diff options
author | David Mulder <dmulder@suse.com> | 2018-07-18 11:34:09 -0600 |
---|---|---|
committer | David Mulder <dmulder@samba.org> | 2020-08-27 15:59:34 +0000 |
commit | 3303869c4b8659904e490e4ca1bc8bbcd340138d (patch) | |
tree | 1248e0276533fc20eb95a16e31e25626ec11b30c | |
parent | 37661d1aacaa7b761134c3f21a241ee0c1539d21 (diff) | |
download | samba-3303869c4b8659904e490e4ca1bc8bbcd340138d.tar.gz |
gpo: Add CSE for applying smb.conf
Add an extension that applies smb.conf params
applied via the smb.conf admx files.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
-rw-r--r-- | python/samba/gp_smb_conf_ext.py | 66 | ||||
-rw-r--r-- | selftest/knownfail | 1 | ||||
-rwxr-xr-x | source4/scripting/bin/samba-gpupdate | 2 |
3 files changed, 67 insertions, 2 deletions
diff --git a/python/samba/gp_smb_conf_ext.py b/python/samba/gp_smb_conf_ext.py index 1089ec4181e..a67c7ea1278 100644 --- a/python/samba/gp_smb_conf_ext.py +++ b/python/samba/gp_smb_conf_ext.py @@ -14,8 +14,72 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. +import os, re, numbers from samba.gpclass import gp_pol_ext +from tempfile import NamedTemporaryFile + +def is_number(x): + return isinstance(x, numbers.Number) and \ + type(x) != bool class gp_smb_conf_ext(gp_pol_ext): def process_group_policy(self, deleted_gpo_list, changed_gpo_list): - pass + + pol_file = 'MACHINE/Registry.pol' + for guid, settings in deleted_gpo_list: + self.gp_db.set_guid(guid) + smb_conf = settings.get('smb.conf') + if smb_conf is None: + continue + for key, value in smb_conf.items(): + self.set_smb_conf(key, value) + self.gp_db.delete('smb.conf', key) + self.gp_db.commit() + + for gpo in changed_gpo_list: + if gpo.file_sys_path: + section_name = 'Software\\Policies\\Samba\\smb_conf' + self.gp_db.set_guid(gpo.name) + path = os.path.join(gpo.file_sys_path, pol_file) + pol_conf = self.parse(path) + if not pol_conf: + continue + for e in pol_conf.entries: + if not e.keyname.startswith(section_name): + continue + self.set_smb_conf(e.valuename, e.data) + self.gp_db.commit() + + def set_smb_conf(self, attribute, val): + old_val = self.lp.get(attribute) + + if type(val) == bytes: + val = val.decode() + if is_number(val) and is_number(old_val): + val = str(val) + elif is_number(val) and type(old_val) == bool: + val = bool(val) + if type(val) == bool: + val = 'yes' if val else 'no' + + self.lp.set(attribute, val) + with NamedTemporaryFile(delete=False, + dir=os.path.dirname(self.lp.configfile)) as f: + self.lp.dump(False, f.name) + mode = os.stat(self.lp.configfile).st_mode + os.chmod(f.name, mode) + os.rename(f.name, self.lp.configfile) + + self.logger.info('smb.conf [global] %s was changed from %s to %s' % \ + (attribute, old_val, str(val))) + + if is_number(old_val): + old_val = str(old_val) + elif type(old_val) == bool: + old_val = 'yes' if old_val else 'no' + elif type(old_val) == list: + old_val = ' '.join(old_val) + self.gp_db.store(str(self), attribute, old_val) + + def __str__(self): + return "smb.conf" diff --git a/selftest/knownfail b/selftest/knownfail index ae6468f93fb..6c005d1f4de 100644 --- a/selftest/knownfail +++ b/selftest/knownfail @@ -396,4 +396,3 @@ ^samba.tests.ntlmdisabled.python\(ktest\).python2.ntlmdisabled.NtlmDisabledTests.test_samr_change_password\(ktest\) ^samba.tests.ntlmdisabled.python\(ad_dc_no_ntlm\).python3.ntlmdisabled.NtlmDisabledTests.test_ntlm_connection\(ad_dc_no_ntlm\) ^samba.tests.ntlmdisabled.python\(ad_dc_no_ntlm\).python2.ntlmdisabled.NtlmDisabledTests.test_ntlm_connection\(ad_dc_no_ntlm\) -^samba.tests.gpo.samba.tests.gpo.GPOTests.test_smb_conf_ext diff --git a/source4/scripting/bin/samba-gpupdate b/source4/scripting/bin/samba-gpupdate index a5566cce6f2..d14bca4944b 100755 --- a/source4/scripting/bin/samba-gpupdate +++ b/source4/scripting/bin/samba-gpupdate @@ -34,6 +34,7 @@ from samba.gp_sec_ext import gp_krb_ext, gp_access_ext from samba.gp_ext_loader import get_gp_client_side_extensions from samba.gp_scripts_ext import gp_scripts_ext from samba.gp_sudoers_ext import gp_sudoers_ext +from samba.gp_smb_conf_ext import gp_smb_conf_ext import logging if __name__ == "__main__": @@ -87,6 +88,7 @@ if __name__ == "__main__": gp_extensions.append(gp_krb_ext) gp_extensions.append(gp_scripts_ext) gp_extensions.append(gp_sudoers_ext) + gp_extensions.append(gp_smb_conf_ext) gp_extensions.extend(machine_exts) elif opts.target == 'User': gp_extensions.extend(user_exts) |