gpo: Move policy application to the gp_ext

Policy specific setting application should be
handled by the group policy extension, not the
read/parse handler.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>

diff --git a/python/samba/gp_sec_ext.py b/python/samba/gp_sec_ext.py
index 8fd2ff5572391a08dd4aecea299e1df3b9a8d9b0..256a39eab15ce6bbb407e8e594d22ad1cb975f17 100644 (file)
--- a/python/samba/gp_sec_ext.py
+++ b/python/samba/gp_sec_ext.py
@@ -166,10 +166,24 @@ class gp_sec_ext(gp_inf_ext):
         if self.lp.get('server role') != 'active directory domain controller':
             return
         inf_file = 'MACHINE/Microsoft/Windows NT/SecEdit/GptTmpl.inf'
+        apply_map = self.apply_map()
 
         for gpo in changed_gpo_list:
             if gpo.file_sys_path:
                 self.gp_db.set_guid(gpo.name)
                 path = os.path.join(gpo.file_sys_path, inf_file)
-                self.parse(path)
+                inf_conf = self.parse(path)
+                if not inf_conf:
+                    continue
+                for section in inf_conf.sections():
+                    current_section = apply_map.get(section)
+                    if not current_section:
+                        continue
+                    for key, value in inf_conf.items(section):
+                        if current_section.get(key):
+                            (att, setter) = current_section.get(key)
+                            value = value.encode('ascii', 'ignore')
+                            setter(self.logger, self.gp_db, self.lp,
+                                   self.creds, att, value).update_samba()
+                            self.gp_db.commit()
 

diff --git a/python/samba/gpclass.py b/python/samba/gpclass.py
index 1563db469ab0a85e49b0c84c291d10fd39ec26b8..893a419cfbf74aa28706029e3bf3f5cf92b72560 100644 (file)
--- a/python/samba/gpclass.py
+++ b/python/samba/gpclass.py
@@ -357,37 +357,13 @@ class gp_ext_setter(object):
 
 class gp_inf_ext(gp_ext):
     def read(self, policy):
-        ret = False
-        inftable = self.apply_map()
-
-        current_section = None
-
-        # So here we would declare a boolean,
-        # that would get changed to TRUE.
-        #
-        # If at any point in time a GPO was applied,
-        # then we return that boolean at the end.
-
         inf_conf = ConfigParser()
         inf_conf.optionxform = str
         try:
             inf_conf.readfp(StringIO(policy))
         except:
             inf_conf.readfp(StringIO(policy.decode('utf-16')))
-
-        for section in inf_conf.sections():
-            current_section = inftable.get(section)
-            if not current_section:
-                continue
-            for key, value in inf_conf.items(section):
-                if current_section.get(key):
-                    (att, setter) = current_section.get(key)
-                    value = value.encode('ascii', 'ignore')
-                    ret = True
-                    setter(self.logger, self.gp_db, self.lp,
-                           self.creds, att, value).update_samba()
-                    self.gp_db.commit()
-        return ret
+        return inf_conf
 
 
 ''' Fetch the hostname of a writable DC '''