Commits on Source (53)
-
Jule Anger authored
and re-enable GIT_SNAPSHOT. Signed-off-by: Jule Anger <janger@samba.org>
b9f60718 -
Ralph Boehme authored
Frankly, I can't remember why I added this as part of bug 13688. The goal of the corresponding test is to verify a write on a read-only file handle fails. As the file is opened O_RDONLY, the write will fail anyway and there's no need to inject the error. To make things worse, having the error injected meant we didn't notice when the underlying logic of forcing the open to be done with O_RDONLY was done as O_RDWR, resulting in the write on the handle to succeed. This happened when we introduced reopen_from_fsp(): the initial pathref open of a path with a twrp value was correctly detected and handled by shadow_copy2_openat(). However, when converting the pathref open to a real one via reopen_from_fsp(), shadow_copy2_openat() only sees the magic /proc/fd path and has no way of inferring that this was originating from a prevous version open with a twrp value. Tl;dr: we can just remove this error injection, it is not needed, the correct fix is to implement this in the SMB layer which is done in the subsequent commits. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 78119edb)
b6c2c26e -
Ralph Boehme authored
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit c62484bc)
bb9aea6a -
Ralph Boehme authored
Test more modifying operations are blocked and access masks are correct. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 537eedfe)
a510fc46 -
Ralph Boehme authored
This is what Windows returns for this case. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 276c5bd8)
b8383780 -
Ralph Boehme authored
Printer file handles went through SMB_VFS_CREATE_FILE() and are network callable, so it makes sense to set this on them. This ensures that check_access_fsp() doesn't take the codepath calling smbd_check_access_rights_fsp(), but just checks the request rights from fsp->access_mask. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 76c8fe16)
9ee7991d -
Ralph Boehme authored
The semantics of the access check in check_access_fsp() itself is to allow access if *at least* one or more rights of the rights in access_mask are allowed. The name check_any_access_fsp() better reflects this. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 96b577c3)
0f865a34 -
Ralph Boehme authored
smbd_check_access_rights_fsp() requires *all* rights in access_mask to be granted by the underlying ACL, but the semantics of this function is supposed to grant access if any one of the rights in access_requested is allowed. Fix this by looping over the requested access mask. If smbd_check_access_rights_fsp() returns sucess, mask will be non-null and when assigned to access_granted, the subsequent check will pass, fail otherwise. I'm not doing an early exit on purpose because a subsequent commit adds additional security checks that are done in the subsequent code path common for fsa and non-fsa fsps. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit bf497819)
8318428f -
Ralph Boehme authored
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit a0ae45be)
0352aae6 -
Ralph Boehme authored
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit ee303521)
bfa5f178 -
Ralph Boehme authored
The additional check if fd underlying fd is valid and not -1 should not be done at this place. I actually would prefer an write to fail with EBADF if this happens, as it's likely easier to debug why this happened. These days we should always have a valid fd. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 995a31c8)
44396d7b -
Ralph Boehme authored
Replaces the direct access to fsp->access_mask with a call to check_any_access_fsp() which allows doing additional checks if needed. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 02ed9934)
f5eb449c -
Ralph Boehme authored
Now that check_any_access_fsp() is broadly used consistently to restrict access for all modifying operations, we can add a check for previous versions to check_any_access_fsp() and it gets enforced consistently. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit fd4e4114)
0874d3ab -
Ralph Boehme authored
Doing the previous version access checks and semantics at the SMB layer means we can simplify the shadow_copy2 and remove the kludge. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Mon Jan 8 16:58:26 UTC 2024 on atb-devel-224 (backported from commit f14a7065) [slow@samba.org: vfs_shadow_copy2.c: no TALLOC_FREE() in context] [slow@samba.org: open.c: assign result from calculate_open_access_flags()] Autobuild-User(v4-19-test): Jule Anger <janger@samba.org> Autobuild-Date(v4-19-test): Tue Jan 9 13:17:12 UTC 2024 on atb-devel-224
cfbaab56 -
Gabriel Nagy authored
In addition to the SUSE global trust directory, add support for RHEL and Debian-based distributions (including Ubuntu). To determine the correct directory to use, we iterate over the variants and stop at the first which is a directory. In case none is found, fallback to the first option which will produce a warning as it did previously. Signed-off-by: Gabriel Nagy <gabriel.nagy@canonical.com> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: David Mulder <dmulder@samba.org> (cherry picked from commit a1b285e4)
9ab2eb21 -
Gabriel Nagy authored
This is used on RHEL/Fedora instead of update-ca-certificates. They behave similarly so it's enough to change the command name. Signed-off-by: Gabriel Nagy <gabriel.nagy@canonical.com> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: David Mulder <dmulder@samba.org> (cherry picked from commit fa80d1d8)
f9975df8 -
Gabriel Nagy authored
On Ubuntu, certificates must end in '.crt' in order to be considered by the `update-ca-certificates` helper. Signed-off-by: Gabriel Nagy <gabriel.nagy@canonical.com> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: David Mulder <dmulder@samba.org> (cherry picked from commit bce3a892)
0dd51b02 -
Gabriel Nagy authored
This fails all GPO-related tests that call `gpupdate --rsop`. Signed-off-by: Gabriel Nagy <gabriel.nagy@canonical.com> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: David Mulder <dmulder@samba.org> (cherry picked from commit 1ef722cf)
9db01a2c -
Gabriel Nagy authored
I don't know whether this applies universally, but in our case the contents of `es['cACertificate'][0]` are binary, so cleanly converting to a string fails with the following: 'utf-8' codec can't decode byte 0x82 in position 1: invalid start byte We found a fix to be encoding the certificate to base64 when constructing the CA list. Section 4.4.5.2 of MS-CAESO also suggests that the content of `cACertificate` is binary (OCTET string). Signed-off-by: Gabriel Nagy <gabriel.nagy@canonical.com> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: David Mulder <dmulder@samba.org> (cherry picked from commit 157335ee)
6dba94a3 -
Gabriel Nagy authored
Ensure that cepces-submit reporting additional templates and re-applying will enforce the updated policy. Signed-off-by: Gabriel Nagy <gabriel.nagy@canonical.com> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: David Mulder <dmulder@samba.org> (cherry picked from commit 2d6943a8)
dfbe7494 -
Gabriel Nagy authored
If certificate templates are added or removed, the autoenroll extension should react to this and reapply the policy. Previously this wasn't taken into account. Signed-off-by: Gabriel Nagy <gabriel.nagy@canonical.com> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: David Mulder <dmulder@samba.org> (cherry picked from commit 2a6ae997)
28b1fe5e -
Gabriel Nagy authored
For this we need to stage a Registry.pol file with certificate autoenrollment enabled, but with checkboxes unticked. Signed-off-by: Gabriel Nagy <gabriel.nagy@canonical.com> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: David Mulder <dmulder@samba.org> (cherry picked from commit ee814f77)
93735e8a -
Gabriel Nagy authored
`cache_get_all_attribute_values` returns a dict whereas we need to pass a list of keys to `remove`. These will be interpolated in the gpdb search. Signed-off-by: Gabriel Nagy <gabriel.nagy@canonical.com> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: David Mulder <dmulder@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Mon Aug 28 03:01:22 UTC 2023 on atb-devel-224 (cherry picked from commit 7dc18175)
de32d94c -
Andreas Schneider authored
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15552 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: David Mulder <dmulder@samba.org> (cherry picked from commit 8eb42425) Autobuild-User(v4-19-test): Jule Anger <janger@samba.org> Autobuild-Date(v4-19-test): Mon Jan 15 11:11:31 UTC 2024 on atb-devel-224
df025598 -
Björn Jacke authored
This bug was introduced with 53a1d034 in 2020. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15550 Signed-off-by: Bjoern Jacke <bjacke@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> (cherry picked from commit 2df2e34c)
a86c1087 -
Bjoern Jacke authored
This was broken by c9c3d431 back in 2009 already. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12421 Signed-off-by: Bjoern Jacke <bjacke@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> (cherry picked from commit 56c3dbc2)
9c43625c -
Jones Syue authored
Browsing files or download files from samba server, smbd would check user's id to decide whether this user could access these files, by lookup user's information from the password file (e.g. /usr/local/samba/private/smbpasswd). smbd might goes through startsmbfilepwent(), this api calls [f]chmod() to make sure the password file has valid permissions 0600. Consider a scenario: we are doing a read performance benchmark about downloading a bunch of files (e.g. a thousand files) from a samba server, monitoring file system i/o activities counters, and expecting that should be only read operations on file system because this is just downloading, no uploading is involved. But actually found that still write operations on file system, because smbd lookup user and always reset 0600 permissions on password file while access each file, it makes dirty pages (inode modification) in ram, later triggered a kernel journal daemon to sync dirty pages into back storage (e.g. ext3 kjournald, or ext4 jbd2). This looks like not friendly for read performance benchmark if it happened on an entry-level systems with much less memory and limited computation power, because dirty pages syncing in the meantime slows down read performance. This patch adds fstat() before [f]chmod(), it would check whether password file has valid permissions 0600 or not. If 0600 smbd would bypass [f]chmod() to avoid making dirty pages on file systems. If not 0600 smbd would warn and go through [f]chmod() to set valid permissions 0600 to password file as earlier days. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15555 Signed-off-by: Jones Syue <jonessyue@qnap.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Thu Jan 18 10:28:19 UTC 2024 on atb-devel-224 (cherry picked from commit c82a267b) Autobuild-User(v4-19-test): Jule Anger <janger@samba.org> Autobuild-Date(v4-19-test): Mon Jan 22 10:53:03 UTC 2024 on atb-devel-224
283ff41e -
David Mulder authored
[MS-GPOL] 3.2.5.1.4 Site Search says if the site search returns ERROR_NO_SITENAME, the GP site search should be skipped. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15548 Signed-off-by: David Mulder <dmulder@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Tue Jan 23 11:20:35 UTC 2024 on atb-devel-224 (cherry picked from commit f05b61b4)
445637d0 -
Ralph Boehme authored
This will be used in CI to have a gitlab runner without all modern Linux features we make use of as part of path processing: - O_PATH - openat2() with RESOLVE_NO_SYMLINKS - somehow safely reopen an O_PATH file handle That gives what a classix UNIX like AIX or Solaris offers feature wise. Other OSes support other combinations of those features, but we leave the exersize of possibly adding more runners supporting those combinations to the reader. The following list shows which features are available and used by Samba on a few OSes: | O_PATH | RESOLVE_NO_SYMLINKS | Safe reopen | CI covered --------|----------------|---------------------|---------------------------- | Supported Used | Supported Used | Supported Used | ============================================================================ Linux | + + | + + | + + | + FreeBSD | + + | + [1] - | + [2] - | - AIX | - - | - - | - - | + [1] via open() flag O_RESOLVE_BENEATH [2] via open() flag O_EMPTY_PATH BUG: https://bugzilla.samba.org/show_bug.cgi?id=15549 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> (cherry picked from commit 5c2f9644)
1dff1340 -
Ralph Boehme authored
This is a more sensible combination of missing Linux specific features: - O_PATH - openat2() with RESOLVE_NO_SYMLINKS - somehow safely reopen an O_PATH file handle Currently only O_PATH is disabled for these jobs, but that doesn't really match and know OS. The following list shows which features are available and used by Samba on a few OSes: | O_PATH | RESOLVE_NO_SYMLINKS | Safe reopen | CI covered --------|----------------|---------------------|---------------------------- | Supported Used | Supported Used | Supported Used | ============================================================================ Linux | + + | + + | + + | + FreeBSD | + + | + [1] - | + [2] - | - AIX | - - | - - | - - | + So by also disabling RESOLVE_NO_SYMLINKS and Safe Reopen, we cover classic UNIX systems like AIX. [1] via open() flag O_RESOLVE_BENEATH [2] via open() flag O_EMPTY_PATH BUG: https://bugzilla.samba.org/show_bug.cgi?id=15549 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> (cherry picked from commit 62cbe145)
4c4f086d -
Ralph Boehme authored
Moves processing the symlink error response to the caller filename_convert_dirfsp(). Prepares for using this in non_widelink_open(), where it will replace symlink_target_below_conn() with the same functionality. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15549 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> (back-ported from commit 0515dded)
90ae1e8f -
Ralph Boehme authored
Existing caller passes NULL, no change in behaviour. Prepares for replacing symlink_target_below_conn() in open.c. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15549 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> (cherry picked from commit fc80c72d)
cd4df6ae -
Ralph Boehme authored
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15549 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> (cherry picked from commit 1965fc77)
4477e23d -
Ralph Boehme authored
On systems without /proc/fd support this avoid the expensive chdir() logic in non_widelink_open(). open_file_ntcreate() already passes dirfsp and atname to reopen_from_fsp(), it was just missed in the conversion. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15549 Reviewed-by: Volker Lendecke <vl@samba.org> Signed-off-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Mon Jan 22 12:00:56 UTC 2024 on atb-devel-224 (cherry picked from commit 27130232) Autobuild-User(v4-19-test): Jule Anger <janger@samba.org> Autobuild-Date(v4-19-test): Mon Jan 29 11:59:41 UTC 2024 on atb-devel-224
84020efb -
Jo Sutton authored
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit b068592d)
41cd6b95 -
Gabriel Nagy authored
As of 8231eaf8, the NDES feature is no longer required on Windows, as cert auto-enroll can use the certificate from the LDAP request. However, 157335ee changed the implementation to convert the LDAP certificate to base64 due to it failing to cleanly convert to a string. Because of insufficient test coverage I missed handling the part where NDES is disabled or not reachable and the LDAP certificate was imported. The call to load_der_x509_certificate now fails with an error because it expects binary data, yet it receives a base64 encoded string. This adds a test to confirm the issue. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15557 Signed-off-by: Gabriel Nagy <gabriel.nagy@canonical.com> Reviewed-by: David Mulder <dmulder@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit 0d1ff699)
a50016bc -
Gabriel Nagy authored
The reasoning behind this is described in the previous commit message, but essentially this should either be wrapped in certificate blocks and imported as PEM, or converted back to binary and imported as DER. I've opted for the latter since it's how it used to work before it regressed in 157335ee. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15557 Signed-off-by: Gabriel Nagy <gabriel.nagy@canonical.com> Reviewed-by: David Mulder <dmulder@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit 3f3ddfa6)
90cf23e1 -
Gabriel Nagy authored
This is a visual fix and has no impact on functionality apart from cleaner log messages. The point of this is to get the list of supported templates in order to compute a diff between the current applied templates and the updated list, so we are able to unapply and reapply the policy in case there are differences. However this code path is executed on first applies as well, at which point the root CA is not yet set up. This causes the `get_supported_templates` call to fail, which is not a hard failure but still pollutes the logs. In this case it's safe to avoid executing the command as the policy will be applied regardless. Signed-off-by: Gabriel Nagy <gabriel.nagy@canonical.com> Reviewed-by: David Mulder <dmulder@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Mon Jan 22 16:48:57 UTC 2024 on atb-devel-224 (cherry picked from commit 8579340f)
d3061f5e -
Andreas Schneider authored
This allows enable INFO level logging with: `samba-gpupdate -d3` BUG: https://bugzilla.samba.org/show_bug.cgi?id=15558 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 14519407) Autobuild-User(v4-19-test): Jule Anger <janger@samba.org> Autobuild-Date(v4-19-test): Mon Feb 5 12:34:12 UTC 2024 on atb-devel-224
60514eb6 -
Michael Tokarev authoredc390da79
-
Michael Tokarev authored5cc4e57e
-
Michael Tokarev authored5b0c0f62
-
Michael Tokarev authored8480944d
-
Michael Tokarev authoredf15aea67
-
Michael Tokarev authored8547ab89
-
Jule Anger authored
Signed-off-by: Jule Anger <janger@samba.org>
8ffa5ab1 -
Jule Anger authored
Signed-off-by: Jule Anger <janger@samba.org>
7bef2f7f -
Michael Tokarev authoredd3debe1d
-
Michael Tokarev authored
Update to upstream version '4.19.5+dfsg' with Debian dir 4be4490cb2a9a5a11bb6bbdc9a3793da305809a4
69f12ae5 -
Michael Tokarev authored8c61655e
-
Michael Tokarev authored
d/control: replace pkg-config=>pkgconf in Build-Depends, remove pkg-config from Depends of libldb-dev and python3-ldb-dev
8eb4c81a -
Michael Tokarev authored0e3e88dc
-
Michael Tokarev authored61389a1a
Showing
- VERSION 1 addition, 1 deletionVERSION
- WHATSNEW.txt 64 additions, 2 deletionsWHATSNEW.txt
- debian/changelog 24 additions, 4 deletionsdebian/changelog
- debian/control 3 additions, 5 deletionsdebian/control
- debian/libsmbclient.symbols 1 addition, 1 deletiondebian/libsmbclient.symbols
- debian/libwbclient0.symbols 1 addition, 1 deletiondebian/libwbclient0.symbols
- debian/patches/python-fix-invalid-escape-sequences.patch 0 additions, 296 deletionsdebian/patches/python-fix-invalid-escape-sequences.patch
- debian/patches/series 1 addition, 1 deletiondebian/patches/series
- debian/patches/silence-can-not-convert-group-sid.diff 26 additions, 0 deletionsdebian/patches/silence-can-not-convert-group-sid.diff
- debian/python3-ldb.symbols.in 1 addition, 1 deletiondebian/python3-ldb.symbols.in
- debian/rules 1 addition, 1 deletiondebian/rules
- debian/samba-libs.symbols 3 additions, 1 deletiondebian/samba-libs.symbols
- debian/winbind.postrm 7 additions, 5 deletionsdebian/winbind.postrm
- lib/util/time.c 1 addition, 1 deletionlib/util/time.c
- python/samba/gp/gp_cert_auto_enroll_ext.py 51 additions, 28 deletionspython/samba/gp/gp_cert_auto_enroll_ext.py
- python/samba/gp/gpclass.py 18 additions, 12 deletionspython/samba/gp/gpclass.py
- python/samba/gp/util/logging.py 3 additions, 2 deletionspython/samba/gp/util/logging.py
- python/samba/graph.py 1 addition, 1 deletionpython/samba/graph.py
- python/samba/tests/bin/cepces-submit 2 additions, 1 deletionpython/samba/tests/bin/cepces-submit
- python/samba/tests/gpo.py 258 additions, 42 deletionspython/samba/tests/gpo.py
This diff is collapsed.