From: Douglas Bagnall Date: Thu, 18 Aug 2022 22:12:07 +0000 (+1200) Subject: samba-tool: reduce repetitious jargon on credentials failure X-Git-Tag: talloc-2.4.0~1185 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=62fe118e99e6f0f2c9c09101ec0f79283a342171;p=thirdparty%2Fsamba.git samba-tool: reduce repetitious jargon on credentials failure We already print the following due to DBG_ERR()s: cli_credentials_failed_kerberos_login: krb5_cc_get_principal failed: No such file or directory Failed to bind - LDAP error 49 LDAP_INVALID_CREDENTIALS - <8009030C: LdapErr: DSID-0C0904DC, comment: AcceptSecurityContext error, data 52e, v1db1> <> Failed to connect to 'ldap://10.53.57.30' with backend 'ldap': LDAP error 49 LDAP_INVALID_CREDENTIALS - <8009030C: LdapErr: DSID-0C0904DC, comment: AcceptSecurityContext error, data 52e, v1db1> <> We don't *really* need to follow that with: ERROR(ldb): LDAP connection to ldap://10.53.57.30 failed - LDAP error 49 LDAP_INVALID_CREDENTIALS - <8009030C: LdapErr: DSID-0C0904DC, comment: AcceptSecurityContext error, data 52e, v1db1> <> rather we can say: Bad username or password. Also, we don't really need to print a traceback, which we seem to do for some commands and not others. Maybe *sometimes* "bad username or password" might be technically incorrect (e.g. --simple-bind-dn), but in those cases the user is already behaving strangely, and they will still see the LDAP_INVALID_CREDENTIALS twice. Kerberos failures don't come this way. BUG: https://bugzilla.samba.org/show_bug.cgi?id=9608 Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett --- diff --git a/python/samba/netcmd/__init__.py b/python/samba/netcmd/__init__.py index eeb28964142..40b9b213f70 100644 --- a/python/samba/netcmd/__init__.py +++ b/python/samba/netcmd/__init__.py @@ -21,7 +21,7 @@ import samba from samba import colour from samba.getopt import SambaOption from samba.logger import get_samba_logger -from ldb import LdbError +from ldb import LdbError, ERR_INVALID_CREDENTIALS import sys import traceback import textwrap @@ -112,7 +112,11 @@ class Command(object): if isinstance(inner_exception, LdbError): (ldb_ecode, ldb_emsg) = inner_exception.args - self.errf.write("ERROR(ldb): %s - %s\n" % (message, ldb_emsg)) + if ldb_ecode == ERR_INVALID_CREDENTIALS: + print("Invalid username or password", file=self.errf) + force_traceback = False + else: + self.errf.write("ERROR(ldb): %s - %s\n" % (message, ldb_emsg)) elif isinstance(inner_exception, AssertionError): self.errf.write("ERROR(assert): %s\n" % message) force_traceback = True