public/gpupdate
1
0
Fork 1
mirror of https://github.com/altlinux/gpupdate.git synced 2025-10-22 23:33:16 +03:00
Code Releases Wiki Activity

Compare commits

base: public:master
Branches Tags
public:master public:cleanup_machine_account public:machine_account_creds public:fix_kde_version public:fix_kde_screen public:fix_cache public:fix_kde public:fix_oddjob public:fix_plasmaupdate public:fix_kde_applier public:fix_firefox public:fix_check_enable public:fix_dconf_update public:dconf_registry public:astra public:translation_for_several_logs public:ntp_applier_addition public:local_admin_policy_v3 public:local_admin_policy_v2 public:oddjob-gpupdate public:gsettings_fixed_error_unable_to_cache_specified_URI public:bugsFix public:logRu public:package_pkcon public:kdestroy_trouble public:fix_gsettings public:samba_registry_storage public:man_gpupdate_setup public:postinst_remove_cache public:quota_applier public:binary_modules
public:0.13.4-alt1 public:0.13.3-alt1 public:0.13.2-alt1 public:0.13.1-alt1 public:0.13.0-alt1 public:0.12.2-alt1 public:0.12.1-alt1 public:0.12.0-alt1 public:0.11.4-alt1 public:0.11.3-alt1 public:0.11.2-alt1 public:0.11.1-alt1 public:0.11.0-alt1 public:0.10.6-alt1 public:0.10.5-alt1 public:0.10.4-alt1 public:0.10.3-alt1 public:0.10.2-alt1 public:0.10.1-alt1 public:0.10.0-alt1 public:0.9.13.5-alt1 public:0.9.13.4-alt1 public:0.9.12.4-alt1 public:0.9.12.1-alt1 public:0.9.12-alt2 public:0.9.11.2-alt1 public:0.9.11.1-alt1 public:0.9.11-alt1 public:0.9.10-alt1 public:0.9.9.1-alt1 public:0.9.9-alt1 public:0.9.8-alt1 public:0.9.7-alt1 public:0.9.6-alt1 public:0.9.5-alt1 public:0.9.4-alt1 public:0.9.3-alt1 public:0.9.2-alt1 public:0.9.1-alt1 public:0.9.0-alt1 public:0.8.2-alt1 public:0.8.1-alt3 public:0.8.1-alt2 public:0.8.1-alt1 public:0.8.0-alt1 public:0.7.0-alt1 public:0.6.0-alt2 public:0.6.0-alt1 public:0.5.0-alt1 public:0.4.5-alt1 public:0.4.4-alt1 public:0.4.3-alt1 public:0.4.1-alt1 public:0.4.0-alt1 public:0.3.0-alt1
..
compare: public:fix_kde_screen
Branches Tags
public:master public:cleanup_machine_account public:machine_account_creds public:fix_kde_version public:fix_kde_screen public:fix_cache public:fix_kde public:fix_oddjob public:fix_plasmaupdate public:fix_kde_applier public:fix_firefox public:fix_check_enable public:fix_dconf_update public:dconf_registry public:astra public:translation_for_several_logs public:ntp_applier_addition public:local_admin_policy_v3 public:local_admin_policy_v2 public:oddjob-gpupdate public:gsettings_fixed_error_unable_to_cache_specified_URI public:bugsFix public:logRu public:package_pkcon public:kdestroy_trouble public:fix_gsettings public:samba_registry_storage public:man_gpupdate_setup public:postinst_remove_cache public:quota_applier public:binary_modules
public:0.13.4-alt1 public:0.13.3-alt1 public:0.13.2-alt1 public:0.13.1-alt1 public:0.13.0-alt1 public:0.12.2-alt1 public:0.12.1-alt1 public:0.12.0-alt1 public:0.11.4-alt1 public:0.11.3-alt1 public:0.11.2-alt1 public:0.11.1-alt1 public:0.11.0-alt1 public:0.10.6-alt1 public:0.10.5-alt1 public:0.10.4-alt1 public:0.10.3-alt1 public:0.10.2-alt1 public:0.10.1-alt1 public:0.10.0-alt1 public:0.9.13.5-alt1 public:0.9.13.4-alt1 public:0.9.12.4-alt1 public:0.9.12.1-alt1 public:0.9.12-alt2 public:0.9.11.2-alt1 public:0.9.11.1-alt1 public:0.9.11-alt1 public:0.9.10-alt1 public:0.9.9.1-alt1 public:0.9.9-alt1 public:0.9.8-alt1 public:0.9.7-alt1 public:0.9.6-alt1 public:0.9.5-alt1 public:0.9.4-alt1 public:0.9.3-alt1 public:0.9.2-alt1 public:0.9.1-alt1 public:0.9.0-alt1 public:0.8.2-alt1 public:0.8.1-alt3 public:0.8.1-alt2 public:0.8.1-alt1 public:0.8.0-alt1 public:0.7.0-alt1 public:0.6.0-alt2 public:0.6.0-alt1 public:0.5.0-alt1 public:0.4.5-alt1 public:0.4.4-alt1 public:0.4.3-alt1 public:0.4.1-alt1 public:0.4.0-alt1 public:0.3.0-alt1

2 Commits
master ... fix_kde_sc

Author SHA1 Message Date
Danila Skachedubov
bfa82aed12 Added function to call a method on dbus 2025-02-03 15:25:32 +04:00
Danila Skachedubov
e75b129ae9 Code refactoring and optimization 2025-01-29 13:46:34 +04:00
74 changed files with 684 additions and 1732 deletions
Expand all files Collapse all files

19
gpoa/backend/nodomain_backend.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2025 BaseALT Ltd.
# Copyright (C) 2019-2024 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -20,13 +20,25 @@
from .applier_backend import applier_backend
from storage import registry_factory
from gpt.gpt import get_local_gpt
from util.util import (
get_machine_name
)
from util.sid import get_sid
class nodomain_backend(applier_backend):
def __init__(self):
domain = None
machine_name = get_machine_name()
machine_sid = get_sid(domain, machine_name, True)
self.storage = registry_factory()
self.storage.set_info('domain', domain)
self.storage.set_info('machine_name', machine_name)
self.storage.set_info('machine_sid', machine_sid)
# User SID to work with HKCU hive
self.username = machine_name
self.sid = machine_sid
def retrieve_and_store(self):
'''
@@ -34,7 +46,8 @@ class nodomain_backend(applier_backend):
'''
# Get policies for machine at first.
self.storage.wipe_hklm()
local_policy = get_local_gpt()
self.storage.wipe_user(self.storage.get_info('machine_sid'))
local_policy = get_local_gpt(self.sid)
local_policy.merge_machine()
local_policy.merge_user()

46
gpoa/backend/samba_backend.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2025 BaseALT Ltd.
# Copyright (C) 2019-2024 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -55,7 +55,7 @@ class samba_backend(applier_backend):
# User SID to work with HKCU hive
self.username = username
self._is_machine = is_machine
self._is_machine_username = is_machine
if is_machine:
self.sid = machine_sid
else:
@@ -68,7 +68,7 @@ class samba_backend(applier_backend):
self.gpo_cache_part ='gpo_cache'
self._cached = False
self.storage.set_info('cache_dir', os.path.join(self.cache_dir, self.gpo_cache_part))
logdata = {'cachedir': self.cache_dir}
logdata = dict({'cachedir': self.cache_dir})
log('D7', logdata)
def __del__(self):
@@ -98,28 +98,28 @@ class samba_backend(applier_backend):
Retrieve settings and strore it in a database
'''
# Get policies for machine at first.
machine_gpts = []
machine_gpts = list()
try:
machine_gpts = self._get_gpts()
machine_gpts = self._get_gpts(get_machine_name(), self.storage.get_info('machine_sid'))
except Exception as exc:
log('F2')
raise exc
if self._is_machine:
if self._is_machine_username:
for gptobj in machine_gpts:
try:
gptobj.merge_machine()
except Exception as exc:
logdata = {}
logdata = dict()
logdata['msg'] = str(exc)
log('E26', logdata)
# Load user GPT values in case user's name specified
# This is a buggy implementation and should be tested more
else:
user_gpts = []
user_gpts = list()
try:
user_gpts = self._get_gpts(self.username)
user_gpts = self._get_gpts(self.username, self.sid)
except Exception as exc:
log('F3')
raise exc
@@ -127,7 +127,7 @@ class samba_backend(applier_backend):
# Merge user settings if UserPolicyMode set accordingly
# and user settings (for HKCU) are exist.
policy_mode = self.get_policy_mode()
logdata = {'mode': upm2str(policy_mode)}
logdata = dict({'mode': upm2str(policy_mode), 'sid': self.sid})
log('D152', logdata)
if policy_mode < 2:
@@ -135,16 +135,17 @@ class samba_backend(applier_backend):
try:
gptobj.merge_user()
except Exception as exc:
logdata = {}
logdata = dict()
logdata['msg'] = str(exc)
log('E27', logdata)
if policy_mode > 0:
for gptobj in machine_gpts:
try:
gptobj.sid = self.sid
gptobj.merge_user()
except Exception as exc:
logdata = {}
logdata = dict()
logdata['msg'] = str(exc)
log('E63', logdata)
@@ -161,16 +162,15 @@ class samba_backend(applier_backend):
self._cached = True
return True
elif 'Local Policy' != gpo.name:
logdata = {'gponame': gpo.name}
logdata = dict({'gponame': gpo.name})
log('W4', logdata)
return False
return True
def _get_gpts(self, username=None):
gpts = []
if not username:
username = get_machine_name()
log('D45', {'username': username})
def _get_gpts(self, username, sid):
gpts = list()
log('D45', {'username': username, 'sid': sid})
# util.windows.smbcreds
gpos = self.sambacreds.update_gpos(username)
log('D46')
@@ -178,21 +178,21 @@ class samba_backend(applier_backend):
if self._check_sysvol_present(gpo):
if not self._cached:
path = check_safe_path(gpo.file_sys_path).upper()
slogdata = {'sysvol_path': gpo.file_sys_path, 'gpo_name': gpo.display_name, 'gpo_path': path}
slogdata = dict({'sysvol_path': gpo.file_sys_path, 'gpo_name': gpo.display_name, 'gpo_path': path})
log('D30', slogdata)
gpt_abspath = os.path.join(self.cache_dir, self.gpo_cache_part, path)
else:
gpt_abspath = gpo.file_sys_path
log('D211', {'sysvol_path': gpo.file_sys_path, 'gpo_name': gpo.display_name})
if self._is_machine:
obj = gpt(gpt_abspath, None, GpoInfoDconf(gpo))
if self._is_machine_username:
obj = gpt(gpt_abspath, sid, None, GpoInfoDconf(gpo))
else:
obj = gpt(gpt_abspath, self.username, GpoInfoDconf(gpo))
obj = gpt(gpt_abspath, sid, self.username, GpoInfoDconf(gpo))
obj.set_name(gpo.display_name)
gpts.append(obj)
else:
if 'Local Policy' == gpo.name:
gpts.append(get_local_gpt())
gpts.append(get_local_gpt(sid))
return gpts

14
gpoa/frontend/appliers/control.py
View File

@@ -24,7 +24,7 @@ def control_subst(preg_name):
This is a workaround for control names which can't be used in
PReg/ADMX files.
'''
control_triggers = {}
control_triggers = dict()
control_triggers['dvd_rw-format'] = 'dvd+rw-format'
control_triggers['dvd_rw-mediainfo'] = 'dvd+rw-mediainfo'
control_triggers['dvd_rw-booktype'] = 'dvd+rw-booktype'
@@ -50,7 +50,7 @@ class control:
Query possible values from control in order to perform check of
parameter passed to constructor.
'''
values = []
values = list()
popen_call = ['/usr/sbin/control', self.control_name, 'list']
with subprocess.Popen(popen_call, stdout=subprocess.PIPE, stderr=subprocess.PIPE) as proc:
@@ -68,7 +68,7 @@ class control:
try:
str_status = self.possible_values[int_status]
except IndexError as exc:
logdata = {}
logdata = dict()
logdata['control'] = self.control_name
logdata['value from'] = self.possible_values
logdata['by index'] = int_status
@@ -97,20 +97,20 @@ class control:
if type(self.control_value) == int:
status = self._map_control_status(self.control_value)
if status == None:
logdata = {}
logdata = dict()
logdata['control'] = self.control_name
logdata['inpossible values'] = self.control_value
log('E42', logdata)
return
elif type(self.control_value) == str:
if self.control_value not in self.possible_values:
logdata = {}
logdata = dict()
logdata['control'] = self.control_name
logdata['inpossible values'] = self.control_value
log('E59', logdata)
return
status = self.control_value
logdata = {}
logdata = dict()
logdata['control'] = self.control_name
logdata['status'] = status
log('D68', logdata)
@@ -120,7 +120,7 @@ class control:
with subprocess.Popen(popen_call, stdout=subprocess.PIPE) as proc:
proc.wait()
except:
logdata = {}
logdata = dict()
logdata['control'] = self.control_name
logdata['status'] = status
log('E43', logdata)

4
gpoa/frontend/appliers/envvar.py
View File

@@ -64,7 +64,7 @@ class Envvar:
def _create_action(self, create_dict, envvar_file):
lines_old = envvar_file.readlines()
lines_new = []
lines_new = list()
for name in create_dict:
exist = False
for line in lines_old:
@@ -93,7 +93,7 @@ class Envvar:
with open(self.envvar_file_path, 'r') as f:
lines = f.readlines()
else:
lines = []
lines = list()
file_changed = False
for envvar_object in self.envvars:

57
gpoa/frontend/appliers/file_cp.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2025 BaseALT Ltd.
# Copyright (C) 2019-2022 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -30,8 +30,6 @@ from util.util import get_homedir
from util.exceptions import NotUNCPathError
from util.paths import UNCPath
import fnmatch
import pwd
import grp
class Files_cp:
def __init__(self, file_obj, file_cache, exe_check, username=None):
@@ -51,8 +49,7 @@ class Files_cp:
self.suppress = str2bool(file_obj.suppress)
self.executable = str2bool(file_obj.executable)
self.username = username
self.pw = pwd.getpwnam(username) if username else None
self.fromPathFiles = []
self.fromPathFiles = list()
if self.fromPath:
if targetPath[-1] == '/' or self.is_pattern(Path(self.fromPath).name):
self.isTargetPathDirectory = True
@@ -80,7 +77,7 @@ class Files_cp:
else:
return targetPath.parent.joinpath('.' + targetPath.name)
except Exception as exc:
logdata = {}
logdata = dict()
logdata['targetPath'] = targetPath
logdata['fromFile'] = fromFile
logdata['exc'] = exc
@@ -97,7 +94,7 @@ class Files_cp:
if fromFilePath.exists():
targetFile.write_bytes(fromFilePath.read_bytes())
except Exception as exc:
logdata = {}
logdata = dict()
logdata['targetFile'] = targetFile
logdata['fromFile'] = fromFile
logdata['exc'] = exc
@@ -128,7 +125,7 @@ class Files_cp:
shutil.os.chmod(targetFile, 0o644)
def _create_action(self):
logdata = {}
logdata = dict()
for fromFile in self.fromPathFiles:
targetFile = None
@@ -137,8 +134,7 @@ class Files_cp:
if targetFile and not targetFile.exists():
self.copy_target_file(targetFile, fromFile)
if self.username:
group_name = grp.getgrgid(self.pw.pw_gid).gr_name
chown_home_path(targetFile, username=self.username, group=group_name)
shutil.chown(targetFile, self.username)
self.set_mod_file(targetFile, fromFile)
logdata['File'] = targetFile
log('D191', logdata)
@@ -153,7 +149,7 @@ class Files_cp:
list_target = [self.targetPath.name]
if self.is_pattern(self.targetPath.name) and self.targetPath.parent.exists() and self.targetPath.parent.is_dir():
list_target = fnmatch.filter([str(x.name) for x in self.targetPath.parent.iterdir() if x.is_file()], self.targetPath.name)
logdata = {}
logdata = dict()
for targetFile in list_target:
targetFile = self.targetPath.parent.joinpath(targetFile)
try:
@@ -169,15 +165,13 @@ class Files_cp:
log('D165', logdata)
def _update_action(self):
logdata = {}
logdata = dict()
for fromFile in self.fromPathFiles:
targetFile = self.get_target_file(self.targetPath, fromFile)
try:
self.copy_target_file(targetFile, fromFile)
if self.username:
shutil.chown(self.targetPath, self.username)
group_name = grp.getgrgid(self.pw.pw_gid).gr_name
chown_home_path(targetFile, username=self.username, group=group_name)
self.set_mod_file(targetFile, fromFile)
logdata['File'] = targetFile
log('D192', logdata)
@@ -206,7 +200,7 @@ class Files_cp:
return False
def get_list_files(self):
logdata = {}
logdata = dict()
logdata['targetPath'] = str(self.targetPath)
fromFilePath = Path(self.fromPath)
if not self.is_pattern(fromFilePath.name):
@@ -260,8 +254,8 @@ class Execution_check():
marker_usage_path_branch = '{}\\{}%'.format(self.__hklm_branch, self.__marker_usage_path_key_name)
self.etension_marker = storage.filter_hklm_entries(etension_marker_branch)
self.marker_usage_path = storage.filter_hklm_entries(marker_usage_path_branch)
self.list_paths = []
self.list_markers = []
self.list_paths = list()
self.list_markers = list()
for marker in self.etension_marker:
self.list_markers.append(marker.data)
for usage_path in self.marker_usage_path:
@@ -272,32 +266,3 @@ class Execution_check():
def get_list_markers(self):
return self.list_markers
def chown_home_path(path: Path, username: str, group: str) -> None:
"""
Change ownership (user and group) of the given path and all its parent
directories up to (but NOT including) the user's home directory.
If the path is not inside the user's home directory, do nothing.
:param path: Path to a file or directory.
:param user: Username to set as owner.
:param group: Group name to set as group.
"""
path = path.resolve()
home_root = Path(get_homedir(username))
# Check if the path is inside user's home directory
if home_root not in path.parents:
return # Not inside user's home - do nothing
# Walk upwards from the given path until just above home_root
current = path
while True:
if current == home_root:
break # do not change ownership of the home directory itself
shutil.chown(current, user=username, group=group)
if current.parent == current: # Safety check: reached root (/)
break
current = current.parent

4
gpoa/frontend/appliers/firewall_rule.py
View File

@@ -20,7 +20,7 @@ from enum import Enum
import subprocess
def getprops(param_list):
props = {}
props = dict()
for entry in param_list:
lentry = entry.lower()
@@ -35,7 +35,7 @@ def getprops(param_list):
def get_ports(param_list):
portlist = []
portlist = list()
for entry in param_list:
lentry = entry.lower()

5
gpoa/frontend/appliers/folder.py
View File

@@ -28,7 +28,7 @@ from util.windows import expand_windows_var
from util.util import get_homedir
def remove_dir_tree(path, delete_files=False, delete_folder=False, delete_sub_folders=False):
content = []
content = list()
for entry in path.iterdir():
content.append(entry)
if entry.is_file() and delete_files:
@@ -77,10 +77,9 @@ class Folder:
self.delete_folder,
self.delete_sub_folders)
def act(self):
if self.hidden_folder == True and str(self.folder_path.name)[0] != '.':
path_components = [*self.folder_path.parts]
path_components = list(self.folder_path.parts)
path_components[-1] = '.' + path_components[-1]
new_folder_path = Path(*path_components)
self.folder_path = new_folder_path

16
gpoa/frontend/appliers/gsettings.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2025 BaseALT Ltd.
# Copyright (C) 2019-2021 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -53,15 +53,15 @@ class system_gsettings:
__profile_data = 'user-db:user\nsystem-db:policy\nsystem-db:local\n'
def __init__(self, override_file_path):
self.gsettings = []
self.locks = []
self.gsettings = list()
self.locks = list()
self.override_file_path = override_file_path
def append(self, schema, path, data, lock, helper):
if check_existing_gsettings(schema, path):
self.gsettings.append(system_gsetting(schema, path, data, lock, helper))
else:
logdata = {}
logdata = dict()
logdata['schema'] = schema
logdata['path'] = path
logdata['data'] = data
@@ -72,7 +72,7 @@ class system_gsettings:
config = configparser.ConfigParser()
for gsetting in self.gsettings:
logdata = {}
logdata = dict()
logdata['gsetting.schema'] = gsetting.schema
logdata['gsetting.path'] = gsetting.path
logdata['gsetting.value'] = gsetting.value
@@ -132,13 +132,13 @@ def check_existing_gsettings (schema, path):
class user_gsettings:
def __init__(self):
self.gsettings = []
self.gsettings = list()
def append(self, schema, path, value, helper=None):
if check_existing_gsettings(schema, path):
self.gsettings.append(user_gsetting(schema, path, value, helper))
else:
logdata = {}
logdata = dict()
logdata['schema'] = schema
logdata['path'] = path
logdata['data'] = value
@@ -146,7 +146,7 @@ class user_gsettings:
def apply(self):
for gsetting in self.gsettings:
logdata = {}
logdata = dict()
logdata['gsetting.schema'] = gsetting.schema
logdata['gsetting.path'] = gsetting.path
logdata['gsetting.value'] = gsetting.value

4
gpoa/frontend/appliers/ini_file.py
View File

@@ -54,7 +54,7 @@ class Ini_file:
if self.path.is_dir():
return
if self.section not in self.config:
self.config[self.section] = {}
self.config[self.section] = dict()
self.config[self.section][self.key] = self.value
self.config.write()
@@ -85,7 +85,7 @@ class Ini_file:
if self.action == FileAction.REPLACE:
self._create_action()
except Exception as exc:
logdata = {}
logdata = dict()
logdata['action'] = self.action
logdata['exc'] = exc
log('W23', logdata)

4
gpoa/frontend/appliers/netshare.py
View File

@@ -31,7 +31,7 @@ class Networkshare:
def __init__(self, networkshare_obj, username = None):
self.net_full_cmd = ['/usr/bin/net', 'usershare']
self.net_cmd_check = ['/usr/bin/net', 'usershare', 'list']
self.cmd = []
self.cmd = list()
self.name = networkshare_obj.name
self.path = expand_windows_var(networkshare_obj.path, username).replace('\\', '/') if networkshare_obj.path else None
@@ -52,7 +52,7 @@ class Networkshare:
return exc
def _run_net_full_cmd(self):
logdata = {}
logdata = dict()
try:
res = subprocess.check_output(self.net_full_cmd, stderr=subprocess.DEVNULL, encoding='utf-8')
if res:

5
gpoa/frontend/appliers/polkit.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2025 BaseALT Ltd.
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -50,7 +50,6 @@ class polkit:
if os.path.isfile(self.outfile):
os.remove(self.outfile)
return
logdata = {}
try:
template = self.__template_environment.get_template(self.infilename)
text = template.render(**self.args)
@@ -58,10 +57,12 @@ class polkit:
with open(self.outfile, 'w') as f:
f.write(text)
logdata = dict()
logdata['file'] = self.outfile
logdata['arguments'] = self.args
log('D77', logdata)
except Exception as exc:
logdata = dict()
logdata['file'] = self.outfile
logdata['arguments'] = self.args
log('E44', logdata)

17
gpoa/frontend/appliers/systemd.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2025 BaseALT Ltd.
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -34,7 +34,6 @@ class systemd_unit:
self.unit_properties = dbus.Interface(self.unit_proxy, dbus_interface='org.freedesktop.DBus.Properties')
def apply(self):
logdata = {'unit': self.unit_name}
if self.desired_state == 1:
self.manager.UnmaskUnitFiles([self.unit_name], dbus.Boolean(False))
self.manager.EnableUnitFiles([self.unit_name], dbus.Boolean(False), dbus.Boolean(True))
@@ -42,6 +41,8 @@ class systemd_unit:
if self.manager.GetUnitFileState(dbus.String(self.unit_name)) == 'enabled':
return
self.manager.StartUnit(self.unit_name, 'replace')
logdata = dict()
logdata['unit'] = self.unit_name
log('I6', logdata)
# In case the service has 'RestartSec' property set it
@@ -49,21 +50,27 @@ class systemd_unit:
# 'active' so we consider 'activating' a valid state too.
service_state = self._get_state()
if service_state not in ('active', 'activating'):
if not service_state in ['active', 'activating']:
service_timer_name = self.unit_name.replace(".service", ".timer")
self.unit = self.manager.LoadUnit(dbus.String(service_timer_name))
service_state = self._get_state()
if service_state not in ('active', 'activating'):
if not service_state in ['active', 'activating']:
logdata = dict()
logdata['unit'] = self.unit_name
log('E46', logdata)
else:
self.manager.StopUnit(self.unit_name, 'replace')
self.manager.DisableUnitFiles([self.unit_name], dbus.Boolean(False))
self.manager.MaskUnitFiles([self.unit_name], dbus.Boolean(False), dbus.Boolean(True))
logdata = dict()
logdata['unit'] = self.unit_name
log('I6', logdata)
service_state = self._get_state()
if service_state not in ('stopped', 'deactivating', 'inactive'):
if not service_state in ['stopped', 'deactivating', 'inactive']:
logdata = dict()
logdata['unit'] = self.unit_name
log('E46', logdata)
def _get_state(self):

15
gpoa/frontend/chromium_applier.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2025 BaseALT Ltd.
# Copyright (C) 2019-2024 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -34,13 +34,14 @@ class chromium_applier(applier_frontend):
__managed_policies_path = '/etc/chromium/policies/managed'
__recommended_policies_path = '/etc/chromium/policies/recommended'
def __init__(self, storage, username):
def __init__(self, storage, sid, username):
self.storage = storage
self.sid = sid
self.username = username
self._is_machine_name = is_machine_name(self.username)
self.chromium_keys = self.storage.filter_hklm_entries(self.__registry_branch)
self.policies_json = {}
self.policies_json = dict()
self.__module_enabled = check_enabled(
self.storage
@@ -68,7 +69,7 @@ class chromium_applier(applier_frontend):
os.makedirs(self.__managed_policies_path, exist_ok=True)
with open(destfile, 'w') as f:
json.dump(dict_item_to_list(self.policies_json), f)
logdata = {}
logdata = dict()
logdata['destfile'] = destfile
log('D97', logdata)
@@ -76,7 +77,7 @@ class chromium_applier(applier_frontend):
os.makedirs(self.__recommended_policies_path, exist_ok=True)
with open(destfilerec, 'w') as f:
json.dump(dict_item_to_list(recommended__json), f)
logdata = {}
logdata = dict()
logdata['destfilerec'] = destfilerec
log('D97', logdata)
@@ -183,7 +184,7 @@ class chromium_applier(applier_frontend):
'''
Collect dictionaries from registry keys into a general dictionary
'''
counts = {}
counts = dict()
#getting the list of keys to read as an integer
valuename_typeint = self.get_valuename_typeint()
for it_data in chromium_keys:
@@ -211,7 +212,7 @@ class chromium_applier(applier_frontend):
branch[parts[-1]] = str(it_data.data).replace('\\', '/')
except Exception as exc:
logdata = {}
logdata = dict()
logdata['Exception'] = exc
logdata['keyname'] = it_data.keyname
log('D178', logdata)

79
gpoa/frontend/cifs_applier.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2025 BaseALT Ltd.
# Copyright (C) 2019-2022 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -18,7 +18,6 @@
import jinja2
import os
import pwd
import subprocess
from pathlib import Path
import string
@@ -27,12 +26,12 @@ from .applier_frontend import (
applier_frontend
, check_enabled
)
from util.util import get_homedir, get_uid_by_username, get_machine_name
from util.util import get_homedir, get_uid_by_username
from util.logging import log
def storage_get_drives(storage):
drives = storage.get_drives()
drive_list = []
def storage_get_drives(storage, sid):
drives = storage.get_drives(sid)
drive_list = list()
for drv_obj in drives:
drive_list.append(drv_obj)
@@ -65,7 +64,7 @@ def remove_escaped_quotes(input_string):
class Drive_list:
__alphabet = string.ascii_uppercase
def __init__(self):
self.dict_drives = {}
self.dict_drives = dict()
def __get_letter(self, letter):
slice_letters = set(self.__alphabet[self.__alphabet.find(letter) + 1:]) - set(self.dict_drives.keys())
@@ -125,28 +124,14 @@ class cifs_applier(applier_frontend):
__module_name = 'CIFSApplier'
__module_enabled = True
__module_experimental = False
__dir4clean = '/etc/auto.master.gpupdate.d'
def __init__(self, storage):
self.clear_directory_auto_dir()
self.applier_cifs = cifs_applier_user(storage, None)
def __init__(self, storage, sid):
self.applier_cifs = cifs_applier_user(storage, sid, None)
self.__module_enabled = check_enabled(
storage
, self.__module_name
, self.__module_experimental
)
def clear_directory_auto_dir(self):
path = Path(self.__dir4clean)
if not path.exists():
return
for item in path.iterdir():
try:
if item.is_file() or item.is_symlink():
item.unlink()
except Exception as exc:
log('W37', {'exc': exc})
log('D231')
def apply(self):
if self.__module_enabled:
@@ -176,7 +161,6 @@ class cifs_applier_user(applier_frontend):
__key_link_prefix_user = 'DriveMapsHomeDisableNetUser'
__timeout_user_key = '/Software/BaseALT/Policies/GPUpdate/TimeoutAutofsUser'
__timeout_key = '/Software/BaseALT/Policies/GPUpdate/TimeoutAutofs'
__cifsacl_key = '/Software/BaseALT/Policies/GPUpdate/CifsaclDisable'
__target_mountpoint = '/media/gpupdate'
__target_mountpoint_user = '/run/media'
__mountpoint_dirname = 'drives.system'
@@ -187,8 +171,9 @@ class cifs_applier_user(applier_frontend):
__name_value = 'DriveMapsName'
__name_value_user = 'DriveMapsNameUser'
def __init__(self, storage, username):
def __init__(self, storage, sid, username):
self.storage = storage
self.sid = sid
self.username = username
self.state_home_link = False
self.state_home_link_user = False
@@ -211,10 +196,10 @@ class cifs_applier_user(applier_frontend):
self.__mountpoint_dirname = dirname_system_from_machine if dirname_system_from_machine else self.__mountpoint_dirname
mntTarget = self.__mountpoint_dirname_user
self.keys_cifs_previous_values_user = self.dict_registry_user.get(self.__key_cifs_previous_value,{})
self.keys_cifs_values_user = self.dict_registry_user.get(name_dir,{})
self.keys_the_preferences_previous_values_user = self.dict_registry_user.get((self.__key_preferences_previous+self.username),{}).get('Drives', {})
self.keys_the_preferences_values_user = self.dict_registry_user.get((self.__key_preferences+self.username),{}).get('Drives', {})
self.keys_cifs_previous_values_user = self.dict_registry_user.get(self.__key_cifs_previous_value,dict())
self.keys_cifs_values_user = self.dict_registry_user.get(name_dir,dict())
self.keys_the_preferences_previous_values_user = self.dict_registry_user.get((self.__key_preferences_previous+self.username),dict()).get('Drives', dict())
self.keys_the_preferences_values_user = self.dict_registry_user.get((self.__key_preferences+self.username),dict()).get('Drives', dict())
else:
self.home = self.__target_mountpoint
@@ -223,19 +208,17 @@ class cifs_applier_user(applier_frontend):
self.__mountpoint_dirname = dirname_system.data if dirname_system and dirname_system.data else self.__mountpoint_dirname
mntTarget = self.__mountpoint_dirname
self.keys_cifs_previous_values_machine = self.dict_registry_machine.get(self.__key_cifs_previous_value,{})
self.keys_cifs_values_machine = self.dict_registry_machine.get(name_dir,{})
self.keys_the_preferences_previous_values = self.dict_registry_machine.get((self.__key_preferences_previous+'Machine'),{}).get('Drives', {})
self.keys_the_preferences_values = self.dict_registry_machine.get((self.__key_preferences+'Machine'),{}).get('Drives', {})
self.cifsacl_disable = self.storage.get_entry(self.__cifsacl_key, preg=False)
self.keys_cifs_previous_values_machine = self.dict_registry_machine.get(self.__key_cifs_previous_value,dict())
self.keys_cifs_values_machine = self.dict_registry_machine.get(name_dir,dict())
self.keys_the_preferences_previous_values = self.dict_registry_machine.get((self.__key_preferences_previous+'Machine'),dict()).get('Drives', dict())
self.keys_the_preferences_values = self.dict_registry_machine.get((self.__key_preferences+'Machine'),dict()).get('Drives', dict())
self.mntTarget = mntTarget.translate(str.maketrans({" ": r"\ "}))
file_name = username if username else get_machine_name()
conf_file = '{}.conf'.format(file_name)
conf_hide_file = '{}_hide.conf'.format(file_name)
autofs_file = '{}.autofs'.format(file_name)
autofs_hide_file = '{}_hide.autofs'.format(file_name)
cred_file = '{}.creds'.format(file_name)
conf_file = '{}.conf'.format(sid)
conf_hide_file = '{}_hide.conf'.format(sid)
autofs_file = '{}.autofs'.format(sid)
autofs_hide_file = '{}_hide.autofs'.format(sid)
cred_file = '{}.creds'.format(sid)
self.auto_master_d = Path(self.__auto_dir)
@@ -255,7 +238,7 @@ class cifs_applier_user(applier_frontend):
self.mount_dir = Path(os.path.join(self.home))
self.drives = storage_get_drives(self.storage)
self.drives = storage_get_drives(self.storage, self.sid)
self.template_loader = jinja2.FileSystemLoader(searchpath=self.__template_path)
self.template_env = jinja2.Environment(loader=self.template_loader)
@@ -299,10 +282,6 @@ class cifs_applier_user(applier_frontend):
self.auto_master_d.mkdir(parents=True, exist_ok=True)
# Create user's destination mount directory
self.mount_dir.mkdir(parents=True, exist_ok=True)
uid = pwd.getpwnam(self.username).pw_uid if self.username else None
if uid:
os.chown(self.mount_dir, uid=uid, gid=-1)
self.mount_dir.chmod(0o700)
# Add pointer to /etc/auto.master.gpiupdate.d in /etc/auto.master
auto_destdir = '+dir:{}'.format(self.__auto_dir)
@@ -311,7 +290,7 @@ class cifs_applier_user(applier_frontend):
# Collect data for drive settings
drive_list = Drive_list()
for drv in self.drives:
drive_settings = {}
drive_settings = dict()
drive_settings['dir'] = drv.dir
drive_settings['login'] = drv.login
drive_settings['password'] = drv.password
@@ -322,13 +301,11 @@ class cifs_applier_user(applier_frontend):
drive_settings['label'] = remove_escaped_quotes(drv.label)
drive_settings['persistent'] = drv.persistent
drive_settings['useLetter'] = drv.useLetter
drive_settings['username'] = self.username
drive_settings['cifsacl'] = False if self.cifsacl_disable else True
drive_list.append(drive_settings)
if drive_list.len() > 0:
mount_settings = {}
mount_settings = dict()
mount_settings['drives'] = drive_list()
mount_text = self.template_mountpoints.render(**mount_settings)
@@ -344,7 +321,7 @@ class cifs_applier_user(applier_frontend):
f.write(mount_text_hide)
f.flush()
autofs_settings = {}
autofs_settings = dict()
autofs_settings['home_dir'] = self.home
autofs_settings['mntTarget'] = self.mntTarget
autofs_settings['mount_file'] = self.user_config.resolve()
@@ -468,6 +445,8 @@ class cifs_applier_user(applier_frontend):
self.unlink_symlink(dMachineHide)
def admin_context_apply(self):
if self.__module_enabled:
log('D146')

16
gpoa/frontend/control_applier.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2025 BaseALT Ltd.
# Copyright (C) 2019-2024 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -33,7 +33,7 @@ class control_applier(applier_frontend):
def __init__(self, storage):
self.storage = storage
self.control_settings = self.storage.filter_hklm_entries(self._registry_branch)
self.controls = []
self.controls = list()
self.__module_enabled = check_enabled(
self.storage
, self.__module_name
@@ -45,7 +45,9 @@ class control_applier(applier_frontend):
valuename = setting.hive_key.rpartition('/')[2]
try:
self.controls.append(control(valuename, int(setting.data)))
logdata = {'control': valuename, 'value': setting.data}
logdata = dict()
logdata['control'] = valuename
logdata['value'] = setting.data
log('I3', logdata)
except ValueError as exc:
try:
@@ -55,10 +57,14 @@ class control_applier(applier_frontend):
log('I3', logdata)
continue
self.controls.append(ctl)
logdata = {'control': valuename, 'with string value': setting.data}
logdata = dict()
logdata['control'] = valuename
logdata['with string value'] = setting.data
log('I3', logdata)
except Exception as exc:
logdata = {'control': valuename, 'exc': exc}
logdata = dict()
logdata['control'] = valuename
logdata['exc'] = exc
log('E39', logdata)
#for e in polfile.pol_file.entries:
# print('{}:{}:{}:{}:{}'.format(e.type, e.data, e.valuename, e.keyname))

26
gpoa/frontend/cups_applier.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2025 BaseALT Ltd.
# Copyright (C) 2019-2024 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -26,12 +26,12 @@ from gpt.printers import json2printer
from util.rpm import is_rpm_installed
from util.logging import log
def storage_get_printers(storage):
def storage_get_printers(storage, sid):
'''
Query printers configuration from storage
'''
printer_objs = storage.get_printers()
printers = []
printer_objs = storage.get_printers(sid)
printers = list()
for prnj in printer_objs:
printers.append(prnj)
@@ -62,8 +62,8 @@ def connect_printer(connection, prn):
class cups_applier(applier_frontend):
__module_name = 'CUPSApplier'
__module_experimental = False
__module_enabled = True
__module_experimental = True
__module_enabled = False
def __init__(self, storage):
self.storage = storage
@@ -80,9 +80,10 @@ class cups_applier(applier_frontend):
try:
self.cups_connection = cups.Connection()
except Exception as exc:
logdata = {'exc': exc}
logdata = dict()
logdata['exc', exc]
log('W20', logdata)
self.printers = storage_get_printers(self.storage)
self.printers = storage_get_printers(self.storage, self.storage.get_info('machine_sid'))
if self.printers:
for prn in self.printers:
@@ -100,11 +101,12 @@ class cups_applier(applier_frontend):
class cups_applier_user(applier_frontend):
__module_name = 'CUPSApplierUser'
__module_experimental = False
__module_enabled = True
__module_experimental = True
__module_enabled = False
def __init__(self, storage, username):
def __init__(self, storage, sid, username):
self.storage = storage
self.sid = sid
self.username = username
self.__module_enabled = check_enabled(
self.storage
@@ -125,7 +127,7 @@ class cups_applier_user(applier_frontend):
return
self.cups_connection = cups.Connection()
self.printers = storage_get_printers(self.storage)
self.printers = storage_get_printers(self.storage, self.sid)
if self.printers:
for prn in self.printers:

12
gpoa/frontend/envvar_applier.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2025 BaseALT Ltd.
# Copyright (C) 2019-2024 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -29,9 +29,10 @@ class envvar_applier(applier_frontend):
__module_experimental = False
__module_enabled = True
def __init__(self, storage):
def __init__(self, storage, sid):
self.storage = storage
self.envvars = self.storage.get_envvars()
self.sid = sid
self.envvars = self.storage.get_envvars(self.sid)
Envvar.clear_envvar_file()
self.__module_enabled = check_enabled(self.storage, self.__module_name, self.__module_experimental)
@@ -48,10 +49,11 @@ class envvar_applier_user(applier_frontend):
__module_experimental = False
__module_enabled = True
def __init__(self, storage, username):
def __init__(self, storage, sid, username):
self.storage = storage
self.sid = sid
self.username = username
self.envvars = self.storage.get_envvars()
self.envvars = self.storage.get_envvars(self.sid)
Envvar.clear_envvar_file(username)
self.__module_enabled = check_enabled(self.storage, self.__module_name, self.__module_experimental)

20
gpoa/frontend/file_applier.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2025 BaseALT Ltd.
# Copyright (C) 2019-2022 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -28,14 +28,15 @@ from util.logging import log
class file_applier(applier_frontend):
__module_name = 'FilesApplier'
__module_experimental = False
__module_enabled = True
__module_experimental = True
__module_enabled = False
def __init__(self, storage, file_cache):
def __init__(self, storage, file_cache, sid):
self.storage = storage
self.exe_check = Execution_check(storage)
self.sid = sid
self.file_cache = file_cache
self.files = self.storage.get_files()
self.files = self.storage.get_files(self.sid)
self.__module_enabled = check_enabled(self.storage, self.__module_name, self.__module_experimental)
def run(self):
@@ -51,15 +52,16 @@ class file_applier(applier_frontend):
class file_applier_user(applier_frontend):
__module_name = 'FilesApplierUser'
__module_experimental = False
__module_enabled = True
__module_experimental = True
__module_enabled = False
def __init__(self, storage, file_cache, username):
def __init__(self, storage, file_cache, sid, username):
self.storage = storage
self.file_cache = file_cache
self.sid = sid
self.username = username
self.exe_check = Execution_check(storage)
self.files = self.storage.get_files()
self.files = self.storage.get_files(self.sid)
self.__module_enabled = check_enabled(
self.storage
, self.__module_name

26
gpoa/frontend/firefox_applier.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2025 BaseALT Ltd.
# Copyright (C) 2019-2024 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -42,14 +42,15 @@ class firefox_applier(applier_frontend):
__registry_branch = 'Software/Policies/Mozilla/Firefox'
__firefox_policies = '/etc/firefox/policies'
def __init__(self, storage, username):
def __init__(self, storage, sid, username):
self.storage = storage
self.sid = sid
self.username = username
self._is_machine_name = is_machine_name(self.username)
self.policies = {}
self.policies_json = {'policies': self.policies}
self.policies = dict()
self.policies_json = dict({ 'policies': self.policies })
self.firefox_keys = self.storage.filter_hklm_entries(self.__registry_branch)
self.policies_gen = {}
self.policies_gen = dict()
self.__module_enabled = check_enabled(
self.storage
, self.__module_name
@@ -68,7 +69,8 @@ class firefox_applier(applier_frontend):
os.makedirs(self.__firefox_policies, exist_ok=True)
with open(destfile, 'w') as f:
json.dump(self.policies_json, f)
logdata = {'destfile': destfile}
logdata = dict()
logdata['destfile'] = destfile
log('D91', logdata)
def apply(self):
@@ -110,13 +112,13 @@ def clean_data_firefox(data):
def create_dict(firefox_keys, registry_branch, excp=[]):
def create_dict(firefox_keys, registry_branch, excp=list()):
'''
Collect dictionaries from registry keys into a general dictionary
'''
get_boolean = lambda data: data in ['1', 'true', 'True', True, 1] if isinstance(data, (str, int)) else False
get_boolean = lambda data: data in ['0', 'false', None, 'none', 0] if isinstance(data, (str, int)) else False
get_parts = lambda hivekey, registry: hivekey.replace(registry, '').split('/')
counts = {}
counts = dict()
for it_data in firefox_keys:
branch = counts
try:
@@ -151,7 +153,7 @@ def create_dict(firefox_keys, registry_branch, excp=[]):
for part in parts[:-1]:
branch = branch.setdefault(part, {})
if branch.get(parts[-1]) is None:
branch[parts[-1]] = []
branch[parts[-1]] = list()
if it_data.type == 4:
branch[parts[-1]].append(get_boolean(it_data.data))
else:
@@ -160,7 +162,9 @@ def create_dict(firefox_keys, registry_branch, excp=[]):
else:
branch[parts[-1]].append(str(it_data.data))
except Exception as exc:
logdata = {'Exception': exc, 'keyname': it_data.keyname}
logdata = dict()
logdata['Exception'] = exc
logdata['keyname'] = it_data.keyname
log('W14', logdata)
return {'policies': dict_item_to_list(counts)}

12
gpoa/frontend/folder_applier.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2025 BaseALT Ltd.
# Copyright (C) 2019-2024 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -31,9 +31,10 @@ class folder_applier(applier_frontend):
__module_experimental = False
__module_enabled = True
def __init__(self, storage):
def __init__(self, storage, sid):
self.storage = storage
self.folders = self.storage.get_folders()
self.sid = sid
self.folders = self.storage.get_folders(self.sid)
self.__module_enabled = check_enabled(self.storage, self.__module_name, self.__module_experimental)
def apply(self):
@@ -56,10 +57,11 @@ class folder_applier_user(applier_frontend):
__module_experimental = False
__module_enabled = True
def __init__(self, storage, username):
def __init__(self, storage, sid, username):
self.storage = storage
self.sid = sid
self.username = username
self.folders = self.storage.get_folders()
self.folders = self.storage.get_folders(self.sid)
self.__module_enabled = check_enabled(
self.storage
, self.__module_name

81
gpoa/frontend/frontend_manager.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2025 BaseALT Ltd.
# Copyright (C) 2019-2024 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -73,11 +73,11 @@ from .kde_applier import (
kde_applier
, kde_applier_user
)
from .laps_applier import laps_applier
from .networkshare_applier import networkshare_applier
from .yandex_browser_applier import yandex_browser_applier
from util.sid import get_sid
from util.users import (
is_root,
get_process_user,
@@ -96,15 +96,16 @@ def determine_username(username=None):
# If username is not set then it will be the name
# of process owner.
logdata = {'username': name}
if not username:
name = get_process_user()
logdata = dict({'username': name})
log('D2', logdata)
if not username_match_uid(name):
if not is_root():
raise Exception('Current process UID does not match specified username')
logdata = dict({'username': name})
log('D15', logdata)
return name
@@ -116,7 +117,9 @@ def apply_user_context(user_appliers):
try:
applier_object.user_context_apply()
except Exception as exc:
logdata = {'applier': applier_name, 'exception': str(exc)}
logdata = dict()
logdata['applier'] = applier_name
logdata['exception'] = str(exc)
log('E20', logdata)
class frontend_manager:
@@ -130,6 +133,7 @@ class frontend_manager:
self.storage = registry_factory('dconf', username=self.username)
self.is_machine = is_machine
self.process_uname = get_process_user()
self.sid = get_sid(self.storage.get_info('domain'), self.username, is_machine)
self.file_cache = fs_file_cache('file_cache', self.username)
self.machine_appliers = dict()
@@ -140,52 +144,55 @@ class frontend_manager:
self._init_user_appliers()
def _init_machine_appliers(self):
self.machine_appliers['laps_applier'] = laps_applier(self.storage)
self.machine_appliers['control'] = control_applier(self.storage)
self.machine_appliers['polkit'] = polkit_applier(self.storage)
self.machine_appliers['systemd'] = systemd_applier(self.storage)
self.machine_appliers['firefox'] = firefox_applier(self.storage, self.username)
self.machine_appliers['thunderbird'] = thunderbird_applier(self.storage, self.username)
self.machine_appliers['chromium'] = chromium_applier(self.storage, self.username)
self.machine_appliers['yandex_browser'] = yandex_browser_applier(self.storage, self.username)
self.machine_appliers['firefox'] = firefox_applier(self.storage, self.sid, self.username)
self.machine_appliers['thunderbird'] = thunderbird_applier(self.storage, self.sid, self.username)
self.machine_appliers['chromium'] = chromium_applier(self.storage, self.sid, self.username)
self.machine_appliers['yandex_browser'] = yandex_browser_applier(self.storage, self.sid, self.username)
self.machine_appliers['shortcuts'] = shortcut_applier(self.storage)
self.machine_appliers['gsettings'] = gsettings_applier(self.storage, self.file_cache)
try:
self.machine_appliers['cifs'] = cifs_applier(self.storage)
self.machine_appliers['cifs'] = cifs_applier(self.storage, self.sid)
except Exception as exc:
logdata = {'applier_name': 'cifs', 'msg': str(exc)}
logdata = dict()
logdata['applier_name'] = 'cifs'
logdata['msg'] = str(exc)
log('E24', logdata)
self.machine_appliers['cups'] = cups_applier(self.storage)
self.machine_appliers['firewall'] = firewall_applier(self.storage)
self.machine_appliers['folders'] = folder_applier(self.storage)
self.machine_appliers['folders'] = folder_applier(self.storage, self.sid)
self.machine_appliers['ntp'] = ntp_applier(self.storage)
self.machine_appliers['envvar'] = envvar_applier(self.storage)
self.machine_appliers['networkshare'] = networkshare_applier(self.storage)
self.machine_appliers['scripts'] = scripts_applier(self.storage)
self.machine_appliers['files'] = file_applier(self.storage, self.file_cache)
self.machine_appliers['ini'] = ini_applier(self.storage)
self.machine_appliers['envvar'] = envvar_applier(self.storage, self.sid)
self.machine_appliers['networkshare'] = networkshare_applier(self.storage, self.sid)
self.machine_appliers['scripts'] = scripts_applier(self.storage, self.sid)
self.machine_appliers['files'] = file_applier(self.storage, self.file_cache, self.sid)
self.machine_appliers['ini'] = ini_applier(self.storage, self.sid)
self.machine_appliers['kde'] = kde_applier(self.storage)
self.machine_appliers['package'] = package_applier(self.storage)
def _init_user_appliers(self):
# User appliers are expected to work with user-writable
# files and settings, mostly in $HOME.
self.user_appliers['shortcuts'] = shortcut_applier_user(self.storage, self.username)
self.user_appliers['folders'] = folder_applier_user(self.storage, self.username)
self.user_appliers['gsettings'] = gsettings_applier_user(self.storage, self.file_cache, self.username)
self.user_appliers['shortcuts'] = shortcut_applier_user(self.storage, self.sid, self.username)
self.user_appliers['folders'] = folder_applier_user(self.storage, self.sid, self.username)
self.user_appliers['gsettings'] = gsettings_applier_user(self.storage, self.file_cache, self.sid, self.username)
try:
self.user_appliers['cifs'] = cifs_applier_user(self.storage, self.username)
self.user_appliers['cifs'] = cifs_applier_user(self.storage, self.sid, self.username)
except Exception as exc:
logdata = {'applier_name': 'cifs', 'msg': str(exc)}
logdata = dict()
logdata['applier_name'] = 'cifs'
logdata['msg'] = str(exc)
log('E25', logdata)
self.user_appliers['polkit'] = polkit_applier_user(self.storage, self.username)
self.user_appliers['envvar'] = envvar_applier_user(self.storage, self.username)
self.user_appliers['networkshare'] = networkshare_applier(self.storage, self.username)
self.user_appliers['scripts'] = scripts_applier_user(self.storage, self.username)
self.user_appliers['files'] = file_applier_user(self.storage, self.file_cache, self.username)
self.user_appliers['ini'] = ini_applier_user(self.storage, self.username)
self.user_appliers['kde'] = kde_applier_user(self.storage, self.username, self.file_cache)
self.user_appliers['package'] = package_applier_user(self.storage, self.username)
self.user_appliers['polkit'] = polkit_applier_user(self.storage, self.sid, self.username)
self.user_appliers['envvar'] = envvar_applier_user(self.storage, self.sid, self.username)
self.user_appliers['networkshare'] = networkshare_applier(self.storage, self.sid, self.username)
self.user_appliers['scripts'] = scripts_applier_user(self.storage, self.sid, self.username)
self.user_appliers['files'] = file_applier_user(self.storage, self.file_cache, self.sid, self.username)
self.user_appliers['ini'] = ini_applier_user(self.storage, self.sid, self.username)
self.user_appliers['kde'] = kde_applier_user(self.storage, self.sid, self.username, self.file_cache)
self.user_appliers['package'] = package_applier_user(self.storage, self.sid, self.username)
def machine_apply(self):
'''
@@ -200,7 +207,9 @@ class frontend_manager:
try:
applier_object.apply()
except Exception as exc:
logdata = {'applier_name': applier_name, 'msg': str(exc)}
logdata = dict()
logdata['applier_name'] = applier_name
logdata['msg'] = str(exc)
log('E24', logdata)
def user_apply(self):
@@ -212,20 +221,24 @@ class frontend_manager:
try:
applier_object.admin_context_apply()
except Exception as exc:
logdata = {'applier': applier_name, 'exception': str(exc)}
logdata = dict()
logdata['applier'] = applier_name
logdata['exception'] = str(exc)
log('E19', logdata)
try:
with_privileges(self.username, lambda: apply_user_context(self.user_appliers))
except Exception as exc:
logdata = {'username': self.username, 'exception': str(exc)}
logdata = dict()
logdata['username'] = self.username
logdata['exception'] = str(exc)
log('E30', logdata)
else:
for applier_name, applier_object in self.user_appliers.items():
try:
applier_object.user_context_apply()
except Exception as exc:
logdata = {'applier_name': applier_name, 'message': str(exc)}
logdata = dict({'applier_name': applier_name, 'message': str(exc)})
log('E11', logdata)
def apply_parameters(self):

39
gpoa/frontend/gsettings_applier.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2025 BaseALT Ltd.
# Copyright (C) 2019-2024 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -40,7 +40,10 @@ def uri_fetch(schema, path, value, cache):
Function to fetch and cache uri
'''
retval = value
logdata = {'schema': schema, 'path': path, 'src': value}
logdata = dict()
logdata['schema'] = schema
logdata['path'] = path
logdata['src'] = value
try:
retval = cache.get(value)
if not retval:
@@ -75,7 +78,7 @@ class gsettings_applier(applier_frontend):
self.override_file = os.path.join(self.__global_schema, self.__override_priority_file)
self.override_old_file = os.path.join(self.__global_schema, self.__override_old_file)
self.gsettings = system_gsettings(self.override_file)
self.locks = {}
self.locks = dict()
self.__module_enabled = check_enabled(
self.storage
, self.__module_name
@@ -86,7 +89,8 @@ class gsettings_applier(applier_frontend):
try:
self.file_cache.store(data)
except Exception as exc:
logdata = {'exception': str(exc)}
logdata = dict()
logdata['exception'] = str(exc)
log('D145', logdata)
def uri_fetch_helper(self, schema, path, value):
@@ -154,9 +158,10 @@ class GSettingsMapping:
self.gsettings_schema_key = self.schema.get_key(self.gsettings_key)
self.gsettings_type = self.gsettings_schema_key.get_value_type()
except Exception as exc:
logdata = {'hive_key': self.hive_key,
'gsettings_schema': self.gsettings_schema,
'gsettings_key': self.gsettings_key}
logdata = dict()
logdata['hive_key'] = self.hive_key
logdata['gsettings_schema'] = self.gsettings_schema
logdata['gsettings_key'] = self.gsettings_key
log('W6', logdata)
def preg2gsettings(self):
@@ -180,18 +185,19 @@ class gsettings_applier_user(applier_frontend):
__wallpaper_entry = 'Software/BaseALT/Policies/gsettings/org.mate.background.picture-filename'
__vino_authentication_methods_entry = 'Software/BaseALT/Policies/gsettings/org.gnome.Vino.authentication-methods'
def __init__(self, storage, file_cache, username):
def __init__(self, storage, file_cache, sid, username):
self.storage = storage
self.file_cache = file_cache
self.sid = sid
self.username = username
gsettings_filter = '{}%'.format(self.__registry_branch)
self.gsettings_keys = self.storage.filter_hkcu_entries(gsettings_filter)
self.gsettings_keys = self.storage.filter_hkcu_entries(self.sid, gsettings_filter)
self.gsettings = user_gsettings()
self.__module_enabled = check_enabled(self.storage, self.__module_name, self.__module_experimental)
self.__windows_mapping_enabled = check_windows_mapping_enabled(self.storage)
self.__windows_settings = {}
self.windows_settings = []
self.__windows_settings = dict()
self.windows_settings = list()
mapping = [
# Disable or enable screen saver
GSettingsMapping(
@@ -226,9 +232,11 @@ class gsettings_applier_user(applier_frontend):
def windows_mapping_append(self):
for setting_key in self.__windows_settings.keys():
value = self.storage.get_hkcu_entry(setting_key)
value = self.storage.get_hkcu_entry(self.sid, setting_key)
if value:
logdata = {'setting_key': setting_key, 'value.data': value.data}
logdata = dict()
logdata['setting_key'] = setting_key
logdata['value.data'] = value.data
log('D86', logdata)
mapping = self.__windows_settings[setting_key]
try:
@@ -272,13 +280,14 @@ class gsettings_applier_user(applier_frontend):
# Cache files on remote locations
try:
entry = self.__wallpaper_entry
filter_result = self.storage.get_hkcu_entry(entry)
filter_result = self.storage.get_hkcu_entry(self.sid, entry)
if filter_result and filter_result.data:
self.file_cache.store(filter_result.data)
except NotUNCPathError:
...
except Exception as exc:
logdata = {'exception': str(exc)}
logdata = dict()
logdata['exception'] = str(exc)
log('E50', logdata)

20
gpoa/frontend/ini_applier.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2025 BaseALT Ltd.
# Copyright (C) 2019-2024 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -26,12 +26,13 @@ from util.logging import log
class ini_applier(applier_frontend):
__module_name = 'InifilesApplier'
__module_experimental = False
__module_enabled = True
__module_experimental = True
__module_enabled = False
def __init__(self, storage):
def __init__(self, storage, sid):
self.storage = storage
self.inifiles_info = self.storage.get_ini()
self.sid = sid
self.inifiles_info = self.storage.get_ini(self.sid)
self.__module_enabled = check_enabled(self.storage, self.__module_name, self.__module_experimental)
def run(self):
@@ -47,13 +48,14 @@ class ini_applier(applier_frontend):
class ini_applier_user(applier_frontend):
__module_name = 'InifilesApplierUser'
__module_experimental = False
__module_enabled = True
__module_experimental = True
__module_enabled = False
def __init__(self, storage, username):
def __init__(self, storage, sid, username):
self.sid = sid
self.username = username
self.storage = storage
self.inifiles_info = self.storage.get_ini()
self.inifiles_info = self.storage.get_ini(self.sid)
self.__module_enabled = check_enabled(
self.storage
, self.__module_name

93
gpoa/frontend/kde_applier.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2025 BaseALT Ltd.
# Copyright (C) 2019-2024 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -24,7 +24,6 @@ import os
import subprocess
import re
import dbus
import shutil
class kde_applier(applier_frontend):
__module_name = 'KdeApplier'
@@ -62,25 +61,24 @@ class kde_applier_user(applier_frontend):
__module_name = 'KdeApplierUser'
__module_experimental = True
__module_enabled = False
kde_version = None
__hkcu_branch = 'Software/BaseALT/Policies/KDE'
__hkcu_lock_branch = 'Software/BaseALT/Policies/KDELocks'
__plasma_update_entry = 'Software/BaseALT/Policies/KDE/Plasma/Update'
def __init__(self, storage, username=None, file_cache = None):
def __init__(self, storage, sid=None, username=None, file_cache = None):
self.storage = storage
self.username = username
self.sid = sid
self.file_cache = file_cache
self.locks_dict = {}
self.locks_data_dict = {}
self.all_kde_settings = {}
kde_applier_user.kde_version = get_kde_version()
kde_filter = '{}%'.format(self.__hkcu_branch)
locks_filter = '{}%'.format(self.__hkcu_lock_branch)
self.locks_settings = self.storage.filter_hkcu_entries(locks_filter)
self.locks_settings = self.storage.filter_hkcu_entries(self.sid, locks_filter)
self.plasma_update = self.storage.get_entry(self.__plasma_update_entry)
self.plasma_update_flag = self.plasma_update.data if self.plasma_update is not None else 0
self.kde_settings = self.storage.filter_hkcu_entries(kde_filter)
self.kde_settings = self.storage.filter_hkcu_entries(self.sid, kde_filter)
self.__module_enabled = check_enabled(
self.storage,
self.__module_name,
@@ -96,7 +94,8 @@ class kde_applier_user(applier_frontend):
break
self.file_cache.store(data)
except Exception as exc:
logdata = {'exc': exc}
logdata = dict()
logdata['exc'] = exc
def user_context_apply(self):
'''
@@ -117,29 +116,13 @@ dbus_methods_mapping = {
'dbus_method': 'configure'
},
'wallpaper': {
'dbus_service': 'org.freedesktop.systemd1',
'dbus_path': '/org/freedesktop/systemd1',
'dbus_interface': 'org.freedesktop.systemd1.Manager',
'dbus_method': 'RestartUnit',
'dbus_args': ['plasma-plasmashell.service', 'replace']
}
'dbus_service': 'org.kde.plasmashell',
'dbus_path': '/PlasmaShell',
'dbus_interface': 'org.kde.PlasmaShell',
'dbus_method': 'refreshCurrentShell'
},
}
def get_kde_version():
try:
kinfo_path = shutil.which("kinfo", path="/usr/lib/kf5/bin:/usr/bin")
if not kinfo_path:
raise FileNotFoundError("Unable to find kinfo")
output = subprocess.check_output([kinfo_path], text=True, env={'LANG':'C'})
for line in output.splitlines():
if "KDE Frameworks Version" in line:
frameworks_version = line.split(":", 1)[1].strip()
major_frameworks_version = int(frameworks_version.split(".")[0])
return major_frameworks_version
except:
return None
def create_dict(kde_settings, all_kde_settings, locks_settings, locks_dict, file_cache = None, username = None, plasmaupdate = False):
for locks in locks_settings:
locks_dict[locks.valuename] = locks.data
@@ -152,15 +135,16 @@ def create_dict(kde_settings, all_kde_settings, locks_settings, locks_dict, file
else:
all_kde_settings.setdefault(file_name, {}).setdefault(section, {})[value] = data
except Exception as exc:
logdata = {'file_name': file_name,
'section': section,
'value': value,
'data': data,
'exc': exc}
logdata = dict()
logdata['file_name'] = file_name
logdata['section'] = section
logdata['value'] = value
logdata['data'] = data
logdata['exc'] = exc
log('W16', logdata)
def apply(all_kde_settings, locks_dict, username = None):
logdata = {}
logdata = dict()
modified_files = set()
if username is None:
system_path_settings = '/etc/xdg/'
@@ -206,7 +190,7 @@ def apply(all_kde_settings, locks_dict, username = None):
lock = f"{file_name}.{section}.{key}"
if lock in locks_dict and locks_dict[lock] == 1:
command = [
f'kwriteconfig{kde_applier_user.kde_version}',
'kwriteconfig5',
'--file', file_name,
'--group', section,
'--key', key +'/$i/',
@@ -215,7 +199,7 @@ def apply(all_kde_settings, locks_dict, username = None):
]
else:
command = [
f'kwriteconfig{kde_applier_user.kde_version}',
'kwriteconfig5',
'--file', file_name,
'--group', section,
'--key', key,
@@ -224,11 +208,9 @@ def apply(all_kde_settings, locks_dict, username = None):
]
try:
clear_locks_settings(username, file_name, key)
env_path = dict(os.environ)
env_path["PATH"] = "/usr/lib/kf5/bin:/usr/bin"
subprocess.run(command, check=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, env=env_path)
subprocess.run(command, check=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
except:
logdata = {'command': command}
logdata['command'] = command
log('W22', logdata)
new_content = []
file_path = f'{get_homedir(username)}/.config/{file_name}'
@@ -261,14 +243,15 @@ def clear_locks_settings(username, file_name, key):
file.write(line)
for line in lines:
if f'{key}[$i]=' in line:
logdata = {'line': line.strip()}
logdata = dict()
logdata['line'] = line.strip()
log('I10', logdata)
def apply_for_wallpaper(data, file_cache, username, plasmaupdate):
'''
Method to change wallpaper
'''
logdata = {}
logdata = dict()
path_to_wallpaper = f'{get_homedir(username)}/.config/plasma-org.kde.plasma.desktop-appletsrc'
id_desktop = get_id_desktop(path_to_wallpaper)
try:
@@ -293,14 +276,11 @@ def apply_for_wallpaper(data, file_cache, username, plasmaupdate):
#Variable for command execution plasma-apply-colorscheme
os.environ["XDG_RUNTIME_DIR"] = f"/run/user/{os.getuid()}"
os.environ["PATH"] = "/usr/lib/kf5/bin:"
os.environ["DBUS_SESSION_BUS_ADDRESS"] = f"unix:path=/run/user/{os.getuid()}/bus"#plasma-apply-wallpaperimage
env_path = dict(os.environ)
env_path["PATH"] = "/usr/lib/kf5/bin:/usr/bin"
#environment variable for accessing binary files without hard links
if not flag:
if os.path.isfile(path_to_wallpaper):
command = [
f'kwriteconfig{kde_applier_user.kde_version}',
'kwriteconfig5',
'--file', 'plasma-org.kde.plasma.desktop-appletsrc',
'--group', 'Containments',
'--group', id_desktop,
@@ -312,20 +292,20 @@ def apply_for_wallpaper(data, file_cache, username, plasmaupdate):
data
]
try:
subprocess.run(command, check=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, env=env_path)
subprocess.run(command, check=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
except:
logdata = {'command': command}
logdata['command'] = command
log('E68', logdata)
if plasmaupdate == 1:
call_dbus_method("wallpaper")
else:
logdata = {'file': path_to_wallpaper}
logdata['file'] = path_to_wallpaper
log('W21', logdata)
except OSError as exc:
logdata = {'exc': exc}
logdata['exc'] = exc
log('W17', logdata)
except Exception as exc:
logdata = {'exc': exc}
logdata['exc'] = exc
log('E67', logdata)
def get_id_desktop(path_to_wallpaper):
@@ -352,12 +332,9 @@ def call_dbus_method(file_name):
session_bus = dbus.SessionBus()
dbus_object = session_bus.get_object(config['dbus_service'], config['dbus_path'])
dbus_iface = dbus.Interface(dbus_object, config['dbus_interface'])
if 'dbus_args' in config:
getattr(dbus_iface, config['dbus_method'])(*config['dbus_args'])
else:
getattr(dbus_iface, config['dbus_method'])()
except dbus.exceptions.DBusException as exc:
logdata = {'error': str(exc)}
getattr(dbus_iface, config['dbus_method'])()
except dbus.exceptions.DBusException as e:
logdata = dict({'error': str(exc)})
log('E31', logdata)
else:
pass

755
gpoa/frontend/laps_applier.py
View File

@@ -1,755 +0,0 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2025 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from .applier_frontend import (
applier_frontend,
check_enabled
)
import struct
from datetime import datetime, timedelta
import dpapi_ng
from util.util import remove_prefix_from_keys, check_local_user_exists
from util.sid import WellKnown21RID
import subprocess
import ldb
import string
import secrets
import os
import psutil
from util.logging import log
import logging
import re
from datetime import timezone
from dateutil import tz
_DATEUTIL_AVAILABLE = False
try:
from dateutil import tz
_DATEUTIL_AVAILABLE = True
except ImportError:
pass
class laps_applier(applier_frontend):
"""
LAPS (Local Administrator Password Solution) implementation for managing
and automatically rotating administrator passwords.
"""
# Time calculation constants
# Number of seconds between the Windows epoch (1601-01-01 00:00:00 UTC)
# and the Unix epoch (1970-01-01 00:00:00 UTC).
# Used to convert between Unix timestamps and Windows FileTime.
_EPOCH_TIMESTAMP = 11644473600
# Number of 100-nanosecond intervals per second.
# Used to convert seconds to Windows FileTime format.
_HUNDREDS_OF_NANOSECONDS = 10000000
# Number of 100-nanosecond intervals in one day
_DAY_FLOAT = 8.64e11
# Module configuration
__module_name = 'LapsApplier'
__module_experimental = True
__module_enabled = False
# Registry paths
_WINDOWS_REGISTRY_PATH = 'SOFTWARE/Microsoft/Windows/CurrentVersion/Policies/LAPS/'
_ALT_REGISTRY_PATH = 'Software/BaseALT/Policies/Laps/'
# LDAP attributes
_ATTR_ENCRYPTED_PASSWORD = 'msLAPS-EncryptedPassword'
_ATTR_PASSWORD_EXPIRATION_TIME = 'msLAPS-PasswordExpirationTime'
# dconf key for password modification time
_KEY_PASSWORD_LAST_MODIFIED = '/Software/BaseALT/Policies/Laps/PasswordLastModified/'
# Password complexity levels
_PASSWORD_COMPLEXITY = {
1: string.ascii_uppercase,
2: string.ascii_letters,
3: string.ascii_letters + string.digits,
4: string.ascii_letters + string.digits + string.punctuation
}
# Post-authentication actions
_ACTION_NONE = 0
_ACTION_CHANGE_PASSWORD = 1
_ACTION_TERMINATE_SESSIONS = 3
_ACTION_REBOOT = 5
def __init__(self, storage):
"""
Initialize the LAPS applier with configuration from registry.
Args:
storage: Storage object containing registry entries and system information
"""
self.storage = storage
# Load registry configuration
if not self._load_configuration():
self.__module_enabled = False
return
if not self._check_requirements():
log('W29')
self.__module_enabled = False
return
# Initialize system connections and parameters
self._initialize_system_parameters()
# Check if module is enabled in configuration
self.__module_enabled = check_enabled(
self.storage,
self.__module_name,
self.__module_experimental
)
def _load_configuration(self):
"""Load configuration settings from registry."""
alt_keys = remove_prefix_from_keys(
self.storage.filter_entries(self._ALT_REGISTRY_PATH),
self._ALT_REGISTRY_PATH
)
windows_keys = remove_prefix_from_keys(
self.storage.filter_entries(self._WINDOWS_REGISTRY_PATH),
self._WINDOWS_REGISTRY_PATH
)
# Combine configurations with BaseALT taking precedence
self.config = windows_keys
self.config.update(alt_keys)
# Extract commonly used configuration parameters
self.backup_directory = self.config.get('BackupDirectory', None)
self.encryption_enabled = self.config.get('ADPasswordEncryptionEnabled', 1)
self.password_expiration_protection = self.config.get('PasswordExpirationProtectionEnabled', 1)
self.password_age_days = self.config.get('PasswordAgeDays', 30)
self.post_authentication_actions = self.config.get('PostAuthenticationActions', 3)
self.post_authentication_reset_delay = self.config.get('PostAuthenticationResetDelay', 24)
name = self.config.get('AdministratorAccountName', 'root')
if name and check_local_user_exists(name):
self.target_user = name
else:
log('W36')
return False
return True
def _check_requirements(self):
"""
Check if the necessary requirements are met for the module to operate.
Returns:
bool: True if requirements are met, False otherwise
"""
if self.backup_directory != 2 or not self.encryption_enabled:
logdata = {}
logdata['backup_directory'] = self.backup_directory
logdata['encryption_enabled'] = self.encryption_enabled
log('D223', logdata)
return False
return True
def _initialize_system_parameters(self):
"""Initialize system parameters and connections."""
# Set up LDAP connections
self.samdb = self.storage.get_info('samdb')
self.domain_sid = self.samdb.get_domain_sid()
self.domain_dn = self.samdb.domain_dn()
self.computer_dn = self._get_computer_dn()
self.admin_group_sid = f'{self.domain_sid}-{WellKnown21RID.DOMAIN_ADMINS.value}'
# Set up time parameters
self.expiration_date = self._get_expiration_date()
self.expiration_date_int = self._convert_to_filetime(self.expiration_date)
self.current_time_int = self._convert_to_filetime(datetime.now())
# Get current system state
self.expiration_time_attr = self._get_expiration_time_attr()
self.pass_last_mod_int = self._read_dconf_pass_last_mod()
self.encryption_principal = self._get_encryption_principal()
self.last_login_hours_ago = self._get_admin_login_hours_ago_after_timestamp()
def _get_computer_dn(self):
"""
Get the Distinguished Name of the computer account.
Returns:
str: Computer's distinguished name in LDAP
"""
machine_name = self.storage.get_info('machine_name')
search_filter = f'(sAMAccountName={machine_name})'
results = self.samdb.search(base=self.domain_dn, expression=search_filter, attrs=['dn'])
return results[0]['dn']
def _get_encryption_principal(self):
"""
Get the encryption principal for password encryption.
Returns:
str: SID of the encryption principal
"""
encryption_principal = self.config.get('ADPasswordEncryptionPrincipal', None)
if not encryption_principal:
return self.admin_group_sid
return self._verify_encryption_principal(encryption_principal)
def _verify_encryption_principal(self, principal_name):
"""
Verify the encryption principal exists and get its SID.
Args:
principal_name: Principal name to verify
Returns:
str: SID of the encryption principal if found, or admin group SID as fallback
"""
try:
# Try to resolve as domain\\user format
domain = self.storage.get_info('domain')
username = f'{domain}\\{principal_name}'
output = subprocess.check_output(['wbinfo', '-n', username])
sid = output.split()[0].decode('utf-8')
return sid
except subprocess.CalledProcessError:
# Try to resolve directly as SID
try:
output = subprocess.check_output(['wbinfo', '-s', principal_name])
return principal_name
except subprocess.CalledProcessError:
# Fallback to admin group SID
logdata = {}
logdata['principal_name'] = principal_name
log('W30', logdata)
return self.admin_group_sid
def _get_expiration_date(self, base_time=None):
"""
Calculate the password expiration date.
Args:
base_time: Optional datetime to base calculation on, defaults to now
Returns:
datetime: Password expiration date
"""
base = base_time or datetime.now()
# Set to beginning of day and add password age
return (base.replace(hour=0, minute=0, second=0, microsecond=0) +
timedelta(days=int(self.password_age_days)))
def _convert_to_filetime(self, dt):
"""
Convert datetime to Windows filetime format (100ns intervals since 1601-01-01).
Args:
dt: Datetime to convert
Returns:
int: Windows filetime integer
"""
epoch_timedelta = timedelta(seconds=self._EPOCH_TIMESTAMP)
new_dt = dt + epoch_timedelta
return int(new_dt.timestamp() * self._HUNDREDS_OF_NANOSECONDS)
def _get_expiration_time_attr(self):
"""
Get the current password expiration time from LDAP.
Returns:
int: Password expiration time as integer, or 0 if not found
"""
try:
res = self.samdb.search(
base=self.computer_dn,
scope=ldb.SCOPE_BASE,
expression="(objectClass=*)",
attrs=[self._ATTR_PASSWORD_EXPIRATION_TIME]
)
return int(res[0].get(self._ATTR_PASSWORD_EXPIRATION_TIME, 0)[0])
except Exception as exc:
logdata = {'exc': exc}
log('W31', logdata)
return 0
def _read_dconf_pass_last_mod(self):
"""
Read the password last modified time from dconf.
Returns:
int: Timestamp of last password modification or current time if not found
"""
try:
key_path = self._KEY_PASSWORD_LAST_MODIFIED + self.target_user
last_modified = subprocess.check_output(
['dconf', 'read', key_path],
text=True
).strip().strip("'\"")
return int(last_modified)
except Exception as exc:
logdata = {'exc': exc}
log('W32', logdata)
return self.current_time_int
def _write_dconf_pass_last_mod(self):
"""
Write the password last modified time to dconf.
"""
try:
# Ensure dbus session is available
self._ensure_dbus_session()
# Write current time to dconf
key_path = self._KEY_PASSWORD_LAST_MODIFIED + self.target_user
last_modified = f'"{self.current_time_int}"'
subprocess.check_output(['dconf', 'write', key_path, last_modified])
log('D222')
except Exception as exc:
logdata = {'exc': exc}
log('W28', logdata)
def _ensure_dbus_session(self):
"""Ensure a D-Bus session is available for dconf operations."""
dbus_address = os.getenv("DBUS_SESSION_BUS_ADDRESS")
if not dbus_address:
result = subprocess.run(
["dbus-daemon", "--fork", "--session", "--print-address"],
capture_output=True,
text=True
)
dbus_address = result.stdout.strip()
os.environ["DBUS_SESSION_BUS_ADDRESS"] = dbus_address
def _get_changed_password_hours_ago(self):
"""
Calculate how many hours ago the password was last changed.
Returns:
int: Hours since password was last changed, or 0 if error
"""
logdata = {}
logdata['target_user'] = self.target_user
try:
diff_time = self.current_time_int - self.pass_last_mod_int
hours_difference = diff_time // 3.6e10
hours_ago = int(hours_difference)
logdata['hours_ago'] = hours_ago
log('D225', logdata)
return hours_ago
except Exception as exc:
logdata = {'exc': exc}
log('W34', logdata)
return 0
def _generate_password(self):
"""
Generate a secure password based on policy settings.
Returns:
str: Generated password meeting complexity requirements
"""
# Get password length from config
password_length = self.config.get('PasswordLength', 14)
if not isinstance(password_length, int) or not (8 <= password_length <= 64):
password_length = 14
# Get password complexity from config
password_complexity = self.config.get('PasswordComplexity', 4)
if not isinstance(password_complexity, int) or not (1 <= password_complexity <= 4):
password_complexity = 4
# Get character set based on complexity
char_set = self._PASSWORD_COMPLEXITY.get(password_complexity, self._PASSWORD_COMPLEXITY[4])
# Generate initial password
password = ''.join(secrets.choice(char_set) for _ in range(password_length))
# Ensure password meets complexity requirements
if password_complexity >= 3 and not any(c.isdigit() for c in password):
# Add a digit if required but missing
digit = secrets.choice(string.digits)
position = secrets.randbelow(len(password))
password = password[:position] + digit + password[position:]
if password_complexity == 4 and not any(c in string.punctuation for c in password):
# Add a special character if required but missing
special_char = secrets.choice(string.punctuation)
position = secrets.randbelow(len(password))
password = password[:position] + special_char + password[position:]
return password
def _get_json_password_data(self, password):
"""
Format password information as JSON.
Args:
password: The password
Returns:
str: JSON formatted password information
"""
return f'{{"n":"{self.target_user}","t":"{self.expiration_date_int}","p":"{password}"}}'
def _create_password_blob(self, password):
"""
Create encrypted password blob for LDAP storage.
Args:
password: Password to encrypt
Returns:
bytes: Encrypted password blob
"""
# Create JSON data and encode as UTF-16LE with null terminator
json_data = self._get_json_password_data(password)
password_bytes = json_data.encode("utf-16-le") + b"\x00\x00"
# Save and change loglevel
logger = logging.getLogger()
old_level = logger.level
logger.setLevel(logging.ERROR)
# Encrypt the password
dpapi_blob = dpapi_ng.ncrypt_protect_secret(
password_bytes,
self.encryption_principal,
auth_protocol='kerberos'
)
# Restoreloglevel
logger.setLevel(old_level)
# Create full blob with metadata
return self._add_blob_metadata(dpapi_blob)
def _add_blob_metadata(self, dpapi_blob):
"""
Add metadata to the encrypted password blob.
Args:
dpapi_blob: Encrypted password blob
Returns:
bytes: Complete blob with metadata
"""
# Convert timestamp to correct format
left, right = struct.unpack('<LL', struct.pack('Q', self.current_time_int))
packed = struct.pack('<LL', right, left)
# Add blob length and padding
prefix = packed + struct.pack('<i', len(dpapi_blob)) + b'\x00\x00\x00\x00'
# Combine metadata and encrypted blob
return prefix + dpapi_blob
def _change_user_password(self, new_password):
"""
Change the password for the target user.
Args:
new_password: New password to set
Returns:
bool: True if password was changed successfully, False otherwise
"""
logdata = {'target_user': self.target_user}
try:
# Use chpasswd to change the password
process = subprocess.Popen(
["chpasswd"],
stdin=subprocess.PIPE,
text=True
)
process.communicate(f"{self.target_user}:{new_password}")
# Record the time of change
self._write_dconf_pass_last_mod()
log('D221', logdata)
return True
except Exception as exc:
logdata = {'exc': exc}
log('W27', logdata)
return False
def _update_ldap_password(self, encrypted_blob):
"""
Update the encrypted password and expiration time in LDAP.
Args:
encrypted_blob: Encrypted password blob
Returns:
bool: True if LDAP was updated successfully, False otherwise
"""
logdata = {'computer_dn': self.computer_dn}
try:
# Create LDAP modification message
mod_msg = ldb.Message()
mod_msg.dn = self.computer_dn
# Update password blob
mod_msg[self._ATTR_ENCRYPTED_PASSWORD] = ldb.MessageElement(
encrypted_blob,
ldb.FLAG_MOD_REPLACE,
self._ATTR_ENCRYPTED_PASSWORD
)
# Update expiration time
mod_msg[self._ATTR_PASSWORD_EXPIRATION_TIME] = ldb.MessageElement(
str(self.expiration_date_int),
ldb.FLAG_MOD_REPLACE,
self._ATTR_PASSWORD_EXPIRATION_TIME
)
# Perform the LDAP modification
self.samdb.modify(mod_msg)
log('D226', logdata)
return True
except Exception as exc:
logdata = {'exc': exc}
log('E75', logdata)
return False
def _should_update_password(self):
"""
Determine if the password should be updated based on policy.
Returns:
tuple: (bool: update needed, bool: perform post-action)
"""
# Check if password has expired
if not self._is_password_expired():
# Password not expired, check if post-login action needed
return self._check_post_login_action()
# Password has expired, update needed
return True, False
def _is_password_expired(self):
"""
Check if the password has expired according to policy.
Returns:
bool: True if password has expired, False otherwise
"""
# Case 1: No expiration protection, check LDAP attribute
if not self.password_expiration_protection:
if self.expiration_time_attr > self.current_time_int:
return False
# Case 2: With expiration protection, check both policy and LDAP
elif self.password_expiration_protection:
policy_expiry = self.pass_last_mod_int + (self.password_age_days * int(self._DAY_FLOAT))
if policy_expiry > self.current_time_int and self.expiration_time_attr > self.current_time_int:
return False
return True
def _check_post_login_action(self):
"""
Check if a post-login password change action should be performed.
Returns:
tuple: (bool: update needed, bool: perform post-action)
"""
# Check if password was changed after last login
if self._get_changed_password_hours_ago() < self.last_login_hours_ago:
return False, False
# Check if enough time has passed since login
if self.last_login_hours_ago < self.post_authentication_reset_delay:
return False, False
# Check if action is configured
if self.post_authentication_actions == self._ACTION_NONE:
return False, False
# Update needed, determine if post-action required
return True, self.post_authentication_actions > self._ACTION_CHANGE_PASSWORD
def _perform_post_action(self):
"""
Perform post-password-change action based on configuration.
"""
if self.post_authentication_actions == self._ACTION_TERMINATE_SESSIONS:
self._terminate_user_sessions()
elif self.post_authentication_actions == self._ACTION_REBOOT:
log('D220')
subprocess.run(["reboot"])
def _terminate_user_sessions(self):
"""
Terminates all processes associated with the active sessions of the target user.
"""
# Get active sessions for the target user
user_sessions = [user for user in psutil.users() if user.name == self.target_user]
logdata = {'target_user': self.target_user}
if not user_sessions:
log('D227', logdata)
return
# Terminate each session
for session in user_sessions:
try:
# Get the process and terminate it
proc = psutil.Process(session.pid)
proc.kill() # Send SIGKILL
logdata['pid'] = session.pid
log('D228')
except (psutil.NoSuchProcess, psutil.AccessDenied) as exc:
logdata['pid'] = session.pid
logdata['exc'] = exc
log('W35', logdata)
def update_laps_password(self):
"""
Update the LAPS password if needed based on policy.
Checks expiration and login times to determine if update is needed.
"""
# Check if password update is needed
update_needed, perform_post_action = self._should_update_password()
if not update_needed:
log('D229')
return False
# Generate new password
password = self._generate_password()
# Create encrypted password blob
encrypted_blob = self._create_password_blob(password)
# Update password in LDAP
ldap_success = self._update_ldap_password(encrypted_blob)
if not ldap_success:
return False
# Change local user password
local_success = self._change_user_password(password)
if not local_success:
log('E76')
return False
log('D230')
# Perform post-action if configured
if perform_post_action:
self._perform_post_action()
def apply(self):
"""
Main entry point for the LAPS applier.
"""
if self.__module_enabled:
log('D218')
self.update_laps_password()
else:
log('D219')
def _parse_login_time_from_last_line(self, line: str) -> datetime:
match_login_dt = re.search(
r"((?:Mon|Tue|Wed|Thu|Fri|Sat|Sun)\s+\w{3}\s+\d{1,2}\s+\d{2}:\d{2}:\d{2}\s+\d{4})",
line
)
if not match_login_dt:
return None
login_dt_str = match_login_dt.group(1)
try:
dt_naive = datetime.strptime(login_dt_str, "%a %b %d %H:%M:%S %Y")
login_dt_utc: datetime
if _DATEUTIL_AVAILABLE:
local_tz = tz.tzlocal()
dt_local = dt_naive.replace(tzinfo=local_tz)
login_dt_utc = dt_local.astimezone(timezone.utc)
else:
system_local_tz = datetime.now().astimezone().tzinfo
if system_local_tz:
dt_local = dt_naive.replace(tzinfo=system_local_tz)
login_dt_utc = dt_local.astimezone(timezone.utc)
else:
login_dt_utc = dt_naive.replace(tzinfo=timezone.utc)
log('W38')
return login_dt_utc
except ValueError:
return None
def _get_user_login_datetimes_utc(self) -> list[datetime]:
command = ["last", "-F", "-w", self.target_user]
env = os.environ.copy()
env["LC_TIME"] = "C"
login_datetimes = []
try:
process = subprocess.run(command, capture_output=True, text=True, check=False, env=env)
if process.returncode != 0 and not ("no login record" in process.stderr.lower() or "no users logged in" in process.stdout.lower()):
log('W39')
return []
output_lines = process.stdout.splitlines()
except FileNotFoundError:
log('W40')
return []
except Exception as e:
log('W41')
return []
for line in output_lines:
if not line.strip() or "wtmp begins" in line or "btmp begins" in line:
continue
if not line.startswith(self.target_user):
continue
login_dt_utc = self._parse_login_time_from_last_line(line)
if login_dt_utc:
login_datetimes.append(login_dt_utc)
return login_datetimes
def _get_admin_login_hours_ago_after_timestamp(self) -> int:
# Convert Windows FileTime to datetime
reference_dt_utc = datetime.fromtimestamp(
(self.pass_last_mod_int / self._HUNDREDS_OF_NANOSECONDS) - self._EPOCH_TIMESTAMP,
tz=timezone.utc
)
if not (reference_dt_utc.tzinfo is timezone.utc or
(reference_dt_utc.tzinfo is not None and reference_dt_utc.tzinfo.utcoffset(reference_dt_utc) == timedelta(0))):
log('W42')
return 0
user_login_times_utc = self._get_user_login_datetimes_utc()
if not user_login_times_utc:
log('D232')
return 0
most_recent_login_after_reference_utc = None
for login_time_utc in user_login_times_utc[::-1]:
if login_time_utc >= reference_dt_utc:
most_recent_login_after_reference_utc = login_time_utc
break
if most_recent_login_after_reference_utc:
now_utc = datetime.now(timezone.utc)
time_delta_seconds = (now_utc - most_recent_login_after_reference_utc).total_seconds()
hours_ago = int(time_delta_seconds / 3600.0)
log('D233')
return hours_ago
else:
log('D234')
return 0

7
gpoa/frontend/networkshare_applier.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2025 BaseALT Ltd.
# Copyright (C) 2019-2022 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -29,10 +29,11 @@ class networkshare_applier(applier_frontend):
__module_experimental = True
__module_enabled = False
def __init__(self, storage, username = None):
def __init__(self, storage, sid, username = None):
self.storage = storage
self.sid = sid
self.username = username
self.networkshare_info = self.storage.get_networkshare()
self.networkshare_info = self.storage.get_networkshare(self.sid)
self.__module_enabled = check_enabled(self.storage, self.__module_name, self.__module_experimental)
self.__module_enabled_user = check_enabled(self.storage, self.__module_name_user, self.__module_experimental)

9
gpoa/frontend/ntp_applier.py
View File

@@ -77,7 +77,8 @@ class ntp_applier(applier_frontend):
srv = None
if server:
srv = server.data.rpartition(',')[0]
logdata = {'srv': srv}
logdata = dict()
logdata['srv'] = srv
log('D122', logdata)
start_command = ['/usr/bin/systemctl', 'start', 'chronyd']
@@ -91,7 +92,8 @@ class ntp_applier(applier_frontend):
proc.wait()
if srv:
logdata = {'srv': srv}
logdata = dict()
logdata['srv'] = srv
log('D124', logdata)
proc = subprocess.Popen(chrony_disconnect_all)
@@ -117,7 +119,8 @@ class ntp_applier(applier_frontend):
if server_type and server_type.data:
if NTPServerType.NTP.value != server_type.data:
logdata = {'server_type': server_type}
logdata = dict()
logdata['server_type'] = server_type
log('W10', logdata)
else:
log('D126')

35
gpoa/frontend/package_applier.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2025 BaseALT Ltd.
# Copyright (C) 2019-2024 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -27,8 +27,8 @@ from .applier_frontend import (
class package_applier(applier_frontend):
__module_name = 'PackagesApplier'
__module_experimental = False
__module_enabled = True
__module_experimental = True
__module_enabled = False
__install_key_name = 'Install'
__remove_key_name = 'Remove'
__sync_key_name = 'Sync'
@@ -40,7 +40,7 @@ class package_applier(applier_frontend):
install_branch = '{}\\{}%'.format(self.__hklm_branch, self.__install_key_name)
remove_branch = '{}\\{}%'.format(self.__hklm_branch, self.__remove_key_name)
sync_branch = '{}\\{}%'.format(self.__hklm_branch, self.__sync_key_name)
self.fulcmd = []
self.fulcmd = list()
self.fulcmd.append('/usr/libexec/gpupdate/pkcon_runner')
self.fulcmd.append('--loglevel')
logger = logging.getLogger()
@@ -64,13 +64,15 @@ class package_applier(applier_frontend):
try:
subprocess.check_call(self.fulcmd)
except Exception as exc:
logdata = {'msg': str(exc)}
logdata = dict()
logdata['msg'] = str(exc)
log('E55', logdata)
else:
try:
subprocess.Popen(self.fulcmd,close_fds=False)
except Exception as exc:
logdata = {'msg': str(exc)}
logdata = dict()
logdata['msg'] = str(exc)
log('E61', logdata)
def apply(self):
@@ -83,17 +85,18 @@ class package_applier(applier_frontend):
class package_applier_user(applier_frontend):
__module_name = 'PackagesApplierUser'
__module_experimental = False
__module_enabled = True
__module_experimental = True
__module_enabled = False
__install_key_name = 'Install'
__remove_key_name = 'Remove'
__sync_key_name = 'Sync'
__hkcu_branch = 'Software\\BaseALT\\Policies\\Packages'
def __init__(self, storage, username):
def __init__(self, storage, sid, username):
self.storage = storage
self.sid = sid
self.username = username
self.fulcmd = []
self.fulcmd = list()
self.fulcmd.append('/usr/libexec/gpupdate/pkcon_runner')
self.fulcmd.append('--user')
self.fulcmd.append(self.username)
@@ -105,9 +108,9 @@ class package_applier_user(applier_frontend):
remove_branch = '{}\\{}%'.format(self.__hkcu_branch, self.__remove_key_name)
sync_branch = '{}\\{}%'.format(self.__hkcu_branch, self.__sync_key_name)
self.install_packages_setting = self.storage.filter_hkcu_entries(install_branch)
self.remove_packages_setting = self.storage.filter_hkcu_entries(remove_branch)
self.sync_packages_setting = self.storage.filter_hkcu_entries(sync_branch)
self.install_packages_setting = self.storage.filter_hkcu_entries(self.sid, install_branch)
self.remove_packages_setting = self.storage.filter_hkcu_entries(self.sid, remove_branch)
self.sync_packages_setting = self.storage.filter_hkcu_entries(self.sid, sync_branch)
self.flagSync = False
self.__module_enabled = check_enabled(self.storage, self.__module_name, self.__module_experimental)
@@ -128,13 +131,15 @@ class package_applier_user(applier_frontend):
try:
subprocess.check_call(self.fulcmd)
except Exception as exc:
logdata = {'msg': str(exc)}
logdata = dict()
logdata['msg'] = str(exc)
log('E60', logdata)
else:
try:
subprocess.Popen(self.fulcmd,close_fds=False)
except Exception as exc:
logdata = {'msg': str(exc)}
logdata = dict()
logdata['msg'] = str(exc)
log('E62', logdata)
def admin_context_apply(self):

13
gpoa/frontend/polkit_applier.py
View File

@@ -53,7 +53,7 @@ class polkit_applier(applier_frontend):
template_vars_all = self.__polkit_map[self.__registry_branch][1]
template_file_all_lock = self.__polkit_map[self.__registry_locks_branch][0]
template_vars_all_lock = self.__polkit_map[self.__registry_locks_branch][1]
locks = []
locks = list()
for lock in self.polkit_locks:
if bool(int(lock.data)):
locks.append(lock.valuename)
@@ -77,7 +77,7 @@ class polkit_applier(applier_frontend):
self.__polkit_map[self.__registry_locks_branch][1][key] = item[1]
if deny_all_win:
logdata = {}
logdata = dict()
logdata['Deny_All_win'] = deny_all_win.data
log('D69', logdata)
self.__polkit_map[self.__deny_all_win][1]['Deny_All'] = deny_all_win.data
@@ -115,14 +115,15 @@ class polkit_applier_user(applier_frontend):
__registry_branch : ['48-alt_group_policy_permissions_user', {'User': ''}]
}
def __init__(self, storage, username):
def __init__(self, storage, sid, username):
self.storage = storage
self.sid = sid
self.username = username
deny_all_win = None
if check_windows_mapping_enabled(self.storage):
deny_all_win = storage.filter_hkcu_entries(self.__deny_all_win).first()
deny_all_win = storage.filter_hkcu_entries(self.sid, self.__deny_all_win).first()
polkit_filter = '{}%'.format(self.__registry_branch)
self.polkit_keys = self.storage.filter_hkcu_entries(polkit_filter)
self.polkit_keys = self.storage.filter_hkcu_entries(self.sid, polkit_filter)
# Deny_All hook: initialize defaults
template_file = self.__polkit_map[self.__deny_all_win][0]
template_vars = self.__polkit_map[self.__deny_all_win][1]
@@ -145,7 +146,7 @@ class polkit_applier_user(applier_frontend):
self.__polkit_map[self.__registry_branch][1][key] = item
if deny_all_win:
logdata = {}
logdata = dict()
logdata['user'] = self.username
logdata['Deny_All_win'] = deny_all_win.data
log('D70', logdata)

30
gpoa/frontend/scripts_applier.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2025 BaseALT Ltd.
# Copyright (C) 2019-2022 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -29,14 +29,15 @@ from .applier_frontend import (
class scripts_applier(applier_frontend):
__module_name = 'ScriptsApplier'
__module_experimental = False
__module_enabled = True
__module_experimental = True
__module_enabled = False
__cache_scripts = '/var/cache/gpupdate_scripts_cache/machine/'
def __init__(self, storage):
def __init__(self, storage, sid):
self.storage = storage
self.startup_scripts = self.storage.get_scripts('STARTUP')
self.shutdown_scripts = self.storage.get_scripts('SHUTDOWN')
self.sid = sid
self.startup_scripts = self.storage.get_scripts(self.sid, 'STARTUP')
self.shutdown_scripts = self.storage.get_scripts(self.sid, 'SHUTDOWN')
self.folder_path = Path(self.__cache_scripts)
self.__module_enabled = check_enabled(self.storage
, self.__module_name
@@ -50,7 +51,8 @@ class scripts_applier(applier_frontend):
except FileNotFoundError as exc:
log('D154')
except Exception as exc:
logdata = {'exc': exc}
logdata = dict()
logdata['exc'] = exc
log('E64', logdata)
def filling_cache(self):
@@ -78,14 +80,15 @@ class scripts_applier(applier_frontend):
class scripts_applier_user(applier_frontend):
__module_name = 'ScriptsApplierUser'
__module_experimental = False
__module_enabled = True
__module_experimental = True
__module_enabled = False
__cache_scripts = '/var/cache/gpupdate_scripts_cache/users/'
def __init__(self, storage, username):
def __init__(self, storage, sid, username):
self.storage = storage
self.logon_scripts = self.storage.get_scripts('LOGON')
self.logoff_scripts = self.storage.get_scripts('LOGOFF')
self.sid = sid
self.logon_scripts = self.storage.get_scripts(self.sid, 'LOGON')
self.logoff_scripts = self.storage.get_scripts(self.sid, 'LOGOFF')
self.username = username
self.folder_path = Path(self.__cache_scripts + self.username)
self.__module_enabled = check_enabled(self.storage
@@ -100,7 +103,8 @@ class scripts_applier_user(applier_frontend):
except FileNotFoundError as exc:
log('D155')
except Exception as exc:
logdata = {'exc': exc}
logdata = dict()
logdata['exc'] = exc
log('E65', logdata)
def filling_cache(self):

82
gpoa/frontend/shortcut_applier.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2025 BaseALT Ltd.
# Copyright (C) 2019-2024 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -26,19 +26,15 @@ from util.windows import expand_windows_var
from util.logging import log
from util.util import (
get_homedir,
homedir_exists,
string_to_literal_eval
homedir_exists
)
from gpt.shortcuts import shortcut, get_ttype
def storage_get_shortcuts(storage, username=None, shortcuts_machine=None):
def storage_get_shortcuts(storage, sid, username=None):
'''
Query storage for shortcuts' rows for username.
Query storage for shortcuts' rows for specified SID.
'''
shortcut_objs = storage.get_shortcuts()
shortcuts = []
if username and shortcuts_machine:
shortcut_objs += shortcuts_machine
shortcut_objs = storage.get_shortcuts(sid)
shortcuts = list()
for sc in shortcut_objs:
if username:
@@ -56,7 +52,9 @@ def apply_shortcut(shortcut, username=None):
dest_abspath = shortcut.dest
if not dest_abspath.startswith('/') and not dest_abspath.startswith('%'):
dest_abspath = '%HOME%/' + dest_abspath
logdata = {'shortcut': dest_abspath, 'for': username}
logdata = dict()
logdata['shortcut'] = dest_abspath
logdata['for'] = username
log('D105', logdata)
dest_abspath = expand_windows_var(dest_abspath, username).replace('\\', '/') + '.desktop'
@@ -67,24 +65,31 @@ def apply_shortcut(shortcut, username=None):
if dest_abspath.startswith(get_homedir(username)):
# Don't try to operate on non-existent directory
if not homedir_exists(username):
logdata = {'user': username, 'dest_abspath': dest_abspath}
logdata = dict()
logdata['user'] = username
logdata['dest_abspath'] = dest_abspath
log('W7', logdata)
return None
else:
logdata = {'user': username, 'bad path': dest_abspath}
logdata = dict()
logdata['user'] = username
logdata['bad path'] = dest_abspath
log('W8', logdata)
return None
if '%' in dest_abspath:
logdata = {'dest_abspath': dest_abspath}
logdata = dict()
logdata['dest_abspath'] = dest_abspath
log('E53', logdata)
return None
if not dest_abspath.startswith('/'):
logdata = {'dest_abspath': dest_abspath}
logdata = dict()
logdata['dest_abspath'] = dest_abspath
log('E54', logdata)
return None
logdata = {'file': dest_abspath}
logdata = dict()
logdata['file'] = dest_abspath
logdata['with_action'] = shortcut.action
log('D106', logdata)
shortcut.apply_desktop(dest_abspath)
@@ -103,7 +108,7 @@ class shortcut_applier(applier_frontend):
)
def run(self):
shortcuts = storage_get_shortcuts(self.storage)
shortcuts = storage_get_shortcuts(self.storage, self.storage.get_info('machine_sid'))
if shortcuts:
for sc in shortcuts:
apply_shortcut(sc)
@@ -114,7 +119,9 @@ class shortcut_applier(applier_frontend):
# /usr/local/share/applications
subprocess.check_call(['/usr/bin/update-desktop-database'])
else:
log('D100')
logdata = dict()
logdata['machine_sid'] = self.storage.get_info('machine_sid')
log('D100', logdata)
def apply(self):
if self.__module_enabled:
@@ -127,45 +134,15 @@ class shortcut_applier_user(applier_frontend):
__module_name = 'ShortcutsApplierUser'
__module_experimental = False
__module_enabled = True
__REGISTRY_PATH_SHORTCATSMERGE= '/Software/BaseALT/Policies/GPUpdate/ShortcutsMerge'
__DCONF_REGISTRY_PATH_PREFERENCES_MACHINE = 'Software/BaseALT/Policies/Preferences/Machine'
def __init__(self, storage, username):
def __init__(self, storage, sid, username):
self.storage = storage
self.sid = sid
self.username = username
self.__module_enabled = check_enabled(self.storage, self.__module_name, self.__module_experimental)
def get_machine_shortcuts(self):
result = []
try:
storage_machine_dict = self.storage.get_dictionary_from_dconf_file_db()
machine_shortcuts = storage_machine_dict.get(
self.__DCONF_REGISTRY_PATH_PREFERENCES_MACHINE, dict()).get('Shortcuts')
shortcut_objs = string_to_literal_eval(machine_shortcuts)
for obj in shortcut_objs:
shortcut_machine =shortcut(
obj.get('dest'),
obj.get('path'),
obj.get('arguments'),
obj.get('name'),
obj.get('action'),
get_ttype(obj.get('target_type')))
shortcut_machine.set_usercontext(1)
result.append(shortcut_machine)
except:
return None
return result
def check_enabled_shortcuts_merge(self):
return self.storage.get_key_value(self.__REGISTRY_PATH_SHORTCATSMERGE)
def run(self, in_usercontext):
shortcuts_machine = None
if self.check_enabled_shortcuts_merge():
shortcuts_machine = self.get_machine_shortcuts()
shortcuts = storage_get_shortcuts(self.storage, self.username, shortcuts_machine)
shortcuts = storage_get_shortcuts(self.storage, self.sid, self.username)
if shortcuts:
for sc in shortcuts:
@@ -174,7 +151,8 @@ class shortcut_applier_user(applier_frontend):
if not in_usercontext and not sc.is_usercontext():
apply_shortcut(sc, self.username)
else:
logdata = {'username': self.username}
logdata = dict()
logdata['sid'] = self.sid
log('D100', logdata)
def user_context_apply(self):

14
gpoa/frontend/systemd_applier.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2025 BaseALT Ltd.
# Copyright (C) 2019-2024 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -44,16 +44,20 @@ class systemd_applier(applier_frontend):
for setting in self.systemd_unit_settings:
try:
self.units.append(systemd_unit(setting.valuename, int(setting.data)))
logdata = {'unit': format(setting.valuename)}
logdata = dict()
logdata['unit'] = format(setting.valuename)
log('I4', logdata)
except Exception as exc:
logdata = {'unit': format(setting.valuename), 'exc': exc}
logdata = dict()
logdata['unit'] = format(setting.valuename)
logdata['exc'] = exc
log('I5', logdata)
for unit in self.units:
try:
unit.apply()
except:
logdata = {'unit': unit.unit_name}
logdata = dict()
logdata['unit'] = unit.unit_name
log('E45', logdata)
def apply(self):
@@ -72,7 +76,7 @@ class systemd_applier_user(applier_frontend):
__module_enabled = True
__registry_branch = 'Software/BaseALT/Policies/SystemdUnits'
def __init__(self, storage, username):
def __init__(self, storage, sid, username):
self.storage = storage
def user_context_apply(self):

14
gpoa/frontend/thunderbird_applier.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2024-2025 BaseALT Ltd.
# Copyright (C) 2024 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -32,14 +32,15 @@ class thunderbird_applier(applier_frontend):
__registry_branch = 'Software/Policies/Mozilla/Thunderbird'
__thunderbird_policies = '/etc/thunderbird/policies'
def __init__(self, storage, username):
def __init__(self, storage, sid, username):
self.storage = storage
self.sid = sid
self.username = username
self._is_machine_name = is_machine_name(self.username)
self.policies = {}
self.policies_json = {'policies': self.policies}
self.policies = dict()
self.policies_json = dict({ 'policies': self.policies })
self.thunderbird_keys = self.storage.filter_hklm_entries(self.__registry_branch)
self.policies_gen = {}
self.policies_gen = dict()
self.__module_enabled = check_enabled(
self.storage
, self.__module_name
@@ -57,7 +58,8 @@ class thunderbird_applier(applier_frontend):
os.makedirs(self.__thunderbird_policies, exist_ok=True)
with open(destfile, 'w') as f:
json.dump(self.policies_json, f)
logdata = {'destfile': destfile}
logdata = dict()
logdata['destfile'] = destfile
log('D212', logdata)
def apply(self):

19
gpoa/frontend/yandex_browser_applier.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2025 BaseALT Ltd.
# Copyright (C) 2019-2024 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -34,13 +34,14 @@ class yandex_browser_applier(applier_frontend):
__managed_policies_path = '/etc/opt/yandex/browser/policies/managed'
__recommended_policies_path = '/etc/opt/yandex/browser/policies/recommended'
def __init__(self, storage, username):
def __init__(self, storage, sid, username):
self.storage = storage
self.sid = sid
self.username = username
self._is_machine_name = is_machine_name(self.username)
self.yandex_keys = self.storage.filter_hklm_entries(self.__registry_branch)
self.policies_json = {}
self.policies_json = dict()
self.__module_enabled = check_enabled(
self.storage
@@ -68,14 +69,16 @@ class yandex_browser_applier(applier_frontend):
os.makedirs(self.__managed_policies_path, exist_ok=True)
with open(destfile, 'w') as f:
json.dump(dict_item_to_list(self.policies_json), f)
logdata = {'destfile': destfile}
logdata = dict()
logdata['destfile'] = destfile
log('D185', logdata)
destfilerec = os.path.join(self.__recommended_policies_path, 'policies.json')
os.makedirs(self.__recommended_policies_path, exist_ok=True)
with open(destfilerec, 'w') as f:
json.dump(dict_item_to_list(recommended__json), f)
logdata = {'destfilerec': destfilerec}
logdata = dict()
logdata['destfilerec'] = destfilerec
log('D185', logdata)
@@ -156,7 +159,7 @@ class yandex_browser_applier(applier_frontend):
'''
Collect dictionaries from registry keys into a general dictionary
'''
counts = {}
counts = dict()
#getting the list of keys to read as an integer
valuename_typeint = self.get_valuename_typeint()
for it_data in yandex_keys:
@@ -184,7 +187,9 @@ class yandex_browser_applier(applier_frontend):
branch[parts[-1]] = str(it_data.data).replace('\\', '/')
except Exception as exc:
logdata = {'Exception': exc, 'keyname': it_data.keyname}
logdata = dict()
logdata['Exception'] = exc
logdata['keyname'] = it_data.keyname
log('D178', logdata)
try:
self.policies_json = counts['']

2
gpoa/gpoa
View File

@@ -153,8 +153,8 @@ class gpoa_controller:
try:
back.retrieve_and_store()
# Start frontend only on successful backend finish
save_dconf(self.username, self.is_machine, nodomain)
self.start_frontend()
save_dconf(self.username, self.is_machine, nodomain)
except Exception as exc:
logdata = dict({'message': str(exc)})
# In case we're handling "E3" - it means that

14
gpoa/gpt/drives.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2025 BaseALT Ltd.
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -47,7 +47,7 @@ def decrypt_pass(cpassword):
# decrypt() returns byte array which is immutable and we need to
# strip padding, then convert UTF-16LE to UTF-8
binstr = decrypter.decrypt(password)
by = []
by = list()
for item in binstr:
if item != 16:
by.append(item)
@@ -57,7 +57,7 @@ def decrypt_pass(cpassword):
return utf8str.decode()
def read_drives(drives_file):
drives = []
drives = list()
for drive in get_xml_root(drives_file):
drive_obj = drivemap()
@@ -78,9 +78,9 @@ def read_drives(drives_file):
return drives
def merge_drives(storage, drive_objects, policy_name):
def merge_drives(storage, sid, drive_objects, policy_name):
for drive in drive_objects:
storage.add_drive(drive, policy_name)
storage.add_drive(sid, drive, policy_name)
def json2drive(json_str):
json_obj = json.loads(json_str)
@@ -141,13 +141,13 @@ class drivemap(DynamicAttributes):
self.useLetter = useLetter
def to_json(self):
drive = {}
drive = dict()
drive['login'] = self.login
drive['password'] = self.password
drive['dir'] = self.dir
drive['path'] = self.path
contents = {}
contents = dict()
contents['drive'] = drive
return json.dumps(contents)

6
gpoa/gpt/dynamic_attributes.py
View File

@@ -38,12 +38,6 @@ class DynamicAttributes:
def __iter__(self):
return iter(self.__dict__.items())
def get_original_value(self, key):
value = self.__dict__.get(key)
if isinstance(value, str):
value = value.replace("", "'")
return value
class RegistryKeyMetadata(DynamicAttributes):
def __init__(self, policy_name, type, is_list=None, mod_previous_value=None):
self.policy_name = policy_name

8
gpoa/gpt/envvars.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2025 BaseALT Ltd.
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -21,7 +21,7 @@ from .dynamic_attributes import DynamicAttributes
def read_envvars(envvars_file):
variables = []
variables = list()
for var in get_xml_root(envvars_file):
props = var.find('Properties')
@@ -34,9 +34,9 @@ def read_envvars(envvars_file):
return variables
def merge_envvars(storage, envvar_objects, policy_name):
def merge_envvars(storage, sid, envvar_objects, policy_name):
for envv in envvar_objects:
storage.add_envvar(envv, policy_name)
storage.add_envvar(sid, envv, policy_name)
class envvar(DynamicAttributes):
def __init__(self, name, value, action):

8
gpoa/gpt/files.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2025 BaseALT Ltd.
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -20,7 +20,7 @@ from util.xml import get_xml_root
from .dynamic_attributes import DynamicAttributes
def read_files(filesxml):
files = []
files = list()
for fil in get_xml_root(filesxml):
props = fil.find('Properties')
@@ -36,9 +36,9 @@ def read_files(filesxml):
return files
def merge_files(storage, file_objects, policy_name):
def merge_files(storage, sid, file_objects, policy_name):
for fileobj in file_objects:
storage.add_file(fileobj, policy_name)
storage.add_file(sid, fileobj, policy_name)
class fileentry(DynamicAttributes):
def __init__(self, fromPath):

8
gpoa/gpt/folders.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2025 BaseALT Ltd.
# Copyright (C) 2019-2024 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -40,7 +40,7 @@ def folder_int2bool(val):
def read_folders(folders_file):
folders = []
folders = list()
for fld in get_xml_root(folders_file):
props = fld.find('Properties')
@@ -57,9 +57,9 @@ def read_folders(folders_file):
return folders
def merge_folders(storage, folder_objects, policy_name):
def merge_folders(storage, sid, folder_objects, policy_name):
for folder in folder_objects:
storage.add_folder(folder, policy_name)
storage.add_folder(sid, folder, policy_name)
class folderentry(DynamicAttributes):

40
gpoa/gpt/gpt.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2025 BaseALT Ltd.
# Copyright (C) 2019-2024 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -110,7 +110,7 @@ def get_preftype(path_to_file):
return None
def pref_parsers():
parsers = {}
parsers = dict()
parsers[FileType.PREG] = read_polfile
parsers[FileType.SHORTCUTS] = read_shortcuts
@@ -132,7 +132,7 @@ def get_parser(preference_type):
return parsers[preference_type]
def pref_mergers():
mergers = {}
mergers = dict()
mergers[FileType.PREG] = merge_polfile
mergers[FileType.SHORTCUTS] = merge_shortcuts
@@ -154,10 +154,11 @@ def get_merger(preference_type):
return mergers[preference_type]
class gpt:
def __init__(self, gpt_path, username='Machine', gpo_info=None):
def __init__(self, gpt_path, sid, username='Machine', gpo_info=None):
add_to_dict(gpt_path, username, gpo_info)
self.path = gpt_path
self.username = username
self.sid = sid
self.storage = registry_factory()
self.storage._gpt_read_flag = True
self.gpo_info = gpo_info
@@ -184,18 +185,18 @@ class gpt:
, 'scripts'
, 'networkshares'
]
self.settings = {}
self.settings['machine'] = {}
self.settings['user'] = {}
self.settings = dict()
self.settings['machine'] = dict()
self.settings['user'] = dict()
self.settings['machine']['regpol'] = find_file(self._machine_path, 'registry.pol')
self.settings['user']['regpol'] = find_file(self._user_path, 'registry.pol')
for setting in self.settings_list:
machine_preffile = find_preffile(self._machine_path, setting)
user_preffile = find_preffile(self._user_path, setting)
mlogdata = {'setting': setting, 'prefpath': machine_preffile}
mlogdata = dict({'setting': setting, 'prefpath': machine_preffile})
log('D24', mlogdata)
self.settings['machine'][setting] = machine_preffile
ulogdata = {'setting': setting, 'prefpath': user_preffile}
ulogdata = dict({'setting': setting, 'prefpath': user_preffile})
log('D23', ulogdata)
self.settings['user'][setting] = user_preffile
@@ -216,21 +217,21 @@ class gpt:
try:
# Merge machine policies to registry if possible
if self.settings['machine']['regpol']:
mlogdata = {'polfile': self.settings['machine']['regpol']}
mlogdata = dict({'polfile': self.settings['machine']['regpol']})
log('D34', mlogdata)
util.preg.merge_polfile(self.settings['machine']['regpol'], policy_name=self.name, gpo_info=self.gpo_info)
# Merge machine preferences to registry if possible
for preference_name, preference_path in self.settings['machine'].items():
if preference_path:
preference_type = get_preftype(preference_path)
logdata = {'pref': preference_type.value}
logdata = dict({'pref': preference_type.value, 'sid': self.sid})
log('D28', logdata)
preference_parser = get_parser(preference_type)
preference_merger = get_merger(preference_type)
preference_objects = preference_parser(preference_path)
preference_merger(self.storage, preference_objects, self.name)
preference_merger(self.storage, self.sid, preference_objects, self.name)
except Exception as exc:
logdata = {}
logdata = dict()
logdata['gpt'] = self.name
logdata['msg'] = str(exc)
log('E28', logdata)
@@ -242,9 +243,10 @@ class gpt:
try:
# Merge user policies to registry if possible
if self.settings['user']['regpol']:
mulogdata = {'polfile': self.settings['user']['regpol']}
mulogdata = dict({'polfile': self.settings['user']['regpol']})
log('D35', mulogdata)
util.preg.merge_polfile(self.settings['user']['regpol'],
sid=self.sid,
policy_name=self.name,
username=self.username,
gpo_info=self.gpo_info)
@@ -252,14 +254,14 @@ class gpt:
for preference_name, preference_path in self.settings['user'].items():
if preference_path:
preference_type = get_preftype(preference_path)
logdata = {'pref': preference_type.value}
logdata = dict({'pref': preference_type.value, 'sid': self.sid})
log('D29', logdata)
preference_parser = get_parser(preference_type)
preference_merger = get_merger(preference_type)
preference_objects = preference_parser(preference_path)
preference_merger(self.storage, preference_objects, self.name)
preference_merger(self.storage, self.sid, preference_objects, self.name)
except Exception as exc:
logdata = {}
logdata = dict()
logdata['gpt'] = self.name
logdata['msg'] = str(exc)
log('E29', logdata)
@@ -352,13 +354,13 @@ def lp2gpt():
# Write PReg
polparser.write_binary(os.path.join(destdir, 'Registry.pol'))
def get_local_gpt():
def get_local_gpt(sid):
'''
Convert default policy to GPT and create object out of it.
'''
log('D25')
lp2gpt()
local_policy = gpt(str(local_policy_cache()))
local_policy = gpt(str(local_policy_cache()), sid)
local_policy.set_name('Local Policy')
return local_policy

8
gpoa/gpt/inifiles.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2025 BaseALT Ltd.
# Copyright (C) 2019-2024 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -20,7 +20,7 @@ from util.xml import get_xml_root
from .dynamic_attributes import DynamicAttributes
def read_inifiles(inifiles_file):
inifiles = []
inifiles = list()
for ini in get_xml_root(inifiles_file):
prors = ini.find('Properties')
@@ -34,9 +34,9 @@ def read_inifiles(inifiles_file):
return inifiles
def merge_inifiles(storage, inifile_objects, policy_name):
def merge_inifiles(storage, sid, inifile_objects, policy_name):
for iniobj in inifile_objects:
storage.add_ini(iniobj, policy_name)
storage.add_ini(sid, iniobj, policy_name)
class inifile(DynamicAttributes):
def __init__(self, path):

8
gpoa/gpt/networkshares.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2025 BaseALT Ltd.
# Copyright (C) 2019-2024 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -20,7 +20,7 @@ from util.xml import get_xml_root
from .dynamic_attributes import DynamicAttributes
def read_networkshares(networksharesxml):
networkshares = []
networkshares = list()
for share in get_xml_root(networksharesxml):
props = share.find('Properties')
@@ -35,9 +35,9 @@ def read_networkshares(networksharesxml):
return networkshares
def merge_networkshares(storage, networkshares_objects, policy_name):
def merge_networkshares(storage, sid, networkshares_objects, policy_name):
for networkshareobj in networkshares_objects:
storage.add_networkshare(networkshareobj, policy_name)
storage.add_networkshare(sid, networkshareobj, policy_name)
class networkshare(DynamicAttributes):
def __init__(self, name):

10
gpoa/gpt/polfile.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2025 BaseALT Ltd.
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -23,7 +23,11 @@ from util.preg import (
def read_polfile(filename):
return load_preg(filename).entries
def merge_polfile(storage, policy_objects, policy_name):
def merge_polfile(storage, sid, policy_objects, policy_name):
pass
# for entry in policy_objects:
# if not sid:
# storage.add_hklm_entry(entry, policy_name)
# else:
# storage.add_hkcu_entry(entry, sid, policy_name)

12
gpoa/gpt/printers.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2025 BaseALT Ltd.
# Copyright (C) 2019-2024 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -25,7 +25,7 @@ def read_printers(printers_file):
'''
Read printer configurations from Printer.xml
'''
printers = []
printers = list()
for prn in get_xml_root(printers_file):
prn_obj = printer(prn.tag, prn.get('name'), prn.get('status'))
@@ -42,9 +42,9 @@ def read_printers(printers_file):
return printers
def merge_printers(storage, printer_objects, policy_name):
def merge_printers(storage, sid, printer_objects, policy_name):
for device in printer_objects:
storage.add_printer(device, policy_name)
storage.add_printer(sid, device, policy_name)
def json2printer(json_str):
'''
@@ -101,7 +101,7 @@ class printer(DynamicAttributes):
'''
Return string-serialized JSON representation of the object.
'''
printer = {}
printer = dict()
printer['type'] = self.printer_type
printer['name'] = self.name
printer['status'] = self.status
@@ -113,7 +113,7 @@ class printer(DynamicAttributes):
# Nesting JSON object into JSON object makes it easier to add
# metadata if needed.
config = {}
config = dict()
config['printer'] = printer
return json.dumps(config)

28
gpoa/gpt/scriptsini.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2025 BaseALT Ltd.
# Copyright (C) 2019-2024 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -23,10 +23,10 @@ from .dynamic_attributes import DynamicAttributes
def read_scripts(scripts_file):
scripts = Scripts_lists()
logon_scripts = {}
logoff_scripts = {}
startup_scripts = {}
shutdown_scripts = {}
logon_scripts = dict()
logoff_scripts = dict()
startup_scripts = dict()
shutdown_scripts = dict()
config = configparser.ConfigParser()
config.read(scripts_file, encoding = 'utf-16')
@@ -78,22 +78,22 @@ def read_scripts(scripts_file):
return scripts
def merge_scripts(storage, scripts_objects, policy_name):
def merge_scripts(storage, sid, scripts_objects, policy_name):
for script in scripts_objects.get_logon_scripts():
storage.add_script(script, policy_name)
storage.add_script(sid, script, policy_name)
for script in scripts_objects.get_logoff_scripts():
storage.add_script(script, policy_name)
storage.add_script(sid, script, policy_name)
for script in scripts_objects.get_startup_scripts():
storage.add_script(script, policy_name)
storage.add_script(sid, script, policy_name)
for script in scripts_objects.get_shutdown_scripts():
storage.add_script(script, policy_name)
storage.add_script(sid, script, policy_name)
class Scripts_lists:
def __init__ (self):
self.__logon_scripts = []
self.__logoff_scripts = []
self.__startup_scripts = []
self.__shutdown_scripts = []
self.__logon_scripts = list()
self.__logoff_scripts = list()
self.__startup_scripts = list()
self.__shutdown_scripts = list()
def get_logon_scripts(self):
return self.__logon_scripts

6
gpoa/gpt/services.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2025 BaseALT Ltd.
# Copyright (C) 2019-2024 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -23,7 +23,7 @@ def read_services(service_file):
'''
Read Services.xml from GPT.
'''
services = []
services = list()
for srv in get_xml_root(service_file):
srv_obj = service(srv.get('name'))
@@ -40,7 +40,7 @@ def read_services(service_file):
return services
def merge_services(storage, service_objects, policy_name):
def merge_services(storage, sid, service_objects, policy_name):
for srv in service_objects:
pass

20
gpoa/gpt/shortcuts.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2025 BaseALT Ltd.
# Copyright (C) 2019-2024 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -69,7 +69,7 @@ def read_shortcuts(shortcuts_file):
:shortcuts_file: Location of Shortcuts.xml
'''
shortcuts = []
shortcuts = list()
for link in get_xml_root(shortcuts_file):
props = link.find('Properties')
@@ -95,9 +95,9 @@ def read_shortcuts(shortcuts_file):
return shortcuts
def merge_shortcuts(storage, shortcut_objects, policy_name):
def merge_shortcuts(storage, sid, shortcut_objects, policy_name):
for shortcut in shortcut_objects:
storage.add_shortcut(shortcut, policy_name)
storage.add_shortcut(sid, shortcut, policy_name)
def find_desktop_entry(binary_path):
@@ -114,8 +114,6 @@ def find_desktop_entry(binary_path):
class shortcut(DynamicAttributes):
_ignore_fields = {"desktop_file_template", "desktop_file"}
def __init__(self, dest, path, arguments, name=None, action=None, ttype=TargetType.FILESYSTEM):
'''
:param dest: Path to resulting file on file system
@@ -137,14 +135,6 @@ class shortcut(DynamicAttributes):
self.type = ttype
self.desktop_file_template = None
def items(self):
return ((k, v) for k, v in super().items() if k not in self._ignore_fields)
def __iter__(self):
return iter(self.items())
def replace_slashes(self, input_path):
if input_path.startswith('%'):
index = input_path.find('%', 1)
@@ -248,7 +238,7 @@ class shortcut(DynamicAttributes):
if self.desktop_file_template:
terminal_state = str2bool_lambda(self.desktop_file_template.get('Terminal'))
self.desktop_file.set('Terminal', 'true' if terminal_state else 'false')
self.desktop_file.set('Exec', '{} {}'.format(desktop_path, self.get_original_value('arguments')))
self.desktop_file.set('Exec', '{} {}'.format(desktop_path, self.arguments))
self.desktop_file.set('Comment', self.comment)
if self.icon:

4
gpoa/gpt/tasks.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2025 BaseALT Ltd.
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -19,7 +19,7 @@
def read_tasks(filename):
pass
def merge_tasks(storage, task_objects, policy_name):
def merge_tasks(storage, sid, task_objects, policy_name):
for task in task_objects:
pass

10
gpoa/gpupdate
View File

@@ -2,7 +2,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2025 BaseALT Ltd.
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -113,14 +113,14 @@ def runner_factory(args, target):
target = 'COMPUTER'
except:
username = None
logdata = {'username': args.user}
logdata = dict({'username': args.user})
log('W1', logdata)
else:
# User may only perform gpupdate for machine (None) or
# itself (os.getusername()).
username = pwd.getpwuid(os.getuid()).pw_name
if args.user != username:
logdata = {'username': username}
logdata = dict({'username': username})
log('W2', logdata)
if args.system:
@@ -179,7 +179,7 @@ def main():
try:
gpo_appliers[0].run()
except Exception as exc:
logdata = {'error': str(exc)}
logdata = dict({'error': str(exc)})
log('E5')
return int(ExitCodeUpdater.FAIL_GPUPDATE_COMPUTER_NOREPLY)
@@ -187,7 +187,7 @@ def main():
try:
gpo_appliers[1].run()
except Exception as exc:
logdata = {'error': str(exc)}
logdata = dict({'error': str(exc)})
log('E6', logdata)
return int(ExitCodeUpdater.FAIL_GPUPDATE_USER_NOREPLY)
else:

27
gpoa/gpupdate-setup
View File

@@ -2,7 +2,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2025 BaseALT Ltd.
# Copyright (C) 2019-2024 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -342,19 +342,18 @@ def act_default_policy():
def main():
arguments = parse_arguments()
action = {
'list': act_list,
'list-backends': act_list_backends,
'status': act_status,
'set-backend': act_set_backend,
'write': act_write,
'enable': act_enable,
'update': act_enable,
'disable': disable_gp,
'active-policy': act_active_policy,
'active-backend': act_active_backend,
'default-policy': act_default_policy
}
action = dict()
action['list'] = act_list
action['list-backends'] = act_list_backends
action['status'] = act_status
action['set-backend'] = act_set_backend
action['write'] = act_write
action['enable'] = act_enable
action['update'] = act_enable
action['disable'] = disable_gp
action['active-policy'] = act_active_policy
action['active-backend'] = act_active_backend
action['default-policy'] = act_default_policy
if arguments.action == None:
action['status']()

118
gpoa/locale/ru_RU/LC_MESSAGES/gpoa.po
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2025 BaseALT Ltd.
# Copyright (C) 2019-2024 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -262,12 +262,6 @@ msgstr "Не удалось получить данные из базы dconf"
msgid "Autofs restart failed"
msgstr "Перезапуск Autofs не удался"
msgid "Failed to update LDAP with new password data"
msgstr "Не удалось обновить LDAP новыми данными пароля"
msgid "Failed to change local user password"
msgstr "Не удалось изменить пароль локального пользователя"
# Error_end
# Debug
@@ -907,60 +901,6 @@ msgstr "Очистка файла environment не удалась"
msgid "Failed to get dictionary"
msgstr "Не удалось получить словарь"
msgid "LAPS applier started"
msgstr "Запущен обработчик LAPS"
msgid "LAPS applier is disabled"
msgstr "Обработчик LAPS отключен"
msgid "Rebooting system after password change"
msgstr "Перезагрузка системы после смены пароля"
msgid "Password changed"
msgstr "Пароль изменён"
msgid "Writing password changes time"
msgstr "Запись времени изменения пароля"
msgid "Requirements not met"
msgstr "Требования не выполнены"
msgid "The number of hours from the moment of the last user entrance"
msgstr "Количество часов с момента последнего входа пользователя"
msgid "The number of hours since the password has last changed"
msgstr "Количество часов с момента последнего изменения пароля"
msgid "LDAP updated with new password data"
msgstr "LDAP обновлён новыми данными пароля"
msgid "No active sessions found"
msgstr "Активные сеансы не найдены"
msgid "Process terminated"
msgstr "Процесс завершён"
msgid "Password update not needed"
msgstr "Обновление пароля не требуется"
msgid "Password successfully updated"
msgstr "Пароль успешно обновлён"
msgid "Cleaning the autofs catalog"
msgstr "Очистка каталога autofs"
msgid "No user login records found"
msgstr "Не найдены записи о входе пользователя"
msgid "Calculating time since the first user login after their password change"
msgstr "Расчет времени с момента первого входа пользователя после изменения их пароля"
msgid "No logins found after password change"
msgstr "Не найдены входы после изменения пароля"
msgid "Unknown message type, no message assigned"
msgstr "Неизвестный тип сообщения"
# Debug_end
# Warning
@@ -1043,58 +983,6 @@ msgstr "Не удалось загрузить контент с удаленн
msgid "Force mode activated"
msgstr "Режим force задействован"
msgid "Failed to change password"
msgstr "Не удалось изменить пароль"
msgid "Failed to write password modification time"
msgstr "Не удалось записать время изменения пароля"
msgid "LAPS requirements not met, module disabled"
msgstr "Требования LAPS не выполнены, модуль отключён"
msgid "Could not resolve encryption principal name. Return admin group SID"
msgstr "Не удалось определить имя шифрования. Возвращён SID группы администраторов"
msgid "Failed to get expiration time from LDAP"
msgstr "Не удалось получить время истечения срока действия из LDAP"
msgid "Failed to read password modification time from dconf"
msgstr "Не удалось прочитать время изменения пароля из dconf"
msgid "Failed to get last login time"
msgstr "Не удалось получить время последнего входа"
msgid "Failed to calculate password age"
msgstr "Не удалось вычислить возраст пароля"
msgid "Failed to terminate process"
msgstr "Не удалось завершить процесс"
msgid "The user was not found to change the password"
msgstr "Пользователь для изменения пароля не был найден"
msgid "Error while cleaning the autofs catalog"
msgstr "Ошибка при очистке каталога autofs"
msgid "Problem with timezone detection"
msgstr "Проблема с определением часового пояса"
msgid "Error executing last command"
msgstr "Ошибка выполнения команды last"
msgid "Last command not found"
msgstr "Команда last не найдена"
msgid "Error getting user login times"
msgstr "Ошибка получения времени входа пользователя"
msgid "Invalid timezone in reference datetime"
msgstr "Некорректный часовой пояс в reference datetime"
msgid "wbinfo SID lookup failed; will try as trusted domain user"
msgstr "Ошибка получения SID через wbinfo; будет предпринята попытка как для пользователя доверенного домена"
# Warning_end
# Fatal
msgid "Unable to refresh GPO list"
msgstr "Невозможно обновить список объектов групповых политик"
@@ -1108,5 +996,7 @@ msgstr "Не удалось получить GPT для пользователя
msgid "Unknown fatal code"
msgstr "Неизвестный код фатальной ошибки"
# get_message
msgid "Unknown message type, no message assigned"
msgstr "Неизвестный тип сообщения"

48
gpoa/messages/__init__.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2025 BaseALT Ltd.
# Copyright (C) 2019-2024 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -20,7 +20,7 @@
import gettext
def info_code(code):
info_ids = {}
info_ids = dict()
info_ids[1] = 'Got GPO list for username'
info_ids[2] = 'Got GPO'
info_ids[3] = 'Working with control'
@@ -36,7 +36,7 @@ def info_code(code):
return info_ids.get(code, 'Unknown info code')
def error_code(code):
error_ids = {}
error_ids = dict()
error_ids[1] = 'Insufficient permissions to run gpupdate'
error_ids[2] = 'gpupdate will not be started'
error_ids[3] = 'Backend execution error'
@@ -110,12 +110,10 @@ def error_code(code):
error_ids[72] = 'Exception occurred while updating dconf database'
error_ids[73] = 'Failed to retrieve data from dconf database'
error_ids[74] = 'Autofs restart failed'
error_ids[75] = 'Failed to update LDAP with new password data'
error_ids[76] = 'Failed to change local user password'
return error_ids.get(code, 'Unknown error code')
def debug_code(code):
debug_ids = {}
debug_ids = dict()
debug_ids[1] = 'The GPOA process was started for user'
debug_ids[2] = 'Username is not specified - will use username of the current process'
debug_ids[3] = 'Initializing plugin manager'
@@ -332,28 +330,11 @@ def debug_code(code):
debug_ids[215] = 'The environment file has been cleaned'
debug_ids[216] = 'Cleanup of file environment failed'
debug_ids[217] = 'Failed to get dictionary'
debug_ids[218] = 'LAPS applier started'
debug_ids[219] = 'LAPS applier is disabled'
debug_ids[220] = 'Rebooting system after password change'
debug_ids[221] = 'Password changed'
debug_ids[222] = 'Writing password changes time'
debug_ids[223] = 'Requirements not met'
debug_ids[224] = 'The number of hours from the moment of the last user entrance'
debug_ids[225] = 'The number of hours since the password has last changed'
debug_ids[226] = 'LDAP updated with new password data'
debug_ids[227] = 'No active sessions found'
debug_ids[228] = 'Process terminated'
debug_ids[229] = 'Password update not needed'
debug_ids[230] = 'Password successfully updated'
debug_ids[231] = 'Cleaning the autofs catalog'
debug_ids[232] = 'No user login records found'
debug_ids[233] = 'Calculating time since the first user login after their password change'
debug_ids[234] = 'No logins found after password change'
return debug_ids.get(code, 'Unknown debug code')
def warning_code(code):
warning_ids = {}
warning_ids = dict()
warning_ids[1] = (
'Unable to perform gpupdate for non-existent user, '
'will update machine settings'
@@ -386,28 +367,11 @@ def warning_code(code):
warning_ids[24] = 'Couldn\'t get the uid'
warning_ids[25] = 'Failed to load content from remote host'
warning_ids[26] = 'Force mode activated'
warning_ids[27] = 'Failed to change password'
warning_ids[28] = 'Failed to write password modification time'
warning_ids[29] = 'LAPS requirements not met, module disabled'
warning_ids[30] = 'Could not resolve encryption principal name. Return admin group SID'
warning_ids[31] = 'Failed to get expiration time from LDAP'
warning_ids[32] = 'Failed to read password modification time from dconf'
warning_ids[33] = 'Failed to get last login time'
warning_ids[34] = 'Failed to calculate password age'
warning_ids[35] = 'Failed to terminate process'
warning_ids[36] = 'The user was not found to change the password'
warning_ids[37] = 'Error while cleaning the autofs catalog'
warning_ids[38] = 'Problem with timezone detection'
warning_ids[39] = 'Error executing last command'
warning_ids[40] = 'Last command not found'
warning_ids[41] = 'Error getting user login times'
warning_ids[42] = 'Invalid timezone in reference datetime'
warning_ids[43] = 'wbinfo SID lookup failed; will try as trusted domain user'
return warning_ids.get(code, 'Unknown warning code')
def fatal_code(code):
fatal_ids = {}
fatal_ids = dict()
fatal_ids[1] = 'Unable to refresh GPO list'
fatal_ids[2] = 'Error getting GPTs for machine'
fatal_ids[3] = 'Error getting GPTs for user'

18
gpoa/pkcon_runner
View File

@@ -20,6 +20,7 @@
import rpm
import subprocess
from gpoa.storage import registry_factory
from util.gpoa_ini_parsing import GpoaConfigObj
from util.util import get_uid_by_username, string_to_literal_eval
import logging
from util.logging import log
@@ -61,11 +62,9 @@ class Pkcon_applier:
self.remove_packages_setting = string_to_literal_eval(dict_packages.get(remove_key_name,[]))
for package in self.install_packages_setting:
package = package.strip()
if not is_rpm_installed(package):
self.install_packages.add(package)
for package in self.remove_packages_setting:
package = package.strip()
if package in self.install_packages:
self.install_packages.remove(package)
if is_rpm_installed(package):
@@ -75,20 +74,24 @@ class Pkcon_applier:
log('D142')
self.update()
for package in self.remove_packages:
logdata = {'name': package}
try:
logdata = dict()
logdata['name'] = package
log('D149', logdata)
self.remove_pkg(package)
except Exception as exc:
logdata = dict()
logdata['exc'] = exc
log('E58', logdata)
for package in self.install_packages:
logdata = {'name': package}
try:
logdata = dict()
logdata['name'] = package
log('D148', logdata)
self.install_pkg(package)
except Exception as exc:
logdata = dict()
logdata['exc'] = exc
log('E57', logdata)
@@ -102,7 +105,7 @@ class Pkcon_applier:
pass
def remove_pkg(self, package_name):
fullcmd = list(self.__remove_command)
fullcmd = self.__remove_command
fullcmd.append(package_name)
return subprocess.check_output(fullcmd)
@@ -113,14 +116,15 @@ class Pkcon_applier:
try:
res = subprocess.check_output(['/usr/bin/apt-get', 'update'], encoding='utf-8')
msg = str(res).split('\n')
logdata = {}
logdata = dict()
for mslog in msg:
ms = str(mslog).split(' ')
if ms:
logdata = {ms[0]: ms[1:-1]}
log('D143', logdata)
except Exception as exc:
logdata = {'msg': exc}
logdata = dict()
logdata['msg'] = exc
log('E56',logdata)
if __name__ == '__main__':

2
gpoa/plugin/plugin_manager.py
View File

@@ -27,7 +27,7 @@ from messages import message_with_code
class plugin_manager:
def __init__(self):
self.plugins = {}
self.plugins = dict()
logging.debug(slogm(message_with_code('D3')))
try:
self.plugins['adp'] = adp()

8
gpoa/scripts_runner
View File

@@ -33,7 +33,7 @@ class Scripts_runner:
self.dir_scripts_machine = '/var/cache/gpupdate_scripts_cache/machine/'
self.dir_scripts_users = '/var/cache/gpupdate_scripts_cache/users/'
self.user_name = user_name
self.list_with_all_commands = []
self.list_with_all_commands = list()
stack_dir = None
if work_mode and work_mode.upper() == 'MACHINE':
stack_dir = self.machine_runner_fill()
@@ -59,7 +59,7 @@ class Scripts_runner:
return self.get_stack_dir(self.dir_scripts_machine)
def get_stack_dir(self, path_dir):
stack_dir = []
stack_dir = list()
try:
dir_script = Path(path_dir)
for it_dir in dir_script.iterdir():
@@ -72,7 +72,7 @@ class Scripts_runner:
def find_action(self, stack_dir):
if not stack_dir:
return
list_tmp = []
list_tmp = list()
while stack_dir:
path_turn = stack_dir.pop()
basename = os.path.basename(path_turn)
@@ -94,7 +94,7 @@ class Scripts_runner:
except Exception as exc:
print('Argument read for {}: {}'.format(self.list_with_all_commands.pop(), exc))
else:
cmd = []
cmd = list()
cmd.append(file_in_task_dir)
self.list_with_all_commands.append(cmd)

149
gpoa/storage/dconf_registry.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2025 BaseALT Ltd.
# Copyright (C) 2019-2023 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -64,37 +64,37 @@ class Dconf_registry():
'''
_GpoPriority = 'Software/BaseALT/Policies/GpoPriority'
_gpo_name = set()
global_registry_dict = {_GpoPriority:{}}
previous_global_registry_dict = {}
global_registry_dict = dict({_GpoPriority:{}})
previous_global_registry_dict = dict()
__template_file = '/usr/share/dconf/user_mandatory.template'
_policies_path = 'Software/'
_policies_win_path = 'SOFTWARE/'
_gpt_read_flag = False
_force = False
__dconf_dict_flag = False
__dconf_dict = {}
_dconf_db = {}
_dict_gpo_name_version_cache = {}
__dconf_dict = dict()
_dconf_db = dict()
_dict_gpo_name_version_cache = dict()
_username = None
_uid = None
_envprofile = None
_path_bin_system = "/etc/dconf/db/policy"
list_keys = []
_info = {}
list_keys = list()
_info = dict()
_counter_gpt = itertools.count(0)
shortcuts = []
folders = []
files = []
drives = []
scheduledtasks = []
environmentvariables = []
inifiles = []
services = []
printers = []
scripts = []
networkshares = []
shortcuts = list()
folders = list()
files = list()
drives = list()
scheduledtasks = list()
environmentvariables = list()
inifiles = list()
services = list()
printers = list()
scripts = list()
networkshares = list()
_true_strings = {
"True",
@@ -126,7 +126,7 @@ class Dconf_registry():
def get_matching_keys(path):
if path[0] != '/':
path = '/' + path
logdata = {}
logdata = dict()
envprofile = get_dconf_envprofile()
try:
process = subprocess.Popen(['dconf', 'list', path],
@@ -157,7 +157,7 @@ class Dconf_registry():
@staticmethod
def get_key_value(key):
logdata = {}
logdata = dict()
envprofile = get_dconf_envprofile()
try:
process = subprocess.Popen(['dconf', 'read', key],
@@ -176,7 +176,7 @@ class Dconf_registry():
@staticmethod
def dconf_update(uid=None):
logdata = {}
logdata = dict()
path_dconf_config = get_dconf_config_path(uid)
db_file = path_dconf_config[:-3]
try:
@@ -209,7 +209,7 @@ class Dconf_registry():
@classmethod
def apply_template(cls, uid):
logdata = {}
logdata = dict()
if uid and cls.check_profile_template():
with open(cls.__template_file, "r") as f:
template = f.read()
@@ -218,15 +218,13 @@ class Dconf_registry():
elif uid:
content = f"user-db:user\n" \
f"system-db:distr\n" \
f"system-db:policy\n" \
f"system-db:policy{uid}\n" \
f"system-db:local\n" \
f"system-db:default\n" \
f"system-db:local\n" \
f"system-db:policy{uid}\n" \
f"system-db:policy\n" \
f"system-db:distr\n"
f"system-db:policy\n"
else:
logdata['uid'] = uid
log('W24', logdata)
@@ -259,7 +257,7 @@ class Dconf_registry():
@classmethod
def get_dictionary_from_dconf_file_db(self, uid=None, path_bin=None, save_dconf_db=False):
logdata = {}
logdata = dict()
error_skip = None
if path_bin:
error_skip = True
@@ -331,7 +329,7 @@ class Dconf_registry():
@classmethod
def filter_hkcu_entries(cls, startswith):
def filter_hkcu_entries(cls, sid, startswith):
return cls.filter_hklm_entries(startswith)
@@ -358,7 +356,7 @@ class Dconf_registry():
@classmethod
def get_entry(cls, path, dictionary = None, preg = True):
logdata = {}
logdata = dict()
result = Dconf_registry.get_storage(dictionary)
keys = path.split("\\") if "\\" in path else path.split("/")
@@ -386,7 +384,7 @@ class Dconf_registry():
return False
@classmethod
def get_hkcu_entry(cls, hive_key, dictionary = None):
def get_hkcu_entry(cls, sid, hive_key, dictionary = None):
return cls.get_hklm_entry(hive_key, dictionary)
@@ -397,85 +395,85 @@ class Dconf_registry():
@classmethod
def add_shortcut(cls, sc_obj, policy_name):
def add_shortcut(cls, sid, sc_obj, policy_name):
sc_obj.policy_name = policy_name
cls.shortcuts.append(sc_obj)
@classmethod
def add_printer(cls, pobj, policy_name):
def add_printer(cls, sid, pobj, policy_name):
pobj.policy_name = policy_name
cls.printers.append(pobj)
@classmethod
def add_drive(cls, dobj, policy_name):
def add_drive(cls, sid, dobj, policy_name):
dobj.policy_name = policy_name
cls.drives.append(dobj)
@classmethod
def add_folder(cls, fobj, policy_name):
def add_folder(cls, sid, fobj, policy_name):
fobj.policy_name = policy_name
cls.folders.append(fobj)
@classmethod
def add_envvar(self, evobj, policy_name):
def add_envvar(self, sid, evobj, policy_name):
evobj.policy_name = policy_name
self.environmentvariables.append(evobj)
@classmethod
def add_script(cls, scrobj, policy_name):
def add_script(cls, sid, scrobj, policy_name):
scrobj.policy_name = policy_name
cls.scripts.append(scrobj)
@classmethod
def add_file(cls, fileobj, policy_name):
def add_file(cls, sid, fileobj, policy_name):
fileobj.policy_name = policy_name
cls.files.append(fileobj)
@classmethod
def add_ini(cls, iniobj, policy_name):
def add_ini(cls, sid, iniobj, policy_name):
iniobj.policy_name = policy_name
cls.inifiles.append(iniobj)
@classmethod
def add_networkshare(cls, networkshareobj, policy_name):
def add_networkshare(cls, sid, networkshareobj, policy_name):
networkshareobj.policy_name = policy_name
cls.networkshares.append(networkshareobj)
@classmethod
def get_shortcuts(cls):
def get_shortcuts(cls, sid):
return cls.shortcuts
@classmethod
def get_printers(cls):
def get_printers(cls, sid):
return cls.printers
@classmethod
def get_drives(cls):
def get_drives(cls, sid):
return cls.drives
@classmethod
def get_folders(cls):
def get_folders(cls, sid):
return cls.folders
@classmethod
def get_envvars(cls):
def get_envvars(cls, sid):
return cls.environmentvariables
@classmethod
def get_scripts(cls, action):
def get_scripts(cls, sid, action):
action_scripts = list()
for part in cls.scripts:
if action == 'LOGON' and part.action == 'LOGON':
@@ -490,22 +488,22 @@ class Dconf_registry():
@classmethod
def get_files(cls):
def get_files(cls, sid):
return cls.files
@classmethod
def get_networkshare(cls):
def get_networkshare(cls, sid):
return cls.networkshares
@classmethod
def get_ini(cls):
def get_ini(cls, sid):
return cls.inifiles
@classmethod
def wipe_user(cls):
def wipe_user(cls, sid):
cls.wipe_hklm()
@@ -697,59 +695,12 @@ def create_dconf_ini_file(filename, data, uid=None, nodomain=None):
else:
file.write(f'{key} = "{value}"\n')
file.write('\n')
logdata = {'path': filename}
logdata = dict()
logdata['path'] = filename
log('D209', logdata)
create_dconf_file_locks(filename, data)
Dconf_registry.dconf_update(uid)
def create_dconf_file_locks(filename_ini, data):
"""
Creates a dconf lock file based on the provided filename and data.
:param filename_ini: Path to the ini file (str)
:param data: Dictionary containing configuration data
"""
# Extract the path parts up to the directory of the ini file
tmp_lock = filename_ini.split('/')[:-1]
# Construct the path to the lock file
file_lock = '/'.join(tmp_lock + ['locks', tmp_lock[-1][:-1] + 'pol'])
# Create an empty lock file
touch_file(file_lock)
# Open the lock file for writing
with open(file_lock, 'w') as file:
# Iterate over all lock keys obtained from the data
for key_lock in get_keys_dconf_locks(data):
# Remove the "lock/" prefix from the key and split into parts
key = key_lock.split('/')[1:]
# Write the cleaned key to the lock file
file.write(f'{key}\n')
def get_keys_dconf_locks(data):
"""
Extracts keys from the provided data that start with "Locks/"
and have a value of 1.
:param data: Dictionary containing configuration data
:return: List of lock keys (str) without the "Locks/" prefix
"""
result = []
# Flatten the nested dictionary into a single-level dictionary
flatten_data = flatten_dictionary(data)
# Iterate through all keys in the flattened dictionary
for key in flatten_data:
# Check if the key starts with "Locks/" and its value is 1
if key.startswith('Locks/') and flatten_data[key] == 1:
# Remove the "Locks" prefix and append to the result
result.append(key.removeprefix('Locks'))
return result
def check_data(data, t_data):
if isinstance(data, bytes):
if t_data == 7:
@@ -844,7 +795,7 @@ def add_preferences_to_global_registry_dict(username, is_machine):
def extract_display_name_version(data, username):
policy_force = data.get('Software/BaseALT/Policies/GPUpdate', {}).get('Force', False)
if Dconf_registry._force or policy_force:
logdata = {'username': username}
logdata = dict({'username': username})
log('W26', logdata)
return {}
result = {}

14
gpoa/storage/fs_file_cache.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2021-2025 BaseALT Ltd. <org@basealt.ru>
# Copyright (C) 2021-2024 BaseALT Ltd. <org@basealt.ru>
# Copyright (C) 2021 Igor Chudov <nir@nir.org.ru>
#
# This program is free software: you can redistribute it and/or modify
@@ -42,7 +42,7 @@ class fs_file_cache:
self.storage_uri = file_cache_dir()
else:
self.storage_uri = file_cache_dir()
logdata = {'cache_file': self.storage_uri}
logdata = dict({'cache_file': self.storage_uri})
log('D20', logdata)
self.samba_context = smbc.Context(use_kerberos=1)
#, debug=10)
@@ -62,7 +62,7 @@ class fs_file_cache:
return None
except Exception as exc:
logdata = {'exception': str(exc)}
logdata = dict({'exception': str(exc)})
log('D144', logdata)
raise exc
@@ -87,7 +87,7 @@ class fs_file_cache:
os.rename(tmpfile, destfile)
os.chmod(destfile, 0o644)
except Exception as exc:
logdata = {'exception': str(exc)}
logdata = dict({'exception': str(exc)})
log('W25', logdata)
tmppath = Path(tmpfile)
if tmppath.exists():
@@ -103,10 +103,10 @@ class fs_file_cache:
uri_path.get_domain(),
uri_path.get_path()))
except NotUNCPathError as exc:
logdata = {'path': str(exc)}
logdata = dict({'path': str(exc)})
log('D62', logdata)
except Exception as exc:
logdata = {'exception': str(exc)}
logdata = dict({'exception': str(exc)})
log('E36', logdata)
raise exc
if Path(destfile).exists():
@@ -125,6 +125,6 @@ class fs_file_cache:
except Exception as exc:
if Path(uri).exists():
return None
logdata = {'exception': str(exc)}
logdata = dict({'exception': str(exc)})
log('W12', logdata)
return None

6
gpoa/templates/autofs_mountpoints.j2
View File

@@ -19,9 +19,9 @@
{%- for drv in drives %}
{% if (drv.thisDrive != 'HIDE') %}
{% if drv.label %}
"{{ drv.label }}" -fstype=cifs,cruid=$USER,sec=krb5,noperm{% if drv.username %}{% else %},multiuser{% endif %}{% if drv.cifsacl %},cifsacl{% endif %} :{{ drv.path }}
"{{ drv.label }}" -fstype=cifs,cruid=$USER,sec=krb5,noperm,cifsacl :{{ drv.path }}
{% else %}
"{{ drv.dir }}" -fstype=cifs,cruid=$USER,sec=krb5,noperm{% if drv.username %}{% else %},multiuser{% endif %}{% if drv.cifsacl %},cifsacl{% endif %} :{{ drv.path }}
"{{ drv.dir }}" -fstype=cifs,cruid=$USER,sec=krb5,noperm,cifsacl :{{ drv.path }}
{% endif %}
{% endif %}
{% endfor %}
{% endfor %}

4
gpoa/templates/autofs_mountpoints_hide.j2
View File

@@ -19,9 +19,9 @@
{%- for drv in drives %}
{% if (drv.thisDrive == 'HIDE') %}
{% if drv.label %}
"{{ drv.label }}" -fstype=cifs,cruid=$USER,sec=krb5,noperm{% if drv.username %}{% else %},multiuser{% endif %}{% if drv.cifsacl %},cifsacl{% endif %} :{{ drv.path }}
"{{ drv.label }}" -fstype=cifs,cruid=$USER,sec=krb5,noperm,cifsacl :{{ drv.path }}
{% else %}
"{{ drv.dir }}" -fstype=cifs,cruid=$USER,sec=krb5,noperm{% if drv.username %}{% else %},multiuser{% endif %}{% if drv.cifsacl %},cifsacl{% endif %} :{{ drv.path }}
"{{ drv.dir }}" -fstype=cifs,cruid=$USER,sec=krb5,noperm,cifsacl :{{ drv.path }}
{% endif %}
{% endif %}
{% endfor %}

2
gpoa/util/arguments.py
View File

@@ -68,7 +68,7 @@ def process_target(target_name=None):
if target_name:
target = target_name
logdata = {'target': target}
logdata = dict({'target': target})
log('D10', logdata)
return target.upper()

15
gpoa/util/dbus.py
View File

@@ -71,7 +71,7 @@ class dbus_runner:
def run(self):
if self.username:
logdata = {'username': self.username}
logdata = dict({'username': self.username})
log('D6', logdata)
gpupdate = 'gpupdate' if not Dconf_registry._force else 'gpupdate_force'
if is_root():
@@ -88,7 +88,8 @@ class dbus_runner:
timeout=self._synchronous_timeout)
print_dbus_result(result)
except dbus.exceptions.DBusException as exc:
logdata = {'username': self.username}
logdata = dict()
logdata['username'] = self.username
log('E23', logdata)
raise exc
else:
@@ -102,7 +103,7 @@ class dbus_runner:
timeout=self._synchronous_timeout)
print_dbus_result(result)
except dbus.exceptions.DBusException as exc:
logdata = {'error': str(exc)}
logdata = dict({'error': str(exc)})
log('E21', logdata)
raise exc
else:
@@ -120,7 +121,7 @@ class dbus_runner:
timeout=self._synchronous_timeout)
print_dbus_result(result)
except dbus.exceptions.DBusException as exc:
logdata = {'error': str(exc)}
logdata = dict({'error': str(exc)})
log('E22', logdata)
raise exc
@@ -193,7 +194,7 @@ def print_dbus_result(result):
'''
exitcode = result[0]
message = result[1:]
logdata = {'retcode': exitcode}
logdata = dict({'retcode': exitcode})
log('D12', logdata)
for line in message:
@@ -207,7 +208,7 @@ class dbus_session:
self.session_dbus = self.session_bus.get_object('org.freedesktop.DBus', '/org/freedesktop/DBus')
self.session_iface = dbus.Interface(self.session_dbus, 'org.freedesktop.DBus')
except dbus.exceptions.DBusException as exc:
logdata = {'error': str(exc)}
logdata = dict({'error': str(exc)})
log('E31', logdata)
raise exc
@@ -218,7 +219,7 @@ class dbus_session:
log('D57', {"pid": pid})
except dbus.exceptions.DBusException as exc:
if exc.get_dbus_name() != 'org.freedesktop.DBus.Error.NameHasNoOwner':
logdata = {'error': str(exc)}
logdata = dict({'error': str(exc)})
log('E32', logdata)
raise exc
log('D58', {'connection': connection})

4
gpoa/util/exceptions.py
View File

@@ -27,13 +27,13 @@ def geterr():
'''
etype, evalue, etrace = sys.exc_info()
traceinfo = {
traceinfo = dict({
'file': etrace.tb_frame.f_code.co_filename
, 'line': etrace.tb_lineno
, 'name': etrace.tb_frame.f_code.co_name
, 'type': etype.__name__
, 'message': evalue
}
})
del(etype, evalue, etrace)

8
gpoa/util/kerberos.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2025 BaseALT Ltd.
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -80,10 +80,12 @@ def check_krb_ticket():
subprocess.check_call(['klist', '-s'])
output = subprocess.check_output('klist', stderr=subprocess.STDOUT).decode()
result = True
logdata = {'output': output}
logdata = dict()
logdata['output'] = output
log('D17', logdata)
except Exception as exc:
logdata = {'krb-exc': exc}
logdata = dict()
logdata['krb-exc'] = exc
log('E14', logdata)
return result

6
gpoa/util/logging.py
View File

@@ -40,15 +40,15 @@ class slogm(object):
'''
Structured log message class
'''
def __init__(self, message, kwargs={}):
def __init__(self, message, kwargs=dict()):
self.message = message
self.kwargs = kwargs
if not self.kwargs:
self.kwargs = {}
self.kwargs = dict()
def __str__(self):
now = str(datetime.datetime.now().isoformat(sep=' ', timespec='milliseconds'))
args = {}
args = dict()
args.update(self.kwargs)
result = '{}|{}|{}'.format(now, self.message, args)

18
gpoa/util/preg.py
View File

@@ -39,7 +39,7 @@ def load_xml_preg(xml_path):
'''
Parse XML/PReg file and return its preg object
'''
logdata = {'polfile': xml_path}
logdata = dict({'polfile': xml_path})
log('D36', logdata)
gpparser = GPPolParser()
xml_root = ElementTree.parse(xml_path).getroot()
@@ -53,14 +53,14 @@ def load_pol_preg(polfile):
'''
Parse PReg file and return its preg object
'''
logdata = {'polfile': polfile}
logdata = dict({'polfile': polfile})
log('D31', logdata)
gpparser = GPPolParser()
data = None
with open(polfile, 'rb') as f:
data = f.read()
logdata = {'polfile': polfile, 'length': len(data)}
logdata = dict({'polfile': polfile, 'length': len(data)})
log('D33', logdata)
gpparser.parse(data)
@@ -71,7 +71,7 @@ def load_pol_preg(polfile):
def preg_keymap(preg):
pregfile = load_preg(preg)
keymap = {}
keymap = dict()
for entry in pregfile.entries:
hive_key = '{}\\{}'.format(entry.keyname, entry.valuename)
@@ -86,7 +86,7 @@ def merge_polfile(preg, sid=None, reg_name='registry', reg_path=None, policy_nam
load_preg_dconf(pregfile, preg, policy_name, None, gpo_info)
else:
load_preg_dconf(pregfile, preg, policy_name, username, gpo_info)
logdata = {'pregfile': preg}
logdata = dict({'pregfile': preg})
log('D32', logdata)
@@ -97,12 +97,16 @@ class entry:
self.valuename = e_valuename
self.type = e_type
self.data = e_data
logdata = {'keyname': self.keyname, 'valuename': self.valuename, 'type': self.type, 'data': self.data}
logdata = dict()
logdata['keyname'] = self.keyname
logdata['valuename'] = self.valuename
logdata['type'] = self.type
logdata['data'] = self.data
log('D22', logdata)
class pentries:
def __init__(self):
self.entries = []
self.entries = list()
def preg2entries(preg_obj):

14
gpoa/util/roles.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2025 BaseALT Ltd.
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -28,7 +28,7 @@ def get_roles(role_dir):
'''
Return list of directories in /etc/role named after role plus '.d'
'''
directories = []
directories = list()
try:
for item in role_dir.iterdir():
if item.is_dir():
@@ -45,7 +45,7 @@ def read_groups(role_file_path):
'''
Read list of whitespace-separated groups from file
'''
groups = []
groups = list()
with open(role_file_path, 'r') as role_file:
lines = role_file.readlines()
@@ -54,7 +54,7 @@ def read_groups(role_file_path):
print(linegroups)
groups.extend(linegroups)
return {*groups}
return set(groups)
def get_rolegroups(roledir):
@@ -63,16 +63,16 @@ def get_rolegroups(roledir):
'''
roledir_path = pathlib.Path(roledir)
group_files = []
group_files = list()
for item in roledir_path.iterdir():
if item.is_file():
group_files.append(item)
groups = []
groups = list()
for item in group_files:
groups.extend(read_groups(item))
return {*groups}
return set(groups)
def create_role(role_name, privilege_list):
'''

6
gpoa/util/rpm.py
View File

@@ -1,7 +1,7 @@
#
# GPOA - GPO Applier for Linux
#
# Copyright (C) 2019-2025 BaseALT Ltd.
# Copyright (C) 2019-2020 BaseALT Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -116,7 +116,7 @@ def install_rpms(rpm_names):
'''
Install set of RPMs sequentially
'''
result = []
result = list()
for package in rpm_names:
result.append(install_rpm(package))
@@ -127,7 +127,7 @@ def remove_rpms(rpm_names):
'''
Remove set of RPMs requentially
'''
result = []
result = list()
for package in rpm_names:
result.append(remove_rpm(package))

24
gpoa/util/sid.py
View File

@@ -22,7 +22,6 @@ from enum import Enum
import pwd
import subprocess
import pysss_nss_idmap
from storage.dconf_registry import Dconf_registry
from .logging import log
@@ -39,19 +38,10 @@ def wbinfo_getsid(domain, user):
# This part works only on DC
wbinfo_cmd = ['wbinfo', '-n', username]
try:
output = subprocess.check_output(wbinfo_cmd, stderr=subprocess.STDOUT)
Dconf_registry.set_info('trust', False)
return output.split()[0].decode('utf-8')
except:
log('W43')
try:
wbinfo_cmd[-1] = user
output = subprocess.check_output(wbinfo_cmd)
Dconf_registry.set_info('trust', True)
except Exception as exc:
raise exc
return output.split()[0].decode('utf-8')
output = subprocess.check_output(wbinfo_cmd)
sid = output.split()[0].decode('utf-8')
return sid
def get_local_sid_prefix():
@@ -75,10 +65,10 @@ def get_sid(domain, username, is_machine = False):
try:
sid = wbinfo_getsid(domain, username)
except:
logdata = {'sid': sid}
logdata = dict({'sid': sid})
log('E16', logdata)
logdata = {'sid': sid}
logdata = dict({'sid': sid})
log('D21', logdata)
return sid
@@ -213,7 +203,7 @@ def is_sid(sid):
pass
def sid2descr(sid):
sids = {}
sids = dict()
sids['S-1-0'] = 'Null Authority'
sids['S-1-0-0'] = 'Nobody'
sids['S-1-1'] = 'World Authority'

6
gpoa/util/system.py
View File

@@ -55,7 +55,7 @@ def set_privileges(username, uid, gid, groups, home):
os.chdir(home)
logdata = {}
logdata = dict()
logdata['uid'] = uid
logdata['gid'] = gid
logdata['username'] = username
@@ -123,12 +123,12 @@ def with_privileges(username, func):
pass
except Exception as exc:
logdata = {}
logdata = dict()
logdata['msg'] = str(exc)
log('E33', logdata)
result = 1;
finally:
logdata = {}
logdata = dict()
logdata['dbus_pid'] = dbus_pid
logdata['dconf_pid'] = dconf_pid
log('D56', logdata)

22
gpoa/util/util.py
View File

@@ -138,7 +138,7 @@ def get_policy_entries(directory):
'''
Get list of directories representing "Local Policy" templates.
'''
filtered_entries = []
filtered_entries = list()
if os.path.isdir(directory):
entries = [os.path.join(directory, entry) for entry in os.listdir(directory)]
@@ -162,7 +162,7 @@ def get_policy_variants():
system_policies = get_policy_entries(policy_dir)
user_policies = get_policy_entries(etc_policy_dir)
general_listing = []
general_listing = list()
general_listing.extend(system_policies)
general_listing.extend(user_policies)
@@ -221,13 +221,6 @@ def remove_keys_with_prefix(dictionary: dict, prefix: tuple=('Previous/', 'Sourc
"""
return {key: value for key, value in dictionary.items() if not key.startswith(prefix)}
def remove_prefix_from_keys(dictionary: dict, prefix: str) -> dict:
"""
Removes the specified prefix from the keys of the dictionary.
If a key starts with the prefix, it is removed.
"""
return {key[len(prefix):] if key.startswith(prefix) else key: value for key, value in dictionary.items()}
def get_trans_table():
return str.maketrans({
@@ -243,14 +236,3 @@ def clean_data(data):
return cleaned_string
except:
return None
def check_local_user_exists(username):
"""
Checks if a local user with the given username exists on a Linux system.
"""
try:
# Try to get user information from the password database
pwd.getpwnam(username)
return True
except:
return False

41
gpoa/util/windows.py
View File

@@ -19,13 +19,13 @@
import os
from pathlib import Path
from samba.credentials import Credentials
from samba import getopt as options
from samba import NTSTATUSError
try:
from samba.gpclass import get_dc_hostname, check_refresh_gpo_list
except ImportError:
from samba.gp.gpclass import get_dc_hostname, check_refresh_gpo_list, get_gpo_list
from samba.gp.gpclass import get_dc_hostname, check_refresh_gpo_list
from samba.netcmd.common import netcmd_get_domain_infos_via_cldap
from storage.dconf_registry import Dconf_registry, extract_display_name_version
@@ -51,13 +51,10 @@ class smbcreds (smbopts):
def __init__(self, dc_fqdn=None):
smbopts.__init__(self, 'GPO Applier')
self.creds = Credentials()
self.creds.guess(self.lp)
self.creds.set_machine_account()
self.credopts = options.CredentialsOptions(self.parser)
self.creds = self.credopts.get_credentials(self.lp, fallback_machine=True)
self.set_dc(dc_fqdn)
self.sDomain = SiteDomainScanner(self.creds, self.lp, self.selected_dc)
self.sDomain = SiteDomainScanner(self.creds, self.lp, self.selected_dc)
self.dc_site_servers = self.sDomain.select_site_servers()
self.all_servers = self.sDomain.select_all_servers()
[self.all_servers.remove(element)
@@ -76,7 +73,7 @@ class smbcreds (smbopts):
try:
if dc_fqdn is not None:
logdata = {}
logdata = dict()
logdata['user_dc'] = dc_fqdn
log('D38', logdata)
@@ -84,7 +81,7 @@ class smbcreds (smbopts):
else:
self.selected_dc = get_dc_hostname(self.creds, self.lp)
except Exception as exc:
logdata = {}
logdata = dict()
logdata['msg'] = str(exc)
log('E10', logdata)
raise exc
@@ -99,7 +96,7 @@ class smbcreds (smbopts):
# Look and python/samba/netcmd/domain.py for more examples
res = netcmd_get_domain_infos_via_cldap(self.lp, None, self.selected_dc)
dns_domainname = res.dns_domain
logdata = {'domain': dns_domainname}
logdata = dict({'domain': dns_domainname})
log('D18', logdata)
except Exception as exc:
log('E15')
@@ -112,18 +109,11 @@ class smbcreds (smbopts):
Get GPO list for the specified username for the specified DC
hostname
'''
gpos = []
gpos = list()
if Dconf_registry.get_info('machine_name') == username:
dconf_dict = Dconf_registry.get_dictionary_from_dconf_file_db(save_dconf_db=True)
self.is_machine = True
else:
dconf_dict = Dconf_registry.get_dictionary_from_dconf_file_db(get_uid_by_username(username), save_dconf_db=True)
self.is_machine = False
if not self.is_machine and Dconf_registry.get_info('trust'):
# TODO: Always returning an empty list here.
# Need to implement fetching policies from the trusted domain.
return []
dict_gpo_name_version = extract_display_name_version(dconf_dict, username)
try:
log('D48')
@@ -131,7 +121,7 @@ class smbcreds (smbopts):
if ads.connect():
log('D47')
gpos = ads.get_gpo_list(username)
logdata = {'username': username}
logdata = dict({'username': username})
log('I1', logdata)
for gpo in gpos:
# These setters are taken from libgpo/pygpo.c
@@ -139,16 +129,16 @@ class smbcreds (smbopts):
if gpo.display_name in dict_gpo_name_version.keys() and dict_gpo_name_version.get(gpo.display_name, {}).get('version') == str(getattr(gpo, 'version', None)):
if Path(dict_gpo_name_version.get(gpo.display_name, {}).get('correct_path')).exists():
gpo.file_sys_path = ''
ldata = {'gpo_name': gpo.display_name, 'gpo_uuid': gpo.name, 'file_sys_path_cache': True}
ldata = dict({'gpo_name': gpo.display_name, 'gpo_uuid': gpo.name, 'file_sys_path_cache': True})
log('I11', ldata)
continue
ldata = {'gpo_name': gpo.display_name, 'gpo_uuid': gpo.name, 'file_sys_path': gpo.file_sys_path}
ldata = dict({'gpo_name': gpo.display_name, 'gpo_uuid': gpo.name, 'file_sys_path': gpo.file_sys_path})
log('I2', ldata)
except Exception as exc:
if self.selected_dc != self.pdc_emulator_server:
raise GetGPOListFail(exc)
logdata = {'username': username, 'dc': self.selected_dc, 'exc': exc}
logdata = dict({'username': username, 'dc': self.selected_dc, 'exc': exc})
log('E17', logdata)
return gpos
@@ -173,7 +163,7 @@ class smbcreds (smbopts):
gpos = self.get_gpos(username)
while list_selected_dc:
logdata = {}
logdata = dict()
logdata['username'] = username
logdata['dc'] = self.selected_dc
try:
@@ -219,7 +209,6 @@ class smbcreds (smbopts):
class SiteDomainScanner:
def __init__(self, smbcreds, lp, dc):
self.samdb = SamDB(url='ldap://{}'.format(dc), session_info=system_session(), credentials=smbcreds, lp=lp)
Dconf_registry.set_info('samdb', self.samdb)
self.pdc_emulator = self._search_pdc_emulator()
@staticmethod
@@ -318,7 +307,7 @@ def expand_windows_var(text, username=None):
'''
Scan the line for percent-encoded variables and expand them.
'''
variables = {}
variables = dict()
variables['HOME'] = '/etc/skel'
variables['HOMEPATH'] = '/etc/skel'
variables['HOMEDRIVE'] = '/'

3
gpoa/util/xdg.py
View File

@@ -27,7 +27,8 @@ def xdg_get_desktop(username, homedir = None):
homedir = get_homedir(username)
if not homedir:
msgtext = message_with_code('E18')
logdata = {}
logdata = dict()
logdata['username'] = username
log('E18', logdata)
raise Exception(msgtext)

49
gpupdate.spec
View File

@@ -36,7 +36,7 @@
%add_python3_req_skip util.gpoa_ini_parsing
Name: gpupdate
Version: 0.13.4
Version: 0.12.1
Release: alt1
Summary: GPT applier
@@ -52,16 +52,12 @@ BuildRequires: gettext-tools
Requires: python3-module-rpm
Requires: python3-module-dbus
Requires: python3-module-configobj
Requires: python3-module-gssapi
Requires: python3-module-krb5
Requires: oddjob-%name >= 0.2.3
Requires: libnss-role >= 0.5.0
Requires: local-policy >= 0.4.9
Requires: pam-config >= 1.9.0
Requires: autofs
Requires: dconf-profile
Requires: packagekit
Requires: dconf
Requires: libgvdb-gir
# This is needed by shortcuts_applier
Requires: desktop-file-utils
@@ -199,49 +195,6 @@ fi
%exclude %python3_sitelibdir/gpoa/test
%changelog
* Mon Aug 25 2025 Valery Sinelnikov <greh@altlinux.org> 0.13.4-alt1
- Added:
Production-ready modules: CUPS, file management, INI config (default),
package management, script modules
Fallback SID lookup for trusted domain users
Missing log translations (laps: timezone, login)
Added ownership handling for files within user home directory
- Changed:
Refactored to use literals ({}, []) instead of constructors
Final optimization passes and minor cleanups
Updated copyright year
Adjusted login time search and messages
- Fixed:
Skipped policy retrieval for trusted users to avoid GPO errors
Corrected login time tracking in laps
Fixed typos
Prevented subprocess errors from printing to console
Adjusted call order (save_dconf - start_frontend)
- Removed:
Legacy sid variable propagation and related helpers
* Sat Jul 26 2025 Evgeny Sinelnikov <sin@altlinux.org> 0.13.3-alt1
- Fixed machine account credentials initialization (closes: 55324)
* Thu Apr 03 2025 Valery Sinelnikov <greh@altlinux.org> 0.13.2-alt1
- Fixed: Check directory existence before cleanup to avoid errors(closes:53703)
* Fri Mar 14 2025 Valery Sinelnikov <greh@altlinux.org> 0.13.1-alt1
- Refined registry key handling: LAPS enablement and user presence check
* Thu Mar 06 2025 Valery Sinelnikov <greh@altlinux.org> 0.13.0-alt1
- Implemented Local Administrator Password Solution (LAPS) functionality,
including support for Group Policy Object (GPO) keys to
configure LAPS settings
- Added support for disabling cifsacl in autofs mounts (closes:52333)
- Implemented the ability to merge computer and user GPO shortcuts
- Added access restrictions to network directories of other users
- Added cleaning functionality for the autofs configuration catalog
- Added ability to configure KDE 6 files
* Tue Jan 14 2025 Valery Sinelnikov <greh@altlinux.org> 0.12.2-alt1
- Fixed interpretation of boolean values (closes:52683)
* Fri Jan 10 2025 Valery Sinelnikov <greh@altlinux.org> 0.12.1-alt1
- Fixed checking the path for existence (closes:52597)