authpolicy: Verify that GPOs downloaded from AD apply in the proper order |
|||
Issue descriptionThis is probably not the case, AFAIK GPOs are listed in this order: - Site GPOs - Domain GPOs - OU GPOs, from child OU to parent OU The OU order would be wrong, it should be parent to child. Also the order within a level might be wrong (need to verify).
,
May 14 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/b58604f37018d4e44e8cfe11c949707ad9c4b21d commit b58604f37018d4e44e8cfe11c949707ad9c4b21d Author: Lutz Justen <ljusten@chromium.org> Date: Sun May 14 23:24:02 2017 samba: Add patches for net ads gpo list Adds three patches that fix issues with the gpo list of the net ads tool. samba-4.5.3-reorder_ads_get_gpo_list.patch: Changes order to match GPO application order. The order of GPOs in a gpo_list generated by ads_get_gpo_list did not match the order of application. Since GPOs are pushed to the FRONT of gpo_list, GPOs have to be pushed in the opposite order of application. (Pushing to front is useful to get inheritance blocking right). samba-4.5.3-fix_block_inheritance.patch: Fixes issue with GPOPTIONS_BLOCK_INHERITANCE. GP links with the GPOPTIONS_BLOCK_INHERITANCE option set were blocking GPOs from the same link (i.e. an OU with the flag set would block its own GPOs). This CL makes sure the GPOs from the link are added to the list. samba-4.5.3-list_forced_gpos_last: ads_get_gpo_list: Put enforced GPOs at the end of the list Enforced GPOs should be applied on top of all non-enforced GPOs, so that they override policies set in non-enforced GPOs. BUG= chromium:710469 , chromium:710434 , chromium:708476 TEST=Made sure that GPO order matches application order. Change-Id: Idf5aaf70d2725b10021ca8f1bc939edd13d1e52a Reviewed-on: https://chromium-review.googlesource.com/480092 Commit-Ready: Lutz Justen <ljusten@chromium.org> Tested-by: Lutz Justen <ljusten@chromium.org> Reviewed-by: Zentaro Kavanagh <zentaro@google.com> [add] https://crrev.com/b58604f37018d4e44e8cfe11c949707ad9c4b21d/net-fs/samba/files/samba-4.5.3-list_forced_gpos_last.patch [add] https://crrev.com/b58604f37018d4e44e8cfe11c949707ad9c4b21d/net-fs/samba/files/samba-4.5.3-fix_block_inheritance.patch [modify] https://crrev.com/b58604f37018d4e44e8cfe11c949707ad9c4b21d/net-fs/samba/samba-4.5.3.ebuild [rename] https://crrev.com/b58604f37018d4e44e8cfe11c949707ad9c4b21d/net-fs/samba/samba-4.5.3-r7.ebuild [add] https://crrev.com/b58604f37018d4e44e8cfe11c949707ad9c4b21d/net-fs/samba/files/samba-4.5.3-reorder_ads_get_gpo_list.patch
,
May 15 2017
,
Jul 6 2017
bulk Verify of older or not-user-facing Chromad bugs |
|||
►
Sign in to add a comment |
|||
Comment 1 by ljusten@chromium.org
, Apr 13 2017