public/gpupdate
1
0
Fork 1
mirror of https://github.com/altlinux/gpupdate.git synced 2025-10-15 07:33:26 +03:00
Code Releases Wiki Activity

Compare commits

base: public:fix_check_enable
Branches Tags
public:master public:cleanup_machine_account public:machine_account_creds public:fix_kde_version public:fix_kde_screen public:fix_cache public:fix_kde public:fix_oddjob public:fix_plasmaupdate public:fix_kde_applier public:fix_firefox public:fix_check_enable public:fix_dconf_update public:dconf_registry public:astra public:translation_for_several_logs public:ntp_applier_addition public:local_admin_policy_v3 public:local_admin_policy_v2 public:oddjob-gpupdate public:gsettings_fixed_error_unable_to_cache_specified_URI public:bugsFix public:logRu public:package_pkcon public:kdestroy_trouble public:fix_gsettings public:samba_registry_storage public:man_gpupdate_setup public:postinst_remove_cache public:quota_applier public:binary_modules
public:0.13.4-alt1 public:0.13.3-alt1 public:0.13.2-alt1 public:0.13.1-alt1 public:0.13.0-alt1 public:0.12.2-alt1 public:0.12.1-alt1 public:0.12.0-alt1 public:0.11.4-alt1 public:0.11.3-alt1 public:0.11.2-alt1 public:0.11.1-alt1 public:0.11.0-alt1 public:0.10.6-alt1 public:0.10.5-alt1 public:0.10.4-alt1 public:0.10.3-alt1 public:0.10.2-alt1 public:0.10.1-alt1 public:0.10.0-alt1 public:0.9.13.5-alt1 public:0.9.13.4-alt1 public:0.9.12.4-alt1 public:0.9.12.1-alt1 public:0.9.12-alt2 public:0.9.11.2-alt1 public:0.9.11.1-alt1 public:0.9.11-alt1 public:0.9.10-alt1 public:0.9.9.1-alt1 public:0.9.9-alt1 public:0.9.8-alt1 public:0.9.7-alt1 public:0.9.6-alt1 public:0.9.5-alt1 public:0.9.4-alt1 public:0.9.3-alt1 public:0.9.2-alt1 public:0.9.1-alt1 public:0.9.0-alt1 public:0.8.2-alt1 public:0.8.1-alt3 public:0.8.1-alt2 public:0.8.1-alt1 public:0.8.0-alt1 public:0.7.0-alt1 public:0.6.0-alt2 public:0.6.0-alt1 public:0.5.0-alt1 public:0.4.5-alt1 public:0.4.4-alt1 public:0.4.3-alt1 public:0.4.1-alt1 public:0.4.0-alt1 public:0.3.0-alt1
...
compare: public:0.12.0-alt1
Branches Tags
public:master public:cleanup_machine_account public:machine_account_creds public:fix_kde_version public:fix_kde_screen public:fix_cache public:fix_kde public:fix_oddjob public:fix_plasmaupdate public:fix_kde_applier public:fix_firefox public:fix_check_enable public:fix_dconf_update public:dconf_registry public:astra public:translation_for_several_logs public:ntp_applier_addition public:local_admin_policy_v3 public:local_admin_policy_v2 public:oddjob-gpupdate public:gsettings_fixed_error_unable_to_cache_specified_URI public:bugsFix public:logRu public:package_pkcon public:kdestroy_trouble public:fix_gsettings public:samba_registry_storage public:man_gpupdate_setup public:postinst_remove_cache public:quota_applier public:binary_modules
public:0.13.4-alt1 public:0.13.3-alt1 public:0.13.2-alt1 public:0.13.1-alt1 public:0.13.0-alt1 public:0.12.2-alt1 public:0.12.1-alt1 public:0.12.0-alt1 public:0.11.4-alt1 public:0.11.3-alt1 public:0.11.2-alt1 public:0.11.1-alt1 public:0.11.0-alt1 public:0.10.6-alt1 public:0.10.5-alt1 public:0.10.4-alt1 public:0.10.3-alt1 public:0.10.2-alt1 public:0.10.1-alt1 public:0.10.0-alt1 public:0.9.13.5-alt1 public:0.9.13.4-alt1 public:0.9.12.4-alt1 public:0.9.12.1-alt1 public:0.9.12-alt2 public:0.9.11.2-alt1 public:0.9.11.1-alt1 public:0.9.11-alt1 public:0.9.10-alt1 public:0.9.9.1-alt1 public:0.9.9-alt1 public:0.9.8-alt1 public:0.9.7-alt1 public:0.9.6-alt1 public:0.9.5-alt1 public:0.9.4-alt1 public:0.9.3-alt1 public:0.9.2-alt1 public:0.9.1-alt1 public:0.9.0-alt1 public:0.8.2-alt1 public:0.8.1-alt3 public:0.8.1-alt2 public:0.8.1-alt1 public:0.8.0-alt1 public:0.7.0-alt1 public:0.6.0-alt2 public:0.6.0-alt1 public:0.5.0-alt1 public:0.4.5-alt1 public:0.4.4-alt1 public:0.4.3-alt1 public:0.4.1-alt1 public:0.4.0-alt1 public:0.3.0-alt1

136 Commits
fix_check_ ... 0.12.0-alt

Author SHA1 Message Date
Valery Sinelnikov
ce6e49443f 0.12.0-alt1 
- Special thanks to Andrey Belgorodtsev (andrey@net55.su)
  for valuable pre-release testing and feedback
- Added applier thunderbird
- Added environment file cleaning (closes: 51016)
- Added the ability to set the name of the directory to automount
- Added the ability to remove the prefix from a sylink
  to the catalog in automount
- Added the ability to set the timeout in automount
- Added messages using the force mode
- Improved KDE update logic
- Added preservation of previous keys
 2024-12-10 10:49:01 +04:00
Valery Sinelnikov
433d312c0f Prevention of removing the register keys in case --nodomain 2024-12-09 18:49:01 +04:00
Valery Sinelnikov
2ec68dd95a Added preservation of mod_previous_value in the Source registry branch 2024-12-09 14:17:02 +04:00
Valery Sinelnikov
3990f876a4 Added the mod_previous_value field in metadata policies 2024-12-09 14:13:41 +04:00
Valery Sinelnikov
1f541914cd Added clarification to the log 2024-12-05 17:14:56 +04:00
Valery Sinelnikov
dc054008fd The autofs restart condition has been clarified 2024-12-05 17:13:21 +04:00
Valery Sinelnikov
aa4bf9a7c8 Added prevention of unnecessary startup of the gpupdate.service 2024-12-05 17:10:42 +04:00
Valery Sinelnikov
99a6e85ccf Fixed the preservation of previous keys 2024-12-03 14:34:49 +04:00
Valery Sinelnikov
79ef884f7d Fixed loss of value 0 from dconfdb 2024-11-29 12:37:25 +04:00
Valery Sinelnikov
0abc5b0282 Managing version absence in gpo 2024-11-28 16:34:29 +04:00
Danila Skachedubov
dce52c4d9c Fixed handling of not configured state for plasma update 2024-11-27 11:35:22 +04:00
Valery Sinelnikov
4d5969a5fa Added messages using the force mode 2024-11-20 10:53:23 +04:00
Valery Sinelnikov
3263a4cfd3 The usage of the ADB plugin is commented out 2024-11-20 10:38:44 +04:00
Valery Sinelnikov
0685b9e492 Added use of data from Previous branch 2024-11-18 10:18:32 +04:00
Valery Sinelnikov
7188c70a77 The function clean_data moved 2024-11-15 18:10:48 +04:00
Valery Sinelnikov
2edc5c326c The envvar_applier moved to admin_context_apply 2024-11-14 13:54:36 +04:00
Valery Sinelnikov
39b92ce763 The save_dconf moved to the required stage 2024-11-14 13:54:36 +04:00
Valery Sinelnikov
620010e1ab Improved link removal logic 2024-11-14 13:54:36 +04:00
Valery Sinelnikov
b87e8b218f Removed unborrowed code 2024-11-14 13:54:36 +04:00
Valery Sinelnikov
df0f806035 Added preservation of previous values of the registry in the register 2024-11-14 13:54:36 +04:00
Valery Sinelnikov
7e8657939f Added dict key prefix management functions: 
- add_prefix_to_keys() to prefix dictionary keys
- remove_keys_with_prefix() to filter prefixed keys
 2024-11-14 13:54:36 +04:00
Valery Sinelnikov
a879d5ad52 Replaced the _true_strings list with set 
and added dict previous_global_registry_dict
 2024-11-14 13:54:36 +04:00
Valery Sinelnikov
c097769681 Improved correct removal of links 2024-11-14 13:54:36 +04:00
Valery Sinelnikov
a85158ce3c Brought cifs_applier into working condition 2024-11-14 13:54:36 +04:00
Valery Sinelnikov
f79b283574 Added reading data from applier storage 2024-11-14 13:54:36 +04:00
Valery Sinelnikov
b791f3d5eb Added the ability to write and read from applier storage 2024-11-14 13:54:36 +04:00
Valery Sinelnikov
b16460309a Added a new log with translation 2024-11-14 13:54:36 +04:00
Valery Sinelnikov
40cf97989e Added the ability to get the path predefined applier storage 2024-11-14 13:54:36 +04:00
Valery Sinelnikov
71eeb1d5a0 Added the ability to specify a specific file 
in get_dictionary_from_dconf_file_db
 2024-11-14 13:54:36 +04:00
Valery Sinelnikov
f45fc7092d Fixed cifs_applie for check_enable_key. 2024-11-14 13:54:36 +04:00
Valery Sinelnikov
e537b3846a Added the ability to query get_entry as data 2024-11-14 13:54:36 +04:00
Valery Sinelnikov
64581f60d2 Added the ability to remove the prefix from a symlink 
and set the name of the directory to mount
 2024-11-14 13:54:36 +04:00
Valery Sinelnikov
1436ee201e Added new classmethod check_enable_dconf_key 2024-11-14 13:54:36 +04:00
Valery Sinelnikov
0051e001a8 Added the use of keys to configure the name and timeout 2024-11-14 13:54:36 +04:00
Valery Sinelnikov
d4eb4263fa Added use of timeout setting 2024-11-14 13:54:36 +04:00
Valery Sinelnikov
a99ed2db2a Added timeout variable to autofs templates 2024-11-14 13:54:36 +04:00
Valery Sinelnikov
8bc4375339 Removed unnecessary imports 2024-11-14 13:54:36 +04:00
Valery Sinelnikov
f24038b288 Changed the way the log is output 2024-11-14 13:54:36 +04:00
Valery Sinelnikov
96ec5cc690 Removing unclaimed imports 2024-11-14 13:54:36 +04:00
Valery Sinelnikov
e88278fb47 Added environment file cleaning 2024-11-14 13:54:36 +04:00
Valery Sinelnikov
4be89029aa Updated dates 2024-11-14 13:54:36 +04:00
Valery Sinelnikov
b981744d75 Cleaned up code and updated date 2024-11-14 13:54:36 +04:00
Valery Sinelnikov
760a1d8b90 Added to use thunderbird_applier 2024-11-14 13:54:36 +04:00
Valery Sinelnikov
cb035fd56e Added logs for Thunderbird 2024-11-14 13:54:36 +04:00
Valery Sinelnikov
e56293e768 Updated dates 2024-11-14 13:54:36 +04:00
Valery Sinelnikov
0c0f7d223b Cleaned up code 2024-11-14 13:54:36 +04:00
Valery Sinelnikov
3c09737aa7 Added thunderbird applier 2024-11-14 13:54:36 +04:00
Valery Sinelnikov
0027b5aa96 Functions moved from class to outside 2024-11-14 13:54:36 +04:00
Danila Skachedubov
df8984dd65 Fixed frequent updating of plasmashell service 2024-11-13 15:41:22 +04:00
ValeraSin
5f8c75e27c Merge pull request #208 from altlinux/fix_file_cache 
Fix wallpaper for KDE
 2024-10-25 15:40:52 +04:00
ValeraSin
03b031734a Merge pull request #207 from alxvmr/quote_fix 
Added handling of quotation marks in Preference values
 2024-10-25 15:32:03 +04:00
Danila Skachedubov
77c0d60b7d Fixed desktop image caching mechanism in KDE 2024-10-22 13:14:11 +04:00
Danila Skachedubov
51b744f94b Added check for the existence of the cached file and logs about it 2024-10-11 17:17:31 +04:00
Danila Skachedubov
cdd9d84037 Added function for changing rights to caching directories 2024-10-11 17:17:28 +04:00
Valery Sinelnikov
4de1946e32 0.11.4-alt1 
- Added skip plugin (closes: 51631)
- Fixed getting the network path (closes:51606)
- The _appliers sequence has been changed,
  package_applier has been moved to the end
 2024-10-11 12:24:23 +04:00
Valery Sinelnikov
73759857b3 The _appliers sequence has been changed, 
package_applier has been moved to the end
 2024-10-11 12:06:09 +04:00
Valery Sinelnikov
b3e222ae55 Fixed getting the network path 2024-10-11 12:04:38 +04:00
Maria Alexeeva
8a2c9554f7 Added handling of quotation marks in Preference values 2024-09-27 13:16:18 +04:00
Valery Sinelnikov
862b3b358b 0.11.3-alt1 
- Optimized string cleaning using str.translate()
 2024-09-06 15:06:06 +04:00
Valery Sinelnikov
0d2c70da35 Optimized string cleaning using str.translate() 
for multiple character replacements
 2024-09-06 15:05:27 +04:00
Valery Sinelnikov
2953e4b0c6 0.11.2-alt1 
- Fixed data type handling in kde_applier
- Removing legacy unused code
- Added saving policy data without polfile
- Added escaping of special characters in data (closes: 51201)
 2024-09-05 10:39:51 +04:00
Valery Sinelnikov
c8585ac932 Added accounting for empty policies 2024-09-05 10:37:15 +04:00
Valery Sinelnikov
981d883ed0 Added escaping of special characters in data 2024-09-04 13:04:30 +04:00
Valery Sinelnikov
3ddd9462ea The location to add policy data has been moved 2024-09-04 10:33:43 +04:00
Valery Sinelnikov
ab79f169e8 Changed the function of adding policy data 2024-09-04 10:25:36 +04:00
Danila Skachedubov
5a3ba30910 Fixed data type handling 2024-09-02 12:13:53 +04:00
Valery Sinelnikov
d554b1fdf9 Removing Unused Code 2024-08-29 14:44:36 +04:00
Valery Sinelnikov
3960c4b094 0.11.1-alt1 
- Fixed setting links in shortcuts (closes: 51275)
 2024-08-27 11:54:00 +04:00
Valery Sinelnikov
5f178651f7 Fixed setting links in shortcuts 2024-08-27 11:34:45 +04:00
Valery Sinelnikov
674e1d176b Removed unused code 2024-08-27 11:23:45 +04:00
Valery Sinelnikov
afe6ef04d4 0.11.0-alt1 
- Added saving preferences in dconf
- Added versioning support for gpt
- Added the ability to force gpt download
- Added completions for --force
- Added new exceptions for Chromium 126
- Added information to the man pages
- Fixed handling of incorrect valuename
 2024-08-09 17:12:05 +04:00
Valery Sinelnikov
fa98fef5a3 Del print 2024-08-09 16:48:19 +04:00
Valery Sinelnikov
c6c34accff Added --force key management via Group Policy 2024-08-09 16:02:49 +04:00
Valery Sinelnikov
dba6a58c6a Added completions for --force 2024-08-09 12:05:14 +04:00
Valentin Sokolov
a02969c686 Added new exceptions for Chromium 126 2024-08-09 12:00:58 +04:00
Olga Kamaeva
e040bbbd69 Added information to the man pages 2024-08-09 11:59:43 +04:00
Valery Sinelnikov
1775bfa08c Added "force" for gpupdate switch to force gpt download 2024-08-09 11:56:59 +04:00
Valery Sinelnikov
165f4bfc83 Added --force for gpoa switch to force gpt download 2024-08-09 11:56:06 +04:00
Valery Sinelnikov
316f5d1e49 Added class field _force 2024-08-09 11:52:55 +04:00
Valery Sinelnikov
150f3441fd Added rectification to check_module_enabled 2024-08-08 15:03:15 +04:00
Valery Sinelnikov
769b520d47 Added tracking of attempts to read from the dconf database in the log 2024-08-07 11:58:57 +04:00
Valery Sinelnikov
517ed6d56b Added number attribute to scriptsini for incorrect paths 2024-08-06 14:00:36 +04:00
Valery Sinelnikov
40635f9a01 Removed premature call to fill_cache 2024-08-05 17:22:45 +04:00
Valery Sinelnikov
2eb6e0c632 Added ignoring of policies without versions 2024-08-05 17:19:46 +04:00
Valery Sinelnikov
710b78b79f Added conversion of key value to list 2024-07-29 17:34:41 +04:00
Valery Sinelnikov
f308539a5a Changed the way to read package lists 2024-07-25 16:57:51 +04:00
Valery Sinelnikov
ca8cb9ce78 Storing versions and policy paths has been changed to a dictionary 2024-07-25 11:00:41 +04:00
Valery Sinelnikov
3c7d45cd52 Added reading cached gpt 2024-07-24 12:50:58 +04:00
Valery Sinelnikov
6e77d54aa3 Added checking for cached gpt 2024-07-24 12:08:51 +04:00
Valery Sinelnikov
3c72786bd8 Added now log D211 2024-07-23 17:13:51 +04:00
Valery Sinelnikov
8a36e01fbb Added explicit conversion to uid string to form filename 2024-07-22 17:14:39 +04:00
Valery Sinelnikov
32cb959f0b Corrected operation of _check_sysvol_present 2024-07-22 17:10:34 +04:00
Valery Sinelnikov
3fb24dbd99 Added GPO version mapping in caches and removed 
the file_sys_path attribute to prevent reloading
 2024-07-22 11:47:41 +04:00
Valery Sinelnikov
b737c9f0aa Added saving of policy data in a class field, 
which does not require downloading
 2024-07-22 11:34:37 +04:00
Valery Sinelnikov
48d94ae046 Added method for reading keys and binary file 2024-07-19 15:58:26 +04:00
Valery Sinelnikov
4ed05cb481 Added check for empty value 2024-07-18 17:56:25 +04:00
Valery Sinelnikov
cddc7d70fb Changed the way the dconf database is created 2024-07-15 10:41:49 +04:00
Valery Sinelnikov
64c305c544 Added get_dconf_config_path 2024-07-12 13:23:01 +04:00
Valery Sinelnikov
4ee10c1560 Renamed the get_dconf_config_path function to get_dconf_config_file 2024-07-12 13:20:15 +04:00
Valery Sinelnikov
5e5c5d45a6 Added saving policy_name for preferences 2024-07-11 12:05:48 +04:00
Valery Sinelnikov
56ee1334af Added a new field for the DynamicAttributes class 2024-07-11 12:04:01 +04:00
Valery Sinelnikov
de5ef65c16 Added list mark 2024-07-09 18:44:21 +04:00
Valery Sinelnikov
453934621d Renamed the variable 2024-07-09 15:51:13 +04:00
Valery Sinelnikov
2132c3676f Added use of RegistryKeyMetadat 2024-07-09 14:02:42 +04:00
Valery Sinelnikov
e9adb9b298 Added RegistryKeyMetadata class for storage in dconf 2024-07-09 14:02:42 +04:00
Valery Sinelnikov
3e3957d693 Renamed the function for clarity 2024-07-09 14:02:42 +04:00
Valery Sinelnikov
554147b57f Simplifying Enum Display 2024-07-09 14:02:42 +04:00
Valery Sinelnikov
6b632e851c Updated to message W17 2024-07-09 14:02:42 +04:00
Valery Sinelnikov
3e99bfcb60 Added saving data about sources in keys 2024-07-09 14:02:42 +04:00
Valery Sinelnikov
2c48b3a6a4 Changed the gpo priority key and added the use of gpo_info 2024-07-09 14:02:42 +04:00
Valery Sinelnikov
2e22d7abc9 Added gpo counter for saving in dconf 2024-07-09 14:02:42 +04:00
Valery Sinelnikov
e645fa4e86 Changed base class after renaming 2024-07-09 14:02:42 +04:00
Valery Sinelnikov
cdcac9e4db Added use of GpoInfoDconf object to save policy data 2024-07-09 14:02:42 +04:00
Valery Sinelnikov
d3a316c1c0 Renamed base class 2024-07-09 14:02:42 +04:00
Valery Sinelnikov
f081ec6454 Added a class to represent gpo attributes in dconf 2024-07-09 14:02:42 +04:00
Valery Sinelnikov
60d6996db2 Transferring the use of FileAction 2024-07-09 14:02:42 +04:00
Valery Sinelnikov
ea52e9671b Clean code 2024-07-09 14:02:42 +04:00
Valery Sinelnikov
92df692559 Using FileAction from util 2024-07-09 14:02:42 +04:00
Valery Sinelnikov
3b4f92997e FileAction moved to util 2024-07-09 14:02:42 +04:00
Valery Sinelnikov
98d02a4da0 Added use of add_preferences_to_global_registry_dict 2024-07-09 14:02:42 +04:00
Valery Sinelnikov
eb951cbd5e Added functions to convert preference objects to dconf keys 2024-07-09 14:02:42 +04:00
Valery Sinelnikov
9ce68f2acc Added base class inheritance 2024-07-09 14:02:42 +04:00
Valery Sinelnikov
54239c339c Added base class for preference 2024-07-09 14:02:42 +04:00
Valery Sinelnikov
2b108e2029 0.10.6-alt1 
- Fixed firefox_applier errors
 2024-07-08 16:51:46 +04:00
Valery Sinelnikov
2a21983b13 Personalized data extraction 2024-07-08 16:30:38 +04:00
Valery Sinelnikov
b6e84b3d9e Removed Convert_string_dconf from valuename 2024-07-08 16:29:00 +04:00
Valery Sinelnikov
bb314fb553 0.10.5-alt1 
- Correction of missing entries with a upper case
- Fixed string processing in date (closes: 50782)
- Fixed getting correct data for the user for pkcon_runner
 2024-07-02 14:27:19 +04:00
Valery Sinelnikov
28718e8ad6 Update getting correct data for the user 2024-07-02 11:29:54 +04:00
Valery Sinelnikov
2857cfb899 Fixed getting correct data for the user 2024-06-28 18:46:24 +04:00
Danila Skachedubov
8717e1b9a3 Fixed string processing in date 2024-06-28 18:44:21 +04:00
Danila Skachedubov
d3c9b95331 Correction of missing entries with a upper case 2024-06-28 18:44:11 +04:00
Valery Sinelnikov
4d6a5d750c 0.10.4-alt1 
- Fixed the definition of the module activation check (closes: 50755)
- Fixed sorting of scripts (closes: 50756)
- Fixed reading key values from dconf
- Changed the method for getting the list of packages for pkcon_runner
 2024-06-27 16:48:27 +04:00
Valery Sinelnikov
84e1340362 Fixed sorting of scripts 
Reported-by: Sergey Sysoev <sysoevsa@surgut.gazprom.ru>
 2024-06-27 16:43:18 +04:00
Danila Skachedubov
5ee05df574 Fixed the definition of the module activation check 
Reported-by: Sergey Sysoev <sysoevsa@surgut.gazprom.ru>
 2024-06-27 14:26:37 +04:00
Valery Sinelnikov
2a993f0400 Fixed reading key values ​​from dconf 2024-06-27 12:14:59 +04:00
Valery Sinelnikov
b878b7e1b3 Changed the method for getting the list of packages for pkcon_runner 2024-06-27 12:13:08 +04:00
71 changed files with 1157 additions and 1603 deletions
Expand all files Collapse all files

2
completions/gpoa
View File

@@ -13,7 +13,7 @@ _gpoa()
return
;;
*)
COMPREPLY=($(compgen -W '--dc --nodomain --noupdate --noplugins --list-backends --loglevel --help' -- "$cur"))
COMPREPLY=($(compgen -W '--dc --nodomain --noupdate --noplugins --list-backends --loglevel --help --force' -- "$cur"))
return
;;
esac

2
completions/gpupdate
View File

@@ -17,7 +17,7 @@ _gpupdate()
return
;;
*)
COMPREPLY=($(compgen -W '--user --target --loglevel --system --help' -- "$cur"))
COMPREPLY=($(compgen -W '--user --target --loglevel --system --help --force' -- "$cur"))
return
;;
esac

9
doc/gpoa.1
View File

@@ -45,6 +45,9 @@ Don't run plugins.
.TP
\fB--loglevel \fILOGLEVEL\fP
Set logging verbosity from 0 to 5.
.TP
\fB--force\fP
Force GPT download.
.
.SH FILES
\fB/usr/sbin/gpoa\fR utility uses \fB/usr/share/local-policy/default\fR
@@ -55,8 +58,10 @@ All data is located in \fB/var/cache/gpupdate\fR. Also domain GPTs are
taken from Samba's \fB/var/cache/samba\fR.
.
The settings read from Samba are stored in
\fB/var/cache/gpupdate/registry.sqlite\fR and "Local Policy" settings
read from \fB/usr/local/share/local-policy/default\fR are converted
Dconf. Machine policies are stored in the \fB/etc/dconf/db/policy.d/policy.ini\fR file,
user policies are stored in the \fB/etc/dconf/db/policy<UID>.d/policy<UID>.ini\fR file
(where UID is the user ID in the system)."Local Policy" settings
read from \fB/usr/share/local-policy/\fR are converted
into GPT and stored as \fB/var/cache/gpupdate/local-policy\fR.
.SH "SEE ALSO"
gpupdate(1)

3
doc/gpupdate.1
View File

@@ -43,6 +43,9 @@ Show help.
.TP
\fB--user \fIusername\fR
Run \fBgpupdate\fP for \fIusername\fP.
.TP
\fB--force\fP
Force GPT download.
.
.SS "EXIT CODES"
.TP

12
gpoa/backend/__init__.py
View File

@@ -23,8 +23,8 @@ from .nodomain_backend import nodomain_backend
from util.logging import log
from util.config import GPConfig
from util.util import get_uid_by_username, touch_file
from util.paths import get_dconf_config_path
from storage.dconf_registry import Dconf_registry, create_dconf_ini_file
from util.paths import get_dconf_config_file
from storage.dconf_registry import Dconf_registry, create_dconf_ini_file, add_preferences_to_global_registry_dict
def backend_factory(dc, username, is_machine, no_domain = False):
'''
@@ -62,12 +62,14 @@ def backend_factory(dc, username, is_machine, no_domain = False):
return back
def save_dconf(username, is_machine):
def save_dconf(username, is_machine, nodomain=None):
if is_machine:
uid = None
else:
uid = get_uid_by_username(username) if not is_machine else None
target_file = get_dconf_config_path(uid)
target_file = get_dconf_config_file(uid)
touch_file(target_file)
Dconf_registry.apply_template(uid)
create_dconf_ini_file(target_file,Dconf_registry.global_registry_dict)
add_preferences_to_global_registry_dict(username, is_machine)
Dconf_registry.update_dict_to_previous()
create_dconf_ini_file(target_file,Dconf_registry.global_registry_dict, uid, nodomain)

8
gpoa/backend/nodomain_backend.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
# Copyright (C) 2019-2024 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -16,18 +16,14 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import logging
import os
from .applier_backend import applier_backend
from storage import registry_factory
from gpt.gpt import gpt, get_local_gpt
from gpt.gpt import get_local_gpt
from util.util import (
get_machine_name
)
from util.sid import get_sid
import util.preg
from util.logging import slogm
class nodomain_backend(applier_backend):

44
gpoa/backend/samba_backend.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
# Copyright (C) 2019-2024 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -26,16 +26,15 @@ except ImportError:
from .applier_backend import applier_backend
from storage import registry_factory
from gpt.gpt import gpt, get_local_gpt
from gpt.gpo_dconf_mapping import GpoInfoDconf
from util.util import (
get_machine_name,
is_machine_name
get_machine_name
)
from util.kerberos import (
machine_kinit
, machine_kdestroy
)
from util.sid import get_sid
import util.preg
from util.logging import log
class samba_backend(applier_backend):
@@ -66,6 +65,9 @@ class samba_backend(applier_backend):
self.sambacreds = sambacreds
self.cache_dir = self.sambacreds.get_cache_dir()
self.gpo_cache_part ='gpo_cache'
self._cached = False
self.storage.set_info('cache_dir', os.path.join(self.cache_dir, self.gpo_cache_part))
logdata = dict({'cachedir': self.cache_dir})
log('D7', logdata)
@@ -104,8 +106,6 @@ class samba_backend(applier_backend):
raise exc
if self._is_machine_username:
self.storage.wipe_hklm()
self.storage.wipe_user(self.storage.get_info('machine_sid'))
for gptobj in machine_gpts:
try:
gptobj.merge_machine()
@@ -123,7 +123,6 @@ class samba_backend(applier_backend):
except Exception as exc:
log('F3')
raise exc
self.storage.wipe_user(self.sid)
# Merge user settings if UserPolicyMode set accordingly
# and user settings (for HKCU) are exist.
@@ -154,10 +153,15 @@ class samba_backend(applier_backend):
'''
Check if there is SYSVOL path for GPO assigned
'''
self._cached = False
if not gpo.file_sys_path:
# GPO named "Local Policy" has no entry by its nature so
# no reason to print warning.
if 'Local Policy' != gpo.name:
if gpo.display_name in self.storage._dict_gpo_name_version_cache.keys():
gpo.file_sys_path = self.storage._dict_gpo_name_version_cache.get(gpo.display_name, {}).get('correct_path')
self._cached = True
return True
elif 'Local Policy' != gpo.name:
logdata = dict({'gponame': gpo.name})
log('W4', logdata)
return False
@@ -172,20 +176,18 @@ class samba_backend(applier_backend):
log('D46')
for gpo in gpos:
if self._check_sysvol_present(gpo):
path = check_safe_path(gpo.file_sys_path).upper()
slogdata = dict({'sysvol_path': gpo.file_sys_path, 'gpo_name': gpo.display_name, 'gpo_path': path})
log('D30', slogdata)
gpt_abspath = os.path.join(self.cache_dir, 'gpo_cache', path)
gpo_version=None
try:
gpo_version=gpo.version
except:
log('D210')
if self._is_machine_username:
obj = gpt(gpt_abspath, sid, None, version=gpo_version)
if not self._cached:
path = check_safe_path(gpo.file_sys_path).upper()
slogdata = dict({'sysvol_path': gpo.file_sys_path, 'gpo_name': gpo.display_name, 'gpo_path': path})
log('D30', slogdata)
gpt_abspath = os.path.join(self.cache_dir, self.gpo_cache_part, path)
else:
obj = gpt(gpt_abspath, sid, self.username, version=gpo_version)
gpt_abspath = gpo.file_sys_path
log('D211', {'sysvol_path': gpo.file_sys_path, 'gpo_name': gpo.display_name})
if self._is_machine_username:
obj = gpt(gpt_abspath, sid, None, GpoInfoDconf(gpo))
else:
obj = gpt(gpt_abspath, sid, self.username, GpoInfoDconf(gpo))
obj.set_name(gpo.display_name)
gpts.append(obj)
else:

13
gpoa/frontend/applier_frontend.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
# Copyright (C) 2019-2024 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -18,7 +18,6 @@
from abc import ABC
from util.logging import log
def check_experimental_enabled(storage):
experimental_enable_flag = '/Software/BaseALT/Policies/GPUpdate/GlobalExperimental'
@@ -36,8 +35,8 @@ def check_windows_mapping_enabled(storage):
flag = storage.get_key_value(windows_mapping_enable_flag)
result = True
if flag and '0' == str(flag):
flag = str(flag)
if flag and '0' == flag:
result = False
return result
@@ -48,9 +47,9 @@ def check_module_enabled(storage, module_name):
flag = storage.get_key_value(gpupdate_module_flag)
result = None
if flag:
if '1' == str(flag):
flag = str(flag)
if flag and flag!='None':
if '1' == flag:
result = True
else:
result = False

8
gpoa/frontend/appliers/control.py
View File

@@ -17,9 +17,7 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import subprocess
import threading
import logging
from util.logging import slogm, log
from util.logging import log
def control_subst(preg_name):
'''
@@ -101,14 +99,14 @@ class control:
if status == None:
logdata = dict()
logdata['control'] = self.control_name
logdata['inpossible values'] = self.self.control_value
logdata['inpossible values'] = self.control_value
log('E42', logdata)
return
elif type(self.control_value) == str:
if self.control_value not in self.possible_values:
logdata = dict()
logdata['control'] = self.control_name
logdata['inpossible values'] = self.self.control_value
logdata['inpossible values'] = self.control_value
log('E59', logdata)
return
status = self.control_value

33
gpoa/frontend/appliers/envvar.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
# Copyright (C) 2019-2024 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -17,27 +17,40 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from os.path import isfile
from util.logging import slogm
import logging
from gpt.envvars import (
from util.arguments import (
FileAction
, action_letter2enum
)
from util.windows import expand_windows_var
from util.util import (
get_homedir,
homedir_exists
)
from util.util import get_homedir
from util.logging import log
class Envvar:
__envvar_file_path = '/etc/gpupdate/environment'
__envvar_file_path_user = '/.gpupdate_environment'
def __init__(self, envvars, username=''):
self.username = username
self.envvars = envvars
if self.username == 'root':
self.envvar_file_path = '/etc/gpupdate/environment'
self.envvar_file_path = Envvar.__envvar_file_path
else:
self.envvar_file_path = get_homedir(self.username) + '/.gpupdate_environment'
self.envvar_file_path = get_homedir(self.username) + Envvar.__envvar_file_path_user
@staticmethod
def clear_envvar_file(username = False):
if username:
file_path = get_homedir(username) + Envvar.__envvar_file_path_user
else:
file_path = Envvar.__envvar_file_path
try:
with open(file_path, 'w') as file:
file.write('')
log('D215', {'path':file_path})
except Exception as exc:
log('D216', {'path': file_path, 'exc': exc})
def _open_envvar_file(self):
fd = None

2
gpoa/frontend/appliers/file_cp.py
View File

@@ -17,7 +17,7 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from gpt.folders import (
from util.arguments import (
FileAction
, action_letter2enum
)

2
gpoa/frontend/appliers/folder.py
View File

@@ -20,7 +20,7 @@
from pathlib import Path
from gpt.folders import (
from util.arguments import (
FileAction
, action_letter2enum
)

3
gpoa/frontend/appliers/gsettings.py
View File

@@ -18,10 +18,9 @@
import configparser
import os
import logging
from gi.repository import Gio, GLib
from util.logging import slogm, log
from util.logging import log
class system_gsetting:
def __init__(self, schema, path, value, lock, helper_function=None):

2
gpoa/frontend/appliers/ini_file.py
View File

@@ -18,7 +18,7 @@
from gpt.folders import (
from util.arguments import (
FileAction
, action_letter2enum
)

2
gpoa/frontend/appliers/netshare.py
View File

@@ -18,7 +18,7 @@
import subprocess
from gpt.folders import (
from util.arguments import (
FileAction
, action_letter2enum
)

6
gpoa/frontend/appliers/systemd.py
View File

@@ -17,9 +17,8 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import dbus
import logging
from util.logging import slogm, log
from util.logging import log
class systemd_unit:
def __init__(self, unit_name, state):
@@ -38,6 +37,9 @@ class systemd_unit:
if self.desired_state == 1:
self.manager.UnmaskUnitFiles([self.unit_name], dbus.Boolean(False))
self.manager.EnableUnitFiles([self.unit_name], dbus.Boolean(False), dbus.Boolean(True))
if self.unit_name == 'gpupdate.service':
if self.manager.GetUnitFileState(dbus.String(self.unit_name)) == 'enabled':
return
self.manager.StartUnit(self.unit_name, 'replace')
logdata = dict()
logdata['unit'] = self.unit_name

14
gpoa/frontend/chromium_applier.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
# Copyright (C) 2019-2024 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -39,8 +39,7 @@ class chromium_applier(applier_frontend):
self.sid = sid
self.username = username
self._is_machine_name = is_machine_name(self.username)
chromium_filter = '{}%'.format(self.__registry_branch)
self.chromium_keys = self.storage.filter_hklm_entries(chromium_filter)
self.chromium_keys = self.storage.filter_hklm_entries(self.__registry_branch)
self.policies_json = dict()
@@ -122,6 +121,11 @@ class chromium_applier(applier_frontend):
'ProxyServerMode',
'ExtensionManifestV2Availability',
'ExtensionUnpublishedAvailability',
'CreateThemesSettings',
'DevToolsGenAiSettings',
'GenAILocalFoundationalModelSettings',
'HelpMeWriteSettings',
'TabOrganizerSettings',
'BrowserSwitcherParsingMode',
'CloudAPAuthEnabled',
'AdsSettingForIntrusiveAdsSites',
@@ -135,10 +139,14 @@ class chromium_applier(applier_frontend):
'HeadlessMode',
'IncognitoModeAvailability',
'IntranetRedirectBehavior',
'LensOverlaySettings',
'MemorySaverModeSavings',
'NetworkPredictionOptions',
'ProfilePickerOnStartupAvailability',
'ProfileReauthPrompt',
'RelaunchNotification',
'SafeSitesFilterBehavior',
'ToolbarAvatarLabelSettings',
'UserAgentReduction',
'BatterySaverModeAvailability_recommended',
'DownloadRestrictions_recommended',

165
gpoa/frontend/cifs_applier.py
View File

@@ -26,7 +26,7 @@ from .applier_frontend import (
applier_frontend
, check_enabled
)
from util.util import get_homedir
from util.util import get_homedir, get_uid_by_username
from util.logging import log
def storage_get_drives(storage, sid):
@@ -152,12 +152,24 @@ class cifs_applier_user(applier_frontend):
__template_auto = 'autofs_auto.j2'
__template_mountpoints_hide = 'autofs_mountpoints_hide.j2'
__template_auto_hide = 'autofs_auto_hide.j2'
__enable_home_link = 'Software\\BaseALT\\Policies\\GPUpdate\\DriveMapsHome'
__enable_home_link_user = 'Software\\BaseALT\\Policies\\GPUpdate\\DriveMapsHomeUser'
__enable_home_link = '/Software/BaseALT/Policies/GPUpdate/DriveMapsHome'
__enable_home_link_user = '/Software/BaseALT/Policies/GPUpdate/DriveMapsHomeUser'
__name_dir = '/Software/BaseALT/Policies/GPUpdate'
__name_link_prefix = '/Software/BaseALT/Policies/GPUpdate/DriveMapsHomeDisableNet'
__name_link_prefix_user = '/Software/BaseALT/Policies/GPUpdate/DriveMapsHomeDisableNetUser'
__key_link_prefix = 'DriveMapsHomeDisableNet'
__key_link_prefix_user = 'DriveMapsHomeDisableNetUser'
__timeout_user_key = '/Software/BaseALT/Policies/GPUpdate/TimeoutAutofsUser'
__timeout_key = '/Software/BaseALT/Policies/GPUpdate/TimeoutAutofs'
__target_mountpoint = '/media/gpupdate'
__target_mountpoint_user = '/run/media'
__mountpoint_dirname = 'drives.system'
__mountpoint_dirname_user = 'drives'
__key_cifs_previous_value = 'Previous/Software/BaseALT/Policies/GPUpdate'
__key_preferences = 'Software/BaseALT/Policies/Preferences/'
__key_preferences_previous = 'Previous/Software/BaseALT/Policies/Preferences/'
__name_value = 'DriveMapsName'
__name_value_user = 'DriveMapsNameUser'
def __init__(self, storage, sid, username):
self.storage = storage
@@ -165,14 +177,43 @@ class cifs_applier_user(applier_frontend):
self.username = username
self.state_home_link = False
self.state_home_link_user = False
self.dict_registry_machine = self.storage.get_dictionary_from_dconf_file_db()
self.homedir = ''
name_dir = self.__name_dir[1:]
if username:
self.dict_registry_user = self.storage.get_dictionary_from_dconf_file_db(get_uid_by_username(username))
self.home = self.__target_mountpoint_user + '/' + username
self.state_home_link = self.check_enable_home_link(self.__enable_home_link)
self.state_home_link_user = self.check_enable_home_link(self.__enable_home_link_user)
self.state_home_link = self.storage.check_enable_key(self.__enable_home_link)
self.state_home_link_disable_net = self.storage.check_enable_key(self.__name_link_prefix)
self.state_home_link_disable_net_user = self.storage.check_enable_key(self.__name_link_prefix_user)
self.state_home_link_user = self.storage.check_enable_key(self.__enable_home_link_user)
self.timeout = self.storage.get_entry(self.__timeout_user_key)
dirname = self.storage.get_entry(self.__name_dir + '/' + self.__name_value_user)
dirname_system_from_machine = self.dict_registry_machine.get(name_dir, dict()).get(self.__name_value, None)
self.__mountpoint_dirname_user = dirname.data if dirname and dirname.data else self.__mountpoint_dirname_user
self.__mountpoint_dirname = dirname_system_from_machine if dirname_system_from_machine else self.__mountpoint_dirname
mntTarget = self.__mountpoint_dirname_user
self.keys_cifs_previous_values_user = self.dict_registry_user.get(self.__key_cifs_previous_value,dict())
self.keys_cifs_values_user = self.dict_registry_user.get(name_dir,dict())
self.keys_the_preferences_previous_values_user = self.dict_registry_user.get((self.__key_preferences_previous+self.username),dict()).get('Drives', dict())
self.keys_the_preferences_values_user = self.dict_registry_user.get((self.__key_preferences+self.username),dict()).get('Drives', dict())
else:
self.home = self.__target_mountpoint
self.timeout = self.storage.get_entry(self.__timeout_key)
dirname_system = self.storage.get_entry(self.__name_dir + '/' + self.__name_value)
self.__mountpoint_dirname = dirname_system.data if dirname_system and dirname_system.data else self.__mountpoint_dirname
mntTarget = self.__mountpoint_dirname
self.keys_cifs_previous_values_machine = self.dict_registry_machine.get(self.__key_cifs_previous_value,dict())
self.keys_cifs_values_machine = self.dict_registry_machine.get(name_dir,dict())
self.keys_the_preferences_previous_values = self.dict_registry_machine.get((self.__key_preferences_previous+'Machine'),dict()).get('Drives', dict())
self.keys_the_preferences_values = self.dict_registry_machine.get((self.__key_preferences+'Machine'),dict()).get('Drives', dict())
self.mntTarget = mntTarget.translate(str.maketrans({" ": r"\ "}))
conf_file = '{}.conf'.format(sid)
conf_hide_file = '{}_hide.conf'.format(sid)
autofs_file = '{}.autofs'.format(sid)
@@ -195,10 +236,6 @@ class cifs_applier_user(applier_frontend):
self.user_autofs_hide.unlink()
self.user_creds = self.auto_master_d / cred_file
if username:
self.mntTarget = self.__mountpoint_dirname_user
else:
self.mntTarget = self.__mountpoint_dirname
self.mount_dir = Path(os.path.join(self.home))
self.drives = storage_get_drives(self.storage, self.sid)
@@ -219,12 +256,20 @@ class cifs_applier_user(applier_frontend):
, self.__module_experimental
)
def check_enable_home_link(self, enable_home_link):
if self.storage.get_hkcu_entry(self.sid, enable_home_link):
data = self.storage.get_hkcu_entry(self.sid, enable_home_link).data
return bool(int(data)) if data else None
def is_mount_point_dirname(self):
if self.username:
return self.mount_dir.joinpath(self.__mountpoint_dirname_user).is_mount()
else:
return False
return self.mount_dir.joinpath(self.__mountpoint_dirname).is_mount()
def is_changed_keys(self):
if self.username:
return (self.keys_cifs_previous_values_user.get(self.__name_value_user) != self.keys_cifs_values_user.get(self.__name_value_user) or
self.keys_the_preferences_previous_values_user != self.keys_the_preferences_values_user)
else:
return (self.keys_cifs_previous_values_machine.get(self.__name_value) != self.keys_cifs_values_machine.get(self.__name_value) or
self.keys_the_preferences_previous_values != self.keys_the_preferences_values)
def user_context_apply(self):
'''
@@ -280,6 +325,8 @@ class cifs_applier_user(applier_frontend):
autofs_settings['home_dir'] = self.home
autofs_settings['mntTarget'] = self.mntTarget
autofs_settings['mount_file'] = self.user_config.resolve()
autofs_settings['timeout'] = self.timeout.data if self.timeout and self.timeout.data else 120
autofs_text = self.template_auto.render(**autofs_settings)
with open(self.user_autofs.resolve(), 'w') as f:
@@ -294,59 +341,111 @@ class cifs_applier_user(applier_frontend):
f.write(autofs_text)
f.flush()
if self.username:
self.update_drivemaps_home_links()
if self.is_changed_keys() or (self.drives and not self.is_mount_point_dirname()):
self.restart_autofs()
if self.username:
self.update_drivemaps_home_links()
def restart_autofs(self):
try:
subprocess.check_call(['/bin/systemctl', 'restart', 'autofs'])
except Exception as exc:
log('E74', {'exc': exc})
def unlink_symlink(self, symlink:Path, previous=None):
try:
if symlink.exists() and symlink.is_symlink() and symlink.owner() == 'root':
symlink.unlink()
elif symlink.is_symlink() and not symlink.exists():
symlink.unlink()
elif previous:
symlink.unlink()
except:
pass
def del_previous_link(self, previous_value_link , mountpoint_dirname, prefix):
d_previous = Path(self.homedir + ('/' if prefix else '/net.') + previous_value_link)
if d_previous.name != mountpoint_dirname:
dHide_previous = Path(self.homedir + ('/.' if prefix else '/.net.') + previous_value_link)
self.unlink_symlink(d_previous, True)
self.unlink_symlink(dHide_previous, True)
def update_drivemaps_home_links(self):
dUser = Path(get_homedir(self.username)+'/net.' + self.__mountpoint_dirname_user)
dUserHide = Path(get_homedir(self.username)+'/.net.' + self.__mountpoint_dirname_user)
if self.state_home_link_disable_net:
prefix = ''
else:
prefix = 'net.'
if self.state_home_link_disable_net_user:
prefix_user = ''
else:
prefix_user = 'net.'
previous_value_link = self.keys_cifs_previous_values_machine.get(self.__name_value, self.__mountpoint_dirname)
previous_state_home_link_disable_net_user = self.keys_cifs_previous_values_user.get(self.__key_link_prefix_user)
previous_state_home_link_disable_net = self.keys_cifs_previous_values_user.get(self.__key_link_prefix)
previous_value_link_user = self.keys_cifs_previous_values_user.get(self.__name_value_user, self.__mountpoint_dirname_user)
self.homedir = get_homedir(self.username)
dUser = Path(self.homedir + '/' + prefix_user + self.__mountpoint_dirname_user)
dUserHide = Path(self.homedir + '/.' + prefix_user + self.__mountpoint_dirname_user)
dMachine = Path(self.homedir+'/' + prefix + self.__mountpoint_dirname)
dMachineHide = Path(self.homedir+'/.' + prefix + self.__mountpoint_dirname)
if self.state_home_link_user:
dUserMountpoint = Path(self.home).joinpath(self.__mountpoint_dirname_user)
dUserMountpointHide = Path(self.home).joinpath('.' + self.__mountpoint_dirname_user)
if not dUser.exists():
self.del_previous_link(previous_value_link_user, dUser.name, previous_state_home_link_disable_net_user)
if not dUser.exists() and dUserMountpoint.exists():
try:
os.symlink(dUserMountpoint, dUser, True)
except Exception as exc:
log('D194', {'exc': exc})
elif dUser.is_symlink() and not dUserMountpoint.exists():
self.unlink_symlink(dUser)
if not dUserHide.exists():
if not dUserHide.exists() and dUserMountpointHide.exists():
try:
os.symlink(dUserMountpointHide, dUserHide, True)
except Exception as exc:
log('D196', {'exc': exc})
elif dUserHide.is_symlink() and not dUserMountpointHide.exists():
self.unlink_symlink(dUserHide)
else:
if dUser.is_symlink() and dUser.owner() == 'root':
dUser.unlink()
if dUserHide.is_symlink() and dUserHide.owner() == 'root':
dUserHide.unlink()
self.del_previous_link(previous_value_link_user, dUser.name, previous_state_home_link_disable_net_user)
self.unlink_symlink(dUser)
self.unlink_symlink(dUserHide)
dMachine = Path(get_homedir(self.username)+'/net.' + self.__mountpoint_dirname)
dMachineHide = Path(get_homedir(self.username)+'/.net.' + self.__mountpoint_dirname)
if self.state_home_link:
dMachineMountpoint = Path(self.__target_mountpoint).joinpath(self.__mountpoint_dirname)
dMachineMountpointHide = Path(self.__target_mountpoint).joinpath('.' + self.__mountpoint_dirname)
self.del_previous_link(previous_value_link, dMachine.name, previous_state_home_link_disable_net)
if not dMachine.exists():
if not dMachine.exists() and dMachineMountpoint.exists():
try:
os.symlink(dMachineMountpoint, dMachine, True)
except Exception as exc:
log('D195', {'exc': exc})
elif dMachine.is_symlink() and not dMachineMountpoint.exists():
self.unlink_symlink(dMachine)
if not dMachineHide.exists():
if not dMachineHide.exists() and dMachineMountpointHide.exists():
try:
os.symlink(dMachineMountpointHide, dMachineHide, True)
except Exception as exc:
log('D197', {'exc': exc})
elif dMachineHide.is_symlink() and not dMachineMountpointHide.exists():
self.unlink_symlink(dMachineHide)
else:
if dMachine.is_symlink() and dMachine.owner() == 'root':
dMachine.unlink()
if dMachineHide.is_symlink() and dMachineHide.owner() == 'root':
dMachineHide.unlink()
self.del_previous_link(previous_value_link, dMachine.name, previous_state_home_link_disable_net)
self.unlink_symlink(dMachine)
self.unlink_symlink(dMachineHide)
def admin_context_apply(self):
if self.__module_enabled:

5
gpoa/frontend/control_applier.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
# Copyright (C) 2019-2024 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -21,9 +21,8 @@ from .applier_frontend import (
, check_enabled
)
from .appliers.control import control
from util.logging import slogm, log
from util.logging import log
import logging
class control_applier(applier_frontend):
__module_name = 'ControlApplier'

10
gpoa/frontend/cups_applier.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
# Copyright (C) 2019-2024 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -16,19 +16,15 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import logging
import os
import json
import cups
from .applier_frontend import (
applier_frontend
, check_enabled
)
from gpt.printers import json2printer
from util.rpm import is_rpm_installed
from util.logging import slogm, log
from util.logging import log
def storage_get_printers(storage, sid):
'''
@@ -115,7 +111,7 @@ class cups_applier_user(applier_frontend):
self.__module_enabled = check_enabled(
self.storage
, self.__module_name
, self.__module_enabled
, self.__module_experimental
)
def user_context_apply(self):

17
gpoa/frontend/envvar_applier.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
# Copyright (C) 2019-2024 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -21,9 +21,8 @@ from .applier_frontend import (
, check_enabled
)
from .appliers.envvar import Envvar
from util.logging import slogm, log
from util.logging import log
import logging
class envvar_applier(applier_frontend):
__module_name = 'EnvvarsApplier'
@@ -34,7 +33,8 @@ class envvar_applier(applier_frontend):
self.storage = storage
self.sid = sid
self.envvars = self.storage.get_envvars(self.sid)
#self.__module_enabled = check_enabled(self.storage, self.__module_name, self.__module_enabled)
Envvar.clear_envvar_file()
self.__module_enabled = check_enabled(self.storage, self.__module_name, self.__module_experimental)
def apply(self):
if self.__module_enabled:
@@ -54,12 +54,10 @@ class envvar_applier_user(applier_frontend):
self.sid = sid
self.username = username
self.envvars = self.storage.get_envvars(self.sid)
#self.__module_enabled = check_enabled(self.storage, self.__module_name, self.__module_experimental)
Envvar.clear_envvar_file(username)
self.__module_enabled = check_enabled(self.storage, self.__module_name, self.__module_experimental)
def admin_context_apply(self):
pass
def user_context_apply(self):
if self.__module_enabled:
log('D136')
ev = Envvar(self.envvars, self.username)
@@ -67,3 +65,6 @@ class envvar_applier_user(applier_frontend):
else:
log('D137')
def user_context_apply(self):
pass

152
gpoa/frontend/firefox_applier.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
# Copyright (C) 2019-2024 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -40,8 +40,7 @@ class firefox_applier(applier_frontend):
__module_experimental = False
__module_enabled = True
__registry_branch = 'Software/Policies/Mozilla/Firefox'
__firefox_installdir1 = '/usr/lib64/firefox/distribution'
__firefox_installdir2 = '/etc/firefox/policies'
__firefox_policies = '/etc/firefox/policies'
def __init__(self, storage, sid, username):
self.storage = storage
@@ -50,8 +49,7 @@ class firefox_applier(applier_frontend):
self._is_machine_name = is_machine_name(self.username)
self.policies = dict()
self.policies_json = dict({ 'policies': self.policies })
firefox_filter = '{}%'.format(self.__registry_branch)
self.firefox_keys = self.storage.filter_hklm_entries(firefox_filter)
self.firefox_keys = self.storage.filter_hklm_entries(self.__registry_branch)
self.policies_gen = dict()
self.__module_enabled = check_enabled(
self.storage
@@ -59,88 +57,16 @@ class firefox_applier(applier_frontend):
, self.__module_experimental
)
def get_boolean(self,data):
if data in ['0', 'false', None, 'none', 0]:
return False
if data in ['1', 'true', 1]:
return True
def get_parts(self, hivekeyname):
'''
Parse registry path string and leave key parameters
'''
parts = hivekeyname.replace(self.__registry_branch, '').split('/')
return parts
def create_dict(self, firefox_keys):
'''
Collect dictionaries from registry keys into a general dictionary
'''
excp = ['SOCKSVersion']
counts = dict()
for it_data in firefox_keys:
branch = counts
try:
if type(it_data.data) is bytes:
it_data.data = it_data.data.decode(encoding='utf-16').replace('\x00','')
json_data = try_dict_to_literal_eval(it_data.data)
if json_data:
it_data.data = json_data
it_data.type = 7
#Cases when it is necessary to create nested dictionaries
if it_data.valuename != it_data.data:
parts = self.get_parts(it_data.hive_key)
#creating a nested dictionary from elements
for part in parts[:-1]:
branch = branch.setdefault(part, {})
#dictionary key value initialization
if it_data.type == 4:
if it_data.valuename in excp:
branch[parts[-1]] = int(it_data.data)
else:
branch[parts[-1]] = self.get_boolean(it_data.data)
elif it_data.type == 7:
branch[parts[-1]] = it_data.data
else:
branch[parts[-1]] = str(it_data.data).replace('\\', '/')
#Cases when it is necessary to create lists in a dictionary
else:
parts = self.get_parts(it_data.keyname)
for part in parts[:-1]:
branch = branch.setdefault(part, {})
if branch.get(parts[-1]) is None:
branch[parts[-1]] = list()
if it_data.type == 4:
branch[parts[-1]].append(self.get_boolean(it_data.data))
else:
if os.path.isdir(str(it_data.data).replace('\\', '/')):
branch[parts[-1]].append(str(it_data.data).replace('\\', '/'))
else:
branch[parts[-1]].append(str(it_data.data))
except Exception as exc:
logdata = dict()
logdata['Exception'] = exc
logdata['keyname'] = it_data.keyname
log('W14', logdata)
self.policies_json = {'policies': dict_item_to_list(counts)}
def machine_apply(self):
'''
Write policies.json to Firefox installdir.
Write policies.json to Firefox.
'''
self.create_dict(self.firefox_keys)
destfile = os.path.join(self.__firefox_installdir1, 'policies.json')
excp = ['SOCKSVersion']
self.policies_json = create_dict(self.firefox_keys, self.__registry_branch, excp)
os.makedirs(self.__firefox_installdir1, exist_ok=True)
with open(destfile, 'w') as f:
json.dump(self.policies_json, f)
logdata = dict()
logdata['destfile'] = destfile
log('D91', logdata)
destfile = os.path.join(self.__firefox_installdir2, 'policies.json')
os.makedirs(self.__firefox_installdir2, exist_ok=True)
destfile = os.path.join(self.__firefox_policies, 'policies.json')
os.makedirs(self.__firefox_policies, exist_ok=True)
with open(destfile, 'w') as f:
json.dump(self.policies_json, f)
logdata = dict()
@@ -180,3 +106,65 @@ def dict_item_to_list(dictionary:dict) -> dict:
else:
dict_item_to_list(dictionary[key])
return dictionary
def clean_data_firefox(data):
return data.replace("'", '\"')
def create_dict(firefox_keys, registry_branch, excp=list()):
'''
Collect dictionaries from registry keys into a general dictionary
'''
get_boolean = lambda data: data in ['0', 'false', None, 'none', 0] if isinstance(data, (str, int)) else False
get_parts = lambda hivekey, registry: hivekey.replace(registry, '').split('/')
counts = dict()
for it_data in firefox_keys:
branch = counts
try:
if type(it_data.data) is bytes:
it_data.data = it_data.data.decode(encoding='utf-16').replace('\x00','')
json_data = try_dict_to_literal_eval(it_data.data)
if json_data:
it_data.data = json_data
it_data.type = 7
else:
if it_data.type == 1:
it_data.data = clean_data_firefox(it_data.data)
#Cases when it is necessary to create nested dictionaries
if it_data.valuename != it_data.data:
parts = get_parts(it_data.hive_key, registry_branch)
#creating a nested dictionary from elements
for part in parts[:-1]:
branch = branch.setdefault(part, {})
#dictionary key value initialization
if it_data.type == 4:
if it_data.valuename in excp:
branch[parts[-1]] = int(it_data.data)
else:
branch[parts[-1]] = get_boolean(it_data.data)
elif it_data.type == 7:
branch[parts[-1]] = it_data.data
else:
branch[parts[-1]] = str(it_data.data).replace('\\', '/')
#Cases when it is necessary to create lists in a dictionary
else:
parts = get_parts(it_data.keyname, registry_branch)
for part in parts[:-1]:
branch = branch.setdefault(part, {})
if branch.get(parts[-1]) is None:
branch[parts[-1]] = list()
if it_data.type == 4:
branch[parts[-1]].append(get_boolean(it_data.data))
else:
if os.path.isdir(str(it_data.data).replace('\\', '/')):
branch[parts[-1]].append(str(it_data.data).replace('\\', '/'))
else:
branch[parts[-1]].append(str(it_data.data))
except Exception as exc:
logdata = dict()
logdata['Exception'] = exc
logdata['keyname'] = it_data.keyname
log('W14', logdata)
return {'policies': dict_item_to_list(counts)}

5
gpoa/frontend/firewall_applier.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
# Copyright (C) 2019-2024 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -17,10 +17,9 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import logging
import subprocess
from util.logging import slogm, log
from util.logging import log
from .applier_frontend import (
applier_frontend
, check_enabled

3
gpoa/frontend/folder_applier.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
# Copyright (C) 2019-2024 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -16,7 +16,6 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from pathlib import Path
from .applier_frontend import (
applier_frontend

8
gpoa/frontend/frontend_manager.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
# Copyright (C) 2019-2024 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -26,6 +26,7 @@ from .polkit_applier import (
)
from .systemd_applier import systemd_applier
from .firefox_applier import firefox_applier
from .thunderbird_applier import thunderbird_applier
from .chromium_applier import chromium_applier
from .cups_applier import cups_applier
from .package_applier import (
@@ -147,6 +148,7 @@ class frontend_manager:
self.machine_appliers['polkit'] = polkit_applier(self.storage)
self.machine_appliers['systemd'] = systemd_applier(self.storage)
self.machine_appliers['firefox'] = firefox_applier(self.storage, self.sid, self.username)
self.machine_appliers['thunderbird'] = thunderbird_applier(self.storage, self.sid, self.username)
self.machine_appliers['chromium'] = chromium_applier(self.storage, self.sid, self.username)
self.machine_appliers['yandex_browser'] = yandex_browser_applier(self.storage, self.sid, self.username)
self.machine_appliers['shortcuts'] = shortcut_applier(self.storage)
@@ -161,7 +163,6 @@ class frontend_manager:
self.machine_appliers['cups'] = cups_applier(self.storage)
self.machine_appliers['firewall'] = firewall_applier(self.storage)
self.machine_appliers['folders'] = folder_applier(self.storage, self.sid)
self.machine_appliers['package'] = package_applier(self.storage)
self.machine_appliers['ntp'] = ntp_applier(self.storage)
self.machine_appliers['envvar'] = envvar_applier(self.storage, self.sid)
self.machine_appliers['networkshare'] = networkshare_applier(self.storage, self.sid)
@@ -169,6 +170,7 @@ class frontend_manager:
self.machine_appliers['files'] = file_applier(self.storage, self.file_cache, self.sid)
self.machine_appliers['ini'] = ini_applier(self.storage, self.sid)
self.machine_appliers['kde'] = kde_applier(self.storage)
self.machine_appliers['package'] = package_applier(self.storage)
def _init_user_appliers(self):
# User appliers are expected to work with user-writable
@@ -183,7 +185,6 @@ class frontend_manager:
logdata['applier_name'] = 'cifs'
logdata['msg'] = str(exc)
log('E25', logdata)
self.user_appliers['package'] = package_applier_user(self.storage, self.sid, self.username)
self.user_appliers['polkit'] = polkit_applier_user(self.storage, self.sid, self.username)
self.user_appliers['envvar'] = envvar_applier_user(self.storage, self.sid, self.username)
self.user_appliers['networkshare'] = networkshare_applier(self.storage, self.sid, self.username)
@@ -191,6 +192,7 @@ class frontend_manager:
self.user_appliers['files'] = file_applier_user(self.storage, self.file_cache, self.sid, self.username)
self.user_appliers['ini'] = ini_applier_user(self.storage, self.sid, self.username)
self.user_appliers['kde'] = kde_applier_user(self.storage, self.sid, self.username, self.file_cache)
self.user_appliers['package'] = package_applier_user(self.storage, self.sid, self.username)
def machine_apply(self):
'''

17
gpoa/frontend/gsettings_applier.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2021 BaseALT Ltd.
# Copyright (C) 2019-2024 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -21,10 +21,8 @@ import os
import pwd
import subprocess
from gi.repository import (
Gio
, GLib
)
from gi.repository import Gio
from storage.dconf_registry import Dconf_registry
from .applier_frontend import (
applier_frontend
@@ -35,7 +33,7 @@ from .appliers.gsettings import (
system_gsettings,
user_gsettings
)
from util.logging import slogm ,log
from util.logging import log
def uri_fetch(schema, path, value, cache):
'''
@@ -48,6 +46,8 @@ def uri_fetch(schema, path, value, cache):
logdata['src'] = value
try:
retval = cache.get(value)
if not retval:
retval = ''
logdata['dst'] = retval
log('D90', logdata)
except Exception as exc:
@@ -137,10 +137,7 @@ class gsettings_applier(applier_frontend):
log('E48')
# Update desktop configuration system backend
try:
proc = subprocess.run(args=['/usr/bin/dconf', "update"], capture_output=True, check=True)
except Exception as exc:
log('E49')
Dconf_registry.dconf_update()
def apply(self):
if self.__module_enabled:

3
gpoa/frontend/ini_applier.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2022 BaseALT Ltd.
# Copyright (C) 2019-2024 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -16,7 +16,6 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from pathlib import Path
from .appliers.ini_file import Ini_file
from .applier_frontend import (

101
gpoa/frontend/kde_applier.py
View File

@@ -29,8 +29,8 @@ class kde_applier(applier_frontend):
__module_name = 'KdeApplier'
__module_experimental = True
__module_enabled = False
__hklm_branch = 'Software\\BaseALT\\Policies\\KDE\\'
__hklm_lock_branch = 'Software\\BaseALT\\Policies\\KDELocks\\'
__hklm_branch = 'Software/BaseALT/Policies/KDE/'
__hklm_lock_branch = 'Software/BaseALT/Policies/KDELocks/'
def __init__(self, storage):
self.storage = storage
@@ -61,8 +61,9 @@ class kde_applier_user(applier_frontend):
__module_name = 'KdeApplierUser'
__module_experimental = True
__module_enabled = False
__hkcu_branch = 'Software\\BaseALT\\Policies\\KDE\\'
__hkcu_lock_branch = 'Software\\BaseALT\\Policies\\KDELocks\\'
__hkcu_branch = 'Software/BaseALT/Policies/KDE'
__hkcu_lock_branch = 'Software/BaseALT/Policies/KDELocks'
__plasma_update_entry = 'Software/BaseALT/Policies/KDE/Plasma/Update'
def __init__(self, storage, sid=None, username=None, file_cache = None):
self.storage = storage
@@ -75,6 +76,8 @@ class kde_applier_user(applier_frontend):
kde_filter = '{}%'.format(self.__hkcu_branch)
locks_filter = '{}%'.format(self.__hkcu_lock_branch)
self.locks_settings = self.storage.filter_hkcu_entries(self.sid, locks_filter)
self.plasma_update = self.storage.get_entry(self.__plasma_update_entry)
self.plasma_update_flag = self.plasma_update.data if self.plasma_update is not None else 0
self.kde_settings = self.storage.filter_hkcu_entries(self.sid, kde_filter)
self.__module_enabled = check_enabled(
self.storage,
@@ -83,7 +86,16 @@ class kde_applier_user(applier_frontend):
)
def admin_context_apply(self):
pass
try:
for setting in self.kde_settings:
file_name = setting.keyname.split("/")[-2]
if file_name == 'wallpaper':
data = setting.data
break
self.file_cache.store(data)
except Exception as exc:
logdata = dict()
logdata['exc'] = exc
def user_context_apply(self):
'''
@@ -91,12 +103,12 @@ class kde_applier_user(applier_frontend):
'''
if self.__module_enabled:
log('D200')
create_dict(self.kde_settings, self.all_kde_settings, self.locks_settings, self.locks_dict, self.file_cache, self.username)
create_dict(self.kde_settings, self.all_kde_settings, self.locks_settings, self.locks_dict, self.file_cache, self.username, self.plasma_update_flag)
apply(self.all_kde_settings, self.locks_dict, self.username)
else:
log('D201')
def create_dict(kde_settings, all_kde_settings, locks_settings, locks_dict, file_cache = None, username = None):
def create_dict(kde_settings, all_kde_settings, locks_settings, locks_dict, file_cache = None, username = None, plasmaupdate = False):
for locks in locks_settings:
locks_dict[locks.valuename] = locks.data
for setting in kde_settings:
@@ -104,7 +116,7 @@ def create_dict(kde_settings, all_kde_settings, locks_settings, locks_dict, file
file_name, section, value = setting.keyname.split("/")[-2], setting.keyname.split("/")[-1], setting.valuename
data = setting.data
if file_name == 'wallpaper':
apply_for_wallpaper(data, file_cache, username)
apply_for_wallpaper(data, file_cache, username, plasmaupdate)
else:
if file_name not in all_kde_settings:
all_kde_settings[file_name] = {}
@@ -162,6 +174,7 @@ def apply(all_kde_settings, locks_dict, username = None):
pass
for section, keys in sections.items():
for key, value in keys.items():
value = str(value)
lock = f"{file_name}.{section}.{key}"
if lock in locks_dict and locks_dict[lock] == 1:
command = [
@@ -219,18 +232,29 @@ def clear_locks_settings(username, file_name, key):
logdata['line'] = line.strip()
log('I10', logdata)
def apply_for_wallpaper(data, file_cache, username):
def apply_for_wallpaper(data, file_cache, username, plasmaupdate):
'''
Method to change wallpaper
'''
logdata = dict()
path_to_wallpaper = f'{get_homedir(username)}/.config/plasma-org.kde.plasma.desktop-appletsrc'
id_desktop = get_id_desktop(path_to_wallpaper)
try:
try:
file_cache.store(data)
data = file_cache.get(data)
data = str(file_cache.get(data))
except NotUNCPathError:
data = data
data = str(data)
with open(path_to_wallpaper, 'r') as file:
current_wallpaper = file.read()
match = re.search(rf'\[Containments\]\[{id_desktop}\]\[Wallpaper\]\[org\.kde\.image\]\[General\]\s+Image=(.*)', current_wallpaper)
if match:
current_wallpaper_path = match.group(1)
flag = (current_wallpaper_path == data)
else:
flag = False
os.environ["LANGUAGE"] = os.environ["LANG"].split(".")[0]
os.environ["XDG_DATA_DIRS"] = "/usr/share/kf5:"
#Variable for system detection of directories before files with .colors extension
os.environ["DISPLAY"] = ":0"
@@ -239,32 +263,33 @@ def apply_for_wallpaper(data, file_cache, username):
os.environ["DBUS_SESSION_BUS_ADDRESS"] = f"unix:path=/run/user/{os.getuid()}/bus"#plasma-apply-wallpaperimage
os.environ["PATH"] = "/usr/lib/kf5/bin:"
#environment variable for accessing binary files without hard links
if os.path.isfile(path_to_wallpaper):
id_desktop = get_id_desktop(path_to_wallpaper)
command = [
'kwriteconfig5',
'--file', 'plasma-org.kde.plasma.desktop-appletsrc',
'--group', 'Containments',
'--group', id_desktop,
'--group', 'Wallpaper',
'--group', 'org.kde.image',
'--group', 'General',
'--key', 'Image',
'--type', 'string',
data
]
try:
subprocess.run(command, check=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
except:
logdata['command'] = command
log('E68', logdata)
try:
session_bus = dbus.SessionBus()
plasma_shell = session_bus.get_object('org.kde.plasmashell', '/PlasmaShell', introspect='org.kde.PlasmaShell')
plasma_shell_iface = dbus.Interface(plasma_shell, 'org.kde.PlasmaShell')
plasma_shell_iface.refreshCurrentShell()
except:
pass
if not flag:
if os.path.isfile(path_to_wallpaper):
command = [
'kwriteconfig5',
'--file', 'plasma-org.kde.plasma.desktop-appletsrc',
'--group', 'Containments',
'--group', id_desktop,
'--group', 'Wallpaper',
'--group', 'org.kde.image',
'--group', 'General',
'--key', 'Image',
'--type', 'string',
data
]
try:
subprocess.run(command, check=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
except:
logdata['command'] = command
log('E68', logdata)
if plasmaupdate == 1:
try:
session_bus = dbus.SessionBus()
plasma_shell = session_bus.get_object('org.kde.plasmashell', '/PlasmaShell', introspect='org.kde.PlasmaShell')
plasma_shell_iface = dbus.Interface(plasma_shell, 'org.kde.PlasmaShell')
plasma_shell_iface.refreshCurrentShell()
except:
pass
else:
logdata['file'] = path_to_wallpaper
log('W21', logdata)

9
gpoa/frontend/package_applier.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
# Copyright (C) 2019-2024 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -18,12 +18,7 @@
import logging
import subprocess
from util.logging import slogm, log
from util.rpm import (
update
, install_rpm
, remove_rpm
)
from util.logging import log
from .applier_frontend import (
applier_frontend

5
gpoa/frontend/scripts_applier.py
View File

@@ -95,7 +95,6 @@ class scripts_applier_user(applier_frontend):
, self.__module_name
, self.__module_experimental
)
self.filling_cache()
def cleaning_cache(self):
log('D161')
@@ -143,7 +142,9 @@ def install_script(storage_script_entry, script_dir, access_permissions):
'''
dir_cr = Path(script_dir)
dir_cr.mkdir(parents=True, exist_ok=True)
script_name = str(int(storage_script_entry.number)).zfill(5) + '_' + os.path.basename(storage_script_entry.path)
if storage_script_entry.number is None:
return
script_name = str(storage_script_entry.number).zfill(5) + '_' + os.path.basename(storage_script_entry.path)
script_file = os.path.join(script_dir, script_name)
shutil.copyfile(storage_script_entry.path, script_file)

7
gpoa/frontend/shortcut_applier.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
# Copyright (C) 2019-2024 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -16,16 +16,14 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import logging
import subprocess
from .applier_frontend import (
applier_frontend
, check_enabled
)
from gpt.shortcuts import json2sc
from util.windows import expand_windows_var
from util.logging import slogm, log
from util.logging import log
from util.util import (
get_homedir,
homedir_exists
@@ -141,6 +139,7 @@ class shortcut_applier_user(applier_frontend):
self.storage = storage
self.sid = sid
self.username = username
self.__module_enabled = check_enabled(self.storage, self.__module_name, self.__module_experimental)
def run(self, in_usercontext):
shortcuts = storage_get_shortcuts(self.storage, self.sid, self.username)

12
gpoa/frontend/systemd_applier.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
# Copyright (C) 2019-2024 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -21,9 +21,8 @@ from .applier_frontend import (
, check_enabled
)
from .appliers.systemd import systemd_unit
from util.logging import slogm, log
from util.logging import log
import logging
class systemd_applier(applier_frontend):
__module_name = 'SystemdApplier'
@@ -43,15 +42,14 @@ class systemd_applier(applier_frontend):
def run(self):
for setting in self.systemd_unit_settings:
valuename = setting.hive_key.rpartition('/')[2]
try:
self.units.append(systemd_unit(valuename, int(setting.data)))
self.units.append(systemd_unit(setting.valuename, int(setting.data)))
logdata = dict()
logdata['unit'] = format(valuename)
logdata['unit'] = format(setting.valuename)
log('I4', logdata)
except Exception as exc:
logdata = dict()
logdata['unit'] = format(valuename)
logdata['unit'] = format(setting.valuename)
logdata['exc'] = exc
log('I5', logdata)
for unit in self.units:

70
gpoa/frontend/thunderbird_applier.py Normal file
View File

@@ -0,0 +1,70 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2024 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
import json
import os
from .applier_frontend import (
applier_frontend
, check_enabled
)
from util.logging import log
from util.util import is_machine_name
from .firefox_applier import create_dict
class thunderbird_applier(applier_frontend):
__module_name = 'ThunderbirdApplier'
__module_experimental = False
__module_enabled = True
__registry_branch = 'Software/Policies/Mozilla/Thunderbird'
__thunderbird_policies = '/etc/thunderbird/policies'
def __init__(self, storage, sid, username):
self.storage = storage
self.sid = sid
self.username = username
self._is_machine_name = is_machine_name(self.username)
self.policies = dict()
self.policies_json = dict({ 'policies': self.policies })
self.thunderbird_keys = self.storage.filter_hklm_entries(self.__registry_branch)
self.policies_gen = dict()
self.__module_enabled = check_enabled(
self.storage
, self.__module_name
, self.__module_experimental
)
def machine_apply(self):
'''
Write policies.json to Thunderbird.
'''
self.policies_json = create_dict(self.thunderbird_keys, self.__registry_branch)
destfile = os.path.join(self.__thunderbird_policies, 'policies.json')
os.makedirs(self.__thunderbird_policies, exist_ok=True)
with open(destfile, 'w') as f:
json.dump(self.policies_json, f)
logdata = dict()
logdata['destfile'] = destfile
log('D212', logdata)
def apply(self):
if self.__module_enabled:
log('D213')
self.machine_apply()
else:
log('D214')

5
gpoa/frontend/yandex_browser_applier.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2022 BaseALT Ltd.
# Copyright (C) 2019-2024 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -39,8 +39,7 @@ class yandex_browser_applier(applier_frontend):
self.sid = sid
self.username = username
self._is_machine_name = is_machine_name(self.username)
yandex_filter = '{}%'.format(self.__registry_branch)
self.yandex_keys = self.storage.filter_hklm_entries(yandex_filter)
self.yandex_keys = self.storage.filter_hklm_entries(self.__registry_branch)
self.policies_json = dict()

7
gpoa/gpoa
View File

@@ -27,6 +27,7 @@ from backend import backend_factory, save_dconf
from frontend.frontend_manager import frontend_manager, determine_username
from plugin import plugin_manager
from messages import message_with_code
from storage import Dconf_registry
from util.util import get_machine_name
from util.users import (
@@ -61,6 +62,9 @@ def parse_arguments():
arguments.add_argument('--list-backends',
action='store_true',
help='Show list of available backends')
arguments.add_argument('--force',
action='store_true',
help='Force GPT download')
arguments.add_argument('--loglevel',
type=int,
default=4,
@@ -120,6 +124,7 @@ class gpoa_controller:
print('local')
print('samba')
return
Dconf_registry._force = self.__args.force
self.start_plugins()
self.start_backend()
@@ -149,6 +154,7 @@ class gpoa_controller:
back.retrieve_and_store()
# Start frontend only on successful backend finish
self.start_frontend()
save_dconf(self.username, self.is_machine, nodomain)
except Exception as exc:
logdata = dict({'message': str(exc)})
# In case we're handling "E3" - it means that
@@ -159,7 +165,6 @@ class gpoa_controller:
einfo = geterr()
logdata.update(einfo)
log('E3', logdata)
save_dconf(self.username, self.is_machine)
def start_frontend(self):
'''

4
gpoa/gpt/drives.py
View File

@@ -19,7 +19,7 @@
import json
from base64 import b64decode
from Crypto.Cipher import AES
from .dynamic_attributes import DynamicAttributes
from util.xml import get_xml_root
def decrypt_pass(cpassword):
@@ -93,7 +93,7 @@ def json2drive(json_str):
return drive_obj
class drivemap:
class drivemap(DynamicAttributes):
def __init__(self):
self.login = None
self.password = None

50
gpoa/gpt/dynamic_attributes.py Normal file
View File

@@ -0,0 +1,50 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2024 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from enum import Enum
class DynamicAttributes:
def __init__(self, **kwargs):
self.policy_name = None
for key, value in kwargs.items():
self.__setattr__(key, value)
def __setattr__(self, key, value):
if isinstance(value, Enum):
value = str(value)
if isinstance(value, str):
for q in ["'", "\""]:
if any(q in ch for ch in value):
value = value.replace(q, "")
self.__dict__[key] = value
def items(self):
return self.__dict__.items()
def __iter__(self):
return iter(self.__dict__.items())
class RegistryKeyMetadata(DynamicAttributes):
def __init__(self, policy_name, type, is_list=None, mod_previous_value=None):
self.policy_name = policy_name
self.type = type
self.reloaded_with_policy_key = None
self.is_list = is_list
self.mod_previous_value = mod_previous_value
def __repr__(self):
return str(dict(self))

29
gpoa/gpt/envvars.py
View File

@@ -17,24 +17,8 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from util.xml import get_xml_root
from .dynamic_attributes import DynamicAttributes
from enum import Enum
class FileAction(Enum):
CREATE = 'C'
REPLACE = 'R'
UPDATE = 'U'
DELETE = 'D'
def action_letter2enum(letter):
if letter in ['C', 'R', 'U', 'D']:
if letter == 'C': return FileAction.CREATE
if letter == 'R': return FileAction.REPLACE
if letter == 'U': return FileAction.UPDATE
if letter == 'D': return FileAction.DELETE
return FileAction.CREATE
def read_envvars(envvars_file):
variables = list()
@@ -43,8 +27,8 @@ def read_envvars(envvars_file):
props = var.find('Properties')
name = props.get('name')
value = props.get('value')
var_obj = envvar(name, value)
var_obj.set_action(action_letter2enum(props.get('action', default='C')))
action = props.get('action', default='C')
var_obj = envvar(name, value, action)
variables.append(var_obj)
@@ -54,12 +38,9 @@ def merge_envvars(storage, sid, envvar_objects, policy_name):
for envv in envvar_objects:
storage.add_envvar(sid, envv, policy_name)
class envvar:
def __init__(self, name, value):
class envvar(DynamicAttributes):
def __init__(self, name, value, action):
self.name = name
self.value = value
self.action = FileAction.CREATE
def set_action(self, action):
self.action = action

3
gpoa/gpt/files.py
View File

@@ -17,6 +17,7 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from util.xml import get_xml_root
from .dynamic_attributes import DynamicAttributes
def read_files(filesxml):
files = list()
@@ -39,7 +40,7 @@ def merge_files(storage, sid, file_objects, policy_name):
for fileobj in file_objects:
storage.add_file(sid, fileobj, policy_name)
class fileentry:
class fileentry(DynamicAttributes):
def __init__(self, fromPath):
self.fromPath = fromPath

32
gpoa/gpt/folders.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
# Copyright (C) 2019-2024 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -17,28 +17,11 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from enum import Enum
from .dynamic_attributes import DynamicAttributes
from util.xml import get_xml_root
class FileAction(Enum):
CREATE = 'C'
REPLACE = 'R'
UPDATE = 'U'
DELETE = 'D'
def action_letter2enum(letter):
if letter in ['C', 'R', 'U', 'D']:
if letter == 'C': return FileAction.CREATE
if letter == 'R': return FileAction.REPLACE
if letter == 'U': return FileAction.UPDATE
if letter == 'D': return FileAction.DELETE
return FileAction.CREATE
def action_enum2letter(enumitem):
return enumitem.value
@@ -61,8 +44,9 @@ def read_folders(folders_file):
for fld in get_xml_root(folders_file):
props = fld.find('Properties')
fld_obj = folderentry(props.get('path'))
fld_obj.set_action(action_letter2enum(props.get('action', default='C')))
path = props.get('path')
action = props.get('action', default='C')
fld_obj = folderentry(path, action)
fld_obj.set_delete_folder(folder_int2bool(props.get('deleteFolder', default=1)))
fld_obj.set_delete_sub_folders(folder_int2bool(props.get('deleteSubFolders', default=1)))
fld_obj.set_delete_files(folder_int2bool(props.get('deleteFiles', default=1)))
@@ -78,10 +62,10 @@ def merge_folders(storage, sid, folder_objects, policy_name):
storage.add_folder(sid, folder, policy_name)
class folderentry:
def __init__(self, path):
class folderentry(DynamicAttributes):
def __init__(self, path, action):
self.path = path
self.action = FileAction.CREATE
self.action = action
self.delete_folder = False
self.delete_sub_folders = False
self.delete_files = False

48
gpoa/gpt/gpo_dconf_mapping.py Normal file
View File

@@ -0,0 +1,48 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2024 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from .dynamic_attributes import DynamicAttributes
class GpoInfoDconf(DynamicAttributes):
_counter = 0
def __init__(self, gpo) -> None:
GpoInfoDconf._counter += 1
self.counter = GpoInfoDconf._counter
self.display_name = None
self.name = None
self.version = None
self.link = None
self._fill_attributes(gpo)
def _fill_attributes(self, gpo):
try:
self.display_name = gpo.display_name
except:
self.display_name = "Unknown"
try:
self.name = gpo.name
except:
self.name = "Unknown"
try:
self.version = gpo.version
except:
self.version = "Unknown"
try:
self.link = gpo.link
except:
self.link = "Unknown"

12
gpoa/gpt/gpt.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
# Copyright (C) 2019-2024 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -23,6 +23,7 @@ from enum import Enum, unique
from samba.gp_parse.gp_pol import GPPolParser
from storage import registry_factory
from storage.dconf_registry import add_to_dict
from .polfile import (
read_polfile
@@ -153,13 +154,14 @@ def get_merger(preference_type):
return mergers[preference_type]
class gpt:
def __init__(self, gpt_path, sid, username='Machine', version=None):
def __init__(self, gpt_path, sid, username='Machine', gpo_info=None):
add_to_dict(gpt_path, username, gpo_info)
self.path = gpt_path
self.username = username
self.sid = sid
self.storage = registry_factory()
self.storage._gpt_read_flag = True
self.version = version
self.gpo_info = gpo_info
self.name = ''
self.guid = self.path.rpartition('/')[2]
if 'default' == self.guid:
@@ -217,7 +219,7 @@ class gpt:
if self.settings['machine']['regpol']:
mlogdata = dict({'polfile': self.settings['machine']['regpol']})
log('D34', mlogdata)
util.preg.merge_polfile(self.settings['machine']['regpol'], policy_name=self.name, version=self.version)
util.preg.merge_polfile(self.settings['machine']['regpol'], policy_name=self.name, gpo_info=self.gpo_info)
# Merge machine preferences to registry if possible
for preference_name, preference_path in self.settings['machine'].items():
if preference_path:
@@ -247,7 +249,7 @@ class gpt:
sid=self.sid,
policy_name=self.name,
username=self.username,
version=self.version)
gpo_info=self.gpo_info)
# Merge user preferences to registry if possible
for preference_name, preference_path in self.settings['user'].items():
if preference_path:

7
gpoa/gpt/inifiles.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2022 BaseALT Ltd.
# Copyright (C) 2019-2024 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -17,6 +17,7 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from util.xml import get_xml_root
from .dynamic_attributes import DynamicAttributes
def read_inifiles(inifiles_file):
inifiles = list()
@@ -27,7 +28,7 @@ def read_inifiles(inifiles_file):
ini_obj.set_section(prors.get('section', default=None))
ini_obj.set_property(prors.get('property', default=None))
ini_obj.set_value(prors.get('value', default=None))
ini_obj.set_action(prors.get('action'))
ini_obj.set_action(prors.get('action', default='C'))
inifiles.append(ini_obj)
@@ -37,7 +38,7 @@ def merge_inifiles(storage, sid, inifile_objects, policy_name):
for iniobj in inifile_objects:
storage.add_ini(sid, iniobj, policy_name)
class inifile:
class inifile(DynamicAttributes):
def __init__(self, path):
self.path = path

6
gpoa/gpt/networkshares.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2022 BaseALT Ltd.
# Copyright (C) 2019-2024 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -17,7 +17,7 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from util.xml import get_xml_root
from storage.dconf_registry import Dconf_registry
from .dynamic_attributes import DynamicAttributes
def read_networkshares(networksharesxml):
networkshares = list()
@@ -39,7 +39,7 @@ def merge_networkshares(storage, sid, networkshares_objects, policy_name):
for networkshareobj in networkshares_objects:
storage.add_networkshare(sid, networkshareobj, policy_name)
class networkshare:
class networkshare(DynamicAttributes):
def __init__(self, name):
self.name = name

5
gpoa/gpt/printers.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
# Copyright (C) 2019-2024 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -17,6 +17,7 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import json
from .dynamic_attributes import DynamicAttributes
from util.xml import get_xml_root
@@ -60,7 +61,7 @@ def json2printer(json_str):
return prn
class printer:
class printer(DynamicAttributes):
def __init__(self, ptype, name, status):
'''
ptype may be one of:

7
gpoa/gpt/scriptsini.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
# Copyright (C) 2019-2024 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -18,7 +18,7 @@
import configparser
import os
from .dynamic_attributes import DynamicAttributes
def read_scripts(scripts_file):
scripts = Scripts_lists()
@@ -115,7 +115,7 @@ class Scripts_lists:
self.get_shutdown_scripts().append(script)
class Script:
class Script(DynamicAttributes):
__logon_counter = 0
__logoff_counter = 0
__startup_counter = 0
@@ -126,6 +126,7 @@ class Script:
self.action = action_upper
self.path = os.path.join(script_dir, action_upper, script_filename.upper())
if not os.path.isfile(self.path):
self.number = None
return None
self.args = None

5
gpoa/gpt/services.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
# Copyright (C) 2019-2024 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -17,6 +17,7 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from util.xml import get_xml_root
from .dynamic_attributes import DynamicAttributes
def read_services(service_file):
'''
@@ -43,7 +44,7 @@ def merge_services(storage, sid, service_objects, policy_name):
for srv in service_objects:
pass
class service:
class service(DynamicAttributes):
def __init__(self, name):
self.unit = name
self.servname = None

58
gpoa/gpt/shortcuts.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
# Copyright (C) 2019-2024 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -18,21 +18,23 @@
from pathlib import Path
import stat
import logging
from enum import Enum
from xml.etree import ElementTree
from xdg.DesktopEntry import DesktopEntry
import json
from util.windows import transform_windows_path
from util.xml import get_xml_root
from util.paths import get_desktop_files_directory
from .dynamic_attributes import DynamicAttributes
class TargetType(Enum):
FILESYSTEM = 'FILESYSTEM'
URL = 'URL'
def __str__(self):
return self.value
def get_ttype(targetstr):
'''
Validation function for targetType property
@@ -43,7 +45,7 @@ def get_ttype(targetstr):
'''
ttype = TargetType.FILESYSTEM
if targetstr == 'URL':
if targetstr == 'URL'or targetstr == TargetType.URL:
ttype = TargetType.URL
return ttype
@@ -97,24 +99,6 @@ def merge_shortcuts(storage, sid, shortcut_objects, policy_name):
for shortcut in shortcut_objects:
storage.add_shortcut(sid, shortcut, policy_name)
def json2sc(json_str):
'''
Build shortcut out of string-serialized JSON
'''
json_obj = json.loads(json_str)
link_type = get_ttype(json_obj['type'])
sc = shortcut(json_obj['dest'], json_obj['path'], json_obj['arguments'], json_obj['name'], json_obj['action'], link_type)
sc.set_changed(json_obj['changed'])
sc.set_clsid(json_obj['clsid'])
sc.set_guid(json_obj['guid'])
sc.set_usercontext(json_obj['is_in_user_context'])
if 'comment' in json_obj:
sc.set_comment(json_obj['comment'])
if 'icon' in json_obj:
sc.set_icon(json_obj['icon'])
return sc
def find_desktop_entry(binary_path):
desktop_dir = get_desktop_files_directory()
@@ -129,7 +113,7 @@ def find_desktop_entry(binary_path):
return None
class shortcut:
class shortcut(DynamicAttributes):
def __init__(self, dest, path, arguments, name=None, action=None, ttype=TargetType.FILESYSTEM):
'''
:param dest: Path to resulting file on file system
@@ -217,30 +201,6 @@ class shortcut:
def is_usercontext(self):
return self.is_in_user_context
def to_json(self):
'''
Return shortcut's JSON for further serialization.
'''
content = dict()
content['dest'] = self.dest
content['path'] = self.path
content['name'] = self.name
content['arguments'] = self.arguments
content['clsid'] = self.clsid
content['guid'] = self.guid
content['changed'] = self.changed
content['action'] = self.action
content['is_in_user_context'] = self.is_in_user_context
content['type'] = ttype2str(self.type)
if self.icon:
content['icon'] = self.icon
if self.comment:
content['comment'] = self.comment
result = self.desktop()
result.content.update(content)
return json.dumps(result.content)
def desktop(self, dest=None):
'''
Returns desktop file object which may be written to disk.
@@ -260,7 +220,7 @@ class shortcut:
'''
Update desktop file object from internal data.
'''
if self.type == TargetType.URL:
if get_ttype(self.type) == TargetType.URL:
self.desktop_file.set('Type', 'Link')
else:
self.desktop_file.set('Type', 'Application')
@@ -270,7 +230,7 @@ class shortcut:
desktop_path = self.path
if self.expanded_path:
desktop_path = self.expanded_path
if self.type == TargetType.URL:
if get_ttype(self.type) == TargetType.URL:
self.desktop_file.set('URL', desktop_path)
else:
str2bool_lambda = (lambda boolstr: boolstr if isinstance(boolstr, bool)

7
gpoa/gpupdate
View File

@@ -25,6 +25,7 @@ import os
import sys
import pwd
import signal
from storage import Dconf_registry
from util.users import (
is_root
@@ -83,6 +84,11 @@ def parse_cli_arguments():
type=int,
default=5,
help='Set logging verbosity level')
argparser.add_argument('-f',
'--force',
action='store_true',
default=False,
help='Force GPT download')
argparser.add_argument('-s',
'--system',
action='store_true',
@@ -165,6 +171,7 @@ def main():
gettext.bindtextdomain('gpoa', '/usr/lib/python3/site-packages/gpoa/locale')
gettext.textdomain('gpoa')
set_loglevel(args.loglevel)
Dconf_registry._force = args.force
gpo_appliers = runner_factory(args, process_target(args.target))
if gpo_appliers:

4
gpoa/gpupdate-setup
View File

@@ -2,7 +2,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
# Copyright (C) 2019-2024 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -19,9 +19,7 @@
import os
import sys
import argparse
import subprocess
from util.util import (
runcmd

51
gpoa/locale/ru_RU/LC_MESSAGES/gpoa.po
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
# Copyright (C) 2019-2024 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -65,6 +65,10 @@ msgstr "Установка свойств для пользователя"
msgid "The line in the configuration file was cleared"
msgstr "В конфигурационном файле была очищена строка"
msgid "Found GPT in cache"
msgstr "Найден GPT в кеше"
# Error
msgid "Insufficient permissions to run gpupdate"
msgstr "Недостаточно прав для запуска gpupdate"
@@ -252,6 +256,12 @@ msgstr "Не удалось обновить базу данных dconf"
msgid "Exception occurred while updating dconf database"
msgstr "Возникло исключение при обновлении базы данных dconf"
msgid "Failed to retrieve data from dconf database"
msgstr "Не удалось получить данные из базы dconf"
msgid "Autofs restart failed"
msgstr "Перезапуск Autofs не удался"
# Error_end
# Debug
@@ -627,11 +637,11 @@ msgstr "Запуск применение настроек Envvar для маш
msgid "Envvar applier for machine will not be started"
msgstr "Применение настроек Envvar для машины не запускается"
msgid "Running Envvar applier for user in user context"
msgstr "Запуск применение настроек Envvar для пользователя в контексте пользователя"
msgid "Running Envvar applier for user in admin context"
msgstr "Запуск применение настроек Envvar для пользователя в контексте администратора"
msgid "Envvar applier for user in user context will not be started"
msgstr "Применение настроек Envvar для пользователя в контексте пользователя не запускается"
msgid "Envvar applier for user in admin context will not be started"
msgstr "Применение настроек Envvar для пользователя в контексте администратора не запускается"
msgid "Running Package applier for machine"
msgstr "Запуск установки пакетов для машины"
@@ -870,6 +880,27 @@ msgstr "Создание ini-файла с политиками для dconf"
msgid "GPO version was not found"
msgstr "Версия GPO не найдена"
msgid "SYSVOL entry found in cache"
msgstr "Запись SYSVOL найдена в кеше"
msgid "Wrote Thunderbird preferences to"
msgstr "Настройки Thunderbird записаны в"
msgid "Running Thunderbird applier for machine"
msgstr "Запуск применение настроек Thunderbird для машины"
msgid "Thunderbird applier for machine will not be started"
msgstr "Применение настроек Thunderbird для компьютера не запускается"
msgid "The environment file has been cleaned"
msgstr "Файл environment очищен"
msgid "Cleanup of file environment failed"
msgstr "Очистка файла environment не удалась"
msgid "Failed to get dictionary"
msgstr "Не удалось получить словарь"
# Debug_end
# Warning
@@ -922,8 +953,8 @@ msgstr "Не удалось скопировать файл"
msgid "Failed to create KDE settings list"
msgstr "Не удалось создать список настроек KDE"
msgid "Could not find application tools"
msgstr "Не удалось найти инструменты применения"
msgid "Could not find tools to configure KDE"
msgstr "Не удалось найти инструменты для настройки KDE"
msgid "Failed to open KDE settings"
msgstr "Не удалось открыть настройки KDE"
@@ -946,6 +977,12 @@ msgstr "Не удалось выполнить действие для INI-фа
msgid "Couldn't get the uid"
msgstr "Не удалось получить uid"
msgid "Failed to load content from remote host"
msgstr "Не удалось загрузить контент с удаленного узла"
msgid "Force mode activated"
msgstr "Режим force задействован"
# Fatal
msgid "Unable to refresh GPO list"
msgstr "Невозможно обновить список объектов групповых политик"

22
gpoa/messages/__init__.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
# Copyright (C) 2019-2024 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -31,6 +31,7 @@ def info_code(code):
info_ids[8] = 'Chromium policy'
info_ids[9] = 'Set user property to'
info_ids[10] = 'The line in the configuration file was cleared'
info_ids[11] = 'Found GPT in cache'
return info_ids.get(code, 'Unknown info code')
@@ -107,6 +108,8 @@ def error_code(code):
error_ids[70] = 'Error getting key value'
error_ids[71] = 'Failed to update dconf database'
error_ids[72] = 'Exception occurred while updating dconf database'
error_ids[73] = 'Failed to retrieve data from dconf database'
error_ids[74] = 'Autofs restart failed'
return error_ids.get(code, 'Unknown error code')
def debug_code(code):
@@ -246,8 +249,8 @@ def debug_code(code):
debug_ids[133] = 'NTP applier for machine will not be started'
debug_ids[134] = 'Running Envvar applier for machine'
debug_ids[135] = 'Envvar applier for machine will not be started'
debug_ids[136] = 'Running Envvar applier for user in user context'
debug_ids[137] = 'Envvar applier for user in user context will not be started'
debug_ids[136] = 'Running Envvar applier for user in admin context'
debug_ids[137] = 'Envvar applier for user in admin context will not be started'
debug_ids[138] = 'Running Package applier for machine'
debug_ids[139] = 'Package applier for machine will not be started'
debug_ids[140] = 'Running Package applier for user in administrator context'
@@ -320,7 +323,13 @@ def debug_code(code):
debug_ids[207] = 'Creating a dictionary with keys and values from the dconf database'
debug_ids[208] = 'No entry found for the specified path'
debug_ids[209] = 'Creating an ini file with policies for dconf'
debug_ids[210] = 'GPO version was not found'
debug_ids[211] = 'SYSVOL entry found in cache'
debug_ids[212] = 'Wrote Thunderbird preferences to'
debug_ids[213] = 'Running Thunderbird applier for machine'
debug_ids[214] = 'Thunderbird applier for machine will not be started'
debug_ids[215] = 'The environment file has been cleaned'
debug_ids[216] = 'Cleanup of file environment failed'
debug_ids[217] = 'Failed to get dictionary'
return debug_ids.get(code, 'Unknown debug code')
@@ -348,7 +357,7 @@ def warning_code(code):
warning_ids[14] = 'Could not create a valid list of keys'
warning_ids[15] = 'Failed to copy file'
warning_ids[16] = 'Failed to create KDE settings list'
warning_ids[17] = 'Could not find application tools'
warning_ids[17] = 'Could not find tools to configure KDE'
warning_ids[18] = 'Failed to open KDE settings'
warning_ids[19] = 'Failed to change KDE configuration file'
warning_ids[20] = 'Error connecting to server'
@@ -356,7 +365,8 @@ def warning_code(code):
warning_ids[22] = 'The user setting was not installed, conflict with computer setting'
warning_ids[23] = 'Action for ini file failed'
warning_ids[24] = 'Couldn\'t get the uid'
warning_ids[25] = 'Failed to load content from remote host'
warning_ids[26] = 'Force mode activated'
return warning_ids.get(code, 'Unknown warning code')

40
gpoa/pkcon_runner
View File

@@ -20,15 +20,13 @@
import rpm
import subprocess
from gpoa.storage import registry_factory
from util.gpoa_ini_parsing import GpoaConfigObj
from util.util import get_uid_by_username, string_to_literal_eval
import logging
from util.logging import log
import argparse
import gettext
import locale
from messages import message_with_code
from util.arguments import (
set_loglevel
)
def is_rpm_installed(rpm_name):
@@ -45,28 +43,32 @@ def is_rpm_installed(rpm_name):
class Pkcon_applier:
def __init__(self, user = None):
self.__install_key_name = 'Install'
self.__remove_key_name = 'Remove'
self.__hklm_branch = '/Software/BaseALT/Policies/Packages'
install_key_name = 'Install'
remove_key_name = 'Remove'
hklm_branch = 'Software/BaseALT/Policies/Packages'
self.__install_command = ['/usr/bin/pkcon', '-y', 'install']
self.__remove_command = ['/usr/bin/pkcon', '-y', 'remove']
self.__reinstall_command = ['/usr/bin/pkcon', '-y', 'reinstall']
self.install_packages = set()
self.remove_packages = set()
self.storage = registry_factory(username=user)
self.storage.filling_storage_from_dconf()
install_branch = '{}/{}'.format(self.__hklm_branch, self.__install_key_name)
remove_branch = '{}/{}'.format(self.__hklm_branch, self.__remove_key_name)
self.install_packages_setting = self.storage.filter_hklm_entries(install_branch)
self.remove_packages_setting = self.storage.filter_hklm_entries(remove_branch)
self.storage = registry_factory()
if user:
uid = get_uid_by_username(user)
dict_dconf_db = self.storage.get_dictionary_from_dconf_file_db(uid)
else:
dict_dconf_db = self.storage.get_dictionary_from_dconf_file_db()
dict_packages = dict_dconf_db.get(hklm_branch,{})
self.install_packages_setting = string_to_literal_eval(dict_packages.get(install_key_name,[]))
self.remove_packages_setting = string_to_literal_eval(dict_packages.get(remove_key_name,[]))
for package in self.install_packages_setting:
if not is_rpm_installed(package.data):
self.install_packages.add(package.data)
if not is_rpm_installed(package):
self.install_packages.add(package)
for package in self.remove_packages_setting:
if package.data in self.install_packages:
self.install_packages.remove(package.data)
if is_rpm_installed(package.data):
self.remove_packages.add(package.data)
if package in self.install_packages:
self.install_packages.remove(package)
if is_rpm_installed(package):
self.remove_packages.add(package)
def apply(self):
log('D142')

2
gpoa/plugin/plugin_manager.py
View File

@@ -35,6 +35,6 @@ class plugin_manager:
logging.warning(slogm(str(exc)))
def run(self):
self.plugins.get('adp', plugin('adp')).run()
#self.plugins.get('adp', plugin('adp')).run()
self.plugins.get('roles', plugin('roles')).run()

312
gpoa/storage/dconf_registry.py
View File

@@ -18,9 +18,22 @@
import subprocess
from pathlib import Path
from util.util import string_to_literal_eval, touch_file, get_uid_by_username
from util.util import (string_to_literal_eval,
try_dict_to_literal_eval,
touch_file, get_uid_by_username,
add_prefix_to_keys,
remove_keys_with_prefix,
clean_data)
from util.paths import get_dconf_config_path
from util.logging import log
import re
from collections import OrderedDict
import itertools
from gpt.dynamic_attributes import RegistryKeyMetadata
import gi
gi.require_version("Gvdb", "1.0")
gi.require_version("GLib", "2.0")
from gi.repository import Gvdb, GLib
class PregDconf():
@@ -49,19 +62,27 @@ class Dconf_registry():
'''
A class variable that represents a global registry dictionary shared among instances of the class
'''
_ReadQueue = 'Software/BaseALT/Policies/ReadQueue'
global_registry_dict = dict({_ReadQueue:{}})
_GpoPriority = 'Software/BaseALT/Policies/GpoPriority'
_gpo_name = set()
global_registry_dict = dict({_GpoPriority:{}})
previous_global_registry_dict = dict()
__template_file = '/usr/share/dconf/user_mandatory.template'
_policies_path = 'Software/'
_policies_win_path = 'SOFTWARE/'
_gpt_read_flag = False
_force = False
__dconf_dict_flag = False
__dconf_dict = dict()
_dconf_db = dict()
_dict_gpo_name_version_cache = dict()
_username = None
_uid = None
_envprofile = None
_path_bin_system = "/etc/dconf/db/policy"
list_keys = list()
_info = dict()
_counter_gpt = itertools.count(0)
shortcuts = list()
folders = list()
@@ -75,7 +96,18 @@ class Dconf_registry():
scripts = list()
networkshares = list()
_true_strings = {
"True",
"true",
"TRUE",
"yes",
"Yes",
"enabled",
"enable",
"Enabled",
"Enable",
'1'
}
@classmethod
def set_info(cls, key , data):
@@ -86,6 +118,9 @@ class Dconf_registry():
def get_info(cls, key):
return cls._info.setdefault(key, None)
@staticmethod
def get_next_number():
return next(Dconf_registry._counter_gpt)
@staticmethod
def get_matching_keys(path):
@@ -140,10 +175,12 @@ class Dconf_registry():
return None
@staticmethod
def dconf_update():
def dconf_update(uid=None):
logdata = dict()
path_dconf_config = get_dconf_config_path(uid)
db_file = path_dconf_config[:-3]
try:
process = subprocess.Popen(['dconf', 'update'],
process = subprocess.Popen(['dconf', 'compile', db_file, path_dconf_config],
stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True)
output, error = process.communicate()
@@ -164,6 +201,12 @@ class Dconf_registry():
else:
return None
@classmethod
def update_dict_to_previous(cls):
dict_clean_previous = remove_keys_with_prefix(cls._dconf_db)
dict_with_previous = add_prefix_to_keys(dict_clean_previous)
cls.global_registry_dict.update(dict_with_previous)
@classmethod
def apply_template(cls, uid):
logdata = dict()
@@ -206,20 +249,62 @@ class Dconf_registry():
dconf_dict = self.get_key_values(self.get_matching_keys(startswith))
for key, value in dconf_dict.items():
keys_tmp = key.split('/')
update_dict(output_dict.setdefault('/'.join(keys_tmp[:-1])[1:], {}), {keys_tmp[-1]: value})
update_dict(output_dict.setdefault('/'.join(keys_tmp[:-1])[1:], {}), {keys_tmp[-1]: str(value)})
log('D207')
return output_dict
@classmethod
def filter_entries(cls, startswith):
def get_dictionary_from_dconf_file_db(self, uid=None, path_bin=None, save_dconf_db=False):
logdata = dict()
error_skip = None
if path_bin:
error_skip = True
elif not uid:
path_bin = self._path_bin_system
else:
path_bin = self._path_bin_system + str(uid)
output_dict = {}
try:
if (GLib.file_get_contents(path_bin)[0]):
bytes1 = GLib.Bytes.new(GLib.file_get_contents(path_bin)[1])
table = Gvdb.Table.new_from_bytes(bytes1, True)
name_list = Gvdb.Table.get_names(table)
for name in name_list:
value = Gvdb.Table.get_value(table, name)
if value is None:
continue
list_path = name.split('/')
if value.is_of_type(GLib.VariantType('s')):
part = output_dict.setdefault('/'.join(list_path[1:-1]), {})
part[list_path[-1]] = value.get_string()
elif value.is_of_type(GLib.VariantType('i')):
part = output_dict.setdefault('/'.join(list_path[1:-1]), {})
part[list_path[-1]] = value.get_int32()
except Exception as exc:
logdata['exc'] = exc
logdata['path_bin'] = path_bin
if not error_skip:
log('E73', logdata)
else:
log('D217', logdata)
if save_dconf_db:
Dconf_registry._dconf_db = output_dict
return output_dict
@classmethod
def filter_entries(cls, startswith, registry_dict = None):
if not registry_dict:
registry_dict = cls.global_registry_dict
if startswith[-1] == '%':
startswith = startswith[:-1]
if startswith[-1] == '/' or startswith[-1] == '\\':
startswith = startswith[:-1]
return filter_dict_keys(startswith, flatten_dictionary(cls.global_registry_dict))
return filter_dict_keys(startswith, flatten_dictionary(cls.global_registry_dict))
return filter_dict_keys(startswith, flatten_dictionary(registry_dict))
return filter_dict_keys(startswith, flatten_dictionary(registry_dict))
@classmethod
@@ -234,7 +319,7 @@ class Dconf_registry():
elif isinstance(value, list):
for data in value:
list_entiers.append(PregDconf(
keyname, convert_string_dconf(data), find_preg_type(data), data))
keyname, data, find_preg_type(data), data))
else:
list_entiers.append(PregDconf(
'/'.join(keyname.split('/')[:-1]), convert_string_dconf(keyname.split('/')[-1]), find_preg_type(value), value))
@@ -270,7 +355,7 @@ class Dconf_registry():
@classmethod
def get_entry(cls, path, dictionary = None):
def get_entry(cls, path, dictionary = None, preg = True):
logdata = dict()
result = Dconf_registry.get_storage(dictionary)
@@ -280,12 +365,23 @@ class Dconf_registry():
if isinstance(result, dict) and key in result.keys():
data = result.get(key).get(keys[-1])
return PregDconf(
key, convert_string_dconf(keys[-1]), find_preg_type(data), data)
key, convert_string_dconf(keys[-1]), find_preg_type(data), data) if preg else data
else:
logdata['path'] = path
log('D208', logdata)
return None
@classmethod
def check_enable_key(cls ,key):
data = cls.get_entry(key, preg = False)
if data:
if isinstance(data, str):
return True if data in cls._true_strings else False
elif isinstance(data, int):
return bool(data)
else:
return False
return False
@classmethod
def get_hkcu_entry(cls, sid, hive_key, dictionary = None):
@@ -300,46 +396,55 @@ class Dconf_registry():
@classmethod
def add_shortcut(cls, sid, sc_obj, policy_name):
sc_obj.policy_name = policy_name
cls.shortcuts.append(sc_obj)
@classmethod
def add_printer(cls, sid, pobj, policy_name):
pobj.policy_name = policy_name
cls.printers.append(pobj)
@classmethod
def add_drive(cls, sid, dobj, policy_name):
dobj.policy_name = policy_name
cls.drives.append(dobj)
@classmethod
def add_folder(cls, sid, fobj, policy_name):
fobj.policy_name = policy_name
cls.folders.append(fobj)
@classmethod
def add_envvar(self, sid, evobj, policy_name):
evobj.policy_name = policy_name
self.environmentvariables.append(evobj)
@classmethod
def add_script(cls, sid, scrobj, policy_name):
scrobj.policy_name = policy_name
cls.scripts.append(scrobj)
@classmethod
def add_file(cls, sid, fileobj, policy_name):
fileobj.policy_name = policy_name
cls.files.append(fileobj)
@classmethod
def add_ini(cls, sid, iniobj, policy_name):
iniobj.policy_name = policy_name
cls.inifiles.append(iniobj)
@classmethod
def add_networkshare(cls, sid, networkshareobj, policy_name):
networkshareobj.policy_name = policy_name
cls.networkshares.append(networkshareobj)
@@ -371,13 +476,13 @@ class Dconf_registry():
def get_scripts(cls, sid, action):
action_scripts = list()
for part in cls.scripts:
if action == 'LOGON':
if action == 'LOGON' and part.action == 'LOGON':
action_scripts.append(part)
elif action == 'LOGOFF':
elif action == 'LOGOFF' and part.action == 'LOGOFF':
action_scripts.append(part)
elif action == 'STARTUP':
elif action == 'STARTUP' and part.action == 'STARTUP':
action_scripts.append(part)
elif action == 'SHUTDOWN':
elif action == 'SHUTDOWN' and part.action == 'SHUTDOWN':
action_scripts.append(part)
return action_scripts
@@ -404,7 +509,7 @@ class Dconf_registry():
@classmethod
def wipe_hklm(cls):
cls.global_registry_dict = dict({cls._ReadQueue:{}})
cls.global_registry_dict = dict({cls._GpoPriority:{}})
def filter_dict_keys(starting_string, input_dict):
@@ -425,7 +530,7 @@ def find_preg_type(argument):
return 1
def update_dict(dict1, dict2):
def update_dict(dict1, dict2, save_key=None):
'''
Updates dict1 with the key-value pairs from dict2
'''
@@ -433,74 +538,144 @@ def update_dict(dict1, dict2):
if key in dict1:
# If both values are dictionaries, recursively call the update_dict function
if isinstance(dict1[key], dict) and isinstance(value, dict):
update_dict(dict1[key], value)
save_key = key
update_dict(dict1[key], value, save_key)
# If the value in dict1 is a list, extend it with unique values from value
elif isinstance(dict1[key], list):
dict1[key].extend(set(value) - set(dict1[key]))
else:
# If the value in dict1 is not a dictionary or the value in dict2 is not a dictionary,
# replace the value in dict1 with the value from dict2
dict1[key] = value
if save_key and save_key.startswith('Source'):
value.reloaded_with_policy_key = [dict1[key].policy_name]
if dict1[key].reloaded_with_policy_key:
value.reloaded_with_policy_key += dict1[key].reloaded_with_policy_key
dict1[key] = value
else:
dict1[key] = value
else:
# If the key does not exist in dict1, add the key-value pair from dict2 to dict1
dict1[key] = value
def add_to_dict(string, policy_name, username, version):
if username is None:
correct_path = '/'.join(string.split('/')[:-2])
machine= '{}/Machine'.format(Dconf_registry._ReadQueue)
def add_to_dict(string, username, gpo_info):
if gpo_info:
counter = gpo_info.counter
display_name = gpo_info.display_name
name = gpo_info.name
version = gpo_info.version
else:
counter = 0
display_name = 'Local Policy'
name = None
version = None
if username is None or username == 'Machine':
machine= '{}/Machine/{}'.format(Dconf_registry._GpoPriority, counter)
dictionary = Dconf_registry.global_registry_dict.setdefault(machine, dict())
else:
correct_path = '/'.join(string.split('/')[:-2])
user = '{}/User'.format(Dconf_registry._ReadQueue)
if name in Dconf_registry._gpo_name:
return
user = '{}/User/{}'.format(Dconf_registry._GpoPriority, counter)
dictionary = Dconf_registry.global_registry_dict.setdefault(user, dict())
Dconf_registry._gpo_name.add(name)
dictionary[len(dictionary)] = (policy_name, correct_path, version)
dictionary['display_name'] = display_name
dictionary['name'] = name
dictionary['version'] = str(version)
dictionary['correct_path'] = string
def get_mod_previous_value(key_source, key_valuename):
previous_sourc = try_dict_to_literal_eval(Dconf_registry._dconf_db
.get(key_source, {})
.get(key_valuename, {}))
return previous_sourc.get('mod_previous_value') if previous_sourc else None
def load_preg_dconf(pregfile, pathfile, policy_name, username, version=None):
def get_previous_value(key_source, key_valuename):
previous = key_source.replace('Source', 'Previous')
return (Dconf_registry._dconf_db
.get(previous, {})
.get(key_valuename, None))
def load_preg_dconf(pregfile, pathfile, policy_name, username, gpo_info):
'''
Loads the configuration from preg registry into a dictionary
'''
# Prefix for storing key data
source_pre = "Source"
dd = dict()
for i in pregfile.entries:
# Skip this entry if the valuename starts with '**del'
if i.valuename.startswith('**del'):
if i.valuename.lower().startswith('**del'):
continue
valuename = convert_string_dconf(i.valuename)
data = check_data(i.data, i.type)
if i.valuename != i.data and i.valuename:
key_registry_source = f"{source_pre}/{i.keyname}".replace('\\', '/')
key_registry = f"{i.keyname}".replace('\\', '/')
key_valuename = valuename.replace('\\', '/')
if i.keyname.replace('\\', '/') in dd:
# If the key exists in dd, update its value with the new key-value pair
dd[i.keyname.replace('\\', '/')].update({valuename.replace('\\', '/'):data})
dd[i.keyname.replace('\\', '/')].update({key_valuename:data})
mod_previous_value = get_mod_previous_value(key_registry_source, key_valuename)
previous_value = get_previous_value(key_registry, key_valuename)
if previous_value != data:
(dd[key_registry_source]
.update({key_valuename:RegistryKeyMetadata(policy_name, i.type, mod_previous_value=previous_value)}))
else:
(dd[key_registry_source]
.update({key_valuename:RegistryKeyMetadata(policy_name, i.type, mod_previous_value=mod_previous_value)}))
else:
# If the key does not exist in dd, create a new key-value pair
dd[i.keyname.replace('\\', '/')] = {valuename.replace('\\', '/'):data}
dd[i.keyname.replace('\\', '/')] = {key_valuename:data}
mod_previous_value = get_mod_previous_value(key_registry_source, key_valuename)
previous_value = get_previous_value(key_registry, key_valuename)
if previous_value != data:
dd[key_registry_source] = {key_valuename:RegistryKeyMetadata(policy_name, i.type, mod_previous_value=previous_value)}
else:
dd[key_registry_source] = {key_valuename:RegistryKeyMetadata(policy_name, i.type, mod_previous_value=mod_previous_value)}
elif not i.valuename:
keyname_tmp = i.keyname.replace('\\', '/').split('/')
keyname = '/'.join(keyname_tmp[:-1])
mod_previous_value = get_mod_previous_value(f"{source_pre}/{keyname}", keyname_tmp[-1])
previous_value = get_previous_value(f"{keyname}", keyname_tmp[-1])
if keyname in dd:
# If the key exists in dd, update its value with the new key-value pair
dd[keyname].update({keyname_tmp[-1]:data})
if previous_value != data:
dd[f"{source_pre}/{keyname}"].update({keyname_tmp[-1]:RegistryKeyMetadata(policy_name, i.type, mod_previous_value=previous_value)})
else:
dd[f"{source_pre}/{keyname}"].update({keyname_tmp[-1]:RegistryKeyMetadata(policy_name, i.type, mod_previous_value=mod_previous_value)})
else:
# If the key does not exist in dd, create a new key-value pair
dd[keyname] = {keyname_tmp[-1]:data}
if previous_value != data:
dd[f"{source_pre}/{keyname}"] = {keyname_tmp[-1]:RegistryKeyMetadata(policy_name, i.type, mod_previous_value=previous_value)}
else:
dd[f"{source_pre}/{keyname}"] = {keyname_tmp[-1]:RegistryKeyMetadata(policy_name, i.type, mod_previous_value=mod_previous_value)}
else:
# If the value name is the same as the data,
# split the keyname and add the data to the appropriate location in dd.
all_list_key = i.keyname.split('\\')
dd_target = dd.setdefault('/'.join(all_list_key[:-1]),{})
dd_target.setdefault(all_list_key[-1], []).append(data)
key_d ='/'.join(all_list_key[:-1])
dd_target = dd.setdefault(key_d,{})
key_source = f"Source/{key_d}"
dd_target_source = dd.setdefault(key_source, {})
data_list = dd_target.setdefault(all_list_key[-1], []).append(data)
mod_previous_value = get_mod_previous_value(key_source, all_list_key[-1])
previous_value = get_previous_value(key_d, all_list_key[-1])
if previous_value != str(data_list):
dd_target_source[all_list_key[-1]] = RegistryKeyMetadata(policy_name, i.type, is_list=True, mod_previous_value=previous_value)
else:
dd_target_source[all_list_key[-1]] = RegistryKeyMetadata(policy_name, i.type, is_list=True, mod_previous_value=mod_previous_value)
# Update the global registry dictionary with the contents of dd
add_to_dict(pathfile, policy_name, username, version)
update_dict(Dconf_registry.global_registry_dict, dd)
def create_dconf_ini_file(filename, data):
def create_dconf_ini_file(filename, data, uid=None, nodomain=None):
'''
Create an ini-file based on a dictionary of dictionaries.
Args:
@@ -511,7 +686,7 @@ def create_dconf_ini_file(filename, data):
Raises:
None
'''
with open(filename, 'w') as file:
with open(filename, 'a' if nodomain else 'w') as file:
for section, section_data in data.items():
file.write(f'[{section}]\n')
for key, value in section_data.items():
@@ -523,15 +698,8 @@ def create_dconf_ini_file(filename, data):
logdata = dict()
logdata['path'] = filename
log('D209', logdata)
Dconf_registry.dconf_update()
Dconf_registry.dconf_update(uid)
def clean_data(data):
try:
cleaned_string = data.replace('\n', '').replace('\r', '')
cleaned_string = cleaned_string.replace('"', "'")
return cleaned_string
except:
return None
def check_data(data, t_data):
if isinstance(data, bytes):
@@ -547,7 +715,8 @@ def convert_string_dconf(input_string):
macros = {
'#': '%sharp%',
';': '%semicolon%',
'//': '%doubleslash%'
'//': '%doubleslash%',
'/': '%oneslash%'
}
output_string = input_string
for key, value in macros.items():
@@ -589,3 +758,54 @@ def get_dconf_envprofile():
profile = '/run/dconf/user/{}'.format(get_uid_by_username(Dconf_registry._username))
return {'DCONF_PROFILE': profile}
def convert_elements_to_list_dicts(elements):
return list(map(lambda x: dict(x), elements))
def remove_duplicate_dicts_in_list(list_dict):
return convert_elements_to_list_dicts(list(OrderedDict((tuple(sorted(d.items())), d) for d in list_dict).values()))
def add_preferences_to_global_registry_dict(username, is_machine):
if is_machine:
prefix = 'Software/BaseALT/Policies/Preferences/Machine'
else:
prefix = f'Software/BaseALT/Policies/Preferences/{username}'
preferences_global = [('Shortcuts',remove_duplicate_dicts_in_list(Dconf_registry.shortcuts)),
('Folders',remove_duplicate_dicts_in_list(Dconf_registry.folders)),
('Files',remove_duplicate_dicts_in_list(Dconf_registry.files)),
('Drives',remove_duplicate_dicts_in_list(Dconf_registry.drives)),
('Scheduledtasks',remove_duplicate_dicts_in_list(Dconf_registry.scheduledtasks)),
('Environmentvariables',remove_duplicate_dicts_in_list(Dconf_registry.environmentvariables)),
('Inifiles',remove_duplicate_dicts_in_list(Dconf_registry.inifiles)),
('Services',remove_duplicate_dicts_in_list(Dconf_registry.services)),
('Printers',remove_duplicate_dicts_in_list(Dconf_registry.printers)),
('Scripts',remove_duplicate_dicts_in_list(Dconf_registry.scripts)),
('Networkshares',remove_duplicate_dicts_in_list(Dconf_registry.networkshares))]
preferences_global_dict = dict()
preferences_global_dict[prefix] = dict()
for key, val in preferences_global:
preferences_global_dict[prefix].update({key:clean_data(str(val))})
update_dict(Dconf_registry.global_registry_dict, preferences_global_dict)
def extract_display_name_version(data, username):
policy_force = data.get('Software/BaseALT/Policies/GPUpdate', {}).get('Force', False)
if Dconf_registry._force or policy_force:
logdata = dict({'username': username})
log('W26', logdata)
return {}
result = {}
tmp = {}
if isinstance(data, dict):
for key in data.keys():
if key.startswith(Dconf_registry._GpoPriority+'/'):
tmp[key] = data[key]
for value in tmp.values():
if isinstance(value, dict) and value.get('version', 'None')!='None' and value.get('display_name'):
result[value['display_name']] = {'version': value['version'], 'correct_path': value['correct_path']}
Dconf_registry._dict_gpo_name_version_cache = result
return result

17
gpoa/storage/fs_file_cache.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2021 BaseALT Ltd. <org@basealt.ru>
# Copyright (C) 2021-2024 BaseALT Ltd. <org@basealt.ru>
# Copyright (C) 2021 Igor Chudov <nir@nir.org.ru>
#
# This program is free software: you can redistribute it and/or modify
@@ -27,14 +27,15 @@ import smbc
from util.logging import log
from util.paths import file_cache_dir, file_cache_path_home, UNCPath
from util.exceptions import NotUNCPathError
from util.util import get_machine_name
class fs_file_cache:
__read_blocksize = 4096
def __init__(self, cache_name, username = None):
self.cache_name = cache_name
if username:
self.username = username
if username and username != get_machine_name():
try:
self.storage_uri = file_cache_path_home(username)
except:
@@ -85,7 +86,9 @@ class fs_file_cache:
df.close()
os.rename(tmpfile, destfile)
os.chmod(destfile, 0o644)
except:
except Exception as exc:
logdata = dict({'exception': str(exc)})
log('W25', logdata)
tmppath = Path(tmpfile)
if tmppath.exists():
tmppath.unlink()
@@ -106,8 +109,10 @@ class fs_file_cache:
logdata = dict({'exception': str(exc)})
log('E36', logdata)
raise exc
return str(destfile)
if destfile.exists():
return str(destfile)
else:
return None
def get_ls_smbdir(self, uri):
type_file_smb = 8

309
gpoa/storage/record_types.py
View File

@@ -1,309 +0,0 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
class samba_preg(object):
'''
Object mapping representing HKLM entry (registry key without SID)
'''
def __init__(self, preg_obj, policy_name):
self.policy_name = policy_name
self.keyname = preg_obj.keyname
self.valuename = preg_obj.valuename
self.hive_key = '{}\\{}'.format(self.keyname, self.valuename)
self.type = preg_obj.type
self.data = preg_obj.data
def update_fields(self):
fields = dict()
fields['policy_name'] = self.policy_name
fields['type'] = self.type
fields['data'] = self.data
return fields
class samba_hkcu_preg(object):
'''
Object mapping representing HKCU entry (registry key with SID)
'''
def __init__(self, sid, preg_obj, policy_name):
self.sid = sid
self.policy_name = policy_name
self.keyname = preg_obj.keyname
self.valuename = preg_obj.valuename
self.hive_key = '{}\\{}'.format(self.keyname, self.valuename)
self.type = preg_obj.type
self.data = preg_obj.data
def update_fields(self):
fields = dict()
fields['policy_name'] = self.policy_name
fields['type'] = self.type
fields['data'] = self.data
return fields
class ad_shortcut(object):
'''
Object mapping representing Windows shortcut.
'''
def __init__(self, sid, sc, policy_name):
self.sid = sid
self.policy_name = policy_name
self.path = sc.dest
self.shortcut = sc.to_json()
def update_fields(self):
fields = dict()
fields['policy_name'] = self.policy_name
fields['path'] = self.path
fields['shortcut'] = self.shortcut
return fields
class info_entry(object):
def __init__(self, name, value):
self.name = name
self.value = value
def update_fields(self):
fields = dict()
fields['value'] = self.value
return fields
class printer_entry(object):
'''
Object mapping representing Windows printer of some type.
'''
def __init__(self, sid, pobj, policy_name):
self.sid = sid
self.policy_name = policy_name
self.name = pobj.name
self.printer = pobj.to_json()
def update_fields(self):
fields = dict()
fields['policy_name'] = self.policy_name
fields['name'] = self.name
fields['printer'] = self.printer.to_json()
return fields
class drive_entry(object):
'''
Object mapping representing Samba share bound to drive letter
'''
def __init__(self, sid, dobj, policy_name):
self.sid = sid
self.policy_name = policy_name
self.login = dobj.login
self.password = dobj.password
self.dir = dobj.dir
self.path = dobj.path
self.action = dobj.action
self.thisDrive = dobj.thisDrive
self.allDrives = dobj.allDrives
self.label = dobj.label
self.persistent = dobj.persistent
self.useLetter = dobj.useLetter
def update_fields(self):
fields = dict()
fields['policy_name'] = self.policy_name
fields['login'] = self.login
fields['password'] = self.password
fields['dir'] = self.dir
fields['path'] = self.path
fields['action'] = self.action
fields['thisDrive'] = self.thisDrive
fields['allDrives'] = self.allDrives
fields['label'] = self.label
fields['persistent'] = self.persistent
fields['useLetter'] = self.useLetter
return fields
class folder_entry(object):
'''
Object mapping representing file system directory
'''
def __init__(self, sid, fobj, policy_name):
self.sid = sid
self.policy_name = policy_name
self.path = fobj.path
self.action = fobj.action.value
self.delete_folder = str(fobj.delete_folder)
self.delete_sub_folders = str(fobj.delete_sub_folders)
self.delete_files = str(fobj.delete_files)
self.hidden_folder = str(fobj.hidden_folder)
def update_fields(self):
'''
Return list of fields to update
'''
fields = dict()
fields['policy_name'] = self.policy_name
fields['action'] = self.action
fields['delete_folder'] = self.delete_folder
fields['delete_sub_folders'] = self.delete_sub_folders
fields['delete_files'] = self.delete_files
fields['hidden_folder'] = self.hidden_folder
return fields
class envvar_entry(object):
'''
Object mapping representing environment variables
'''
def __init__(self, sid, evobj, policy_name):
self.sid = sid
self.policy_name = policy_name
self.name = evobj.name
self.value = evobj.value
self.action = evobj.action.value
def update_fields(self):
'''
Return list of fields to update
'''
fields = dict()
fields['policy_name'] = self.policy_name
fields['action'] = self.action
fields['value'] = self.value
return fields
class script_entry(object):
'''
Object mapping representing scripts.ini
'''
def __init__(self, sid, scrobj, policy_name):
self.sid = sid
self.policy_name = policy_name
self.action = scrobj.action
self.number = scrobj.number
self.path = scrobj.path
self.arg = scrobj.args
def update_fields(self):
'''
Return list of fields to update
'''
fields = dict()
fields['policy_name'] = self.policy_name
fields['action'] = self.action
fields['number'] = self.number
fields['path'] = self.path
fields['arg'] = self.arg
return fields
class file_entry(object):
'''
Object mapping representing FILES.XML
'''
def __init__(self, sid, fileobj, policy_name):
self.sid = sid
self.policy_name = policy_name
self.action = fileobj.action
self.fromPath = fileobj.fromPath
self.targetPath = fileobj.targetPath
self.readOnly = fileobj.readOnly
self.archive = fileobj.archive
self.hidden = fileobj.hidden
self.suppress = fileobj.suppress
self.executable = fileobj.executable
def update_fields(self):
'''
Return list of fields to update
'''
fields = dict()
fields['policy_name'] = self.policy_name
fields['action'] = self.action
fields['fromPath'] = self.fromPath
fields['targetPath'] = self.targetPath
fields['readOnly'] = self.readOnly
fields['archive'] = self.archive
fields['hidden'] = self.hidden
fields['suppress'] = self.suppress
fields['executable'] = self.executable
return fields
class ini_entry(object):
'''
Object mapping representing INIFILES.XML
'''
def __init__(self, sid, iniobj, policy_name):
self.sid = sid
self.policy_name = policy_name
self.action = iniobj.action
self.path = iniobj.path
self.section = iniobj.section
self.property = iniobj.property
self.value = iniobj.value
def update_fields(self):
'''
Return list of fields to update
'''
fields = dict()
fields['policy_name'] = self.policy_name
fields['action'] = self.action
fields['path'] = self.path
fields['section'] = self.section
fields['property'] = self.property
fields['value'] = self.value
return fields
class networkshare_entry(object):
'''
Object mapping representing NETWORKSHARES.XML
'''
def __init__(self, sid, networkshareobj, policy_name):
self.sid = sid
self.policy_name = policy_name
self.name = networkshareobj.name
self.action = networkshareobj.action
self.path = networkshareobj.path
self.allRegular = networkshareobj.allRegular
self.comment = networkshareobj.comment
self.limitUsers = networkshareobj.limitUsers
self.abe = networkshareobj.abe
def update_fields(self):
'''
Return list of fields to update
'''
fields = dict()
fields['policy_name'] = self.policy_name
fields['name'] = self.name
fields['action'] = self.action
fields['path'] = self.path
fields['allRegular'] = self.allRegular
fields['comment'] = self.comment
fields['limitUsers'] = self.limitUsers
fields['abe'] = self.abe
return fields

101
gpoa/storage/sqlite_cache.py
View File

@@ -1,101 +0,0 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from .cache import cache
import os
from sqlalchemy import (
create_engine,
Table,
Column,
Integer,
String,
)
from sqlalchemy.orm import sessionmaker
from .sqlite_registry_compat import sqlite_registry_compat
from util.logging import log
from util.paths import cache_dir
def mapping_factory(mapper_suffix):
exec(
'''
class mapped_id_{}(object):
def __init__(self, str_id, value):
self.str_id = str_id
self.value = str(value)
'''.format(mapper_suffix)
)
return eval('mapped_id_{}'.format(mapper_suffix))
class sqlite_cache(cache):
def __init__(self, cache_name):
self.cache_name = cache_name
self.mapper_obj = mapping_factory(self.cache_name)
self.storage_uri = os.path.join('sqlite:///{}/{}.sqlite'.format(cache_dir(), self.cache_name))
logdata = dict({'cache_file': self.storage_uri})
log('D20', logdata)
self.db_cnt = create_engine(self.storage_uri, echo=False)
self.__compat = sqlite_registry_compat(self.db_cnt)
self.__metadata = self.__compat.metadata()
self.cache_table = Table(
self.cache_name,
self.__metadata,
Column('id', Integer, primary_key=True),
Column('str_id', String(65536), unique=True),
Column('value', String)
)
self.__metadata.create_all(self.db_cnt)
Session = sessionmaker(bind=self.db_cnt)
self.db_session = Session()
mapper_reg = self.__compat
mapper_reg.map_imperatively(self.mapper_obj, self.cache_table)
def store(self, str_id, value):
obj = self.mapper_obj(str_id, value)
self._upsert(obj)
def get(self, obj_id):
result = self.db_session.query(self.mapper_obj).filter(self.mapper_obj.str_id == obj_id).first()
return result
def get_default(self, obj_id, default_value):
result = self.get(obj_id)
if result == None:
logdata = dict()
logdata['object'] = obj_id
log('D43', logdata)
self.store(obj_id, default_value)
return str(default_value)
return result.value
def _upsert(self, obj):
try:
self.db_session.add(obj)
self.db_session.commit()
except Exception as exc:
self.db_session.rollback()
logdata = dict()
logdata['msg'] = str(exc)
log('D44', logdata)
self.db_session.query(self.mapper_obj).filter(self.mapper_obj.str_id == obj.str_id).update({ 'value': obj.value })
self.db_session.commit()

621
gpoa/storage/sqlite_registry.py
View File

@@ -1,621 +0,0 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import os
from sqlalchemy import (
create_engine,
Table,
Column,
Integer,
String,
UniqueConstraint
)
from sqlalchemy.orm import sessionmaker
from .sqlite_registry_compat import sqlite_registry_compat
from util.logging import log
from util.paths import cache_dir
from .registry import registry
from .record_types import (
samba_preg
, samba_hkcu_preg
, ad_shortcut
, info_entry
, printer_entry
, drive_entry
, folder_entry
, envvar_entry
, script_entry
, file_entry
, ini_entry
, networkshare_entry
)
class sqlite_registry(registry):
def __init__(self, db_name, registry_cache_dir=None):
self.db_name = db_name
cdir = registry_cache_dir
if cdir == None:
cdir = cache_dir()
self.db_path = os.path.join('sqlite:///{}/{}.sqlite'.format(cdir, self.db_name))
self.db_cnt = create_engine(self.db_path, echo=False)
self.__compat = sqlite_registry_compat(self.db_cnt)
self.__metadata = self.__compat.metadata()
self.__info = Table(
'info',
self.__metadata,
Column('id', Integer, primary_key=True),
Column('name', String(65536), unique=True),
Column('value', String(65536))
)
self.__hklm = Table(
'HKLM'
, self.__metadata
, Column('id', Integer, primary_key=True)
, Column('hive_key', String(65536, collation='NOCASE'),
unique=True)
, Column('keyname', String(collation='NOCASE'))
, Column('valuename', String(collation='NOCASE'))
, Column('policy_name', String)
, Column('type', Integer)
, Column('data', String)
)
self.__hkcu = Table(
'HKCU'
, self.__metadata
, Column('id', Integer, primary_key=True)
, Column('sid', String)
, Column('hive_key', String(65536, collation='NOCASE'))
, Column('keyname', String(collation='NOCASE'))
, Column('valuename', String(collation='NOCASE'))
, Column('policy_name', String)
, Column('type', Integer)
, Column('data', String)
, UniqueConstraint('sid', 'hive_key')
)
self.__shortcuts = Table(
'Shortcuts'
, self.__metadata
, Column('id', Integer, primary_key=True)
, Column('sid', String)
, Column('path', String)
, Column('policy_name', String)
, Column('shortcut', String)
, UniqueConstraint('sid', 'path')
)
self.__printers = Table(
'Printers'
, self.__metadata
, Column('id', Integer, primary_key=True)
, Column('sid', String)
, Column('name', String)
, Column('policy_name', String)
, Column('printer', String)
, UniqueConstraint('sid', 'name')
)
self.__drives = Table(
'Drives'
, self.__metadata
, Column('id', Integer, primary_key=True)
, Column('sid', String)
, Column('login', String)
, Column('password', String)
, Column('dir', String)
, Column('policy_name', String)
, Column('path', String)
, Column('action', String)
, Column('thisDrive', String)
, Column('allDrives', String)
, Column('label', String)
, Column('persistent', String)
, Column('useLetter', String)
, UniqueConstraint('sid', 'dir')
)
self.__folders = Table(
'Folders'
, self.__metadata
, Column('id', Integer, primary_key=True)
, Column('sid', String)
, Column('path', String)
, Column('policy_name', String)
, Column('action', String)
, Column('delete_folder', String)
, Column('delete_sub_folders', String)
, Column('delete_files', String)
, Column('hidden_folder', String)
, UniqueConstraint('sid', 'path')
)
self.__envvars = Table(
'Envvars'
, self.__metadata
, Column('id', Integer, primary_key=True)
, Column('sid', String)
, Column('name', String)
, Column('policy_name', String)
, Column('action', String)
, Column('value', String)
, UniqueConstraint('sid', 'name')
)
self.__scripts = Table(
'Scripts'
, self.__metadata
, Column('id', Integer, primary_key=True)
, Column('sid', String)
, Column('policy_name', String)
, Column('number', String)
, Column('action', String)
, Column('path', String)
, Column('arg', String)
, UniqueConstraint('sid', 'path', 'arg')
)
self.__files = Table(
'Files'
, self.__metadata
, Column('id', Integer, primary_key=True)
, Column('sid', String)
, Column('policy_name', String)
, Column('action', String)
, Column('fromPath', String)
, Column('targetPath', String)
, Column('readOnly', String)
, Column('archive', String)
, Column('hidden', String)
, Column('suppress', String)
, Column('executable', String)
, UniqueConstraint('sid', 'policy_name', 'targetPath', 'fromPath')
)
self.__ini = Table(
'Ini'
, self.__metadata
, Column('id', Integer, primary_key=True)
, Column('sid', String)
, Column('policy_name', String)
, Column('action', String)
, Column('path', String)
, Column('section', String)
, Column('property', String)
, Column('value', String)
, UniqueConstraint('sid', 'action', 'path', 'section', 'property', 'value')
)
self.__networkshare = Table(
'Networkshare'
, self.__metadata
, Column('id', Integer, primary_key=True)
, Column('sid', String)
, Column('policy_name', String)
, Column('name', String)
, Column('action', String)
, Column('path', String)
, Column('allRegular', String)
, Column('comment', String)
, Column('limitUsers', String)
, Column('abe', String)
, UniqueConstraint('sid', 'name', 'path')
)
self.__metadata.create_all(self.db_cnt)
Session = sessionmaker(bind=self.db_cnt)
self.db_session = Session()
mapper_reg = self.__compat
try:
mapper_reg.map_imperatively(info_entry, self.__info)
mapper_reg.map_imperatively(samba_preg, self.__hklm)
mapper_reg.map_imperatively(samba_hkcu_preg, self.__hkcu)
mapper_reg.map_imperatively(ad_shortcut, self.__shortcuts)
mapper_reg.map_imperatively(printer_entry, self.__printers)
mapper_reg.map_imperatively(drive_entry, self.__drives)
mapper_reg.map_imperatively(folder_entry, self.__folders)
mapper_reg.map_imperatively(envvar_entry, self.__envvars)
mapper_reg.map_imperatively(script_entry, self.__scripts)
mapper_reg.map_imperatively(file_entry, self.__files)
mapper_reg.map_imperatively(ini_entry, self.__ini)
mapper_reg.map_imperatively(networkshare_entry, self.__networkshare)
except:
pass
#logging.error('Error creating mapper')
def _add(self, row):
try:
self.db_session.add(row)
self.db_session.commit()
except Exception as exc:
self.db_session.rollback()
raise exc
def _info_upsert(self, row):
try:
self._add(row)
except:
(self
.db_session.query(info_entry)
.filter(info_entry.name == row.name)
.update(row.update_fields()))
self.db_session.commit()
def _hklm_upsert(self, row):
try:
self._add(row)
except:
(self
.db_session
.query(samba_preg)
.filter(samba_preg.hive_key == row.hive_key)
.update(row.update_fields()))
self.db_session.commit()
def _hkcu_upsert(self, row):
try:
self._add(row)
except Exception as exc:
(self
.db_session
.query(samba_hkcu_preg)
.filter(samba_hkcu_preg.sid == row.sid)
.filter(samba_hkcu_preg.hive_key == row.hive_key)
.update(row.update_fields()))
self.db_session.commit()
def _shortcut_upsert(self, row):
try:
self._add(row)
except:
(self
.db_session
.query(ad_shortcut)
.filter(ad_shortcut.sid == row.sid)
.filter(ad_shortcut.path == row.path)
.update(row.update_fields()))
self.db_session.commit()
def _printer_upsert(self, row):
try:
self._add(row)
except:
(self
.db_session
.query(printer_entry)
.filter(printer_entry.sid == row.sid)
.filter(printer_entry.name == row.name)
.update(row.update_fields()))
self.db_session.commit()
def _drive_upsert(self, row):
try:
self._add(row)
except:
(self
.db_session
.query(drive_entry)
.filter(drive_entry.sid == row.sid)
.filter(drive_entry.dir == row.dir)
.update(row.update_fields()))
self.db_session.commit()
def set_info(self, name, value):
ientry = info_entry(name, value)
logdata = dict()
logdata['varname'] = name
logdata['value'] = value
log('D19', logdata)
self._info_upsert(ientry)
def _delete_hklm_keyname(self, keyname):
'''
Delete PReg hive_key from HKEY_LOCAL_MACHINE
'''
logdata = dict({'keyname': keyname})
try:
(self
.db_session
.query(samba_preg)
.filter(samba_preg.keyname == keyname)
.delete(synchronize_session=False))
self.db_session.commit()
log('D65', logdata)
except Exception as exc:
log('D63', logdata)
def add_hklm_entry(self, preg_entry, policy_name):
'''
Write PReg entry to HKEY_LOCAL_MACHINE
'''
pentry = samba_preg(preg_entry, policy_name)
if not pentry.valuename.startswith('**'):
self._hklm_upsert(pentry)
else:
logdata = dict({'key': pentry.hive_key})
if pentry.valuename.lower() == '**delvals.':
self._delete_hklm_keyname(pentry.keyname)
else:
log('D27', logdata)
def _delete_hkcu_keyname(self, keyname, sid):
'''
Delete PReg hive_key from HKEY_CURRENT_USER
'''
logdata = dict({'sid': sid, 'keyname': keyname})
try:
(self
.db_session
.query(samba_hkcu_preg)
.filter(samba_hkcu_preg.sid == sid)
.filter(samba_hkcu_preg.keyname == keyname)
.delete(synchronize_session=False))
self.db_session.commit()
log('D66', logdata)
except:
log('D64', logdata)
def add_hkcu_entry(self, preg_entry, sid, policy_name):
'''
Write PReg entry to HKEY_CURRENT_USER
'''
hkcu_pentry = samba_hkcu_preg(sid, preg_entry, policy_name)
logdata = dict({'sid': sid, 'policy': policy_name, 'key': hkcu_pentry.hive_key})
if not hkcu_pentry.valuename.startswith('**'):
log('D26', logdata)
self._hkcu_upsert(hkcu_pentry)
else:
if hkcu_pentry.valuename.lower() == '**delvals.':
self._delete_hkcu_keyname(hkcu_pentry.keyname, sid)
else:
log('D51', logdata)
def add_shortcut(self, sid, sc_obj, policy_name):
'''
Store shortcut information in the database
'''
sc_entry = ad_shortcut(sid, sc_obj, policy_name)
logdata = dict()
logdata['link'] = sc_entry.path
logdata['sid'] = sid
log('D41', logdata)
self._shortcut_upsert(sc_entry)
def add_printer(self, sid, pobj, policy_name):
'''
Store printer configuration in the database
'''
prn_entry = printer_entry(sid, pobj, policy_name)
logdata = dict()
logdata['printer'] = prn_entry.name
logdata['sid'] = sid
log('D40', logdata)
self._printer_upsert(prn_entry)
def add_drive(self, sid, dobj, policy_name):
drv_entry = drive_entry(sid, dobj, policy_name)
logdata = dict()
logdata['uri'] = drv_entry.path
logdata['sid'] = sid
log('D39', logdata)
self._drive_upsert(drv_entry)
def add_folder(self, sid, fobj, policy_name):
fld_entry = folder_entry(sid, fobj, policy_name)
logdata = dict()
logdata['folder'] = fld_entry.path
logdata['sid'] = sid
log('D42', logdata)
try:
self._add(fld_entry)
except Exception as exc:
(self
._filter_sid_obj(folder_entry, sid)
.filter(folder_entry.path == fld_entry.path)
.update(fld_entry.update_fields()))
self.db_session.commit()
def add_envvar(self, sid, evobj, policy_name):
ev_entry = envvar_entry(sid, evobj, policy_name)
logdata = dict()
logdata['envvar'] = ev_entry.name
logdata['sid'] = sid
log('D53', logdata)
try:
self._add(ev_entry)
except Exception as exc:
(self
._filter_sid_obj(envvar_entry, sid)
.filter(envvar_entry.name == ev_entry.name)
.update(ev_entry.update_fields()))
self.db_session.commit()
def add_script(self, sid, scrobj, policy_name):
scr_entry = script_entry(sid, scrobj, policy_name)
logdata = dict()
logdata['script path'] = scrobj.path
logdata['sid'] = sid
log('D153', logdata)
try:
self._add(scr_entry)
except Exception as exc:
(self
._filter_sid_obj(script_entry, sid)
.filter(script_entry.path == scr_entry.path)
.update(scr_entry.update_fields()))
self.db_session.commit()
def add_file(self, sid, fileobj, policy_name):
f_entry = file_entry(sid, fileobj, policy_name)
logdata = dict()
logdata['targetPath'] = f_entry.targetPath
logdata['fromPath'] = f_entry.fromPath
log('D162', logdata)
try:
self._add(f_entry)
except Exception as exc:
(self
._filter_sid_obj(file_entry, sid)
.filter(file_entry.targetPath == f_entry.targetPath)
.update(f_entry.update_fields()))
self.db_session.commit()
def add_ini(self, sid, iniobj, policy_name):
inientry = ini_entry(sid, iniobj, policy_name)
logdata = dict()
logdata['path'] = inientry.path
logdata['action'] = inientry.action
log('D177', logdata)
try:
self._add(inientry)
except Exception as exc:
(self
._filter_sid_obj(ini_entry, sid)
.filter(ini_entry.path == inientry.path)
.update(inientry.update_fields()))
self.db_session.commit()
def add_networkshare(self, sid, networkshareobj, policy_name):
networkshareentry = networkshare_entry(sid, networkshareobj, policy_name)
logdata = dict()
logdata['name'] = networkshareentry.name
logdata['path'] = networkshareentry.path
logdata['action'] = networkshareentry.action
log('D186', logdata)
try:
self._add(networkshareentry)
except Exception as exc:
(self
._filter_sid_obj(networkshare_entry, sid)
.filter(networkshare_entry.path == networkshareentry.path)
.update(networkshareentry.update_fields()))
self.db_session.commit()
def _filter_sid_obj(self, row_object, sid):
res = (self
.db_session
.query(row_object)
.filter(row_object.sid == sid))
return res
def _filter_sid_list(self, row_object, sid):
res = (self
.db_session
.query(row_object)
.filter(row_object.sid == sid)
.order_by(row_object.id)
.all())
return res
def get_shortcuts(self, sid):
return self._filter_sid_list(ad_shortcut, sid)
def get_printers(self, sid):
return self._filter_sid_list(printer_entry, sid)
def get_drives(self, sid):
return self._filter_sid_list(drive_entry, sid)
def get_folders(self, sid):
return self._filter_sid_list(folder_entry, sid)
def get_envvars(self, sid):
return self._filter_sid_list(envvar_entry, sid)
def _filter_scripts_list(self, row_object, sid, action):
res = (self
.db_session
.query(row_object)
.filter(row_object.sid == sid)
.filter(row_object.action == action)
.order_by(row_object.id)
.all())
return res
def get_scripts(self, sid, action):
return self._filter_scripts_list(script_entry, sid, action)
def get_files(self, sid):
return self._filter_sid_list(file_entry, sid)
def get_networkshare(self, sid):
return self._filter_sid_list(networkshare_entry, sid)
def get_ini(self, sid):
return self._filter_sid_list(ini_entry, sid)
def get_hkcu_entry(self, sid, hive_key):
res = (self
.db_session
.query(samba_hkcu_preg)
.filter(samba_hkcu_preg.sid == sid)
.filter(samba_hkcu_preg.hive_key == hive_key)
.first())
# Try to get the value from machine SID as a default if no option is set.
if not res:
machine_sid = self.get_info('machine_sid')
res = self.db_session.query(samba_hkcu_preg).filter(samba_hkcu_preg.sid == machine_sid).filter(samba_hkcu_preg.hive_key == hive_key).first()
return res
def filter_hkcu_entries(self, sid, startswith):
res = (self
.db_session
.query(samba_hkcu_preg)
.filter(samba_hkcu_preg.sid == sid)
.filter(samba_hkcu_preg.hive_key.like(startswith)))
return res
def get_info(self, name):
res = (self
.db_session
.query(info_entry)
.filter(info_entry.name == name)
.first())
return res.value
def get_hklm_entry(self, hive_key):
res = (self
.db_session
.query(samba_preg)
.filter(samba_preg.hive_key == hive_key)
.first())
return res
def filter_hklm_entries(self, startswith):
res = (self
.db_session
.query(samba_preg)
.filter(samba_preg.hive_key.like(startswith)))
return res
def wipe_user(self, sid):
self._wipe_sid(samba_hkcu_preg, sid)
self._wipe_sid(ad_shortcut, sid)
self._wipe_sid(printer_entry, sid)
self._wipe_sid(drive_entry, sid)
self._wipe_sid(script_entry, sid)
self._wipe_sid(file_entry, sid)
self._wipe_sid(ini_entry, sid)
self._wipe_sid(networkshare_entry, sid)
def _wipe_sid(self, row_object, sid):
(self
.db_session
.query(row_object)
.filter(row_object.sid == sid)
.delete())
self.db_session.commit()
def wipe_hklm(self):
self.db_session.query(samba_preg).delete()
self.db_session.commit()

45
gpoa/storage/sqlite_registry_compat.py
View File

@@ -1,45 +0,0 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2024 BaseALT Ltd.
# Copyright (C) 2024 Evgeny SInelnikov <sin@altlinux.org>.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
__compat__ = False
from sqlalchemy import MetaData
try:
from sqlalchemy.orm import registry
except:
from sqlalchemy.orm import mapper
__compat__ = True
class sqlite_registry_compat:
def __init__(self, db_cnt):
if not __compat__:
self.__registry = registry()
self.__metadata = MetaData()
else:
self.__metadata = MetaData(db_cnt)
def metadata(self):
return self.__metadata
def map_imperatively(self, obj, table):
if __compat__:
mapper(obj, table)
else:
self.__registry.map_imperatively(obj, table)

2
gpoa/templates/autofs_auto.j2
View File

@@ -16,5 +16,5 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#}
{{ home_dir }}/{{mntTarget}} {{ mount_file }} -t 120 --browse
{{ home_dir }}/{{mntTarget}} {{ mount_file }} -t {{timeout}} --browse

2
gpoa/templates/autofs_auto_hide.j2
View File

@@ -16,5 +16,5 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#}
{{ home_dir }}/.{{mntTarget}} {{ mount_file }} -t 120
{{ home_dir }}/.{{mntTarget}} {{ mount_file }} -t {{timeout}}

26
gpoa/util/arguments.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
# Copyright (C) 2019-2024 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -18,10 +18,9 @@
import logging
import logging.handlers
from enum import IntEnum
from enum import IntEnum, Enum
from messages import message_with_code
from .logging import slogm
from .logging import log
def set_loglevel(loglevel_num=None):
@@ -70,7 +69,7 @@ def process_target(target_name=None):
target = target_name
logdata = dict({'target': target})
logging.debug(slogm(message_with_code('D10'), logdata))
log('D10', logdata)
return target.upper()
@@ -84,3 +83,20 @@ class ExitCodeUpdater(IntEnum):
FAIL_GPUPDATE_USER_NOREPLY = 3
EXIT_SIGINT = 130
class FileAction(Enum):
CREATE = 'C'
REPLACE = 'R'
UPDATE = 'U'
DELETE = 'D'
def __str__(self):
return self.value
def action_letter2enum(letter):
if letter in ['C', 'R', 'U', 'D']:
if letter == 'C': return FileAction.CREATE
if letter == 'R': return FileAction.REPLACE
if letter == 'U': return FileAction.UPDATE
if letter == 'D': return FileAction.DELETE
return FileAction.CREATE

10
gpoa/util/dbus.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
# Copyright (C) 2019-2024 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -20,6 +20,7 @@ import dbus
from .logging import log
from .users import is_root
from storage import Dconf_registry
class dbus_runner:
@@ -72,6 +73,7 @@ class dbus_runner:
if self.username:
logdata = dict({'username': self.username})
log('D6', logdata)
gpupdate = 'gpupdate' if not Dconf_registry._force else 'gpupdate_force'
if is_root():
# oddjobd-gpupdate's ACL allows access to this method
# only for superuser. This method is called via PAM
@@ -95,7 +97,7 @@ class dbus_runner:
result = self.system_bus.call_blocking(self.bus_name,
self._object_path,
self.interface_name,
'gpupdate',
gpupdate,
None,
[],
timeout=self._synchronous_timeout)
@@ -106,11 +108,12 @@ class dbus_runner:
raise exc
else:
log('D11')
gpupdate_computer = 'gpupdate_computer' if not Dconf_registry._force else 'gpupdate_computer_force'
try:
result = self.system_bus.call_blocking(self.bus_name,
self._object_path,
self.interface_name,
'gpupdate_computer',
gpupdate_computer,
None,
# The following positional parameter is called "args".
# There is no official documentation for it.
@@ -118,7 +121,6 @@ class dbus_runner:
timeout=self._synchronous_timeout)
print_dbus_result(result)
except dbus.exceptions.DBusException as exc:
print(exc)
logdata = dict({'error': str(exc)})
log('E22', logdata)
raise exc

11
gpoa/util/paths.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2021 BaseALT Ltd. <org@basealt.ru>
# Copyright (C) 2019-2024 BaseALT Ltd. <org@basealt.ru>
# Copyright (C) 2019-2021 Igor Chudov <nir@nir.org.ru>
#
# This program is free software: you can redistribute it and/or modify
@@ -93,7 +93,14 @@ def local_policy_cache():
return lpcache
def get_dconf_config_path(uid = None):
if uid:
return f'/etc/dconf/db/policy{uid}.d/'
else:
return '/etc/dconf/db/policy.d/'
def get_dconf_config_file(uid = None):
if uid:
return f'/etc/dconf/db/policy{uid}.d/policy{uid}.ini'
else:
@@ -116,7 +123,7 @@ class UNCPath:
def get_uri(self):
path = self.path
if self.type == 'unc':
path = self.path.replace('\\', '/')
path = self.path.replace('\\\\', '/')
path = path.replace('//', 'smb://')
else:
pass

18
gpoa/util/preg.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
# Copyright (C) 2019-2024 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -18,7 +18,6 @@
from xml.etree import ElementTree
from storage import registry_factory
from storage.dconf_registry import load_preg_dconf
from samba.gp_parse.gp_pol import GPPolParser
@@ -81,22 +80,15 @@ def preg_keymap(preg):
return keymap
def merge_polfile(preg, sid=None, reg_name='registry', reg_path=None, policy_name='Unknown', username='Machine', version=None):
def merge_polfile(preg, sid=None, reg_name='registry', reg_path=None, policy_name='Unknown', username='Machine', gpo_info=None):
pregfile = load_preg(preg)
if sid is None and username == 'Machine':
load_preg_dconf(pregfile, preg, policy_name, None, version)
load_preg_dconf(pregfile, preg, policy_name, None, gpo_info)
else:
load_preg_dconf(pregfile, preg, policy_name, username, version)
load_preg_dconf(pregfile, preg, policy_name, username, gpo_info)
logdata = dict({'pregfile': preg})
log('D32', logdata)
#log dconf
return
storage = registry_factory(reg_name, reg_path)
for entry in pregfile.entries:
if not sid:
storage.add_hklm_entry(entry, policy_name)
else:
storage.add_hkcu_entry(entry, sid, policy_name)
class entry:

3
gpoa/util/sid.py
View File

@@ -2,7 +2,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2020 BaseALT Ltd.
# Copyright (C) 2019-2024 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -20,7 +20,6 @@
from enum import Enum
import pwd
import logging
import subprocess
import pysss_nss_idmap

4
gpoa/util/users.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2021 BaseALT Ltd.
# Copyright (C) 2019-2024 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -19,8 +19,6 @@
import os
import pwd
from .logging import log
def is_root():
'''

40
gpoa/util/util.py
View File

@@ -196,3 +196,43 @@ def get_uid_by_username(username):
return user_info.pw_uid
except KeyError:
return None
def add_prefix_to_keys(dictionary: dict, prefix: str='Previous/') -> dict:
"""
Adds a prefix to each key in the dictionary.
Args: Input dictionary whose keys need to be modified
prefix string to be added to each key. Defaults to 'Previous/'
Returns: New dictionary with modified keys having the specified prefix
"""
result = {}
for key, value in dictionary.items():
new_key = f'{prefix}{key}'
if isinstance(value, dict):
result[new_key] = {deep_key:clean_data(val) if isinstance(val, str) else val for deep_key, val in value.items()}
else:
result[new_key] = value
return result
def remove_keys_with_prefix(dictionary: dict, prefix: tuple=('Previous/', 'Source/')) -> dict:
"""
Removes all keys that start with the specified prefix from the dictionary.
By default, removes keys starting with 'Previous/' and 'Source/' prefix.
"""
return {key: value for key, value in dictionary.items() if not key.startswith(prefix)}
def get_trans_table():
return str.maketrans({
'\n': '',
'\r': '',
'"': "'",
'\\': '\\\\'
})
def clean_data(data):
try:
cleaned_string = data.translate(get_trans_table())
return cleaned_string
except:
return None

19
gpoa/util/windows.py
View File

@@ -18,7 +18,7 @@
import os
import subprocess
from pathlib import Path
from samba import getopt as options
from samba import NTSTATUSError
@@ -28,12 +28,13 @@ except ImportError:
from samba.gp.gpclass import get_dc_hostname, check_refresh_gpo_list
from samba.netcmd.common import netcmd_get_domain_infos_via_cldap
from storage.dconf_registry import Dconf_registry, extract_display_name_version
import samba.gpo
from .xdg import (
xdg_get_desktop
)
from .util import get_homedir
from .util import get_homedir, get_uid_by_username
from .exceptions import GetGPOListFail
from .logging import log
from .samba import smbopts
@@ -109,7 +110,11 @@ class smbcreds (smbopts):
hostname
'''
gpos = list()
if Dconf_registry.get_info('machine_name') == username:
dconf_dict = Dconf_registry.get_dictionary_from_dconf_file_db(save_dconf_db=True)
else:
dconf_dict = Dconf_registry.get_dictionary_from_dconf_file_db(get_uid_by_username(username), save_dconf_db=True)
dict_gpo_name_version = extract_display_name_version(dconf_dict, username)
try:
log('D48')
ads = samba.gpo.ADS_STRUCT(self.selected_dc, self.lp, self.creds)
@@ -121,13 +126,19 @@ class smbcreds (smbopts):
for gpo in gpos:
# These setters are taken from libgpo/pygpo.c
# print(gpo.ds_path) # LDAP entry
if gpo.display_name in dict_gpo_name_version.keys() and dict_gpo_name_version.get(gpo.display_name, {}).get('version') == str(getattr(gpo, 'version', None)):
if Path(dict_gpo_name_version.get(gpo.display_name, {}).get('correct_path')).exists():
gpo.file_sys_path = ''
ldata = dict({'gpo_name': gpo.display_name, 'gpo_uuid': gpo.name, 'file_sys_path_cache': True})
log('I11', ldata)
continue
ldata = dict({'gpo_name': gpo.display_name, 'gpo_uuid': gpo.name, 'file_sys_path': gpo.file_sys_path})
log('I2', ldata)
except Exception as exc:
if self.selected_dc != self.pdc_emulator_server:
raise GetGPOListFail(exc)
logdata = dict({'username': username, 'dc': self.selected_dc})
logdata = dict({'username': username, 'dc': self.selected_dc, 'exc': exc})
log('E17', logdata)
return gpos

62
gpupdate.spec
View File

@@ -8,7 +8,10 @@
%add_python3_req_skip gpt.gpt
%add_python3_req_skip gpt.printers
%add_python3_req_skip gpt.shortcuts
%add_python3_req_skip gpt.gpo_dconf_mapping
%add_python3_req_skip gpt.dynamic_attributes
%add_python3_req_skip messages
%add_python3_req_skip plugin
%add_python3_req_skip storage
%add_python3_req_skip storage.fs_file_cache
%add_python3_req_skip storage.dconf_registry
@@ -33,7 +36,7 @@
%add_python3_req_skip util.gpoa_ini_parsing
Name: gpupdate
Version: 0.10.3
Version: 0.12.0
Release: alt1
Summary: GPT applier
@@ -49,12 +52,13 @@ BuildRequires: gettext-tools
Requires: python3-module-rpm
Requires: python3-module-dbus
Requires: python3-module-configobj
Requires: oddjob-%name >= 0.2.0
Requires: oddjob-%name >= 0.2.3
Requires: libnss-role >= 0.5.0
Requires: local-policy >= 0.4.9
Requires: pam-config >= 1.9.0
Requires: autofs
Requires: dconf-profile
Requires: libgvdb-gir
# This is needed by shortcuts_applier
Requires: desktop-file-utils
# This is needed for smb file cache support
@@ -191,6 +195,60 @@ fi
%exclude %python3_sitelibdir/gpoa/test
%changelog
* Tue Dec 10 2024 Valery Sinelnikov <greh@altlinux.org> 0.12.0-alt1
- Special thanks to Andrey Belgorodtsev (andrey@net55.su)
for valuable pre-release testing and feedback
- Added applier thunderbird
- Added environment file cleaning (closes: 51016)
- Added the ability to set the name of the directory to automount
- Added the ability to remove the prefix from a sylink
to the catalog in automount
- Added the ability to set the timeout in automount
- Added messages using the force mode
- Improved KDE update logic
- Added preservation of previous keys
* Fri Oct 11 2024 Valery Sinelnikov <greh@altlinux.org> 0.11.4-alt1
- Added skip plugin (closes: 51631)
- Fixed getting the network path (closes:51606)
- The _appliers sequence has been changed,
package_applier has been moved to the end
* Fri Sep 06 2024 Valery Sinelnikov <greh@altlinux.org> 0.11.3-alt1
- Optimized string cleaning using str.translate()
* Wed Sep 04 2024 Valery Sinelnikov <greh@altlinux.org> 0.11.2-alt1
- Fixed data type handling in kde_applier
- Removing legacy unused code
- Added saving policy data without polfile
- Added escaping of special characters in data (closes: 51201)
* Tue Aug 27 2024 Valery Sinelnikov <greh@altlinux.org> 0.11.1-alt1
- Fixed setting links in shortcuts (closes: 51275)
* Fri Aug 09 2024 Valery Sinelnikov <greh@altlinux.org> 0.11.0-alt1
- Added saving preferences in dconf
- Added versioning support for gpt
- Added the ability to force gpt download
- Added completions for --force
- Added new exceptions for Chromium 126
- Added information to the man pages
- Fixed handling of incorrect valuename
* Mon Jul 08 2024 Valery Sinelnikov <greh@altlinux.org> 0.10.6-alt1
- Fixed firefox_applier errors
* Fri Jun 28 2024 Valery Sinelnikov <greh@altlinux.org> 0.10.5-alt1
- Correction of missing entries with a upper case
- Fixed string processing in date (closes: 50782)
- Fixed getting correct data for the user for pkcon_runner
* Thu Jun 27 2024 Valery Sinelnikov <greh@altlinux.org> 0.10.4-alt1
- Fixed the definition of the module activation check (closes: 50755)
- Fixed sorting of scripts (closes: 50756)
- Fixed reading key values from dconf
- Changed the method for getting the list of packages for pkcon_runner
* Wed Jun 19 2024 Valery Sinelnikov <greh@altlinux.org> 0.10.3-alt1
- Added autocompletion for gpoa, gpupdate, gpupdate-setup
- Added correct work with json data in keys for the Firefox browser