Merge pull request #41 from altlinux/gpsetup

Ok, prepare to new prerelease.

dist/gpupdate-setup

@@ -0,0 +1,204 @@
+#! /usr/bin/env python3
+#
+# GPOA - GPO Applier for Linux
+#
+# Copyright (C) 2019-2020 BaseALT Ltd.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+
+import os
+import sys
+import argparse
+import subprocess
+
+import re
+
+def command(args):
+    try:
+        subprocess.check_call(args.split())
+    except:
+        print ('command: \'%s\' error' % args)
+
+def get_default_policy_name():
+    localpolicy = 'workstation'
+
+    try:
+        release = '/etc/altlinux-release'
+        if os.path.isfile(release):
+            f = open(release)
+            s = f.readline()
+            if re.search('server', s, re.I):
+                localpolicy = 'server'
+    except:
+        pass
+
+    return localpolicy
+
+def parse_arguments():
+    '''
+    Parse CLI arguments.
+    '''
+    parser = argparse.ArgumentParser(prog='gpupdate-setup')
+    subparsers = parser.add_subparsers(dest='action',
+        metavar='action',
+        help='Group Policy management actions (default action is status)')
+
+    parser_list = subparsers.add_parser('list',
+        help='List avalable types of local policy')
+    parser_status = subparsers.add_parser('status',
+        help='Show current Group Policy status')
+    parser_enable = subparsers.add_parser('enable',
+        help='Enable Group Policy subsystem')
+    parser_disable = subparsers.add_parser('disable',
+        help='Disable Group Policy subsystem')
+    parser_write = subparsers.add_parser('write',
+        help='Operate on Group Policies (enable or disable)')
+    parser_active = subparsers.add_parser('active-policy',
+        help='Show name of policy enabled')
+
+    parser_write.add_argument('status',
+        choices=['enable', 'disable'],
+        help='Enable or disable Group Policies')
+    parser_write.add_argument('localpolicy',
+        default=None,
+        nargs='?',
+        help='Name of local policy to enable')
+
+    parser_enable.add_argument('localpolicy',
+        default=None,
+        nargs='?',
+        help='Name of local policy to enable')
+
+    return parser.parse_args()
+
+def get_policy_entries(directory):
+    filtered_entries = list()
+    if os.path.isdir(directory):
+        entries = [os.path.join(directory, entry) for entry in os.listdir(directory)]
+
+        for entry in entries:
+            if os.path.isdir(os.path.join(entry)):
+                if not os.path.islink(os.path.join(entry)):
+                    if not entry.rpartition('/')[2] == 'default':
+                        filtered_entries.append(entry)
+
+    return filtered_entries
+
+
+def get_policy_variants():
+    '''
+    Get the list of local policy variants deployed on this system.
+    Please note that is case overlapping names the names in
+    /etc/local-policy must override names in /usr/share/local-policy
+    '''
+    policy_dir = '/usr/share/local-policy'
+    etc_policy_dir = '/etc/local-policy'
+
+    system_policies = get_policy_entries(policy_dir)
+    user_policies = get_policy_entries(etc_policy_dir)
+
+    general_listing = list()
+    general_listing.extend(system_policies)
+    general_listing.extend(user_policies)
+
+    return general_listing
+
+def validate_policy_name(policy_name):
+    return policy_name in [os.path.basename(d) for d in get_policy_variants()]
+
+def get_status():
+    systemd_unit_link = '/etc/systemd/system/multi-user.target.wants/gpupdate.service'
+
+    return os.path.islink(systemd_unit_link)
+
+def get_active_policy():
+    policy_dir = '/usr/share/local-policy'
+    etc_policy_dir = '/etc/local-policy'
+    default_policy_name = os.path.join(policy_dir, get_default_policy_name())
+
+    active_policy_name = os.path.join(etc_policy_dir, 'active')
+
+    actual_policy_name = os.path.realpath(default_policy_name)
+
+    if os.path.isdir(active_policy_name):
+        actual_policy_name = os.path.realpath(active_policy_name)
+
+    return actual_policy_name
+
+
+def disable_gp():
+    #command('/usr/sbin/control system-policy local')
+    command('systemctl disable gpupdate.service')
+    command('systemctl --global --user disable gpupdate-user.service')
+
+def enable_gp(policy_name):
+    policy_dir = '/usr/share/local-policy'
+    etc_policy_dir = '/etc/local-policy'
+    target_policy_name = get_default_policy_name()
+    if policy_name:
+        if validate_policy_name(policy_name):
+            target_policy_name = policy_name
+
+    print (target_policy_name)
+    default_policy_name = os.path.join(policy_dir, target_policy_name)
+    active_policy_name = os.path.join(etc_policy_dir, 'active')
+
+    if not os.path.isdir(etc_policy_dir):
+        os.makedirs(etc_policy_dir)
+
+    if not os.path.isdir(active_policy_name):
+        os.symlink(default_policy_name, active_policy_name)
+    else:
+        os.unlink(active_policy_name)
+        os.symlink(default_policy_name, active_policy_name)
+
+    # Enable oddjobd_gpupdate in PAM config
+    #command('/usr/sbin/control system-policy gpupdate')
+    # Bootstrap the Group Policy engine
+    command('/usr/sbin/gpoa --nodomain')
+    # Enable gpupdate-setup.service for all users
+    command('systemctl --global --user enable gpupdate-user.service')
+
+def main():
+    arguments = parse_arguments()
+
+    if arguments.action == 'list':
+        for entry in get_policy_variants():
+            print(entry.rpartition('/')[2])
+
+    if arguments.action == 'status' or arguments.action == None:
+        if get_status():
+            print('enabled')
+        else:
+            print('disabled')
+
+    if arguments.action == 'write':
+        if arguments.status == 'enable' or arguments.status == '#t':
+            enable_gp(arguments.localpolicy)
+        if arguments.status == 'disable' or arguments.status == '#f':
+            disable_gp()
+
+    if arguments.action == "enable":
+        enable_gp(arguments.localpolicy)
+
+    if arguments.action == "disable":
+        disable_gp()
+
+    if arguments.action == 'active-policy':
+        print(get_active_policy())
+
+if __name__ == '__main__':
+    main()
+

gpoa/util/paths.py

@@ -17,13 +17,22 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 import pathlib
+import os
 
 
 def default_policy_path():
     '''
     Returns path pointing to Default Policy directory.
     '''
-    return pathlib.Path('/usr/share/local-policy/default')
+    local_policy_default = '/usr/share/local-policy/default'
+    etc_local_policy_default = '/etc/local-policy/active'
+
+    result_path = pathlib.Path(local_policy_default)
+
+    if os.path.exists(etc_local_policy_default):
+        result_path = pathlib.Path(etc_local_policy_default)
+
+    return pathlib.Path(result_path)
 
 
 def cache_dir():

gpupdate.spec

@@ -16,7 +16,8 @@ Requires: local-policy >= 0.1.0
 BuildRequires: rpm-build-python3
 Requires: python3-module-rpm
 Requires: oddjob-%name >= 0.2.0
-Requires: libnss-role
+Requires: libnss-role >= 0.5.0
+Requires: local-policy >=  0.2.0
 
 Source0: %name-%version.tar
 
@@ -42,6 +43,8 @@ ln -s %python3_sitelibdir/gpoa/gpoa \
 	%buildroot%_sbindir/gpoa
 ln -s %python3_sitelibdir/gpoa/gpupdate \
 	%buildroot%_bindir/gpupdate
+cp dist/gpupdate-setup \
+	%buildroot%_sbindir/gpupdate-setup
 
 mkdir -p %buildroot%_datadir/%name
 mv %buildroot%python3_sitelibdir/gpoa/templates \
@@ -61,6 +64,7 @@ install -Dm0644 doc/gpupdate.1 %buildroot/%{_man1dir}/gpupdate.1
 
 %files
 %_sbindir/gpoa
+%_sbindir/gpupdate-setup
 %_bindir/gpupdate
 %attr(755,root,root) %python3_sitelibdir/gpoa/gpoa
 %attr(755,root,root) %python3_sitelibdir/gpoa/gpupdate