sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-08-28 09:49:30 +03:00
Code Activity

samba-gpupdate: Implement enhanced logging

Browse Source 
This ports the enhanced logging capabilities from
AltLinux gpupdate. It generates log messages such
as:
2022-03-02 11:28:54.872|[E40104]| Failed to set interfaces for zone | {'val': 'work'}
2022-03-02 11:28:55.017|[E40104]| Failed to set interfaces for zone | {'val': 'home'}

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Mar 24 23:40:47 UTC 2022 on sn-devel-184
This commit is contained in:
David Mulder
2022-03-02 02:23:51 -07:00
committed by Jeremy Allison
parent c4f9c37240
commit c788ed7b8b
17 changed files with 229 additions and 180 deletions
Download Patch File Download Diff File Expand all files Collapse all files

98
python/samba/gp/util/logging.py Normal file
View File

@ -0,0 +1,98 @@
#
# samba-gpupdate enhanced logging
#
# Copyright (C) 2019-2020 BaseALT Ltd.
# Copyright (C) David Mulder <dmulder@samba.org> 2022
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import json
import datetime
import logging
import gettext
import random
import sys
logger = logging.getLogger()
def logger_init(name, log_level):
logger = logging.getLogger(name)
logger.addHandler(logging.StreamHandler(sys.stdout))
logger.setLevel(logging.CRITICAL)
if log_level == 1:
logger.setLevel(logging.ERROR)
elif log_level == 2:
logger.setLevel(logging.WARNING)
elif log_level == 3:
logger.setLevel(logging.INFO)
elif log_level >= 4:
logger.setLevel(logging.DEBUG)
class slogm(object):
'''
Structured log message class
'''
def __init__(self, message, kwargs=dict()):
self.message = message
self.kwargs = kwargs
if not isinstance(self.kwargs, dict):
self.kwargs = { 'val': self.kwargs }
def __str__(self):
now = str(datetime.datetime.now().isoformat(sep=' ', timespec='milliseconds'))
args = dict()
args.update(self.kwargs)
result = '{}|{} | {}'.format(now, self.message, args)
return result
def message_with_code(mtype, message):
random.seed(message)
code = random.randint(0, 99999)
return '[' + mtype + str(code).rjust(5, '0') + ']| ' + \
gettext.gettext(message)
class log(object):
@staticmethod
def info(message, data={}):
msg = message_with_code('I', message)
logger.info(slogm(msg, data))
return msg
@staticmethod
def warning(message, data={}):
msg = message_with_code('W', message)
logger.warning(slogm(msg, data))
return msg
@staticmethod
def warn(message, data={}):
return log.warning(message, data)
@staticmethod
def error(message, data={}):
msg = message_with_code('E', message)
logger.error(slogm(msg, data))
return msg
@staticmethod
def fatal(message, data={}):
msg = message_with_code('F', message)
logger.fatal(slogm(msg, data))
return msg
@staticmethod
def debug(message, data={}):
msg = message_with_code('D', message)
logger.debug(slogm(msg, data))
return msg

51
python/samba/gp_cert_auto_enroll_ext.py
View File

@ -27,6 +27,7 @@ from subprocess import Popen, PIPE
import re
from glob import glob
import json
from samba.gp.util.logging import log
cert_wrap = b"""
-----BEGIN CERTIFICATE-----
@ -76,7 +77,7 @@ def find_cepces_submit():
'/usr/libexec/certmonger']
return which('cepces-submit', path=':'.join(certmonger_dirs))
def get_supported_templates(server, logger):
def get_supported_templates(server):
cepces_submit = find_cepces_submit()
if os.path.exists(cepces_submit):
env = os.environ
@ -85,12 +86,12 @@ def get_supported_templates(server, logger):
stdout=PIPE, stderr=PIPE)
out, err = p.communicate()
if p.returncode != 0:
logger.warn('Failed to fetch the list of supported templates.')
logger.debug(err.decode())
log.warn('Failed to fetch the list of supported templates.')
log.debug(err.decode())
return out.strip().split()
return []
def cert_enroll(ca, trust_dir, private_dir, logger):
def cert_enroll(ca, trust_dir, private_dir):
# Install the root certificate chain
data = {'files': [], 'templates': []}
sscep = which('sscep')
@ -101,9 +102,9 @@ def cert_enroll(ca, trust_dir, private_dir, logger):
ret = Popen([sscep, 'getca', '-F', 'sha1', '-c',
root_cert, '-u', url]).wait()
if ret != 0:
logger.warn('sscep failed to fetch the root certificate chain.')
logger.warn('Ensure you have installed and configured the' +
' Network Device Enrollment Service.')
log.warn('sscep failed to fetch the root certificate chain.')
log.warn('Ensure you have installed and configured the' +
' Network Device Enrollment Service.')
root_certs = glob('%s*' % root_cert)
data['files'].extend(root_certs)
for src in root_certs:
@ -113,21 +114,20 @@ def cert_enroll(ca, trust_dir, private_dir, logger):
os.symlink(src, dst)
data['files'].append(dst)
except PermissionError:
logger.warn('Failed to symlink root certificate to the' +
' admin trust anchors')
log.warn('Failed to symlink root certificate to the' +
' admin trust anchors')
except FileNotFoundError:
logger.warn('Failed to symlink root certificate to the' +
' admin trust anchors.' +
' The directory %s was not found' % \
global_trust_dir)
log.warn('Failed to symlink root certificate to the' +
' admin trust anchors.' +
' The directory was not found', global_trust_dir)
except FileExistsError:
# If we're simply downloading a renewed cert, the symlink
# already exists. Ignore the FileExistsError. Preserve the
# existing symlink in the unapply data.
data['files'].append(dst)
else:
logger.warn('sscep is not installed, which prevents the installation' +
' of the root certificate chain.')
log.warn('sscep is not installed, which prevents the installation' +
' of the root certificate chain.')
update = which('update-ca-certificates')
if update is not None:
Popen([update]).wait()
@ -139,11 +139,10 @@ def cert_enroll(ca, trust_dir, private_dir, logger):
'%s --server=%s' % (cepces_submit, ca['dNSHostName'][0])],
stdout=PIPE, stderr=PIPE)
out, err = p.communicate()
logger.debug(out.decode())
log.debug(out.decode())
if p.returncode != 0:
logger.debug(err.decode())
supported_templates = get_supported_templates(ca['dNSHostName'][0],
logger)
log.debug(err.decode())
supported_templates = get_supported_templates(ca['dNSHostName'][0])
for template, attrs in ca['certificateTemplates'].items():
if template not in supported_templates:
continue
@ -156,16 +155,16 @@ def cert_enroll(ca, trust_dir, private_dir, logger):
'-g', attrs['msPKI-Minimal-Key-Size'][0]],
stdout=PIPE, stderr=PIPE)
out, err = p.communicate()
logger.debug(out.decode())
log.debug(out.decode())
if p.returncode != 0:
logger.debug(err.decode())
log.debug(err.decode())
data['files'].extend([keyfile, certfile])
data['templates'].append(nickname)
if update is not None:
Popen([update]).wait()
else:
logger.warn('certmonger and cepces must be installed for ' +
'certificate auto enrollment to work')
log.warn('certmonger and cepces must be installed for ' +
'certificate auto enrollment to work')
return json.dumps(data)
class gp_cert_auto_enroll_ext(gp_pol_ext):
@ -225,8 +224,7 @@ class gp_cert_auto_enroll_ext(gp_pol_ext):
lp=self.lp, credentials=self.creds)
cas = fetch_certification_authorities(ldb)
for ca in cas:
data = cert_enroll(ca, trust_dir,
private_dir, self.logger)
data = cert_enroll(ca, trust_dir, private_dir)
self.gp_db.store(str(self),
base64.b64encode(ca['cn'][0]).decode(),
data)
@ -260,8 +258,7 @@ class gp_cert_auto_enroll_ext(gp_pol_ext):
output[policy][cn]['Auto Enrollment Server'] = \
ca['dNSHostName'][0]
supported_templates = \
get_supported_templates(ca['dNSHostName'][0],
self.logger)
get_supported_templates(ca['dNSHostName'][0])
output[policy][cn]['Templates'] = \
[t.decode() for t in supported_templates]
return output

21
python/samba/gp_chromium_ext.py
View File

@ -19,6 +19,7 @@ import json
from samba.gpclass import gp_pol_ext
from samba.dcerpc import misc
from samba.common import get_string
from samba.gp.util.logging import log
def parse_entry_data(name, e):
dict_entries = ['VirtualKeyboardFeatures',
@ -389,11 +390,10 @@ class gp_chromium_ext(gp_pol_ext):
os.makedirs(self.__managed_policies_path, exist_ok=True)
with open(managed_policies, 'w') as f:
json.dump(managed, f)
self.logger.debug('Wrote Chromium preferences to %s' % \
managed_policies)
log.debug('Wrote Chromium preferences', managed_policies)
except PermissionError:
self.logger.debug('Failed to write Chromium preferences to %s' % \
managed_policies)
log.debug('Failed to write Chromium preferences',
managed_policies)
def set_recommended_machine_policy(self, recommended):
@ -403,11 +403,10 @@ class gp_chromium_ext(gp_pol_ext):
os.makedirs(self.__recommended_policies_path, exist_ok=True)
with open(recommended_policies, 'w') as f:
json.dump(recommended, f)
self.logger.debug('Wrote Chromium preferences to %s' % \
recommended_policies)
log.debug('Wrote Chromium preferences', recommended_policies)
except PermissionError:
self.logger.debug('Failed to write Chromium preferences to %s' % \
recommended_policies)
log.debug('Failed to write Chromium preferences',
recommended_policies)
def get_managed_machine_policy(self):
managed_policies = os.path.join(self.__managed_policies_path,
@ -415,8 +414,7 @@ class gp_chromium_ext(gp_pol_ext):
if os.path.exists(managed_policies):
with open(managed_policies, 'r') as r:
managed = json.load(r)
self.logger.debug('Read Chromium preferences from %s' % \
managed_policies)
log.debug('Read Chromium preferences', managed_policies)
else:
managed = {}
return managed
@ -427,8 +425,7 @@ class gp_chromium_ext(gp_pol_ext):
if os.path.exists(recommended_policies):
with open(recommended_policies, 'r') as r:
recommended = json.load(r)
self.logger.debug('Read Chromium preferences from %s' % \
recommended_policies)
log.debug('Read Chromium preferences', recommended_policies)
else:
recommended = {}
return recommended

11
python/samba/gp_ext_loader.py
View File

@ -16,6 +16,7 @@
from samba.gpclass import list_gp_extensions
from samba.gpclass import gp_ext
from samba.gp.util.logging import log
try:
import importlib.util
@ -40,7 +41,7 @@ def get_gp_ext_from_module(name, mod):
return None
def get_gp_client_side_extensions(logger, smb_conf):
def get_gp_client_side_extensions(smb_conf):
user_exts = []
machine_exts = []
gp_exts = list_gp_extensions(smb_conf)
@ -49,10 +50,10 @@ def get_gp_client_side_extensions(logger, smb_conf):
ext = get_gp_ext_from_module(gp_ext['ProcessGroupPolicy'], module)
if ext and gp_ext['MachinePolicy']:
machine_exts.append(ext)
logger.info('Loaded machine extension from %s: %s'
% (gp_ext['DllName'], ext.__name__))
log.info('Loaded machine extension from %s: %s'
% (gp_ext['DllName'], ext.__name__))
if ext and gp_ext['UserPolicy']:
user_exts.append(ext)
logger.info('Loaded user extension from %s: %s'
% (gp_ext['DllName'], ext.__name__))
log.info('Loaded user extension from %s: %s'
% (gp_ext['DllName'], ext.__name__))
return (machine_exts, user_exts)

17
python/samba/gp_firefox_ext.py
View File

@ -19,6 +19,7 @@ import json
from samba.gpclass import gp_pol_ext
from samba.dcerpc import misc
from samba.common import get_string
from samba.gp.util.logging import log
def parse_entry_data(e):
if e.type == misc.REG_MULTI_SZ:
@ -96,33 +97,29 @@ class gp_firefox_ext(gp_pol_ext):
os.makedirs(self.__firefox_installdir1, exist_ok=True)
with open(self.__destfile1, 'w') as f:
json.dump(policies, f)
self.logger.debug('Wrote Firefox preferences to %s' % \
self.__destfile1)
log.debug('Wrote Firefox preferences', self.__destfile1)
except PermissionError:
self.logger.debug('Failed to write Firefox preferences to %s' % \
log.debug('Failed to write Firefox preferences',
self.__destfile1)
try:
os.makedirs(self.__firefox_installdir2, exist_ok=True)
with open(self.__destfile2, 'w') as f:
json.dump(policies, f)
self.logger.debug('Wrote Firefox preferences to %s' % \
self.__destfile2)
log.debug('Wrote Firefox preferences', self.__destfile2)
except PermissionError:
self.logger.debug('Failed to write Firefox preferences to %s' % \
log.debug('Failed to write Firefox preferences',
self.__destfile2)
def get_machine_policy(self):
if os.path.exists(self.__destfile2):
with open(self.__destfile2, 'r') as r:
policies = json.load(r)
self.logger.debug('Read Firefox preferences from %s' % \
self.__destfile2)
log.debug('Read Firefox preferences', self.__destfile2)
elif os.path.exists(self.__destfile1):
with open(self.__destfile1, 'r') as r:
policies = json.load(r)
self.logger.debug('Read Firefox preferences from %s' % \
self.__destfile1)
log.debug('Read Firefox preferences', self.__destfile1)
else:
policies = {'policies': {}}
return policies

19
python/samba/gp_firewalld_ext.py
View File

@ -20,6 +20,7 @@ from hashlib import blake2b
from shutil import which
import json
from samba.gpclass import gp_pol_ext
from samba.gp.util.logging import log
def firewall_cmd(*args):
fw_cmd = which('firewall-cmd')
@ -47,19 +48,18 @@ class gp_firewalld_ext(gp_pol_ext):
def apply_zone(self, zone):
ret = firewall_cmd('--permanent', '--new-zone=%s' % zone)[0]
if ret != 0:
self.logger.error('Failed to add new zone %s' % zone)
log.error('Failed to add new zone', zone)
else:
self.gp_db.store(str(self), 'zone:%s' % zone, zone)
# Default to matching the interface(s) for the default zone
ret, out = firewall_cmd('--list-interfaces')
if ret != 0:
self.logger.error('Failed to set interfaces for zone: %s' % zone)
log.error('Failed to set interfaces for zone', zone)
for interface in out.strip().split():
ret = firewall_cmd('--permanent', '--zone=%s' % zone,
'--add-interface=%s' % interface.decode())
if ret != 0:
self.logger.error('Failed to set interfaces for zone: %s' % \
zone)
log.error('Failed to set interfaces for zone', zone)
def apply_rules(self, rule_dict):
for zone, rules in rule_dict.items():
@ -82,12 +82,11 @@ class gp_firewalld_ext(gp_pol_ext):
rule_parsed += rule_segment_parse(list(action)[0],
rule[list(action)[0]])
else:
self.logger.error('Invalid firewall rule syntax')
log.error('Invalid firewall rule syntax')
ret = firewall_cmd('--permanent', '--zone=%s' % zone,
'--add-rich-rule', rule_parsed.strip())[0]
if ret != 0:
self.logger.error('Failed to add firewall rule: %s' % \
rule_parsed)
log.error('Failed to add firewall rule', rule_parsed)
else:
rhash = blake2b(rule_parsed.encode()).hexdigest()
self.gp_db.store(str(self), 'rule:%s:%s' % (zone, rhash),
@ -102,8 +101,7 @@ class gp_firewalld_ext(gp_pol_ext):
ret = firewall_cmd('--permanent',
'--delete-zone=%s' % value)[0]
if ret != 0:
self.logger.error('Failed to remove zone: %s' % \
value)
log.error('Failed to remove zone', value)
else:
self.gp_db.delete(str(self), attribute)
elif attribute.startswith('rule'):
@ -111,8 +109,7 @@ class gp_firewalld_ext(gp_pol_ext):
ret = firewall_cmd('--permanent', '--zone=%s' % zone,
'--remove-rich-rule', value)[0]
if ret != 0:
self.logger.error('Failed to remove firewall'
' rule: %s' % value)
log.error('Failed to remove firewall rule', value)
else:
self.gp_db.delete(str(self), attribute)
self.gp_db.commit()

22
python/samba/gp_gnome_settings_ext.py
View File

@ -23,8 +23,9 @@ from subprocess import Popen, PIPE
from samba.common import get_bytes, get_string
from glob import glob
import xml.etree.ElementTree as etree
from samba.gp.util.logging import log
def dconf_update(log, test_dir):
def dconf_update(test_dir):
if test_dir is not None:
return
dconf = shutil.which('dconf')
@ -34,7 +35,7 @@ def dconf_update(log, test_dir):
p = Popen([dconf, 'update'], stdout=PIPE, stderr=PIPE)
out, err = p.communicate()
if p.returncode != 0:
log.error('Failed to update dconf: %s' % get_string(err))
log.error('Failed to update dconf', get_string(err))
def create_locks_dir(test_dir):
locks_dir = '/etc/dconf/db/local.d/locks'
@ -124,8 +125,7 @@ class gp_gnome_settings_ext(gp_pol_ext):
'Scroll Lock': 'compose:sclk'
}
if data['Key Name'] not in data_map.keys():
self.logger.error('Compose Key \'%s\' not recognized' % \
data['Key Name'])
log.error('Compose Key not recognized', data)
return
parser = ConfigParser()
section = 'org/gnome/desktop/input-sources'
@ -143,7 +143,7 @@ class gp_gnome_settings_ext(gp_pol_ext):
with open(lock, 'w') as w:
w.write('/org/gnome/desktop/input-sources/xkb-options')
dconf_update(self.logger, self.test_dir)
dconf_update(self.test_dir)
self.gp_db.store(str(self), attribute, ';'.join([local_db, lock]))
def __apply_dim_idle(self, data):
@ -184,7 +184,7 @@ class gp_gnome_settings_ext(gp_pol_ext):
w.write('/org/gnome/settings-daemon/plugins/power/idle-brightness\n')
w.write('/org/gnome/desktop/session/idle-delay')
dconf_update(self.logger, self.test_dir)
dconf_update(self.test_dir)
self.gp_db.store(str(self), attribute, ';'.join([local_power_db,
local_session_db,
lock]))
@ -203,7 +203,7 @@ class gp_gnome_settings_ext(gp_pol_ext):
with open(policy_file, 'w') as w:
for key in data.keys():
w.write('%s\n' % key)
dconf_update(self.logger, self.test_dir)
dconf_update(self.test_dir)
self.gp_db.store(str(self), attribute, policy_file)
def __apply_whitelisted_account(self, data):
@ -216,7 +216,7 @@ class gp_gnome_settings_ext(gp_pol_ext):
policy_files = self.__lockdown(local_db_dir, locks_dir, 'goa',
'whitelisted-providers', val, old_val,
'org/gnome/online-accounts')
dconf_update(self.logger, self.test_dir)
dconf_update(self.test_dir)
self.gp_db.store(str(self), attribute, ';'.join(policy_files))
def __apply_enabled_extensions(self, data):
@ -238,7 +238,7 @@ class gp_gnome_settings_ext(gp_pol_ext):
parser.set(section, 'development-tools', 'false')
with open(policy_file, 'w') as w:
parser.write(w)
dconf_update(self.logger, self.test_dir)
dconf_update(self.test_dir)
self.gp_db.store(str(self), attribute, policy_file)
def __lockdown(self, local_db_dir, locks_dir, name, key, val,
@ -357,9 +357,9 @@ class gp_gnome_settings_ext(gp_pol_ext):
xml_data.write(w, encoding='UTF-8', xml_declaration=True)
policy_files.append(udisk2_etc)
else:
self.logger.error('Unable to apply %s' % k)
log.error('Unable to apply', k)
return
dconf_update(self.logger, self.test_dir)
dconf_update(self.test_dir)
self.gp_db.store(str(self), k, ';'.join(policy_files))
def __unapply(self, fnames):

21
python/samba/gp_sec_ext.py
View File

@ -24,6 +24,7 @@ try:
from samba.samdb import SamDB
except ImportError:
pass
from samba.gp.util.logging import log
def mins_to_hours(val):
return '%d' % (int(val) / 60)
@ -73,8 +74,7 @@ class gp_krb_ext(gp_inf_ext):
def set_kdc_tdb(self, attribute, val):
old_val = self.gp_db.gpostore.get(attribute)
self.logger.info('%s was changed from %s to %s' % (attribute,
old_val, val))
log.info('%s was changed from %s to %s' % (attribute, old_val, val))
if val is not None:
self.gp_db.gpostore.store(attribute, get_string(val))
self.gp_db.store(str(self), attribute, get_string(old_val) \
@ -160,30 +160,29 @@ class gp_access_ext(gp_inf_ext):
def ch_minPwdAge(self, attribute, val):
old_val = self.ldb.get_minPwdAge()
self.logger.info('KDC Minimum Password age was changed from %s to %s'
% (old_val, val))
log.info('KDC Minimum Password age was changed from %s to %s'
% (old_val, val))
self.gp_db.store(str(self), attribute, str(old_val))
self.ldb.set_minPwdAge(val)
def ch_maxPwdAge(self, attribute, val):
old_val = self.ldb.get_maxPwdAge()
self.logger.info('KDC Maximum Password age was changed from %s to %s'
% (old_val, val))
log.info('KDC Maximum Password age was changed from %s to %s'
% (old_val, val))
self.gp_db.store(str(self), attribute, str(old_val))
self.ldb.set_maxPwdAge(val)
def ch_minPwdLength(self, attribute, val):
old_val = self.ldb.get_minPwdLength()
self.logger.info(
'KDC Minimum Password length was changed from %s to %s'
% (old_val, val))
log.info('KDC Minimum Password length was changed from %s to %s'
% (old_val, val))
self.gp_db.store(str(self), attribute, str(old_val))
self.ldb.set_minPwdLength(val)
def ch_pwdProperties(self, attribute, val):
old_val = self.ldb.get_pwdProperties()
self.logger.info('KDC Password Properties were changed from %s to %s'
% (old_val, val))
log.info('KDC Password Properties were changed from %s to %s'
% (old_val, val))
self.gp_db.store(str(self), attribute, str(old_val))
self.ldb.set_pwdProperties(val)

4
python/samba/gp_smb_conf_ext.py
View File

@ -17,6 +17,7 @@
import os, re, numbers
from samba.gpclass import gp_pol_ext
from tempfile import NamedTemporaryFile
from samba.gp.util.logging import log
def is_number(x):
return isinstance(x, numbers.Number) and \
@ -70,8 +71,7 @@ class gp_smb_conf_ext(gp_pol_ext):
os.chmod(f.name, mode)
os.rename(f.name, self.lp.configfile)
self.logger.info('smb.conf [global] %s was changed from %s to %s' % \
(attribute, old_val, str(val)))
log.info('smb.conf [global] was changed', { attribute : str(val) })
if is_number(old_val):
old_val = str(old_val)

4
python/samba/gp_sudoers_ext.py
View File

@ -19,6 +19,7 @@ from samba.gpclass import gp_pol_ext
from base64 import b64encode
from tempfile import NamedTemporaryFile
from subprocess import Popen, PIPE
from samba.gp.util.logging import log
def find_executable(executable, path):
paths = path.split(os.pathsep)
@ -88,8 +89,7 @@ class gp_sudoers_ext(gp_pol_ext):
attribute,
f.name)
else:
self.logger.warn('Sudoers apply "%s" failed'
% e.data)
log.error('Sudoers apply failed', e.data)
self.gp_db.commit()
def rsop(self, gpo):

32
python/samba/gpclass.py
View File

@ -41,6 +41,7 @@ from samba.dcerpc import preg
from samba.dcerpc import misc
from samba.ndr import ndr_pack, ndr_unpack
from samba.credentials import SMB_SIGNING_REQUIRED
from samba.gp.util.logging import log
try:
from enum import Enum
@ -295,8 +296,7 @@ class GPOStorage:
class gp_ext(object):
__metaclass__ = ABCMeta
def __init__(self, logger, lp, creds, username, store):
self.logger = logger
def __init__(self, lp, creds, username, store):
self.lp = lp
self.creds = creds
self.username = username
@ -436,7 +436,7 @@ def gpo_version(lp, path):
return int(gpo.gpo_get_sysvol_gpt_version(gpt_path)[1])
def apply_gp(lp, creds, logger, store, gp_extensions, username, target, force=False):
def apply_gp(lp, creds, store, gp_extensions, username, target, force=False):
gp_db = store.get_gplog(username)
dc_hostname = get_dc_hostname(creds, lp)
gpos = get_gpo_list(dc_hostname, creds, lp, username)
@ -444,8 +444,8 @@ def apply_gp(lp, creds, logger, store, gp_extensions, username, target, force=Fa
try:
check_refresh_gpo_list(dc_hostname, lp, creds, gpos)
except:
logger.error('Failed downloading gpt cache from \'%s\' using SMB'
% dc_hostname)
log.error('Failed downloading gpt cache from \'%s\' using SMB'
% dc_hostname)
return
if force:
@ -460,23 +460,23 @@ def apply_gp(lp, creds, logger, store, gp_extensions, username, target, force=Fa
path = check_safe_path(gpo_obj.file_sys_path).upper()
version = gpo_version(lp, path)
if version != store.get_int(guid):
logger.info('GPO %s has changed' % guid)
log.info('GPO %s has changed' % guid)
changed_gpos.append(gpo_obj)
gp_db.state(GPOSTATE.APPLY)
store.start()
for ext in gp_extensions:
try:
ext = ext(logger, lp, creds, username, store)
ext = ext(lp, creds, username, store)
if target == 'Computer':
ext.process_group_policy(del_gpos, changed_gpos)
else:
drop_privileges(creds.get_principal(), ext.process_group_policy,
del_gpos, changed_gpos)
except Exception as e:
logger.error('Failed to apply extension %s' % str(ext))
logger.error('Message was: %s: %s' % (type(e).__name__, str(e)))
logger.debug(traceback.format_exc())
log.error('Failed to apply extension %s' % str(ext))
log.error('Message was: %s: %s' % (type(e).__name__, str(e)))
log.debug(traceback.format_exc())
continue
for gpo_obj in gpos:
if not gpo_obj.file_sys_path:
@ -488,7 +488,7 @@ def apply_gp(lp, creds, logger, store, gp_extensions, username, target, force=Fa
store.commit()
def unapply_gp(lp, creds, logger, store, gp_extensions, username, target):
def unapply_gp(lp, creds, store, gp_extensions, username, target):
gp_db = store.get_gplog(username)
gp_db.state(GPOSTATE.UNAPPLY)
# Treat all applied gpos as deleted
@ -496,15 +496,15 @@ def unapply_gp(lp, creds, logger, store, gp_extensions, username, target):
store.start()
for ext in gp_extensions:
try:
ext = ext(logger, lp, creds, username, store)
ext = ext(lp, creds, username, store)
if target == 'Computer':
ext.process_group_policy(del_gpos, [])
else:
drop_privileges(username, ext.process_group_policy,
del_gpos, [])
except Exception as e:
logger.error('Failed to unapply extension %s' % str(ext))
logger.error('Message was: ' + str(e))
log.error('Failed to unapply extension %s' % str(ext))
log.error('Message was: ' + str(e))
continue
store.commit()
@ -520,7 +520,7 @@ def __rsop_vals(vals, level=4):
else:
return vals
def rsop(lp, creds, logger, store, gp_extensions, username, target):
def rsop(lp, creds, store, gp_extensions, username, target):
dc_hostname = get_dc_hostname(creds, lp)
gpos = get_gpo_list(dc_hostname, creds, lp, username)
check_refresh_gpo_list(dc_hostname, lp, creds, gpos)
@ -534,7 +534,7 @@ def rsop(lp, creds, logger, store, gp_extensions, username, target):
print('GPO: %s' % gpo.display_name)
print('='*term_width)
for ext in gp_extensions:
ext = ext(logger, lp, creds, username, store)
ext = ext(lp, creds, username, store)
cse_name_m = re.findall("'([\w\.]+)'", str(type(ext)))
if len(cse_name_m) > 0:
cse_name = cse_name_m[-1].split('.')[-1]

67
python/samba/tests/gpo.py
View File

@ -45,7 +45,6 @@ from samba.gp_cert_auto_enroll_ext import gp_cert_auto_enroll_ext
from samba.gp_firefox_ext import gp_firefox_ext
from samba.gp_chromium_ext import gp_chromium_ext
from samba.gp_firewalld_ext import gp_firewalld_ext
import logging
from samba.credentials import Credentials
from samba.gp_msgs_ext import gp_msgs_ext
from samba.common import get_bytes
@ -7116,7 +7115,6 @@ class GPOTests(tests.TestCase):
'{6AC1786C-016F-11D2-945F-00C04FB984F9}']
gpofile = '%s/' + policies + '/%s/MACHINE/MICROSOFT/' \
'WINDOWS NT/SECEDIT/GPTTMPL.INF'
logger = logging.getLogger('gpo_tests')
cache_dir = self.lp.get('cache directory')
store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
@ -7125,7 +7123,7 @@ class GPOTests(tests.TestCase):
machine_creds.set_machine_account()
# Initialize the group policy extension
ext = gp_krb_ext(logger, self.lp, machine_creds,
ext = gp_krb_ext(self.lp, machine_creds,
machine_creds.get_username(), store)
ads = gpo.ADS_STRUCT(self.server, self.lp, machine_creds)
@ -7171,7 +7169,6 @@ class GPOTests(tests.TestCase):
guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
reg_pol = os.path.join(local_path, policies, guid,
'MACHINE/REGISTRY.POL')
logger = logging.getLogger('gpo_tests')
cache_dir = self.lp.get('cache directory')
store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
@ -7180,7 +7177,7 @@ class GPOTests(tests.TestCase):
machine_creds.set_machine_account()
# Initialize the group policy extension
ext = gp_scripts_ext(logger, self.lp, machine_creds,
ext = gp_scripts_ext(self.lp, machine_creds,
machine_creds.get_username(), store)
ads = gpo.ADS_STRUCT(self.server, self.lp, machine_creds)
@ -7230,7 +7227,6 @@ class GPOTests(tests.TestCase):
guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
reg_pol = os.path.join(local_path, policies, guid,
'MACHINE/REGISTRY.POL')
logger = logging.getLogger('gpo_tests')
cache_dir = self.lp.get('cache directory')
store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
@ -7239,7 +7235,7 @@ class GPOTests(tests.TestCase):
machine_creds.set_machine_account()
# Initialize the group policy extension
ext = gp_sudoers_ext(logger, self.lp, machine_creds,
ext = gp_sudoers_ext(self.lp, machine_creds,
machine_creds.get_username(), store)
ads = gpo.ADS_STRUCT(self.server, self.lp, machine_creds)
@ -7282,7 +7278,6 @@ class GPOTests(tests.TestCase):
guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
manifest = os.path.join(local_path, policies, guid, 'MACHINE',
'VGP/VTLA/SUDO/SUDOERSCONFIGURATION/MANIFEST.XML')
logger = logging.getLogger('gpo_tests')
cache_dir = self.lp.get('cache directory')
store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
@ -7291,7 +7286,7 @@ class GPOTests(tests.TestCase):
machine_creds.set_machine_account()
# Initialize the group policy extension
ext = vgp_sudoers_ext(logger, self.lp, machine_creds,
ext = vgp_sudoers_ext(self.lp, machine_creds,
machine_creds.get_username(), store)
ads = gpo.ADS_STRUCT(self.server, self.lp, machine_creds)
@ -7377,7 +7372,6 @@ class GPOTests(tests.TestCase):
unstage_file(manifest)
def test_gp_inf_ext_utf(self):
logger = logging.getLogger('gpo_tests')
cache_dir = self.lp.get('cache directory')
store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
@ -7385,7 +7379,7 @@ class GPOTests(tests.TestCase):
machine_creds.guess(self.lp)
machine_creds.set_machine_account()
ext = gp_inf_ext(logger, self.lp, machine_creds,
ext = gp_inf_ext(self.lp, machine_creds,
machine_creds.get_username(), store)
test_data = '[Kerberos Policy]\nMaxTicketAge = 99\n'
@ -7411,7 +7405,6 @@ class GPOTests(tests.TestCase):
'99', 'MaxTicketAge was not read from the file')
def test_rsop(self):
logger = logging.getLogger('gpo_tests')
cache_dir = self.lp.get('cache directory')
local_path = self.lp.cache_path('gpo_cache')
store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
@ -7471,7 +7464,7 @@ class GPOTests(tests.TestCase):
self.assertTrue(ret, 'Could not create the target %s' %
(reg_pol % g.name))
for ext in gp_extensions:
ext = ext(logger, self.lp, machine_creds,
ext = ext(self.lp, machine_creds,
machine_creds.get_username(), store)
ret = ext.rsop(g)
self.assertEquals(len(ret.keys()), 1,
@ -7520,7 +7513,6 @@ class GPOTests(tests.TestCase):
self.assertEquals(ret, 0, 'gpupdate --rsop failed!')
def test_gp_unapply(self):
logger = logging.getLogger('gpo_tests')
cache_dir = self.lp.get('cache directory')
local_path = self.lp.cache_path('gpo_cache')
guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
@ -7571,7 +7563,7 @@ class GPOTests(tests.TestCase):
remove = []
with TemporaryDirectory() as dname:
for ext in gp_extensions:
ext = ext(logger, self.lp, machine_creds,
ext = ext(self.lp, machine_creds,
machine_creds.get_username(), store)
if type(ext) == gp_krb_ext:
ext.process_group_policy([], gpos)
@ -7605,7 +7597,6 @@ class GPOTests(tests.TestCase):
guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
reg_pol = os.path.join(local_path, policies, guid,
'MACHINE/REGISTRY.POL')
logger = logging.getLogger('gpo_tests')
cache_dir = self.lp.get('cache directory')
store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
@ -7648,7 +7639,7 @@ class GPOTests(tests.TestCase):
lp = LoadParm(f.name)
# Initialize the group policy extension
ext = gp_smb_conf_ext(logger, lp, machine_creds,
ext = gp_smb_conf_ext(lp, machine_creds,
machine_creds.get_username(), store)
ext.process_group_policy([], gpos)
lp = LoadParm(f.name)
@ -7687,7 +7678,6 @@ class GPOTests(tests.TestCase):
guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
reg_pol = os.path.join(local_path, policies, guid,
'MACHINE/REGISTRY.POL')
logger = logging.getLogger('gpo_tests')
cache_dir = self.lp.get('cache directory')
store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
@ -7696,7 +7686,7 @@ class GPOTests(tests.TestCase):
machine_creds.set_machine_account()
# Initialize the group policy extension
ext = gp_msgs_ext(logger, self.lp, machine_creds,
ext = gp_msgs_ext(self.lp, machine_creds,
machine_creds.get_username(), store)
ads = gpo.ADS_STRUCT(self.server, self.lp, machine_creds)
@ -7751,7 +7741,6 @@ class GPOTests(tests.TestCase):
guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
manifest = os.path.join(local_path, policies, guid, 'MACHINE',
'VGP/VTLA/UNIX/SYMLINK/MANIFEST.XML')
logger = logging.getLogger('gpo_tests')
cache_dir = self.lp.get('cache directory')
store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
@ -7760,7 +7749,7 @@ class GPOTests(tests.TestCase):
machine_creds.set_machine_account()
# Initialize the group policy extension
ext = vgp_symlink_ext(logger, self.lp, machine_creds,
ext = vgp_symlink_ext(self.lp, machine_creds,
machine_creds.get_username(), store)
ads = gpo.ADS_STRUCT(self.server, self.lp, machine_creds)
@ -7829,7 +7818,6 @@ class GPOTests(tests.TestCase):
source_data = '#!/bin/sh\necho hello world'
ret = stage_file(source_file, source_data)
self.assertTrue(ret, 'Could not create the target %s' % source_file)
logger = logging.getLogger('gpo_tests')
cache_dir = self.lp.get('cache directory')
store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
@ -7838,7 +7826,7 @@ class GPOTests(tests.TestCase):
machine_creds.set_machine_account()
# Initialize the group policy extension
ext = vgp_files_ext(logger, self.lp, machine_creds,
ext = vgp_files_ext(self.lp, machine_creds,
machine_creds.get_username(), store)
ads = gpo.ADS_STRUCT(self.server, self.lp, machine_creds)
@ -7914,7 +7902,6 @@ class GPOTests(tests.TestCase):
guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
manifest = os.path.join(local_path, policies, guid, 'MACHINE',
'VGP/VTLA/SSHCFG/SSHD/MANIFEST.XML')
logger = logging.getLogger('gpo_tests')
cache_dir = self.lp.get('cache directory')
store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
@ -7923,7 +7910,7 @@ class GPOTests(tests.TestCase):
machine_creds.set_machine_account()
# Initialize the group policy extension
ext = vgp_openssh_ext(logger, self.lp, machine_creds,
ext = vgp_openssh_ext(self.lp, machine_creds,
machine_creds.get_username(), store)
ads = gpo.ADS_STRUCT(self.server, self.lp, machine_creds)
@ -7985,7 +7972,6 @@ class GPOTests(tests.TestCase):
test_data = '#!/bin/sh\necho $@ hello world'
ret = stage_file(test_script, test_data)
self.assertTrue(ret, 'Could not create the target %s' % test_script)
logger = logging.getLogger('gpo_tests')
cache_dir = self.lp.get('cache directory')
store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
@ -7994,7 +7980,7 @@ class GPOTests(tests.TestCase):
machine_creds.set_machine_account()
# Initialize the group policy extension
ext = vgp_startup_scripts_ext(logger, self.lp, machine_creds,
ext = vgp_startup_scripts_ext(self.lp, machine_creds,
machine_creds.get_username(), store)
ads = gpo.ADS_STRUCT(self.server, self.lp, machine_creds)
@ -8102,7 +8088,6 @@ class GPOTests(tests.TestCase):
guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
manifest = os.path.join(local_path, policies, guid, 'MACHINE',
'VGP/VTLA/UNIX/MOTD/MANIFEST.XML')
logger = logging.getLogger('gpo_tests')
cache_dir = self.lp.get('cache directory')
store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
@ -8111,7 +8096,7 @@ class GPOTests(tests.TestCase):
machine_creds.set_machine_account()
# Initialize the group policy extension
ext = vgp_motd_ext(logger, self.lp, machine_creds,
ext = vgp_motd_ext(self.lp, machine_creds,
machine_creds.get_username(), store)
ads = gpo.ADS_STRUCT(self.server, self.lp, machine_creds)
@ -8152,7 +8137,6 @@ class GPOTests(tests.TestCase):
guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
manifest = os.path.join(local_path, policies, guid, 'MACHINE',
'VGP/VTLA/UNIX/ISSUE/MANIFEST.XML')
logger = logging.getLogger('gpo_tests')
cache_dir = self.lp.get('cache directory')
store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
@ -8161,7 +8145,7 @@ class GPOTests(tests.TestCase):
machine_creds.set_machine_account()
# Initialize the group policy extension
ext = vgp_issue_ext(logger, self.lp, machine_creds,
ext = vgp_issue_ext(self.lp, machine_creds,
machine_creds.get_username(), store)
ads = gpo.ADS_STRUCT(self.server, self.lp, machine_creds)
@ -8204,7 +8188,6 @@ class GPOTests(tests.TestCase):
'VGP/VTLA/VAS/HOSTACCESSCONTROL/ALLOW/MANIFEST.XML')
deny = os.path.join(local_path, policies, guid, 'MACHINE',
'VGP/VTLA/VAS/HOSTACCESSCONTROL/DENY/MANIFEST.XML')
logger = logging.getLogger('gpo_tests')
cache_dir = self.lp.get('cache directory')
store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
@ -8213,7 +8196,7 @@ class GPOTests(tests.TestCase):
machine_creds.set_machine_account()
# Initialize the group policy extension
ext = vgp_access_ext(logger, self.lp, machine_creds,
ext = vgp_access_ext(self.lp, machine_creds,
machine_creds.get_username(), store)
ads = gpo.ADS_STRUCT(self.server, self.lp, machine_creds)
@ -8333,7 +8316,6 @@ class GPOTests(tests.TestCase):
guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
reg_pol = os.path.join(local_path, policies, guid,
'MACHINE/REGISTRY.POL')
logger = logging.getLogger('gpo_tests')
cache_dir = self.lp.get('cache directory')
store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
@ -8342,7 +8324,7 @@ class GPOTests(tests.TestCase):
machine_creds.set_machine_account()
# Initialize the group policy extension
ext = gp_gnome_settings_ext(logger, self.lp, machine_creds,
ext = gp_gnome_settings_ext(self.lp, machine_creds,
machine_creds.get_username(), store)
ads = gpo.ADS_STRUCT(self.server, self.lp, machine_creds)
@ -8556,7 +8538,6 @@ class GPOTests(tests.TestCase):
guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
reg_pol = os.path.join(local_path, policies, guid,
'MACHINE/REGISTRY.POL')
logger = logging.getLogger('gpo_tests')
cache_dir = self.lp.get('cache directory')
store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
@ -8565,7 +8546,7 @@ class GPOTests(tests.TestCase):
machine_creds.set_machine_account()
# Initialize the group policy extension
ext = gp_cert_auto_enroll_ext(logger, self.lp, machine_creds,
ext = gp_cert_auto_enroll_ext(self.lp, machine_creds,
machine_creds.get_username(), store)
ads = gpo.ADS_STRUCT(self.server, self.lp, machine_creds)
@ -8655,7 +8636,6 @@ class GPOTests(tests.TestCase):
guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
reg_pol = os.path.join(local_path, policies, guid,
'USER/REGISTRY.POL')
logger = logging.getLogger('gpo_tests')
cache_dir = self.lp.get('cache directory')
store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
@ -8664,7 +8644,7 @@ class GPOTests(tests.TestCase):
machine_creds.set_machine_account()
# Initialize the group policy extension
ext = gp_user_scripts_ext(logger, self.lp, machine_creds,
ext = gp_user_scripts_ext(self.lp, machine_creds,
os.environ.get('DC_USERNAME'), store)
ads = gpo.ADS_STRUCT(self.server, self.lp, machine_creds)
@ -8716,7 +8696,6 @@ class GPOTests(tests.TestCase):
guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
reg_pol = os.path.join(local_path, policies, guid,
'MACHINE/REGISTRY.POL')
logger = logging.getLogger('gpo_tests')
cache_dir = self.lp.get('cache directory')
store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
@ -8725,7 +8704,7 @@ class GPOTests(tests.TestCase):
machine_creds.set_machine_account()
# Initialize the group policy extension
ext = gp_firefox_ext(logger, self.lp, machine_creds,
ext = gp_firefox_ext(self.lp, machine_creds,
machine_creds.get_username(), store)
ads = gpo.ADS_STRUCT(self.server, self.lp, machine_creds)
@ -8774,7 +8753,6 @@ class GPOTests(tests.TestCase):
guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
reg_pol = os.path.join(local_path, policies, guid,
'MACHINE/REGISTRY.POL')
logger = logging.getLogger('gpo_tests')
cache_dir = self.lp.get('cache directory')
store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
@ -8783,7 +8761,7 @@ class GPOTests(tests.TestCase):
machine_creds.set_machine_account()
# Initialize the group policy extension
ext = gp_chromium_ext(logger, self.lp, machine_creds,
ext = gp_chromium_ext(self.lp, machine_creds,
machine_creds.get_username(), store)
ads = gpo.ADS_STRUCT(self.server, self.lp, machine_creds)
@ -8850,7 +8828,6 @@ class GPOTests(tests.TestCase):
guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
reg_pol = os.path.join(local_path, policies, guid,
'MACHINE/REGISTRY.POL')
logger = logging.getLogger('gpo_tests')
cache_dir = self.lp.get('cache directory')
store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
@ -8859,7 +8836,7 @@ class GPOTests(tests.TestCase):
machine_creds.set_machine_account()
# Initialize the group policy extension
ext = gp_firewalld_ext(logger, self.lp, machine_creds,
ext = gp_firewalld_ext(self.lp, machine_creds,
machine_creds.get_username(), store)
ads = gpo.ADS_STRUCT(self.server, self.lp, machine_creds)

3
python/samba/tests/gpo_member.py
View File

@ -35,11 +35,10 @@ class GPOTests(tests.TestCase):
super(GPOTests, self).tearDown()
def test_sec_ext_load_on_member(self):
logger = logging.getLogger('gpo_tests')
cache_dir = self.lp.get('cache directory')
store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
try:
gp_access_ext(logger, self.lp, self.creds,
gp_access_ext(self.lp, self.creds,
self.creds.get_username(), store)
except Exception:
self.fail('Initializing gp_access_ext should not require ad-dc')

7
python/samba/vgp_files_ext.py
View File

@ -19,6 +19,7 @@ from samba.gpclass import gp_xml_ext, check_safe_path
from tempfile import NamedTemporaryFile
from shutil import copyfile, move
from hashlib import blake2b
from samba.gp.util.logging import log
def calc_mode(entry):
mode = 0o000
@ -89,8 +90,7 @@ class vgp_files_ext(gp_xml_ext):
os.path.dirname(check_safe_path(path)).upper(),
source.upper())
if not os.path.exists(source_file):
self.logger.warn('Source file "%s" does not exist'
% source_file)
log.warn('Source file does not exist', source_file)
continue
source_hash = \
blake2b(open(source_file, 'rb').read()).hexdigest()
@ -103,8 +103,7 @@ class vgp_files_ext(gp_xml_ext):
if old_val == value:
continue
if os.path.exists(target):
self.logger.warn('Target file "%s" already exists'
% target)
log.warn('Target file already exists', target)
continue
with NamedTemporaryFile(dir=os.path.dirname(target),
delete=False) as f:

4
python/samba/vgp_sudoers_ext.py
View File

@ -20,6 +20,7 @@ from base64 import b64encode
from tempfile import NamedTemporaryFile
from subprocess import Popen, PIPE
from samba.gp_sudoers_ext import visudo, intro
from samba.gp.util.logging import log
class vgp_sudoers_ext(gp_xml_ext):
def __str__(self):
@ -82,8 +83,7 @@ class vgp_sudoers_ext(gp_xml_ext):
attribute,
f.name)
else:
self.logger.warn('Sudoers apply "%s" failed'
% p)
log.error('Sudoers apply failed', p)
self.gp_db.commit()
def rsop(self, gpo):

4
python/samba/vgp_symlink_ext.py
View File

@ -18,6 +18,7 @@ import os
from samba.gpclass import gp_xml_ext
from tempfile import NamedTemporaryFile
from subprocess import Popen, PIPE
from samba.gp.util.logging import log
class vgp_symlink_ext(gp_xml_ext):
def __str__(self):
@ -53,8 +54,7 @@ class vgp_symlink_ext(gp_xml_ext):
os.symlink(source, target)
self.gp_db.store(str(self), attribute, target)
else:
self.logger.warn('Symlink destination "%s" exists'
% target)
log.warn('Symlink destination exists', target)
self.gp_db.commit()
def rsop(self, gpo):

24
source4/scripting/bin/samba-gpupdate
View File

@ -50,7 +50,7 @@ from samba.gp_firefox_ext import gp_firefox_ext
from samba.gp_chromium_ext import gp_chromium_ext, gp_chrome_ext
from samba.gp_firewalld_ext import gp_firewalld_ext
from samba.credentials import Credentials
import logging
from samba.gp.util.logging import logger_init
if __name__ == "__main__":
parser = optparse.OptionParser('samba-gpupdate [options]')
@ -88,24 +88,12 @@ if __name__ == "__main__":
creds.set_machine_account(lp)
# Set up logging
logger = logging.getLogger('samba-gpupdate')
logger.addHandler(logging.StreamHandler(sys.stdout))
logger.setLevel(logging.CRITICAL)
log_level = lp.log_level()
if log_level == 1:
logger.setLevel(logging.ERROR)
elif log_level == 2:
logger.setLevel(logging.WARNING)
elif log_level == 3:
logger.setLevel(logging.INFO)
elif log_level >= 4:
logger.setLevel(logging.DEBUG)
logger_init('samba-gpupdate', lp.log_level())
cache_dir = lp.get('cache directory')
store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
machine_exts, user_exts = get_gp_client_side_extensions(logger,
lp.configfile)
machine_exts, user_exts = get_gp_client_side_extensions(lp.configfile)
gp_extensions = []
if opts.target == 'Computer':
gp_extensions.append(gp_access_ext)
@ -134,11 +122,11 @@ if __name__ == "__main__":
gp_extensions.extend(user_exts)
if opts.rsop:
rsop(lp, creds, logger, store, gp_extensions, username, opts.target)
rsop(lp, creds, store, gp_extensions, username, opts.target)
elif not opts.unapply:
apply_gp(lp, creds, logger, store, gp_extensions, username,
apply_gp(lp, creds, store, gp_extensions, username,
opts.target, opts.force)
else:
unapply_gp(lp, creds, logger, store, gp_extensions, username,
unapply_gp(lp, creds, store, gp_extensions, username,
opts.target)