public/gpupdate
1
0
Fork 1
mirror of https://github.com/altlinux/gpupdate.git synced 2025-11-05 20:23:57 +03:00
Code Releases Wiki Activity

Compare commits

base: public:0.13.0-alt1
Branches Tags
public:master public:plugin-system-development public:freeipa_backend public:cleanup_machine_account public:machine_account_creds public:fix_kde_version public:fix_kde_screen public:fix_cache public:fix_kde public:fix_oddjob public:fix_plasmaupdate public:fix_kde_applier public:fix_firefox public:fix_check_enable public:fix_dconf_update public:dconf_registry public:astra public:translation_for_several_logs public:ntp_applier_addition public:local_admin_policy_v3 public:local_admin_policy_v2 public:oddjob-gpupdate public:gsettings_fixed_error_unable_to_cache_specified_URI public:bugsFix public:logRu public:package_pkcon public:kdestroy_trouble public:fix_gsettings public:samba_registry_storage public:man_gpupdate_setup public:postinst_remove_cache public:quota_applier public:binary_modules
public:0.13.4-alt1 public:0.13.3-alt1 public:0.13.2-alt1 public:0.13.1-alt1 public:0.13.0-alt1 public:0.12.2-alt1 public:0.12.1-alt1 public:0.12.0-alt1 public:0.11.4-alt1 public:0.11.3-alt1 public:0.11.2-alt1 public:0.11.1-alt1 public:0.11.0-alt1 public:0.10.6-alt1 public:0.10.5-alt1 public:0.10.4-alt1 public:0.10.3-alt1 public:0.10.2-alt1 public:0.10.1-alt1 public:0.10.0-alt1 public:0.9.13.5-alt1 public:0.9.13.4-alt1 public:0.9.12.4-alt1 public:0.9.12.1-alt1 public:0.9.12-alt2 public:0.9.11.2-alt1 public:0.9.11.1-alt1 public:0.9.11-alt1 public:0.9.10-alt1 public:0.9.9.1-alt1 public:0.9.9-alt1 public:0.9.8-alt1 public:0.9.7-alt1 public:0.9.6-alt1 public:0.9.5-alt1 public:0.9.4-alt1 public:0.9.3-alt1 public:0.9.2-alt1 public:0.9.1-alt1 public:0.9.0-alt1 public:0.8.2-alt1 public:0.8.1-alt3 public:0.8.1-alt2 public:0.8.1-alt1 public:0.8.0-alt1 public:0.7.0-alt1 public:0.6.0-alt2 public:0.6.0-alt1 public:0.5.0-alt1 public:0.4.5-alt1 public:0.4.4-alt1 public:0.4.3-alt1 public:0.4.1-alt1 public:0.4.0-alt1 public:0.3.0-alt1
...
compare: public:freeipa_backend
Branches Tags
public:plugin-system-development public:freeipa_backend public:master public:cleanup_machine_account public:machine_account_creds public:fix_kde_version public:fix_kde_screen public:fix_cache public:fix_kde public:fix_oddjob public:fix_plasmaupdate public:fix_kde_applier public:fix_firefox public:fix_check_enable public:fix_dconf_update public:dconf_registry public:astra public:translation_for_several_logs public:ntp_applier_addition public:local_admin_policy_v3 public:local_admin_policy_v2 public:oddjob-gpupdate public:gsettings_fixed_error_unable_to_cache_specified_URI public:bugsFix public:logRu public:package_pkcon public:kdestroy_trouble public:fix_gsettings public:samba_registry_storage public:man_gpupdate_setup public:postinst_remove_cache public:quota_applier public:binary_modules
public:0.13.4-alt1 public:0.13.3-alt1 public:0.13.2-alt1 public:0.13.1-alt1 public:0.13.0-alt1 public:0.12.2-alt1 public:0.12.1-alt1 public:0.12.0-alt1 public:0.11.4-alt1 public:0.11.3-alt1 public:0.11.2-alt1 public:0.11.1-alt1 public:0.11.0-alt1 public:0.10.6-alt1 public:0.10.5-alt1 public:0.10.4-alt1 public:0.10.3-alt1 public:0.10.2-alt1 public:0.10.1-alt1 public:0.10.0-alt1 public:0.9.13.5-alt1 public:0.9.13.4-alt1 public:0.9.12.4-alt1 public:0.9.12.1-alt1 public:0.9.12-alt2 public:0.9.11.2-alt1 public:0.9.11.1-alt1 public:0.9.11-alt1 public:0.9.10-alt1 public:0.9.9.1-alt1 public:0.9.9-alt1 public:0.9.8-alt1 public:0.9.7-alt1 public:0.9.6-alt1 public:0.9.5-alt1 public:0.9.4-alt1 public:0.9.3-alt1 public:0.9.2-alt1 public:0.9.1-alt1 public:0.9.0-alt1 public:0.8.2-alt1 public:0.8.1-alt3 public:0.8.1-alt2 public:0.8.1-alt1 public:0.8.0-alt1 public:0.7.0-alt1 public:0.6.0-alt2 public:0.6.0-alt1 public:0.5.0-alt1 public:0.4.5-alt1 public:0.4.4-alt1 public:0.4.3-alt1 public:0.4.1-alt1 public:0.4.0-alt1 public:0.3.0-alt1

35 Commits
0.13.0-alt ... freeipa_ba

Author SHA1 Message Date
Danila Skachedubov
bbbc0b8289 refactor: optimize FreeIPA backend and fix configuration 
- Improve GPO downloading with batch processing and better error handling
    - Fix FreeIPA API calls and server discovery logic
    - Add Samba configuration for FreeIPA integration
    - Clean up imports and code formatting
    - Update package dependencies for FreeIPA support
 2025-10-28 18:42:20 +04:00
Danila Skachedubov
d975cd2f10 refactor: optimize GPO downloading and error handling 
- Implement batch downloading of GPOs instead of single downloads
    - Improve caching mechanism with separate handling for cached/downloaded GPOs
 2025-10-10 10:06:33 +04:00
Danila Skachedubov
cb9c70d6c1 feat: add FreeIPA backend configuration and authentication 
- Extend backend options to include FreeIPA in CLI tools
    - Add FreeIPA-Samba auto-configuration during setup
 2025-10-09 14:05:59 +04:00
Danila Skachedubov
99feb569a2 feat: add FreeIPA credentials and localization 
- Implement ipacreds class for FreeIPA GPO management
    - Add FreeIPA API error handling and localization
    - Add freeipa_backend with GPO download and processing
    - Support FreeIPA in backend factory and setup
 2025-10-09 14:00:36 +04:00
Danila Skachedubov
cd1a2fc042 feat: add FreeIPA configuration utility 
- Implement ipaopts class for FreeIPA configuration management
    - Add methods to retrieve realm, domain, and host from IPA config
 2025-10-09 12:26:18 +04:00
Danila Skachedubov
5e918900c6 feat(backend): integrate FreeIPA backend factory 
- Add freeipa_backend to backend factory selection
    - Implement ipacreds initialization
 2025-10-08 16:48:21 +04:00
Valery Sinelnikov
63e5ffc3f8 0.13.4-alt1 
- Added:
  Production-ready modules: CUPS, file management, INI config (default),
  package management, script modules
  Fallback SID lookup for trusted domain users
  Missing log translations (laps: timezone, login)
  Added ownership handling for files within user home directory
- Changed:
  Refactored to use literals ({}, []) instead of constructors
  Final optimization passes and minor cleanups
  Updated copyright year
  Adjusted login time search and messages
- Fixed:
  Skipped policy retrieval for trusted users to avoid GPO errors
  Corrected login time tracking in laps
  Fixed typos
  Prevented subprocess errors from printing to console
  Adjusted call order (save_dconf - start_frontend)
- Removed:
  Legacy sid variable propagation and related helpers
 2025-08-25 15:24:22 +04:00
Valery Sinelnikov
01d219cb8e Added ownership handling for files within user home directory 2025-08-25 10:50:16 +04:00
Valery Sinelnikov
6af54ff17d Stub: skip policy retrieval for trusted users to prevent GPO errors 2025-08-19 15:21:13 +04:00
Valery Sinelnikov
238d1f4784 refactor: finish remaining optimizations 2025-08-18 11:39:04 +04:00
Valery Sinelnikov
b3253bd684 refactor: 
update copyright year and use literal
{} and [] instead of dict() and list()
 2025-08-15 16:02:23 +04:00
Valery Sinelnikov
66b17be85b Typo corrected 2025-08-14 18:33:31 +04:00
Valery Sinelnikov
bea7fe9803 Avoided printing subprocess errors to console 2025-08-14 16:47:13 +04:00
Valery Sinelnikov
f36b362523 Small refactoring 2025-08-08 14:47:15 +04:00
Valery Sinelnikov
abfb756edb Improve SID lookup fallback for trusted domain users 2025-07-31 18:03:45 +04:00
Valery Sinelnikov
0578e21521 Remove legacy sid variable propagation across the project 
- Clean up all instances where `sid` was passed or stored unnecessarily
- Remove related unused helper functions and dependencies
 2025-07-28 10:47:10 +04:00
Valery Sinelnikov
02bd6773aa Enable production-ready script modules 2025-07-28 10:47:10 +04:00
Valery Sinelnikov
927c3ceb2f Package management is now considered production-ready 2025-07-28 10:47:10 +04:00
Valery Sinelnikov
a329f601f7 INI configuration handlers are now production-ready and enabled by default 2025-07-28 10:47:10 +04:00
Valery Sinelnikov
d4f12dacfa The file management modules are now considered stable and ready for production use 2025-07-28 10:47:10 +04:00
Valery Sinelnikov
4d05358790 CUPS is now considered stable and ready for production use 2025-07-28 10:47:10 +04:00
Vladislav Glinkin
bc4bb96b03 Swapped the call to save_dconf and self.start_frontend() with each other 2025-07-28 10:47:10 +04:00
Valery Sinelnikov
5588be1daa Updating the login time calculation message to clarify the context 2025-07-28 10:47:10 +04:00
Valery Sinelnikov
bde48cbedf Improved the search for the latest login after 2025-07-28 10:47:10 +04:00
Valery Sinelnikov
43d32c3882 Fix typo: target_use -> target_user 
Thanks to lepata@basealt.ru for spotting this issue
 2025-07-28 10:47:10 +04:00
Valery Sinelnikov
0932d1da26 refactor: more constructor replacements with literals 2025-07-28 10:47:10 +04:00
Valery Sinelnikov
2a4375c6fb laps: add missing log translations for timezone and login checks 2025-07-28 10:47:10 +04:00
Valery Sinelnikov
ba11149983 laps: fix login time tracking and logging 2025-07-28 10:47:10 +04:00
Valery Sinelnikov
56008e7e1c refactor: use collection literals instead of constructors 2025-07-28 10:47:10 +04:00
Evgeny Sinelnikov
9325c241ef 0.13.3-alt1 
- Fixed machine account credentials initialization (closes: 55324)
 2025-07-26 01:10:09 +04:00
Evgeny Sinelnikov
3c0c722818 Fixed machine account credentials initialization 2025-07-26 01:08:00 +04:00
Valery Sinelnikov
9424c2c8e8 0.13.2-alt1 
- Fixed: Check directory existence before cleanup to avoid errors(closes:53703)
 2025-04-03 10:52:48 +04:00
Valery Sinelnikov
9065352bb0 Added directory existence check before cleanup 2025-04-03 10:47:26 +04:00
Valery Sinelnikov
9034d4ba4c 0.13.1-alt1 
- Refined registry key handling: LAPS enablement and user presence check
 2025-03-14 17:44:20 +04:00
Valery Sinelnikov
2e6c76337b Refined registry key handling: LAPS enablement and user presence check 2025-03-14 17:44:08 +04:00
75 changed files with 1251 additions and 737 deletions
Expand all files Collapse all files

16
gpoa/backend/__init__.py
View File

@@ -24,6 +24,8 @@ from util.logging import log
from util.config import GPConfig
from util.util import get_uid_by_username, touch_file
from util.paths import get_dconf_config_file
from util.ipacreds import ipacreds
from .freeipa_backend import freeipa_backend
from storage.dconf_registry import Dconf_registry, create_dconf_ini_file, add_preferences_to_global_registry_dict
def backend_factory(dc, username, is_machine, no_domain = False):
@@ -52,6 +54,20 @@ def backend_factory(dc, username, is_machine, no_domain = False):
logdata = dict({'error': str(exc)})
log('E7', logdata)
if config.get_backend() == 'freeipa' and not no_domain:
try:
if not dc:
dc = config.get_dc()
if dc:
ld = {'dc': dc}
log('D52', ld)
ipac = ipacreds()
domain = ipac.get_domain()
back = freeipa_backend(ipac, username, domain, is_machine)
except Exception as exc:
logdata = {'error': str(exc)}
log('E77', logdata)
if config.get_backend() == 'local' or no_domain:
log('D8')
try:

227
gpoa/backend/freeipa_backend.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
# Copyright (C) 2019-2025 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -16,10 +16,231 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import os
import smbc
import re
from .applier_backend import applier_backend
from pathlib import Path
from gpt.gpt import gpt, get_local_gpt
from gpt.gpo_dconf_mapping import GpoInfoDconf
from storage import registry_factory
from storage.dconf_registry import Dconf_registry, extract_display_name_version
from storage.fs_file_cache import fs_file_cache
from util.logging import log
from util.util import get_uid_by_username
from util.kerberos import (
machine_kinit
, machine_kdestroy
)
class freeipa_backend(applier_backend):
def __init__(self):
pass
def __init__(self, ipacreds, username, domain, is_machine):
self.ipacreds = ipacreds
self.cache_path = '/var/cache/gpupdate/creds/krb5cc_{}'.format(os.getpid())
self.__kinit_successful = machine_kinit(self.cache_path, "freeipa")
if not self.__kinit_successful:
raise Exception('kinit is not successful')
self.storage = registry_factory()
self.storage.set_info('domain', domain)
machine_name = self.ipacreds.get_machine_name()
self.storage.set_info('machine_name', machine_name)
self.username = machine_name if is_machine else username
self._is_machine_username = is_machine
self.cache_dir = self.ipacreds.get_cache_dir()
self.gpo_cache_part = 'gpo_cache'
self.gpo_cache_dir = os.path.join(self.cache_dir, self.gpo_cache_part)
self.storage.set_info('cache_dir', self.gpo_cache_dir)
self.file_cache = fs_file_cache("freeipa_gpo", username)
logdata = {'cachedir': self.cache_dir}
log('D7', logdata)
def __del__(self):
if self.__kinit_successful:
machine_kdestroy()
def retrieve_and_store(self):
'''
Retrieve settings and store it in a database - FreeIPA version
'''
try:
if self._is_machine_username:
dconf_dict = Dconf_registry.get_dictionary_from_dconf_file_db(save_dconf_db=True)
else:
uid = get_uid_by_username(self.username)
dconf_dict = Dconf_registry.get_dictionary_from_dconf_file_db(uid, save_dconf_db=True)
except Exception as e:
logdata = {'msg': str(e)}
log('E72', logdata)
if self._is_machine_username:
machine_gpts = []
try:
machine_name = self.storage.get_info('machine_name')
machine_gpts = self._get_gpts(machine_name)
machine_gpts.reverse()
except Exception as exc:
logdata = {'msg': str(exc)}
log('E17', logdata)
for i, gptobj in enumerate(machine_gpts):
try:
gptobj.merge_machine()
except Exception as exc:
logdata = {'msg': str(exc)}
log('E26', logdata)
else:
user_gpts = []
try:
user_gpts = self._get_gpts(self.username)
user_gpts.reverse()
except Exception as exc:
logdata = {'msg': str(exc)}
log('E17', logdata)
for i, gptobj in enumerate(user_gpts):
try:
gptobj.merge_user()
except Exception as exc:
logdata = {'msg': str(exc)}
log('E27', logdata)
def _get_gpts(self, username):
gpts = []
gpos, server = self.ipacreds.update_gpos(username)
if not gpos:
return gpts
if not server:
return gpts
cached_gpos = []
download_gpos = []
for i, gpo in enumerate(gpos):
if gpo.file_sys_path.startswith('/'):
if os.path.exists(gpo.file_sys_path):
logdata = {'gpo_name': gpo.display_name, 'path': gpo.file_sys_path}
log('D11', logdata)
cached_gpos.append(gpo)
else:
download_gpos.append(gpo)
else:
if self._check_sysvol_present(gpo):
download_gpos.append(gpo)
else:
logdata = {'gpo_name': gpo.display_name}
log('W4', logdata)
if download_gpos:
try:
self._download_gpos(download_gpos, server)
logdata = {'count': len(download_gpos)}
log('D50', logdata)
except Exception as e:
logdata = {'msg': str(e), 'count': len(download_gpos)}
log('E35', logdata)
else:
log('D211', {})
all_gpos = cached_gpos + download_gpos
for gpo in all_gpos:
gpt_abspath = gpo.file_sys_path
if not os.path.exists(gpt_abspath):
logdata = {'path': gpt_abspath, 'gpo_name': gpo.display_name}
log('W12', logdata)
continue
if self._is_machine_username:
obj = gpt(gpt_abspath, None, GpoInfoDconf(gpo))
else:
obj = gpt(gpt_abspath, self.username, GpoInfoDconf(gpo))
obj.set_name(gpo.display_name)
gpts.append(obj)
local_gpt = get_local_gpt()
gpts.append(local_gpt)
logdata = {'total_count': len(gpts), 'downloaded_count': len(download_gpos)}
log('I2', logdata)
return gpts
def _check_sysvol_present(self, gpo):
if not gpo.file_sys_path:
if getattr(gpo, 'name', '') != 'Local Policy':
logdata = {'gponame': getattr(gpo, 'name', 'Unknown')}
log('W4', logdata)
return False
if gpo.file_sys_path.startswith('\\\\'):
return True
elif gpo.file_sys_path.startswith('/'):
if os.path.exists(gpo.file_sys_path):
return True
else:
return False
else:
return False
def _download_gpos(self, gpos, server):
cache_dir = self.ipacreds.get_cache_dir()
domain = self.ipacreds.get_domain().upper()
gpo_cache_dir = os.path.join(cache_dir, domain, 'POLICIES')
os.makedirs(gpo_cache_dir, exist_ok=True)
for gpo in gpos:
if not gpo.file_sys_path:
continue
smb_remote_path = None
try:
smb_remote_path = self._convert_to_smb_path(gpo.file_sys_path, server)
local_gpo_path = os.path.join(gpo_cache_dir, gpo.name)
self._download_gpo_directory(smb_remote_path, local_gpo_path)
gpo.file_sys_path = local_gpo_path
except Exception as e:
logdata = {
'msg': str(e),
'gpo_name': gpo.display_name,
'smb_path': smb_remote_path,
}
log('E38', logdata)
def _convert_to_smb_path(self, windows_path, server):
match = re.search(r'\\\\[^\\]+\\(.+)', windows_path)
if not match:
raise Exception(f"Invalid Windows path format: {windows_path}")
relative_path = match.group(1).replace('\\', '/').lower()
smb_url = f"smb://{server}/{relative_path}"
return smb_url
def _download_gpo_directory(self, remote_smb_path, local_path):
os.makedirs(local_path, exist_ok=True)
try:
entries = self.file_cache.samba_context.opendir(remote_smb_path).getdents()
for entry in entries:
if entry.name in [".", ".."]:
continue
remote_entry_path = f"{remote_smb_path}/{entry.name}"
local_entry_path = os.path.join(local_path, entry.name)
if entry.smbc_type == smbc.DIR:
self._download_gpo_directory(remote_entry_path, local_entry_path)
elif entry.smbc_type == smbc.FILE:
try:
os.makedirs(os.path.dirname(local_entry_path), exist_ok=True)
self.file_cache.store(remote_entry_path, Path(local_entry_path))
except Exception as e:
logdata = {'exception': str(e), 'file': entry.name}
log('W30', logdata)
except Exception as e:
logdata = {'exception': str(e), 'remote_folder_path': remote_smb_path}
log('W31', logdata)

19
gpoa/backend/nodomain_backend.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2024 BaseALT Ltd.
# Copyright (C) 2019-2025 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -20,25 +20,13 @@
from .applier_backend import applier_backend
from storage import registry_factory
from gpt.gpt import get_local_gpt
from util.util import (
get_machine_name
)
from util.sid import get_sid
class nodomain_backend(applier_backend):
def __init__(self):
domain = None
machine_name = get_machine_name()
machine_sid = get_sid(domain, machine_name, True)
self.storage = registry_factory()
self.storage.set_info('domain', domain)
self.storage.set_info('machine_name', machine_name)
self.storage.set_info('machine_sid', machine_sid)
# User SID to work with HKCU hive
self.username = machine_name
self.sid = machine_sid
def retrieve_and_store(self):
'''
@@ -46,8 +34,7 @@ class nodomain_backend(applier_backend):
'''
# Get policies for machine at first.
self.storage.wipe_hklm()
self.storage.wipe_user(self.storage.get_info('machine_sid'))
local_policy = get_local_gpt(self.sid)
local_policy = get_local_gpt()
local_policy.merge_machine()
local_policy.merge_user()

46
gpoa/backend/samba_backend.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2024 BaseALT Ltd.
# Copyright (C) 2019-2025 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -55,7 +55,7 @@ class samba_backend(applier_backend):
# User SID to work with HKCU hive
self.username = username
self._is_machine_username = is_machine
self._is_machine = is_machine
if is_machine:
self.sid = machine_sid
else:
@@ -68,7 +68,7 @@ class samba_backend(applier_backend):
self.gpo_cache_part ='gpo_cache'
self._cached = False
self.storage.set_info('cache_dir', os.path.join(self.cache_dir, self.gpo_cache_part))
logdata = dict({'cachedir': self.cache_dir})
logdata = {'cachedir': self.cache_dir}
log('D7', logdata)
def __del__(self):
@@ -98,28 +98,28 @@ class samba_backend(applier_backend):
Retrieve settings and strore it in a database
'''
# Get policies for machine at first.
machine_gpts = list()
machine_gpts = []
try:
machine_gpts = self._get_gpts(get_machine_name(), self.storage.get_info('machine_sid'))
machine_gpts = self._get_gpts()
except Exception as exc:
log('F2')
raise exc
if self._is_machine_username:
if self._is_machine:
for gptobj in machine_gpts:
try:
gptobj.merge_machine()
except Exception as exc:
logdata = dict()
logdata = {}
logdata['msg'] = str(exc)
log('E26', logdata)
# Load user GPT values in case user's name specified
# This is a buggy implementation and should be tested more
else:
user_gpts = list()
user_gpts = []
try:
user_gpts = self._get_gpts(self.username, self.sid)
user_gpts = self._get_gpts(self.username)
except Exception as exc:
log('F3')
raise exc
@@ -127,7 +127,7 @@ class samba_backend(applier_backend):
# Merge user settings if UserPolicyMode set accordingly
# and user settings (for HKCU) are exist.
policy_mode = self.get_policy_mode()
logdata = dict({'mode': upm2str(policy_mode), 'sid': self.sid})
logdata = {'mode': upm2str(policy_mode)}
log('D152', logdata)
if policy_mode < 2:
@@ -135,17 +135,16 @@ class samba_backend(applier_backend):
try:
gptobj.merge_user()
except Exception as exc:
logdata = dict()
logdata = {}
logdata['msg'] = str(exc)
log('E27', logdata)
if policy_mode > 0:
for gptobj in machine_gpts:
try:
gptobj.sid = self.sid
gptobj.merge_user()
except Exception as exc:
logdata = dict()
logdata = {}
logdata['msg'] = str(exc)
log('E63', logdata)
@@ -162,15 +161,16 @@ class samba_backend(applier_backend):
self._cached = True
return True
elif 'Local Policy' != gpo.name:
logdata = dict({'gponame': gpo.name})
logdata = {'gponame': gpo.name}
log('W4', logdata)
return False
return True
def _get_gpts(self, username, sid):
gpts = list()
log('D45', {'username': username, 'sid': sid})
def _get_gpts(self, username=None):
gpts = []
if not username:
username = get_machine_name()
log('D45', {'username': username})
# util.windows.smbcreds
gpos = self.sambacreds.update_gpos(username)
log('D46')
@@ -178,21 +178,21 @@ class samba_backend(applier_backend):
if self._check_sysvol_present(gpo):
if not self._cached:
path = check_safe_path(gpo.file_sys_path).upper()
slogdata = dict({'sysvol_path': gpo.file_sys_path, 'gpo_name': gpo.display_name, 'gpo_path': path})
slogdata = {'sysvol_path': gpo.file_sys_path, 'gpo_name': gpo.display_name, 'gpo_path': path}
log('D30', slogdata)
gpt_abspath = os.path.join(self.cache_dir, self.gpo_cache_part, path)
else:
gpt_abspath = gpo.file_sys_path
log('D211', {'sysvol_path': gpo.file_sys_path, 'gpo_name': gpo.display_name})
if self._is_machine_username:
obj = gpt(gpt_abspath, sid, None, GpoInfoDconf(gpo))
if self._is_machine:
obj = gpt(gpt_abspath, None, GpoInfoDconf(gpo))
else:
obj = gpt(gpt_abspath, sid, self.username, GpoInfoDconf(gpo))
obj = gpt(gpt_abspath, self.username, GpoInfoDconf(gpo))
obj.set_name(gpo.display_name)
gpts.append(obj)
else:
if 'Local Policy' == gpo.name:
gpts.append(get_local_gpt(sid))
gpts.append(get_local_gpt())
return gpts

14
gpoa/frontend/appliers/control.py
View File

@@ -24,7 +24,7 @@ def control_subst(preg_name):
This is a workaround for control names which can't be used in
PReg/ADMX files.
'''
control_triggers = dict()
control_triggers = {}
control_triggers['dvd_rw-format'] = 'dvd+rw-format'
control_triggers['dvd_rw-mediainfo'] = 'dvd+rw-mediainfo'
control_triggers['dvd_rw-booktype'] = 'dvd+rw-booktype'
@@ -50,7 +50,7 @@ class control:
Query possible values from control in order to perform check of
parameter passed to constructor.
'''
values = list()
values = []
popen_call = ['/usr/sbin/control', self.control_name, 'list']
with subprocess.Popen(popen_call, stdout=subprocess.PIPE, stderr=subprocess.PIPE) as proc:
@@ -68,7 +68,7 @@ class control:
try:
str_status = self.possible_values[int_status]
except IndexError as exc:
logdata = dict()
logdata = {}
logdata['control'] = self.control_name
logdata['value from'] = self.possible_values
logdata['by index'] = int_status
@@ -97,20 +97,20 @@ class control:
if type(self.control_value) == int:
status = self._map_control_status(self.control_value)
if status == None:
logdata = dict()
logdata = {}
logdata['control'] = self.control_name
logdata['inpossible values'] = self.control_value
log('E42', logdata)
return
elif type(self.control_value) == str:
if self.control_value not in self.possible_values:
logdata = dict()
logdata = {}
logdata['control'] = self.control_name
logdata['inpossible values'] = self.control_value
log('E59', logdata)
return
status = self.control_value
logdata = dict()
logdata = {}
logdata['control'] = self.control_name
logdata['status'] = status
log('D68', logdata)
@@ -120,7 +120,7 @@ class control:
with subprocess.Popen(popen_call, stdout=subprocess.PIPE) as proc:
proc.wait()
except:
logdata = dict()
logdata = {}
logdata['control'] = self.control_name
logdata['status'] = status
log('E43', logdata)

4
gpoa/frontend/appliers/envvar.py
View File

@@ -64,7 +64,7 @@ class Envvar:
def _create_action(self, create_dict, envvar_file):
lines_old = envvar_file.readlines()
lines_new = list()
lines_new = []
for name in create_dict:
exist = False
for line in lines_old:
@@ -93,7 +93,7 @@ class Envvar:
with open(self.envvar_file_path, 'r') as f:
lines = f.readlines()
else:
lines = list()
lines = []
file_changed = False
for envvar_object in self.envvars:

57
gpoa/frontend/appliers/file_cp.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2022 BaseALT Ltd.
# Copyright (C) 2019-2025 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -30,6 +30,8 @@ from util.util import get_homedir
from util.exceptions import NotUNCPathError
from util.paths import UNCPath
import fnmatch
import pwd
import grp
class Files_cp:
def __init__(self, file_obj, file_cache, exe_check, username=None):
@@ -49,7 +51,8 @@ class Files_cp:
self.suppress = str2bool(file_obj.suppress)
self.executable = str2bool(file_obj.executable)
self.username = username
self.fromPathFiles = list()
self.pw = pwd.getpwnam(username) if username else None
self.fromPathFiles = []
if self.fromPath:
if targetPath[-1] == '/' or self.is_pattern(Path(self.fromPath).name):
self.isTargetPathDirectory = True
@@ -77,7 +80,7 @@ class Files_cp:
else:
return targetPath.parent.joinpath('.' + targetPath.name)
except Exception as exc:
logdata = dict()
logdata = {}
logdata['targetPath'] = targetPath
logdata['fromFile'] = fromFile
logdata['exc'] = exc
@@ -94,7 +97,7 @@ class Files_cp:
if fromFilePath.exists():
targetFile.write_bytes(fromFilePath.read_bytes())
except Exception as exc:
logdata = dict()
logdata = {}
logdata['targetFile'] = targetFile
logdata['fromFile'] = fromFile
logdata['exc'] = exc
@@ -125,7 +128,7 @@ class Files_cp:
shutil.os.chmod(targetFile, 0o644)
def _create_action(self):
logdata = dict()
logdata = {}
for fromFile in self.fromPathFiles:
targetFile = None
@@ -134,7 +137,8 @@ class Files_cp:
if targetFile and not targetFile.exists():
self.copy_target_file(targetFile, fromFile)
if self.username:
shutil.chown(targetFile, self.username)
group_name = grp.getgrgid(self.pw.pw_gid).gr_name
chown_home_path(targetFile, username=self.username, group=group_name)
self.set_mod_file(targetFile, fromFile)
logdata['File'] = targetFile
log('D191', logdata)
@@ -149,7 +153,7 @@ class Files_cp:
list_target = [self.targetPath.name]
if self.is_pattern(self.targetPath.name) and self.targetPath.parent.exists() and self.targetPath.parent.is_dir():
list_target = fnmatch.filter([str(x.name) for x in self.targetPath.parent.iterdir() if x.is_file()], self.targetPath.name)
logdata = dict()
logdata = {}
for targetFile in list_target:
targetFile = self.targetPath.parent.joinpath(targetFile)
try:
@@ -165,13 +169,15 @@ class Files_cp:
log('D165', logdata)
def _update_action(self):
logdata = dict()
logdata = {}
for fromFile in self.fromPathFiles:
targetFile = self.get_target_file(self.targetPath, fromFile)
try:
self.copy_target_file(targetFile, fromFile)
if self.username:
shutil.chown(self.targetPath, self.username)
group_name = grp.getgrgid(self.pw.pw_gid).gr_name
chown_home_path(targetFile, username=self.username, group=group_name)
self.set_mod_file(targetFile, fromFile)
logdata['File'] = targetFile
log('D192', logdata)
@@ -200,7 +206,7 @@ class Files_cp:
return False
def get_list_files(self):
logdata = dict()
logdata = {}
logdata['targetPath'] = str(self.targetPath)
fromFilePath = Path(self.fromPath)
if not self.is_pattern(fromFilePath.name):
@@ -254,8 +260,8 @@ class Execution_check():
marker_usage_path_branch = '{}\\{}%'.format(self.__hklm_branch, self.__marker_usage_path_key_name)
self.etension_marker = storage.filter_hklm_entries(etension_marker_branch)
self.marker_usage_path = storage.filter_hklm_entries(marker_usage_path_branch)
self.list_paths = list()
self.list_markers = list()
self.list_paths = []
self.list_markers = []
for marker in self.etension_marker:
self.list_markers.append(marker.data)
for usage_path in self.marker_usage_path:
@@ -266,3 +272,32 @@ class Execution_check():
def get_list_markers(self):
return self.list_markers
def chown_home_path(path: Path, username: str, group: str) -> None:
"""
Change ownership (user and group) of the given path and all its parent
directories up to (but NOT including) the user's home directory.
If the path is not inside the user's home directory, do nothing.
:param path: Path to a file or directory.
:param user: Username to set as owner.
:param group: Group name to set as group.
"""
path = path.resolve()
home_root = Path(get_homedir(username))
# Check if the path is inside user's home directory
if home_root not in path.parents:
return # Not inside user's home - do nothing
# Walk upwards from the given path until just above home_root
current = path
while True:
if current == home_root:
break # do not change ownership of the home directory itself
shutil.chown(current, user=username, group=group)
if current.parent == current: # Safety check: reached root (/)
break
current = current.parent

4
gpoa/frontend/appliers/firewall_rule.py
View File

@@ -20,7 +20,7 @@ from enum import Enum
import subprocess
def getprops(param_list):
props = dict()
props = {}
for entry in param_list:
lentry = entry.lower()
@@ -35,7 +35,7 @@ def getprops(param_list):
def get_ports(param_list):
portlist = list()
portlist = []
for entry in param_list:
lentry = entry.lower()

5
gpoa/frontend/appliers/folder.py
View File

@@ -28,7 +28,7 @@ from util.windows import expand_windows_var
from util.util import get_homedir
def remove_dir_tree(path, delete_files=False, delete_folder=False, delete_sub_folders=False):
content = list()
content = []
for entry in path.iterdir():
content.append(entry)
if entry.is_file() and delete_files:
@@ -77,9 +77,10 @@ class Folder:
self.delete_folder,
self.delete_sub_folders)
def act(self):
if self.hidden_folder == True and str(self.folder_path.name)[0] != '.':
path_components = list(self.folder_path.parts)
path_components = [*self.folder_path.parts]
path_components[-1] = '.' + path_components[-1]
new_folder_path = Path(*path_components)
self.folder_path = new_folder_path

16
gpoa/frontend/appliers/gsettings.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2021 BaseALT Ltd.
# Copyright (C) 2019-2025 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -53,15 +53,15 @@ class system_gsettings:
__profile_data = 'user-db:user\nsystem-db:policy\nsystem-db:local\n'
def __init__(self, override_file_path):
self.gsettings = list()
self.locks = list()
self.gsettings = []
self.locks = []
self.override_file_path = override_file_path
def append(self, schema, path, data, lock, helper):
if check_existing_gsettings(schema, path):
self.gsettings.append(system_gsetting(schema, path, data, lock, helper))
else:
logdata = dict()
logdata = {}
logdata['schema'] = schema
logdata['path'] = path
logdata['data'] = data
@@ -72,7 +72,7 @@ class system_gsettings:
config = configparser.ConfigParser()
for gsetting in self.gsettings:
logdata = dict()
logdata = {}
logdata['gsetting.schema'] = gsetting.schema
logdata['gsetting.path'] = gsetting.path
logdata['gsetting.value'] = gsetting.value
@@ -132,13 +132,13 @@ def check_existing_gsettings (schema, path):
class user_gsettings:
def __init__(self):
self.gsettings = list()
self.gsettings = []
def append(self, schema, path, value, helper=None):
if check_existing_gsettings(schema, path):
self.gsettings.append(user_gsetting(schema, path, value, helper))
else:
logdata = dict()
logdata = {}
logdata['schema'] = schema
logdata['path'] = path
logdata['data'] = value
@@ -146,7 +146,7 @@ class user_gsettings:
def apply(self):
for gsetting in self.gsettings:
logdata = dict()
logdata = {}
logdata['gsetting.schema'] = gsetting.schema
logdata['gsetting.path'] = gsetting.path
logdata['gsetting.value'] = gsetting.value

4
gpoa/frontend/appliers/ini_file.py
View File

@@ -54,7 +54,7 @@ class Ini_file:
if self.path.is_dir():
return
if self.section not in self.config:
self.config[self.section] = dict()
self.config[self.section] = {}
self.config[self.section][self.key] = self.value
self.config.write()
@@ -85,7 +85,7 @@ class Ini_file:
if self.action == FileAction.REPLACE:
self._create_action()
except Exception as exc:
logdata = dict()
logdata = {}
logdata['action'] = self.action
logdata['exc'] = exc
log('W23', logdata)

4
gpoa/frontend/appliers/netshare.py
View File

@@ -31,7 +31,7 @@ class Networkshare:
def __init__(self, networkshare_obj, username = None):
self.net_full_cmd = ['/usr/bin/net', 'usershare']
self.net_cmd_check = ['/usr/bin/net', 'usershare', 'list']
self.cmd = list()
self.cmd = []
self.name = networkshare_obj.name
self.path = expand_windows_var(networkshare_obj.path, username).replace('\\', '/') if networkshare_obj.path else None
@@ -52,7 +52,7 @@ class Networkshare:
return exc
def _run_net_full_cmd(self):
logdata = dict()
logdata = {}
try:
res = subprocess.check_output(self.net_full_cmd, stderr=subprocess.DEVNULL, encoding='utf-8')
if res:

5
gpoa/frontend/appliers/polkit.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
# Copyright (C) 2019-2025 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -50,6 +50,7 @@ class polkit:
if os.path.isfile(self.outfile):
os.remove(self.outfile)
return
logdata = {}
try:
template = self.__template_environment.get_template(self.infilename)
text = template.render(**self.args)
@@ -57,12 +58,10 @@ class polkit:
with open(self.outfile, 'w') as f:
f.write(text)
logdata = dict()
logdata['file'] = self.outfile
logdata['arguments'] = self.args
log('D77', logdata)
except Exception as exc:
logdata = dict()
logdata['file'] = self.outfile
logdata['arguments'] = self.args
log('E44', logdata)

17
gpoa/frontend/appliers/systemd.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
# Copyright (C) 2019-2025 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -34,6 +34,7 @@ class systemd_unit:
self.unit_properties = dbus.Interface(self.unit_proxy, dbus_interface='org.freedesktop.DBus.Properties')
def apply(self):
logdata = {'unit': self.unit_name}
if self.desired_state == 1:
self.manager.UnmaskUnitFiles([self.unit_name], dbus.Boolean(False))
self.manager.EnableUnitFiles([self.unit_name], dbus.Boolean(False), dbus.Boolean(True))
@@ -41,8 +42,6 @@ class systemd_unit:
if self.manager.GetUnitFileState(dbus.String(self.unit_name)) == 'enabled':
return
self.manager.StartUnit(self.unit_name, 'replace')
logdata = dict()
logdata['unit'] = self.unit_name
log('I6', logdata)
# In case the service has 'RestartSec' property set it
@@ -50,27 +49,21 @@ class systemd_unit:
# 'active' so we consider 'activating' a valid state too.
service_state = self._get_state()
if not service_state in ['active', 'activating']:
if service_state not in ('active', 'activating'):
service_timer_name = self.unit_name.replace(".service", ".timer")
self.unit = self.manager.LoadUnit(dbus.String(service_timer_name))
service_state = self._get_state()
if not service_state in ['active', 'activating']:
logdata = dict()
logdata['unit'] = self.unit_name
if service_state not in ('active', 'activating'):
log('E46', logdata)
else:
self.manager.StopUnit(self.unit_name, 'replace')
self.manager.DisableUnitFiles([self.unit_name], dbus.Boolean(False))
self.manager.MaskUnitFiles([self.unit_name], dbus.Boolean(False), dbus.Boolean(True))
logdata = dict()
logdata['unit'] = self.unit_name
log('I6', logdata)
service_state = self._get_state()
if not service_state in ['stopped', 'deactivating', 'inactive']:
logdata = dict()
logdata['unit'] = self.unit_name
if service_state not in ('stopped', 'deactivating', 'inactive'):
log('E46', logdata)
def _get_state(self):

15
gpoa/frontend/chromium_applier.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2024 BaseALT Ltd.
# Copyright (C) 2019-2025 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -34,14 +34,13 @@ class chromium_applier(applier_frontend):
__managed_policies_path = '/etc/chromium/policies/managed'
__recommended_policies_path = '/etc/chromium/policies/recommended'
def __init__(self, storage, sid, username):
def __init__(self, storage, username):
self.storage = storage
self.sid = sid
self.username = username
self._is_machine_name = is_machine_name(self.username)
self.chromium_keys = self.storage.filter_hklm_entries(self.__registry_branch)
self.policies_json = dict()
self.policies_json = {}
self.__module_enabled = check_enabled(
self.storage
@@ -69,7 +68,7 @@ class chromium_applier(applier_frontend):
os.makedirs(self.__managed_policies_path, exist_ok=True)
with open(destfile, 'w') as f:
json.dump(dict_item_to_list(self.policies_json), f)
logdata = dict()
logdata = {}
logdata['destfile'] = destfile
log('D97', logdata)
@@ -77,7 +76,7 @@ class chromium_applier(applier_frontend):
os.makedirs(self.__recommended_policies_path, exist_ok=True)
with open(destfilerec, 'w') as f:
json.dump(dict_item_to_list(recommended__json), f)
logdata = dict()
logdata = {}
logdata['destfilerec'] = destfilerec
log('D97', logdata)
@@ -184,7 +183,7 @@ class chromium_applier(applier_frontend):
'''
Collect dictionaries from registry keys into a general dictionary
'''
counts = dict()
counts = {}
#getting the list of keys to read as an integer
valuename_typeint = self.get_valuename_typeint()
for it_data in chromium_keys:
@@ -212,7 +211,7 @@ class chromium_applier(applier_frontend):
branch[parts[-1]] = str(it_data.data).replace('\\', '/')
except Exception as exc:
logdata = dict()
logdata = {}
logdata['Exception'] = exc
logdata['keyname'] = it_data.keyname
log('D178', logdata)

58
gpoa/frontend/cifs_applier.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2022 BaseALT Ltd.
# Copyright (C) 2019-2025 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -27,12 +27,12 @@ from .applier_frontend import (
applier_frontend
, check_enabled
)
from util.util import get_homedir, get_uid_by_username
from util.util import get_homedir, get_uid_by_username, get_machine_name
from util.logging import log
def storage_get_drives(storage, sid):
drives = storage.get_drives(sid)
drive_list = list()
def storage_get_drives(storage):
drives = storage.get_drives()
drive_list = []
for drv_obj in drives:
drive_list.append(drv_obj)
@@ -65,7 +65,7 @@ def remove_escaped_quotes(input_string):
class Drive_list:
__alphabet = string.ascii_uppercase
def __init__(self):
self.dict_drives = dict()
self.dict_drives = {}
def __get_letter(self, letter):
slice_letters = set(self.__alphabet[self.__alphabet.find(letter) + 1:]) - set(self.dict_drives.keys())
@@ -127,9 +127,9 @@ class cifs_applier(applier_frontend):
__module_experimental = False
__dir4clean = '/etc/auto.master.gpupdate.d'
def __init__(self, storage, sid):
def __init__(self, storage):
self.clear_directory_auto_dir()
self.applier_cifs = cifs_applier_user(storage, sid, None)
self.applier_cifs = cifs_applier_user(storage, None)
self.__module_enabled = check_enabled(
storage
, self.__module_name
@@ -137,6 +137,8 @@ class cifs_applier(applier_frontend):
)
def clear_directory_auto_dir(self):
path = Path(self.__dir4clean)
if not path.exists():
return
for item in path.iterdir():
try:
@@ -185,9 +187,8 @@ class cifs_applier_user(applier_frontend):
__name_value = 'DriveMapsName'
__name_value_user = 'DriveMapsNameUser'
def __init__(self, storage, sid, username):
def __init__(self, storage, username):
self.storage = storage
self.sid = sid
self.username = username
self.state_home_link = False
self.state_home_link_user = False
@@ -210,10 +211,10 @@ class cifs_applier_user(applier_frontend):
self.__mountpoint_dirname = dirname_system_from_machine if dirname_system_from_machine else self.__mountpoint_dirname
mntTarget = self.__mountpoint_dirname_user
self.keys_cifs_previous_values_user = self.dict_registry_user.get(self.__key_cifs_previous_value,dict())
self.keys_cifs_values_user = self.dict_registry_user.get(name_dir,dict())
self.keys_the_preferences_previous_values_user = self.dict_registry_user.get((self.__key_preferences_previous+self.username),dict()).get('Drives', dict())
self.keys_the_preferences_values_user = self.dict_registry_user.get((self.__key_preferences+self.username),dict()).get('Drives', dict())
self.keys_cifs_previous_values_user = self.dict_registry_user.get(self.__key_cifs_previous_value,{})
self.keys_cifs_values_user = self.dict_registry_user.get(name_dir,{})
self.keys_the_preferences_previous_values_user = self.dict_registry_user.get((self.__key_preferences_previous+self.username),{}).get('Drives', {})
self.keys_the_preferences_values_user = self.dict_registry_user.get((self.__key_preferences+self.username),{}).get('Drives', {})
else:
self.home = self.__target_mountpoint
@@ -222,18 +223,19 @@ class cifs_applier_user(applier_frontend):
self.__mountpoint_dirname = dirname_system.data if dirname_system and dirname_system.data else self.__mountpoint_dirname
mntTarget = self.__mountpoint_dirname
self.keys_cifs_previous_values_machine = self.dict_registry_machine.get(self.__key_cifs_previous_value,dict())
self.keys_cifs_values_machine = self.dict_registry_machine.get(name_dir,dict())
self.keys_the_preferences_previous_values = self.dict_registry_machine.get((self.__key_preferences_previous+'Machine'),dict()).get('Drives', dict())
self.keys_the_preferences_values = self.dict_registry_machine.get((self.__key_preferences+'Machine'),dict()).get('Drives', dict())
self.keys_cifs_previous_values_machine = self.dict_registry_machine.get(self.__key_cifs_previous_value,{})
self.keys_cifs_values_machine = self.dict_registry_machine.get(name_dir,{})
self.keys_the_preferences_previous_values = self.dict_registry_machine.get((self.__key_preferences_previous+'Machine'),{}).get('Drives', {})
self.keys_the_preferences_values = self.dict_registry_machine.get((self.__key_preferences+'Machine'),{}).get('Drives', {})
self.cifsacl_disable = self.storage.get_entry(self.__cifsacl_key, preg=False)
self.mntTarget = mntTarget.translate(str.maketrans({" ": r"\ "}))
conf_file = '{}.conf'.format(sid)
conf_hide_file = '{}_hide.conf'.format(sid)
autofs_file = '{}.autofs'.format(sid)
autofs_hide_file = '{}_hide.autofs'.format(sid)
cred_file = '{}.creds'.format(sid)
file_name = username if username else get_machine_name()
conf_file = '{}.conf'.format(file_name)
conf_hide_file = '{}_hide.conf'.format(file_name)
autofs_file = '{}.autofs'.format(file_name)
autofs_hide_file = '{}_hide.autofs'.format(file_name)
cred_file = '{}.creds'.format(file_name)
self.auto_master_d = Path(self.__auto_dir)
@@ -253,7 +255,7 @@ class cifs_applier_user(applier_frontend):
self.mount_dir = Path(os.path.join(self.home))
self.drives = storage_get_drives(self.storage, self.sid)
self.drives = storage_get_drives(self.storage)
self.template_loader = jinja2.FileSystemLoader(searchpath=self.__template_path)
self.template_env = jinja2.Environment(loader=self.template_loader)
@@ -309,7 +311,7 @@ class cifs_applier_user(applier_frontend):
# Collect data for drive settings
drive_list = Drive_list()
for drv in self.drives:
drive_settings = dict()
drive_settings = {}
drive_settings['dir'] = drv.dir
drive_settings['login'] = drv.login
drive_settings['password'] = drv.password
@@ -326,7 +328,7 @@ class cifs_applier_user(applier_frontend):
drive_list.append(drive_settings)
if drive_list.len() > 0:
mount_settings = dict()
mount_settings = {}
mount_settings['drives'] = drive_list()
mount_text = self.template_mountpoints.render(**mount_settings)
@@ -342,7 +344,7 @@ class cifs_applier_user(applier_frontend):
f.write(mount_text_hide)
f.flush()
autofs_settings = dict()
autofs_settings = {}
autofs_settings['home_dir'] = self.home
autofs_settings['mntTarget'] = self.mntTarget
autofs_settings['mount_file'] = self.user_config.resolve()
@@ -466,8 +468,6 @@ class cifs_applier_user(applier_frontend):
self.unlink_symlink(dMachineHide)
def admin_context_apply(self):
if self.__module_enabled:
log('D146')

16
gpoa/frontend/control_applier.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2024 BaseALT Ltd.
# Copyright (C) 2019-2025 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -33,7 +33,7 @@ class control_applier(applier_frontend):
def __init__(self, storage):
self.storage = storage
self.control_settings = self.storage.filter_hklm_entries(self._registry_branch)
self.controls = list()
self.controls = []
self.__module_enabled = check_enabled(
self.storage
, self.__module_name
@@ -45,9 +45,7 @@ class control_applier(applier_frontend):
valuename = setting.hive_key.rpartition('/')[2]
try:
self.controls.append(control(valuename, int(setting.data)))
logdata = dict()
logdata['control'] = valuename
logdata['value'] = setting.data
logdata = {'control': valuename, 'value': setting.data}
log('I3', logdata)
except ValueError as exc:
try:
@@ -57,14 +55,10 @@ class control_applier(applier_frontend):
log('I3', logdata)
continue
self.controls.append(ctl)
logdata = dict()
logdata['control'] = valuename
logdata['with string value'] = setting.data
logdata = {'control': valuename, 'with string value': setting.data}
log('I3', logdata)
except Exception as exc:
logdata = dict()
logdata['control'] = valuename
logdata['exc'] = exc
logdata = {'control': valuename, 'exc': exc}
log('E39', logdata)
#for e in polfile.pol_file.entries:
# print('{}:{}:{}:{}:{}'.format(e.type, e.data, e.valuename, e.keyname))

26
gpoa/frontend/cups_applier.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2024 BaseALT Ltd.
# Copyright (C) 2019-2025 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -26,12 +26,12 @@ from gpt.printers import json2printer
from util.rpm import is_rpm_installed
from util.logging import log
def storage_get_printers(storage, sid):
def storage_get_printers(storage):
'''
Query printers configuration from storage
'''
printer_objs = storage.get_printers(sid)
printers = list()
printer_objs = storage.get_printers()
printers = []
for prnj in printer_objs:
printers.append(prnj)
@@ -62,8 +62,8 @@ def connect_printer(connection, prn):
class cups_applier(applier_frontend):
__module_name = 'CUPSApplier'
__module_experimental = True
__module_enabled = False
__module_experimental = False
__module_enabled = True
def __init__(self, storage):
self.storage = storage
@@ -80,10 +80,9 @@ class cups_applier(applier_frontend):
try:
self.cups_connection = cups.Connection()
except Exception as exc:
logdata = dict()
logdata['exc', exc]
logdata = {'exc': exc}
log('W20', logdata)
self.printers = storage_get_printers(self.storage, self.storage.get_info('machine_sid'))
self.printers = storage_get_printers(self.storage)
if self.printers:
for prn in self.printers:
@@ -101,12 +100,11 @@ class cups_applier(applier_frontend):
class cups_applier_user(applier_frontend):
__module_name = 'CUPSApplierUser'
__module_experimental = True
__module_enabled = False
__module_experimental = False
__module_enabled = True
def __init__(self, storage, sid, username):
def __init__(self, storage, username):
self.storage = storage
self.sid = sid
self.username = username
self.__module_enabled = check_enabled(
self.storage
@@ -127,7 +125,7 @@ class cups_applier_user(applier_frontend):
return
self.cups_connection = cups.Connection()
self.printers = storage_get_printers(self.storage, self.sid)
self.printers = storage_get_printers(self.storage)
if self.printers:
for prn in self.printers:

12
gpoa/frontend/envvar_applier.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2024 BaseALT Ltd.
# Copyright (C) 2019-2025 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -29,10 +29,9 @@ class envvar_applier(applier_frontend):
__module_experimental = False
__module_enabled = True
def __init__(self, storage, sid):
def __init__(self, storage):
self.storage = storage
self.sid = sid
self.envvars = self.storage.get_envvars(self.sid)
self.envvars = self.storage.get_envvars()
Envvar.clear_envvar_file()
self.__module_enabled = check_enabled(self.storage, self.__module_name, self.__module_experimental)
@@ -49,11 +48,10 @@ class envvar_applier_user(applier_frontend):
__module_experimental = False
__module_enabled = True
def __init__(self, storage, sid, username):
def __init__(self, storage, username):
self.storage = storage
self.sid = sid
self.username = username
self.envvars = self.storage.get_envvars(self.sid)
self.envvars = self.storage.get_envvars()
Envvar.clear_envvar_file(username)
self.__module_enabled = check_enabled(self.storage, self.__module_name, self.__module_experimental)

20
gpoa/frontend/file_applier.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2022 BaseALT Ltd.
# Copyright (C) 2019-2025 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -28,15 +28,14 @@ from util.logging import log
class file_applier(applier_frontend):
__module_name = 'FilesApplier'
__module_experimental = True
__module_enabled = False
__module_experimental = False
__module_enabled = True
def __init__(self, storage, file_cache, sid):
def __init__(self, storage, file_cache):
self.storage = storage
self.exe_check = Execution_check(storage)
self.sid = sid
self.file_cache = file_cache
self.files = self.storage.get_files(self.sid)
self.files = self.storage.get_files()
self.__module_enabled = check_enabled(self.storage, self.__module_name, self.__module_experimental)
def run(self):
@@ -52,16 +51,15 @@ class file_applier(applier_frontend):
class file_applier_user(applier_frontend):
__module_name = 'FilesApplierUser'
__module_experimental = True
__module_enabled = False
__module_experimental = False
__module_enabled = True
def __init__(self, storage, file_cache, sid, username):
def __init__(self, storage, file_cache, username):
self.storage = storage
self.file_cache = file_cache
self.sid = sid
self.username = username
self.exe_check = Execution_check(storage)
self.files = self.storage.get_files(self.sid)
self.files = self.storage.get_files()
self.__module_enabled = check_enabled(
self.storage
, self.__module_name

24
gpoa/frontend/firefox_applier.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2024 BaseALT Ltd.
# Copyright (C) 2019-2025 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -42,15 +42,14 @@ class firefox_applier(applier_frontend):
__registry_branch = 'Software/Policies/Mozilla/Firefox'
__firefox_policies = '/etc/firefox/policies'
def __init__(self, storage, sid, username):
def __init__(self, storage, username):
self.storage = storage
self.sid = sid
self.username = username
self._is_machine_name = is_machine_name(self.username)
self.policies = dict()
self.policies_json = dict({ 'policies': self.policies })
self.policies = {}
self.policies_json = {'policies': self.policies}
self.firefox_keys = self.storage.filter_hklm_entries(self.__registry_branch)
self.policies_gen = dict()
self.policies_gen = {}
self.__module_enabled = check_enabled(
self.storage
, self.__module_name
@@ -69,8 +68,7 @@ class firefox_applier(applier_frontend):
os.makedirs(self.__firefox_policies, exist_ok=True)
with open(destfile, 'w') as f:
json.dump(self.policies_json, f)
logdata = dict()
logdata['destfile'] = destfile
logdata = {'destfile': destfile}
log('D91', logdata)
def apply(self):
@@ -112,13 +110,13 @@ def clean_data_firefox(data):
def create_dict(firefox_keys, registry_branch, excp=list()):
def create_dict(firefox_keys, registry_branch, excp=[]):
'''
Collect dictionaries from registry keys into a general dictionary
'''
get_boolean = lambda data: data in ['1', 'true', 'True', True, 1] if isinstance(data, (str, int)) else False
get_parts = lambda hivekey, registry: hivekey.replace(registry, '').split('/')
counts = dict()
counts = {}
for it_data in firefox_keys:
branch = counts
try:
@@ -153,7 +151,7 @@ def create_dict(firefox_keys, registry_branch, excp=list()):
for part in parts[:-1]:
branch = branch.setdefault(part, {})
if branch.get(parts[-1]) is None:
branch[parts[-1]] = list()
branch[parts[-1]] = []
if it_data.type == 4:
branch[parts[-1]].append(get_boolean(it_data.data))
else:
@@ -162,9 +160,7 @@ def create_dict(firefox_keys, registry_branch, excp=list()):
else:
branch[parts[-1]].append(str(it_data.data))
except Exception as exc:
logdata = dict()
logdata['Exception'] = exc
logdata['keyname'] = it_data.keyname
logdata = {'Exception': exc, 'keyname': it_data.keyname}
log('W14', logdata)
return {'policies': dict_item_to_list(counts)}

12
gpoa/frontend/folder_applier.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2024 BaseALT Ltd.
# Copyright (C) 2019-2025 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -31,10 +31,9 @@ class folder_applier(applier_frontend):
__module_experimental = False
__module_enabled = True
def __init__(self, storage, sid):
def __init__(self, storage):
self.storage = storage
self.sid = sid
self.folders = self.storage.get_folders(self.sid)
self.folders = self.storage.get_folders()
self.__module_enabled = check_enabled(self.storage, self.__module_name, self.__module_experimental)
def apply(self):
@@ -57,11 +56,10 @@ class folder_applier_user(applier_frontend):
__module_experimental = False
__module_enabled = True
def __init__(self, storage, sid, username):
def __init__(self, storage, username):
self.storage = storage
self.sid = sid
self.username = username
self.folders = self.storage.get_folders(self.sid)
self.folders = self.storage.get_folders()
self.__module_enabled = check_enabled(
self.storage
, self.__module_name

79
gpoa/frontend/frontend_manager.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2024 BaseALT Ltd.
# Copyright (C) 2019-2025 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -78,7 +78,6 @@ from .laps_applier import laps_applier
from .networkshare_applier import networkshare_applier
from .yandex_browser_applier import yandex_browser_applier
from util.sid import get_sid
from util.users import (
is_root,
get_process_user,
@@ -97,16 +96,15 @@ def determine_username(username=None):
# If username is not set then it will be the name
# of process owner.
logdata = {'username': name}
if not username:
name = get_process_user()
logdata = dict({'username': name})
log('D2', logdata)
if not username_match_uid(name):
if not is_root():
raise Exception('Current process UID does not match specified username')
logdata = dict({'username': name})
log('D15', logdata)
return name
@@ -118,9 +116,7 @@ def apply_user_context(user_appliers):
try:
applier_object.user_context_apply()
except Exception as exc:
logdata = dict()
logdata['applier'] = applier_name
logdata['exception'] = str(exc)
logdata = {'applier': applier_name, 'exception': str(exc)}
log('E20', logdata)
class frontend_manager:
@@ -134,7 +130,6 @@ class frontend_manager:
self.storage = registry_factory('dconf', username=self.username)
self.is_machine = is_machine
self.process_uname = get_process_user()
self.sid = get_sid(self.storage.get_info('domain'), self.username, is_machine)
self.file_cache = fs_file_cache('file_cache', self.username)
self.machine_appliers = dict()
@@ -149,52 +144,48 @@ class frontend_manager:
self.machine_appliers['control'] = control_applier(self.storage)
self.machine_appliers['polkit'] = polkit_applier(self.storage)
self.machine_appliers['systemd'] = systemd_applier(self.storage)
self.machine_appliers['firefox'] = firefox_applier(self.storage, self.sid, self.username)
self.machine_appliers['thunderbird'] = thunderbird_applier(self.storage, self.sid, self.username)
self.machine_appliers['chromium'] = chromium_applier(self.storage, self.sid, self.username)
self.machine_appliers['yandex_browser'] = yandex_browser_applier(self.storage, self.sid, self.username)
self.machine_appliers['firefox'] = firefox_applier(self.storage, self.username)
self.machine_appliers['thunderbird'] = thunderbird_applier(self.storage, self.username)
self.machine_appliers['chromium'] = chromium_applier(self.storage, self.username)
self.machine_appliers['yandex_browser'] = yandex_browser_applier(self.storage, self.username)
self.machine_appliers['shortcuts'] = shortcut_applier(self.storage)
self.machine_appliers['gsettings'] = gsettings_applier(self.storage, self.file_cache)
try:
self.machine_appliers['cifs'] = cifs_applier(self.storage, self.sid)
self.machine_appliers['cifs'] = cifs_applier(self.storage)
except Exception as exc:
logdata = dict()
logdata['applier_name'] = 'cifs'
logdata['msg'] = str(exc)
logdata = {'applier_name': 'cifs', 'msg': str(exc)}
log('E24', logdata)
self.machine_appliers['cups'] = cups_applier(self.storage)
self.machine_appliers['firewall'] = firewall_applier(self.storage)
self.machine_appliers['folders'] = folder_applier(self.storage, self.sid)
self.machine_appliers['folders'] = folder_applier(self.storage)
self.machine_appliers['ntp'] = ntp_applier(self.storage)
self.machine_appliers['envvar'] = envvar_applier(self.storage, self.sid)
self.machine_appliers['networkshare'] = networkshare_applier(self.storage, self.sid)
self.machine_appliers['scripts'] = scripts_applier(self.storage, self.sid)
self.machine_appliers['files'] = file_applier(self.storage, self.file_cache, self.sid)
self.machine_appliers['ini'] = ini_applier(self.storage, self.sid)
self.machine_appliers['envvar'] = envvar_applier(self.storage)
self.machine_appliers['networkshare'] = networkshare_applier(self.storage)
self.machine_appliers['scripts'] = scripts_applier(self.storage)
self.machine_appliers['files'] = file_applier(self.storage, self.file_cache)
self.machine_appliers['ini'] = ini_applier(self.storage)
self.machine_appliers['kde'] = kde_applier(self.storage)
self.machine_appliers['package'] = package_applier(self.storage)
def _init_user_appliers(self):
# User appliers are expected to work with user-writable
# files and settings, mostly in $HOME.
self.user_appliers['shortcuts'] = shortcut_applier_user(self.storage, self.sid, self.username)
self.user_appliers['folders'] = folder_applier_user(self.storage, self.sid, self.username)
self.user_appliers['gsettings'] = gsettings_applier_user(self.storage, self.file_cache, self.sid, self.username)
self.user_appliers['shortcuts'] = shortcut_applier_user(self.storage, self.username)
self.user_appliers['folders'] = folder_applier_user(self.storage, self.username)
self.user_appliers['gsettings'] = gsettings_applier_user(self.storage, self.file_cache, self.username)
try:
self.user_appliers['cifs'] = cifs_applier_user(self.storage, self.sid, self.username)
self.user_appliers['cifs'] = cifs_applier_user(self.storage, self.username)
except Exception as exc:
logdata = dict()
logdata['applier_name'] = 'cifs'
logdata['msg'] = str(exc)
logdata = {'applier_name': 'cifs', 'msg': str(exc)}
log('E25', logdata)
self.user_appliers['polkit'] = polkit_applier_user(self.storage, self.sid, self.username)
self.user_appliers['envvar'] = envvar_applier_user(self.storage, self.sid, self.username)
self.user_appliers['networkshare'] = networkshare_applier(self.storage, self.sid, self.username)
self.user_appliers['scripts'] = scripts_applier_user(self.storage, self.sid, self.username)
self.user_appliers['files'] = file_applier_user(self.storage, self.file_cache, self.sid, self.username)
self.user_appliers['ini'] = ini_applier_user(self.storage, self.sid, self.username)
self.user_appliers['kde'] = kde_applier_user(self.storage, self.sid, self.username, self.file_cache)
self.user_appliers['package'] = package_applier_user(self.storage, self.sid, self.username)
self.user_appliers['polkit'] = polkit_applier_user(self.storage, self.username)
self.user_appliers['envvar'] = envvar_applier_user(self.storage, self.username)
self.user_appliers['networkshare'] = networkshare_applier(self.storage, self.username)
self.user_appliers['scripts'] = scripts_applier_user(self.storage, self.username)
self.user_appliers['files'] = file_applier_user(self.storage, self.file_cache, self.username)
self.user_appliers['ini'] = ini_applier_user(self.storage, self.username)
self.user_appliers['kde'] = kde_applier_user(self.storage, self.username, self.file_cache)
self.user_appliers['package'] = package_applier_user(self.storage, self.username)
def machine_apply(self):
'''
@@ -209,9 +200,7 @@ class frontend_manager:
try:
applier_object.apply()
except Exception as exc:
logdata = dict()
logdata['applier_name'] = applier_name
logdata['msg'] = str(exc)
logdata = {'applier_name': applier_name, 'msg': str(exc)}
log('E24', logdata)
def user_apply(self):
@@ -223,24 +212,20 @@ class frontend_manager:
try:
applier_object.admin_context_apply()
except Exception as exc:
logdata = dict()
logdata['applier'] = applier_name
logdata['exception'] = str(exc)
logdata = {'applier': applier_name, 'exception': str(exc)}
log('E19', logdata)
try:
with_privileges(self.username, lambda: apply_user_context(self.user_appliers))
except Exception as exc:
logdata = dict()
logdata['username'] = self.username
logdata['exception'] = str(exc)
logdata = {'username': self.username, 'exception': str(exc)}
log('E30', logdata)
else:
for applier_name, applier_object in self.user_appliers.items():
try:
applier_object.user_context_apply()
except Exception as exc:
logdata = dict({'applier_name': applier_name, 'message': str(exc)})
logdata = {'applier_name': applier_name, 'message': str(exc)}
log('E11', logdata)
def apply_parameters(self):

39
gpoa/frontend/gsettings_applier.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2024 BaseALT Ltd.
# Copyright (C) 2019-2025 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -40,10 +40,7 @@ def uri_fetch(schema, path, value, cache):
Function to fetch and cache uri
'''
retval = value
logdata = dict()
logdata['schema'] = schema
logdata['path'] = path
logdata['src'] = value
logdata = {'schema': schema, 'path': path, 'src': value}
try:
retval = cache.get(value)
if not retval:
@@ -78,7 +75,7 @@ class gsettings_applier(applier_frontend):
self.override_file = os.path.join(self.__global_schema, self.__override_priority_file)
self.override_old_file = os.path.join(self.__global_schema, self.__override_old_file)
self.gsettings = system_gsettings(self.override_file)
self.locks = dict()
self.locks = {}
self.__module_enabled = check_enabled(
self.storage
, self.__module_name
@@ -89,8 +86,7 @@ class gsettings_applier(applier_frontend):
try:
self.file_cache.store(data)
except Exception as exc:
logdata = dict()
logdata['exception'] = str(exc)
logdata = {'exception': str(exc)}
log('D145', logdata)
def uri_fetch_helper(self, schema, path, value):
@@ -158,10 +154,9 @@ class GSettingsMapping:
self.gsettings_schema_key = self.schema.get_key(self.gsettings_key)
self.gsettings_type = self.gsettings_schema_key.get_value_type()
except Exception as exc:
logdata = dict()
logdata['hive_key'] = self.hive_key
logdata['gsettings_schema'] = self.gsettings_schema
logdata['gsettings_key'] = self.gsettings_key
logdata = {'hive_key': self.hive_key,
'gsettings_schema': self.gsettings_schema,
'gsettings_key': self.gsettings_key}
log('W6', logdata)
def preg2gsettings(self):
@@ -185,19 +180,18 @@ class gsettings_applier_user(applier_frontend):
__wallpaper_entry = 'Software/BaseALT/Policies/gsettings/org.mate.background.picture-filename'
__vino_authentication_methods_entry = 'Software/BaseALT/Policies/gsettings/org.gnome.Vino.authentication-methods'
def __init__(self, storage, file_cache, sid, username):
def __init__(self, storage, file_cache, username):
self.storage = storage
self.file_cache = file_cache
self.sid = sid
self.username = username
gsettings_filter = '{}%'.format(self.__registry_branch)
self.gsettings_keys = self.storage.filter_hkcu_entries(self.sid, gsettings_filter)
self.gsettings_keys = self.storage.filter_hkcu_entries(gsettings_filter)
self.gsettings = user_gsettings()
self.__module_enabled = check_enabled(self.storage, self.__module_name, self.__module_experimental)
self.__windows_mapping_enabled = check_windows_mapping_enabled(self.storage)
self.__windows_settings = dict()
self.windows_settings = list()
self.__windows_settings = {}
self.windows_settings = []
mapping = [
# Disable or enable screen saver
GSettingsMapping(
@@ -232,11 +226,9 @@ class gsettings_applier_user(applier_frontend):
def windows_mapping_append(self):
for setting_key in self.__windows_settings.keys():
value = self.storage.get_hkcu_entry(self.sid, setting_key)
value = self.storage.get_hkcu_entry(setting_key)
if value:
logdata = dict()
logdata['setting_key'] = setting_key
logdata['value.data'] = value.data
logdata = {'setting_key': setting_key, 'value.data': value.data}
log('D86', logdata)
mapping = self.__windows_settings[setting_key]
try:
@@ -280,14 +272,13 @@ class gsettings_applier_user(applier_frontend):
# Cache files on remote locations
try:
entry = self.__wallpaper_entry
filter_result = self.storage.get_hkcu_entry(self.sid, entry)
filter_result = self.storage.get_hkcu_entry(entry)
if filter_result and filter_result.data:
self.file_cache.store(filter_result.data)
except NotUNCPathError:
...
except Exception as exc:
logdata = dict()
logdata['exception'] = str(exc)
logdata = {'exception': str(exc)}
log('E50', logdata)

20
gpoa/frontend/ini_applier.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2024 BaseALT Ltd.
# Copyright (C) 2019-2025 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -26,13 +26,12 @@ from util.logging import log
class ini_applier(applier_frontend):
__module_name = 'InifilesApplier'
__module_experimental = True
__module_enabled = False
__module_experimental = False
__module_enabled = True
def __init__(self, storage, sid):
def __init__(self, storage):
self.storage = storage
self.sid = sid
self.inifiles_info = self.storage.get_ini(self.sid)
self.inifiles_info = self.storage.get_ini()
self.__module_enabled = check_enabled(self.storage, self.__module_name, self.__module_experimental)
def run(self):
@@ -48,14 +47,13 @@ class ini_applier(applier_frontend):
class ini_applier_user(applier_frontend):
__module_name = 'InifilesApplierUser'
__module_experimental = True
__module_enabled = False
__module_experimental = False
__module_enabled = True
def __init__(self, storage, sid, username):
self.sid = sid
def __init__(self, storage, username):
self.username = username
self.storage = storage
self.inifiles_info = self.storage.get_ini(self.sid)
self.inifiles_info = self.storage.get_ini()
self.__module_enabled = check_enabled(
self.storage
, self.__module_name

44
gpoa/frontend/kde_applier.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2024 BaseALT Ltd.
# Copyright (C) 2019-2025 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -67,10 +67,9 @@ class kde_applier_user(applier_frontend):
__hkcu_lock_branch = 'Software/BaseALT/Policies/KDELocks'
__plasma_update_entry = 'Software/BaseALT/Policies/KDE/Plasma/Update'
def __init__(self, storage, sid=None, username=None, file_cache = None):
def __init__(self, storage, username=None, file_cache = None):
self.storage = storage
self.username = username
self.sid = sid
self.file_cache = file_cache
self.locks_dict = {}
self.locks_data_dict = {}
@@ -78,10 +77,10 @@ class kde_applier_user(applier_frontend):
kde_applier_user.kde_version = get_kde_version()
kde_filter = '{}%'.format(self.__hkcu_branch)
locks_filter = '{}%'.format(self.__hkcu_lock_branch)
self.locks_settings = self.storage.filter_hkcu_entries(self.sid, locks_filter)
self.locks_settings = self.storage.filter_hkcu_entries(locks_filter)
self.plasma_update = self.storage.get_entry(self.__plasma_update_entry)
self.plasma_update_flag = self.plasma_update.data if self.plasma_update is not None else 0
self.kde_settings = self.storage.filter_hkcu_entries(self.sid, kde_filter)
self.kde_settings = self.storage.filter_hkcu_entries(kde_filter)
self.__module_enabled = check_enabled(
self.storage,
self.__module_name,
@@ -97,8 +96,7 @@ class kde_applier_user(applier_frontend):
break
self.file_cache.store(data)
except Exception as exc:
logdata = dict()
logdata['exc'] = exc
logdata = {'exc': exc}
def user_context_apply(self):
'''
@@ -154,16 +152,15 @@ def create_dict(kde_settings, all_kde_settings, locks_settings, locks_dict, file
else:
all_kde_settings.setdefault(file_name, {}).setdefault(section, {})[value] = data
except Exception as exc:
logdata = dict()
logdata['file_name'] = file_name
logdata['section'] = section
logdata['value'] = value
logdata['data'] = data
logdata['exc'] = exc
logdata = {'file_name': file_name,
'section': section,
'value': value,
'data': data,
'exc': exc}
log('W16', logdata)
def apply(all_kde_settings, locks_dict, username = None):
logdata = dict()
logdata = {}
modified_files = set()
if username is None:
system_path_settings = '/etc/xdg/'
@@ -231,7 +228,7 @@ def apply(all_kde_settings, locks_dict, username = None):
env_path["PATH"] = "/usr/lib/kf5/bin:/usr/bin"
subprocess.run(command, check=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, env=env_path)
except:
logdata['command'] = command
logdata = {'command': command}
log('W22', logdata)
new_content = []
file_path = f'{get_homedir(username)}/.config/{file_name}'
@@ -264,15 +261,14 @@ def clear_locks_settings(username, file_name, key):
file.write(line)
for line in lines:
if f'{key}[$i]=' in line:
logdata = dict()
logdata['line'] = line.strip()
logdata = {'line': line.strip()}
log('I10', logdata)
def apply_for_wallpaper(data, file_cache, username, plasmaupdate):
'''
Method to change wallpaper
'''
logdata = dict()
logdata = {}
path_to_wallpaper = f'{get_homedir(username)}/.config/plasma-org.kde.plasma.desktop-appletsrc'
id_desktop = get_id_desktop(path_to_wallpaper)
try:
@@ -318,18 +314,18 @@ def apply_for_wallpaper(data, file_cache, username, plasmaupdate):
try:
subprocess.run(command, check=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, env=env_path)
except:
logdata['command'] = command
logdata = {'command': command}
log('E68', logdata)
if plasmaupdate == 1:
call_dbus_method("wallpaper")
else:
logdata['file'] = path_to_wallpaper
logdata = {'file': path_to_wallpaper}
log('W21', logdata)
except OSError as exc:
logdata['exc'] = exc
logdata = {'exc': exc}
log('W17', logdata)
except Exception as exc:
logdata['exc'] = exc
logdata = {'exc': exc}
log('E67', logdata)
def get_id_desktop(path_to_wallpaper):
@@ -360,8 +356,8 @@ def call_dbus_method(file_name):
getattr(dbus_iface, config['dbus_method'])(*config['dbus_args'])
else:
getattr(dbus_iface, config['dbus_method'])()
except dbus.exceptions.DBusException as e:
logdata = dict({'error': str(exc)})
except dbus.exceptions.DBusException as exc:
logdata = {'error': str(exc)}
log('E31', logdata)
else:
pass

174
gpoa/frontend/laps_applier.py
View File

@@ -33,6 +33,16 @@ import os
import psutil
from util.logging import log
import logging
import re
from datetime import timezone
from dateutil import tz
_DATEUTIL_AVAILABLE = False
try:
from dateutil import tz
_DATEUTIL_AVAILABLE = True
except ImportError:
pass
class laps_applier(applier_frontend):
"""
@@ -134,7 +144,7 @@ class laps_applier(applier_frontend):
self.post_authentication_actions = self.config.get('PostAuthenticationActions', 3)
self.post_authentication_reset_delay = self.config.get('PostAuthenticationResetDelay', 24)
name = self.config.get('AdministratorAccountName', 'root')
if check_local_user_exists(name):
if name and check_local_user_exists(name):
self.target_user = name
else:
log('W36')
@@ -148,8 +158,8 @@ class laps_applier(applier_frontend):
Returns:
bool: True if requirements are met, False otherwise
"""
if self.backup_directory != 2 and self.encryption_enabled == 1:
logdata = dict()
if self.backup_directory != 2 or not self.encryption_enabled:
logdata = {}
logdata['backup_directory'] = self.backup_directory
logdata['encryption_enabled'] = self.encryption_enabled
log('D223', logdata)
@@ -174,7 +184,7 @@ class laps_applier(applier_frontend):
self.expiration_time_attr = self._get_expiration_time_attr()
self.pass_last_mod_int = self._read_dconf_pass_last_mod()
self.encryption_principal = self._get_encryption_principal()
self.last_login_hours_ago = self._get_last_login_hours_ago()
self.last_login_hours_ago = self._get_admin_login_hours_ago_after_timestamp()
def _get_computer_dn(self):
"""
@@ -225,7 +235,7 @@ class laps_applier(applier_frontend):
return principal_name
except subprocess.CalledProcessError:
# Fallback to admin group SID
logdata = dict()
logdata = {}
logdata['principal_name'] = principal_name
log('W30', logdata)
return self.admin_group_sid
@@ -275,8 +285,7 @@ class laps_applier(applier_frontend):
)
return int(res[0].get(self._ATTR_PASSWORD_EXPIRATION_TIME, 0)[0])
except Exception as exc:
logdata = dict()
logdata['exc'] = exc
logdata = {'exc': exc}
log('W31', logdata)
return 0
@@ -295,8 +304,7 @@ class laps_applier(applier_frontend):
).strip().strip("'\"")
return int(last_modified)
except Exception as exc:
logdata = dict()
logdata['exc'] = exc
logdata = {'exc': exc}
log('W32', logdata)
return self.current_time_int
@@ -314,8 +322,7 @@ class laps_applier(applier_frontend):
subprocess.check_output(['dconf', 'write', key_path, last_modified])
log('D222')
except Exception as exc:
logdata = dict()
logdata['exc'] = exc
logdata = {'exc': exc}
log('W28', logdata)
def _ensure_dbus_session(self):
@@ -330,41 +337,6 @@ class laps_applier(applier_frontend):
dbus_address = result.stdout.strip()
os.environ["DBUS_SESSION_BUS_ADDRESS"] = dbus_address
def _get_last_login_hours_ago(self):
"""
Get the number of hours since the user's last login.
Returns:
int: Hours since last login, or 0 if error or no login found
"""
logdata = dict()
logdata['target_user'] = self.target_user
try:
output = subprocess.check_output(
["last", "-n", "1", self.target_user],
env={'LANG':'C'},
text=True
).split("\n")[0]
parts = output.split()
if len(parts) < 7:
return 0
# Parse login time
login_str = f"{parts[4]} {parts[5]} {parts[6]}"
last_login_time = datetime.strptime(login_str, "%b %d %H:%M")
last_login_time = last_login_time.replace(year=datetime.now().year)
# Calculate hours difference
time_diff = datetime.now() - last_login_time
hours_ago = int(time_diff.total_seconds() // 3600)
logdata['hours_ago'] = hours_ago
log('D224', logdata)
return hours_ago
except Exception as exc:
logdata['exc'] = exc
log('W33', logdata)
return 0
def _get_changed_password_hours_ago(self):
"""
@@ -373,7 +345,7 @@ class laps_applier(applier_frontend):
Returns:
int: Hours since password was last changed, or 0 if error
"""
logdata = dict()
logdata = {}
logdata['target_user'] = self.target_user
try:
diff_time = self.current_time_int - self.pass_last_mod_int
@@ -383,7 +355,7 @@ class laps_applier(applier_frontend):
log('D225', logdata)
return hours_ago
except Exception as exc:
logdata['exc'] = exc
logdata = {'exc': exc}
log('W34', logdata)
return 0
@@ -495,8 +467,7 @@ class laps_applier(applier_frontend):
Returns:
bool: True if password was changed successfully, False otherwise
"""
logdata = dict()
logdata['target_use'] = self.target_user
logdata = {'target_user': self.target_user}
try:
# Use chpasswd to change the password
process = subprocess.Popen(
@@ -511,7 +482,7 @@ class laps_applier(applier_frontend):
log('D221', logdata)
return True
except Exception as exc:
logdata['exc'] = exc
logdata = {'exc': exc}
log('W27', logdata)
return False
@@ -525,8 +496,7 @@ class laps_applier(applier_frontend):
Returns:
bool: True if LDAP was updated successfully, False otherwise
"""
logdata = dict()
logdata['computer_dn'] = self.computer_dn
logdata = {'computer_dn': self.computer_dn}
try:
# Create LDAP modification message
mod_msg = ldb.Message()
@@ -551,7 +521,7 @@ class laps_applier(applier_frontend):
log('D226', logdata)
return True
except Exception as exc:
logdata['exc'] = exc
logdata = {'exc': exc}
log('E75', logdata)
return False
@@ -627,8 +597,7 @@ class laps_applier(applier_frontend):
"""
# Get active sessions for the target user
user_sessions = [user for user in psutil.users() if user.name == self.target_user]
logdata = dict()
logdata['target_user'] = self.target_user
logdata = {'target_user': self.target_user}
if not user_sessions:
log('D227', logdata)
return
@@ -683,7 +652,6 @@ class laps_applier(applier_frontend):
if perform_post_action:
self._perform_post_action()
def apply(self):
"""
Main entry point for the LAPS applier.
@@ -693,3 +661,95 @@ class laps_applier(applier_frontend):
self.update_laps_password()
else:
log('D219')
def _parse_login_time_from_last_line(self, line: str) -> datetime:
match_login_dt = re.search(
r"((?:Mon|Tue|Wed|Thu|Fri|Sat|Sun)\s+\w{3}\s+\d{1,2}\s+\d{2}:\d{2}:\d{2}\s+\d{4})",
line
)
if not match_login_dt:
return None
login_dt_str = match_login_dt.group(1)
try:
dt_naive = datetime.strptime(login_dt_str, "%a %b %d %H:%M:%S %Y")
login_dt_utc: datetime
if _DATEUTIL_AVAILABLE:
local_tz = tz.tzlocal()
dt_local = dt_naive.replace(tzinfo=local_tz)
login_dt_utc = dt_local.astimezone(timezone.utc)
else:
system_local_tz = datetime.now().astimezone().tzinfo
if system_local_tz:
dt_local = dt_naive.replace(tzinfo=system_local_tz)
login_dt_utc = dt_local.astimezone(timezone.utc)
else:
login_dt_utc = dt_naive.replace(tzinfo=timezone.utc)
log('W38')
return login_dt_utc
except ValueError:
return None
def _get_user_login_datetimes_utc(self) -> list[datetime]:
command = ["last", "-F", "-w", self.target_user]
env = os.environ.copy()
env["LC_TIME"] = "C"
login_datetimes = []
try:
process = subprocess.run(command, capture_output=True, text=True, check=False, env=env)
if process.returncode != 0 and not ("no login record" in process.stderr.lower() or "no users logged in" in process.stdout.lower()):
log('W39')
return []
output_lines = process.stdout.splitlines()
except FileNotFoundError:
log('W40')
return []
except Exception as e:
log('W41')
return []
for line in output_lines:
if not line.strip() or "wtmp begins" in line or "btmp begins" in line:
continue
if not line.startswith(self.target_user):
continue
login_dt_utc = self._parse_login_time_from_last_line(line)
if login_dt_utc:
login_datetimes.append(login_dt_utc)
return login_datetimes
def _get_admin_login_hours_ago_after_timestamp(self) -> int:
# Convert Windows FileTime to datetime
reference_dt_utc = datetime.fromtimestamp(
(self.pass_last_mod_int / self._HUNDREDS_OF_NANOSECONDS) - self._EPOCH_TIMESTAMP,
tz=timezone.utc
)
if not (reference_dt_utc.tzinfo is timezone.utc or
(reference_dt_utc.tzinfo is not None and reference_dt_utc.tzinfo.utcoffset(reference_dt_utc) == timedelta(0))):
log('W42')
return 0
user_login_times_utc = self._get_user_login_datetimes_utc()
if not user_login_times_utc:
log('D232')
return 0
most_recent_login_after_reference_utc = None
for login_time_utc in user_login_times_utc[::-1]:
if login_time_utc >= reference_dt_utc:
most_recent_login_after_reference_utc = login_time_utc
break
if most_recent_login_after_reference_utc:
now_utc = datetime.now(timezone.utc)
time_delta_seconds = (now_utc - most_recent_login_after_reference_utc).total_seconds()
hours_ago = int(time_delta_seconds / 3600.0)
log('D233')
return hours_ago
else:
log('D234')
return 0

7
gpoa/frontend/networkshare_applier.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2022 BaseALT Ltd.
# Copyright (C) 2019-2025 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -29,11 +29,10 @@ class networkshare_applier(applier_frontend):
__module_experimental = True
__module_enabled = False
def __init__(self, storage, sid, username = None):
def __init__(self, storage, username = None):
self.storage = storage
self.sid = sid
self.username = username
self.networkshare_info = self.storage.get_networkshare(self.sid)
self.networkshare_info = self.storage.get_networkshare()
self.__module_enabled = check_enabled(self.storage, self.__module_name, self.__module_experimental)
self.__module_enabled_user = check_enabled(self.storage, self.__module_name_user, self.__module_experimental)

9
gpoa/frontend/ntp_applier.py
View File

@@ -77,8 +77,7 @@ class ntp_applier(applier_frontend):
srv = None
if server:
srv = server.data.rpartition(',')[0]
logdata = dict()
logdata['srv'] = srv
logdata = {'srv': srv}
log('D122', logdata)
start_command = ['/usr/bin/systemctl', 'start', 'chronyd']
@@ -92,8 +91,7 @@ class ntp_applier(applier_frontend):
proc.wait()
if srv:
logdata = dict()
logdata['srv'] = srv
logdata = {'srv': srv}
log('D124', logdata)
proc = subprocess.Popen(chrony_disconnect_all)
@@ -119,8 +117,7 @@ class ntp_applier(applier_frontend):
if server_type and server_type.data:
if NTPServerType.NTP.value != server_type.data:
logdata = dict()
logdata['server_type'] = server_type
logdata = {'server_type': server_type}
log('W10', logdata)
else:
log('D126')

35
gpoa/frontend/package_applier.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2024 BaseALT Ltd.
# Copyright (C) 2019-2025 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -27,8 +27,8 @@ from .applier_frontend import (
class package_applier(applier_frontend):
__module_name = 'PackagesApplier'
__module_experimental = True
__module_enabled = False
__module_experimental = False
__module_enabled = True
__install_key_name = 'Install'
__remove_key_name = 'Remove'
__sync_key_name = 'Sync'
@@ -40,7 +40,7 @@ class package_applier(applier_frontend):
install_branch = '{}\\{}%'.format(self.__hklm_branch, self.__install_key_name)
remove_branch = '{}\\{}%'.format(self.__hklm_branch, self.__remove_key_name)
sync_branch = '{}\\{}%'.format(self.__hklm_branch, self.__sync_key_name)
self.fulcmd = list()
self.fulcmd = []
self.fulcmd.append('/usr/libexec/gpupdate/pkcon_runner')
self.fulcmd.append('--loglevel')
logger = logging.getLogger()
@@ -64,15 +64,13 @@ class package_applier(applier_frontend):
try:
subprocess.check_call(self.fulcmd)
except Exception as exc:
logdata = dict()
logdata['msg'] = str(exc)
logdata = {'msg': str(exc)}
log('E55', logdata)
else:
try:
subprocess.Popen(self.fulcmd,close_fds=False)
except Exception as exc:
logdata = dict()
logdata['msg'] = str(exc)
logdata = {'msg': str(exc)}
log('E61', logdata)
def apply(self):
@@ -85,18 +83,17 @@ class package_applier(applier_frontend):
class package_applier_user(applier_frontend):
__module_name = 'PackagesApplierUser'
__module_experimental = True
__module_enabled = False
__module_experimental = False
__module_enabled = True
__install_key_name = 'Install'
__remove_key_name = 'Remove'
__sync_key_name = 'Sync'
__hkcu_branch = 'Software\\BaseALT\\Policies\\Packages'
def __init__(self, storage, sid, username):
def __init__(self, storage, username):
self.storage = storage
self.sid = sid
self.username = username
self.fulcmd = list()
self.fulcmd = []
self.fulcmd.append('/usr/libexec/gpupdate/pkcon_runner')
self.fulcmd.append('--user')
self.fulcmd.append(self.username)
@@ -108,9 +105,9 @@ class package_applier_user(applier_frontend):
remove_branch = '{}\\{}%'.format(self.__hkcu_branch, self.__remove_key_name)
sync_branch = '{}\\{}%'.format(self.__hkcu_branch, self.__sync_key_name)
self.install_packages_setting = self.storage.filter_hkcu_entries(self.sid, install_branch)
self.remove_packages_setting = self.storage.filter_hkcu_entries(self.sid, remove_branch)
self.sync_packages_setting = self.storage.filter_hkcu_entries(self.sid, sync_branch)
self.install_packages_setting = self.storage.filter_hkcu_entries(install_branch)
self.remove_packages_setting = self.storage.filter_hkcu_entries(remove_branch)
self.sync_packages_setting = self.storage.filter_hkcu_entries(sync_branch)
self.flagSync = False
self.__module_enabled = check_enabled(self.storage, self.__module_name, self.__module_experimental)
@@ -131,15 +128,13 @@ class package_applier_user(applier_frontend):
try:
subprocess.check_call(self.fulcmd)
except Exception as exc:
logdata = dict()
logdata['msg'] = str(exc)
logdata = {'msg': str(exc)}
log('E60', logdata)
else:
try:
subprocess.Popen(self.fulcmd,close_fds=False)
except Exception as exc:
logdata = dict()
logdata['msg'] = str(exc)
logdata = {'msg': str(exc)}
log('E62', logdata)
def admin_context_apply(self):

13
gpoa/frontend/polkit_applier.py
View File

@@ -53,7 +53,7 @@ class polkit_applier(applier_frontend):
template_vars_all = self.__polkit_map[self.__registry_branch][1]
template_file_all_lock = self.__polkit_map[self.__registry_locks_branch][0]
template_vars_all_lock = self.__polkit_map[self.__registry_locks_branch][1]
locks = list()
locks = []
for lock in self.polkit_locks:
if bool(int(lock.data)):
locks.append(lock.valuename)
@@ -77,7 +77,7 @@ class polkit_applier(applier_frontend):
self.__polkit_map[self.__registry_locks_branch][1][key] = item[1]
if deny_all_win:
logdata = dict()
logdata = {}
logdata['Deny_All_win'] = deny_all_win.data
log('D69', logdata)
self.__polkit_map[self.__deny_all_win][1]['Deny_All'] = deny_all_win.data
@@ -115,15 +115,14 @@ class polkit_applier_user(applier_frontend):
__registry_branch : ['48-alt_group_policy_permissions_user', {'User': ''}]
}
def __init__(self, storage, sid, username):
def __init__(self, storage, username):
self.storage = storage
self.sid = sid
self.username = username
deny_all_win = None
if check_windows_mapping_enabled(self.storage):
deny_all_win = storage.filter_hkcu_entries(self.sid, self.__deny_all_win).first()
deny_all_win = storage.filter_hkcu_entries(self.__deny_all_win).first()
polkit_filter = '{}%'.format(self.__registry_branch)
self.polkit_keys = self.storage.filter_hkcu_entries(self.sid, polkit_filter)
self.polkit_keys = self.storage.filter_hkcu_entries(polkit_filter)
# Deny_All hook: initialize defaults
template_file = self.__polkit_map[self.__deny_all_win][0]
template_vars = self.__polkit_map[self.__deny_all_win][1]
@@ -146,7 +145,7 @@ class polkit_applier_user(applier_frontend):
self.__polkit_map[self.__registry_branch][1][key] = item
if deny_all_win:
logdata = dict()
logdata = {}
logdata['user'] = self.username
logdata['Deny_All_win'] = deny_all_win.data
log('D70', logdata)

30
gpoa/frontend/scripts_applier.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2022 BaseALT Ltd.
# Copyright (C) 2019-2025 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -29,15 +29,14 @@ from .applier_frontend import (
class scripts_applier(applier_frontend):
__module_name = 'ScriptsApplier'
__module_experimental = True
__module_enabled = False
__module_experimental = False
__module_enabled = True
__cache_scripts = '/var/cache/gpupdate_scripts_cache/machine/'
def __init__(self, storage, sid):
def __init__(self, storage):
self.storage = storage
self.sid = sid
self.startup_scripts = self.storage.get_scripts(self.sid, 'STARTUP')
self.shutdown_scripts = self.storage.get_scripts(self.sid, 'SHUTDOWN')
self.startup_scripts = self.storage.get_scripts('STARTUP')
self.shutdown_scripts = self.storage.get_scripts('SHUTDOWN')
self.folder_path = Path(self.__cache_scripts)
self.__module_enabled = check_enabled(self.storage
, self.__module_name
@@ -51,8 +50,7 @@ class scripts_applier(applier_frontend):
except FileNotFoundError as exc:
log('D154')
except Exception as exc:
logdata = dict()
logdata['exc'] = exc
logdata = {'exc': exc}
log('E64', logdata)
def filling_cache(self):
@@ -80,15 +78,14 @@ class scripts_applier(applier_frontend):
class scripts_applier_user(applier_frontend):
__module_name = 'ScriptsApplierUser'
__module_experimental = True
__module_enabled = False
__module_experimental = False
__module_enabled = True
__cache_scripts = '/var/cache/gpupdate_scripts_cache/users/'
def __init__(self, storage, sid, username):
def __init__(self, storage, username):
self.storage = storage
self.sid = sid
self.logon_scripts = self.storage.get_scripts(self.sid, 'LOGON')
self.logoff_scripts = self.storage.get_scripts(self.sid, 'LOGOFF')
self.logon_scripts = self.storage.get_scripts('LOGON')
self.logoff_scripts = self.storage.get_scripts('LOGOFF')
self.username = username
self.folder_path = Path(self.__cache_scripts + self.username)
self.__module_enabled = check_enabled(self.storage
@@ -103,8 +100,7 @@ class scripts_applier_user(applier_frontend):
except FileNotFoundError as exc:
log('D155')
except Exception as exc:
logdata = dict()
logdata['exc'] = exc
logdata = {'exc': exc}
log('E65', logdata)
def filling_cache(self):

47
gpoa/frontend/shortcut_applier.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2024 BaseALT Ltd.
# Copyright (C) 2019-2025 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -31,12 +31,12 @@ from util.util import (
)
from gpt.shortcuts import shortcut, get_ttype
def storage_get_shortcuts(storage, sid, username=None, shortcuts_machine=None):
def storage_get_shortcuts(storage, username=None, shortcuts_machine=None):
'''
Query storage for shortcuts' rows for specified SID.
Query storage for shortcuts' rows for username.
'''
shortcut_objs = storage.get_shortcuts(sid)
shortcuts = list()
shortcut_objs = storage.get_shortcuts()
shortcuts = []
if username and shortcuts_machine:
shortcut_objs += shortcuts_machine
@@ -56,9 +56,7 @@ def apply_shortcut(shortcut, username=None):
dest_abspath = shortcut.dest
if not dest_abspath.startswith('/') and not dest_abspath.startswith('%'):
dest_abspath = '%HOME%/' + dest_abspath
logdata = dict()
logdata['shortcut'] = dest_abspath
logdata['for'] = username
logdata = {'shortcut': dest_abspath, 'for': username}
log('D105', logdata)
dest_abspath = expand_windows_var(dest_abspath, username).replace('\\', '/') + '.desktop'
@@ -69,31 +67,24 @@ def apply_shortcut(shortcut, username=None):
if dest_abspath.startswith(get_homedir(username)):
# Don't try to operate on non-existent directory
if not homedir_exists(username):
logdata = dict()
logdata['user'] = username
logdata['dest_abspath'] = dest_abspath
logdata = {'user': username, 'dest_abspath': dest_abspath}
log('W7', logdata)
return None
else:
logdata = dict()
logdata['user'] = username
logdata['bad path'] = dest_abspath
logdata = {'user': username, 'bad path': dest_abspath}
log('W8', logdata)
return None
if '%' in dest_abspath:
logdata = dict()
logdata['dest_abspath'] = dest_abspath
logdata = {'dest_abspath': dest_abspath}
log('E53', logdata)
return None
if not dest_abspath.startswith('/'):
logdata = dict()
logdata['dest_abspath'] = dest_abspath
logdata = {'dest_abspath': dest_abspath}
log('E54', logdata)
return None
logdata = dict()
logdata['file'] = dest_abspath
logdata = {'file': dest_abspath}
logdata['with_action'] = shortcut.action
log('D106', logdata)
shortcut.apply_desktop(dest_abspath)
@@ -112,7 +103,7 @@ class shortcut_applier(applier_frontend):
)
def run(self):
shortcuts = storage_get_shortcuts(self.storage, self.storage.get_info('machine_sid'))
shortcuts = storage_get_shortcuts(self.storage)
if shortcuts:
for sc in shortcuts:
apply_shortcut(sc)
@@ -123,9 +114,7 @@ class shortcut_applier(applier_frontend):
# /usr/local/share/applications
subprocess.check_call(['/usr/bin/update-desktop-database'])
else:
logdata = dict()
logdata['machine_sid'] = self.storage.get_info('machine_sid')
log('D100', logdata)
log('D100')
def apply(self):
if self.__module_enabled:
@@ -141,14 +130,13 @@ class shortcut_applier_user(applier_frontend):
__REGISTRY_PATH_SHORTCATSMERGE= '/Software/BaseALT/Policies/GPUpdate/ShortcutsMerge'
__DCONF_REGISTRY_PATH_PREFERENCES_MACHINE = 'Software/BaseALT/Policies/Preferences/Machine'
def __init__(self, storage, sid, username):
def __init__(self, storage, username):
self.storage = storage
self.sid = sid
self.username = username
self.__module_enabled = check_enabled(self.storage, self.__module_name, self.__module_experimental)
def get_machine_shortcuts(self):
result = list()
result = []
try:
storage_machine_dict = self.storage.get_dictionary_from_dconf_file_db()
machine_shortcuts = storage_machine_dict.get(
@@ -177,7 +165,7 @@ class shortcut_applier_user(applier_frontend):
shortcuts_machine = None
if self.check_enabled_shortcuts_merge():
shortcuts_machine = self.get_machine_shortcuts()
shortcuts = storage_get_shortcuts(self.storage, self.sid, self.username, shortcuts_machine)
shortcuts = storage_get_shortcuts(self.storage, self.username, shortcuts_machine)
if shortcuts:
for sc in shortcuts:
@@ -186,8 +174,7 @@ class shortcut_applier_user(applier_frontend):
if not in_usercontext and not sc.is_usercontext():
apply_shortcut(sc, self.username)
else:
logdata = dict()
logdata['sid'] = self.sid
logdata = {'username': self.username}
log('D100', logdata)
def user_context_apply(self):

14
gpoa/frontend/systemd_applier.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2024 BaseALT Ltd.
# Copyright (C) 2019-2025 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -44,20 +44,16 @@ class systemd_applier(applier_frontend):
for setting in self.systemd_unit_settings:
try:
self.units.append(systemd_unit(setting.valuename, int(setting.data)))
logdata = dict()
logdata['unit'] = format(setting.valuename)
logdata = {'unit': format(setting.valuename)}
log('I4', logdata)
except Exception as exc:
logdata = dict()
logdata['unit'] = format(setting.valuename)
logdata['exc'] = exc
logdata = {'unit': format(setting.valuename), 'exc': exc}
log('I5', logdata)
for unit in self.units:
try:
unit.apply()
except:
logdata = dict()
logdata['unit'] = unit.unit_name
logdata = {'unit': unit.unit_name}
log('E45', logdata)
def apply(self):
@@ -76,7 +72,7 @@ class systemd_applier_user(applier_frontend):
__module_enabled = True
__registry_branch = 'Software/BaseALT/Policies/SystemdUnits'
def __init__(self, storage, sid, username):
def __init__(self, storage, username):
self.storage = storage
def user_context_apply(self):

14
gpoa/frontend/thunderbird_applier.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2024 BaseALT Ltd.
# Copyright (C) 2024-2025 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -32,15 +32,14 @@ class thunderbird_applier(applier_frontend):
__registry_branch = 'Software/Policies/Mozilla/Thunderbird'
__thunderbird_policies = '/etc/thunderbird/policies'
def __init__(self, storage, sid, username):
def __init__(self, storage, username):
self.storage = storage
self.sid = sid
self.username = username
self._is_machine_name = is_machine_name(self.username)
self.policies = dict()
self.policies_json = dict({ 'policies': self.policies })
self.policies = {}
self.policies_json = {'policies': self.policies}
self.thunderbird_keys = self.storage.filter_hklm_entries(self.__registry_branch)
self.policies_gen = dict()
self.policies_gen = {}
self.__module_enabled = check_enabled(
self.storage
, self.__module_name
@@ -58,8 +57,7 @@ class thunderbird_applier(applier_frontend):
os.makedirs(self.__thunderbird_policies, exist_ok=True)
with open(destfile, 'w') as f:
json.dump(self.policies_json, f)
logdata = dict()
logdata['destfile'] = destfile
logdata = {'destfile': destfile}
log('D212', logdata)
def apply(self):

19
gpoa/frontend/yandex_browser_applier.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2024 BaseALT Ltd.
# Copyright (C) 2019-2025 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -34,14 +34,13 @@ class yandex_browser_applier(applier_frontend):
__managed_policies_path = '/etc/opt/yandex/browser/policies/managed'
__recommended_policies_path = '/etc/opt/yandex/browser/policies/recommended'
def __init__(self, storage, sid, username):
def __init__(self, storage, username):
self.storage = storage
self.sid = sid
self.username = username
self._is_machine_name = is_machine_name(self.username)
self.yandex_keys = self.storage.filter_hklm_entries(self.__registry_branch)
self.policies_json = dict()
self.policies_json = {}
self.__module_enabled = check_enabled(
self.storage
@@ -69,16 +68,14 @@ class yandex_browser_applier(applier_frontend):
os.makedirs(self.__managed_policies_path, exist_ok=True)
with open(destfile, 'w') as f:
json.dump(dict_item_to_list(self.policies_json), f)
logdata = dict()
logdata['destfile'] = destfile
logdata = {'destfile': destfile}
log('D185', logdata)
destfilerec = os.path.join(self.__recommended_policies_path, 'policies.json')
os.makedirs(self.__recommended_policies_path, exist_ok=True)
with open(destfilerec, 'w') as f:
json.dump(dict_item_to_list(recommended__json), f)
logdata = dict()
logdata['destfilerec'] = destfilerec
logdata = {'destfilerec': destfilerec}
log('D185', logdata)
@@ -159,7 +156,7 @@ class yandex_browser_applier(applier_frontend):
'''
Collect dictionaries from registry keys into a general dictionary
'''
counts = dict()
counts = {}
#getting the list of keys to read as an integer
valuename_typeint = self.get_valuename_typeint()
for it_data in yandex_keys:
@@ -187,9 +184,7 @@ class yandex_browser_applier(applier_frontend):
branch[parts[-1]] = str(it_data.data).replace('\\', '/')
except Exception as exc:
logdata = dict()
logdata['Exception'] = exc
logdata['keyname'] = it_data.keyname
logdata = {'Exception': exc, 'keyname': it_data.keyname}
log('D178', logdata)
try:
self.policies_json = counts['']

2
gpoa/gpoa
View File

@@ -153,8 +153,8 @@ class gpoa_controller:
try:
back.retrieve_and_store()
# Start frontend only on successful backend finish
self.start_frontend()
save_dconf(self.username, self.is_machine, nodomain)
self.start_frontend()
except Exception as exc:
logdata = dict({'message': str(exc)})
# In case we're handling "E3" - it means that

14
gpoa/gpt/drives.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
# Copyright (C) 2019-2025 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -47,7 +47,7 @@ def decrypt_pass(cpassword):
# decrypt() returns byte array which is immutable and we need to
# strip padding, then convert UTF-16LE to UTF-8
binstr = decrypter.decrypt(password)
by = list()
by = []
for item in binstr:
if item != 16:
by.append(item)
@@ -57,7 +57,7 @@ def decrypt_pass(cpassword):
return utf8str.decode()
def read_drives(drives_file):
drives = list()
drives = []
for drive in get_xml_root(drives_file):
drive_obj = drivemap()
@@ -78,9 +78,9 @@ def read_drives(drives_file):
return drives
def merge_drives(storage, sid, drive_objects, policy_name):
def merge_drives(storage, drive_objects, policy_name):
for drive in drive_objects:
storage.add_drive(sid, drive, policy_name)
storage.add_drive(drive, policy_name)
def json2drive(json_str):
json_obj = json.loads(json_str)
@@ -141,13 +141,13 @@ class drivemap(DynamicAttributes):
self.useLetter = useLetter
def to_json(self):
drive = dict()
drive = {}
drive['login'] = self.login
drive['password'] = self.password
drive['dir'] = self.dir
drive['path'] = self.path
contents = dict()
contents = {}
contents['drive'] = drive
return json.dumps(contents)

8
gpoa/gpt/envvars.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
# Copyright (C) 2019-2025 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -21,7 +21,7 @@ from .dynamic_attributes import DynamicAttributes
def read_envvars(envvars_file):
variables = list()
variables = []
for var in get_xml_root(envvars_file):
props = var.find('Properties')
@@ -34,9 +34,9 @@ def read_envvars(envvars_file):
return variables
def merge_envvars(storage, sid, envvar_objects, policy_name):
def merge_envvars(storage, envvar_objects, policy_name):
for envv in envvar_objects:
storage.add_envvar(sid, envv, policy_name)
storage.add_envvar(envv, policy_name)
class envvar(DynamicAttributes):
def __init__(self, name, value, action):

8
gpoa/gpt/files.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
# Copyright (C) 2019-2025 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -20,7 +20,7 @@ from util.xml import get_xml_root
from .dynamic_attributes import DynamicAttributes
def read_files(filesxml):
files = list()
files = []
for fil in get_xml_root(filesxml):
props = fil.find('Properties')
@@ -36,9 +36,9 @@ def read_files(filesxml):
return files
def merge_files(storage, sid, file_objects, policy_name):
def merge_files(storage, file_objects, policy_name):
for fileobj in file_objects:
storage.add_file(sid, fileobj, policy_name)
storage.add_file(fileobj, policy_name)
class fileentry(DynamicAttributes):
def __init__(self, fromPath):

8
gpoa/gpt/folders.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2024 BaseALT Ltd.
# Copyright (C) 2019-2025 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -40,7 +40,7 @@ def folder_int2bool(val):
def read_folders(folders_file):
folders = list()
folders = []
for fld in get_xml_root(folders_file):
props = fld.find('Properties')
@@ -57,9 +57,9 @@ def read_folders(folders_file):
return folders
def merge_folders(storage, sid, folder_objects, policy_name):
def merge_folders(storage, folder_objects, policy_name):
for folder in folder_objects:
storage.add_folder(sid, folder, policy_name)
storage.add_folder(folder, policy_name)
class folderentry(DynamicAttributes):

40
gpoa/gpt/gpt.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2024 BaseALT Ltd.
# Copyright (C) 2019-2025 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -110,7 +110,7 @@ def get_preftype(path_to_file):
return None
def pref_parsers():
parsers = dict()
parsers = {}
parsers[FileType.PREG] = read_polfile
parsers[FileType.SHORTCUTS] = read_shortcuts
@@ -132,7 +132,7 @@ def get_parser(preference_type):
return parsers[preference_type]
def pref_mergers():
mergers = dict()
mergers = {}
mergers[FileType.PREG] = merge_polfile
mergers[FileType.SHORTCUTS] = merge_shortcuts
@@ -154,11 +154,10 @@ def get_merger(preference_type):
return mergers[preference_type]
class gpt:
def __init__(self, gpt_path, sid, username='Machine', gpo_info=None):
def __init__(self, gpt_path, username='Machine', gpo_info=None):
add_to_dict(gpt_path, username, gpo_info)
self.path = gpt_path
self.username = username
self.sid = sid
self.storage = registry_factory()
self.storage._gpt_read_flag = True
self.gpo_info = gpo_info
@@ -185,18 +184,18 @@ class gpt:
, 'scripts'
, 'networkshares'
]
self.settings = dict()
self.settings['machine'] = dict()
self.settings['user'] = dict()
self.settings = {}
self.settings['machine'] = {}
self.settings['user'] = {}
self.settings['machine']['regpol'] = find_file(self._machine_path, 'registry.pol')
self.settings['user']['regpol'] = find_file(self._user_path, 'registry.pol')
for setting in self.settings_list:
machine_preffile = find_preffile(self._machine_path, setting)
user_preffile = find_preffile(self._user_path, setting)
mlogdata = dict({'setting': setting, 'prefpath': machine_preffile})
mlogdata = {'setting': setting, 'prefpath': machine_preffile}
log('D24', mlogdata)
self.settings['machine'][setting] = machine_preffile
ulogdata = dict({'setting': setting, 'prefpath': user_preffile})
ulogdata = {'setting': setting, 'prefpath': user_preffile}
log('D23', ulogdata)
self.settings['user'][setting] = user_preffile
@@ -217,21 +216,21 @@ class gpt:
try:
# Merge machine policies to registry if possible
if self.settings['machine']['regpol']:
mlogdata = dict({'polfile': self.settings['machine']['regpol']})
mlogdata = {'polfile': self.settings['machine']['regpol']}
log('D34', mlogdata)
util.preg.merge_polfile(self.settings['machine']['regpol'], policy_name=self.name, gpo_info=self.gpo_info)
# Merge machine preferences to registry if possible
for preference_name, preference_path in self.settings['machine'].items():
if preference_path:
preference_type = get_preftype(preference_path)
logdata = dict({'pref': preference_type.value, 'sid': self.sid})
logdata = {'pref': preference_type.value}
log('D28', logdata)
preference_parser = get_parser(preference_type)
preference_merger = get_merger(preference_type)
preference_objects = preference_parser(preference_path)
preference_merger(self.storage, self.sid, preference_objects, self.name)
preference_merger(self.storage, preference_objects, self.name)
except Exception as exc:
logdata = dict()
logdata = {}
logdata['gpt'] = self.name
logdata['msg'] = str(exc)
log('E28', logdata)
@@ -243,10 +242,9 @@ class gpt:
try:
# Merge user policies to registry if possible
if self.settings['user']['regpol']:
mulogdata = dict({'polfile': self.settings['user']['regpol']})
mulogdata = {'polfile': self.settings['user']['regpol']}
log('D35', mulogdata)
util.preg.merge_polfile(self.settings['user']['regpol'],
sid=self.sid,
policy_name=self.name,
username=self.username,
gpo_info=self.gpo_info)
@@ -254,14 +252,14 @@ class gpt:
for preference_name, preference_path in self.settings['user'].items():
if preference_path:
preference_type = get_preftype(preference_path)
logdata = dict({'pref': preference_type.value, 'sid': self.sid})
logdata = {'pref': preference_type.value}
log('D29', logdata)
preference_parser = get_parser(preference_type)
preference_merger = get_merger(preference_type)
preference_objects = preference_parser(preference_path)
preference_merger(self.storage, self.sid, preference_objects, self.name)
preference_merger(self.storage, preference_objects, self.name)
except Exception as exc:
logdata = dict()
logdata = {}
logdata['gpt'] = self.name
logdata['msg'] = str(exc)
log('E29', logdata)
@@ -354,13 +352,13 @@ def lp2gpt():
# Write PReg
polparser.write_binary(os.path.join(destdir, 'Registry.pol'))
def get_local_gpt(sid):
def get_local_gpt():
'''
Convert default policy to GPT and create object out of it.
'''
log('D25')
lp2gpt()
local_policy = gpt(str(local_policy_cache()), sid)
local_policy = gpt(str(local_policy_cache()))
local_policy.set_name('Local Policy')
return local_policy

8
gpoa/gpt/inifiles.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2024 BaseALT Ltd.
# Copyright (C) 2019-2025 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -20,7 +20,7 @@ from util.xml import get_xml_root
from .dynamic_attributes import DynamicAttributes
def read_inifiles(inifiles_file):
inifiles = list()
inifiles = []
for ini in get_xml_root(inifiles_file):
prors = ini.find('Properties')
@@ -34,9 +34,9 @@ def read_inifiles(inifiles_file):
return inifiles
def merge_inifiles(storage, sid, inifile_objects, policy_name):
def merge_inifiles(storage, inifile_objects, policy_name):
for iniobj in inifile_objects:
storage.add_ini(sid, iniobj, policy_name)
storage.add_ini(iniobj, policy_name)
class inifile(DynamicAttributes):
def __init__(self, path):

8
gpoa/gpt/networkshares.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2024 BaseALT Ltd.
# Copyright (C) 2019-2025 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -20,7 +20,7 @@ from util.xml import get_xml_root
from .dynamic_attributes import DynamicAttributes
def read_networkshares(networksharesxml):
networkshares = list()
networkshares = []
for share in get_xml_root(networksharesxml):
props = share.find('Properties')
@@ -35,9 +35,9 @@ def read_networkshares(networksharesxml):
return networkshares
def merge_networkshares(storage, sid, networkshares_objects, policy_name):
def merge_networkshares(storage, networkshares_objects, policy_name):
for networkshareobj in networkshares_objects:
storage.add_networkshare(sid, networkshareobj, policy_name)
storage.add_networkshare(networkshareobj, policy_name)
class networkshare(DynamicAttributes):
def __init__(self, name):

10
gpoa/gpt/polfile.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
# Copyright (C) 2019-2025 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -23,11 +23,7 @@ from util.preg import (
def read_polfile(filename):
return load_preg(filename).entries
def merge_polfile(storage, sid, policy_objects, policy_name):
def merge_polfile(storage, policy_objects, policy_name):
pass
# for entry in policy_objects:
# if not sid:
# storage.add_hklm_entry(entry, policy_name)
# else:
# storage.add_hkcu_entry(entry, sid, policy_name)

12
gpoa/gpt/printers.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2024 BaseALT Ltd.
# Copyright (C) 2019-2025 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -25,7 +25,7 @@ def read_printers(printers_file):
'''
Read printer configurations from Printer.xml
'''
printers = list()
printers = []
for prn in get_xml_root(printers_file):
prn_obj = printer(prn.tag, prn.get('name'), prn.get('status'))
@@ -42,9 +42,9 @@ def read_printers(printers_file):
return printers
def merge_printers(storage, sid, printer_objects, policy_name):
def merge_printers(storage, printer_objects, policy_name):
for device in printer_objects:
storage.add_printer(sid, device, policy_name)
storage.add_printer(device, policy_name)
def json2printer(json_str):
'''
@@ -101,7 +101,7 @@ class printer(DynamicAttributes):
'''
Return string-serialized JSON representation of the object.
'''
printer = dict()
printer = {}
printer['type'] = self.printer_type
printer['name'] = self.name
printer['status'] = self.status
@@ -113,7 +113,7 @@ class printer(DynamicAttributes):
# Nesting JSON object into JSON object makes it easier to add
# metadata if needed.
config = dict()
config = {}
config['printer'] = printer
return json.dumps(config)

28
gpoa/gpt/scriptsini.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2024 BaseALT Ltd.
# Copyright (C) 2019-2025 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -23,10 +23,10 @@ from .dynamic_attributes import DynamicAttributes
def read_scripts(scripts_file):
scripts = Scripts_lists()
logon_scripts = dict()
logoff_scripts = dict()
startup_scripts = dict()
shutdown_scripts = dict()
logon_scripts = {}
logoff_scripts = {}
startup_scripts = {}
shutdown_scripts = {}
config = configparser.ConfigParser()
config.read(scripts_file, encoding = 'utf-16')
@@ -78,22 +78,22 @@ def read_scripts(scripts_file):
return scripts
def merge_scripts(storage, sid, scripts_objects, policy_name):
def merge_scripts(storage, scripts_objects, policy_name):
for script in scripts_objects.get_logon_scripts():
storage.add_script(sid, script, policy_name)
storage.add_script(script, policy_name)
for script in scripts_objects.get_logoff_scripts():
storage.add_script(sid, script, policy_name)
storage.add_script(script, policy_name)
for script in scripts_objects.get_startup_scripts():
storage.add_script(sid, script, policy_name)
storage.add_script(script, policy_name)
for script in scripts_objects.get_shutdown_scripts():
storage.add_script(sid, script, policy_name)
storage.add_script(script, policy_name)
class Scripts_lists:
def __init__ (self):
self.__logon_scripts = list()
self.__logoff_scripts = list()
self.__startup_scripts = list()
self.__shutdown_scripts = list()
self.__logon_scripts = []
self.__logoff_scripts = []
self.__startup_scripts = []
self.__shutdown_scripts = []
def get_logon_scripts(self):
return self.__logon_scripts

6
gpoa/gpt/services.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2024 BaseALT Ltd.
# Copyright (C) 2019-2025 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -23,7 +23,7 @@ def read_services(service_file):
'''
Read Services.xml from GPT.
'''
services = list()
services = []
for srv in get_xml_root(service_file):
srv_obj = service(srv.get('name'))
@@ -40,7 +40,7 @@ def read_services(service_file):
return services
def merge_services(storage, sid, service_objects, policy_name):
def merge_services(storage, service_objects, policy_name):
for srv in service_objects:
pass

8
gpoa/gpt/shortcuts.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2024 BaseALT Ltd.
# Copyright (C) 2019-2025 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -69,7 +69,7 @@ def read_shortcuts(shortcuts_file):
:shortcuts_file: Location of Shortcuts.xml
'''
shortcuts = list()
shortcuts = []
for link in get_xml_root(shortcuts_file):
props = link.find('Properties')
@@ -95,9 +95,9 @@ def read_shortcuts(shortcuts_file):
return shortcuts
def merge_shortcuts(storage, sid, shortcut_objects, policy_name):
def merge_shortcuts(storage, shortcut_objects, policy_name):
for shortcut in shortcut_objects:
storage.add_shortcut(sid, shortcut, policy_name)
storage.add_shortcut(shortcut, policy_name)
def find_desktop_entry(binary_path):

4
gpoa/gpt/tasks.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
# Copyright (C) 2019-2025 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -19,7 +19,7 @@
def read_tasks(filename):
pass
def merge_tasks(storage, sid, task_objects, policy_name):
def merge_tasks(storage, task_objects, policy_name):
for task in task_objects:
pass

10
gpoa/gpupdate
View File

@@ -2,7 +2,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
# Copyright (C) 2019-2025 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -113,14 +113,14 @@ def runner_factory(args, target):
target = 'COMPUTER'
except:
username = None
logdata = dict({'username': args.user})
logdata = {'username': args.user}
log('W1', logdata)
else:
# User may only perform gpupdate for machine (None) or
# itself (os.getusername()).
username = pwd.getpwuid(os.getuid()).pw_name
if args.user != username:
logdata = dict({'username': username})
logdata = {'username': username}
log('W2', logdata)
if args.system:
@@ -179,7 +179,7 @@ def main():
try:
gpo_appliers[0].run()
except Exception as exc:
logdata = dict({'error': str(exc)})
logdata = {'error': str(exc)}
log('E5')
return int(ExitCodeUpdater.FAIL_GPUPDATE_COMPUTER_NOREPLY)
@@ -187,7 +187,7 @@ def main():
try:
gpo_appliers[1].run()
except Exception as exc:
logdata = dict({'error': str(exc)})
logdata = {'error': str(exc)}
log('E6', logdata)
return int(ExitCodeUpdater.FAIL_GPUPDATE_USER_NOREPLY)
else:

60
gpoa/gpupdate-setup
View File

@@ -2,7 +2,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2024 BaseALT Ltd.
# Copyright (C) 2019-2025 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -30,6 +30,7 @@ from util.util import (
)
from util.config import GPConfig
from util.paths import get_custom_policy_dir
from frontend.appliers.ini_file import Ini_file
class Runner:
@@ -77,7 +78,7 @@ def parse_arguments():
type=str,
nargs='?',
const='backend',
choices=['local', 'samba'],
choices=['local', 'samba', 'freeipa'],
help='Backend (source of settings) name')
parser_write.add_argument('status',
@@ -92,7 +93,7 @@ def parse_arguments():
type=str,
nargs='?',
const='backend',
choices=['local', 'samba'],
choices=['local', 'samba', 'freeipa'],
help='Backend (source of settings) name')
parser_enable.add_argument('--local-policy',
@@ -101,7 +102,7 @@ def parse_arguments():
parser_enable.add_argument('--backend',
default='samba',
type=str,
choices=['local', 'samba'],
choices=['local', 'samba', 'freeipa'],
help='Backend (source of settings) name')
parser_update.add_argument('--local-policy',
@@ -110,7 +111,7 @@ def parse_arguments():
parser_update.add_argument('--backend',
default='samba',
type=str,
choices=['local', 'samba'],
choices=['local', 'samba', 'freeipa'],
help='Backend (source of settings) name')
@@ -221,6 +222,8 @@ def enable_gp(policy_name, backend_type):
cmd_enable_gpupdate_user_timer = ['/bin/systemctl', '--global', 'enable', 'gpupdate-user.timer']
cmd_enable_gpupdate_scripts_service = ['/bin/systemctl', 'enable', 'gpupdate-scripts-run.service']
cmd_enable_gpupdate_user_scripts_service = ['/bin/systemctl', '--global', 'enable', 'gpupdate-scripts-run-user.service']
cmd_ipa_client_samba = ['/usr/sbin/ipa-client-samba', '--unattended']
config = GPConfig()
@@ -271,6 +274,28 @@ def enable_gp(policy_name, backend_type):
if not is_unit_enabled('gpupdate.timer'):
disable_gp()
return
if backend_type == 'freeipa':
result = runcmd(cmd_ipa_client_samba)
if result[0] != 0:
if "already configured" in str(result[1]) or "already exists" in str(result[1]):
print("FreeIPA is already configured")
else:
print(str(result))
return
else:
print(str(result))
ini_obj = type("ini", (), {})()
ini_obj.path = "/etc/samba/smb.conf"
ini_obj.section = "global"
ini_obj.action = "UPDATE"
ini_obj.property = "log level"
ini_obj.value = "0"
Ini_file(ini_obj)
# Enable gpupdate-setup.timer for all users
if not rollback_on_error(cmd_enable_gpupdate_user_timer):
return
@@ -342,18 +367,19 @@ def act_default_policy():
def main():
arguments = parse_arguments()
action = dict()
action['list'] = act_list
action['list-backends'] = act_list_backends
action['status'] = act_status
action['set-backend'] = act_set_backend
action['write'] = act_write
action['enable'] = act_enable
action['update'] = act_enable
action['disable'] = disable_gp
action['active-policy'] = act_active_policy
action['active-backend'] = act_active_backend
action['default-policy'] = act_default_policy
action = {
'list': act_list,
'list-backends': act_list_backends,
'status': act_status,
'set-backend': act_set_backend,
'write': act_write,
'enable': act_enable,
'update': act_enable,
'disable': disable_gp,
'active-policy': act_active_policy,
'active-backend': act_active_backend,
'default-policy': act_default_policy
}
if arguments.action == None:
action['status']()

46
gpoa/locale/ru_RU/LC_MESSAGES/gpoa.po
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2024 BaseALT Ltd.
# Copyright (C) 2019-2025 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -268,6 +268,12 @@ msgstr "Не удалось обновить LDAP новыми данными п
msgid "Failed to change local user password"
msgstr "Не удалось изменить пароль локального пользователя"
msgid "Unable to initialize Freeipa backend"
msgstr "Невозможно инициализировать бэкэнд Freeipa"
msgid "FreeIPA API Error"
msgstr "Ошибка API FreeIPA"
# Error_end
# Debug
@@ -949,6 +955,21 @@ msgstr "Пароль успешно обновлён"
msgid "Cleaning the autofs catalog"
msgstr "Очистка каталога autofs"
msgid "No user login records found"
msgstr "Не найдены записи о входе пользователя"
msgid "Calculating time since the first user login after their password change"
msgstr "Расчет времени с момента первого входа пользователя после изменения их пароля"
msgid "No logins found after password change"
msgstr "Не найдены входы после изменения пароля"
msgid "Unknown message type, no message assigned"
msgstr "Неизвестный тип сообщения"
msgid "Failed to load cached versions"
msgstr "Не удалось загрузить кешированные версии"
# Debug_end
# Warning
@@ -1064,6 +1085,25 @@ msgstr "Пользователь для изменения пароля не б
msgid "Error while cleaning the autofs catalog"
msgstr "Ошибка при очистке каталога autofs"
msgid "Problem with timezone detection"
msgstr "Проблема с определением часового пояса"
msgid "Error executing last command"
msgstr "Ошибка выполнения команды last"
msgid "Last command not found"
msgstr "Команда last не найдена"
msgid "Error getting user login times"
msgstr "Ошибка получения времени входа пользователя"
msgid "Invalid timezone in reference datetime"
msgstr "Некорректный часовой пояс в reference datetime"
msgid "wbinfo SID lookup failed; will try as trusted domain user"
msgstr "Ошибка получения SID через wbinfo; будет предпринята попытка как для пользователя доверенного домена"
# Warning_end
# Fatal
msgid "Unable to refresh GPO list"
msgstr "Невозможно обновить список объектов групповых политик"
@@ -1077,7 +1117,5 @@ msgstr "Не удалось получить GPT для пользователя
msgid "Unknown fatal code"
msgstr "Неизвестный код фатальной ошибки"
# get_message
msgid "Unknown message type, no message assigned"
msgstr "Неизвестный тип сообщения"

24
gpoa/messages/__init__.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2024 BaseALT Ltd.
# Copyright (C) 2019-2025 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -20,7 +20,7 @@
import gettext
def info_code(code):
info_ids = dict()
info_ids = {}
info_ids[1] = 'Got GPO list for username'
info_ids[2] = 'Got GPO'
info_ids[3] = 'Working with control'
@@ -36,7 +36,7 @@ def info_code(code):
return info_ids.get(code, 'Unknown info code')
def error_code(code):
error_ids = dict()
error_ids = {}
error_ids[1] = 'Insufficient permissions to run gpupdate'
error_ids[2] = 'gpupdate will not be started'
error_ids[3] = 'Backend execution error'
@@ -112,10 +112,12 @@ def error_code(code):
error_ids[74] = 'Autofs restart failed'
error_ids[75] = 'Failed to update LDAP with new password data'
error_ids[76] = 'Failed to change local user password'
error_ids[77] = 'Unable to initialize Freeipa backend'
error_ids[78] = 'FreeIPA API error'
return error_ids.get(code, 'Unknown error code')
def debug_code(code):
debug_ids = dict()
debug_ids = {}
debug_ids[1] = 'The GPOA process was started for user'
debug_ids[2] = 'Username is not specified - will use username of the current process'
debug_ids[3] = 'Initializing plugin manager'
@@ -346,11 +348,15 @@ def debug_code(code):
debug_ids[229] = 'Password update not needed'
debug_ids[230] = 'Password successfully updated'
debug_ids[231] = 'Cleaning the autofs catalog'
debug_ids[232] = 'No user login records found'
debug_ids[233] = 'Calculating time since the first user login after their password change'
debug_ids[234] = 'No logins found after password change'
debug_ids[235] = 'Failed to load cached versions'
return debug_ids.get(code, 'Unknown debug code')
def warning_code(code):
warning_ids = dict()
warning_ids = {}
warning_ids[1] = (
'Unable to perform gpupdate for non-existent user, '
'will update machine settings'
@@ -394,11 +400,17 @@ def warning_code(code):
warning_ids[35] = 'Failed to terminate process'
warning_ids[36] = 'The user was not found to change the password'
warning_ids[37] = 'Error while cleaning the autofs catalog'
warning_ids[38] = 'Problem with timezone detection'
warning_ids[39] = 'Error executing last command'
warning_ids[40] = 'Last command not found'
warning_ids[41] = 'Error getting user login times'
warning_ids[42] = 'Invalid timezone in reference datetime'
warning_ids[43] = 'wbinfo SID lookup failed; will try as trusted domain user'
return warning_ids.get(code, 'Unknown warning code')
def fatal_code(code):
fatal_ids = dict()
fatal_ids = {}
fatal_ids[1] = 'Unable to refresh GPO list'
fatal_ids[2] = 'Error getting GPTs for machine'
fatal_ids[3] = 'Error getting GPTs for user'

16
gpoa/pkcon_runner
View File

@@ -20,7 +20,6 @@
import rpm
import subprocess
from gpoa.storage import registry_factory
from util.gpoa_ini_parsing import GpoaConfigObj
from util.util import get_uid_by_username, string_to_literal_eval
import logging
from util.logging import log
@@ -76,24 +75,20 @@ class Pkcon_applier:
log('D142')
self.update()
for package in self.remove_packages:
logdata = {'name': package}
try:
logdata = dict()
logdata['name'] = package
log('D149', logdata)
self.remove_pkg(package)
except Exception as exc:
logdata = dict()
logdata['exc'] = exc
log('E58', logdata)
for package in self.install_packages:
logdata = {'name': package}
try:
logdata = dict()
logdata['name'] = package
log('D148', logdata)
self.install_pkg(package)
except Exception as exc:
logdata = dict()
logdata['exc'] = exc
log('E57', logdata)
@@ -107,7 +102,7 @@ class Pkcon_applier:
pass
def remove_pkg(self, package_name):
fullcmd = self.__remove_command
fullcmd = list(self.__remove_command)
fullcmd.append(package_name)
return subprocess.check_output(fullcmd)
@@ -118,15 +113,14 @@ class Pkcon_applier:
try:
res = subprocess.check_output(['/usr/bin/apt-get', 'update'], encoding='utf-8')
msg = str(res).split('\n')
logdata = dict()
logdata = {}
for mslog in msg:
ms = str(mslog).split(' ')
if ms:
logdata = {ms[0]: ms[1:-1]}
log('D143', logdata)
except Exception as exc:
logdata = dict()
logdata['msg'] = exc
logdata = {'msg': exc}
log('E56',logdata)
if __name__ == '__main__':

2
gpoa/plugin/plugin_manager.py
View File

@@ -27,7 +27,7 @@ from messages import message_with_code
class plugin_manager:
def __init__(self):
self.plugins = dict()
self.plugins = {}
logging.debug(slogm(message_with_code('D3')))
try:
self.plugins['adp'] = adp()

8
gpoa/scripts_runner
View File

@@ -33,7 +33,7 @@ class Scripts_runner:
self.dir_scripts_machine = '/var/cache/gpupdate_scripts_cache/machine/'
self.dir_scripts_users = '/var/cache/gpupdate_scripts_cache/users/'
self.user_name = user_name
self.list_with_all_commands = list()
self.list_with_all_commands = []
stack_dir = None
if work_mode and work_mode.upper() == 'MACHINE':
stack_dir = self.machine_runner_fill()
@@ -59,7 +59,7 @@ class Scripts_runner:
return self.get_stack_dir(self.dir_scripts_machine)
def get_stack_dir(self, path_dir):
stack_dir = list()
stack_dir = []
try:
dir_script = Path(path_dir)
for it_dir in dir_script.iterdir():
@@ -72,7 +72,7 @@ class Scripts_runner:
def find_action(self, stack_dir):
if not stack_dir:
return
list_tmp = list()
list_tmp = []
while stack_dir:
path_turn = stack_dir.pop()
basename = os.path.basename(path_turn)
@@ -94,7 +94,7 @@ class Scripts_runner:
except Exception as exc:
print('Argument read for {}: {}'.format(self.list_with_all_commands.pop(), exc))
else:
cmd = list()
cmd = []
cmd.append(file_in_task_dir)
self.list_with_all_commands.append(cmd)

97
gpoa/storage/dconf_registry.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2023 BaseALT Ltd.
# Copyright (C) 2019-2025 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -64,37 +64,37 @@ class Dconf_registry():
'''
_GpoPriority = 'Software/BaseALT/Policies/GpoPriority'
_gpo_name = set()
global_registry_dict = dict({_GpoPriority:{}})
previous_global_registry_dict = dict()
global_registry_dict = {_GpoPriority:{}}
previous_global_registry_dict = {}
__template_file = '/usr/share/dconf/user_mandatory.template'
_policies_path = 'Software/'
_policies_win_path = 'SOFTWARE/'
_gpt_read_flag = False
_force = False
__dconf_dict_flag = False
__dconf_dict = dict()
_dconf_db = dict()
_dict_gpo_name_version_cache = dict()
__dconf_dict = {}
_dconf_db = {}
_dict_gpo_name_version_cache = {}
_username = None
_uid = None
_envprofile = None
_path_bin_system = "/etc/dconf/db/policy"
list_keys = list()
_info = dict()
list_keys = []
_info = {}
_counter_gpt = itertools.count(0)
shortcuts = list()
folders = list()
files = list()
drives = list()
scheduledtasks = list()
environmentvariables = list()
inifiles = list()
services = list()
printers = list()
scripts = list()
networkshares = list()
shortcuts = []
folders = []
files = []
drives = []
scheduledtasks = []
environmentvariables = []
inifiles = []
services = []
printers = []
scripts = []
networkshares = []
_true_strings = {
"True",
@@ -126,7 +126,7 @@ class Dconf_registry():
def get_matching_keys(path):
if path[0] != '/':
path = '/' + path
logdata = dict()
logdata = {}
envprofile = get_dconf_envprofile()
try:
process = subprocess.Popen(['dconf', 'list', path],
@@ -157,7 +157,7 @@ class Dconf_registry():
@staticmethod
def get_key_value(key):
logdata = dict()
logdata = {}
envprofile = get_dconf_envprofile()
try:
process = subprocess.Popen(['dconf', 'read', key],
@@ -176,7 +176,7 @@ class Dconf_registry():
@staticmethod
def dconf_update(uid=None):
logdata = dict()
logdata = {}
path_dconf_config = get_dconf_config_path(uid)
db_file = path_dconf_config[:-3]
try:
@@ -209,7 +209,7 @@ class Dconf_registry():
@classmethod
def apply_template(cls, uid):
logdata = dict()
logdata = {}
if uid and cls.check_profile_template():
with open(cls.__template_file, "r") as f:
template = f.read()
@@ -259,7 +259,7 @@ class Dconf_registry():
@classmethod
def get_dictionary_from_dconf_file_db(self, uid=None, path_bin=None, save_dconf_db=False):
logdata = dict()
logdata = {}
error_skip = None
if path_bin:
error_skip = True
@@ -331,7 +331,7 @@ class Dconf_registry():
@classmethod
def filter_hkcu_entries(cls, sid, startswith):
def filter_hkcu_entries(cls, startswith):
return cls.filter_hklm_entries(startswith)
@@ -358,7 +358,7 @@ class Dconf_registry():
@classmethod
def get_entry(cls, path, dictionary = None, preg = True):
logdata = dict()
logdata = {}
result = Dconf_registry.get_storage(dictionary)
keys = path.split("\\") if "\\" in path else path.split("/")
@@ -386,7 +386,7 @@ class Dconf_registry():
return False
@classmethod
def get_hkcu_entry(cls, sid, hive_key, dictionary = None):
def get_hkcu_entry(cls, hive_key, dictionary = None):
return cls.get_hklm_entry(hive_key, dictionary)
@@ -397,85 +397,85 @@ class Dconf_registry():
@classmethod
def add_shortcut(cls, sid, sc_obj, policy_name):
def add_shortcut(cls, sc_obj, policy_name):
sc_obj.policy_name = policy_name
cls.shortcuts.append(sc_obj)
@classmethod
def add_printer(cls, sid, pobj, policy_name):
def add_printer(cls, pobj, policy_name):
pobj.policy_name = policy_name
cls.printers.append(pobj)
@classmethod
def add_drive(cls, sid, dobj, policy_name):
def add_drive(cls, dobj, policy_name):
dobj.policy_name = policy_name
cls.drives.append(dobj)
@classmethod
def add_folder(cls, sid, fobj, policy_name):
def add_folder(cls, fobj, policy_name):
fobj.policy_name = policy_name
cls.folders.append(fobj)
@classmethod
def add_envvar(self, sid, evobj, policy_name):
def add_envvar(self, evobj, policy_name):
evobj.policy_name = policy_name
self.environmentvariables.append(evobj)
@classmethod
def add_script(cls, sid, scrobj, policy_name):
def add_script(cls, scrobj, policy_name):
scrobj.policy_name = policy_name
cls.scripts.append(scrobj)
@classmethod
def add_file(cls, sid, fileobj, policy_name):
def add_file(cls, fileobj, policy_name):
fileobj.policy_name = policy_name
cls.files.append(fileobj)
@classmethod
def add_ini(cls, sid, iniobj, policy_name):
def add_ini(cls, iniobj, policy_name):
iniobj.policy_name = policy_name
cls.inifiles.append(iniobj)
@classmethod
def add_networkshare(cls, sid, networkshareobj, policy_name):
def add_networkshare(cls, networkshareobj, policy_name):
networkshareobj.policy_name = policy_name
cls.networkshares.append(networkshareobj)
@classmethod
def get_shortcuts(cls, sid):
def get_shortcuts(cls):
return cls.shortcuts
@classmethod
def get_printers(cls, sid):
def get_printers(cls):
return cls.printers
@classmethod
def get_drives(cls, sid):
def get_drives(cls):
return cls.drives
@classmethod
def get_folders(cls, sid):
def get_folders(cls):
return cls.folders
@classmethod
def get_envvars(cls, sid):
def get_envvars(cls):
return cls.environmentvariables
@classmethod
def get_scripts(cls, sid, action):
def get_scripts(cls, action):
action_scripts = list()
for part in cls.scripts:
if action == 'LOGON' and part.action == 'LOGON':
@@ -490,22 +490,22 @@ class Dconf_registry():
@classmethod
def get_files(cls, sid):
def get_files(cls):
return cls.files
@classmethod
def get_networkshare(cls, sid):
def get_networkshare(cls):
return cls.networkshares
@classmethod
def get_ini(cls, sid):
def get_ini(cls):
return cls.inifiles
@classmethod
def wipe_user(cls, sid):
def wipe_user(cls):
cls.wipe_hklm()
@@ -697,8 +697,7 @@ def create_dconf_ini_file(filename, data, uid=None, nodomain=None):
else:
file.write(f'{key} = "{value}"\n')
file.write('\n')
logdata = dict()
logdata['path'] = filename
logdata = {'path': filename}
log('D209', logdata)
create_dconf_file_locks(filename, data)
Dconf_registry.dconf_update(uid)
@@ -845,7 +844,7 @@ def add_preferences_to_global_registry_dict(username, is_machine):
def extract_display_name_version(data, username):
policy_force = data.get('Software/BaseALT/Policies/GPUpdate', {}).get('Force', False)
if Dconf_registry._force or policy_force:
logdata = dict({'username': username})
logdata = {'username': username}
log('W26', logdata)
return {}
result = {}

14
gpoa/storage/fs_file_cache.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2021-2024 BaseALT Ltd. <org@basealt.ru>
# Copyright (C) 2021-2025 BaseALT Ltd. <org@basealt.ru>
# Copyright (C) 2021 Igor Chudov <nir@nir.org.ru>
#
# This program is free software: you can redistribute it and/or modify
@@ -42,7 +42,7 @@ class fs_file_cache:
self.storage_uri = file_cache_dir()
else:
self.storage_uri = file_cache_dir()
logdata = dict({'cache_file': self.storage_uri})
logdata = {'cache_file': self.storage_uri}
log('D20', logdata)
self.samba_context = smbc.Context(use_kerberos=1)
#, debug=10)
@@ -62,7 +62,7 @@ class fs_file_cache:
return None
except Exception as exc:
logdata = dict({'exception': str(exc)})
logdata = {'exception': str(exc)}
log('D144', logdata)
raise exc
@@ -87,7 +87,7 @@ class fs_file_cache:
os.rename(tmpfile, destfile)
os.chmod(destfile, 0o644)
except Exception as exc:
logdata = dict({'exception': str(exc)})
logdata = {'exception': str(exc)}
log('W25', logdata)
tmppath = Path(tmpfile)
if tmppath.exists():
@@ -103,10 +103,10 @@ class fs_file_cache:
uri_path.get_domain(),
uri_path.get_path()))
except NotUNCPathError as exc:
logdata = dict({'path': str(exc)})
logdata = {'path': str(exc)}
log('D62', logdata)
except Exception as exc:
logdata = dict({'exception': str(exc)})
logdata = {'exception': str(exc)}
log('E36', logdata)
raise exc
if Path(destfile).exists():
@@ -125,6 +125,6 @@ class fs_file_cache:
except Exception as exc:
if Path(uri).exists():
return None
logdata = dict({'exception': str(exc)})
logdata = {'exception': str(exc)}
log('W12', logdata)
return None

2
gpoa/util/arguments.py
View File

@@ -68,7 +68,7 @@ def process_target(target_name=None):
if target_name:
target = target_name
logdata = dict({'target': target})
logdata = {'target': target}
log('D10', logdata)
return target.upper()

15
gpoa/util/dbus.py
View File

@@ -71,7 +71,7 @@ class dbus_runner:
def run(self):
if self.username:
logdata = dict({'username': self.username})
logdata = {'username': self.username}
log('D6', logdata)
gpupdate = 'gpupdate' if not Dconf_registry._force else 'gpupdate_force'
if is_root():
@@ -88,8 +88,7 @@ class dbus_runner:
timeout=self._synchronous_timeout)
print_dbus_result(result)
except dbus.exceptions.DBusException as exc:
logdata = dict()
logdata['username'] = self.username
logdata = {'username': self.username}
log('E23', logdata)
raise exc
else:
@@ -103,7 +102,7 @@ class dbus_runner:
timeout=self._synchronous_timeout)
print_dbus_result(result)
except dbus.exceptions.DBusException as exc:
logdata = dict({'error': str(exc)})
logdata = {'error': str(exc)}
log('E21', logdata)
raise exc
else:
@@ -121,7 +120,7 @@ class dbus_runner:
timeout=self._synchronous_timeout)
print_dbus_result(result)
except dbus.exceptions.DBusException as exc:
logdata = dict({'error': str(exc)})
logdata = {'error': str(exc)}
log('E22', logdata)
raise exc
@@ -194,7 +193,7 @@ def print_dbus_result(result):
'''
exitcode = result[0]
message = result[1:]
logdata = dict({'retcode': exitcode})
logdata = {'retcode': exitcode}
log('D12', logdata)
for line in message:
@@ -208,7 +207,7 @@ class dbus_session:
self.session_dbus = self.session_bus.get_object('org.freedesktop.DBus', '/org/freedesktop/DBus')
self.session_iface = dbus.Interface(self.session_dbus, 'org.freedesktop.DBus')
except dbus.exceptions.DBusException as exc:
logdata = dict({'error': str(exc)})
logdata = {'error': str(exc)}
log('E31', logdata)
raise exc
@@ -219,7 +218,7 @@ class dbus_session:
log('D57', {"pid": pid})
except dbus.exceptions.DBusException as exc:
if exc.get_dbus_name() != 'org.freedesktop.DBus.Error.NameHasNoOwner':
logdata = dict({'error': str(exc)})
logdata = {'error': str(exc)}
log('E32', logdata)
raise exc
log('D58', {'connection': connection})

4
gpoa/util/exceptions.py
View File

@@ -27,13 +27,13 @@ def geterr():
'''
etype, evalue, etrace = sys.exc_info()
traceinfo = dict({
traceinfo = {
'file': etrace.tb_frame.f_code.co_filename
, 'line': etrace.tb_lineno
, 'name': etrace.tb_frame.f_code.co_name
, 'type': etype.__name__
, 'message': evalue
})
}
del(etype, evalue, etrace)

68
gpoa/util/ipa.py Normal file
View File

@@ -0,0 +1,68 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import configparser
import os
from ipalib import api
class ipaopts:
def __init__(self):
"""Initialize the class and load the FreeIPA config file."""
self.config_file = "/etc/ipa/default.conf"
self.config = configparser.ConfigParser()
if not os.path.exists(self.config_file):
raise FileNotFoundError(f"Config file for Freeipa{self.config_file} not found.")
self.config.read(self.config_file)
def get_realm(self):
"""Return the Kerberos realm from the config."""
try:
return self.config.get('global', 'realm')
except (configparser.NoSectionError, configparser.NoOptionError):
raise ValueError("Realm not found in config file.")
def get_domain(self):
"""Return the domain from the config."""
try:
return self.config.get('global', 'domain')
except (configparser.NoSectionError, configparser.NoOptionError):
raise ValueError("Domain not found in config file.")
def get_server(self):
"""
Return the FreeIPA PDC Emulator server from API.
"""
try:
result = api.Command.gpmaster_show_pdc()
pdc_server = result['result']['pdc_emulator']
return pdc_server
except Exception as e:
pass
def get_machine_name(self):
"""Return the host from the config."""
try:
return self.config.get('global', 'host')
except (configparser.NoSectionError, configparser.NoOptionError):
raise ValueError("Host not found in config file.")
def get_cache_dir(self):
"""Return the cache directory path."""
return "/var/cache/freeipa/gpo_cache"

102
gpoa/util/ipacreds.py Normal file
View File

@@ -0,0 +1,102 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2025 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>
import smbc
import os
import re
from ipalib import api
from pathlib import Path
from storage.dconf_registry import Dconf_registry, extract_display_name_version
from util.util import get_uid_by_username
from .ipa import ipaopts
from util.logging import log
class ipacreds(ipaopts):
def __init__(self):
super().__init__()
self.smb_context = smbc.Context(use_kerberos=True)
self.gpo_list = []
def update_gpos(self, username):
gpos = []
try:
if not api.isdone('bootstrap'):
api.bootstrap(context='cli')
if not api.isdone('finalize'):
api.finalize()
api.Backend.rpcclient.connect()
try:
server = self.get_server()
is_machine = (username == self.get_machine_name())
if is_machine:
result = api.Command.chain_resolve_for_host(username)
else:
result = api.Command.chain_resolve_for_user(username)
policies_list = result["result"]
try:
if is_machine:
dconf_dict = Dconf_registry.get_dictionary_from_dconf_file_db(save_dconf_db=True)
else:
uid = get_uid_by_username(username)
dconf_dict = Dconf_registry.get_dictionary_from_dconf_file_db(uid, save_dconf_db=True)
dict_gpo_name_version = extract_display_name_version(dconf_dict, username)
except Exception as exc:
logdata = {'exc': str(exc)}
log('D235', logdata)
dict_gpo_name_version = {}
for policy in policies_list:
class SimpleGPO:
def __init__(self, policy_data):
self.display_name = policy_data.get('name', 'Unknown')
self.file_sys_path = policy_data.get('file_system_path', '')
self.version = int(policy_data.get('version', 0))
self.flags = int(policy_data.get('flags', 0))
self.link = policy_data.get('link', 'Unknown')
guid_match = re.search(r'\{[^}]+\}', self.file_sys_path)
self.name = guid_match.group(0) if guid_match else f"policy_{id(self)}"
gpo = SimpleGPO(policy)
if (gpo.display_name in dict_gpo_name_version.keys() and
dict_gpo_name_version.get(gpo.display_name, {}).get('version') == str(gpo.version)):
cached_path = dict_gpo_name_version.get(gpo.display_name, {}).get('correct_path')
if cached_path and Path(cached_path).exists():
gpo.file_sys_path = cached_path
ldata = {'gpo_name': gpo.display_name, 'gpo_uuid': gpo.name, 'file_sys_path_cache': True}
else:
ldata = {'gpo_name': gpo.display_name, 'gpo_uuid': gpo.name, 'file_sys_path': gpo.file_sys_path}
else:
ldata = {'gpo_name': gpo.display_name, 'gpo_uuid': gpo.name, 'file_sys_path': gpo.file_sys_path}
gpos.append(gpo)
finally:
api.Backend.rpcclient.disconnect()
except Exception as exc:
logdata = {'exc': str(exc)}
log('E78', logdata)
return gpos, server
def get_domain(self):
return super().get_domain()
def get_server(self):
return super().get_server()
def get_cache_dir(self):
return super().get_cache_dir()

33
gpoa/util/kerberos.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
# Copyright (C) 2019-2025 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -22,20 +22,31 @@ import subprocess
from .util import get_machine_name
from .logging import log
from .samba import smbopts
from .ipa import ipaopts
def machine_kinit(cache_name=None):
def machine_kinit(cache_name=None, backend_type=None):
'''
Perform kinit with machine credentials
'''
opts = smbopts()
host = get_machine_name()
realm = opts.get_realm()
with_realm = '{}@{}'.format(host, realm)
os.environ['KRB5CCNAME'] = 'FILE:{}'.format(cache_name)
kinit_cmd = ['kinit', '-k', with_realm]
if backend_type == 'freeipa':
keytab_path = '/etc/samba/samba.keytab'
opts = ipaopts()
host = "cifs/" + opts.get_machine_name()
realm = opts.get_realm()
with_realm = '{}@{}'.format(host, realm)
kinit_cmd = ['kinit', '-kt', keytab_path, with_realm]
else:
opts = smbopts()
host = get_machine_name()
realm = opts.get_realm()
with_realm = '{}@{}'.format(host, realm)
kinit_cmd = ['kinit', '-k', with_realm]
if cache_name:
os.environ['KRB5CCNAME'] = 'FILE:{}'.format(cache_name)
kinit_cmd.extend(['-c', cache_name])
proc = subprocess.Popen(kinit_cmd)
proc.wait()
@@ -80,12 +91,10 @@ def check_krb_ticket():
subprocess.check_call(['klist', '-s'])
output = subprocess.check_output('klist', stderr=subprocess.STDOUT).decode()
result = True
logdata = dict()
logdata['output'] = output
logdata = {'output': output}
log('D17', logdata)
except Exception as exc:
logdata = dict()
logdata['krb-exc'] = exc
logdata = {'krb-exc': exc}
log('E14', logdata)
return result

6
gpoa/util/logging.py
View File

@@ -40,15 +40,15 @@ class slogm(object):
'''
Structured log message class
'''
def __init__(self, message, kwargs=dict()):
def __init__(self, message, kwargs={}):
self.message = message
self.kwargs = kwargs
if not self.kwargs:
self.kwargs = dict()
self.kwargs = {}
def __str__(self):
now = str(datetime.datetime.now().isoformat(sep=' ', timespec='milliseconds'))
args = dict()
args = {}
args.update(self.kwargs)
result = '{}|{}|{}'.format(now, self.message, args)

18
gpoa/util/preg.py
View File

@@ -39,7 +39,7 @@ def load_xml_preg(xml_path):
'''
Parse XML/PReg file and return its preg object
'''
logdata = dict({'polfile': xml_path})
logdata = {'polfile': xml_path}
log('D36', logdata)
gpparser = GPPolParser()
xml_root = ElementTree.parse(xml_path).getroot()
@@ -53,14 +53,14 @@ def load_pol_preg(polfile):
'''
Parse PReg file and return its preg object
'''
logdata = dict({'polfile': polfile})
logdata = {'polfile': polfile}
log('D31', logdata)
gpparser = GPPolParser()
data = None
with open(polfile, 'rb') as f:
data = f.read()
logdata = dict({'polfile': polfile, 'length': len(data)})
logdata = {'polfile': polfile, 'length': len(data)}
log('D33', logdata)
gpparser.parse(data)
@@ -71,7 +71,7 @@ def load_pol_preg(polfile):
def preg_keymap(preg):
pregfile = load_preg(preg)
keymap = dict()
keymap = {}
for entry in pregfile.entries:
hive_key = '{}\\{}'.format(entry.keyname, entry.valuename)
@@ -86,7 +86,7 @@ def merge_polfile(preg, sid=None, reg_name='registry', reg_path=None, policy_nam
load_preg_dconf(pregfile, preg, policy_name, None, gpo_info)
else:
load_preg_dconf(pregfile, preg, policy_name, username, gpo_info)
logdata = dict({'pregfile': preg})
logdata = {'pregfile': preg}
log('D32', logdata)
@@ -97,16 +97,12 @@ class entry:
self.valuename = e_valuename
self.type = e_type
self.data = e_data
logdata = dict()
logdata['keyname'] = self.keyname
logdata['valuename'] = self.valuename
logdata['type'] = self.type
logdata['data'] = self.data
logdata = {'keyname': self.keyname, 'valuename': self.valuename, 'type': self.type, 'data': self.data}
log('D22', logdata)
class pentries:
def __init__(self):
self.entries = list()
self.entries = []
def preg2entries(preg_obj):

14
gpoa/util/roles.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
# Copyright (C) 2019-2025 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -28,7 +28,7 @@ def get_roles(role_dir):
'''
Return list of directories in /etc/role named after role plus '.d'
'''
directories = list()
directories = []
try:
for item in role_dir.iterdir():
if item.is_dir():
@@ -45,7 +45,7 @@ def read_groups(role_file_path):
'''
Read list of whitespace-separated groups from file
'''
groups = list()
groups = []
with open(role_file_path, 'r') as role_file:
lines = role_file.readlines()
@@ -54,7 +54,7 @@ def read_groups(role_file_path):
print(linegroups)
groups.extend(linegroups)
return set(groups)
return {*groups}
def get_rolegroups(roledir):
@@ -63,16 +63,16 @@ def get_rolegroups(roledir):
'''
roledir_path = pathlib.Path(roledir)
group_files = list()
group_files = []
for item in roledir_path.iterdir():
if item.is_file():
group_files.append(item)
groups = list()
groups = []
for item in group_files:
groups.extend(read_groups(item))
return set(groups)
return {*groups}
def create_role(role_name, privilege_list):
'''

6
gpoa/util/rpm.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
# Copyright (C) 2019-2025 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -116,7 +116,7 @@ def install_rpms(rpm_names):
'''
Install set of RPMs sequentially
'''
result = list()
result = []
for package in rpm_names:
result.append(install_rpm(package))
@@ -127,7 +127,7 @@ def remove_rpms(rpm_names):
'''
Remove set of RPMs requentially
'''
result = list()
result = []
for package in rpm_names:
result.append(remove_rpm(package))

24
gpoa/util/sid.py
View File

@@ -22,6 +22,7 @@ from enum import Enum
import pwd
import subprocess
import pysss_nss_idmap
from storage.dconf_registry import Dconf_registry
from .logging import log
@@ -38,10 +39,19 @@ def wbinfo_getsid(domain, user):
# This part works only on DC
wbinfo_cmd = ['wbinfo', '-n', username]
output = subprocess.check_output(wbinfo_cmd)
sid = output.split()[0].decode('utf-8')
return sid
try:
output = subprocess.check_output(wbinfo_cmd, stderr=subprocess.STDOUT)
Dconf_registry.set_info('trust', False)
return output.split()[0].decode('utf-8')
except:
log('W43')
try:
wbinfo_cmd[-1] = user
output = subprocess.check_output(wbinfo_cmd)
Dconf_registry.set_info('trust', True)
except Exception as exc:
raise exc
return output.split()[0].decode('utf-8')
def get_local_sid_prefix():
@@ -65,10 +75,10 @@ def get_sid(domain, username, is_machine = False):
try:
sid = wbinfo_getsid(domain, username)
except:
logdata = dict({'sid': sid})
logdata = {'sid': sid}
log('E16', logdata)
logdata = dict({'sid': sid})
logdata = {'sid': sid}
log('D21', logdata)
return sid
@@ -203,7 +213,7 @@ def is_sid(sid):
pass
def sid2descr(sid):
sids = dict()
sids = {}
sids['S-1-0'] = 'Null Authority'
sids['S-1-0-0'] = 'Nobody'
sids['S-1-1'] = 'World Authority'

6
gpoa/util/system.py
View File

@@ -55,7 +55,7 @@ def set_privileges(username, uid, gid, groups, home):
os.chdir(home)
logdata = dict()
logdata = {}
logdata['uid'] = uid
logdata['gid'] = gid
logdata['username'] = username
@@ -123,12 +123,12 @@ def with_privileges(username, func):
pass
except Exception as exc:
logdata = dict()
logdata = {}
logdata['msg'] = str(exc)
log('E33', logdata)
result = 1;
finally:
logdata = dict()
logdata = {}
logdata['dbus_pid'] = dbus_pid
logdata['dconf_pid'] = dconf_pid
log('D56', logdata)

6
gpoa/util/util.py
View File

@@ -106,7 +106,7 @@ def get_backends():
'''
Get the list of backends supported by GPOA
'''
return ['local', 'samba']
return ['local', 'samba', 'freeipa']
def get_default_policy_name():
'''
@@ -138,7 +138,7 @@ def get_policy_entries(directory):
'''
Get list of directories representing "Local Policy" templates.
'''
filtered_entries = list()
filtered_entries = []
if os.path.isdir(directory):
entries = [os.path.join(directory, entry) for entry in os.listdir(directory)]
@@ -162,7 +162,7 @@ def get_policy_variants():
system_policies = get_policy_entries(policy_dir)
user_policies = get_policy_entries(etc_policy_dir)
general_listing = list()
general_listing = []
general_listing.extend(system_policies)
general_listing.extend(user_policies)

40
gpoa/util/windows.py
View File

@@ -19,13 +19,13 @@
import os
from pathlib import Path
from samba import getopt as options
from samba.credentials import Credentials
from samba import NTSTATUSError
try:
from samba.gpclass import get_dc_hostname, check_refresh_gpo_list
except ImportError:
from samba.gp.gpclass import get_dc_hostname, check_refresh_gpo_list
from samba.gp.gpclass import get_dc_hostname, check_refresh_gpo_list, get_gpo_list
from samba.netcmd.common import netcmd_get_domain_infos_via_cldap
from storage.dconf_registry import Dconf_registry, extract_display_name_version
@@ -51,10 +51,13 @@ class smbcreds (smbopts):
def __init__(self, dc_fqdn=None):
smbopts.__init__(self, 'GPO Applier')
self.credopts = options.CredentialsOptions(self.parser)
self.creds = self.credopts.get_credentials(self.lp, fallback_machine=True)
self.creds = Credentials()
self.creds.guess(self.lp)
self.creds.set_machine_account()
self.set_dc(dc_fqdn)
self.sDomain = SiteDomainScanner(self.creds, self.lp, self.selected_dc)
self.sDomain = SiteDomainScanner(self.creds, self.lp, self.selected_dc)
self.dc_site_servers = self.sDomain.select_site_servers()
self.all_servers = self.sDomain.select_all_servers()
[self.all_servers.remove(element)
@@ -73,7 +76,7 @@ class smbcreds (smbopts):
try:
if dc_fqdn is not None:
logdata = dict()
logdata = {}
logdata['user_dc'] = dc_fqdn
log('D38', logdata)
@@ -81,7 +84,7 @@ class smbcreds (smbopts):
else:
self.selected_dc = get_dc_hostname(self.creds, self.lp)
except Exception as exc:
logdata = dict()
logdata = {}
logdata['msg'] = str(exc)
log('E10', logdata)
raise exc
@@ -96,7 +99,7 @@ class smbcreds (smbopts):
# Look and python/samba/netcmd/domain.py for more examples
res = netcmd_get_domain_infos_via_cldap(self.lp, None, self.selected_dc)
dns_domainname = res.dns_domain
logdata = dict({'domain': dns_domainname})
logdata = {'domain': dns_domainname}
log('D18', logdata)
except Exception as exc:
log('E15')
@@ -109,11 +112,18 @@ class smbcreds (smbopts):
Get GPO list for the specified username for the specified DC
hostname
'''
gpos = list()
gpos = []
if Dconf_registry.get_info('machine_name') == username:
dconf_dict = Dconf_registry.get_dictionary_from_dconf_file_db(save_dconf_db=True)
self.is_machine = True
else:
dconf_dict = Dconf_registry.get_dictionary_from_dconf_file_db(get_uid_by_username(username), save_dconf_db=True)
self.is_machine = False
if not self.is_machine and Dconf_registry.get_info('trust'):
# TODO: Always returning an empty list here.
# Need to implement fetching policies from the trusted domain.
return []
dict_gpo_name_version = extract_display_name_version(dconf_dict, username)
try:
log('D48')
@@ -121,7 +131,7 @@ class smbcreds (smbopts):
if ads.connect():
log('D47')
gpos = ads.get_gpo_list(username)
logdata = dict({'username': username})
logdata = {'username': username}
log('I1', logdata)
for gpo in gpos:
# These setters are taken from libgpo/pygpo.c
@@ -129,16 +139,16 @@ class smbcreds (smbopts):
if gpo.display_name in dict_gpo_name_version.keys() and dict_gpo_name_version.get(gpo.display_name, {}).get('version') == str(getattr(gpo, 'version', None)):
if Path(dict_gpo_name_version.get(gpo.display_name, {}).get('correct_path')).exists():
gpo.file_sys_path = ''
ldata = dict({'gpo_name': gpo.display_name, 'gpo_uuid': gpo.name, 'file_sys_path_cache': True})
ldata = {'gpo_name': gpo.display_name, 'gpo_uuid': gpo.name, 'file_sys_path_cache': True}
log('I11', ldata)
continue
ldata = dict({'gpo_name': gpo.display_name, 'gpo_uuid': gpo.name, 'file_sys_path': gpo.file_sys_path})
ldata = {'gpo_name': gpo.display_name, 'gpo_uuid': gpo.name, 'file_sys_path': gpo.file_sys_path}
log('I2', ldata)
except Exception as exc:
if self.selected_dc != self.pdc_emulator_server:
raise GetGPOListFail(exc)
logdata = dict({'username': username, 'dc': self.selected_dc, 'exc': exc})
logdata = {'username': username, 'dc': self.selected_dc, 'exc': exc}
log('E17', logdata)
return gpos
@@ -163,7 +173,7 @@ class smbcreds (smbopts):
gpos = self.get_gpos(username)
while list_selected_dc:
logdata = dict()
logdata = {}
logdata['username'] = username
logdata['dc'] = self.selected_dc
try:
@@ -308,7 +318,7 @@ def expand_windows_var(text, username=None):
'''
Scan the line for percent-encoded variables and expand them.
'''
variables = dict()
variables = {}
variables['HOME'] = '/etc/skel'
variables['HOMEPATH'] = '/etc/skel'
variables['HOMEDRIVE'] = '/'

3
gpoa/util/xdg.py
View File

@@ -27,8 +27,7 @@ def xdg_get_desktop(username, homedir = None):
homedir = get_homedir(username)
if not homedir:
msgtext = message_with_code('E18')
logdata = dict()
logdata['username'] = username
logdata = {}
log('E18', logdata)
raise Exception(msgtext)

35
gpupdate.spec
View File

@@ -34,9 +34,11 @@
%add_python3_req_skip util.windows
%add_python3_req_skip util.xml
%add_python3_req_skip util.gpoa_ini_parsing
%add_python3_req_skip util.ipacreds
%add_python3_req_skip frontend.appliers.ini_file
Name: gpupdate
Version: 0.13.0
Version: 0.13.4
Release: alt1
Summary: GPT applier
@@ -63,6 +65,7 @@ Requires: dconf-profile
Requires: packagekit
Requires: dconf
Requires: libgvdb-gir
Requires: freeipa-client-samba
# This is needed by shortcuts_applier
Requires: desktop-file-utils
# This is needed for smb file cache support
@@ -199,6 +202,36 @@ fi
%exclude %python3_sitelibdir/gpoa/test
%changelog
* Mon Aug 25 2025 Valery Sinelnikov <greh@altlinux.org> 0.13.4-alt1
- Added:
Production-ready modules: CUPS, file management, INI config (default),
package management, script modules
Fallback SID lookup for trusted domain users
Missing log translations (laps: timezone, login)
Added ownership handling for files within user home directory
- Changed:
Refactored to use literals ({}, []) instead of constructors
Final optimization passes and minor cleanups
Updated copyright year
Adjusted login time search and messages
- Fixed:
Skipped policy retrieval for trusted users to avoid GPO errors
Corrected login time tracking in laps
Fixed typos
Prevented subprocess errors from printing to console
Adjusted call order (save_dconf - start_frontend)
- Removed:
Legacy sid variable propagation and related helpers
* Sat Jul 26 2025 Evgeny Sinelnikov <sin@altlinux.org> 0.13.3-alt1
- Fixed machine account credentials initialization (closes: 55324)
* Thu Apr 03 2025 Valery Sinelnikov <greh@altlinux.org> 0.13.2-alt1
- Fixed: Check directory existence before cleanup to avoid errors(closes:53703)
* Fri Mar 14 2025 Valery Sinelnikov <greh@altlinux.org> 0.13.1-alt1
- Refined registry key handling: LAPS enablement and user presence check
* Thu Mar 06 2025 Valery Sinelnikov <greh@altlinux.org> 0.13.0-alt1
- Implemented Local Administrator Password Solution (LAPS) functionality,
including support for Group Policy Object (GPO) keys to