sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-12-23 00:23:53 +03:00
Code Activity

gp: Add site-dn fallback when rpc call fails

Browse Source 
In testing I noticed that the rpc call for the
site name is failing when joined via SSSD. This
commit adds a fallback to check using the old
style method found in ads_site_dn_for_machine()
(which works, but doesn't obey the Group Policy
spec) if the rpc call fails.

Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Apr 28 03:14:25 UTC 2023 on atb-devel-224
This commit is contained in:
David Mulder
2023-04-19 14:11:05 -06:00
committed by Andrew Bartlett
parent c80affe0f1
commit 4486d686f5
1 changed files with 22 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
python/samba/gp/gpclass.py
View File

@@ -21,7 +21,7 @@ import errno
import tdb
import pwd
sys.path.insert(0, "bin/python")
from samba import NTSTATUSError
from samba import NTSTATUSError, WERRORError
from configparser import ConfigParser
from io import StringIO
import traceback
@@ -582,6 +582,12 @@ def get_dc_hostname(creds, lp):
nbt.NBT_SERVER_DS))
return cldap_ret.pdc_dns_name
def get_dc_netbios_hostname(creds, lp):
net = Net(creds=creds, lp=lp)
cldap_ret = net.finddc(domain=lp.get('realm'), flags=(nbt.NBT_SERVER_LDAP |
nbt.NBT_SERVER_DS))
return cldap_ret.pdc_name
''' Fetch a list of GUIDs for applicable GPOs '''
@@ -753,9 +759,21 @@ def merge_nt_token(token_1, token_2):
def site_dn_for_machine(samdb, dc_hostname, lp, creds, hostname):
# [MS-GPOL] 3.2.5.1.4 Site Search
config_context = samdb.get_config_basedn()
c = netlogon.netlogon("ncacn_np:%s[seal]" % dc_hostname, lp, creds)
site_name = c.netr_DsRGetSiteName(hostname)
return 'CN={},CN=Sites,{}'.format(site_name, config_context)
try:
c = netlogon.netlogon("ncacn_np:%s[seal]" % dc_hostname, lp, creds)
site_name = c.netr_DsRGetSiteName(hostname)
return 'CN={},CN=Sites,{}'.format(site_name, config_context)
except WERRORError:
# Fallback to the old method found in ads_site_dn_for_machine
nb_hostname = get_dc_netbios_hostname(creds, lp)
res = samdb.search(config_context, ldb.SCOPE_SUBTREE,
"(cn=%s)" % nb_hostname, ['dn'])
if res.count != 1:
raise ldb.LdbError(ldb.ERR_NO_SUCH_OBJECT,
'site_dn_for_machine: no result')
dn = res.msgs[0]['dn']
site_dn = dn.parent().parent()
return site_dn
def get_gpo_list(dc_hostname, creds, lp, username):
'''Get the full list of GROUP_POLICY_OBJECTs for a given username.