gpo: Add --rsop option to samba-gpupdate

This command prints the Resultant Set of Policy
for applicable GPOs, for either the Computer or
User policy (depending on the target specified).
Policy specific output must be implemented for
each client side extension.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

diff --git a/python/samba/gpclass.py b/python/samba/gpclass.py
index 1831e6e1ebc056727d57bd449aa667d84ac2af03..3efb6390381fb9141f2c3513c4069237ee48a678 100644 (file)
--- a/python/samba/gpclass.py
+++ b/python/samba/gpclass.py
@@ -317,6 +317,10 @@ class gp_ext(object):
     def __str__(self):
         pass
 
+    @abstractmethod
+    def rsop(self, gpo):
+        return {}
+
 
 class gp_ext_setter(object):
     __metaclass__ = ABCMeta
@@ -504,6 +508,40 @@ def unapply_gp(lp, creds, logger, store, gp_extensions):
     store.commit()
 
 
+def __rsop_vals(vals, level=4):
+    if type(vals) == dict:
+        ret = [' '*level + '[ %s ] = %s' % (k, __rsop_vals(v, level+2))
+                for k, v in vals.items()]
+        return '\n'.join(ret)
+    elif type(vals) == list:
+        ret = [' '*level + '[ %s ]' % __rsop_vals(v, level+2) for v in vals]
+        return '\n'.join(ret)
+    else:
+        return vals
+
+def rsop(lp, creds, gp_extensions, target):
+    dc_hostname = get_dc_hostname(creds, lp)
+    gpos = get_gpo_list(dc_hostname, creds, lp)
+    check_refresh_gpo_list(dc_hostname, lp, creds, gpos)
+
+    print('Resultant Set of Policy')
+    print('%s Policy\n' % target)
+    term_width = os.get_terminal_size()[0]
+    for gpo in gpos:
+        print('GPO: %s' % gpo.display_name)
+        print('='*term_width)
+        for ext in gp_extensions:
+            print('  CSE: %s' % ext.__module__.split('.')[-1])
+            print('  ' + ('-'*int(term_width/2)))
+            for section, settings in ext.rsop(gpo).items():
+                print('    Policy Type: %s' % section)
+                print('    ' + ('-'*int(term_width/2)))
+                print(__rsop_vals(settings))
+                print('    ' + ('-'*int(term_width/2)))
+            print('  ' + ('-'*int(term_width/2)))
+        print('%s\n' % ('='*term_width))
+
+
 def parse_gpext_conf(smb_conf):
     lp = LoadParm()
     if smb_conf is not None:

diff --git a/source4/scripting/bin/samba-gpupdate b/source4/scripting/bin/samba-gpupdate
index e239a4e015e3dc360e219a288a9e0662dc15879d..af2430938cd6bc97a67254e81b3560aa2fb01f5b 100755 (executable)
--- a/source4/scripting/bin/samba-gpupdate
+++ b/source4/scripting/bin/samba-gpupdate
@@ -29,7 +29,7 @@ sys.path.insert(0, "bin/python")
 
 import optparse
 from samba import getopt as options
-from samba.gpclass import apply_gp, unapply_gp, GPOStorage
+from samba.gpclass import apply_gp, unapply_gp, GPOStorage, rsop
 from samba.gp_sec_ext import gp_sec_ext
 from samba.gp_ext_loader import get_gp_client_side_extensions
 from samba.gp_scripts_ext import gp_scripts_ext
@@ -50,6 +50,8 @@ if __name__ == "__main__":
                       choices=['Computer', 'User'])
     parser.add_option('--force', help='Reapplies all policy settings',
                       action='store_true')
+    parser.add_option('--rsop', help='Print the Resultant Set of Policy',
+                      action='store_true')
     parser.add_option_group(credopts)
 
     # Set the options and the arguments
@@ -90,7 +92,9 @@ if __name__ == "__main__":
         for ext in user_exts:
             gp_extensions.append(ext(logger, lp, creds, store))
 
-    if not opts.unapply:
+    if opts.rsop:
+        rsop(lp, creds, gp_extensions, opts.target)
+    elif not opts.unapply:
         apply_gp(lp, creds, logger, store, gp_extensions, opts.force)
     else:
         unapply_gp(lp, creds, logger, store, gp_extensions)