Fix machine account credentials initialization

0.13.2-alt1
- Fixed: Check directory existence before cleanup to avoid errors(closes:53703)
2025-11-25 16:23:57 +03:00 · 2025-07-26 00:56:03 +04:00 · 2025-04-03 10:52:48 +04:00 · 2025-04-03 10:47:26 +04:00 · 2025-03-14 17:44:20 +04:00 · 2025-03-14 17:44:08 +04:00
126 changed files with 12294 additions and 1857 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -2,4 +2,5 @@ __pycache__
 *~
 _opam
 _build
 *.pyc
--- a/completions/gpoa
+++ b/completions/gpoa
@@ -0,0 +1,22 @@
 _gpoa()
 {
    local cur prev words cword split
    _init_completion -s || return
    case $prev in
        --dc)
            _filedir
            return
            ;;
        --loglevel)
            COMPREPLY=($(compgen -W '0 1 2 3 4 5' -- "$cur"))
            return
            ;;
        *)
            COMPREPLY=($(compgen -W '--dc --nodomain --noupdate --noplugins --list-backends --loglevel --help --force' -- "$cur"))
            return
            ;;
    esac
 }
 complete -F _gpoa gpoa
--- a/completions/gpupdate
+++ b/completions/gpupdate
@@ -0,0 +1,27 @@
 _gpupdate()
 {
    local cur prev words cword split
    _init_completion -s || return
    case $prev in
        -u|--user)
            _filedir
            return
            ;;
        -t|--target)
            COMPREPLY=($(compgen -W 'ALL USER COMPUTER' -- "$cur"))
            return
            ;;
        -l|--loglevel)
            COMPREPLY=($(compgen -W '0 1 2 3 4 5' -- "$cur"))
            return
            ;;
        *)
            COMPREPLY=($(compgen -W '--user --target --loglevel --system --help --force' -- "$cur"))
            return
            ;;
    esac
 }
 complete -F _gpupdate gpupdate
--- a/completions/gpupdate-setup
+++ b/completions/gpupdate-setup
@@ -0,0 +1,18 @@
 _gpupdate-setup()
 {
    local cur prev words cword split
    _init_completion -s || return
    case $prev in
        set-backend)
            COMPREPLY=($(compgen -W 'local samba' -- "$cur"))
            return
            ;;
        *)
            COMPREPLY=($(compgen -W 'list list-backends status enable disable update write set-backend default-policy active-policy active-backend' -- "$cur"))
            return
            ;;
    esac
 }
 complete -F _gpupdate-setup gpupdate-setup
--- a/dist/gpupdate-group-users
+++ b/dist/gpupdate-group-users
@@ -0,0 +1,19 @@
 #!/bin/sh
 . /etc/control.d/functions
 CONFIG=/etc/pam.d/system-policy-gpupdate
 new_subst disabled \
        '^[[:space:]]*session[[:space:]]+\[.*default=1.*\][[:space:]]+pam_succeed_if.so user ingroup users.*' \
        's,^\([[:space:]]*session[[:space:]]\+\[.*\)default=[[:alnum:]]\+\(.*pam_succeed_if.so user ingroup users.*\)$,\1default=1\2,'
 new_subst enabled \
        '^[[:space:]]*session[[:space:]]+\[.*default=ignore.*\][[:space:]]+pam_succeed_if.so user ingroup users.*' \
        's,^\([[:space:]]*session[[:space:]]\+\[.*\)default=[[:alnum:]]\+\(.*pam_succeed_if.so user ingroup users.*\)$,\1default=ignore\2,'
 new_help disabled "Disable group policy applying for users in 'users' group only"
 new_help enabled "Enable group policy applying for users in 'users' group only"
 new_summary "Group policy applying for users in 'users' group only"
 control_subst "$CONFIG" "$*"
--- a/dist/gpupdate-localusers
+++ b/dist/gpupdate-localusers
@@ -0,0 +1,19 @@
 #!/bin/sh
 . /etc/control.d/functions
 CONFIG=/etc/pam.d/system-policy-gpupdate
 new_subst disabled \
        '^[[:space:]]*session[[:space:]]+\[.*success=2.*\][[:space:]]+pam_localuser.so' \
        's,^\([[:space:]]*session[[:space:]]\+\[.*\)success=[[:alnum:]]\+\(.*pam_localuser.so.*\)$,\1success=2\2,'
 new_subst enabled \
        '^[[:space:]]*session[[:space:]]+\[.*success=1.*\][[:space:]]+pam_localuser.so' \
        's,^\([[:space:]]*session[[:space:]]\+\[.*\)success=[[:alnum:]]\+\(.*pam_localuser.so.*\)$,\1success=1\2,'
 new_help disabled 'Disable group policy applying for local users'
 new_help enabled 'Enable group policy applying for local users'
 new_summary 'Group policy applying for local users'
 control_subst "$CONFIG" "$*"
--- a/dist/gpupdate-remote-policy
+++ b/dist/gpupdate-remote-policy
@@ -0,0 +1,4 @@
 #%PAM-1.0
 #auth		optional	pam_mount.so
 session		required	pam_mkhomedir.so silent
 #session		optional	pam_mount.so
--- a/dist/gpupdate-scripts-run-user.service
+++ b/dist/gpupdate-scripts-run-user.service
@@ -0,0 +1,11 @@
 [Unit]
 Description=Run Group Policy scripts for a user
 [Service]
 Type=oneshot
 RemainAfterExit=true
 ExecStart=/usr/libexec/gpupdate/scripts_runner --mode USER --action LOGON --user %u
 ExecStop=/usr/libexec/gpupdate/scripts_runner --mode USER --action LOGOFF --user %u
 [Install]
 WantedBy=default.target
--- a/dist/gpupdate-scripts-run.service
+++ b/dist/gpupdate-scripts-run.service
@@ -0,0 +1,15 @@
 [Unit]
 Description=Running Group Policy Scripts
 After=gpupdate.service
 [Service]
 Environment=PATH=/bin:/sbin:/usr/bin:/usr/sbin
 UnsetEnvironment=LANG LANGUAGE LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT LC_IDENTIFICATION
 Type=oneshot
 RemainAfterExit=true
 ExecStart=/usr/libexec/gpupdate/scripts_runner --mode MACHINE --action STARTUP
 ExecStop=/usr/libexec/gpupdate/scripts_runner --mode MACHINE --action SHUTDOWN
 StandardOutput=journal
 [Install]
 WantedBy=multi-user.target
--- a/dist/gpupdate-setup
+++ b/dist/gpupdate-setup
@@ -1,228 +0,0 @@
 #! /usr/bin/env python3
 #
 # GPOA - GPO Applier for Linux
 #
 # Copyright (C) 2019-2020 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import os
 import sys
 import argparse
 import subprocess
 import re
 from gpoa.util.samba import smbopts
 def command(args):
    try:
        subprocess.check_call(args.split())
    except:
        print ('command: \'%s\' error' % args)
 def from_command(args):
    try:
        with subprocess.Popen(args.split(), stdout=subprocess.PIPE) as proc:
            value = proc.stdout.readline().decode('utf-8')
            proc.wait()
    except:
        print ('from_command: \'%s\' error' % args)
        return 'local'
    return value.strip()
 def get_default_policy_name():
    localpolicy = 'workstation'
    dcpolicy = 'ad-domain-controller'
    try:
        if smbopt.get_server_role() == 'active directory domain controller':
            return dcpolicy
    except:
        pass
    try:
        release = '/etc/altlinux-release'
        if os.path.isfile(release):
            f = open(release)
            s = f.readline()
            if re.search('server', s, re.I):
                localpolicy = 'server'
    except:
        pass
    return localpolicy
 def parse_arguments():
    '''
    Parse CLI arguments.
    '''
    parser = argparse.ArgumentParser(prog='gpupdate-setup')
    subparsers = parser.add_subparsers(dest='action',
        metavar='action',
        help='Group Policy management actions (default action is status)')
    parser_list = subparsers.add_parser('list',
        help='List avalable types of local policy')
    parser_status = subparsers.add_parser('status',
        help='Show current Group Policy status')
    parser_enable = subparsers.add_parser('enable',
        help='Enable Group Policy subsystem')
    parser_disable = subparsers.add_parser('disable',
        help='Disable Group Policy subsystem')
    parser_write = subparsers.add_parser('write',
        help='Operate on Group Policies (enable or disable)')
    parser_active = subparsers.add_parser('active-policy',
        help='Show name of policy enabled')
    parser_write.add_argument('status',
        choices=['enable', 'disable'],
        help='Enable or disable Group Policies')
    parser_write.add_argument('localpolicy',
        default=None,
        nargs='?',
        help='Name of local policy to enable')
    parser_enable.add_argument('localpolicy',
        default=None,
        nargs='?',
        help='Name of local policy to enable')
    return parser.parse_args()
 def get_policy_entries(directory):
    filtered_entries = list()
    if os.path.isdir(directory):
        entries = [os.path.join(directory, entry) for entry in os.listdir(directory)]
        for entry in entries:
            if os.path.isdir(os.path.join(entry)):
                if not os.path.islink(os.path.join(entry)):
                    if not entry.rpartition('/')[2] == 'default':
                        filtered_entries.append(entry)
    return filtered_entries
 def get_policy_variants():
    '''
    Get the list of local policy variants deployed on this system.
    Please note that is case overlapping names the names in
    /etc/local-policy must override names in /usr/share/local-policy
    '''
    policy_dir = '/usr/share/local-policy'
    etc_policy_dir = '/etc/local-policy'
    system_policies = get_policy_entries(policy_dir)
    user_policies = get_policy_entries(etc_policy_dir)
    general_listing = list()
    general_listing.extend(system_policies)
    general_listing.extend(user_policies)
    return general_listing
 def validate_policy_name(policy_name):
    return policy_name in [os.path.basename(d) for d in get_policy_variants()]
 def get_status():
    systemd_unit_link = '/etc/systemd/system/multi-user.target.wants/gpupdate.service'
    return os.path.islink(systemd_unit_link)
 def get_active_policy():
    policy_dir = '/usr/share/local-policy'
    etc_policy_dir = '/etc/local-policy'
    default_policy_name = os.path.join(policy_dir, get_default_policy_name())
    active_policy_name = os.path.join(etc_policy_dir, 'active')
    actual_policy_name = os.path.realpath(default_policy_name)
    if os.path.isdir(active_policy_name):
        actual_policy_name = os.path.realpath(active_policy_name)
    return actual_policy_name
 def disable_gp():
    if from_command('/usr/sbin/control system-auth') != 'local':
        command('/usr/sbin/control system-policy global')
    else:
        command('/usr/sbin/control system-policy local')
    command('systemctl disable gpupdate.service')
    command('systemctl --global disable gpupdate-user.service')
 def enable_gp(policy_name):
    policy_dir = '/usr/share/local-policy'
    etc_policy_dir = '/etc/local-policy'
    target_policy_name = get_default_policy_name()
    if policy_name:
        if validate_policy_name(policy_name):
            target_policy_name = policy_name
    print (target_policy_name)
    default_policy_name = os.path.join(policy_dir, target_policy_name)
    active_policy_name = os.path.join(etc_policy_dir, 'active')
    if not os.path.isdir(etc_policy_dir):
        os.makedirs(etc_policy_dir)
    if not os.path.islink(active_policy_name):
        os.symlink(default_policy_name, active_policy_name)
    else:
        os.unlink(active_policy_name)
        os.symlink(default_policy_name, active_policy_name)
    # Enable oddjobd_gpupdate in PAM config
    command('/usr/sbin/control system-policy gpupdate')
    # Bootstrap the Group Policy engine
    command('/usr/sbin/gpoa --nodomain --loglevel 5')
    # Enable gpupdate-setup.service for all users
    command('systemctl --global enable gpupdate-user.service')
 def main():
    arguments = parse_arguments()
    if arguments.action == 'list':
        for entry in get_policy_variants():
            print(entry.rpartition('/')[2])
    if arguments.action == 'status' or arguments.action == None:
        if get_status():
            print('enabled')
        else:
            print('disabled')
    if arguments.action == 'write':
        if arguments.status == 'enable' or arguments.status == '#t':
            enable_gp(arguments.localpolicy)
        if arguments.status == 'disable' or arguments.status == '#f':
            disable_gp()
    if arguments.action == "enable":
        enable_gp(arguments.localpolicy)
    if arguments.action == "disable":
        disable_gp()
    if arguments.action == 'active-policy':
        print(get_active_policy())
 if __name__ == '__main__':
    main()
--- a/dist/gpupdate-system-uids
+++ b/dist/gpupdate-system-uids
@@ -0,0 +1,19 @@
 #!/bin/sh
 . /etc/control.d/functions
 CONFIG=/etc/pam.d/system-policy-gpupdate
 new_subst disabled \
        '^[[:space:]]*session[[:space:]]+\[.*default=1.*\][[:space:]]+pam_succeed_if.so uid >= 500.*' \
        's,^\([[:space:]]*session[[:space:]]\+\[.*\)default=[[:alnum:]]\+\(.*pam_succeed_if.so uid >= 500.*\)$,\1default=1\2,'
 new_subst enabled \
        '^[[:space:]]*session[[:space:]]+\[.*default=ignore.*\][[:space:]]+pam_succeed_if.so uid >= 500.*' \
        's,^\([[:space:]]*session[[:space:]]\+\[.*\)default=[[:alnum:]]\+\(.*pam_succeed_if.so uid >= 500.*\)$,\1default=ignore\2,'
 new_help disabled "Disable group policy applying for users with not system uids only"
 new_help enabled "Enable group policy applying for users with not system uids only"
 new_summary "Group policy applying for users with not system uids (greater or equal 500) only"
 control_subst "$CONFIG" "$*"
--- a/dist/gpupdate-user.service
+++ b/dist/gpupdate-user.service
@@ -4,13 +4,10 @@ Description=gpupdate in userspace
 # gpupdate on Windows runs once per hour
 [Service]
-Environment="PATH=/bin:/sbin:/usr/bin:/usr/sbin"
+Environment=PATH=/bin:/sbin:/usr/bin:/usr/sbin
-Type=simple
+UnsetEnvironment=LANG LANGUAGE LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT LC_IDENTIFICATION
-RestartSec=3600
+Type=oneshot
-TimeoutSec=3000
+ExecStart=/usr/bin/gpupdate --target USER
 Restart=always
 ExecStart=/usr/sbin/gpoa
 [Install]
 WantedBy=default.target
--- a/dist/gpupdate-user.timer
+++ b/dist/gpupdate-user.timer
@@ -0,0 +1,9 @@
 [Unit]
 Description=Run gpupdate-user every hour
 [Timer]
 OnStartupSec=60min
 OnUnitActiveSec=60min
 [Install]
 WantedBy=timers.target
--- a/dist/gpupdate.ini
+++ b/dist/gpupdate.ini
@@ -0,0 +1,4 @@
 [gpoa]
 backend = local
 local-policy = default
--- a/dist/gpupdate.service
+++ b/dist/gpupdate.service
@@ -1,13 +1,11 @@
 [Unit]
 Description=Group policy update for machine
-After=sssd.service
+After=syslog.target network-online.target sssd.service
 [Service]
-Environment="PATH=/bin:/sbin:/usr/bin:/usr/sbin"
+Environment=PATH=/bin:/sbin:/usr/bin:/usr/sbin
-Type=simple
+UnsetEnvironment=LANG LANGUAGE LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT LC_IDENTIFICATION
-RestartSec=3600
+Type=oneshot
 TimeoutSec=3000
 Restart=always
 ExecStart=/usr/bin/gpupdate
 StandardOutput=journal
--- a/dist/gpupdate.timer
+++ b/dist/gpupdate.timer
@@ -0,0 +1,9 @@
 [Unit]
 Description=Run gpupdate every hour
 [Timer]
 OnStartupSec=60min
 OnUnitActiveSec=60min
 [Install]
 WantedBy=timers.target
--- a/dist/system-policy-gpupdate
+++ b/dist/system-policy-gpupdate
@@ -1,5 +1,13 @@
 #%PAM-1.0
-session		required	pam_mktemp.so
+session		[success=2 perm_denied=ignore default=die]	pam_localuser.so
-session		required	pam_mkhomedir.so silent
+session		substack	gpupdate-remote-policy
-session		required	pam_limits.so
+session		[default=1]	pam_permit.so
 session		[default=7]	pam_permit.so
 session		[success=1 default=ignore]	pam_succeed_if.so user ingroup users quiet
 session		[default=5]	pam_permit.so
 session		[success=1 default=ignore]	pam_succeed_if.so uid >= 500 quiet
 session		[default=3]	pam_permit.so
 session		[success=1 default=ignore]	pam_succeed_if.so service = systemd-user quiet
 -session	required	pam_oddjob_gpupdate.so
 session		optional	pam_env.so user_readenv=1 conffile=/etc/gpupdate/environment user_envfile=.gpupdate_environment
 session		required	pam_permit.so
--- a/doc/gpoa.1
+++ b/doc/gpoa.1
@@ -45,6 +45,9 @@ Don't run plugins.
 .TP
 \fB--loglevel \fILOGLEVEL\fP
 Set logging verbosity from 0 to 5.
 .TP
 \fB--force\fP
 Force GPT download.
 .
 .SH FILES
 \fB/usr/sbin/gpoa\fR utility uses \fB/usr/share/local-policy/default\fR
@@ -55,8 +58,10 @@ All data is located in \fB/var/cache/gpupdate\fR. Also domain GPTs are
 taken from Samba's \fB/var/cache/samba\fR.
 .
 The settings read from Samba are stored in
-\fB/var/cache/gpupdate/registry.sqlite\fR and "Local Policy" settings
+Dconf. Machine policies are stored in the \fB/etc/dconf/db/policy.d/policy.ini\fR file,
-read from \fB/usr/local/share/local-policy/default\fR are converted
+user policies are stored in the \fB/etc/dconf/db/policy<UID>.d/policy<UID>.ini\fR file
 (where UID is the user ID in the system)."Local Policy" settings
 read from \fB/usr/share/local-policy/\fR are converted
 into GPT and stored as \fB/var/cache/gpupdate/local-policy\fR.
 .SH "SEE ALSO"
 gpupdate(1)
--- a/doc/gpupdate.1
+++ b/doc/gpupdate.1
@@ -43,6 +43,9 @@ Show help.
 .TP
 \fB--user \fIusername\fR
 Run \fBgpupdate\fP for \fIusername\fP.
 .TP
 \fB--force\fP
 Force GPT download.
 .
 .SS "EXIT CODES"
 .TP
--- a/gpoa/backend/init.py
+++ b/gpoa/backend/init.py
@@ -16,11 +16,15 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import logging
 from util.windows import smbcreds
 from .samba_backend import samba_backend
 from .nodomain_backend import nodomain_backend
 from util.logging import log
 from util.config import GPConfig
 from util.util import get_uid_by_username, touch_file
 from util.paths import get_dconf_config_file
 from storage.dconf_registry import Dconf_registry, create_dconf_ini_file, add_preferences_to_global_registry_dict
 def backend_factory(dc, username, is_machine, no_domain = False):
    '''
@@ -30,23 +34,42 @@ def backend_factory(dc, username, is_machine, no_domain = False):
    policies enforced by domain administrators.
    '''
    back = None
-    domain = None
+    config = GPConfig()
-    if not no_domain:
+
    if config.get_backend() == 'samba' and not no_domain:
        if not dc:
            dc = config.get_dc()
            if dc:
                ld = dict({'dc': dc})
                log('D52', ld)
        sc = smbcreds(dc)
        domain = sc.get_domain()
-
+        ldata = dict({'domain': domain, "username": username, 'is_machine': is_machine})
-    if domain:
+        log('D9', ldata)
        logging.debug('Initialize Samba backend for domain: {}'.format(domain))
        try:
            back = samba_backend(sc, username, domain, is_machine)
        except Exception as exc:
-            logging.error('Unable to initialize Samba backend: {}'.format(exc))
+            logdata = dict({'error': str(exc)})
-    else:
+            log('E7', logdata)
-        logging.debug('Initialize local backend with no domain')
+
    if config.get_backend() == 'local' or no_domain:
        log('D8')
        try:
            back = nodomain_backend()
        except Exception as exc:
-            logging.error('Unable to initialize no-domain backend: {}'.format(exc))
+            logdata = dict({'error': str(exc)})
            log('E8', logdata)
    return back
 def save_dconf(username, is_machine, nodomain=None):
    if is_machine:
        uid = None
    else:
        uid = get_uid_by_username(username) if not is_machine else None
    target_file = get_dconf_config_file(uid)
    touch_file(target_file)
    Dconf_registry.apply_template(uid)
    add_preferences_to_global_registry_dict(username, is_machine)
    Dconf_registry.update_dict_to_previous()
    create_dconf_ini_file(target_file,Dconf_registry.global_registry_dict, uid, nodomain)
--- a/gpoa/backend/freeipa_backend.py
+++ b/gpoa/backend/freeipa_backend.py
@@ -16,16 +16,10 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 from util.rpm import (
    install_rpm,
    remove_rpm
 )
-class rpm:
+from .applier_backend import applier_backend
    def __init__(self, name, action):
        self.name = name
        self.action = action
-    def apply(self):
+class freeipa_backend(applier_backend):
    def __init__(self):
        pass
--- a/gpoa/backend/nodomain_backend.py
+++ b/gpoa/backend/nodomain_backend.py
@@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -16,18 +16,14 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import logging
 import os
 from .applier_backend import applier_backend
 from storage import registry_factory
-from gpt.gpt import gpt, get_local_gpt
+from gpt.gpt import get_local_gpt
 from util.util import (
    get_machine_name
 )
-from util.windows import get_sid
+from util.sid import get_sid
 import util.preg
 from util.logging import slogm
 class nodomain_backend(applier_backend):
@@ -35,7 +31,7 @@ class nodomain_backend(applier_backend):
        domain = None
        machine_name = get_machine_name()
        machine_sid = get_sid(domain, machine_name, True)
-        self.storage = registry_factory('registry')
+        self.storage = registry_factory()
        self.storage.set_info('domain', domain)
        self.storage.set_info('machine_name', machine_name)
        self.storage.set_info('machine_sid', machine_sid)
@@ -52,5 +48,6 @@ class nodomain_backend(applier_backend):
        self.storage.wipe_hklm()
        self.storage.wipe_user(self.storage.get_info('machine_sid'))
        local_policy = get_local_gpt(self.sid)
-        local_policy.merge()
+        local_policy.merge_machine()
        local_policy.merge_user()
--- a/gpoa/backend/samba_backend.py
+++ b/gpoa/backend/samba_backend.py
@@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -16,26 +16,37 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import logging
 import os
 # Facility to determine GPTs for user
-from samba.gpclass import check_safe_path, check_refresh_gpo_list
+try:
    from samba.gpclass import check_safe_path
 except ImportError:
    from samba.gp.gpclass import check_safe_path
 from .applier_backend import applier_backend
-from storage import cache_factory, registry_factory
+from storage import registry_factory
 from gpt.gpt import gpt, get_local_gpt
 from gpt.gpo_dconf_mapping import GpoInfoDconf
 from util.util import (
-    get_machine_name,
+    get_machine_name
    is_machine_name
 )
-from util.windows import get_sid
+from util.kerberos import (
-import util.preg
+      machine_kinit
-from util.logging import slogm
+    , machine_kdestroy
 )
 from util.sid import get_sid
 from util.logging import log
 class samba_backend(applier_backend):
    __user_policy_mode_key = '/SOFTWARE/Policies/Microsoft/Windows/System/UserPolicyMode'
    __user_policy_mode_key_win = '/Software/Policies/Microsoft/Windows/System/UserPolicyMode'
    def __init__(self, sambacreds, username, domain, is_machine):
-        self.storage = registry_factory('registry')
+        self.cache_path = '/var/cache/gpupdate/creds/krb5cc_{}'.format(os.getpid())
        self.__kinit_successful = machine_kinit(self.cache_path)
        if not self.__kinit_successful:
            raise Exception('kinit is not successful')
        self.storage = registry_factory()
        self.storage.set_info('domain', domain)
        machine_name = get_machine_name()
        machine_sid = get_sid(domain, machine_name, is_machine)
@@ -50,57 +61,133 @@ class samba_backend(applier_backend):
        else:
            self.sid = get_sid(self.storage.get_info('domain'), self.username)
        self.cache = cache_factory('regpol_cache')
        self.gpo_names = cache_factory('gpo_names')
        # Samba objects - LoadParm() and CredentialsOptions()
        self.sambacreds = sambacreds
        self.cache_dir = self.sambacreds.get_cache_dir()
-        logging.debug(slogm('Cache directory is: {}'.format(self.cache_dir)))
+        self.gpo_cache_part ='gpo_cache'
        self._cached = False
        self.storage.set_info('cache_dir', os.path.join(self.cache_dir, self.gpo_cache_part))
        logdata = dict({'cachedir': self.cache_dir})
        log('D7', logdata)
    def __del__(self):
        if self.__kinit_successful:
            machine_kdestroy()
    def get_policy_mode(self):
        '''
        Get UserPolicyMode parameter value in order to determine if it
        is possible to work with user's part of GPT. This value is
        checked only if working for user's SID.
        '''
        upm_key = self.storage.get_key_value(self.__user_policy_mode_key)
        upm_win_key = self.storage.get_key_value(self.__user_policy_mode_key_win)
        upm = upm_key if upm_key else upm_win_key
        if upm:
            upm = int(upm)
            if upm < 0 or upm > 2:
                upm = 0
        else:
            upm = 0
        return upm
    def retrieve_and_store(self):
        '''
        Retrieve settings and strore it in a database
        '''
        # Get policies for machine at first.
-        machine_gpts = self._get_gpts(get_machine_name(), self.storage.get_info('machine_sid'))
+        machine_gpts = list()
-        self.storage.wipe_hklm()
+        try:
-        self.storage.wipe_user(self.storage.get_info('machine_sid'))
+            machine_gpts = self._get_gpts(get_machine_name(), self.storage.get_info('machine_sid'))
-        for gptobj in machine_gpts:
+        except Exception as exc:
-            gptobj.merge()
+            log('F2')
            raise exc
        if self._is_machine_username:
            for gptobj in machine_gpts:
                try:
                    gptobj.merge_machine()
                except Exception as exc:
                    logdata = dict()
                    logdata['msg'] = str(exc)
                    log('E26', logdata)
        # Load user GPT values in case user's name specified
        # This is a buggy implementation and should be tested more
-        if not self._is_machine_username:
+        else:
-            user_gpts = self._get_gpts(self.username, self.sid)
+            user_gpts = list()
-            self.storage.wipe_user(self.sid)
+            try:
-            for gptobj in user_gpts:
+                user_gpts = self._get_gpts(self.username, self.sid)
-                gptobj.merge()
+            except Exception as exc:
                log('F3')
                raise exc
            # Merge user settings if UserPolicyMode set accordingly
            # and user settings (for HKCU) are exist.
            policy_mode = self.get_policy_mode()
            logdata = dict({'mode': upm2str(policy_mode), 'sid': self.sid})
            log('D152', logdata)
            if policy_mode < 2:
                for gptobj in user_gpts:
                    try:
                        gptobj.merge_user()
                    except Exception as exc:
                        logdata = dict()
                        logdata['msg'] = str(exc)
                        log('E27', logdata)
            if policy_mode > 0:
                for gptobj in machine_gpts:
                    try:
                        gptobj.sid = self.sid
                        gptobj.merge_user()
                    except Exception as exc:
                        logdata = dict()
                        logdata['msg'] = str(exc)
                        log('E63', logdata)
    def _check_sysvol_present(self, gpo):
        '''
        Check if there is SYSVOL path for GPO assigned
        '''
        self._cached = False
        if not gpo.file_sys_path:
            # GPO named "Local Policy" has no entry by its nature so
            # no reason to print warning.
-            if 'Local Policy' != gpo.name:
+            if gpo.display_name in self.storage._dict_gpo_name_version_cache.keys():
-                logging.warning(slogm('No SYSVOL entry assigned to GPO {}'.format(gpo.name)))
+                gpo.file_sys_path = self.storage._dict_gpo_name_version_cache.get(gpo.display_name, {}).get('correct_path')
                self._cached = True
                return True
            elif 'Local Policy' != gpo.name:
                logdata = dict({'gponame': gpo.name})
                log('W4', logdata)
            return False
        return True
    def _get_gpts(self, username, sid):
        gpts = list()
        log('D45', {'username': username, 'sid': sid})
        # util.windows.smbcreds
        gpos = self.sambacreds.update_gpos(username)
        log('D46')
        for gpo in gpos:
            if self._check_sysvol_present(gpo):
-                logging.debug(slogm('Found SYSVOL entry "{}" for GPO "{}"'.format(gpo.file_sys_path, gpo.display_name)))
+                if not self._cached:
-                path = check_safe_path(gpo.file_sys_path).upper()
+                    path = check_safe_path(gpo.file_sys_path).upper()
-                logging.debug(slogm('Path: {}'.format(path)))
+                    slogdata = dict({'sysvol_path': gpo.file_sys_path, 'gpo_name': gpo.display_name, 'gpo_path': path})
-                gpt_abspath = os.path.join(self.cache_dir, 'gpo_cache', path)
+                    log('D30', slogdata)
-                obj = gpt(gpt_abspath, sid)
+                    gpt_abspath = os.path.join(self.cache_dir, self.gpo_cache_part, path)
                else:
                    gpt_abspath = gpo.file_sys_path
                    log('D211', {'sysvol_path': gpo.file_sys_path, 'gpo_name': gpo.display_name})
                if self._is_machine_username:
                    obj = gpt(gpt_abspath, sid, None, GpoInfoDconf(gpo))
                else:
                    obj = gpt(gpt_abspath, sid, self.username, GpoInfoDconf(gpo))
                obj.set_name(gpo.display_name)
                gpts.append(obj)
            else:
@@ -109,3 +196,16 @@ class samba_backend(applier_backend):
        return gpts
 def upm2str(upm_num):
    '''
    Translate UserPolicyMode to string.
    '''
    result = 'Not configured'
    if upm_num in [1, '1']:
        result = 'Merge'
    if upm_num in [2, '2']:
        result = 'Replace'
    return result
--- a/gpoa/frontend/applier_frontend.py
+++ b/gpoa/frontend/applier_frontend.py
@@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -18,6 +18,60 @@
 from abc import ABC
 def check_experimental_enabled(storage):
    experimental_enable_flag = '/Software/BaseALT/Policies/GPUpdate/GlobalExperimental'
    flag = storage.get_key_value(experimental_enable_flag)
    result = False
    if flag and '1' == str(flag):
        result = True
    return result
 def check_windows_mapping_enabled(storage):
    windows_mapping_enable_flag = '/Software/BaseALT/Policies/GPUpdate/WindowsPoliciesMapping'
    flag = storage.get_key_value(windows_mapping_enable_flag)
    result = True
    flag = str(flag)
    if flag and '0' == flag:
        result = False
    return result
 def check_module_enabled(storage, module_name):
    gpupdate_module_enable_branch = '/Software/BaseALT/Policies/GPUpdate'
    gpupdate_module_flag = '{}/{}'.format(gpupdate_module_enable_branch, module_name)
    flag = storage.get_key_value(gpupdate_module_flag)
    result = None
    flag = str(flag)
    if flag and flag!='None':
        if '1' == flag:
            result =  True
        else:
            result =  False
    return result
 def check_enabled(storage, module_name, is_experimental):
    module_enabled = check_module_enabled(storage, module_name)
    exp_enabled = check_experimental_enabled(storage)
    result = False
    if None == module_enabled:
        if is_experimental and exp_enabled:
            result = True
        if not is_experimental:
            result = True
    else:
        result = module_enabled
    return result
 class applier_frontend(ABC):
    @classmethod
    def __init__(self, regobj):
--- a/gpoa/frontend/appliers/control.py
+++ b/gpoa/frontend/appliers/control.py
@@ -17,15 +17,29 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import subprocess
-import threading
+from util.logging import log
-import logging
+
-from util.logging import slogm
+def control_subst(preg_name):
    '''
    This is a workaround for control names which can't be used in
    PReg/ADMX files.
    '''
    control_triggers = dict()
    control_triggers['dvd_rw-format'] = 'dvd+rw-format'
    control_triggers['dvd_rw-mediainfo'] = 'dvd+rw-mediainfo'
    control_triggers['dvd_rw-booktype'] = 'dvd+rw-booktype'
    result = preg_name
    if preg_name in control_triggers:
        result = control_triggers[preg_name]
    return result
 class control:
    def __init__(self, name, value):
        if type(value) != int and type(value) != str:
            raise Exception('Unknown type of value for control')
-        self.control_name = name
+        self.control_name = control_subst(name)
        self.control_value = value
        self.possible_values = self._query_control_values()
        if self.possible_values == None:
@@ -39,10 +53,12 @@ class control:
        values = list()
        popen_call = ['/usr/sbin/control', self.control_name, 'list']
-        with subprocess.Popen(popen_call, stdout=subprocess.PIPE) as proc:
+        with subprocess.Popen(popen_call, stdout=subprocess.PIPE, stderr=subprocess.PIPE) as proc:
            values = proc.stdout.readline().decode('utf-8').split()
            valErr = proc.stderr.readline().decode('utf-8')
            if valErr:
                raise ValueError(valErr)
            proc.wait()
        return values
    def _map_control_status(self, int_status):
@@ -52,7 +68,11 @@ class control:
        try:
            str_status = self.possible_values[int_status]
        except IndexError as exc:
-            logging.error(slogm('Error getting control ({}) value from {} by index {}'.format(self.control_name, self.possible_values, int_status)))
+            logdata = dict()
            logdata['control'] = self.control_name
            logdata['value from'] = self.possible_values
            logdata['by index'] = int_status
            log('E41', )
            str_status = None
        return str_status
@@ -77,20 +97,30 @@ class control:
        if type(self.control_value) == int:
            status = self._map_control_status(self.control_value)
            if status == None:
-                logging.error(slogm('\'{}\' is not in possible values for control {}'.format(self.control_value, self.control_name)))
+                logdata = dict()
                logdata['control'] = self.control_name
                logdata['inpossible values'] = self.control_value
                log('E42', logdata)
                return
        elif type(self.control_value) == str:
            if self.control_value not in self.possible_values:
-                logging.error(slogm('\'{}\' is not in possible values for control {}'.format(self.control_value, self.control_name)))
+                logdata = dict()
                logdata['control'] = self.control_name
                logdata['inpossible values'] = self.control_value
                log('E59', logdata)
                return
            status = self.control_value
-
+        logdata = dict()
-        logging.debug(slogm('Setting control {} to {}'.format(self.control_name, status)))
+        logdata['control'] = self.control_name
        logdata['status'] = status
        log('D68', logdata)
        try:
            popen_call = ['/usr/sbin/control', self.control_name, status]
            with subprocess.Popen(popen_call, stdout=subprocess.PIPE) as proc:
                proc.wait()
        except:
-            logging.error(slogm('Unable to set {} to {}'.format(self.control_name, status)))
+            logdata = dict()
-
+            logdata['control'] = self.control_name
            logdata['status'] = status
            log('E43', logdata)
--- a/gpoa/frontend/appliers/envvar.py
+++ b/gpoa/frontend/appliers/envvar.py
@@ -0,0 +1,133 @@
 #
 # GPOA - GPO Applier for Linux
 #
 # Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 from os.path import isfile
 from util.arguments import (
      FileAction
    , action_letter2enum
 )
 from util.windows import expand_windows_var
 from util.util import get_homedir
 from util.logging import log
 class Envvar:
    __envvar_file_path = '/etc/gpupdate/environment'
    __envvar_file_path_user = '/.gpupdate_environment'
    def __init__(self, envvars, username=''):
        self.username = username
        self.envvars = envvars
        if self.username == 'root':
            self.envvar_file_path = Envvar.__envvar_file_path
        else:
            self.envvar_file_path = get_homedir(self.username) + Envvar.__envvar_file_path_user
    @staticmethod
    def clear_envvar_file(username = False):
        if username:
            file_path = get_homedir(username) + Envvar.__envvar_file_path_user
        else:
            file_path = Envvar.__envvar_file_path
        try:
            with open(file_path, 'w') as file:
                file.write('')
            log('D215', {'path':file_path})
        except Exception as exc:
            log('D216', {'path': file_path, 'exc': exc})
    def _open_envvar_file(self):
        fd = None
        if isfile(self.envvar_file_path):
            fd = open(self.envvar_file_path, 'r+')
        else:
            fd = open(self.envvar_file_path, 'w')
            fd.close()
            fd = open(self.envvar_file_path, 'r+')
        return fd
    def _create_action(self, create_dict, envvar_file):
        lines_old = envvar_file.readlines()
        lines_new = list()
        for name in create_dict:
            exist = False
            for line in lines_old:
                if line.startswith(name + '='):
                    exist = True
                    break
            if not exist:
                lines_new.append(name + '=' + create_dict[name] + '\n')
        if len(lines_new) > 0:
            envvar_file.writelines(lines_new)
    def _delete_action(self, delete_dict, envvar_file):
        lines = envvar_file.readlines()
        deleted = False
        for name in delete_dict:
            for line in lines:
                if line.startswith(name + '='):
                    lines.remove(line)
                    deleted = True
                    break
        if deleted:
            envvar_file.writelines(lines)
    def act(self):
        if isfile(self.envvar_file_path):
            with open(self.envvar_file_path, 'r') as f:
                lines = f.readlines()
        else:
            lines = list()
        file_changed = False
        for envvar_object in self.envvars:
            action = action_letter2enum(envvar_object.action)
            name = envvar_object.name
            value = expand_windows_var(envvar_object.value, self.username)
            if value != envvar_object.value:
                #slashes are replaced only if the change of variables was performed and we consider the variable as a path to a file or directory
                value = value.replace('\\', '/')
            exist_line = None
            for line in lines:
                if line == '\n':
                    continue
                if line.split()[0] == name:
                    exist_line = line
                    break
            if exist_line != None:
                if action == FileAction.CREATE:
                    pass
                if action == FileAction.DELETE:
                    lines.remove(exist_line)
                    file_changed = True
                if action == FileAction.UPDATE or action == FileAction.REPLACE:
                    if exist_line.split()[1].split('=')[1].replace('"', '') != value: #from 'NAME DEFAULT=value' cut value and compare, don`t change if it matches
                        lines.remove(exist_line)
                        lines.append(name + ' ' + 'DEFAULT=\"' + value + '\"\n')
                        file_changed = True
            else:
                if action == FileAction.CREATE or action == FileAction.UPDATE or action == FileAction.REPLACE:
                    lines.append(name + ' ' + 'DEFAULT=\"' + value + '\"\n')
                    file_changed = True
                if action == FileAction.DELETE:
                    pass
        if file_changed:
            with open(self.envvar_file_path, 'w') as f:
                f.writelines(lines)
--- a/gpoa/frontend/appliers/file_cp.py
+++ b/gpoa/frontend/appliers/file_cp.py
@@ -0,0 +1,268 @@
 #
 # GPOA - GPO Applier for Linux
 #
 # Copyright (C) 2019-2022 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 from util.arguments import (
      FileAction
    , action_letter2enum
 )
 from .folder import str2bool
 from util.logging import log
 import shutil
 from pathlib import Path
 from util.windows import expand_windows_var
 from util.util import get_homedir
 from util.exceptions import NotUNCPathError
 from util.paths import UNCPath
 import fnmatch
 class Files_cp:
    def __init__(self, file_obj, file_cache, exe_check, username=None):
        self.file_cache = file_cache
        self.exe_check = exe_check
        targetPath = expand_windows_var(file_obj.targetPath, username).replace('\\', '/')
        self.targetPath = check_target_path(targetPath, username)
        if not self.targetPath:
            return
        self.fromPath = (expand_windows_var(file_obj.fromPath, username).replace('\\', '/')
                        if file_obj.fromPath else None)
        self.isTargetPathDirectory = False
        self.action = action_letter2enum(file_obj.action)
        self.readOnly = str2bool(file_obj.readOnly)
        self.archive = str2bool(file_obj.archive)
        self.hidden = str2bool(file_obj.hidden)
        self.suppress = str2bool(file_obj.suppress)
        self.executable = str2bool(file_obj.executable)
        self.username = username
        self.fromPathFiles = list()
        if self.fromPath:
            if targetPath[-1] == '/' or self.is_pattern(Path(self.fromPath).name):
                self.isTargetPathDirectory = True
            self.get_list_files()
        self.act()
    def get_target_file(self, targetPath:Path, fromFile:str) -> Path:
        try:
            if fromFile:
                fromFileName = Path(fromFile).name
                if self.isTargetPathDirectory:
                    targetPath.mkdir(parents = True, exist_ok = True)
                else:
                    targetPath.parent.mkdir(parents = True, exist_ok = True)
                    targetPath = targetPath.parent
                    fromFileName = self.targetPath.name
                if self.hidden:
                    return targetPath.joinpath('.' + fromFileName)
                else:
                    return targetPath.joinpath(fromFileName)
            else:
                if not self.hidden:
                    return targetPath
                else:
                    return targetPath.parent.joinpath('.' + targetPath.name)
        except Exception as exc:
            logdata = dict()
            logdata['targetPath'] = targetPath
            logdata['fromFile'] = fromFile
            logdata['exc'] = exc
            log('D163', logdata)
        return None
    def copy_target_file(self, targetFile:Path, fromFile:str):
        try:
            uri_path = UNCPath(fromFile)
            self.file_cache.store(fromFile, targetFile)
        except NotUNCPathError as exc:
            fromFilePath = Path(fromFile)
            if fromFilePath.exists():
                targetFile.write_bytes(fromFilePath.read_bytes())
        except Exception as exc:
            logdata = dict()
            logdata['targetFile'] = targetFile
            logdata['fromFile'] = fromFile
            logdata['exc'] = exc
            log('W15', logdata)
    def set_exe_file(self, targetFile, fromFile):
        if self.executable:
            return True
        if Path(fromFile).suffix in self.exe_check.get_list_markers():
            targetPath = targetFile.parent
            for i in self.exe_check.get_list_paths():
                if targetPath == Path(i):
                    return True
        return False
    def set_mod_file(self, targetFile, fromFile):
        if not targetFile.is_file():
            return
        if self.set_exe_file(targetFile, fromFile):
            if self.readOnly:
                shutil.os.chmod(targetFile, 0o555)
            else:
                shutil.os.chmod(targetFile, 0o755)
        else:
            if self.readOnly:
                shutil.os.chmod(targetFile, 0o444)
            else:
                shutil.os.chmod(targetFile, 0o644)
    def _create_action(self):
        logdata = dict()
        for fromFile in self.fromPathFiles:
            targetFile = None
            try:
                targetFile = self.get_target_file(self.targetPath, fromFile)
                if targetFile and not targetFile.exists():
                    self.copy_target_file(targetFile, fromFile)
                    if self.username:
                        shutil.chown(targetFile, self.username)
                    self.set_mod_file(targetFile, fromFile)
                    logdata['File'] = targetFile
                    log('D191', logdata)
            except Exception as exc:
                logdata['exc'] = exc
                logdata['fromPath'] = fromFile
                logdata['targetPath'] = self.targetPath
                logdata['targetFile'] = targetFile
                log('D164', logdata)
    def _delete_action(self):
        list_target = [self.targetPath.name]
        if self.is_pattern(self.targetPath.name) and self.targetPath.parent.exists() and self.targetPath.parent.is_dir():
            list_target = fnmatch.filter([str(x.name) for x in self.targetPath.parent.iterdir() if x.is_file()], self.targetPath.name)
        logdata = dict()
        for targetFile in list_target:
            targetFile = self.targetPath.parent.joinpath(targetFile)
            try:
                if targetFile.exists():
                    targetFile.unlink()
                    logdata['File'] = targetFile
                    log('D193', logdata)
            except Exception as exc:
                logdata['exc'] = exc
                logdata['targetPath'] = self.targetPath
                logdata['targetFile'] = targetFile
                log('D165', logdata)
    def _update_action(self):
        logdata = dict()
        for fromFile in self.fromPathFiles:
            targetFile = self.get_target_file(self.targetPath, fromFile)
            try:
                self.copy_target_file(targetFile, fromFile)
                if self.username:
                    shutil.chown(self.targetPath, self.username)
                self.set_mod_file(targetFile, fromFile)
                logdata['File'] = targetFile
                log('D192', logdata)
            except Exception as exc:
                logdata['exc'] = exc
                logdata['fromPath'] = self.fromPath
                logdata['targetPath'] = self.targetPath
                logdata['targetFile'] = targetFile
                log('D166', logdata)
    def act(self):
        if self.action == FileAction.CREATE:
            self._create_action()
        if self.action == FileAction.UPDATE:
            self._update_action()
        if self.action == FileAction.DELETE:
            self._delete_action()
        if self.action == FileAction.REPLACE:
            self._delete_action()
            self._create_action()
    def is_pattern(self, name):
        if name.find('*') != -1 or name.find('?') != -1:
            return True
        else:
            return False
    def get_list_files(self):
        logdata = dict()
        logdata['targetPath'] = str(self.targetPath)
        fromFilePath = Path(self.fromPath)
        if not self.is_pattern(fromFilePath.name):
            self.fromPathFiles.append(self.fromPath)
        else:
            fromPathDir = self.fromPath[:self.fromPath.rfind('/')]
            try:
                uri_path = UNCPath(fromPathDir)
                ls_files = self.file_cache.get_ls_smbdir(fromPathDir)
                if ls_files:
                    filtered_ls_files = fnmatch.filter(ls_files, fromFilePath.name)
                    if filtered_ls_files:
                        self.fromPathFiles = [fromPathDir + '/' + file_s for file_s in filtered_ls_files]
            except NotUNCPathError as exc:
                try:
                    exact_path = Path(fromPathDir)
                    if exact_path.is_dir():
                        self.fromPathFiles = [str(fromFile) for fromFile in exact_path.iterdir() if fromFile.is_file()]
                except Exception as exc:
                    logdata['fromPath'] = self.fromPath
                    logdata['exc'] = exc
                    log('W3316', logdata)
            except Exception as exc:
                logdata['fromPath'] = self.fromPath
                logdata['exc'] = exc
                log('W3317', logdata)
 def check_target_path(path_to_check, username = None):
    '''
    Function for checking the correctness of the path
    '''
    if not path_to_check:
        return None
    checking = Path(path_to_check)
    rootpath = Path('/')
    if username:
        rootpath = Path(get_homedir(username))
    return rootpath.joinpath(checking)
 class Execution_check():
    __etension_marker_key_name = 'ExtensionMarker'
    __marker_usage_path_key_name = 'MarkerUsagePath'
    __hklm_branch = 'Software\\BaseALT\\Policies\\GroupPolicies\\Files'
    def __init__(self, storage):
        etension_marker_branch = '{}\\{}%'.format(self.__hklm_branch, self.__etension_marker_key_name)
        marker_usage_path_branch = '{}\\{}%'.format(self.__hklm_branch, self.__marker_usage_path_key_name)
        self.etension_marker = storage.filter_hklm_entries(etension_marker_branch)
        self.marker_usage_path = storage.filter_hklm_entries(marker_usage_path_branch)
        self.list_paths = list()
        self.list_markers = list()
        for marker in self.etension_marker:
            self.list_markers.append(marker.data)
        for usage_path in self.marker_usage_path:
            self.list_paths.append(usage_path.data)
    def get_list_paths(self):
        return self.list_paths
    def get_list_markers(self):
        return self.list_markers
--- a/gpoa/frontend/appliers/firewall_rule.py
+++ b/gpoa/frontend/appliers/firewall_rule.py
@@ -0,0 +1,97 @@
 #
 # GPOA - GPO Applier for Linux
 #
 # Copyright (C) 2019-2020 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 from enum import Enum
 import subprocess
 def getprops(param_list):
    props = dict()
    for entry in param_list:
        lentry = entry.lower()
        if lentry.startswith('action'):
            props['action'] = lentry.rpartition('=')[2]
        if lentry.startswith('protocol'):
            props['protocol'] = lentry.rpartition('=')[2]
        if lentry.startswith('dir'):
            props['dir'] = lentry.rpartition('=')[2]
    return props
 def get_ports(param_list):
    portlist = list()
    for entry in param_list:
        lentry = entry.lower()
        if lentry.startswith('lport'):
            port = lentry.rpartition('=')[2]
            portlist.append(port)
    return portlist
 class PortState(Enum):
    OPEN = 'Allow'
    CLOSE = 'Deny'
 class Protocol(Enum):
    TCP = 'tcp'
    UDP = 'udp'
 class FirewallMode(Enum):
    ROUTER = 'router'
    GATEWAY = 'gateway'
    HOST = 'host'
 # This shi^Wthing named alterator-net-iptables is unable to work in
 # multi-threaded environment
 class FirewallRule:
    __alterator_command = '/usr/bin/alterator-net-iptables'
    def __init__(self, data):
        data_array = data.split('|')
        self.version = data_array[0]
        self.ports = get_ports(data_array[1:])
        self.properties = getprops(data_array[1:])
    def apply(self):
        tcp_command = []
        udp_command = []
        for port in self.ports:
            tcp_port = '{}'.format(port)
            udp_port = '{}'.format(port)
            if PortState.OPEN.value == self.properties['action']:
                tcp_port = '+' + tcp_port
                udp_port = '+' + udp_port
            if PortState.CLOSE.value == self.properties['action']:
                tcp_port = '-' + tcp_port
                udp_port = '-' + udp_port
            portcmd = [
                  self.__alterator_command
                , 'write'
                , '-m', FirewallMode.HOST.value
                , '-t', tcp_port
                , '-u', udp_port
            ]
            proc = subprocess.Popen(portcmd)
            proc.wait()
--- a/gpoa/frontend/appliers/folder.py
+++ b/gpoa/frontend/appliers/folder.py
@@ -0,0 +1,95 @@
 #
 # GPOA - GPO Applier for Linux
 #
 # Copyright (C) 2019-2020 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 from pathlib import Path
 from util.arguments import (
      FileAction
    , action_letter2enum
 )
 from util.windows import expand_windows_var
 from util.util import get_homedir
 def remove_dir_tree(path, delete_files=False, delete_folder=False, delete_sub_folders=False):
    content = list()
    for entry in path.iterdir():
        content.append(entry)
        if entry.is_file() and delete_files:
            entry.unlink()
            content.remove(entry)
        if entry.is_dir() and delete_sub_folders:
            content.remove(entry)
            content.extend(remove_dir_tree(entry, delete_files, delete_folder, delete_sub_folders))
    if delete_folder and not content:
        path.rmdir()
    return content
 def str2bool(boolstr):
    if isinstance(boolstr, bool):
        return boolstr
    elif boolstr and boolstr.lower() in ['true', 'yes', '1']:
        return True
    return False
 class Folder:
    def __init__(self, folder_object, username=None):
        folder_path = expand_windows_var(folder_object.path, username).replace('\\', '/').replace('//', '/')
        if username:
            folder_path = folder_path.replace(get_homedir(username), '')
            self.folder_path = Path(get_homedir(username)).joinpath(folder_path if folder_path [0] != '/' else folder_path [1:])
        else:
            self.folder_path = Path(folder_path)
        self.action = action_letter2enum(folder_object.action)
        self.delete_files = str2bool(folder_object.delete_files)
        self.delete_folder = str2bool(folder_object.delete_folder)
        self.delete_sub_folders = str2bool(folder_object.delete_sub_folders)
        self.hidden_folder = str2bool(folder_object.hidden_folder)
    def _create_action(self):
        self.folder_path.mkdir(parents=True, exist_ok=True)
    def _delete_action(self):
        if self.folder_path.exists():
            if self.action == FileAction.REPLACE:
                self.delete_folder = True
            remove_dir_tree(self.folder_path,
                self.delete_files,
                self.delete_folder,
                self.delete_sub_folders)
    def act(self):
        if self.hidden_folder == True and str(self.folder_path.name)[0] != '.':
            path_components = list(self.folder_path.parts)
            path_components[-1] = '.' + path_components[-1]
            new_folder_path = Path(*path_components)
            self.folder_path = new_folder_path
        if self.action == FileAction.CREATE:
            self._create_action()
        if self.action == FileAction.UPDATE:
            self._create_action()
        if self.action == FileAction.DELETE:
            self._delete_action()
        if self.action == FileAction.REPLACE:
            self._delete_action()
            self._create_action()
--- a/gpoa/frontend/appliers/gsettings.py
+++ b/gpoa/frontend/appliers/gsettings.py
@@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2021 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -18,50 +18,158 @@
 import configparser
 import os
 import logging
 from gi.repository import Gio, GLib
-from util.logging import slogm
+from util.logging import log
 class system_gsetting:
-    __global_schema = '/usr/share/glib-2.0/schemas'
+    def __init__(self, schema, path, value, lock, helper_function=None):
    def __init__(self, schema, path, value, override_priority='0'):
        self.schema = schema
        self.path = path
        self.value = value
-        self.override_priority = override_priority
+        self.lock = lock
-        self.filename = '{}_policy.gschema.override'.format(self.override_priority)
+        self.helper_function = helper_function
-        self.file_path = os.path.join(self.__global_schema, self.filename)
+
    def apply(self, settings, config, locks):
        try:
            config.add_section(self.schema)
        except configparser.DuplicateSectionError:
            pass
        value = self.value
        if self.helper_function:
            value = self.helper_function(self.schema, self.path, value)
        result = glib_value(self.schema, self.path, value, settings)
        config.set(self.schema, self.path, str(result))
        if self.lock:
            lock_path = dconf_path(settings, self.path)
            locks.append(lock_path)
 class system_gsettings:
    __path_local_dir = '/etc/dconf/db/local.d'
    __path_locks = '/etc/dconf/db/policy.d/locks/policy'
    __path_profile = '/etc/dconf/profile/user'
    __profile_data = 'user-db:user\nsystem-db:policy\nsystem-db:local\n'
    def __init__(self, override_file_path):
        self.gsettings = list()
        self.locks = list()
        self.override_file_path = override_file_path
    def append(self, schema, path, data, lock, helper):
        if check_existing_gsettings(schema, path):
            self.gsettings.append(system_gsetting(schema, path, data, lock, helper))
        else:
            logdata = dict()
            logdata['schema'] = schema
            logdata['path'] = path
            logdata['data'] = data
            logdata['lock'] = lock
            log('D150', logdata)
    def apply(self):
        config = configparser.ConfigParser()
        try:
            config.read(self.file_path)
        except Exception as exc:
            logging.error(slogm(exc))
        config.add_section(self.schema)
        config.set(self.schema, self.path, self.value)
-        with open(self.file_path, 'w') as f:
+        for gsetting in self.gsettings:
            logdata = dict()
            logdata['gsetting.schema'] = gsetting.schema
            logdata['gsetting.path'] = gsetting.path
            logdata['gsetting.value'] = gsetting.value
            logdata['gsetting.lock'] = gsetting.lock
            settings = Gio.Settings(schema=gsetting.schema)
            log('D89', logdata)
            gsetting.apply(settings, config, self.locks)
        with open(self.override_file_path, 'w') as f:
            config.write(f)
        os.makedirs(self.__path_local_dir, mode=0o755, exist_ok=True)
        os.makedirs(os.path.dirname(self.__path_locks), mode=0o755, exist_ok=True)
        os.makedirs(os.path.dirname(self.__path_profile), mode=0o755, exist_ok=True)
        try:
            os.remove(self.__path_locks)
        except OSError as error:
            pass
        file_locks = open(self.__path_locks,'w')
        for lock in self.locks:
            file_locks.write(lock +'\n')
        file_locks.close()
        profile = open(self.__path_profile ,'w')
        profile.write(self.__profile_data)
        profile.close()
 def glib_map(value, glib_type):
    result_value = value
    if glib_type == 'i' or glib_type == 'b' or glib_type == 'q':
        result_value = GLib.Variant(glib_type, int(value))
    else:
        result_value = GLib.Variant(glib_type, value)
    return result_value
 def dconf_path(settings, path):
    return settings.get_property("path") + path
 def glib_value(schema, path, value, settings):
    # Get the key to modify
    key = settings.get_value(path)
    # Query the data type for the key
    glib_value_type = key.get_type_string()
    # Build the new value with the determined type
    return glib_map(value, glib_value_type)
 def check_existing_gsettings (schema, path):
    source = Gio.SettingsSchemaSource.get_default()
    sourceSchema = (source.lookup(schema, False))
    if bool(sourceSchema) and sourceSchema.has_key(path):
        return True
    else:
        return False
 class user_gsettings:
    def __init__(self):
        self.gsettings = list()
    def append(self, schema, path, value, helper=None):
        if check_existing_gsettings(schema, path):
            self.gsettings.append(user_gsetting(schema, path, value, helper))
        else:
            logdata = dict()
            logdata['schema'] = schema
            logdata['path'] = path
            logdata['data'] = value
            log('D151', logdata)
    def apply(self):
        for gsetting in self.gsettings:
            logdata = dict()
            logdata['gsetting.schema'] = gsetting.schema
            logdata['gsetting.path'] = gsetting.path
            logdata['gsetting.value'] = gsetting.value
            log('D85', logdata)
            gsetting.apply()
 class user_gsetting:
-    def __init__(self, schema, path, value):
+    def __init__(self, schema, path, value, helper_function=None):
        self.schema = schema
        self.path = path
        self.value = value
        self.helper_function = helper_function
    def apply(self):
-        source = Gio.SettingsSchemaSource.get_default()
+        # Access the current schema
-        schema = source.lookup(self.schema, True)
+        settings = Gio.Settings(schema=self.schema)
-        key = schema.get_key(self.path)
+        # Update result with helper function
-        gvformat = key.get_value_type()
+        value = self.value
-        val = GLib.Variant(gvformat.dup_string(), self.value)
+        if self.helper_function:
-        schema.set_value(self.path, val)
+            value = self.helper_function(self.schema, self.path, value)
-        #gso = Gio.Settings.new(self.schema)
+        # Get typed value by schema
-        #variants = gso.get_property(self.path)
+        result = glib_value(self.schema, self.path, value, settings)
-        #if (variants.has_key(self.path)):
+        # Set the value
-        #    key = variants.get_key(self.path)
+        settings.set_value(self.path, result)
-        #    print(key.get_range())
+        settings.sync()
--- a/gpoa/frontend/appliers/ini_file.py
+++ b/gpoa/frontend/appliers/ini_file.py
@@ -0,0 +1,114 @@
 #
 # GPOA - GPO Applier for Linux
 #
 # Copyright (C) 2019-2022 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 from util.arguments import (
      FileAction
    , action_letter2enum
 )
 from util.logging import log
 from pathlib import Path
 from util.windows import expand_windows_var
 from util.util import get_homedir
 from util.gpoa_ini_parsing import GpoaConfigObj
 class Ini_file:
    def __init__(self, ini_obj, username=None):
        path = expand_windows_var(ini_obj.path, username).replace('\\', '/')
        self.path = check_path(path, username)
        if not self.path:
            logdata = {'path': ini_obj.path}
            log('D175', logdata)
            return None
        self.section = ini_obj.section
        self.action = action_letter2enum(ini_obj.action)
        self.key = ini_obj.property
        self.value = ini_obj.value
        try:
            self.config = GpoaConfigObj(str(self.path), unrepr=False)
        except Exception as exc:
            logdata = {'exc': exc}
            log('D176', logdata)
            return
        self.act()
    def _create_action(self):
        if self.path.is_dir():
            return
        if self.section not in self.config:
            self.config[self.section] = dict()
        self.config[self.section][self.key] = self.value
        self.config.write()
    def _delete_action(self):
        if not self.path.exists() or self.path.is_dir():
            return
        if not self.section:
            self.path.unlink()
            return
        if self.section in self.config:
            if not self.key:
                self.config.pop(self.section)
            elif self.key in self.config[self.section]:
                self.config[self.section].pop(self.key)
        self.config.write()
    def act(self):
        try:
            if self.action == FileAction.CREATE:
                self._create_action()
            if self.action == FileAction.UPDATE:
                self._create_action()
            if self.action == FileAction.DELETE:
                self._delete_action()
            if self.action == FileAction.REPLACE:
                self._create_action()
        except Exception as exc:
            logdata = dict()
            logdata['action'] = self.action
            logdata['exc'] = exc
            log('W23', logdata)
 def check_path(path_to_check, username = None):
    '''
    Function for checking the right path for Inifile
    '''
    checking = Path(path_to_check)
    if checking.exists():
        if username and path_to_check == '/':
            return Path(get_homedir(username))
        return checking
    #Check for path directory without '/nameIni' suffix
    elif (len(path_to_check.split('/')) > 2
          and Path(path_to_check.replace(path_to_check.split('/')[-1], '')).is_dir()):
        return checking
    elif username:
        target_path = Path(get_homedir(username))
        res = target_path.joinpath(path_to_check
                                    if path_to_check[0] != '/'
                                    else path_to_check[1:])
        return check_path(str(res))
    else:
        return False
--- a/gpoa/frontend/appliers/netshare.py
+++ b/gpoa/frontend/appliers/netshare.py
@@ -0,0 +1,90 @@
 #
 # GPOA - GPO Applier for Linux
 #
 # Copyright (C) 2019-2022 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import subprocess
 from util.arguments import (
      FileAction
    , action_letter2enum
 )
 from util.logging import log
 from util.windows import expand_windows_var
 class Networkshare:
    def __init__(self, networkshare_obj, username = None):
        self.net_full_cmd = ['/usr/bin/net', 'usershare']
        self.net_cmd_check = ['/usr/bin/net', 'usershare', 'list']
        self.cmd = list()
        self.name = networkshare_obj.name
        self.path = expand_windows_var(networkshare_obj.path, username).replace('\\', '/') if networkshare_obj.path else None
        self.action = action_letter2enum(networkshare_obj.action)
        self.allRegular =  networkshare_obj.allRegular
        self.comment = networkshare_obj.comment
        self.limitUsers = networkshare_obj.limitUsers
        self.abe = networkshare_obj.abe
        self._guest = 'guest_ok=y'
        self.acl = 'Everyone:'
        self.act()
    def check_list_net(self):
        try:
            res = subprocess.check_output(self.net_cmd_check, encoding='utf-8')
            return res
        except Exception as exc:
            return exc
    def _run_net_full_cmd(self):
        logdata = dict()
        try:
            res = subprocess.check_output(self.net_full_cmd, stderr=subprocess.DEVNULL, encoding='utf-8')
            if res:
                logdata['cmd'] = self.net_full_cmd
                logdata['answer'] = res
            log('D190', logdata)
        except Exception as exc:
            logdata['cmd'] = self.net_full_cmd
            logdata['exc'] = exc
            log('D182', logdata)
    def _create_action(self):
        self.net_full_cmd.append('add')
        self.net_full_cmd.append(self.name)
        self.net_full_cmd.append(self.path)
        self.net_full_cmd.append(self.comment)
        self.net_full_cmd.append(self.acl + 'F')
        self.net_full_cmd.append(self._guest)
        self._run_net_full_cmd()
    def _delete_action(self):
        self.net_full_cmd.append('delete')
        self.net_full_cmd.append(self.name)
        self._run_net_full_cmd()
    def act(self):
        if self.action == FileAction.CREATE:
            self._create_action()
        if self.action == FileAction.UPDATE:
            self._create_action()
        if self.action == FileAction.DELETE:
            self._delete_action()
        if self.action == FileAction.REPLACE:
            self._create_action()
--- a/gpoa/frontend/appliers/polkit.py
+++ b/gpoa/frontend/appliers/polkit.py
@@ -18,9 +18,8 @@
 import os
 import jinja2
 import logging
-from util.logging import slogm
+from util.logging import log
 class polkit:
    __template_path = '/usr/share/gpupdate/templates'
@@ -28,13 +27,29 @@ class polkit:
    __template_loader = jinja2.FileSystemLoader(searchpath=__template_path)
    __template_environment = jinja2.Environment(loader=__template_loader)
-    def __init__(self, template_name, arglist):
+    def __init__(self, template_name, arglist, username=None):
        self.template_name = template_name
        self.args = arglist
        self.username = username
        self.infilename = '{}.rules.j2'.format(self.template_name)
-        self.outfile = os.path.join(self.__policy_dir, '{}.rules'.format(self.template_name))
+        if self.username:
            self.outfile = os.path.join(self.__policy_dir, '{}.{}.rules'.format(self.template_name, self.username))
        else:
            self.outfile = os.path.join(self.__policy_dir, '{}.rules'.format(self.template_name))
    def _is_empty(self):
        for key, item in self.args.items():
            if key == 'User':
                continue
            elif item:
                return False
        return True
    def generate(self):
        if self._is_empty():
            if os.path.isfile(self.outfile):
                os.remove(self.outfile)
            return
        try:
            template = self.__template_environment.get_template(self.infilename)
            text = template.render(**self.args)
@@ -42,7 +57,13 @@ class polkit:
            with open(self.outfile, 'w') as f:
                f.write(text)
-            logging.debug(slogm('Generated file {} with arguments {}'.format(self.outfile, self.args)))
+            logdata = dict()
            logdata['file'] = self.outfile
            logdata['arguments'] = self.args
            log('D77', logdata)
        except Exception as exc:
-            logging.error(slogm('Unable to generate file {} from {}'.format(self.outfile, self.infilename)))
+            logdata = dict()
            logdata['file'] = self.outfile
            logdata['arguments'] = self.args
            log('E44', logdata)
--- a/gpoa/frontend/appliers/systemd.py
+++ b/gpoa/frontend/appliers/systemd.py
@@ -17,9 +17,8 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import dbus
 import logging
-from util.logging import slogm
+from util.logging import log
 class systemd_unit:
    def __init__(self, unit_name, state):
@@ -38,8 +37,13 @@ class systemd_unit:
        if self.desired_state == 1:
            self.manager.UnmaskUnitFiles([self.unit_name], dbus.Boolean(False))
            self.manager.EnableUnitFiles([self.unit_name], dbus.Boolean(False), dbus.Boolean(True))
            if self.unit_name == 'gpupdate.service':
                if self.manager.GetUnitFileState(dbus.String(self.unit_name)) == 'enabled':
                    return
            self.manager.StartUnit(self.unit_name, 'replace')
-            logging.info(slogm('Starting systemd unit: {}'.format(self.unit_name)))
+            logdata = dict()
            logdata['unit'] = self.unit_name
            log('I6', logdata)
            # In case the service has 'RestartSec' property set it
            # switches to 'activating (auto-restart)' state instead of
@@ -47,17 +51,27 @@ class systemd_unit:
            service_state = self._get_state()
            if not service_state in ['active', 'activating']:
-                logging.error(slogm('Unable to start systemd unit {}'.format(self.unit_name)))
+                service_timer_name =  self.unit_name.replace(".service", ".timer")
                self.unit = self.manager.LoadUnit(dbus.String(service_timer_name))
                service_state = self._get_state()
                if not service_state in ['active', 'activating']:
                    logdata = dict()
                    logdata['unit'] = self.unit_name
                    log('E46', logdata)
        else:
            self.manager.StopUnit(self.unit_name, 'replace')
            self.manager.DisableUnitFiles([self.unit_name], dbus.Boolean(False))
            self.manager.MaskUnitFiles([self.unit_name], dbus.Boolean(False), dbus.Boolean(True))
-            logging.info(slogm('Stopping systemd unit: {}'.format(self.unit_name)))
+            logdata = dict()
            logdata['unit'] = self.unit_name
            log('I6', logdata)
            service_state = self._get_state()
-            if not service_state in ['stopped']:
+            if not service_state in ['stopped', 'deactivating', 'inactive']:
-                logging.error(slogm('Unable to stop systemd unit {}'.format(self.unit_name)))
+                logdata = dict()
                logdata['unit'] = self.unit_name
                log('E46', logdata)
    def _get_state(self):
        '''
--- a/gpoa/frontend/appliers/util.py
+++ b/gpoa/frontend/appliers/util.py
@@ -0,0 +1,23 @@
 #
 # GPOA - GPO Applier for Linux
 #
 # Copyright (C) 2019-2020 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 from enum import Enum
 class WallpaperStretchMode(Enum):
    STRETCH = 2
--- a/gpoa/frontend/chromium_applier.py
+++ b/gpoa/frontend/chromium_applier.py
@@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -16,122 +16,207 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
-from .applier_frontend import applier_frontend
+from .applier_frontend import (
      applier_frontend
    , check_enabled
 )
 import logging
 import json
 import os
-
+from util.logging import log
-from util.logging import slogm
+from util.util import is_machine_name, string_to_literal_eval
 from util.util import is_machine_name
 class chromium_applier(applier_frontend):
-    __registry_branch = 'Software\\Policies\\Google\\Chrome'
+    __module_name = 'ChromiumApplier'
    __module_enabled = True
    __module_experimental = False
    __registry_branch = 'Software/Policies/Google/Chrome'
    __managed_policies_path = '/etc/chromium/policies/managed'
    __recommended_policies_path = '/etc/chromium/policies/recommended'
    # JSON file where Chromium stores its settings (and which is
    # overwritten every exit.
    __user_settings = '.config/chromium/Default'
    def __init__(self, storage, sid, username):
        self.storage = storage
        self.sid = sid
        self.username = username
        self._is_machine_name = is_machine_name(self.username)
-        self.policies = dict()
+        self.chromium_keys = self.storage.filter_hklm_entries(self.__registry_branch)
-    def get_hklm_string_entry(self, hive_subkey):
+        self.policies_json = dict()
        query_str = '{}\\{}'.format(self.__registry_branch, hive_subkey)
        return self.storage.get_hklm_entry(query_str)
-    def get_hkcu_string_entry(self, hive_subkey):
+        self.__module_enabled = check_enabled(
-        query_str = '{}\\{}'.format(self.__registry_branch, hive_subkey)
+              self.storage
-        return self.storage.get_hkcu_entry(sid, query_str)
+            , self.__module_name
-
+            , self.__module_experimental
-    def get_hklm_string_entry_default(self, hive_subkey, default):
+        )
        '''
        Return row from HKLM table identified by hive_subkey as string
        or return supplied default value if such hive_subkey is missing.
        '''
        defval = str(default)
        response = self.get_hklm_string_entry(hive_subkey)
        if response:
            return response.data
        return defval
    def get_hkcu_string_entry_default(self, hive_subkey, default):
        defval = str(default)
        response = self.get_hkcu_string_entry(hive_subkey)
        if response:
            return response.data
        return defval
    def set_policy(self, name, obj):
        if obj:
            self.policies[name] = obj
            logging.info(slogm('Chromium policy \'{}\' set to {}'.format(name, obj)))
    def set_user_policy(self, name, obj):
        '''
        Please not that writing user preferences file is not considered
        a good practice and used mostly by various malware.
        '''
        if not self._is_machine_name:
            prefdir = os.path.join(util.get_homedir(self.username), self.__user_settings)
            os.makedirs(prefdir, exist_ok=True)
            prefpath = os.path.join(prefdir, 'Preferences')
            util.mk_homedir_path(self.username, self.__user_settings)
            settings = dict()
            try:
                with open(prefpath, 'r') as f:
                    settings = json.load(f)
            except FileNotFoundError as exc:
                logging.error(slogm('Chromium preferences file {} does not exist at the moment'.format(prefpath)))
            except:
                logging.error(slogm('Error during attempt to read Chromium preferences for user {}'.format(self.username)))
            if obj:
                settings[name] = obj
                with open(prefpath, 'w') as f:
                    json.dump(settings, f)
                logging.info(slogm('Set user ({}) property \'{}\' to {}'.format(self.username, name, obj)))
    def get_home_page(self, hkcu=False):
        response = self.get_hklm_string_entry('HomepageLocation')
        result = 'about:blank'
        if response:
            result = response.data
        return result
    def machine_apply(self):
        '''
        Apply machine settings.
        '''
        self.set_policy('HomepageLocation', self.get_home_page())
        destfile = os.path.join(self.__managed_policies_path, 'policies.json')
        try:
            recommended__json = self.policies_json.pop('Recommended')
        except:
            recommended__json = {}
        #Replacing all nested dictionaries with a list
        dict_item_to_list = (
            lambda target_dict :
                {key:[*val.values()] if type(val) == dict else string_to_literal_eval(val) for key,val in target_dict.items()}
            )
        os.makedirs(self.__managed_policies_path, exist_ok=True)
        with open(destfile, 'w') as f:
-            json.dump(self.policies, f)
+            json.dump(dict_item_to_list(self.policies_json), f)
-            logging.debug(slogm('Wrote Chromium preferences to {}'.format(destfile)))
+            logdata = dict()
            logdata['destfile'] = destfile
            log('D97', logdata)
        destfilerec = os.path.join(self.__recommended_policies_path, 'policies.json')
        os.makedirs(self.__recommended_policies_path, exist_ok=True)
        with open(destfilerec, 'w') as f:
            json.dump(dict_item_to_list(recommended__json), f)
            logdata = dict()
            logdata['destfilerec'] = destfilerec
            log('D97', logdata)
    def user_apply(self):
        '''
        Apply settings for the specified username.
        '''
        self.set_user_policy('homepage', self.get_home_page(hkcu=True))
    def apply(self):
        '''
        All actual job done here.
        '''
-        self.machine_apply()
+        if self.__module_enabled:
-        #if not self._is_machine_name:
+            log('D95')
-        #    logging.debug('Running user applier for Chromium')
+            self.create_dict(self.chromium_keys)
-        #    self.user_apply()
+            self.machine_apply()
        else:
            log('D96')
    def get_valuename_typeint(self):
        '''
        List of keys resulting from parsing chrome.admx with parsing_chrom_admx_intvalues.py
        '''
        valuename_typeint = (['DefaultClipboardSetting',
                            'DefaultCookiesSetting',
                            'DefaultFileSystemReadGuardSetting',
                            'DefaultFileSystemWriteGuardSetting',
                            'DefaultGeolocationSetting',
                            'DefaultImagesSetting',
                            'DefaultInsecureContentSetting',
                            'DefaultJavaScriptJitSetting',
                            'DefaultJavaScriptSetting',
                            'DefaultLocalFontsSetting',
                            'DefaultNotificationsSetting',
                            'DefaultPopupsSetting',
                            'DefaultSensorsSetting',
                            'DefaultSerialGuardSetting',
                            'DefaultThirdPartyStoragePartitioningSetting',
                            'DefaultWebBluetoothGuardSetting',
                            'DefaultWebHidGuardSetting',
                            'DefaultWebUsbGuardSetting',
                            'DefaultWindowManagementSetting',
                            'DefaultMediaStreamSetting',
                            'DefaultWindowPlacementSetting',
                            'ProxyServerMode',
                            'ExtensionManifestV2Availability',
                            'ExtensionUnpublishedAvailability',
                            'CreateThemesSettings',
                            'DevToolsGenAiSettings',
                            'GenAILocalFoundationalModelSettings',
                            'HelpMeWriteSettings',
                            'TabOrganizerSettings',
                            'BrowserSwitcherParsingMode',
                            'CloudAPAuthEnabled',
                            'AdsSettingForIntrusiveAdsSites',
                            'AmbientAuthenticationInPrivateModesEnabled',
                            'BatterySaverModeAvailability',
                            'BrowserSignin',
                            'ChromeVariations',
                            'DeveloperToolsAvailability',
                            'DownloadRestrictions',
                            'ForceYouTubeRestrict',
                            'HeadlessMode',
                            'IncognitoModeAvailability',
                            'IntranetRedirectBehavior',
                            'LensOverlaySettings',
                            'MemorySaverModeSavings',
                            'NetworkPredictionOptions',
                            'ProfilePickerOnStartupAvailability',
                            'ProfileReauthPrompt',
                            'RelaunchNotification',
                            'SafeSitesFilterBehavior',
                            'ToolbarAvatarLabelSettings',
                            'UserAgentReduction',
                            'BatterySaverModeAvailability_recommended',
                            'DownloadRestrictions_recommended',
                            'NetworkPredictionOptions_recommended',
                            'PrintPostScriptMode',
                            'PrintRasterizationMode',
                            'ChromeFrameRendererSettings',
                            'DefaultFileHandlingGuardSetting',
                            'DefaultKeygenSetting',
                            'DefaultPluginsSetting',
                            'LegacySameSiteCookieBehaviorEnabled',
                            'ForceMajorVersionToMinorPositionInUserAgent',
                            'PasswordProtectionWarningTrigger',
                            'SafeBrowsingProtectionLevel',
                            'SafeBrowsingProtectionLevel_recommended',
                            'RestoreOnStartup',
                            'RestoreOnStartup_recommended'])
        return valuename_typeint
    def get_boolean(self,data):
        if data in ['0', 'false', None, 'none', 0]:
            return False
        if data in ['1', 'true', 1]:
            return True
    def get_parts(self, hivekeyname):
        '''
        Parse registry path string and leave key parameters
        '''
        parts = hivekeyname.replace(self.__registry_branch, '').split('/')
        return parts
    def create_dict(self, chromium_keys):
        '''
        Collect dictionaries from registry keys into a general dictionary
        '''
        counts = dict()
        #getting the list of keys to read as an integer
        valuename_typeint = self.get_valuename_typeint()
        for it_data in chromium_keys:
            branch = counts
            try:
                if type(it_data.data) is bytes:
                    it_data.data = it_data.data.decode(encoding='utf-16').replace('\x00','')
                parts = self.get_parts(it_data.hive_key)
                #creating a nested dictionary from elements
                for part in parts[:-1]:
                    branch = branch.setdefault(part, {})
                #dictionary key value initialization
                if it_data.type == 4:
                    if it_data.valuename in valuename_typeint:
                        branch[parts[-1]] = int(it_data.data)
                    else:
                        branch[parts[-1]] = self.get_boolean(it_data.data)
                else:
                    if it_data.data[0] == '[' and it_data.data[-1] == ']':
                        try:
                            branch[parts[-1]] = json.loads(str(it_data.data))
                        except:
                            branch[parts[-1]] = str(it_data.data).replace('\\', '/')
                    else:
                        branch[parts[-1]] = str(it_data.data).replace('\\', '/')
            except Exception as exc:
                logdata = dict()
                logdata['Exception'] = exc
                logdata['keyname'] = it_data.keyname
                log('D178', logdata)
        try:
            self.policies_json = counts['']
        except:
            self.policies_json = {}
--- a/gpoa/frontend/cifs_applier.py
+++ b/gpoa/frontend/cifs_applier.py
@@ -0,0 +1,479 @@
 #
 # GPOA - GPO Applier for Linux
 #
 # Copyright (C) 2019-2022 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import jinja2
 import os
 import pwd
 import subprocess
 from pathlib import Path
 import string
 from .applier_frontend import (
      applier_frontend
    , check_enabled
 )
 from util.util import get_homedir, get_uid_by_username
 from util.logging import log
 def storage_get_drives(storage, sid):
    drives = storage.get_drives(sid)
    drive_list = list()
    for drv_obj in drives:
        drive_list.append(drv_obj)
    return drive_list
 def add_line_if_missing(filename, ins_line):
    with open(filename, 'r+') as f:
        for line in f:
            if ins_line == line.strip():
                break
        else:
            f.write(ins_line + '\n')
            f.flush()
 def remove_chars_before_colon(input_string):
    if ":" in input_string:
        colon_index = input_string.index(":")
        result_string = input_string[colon_index + 1:]
        return result_string
    else:
        return input_string
 def remove_escaped_quotes(input_string):
    result_string = input_string.replace('"', '').replace("'", '')
    return result_string
 class Drive_list:
    __alphabet = string.ascii_uppercase
    def __init__(self):
        self.dict_drives = dict()
    def __get_letter(self, letter):
        slice_letters = set(self.__alphabet[self.__alphabet.find(letter) + 1:]) - set(self.dict_drives.keys())
        free_letters = sorted(slice_letters)
        if free_letters:
            return free_letters[0]
        else:
            return None
    def append(self, drive:dict):
        cur_dir = drive['dir']
        if cur_dir not in set(self.dict_drives.keys()):
            if drive['action'] == 'D':
                return
            self.dict_drives[cur_dir] = drive
            return
        else:
            if drive['action'] == 'C':
                if drive['useLetter'] == '1':
                    return
                else:
                    new_dir = self.__get_letter(cur_dir)
                    if not new_dir:
                        return
                    drive['dir'] = new_dir
                    self.dict_drives[new_dir] = drive
                    return
            if drive['action'] == 'U':
                self.dict_drives[cur_dir]['thisDrive'] = drive['thisDrive']
                self.dict_drives[cur_dir]['allDrives'] = drive['allDrives']
                self.dict_drives[cur_dir]['label'] = drive['label']
                self.dict_drives[cur_dir]['persistent'] = drive['persistent']
                self.dict_drives[cur_dir]['useLetter'] = drive['useLetter']
                return
            if drive['action'] == 'R':
                self.dict_drives[cur_dir] = drive
                return
            if drive['action'] == 'D':
                if drive['useLetter'] == '1':
                    self.dict_drives.pop(cur_dir, None)
                else:
                    keys_set = set(self.dict_drives.keys())
                    slice_letters = set(self.__alphabet[self.__alphabet.find(cur_dir):])
                    for letter_dir in (keys_set & slice_letters):
                        self.dict_drives.pop(letter_dir, None)
    def __call__(self):
        return list(self.dict_drives.values())
    def len(self):
        return len(self.dict_drives)
 class cifs_applier(applier_frontend):
    __module_name = 'CIFSApplier'
    __module_enabled = True
    __module_experimental = False
    __dir4clean = '/etc/auto.master.gpupdate.d'
    def __init__(self, storage, sid):
        self.clear_directory_auto_dir()
        self.applier_cifs = cifs_applier_user(storage, sid, None)
        self.__module_enabled = check_enabled(
              storage
            , self.__module_name
            , self.__module_experimental
        )
    def clear_directory_auto_dir(self):
        path = Path(self.__dir4clean)
        if not path.exists():
            return
        for item in path.iterdir():
            try:
                if item.is_file() or item.is_symlink():
                    item.unlink()
            except Exception as exc:
                log('W37', {'exc': exc})
        log('D231')
    def apply(self):
        if self.__module_enabled:
            log('D179')
            self.applier_cifs._admin_context_apply()
        else:
            log('D180')
 class cifs_applier_user(applier_frontend):
    __module_name = 'CIFSApplierUser'
    __module_enabled = True
    __module_experimental = False
    __auto_file = '/etc/auto.master'
    __auto_dir = '/etc/auto.master.gpupdate.d'
    __template_path = '/usr/share/gpupdate/templates'
    __template_mountpoints = 'autofs_mountpoints.j2'
    __template_identity = 'autofs_identity.j2'
    __template_auto = 'autofs_auto.j2'
    __template_mountpoints_hide = 'autofs_mountpoints_hide.j2'
    __template_auto_hide = 'autofs_auto_hide.j2'
    __enable_home_link = '/Software/BaseALT/Policies/GPUpdate/DriveMapsHome'
    __enable_home_link_user = '/Software/BaseALT/Policies/GPUpdate/DriveMapsHomeUser'
    __name_dir = '/Software/BaseALT/Policies/GPUpdate'
    __name_link_prefix = '/Software/BaseALT/Policies/GPUpdate/DriveMapsHomeDisableNet'
    __name_link_prefix_user = '/Software/BaseALT/Policies/GPUpdate/DriveMapsHomeDisableNetUser'
    __key_link_prefix = 'DriveMapsHomeDisableNet'
    __key_link_prefix_user = 'DriveMapsHomeDisableNetUser'
    __timeout_user_key = '/Software/BaseALT/Policies/GPUpdate/TimeoutAutofsUser'
    __timeout_key = '/Software/BaseALT/Policies/GPUpdate/TimeoutAutofs'
    __cifsacl_key = '/Software/BaseALT/Policies/GPUpdate/CifsaclDisable'
    __target_mountpoint = '/media/gpupdate'
    __target_mountpoint_user = '/run/media'
    __mountpoint_dirname = 'drives.system'
    __mountpoint_dirname_user = 'drives'
    __key_cifs_previous_value = 'Previous/Software/BaseALT/Policies/GPUpdate'
    __key_preferences = 'Software/BaseALT/Policies/Preferences/'
    __key_preferences_previous = 'Previous/Software/BaseALT/Policies/Preferences/'
    __name_value = 'DriveMapsName'
    __name_value_user = 'DriveMapsNameUser'
    def __init__(self, storage, sid, username):
        self.storage = storage
        self.sid = sid
        self.username = username
        self.state_home_link = False
        self.state_home_link_user = False
        self.dict_registry_machine = self.storage.get_dictionary_from_dconf_file_db()
        self.homedir = ''
        name_dir = self.__name_dir[1:]
        if username:
            self.dict_registry_user = self.storage.get_dictionary_from_dconf_file_db(get_uid_by_username(username))
            self.home = self.__target_mountpoint_user + '/' + username
            self.state_home_link = self.storage.check_enable_key(self.__enable_home_link)
            self.state_home_link_disable_net = self.storage.check_enable_key(self.__name_link_prefix)
            self.state_home_link_disable_net_user = self.storage.check_enable_key(self.__name_link_prefix_user)
            self.state_home_link_user = self.storage.check_enable_key(self.__enable_home_link_user)
            self.timeout = self.storage.get_entry(self.__timeout_user_key)
            dirname = self.storage.get_entry(self.__name_dir + '/' + self.__name_value_user)
            dirname_system_from_machine = self.dict_registry_machine.get(name_dir, dict()).get(self.__name_value, None)
            self.__mountpoint_dirname_user = dirname.data if dirname and dirname.data else self.__mountpoint_dirname_user
            self.__mountpoint_dirname = dirname_system_from_machine if dirname_system_from_machine else self.__mountpoint_dirname
            mntTarget = self.__mountpoint_dirname_user
            self.keys_cifs_previous_values_user = self.dict_registry_user.get(self.__key_cifs_previous_value,dict())
            self.keys_cifs_values_user = self.dict_registry_user.get(name_dir,dict())
            self.keys_the_preferences_previous_values_user = self.dict_registry_user.get((self.__key_preferences_previous+self.username),dict()).get('Drives', dict())
            self.keys_the_preferences_values_user = self.dict_registry_user.get((self.__key_preferences+self.username),dict()).get('Drives', dict())
        else:
            self.home = self.__target_mountpoint
            self.timeout = self.storage.get_entry(self.__timeout_key)
            dirname_system = self.storage.get_entry(self.__name_dir + '/' + self.__name_value)
            self.__mountpoint_dirname = dirname_system.data if dirname_system and dirname_system.data else self.__mountpoint_dirname
            mntTarget = self.__mountpoint_dirname
        self.keys_cifs_previous_values_machine = self.dict_registry_machine.get(self.__key_cifs_previous_value,dict())
        self.keys_cifs_values_machine = self.dict_registry_machine.get(name_dir,dict())
        self.keys_the_preferences_previous_values = self.dict_registry_machine.get((self.__key_preferences_previous+'Machine'),dict()).get('Drives', dict())
        self.keys_the_preferences_values = self.dict_registry_machine.get((self.__key_preferences+'Machine'),dict()).get('Drives', dict())
        self.cifsacl_disable = self.storage.get_entry(self.__cifsacl_key, preg=False)
        self.mntTarget = mntTarget.translate(str.maketrans({" ": r"\ "}))
        conf_file = '{}.conf'.format(sid)
        conf_hide_file = '{}_hide.conf'.format(sid)
        autofs_file = '{}.autofs'.format(sid)
        autofs_hide_file = '{}_hide.autofs'.format(sid)
        cred_file = '{}.creds'.format(sid)
        self.auto_master_d = Path(self.__auto_dir)
        self.user_config = self.auto_master_d / conf_file
        self.user_config_hide = self.auto_master_d / conf_hide_file
        if os.path.exists(self.user_config.resolve()):
            self.user_config.unlink()
        if os.path.exists(self.user_config_hide.resolve()):
            self.user_config_hide.unlink()
        self.user_autofs = self.auto_master_d / autofs_file
        self.user_autofs_hide = self.auto_master_d / autofs_hide_file
        if os.path.exists(self.user_autofs.resolve()):
            self.user_autofs.unlink()
        if os.path.exists(self.user_autofs_hide.resolve()):
            self.user_autofs_hide.unlink()
        self.user_creds = self.auto_master_d / cred_file
        self.mount_dir = Path(os.path.join(self.home))
        self.drives = storage_get_drives(self.storage, self.sid)
        self.template_loader = jinja2.FileSystemLoader(searchpath=self.__template_path)
        self.template_env = jinja2.Environment(loader=self.template_loader)
        self.template_mountpoints = self.template_env.get_template(self.__template_mountpoints)
        self.template_indentity = self.template_env.get_template(self.__template_identity)
        self.template_auto = self.template_env.get_template(self.__template_auto)
        self.template_mountpoints_hide = self.template_env.get_template(self.__template_mountpoints_hide)
        self.template_auto_hide = self.template_env.get_template(self.__template_auto_hide)
        self.__module_enabled = check_enabled(
              self.storage
            , self.__module_name
            , self.__module_experimental
        )
    def is_mount_point_dirname(self):
        if self.username:
            return self.mount_dir.joinpath(self.__mountpoint_dirname_user).is_mount()
        else:
            return self.mount_dir.joinpath(self.__mountpoint_dirname).is_mount()
    def is_changed_keys(self):
        if self.username:
            return (self.keys_cifs_previous_values_user.get(self.__name_value_user) != self.keys_cifs_values_user.get(self.__name_value_user) or
                    self.keys_the_preferences_previous_values_user != self.keys_the_preferences_values_user)
        else:
            return (self.keys_cifs_previous_values_machine.get(self.__name_value) != self.keys_cifs_values_machine.get(self.__name_value) or
                    self.keys_the_preferences_previous_values != self.keys_the_preferences_values)
    def user_context_apply(self):
        '''
        Nothing to implement.
        '''
        pass
    def _admin_context_apply(self):
        # Create /etc/auto.master.gpupdate.d directory
        self.auto_master_d.mkdir(parents=True, exist_ok=True)
        # Create user's destination mount directory
        self.mount_dir.mkdir(parents=True, exist_ok=True)
        uid = pwd.getpwnam(self.username).pw_uid if self.username else None
        if uid:
            os.chown(self.mount_dir, uid=uid, gid=-1)
            self.mount_dir.chmod(0o700)
        # Add pointer to /etc/auto.master.gpiupdate.d in /etc/auto.master
        auto_destdir = '+dir:{}'.format(self.__auto_dir)
        add_line_if_missing(self.__auto_file, auto_destdir)
        # Collect data for drive settings
        drive_list = Drive_list()
        for drv in self.drives:
            drive_settings = dict()
            drive_settings['dir'] = drv.dir
            drive_settings['login'] = drv.login
            drive_settings['password'] = drv.password
            drive_settings['path'] = remove_chars_before_colon(drv.path.replace('\\', '/'))
            drive_settings['action'] = drv.action
            drive_settings['thisDrive'] = drv.thisDrive
            drive_settings['allDrives'] = drv.allDrives
            drive_settings['label'] = remove_escaped_quotes(drv.label)
            drive_settings['persistent'] = drv.persistent
            drive_settings['useLetter'] = drv.useLetter
            drive_settings['username'] = self.username
            drive_settings['cifsacl'] = False if self.cifsacl_disable else True
            drive_list.append(drive_settings)
        if drive_list.len() > 0:
            mount_settings = dict()
            mount_settings['drives'] = drive_list()
            mount_text = self.template_mountpoints.render(**mount_settings)
            mount_text_hide = self.template_mountpoints_hide.render(**mount_settings)
            with open(self.user_config.resolve(), 'w') as f:
                f.truncate()
                f.write(mount_text)
                f.flush()
            with open(self.user_config_hide.resolve(), 'w') as f:
                f.truncate()
                f.write(mount_text_hide)
                f.flush()
            autofs_settings = dict()
            autofs_settings['home_dir'] = self.home
            autofs_settings['mntTarget'] = self.mntTarget
            autofs_settings['mount_file'] = self.user_config.resolve()
            autofs_settings['timeout'] = self.timeout.data if self.timeout and self.timeout.data else 120
            autofs_text = self.template_auto.render(**autofs_settings)
            with open(self.user_autofs.resolve(), 'w') as f:
                f.truncate()
                f.write(autofs_text)
                f.flush()
            autofs_settings['mount_file'] = self.user_config_hide.resolve()
            autofs_text = self.template_auto_hide.render(**autofs_settings)
            with open(self.user_autofs_hide.resolve(), 'w') as f:
                f.truncate()
                f.write(autofs_text)
                f.flush()
        if self.is_changed_keys() or (self.drives and not self.is_mount_point_dirname()):
            self.restart_autofs()
        if self.username:
            self.update_drivemaps_home_links()
    def restart_autofs(self):
        try:
            subprocess.check_call(['/bin/systemctl', 'restart', 'autofs'])
        except Exception as exc:
            log('E74', {'exc': exc})
    def unlink_symlink(self, symlink:Path, previous=None):
        try:
            if symlink.exists() and symlink.is_symlink() and symlink.owner() == 'root':
                symlink.unlink()
            elif symlink.is_symlink() and not symlink.exists():
                symlink.unlink()
            elif previous:
                symlink.unlink()
        except:
            pass
    def del_previous_link(self, previous_value_link , mountpoint_dirname, prefix):
        d_previous = Path(self.homedir + ('/' if prefix else '/net.') + previous_value_link)
        if d_previous.name != mountpoint_dirname:
            dHide_previous = Path(self.homedir + ('/.' if prefix else '/.net.') + previous_value_link)
            self.unlink_symlink(d_previous, True)
            self.unlink_symlink(dHide_previous, True)
    def update_drivemaps_home_links(self):
        if  self.state_home_link_disable_net:
            prefix = ''
        else:
            prefix = 'net.'
        if self.state_home_link_disable_net_user:
            prefix_user = ''
        else:
            prefix_user = 'net.'
        previous_value_link = self.keys_cifs_previous_values_machine.get(self.__name_value, self.__mountpoint_dirname)
        previous_state_home_link_disable_net_user = self.keys_cifs_previous_values_user.get(self.__key_link_prefix_user)
        previous_state_home_link_disable_net = self.keys_cifs_previous_values_user.get(self.__key_link_prefix)
        previous_value_link_user = self.keys_cifs_previous_values_user.get(self.__name_value_user, self.__mountpoint_dirname_user)
        self.homedir = get_homedir(self.username)
        dUser = Path(self.homedir + '/' + prefix_user + self.__mountpoint_dirname_user)
        dUserHide = Path(self.homedir + '/.' + prefix_user + self.__mountpoint_dirname_user)
        dMachine = Path(self.homedir+'/' + prefix + self.__mountpoint_dirname)
        dMachineHide = Path(self.homedir+'/.' + prefix + self.__mountpoint_dirname)
        if self.state_home_link_user:
            dUserMountpoint = Path(self.home).joinpath(self.__mountpoint_dirname_user)
            dUserMountpointHide = Path(self.home).joinpath('.' + self.__mountpoint_dirname_user)
            self.del_previous_link(previous_value_link_user, dUser.name, previous_state_home_link_disable_net_user)
            if not dUser.exists() and dUserMountpoint.exists():
                try:
                    os.symlink(dUserMountpoint, dUser, True)
                except  Exception as exc:
                    log('D194', {'exc': exc})
            elif dUser.is_symlink() and not dUserMountpoint.exists():
                self.unlink_symlink(dUser)
            if not dUserHide.exists() and dUserMountpointHide.exists():
                try:
                    os.symlink(dUserMountpointHide, dUserHide, True)
                except  Exception as exc:
                    log('D196', {'exc': exc})
            elif dUserHide.is_symlink() and not dUserMountpointHide.exists():
                self.unlink_symlink(dUserHide)
        else:
            self.del_previous_link(previous_value_link_user, dUser.name, previous_state_home_link_disable_net_user)
            self.unlink_symlink(dUser)
            self.unlink_symlink(dUserHide)
        if self.state_home_link:
            dMachineMountpoint = Path(self.__target_mountpoint).joinpath(self.__mountpoint_dirname)
            dMachineMountpointHide = Path(self.__target_mountpoint).joinpath('.' + self.__mountpoint_dirname)
            self.del_previous_link(previous_value_link, dMachine.name, previous_state_home_link_disable_net)
            if not dMachine.exists() and dMachineMountpoint.exists():
                try:
                    os.symlink(dMachineMountpoint, dMachine, True)
                except  Exception as exc:
                    log('D195', {'exc': exc})
            elif dMachine.is_symlink() and not dMachineMountpoint.exists():
                self.unlink_symlink(dMachine)
            if not dMachineHide.exists() and dMachineMountpointHide.exists():
                try:
                    os.symlink(dMachineMountpointHide, dMachineHide, True)
                except  Exception as exc:
                    log('D197', {'exc': exc})
            elif dMachineHide.is_symlink() and not dMachineMountpointHide.exists():
                self.unlink_symlink(dMachineHide)
        else:
            self.del_previous_link(previous_value_link, dMachine.name, previous_state_home_link_disable_net)
            self.unlink_symlink(dMachine)
            self.unlink_symlink(dMachineHide)
    def admin_context_apply(self):
        if self.__module_enabled:
            log('D146')
            self._admin_context_apply()
        else:
            log('D147')
--- a/gpoa/frontend/control_applier.py
+++ b/gpoa/frontend/control_applier.py
@@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -16,36 +16,67 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
-from .applier_frontend import applier_frontend
+from .applier_frontend import (
      applier_frontend
    , check_enabled
 )
 from .appliers.control import control
-from util.logging import slogm
+from util.logging import log
 import logging
 class control_applier(applier_frontend):
-    _registry_branch = 'Software\\BaseALT\\Policies\\Control'
+    __module_name = 'ControlApplier'
    __module_experimental = False
    __module_enabled = True
    _registry_branch = 'Software/BaseALT/Policies/Control'
    def __init__(self, storage):
        self.storage = storage
-        self.control_settings = self.storage.filter_hklm_entries('Software\\BaseALT\\Policies\\Control%')
+        self.control_settings = self.storage.filter_hklm_entries(self._registry_branch)
        self.controls = list()
        self.__module_enabled = check_enabled(
              self.storage
            , self.__module_name
            , self.__module_experimental
        )
-    def apply(self):
+    def run(self):
        '''
        Trigger control facility invocation.
        '''
        for setting in self.control_settings:
-            valuename = setting.hive_key.rpartition('\\')[2]
+            valuename = setting.hive_key.rpartition('/')[2]
            try:
                self.controls.append(control(valuename, int(setting.data)))
-                logging.info(slogm('Working with control {}'.format(valuename)))
+                logdata = dict()
                logdata['control'] = valuename
                logdata['value'] = setting.data
                log('I3', logdata)
            except ValueError as exc:
-                self.controls.append(control(valuename, setting.data))
+                try:
-                logging.info(slogm('Working with control {} with string value'.format(valuename)))
+                    ctl = control(valuename, setting.data)
                except Exception as exc:
                    logdata = {'Exception': exc}
                    log('I3', logdata)
                    continue
                self.controls.append(ctl)
                logdata = dict()
                logdata['control'] = valuename
                logdata['with string value'] = setting.data
                log('I3', logdata)
            except Exception as exc:
-                logging.info(slogm('Unable to work with control {}: {}'.format(valuename, exc)))
+                logdata = dict()
                logdata['control'] = valuename
                logdata['exc'] = exc
                log('E39', logdata)
        #for e in polfile.pol_file.entries:
        #    print('{}:{}:{}:{}:{}'.format(e.type, e.data, e.valuename, e.keyname))
        for cont in self.controls:
            cont.set_control_status()
    def apply(self):
        '''
        Trigger control facility invocation.
        '''
        if self.__module_enabled:
            log('D67')
            self.run()
        else:
            log('E40')
--- a/gpoa/frontend/cups_applier.py
+++ b/gpoa/frontend/cups_applier.py
@@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -16,13 +16,15 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
-import logging
+import json
-import os
+import cups
-
+from .applier_frontend import (
-from .applier_frontend import applier_frontend
+      applier_frontend
    , check_enabled
 )
 from gpt.printers import json2printer
 from util.rpm import is_rpm_installed
-from util.logging import slogm
+from util.logging import log
 def storage_get_printers(storage, sid):
    '''
@@ -32,42 +34,85 @@ def storage_get_printers(storage, sid):
    printers = list()
    for prnj in printer_objs:
-        prn_obj = json2printer(prnj)
+        printers.append(prnj)
        printers.append(prn_obj)
    return printers
-def write_printer(prn):
+def connect_printer(connection, prn):
    '''
    Dump printer cinfiguration to disk as CUPS config
    '''
-    printer_config_path = os.path.join('/etc/cups', prn.name)
+    # PPD file location
-    with open(printer_config_path, 'r') as f:
+    printer_driver = 'generic'
-        print(prn.cups_config(), file=f)
+    pjson = json.loads(prn.printer)
    printer_parts = pjson['printer']['path'].partition(' ')
    # Printer queue name in CUPS
    printer_name = printer_parts[2].replace('(', '').replace(')', '')
    # Printer description in CUPS
    printer_info = printer_name
    printer_uri = printer_parts[0].replace('\\', '/')
    printer_uri = 'smb:' + printer_uri
    connection.addPrinter(
          name=printer_name
        , info=printer_info
        , device=printer_uri
        #filename=printer_driver
    )
 class cups_applier(applier_frontend):
    __module_name = 'CUPSApplier'
    __module_experimental = True
    __module_enabled = False
    def __init__(self, storage):
        self.storage = storage
        self.__module_enabled = check_enabled(
              self.storage
            , self.__module_name
            , self.__module_experimental
        )
    def run(self):
        if not is_rpm_installed('cups'):
            log('W9')
            return
        try:
            self.cups_connection = cups.Connection()
        except Exception as exc:
            logdata = dict()
            logdata['exc', exc]
            log('W20', logdata)
        self.printers = storage_get_printers(self.storage, self.storage.get_info('machine_sid'))
        if self.printers:
            for prn in self.printers:
                connect_printer(self.cups_connection, prn)
    def apply(self):
        '''
        Perform configuration of printer which is assigned to computer.
        '''
-        if not is_rpm_installed('cups'):
+        if self.__module_enabled:
-            logging.warning(slogm('CUPS is not installed: no printer settings will be deployed'))
+            log('D113')
-            return
+            self.run()
-
+        else:
-        printers = storage_get_printers(self.storage, self.storage.get_info('machine_sid'))
+            log('D114')
        if printers:
            for prn in printers:
                write_printer(prn)
 class cups_applier_user(applier_frontend):
    __module_name = 'CUPSApplierUser'
    __module_experimental = True
    __module_enabled = False
    def __init__(self, storage, sid, username):
        self.storage = storage
        self.sid = sid
        self.username = username
        self.__module_enabled = check_enabled(
              self.storage
            , self.__module_name
            , self.__module_experimental
        )
    def user_context_apply(self):
        '''
@@ -76,17 +121,25 @@ class cups_applier_user(applier_frontend):
        '''
        pass
    def run(self):
        if not is_rpm_installed('cups'):
            log('W9')
            return
        self.cups_connection = cups.Connection()
        self.printers = storage_get_printers(self.storage, self.sid)
        if self.printers:
            for prn in self.printers:
                connect_printer(self.cups_connection, prn)
    def admin_context_apply(self):
        '''
        Perform printer configuration assigned for user.
        '''
-        if not is_rpm_installed('cups'):
+        if self.__module_enabled:
-            logging.warning(slogm('CUPS is not installed: no printer settings will be deployed'))
+            log('D115')
-            return
+            self.run()
-
+        else:
-        printers = storage_get_printers(self.storage, self.sid)
+            log('D116')
        if printers:
            for prn in printers:
                write_printer(prn)
--- a/gpoa/frontend/envvar_applier.py
+++ b/gpoa/frontend/envvar_applier.py
@@ -0,0 +1,70 @@
 #
 # GPOA - GPO Applier for Linux
 #
 # Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 from .applier_frontend import (
      applier_frontend
    , check_enabled
 )
 from .appliers.envvar import Envvar
 from util.logging import log
 class envvar_applier(applier_frontend):
    __module_name = 'EnvvarsApplier'
    __module_experimental = False
    __module_enabled = True
    def __init__(self, storage, sid):
        self.storage = storage
        self.sid = sid
        self.envvars = self.storage.get_envvars(self.sid)
        Envvar.clear_envvar_file()
        self.__module_enabled = check_enabled(self.storage, self.__module_name, self.__module_experimental)
    def apply(self):
        if self.__module_enabled:
            log('D134')
            ev = Envvar(self.envvars, 'root')
            ev.act()
        else:
            log('D135')
 class envvar_applier_user(applier_frontend):
    __module_name = 'EnvvarsApplierUser'
    __module_experimental = False
    __module_enabled = True
    def __init__(self, storage, sid, username):
        self.storage = storage
        self.sid = sid
        self.username = username
        self.envvars = self.storage.get_envvars(self.sid)
        Envvar.clear_envvar_file(username)
        self.__module_enabled = check_enabled(self.storage, self.__module_name, self.__module_experimental)
    def admin_context_apply(self):
        if self.__module_enabled:
            log('D136')
            ev = Envvar(self.envvars, self.username)
            ev.act()
        else:
            log('D137')
    def user_context_apply(self):
        pass
--- a/gpoa/frontend/file_applier.py
+++ b/gpoa/frontend/file_applier.py
@@ -0,0 +1,83 @@
 #
 # GPOA - GPO Applier for Linux
 #
 # Copyright (C) 2019-2022 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 from .appliers.file_cp import Files_cp, Execution_check
 from .applier_frontend import (
      applier_frontend
    , check_enabled
 )
 from util.logging import log
 class file_applier(applier_frontend):
    __module_name = 'FilesApplier'
    __module_experimental = True
    __module_enabled = False
    def __init__(self, storage, file_cache, sid):
        self.storage = storage
        self.exe_check = Execution_check(storage)
        self.sid = sid
        self.file_cache = file_cache
        self.files = self.storage.get_files(self.sid)
        self.__module_enabled = check_enabled(self.storage, self.__module_name, self.__module_experimental)
    def run(self):
        for file in self.files:
            Files_cp(file, self.file_cache, self.exe_check)
    def apply(self):
        if self.__module_enabled:
            log('D167')
            self.run()
        else:
            log('D168')
 class file_applier_user(applier_frontend):
    __module_name = 'FilesApplierUser'
    __module_experimental = True
    __module_enabled = False
    def __init__(self, storage, file_cache, sid, username):
        self.storage = storage
        self.file_cache = file_cache
        self.sid = sid
        self.username = username
        self.exe_check = Execution_check(storage)
        self.files = self.storage.get_files(self.sid)
        self.__module_enabled = check_enabled(
              self.storage
            , self.__module_name
            , self.__module_experimental
        )
    def run(self):
        for file in self.files:
            Files_cp(file, self.file_cache, self.exe_check, self.username)
    def admin_context_apply(self):
        if self.__module_enabled:
            log('D169')
            self.run()
        else:
            log('D170')
    def user_context_apply(self):
        pass
--- a/gpoa/frontend/firefox_applier.py
+++ b/gpoa/frontend/firefox_applier.py
@@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -25,19 +25,22 @@
 # This thing must work with keys and subkeys located at:
 # Software\Policies\Mozilla\Firefox
 import logging
 import json
 import os
 import configparser
-from .applier_frontend import applier_frontend
+from .applier_frontend import (
-from util.logging import slogm
+      applier_frontend
-from util.util import is_machine_name
+    , check_enabled
 )
 from util.logging import log
 from util.util import is_machine_name, try_dict_to_literal_eval
 class firefox_applier(applier_frontend):
-    __registry_branch = 'Software\\Policies\\Mozilla\\Firefox'
+    __module_name = 'FirefoxApplier'
-    __firefox_installdir = '/usr/lib64/firefox/distribution'
+    __module_experimental = False
-    __user_settings_dir = '.mozilla/firefox'
+    __module_enabled = True
    __registry_branch = 'Software/Policies/Mozilla/Firefox'
    __firefox_policies = '/etc/firefox/policies'
    def __init__(self, storage, sid, username):
        self.storage = storage
@@ -46,99 +49,122 @@ class firefox_applier(applier_frontend):
        self._is_machine_name = is_machine_name(self.username)
        self.policies = dict()
        self.policies_json = dict({ 'policies': self.policies })
        self.firefox_keys = self.storage.filter_hklm_entries(self.__registry_branch)
        self.policies_gen = dict()
        self.__module_enabled = check_enabled(
              self.storage
            , self.__module_name
            , self.__module_experimental
        )
    def get_profiles(self):
        '''
        Get directory names of Firefox profiles for specified username.
        '''
        profiles_ini = os.path.join(util.get_homedir(self.username), self.__user_settings_dir, 'profiles.ini')
        config = configparser.ConfigParser()
        config.read(profiles_ini)
        profile_paths = list()
        for section in config.keys():
            if section.startswith('Profile'):
                profile_paths.append(config[section]['Path'])
        return profile_paths
    def get_hklm_string_entry(self, hive_subkey):
        '''
        Get HKEY_LOCAL_MACHINE hive subkey of
        'Software\Policies\Mozilla\Firefox'.
        '''
        query_str = '{}\\{}'.format(self.__registry_branch, hive_subkey)
        return self.storage.get_hklm_entry(query_str)
    def get_hklm_string_entry_default(self, hive_subkey, default):
        '''
        Get Firefox's subkey or return the default value.
        '''
        defval = str(default)
        response = self.get_hklm_string_entry(hive_subkey)
        if response:
            return response.data
        return defval
    def set_policy(self, name, obj):
        '''
        Add entry to policy set.
        '''
        if obj:
            self.policies[name] = obj
            logging.info(slogm('Firefox policy \'{}\' set to {}'.format(name, obj)))
    def get_home_page(self):
        '''
        Query the Homepage property from the storage.
        '''
        homepage = dict({
            'URL': 'about:blank',
            'Locked': False,
            'StartPage': 'homepage'
        })
        response = self.get_hklm_string_entry('Homepage\\URL')
        if response:
            homepage['URL'] = response.data
            return homepage
        return None
    def get_block_about_config(self):
        '''
        Query BlockAboutConfig boolean property from the storage.
        '''
        response = self.get_hklm_string_entry('BlockAboutConfig')
        if response:
            if response.data.lower() in ['0', 'false', False, None, 'None']:
                return False
            return True
        return None
    def machine_apply(self):
        '''
-        Write policies.json to Firefox installdir.
+        Write policies.json to Firefox.
        '''
-        self.set_policy('Homepage', self.get_home_page())
+        excp = ['SOCKSVersion']
-        self.set_policy('BlockAboutConfig', self.get_block_about_config())
+        self.policies_json = create_dict(self.firefox_keys, self.__registry_branch, excp)
-        destfile = os.path.join(self.__firefox_installdir, 'policies.json')
+        destfile = os.path.join(self.__firefox_policies, 'policies.json')
-
+        os.makedirs(self.__firefox_policies, exist_ok=True)
        os.makedirs(self.__firefox_installdir, exist_ok=True)
        with open(destfile, 'w') as f:
            json.dump(self.policies_json, f)
-            logging.debug(slogm('Wrote Firefox preferences to {}'.format(destfile)))
+            logdata = dict()
-
+            logdata['destfile'] = destfile
-    def user_apply(self):
+            log('D91', logdata)
        profiles = self.get_profiles()
        profiledir = os.path.join(util.get_homedir(self.username), self.__user_settings_dir)
        for profile in profiles:
            logging.debug(slogm('Found Firefox profile in {}/{}'.format(profiledir, profile)))
    def apply(self):
-        self.machine_apply()
+        if self.__module_enabled:
-        #if not self._is_machine_name:
+            log('D93')
-        #    logging.debug('Running user applier for Firefox')
+            self.machine_apply()
-        #    self.user_apply()
+        else:
            log('D94')
 def key_dict_is_digit(dictionary:dict) -> bool:
    '''
    Checking if a dictionary key is a digit
    '''
    if not isinstance(dictionary, dict):
        return False
    for dig in dictionary.keys():
        if dig.isdigit():
            return True
    return False
 def dict_item_to_list(dictionary:dict) -> dict:
    '''
    Replacing dictionaries with numeric keys with a List
    '''
    if '' in dictionary:
        dictionary = dictionary.pop('')
    for key,val in dictionary.items():
        if type(val) == dict:
            if key_dict_is_digit(val):
                dictionary[key] = [*val.values()]
            else:
                dict_item_to_list(dictionary[key])
    return dictionary
 def clean_data_firefox(data):
    return data.replace("'", '\"')
 def create_dict(firefox_keys, registry_branch, excp=list()):
    '''
    Collect dictionaries from registry keys into a general dictionary
    '''
    get_boolean = lambda data: data in ['1', 'true', 'True', True, 1] if isinstance(data, (str, int)) else False
    get_parts = lambda hivekey, registry: hivekey.replace(registry, '').split('/')
    counts = dict()
    for it_data in firefox_keys:
        branch = counts
        try:
            if type(it_data.data) is bytes:
                it_data.data = it_data.data.decode(encoding='utf-16').replace('\x00','')
            json_data = try_dict_to_literal_eval(it_data.data)
            if json_data:
                it_data.data = json_data
                it_data.type = 7
            else:
                if it_data.type == 1:
                    it_data.data = clean_data_firefox(it_data.data)
            #Cases when it is necessary to create nested dictionaries
            if it_data.valuename != it_data.data:
                parts = get_parts(it_data.hive_key, registry_branch)
                #creating a nested dictionary from elements
                for part in parts[:-1]:
                    branch = branch.setdefault(part, {})
                #dictionary key value initialization
                if it_data.type == 4:
                    if it_data.valuename in excp:
                        branch[parts[-1]] = int(it_data.data)
                    else:
                        branch[parts[-1]] = get_boolean(it_data.data)
                elif it_data.type == 7:
                    branch[parts[-1]] = it_data.data
                else:
                    branch[parts[-1]] = str(it_data.data).replace('\\', '/')
            #Cases when it is necessary to create lists in a dictionary
            else:
                parts = get_parts(it_data.keyname, registry_branch)
                for part in parts[:-1]:
                    branch = branch.setdefault(part, {})
                if branch.get(parts[-1]) is None:
                    branch[parts[-1]] = list()
                if it_data.type == 4:
                    branch[parts[-1]].append(get_boolean(it_data.data))
                else:
                    if os.path.isdir(str(it_data.data).replace('\\', '/')):
                        branch[parts[-1]].append(str(it_data.data).replace('\\', '/'))
                    else:
                        branch[parts[-1]].append(str(it_data.data))
        except Exception as exc:
            logdata = dict()
            logdata['Exception'] = exc
            logdata['keyname'] = it_data.keyname
            log('W14', logdata)
    return {'policies': dict_item_to_list(counts)}
--- a/gpoa/frontend/firewall_applier.py
+++ b/gpoa/frontend/firewall_applier.py
@@ -0,0 +1,64 @@
 #
 # GPOA - GPO Applier for Linux
 #
 # Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import subprocess
 from util.logging import log
 from .applier_frontend import (
      applier_frontend
    , check_enabled
 )
 from .appliers.firewall_rule import FirewallRule
 class firewall_applier(applier_frontend):
    __module_name = 'FirewallApplier'
    __module_experimental = True
    __module_enabled = False
    __firewall_branch = 'SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\FirewallRules'
    __firewall_switch = 'SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\DomainProfile\\EnableFirewall'
    __firewall_reset_cmd = ['/usr/bin/alterator-net-iptables', 'reset']
    def __init__(self, storage):
        self.storage = storage
        self.firewall_settings = self.storage.filter_hklm_entries('{}%'.format(self.__firewall_branch))
        self.firewall_enabled = self.storage.get_hklm_entry(self.__firewall_switch)
        self.__module_enabled = check_enabled(
              self.storage
            , self.__module_name
            , self.__module_experimental
        )
    def run(self):
        for setting in self.firewall_settings:
            rule = FirewallRule(setting.data)
            rule.apply()
    def apply(self):
        if self.__module_enabled:
            log('D117')
            if '1' == self.firewall_enabled:
                log('D118')
                self.run()
            else:
                log('D119')
                proc = subprocess.Popen(self.__firewall_reset_cmd)
                proc.wait()
        else:
            log('D120')
--- a/gpoa/frontend/folder_applier.py
+++ b/gpoa/frontend/folder_applier.py
@@ -0,0 +1,91 @@
 #
 # GPOA - GPO Applier for Linux
 #
 # Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 from .applier_frontend import (
      applier_frontend
    , check_enabled
 )
 from .appliers.folder import Folder
 from util.logging import log
 from util.windows import expand_windows_var
 import re
 class folder_applier(applier_frontend):
    __module_name = 'FoldersApplier'
    __module_experimental = False
    __module_enabled = True
    def __init__(self, storage, sid):
        self.storage = storage
        self.sid = sid
        self.folders = self.storage.get_folders(self.sid)
        self.__module_enabled = check_enabled(self.storage, self.__module_name, self.__module_experimental)
    def apply(self):
        if self.__module_enabled:
            log('D107')
            for directory_obj in self.folders:
                check = expand_windows_var(directory_obj.path).replace('\\', '/')
                win_var = re.findall(r'%.+?%', check)
                drive = re.findall(r'^[a-z A-Z]\:',check)
                if drive or win_var:
                    log('D109', {"path": directory_obj.path})
                    continue
                fld = Folder(directory_obj)
                fld.act()
        else:
            log('D108')
 class folder_applier_user(applier_frontend):
    __module_name = 'FoldersApplierUser'
    __module_experimental = False
    __module_enabled = True
    def __init__(self, storage, sid, username):
        self.storage = storage
        self.sid = sid
        self.username = username
        self.folders = self.storage.get_folders(self.sid)
        self.__module_enabled = check_enabled(
              self.storage
            , self.__module_name
            , self.__module_experimental
        )
    def run(self):
        for directory_obj in self.folders:
            check = expand_windows_var(directory_obj.path, self.username).replace('\\', '/')
            win_var = re.findall(r'%.+?%', check)
            drive = re.findall(r'^[a-z A-Z]\:',check)
            if drive or win_var:
                log('D110', {"path": directory_obj.path})
                continue
            fld = Folder(directory_obj, self.username)
            fld.act()
    def admin_context_apply(self):
        pass
    def user_context_apply(self):
        if self.__module_enabled:
            log('D111')
            self.run()
        else:
            log('D112')
--- a/gpoa/frontend/frontend_manager.py
+++ b/gpoa/frontend/frontend_manager.py
@@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -17,14 +17,22 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 from storage import registry_factory
 from storage.fs_file_cache import fs_file_cache
 from .control_applier import control_applier
-from .polkit_applier import polkit_applier
+from .polkit_applier import (
      polkit_applier
    , polkit_applier_user
 )
 from .systemd_applier import systemd_applier
 from .firefox_applier import firefox_applier
 from .thunderbird_applier import thunderbird_applier
 from .chromium_applier import chromium_applier
 from .cups_applier import cups_applier
-from .package_applier import package_applier
+from .package_applier import (
      package_applier
    , package_applier_user
 )
 from .shortcut_applier import (
    shortcut_applier,
    shortcut_applier_user
@@ -33,21 +41,52 @@ from .gsettings_applier import (
    gsettings_applier,
    gsettings_applier_user
 )
-from util.windows import get_sid
+from .firewall_applier import firewall_applier
 from .folder_applier import (
      folder_applier
    , folder_applier_user
 )
 from .cifs_applier import (
      cifs_applier_user
    , cifs_applier)
 from .ntp_applier import ntp_applier
 from .envvar_applier import (
      envvar_applier
    , envvar_applier_user
 )
 from .scripts_applier import (
      scripts_applier
    , scripts_applier_user
 )
 from .file_applier import (
      file_applier
    , file_applier_user
 )
 from .ini_applier import (
      ini_applier
    , ini_applier_user
 )
 from .kde_applier import (
      kde_applier
    , kde_applier_user
 )
 from .laps_applier import laps_applier
 from .networkshare_applier import networkshare_applier
 from .yandex_browser_applier import yandex_browser_applier
 from util.sid import get_sid
 from util.users import (
    is_root,
    get_process_user,
    username_match_uid,
    with_privileges
 )
 from util.logging import slogm
 from util.paths import (
    frontend_module_dir
 )
 from util.logging import log
 from util.system import with_privileges
 import logging
 import os
 import subprocess
 def determine_username(username=None):
    '''
@@ -60,16 +99,30 @@ def determine_username(username=None):
    # of process owner.
    if not username:
        name = get_process_user()
-        logging.debug(slogm('Username is not specified - will use username of current process'))
+        logdata = dict({'username': name})
        log('D2', logdata)
    if not username_match_uid(name):
        if not is_root():
            raise Exception('Current process UID does not match specified username')
-    logging.debug(slogm('Username for frontend is set to {}'.format(name)))
+    logdata = dict({'username': name})
    log('D15', logdata)
    return name
 def apply_user_context(user_appliers):
    for applier_name, applier_object in user_appliers.items():
        log('D55', {'name': applier_name})
        try:
            applier_object.user_context_apply()
        except Exception as exc:
            logdata = dict()
            logdata['applier'] = applier_name
            logdata['exception'] = str(exc)
            log('E20', logdata)
 class frontend_manager:
    '''
    The frontend_manager class decides when and how to run appliers
@@ -77,75 +130,118 @@ class frontend_manager:
    '''
    def __init__(self, username, is_machine):
        frontend_module_files = frontend_module_dir().glob('**/*')
        self.frontend_module_binaries = list()
        for exe in frontend_module_files:
            if (exe.is_file() and os.access(exe.resolve(), os.X_OK)):
                self.frontend_module_binaries.append(exe)
        self.storage = registry_factory('registry')
        self.username = determine_username(username)
        self.storage = registry_factory('dconf', username=self.username)
        self.is_machine = is_machine
        self.process_uname = get_process_user()
        self.sid = get_sid(self.storage.get_info('domain'), self.username, is_machine)
        self.file_cache = fs_file_cache('file_cache', self.username)
-        self.machine_appliers = dict({
+        self.machine_appliers = dict()
-            'control':  control_applier(self.storage),
+        self.user_appliers = dict()
-            'polkit':   polkit_applier(self.storage),
+        if is_machine:
-            'systemd':  systemd_applier(self.storage),
+            self._init_machine_appliers()
-            'firefox':  firefox_applier(self.storage, self.sid, self.username),
+        else:
-            'chromium': chromium_applier(self.storage, self.sid, self.username),
+            self._init_user_appliers()
            'shortcuts': shortcut_applier(self.storage),
            'gsettings': gsettings_applier(self.storage),
            'cups': cups_applier(self.storage),
            'package': package_applier(self.storage)
        })
    def _init_machine_appliers(self):
        self.machine_appliers['laps_applier'] = laps_applier(self.storage)
        self.machine_appliers['control'] = control_applier(self.storage)
        self.machine_appliers['polkit'] = polkit_applier(self.storage)
        self.machine_appliers['systemd'] = systemd_applier(self.storage)
        self.machine_appliers['firefox'] = firefox_applier(self.storage, self.sid, self.username)
        self.machine_appliers['thunderbird'] = thunderbird_applier(self.storage, self.sid, self.username)
        self.machine_appliers['chromium'] = chromium_applier(self.storage, self.sid, self.username)
        self.machine_appliers['yandex_browser'] = yandex_browser_applier(self.storage, self.sid, self.username)
        self.machine_appliers['shortcuts'] = shortcut_applier(self.storage)
        self.machine_appliers['gsettings'] = gsettings_applier(self.storage, self.file_cache)
        try:
            self.machine_appliers['cifs'] = cifs_applier(self.storage, self.sid)
        except Exception as exc:
            logdata = dict()
            logdata['applier_name'] = 'cifs'
            logdata['msg'] = str(exc)
            log('E24', logdata)
        self.machine_appliers['cups'] = cups_applier(self.storage)
        self.machine_appliers['firewall'] = firewall_applier(self.storage)
        self.machine_appliers['folders'] = folder_applier(self.storage, self.sid)
        self.machine_appliers['ntp'] = ntp_applier(self.storage)
        self.machine_appliers['envvar'] = envvar_applier(self.storage, self.sid)
        self.machine_appliers['networkshare'] = networkshare_applier(self.storage, self.sid)
        self.machine_appliers['scripts'] = scripts_applier(self.storage, self.sid)
        self.machine_appliers['files'] = file_applier(self.storage, self.file_cache, self.sid)
        self.machine_appliers['ini'] = ini_applier(self.storage, self.sid)
        self.machine_appliers['kde'] = kde_applier(self.storage)
        self.machine_appliers['package'] = package_applier(self.storage)
    def _init_user_appliers(self):
        # User appliers are expected to work with user-writable
        # files and settings, mostly in $HOME.
-        self.user_appliers = dict({
+        self.user_appliers['shortcuts'] = shortcut_applier_user(self.storage, self.sid, self.username)
-            'shortcuts': shortcut_applier_user(self.storage, self.sid, self.username),
+        self.user_appliers['folders'] = folder_applier_user(self.storage, self.sid, self.username)
-            'gsettings': gsettings_applier_user(self.storage, self.sid, self.username)
+        self.user_appliers['gsettings'] = gsettings_applier_user(self.storage, self.file_cache, self.sid, self.username)
-        })
+        try:
            self.user_appliers['cifs'] = cifs_applier_user(self.storage, self.sid, self.username)
        except Exception as exc:
            logdata = dict()
            logdata['applier_name'] = 'cifs'
            logdata['msg'] = str(exc)
            log('E25', logdata)
        self.user_appliers['polkit'] = polkit_applier_user(self.storage, self.sid, self.username)
        self.user_appliers['envvar'] = envvar_applier_user(self.storage, self.sid, self.username)
        self.user_appliers['networkshare'] = networkshare_applier(self.storage, self.sid, self.username)
        self.user_appliers['scripts'] = scripts_applier_user(self.storage, self.sid, self.username)
        self.user_appliers['files'] = file_applier_user(self.storage, self.file_cache, self.sid, self.username)
        self.user_appliers['ini'] = ini_applier_user(self.storage, self.sid, self.username)
        self.user_appliers['kde'] = kde_applier_user(self.storage, self.sid, self.username, self.file_cache)
        self.user_appliers['package'] = package_applier_user(self.storage, self.sid, self.username)
    def machine_apply(self):
        '''
        Run global appliers with administrator privileges.
        '''
        if not is_root():
-            logging.error('Not sufficient privileges to run machine appliers')
+            log('E13')
            return
-        logging.debug(slogm('Applying computer part of settings'))
+        log('D16')
-        for exe in self.frontend_module_binaries:
+        for applier_name, applier_object in self.machine_appliers.items():
-            subprocess.check_call([exe.resolve()])
+            try:
-
+                applier_object.apply()
-        self.machine_appliers['systemd'].apply()
+            except Exception as exc:
-        self.machine_appliers['control'].apply()
+                logdata = dict()
-        self.machine_appliers['polkit'].apply()
+                logdata['applier_name'] = applier_name
-        self.machine_appliers['firefox'].apply()
+                logdata['msg'] = str(exc)
-        self.machine_appliers['chromium'].apply()
+                log('E24', logdata)
        self.machine_appliers['shortcuts'].apply()
        self.machine_appliers['gsettings'].apply()
        self.machine_appliers['cups'].apply()
        #self.machine_appliers['package'].apply()
    def user_apply(self):
        '''
        Run appliers for users.
        '''
        if is_root():
-            logging.debug(slogm('Running user appliers from administrator context'))
+            for applier_name, applier_object in self.user_appliers.items():
-            self.user_appliers['shortcuts'].admin_context_apply()
+                try:
-            self.user_appliers['gsettings'].admin_context_apply()
+                    applier_object.admin_context_apply()
                except Exception as exc:
                    logdata = dict()
                    logdata['applier'] = applier_name
                    logdata['exception'] = str(exc)
                    log('E19', logdata)
-            logging.debug(slogm('Running user appliers for user context'))
+            try:
-            with_privileges(self.username, self.user_appliers['shortcuts'].user_context_apply)
+                with_privileges(self.username, lambda: apply_user_context(self.user_appliers))
-            with_privileges(self.username, self.user_appliers['gsettings'].user_context_apply)
+            except Exception as exc:
                logdata = dict()
                logdata['username'] = self.username
                logdata['exception'] = str(exc)
                log('E30', logdata)
        else:
-            logging.debug(slogm('Running user appliers from user context'))
+            for applier_name, applier_object in self.user_appliers.items():
-            self.user_appliers['shortcuts'].user_context_apply()
+                try:
-            self.user_appliers['gsettings'].user_context_apply()
+                    applier_object.user_context_apply()
                except Exception as exc:
                    logdata = dict({'applier_name': applier_name, 'message': str(exc)})
                    log('E11', logdata)
    def apply_parameters(self):
        '''
--- a/gpoa/frontend/gsettings_applier.py
+++ b/gpoa/frontend/gsettings_applier.py
@@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -16,77 +16,278 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
-import logging
+from util.exceptions import NotUNCPathError
 import os
 import pwd
 import subprocess
-from .applier_frontend import applier_frontend
+from gi.repository import Gio
-from .appliers.gsettings import (
+from storage.dconf_registry import Dconf_registry
-    system_gsetting,
+
-    user_gsetting
+from .applier_frontend import (
      applier_frontend
    , check_enabled
    , check_windows_mapping_enabled
 )
-from util.logging import slogm
+from .appliers.gsettings import (
    system_gsettings,
    user_gsettings
 )
 from util.logging import log
 def uri_fetch(schema, path, value, cache):
    '''
    Function to fetch and cache uri
    '''
    retval = value
    logdata = dict()
    logdata['schema'] = schema
    logdata['path'] = path
    logdata['src'] = value
    try:
        retval = cache.get(value)
        if not retval:
            retval = ''
        logdata['dst'] = retval
        log('D90', logdata)
    except Exception as exc:
        pass
    return retval
 class gsettings_applier(applier_frontend):
-    __registry_branch = 'Software\\BaseALT\\Policies\\gsettings'
+    __module_name = 'GSettingsApplier'
    __module_experimental = False
    __module_enabled = True
    __registry_branch = 'Software\\BaseALT\\Policies\\gsettings\\'
    __registry_locks_branch = 'Software\\BaseALT\\Policies\\GSettingsLocks\\'
    __wallpaper_entry = 'Software/BaseALT/Policies/gsettings/org.mate.background.picture-filename'
    __vino_authentication_methods_entry = 'Software/BaseALT/Policies/gsettings/org.gnome.Vino.authentication-methods'
    __global_schema = '/usr/share/glib-2.0/schemas'
    __override_priority_file = 'zzz_policy.gschema.override'
    __override_old_file = '0_policy.gschema.override'
-    def __init__(self, storage):
+
    def __init__(self, storage, file_cache):
        self.storage = storage
        self.file_cache = file_cache
        gsettings_filter = '{}%'.format(self.__registry_branch)
        gsettings_locks_filter = '{}%'.format(self.__registry_locks_branch)
        self.gsettings_keys = self.storage.filter_hklm_entries(gsettings_filter)
-        self.gsettings = list()
+        self.gsettings_locks = self.storage.filter_hklm_entries(gsettings_locks_filter)
-        self.override_file = os.path.join(self.__global_schema, '0_policy.gschema.override')
+        self.override_file = os.path.join(self.__global_schema, self.__override_priority_file)
        self.override_old_file = os.path.join(self.__global_schema, self.__override_old_file)
        self.gsettings = system_gsettings(self.override_file)
        self.locks = dict()
        self.__module_enabled = check_enabled(
              self.storage
            , self.__module_name
            , self.__module_experimental
        )
    def update_file_cache(self, data):
        try:
            self.file_cache.store(data)
        except Exception as exc:
            logdata = dict()
            logdata['exception'] = str(exc)
            log('D145', logdata)
    def uri_fetch_helper(self, schema, path, value):
        return uri_fetch(schema, path, value, self.file_cache)
    def run(self):
        # Compatility cleanup of old settings
        if os.path.exists(self.override_old_file):
            os.remove(self.override_old_file)
    def apply(self):
        # Cleanup settings from previous run
        if os.path.exists(self.override_file):
-            logging.debug(slogm('Removing GSettings policy file from previous run'))
+            log('D82')
            os.remove(self.override_file)
        # Get all configured gsettings locks
        for lock in self.gsettings_locks:
            valuename = lock.hive_key.rpartition('/')[2]
            self.locks[valuename] = int(lock.data)
        # Calculate all configured gsettings
        for setting in self.gsettings_keys:
-            valuename = setting.hive_key.rpartition('\\')[2]
+            helper = None
            valuename = setting.hive_key.rpartition('/')[2]
            rp = valuename.rpartition('.')
            schema = rp[0]
            path = rp[2]
-            self.gsettings.append(system_gsetting(schema, path, setting.data))
+            data = setting.data
            lock = bool(self.locks[valuename]) if valuename in self.locks else None
            if setting.hive_key.lower() == self.__wallpaper_entry.lower():
                self.update_file_cache(setting.data)
                helper = self.uri_fetch_helper
            elif setting.hive_key.lower() == self.__vino_authentication_methods_entry.lower():
                data = [setting.data]
            self.gsettings.append(schema, path, data, lock, helper)
        # Create GSettings policy with highest available priority
-        for gsetting in self.gsettings:
+        self.gsettings.apply()
            gsetting.apply()
        # Recompile GSettings schemas with overrides
        try:
            proc = subprocess.run(args=['/usr/bin/glib-compile-schemas', self.__global_schema], capture_output=True, check=True)
        except Exception as exc:
-            logging.debug(slogm('Error recompiling global GSettings schemas'))
+            log('E48')
        # Update desktop configuration system backend
        Dconf_registry.dconf_update()
    def apply(self):
        if self.__module_enabled:
            log('D80')
            self.run()
        else:
            log('D81')
 class GSettingsMapping:
    def __init__(self, hive_key, gsettings_schema, gsettings_key):
        self.hive_key = hive_key
        self.gsettings_schema = gsettings_schema
        self.gsettings_key = gsettings_key
        try:
            self.schema_source = Gio.SettingsSchemaSource.get_default()
            self.schema = self.schema_source.lookup(self.gsettings_schema, True)
            self.gsettings_schema_key = self.schema.get_key(self.gsettings_key)
            self.gsettings_type = self.gsettings_schema_key.get_value_type()
        except Exception as exc:
            logdata = dict()
            logdata['hive_key'] = self.hive_key
            logdata['gsettings_schema'] = self.gsettings_schema
            logdata['gsettings_key'] = self.gsettings_key
            log('W6', logdata)
    def preg2gsettings(self):
        '''
        Transform PReg key variant into GLib.Variant. This function
        performs mapping of PReg type system into GLib type system.
        '''
        pass
    def gsettings2preg(self):
        '''
        Transform GLib.Variant key type into PReg key type.
        '''
        pass
 class gsettings_applier_user(applier_frontend):
-    __registry_branch = 'Software\\BaseALT\\Policies\\gsettings'
+    __module_name = 'GSettingsApplierUser'
    __module_experimental = False
    __module_enabled = True
    __registry_branch = 'Software\\BaseALT\\Policies\\gsettings\\'
    __wallpaper_entry = 'Software/BaseALT/Policies/gsettings/org.mate.background.picture-filename'
    __vino_authentication_methods_entry = 'Software/BaseALT/Policies/gsettings/org.gnome.Vino.authentication-methods'
-    def __init__(self, storage, sid, username):
+    def __init__(self, storage, file_cache, sid, username):
        self.storage = storage
        self.file_cache = file_cache
        self.sid = sid
        self.username = username
        gsettings_filter = '{}%'.format(self.__registry_branch)
        self.gsettings_keys = self.storage.filter_hkcu_entries(self.sid, gsettings_filter)
-        self.gsettings = list()
+        self.gsettings = user_gsettings()
        self.__module_enabled = check_enabled(self.storage, self.__module_name, self.__module_experimental)
        self.__windows_mapping_enabled = check_windows_mapping_enabled(self.storage)
-    def user_context_apply(self):
+        self.__windows_settings = dict()
        self.windows_settings = list()
        mapping = [
              # Disable or enable screen saver
              GSettingsMapping(
                  'Software/Policies/Microsoft/Windows/Control Panel/Desktop/ScreenSaveActive'
                , 'org.mate.screensaver'
                , 'idle-activation-enabled'
              )
              # Timeout in seconds for screen saver activation. The value of zero effectively disables screensaver start
            , GSettingsMapping(
                  'Software/Policies/Microsoft/Windows/Control Panel/Desktop/ScreenSaveTimeOut'
                , 'org.mate.session'
                , 'idle-delay'
              )
              # Enable or disable password protection for screen saver
            , GSettingsMapping(
                  'Software/Policies/Microsoft/Windows/Control Panel/Desktop/ScreenSaverIsSecure'
                , 'org.mate.screensaver'
                , 'lock-enabled'
              )
              # Specify image which will be used as a wallpaper
            , GSettingsMapping(
                  'Software/Microsoft/Windows/CurrentVersion/Policies/System/Wallpaper'
                , 'org.mate.background'
                , 'picture-filename'
              )
        ]
        self.windows_settings.extend(mapping)
        for element in self.windows_settings:
            self.__windows_settings[element.hive_key] = element
    def windows_mapping_append(self):
        for setting_key in self.__windows_settings.keys():
            value = self.storage.get_hkcu_entry(self.sid, setting_key)
            if value:
                logdata = dict()
                logdata['setting_key'] = setting_key
                logdata['value.data'] = value.data
                log('D86', logdata)
                mapping = self.__windows_settings[setting_key]
                try:
                    self.gsettings.append(mapping.gsettings_schema, mapping.gsettings_key, value.data)
                except Exception as exc:
                    print(exc)
    def uri_fetch_helper(self, schema, path, value):
        return uri_fetch(schema, path, value, self.file_cache)
    def run(self):
        if self.__windows_mapping_enabled:
            log('D83')
            self.windows_mapping_append()
        else:
            log('D84')
        # Calculate all configured gsettings
        for setting in self.gsettings_keys:
-            valuename = setting.hive_key.rpartition('\\')[2]
+            valuename = setting.hive_key.rpartition('/')[2]
            rp = valuename.rpartition('.')
            schema = rp[0]
            path = rp[2]
-            self.gsettings.append(user_gsetting(schema, path, setting.data))
+            data = setting.data
            helper = self.uri_fetch_helper if setting.hive_key.lower() == self.__wallpaper_entry.lower() else None
            if setting.hive_key.lower() == self.__vino_authentication_methods_entry.lower():
                data = [setting.data]
            self.gsettings.append(schema, path, data, helper)
-        for gsetting in self.gsettings:
+        # Create GSettings policy with highest available priority
-            gsetting.apply()
+        self.gsettings.apply()
    def user_context_apply(self):
        if self.__module_enabled:
            log('D87')
            self.run()
        else:
            log('D88')
    def admin_context_apply(self):
-        '''
+        # Cache files on remote locations
-        Not implemented because there is no point of doing so.
+        try:
-        '''
+            entry = self.__wallpaper_entry
-        pass
+            filter_result = self.storage.get_hkcu_entry(self.sid, entry)
            if filter_result and filter_result.data:
                self.file_cache.store(filter_result.data)
        except NotUNCPathError:
            ...
        except Exception as exc:
            logdata = dict()
            logdata['exception'] = str(exc)
            log('E50', logdata)
--- a/gpoa/frontend/ini_applier.py
+++ b/gpoa/frontend/ini_applier.py
@@ -0,0 +1,77 @@
 #
 # GPOA - GPO Applier for Linux
 #
 # Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 from .appliers.ini_file import Ini_file
 from .applier_frontend import (
      applier_frontend
    , check_enabled
 )
 from util.logging import log
 class ini_applier(applier_frontend):
    __module_name = 'InifilesApplier'
    __module_experimental = True
    __module_enabled = False
    def __init__(self, storage, sid):
        self.storage = storage
        self.sid = sid
        self.inifiles_info = self.storage.get_ini(self.sid)
        self.__module_enabled = check_enabled(self.storage, self.__module_name, self.__module_experimental)
    def run(self):
        for inifile in self.inifiles_info:
            Ini_file(inifile)
    def apply(self):
        if self.__module_enabled:
            log('D171')
            self.run()
        else:
            log('D172')
 class ini_applier_user(applier_frontend):
    __module_name = 'InifilesApplierUser'
    __module_experimental = True
    __module_enabled = False
    def __init__(self, storage, sid, username):
        self.sid = sid
        self.username = username
        self.storage = storage
        self.inifiles_info = self.storage.get_ini(self.sid)
        self.__module_enabled = check_enabled(
              self.storage
            , self.__module_name
            , self.__module_experimental
        )
    def run(self):
        for inifile in self.inifiles_info:
            Ini_file(inifile, self.username)
    def admin_context_apply(self):
        pass
    def user_context_apply(self):
        if self.__module_enabled:
            log('D173')
            self.run()
        else:
            log('D174')
--- a/gpoa/frontend/kde_applier.py
+++ b/gpoa/frontend/kde_applier.py
@@ -0,0 +1,367 @@
 #
 # GPOA - GPO Applier for Linux
 #
 # Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 from .applier_frontend import applier_frontend, check_enabled
 from util.logging import log
 from util.util import get_homedir
 from util.exceptions import NotUNCPathError
 import os
 import subprocess
 import re
 import dbus
 import shutil
 class kde_applier(applier_frontend):
    __module_name = 'KdeApplier'
    __module_experimental = True
    __module_enabled = False
    __hklm_branch = 'Software/BaseALT/Policies/KDE/'
    __hklm_lock_branch = 'Software/BaseALT/Policies/KDELocks/'
    def __init__(self, storage):
        self.storage = storage
        self.locks_dict = {}
        self.locks_data_dict = {}
        self.all_kde_settings = {}
        kde_filter = '{}%'.format(self.__hklm_branch)
        locks_filter = '{}%'.format(self.__hklm_lock_branch)
        self.locks_settings = self.storage.filter_hklm_entries(locks_filter)
        self.kde_settings = self.storage.filter_hklm_entries(kde_filter)
        self.all_kde_settings = {}
        self.__module_enabled = check_enabled(
            self.storage,
            self.__module_name,
            self.__module_experimental
        )
    def apply(self):
        if self.__module_enabled:
            log('D198')
            create_dict(self.kde_settings, self.all_kde_settings, self.locks_settings, self.locks_dict)
            apply(self.all_kde_settings, self.locks_dict)
        else:
            log('D199')
 class kde_applier_user(applier_frontend):
    __module_name = 'KdeApplierUser'
    __module_experimental = True
    __module_enabled = False
    kde_version = None
    __hkcu_branch = 'Software/BaseALT/Policies/KDE'
    __hkcu_lock_branch = 'Software/BaseALT/Policies/KDELocks'
    __plasma_update_entry = 'Software/BaseALT/Policies/KDE/Plasma/Update'
    def __init__(self, storage, sid=None, username=None, file_cache = None):
        self.storage = storage
        self.username = username
        self.sid = sid
        self.file_cache = file_cache
        self.locks_dict = {}
        self.locks_data_dict = {}
        self.all_kde_settings = {}
        kde_applier_user.kde_version = get_kde_version()
        kde_filter = '{}%'.format(self.__hkcu_branch)
        locks_filter = '{}%'.format(self.__hkcu_lock_branch)
        self.locks_settings = self.storage.filter_hkcu_entries(self.sid, locks_filter)
        self.plasma_update = self.storage.get_entry(self.__plasma_update_entry)
        self.plasma_update_flag = self.plasma_update.data if self.plasma_update is not None else 0
        self.kde_settings = self.storage.filter_hkcu_entries(self.sid, kde_filter)
        self.__module_enabled = check_enabled(
            self.storage,
            self.__module_name,
            self.__module_experimental
        )
    def admin_context_apply(self):
        try:
            for setting in self.kde_settings:
                file_name = setting.keyname.split("/")[-2]
                if file_name == 'wallpaper':
                    data = setting.data
                    break
            self.file_cache.store(data)
        except Exception as exc:
            logdata = dict()
            logdata['exc'] = exc
    def user_context_apply(self):
        '''
        Change settings applied in user context
        '''
        if self.__module_enabled:
            log('D200')
            create_dict(self.kde_settings, self.all_kde_settings, self.locks_settings, self.locks_dict, self.file_cache, self.username, self.plasma_update_flag)
            apply(self.all_kde_settings, self.locks_dict, self.username)
        else:
            log('D201')
 dbus_methods_mapping = {
    'kscreenlockerrc': {
        'dbus_service': 'org.kde.screensaver',
        'dbus_path': '/ScreenSaver',
        'dbus_interface': 'org.kde.screensaver',
        'dbus_method': 'configure'
    },
    'wallpaper': {
        'dbus_service': 'org.freedesktop.systemd1',
        'dbus_path': '/org/freedesktop/systemd1',
        'dbus_interface': 'org.freedesktop.systemd1.Manager',
        'dbus_method': 'RestartUnit',
        'dbus_args': ['plasma-plasmashell.service', 'replace']
    }
 }
 def get_kde_version():
    try:
        kinfo_path = shutil.which("kinfo", path="/usr/lib/kf5/bin:/usr/bin")
        if not kinfo_path:
            raise FileNotFoundError("Unable to find kinfo")
        output = subprocess.check_output([kinfo_path], text=True, env={'LANG':'C'})
        for line in output.splitlines():
            if "KDE Frameworks Version" in line:
                frameworks_version = line.split(":", 1)[1].strip()
                major_frameworks_version = int(frameworks_version.split(".")[0])
                return major_frameworks_version
    except:
        return None
 def create_dict(kde_settings, all_kde_settings, locks_settings, locks_dict, file_cache = None, username = None, plasmaupdate = False):
        for locks in locks_settings:
            locks_dict[locks.valuename] = locks.data
        for setting in kde_settings:
            try:
                file_name, section, value = setting.keyname.split("/")[-2], setting.keyname.split("/")[-1], setting.valuename
                data = setting.data
                if file_name == 'wallpaper':
                    apply_for_wallpaper(data, file_cache, username, plasmaupdate)
                else:
                    all_kde_settings.setdefault(file_name, {}).setdefault(section, {})[value] = data
            except Exception as exc:
                logdata = dict()
                logdata['file_name'] = file_name
                logdata['section'] = section
                logdata['value'] = value
                logdata['data'] = data
                logdata['exc'] = exc
                log('W16', logdata)
 def apply(all_kde_settings, locks_dict, username = None):
    logdata = dict()
    modified_files = set()
    if username is None:
        system_path_settings = '/etc/xdg/'
        system_files = [
            "baloofilerc",
            "kcminputrc",
            "kded_device_automounterrc",
            "kdeglobals",
            "ksplashrc",
            "kwinrc",
            "plasma-localerc",
            "plasmarc",
            "powermanagementprofilesrc"
        ]
        for file in system_files:
            file_to_remove = f'{system_path_settings}{file}'
            if os.path.exists(file_to_remove):
                os.remove(file_to_remove)
        for file_name, sections in all_kde_settings.items():
            file_path = f'{system_path_settings}{file_name}'
            with open(file_path, 'w') as file:
                for section, keys in sections.items():
                    section = section.replace(')(', '][')
                    file.write(f'[{section}]\n')
                    for key, value in keys.items():
                        lock = f"{file_name}.{section}.{key}".replace('][', ')(')
                        if locks_dict.get(lock) == 1:
                            file.write(f'{key}[$i]={value}\n')
                        else:
                            file.write(f'{key}={value}\n')
                    file.write('\n')
            modified_files.add(file_name)
    else:
        for file_name, sections in all_kde_settings.items():
            path = f'{get_homedir(username)}/.config/{file_name}'
            if not os.path.exists(path):
                open(path, 'a').close()
            else:
                pass
            for section, keys in sections.items():
                for key, value in keys.items():
                    value = str(value)
                    lock = f"{file_name}.{section}.{key}"
                    if lock in locks_dict and locks_dict[lock] == 1:
                        command = [
                            f'kwriteconfig{kde_applier_user.kde_version}',
                            '--file', file_name,
                            '--group', section,
                            '--key', key +'/$i/',
                            '--type', 'string',
                            value
                        ]
                    else:
                        command = [
                            f'kwriteconfig{kde_applier_user.kde_version}',
                            '--file', file_name,
                            '--group', section,
                            '--key', key,
                            '--type', 'string',
                            value
                        ]
                    try:
                        clear_locks_settings(username, file_name, key)
                        env_path = dict(os.environ)
                        env_path["PATH"] = "/usr/lib/kf5/bin:/usr/bin"
                        subprocess.run(command, check=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, env=env_path)
                    except:
                            logdata['command'] = command
                            log('W22', logdata)
            new_content = []
            file_path = f'{get_homedir(username)}/.config/{file_name}'
            try:
                with open(file_path, 'r') as file:
                    for line in file:
                        line = line.replace('/$i/', '[$i]').replace(')(', '][')
                        new_content.append(line)
                with open(file_path, 'w') as file:
                    file.writelines(new_content)
                logdata['file'] = file_name
                log('D202', logdata)
            except Exception as exc:
                logdata['exc'] = exc
                log('W19', logdata)
            modified_files.add(file_name)
    for file_name in modified_files:
        call_dbus_method(file_name)
 def clear_locks_settings(username, file_name, key):
    '''
    Method to remove old locked settings
    '''
    file_path = f'{get_homedir(username)}/.config/{file_name}'
    with open(file_path, 'r') as file:
        lines = file.readlines()
    with open(file_path, 'w') as file:
        for line in lines:
            if f'{key}[$i]=' not in line:
                file.write(line)
    for line in lines:
        if f'{key}[$i]=' in line:
            logdata = dict()
            logdata['line'] = line.strip()
            log('I10', logdata)
 def apply_for_wallpaper(data, file_cache, username, plasmaupdate):
    '''
    Method to change wallpaper
    '''
    logdata = dict()
    path_to_wallpaper = f'{get_homedir(username)}/.config/plasma-org.kde.plasma.desktop-appletsrc'
    id_desktop = get_id_desktop(path_to_wallpaper)
    try:
        try:
            data = str(file_cache.get(data))
        except NotUNCPathError:
            data = str(data)
        with open(path_to_wallpaper, 'r') as file:
            current_wallpaper = file.read()
        match = re.search(rf'\[Containments\]\[{id_desktop}\]\[Wallpaper\]\[org\.kde\.image\]\[General\]\s+Image=(.*)', current_wallpaper)
        if match:
            current_wallpaper_path = match.group(1)
            flag = (current_wallpaper_path == data)
        else:
            flag = False
        os.environ["LANGUAGE"] = os.environ["LANG"].split(".")[0]
        os.environ["XDG_DATA_DIRS"] = "/usr/share/kf5:"
            #Variable for system detection of directories before files with .colors extension
        os.environ["DISPLAY"] = ":0"
            #Variable for command execution plasma-apply-colorscheme
        os.environ["XDG_RUNTIME_DIR"] = f"/run/user/{os.getuid()}"
        os.environ["PATH"] = "/usr/lib/kf5/bin:"
        os.environ["DBUS_SESSION_BUS_ADDRESS"] = f"unix:path=/run/user/{os.getuid()}/bus"#plasma-apply-wallpaperimage
        env_path = dict(os.environ)
        env_path["PATH"] = "/usr/lib/kf5/bin:/usr/bin"
            #environment variable for accessing binary files without hard links
        if not flag:
            if os.path.isfile(path_to_wallpaper):
                command = [
                    f'kwriteconfig{kde_applier_user.kde_version}',
                    '--file', 'plasma-org.kde.plasma.desktop-appletsrc',
                    '--group', 'Containments',
                    '--group', id_desktop,
                    '--group', 'Wallpaper',
                    '--group', 'org.kde.image',
                    '--group', 'General',
                    '--key', 'Image',
                    '--type', 'string',
                    data
                    ]
                try:
                    subprocess.run(command, check=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, env=env_path)
                except:
                        logdata['command'] = command
                        log('E68', logdata)
                if plasmaupdate == 1:
                    call_dbus_method("wallpaper")
        else:
            logdata['file'] = path_to_wallpaper
            log('W21', logdata)
    except OSError as exc:
        logdata['exc'] = exc
        log('W17', logdata)
    except Exception as exc:
        logdata['exc'] = exc
        log('E67', logdata)
 def get_id_desktop(path_to_wallpaper):
    '''
    Method for getting desktop id. It is currently accepted that this number is one of the sections in the configuration file.
    '''
    pattern = r'\[Containments\]\[(\d+)\][^\[]*activityId=([^\s]+)'
    try:
        with open(path_to_wallpaper, 'r') as file:
            file_content = file.read()
        match = re.search(pattern, file_content)
        return match.group(1) if match else None
    except:
        return None
 def call_dbus_method(file_name):
    '''
    Method to call D-Bus method based on the file name
    '''
    os.environ["DBUS_SESSION_BUS_ADDRESS"] = f"unix:path=/run/user/{os.getuid()}/bus"
    if file_name in dbus_methods_mapping:
        config = dbus_methods_mapping[file_name]
        try:
            session_bus = dbus.SessionBus()
            dbus_object = session_bus.get_object(config['dbus_service'], config['dbus_path'])
            dbus_iface = dbus.Interface(dbus_object, config['dbus_interface'])
            if 'dbus_args' in config:
                getattr(dbus_iface, config['dbus_method'])(*config['dbus_args'])
            else:
                getattr(dbus_iface, config['dbus_method'])()
        except dbus.exceptions.DBusException as e:
            logdata = dict({'error': str(exc)})
            log('E31', logdata)
    else:
        pass
--- a/gpoa/frontend/laps_applier.py
+++ b/gpoa/frontend/laps_applier.py
@@ -0,0 +1,695 @@
 #
 # GPOA - GPO Applier for Linux
 #
 # Copyright (C) 2025 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 from .applier_frontend import (
    applier_frontend,
    check_enabled
 )
 import struct
 from datetime import datetime, timedelta
 import dpapi_ng
 from util.util import remove_prefix_from_keys, check_local_user_exists
 from util.sid import WellKnown21RID
 import subprocess
 import ldb
 import string
 import secrets
 import os
 import psutil
 from util.logging import log
 import logging
 class laps_applier(applier_frontend):
    """
    LAPS (Local Administrator Password Solution) implementation for managing
    and automatically rotating administrator passwords.
    """
    # Time calculation constants
    # Number of seconds between the Windows epoch (1601-01-01 00:00:00 UTC)
    # and the Unix epoch (1970-01-01 00:00:00 UTC).
    # Used to convert between Unix timestamps and Windows FileTime.
    _EPOCH_TIMESTAMP = 11644473600
    # Number of 100-nanosecond intervals per second.
    # Used to convert seconds to Windows FileTime format.
    _HUNDREDS_OF_NANOSECONDS = 10000000
    # Number of 100-nanosecond intervals in one day
    _DAY_FLOAT = 8.64e11
    # Module configuration
    __module_name = 'LapsApplier'
    __module_experimental = True
    __module_enabled = False
    # Registry paths
    _WINDOWS_REGISTRY_PATH = 'SOFTWARE/Microsoft/Windows/CurrentVersion/Policies/LAPS/'
    _ALT_REGISTRY_PATH = 'Software/BaseALT/Policies/Laps/'
    # LDAP attributes
    _ATTR_ENCRYPTED_PASSWORD = 'msLAPS-EncryptedPassword'
    _ATTR_PASSWORD_EXPIRATION_TIME = 'msLAPS-PasswordExpirationTime'
    # dconf key for password modification time
    _KEY_PASSWORD_LAST_MODIFIED = '/Software/BaseALT/Policies/Laps/PasswordLastModified/'
    # Password complexity levels
    _PASSWORD_COMPLEXITY = {
        1: string.ascii_uppercase,
        2: string.ascii_letters,
        3: string.ascii_letters + string.digits,
        4: string.ascii_letters + string.digits + string.punctuation
    }
    # Post-authentication actions
    _ACTION_NONE = 0
    _ACTION_CHANGE_PASSWORD = 1
    _ACTION_TERMINATE_SESSIONS = 3
    _ACTION_REBOOT = 5
    def __init__(self, storage):
        """
        Initialize the LAPS applier with configuration from registry.
        Args:
            storage: Storage object containing registry entries and system information
        """
        self.storage = storage
        # Load registry configuration
        if not self._load_configuration():
            self.__module_enabled = False
            return
        if not self._check_requirements():
            log('W29')
            self.__module_enabled = False
            return
        # Initialize system connections and parameters
        self._initialize_system_parameters()
        # Check if module is enabled in configuration
        self.__module_enabled = check_enabled(
            self.storage,
            self.__module_name,
            self.__module_experimental
        )
    def _load_configuration(self):
        """Load configuration settings from registry."""
        alt_keys = remove_prefix_from_keys(
            self.storage.filter_entries(self._ALT_REGISTRY_PATH),
            self._ALT_REGISTRY_PATH
        )
        windows_keys = remove_prefix_from_keys(
            self.storage.filter_entries(self._WINDOWS_REGISTRY_PATH),
            self._WINDOWS_REGISTRY_PATH
        )
        # Combine configurations with BaseALT taking precedence
        self.config = windows_keys
        self.config.update(alt_keys)
        # Extract commonly used configuration parameters
        self.backup_directory = self.config.get('BackupDirectory', None)
        self.encryption_enabled = self.config.get('ADPasswordEncryptionEnabled', 1)
        self.password_expiration_protection = self.config.get('PasswordExpirationProtectionEnabled', 1)
        self.password_age_days = self.config.get('PasswordAgeDays', 30)
        self.post_authentication_actions = self.config.get('PostAuthenticationActions', 3)
        self.post_authentication_reset_delay = self.config.get('PostAuthenticationResetDelay', 24)
        name = self.config.get('AdministratorAccountName', 'root')
        if name and check_local_user_exists(name):
            self.target_user = name
        else:
            log('W36')
            return False
        return True
    def _check_requirements(self):
        """
        Check if the necessary requirements are met for the module to operate.
        Returns:
            bool: True if requirements are met, False otherwise
        """
        if self.backup_directory != 2 or not self.encryption_enabled:
            logdata = dict()
            logdata['backup_directory'] = self.backup_directory
            logdata['encryption_enabled'] = self.encryption_enabled
            log('D223', logdata)
            return False
        return True
    def _initialize_system_parameters(self):
        """Initialize system parameters and connections."""
        # Set up LDAP connections
        self.samdb = self.storage.get_info('samdb')
        self.domain_sid = self.samdb.get_domain_sid()
        self.domain_dn = self.samdb.domain_dn()
        self.computer_dn = self._get_computer_dn()
        self.admin_group_sid = f'{self.domain_sid}-{WellKnown21RID.DOMAIN_ADMINS.value}'
        # Set up time parameters
        self.expiration_date = self._get_expiration_date()
        self.expiration_date_int = self._convert_to_filetime(self.expiration_date)
        self.current_time_int = self._convert_to_filetime(datetime.now())
        # Get current system state
        self.expiration_time_attr = self._get_expiration_time_attr()
        self.pass_last_mod_int = self._read_dconf_pass_last_mod()
        self.encryption_principal = self._get_encryption_principal()
        self.last_login_hours_ago = self._get_last_login_hours_ago()
    def _get_computer_dn(self):
        """
        Get the Distinguished Name of the computer account.
        Returns:
            str: Computer's distinguished name in LDAP
        """
        machine_name = self.storage.get_info('machine_name')
        search_filter = f'(sAMAccountName={machine_name})'
        results = self.samdb.search(base=self.domain_dn, expression=search_filter, attrs=['dn'])
        return results[0]['dn']
    def _get_encryption_principal(self):
        """
        Get the encryption principal for password encryption.
        Returns:
            str: SID of the encryption principal
        """
        encryption_principal = self.config.get('ADPasswordEncryptionPrincipal', None)
        if not encryption_principal:
            return self.admin_group_sid
        return self._verify_encryption_principal(encryption_principal)
    def _verify_encryption_principal(self, principal_name):
        """
        Verify the encryption principal exists and get its SID.
        Args:
            principal_name: Principal name to verify
        Returns:
            str: SID of the encryption principal if found, or admin group SID as fallback
        """
        try:
            # Try to resolve as domain\\user format
            domain = self.storage.get_info('domain')
            username = f'{domain}\\{principal_name}'
            output = subprocess.check_output(['wbinfo', '-n', username])
            sid = output.split()[0].decode('utf-8')
            return sid
        except subprocess.CalledProcessError:
            # Try to resolve directly as SID
            try:
                output = subprocess.check_output(['wbinfo', '-s', principal_name])
                return principal_name
            except subprocess.CalledProcessError:
                # Fallback to admin group SID
                logdata = dict()
                logdata['principal_name'] = principal_name
                log('W30', logdata)
                return self.admin_group_sid
    def _get_expiration_date(self, base_time=None):
        """
        Calculate the password expiration date.
        Args:
            base_time: Optional datetime to base calculation on, defaults to now
        Returns:
            datetime: Password expiration date
        """
        base = base_time or datetime.now()
        # Set to beginning of day and add password age
        return (base.replace(hour=0, minute=0, second=0, microsecond=0) +
                timedelta(days=int(self.password_age_days)))
    def _convert_to_filetime(self, dt):
        """
        Convert datetime to Windows filetime format (100ns intervals since 1601-01-01).
        Args:
            dt: Datetime to convert
        Returns:
            int: Windows filetime integer
        """
        epoch_timedelta = timedelta(seconds=self._EPOCH_TIMESTAMP)
        new_dt = dt + epoch_timedelta
        return int(new_dt.timestamp() * self._HUNDREDS_OF_NANOSECONDS)
    def _get_expiration_time_attr(self):
        """
        Get the current password expiration time from LDAP.
        Returns:
            int: Password expiration time as integer, or 0 if not found
        """
        try:
            res = self.samdb.search(
                base=self.computer_dn,
                scope=ldb.SCOPE_BASE,
                expression="(objectClass=*)",
                attrs=[self._ATTR_PASSWORD_EXPIRATION_TIME]
            )
            return int(res[0].get(self._ATTR_PASSWORD_EXPIRATION_TIME, 0)[0])
        except Exception as exc:
            logdata = dict()
            logdata['exc'] = exc
            log('W31', logdata)
            return 0
    def _read_dconf_pass_last_mod(self):
        """
        Read the password last modified time from dconf.
        Returns:
            int: Timestamp of last password modification or current time if not found
        """
        try:
            key_path = self._KEY_PASSWORD_LAST_MODIFIED + self.target_user
            last_modified = subprocess.check_output(
                ['dconf', 'read', key_path],
                text=True
            ).strip().strip("'\"")
            return int(last_modified)
        except Exception as exc:
            logdata = dict()
            logdata['exc'] = exc
            log('W32', logdata)
            return self.current_time_int
    def _write_dconf_pass_last_mod(self):
        """
        Write the password last modified time to dconf.
        """
        try:
            # Ensure dbus session is available
            self._ensure_dbus_session()
            # Write current time to dconf
            key_path = self._KEY_PASSWORD_LAST_MODIFIED + self.target_user
            last_modified = f'"{self.current_time_int}"'
            subprocess.check_output(['dconf', 'write', key_path, last_modified])
            log('D222')
        except Exception as exc:
            logdata = dict()
            logdata['exc'] = exc
            log('W28', logdata)
    def _ensure_dbus_session(self):
        """Ensure a D-Bus session is available for dconf operations."""
        dbus_address = os.getenv("DBUS_SESSION_BUS_ADDRESS")
        if not dbus_address:
            result = subprocess.run(
                ["dbus-daemon", "--fork", "--session", "--print-address"],
                capture_output=True,
                text=True
            )
            dbus_address = result.stdout.strip()
            os.environ["DBUS_SESSION_BUS_ADDRESS"] = dbus_address
    def _get_last_login_hours_ago(self):
        """
        Get the number of hours since the user's last login.
        Returns:
            int: Hours since last login, or 0 if error or no login found
        """
        logdata = dict()
        logdata['target_user'] = self.target_user
        try:
            output = subprocess.check_output(
                ["last", "-n", "1", self.target_user],
                env={'LANG':'C'},
                text=True
            ).split("\n")[0]
            parts = output.split()
            if len(parts) < 7:
                return 0
            # Parse login time
            login_str = f"{parts[4]} {parts[5]} {parts[6]}"
            last_login_time = datetime.strptime(login_str, "%b %d %H:%M")
            last_login_time = last_login_time.replace(year=datetime.now().year)
            # Calculate hours difference
            time_diff = datetime.now() - last_login_time
            hours_ago = int(time_diff.total_seconds() // 3600)
            logdata['hours_ago'] = hours_ago
            log('D224', logdata)
            return hours_ago
        except Exception as exc:
            logdata['exc'] = exc
            log('W33', logdata)
            return 0
    def _get_changed_password_hours_ago(self):
        """
        Calculate how many hours ago the password was last changed.
        Returns:
            int: Hours since password was last changed, or 0 if error
        """
        logdata = dict()
        logdata['target_user'] = self.target_user
        try:
            diff_time = self.current_time_int - self.pass_last_mod_int
            hours_difference = diff_time // 3.6e10
            hours_ago = int(hours_difference)
            logdata['hours_ago'] = hours_ago
            log('D225', logdata)
            return hours_ago
        except Exception as exc:
            logdata['exc'] = exc
            log('W34', logdata)
            return 0
    def _generate_password(self):
        """
        Generate a secure password based on policy settings.
        Returns:
            str: Generated password meeting complexity requirements
        """
        # Get password length from config
        password_length = self.config.get('PasswordLength', 14)
        if not isinstance(password_length, int) or not (8 <= password_length <= 64):
            password_length = 14
        # Get password complexity from config
        password_complexity = self.config.get('PasswordComplexity', 4)
        if not isinstance(password_complexity, int) or not (1 <= password_complexity <= 4):
            password_complexity = 4
        # Get character set based on complexity
        char_set = self._PASSWORD_COMPLEXITY.get(password_complexity, self._PASSWORD_COMPLEXITY[4])
        # Generate initial password
        password = ''.join(secrets.choice(char_set) for _ in range(password_length))
        # Ensure password meets complexity requirements
        if password_complexity >= 3 and not any(c.isdigit() for c in password):
            # Add a digit if required but missing
            digit = secrets.choice(string.digits)
            position = secrets.randbelow(len(password))
            password = password[:position] + digit + password[position:]
        if password_complexity == 4 and not any(c in string.punctuation for c in password):
            # Add a special character if required but missing
            special_char = secrets.choice(string.punctuation)
            position = secrets.randbelow(len(password))
            password = password[:position] + special_char + password[position:]
        return password
    def _get_json_password_data(self, password):
        """
        Format password information as JSON.
        Args:
            password: The password
        Returns:
            str: JSON formatted password information
        """
        return f'{{"n":"{self.target_user}","t":"{self.expiration_date_int}","p":"{password}"}}'
    def _create_password_blob(self, password):
        """
        Create encrypted password blob for LDAP storage.
        Args:
            password: Password to encrypt
        Returns:
            bytes: Encrypted password blob
        """
        # Create JSON data and encode as UTF-16LE with null terminator
        json_data = self._get_json_password_data(password)
        password_bytes = json_data.encode("utf-16-le") + b"\x00\x00"
        # Save and change loglevel
        logger = logging.getLogger()
        old_level = logger.level
        logger.setLevel(logging.ERROR)
        # Encrypt the password
        dpapi_blob = dpapi_ng.ncrypt_protect_secret(
            password_bytes,
            self.encryption_principal,
            auth_protocol='kerberos'
        )
        # Restoreloglevel
        logger.setLevel(old_level)
        # Create full blob with metadata
        return self._add_blob_metadata(dpapi_blob)
    def _add_blob_metadata(self, dpapi_blob):
        """
        Add metadata to the encrypted password blob.
        Args:
            dpapi_blob: Encrypted password blob
        Returns:
            bytes: Complete blob with metadata
        """
        # Convert timestamp to correct format
        left, right = struct.unpack('<LL', struct.pack('Q', self.current_time_int))
        packed = struct.pack('<LL', right, left)
        # Add blob length and padding
        prefix = packed + struct.pack('<i', len(dpapi_blob)) + b'\x00\x00\x00\x00'
        # Combine metadata and encrypted blob
        return prefix + dpapi_blob
    def _change_user_password(self, new_password):
        """
        Change the password for the target user.
        Args:
            new_password: New password to set
        Returns:
            bool: True if password was changed successfully, False otherwise
        """
        logdata = dict()
        logdata['target_use'] = self.target_user
        try:
            # Use chpasswd to change the password
            process = subprocess.Popen(
                ["chpasswd"],
                stdin=subprocess.PIPE,
                text=True
            )
            process.communicate(f"{self.target_user}:{new_password}")
            # Record the time of change
            self._write_dconf_pass_last_mod()
            log('D221', logdata)
            return True
        except Exception as exc:
            logdata['exc'] = exc
            log('W27', logdata)
            return False
    def _update_ldap_password(self, encrypted_blob):
        """
        Update the encrypted password and expiration time in LDAP.
        Args:
            encrypted_blob: Encrypted password blob
        Returns:
            bool: True if LDAP was updated successfully, False otherwise
        """
        logdata = dict()
        logdata['computer_dn'] = self.computer_dn
        try:
            # Create LDAP modification message
            mod_msg = ldb.Message()
            mod_msg.dn = self.computer_dn
            # Update password blob
            mod_msg[self._ATTR_ENCRYPTED_PASSWORD] = ldb.MessageElement(
                encrypted_blob,
                ldb.FLAG_MOD_REPLACE,
                self._ATTR_ENCRYPTED_PASSWORD
            )
            # Update expiration time
            mod_msg[self._ATTR_PASSWORD_EXPIRATION_TIME] = ldb.MessageElement(
                str(self.expiration_date_int),
                ldb.FLAG_MOD_REPLACE,
                self._ATTR_PASSWORD_EXPIRATION_TIME
            )
            # Perform the LDAP modification
            self.samdb.modify(mod_msg)
            log('D226', logdata)
            return True
        except Exception as exc:
            logdata['exc'] = exc
            log('E75', logdata)
            return False
    def _should_update_password(self):
        """
        Determine if the password should be updated based on policy.
        Returns:
            tuple: (bool: update needed, bool: perform post-action)
        """
        # Check if password has expired
        if not self._is_password_expired():
            # Password not expired, check if post-login action needed
            return self._check_post_login_action()
        # Password has expired, update needed
        return True, False
    def _is_password_expired(self):
        """
        Check if the password has expired according to policy.
        Returns:
            bool: True if password has expired, False otherwise
        """
        # Case 1: No expiration protection, check LDAP attribute
        if not self.password_expiration_protection:
            if self.expiration_time_attr > self.current_time_int:
                return False
        # Case 2: With expiration protection, check both policy and LDAP
        elif self.password_expiration_protection:
            policy_expiry = self.pass_last_mod_int + (self.password_age_days * int(self._DAY_FLOAT))
            if policy_expiry > self.current_time_int and self.expiration_time_attr > self.current_time_int:
                return False
        return True
    def _check_post_login_action(self):
        """
        Check if a post-login password change action should be performed.
        Returns:
            tuple: (bool: update needed, bool: perform post-action)
        """
        # Check if password was changed after last login
        if self._get_changed_password_hours_ago() < self.last_login_hours_ago:
            return False, False
        # Check if enough time has passed since login
        if self.last_login_hours_ago < self.post_authentication_reset_delay:
            return False, False
        # Check if action is configured
        if self.post_authentication_actions == self._ACTION_NONE:
            return False, False
        # Update needed, determine if post-action required
        return True, self.post_authentication_actions > self._ACTION_CHANGE_PASSWORD
    def _perform_post_action(self):
        """
        Perform post-password-change action based on configuration.
        """
        if self.post_authentication_actions == self._ACTION_TERMINATE_SESSIONS:
            self._terminate_user_sessions()
        elif self.post_authentication_actions == self._ACTION_REBOOT:
            log('D220')
            subprocess.run(["reboot"])
    def _terminate_user_sessions(self):
        """
        Terminates all processes associated with the active sessions of the target user.
        """
        # Get active sessions for the target user
        user_sessions = [user for user in psutil.users() if user.name == self.target_user]
        logdata = dict()
        logdata['target_user'] = self.target_user
        if not user_sessions:
            log('D227', logdata)
            return
        # Terminate each session
        for session in user_sessions:
            try:
                # Get the process and terminate it
                proc = psutil.Process(session.pid)
                proc.kill()  # Send SIGKILL
                logdata['pid'] = session.pid
                log('D228')
            except (psutil.NoSuchProcess, psutil.AccessDenied) as exc:
                logdata['pid'] = session.pid
                logdata['exc'] = exc
                log('W35', logdata)
    def update_laps_password(self):
        """
        Update the LAPS password if needed based on policy.
        Checks expiration and login times to determine if update is needed.
        """
        # Check if password update is needed
        update_needed, perform_post_action = self._should_update_password()
        if not update_needed:
            log('D229')
            return False
        # Generate new password
        password = self._generate_password()
        # Create encrypted password blob
        encrypted_blob = self._create_password_blob(password)
        # Update password in LDAP
        ldap_success = self._update_ldap_password(encrypted_blob)
        if not ldap_success:
            return False
        # Change local user password
        local_success = self._change_user_password(password)
        if not local_success:
            log('E76')
            return False
        log('D230')
        # Perform post-action if configured
        if perform_post_action:
            self._perform_post_action()
    def apply(self):
        """
        Main entry point for the LAPS applier.
        """
        if self.__module_enabled:
            log('D218')
            self.update_laps_password()
        else:
            log('D219')
--- a/gpoa/frontend/networkshare_applier.py
+++ b/gpoa/frontend/networkshare_applier.py
@@ -0,0 +1,58 @@
 #
 # GPOA - GPO Applier for Linux
 #
 # Copyright (C) 2019-2022 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 from .appliers.netshare import Networkshare
 from .applier_frontend import (
      applier_frontend
    , check_enabled
 )
 from util.logging import log
 class networkshare_applier(applier_frontend):
    __module_name = 'NetworksharesApplier'
    __module_name_user = 'NetworksharesApplierUser'
    __module_experimental = True
    __module_enabled = False
    def __init__(self, storage, sid, username = None):
        self.storage = storage
        self.sid = sid
        self.username = username
        self.networkshare_info = self.storage.get_networkshare(self.sid)
        self.__module_enabled = check_enabled(self.storage, self.__module_name, self.__module_experimental)
        self.__module_enabled_user = check_enabled(self.storage, self.__module_name_user, self.__module_experimental)
    def run(self):
        for networkshare in self.networkshare_info:
            Networkshare(networkshare, self.username)
    def apply(self):
        if self.__module_enabled:
            log('D187')
            self.run()
        else:
            log('D181')
    def admin_context_apply(self):
        pass
    def user_context_apply(self):
        if self.__module_enabled_user:
            log('D188')
            self.run()
        else:
            log('D189')
--- a/gpoa/frontend/ntp_applier.py
+++ b/gpoa/frontend/ntp_applier.py
@@ -0,0 +1,154 @@
 #
 # GPOA - GPO Applier for Linux
 #
 # Copyright (C) 2019-2020 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import subprocess
 from enum import Enum
 from .applier_frontend import (
      applier_frontend
    , check_enabled
 )
 from util.logging import log
 class NTPServerType(Enum):
    NTP = 'NTP'
 class ntp_applier(applier_frontend):
    __module_name = 'NTPApplier'
    __module_experimental = True
    __module_enabled = False
    __ntp_branch = 'Software\\Policies\\Microsoft\\W32time\\Parameters'
    __ntp_client_branch = 'Software\\Policies\\Microsoft\\W32time\\TimeProviders\\NtpClient'
    __ntp_server_branch = 'Software\\Policies\\Microsoft\\W32time\\TimeProviders\\NtpServer'
    __ntp_key_address = 'NtpServer'
    __ntp_key_type = 'Type'
    __ntp_key_client_enabled = 'Enabled'
    __ntp_key_server_enabled = 'Enabled'
    __chrony_config = '/etc/chrony.conf'
    def __init__(self, storage):
        self.storage = storage
        self.ntp_server_address_key = '{}\\{}'.format(self.__ntp_branch, self.__ntp_key_address)
        self.ntp_server_type = '{}\\{}'.format(self.__ntp_branch, self.__ntp_key_type)
        self.ntp_client_enabled = '{}\\{}'.format(self.__ntp_client_branch, self.__ntp_key_client_enabled)
        self.ntp_server_enabled = '{}\\{}'.format(self.__ntp_server_branch, self.__ntp_key_server_enabled)
        self.__module_enabled = check_enabled(
              self.storage
            , self.__module_name
            , self.__module_experimental
        )
    def _chrony_as_client(self):
        command = ['/usr/sbin/control', 'chrony', 'client']
        proc = subprocess.Popen(command)
        proc.wait()
    def _chrony_as_server(self):
        command = ['/usr/sbin/control', 'chrony', 'server']
        proc = subprocess.Popen(command)
        proc.wait()
    def _start_chrony_client(self, server=None):
        srv = None
        if server:
            srv = server.data.rpartition(',')[0]
            logdata = dict()
            logdata['srv'] = srv
            log('D122', logdata)
        start_command = ['/usr/bin/systemctl', 'start', 'chronyd']
        chrony_set_server = ['/usr/bin/chronyc', 'add', 'server', srv]
        chrony_disconnect_all = ['/usr/bin/chronyc', 'offline']
        chrony_connect = ['/usr/bin/chronyc', 'online', srv]
        log('D123')
        proc = subprocess.Popen(start_command)
        proc.wait()
        if srv:
            logdata = dict()
            logdata['srv'] = srv
            log('D124', logdata)
            proc = subprocess.Popen(chrony_disconnect_all)
            proc.wait()
            proc = subprocess.Popen(chrony_set_server)
            proc.wait()
            proc = subprocess.Popen(chrony_connect)
            proc.wait()
    def _stop_chrony_client(self):
        stop_command = ['/usr/bin/systemctl', 'stop', 'chronyd']
        log('D125')
        proc = subprocess.Popen(stop_command)
        proc.wait()
    def run(self):
        server_type = self.storage.get_hklm_entry(self.ntp_server_type)
        server_address = self.storage.get_hklm_entry(self.ntp_server_address_key)
        ntp_server_enabled = self.storage.get_hklm_entry(self.ntp_server_enabled)
        ntp_client_enabled = self.storage.get_hklm_entry(self.ntp_client_enabled)
        if server_type and server_type.data:
            if NTPServerType.NTP.value != server_type.data:
                logdata = dict()
                logdata['server_type'] = server_type
                log('W10', logdata)
            else:
                log('D126')
                if ntp_server_enabled:
                    if '1' == ntp_server_enabled.data and server_address:
                        log('D127')
                        self._start_chrony_client(server_address)
                        self._chrony_as_server()
                    elif '0' == ntp_server_enabled.data:
                        log('D128')
                        self._chrony_as_client()
                    else:
                        log('D129')
                elif ntp_client_enabled:
                    if '1' == ntp_client_enabled.data:
                        log('D130')
                        self._start_chrony_client()
                    elif '0' == ntp_client_enabled.data:
                        log('D131')
                        self._stop_chrony_client()
                    else:
                        log('D132')
    def apply(self):
        if self.__module_enabled:
            log('D121')
            self.run()
        else:
            log('D133')
--- a/gpoa/frontend/package_applier.py
+++ b/gpoa/frontend/package_applier.py
@@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -17,20 +17,103 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import logging
 import subprocess
 from util.logging import log
-from .applier_frontend import applier_frontend
+from .applier_frontend import (
-from .appliers.rpm import rpm
+      applier_frontend
    , check_enabled
 )
 class package_applier(applier_frontend):
    __module_name = 'PackagesApplier'
    __module_experimental = True
    __module_enabled = False
    __install_key_name = 'Install'
    __remove_key_name = 'Remove'
    __sync_key_name = 'Sync'
    __hklm_branch = 'Software\\BaseALT\\Policies\\Packages'
    def __init__(self, storage):
        self.storage = storage
        install_branch = '{}\\{}%'.format(self.__hklm_branch, self.__install_key_name)
        remove_branch = '{}\\{}%'.format(self.__hklm_branch, self.__remove_key_name)
        sync_branch = '{}\\{}%'.format(self.__hklm_branch, self.__sync_key_name)
        self.fulcmd = list()
        self.fulcmd.append('/usr/libexec/gpupdate/pkcon_runner')
        self.fulcmd.append('--loglevel')
        logger = logging.getLogger()
        self.fulcmd.append(str(logger.level))
        self.install_packages_setting = self.storage.filter_hklm_entries(install_branch)
        self.remove_packages_setting = self.storage.filter_hklm_entries(remove_branch)
        self.sync_packages_setting = self.storage.filter_hklm_entries(sync_branch)
        self.flagSync = True
        self.__module_enabled = check_enabled(
              self.storage
            , self.__module_name
            , self.__module_experimental
        )
    def run(self):
        for flag in self.sync_packages_setting:
            self.flagSync = bool(flag.data)
        if 0 < self.install_packages_setting.count() or 0 < self.remove_packages_setting.count():
            if self.flagSync:
                try:
                    subprocess.check_call(self.fulcmd)
                except Exception as exc:
                    logdata = dict()
                    logdata['msg'] = str(exc)
                    log('E55', logdata)
            else:
                try:
                    subprocess.Popen(self.fulcmd,close_fds=False)
                except Exception as exc:
                    logdata = dict()
                    logdata['msg'] = str(exc)
                    log('E61', logdata)
    def apply(self):
-        pass
+        if self.__module_enabled:
            log('D138')
            self.run()
        else:
            log('D139')
 class package_applier_user(applier_frontend):
-    def __init__(self):
+    __module_name = 'PackagesApplierUser'
-        pass
+    __module_experimental = True
    __module_enabled = False
    __install_key_name = 'Install'
    __remove_key_name = 'Remove'
    __sync_key_name = 'Sync'
    __hkcu_branch = 'Software\\BaseALT\\Policies\\Packages'
    def __init__(self, storage, sid, username):
        self.storage = storage
        self.sid = sid
        self.username = username
        self.fulcmd = list()
        self.fulcmd.append('/usr/libexec/gpupdate/pkcon_runner')
        self.fulcmd.append('--user')
        self.fulcmd.append(self.username)
        self.fulcmd.append('--loglevel')
        logger = logging.getLogger()
        self.fulcmd.append(str(logger.level))
        install_branch = '{}\\{}%'.format(self.__hkcu_branch, self.__install_key_name)
        remove_branch = '{}\\{}%'.format(self.__hkcu_branch, self.__remove_key_name)
        sync_branch = '{}\\{}%'.format(self.__hkcu_branch, self.__sync_key_name)
        self.install_packages_setting = self.storage.filter_hkcu_entries(self.sid, install_branch)
        self.remove_packages_setting = self.storage.filter_hkcu_entries(self.sid, remove_branch)
        self.sync_packages_setting = self.storage.filter_hkcu_entries(self.sid, sync_branch)
        self.flagSync = False
        self.__module_enabled = check_enabled(self.storage, self.__module_name, self.__module_experimental)
    def user_context_apply(self):
        '''
@@ -38,10 +121,35 @@ class package_applier_user(applier_frontend):
        '''
        pass
    def run(self):
        for flag in self.sync_packages_setting:
            if flag.data:
                self.flagSync = bool(int(flag.data))
        if 0 < self.install_packages_setting.count() or 0 < self.remove_packages_setting.count():
            if self.flagSync:
                try:
                    subprocess.check_call(self.fulcmd)
                except Exception as exc:
                    logdata = dict()
                    logdata['msg'] = str(exc)
                    log('E60', logdata)
            else:
                try:
                    subprocess.Popen(self.fulcmd,close_fds=False)
                except Exception as exc:
                    logdata = dict()
                    logdata['msg'] = str(exc)
                    log('E62', logdata)
    def admin_context_apply(self):
        '''
        Install software assigned to specified username regardless
        which computer he uses to log into system.
        '''
-        pass
+        if self.__module_enabled:
            log('D140')
            self.run()
        else:
            log('D141')
--- a/gpoa/frontend/polkit_applier.py
+++ b/gpoa/frontend/polkit_applier.py
@@ -16,36 +16,165 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
-from .applier_frontend import applier_frontend
+from .applier_frontend import (
      applier_frontend
    , check_enabled
    , check_windows_mapping_enabled
 )
 from .appliers.polkit import polkit
-from util.logging import slogm
+from util.logging import log
 import logging
 class polkit_applier(applier_frontend):
-    __deny_all = 'Software\\Policies\\Microsoft\\Windows\\RemovableStorageDevices\\Deny_All'
+    __module_name = 'PolkitApplier'
    __module_experimental = False
    __module_enabled = True
    __deny_all_win = 'Software\\Policies\\Microsoft\\Windows\\RemovableStorageDevices\\Deny_All'
    __registry_branch = 'Software\\BaseALT\\Policies\\Polkit\\'
    __registry_locks_branch = 'Software\\BaseALT\\Policies\\PolkitLocks\\'
    __polkit_map = {
-        __deny_all: ['99-gpoa_disk_permissions', { 'Deny_All': 0 }]
+        __deny_all_win: ['49-gpoa_disk_permissions', { 'Deny_All': 0 }],
        __registry_branch : ['49-alt_group_policy_permissions', {}],
        __registry_locks_branch : ['47-alt_group_policy_permissions', {}]
    }
    def __init__(self, storage):
        self.storage = storage
-        deny_all = storage.filter_hklm_entries(self.__deny_all).first()
+        deny_all_win = None
        if check_windows_mapping_enabled(self.storage):
            deny_all_win = storage.filter_hklm_entries(self.__deny_all_win).first()
        # Deny_All hook: initialize defaults
-        template_file = self.__polkit_map[self.__deny_all][0]
+        polkit_filter = '{}%'.format(self.__registry_branch)
-        template_vars = self.__polkit_map[self.__deny_all][1]
+        polkit_locks_filter = '{}%'.format(self.__registry_locks_branch)
-        if deny_all:
+        self.polkit_keys = self.storage.filter_hklm_entries(polkit_filter)
-            logging.debug(slogm('Deny_All setting found: {}'.format(deny_all.data)))
+        self.polkit_locks = self.storage.filter_hklm_entries(polkit_locks_filter)
-            self.__polkit_map[self.__deny_all][1]['Deny_All'] = deny_all.data
+        template_file = self.__polkit_map[self.__deny_all_win][0]
        template_vars = self.__polkit_map[self.__deny_all_win][1]
        template_file_all = self.__polkit_map[self.__registry_branch][0]
        template_vars_all = self.__polkit_map[self.__registry_branch][1]
        template_file_all_lock = self.__polkit_map[self.__registry_locks_branch][0]
        template_vars_all_lock = self.__polkit_map[self.__registry_locks_branch][1]
        locks = list()
        for lock in self.polkit_locks:
            if bool(int(lock.data)):
                locks.append(lock.valuename)
        dict_lists_rules = {'No': [[], []],
                            'Yes': [[], []],
                            'Auth_self' : [[], []],
                            'Auth_admin': [[], []],
                            'Auth_self_keep': [[], []],
                            'Auth_admin_keep': [[], []]}
        check_and_add_to_list = (lambda it, act: dict_lists_rules[act][0].append(it.valuename)
                                if it.valuename not in locks
                                else dict_lists_rules[act][1].append(it.valuename))
        for it_data in self.polkit_keys:
            check_and_add_to_list(it_data, it_data.data)
        for key, item in dict_lists_rules.items():
            self.__polkit_map[self.__registry_branch][1][key] = item[0]
            self.__polkit_map[self.__registry_locks_branch][1][key] = item[1]
        if deny_all_win:
            logdata = dict()
            logdata['Deny_All_win'] = deny_all_win.data
            log('D69', logdata)
            self.__polkit_map[self.__deny_all_win][1]['Deny_All'] = deny_all_win.data
        else:
-            logging.debug(slogm('Deny_All setting not found'))
+            log('D71')
        self.policies = []
        self.policies.append(polkit(template_file, template_vars))
        self.policies.append(polkit(template_file_all, template_vars_all))
        self.policies.append(polkit(template_file_all_lock, template_vars_all_lock))
        self.__module_enabled = check_enabled(
              self.storage
            , self.__module_name
            , self.__module_experimental
        )
    def apply(self):
        '''
        Trigger control facility invocation.
        '''
-        for policy in self.policies:
+        if self.__module_enabled:
-            policy.generate()
+            log('D73')
            for policy in self.policies:
                policy.generate()
        else:
            log('D75')
 class polkit_applier_user(applier_frontend):
    __module_name = 'PolkitApplierUser'
    __module_experimental = False
    __module_enabled = True
    __deny_all_win = 'Software\\Policies\\Microsoft\\Windows\\RemovableStorageDevices\\Deny_All'
    __registry_branch = 'Software\\BaseALT\\Policies\\Polkit\\'
    __polkit_map = {
            __deny_all_win: ['48-gpoa_disk_permissions_user', { 'Deny_All': 0, 'User': '' }],
            __registry_branch : ['48-alt_group_policy_permissions_user', {'User': ''}]
    }
    def __init__(self, storage, sid, username):
        self.storage = storage
        self.sid = sid
        self.username = username
        deny_all_win = None
        if check_windows_mapping_enabled(self.storage):
            deny_all_win = storage.filter_hkcu_entries(self.sid, self.__deny_all_win).first()
        polkit_filter = '{}%'.format(self.__registry_branch)
        self.polkit_keys = self.storage.filter_hkcu_entries(self.sid, polkit_filter)
        # Deny_All hook: initialize defaults
        template_file = self.__polkit_map[self.__deny_all_win][0]
        template_vars = self.__polkit_map[self.__deny_all_win][1]
        template_file_all = self.__polkit_map[self.__registry_branch][0]
        template_vars_all = self.__polkit_map[self.__registry_branch][1]
        dict_lists_rules = {'No': [],
                            'Yes': [],
                            'Auth_self': [],
                            'Auth_admin': [],
                            'Auth_self_keep': [],
                            'Auth_admin_keep': []}
        for it_data in self.polkit_keys:
            dict_lists_rules[it_data.data].append(it_data.valuename)
        self.__polkit_map[self.__registry_branch][1]['User'] = self.username
        for key, item in dict_lists_rules.items():
            self.__polkit_map[self.__registry_branch][1][key] = item
        if deny_all_win:
            logdata = dict()
            logdata['user'] = self.username
            logdata['Deny_All_win'] = deny_all_win.data
            log('D70', logdata)
            self.__polkit_map[self.__deny_all_win][1]['Deny_All'] = deny_all_win.data
            self.__polkit_map[self.__deny_all_win][1]['User'] = self.username
        else:
            log('D72')
        self.policies = []
        self.policies.append(polkit(template_file, template_vars, self.username))
        self.policies.append(polkit(template_file_all, template_vars_all, self.username))
        self.__module_enabled = check_enabled(
              self.storage
            , self.__module_name
            , self.__module_experimental
        )
    def user_context_apply(self):
        pass
    def admin_context_apply(self):
        '''
        Trigger control facility invocation.
        '''
        if self.__module_enabled:
            log('D74')
            for policy in self.policies:
                policy.generate()
        else:
            log('D76')
--- a/gpoa/frontend/scripts_applier.py
+++ b/gpoa/frontend/scripts_applier.py
@@ -0,0 +1,158 @@
 #
 # GPOA - GPO Applier for Linux
 #
 # Copyright (C) 2019-2022 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import os
 import shutil
 from pathlib import Path
 from util.logging import log
 from .appliers.folder import remove_dir_tree
 from .applier_frontend import (
      applier_frontend
    , check_enabled
 )
 class scripts_applier(applier_frontend):
    __module_name = 'ScriptsApplier'
    __module_experimental = True
    __module_enabled = False
    __cache_scripts = '/var/cache/gpupdate_scripts_cache/machine/'
    def __init__(self, storage, sid):
        self.storage = storage
        self.sid = sid
        self.startup_scripts = self.storage.get_scripts(self.sid, 'STARTUP')
        self.shutdown_scripts = self.storage.get_scripts(self.sid, 'SHUTDOWN')
        self.folder_path = Path(self.__cache_scripts)
        self.__module_enabled = check_enabled(self.storage
            , self.__module_name
            , self.__module_experimental
        )
    def cleaning_cache(self):
        log('D160')
        try:
            remove_dir_tree(self.folder_path, True, True, True,)
        except FileNotFoundError as exc:
            log('D154')
        except Exception as exc:
            logdata = dict()
            logdata['exc'] = exc
            log('E64', logdata)
    def filling_cache(self):
        '''
        Creating and updating folder directories for scripts and copying them
        '''
        self.folder_path.mkdir(parents=True, exist_ok=True)
        for ts in self.startup_scripts:
            script_path = os.path.join(self.__cache_scripts, 'STARTUP')
            install_script(ts, script_path, '700')
        for ts in self.shutdown_scripts:
            script_path = os.path.join(self.__cache_scripts, 'SHUTDOWN')
            install_script(ts, script_path, '700')
    def run(self):
        self.filling_cache()
    def apply(self):
        self.cleaning_cache()
        if self.__module_enabled:
            log('D156')
            self.run()
        else:
            log('D157')
 class scripts_applier_user(applier_frontend):
    __module_name = 'ScriptsApplierUser'
    __module_experimental = True
    __module_enabled = False
    __cache_scripts = '/var/cache/gpupdate_scripts_cache/users/'
    def __init__(self, storage, sid, username):
        self.storage = storage
        self.sid = sid
        self.logon_scripts = self.storage.get_scripts(self.sid, 'LOGON')
        self.logoff_scripts = self.storage.get_scripts(self.sid, 'LOGOFF')
        self.username = username
        self.folder_path = Path(self.__cache_scripts + self.username)
        self.__module_enabled = check_enabled(self.storage
            , self.__module_name
            , self.__module_experimental
        )
    def cleaning_cache(self):
        log('D161')
        try:
            remove_dir_tree(self.folder_path, True, True, True,)
        except FileNotFoundError as exc:
            log('D155')
        except Exception as exc:
            logdata = dict()
            logdata['exc'] = exc
            log('E65', logdata)
    def filling_cache(self):
        '''
        Creating and updating folder directories for scripts and copying them
        '''
        self.folder_path.mkdir(parents=True, exist_ok=True)
        for ts in self.logon_scripts:
            script_path = os.path.join(self.__cache_scripts, self.username, 'LOGON')
            install_script(ts, script_path, '755')
        for ts in self.logoff_scripts:
            script_path = os.path.join(self.__cache_scripts, self.username, 'LOGOFF')
            install_script(ts, script_path, '755')
    def user_context_apply(self):
        pass
    def run(self):
        self.filling_cache()
    def admin_context_apply(self):
        self.cleaning_cache()
        if self.__module_enabled:
            log('D158')
            self.run()
        else:
            log('D159')
 def install_script(storage_script_entry, script_dir, access_permissions):
    '''
    Copy scripts to specific directories and
    if given arguments
    create directories for them and copy them there
    '''
    dir_cr = Path(script_dir)
    dir_cr.mkdir(parents=True, exist_ok=True)
    if storage_script_entry.number is None:
        return
    script_name = str(storage_script_entry.number).zfill(5) + '_' + os.path.basename(storage_script_entry.path)
    script_file = os.path.join(script_dir, script_name)
    shutil.copyfile(storage_script_entry.path, script_file)
    os.chmod(script_file, int(access_permissions, base = 8))
    if storage_script_entry.args:
        dir_path = script_dir + '/' + script_name + '.arg'
        dir_arg = Path(dir_path)
        dir_arg.mkdir(parents=True, exist_ok=True)
        file_arg = open(dir_path + '/arg', 'w')
        file_arg.write(storage_script_entry.args)
        file_arg.close()
--- a/gpoa/frontend/shortcut_applier.py
+++ b/gpoa/frontend/shortcut_applier.py
@@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -16,38 +16,51 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import logging
 import subprocess
-from .applier_frontend import applier_frontend
+from .applier_frontend import (
-from gpt.shortcuts import json2sc
+      applier_frontend
    , check_enabled
 )
 from util.windows import expand_windows_var
-from util.logging import slogm
+from util.logging import log
 from util.util import (
        get_homedir,
-        homedir_exists
+        homedir_exists,
        string_to_literal_eval
 )
 from gpt.shortcuts import shortcut, get_ttype
-def storage_get_shortcuts(storage, sid):
+def storage_get_shortcuts(storage, sid, username=None, shortcuts_machine=None):
    '''
    Query storage for shortcuts' rows for specified SID.
    '''
    shortcut_objs = storage.get_shortcuts(sid)
    shortcuts = list()
    if username and shortcuts_machine:
        shortcut_objs += shortcuts_machine
-    for sc_obj in shortcut_objs:
+    for sc in shortcut_objs:
-        sc = json2sc(sc_obj.shortcut)
+        if username:
            sc.set_expanded_path(expand_windows_var(sc.path, username))
        shortcuts.append(sc)
    return shortcuts
-def write_shortcut(shortcut, username=None):
+def apply_shortcut(shortcut, username=None):
    '''
-    Write the single shortcut file to the disk.
+    Apply the single shortcut file to the disk.
    :username: None means working with machine variables and paths
    '''
-    dest_abspath = expand_windows_var(shortcut.dest, username).replace('\\', '/') + '.desktop'
+    dest_abspath = shortcut.dest
    if not dest_abspath.startswith('/') and not dest_abspath.startswith('%'):
        dest_abspath = '%HOME%/' + dest_abspath
    logdata = dict()
    logdata['shortcut'] = dest_abspath
    logdata['for'] = username
    log('D105', logdata)
    dest_abspath = expand_windows_var(dest_abspath, username).replace('\\', '/') + '.desktop'
    # Check that we're working for user, not on global system level
    if username:
@@ -56,52 +69,138 @@ def write_shortcut(shortcut, username=None):
        if dest_abspath.startswith(get_homedir(username)):
            # Don't try to operate on non-existent directory
            if not homedir_exists(username):
-                logging.warning(slogm('No home directory exists for user {}: will not create link {}'.format(username, dest_abspath)))
+                logdata = dict()
                logdata['user'] = username
                logdata['dest_abspath'] = dest_abspath
                log('W7', logdata)
                return None
        else:
            logdata = dict()
            logdata['user'] = username
            logdata['bad path'] = dest_abspath
            log('W8', logdata)
            return None
-    logging.debug(slogm('Writing shortcut file to {}'.format(dest_abspath)))
+    if '%' in dest_abspath:
-    shortcut.write_desktop(dest_abspath)
+        logdata = dict()
        logdata['dest_abspath'] = dest_abspath
        log('E53', logdata)
        return None
    if not dest_abspath.startswith('/'):
        logdata = dict()
        logdata['dest_abspath'] = dest_abspath
        log('E54', logdata)
        return None
    logdata = dict()
    logdata['file'] = dest_abspath
    logdata['with_action'] = shortcut.action
    log('D106', logdata)
    shortcut.apply_desktop(dest_abspath)
 class shortcut_applier(applier_frontend):
    __module_name = 'ShortcutsApplier'
    __module_experimental = False
    __module_enabled = True
    def __init__(self, storage):
        self.storage = storage
        self.__module_enabled = check_enabled(
              self.storage
            , self.__module_name
            , self.__module_experimental
        )
-    def apply(self):
+    def run(self):
        shortcuts = storage_get_shortcuts(self.storage, self.storage.get_info('machine_sid'))
        if shortcuts:
            for sc in shortcuts:
-                write_shortcut(sc)
+                apply_shortcut(sc)
            if len(shortcuts) > 0:
                # According to ArchWiki - this thing is needed to rebuild MIME
                # type cache in order file bindings to work. This rebuilds
                # databases located in /usr/share/applications and
                # /usr/local/share/applications
                subprocess.check_call(['/usr/bin/update-desktop-database'])
        else:
-            logging.debug(slogm('No shortcuts to process for {}'.format(self.storage.get_info('machine_sid'))))
+            logdata = dict()
-        # According to ArchWiki - this thing is needed to rebuild MIME
+            logdata['machine_sid'] = self.storage.get_info('machine_sid')
-        # type cache in order file bindings to work. This rebuilds
+            log('D100', logdata)
-        # databases located in /usr/share/applications and
+
-        # /usr/local/share/applications
+    def apply(self):
-        subprocess.check_call(['/usr/bin/update-desktop-database'])
+        if self.__module_enabled:
            log('D98')
            self.run()
        else:
            log('D99')
 class shortcut_applier_user(applier_frontend):
    __module_name = 'ShortcutsApplierUser'
    __module_experimental = False
    __module_enabled = True
    __REGISTRY_PATH_SHORTCATSMERGE= '/Software/BaseALT/Policies/GPUpdate/ShortcutsMerge'
    __DCONF_REGISTRY_PATH_PREFERENCES_MACHINE = 'Software/BaseALT/Policies/Preferences/Machine'
    def __init__(self, storage, sid, username):
        self.storage = storage
        self.sid = sid
        self.username = username
        self.__module_enabled = check_enabled(self.storage, self.__module_name, self.__module_experimental)
    def get_machine_shortcuts(self):
        result = list()
        try:
            storage_machine_dict =  self.storage.get_dictionary_from_dconf_file_db()
            machine_shortcuts = storage_machine_dict.get(
                self.__DCONF_REGISTRY_PATH_PREFERENCES_MACHINE, dict()).get('Shortcuts')
            shortcut_objs =  string_to_literal_eval(machine_shortcuts)
            for obj in shortcut_objs:
                shortcut_machine =shortcut(
                    obj.get('dest'),
                    obj.get('path'),
                    obj.get('arguments'),
                    obj.get('name'),
                    obj.get('action'),
                    get_ttype(obj.get('target_type')))
                shortcut_machine.set_usercontext(1)
                result.append(shortcut_machine)
        except:
            return None
        return result
    def check_enabled_shortcuts_merge(self):
        return self.storage.get_key_value(self.__REGISTRY_PATH_SHORTCATSMERGE)
    def run(self, in_usercontext):
        shortcuts_machine = None
        if self.check_enabled_shortcuts_merge():
            shortcuts_machine = self.get_machine_shortcuts()
        shortcuts = storage_get_shortcuts(self.storage, self.sid, self.username, shortcuts_machine)
        if shortcuts:
            for sc in shortcuts:
                if in_usercontext and sc.is_usercontext():
                    apply_shortcut(sc, self.username)
                if not in_usercontext and not sc.is_usercontext():
                    apply_shortcut(sc, self.username)
        else:
            logdata = dict()
            logdata['sid'] = self.sid
            log('D100', logdata)
    def user_context_apply(self):
-        shortcuts = storage_get_shortcuts(self.storage, self.sid)
+        if self.__module_enabled:
-
+            log('D101')
-        if shortcuts:
+            self.run(True)
            for sc in shortcuts:
                if sc.is_usercontext():
                    write_shortcut(sc, self.username)
        else:
-            logging.debug(slogm('No shortcuts to process for {}'.format(self.sid)))
+            log('D102')
    def admin_context_apply(self):
-        shortcuts = storage_get_shortcuts(self.storage, self.sid)
+        if self.__module_enabled:
-
+            log('D103')
-        if shortcuts:
+            self.run(False)
            for sc in shortcuts:
                if not sc.is_usercontext():
                    write_shortcut(sc, self.username)
        else:
-            logging.debug(slogm('No shortcuts to process for {}'.format(self.sid)))
+            log('D104')
--- a/gpoa/frontend/systemd_applier.py
+++ b/gpoa/frontend/systemd_applier.py
@@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -16,39 +16,65 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
-from .applier_frontend import applier_frontend
+from .applier_frontend import (
      applier_frontend
    , check_enabled
 )
 from .appliers.systemd import systemd_unit
-from util.logging import slogm
+from util.logging import log
 import logging
 class systemd_applier(applier_frontend):
-    __registry_branch = 'Software\\BaseALT\\Policies\\SystemdUnits'
+    __module_name = 'SystemdApplier'
    __module_experimental = False
    __module_enabled = True
    __registry_branch = 'Software/BaseALT/Policies/SystemdUnits'
    def __init__(self, storage):
        self.storage = storage
-        self.systemd_unit_settings = self.storage.filter_hklm_entries('Software\\BaseALT\\Policies\\SystemdUnits%')
+        self.systemd_unit_settings = self.storage.filter_hklm_entries(self.__registry_branch)
        self.units = []
        self.__module_enabled = check_enabled(
              self.storage
            , self.__module_name
            , self.__module_experimental
        )
    def run(self):
        for setting in self.systemd_unit_settings:
            try:
                self.units.append(systemd_unit(setting.valuename, int(setting.data)))
                logdata = dict()
                logdata['unit'] = format(setting.valuename)
                log('I4', logdata)
            except Exception as exc:
                logdata = dict()
                logdata['unit'] = format(setting.valuename)
                logdata['exc'] = exc
                log('I5', logdata)
        for unit in self.units:
            try:
                unit.apply()
            except:
                logdata = dict()
                logdata['unit'] = unit.unit_name
                log('E45', logdata)
    def apply(self):
        '''
        Trigger control facility invocation.
        '''
-        for setting in self.systemd_unit_settings:
+        if self.__module_enabled:
-            valuename = setting.hive_key.rpartition('\\')[2]
+            log('D78')
-            try:
+            self.run()
-                self.units.append(systemd_unit(valuename, int(setting.data)))
+        else:
-                logging.info(slogm('Working with systemd unit {}'.format(valuename)))
+            log('D79')
            except Exception as exc:
                logging.info(slogm('Unable to work with systemd unit {}: {}'.format(valuename, exc)))
        for unit in self.units:
            try:
                unit.apply()
            except:
                logging.error(slogm('Failed applying unit {}'.format(unit.unit_name)))
 class systemd_applier_user(applier_frontend):
-    __registry_branch = 'Software\\BaseALT\\Policies\\SystemdUnits'
+    __module_name = 'SystemdApplierUser'
    __module_experimental = False
    __module_enabled = True
    __registry_branch = 'Software/BaseALT/Policies/SystemdUnits'
    def __init__(self, storage, sid, username):
        self.storage = storage
--- a/gpoa/frontend/thunderbird_applier.py
+++ b/gpoa/frontend/thunderbird_applier.py
@@ -0,0 +1,70 @@
 #
 # GPOA - GPO Applier for Linux
 #
 # Copyright (C) 2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 import json
 import os
 from .applier_frontend import (
      applier_frontend
    , check_enabled
 )
 from util.logging import log
 from util.util import is_machine_name
 from .firefox_applier import create_dict
 class thunderbird_applier(applier_frontend):
    __module_name = 'ThunderbirdApplier'
    __module_experimental = False
    __module_enabled = True
    __registry_branch = 'Software/Policies/Mozilla/Thunderbird'
    __thunderbird_policies = '/etc/thunderbird/policies'
    def __init__(self, storage, sid, username):
        self.storage = storage
        self.sid = sid
        self.username = username
        self._is_machine_name = is_machine_name(self.username)
        self.policies = dict()
        self.policies_json = dict({ 'policies': self.policies })
        self.thunderbird_keys = self.storage.filter_hklm_entries(self.__registry_branch)
        self.policies_gen = dict()
        self.__module_enabled = check_enabled(
              self.storage
            , self.__module_name
            , self.__module_experimental
        )
    def machine_apply(self):
        '''
        Write policies.json to Thunderbird.
        '''
        self.policies_json = create_dict(self.thunderbird_keys, self.__registry_branch)
        destfile = os.path.join(self.__thunderbird_policies, 'policies.json')
        os.makedirs(self.__thunderbird_policies, exist_ok=True)
        with open(destfile, 'w') as f:
            json.dump(self.policies_json, f)
            logdata = dict()
            logdata['destfile'] = destfile
            log('D212', logdata)
    def apply(self):
        if self.__module_enabled:
            log('D213')
            self.machine_apply()
        else:
            log('D214')
--- a/gpoa/frontend/yandex_browser_applier.py
+++ b/gpoa/frontend/yandex_browser_applier.py
@@ -0,0 +1,197 @@
 #
 # GPOA - GPO Applier for Linux
 #
 # Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 from .applier_frontend import (
      applier_frontend
    , check_enabled
 )
 import json
 import os
 from util.logging import log
 from util.util import is_machine_name, string_to_literal_eval
 class yandex_browser_applier(applier_frontend):
    __module_name = 'YandexBrowserApplier'
    __module_enabled = True
    __module_experimental = False
    __registry_branch = 'Software/Policies/YandexBrowser'
    __managed_policies_path = '/etc/opt/yandex/browser/policies/managed'
    __recommended_policies_path = '/etc/opt/yandex/browser/policies/recommended'
    def __init__(self, storage, sid, username):
        self.storage = storage
        self.sid = sid
        self.username = username
        self._is_machine_name = is_machine_name(self.username)
        self.yandex_keys = self.storage.filter_hklm_entries(self.__registry_branch)
        self.policies_json = dict()
        self.__module_enabled = check_enabled(
              self.storage
            , self.__module_name
            , self.__module_experimental
        )
    def machine_apply(self):
        '''
        Apply machine settings.
        '''
        destfile = os.path.join(self.__managed_policies_path, 'policies.json')
        try:
            recommended__json = self.policies_json.pop('Recommended')
        except:
            recommended__json = {}
        #Replacing all nested dictionaries with a list
        dict_item_to_list = (
            lambda target_dict :
                {key:[*val.values()] if type(val) == dict else string_to_literal_eval(val) for key,val in target_dict.items()}
            )
        os.makedirs(self.__managed_policies_path, exist_ok=True)
        with open(destfile, 'w') as f:
            json.dump(dict_item_to_list(self.policies_json), f)
            logdata = dict()
            logdata['destfile'] = destfile
            log('D185', logdata)
        destfilerec = os.path.join(self.__recommended_policies_path, 'policies.json')
        os.makedirs(self.__recommended_policies_path, exist_ok=True)
        with open(destfilerec, 'w') as f:
            json.dump(dict_item_to_list(recommended__json), f)
            logdata = dict()
            logdata['destfilerec'] = destfilerec
            log('D185', logdata)
    def apply(self):
        '''
        All actual job done here.
        '''
        if self.__module_enabled:
            log('D183')
            self.create_dict(self.yandex_keys)
            self.machine_apply()
        else:
            log('D184')
    def get_valuename_typeint(self):
        '''
        List of keys resulting from parsing chrome.admx with parsing_chrom_admx_intvalues.py
        '''
        valuename_typeint = (['DefaultPageSaveSettings',
                            'DefaultUploadSetting',
                            'YandexAutoLaunchMode',
                            'DefaultClipboardSetting',
                            'DefaultFileSystemReadGuardSetting',
                            'DefaultFileSystemWriteGuardSetting',
                            'DefaultImagesSetting',
                            'DefaultJavaScriptJitSetting',
                            'DefaultJavaScriptSetting',
                            'DefaultLocalFontsSetting',
                            'DefaultPopupsSetting',
                            'DefaultSensorsSetting',
                            'DefaultSerialGuardSetting',
                            'DefaultWebBluetoothGuardSetting',
                            'DefaultWebHidGuardSetting',
                            'DefaultWebUsbGuardSetting',
                            'DefaultWindowManagementSetting',
                            'SafeSitesFilterBehavior',
                            'YandexUserFeedbackMode',
                            'TurboSettings',
                            'SidePanelMode',
                            'RestoreOnStartup',
                            'RestoreOnStartup_recommended',
                            'BrowserSwitcherParsingMode',
                            'DefaultNotificationsSetting',
                            'YandexPowerSavingMode',
                            'ChromeVariations',
                            'DeveloperToolsAvailability',
                            'DownloadRestrictions',
                            'NetworkPredictionOptions',
                            'DownloadRestrictions_recommended',
                            'NetworkPredictionOptions_recommended',
                            'DefaultCookiesSetting',
                            'DefaultGeolocationSetting',
                            'IncognitoModeAvailability',
                            'DefaultPrintingSettings',
                            'DefaultPluginsSetting',
                            'DefaultInsecureContentSetting',
                            'PasswordProtectionWarningTrigger',
                            'SafeBrowsingProtectionLevel',
                            'SafeBrowsingProtectionLevel_recommended',
                            'DiskCacheSize'])
        return valuename_typeint
    def get_boolean(self,data):
        if data in ['0', 'false', None, 'none', 0]:
            return False
        if data in ['1', 'true', 1]:
            return True
    def get_parts(self, hivekeyname):
        '''
        Parse registry path string and leave key parameters
        '''
        parts = hivekeyname.replace(self.__registry_branch, '').split('/')
        return parts
    def create_dict(self, yandex_keys):
        '''
        Collect dictionaries from registry keys into a general dictionary
        '''
        counts = dict()
        #getting the list of keys to read as an integer
        valuename_typeint = self.get_valuename_typeint()
        for it_data in yandex_keys:
            branch = counts
            try:
                if type(it_data.data) is bytes:
                    it_data.data = it_data.data.decode(encoding='utf-16').replace('\x00','')
                parts = self.get_parts(it_data.hive_key)
                #creating a nested dictionary from elements
                for part in parts[:-1]:
                    branch = branch.setdefault(part, {})
                #dictionary key value initialization
                if it_data.type == 4:
                    if it_data.valuename in valuename_typeint:
                        branch[parts[-1]] = int(it_data.data)
                    else:
                        branch[parts[-1]] = self.get_boolean(it_data.data)
                else:
                    if it_data.data[0] == '[' and it_data.data[-1] == ']':
                        try:
                            branch[parts[-1]] = json.loads(str(it_data.data))
                        except:
                            branch[parts[-1]] = str(it_data.data).replace('\\', '/')
                    else:
                        branch[parts[-1]] = str(it_data.data).replace('\\', '/')
            except Exception as exc:
                logdata = dict()
                logdata['Exception'] = exc
                logdata['keyname'] = it_data.keyname
                log('D178', logdata)
        try:
            self.policies_json = counts['']
        except:
            self.policies_json = {}
--- a/gpoa/gpoa
+++ b/gpoa/gpoa
@@ -18,16 +18,18 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import argparse
 import logging
 import os
 import signal
 import gettext
 import locale
-from backend import backend_factory
+from backend import backend_factory, save_dconf
 from frontend.frontend_manager import frontend_manager, determine_username
 from plugin import plugin_manager
 from messages import message_with_code
 from storage import Dconf_registry
 from util.util import get_machine_name
 from util.kerberos import machine_kinit
 from util.users import (
    is_root,
    get_process_user
@@ -35,7 +37,8 @@ from util.users import (
 from util.arguments import (
    set_loglevel
 )
-from util.logging import slogm
+from util.logging import log
 from util.exceptions import geterr
 from util.signals import signal_handler
 def parse_arguments():
@@ -56,6 +59,12 @@ def parse_arguments():
    arguments.add_argument('--noplugins',
        action='store_true',
        help='Don\'t start plugins')
    arguments.add_argument('--list-backends',
            action='store_true',
            help='Show list of available backends')
    arguments.add_argument('--force',
            action='store_true',
            help='Force GPT download')
    arguments.add_argument('--loglevel',
        type=int,
        default=4,
@@ -63,34 +72,61 @@ def parse_arguments():
    return arguments.parse_args()
 class gpoa_controller:
    __kinit_successful = False
    __args = None
    def __init__(self):
        self.__args = parse_arguments()
        self.is_machine = False
-        if not self.__args.user:
+        self.noupdate = self.__args.noupdate
            user = get_machine_name()
            self.is_machine = True
        set_loglevel(self.__args.loglevel)
-        self.__kinit_successful = machine_kinit()
+
        locale.bindtextdomain('gpoa', '/usr/lib/python3/site-packages/gpoa/locale')
        gettext.bindtextdomain('gpoa', '/usr/lib/python3/site-packages/gpoa/locale')
        gettext.textdomain('gpoa')
        if not self.__args.user:
            self.username = get_machine_name()
            self.is_machine = True
        else:
            self.username = self.__args.user
        uname = get_process_user()
        uid = os.getuid()
-        logging.debug(slogm('The process was started for user {} with UID {}'.format(uname, uid), uid=uid))
+        logdata = dict()
        logdata['username'] = self.username
        logdata['is_machine'] = self.is_machine
        logdata['process_username'] = uname
        logdata['process_uid'] = uid
        if self.is_machine:
            log('D61', logdata)
        else:
            log('D1', logdata)
            self.username = determine_username(self.username)
        if not is_root():
-            self.username = uname
+            self.noupdate = True
            if self.is_machine:
                msgtext = message_with_code('E34')
                log('E34', {'username': self.username})
                raise Exception(msgtext)
            log('D59', {'username': self.username})
        else:
-            self.username = determine_username(self.__args.user)
+            log('D60', {'username': self.username})
    def run(self):
        '''
        GPOA controller entry point
        '''
        if self.__args.list_backends:
            print('local')
            print('samba')
            return
        Dconf_registry._force = self.__args.force
        self.start_plugins()
        self.start_backend()
        self.start_frontend()
    def start_backend(self):
        '''
@@ -101,11 +137,34 @@ class gpoa_controller:
        if self.__args.nodomain:
            nodomain = True
-        if not self.__args.noupdate:
+        if not self.noupdate:
            if is_root():
-                back = backend_factory(dc, self.username, self.is_machine, nodomain)
+                back = None
                try:
                    back = backend_factory(dc, self.username, self.is_machine, nodomain)
                except Exception as exc:
                    logdata = dict({'msg': str(exc)})
                    einfo = geterr()
                    print(einfo)
                    print(type(einfo))
                    #logdata.update(einfo)
                    log('E12', logdata)
                if back:
-                    back.retrieve_and_store()
+                    try:
                        back.retrieve_and_store()
                        # Start frontend only on successful backend finish
                        self.start_frontend()
                        save_dconf(self.username, self.is_machine, nodomain)
                    except Exception as exc:
                        logdata = dict({'message': str(exc)})
                        # In case we're handling "E3" - it means that
                        # this is a very specific exception that was
                        # not handled properly on lower levels of
                        # code so we're also printing file name and
                        # other information.
                        einfo = geterr()
                        logdata.update(einfo)
                        log('E3', logdata)
    def start_frontend(self):
        '''
@@ -115,7 +174,11 @@ class gpoa_controller:
            appl = frontend_manager(self.username, self.is_machine)
            appl.apply_parameters()
        except Exception as exc:
-            logging.error(slogm('Error occured while running applier: {}'.format(exc)))
+            logdata = dict({'message': str(exc)})
            einfo = geterr()
            #print(einfo)
            logdata.update(einfo)
            log('E4', logdata)
    def start_plugins(self):
        '''
@@ -130,6 +193,7 @@ def main():
    controller.run()
 if __name__ == "__main__":
    default_handler = signal.getsignal(signal.SIGINT)
    signal.signal(signal.SIGINT, signal_handler)
    main()
--- a/gpoa/gpt/drives.py
+++ b/gpoa/gpt/drives.py
@@ -19,27 +19,16 @@
 import json
 from base64 import b64decode
 from Crypto.Cipher import AES
-
+from .dynamic_attributes import DynamicAttributes
 from util.xml import get_xml_root
 def read_drives(drives_file):
    drives = list()
    for drive in get_xml_root(drives_file):
        drive_obj = drivemap()
        props = drive.find('Properties')
        drive_obj.set_login(props.get('username'))
        drive_obj.set_pass(props.get('cpassword'))
        drives.append(drive_obj)
    return drives
 def decrypt_pass(cpassword):
    '''
    AES key for cpassword decryption: http://msdn.microsoft.com/en-us/library/2c15cbf0-f086-4c74-8b70-1f2fa45dd4be%28v=PROT.13%29#endNote2
    '''
    if not cpassword:
        return cpassword
    key = (
            b'\x4e\x99\x06\xe8'
            b'\xfc\xb6\x6c\xc9'
@@ -53,23 +42,110 @@ def decrypt_pass(cpassword):
    cpass_len = len(cpassword)
    padded_pass = (cpassword + "=" * ((4 - cpass_len % 4) % 4))
    password = b64decode(padded_pass)
-    decrypter = AES(key, AES.MODE_CBC, '\x00' * 16)
+    decrypter = AES.new(key, AES.MODE_CBC, '\x00' * 16)
-    return decrypter.decrypt(password)
+    # decrypt() returns byte array which is immutable and we need to
    # strip padding, then convert UTF-16LE to UTF-8
    binstr = decrypter.decrypt(password)
    by = list()
    for item in binstr:
        if item != 16:
            by.append(item)
    utf16str = bytes(by).decode('utf-16', 'ignore')
    utf8str = utf16str.encode('utf8')
-class drivemap:
+    return utf8str.decode()
 def read_drives(drives_file):
    drives = list()
    for drive in get_xml_root(drives_file):
        drive_obj = drivemap()
        props = drive.find('Properties')
        drive_obj.set_login(props.get('username'))
        drive_obj.set_pass(decrypt_pass(props.get('cpassword')))
        drive_obj.set_dir(props.get('letter'))
        drive_obj.set_path(props.get('path'))
        drive_obj.set_action(props.get('action'))
        drive_obj.set_thisDrive(props.get('thisDrive'))
        drive_obj.set_allDrives(props.get('allDrives'))
        drive_obj.set_label(props.get('label'))
        drive_obj.set_persistent(props.get('persistent'))
        drive_obj.set_useLetter(props.get('useLetter'))
        drives.append(drive_obj)
    return drives
 def merge_drives(storage, sid, drive_objects, policy_name):
    for drive in drive_objects:
        storage.add_drive(sid, drive, policy_name)
 def json2drive(json_str):
    json_obj = json.loads(json_str)
    drive_obj = drivemap()
    drive_obj.set_login(json_obj['login'])
    drive_obj.set_pass(json_obj['password'])
    drive_obj.set_dir(json_obj['dir'])
    drive_obj.set_path(json_obj['path'])
    return drive_obj
 class drivemap(DynamicAttributes):
    def __init__(self):
        self.login = None
        self.password = None
        self.dir = None
        self.path = None
        self.action = None
        self.thisDrive = None
        self.allDrives = None
        self.label = None
        self.persistent = None
        self.useLetter = None
    def set_login(self, username):
        self.login = username
        if not username:
            self.login = ''
    def set_pass(self, password):
        self.password = password
        if not password:
            self.password = ''
    def set_dir(self, path):
        self.dir = path
    def set_path(self, path):
        self.path = path
    def set_action(self, action):
        self.action = action
    def set_thisDrive(self, thisDrive):
        self.thisDrive = thisDrive
    def set_allDrives(self, allDrives):
        self.allDrives = allDrives
    def set_label(self, label):
        self.label = label
    def set_persistent(self, persistent):
        self.persistent = persistent
    def set_useLetter(self, useLetter):
        self.useLetter = useLetter
    def to_json(self):
        drive = dict()
        drive['login'] = self.login
        drive['password'] = self.password
        drive['dir'] = self.dir
        drive['path'] = self.path
        contents = dict()
        contents['drive'] = drive
--- a/gpoa/gpt/dynamic_attributes.py
+++ b/gpoa/gpt/dynamic_attributes.py
@@ -0,0 +1,56 @@
 #
 # GPOA - GPO Applier for Linux
 #
 # Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 from enum import Enum
 class DynamicAttributes:
    def __init__(self, **kwargs):
        self.policy_name = None
        for key, value in kwargs.items():
            self.__setattr__(key, value)
    def __setattr__(self, key, value):
        if isinstance(value, Enum):
            value = str(value)
        if isinstance(value, str):
            for q in ["'", "\""]:
                if any(q in ch for ch in value):
                    value = value.replace(q, "″")
        self.__dict__[key] = value
    def items(self):
        return self.__dict__.items()
    def __iter__(self):
        return iter(self.__dict__.items())
    def get_original_value(self, key):
        value = self.__dict__.get(key)
        if isinstance(value, str):
            value = value.replace("″", "'")
        return value
 class RegistryKeyMetadata(DynamicAttributes):
    def __init__(self, policy_name, type, is_list=None, mod_previous_value=None):
        self.policy_name = policy_name
        self.type = type
        self.reloaded_with_policy_key = None
        self.is_list = is_list
        self.mod_previous_value = mod_previous_value
    def __repr__(self):
        return str(dict(self))
--- a/gpoa/gpt/envvars.py
+++ b/gpoa/gpt/envvars.py
@@ -17,18 +17,30 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 from util.xml import get_xml_root
 from .dynamic_attributes import DynamicAttributes
 def read_envvars(envvars_file):
    variables = list()
    for var in get_xml_root(envvars_file):
-        var_obj = envvar()
+        props = var.find('Properties')
        name = props.get('name')
        value = props.get('value')
        action = props.get('action', default='C')
        var_obj = envvar(name, value, action)
        variables.append(var_obj)
    return variables
-class envvar:
+def merge_envvars(storage, sid, envvar_objects, policy_name):
-    def __init__(self):
+    for envv in envvar_objects:
-        pass
+        storage.add_envvar(sid, envv, policy_name)
 class envvar(DynamicAttributes):
    def __init__(self, name, value, action):
        self.name = name
        self.value = value
        self.action = action
--- a/gpoa/gpt/files.py
+++ b/gpoa/gpt/files.py
@@ -17,18 +17,44 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 from util.xml import get_xml_root
 from .dynamic_attributes import DynamicAttributes
 def read_files(filesxml):
    files = list()
    for fil in get_xml_root(filesxml):
-        fil_obj = fileentry()
+        props = fil.find('Properties')
-
+        fil_obj = fileentry(props.get('fromPath'))
        fil_obj.set_action(props.get('action', default='C'))
        fil_obj.set_target_path(props.get('targetPath', default=None))
        fil_obj.set_read_only(props.get('readOnly', default=None))
        fil_obj.set_archive(props.get('archive', default=None))
        fil_obj.set_hidden(props.get('hidden', default=None))
        fil_obj.set_suppress(props.get('suppress', default=None))
        fil_obj.set_executable(props.get('executable', default=None))
        files.append(fil_obj)
    return files
-class fileentry:
+def merge_files(storage, sid, file_objects, policy_name):
-    def __init__(self):
+    for fileobj in file_objects:
-        pass
+        storage.add_file(sid, fileobj, policy_name)
 class fileentry(DynamicAttributes):
    def __init__(self, fromPath):
        self.fromPath = fromPath
    def set_action(self, action):
        self.action = action
    def set_target_path(self, targetPath):
        self.targetPath = targetPath
    def set_read_only(self, readOnly):
        self.readOnly = readOnly
    def set_archive(self, archive):
        self.archive = archive
    def set_hidden(self, hidden):
        self.hidden = hidden
    def set_suppress(self, suppress):
        self.suppress = suppress
    def set_executable(self, executable):
        self.executable = executable
--- a/gpoa/gpt/folders.py
+++ b/gpoa/gpt/folders.py
@@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -16,19 +16,72 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 from .dynamic_attributes import DynamicAttributes
 from util.xml import get_xml_root
 def action_enum2letter(enumitem):
    return enumitem.value
 def folder_int2bool(val):
    value = val
    if type(value) == str:
        value = int(value)
    if value == 1:
        return True
    return False
 def read_folders(folders_file):
    folders = list()
    for fld in get_xml_root(folders_file):
-        fld_obj = folderentry()
+        props = fld.find('Properties')
        path = props.get('path')
        action = props.get('action', default='C')
        fld_obj = folderentry(path, action)
        fld_obj.set_delete_folder(folder_int2bool(props.get('deleteFolder', default=1)))
        fld_obj.set_delete_sub_folders(folder_int2bool(props.get('deleteSubFolders', default=1)))
        fld_obj.set_delete_files(folder_int2bool(props.get('deleteFiles', default=1)))
        fld_obj.set_hidden_folder(folder_int2bool(props.get('hidden', default=0)))
        folders.append(fld_obj)
    return folders
-class folderentry:
+def merge_folders(storage, sid, folder_objects, policy_name):
-    def __init__(self):
+    for folder in folder_objects:
-        pass
+        storage.add_folder(sid, folder, policy_name)
 class folderentry(DynamicAttributes):
    def __init__(self, path, action):
        self.path = path
        self.action = action
        self.delete_folder = False
        self.delete_sub_folders = False
        self.delete_files = False
        self.hidden_folder = False
    def set_action(self, action):
        self.action = action
    def set_delete_folder(self, del_bool):
        self.delete_folder = del_bool
    def set_delete_sub_folders(self, del_bool):
        self.delete_sub_folders = del_bool
    def set_delete_files(self, del_bool):
        self.delete_files = del_bool
    def set_hidden_folder(self, hid_bool):
        self.hidden_folder = hid_bool
--- a/gpoa/gpt/gpo_dconf_mapping.py
+++ b/gpoa/gpt/gpo_dconf_mapping.py
@@ -0,0 +1,48 @@
 #
 # GPOA - GPO Applier for Linux
 #
 # Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 from .dynamic_attributes import DynamicAttributes
 class GpoInfoDconf(DynamicAttributes):
    _counter = 0
    def __init__(self, gpo) -> None:
        GpoInfoDconf._counter += 1
        self.counter = GpoInfoDconf._counter
        self.display_name = None
        self.name = None
        self.version = None
        self.link = None
        self._fill_attributes(gpo)
    def _fill_attributes(self, gpo):
        try:
            self.display_name = gpo.display_name
        except:
            self.display_name = "Unknown"
        try:
            self.name = gpo.name
        except:
            self.name = "Unknown"
        try:
            self.version = gpo.version
        except:
            self.version = "Unknown"
        try:
            self.link = gpo.link
        except:
            self.link = "Unknown"
--- a/gpoa/gpt/gpt.py
+++ b/gpoa/gpt/gpt.py
@@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -16,57 +16,193 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import logging
 import os
 from pathlib import Path
 from enum import Enum, unique
 from samba.gp_parse.gp_pol import GPPolParser
 from storage import registry_factory
-from .shortcuts import read_shortcuts
+from storage.dconf_registry import add_to_dict
-from .services import read_services
+
-from .printers import read_printers
+from .polfile import (
-from .inifiles import read_inifiles
+      read_polfile
-from .folders import read_folders
+    , merge_polfile
-from .files import read_files
+)
-from .envvars import read_envvars
+from .shortcuts import (
-from .drives import read_drives
+      read_shortcuts
    , merge_shortcuts
 )
 from .services import (
      read_services
    , merge_services
 )
 from .printers import (
      read_printers
    , merge_printers
 )
 from .inifiles import (
      read_inifiles
    , merge_inifiles
 )
 from .folders import (
      read_folders
    , merge_folders
 )
 from .files import (
      read_files
    , merge_files
 )
 from .envvars import (
      read_envvars
    , merge_envvars
 )
 from .drives import (
      read_drives
    , merge_drives
 )
 from .tasks import (
      read_tasks
    , merge_tasks
 )
 from .scriptsini import (
      read_scripts
    , merge_scripts
 )
 from .networkshares import (
      read_networkshares
    , merge_networkshares
 )
 import util
 import util.preg
 from util.paths import (
-    default_policy_path,
+    local_policy_path,
    cache_dir,
    local_policy_cache
 )
-from util.logging import slogm
+from util.logging import log
@unique
 class FileType(Enum):
    PREG = 'registry.pol'
    SHORTCUTS = 'shortcuts.xml'
    FOLDERS = 'folders.xml'
    FILES = 'files.xml'
    DRIVES = 'drives.xml'
    SCHEDULEDTASKS = 'scheduledtasks.xml'
    ENVIRONMENTVARIABLES = 'environmentvariables.xml'
    INIFILES = 'inifiles.xml'
    SERVICES = 'services.xml'
    PRINTERS = 'printers.xml'
    SCRIPTS = 'scripts.ini'
    NETWORKSHARES = 'networkshares.xml'
 def get_preftype(path_to_file):
    fpath = Path(path_to_file)
    if fpath.exists():
        file_name = fpath.name.lower()
        for item in FileType:
            if file_name == item.value:
                return item
    return None
 def pref_parsers():
    parsers = dict()
    parsers[FileType.PREG] = read_polfile
    parsers[FileType.SHORTCUTS] = read_shortcuts
    parsers[FileType.FOLDERS] = read_folders
    parsers[FileType.FILES] = read_files
    parsers[FileType.DRIVES] = read_drives
    parsers[FileType.SCHEDULEDTASKS] = read_tasks
    parsers[FileType.ENVIRONMENTVARIABLES] = read_envvars
    parsers[FileType.INIFILES] = read_inifiles
    parsers[FileType.SERVICES] = read_services
    parsers[FileType.PRINTERS] = read_printers
    parsers[FileType.SCRIPTS] = read_scripts
    parsers[FileType.NETWORKSHARES] = read_networkshares
    return parsers
 def get_parser(preference_type):
    parsers = pref_parsers()
    return parsers[preference_type]
 def pref_mergers():
    mergers = dict()
    mergers[FileType.PREG] = merge_polfile
    mergers[FileType.SHORTCUTS] = merge_shortcuts
    mergers[FileType.FOLDERS] = merge_folders
    mergers[FileType.FILES] = merge_files
    mergers[FileType.DRIVES] = merge_drives
    mergers[FileType.SCHEDULEDTASKS] = merge_tasks
    mergers[FileType.ENVIRONMENTVARIABLES] = merge_envvars
    mergers[FileType.INIFILES] = merge_inifiles
    mergers[FileType.SERVICES] = merge_services
    mergers[FileType.PRINTERS] = merge_printers
    mergers[FileType.SCRIPTS] = merge_scripts
    mergers[FileType.NETWORKSHARES] = merge_networkshares
    return mergers
 def get_merger(preference_type):
    mergers = pref_mergers()
    return mergers[preference_type]
 class gpt:
-    __user_policy_mode_key = 'Software\\Policies\\Microsoft\\Windows\\System\\UserPolicyMode'
+    def __init__(self, gpt_path, sid, username='Machine', gpo_info=None):
-
+        add_to_dict(gpt_path, username, gpo_info)
    def __init__(self, gpt_path, sid):
        self.path = gpt_path
        self.username = username
        self.sid = sid
-        self.storage = registry_factory('registry')
+        self.storage = registry_factory()
-        self._scan_gpt()
+        self.storage._gpt_read_flag = True
-
+        self.gpo_info = gpo_info
    def _scan_gpt(self):
        '''
        Collect the data from the specified GPT on file system (cached
        by Samba).
        '''
        self.guid = self.path.rpartition('/')[2]
        self.name = ''
        self.guid = self.path.rpartition('/')[2]
        if 'default' == self.guid:
            self.guid = 'Local Policy'
        self._machine_path = find_dir(self.path, 'Machine')
        self._user_path = find_dir(self.path, 'User')
-        self._machine_prefs = find_dir(self._machine_path, 'Preferences')
+        self._scripts_machine_path = find_dir(self._machine_path, 'Scripts')
-        self._user_prefs = find_dir(self._user_path, 'Preferences')
+        self._scripts_user_path = find_dir(self._user_path, 'Scripts')
        self.settings_list = [
              'shortcuts'
            , 'drives'
            , 'environmentvariables'
            , 'printers'
            , 'folders'
            , 'files'
            , 'inifiles'
            , 'services'
            , 'scheduledtasks'
            , 'scripts'
            , 'networkshares'
        ]
        self.settings = dict()
        self.settings['machine'] = dict()
        self.settings['user'] = dict()
        self.settings['machine']['regpol'] = find_file(self._machine_path, 'registry.pol')
        self.settings['user']['regpol'] = find_file(self._user_path, 'registry.pol')
        for setting in self.settings_list:
            machine_preffile = find_preffile(self._machine_path, setting)
            user_preffile = find_preffile(self._user_path, setting)
            mlogdata = dict({'setting': setting, 'prefpath': machine_preffile})
            log('D24', mlogdata)
            self.settings['machine'][setting] = machine_preffile
            ulogdata = dict({'setting': setting, 'prefpath': user_preffile})
            log('D23', ulogdata)
            self.settings['user'][setting] = user_preffile
        self.settings['machine']['scripts'] = find_file(self._scripts_machine_path, 'scripts.ini')
        self.settings['user']['scripts'] = find_file(self._scripts_user_path, 'scripts.ini')
        logging.debug(slogm('Looking for machine part of GPT {}'.format(self.guid)))
        self._find_machine()
        logging.debug(slogm('Looking for user part of GPT {}'.format(self.guid)))
        self._find_user()
    def set_name(self, name):
        '''
@@ -74,157 +210,61 @@ class gpt:
        '''
        self.name = name
-    def get_policy_mode(self):
+    def merge_machine(self):
        '''
-        Get UserPolicyMode parameter value in order to determine if it
+        Merge machine settings to storage.
        is possible to work with user's part of GPT. This value is
        checked only if working for user's SID.
        '''
-        upm = self.storage.get_hklm_entry(self.__user_policy_mode_key)
+        try:
-        if not upm:
+            # Merge machine policies to registry if possible
-            upm = 0
+            if self.settings['machine']['regpol']:
-        upm = int(upm)
+                mlogdata = dict({'polfile': self.settings['machine']['regpol']})
-        if 0 > upm or 2 > upm:
+                log('D34', mlogdata)
-            upm = 0
+                util.preg.merge_polfile(self.settings['machine']['regpol'], policy_name=self.name, gpo_info=self.gpo_info)
            # Merge machine preferences to registry if possible
            for preference_name, preference_path in self.settings['machine'].items():
                if preference_path:
                    preference_type = get_preftype(preference_path)
                    logdata = dict({'pref': preference_type.value, 'sid': self.sid})
                    log('D28', logdata)
                    preference_parser = get_parser(preference_type)
                    preference_merger = get_merger(preference_type)
                    preference_objects = preference_parser(preference_path)
                    preference_merger(self.storage, self.sid, preference_objects, self.name)
        except Exception as exc:
            logdata = dict()
            logdata['gpt'] = self.name
            logdata['msg'] = str(exc)
            log('E28', logdata)
-        return upm
+    def merge_user(self):
    def _find_user(self):
        self._user_regpol = self._find_regpol('user')
        self._user_shortcuts = self._find_shortcuts('user')
    def _find_machine(self):
        self._machine_regpol = self._find_regpol('machine')
        self._machine_shortcuts = self._find_shortcuts('machine')
    def _find_regpol(self, part):
        '''
-        Find Registry.pol files.
+        Merge user settings to storage.
        '''
-        search_path = self._machine_path
+        try:
-        if 'user' == part:
+            # Merge user policies to registry if possible
-            search_path = self._user_path
+            if self.settings['user']['regpol']:
-        if not search_path:
+                mulogdata = dict({'polfile': self.settings['user']['regpol']})
-            return None
+                log('D35', mulogdata)
-
+                util.preg.merge_polfile(self.settings['user']['regpol'],
-        return find_file(search_path, 'registry.pol')
+                                        sid=self.sid,
-
+                                        policy_name=self.name,
-    def _find_shortcuts(self, part):
+                                        username=self.username,
-        '''
+                                        gpo_info=self.gpo_info)
-        Find Shortcuts.xml files.
+            # Merge user preferences to registry if possible
-        '''
+            for preference_name, preference_path in self.settings['user'].items():
-        shortcuts_dir = find_dir(self._machine_prefs, 'Shortcuts')
+                if preference_path:
-        shortcuts_file = find_file(shortcuts_dir, 'shortcuts.xml')
+                    preference_type = get_preftype(preference_path)
-
+                    logdata = dict({'pref': preference_type.value, 'sid': self.sid})
-        if 'user' == part:
+                    log('D29', logdata)
-            shortcuts_dir = find_dir(self._user_prefs, 'Shortcuts')
+                    preference_parser = get_parser(preference_type)
-            shortcuts_file = find_file(shortcuts_dir, 'shortcuts.xml')
+                    preference_merger = get_merger(preference_type)
-
+                    preference_objects = preference_parser(preference_path)
-        return shortcuts_file
+                    preference_merger(self.storage, self.sid, preference_objects, self.name)
-
+        except Exception as exc:
-    def _find_envvars(self, part):
+            logdata = dict()
-        '''
+            logdata['gpt'] = self.name
-        Find EnvironmentVariables.xml files.
+            logdata['msg'] = str(exc)
-        '''
+            log('E29', logdata)
        search_path = os.path.join(self._machine_path, 'Preferences', 'EnvironmentVariables')
        if 'user' == part:
            search_path = os.path.join(self._user_path, 'Preferences', 'EnvironmentVariables')
        if not search_path:
            return None
        return find_file(search_path, 'environmentvariables.xml')
    def _find_drives(self, part):
        '''
        Find Drives.xml files.
        '''
        search_path = os.path.join(self._machine_path, 'Preferences', 'Drives')
        if 'user' == part:
            search_path = os.path.join(self._user_path, 'Preferences', 'Drives')
        if not search_path:
            return None
        return find_file(search_path, 'drives.xml')
    def _find_printers(self, part):
        '''
        Find Printers.xml files.
        '''
        search_path = os.path.join(self._machine_path, 'Preferences', 'Printers')
        if 'user' == part:
            search_path = os.path.join(self._user_path, 'Preferences', 'Printers')
        if not search_path:
            return None
        return find_file(search_path, 'printers.xml')
    def _merge_shortcuts(self):
        shortcuts = list()
        if self.sid == self.storage.get_info('machine_sid'):
            shortcuts = read_shortcuts(self._machine_shortcuts)
        else:
            shortcuts = read_shortcuts(self._user_shortcuts)
        for sc in shortcuts:
            self.storage.add_shortcut(self.sid, sc)
    def merge(self):
        '''
        Merge machine and user (if sid provided) settings to storage.
        '''
        if self.sid == self.storage.get_info('machine_sid'):
            # Merge machine settings to registry if possible
            if self._machine_regpol:
                logging.debug(slogm('Merging machine settings from {}'.format(self._machine_regpol)))
                util.preg.merge_polfile(self._machine_regpol)
            if self._user_regpol:
                logging.debug(slogm('Merging machine(user) settings from {}'.format(self._machine_regpol)))
                util.preg.merge_polfile(self._user_regpol, self.sid)
            if self._machine_shortcuts:
                logging.debug(slogm('Merging machine shortcuts from {}'.format(self._machine_shortcuts)))
                self._merge_shortcuts()
        else:
            # Merge user settings if UserPolicyMode set accordingly
            # and user settings (for HKCU) are exist.
            policy_mode = upm2str(self.get_policy_mode())
            if 'Merge' == policy_mode or 'Not configured' == policy_mode:
                if self._user_regpol:
                    logging.debug(slogm('Merging user settings from {} for {}'.format(self._user_regpol, self.sid)))
                    util.preg.merge_polfile(self._user_regpol, self.sid)
                if self._user_shortcuts:
                    logging.debug(slogm('Merging user shortcuts from {} for {}'.format(self._user_shortcuts, self.sid)))
                    self._merge_shortcuts()
    def __str__(self):
        template = '''
 GUID: {}
 Name: {}
 For SID: {}
 Machine part: {}
 Machine Registry.pol: {}
 Machine Shortcuts.xml: {}
 User part: {}
 User Registry.pol: {}
 User Shortcuts.xml: {}
 '''
        result = template.format(
            self.guid,
            self.name,
            self.sid,
            self._machine_path,
            self._machine_regpol,
            self._machine_shortcuts,
            self._user_path,
            self._user_regpol,
            self._user_shortcuts,
        )
        return result
 def find_dir(search_path, name):
    '''
@@ -269,11 +309,38 @@ def find_file(search_path, name):
    return None
 def find_preferences(search_path):
    '''
    Find 'Preferences' directory
    '''
    if not search_path:
        return None
    return find_dir(search_path, 'Preferences')
 def find_preffile(search_path, prefname):
    '''
    Find file with path like Preferences/prefname/prefname.xml
    '''
    # Look for 'Preferences' directory
    prefdir = find_preferences(search_path)
    if not prefdir:
        return None
    # Then search for preference directory
    pref_dir = find_dir(prefdir, prefname)
    file_name = '{}.xml'.format(prefname)
    # And then try to find the corresponding file.
    pref_file = find_file(pref_dir, file_name)
    return pref_file
 def lp2gpt():
    '''
    Convert local-policy to full-featured GPT.
    '''
-    lppath = os.path.join(default_policy_path(), 'Machine/Registry.pol.xml')
+    lppath = os.path.join(local_policy_path(), 'Machine/Registry.pol.xml')
    # Load settings from XML PolFile
    polparser = GPPolParser()
@@ -291,24 +358,9 @@ def get_local_gpt(sid):
    '''
    Convert default policy to GPT and create object out of it.
    '''
-    logging.debug(slogm('Re-caching Local Policy'))
+    log('D25')
    lp2gpt()
    local_policy = gpt(str(local_policy_cache()), sid)
    local_policy.set_name('Local Policy')
    return local_policy
 def upm2str(upm_num):
    '''
    Translate UserPolicyMode to string.
    '''
    result = 'Not configured'
    if upm_num in [1, '1']:
        result = 'Replace'
    if upm_num in [2, '2']:
        result = 'Merge'
    return result
--- a/gpoa/gpt/inifiles.py
+++ b/gpoa/gpt/inifiles.py
@@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -17,18 +17,37 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 from util.xml import get_xml_root
 from .dynamic_attributes import DynamicAttributes
 def read_inifiles(inifiles_file):
    inifiles = list()
-    for inifile in get_xml_root(inifiles_file):
+    for ini in get_xml_root(inifiles_file):
-        ini_obj = inifile()
+        prors = ini.find('Properties')
        ini_obj = inifile(prors.get('path'))
        ini_obj.set_section(prors.get('section', default=None))
        ini_obj.set_property(prors.get('property', default=None))
        ini_obj.set_value(prors.get('value', default=None))
        ini_obj.set_action(prors.get('action', default='C'))
        inifiles.append(ini_obj)
    return inifiles
-def inifile():
+def merge_inifiles(storage, sid, inifile_objects, policy_name):
-    def __init__(self):
+    for iniobj in inifile_objects:
-        pass
+        storage.add_ini(sid, iniobj, policy_name)
 class inifile(DynamicAttributes):
    def __init__(self, path):
        self.path = path
    def set_section(self, section):
        self.section = section
    def set_property(self, property):
        self.property = property
    def set_value(self, value):
        self.value = value
    def set_action(self, action):
        self.action = action
--- a/gpoa/gpt/networkshares.py
+++ b/gpoa/gpt/networkshares.py
@@ -0,0 +1,57 @@
 #
 # GPOA - GPO Applier for Linux
 #
 # Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 from util.xml import get_xml_root
 from .dynamic_attributes import DynamicAttributes
 def read_networkshares(networksharesxml):
    networkshares = list()
    for share in get_xml_root(networksharesxml):
        props = share.find('Properties')
        networkshare_obj = networkshare(props.get('name'))
        networkshare_obj.set_action(props.get('action', default='C'))
        networkshare_obj.set_path(props.get('path', default=None))
        networkshare_obj.set_all_regular(props.get('allRegular', default=None))
        networkshare_obj.set_comment(props.get('comment', default=None))
        networkshare_obj.set_limitUsers(props.get('limitUsers', default=None))
        networkshare_obj.set_abe(props.get('abe', default=None))
        networkshares.append(networkshare_obj)
    return networkshares
 def merge_networkshares(storage, sid, networkshares_objects, policy_name):
    for networkshareobj in networkshares_objects:
        storage.add_networkshare(sid, networkshareobj, policy_name)
 class networkshare(DynamicAttributes):
    def __init__(self, name):
        self.name = name
    def set_action(self, action):
        self.action = action
    def set_path(self, path):
        self.path = path
    def set_all_regular(self, allRegular):
        self.allRegular = allRegular
    def set_comment(self, comment):
        self.comment = comment
    def set_limitUsers(self, limitUsers):
        self.limitUsers = limitUsers
    def set_abe(self, abe):
        self.abe = abe
--- a/gpoa/gpt/polfile.py
+++ b/gpoa/gpt/polfile.py
@@ -0,0 +1,33 @@
 #
 # GPOA - GPO Applier for Linux
 #
 # Copyright (C) 2019-2020 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 from util.preg import (
      load_preg
 )
 def read_polfile(filename):
    return load_preg(filename).entries
 def merge_polfile(storage, sid, policy_objects, policy_name):
    pass
    # for entry in policy_objects:
    #     if not sid:
    #         storage.add_hklm_entry(entry, policy_name)
    #     else:
    #         storage.add_hkcu_entry(entry, sid, policy_name)
--- a/gpoa/gpt/printers.py
+++ b/gpoa/gpt/printers.py
@@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -17,6 +17,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import json
 from .dynamic_attributes import DynamicAttributes
 from util.xml import get_xml_root
@@ -41,6 +42,10 @@ def read_printers(printers_file):
    return printers
 def merge_printers(storage, sid, printer_objects, policy_name):
    for device in printer_objects:
        storage.add_printer(sid, device, policy_name)
 def json2printer(json_str):
    '''
    Build printer object out of string-serialized JSON.
@@ -56,7 +61,7 @@ def json2printer(json_str):
    return prn
-class printer:
+class printer(DynamicAttributes):
    def __init__(self, ptype, name, status):
        '''
        ptype may be one of:
--- a/gpoa/gpt/scriptsini.py
+++ b/gpoa/gpt/scriptsini.py
@@ -0,0 +1,148 @@
 #
 # GPOA - GPO Applier for Linux
 #
 # Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import configparser
 import os
 from .dynamic_attributes import DynamicAttributes
 def read_scripts(scripts_file):
    scripts = Scripts_lists()
    logon_scripts = dict()
    logoff_scripts = dict()
    startup_scripts = dict()
    shutdown_scripts = dict()
    config = configparser.ConfigParser()
    config.read(scripts_file, encoding = 'utf-16')
    scripts_file_dir = os.path.dirname(scripts_file)
    actions = config.sections()
    for act in actions:
        act_upper = act.upper()
        if act_upper == 'LOGON':
            section_scripts = logon_scripts
        elif act_upper == 'LOGOFF':
            section_scripts = logoff_scripts
        elif act_upper == 'STARTUP':
            section_scripts = startup_scripts
        elif act_upper == 'SHUTDOWN':
            section_scripts = shutdown_scripts
        else:
            continue
        for key in config[act]:
            key_lower = key.lower()
            key_split = key_lower.split('cmdline')
            if len(key_split) > 1 and not key_split[1]:
                if key_split[0].isdigit():
                    key_index = int(key_split[0])
                    section_scripts[key_index] = Script(act, scripts_file_dir, config[act][key])
            key_split = key_lower.split('parameters')
            if len(key_split) > 1 and not key_split[1]:
                if key_split[0].isdigit():
                    key_index = int(key_split[0])
                    section_scripts[key_index].set_args(config[act][key])
    if logon_scripts:
        for i in sorted(logon_scripts.keys()):
            scripts.add_script('LOGON', logon_scripts[i])
    if logoff_scripts:
        for i in sorted(logoff_scripts.keys()):
            scripts.add_script('LOGOFF', logoff_scripts[i])
    if startup_scripts:
        for i in sorted(startup_scripts.keys()):
            scripts.add_script('STARTUP', startup_scripts[i])
    if shutdown_scripts:
        for i in sorted(shutdown_scripts.keys()):
            scripts.add_script('SHUTDOWN', shutdown_scripts[i])
    return scripts
 def merge_scripts(storage, sid, scripts_objects, policy_name):
    for script in scripts_objects.get_logon_scripts():
        storage.add_script(sid, script, policy_name)
    for script in scripts_objects.get_logoff_scripts():
        storage.add_script(sid, script, policy_name)
    for script in scripts_objects.get_startup_scripts():
        storage.add_script(sid, script, policy_name)
    for script in scripts_objects.get_shutdown_scripts():
        storage.add_script(sid, script, policy_name)
 class Scripts_lists:
    def __init__ (self):
        self.__logon_scripts = list()
        self.__logoff_scripts = list()
        self.__startup_scripts = list()
        self.__shutdown_scripts = list()
    def get_logon_scripts(self):
        return self.__logon_scripts
    def get_logoff_scripts(self):
        return self.__logoff_scripts
    def get_startup_scripts(self):
        return self.__startup_scripts
    def get_shutdown_scripts(self):
        return self.__shutdown_scripts
    def add_script(self, action, script):
        if action == 'LOGON':
            self.get_logon_scripts().append(script)
        elif action == 'LOGOFF':
            self.get_logoff_scripts().append(script)
        elif action == 'STARTUP':
            self.get_startup_scripts().append(script)
        elif action == 'SHUTDOWN':
            self.get_shutdown_scripts().append(script)
 class Script(DynamicAttributes):
    __logon_counter = 0
    __logoff_counter = 0
    __startup_counter = 0
    __shutdown_counter = 0
    def __init__(self, action, script_dir, script_filename):
        action_upper = action.upper()
        self.action = action_upper
        self.path = os.path.join(script_dir, action_upper, script_filename.upper())
        if not os.path.isfile(self.path):
            self.number = None
            return None
        self.args = None
        if action_upper == 'LOGON':
            self.number = Script.__logon_counter
            Script.__logon_counter += 1
        elif action_upper == 'LOGOFF':
            self.number = Script.__logoff_counter
            Script.__logoff_counter += 1
        elif action_upper == 'STARTUP':
            self.number = Script.__startup_counter
            Script.__startup_counter += 1
        elif action_upper == 'SHUTDOWN':
            self.number = Script.__shutdown_counter
            Script.__shutdown_counter += 1
    def set_args(self, args):
        self.args = args
--- a/gpoa/gpt/services.py
+++ b/gpoa/gpt/services.py
@@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -17,6 +17,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 from util.xml import get_xml_root
 from .dynamic_attributes import DynamicAttributes
 def read_services(service_file):
    '''
@@ -39,14 +40,18 @@ def read_services(service_file):
    return services
-class service:
+def merge_services(storage, sid, service_objects, policy_name):
    for srv in service_objects:
        pass
 class service(DynamicAttributes):
    def __init__(self, name):
        self.unit = name
        self.servname = None
        self.serviceaction = None
    def set_clsid(self, clsid):
-        self.guid = uid
+        self.guid = clsid
    def set_usercontext(self, usercontext=False):
        ctx = False
--- a/gpoa/gpt/shortcuts.py
+++ b/gpoa/gpt/shortcuts.py
@@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -18,20 +18,23 @@
 from pathlib import Path
 import stat
 import logging
 from enum import Enum
 from xml.etree import ElementTree
 from xdg.DesktopEntry import DesktopEntry
 import json
 from util.windows import transform_windows_path
 from util.xml import get_xml_root
 from util.paths import get_desktop_files_directory
 from .dynamic_attributes import DynamicAttributes
 class TargetType(Enum):
    FILESYSTEM = 'FILESYSTEM'
    URL = 'URL'
    def __str__(self):
        return self.value
 def get_ttype(targetstr):
    '''
    Validation function for targetType property
@@ -42,7 +45,7 @@ def get_ttype(targetstr):
    '''
    ttype = TargetType.FILESYSTEM
-    if targetstr == 'URL':
+    if targetstr == 'URL'or targetstr == TargetType.URL:
        ttype = TargetType.URL
    return ttype
@@ -79,32 +82,41 @@ def read_shortcuts(shortcuts_file):
        # URL or FILESYSTEM
        target_type = get_ttype(props.get('targetType'))
-        sc = shortcut(dest, path, arguments, link.get('name'), target_type)
+        sc = shortcut(dest, path, arguments, link.get('name'), props.get('action'), target_type)
        sc.set_changed(link.get('changed'))
        sc.set_clsid(link.get('clsid'))
        sc.set_guid(link.get('uid'))
        sc.set_usercontext(link.get('userContext', False))
        sc.set_icon(props.get('iconPath'))
        if props.get('comment'):
            sc.set_comment(props.get('comment'))
        shortcuts.append(sc)
    return shortcuts
-def json2sc(json_str):
+def merge_shortcuts(storage, sid, shortcut_objects, policy_name):
-    '''
+    for shortcut in shortcut_objects:
-    Build shortcut out of string-serialized JSON
+        storage.add_shortcut(sid, shortcut, policy_name)
    '''
    json_obj = json.loads(json_str)
    link_type = get_ttype(json_obj['type'])
    sc = shortcut(json_obj['dest'], json_obj['path'], json_obj['arguments'], json_obj['name'], link_type)
    sc.set_changed(json_obj['changed'])
    sc.set_clsid(json_obj['clsid'])
    sc.set_guid(json_obj['guid'])
    sc.set_usercontext(json_obj['is_in_user_context'])
-    return sc
+def find_desktop_entry(binary_path):
    desktop_dir = get_desktop_files_directory()
    binary_name = ''.join(binary_path.split('/')[-1])
    desktop_file_path = Path(f"{desktop_dir}/{binary_name}.desktop")
-class shortcut:
+    if desktop_file_path.exists():
-    def __init__(self, dest, path, arguments, name=None, ttype=TargetType.FILESYSTEM):
+        desktop_entry = DesktopEntry()
        desktop_entry.parse(desktop_file_path)
        return desktop_entry
    return None
 class shortcut(DynamicAttributes):
    _ignore_fields = {"desktop_file_template", "desktop_file"}
    def __init__(self, dest, path, arguments, name=None, action=None, ttype=TargetType.FILESYSTEM):
        '''
        :param dest: Path to resulting file on file system
        :param path: Path where the link should point to
@@ -112,13 +124,42 @@ class shortcut:
        :param name: Name of the application
        :param type: Link type - FILESYSTEM or URL
        '''
-        self.dest = dest
+        self.dest = self.replace_slashes(dest)
        self.path = path
        self.expanded_path = None
        self.arguments = arguments
-        self.name = name
+        self.name = self.replace_name(name)
        self.action = action
        self.changed = ''
        self.icon = None
        self.comment = ''
        self.is_in_user_context = self.set_usercontext()
        self.type = ttype
        self.desktop_file_template = None
    def items(self):
        return ((k, v) for k, v in super().items() if k not in self._ignore_fields)
    def __iter__(self):
        return iter(self.items())
    def replace_slashes(self, input_path):
        if input_path.startswith('%'):
            index = input_path.find('%', 1)
            if index != -1:
                replace_path = input_path[:index + 2] + input_path[index + 2:].replace('/','-')
                return replace_path
        return input_path.replace('/','-')
    def replace_name(self, input_name):
        if input_name.startswith('%'):
            index = input_name.find('%', 1)
            if index != -1:
                replace_name = input_name[index + 2:]
                return replace_name
        return input_name
    def __str__(self):
        result = self.to_json()
@@ -136,6 +177,12 @@ class shortcut:
    def set_guid(self, uid):
        self.guid = uid
    def set_icon(self, icon_name):
        self.icon = icon_name
    def set_comment(self, comment):
        self.comment = comment
    def set_type(self, ttype):
        '''
        Set type of the hyperlink - FILESYSTEM or URL
@@ -155,59 +202,95 @@ class shortcut:
        self.is_in_user_context = ctx
    def set_expanded_path(self, path):
        '''
        Adjust shortcut path with expanding windows variables
        '''
        self.expanded_path = path
    def is_usercontext(self):
        return self.is_in_user_context
-    def to_json(self):
+    def desktop(self, dest=None):
        '''
        Return shortcut's JSON for further serialization.
        '''
        content = dict()
        content['dest'] = self.dest
        content['path'] = self.path
        content['name'] = self.name
        content['arguments'] = self.arguments
        content['clsid'] = self.clsid
        content['guid'] = self.guid
        content['changed'] = self.changed
        content['is_in_user_context'] = self.is_in_user_context
        content['type'] = ttype2str(self.type)
        result = self.desktop()
        result.content.update(content)
        return json.dumps(result.content)
    def desktop(self):
        '''
        Returns desktop file object which may be written to disk.
        '''
-        self.desktop_file = DesktopEntry()
+        if dest:
-        self.desktop_file.addGroup('Desktop Entry')
+            self.desktop_file = DesktopEntry(dest)
        else:
            self.desktop_file_template = find_desktop_entry(self.path)
            self.desktop_file = DesktopEntry()
            self.desktop_file.addGroup('Desktop Entry')
            self.desktop_file.set('Version', '1.0')
        self._update_desktop()
-        if self.type == TargetType.URL:
+        return self.desktop_file
    def _update_desktop(self):
        '''
        Update desktop file object from internal data.
        '''
        if get_ttype(self.type) == TargetType.URL:
            self.desktop_file.set('Type', 'Link')
        else:
            self.desktop_file.set('Type', 'Application')
        self.desktop_file.set('Version', '1.0')
        self.desktop_file.set('Name', self.name)
-        if self.type == TargetType.URL:
+        desktop_path = self.path
-            self.desktop_file.set('URL', self.path)
+        if self.expanded_path:
            desktop_path = self.expanded_path
        if get_ttype(self.type) == TargetType.URL:
            self.desktop_file.set('URL', desktop_path)
        else:
-            self.desktop_file.set('Terminal', 'false')
+            str2bool_lambda = (lambda boolstr: boolstr if isinstance(boolstr, bool)
-            self.desktop_file.set('Exec', '{} {}'.format(self.path, self.arguments))
+                               else boolstr and boolstr.lower() in ['True', 'true', 'yes', '1'])
            if self.desktop_file_template:
                terminal_state = str2bool_lambda(self.desktop_file_template.get('Terminal'))
                self.desktop_file.set('Terminal', 'true' if terminal_state else 'false')
            self.desktop_file.set('Exec', '{} {}'.format(desktop_path, self.get_original_value('arguments')))
            self.desktop_file.set('Comment', self.comment)
-        return self.desktop_file
+        if self.icon:
            self.desktop_file.set('Icon', self.icon)
        elif self.desktop_file_template and self.desktop_file_template.get('Icon', False):
            self.desktop_file.set('Icon', self.desktop_file_template.get('Icon'))
-    def write_desktop(self, dest):
+    def _write_desktop(self, dest, create_only=False, read_firstly=False):
        '''
        Write .desktop file to disk using path 'dest'. Please note that
        .desktop files must have executable bit set in order to work in
        GUI.
        '''
        self.desktop().write(dest)
        sc = Path(dest)
        if sc.exists() and create_only:
            return
        if sc.exists() and read_firstly:
            self.desktop(dest).write(dest)
        else:
            self.desktop().write(dest)
        sc.chmod(sc.stat().st_mode | stat.S_IEXEC)
    def _remove_desktop(self, dest):
        '''
        Remove .desktop file fromo disk using path 'dest'.
        '''
        sc = Path(dest)
        if sc.exists():
            sc.unlink()
    def apply_desktop(self, dest):
        '''
        Apply .desktop file by action.
        '''
        if self.action == 'U':
            self._write_desktop(dest, read_firstly=True)
        elif self.action == 'D':
            self._remove_desktop(dest)
        elif self.action == 'R':
            self._remove_desktop(dest)
            self._write_desktop(dest)
        elif self.action == 'C':
            self._write_desktop(dest, create_only=True)
--- a/gpoa/gpt/tasks.py
+++ b/gpoa/gpt/tasks.py
@@ -0,0 +1,25 @@
 #
 # GPOA - GPO Applier for Linux
 #
 # Copyright (C) 2019-2020 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 def read_tasks(filename):
    pass
 def merge_tasks(storage, sid, task_objects, policy_name):
    for task in task_objects:
        pass
--- a/gpoa/gpupdate
+++ b/gpoa/gpupdate
@@ -18,19 +18,21 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import argparse
-
+import locale
 import gettext
 import subprocess
 import os
 import sys
 import logging
 import pwd
 import signal
 from storage import Dconf_registry
 from util.users import (
    is_root
 )
 from util.arguments import (
    process_target,
    set_loglevel,
    ExitCodeUpdater
 )
 from util.dbus import (
@@ -39,38 +41,59 @@ from util.dbus import (
 )
 from util.signals import signal_handler
-logging.basicConfig(level=logging.DEBUG)
+from util.logging import log
 #logging.basicConfig(level=logging.DEBUG)
 class file_runner:
    _gpoa_exe = '/usr/sbin/gpoa'
-    def __init__(self, username=None):
+    def __init__(self, loglevel, username=None):
        self._user = username
        self._loglevel = loglevel
    def run(self):
        '''
        Call gpoa utility to generate scripts
        '''
        gpoa_cmd = [self._gpoa_exe]
        if self._loglevel != None:
            gpoa_cmd += ["--loglevel", str(self._loglevel)]
        if self._user:
            gpoa_cmd += [self._user]
-        output = subprocess.call(gpoa_cmd)
+        subprocess.check_output(gpoa_cmd)
        sys.exit(output)
 def parse_cli_arguments():
    '''
    Command line argument parser
    '''
-    argparser = argparse.ArgumentParser(description='Update group policies for the specified user')
+    argparser = argparse.ArgumentParser(description='Update group policies for computer and the specified user')
    argparser.add_argument('-u',
        '--user',
        default=None,
        help='Name of the user for GPO update')
-    argparser.add_argument('--target',
+    argparser.add_argument('-t',
        '--target',
        default=None,
-        type=str,
+        type=str.upper,
        choices=["ALL", "USER", "COMPUTER"],
        help='Specify if it is needed to update user\'s or computer\'s policies')
    argparser.add_argument('-l',
        '--loglevel',
        type=int,
        default=5,
        help='Set logging verbosity level')
    argparser.add_argument('-f',
        '--force',
        action='store_true',
        default=False,
        help='Force GPT download')
    argparser.add_argument('-s',
        '--system',
        action='store_true',
        default=None,
        help='Run gpoa directly in system mode')
    return argparser.parse_args()
@@ -80,60 +103,75 @@ def runner_factory(args, target):
    factors taken into account.
    '''
    username = None
    target = target.upper()
    if is_root():
        # Only root may specify any username to update.
        try:
            if args.user:
                username = pwd.getpwnam(args.user).pw_name
            else:
-                target = 'Computer'
+                target = 'COMPUTER'
        except:
            username = None
-            logstring = (
+            logdata = dict({'username': args.user})
-                'Unable to perform gpupdate for non-existent user {},'
+            log('W1', logdata)
                ' will update machine settings'
            )
            logging.error(logstring.format(args.user))
    else:
        # User may only perform gpupdate for machine (None) or
        # itself (os.getusername()).
        username = pwd.getpwuid(os.getuid()).pw_name
        if args.user != username:
-            logstring = (
+            logdata = dict({'username': username})
-                'Unable to perform gpupdate for {} with current'
+            log('W2', logdata)
                ' permissions, will update current user settings'
            )
            logging.error(logstring.format(args.user))
    if args.system:
        return try_directly(username, target, args.loglevel)
    else:
        return try_by_oddjob(username, target)
 def try_by_oddjob(username, target):
    '''
    Run group policies applying by oddjob service
    '''
    if is_oddjobd_gpupdate_accessible():
-        logging.debug('Starting gpupdate via D-Bus')
+        log('D13')
        computer_runner = None
        user_runner = None
-        if target == 'All' or target == 'Computer':
+        if target == 'ALL' or target == 'COMPUTER':
            computer_runner = dbus_runner()
        if username:
-            if target == 'All' or target == 'User':
+            if target == 'ALL' or target == 'USER':
                user_runner = dbus_runner(username)
        return (computer_runner, user_runner)
    else:
-        logging.warning('oddjobd is inaccessible')
+        log('W3')
    return None
 def try_directly(username, target, loglevel):
    '''
    Run group policies applying directly
    '''
    if is_root():
-        logging.debug('Starting gpupdate by command invocation')
+        log('D14')
        computer_runner = None
        user_runner = None
-        if target == 'All' or target == 'Computer':
+        if target == 'ALL' or target == 'COMPUTER':
-            computer_runner = file_runner()
+            computer_runner = file_runner(loglevel)
-        if target == 'All' or target == 'User':
+        if target == 'ALL' or target == 'USER':
-            user_runner = file_runner(username)
+            user_runner = file_runner(loglevel, username)
        return (computer_runner, user_runner)
    else:
-        logging.error('Insufficient permissions to run gpupdate')
+        log('E1')
    return None
 def main():
    args = parse_cli_arguments()
    locale.bindtextdomain('gpoa', '/usr/lib/python3/site-packages/gpoa/locale')
    gettext.bindtextdomain('gpoa', '/usr/lib/python3/site-packages/gpoa/locale')
    gettext.textdomain('gpoa')
    set_loglevel(args.loglevel)
    Dconf_registry._force = args.force
    gpo_appliers = runner_factory(args, process_target(args.target))
    if gpo_appliers:
@@ -141,17 +179,19 @@ def main():
            try:
                gpo_appliers[0].run()
            except Exception as exc:
-                logging.error('Error running GPOA for computer: {}'.format(exc))
+                logdata = dict({'error': str(exc)})
                log('E5')
                return int(ExitCodeUpdater.FAIL_GPUPDATE_COMPUTER_NOREPLY)
        if gpo_appliers[1]:
            try:
                gpo_appliers[1].run()
            except Exception as exc:
-                logging.error('Error running GPOA for user: {}'.format(exc))
+                logdata = dict({'error': str(exc)})
                log('E6', logdata)
                return int(ExitCodeUpdater.FAIL_GPUPDATE_USER_NOREPLY)
    else:
-        logging.error('gpupdate will not be started')
+        log('E2')
        return int(ExitCodeUpdater.FAIL_NO_RUNNER)
    return int(ExitCodeUpdater.EXIT_SUCCESS)
--- a/gpoa/gpupdate-setup
+++ b/gpoa/gpupdate-setup
@@ -0,0 +1,374 @@
 #! /usr/bin/env python3
 #
 # GPOA - GPO Applier for Linux
 #
 # Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import os
 import argparse
 from util.util import (
      runcmd
    , get_backends
    , get_default_policy_name
    , get_policy_entries
    , get_policy_variants
 )
 from util.config import GPConfig
 from util.paths import get_custom_policy_dir
 class Runner:
    __control_path = '/usr/sbin/control'
    __systemctl_path = '/bin/systemctl'
    def __init__(self):
        self.arguments = parse_arguments()
 def parse_arguments():
    '''
    Parse CLI arguments.
    '''
    parser = argparse.ArgumentParser(prog='gpupdate-setup')
    subparsers = parser.add_subparsers(dest='action',
        metavar='action',
        help='Group Policy management actions (default action is status)')
    parser_list = subparsers.add_parser('list',
        help='List avalable types of local policy')
    parser_list = subparsers.add_parser('list-backends',
        help='Show list of available backends')
    parser_status = subparsers.add_parser('status',
        help='Show current Group Policy status')
    parser_enable = subparsers.add_parser('enable',
        help='Enable Group Policy subsystem')
    parser_disable = subparsers.add_parser('disable',
        help='Disable Group Policy subsystem')
    parser_update = subparsers.add_parser('update',
        help='Update state')
    parser_write = subparsers.add_parser('write',
        help='Operate on Group Policies (enable or disable)')
    parser_set_backend = subparsers.add_parser('set-backend',
        help='Set or change currently active backend')
    parser_default = subparsers.add_parser('default-policy',
        help='Show name of default policy')
    parser_active = subparsers.add_parser('active-policy',
        help='Show name of policy enabled')
    parser_active_backend = subparsers.add_parser('active-backend',
        help='Show currently configured backend')
    parser_set_backend.add_argument('backend',
        default='samba',
        type=str,
        nargs='?',
        const='backend',
        choices=['local', 'samba'],
        help='Backend (source of settings) name')
    parser_write.add_argument('status',
        choices=['enable', 'disable'],
        help='Enable or disable Group Policies')
    parser_write.add_argument('localpolicy',
        default=None,
        nargs='?',
        help='Name of local policy to enable')
    parser_write.add_argument('backend',
        default='samba',
        type=str,
        nargs='?',
        const='backend',
        choices=['local', 'samba'],
        help='Backend (source of settings) name')
    parser_enable.add_argument('--local-policy',
        default=None,
        help='Name of local policy to enable')
    parser_enable.add_argument('--backend',
        default='samba',
        type=str,
        choices=['local', 'samba'],
        help='Backend (source of settings) name')
    parser_update.add_argument('--local-policy',
        default=None,
        help='Name of local policy to enable')
    parser_update.add_argument('--backend',
        default='samba',
        type=str,
        choices=['local', 'samba'],
        help='Backend (source of settings) name')
    return parser.parse_args()
 def validate_policy_name(policy_name):
    return policy_name in [os.path.basename(d) for d in get_policy_variants()]
 def is_unit_enabled(unit_name, unit_global=False):
    '''
    Check that designated systemd unit is enabled
    '''
    command = ['/bin/systemctl', 'is-enabled', unit_name]
    if unit_global:
        command = ['/bin/systemctl', '--global', 'is-enabled', unit_name]
    value = runcmd(command)
    # If first line of stdout is equal to "enabled" and return code
    # is zero then unit is considered enabled.
    rc = value[0]
    result = []
    try:
        result = value[1].replace('\n', '')
    except IndexError as exc:
        return False
    if result == 'enabled' and rc == 0:
        return True
    return False
 def get_status():
    '''
    Check that gpupdate.timer and gpupdate-user.timer are enabled.
    '''
    is_gpupdate = is_unit_enabled('gpupdate.timer')
    is_gpupdate_user = is_unit_enabled('gpupdate-user.timer', unit_global=True)
    if is_gpupdate and is_gpupdate_user:
        return True
    return False
 def get_active_policy_name():
    '''
    Show the name of an active Local Policy template
    '''
    config = GPConfig()
    return os.path.basename(config.get_local_policy_template())
 def get_active_backend():
    config = GPConfig()
    return config.get_backend()
 def rollback_on_error(command_name):
    '''
    Disable group policy services in case command returns error code
    '''
    if 0 != runcmd(command_name)[0]:
        disable_gp()
        return False
    return True
 def disable_gp():
    '''
    Consistently disable group policy services
    '''
    cmd_set_global_policy = ['/usr/sbin/control', 'system-policy', 'remote']
    cmd_set_local_policy = ['/usr/sbin/control', 'system-policy', 'local']
    cmd_disable_gpupdate_service = ['/bin/systemctl', 'disable', 'gpupdate.service']
    cmd_disable_gpupdate_user_service = ['/bin/systemctl', '--global', 'disable', 'gpupdate-user.service']
    cmd_disable_gpupdate_timer = ['/bin/systemctl', 'disable', 'gpupdate.timer']
    cmd_disable_gpupdate_user_timer = ['/bin/systemctl', '--global', 'disable', 'gpupdate-user.timer']
    cmd_control_system_auth = ['/usr/sbin/control', 'system-auth']
    cmd_disable_gpupdate_scripts_service = ['/bin/systemctl', 'disable', 'gpupdate-scripts-run.service']
    cmd_disable_gpupdate_scripts_user_service = ['/bin/systemctl', '--global', 'disable', 'gpupdate-scripts-run-user.service']
    config = GPConfig()
    auth_result = 'local'
    try:
        auth_result = runcmd(cmd_control_system_auth)[1][0]
    except Exception as exc:
        print(str(exc))
    if auth_result != 'local':
        runcmd(cmd_set_global_policy)
    else:
        runcmd(cmd_set_local_policy)
    runcmd(cmd_disable_gpupdate_service)
    runcmd(cmd_disable_gpupdate_user_service)
    runcmd(cmd_disable_gpupdate_timer)
    runcmd(cmd_disable_gpupdate_user_timer)
    runcmd(cmd_disable_gpupdate_scripts_service)
    runcmd(cmd_disable_gpupdate_scripts_user_service)
    config.set_local_policy_template()
    config.set_backend()
 def enable_gp(policy_name, backend_type):
    '''
    Consistently enable group policy services
    '''
    cmd_set_gpupdate_policy = ['/usr/sbin/control', 'system-policy', 'gpupdate']
    cmd_gpoa_nodomain = ['/usr/sbin/gpoa', '--nodomain', '--loglevel', '5']
    cmd_enable_gpupdate_service = ['/bin/systemctl', 'enable', 'gpupdate.service']
    cmd_enable_gpupdate_user_service = ['/bin/systemctl', '--global', 'disable', 'gpupdate-user.service']
    cmd_enable_gpupdate_timer = ['/bin/systemctl', 'enable', 'gpupdate.timer']
    cmd_enable_gpupdate_user_timer = ['/bin/systemctl', '--global', 'enable', 'gpupdate-user.timer']
    cmd_enable_gpupdate_scripts_service = ['/bin/systemctl', 'enable', 'gpupdate-scripts-run.service']
    cmd_enable_gpupdate_user_scripts_service = ['/bin/systemctl', '--global', 'enable', 'gpupdate-scripts-run-user.service']
    config = GPConfig()
    custom_policy_dir = get_custom_policy_dir()
    if not os.path.isdir(custom_policy_dir):
        os.makedirs(custom_policy_dir)
    target_policy_name = get_default_policy_name()
    if policy_name:
        if validate_policy_name(policy_name):
            target_policy_name = policy_name
    print (target_policy_name)
    config.set_local_policy_template(target_policy_name)
    config.set_backend(backend_type)
    # Enable oddjobd_gpupdate in PAM config
    if not rollback_on_error(cmd_set_gpupdate_policy):
        return
    # Bootstrap the Group Policy engine
    if not rollback_on_error(cmd_gpoa_nodomain):
        return
    # Enable gpupdate.service
    if not rollback_on_error(cmd_enable_gpupdate_service):
        return
    if not is_unit_enabled('gpupdate.service'):
        disable_gp()
        return
    # Enable gpupdate-setup.service for all users
    if not rollback_on_error(cmd_enable_gpupdate_user_service):
        return
    # Enable gpupdate-scripts-run.service
    if not rollback_on_error(cmd_enable_gpupdate_scripts_service):
        return
    if not is_unit_enabled('gpupdate-scripts-run.service'):
        disable_gp()
        return
    # Enable gpupdate-scripts-run-user.service for all users
    if not rollback_on_error(cmd_enable_gpupdate_user_scripts_service):
        return
    if not is_unit_enabled('gpupdate-scripts-run-user.service', unit_global=True):
        disable_gp()
        return
    # Enable gpupdate.timer
    if not rollback_on_error(cmd_enable_gpupdate_timer):
        return
    if not is_unit_enabled('gpupdate.timer'):
        disable_gp()
        return
    # Enable gpupdate-setup.timer for all users
    if not rollback_on_error(cmd_enable_gpupdate_user_timer):
        return
    if not is_unit_enabled('gpupdate-user.timer', unit_global=True):
        disable_gp()
        return
 def act_list():
    '''
    Show list of available templates of Local Policy
    '''
    for entry in get_policy_variants():
        print(entry.rpartition('/')[2])
 def act_list_backends():
    '''
    List backends supported by GPOA
    '''
    backends = get_backends()
    for backend in backends:
        print(backend)
 def act_status():
    '''
    Check that group policy services are enabled
    '''
    if get_status():
        print('enabled')
    else:
        print('disabled')
 def act_set_backend(backend_name):
    config = GPConfig()
    config.set_backend(backend_name)
 def act_write(status, localpolicy, backend):
    '''
    Enable or disable group policy services
    '''
    if status == 'enable' or status == '#t':
        enable_gp(localpolicy, backend)
    if status == 'disable' or status == '#f':
        disable_gp()
 def act_enable(localpolicy, backend):
    '''
    Enable group policy services
    '''
    enable_gp(localpolicy, backend)
 def act_active_policy():
    '''
    Print active Local Policy template name to stdout
    '''
    print(get_active_policy_name())
 def act_active_backend():
    '''
    Print currently configured backend.
    '''
    print(get_active_backend())
 def act_default_policy():
    '''
    Print default Local Policy template name to stdout
    '''
    print(get_default_policy_name())
 def main():
    arguments = parse_arguments()
    action = dict()
    action['list'] = act_list
    action['list-backends'] = act_list_backends
    action['status'] = act_status
    action['set-backend'] = act_set_backend
    action['write'] = act_write
    action['enable'] = act_enable
    action['update'] = act_enable
    action['disable'] = disable_gp
    action['active-policy'] = act_active_policy
    action['active-backend'] = act_active_backend
    action['default-policy'] = act_default_policy
    if arguments.action == None:
        action['status']()
    elif arguments.action == 'update':
        if get_status():
            action[arguments.action](arguments.local_policy, arguments.backend)
    elif arguments.action == 'enable':
        action[arguments.action](arguments.local_policy, arguments.backend)
    elif arguments.action == 'write':
        action[arguments.action](arguments.status, arguments.localpolicy, arguments.backend)
    elif arguments.action == 'set-backend':
        action[arguments.action](arguments.backend)
    else:
        action[arguments.action]()
 if __name__ == '__main__':
    main()
--- a/gpoa/locale/ru_RU/LC_MESSAGES/gpoa.po
+++ b/gpoa/locale/ru_RU/LC_MESSAGES/gpoa.po
--- a/gpoa/messages/init.py
+++ b/gpoa/messages/init.py
@@ -0,0 +1,428 @@
 #
 # GPOA - GPO Applier for Linux
 #
 # Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import gettext
 def info_code(code):
    info_ids = dict()
    info_ids[1] = 'Got GPO list for username'
    info_ids[2] = 'Got GPO'
    info_ids[3] = 'Working with control'
    info_ids[4] = 'Working with systemd'
    info_ids[5] = 'Unable to work with systemd unit'
    info_ids[6] = 'Starting systemd unit'
    info_ids[7] = 'Firefox policy'
    info_ids[8] = 'Chromium policy'
    info_ids[9] = 'Set user property to'
    info_ids[10] = 'The line in the configuration file was cleared'
    info_ids[11] = 'Found GPT in cache'
    return info_ids.get(code, 'Unknown info code')
 def error_code(code):
    error_ids = dict()
    error_ids[1] = 'Insufficient permissions to run gpupdate'
    error_ids[2] = 'gpupdate will not be started'
    error_ids[3] = 'Backend execution error'
    error_ids[4] = 'Error occurred while running frontend manager'
    error_ids[5] = 'Error running GPOA for computer'
    error_ids[6] = 'Error running GPOA for user'
    error_ids[7] = 'Unable to initialize Samba backend'
    error_ids[8] = 'Unable to initialize no-domain backend'
    error_ids[9] = 'Error running ADP'
    error_ids[10] = 'Unable to determine DC hostname'
    error_ids[11] = 'Error occured while running applier with user privileges'
    error_ids[12] = 'Unable to initialize backend'
    error_ids[13] = 'Not sufficient privileges to run machine appliers'
    error_ids[14] = 'Kerberos ticket check failed'
    error_ids[15] = 'Unable to retrieve domain name via CLDAP query'
    error_ids[16] = 'Error getting SID using wbinfo, will use SID from cache'
    error_ids[17] = 'Unable to get GPO list for user from AD DC'
    error_ids[18] = 'Error getting XDG_DESKTOP_DIR'
    error_ids[19] = 'Error occured while running user applier in administrator context'
    error_ids[20] = 'Error occured while running user applier in user context (with dropped privileges)'
    error_ids[21] = 'No reply from oddjobd GPOA runner via D-Bus for current user'
    error_ids[22] = 'No reply from oddjobd GPOA runner via D-Bus for computer'
    error_ids[23] = 'No reply from oddjobd GPOA runner via D-Bus for user'
    error_ids[24] = 'Error occured while running machine applier'
    error_ids[25] = 'Error occured while initializing user applier'
    error_ids[26] = 'Error merging machine GPT'
    error_ids[27] = 'Error merging user GPT'
    error_ids[28] = 'Error merging machine part of GPT'
    error_ids[29] = 'Error merging user part of GPT'
    error_ids[30] = 'Error occured while running dropped privileges process for user context appliers'
    error_ids[31] = 'Error connecting to DBus Session daemon'
    error_ids[32] = 'No reply from DBus Session'
    error_ids[33] = 'Error occured while running forked process with dropped privileges'
    error_ids[34] = 'Error running GPOA directly for computer'
    error_ids[35] = 'Error caching URI to file'
    error_ids[36] = 'Error getting cached file for URI'
    error_ids[37] = 'Error caching file URIs'
    error_ids[38] = 'Unable to cache specified URI'
    error_ids[39] = 'Unable to work with control'
    error_ids[40] = 'Control applier for machine will not be started'
    error_ids[41] = 'Error getting control'
    error_ids[42] = 'Is not in possible values for control'
    error_ids[43] = 'Unable to set'
    error_ids[44] = 'Unable to generate file'
    error_ids[45] = 'Failed applying unit'
    error_ids[46] = 'Unable to start systemd unit'
    error_ids[47] = 'Unable to cache specified URI for machine'
    error_ids[48] = 'Error recompiling global GSettings schemas'
    error_ids[49] = 'Error update configuration dconf'
    error_ids[50] = 'Unable to cache specified URI for user'
    error_ids[52] = 'Error during attempt to read Chromium preferences for user'
    error_ids[53] = 'Fail for applying shortcut to file with \'%\''
    error_ids[54] = 'Fail for applying shortcut to not absolute path'
    error_ids[55] = 'Error running pkcon_runner sync for machine'
    error_ids[56] = 'Error run apt-get update'
    error_ids[57] = 'Package install error'
    error_ids[58] = 'Package remove error'
    error_ids[59] = 'Is not in possible values for control'
    error_ids[60] = 'Error running pkcon_runner sync for user'
    error_ids[61] = 'Error running pkcon_runner async for machine'
    error_ids[62] = 'Error running pkcon_runner async for user'
    error_ids[63] = 'Error merging user GPT (from machine GPO)'
    error_ids[64] = 'Error to cleanup directory for machine'
    error_ids[65] = 'Error to cleanup directory for user'
    error_ids[66] = 'Error while executing command for widgets'
    error_ids[67] = 'Error creating environment variables'
    error_ids[68] = 'Error running kwriteconfig5 command'
    error_ids[69] = 'Error getting list of keys'
    error_ids[70] = 'Error getting key value'
    error_ids[71] = 'Failed to update dconf database'
    error_ids[72] = 'Exception occurred while updating dconf database'
    error_ids[73] = 'Failed to retrieve data from dconf database'
    error_ids[74] = 'Autofs restart failed'
    error_ids[75] = 'Failed to update LDAP with new password data'
    error_ids[76] = 'Failed to change local user password'
    return error_ids.get(code, 'Unknown error code')
 def debug_code(code):
    debug_ids = dict()
    debug_ids[1] = 'The GPOA process was started for user'
    debug_ids[2] = 'Username is not specified - will use username of the current process'
    debug_ids[3] = 'Initializing plugin manager'
    debug_ids[4] = 'ADP plugin initialized'
    debug_ids[5] = 'Running ADP plugin'
    debug_ids[6] = 'Starting GPOA for user via D-Bus'
    debug_ids[7] = 'Cache directory determined'
    debug_ids[8] = 'Initializing local backend without domain'
    debug_ids[9] = 'Initializing Samba backend for domain'
    debug_ids[10] = 'Group Policy target set for update'
    debug_ids[11] = 'Starting GPOA for computer via D-Bus'
    debug_ids[12] = 'Got exit code'
    debug_ids[13] = 'Starting GPOA via D-Bus'
    debug_ids[14] = 'Starting GPOA via command invocation'
    debug_ids[15] = 'Username for frontend is determined'
    debug_ids[16] = 'Applying computer part of settings'
    debug_ids[17] = 'Kerberos ticket check succeed'
    debug_ids[18] = 'Found AD domain via CLDAP query'
    debug_ids[19] = 'Setting info'
    debug_ids[20] = 'Initializing cache'
    debug_ids[21] = 'Set operational SID'
    debug_ids[22] = 'Got PReg entry'
    debug_ids[23] = 'Looking for preference in user part of GPT'
    debug_ids[24] = 'Looking for preference in machine part of GPT'
    debug_ids[25] = 'Re-caching Local Policy'
    debug_ids[26] = 'Adding HKCU entry'
    debug_ids[27] = 'Skipping HKLM branch deletion key'
    debug_ids[28] = 'Reading and merging machine preference'
    debug_ids[29] = 'Reading and merging user preference'
    debug_ids[30] = 'Found SYSVOL entry'
    debug_ids[31] = 'Trying to load PReg from .pol file'
    debug_ids[32] = 'Finished reading PReg from .pol file'
    debug_ids[33] = 'Determined length of PReg file'
    debug_ids[34] = 'Merging machine settings from PReg file'
    debug_ids[35] = 'Merging machine (user part) settings from PReg file'
    debug_ids[36] = 'Loading PReg from XML'
    debug_ids[37] = 'Setting process permissions'
    debug_ids[38] = 'Samba DC setting is overriden by user setting'
    debug_ids[39] = 'Saving information about drive mapping'
    debug_ids[40] = 'Saving information about printer'
    debug_ids[41] = 'Saving information about link'
    debug_ids[42] = 'Saving information about folder'
    debug_ids[43] = 'No value cached for object'
    debug_ids[44] = 'Key is already present in cache, will update the value'
    debug_ids[45] = 'GPO update started'
    debug_ids[46] = 'GPO update finished'
    debug_ids[47] = 'Retrieving list of GPOs to replicate from AD DC'
    debug_ids[48] = 'Establishing connection with AD DC'
    debug_ids[49] = 'Started GPO replication from AD DC'
    debug_ids[50] = 'Finished GPO replication from AD DC'
    debug_ids[51] = 'Skipping HKCU branch deletion key'
    debug_ids[52] = 'Read domain name from configuration file'
    debug_ids[53] = 'Saving information about environment variables'
    debug_ids[54] = 'Run forked process with droped privileges'
    debug_ids[55] = 'Run user context applier with dropped privileges'
    debug_ids[56] = 'Kill dbus-daemon and dconf-service in user context'
    debug_ids[57] = 'Found connection by org.freedesktop.DBus.GetConnectionUnixProcessID'
    debug_ids[58] = 'Connection search return org.freedesktop.DBus.Error.NameHasNoOwner'
    debug_ids[59] = 'Running GPOA without GPT update directly for user'
    debug_ids[60] = 'Running GPOA by root for user'
    debug_ids[61] = 'The GPOA process was started for computer'
    debug_ids[62] = 'Path not resolved as UNC URI'
    debug_ids[63] = 'Delete HKLM branch key'
    debug_ids[64] = 'Delete HKCU branch key'
    debug_ids[65] = 'Delete HKLM branch key error'
    debug_ids[66] = 'Delete HKCU branch key error'
    debug_ids[67] = 'Running Control applier for machine'
    debug_ids[68] = 'Setting control'
    debug_ids[69] = 'Deny_All setting found'
    debug_ids[70] = 'Deny_All setting for user'
    debug_ids[71] = 'Deny_All setting not found'
    debug_ids[72] = 'Deny_All setting not found for user'
    debug_ids[73] = 'Running Polkit applier for machine'
    debug_ids[74] = 'Running Polkit applier for user in administrator context'
    debug_ids[75] = 'Polkit applier for machine will not be started'
    debug_ids[76] = 'Polkit applier for user in administrator context will not be started'
    debug_ids[77] = 'Generated file'
    debug_ids[78] = 'Running systemd applier for machine'
    debug_ids[79] = 'Running systemd applier for machine will not be started'
    debug_ids[80] = 'Running GSettings applier for machine'
    debug_ids[81] = 'GSettings applier for machine will not be started'
    debug_ids[82] = 'Removing GSettings policy file from previous run'
    debug_ids[83] = 'Mapping Windows policies to GSettings policies'
    debug_ids[84] = 'GSettings windows policies mapping not enabled'
    debug_ids[85] = 'Applying user setting'
    debug_ids[86] = 'Found GSettings windows mapping'
    debug_ids[87] = 'Running GSettings applier for user in user context'
    debug_ids[88] = 'GSettings applier for user in user context will not be started'
    debug_ids[89] = 'Applying machine setting'
    debug_ids[90] = 'Getting cached file for URI'
    debug_ids[91] = 'Wrote Firefox preferences to'
    debug_ids[92] = 'Found Firefox profile in'
    debug_ids[93] = 'Running Firefox applier for machine'
    debug_ids[94] = 'Firefox applier for machine will not be started'
    debug_ids[95] = 'Running Chromium applier for machine'
    debug_ids[96] = 'Chromium applier for machine will not be started'
    debug_ids[97] = 'Wrote Chromium preferences to'
    debug_ids[98] = 'Running Shortcut applier for machine'
    debug_ids[99] = 'Shortcut applier for machine will not be started'
    debug_ids[100] = 'No shortcuts to process for'
    debug_ids[101] = 'Running Shortcut applier for user in user context'
    debug_ids[102] = 'Shortcut applier for user in user context will not be started'
    debug_ids[103] = 'Running Shortcut applier for user in administrator context'
    debug_ids[104] = 'Shortcut applier for user in administrator context will not be started'
    debug_ids[105] = 'Try to expand path for shortcut'
    debug_ids[106] = 'Applying shortcut file to'
    debug_ids[107] = 'Running Folder applier for machine'
    debug_ids[108] = 'Folder applier for machine will not be started'
    debug_ids[109] = 'Folder creation skipped for machine'
    debug_ids[110] = 'Folder creation skipped for user'
    debug_ids[111] = 'Running Folder applier for user in user context'
    debug_ids[112] = 'Folder applier for user in user context will not be started'
    debug_ids[113] = 'Running CUPS applier for machine'
    debug_ids[114] = 'CUPS applier for machine will not be started'
    debug_ids[115] = 'Running CUPS applier for user in administrator context'
    debug_ids[116] = 'CUPS applier for user in administrator context will not be started'
    debug_ids[117] = 'Running Firewall applier for machine'
    debug_ids[118] = 'Firewall is enabled'
    debug_ids[119] = 'Firewall is disabled, settings will be reset'
    debug_ids[120] = 'Firewall applier will not be started'
    debug_ids[121] = 'Running NTP applier for machine'
    debug_ids[122] = 'NTP server is configured to'
    debug_ids[123] = 'Starting Chrony daemon'
    debug_ids[124] = 'Setting reference NTP server to'
    debug_ids[125] = 'Stopping Chrony daemon'
    debug_ids[126] = 'Configuring NTP server...'
    debug_ids[127] = 'NTP server is enabled'
    debug_ids[128] = 'NTP server is disabled'
    debug_ids[129] = 'NTP server is not configured'
    debug_ids[130] = 'NTP client is enabled'
    debug_ids[131] = 'NTP client is disabled'
    debug_ids[132] = 'NTP client is not configured'
    debug_ids[133] = 'NTP applier for machine will not be started'
    debug_ids[134] = 'Running Envvar applier for machine'
    debug_ids[135] = 'Envvar applier for machine will not be started'
    debug_ids[136] = 'Running Envvar applier for user in admin context'
    debug_ids[137] = 'Envvar applier for user in admin context will not be started'
    debug_ids[138] = 'Running Package applier for machine'
    debug_ids[139] = 'Package applier for machine will not be started'
    debug_ids[140] = 'Running Package applier for user in administrator context'
    debug_ids[141] = 'Package applier for user in administrator context will not be started'
    debug_ids[142] = 'Running pkcon_runner to install and remove packages'
    debug_ids[143] = 'Run apt-get update'
    debug_ids[144] = 'Unable to cache specified URI'
    debug_ids[145] = 'Unable to cache specified URI for machine'
    debug_ids[146] = 'Running CIFS applier for user in administrator context'
    debug_ids[147] = 'CIFS applier for user in administrator context will not be started'
    debug_ids[148] = 'Installing the package'
    debug_ids[149] = 'Removing a package'
    debug_ids[150] = 'Failed to found gsettings for machine'
    debug_ids[151] = 'Failed to found user gsettings'
    debug_ids[152] = 'Configure user Group Policy loopback processing mode'
    debug_ids[153] = 'Saving information about script'
    debug_ids[154] = 'No machine scripts directory to clean up'
    debug_ids[155] = 'No user scripts directory to clean up'
    debug_ids[156] = 'Prepare Scripts applier for machine'
    debug_ids[157] = 'Scripts applier for machine will not be started'
    debug_ids[158] = 'Prepare Scripts applier for user in user context'
    debug_ids[159] = 'Scripts applier for user in user context will not be started'
    debug_ids[160] = 'Clean machine scripts directory'
    debug_ids[161] = 'Clean user scripts directory'
    debug_ids[162] = 'Saving information about file'
    debug_ids[163] = 'Failed to return file path'
    debug_ids[164] = 'Failed to create file'
    debug_ids[165] = 'Failed to delete file'
    debug_ids[166] = 'Failed to update file'
    debug_ids[167] = 'Running File copy applier for machine'
    debug_ids[168] = 'Running File copy applier for machine will not be started'
    debug_ids[169] = 'Running File copy applier for user in administrator context'
    debug_ids[170] = 'Running File copy applier for user in administrator context will not be started'
    debug_ids[171] = 'Running ini applier for machine'
    debug_ids[172] = 'Running ini applier for machine will not be started'
    debug_ids[173] = 'Running ini applier for user in user context'
    debug_ids[174] = 'Running ini applier for user in user context will not be started'
    debug_ids[175] = 'Ini-file path not recognized'
    debug_ids[176] = 'Ini-file is not readable'
    debug_ids[177] = 'Saving information about ini-file'
    debug_ids[178] = 'Dictionary key generation failed'
    debug_ids[179] = 'Running CIFS applier for machine'
    debug_ids[180] = 'CIFS applier for machine will not be started'
    debug_ids[181] = 'Running networkshare applier for machine will not be started'
    debug_ids[182] = 'Apply network share data action failed'
    debug_ids[183] = 'Running yandex_browser_applier for machine'
    debug_ids[184] = 'Yandex_browser_applier for machine will not be started'
    debug_ids[185] = 'Wrote YandexBrowser preferences to'
    debug_ids[186] = 'Saving information about network shares'
    debug_ids[187] = 'Running networkshare applier for machine'
    debug_ids[188] = 'Running networkshare applier for user'
    debug_ids[189] = 'Running networkshare applier for user will not be started'
    debug_ids[190] = 'Applying settings for network share'
    debug_ids[191] = 'File copy'
    debug_ids[192] = 'File update'
    debug_ids[193] = 'Deleting a file'
    debug_ids[194] = 'Failed to create a symlink to the network drives mountpoint'
    debug_ids[195] = 'Failed to create a symlink to the system network drives mountpoint'
    debug_ids[196] = 'Failed to create a symlink to the hidden network drives mountpoint'
    debug_ids[197] = 'Failed to create a symlink to the hidden system network drives mountpoint'
    debug_ids[198] = 'Running KDE applier for machine'
    debug_ids[199] = 'KDE applier for machine will not be started'
    debug_ids[200] = 'Running KDE applier for user in user context'
    debug_ids[201] = 'KDE applier for user in user context will not be started'
    debug_ids[202] = 'Changing the configuration file'
    debug_ids[203] = 'Widget command completed successfully'
    debug_ids[204] = 'Getting a list of keys'
    debug_ids[205] = 'Getting the key value'
    debug_ids[206] = 'Successfully updated dconf database'
    debug_ids[207] = 'Creating a dictionary with keys and values from the dconf database'
    debug_ids[208] = 'No entry found for the specified path'
    debug_ids[209] = 'Creating an ini file with policies for dconf'
    debug_ids[211] = 'SYSVOL entry found in cache'
    debug_ids[212] = 'Wrote Thunderbird preferences to'
    debug_ids[213] = 'Running Thunderbird applier for machine'
    debug_ids[214] = 'Thunderbird applier for machine will not be started'
    debug_ids[215] = 'The environment file has been cleaned'
    debug_ids[216] = 'Cleanup of file environment failed'
    debug_ids[217] = 'Failed to get dictionary'
    debug_ids[218] = 'LAPS applier started'
    debug_ids[219] = 'LAPS applier is disabled'
    debug_ids[220] = 'Rebooting system after password change'
    debug_ids[221] = 'Password changed'
    debug_ids[222] = 'Writing password changes time'
    debug_ids[223] = 'Requirements not met'
    debug_ids[224] = 'The number of hours from the moment of the last user entrance'
    debug_ids[225] = 'The number of hours since the password has last changed'
    debug_ids[226] = 'LDAP updated with new password data'
    debug_ids[227] = 'No active sessions found'
    debug_ids[228] = 'Process terminated'
    debug_ids[229] = 'Password update not needed'
    debug_ids[230] = 'Password successfully updated'
    debug_ids[231] = 'Cleaning the autofs catalog'
    return debug_ids.get(code, 'Unknown debug code')
 def warning_code(code):
    warning_ids = dict()
    warning_ids[1] = (
        'Unable to perform gpupdate for non-existent user, '
        'will update machine settings'
    )
    warning_ids[2] = (
        'Current permissions does not allow to perform gpupdate for '
        'designated user. Will update current user settings'
    )
    warning_ids[3] = 'oddjobd is inaccessible'
    warning_ids[4] = 'No SYSVOL entry assigned to GPO'
    warning_ids[5] = 'ADP package is not installed - plugin will not be initialized'
    warning_ids[6] = 'Unable to resolve GSettings parameter'
    warning_ids[7] = 'No home directory exists for user'
    warning_ids[8] = 'User\'s shortcut not placed to home directory'
    warning_ids[9] = 'CUPS is not installed: no printer settings will be deployed'
    warning_ids[10] = 'Unsupported NTP server type'
    warning_ids[11] = 'Unable to refresh GPO list'
    warning_ids[12] = 'Failed to read the list of files'
    warning_ids[13] = 'Failed to caching the file'
    warning_ids[14] = 'Could not create a valid list of keys'
    warning_ids[15] = 'Failed to copy file'
    warning_ids[16] = 'Failed to create KDE settings list'
    warning_ids[17] = 'Could not find tools to configure KDE'
    warning_ids[18] = 'Failed to open KDE settings'
    warning_ids[19] = 'Failed to change KDE configuration file'
    warning_ids[20] = 'Error connecting to server'
    warning_ids[21] = 'Wallpaper configuration file not found'
    warning_ids[22] = 'The user setting was not installed, conflict with computer setting'
    warning_ids[23] = 'Action for ini file failed'
    warning_ids[24] = 'Couldn\'t get the uid'
    warning_ids[25] = 'Failed to load content from remote host'
    warning_ids[26] = 'Force mode activated'
    warning_ids[27] = 'Failed to change password'
    warning_ids[28] = 'Failed to write password modification time'
    warning_ids[29] = 'LAPS requirements not met, module disabled'
    warning_ids[30] = 'Could not resolve encryption principal name. Return admin group SID'
    warning_ids[31] = 'Failed to get expiration time from LDAP'
    warning_ids[32] = 'Failed to read password modification time from dconf'
    warning_ids[33] = 'Failed to get last login time'
    warning_ids[34] = 'Failed to calculate password age'
    warning_ids[35] = 'Failed to terminate process'
    warning_ids[36] = 'The user was not found to change the password'
    warning_ids[37] = 'Error while cleaning the autofs catalog'
    return warning_ids.get(code, 'Unknown warning code')
 def fatal_code(code):
    fatal_ids = dict()
    fatal_ids[1] = 'Unable to refresh GPO list'
    fatal_ids[2] = 'Error getting GPTs for machine'
    fatal_ids[3] = 'Error getting GPTs for user'
    return fatal_ids.get(code, 'Unknown fatal code')
 def get_message(code):
    retstr = 'Unknown message type, no message assigned'
    if code.startswith('E'):
        retstr = error_code(int(code[1:]))
    if code.startswith('I'):
        retstr = info_code(int(code[1:]))
    if code.startswith('D'):
        retstr = debug_code(int(code[1:]))
    if code.startswith('W'):
        retstr = warning_code(int(code[1:]))
    if code.startswith('F'):
        retstr = fatal_code(int(code[1:]))
    return retstr
 def message_with_code(code):
    retstr = '[' + code[0:1] + code[1:].rjust(5, '0') + ']| ' + gettext.gettext(get_message(code))
    return retstr
--- a/gpoa/pkcon_runner
+++ b/gpoa/pkcon_runner
@@ -0,0 +1,148 @@
 #!/usr/bin/python3
 #
 # GPOA - GPO Applier for Linux
 #
 # Copyright (C) 2019-2020 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import rpm
 import subprocess
 from gpoa.storage import registry_factory
 from util.gpoa_ini_parsing import GpoaConfigObj
 from util.util import get_uid_by_username, string_to_literal_eval
 import logging
 from util.logging import log
 import argparse
 import gettext
 import locale
 def is_rpm_installed(rpm_name):
    '''
    Check if the package named 'rpm_name' is installed
    '''
    ts = rpm.TransactionSet()
    pm = ts.dbMatch('name', rpm_name)
    if pm.count() > 0:
        return True
    return False
 class Pkcon_applier:
    def __init__(self, user = None):
        install_key_name = 'Install'
        remove_key_name = 'Remove'
        hklm_branch = 'Software/BaseALT/Policies/Packages'
        self.__install_command = ['/usr/bin/pkcon', '-y', 'install']
        self.__remove_command = ['/usr/bin/pkcon', '-y', 'remove']
        self.__reinstall_command = ['/usr/bin/pkcon', '-y', 'reinstall']
        self.install_packages = set()
        self.remove_packages = set()
        self.storage = registry_factory()
        if user:
            uid = get_uid_by_username(user)
            dict_dconf_db = self.storage.get_dictionary_from_dconf_file_db(uid)
        else:
            dict_dconf_db = self.storage.get_dictionary_from_dconf_file_db()
        dict_packages = dict_dconf_db.get(hklm_branch,{})
        self.install_packages_setting = string_to_literal_eval(dict_packages.get(install_key_name,[]))
        self.remove_packages_setting = string_to_literal_eval(dict_packages.get(remove_key_name,[]))
        for package in self.install_packages_setting:
            package = package.strip()
            if not is_rpm_installed(package):
                self.install_packages.add(package)
        for package in self.remove_packages_setting:
            package = package.strip()
            if package in self.install_packages:
                self.install_packages.remove(package)
            if is_rpm_installed(package):
                self.remove_packages.add(package)
    def apply(self):
        log('D142')
        self.update()
        for package in self.remove_packages:
            try:
                logdata = dict()
                logdata['name'] = package
                log('D149', logdata)
                self.remove_pkg(package)
            except Exception as exc:
                logdata = dict()
                logdata['exc'] = exc
                log('E58', logdata)
        for package in self.install_packages:
           try:
                logdata = dict()
                logdata['name'] = package
                log('D148', logdata)
                self.install_pkg(package)
           except Exception as exc:
                logdata = dict()
                logdata['exc'] = exc
                log('E57', logdata)
    def install_pkg(self, package_name):
        fullcmd = list(self.__install_command)
        fullcmd.append(package_name)
        return subprocess.check_output(fullcmd)
    def reinstall_pkg(self, package_name):
        pass
    def remove_pkg(self, package_name):
        fullcmd = self.__remove_command
        fullcmd.append(package_name)
        return subprocess.check_output(fullcmd)
    def update(self):
        '''
        Update APT-RPM database.
        '''
        try:
            res =  subprocess.check_output(['/usr/bin/apt-get', 'update'], encoding='utf-8')
            msg =  str(res).split('\n')
            logdata = dict()
            for mslog in msg:
                ms =  str(mslog).split(' ')
                if ms:
                    logdata = {ms[0]: ms[1:-1]}
                log('D143', logdata)
        except Exception as exc:
            logdata = dict()
            logdata['msg'] = exc
            log('E56',logdata)
 if __name__ == '__main__':
    locale.bindtextdomain('gpoa', '/usr/lib/python3/site-packages/gpoa/locale')
    gettext.bindtextdomain('gpoa', '/usr/lib/python3/site-packages/gpoa/locale')
    gettext.textdomain('gpoa')
    logger = logging.getLogger()
    parser = argparse.ArgumentParser(description='Package applier')
    parser.add_argument('--user', type = str, help = 'user', nargs = '?', default = None)
    parser.add_argument('--loglevel', type = int, help = 'loglevel', nargs = '?', default = 30)
    args = parser.parse_args()
    logger.setLevel(args.loglevel)
    if args.user:
        applier = Pkcon_applier(args.user)
    else:
        applier = Pkcon_applier()
    applier.apply()
--- a/gpoa/plugin/adp.py
+++ b/gpoa/plugin/adp.py
@@ -22,19 +22,20 @@ import subprocess
 from util.rpm import is_rpm_installed
 from .exceptions import PluginInitError
 from util.logging import slogm
 from messages import message_with_code
 class adp:
    def __init__(self):
        if not is_rpm_installed('adp'):
-            raise PluginInitError('adp is not installed - plugin cannot be initialized')
+            raise PluginInitError(message_with_code('W5'))
-        logging.info(slogm('ADP plugin initialized'))
+        logging.info(slogm(message_with_code('D4')))
    def run(self):
        try:
-            logging.info('Running ADP plugin')
+            logging.info(slogm(message_with_code('D5')))
            subprocess.call(['/usr/bin/adp', 'fetch'])
            subprocess.call(['/usr/bin/adp', 'apply'])
        except Exception as exc:
-            logging.error(slogm('Error running ADP'))
+            logging.error(slogm(message_with_code('E9')))
            raise exc
--- a/gpoa/plugin/plugin_manager.py
+++ b/gpoa/plugin/plugin_manager.py
@@ -23,17 +23,18 @@ from .roles import roles
 from .exceptions import PluginInitError
 from .plugin import plugin
 from util.logging import slogm
 from messages import message_with_code
 class plugin_manager:
    def __init__(self):
        self.plugins = dict()
-        logging.info(slogm('Starting plugin manager'))
+        logging.debug(slogm(message_with_code('D3')))
        try:
            self.plugins['adp'] = adp()
        except PluginInitError as exc:
-            logging.error(slogm(exc))
+            logging.warning(slogm(str(exc)))
    def run(self):
-        self.plugins.get('adp', plugin('adp')).run()
+        #self.plugins.get('adp', plugin('adp')).run()
        self.plugins.get('roles', plugin('roles')).run()
--- a/gpoa/scripts_runner
+++ b/gpoa/scripts_runner
@@ -0,0 +1,156 @@
 #!/usr/bin/python3
 #
 # GPOA - GPO Applier for Linux
 #
 # Copyright (C) 2019-2022 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import subprocess
 import argparse
 import os
 from pathlib import Path
 import psutil
 import time
 class Scripts_runner:
    '''
    A class for an object that iterates over directories with scripts
    in the desired sequence and launches them
    '''
    def __init__(self, work_mode = None,  user_name = None, action = None):
        self.dir_scripts_machine = '/var/cache/gpupdate_scripts_cache/machine/'
        self.dir_scripts_users = '/var/cache/gpupdate_scripts_cache/users/'
        self.user_name = user_name
        self.list_with_all_commands = list()
        stack_dir = None
        if work_mode and work_mode.upper() == 'MACHINE':
            stack_dir = self.machine_runner_fill()
        elif work_mode and work_mode.upper() == 'USER':
            stack_dir = self.user_runner_fill()
        else:
            print('Invalid arguments entered')
            return
        if action:
            self.action = action.upper()
        else:
            print('Action needed')
            return
        self.find_action(stack_dir)
        for it_cmd in self.list_with_all_commands:
            print(self.run_cmd_subprocess(it_cmd))
    def user_runner_fill(self):
        return self.get_stack_dir(self.dir_scripts_users + self.user_name)
    def machine_runner_fill(self):
        return self.get_stack_dir(self.dir_scripts_machine)
    def get_stack_dir(self, path_dir):
        stack_dir = list()
        try:
            dir_script = Path(path_dir)
            for it_dir in dir_script.iterdir():
                stack_dir.append(str(it_dir))
            return stack_dir
        except Exception as exc:
            print(exc)
            return None
    def find_action(self, stack_dir):
        if not stack_dir:
            return
        list_tmp = list()
        while stack_dir:
            path_turn = stack_dir.pop()
            basename = os.path.basename(path_turn)
            if basename == self.action:
                list_tmp = self.get_stack_dir(path_turn)
        if list_tmp:
            self.fill_list_cmd(list_tmp)
    def fill_list_cmd(self, list_tmp):
        list_tmp = sorted(list_tmp)
        for file_in_task_dir in list_tmp:
            suffix = os.path.basename(file_in_task_dir)[-4:]
            if suffix == '.arg':
                try:
                    arg = self.read_args(file_in_task_dir)
                    for it_arg in arg.split():
                        self.list_with_all_commands[-1].append(it_arg)
                except Exception as exc:
                    print('Argument read for {}: {}'.format(self.list_with_all_commands.pop(), exc))
            else:
                cmd = list()
                cmd.append(file_in_task_dir)
                self.list_with_all_commands.append(cmd)
    def read_args(self, path):
        with open(path + '/arg') as f:
            args = f.readlines()
        return args[0]
    def run_cmd_subprocess(self, cmd):
        try:
            subprocess.run(cmd)
            return 'Script run: {}'.format(cmd)
        except Exception as exc:
            return exc
 def find_process_by_name_and_script(name, script_path):
    for proc in psutil.process_iter(['pid', 'name', 'cmdline']):
        try:
            # Check if the process name matches and the script path is in the command line arguments
            if proc.info['name'] == name and script_path in proc.info['cmdline']:
                return proc
        except (psutil.NoSuchProcess, psutil.AccessDenied, psutil.ZombieProcess):
            continue
    return None
 def wait_for_process(name, script_path, check_interval=1):
    process = find_process_by_name_and_script(name, script_path)
    if not process:
        print(f"Process with name {name} and script path {script_path} not found.")
        return
    try:
        # Loop to wait for the process to finish
        while process.is_running():
            print(f"Waiting for process {name} with PID {process.pid} to finish...")
            time.sleep(check_interval)
        print(f"Process {name} with PID {process.pid} has finished.")
        return
    except (psutil.NoSuchProcess, psutil.AccessDenied):
        print(f"Process {name} with PID {process.pid} is no longer accessible.")
        return
 if __name__ == '__main__':
    parser = argparse.ArgumentParser(description='Scripts runner')
    parser.add_argument('--mode', type = str, help = 'MACHINE or USER', nargs = '?', default = None)
    parser.add_argument('--user', type = str, help = 'User name ', nargs = '?', default = None)
    parser.add_argument('--action', type = str, help = 'MACHINE : [STARTUP or SHUTDOWN], USER : [LOGON or LOGOFF]', nargs = '?', default = None)
    process_name = "python3"
    script_path = "/usr/sbin/gpoa"
    wait_for_process(process_name, script_path)
    args = parser.parse_args()
    try:
        Scripts_runner(args.mode, args.user, args.action)
    except Exception as exc:
        print(exc)
--- a/gpoa/storage/init.py
+++ b/gpoa/storage/init.py
@@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2023 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -16,12 +16,19 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 from .sqlite_registry import sqlite_registry
 from .sqlite_cache import sqlite_cache
-def cache_factory(cache_name):
+from storage.dconf_registry import Dconf_registry
    return sqlite_cache(cache_name)
-def registry_factory(registry_name='registry', registry_dir=None):
+def registry_factory(registry_name='', envprofile=None , username=None):
-    return sqlite_registry(registry_name, registry_dir)
+    if username:
        Dconf_registry._username = username
    else:
        Dconf_registry._envprofile = 'system'
    if envprofile:
        Dconf_registry._envprofile = envprofile
    if registry_name == 'dconf':
        return Dconf_registry()
    else:
        return Dconf_registry
--- a/gpoa/storage/dconf_registry.py
+++ b/gpoa/storage/dconf_registry.py
@@ -0,0 +1,861 @@
 #
 # GPOA - GPO Applier for Linux
 #
 # Copyright (C) 2019-2023 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import subprocess
 from pathlib import Path
 from util.util import (string_to_literal_eval,
                       try_dict_to_literal_eval,
                       touch_file, get_uid_by_username,
                       add_prefix_to_keys,
                       remove_keys_with_prefix,
                       clean_data)
 from util.paths import get_dconf_config_path
 from util.logging import log
 import re
 from collections import OrderedDict
 import itertools
 from gpt.dynamic_attributes import RegistryKeyMetadata
 import gi
 gi.require_version("Gvdb", "1.0")
 gi.require_version("GLib", "2.0")
 from gi.repository import Gvdb, GLib
 class PregDconf():
    def __init__(self, keyname, valuename, type_preg, data):
        self.keyname = keyname
        self.valuename = valuename
        self.hive_key = '{}/{}'.format(self.keyname, self.valuename)
        self.type = type_preg
        self.data = data
 class gplist(list):
    def __init__(self, *args, **kwargs):
        super().__init__(*args, **kwargs)
    def first(self):
        if self:
            return self[0]
        else:
            return None
    def count(self):
        return len(self)
 class Dconf_registry():
    '''
    A class variable that represents a global registry dictionary shared among instances of the class
    '''
    _GpoPriority = 'Software/BaseALT/Policies/GpoPriority'
    _gpo_name = set()
    global_registry_dict = dict({_GpoPriority:{}})
    previous_global_registry_dict = dict()
    __template_file = '/usr/share/dconf/user_mandatory.template'
    _policies_path = 'Software/'
    _policies_win_path = 'SOFTWARE/'
    _gpt_read_flag = False
    _force = False
    __dconf_dict_flag = False
    __dconf_dict = dict()
    _dconf_db = dict()
    _dict_gpo_name_version_cache = dict()
    _username = None
    _uid = None
    _envprofile = None
    _path_bin_system = "/etc/dconf/db/policy"
    list_keys = list()
    _info = dict()
    _counter_gpt = itertools.count(0)
    shortcuts = list()
    folders = list()
    files = list()
    drives = list()
    scheduledtasks = list()
    environmentvariables = list()
    inifiles = list()
    services = list()
    printers = list()
    scripts = list()
    networkshares = list()
    _true_strings = {
        "True",
        "true",
        "TRUE",
        "yes",
        "Yes",
        "enabled",
        "enable",
        "Enabled",
        "Enable",
        '1'
    }
    @classmethod
    def set_info(cls, key , data):
        cls._info[key] = data
    @classmethod
    def get_info(cls, key):
        return cls._info.setdefault(key, None)
    @staticmethod
    def get_next_number():
        return next(Dconf_registry._counter_gpt)
    @staticmethod
    def get_matching_keys(path):
        if path[0] != '/':
            path = '/' + path
        logdata = dict()
        envprofile = get_dconf_envprofile()
        try:
            process = subprocess.Popen(['dconf', 'list', path],
                                       env=envprofile, stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True)
            logdata['path'] = path
            log('D204', logdata)
            output, error = process.communicate()
            if not output and not error:
                return
            if not error:
                keys = output.strip().split('\n')
                for key in keys:
                    Dconf_registry.get_matching_keys(f'{path}{key}')
            else:
                Dconf_registry.list_keys.append(path)
            return Dconf_registry.list_keys
        except Exception as exc:
            logdata['exc'] = exc
            log('E69', logdata)
            return None
    @staticmethod
    def get_key_values(keys):
        key_values = {}
        for key in keys:
            key_values[key] = Dconf_registry.get_key_value(key)
        return key_values
    @staticmethod
    def get_key_value(key):
        logdata = dict()
        envprofile = get_dconf_envprofile()
        try:
            process = subprocess.Popen(['dconf', 'read', key],
                                       env=envprofile, stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True)
            logdata['key'] = key
            output, error = process.communicate()
            if not error:
                return string_to_literal_eval(string_to_literal_eval(output))
            else:
                return None
        except Exception as exc:
            logdata['exc'] = exc
            log('E70', logdata)
        return None
    @staticmethod
    def dconf_update(uid=None):
        logdata = dict()
        path_dconf_config = get_dconf_config_path(uid)
        db_file = path_dconf_config[:-3]
        try:
            process = subprocess.Popen(['dconf', 'compile', db_file, path_dconf_config],
                                        stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True)
            output, error = process.communicate()
            if error:
                logdata['error'] = error
                log('E71', logdata)
            else:
                logdata['outpupt'] = output
                log('D206', logdata)
        except Exception as exc:
            logdata['exc'] = exc
            log('E72', logdata)
    @classmethod
    def check_profile_template(cls):
        if Path(cls.__template_file).exists():
            return True
        else:
            return None
    @classmethod
    def update_dict_to_previous(cls):
        dict_clean_previous = remove_keys_with_prefix(cls._dconf_db)
        dict_with_previous = add_prefix_to_keys(dict_clean_previous)
        cls.global_registry_dict.update(dict_with_previous)
    @classmethod
    def apply_template(cls, uid):
        logdata = dict()
        if uid and cls.check_profile_template():
            with open(cls.__template_file, "r") as f:
                template = f.read()
            # Replace the "{uid}" placeholder with the actual UID value
            content = template.replace("{{uid}}", str(uid))
        elif uid:
            content = f"user-db:user\n" \
              f"system-db:distr\n" \
              f"system-db:policy\n" \
              f"system-db:policy{uid}\n" \
              f"system-db:local\n" \
              f"system-db:default\n" \
              f"system-db:local\n" \
              f"system-db:policy{uid}\n" \
              f"system-db:policy\n" \
              f"system-db:distr\n"
        else:
            logdata['uid'] = uid
            log('W24', logdata)
            return
        user_mandatory = f'/run/dconf/user/{uid}'
        touch_file(user_mandatory)
        with open(user_mandatory, "w") as f:
            f.write(content)
    @classmethod
    def get_policies_from_dconf(cls):
        return cls.get_dictionary_from_dconf(cls._policies_path, cls._policies_win_path)
    @classmethod
    def get_dictionary_from_dconf(self, *startswith_list):
        output_dict = {}
        for startswith in startswith_list:
            dconf_dict = self.get_key_values(self.get_matching_keys(startswith))
            for key, value in dconf_dict.items():
                keys_tmp = key.split('/')
                update_dict(output_dict.setdefault('/'.join(keys_tmp[:-1])[1:], {}), {keys_tmp[-1]: str(value)})
        log('D207')
        return output_dict
    @classmethod
    def get_dictionary_from_dconf_file_db(self, uid=None, path_bin=None, save_dconf_db=False):
        logdata = dict()
        error_skip = None
        if path_bin:
            error_skip = True
        elif not uid:
            path_bin = self._path_bin_system
        else:
            path_bin = self._path_bin_system + str(uid)
        output_dict = {}
        try:
            if (GLib.file_get_contents(path_bin)[0]):
                bytes1 = GLib.Bytes.new(GLib.file_get_contents(path_bin)[1])
                table = Gvdb.Table.new_from_bytes(bytes1, True)
                name_list = Gvdb.Table.get_names(table)
                for name in name_list:
                    value = Gvdb.Table.get_value(table, name)
                    if value is None:
                        continue
                    list_path = name.split('/')
                    if value.is_of_type(GLib.VariantType('s')):
                        part = output_dict.setdefault('/'.join(list_path[1:-1]), {})
                        part[list_path[-1]] = value.get_string()
                    elif value.is_of_type(GLib.VariantType('i')):
                        part = output_dict.setdefault('/'.join(list_path[1:-1]), {})
                        part[list_path[-1]] = value.get_int32()
        except Exception as exc:
            logdata['exc'] = exc
            logdata['path_bin'] = path_bin
            if not error_skip:
                log('E73', logdata)
            else:
                log('D217', logdata)
        if save_dconf_db:
            Dconf_registry._dconf_db = output_dict
        return output_dict
    @classmethod
    def filter_entries(cls, startswith, registry_dict = None):
        if not registry_dict:
            registry_dict = cls.global_registry_dict
        if startswith[-1] == '%':
            startswith = startswith[:-1]
            if startswith[-1] == '/' or startswith[-1] == '\\':
                startswith = startswith[:-1]
            return filter_dict_keys(startswith, flatten_dictionary(registry_dict))
        return filter_dict_keys(startswith, flatten_dictionary(registry_dict))
    @classmethod
    def filter_hklm_entries(cls, startswith):
        pregs = cls.filter_entries(startswith)
        list_entiers = list()
        for keyname, value in pregs.items():
            if isinstance(value, dict):
                for valuename, data in value.items():
                    list_entiers.append(PregDconf(
                        keyname, convert_string_dconf(valuename), find_preg_type(data), data))
            elif isinstance(value, list):
                for data in value:
                    list_entiers.append(PregDconf(
                        keyname, data, find_preg_type(data), data))
            else:
                list_entiers.append(PregDconf(
                        '/'.join(keyname.split('/')[:-1]), convert_string_dconf(keyname.split('/')[-1]), find_preg_type(value), value))
        return gplist(list_entiers)
    @classmethod
    def filter_hkcu_entries(cls, sid, startswith):
        return cls.filter_hklm_entries(startswith)
    @classmethod
    def get_storage(cls,dictionary = None):
        if dictionary:
            result = dictionary
        elif Dconf_registry._gpt_read_flag:
            result = Dconf_registry.global_registry_dict
        else:
            if Dconf_registry.__dconf_dict_flag:
                result = Dconf_registry.__dconf_dict
            else:
                Dconf_registry.__dconf_dict = Dconf_registry.get_policies_from_dconf()
                result = Dconf_registry.__dconf_dict
                Dconf_registry.__dconf_dict_flag = True
        return result
    @classmethod
    def filling_storage_from_dconf(cls):
        Dconf_registry.global_registry_dict = Dconf_registry.get_storage()
    @classmethod
    def get_entry(cls, path, dictionary = None, preg = True):
        logdata = dict()
        result = Dconf_registry.get_storage(dictionary)
        keys = path.split("\\") if "\\" in path else path.split("/")
        key = '/'.join(keys[:-1]) if keys[0] else '/'.join(keys[:-1])[1:]
        if isinstance(result, dict) and key in result.keys():
            data = result.get(key).get(keys[-1])
            return PregDconf(
                key, convert_string_dconf(keys[-1]), find_preg_type(data), data) if preg else data
        else:
            logdata['path'] = path
            log('D208', logdata)
            return None
    @classmethod
    def check_enable_key(cls ,key):
        data = cls.get_entry(key, preg = False)
        if data:
            if isinstance(data, str):
                return True if data in cls._true_strings else False
            elif isinstance(data, int):
                return bool(data)
            else:
                return False
        return False
    @classmethod
    def get_hkcu_entry(cls, sid, hive_key, dictionary = None):
        return cls.get_hklm_entry(hive_key, dictionary)
    @classmethod
    def get_hklm_entry(cls, hive_key, dictionary = None):
        return cls.get_entry(hive_key, dictionary)
    @classmethod
    def add_shortcut(cls, sid, sc_obj, policy_name):
        sc_obj.policy_name = policy_name
        cls.shortcuts.append(sc_obj)
    @classmethod
    def add_printer(cls, sid, pobj, policy_name):
        pobj.policy_name = policy_name
        cls.printers.append(pobj)
    @classmethod
    def add_drive(cls, sid, dobj, policy_name):
        dobj.policy_name = policy_name
        cls.drives.append(dobj)
    @classmethod
    def add_folder(cls, sid, fobj, policy_name):
        fobj.policy_name = policy_name
        cls.folders.append(fobj)
    @classmethod
    def add_envvar(self, sid, evobj, policy_name):
        evobj.policy_name = policy_name
        self.environmentvariables.append(evobj)
    @classmethod
    def add_script(cls, sid, scrobj, policy_name):
        scrobj.policy_name = policy_name
        cls.scripts.append(scrobj)
    @classmethod
    def add_file(cls, sid, fileobj, policy_name):
        fileobj.policy_name = policy_name
        cls.files.append(fileobj)
    @classmethod
    def add_ini(cls, sid, iniobj, policy_name):
        iniobj.policy_name = policy_name
        cls.inifiles.append(iniobj)
    @classmethod
    def add_networkshare(cls, sid, networkshareobj, policy_name):
        networkshareobj.policy_name = policy_name
        cls.networkshares.append(networkshareobj)
    @classmethod
    def get_shortcuts(cls, sid):
        return cls.shortcuts
    @classmethod
    def get_printers(cls, sid):
        return cls.printers
    @classmethod
    def get_drives(cls, sid):
        return cls.drives
    @classmethod
    def get_folders(cls, sid):
        return cls.folders
    @classmethod
    def get_envvars(cls, sid):
        return cls.environmentvariables
    @classmethod
    def get_scripts(cls, sid, action):
        action_scripts = list()
        for part in cls.scripts:
            if action == 'LOGON' and part.action == 'LOGON':
                action_scripts.append(part)
            elif action == 'LOGOFF' and part.action == 'LOGOFF':
                action_scripts.append(part)
            elif action == 'STARTUP' and part.action == 'STARTUP':
                action_scripts.append(part)
            elif action == 'SHUTDOWN' and part.action == 'SHUTDOWN':
                action_scripts.append(part)
        return action_scripts
    @classmethod
    def get_files(cls, sid):
        return cls.files
    @classmethod
    def get_networkshare(cls, sid):
        return cls.networkshares
    @classmethod
    def get_ini(cls, sid):
        return cls.inifiles
    @classmethod
    def wipe_user(cls, sid):
        cls.wipe_hklm()
    @classmethod
    def wipe_hklm(cls):
        cls.global_registry_dict = dict({cls._GpoPriority:{}})
 def filter_dict_keys(starting_string, input_dict):
    result = dict()
    for key in input_dict:
        key_list = remove_empty_values(re.split(r'\\|/', key))
        start_list = remove_empty_values(re.split(r'\\|/', starting_string))
        if key_list[:len(start_list)] == start_list:
            result[key] = input_dict.get(key)
    return result
 def find_preg_type(argument):
    if isinstance(argument, int):
        return 4
    else:
        return 1
 def update_dict(dict1, dict2, save_key=None):
    '''
    Updates dict1 with the key-value pairs from dict2
    '''
    for key, value in dict2.items():
        if key in dict1:
            # If both values are dictionaries, recursively call the update_dict function
            if isinstance(dict1[key], dict) and isinstance(value, dict):
                save_key = key
                update_dict(dict1[key], value, save_key)
            # If the value in dict1 is a list, extend it with unique values from value
            elif isinstance(dict1[key], list):
                dict1[key].extend(set(value) - set(dict1[key]))
            else:
                # If the value in dict1 is not a dictionary or the value in dict2 is not a dictionary,
                # replace the value in dict1 with the value from dict2
                if save_key and save_key.startswith('Source'):
                    value.reloaded_with_policy_key = [dict1[key].policy_name]
                    if dict1[key].reloaded_with_policy_key:
                        value.reloaded_with_policy_key += dict1[key].reloaded_with_policy_key
                    dict1[key] = value
                else:
                    dict1[key] = value
        else:
            # If the key does not exist in dict1, add the key-value pair from dict2 to dict1
            dict1[key] = value
 def add_to_dict(string, username, gpo_info):
    if gpo_info:
        counter = gpo_info.counter
        display_name = gpo_info.display_name
        name = gpo_info.name
        version = gpo_info.version
    else:
        counter = 0
        display_name = 'Local Policy'
        name = None
        version = None
    if username is None or username == 'Machine':
        machine= '{}/Machine/{}'.format(Dconf_registry._GpoPriority, counter)
        dictionary = Dconf_registry.global_registry_dict.setdefault(machine, dict())
    else:
        if name in Dconf_registry._gpo_name:
            return
        user = '{}/User/{}'.format(Dconf_registry._GpoPriority, counter)
        dictionary = Dconf_registry.global_registry_dict.setdefault(user, dict())
        Dconf_registry._gpo_name.add(name)
    dictionary['display_name'] = display_name
    dictionary['name'] = name
    dictionary['version'] = str(version)
    dictionary['correct_path'] = string
 def get_mod_previous_value(key_source, key_valuename):
    previous_sourc = try_dict_to_literal_eval(Dconf_registry._dconf_db
            .get(key_source, {})
            .get(key_valuename, {}))
    return previous_sourc.get('mod_previous_value') if previous_sourc else None
 def get_previous_value(key_source, key_valuename):
    previous = key_source.replace('Source', 'Previous')
    return (Dconf_registry._dconf_db
            .get(previous, {})
            .get(key_valuename, None))
 def load_preg_dconf(pregfile, pathfile, policy_name, username, gpo_info):
    '''
    Loads the configuration from preg registry into a dictionary
    '''
    # Prefix for storing key data
    source_pre = "Source"
    dd = dict()
    for i in pregfile.entries:
        # Skip this entry if the valuename starts with '**del'
        if i.valuename.lower().startswith('**del'):
            continue
        valuename = convert_string_dconf(i.valuename)
        data = check_data(i.data, i.type)
        if i.valuename != i.data and i.valuename:
            key_registry_source = f"{source_pre}/{i.keyname}".replace('\\', '/')
            key_registry = f"{i.keyname}".replace('\\', '/')
            key_valuename = valuename.replace('\\', '/')
            if i.keyname.replace('\\', '/') in dd:
                # If the key exists in dd, update its value with the new key-value pair
                dd[i.keyname.replace('\\', '/')].update({key_valuename:data})
                mod_previous_value = get_mod_previous_value(key_registry_source, key_valuename)
                previous_value = get_previous_value(key_registry, key_valuename)
                if previous_value != data:
                    (dd[key_registry_source]
                     .update({key_valuename:RegistryKeyMetadata(policy_name, i.type, mod_previous_value=previous_value)}))
                else:
                    (dd[key_registry_source]
                     .update({key_valuename:RegistryKeyMetadata(policy_name, i.type, mod_previous_value=mod_previous_value)}))
            else:
                # If the key does not exist in dd, create a new key-value pair
                dd[i.keyname.replace('\\', '/')] = {key_valuename:data}
                mod_previous_value = get_mod_previous_value(key_registry_source, key_valuename)
                previous_value = get_previous_value(key_registry, key_valuename)
                if previous_value != data:
                    dd[key_registry_source] = {key_valuename:RegistryKeyMetadata(policy_name, i.type, mod_previous_value=previous_value)}
                else:
                    dd[key_registry_source] = {key_valuename:RegistryKeyMetadata(policy_name, i.type, mod_previous_value=mod_previous_value)}
        elif not i.valuename:
            keyname_tmp = i.keyname.replace('\\', '/').split('/')
            keyname = '/'.join(keyname_tmp[:-1])
            mod_previous_value = get_mod_previous_value(f"{source_pre}/{keyname}", keyname_tmp[-1])
            previous_value = get_previous_value(f"{keyname}", keyname_tmp[-1])
            if keyname in dd:
                # If the key exists in dd, update its value with the new key-value pair
                dd[keyname].update({keyname_tmp[-1]:data})
                if previous_value != data:
                    dd[f"{source_pre}/{keyname}"].update({keyname_tmp[-1]:RegistryKeyMetadata(policy_name, i.type, mod_previous_value=previous_value)})
                else:
                    dd[f"{source_pre}/{keyname}"].update({keyname_tmp[-1]:RegistryKeyMetadata(policy_name, i.type, mod_previous_value=mod_previous_value)})
            else:
                # If the key does not exist in dd, create a new key-value pair
                dd[keyname] = {keyname_tmp[-1]:data}
                if previous_value != data:
                    dd[f"{source_pre}/{keyname}"] = {keyname_tmp[-1]:RegistryKeyMetadata(policy_name, i.type, mod_previous_value=previous_value)}
                else:
                    dd[f"{source_pre}/{keyname}"] = {keyname_tmp[-1]:RegistryKeyMetadata(policy_name, i.type, mod_previous_value=mod_previous_value)}
        else:
            # If the value name is the same as the data,
            # split the keyname and add the data to the appropriate location in dd.
            all_list_key = i.keyname.split('\\')
            key_d ='/'.join(all_list_key[:-1])
            dd_target = dd.setdefault(key_d,{})
            key_source = f"Source/{key_d}"
            dd_target_source = dd.setdefault(key_source, {})
            data_list = dd_target.setdefault(all_list_key[-1], []).append(data)
            mod_previous_value = get_mod_previous_value(key_source, all_list_key[-1])
            previous_value = get_previous_value(key_d, all_list_key[-1])
            if previous_value != str(data_list):
                dd_target_source[all_list_key[-1]] = RegistryKeyMetadata(policy_name, i.type, is_list=True, mod_previous_value=previous_value)
            else:
                dd_target_source[all_list_key[-1]] = RegistryKeyMetadata(policy_name, i.type, is_list=True, mod_previous_value=mod_previous_value)
    # Update the global registry dictionary with the contents of dd
    update_dict(Dconf_registry.global_registry_dict, dd)
 def create_dconf_ini_file(filename, data, uid=None, nodomain=None):
    '''
    Create an ini-file based on a dictionary of dictionaries.
    Args:
        data (dict): The dictionary of dictionaries containing the data for the ini-file.
        filename (str): The filename to save the ini-file.
    Returns:
        None
    Raises:
        None
    '''
    with open(filename, 'a' if nodomain else 'w') as file:
        for section, section_data in data.items():
            file.write(f'[{section}]\n')
            for key, value in section_data.items():
                if isinstance(value, int):
                    file.write(f'{key} = {value}\n')
                else:
                    file.write(f'{key} = "{value}"\n')
            file.write('\n')
    logdata = dict()
    logdata['path'] = filename
    log('D209', logdata)
    create_dconf_file_locks(filename, data)
    Dconf_registry.dconf_update(uid)
 def create_dconf_file_locks(filename_ini, data):
    """
    Creates a dconf lock file based on the provided filename and data.
    :param filename_ini: Path to the ini file (str)
    :param data: Dictionary containing configuration data
    """
    # Extract the path parts up to the directory of the ini file
    tmp_lock = filename_ini.split('/')[:-1]
    # Construct the path to the lock file
    file_lock = '/'.join(tmp_lock + ['locks', tmp_lock[-1][:-1] + 'pol'])
    # Create an empty lock file
    touch_file(file_lock)
    # Open the lock file for writing
    with open(file_lock, 'w') as file:
        # Iterate over all lock keys obtained from the data
        for key_lock in get_keys_dconf_locks(data):
            # Remove the "lock/" prefix from the key and split into parts
            key = key_lock.split('/')[1:]
            # Write the cleaned key to the lock file
            file.write(f'{key}\n')
 def get_keys_dconf_locks(data):
    """
    Extracts keys from the provided data that start with "Locks/"
    and have a value of 1.
    :param data: Dictionary containing configuration data
    :return: List of lock keys (str) without the "Locks/" prefix
    """
    result = []
    # Flatten the nested dictionary into a single-level dictionary
    flatten_data = flatten_dictionary(data)
    # Iterate through all keys in the flattened dictionary
    for key in flatten_data:
        # Check if the key starts with "Locks/" and its value is 1
        if key.startswith('Locks/') and flatten_data[key] == 1:
            # Remove the "Locks" prefix and append to the result
            result.append(key.removeprefix('Locks'))
    return result
 def check_data(data, t_data):
    if isinstance(data, bytes):
        if t_data == 7:
            return clean_data(data.decode('utf-16').replace('\x00',''))
        else:
            return None
    elif t_data == 4:
        return data
    return clean_data(data)
 def convert_string_dconf(input_string):
    macros = {
        '#': '%sharp%',
        ';': '%semicolon%',
        '//': '%doubleslash%',
        '/': '%oneslash%'
    }
    output_string = input_string
    for key, value in macros.items():
        if key in input_string:
            output_string = input_string.replace(key, value)
        elif value in input_string:
            output_string = input_string.replace(value, key)
    return output_string
 def remove_empty_values(input_list):
    return list(filter(None, input_list))
 def flatten_dictionary(input_dict, result=None, current_key=''):
    if result is None:
        result = {}
    for key, value in input_dict.items():
        new_key = f"{current_key}/{key}" if current_key else key
        if isinstance(value, dict):
            flatten_dictionary(value, result, new_key)
        else:
            result[new_key] = value
    return result
 def get_dconf_envprofile():
    dconf_envprofile = {'default': {'DCONF_PROFILE': 'default'},
                    'local': {'DCONF_PROFILE': 'local'},
                    'system': {'DCONF_PROFILE': 'system'}
                    }
    if Dconf_registry._envprofile:
        return dconf_envprofile.get(Dconf_registry._envprofile, dconf_envprofile['system'])
    if not Dconf_registry._username:
        return dconf_envprofile['system']
    profile = '/run/dconf/user/{}'.format(get_uid_by_username(Dconf_registry._username))
    return {'DCONF_PROFILE': profile}
 def convert_elements_to_list_dicts(elements):
    return list(map(lambda x: dict(x), elements))
 def remove_duplicate_dicts_in_list(list_dict):
    return convert_elements_to_list_dicts(list(OrderedDict((tuple(sorted(d.items())), d) for d in list_dict).values()))
 def add_preferences_to_global_registry_dict(username, is_machine):
    if is_machine:
        prefix = 'Software/BaseALT/Policies/Preferences/Machine'
    else:
        prefix = f'Software/BaseALT/Policies/Preferences/{username}'
    preferences_global = [('Shortcuts',remove_duplicate_dicts_in_list(Dconf_registry.shortcuts)),
                            ('Folders',remove_duplicate_dicts_in_list(Dconf_registry.folders)),
                            ('Files',remove_duplicate_dicts_in_list(Dconf_registry.files)),
                            ('Drives',remove_duplicate_dicts_in_list(Dconf_registry.drives)),
                            ('Scheduledtasks',remove_duplicate_dicts_in_list(Dconf_registry.scheduledtasks)),
                            ('Environmentvariables',remove_duplicate_dicts_in_list(Dconf_registry.environmentvariables)),
                            ('Inifiles',remove_duplicate_dicts_in_list(Dconf_registry.inifiles)),
                            ('Services',remove_duplicate_dicts_in_list(Dconf_registry.services)),
                            ('Printers',remove_duplicate_dicts_in_list(Dconf_registry.printers)),
                            ('Scripts',remove_duplicate_dicts_in_list(Dconf_registry.scripts)),
                            ('Networkshares',remove_duplicate_dicts_in_list(Dconf_registry.networkshares))]
    preferences_global_dict = dict()
    preferences_global_dict[prefix] = dict()
    for key, val in preferences_global:
        preferences_global_dict[prefix].update({key:clean_data(str(val))})
    update_dict(Dconf_registry.global_registry_dict, preferences_global_dict)
 def extract_display_name_version(data, username):
    policy_force = data.get('Software/BaseALT/Policies/GPUpdate', {}).get('Force', False)
    if Dconf_registry._force or policy_force:
        logdata = dict({'username': username})
        log('W26', logdata)
        return {}
    result = {}
    tmp = {}
    if isinstance(data, dict):
        for key in data.keys():
            if key.startswith(Dconf_registry._GpoPriority+'/'):
                tmp[key] = data[key]
        for value in tmp.values():
            if isinstance(value, dict) and value.get('version', 'None')!='None' and value.get('display_name'):
                result[value['display_name']] = {'version': value['version'], 'correct_path': value['correct_path']}
    Dconf_registry._dict_gpo_name_version_cache = result
    return result
--- a/gpoa/storage/fs_file_cache.py
+++ b/gpoa/storage/fs_file_cache.py
@@ -0,0 +1,130 @@
 #
 # GPOA - GPO Applier for Linux
 #
 # Copyright (C) 2021-2024 BaseALT Ltd. <org@basealt.ru>
 # Copyright (C) 2021 Igor Chudov <nir@nir.org.ru>
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import os
 import os.path
 import tempfile
 from pathlib import Path
 import smbc
 from util.logging import log
 from util.paths import file_cache_dir, file_cache_path_home, UNCPath
 from util.exceptions import NotUNCPathError
 from util.util import get_machine_name
 class fs_file_cache:
    __read_blocksize = 4096
    def __init__(self, cache_name, username = None):
        self.cache_name = cache_name
        self.username = username
        if username and username != get_machine_name():
            try:
                self.storage_uri = file_cache_path_home(username)
            except:
                self.storage_uri = file_cache_dir()
        else:
            self.storage_uri = file_cache_dir()
        logdata = dict({'cache_file': self.storage_uri})
        log('D20', logdata)
        self.samba_context = smbc.Context(use_kerberos=1)
                #, debug=10)
    def store(self, uri, destfile = None):
        try:
            uri_path = UNCPath(uri)
            if not destfile:
                file_name = os.path.basename(uri_path.get_path())
                file_path = os.path.dirname(uri_path.get_path())
                destdir = Path('{}/{}/{}'.format(self.storage_uri,
                    uri_path.get_domain(),
                    file_path))
            else:
                destdir = destfile.parent
        except NotUNCPathError:
            return None
        except Exception as exc:
            logdata = dict({'exception': str(exc)})
            log('D144', logdata)
            raise exc
        if not destdir.exists():
            destdir.mkdir(parents=True, exist_ok=True)
        if not destfile:
            destfile = Path('{}/{}/{}'.format(self.storage_uri,
                uri_path.get_domain(),
                uri_path.get_path()))
        try:
            fd, tmpfile = tempfile.mkstemp('', str(destfile))
            df = os.fdopen(fd, 'wb')
            file_handler = self.samba_context.open(str(uri_path), os.O_RDONLY)
            while True:
                data = file_handler.read(self.__read_blocksize)
                if not data:
                    break
                df.write(data)
            df.close()
            os.rename(tmpfile, destfile)
            os.chmod(destfile, 0o644)
        except Exception as exc:
            logdata = dict({'exception': str(exc)})
            log('W25', logdata)
            tmppath = Path(tmpfile)
            if tmppath.exists():
                tmppath.unlink()
    def get(self, uri):
        destfile = uri
        try:
            uri_path = UNCPath(uri)
            file_name = os.path.basename(uri_path.get_path())
            file_path = os.path.dirname(uri_path.get_path())
            destfile = Path('{}/{}/{}'.format(self.storage_uri,
                uri_path.get_domain(),
                uri_path.get_path()))
        except NotUNCPathError as exc:
            logdata = dict({'path': str(exc)})
            log('D62', logdata)
        except Exception as exc:
            logdata = dict({'exception': str(exc)})
            log('E36', logdata)
            raise exc
        if Path(destfile).exists():
            return str(destfile)
        else:
            return None
    def get_ls_smbdir(self, uri):
        type_file_smb = 8
        try:
            uri_path = UNCPath(uri)
            opendir = self.samba_context.opendir(str(uri_path))
            ls_obj = opendir.getdents()
            ls = [obj.name for obj in ls_obj if obj.smbc_type == type_file_smb]
            return ls
        except Exception as exc:
            if Path(uri).exists():
                return None
            logdata = dict({'exception': str(exc)})
            log('W12', logdata)
            return None
--- a/gpoa/storage/record_types.py
+++ b/gpoa/storage/record_types.py
@@ -1,59 +0,0 @@
 #
 # GPOA - GPO Applier for Linux
 #
 # Copyright (C) 2019-2020 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 class samba_preg(object):
    '''
    Object mapping representing HKLM entry (registry key without SID)
    '''
    def __init__(self, preg_obj):
        self.hive_key = '{}\\{}'.format(preg_obj.keyname, preg_obj.valuename)
        self.type = preg_obj.type
        self.data = preg_obj.data
 class samba_hkcu_preg(object):
    '''
    Object mapping representing HKCU entry (registry key with SID)
    '''
    def __init__(self, sid, preg_obj):
        self.sid = sid
        self.hive_key = '{}\\{}'.format(preg_obj.keyname, preg_obj.valuename)
        self.type = preg_obj.type
        self.data = preg_obj.data
 class ad_shortcut(object):
    '''
    Object mapping representing Windows shortcut.
    '''
    def __init__(self, sid, sc):
        self.sid = sid
        self.path = sc.dest
        self.shortcut = sc.to_json()
 class info_entry(object):
    def __init__(self, name, value):
        self.name = name
        self.value = value
 class printer_entry(object):
    '''
    Object mapping representing Windows printer of some type.
    '''
    def __init__(self, sid, pobj):
        self.sid = sid
        self.name = pobj.name
        self.printer = pobj.to_json()
--- a/gpoa/storage/sqlite_cache.py
+++ b/gpoa/storage/sqlite_cache.py
@@ -1,97 +0,0 @@
 #
 # GPOA - GPO Applier for Linux
 #
 # Copyright (C) 2019-2020 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 from .cache import cache
 import logging
 import os
 from sqlalchemy import (
    create_engine,
    Table,
    Column,
    Integer,
    String,
    MetaData
 )
 from sqlalchemy.orm import (
    mapper,
    sessionmaker
 )
 from util.logging import slogm
 from util.paths import cache_dir
 def mapping_factory(mapper_suffix):
    exec(
        '''
 class mapped_id_{}(object):
    def __init__(self, str_id, value):
        self.str_id = str_id
        self.value = str(value)
        '''.format(mapper_suffix)
    )
    return eval('mapped_id_{}'.format(mapper_suffix))
 class sqlite_cache(cache):
    def __init__(self, cache_name):
        self.cache_name = cache_name
        self.mapper_obj = mapping_factory(self.cache_name)
        self.storage_uri = os.path.join('sqlite:///{}/{}.sqlite'.format(cache_dir(), self.cache_name))
        logging.debug(slogm('Initializing cache {}'.format(self.storage_uri)))
        self.db_cnt = create_engine(self.storage_uri, echo=False)
        self.__metadata = MetaData(self.db_cnt)
        self.cache_table = Table(
            self.cache_name,
            self.__metadata,
            Column('id', Integer, primary_key=True),
            Column('str_id', String(65536), unique=True),
            Column('value', String)
        )
        self.__metadata.create_all(self.db_cnt)
        Session = sessionmaker(bind=self.db_cnt)
        self.db_session = Session()
        mapper(self.mapper_obj, self.cache_table)
    def store(self, str_id, value):
        obj = self.mapper_obj(str_id, value)
        self._upsert(obj)
    def get(self, obj_id):
        result = self.db_session.query(self.mapper_obj).filter(self.mapper_obj.str_id == obj_id).first()
        return result
    def get_default(self, obj_id, default_value):
        result = self.get(obj_id)
        if result == None:
            logging.debug(slogm('No value cached for {}'.format(obj_id)))
            self.store(obj_id, default_value)
            return str(default_value)
        return result.value
    def _upsert(self, obj):
        try:
            self.db_session.add(obj)
            self.db_session.commit()
        except:
            self.db_session.rollback()
            logging.error(slogm('Error inserting value into cache, will update the value'))
            self.db_session.query(self.mapper_obj).filter(self.mapper_obj.str_id == obj.str_id).update({ 'value': obj.value })
            self.db_session.commit()
--- a/gpoa/storage/sqlite_registry.py
+++ b/gpoa/storage/sqlite_registry.py
@@ -1,316 +0,0 @@
 #
 # GPOA - GPO Applier for Linux
 #
 # Copyright (C) 2019-2020 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import logging
 import os
 from sqlalchemy import (
    create_engine,
    Table,
    Column,
    Integer,
    String,
    MetaData,
    UniqueConstraint
 )
 from sqlalchemy.orm import (
    mapper,
    sessionmaker
 )
 from util.logging import slogm
 from util.paths import cache_dir
 from .registry import registry
 from .record_types import (
      samba_preg
    , samba_hkcu_preg
    , ad_shortcut
    , info_entry
    , printer_entry
 )
 class sqlite_registry(registry):
    def __init__(self, db_name, registry_cache_dir=None):
        self.db_name = db_name
        cdir = registry_cache_dir
        if cdir == None:
            cdir = cache_dir()
        self.db_path = os.path.join('sqlite:///{}/{}.sqlite'.format(cdir, self.db_name))
        self.db_cnt = create_engine(self.db_path, echo=False)
        self.__metadata = MetaData(self.db_cnt)
        self.__info = Table(
            'info',
            self.__metadata,
            Column('id', Integer, primary_key=True),
            Column('name', String(65536), unique=True),
            Column('value', String(65536))
        )
        self.__hklm = Table(
            'HKLM',
            self.__metadata,
            Column('id', Integer, primary_key=True),
            Column('hive_key', String(65536), unique=True),
            Column('type', Integer),
            Column('data', String)
        )
        self.__hkcu = Table(
            'HKCU',
            self.__metadata,
            Column('id', Integer, primary_key=True),
            Column('sid', String),
            Column('hive_key', String(65536)),
            Column('type', Integer),
            Column('data', String),
            UniqueConstraint('sid', 'hive_key')
        )
        self.__shortcuts = Table(
            'Shortcuts',
            self.__metadata,
            Column('id', Integer, primary_key=True),
            Column('sid', String),
            Column('path', String),
            Column('shortcut', String),
            UniqueConstraint('sid', 'path')
        )
        self.__printers = Table(
            'Printers',
            self.__metadata,
            Column('id', Integer, primary_key=True),
            Column('sid', String),
            Column('name', String),
            Column('printer', String),
            UniqueConstraint('sid', 'name')
        )
        self.__metadata.create_all(self.db_cnt)
        Session = sessionmaker(bind=self.db_cnt)
        self.db_session = Session()
        try:
            mapper(info_entry, self.__info)
            mapper(samba_preg, self.__hklm)
            mapper(samba_hkcu_preg, self.__hkcu)
            mapper(ad_shortcut, self.__shortcuts)
            mapper(printer_entry, self.__printers)
        except:
            pass
            #logging.error('Error creating mapper')
    def _add(self, row):
        try:
            self.db_session.add(row)
            self.db_session.commit()
        except Exception as exc:
            self.db_session.rollback()
            raise exc
    def _info_upsert(self, row):
        try:
            self._add(row)
        except:
            update_obj = dict({ 'value': row.value })
            (self
                .db_session.query(info_entry)
                .filter(info_entry.name == row.name)
                .update(update_obj))
            self.db_session.commit()
    def _hklm_upsert(self, row):
        try:
            self._add(row)
        except:
            update_obj = dict({'type': row.type, 'data': row.data })
            (self
                .db_session
                .query(samba_preg)
                .filter(samba_preg.hive_key == row.hive_key)
                .update(update_obj))
            self.db_session.commit()
    def _hkcu_upsert(self, row):
        try:
            self._add(row)
        except:
            update_obj = dict({'type': row.type, 'data': row.data })
            (self
                .db_session
                .query(samba_preg)
                .filter(samba_hkcu_preg.sid == row.sid)
                .filter(samba_hkcu_preg.hive_key == row.hive_key)
                .update(update_obj))
            self.db_session.commit()
    def _shortcut_upsert(self, row):
        try:
            self._add(row)
        except:
            update_obj = dict({ 'shortcut': row.shortcut })
            (self
                .db_session
                .query(ad_shortcut)
                .filter(ad_shortcut.sid == row.sid)
                .filter(ad_shortcut.path == row.path)
                .update(update_obj))
            self.db_session.commit()
    def _printer_upsert(self, row):
        try:
            self._add(row)
        except:
            update_obj = dict({ 'printer': row.printer })
            (self
                .db_session
                .query(printer_entry)
                .filter(printer_entry.sid == row.sid)
                .filter(printer_entry.name == row.name)
                .update(update_obj))
            self.db_session.commit()
    def set_info(self, name, value):
        ientry = info_entry(name, value)
        logging.debug(slogm('Setting info {}:{}'.format(name, value)))
        self._info_upsert(ientry)
    def add_hklm_entry(self, preg_entry):
        '''
        Write PReg entry to HKEY_LOCAL_MACHINE
        '''
        pentry = samba_preg(preg_entry)
        if not pentry.hive_key.rpartition('\\')[2].startswith('**'):
            self._hklm_upsert(pentry)
        else:
            logging.warning(slogm('Skipping branch deletion key: {}'.format(pentry.hive_key)))
    def add_hkcu_entry(self, preg_entry, sid):
        '''
        Write PReg entry to HKEY_CURRENT_USER
        '''
        hkcu_pentry = samba_hkcu_preg(sid, preg_entry)
        if not hkcu_pentry.hive_key.rpartition('\\')[2].startswith('**'):
            logging.debug(slogm('Adding HKCU entry for {}'.format(sid)))
            self._hkcu_upsert(hkcu_pentry)
        else:
            logging.warning(slogm('Skipping branch deletion key: {}'.format(hkcu_pentry.hive_key)))
    def add_shortcut(self, sid, sc_obj):
        '''
        Store shortcut information in the database
        '''
        sc_entry = ad_shortcut(sid, sc_obj)
        logging.debug(slogm('Saving info about {} link for {}'.format(sc_entry.path, sid)))
        self._shortcut_upsert(sc_entry)
    def add_printer(self, sid, pobj):
        '''
        Store printer configuration in the database
        '''
        prn_entry = printer_entry(sid, pobj)
        logging.debug(slogm('Saving info about printer {} for {}'.format(prn_entry.name, sid)))
        self._printer_upsert(prn_entry)
    def get_shortcuts(self, sid):
        res = (self
            .db_session
            .query(ad_shortcut)
            .filter(ad_shortcut.sid == sid)
            .all())
        return res
    def get_printers(self, sid):
        res = (self
            .db_session
            .query(printer_entry)
            .filter(printer_entry.sid == sid)
            .all())
        return res
    def get_hkcu_entry(self, sid, hive_key):
        res = (self
            .db_session
            .query(samba_preg)
            .filter(samba_hkcu_preg.sid == sid)
            .filter(samba_hkcu_preg.hive_key == hive_key)
            .first())
        # Try to get the value from machine SID as a default if no option is set.
        if not res:
            machine_sid = self.get_info('machine_sid')
            res = self.db_session.query(samba_preg).filter(samba_hkcu_preg.sid == machine_sid).filter(samba_hkcu_preg.hive_key == hive_key).first()
        return res
    def filter_hkcu_entries(self, sid, startswith):
        res = (self
            .db_session
            .query(samba_hkcu_preg)
            .filter(samba_hkcu_preg.sid == sid)
            .filter(samba_hkcu_preg.hive_key.like(startswith)))
        return res
    def get_info(self, name):
        res = (self
            .db_session
            .query(info_entry)
            .filter(info_entry.name == name)
            .first())
        return res.value
    def get_hklm_entry(self, hive_key):
        res = (self
            .db_session
            .query(samba_preg)
            .filter(samba_preg.hive_key == hive_key)
            .first())
        return res
    def filter_hklm_entries(self, startswith):
        res = (self
            .db_session
            .query(samba_preg)
            .filter(samba_preg.hive_key.like(startswith)))
        return res
    def wipe_user(self, sid):
        self.wipe_hkcu(sid)
        self.wipe_shortcuts(sid)
        self.wipe_printers(sid)
    def wipe_shortcuts(self, sid):
        (self
            .db_session
            .query(ad_shortcut)
            .filter(ad_shortcut.sid == sid)
            .delete())
        self.db_session.commit()
    def wipe_printers(self, sid):
        (self
            .db_session
            .query(printer_entry)
            .filter(printer_entry.sid == sid)
            .delete())
        self.db_session.commit()
    def wipe_hkcu(self, sid):
        (self
            .db_session
            .query(samba_hkcu_preg)
            .filter(samba_hkcu_preg.sid == sid)
            .delete())
        self.db_session.commit()
    def wipe_hklm(self):
        self.db_session.query(samba_preg).delete()
        self.db_session.commit()
--- a/gpoa/templates/47-alt_group_policy_permissions.rules.j2
+++ b/gpoa/templates/47-alt_group_policy_permissions.rules.j2
@@ -0,0 +1,63 @@
 {#
 # GPOA - GPO Applier for Linux
 #
 # Copyright (C) 2019-2022 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #}
 {% if No|length %}
 polkit.addRule(function (action, subject) {
    if ({% for res in No -%}
        action.id == "{{res}}"{% if No|length == loop.index %}){ {% else %} ||{% endif %}
        {% endfor %}    return polkit.Result.NO;
    }
 });
 {% endif %}{% if Yes|length %}
 polkit.addRule(function (action, subject) {
 	if ({% for res in Yes -%}
 		action.id == "{{res}}"{% if Yes|length == loop.index %}){ {% else %} ||{% endif %}
 		{% endfor %}    return polkit.Result.YES;
 	}
 });
 {% endif %}{% if Auth_self|length %}
 polkit.addRule(function (action, subject) {
 	if ({% for res in Auth_self -%}
 		action.id == "{{res}}"{% if Auth_self|length == loop.index %}){ {% else %} ||{% endif %}
 		{% endfor %}    return polkit.Result.AUTH_SELF;
 	}
 });
 {% endif %}{% if Auth_admin|length %}
 polkit.addRule(function (action, subject) {
 	if ({% for res in Auth_admin -%}
 		action.id == "{{res}}"{% if Auth_admin|length == loop.index %}){ {% else %} ||{% endif %}
 		{% endfor %}    return polkit.Result.AUTH_ADMIN;
 	}
 });
 {% endif %}{% if Auth_self_keep|length %}
 polkit.addRule(function (action, subject) {
 	if ({% for res in Auth_self_keep -%}
 		action.id == "{{res}}"{% if Auth_self_keep|length == loop.index %}){ {% else %} ||{% endif %}
 		{% endfor %}    return polkit.Result.AUTH_SELF_KEEP;
 	}
 });
 {% endif %}{% if Auth_admin_keep|length %}
 polkit.addRule(function (action, subject) {
 	if ({% for res in Auth_admin_keep -%}
 		action.id == "{{res}}"{% if Auth_admin_keep|length == loop.index %}){ {% else %} ||{% endif %}
 		{% endfor %}    return polkit.Result.AUTH_ADMIN_KEEP;
    }
 });
 {% endif %}
--- a/gpoa/templates/48-alt_group_policy_permissions_user.rules.j2
+++ b/gpoa/templates/48-alt_group_policy_permissions_user.rules.j2
@@ -0,0 +1,63 @@
 {#
 # GPOA - GPO Applier for Linux
 #
 # Copyright (C) 2019-2022 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #}
 {% if No|length %}
 polkit.addRule(function (action, subject) {
    if ({% for res in No -%}
        action.id == "{{res}}" {% if No|length == loop.index %}&&{% else %}||{% endif %}
        {% endfor %}subject.user == "{{User}}") {
 			return polkit.Result.NO;
    }
 });{% endif %}{% if Yes|length %}
 polkit.addRule(function (action, subject) {
    if ({% for res in Yes -%}
        action.id == "{{res}}" {% if Yes|length == loop.index %}&&{% else %}||{% endif %}
        {% endfor %}subject.user == "{{User}}") {
 			return polkit.Result.YES;
    }
 });{% endif %}{% if Auth_self|length %}
 polkit.addRule(function (action, subject) {
    if ({% for res in Auth_self -%}
        action.id == "{{res}}" {% if Auth_self|length == loop.index %}&&{% else %}||{% endif %}
        {% endfor %}subject.user == "{{User}}") {
 			return polkit.Result.AUTH_SELF;
    }
 });{% endif %}{% if Auth_admin|length %}
 polkit.addRule(function (action, subject) {
    if ({% for res in Auth_admin -%}
        action.id == "{{res}}" {% if Auth_admin|length == loop.index %}&&{% else %}||{% endif %}
        {% endfor %}subject.user == "{{User}}") {
 			return polkit.Result.AUTH_ADMIN;
    }
 });{% endif %}{% if Auth_self_keep|length %}
 polkit.addRule(function (action, subject) {
    if ({% for res in Auth_self_keep -%}
        action.id == "{{res}}" {% if Auth_self_keep|length == loop.index %}&&{% else %}||{% endif %}
        {% endfor %}subject.user == "{{User}}") {
 			return polkit.Result.AUTH_SELF_KEEP;
    }
 });{% endif %}{% if Auth_admin_keep|length %}
 polkit.addRule(function (action, subject) {
    if ({% for res in Auth_admin_keep -%}
        action.id == "{{res}}" {% if Auth_admin_keep|length == loop.index %}&&{% else %}||{% endif %}
        {% endfor %}subject.user == "{{User}}") {
 			return polkit.Result.AUTH_ADMIN_KEEP;
    }
 });
 {% endif %}
--- a/gpoa/templates/48-gpoa_disk_permissions_user.rules.j2
+++ b/gpoa/templates/48-gpoa_disk_permissions_user.rules.j2
@@ -0,0 +1,29 @@
 {#
 # GPOA - GPO Applier for Linux
 #
 # Copyright (C) 2019-2020 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #}
 {% if Deny_All == 1 %}
 polkit.addRule(function (action, subject) {
 	if ((action.id == "org.freedesktop.udisks2.filesystem-mount" ||
 	    action.id == "org.freedesktop.udisks2.filesystem-mount-system" ||
 	    action.id == "org.freedesktop.udisks2.filesystem-mount-other-seat") &&
 	    subject.user == "{{User}}" ) {
 		return polkit.Result.NO;
 	}
 });
 {% endif %}
--- a/gpoa/templates/49-alt_group_policy_permissions.rules.j2
+++ b/gpoa/templates/49-alt_group_policy_permissions.rules.j2
@@ -0,0 +1,63 @@
 {#
 # GPOA - GPO Applier for Linux
 #
 # Copyright (C) 2019-2022 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #}
 {% if No|length %}
 polkit.addRule(function (action, subject) {
    if ({% for res in No -%}
        action.id == "{{res}}"{% if No|length == loop.index %}){ {% else %} ||{% endif %}
        {% endfor %}    return polkit.Result.NO;
    }
 });
 {% endif %}{% if Yes|length %}
 polkit.addRule(function (action, subject) {
 	if ({% for res in Yes -%}
 		action.id == "{{res}}"{% if Yes|length == loop.index %}){ {% else %} ||{% endif %}
 		{% endfor %}    return polkit.Result.YES;
 	}
 });
 {% endif %}{% if Auth_self|length %}
 polkit.addRule(function (action, subject) {
 	if ({% for res in Auth_self -%}
 		action.id == "{{res}}"{% if Auth_self|length == loop.index %}){ {% else %} ||{% endif %}
 		{% endfor %}    return polkit.Result.AUTH_SELF;
 	}
 });
 {% endif %}{% if Auth_admin|length %}
 polkit.addRule(function (action, subject) {
 	if ({% for res in Auth_admin -%}
 		action.id == "{{res}}"{% if Auth_admin|length == loop.index %}){ {% else %} ||{% endif %}
 		{% endfor %}    return polkit.Result.AUTH_ADMIN;
 	}
 });
 {% endif %}{% if Auth_self_keep|length %}
 polkit.addRule(function (action, subject) {
 	if ({% for res in Auth_self_keep -%}
 		action.id == "{{res}}"{% if Auth_self_keep|length == loop.index %}){ {% else %} ||{% endif %}
 		{% endfor %}    return polkit.Result.AUTH_SELF_KEEP;
 	}
 });
 {% endif %}{% if Auth_admin_keep|length %}
 polkit.addRule(function (action, subject) {
 	if ({% for res in Auth_admin_keep -%}
 		action.id == "{{res}}"{% if Auth_admin_keep|length == loop.index %}){ {% else %} ||{% endif %}
 		{% endfor %}    return polkit.Result.AUTH_ADMIN_KEEP;
    }
 });
 {% endif %}
--- a/gpoa/templates/49-gpoa_disk_permissions.rules.j2
+++ b/gpoa/templates/49-gpoa_disk_permissions.rules.j2
@@ -17,7 +17,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #}
-{% if Deny_All == '1' %}
+{% if Deny_All == 1 %}
 polkit.addRule(function (action, subject) {
 	if (action.id == "org.freedesktop.udisks2.filesystem-mount" ||
 	    action.id == "org.freedesktop.udisks2.filesystem-mount-system" ||
--- a/gpoa/templates/autofs_auto.j2
+++ b/gpoa/templates/autofs_auto.j2
@@ -0,0 +1,20 @@
 {#
 # GPOA - GPO Applier for Linux
 #
 # Copyright (C) 2019-2020 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #}
 {{ home_dir }}/{{mntTarget}}	{{ mount_file }}	-t {{timeout}}  --browse
--- a/gpoa/templates/autofs_auto_hide.j2
+++ b/gpoa/templates/autofs_auto_hide.j2
@@ -0,0 +1,20 @@
 {#
 # GPOA - GPO Applier for Linux
 #
 # Copyright (C) 2019-2022 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #}
 {{ home_dir }}/.{{mntTarget}}	{{ mount_file }}	-t {{timeout}}
--- a/gpoa/templates/autofs_identity.j2
+++ b/gpoa/templates/autofs_identity.j2
@@ -0,0 +1,25 @@
 {#
 # GPOA - GPO Applier for Linux
 #
 # Copyright (C) 2019-2020 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #}
 {% if login %}
 username={{ login }}
 {% endif %}
 {% if password %}
 password={{ password }}
 {% endif %}
--- a/gpoa/templates/autofs_mountpoints.j2
+++ b/gpoa/templates/autofs_mountpoints.j2
@@ -0,0 +1,27 @@
 {#
 # GPOA - GPO Applier for Linux
 #
 # Copyright (C) 2019-2022 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #}
 {%- for drv in drives %}
 {% if (drv.thisDrive != 'HIDE') %}
 {% if drv.label %}
 "{{ drv.label }}" -fstype=cifs,cruid=$USER,sec=krb5,noperm{% if drv.username %}{% else %},multiuser{% endif %}{% if drv.cifsacl %},cifsacl{% endif %} :{{ drv.path }}
 {% else %}
 "{{ drv.dir }}" -fstype=cifs,cruid=$USER,sec=krb5,noperm{% if drv.username %}{% else %},multiuser{% endif %}{% if drv.cifsacl %},cifsacl{% endif %} :{{ drv.path }}
 {% endif %}
 {% endif %}
 {% endfor %}
--- a/gpoa/templates/autofs_mountpoints_hide.j2
+++ b/gpoa/templates/autofs_mountpoints_hide.j2
@@ -0,0 +1,27 @@
 {#
 # GPOA - GPO Applier for Linux
 #
 # Copyright (C) 2019-2022 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #}
 {%- for drv in drives %}
 {% if (drv.thisDrive == 'HIDE') %}
 {% if drv.label %}
 "{{ drv.label }}" -fstype=cifs,cruid=$USER,sec=krb5,noperm{% if drv.username %}{% else %},multiuser{% endif %}{% if drv.cifsacl %},cifsacl{% endif %} :{{ drv.path }}
 {% else %}
 "{{ drv.dir }}" -fstype=cifs,cruid=$USER,sec=krb5,noperm{% if drv.username %}{% else %},multiuser{% endif %}{% if drv.cifsacl %},cifsacl{% endif %} :{{ drv.path }}
 {% endif %}
 {% endif %}
 {% endfor %}
--- a/gpoa/test/frontend/appliers/test_packages.py
+++ b/gpoa/test/frontend/appliers/test_packages.py
@@ -0,0 +1,39 @@
 #
 # GPOA - GPO Applier for Linux
 #
 # Copyright (C) 2019-2020 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import unittest
 from frontend.appliers.rpm import rpm
 class PackageTestCase(unittest.TestCase):
    '''
    Semi-integrational tests for packages installation/removing
    '''
    def test_package_not_exist(self):
        packages_for_install = 'dummy1 dummy2'
        packages_for_remove = 'dummy3'
        test_rpm = rpm(packages_for_install, packages_for_remove)
        test_rpm.apply()
    def test_install_remove_same_package(self):
        packages_for_install = 'gotop'
        packages_for_remove = 'gotop'
        test_rpm = rpm(packages_for_install, packages_for_remove)
        test_rpm.apply()
--- a/gpoa/test/gpt/Printers.xml
+++ b/gpoa/test/gpt/Printers.xml
@@ -0,0 +1,3 @@
 <?xml version="1.0" encoding="utf-8"?>
 <Printers clsid="{1F577D12-3D1B-471e-A1B7-060317597B9C}"><PortPrinter clsid="{C3A739D2-4A44-401e-9F9D-88E5E77DFB3E}" name="10.64.128.250" status="10.64.128.250" image="0" changed="2020-01-23 11:48:07" uid="{88D998C2-9875-4278-A607-EC828839EFCE}" userContext="1" bypassErrors="1"><Properties lprQueue="" snmpCommunity="public" protocol="PROTOCOL_RAWTCP_TYPE" portNumber="9100" doubleSpool="0" snmpEnabled="0" snmpDevIndex="1" ipAddress="10.64.128.250" action="C" location="" localName="printer" comment="" default="1" skipLocal="0" useDNS="0" path="\\prnt" deleteAll="0"/><Filters><FilterGroup bool="AND" not="0" name="DOMAIN\Domain Users" sid="S-1-5-21-3359553909-270469630-9462315-513" userContext="1" primaryGroup="0" localGroup="0"/></Filters></PortPrinter>
 </Printers>
--- a/Show More
+++ b/Show More