[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Wed Sep 2 10:36:03 UTC 2020
The branch, master has been updated
via 50d900b6f9b tests: Make sure that idmap_ad retrieves unix nss attributes
via 1ba15c459b9 GPO: Update the samba-gpupdate man page
via 11f97148bb5 gpo: Pass necessary parameters to rsop
via dff01a5edf6 gpo: Test rsop function for success
via 07ce4808882 samba-tool: Create unix user with modified template homedir
via 38fcad60a8e samba-tool: Test creating unix user with modified template homedir
from 0c461f3bd58 lzxpress: avoid technically undefined shift
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 50d900b6f9b8c35e673fc280efd505121a7579d3
Author: Volker Lendecke <vl at samba.org>
Date: Sun Aug 30 11:45:56 2020 +0200
tests: Make sure that idmap_ad retrieves unix nss attributes
Make sure that unix_primary_group and unix_nss_info idmap_ad options
work. We have two domains here and test wbinfo -i for both domains, so
we also run the test without those options for the trusted domain.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Sep 2 10:35:53 UTC 2020 on sn-devel-184
commit 1ba15c459b9b99fec905533ca8c34f55b3a7e99c
Author: David Mulder <dmulder at suse.com>
Date: Fri Aug 28 15:32:13 2020 -0600
GPO: Update the samba-gpupdate man page
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 11f97148bb57eecdb3e34e33901a4bb7a2dd7755
Author: David Mulder <dmulder at suse.com>
Date: Thu Aug 27 13:25:44 2020 -0600
gpo: Pass necessary parameters to rsop
These parameters were missed by mistake when exts
were modified to be initialized within the rsop
command. Fixes an exception thrown when executing
samba-gpupdate --rsop:
Traceback (most recent call last):
File "/usr/sbin/samba-gpupdate", line 99, in <module>
rsop(lp, creds, gp_extensions, opts.target)
File "/usr/lib64/python3.8/site-packages/samba/gpclass.py", line 512, in rsop
ext = ext(logger, lp, creds, store)
NameError: name 'logger' is not defined
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit dff01a5edf69b10e72c64ab63de1d4aeedb747ce
Author: David Mulder <dmulder at suse.com>
Date: Fri Aug 28 08:38:41 2020 -0600
gpo: Test rsop function for success
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 07ce48088824bba2054e029edfa6fbae972c1921
Author: David Mulder <dmulder at suse.com>
Date: Thu Aug 27 14:22:34 2020 -0600
samba-tool: Create unix user with modified template homedir
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 38fcad60a8ea80bda70a82a3c7f9bf50a9754a8e
Author: David Mulder <dmulder at suse.com>
Date: Thu Aug 27 13:13:06 2020 -0600
samba-tool: Test creating unix user with modified template homedir
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
-----------------------------------------------------------------------
Summary of changes:
nsswitch/tests/test_idmap_ad.sh | 20 ++++++++++++++++++--
python/samba/gpclass.py | 6 +++---
python/samba/netcmd/user.py | 5 +++--
python/samba/tests/gpo.py | 10 ++++++++++
python/samba/tests/samba_tool/user.py | 8 ++++++++
selftest/target/Samba3.pm | 2 ++
source4/scripting/bin/samba-gpupdate | 2 +-
source4/scripting/man/samba-gpupdate.8.xml | 16 ++++++++++++----
8 files changed, 57 insertions(+), 12 deletions(-)
Changeset truncated at 500 lines:
diff --git a/nsswitch/tests/test_idmap_ad.sh b/nsswitch/tests/test_idmap_ad.sh
index 46c637f7649..d634b82ba14 100755
--- a/nsswitch/tests/test_idmap_ad.sh
+++ b/nsswitch/tests/test_idmap_ad.sh
@@ -55,6 +55,14 @@ dn: CN=Administrator,CN=Users,$BASE_DN
changetype: modify
add: uidNumber
uidNumber: 2000000
+add: gidNumber
+gidNumber: 2000100
+add: unixHomeDirectory
+unixHomeDirectory: /home/admin
+add: loginShell
+loginShell: /bin/tcsh
+add: gecos
+gecos: Administrator Full Name
EOF
cat <<EOF | $ldbmodify -H ldap://$DC_SERVER -U "$DOMAIN\Administrator%$DC_PASSWORD"
@@ -123,8 +131,8 @@ testit "Test uid of Domain Users is 2000001" test $ret -eq 0 || failed=$(expr $f
#
out="$($wbinfo -i $DOMAIN/Administrator)"
-echo "wbinfo returned: \"$out\", expecting \"$DOMAIN/administrator:*:2000000:2000001::/home/$DOMAIN/administrator:/bin/false\""
-test "$out" = "$DOMAIN/administrator:*:2000000:2000001::/home/$DOMAIN/administrator:/bin/false"
+echo "wbinfo returned: \"$out\", expecting \"$DOMAIN/administrator:*:2000000:2000100:Administrator Full Name:/home/admin:/bin/tcsh\""
+test "$out" = "$DOMAIN/administrator:*:2000000:2000100:Administrator Full Name:/home/admin:/bin/tcsh"
ret=$?
testit "Test get userinfo for Administrator works" test $ret -eq 0 || failed=$(expr $failed + 1)
@@ -186,6 +194,14 @@ dn: CN=Administrator,CN=Users,$BASE_DN
changetype: modify
delete: uidNumber
uidNumber: 2000000
+delete: gidNumber
+gidNumber: 2000100
+delete: unixHomeDirectory
+unixHomeDirectory: /home/admin
+delete: loginShell
+loginShell: /bin/tcsh
+delete: gecos
+gecos: Administrator Full Name
EOF
cat <<EOF | $ldbmodify -H ldap://$DC_SERVER -U "$DOMAIN\Administrator%$DC_PASSWORD"
diff --git a/python/samba/gpclass.py b/python/samba/gpclass.py
index ddb580d7301..8e9bfb9f0e3 100644
--- a/python/samba/gpclass.py
+++ b/python/samba/gpclass.py
@@ -16,7 +16,7 @@
import sys
-import os
+import os, shutil
import errno
import tdb
sys.path.insert(0, "bin/python")
@@ -497,14 +497,14 @@ def __rsop_vals(vals, level=4):
else:
return vals
-def rsop(lp, creds, gp_extensions, target):
+def rsop(lp, creds, logger, store, gp_extensions, target):
dc_hostname = get_dc_hostname(creds, lp)
gpos = get_gpo_list(dc_hostname, creds, lp)
check_refresh_gpo_list(dc_hostname, lp, creds, gpos)
print('Resultant Set of Policy')
print('%s Policy\n' % target)
- term_width = os.get_terminal_size()[0]
+ term_width = shutil.get_terminal_size(fallback=(120, 50))[0]
for gpo in gpos:
print('GPO: %s' % gpo.display_name)
print('='*term_width)
diff --git a/python/samba/netcmd/user.py b/python/samba/netcmd/user.py
index 95c21f52a04..b76d55b7d40 100644
--- a/python/samba/netcmd/user.py
+++ b/python/samba/netcmd/user.py
@@ -3006,11 +3006,12 @@ The users gecos field will be set to 'User4 test'
res = samdb.search(searchdn,
scope=ldb.SCOPE_SUBTREE,
expression=filter)
- unix_domain = res[0]["nETBIOSName"][0]
+ unix_domain = res[0]["nETBIOSName"][0].decode()
except IndexError:
raise CommandError('Unable to find Unix domain')
- unix_home = "/home/{0}/{1}".format(unix_domain, username)
+ tmpl = lp.get('template homedir')
+ unix_home = tmpl.replace('%D', unix_domain).replace('%U', username)
if not lp.get("idmap_ldb:use rfc2307"):
self.outf.write("You are setting a Unix/RFC2307 UID & GID. "
diff --git a/python/samba/tests/gpo.py b/python/samba/tests/gpo.py
index a25f1a48875..43a4aacfc14 100644
--- a/python/samba/tests/gpo.py
+++ b/python/samba/tests/gpo.py
@@ -66,6 +66,12 @@ def gpupdate_unapply(lp):
return Popen(gpupdate, stdout=PIPE, stderr=PIPE).wait()
+def rsop(lp):
+ gpupdate = lp.get('gpo update command')
+ gpupdate.append('--rsop')
+
+ return Popen(gpupdate, stdout=PIPE).wait()
+
def stage_file(path, data):
dirname = os.path.dirname(path)
if not os.path.exists(dirname):
@@ -571,6 +577,10 @@ class GPOTests(tests.TestCase):
unstage_file(gpofile % g.name)
unstage_file(reg_pol % g.name)
+ # Check that a call to gpupdate --rsop also succeeds
+ ret = rsop(self.lp)
+ self.assertEquals(ret, 0, 'gpupdate --rsop failed!')
+
def test_gp_unapply(self):
logger = logging.getLogger('gpo_tests')
cache_dir = self.lp.get('cache directory')
diff --git a/python/samba/tests/samba_tool/user.py b/python/samba/tests/samba_tool/user.py
index 2ca32a26ed7..b955e578a8b 100644
--- a/python/samba/tests/samba_tool/user.py
+++ b/python/samba/tests/samba_tool/user.py
@@ -41,6 +41,12 @@ class UserCmdTestCase(SambaToolCmdTest):
super(UserCmdTestCase, self).setUp()
self.samdb = self.getSamDB("-H", "ldap://%s" % os.environ["DC_SERVER"],
"-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
+
+ # Modify the default template homedir
+ lp = self.get_loadparm()
+ self.template_homedir = lp.get('template homedir')
+ lp.set('template homedir', '/home/test/%D/%U')
+
self.users = []
self.users.append(self._randomUser({"name": "sambatool1", "company": "comp1"}))
self.users.append(self._randomUser({"name": "sambatool2", "company": "comp1"}))
@@ -83,6 +89,7 @@ class UserCmdTestCase(SambaToolCmdTest):
cachedb = lp.private_path("user-syncpasswords-cache.ldb")
if os.path.exists(cachedb):
os.remove(cachedb)
+ lp.set('template homedir', self.template_homedir)
def test_newuser(self):
# try to add all the users again, this should fail
@@ -645,6 +652,7 @@ template """
self.assertEqual("%s" % found.get("gidNumber"), "%s" %
user["gidNumber"])
self.assertEqual("%s" % found.get("uid"), user["uid"])
+ self.assertIn('/home/test/', "%s" % found.get("unixHomeDirectory"))
self._check_user(user)
def _create_user(self, user):
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index 444c837d816..f4fe6c473b3 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -1059,6 +1059,8 @@ sub setup_ad_member_idmap_ad
idmap config * : range = 1000000-1999999
idmap config $dcvars->{DOMAIN} : backend = ad
idmap config $dcvars->{DOMAIN} : range = 2000000-2999999
+ idmap config $dcvars->{DOMAIN} : unix_primary_group = yes
+ idmap config $dcvars->{DOMAIN} : unix_nss_info = yes
idmap config $dcvars->{TRUST_DOMAIN} : backend = ad
idmap config $dcvars->{TRUST_DOMAIN} : range = 2000000-2999999
gensec_gssapi:requested_life_time = 5
diff --git a/source4/scripting/bin/samba-gpupdate b/source4/scripting/bin/samba-gpupdate
index 44292ec644f..dfbb1901457 100755
--- a/source4/scripting/bin/samba-gpupdate
+++ b/source4/scripting/bin/samba-gpupdate
@@ -96,7 +96,7 @@ if __name__ == "__main__":
gp_extensions.extend(user_exts)
if opts.rsop:
- rsop(lp, creds, gp_extensions, opts.target)
+ rsop(lp, creds, logger, store, gp_extensions, opts.target)
elif not opts.unapply:
apply_gp(lp, creds, logger, store, gp_extensions, opts.force)
else:
diff --git a/source4/scripting/man/samba-gpupdate.8.xml b/source4/scripting/man/samba-gpupdate.8.xml
index 95f17bdd936..c7c99634610 100644
--- a/source4/scripting/man/samba-gpupdate.8.xml
+++ b/source4/scripting/man/samba-gpupdate.8.xml
@@ -38,12 +38,14 @@
<manvolnum>1</manvolnum></citerefentry> suite.</para>
<para><command>samba-gpupdate</command> a script for
- applying and unapplying Group Policy. Group Policy
- application is experimental. Currently this applies
+ applying and unapplying Group Policy. This applies
password policies (minimum/maximum password age,
- minimum password length, and password complexity) and
+ minimum password length, and password complexity),
kerberos policies (user/service ticket lifetime and
- renew lifetime).</para>
+ renew lifetime), smb.conf policies,
+ hourly/daily/weekly/monthly cron scripts, Sudo
+ Privileges, Message of the Day and Logon Prompt
+ messages, etc.</para>
</refsect1>
@@ -62,6 +64,12 @@
<para><option>--target</option>
{Computer | User}</para>
+<para><option>--force</option>
+ Reapplies all policy settings</para>
+
+<para><option>--rsop</option>
+ Print the Resultant Set of Policy</para>
+
<para>Samba Common Options:</para>
<para><option>-s </option>FILE, <option>--configfile</option>=<emphasis remap="I">FILE</emphasis>
--
Samba Shared Repository
More information about the samba-cvs
mailing list