[PATCH 22/23] gpo: Add gpo tests

Andrew Bartlett abartlet at samba.org
Thu Apr 27 19:49:58 UTC 2017

On Thu, 2017-04-27 at 09:43 -0600, David Mulder wrote:
> Here is the latest version of the gpo patches. This version tests
> the 
> end points of System Access policies, rather than a single static 
> option. Also fixes a crash in the policy read in gpclass.py.

In Subject: [PATCH 02/22] gpo: Add python libgpo bindings:

The py_gpo_get_unix_path() routine and others like it appears to leak
the result of talloc_new(NULL).

I also am totally unclear how py_ads_parse_gp_ext() is used, tested or
even works - it appears to blindly cast a C object to a python object
and has a memory leak.

The same I could say for py_ads_get_gpo_link, which tries to build a
tuple with a raw C object, and leaks memory.  It also has really
strange indentation and // comments, and is commented out in the end. 

I know this isn't your code!  However it means we have to go over
everything with a fine toothed comb.  A patch to trim it down to the
bare minimum required would go a long way.

Comprehensive tests for the bindings and for the now modular script
directly would go a long way to improving my confidence with this patch


Andrew Bartlett

> On 03/10/2017 02:22 PM, Andrew Bartlett wrote:
> > On Fri, 2017-03-10 at 14:09 -0700, David Mulder wrote:
> > > Here's a patched commit using lpcfg_gpo_update_command() and
> > > lpcfg_path().
> > 
> > Thanks!  BTW, the reason the parameter is a list is to avoid
> > needing to
> > call system() on it (disliked by security folks), but that may not
> > be
> > worth avoiding in a torture test.
> > 
> > Andrew Bartlett
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba-technical mailing list