samba-mirror

mirror of https://github.com/samba-team/samba.git synced 2025-06-15 07:17:05 +03:00

Author	SHA1	Message	Date
Douglas Bagnall	e008c8f830	python/gp_cert_auto_enroll: removed unused imports Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: David Mulder <dmulder@suse.com> Autobuild-User(master): David Mulder <dmulder@samba.org> Autobuild-Date(master): Thu May 5 14:39:50 UTC 2022 on sn-devel-184	2022-05-05 14:39:50 +00:00
Douglas Bagnall	6d20b7fe2d	py/gp_cert_auto_enroll_ext: avoid redundant iteration self.__read_cep_data() does a 'for end_point_group in end_point_information:', and we don't need to do it outside Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: David Mulder <dmulder@suse.com>	2022-05-05 13:42:32 +00:00
Douglas Bagnall	830193102d	py/gp_cert_auto_enroll_ext: avoid shadowing loop variable Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: David Mulder <dmulder@suse.com>	2022-05-05 13:42:32 +00:00
David Mulder	ddeedcb6b2	gpo: Add Cert Auto Enroll Advanced Config Advanced configuration for Certifcate Auto Enrollment is stored on the sysvol, and needs to be parsed/used when provided. Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue May 3 21:48:57 UTC 2022 on sn-devel-184	2022-05-03 21:48:57 +00:00
David Mulder	a54d707435	gpo: Test Cert Auto Enroll Advanced Config Adds advanced configuration to the testing of certificate auto enrollment. Currently fails. Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>	2022-05-03 20:55:32 +00:00
David Mulder	ab2ef316c1	gpo: Generalize Cert Auto Enroll CA data This will simplify fetching CAs from the Registry.pol in a follow up commit. Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>	2022-05-03 20:55:32 +00:00
David Mulder	6171dfc528	gpo: Fix crash in Cert Auth Enroll RSOP Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>	2022-05-03 20:55:32 +00:00
David Mulder	45d76ecad2	gpo: Certificate Auto Enroll correctly check templates [MS-CAESO] 4.4.5.3.2.4 and 4.4.5.3.2.4.2 explain to fetch templates via cep, then to gather attrs for the templates after. This code was reversed. This will matter when implementing advanced endpoint configuration. Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>	2022-05-03 20:55:32 +00:00
David Mulder	a49a5702eb	gpo: Correct CA Initilization to obey [MS-CAESO] fetch_certification_authorities() did not correctly obey the [MS-CAESO] spec. Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>	2022-05-03 20:55:32 +00:00
David Mulder	63bbdbae19	gpo: Improve Certificate Auto Enroll Debug messages Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Apr 5 01:44:33 UTC 2022 on sn-devel-184	2022-04-05 01:44:33 +00:00
David Mulder	157d2dd77f	gpo: Certificate Auto Enrollment default Kerberos auth Certificate Auto Enrollment uses Kerberos to authenticate to AD. If someone configures their cepces.conf to use a different default authentication, then samba-gpupdate fails. Force Kerberos auth from samba-gpupdate. Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>	2022-04-05 00:54:37 +00:00
David Mulder	c788ed7b8b	samba-gpupdate: Implement enhanced logging This ports the enhanced logging capabilities from AltLinux gpupdate. It generates log messages such as: 2022-03-02 11:28:54.872\|[E40104]\| Failed to set interfaces for zone \| {'val': 'work'} 2022-03-02 11:28:55.017\|[E40104]\| Failed to set interfaces for zone \| {'val': 'home'} Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Mar 24 23:40:47 UTC 2022 on sn-devel-184	2022-03-24 23:40:47 +00:00
David Mulder	0f26dbe0d0	gpo: Print getcert message to debug Otherwise re-running gpupdate to enforce policy displays 'already exists' messages, which confusingly appear to be a failure, but are actually intentional behavior. Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Aug 13 20:06:31 UTC 2021 on sn-devel-184	2021-08-13 20:06:31 +00:00
David Mulder	e3a956e075	gpo: Decode the bytes for cepces-submit failure When displaying the error from cepces-submit, make sure to decode the bytes (otherwise it is hard to read). Also print the error to debug instead of warn (it may dump a traceback). Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>	2021-08-13 19:14:31 +00:00
David Mulder	7a04052dad	gpo: Ignore symlink failure on sscep renew Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>	2021-08-13 19:14:30 +00:00
David Mulder	4a5f6d88ff	gpo: Warn when fetching the supported templates fails When Certificate Auto Enrollment fails to fetch the list of supported templates, display a warning. Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>	2021-07-20 15:25:37 +00:00
David Mulder	a92b05ec7b	gpo: Ensure Network Device Enrollment Service if sscep fails Prompt the user to check that Network Device Enrollment Service is installed and configured if sscep fails to download the certificate root chain. Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>	2021-07-20 15:25:37 +00:00
David Mulder	9c0a174af2	gpo: Add Certificate Auto Enrollment Policy Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>	2021-07-15 19:13:29 +00:00

18 Commits