The branch, master has been updated via 0f26dbe0d09 gpo: Print getcert message to debug via e3a956e075b gpo: Decode the bytes for cepces-submit failure via 7a04052dad4 gpo: Ignore symlink failure on sscep renew via 80e3daed120 gpo: Apply Group Policy User Scripts via f04431b1d24 gpo: Test Group Policy User Scripts via cd63893d4e7 gpo: Enable Scripts ADMX for User Policy via 6d676cac41d gpo: Enable user policy application from 1641e6c528e libreplace: remove now unused USE_COPY_FILE_RANGE define
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 0f26dbe0d0907e16a2c1b10c620a9db5b1b6b4ab Author: David Mulder <dmul...@suse.com> Date: Fri Jul 23 09:28:21 2021 -0600 gpo: Print getcert message to debug Otherwise re-running gpupdate to enforce policy displays 'already exists' messages, which confusingly appear to be a failure, but are actually intentional behavior. Signed-off-by: David Mulder <dmul...@suse.com> Reviewed-by: Jeremy Allison <j...@samba.org> Autobuild-User(master): Jeremy Allison <j...@samba.org> Autobuild-Date(master): Fri Aug 13 20:06:31 UTC 2021 on sn-devel-184 commit e3a956e075b6030534463689b820eb037aeed4f3 Author: David Mulder <dmul...@suse.com> Date: Thu Jul 22 10:37:41 2021 -0600 gpo: Decode the bytes for cepces-submit failure When displaying the error from cepces-submit, make sure to decode the bytes (otherwise it is hard to read). Also print the error to debug instead of warn (it may dump a traceback). Signed-off-by: David Mulder <dmul...@suse.com> Reviewed-by: Jeremy Allison <j...@samba.org> commit 7a04052dad4b52a20d47805a41b892bb4fecb433 Author: David Mulder <dmul...@suse.com> Date: Thu Jul 22 10:16:42 2021 -0600 gpo: Ignore symlink failure on sscep renew Signed-off-by: David Mulder <dmul...@suse.com> Reviewed-by: Jeremy Allison <j...@samba.org> commit 80e3daed120b5ed71ffd58427e5d8910b6bdb3a1 Author: David Mulder <dmul...@suse.com> Date: Tue Jul 20 11:14:28 2021 -0600 gpo: Apply Group Policy User Scripts Signed-off-by: David Mulder <dmul...@suse.com> Reviewed-by: Jeremy Allison <j...@samba.org> commit f04431b1d24d83dea700a2443c4a3600d623dfd4 Author: David Mulder <dmul...@suse.com> Date: Tue Jul 20 11:13:21 2021 -0600 gpo: Test Group Policy User Scripts Signed-off-by: David Mulder <dmul...@suse.com> Reviewed-by: Jeremy Allison <j...@samba.org> commit cd63893d4e773cef8a32d75e8177c6af3f6367d6 Author: David Mulder <dmul...@suse.com> Date: Tue Jul 20 13:48:42 2021 -0600 gpo: Enable Scripts ADMX for User Policy Signed-off-by: David Mulder <dmul...@suse.com> Reviewed-by: Jeremy Allison <j...@samba.org> commit 6d676cac41d0f84d5396a67bd445ef8cfd4b8e0c Author: David Mulder <dmul...@suse.com> Date: Tue Jul 20 09:13:06 2021 -0600 gpo: Enable user policy application Signed-off-by: David Mulder <dmul...@suse.com> Reviewed-by: Jeremy Allison <j...@samba.org> ----------------------------------------------------------------------- Summary of changes: libgpo/admx/samba.admx | 8 +-- python/samba/gp_cert_auto_enroll_ext.py | 31 ++++++--- python/samba/gp_scripts_ext.py | 88 ++++++++++++++++++++++- python/samba/gpclass.py | 85 +++++++++++++++++----- python/samba/tests/bin/crontab | 29 ++++++++ python/samba/tests/gpo.py | 120 +++++++++++++++++++++++++++----- python/samba/tests/gpo_member.py | 3 +- source4/scripting/bin/samba-gpupdate | 21 ++++-- 8 files changed, 330 insertions(+), 55 deletions(-) create mode 100755 python/samba/tests/bin/crontab Changeset truncated at 500 lines: diff --git a/libgpo/admx/samba.admx b/libgpo/admx/samba.admx index ee2816c2b31..d09956d5394 100755 --- a/libgpo/admx/samba.admx +++ b/libgpo/admx/samba.admx @@ -22,28 +22,28 @@ </category> </categories> <policies> - <policy name="POL_9320E11F_AC80_4A7D_A5C8_1C0F3F727061" class="Machine" displayName="$(string.POL_9320E11F_AC80_4A7D_A5C8_1C0F3F727061)" explainText="$(string.POL_9320E11F_AC80_4A7D_A5C8_1C0F3F727061_Help)" presentation="$(presentation.POL_9320E11F_AC80_4A7D_A5C8_1C0F3F727061)" key="Software\Policies\Samba\Unix Settings"> + <policy name="POL_9320E11F_AC80_4A7D_A5C8_1C0F3F727061" class="Both" displayName="$(string.POL_9320E11F_AC80_4A7D_A5C8_1C0F3F727061)" explainText="$(string.POL_9320E11F_AC80_4A7D_A5C8_1C0F3F727061_Help)" presentation="$(presentation.POL_9320E11F_AC80_4A7D_A5C8_1C0F3F727061)" key="Software\Policies\Samba\Unix Settings"> <parentCategory ref="CAT_2B6D622C_5721_4C23_A2D6_5C70D6E059BA" /> <supportedOn ref="windows:SUPPORTED_WindowsVista" /> <elements> <list id="LST_2E9A4684_3C0E_415B_8FD6_D4AF68BC8AC6" key="Software\Policies\Samba\Unix Settings\Daily Scripts" valueName="Daily Scripts" /> </elements> </policy> - <policy name="POL_825D441F_905E_4C7E_9E4B_03013697C6C1" class="Machine" displayName="$(string.POL_825D441F_905E_4C7E_9E4B_03013697C6C1)" explainText="$(string.POL_825D441F_905E_4C7E_9E4B_03013697C6C1_Help)" presentation="$(presentation.POL_825D441F_905E_4C7E_9E4B_03013697C6C1)" key="Software\Policies\Samba\Unix Settings"> + <policy name="POL_825D441F_905E_4C7E_9E4B_03013697C6C1" class="Both" displayName="$(string.POL_825D441F_905E_4C7E_9E4B_03013697C6C1)" explainText="$(string.POL_825D441F_905E_4C7E_9E4B_03013697C6C1_Help)" presentation="$(presentation.POL_825D441F_905E_4C7E_9E4B_03013697C6C1)" key="Software\Policies\Samba\Unix Settings"> <parentCategory ref="CAT_2B6D622C_5721_4C23_A2D6_5C70D6E059BA" /> <supportedOn ref="windows:SUPPORTED_WindowsVista" /> <elements> <list id="LST_1AA93D59_6372_4F1E_90BB_D4CBBBB77238" key="Software\Policies\Samba\Unix Settings\Hourly Scripts" valueName="Hourly Scripts" /> </elements> </policy> - <policy name="POL_D298F3BD_44D9_426D_AF11_3163D31582F6" class="Machine" displayName="$(string.POL_D298F3BD_44D9_426D_AF11_3163D31582F6)" explainText="$(string.POL_D298F3BD_44D9_426D_AF11_3163D31582F6_Help)" presentation="$(presentation.POL_D298F3BD_44D9_426D_AF11_3163D31582F6)" key="Software\Policies\Samba\Unix Settings"> + <policy name="POL_D298F3BD_44D9_426D_AF11_3163D31582F6" class="Both" displayName="$(string.POL_D298F3BD_44D9_426D_AF11_3163D31582F6)" explainText="$(string.POL_D298F3BD_44D9_426D_AF11_3163D31582F6_Help)" presentation="$(presentation.POL_D298F3BD_44D9_426D_AF11_3163D31582F6)" key="Software\Policies\Samba\Unix Settings"> <parentCategory ref="CAT_2B6D622C_5721_4C23_A2D6_5C70D6E059BA" /> <supportedOn ref="windows:SUPPORTED_WindowsVista" /> <elements> <list id="LST_8BC6757D_B1FB_4780_83B4_F85F27BF6E60" key="Software\Policies\Samba\Unix Settings\Monthly Scripts" valueName="Monthly Scripts" /> </elements> </policy> - <policy name="POL_3ACC7ECD_8086_4F4A_96DF_85B8FDE2F674" class="Machine" displayName="$(string.POL_3ACC7ECD_8086_4F4A_96DF_85B8FDE2F674)" explainText="$(string.POL_3ACC7ECD_8086_4F4A_96DF_85B8FDE2F674_Help)" presentation="$(presentation.POL_3ACC7ECD_8086_4F4A_96DF_85B8FDE2F674)" key="Software\Policies\Samba\Unix Settings"> + <policy name="POL_3ACC7ECD_8086_4F4A_96DF_85B8FDE2F674" class="Both" displayName="$(string.POL_3ACC7ECD_8086_4F4A_96DF_85B8FDE2F674)" explainText="$(string.POL_3ACC7ECD_8086_4F4A_96DF_85B8FDE2F674_Help)" presentation="$(presentation.POL_3ACC7ECD_8086_4F4A_96DF_85B8FDE2F674)" key="Software\Policies\Samba\Unix Settings"> <parentCategory ref="CAT_2B6D622C_5721_4C23_A2D6_5C70D6E059BA" /> <supportedOn ref="windows:SUPPORTED_WindowsVista" /> <elements> diff --git a/python/samba/gp_cert_auto_enroll_ext.py b/python/samba/gp_cert_auto_enroll_ext.py index 99465ef01c0..60927709eaa 100644 --- a/python/samba/gp_cert_auto_enroll_ext.py +++ b/python/samba/gp_cert_auto_enroll_ext.py @@ -85,8 +85,8 @@ def get_supported_templates(server, logger): stdout=PIPE, stderr=PIPE) out, err = p.communicate() if p.returncode != 0: - logger.warn('Failed to fetch the list of supported templates:' + - '\n%s' % err) + logger.warn('Failed to fetch the list of supported templates.') + logger.debug(err.decode()) return out.strip().split() return [] @@ -120,6 +120,11 @@ def cert_enroll(ca, trust_dir, private_dir, logger): ' admin trust anchors.' + ' The directory %s was not found' % \ global_trust_dir) + except FileExistsError: + # If we're simply downloading a renewed cert, the symlink + # already exists. Ignore the FileExistsError. Preserve the + # existing symlink in the unapply data. + data['files'].append(dst) else: logger.warn('sscep is not installed, which prevents the installation' + ' of the root certificate chain.') @@ -130,8 +135,13 @@ def cert_enroll(ca, trust_dir, private_dir, logger): getcert = which('getcert') cepces_submit = find_cepces_submit() if getcert is not None and os.path.exists(cepces_submit): - Popen([getcert, 'add-ca', '-c', ca['cn'][0], '-e', - '%s --server=%s' % (cepces_submit, ca['dNSHostName'][0])]).wait() + p = Popen([getcert, 'add-ca', '-c', ca['cn'][0], '-e', + '%s --server=%s' % (cepces_submit, ca['dNSHostName'][0])], + stdout=PIPE, stderr=PIPE) + out, err = p.communicate() + logger.debug(out.decode()) + if p.returncode != 0: + logger.debug(err.decode()) supported_templates = get_supported_templates(ca['dNSHostName'][0], logger) for template, attrs in ca['certificateTemplates'].items(): @@ -140,10 +150,15 @@ def cert_enroll(ca, trust_dir, private_dir, logger): nickname = '%s.%s' % (ca['cn'][0], template.decode()) keyfile = os.path.join(private_dir, '%s.key' % nickname) certfile = os.path.join(trust_dir, '%s.crt' % nickname) - Popen([getcert, 'request', '-c', ca['cn'][0], - '-T', template.decode(), - '-I', nickname, '-k', keyfile, '-f', certfile, - '-g', attrs['msPKI-Minimal-Key-Size'][0]]).wait() + p = Popen([getcert, 'request', '-c', ca['cn'][0], + '-T', template.decode(), + '-I', nickname, '-k', keyfile, '-f', certfile, + '-g', attrs['msPKI-Minimal-Key-Size'][0]], + stdout=PIPE, stderr=PIPE) + out, err = p.communicate() + logger.debug(out.decode()) + if p.returncode != 0: + logger.debug(err.decode()) data['files'].extend([keyfile, certfile]) data['templates'].append(nickname) if update is not None: diff --git a/python/samba/gp_scripts_ext.py b/python/samba/gp_scripts_ext.py index 80e2262019d..33049ff6dc0 100644 --- a/python/samba/gp_scripts_ext.py +++ b/python/samba/gp_scripts_ext.py @@ -15,8 +15,10 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. import os, re -from samba.gpclass import gp_pol_ext +from subprocess import Popen, PIPE +from samba.gpclass import gp_pol_ext, drop_privileges from base64 import b64encode +from hashlib import blake2b from tempfile import NamedTemporaryFile intro = ''' @@ -28,6 +30,9 @@ intro = ''' # to this machine. DO NOT MODIFY THIS FILE DIRECTLY. # +''' +end = ''' +### autogenerated by samba ### ''' class gp_scripts_ext(gp_pol_ext): @@ -73,9 +78,9 @@ class gp_scripts_ext(gp_pol_ext): self.gp_db.store(str(self), attribute, f.name) self.gp_db.commit() - def rsop(self, gpo): + def rsop(self, gpo, target='MACHINE'): output = {} - pol_file = 'MACHINE/Registry.pol' + pol_file = '%s/Registry.pol' % target if gpo.file_sys_path: path = os.path.join(gpo.file_sys_path, pol_file) pol_conf = self.parse(path) @@ -88,3 +93,80 @@ class gp_scripts_ext(gp_pol_ext): output[key] = [] output[key].append(e.data) return output + +def fetch_crontab(username): + p = Popen(['crontab', '-l', '-u', username], stdout=PIPE, stderr=PIPE) + out, err = p.communicate() + if p.returncode != 0: + raise RuntimeError('Failed to read the crontab: %s' % err) + m = re.findall('%s(.*)%s' % (intro, end), out.decode(), re.DOTALL) + if len(m) == 1: + entries = m[0].strip().split('\n') + else: + entries = [] + m = re.findall('(.*)%s.*%s(.*)' % (intro, end), out.decode(), re.DOTALL) + if len(m) == 1: + others = '\n'.join([l.strip() for l in m[0]]) + else: + others = out.decode() + return others, entries + +def install_crontab(fname, username): + p = Popen(['crontab', fname, '-u', username], stdout=PIPE, stderr=PIPE) + _, err = p.communicate() + if p.returncode != 0: + raise RuntimeError('Failed to install crontab: %s' % err) + +class gp_user_scripts_ext(gp_scripts_ext): + def process_group_policy(self, deleted_gpo_list, changed_gpo_list): + for guid, settings in deleted_gpo_list: + self.gp_db.set_guid(guid) + if str(self) in settings: + others, entries = fetch_crontab(self.username) + for attribute, entry in settings[str(self)].items(): + if entry in entries: + entries.remove(entry) + self.gp_db.delete(str(self), attribute) + with NamedTemporaryFile() as f: + if len(entries) > 0: + f.write('\n'.join([others, intro, + '\n'.join(entries), end]).encode()) + else: + f.write(others.encode()) + f.flush() + install_crontab(f.name, self.username) + self.gp_db.commit() + + for gpo in changed_gpo_list: + if gpo.file_sys_path: + reg_key = 'Software\\Policies\\Samba\\Unix Settings' + sections = { '%s\\Daily Scripts' % reg_key : '@daily', + '%s\\Monthly Scripts' % reg_key : '@monthly', + '%s\\Weekly Scripts' % reg_key : '@weekly', + '%s\\Hourly Scripts' % reg_key : '@hourly' } + self.gp_db.set_guid(gpo.name) + pol_file = 'USER/Registry.pol' + path = os.path.join(gpo.file_sys_path, pol_file) + pol_conf = drop_privileges('root', self.parse, path) + if not pol_conf: + continue + for e in pol_conf.entries: + if e.keyname in sections.keys() and e.data.strip(): + cron_freq = sections[e.keyname] + attribute = '%s:%s' % (e.keyname, + blake2b(e.data.encode()).hexdigest()) + old_val = self.gp_db.retrieve(str(self), attribute) + entry = '%s %s' % (cron_freq, e.data) + others, entries = fetch_crontab(self.username) + if not old_val or entry not in entries: + entries.append(entry) + with NamedTemporaryFile() as f: + f.write('\n'.join([others, intro, + '\n'.join(entries), end]).encode()) + f.flush() + install_crontab(f.name, self.username) + self.gp_db.store(str(self), attribute, entry) + self.gp_db.commit() + + def rsop(self, gpo): + return super().rsop(gpo, target='USER') diff --git a/python/samba/gpclass.py b/python/samba/gpclass.py index 17d7d0c9243..1b8f825e47b 100644 --- a/python/samba/gpclass.py +++ b/python/samba/gpclass.py @@ -19,6 +19,7 @@ import sys import os, shutil import errno import tdb +import pwd sys.path.insert(0, "bin/python") from samba import NTSTATUSError from configparser import ConfigParser @@ -294,11 +295,12 @@ class GPOStorage: class gp_ext(object): __metaclass__ = ABCMeta - def __init__(self, logger, lp, creds, store): + def __init__(self, logger, lp, creds, username, store): self.logger = logger self.lp = lp self.creds = creds - self.gp_db = store.get_gplog(creds.get_username()) + self.username = username + self.gp_db = store.get_gplog(username) @abstractmethod def process_group_policy(self, deleted_gpo_list, changed_gpo_list): @@ -364,11 +366,12 @@ def get_dc_hostname(creds, lp): ''' Fetch a list of GUIDs for applicable GPOs ''' -def get_gpo_list(dc_hostname, creds, lp): +def get_gpo_list(dc_hostname, creds, lp, username): gpos = [] ads = gpo.ADS_STRUCT(dc_hostname, lp, creds) if ads.connect(): - gpos = ads.get_gpo_list(creds.get_username()) + # username is DOM\\SAM, but get_gpo_list expects SAM + gpos = ads.get_gpo_list(username.split('\\')[-1]) return gpos @@ -433,10 +436,10 @@ def gpo_version(lp, path): return int(gpo.gpo_get_sysvol_gpt_version(gpt_path)[1]) -def apply_gp(lp, creds, logger, store, gp_extensions, force=False): - gp_db = store.get_gplog(creds.get_username()) +def apply_gp(lp, creds, logger, store, gp_extensions, username, target, force=False): + gp_db = store.get_gplog(username) dc_hostname = get_dc_hostname(creds, lp) - gpos = get_gpo_list(dc_hostname, creds, lp) + gpos = get_gpo_list(dc_hostname, creds, lp, username) del_gpos = get_deleted_gpos_list(gp_db, gpos) try: check_refresh_gpo_list(dc_hostname, lp, creds, gpos) @@ -464,8 +467,12 @@ def apply_gp(lp, creds, logger, store, gp_extensions, force=False): store.start() for ext in gp_extensions: try: - ext = ext(logger, lp, creds, store) - ext.process_group_policy(del_gpos, changed_gpos) + ext = ext(logger, lp, creds, username, store) + if target == 'Computer': + ext.process_group_policy(del_gpos, changed_gpos) + else: + drop_privileges(creds.get_principal(), ext.process_group_policy, + del_gpos, changed_gpos) except Exception as e: logger.error('Failed to apply extension %s' % str(ext)) logger.error('Message was: %s: %s' % (type(e).__name__, str(e))) @@ -481,16 +488,20 @@ def apply_gp(lp, creds, logger, store, gp_extensions, force=False): store.commit() -def unapply_gp(lp, creds, logger, store, gp_extensions): - gp_db = store.get_gplog(creds.get_username()) +def unapply_gp(lp, creds, logger, store, gp_extensions, username, target): + gp_db = store.get_gplog(username) gp_db.state(GPOSTATE.UNAPPLY) # Treat all applied gpos as deleted del_gpos = gp_db.get_applied_settings(gp_db.get_applied_guids()) store.start() for ext in gp_extensions: try: - ext = ext(logger, lp, creds, store) - ext.process_group_policy(del_gpos, []) + ext = ext(logger, lp, creds, username, store) + if target == 'Computer': + ext.process_group_policy(del_gpos, []) + else: + drop_privileges(username, ext.process_group_policy, + del_gpos, []) except Exception as e: logger.error('Failed to unapply extension %s' % str(ext)) logger.error('Message was: ' + str(e)) @@ -509,9 +520,9 @@ def __rsop_vals(vals, level=4): else: return vals -def rsop(lp, creds, logger, store, gp_extensions, target): +def rsop(lp, creds, logger, store, gp_extensions, username, target): dc_hostname = get_dc_hostname(creds, lp) - gpos = get_gpo_list(dc_hostname, creds, lp) + gpos = get_gpo_list(dc_hostname, creds, lp, username) check_refresh_gpo_list(dc_hostname, lp, creds, gpos) print('Resultant Set of Policy') @@ -523,7 +534,7 @@ def rsop(lp, creds, logger, store, gp_extensions, target): print('GPO: %s' % gpo.display_name) print('='*term_width) for ext in gp_extensions: - ext = ext(logger, lp, creds, store) + ext = ext(logger, lp, creds, username, store) cse_name_m = re.findall("'([\w\.]+)'", str(type(ext))) if len(cse_name_m) > 0: cse_name = cse_name_m[-1].split('.')[-1] @@ -616,3 +627,45 @@ def unregister_gp_extension(guid, smb_conf=None): atomic_write_conf(lp, parser) return True + + +def set_privileges(username, uid, gid): + ''' + Set current process privileges + ''' + + os.setegid(gid) + os.seteuid(uid) + + +def drop_privileges(username, func, *args): + ''' + Run supplied function with privileges for specified username. + ''' + current_uid = os.getuid() + + if not current_uid == 0: + raise Exception('Not enough permissions to drop privileges') + + user_uid = pwd.getpwnam(username).pw_uid + user_gid = pwd.getpwnam(username).pw_gid + + # Drop privileges + set_privileges(username, user_uid, user_gid) + + # We need to catch exception in order to be able to restore + # privileges later in this function + out = None + exc = None + try: + out = func(*args) + except Exception as e: + exc = e + + # Restore privileges + set_privileges('root', current_uid, 0) + + if exc: + raise exc + + return out diff --git a/python/samba/tests/bin/crontab b/python/samba/tests/bin/crontab new file mode 100755 index 00000000000..764d5843091 --- /dev/null +++ b/python/samba/tests/bin/crontab @@ -0,0 +1,29 @@ +#!/usr/bin/python3 +import optparse +import os, sys +from shutil import copy + +sys.path.insert(0, "bin/python") + +if __name__ == "__main__": + parser = optparse.OptionParser('crontab <file> [options]') + parser.add_option('-l', action="store_true") + parser.add_option('-u') + + (opts, args) = parser.parse_args() + + # Use a dir we can write to in the testenv + if 'LOCAL_PATH' in os.environ: + data_dir = os.path.realpath(os.environ.get('LOCAL_PATH')) + else: + data_dir = os.path.dirname(os.path.realpath(__file__)) + dump_file = os.path.join(data_dir, 'crontab.dump') + if opts.u: + assert opts.u == os.environ.get('DC_USERNAME') + if len(args) == 1: + assert os.path.exists(args[0]) + copy(args[0], dump_file) + elif opts.l: + if os.path.exists(dump_file): + with open(dump_file, 'r') as r: + print(r.read()) diff --git a/python/samba/tests/gpo.py b/python/samba/tests/gpo.py index b5dc09543ad..6fdf9664f48 100644 --- a/python/samba/tests/gpo.py +++ b/python/samba/tests/gpo.py @@ -24,8 +24,11 @@ from samba.gpclass import check_refresh_gpo_list, check_safe_path, \ check_guid, parse_gpext_conf, atomic_write_conf, get_deleted_gpos_list from subprocess import Popen, PIPE from tempfile import NamedTemporaryFile, TemporaryDirectory +from samba import gpclass +# Disable privilege dropping for testing +gpclass.drop_privileges = lambda _, func, *args : func(*args) from samba.gp_sec_ext import gp_krb_ext, gp_access_ext -from samba.gp_scripts_ext import gp_scripts_ext +from samba.gp_scripts_ext import gp_scripts_ext, gp_user_scripts_ext from samba.gp_sudoers_ext import gp_sudoers_ext from samba.vgp_sudoers_ext import vgp_sudoers_ext from samba.vgp_symlink_ext import vgp_symlink_ext @@ -478,7 +481,8 @@ class GPOTests(tests.TestCase): machine_creds.set_machine_account() # Initialize the group policy extension - ext = gp_krb_ext(logger, self.lp, machine_creds, store) + ext = gp_krb_ext(logger, self.lp, machine_creds, + machine_creds.get_username(), store) ads = gpo.ADS_STRUCT(self.server, self.lp, machine_creds) if ads.connect(): @@ -532,7 +536,8 @@ class GPOTests(tests.TestCase): machine_creds.set_machine_account() # Initialize the group policy extension - ext = gp_scripts_ext(logger, self.lp, machine_creds, store) + ext = gp_scripts_ext(logger, self.lp, machine_creds, + machine_creds.get_username(), store) ads = gpo.ADS_STRUCT(self.server, self.lp, machine_creds) if ads.connect(): @@ -590,7 +595,8 @@ class GPOTests(tests.TestCase): machine_creds.set_machine_account() # Initialize the group policy extension - ext = gp_sudoers_ext(logger, self.lp, machine_creds, store) + ext = gp_sudoers_ext(logger, self.lp, machine_creds, + machine_creds.get_username(), store) ads = gpo.ADS_STRUCT(self.server, self.lp, machine_creds) if ads.connect(): @@ -641,7 +647,8 @@ class GPOTests(tests.TestCase): machine_creds.set_machine_account() # Initialize the group policy extension - ext = vgp_sudoers_ext(logger, self.lp, machine_creds, store) + ext = vgp_sudoers_ext(logger, self.lp, machine_creds, + machine_creds.get_username(), store) ads = gpo.ADS_STRUCT(self.server, self.lp, machine_creds) if ads.connect(): @@ -734,7 +741,8 @@ class GPOTests(tests.TestCase): machine_creds.guess(self.lp) machine_creds.set_machine_account() - ext = gp_inf_ext(logger, self.lp, machine_creds, store) + ext = gp_inf_ext(logger, self.lp, machine_creds, + machine_creds.get_username(), store) test_data = '[Kerberos Policy]\nMaxTicketAge = 99\n' with NamedTemporaryFile() as f: @@ -819,7 +827,8 @@ class GPOTests(tests.TestCase): self.assertTrue(ret, 'Could not create the target %s' % (reg_pol % g.name)) for ext in gp_extensions: - ext = ext(logger, self.lp, machine_creds, store) + ext = ext(logger, self.lp, machine_creds, + machine_creds.get_username(), store) ret = ext.rsop(g) self.assertEquals(len(ret.keys()), 1, 'A single policy should have been displayed') @@ -918,7 +927,8 @@ class GPOTests(tests.TestCase): remove = [] with TemporaryDirectory() as dname: for ext in gp_extensions: - ext = ext(logger, self.lp, machine_creds, store) + ext = ext(logger, self.lp, machine_creds, -- Samba Shared Repository