static bool test_lp_service(struct torture_context *tctx)
{
struct loadparm_context *lp_ctx = loadparm_init(tctx);
struct loadparm_service *service = lpcfg_add_service(lp_ctx, lpcfg_default_service(lp_ctx), "foo");
torture_assert(tctx, service == lpcfg_service(lp_ctx, "foo"), "invalid service");
return true;
}
static PyObject *py_lp_ctx_getitem(py_talloc_Object *self, PyObject *name)
{
struct loadparm_service *service;
if (!PyString_Check(name)) {
PyErr_SetString(PyExc_TypeError, "Only string subscripts are supported");
return NULL;
}
service = lpcfg_service(PyLoadparmContext_AsLoadparmContext(self), PyString_AsString(name));
if (service == NULL) {
PyErr_SetString(PyExc_KeyError, "No such section");
return NULL;
}
return PyLoadparmService_FromService(service);
}
static PyObject *py_lp_dump_a_parameter(PyObject *self, PyObject *args)
{
PyObject *py_stream;
char *param_name;
const char *section_name = NULL;
FILE *f;
struct loadparm_context *lp_ctx = PyLoadparmContext_AsLoadparmContext(self);
struct loadparm_service *service;
bool ret;
if (!PyArg_ParseTuple(args, "Os|z", &py_stream, ¶m_name, §ion_name))
return NULL;
f = PyFile_AsFile(py_stream);
if (f == NULL) {
return NULL;
}
if (section_name != NULL && strwicmp(section_name, GLOBAL_NAME) &&
strwicmp(section_name, GLOBAL_NAME2)) {
/* it's a share parameter */
service = lpcfg_service(lp_ctx, section_name);
if (service == NULL) {
PyErr_Format(PyExc_RuntimeError, "Unknown section %s", section_name);
return NULL;
}
} else {
/* it's global */
service = NULL;
section_name = "global";
}
ret = lpcfg_dump_a_parameter(lp_ctx, service, param_name, f);
if (!ret) {
PyErr_Format(PyExc_RuntimeError, "Parameter %s unknown for section %s", param_name, section_name);
return NULL;
}
Py_RETURN_NONE;
}
static PyObject *py_lp_ctx_get_helper(struct loadparm_context *lp_ctx, const char *service_name, const char *param_name)
{
struct parm_struct *parm = NULL;
void *parm_ptr = NULL;
int i;
if (service_name != NULL && strwicmp(service_name, GLOBAL_NAME) &&
strwicmp(service_name, GLOBAL_NAME2)) {
struct loadparm_service *service;
/* its a share parameter */
service = lpcfg_service(lp_ctx, service_name);
if (service == NULL) {
return NULL;
}
if (strchr(param_name, ':')) {
/* its a parametric option on a share */
const char *type = talloc_strndup(lp_ctx, param_name,
strcspn(param_name, ":"));
const char *option = strchr(param_name, ':') + 1;
const char *value;
if (type == NULL || option == NULL) {
return NULL;
}
value = lpcfg_get_parametric(lp_ctx, service, type, option);
if (value == NULL) {
return NULL;
}
return PyString_FromString(value);
}
parm = lpcfg_parm_struct(param_name);
if (parm == NULL || parm->p_class == P_GLOBAL) {
return NULL;
}
parm_ptr = lpcfg_parm_ptr(lp_ctx, service, parm);
} else if (strchr(param_name, ':')) {
/* its a global parametric option */
const char *type = talloc_strndup(lp_ctx,
param_name, strcspn(param_name, ":"));
const char *option = strchr(param_name, ':') + 1;
const char *value;
if (type == NULL || option == NULL) {
return NULL;
}
value = lpcfg_get_parametric(lp_ctx, NULL, type, option);
if (value == NULL)
return NULL;
return PyString_FromString(value);
} else {
/* its a global parameter */
parm = lpcfg_parm_struct(param_name);
if (parm == NULL) {
return NULL;
}
parm_ptr = lpcfg_parm_ptr(lp_ctx, NULL, parm);
}
if (parm == NULL || parm_ptr == NULL) {
return NULL;
}
/* construct and return the right type of python object */
switch (parm->type) {
case P_STRING:
case P_USTRING:
return PyString_FromString(*(char **)parm_ptr);
case P_BOOL:
return PyBool_FromLong(*(bool *)parm_ptr);
case P_INTEGER:
case P_OCTAL:
case P_BYTES:
return PyLong_FromLong(*(int *)parm_ptr);
case P_ENUM:
for (i=0; parm->enum_list[i].name; i++) {
if (*(int *)parm_ptr == parm->enum_list[i].value) {
return PyString_FromString(parm->enum_list[i].name);
}
}
return NULL;
case P_CMDLIST:
case P_LIST:
{
int j;
const char **strlist = *(const char ***)parm_ptr;
PyObject *pylist;
if(strlist == NULL) {
return PyList_New(0);
}
pylist = PyList_New(str_list_length(strlist));
for (j = 0; strlist[j]; j++)
PyList_SetItem(pylist, j,
PyString_FromString(strlist[j]));
return pylist;
}
break;
}
return NULL;
}
bool torture_gpo_system_access_policies(struct torture_context *tctx)
{
TALLOC_CTX *ctx = talloc_new(tctx);
int ret, vers = 0, i;
const char *sysvol_path = NULL, *gpo_dir = NULL;
const char *gpo_file = NULL, *gpt_file = NULL;
struct ldb_context *samdb = NULL;
struct ldb_result *result;
const char *attrs[] = {
"minPwdAge",
"maxPwdAge",
"minPwdLength",
"pwdProperties",
NULL
};
FILE *fp = NULL;
const char **gpo_update_cmd;
char **gpo_unapply_cmd;
int minpwdcases[] = { 0, 1, 998 };
int maxpwdcases[] = { 0, 1, 999 };
int pwdlencases[] = { 0, 1, 14 };
int pwdpropcases[] = { 0, 1, 1 };
struct ldb_message *old_message = NULL;
const char **itr;
int gpo_update_len = 0;
sysvol_path = lpcfg_path(lpcfg_service(tctx->lp_ctx, "sysvol"),
lpcfg_default_service(tctx->lp_ctx), tctx);
torture_assert(tctx, sysvol_path, "Failed to fetch the sysvol path");
/* Ensure the sysvol path exists */
gpo_dir = talloc_asprintf(ctx, "%s/%s", sysvol_path, GPODIR);
mkdir_p(gpo_dir, S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH);
gpo_file = talloc_asprintf(ctx, "%s/%s", gpo_dir, GPOFILE);
/* Get the gpo update command */
gpo_update_cmd = lpcfg_gpo_update_command(tctx->lp_ctx);
torture_assert(tctx, gpo_update_cmd && gpo_update_cmd[0],
"Failed to fetch the gpo update command");
/* Open and read the samba db and store the initial password settings */
samdb = samdb_connect(ctx,
tctx->ev,
tctx->lp_ctx,
system_session(tctx->lp_ctx),
NULL,
0);
torture_assert(tctx, samdb, "Failed to connect to the samdb");
ret = ldb_search(samdb, ctx, &result, ldb_get_default_basedn(samdb),
LDB_SCOPE_BASE, attrs, NULL);
torture_assert(tctx, ret == LDB_SUCCESS && result->count == 1,
"Searching the samdb failed");
old_message = result->msgs[0];
for (i = 0; i < 3; i++) {
/* Write out the sysvol */
if ( (fp = fopen(gpo_file, "w")) ) {
fputs(talloc_asprintf(ctx, GPTTMPL, minpwdcases[i],
maxpwdcases[i], pwdlencases[i],
pwdpropcases[i]), fp);
fclose(fp);
}
/* Update the version in the GPT.INI */
gpt_file = talloc_asprintf(ctx, "%s/%s", sysvol_path, GPTINI);
if ( (fp = fopen(gpt_file, "r")) ) {
char line[256];
while (fgets(line, 256, fp)) {
if (strncasecmp(line, "Version=", 8) == 0) {
vers = atoi(line+8);
break;
}
}
fclose(fp);
}
if ( (fp = fopen(gpt_file, "w")) ) {
char *data = talloc_asprintf(ctx,
"[General]\nVersion=%d\n",
++vers);
fputs(data, fp);
fclose(fp);
}
/* Run the gpo update command */
ret = exec_wait(discard_const_p(char *, gpo_update_cmd));
torture_assert(tctx, ret == 0,
"Failed to execute the gpo update command");
ret = ldb_search(samdb, ctx, &result,
ldb_get_default_basedn(samdb),
LDB_SCOPE_BASE, attrs, NULL);
torture_assert(tctx, ret == LDB_SUCCESS && result->count == 1,
"Searching the samdb failed");
/* minPwdAge */
torture_assert_int_equal(tctx, unix2nttime(
ldb_msg_find_attr_as_string(
result->msgs[0],
attrs[0],
"")), minpwdcases[i],
"The minPwdAge was not applied");
/* maxPwdAge */
torture_assert_int_equal(tctx, unix2nttime(
ldb_msg_find_attr_as_string(
result->msgs[0],
attrs[1],
"")), maxpwdcases[i],
"The maxPwdAge was not applied");
/* minPwdLength */
torture_assert_int_equal(tctx, ldb_msg_find_attr_as_int(
result->msgs[0],
attrs[2],
-1),
pwdlencases[i],
"The minPwdLength was not applied");
/* pwdProperties */
torture_assert_int_equal(tctx, ldb_msg_find_attr_as_int(
result->msgs[0],
attrs[3],
-1),
pwdpropcases[i],
"The pwdProperties were not applied");
}
/* Unapply the settings and verify they are removed */
for (itr = gpo_update_cmd; *itr != NULL; itr++) {
gpo_update_len++;
}
gpo_unapply_cmd = talloc_array(ctx, char*, gpo_update_len+2);
for (i = 0; i < gpo_update_len; i++) {
gpo_unapply_cmd[i] = talloc_strdup(gpo_unapply_cmd,
gpo_update_cmd[i]);
}
gpo_unapply_cmd[i] = talloc_asprintf(gpo_unapply_cmd, "--unapply");
gpo_unapply_cmd[i+1] = NULL;
ret = exec_wait(gpo_unapply_cmd);
torture_assert(tctx, ret == 0,
"Failed to execute the gpo unapply command");
ret = ldb_search(samdb, ctx, &result, ldb_get_default_basedn(samdb),
LDB_SCOPE_BASE, attrs, NULL);
torture_assert(tctx, ret == LDB_SUCCESS && result->count == 1,
"Searching the samdb failed");
/* minPwdAge */
torture_assert_int_equal(tctx, unix2nttime(ldb_msg_find_attr_as_string(
result->msgs[0],
attrs[0],
"")),
unix2nttime(ldb_msg_find_attr_as_string(old_message,
attrs[0],
"")
),
"The minPwdAge was not unapplied");
/* maxPwdAge */
torture_assert_int_equal(tctx, unix2nttime(ldb_msg_find_attr_as_string(
result->msgs[0],
attrs[1],
"")),
unix2nttime(ldb_msg_find_attr_as_string(old_message,
attrs[1],
"")
),
"The maxPwdAge was not unapplied");
/* minPwdLength */
torture_assert_int_equal(tctx, ldb_msg_find_attr_as_int(
result->msgs[0],
attrs[2],
-1),
ldb_msg_find_attr_as_int(
old_message,
attrs[2],
-2),
"The minPwdLength was not unapplied");
/* pwdProperties */
torture_assert_int_equal(tctx, ldb_msg_find_attr_as_int(
result->msgs[0],
attrs[3],
-1),
ldb_msg_find_attr_as_int(
old_message,
attrs[3],
-2),
"The pwdProperties were not unapplied");
talloc_free(ctx);
return true;
}
