GPO_getter(machine_extensions)
static PyGetSetDef GPO_setters[] = {
- {discard_const_p(char, "ds_path"), (getter)GPO_get_ds_path, NULL, NULL, NULL},
- {discard_const_p(char, "file_sys_path"), (getter)GPO_get_file_sys_path, NULL, NULL, NULL},
- {discard_const_p(char, "display_name"), (getter)GPO_get_display_name, NULL, NULL, NULL},
+ {discard_const_p(char, "ds_path"), (getter)GPO_get_ds_path, NULL, NULL,
+ NULL},
+ {discard_const_p(char, "file_sys_path"), (getter)GPO_get_file_sys_path,
+ NULL, NULL, NULL},
+ {discard_const_p(char, "display_name"), (getter)GPO_get_display_name, NULL,
+ NULL, NULL},
{discard_const_p(char, "name"), (getter)GPO_get_name, NULL, NULL, NULL},
{discard_const_p(char, "link"), (getter)GPO_get_link, NULL, NULL, NULL},
- {discard_const_p(char, "user_extensions"), (getter)GPO_get_user_extensions, NULL, NULL, NULL},
- {discard_const_p(char, "machine_extensions"), (getter)GPO_get_machine_extensions, NULL, NULL, NULL},
+ {discard_const_p(char, "user_extensions"), (getter)GPO_get_user_extensions,
+ NULL, NULL, NULL},
+ {discard_const_p(char, "machine_extensions"),
+ (getter)GPO_get_machine_extensions, NULL, NULL, NULL},
{NULL}
};
struct GROUP_POLICY_OBJECT *gpo_ptr \
= (struct GROUP_POLICY_OBJECT *)pytalloc_get_ptr(self);
- if (!PyArg_ParseTupleAndKeywords(args, kwds, "|s", discard_const_p(char *, kwlist), &cache_dir)) {
- PyErr_SetString(PyExc_SystemError, "Failed to parse arguments to gpo_get_unix_path()");
+ if (!PyArg_ParseTupleAndKeywords(args, kwds, "|s",
+ discard_const_p(char *, kwlist),
+ &cache_dir)) {
+ PyErr_SetString(PyExc_SystemError,
+ "Failed to parse arguments to gpo_get_unix_path()");
goto out;
}
if (!cache_dir) {
cache_dir = cache_path(GPO_CACHE_DIR);
if (!cache_dir) {
- PyErr_SetString(PyExc_MemoryError, "Failed to determine gpo cache dir");
+ PyErr_SetString(PyExc_MemoryError,
+ "Failed to determine gpo cache dir");
goto out;
}
}
TALLOC_FREE(frame);
if (!NT_STATUS_IS_OK(status)) {
- PyErr_SetString(PyExc_SystemError, "Failed to determine gpo unix path");
+ PyErr_SetString(PyExc_SystemError,
+ "Failed to determine gpo unix path");
goto out;
}
PyObject *lp_obj = NULL;
struct loadparm_context *lp_ctx = NULL;
- static const char *kwlist[] = {"ldap_server", "loadparm_context", "credentials", NULL};
- if (!PyArg_ParseTupleAndKeywords(args, kwds, "sO|O", discard_const_p(char *, kwlist), &ldap_server, &lp_obj, &py_creds))
+ static const char *kwlist[] = {"ldap_server", "loadparm_context",
+ "credentials", NULL};
+ if (!PyArg_ParseTupleAndKeywords(args, kwds, "sO|O",
+ discard_const_p(char *, kwlist),
+ &ldap_server, &lp_obj, &py_creds))
return -1;
if (py_creds) {
ADS_STATUS status;
TALLOC_CTX *frame = talloc_stackframe();
if (self->cli_creds) {
- self->ads_ptr->auth.user_name = SMB_STRDUP(cli_credentials_get_username(self->cli_creds));
-self->ads_ptr->auth.flags |= ADS_AUTH_USER_CREDS;
- self->ads_ptr->auth.password = SMB_STRDUP(cli_credentials_get_password(self->cli_creds));
- self->ads_ptr->auth.realm = SMB_STRDUP(cli_credentials_get_realm(self->cli_creds));
+ self->ads_ptr->auth.user_name =
+ SMB_STRDUP(cli_credentials_get_username(self->cli_creds));
+ self->ads_ptr->auth.flags |= ADS_AUTH_USER_CREDS;
+ self->ads_ptr->auth.password =
+ SMB_STRDUP(cli_credentials_get_password(self->cli_creds));
+ self->ads_ptr->auth.realm =
+ SMB_STRDUP(cli_credentials_get_realm(self->cli_creds));
status = ads_connect_user_creds(self->ads_ptr);
if (!ADS_ERR_OK(status)) {
} else {
char *passwd;
- if (asprintf(&(self->ads_ptr->auth.user_name), "%s$", lp_netbios_name()) == -1) {
+ if (asprintf(&(self->ads_ptr->auth.user_name), "%s$",
+ lp_netbios_name()) == -1) {
PyErr_SetString(PyExc_SystemError, "Failed to asprintf");
TALLOC_FREE(frame);
Py_RETURN_FALSE;
TALLOC_FREE(frame);
Py_RETURN_FALSE;
}
-
- if (!(passwd = secrets_fetch_machine_password(self->ads_ptr->server.workgroup, NULL, NULL))) {
- PyErr_SetString(PyExc_SystemError, "Failed to fetch the machine account password");
+ if (!(passwd =
+ secrets_fetch_machine_password(self->ads_ptr->server.workgroup,
+ NULL, NULL))) {
+ PyErr_SetString(PyExc_SystemError,
+ "Failed to fetch the machine account password");
TALLOC_FREE(frame);
Py_RETURN_FALSE;
}
void initgpo(void);
/* Global methods aka do not need a special pyobject type */
-static PyObject *py_gpo_get_sysvol_gpt_version(PyObject * self, PyObject * args)
+static PyObject *py_gpo_get_sysvol_gpt_version(PyObject * self,
+ PyObject * args)
{
TALLOC_CTX *tmp_ctx = NULL;
char *unix_path;
return result;
}
-static ADS_STATUS find_samaccount(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, const char *samaccountname, uint32_t *uac_ret, const char **dn_ret)
+static ADS_STATUS find_samaccount(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx,
+ const char *samaccountname,
+ uint32_t *uac_ret, const char **dn_ret)
{
ADS_STATUS status;
const char *attrs[] = { "userAccountControl", NULL };
goto out;
}
- status = ads_do_search_all(ads, ads->config.bind_path, LDAP_SCOPE_SUBTREE, filter, attrs, &res);
+ status = ads_do_search_all(ads, ads->config.bind_path, LDAP_SCOPE_SUBTREE,
+ filter, attrs, &res);
if (!ADS_ERR_OK(status)) {
goto out;
size_t i;
static const char *kwlist[] = {"samaccountname", NULL};
- if (!PyArg_ParseTupleAndKeywords(args, kwds, "s", discard_const_p(char *, kwlist), &samaccountname)) {
- PyErr_SetString(PyExc_SystemError, "Failed to parse arguments to py_ads_get_gpo_list()");
+ if (!PyArg_ParseTupleAndKeywords(args, kwds, "s",
+ discard_const_p(char *, kwlist),
+ &samaccountname)) {
+ PyErr_SetString(PyExc_SystemError,
+ "Failed to parse arguments to py_ads_get_gpo_list()");
goto out;
}
}
gpo_ctx = talloc_new(frame);
- status = ads_get_gpo_list(self->ads_ptr, gpo_ctx, dn, flags, token, &gpo_list);
+ status = ads_get_gpo_list(self->ads_ptr, gpo_ctx, dn, flags, token,
+ &gpo_list);
if (!ADS_ERR_OK(status)) {
TALLOC_FREE(frame);
PyErr_SetString(PyExc_SystemError, "Failed to fetch GPO list");
}
static PyMethodDef ADS_methods[] = {
- { "connect", (PyCFunction)py_ads_connect, METH_NOARGS, "Connect to the LDAP server" },
+ { "connect", (PyCFunction)py_ads_connect, METH_NOARGS,
+ "Connect to the LDAP server" },
{ "get_gpo_list", (PyCFunction)py_ads_get_gpo_list, METH_KEYWORDS, NULL },
{ NULL }
};
};
static PyMethodDef py_gpo_methods[] = {
- {"gpo_get_sysvol_gpt_version", (PyCFunction) py_gpo_get_sysvol_gpt_version, METH_VARARGS, NULL},
+ {"gpo_get_sysvol_gpt_version", (PyCFunction) py_gpo_get_sysvol_gpt_version,
+ METH_VARARGS, NULL},
{NULL}
};
/* Instantiate the types */
m = Py_InitModule3("gpo", py_gpo_methods, "libgpo python bindings");
if (m == NULL) return;
- PyModule_AddObject(m, "version", PyString_FromString(SAMBA_VERSION_STRING));
+ PyModule_AddObject(m, "version",
+ PyString_FromString(SAMBA_VERSION_STRING));
if (PyType_Ready(&ads_ADSType) < 0)
return;
class gp_log:
''' Log settings overwritten by gpo apply
- The gp_log is an xml file that stores a history of gpo changes (and the original setting value).
+ The gp_log is an xml file that stores a history of gpo changes (and the
+ original setting value).
The log is organized like so:
</user>
</gp>
- Each guid value contains a list of extensions, which contain a list of attributes. The guid value
- represents a GPO. The attributes are the values of those settings prior to the application of
- the GPO.
- The list of guids is enclosed within a user name, which represents the user the settings were
- applied to. This user may be the samaccountname of the local computer, which implies that these
- are machine policies.
- The applylog keeps track of the order in which the GPOs were applied, so that they can be rolled
- back in reverse, returning the machine to the state prior to policy application.
+ Each guid value contains a list of extensions, which contain a list of
+ attributes. The guid value represents a GPO. The attributes are the values
+ of those settings prior to the application of the GPO.
+ The list of guids is enclosed within a user name, which represents the user
+ the settings were applied to. This user may be the samaccountname of the
+ local computer, which implies that these are machine policies.
+ The applylog keeps track of the order in which the GPOs were applied, so
+ that they can be rolled back in reverse, returning the machine to the state
+ prior to policy application.
'''
def __init__(self, user, gpostore, db_log=None):
''' Initialize the gp_log
- param user - the username (or machine name) that policies are being applied to
- param gpostore - the GPOStorage obj which references the tdb which contains gp_logs
+ param user - the username (or machine name) that policies are
+ being applied to
+ param gpostore - the GPOStorage obj which references the tdb which
+ contains gp_logs
param db_log - (optional) a string to initialize the gp_log
'''
self._state = GPOSTATE.APPLY
''' Policy application state
param value - APPLY, ENFORCE, or UNAPPLY
- The behavior of the gp_log depends on whether we are applying policy, enforcing policy,
- or unapplying policy. During an apply, old settings are recorded in the log. During an
- enforce, settings are being applied but the gp_log does not change. During an unapply,
- additions to the log should be ignored (since function calls to apply settings are actually
+ The behavior of the gp_log depends on whether we are applying policy,
+ enforcing policy, or unapplying policy. During an apply, old settings
+ are recorded in the log. During an enforce, settings are being applied
+ but the gp_log does not change. During an unapply, additions to the log
+ should be ignored (since function calls to apply settings are actually
reverting policy), but removals from the log are allowed.
'''
# If we're enforcing, but we've unapplied, apply instead
def set_guid(self, guid):
''' Log to a different GPO guid
- param guid - guid value of the GPO from which we're applying policy
+ param guid - guid value of the GPO from which we're applying
+ policy
'''
self.guid = self.user.find('guid[@value="%s"]' % guid)
if self.guid is None:
''' Pop a GPO guid from the applylog
return - last applied GPO guid
- Removes the GPO guid last added to the list, which is the most recently applied GPO.
+ Removes the GPO guid last added to the list, which is the most recently
+ applied GPO.
'''
apply_log = self.user.find('applylog')
if apply_log is not None:
''' Store an attribute in the gp_log
param gp_ext_name - Name of the extension applying policy
param attribute - The attribute being modified
- param old_val - The value of the attribute prior to policy application
+ param old_val - The value of the attribute prior to policy
+ application
'''
if self._state == GPOSTATE.UNAPPLY or self._state == GPOSTATE.ENFORCE:
return None
''' Retrieve a stored attribute from the gp_log
param gp_ext_name - Name of the extension which applied policy
param attribute - The attribute being retrieved
- return - The value of the attribute prior to policy application
+ return - The value of the attribute prior to policy
+ application
'''
assert self.guid is not None, "gpo guid was not set"
ext = self.guid.find('gp_ext[@name="%s"]' % gp_ext_name)
return None
def list(self, gp_extensions):
- ''' Return a list of attributes, their previous values, and functions to set them
- param gp_extensions - list of extension objects, for retrieving attr to func mappings
- return - list of (attr, value, apply_func) tuples for unapplying policy
+ ''' Return a list of attributes, their previous values, and functions
+ to set them
+ param gp_extensions - list of extension objects, for retrieving attr to
+ func mappings
+ return - list of (attr, value, apply_func) tuples for
+ unapplying policy
'''
assert self.guid is not None, "gpo guid was not set"
ret = []
exts = self.guid.findall('gp_ext')
if exts is not None:
for ext in exts:
- ext_map = {val[0]: val[1] for (key, val) in data_maps[ext.attrib['name']].items()}
+ ext_map = {val[0]: val[1] for (key, val) in \
+ data_maps[ext.attrib['name']].items()}
attrs = ext.findall('attribute')
for attr in attrs:
- ret.append((attr.attrib['name'], attr.text, ext_map[attr.attrib['name']]))
+ ret.append((attr.attrib['name'], attr.text,
+ ext_map[attr.attrib['name']]))
return ret
def delete(self, gp_ext_name, attribute):
''' Remove an attribute from the gp_log
- param gp_ext_name - name of extension from which to remove the attribute
+ param gp_ext_name - name of extension from which to remove the
+ attribute
param attribute - attribute to remove
'''
assert self.guid is not None, "gpo guid was not set"
def set_kdc_tdb(self, val):
old_val = self.gp_db.gpostore.get(self.attribute)
- self.logger.info('%s was changed from %s to %s' % (self.attribute, old_val, val))
+ self.logger.info('%s was changed from %s to %s' % (self.attribute,
+ old_val, val))
if val is not None:
self.gp_db.gpostore.store(self.attribute, val)
self.gp_db.store(str(self), self.attribute, old_val)
def mapper(self):
return { 'kdc:user_ticket_lifetime': (self.set_kdc_tdb, self.explicit),
- 'kdc:service_ticket_lifetime': (self.set_kdc_tdb, self.mins_to_hours),
- 'kdc:renewal_lifetime': (self.set_kdc_tdb, self.days_to_hours),
+ 'kdc:service_ticket_lifetime': (self.set_kdc_tdb,
+ self.mins_to_hours),
+ 'kdc:renewal_lifetime': (self.set_kdc_tdb,
+ self.days_to_hours),
}
def __str__(self):
return 'Kerberos Policy'
class inf_to_ldb(inf_to):
- '''This class takes the .inf file parameter (essentially a GPO file mapped to a GUID),
- hashmaps it to the Samba parameter, which then uses an ldb object to update the
- parameter to Samba4. Not registry oriented whatsoever.
+ '''This class takes the .inf file parameter (essentially a GPO file mapped
+ to a GUID), hashmaps it to the Samba parameter, which then uses an ldb
+ object to update the parameter to Samba4. Not registry oriented whatsoever.
'''
def ch_minPwdAge(self, val):
old_val = self.ldb.get_minPwdAge()
- self.logger.info('KDC Minimum Password age was changed from %s to %s' % (old_val, val))
+ self.logger.info('KDC Minimum Password age was changed from %s to %s' \
+ % (old_val, val))
self.gp_db.store(str(self), self.attribute, old_val)
self.ldb.set_minPwdAge(val)
def ch_maxPwdAge(self, val):
old_val = self.ldb.get_maxPwdAge()
- self.logger.info('KDC Maximum Password age was changed from %s to %s' % (old_val, val))
+ self.logger.info('KDC Maximum Password age was changed from %s to %s' \
+ % (old_val, val))
self.gp_db.store(str(self), self.attribute, old_val)
self.ldb.set_maxPwdAge(val)
def ch_minPwdLength(self, val):
old_val = self.ldb.get_minPwdLength()
- self.logger.info('KDC Minimum Password length was changed from %s to %s' % (old_val, val))
+ self.logger.info(
+ 'KDC Minimum Password length was changed from %s to %s' \
+ % (old_val, val))
self.gp_db.store(str(self), self.attribute, old_val)
self.ldb.set_minPwdLength(val)
def ch_pwdProperties(self, val):
old_val = self.ldb.get_pwdProperties()
- self.logger.info('KDC Password Properties were changed from %s to %s' % (old_val, val))
+ self.logger.info('KDC Password Properties were changed from %s to %s' \
+ % (old_val, val))
self.gp_db.store(str(self), self.attribute, old_val)
self.ldb.set_pwdProperties(val)
'''ldap value : samba setter'''
return { "minPwdAge" : (self.ch_minPwdAge, self.days2rel_nttime),
"maxPwdAge" : (self.ch_maxPwdAge, self.days2rel_nttime),
- # Could be none, but I like the method assignment in update_samba
+ # Could be none, but I like the method assignment in
+ # update_samba
"minPwdLength" : (self.ch_minPwdLength, self.explicit),
"pwdProperties" : (self.ch_pwdProperties, self.explicit),
return "Security GPO extension"
def list(self, rootpath):
- return os.path.join(rootpath, "MACHINE/Microsoft/Windows NT/SecEdit/GptTmpl.inf")
+ return os.path.join(rootpath,
+ "MACHINE/Microsoft/Windows NT/SecEdit/GptTmpl.inf")
def listmachpol(self, rootpath):
return os.path.join(rootpath, "Machine/Registry.pol")
return os.path.join(rootpath, "User/Registry.pol")
def apply_map(self):
- return {"System Access": {"MinimumPasswordAge": ("minPwdAge", inf_to_ldb),
- "MaximumPasswordAge": ("maxPwdAge", inf_to_ldb),
- "MinimumPasswordLength": ("minPwdLength", inf_to_ldb),
- "PasswordComplexity": ("pwdProperties", inf_to_ldb),
+ return {"System Access": {"MinimumPasswordAge": ("minPwdAge",
+ inf_to_ldb),
+ "MaximumPasswordAge": ("maxPwdAge",
+ inf_to_ldb),
+ "MinimumPasswordLength": ("minPwdLength",
+ inf_to_ldb),
+ "PasswordComplexity": ("pwdProperties",
+ inf_to_ldb),
},
- "Kerberos Policy": {"MaxTicketAge": ("kdc:user_ticket_lifetime", inf_to_kdc_tdb),
- "MaxServiceAge": ("kdc:service_ticket_lifetime", inf_to_kdc_tdb),
- "MaxRenewAge": ("kdc:renewal_lifetime", inf_to_kdc_tdb),
+ "Kerberos Policy": {"MaxTicketAge": (
+ "kdc:user_ticket_lifetime",
+ inf_to_kdc_tdb
+ ),
+ "MaxServiceAge": (
+ "kdc:service_ticket_lifetime",
+ inf_to_kdc_tdb
+ ),
+ "MaxRenewAge": (
+ "kdc:renewal_lifetime",
+ inf_to_kdc_tdb
+ ),
}
}
(att, setter) = current_section.get(key)
value = value.encode('ascii', 'ignore')
ret = True
- setter(self.logger, self.ldb, self.gp_db, self.lp, att, value).update_samba()
+ setter(self.logger, self.ldb, self.gp_db, self.lp, att,
+ value).update_samba()
self.gp_db.commit()
return ret
try:
blist = afile.split('/')
idx = afile.lower().split('/').index('machine')
- for case in [blist[idx].upper(), blist[idx].capitalize(), blist[idx].lower()]:
- bfile = '/'.join(blist[:idx]) + '/' + case + '/' + '/'.join(blist[idx+1:])
+ for case in [blist[idx].upper(), blist[idx].capitalize(),
+ blist[idx].lower()]:
+ bfile = '/'.join(blist[:idx]) + '/' + case + '/' + \
+ '/'.join(blist[idx+1:])
try:
return self.read_inf(bfile, conn)
except NTSTATUSError:
guid = gpo_obj.name
if guid == 'Local Policy':
continue
- local_path = os.path.join(lp.get('realm').lower(), 'Policies', guid)
- version = int(gpo.gpo_get_sysvol_gpt_version(os.path.join(lp.get("path", "sysvol"), local_path))[1])
+ path = os.path.join(lp.get('realm').lower(), 'Policies', guid)
+ local_path = os.path.join(lp.get("path", "sysvol"), path)
+ version = int(gpo.gpo_get_sysvol_gpt_version(local_path)[1])
if version != store.get_int(guid):
logger.info('GPO %s has changed' % guid)
gp_db.state(GPOSTATE.APPLY)
store.start()
try:
for ext in gp_extensions:
- ext.parse(ext.list(local_path), test_ldb, conn, gp_db, lp)
+ ext.parse(ext.list(path), test_ldb, conn, gp_db, lp)
except:
logger.error('Failed to parse gpo %s' % guid)
store.cancel()
parser.add_option_group(options.VersionOptions(parser))
credopts = options.CredentialsOptions(parser)
parser.add_option('-H', '--url', dest='url', help='URL for the samdb')
- parser.add_option('-X', '--unapply', help='Unapply Group Policy', action='store_true')
+ parser.add_option('-X', '--unapply', help='Unapply Group Policy',
+ action='store_true')
parser.add_option_group(credopts)
# Set the options and the arguments
{
struct torture_suite *suite = torture_suite_create(ctx, "apply");
- torture_suite_add_simple_test(suite, "gpo_param_from_gpo", torture_gpo_system_access_policies);
+ torture_suite_add_simple_test(suite, "gpo_param_from_gpo",
+ torture_gpo_system_access_policies);
suite->description = talloc_strdup(suite, "Group Policy apply tests");
return (strtoll(sval, NULL, 10) * -1 / 60 / 60 / 24 / 10000000);
}
-#define GPODIR "addom.samba.example.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/MACHINE/Microsoft/Windows NT/SecEdit"
+#define GPODIR "addom.samba.example.com/Policies/"\
+ "{31B2F340-016D-11D2-945F-00C04FB984F9}/MACHINE/Microsoft/"\
+ "Windows NT/SecEdit"
#define GPOFILE "GptTmpl.inf"
#define GPTTMPL "[System Access]\n\
MinimumPasswordAge = %d\n\
MinimumPasswordLength = %d\n\
PasswordComplexity = %d\n\
"
-#define GPTINI "addom.samba.example.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/GPT.INI"
+#define GPTINI "addom.samba.example.com/Policies/"\
+ "{31B2F340-016D-11D2-945F-00C04FB984F9}/GPT.INI"
bool torture_gpo_system_access_policies(struct torture_context *tctx)
{
int ret, vers = 0, i;
- const char *sysvol_path = NULL, *gpo_dir = NULL, *gpo_file = NULL, *gpt_file = NULL;
+ const char *sysvol_path = NULL, *gpo_dir = NULL;
+ const char *gpo_file = NULL, *gpt_file = NULL;
struct ldb_context *samdb = NULL;
struct ldb_result *result;
const char *attrs[] = {
int pwdpropcases[] = { 0, 1, 1 };
struct ldb_message *old_message = NULL;
- sysvol_path = lpcfg_path(lpcfg_service(tctx->lp_ctx, "sysvol"), lpcfg_default_service(tctx->lp_ctx), tctx);
+ sysvol_path = lpcfg_path(lpcfg_service(tctx->lp_ctx, "sysvol"),
+ lpcfg_default_service(tctx->lp_ctx), tctx);
torture_assert(tctx, sysvol_path, "Failed to fetch the sysvol path");
/* Ensure the sysvol path exists */
/* Get the gpo update command */
gpo_update_cmd = lpcfg_gpo_update_command(tctx->lp_ctx);
- torture_assert(tctx, gpo_update_cmd && gpo_update_cmd[0], "Failed to fetch the gpo update command");
+ torture_assert(tctx, gpo_update_cmd && gpo_update_cmd[0],
+ "Failed to fetch the gpo update command");
/* Open and read the samba db and store the initial password settings */
- samdb = samdb_connect(tctx, tctx->ev, tctx->lp_ctx, system_session(tctx->lp_ctx), 0);
+ samdb = samdb_connect(tctx, tctx->ev, tctx->lp_ctx,
+ system_session(tctx->lp_ctx), 0);
torture_assert(tctx, samdb, "Failed to connect to the samdb");
- ret = ldb_search(samdb, tctx, &result, ldb_get_default_basedn(samdb), LDB_SCOPE_BASE, attrs, NULL);
- torture_assert(tctx, ret == LDB_SUCCESS && result->count == 1, "Searching the samdb failed");
+ ret = ldb_search(samdb, tctx, &result, ldb_get_default_basedn(samdb),
+ LDB_SCOPE_BASE, attrs, NULL);
+ torture_assert(tctx, ret == LDB_SUCCESS && result->count == 1,
+ "Searching the samdb failed");
old_message = result->msgs[0];
for (i = 0; i < 3; i++) {
/* Write out the sysvol */
if ( (fp = fopen(gpo_file, "w")) ) {
- fputs(talloc_asprintf(tctx, GPTTMPL, minpwdcases[i], maxpwdcases[i], pwdlencases[i], pwdpropcases[i]), fp);
+ fputs(talloc_asprintf(tctx, GPTTMPL, minpwdcases[i],
+ maxpwdcases[i], pwdlencases[i],
+ pwdpropcases[i]), fp);
fclose(fp);
}
fclose(fp);
}
if ( (fp = fopen(gpt_file, "w")) ) {
- char *data = talloc_asprintf(tctx, "[General]\nVersion=%d\n", ++vers);
+ char *data = talloc_asprintf(tctx, "[General]\nVersion=%d\n",
+ ++vers);
fputs(data, fp);
fclose(fp);
}
/* Run the gpo update command */
ret = exec_wait(gpo_update_cmd);
- torture_assert(tctx, ret == 0, "Failed to execute the gpo update command");
+ torture_assert(tctx, ret == 0,
+ "Failed to execute the gpo update command");
- ret = ldb_search(samdb, tctx, &result, ldb_get_default_basedn(samdb), LDB_SCOPE_BASE, attrs, NULL);
- torture_assert(tctx, ret == LDB_SUCCESS && result->count == 1, "Searching the samdb failed");
+ ret = ldb_search(samdb, tctx, &result, ldb_get_default_basedn(samdb),
+ LDB_SCOPE_BASE, attrs, NULL);
+ torture_assert(tctx, ret == LDB_SUCCESS && result->count == 1,
+ "Searching the samdb failed");
/* minPwdAge */
val = ldb_msg_find_ldb_val(result->msgs[0], attrs[0]);
- torture_assert(tctx, unix2nttime((char*)val->data) == minpwdcases[i], "The minPwdAge was not applied");
+ torture_assert(tctx, unix2nttime((char*)val->data) == minpwdcases[i],
+ "The minPwdAge was not applied");
/* maxPwdAge */
val = ldb_msg_find_ldb_val(result->msgs[0], attrs[1]);
- torture_assert(tctx, unix2nttime((char*)val->data) == maxpwdcases[i], "The maxPwdAge was not applied");
+ torture_assert(tctx, unix2nttime((char*)val->data) == maxpwdcases[i],
+ "The maxPwdAge was not applied");
/* minPwdLength */
val = ldb_msg_find_ldb_val(result->msgs[0], attrs[2]);
- torture_assert(tctx, atoi((char*)val->data) == pwdlencases[i], "The minPwdLength was not applied");
+ torture_assert(tctx, atoi((char*)val->data) == pwdlencases[i],
+ "The minPwdLength was not applied");
/* pwdProperties */
val = ldb_msg_find_ldb_val(result->msgs[0], attrs[3]);
- torture_assert(tctx, atoi((char*)val->data) == pwdpropcases[i], "The pwdProperties were not applied");
+ torture_assert(tctx, atoi((char*)val->data) == pwdpropcases[i],
+ "The pwdProperties were not applied");
}
for (i = 0; i < old_message->num_elements; i++) {