sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-07-27 07:42:04 +03:00
Code Activity

Fix formating of sources to be less than 80 lines

Browse Source 
Signed-off-by: David Mulder <dmulder@suse.com>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Tue Nov 21 01:51:59 CET 2017 on sn-devel-144
This commit is contained in:
Garming Sam
2017-11-20 10:28:33 +13:00
committed by Garming Sam
parent 644bbf083b
commit 6e7d037ace
4 changed files with 190 additions and 97 deletions
Download Patch File Download Diff File Expand all files Collapse all files

135
python/samba/gpclass.py
View File

@ -44,7 +44,8 @@ except ImportError:
class gp_log:
''' Log settings overwritten by gpo apply
The gp_log is an xml file that stores a history of gpo changes (and the original setting value).
The gp_log is an xml file that stores a history of gpo changes (and the
original setting value).
The log is organized like so:
@ -69,19 +70,22 @@ class gp_log:
</user>
</gp>
Each guid value contains a list of extensions, which contain a list of attributes. The guid value
represents a GPO. The attributes are the values of those settings prior to the application of
the GPO.
The list of guids is enclosed within a user name, which represents the user the settings were
applied to. This user may be the samaccountname of the local computer, which implies that these
are machine policies.
The applylog keeps track of the order in which the GPOs were applied, so that they can be rolled
back in reverse, returning the machine to the state prior to policy application.
Each guid value contains a list of extensions, which contain a list of
attributes. The guid value represents a GPO. The attributes are the values
of those settings prior to the application of the GPO.
The list of guids is enclosed within a user name, which represents the user
the settings were applied to. This user may be the samaccountname of the
local computer, which implies that these are machine policies.
The applylog keeps track of the order in which the GPOs were applied, so
that they can be rolled back in reverse, returning the machine to the state
prior to policy application.
'''
def __init__(self, user, gpostore, db_log=None):
''' Initialize the gp_log
param user - the username (or machine name) that policies are being applied to
param gpostore - the GPOStorage obj which references the tdb which contains gp_logs
param user - the username (or machine name) that policies are
being applied to
param gpostore - the GPOStorage obj which references the tdb which
contains gp_logs
param db_log - (optional) a string to initialize the gp_log
'''
self._state = GPOSTATE.APPLY
@ -100,10 +104,11 @@ class gp_log:
''' Policy application state
param value - APPLY, ENFORCE, or UNAPPLY
The behavior of the gp_log depends on whether we are applying policy, enforcing policy,
or unapplying policy. During an apply, old settings are recorded in the log. During an
enforce, settings are being applied but the gp_log does not change. During an unapply,
additions to the log should be ignored (since function calls to apply settings are actually
The behavior of the gp_log depends on whether we are applying policy,
enforcing policy, or unapplying policy. During an apply, old settings
are recorded in the log. During an enforce, settings are being applied
but the gp_log does not change. During an unapply, additions to the log
should be ignored (since function calls to apply settings are actually
reverting policy), but removals from the log are allowed.
'''
# If we're enforcing, but we've unapplied, apply instead
@ -118,7 +123,8 @@ class gp_log:
def set_guid(self, guid):
''' Log to a different GPO guid
param guid - guid value of the GPO from which we're applying policy
param guid - guid value of the GPO from which we're applying
policy
'''
self.guid = self.user.find('guid[@value="%s"]' % guid)
if self.guid is None:
@ -136,7 +142,8 @@ class gp_log:
''' Pop a GPO guid from the applylog
return - last applied GPO guid
Removes the GPO guid last added to the list, which is the most recently applied GPO.
Removes the GPO guid last added to the list, which is the most recently
applied GPO.
'''
apply_log = self.user.find('applylog')
if apply_log is not None:
@ -152,7 +159,8 @@ class gp_log:
''' Store an attribute in the gp_log
param gp_ext_name - Name of the extension applying policy
param attribute - The attribute being modified
param old_val - The value of the attribute prior to policy application
param old_val - The value of the attribute prior to policy
application
'''
if self._state == GPOSTATE.UNAPPLY or self._state == GPOSTATE.ENFORCE:
return None
@ -171,7 +179,8 @@ class gp_log:
''' Retrieve a stored attribute from the gp_log
param gp_ext_name - Name of the extension which applied policy
param attribute - The attribute being retrieved
return - The value of the attribute prior to policy application
return - The value of the attribute prior to policy
application
'''
assert self.guid is not None, "gpo guid was not set"
ext = self.guid.find('gp_ext[@name="%s"]' % gp_ext_name)
@ -182,9 +191,12 @@ class gp_log:
return None
def list(self, gp_extensions):
''' Return a list of attributes, their previous values, and functions to set them
param gp_extensions - list of extension objects, for retrieving attr to func mappings
return - list of (attr, value, apply_func) tuples for unapplying policy
''' Return a list of attributes, their previous values, and functions
to set them
param gp_extensions - list of extension objects, for retrieving attr to
func mappings
return - list of (attr, value, apply_func) tuples for
unapplying policy
'''
assert self.guid is not None, "gpo guid was not set"
ret = []
@ -194,15 +206,18 @@ class gp_log:
exts = self.guid.findall('gp_ext')
if exts is not None:
for ext in exts:
ext_map = {val[0]: val[1] for (key, val) in data_maps[ext.attrib['name']].items()}
ext_map = {val[0]: val[1] for (key, val) in \
data_maps[ext.attrib['name']].items()}
attrs = ext.findall('attribute')
for attr in attrs:
ret.append((attr.attrib['name'], attr.text, ext_map[attr.attrib['name']]))
ret.append((attr.attrib['name'], attr.text,
ext_map[attr.attrib['name']]))
return ret
def delete(self, gp_ext_name, attribute):
''' Remove an attribute from the gp_log
param gp_ext_name - name of extension from which to remove the attribute
param gp_ext_name - name of extension from which to remove the
attribute
param attribute - attribute to remove
'''
assert self.guid is not None, "gpo guid was not set"
@ -313,7 +328,8 @@ class inf_to_kdc_tdb(inf_to):
def set_kdc_tdb(self, val):
old_val = self.gp_db.gpostore.get(self.attribute)
self.logger.info('%s was changed from %s to %s' % (self.attribute, old_val, val))
self.logger.info('%s was changed from %s to %s' % (self.attribute,
old_val, val))
if val is not None:
self.gp_db.gpostore.store(self.attribute, val)
self.gp_db.store(str(self), self.attribute, old_val)
@ -323,40 +339,47 @@ class inf_to_kdc_tdb(inf_to):
def mapper(self):
return { 'kdc:user_ticket_lifetime': (self.set_kdc_tdb, self.explicit),
'kdc:service_ticket_lifetime': (self.set_kdc_tdb, self.mins_to_hours),
'kdc:renewal_lifetime': (self.set_kdc_tdb, self.days_to_hours),
'kdc:service_ticket_lifetime': (self.set_kdc_tdb,
self.mins_to_hours),
'kdc:renewal_lifetime': (self.set_kdc_tdb,
self.days_to_hours),
}
def __str__(self):
return 'Kerberos Policy'
class inf_to_ldb(inf_to):
'''This class takes the .inf file parameter (essentially a GPO file mapped to a GUID),
hashmaps it to the Samba parameter, which then uses an ldb object to update the
parameter to Samba4. Not registry oriented whatsoever.
'''This class takes the .inf file parameter (essentially a GPO file mapped
to a GUID), hashmaps it to the Samba parameter, which then uses an ldb
object to update the parameter to Samba4. Not registry oriented whatsoever.
'''
def ch_minPwdAge(self, val):
old_val = self.ldb.get_minPwdAge()
self.logger.info('KDC Minimum Password age was changed from %s to %s' % (old_val, val))
self.logger.info('KDC Minimum Password age was changed from %s to %s' \
% (old_val, val))
self.gp_db.store(str(self), self.attribute, old_val)
self.ldb.set_minPwdAge(val)
def ch_maxPwdAge(self, val):
old_val = self.ldb.get_maxPwdAge()
self.logger.info('KDC Maximum Password age was changed from %s to %s' % (old_val, val))
self.logger.info('KDC Maximum Password age was changed from %s to %s' \
% (old_val, val))
self.gp_db.store(str(self), self.attribute, old_val)
self.ldb.set_maxPwdAge(val)
def ch_minPwdLength(self, val):
old_val = self.ldb.get_minPwdLength()
self.logger.info('KDC Minimum Password length was changed from %s to %s' % (old_val, val))
self.logger.info(
'KDC Minimum Password length was changed from %s to %s' \
% (old_val, val))
self.gp_db.store(str(self), self.attribute, old_val)
self.ldb.set_minPwdLength(val)
def ch_pwdProperties(self, val):
old_val = self.ldb.get_pwdProperties()
self.logger.info('KDC Password Properties were changed from %s to %s' % (old_val, val))
self.logger.info('KDC Password Properties were changed from %s to %s' \
% (old_val, val))
self.gp_db.store(str(self), self.attribute, old_val)
self.ldb.set_pwdProperties(val)
@ -373,7 +396,8 @@ class inf_to_ldb(inf_to):
'''ldap value : samba setter'''
return { "minPwdAge" : (self.ch_minPwdAge, self.days2rel_nttime),
"maxPwdAge" : (self.ch_maxPwdAge, self.days2rel_nttime),
# Could be none, but I like the method assignment in update_samba
# Could be none, but I like the method assignment in
# update_samba
"minPwdLength" : (self.ch_minPwdLength, self.explicit),
"pwdProperties" : (self.ch_pwdProperties, self.explicit),
@ -398,7 +422,8 @@ class gp_sec_ext(gp_ext):
return "Security GPO extension"
def list(self, rootpath):
return os.path.join(rootpath, "MACHINE/Microsoft/Windows NT/SecEdit/GptTmpl.inf")
return os.path.join(rootpath,
"MACHINE/Microsoft/Windows NT/SecEdit/GptTmpl.inf")
def listmachpol(self, rootpath):
return os.path.join(rootpath, "Machine/Registry.pol")
@ -407,14 +432,27 @@ class gp_sec_ext(gp_ext):
return os.path.join(rootpath, "User/Registry.pol")
def apply_map(self):
return {"System Access": {"MinimumPasswordAge": ("minPwdAge", inf_to_ldb),
"MaximumPasswordAge": ("maxPwdAge", inf_to_ldb),
"MinimumPasswordLength": ("minPwdLength", inf_to_ldb),
"PasswordComplexity": ("pwdProperties", inf_to_ldb),
return {"System Access": {"MinimumPasswordAge": ("minPwdAge",
inf_to_ldb),
"MaximumPasswordAge": ("maxPwdAge",
inf_to_ldb),
"MinimumPasswordLength": ("minPwdLength",
inf_to_ldb),
"PasswordComplexity": ("pwdProperties",
inf_to_ldb),
},
"Kerberos Policy": {"MaxTicketAge": ("kdc:user_ticket_lifetime", inf_to_kdc_tdb),
"MaxServiceAge": ("kdc:service_ticket_lifetime", inf_to_kdc_tdb),
"MaxRenewAge": ("kdc:renewal_lifetime", inf_to_kdc_tdb),
"Kerberos Policy": {"MaxTicketAge": (
"kdc:user_ticket_lifetime",
inf_to_kdc_tdb
),
"MaxServiceAge": (
"kdc:service_ticket_lifetime",
inf_to_kdc_tdb
),
"MaxRenewAge": (
"kdc:renewal_lifetime",
inf_to_kdc_tdb
),
}
}
@ -447,7 +485,8 @@ class gp_sec_ext(gp_ext):
(att, setter) = current_section.get(key)
value = value.encode('ascii', 'ignore')
ret = True
setter(self.logger, self.ldb, self.gp_db, self.lp, att, value).update_samba()
setter(self.logger, self.ldb, self.gp_db, self.lp, att,
value).update_samba()
self.gp_db.commit()
return ret
@ -461,8 +500,10 @@ class gp_sec_ext(gp_ext):
try:
blist = afile.split('/')
idx = afile.lower().split('/').index('machine')
for case in [blist[idx].upper(), blist[idx].capitalize(), blist[idx].lower()]:
bfile = '/'.join(blist[:idx]) + '/' + case + '/' + '/'.join(blist[idx+1:])
for case in [blist[idx].upper(), blist[idx].capitalize(),
blist[idx].lower()]:
bfile = '/'.join(blist[:idx]) + '/' + case + '/' + \
'/'.join(blist[idx+1:])
try:
return self.read_inf(bfile, conn)
except NTSTATUSError: