+ ldb.binary_encode(cleanedaccount),
+ scope=ldb.SCOPE_SUBTREE,
+ attrs=["msDS-AllowedToDelegateTo"])
+ if len(res) == 0:
+ raise CommandError("Unable to find account name '%s'" % accountname)
+ assert(len(res) == 1)
msg = ldb.Message()
msg.dn = res[0].dn
msg["msDS-AllowedToDelegateTo"] = ldb.MessageElement([principal],
- ldb.FLAG_MOD_DELETE,
- "msDS-AllowedToDelegateTo")
+ ldb.FLAG_MOD_DELETE,
+ "msDS-AllowedToDelegateTo")
try:
sam.modify(msg)
except Exception, err:
diff --git a/source4/scripting/python/samba/netcmd/domain.py b/source4/scripting/python/samba/netcmd/domain.py
index 715b376..10bcfda 100644
--- a/source4/scripting/python/samba/netcmd/domain.py
+++ b/source4/scripting/python/samba/netcmd/domain.py
@@ -77,7 +77,7 @@ class cmd_domain_export_keytab(Command):
class cmd_domain_join(Command):
- """Joins domain as either member or backup domain controller *"""
+ """Joins domain as either member or backup domain controller"""
synopsis = "%prog <dnsdomain> [DC|RODC|MEMBER|SUBDOMAIN] [options]"
@@ -133,7 +133,7 @@ class cmd_domain_join(Command):
site=site, netbios_name=netbios_name, netbios_domain=netbios_domain, targetdir=targetdir)
return
else:
- raise CommandError("Invalid role %s (possible values: MEMBER, DC, RODC)" % role)
+ raise CommandError("Invalid role '%s' (possible values: MEMBER, DC, RODC, SUBDOMAIN)" % role)
@@ -264,7 +264,7 @@ class cmd_domain_level(Command):
new_level_domain = DS_DOMAIN_FUNCTION_2008_R2
if new_level_domain <= level_domain and level_domain_mixed == 0:
- raise CommandError("Domain function level can't be smaller equal to the actual one!")
+ raise CommandError("Domain function level can't be smaller than or equal to the actual one!")
if new_level_domain > min_level_dc:
raise CommandError("Domain function level can't be higher than the lowest function level of a DC!")
@@ -319,7 +319,7 @@ class cmd_domain_level(Command):
elif forest_level == "2008_R2":
new_level_forest = DS_DOMAIN_FUNCTION_2008_R2
if new_level_forest <= level_forest:
- raise CommandError("Forest function level can't be smaller equal to the actual one!")
+ raise CommandError("Forest function level can't be smaller than or equal to the actual one!")
if new_level_forest > level_domain:
raise CommandError("Forest function level can't be higher than the domain function level(s). Please raise it/them first!")
m = ldb.Message()
@@ -332,7 +332,7 @@ class cmd_domain_level(Command):
msgs.append("All changes applied successfully!")
self.message("\n".join(msgs))
else:
- raise CommandError("Wrong argument '%s'!" % subcommand)
+ raise CommandError("invalid argument: '%s' (choose from 'show', 'raise')" % subcommand)
@@ -548,7 +548,7 @@ class cmd_domain_samba3upgrade(Command):
help="Path to samba3 testparm utility from the previous installation. This allows the default paths of the previous installation to be followed"),
Option("--targetdir", type="string", metavar="DIR",
help="Path prefix where the new Samba 4.0 AD domain should be initialised"),
- Option("--quiet", help="Be quiet"),
+ Option("--quiet", help="Be quiet", action="store_true"),
Option("--use-xattrs", type="choice", choices=["yes","no","auto"], metavar="[yes|no|auto]",
help="Define if we should use the native fs capabilities or a tdb file for storing attributes likes ntacl, auto tries to make an inteligent guess based on the user rights and system capabilities", default="auto"),
]
@@ -556,7 +556,7 @@ class cmd_domain_samba3upgrade(Command):
takes_args = ["smbconf"]
def run(self, smbconf=None, targetdir=None, dbdir=None, testparm=None,
- quiet=None, use_xattrs=None, sambaopts=None, versionopts=None):
+ quiet=False, use_xattrs=None, sambaopts=None, versionopts=None):
if not os.path.exists(smbconf):
raise CommandError("File %s does not exist" % smbconf)
diff --git a/source4/scripting/python/samba/samdb.py b/source4/scripting/python/samba/samdb.py
index 5cceb06..df05a52 100644
--- a/source4/scripting/python/samba/samdb.py
+++ b/source4/scripting/python/samba/samdb.py
@@ -6,6 +6,7 @@
#
# Based on the original in EJS:
# Copyright (C) Andrew Tridgell <tridge at samba.org> 2005
+# Copyright (C) Giampaolo Lauria <lauria2 at yahoo.com> 2011
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -89,7 +90,8 @@ class SamDB(samba.Ldb):
flags = samba.dsdb.UF_ACCOUNTDISABLE | samba.dsdb.UF_PASSWD_NOTREQD
self.toggle_userAccountFlags(search_filter, flags, on=False)
- def toggle_userAccountFlags(self, search_filter, flags, on=True, strict=False):
+ def toggle_userAccountFlags(self, search_filter, flags, flags_str=None,
+ on=True, strict=False):
"""toggle_userAccountFlags
:param search_filter: LDAP filter to find the user (eg
@@ -102,20 +104,20 @@ class SamDB(samba.Ldb):
res = self.search(base=self.domain_dn(), scope=ldb.SCOPE_SUBTREE,
expression=search_filter, attrs=["userAccountControl"])
if len(res) == 0:
- raise Exception('Unable to find user "%s"' % search_filter)
+ raise Exception("Unable to find account where '%s'" % search_filter)
assert(len(res) == 1)
account_dn = res[0].dn
old_uac = int(res[0]["userAccountControl"][0])
if on:
if strict and (old_uac & flags):
- error = 'userAccountFlags[%d:0x%08X] already contain 0x%X' % (old_uac, old_uac, flags)
+ error = "Account flag(s) '%s' already set" % flags_str
raise Exception(error)
new_uac = old_uac | flags
else:
if strict and not (old_uac & flags):
- error = 'userAccountFlags[%d:0x%08X] not contain 0x%X' % (old_uac, old_uac, flags)
+ error = "Account flag(s) '%s' already unset" % flags_str
raise Exception(error)
new_uac = old_uac & ~flags
--
Samba Shared Repository
More information about the samba-cvs
mailing list