[PATCH 08/18] gpo: create a local cifs connection to avoid case issues when searching for policies

Thu Feb 23 20:49:38 UTC 2017

Thank you so much for taking this on!

Can you clean up this patch a little?  I know it is as Garming wrote
it, but it has code that is commented out from the CIFS transition:

On Thu, 2017-02-23 at 13:22 -0700, David Mulder wrote:

> -    def read_inf(self, path):
> +    def read_inf(self, path, conn):
>          inftable = self.populate_inf()
>          '''The inf file to be mapped'''
> -        policy = codecs.open(path, encoding='utf-16')
> -        if not policy:
> +        #policy = codecs.open(path, encoding='utf-16')
> +	try:
> +            policy = conn.loadfile(path).decode('utf-16')
> +        except:
>              return None
>          current_section = None
> -        for line in policy.readlines():
> +        for line in policy.splitlines():
>              line = line.strip()
>              if line[0] == '[':
>                  section = line[1: -1]

> @@ -72,7 +73,8 @@ schemadn = test_ldb.get_schema_basedn()
>  basedn = test_ldb.get_default_basedn()
>  
>  '''Will need sysvol to write a basic GUID version dynamic log
> file'''
> -path = '%s/%s/%s' % (lp.get("path", "sysvol"),
> lp.get("realm").lower(), 'Policies')
> +#path = '%s/%s/%s' % (lp.get("path", "sysvol"),
> lp.get("realm").lower(), 'Policies')
> +path = '%s/Policies' % lp.get("realm").lower()
>  sys_log = '%s/%s' % (lp.get("path", "sysvol"), 'syslog.txt')
>  
>  '''Returns dict from previous logfile, then scraps the logfile '''

And in

> @@ -87,7 +89,23 @@ specific_ou = "OU=Domain Controllers"
>  global_dn = test_ldb.domain_dn()
>  print 'The global DN for this domain is ' + global_dn
>  DC_OU = specific_ou + ',' + global_dn
> -guid_list = os.listdir(path)
> +
> +net = Net(creds=creds, lp=lp)
> +
> +# We need to know writable DC to setup SMB connection
> +flags = (nbt.NBT_SERVER_LDAP |
> +	 nbt.NBT_SERVER_DS |
> +	 nbt.NBT_SERVER_WRITABLE)
> +cldap_ret = net.finddc(domain=lp.get('realm'), flags=flags)
> +dc_hostname = cldap_ret.pdc_dns_name
> +
> +try:
> +    conn = smb.SMB(dc_hostname, 'sysvol', lp=lp, creds=creds)
> +except Exception, e:
> +    raise Exception("Error connecting to '%s' using SMB" %
> dc_hostname, e)
> +
> +guid_list = [x['name'] for x in conn.list(path)]
> +#guid_list = os.listdir(path)
>  #guid_list = establish_hierarchy(test_ldb, guid_list, DC_OU,
> global_dn)
>  
>  hierarchy_gpos = samba4_gpo_hierarchy(test_ldb, guid_list, DC_OU,
> global_dn)

And in:

> @@ -106,8 +124,9 @@ for guid_eval in hierarchy_gpos.sorted_full:
>      '''If an important GPO parse it. Will not parse if it has not
> changed, is empty, or is not in the right container'''
>      if guid_eval[1]:
>          if gpolist[0][1]:
> -            if (version != previous_scanned_version.get(guid)) and
> (version != 0):
> -                print ('GPO %s has changed' % guid)
> -                gpo_parser(gpolist, test_ldb)
> +            #print version, previous_scanned_version.get(guid)
> +            #if (version != previous_scanned_version.get(guid)) and
> (version != 0):
> +            #    print ('GPO %s has changed' % guid)
> +            gpo_parser(gpolist, test_ldb, conn)
>  
>      sys_log.write('%s %i\n' % (guid,version))

I don't see a subsequent patch cleaning this up, but I may have missed
it.  Naturally just ping Garming on the cleaned up patch, I'm sure he
will be happy to see some progress here!

Thanks,

Andrew Bartlett