From 6e7d037ace6a7977597fdd30dc676ebacb61e56c Mon Sep 17 00:00:00 2001 From: Garming Sam Date: Mon, 20 Nov 2017 10:28:33 +1300 Subject: [PATCH] Fix formating of sources to be less than 80 lines Signed-off-by: David Mulder Signed-off-by: Garming Sam Reviewed-by: Andrew Bartlett Autobuild-User(master): Garming Sam Autobuild-Date(master): Tue Nov 21 01:51:59 CET 2017 on sn-devel-144 --- libgpo/pygpo.c | 86 ++++++++++------ python/samba/gpclass.py | 135 +++++++++++++++++--------- source4/scripting/bin/samba_gpoupdate | 10 +- source4/torture/gpo/apply.c | 56 +++++++---- 4 files changed, 190 insertions(+), 97 deletions(-) diff --git a/libgpo/pygpo.c b/libgpo/pygpo.c index 1879f3bdeab..a54ddb98fe7 100644 --- a/libgpo/pygpo.c +++ b/libgpo/pygpo.c @@ -50,13 +50,18 @@ GPO_getter(user_extensions) GPO_getter(machine_extensions) static PyGetSetDef GPO_setters[] = { - {discard_const_p(char, "ds_path"), (getter)GPO_get_ds_path, NULL, NULL, NULL}, - {discard_const_p(char, "file_sys_path"), (getter)GPO_get_file_sys_path, NULL, NULL, NULL}, - {discard_const_p(char, "display_name"), (getter)GPO_get_display_name, NULL, NULL, NULL}, + {discard_const_p(char, "ds_path"), (getter)GPO_get_ds_path, NULL, NULL, + NULL}, + {discard_const_p(char, "file_sys_path"), (getter)GPO_get_file_sys_path, + NULL, NULL, NULL}, + {discard_const_p(char, "display_name"), (getter)GPO_get_display_name, NULL, + NULL, NULL}, {discard_const_p(char, "name"), (getter)GPO_get_name, NULL, NULL, NULL}, {discard_const_p(char, "link"), (getter)GPO_get_link, NULL, NULL, NULL}, - {discard_const_p(char, "user_extensions"), (getter)GPO_get_user_extensions, NULL, NULL, NULL}, - {discard_const_p(char, "machine_extensions"), (getter)GPO_get_machine_extensions, NULL, NULL, NULL}, + {discard_const_p(char, "user_extensions"), (getter)GPO_get_user_extensions, + NULL, NULL, NULL}, + {discard_const_p(char, "machine_extensions"), + (getter)GPO_get_machine_extensions, NULL, NULL, NULL}, {NULL} }; @@ -72,15 +77,19 @@ static PyObject *py_gpo_get_unix_path(PyObject *self, PyObject *args, struct GROUP_POLICY_OBJECT *gpo_ptr \ = (struct GROUP_POLICY_OBJECT *)pytalloc_get_ptr(self); - if (!PyArg_ParseTupleAndKeywords(args, kwds, "|s", discard_const_p(char *, kwlist), &cache_dir)) { - PyErr_SetString(PyExc_SystemError, "Failed to parse arguments to gpo_get_unix_path()"); + if (!PyArg_ParseTupleAndKeywords(args, kwds, "|s", + discard_const_p(char *, kwlist), + &cache_dir)) { + PyErr_SetString(PyExc_SystemError, + "Failed to parse arguments to gpo_get_unix_path()"); goto out; } if (!cache_dir) { cache_dir = cache_path(GPO_CACHE_DIR); if (!cache_dir) { - PyErr_SetString(PyExc_MemoryError, "Failed to determine gpo cache dir"); + PyErr_SetString(PyExc_MemoryError, + "Failed to determine gpo cache dir"); goto out; } } @@ -92,7 +101,8 @@ static PyObject *py_gpo_get_unix_path(PyObject *self, PyObject *args, TALLOC_FREE(frame); if (!NT_STATUS_IS_OK(status)) { - PyErr_SetString(PyExc_SystemError, "Failed to determine gpo unix path"); + PyErr_SetString(PyExc_SystemError, + "Failed to determine gpo unix path"); goto out; } @@ -145,8 +155,11 @@ static int py_ads_init(ADS *self, PyObject *args, PyObject *kwds) PyObject *lp_obj = NULL; struct loadparm_context *lp_ctx = NULL; - static const char *kwlist[] = {"ldap_server", "loadparm_context", "credentials", NULL}; - if (!PyArg_ParseTupleAndKeywords(args, kwds, "sO|O", discard_const_p(char *, kwlist), &ldap_server, &lp_obj, &py_creds)) + static const char *kwlist[] = {"ldap_server", "loadparm_context", + "credentials", NULL}; + if (!PyArg_ParseTupleAndKeywords(args, kwds, "sO|O", + discard_const_p(char *, kwlist), + &ldap_server, &lp_obj, &py_creds)) return -1; if (py_creds) { @@ -189,10 +202,13 @@ static PyObject* py_ads_connect(ADS *self) ADS_STATUS status; TALLOC_CTX *frame = talloc_stackframe(); if (self->cli_creds) { - self->ads_ptr->auth.user_name = SMB_STRDUP(cli_credentials_get_username(self->cli_creds)); -self->ads_ptr->auth.flags |= ADS_AUTH_USER_CREDS; - self->ads_ptr->auth.password = SMB_STRDUP(cli_credentials_get_password(self->cli_creds)); - self->ads_ptr->auth.realm = SMB_STRDUP(cli_credentials_get_realm(self->cli_creds)); + self->ads_ptr->auth.user_name = + SMB_STRDUP(cli_credentials_get_username(self->cli_creds)); + self->ads_ptr->auth.flags |= ADS_AUTH_USER_CREDS; + self->ads_ptr->auth.password = + SMB_STRDUP(cli_credentials_get_password(self->cli_creds)); + self->ads_ptr->auth.realm = + SMB_STRDUP(cli_credentials_get_realm(self->cli_creds)); status = ads_connect_user_creds(self->ads_ptr); if (!ADS_ERR_OK(status)) { @@ -203,7 +219,8 @@ self->ads_ptr->auth.flags |= ADS_AUTH_USER_CREDS; } else { char *passwd; - if (asprintf(&(self->ads_ptr->auth.user_name), "%s$", lp_netbios_name()) == -1) { + if (asprintf(&(self->ads_ptr->auth.user_name), "%s$", + lp_netbios_name()) == -1) { PyErr_SetString(PyExc_SystemError, "Failed to asprintf"); TALLOC_FREE(frame); Py_RETURN_FALSE; @@ -214,9 +231,11 @@ self->ads_ptr->auth.flags |= ADS_AUTH_USER_CREDS; TALLOC_FREE(frame); Py_RETURN_FALSE; } - - if (!(passwd = secrets_fetch_machine_password(self->ads_ptr->server.workgroup, NULL, NULL))) { - PyErr_SetString(PyExc_SystemError, "Failed to fetch the machine account password"); + if (!(passwd = + secrets_fetch_machine_password(self->ads_ptr->server.workgroup, + NULL, NULL))) { + PyErr_SetString(PyExc_SystemError, + "Failed to fetch the machine account password"); TALLOC_FREE(frame); Py_RETURN_FALSE; } @@ -244,7 +263,8 @@ self->ads_ptr->auth.flags |= ADS_AUTH_USER_CREDS; void initgpo(void); /* Global methods aka do not need a special pyobject type */ -static PyObject *py_gpo_get_sysvol_gpt_version(PyObject * self, PyObject * args) +static PyObject *py_gpo_get_sysvol_gpt_version(PyObject * self, + PyObject * args) { TALLOC_CTX *tmp_ctx = NULL; char *unix_path; @@ -272,7 +292,9 @@ static PyObject *py_gpo_get_sysvol_gpt_version(PyObject * self, PyObject * args) return result; } -static ADS_STATUS find_samaccount(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, const char *samaccountname, uint32_t *uac_ret, const char **dn_ret) +static ADS_STATUS find_samaccount(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, + const char *samaccountname, + uint32_t *uac_ret, const char **dn_ret) { ADS_STATUS status; const char *attrs[] = { "userAccountControl", NULL }; @@ -287,7 +309,8 @@ static ADS_STATUS find_samaccount(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, const ch goto out; } - status = ads_do_search_all(ads, ads->config.bind_path, LDAP_SCOPE_SUBTREE, filter, attrs, &res); + status = ads_do_search_all(ads, ads->config.bind_path, LDAP_SCOPE_SUBTREE, + filter, attrs, &res); if (!ADS_ERR_OK(status)) { goto out; @@ -343,8 +366,11 @@ static PyObject *py_ads_get_gpo_list(ADS *self, PyObject *args, PyObject *kwds) size_t i; static const char *kwlist[] = {"samaccountname", NULL}; - if (!PyArg_ParseTupleAndKeywords(args, kwds, "s", discard_const_p(char *, kwlist), &samaccountname)) { - PyErr_SetString(PyExc_SystemError, "Failed to parse arguments to py_ads_get_gpo_list()"); + if (!PyArg_ParseTupleAndKeywords(args, kwds, "s", + discard_const_p(char *, kwlist), + &samaccountname)) { + PyErr_SetString(PyExc_SystemError, + "Failed to parse arguments to py_ads_get_gpo_list()"); goto out; } @@ -370,7 +396,8 @@ static PyObject *py_ads_get_gpo_list(ADS *self, PyObject *args, PyObject *kwds) } gpo_ctx = talloc_new(frame); - status = ads_get_gpo_list(self->ads_ptr, gpo_ctx, dn, flags, token, &gpo_list); + status = ads_get_gpo_list(self->ads_ptr, gpo_ctx, dn, flags, token, + &gpo_list); if (!ADS_ERR_OK(status)) { TALLOC_FREE(frame); PyErr_SetString(PyExc_SystemError, "Failed to fetch GPO list"); @@ -409,7 +436,8 @@ out: } static PyMethodDef ADS_methods[] = { - { "connect", (PyCFunction)py_ads_connect, METH_NOARGS, "Connect to the LDAP server" }, + { "connect", (PyCFunction)py_ads_connect, METH_NOARGS, + "Connect to the LDAP server" }, { "get_gpo_list", (PyCFunction)py_ads_get_gpo_list, METH_KEYWORDS, NULL }, { NULL } }; @@ -426,7 +454,8 @@ static PyTypeObject ads_ADSType = { }; static PyMethodDef py_gpo_methods[] = { - {"gpo_get_sysvol_gpt_version", (PyCFunction) py_gpo_get_sysvol_gpt_version, METH_VARARGS, NULL}, + {"gpo_get_sysvol_gpt_version", (PyCFunction) py_gpo_get_sysvol_gpt_version, + METH_VARARGS, NULL}, {NULL} }; @@ -439,7 +468,8 @@ void initgpo(void) /* Instantiate the types */ m = Py_InitModule3("gpo", py_gpo_methods, "libgpo python bindings"); if (m == NULL) return; - PyModule_AddObject(m, "version", PyString_FromString(SAMBA_VERSION_STRING)); + PyModule_AddObject(m, "version", + PyString_FromString(SAMBA_VERSION_STRING)); if (PyType_Ready(&ads_ADSType) < 0) return; diff --git a/python/samba/gpclass.py b/python/samba/gpclass.py index c955005ad19..5a0ca9fdec7 100644 --- a/python/samba/gpclass.py +++ b/python/samba/gpclass.py @@ -44,7 +44,8 @@ except ImportError: class gp_log: ''' Log settings overwritten by gpo apply - The gp_log is an xml file that stores a history of gpo changes (and the original setting value). + The gp_log is an xml file that stores a history of gpo changes (and the + original setting value). The log is organized like so: @@ -69,19 +70,22 @@ class gp_log: - Each guid value contains a list of extensions, which contain a list of attributes. The guid value - represents a GPO. The attributes are the values of those settings prior to the application of - the GPO. - The list of guids is enclosed within a user name, which represents the user the settings were - applied to. This user may be the samaccountname of the local computer, which implies that these - are machine policies. - The applylog keeps track of the order in which the GPOs were applied, so that they can be rolled - back in reverse, returning the machine to the state prior to policy application. + Each guid value contains a list of extensions, which contain a list of + attributes. The guid value represents a GPO. The attributes are the values + of those settings prior to the application of the GPO. + The list of guids is enclosed within a user name, which represents the user + the settings were applied to. This user may be the samaccountname of the + local computer, which implies that these are machine policies. + The applylog keeps track of the order in which the GPOs were applied, so + that they can be rolled back in reverse, returning the machine to the state + prior to policy application. ''' def __init__(self, user, gpostore, db_log=None): ''' Initialize the gp_log - param user - the username (or machine name) that policies are being applied to - param gpostore - the GPOStorage obj which references the tdb which contains gp_logs + param user - the username (or machine name) that policies are + being applied to + param gpostore - the GPOStorage obj which references the tdb which + contains gp_logs param db_log - (optional) a string to initialize the gp_log ''' self._state = GPOSTATE.APPLY @@ -100,10 +104,11 @@ class gp_log: ''' Policy application state param value - APPLY, ENFORCE, or UNAPPLY - The behavior of the gp_log depends on whether we are applying policy, enforcing policy, - or unapplying policy. During an apply, old settings are recorded in the log. During an - enforce, settings are being applied but the gp_log does not change. During an unapply, - additions to the log should be ignored (since function calls to apply settings are actually + The behavior of the gp_log depends on whether we are applying policy, + enforcing policy, or unapplying policy. During an apply, old settings + are recorded in the log. During an enforce, settings are being applied + but the gp_log does not change. During an unapply, additions to the log + should be ignored (since function calls to apply settings are actually reverting policy), but removals from the log are allowed. ''' # If we're enforcing, but we've unapplied, apply instead @@ -118,7 +123,8 @@ class gp_log: def set_guid(self, guid): ''' Log to a different GPO guid - param guid - guid value of the GPO from which we're applying policy + param guid - guid value of the GPO from which we're applying + policy ''' self.guid = self.user.find('guid[@value="%s"]' % guid) if self.guid is None: @@ -136,7 +142,8 @@ class gp_log: ''' Pop a GPO guid from the applylog return - last applied GPO guid - Removes the GPO guid last added to the list, which is the most recently applied GPO. + Removes the GPO guid last added to the list, which is the most recently + applied GPO. ''' apply_log = self.user.find('applylog') if apply_log is not None: @@ -152,7 +159,8 @@ class gp_log: ''' Store an attribute in the gp_log param gp_ext_name - Name of the extension applying policy param attribute - The attribute being modified - param old_val - The value of the attribute prior to policy application + param old_val - The value of the attribute prior to policy + application ''' if self._state == GPOSTATE.UNAPPLY or self._state == GPOSTATE.ENFORCE: return None @@ -171,7 +179,8 @@ class gp_log: ''' Retrieve a stored attribute from the gp_log param gp_ext_name - Name of the extension which applied policy param attribute - The attribute being retrieved - return - The value of the attribute prior to policy application + return - The value of the attribute prior to policy + application ''' assert self.guid is not None, "gpo guid was not set" ext = self.guid.find('gp_ext[@name="%s"]' % gp_ext_name) @@ -182,9 +191,12 @@ class gp_log: return None def list(self, gp_extensions): - ''' Return a list of attributes, their previous values, and functions to set them - param gp_extensions - list of extension objects, for retrieving attr to func mappings - return - list of (attr, value, apply_func) tuples for unapplying policy + ''' Return a list of attributes, their previous values, and functions + to set them + param gp_extensions - list of extension objects, for retrieving attr to + func mappings + return - list of (attr, value, apply_func) tuples for + unapplying policy ''' assert self.guid is not None, "gpo guid was not set" ret = [] @@ -194,15 +206,18 @@ class gp_log: exts = self.guid.findall('gp_ext') if exts is not None: for ext in exts: - ext_map = {val[0]: val[1] for (key, val) in data_maps[ext.attrib['name']].items()} + ext_map = {val[0]: val[1] for (key, val) in \ + data_maps[ext.attrib['name']].items()} attrs = ext.findall('attribute') for attr in attrs: - ret.append((attr.attrib['name'], attr.text, ext_map[attr.attrib['name']])) + ret.append((attr.attrib['name'], attr.text, + ext_map[attr.attrib['name']])) return ret def delete(self, gp_ext_name, attribute): ''' Remove an attribute from the gp_log - param gp_ext_name - name of extension from which to remove the attribute + param gp_ext_name - name of extension from which to remove the + attribute param attribute - attribute to remove ''' assert self.guid is not None, "gpo guid was not set" @@ -313,7 +328,8 @@ class inf_to_kdc_tdb(inf_to): def set_kdc_tdb(self, val): old_val = self.gp_db.gpostore.get(self.attribute) - self.logger.info('%s was changed from %s to %s' % (self.attribute, old_val, val)) + self.logger.info('%s was changed from %s to %s' % (self.attribute, + old_val, val)) if val is not None: self.gp_db.gpostore.store(self.attribute, val) self.gp_db.store(str(self), self.attribute, old_val) @@ -323,40 +339,47 @@ class inf_to_kdc_tdb(inf_to): def mapper(self): return { 'kdc:user_ticket_lifetime': (self.set_kdc_tdb, self.explicit), - 'kdc:service_ticket_lifetime': (self.set_kdc_tdb, self.mins_to_hours), - 'kdc:renewal_lifetime': (self.set_kdc_tdb, self.days_to_hours), + 'kdc:service_ticket_lifetime': (self.set_kdc_tdb, + self.mins_to_hours), + 'kdc:renewal_lifetime': (self.set_kdc_tdb, + self.days_to_hours), } def __str__(self): return 'Kerberos Policy' class inf_to_ldb(inf_to): - '''This class takes the .inf file parameter (essentially a GPO file mapped to a GUID), - hashmaps it to the Samba parameter, which then uses an ldb object to update the - parameter to Samba4. Not registry oriented whatsoever. + '''This class takes the .inf file parameter (essentially a GPO file mapped + to a GUID), hashmaps it to the Samba parameter, which then uses an ldb + object to update the parameter to Samba4. Not registry oriented whatsoever. ''' def ch_minPwdAge(self, val): old_val = self.ldb.get_minPwdAge() - self.logger.info('KDC Minimum Password age was changed from %s to %s' % (old_val, val)) + self.logger.info('KDC Minimum Password age was changed from %s to %s' \ + % (old_val, val)) self.gp_db.store(str(self), self.attribute, old_val) self.ldb.set_minPwdAge(val) def ch_maxPwdAge(self, val): old_val = self.ldb.get_maxPwdAge() - self.logger.info('KDC Maximum Password age was changed from %s to %s' % (old_val, val)) + self.logger.info('KDC Maximum Password age was changed from %s to %s' \ + % (old_val, val)) self.gp_db.store(str(self), self.attribute, old_val) self.ldb.set_maxPwdAge(val) def ch_minPwdLength(self, val): old_val = self.ldb.get_minPwdLength() - self.logger.info('KDC Minimum Password length was changed from %s to %s' % (old_val, val)) + self.logger.info( + 'KDC Minimum Password length was changed from %s to %s' \ + % (old_val, val)) self.gp_db.store(str(self), self.attribute, old_val) self.ldb.set_minPwdLength(val) def ch_pwdProperties(self, val): old_val = self.ldb.get_pwdProperties() - self.logger.info('KDC Password Properties were changed from %s to %s' % (old_val, val)) + self.logger.info('KDC Password Properties were changed from %s to %s' \ + % (old_val, val)) self.gp_db.store(str(self), self.attribute, old_val) self.ldb.set_pwdProperties(val) @@ -373,7 +396,8 @@ class inf_to_ldb(inf_to): '''ldap value : samba setter''' return { "minPwdAge" : (self.ch_minPwdAge, self.days2rel_nttime), "maxPwdAge" : (self.ch_maxPwdAge, self.days2rel_nttime), - # Could be none, but I like the method assignment in update_samba + # Could be none, but I like the method assignment in + # update_samba "minPwdLength" : (self.ch_minPwdLength, self.explicit), "pwdProperties" : (self.ch_pwdProperties, self.explicit), @@ -398,7 +422,8 @@ class gp_sec_ext(gp_ext): return "Security GPO extension" def list(self, rootpath): - return os.path.join(rootpath, "MACHINE/Microsoft/Windows NT/SecEdit/GptTmpl.inf") + return os.path.join(rootpath, + "MACHINE/Microsoft/Windows NT/SecEdit/GptTmpl.inf") def listmachpol(self, rootpath): return os.path.join(rootpath, "Machine/Registry.pol") @@ -407,14 +432,27 @@ class gp_sec_ext(gp_ext): return os.path.join(rootpath, "User/Registry.pol") def apply_map(self): - return {"System Access": {"MinimumPasswordAge": ("minPwdAge", inf_to_ldb), - "MaximumPasswordAge": ("maxPwdAge", inf_to_ldb), - "MinimumPasswordLength": ("minPwdLength", inf_to_ldb), - "PasswordComplexity": ("pwdProperties", inf_to_ldb), + return {"System Access": {"MinimumPasswordAge": ("minPwdAge", + inf_to_ldb), + "MaximumPasswordAge": ("maxPwdAge", + inf_to_ldb), + "MinimumPasswordLength": ("minPwdLength", + inf_to_ldb), + "PasswordComplexity": ("pwdProperties", + inf_to_ldb), }, - "Kerberos Policy": {"MaxTicketAge": ("kdc:user_ticket_lifetime", inf_to_kdc_tdb), - "MaxServiceAge": ("kdc:service_ticket_lifetime", inf_to_kdc_tdb), - "MaxRenewAge": ("kdc:renewal_lifetime", inf_to_kdc_tdb), + "Kerberos Policy": {"MaxTicketAge": ( + "kdc:user_ticket_lifetime", + inf_to_kdc_tdb + ), + "MaxServiceAge": ( + "kdc:service_ticket_lifetime", + inf_to_kdc_tdb + ), + "MaxRenewAge": ( + "kdc:renewal_lifetime", + inf_to_kdc_tdb + ), } } @@ -447,7 +485,8 @@ class gp_sec_ext(gp_ext): (att, setter) = current_section.get(key) value = value.encode('ascii', 'ignore') ret = True - setter(self.logger, self.ldb, self.gp_db, self.lp, att, value).update_samba() + setter(self.logger, self.ldb, self.gp_db, self.lp, att, + value).update_samba() self.gp_db.commit() return ret @@ -461,8 +500,10 @@ class gp_sec_ext(gp_ext): try: blist = afile.split('/') idx = afile.lower().split('/').index('machine') - for case in [blist[idx].upper(), blist[idx].capitalize(), blist[idx].lower()]: - bfile = '/'.join(blist[:idx]) + '/' + case + '/' + '/'.join(blist[idx+1:]) + for case in [blist[idx].upper(), blist[idx].capitalize(), + blist[idx].lower()]: + bfile = '/'.join(blist[:idx]) + '/' + case + '/' + \ + '/'.join(blist[idx+1:]) try: return self.read_inf(bfile, conn) except NTSTATUSError: diff --git a/source4/scripting/bin/samba_gpoupdate b/source4/scripting/bin/samba_gpoupdate index 568830a7461..45852976a4e 100755 --- a/source4/scripting/bin/samba_gpoupdate +++ b/source4/scripting/bin/samba_gpoupdate @@ -64,8 +64,9 @@ def apply_gp(lp, creds, test_ldb, logger, store, gp_extensions): guid = gpo_obj.name if guid == 'Local Policy': continue - local_path = os.path.join(lp.get('realm').lower(), 'Policies', guid) - version = int(gpo.gpo_get_sysvol_gpt_version(os.path.join(lp.get("path", "sysvol"), local_path))[1]) + path = os.path.join(lp.get('realm').lower(), 'Policies', guid) + local_path = os.path.join(lp.get("path", "sysvol"), path) + version = int(gpo.gpo_get_sysvol_gpt_version(local_path)[1]) if version != store.get_int(guid): logger.info('GPO %s has changed' % guid) gp_db.state(GPOSTATE.APPLY) @@ -75,7 +76,7 @@ def apply_gp(lp, creds, test_ldb, logger, store, gp_extensions): store.start() try: for ext in gp_extensions: - ext.parse(ext.list(local_path), test_ldb, conn, gp_db, lp) + ext.parse(ext.list(path), test_ldb, conn, gp_db, lp) except: logger.error('Failed to parse gpo %s' % guid) store.cancel() @@ -112,7 +113,8 @@ if __name__ == "__main__": parser.add_option_group(options.VersionOptions(parser)) credopts = options.CredentialsOptions(parser) parser.add_option('-H', '--url', dest='url', help='URL for the samdb') - parser.add_option('-X', '--unapply', help='Unapply Group Policy', action='store_true') + parser.add_option('-X', '--unapply', help='Unapply Group Policy', + action='store_true') parser.add_option_group(credopts) # Set the options and the arguments diff --git a/source4/torture/gpo/apply.c b/source4/torture/gpo/apply.c index b6b9b0ee76a..1d168347add 100644 --- a/source4/torture/gpo/apply.c +++ b/source4/torture/gpo/apply.c @@ -32,7 +32,8 @@ struct torture_suite *gpo_apply_suite(TALLOC_CTX *ctx) { struct torture_suite *suite = torture_suite_create(ctx, "apply"); - torture_suite_add_simple_test(suite, "gpo_param_from_gpo", torture_gpo_system_access_policies); + torture_suite_add_simple_test(suite, "gpo_param_from_gpo", + torture_gpo_system_access_policies); suite->description = talloc_strdup(suite, "Group Policy apply tests"); @@ -64,7 +65,9 @@ static int unix2nttime(char *sval) return (strtoll(sval, NULL, 10) * -1 / 60 / 60 / 24 / 10000000); } -#define GPODIR "addom.samba.example.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/MACHINE/Microsoft/Windows NT/SecEdit" +#define GPODIR "addom.samba.example.com/Policies/"\ + "{31B2F340-016D-11D2-945F-00C04FB984F9}/MACHINE/Microsoft/"\ + "Windows NT/SecEdit" #define GPOFILE "GptTmpl.inf" #define GPTTMPL "[System Access]\n\ MinimumPasswordAge = %d\n\ @@ -72,12 +75,14 @@ MaximumPasswordAge = %d\n\ MinimumPasswordLength = %d\n\ PasswordComplexity = %d\n\ " -#define GPTINI "addom.samba.example.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/GPT.INI" +#define GPTINI "addom.samba.example.com/Policies/"\ + "{31B2F340-016D-11D2-945F-00C04FB984F9}/GPT.INI" bool torture_gpo_system_access_policies(struct torture_context *tctx) { int ret, vers = 0, i; - const char *sysvol_path = NULL, *gpo_dir = NULL, *gpo_file = NULL, *gpt_file = NULL; + const char *sysvol_path = NULL, *gpo_dir = NULL; + const char *gpo_file = NULL, *gpt_file = NULL; struct ldb_context *samdb = NULL; struct ldb_result *result; const char *attrs[] = { @@ -96,7 +101,8 @@ bool torture_gpo_system_access_policies(struct torture_context *tctx) int pwdpropcases[] = { 0, 1, 1 }; struct ldb_message *old_message = NULL; - sysvol_path = lpcfg_path(lpcfg_service(tctx->lp_ctx, "sysvol"), lpcfg_default_service(tctx->lp_ctx), tctx); + sysvol_path = lpcfg_path(lpcfg_service(tctx->lp_ctx, "sysvol"), + lpcfg_default_service(tctx->lp_ctx), tctx); torture_assert(tctx, sysvol_path, "Failed to fetch the sysvol path"); /* Ensure the sysvol path exists */ @@ -106,21 +112,27 @@ bool torture_gpo_system_access_policies(struct torture_context *tctx) /* Get the gpo update command */ gpo_update_cmd = lpcfg_gpo_update_command(tctx->lp_ctx); - torture_assert(tctx, gpo_update_cmd && gpo_update_cmd[0], "Failed to fetch the gpo update command"); + torture_assert(tctx, gpo_update_cmd && gpo_update_cmd[0], + "Failed to fetch the gpo update command"); /* Open and read the samba db and store the initial password settings */ - samdb = samdb_connect(tctx, tctx->ev, tctx->lp_ctx, system_session(tctx->lp_ctx), 0); + samdb = samdb_connect(tctx, tctx->ev, tctx->lp_ctx, + system_session(tctx->lp_ctx), 0); torture_assert(tctx, samdb, "Failed to connect to the samdb"); - ret = ldb_search(samdb, tctx, &result, ldb_get_default_basedn(samdb), LDB_SCOPE_BASE, attrs, NULL); - torture_assert(tctx, ret == LDB_SUCCESS && result->count == 1, "Searching the samdb failed"); + ret = ldb_search(samdb, tctx, &result, ldb_get_default_basedn(samdb), + LDB_SCOPE_BASE, attrs, NULL); + torture_assert(tctx, ret == LDB_SUCCESS && result->count == 1, + "Searching the samdb failed"); old_message = result->msgs[0]; for (i = 0; i < 3; i++) { /* Write out the sysvol */ if ( (fp = fopen(gpo_file, "w")) ) { - fputs(talloc_asprintf(tctx, GPTTMPL, minpwdcases[i], maxpwdcases[i], pwdlencases[i], pwdpropcases[i]), fp); + fputs(talloc_asprintf(tctx, GPTTMPL, minpwdcases[i], + maxpwdcases[i], pwdlencases[i], + pwdpropcases[i]), fp); fclose(fp); } @@ -137,33 +149,41 @@ bool torture_gpo_system_access_policies(struct torture_context *tctx) fclose(fp); } if ( (fp = fopen(gpt_file, "w")) ) { - char *data = talloc_asprintf(tctx, "[General]\nVersion=%d\n", ++vers); + char *data = talloc_asprintf(tctx, "[General]\nVersion=%d\n", + ++vers); fputs(data, fp); fclose(fp); } /* Run the gpo update command */ ret = exec_wait(gpo_update_cmd); - torture_assert(tctx, ret == 0, "Failed to execute the gpo update command"); + torture_assert(tctx, ret == 0, + "Failed to execute the gpo update command"); - ret = ldb_search(samdb, tctx, &result, ldb_get_default_basedn(samdb), LDB_SCOPE_BASE, attrs, NULL); - torture_assert(tctx, ret == LDB_SUCCESS && result->count == 1, "Searching the samdb failed"); + ret = ldb_search(samdb, tctx, &result, ldb_get_default_basedn(samdb), + LDB_SCOPE_BASE, attrs, NULL); + torture_assert(tctx, ret == LDB_SUCCESS && result->count == 1, + "Searching the samdb failed"); /* minPwdAge */ val = ldb_msg_find_ldb_val(result->msgs[0], attrs[0]); - torture_assert(tctx, unix2nttime((char*)val->data) == minpwdcases[i], "The minPwdAge was not applied"); + torture_assert(tctx, unix2nttime((char*)val->data) == minpwdcases[i], + "The minPwdAge was not applied"); /* maxPwdAge */ val = ldb_msg_find_ldb_val(result->msgs[0], attrs[1]); - torture_assert(tctx, unix2nttime((char*)val->data) == maxpwdcases[i], "The maxPwdAge was not applied"); + torture_assert(tctx, unix2nttime((char*)val->data) == maxpwdcases[i], + "The maxPwdAge was not applied"); /* minPwdLength */ val = ldb_msg_find_ldb_val(result->msgs[0], attrs[2]); - torture_assert(tctx, atoi((char*)val->data) == pwdlencases[i], "The minPwdLength was not applied"); + torture_assert(tctx, atoi((char*)val->data) == pwdlencases[i], + "The minPwdLength was not applied"); /* pwdProperties */ val = ldb_msg_find_ldb_val(result->msgs[0], attrs[3]); - torture_assert(tctx, atoi((char*)val->data) == pwdpropcases[i], "The pwdProperties were not applied"); + torture_assert(tctx, atoi((char*)val->data) == pwdpropcases[i], + "The pwdProperties were not applied"); } for (i = 0; i < old_message->num_elements; i++) { -- 2.47.3