[PATCH 17/18] gpo: Add logging and error handle
David Mulder
dmulder at suse.com
Thu Feb 23 20:22:09 UTC 2017
Add info logging to monitor gpo changes, etc. Also handle parse errors and log an error message, then recover.
Signed-off-by: David Mulder <dmulder at suse.com>
---
python/samba/gpclass.py | 12 ++++++++++--
source4/scripting/bin/samba_gpoupdate | 18 ++++++++++++++++--
2 files changed, 26 insertions(+), 4 deletions(-)
diff --git a/python/samba/gpclass.py b/python/samba/gpclass.py
index e6b1ce7..4c7b4fb 100755
--- a/python/samba/gpclass.py
+++ b/python/samba/gpclass.py
@@ -43,22 +43,27 @@ class inf_to_ldb(object):
parameter to Samba4. Not registry oriented whatsoever.
'''
- def __init__(self, ldb, dn, attribute, val):
+ def __init__(self, logger, ldb, dn, attribute, val):
+ self.logger = logger
self.ldb = ldb
self.dn = dn
self.attribute = attribute
self.val = val
def ch_minPwdAge(self, val):
+ self.logger.info('KDC Minimum Password age was changed from %s to %s' % (self.ldb.get_minPwdAge(), val))
self.ldb.set_minPwdAge(val)
def ch_maxPwdAge(self, val):
+ self.logger.info('KDC Maximum Password age was changed from %s to %s' % (self.ldb.get_maxPwdAge(), val))
self.ldb.set_maxPwdAge(val)
def ch_minPwdLength(self, val):
+ self.logger.info('KDC Minimum Password length was changed from %s to %s' % (self.ldb.get_minPwdLength(), val))
self.ldb.set_minPwdLength(val)
def ch_pwdProperties(self, val):
+ self.logger.info('KDC Password Properties were changed from %s to %s' % (self.ldb.get_pwdProperties(), val))
self.ldb.set_pwdProperties(val)
def explicit(self):
@@ -96,6 +101,9 @@ class gp_sec_ext(gp_ext):
count = 0
+ def __init__(self, logger):
+ self.logger = logger
+
def __str__(self):
return "Security GPO extension"
@@ -150,7 +158,7 @@ class gp_sec_ext(gp_ext):
(att, setter) = current_section.get(key)
value = value.encode('ascii', 'ignore')
ret = True
- setter(self.ldb, self.dn, att, value).update_samba()
+ setter(self.logger, self.ldb, self.dn, att, value).update_samba()
return ret
def parse(self, afile, ldb, conn, attr_log):
diff --git a/source4/scripting/bin/samba_gpoupdate b/source4/scripting/bin/samba_gpoupdate
index e092038..17bac76 100755
--- a/source4/scripting/bin/samba_gpoupdate
+++ b/source4/scripting/bin/samba_gpoupdate
@@ -24,6 +24,7 @@ from samba.gpclass import *
from samba.net import Net
from samba.dcerpc import nbt
from samba import smb
+import logging
# Finds all GPO Files ending in inf
@@ -77,6 +78,7 @@ class GPOServiceSetup:
self.parser.add_option_group(options.VersionOptions(self.parser))
self.init_credopts()
self.parser.add_option("-H", dest="url", help="URL for the samdb")
+ self.parser.add_option('-v', '--verbose', help='Print verbose messages', action="store_true")
self.parser.add_option_group(self.credopts)
def init_argsopts(self):
@@ -132,6 +134,13 @@ class GPOServiceSetup:
GPOService = GPOServiceSetup()
GPOService.InitializeService()
+# Set up logging
+logger = logging.getLogger('samba_gpoupdate')
+logger.addHandler(logging.StreamHandler(sys.stdout))
+logger.setLevel(logging.WARN)
+if GPOService.opts.verbose:
+ logger.setLevel(logging.DEBUG)
+
# Get the Samba Instance
test_ldb = GPOService.Get_LDB()
@@ -197,7 +206,7 @@ if (GPO_Deleted):
BackLog.transaction_start()
for guid_eval in hierarchy_gpos:
guid = guid_eval[0]
- gp_extensions = [gp_sec_ext()]
+ gp_extensions = [gp_sec_ext(logger)]
local_path = '%s/Policies' % lp.get("realm").lower() + '/' + guid + '/'
version = int(gpo.gpo_get_sysvol_gpt_version(lp.get("path", "sysvol") + '/' + local_path)[1])
try:
@@ -214,7 +223,12 @@ for guid_eval in hierarchy_gpos:
# If it we have not read it before and is not empty
# Rewrite entire logfile here
if (version != 0) and GPO_Changed == True:
- change_backlog = gpo_parser(gpolist, test_ldb, conn, attr_log)
+ logger.info('GPO %s has changed' % guid)
+ try:
+ change_backlog = gpo_parser(gpolist, test_ldb, conn, attr_log)
+ except:
+ logger.error('Failed to parse gpo %s' % guid)
+ continue
BackLog.store(guid, '%i' % version)
BackLog.transaction_commit()
BackLog.close()
--
2.10.2
More information about the samba-technical
mailing list