The branch, master has been updated
via 6e7d037 Fix formating of sources to be less than 80 lines
via 644bbf0 python: Convert gop.GROUP_POLICY_OBJECT to pytalloc
via 85f9018 python: Remove talloc_stackframe() held in an object
via d65f6dd libgpo: Setup the stack frame in ads_connect
via f0e3c2d Use talloc_stackframe() not talloc_tos() in namequery.c
via 3ba077f python: Remove Python 2.4 compat macro
via 0da76af python: Use py_check_dcerpc_type() to safely check for
credentials
via 3bc0c1f gpoupdate: Move closer to 80 columns
via 6d77776 python: This function converts days to a relative (ie
negative) NTTIME
via 9339227 pygpo: Check for errors in gpo.gpo_get_sysvol_gpt_version()
via 8be71f9 doc: Add samba_gpoupdate man page, update WHATSNEW
via e60f497 gpo: Apply kerberos settings
via 4a7ccbe gpo: Always enforce policy, even if unchanged
via 8d4c722 gpo: Add GPO unapply
via e750e4a gpo: Add gpo tests
via 05235a5 gpo: Install the samba_gpoupdate script
via de9cee2 gpoupdate: Rewrite samba_gpoupdate
via 8eba3b5 gpo: Make the gpclass more easily extensible
via 41d1ff7 libgpo: Add libgpo python bindings
via 78fd02c gpo: fix the building of gpext to only once
via 50a64b7 gpo: enable gpo update with addition to build system
via 377c068 gpoupdate: Remove developer path from the comment
via a6ea682 gpoupdate: Correct comment about hard-coded 5 second runing
of the script
via 2e432ef gpoupdate: Do not DEBUG(0) every scan interval
via 5662e49 gpo: Create the gpo update service
via 115615d gpo: Make the gpoupdate script much more reliable
via 5194cd4 gpo: Initial commit for GPO work
via 148b7ae gpo: Add python libgpo bindings
via a70aa65 Revert "libgpo: remove unused libgpo wscript_build."
via 6159b8e gpo: move mkdir_p to lib/util
via a80296b waf: Move script list to one-per-line
from d11473b source3: remove sock_exec
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 6e7d037ace6a7977597fdd30dc676ebacb61e56c
Author: Garming Sam <[email protected]>
Date: Mon Nov 20 10:28:33 2017 +1300
Fix formating of sources to be less than 80 lines
Signed-off-by: David Mulder <[email protected]>
Signed-off-by: Garming Sam <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
Autobuild-User(master): Garming Sam <[email protected]>
Autobuild-Date(master): Tue Nov 21 01:51:59 CET 2017 on sn-devel-144
commit 644bbf083bee416d85ff267c7fc2bac9401b8c2e
Author: Andrew Bartlett <[email protected]>
Date: Tue Oct 24 16:48:13 2017 +1300
python: Convert gop.GROUP_POLICY_OBJECT to pytalloc
This avoids PyCapsule calls not available in Python 2.6
We remove the __init__ function as it is useless, the
object is created by py_ads_get_gpo_list() which now
returns a python list rather than an iterator.
Signed-off-by: Andrew Bartlett <[email protected]>
Signed-off-by: David Mulder <[email protected]>
Reviewed-by: Garming Sam <[email protected]>
commit 85f901880391edc1a4c36572661d4a9a7547dcfd
Author: Andrew Bartlett <[email protected]>
Date: Tue Oct 24 17:24:38 2017 +1300
python: Remove talloc_stackframe() held in an object
talloc_stackframe() must not be held after the return from a function.
If this causes warnings (talloc_tos() use without a stackframe), this
must be fixed in each function.
Signed-off-by: Andrew Bartlett <[email protected]>
Reviewed-by: Garming Sam <[email protected]>
commit d65f6dd46aabf0b432c9d8ee01d901af61e13272
Author: David Mulder <[email protected]>
Date: Tue Nov 7 10:41:05 2017 -0700
libgpo: Setup the stack frame in ads_connect
Signed-off-by: David Mulder <[email protected]>
Reviewed-by: Garming Sam <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
commit f0e3c2daf901fa4413d3178d6c7a18fba13ccf91
Author: Andrew Bartlett <[email protected]>
Date: Thu Oct 26 16:06:27 2017 +1300
Use talloc_stackframe() not talloc_tos() in namequery.c
The pygpo code calls these functions but there was not stackframe set up so
tallos_tos() fails.
Signed-off-by: Andrew Bartlett <[email protected]>
Signed-off-by: David Mulder <[email protected]>
Reviewed-by: Garming Sam <[email protected]>
commit 3ba077f4dbda30d085823509b0aee132ff91edb6
Author: Andrew Bartlett <[email protected]>
Date: Tue Oct 24 16:46:19 2017 +1300
python: Remove Python 2.4 compat macro
Signed-off-by: Andrew Bartlett <[email protected]>
Reviewed-by: Garming Sam <[email protected]>
commit 0da76af16c6707c82762f029938be83c4ac5cd29
Author: Andrew Bartlett <[email protected]>
Date: Tue Oct 24 16:40:02 2017 +1300
python: Use py_check_dcerpc_type() to safely check for credentials
Signed-off-by: Andrew Bartlett <[email protected]>
Reviewed-by: Garming Sam <[email protected]>
commit 3bc0c1f8ee414454091642eb92238461c083903c
Author: Andrew Bartlett <[email protected]>
Date: Tue Oct 24 16:09:17 2017 +1300
gpoupdate: Move closer to 80 columns
Signed-off-by: Andrew Bartlett <[email protected]>
Reviewed-by: Garming Sam <[email protected]>
commit 6d77776ce7e285ec001a925aa9289ffb33d76d80
Author: Andrew Bartlett <[email protected]>
Date: Tue Oct 24 15:59:37 2017 +1300
python: This function converts days to a relative (ie negative) NTTIME
It is not nttime2unix as it claimed.
Signed-off-by: Andrew Bartlett <[email protected]>
Reviewed-by: Garming Sam <[email protected]>
commit 9339227eb98ad05fdb8d06d593db9b90e5f37844
Author: Andrew Bartlett <[email protected]>
Date: Tue Oct 24 15:58:45 2017 +1300
pygpo: Check for errors in gpo.gpo_get_sysvol_gpt_version()
Signed-off-by: Andrew Bartlett <[email protected]>
Reviewed-by: Garming Sam <[email protected]>
commit 8be71f97b64cf95a2a980f5036e1bf689d2ba908
Author: David Mulder <[email protected]>
Date: Mon Jul 10 13:57:21 2017 -0600
doc: Add samba_gpoupdate man page, update WHATSNEW
Signed-off-by: David Mulder <[email protected]>
Signed-off-by: Andrew Bartlett <[email protected]>
Reviewed-by: Garming Sam <[email protected]>
commit e60f49783e2d97443d1b87e48b7fa024d8aa518a
Author: David Mulder <[email protected]>
Date: Wed Aug 9 11:30:00 2017 -0600
gpo: Apply kerberos settings
Add kdc kerberos settings to gpo.tdb, then retrieve those settings in
lpcfg_default_kdc_policy.
Signed-off-by: Garming Sam <[email protected]>
Signed-off-by: David Mulder <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
commit 4a7ccbeab7656f96e2d7cadb9be44526c52910f7
Author: David Mulder <[email protected]>
Date: Mon Jun 12 16:00:38 2017 -0600
gpo: Always enforce policy, even if unchanged
Policies should always be enforced, even if the gpo hasn't changed.
Signed-off-by: David Mulder <[email protected]>
Reviewed-by: Garming Sam <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
commit 8d4c7229e984a31743be06573ca6a4abb9a7bb94
Author: David Mulder <[email protected]>
Date: Thu Jun 8 11:47:57 2017 -0600
gpo: Add GPO unapply
Keep a log of applied settings, and add an option to samba_gpoupdate to
allow unapply. An unapply will revert settings to a state prior to any policy
application.
Signed-off-by: David Mulder <[email protected]>
Reviewed-by: Garming Sam <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
commit e750e4a35f201f2e59e06933eb813e244279e73d
Author: David Mulder <[email protected]>
Date: Fri Mar 3 12:54:30 2017 -0700
gpo: Add gpo tests
Lays down a sysvol gpttmpl.inf with password policies, then runs the
samba_gpoupdate command. Verifies policies are applied to the samdb.
Signed-off-by: David Mulder <[email protected]>
Reviewed-by: Garming Sam <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
commit 05235a56e3261bacf27aca2a2e9e80b54f37f68d
Author: David Mulder <[email protected]>
Date: Fri Feb 10 10:33:29 2017 -0700
gpo: Install the samba_gpoupdate script
The samba_gpoupdate script was not being installed by waf.
Added samba_gpoupdate to the wscripts so it gets installed as part of a
make install.
Signed-off-by: David Mulder <[email protected]>
Reviewed-by: Garming Sam <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
commit de9cee2262637e854f7e06ef3bd48a43f5f31798
Author: David Mulder <[email protected]>
Date: Thu May 25 07:27:27 2017 -0600
gpoupdate: Rewrite samba_gpoupdate
Use new python bindings and remove obsoleted code
Signed-off-by: David Mulder <[email protected]>
Reviewed-by: Garming Sam <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
commit 8eba3b5d381990cb7a394b0a8f26116cf0af57ea
Author: David Mulder <[email protected]>
Date: Fri Feb 24 14:19:48 2017 -0700
gpo: Make the gpclass more easily extensible
Signed-off-by: David Mulder <[email protected]>
Reviewed-by: Garming Sam <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
commit 41d1ff74271806cdb5f7f811c37f742bd7b51ba5
Author: David Mulder <[email protected]>
Date: Wed May 10 13:30:17 2017 -0600
libgpo: Add libgpo python bindings
Create libgpo python bindings for GROUP_POLICY_OBJECT, ADS_STRUCT,
gpo_get_unix_path, ads_connect, and ads_get_gpo_list.
Signed-off-by: David Mulder <[email protected]>
Reviewed-by: Garming Sam <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
commit 78fd02cf31dfe72d596030f342aebefba1e72263
Author: Garming Sam <[email protected]>
Date: Wed Feb 5 17:18:23 2014 +1300
gpo: fix the building of gpext to only once
Signed-off-by: Garming Sam <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
commit 50a64b7ce95a353676669cfe4030b1451962ee6f
Author: Luke Morrison <[email protected]>
Date: Fri Feb 7 15:57:14 2014 +1300
gpo: enable gpo update with addition to build system
Split from "Initial commit for GPO work done by Luke Morrison" by Garming
Sam
Signed-off-by: Garming Sam <[email protected]>
Signed-off-by: Luke Morrison <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
commit 377c0681e1ae531a02aa1bbbb6dbda96cf81303d
Author: Andrew Bartlett <[email protected]>
Date: Tue Oct 24 16:06:05 2017 +1300
gpoupdate: Remove developer path from the comment
Signed-off-by: Andrew Bartlett <[email protected]>
Reviewed-by: Garming Sam <[email protected]>
commit a6ea6828f30bea098053e24cf457f0ffdac6e6a7
Author: Andrew Bartlett <[email protected]>
Date: Tue Oct 24 16:04:25 2017 +1300
gpoupdate: Correct comment about hard-coded 5 second runing of the script
Signed-off-by: Andrew Bartlett <[email protected]>
Reviewed-by: Garming Sam <[email protected]>
commit 2e432ef21e987aac9e1d7e58392aeab33f3ebe73
Author: Andrew Bartlett <[email protected]>
Date: Tue Oct 24 16:02:35 2017 +1300
gpoupdate: Do not DEBUG(0) every scan interval
Signed-off-by: Andrew Bartlett <[email protected]>
Reviewed-by: Garming Sam <[email protected]>
commit 5662e49b49f6557c80f216f510f224bbf800f40a
Author: Garming Sam <[email protected]>
Date: Wed Aug 9 14:17:09 2017 +1200
gpo: Create the gpo update service
Split from "Initial commit for GPO work done by Luke Morrison" by David
Mulder
Signed-off-by: Garming Sam <[email protected]>
Signed-off-by: Luke Morrison <[email protected]>
Signed-off-by: David Mulder <[email protected]>
Then adapted to current master
Signed-off-by: Andrew Bartlett <[email protected]>
commit 115615d836b3616f552d8e3df9984d3b60474d17
Author: David Mulder <[email protected]>
Date: Sat Feb 11 07:53:07 2017 -0700
gpo: Make the gpoupdate script much more reliable
Using a static file blanks the file when samba_gpoupdate crashes.
Transformed
to a tdb file and added transactions. Add info logging to monitor gpo
changes,
etc. Also handle parse errors and log an error message, then recover.
Modified
the parsing code to use ConfigParser. Also, use the backslash in path names
when opening smb files, otherwise it fails against a windows server.
Signed-off-by: David Mulder <[email protected]>
Reviewed-by: Garming Sam <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
commit 5194cd4e8d9d0308775042eeba544a5ea0a927a0
Author: Luke Morrison <[email protected]>
Date: Fri Jan 31 13:27:05 2014 +1300
gpo: Initial commit for GPO work
Enclosed is my Summer of Code 2013 patch to have vital password GPO always
applied to the Samba4 Domain Controller using a GPO update service.
To try it out "make -j" your samba with the patch, apply a security
password GPO and see the difference in ~20 seconds. It also takes GPO hierarchy
into account.
Split from "Initial commit for GPO work done by Luke Morrison" by David
Mulder
Signed-off-by: Garming Sam <[email protected]>
Signed-off-by: Luke Morrison <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
commit 148b7ae707f31e221fef79e80ccda2663d5526ee
Author: Luke Morrison <[email protected]>
Date: Fri Jan 31 13:27:05 2014 +1300
gpo: Add python libgpo bindings
Split from "Initial commit for GPO work done by Luke Morrison" by David
Mulder
Signed-off-by: Garming Sam <[email protected]>
Signed-off-by: Luke Morrison <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
commit a70aa65fa86ad12f75d94ec7b6a55e2040e38f2e
Author: Garming Sam <[email protected]>
Date: Fri Jan 31 13:15:41 2014 +1300
Revert "libgpo: remove unused libgpo wscript_build."
This reverts commit feffac806800c1740521133e88a7ac777ce8f368.
Signed-off-by: Garming Sam <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
commit 6159b8eb6a6df0743c35c9cf533c4cc1883c72c2
Author: David Mulder <[email protected]>
Date: Wed Mar 8 08:33:56 2017 -0700
gpo: move mkdir_p to lib/util
Move the mkdir_p function to lib/util so it can be used elsewhere
Signed-off-by: David Mulder <[email protected]>
Reviewed-by: Garming Sam <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
commit a80296b12e38ef3fb8d4601f0e0564c294f9dbc9
Author: Andrew Bartlett <[email protected]>
Date: Tue Oct 24 15:46:02 2017 +1300
waf: Move script list to one-per-line
Signed-off-by: Andrew Bartlett <[email protected]>
Reviewed-by: Garming Sam <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
WHATSNEW.txt | 13 +
ctdb/common/system.h | 1 -
ctdb/common/system_util.c | 49 +-
docs-xml/smbdotconf/domain/gpoupdatecommand.xml | 17 +
lib/param/loadparm.c | 1 +
lib/param/param.h | 3 +-
lib/param/util.c | 49 +-
lib/util/mkdir_p.c | 70 +++
ctdb/common/version.c => lib/util/mkdir_p.h | 9 +-
lib/util/wscript_build | 2 +-
{source3/libgpo => libgpo}/gpo_filesync.c | 0
{source3/libgpo => libgpo}/gpo_proto.h | 0
{source3/libgpo => libgpo}/gpo_reg.c | 1 -
libgpo/pygpo.c | 485 ++++++++++++++++++++
libgpo/wscript_build | 13 +
python/samba/gpclass.py | 516 ++++++++++++++++++++++
python/samba/samdb.py | 18 +
selftest/target/Samba4.pm | 1 +
source3/libgpo/gpext/wscript_build | 4 -
source3/libsmb/namequery.c | 17 +-
source3/param/loadparm.c | 7 +
source3/utils/wscript_build | 2 +-
source3/wscript_build | 19 -
source4/dsdb/gpo/gpo_update.c | 193 ++++++++
source4/dsdb/wscript_build | 9 +
source4/kdc/db-glue.c | 3 +-
source4/rpc_server/lsa/dcesrv_lsa.c | 9 +-
source4/scripting/bin/samba_gpoupdate | 160 +++++++
source4/scripting/bin/wscript_build | 9 +-
source4/scripting/man/samba_gpoupdate.8.xml | 117 +++++
source4/scripting/wscript_build | 5 +-
source4/selftest/tests.py | 4 +
source4/torture/gpo/apply.c | 197 +++++++++
librpc/ndr/ndr_rap.c => source4/torture/gpo/gpo.c | 19 +-
source4/torture/gpo/wscript_build | 13 +
source4/torture/wscript_build | 1 +
wscript_build | 1 +
37 files changed, 1928 insertions(+), 109 deletions(-)
create mode 100644 docs-xml/smbdotconf/domain/gpoupdatecommand.xml
create mode 100644 lib/util/mkdir_p.c
copy ctdb/common/version.c => lib/util/mkdir_p.h (83%)
rename {source3/libgpo => libgpo}/gpo_filesync.c (100%)
rename {source3/libgpo => libgpo}/gpo_proto.h (100%)
rename {source3/libgpo => libgpo}/gpo_reg.c (99%)
create mode 100644 libgpo/pygpo.c
create mode 100644 libgpo/wscript_build
create mode 100644 python/samba/gpclass.py
create mode 100644 source4/dsdb/gpo/gpo_update.c
create mode 100755 source4/scripting/bin/samba_gpoupdate
create mode 100644 source4/scripting/man/samba_gpoupdate.8.xml
create mode 100644 source4/torture/gpo/apply.c
copy librpc/ndr/ndr_rap.c => source4/torture/gpo/gpo.c (63%)
create mode 100644 source4/torture/gpo/wscript_build
Changeset truncated at 500 lines:
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 475ebcb..4265627 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -35,6 +35,19 @@ external crypto library performance reaches parity.
The default is to build without setting --accel-aes, which uses the
existing Samba software AES implementation.
+KDC GPO application
+-------------------
+
+Adds Group Policy support for the samba kdc. Applies password policies
+(minimum/maximum password age, minimum password length, and password
+complexity) and kerberos policies (user/service ticket lifetime and
+renew lifetime).
+
+Adds the samba_gpoupdate script for applying and unapplying
+policy. Can be applied automatically by setting
+
+ 'server services = +gpoupdate'.
+
smb.conf changes
================
diff --git a/ctdb/common/system.h b/ctdb/common/system.h
index ae01c58..e6f65b5 100644
--- a/ctdb/common/system.h
+++ b/ctdb/common/system.h
@@ -53,7 +53,6 @@ bool parse_ip_mask(const char *str, const char *ifaces,
ctdb_sock_addr *addr,
void lockdown_memory(bool valgrinding);
-int mkdir_p(const char *dir, int mode);
void mkdir_p_or_die(const char *dir, int mode);
void ctdb_wait_for_process_to_exit(pid_t pid);
diff --git a/ctdb/common/system_util.c b/ctdb/common/system_util.c
index 63dcd53..f27eed7 100644
--- a/ctdb/common/system_util.c
+++ b/ctdb/common/system_util.c
@@ -41,6 +41,8 @@
#include <procinfo.h>
#endif
+#include "lib/util/mkdir_p.h"
+
/*
if possible, make this task real time
*/
@@ -272,53 +274,6 @@ void lockdown_memory(bool valgrinding)
#endif
}
-int mkdir_p(const char *dir, int mode)
-{
- char t[PATH_MAX];
- ssize_t len;
- int ret;
-
- if (strcmp(dir, "/") == 0) {
- return 0;
- }
-
- if (strcmp(dir, ".") == 0) {
- return 0;
- }
-
- /* Try to create directory */
- ret = mkdir(dir, mode);
- /* Succeed if that worked or if it already existed */
- if (ret == 0 || errno == EEXIST) {
- return 0;
- }
- /* Fail on anything else except ENOENT */
- if (errno != ENOENT) {
- return ret;
- }
-
- /* Create ancestors */
- len = strlen(dir);
- if (len >= PATH_MAX) {
- errno = ENAMETOOLONG;
- return -1;
- }
- strncpy(t, dir, len+1);
-
- ret = mkdir_p(dirname(t), mode);
- if (ret != 0) {
- return ret;
- }
-
- /* Create directory */
- ret = mkdir(dir, mode);
- if ((ret == -1) && (errno == EEXIST)) {
- ret = 0;
- }
-
- return ret;
-}
-
void mkdir_p_or_die(const char *dir, int mode)
{
int ret;
diff --git a/docs-xml/smbdotconf/domain/gpoupdatecommand.xml
b/docs-xml/smbdotconf/domain/gpoupdatecommand.xml
new file mode 100644
index 0000000..22a4216
--- /dev/null
+++ b/docs-xml/smbdotconf/domain/gpoupdatecommand.xml
@@ -0,0 +1,17 @@
+<samba:parameter name="gpo update command"
+ context="G"
+ type="list"
+ advanced="1"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc";>
+<description>
+ <para>This option sets the command that is called to apply GPO policies.
+ The samba_gpoupdate script applies System Access and Kerberos Policies.
+ System Access policies set minPwdAge, maxPwdAge, minPwdLength, and
+ pwdProperties in the samdb. Kerberos Policies set kdc:service ticket
lifetime,
+ kdc:user ticket lifetime, and kdc:renewal lifetime in smb.conf.
+ </para>
+</description>
+
+<value type="default">&pathconfig.SCRIPTSBINDIR;/samba_gpoupdate</value>
+<value type="example">/usr/local/sbin/gpoupdate</value>
+</samba:parameter>
diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
index a1adb99..d788ffb 100644
--- a/lib/param/loadparm.c
+++ b/lib/param/loadparm.c
@@ -2730,6 +2730,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX
*mem_ctx)
lpcfg_do_global_parameter(lp_ctx, "require strong key", "True");
lpcfg_do_global_parameter(lp_ctx, "winbindd socket directory",
dyn_WINBINDD_SOCKET_DIR);
lpcfg_do_global_parameter(lp_ctx, "ntp signd socket directory",
dyn_NTP_SIGND_SOCKET_DIR);
+ lpcfg_do_global_parameter_var(lp_ctx, "gpo update command",
"%s/samba_gpoupdate", dyn_SCRIPTSBINDIR);
lpcfg_do_global_parameter_var(lp_ctx, "dns update command",
"%s/samba_dnsupdate", dyn_SCRIPTSBINDIR);
lpcfg_do_global_parameter_var(lp_ctx, "spn update command",
"%s/samba_spnupdate", dyn_SCRIPTSBINDIR);
lpcfg_do_global_parameter_var(lp_ctx, "samba kcc command",
diff --git a/lib/param/param.h b/lib/param/param.h
index 680c053..0a3bde6 100644
--- a/lib/param/param.h
+++ b/lib/param/param.h
@@ -289,7 +289,8 @@ const char *lpcfg_imessaging_path(TALLOC_CTX *mem_ctx,
const char *lpcfg_sam_name(struct loadparm_context *lp_ctx);
const char *lpcfg_sam_dnsname(struct loadparm_context *lp_ctx);
-void lpcfg_default_kdc_policy(struct loadparm_context *lp_ctx,
+void lpcfg_default_kdc_policy(TALLOC_CTX *mem_ctx,
+ struct loadparm_context *lp_ctx,
time_t *svc_tkt_lifetime,
time_t *usr_tkt_lifetime,
time_t *renewal_lifetime);
diff --git a/lib/param/util.c b/lib/param/util.c
index 52796562..cd8e74b 100644
--- a/lib/param/util.c
+++ b/lib/param/util.c
@@ -29,6 +29,7 @@
#include "system/dir.h"
#include "param/param.h"
#include "libds/common/roles.h"
+#include "tdb.h"
/**
* @file
@@ -270,22 +271,56 @@ const char *lpcfg_sam_dnsname(struct loadparm_context
*lp_ctx)
}
}
-void lpcfg_default_kdc_policy(struct loadparm_context *lp_ctx,
+static long tdb_fetch_lifetime(TALLOC_CTX *mem_ctx, struct tdb_context *tdb,
const char *keystr)
+{
+ TDB_DATA key;
+ TDB_DATA ret;
+ char *tmp = NULL;
+ long result;
+
+ key.dptr = discard_const_p(unsigned char, keystr);
+ key.dsize = strlen(keystr);
+
+ if (!key.dptr)
+ return -1;
+
+ ret = tdb_fetch(tdb, key);
+ if (ret.dsize == 0)
+ return -1;
+
+ tmp = talloc_realloc(mem_ctx, tmp, char, ret.dsize+1);
+ memset(tmp, 0, ret.dsize+1);
+ memcpy(tmp, ret.dptr, ret.dsize);
+ free(ret.dptr);
+
+ result = atol(tmp);
+ talloc_free(tmp);
+ return result;
+}
+
+void lpcfg_default_kdc_policy(TALLOC_CTX *mem_ctx,
+ struct loadparm_context *lp_ctx,
time_t *svc_tkt_lifetime,
time_t *usr_tkt_lifetime,
time_t *renewal_lifetime)
{
long val;
+ TDB_CONTEXT *ctx = NULL;
+ const char *kdc_tdb = NULL;
+
+ kdc_tdb = lpcfg_cache_path(mem_ctx, lp_ctx, "gpo.tdb");
+ if (kdc_tdb)
+ ctx = tdb_open(kdc_tdb, 0, TDB_DEFAULT, O_RDWR, 0600);
- val = lpcfg_parm_long(lp_ctx, NULL,
- "kdc", "service ticket lifetime", 10);
+ if (!ctx || ( val = tdb_fetch_lifetime(mem_ctx, ctx,
"kdc:service_ticket_lifetime") ) == -1 )
+ val = lpcfg_parm_long(lp_ctx, NULL, "kdc", "service ticket
lifetime", 10);
*svc_tkt_lifetime = val * 60 * 60;
- val = lpcfg_parm_long(lp_ctx, NULL,
- "kdc", "user ticket lifetime", 10);
+ if (!ctx || ( val = tdb_fetch_lifetime(mem_ctx, ctx,
"kdc:user_ticket_lifetime") ) == -1 )
+ val = lpcfg_parm_long(lp_ctx, NULL, "kdc", "user ticket
lifetime", 10);
*usr_tkt_lifetime = val * 60 * 60;
- val = lpcfg_parm_long(lp_ctx, NULL,
- "kdc", "renewal lifetime", 24 * 7);
+ if (!ctx || ( val = tdb_fetch_lifetime(mem_ctx, ctx,
"kdc:renewal_lifetime") ) == -1 )
+ val = lpcfg_parm_long(lp_ctx, NULL, "kdc", "renewal lifetime",
24 * 7);
*renewal_lifetime = val * 60 * 60;
}
diff --git a/lib/util/mkdir_p.c b/lib/util/mkdir_p.c
new file mode 100644
index 0000000..290a1f3
--- /dev/null
+++ b/lib/util/mkdir_p.c
@@ -0,0 +1,70 @@
+/*
+ mkdir -p
+
+ Copyright (C) Amitay Isaacs 2014
+ Copyright (C) Martin Schwenke 2014
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, see <http://www.gnu.org/licenses/>.
+*/
+#include "replace.h"
+#include <sys/stat.h>
+#include <libgen.h>
+#include "mkdir_p.h"
+
+int mkdir_p(const char *dir, int mode)
+{
+ char t[PATH_MAX];
+ ssize_t len;
+ int ret;
+
+ if (strcmp(dir, "/") == 0) {
+ return 0;
+ }
+
+ if (strcmp(dir, ".") == 0) {
+ return 0;
+ }
+
+ /* Try to create directory */
+ ret = mkdir(dir, mode);
+ /* Succeed if that worked or if it already existed */
+ if (ret == 0 || errno == EEXIST) {
+ return 0;
+ }
+ /* Fail on anything else except ENOENT */
+ if (errno != ENOENT) {
+ return ret;
+ }
+
+ /* Create ancestors */
+ len = strlen(dir);
+ if (len >= PATH_MAX) {
+ errno = ENAMETOOLONG;
+ return -1;
+ }
+ strncpy(t, dir, len+1);
+
+ ret = mkdir_p(dirname(t), mode);
+ if (ret != 0) {
+ return ret;
+ }
+
+ /* Create directory */
+ ret = mkdir(dir, mode);
+ if ((ret == -1) && (errno == EEXIST)) {
+ ret = 0;
+ }
+
+ return ret;
+}
diff --git a/ctdb/common/version.c b/lib/util/mkdir_p.h
similarity index 83%
copy from ctdb/common/version.c
copy to lib/util/mkdir_p.h
index e34e98c..9281de8 100644
--- a/ctdb/common/version.c
+++ b/lib/util/mkdir_p.h
@@ -1,5 +1,8 @@
/*
- CTDB version string
+ mkdir -p
+
+ Copyright (C) Amitay Isaacs 2014
+ Copyright (C) Martin Schwenke 2014
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -15,6 +18,4 @@
along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
-#include "ctdb_version.h"
-
-const char ctdb_version_string[] = CTDB_VERSION_STRING;
+int mkdir_p(const char *dir, int mode);
diff --git a/lib/util/wscript_build b/lib/util/wscript_build
index bb3cdd1..0b16b6f 100644
--- a/lib/util/wscript_build
+++ b/lib/util/wscript_build
@@ -72,7 +72,7 @@ bld.SAMBA_SUBSYSTEM('samba-util-core',
signal.c util.c idtree.c fault.c
substitute.c util_process.c util_strlist.c
strv_util.c bitmap.c select.c pidfile.c
- become_daemon.c ''',
+ become_daemon.c mkdir_p.c''',
deps='''time-basic samba-debug socket-blocking talloc
tevent execinfo pthread strv''',
local_include=False)
diff --git a/source3/libgpo/gpo_filesync.c b/libgpo/gpo_filesync.c
similarity index 100%
rename from source3/libgpo/gpo_filesync.c
rename to libgpo/gpo_filesync.c
diff --git a/source3/libgpo/gpo_proto.h b/libgpo/gpo_proto.h
similarity index 100%
rename from source3/libgpo/gpo_proto.h
rename to libgpo/gpo_proto.h
diff --git a/source3/libgpo/gpo_reg.c b/libgpo/gpo_reg.c
similarity index 99%
rename from source3/libgpo/gpo_reg.c
rename to libgpo/gpo_reg.c
index 7f5fbc4..18d0498 100644
--- a/source3/libgpo/gpo_reg.c
+++ b/libgpo/gpo_reg.c
@@ -1037,4 +1037,3 @@ WERROR reg_apply_registry_entry(TALLOC_CTX *mem_ctx,
return werr;
}
-
diff --git a/libgpo/pygpo.c b/libgpo/pygpo.c
new file mode 100644
index 0000000..a54ddb9
--- /dev/null
+++ b/libgpo/pygpo.c
@@ -0,0 +1,485 @@
+/*
+ Unix SMB/CIFS implementation.
+ Copyright (C) Luke Morrison <[email protected]> 2013
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include <Python.h>
+#include "includes.h"
+#include "version.h"
+#include "param/pyparam.h"
+#include "gpo.h"
+#include "ads.h"
+#include "secrets.h"
+#include "../libds/common/flags.h"
+#include "librpc/rpc/pyrpc_util.h"
+#include "auth/credentials/pycredentials.h"
+#include "libcli/util/pyerrors.h"
+
+/* A Python C API module to use LIBGPO */
+
+#define GPO_getter(ATTR) \
+static PyObject* GPO_get_##ATTR(PyObject *self, void *closure) \
+{ \
+ struct GROUP_POLICY_OBJECT *gpo_ptr \
+ = pytalloc_get_ptr(self); \
+ \
+ if (gpo_ptr->ATTR) \
+ return PyString_FromString(gpo_ptr->ATTR); \
+ else \
+ return Py_None; \
+}
+GPO_getter(ds_path)
+GPO_getter(file_sys_path)
+GPO_getter(display_name)
+GPO_getter(name)
+GPO_getter(link)
+GPO_getter(user_extensions)
+GPO_getter(machine_extensions)
+
+static PyGetSetDef GPO_setters[] = {
+ {discard_const_p(char, "ds_path"), (getter)GPO_get_ds_path, NULL, NULL,
+ NULL},
+ {discard_const_p(char, "file_sys_path"), (getter)GPO_get_file_sys_path,
+ NULL, NULL, NULL},
+ {discard_const_p(char, "display_name"), (getter)GPO_get_display_name,
NULL,
+ NULL, NULL},
+ {discard_const_p(char, "name"), (getter)GPO_get_name, NULL, NULL, NULL},
+ {discard_const_p(char, "link"), (getter)GPO_get_link, NULL, NULL, NULL},
+ {discard_const_p(char, "user_extensions"),
(getter)GPO_get_user_extensions,
+ NULL, NULL, NULL},
+ {discard_const_p(char, "machine_extensions"),
+ (getter)GPO_get_machine_extensions, NULL, NULL, NULL},
+ {NULL}
+};
+
+static PyObject *py_gpo_get_unix_path(PyObject *self, PyObject *args,
+ PyObject *kwds)
+{
+ NTSTATUS status;
+ const char *cache_dir = NULL;
+ PyObject *ret = Py_None;
+ char *unix_path = NULL;
+ TALLOC_CTX *frame = NULL;
+ static const char *kwlist[] = {"cache_dir", NULL};
+ struct GROUP_POLICY_OBJECT *gpo_ptr \
+ = (struct GROUP_POLICY_OBJECT *)pytalloc_get_ptr(self);
+
+ if (!PyArg_ParseTupleAndKeywords(args, kwds, "|s",
+ discard_const_p(char *, kwlist),
+ &cache_dir)) {
+ PyErr_SetString(PyExc_SystemError,
+ "Failed to parse arguments to
gpo_get_unix_path()");
+ goto out;
+ }
+
+ if (!cache_dir) {
+ cache_dir = cache_path(GPO_CACHE_DIR);
+ if (!cache_dir) {
+ PyErr_SetString(PyExc_MemoryError,
+ "Failed to determine gpo cache dir");
+ goto out;
+ }
+ }
+
+ frame = talloc_stackframe();
+
+ status = gpo_get_unix_path(frame, cache_dir, gpo_ptr, &unix_path);
+
+ TALLOC_FREE(frame);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ PyErr_SetString(PyExc_SystemError,
+ "Failed to determine gpo unix path");
+ goto out;
+ }
+
+ ret = PyString_FromString(unix_path);
+
+out:
+ return ret;
+}
+
+static PyMethodDef GPO_methods[] = {
+ {"get_unix_path", (PyCFunction)py_gpo_get_unix_path, METH_KEYWORDS,
NULL },
+ {NULL}
+};
+
+static PyTypeObject GPOType = {
+ PyVarObject_HEAD_INIT(NULL, 0)
+ .tp_name = "gpo.GROUP_POLICY_OBJECT",
+ .tp_doc = "GROUP_POLICY_OBJECT",
+ .tp_getset = GPO_setters,
+ .tp_methods = GPO_methods,
+ .tp_flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE,
+};
+
+typedef struct {
+ PyObject_HEAD
+ ADS_STRUCT *ads_ptr;
+ struct cli_credentials *cli_creds;
--
Samba Shared Repository
