summaryrefslogtreecommitdiff
path: root/python/samba/gp_sec_ext.py
AgeCommit message (Collapse)AuthorFilesLines
2021-03-08gpo: Ensure that samba-gpupdate doesn't require ad-dcDavid Mulder1-2/+2
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>
2021-02-11gpo: Security gpext rsop list only own policiesDavid Mulder1-2/+4
The rsop should only list the policies from that extension, not from all policies in the same file. Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Feb 11 18:28:09 UTC 2021 on sn-devel-184
2020-10-02python2 reduction: Merge remaining compat code into commonDavid Mulder1-1/+1
The remaining compat code (get_string, get_bytes, cmp) are useful helper routines which we should simply merge into common (especially since there is some duplication here). Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Autobuild-User(master): David Mulder <dmulder@samba.org> Autobuild-Date(master): Fri Oct 2 14:49:36 UTC 2020 on sn-devel-184
2020-08-27gpo: gp_krb_ext always uses set_kdc_tdb to updateDavid Mulder1-10/+6
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-27gpo: Move gp_sec_ext conversion functions to topDavid Mulder1-18/+17
These functions don't actually use self, so can be moved to top level functions. Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-27gpo: Display Security Extension RSOP on ADDC onlyDavid Mulder1-0/+4
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-27gpo: Clarify the contents of deleted_gpo_list in process_group_policyDavid Mulder1-8/+8
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-06gpo: Remove unused gp_ext_setter codeDavid Mulder1-1/+1
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Autobuild-User(master): David Mulder <dmulder@samba.org> Autobuild-Date(master): Thu Aug 6 18:01:49 UTC 2020 on sn-devel-184
2020-08-06gpo: Extract Access policy from Security extensionDavid Mulder1-87/+48
Rewrite the extension to be easier to understand, and to remove references to gp_ext_setter. Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-06gpo: Extract Kerberos policy from Security extensionDavid Mulder1-26/+60
Rewrite the extension to be easier to understand, and to remove references to gp_ext_setter. Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-06gpo: Add RSOP output for Security ExtensionDavid Mulder1-0/+16
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-12-10python/samba: PY3 port gpo.apply smbtorture testNoel Power1-2/+3
1) configparser.set requires string values 2) self.gp_db.store() etc. neex to pass str object for xml.etree.ElementTree.Element text attribute which needs to be text 3) tdb delete method needs bytes key 4) configparser.write needs a file opened in text mode Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-10-08gpo: add unapply to the gp_sec_extDavid Mulder1-0/+18
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Aurelien Aptel <aaptel@suse.com>
2018-10-08gpo: remove unreached non-DC branch in gp_sec_ext.apply_map()David Mulder1-2/+0
We don't get this far if we are not a DC, and if somehow we do the errors will be no more informative due to this special case. Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Aurelien Aptel <aaptel@suse.com>
2018-10-08gpo: Move policy application to the gp_extDavid Mulder1-1/+15
Policy specific setting application should be handled by the group policy extension, not the read/parse handler. Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Aurelien Aptel <aaptel@suse.com>
2018-10-08gpo: Remove unused gp_ext.list() functionDavid Mulder1-4/+0
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Aurelien Aptel <aaptel@suse.com>
2018-10-08gpo: Implement process_group_policy() gp_ext funcDavid Mulder1-0/+11
MS spec describes the policy callback as a function called ProcessGroupPolicy which accepts a pDeletedGPOList and a pChangedGPOList param. The Group Policy Client Side Extension then iterates over the deleted, then the changed gpo lists and applies/unapplies policy. We should do this also. Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Aurelien Aptel <aaptel@suse.com>
2018-10-08gpo: Remove unused methods from gp_sec_extDavid Mulder1-6/+0
These functions were added by Luke, but have never actually done anything. If/when we read from these *.pol files, we won't need these separate functions to do it. Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Aurelien Aptel <aaptel@suse.com>
2018-10-08gpo: gp_sec_ext should check whether to applyDavid Mulder1-0/+18
Whether an extension should apply should be determined by the extension, not by the calling script. Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Aurelien Aptel <aaptel@suse.com>
2018-09-06PEP8: fix E127: continuation line over-indented for visual indentJoe Guo1-9/+9
Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-09-06PEP8: fix E124: closing bracket does not match visual indentationJoe Guo1-2/+2
Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-08-24PEP8: fix E502: the backslash is redundant between bracketsJoe Guo1-4/+4
Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-08-24PEP8: fix E302: expected 2 blank lines, found 1Joe Guo1-0/+3
Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-08-24PEP8: fix E226: missing whitespace around arithmetic operatorJoe Guo1-2/+2
Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-08-24PEP8: fix E203: whitespace before ':'Joe Guo1-4/+4
Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-08-24PEP8: fix E201: whitespace after '('Joe Guo1-2/+2
Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-08-24PEP8: fix E131: continuation line unaligned for hanging indentJoe Guo1-1/+1
Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-08-24PEP8: fix E128: continuation line under-indented for visual indentJoe Guo1-1/+1
Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-08-24PEP8: fix E124: closing bracket does not match visual indentationJoe Guo1-5/+5
Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-08-24PEP8: fix E271: multiple spaces after keywordJoe Guo1-1/+1
Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-07-13samdb: use int for get and set methods instead of digit strJoe Guo1-4/+4
This will make the API work in a nature way. Also, because of a defect in ldb API, code like `res[0]["maxPwdAge"][0]` will return bytes even in Python3, which will cause trouble. By casting the value to int, we avoid the str/bytes issue. Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-07-13gpo: Specify samba module when importing from gpclassDavid Mulder1-1/+1
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Jul 13 01:05:22 CEST 2018 on sn-devel-144
2018-04-12gpo: Create a gp_sec_ext moduleDavid Mulder1-0/+153
Move the gp_sec_ext into it's own module, which is how new gp_ext's will be created. Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
generated by cgit v1.2.3 (git 2.25.1) at 2026-05-23 05:04:06 +0000