The branch, master has been updated via 50d900b6f9b tests: Make sure that idmap_ad retrieves unix nss attributes via 1ba15c459b9 GPO: Update the samba-gpupdate man page via 11f97148bb5 gpo: Pass necessary parameters to rsop via dff01a5edf6 gpo: Test rsop function for success via 07ce4808882 samba-tool: Create unix user with modified template homedir via 38fcad60a8e samba-tool: Test creating unix user with modified template homedir from 0c461f3bd58 lzxpress: avoid technically undefined shift
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 50d900b6f9b8c35e673fc280efd505121a7579d3 Author: Volker Lendecke <v...@samba.org> Date: Sun Aug 30 11:45:56 2020 +0200 tests: Make sure that idmap_ad retrieves unix nss attributes Make sure that unix_primary_group and unix_nss_info idmap_ad options work. We have two domains here and test wbinfo -i for both domains, so we also run the test without those options for the trusted domain. Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> Autobuild-User(master): Jeremy Allison <j...@samba.org> Autobuild-Date(master): Wed Sep 2 10:35:53 UTC 2020 on sn-devel-184 commit 1ba15c459b9b99fec905533ca8c34f55b3a7e99c Author: David Mulder <dmul...@suse.com> Date: Fri Aug 28 15:32:13 2020 -0600 GPO: Update the samba-gpupdate man page Signed-off-by: David Mulder <dmul...@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> Reviewed-by: Jeremy Allison <j...@samba.org> commit 11f97148bb57eecdb3e34e33901a4bb7a2dd7755 Author: David Mulder <dmul...@suse.com> Date: Thu Aug 27 13:25:44 2020 -0600 gpo: Pass necessary parameters to rsop These parameters were missed by mistake when exts were modified to be initialized within the rsop command. Fixes an exception thrown when executing samba-gpupdate --rsop: Traceback (most recent call last): File "/usr/sbin/samba-gpupdate", line 99, in <module> rsop(lp, creds, gp_extensions, opts.target) File "/usr/lib64/python3.8/site-packages/samba/gpclass.py", line 512, in rsop ext = ext(logger, lp, creds, store) NameError: name 'logger' is not defined Signed-off-by: David Mulder <dmul...@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> commit dff01a5edf69b10e72c64ab63de1d4aeedb747ce Author: David Mulder <dmul...@suse.com> Date: Fri Aug 28 08:38:41 2020 -0600 gpo: Test rsop function for success Signed-off-by: David Mulder <dmul...@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> commit 07ce48088824bba2054e029edfa6fbae972c1921 Author: David Mulder <dmul...@suse.com> Date: Thu Aug 27 14:22:34 2020 -0600 samba-tool: Create unix user with modified template homedir Signed-off-by: David Mulder <dmul...@suse.com> Reviewed-by: Jeremy Allison <j...@samba.org> commit 38fcad60a8ea80bda70a82a3c7f9bf50a9754a8e Author: David Mulder <dmul...@suse.com> Date: Thu Aug 27 13:13:06 2020 -0600 samba-tool: Test creating unix user with modified template homedir Signed-off-by: David Mulder <dmul...@suse.com> Reviewed-by: Jeremy Allison <j...@samba.org> ----------------------------------------------------------------------- Summary of changes: nsswitch/tests/test_idmap_ad.sh | 20 ++++++++++++++++++-- python/samba/gpclass.py | 6 +++--- python/samba/netcmd/user.py | 5 +++-- python/samba/tests/gpo.py | 10 ++++++++++ python/samba/tests/samba_tool/user.py | 8 ++++++++ selftest/target/Samba3.pm | 2 ++ source4/scripting/bin/samba-gpupdate | 2 +- source4/scripting/man/samba-gpupdate.8.xml | 16 ++++++++++++---- 8 files changed, 57 insertions(+), 12 deletions(-) Changeset truncated at 500 lines: diff --git a/nsswitch/tests/test_idmap_ad.sh b/nsswitch/tests/test_idmap_ad.sh index 46c637f7649..d634b82ba14 100755 --- a/nsswitch/tests/test_idmap_ad.sh +++ b/nsswitch/tests/test_idmap_ad.sh @@ -55,6 +55,14 @@ dn: CN=Administrator,CN=Users,$BASE_DN changetype: modify add: uidNumber uidNumber: 2000000 +add: gidNumber +gidNumber: 2000100 +add: unixHomeDirectory +unixHomeDirectory: /home/admin +add: loginShell +loginShell: /bin/tcsh +add: gecos +gecos: Administrator Full Name EOF cat <<EOF | $ldbmodify -H ldap://$DC_SERVER -U "$DOMAIN\Administrator%$DC_PASSWORD" @@ -123,8 +131,8 @@ testit "Test uid of Domain Users is 2000001" test $ret -eq 0 || failed=$(expr $f # out="$($wbinfo -i $DOMAIN/Administrator)" -echo "wbinfo returned: \"$out\", expecting \"$DOMAIN/administrator:*:2000000:2000001::/home/$DOMAIN/administrator:/bin/false\"" -test "$out" = "$DOMAIN/administrator:*:2000000:2000001::/home/$DOMAIN/administrator:/bin/false" +echo "wbinfo returned: \"$out\", expecting \"$DOMAIN/administrator:*:2000000:2000100:Administrator Full Name:/home/admin:/bin/tcsh\"" +test "$out" = "$DOMAIN/administrator:*:2000000:2000100:Administrator Full Name:/home/admin:/bin/tcsh" ret=$? testit "Test get userinfo for Administrator works" test $ret -eq 0 || failed=$(expr $failed + 1) @@ -186,6 +194,14 @@ dn: CN=Administrator,CN=Users,$BASE_DN changetype: modify delete: uidNumber uidNumber: 2000000 +delete: gidNumber +gidNumber: 2000100 +delete: unixHomeDirectory +unixHomeDirectory: /home/admin +delete: loginShell +loginShell: /bin/tcsh +delete: gecos +gecos: Administrator Full Name EOF cat <<EOF | $ldbmodify -H ldap://$DC_SERVER -U "$DOMAIN\Administrator%$DC_PASSWORD" diff --git a/python/samba/gpclass.py b/python/samba/gpclass.py index ddb580d7301..8e9bfb9f0e3 100644 --- a/python/samba/gpclass.py +++ b/python/samba/gpclass.py @@ -16,7 +16,7 @@ import sys -import os +import os, shutil import errno import tdb sys.path.insert(0, "bin/python") @@ -497,14 +497,14 @@ def __rsop_vals(vals, level=4): else: return vals -def rsop(lp, creds, gp_extensions, target): +def rsop(lp, creds, logger, store, gp_extensions, target): dc_hostname = get_dc_hostname(creds, lp) gpos = get_gpo_list(dc_hostname, creds, lp) check_refresh_gpo_list(dc_hostname, lp, creds, gpos) print('Resultant Set of Policy') print('%s Policy\n' % target) - term_width = os.get_terminal_size()[0] + term_width = shutil.get_terminal_size(fallback=(120, 50))[0] for gpo in gpos: print('GPO: %s' % gpo.display_name) print('='*term_width) diff --git a/python/samba/netcmd/user.py b/python/samba/netcmd/user.py index 95c21f52a04..b76d55b7d40 100644 --- a/python/samba/netcmd/user.py +++ b/python/samba/netcmd/user.py @@ -3006,11 +3006,12 @@ The users gecos field will be set to 'User4 test' res = samdb.search(searchdn, scope=ldb.SCOPE_SUBTREE, expression=filter) - unix_domain = res[0]["nETBIOSName"][0] + unix_domain = res[0]["nETBIOSName"][0].decode() except IndexError: raise CommandError('Unable to find Unix domain') - unix_home = "/home/{0}/{1}".format(unix_domain, username) + tmpl = lp.get('template homedir') + unix_home = tmpl.replace('%D', unix_domain).replace('%U', username) if not lp.get("idmap_ldb:use rfc2307"): self.outf.write("You are setting a Unix/RFC2307 UID & GID. " diff --git a/python/samba/tests/gpo.py b/python/samba/tests/gpo.py index a25f1a48875..43a4aacfc14 100644 --- a/python/samba/tests/gpo.py +++ b/python/samba/tests/gpo.py @@ -66,6 +66,12 @@ def gpupdate_unapply(lp): return Popen(gpupdate, stdout=PIPE, stderr=PIPE).wait() +def rsop(lp): + gpupdate = lp.get('gpo update command') + gpupdate.append('--rsop') + + return Popen(gpupdate, stdout=PIPE).wait() + def stage_file(path, data): dirname = os.path.dirname(path) if not os.path.exists(dirname): @@ -571,6 +577,10 @@ class GPOTests(tests.TestCase): unstage_file(gpofile % g.name) unstage_file(reg_pol % g.name) + # Check that a call to gpupdate --rsop also succeeds + ret = rsop(self.lp) + self.assertEquals(ret, 0, 'gpupdate --rsop failed!') + def test_gp_unapply(self): logger = logging.getLogger('gpo_tests') cache_dir = self.lp.get('cache directory') diff --git a/python/samba/tests/samba_tool/user.py b/python/samba/tests/samba_tool/user.py index 2ca32a26ed7..b955e578a8b 100644 --- a/python/samba/tests/samba_tool/user.py +++ b/python/samba/tests/samba_tool/user.py @@ -41,6 +41,12 @@ class UserCmdTestCase(SambaToolCmdTest): super(UserCmdTestCase, self).setUp() self.samdb = self.getSamDB("-H", "ldap://%s" % os.environ["DC_SERVER"], "-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"])) + + # Modify the default template homedir + lp = self.get_loadparm() + self.template_homedir = lp.get('template homedir') + lp.set('template homedir', '/home/test/%D/%U') + self.users = [] self.users.append(self._randomUser({"name": "sambatool1", "company": "comp1"})) self.users.append(self._randomUser({"name": "sambatool2", "company": "comp1"})) @@ -83,6 +89,7 @@ class UserCmdTestCase(SambaToolCmdTest): cachedb = lp.private_path("user-syncpasswords-cache.ldb") if os.path.exists(cachedb): os.remove(cachedb) + lp.set('template homedir', self.template_homedir) def test_newuser(self): # try to add all the users again, this should fail @@ -645,6 +652,7 @@ template """ self.assertEqual("%s" % found.get("gidNumber"), "%s" % user["gidNumber"]) self.assertEqual("%s" % found.get("uid"), user["uid"]) + self.assertIn('/home/test/', "%s" % found.get("unixHomeDirectory")) self._check_user(user) def _create_user(self, user): diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm index 444c837d816..f4fe6c473b3 100755 --- a/selftest/target/Samba3.pm +++ b/selftest/target/Samba3.pm @@ -1059,6 +1059,8 @@ sub setup_ad_member_idmap_ad idmap config * : range = 1000000-1999999 idmap config $dcvars->{DOMAIN} : backend = ad idmap config $dcvars->{DOMAIN} : range = 2000000-2999999 + idmap config $dcvars->{DOMAIN} : unix_primary_group = yes + idmap config $dcvars->{DOMAIN} : unix_nss_info = yes idmap config $dcvars->{TRUST_DOMAIN} : backend = ad idmap config $dcvars->{TRUST_DOMAIN} : range = 2000000-2999999 gensec_gssapi:requested_life_time = 5 diff --git a/source4/scripting/bin/samba-gpupdate b/source4/scripting/bin/samba-gpupdate index 44292ec644f..dfbb1901457 100755 --- a/source4/scripting/bin/samba-gpupdate +++ b/source4/scripting/bin/samba-gpupdate @@ -96,7 +96,7 @@ if __name__ == "__main__": gp_extensions.extend(user_exts) if opts.rsop: - rsop(lp, creds, gp_extensions, opts.target) + rsop(lp, creds, logger, store, gp_extensions, opts.target) elif not opts.unapply: apply_gp(lp, creds, logger, store, gp_extensions, opts.force) else: diff --git a/source4/scripting/man/samba-gpupdate.8.xml b/source4/scripting/man/samba-gpupdate.8.xml index 95f17bdd936..c7c99634610 100644 --- a/source4/scripting/man/samba-gpupdate.8.xml +++ b/source4/scripting/man/samba-gpupdate.8.xml @@ -38,12 +38,14 @@ <manvolnum>1</manvolnum></citerefentry> suite.</para> <para><command>samba-gpupdate</command> a script for - applying and unapplying Group Policy. Group Policy - application is experimental. Currently this applies + applying and unapplying Group Policy. This applies password policies (minimum/maximum password age, - minimum password length, and password complexity) and + minimum password length, and password complexity), kerberos policies (user/service ticket lifetime and - renew lifetime).</para> + renew lifetime), smb.conf policies, + hourly/daily/weekly/monthly cron scripts, Sudo + Privileges, Message of the Day and Logon Prompt + messages, etc.</para> </refsect1> @@ -62,6 +64,12 @@ <para><option>--target</option> {Computer | User}</para> +<para><option>--force</option> + Reapplies all policy settings</para> + +<para><option>--rsop</option> + Print the Resultant Set of Policy</para> + <para>Samba Common Options:</para> <para><option>-s </option>FILE, <option>--configfile</option>=<emphasis remap="I">FILE</emphasis> -- Samba Shared Repository