From db342d86a9ccd15f764cb8e0a91774e1f8fd7858 Mon Sep 17 00:00:00 2001
From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Fri, 2 Feb 2024 15:01:21 +1300
Subject: [PATCH] samba-tool user readpasswords: avoid `assert` for validation

`assert` can be optimised away if python is run with `-O`.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Jun 11 05:32:28 UTC 2024 on atb-devel-224
---
 python/samba/netcmd/user/readpasswords/common.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/python/samba/netcmd/user/readpasswords/common.py b/python/samba/netcmd/user/readpasswords/common.py
index 0aa1f237dc0..7944d4e1682 100644
--- a/python/samba/netcmd/user/readpasswords/common.py
+++ b/python/samba/netcmd/user/readpasswords/common.py
@@ -114,7 +114,10 @@ def get_crypt_value(alg, utf8pw, rounds=0):
         "5": {"length": 43},
         "6": {"length": 86},
     }
-    assert alg in algs
+    if alg not in algs:
+        raise ValueError(f"invalid algorithm code: {alg}"
+                         f"(expected one of {','.join(algs.keys())})")
+
     salt = os.urandom(16)
     # The salt needs to be in [A-Za-z0-9./]
     # base64 is close enough and as we had 16
-- 
2.47.3