summaryrefslogtreecommitdiff
path: root/python/samba/gp/gpclass.py
AgeCommit message (Collapse)AuthorFilesLines
2025-07-10Add check for the GPO link to have at least two attributes separated by ↵Aleksandr Sharov1-1/+3
semicolumn. Allows to handle empty links. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15877 RN: Fix handling of empty GPO link Singed-off-by: Alex Sharov (kororland@gmail.com) Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Thu Jul 10 18:55:33 UTC 2025 on atb-devel-224
2024-04-17python: Fix NtVer check for site_dn_for_machine()Andreas Schneider1-3/+1
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15633 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: David Mulder <dmulder@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Wed Apr 17 19:32:11 UTC 2024 on atb-devel-224
2024-02-26python:gp: Implement client site lookup in site_dn_for_machine()Andreas Schneider1-23/+45
This is [MS-GPOL] 3.2.5.1.4 Site Search. The netr_DsRGetSiteName() needs to run over local rpc, however we do not have the call implemented in our rpc_server. What netr_DsRGetSiteName() actually does is an ldap query to get the sitename, we can just do the same. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15588 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Mon Feb 26 08:06:08 UTC 2024 on atb-devel-224
2024-01-23gp: Skip site GP list if no site is foundDavid Mulder1-12/+18
[MS-GPOL] 3.2.5.1.4 Site Search says if the site search returns ERROR_NO_SITENAME, the GP site search should be skipped. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15548 Signed-off-by: David Mulder <dmulder@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Tue Jan 23 11:20:35 UTC 2024 on atb-devel-224
2023-12-15python: pep257: docstring should use double quotesRob van der Linde1-61/+61
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-16gpdupate: Implement Drive Maps Client Side ExtensionDavid Mulder1-0/+67
Signed-off-by: David Mulder <dmulder@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-26python: Change the generic merge_nt_token() to being specific to the ↵Andrew Bartlett1-6/+7
system_token This allows us to punt on the question of merging the claims, as there are none on the system token. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-08-30gp: Use read_file() instead of readfp()Joseph Sutton1-2/+2
readfp() is deprecated and could be removed in a future version of Python. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-30gp: Fix resource leaksJoseph Sutton1-3/+6
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-30gp: Prefer ‘x not in y’ to ‘not x in y’Joseph Sutton1-1/+1
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-30python: Remove redundant backslashesJoseph Sutton1-1/+1
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-30python: Remove unused importsJoseph Sutton1-5/+3
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-07-31gp: Add a misc applier, to assist some gp extsDavid Mulder1-0/+27
Signed-off-by: David Mulder <dmulder@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-06-23python:samba:gp: Fix code spellingAndreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-06-10gp: Fix user apply failure when droping privsDavid Mulder1-1/+1
When dropping privileges, gpupdate errored: gpclass.py:1167: KeyError: "getpwnam(): name not found: <HOSTNAME> apply_gp was incorrectly passing the hostname instead of the username. Signed-off-by: David Mulder <dmulder@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sat Jun 10 10:46:28 UTC 2023 on atb-devel-224
2023-05-09gp: get_gpo() should re-raise the Exception, not returnDavid Mulder1-1/+1
If we return from this failure, then `new_gpo` is set to `None` and we will fail in some obscure way within a CSE later (since we append `None` to the GPO list). Instead, re-raise the Exception so we see that an error happened when fetching the GPO. Signed-off-by: David Mulder <dmulder@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28gp: Add site-dn fallback when rpc call failsDavid Mulder1-4/+22
In testing I noticed that the rpc call for the site name is failing when joined via SSSD. This commit adds a fallback to check using the old style method found in ads_site_dn_for_machine() (which works, but doesn't obey the Group Policy spec) if the rpc call fails. Signed-off-by: David Mulder <dmulder@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Apr 28 03:14:25 UTC 2023 on atb-devel-224
2023-04-28gpupdate: Implement get_gpo_list in pythonDavid Mulder1-6/+292
The ADS code in libgpo is buggy. Rewrite get_gpo_list in python using SamDB. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15225 Signed-off-by: David Mulder <dmulder@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-03gp: Don't use invalid escape sequencesJoseph Sutton1-1/+1
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-03gp: Avoid shadowing importJoseph Sutton1-7/+7
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-23python: fix mutable default argumentsRob van der Linde1-1/+6
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Feb 23 23:33:46 UTC 2023 on atb-devel-224
2023-02-10gp: Log ext failure with file and line numberDavid Mulder1-2/+4
Rather than dumping a traceback when there is a failure, simply log the file name, line number and the error message instead. This is much cleaner. Signed-off-by: David Mulder <dmulder@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2022-12-21gp: Fix rsop when final value isn't a strDavid Mulder1-1/+6
The output must be a string value, or it will crash. Chromium policies output integers, which was causing the parser to crash. Signed-off-by: David Mulder <dmulder@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2022-12-21gp: Re-create files if manually removedDavid Mulder1-1/+2
Signed-off-by: David Mulder <dmulder@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2022-12-21gp: Implement appliers for monitoring policy changesDavid Mulder1-0/+204
This is currently a significant drawback of Samba Group Policy. CSEs MUST be aware of policy changes such as modification, removal, etc. This is a complex process, and is easy to mess up. Here I add 'appliers' (the first being for files), which handle the complexty transparently to ensure this is done correctly. Signed-off-by: David Mulder <dmulder@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2022-12-06python/samba: use s3 param samba config parsingNoel Power1-1/+2
follup to commit: b4d7540bb4798e6801accf34a26fc0f2636bdd1f fix another instance to use s3 config parsing which is more forgiving (e.g. include directives that point to non existing files are ignored) Signed-off-by: Noel Power <npower@samba.org> Reviewed-by: David Mulder <dmulder@samba.org> Autobuild-User(master): Noel Power <npower@samba.org> Autobuild-Date(master): Tue Dec 6 10:38:56 UTC 2022 on sn-devel-184
2022-07-22gpo: samba-gpupdate use s3 param for registry confDavid Mulder1-6/+1
Cause samba-gpupdate to use an s3 param so that it can load settings from registry configuration. Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Jul 22 20:40:51 UTC 2022 on sn-devel-184
2022-05-31gpo: Move Group Policy code below gp directoryDavid Mulder1-0/+671
Moves the Group Policy extensions and supporting code within the existing python/samba/gp directory. Meant to clean up the clutter that's accumulating in python/samba. Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue May 31 20:15:45 UTC 2022 on sn-devel-184
generated by cgit v1.2.3 (git 2.25.1) at 2026-05-06 22:46:00 +0000