[SCM] Samba Shared Repository - branch v4-19-stable updated
Jule Anger
janger at samba.org
Mon Feb 19 10:47:06 UTC 2024
The branch, v4-19-stable has been updated
via 7bef2f7f1c8 VERSION: Disable GIT_SNAPSHOT for the 4.19.5 release.
via 8ffa5ab1783 WHATSNEW: Add release notes for Samba 4.19.5.
via 60514eb6836 python:gp: Fix logging with gp
via d3061f5e940 gpo: Do not get templates list on first run
via 90cf23e1cca gpo: Decode base64 root cert before importing
via a50016bc7ae gpo: Test certificate policy without NDES
via 41cd6b95d49 python: Fix invalid escape sequences
via 84020efb1fe smbd: use dirfsp and atname in open_directory()
via 4477e23de60 smbd: use safe_symlink_target_path() in symlink_target_below_conn()
via cd4df6ae432 smbd: add a directory argument to safe_symlink_target_path()
via 90ae1e8f625 smbd: pass symlink target path to safe_symlink_target_path()
via 4c4f086dfdb CI: disable /proc/fds and RESOLVE_NO_SYMLINK in samba-no-opath-build runner
via 1dff1340c12 vfs_default: allow disabling /proc/fds and RESOLVE_NO_SYMLINK at compile time
via 445637d0f4c gp: Skip site GP list if no site is found
via 283ff41ee92 s3:passdb: smbpasswd reset permissions only if not 0600
via 9c43625c47e system.c: fix fake directory create times
via a86c1087681 time.c: fix ctime which was feeded with the mtime seconds
via df025598884 python:gp: Print a nice message if cepces-submit can't be found
via de32d94ca87 gp: Send list of keys instead of dict to remove
via 93735e8a9b0 gp: Test disabled enrollment unapplies policy
via 28b1fe5eac4 gp: Template changes should invalidate cache
via dfbe7494683 gp: Test adding new cert templates enforces changes
via 6dba94a3ab0 gp: Convert CA certificates to base64
via 9db01a2c729 gp: Test with binary content for certificate data
via 0dd51b02e8f gp: Change root cert extension suffix
via f9975df8414 gp: Support update-ca-trust helper
via 9ab2eb21141 gp: Support more global trust directories
via cfbaab5654c smbd: move access override for previous versions to the SMB layer
via 0874d3ab3e1 smbd: check for previous versions in check_any_access_fsp()
via f5eb449cac8 smbd: use check_any_access_fsp() for all access checks
via 44396d7bade smbd: replace CHECK_WRITE() macro with calls to check_any_access_fsp()
via bfa5f178099 smbd: set fsp->fsp_flags.can_write to false for access to previous-versions
via 0352aae6ea1 smbd: return correct error when trying to create a hardlink to a VSS file
via 8318428f3f8 smbd: fix check_any_access_fsp() for non-fsa fsps
via 0f865a34f1a smbd: rename check_access_fsp() to check_any_access_fsp()
via 9ee7991d97d smbd: set fsp_flags.is_fsa to true on printer file handles
via b8383780249 smbd: return the correct error in can_rename()
via a510fc46bcd smbtorture: expand smb2.twrp.write test
via bb9aea6a7e6 s4/libcli/raw: implemement RAW_SFILEINFO_LINK_INFORMATION
via b6c2c26e9ba selftest: remove error_inject from shadow_write share
via b9f60718ccd VERSION: Bump version up to Samba 4.19.5...
from 95474d8589e VERSION: Disable GIT_SNAPSHOT for the 4.19.4 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-19-stable
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 66 ++++++-
lib/util/time.c | 2 +-
python/samba/gp/gp_cert_auto_enroll_ext.py | 79 +++++---
python/samba/gp/gpclass.py | 30 +--
python/samba/gp/util/logging.py | 5 +-
python/samba/graph.py | 2 +-
python/samba/tests/bin/cepces-submit | 3 +-
python/samba/tests/gpo.py | 300 +++++++++++++++++++++++++----
python/samba/tests/samba_tool/gpo.py | 2 +-
script/autobuild.py | 2 +-
selftest/skip.opath-required | 4 +
selftest/target/Samba3.pm | 4 +-
source3/include/proto.h | 6 +
source3/include/smb_macros.h | 5 -
source3/lib/system.c | 1 +
source3/modules/offload_token.c | 7 +-
source3/modules/vfs_acl_common.c | 7 +-
source3/modules/vfs_default.c | 6 +
source3/modules/vfs_nfs4acl_xattr.c | 7 +-
source3/modules/vfs_shadow_copy2.c | 30 +--
source3/passdb/pdb_smbpasswd.c | 36 +++-
source3/printing/printspoolss.c | 1 +
source3/smbd/dir.c | 5 +-
source3/smbd/dosmode.c | 20 +-
source3/smbd/file_access.c | 10 +-
source3/smbd/filename.c | 85 ++++----
source3/smbd/files.c | 3 +
source3/smbd/notify.c | 5 +-
source3/smbd/open.c | 120 ++++++------
source3/smbd/proto.h | 4 +-
source3/smbd/smb1_reply.c | 37 ++--
source3/smbd/smb2_flush.c | 7 +-
source3/smbd/smb2_getinfo.c | 8 +-
source3/smbd/smb2_ioctl_filesys.c | 6 +-
source3/smbd/smb2_nttrans.c | 45 +++--
source3/smbd/smb2_reply.c | 15 +-
source3/smbd/smb2_trans2.c | 80 ++++++--
source3/smbd/smb2_write.c | 6 +-
source4/libcli/raw/rawsetfileinfo.c | 14 ++
source4/torture/smb2/create.c | 245 ++++++++++++++++++++++-
41 files changed, 997 insertions(+), 325 deletions(-)
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index af4c5a922e2..9151d8de1ce 100644
--- a/VERSION
+++ b/VERSION
@@ -27,7 +27,7 @@ SAMBA_COPYRIGHT_STRING="Copyright Andrew Tridgell and the Samba Team 1992-2023"
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=19
-SAMBA_VERSION_RELEASE=4
+SAMBA_VERSION_RELEASE=5
########################################################
# If a official release has a serious bug #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 1f174e9be54..79abe2da103 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,3 +1,66 @@
+ ==============================
+ Release Notes for Samba 4.19.5
+ February 19, 2024
+ ==============================
+
+
+This is the latest stable release of the Samba 4.19 release series.
+
+
+Changes since 4.19.4
+--------------------
+
+o Ralph Boehme <slow at samba.org>
+ * BUG 13688: Windows 2016 fails to restore previous version of a file from a
+ shadow_copy2 snapshot.
+ * BUG 15549: Symlinks on AIX are broken in 4.19 (and a few version before
+ that).
+
+o Bjoern Jacke <bj at sernet.de>
+ * BUG 12421: Fake directory create times has no effect.
+
+o Björn Jacke <bjacke at samba.org>
+ * BUG 15550: ctime mixed up with mtime by smbd.
+
+o David Mulder <dmulder at samba.org>
+ * BUG 15548: samba-gpupdate --rsop fails if machine is not in a site.
+
+o Gabriel Nagy <gabriel.nagy at canonical.com>
+ * BUG 15557: gpupdate: The root cert import when NDES is not available is
+ broken.
+
+o Andreas Schneider <asn at samba.org>
+ * BUG 15552: samba-gpupdate should print a useful message if cepces-submit
+ can't be found.
+ * BUG 15558: samba-gpupdate logging doesn't work.
+
+o Jones Syue <jonessyue at qnap.com>
+ * BUG 15555: smbpasswd reset permissions only if not 0600.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical:matrix.org matrix room, or
+#samba-technical IRC channel on irc.libera.chat.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
==============================
Release Notes for Samba 4.19.4
January 08, 2024
@@ -78,8 +141,7 @@ database (https://bugzilla.samba.org/).
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
==============================
Release Notes for Samba 4.19.3
November 27, 2023
diff --git a/lib/util/time.c b/lib/util/time.c
index c2a77d664d3..9393a754d73 100644
--- a/lib/util/time.c
+++ b/lib/util/time.c
@@ -1450,7 +1450,7 @@ struct timespec get_ctimespec(const struct stat *pst)
{
struct timespec ret;
- ret.tv_sec = pst->st_mtime;
+ ret.tv_sec = pst->st_ctime;
ret.tv_nsec = get_ctimensec(pst);
return ret;
}
diff --git a/python/samba/gp/gp_cert_auto_enroll_ext.py b/python/samba/gp/gp_cert_auto_enroll_ext.py
index 312c8ddf467..df3b472f5a9 100644
--- a/python/samba/gp/gp_cert_auto_enroll_ext.py
+++ b/python/samba/gp/gp_cert_auto_enroll_ext.py
@@ -45,10 +45,12 @@ cert_wrap = b"""
-----BEGIN CERTIFICATE-----
%s
-----END CERTIFICATE-----"""
-global_trust_dir = '/etc/pki/trust/anchors'
endpoint_re = '(https|HTTPS)://(?P<server>[a-zA-Z0-9.-]+)/ADPolicyProvider' + \
'_CEP_(?P<auth>[a-zA-Z]+)/service.svc/CEP'
+global_trust_dirs = ['/etc/pki/trust/anchors', # SUSE
+ '/etc/pki/ca-trust/source/anchors', # RHEL/Fedora
+ '/usr/local/share/ca-certificates'] # Debian/Ubuntu
def octet_string_to_objectGUID(data):
"""Convert an octet string to an objectGUID."""
@@ -156,7 +158,7 @@ def fetch_certification_authorities(ldb):
for es in res:
data = { 'name': get_string(es['cn'][0]),
'hostname': get_string(es['dNSHostName'][0]),
- 'cACertificate': get_string(es['cACertificate'][0])
+ 'cACertificate': get_string(base64.b64encode(es['cACertificate'][0]))
}
result.append(data)
return result
@@ -174,8 +176,7 @@ def fetch_template_attrs(ldb, name, attrs=None):
return {'msPKI-Minimal-Key-Size': ['2048']}
def format_root_cert(cert):
- cert = base64.b64encode(cert.encode())
- return cert_wrap % re.sub(b"(.{64})", b"\\1\n", cert, 0, re.DOTALL)
+ return cert_wrap % re.sub(b"(.{64})", b"\\1\n", cert.encode(), 0, re.DOTALL)
def find_cepces_submit():
certmonger_dirs = [os.environ.get("PATH"), '/usr/lib/certmonger',
@@ -184,17 +185,19 @@ def find_cepces_submit():
def get_supported_templates(server):
cepces_submit = find_cepces_submit()
- if os.path.exists(cepces_submit):
- env = os.environ
- env['CERTMONGER_OPERATION'] = 'GET-SUPPORTED-TEMPLATES'
- p = Popen([cepces_submit, '--server=%s' % server, '--auth=Kerberos'],
- env=env, stdout=PIPE, stderr=PIPE)
- out, err = p.communicate()
- if p.returncode != 0:
- data = { 'Error': err.decode() }
- log.error('Failed to fetch the list of supported templates.', data)
- return out.strip().split()
- return []
+ if not cepces_submit or not os.path.exists(cepces_submit):
+ log.error('Failed to find cepces-submit')
+ return []
+
+ env = os.environ
+ env['CERTMONGER_OPERATION'] = 'GET-SUPPORTED-TEMPLATES'
+ p = Popen([cepces_submit, '--server=%s' % server, '--auth=Kerberos'],
+ env=env, stdout=PIPE, stderr=PIPE)
+ out, err = p.communicate()
+ if p.returncode != 0:
+ data = {'Error': err.decode()}
+ log.error('Failed to fetch the list of supported templates.', data)
+ return out.strip().split()
def getca(ca, url, trust_dir):
@@ -214,10 +217,11 @@ def getca(ca, url, trust_dir):
' installed or not configured.')
if 'cACertificate' in ca:
log.warn('Installing the server certificate only.')
+ der_certificate = base64.b64decode(ca['cACertificate'])
try:
- cert = load_der_x509_certificate(ca['cACertificate'])
+ cert = load_der_x509_certificate(der_certificate)
except TypeError:
- cert = load_der_x509_certificate(ca['cACertificate'],
+ cert = load_der_x509_certificate(der_certificate,
default_backend())
cert_data = cert.public_bytes(Encoding.PEM)
with open(root_cert, 'wb') as w:
@@ -239,7 +243,8 @@ def getca(ca, url, trust_dir):
certs = load_der_pkcs7_certificates(r.content)
for i in range(0, len(certs)):
cert = certs[i].public_bytes(Encoding.PEM)
- dest = '%s.%d' % (root_cert, i)
+ filename, extension = root_cert.rsplit('.', 1)
+ dest = '%s.%d.%s' % (filename, i, extension)
with open(dest, 'wb') as w:
w.write(cert)
root_certs.append(dest)
@@ -249,12 +254,29 @@ def getca(ca, url, trust_dir):
return root_certs
+def find_global_trust_dir():
+ """Return the global trust dir using known paths from various Linux distros."""
+ for trust_dir in global_trust_dirs:
+ if os.path.isdir(trust_dir):
+ return trust_dir
+ return global_trust_dirs[0]
+
+def update_ca_command():
+ """Return the command to update the CA trust store."""
+ return which('update-ca-certificates') or which('update-ca-trust')
+
+def changed(new_data, old_data):
+ """Return True if any key present in both dicts has changed."""
+ return any((new_data[k] != old_data[k] if k in old_data else False) \
+ for k in new_data.keys())
+
def cert_enroll(ca, ldb, trust_dir, private_dir, auth='Kerberos'):
"""Install the root certificate chain."""
data = dict({'files': [], 'templates': []}, **ca)
url = 'http://%s/CertSrv/mscep/mscep.dll/pkiclient.exe?' % ca['hostname']
root_certs = getca(ca, url, trust_dir)
data['files'].extend(root_certs)
+ global_trust_dir = find_global_trust_dir()
for src in root_certs:
# Symlink the certs to global trust dir
dst = os.path.join(global_trust_dir, os.path.basename(src))
@@ -273,7 +295,7 @@ def cert_enroll(ca, ldb, trust_dir, private_dir, auth='Kerberos'):
# already exists. Ignore the FileExistsError. Preserve the
# existing symlink in the unapply data.
data['files'].append(dst)
- update = which('update-ca-certificates')
+ update = update_ca_command()
if update is not None:
Popen([update]).wait()
# Setup Certificate Auto Enrollment
@@ -316,7 +338,7 @@ def cert_enroll(ca, ldb, trust_dir, private_dir, auth='Kerberos'):
class gp_cert_auto_enroll_ext(gp_pol_ext, gp_applier):
def __str__(self):
- return 'Cryptography\AutoEnrollment'
+ return r'Cryptography\AutoEnrollment'
def unapply(self, guid, attribute, value):
ca_cn = base64.b64decode(attribute)
@@ -337,12 +359,13 @@ class gp_cert_auto_enroll_ext(gp_pol_ext, gp_applier):
# If the policy has changed, unapply, then apply new policy
old_val = self.cache_get_attribute_value(guid, attribute)
old_data = json.loads(old_val) if old_val is not None else {}
- if all([(ca[k] == old_data[k] if k in old_data else False) \
- for k in ca.keys()]) or \
- self.cache_get_apply_state() == GPOSTATE.ENFORCE:
+ templates = ['%s.%s' % (ca['name'], t.decode()) for t in get_supported_templates(ca['hostname'])] \
+ if old_val is not None else []
+ new_data = { 'templates': templates, **ca }
+ if changed(new_data, old_data) or self.cache_get_apply_state() == GPOSTATE.ENFORCE:
self.unapply(guid, attribute, old_val)
- # If policy is already applied, skip application
- if old_val is not None and \
+ # If policy is already applied and unchanged, skip application
+ if old_val is not None and not changed(new_data, old_data) and \
self.cache_get_apply_state() != GPOSTATE.ENFORCE:
return
@@ -368,7 +391,7 @@ class gp_cert_auto_enroll_ext(gp_pol_ext, gp_applier):
for gpo in changed_gpo_list:
if gpo.file_sys_path:
- section = 'Software\Policies\Microsoft\Cryptography\AutoEnrollment'
+ section = r'Software\Policies\Microsoft\Cryptography\AutoEnrollment'
pol_file = 'MACHINE/Registry.pol'
path = os.path.join(gpo.file_sys_path, pol_file)
pol_conf = self.parse(path)
@@ -396,7 +419,7 @@ class gp_cert_auto_enroll_ext(gp_pol_ext, gp_applier):
# remove any existing policy
ca_attrs = \
self.cache_get_all_attribute_values(gpo.name)
- self.clean(gpo.name, remove=ca_attrs)
+ self.clean(gpo.name, remove=list(ca_attrs.keys()))
def __read_cep_data(self, guid, ldb, end_point_information,
trust_dir, private_dir):
@@ -488,7 +511,7 @@ class gp_cert_auto_enroll_ext(gp_pol_ext, gp_applier):
def rsop(self, gpo):
output = {}
pol_file = 'MACHINE/Registry.pol'
- section = 'Software\Policies\Microsoft\Cryptography\AutoEnrollment'
+ section = r'Software\Policies\Microsoft\Cryptography\AutoEnrollment'
if gpo.file_sys_path:
path = os.path.join(gpo.file_sys_path, pol_file)
pol_conf = self.parse(path)
diff --git a/python/samba/gp/gpclass.py b/python/samba/gp/gpclass.py
index 617ef79350c..babd8f90748 100644
--- a/python/samba/gp/gpclass.py
+++ b/python/samba/gp/gpclass.py
@@ -866,19 +866,25 @@ def get_gpo_list(dc_hostname, creds, lp, username):
# (S)ite
if gpo_list_machine:
- site_dn = site_dn_for_machine(samdb, dc_hostname, lp, creds, username)
-
try:
- log.debug("get_gpo_list: query SITE: [%s] for GPOs" % site_dn)
- gp_link = get_gpo_link(samdb, site_dn)
- except ldb.LdbError as e:
- (enum, estr) = e.args
- log.debug(estr)
- else:
- add_gplink_to_gpo_list(samdb, gpo_list, forced_gpo_list,
- site_dn, gp_link,
- gpo.GP_LINK_SITE,
- add_only_forced_gpos, token)
+ site_dn = site_dn_for_machine(samdb, dc_hostname, lp, creds, username)
+
+ try:
+ log.debug("get_gpo_list: query SITE: [%s] for GPOs" % site_dn)
+ gp_link = get_gpo_link(samdb, site_dn)
+ except ldb.LdbError as e:
+ (enum, estr) = e.args
+ log.debug(estr)
+ else:
+ add_gplink_to_gpo_list(samdb, gpo_list, forced_gpo_list,
+ site_dn, gp_link,
+ gpo.GP_LINK_SITE,
+ add_only_forced_gpos, token)
+ except ldb.LdbError:
+ # [MS-GPOL] 3.2.5.1.4 Site Search: If the method returns
+ # ERROR_NO_SITENAME, the remainder of this message MUST be skipped
+ # and the protocol sequence MUST continue at GPO Search
+ pass
# (L)ocal
gpo_list.insert(0, gpo.GROUP_POLICY_OBJECT("Local Policy",
diff --git a/python/samba/gp/util/logging.py b/python/samba/gp/util/logging.py
index a74a8707d50..c3de32825db 100644
--- a/python/samba/gp/util/logging.py
+++ b/python/samba/gp/util/logging.py
@@ -24,9 +24,10 @@ import gettext
import random
import sys
-logger = logging.getLogger()
+logger = logging.getLogger("gp")
+
+
def logger_init(name, log_level):
- logger = logging.getLogger(name)
logger.addHandler(logging.StreamHandler(sys.stdout))
logger.setLevel(logging.CRITICAL)
if log_level == 1:
diff --git a/python/samba/graph.py b/python/samba/graph.py
index 537dc661fb3..4c4a07f47ae 100644
--- a/python/samba/graph.py
+++ b/python/samba/graph.py
@@ -192,7 +192,7 @@ def compile_graph_key(key_items, nodes_above=None, elisions=None,
short = short[1:]
long = long[1:]
elision_str += ('\nelision%d[shape=plaintext; style=solid; '
- 'label="\“%s” means “%s”\\r"]\n'
+ 'label="\\“%s” means “%s”\\r"]\n'
% ((i, short, long)))
above_lines = []
diff --git a/python/samba/tests/bin/cepces-submit b/python/samba/tests/bin/cepces-submit
index 668682a9f58..de63164692b 100755
--- a/python/samba/tests/bin/cepces-submit
+++ b/python/samba/tests/bin/cepces-submit
@@ -14,4 +14,5 @@ if __name__ == "__main__":
assert opts.auth == 'Kerberos'
if 'CERTMONGER_OPERATION' in os.environ and \
os.environ['CERTMONGER_OPERATION'] == 'GET-SUPPORTED-TEMPLATES':
- print('Machine') # Report a Machine template
+ templates = os.environ.get('CEPCES_SUBMIT_SUPPORTED_TEMPLATES', 'Machine').split(',')
+ print('\n'.join(templates)) # Report the requested templates
diff --git a/python/samba/tests/gpo.py b/python/samba/tests/gpo.py
index e4b75cc62a4..a6a33ea4ba1 100644
--- a/python/samba/tests/gpo.py
+++ b/python/samba/tests/gpo.py
@@ -102,17 +102,21 @@ def dummy_certificate():
# Dummy requests structure for Certificate Auto Enrollment
class dummy_requests(object):
- @staticmethod
- def get(url=None, params=None):
+ class exceptions(object):
+ ConnectionError = Exception
+
+ def __init__(self, want_exception=False):
+ self.want_exception = want_exception
+
+ def get(self, url=None, params=None):
+ if self.want_exception:
+ raise self.exceptions.ConnectionError
+
dummy = requests.Response()
dummy._content = dummy_certificate()
dummy.headers = {'Content-Type': 'application/x-x509-ca-cert'}
return dummy
- class exceptions(object):
- ConnectionError = Exception
-cae.requests = dummy_requests
-
realm = os.environ.get('REALM')
policies = realm + '/POLICIES'
realm = realm.lower()
@@ -123,7 +127,7 @@ dspath = 'CN=Policies,CN=System,' + base_dn
gpt_data = '[General]\nVersion=%d'
gnome_test_reg_pol = \
-b"""
+br"""
<?xml version="1.0" encoding="utf-8"?>
<PolFile num_entries="26" signature="PReg" version="1">
<Entry type="4" type_name="REG_DWORD">
@@ -260,7 +264,7 @@ b"""
"""
auto_enroll_reg_pol = \
-b"""
+br"""
<?xml version="1.0" encoding="utf-8"?>
<PolFile num_entries="3" signature="PReg" version="1">
<Entry type="4" type_name="REG_DWORD">
@@ -281,8 +285,30 @@ b"""
</PolFile>
"""
+auto_enroll_unchecked_reg_pol = \
+br"""
+<?xml version="1.0" encoding="utf-8"?>
+<PolFile num_entries="3" signature="PReg" version="1">
+ <Entry type="4" type_name="REG_DWORD">
+ <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key>
+ <ValueName>AEPolicy</ValueName>
+ <Value>0</Value>
+ </Entry>
+ <Entry type="4" type_name="REG_DWORD">
+ <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key>
+ <ValueName>OfflineExpirationPercent</ValueName>
+ <Value>10</Value>
+ </Entry>
+ <Entry type="1" type_name="REG_SZ">
+ <Key>Software\Policies\Microsoft\Cryptography\AutoEnrollment</Key>
+ <ValueName>OfflineExpirationStoreNames</ValueName>
+ <Value>MY</Value>
+ </Entry>
+</PolFile>
+"""
+
advanced_enroll_reg_pol = \
-b"""
+br"""
<?xml version="1.0" encoding="utf-8"?>
<PolFile num_entries="30" signature="PReg" version="1">
<Entry type="1" type_name="REG_SZ">
@@ -316,122 +342,122 @@ b"""
<Value>0</Value>
</Entry>
<Entry type="1" type_name="REG_SZ">
- <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key>
+ <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key>
<ValueName>URL</ValueName>
<Value>LDAP:</Value>
</Entry>
<Entry type="1" type_name="REG_SZ">
- <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key>
+ <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key>
<ValueName>PolicyID</ValueName>
<Value>%s</Value>
</Entry>
<Entry type="1" type_name="REG_SZ">
- <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key>
+ <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key>
<ValueName>FriendlyName</ValueName>
<Value>Example</Value>
</Entry>
<Entry type="4" type_name="REG_DWORD">
- <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key>
+ <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key>
<ValueName>Flags</ValueName>
<Value>16</Value>
</Entry>
<Entry type="4" type_name="REG_DWORD">
- <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key>
+ <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key>
<ValueName>AuthFlags</ValueName>
<Value>2</Value>
</Entry>
<Entry type="4" type_name="REG_DWORD">
- <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key>
+ <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\37c9dc30f207f27f61a2f7c3aed598a6e2920b54</Key>
<ValueName>Cost</ValueName>
<Value>2147483645</Value>
</Entry>
<Entry type="1" type_name="REG_SZ">
- <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\\144bdbb8e4717c26e408f3c9a0cb8d6cfacbcbbe</Key>
+ <Key>Software\Policies\Microsoft\Cryptography\PolicyServers\144bdbb8e4717c26e408f3c9a0cb8d6cfacbcbbe</Key>
--
Samba Shared Repository
More information about the samba-cvs
mailing list