sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-08-02 00:22:11 +03:00
Code Activity

gpo: Fix the empty apply log

Browse Source 
The apply log wasn't being saved, apparently the pointers to elements
of the tree were getting lost.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
This commit is contained in:
David Mulder
2017-11-20 06:41:19 -07:00
committed by Jeremy Allison
parent 045d900e8b
commit 9ace2343ab
1 changed files with 37 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

65
python/samba/gpclass.py
View File

@ -95,10 +95,11 @@ class gp_log:
self.gpdb = etree.fromstring(db_log) self.gpdb = etree.fromstring(db_log)
else: else:
self.gpdb = etree.Element('gp') self.gpdb = etree.Element('gp')
self.user = self.gpdb.find('user[@name="%s"]' % user) self.user = user
if self.user is None: user_obj = self.gpdb.find('user[@name="%s"]' % user)
self.user = etree.SubElement(self.gpdb, 'user') if user_obj is None:
self.user.attrib['name'] = user user_obj = etree.SubElement(self.gpdb, 'user')
user_obj.attrib['name'] = user
def state(self, value): def state(self, value):
''' Policy application state ''' Policy application state
@ -113,7 +114,8 @@ class gp_log:
''' '''
# If we're enforcing, but we've unapplied, apply instead # If we're enforcing, but we've unapplied, apply instead
if value == GPOSTATE.ENFORCE: if value == GPOSTATE.ENFORCE:
apply_log = self.user.find('applylog') user_obj = self.gpdb.find('user[@name="%s"]' % self.user)
apply_log = user_obj.find('applylog')
if apply_log is None or len(apply_log) == 0: if apply_log is None or len(apply_log) == 0:
self._state = GPOSTATE.APPLY self._state = GPOSTATE.APPLY
else: else:
@ -126,14 +128,16 @@ class gp_log:
param guid - guid value of the GPO from which we're applying param guid - guid value of the GPO from which we're applying
policy policy
''' '''
self.guid = self.user.find('guid[@value="%s"]' % guid) self.guid = guid
if self.guid is None: user_obj = self.gpdb.find('user[@name="%s"]' % self.user)
self.guid = etree.SubElement(self.user, 'guid') obj = user_obj.find('guid[@value="%s"]' % guid)
self.guid.attrib['value'] = guid if obj is None:
obj = etree.SubElement(user_obj, 'guid')
obj.attrib['value'] = guid
if self._state == GPOSTATE.APPLY: if self._state == GPOSTATE.APPLY:
apply_log = self.user.find('applylog') apply_log = user_obj.find('applylog')
if apply_log is None: if apply_log is None:
apply_log = etree.SubElement(self.user, 'applylog') apply_log = etree.SubElement(user_obj, 'applylog')
item = etree.SubElement(apply_log, 'guid') item = etree.SubElement(apply_log, 'guid')
item.attrib['count'] = '%d' % (len(apply_log)-1) item.attrib['count'] = '%d' % (len(apply_log)-1)
item.attrib['value'] = guid item.attrib['value'] = guid
@ -145,14 +149,15 @@ class gp_log:
Removes the GPO guid last added to the list, which is the most recently Removes the GPO guid last added to the list, which is the most recently
applied GPO. applied GPO.
''' '''
apply_log = self.user.find('applylog') user_obj = self.gpdb.find('user[@name="%s"]' % self.user)
apply_log = user_obj.find('applylog')
if apply_log is not None: if apply_log is not None:
ret = apply_log.find('guid[@count="%d"]' % (len(apply_log)-1)) ret = apply_log.find('guid[@count="%d"]' % (len(apply_log)-1))
if ret is not None: if ret is not None:
apply_log.remove(ret) apply_log.remove(ret)
return ret.attrib['value'] return ret.attrib['value']
if len(apply_log) == 0 and apply_log in self.user: if len(apply_log) == 0 and apply_log in user_obj:
self.user.remove(apply_log) user_obj.remove(apply_log)
return None return None
def store(self, gp_ext_name, attribute, old_val): def store(self, gp_ext_name, attribute, old_val):
@ -164,10 +169,12 @@ class gp_log:
''' '''
if self._state == GPOSTATE.UNAPPLY or self._state == GPOSTATE.ENFORCE: if self._state == GPOSTATE.UNAPPLY or self._state == GPOSTATE.ENFORCE:
return None return None
assert self.guid is not None, "gpo guid was not set" user_obj = self.gpdb.find('user[@name="%s"]' % self.user)
ext = self.guid.find('gp_ext[@name="%s"]' % gp_ext_name) guid_obj = user_obj.find('guid[@value="%s"]' % self.guid)
assert guid_obj is not None, "gpo guid was not set"
ext = guid_obj.find('gp_ext[@name="%s"]' % gp_ext_name)
if ext is None: if ext is None:
ext = etree.SubElement(self.guid, 'gp_ext') ext = etree.SubElement(guid_obj, 'gp_ext')
ext.attrib['name'] = gp_ext_name ext.attrib['name'] = gp_ext_name
attr = ext.find('attribute[@name="%s"]' % attribute) attr = ext.find('attribute[@name="%s"]' % attribute)
if attr is None: if attr is None:
@ -182,8 +189,10 @@ class gp_log:
return - The value of the attribute prior to policy return - The value of the attribute prior to policy
application application
''' '''
assert self.guid is not None, "gpo guid was not set" user_obj = self.gpdb.find('user[@name="%s"]' % self.user)
ext = self.guid.find('gp_ext[@name="%s"]' % gp_ext_name) guid_obj = user_obj.find('guid[@value="%s"]' % self.guid)
assert guid_obj is not None, "gpo guid was not set"
ext = guid_obj.find('gp_ext[@name="%s"]' % gp_ext_name)
if ext is not None: if ext is not None:
attr = ext.find('attribute[@name="%s"]' % attribute) attr = ext.find('attribute[@name="%s"]' % attribute)
if attr is not None: if attr is not None:
@ -198,12 +207,14 @@ class gp_log:
return - list of (attr, value, apply_func) tuples for return - list of (attr, value, apply_func) tuples for
unapplying policy unapplying policy
''' '''
assert self.guid is not None, "gpo guid was not set" user_obj = self.gpdb.find('user[@name="%s"]' % self.user)
guid_obj = user_obj.find('guid[@value="%s"]' % self.guid)
assert guid_obj is not None, "gpo guid was not set"
ret = [] ret = []
data_maps = {} data_maps = {}
for gp_ext in gp_extensions: for gp_ext in gp_extensions:
data_maps.update(gp_ext.apply_map()) data_maps.update(gp_ext.apply_map())
exts = self.guid.findall('gp_ext') exts = guid_obj.findall('gp_ext')
if exts is not None: if exts is not None:
for ext in exts: for ext in exts:
ext_map = {val[0]: val[1] for (key, val) in \ ext_map = {val[0]: val[1] for (key, val) in \
@ -220,21 +231,19 @@ class gp_log:
attribute attribute
param attribute - attribute to remove param attribute - attribute to remove
''' '''
assert self.guid is not None, "gpo guid was not set" user_obj = self.gpdb.find('user[@name="%s"]' % self.user)
ext = self.guid.find('gp_ext[@name="%s"]' % gp_ext_name) guid_obj = user_obj.find('guid[@value="%s"]' % self.guid)
assert guid_obj is not None, "gpo guid was not set"
ext = guid_obj.find('gp_ext[@name="%s"]' % gp_ext_name)
if ext is not None: if ext is not None:
attr = ext.find('attribute[@name="%s"]' % attribute) attr = ext.find('attribute[@name="%s"]' % attribute)
if attr is not None: if attr is not None:
ext.remove(attr) ext.remove(attr)
if len(ext) == 0: if len(ext) == 0:
self.guid.remove(ext) guid_obj.remove(ext)
def commit(self): def commit(self):
''' Write gp_log changes to disk ''' ''' Write gp_log changes to disk '''
if len(self.guid) == 0 and self.guid in self.user:
self.user.remove(self.guid)
if len(self.user) == 0 and self.user in self.gpdb:
self.gpdb.remove(self.user)
self.gpostore.store(self.username, etree.tostring(self.gpdb, 'utf-8')) self.gpostore.store(self.username, etree.tostring(self.gpdb, 'utf-8'))
class GPOStorage: class GPOStorage: