[PATCHES] Make gpo extensible

David Mulder dmulder at suse.com
Mon Feb 12 17:35:23 UTC 2018


On 01/22/2018 02:59 PM, Garming Sam wrote:
> On 23/01/18 10:40, David Mulder wrote:
>> Reading straight from the sysvol is fine on a kdc, but doesn't work on a
>> client machine. That's the point of the patch. It's required for these
>> follow up patches, but wasn't really necessary in 4.8 anyhow.
>> On 01/22/2018 02:18 PM, Garming Sam wrote:
>>> Hi,
>>> I'd meant to ask you a question about the patch, but I couldn't manage
>>> to do that before the 4.8 cut-off. I didn't quite understand what the
>>> intent of the patch was. 
>>> apply_gp reads the version from the sysvol path, and then writes it to a
>>> file in the cache directory. But the gpo_version function always read it
>>> from sysvol anyways (and so this cache file is never really used)? Also,
>>> is the benefit of reading from a cache dir only to avoid the recurring
>>> SMB connection, or is there actually another reason?
>> I think you've misunderstood what the code is doing. gpo_version() reads
>> the GPT.INI files via smb (connected to the sysvol), and caches them on
>> the local system. It then reads the gpo versions from the cache. This is
>> redundant on a kdc, but not on a client. This is actually a precursor to
>> caching all relevant GPO files, which will enable offline group policy
>> apply (enforcing policy even when off the domain).
> Oh, I think I understand now. Cache is probably the wrong description
> for the behaviour (it's more like just another intermediate step). I
> think a proper comment is in order for that bit of code.
> One other thing I noticed was that the os.makedirs wasn't supplying any
> arguments. In Samba, these directories are usually created with
> particular permissions, and I'm pretty sure that the default would be wrong.
> Cheers,
> Garming

David Mulder
SUSE Labs Software Engineer - Samba
dmulder at suse.com
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)

More information about the samba-technical mailing list