From: Jo Sutton <josutton@catalyst.net.nz>
Date: Wed, 17 Jan 2024 22:26:34 +0000 (+1300)
Subject: samba-tool: Display friendlier error message if no password is available
X-Git-Tag: tdb-1.4.11~1750
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=22c6629e16535e7a8014243ac519a7923c2cb3c1;p=thirdparty%2Fsamba.git

samba-tool: Display friendlier error message if no password is available

‘samba-tool user get-kerberos-ticket’ is supposed to display an error
message if no password is available. However, the conditions for which
the message is displayed are impossible to be met. If ‘utf16_pw’ is not
None, the message is not displayed; if ‘utf16_pw’ *is* None, ‘nt_pass’
is assigned with a samr.Password object, which is not None — and so the
message is still not displayed.

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/python/samba/netcmd/user/readpasswords/get_kerberos_ticket.py b/python/samba/netcmd/user/readpasswords/get_kerberos_ticket.py
index 3a8296b187a..b24af9faac2 100644
--- a/python/samba/netcmd/user/readpasswords/get_kerberos_ticket.py
+++ b/python/samba/netcmd/user/readpasswords/get_kerberos_ticket.py
@@ -119,23 +119,15 @@ samba-tool user get-kerberos-ticket --filter='(samAccountName=TestUser3)' --outp
         creds.set_username(str(obj["samAccountName"][0]))
         creds.set_realm(samdb.domain_dns_name())
 
-        utf16_pw = None
-        nt_pass = None
-        try:
-            utf16_pw = obj["virtualClearTextUTF16"][0]
+        utf16_pw = obj.get("virtualClearTextUTF16", idx=0)
+        nt_pass = obj.get("unicodePwd", idx=0)
+        if utf16_pw is not None:
             creds.set_utf16_password(utf16_pw)
-        except KeyError:
-            pass
-
-        if utf16_pw is None:
-            try:
-                nt_pass = samr.Password()
-                nt_pass.hash = list(obj["unicodePwd"][0])
-                creds.set_nt_hash(nt_pass)
-            except KeyError:
-                pass
-
-        if nt_pass is None and utf16_pw is None:
+        elif nt_pass is not None:
+            nt_hash = samr.Password()
+            nt_hash.hash = list(nt_pass)
+            creds.set_nt_hash(nt_hash)
+        else:
             if samdb.url.startswith("ldap://") or samdb.url.startswith("ldaps://"):
                 raise CommandError("No password was available for this user.  "
                                    "Only Group Managed Service accounts allow access to passwords over LDAP, "