On Tue, 7 May 2019 17:06:24 +1200
Tim Beale <timbeale at catalyst.net.nz> wrote:
> Apologies, this bug fell through the cracks and the fix never got
> backported to 4.10. I've uploaded the backport to the bug now, it just
> needs a review signoff.
>
> To recap, it was introduced as a side-effect of switching to Python 3.
> The old code never worked as intended on Python 2, but on Python 3 it
> now throws an exception.
>
> Rowland, the code in master is correct, as far as I can tell.
> Unfortunately the code is complicated by the fact the tool is trying
> to support changing 9 different settings independently of each other.
> The parameters default to None so that the tool can tell whether or
> not the user specified a given parameter. E.g. if you wanted to
> change the min-pwd-age to 14 days, then later wanted to change the
> account-lockout-duration to 60 minutes, you don't want running the 2nd
> command to reset the min-pwd-age back to the default.
>
Sorry Tim, but I do not agree ;-)
If you do not supply the minimum password age, then the 'def' sets
'min_pwd_age' to 'None', the code then goes to this:
if min_pwd_age is not None:
if min_pwd_age == "default":
min_pwd_age = 1
else:
min_pwd_age = int(min_pwd_age)
It checks if 'min_pwd_age' is supplied (not None) and does something
if it is, though now I look at that code, it depends on the user
supplying either 'default' or a number, there is nothing to check that
what is supplied is valid.
The user could supply anything, what does 'int(anything)' give you ?
If 'min_pwd_age' is 'None', the code above will NOT be run.
I initially supplied what I thought was the fix, but I got that wrong,
it should be:
if min_pwd_age is None:
min_pwd_age = 1
else:
# put code here to check for valid input
min_pwd_age = int(min_pwd_age)
As far as I can see, the problem stems from when 'samba-tool domain
passwordsettings' was split up, before this happening, if you didn't
supply something, it was obtained from AD, this meant that
'min_pwd_age' was NEVER 'None'
Rowland