[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Wed Nov 7 20:19:02 UTC 2018
The branch, master has been updated
via e650c40 WHATSNEW: NETLOGON prefork support
via 58c4490 source4 smdb rpc_server: Support prefork process model.
via b003134e source4 smbd: pass instance number to post_fork
via b543563 WHATSNEW: 'prefork children' default
via 700b4ce source4 smbd prefork: Increase default worklers to 4
via de1f497 autobuild: make ad_dc use prefork process model
via a0b5f4b traffic_replay: Rework machine accounts to remove redundant code
via 1d7fb66 traffic_replay: Make packet generation work on a pre-populated DB again
via c7fe481 traffic_replay: Make sure naming assumptions are in a single place
via 51917fc traffic_replay: Move 'traffic account' flag up a level
via 85b6d88 traffic_replay: Move machine account creation
via fd089c3 samba-tool gpo: convert pseudo-method into method
via 94610330 samba-tool gpo: add helper method for tmpdir construction
via e3320b6 samba-tool gpo: do not use predictable temp directory
via a9682f9 python/upgradehelpers: use mkstemp, not mktemp
from 3ca1399 selftest: Add some more testenv descriptions
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit e650c40e11401f5ff8477292a46f14dfd06a2a29
Author: Gary Lockyer <gary at catalyst.net.nz>
Date: Wed Sep 19 15:04:35 2018 +1200
WHATSNEW: NETLOGON prefork support
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Nov 7 21:17:59 CET 2018 on sn-devel-144
commit 58c4490e24c2a0429052e131ba8022c58ea02ecf
Author: Gary Lockyer <gary at catalyst.net.nz>
Date: Wed Aug 29 15:07:32 2018 +1200
source4 smdb rpc_server: Support prefork process model.
Allow the rpc_server to run in the prefork process model. Due to the use
of shared handles and resources all of the rpc end points are serviced
in the first worker process. Those end points that can be run in
multiple processes (currently only Netlogon and management) are serviced in
the first and any subsequent workers.
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit b003134e0d1cdc235e00a602edd2e745233f98b8
Author: Gary Lockyer <gary at catalyst.net.nz>
Date: Wed Aug 29 13:16:08 2018 +1200
source4 smbd: pass instance number to post_fork
Pass the instance number to the post_fork hook. This is required to
allow the rpc_server to support the prefork process model.
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit b543563ddf46e776fa4996fa4e4635684076cf80
Author: Gary Lockyer <gary at catalyst.net.nz>
Date: Wed Sep 19 15:13:49 2018 +1200
WHATSNEW: 'prefork children' default
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 700b4ce98163b4840bbcc7ec7c9bbc070ab8b143
Author: Gary Lockyer <gary at catalyst.net.nz>
Date: Wed Sep 5 13:59:34 2018 +1200
source4 smbd prefork: Increase default worklers to 4
Increase the default number of worker processes started by the pre-fork
process model from 1 to 4.
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit de1f49752cd2a7c8d7f015785af1d3529753dacf
Author: Gary Lockyer <gary at catalyst.net.nz>
Date: Tue Aug 28 15:26:03 2018 +1200
autobuild: make ad_dc use prefork process model
Convert the ad_dc environment from single process model to the prefork
process model.
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit a0b5f4b7b05b8ea2bf061b8af5b702aa14a7a5a5
Author: Tim Beale <timbeale at catalyst.net.nz>
Date: Tue Nov 6 11:27:42 2018 +1300
traffic_replay: Rework machine accounts to remove redundant code
generate_users_and_groups() now generates the machine acounts as well as
the user accounts, so it seems there's no need to also have
generate_traffic_accounts(), which does the same job.
Instead, we can just pass through the number of machine acounts to
generate_users_and_groups() and delete the other function.
Also updated generate_users_and_groups() so that machine_accounts is
no longer optional (we want to create machine accounts in all cases).
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 1d7fb66f7630a994dbb261ce417c26d17b409593
Author: Tim Beale <timbeale at catalyst.net.nz>
Date: Tue Nov 6 11:14:41 2018 +1300
traffic_replay: Make packet generation work on a pre-populated DB again
Generate separate machine accounts for populating a large DB vs
replaying network traffic.
We want to use different userAccountControl flags in each of the above
cases (i.e. commit 3338a3e257fa9f28). However, this means that once you
use the --generate-users-only option, you can't replay network packets
against the machine accounts.
We can avoid this problem by creating separate machine accounts for each
of 2 different cases, e.g. STGM-0-x machines for traffic-replay, and
PC-0-x machines for padding out the database.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit c7fe4814777696be06e455de5d04ced9a3366d27
Author: Tim Beale <timbeale at catalyst.net.nz>
Date: Tue Nov 6 09:35:41 2018 +1300
traffic_replay: Make sure naming assumptions are in a single place
The traffic_replay group/user/machine account names follow a standard
format. This adds a function to generate the machine-name. It also makes
sure the existing user_name() function gets called in all applicable
places.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 51917fc07f2322786d21f9987f52366d9005c1d3
Author: Tim Beale <timbeale at catalyst.net.nz>
Date: Tue Nov 6 10:58:56 2018 +1300
traffic_replay: Move 'traffic account' flag up a level
We create machine accounts for 2 different purposes:
1). For traffic generation, i.e. testing realistic network packets.
2). For generating a realistic large DB.
Unfortunately, we want to use different userAccountControl flags for
the 2 different cases. Commit 3338a3e257fa9f28 changed the flags used
for case #2, but this breaks case #1.
The problem is generate_users_and_groups() is called in both cases,
so we want the 'traffic account' flag passed into that function.
This ensures that the machine accounts get created with the appropriate
userAccountControl flags for the particular case you want to test.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 85b6d8898993c45726dd6c1afc2536ab79ba5a3c
Author: Tim Beale <timbeale at catalyst.net.nz>
Date: Tue Nov 6 10:52:38 2018 +1300
traffic_replay: Move machine account creation
I was assuming that generate_users_and_groups() only gets called in the
--generate-users-only case. However, it also gets called in the default
traffic replay case.
This patch reworks the code so that the number of machine accounts to
create gets passed in, and the 'create 25% more computers than users'
assumption only applies to the --generate-users-only case.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit fd089c37a118e58d09fc04c16fdc3eee9d62d3d2
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Nov 7 12:15:12 2018 +1300
samba-tool gpo: convert pseudo-method into method
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 94610330947d4a8a654638886929c15de314cd8b
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Nov 7 11:57:13 2018 +1300
samba-tool gpo: add helper method for tmpdir construction
A few of the gpo commands use an identical temporary directory structure
that can be constructed using shared code.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit e3320b6d3df7a0c7b78e71cb5bc2d18f31839573
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Nov 7 11:43:26 2018 +1300
samba-tool gpo: do not use predictable temp directory
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit a9682f94d40f715a1ea06898ca42c27437b5610b
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Nov 2 09:02:15 2018 +1300
python/upgradehelpers: use mkstemp, not mktemp
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
-----------------------------------------------------------------------
Summary of changes:
WHATSNEW.txt | 12 ++
docs-xml/smbdotconf/base/preforkchildren.xml | 8 +-
lib/param/loadparm.c | 3 +-
python/samba/emulate/traffic.py | 89 ++++--------
python/samba/netcmd/gpo.py | 158 +++++++++++-----------
python/samba/upgradehelpers.py | 5 +-
script/traffic_replay | 11 +-
selftest/target/Samba4.pm | 2 +-
source3/param/loadparm.c | 2 +-
source4/kdc/kdc-heimdal.c | 2 +-
source4/rpc_server/service_rpc.c | 195 ++++++++++++++++-----------
source4/smbd/process_prefork.c | 11 +-
source4/smbd/process_single.c | 3 +-
source4/smbd/process_standard.c | 3 +-
source4/smbd/service.h | 10 +-
15 files changed, 273 insertions(+), 241 deletions(-)
Changeset truncated at 500 lines:
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 7a7a88d..2177988 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -33,6 +33,18 @@ kdc prefork
The KDC now supports the pre-fork process model and worker processes will be
forked for the KDC when the pre-fork process model is selected for samba.
+prefork 'prefork children'
+--------------------------
+
+The default value for this smdb.conf parameter has been increased from 1 to
+4.
+
+netlogon prefork
+----------------
+
+DCERPC now supports pre-forked NETLOGON processes. The netlogon processes are
+pre-forked when the prefork process model is selected for samba.
+
REMOVED FEATURES
================
diff --git a/docs-xml/smbdotconf/base/preforkchildren.xml b/docs-xml/smbdotconf/base/preforkchildren.xml
index 720e439..ab13efc 100644
--- a/docs-xml/smbdotconf/base/preforkchildren.xml
+++ b/docs-xml/smbdotconf/base/preforkchildren.xml
@@ -6,9 +6,9 @@
<para>This option controls the number of worker processes that are
started for each service when prefork process model is enabled.
The prefork children are only started for those services that
- support prefork (currently only ldap). For processes that don't
- support preforking all requests are handled by a single process
- for that service.
+ support prefork (currently ldap, kdc and netlogon).
+ For processes that don't support preforking all requests are
+ handled by a single process for that service.
</para>
<para>This should be set to a small multiple of the number of CPU's
@@ -20,5 +20,5 @@
worker processes.</para>
</description>
-<value type="default">1</value>
+<value type="default">4</value>
</samba:parameter>
diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
index 1debcff..484c891 100644
--- a/lib/param/loadparm.c
+++ b/lib/param/loadparm.c
@@ -2772,7 +2772,6 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
lpcfg_do_global_parameter(lp_ctx, "tls certfile", "tls/cert.pem");
lpcfg_do_global_parameter(lp_ctx, "tls cafile", "tls/ca.pem");
lpcfg_do_global_parameter(lp_ctx, "tls priority", "NORMAL:-VERS-SSL3.0");
- lpcfg_do_global_parameter(lp_ctx, "prefork children:smb", "4");
lpcfg_do_global_parameter(lp_ctx, "rndc command", "/usr/sbin/rndc");
lpcfg_do_global_parameter(lp_ctx, "nsupdate command", "/usr/bin/nsupdate -g");
@@ -2997,7 +2996,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
"rpc server dynamic port range",
"49152-65535");
- lpcfg_do_global_parameter(lp_ctx, "prefork children", "1");
+ lpcfg_do_global_parameter(lp_ctx, "prefork children", "4");
lpcfg_do_global_parameter(lp_ctx, "check parent directory delete on close", "no");
diff --git a/python/samba/emulate/traffic.py b/python/samba/emulate/traffic.py
index af05163..069c410 100644
--- a/python/samba/emulate/traffic.py
+++ b/python/samba/emulate/traffic.py
@@ -1603,11 +1603,10 @@ class ConversationAccounts(object):
def generate_replay_accounts(ldb, instance_id, number, password):
"""Generate a series of unique machine and user account names."""
- generate_traffic_accounts(ldb, instance_id, number, password)
accounts = []
for i in range(1, number + 1):
- netbios_name = "STGM-%d-%d" % (instance_id, i)
- username = "STGU-%d-%d" % (instance_id, i)
+ netbios_name = machine_name(instance_id, i)
+ username = user_name(instance_id, i)
account = ConversationAccounts(netbios_name, password, username,
password)
@@ -1615,54 +1614,6 @@ def generate_replay_accounts(ldb, instance_id, number, password):
return accounts
-def generate_traffic_accounts(ldb, instance_id, number, password):
- """Create the specified number of user and machine accounts.
-
- As accounts are not explicitly deleted between runs. This function starts
- with the last account and iterates backwards stopping either when it
- finds an already existing account or it has generated all the required
- accounts.
- """
- print(("Generating machine and conversation accounts, "
- "as required for %d conversations" % number),
- file=sys.stderr)
- added = 0
- for i in range(number, 0, -1):
- try:
- netbios_name = "STGM-%d-%d" % (instance_id, i)
- create_machine_account(ldb, instance_id, netbios_name, password)
- added += 1
- if added % 50 == 0:
- LOGGER.info("Created %u/%u machine accounts" % (added, number))
- except LdbError as e:
- (status, _) = e.args
- if status == 68:
- break
- else:
- raise
- if added > 0:
- LOGGER.info("Added %d new machine accounts" % added)
-
- added = 0
- for i in range(number, 0, -1):
- try:
- username = "STGU-%d-%d" % (instance_id, i)
- create_user_account(ldb, instance_id, username, password)
- added += 1
- if added % 50 == 0:
- LOGGER.info("Created %u/%u users" % (added, number))
-
- except LdbError as e:
- (status, _) = e.args
- if status == 68:
- break
- else:
- raise
-
- if added > 0:
- LOGGER.info("Added %d new user accounts" % added)
-
-
def create_machine_account(ldb, instance_id, netbios_name, machinepass,
traffic_account=True):
"""Create a machine account via ldap."""
@@ -1747,16 +1698,31 @@ def generate_users(ldb, instance_id, number, password):
return users
-def generate_machine_accounts(ldb, instance_id, number, password):
+def machine_name(instance_id, i, traffic_account=True):
+ """Generate a machine account name from instance id."""
+ if traffic_account:
+ # traffic accounts correspond to a given user, and use different
+ # userAccountControl flags to ensure packets get processed correctly
+ # by the DC
+ return "STGM-%d-%d" % (instance_id, i)
+ else:
+ # Otherwise we're just generating computer accounts to simulate a
+ # semi-realistic network. These use the default computer
+ # userAccountControl flags, so we use a different account name so that
+ # we don't try to use them when generating packets
+ return "PC-%d-%d" % (instance_id, i)
+
+
+def generate_machine_accounts(ldb, instance_id, number, password,
+ traffic_account=True):
"""Add machine accounts to the server"""
existing_objects = search_objectclass(ldb, objectclass='computer')
added = 0
for i in range(number, 0, -1):
- name = "STGM-%d-%d$" % (instance_id, i)
- if name not in existing_objects:
- name = "STGM-%d-%d" % (instance_id, i)
+ name = machine_name(instance_id, i, traffic_account)
+ if name + "$" not in existing_objects:
create_machine_account(ldb, instance_id, name, password,
- traffic_account=False)
+ traffic_account)
added += 1
if added % 50 == 0:
LOGGER.info("Created %u/%u machine accounts" % (added, number))
@@ -1798,22 +1764,23 @@ def clean_up_accounts(ldb, instance_id):
def generate_users_and_groups(ldb, instance_id, password,
number_of_users, number_of_groups,
- group_memberships):
+ group_memberships, machine_accounts,
+ traffic_accounts=True):
"""Generate the required users and groups, allocating the users to
those groups."""
memberships_added = 0
- groups_added = 0
+ groups_added = 0
+ computers_added = 0
create_ou(ldb, instance_id)
LOGGER.info("Generating dummy user accounts")
users_added = generate_users(ldb, instance_id, number_of_users, password)
- # assume there will be some overhang with more computer accounts than users
- computer_accounts = int(1.25 * number_of_users)
LOGGER.info("Generating dummy machine accounts")
computers_added = generate_machine_accounts(ldb, instance_id,
- computer_accounts, password)
+ machine_accounts, password,
+ traffic_accounts)
if number_of_groups > 0:
LOGGER.info("Generating dummy groups")
diff --git a/python/samba/netcmd/gpo.py b/python/samba/netcmd/gpo.py
index 4d5fc88..f1f1e98 100644
--- a/python/samba/netcmd/gpo.py
+++ b/python/samba/netcmd/gpo.py
@@ -18,7 +18,7 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
-
+from __future__ import print_function
import os
import samba.getopt as options
import ldb
@@ -61,16 +61,6 @@ from samba.gp_parse.gp_inf import GptTmplInfParser
from samba.gp_parse.gp_aas import GPAasParser
-def samdb_connect(ctx):
- '''make a ldap connection to the server'''
- try:
- ctx.samdb = SamDB(url=ctx.url,
- session_info=system_session(),
- credentials=ctx.creds, lp=ctx.lp)
- except Exception as e:
- raise CommandError("LDAP connection to %s failed " % ctx.url, e)
-
-
def attr_default(msg, attrname, default):
'''get an attribute from a ldap msg with a default'''
if attrname in msg:
@@ -371,7 +361,53 @@ def create_directory_hier(conn, remotedir):
conn.mkdir(path)
-class cmd_listall(Command):
+class GPOCommand(Command):
+ def construct_tmpdir(self, tmpdir, gpo):
+ """Ensure that the temporary directory structure used in fetch,
+ backup, create, and restore is consistent.
+
+ If --tmpdir is used the named directory must be present, which may
+ contain a 'policy' subdirectory, but 'policy' must not itself have
+ a subdirectory with the gpo name. The policy and gpo directories
+ will be created.
+
+ If --tmpdir is not used, a temporary directory is securely created.
+ """
+ if tmpdir is None:
+ tmpdir = tempfile.mkdtemp()
+ print("Using temporary directory %s (use --tmpdir to change)" % tmpdir,
+ file=self.outf)
+
+ if not os.path.isdir(tmpdir):
+ raise CommandError("Temporary directory '%s' does not exist" % tmpdir)
+
+ localdir = os.path.join(tmpdir, "policy")
+ if not os.path.isdir(localdir):
+ os.mkdir(localdir)
+
+ gpodir = os.path.join(localdir, gpo)
+ if os.path.isdir(gpodir):
+ raise CommandError(
+ "GPO directory '%s' already exists, refusing to overwrite" % gpodir)
+
+ try:
+ os.mkdir(gpodir)
+ except (IOError, OSError) as e:
+ raise CommandError("Error creating teporary GPO directory", e)
+
+ return tmpdir, gpodir
+
+ def samdb_connect(self):
+ '''make a ldap connection to the server'''
+ try:
+ self.samdb = SamDB(url=self.url,
+ session_info=system_session(),
+ credentials=self.creds, lp=self.lp)
+ except Exception as e:
+ raise CommandError("LDAP connection to %s failed " % self.url, e)
+
+
+class cmd_listall(GPOCommand):
"""List all GPOs."""
synopsis = "%prog [options]"
@@ -394,7 +430,7 @@ class cmd_listall(Command):
self.url = dc_url(self.lp, self.creds, H)
- samdb_connect(self)
+ self.samdb_connect()
msg = get_gpo_info(self.samdb, None)
@@ -408,7 +444,7 @@ class cmd_listall(Command):
self.outf.write("\n")
-class cmd_list(Command):
+class cmd_list(GPOCommand):
"""List GPOs for an account."""
synopsis = "%prog <username> [options]"
@@ -432,7 +468,7 @@ class cmd_list(Command):
self.url = dc_url(self.lp, self.creds, H)
- samdb_connect(self)
+ self.samdb_connect()
try:
msg = self.samdb.search(expression='(&(|(samAccountName=%s)(samAccountName=%s$))(objectClass=User))' %
@@ -525,7 +561,7 @@ class cmd_list(Command):
self.outf.write(" %s %s\n" % (g[0], g[1]))
-class cmd_show(Command):
+class cmd_show(GPOCommand):
"""Show information for a GPO."""
synopsis = "%prog <gpo> [options]"
@@ -549,7 +585,7 @@ class cmd_show(Command):
self.url = dc_url(self.lp, self.creds, H)
- samdb_connect(self)
+ self.samdb_connect()
try:
msg = get_gpo_info(self.samdb, gpo)[0]
@@ -573,7 +609,7 @@ class cmd_show(Command):
self.outf.write("\n")
-class cmd_getlink(Command):
+class cmd_getlink(GPOCommand):
"""List GPO Links for a container."""
synopsis = "%prog <container_dn> [options]"
@@ -598,7 +634,7 @@ class cmd_getlink(Command):
self.url = dc_url(self.lp, self.creds, H)
- samdb_connect(self)
+ self.samdb_connect()
try:
msg = self.samdb.search(base=container_dn, scope=ldb.SCOPE_BASE,
@@ -620,7 +656,7 @@ class cmd_getlink(Command):
self.outf.write("No GPO(s) linked to DN=%s\n" % container_dn)
-class cmd_setlink(Command):
+class cmd_setlink(GPOCommand):
"""Add or update a GPO link to a container."""
synopsis = "%prog <container_dn> <gpo> [options]"
@@ -649,7 +685,7 @@ class cmd_setlink(Command):
self.url = dc_url(self.lp, self.creds, H)
- samdb_connect(self)
+ self.samdb_connect()
gplink_options = 0
if disabled:
@@ -710,7 +746,7 @@ class cmd_setlink(Command):
cmd_getlink().run(container_dn, H, sambaopts, credopts, versionopts)
-class cmd_dellink(Command):
+class cmd_dellink(GPOCommand):
"""Delete GPO link from a container."""
synopsis = "%prog <container_dn> <gpo> [options]"
@@ -735,7 +771,7 @@ class cmd_dellink(Command):
self.url = dc_url(self.lp, self.creds, H)
- samdb_connect(self)
+ self.samdb_connect()
# Check if valid GPO
try:
@@ -749,7 +785,7 @@ class cmd_dellink(Command):
cmd_getlink().run(container_dn, H, sambaopts, credopts, versionopts)
-class cmd_listcontainers(Command):
+class cmd_listcontainers(GPOCommand):
"""List all linked containers for a GPO."""
synopsis = "%prog <gpo> [options]"
@@ -774,7 +810,7 @@ class cmd_listcontainers(Command):
self.url = dc_url(self.lp, self.creds, H)
- samdb_connect(self)
+ self.samdb_connect()
msg = get_gpo_containers(self.samdb, gpo)
if len(msg):
@@ -785,7 +821,7 @@ class cmd_listcontainers(Command):
self.outf.write("No Containers using GPO %s\n" % gpo)
-class cmd_getinheritance(Command):
+class cmd_getinheritance(GPOCommand):
"""Get inheritance flag for a container."""
synopsis = "%prog <container_dn> [options]"
@@ -810,7 +846,7 @@ class cmd_getinheritance(Command):
self.url = dc_url(self.lp, self.creds, H)
- samdb_connect(self)
+ self.samdb_connect()
try:
msg = self.samdb.search(base=container_dn, scope=ldb.SCOPE_BASE,
@@ -829,7 +865,7 @@ class cmd_getinheritance(Command):
self.outf.write("Container has GPO_INHERIT\n")
-class cmd_setinheritance(Command):
+class cmd_setinheritance(GPOCommand):
"""Set inheritance flag on a container."""
synopsis = "%prog <container_dn> <block|inherit> [options]"
@@ -861,7 +897,7 @@ class cmd_setinheritance(Command):
self.url = dc_url(self.lp, self.creds, H)
- samdb_connect(self)
+ self.samdb_connect()
try:
msg = self.samdb.search(base=container_dn, scope=ldb.SCOPE_BASE,
expression="(objectClass=*)",
@@ -883,7 +919,7 @@ class cmd_setinheritance(Command):
raise CommandError("Error setting inheritance state %s" % inherit_state, e)
-class cmd_fetch(Command):
+class cmd_fetch(GPOCommand):
"""Download a GPO."""
synopsis = "%prog <gpo> [options]"
@@ -914,7 +950,7 @@ class cmd_fetch(Command):
dc_hostname = netcmd_finddc(self.lp, self.creds)
self.url = dc_url(self.lp, self.creds, dc=dc_hostname)
- samdb_connect(self)
+ self.samdb_connect()
try:
msg = get_gpo_info(self.samdb, gpo)[0]
except Exception:
@@ -938,21 +974,8 @@ class cmd_fetch(Command):
raise CommandError("Error connecting to '%s' using SMB" % dc_hostname)
# Copy GPT
- if tmpdir is None:
- tmpdir = "/tmp"
- if not os.path.isdir(tmpdir):
- raise CommandError("Temoprary directory '%s' does not exist" % tmpdir)
-
- localdir = os.path.join(tmpdir, "policy")
- if not os.path.isdir(localdir):
- os.mkdir(localdir)
-
- gpodir = os.path.join(localdir, gpo)
- if os.path.isdir(gpodir):
- raise CommandError("GPO directory '%s' already exists, refusing to overwrite" % gpodir)
-
+ tmpdir, gpodir = self.construct_tmpdir(tmpdir, gpo)
try:
- os.mkdir(gpodir)
copy_directory_remote_to_local(conn, sharepath, gpodir)
except Exception as e:
# FIXME: Catch more specific exception
@@ -960,7 +983,7 @@ class cmd_fetch(Command):
self.outf.write('GPO copied to %s\n' % gpodir)
-class cmd_backup(Command):
+class cmd_backup(GPOCommand):
"""Backup a GPO."""
synopsis = "%prog <gpo> [options]"
@@ -996,7 +1019,7 @@ class cmd_backup(Command):
dc_hostname = netcmd_finddc(self.lp, self.creds)
self.url = dc_url(self.lp, self.creds, dc=dc_hostname)
- samdb_connect(self)
--
Samba Shared Repository
More information about the samba-cvs
mailing list