summaryrefslogtreecommitdiff
path: root/python/samba/gpclass.py
AgeCommit message (Collapse)AuthorFilesLines
2019-01-17python/gpclass: Convert gpclass to use s3 SMB Python bindingsTim Beale1-3/+7
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org>
2018-12-10python/samba: PY3 port gpo.apply smbtorture testNoel Power1-8/+9
1) configparser.set requires string values 2) self.gp_db.store() etc. neex to pass str object for xml.etree.ElementTree.Element text attribute which needs to be text 3) tdb delete method needs bytes key 4) configparser.write needs a file opened in text mode Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-10-23python/samba: use PY3 version of ConfigParserNoel Power1-1/+1
Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-10-08gpo PEP8: balance whitespace around equalsDouglas Bagnall1-1/+1
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: David Mulder <dmulder@suse.com> Reviewed-by: Aurelien Aptel <aaptel@suse.com>
2018-10-08gpupdate: Add the --force optionDavid Mulder1-11/+16
This option forces the reapplication of policy, and works the same as MS 'gpupdate /force' Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Aurelien Aptel <aaptel@suse.com>
2018-10-08gpo: Remove unused apply_log_pop() and list() funcsDavid Mulder1-50/+0
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Aurelien Aptel <aaptel@suse.com>
2018-10-08gpo: add unapply to the gp_sec_extDavid Mulder1-0/+4
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Aurelien Aptel <aaptel@suse.com>
2018-10-08gpo: Calculate deleted gpos and unapply themDavid Mulder1-1/+8
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Aurelien Aptel <aaptel@suse.com>
2018-10-08gpo: Use the new process_group_policy() for unapplyDavid Mulder1-17/+11
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Aurelien Aptel <aaptel@suse.com>
2018-10-08gpo: avoid quadratic behaviour in guid retrievalDouglas Bagnall1-6/+6
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: David Mulder <dmulder@suse.com> Reviewed-by: Aurelien Aptel <aaptel@suse.com>
2018-10-08gpo: Create a function for returning applied settingsDavid Mulder1-0/+39
This returns a list of guids for gpos applied plus settings applied and their previous values. Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Aurelien Aptel <aaptel@suse.com>
2018-10-08gpo: apply_map should not be required for gp_extDavid Mulder1-4/+0
The apply_map function should not be a requirement to implement the gp_ext class, since only the gp_sec_ext uses it now. Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Aurelien Aptel <aaptel@suse.com>
2018-10-08gpo: Move policy application to the gp_extDavid Mulder1-25/+1
Policy specific setting application should be handled by the group policy extension, not the read/parse handler. Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Aurelien Aptel <aaptel@suse.com>
2018-10-08gpo: Remove unused gp_ext.list() functionDavid Mulder1-4/+0
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Aurelien Aptel <aaptel@suse.com>
2018-10-08gpo: Implement process_group_policy() gp_ext funcDavid Mulder1-18/+25
MS spec describes the policy callback as a function called ProcessGroupPolicy which accepts a pDeletedGPOList and a pChangedGPOList param. The Group Policy Client Side Extension then iterates over the deleted, then the changed gpo lists and applies/unapplies policy. We should do this also. Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Aurelien Aptel <aaptel@suse.com>
2018-10-08gpo: Initialize gp_ext variables in constructorDavid Mulder1-7/+6
Initialize variables for the gp_ext in the constructor instead of passing them via the parse function. This is a dependency of the "gpo: Implement process_group_policy() gp_ext func" patch, since the parse() function is now called by the ext, instead of by gpupdate within apply_gp(). The parse() function should only take the path variable, to simplify writing Client Side Extensions. Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Aurelien Aptel <aaptel@suse.com>
2018-10-08gpo: Initialize SamDB in the gp_sec_extDavid Mulder1-11/+11
The SamDB is only used by the gp_sec_ext, and isn't needed elsewhere, so initialize it where we need it and avoid passing it around everywhere. It makes the most sense to put this in the setter class that uses it, so pass our creds down so we have access to it, then initialize it there. Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Aurelien Aptel <aaptel@suse.com>
2018-10-08gpo: abstract methods are defined in the parent classDavid Mulder1-12/+0
These methods don't need redefined in the child class. Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Aurelien Aptel <aaptel@suse.com>
2018-09-03python/samba/tests: Use io.StringIO for py3 and StringIO.StrinIO for py2Noel Power1-1/+1
Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-08-24PEP8: fix E713: test for membership should be 'not in'Joe Guo1-2/+2
Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-08-24PEP8: fix E502: the backslash is redundant between bracketsJoe Guo1-2/+2
Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-08-24PEP8: fix E305: expected 2 blank lines after class or function definition, ↵Joe Guo1-0/+2
found 1 Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-08-24PEP8: fix E302: expected 2 blank lines, found 1Joe Guo1-0/+20
Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-08-24PEP8: fix E261: at least two spaces before inline commentJoe Guo1-1/+1
Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-08-24PEP8: fix E227: missing whitespace around bitwise or shift operatorJoe Guo1-1/+1
Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-08-24PEP8: fix E226: missing whitespace around arithmetic operatorJoe Guo1-3/+3
Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-08-24PEP8: fix E225: missing whitespace around operatorJoe Guo1-1/+1
Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-08-24PEP8: fix E211: whitespace before '('Joe Guo1-2/+1
Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-08-24PEP8: fix E128: continuation line under-indented for visual indentJoe Guo1-3/+3
Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-07-12gpo: Don't duplicate guids in the apply logDavid Mulder1-3/+5
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-07-12gpo: add list_gp_extensions for listing registered gp extensionsDavid Mulder1-0/+13
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-07-12gpo: add unregister_gp_extension for unregistering gp extensionsDavid Mulder1-0/+12
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-07-12gpo: add register_gp_extension for registering gp extensionsDavid Mulder1-0/+48
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-07-12gpo: Offline policy application via cacheDavid Mulder1-28/+7
Read policy files from the cache, rather than the sysvol. This enables offline policy apply. Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-07-12gpo: Read GPO versions locally, not from sysvolDavid Mulder1-3/+53
Non-kdc clients cannot read directly from the sysvol, so we need to store the GPT.INI file locally to read each gpo version. Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-04-12gpo: python chardet is not a dep of sambaDavid Mulder1-1/+0
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org> Autobuild-Date(master): Thu Apr 12 11:27:03 CEST 2018 on sn-devel-144
2018-04-12gpo: Create a gp_sec_ext moduleDavid Mulder1-134/+0
Move the gp_sec_ext into it's own module, which is how new gp_ext's will be created. Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-04-12gpo: Move implementation from samba_gpoupdateDavid Mulder1-0/+76
The implementation of group policy apply should not be in the application script. One reason is to implement user apply, we can call these functions via the python c-api, (passing creds via the command line will expose them via ps). Another reason for this is if some overrides the smb.conf "gpo update command" option, it would be useful to have these functions. Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-04-12gpo: Create base class gp_inf_extDavid Mulder1-34/+47
Abstract the process of reading from an ini file, since other extensions will be reading gpos this way. Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-04-12gpo: Move the file parse function to gp_extDavid Mulder1-27/+29
A file will always be read from the sysvol the same way, but the data will be read differently. This patch moves the parse function to gp_ext, and requires subclasses to implement the read() function to interpret the data. Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-04-12gpo: Move gp_sec_ext __init__ to base classDavid Mulder1-3/+3
For this class to be extensible, the constructor should be available to subclasses. Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-04-12gpo: Rename the inf_to class to gp_ext_setterDavid Mulder1-3/+3
This class will be subclassed and used for more than just inf settings application. Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-01-13gpo: Add the winbind call to gpupdateDavid Mulder1-8/+1
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-01-13gpo: Fix crashes in gpo unapplyDavid Mulder1-4/+11
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-12-15gpo: Only commit the earliest change to the logDavid Mulder1-1/+1
Otherwise we overwrite the original value, leaving the setting tattooed on unapplied Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org>
2017-12-15gpo: Fix the empty apply logDavid Mulder1-28/+37
The apply log wasn't being saved, apparently the pointers to elements of the tree were getting lost. Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org>
2017-11-21Fix formating of sources to be less than 80 linesGarming Sam1-47/+88
Signed-off-by: David Mulder <dmulder@suse.com> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Garming Sam <garming@samba.org> Autobuild-Date(master): Tue Nov 21 01:51:59 CET 2017 on sn-devel-144
2017-11-20python: This function converts days to a relative (ie negative) NTTIMEAndrew Bartlett1-3/+3
It is not nttime2unix as it claimed. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-11-20gpo: Apply kerberos settingsDavid Mulder1-1/+31
Add kdc kerberos settings to gpo.tdb, then retrieve those settings in lpcfg_default_kdc_policy. Signed-off-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-11-20gpo: Always enforce policy, even if unchangedDavid Mulder1-6/+39
Policies should always be enforced, even if the gpo hasn't changed. Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
generated by cgit v1.2.3 (git 2.25.1) at 2026-05-07 08:06:06 +0000