Update logic with no domain, run gpoa for computer and user separately

gpoa/backend/__init__.py

@@ -21,23 +21,27 @@ from util.windows import smbcreds
 from .samba_backend import samba_backend
 from .nodomain_backend import nodomain_backend
 
-def backend_factory(dc, username, is_machine):
+def backend_factory(dc, username, is_machine, no_domain = False):
     '''
     Return one of backend objects. Please note that backends must
     store their configuration in a storage with administrator
     write permissions in order to prevent users from modifying
     policies enforced by domain administrators.
     '''
-    sc = smbcreds(dc)
-    domain = sc.get_domain()
     back = None
+    domain = None
+    if not no_domain:
+        sc = smbcreds(dc)
+        domain = sc.get_domain()
 
-    if dc:
+    if domain:
+        logging.debug('Initialize Samba backend for domain: {}'.format(domain))
         try:
             back = samba_backend(sc, username, domain, is_machine)
         except Exception as exc:
             logging.error('Unable to initialize Samba backend: {}'.format(exc))
     else:
+        logging.debug('Initialize local backend with no domain')
         try:
             back = nodomain_backend()
         except Exception as exc:

gpoa/backend/nodomain_backend.py

@@ -31,14 +31,17 @@ from util.logging import slogm
 class nodomain_backend(applier_backend):
 
     def __init__(self):
+        domain = None
+        machine_name = get_machine_name()
+        machine_sid = get_sid(domain, machine_name, True)
         self.storage = registry_factory('registry')
         self.storage.set_info('domain', domain)
-        self.storage.set_info('machine_name', get_machine_name())
-        self.storage.set_info('machine_sid', get_sid(domain, self.storage.get_info('machine_name')))
+        self.storage.set_info('machine_name', machine_name)
+        self.storage.set_info('machine_sid', machine_sid)
 
         # User SID to work with HKCU hive
-        self.username = get_machine_name()
-        self.sid = get_sid(self.storage.get_info('domain'), self.username)
+        self.username = machine_name
+        self.sid = machine_sid
 
     def retrieve_and_store(self):
         '''

gpoa/backend/samba_backend.py

@@ -37,13 +37,17 @@ class samba_backend(applier_backend):
         self.storage = registry_factory('registry')
         self.storage.set_info('domain', domain)
         machine_name = get_machine_name()
+        machine_sid = get_sid(domain, machine_name, is_machine)
         self.storage.set_info('machine_name', machine_name)
-        self.storage.set_info('machine_sid', get_sid(domain, machine_name))
+        self.storage.set_info('machine_sid', machine_sid)
 
         # User SID to work with HKCU hive
         self.username = username
         self._is_machine_username = is_machine
-        self.sid = get_sid(self.storage.get_info('domain'), self.username)
+        if is_machine:
+            self.sid = machine_sid
+        else:
+            self.sid = get_sid(self.storage.get_info('domain'), self.username)
 
         self.cache = cache_factory('regpol_cache')
         self.gpo_names = cache_factory('gpo_names')

gpoa/frontend/frontend_manager.py

@@ -75,7 +75,7 @@ class frontend_manager:
         self.username = determine_username(username)
         self.is_machine = is_machine
         self.process_uname = get_process_user()
-        self.sid = get_sid(self.storage.get_info('domain'), self.username)
+        self.sid = get_sid(self.storage.get_info('domain'), self.username, is_machine)
 
         self.machine_appliers = dict({
             'control':  control_applier(self.storage),

gpoa/gpoa

@@ -94,12 +94,13 @@ class gpoa_controller:
         Function to start update of settings storage
         '''
         dc = self.__args.dc
+        nodomain = False
         if self.__args.nodomain:
-            dc = None
+            nodomain = True
 
         if not self.__args.noupdate:
             if is_root():
-                back = backend_factory(dc, self.username, self.is_machine)
+                back = backend_factory(dc, self.username, self.is_machine, nodomain)
                 if back:
                     back.retrieve_and_store()
 

gpoa/util/dbus.py

@@ -43,8 +43,8 @@ class dbus_runner:
             result = self.interface.gpupdatefor(dbus.String(self.username))
             print_dbus_result(result)
         else:
-            logging.info(slogm('Starting GPO applier for computer via D-Bus'.format(self.username)))
-            result = self.interface.gpupdate()
+            logging.info(slogm('Starting GPO applier for computer via D-Bus'))
+            result = self.interface.gpupdate_computer()
             print_dbus_result(result)
         #self.interface.Quit()
 

gpoa/util/windows.py

@@ -19,6 +19,7 @@
 
 import logging
 import os
+import pwd
 
 import optparse
 from samba import getopt as options
@@ -147,17 +148,27 @@ def wbinfo_getsid(domain, user):
     return sid
 
 
-def get_sid(domain, username):
+def get_local_sid_prefix():
+    return "S-1-5-21-0-0-0"
+
+
+def get_sid(domain, username, is_machine = False):
     '''
     Lookup SID not only using wbinfo or sssd but also using own cache
     '''
-    domain_username = '{}\\{}'.format(domain, username)
     sid = 'local-{}'.format(username)
 
+    # local user
+    if not domain:
+        found_uid = 0
+        if not is_machine:
+            found_uid = pwd.getpwnam(username).pw_uid
+        return '{}-{}'.format(get_local_sid_prefix(), found_uid)
+
+    # domain user
     try:
         sid = wbinfo_getsid(domain, username)
     except:
-        sid = 'local-{}'.format(username)
         logging.warning(
             slogm('Error getting SID using wbinfo, will use cached SID: {}'.format(sid)))