[PATCH 17/18] gpo: Add logging and error handle

David Mulder dmulder at suse.com
Thu Feb 23 20:22:09 UTC 2017


Add info logging to monitor gpo changes, etc. Also handle parse errors and log an error message, then recover.

Signed-off-by: David Mulder <dmulder at suse.com>
---
 python/samba/gpclass.py               | 12 ++++++++++--
 source4/scripting/bin/samba_gpoupdate | 18 ++++++++++++++++--
 2 files changed, 26 insertions(+), 4 deletions(-)

diff --git a/python/samba/gpclass.py b/python/samba/gpclass.py
index e6b1ce7..4c7b4fb 100755
--- a/python/samba/gpclass.py
+++ b/python/samba/gpclass.py
@@ -43,22 +43,27 @@ class inf_to_ldb(object):
     parameter to Samba4. Not registry oriented whatsoever.
     '''
 
-    def __init__(self, ldb, dn, attribute, val):
+    def __init__(self, logger, ldb, dn, attribute, val):
+        self.logger = logger
         self.ldb = ldb
         self.dn = dn
         self.attribute = attribute
         self.val = val
 
     def ch_minPwdAge(self, val):
+        self.logger.info('KDC Minimum Password age was changed from %s to %s' % (self.ldb.get_minPwdAge(), val))
         self.ldb.set_minPwdAge(val)
 
     def ch_maxPwdAge(self, val):
+        self.logger.info('KDC Maximum Password age was changed from %s to %s' % (self.ldb.get_maxPwdAge(), val))
         self.ldb.set_maxPwdAge(val)
 
     def ch_minPwdLength(self, val):
+        self.logger.info('KDC Minimum Password length was changed from %s to %s' % (self.ldb.get_minPwdLength(), val))
         self.ldb.set_minPwdLength(val)
 
     def ch_pwdProperties(self, val):
+        self.logger.info('KDC Password Properties were changed from %s to %s' % (self.ldb.get_pwdProperties(), val))
         self.ldb.set_pwdProperties(val)
 
     def explicit(self):
@@ -96,6 +101,9 @@ class gp_sec_ext(gp_ext):
 
     count = 0
 
+    def __init__(self, logger):
+        self.logger = logger
+
     def __str__(self):
         return "Security GPO extension"
 
@@ -150,7 +158,7 @@ class gp_sec_ext(gp_ext):
                     (att, setter) = current_section.get(key)
                     value = value.encode('ascii', 'ignore')
                     ret = True
-                    setter(self.ldb, self.dn, att, value).update_samba()
+                    setter(self.logger, self.ldb, self.dn, att, value).update_samba()
         return ret
 
     def parse(self, afile, ldb, conn, attr_log):
diff --git a/source4/scripting/bin/samba_gpoupdate b/source4/scripting/bin/samba_gpoupdate
index e092038..17bac76 100755
--- a/source4/scripting/bin/samba_gpoupdate
+++ b/source4/scripting/bin/samba_gpoupdate
@@ -24,6 +24,7 @@ from samba.gpclass import *
 from samba.net import Net
 from samba.dcerpc import nbt
 from samba import smb
+import logging
 
 
 # Finds all GPO Files ending in inf
@@ -77,6 +78,7 @@ class GPOServiceSetup:
         self.parser.add_option_group(options.VersionOptions(self.parser))
         self.init_credopts()
         self.parser.add_option("-H", dest="url", help="URL for the samdb")
+        self.parser.add_option('-v', '--verbose', help='Print verbose messages', action="store_true")
         self.parser.add_option_group(self.credopts)
 
     def init_argsopts(self):
@@ -132,6 +134,13 @@ class GPOServiceSetup:
 GPOService = GPOServiceSetup()
 GPOService.InitializeService()
 
+# Set up logging
+logger = logging.getLogger('samba_gpoupdate')
+logger.addHandler(logging.StreamHandler(sys.stdout))
+logger.setLevel(logging.WARN)
+if GPOService.opts.verbose:
+    logger.setLevel(logging.DEBUG)
+
 # Get the Samba Instance
 test_ldb = GPOService.Get_LDB()
 
@@ -197,7 +206,7 @@ if (GPO_Deleted):
 BackLog.transaction_start()
 for guid_eval in hierarchy_gpos:
     guid = guid_eval[0]
-    gp_extensions = [gp_sec_ext()]
+    gp_extensions = [gp_sec_ext(logger)]
     local_path = '%s/Policies' % lp.get("realm").lower() + '/' + guid + '/'
     version = int(gpo.gpo_get_sysvol_gpt_version(lp.get("path", "sysvol") + '/' + local_path)[1])
     try:
@@ -214,7 +223,12 @@ for guid_eval in hierarchy_gpos:
             # If it we have not read it before and is not empty
             # Rewrite entire logfile here
             if  (version != 0) and GPO_Changed == True:
-                change_backlog = gpo_parser(gpolist, test_ldb, conn, attr_log)
+                logger.info('GPO %s has changed' % guid)
+                try:
+                    change_backlog = gpo_parser(gpolist, test_ldb, conn, attr_log)
+                except:
+                    logger.error('Failed to parse gpo %s' % guid)
+                    continue
     BackLog.store(guid, '%i' % version)
 BackLog.transaction_commit()
 BackLog.close()
-- 
2.10.2




More information about the samba-technical mailing list