1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

74 Commits

Author SHA1 Message Date
David Mulder
6d676cac41 gpo: Enable user policy application
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-08-13 19:14:30 +00:00
David Mulder
f97f94e93b gpo: Improve debug when extension fails to apply
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-07-20 15:25:37 +00:00
David Mulder
9f0e6f3c06 gpo: Fix up rsop output of ca certificate
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-07-15 19:13:29 +00:00
David Mulder
2d6bed495e samba-gpupdate: Check sysvol download paths in case-insensitive way
https://bugzilla.samba.org/show_bug.cgi?id=14665

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Björn Baumbach <bb@sernet.de>
2021-03-11 20:29:41 +00:00
David Mulder
a8b4b8082a gpo: Improve the samba-gpupdate --rsop output
Use the CSE name based on the class name, not the
module name. Also ignore the Local Policy gpo.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-03-08 17:58:37 +00:00
David Mulder
440802c24a gpo: Add gp_xml_ext parser for group policy
This adds an extension parser for parsing xml
files in the sysvol.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-12-19 07:00:36 +00:00
David Mulder
a3cd315321 python2 reduction: Merge remaining compat code into common
The remaining compat code (get_string, get_bytes,
cmp) are useful helper routines which we should
simply merge into common (especially since there
is some duplication here).

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Autobuild-User(master): David Mulder <dmulder@samba.org>
Autobuild-Date(master): Fri Oct  2 14:49:36 UTC 2020 on sn-devel-184
2020-10-02 14:49:36 +00:00
David Mulder
11f97148bb gpo: Pass necessary parameters to rsop
These parameters were missed by mistake when exts
were modified to be initialized within the rsop
command. Fixes an exception thrown when executing
samba-gpupdate --rsop:

Traceback (most recent call last):
  File "/usr/sbin/samba-gpupdate", line 99, in <module>
    rsop(lp, creds, gp_extensions, opts.target)
  File "/usr/lib64/python3.8/site-packages/samba/gpclass.py", line 512, in rsop
    ext = ext(logger, lp, creds, store)
NameError: name 'logger' is not defined

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-09-02 09:11:30 +00:00
David Mulder
dff01a5edf gpo: Test rsop function for success
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-09-02 09:11:30 +00:00
David Mulder
c887f7a7d2 gpo: Fix unapply failure when multiple extensions run
When multiple Group Policy Extensions are present,
only the last executed extension saves it's
changes to the Group Policy Database, due to the
database being loaded seperately for each
extension.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-27 15:59:33 +00:00
David Mulder
4a252f6e0f python compat: remove ConfigParser
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-08-24 01:46:30 +00:00
Andreas Schneider
6f552204d4 s3:client: Turn off smb signing for message op
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-08-19 16:22:42 +00:00
Andreas Schneider
946e43f0cc python: Set smb signing via the creds API
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-08-19 16:22:41 +00:00
Douglas Bagnall
4d9d63b000 python compat: remove StringIO
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
2020-08-11 16:37:35 +00:00
David Mulder
d512b1a4bd gpo: Remove unused gp_ext_setter code
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Autobuild-User(master): David Mulder <dmulder@samba.org>
Autobuild-Date(master): Thu Aug  6 18:01:49 UTC 2020 on sn-devel-184
2020-08-06 18:01:49 +00:00
David Mulder
f5202c7b55 gpo: Add --rsop option to samba-gpupdate
This command prints the Resultant Set of Policy
for applicable GPOs, for either the Computer or
User policy (depending on the target specified).
Policy specific output must be implemented for
each client side extension.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-06 16:38:36 +00:00
David Mulder
0f3066abbb gpo: Properly decode utf-8/16 inf files from bytes
This code was python 2 specific (string handling
has changed dramatically in python 3), and didn't
correctly decode utf-16 in python3. We should
instead read the file as bytes, then attempt a
utf-8 decode (the default), and try utf-16 if
encountering a decode failure.
The existing code actually throws an exception on
the initial file read when the data is utf-16,
since it tries to decode the bytes to a utf-8
string.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-06 16:38:36 +00:00
David Mulder
cd52a28091 Create Registry.pol group policy extension parser
Create a parent class for parsing Registry.pol
files by group policy extensions.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2020-06-23 16:32:30 +00:00
Tim Beale
3b2e86bba1 python/gpclass: Convert gpclass to use s3 SMB Python bindings
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-17 01:40:29 +01:00
Noel Power
c99450db4e python/samba: PY3 port gpo.apply smbtorture test
1) configparser.set requires string values
2) self.gp_db.store() etc. neex to pass str object for
   xml.etree.ElementTree.Element text attribute which needs
   to be text
3) tdb delete method needs bytes key
4) configparser.write needs a file opened in text mode

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-12-10 10:38:22 +01:00
Noel Power
72c5b27066 python/samba: use PY3 version of ConfigParser
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-10-23 05:50:26 +02:00
Douglas Bagnall
ba87e23b38 gpo PEP8: balance whitespace around equals
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: David Mulder <dmulder@suse.com>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
2018-10-08 18:17:16 +02:00
David Mulder
4e98d18bea gpupdate: Add the --force option
This option forces the reapplication of policy,
and works the same as MS 'gpupdate /force'

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
2018-10-08 18:17:16 +02:00
David Mulder
471089eed4 gpo: Remove unused apply_log_pop() and list() funcs
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
2018-10-08 18:17:16 +02:00
David Mulder
7d07d8bf33 gpo: add unapply to the gp_sec_ext
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
2018-10-08 18:17:16 +02:00
David Mulder
cab1650539 gpo: Calculate deleted gpos and unapply them
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
2018-10-08 18:17:15 +02:00
David Mulder
30f6ac9c16 gpo: Use the new process_group_policy() for unapply
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
2018-10-08 18:17:15 +02:00
Douglas Bagnall
9d7a0bb3de gpo: avoid quadratic behaviour in guid retrieval
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: David Mulder <dmulder@suse.com>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
2018-10-08 18:17:15 +02:00
David Mulder
cc02de6bfa gpo: Create a function for returning applied settings
This returns a list of guids for gpos applied
plus settings applied and their previous values.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
2018-10-08 18:17:15 +02:00
David Mulder
8a21ae6280 gpo: apply_map should not be required for gp_ext
The apply_map function should not be a requirement
to implement the gp_ext class, since only the
gp_sec_ext uses it now.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
2018-10-08 18:17:15 +02:00
David Mulder
78601b3516 gpo: Move policy application to the gp_ext
Policy specific setting application should be
handled by the group policy extension, not the
read/parse handler.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
2018-10-08 18:17:15 +02:00
David Mulder
7cef695368 gpo: Remove unused gp_ext.list() function
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
2018-10-08 18:17:15 +02:00
David Mulder
7bb326a60d gpo: Implement process_group_policy() gp_ext func
MS spec describes the policy callback as a
function called ProcessGroupPolicy which accepts
a pDeletedGPOList and a pChangedGPOList param.
The Group Policy Client Side Extension then
iterates over the deleted, then the changed gpo
lists and applies/unapplies policy. We should do
this also.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
2018-10-08 18:17:15 +02:00
David Mulder
4354071b7a gpo: Initialize gp_ext variables in constructor
Initialize variables for the gp_ext in the
constructor instead of passing them via the parse
function.
This is a dependency of the "gpo: Implement
process_group_policy() gp_ext func" patch, since
the parse() function is now called by the ext,
instead of by gpupdate within apply_gp(). The
parse() function should only take the path
variable, to simplify writing Client Side
Extensions.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
2018-10-08 18:17:15 +02:00
David Mulder
5dddb784f8 gpo: Initialize SamDB in the gp_sec_ext
The SamDB is only used by the gp_sec_ext, and
isn't needed elsewhere, so initialize it where
we need it and avoid passing it around
everywhere.
It makes the most sense to put this in the setter
class that uses it, so pass our creds down so we
have access to it, then initialize it there.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
2018-10-08 18:17:14 +02:00
David Mulder
f5c6bd5c84 gpo: abstract methods are defined in the parent class
These methods don't need redefined in the child
class.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
2018-10-08 18:17:14 +02:00
Noel Power
563c10ee63 python/samba/tests: Use io.StringIO for py3 and StringIO.StrinIO for py2
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-09-03 03:22:21 +02:00
Joe Guo
9f5bbcc10a PEP8: fix E713: test for membership should be 'not in'
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-08-24 07:49:31 +02:00
Joe Guo
7b031b01a1 PEP8: fix E502: the backslash is redundant between brackets
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-08-24 07:49:30 +02:00
Joe Guo
115f2a71b8 PEP8: fix E305: expected 2 blank lines after class or function definition, found 1
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-08-24 07:49:30 +02:00
Joe Guo
211c9a5f85 PEP8: fix E302: expected 2 blank lines, found 1
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-08-24 07:49:29 +02:00
Joe Guo
c809a86023 PEP8: fix E261: at least two spaces before inline comment
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-08-24 07:49:29 +02:00
Joe Guo
e1edeae83c PEP8: fix E227: missing whitespace around bitwise or shift operator
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-08-24 07:49:28 +02:00
Joe Guo
87bbc2df97 PEP8: fix E226: missing whitespace around arithmetic operator
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-08-24 07:49:28 +02:00
Joe Guo
32266d2d48 PEP8: fix E225: missing whitespace around operator
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-08-24 07:49:28 +02:00
Joe Guo
d9c282a9a5 PEP8: fix E211: whitespace before '('
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-08-24 07:49:27 +02:00
Joe Guo
5d532543ab PEP8: fix E128: continuation line under-indented for visual indent
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-08-24 07:49:27 +02:00
David Mulder
b05b6198a3 gpo: Don't duplicate guids in the apply log
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-07-12 22:11:23 +02:00
David Mulder
4436b6703c gpo: add list_gp_extensions for listing registered gp extensions
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-07-12 22:11:23 +02:00
David Mulder
b4f09af27a gpo: add unregister_gp_extension for unregistering gp extensions
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-07-12 22:11:23 +02:00