The branch, master has been updated
via 8fa53985920 gpo: Security gpext rsop list only own policies
via 55d432248c3 gpo: Test that Security gpext rsop lists only own
policies
via ff4279575f2 gpo: Ensure empty Security sections are removed
via c27c97ab552 gpo: Test that empty Security sections are removed
from 551532d0079 s3:registry Renaming get_charset() to
smbreg_get_charset()
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 8fa53985920f16b0e79c4386e90bfd1bb25be347
Author: David Mulder <dmul...@suse.com>
Date: Tue Dec 15 12:48:30 2020 -0700
gpo: Security gpext rsop list only own policies
The rsop should only list the policies from
that extension, not from all policies in the
same file.
Signed-off-by: David Mulder <dmul...@suse.com>
Reviewed-by: Jeremy Allison <j...@samba.org>
Autobuild-User(master): Jeremy Allison <j...@samba.org>
Autobuild-Date(master): Thu Feb 11 18:28:09 UTC 2021 on sn-devel-184
commit 55d432248c37071b8206133154edcc4dec7134f7
Author: David Mulder <dmul...@suse.com>
Date: Tue Feb 9 12:58:49 2021 -0700
gpo: Test that Security gpext rsop lists only own policies
Signed-off-by: David Mulder <dmul...@suse.com>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit ff4279575f271fbbf04892c79e038d9fbaa96da3
Author: David Mulder <dmul...@suse.com>
Date: Fri Dec 11 10:38:32 2020 -0700
gpo: Ensure empty Security sections are removed
Failing to remove the empty section causes tests
to fail, and is also just bad practice.
Signed-off-by: David Mulder <dmul...@suse.com>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit c27c97ab552d18de00ec4eb9cbc4da457daa15a6
Author: David Mulder <dmul...@suse.com>
Date: Tue Feb 9 11:06:40 2021 -0700
gpo: Test that empty Security sections are removed
Ensure that empty sections are removed when
calling samba-tool gpo manage security set.
Signed-off-by: David Mulder <dmul...@suse.com>
Reviewed-by: Jeremy Allison <j...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
python/samba/gp_sec_ext.py | 6 ++++--
python/samba/netcmd/gpo.py | 2 ++
python/samba/tests/gpo.py | 3 ++-
python/samba/tests/samba_tool/gpo.py | 35 +++++++++++++++++++++++++++++++++++
4 files changed, 43 insertions(+), 3 deletions(-)
Changeset truncated at 500 lines:
diff --git a/python/samba/gp_sec_ext.py b/python/samba/gp_sec_ext.py
index 136ba220de7..a9f5bbe5a6c 100644
--- a/python/samba/gp_sec_ext.py
+++ b/python/samba/gp_sec_ext.py
@@ -102,7 +102,8 @@ class gp_krb_ext(gp_inf_ext):
inf_conf = self.parse(path)
if not inf_conf:
return output
- for section in inf_conf.sections():
+ if str(self) in inf_conf.sections():
+ section = str(self)
output[section] = {k: v for k, v in inf_conf.items(section) \
if gp_krb_ext.apply_map.get(k)}
return output
@@ -210,7 +211,8 @@ class gp_access_ext(gp_inf_ext):
inf_conf = self.parse(path)
if not inf_conf:
return output
- for section in inf_conf.sections():
+ if str(self) in inf_conf.sections():
+ section = str(self)
output[section] = {k: v for k, v in inf_conf.items(section) \
if gp_access_ext.apply_map.get(k)}
return output
diff --git a/python/samba/netcmd/gpo.py b/python/samba/netcmd/gpo.py
index a0629feb4cd..33069200a44 100644
--- a/python/samba/netcmd/gpo.py
+++ b/python/samba/netcmd/gpo.py
@@ -1986,6 +1986,8 @@ PasswordComplexity Password must meet complexity
requirements
inf_data.set(section, policy, value)
else:
inf_data.remove_option(section, policy)
+ if len(inf_data.options(section)) == 0:
+ inf_data.remove_section(section)
out = StringIO()
inf_data.write(out)
diff --git a/python/samba/tests/gpo.py b/python/samba/tests/gpo.py
index f2c857a8f26..ba0e91bde79 100644
--- a/python/samba/tests/gpo.py
+++ b/python/samba/tests/gpo.py
@@ -594,7 +594,8 @@ class GPOTests(tests.TestCase):
# Create krb stage date
gpofile = os.path.join(local_path, policies, '%s/MACHINE/MICROSOFT/' \
'WINDOWS NT/SECEDIT/GPTTMPL.INF')
- krb_stage = '[Kerberos Policy]\nMaxTicketAge = 99\n'
+ krb_stage = '[Kerberos Policy]\nMaxTicketAge = 99\n' \
+ '[System Access]\nMinimumPasswordAge = 998\n'
for g in [g for g in gpos if g.file_sys_path]:
ret = stage_file(gpofile % g.name, krb_stage)
diff --git a/python/samba/tests/samba_tool/gpo.py
b/python/samba/tests/samba_tool/gpo.py
index d678a96352b..588c63a703c 100644
--- a/python/samba/tests/samba_tool/gpo.py
+++ b/python/samba/tests/samba_tool/gpo.py
@@ -692,6 +692,41 @@ class GpoCmdTestCase(SambaToolCmdTest):
self.assertCmdSuccess(result, out, err,
'Failed to unset MaxTicketAge')
+ def test_security_nonempty_sections(self):
+ lp = LoadParm()
+ lp.load(os.environ['SERVERCONFFILE'])
+ local_path = lp.get('path', 'sysvol')
+ gpt_inf = os.path.join(local_path, lp.get('realm').lower(), 'Policies',
+ self.gpo_guid, 'Machine/Microsoft/Windows NT',
+ 'SecEdit/GptTmpl.inf')
+
+ (result, out, err) = self.runsublevelcmd("gpo", ("manage", "security",
+ "set"), self.gpo_guid,
+ 'MaxTicketAge', '10',
+ "-H", "ldap://%s"; %
+ os.environ["SERVER"],
+ "-U%s%%%s" %
+ (os.environ["USERNAME"],
+ os.environ["PASSWORD"]))
+ self.assertCmdSuccess(result, out, err,
+ 'Failed to set MaxTicketAge')
+
+ (result, out, err) = self.runsublevelcmd("gpo", ("manage", "security",
+ "set"), self.gpo_guid,
+ 'MaxTicketAge',
+ "-H", "ldap://%s"; %
+ os.environ["SERVER"],
+ "-U%s%%%s" %
+ (os.environ["USERNAME"],
+ os.environ["PASSWORD"]))
+ self.assertCmdSuccess(result, out, err,
+ 'Failed to unset MaxTicketAge')
+
+ inf_data = ConfigParser(interpolation=None)
+ inf_data.read(gpt_inf)
+
+ self.assertFalse(inf_data.has_section('Kerberos Policy'))
+
def test_sudoers_remove(self):
lp = LoadParm()
lp.load(os.environ['SERVERCONFFILE'])
--
Samba Shared Repository
