]> git.ipfire.org Git - thirdparty/samba.git/commitdiff
projects / thirdparty / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c61e8cd)
samba-tool: reduce repetitious jargon on credentials failure
authorDouglas Bagnall <douglas.bagnall@catalyst.net.nz>
Thu, 18 Aug 2022 22:12:07 +0000 (10:12 +1200)
committerDouglas Bagnall <dbagnall@samba.org>
Tue, 6 Sep 2022 21:12:36 +0000 (21:12 +0000)
We already print the following due to DBG_ERR()s:

  cli_credentials_failed_kerberos_login: krb5_cc_get_principal failed: No such file or directory
  Failed to bind - LDAP error 49 LDAP_INVALID_CREDENTIALS -  <8009030C: LdapErr: DSID-0C0904DC, comment: AcceptSecurityContext error, data 52e, v1db1> <>
  Failed to connect to 'ldap://10.53.57.30' with backend 'ldap': LDAP error 49 LDAP_INVALID_CREDENTIALS -  <8009030C: LdapErr: DSID-0C0904DC, comment: AcceptSecurityContext error, data 52e, v1db1> <>

We don't *really* need to follow that with:

  ERROR(ldb): LDAP connection to ldap://10.53.57.30 failed  - LDAP error 49 LDAP_INVALID_CREDENTIALS -  <8009030C: LdapErr: DSID-0C0904DC, comment: AcceptSecurityContext error, data 52e, v1db1> <>

rather we can say:

  Bad username or password.

Also, we don't really need to print a traceback, which we seem to do
for some commands and not others.

Maybe *sometimes* "bad username or password" might be technically
incorrect (e.g. --simple-bind-dn), but in those cases the user is
already behaving strangely, and they will still see the
LDAP_INVALID_CREDENTIALS twice. Kerberos failures don't come this way.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9608

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
python/samba/netcmd/__init__.py patch | blob | blame | history

diff --git a/python/samba/netcmd/__init__.py b/python/samba/netcmd/__init__.py
index eeb28964142ca0b78e813c09f69b7c9c54dffc4b..40b9b213f7018663b01d70433f9634b031ea0506 100644 (file)
--- a/python/samba/netcmd/__init__.py
+++ b/python/samba/netcmd/__init__.py
@@ -21,7 +21,7 @@ import samba
 from samba import colour
 from samba.getopt import SambaOption
 from samba.logger import get_samba_logger
-from ldb import LdbError
+from ldb import LdbError, ERR_INVALID_CREDENTIALS
 import sys
 import traceback
 import textwrap
@@ -112,7 +112,11 @@ class Command(object):
 
         if isinstance(inner_exception, LdbError):
             (ldb_ecode, ldb_emsg) = inner_exception.args
-            self.errf.write("ERROR(ldb): %s - %s\n" % (message, ldb_emsg))
+            if ldb_ecode == ERR_INVALID_CREDENTIALS:
+                print("Invalid username or password", file=self.errf)
+                force_traceback = False
+            else:
+                self.errf.write("ERROR(ldb): %s - %s\n" % (message, ldb_emsg))
         elif isinstance(inner_exception, AssertionError):
             self.errf.write("ERROR(assert): %s\n" % message)
             force_traceback = True
Mirror of https://github.com/samba-team/samba.git