From 62fe118e99e6f0f2c9c09101ec0f79283a342171 Mon Sep 17 00:00:00 2001 From: Douglas Bagnall Date: Fri, 19 Aug 2022 10:12:07 +1200 Subject: samba-tool: reduce repetitious jargon on credentials failure We already print the following due to DBG_ERR()s: cli_credentials_failed_kerberos_login: krb5_cc_get_principal failed: No such file or directory Failed to bind - LDAP error 49 LDAP_INVALID_CREDENTIALS - <8009030C: LdapErr: DSID-0C0904DC, comment: AcceptSecurityContext error, data 52e, v1db1> <> Failed to connect to 'ldap://10.53.57.30' with backend 'ldap': LDAP error 49 LDAP_INVALID_CREDENTIALS - <8009030C: LdapErr: DSID-0C0904DC, comment: AcceptSecurityContext error, data 52e, v1db1> <> We don't *really* need to follow that with: ERROR(ldb): LDAP connection to ldap://10.53.57.30 failed - LDAP error 49 LDAP_INVALID_CREDENTIALS - <8009030C: LdapErr: DSID-0C0904DC, comment: AcceptSecurityContext error, data 52e, v1db1> <> rather we can say: Bad username or password. Also, we don't really need to print a traceback, which we seem to do for some commands and not others. Maybe *sometimes* "bad username or password" might be technically incorrect (e.g. --simple-bind-dn), but in those cases the user is already behaving strangely, and they will still see the LDAP_INVALID_CREDENTIALS twice. Kerberos failures don't come this way. BUG: https://bugzilla.samba.org/show_bug.cgi?id=9608 Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett --- python/samba/netcmd/__init__.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'python') diff --git a/python/samba/netcmd/__init__.py b/python/samba/netcmd/__init__.py index eeb28964142..40b9b213f70 100644 --- a/python/samba/netcmd/__init__.py +++ b/python/samba/netcmd/__init__.py @@ -21,7 +21,7 @@ import samba from samba import colour from samba.getopt import SambaOption from samba.logger import get_samba_logger -from ldb import LdbError +from ldb import LdbError, ERR_INVALID_CREDENTIALS import sys import traceback import textwrap @@ -112,7 +112,11 @@ class Command(object): if isinstance(inner_exception, LdbError): (ldb_ecode, ldb_emsg) = inner_exception.args - self.errf.write("ERROR(ldb): %s - %s\n" % (message, ldb_emsg)) + if ldb_ecode == ERR_INVALID_CREDENTIALS: + print("Invalid username or password", file=self.errf) + force_traceback = False + else: + self.errf.write("ERROR(ldb): %s - %s\n" % (message, ldb_emsg)) elif isinstance(inner_exception, AssertionError): self.errf.write("ERROR(assert): %s\n" % message) force_traceback = True -- cgit v1.2.3