public/gpupdate
1
0
Fork 1
mirror of https://github.com/altlinux/gpupdate.git synced 2025-09-06 09:44:24 +03:00
Code Releases Wiki Activity

Compare commits

base: public:0.3.0-alt1
Branches Tags
public:master public:cleanup_machine_account public:machine_account_creds public:fix_kde_version public:fix_kde_screen public:fix_cache public:fix_kde public:fix_oddjob public:fix_plasmaupdate public:fix_kde_applier public:fix_firefox public:fix_check_enable public:fix_dconf_update public:dconf_registry public:astra public:translation_for_several_logs public:ntp_applier_addition public:local_admin_policy_v3 public:local_admin_policy_v2 public:oddjob-gpupdate public:gsettings_fixed_error_unable_to_cache_specified_URI public:bugsFix public:logRu public:package_pkcon public:kdestroy_trouble public:fix_gsettings public:samba_registry_storage public:man_gpupdate_setup public:postinst_remove_cache public:quota_applier public:binary_modules
public:0.13.4-alt1 public:0.13.3-alt1 public:0.13.2-alt1 public:0.13.1-alt1 public:0.13.0-alt1 public:0.12.2-alt1 public:0.12.1-alt1 public:0.12.0-alt1 public:0.11.4-alt1 public:0.11.3-alt1 public:0.11.2-alt1 public:0.11.1-alt1 public:0.11.0-alt1 public:0.10.6-alt1 public:0.10.5-alt1 public:0.10.4-alt1 public:0.10.3-alt1 public:0.10.2-alt1 public:0.10.1-alt1 public:0.10.0-alt1 public:0.9.13.5-alt1 public:0.9.13.4-alt1 public:0.9.12.4-alt1 public:0.9.12.1-alt1 public:0.9.12-alt2 public:0.9.11.2-alt1 public:0.9.11.1-alt1 public:0.9.11-alt1 public:0.9.10-alt1 public:0.9.9.1-alt1 public:0.9.9-alt1 public:0.9.8-alt1 public:0.9.7-alt1 public:0.9.6-alt1 public:0.9.5-alt1 public:0.9.4-alt1 public:0.9.3-alt1 public:0.9.2-alt1 public:0.9.1-alt1 public:0.9.0-alt1 public:0.8.2-alt1 public:0.8.1-alt3 public:0.8.1-alt2 public:0.8.1-alt1 public:0.8.0-alt1 public:0.7.0-alt1 public:0.6.0-alt2 public:0.6.0-alt1 public:0.5.0-alt1 public:0.4.5-alt1 public:0.4.4-alt1 public:0.4.3-alt1 public:0.4.1-alt1 public:0.4.0-alt1 public:0.3.0-alt1
..
compare: public:binary_modules
Branches Tags
public:master public:cleanup_machine_account public:machine_account_creds public:fix_kde_version public:fix_kde_screen public:fix_cache public:fix_kde public:fix_oddjob public:fix_plasmaupdate public:fix_kde_applier public:fix_firefox public:fix_check_enable public:fix_dconf_update public:dconf_registry public:astra public:translation_for_several_logs public:ntp_applier_addition public:local_admin_policy_v3 public:local_admin_policy_v2 public:oddjob-gpupdate public:gsettings_fixed_error_unable_to_cache_specified_URI public:bugsFix public:logRu public:package_pkcon public:kdestroy_trouble public:fix_gsettings public:samba_registry_storage public:man_gpupdate_setup public:postinst_remove_cache public:quota_applier public:binary_modules
public:0.13.4-alt1 public:0.13.3-alt1 public:0.13.2-alt1 public:0.13.1-alt1 public:0.13.0-alt1 public:0.12.2-alt1 public:0.12.1-alt1 public:0.12.0-alt1 public:0.11.4-alt1 public:0.11.3-alt1 public:0.11.2-alt1 public:0.11.1-alt1 public:0.11.0-alt1 public:0.10.6-alt1 public:0.10.5-alt1 public:0.10.4-alt1 public:0.10.3-alt1 public:0.10.2-alt1 public:0.10.1-alt1 public:0.10.0-alt1 public:0.9.13.5-alt1 public:0.9.13.4-alt1 public:0.9.12.4-alt1 public:0.9.12.1-alt1 public:0.9.12-alt2 public:0.9.11.2-alt1 public:0.9.11.1-alt1 public:0.9.11-alt1 public:0.9.10-alt1 public:0.9.9.1-alt1 public:0.9.9-alt1 public:0.9.8-alt1 public:0.9.7-alt1 public:0.9.6-alt1 public:0.9.5-alt1 public:0.9.4-alt1 public:0.9.3-alt1 public:0.9.2-alt1 public:0.9.1-alt1 public:0.9.0-alt1 public:0.8.2-alt1 public:0.8.1-alt3 public:0.8.1-alt2 public:0.8.1-alt1 public:0.8.0-alt1 public:0.7.0-alt1 public:0.6.0-alt2 public:0.6.0-alt1 public:0.5.0-alt1 public:0.4.5-alt1 public:0.4.4-alt1 public:0.4.3-alt1 public:0.4.1-alt1 public:0.4.0-alt1 public:0.3.0-alt1

171 Commits
0.3.0-alt1 ... binary_mod

Author SHA1 Message Date
Igor Chudov
8292aa69b3 Frontend expanded with binary module support 2020-04-28 00:46:05 +04:00
Igor Chudov
aa03e6dfa4 Added paths to directories with modules 2020-04-28 00:45:20 +04:00
NIR
0328afa788 Merge pull request #55 from altlinux/rpm_install_improvement 
RPM helper improved
 2020-04-28 00:10:27 +04:00
Igor Chudov
edead53d7e RPM test improved accordingly 2020-04-28 00:07:04 +04:00
Igor Chudov
db1a82f930 util.rpm: Removed strange and ugly functions and introduced simple functions instead 2020-04-28 00:02:27 +04:00
Igor Chudov
fd7cfe2b83 util.rpm: Package.reinstall() command added 2020-04-28 00:01:46 +04:00
Igor Chudov
b3694a8b4d RPM module improved with corner case checks 2020-04-24 15:19:28 +04:00
Igor Chudov
060f125258 Half-assed test for RPM 2020-04-24 15:18:51 +04:00
Igor Chudov
1f4960cb48 RPM helper improved 2020-04-23 23:10:08 +04:00
Evgeny Sinelnikov
a0c5b1a2b1 Merge pull request #45 from altlinux/preg_key_deletion 
Skip branch deletion keys
 2020-04-23 01:14:16 +04:00
Evgeny Sinelnikov
2f7e6f3a98 0.5.0-alt1 
- Update samba format: local.xml -> Machine/Registry.pol.xml
- Add support of ad-domain-controller local policy profile
- Set properly URL of project
 2020-04-22 00:54:48 +04:00
Evgeny Sinelnikov
393529f0af Merge pull request #46 from altlinux/proper_dist 
Proper dist as installation directory
 2020-04-22 00:43:33 +04:00
Evgeny Sinelnikov
ccf73c4fc6 Merge pull request #51 from altlinux/gpupdate_suppress 
Suppress extra output of gpupdate-setup
 2020-04-22 00:37:51 +04:00
Evgeny Sinelnikov
a7aa12d42d Merge pull request #49 from altlinux/samba_format 
Samba format: local.xml -> Machine/Registry.pol.xml
 2020-04-22 00:36:15 +04:00
Evgeny Sinelnikov
d12d4c4227 Merge pull request #52 from altlinux/gpoa_fixes_for_server 
Bunch of fixes for bugs found while testing GPOA on ALT Server
 2020-04-22 00:32:00 +04:00
Igor Chudov
e8833ddee0 There were two systemctl calls in gpupdate-setup 2020-04-21 23:58:05 +04:00
Igor Chudov
18e1911bb5 desktop-file-utils is missing from ALT Server by default 2020-04-21 23:56:43 +04:00
Igor Chudov
fa34dc9e96 python3-module-dbus does not added to dependencies automatically 2020-04-21 23:56:11 +04:00
Igor Chudov
34ed296546 Set GPOA loglevel to FATAL in gpupdate-setup 2020-04-21 23:41:25 +04:00
Evgeny Sinelnikov
8b63d294d3 gpupdate-setup: fix break symlink recreate during enable 2020-04-21 23:14:10 +04:00
Evgeny Sinelnikov
d38e937e22 gpupdate-setup: add support domain_controller local policy profile 2020-04-21 22:20:14 +04:00
Evgeny Sinelnikov
c70280a964 Get machine local Registry policy in Samba backup format 2020-04-21 22:20:14 +04:00
Igor Chudov
41e950172b Created directory for temporary testing files 2020-04-21 22:17:35 +04:00
Igor Chudov
25381e1a04 Updated specfile to install supplementary files from ./dist 2020-04-21 21:01:11 +04:00
Igor Chudov
f7233c539e Moved system-policy-gpupdate to ./dist 2020-04-21 20:58:49 +04:00
Igor Chudov
0b3c004d0b Moved gpupdate.service to ./dist 2020-04-21 20:58:20 +04:00
Igor Chudov
ac37d736cb Moved gpupdate-user.service to ./dist 2020-04-21 20:57:54 +04:00
Igor Chudov
91da6ff912 test.storage.test_preg_special_values - half-assed unit test for starred PReg value names 2020-04-21 20:47:21 +04:00
Igor Chudov
ae7d1ed0dc util.merge_polfile(): accept registry name and path to ease testing 2020-04-21 20:46:32 +04:00
Igor Chudov
ce0e3f1901 storage.registry_factory(): accept target registry directory 2020-04-21 20:45:51 +04:00
Igor Chudov
edfca0e31d storage.sqlite_registry: Accept target registry directory 2020-04-21 20:45:01 +04:00
Igor Chudov
77da991c6f storage.sqlite_registry: use record types from separate module 2020-04-21 20:42:43 +04:00
Igor Chudov
d61583e704 Storage testing module created 2020-04-21 20:41:23 +04:00
Igor Chudov
1d31f17bb3 Records from sqlite_registry moved into separate module to ease testing and adding storages 2020-04-21 20:40:33 +04:00
Igor Chudov
3276be53cc Testing data for storage added 2020-04-21 20:39:45 +04:00
Igor Chudov
442e7986d5 Skip branch deletion keys 2020-04-21 19:08:03 +04:00
Evgeny Sinelnikov
faa0265fd7 Merge pull request #44 from altlinux/gpupdate_setup_fix 
Correct systemctl run for global enable gpupdate-user.service
 2020-04-21 14:13:10 +04:00
Igor Chudov
0150e60f3d Correct systemctl call 2020-04-21 12:29:33 +04:00
Evgeny Sinelnikov
7572fa1ed7 0.4.5-alt1 
- Add support for control system-policy and requires to new pam-config
 2020-04-20 03:13:23 +04:00
Evgeny Sinelnikov
1fa9b67fb2 Correctly enable and disable system-policy for gpupdate 2020-04-20 03:13:10 +04:00
Evgeny Sinelnikov
0be9e4b317 0.4.4-alt1 
- Add gpupdate-setup initialization script supported local-policy profiles
 2020-04-19 12:45:42 +04:00
Evgeny Sinelnikov
c16312161f Merge pull request #41 from altlinux/gpsetup 
Ok, prepare to new prerelease.
 2020-04-16 20:49:40 +04:00
Evgeny Sinelnikov
ed9477c0fc gpupdate-setup: adjust get_active_policy() 2020-04-16 15:56:08 +04:00
Evgeny Sinelnikov
75485eeb62 gpupdate-setup: get default localpolicy from /etc/altlinux-release 2020-04-16 06:31:45 +04:00
Evgeny Sinelnikov
633637bee2 gpupdate-setup: add enable and disable actions 2020-04-16 06:29:41 +04:00
Evgeny Sinelnikov
7d46cd69e0 Add version requires to libnss-role and local-policy 2020-04-16 04:33:00 +04:00
Evgeny Sinelnikov
2901f54830 Replace os.system with checked call of subprocess 2020-04-16 04:16:30 +04:00
Evgeny Sinelnikov
8f349a96c7 gpupdate-setup: set status as default action 2020-04-16 04:15:13 +04:00
Igor Chudov
ebbdf7c033 Fixed symlink update functionality 2020-04-14 16:08:06 +04:00
Igor Chudov
4e8888086f Added check for /etc/local-policy path for gpupdate 2020-04-14 16:07:32 +04:00
Igor Chudov
2571e27235 gpsetup 2020-04-03 19:01:38 +04:00
Igor Chudov
207b7eb029 Minifix for testing policy existence 2020-03-27 15:50:09 +04:00
Igor Chudov
5668dae81e gpupdate-setup updated with interface for backend 2020-03-26 17:10:33 +04:00
Igor Chudov
ce9891802f gpupdate-setup installed in /usr/sbin 2020-03-23 16:14:25 +04:00
Igor Chudov
d0ff27c45c gpupdate-setup script added to atomize actions of Group Policy switch 2020-03-23 16:07:18 +04:00
Evgeny Sinelnikov
e66f1fd5a4 0.4.3-alt1 
- Fix polfile merging
- Add support controls with strings values
- Initial SIGINT signal handling
 2020-03-06 19:30:13 +04:00
Evgeny Sinelnikov
c383631fde Merge pull request #39 from altlinux/initial_signal_handling 
Initial signal handling tested.
 2020-03-06 19:05:43 +04:00
Evgeny Sinelnikov
b519249aff Merge pull request #38 from altlinux/controls_with_strings_testing 
Controls with strings testing tested.
 2020-03-06 19:05:14 +04:00
Igor Chudov
b52c14a66f Signal handlers for gpoa and gpupdate introduced 2020-03-06 18:57:31 +04:00
Igor Chudov
c205940b08 Signal handling function introduced 2020-03-06 18:57:04 +04:00
Igor Chudov
a4e2b3638d New exit code value introduced 2020-03-06 18:56:41 +04:00
Igor Chudov
34344d66d8 Unit test for out-of-range control 2020-03-06 18:43:23 +04:00
Igor Chudov
32d7546a5a Numerous Popen fixes in control applier 
This commit fixes errors caused by missed .wait() in Popen calls like:

```
/usr/lib64/python3.7/subprocess.py:858: ResourceWarning: subprocess 4955 is still running
  ResourceWarning, source=self)
ResourceWarning: Enable tracemalloc to get the object allocation traceback
/mnt/sda1/github.com/gpupdate/gpoa/frontend/appliers/control.py:30: ResourceWarning: unclosed file <_io.BufferedReader name=3>
  self.possible_values = self._query_control_values()
ResourceWarning: Enable tracemalloc to get the object allocation traceback
```
 2020-03-06 16:08:13 +04:00
Igor Chudov
d63740f5de Basic (non-unit) tests added for controls 2020-03-06 16:06:50 +04:00
Rustem Bapin
c4197da64f Control applier is not breaking in case input value is not in possible values 2020-03-05 19:43:40 +04:00
Igor Chudov
056554c35c Fix service state handling 
This commit fixes error on `gpupdate.service` unit start:

```
Unable to start systemd unit gpupdate.service
```

This error was caused by limited functionality on handling unit
states, especially for restartable units.
 2020-03-04 16:24:46 +04:00
Rustem Bapin
d9bd6f663b Control applier handle both number and string values 2020-03-03 21:16:11 +04:00
NIR
ae156bcb92 Merge pull request #34 from altlinux/dbus_exception_catch 
D-Bus exception catch
 2020-03-03 19:20:48 +04:00
Igor Chudov
71107f72f7 Catch DBusException in dbus_runner when reply is timed out 
When we try to start `oddjobd` via `D-Bus` using gpupdate we may
get the following traceback:

```
Traceback (most recent call last):
  File "/usr/bin/gpupdate", line 144, in <module>
    main()
  File "/usr/bin/gpupdate", line 139, in main
    gpo_appliers[1].run()
  File "/usr/lib/python3/site-packages/gpoa/util/dbus.py", line 48, in run
    result = self.interface.gpupdate()
  File "/usr/lib64/python3/site-packages/dbus/proxies.py", line 72, in __call__
    return self._proxy_method(*args, **keywords)
  File "/usr/lib64/python3/site-packages/dbus/proxies.py", line 147, in __call__
    **keywords)
  File "/usr/lib64/python3/site-packages/dbus/connection.py", line 653, in call_blocking
    message, timeout)
dbus.exceptions.DBusException: org.freedesktop.DBus.Error.NoReply: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.
```

This commit catches this traceback, re-raises the exception and
establishes contract for `gpupdate` utility exit codes on fatal errors.
 2020-03-03 19:18:56 +04:00
Igor Chudov
17411de005 Wiki submodule index bump 2020-03-03 17:22:19 +04:00
Igor Chudov
7ae1912455 gpupdate exit codes documented in manpage 2020-03-03 17:21:53 +04:00
Igor Chudov
7fbd1a3c40 gpt.gpt: Polfile merging quickfix 2020-03-03 17:20:50 +04:00
Igor Chudov
7b856f3d44 util.arguments.ExitCodeUpdater: Exit code contract for gpupdate utility 2020-03-03 17:18:34 +04:00
Igor Chudov
44b51fd05c .gitignore updated 2020-03-03 17:17:51 +04:00
Evgeny Sinelnikov
2778e2a043 0.4.2-alt1 
- Change service type to 'simple' because gpoa is not systemd-aware
- Shortcuts fixes and improvements
 2020-02-19 16:35:25 +04:00
Evgeny Sinelnikov
44f68020c5 Merge pull request #24 from altlinux/shortcuts_testing 
Shortcuts fixes and improvements
 2020-02-19 16:32:44 +04:00
Evgeny Sinelnikov
9ab8f41b77 Merge pull request #26 from altlinux/systemd_start_fixes 
Change service type to 'simple' because gpoa is not systemd-aware
 2020-02-19 16:31:33 +04:00
Igor Chudov
17467b5488 shortcut_applier: Don't try to operate on non-existent home directory for user 2020-02-19 16:09:15 +04:00
Igor Chudov
8c42f00f89 util.util: homedir_exists to check if home directory is created for user 2020-02-19 16:08:30 +04:00
Igor Chudov
a60a9d6b94 Fix for directory entry types in gpt.gpt 2020-02-19 15:23:54 +04:00
Igor Chudov
285fdae5e6 gpt.gpt: Find shortcuts and other directories without workarounds 2020-02-18 14:30:06 +04:00
Igor Chudov
be38594d07 gpt.shortcuts: Added functionality to store .desktop file type 2020-02-18 14:27:52 +04:00
Igor Chudov
fbc90b7e88 gpt.gpt: find_file improvement for cases when no root directory passed 2020-02-18 14:26:50 +04:00
Igor Chudov
a3172af037 gpt.gpt: find_dir for case-insensitive search for directory 2020-02-18 14:25:57 +04:00
Igor Chudov
6130973a09 ttype2str: function to transform TargetType object into string for JSON 2020-02-17 19:07:28 +04:00
Igor Chudov
5bcc38f80a Use RestartSec since gpupdate is not systemd-aware 2020-02-14 18:41:08 +04:00
Igor Chudov
d1cbba1834 Implement REAL unit test for shortcuts 2020-02-14 16:18:38 +04:00
Igor Chudov
33e7417811 Disable role module test 2020-02-14 16:16:53 +04:00
Igor Chudov
0c0caa4906 Fix for shortcut processor after unit-test 2020-02-14 16:16:53 +04:00
Igor Chudov
a384991be0 Test for shortcut of Type=Link added 2020-02-14 16:16:45 +04:00
Igor Chudov
38e70647f7 Unnecessary test removed 2020-02-14 16:16:13 +04:00
Igor Chudov
59ccecd457 Shortcuts fixes and improvements 
- It was found that shortcut files must be executable in order to
  work correctly
- Added some checks for URL links. This should allow to create
  links pointing to network shares.
 2020-02-14 16:16:07 +04:00
Igor Chudov
28da08eb24 Change service type to 'simple' because gpoa is not systemd-aware 2020-02-13 18:26:42 +04:00
Evgeny Sinelnikov
4c5aa6bc7f 0.4.1-alt1 
- Update license to GPLv3+
- Run gpudate as root without user argument for Computer target only
- Fix chromium applier
 2020-02-12 19:52:40 +04:00
NIR
88ef8359f7 Merge pull request #25 from altlinux/gpupdate_username_fix 
Fix for 'None' username dropping to runner_factory
 2020-02-12 18:20:49 +04:00
NIR
0a6d65790d Merge pull request #19 from altlinux/wiki_submodule 
GitHub wiki added as submodule
 2020-02-12 18:20:04 +04:00
Igor Chudov
24e32f5790 Fix for 'None' username dropping to runner_factory 2020-02-12 17:49:46 +04:00
Evgeny Sinelnikov
003848e0bf Merge pull request #18 from altlinux/license_upgrade_for_samba_deps 
License upgrade for samba deps
 2020-02-11 19:58:59 +04:00
Evgeny Sinelnikov
409a888e9f Merge pull request #14 from altlinux/chromium_fix 
Chromium fix
 2020-02-11 19:54:14 +04:00
Igor Chudov
f6c42c5f0b License updated in ALT specfile 2020-02-11 19:52:10 +04:00
Igor Chudov
0ac3b54b81 GitHub wiki added as submodule 2020-02-11 15:29:44 +04:00
Igor Chudov
9fff2e33d1 Source files licensing information changed 2020-02-11 15:23:09 +04:00
Igor Chudov
0c8846b538 Licensing information added to Jinja2 template 2020-02-11 15:13:55 +04:00
Igor Chudov
7ad0b4276e License added to manpages 2020-02-11 15:12:28 +04:00
Igor Chudov
57d62a04ca License changed to GPLv3+ in README.md 2020-02-11 15:11:48 +04:00
Igor Chudov
a631ea1c3e License file changed to contain GPLv3+ 
This change is needed because we use parts of Samba which is in turn
licensed as GPLv3+ project and is incompatible with GPLv2+ licensed
code.

This problem is reported by Alexander Bokovoy (ab at samba.org).
 2020-02-11 15:08:07 +04:00
NIR
eb9a801b32 Merge pull request #16 from altlinux/license_file 
License file
 2020-02-05 16:08:43 +04:00
NIR
32e112dcf1 Merge pull request #17 from altlinux/mailing_list 
Contributing information added
 2020-02-05 16:08:25 +04:00
Igor Chudov
327b46d4e0 Contributing information added 2020-02-05 15:57:34 +04:00
Igor Chudov
fa259d9db9 LICENSE.md added 2020-02-04 20:05:51 +04:00
Igor Chudov
9e397770c3 chromium_applier: Homepage retrieval fix (reported by ekorneechev@basealt.ru) 2020-01-30 15:40:04 +04:00
Igor Chudov
d0bf345554 chromium_applier: Changed HKLM key path in accordance with Chromium ADMX 2020-01-30 15:38:43 +04:00
Evgeny Sinelnikov
f74558819c 0.4.0-alt1 
- Update release with first pack of stabilization fixes
 2020-01-30 10:39:17 +04:00
Evgeny Sinelnikov
2e7d18db1d Merge pull request #13 from altlinux/gpoa_user_computer_at_once 
Update gpoa command logic with user or computer at once
 2020-01-30 10:35:38 +04:00
Evgeny Sinelnikov
60d4038586 Fix gpupdate run for user 2020-01-30 09:38:25 +04:00
Evgeny Sinelnikov
d4cf42a8e5 Update logic with no domain, run gpoa for computer and user separately 2020-01-30 09:05:07 +04:00
NIR
521125391b Merge pull request #12 from altlinux/firefox_applier_fix 
Fix for samba_preg access in firefox_applier
 2020-01-29 14:27:12 +04:00
Evgeny Sinelnikov
3eacf3848a Update gpoa command logic with user or computer at once 2020-01-28 21:06:48 +04:00
Igor Chudov
5fe8756c72 Fix for samba_preg access in firefox_applier 
Reported by ekorneechev@basealt.ru at 2020-01-28
 2020-01-28 18:23:47 +04:00
NIR
2b3f40718c Merge pull request #11 from altlinux/revert-7-systemd_applier_to_admx 
Revert "Workaround for key names in PReg value names"
 2020-01-27 17:02:16 +04:00
NIR
ca72aadbed Revert "Workaround for key names in PReg value names" 2020-01-27 17:01:49 +04:00
Evgeny Sinelnikov
2258d01b8d Merge pull request #10 from altlinux/nodomain_import_fix 
Import nodomain_backend for backend_factory()
 2020-01-27 16:57:17 +04:00
Evgeny Sinelnikov
4f5a14d9cc Merge pull request #9 from altlinux/adp_logging_fix 
Disable ADP plugin initialization logging
 2020-01-27 16:55:51 +04:00
Igor Chudov
4c1678fecd Import nodomain_backend for backend_factory() 2020-01-27 16:49:59 +04:00
Igor Chudov
3b691b3a7d Disable ADP plugin initialization logging 2020-01-27 16:46:44 +04:00
Evgeny Sinelnikov
b2b2b30fc2 Merge pull request #8 from altlinux/loglevel 
Set loglevel to ERROR instead of DEBUG
 2020-01-24 16:33:55 +04:00
Evgeny Sinelnikov
5aa6e480e7 Merge pull request #7 from altlinux/systemd_applier_to_admx 
Workaround for key names in PReg value names
 2020-01-24 16:33:04 +04:00
Evgeny Sinelnikov
fd0da307c0 Merge pull request #5 from altlinux/bootsrap 
Bootstrap methods
 2020-01-24 16:32:49 +04:00
Igor Chudov
49ab0e94c6 Set loglevel to ERROR instead of DEBUG 2020-01-24 16:17:55 +04:00
Igor Chudov
1ec32c5f0b Workaround for key names in PReg value names 
According to commit `601f432043be9c63b3675753c799aa4466753c66` in
`admx-basealt` there may be no dot symbols in PReg value names. This
commit adds workaround to transform '_' into '.' in systemd units'
names.

Please note that in the future systemd applier module might be
transformed to work with `Services.xml` file instead `Registry.pol` so
this clunky behavior won't be needed.
 2020-01-24 13:38:08 +04:00
Evgeny Sinelnikov
d3dcd18cbb Merge pull request #6 from altlinux/polkit_template_comparison_fix 
Fix for PolicyKit comparison mechanism
 2020-01-22 22:06:30 +04:00
Igor Chudov
555725be2d Fix for PolicyKit comparison mechanism 2020-01-22 20:16:30 +04:00
Igor Chudov
e6f61b4aed util.roles fixes introduced after unit test implementation 2020-01-22 19:00:24 +04:00
Igor Chudov
1ab46e76e3 Unit test for util.roles added 2020-01-22 18:59:46 +04:00
Igor Chudov
fbd08eaaec Role module disabled 2020-01-22 16:20:48 +04:00
Igor Chudov
414a27ed66 Fix for role directory name 2020-01-22 15:56:58 +04:00
Igor Chudov
8b24e8912e Run plugins before anything else 2020-01-22 15:56:57 +04:00
Igor Chudov
8daa3c644c Role plugin enabled 2020-01-22 15:56:57 +04:00
Igor Chudov
9201687a13 Role module plugin introduced 2020-01-22 15:56:57 +04:00
Igor Chudov
ae1c4cf2e0 plugin.plugin stub added 2020-01-22 15:56:57 +04:00
Igor Chudov
89137068f1 Added direct dependency on libnss-role 2020-01-22 15:56:57 +04:00
Igor Chudov
32915ba49a util.roles added in order to allow interaction with libnss-role 2020-01-22 15:56:57 +04:00
Igor Chudov
d2aacb4899 Work with --nodomain option 2020-01-22 15:56:56 +04:00
Igor Chudov
b0502a9681 Return nodomain backend in case there is no domain yet (for bootsrap) 2020-01-22 15:56:56 +04:00
Igor Chudov
5e89b28069 --nodomain flag behavior restored 2020-01-22 15:56:56 +04:00
NIR
915c561029 Merge pull request #2 from altlinux/unittests 
Basic unit tests
 2020-01-22 15:55:37 +04:00
NIR
06391402c8 Merge pull request #4 from altlinux/manpages 
Manpages expanded
 2020-01-22 15:55:03 +04:00
Igor Chudov
759d2df6cf Install gpupdate manpage 2020-01-22 15:54:44 +04:00
Igor Chudov
547c4d6efd gpupdate manpage description expanded and 'see also' section fixed 2020-01-22 15:53:44 +04:00
Igor Chudov
bfe338e44f manpages expanded 2020-01-20 17:43:17 +04:00
NIR
6aa3281160 Merge pull request #3 from VeritasVestas/linter_fixes 
Linter fixes
 2020-01-20 14:03:19 +04:00
Viktor Volkov
137a142b89 In util/arguments.py fixes: 
---------------------------
  Few Lines: expected 2 blank lines
  Line: 36 pylint: misplaced-comparison-constant / Comparison should be log_num < 0 (col 7)
  Line: 38 pylint: misplaced-comparison-constant / Comparison should be log_num > 5 (col 7)
  Line: 65 pylint: misplaced-comparison-constant / Comparison should be target_name == 'Computer' (col 7)
  Line: 68 pylint: misplaced-comparison-constant / Comparison should be target_name == 'User' (col 7)
 2020-01-17 18:19:01 +04:00
Viktor Volkov
86986e2f4d In util/dbus.py fixes: 
----------------------
  - Few Lines: expected 2 blank lines
  - Few Lines: line too long (102 > 99 characters) (col 100)
 2020-01-17 18:13:35 +04:00
Viktor Volkov
07169b412d In util/kerberos.py fixes: 
--------------------------
  - Few Lines: expected 2 blank lines
  - Line: 38
	pep8: E201 / whitespace after '[' (col 32)
	pep8: E202 / whitespace before ']' (col 46)
 2020-01-17 18:06:02 +04:00
Viktor Volkov
59646c8244 In util/logging.py fixes: 
-------------------------
  - Line: 19 pylint: unused-import / Unused import logging
  - Few Lines: expected 2 blank lines
  - Line: 44 pep8: E201 / whitespace after '{' (col 27)
             pep8: E202 / whitespace before '}' (col 74)
             pylint: bad-whitespace / No space allowed after bracket
 2020-01-17 18:01:43 +04:00
Viktor Volkov
3c2c9f1545 In util/paths.py fixes: 
----------------------
    - Few Line: expected 2 blank lines
 2020-01-17 17:58:30 +04:00
Viktor Volkov
12a11ef38d In util/preg.py fixes: 
----------------------
  - Line: 20 pylint: wrong-import-order / standard import "import logging" should be placed
                   before "from storage import registry_factory"

  - Line: 21 pylint: wrong-import-order / standard import "import os" should be placed
                   before "from storage import registry_factory"

             pylint: unused-import / Unused import os

  - Line: 23 pylint: unused-import / Unused get_dc_hostname imported from samba.gpclass

  - Line: 24 pylint: unused-import / Unused netcmd_get_domain_infos_via_cldap
                     imported from samba.netcmd.common

  - Line: 25 pylint: unused-import / Unused import samba.gpo

  - Line: 27 pylint: wrong-import-order / standard import "from xml.etree import ElementTree"
                     should be placed before "from storage import registry_factory"

  - Few Lines: expected 2 blank lines
 2020-01-17 17:52:38 +04:00
Viktor Volkov
7abe9d6468 In windows.py fixes: 
--------------------
  - singleton-comparison / Comparison to None should be 'expr is not None'

Int util/rpm.py fixes:
----------------------
  - Line: 19 pylint: wrong-import-order / standard import "import subprocess"
                                        should be placed before "import rpm"
  - Few Lines:  expected 2 blank lines
 2020-01-17 17:41:27 +04:00
Viktor Volkov
54d7f78f71 In users.py fixes: 
------------------
    - misplaced-comparison-constant
    - expected 2 blank lines
    - line too long
 2020-01-17 17:29:54 +04:00
Viktor Volkov
f09685ee72 util/util.py 
Line: 1
    pylint: missing-module-docstring / Missing module docstring
  Line: 18
    pylint: unused-import / Unused import logging
  Line: 23
    pep8: E302 / expected 2 blank lines, found 1 (col 1)
  Line: 29
    pep8: E302 / expected 2 blank lines, found 1 (col 1)
  Line: 35
    pep8: E302 / expected 2 blank lines, found 1 (col 1)
  Line: 45
    pep8: E302 / expected 2 blank lines, found 1 (col 1)
  Line: 51
    pep8: E302 / expected 2 blank lines, found 1 (col 1)

Other fixes:
------------
    In .pylintrc excluded problems:
		missing-module-docstring
 2020-01-17 17:21:27 +04:00
Viktor Volkov
c1cd77d114 Int util/windows.py fixes: 
--------------------------
  Line: 1  (pylint: missing-module-docstring / Missing module docstring)

  Line: 34  (pylint: missing-class-docstring / Missing class docstring)

  Lines: 43, 81, 106  (pylint: missing-function-docstring /
                       Missing function or method docstring)

  Lines: 56, 102, 112, 150, 173, 174 ( pep8: E501 / line too long)

  Lines: 34, 119, 137, 161, 182      ( pep8: E302 / expected 2 blank lines)

Other fixes:
------------
In .pylintrc exluded warnings:
        missing-function-docstring,
        missing-class-docstring
 2020-01-17 17:13:33 +04:00
Igor Chudov
1eb6c0e648 Removed cache_dir() invocations on storage instantiation 
This call (which ensures the directory will be created if missing)
may cause errors because it's called on module import, not on class
instantiation.

This prevents other functions from being properly unit-tested and
also makes debugging problematic.
 2020-01-17 15:36:01 +04:00
Igor Chudov
aa01e0bf17 Added gpt.shortcuts unit test 2020-01-17 15:22:34 +04:00
Igor Chudov
50b17ca5ff backend.samba_backend: Added direct imports of gpt.gpt module functions 2020-01-17 15:21:45 +04:00
Igor Chudov
875b0070fe Makefile to run tests added 2020-01-17 15:21:05 +04:00
Igor Chudov
2ba367205a Disabled imports in gpt module 2020-01-17 15:20:48 +04:00
Viktor Volkov
74bcb24cdf In util/xml.py fixes: 
---------------------
  Line: 1
    pylint: missing-module-docstring / Missing module docstring
  Line: 20
    pep8: E302 / expected 2 blank lines, found 1 (col 1)
 2020-01-17 15:15:50 +04:00
Viktor Volkov
335fb1e200 In util/xdg.py fixes: 
---------------------
  Line: 1
    pylint: missing-module-docstring / Missing module docstring
  Line: 18
    pylint: unused-import / Unused import subprocess
  Line: 24
    pep8: E302 / expected 2 blank lines, found 1 (col 1)
 2020-01-17 15:11:49 +04:00
Viktor Volkov
c7c43c871c Added suppression for trailing newlines check 2020-01-17 14:37:19 +04:00
Igor Chudov
bee6541061 Disabled sid_cache cache 2020-01-16 18:49:27 +04:00
Igor Chudov
1b2328d9e2 Testing data moved to test/gpt/data directory 2020-01-16 18:44:46 +04:00
108 changed files with 2800 additions and 539 deletions
Expand all files Collapse all files

3
.gitignore vendored
View File

@@ -1,2 +1,5 @@
__pycache__
*~
_opam
_build

3
.gitmodules vendored Normal file
View File

@@ -0,0 +1,3 @@
[submodule "wiki"]
path = wiki
url = https://github.com/altlinux/gpupdate.wiki.git

596
LICENSE.md Normal file
View File

@@ -0,0 +1,596 @@
GNU General Public License
==========================
_Version 3, 29 June 2007_
_Copyright © 2007 Free Software Foundation, Inc. &lt;<http://fsf.org/>&gt;_
Everyone is permitted to copy and distribute verbatim copies of this license
document, but changing it is not allowed.
## Preamble
The GNU General Public License is a free, copyleft license for software and other
kinds of works.
The licenses for most software and other practical works are designed to take away
your freedom to share and change the works. By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change all versions of a
program--to make sure it remains free software for all its users. We, the Free
Software Foundation, use the GNU General Public License for most of our software; it
applies also to any other work released this way by its authors. You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not price. Our General
Public Licenses are designed to make sure that you have the freedom to distribute
copies of free software (and charge for them if you wish), that you receive source
code or can get it if you want it, that you can change the software or use pieces of
it in new free programs, and that you know you can do these things.
To protect your rights, we need to prevent others from denying you these rights or
asking you to surrender the rights. Therefore, you have certain responsibilities if
you distribute copies of the software, or if you modify it: responsibilities to
respect the freedom of others.
For example, if you distribute copies of such a program, whether gratis or for a fee,
you must pass on to the recipients the same freedoms that you received. You must make
sure that they, too, receive or can get the source code. And you must show them these
terms so they know their rights.
Developers that use the GNU GPL protect your rights with two steps: **(1)** assert
copyright on the software, and **(2)** offer you this License giving you legal permission
to copy, distribute and/or modify it.
For the developers' and authors' protection, the GPL clearly explains that there is
no warranty for this free software. For both users' and authors' sake, the GPL
requires that modified versions be marked as changed, so that their problems will not
be attributed erroneously to authors of previous versions.
Some devices are designed to deny users access to install or run modified versions of
the software inside them, although the manufacturer can do so. This is fundamentally
incompatible with the aim of protecting users' freedom to change the software. The
systematic pattern of such abuse occurs in the area of products for individuals to
use, which is precisely where it is most unacceptable. Therefore, we have designed
this version of the GPL to prohibit the practice for those products. If such problems
arise substantially in other domains, we stand ready to extend this provision to
those domains in future versions of the GPL, as needed to protect the freedom of
users.
Finally, every program is threatened constantly by software patents. States should
not allow patents to restrict development and use of software on general-purpose
computers, but in those that do, we wish to avoid the special danger that patents
applied to a free program could make it effectively proprietary. To prevent this, the
GPL assures that patents cannot be used to render the program non-free.
The precise terms and conditions for copying, distribution and modification follow.
## TERMS AND CONDITIONS
### 0. Definitions
“This License” refers to version 3 of the GNU General Public License.
“Copyright” also means copyright-like laws that apply to other kinds of
works, such as semiconductor masks.
“The Program” refers to any copyrightable work licensed under this
License. Each licensee is addressed as “you”. “Licensees” and
“recipients” may be individuals or organizations.
To “modify” a work means to copy from or adapt all or part of the work in
a fashion requiring copyright permission, other than the making of an exact copy. The
resulting work is called a “modified version” of the earlier work or a
work “based on” the earlier work.
A “covered work” means either the unmodified Program or a work based on
the Program.
To “propagate” a work means to do anything with it that, without
permission, would make you directly or secondarily liable for infringement under
applicable copyright law, except executing it on a computer or modifying a private
copy. Propagation includes copying, distribution (with or without modification),
making available to the public, and in some countries other activities as well.
To “convey” a work means any kind of propagation that enables other
parties to make or receive copies. Mere interaction with a user through a computer
network, with no transfer of a copy, is not conveying.
An interactive user interface displays “Appropriate Legal Notices” to the
extent that it includes a convenient and prominently visible feature that **(1)**
displays an appropriate copyright notice, and **(2)** tells the user that there is no
warranty for the work (except to the extent that warranties are provided), that
licensees may convey the work under this License, and how to view a copy of this
License. If the interface presents a list of user commands or options, such as a
menu, a prominent item in the list meets this criterion.
### 1. Source Code
The “source code” for a work means the preferred form of the work for
making modifications to it. “Object code” means any non-source form of a
work.
A “Standard Interface” means an interface that either is an official
standard defined by a recognized standards body, or, in the case of interfaces
specified for a particular programming language, one that is widely used among
developers working in that language.
The “System Libraries” of an executable work include anything, other than
the work as a whole, that **(a)** is included in the normal form of packaging a Major
Component, but which is not part of that Major Component, and **(b)** serves only to
enable use of the work with that Major Component, or to implement a Standard
Interface for which an implementation is available to the public in source code form.
A “Major Component”, in this context, means a major essential component
(kernel, window system, and so on) of the specific operating system (if any) on which
the executable work runs, or a compiler used to produce the work, or an object code
interpreter used to run it.
The “Corresponding Source” for a work in object code form means all the
source code needed to generate, install, and (for an executable work) run the object
code and to modify the work, including scripts to control those activities. However,
it does not include the work's System Libraries, or general-purpose tools or
generally available free programs which are used unmodified in performing those
activities but which are not part of the work. For example, Corresponding Source
includes interface definition files associated with source files for the work, and
the source code for shared libraries and dynamically linked subprograms that the work
is specifically designed to require, such as by intimate data communication or
control flow between those subprograms and other parts of the work.
The Corresponding Source need not include anything that users can regenerate
automatically from other parts of the Corresponding Source.
The Corresponding Source for a work in source code form is that same work.
### 2. Basic Permissions
All rights granted under this License are granted for the term of copyright on the
Program, and are irrevocable provided the stated conditions are met. This License
explicitly affirms your unlimited permission to run the unmodified Program. The
output from running a covered work is covered by this License only if the output,
given its content, constitutes a covered work. This License acknowledges your rights
of fair use or other equivalent, as provided by copyright law.
You may make, run and propagate covered works that you do not convey, without
conditions so long as your license otherwise remains in force. You may convey covered
works to others for the sole purpose of having them make modifications exclusively
for you, or provide you with facilities for running those works, provided that you
comply with the terms of this License in conveying all material for which you do not
control copyright. Those thus making or running the covered works for you must do so
exclusively on your behalf, under your direction and control, on terms that prohibit
them from making any copies of your copyrighted material outside their relationship
with you.
Conveying under any other circumstances is permitted solely under the conditions
stated below. Sublicensing is not allowed; section 10 makes it unnecessary.
### 3. Protecting Users' Legal Rights From Anti-Circumvention Law
No covered work shall be deemed part of an effective technological measure under any
applicable law fulfilling obligations under article 11 of the WIPO copyright treaty
adopted on 20 December 1996, or similar laws prohibiting or restricting circumvention
of such measures.
When you convey a covered work, you waive any legal power to forbid circumvention of
technological measures to the extent such circumvention is effected by exercising
rights under this License with respect to the covered work, and you disclaim any
intention to limit operation or modification of the work as a means of enforcing,
against the work's users, your or third parties' legal rights to forbid circumvention
of technological measures.
### 4. Conveying Verbatim Copies
You may convey verbatim copies of the Program's source code as you receive it, in any
medium, provided that you conspicuously and appropriately publish on each copy an
appropriate copyright notice; keep intact all notices stating that this License and
any non-permissive terms added in accord with section 7 apply to the code; keep
intact all notices of the absence of any warranty; and give all recipients a copy of
this License along with the Program.
You may charge any price or no price for each copy that you convey, and you may offer
support or warranty protection for a fee.
### 5. Conveying Modified Source Versions
You may convey a work based on the Program, or the modifications to produce it from
the Program, in the form of source code under the terms of section 4, provided that
you also meet all of these conditions:
* **a)** The work must carry prominent notices stating that you modified it, and giving a
relevant date.
* **b)** The work must carry prominent notices stating that it is released under this
License and any conditions added under section 7. This requirement modifies the
requirement in section 4 to “keep intact all notices”.
* **c)** You must license the entire work, as a whole, under this License to anyone who
comes into possession of a copy. This License will therefore apply, along with any
applicable section 7 additional terms, to the whole of the work, and all its parts,
regardless of how they are packaged. This License gives no permission to license the
work in any other way, but it does not invalidate such permission if you have
separately received it.
* **d)** If the work has interactive user interfaces, each must display Appropriate Legal
Notices; however, if the Program has interactive interfaces that do not display
Appropriate Legal Notices, your work need not make them do so.
A compilation of a covered work with other separate and independent works, which are
not by their nature extensions of the covered work, and which are not combined with
it such as to form a larger program, in or on a volume of a storage or distribution
medium, is called an “aggregate” if the compilation and its resulting
copyright are not used to limit the access or legal rights of the compilation's users
beyond what the individual works permit. Inclusion of a covered work in an aggregate
does not cause this License to apply to the other parts of the aggregate.
### 6. Conveying Non-Source Forms
You may convey a covered work in object code form under the terms of sections 4 and
5, provided that you also convey the machine-readable Corresponding Source under the
terms of this License, in one of these ways:
* **a)** Convey the object code in, or embodied in, a physical product (including a
physical distribution medium), accompanied by the Corresponding Source fixed on a
durable physical medium customarily used for software interchange.
* **b)** Convey the object code in, or embodied in, a physical product (including a
physical distribution medium), accompanied by a written offer, valid for at least
three years and valid for as long as you offer spare parts or customer support for
that product model, to give anyone who possesses the object code either **(1)** a copy of
the Corresponding Source for all the software in the product that is covered by this
License, on a durable physical medium customarily used for software interchange, for
a price no more than your reasonable cost of physically performing this conveying of
source, or **(2)** access to copy the Corresponding Source from a network server at no
charge.
* **c)** Convey individual copies of the object code with a copy of the written offer to
provide the Corresponding Source. This alternative is allowed only occasionally and
noncommercially, and only if you received the object code with such an offer, in
accord with subsection 6b.
* **d)** Convey the object code by offering access from a designated place (gratis or for
a charge), and offer equivalent access to the Corresponding Source in the same way
through the same place at no further charge. You need not require recipients to copy
the Corresponding Source along with the object code. If the place to copy the object
code is a network server, the Corresponding Source may be on a different server
(operated by you or a third party) that supports equivalent copying facilities,
provided you maintain clear directions next to the object code saying where to find
the Corresponding Source. Regardless of what server hosts the Corresponding Source,
you remain obligated to ensure that it is available for as long as needed to satisfy
these requirements.
* **e)** Convey the object code using peer-to-peer transmission, provided you inform
other peers where the object code and Corresponding Source of the work are being
offered to the general public at no charge under subsection 6d.
A separable portion of the object code, whose source code is excluded from the
Corresponding Source as a System Library, need not be included in conveying the
object code work.
A “User Product” is either **(1)** a “consumer product”, which
means any tangible personal property which is normally used for personal, family, or
household purposes, or **(2)** anything designed or sold for incorporation into a
dwelling. In determining whether a product is a consumer product, doubtful cases
shall be resolved in favor of coverage. For a particular product received by a
particular user, “normally used” refers to a typical or common use of
that class of product, regardless of the status of the particular user or of the way
in which the particular user actually uses, or expects or is expected to use, the
product. A product is a consumer product regardless of whether the product has
substantial commercial, industrial or non-consumer uses, unless such uses represent
the only significant mode of use of the product.
“Installation Information” for a User Product means any methods,
procedures, authorization keys, or other information required to install and execute
modified versions of a covered work in that User Product from a modified version of
its Corresponding Source. The information must suffice to ensure that the continued
functioning of the modified object code is in no case prevented or interfered with
solely because modification has been made.
If you convey an object code work under this section in, or with, or specifically for
use in, a User Product, and the conveying occurs as part of a transaction in which
the right of possession and use of the User Product is transferred to the recipient
in perpetuity or for a fixed term (regardless of how the transaction is
characterized), the Corresponding Source conveyed under this section must be
accompanied by the Installation Information. But this requirement does not apply if
neither you nor any third party retains the ability to install modified object code
on the User Product (for example, the work has been installed in ROM).
The requirement to provide Installation Information does not include a requirement to
continue to provide support service, warranty, or updates for a work that has been
modified or installed by the recipient, or for the User Product in which it has been
modified or installed. Access to a network may be denied when the modification itself
materially and adversely affects the operation of the network or violates the rules
and protocols for communication across the network.
Corresponding Source conveyed, and Installation Information provided, in accord with
this section must be in a format that is publicly documented (and with an
implementation available to the public in source code form), and must require no
special password or key for unpacking, reading or copying.
### 7. Additional Terms
“Additional permissions” are terms that supplement the terms of this
License by making exceptions from one or more of its conditions. Additional
permissions that are applicable to the entire Program shall be treated as though they
were included in this License, to the extent that they are valid under applicable
law. If additional permissions apply only to part of the Program, that part may be
used separately under those permissions, but the entire Program remains governed by
this License without regard to the additional permissions.
When you convey a copy of a covered work, you may at your option remove any
additional permissions from that copy, or from any part of it. (Additional
permissions may be written to require their own removal in certain cases when you
modify the work.) You may place additional permissions on material, added by you to a
covered work, for which you have or can give appropriate copyright permission.
Notwithstanding any other provision of this License, for material you add to a
covered work, you may (if authorized by the copyright holders of that material)
supplement the terms of this License with terms:
* **a)** Disclaiming warranty or limiting liability differently from the terms of
sections 15 and 16 of this License; or
* **b)** Requiring preservation of specified reasonable legal notices or author
attributions in that material or in the Appropriate Legal Notices displayed by works
containing it; or
* **c)** Prohibiting misrepresentation of the origin of that material, or requiring that
modified versions of such material be marked in reasonable ways as different from the
original version; or
* **d)** Limiting the use for publicity purposes of names of licensors or authors of the
material; or
* **e)** Declining to grant rights under trademark law for use of some trade names,
trademarks, or service marks; or
* **f)** Requiring indemnification of licensors and authors of that material by anyone
who conveys the material (or modified versions of it) with contractual assumptions of
liability to the recipient, for any liability that these contractual assumptions
directly impose on those licensors and authors.
All other non-permissive additional terms are considered “further
restrictions” within the meaning of section 10. If the Program as you received
it, or any part of it, contains a notice stating that it is governed by this License
along with a term that is a further restriction, you may remove that term. If a
license document contains a further restriction but permits relicensing or conveying
under this License, you may add to a covered work material governed by the terms of
that license document, provided that the further restriction does not survive such
relicensing or conveying.
If you add terms to a covered work in accord with this section, you must place, in
the relevant source files, a statement of the additional terms that apply to those
files, or a notice indicating where to find the applicable terms.
Additional terms, permissive or non-permissive, may be stated in the form of a
separately written license, or stated as exceptions; the above requirements apply
either way.
### 8. Termination
You may not propagate or modify a covered work except as expressly provided under
this License. Any attempt otherwise to propagate or modify it is void, and will
automatically terminate your rights under this License (including any patent licenses
granted under the third paragraph of section 11).
However, if you cease all violation of this License, then your license from a
particular copyright holder is reinstated **(a)** provisionally, unless and until the
copyright holder explicitly and finally terminates your license, and **(b)** permanently,
if the copyright holder fails to notify you of the violation by some reasonable means
prior to 60 days after the cessation.
Moreover, your license from a particular copyright holder is reinstated permanently
if the copyright holder notifies you of the violation by some reasonable means, this
is the first time you have received notice of violation of this License (for any
work) from that copyright holder, and you cure the violation prior to 30 days after
your receipt of the notice.
Termination of your rights under this section does not terminate the licenses of
parties who have received copies or rights from you under this License. If your
rights have been terminated and not permanently reinstated, you do not qualify to
receive new licenses for the same material under section 10.
### 9. Acceptance Not Required for Having Copies
You are not required to accept this License in order to receive or run a copy of the
Program. Ancillary propagation of a covered work occurring solely as a consequence of
using peer-to-peer transmission to receive a copy likewise does not require
acceptance. However, nothing other than this License grants you permission to
propagate or modify any covered work. These actions infringe copyright if you do not
accept this License. Therefore, by modifying or propagating a covered work, you
indicate your acceptance of this License to do so.
### 10. Automatic Licensing of Downstream Recipients
Each time you convey a covered work, the recipient automatically receives a license
from the original licensors, to run, modify and propagate that work, subject to this
License. You are not responsible for enforcing compliance by third parties with this
License.
An “entity transaction” is a transaction transferring control of an
organization, or substantially all assets of one, or subdividing an organization, or
merging organizations. If propagation of a covered work results from an entity
transaction, each party to that transaction who receives a copy of the work also
receives whatever licenses to the work the party's predecessor in interest had or
could give under the previous paragraph, plus a right to possession of the
Corresponding Source of the work from the predecessor in interest, if the predecessor
has it or can get it with reasonable efforts.
You may not impose any further restrictions on the exercise of the rights granted or
affirmed under this License. For example, you may not impose a license fee, royalty,
or other charge for exercise of rights granted under this License, and you may not
initiate litigation (including a cross-claim or counterclaim in a lawsuit) alleging
that any patent claim is infringed by making, using, selling, offering for sale, or
importing the Program or any portion of it.
### 11. Patents
A “contributor” is a copyright holder who authorizes use under this
License of the Program or a work on which the Program is based. The work thus
licensed is called the contributor's “contributor version”.
A contributor's “essential patent claims” are all patent claims owned or
controlled by the contributor, whether already acquired or hereafter acquired, that
would be infringed by some manner, permitted by this License, of making, using, or
selling its contributor version, but do not include claims that would be infringed
only as a consequence of further modification of the contributor version. For
purposes of this definition, “control” includes the right to grant patent
sublicenses in a manner consistent with the requirements of this License.
Each contributor grants you a non-exclusive, worldwide, royalty-free patent license
under the contributor's essential patent claims, to make, use, sell, offer for sale,
import and otherwise run, modify and propagate the contents of its contributor
version.
In the following three paragraphs, a “patent license” is any express
agreement or commitment, however denominated, not to enforce a patent (such as an
express permission to practice a patent or covenant not to sue for patent
infringement). To “grant” such a patent license to a party means to make
such an agreement or commitment not to enforce a patent against the party.
If you convey a covered work, knowingly relying on a patent license, and the
Corresponding Source of the work is not available for anyone to copy, free of charge
and under the terms of this License, through a publicly available network server or
other readily accessible means, then you must either **(1)** cause the Corresponding
Source to be so available, or **(2)** arrange to deprive yourself of the benefit of the
patent license for this particular work, or **(3)** arrange, in a manner consistent with
the requirements of this License, to extend the patent license to downstream
recipients. “Knowingly relying” means you have actual knowledge that, but
for the patent license, your conveying the covered work in a country, or your
recipient's use of the covered work in a country, would infringe one or more
identifiable patents in that country that you have reason to believe are valid.
If, pursuant to or in connection with a single transaction or arrangement, you
convey, or propagate by procuring conveyance of, a covered work, and grant a patent
license to some of the parties receiving the covered work authorizing them to use,
propagate, modify or convey a specific copy of the covered work, then the patent
license you grant is automatically extended to all recipients of the covered work and
works based on it.
A patent license is “discriminatory” if it does not include within the
scope of its coverage, prohibits the exercise of, or is conditioned on the
non-exercise of one or more of the rights that are specifically granted under this
License. You may not convey a covered work if you are a party to an arrangement with
a third party that is in the business of distributing software, under which you make
payment to the third party based on the extent of your activity of conveying the
work, and under which the third party grants, to any of the parties who would receive
the covered work from you, a discriminatory patent license **(a)** in connection with
copies of the covered work conveyed by you (or copies made from those copies), or **(b)**
primarily for and in connection with specific products or compilations that contain
the covered work, unless you entered into that arrangement, or that patent license
was granted, prior to 28 March 2007.
Nothing in this License shall be construed as excluding or limiting any implied
license or other defenses to infringement that may otherwise be available to you
under applicable patent law.
### 12. No Surrender of Others' Freedom
If conditions are imposed on you (whether by court order, agreement or otherwise)
that contradict the conditions of this License, they do not excuse you from the
conditions of this License. If you cannot convey a covered work so as to satisfy
simultaneously your obligations under this License and any other pertinent
obligations, then as a consequence you may not convey it at all. For example, if you
agree to terms that obligate you to collect a royalty for further conveying from
those to whom you convey the Program, the only way you could satisfy both those terms
and this License would be to refrain entirely from conveying the Program.
### 13. Use with the GNU Affero General Public License
Notwithstanding any other provision of this License, you have permission to link or
combine any covered work with a work licensed under version 3 of the GNU Affero
General Public License into a single combined work, and to convey the resulting work.
The terms of this License will continue to apply to the part which is the covered
work, but the special requirements of the GNU Affero General Public License, section
13, concerning interaction through a network will apply to the combination as such.
### 14. Revised Versions of this License
The Free Software Foundation may publish revised and/or new versions of the GNU
General Public License from time to time. Such new versions will be similar in spirit
to the present version, but may differ in detail to address new problems or concerns.
Each version is given a distinguishing version number. If the Program specifies that
a certain numbered version of the GNU General Public License “or any later
version” applies to it, you have the option of following the terms and
conditions either of that numbered version or of any later version published by the
Free Software Foundation. If the Program does not specify a version number of the GNU
General Public License, you may choose any version ever published by the Free
Software Foundation.
If the Program specifies that a proxy can decide which future versions of the GNU
General Public License can be used, that proxy's public statement of acceptance of a
version permanently authorizes you to choose that version for the Program.
Later license versions may give you additional or different permissions. However, no
additional obligations are imposed on any author or copyright holder as a result of
your choosing to follow a later version.
### 15. Disclaimer of Warranty
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.
EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER
EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE
QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE
DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
### 16. Limitation of Liability
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY
COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS THE PROGRAM AS
PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL,
INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE
PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE
OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE
WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
### 17. Interpretation of Sections 15 and 16
If the disclaimer of warranty and limitation of liability provided above cannot be
given local legal effect according to their terms, reviewing courts shall apply local
law that most closely approximates an absolute waiver of all civil liability in
connection with the Program, unless a warranty or assumption of liability accompanies
a copy of the Program in return for a fee.
_END OF TERMS AND CONDITIONS_
## How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest possible use to
the public, the best way to achieve this is to make it free software which everyone
can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest to attach them
to the start of each source file to most effectively state the exclusion of warranty;
and each file should have at least the “copyright” line and a pointer to
where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
Also add information on how to contact you by electronic and paper mail.
If the program does terminal interaction, make it output a short notice like this
when it starts in an interactive mode:
<program> Copyright (C) <year> <name of author>
This program comes with ABSOLUTELY NO WARRANTY; for details type 'show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type 'show c' for details.
The hypothetical commands `show w` and `show c` should show the appropriate parts of
the General Public License. Of course, your program's commands might be different;
for a GUI interface, you would use an “about box”.
You should also get your employer (if you work as a programmer) or school, if any, to
sign a “copyright disclaimer” for the program, if necessary. For more
information on this, and how to apply and follow the GNU GPL, see
&lt;<http://www.gnu.org/licenses/>&gt;.
The GNU General Public License does not permit incorporating your program into
proprietary programs. If your program is a subroutine library, you may consider it
more useful to permit linking proprietary applications with the library. If this is
what you want to do, use the GNU Lesser General Public License instead of this
License. But first, please read
&lt;<http://www.gnu.org/philosophy/why-not-lgpl.html>&gt;.

21
README.md
View File

@@ -4,6 +4,7 @@
* [Introduction](#introduction)
* [Development](#development)
* [Contributing](#contributing)
* [License](#license)
* * *
@@ -28,13 +29,24 @@ And then you may install prospector like:
# pip install prospector[with_pyroma]
```
## Contributing
The main communication channel for GPOA is
[Samba@ALT Linux mailing lists](https://lists.altlinux.org/mailman/listinfo/samba).
The mailing list is in Russian but you may also send e-mail in English
or German.
## License
GPOA - GPO Applier for Linux
Copyright (C) 2019-2020 BaseALT Ltd.
This program is free software; you can redistribute it and/or modify
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
@@ -42,7 +54,6 @@ but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.

228
dist/gpupdate-setup vendored Executable file
View File

@@ -0,0 +1,228 @@
#! /usr/bin/env python3
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import os
import sys
import argparse
import subprocess
import re
from gpoa.util.samba import smbopts
def command(args):
try:
subprocess.check_call(args.split())
except:
print ('command: \'%s\' error' % args)
def from_command(args):
try:
with subprocess.Popen(args.split(), stdout=subprocess.PIPE) as proc:
value = proc.stdout.readline().decode('utf-8')
proc.wait()
except:
print ('from_command: \'%s\' error' % args)
return 'local'
return value.strip()
def get_default_policy_name():
localpolicy = 'workstation'
dcpolicy = 'ad-domain-controller'
try:
if smbopt.get_server_role() == 'active directory domain controller':
return dcpolicy
except:
pass
try:
release = '/etc/altlinux-release'
if os.path.isfile(release):
f = open(release)
s = f.readline()
if re.search('server', s, re.I):
localpolicy = 'server'
except:
pass
return localpolicy
def parse_arguments():
'''
Parse CLI arguments.
'''
parser = argparse.ArgumentParser(prog='gpupdate-setup')
subparsers = parser.add_subparsers(dest='action',
metavar='action',
help='Group Policy management actions (default action is status)')
parser_list = subparsers.add_parser('list',
help='List avalable types of local policy')
parser_status = subparsers.add_parser('status',
help='Show current Group Policy status')
parser_enable = subparsers.add_parser('enable',
help='Enable Group Policy subsystem')
parser_disable = subparsers.add_parser('disable',
help='Disable Group Policy subsystem')
parser_write = subparsers.add_parser('write',
help='Operate on Group Policies (enable or disable)')
parser_active = subparsers.add_parser('active-policy',
help='Show name of policy enabled')
parser_write.add_argument('status',
choices=['enable', 'disable'],
help='Enable or disable Group Policies')
parser_write.add_argument('localpolicy',
default=None,
nargs='?',
help='Name of local policy to enable')
parser_enable.add_argument('localpolicy',
default=None,
nargs='?',
help='Name of local policy to enable')
return parser.parse_args()
def get_policy_entries(directory):
filtered_entries = list()
if os.path.isdir(directory):
entries = [os.path.join(directory, entry) for entry in os.listdir(directory)]
for entry in entries:
if os.path.isdir(os.path.join(entry)):
if not os.path.islink(os.path.join(entry)):
if not entry.rpartition('/')[2] == 'default':
filtered_entries.append(entry)
return filtered_entries
def get_policy_variants():
'''
Get the list of local policy variants deployed on this system.
Please note that is case overlapping names the names in
/etc/local-policy must override names in /usr/share/local-policy
'''
policy_dir = '/usr/share/local-policy'
etc_policy_dir = '/etc/local-policy'
system_policies = get_policy_entries(policy_dir)
user_policies = get_policy_entries(etc_policy_dir)
general_listing = list()
general_listing.extend(system_policies)
general_listing.extend(user_policies)
return general_listing
def validate_policy_name(policy_name):
return policy_name in [os.path.basename(d) for d in get_policy_variants()]
def get_status():
systemd_unit_link = '/etc/systemd/system/multi-user.target.wants/gpupdate.service'
return os.path.islink(systemd_unit_link)
def get_active_policy():
policy_dir = '/usr/share/local-policy'
etc_policy_dir = '/etc/local-policy'
default_policy_name = os.path.join(policy_dir, get_default_policy_name())
active_policy_name = os.path.join(etc_policy_dir, 'active')
actual_policy_name = os.path.realpath(default_policy_name)
if os.path.isdir(active_policy_name):
actual_policy_name = os.path.realpath(active_policy_name)
return actual_policy_name
def disable_gp():
if from_command('/usr/sbin/control system-auth') != 'local':
command('/usr/sbin/control system-policy global')
else:
command('/usr/sbin/control system-policy local')
command('systemctl disable gpupdate.service')
command('systemctl --global disable gpupdate-user.service')
def enable_gp(policy_name):
policy_dir = '/usr/share/local-policy'
etc_policy_dir = '/etc/local-policy'
target_policy_name = get_default_policy_name()
if policy_name:
if validate_policy_name(policy_name):
target_policy_name = policy_name
print (target_policy_name)
default_policy_name = os.path.join(policy_dir, target_policy_name)
active_policy_name = os.path.join(etc_policy_dir, 'active')
if not os.path.isdir(etc_policy_dir):
os.makedirs(etc_policy_dir)
if not os.path.islink(active_policy_name):
os.symlink(default_policy_name, active_policy_name)
else:
os.unlink(active_policy_name)
os.symlink(default_policy_name, active_policy_name)
# Enable oddjobd_gpupdate in PAM config
command('/usr/sbin/control system-policy gpupdate')
# Bootstrap the Group Policy engine
command('/usr/sbin/gpoa --nodomain --loglevel 5')
# Enable gpupdate-setup.service for all users
command('systemctl --global enable gpupdate-user.service')
def main():
arguments = parse_arguments()
if arguments.action == 'list':
for entry in get_policy_variants():
print(entry.rpartition('/')[2])
if arguments.action == 'status' or arguments.action == None:
if get_status():
print('enabled')
else:
print('disabled')
if arguments.action == 'write':
if arguments.status == 'enable' or arguments.status == '#t':
enable_gp(arguments.localpolicy)
if arguments.status == 'disable' or arguments.status == '#f':
disable_gp()
if arguments.action == "enable":
enable_gp(arguments.localpolicy)
if arguments.action == "disable":
disable_gp()
if arguments.action == 'active-policy':
print(get_active_policy())
if __name__ == '__main__':
main()

4
gpupdate-user.service → dist/gpupdate-user.service vendored
View File

@@ -5,8 +5,8 @@ Description=gpupdate in userspace
# gpupdate on Windows runs once per hour
[Service]
Environment="PATH=/bin:/sbin:/usr/bin:/usr/sbin"
Type=notify
WatchdogSec=3600
Type=simple
RestartSec=3600
TimeoutSec=3000
Restart=always
ExecStart=/usr/sbin/gpoa

4
gpupdate.service → dist/gpupdate.service vendored
View File

@@ -4,8 +4,8 @@ After=sssd.service
[Service]
Environment="PATH=/bin:/sbin:/usr/bin:/usr/sbin"
Type=notify
WatchdogSec=3600
Type=simple
RestartSec=3600
TimeoutSec=3000
Restart=always
ExecStart=/usr/bin/gpupdate

0
system-policy-gpupdate → dist/system-policy-gpupdate vendored
View File

40
doc/gpoa.1
View File

@@ -1,4 +1,20 @@
.TH GPUPDATE 1
.\" GPOA - GPO Applier for Linux
.\"
.\" Copyright (C) 2019-2020 BaseALT Ltd.
.\"
.\" This program is free software: you can redistribute it and/or modify
.\" it under the terms of the GNU General Public License as published by
.\" the Free Software Foundation, either version 3 of the License, or
.\" (at your option) any later version.
.\"
.\" This program is distributed in the hope that it will be useful,
.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
.\" GNU General Public License for more details.
.\"
.\" You should have received a copy of the GNU General Public License
.\" along with this program. If not, see <http://www.gnu.org/licenses/>.
.TH GPOA 1
.
.SH NAME
gpoa \- utility to update and apply group policy settings
@@ -13,21 +29,37 @@ them into UNIX system settings.
.SS Options
.TP
\fB-h\fP
Show help.
.TP
\fB--dc \fIDC\fP
.TP
\fB--nodomain\fP
Specify domain controller hostname FQDN to replicate GPTs from. May be
useful in case of default DC problems.
.TP
\fB--target \fITARGET\fP
.TP
\fB--noupdate\fP
Don't update settings.
.TP
\fB--noplugins\fP
Don't run plugins.
.TP
\fB--loglevel \fILOGLEVEL\fP
Set logging verbosity from 0 to 5.
.
.SH FILES
\fB/usr/sbin/gpoa\fR utility uses \fB/usr/share/local-policy/default\fR
directory as a source for settings of "Local Policy" to set some
behavioral defaults for machine in AD domain.
.
All data is located in \fB/var/cache/gpupdate\fR. Also domain GPTs are
taken from Samba's \fB/var/cache/samba\fR.
.
The settings read from Samba are stored in
\fB/var/cache/gpupdate/registry.sqlite\fR and "Local Policy" settings
read from \fB/usr/local/share/local-policy/default\fR are converted
into GPT and stored as \fB/var/cache/gpupdate/local-policy\fR.
.SH "SEE ALSO"
.
gpupdate(1)
.SH BUGS
Tons of it.

17
doc/gpresult.1
View File

@@ -0,0 +1,17 @@
.\" GPOA - GPO Applier for Linux
.\"
.\" Copyright (C) 2019-2020 BaseALT Ltd.
.\"
.\" This program is free software: you can redistribute it and/or modify
.\" it under the terms of the GNU General Public License as published by
.\" the Free Software Foundation, either version 3 of the License, or
.\" (at your option) any later version.
.\"
.\" This program is distributed in the hope that it will be useful,
.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
.\" GNU General Public License for more details.
.\"
.\" You should have received a copy of the GNU General Public License
.\" along with this program. If not, see <http://www.gnu.org/licenses/>.

16
doc/gpupdate-user.service.1
View File

@@ -1,3 +1,19 @@
.\" GPOA - GPO Applier for Linux
.\"
.\" Copyright (C) 2019-2020 BaseALT Ltd.
.\"
.\" This program is free software: you can redistribute it and/or modify
.\" it under the terms of the GNU General Public License as published by
.\" the Free Software Foundation, either version 3 of the License, or
.\" (at your option) any later version.
.\"
.\" This program is distributed in the hope that it will be useful,
.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
.\" GNU General Public License for more details.
.\"
.\" You should have received a copy of the GNU General Public License
.\" along with this program. If not, see <http://www.gnu.org/licenses/>.
.TH GPUPDATE-USER.SERVICE 1
.
.SH NAME

45
doc/gpupdate.1
View File

@@ -1,3 +1,19 @@
.\" GPOA - GPO Applier for Linux
.\"
.\" Copyright (C) 2019-2020 BaseALT Ltd.
.\"
.\" This program is free software: you can redistribute it and/or modify
.\" it under the terms of the GNU General Public License as published by
.\" the Free Software Foundation, either version 3 of the License, or
.\" (at your option) any later version.
.\"
.\" This program is distributed in the hope that it will be useful,
.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
.\" GNU General Public License for more details.
.\"
.\" You should have received a copy of the GNU General Public License
.\" along with this program. If not, see <http://www.gnu.org/licenses/>.
.TH GPUPDATE 1
.
.SH NAME
@@ -10,17 +26,42 @@ gpupdate \- Update Group Policy settings
.B gpupdate
Fetches GPT files for designated user from AD instance and transforms
them into UNIX system settings.
.B gpupdate
operates on \fIcontrol framework\fR, \fIsystem-wide GSettings\fR,
\fIXDG .desktop files\fR, \fIChromium web browser policy file\fR,
\fIFirefox web browser policy file\fR, \fIsystemd services\fR,
\fIPolicyKit framework\fR trying to mimic behavior of other operating
systems connected to AD domain.
The utility needs no adjustments from local user.
.
.SS Options
.TP
\fB-h\fP
Show help
Show help.
.TP
\fB--user \fIusername\fR
Run \fBgpupdate\fP for \fIusername\fP.
.
.SS "EXIT CODES"
.TP
\fB0\fR
Application exited successfully.
.TP
\fB1\fR
No runner is able to start \fBgpoa\fR.
.TP
\fB2\fR
No reply from \fID-Bus\fR when starting \fBgpoa\fR for computer using
\fBoddjobd\fR via \fID-Bus\fR.
.TP
\fB3\fR
No reply from \fID-Bus\fR when starting \fBgpoa\fR for user using
\fBoddjobd\fR via \fID-Bus\fR.
.
.SH "SEE ALSO"
gpoa(3), gpresult(3), gpupdate.service(3), gpupdate-user.service(3)
gpoa(1)
.SH BUGS
There is tons of bugs since it tries to mimic behavior of Windows
machines.

17
doc/gpupdate.service.1
View File

@@ -0,0 +1,17 @@
.\" GPOA - GPO Applier for Linux
.\"
.\" Copyright (C) 2019-2020 BaseALT Ltd.
.\"
.\" This program is free software: you can redistribute it and/or modify
.\" it under the terms of the GNU General Public License as published by
.\" the Free Software Foundation, either version 3 of the License, or
.\" (at your option) any later version.
.\"
.\" This program is distributed in the hope that it will be useful,
.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
.\" GNU General Public License for more details.
.\"
.\" You should have received a copy of the GNU General Public License
.\" along with this program. If not, see <http://www.gnu.org/licenses/>.

6
gpoa/.pylintrc
View File

@@ -133,7 +133,11 @@ disable=print-statement,
xreadlines-attribute,
deprecated-sys-function,
exception-escape,
comprehension-escape
comprehension-escape,
trailing-newlines,
missing-function-docstring,
missing-class-docstring,
missing-module-docstring
# Enable the message, report, category or checker with the given id(s). You can
# either give multiple identifier separated by comma (,) or put this option

5
gpoa/Makefile Normal file
View File

@@ -0,0 +1,5 @@
.PHONY: test
test:
python3 -m unittest discover -t . -s ./test

36
gpoa/backend/__init__.py
View File

@@ -1,9 +1,11 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software; you can redistribute it and/or modify
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
@@ -11,30 +13,40 @@
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import logging
from util.windows import smbcreds
from .samba_backend import samba_backend
from .nodomain_backend import nodomain_backend
def backend_factory(dc, username):
def backend_factory(dc, username, is_machine, no_domain = False):
'''
Return one of backend objects. Please note that backends must
store their configuration in a storage with administrator
write permissions in order to prevent users from modifying
policies enforced by domain administrators.
'''
sc = smbcreds(dc)
domain = sc.get_domain()
back = None
domain = None
if not no_domain:
sc = smbcreds(dc)
domain = sc.get_domain()
try:
back = samba_backend(sc, username, domain)
except Exception as exc:
logging.error('Unable to initialize Samba backend: {}'.format(exc))
if domain:
logging.debug('Initialize Samba backend for domain: {}'.format(domain))
try:
back = samba_backend(sc, username, domain, is_machine)
except Exception as exc:
logging.error('Unable to initialize Samba backend: {}'.format(exc))
else:
logging.debug('Initialize local backend with no domain')
try:
back = nodomain_backend()
except Exception as exc:
logging.error('Unable to initialize no-domain backend: {}'.format(exc))
return back

11
gpoa/backend/applier_backend.py
View File

@@ -1,9 +1,11 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software; you can redistribute it and/or modify
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
@@ -11,9 +13,8 @@
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from abc import ABC

56
gpoa/backend/nodomain_backend.py Normal file
View File

@@ -0,0 +1,56 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import logging
import os
from .applier_backend import applier_backend
from storage import registry_factory
from gpt.gpt import gpt, get_local_gpt
from util.util import (
get_machine_name
)
from util.windows import get_sid
import util.preg
from util.logging import slogm
class nodomain_backend(applier_backend):
def __init__(self):
domain = None
machine_name = get_machine_name()
machine_sid = get_sid(domain, machine_name, True)
self.storage = registry_factory('registry')
self.storage.set_info('domain', domain)
self.storage.set_info('machine_name', machine_name)
self.storage.set_info('machine_sid', machine_sid)
# User SID to work with HKCU hive
self.username = machine_name
self.sid = machine_sid
def retrieve_and_store(self):
'''
Retrieve settings and strore it in a database
'''
# Get policies for machine at first.
self.storage.wipe_hklm()
self.storage.wipe_user(self.storage.get_info('machine_sid'))
local_policy = get_local_gpt(self.sid)
local_policy.merge()

28
gpoa/backend/samba_backend.py
View File

@@ -1,9 +1,11 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software; you can redistribute it and/or modify
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
@@ -11,9 +13,8 @@
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import logging
import os
@@ -22,7 +23,7 @@ from samba.gpclass import check_safe_path, check_refresh_gpo_list
from .applier_backend import applier_backend
from storage import cache_factory, registry_factory
from gpt import gpt, get_local_gpt
from gpt.gpt import gpt, get_local_gpt
from util.util import (
get_machine_name,
is_machine_name
@@ -33,16 +34,21 @@ from util.logging import slogm
class samba_backend(applier_backend):
def __init__(self, sambacreds, username, domain):
def __init__(self, sambacreds, username, domain, is_machine):
self.storage = registry_factory('registry')
self.storage.set_info('domain', domain)
self.storage.set_info('machine_name', get_machine_name())
self.storage.set_info('machine_sid', get_sid(domain, self.storage.get_info('machine_name')))
machine_name = get_machine_name()
machine_sid = get_sid(domain, machine_name, is_machine)
self.storage.set_info('machine_name', machine_name)
self.storage.set_info('machine_sid', machine_sid)
# User SID to work with HKCU hive
self.username = username
self._is_machine_username = is_machine_name(self.username)
self.sid = get_sid(self.storage.get_info('domain'), self.username)
self._is_machine_username = is_machine
if is_machine:
self.sid = machine_sid
else:
self.sid = get_sid(self.storage.get_info('domain'), self.username)
self.cache = cache_factory('regpol_cache')
self.gpo_names = cache_factory('gpo_names')

11
gpoa/frontend/__init__.py
View File

@@ -1,9 +1,11 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software; you can redistribute it and/or modify
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
@@ -11,9 +13,8 @@
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from .frontend_manager import (
frontend_manager as applier

11
gpoa/frontend/applier_frontend.py
View File

@@ -1,9 +1,11 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software; you can redistribute it and/or modify
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
@@ -11,9 +13,8 @@
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from abc import ABC

11
gpoa/frontend/appliers/__init__.py
View File

@@ -1,9 +1,11 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software; you can redistribute it and/or modify
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
@@ -11,7 +13,6 @@
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.

69
gpoa/frontend/appliers/control.py
View File

@@ -1,9 +1,11 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software; you can redistribute it and/or modify
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
@@ -11,9 +13,8 @@
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import subprocess
import threading
@@ -22,6 +23,8 @@ from util.logging import slogm
class control:
def __init__(self, name, value):
if type(value) != int and type(value) != str:
raise Exception('Unknown type of value for control')
self.control_name = name
self.control_value = value
self.possible_values = self._query_control_values()
@@ -29,29 +32,65 @@ class control:
raise Exception('Unable to query possible values')
def _query_control_values(self):
proc = subprocess.Popen(['/usr/sbin/control', self.control_name, 'list'], stdout=subprocess.PIPE)
for line in proc.stdout:
values = line.split()
return values
'''
Query possible values from control in order to perform check of
parameter passed to constructor.
'''
values = list()
popen_call = ['/usr/sbin/control', self.control_name, 'list']
with subprocess.Popen(popen_call, stdout=subprocess.PIPE) as proc:
values = proc.stdout.readline().decode('utf-8').split()
proc.wait()
return values
def _map_control_status(self, int_status):
str_status = self.possible_values[int_status].decode()
'''
Get control's string value by numeric index
'''
try:
str_status = self.possible_values[int_status]
except IndexError as exc:
logging.error(slogm('Error getting control ({}) value from {} by index {}'.format(self.control_name, self.possible_values, int_status)))
str_status = None
return str_status
def get_control_name(self):
return self.control_name
def get_control_status(self):
proc = subprocess.Popen(['/usr/sbin/control', self.control_name], stdout=subprocess.PIPE)
for line in proc.stdout:
return line.rstrip('\n\r')
'''
Get current control value
'''
line = None
popen_call = ['/usr/sbin/control', self.control_name]
with subprocess.Popen(popen_call, stdout=subprocess.PIPE) as proc:
line = proc.stdout.readline().decode('utf-8').rstrip('\n\r')
proc.wait()
return line
def set_control_status(self):
status = self._map_control_status(self.control_value)
if type(self.control_value) == int:
status = self._map_control_status(self.control_value)
if status == None:
logging.error(slogm('\'{}\' is not in possible values for control {}'.format(self.control_value, self.control_name)))
return
elif type(self.control_value) == str:
if self.control_value not in self.possible_values:
logging.error(slogm('\'{}\' is not in possible values for control {}'.format(self.control_value, self.control_name)))
return
status = self.control_value
logging.debug(slogm('Setting control {} to {}'.format(self.control_name, status)))
try:
proc = subprocess.Popen(['/usr/sbin/control', self.control_name, status], stdout=subprocess.PIPE)
popen_call = ['/usr/sbin/control', self.control_name, status]
with subprocess.Popen(popen_call, stdout=subprocess.PIPE) as proc:
proc.wait()
except:
logging.error(slogm('Unable to set {} to {}'.format(self.control_name, status)))

11
gpoa/frontend/appliers/gsettings.py
View File

@@ -1,9 +1,11 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software; you can redistribute it and/or modify
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
@@ -11,9 +13,8 @@
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import configparser
import os

11
gpoa/frontend/appliers/polkit.py
View File

@@ -1,9 +1,11 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software; you can redistribute it and/or modify
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
@@ -11,9 +13,8 @@
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import os
import jinja2

11
gpoa/frontend/appliers/rpm.py
View File

@@ -1,9 +1,11 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software; you can redistribute it and/or modify
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
@@ -11,9 +13,8 @@
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from util.rpm import (
install_rpm,

24
gpoa/frontend/appliers/systemd.py
View File

@@ -1,9 +1,11 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software; you can redistribute it and/or modify
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
@@ -11,9 +13,8 @@
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import dbus
import logging
@@ -39,14 +40,23 @@ class systemd_unit:
self.manager.EnableUnitFiles([self.unit_name], dbus.Boolean(False), dbus.Boolean(True))
self.manager.StartUnit(self.unit_name, 'replace')
logging.info(slogm('Starting systemd unit: {}'.format(self.unit_name)))
if self._get_state() != 'active':
# In case the service has 'RestartSec' property set it
# switches to 'activating (auto-restart)' state instead of
# 'active' so we consider 'activating' a valid state too.
service_state = self._get_state()
if not service_state in ['active', 'activating']:
logging.error(slogm('Unable to start systemd unit {}'.format(self.unit_name)))
else:
self.manager.StopUnit(self.unit_name, 'replace')
self.manager.DisableUnitFiles([self.unit_name], dbus.Boolean(False))
self.manager.MaskUnitFiles([self.unit_name], dbus.Boolean(False), dbus.Boolean(True))
logging.info(slogm('Stopping systemd unit: {}'.format(self.unit_name)))
if self._get_state() != 'stopped':
service_state = self._get_state()
if not service_state in ['stopped']:
logging.error(slogm('Unable to stop systemd unit {}'.format(self.unit_name)))
def _get_state(self):

19
gpoa/frontend/chromium_applier.py
View File

@@ -1,9 +1,11 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software; you can redistribute it and/or modify
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
@@ -11,9 +13,8 @@
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from .applier_frontend import applier_frontend
@@ -25,7 +26,7 @@ from util.logging import slogm
from util.util import is_machine_name
class chromium_applier(applier_frontend):
__registry_branch = 'Software\\Policies\\Chromium'
__registry_branch = 'Software\\Policies\\Google\\Chrome'
__managed_policies_path = '/etc/chromium/policies/managed'
__recommended_policies_path = '/etc/chromium/policies/recommended'
# JSON file where Chromium stores its settings (and which is
@@ -101,7 +102,11 @@ class chromium_applier(applier_frontend):
logging.info(slogm('Set user ({}) property \'{}\' to {}'.format(self.username, name, obj)))
def get_home_page(self, hkcu=False):
return self.get_hklm_string_entry('HomepageLocation')
response = self.get_hklm_string_entry('HomepageLocation')
result = 'about:blank'
if response:
result = response.data
return result
def machine_apply(self):
'''

14
gpoa/frontend/control_applier.py
View File

@@ -1,9 +1,11 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software; you can redistribute it and/or modify
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
@@ -11,9 +13,8 @@
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from .applier_frontend import applier_frontend
from .appliers.control import control
@@ -38,6 +39,9 @@ class control_applier(applier_frontend):
try:
self.controls.append(control(valuename, int(setting.data)))
logging.info(slogm('Working with control {}'.format(valuename)))
except ValueError as exc:
self.controls.append(control(valuename, setting.data))
logging.info(slogm('Working with control {} with string value'.format(valuename)))
except Exception as exc:
logging.info(slogm('Unable to work with control {}: {}'.format(valuename, exc)))
#for e in polfile.pol_file.entries:

11
gpoa/frontend/cups_applier.py
View File

@@ -1,9 +1,11 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software; you can redistribute it and/or modify
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
@@ -11,9 +13,8 @@
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import logging
import os

15
gpoa/frontend/firefox_applier.py
View File

@@ -1,9 +1,11 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software; you can redistribute it and/or modify
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
@@ -11,9 +13,8 @@
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# This file is the preferred way to configure Firefox browser in multi-OS
# enterprise environments.
@@ -98,7 +99,7 @@ class firefox_applier(applier_frontend):
})
response = self.get_hklm_string_entry('Homepage\\URL')
if response:
homepage['URL'] = response
homepage['URL'] = response.data
return homepage
return None
@@ -108,7 +109,7 @@ class firefox_applier(applier_frontend):
'''
response = self.get_hklm_string_entry('BlockAboutConfig')
if response:
if response.lower() in ['0', 'false', False, None, 'None']:
if response.data.lower() in ['0', 'false', False, None, 'None']:
return False
return True

41
gpoa/frontend/frontend_manager.py
View File

@@ -1,9 +1,11 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software; you can redistribute it and/or modify
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
@@ -11,9 +13,8 @@
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from storage import registry_factory
@@ -40,8 +41,13 @@ from util.users import (
with_privileges
)
from util.logging import slogm
from util.paths import (
frontend_module_dir
)
import logging
import os
import subprocess
def determine_username(username=None):
'''
@@ -70,12 +76,18 @@ class frontend_manager:
for machine and user parts of policies.
'''
def __init__(self, username, target):
def __init__(self, username, is_machine):
frontend_module_files = frontend_module_dir().glob('**/*')
self.frontend_module_binaries = list()
for exe in frontend_module_files:
if (exe.is_file() and os.access(exe.resolve(), os.X_OK)):
self.frontend_module_binaries.append(exe)
self.storage = registry_factory('registry')
self.username = determine_username(username)
self.target = target
self.is_machine = is_machine
self.process_uname = get_process_user()
self.sid = get_sid(self.storage.get_info('domain'), self.username)
self.sid = get_sid(self.storage.get_info('domain'), self.username, is_machine)
self.machine_appliers = dict({
'control': control_applier(self.storage),
@@ -104,6 +116,10 @@ class frontend_manager:
logging.error('Not sufficient privileges to run machine appliers')
return
logging.debug(slogm('Applying computer part of settings'))
for exe in self.frontend_module_binaries:
subprocess.check_call([exe.resolve()])
self.machine_appliers['systemd'].apply()
self.machine_appliers['control'].apply()
self.machine_appliers['polkit'].apply()
@@ -135,11 +151,8 @@ class frontend_manager:
'''
Decide which appliers to run.
'''
if 'All' == self.target or 'Computer' == self.target:
if self.is_machine:
self.machine_apply()
# Run user appliers when user's SID is specified
if self.storage.get_info('machine_sid') != self.sid:
if 'All' == self.target or 'User' == self.target:
self.user_apply()
else:
self.user_apply()

11
gpoa/frontend/gsettings_applier.py
View File

@@ -1,9 +1,11 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software; you can redistribute it and/or modify
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
@@ -11,9 +13,8 @@
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import logging
import os

11
gpoa/frontend/package_applier.py
View File

@@ -1,9 +1,11 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software; you can redistribute it and/or modify
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
@@ -11,9 +13,8 @@
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import logging

11
gpoa/frontend/polkit_applier.py
View File

@@ -1,9 +1,11 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software; you can redistribute it and/or modify
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
@@ -11,9 +13,8 @@
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from .applier_frontend import applier_frontend
from .appliers.polkit import polkit

26
gpoa/frontend/shortcut_applier.py
View File

@@ -1,9 +1,11 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software; you can redistribute it and/or modify
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
@@ -11,9 +13,8 @@
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import logging
import subprocess
@@ -22,6 +23,10 @@ from .applier_frontend import applier_frontend
from gpt.shortcuts import json2sc
from util.windows import expand_windows_var
from util.logging import slogm
from util.util import (
get_homedir,
homedir_exists
)
def storage_get_shortcuts(storage, sid):
'''
@@ -43,6 +48,17 @@ def write_shortcut(shortcut, username=None):
:username: None means working with machine variables and paths
'''
dest_abspath = expand_windows_var(shortcut.dest, username).replace('\\', '/') + '.desktop'
# Check that we're working for user, not on global system level
if username:
# Check that link destination path starts with specification of
# user's home directory
if dest_abspath.startswith(get_homedir(username)):
# Don't try to operate on non-existent directory
if not homedir_exists(username):
logging.warning(slogm('No home directory exists for user {}: will not create link {}'.format(username, dest_abspath)))
return None
logging.debug(slogm('Writing shortcut file to {}'.format(dest_abspath)))
shortcut.write_desktop(dest_abspath)

11
gpoa/frontend/systemd_applier.py
View File

@@ -1,9 +1,11 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software; you can redistribute it and/or modify
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
@@ -11,9 +13,8 @@
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from .applier_frontend import applier_frontend
from .appliers.systemd import systemd_unit

39
gpoa/gpoa
View File

@@ -1,10 +1,12 @@
#! /usr/bin/env python3
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software; you can redistribute it and/or modify
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
@@ -12,13 +14,13 @@
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import argparse
import logging
import os
import signal
from backend import backend_factory
from frontend.frontend_manager import frontend_manager, determine_username
@@ -31,17 +33,16 @@ from util.users import (
get_process_user
)
from util.arguments import (
set_loglevel,
process_target
set_loglevel
)
from util.logging import slogm
from util.signals import signal_handler
def parse_arguments():
arguments = argparse.ArgumentParser(description='Generate configuration out of parsed policies')
arguments.add_argument('user',
type=str,
nargs='?',
default=get_machine_name(),
help='Domain username ({}) to parse policies for'.format(get_machine_name()))
arguments.add_argument('--dc',
type=str,
@@ -49,9 +50,6 @@ def parse_arguments():
arguments.add_argument('--nodomain',
action='store_true',
help='Operate without domain (apply local policy)')
arguments.add_argument('--target',
type=str,
help='Specify if it is needed to update user\'s or computer\'s policies')
arguments.add_argument('--noupdate',
action='store_true',
help='Don\'t try to update storage, only run appliers')
@@ -60,7 +58,7 @@ def parse_arguments():
help='Don\'t start plugins')
arguments.add_argument('--loglevel',
type=int,
default=0,
default=4,
help='Set logging verbosity level')
return arguments.parse_args()
@@ -70,6 +68,10 @@ class gpoa_controller:
def __init__(self):
self.__args = parse_arguments()
self.is_machine = False
if not self.__args.user:
user = get_machine_name()
self.is_machine = True
set_loglevel(self.__args.loglevel)
self.__kinit_successful = machine_kinit()
@@ -81,23 +83,27 @@ class gpoa_controller:
self.username = uname
else:
self.username = determine_username(self.__args.user)
self.target = process_target(self.__args.target)
def run(self):
'''
GPOA controller entry point
'''
self.start_plugins()
self.start_backend()
self.start_frontend()
self.start_plugins()
def start_backend(self):
'''
Function to start update of settings storage
'''
dc = self.__args.dc
nodomain = False
if self.__args.nodomain:
nodomain = True
if not self.__args.noupdate:
if is_root():
back = backend_factory(self.__args.dc, self.username)
back = backend_factory(dc, self.username, self.is_machine, nodomain)
if back:
back.retrieve_and_store()
@@ -106,7 +112,7 @@ class gpoa_controller:
Function to start appliers
'''
try:
appl = frontend_manager(self.username, self.target)
appl = frontend_manager(self.username, self.is_machine)
appl.apply_parameters()
except Exception as exc:
logging.error(slogm('Error occured while running applier: {}'.format(exc)))
@@ -124,5 +130,6 @@ def main():
controller.run()
if __name__ == "__main__":
signal.signal(signal.SIGINT, signal_handler)
main()

16
gpoa/gpt/__init__.py
View File

@@ -1,9 +1,11 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software; you can redistribute it and/or modify
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
@@ -11,12 +13,6 @@
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
from .gpt import (
gpt,
get_local_gpt
)
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.

11
gpoa/gpt/drives.py
View File

@@ -1,9 +1,11 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software; you can redistribute it and/or modify
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
@@ -11,9 +13,8 @@
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import json
from base64 import b64decode

11
gpoa/gpt/envvars.py
View File

@@ -1,9 +1,11 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software; you can redistribute it and/or modify
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
@@ -11,9 +13,8 @@
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from util.xml import get_xml_root

11
gpoa/gpt/files.py
View File

@@ -1,9 +1,11 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software; you can redistribute it and/or modify
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
@@ -11,9 +13,8 @@
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from util.xml import get_xml_root

11
gpoa/gpt/folders.py
View File

@@ -1,9 +1,11 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software; you can redistribute it and/or modify
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
@@ -11,9 +13,8 @@
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from util.xml import get_xml_root

80
gpoa/gpt/gpt.py
View File

@@ -1,9 +1,11 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software; you can redistribute it and/or modify
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
@@ -11,9 +13,8 @@
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import logging
import os
@@ -57,9 +58,10 @@ class gpt:
if 'default' == self.guid:
self.guid = 'Local Policy'
self._machine_path = None
self._user_path = None
self._get_machine_user_dirs()
self._machine_path = find_dir(self.path, 'Machine')
self._user_path = find_dir(self.path, 'User')
self._machine_prefs = find_dir(self._machine_path, 'Preferences')
self._user_prefs = find_dir(self._user_path, 'Preferences')
logging.debug(slogm('Looking for machine part of GPT {}'.format(self.guid)))
self._find_machine()
@@ -87,19 +89,6 @@ class gpt:
return upm
def _get_machine_user_dirs(self):
'''
Find full path to Machine and User parts of GPT.
'''
entries = os.listdir(self.path)
for entry in entries:
full_entry_path = os.path.join(self.path, entry)
if os.path.isdir(full_entry_path):
if 'machine' == entry.lower():
self._machine_path = full_entry_path
if 'user' == entry.lower():
self._user_path = full_entry_path
def _find_user(self):
self._user_regpol = self._find_regpol('user')
self._user_shortcuts = self._find_shortcuts('user')
@@ -124,16 +113,14 @@ class gpt:
'''
Find Shortcuts.xml files.
'''
search_path = os.path.join(self._machine_path, 'Preferences', 'Shortcuts')
if 'user' == part:
try:
search_path = os.path.join(self._user_path, 'Preferences', 'Shortcuts')
except Exception as exc:
return None
if not search_path:
return None
shortcuts_dir = find_dir(self._machine_prefs, 'Shortcuts')
shortcuts_file = find_file(shortcuts_dir, 'shortcuts.xml')
return find_file(search_path, 'shortcuts.xml')
if 'user' == part:
shortcuts_dir = find_dir(self._user_prefs, 'Shortcuts')
shortcuts_file = find_file(shortcuts_dir, 'shortcuts.xml')
return shortcuts_file
def _find_envvars(self, part):
'''
@@ -193,7 +180,7 @@ class gpt:
util.preg.merge_polfile(self._machine_regpol)
if self._user_regpol:
logging.debug(slogm('Merging machine(user) settings from {}'.format(self._machine_regpol)))
util.preg.merge_polfile(self._user_regpol, self.machine_sid)
util.preg.merge_polfile(self._user_regpol, self.sid)
if self._machine_shortcuts:
logging.debug(slogm('Merging machine shortcuts from {}'.format(self._machine_shortcuts)))
self._merge_shortcuts()
@@ -239,15 +226,42 @@ User Shortcuts.xml: {}
)
return result
def find_dir(search_path, name):
'''
Attempt for case-insensitive search of directory
:param search_path: Path to get file list from
:param name: Name of the directory to search for
'''
if not search_path:
return None
try:
file_list = os.listdir(search_path)
for entry in file_list:
dir_path = os.path.join(search_path, entry)
if os.path.isdir(dir_path) and name.lower() == str(entry).lower():
return dir_path
except Exception as exc:
pass
return None
def find_file(search_path, name):
'''
Attempt for case-insensitive file search in directory.
'''
if not search_path:
return None
if not name:
return None
try:
file_list = os.listdir(search_path)
for entry in file_list:
file_path = os.path.join(search_path, entry)
if os.path.isfile(file_path) and name.lower() == entry.lower():
if os.path.isfile(file_path) and name.lower() == str(entry).lower():
return file_path
except Exception as exc:
#logging.error(exc)
@@ -259,7 +273,7 @@ def lp2gpt():
'''
Convert local-policy to full-featured GPT.
'''
lppath = os.path.join(default_policy_path(), 'local.xml')
lppath = os.path.join(default_policy_path(), 'Machine/Registry.pol.xml')
# Load settings from XML PolFile
polparser = GPPolParser()

11
gpoa/gpt/inifiles.py
View File

@@ -1,9 +1,11 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software; you can redistribute it and/or modify
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
@@ -11,9 +13,8 @@
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from util.xml import get_xml_root

11
gpoa/gpt/printers.py
View File

@@ -1,9 +1,11 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software; you can redistribute it and/or modify
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
@@ -11,9 +13,8 @@
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import json

11
gpoa/gpt/services.py
View File

@@ -1,9 +1,11 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software; you can redistribute it and/or modify
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
@@ -11,9 +13,8 @@
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from util.xml import get_xml_root

99
gpoa/gpt/shortcuts.py
View File

@@ -1,9 +1,11 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software; you can redistribute it and/or modify
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
@@ -11,11 +13,13 @@
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from pathlib import Path
import stat
import logging
from enum import Enum
from xml.etree import ElementTree
from xdg.DesktopEntry import DesktopEntry
@@ -24,18 +28,58 @@ import json
from util.windows import transform_windows_path
from util.xml import get_xml_root
class TargetType(Enum):
FILESYSTEM = 'FILESYSTEM'
URL = 'URL'
def get_ttype(targetstr):
'''
Validation function for targetType property
:targetstr: String representing link type.
:returns: Object of type TargetType.
'''
ttype = TargetType.FILESYSTEM
if targetstr == 'URL':
ttype = TargetType.URL
return ttype
def ttype2str(ttype):
'''
Transform TargetType to string for JSON serialization
:param ttype: TargetType object
'''
result = 'FILESYSTEM'
if ttype == TargetType.URL:
result = 'URL'
return result
def read_shortcuts(shortcuts_file):
'''
Read shortcut objects from GPTs XML file
:shortcuts_file: Location of Shortcuts.xml
'''
shortcuts = list()
for link in get_xml_root(shortcuts_file):
props = link.find('Properties')
# Location of the link itself
dest = props.get('shortcutPath')
# Location where link should follow
path = transform_windows_path(props.get('targetPath'))
# Arguments to executable file
arguments = props.get('arguments')
sc = shortcut(dest, path, arguments, link.get('name'))
# URL or FILESYSTEM
target_type = get_ttype(props.get('targetType'))
sc = shortcut(dest, path, arguments, link.get('name'), target_type)
sc.set_changed(link.get('changed'))
sc.set_clsid(link.get('clsid'))
sc.set_guid(link.get('uid'))
@@ -49,8 +93,9 @@ def json2sc(json_str):
Build shortcut out of string-serialized JSON
'''
json_obj = json.loads(json_str)
link_type = get_ttype(json_obj['type'])
sc = shortcut(json_obj['dest'], json_obj['path'], json_obj['arguments'], json_obj['name'])
sc = shortcut(json_obj['dest'], json_obj['path'], json_obj['arguments'], json_obj['name'], link_type)
sc.set_changed(json_obj['changed'])
sc.set_clsid(json_obj['clsid'])
sc.set_guid(json_obj['guid'])
@@ -59,13 +104,21 @@ def json2sc(json_str):
return sc
class shortcut:
def __init__(self, dest, path, arguments, name=None):
def __init__(self, dest, path, arguments, name=None, ttype=TargetType.FILESYSTEM):
'''
:param dest: Path to resulting file on file system
:param path: Path where the link should point to
:param arguments: Arguemnts to eecutable file
:param name: Name of the application
:param type: Link type - FILESYSTEM or URL
'''
self.dest = dest
self.path = path
self.arguments = arguments
self.name = name
self.changed = ''
self.is_in_user_context = self.set_usercontext()
self.type = ttype
def __str__(self):
result = self.to_json()
@@ -83,6 +136,14 @@ class shortcut:
def set_guid(self, uid):
self.guid = uid
def set_type(self, ttype):
'''
Set type of the hyperlink - FILESYSTEM or URL
:ttype: - object of class TargetType
'''
self.type = ttype
def set_usercontext(self, usercontext=False):
'''
Perform action in user context or not
@@ -110,6 +171,7 @@ class shortcut:
content['guid'] = self.guid
content['changed'] = self.changed
content['is_in_user_context'] = self.is_in_user_context
content['type'] = ttype2str(self.type)
result = self.desktop()
result.content.update(content)
@@ -122,17 +184,30 @@ class shortcut:
'''
self.desktop_file = DesktopEntry()
self.desktop_file.addGroup('Desktop Entry')
self.desktop_file.set('Type', 'Application')
if self.type == TargetType.URL:
self.desktop_file.set('Type', 'Link')
else:
self.desktop_file.set('Type', 'Application')
self.desktop_file.set('Version', '1.0')
self.desktop_file.set('Terminal', 'false')
self.desktop_file.set('Exec', '{} {}'.format(self.path, self.arguments))
self.desktop_file.set('Name', self.name)
if self.type == TargetType.URL:
self.desktop_file.set('URL', self.path)
else:
self.desktop_file.set('Terminal', 'false')
self.desktop_file.set('Exec', '{} {}'.format(self.path, self.arguments))
return self.desktop_file
def write_desktop(self, dest):
'''
Write .desktop file to disk using path 'dest'
Write .desktop file to disk using path 'dest'. Please note that
.desktop files must have executable bit set in order to work in
GUI.
'''
self.desktop().write(dest)
sc = Path(dest)
sc.chmod(sc.stat().st_mode | stat.S_IEXEC)

86
gpoa/gpupdate
View File

@@ -1,10 +1,12 @@
#! /usr/bin/env python3
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software; you can redistribute it and/or modify
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
@@ -12,10 +14,8 @@
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import argparse
@@ -24,14 +24,20 @@ import os
import sys
import logging
import pwd
import signal
from util.users import (
is_root
)
from util.arguments import (
process_target,
ExitCodeUpdater
)
from util.dbus import (
is_oddjobd_gpupdate_accessible,
dbus_runner
)
from util.signals import signal_handler
logging.basicConfig(level=logging.DEBUG)
@@ -61,10 +67,14 @@ def parse_cli_arguments():
'--user',
default=None,
help='Name of the user for GPO update')
argparser.add_argument('--target',
default=None,
type=str,
help='Specify if it is needed to update user\'s or computer\'s policies')
return argparser.parse_args()
def runner_factory(args):
def runner_factory(args, target):
'''
Return the necessary runner class according to some
factors taken into account.
@@ -73,7 +83,10 @@ def runner_factory(args):
if is_root():
# Only root may specify any username to update.
try:
username = pwd.getpwnam(args.user).pw_name
if args.user:
username = pwd.getpwnam(args.user).pw_name
else:
target = 'Computer'
except:
username = None
logstring = (
@@ -84,24 +97,36 @@ def runner_factory(args):
else:
# User may only perform gpupdate for machine (None) or
# itself (os.getusername()).
if args.user:
username = pwd.getpwuid(os.getuid()).pw_name
if args.user != username:
logstring = (
'Unable to perform gpupdate for {} with current'
' permissions, will update current user settings'
)
logging.error(logstring.format(args.user))
username = pwd.getpwuid(os.getuid()).pw_name
if args.user != username:
logstring = (
'Unable to perform gpupdate for {} with current'
' permissions, will update current user settings'
)
logging.error(logstring.format(args.user))
if is_oddjobd_gpupdate_accessible():
logging.debug('Starting gpupdate via D-Bus')
return dbus_runner(username)
computer_runner = None
user_runner = None
if target == 'All' or target == 'Computer':
computer_runner = dbus_runner()
if username:
if target == 'All' or target == 'User':
user_runner = dbus_runner(username)
return (computer_runner, user_runner)
else:
logging.warning('oddjobd is inaccessible')
if is_root():
logging.debug('Starting gpupdate by command invocation')
return file_runner(username)
computer_runner = None
user_runner = None
if target == 'All' or target == 'Computer':
computer_runner = file_runner()
if target == 'All' or target == 'User':
user_runner = file_runner(username)
return (computer_runner, user_runner)
else:
logging.error('Insufficient permissions to run gpupdate')
@@ -109,12 +134,29 @@ def runner_factory(args):
def main():
args = parse_cli_arguments()
gpo_applier = runner_factory(args)
if gpo_applier:
gpo_applier.run()
gpo_appliers = runner_factory(args, process_target(args.target))
if gpo_appliers:
if gpo_appliers[0]:
try:
gpo_appliers[0].run()
except Exception as exc:
logging.error('Error running GPOA for computer: {}'.format(exc))
return int(ExitCodeUpdater.FAIL_GPUPDATE_COMPUTER_NOREPLY)
if gpo_appliers[1]:
try:
gpo_appliers[1].run()
except Exception as exc:
logging.error('Error running GPOA for user: {}'.format(exc))
return int(ExitCodeUpdater.FAIL_GPUPDATE_USER_NOREPLY)
else:
logging.error('gpupdate will not be started')
return int(ExitCodeUpdater.FAIL_NO_RUNNER)
return int(ExitCodeUpdater.EXIT_SUCCESS)
if __name__ == '__main__':
main()
signal.signal(signal.SIGINT, signal_handler)
sys.exit(int(main()))

11
gpoa/plugin/__init__.py
View File

@@ -1,9 +1,11 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software; you can redistribute it and/or modify
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
@@ -11,9 +13,8 @@
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from .plugin_manager import plugin_manager

11
gpoa/plugin/adp.py
View File

@@ -1,9 +1,11 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software; you can redistribute it and/or modify
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
@@ -11,9 +13,8 @@
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import logging
import subprocess

11
gpoa/plugin/exceptions.py
View File

@@ -1,9 +1,11 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software; you can redistribute it and/or modify
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
@@ -11,9 +13,8 @@
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
class PluginInitError(Exception):
def __init__(self, message):

27
gpoa/plugin/plugin.py Normal file
View File

@@ -0,0 +1,27 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from abc import ABC
class plugin():
def __init__(self, plugin_name):
self.plugin_name = plugin_name
def run(self):
pass

19
gpoa/plugin/plugin_manager.py
View File

@@ -1,9 +1,11 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software; you can redistribute it and/or modify
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
@@ -11,14 +13,15 @@
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import logging
from .adp import adp
from .roles import roles
from .exceptions import PluginInitError
from .plugin import plugin
from util.logging import slogm
class plugin_manager:
@@ -27,12 +30,10 @@ class plugin_manager:
logging.info(slogm('Starting plugin manager'))
try:
self.plugins['adp'] = adp()
logging.info(slogm('ADP plugin initialized'))
except PluginInitError as exc:
self.plugins['adp'] = None
logging.error(slogm(exc))
def run(self):
if self.plugins['adp']:
self.plugins['adp'].run()
self.plugins.get('adp', plugin('adp')).run()
self.plugins.get('roles', plugin('roles')).run()

27
gpoa/plugin/roles.py Normal file
View File

@@ -0,0 +1,27 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from util.roles import fill_roles
class roles:
def __init__(self):
pass
def run(self):
fill_roles()

15
gpoa/storage/__init__.py
View File

@@ -1,9 +1,11 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software; you can redistribute it and/or modify
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
@@ -11,9 +13,8 @@
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from .sqlite_registry import sqlite_registry
from .sqlite_cache import sqlite_cache
@@ -21,6 +22,6 @@ from .sqlite_cache import sqlite_cache
def cache_factory(cache_name):
return sqlite_cache(cache_name)
def registry_factory(registry_name):
return sqlite_registry(registry_name)
def registry_factory(registry_name='registry', registry_dir=None):
return sqlite_registry(registry_name, registry_dir)

11
gpoa/storage/cache.py
View File

@@ -1,9 +1,11 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software; you can redistribute it and/or modify
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
@@ -11,9 +13,8 @@
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from abc import ABC

59
gpoa/storage/record_types.py Normal file
View File

@@ -0,0 +1,59 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
class samba_preg(object):
'''
Object mapping representing HKLM entry (registry key without SID)
'''
def __init__(self, preg_obj):
self.hive_key = '{}\\{}'.format(preg_obj.keyname, preg_obj.valuename)
self.type = preg_obj.type
self.data = preg_obj.data
class samba_hkcu_preg(object):
'''
Object mapping representing HKCU entry (registry key with SID)
'''
def __init__(self, sid, preg_obj):
self.sid = sid
self.hive_key = '{}\\{}'.format(preg_obj.keyname, preg_obj.valuename)
self.type = preg_obj.type
self.data = preg_obj.data
class ad_shortcut(object):
'''
Object mapping representing Windows shortcut.
'''
def __init__(self, sid, sc):
self.sid = sid
self.path = sc.dest
self.shortcut = sc.to_json()
class info_entry(object):
def __init__(self, name, value):
self.name = name
self.value = value
class printer_entry(object):
'''
Object mapping representing Windows printer of some type.
'''
def __init__(self, sid, pobj):
self.sid = sid
self.name = pobj.name
self.printer = pobj.to_json()

11
gpoa/storage/registry.py
View File

@@ -1,9 +1,11 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software; you can redistribute it and/or modify
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
@@ -11,9 +13,8 @@
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from abc import ABC

15
gpoa/storage/sqlite_cache.py
View File

@@ -1,9 +1,11 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software; you can redistribute it and/or modify
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
@@ -11,9 +13,8 @@
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from .cache import cache
@@ -48,12 +49,10 @@ class mapped_id_{}(object):
return eval('mapped_id_{}'.format(mapper_suffix))
class sqlite_cache(cache):
__cache_dir = 'sqlite:///{}'.format(cache_dir())
def __init__(self, cache_name):
self.cache_name = cache_name
self.mapper_obj = mapping_factory(self.cache_name)
self.storage_uri = os.path.join(self.__cache_dir, '{}.sqlite'.format(self.cache_name))
self.storage_uri = os.path.join('sqlite:///{}/{}.sqlite'.format(cache_dir(), self.cache_name))
logging.debug(slogm('Initializing cache {}'.format(self.storage_uri)))
self.db_cnt = create_engine(self.storage_uri, echo=False)
self.__metadata = MetaData(self.db_cnt)

81
gpoa/storage/sqlite_registry.py
View File

@@ -1,9 +1,11 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software; you can redistribute it and/or modify
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
@@ -11,9 +13,8 @@
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import logging
import os
@@ -35,55 +36,21 @@ from sqlalchemy.orm import (
from util.logging import slogm
from util.paths import cache_dir
from .registry import registry
class samba_preg(object):
'''
Object mapping representing HKLM entry (registry key without SID)
'''
def __init__(self, preg_obj):
self.hive_key = '{}\\{}'.format(preg_obj.keyname, preg_obj.valuename)
self.type = preg_obj.type
self.data = preg_obj.data
class samba_hkcu_preg(object):
'''
Object mapping representing HKCU entry (registry key with SID)
'''
def __init__(self, sid, preg_obj):
self.sid = sid
self.hive_key = '{}\\{}'.format(preg_obj.keyname, preg_obj.valuename)
self.type = preg_obj.type
self.data = preg_obj.data
class ad_shortcut(object):
'''
Object mapping representing Windows shortcut.
'''
def __init__(self, sid, sc):
self.sid = sid
self.path = sc.dest
self.shortcut = sc.to_json()
class info_entry(object):
def __init__(self, name, value):
self.name = name
self.value = value
class printer_entry(object):
'''
Object mapping representing Windows printer of some type.
'''
def __init__(self, sid, pobj):
self.sid = sid
self.name = pobj.name
self.printer = pobj.to_json()
from .record_types import (
samba_preg
, samba_hkcu_preg
, ad_shortcut
, info_entry
, printer_entry
)
class sqlite_registry(registry):
__registry_path = 'sqlite:///{}'.format(cache_dir())
def __init__(self, db_name):
def __init__(self, db_name, registry_cache_dir=None):
self.db_name = db_name
self.db_path = os.path.join(self.__registry_path, '{}.sqlite'.format(self.db_name))
cdir = registry_cache_dir
if cdir == None:
cdir = cache_dir()
self.db_path = os.path.join('sqlite:///{}/{}.sqlite'.format(cdir, self.db_name))
self.db_cnt = create_engine(self.db_path, echo=False)
self.__metadata = MetaData(self.db_cnt)
self.__info = Table(
@@ -222,15 +189,21 @@ class sqlite_registry(registry):
Write PReg entry to HKEY_LOCAL_MACHINE
'''
pentry = samba_preg(preg_entry)
self._hklm_upsert(pentry)
if not pentry.hive_key.rpartition('\\')[2].startswith('**'):
self._hklm_upsert(pentry)
else:
logging.warning(slogm('Skipping branch deletion key: {}'.format(pentry.hive_key)))
def add_hkcu_entry(self, preg_entry, sid):
'''
Write PReg entry to HKEY_CURRENT_USER
'''
hkcu_pentry = samba_hkcu_preg(sid, preg_entry)
logging.debug(slogm('Adding HKCU entry for {}'.format(sid)))
self._hkcu_upsert(hkcu_pentry)
if not hkcu_pentry.hive_key.rpartition('\\')[2].startswith('**'):
logging.debug(slogm('Adding HKCU entry for {}'.format(sid)))
self._hkcu_upsert(hkcu_pentry)
else:
logging.warning(slogm('Skipping branch deletion key: {}'.format(hkcu_pentry.hive_key)))
def add_shortcut(self, sid, sc_obj):
'''

21
gpoa/templates/99-gpoa_disk_permissions.rules.j2
View File

@@ -1,4 +1,23 @@
{% if Deny_All == 1 %}
{#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#}
{% if Deny_All == '1' %}
polkit.addRule(function (action, subject) {
if (action.id == "org.freedesktop.udisks2.filesystem-mount" ||
action.id == "org.freedesktop.udisks2.filesystem-mount-system" ||

18
gpoa/test/__init__.py Normal file
View File

@@ -0,0 +1,18 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.

8
gpoa/test/files/share.desktop Executable file
View File

@@ -0,0 +1,8 @@
[Desktop Entry]
Type=Link
Version=1.0
Name=Docs
GenericName=Link to CIFS disk
Comment=Link to Samba share
URL=smb://10.0.0.0/

18
gpoa/test/frontend/__init__.py Normal file
View File

@@ -0,0 +1,18 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.

18
gpoa/test/frontend/appliers/__init__.py Normal file
View File

@@ -0,0 +1,18 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.

BIN
gpoa/test/frontend/appliers/data/control_int.pol Normal file
View File

Binary file not shown.

9
gpoa/test/frontend/appliers/data/control_int.xml Normal file
View File

@@ -0,0 +1,9 @@
<?xml version="1.0" encoding="utf-8"?>
<PolFile num_entries="1" signature="PReg" version="1">
<Entry type="4" type_name="REG_DWORD">
<Key>Software\BaseALT\Policies\Control</Key>
<ValueName>sshd-gssapi-auth</ValueName>
<Value>1</Value>
</Entry>
</PolFile>

BIN
gpoa/test/frontend/appliers/data/control_string.pol Normal file
View File

Binary file not shown.

8
gpoa/test/frontend/appliers/data/control_string.xml Normal file
View File

@@ -0,0 +1,8 @@
<?xml version="1.0" encoding="utf-8"?>
<PolFile num_entries="1" signature="PReg" version="1">
<Entry type="1" type_name="REG_SZ">
<Key>Software\BaseALT\Policies\Control</Key>
<ValueName>dvd-ram-control</ValueName>
<Value>restricted</Value>
</Entry>
</PolFile>

74
gpoa/test/frontend/appliers/test_controls.py Normal file
View File

@@ -0,0 +1,74 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import unittest
from util.preg import load_preg
from frontend.appliers.control import control
class ControlTestCase(unittest.TestCase):
'''
Semi-integrational tests for control facility
'''
def test_control_with_int(self):
'''
Test procedure for control framework invocation with integer
value. The type of data loaded from PReg must be 'int' but
we're storing all values as strings inside the database. So,
for the test to be correct - we transform the value to string
first.
'''
preg_file = 'test/frontend/appliers/data/control_int.pol'
preg_data = load_preg(preg_file)
for entry in preg_data.entries:
control_name = entry.valuename
control_value = str(entry.data)
test_control = control(control_name, int(control_value))
test_control.set_control_status()
def test_control_int_out_of_range(self):
'''
Test procedure for control framework invocation with incorrect
integer value (out of range). The type of data loaded from PReg
must be 'int' but we're storing all values as strings inside the
database. So, for the test to be correct - we transform the
value to string first.
'''
control_name = 'sshd-gssapi-auth'
control_value = '50'
test_control = control(control_name, int(control_value))
test_control.set_control_status()
def test_control_with_str(self):
'''
Test procedure for control framework invocation with string
value. The type of data loaded from PReg must be 'str'.
'''
preg_file = 'test/frontend/appliers/data/control_string.pol'
preg_data = load_preg(preg_file)
for entry in preg_data.entries:
control_name = entry.valuename
control_value = entry.data
test_control = control(control_name, str(control_value))
test_control.set_control_status()

18
gpoa/test/gpt/__init__.py Normal file
View File

@@ -0,0 +1,18 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.

0
gpoa/test/Drives.xml → gpoa/test/gpt/data/Drives.xml
View File

0
gpoa/test/EnvironmentVariables.xml → gpoa/test/gpt/data/EnvironmentVariables.xml
View File

0
gpoa/test/Files.xml → gpoa/test/gpt/data/Files.xml
View File

0
gpoa/test/Folders.xml → gpoa/test/gpt/data/Folders.xml
View File

0
gpoa/test/IniFiles.xml → gpoa/test/gpt/data/IniFiles.xml
View File

0
gpoa/test/Printers.xml → gpoa/test/gpt/data/Printers.xml
View File

0
gpoa/test/Services.xml → gpoa/test/gpt/data/Services.xml
View File

0
gpoa/test/Shortcuts.xml → gpoa/test/gpt/data/Shortcuts.xml
View File

3
gpoa/test/gpt/data/Shortcuts_link.xml Normal file
View File

@@ -0,0 +1,3 @@
<?xml version="1.0" encoding="utf-8"?>
<Shortcuts clsid="{872ECB34-B2EC-401b-A585-D32574AA90EE}"><Shortcut clsid="{4F2F7C55-2790-433e-8127-0739D1CFA327}" name="Documents" status="Far" image="1" removePolicy="1" userContext="0" bypassErrors="0" changed="2019-12-11 16:53:37" uid="{3C6978C0-F9F6-4B8B-822C-2846327A1C45}"><Properties pidl="" targetType="URL" action="R" comment="Far 32-bit" shortcutKey="0" startIn="" arguments="%HOME%" iconIndex="13" targetPath="smb://10.0.0.0/" iconPath="%SystemRoot%\system32\SHELL32.dll" window="MIN" shortcutPath="%DesktopDir%\Docs"/></Shortcut>
</Shortcuts>

60
gpoa/test/gpt/test_shortcuts.py Normal file
View File

@@ -0,0 +1,60 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import unittest
import unittest.mock
import os
import util.paths
import json
class GptShortcutsTestCase(unittest.TestCase):
@unittest.mock.patch('util.paths.cache_dir')
def test_shortcut_reader(self, cdir_mock):
'''
Test functionality to read objects from Shortcuts.xml
'''
cdir_mock.return_value = '/var/cache/gpupdate'
import gpt.shortcuts
testdata_path = '{}/test/gpt/data/Shortcuts.xml'.format(os.getcwd())
sc = gpt.shortcuts.read_shortcuts(testdata_path)
json_obj = json.loads(sc[0].to_json())
self.assertIsNotNone(json_obj['Desktop Entry'])
self.assertEqual(json_obj['Desktop Entry']['Type'], 'Application')
@unittest.mock.patch('util.paths.cache_dir')
def test_shortcut_link(self, cdir_mock):
'''
Test generation of .desktop file with Type=Link pointing to
Samba share.
'''
cdir_mock.return_value = '/var/cache/gpupdate'
import gpt.shortcuts
testdata_path = '{}/test/gpt/data/Shortcuts_link.xml'.format(os.getcwd())
sc = gpt.shortcuts.read_shortcuts(testdata_path)
json_obj = json.loads(sc[0].to_json())
self.assertIsNotNone(json_obj['Desktop Entry'])
self.assertEqual(json_obj['Desktop Entry']['Type'], 'Link')
self.assertEqual(json_obj['Desktop Entry']['URL'], 'smb://10.0.0.0/')

18
gpoa/test/storage/__init__.py Normal file
View File

@@ -0,0 +1,18 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.

18
gpoa/test/storage/data/Registry.pol.xml Normal file
View File

@@ -0,0 +1,18 @@
<?xml version="1.0" encoding="utf-8"?>
<PolFile num_entries="3" signature="PReg" version="1">
<Entry type="1" type_name="REG_SZ">
<Key>Software\BaseALT\Policies\Control</Key>
<ValueName>**del.cups</ValueName>
<Value> </Value>
</Entry>
<Entry type="1" type_name="REG_SZ">
<Key>Software\BaseALT\Policies\Control</Key>
<ValueName>**del.postfix</ValueName>
<Value> </Value>
</Entry>
<Entry type="1" type_name="REG_SZ">
<Key>Software\BaseALT\Policies\Control</Key>
<ValueName>**del.postqueue</ValueName>
<Value> </Value>
</Entry>
</PolFile>

47
gpoa/test/storage/test_preg_special_values.py Normal file
View File

@@ -0,0 +1,47 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import unittest
import unittest.mock
import os
class StorageTestCase(unittest.TestCase):
preg_xml_path = '{}/test/storage/data/Registry.pol.xml'.format(os.getcwd())
reg_name = 'registry'
# Run destructive storage tests in current directory
reg_path = '{}/test/tmp'.format(os.getcwd())
@unittest.mock.patch('util.paths.cache_dir')
def test_add_hklm_entry(self, cdir_mock):
test_sid = None
from util.preg import merge_polfile
merge_polfile(self.preg_xml_path, test_sid, self.reg_name, self.reg_path)
@unittest.mock.patch('util.paths.cache_dir')
def test_add_hkcu_entry(self, cdir_mock):
test_sid = 'test_sid'
from util.preg import merge_polfile
merge_polfile(self.preg_xml_path, test_sid, self.reg_name, self.reg_path)

16
gpoa/test/testpriv.py
View File

@@ -1,16 +0,0 @@
#! /usr/bin/env python3
from gpoa.util.users import with_privileges
from gpoa.util.arguments import set_loglevel
def test_fn():
with open('testfile', 'w') as f:
f.write('test')
def main():
set_loglevel(1)
with_privileges('test', test_fn)
if '__main__' == __name__:
main()

5
gpoa/test/tmp/.gitignore vendored Normal file
View File

@@ -0,0 +1,5 @@
# Ignore everything in this directory
*
# Except this file
!.gitignore

18
gpoa/test/util/__init__.py Normal file
View File

@@ -0,0 +1,18 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.

30
gpoa/test/util/test_roles.py Normal file
View File

@@ -0,0 +1,30 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import unittest
from util.roles import fill_roles
class RolesTestCase(unittest.TestCase):
@unittest.skip('Role module test disabled because of instability')
def test_roles(self):
'''
Test utility functions to work with roles
'''
fill_roles()

37
gpoa/test/util/test_rpm.py Normal file
View File

@@ -0,0 +1,37 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import unittest
from util.rpm import (
install_rpms
, remove_rpms
)
class RPMTestCase(unittest.TestCase):
@unittest.skip('test_install_rpm is not unit test')
def test_install_rpm(self):
test_package_names = ['tortoisehg', 'csync']
install_rpms(test_package_names)
@unittest.skip('test_remove_rpm is not unit test')
def test_remove_rpm(self):
test_package_names = ['tortoisehg', 'csync']
remove_rpms(test_package_names)

11
gpoa/util/__init__.py
View File

@@ -1,9 +1,11 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software; you can redistribute it and/or modify
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
@@ -11,7 +13,6 @@
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.

32
gpoa/util/arguments.py
View File

@@ -1,9 +1,11 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software; you can redistribute it and/or modify
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
@@ -11,15 +13,16 @@
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import logging
import logging.handlers
from enum import IntEnum
from .logging import slogm
def set_loglevel(loglevel_num=None):
'''
Set the log level global value.
@@ -33,9 +36,9 @@ def set_loglevel(loglevel_num=None):
# A little bit of defensive programming
if not log_num:
log_num = 1
if 0 > log_num:
if log_num < 0:
log_num = 0
if 5 < log_num:
if log_num > 5:
log_num = 5
log_level = 10 * log_num
@@ -55,6 +58,7 @@ def set_loglevel(loglevel_num=None):
logger.handlers = [log_stdout, log_syslog]
def process_target(target_name=None):
'''
The target may be 'All', 'Computer' or 'User'. This function
@@ -62,13 +66,23 @@ def process_target(target_name=None):
'''
target = 'All'
if 'Computer' == target_name:
if target_name == 'Computer':
target = 'Computer'
if 'User' == target_name:
if target_name == 'User':
target = 'User'
logging.debug(slogm('Target is: {}'.format(target)))
return target
class ExitCodeUpdater(IntEnum):
'''
Exit code contract for gpupdate application
'''
EXIT_SUCCESS = 0
FAIL_NO_RUNNER = 1
FAIL_GPUPDATE_COMPUTER_NOREPLY = 2
FAIL_GPUPDATE_USER_NOREPLY = 3
EXIT_SIGINT = 130

59
gpoa/util/dbus.py
View File

@@ -1,9 +1,11 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software; you can redistribute it and/or modify
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
@@ -11,14 +13,15 @@
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import logging
import dbus
from .logging import slogm
from .users import is_root
class dbus_runner:
'''
@@ -39,13 +42,31 @@ class dbus_runner:
#print(obj.Introspect()[0])
if self.username:
logging.info(slogm('Starting GPO applier for user {} via D-Bus'.format(self.username)))
result = self.interface.gpupdatefor(dbus.String(self.username))
print_dbus_result(result)
if is_root():
try:
result = self.interface.gpupdatefor(dbus.String(self.username))
print_dbus_result(result)
except dbus.exceptions.DBusException as exc:
logging.error(slogm('No reply from oddjobd gpoa runner for {}'.format(self.username)))
raise exc
else:
try:
result = self.interface.gpupdate()
print_dbus_result(result)
except dbus.exceptions.DBusException as exc:
logging.error(slogm('No reply from oddjobd gpoa runner for current user'))
raise exc
else:
result = self.interface.gpupdate()
print_dbus_result(result)
logging.info(slogm('Starting GPO applier for computer via D-Bus'))
try:
result = self.interface.gpupdate_computer()
print_dbus_result(result)
except dbus.exceptions.DBusException as exc:
logging.error(slogm('No reply from oddjobd gpoa runner for computer'))
raise exc
#self.interface.Quit()
def start_gpupdate_user():
'''
Make gpupdate-user.service "runtime-enabled" and start it. This
@@ -54,12 +75,18 @@ def start_gpupdate_user():
'''
unit_name = 'gpupdate-user.service'
session_bus = dbus.SessionBus()
systemd_user_bus = session_bus.get_object('org.freedesktop.systemd1', '/org/freedesktop/systemd1')
systemd_user_interface = dbus.Interface(systemd_user_bus, dbus_interface='org.freedesktop.systemd1.Manager')
systemd_user_bus = session_bus.get_object(
'org.freedesktop.systemd1', '/org/freedesktop/systemd1')
systemd_user_interface = dbus.Interface(
systemd_user_bus, dbus_interface='org.freedesktop.systemd1.Manager')
gpupdate_user_unit = systemd_user_interface.GetUnit(dbus.String(unit_name))
job = systemd_user_interface.StartUnit(unit_name, 'replace')
#job = manager.StartTransientUnit('noname', 'replace', properties, [])
def is_oddjobd_gpupdate_accessible():
'''
Check if oddjobd is running via systemd so it will be possible
@@ -69,12 +96,17 @@ def is_oddjobd_gpupdate_accessible():
try:
system_bus = dbus.SystemBus()
systemd_bus = system_bus.get_object('org.freedesktop.systemd1', '/org/freedesktop/systemd1')
systemd_bus = system_bus.get_object(
'org.freedesktop.systemd1', '/org/freedesktop/systemd1')
systemd_interface = dbus.Interface(systemd_bus, 'org.freedesktop.systemd1.Manager')
oddjobd_unit = systemd_interface.GetUnit(dbus.String('oddjobd.service'))
oddjobd_proxy = system_bus.get_object('org.freedesktop.systemd1', str(oddjobd_unit))
oddjobd_properties = dbus.Interface(oddjobd_proxy, dbus_interface='org.freedesktop.DBus.Properties')
oddjobd_properties = dbus.Interface(oddjobd_proxy,
dbus_interface='org.freedesktop.DBus.Properties')
# Check if oddjobd service is running
oddjobd_state = oddjobd_properties.Get('org.freedesktop.systemd1.Unit', 'ActiveState')
@@ -91,6 +123,7 @@ def is_oddjobd_gpupdate_accessible():
return oddjobd_accessible
def print_dbus_result(result):
'''
Print lines returned by oddjobd (called via D-Bus) to stdout.

15
gpoa/util/kerberos.py
View File

@@ -1,9 +1,11 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software; you can redistribute it and/or modify
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
@@ -11,9 +13,8 @@
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import logging
import subprocess
@@ -21,6 +22,7 @@ import subprocess
from .util import get_machine_name
from .logging import slogm
def machine_kinit():
'''
Perform kinit with machine credentials
@@ -29,13 +31,14 @@ def machine_kinit():
subprocess.call(['kinit', '-k', host])
return check_krb_ticket()
def check_krb_ticket():
'''
Check if Kerberos 5 ticket present
'''
result = False
try:
subprocess.check_call([ 'klist', '-s' ])
subprocess.check_call(['klist', '-s'])
output = subprocess.check_output('klist', stderr=subprocess.STDOUT).decode()
logging.info(output)
result = True

16
gpoa/util/logging.py
View File

@@ -1,9 +1,11 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software; you can redistribute it and/or modify
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
@@ -11,14 +13,13 @@
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import json
import logging
import datetime
class encoder(json.JSONEncoder):
def default(self, obj):
result = super(encoder, self).default(obj)
@@ -30,6 +31,7 @@ class encoder(json.JSONEncoder):
return result
class slogm(object):
'''
Structured log message class
@@ -41,7 +43,7 @@ class slogm(object):
def __str__(self):
now = str(datetime.datetime.now())
args = dict()
args.update(dict({ 'timestamp': now, 'message': str(self.message) }))
args.update(dict({'timestamp': now, 'message': str(self.message)}))
args.update(self.kwargs)
kwa = encoder().encode(args)

60
gpoa/util/paths.py
View File

@@ -1,10 +1,39 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import pathlib
import os
def default_policy_path():
'''
Returns path pointing to Default Policy directory.
'''
return pathlib.Path('/usr/share/local-policy/default')
local_policy_default = '/usr/share/local-policy/default'
etc_local_policy_default = '/etc/local-policy/active'
result_path = pathlib.Path(local_policy_default)
if os.path.exists(etc_local_policy_default):
result_path = pathlib.Path(etc_local_policy_default)
return pathlib.Path(result_path)
def cache_dir():
'''
@@ -17,6 +46,7 @@ def cache_dir():
return cachedir
def local_policy_cache():
'''
Returns path to directory where lies local policy settings cache
@@ -29,3 +59,31 @@ def local_policy_cache():
return lpcache
def backend_module_dir():
backend_dir = '/usr/lib/gpoa/backend'
return pathlib.Path(backend_dir)
def frontend_module_dir():
frontend_dir = '/usr/lib/gpoa/frontend'
return pathlib.Path(frontend_dir)
def storage_module_dir():
storage_dir = '/usr/lib/gpoa/storage'
return pathlib.Path(storage_dir)
def pre_backend_plugin_dir():
pre_backend_dir = '/usr/lib/gpoa/backend_pre'
return pathlib.Path(pre_backend_dir)
def post_backend_plugin_dir():
post_backend_dir = '/usr/lib/gpoa/backend_post'
return pathlib.Path(post_backend_dir)
def pre_frontend_plugin_dir():
pre_forntend_dir = '/usr/lib/gpoa/frontend_pre'
return pathlib.Path(pre_frontend_dir)
def post_frontend_plugin_dir():
post_frontend_dir = '/usr/lib/gpoa/frontend_post'
return pathlib.Path(post_frontend_dir)

32
gpoa/util/preg.py
View File

@@ -1,9 +1,11 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software; you can redistribute it and/or modify
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
@@ -11,24 +13,19 @@
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
from storage import registry_factory
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import logging
import os
from samba.gpclass import get_dc_hostname
from samba.netcmd.common import netcmd_get_domain_infos_via_cldap
import samba.gpo
from xml.etree import ElementTree
from storage import registry_factory
from samba.gp_parse.gp_pol import GPPolParser
from .logging import slogm
def load_preg(file_path):
'''
Check if file extension is .xml and load preg object from XML
@@ -38,6 +35,7 @@ def load_preg(file_path):
return load_xml_preg(file_path)
return load_pol_preg(file_path)
def load_xml_preg(xml_path):
'''
Parse XML/PReg file and return its preg object
@@ -50,6 +48,7 @@ def load_xml_preg(xml_path):
return gpparser.pol_file
def load_pol_preg(polfile):
'''
Parse PReg file and return its preg object
@@ -65,6 +64,7 @@ def load_pol_preg(polfile):
#print(gpparser.pol_file.__ndr_print__())
return gpparser.pol_file
def preg_keymap(preg):
pregfile = load_preg(preg)
keymap = dict()
@@ -75,17 +75,18 @@ def preg_keymap(preg):
return keymap
def merge_polfile(preg, sid=None):
def merge_polfile(preg, sid=None, reg_name='registry', reg_path=None):
pregfile = load_preg(preg)
logging.info(slogm('Loaded PReg {}'.format(preg)))
key_map = dict()
storage = registry_factory('registry')
storage = registry_factory(reg_name, reg_path)
for entry in pregfile.entries:
if not sid:
storage.add_hklm_entry(entry)
else:
storage.add_hkcu_entry(entry, sid)
class entry:
def __init__(self, e_keyname, e_valuename, e_type, e_data):
self.keyname = e_keyname
@@ -93,6 +94,7 @@ class entry:
self.type = e_type
self.data = e_data
def preg2entries(preg_obj):
entries = []
for elem in prej_obj.entries:

114
gpoa/util/roles.py Normal file
View File

@@ -0,0 +1,114 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import logging
import pathlib
import subprocess
from .logging import slogm
def get_roles(role_dir):
'''
Return list of directories in /etc/role named after role plus '.d'
'''
directories = list()
try:
for item in role_dir.iterdir():
if item.is_dir():
role = str(item.name).rpartition('.')
if role[2] == 'd':
directories.append(role[0])
except FileNotFoundError as exc:
logging.warning(slogm('No role directory present (skipping): {}'.format(exc)))
return directories
def read_groups(role_file_path):
'''
Read list of whitespace-separated groups from file
'''
groups = list()
with open(role_file_path, 'r') as role_file:
lines = role_file.readlines()
for line in lines:
linegroups = line.strip().split(' ')
print(linegroups)
groups.extend(linegroups)
return set(groups)
def get_rolegroups(roledir):
'''
Get the list of groups which must be included into role.
'''
roledir_path = pathlib.Path(roledir)
group_files = list()
for item in roledir_path.iterdir():
if item.is_file():
group_files.append(item)
groups = list()
for item in group_files:
groups.extend(read_groups(item))
return set(groups)
def create_role(role_name, privilege_list):
'''
Create or update role
'''
cmd = ['/usr/sbin/roleadd',
'--set',
role_name
]
try:
print(privilege_list)
cmd.extend(privilege_list)
subprocess.check_call(cmd)
except Exception as exc:
logging.error(slogm('Error creating role \'{}\': {}'.format(role_name, exc)))
def fill_roles():
'''
Create the necessary roles
'''
alterator_roles_dir = pathlib.Path('/etc/alterator/auth')
nss_roles_dir = pathlib.Path('/etc/role.d')
roles = get_roles(nss_roles_dir)
# Compatibility with 'alterator-auth' module
admin_groups = read_groups(pathlib.Path(alterator_roles_dir, 'admin-groups'))
user_groups = read_groups(pathlib.Path(alterator_roles_dir, 'user-groups'))
create_role('localadmins', admin_groups)
create_role('users', user_groups)
for rolename in roles:
role_path = pathlib.Path(nss_roles_dir, '{}.d'.format(rolename))
rolegroups = get_rolegroups(role_path)
create_role(rolename, rolegroups)

106
gpoa/util/rpm.py
View File

@@ -1,9 +1,11 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software; you can redistribute it and/or modify
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
@@ -11,12 +13,13 @@
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import rpm
import subprocess
import rpm
def is_rpm_installed(rpm_name):
'''
@@ -30,6 +33,65 @@ def is_rpm_installed(rpm_name):
return False
class Package:
__install_command = ['/usr/bin/apt-get', '-y', 'install']
__remove_command = ['/usr/bin/apt-get', '-y', 'remove']
__reinstall_command = ['/usr/bin/apt-get', '-y', 'reinstall']
def __init__(self, package_name):
self.package_name = package_name
self.for_install = True
if package_name.endswith('-'):
self.package_name = package_name[:-1]
self.for_install = False
self.installed = is_rpm_installed(self.package_name)
def mark_for_install(self):
self.for_install = True
def mark_for_removal(self):
self.for_install = False
def is_installed(self):
return self.installed
def is_for_install(self):
return self.for_install
def is_for_removal(self):
return (not self.for_install)
def action(self):
if self.for_install:
if not self.is_installed():
return self.install()
else:
if self.is_installed():
return self.remove()
def install(self):
fullcmd = self.__install_command
fullcmd.append(self.package_name)
return subprocess.check_call(fullcmd)
def reinstall(self):
fullcmd = self.__reinstall_command
fullcmd.append(self.package_name)
return subprocess.check_call(fullcmd)
def remove(self):
fullcmd = self.__remove_command
fullcmd.append(self.package_name)
return subprocess.check_call(fullcmd)
def __repr__(self):
return self.package_name
def __str__(self):
return self.package_name
def update():
'''
Update APT-RPM database.
@@ -38,14 +100,38 @@ def update():
def install_rpm(rpm_name):
'''
Install RPM from APT-RPM sources.
Install single RPM
'''
update()
subprocess.check_call(['/usr/bin/apt-get', '-y', 'install', rpm_name])
rpm = Package(rpm_name)
return rpm.install()
def remove_rpm(rpm_name):
'''
Remove RPM from file system.
Remove single RPM
'''
subprocess.check_call(['/usr/bin/apt-get', '-y', 'remove', rpm_name])
rpm = Package(rpm_name)
return rpm.remove()
def install_rpms(rpm_names):
'''
Install set of RPMs sequentially
'''
result = list()
for package in rpm_names:
result.append(install_rpm(package))
return result
def remove_rpms(rpm_names):
'''
Remove set of RPMs requentially
'''
result = list()
for package in rpm_names:
result.append(remove_rpm(package))
return result

38
gpoa/util/samba.py Normal file
View File

@@ -0,0 +1,38 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import optparse
from samba import getopt as options
class smbopts:
def __init__(self, prog=None):
self.parser = optparse.OptionParser(prog)
self.sambaopts = options.SambaOptions(self.parser)
self.lp = self.sambaopts.get_loadparm()
def get_cache_dir(self):
return self._get_prop('cache directory')
def get_server_role(self):
return self._get_prop('server role')
def _get_prop(self, property_name):
return self.lp.get(property_name)

Some files were not shown because too many files have changed in this diff Show More