From c70280a964db93647b90d0a5c347e96decfc0737 Mon Sep 17 00:00:00 2001 From: Evgeny Sinelnikov Date: Mon, 20 Apr 2020 04:24:33 +0400 Subject: [PATCH 1/3] Get machine local Registry policy in Samba backup format --- gpoa/gpt/gpt.py | 2 +- gpupdate.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/gpoa/gpt/gpt.py b/gpoa/gpt/gpt.py index 4c0ef55..6ca27b9 100644 --- a/gpoa/gpt/gpt.py +++ b/gpoa/gpt/gpt.py @@ -273,7 +273,7 @@ def lp2gpt(): ''' Convert local-policy to full-featured GPT. ''' - lppath = os.path.join(default_policy_path(), 'local.xml') + lppath = os.path.join(default_policy_path(), 'Machine/Registry.pol.xml') # Load settings from XML PolFile polparser = GPPolParser() diff --git a/gpupdate.spec b/gpupdate.spec index f8eee96..7ec214a 100644 --- a/gpupdate.spec +++ b/gpupdate.spec @@ -17,7 +17,7 @@ BuildRequires: rpm-build-python3 Requires: python3-module-rpm Requires: oddjob-%name >= 0.2.0 Requires: libnss-role >= 0.5.0 -Requires: local-policy >= 0.2.0 +Requires: local-policy >= 0.3.0 Requires: pam-config >= 1.8 Source0: %name-%version.tar From d38e937e22fb36194ae83f8d72fe9b911fb2e03d Mon Sep 17 00:00:00 2001 From: Evgeny Sinelnikov Date: Mon, 20 Apr 2020 06:18:24 +0400 Subject: [PATCH 2/3] gpupdate-setup: add support domain_controller local policy profile --- dist/gpupdate-setup | 10 ++++++++++ gpoa/util/samba.py | 38 ++++++++++++++++++++++++++++++++++++++ gpoa/util/windows.py | 14 +++----------- 3 files changed, 51 insertions(+), 11 deletions(-) create mode 100644 gpoa/util/samba.py diff --git a/dist/gpupdate-setup b/dist/gpupdate-setup index d269d2b..997dfb7 100755 --- a/dist/gpupdate-setup +++ b/dist/gpupdate-setup @@ -25,6 +25,9 @@ import subprocess import re +from gpoa.util.samba import smbopts + + def command(args): try: subprocess.check_call(args.split()) @@ -44,6 +47,13 @@ def from_command(args): def get_default_policy_name(): localpolicy = 'workstation' + dcpolicy = 'ad-domain-controller' + + try: + if smbopt.get_server_role() == 'active directory domain controller': + return dcpolicy + except: + pass try: release = '/etc/altlinux-release' diff --git a/gpoa/util/samba.py b/gpoa/util/samba.py new file mode 100644 index 0000000..6495445 --- /dev/null +++ b/gpoa/util/samba.py @@ -0,0 +1,38 @@ +# +# GPOA - GPO Applier for Linux +# +# Copyright (C) 2019-2020 BaseALT Ltd. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + + +import optparse +from samba import getopt as options + + +class smbopts: + + def __init__(self, prog=None): + self.parser = optparse.OptionParser(prog) + self.sambaopts = options.SambaOptions(self.parser) + self.lp = self.sambaopts.get_loadparm() + + def get_cache_dir(self): + return self._get_prop('cache directory') + + def get_server_role(self): + return self._get_prop('server role') + + def _get_prop(self, property_name): + return self.lp.get(property_name) diff --git a/gpoa/util/windows.py b/gpoa/util/windows.py index 2826433..ddaac23 100644 --- a/gpoa/util/windows.py +++ b/gpoa/util/windows.py @@ -21,7 +21,6 @@ import logging import os import pwd -import optparse from samba import getopt as options from samba.gpclass import get_dc_hostname, check_refresh_gpo_list @@ -33,15 +32,14 @@ from storage import cache_factory from .xdg import get_user_dir from .util import get_homedir from .logging import slogm +from .samba import smbopts -class smbcreds: +class smbcreds (smbopts): def __init__(self, dc_fqdn=None): - self.parser = optparse.OptionParser('GPO Applier') - self.sambaopts = options.SambaOptions(self.parser) + smbopts.__init__(self, 'GPO Applier') self.credopts = options.CredentialsOptions(self.parser) - self.lp = self.sambaopts.get_loadparm() self.creds = self.credopts.get_credentials(self.lp, fallback_machine=True) self.selected_dc = self.set_dc(dc_fqdn) @@ -87,9 +85,6 @@ class smbcreds: return dns_domainname - def get_cache_dir(self): - return self._get_prop('cache directory') - def get_gpos(self, username): ''' Get GPO list for the specified username for the specified DC @@ -125,9 +120,6 @@ class smbcreds: username, self.selected_dc))) return gpos - def _get_prop(self, property_name): - return self.lp.get(property_name) - def wbinfo_getsid(domain, user): ''' From 8b63d294d312511393745291c22a27110b72df31 Mon Sep 17 00:00:00 2001 From: Evgeny Sinelnikov Date: Tue, 21 Apr 2020 23:14:10 +0400 Subject: [PATCH 3/3] gpupdate-setup: fix break symlink recreate during enable --- dist/gpupdate-setup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dist/gpupdate-setup b/dist/gpupdate-setup index 997dfb7..74ef54b 100755 --- a/dist/gpupdate-setup +++ b/dist/gpupdate-setup @@ -182,7 +182,7 @@ def enable_gp(policy_name): if not os.path.isdir(etc_policy_dir): os.makedirs(etc_policy_dir) - if not os.path.isdir(active_policy_name): + if not os.path.islink(active_policy_name): os.symlink(default_policy_name, active_policy_name) else: os.unlink(active_policy_name)