0.10.1-alt1

- Added handling of unexpected data types when writing to dconf

dist/gpupdate-scripts-run-user.service

@@ -1,6 +1,5 @@
 [Unit]
 Description=Run Group Policy scripts for a user
-After=gpupdate-user.service
 
 [Service]
 Type=oneshot

dist/gpupdate-user.timer

@@ -2,7 +2,7 @@
 Description=Run gpupdate-user every hour
 
 [Timer]
-OnStartupSec=1
+OnStartupSec=60min
 OnUnitActiveSec=60min
 
 [Install]

dist/gpupdate.timer

@@ -2,7 +2,7 @@
 Description=Run gpupdate every hour
 
 [Timer]
-OnStartupSec=1
+OnStartupSec=60min
 OnUnitActiveSec=60min
 
 [Install]

dist/system-policy-gpupdate

@@ -2,11 +2,12 @@
 session		[success=2 perm_denied=ignore default=die]	pam_localuser.so
 session		substack	gpupdate-remote-policy
 session		[default=1]	pam_permit.so
-session		[default=6]	pam_permit.so
+session		[default=7]	pam_permit.so
 session		[success=1 default=ignore]	pam_succeed_if.so user ingroup users quiet
-session		[default=4]	pam_permit.so
+session		[default=5]	pam_permit.so
 session		[success=1 default=ignore]	pam_succeed_if.so uid >= 500 quiet
-session		[default=2]	pam_permit.so
+session		[default=3]	pam_permit.so
+session		[success=1 default=ignore]	pam_succeed_if.so service = systemd-user quiet
 -session	required	pam_oddjob_gpupdate.so
 session		optional	pam_env.so user_readenv=1 conffile=/etc/gpupdate/environment user_envfile=.gpupdate_environment
-session		required	pam_permit.so
+session		required	pam_permit.so

gpoa/backend/__init__.py

@@ -22,6 +22,9 @@ from .samba_backend import samba_backend
 from .nodomain_backend import nodomain_backend
 from util.logging import log
 from util.config import GPConfig
+from util.util import get_uid_by_username, touch_file
+from util.paths import get_dconf_config_path
+from storage.dconf_registry import Dconf_registry, create_dconf_ini_file
 
 def backend_factory(dc, username, is_machine, no_domain = False):
     '''
@@ -59,3 +62,12 @@ def backend_factory(dc, username, is_machine, no_domain = False):
 
     return back
 
+def save_dconf(username, is_machine):
+    if is_machine:
+        uid = None
+    else:
+        uid = get_uid_by_username(username) if not is_machine else None
+    target_file = get_dconf_config_path(uid)
+    touch_file(target_file)
+    Dconf_registry.apply_template(uid)
+    create_dconf_ini_file(target_file,Dconf_registry.global_registry_dict)

gpoa/backend/nodomain_backend.py

@@ -35,7 +35,7 @@ class nodomain_backend(applier_backend):
         domain = None
         machine_name = get_machine_name()
         machine_sid = get_sid(domain, machine_name, True)
-        self.storage = registry_factory('registry')
+        self.storage = registry_factory()
         self.storage.set_info('domain', domain)
         self.storage.set_info('machine_name', machine_name)
         self.storage.set_info('machine_sid', machine_sid)

gpoa/backend/samba_backend.py

@@ -18,10 +18,13 @@
 
 import os
 # Facility to determine GPTs for user
-from samba.gpclass import check_safe_path
+try:
+    from samba.gpclass import check_safe_path
+except ImportError:
+    from samba.gp.gpclass import check_safe_path
 
 from .applier_backend import applier_backend
-from storage import cache_factory, registry_factory
+from storage import registry_factory
 from gpt.gpt import gpt, get_local_gpt
 from util.util import (
     get_machine_name,
@@ -36,14 +39,14 @@ import util.preg
 from util.logging import log
 
 class samba_backend(applier_backend):
-    __user_policy_mode_key = 'Software\\Policies\\Microsoft\\Windows\\System\\UserPolicyMode'
+    __user_policy_mode_key = '/SOFTWARE/Policies/Microsoft/Windows/System/UserPolicyMode'
 
     def __init__(self, sambacreds, username, domain, is_machine):
         self.cache_path = '/var/cache/gpupdate/creds/krb5cc_{}'.format(os.getpid())
         self.__kinit_successful = machine_kinit(self.cache_path)
         if not self.__kinit_successful:
             raise Exception('kinit is not successful')
-        self.storage = registry_factory('registry')
+        self.storage = registry_factory()
         self.storage.set_info('domain', domain)
         machine_name = get_machine_name()
         machine_sid = get_sid(domain, machine_name, is_machine)
@@ -58,9 +61,6 @@ class samba_backend(applier_backend):
         else:
             self.sid = get_sid(self.storage.get_info('domain'), self.username)
 
-        self.cache = cache_factory('regpol_cache')
-        self.gpo_names = cache_factory('gpo_names')
-
         # Samba objects - LoadParm() and CredentialsOptions()
         self.sambacreds = sambacreds
 
@@ -78,9 +78,9 @@ class samba_backend(applier_backend):
         is possible to work with user's part of GPT. This value is
         checked only if working for user's SID.
         '''
-        upm = self.storage.get_hklm_entry(self.__user_policy_mode_key)
-        if upm and upm.data:
-            upm = int(upm.data)
+        upm = self.storage.get_key_value(self.__user_policy_mode_key)
+        if upm:
+            upm = int(upm)
             if upm < 0 or upm > 2:
                 upm = 0
         else:
@@ -140,6 +140,7 @@ class samba_backend(applier_backend):
             if policy_mode > 0:
                 for gptobj in machine_gpts:
                     try:
+                        gptobj.sid = self.sid
                         gptobj.merge_user()
                     except Exception as exc:
                         logdata = dict()
@@ -172,7 +173,16 @@ class samba_backend(applier_backend):
                 slogdata = dict({'sysvol_path': gpo.file_sys_path, 'gpo_name': gpo.display_name, 'gpo_path': path})
                 log('D30', slogdata)
                 gpt_abspath = os.path.join(self.cache_dir, 'gpo_cache', path)
-                obj = gpt(gpt_abspath, sid)
+                gpo_version=None
+                try:
+                    gpo_version=gpo.version
+                except:
+                    log('D210')
+
+                if self._is_machine_username:
+                    obj = gpt(gpt_abspath, sid, None, version=gpo_version)
+                else:
+                    obj = gpt(gpt_abspath, sid, self.username, version=gpo_version)
                 obj.set_name(gpo.display_name)
                 gpts.append(obj)
             else:
@@ -188,9 +198,9 @@ def upm2str(upm_num):
     result = 'Not configured'
 
     if upm_num in [1, '1']:
-        result = 'Replace'
-
-    if upm_num in [2, '2']:
         result = 'Merge'
 
+    if upm_num in [2, '2']:
+        result = 'Replace'
+
     return result

gpoa/frontend/applier_frontend.py

@@ -18,43 +18,42 @@
 
 from abc import ABC
 
-import logging
-from util.logging import slogm
+from util.logging import log
 
 def check_experimental_enabled(storage):
-    experimental_enable_flag = 'Software\\BaseALT\\Policies\\GPUpdate\\GlobalExperimental'
-    flag = storage.get_hklm_entry(experimental_enable_flag)
+    experimental_enable_flag = '/Software/BaseALT/Policies/GPUpdate/GlobalExperimental'
+    flag = storage.get_key_value(experimental_enable_flag)
 
     result = False
 
-    if flag and '1' == flag.data:
+    if flag and '1' == str(flag):
         result = True
 
     return result
 
 def check_windows_mapping_enabled(storage):
-    windows_mapping_enable_flag = 'Software\\BaseALT\\Policies\\GPUpdate\\WindowsPoliciesMapping'
-    flag = storage.get_hklm_entry(windows_mapping_enable_flag)
+    windows_mapping_enable_flag = '/Software/BaseALT/Policies/GPUpdate/WindowsPoliciesMapping'
+    flag = storage.get_key_value(windows_mapping_enable_flag)
 
     result = True
 
-    if flag and '0' == flag.data:
+    if flag and '0' == str(flag):
         result = False
 
     return result
 
 def check_module_enabled(storage, module_name):
-    gpupdate_module_enable_branch = 'Software\\BaseALT\\Policies\\GPUpdate'
-    gpupdate_module_flag = '{}\\{}'.format(gpupdate_module_enable_branch, module_name)
-    flag = storage.get_hklm_entry(gpupdate_module_flag)
+    gpupdate_module_enable_branch = '/Software/BaseALT/Policies/GPUpdate'
+    gpupdate_module_flag = '{}/{}'.format(gpupdate_module_enable_branch, module_name)
+    flag = storage.get_key_value(gpupdate_module_flag)
 
     result = None
 
     if flag:
-        if '1' == flag.data:
+        if '1' == str(flag):
             result =  True
-        if '0' == flag.data:
-            result = False
+        else:
+            result =  False
 
     return result
 

gpoa/frontend/appliers/file_cp.py

@@ -28,88 +28,154 @@ from pathlib import Path
 from util.windows import expand_windows_var
 from util.util import get_homedir
 from util.exceptions import NotUNCPathError
+from util.paths import UNCPath
+import fnmatch
 
 class Files_cp:
-    def __init__(self, file_obj, file_cache ,username=None):
+    def __init__(self, file_obj, file_cache, exe_check, username=None):
         self.file_cache = file_cache
+        self.exe_check = exe_check
         targetPath = expand_windows_var(file_obj.targetPath, username).replace('\\', '/')
         self.targetPath = check_target_path(targetPath, username)
         if not self.targetPath:
             return
         self.fromPath = (expand_windows_var(file_obj.fromPath, username).replace('\\', '/')
                         if file_obj.fromPath else None)
+        self.isTargetPathDirectory = False
         self.action = action_letter2enum(file_obj.action)
         self.readOnly = str2bool(file_obj.readOnly)
         self.archive = str2bool(file_obj.archive)
         self.hidden = str2bool(file_obj.hidden)
         self.suppress = str2bool(file_obj.suppress)
+        self.executable = str2bool(file_obj.executable)
         self.username = username
-        self.fromPathFiles = self.get_list_files()
+        self.fromPathFiles = list()
+        if self.fromPath:
+            if targetPath[-1] == '/' or self.is_pattern(Path(self.fromPath).name):
+                self.isTargetPathDirectory = True
+            self.get_list_files()
         self.act()
 
-    def get_target_file(self, targetPath, fromPath):
+    def get_target_file(self, targetPath:Path, fromFile:str) -> Path:
         try:
-            if fromPath and targetPath.is_dir():
-                if self.hidden:
-                    return targetPath.joinpath('.' + fromPath.name)
+            if fromFile:
+                fromFileName = Path(fromFile).name
+                if self.isTargetPathDirectory:
+                    targetPath.mkdir(parents = True, exist_ok = True)
                 else:
-                    return targetPath.joinpath(fromPath.name)
+                    targetPath.parent.mkdir(parents = True, exist_ok = True)
+                    targetPath = targetPath.parent
+                    fromFileName = self.targetPath.name
+                if self.hidden:
+                    return targetPath.joinpath('.' + fromFileName)
+                else:
+                    return targetPath.joinpath(fromFileName)
 
             else:
                 if not self.hidden:
                     return targetPath
                 else:
                     return targetPath.parent.joinpath('.' + targetPath.name)
-
         except Exception as exc:
-            logdata = dict({'exc': exc})
+            logdata = dict()
+            logdata['targetPath'] = targetPath
+            logdata['fromFile'] = fromFile
+            logdata['exc'] = exc
             log('D163', logdata)
 
-    def set_read_only(self, targetFile):
-        if  self.readOnly:
-            shutil.os.chmod(targetFile, int('444', base = 8))
+        return None
+
+    def copy_target_file(self, targetFile:Path, fromFile:str):
+        try:
+            uri_path = UNCPath(fromFile)
+            self.file_cache.store(fromFile, targetFile)
+        except NotUNCPathError as exc:
+            fromFilePath = Path(fromFile)
+            if fromFilePath.exists():
+                targetFile.write_bytes(fromFilePath.read_bytes())
+        except Exception as exc:
+            logdata = dict()
+            logdata['targetFile'] = targetFile
+            logdata['fromFile'] = fromFile
+            logdata['exc'] = exc
+            log('W15', logdata)
+
+    def set_exe_file(self, targetFile, fromFile):
+        if self.executable:
+            return True
+        if Path(fromFile).suffix in self.exe_check.get_list_markers():
+            targetPath = targetFile.parent
+            for i in self.exe_check.get_list_paths():
+                if targetPath == Path(i):
+                    return True
+        return False
+
+    def set_mod_file(self, targetFile, fromFile):
+        if not targetFile.is_file():
+            return
+        if self.set_exe_file(targetFile, fromFile):
+            if self.readOnly:
+                shutil.os.chmod(targetFile, 0o555)
+            else:
+                shutil.os.chmod(targetFile, 0o755)
         else:
-            shutil.os.chmod(targetFile, int('664', base = 8))
+            if self.readOnly:
+                shutil.os.chmod(targetFile, 0o444)
+            else:
+                shutil.os.chmod(targetFile, 0o644)
 
     def _create_action(self):
-        for fromPath in self.fromPathFiles:
+        logdata = dict()
+        for fromFile in self.fromPathFiles:
+            targetFile = None
+
             try:
-                targetFile = self.get_target_file(self.targetPath, fromPath)
-                if not targetFile.exists():
-                    targetFile.write_bytes(fromPath.read_bytes())
+                targetFile = self.get_target_file(self.targetPath, fromFile)
+                if targetFile and not targetFile.exists():
+                    self.copy_target_file(targetFile, fromFile)
                     if self.username:
                         shutil.chown(targetFile, self.username)
-                    self.set_read_only(targetFile)
+                    self.set_mod_file(targetFile, fromFile)
+                    logdata['File'] = targetFile
+                    log('D191', logdata)
             except Exception as exc:
-                logdata = dict()
                 logdata['exc'] = exc
-                logdata['fromPath'] = fromPath
+                logdata['fromPath'] = fromFile
                 logdata['targetPath'] = self.targetPath
                 logdata['targetFile'] = targetFile
                 log('D164', logdata)
 
     def _delete_action(self):
-        targetFile = Path(self.targetPath)
-        try:
-            if targetFile.exists():
-                targetFile.unlink()
-        except Exception as exc:
-            logdata = dict()
-            logdata['exc'] = exc
-            logdata['targetPath'] = self.targetPath
-            logdata['targetFile'] = targetFile
-            log('D165', logdata)
+        list_target = [self.targetPath.name]
+        if self.is_pattern(self.targetPath.name) and self.targetPath.parent.exists() and self.targetPath.parent.is_dir():
+            list_target = fnmatch.filter([str(x.name) for x in self.targetPath.parent.iterdir() if x.is_file()], self.targetPath.name)
+        logdata = dict()
+        for targetFile in list_target:
+            targetFile = self.targetPath.parent.joinpath(targetFile)
+            try:
+                if targetFile.exists():
+                    targetFile.unlink()
+                    logdata['File'] = targetFile
+                    log('D193', logdata)
+
+            except Exception as exc:
+                logdata['exc'] = exc
+                logdata['targetPath'] = self.targetPath
+                logdata['targetFile'] = targetFile
+                log('D165', logdata)
 
     def _update_action(self):
-        for fromPath in self.fromPathFiles:
-            targetFile = self.get_target_file(self.targetPath, fromPath)
+        logdata = dict()
+        for fromFile in self.fromPathFiles:
+            targetFile = self.get_target_file(self.targetPath, fromFile)
             try:
-                targetFile.write_bytes(fromPath.read_bytes())
+                self.copy_target_file(targetFile, fromFile)
                 if self.username:
                     shutil.chown(self.targetPath, self.username)
-                self.set_read_only(targetFile)
+                self.set_mod_file(targetFile, fromFile)
+                logdata['File'] = targetFile
+                log('D192', logdata)
             except Exception as exc:
-                logdata = dict()
                 logdata['exc'] = exc
                 logdata['fromPath'] = self.fromPath
                 logdata['targetPath'] = self.targetPath
@@ -127,70 +193,76 @@ class Files_cp:
             self._delete_action()
             self._create_action()
 
+    def is_pattern(self, name):
+        if name.find('*') != -1 or name.find('?') != -1:
+            return True
+        else:
+            return False
+
     def get_list_files(self):
-        ls_all_files = list()
         logdata = dict()
-        logdata['targetPath'] = self.targetPath
-        if self.fromPath and self.fromPath.split('/')[-1] != '*':
+        logdata['targetPath'] = str(self.targetPath)
+        fromFilePath = Path(self.fromPath)
+        if not self.is_pattern(fromFilePath.name):
+            self.fromPathFiles.append(self.fromPath)
+        else:
+            fromPathDir = self.fromPath[:self.fromPath.rfind('/')]
+
             try:
-                self.file_cache.store(self.fromPath)
-                fromPath = Path(self.file_cache.get(self.fromPath))
-                ls_all_files.append(fromPath)
+                uri_path = UNCPath(fromPathDir)
+                ls_files = self.file_cache.get_ls_smbdir(fromPathDir)
+                if ls_files:
+                    filtered_ls_files = fnmatch.filter(ls_files, fromFilePath.name)
+                    if filtered_ls_files:
+                        self.fromPathFiles = [fromPathDir + '/' + file_s for file_s in filtered_ls_files]
             except NotUNCPathError as exc:
-                fromPath = Path(self.fromPath)
-                if fromPath.exists():
-                    ls_all_files.append(fromPath)
-            except Exception as exc:
-                logdata['fromPath'] = self.fromPath
-                logdata['exc'] = exc
-                log('W13', logdata)
-        elif self.fromPath and len(self.fromPath.split('/')) > 2:
-            ls_files = self.file_cache.get_ls_smbdir(self.fromPath[:-1])
-            if ls_files:
-                ls_from_paths = [self.fromPath[:-1] + file_s for file_s in ls_files]
-                for from_path in ls_from_paths:
-                    try:
-                        self.file_cache.store(from_path)
-                        fromPath = Path(self.file_cache.get(from_path))
-                        ls_all_files.append(fromPath)
-                    except Exception as exc:
-                        logdata['fromPath'] = self.fromPath
-                        logdata['exc'] = exc
-                        log('W13', logdata)
-            else:
                 try:
-                    fromLocalPath = Path(self.fromPath[:-1])
-                    if fromLocalPath.is_dir():
-                        ls = [fromFile for fromFile in fromLocalPath.iterdir() if fromFile.is_file()]
-                        for fromPath in ls:
-                            ls_all_files.append(fromPath)
+                    exact_path = Path(fromPathDir)
+                    if exact_path.is_dir():
+                        self.fromPathFiles = [str(fromFile) for fromFile in exact_path.iterdir() if fromFile.is_file()]
                 except Exception as exc:
                     logdata['fromPath'] = self.fromPath
                     logdata['exc'] = exc
-                    log('W13', logdata)
-        else:
-            fromPath = Path(self.fromPath) if self.fromPath else None
-            ls_all_files.append(fromPath)
-        return ls_all_files
+                    log('W3316', logdata)
+            except Exception as exc:
+                logdata['fromPath'] = self.fromPath
+                logdata['exc'] = exc
+                log('W3317', logdata)
 
 def check_target_path(path_to_check, username = None):
     '''
     Function for checking the correctness of the path
     '''
+    if not path_to_check:
+        return None
+
     checking = Path(path_to_check)
-    if checking.is_dir():
-        if username and path_to_check == '/':
-            return Path(get_homedir(username))
-        return checking
-    #Check for path directory without '/something' suffix
-    elif (len(path_to_check.split('/')) > 2
-          and Path(path_to_check.replace(path_to_check.split('/')[-1], '')).is_dir()):
-        return checking
-    elif username:
-        target_path = Path(get_homedir(username))
-        res = target_path.joinpath(path_to_check
-                                    if path_to_check[0] != '/'
-                                    else path_to_check[1:])
-        return res
-    else:
-        return False
+    rootpath = Path('/')
+    if username:
+        rootpath = Path(get_homedir(username))
+
+    return rootpath.joinpath(checking)
+
+class Execution_check():
+
+    __etension_marker_key_name = 'ExtensionMarker'
+    __marker_usage_path_key_name = 'MarkerUsagePath'
+    __hklm_branch = 'Software\\BaseALT\\Policies\\GroupPolicies\\Files'
+
+    def __init__(self, storage):
+        etension_marker_branch = '{}\\{}%'.format(self.__hklm_branch, self.__etension_marker_key_name)
+        marker_usage_path_branch = '{}\\{}%'.format(self.__hklm_branch, self.__marker_usage_path_key_name)
+        self.etension_marker = storage.filter_hklm_entries(etension_marker_branch)
+        self.marker_usage_path = storage.filter_hklm_entries(marker_usage_path_branch)
+        self.list_paths = list()
+        self.list_markers = list()
+        for marker in self.etension_marker:
+            self.list_markers.append(marker.data)
+        for usage_path in self.marker_usage_path:
+            self.list_paths.append(usage_path.data)
+
+    def get_list_paths(self):
+        return self.list_paths
+
+    def get_list_markers(self):
+        return self.list_markers

gpoa/frontend/appliers/folder.py

@@ -36,20 +36,24 @@ def remove_dir_tree(path, delete_files=False, delete_folder=False, delete_sub_fo
             content.remove(entry)
         if entry.is_dir() and delete_sub_folders:
             content.remove(entry)
-            remove_dir_tree(entry, delete_files, delete_folder, delete_sub_folders)
+            content.extend(remove_dir_tree(entry, delete_files, delete_folder, delete_sub_folders))
+
     if delete_folder and not content:
         path.rmdir()
 
+    return content
 
 def str2bool(boolstr):
-    if boolstr and boolstr.lower() in ['true', 'yes', '1']:
+    if isinstance(boolstr, bool):
+        return boolstr
+    elif boolstr and boolstr.lower() in ['true', 'yes', '1']:
         return True
     return False
 
 
 class Folder:
     def __init__(self, folder_object, username=None):
-        folder_path = expand_windows_var(folder_object.path, username).replace('\\', '/')
+        folder_path = expand_windows_var(folder_object.path, username).replace('\\', '/').replace('//', '/')
         if username:
             folder_path = folder_path.replace(get_homedir(username), '')
             self.folder_path = Path(get_homedir(username)).joinpath(folder_path if folder_path [0] != '/' else folder_path [1:])
@@ -59,18 +63,26 @@ class Folder:
         self.delete_files = str2bool(folder_object.delete_files)
         self.delete_folder = str2bool(folder_object.delete_folder)
         self.delete_sub_folders = str2bool(folder_object.delete_sub_folders)
+        self.hidden_folder = str2bool(folder_object.hidden_folder)
 
     def _create_action(self):
         self.folder_path.mkdir(parents=True, exist_ok=True)
 
     def _delete_action(self):
         if self.folder_path.exists():
+            if self.action == FileAction.REPLACE:
+                self.delete_folder = True
             remove_dir_tree(self.folder_path,
                 self.delete_files,
                 self.delete_folder,
                 self.delete_sub_folders)
 
     def act(self):
+        if self.hidden_folder == True and str(self.folder_path.name)[0] != '.':
+            path_components = list(self.folder_path.parts)
+            path_components[-1] = '.' + path_components[-1]
+            new_folder_path = Path(*path_components)
+            self.folder_path = new_folder_path
         if self.action == FileAction.CREATE:
             self._create_action()
         if self.action == FileAction.UPDATE:

gpoa/frontend/appliers/ini_file.py

@@ -24,10 +24,9 @@ from gpt.folders import (
 )
 from util.logging import log
 from pathlib import Path
-import configparser
 from util.windows import expand_windows_var
 from util.util import get_homedir
-
+from util.gpoa_ini_parsing import GpoaConfigObj
 
 
 class Ini_file:
@@ -42,53 +41,55 @@ class Ini_file:
         self.action = action_letter2enum(ini_obj.action)
         self.key = ini_obj.property
         self.value = ini_obj.value
-        self.config = configparser.ConfigParser()
-        self.act()
-
-    def _create_action(self):
-        if self.section not in self.config:
-            self.config[self.section] = dict()
-
-        self.config[self.section][self.key] = self.value
-
-        with self.path.open("w", encoding="utf-8") as configfile:
-            self.config.write(configfile)
-
-
-
-    def _delete_action(self):
-        if not self.path.exists():
-            return
-
-        if not self.section:
-            self.path.unlink()
-            return
-        if not self.key:
-            self.config.remove_section(self.section)
-        elif self.section in self.config:
-            self.config.remove_option(self.section, self.key)
-
-        with self.path.open("w", encoding="utf-8") as configfile:
-            self.config.write(configfile)
-
-
-    def act(self):
         try:
-            self.config.read(self.path)
+            self.config = GpoaConfigObj(str(self.path), unrepr=False)
         except Exception as exc:
             logdata = {'exc': exc}
             log('D176', logdata)
             return
-        if self.action == FileAction.CREATE:
-            self._create_action()
-        if self.action == FileAction.UPDATE:
-            self._delete_action()
-            self._create_action()
-        if self.action == FileAction.DELETE:
-            self._delete_action()
-        if self.action == FileAction.REPLACE:
-            self._delete_action()
-            self._create_action()
+
+        self.act()
+
+    def _create_action(self):
+        if self.path.is_dir():
+            return
+        if self.section not in self.config:
+            self.config[self.section] = dict()
+
+        self.config[self.section][self.key] = self.value
+        self.config.write()
+
+
+    def _delete_action(self):
+        if not self.path.exists() or self.path.is_dir():
+            return
+        if not self.section:
+            self.path.unlink()
+            return
+        if self.section in self.config:
+            if not self.key:
+                self.config.pop(self.section)
+            elif self.key in self.config[self.section]:
+                self.config[self.section].pop(self.key)
+        self.config.write()
+
+
+    def act(self):
+        try:
+            if self.action == FileAction.CREATE:
+                self._create_action()
+            if self.action == FileAction.UPDATE:
+                self._create_action()
+            if self.action == FileAction.DELETE:
+                self._delete_action()
+            if self.action == FileAction.REPLACE:
+                self._create_action()
+        except Exception as exc:
+            logdata = dict()
+            logdata['action'] = self.action
+            logdata['exc'] = exc
+            log('W23', logdata)
+
 
 def check_path(path_to_check, username = None):
     '''

gpoa/frontend/appliers/netshare.py

@@ -26,14 +26,15 @@ from util.logging import log
 from util.windows import expand_windows_var
 
 
-
 class Networkshare:
 
-    def __init__(self, networkshare_obj):
+    def __init__(self, networkshare_obj, username = None):
         self.net_full_cmd = ['/usr/bin/net', 'usershare']
+        self.net_cmd_check = ['/usr/bin/net', 'usershare', 'list']
         self.cmd = list()
         self.name = networkshare_obj.name
-        self.path = expand_windows_var(networkshare_obj.path).replace('\\', '/') if networkshare_obj.path else None
+        self.path = expand_windows_var(networkshare_obj.path, username).replace('\\', '/') if networkshare_obj.path else None
+
         self.action = action_letter2enum(networkshare_obj.action)
         self.allRegular =  networkshare_obj.allRegular
         self.comment = networkshare_obj.comment
@@ -43,11 +44,22 @@ class Networkshare:
         self.acl = 'Everyone:'
         self.act()
 
-    def _run_net_full_cmd(self):
+    def check_list_net(self):
         try:
-            subprocess.call(self.net_full_cmd, stderr=subprocess.DEVNULL)
+            res = subprocess.check_output(self.net_cmd_check, encoding='utf-8')
+            return res
+        except Exception as exc:
+            return exc
+
+    def _run_net_full_cmd(self):
+        logdata = dict()
+        try:
+            res = subprocess.check_output(self.net_full_cmd, stderr=subprocess.DEVNULL, encoding='utf-8')
+            if res:
+                logdata['cmd'] = self.net_full_cmd
+                logdata['answer'] = res
+            log('D190', logdata)
         except Exception as exc:
-            logdata = dict()
             logdata['cmd'] = self.net_full_cmd
             logdata['exc'] = exc
             log('D182', logdata)
@@ -58,7 +70,7 @@ class Networkshare:
         self.net_full_cmd.append(self.name)
         self.net_full_cmd.append(self.path)
         self.net_full_cmd.append(self.comment)
-        self.net_full_cmd.append(self.acl + 'F' if self.abe == 'ENABLE' else self.acl + 'R')
+        self.net_full_cmd.append(self.acl + 'F')
         self.net_full_cmd.append(self._guest)
         self._run_net_full_cmd()
 

gpoa/frontend/appliers/polkit.py

@@ -18,9 +18,8 @@
 
 import os
 import jinja2
-import logging
 
-from util.logging import slogm, log
+from util.logging import log
 
 class polkit:
     __template_path = '/usr/share/gpupdate/templates'
@@ -38,7 +37,19 @@ class polkit:
         else:
             self.outfile = os.path.join(self.__policy_dir, '{}.rules'.format(self.template_name))
 
+    def _is_empty(self):
+        for key, item in self.args.items():
+            if key == 'User':
+                continue
+            elif item:
+                return False
+        return True
+
     def generate(self):
+        if self._is_empty():
+            if os.path.isfile(self.outfile):
+                os.remove(self.outfile)
+            return
         try:
             template = self.__template_environment.get_template(self.infilename)
             text = template.render(**self.args)

gpoa/frontend/appliers/systemd.py

@@ -49,9 +49,13 @@ class systemd_unit:
             service_state = self._get_state()
 
             if not service_state in ['active', 'activating']:
-                logdata = dict()
-                logdata['unit'] = self.unit_name
-                log('E46', logdata)
+                service_timer_name =  self.unit_name.replace(".service", ".timer")
+                self.unit = self.manager.LoadUnit(dbus.String(service_timer_name))
+                service_state = self._get_state()
+                if not service_state in ['active', 'activating']:
+                    logdata = dict()
+                    logdata['unit'] = self.unit_name
+                    log('E46', logdata)
         else:
             self.manager.StopUnit(self.unit_name, 'replace')
             self.manager.DisableUnitFiles([self.unit_name], dbus.Boolean(False))
@@ -62,7 +66,7 @@ class systemd_unit:
 
             service_state = self._get_state()
 
-            if not service_state in ['stopped']:
+            if not service_state in ['stopped', 'deactivating', 'inactive']:
                 logdata = dict()
                 logdata['unit'] = self.unit_name
                 log('E46', logdata)

gpoa/frontend/chromium_applier.py

@@ -24,13 +24,13 @@ from .applier_frontend import (
 import json
 import os
 from util.logging import log
-from util.util import is_machine_name
+from util.util import is_machine_name, string_to_literal_eval
 
 class chromium_applier(applier_frontend):
     __module_name = 'ChromiumApplier'
     __module_enabled = True
     __module_experimental = False
-    __registry_branch = 'Software\\Policies\\Google\\Chrome'
+    __registry_branch = 'Software/Policies/Google/Chrome'
     __managed_policies_path = '/etc/chromium/policies/managed'
     __recommended_policies_path = '/etc/chromium/policies/recommended'
 
@@ -65,7 +65,7 @@ class chromium_applier(applier_frontend):
         #Replacing all nested dictionaries with a list
         dict_item_to_list = (
             lambda target_dict :
-                {key:[*val.values()] if type(val) == dict else val for key,val in target_dict.items()}
+                {key:[*val.values()] if type(val) == dict else string_to_literal_eval(val) for key,val in target_dict.items()}
             )
         os.makedirs(self.__managed_policies_path, exist_ok=True)
         with open(destfile, 'w') as f:
@@ -98,48 +98,64 @@ class chromium_applier(applier_frontend):
         '''
         List of keys resulting from parsing chrome.admx with parsing_chrom_admx_intvalues.py
         '''
-        valuename_typeint = (['DefaultCookiesSetting',
-                            'DefaultFileHandlingGuardSetting',
+        valuename_typeint = (['DefaultClipboardSetting',
+                            'DefaultCookiesSetting',
                             'DefaultFileSystemReadGuardSetting',
                             'DefaultFileSystemWriteGuardSetting',
+                            'DefaultGeolocationSetting',
                             'DefaultImagesSetting',
                             'DefaultInsecureContentSetting',
+                            'DefaultJavaScriptJitSetting',
                             'DefaultJavaScriptSetting',
-                            'DefaultPopupsSetting',
+                            'DefaultLocalFontsSetting',
                             'DefaultNotificationsSetting',
-                            'DefaultGeolocationSetting',
+                            'DefaultPopupsSetting',
                             'DefaultSensorsSetting',
-                            'DefaultWebBluetoothGuardSetting',
-                            'DefaultWebUsbGuardSetting',
                             'DefaultSerialGuardSetting',
-                            'LegacySameSiteCookieBehaviorEnabled',
-                            'ProxyServerMode',
+                            'DefaultThirdPartyStoragePartitioningSetting',
+                            'DefaultWebBluetoothGuardSetting',
+                            'DefaultWebHidGuardSetting',
+                            'DefaultWebUsbGuardSetting',
+                            'DefaultWindowManagementSetting',
                             'DefaultMediaStreamSetting',
-                            'PrintRasterizationMode',
-                            'DefaultPluginsSetting',
-                            'DefaultKeygenSetting',
-                            'ChromeFrameRendererSettings',
-                            'SafeBrowsingProtectionLevel',
-                            'PasswordProtectionWarningTrigger',
-                            'SafeBrowsingProtectionLevel_recommended',
-                            'RestoreOnStartup',
-                            'RestoreOnStartup_recommended',
+                            'DefaultWindowPlacementSetting',
+                            'ProxyServerMode',
+                            'ExtensionManifestV2Availability',
+                            'ExtensionUnpublishedAvailability',
+                            'BrowserSwitcherParsingMode',
+                            'CloudAPAuthEnabled',
                             'AdsSettingForIntrusiveAdsSites',
                             'AmbientAuthenticationInPrivateModesEnabled',
+                            'BatterySaverModeAvailability',
                             'BrowserSignin',
                             'ChromeVariations',
                             'DeveloperToolsAvailability',
                             'DownloadRestrictions',
-                            'DownloadRestrictions_recommended',
                             'ForceYouTubeRestrict',
                             'HeadlessMode',
                             'IncognitoModeAvailability',
                             'IntranetRedirectBehavior',
                             'NetworkPredictionOptions',
-                            'NetworkPredictionOptions_recommended',
                             'ProfilePickerOnStartupAvailability',
                             'RelaunchNotification',
-                            'SafeSitesFilterBehavior'])
+                            'SafeSitesFilterBehavior',
+                            'UserAgentReduction',
+                            'BatterySaverModeAvailability_recommended',
+                            'DownloadRestrictions_recommended',
+                            'NetworkPredictionOptions_recommended',
+                            'PrintPostScriptMode',
+                            'PrintRasterizationMode',
+                            'ChromeFrameRendererSettings',
+                            'DefaultFileHandlingGuardSetting',
+                            'DefaultKeygenSetting',
+                            'DefaultPluginsSetting',
+                            'LegacySameSiteCookieBehaviorEnabled',
+                            'ForceMajorVersionToMinorPositionInUserAgent',
+                            'PasswordProtectionWarningTrigger',
+                            'SafeBrowsingProtectionLevel',
+                            'SafeBrowsingProtectionLevel_recommended',
+                            'RestoreOnStartup',
+                            'RestoreOnStartup_recommended'])
         return valuename_typeint
 
 
@@ -152,7 +168,7 @@ class chromium_applier(applier_frontend):
         '''
         Parse registry path string and leave key parameters
         '''
-        parts = hivekeyname.replace(self.__registry_branch, '').split('\\')
+        parts = hivekeyname.replace(self.__registry_branch, '').split('/')
         return parts
 
 

gpoa/frontend/cifs_applier.py

@@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2022 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -16,20 +16,18 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-import fileinput
 import jinja2
 import os
 import subprocess
-import logging
 from pathlib import Path
+import string
 
 from .applier_frontend import (
       applier_frontend
     , check_enabled
 )
-from gpt.drives import json2drive
 from util.util import get_homedir
-from util.logging import slogm, log
+from util.logging import log
 
 def storage_get_drives(storage, sid):
     drives = storage.get_drives(sid)
@@ -50,45 +48,159 @@ def add_line_if_missing(filename, ins_line):
             f.write(ins_line + '\n')
             f.flush()
 
+def remove_chars_before_colon(input_string):
+    if ":" in input_string:
+        colon_index = input_string.index(":")
+        result_string = input_string[colon_index + 1:]
+        return result_string
+    else:
+        return input_string
+
+def remove_escaped_quotes(input_string):
+    result_string = input_string.replace('"', '').replace("'", '')
+    return result_string
+
+
+class Drive_list:
+    __alphabet = string.ascii_uppercase
+    def __init__(self):
+        self.dict_drives = dict()
+
+    def __get_letter(self, letter):
+        slice_letters = set(self.__alphabet[self.__alphabet.find(letter) + 1:]) - set(self.dict_drives.keys())
+        free_letters = sorted(slice_letters)
+        if free_letters:
+            return free_letters[0]
+        else:
+            return None
+
+    def append(self, drive:dict):
+        cur_dir = drive['dir']
+        if cur_dir not in set(self.dict_drives.keys()):
+            if drive['action'] == 'D':
+                return
+            self.dict_drives[cur_dir] = drive
+            return
+
+        else:
+            if drive['action'] == 'C':
+                if drive['useLetter'] == '1':
+                    return
+                else:
+                    new_dir = self.__get_letter(cur_dir)
+                    if not new_dir:
+                        return
+                    drive['dir'] = new_dir
+                    self.dict_drives[new_dir] = drive
+                    return
+
+            if drive['action'] == 'U':
+                self.dict_drives[cur_dir]['thisDrive'] = drive['thisDrive']
+                self.dict_drives[cur_dir]['allDrives'] = drive['allDrives']
+                self.dict_drives[cur_dir]['label'] = drive['label']
+                self.dict_drives[cur_dir]['persistent'] = drive['persistent']
+                self.dict_drives[cur_dir]['useLetter'] = drive['useLetter']
+                return
+
+            if drive['action'] == 'R':
+                self.dict_drives[cur_dir] = drive
+                return
+            if drive['action'] == 'D':
+                if drive['useLetter'] == '1':
+                    self.dict_drives.pop(cur_dir, None)
+                else:
+                    keys_set = set(self.dict_drives.keys())
+                    slice_letters = set(self.__alphabet[self.__alphabet.find(cur_dir):])
+                    for letter_dir in (keys_set & slice_letters):
+                        self.dict_drives.pop(letter_dir, None)
+
+    def __call__(self):
+        return list(self.dict_drives.values())
+
+    def len(self):
+        return len(self.dict_drives)
+
 class cifs_applier(applier_frontend):
-    def __init__(self, storage):
-        pass
+    __module_name = 'CIFSApplier'
+    __module_enabled = True
+    __module_experimental = False
+
+    def __init__(self, storage, sid):
+        self.applier_cifs = cifs_applier_user(storage, sid, None)
+        self.__module_enabled = check_enabled(
+              storage
+            , self.__module_name
+            , self.__module_experimental
+        )
 
     def apply(self):
-        pass
+        if self.__module_enabled:
+            log('D179')
+            self.applier_cifs._admin_context_apply()
+        else:
+            log('D180')
 
 class cifs_applier_user(applier_frontend):
     __module_name = 'CIFSApplierUser'
-    __module_enabled = False
-    __module_experimental = True
+    __module_enabled = True
+    __module_experimental = False
     __auto_file = '/etc/auto.master'
     __auto_dir = '/etc/auto.master.gpupdate.d'
     __template_path = '/usr/share/gpupdate/templates'
     __template_mountpoints = 'autofs_mountpoints.j2'
     __template_identity = 'autofs_identity.j2'
     __template_auto = 'autofs_auto.j2'
+    __template_mountpoints_hide = 'autofs_mountpoints_hide.j2'
+    __template_auto_hide = 'autofs_auto_hide.j2'
+    __enable_home_link = 'Software\\BaseALT\\Policies\\GPUpdate\\DriveMapsHome'
+    __enable_home_link_user = 'Software\\BaseALT\\Policies\\GPUpdate\\DriveMapsHomeUser'
+    __target_mountpoint = '/media/gpupdate'
+    __target_mountpoint_user = '/run/media'
+    __mountpoint_dirname = 'drives.system'
+    __mountpoint_dirname_user = 'drives'
 
     def __init__(self, storage, sid, username):
         self.storage = storage
         self.sid = sid
         self.username = username
+        self.state_home_link = False
+        self.state_home_link_user = False
+
+        if username:
+            self.home = self.__target_mountpoint_user + '/' + username
+            self.state_home_link = self.check_enable_home_link(self.__enable_home_link)
+            self.state_home_link_user = self.check_enable_home_link(self.__enable_home_link_user)
+        else:
+            self.home = self.__target_mountpoint
 
-        self.home = get_homedir(username)
         conf_file = '{}.conf'.format(sid)
+        conf_hide_file = '{}_hide.conf'.format(sid)
         autofs_file = '{}.autofs'.format(sid)
+        autofs_hide_file = '{}_hide.autofs'.format(sid)
         cred_file = '{}.creds'.format(sid)
 
         self.auto_master_d = Path(self.__auto_dir)
 
         self.user_config = self.auto_master_d / conf_file
+        self.user_config_hide = self.auto_master_d / conf_hide_file
         if os.path.exists(self.user_config.resolve()):
             self.user_config.unlink()
+        if os.path.exists(self.user_config_hide.resolve()):
+            self.user_config_hide.unlink()
         self.user_autofs = self.auto_master_d / autofs_file
+        self.user_autofs_hide = self.auto_master_d / autofs_hide_file
         if os.path.exists(self.user_autofs.resolve()):
             self.user_autofs.unlink()
+        if os.path.exists(self.user_autofs_hide.resolve()):
+            self.user_autofs_hide.unlink()
         self.user_creds = self.auto_master_d / cred_file
 
-        self.mount_dir = Path(os.path.join(self.home, 'net'))
+        if username:
+            self.mntTarget = self.__mountpoint_dirname_user
+        else:
+            self.mntTarget = self.__mountpoint_dirname
+
+        self.mount_dir = Path(os.path.join(self.home))
         self.drives = storage_get_drives(self.storage, self.sid)
 
         self.template_loader = jinja2.FileSystemLoader(searchpath=self.__template_path)
@@ -98,12 +210,21 @@ class cifs_applier_user(applier_frontend):
         self.template_indentity = self.template_env.get_template(self.__template_identity)
         self.template_auto = self.template_env.get_template(self.__template_auto)
 
+        self.template_mountpoints_hide = self.template_env.get_template(self.__template_mountpoints_hide)
+        self.template_auto_hide = self.template_env.get_template(self.__template_auto_hide)
+
         self.__module_enabled = check_enabled(
               self.storage
             , self.__module_name
             , self.__module_experimental
         )
 
+    def check_enable_home_link(self, enable_home_link):
+        if self.storage.get_hkcu_entry(self.sid, enable_home_link):
+            data = self.storage.get_hkcu_entry(self.sid, enable_home_link).data
+            return bool(int(data)) if data else None
+        else:
+            return False
 
     def user_context_apply(self):
         '''
@@ -111,7 +232,7 @@ class cifs_applier_user(applier_frontend):
         '''
         pass
 
-    def __admin_context_apply(self):
+    def _admin_context_apply(self):
         # Create /etc/auto.master.gpupdate.d directory
         self.auto_master_d.mkdir(parents=True, exist_ok=True)
         # Create user's destination mount directory
@@ -122,28 +243,42 @@ class cifs_applier_user(applier_frontend):
         add_line_if_missing(self.__auto_file, auto_destdir)
 
         # Collect data for drive settings
-        drive_list = list()
+        drive_list = Drive_list()
         for drv in self.drives:
             drive_settings = dict()
             drive_settings['dir'] = drv.dir
             drive_settings['login'] = drv.login
             drive_settings['password'] = drv.password
-            drive_settings['path'] = drv.path.replace('\\', '/')
+            drive_settings['path'] = remove_chars_before_colon(drv.path.replace('\\', '/'))
+            drive_settings['action'] = drv.action
+            drive_settings['thisDrive'] = drv.thisDrive
+            drive_settings['allDrives'] = drv.allDrives
+            drive_settings['label'] = remove_escaped_quotes(drv.label)
+            drive_settings['persistent'] = drv.persistent
+            drive_settings['useLetter'] = drv.useLetter
 
             drive_list.append(drive_settings)
 
-        if len(drive_list) > 0:
+        if drive_list.len() > 0:
             mount_settings = dict()
-            mount_settings['drives'] = drive_list
+            mount_settings['drives'] = drive_list()
             mount_text = self.template_mountpoints.render(**mount_settings)
 
+            mount_text_hide = self.template_mountpoints_hide.render(**mount_settings)
+
             with open(self.user_config.resolve(), 'w') as f:
                 f.truncate()
                 f.write(mount_text)
                 f.flush()
 
+            with open(self.user_config_hide.resolve(), 'w') as f:
+                f.truncate()
+                f.write(mount_text_hide)
+                f.flush()
+
             autofs_settings = dict()
             autofs_settings['home_dir'] = self.home
+            autofs_settings['mntTarget'] = self.mntTarget
             autofs_settings['mount_file'] = self.user_config.resolve()
             autofs_text = self.template_auto.render(**autofs_settings)
 
@@ -152,13 +287,71 @@ class cifs_applier_user(applier_frontend):
                 f.write(autofs_text)
                 f.flush()
 
+            autofs_settings['mount_file'] = self.user_config_hide.resolve()
+            autofs_text = self.template_auto_hide.render(**autofs_settings)
+            with open(self.user_autofs_hide.resolve(), 'w') as f:
+                f.truncate()
+                f.write(autofs_text)
+                f.flush()
+
+            if self.username:
+                self.update_drivemaps_home_links()
+
             subprocess.check_call(['/bin/systemctl', 'restart', 'autofs'])
 
+    def update_drivemaps_home_links(self):
+        dUser = Path(get_homedir(self.username)+'/net.' + self.__mountpoint_dirname_user)
+        dUserHide = Path(get_homedir(self.username)+'/.net.' + self.__mountpoint_dirname_user)
+
+        if self.state_home_link_user:
+            dUserMountpoint = Path(self.home).joinpath(self.__mountpoint_dirname_user)
+            dUserMountpointHide = Path(self.home).joinpath('.' + self.__mountpoint_dirname_user)
+
+            if not dUser.exists():
+                try:
+                    os.symlink(dUserMountpoint, dUser, True)
+                except  Exception as exc:
+                    log('D194', {'exc': exc})
+
+            if not dUserHide.exists():
+                try:
+                    os.symlink(dUserMountpointHide, dUserHide, True)
+                except  Exception as exc:
+                    log('D196', {'exc': exc})
+        else:
+            if dUser.is_symlink() and dUser.owner() == 'root':
+                dUser.unlink()
+            if dUserHide.is_symlink() and dUserHide.owner() == 'root':
+                dUserHide.unlink()
+
+        dMachine = Path(get_homedir(self.username)+'/net.' + self.__mountpoint_dirname)
+        dMachineHide = Path(get_homedir(self.username)+'/.net.' + self.__mountpoint_dirname)
+
+        if self.state_home_link:
+            dMachineMountpoint = Path(self.__target_mountpoint).joinpath(self.__mountpoint_dirname)
+            dMachineMountpointHide = Path(self.__target_mountpoint).joinpath('.' + self.__mountpoint_dirname)
+
+            if not dMachine.exists():
+                try:
+                    os.symlink(dMachineMountpoint, dMachine, True)
+                except  Exception as exc:
+                    log('D195', {'exc': exc})
+
+            if not dMachineHide.exists():
+                try:
+                    os.symlink(dMachineMountpointHide, dMachineHide, True)
+                except  Exception as exc:
+                    log('D197', {'exc': exc})
+        else:
+            if dMachine.is_symlink() and dMachine.owner() == 'root':
+                dMachine.unlink()
+            if dMachineHide.is_symlink() and dMachineHide.owner() == 'root':
+                dMachineHide.unlink()
 
     def admin_context_apply(self):
         if self.__module_enabled:
             log('D146')
-            self.__admin_context_apply()
+            self._admin_context_apply()
         else:
             log('D147')
 

gpoa/frontend/control_applier.py

@@ -29,11 +29,11 @@ class control_applier(applier_frontend):
     __module_name = 'ControlApplier'
     __module_experimental = False
     __module_enabled = True
-    _registry_branch = 'Software\\BaseALT\\Policies\\Control'
+    _registry_branch = 'Software/BaseALT/Policies/Control'
 
     def __init__(self, storage):
         self.storage = storage
-        self.control_settings = self.storage.filter_hklm_entries('Software\\BaseALT\\Policies\\Control%')
+        self.control_settings = self.storage.filter_hklm_entries(self._registry_branch)
         self.controls = list()
         self.__module_enabled = check_enabled(
               self.storage
@@ -43,7 +43,7 @@ class control_applier(applier_frontend):
 
     def run(self):
         for setting in self.control_settings:
-            valuename = setting.hive_key.rpartition('\\')[2]
+            valuename = setting.hive_key.rpartition('/')[2]
             try:
                 self.controls.append(control(valuename, int(setting.data)))
                 logdata = dict()

gpoa/frontend/cups_applier.py

@@ -81,8 +81,12 @@ class cups_applier(applier_frontend):
         if not is_rpm_installed('cups'):
             log('W9')
             return
-
-        self.cups_connection = cups.Connection()
+        try:
+            self.cups_connection = cups.Connection()
+        except Exception as exc:
+            logdata = dict()
+            logdata['exc', exc]
+            log('W20', logdata)
         self.printers = storage_get_printers(self.storage, self.storage.get_info('machine_sid'))
 
         if self.printers:

gpoa/frontend/file_applier.py

@@ -17,7 +17,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 
-from .appliers.file_cp import Files_cp
+from .appliers.file_cp import Files_cp, Execution_check
 from .applier_frontend import (
       applier_frontend
     , check_enabled
@@ -33,6 +33,7 @@ class file_applier(applier_frontend):
 
     def __init__(self, storage, file_cache, sid):
         self.storage = storage
+        self.exe_check = Execution_check(storage)
         self.sid = sid
         self.file_cache = file_cache
         self.files = self.storage.get_files(self.sid)
@@ -40,7 +41,7 @@ class file_applier(applier_frontend):
 
     def run(self):
         for file in self.files:
-            Files_cp(file, self.file_cache)
+            Files_cp(file, self.file_cache, self.exe_check)
 
     def apply(self):
         if self.__module_enabled:
@@ -59,6 +60,7 @@ class file_applier_user(applier_frontend):
         self.file_cache = file_cache
         self.sid = sid
         self.username = username
+        self.exe_check = Execution_check(storage)
         self.files = self.storage.get_files(self.sid)
         self.__module_enabled = check_enabled(
               self.storage
@@ -68,7 +70,7 @@ class file_applier_user(applier_frontend):
 
     def run(self):
         for file in self.files:
-            Files_cp(file, self.file_cache, self.username)
+            Files_cp(file, self.file_cache, self.exe_check, self.username)
 
     def admin_context_apply(self):
         if self.__module_enabled:

gpoa/frontend/firefox_applier.py

@@ -39,7 +39,7 @@ class firefox_applier(applier_frontend):
     __module_name = 'FirefoxApplier'
     __module_experimental = False
     __module_enabled = True
-    __registry_branch = 'Software\\Policies\\Mozilla\\Firefox\\'
+    __registry_branch = 'Software/Policies/Mozilla/Firefox'
     __firefox_installdir1 = '/usr/lib64/firefox/distribution'
     __firefox_installdir2 = '/etc/firefox/policies'
 
@@ -69,13 +69,14 @@ class firefox_applier(applier_frontend):
         '''
         Parse registry path string and leave key parameters
         '''
-        parts = hivekeyname.replace(self.__registry_branch, '').split('\\')
+        parts = hivekeyname.replace(self.__registry_branch, '').split('/')
         return parts
 
     def create_dict(self, firefox_keys):
         '''
         Collect dictionaries from registry keys into a general dictionary
         '''
+        excp = ['SOCKSVersion']
         counts = dict()
         for it_data in firefox_keys:
             branch = counts
@@ -90,7 +91,10 @@ class firefox_applier(applier_frontend):
                         branch = branch.setdefault(part, {})
                     #dictionary key value initialization
                     if it_data.type == 4:
-                        branch[parts[-1]] = self.get_boolean(it_data.data)
+                        if it_data.valuename in excp:
+                            branch[parts[-1]] = int(it_data.data)
+                        else:
+                            branch[parts[-1]] = self.get_boolean(it_data.data)
                     else:
                         branch[parts[-1]] = str(it_data.data).replace('\\', '/')
                 #Cases when it is necessary to create lists in a dictionary
@@ -160,6 +164,9 @@ def dict_item_to_list(dictionary:dict) -> dict:
     '''
     Replacing dictionaries with numeric keys with a List
     '''
+    if '' in dictionary:
+        dictionary = dictionary.pop('')
+
     for key,val in dictionary.items():
         if type(val) == dict:
             if key_dict_is_digit(val):

gpoa/frontend/frontend_manager.py

@@ -45,7 +45,9 @@ from .folder_applier import (
       folder_applier
     , folder_applier_user
 )
-from .cifs_applier import cifs_applier_user
+from .cifs_applier import (
+      cifs_applier_user
+    , cifs_applier)
 from .ntp_applier import ntp_applier
 from .envvar_applier import (
       envvar_applier
@@ -66,6 +68,11 @@ from .ini_applier import (
     , ini_applier_user
 )
 
+from .kde_applier import (
+      kde_applier
+    , kde_applier_user
+)
+
 from .networkshare_applier import networkshare_applier
 from .yandex_browser_applier import yandex_browser_applier
 
@@ -121,12 +128,12 @@ class frontend_manager:
     '''
 
     def __init__(self, username, is_machine):
-        self.storage = registry_factory('registry')
         self.username = determine_username(username)
+        self.storage = registry_factory('dconf', username=self.username)
         self.is_machine = is_machine
         self.process_uname = get_process_user()
         self.sid = get_sid(self.storage.get_info('domain'), self.username, is_machine)
-        self.file_cache = fs_file_cache('file_cache')
+        self.file_cache = fs_file_cache('file_cache', self.username)
 
         self.machine_appliers = dict()
         self.user_appliers = dict()
@@ -144,6 +151,13 @@ class frontend_manager:
         self.machine_appliers['yandex_browser'] = yandex_browser_applier(self.storage, self.sid, self.username)
         self.machine_appliers['shortcuts'] = shortcut_applier(self.storage)
         self.machine_appliers['gsettings'] = gsettings_applier(self.storage, self.file_cache)
+        try:
+            self.machine_appliers['cifs'] = cifs_applier(self.storage, self.sid)
+        except Exception as exc:
+            logdata = dict()
+            logdata['applier_name'] = 'cifs'
+            logdata['msg'] = str(exc)
+            log('E24', logdata)
         self.machine_appliers['cups'] = cups_applier(self.storage)
         self.machine_appliers['firewall'] = firewall_applier(self.storage)
         self.machine_appliers['folders'] = folder_applier(self.storage, self.sid)
@@ -154,6 +168,7 @@ class frontend_manager:
         self.machine_appliers['scripts'] = scripts_applier(self.storage, self.sid)
         self.machine_appliers['files'] = file_applier(self.storage, self.file_cache, self.sid)
         self.machine_appliers['ini'] = ini_applier(self.storage, self.sid)
+        self.machine_appliers['kde'] = kde_applier(self.storage)
 
     def _init_user_appliers(self):
         # User appliers are expected to work with user-writable
@@ -171,9 +186,11 @@ class frontend_manager:
         self.user_appliers['package'] = package_applier_user(self.storage, self.sid, self.username)
         self.user_appliers['polkit'] = polkit_applier_user(self.storage, self.sid, self.username)
         self.user_appliers['envvar'] = envvar_applier_user(self.storage, self.sid, self.username)
+        self.user_appliers['networkshare'] = networkshare_applier(self.storage, self.sid, self.username)
         self.user_appliers['scripts'] = scripts_applier_user(self.storage, self.sid, self.username)
         self.user_appliers['files'] = file_applier_user(self.storage, self.file_cache, self.sid, self.username)
         self.user_appliers['ini'] = ini_applier_user(self.storage, self.sid, self.username)
+        self.user_appliers['kde'] = kde_applier_user(self.storage, self.sid, self.username, self.file_cache)
 
     def machine_apply(self):
         '''

gpoa/frontend/gsettings_applier.py

@@ -16,7 +16,7 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-import logging
+from util.exceptions import NotUNCPathError
 import os
 import pwd
 import subprocess
@@ -59,14 +59,14 @@ class gsettings_applier(applier_frontend):
     __module_name = 'GSettingsApplier'
     __module_experimental = False
     __module_enabled = True
-    __registry_branch = 'Software\\BaseALT\\Policies\\GSettings\\'
+    __registry_branch = 'Software\\BaseALT\\Policies\\gsettings\\'
     __registry_locks_branch = 'Software\\BaseALT\\Policies\\GSettingsLocks\\'
-    __wallpaper_entry = 'Software\\BaseALT\\Policies\\GSettings\\org.mate.background.picture-filename'
-    __vino_authentication_methods_entry = 'Software\\BaseALT\\Policies\\GSettings\\org.gnome.Vino.authentication-methods'
+    __wallpaper_entry = 'Software/BaseALT/Policies/gsettings/org.mate.background.picture-filename'
+    __vino_authentication_methods_entry = 'Software/BaseALT/Policies/gsettings/org.gnome.Vino.authentication-methods'
     __global_schema = '/usr/share/glib-2.0/schemas'
     __override_priority_file = 'zzz_policy.gschema.override'
     __override_old_file = '0_policy.gschema.override'
-    __windows_settings = dict()
+
 
     def __init__(self, storage, file_cache):
         self.storage = storage
@@ -108,13 +108,13 @@ class gsettings_applier(applier_frontend):
 
         # Get all configured gsettings locks
         for lock in self.gsettings_locks:
-            valuename = lock.hive_key.rpartition('\\')[2]
+            valuename = lock.hive_key.rpartition('/')[2]
             self.locks[valuename] = int(lock.data)
 
         # Calculate all configured gsettings
         for setting in self.gsettings_keys:
             helper = None
-            valuename = setting.hive_key.rpartition('\\')[2]
+            valuename = setting.hive_key.rpartition('/')[2]
             rp = valuename.rpartition('.')
             schema = rp[0]
             path = rp[2]
@@ -184,9 +184,9 @@ class gsettings_applier_user(applier_frontend):
     __module_name = 'GSettingsApplierUser'
     __module_experimental = False
     __module_enabled = True
-    __registry_branch = 'Software\\BaseALT\\Policies\\GSettings\\'
-    __wallpaper_entry = 'Software\\BaseALT\\Policies\\GSettings\\org.mate.background.picture-filename'
-    __vino_authentication_methods_entry = 'Software\\BaseALT\\Policies\\GSettings\\org.gnome.Vino.authentication-methods'
+    __registry_branch = 'Software\\BaseALT\\Policies\\gsettings\\'
+    __wallpaper_entry = 'Software/BaseALT/Policies/gsettings/org.mate.background.picture-filename'
+    __vino_authentication_methods_entry = 'Software/BaseALT/Policies/gsettings/org.gnome.Vino.authentication-methods'
 
     def __init__(self, storage, file_cache, sid, username):
         self.storage = storage
@@ -204,25 +204,25 @@ class gsettings_applier_user(applier_frontend):
         mapping = [
               # Disable or enable screen saver
               GSettingsMapping(
-                  'Software\\Policies\\Microsoft\\Windows\\Control Panel\\Desktop\\ScreenSaveActive'
+                  'Software/Policies/Microsoft/Windows/Control Panel/Desktop/ScreenSaveActive'
                 , 'org.mate.screensaver'
                 , 'idle-activation-enabled'
               )
               # Timeout in seconds for screen saver activation. The value of zero effectively disables screensaver start
             , GSettingsMapping(
-                  'Software\\Policies\\Microsoft\\Windows\\Control Panel\\Desktop\\ScreenSaveTimeOut'
+                  'Software/Policies/Microsoft/Windows/Control Panel/Desktop/ScreenSaveTimeOut'
                 , 'org.mate.session'
                 , 'idle-delay'
               )
               # Enable or disable password protection for screen saver
             , GSettingsMapping(
-                  'Software\\Policies\\Microsoft\\Windows\\Control Panel\\Desktop\\ScreenSaverIsSecure'
+                  'Software/Policies/Microsoft/Windows/Control Panel/Desktop/ScreenSaverIsSecure'
                 , 'org.mate.screensaver'
                 , 'lock-enabled'
               )
               # Specify image which will be used as a wallpaper
             , GSettingsMapping(
-                  'Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Wallpaper'
+                  'Software/Microsoft/Windows/CurrentVersion/Policies/System/Wallpaper'
                 , 'org.mate.background'
                 , 'picture-filename'
               )
@@ -251,15 +251,6 @@ class gsettings_applier_user(applier_frontend):
         return uri_fetch(schema, path, value, self.file_cache)
 
     def run(self):
-        #for setting in self.gsettings_keys:
-        #    valuename = setting.hive_key.rpartition('\\')[2]
-        #    rp = valuename.rpartition('.')
-        #    schema = rp[0]
-        #    path = rp[2]
-        #    self.gsettings.append(user_gsetting(schema, path, setting.data))
-
-
-        # Calculate all mapped gsettings if mapping enabled
         if self.__windows_mapping_enabled:
             log('D83')
             self.windows_mapping_append()
@@ -268,7 +259,7 @@ class gsettings_applier_user(applier_frontend):
 
         # Calculate all configured gsettings
         for setting in self.gsettings_keys:
-            valuename = setting.hive_key.rpartition('\\')[2]
+            valuename = setting.hive_key.rpartition('/')[2]
             rp = valuename.rpartition('.')
             schema = rp[0]
             path = rp[2]
@@ -293,8 +284,10 @@ class gsettings_applier_user(applier_frontend):
         try:
             entry = self.__wallpaper_entry
             filter_result = self.storage.get_hkcu_entry(self.sid, entry)
-            if filter_result:
+            if filter_result and filter_result.data:
                 self.file_cache.store(filter_result.data)
+        except NotUNCPathError:
+            ...
         except Exception as exc:
             logdata = dict()
             logdata['exception'] = str(exc)

gpoa/frontend/ini_applier.py

@@ -68,11 +68,11 @@ class ini_applier_user(applier_frontend):
             Ini_file(inifile, self.username)
 
     def admin_context_apply(self):
+        pass
+
+    def user_context_apply(self):
         if self.__module_enabled:
             log('D173')
             self.run()
         else:
             log('D174')
-
-    def user_context_apply(self):
-        pass

gpoa/frontend/kde_applier.py

@@ -0,0 +1,278 @@
+#
+# GPOA - GPO Applier for Linux
+#
+# Copyright (C) 2019-2023 BaseALT Ltd.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+from .applier_frontend import applier_frontend, check_enabled
+from util.logging import log
+from util.util import get_homedir
+from util.exceptions import NotUNCPathError
+import os
+import subprocess
+import re
+import dbus
+
+class kde_applier(applier_frontend):
+    __module_name = 'KdeApplier'
+    __module_experimental = True
+    __module_enabled = False
+    __hklm_branch = 'Software\\BaseALT\\Policies\\KDE\\'
+    __hklm_lock_branch = 'Software\\BaseALT\\Policies\\KDELocks\\'
+
+    def __init__(self, storage):
+        self.storage = storage
+        self.locks_dict = {}
+        self.locks_data_dict = {}
+        self.all_kde_settings = {}
+        kde_filter = '{}%'.format(self.__hklm_branch)
+        locks_filter = '{}%'.format(self.__hklm_lock_branch)
+        self.locks_settings = self.storage.filter_hklm_entries(locks_filter)
+        self.kde_settings = self.storage.filter_hklm_entries(kde_filter)
+        self.all_kde_settings = {}
+
+        self.__module_enabled = check_enabled(
+            self.storage,
+            self.__module_name,
+            self.__module_experimental
+        )
+
+    def apply(self):
+        if self.__module_enabled:
+            log('D198')
+            create_dict(self.kde_settings, self.all_kde_settings, self.locks_settings, self.locks_dict)
+            apply(self.all_kde_settings, self.locks_dict)
+        else:
+            log('D199')
+
+class kde_applier_user(applier_frontend):
+    __module_name = 'KdeApplierUser'
+    __module_experimental = True
+    __module_enabled = False
+    __hkcu_branch = 'Software\\BaseALT\\Policies\\KDE\\'
+    __hkcu_lock_branch = 'Software\\BaseALT\\Policies\\KDELocks\\'
+
+    def __init__(self, storage, sid=None, username=None, file_cache = None):
+        self.storage = storage
+        self.username = username
+        self.sid = sid
+        self.file_cache = file_cache
+        self.locks_dict = {}
+        self.locks_data_dict = {}
+        self.all_kde_settings = {}
+        kde_filter = '{}%'.format(self.__hkcu_branch)
+        locks_filter = '{}%'.format(self.__hkcu_lock_branch)
+        self.locks_settings = self.storage.filter_hkcu_entries(self.sid, locks_filter)
+        self.kde_settings = self.storage.filter_hkcu_entries(self.sid, kde_filter)
+        self.__module_enabled = check_enabled(
+            self.storage,
+            self.__module_name,
+            self.__module_experimental
+        )
+
+    def admin_context_apply(self):
+        pass
+
+    def user_context_apply(self):
+        '''
+        Change settings applied in user context
+        '''
+        if self.__module_enabled:
+            log('D200')
+            create_dict(self.kde_settings, self.all_kde_settings, self.locks_settings, self.locks_dict, self.file_cache, self.username)
+            apply(self.all_kde_settings, self.locks_dict, self.username)
+        else:
+            log('D201')
+
+def create_dict(kde_settings, all_kde_settings, locks_settings, locks_dict, file_cache = None, username = None):
+        for locks in locks_settings:
+            locks_dict[locks.valuename] = locks.data
+        for setting in kde_settings:
+            try:
+                file_name, section, value = setting.keyname.split("/")[-2], setting.keyname.split("/")[-1], setting.valuename
+                data = setting.data
+                if file_name == 'wallpaper':
+                    apply_for_wallpaper(data, file_cache, username)
+                else:
+                    if file_name not in all_kde_settings:
+                        all_kde_settings[file_name] = {}
+                    if section not in all_kde_settings[file_name]:
+                        all_kde_settings[file_name][section] = {}
+                    all_kde_settings[file_name][section][value] = data
+
+            except Exception as exc:
+                logdata = dict()
+                logdata['file_name'] = file_name
+                logdata['section'] = section
+                logdata['value'] = value
+                logdata['data'] = data
+                logdata['exc'] = exc
+                log('W16', logdata)
+
+def apply(all_kde_settings, locks_dict, username = None):
+    logdata = dict()
+    if username is None:
+        for file_name, sections in all_kde_settings.items():
+            file_path = f'/etc/xdg/{file_name}'
+            if os.path.exists(file_path):
+                os.remove(file_path)
+            with open(file_path, 'w') as file:
+                for section, keys in sections.items():
+                    section = section.replace(')(', '][')
+                    file.write(f'[{section}]\n')
+                    for key, value in keys.items():
+                        lock = f"{file_name}.{section}.{key}".replace('][', ')(')
+                        if lock in locks_dict and locks_dict[lock] == 1:
+                            file.write(f'{key}[$i]={value}\n')
+                        else:
+                            file.write(f'{key}={value}\n')
+                    file.write('\n')
+    else:
+        for file_name, sections in all_kde_settings.items():
+            path = f'{get_homedir(username)}/.config/{file_name}'
+            if not os.path.exists(path):
+                open(path, 'a').close()
+            else:
+                pass
+            for section, keys in sections.items():
+                for key, value in keys.items():
+                    lock = f"{file_name}.{section}.{key}"
+                    if lock in locks_dict and locks_dict[lock] == 1:
+                        command = [
+                            'kwriteconfig5',
+                            '--file', file_name,
+                            '--group', section,
+                            '--key', key +'/$i/',
+                            '--type', 'string',
+                            value
+                        ]
+                    else:
+                        command = [
+                            'kwriteconfig5',
+                            '--file', file_name,
+                            '--group', section,
+                            '--key', key,
+                            '--type', 'string',
+                            value
+                        ]
+                    try:
+                        clear_locks_settings(username, file_name, key)
+                        subprocess.run(command, check=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+                    except:
+                            logdata['command'] = command
+                            log('W22', logdata)
+            new_content = []
+            file_path = f'{get_homedir(username)}/.config/{file_name}'
+            try:
+                with open(file_path, 'r') as file:
+                    for line in file:
+                        line = line.replace('/$i/', '[$i]').replace(')(', '][')
+                        new_content.append(line)
+                with open(file_path, 'w') as file:
+                    file.writelines(new_content)
+                logdata['file'] = file_name
+                log('D202', logdata)
+            except Exception as exc:
+                logdata['exc'] = exc
+                log('W19', logdata)
+
+def clear_locks_settings(username, file_name, key):
+    '''
+    Method to remove old locked settings
+    '''
+    file_path = f'{get_homedir(username)}/.config/{file_name}'
+    with open(file_path, 'r') as file:
+        lines = file.readlines()
+    with open(file_path, 'w') as file:
+        for line in lines:
+            if f'{key}[$i]=' not in line:
+                file.write(line)
+    for line in lines:
+        if f'{key}[$i]=' in line:
+            logdata = dict()
+            logdata['line'] = line.strip()
+            log('I10', logdata)
+
+def apply_for_wallpaper(data, file_cache, username):
+    '''
+    Method to change wallpaper
+    '''
+    logdata = dict()
+    path_to_wallpaper = f'{get_homedir(username)}/.config/plasma-org.kde.plasma.desktop-appletsrc'
+    try:
+        try:
+            file_cache.store(data)
+            data = file_cache.get(data)
+        except NotUNCPathError:
+            data = data
+        os.environ["XDG_DATA_DIRS"] = "/usr/share/kf5:"
+            #Variable for system detection of directories before files with .colors extension
+        os.environ["DISPLAY"] = ":0"
+            #Variable for command execution plasma-apply-colorscheme
+        os.environ["XDG_RUNTIME_DIR"] = f"/run/user/{os.getuid()}"
+        os.environ["DBUS_SESSION_BUS_ADDRESS"] = f"unix:path=/run/user/{os.getuid()}/bus"#plasma-apply-wallpaperimage
+        os.environ["PATH"] = "/usr/lib/kf5/bin:"
+            #environment variable for accessing binary files without hard links
+        if os.path.isfile(path_to_wallpaper):
+            id_desktop = get_id_desktop(path_to_wallpaper)
+            command = [
+                'kwriteconfig5',
+                '--file', 'plasma-org.kde.plasma.desktop-appletsrc',
+                '--group', 'Containments',
+                '--group', id_desktop,
+                '--group', 'Wallpaper',
+                '--group', 'org.kde.image',
+                '--group', 'General',
+                '--key', 'Image',
+                 '--type', 'string',
+                data
+                ]
+            try:
+                subprocess.run(command, check=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+            except:
+                    logdata['command'] = command
+                    log('E68', logdata)
+            try:
+                session_bus = dbus.SessionBus()
+                plasma_shell = session_bus.get_object('org.kde.plasmashell', '/PlasmaShell', introspect='org.kde.PlasmaShell')
+                plasma_shell_iface = dbus.Interface(plasma_shell, 'org.kde.PlasmaShell')
+                plasma_shell_iface.refreshCurrentShell()
+            except:
+                pass
+        else:
+            logdata['file'] = path_to_wallpaper
+            log('W21', logdata)
+    except OSError as exc:
+        logdata['exc'] = exc
+        log('W17', logdata)
+    except Exception as exc:
+        logdata['exc'] = exc
+        log('E67', logdata)
+
+def get_id_desktop(path_to_wallpaper):
+    '''
+    Method for getting desktop id. It is currently accepted that this number is one of the sections in the configuration file.
+    '''
+    pattern = r'\[Containments\]\[(\d+)\][^\[]*activityId=([^\s]+)'
+    try:
+        with open(path_to_wallpaper, 'r') as file:
+            file_content = file.read()
+        match = re.search(pattern, file_content)
+        if match:
+            return match.group(1)
+        else:
+            return None
+    except:
+        return None

gpoa/frontend/networkshare_applier.py

@@ -25,22 +25,34 @@ from util.logging import log
 
 class networkshare_applier(applier_frontend):
     __module_name = 'NetworksharesApplier'
+    __module_name_user = 'NetworksharesApplierUser'
     __module_experimental = True
     __module_enabled = False
 
-    def __init__(self, storage, sid):
+    def __init__(self, storage, sid, username = None):
         self.storage = storage
         self.sid = sid
+        self.username = username
         self.networkshare_info = self.storage.get_networkshare(self.sid)
         self.__module_enabled = check_enabled(self.storage, self.__module_name, self.__module_experimental)
+        self.__module_enabled_user = check_enabled(self.storage, self.__module_name_user, self.__module_experimental)
 
     def run(self):
-        for networkshar in self.networkshare_info:
-            Networkshare(networkshar)
+        for networkshare in self.networkshare_info:
+            Networkshare(networkshare, self.username)
 
     def apply(self):
         if self.__module_enabled:
-            log('D180')
+            log('D187')
             self.run()
         else:
             log('D181')
+    def admin_context_apply(self):
+        pass
+
+    def user_context_apply(self):
+        if self.__module_enabled_user:
+            log('D188')
+            self.run()
+        else:
+            log('D189')

gpoa/frontend/ntp_applier.py

@@ -17,7 +17,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 
-import logging
+
 import subprocess
 from enum import Enum
 
@@ -26,7 +26,7 @@ from .applier_frontend import (
       applier_frontend
     , check_enabled
 )
-from util.logging import slogm, log
+from util.logging import log
 
 
 class NTPServerType(Enum):
@@ -117,30 +117,33 @@ class ntp_applier(applier_frontend):
         ntp_server_enabled = self.storage.get_hklm_entry(self.ntp_server_enabled)
         ntp_client_enabled = self.storage.get_hklm_entry(self.ntp_client_enabled)
 
-        if NTPServerType.NTP.value != server_type.data:
-            logdata = dict()
-            logdata['server_type'] = server_type
-            log('W10', logdata)
-        else:
-            log('D126')
-            if '1' == ntp_server_enabled.data:
-                log('D127')
-                self._start_chrony_client(server_address)
-                self._chrony_as_server()
-            elif '0' == ntp_server_enabled.data:
-                log('D128')
-                self._chrony_as_client()
+        if server_type and server_type.data:
+            if NTPServerType.NTP.value != server_type.data:
+                logdata = dict()
+                logdata['server_type'] = server_type
+                log('W10', logdata)
             else:
-                log('D129')
+                log('D126')
+                if ntp_server_enabled:
+                    if '1' == ntp_server_enabled.data and server_address:
+                        log('D127')
+                        self._start_chrony_client(server_address)
+                        self._chrony_as_server()
+                    elif '0' == ntp_server_enabled.data:
+                        log('D128')
+                        self._chrony_as_client()
+                    else:
+                        log('D129')
 
-            if '1' == ntp_client_enabled.data:
-                log('D130')
-                self._start_chrony_client()
-            elif '0' == ntp_client_enabled.data:
-                log('D131')
-                self._stop_chrony_client()
-            else:
-                log('D132')
+                elif ntp_client_enabled:
+                    if '1' == ntp_client_enabled.data:
+                        log('D130')
+                        self._start_chrony_client()
+                    elif '0' == ntp_client_enabled.data:
+                        log('D131')
+                        self._stop_chrony_client()
+                    else:
+                        log('D132')
 
     def apply(self):
         if self.__module_enabled:

gpoa/frontend/package_applier.py

@@ -104,8 +104,8 @@ class package_applier_user(applier_frontend):
         self.username = username
         self.fulcmd = list()
         self.fulcmd.append('/usr/libexec/gpupdate/pkcon_runner')
-        self.fulcmd.append('--sid')
-        self.fulcmd.append(self.sid)
+        self.fulcmd.append('--user')
+        self.fulcmd.append(self.username)
         self.fulcmd.append('--loglevel')
         logger = logging.getLogger()
         self.fulcmd.append(str(logger.level))
@@ -119,7 +119,7 @@ class package_applier_user(applier_frontend):
         self.sync_packages_setting = self.storage.filter_hkcu_entries(self.sid, sync_branch)
         self.flagSync = False
 
-        self.__module_enabled = check_enabled(self.storage, self.__module_name, self.__module_enabled)
+        self.__module_enabled = check_enabled(self.storage, self.__module_name, self.__module_experimental)
 
     def user_context_apply(self):
         '''

gpoa/frontend/polkit_applier.py

@@ -26,31 +26,67 @@ from util.logging import log
 
 class polkit_applier(applier_frontend):
     __module_name = 'PolkitApplier'
-    __module_experimental = False
-    __module_enabled = True
+    __module_experimental = True
+    __module_enabled = False
     __deny_all_win = 'Software\\Policies\\Microsoft\\Windows\\RemovableStorageDevices\\Deny_All'
-    __deny_all = 'Software\\BaseALT\\Policies\\GPUpdate\\RemovableStorageDevices\\Deny_All'
+    __registry_branch = 'Software\\BaseALT\\Policies\\Polkit\\'
+    __registry_locks_branch = 'Software\\BaseALT\\Policies\\PolkitLocks\\'
     __polkit_map = {
-        __deny_all: ['49-gpoa_disk_permissions', { 'Deny_All': 0 }]
+        __deny_all_win: ['49-gpoa_disk_permissions', { 'Deny_All': 0 }],
+        __registry_branch : ['49-alt_group_policy_permissions', {}],
+        __registry_locks_branch : ['47-alt_group_policy_permissions', {}]
     }
 
     def __init__(self, storage):
         self.storage = storage
-        deny_all = storage.filter_hklm_entries(self.__deny_all).first()
-        if not deny_all and check_windows_mapping_enabled(self.storage):
-            deny_all = storage.filter_hklm_entries(self.__deny_all_win).first()
+        deny_all_win = None
+        if check_windows_mapping_enabled(self.storage):
+            deny_all_win = storage.filter_hklm_entries(self.__deny_all_win).first()
         # Deny_All hook: initialize defaults
-        template_file = self.__polkit_map[self.__deny_all][0]
-        template_vars = self.__polkit_map[self.__deny_all][1]
-        if deny_all:
+        polkit_filter = '{}%'.format(self.__registry_branch)
+        polkit_locks_filter = '{}%'.format(self.__registry_locks_branch)
+        self.polkit_keys = self.storage.filter_hklm_entries(polkit_filter)
+        self.polkit_locks = self.storage.filter_hklm_entries(polkit_locks_filter)
+        template_file = self.__polkit_map[self.__deny_all_win][0]
+        template_vars = self.__polkit_map[self.__deny_all_win][1]
+        template_file_all = self.__polkit_map[self.__registry_branch][0]
+        template_vars_all = self.__polkit_map[self.__registry_branch][1]
+        template_file_all_lock = self.__polkit_map[self.__registry_locks_branch][0]
+        template_vars_all_lock = self.__polkit_map[self.__registry_locks_branch][1]
+        locks = list()
+        for lock in self.polkit_locks:
+            if bool(int(lock.data)):
+                locks.append(lock.valuename)
+
+        dict_lists_rules = {'No': [[], []],
+                            'Yes': [[], []],
+                            'Auth_self' : [[], []],
+                            'Auth_admin': [[], []],
+                            'Auth_self_keep': [[], []],
+                            'Auth_admin_keep': [[], []]}
+
+        check_and_add_to_list = (lambda it, act: dict_lists_rules[act][0].append(it.valuename)
+                                if it.valuename not in locks
+                                else dict_lists_rules[act][1].append(it.valuename))
+
+        for it_data in self.polkit_keys:
+            check_and_add_to_list(it_data, it_data.data)
+
+        for key, item in dict_lists_rules.items():
+            self.__polkit_map[self.__registry_branch][1][key] = item[0]
+            self.__polkit_map[self.__registry_locks_branch][1][key] = item[1]
+
+        if deny_all_win:
             logdata = dict()
-            logdata['Deny_All'] = deny_all.data
+            logdata['Deny_All_win'] = deny_all_win.data
             log('D69', logdata)
-            self.__polkit_map[self.__deny_all][1]['Deny_All'] = deny_all.data
+            self.__polkit_map[self.__deny_all_win][1]['Deny_All'] = deny_all_win.data
         else:
             log('D71')
         self.policies = []
         self.policies.append(polkit(template_file, template_vars))
+        self.policies.append(polkit(template_file_all, template_vars_all))
+        self.policies.append(polkit(template_file_all_lock, template_vars_all_lock))
         self.__module_enabled = check_enabled(
               self.storage
             , self.__module_name
@@ -70,36 +106,57 @@ class polkit_applier(applier_frontend):
 
 class polkit_applier_user(applier_frontend):
     __module_name = 'PolkitApplierUser'
-    __module_experimental = False
-    __module_enabled = True
+    __module_experimental = True
+    __module_enabled = False
     __deny_all_win = 'Software\\Policies\\Microsoft\\Windows\\RemovableStorageDevices\\Deny_All'
-    __deny_all = 'Software\\BaseALT\\Policies\\GPUpdate\\RemovableStorageDevices\\Deny_All'
+    __registry_branch = 'Software\\BaseALT\\Policies\\Polkit\\'
     __polkit_map = {
-            __deny_all: ['48-gpoa_disk_permissions_user', { 'Deny_All': 0, 'User': '' }]
+            __deny_all_win: ['48-gpoa_disk_permissions_user', { 'Deny_All': 0, 'User': '' }],
+            __registry_branch : ['48-alt_group_policy_permissions_user', {'User': ''}]
     }
 
     def __init__(self, storage, sid, username):
         self.storage = storage
         self.sid = sid
         self.username = username
-
-        deny_all = storage.filter_hkcu_entries(self.sid, self.__deny_all).first()
-        if not deny_all and check_windows_mapping_enabled(self.storage):
-            deny_all = storage.filter_hkcu_entries(self.sid, self.__deny_all_win).first()
+        deny_all_win = None
+        if check_windows_mapping_enabled(self.storage):
+            deny_all_win = storage.filter_hkcu_entries(self.sid, self.__deny_all_win).first()
+        polkit_filter = '{}%'.format(self.__registry_branch)
+        self.polkit_keys = self.storage.filter_hkcu_entries(self.sid, polkit_filter)
         # Deny_All hook: initialize defaults
-        template_file = self.__polkit_map[self.__deny_all][0]
-        template_vars = self.__polkit_map[self.__deny_all][1]
-        if deny_all:
+        template_file = self.__polkit_map[self.__deny_all_win][0]
+        template_vars = self.__polkit_map[self.__deny_all_win][1]
+        template_file_all = self.__polkit_map[self.__registry_branch][0]
+        template_vars_all = self.__polkit_map[self.__registry_branch][1]
+
+        dict_lists_rules = {'No': [],
+                            'Yes': [],
+                            'Auth_self': [],
+                            'Auth_admin': [],
+                            'Auth_self_keep': [],
+                            'Auth_admin_keep': []}
+
+        for it_data in self.polkit_keys:
+            dict_lists_rules[it_data.data].append(it_data.valuename)
+
+        self.__polkit_map[self.__registry_branch][1]['User'] = self.username
+
+        for key, item in dict_lists_rules.items():
+            self.__polkit_map[self.__registry_branch][1][key] = item
+
+        if deny_all_win:
             logdata = dict()
             logdata['user'] = self.username
-            logdata['Deny_All'] = deny_all.data
+            logdata['Deny_All_win'] = deny_all_win.data
             log('D70', logdata)
-            self.__polkit_map[self.__deny_all][1]['Deny_All'] = deny_all.data
-            self.__polkit_map[self.__deny_all][1]['User'] = self.username
+            self.__polkit_map[self.__deny_all_win][1]['Deny_All'] = deny_all_win.data
+            self.__polkit_map[self.__deny_all_win][1]['User'] = self.username
         else:
             log('D72')
         self.policies = []
         self.policies.append(polkit(template_file, template_vars, self.username))
+        self.policies.append(polkit(template_file_all, template_vars_all, self.username))
         self.__module_enabled = check_enabled(
               self.storage
             , self.__module_name

gpoa/frontend/scripts_applier.py

@@ -19,9 +19,7 @@
 import os
 import shutil
 from pathlib import Path
-import pysss_nss_idmap
 
-from django.template import base
 from util.logging import log
 from .appliers.folder import remove_dir_tree
 from .applier_frontend import (
@@ -150,10 +148,10 @@ def install_script(storage_script_entry, script_dir, access_permissions):
     shutil.copyfile(storage_script_entry.path, script_file)
 
     os.chmod(script_file, int(access_permissions, base = 8))
-    if storage_script_entry.arg:
+    if storage_script_entry.args:
         dir_path = script_dir + '/' + script_name + '.arg'
         dir_arg = Path(dir_path)
         dir_arg.mkdir(parents=True, exist_ok=True)
         file_arg = open(dir_path + '/arg', 'w')
-        file_arg.write(storage_script_entry.arg)
+        file_arg.write(storage_script_entry.args)
         file_arg.close()

gpoa/frontend/shortcut_applier.py

@@ -38,8 +38,7 @@ def storage_get_shortcuts(storage, sid, username=None):
     shortcut_objs = storage.get_shortcuts(sid)
     shortcuts = list()
 
-    for sc_obj in shortcut_objs:
-        sc = json2sc(sc_obj.shortcut)
+    for sc in shortcut_objs:
         if username:
             sc.set_expanded_path(expand_windows_var(sc.path, username))
         shortcuts.append(sc)

gpoa/frontend/systemd_applier.py

@@ -29,11 +29,11 @@ class systemd_applier(applier_frontend):
     __module_name = 'SystemdApplier'
     __module_experimental = False
     __module_enabled = True
-    __registry_branch = 'Software\\BaseALT\\Policies\\SystemdUnits'
+    __registry_branch = 'Software/BaseALT/Policies/SystemdUnits'
 
     def __init__(self, storage):
         self.storage = storage
-        self.systemd_unit_settings = self.storage.filter_hklm_entries('Software\\BaseALT\\Policies\\SystemdUnits%')
+        self.systemd_unit_settings = self.storage.filter_hklm_entries(self.__registry_branch)
         self.units = []
         self.__module_enabled = check_enabled(
               self.storage
@@ -43,7 +43,7 @@ class systemd_applier(applier_frontend):
 
     def run(self):
         for setting in self.systemd_unit_settings:
-            valuename = setting.hive_key.rpartition('\\')[2]
+            valuename = setting.hive_key.rpartition('/')[2]
             try:
                 self.units.append(systemd_unit(valuename, int(setting.data)))
                 logdata = dict()
@@ -76,7 +76,7 @@ class systemd_applier_user(applier_frontend):
     __module_name = 'SystemdApplierUser'
     __module_experimental = False
     __module_enabled = True
-    __registry_branch = 'Software\\BaseALT\\Policies\\SystemdUnits'
+    __registry_branch = 'Software/BaseALT/Policies/SystemdUnits'
 
     def __init__(self, storage, sid, username):
         self.storage = storage

gpoa/frontend/yandex_browser_applier.py

@@ -24,13 +24,13 @@ from .applier_frontend import (
 import json
 import os
 from util.logging import log
-from util.util import is_machine_name
+from util.util import is_machine_name, string_to_literal_eval
 
 class yandex_browser_applier(applier_frontend):
     __module_name = 'YandexBrowserApplier'
     __module_enabled = True
     __module_experimental = False
-    __registry_branch = 'Software\\Policies\\YandexBrowser'
+    __registry_branch = 'Software/Policies/YandexBrowser'
     __managed_policies_path = '/etc/opt/yandex/browser/policies/managed'
     __recommended_policies_path = '/etc/opt/yandex/browser/policies/recommended'
 
@@ -65,7 +65,7 @@ class yandex_browser_applier(applier_frontend):
         #Replacing all nested dictionaries with a list
         dict_item_to_list = (
             lambda target_dict :
-                {key:[*val.values()] if type(val) == dict else val for key,val in target_dict.items()}
+                {key:[*val.values()] if type(val) == dict else string_to_literal_eval(val) for key,val in target_dict.items()}
             )
         os.makedirs(self.__managed_policies_path, exist_ok=True)
         with open(destfile, 'w') as f:
@@ -98,19 +98,48 @@ class yandex_browser_applier(applier_frontend):
         '''
         List of keys resulting from parsing chrome.admx with parsing_chrom_admx_intvalues.py
         '''
-        valuename_typeint = (['TurboSettings',
-                            'DefaultPluginsSetting',
-                            'BrowserSignin',
+        valuename_typeint = (['DefaultPageSaveSettings',
+                            'DefaultUploadSetting',
+                            'YandexAutoLaunchMode',
+                            'DefaultClipboardSetting',
+                            'DefaultFileSystemReadGuardSetting',
+                            'DefaultFileSystemWriteGuardSetting',
+                            'DefaultImagesSetting',
+                            'DefaultJavaScriptJitSetting',
+                            'DefaultJavaScriptSetting',
+                            'DefaultLocalFontsSetting',
+                            'DefaultPopupsSetting',
+                            'DefaultSensorsSetting',
+                            'DefaultSerialGuardSetting',
+                            'DefaultWebBluetoothGuardSetting',
+                            'DefaultWebHidGuardSetting',
+                            'DefaultWebUsbGuardSetting',
+                            'DefaultWindowManagementSetting',
+                            'SafeSitesFilterBehavior',
+                            'YandexUserFeedbackMode',
+                            'TurboSettings',
+                            'SidePanelMode',
+                            'RestoreOnStartup',
+                            'RestoreOnStartup_recommended',
+                            'BrowserSwitcherParsingMode',
+                            'DefaultNotificationsSetting',
+                            'YandexPowerSavingMode',
+                            'ChromeVariations',
+                            'DeveloperToolsAvailability',
+                            'DownloadRestrictions',
+                            'NetworkPredictionOptions',
+                            'DownloadRestrictions_recommended',
+                            'NetworkPredictionOptions_recommended',
                             'DefaultCookiesSetting',
                             'DefaultGeolocationSetting',
-                            'DefaultPopupsSetting',
-                            'DeveloperToolsAvailability',
                             'IncognitoModeAvailability',
+                            'DefaultPrintingSettings',
+                            'DefaultPluginsSetting',
+                            'DefaultInsecureContentSetting',
                             'PasswordProtectionWarningTrigger',
                             'SafeBrowsingProtectionLevel',
                             'SafeBrowsingProtectionLevel_recommended',
-                            'SidePanelMode',
-                            'YandexAutoLaunchMode'])
+                            'DiskCacheSize'])
         return valuename_typeint
 
 
@@ -123,7 +152,7 @@ class yandex_browser_applier(applier_frontend):
         '''
         Parse registry path string and leave key parameters
         '''
-        parts = hivekeyname.replace(self.__registry_branch, '').split('\\')
+        parts = hivekeyname.replace(self.__registry_branch, '').split('/')
         return parts
 
 

gpoa/gpoa

@@ -23,7 +23,7 @@ import signal
 import gettext
 import locale
 
-from backend import backend_factory
+from backend import backend_factory, save_dconf
 from frontend.frontend_manager import frontend_manager, determine_username
 from plugin import plugin_manager
 from messages import message_with_code
@@ -159,6 +159,7 @@ class gpoa_controller:
                         einfo = geterr()
                         logdata.update(einfo)
                         log('E3', logdata)
+        save_dconf(self.username, self.is_machine)
 
     def start_frontend(self):
         '''

gpoa/gpt/drives.py

@@ -67,6 +67,12 @@ def read_drives(drives_file):
         drive_obj.set_pass(decrypt_pass(props.get('cpassword')))
         drive_obj.set_dir(props.get('letter'))
         drive_obj.set_path(props.get('path'))
+        drive_obj.set_action(props.get('action'))
+        drive_obj.set_thisDrive(props.get('thisDrive'))
+        drive_obj.set_allDrives(props.get('allDrives'))
+        drive_obj.set_label(props.get('label'))
+        drive_obj.set_persistent(props.get('persistent'))
+        drive_obj.set_useLetter(props.get('useLetter'))
 
         drives.append(drive_obj)
 
@@ -93,6 +99,12 @@ class drivemap:
         self.password = None
         self.dir = None
         self.path = None
+        self.action = None
+        self.thisDrive = None
+        self.allDrives = None
+        self.label = None
+        self.persistent = None
+        self.useLetter = None
 
     def set_login(self, username):
         self.login = username
@@ -110,6 +122,24 @@ class drivemap:
     def set_path(self, path):
         self.path = path
 
+    def set_action(self, action):
+        self.action = action
+
+    def set_thisDrive(self, thisDrive):
+        self.thisDrive = thisDrive
+
+    def set_allDrives(self, allDrives):
+        self.allDrives = allDrives
+
+    def set_label(self, label):
+        self.label = label
+
+    def set_persistent(self, persistent):
+        self.persistent = persistent
+
+    def set_useLetter(self, useLetter):
+        self.useLetter = useLetter
+
     def to_json(self):
         drive = dict()
         drive['login'] = self.login

gpoa/gpt/files.py

@@ -30,6 +30,7 @@ def read_files(filesxml):
         fil_obj.set_archive(props.get('archive', default=None))
         fil_obj.set_hidden(props.get('hidden', default=None))
         fil_obj.set_suppress(props.get('suppress', default=None))
+        fil_obj.set_executable(props.get('executable', default=None))
         files.append(fil_obj)
 
     return files
@@ -54,3 +55,5 @@ class fileentry:
         self.hidden = hidden
     def set_suppress(self, suppress):
         self.suppress = suppress
+    def set_executable(self, executable):
+        self.executable = executable

gpoa/gpt/folders.py

@@ -66,9 +66,11 @@ def read_folders(folders_file):
         fld_obj.set_delete_folder(folder_int2bool(props.get('deleteFolder', default=1)))
         fld_obj.set_delete_sub_folders(folder_int2bool(props.get('deleteSubFolders', default=1)))
         fld_obj.set_delete_files(folder_int2bool(props.get('deleteFiles', default=1)))
+        fld_obj.set_hidden_folder(folder_int2bool(props.get('hidden', default=0)))
 
         folders.append(fld_obj)
 
+
     return folders
 
 def merge_folders(storage, sid, folder_objects, policy_name):
@@ -83,6 +85,7 @@ class folderentry:
         self.delete_folder = False
         self.delete_sub_folders = False
         self.delete_files = False
+        self.hidden_folder = False
 
     def set_action(self, action):
         self.action = action
@@ -96,3 +99,5 @@ class folderentry:
     def set_delete_files(self, del_bool):
         self.delete_files = del_bool
 
+    def set_hidden_folder(self, hid_bool):
+        self.hidden_folder = hid_bool

gpoa/gpt/gpt.py

@@ -153,10 +153,13 @@ def get_merger(preference_type):
     return mergers[preference_type]
 
 class gpt:
-    def __init__(self, gpt_path, sid):
+    def __init__(self, gpt_path, sid, username='Machine', version=None):
         self.path = gpt_path
+        self.username = username
         self.sid = sid
-        self.storage = registry_factory('registry')
+        self.storage = registry_factory()
+        self.storage._gpt_read_flag = True
+        self.version = version
         self.name = ''
         self.guid = self.path.rpartition('/')[2]
         if 'default' == self.guid:
@@ -214,7 +217,7 @@ class gpt:
             if self.settings['machine']['regpol']:
                 mlogdata = dict({'polfile': self.settings['machine']['regpol']})
                 log('D34', mlogdata)
-                util.preg.merge_polfile(self.settings['machine']['regpol'], policy_name=self.name)
+                util.preg.merge_polfile(self.settings['machine']['regpol'], policy_name=self.name, version=self.version)
             # Merge machine preferences to registry if possible
             for preference_name, preference_path in self.settings['machine'].items():
                 if preference_path:
@@ -240,7 +243,11 @@ class gpt:
             if self.settings['user']['regpol']:
                 mulogdata = dict({'polfile': self.settings['user']['regpol']})
                 log('D35', mulogdata)
-                util.preg.merge_polfile(self.settings['user']['regpol'], sid=self.sid, policy_name=self.name)
+                util.preg.merge_polfile(self.settings['user']['regpol'],
+                                        sid=self.sid,
+                                        policy_name=self.name,
+                                        username=self.username,
+                                        version=self.version)
             # Merge user preferences to registry if possible
             for preference_name, preference_path in self.settings['user'].items():
                 if preference_path:

gpoa/gpt/networkshares.py

@@ -17,6 +17,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 from util.xml import get_xml_root
+from storage.dconf_registry import Dconf_registry
 
 def read_networkshares(networksharesxml):
     networkshares = list()

gpoa/gpt/polfile.py

@@ -24,9 +24,10 @@ def read_polfile(filename):
     return load_preg(filename).entries
 
 def merge_polfile(storage, sid, policy_objects, policy_name):
-    for entry in policy_objects:
-        if not sid:
-            storage.add_hklm_entry(entry, policy_name)
-        else:
-            storage.add_hkcu_entry(entry, sid, policy_name)
+    pass
+    # for entry in policy_objects:
+    #     if not sid:
+    #         storage.add_hklm_entry(entry, policy_name)
+    #     else:
+    #         storage.add_hkcu_entry(entry, sid, policy_name)
 

gpoa/gpt/scriptsini.py

@@ -61,19 +61,19 @@ def read_scripts(scripts_file):
                     section_scripts[key_index].set_args(config[act][key])
     if logon_scripts:
         for i in sorted(logon_scripts.keys()):
-            scripts.add_script(act_upper, logon_scripts[i])
+            scripts.add_script('LOGON', logon_scripts[i])
 
     if logoff_scripts:
         for i in sorted(logoff_scripts.keys()):
-            scripts.add_script(act_upper, logoff_scripts[i])
+            scripts.add_script('LOGOFF', logoff_scripts[i])
 
     if startup_scripts:
         for i in sorted(startup_scripts.keys()):
-            scripts.add_script(act_upper, startup_scripts[i])
+            scripts.add_script('STARTUP', startup_scripts[i])
 
     if shutdown_scripts:
         for i in sorted(shutdown_scripts.keys()):
-            scripts.add_script(act_upper, shutdown_scripts[i])
+            scripts.add_script('SHUTDOWN', shutdown_scripts[i])
 
 
     return scripts

gpoa/gpt/shortcuts.py

@@ -27,6 +27,7 @@ import json
 
 from util.windows import transform_windows_path
 from util.xml import get_xml_root
+from util.paths import get_desktop_files_directory
 
 class TargetType(Enum):
     FILESYSTEM = 'FILESYSTEM'
@@ -85,6 +86,9 @@ def read_shortcuts(shortcuts_file):
         sc.set_guid(link.get('uid'))
         sc.set_usercontext(link.get('userContext', False))
         sc.set_icon(props.get('iconPath'))
+        if props.get('comment'):
+            sc.set_comment(props.get('comment'))
+
         shortcuts.append(sc)
 
     return shortcuts
@@ -105,11 +109,26 @@ def json2sc(json_str):
     sc.set_clsid(json_obj['clsid'])
     sc.set_guid(json_obj['guid'])
     sc.set_usercontext(json_obj['is_in_user_context'])
+    if 'comment' in json_obj:
+        sc.set_comment(json_obj['comment'])
     if 'icon' in json_obj:
         sc.set_icon(json_obj['icon'])
 
     return sc
 
+def find_desktop_entry(binary_path):
+    desktop_dir = get_desktop_files_directory()
+    binary_name = ''.join(binary_path.split('/')[-1])
+    desktop_file_path = Path(f"{desktop_dir}/{binary_name}.desktop")
+
+    if desktop_file_path.exists():
+        desktop_entry = DesktopEntry()
+        desktop_entry.parse(desktop_file_path)
+        return desktop_entry
+
+    return None
+
+
 class shortcut:
     def __init__(self, dest, path, arguments, name=None, action=None, ttype=TargetType.FILESYSTEM):
         '''
@@ -119,16 +138,34 @@ class shortcut:
         :param name: Name of the application
         :param type: Link type - FILESYSTEM or URL
         '''
-        self.dest = dest
+        self.dest = self.replace_slashes(dest)
         self.path = path
         self.expanded_path = None
         self.arguments = arguments
-        self.name = name
+        self.name = self.replace_name(name)
         self.action = action
         self.changed = ''
         self.icon = None
+        self.comment = ''
         self.is_in_user_context = self.set_usercontext()
         self.type = ttype
+        self.desktop_file_template = None
+
+    def replace_slashes(self, input_path):
+        if input_path.startswith('%'):
+            index = input_path.find('%', 1)
+            if index != -1:
+                replace_path = input_path[:index + 2] + input_path[index + 2:].replace('/','-')
+                return replace_path
+        return input_path.replace('/','-')
+
+    def replace_name(self, input_name):
+        if input_name.startswith('%'):
+            index = input_name.find('%', 1)
+            if index != -1:
+                replace_name = input_name[index + 2:]
+                return replace_name
+        return input_name
 
     def __str__(self):
         result = self.to_json()
@@ -149,6 +186,9 @@ class shortcut:
     def set_icon(self, icon_name):
         self.icon = icon_name
 
+    def set_comment(self, comment):
+        self.comment = comment
+
     def set_type(self, ttype):
         '''
         Set type of the hyperlink - FILESYSTEM or URL
@@ -194,6 +234,8 @@ class shortcut:
         content['type'] = ttype2str(self.type)
         if self.icon:
             content['icon'] = self.icon
+        if self.comment:
+            content['comment'] = self.comment
         result = self.desktop()
         result.content.update(content)
 
@@ -206,6 +248,7 @@ class shortcut:
         if dest:
             self.desktop_file = DesktopEntry(dest)
         else:
+            self.desktop_file_template = find_desktop_entry(self.path)
             self.desktop_file = DesktopEntry()
             self.desktop_file.addGroup('Desktop Entry')
             self.desktop_file.set('Version', '1.0')
@@ -230,11 +273,18 @@ class shortcut:
         if self.type == TargetType.URL:
             self.desktop_file.set('URL', desktop_path)
         else:
-            self.desktop_file.set('Terminal', 'false')
+            str2bool_lambda = (lambda boolstr: boolstr if isinstance(boolstr, bool)
+                               else boolstr and boolstr.lower() in ['True', 'true', 'yes', '1'])
+            if self.desktop_file_template:
+                terminal_state = str2bool_lambda(self.desktop_file_template.get('Terminal'))
+                self.desktop_file.set('Terminal', 'true' if terminal_state else 'false')
             self.desktop_file.set('Exec', '{} {}'.format(desktop_path, self.arguments))
+            self.desktop_file.set('Comment', self.comment)
 
         if self.icon:
             self.desktop_file.set('Icon', self.icon)
+        elif self.desktop_file_template and self.desktop_file_template.get('Icon', False):
+            self.desktop_file.set('Icon', self.desktop_file_template.get('Icon'))
 
     def _write_desktop(self, dest, create_only=False, read_firstly=False):
         '''

gpoa/gpupdate-setup

@@ -146,10 +146,10 @@ def is_unit_enabled(unit_name, unit_global=False):
 
 def get_status():
     '''
-    Check that gpupdate.service and gpupdate-user.service are enabled.
+    Check that gpupdate.timer and gpupdate-user.timer are enabled.
     '''
-    is_gpupdate = is_unit_enabled('gpupdate.service')
-    is_gpupdate_user = is_unit_enabled('gpupdate-user.service', unit_global=True)
+    is_gpupdate = is_unit_enabled('gpupdate.timer')
+    is_gpupdate_user = is_unit_enabled('gpupdate-user.timer', unit_global=True)
 
     if is_gpupdate and is_gpupdate_user:
         return True
@@ -218,7 +218,7 @@ def enable_gp(policy_name, backend_type):
     cmd_set_gpupdate_policy = ['/usr/sbin/control', 'system-policy', 'gpupdate']
     cmd_gpoa_nodomain = ['/usr/sbin/gpoa', '--nodomain', '--loglevel', '5']
     cmd_enable_gpupdate_service = ['/bin/systemctl', 'enable', 'gpupdate.service']
-    cmd_enable_gpupdate_user_service = ['/bin/systemctl', '--global', 'enable', 'gpupdate-user.service']
+    cmd_enable_gpupdate_user_service = ['/bin/systemctl', '--global', 'disable', 'gpupdate-user.service']
     cmd_enable_gpupdate_timer = ['/bin/systemctl', 'enable', 'gpupdate.timer']
     cmd_enable_gpupdate_user_timer = ['/bin/systemctl', '--global', 'enable', 'gpupdate-user.timer']
     cmd_enable_gpupdate_scripts_service = ['/bin/systemctl', 'enable', 'gpupdate-scripts-run.service']
@@ -254,11 +254,7 @@ def enable_gp(policy_name, backend_type):
     # Enable gpupdate-setup.service for all users
     if not rollback_on_error(cmd_enable_gpupdate_user_service):
         return
-    if not is_unit_enabled('gpupdate-user.service', unit_global=True):
-        disable_gp()
-        return
-
-        # Enable gpupdate-scripts-run.service
+    # Enable gpupdate-scripts-run.service
     if not rollback_on_error(cmd_enable_gpupdate_scripts_service):
         return
     if not is_unit_enabled('gpupdate-scripts-run.service'):

gpoa/locale/ru_RU/LC_MESSAGES/gpoa.po

@@ -62,6 +62,9 @@ msgstr "Политика Chromium"
 msgid "Set user property to"
 msgstr "Установка свойств  для пользователя"
 
+msgid "The line in the configuration file was cleared"
+msgstr "В конфигурационном файле была очищена строка"
+
 # Error
 msgid "Insufficient permissions to run gpupdate"
 msgstr "Недостаточно прав для запуска gpupdate"
@@ -228,6 +231,27 @@ msgstr "Ошибка очистки каталога для машины"
 msgid "Error cleaning directory for user"
 msgstr "Ошибка очистки каталога для пользователя"
 
+msgid "Error while executing command for widgets"
+msgstr "Ошибка при выполнении команды для виджетов"
+
+msgid "Error creating environment variables"
+msgstr "Ошибка создания переменных среды"
+
+msgid "Error running kwriteconfig5 command"
+msgstr "Ошибка выполнения команды kwriteconfig5"
+
+msgid "Error getting list of keys"
+msgstr "Ошибка получения списка ключей"
+
+msgid "Error getting key value"
+msgstr "Ошибка при получении значения ключей"
+
+msgid "Failed to update dconf database"
+msgstr "Не удалось обновить базу данных dconf"
+
+msgid "Exception occurred while updating dconf database"
+msgstr "Возникло исключение при обновлении базы данных dconf"
+
 # Error_end
 
 # Debug
@@ -723,11 +747,11 @@ msgstr "Запуск применение настроек ini файлов дл
 msgid "Running ini applier for machine will not be started"
 msgstr "Применение настроек ini файлов для машины не будет запущено"
 
-msgid "Running ini applier for user in administrator context"
-msgstr "Запуск применение настроек ini файлов для пользователя в контексте администратора"
+msgid "Running ini applier for user in user context"
+msgstr "Запуск применение настроек ini файлов для пользователя в контексте пользователя"
 
-msgid "Running ini applier for user in administrator context will not be started"
-msgstr "Применение настроек ini файлов для пользователя в контексте администратора не будет запущено"
+msgid "Running ini applier for user in user context will not be started"
+msgstr "Применение настроек ini файлов для пользователя в контексте пользователя не будет запущено"
 
 msgid "Ini-file path not recognized"
 msgstr "Путь к ini-файлу не распознан"
@@ -741,6 +765,12 @@ msgstr "Сохранение информации об ini-файле"
 msgid "Dictionary key generation failed"
 msgstr "Формирования ключа словаря не удалось"
 
+msgid "Running CIFS applier for machine"
+msgstr "Запуск применение настроек CIFS для машины"
+
+msgid "CIFS applier for machine will not be started"
+msgstr "Применение настроек CIFS для машины не будет запущено"
+
 msgid "Saving information about network shares"
 msgstr "Сохранение информации о сетевых ресурсах"
 
@@ -762,6 +792,84 @@ msgstr "Yandex_browser_applier для машины не запустится"
 msgid "Wrote YandexBrowser preferences to"
 msgstr "Запись настройки Яндекс Браузера в"
 
+msgid "Running networkshare applier for user"
+msgstr "Запуск применение настроек сетевых каталогов для пользователя"
+
+msgid "File copy"
+msgstr "Копирование файла"
+
+msgid "Running networkshare applier for user will not be started"
+msgstr "Применение настроек сетевых каталогов для пользователя не будет запущено"
+
+msgid "File update"
+msgstr "Обновление файла"
+
+msgid "Applying settings for network share"
+msgstr "Применение настроек для сетевой папки"
+
+msgid "Deleting a file"
+msgstr "Удаление файла"
+
+msgid "Running GPOA by root for user"
+msgstr "Запуск GPOA от root для пользователя"
+
+msgid "The GPOA process was started for computer"
+msgstr "Процесс GPOA запущен для компьютера"
+
+msgid "Running networkshare applier for machine will not be started"
+msgstr "Применение настроек сетевых каталогов для машины не будет запущено"
+
+msgid "Failed to create a symlink to the network drives mountpoint"
+msgstr "Не удалось создать ссылку на точку монтирования сетевых дисков пользователя"
+
+msgid "Failed to create a symlink to the system network drives mountpoint"
+msgstr "Не удалось создать ссылку на точку монтирования системных сетевых дисков"
+
+msgid "Failed to create a symlink to the hidden network drives mountpoint"
+msgstr "Не удалось создать ссылку на точку монтирования скрытых сетевых дисков пользователя"
+
+msgid "Failed to create a symlink to the hidden system network drives mountpoint"
+msgstr "Не удалось создать ссылку на точку монтирования скрытых системных сетевых дисков"
+
+msgid "Running KDE applier for machine"
+msgstr "Запуск применения настроек KDE для машины"
+
+msgid "KDE applier for machine will not be started"
+msgstr "Применение настроек KDE для машины не удалось"
+
+msgid "Running KDE applier for user in user context"
+msgstr "Запуск применения настроек KDE в контексте пользователя"
+
+msgid "KDE applier for user in user context will not be started"
+msgstr "KDE в контексте пользователя не запускается"
+
+msgid "Changing the configuration file"
+msgstr "Изменение конфигурационного файла"
+
+msgid "Widget command completed successfully"
+msgstr "Команда для виджетов выполнена успешно"
+
+msgid "Getting a list of keys"
+msgstr "Получение списка ключей"
+
+msgid "Getting the key value"
+msgstr "Получение значения ключа"
+
+msgid "Successfully updated dconf database"
+msgstr "База данных dconf успешно обновлена"
+
+msgid "Creating a dictionary with keys and values from the dconf database"
+msgstr "Формирование словаря с ключами и значениями из базы dconf"
+
+msgid "No entry found for the specified path"
+msgstr "Не найдено записей по указанному пути"
+
+msgid "Creating an ini file with policies for dconf"
+msgstr "Создание ini-файла с политиками для  dconf"
+
+msgid "GPO version was not found"
+msgstr "Версия GPO не найдена"
+
 # Debug_end
 
 # Warning
@@ -808,6 +916,36 @@ msgstr "Не удалось кэшировать файл"
 msgid "Could not create a valid list of keys"
 msgstr "Не удалось создать допустимый список ключей"
 
+msgid "Failed to copy file"
+msgstr "Не удалось скопировать файл"
+
+msgid "Failed to create KDE settings list"
+msgstr "Не удалось создать список настроек KDE"
+
+msgid "Could not find application tools"
+msgstr "Не удалось найти инструменты применения"
+
+msgid "Failed to open KDE settings"
+msgstr "Не удалось открыть настройки KDE"
+
+msgid "Failed to change KDE configuration file"
+msgstr "Не удалось изменить файл конфигурации KDE"
+
+msgid "Error connecting to server"
+msgstr "Ошибка при подключении к серверу"
+
+msgid "Wallpaper configuration file not found"
+msgstr "Конфигурационный файл для обоев не найден"
+
+msgid "The user setting was not installed, conflict with computer setting"
+msgstr "Пользовательская настройка не была установлена, конфликт с настройкой компьютера"
+
+msgid "Action for ini file failed"
+msgstr "Не удалось выполнить действие для INI-файла"
+
+msgid "Couldn't get the uid"
+msgstr "Не удалось получить uid"
+
 # Fatal
 msgid "Unable to refresh GPO list"
 msgstr "Невозможно обновить список объектов групповых политик"

gpoa/messages/__init__.py

@@ -30,6 +30,7 @@ def info_code(code):
     info_ids[7] = 'Firefox policy'
     info_ids[8] = 'Chromium policy'
     info_ids[9] = 'Set user property to'
+    info_ids[10] = 'The line in the configuration file was cleared'
 
     return info_ids.get(code, 'Unknown info code')
 
@@ -99,8 +100,13 @@ def error_code(code):
     error_ids[63] = 'Error merging user GPT (from machine GPO)'
     error_ids[64] = 'Error to cleanup directory for machine'
     error_ids[65] = 'Error to cleanup directory for user'
-
-
+    error_ids[66] = 'Error while executing command for widgets'
+    error_ids[67] = 'Error creating environment variables'
+    error_ids[68] = 'Error running kwriteconfig5 command'
+    error_ids[69] = 'Error getting list of keys'
+    error_ids[70] = 'Error getting key value'
+    error_ids[71] = 'Failed to update dconf database'
+    error_ids[72] = 'Exception occurred while updating dconf database'
     return error_ids.get(code, 'Unknown error code')
 
 def debug_code(code):
@@ -277,19 +283,44 @@ def debug_code(code):
     debug_ids[170] = 'Running File copy applier for user in administrator context will not be started'
     debug_ids[171] = 'Running ini applier for machine'
     debug_ids[172] = 'Running ini applier for machine will not be started'
-    debug_ids[173] = 'Running ini applier for user in administrator context'
-    debug_ids[174] = 'Running ini applier for user in administrator context will not be started'
+    debug_ids[173] = 'Running ini applier for user in user context'
+    debug_ids[174] = 'Running ini applier for user in user context will not be started'
     debug_ids[175] = 'Ini-file path not recognized'
     debug_ids[176] = 'Ini-file is not readable'
     debug_ids[177] = 'Saving information about ini-file'
     debug_ids[178] = 'Dictionary key generation failed'
-    debug_ids[179] = 'Saving information about network shares'
-    debug_ids[180] = 'Running networkshare applier for machine'
+    debug_ids[179] = 'Running CIFS applier for machine'
+    debug_ids[180] = 'CIFS applier for machine will not be started'
     debug_ids[181] = 'Running networkshare applier for machine will not be started'
     debug_ids[182] = 'Apply network share data action failed'
     debug_ids[183] = 'Running yandex_browser_applier for machine'
     debug_ids[184] = 'Yandex_browser_applier for machine will not be started'
     debug_ids[185] = 'Wrote YandexBrowser preferences to'
+    debug_ids[186] = 'Saving information about network shares'
+    debug_ids[187] = 'Running networkshare applier for machine'
+    debug_ids[188] = 'Running networkshare applier for user'
+    debug_ids[189] = 'Running networkshare applier for user will not be started'
+    debug_ids[190] = 'Applying settings for network share'
+    debug_ids[191] = 'File copy'
+    debug_ids[192] = 'File update'
+    debug_ids[193] = 'Deleting a file'
+    debug_ids[194] = 'Failed to create a symlink to the network drives mountpoint'
+    debug_ids[195] = 'Failed to create a symlink to the system network drives mountpoint'
+    debug_ids[196] = 'Failed to create a symlink to the hidden network drives mountpoint'
+    debug_ids[197] = 'Failed to create a symlink to the hidden system network drives mountpoint'
+    debug_ids[198] = 'Running KDE applier for machine'
+    debug_ids[199] = 'KDE applier for machine will not be started'
+    debug_ids[200] = 'Running KDE applier for user in user context'
+    debug_ids[201] = 'KDE applier for user in user context will not be started'
+    debug_ids[202] = 'Changing the configuration file'
+    debug_ids[203] = 'Widget command completed successfully'
+    debug_ids[204] = 'Getting a list of keys'
+    debug_ids[205] = 'Getting the key value'
+    debug_ids[206] = 'Successfully updated dconf database'
+    debug_ids[207] = 'Creating a dictionary with keys and values from the dconf database'
+    debug_ids[208] = 'No entry found for the specified path'
+    debug_ids[209] = 'Creating an ini file with policies for dconf'
+    debug_ids[210] = 'GPO version was not found'
 
     return debug_ids.get(code, 'Unknown debug code')
 
@@ -315,6 +346,17 @@ def warning_code(code):
     warning_ids[12] = 'Failed to read the list of files'
     warning_ids[13] = 'Failed to caching the file'
     warning_ids[14] = 'Could not create a valid list of keys'
+    warning_ids[15] = 'Failed to copy file'
+    warning_ids[16] = 'Failed to create KDE settings list'
+    warning_ids[17] = 'Could not find application tools'
+    warning_ids[18] = 'Failed to open KDE settings'
+    warning_ids[19] = 'Failed to change KDE configuration file'
+    warning_ids[20] = 'Error connecting to server'
+    warning_ids[21] = 'Wallpaper configuration file not found'
+    warning_ids[22] = 'The user setting was not installed, conflict with computer setting'
+    warning_ids[23] = 'Action for ini file failed'
+    warning_ids[24] = 'Couldn\'t get the uid'
+
 
     return warning_ids.get(code, 'Unknown warning code')
 

gpoa/pkcon_runner

@@ -44,27 +44,21 @@ def is_rpm_installed(rpm_name):
 
 class Pkcon_applier:
 
-    def __init__(self, sid = None):
+    def __init__(self, user = None):
         self.__install_key_name = 'Install'
         self.__remove_key_name = 'Remove'
-        self.__hkcu_branch = 'Software\\BaseALT\\Policies\\Packages'
-        self.__hklm_branch = 'Software\\BaseALT\\Policies\\Packages'
+        self.__hklm_branch = '/Software/BaseALT/Policies/Packages'
         self.__install_command = ['/usr/bin/pkcon', '-y', 'install']
         self.__remove_command = ['/usr/bin/pkcon', '-y', 'remove']
         self.__reinstall_command = ['/usr/bin/pkcon', '-y', 'reinstall']
         self.install_packages = set()
         self.remove_packages = set()
-        self.storage = registry_factory('registry')
-        if sid:
-            install_branch_user = '{}\\{}%'.format(self.__hkcu_branch, self.__install_key_name)
-            remove_branch_user = '{}\\{}%'.format(self.__hkcu_branch, self.__remove_key_name)
-            self.install_packages_setting = self.storage.filter_hkcu_entries(sid, install_branch_user)
-            self.remove_packages_setting = self.storage.filter_hkcu_entries(sid, remove_branch_user)
-        else:
-            install_branch = '{}\\{}%'.format(self.__hklm_branch, self.__install_key_name)
-            remove_branch = '{}\\{}%'.format(self.__hklm_branch, self.__remove_key_name)
-            self.install_packages_setting = self.storage.filter_hklm_entries(install_branch)
-            self.remove_packages_setting = self.storage.filter_hklm_entries(remove_branch)
+        self.storage = registry_factory(username=user)
+        self.storage.filling_storage_from_dconf()
+        install_branch = '{}/{}'.format(self.__hklm_branch, self.__install_key_name)
+        remove_branch = '{}/{}'.format(self.__hklm_branch, self.__remove_key_name)
+        self.install_packages_setting = self.storage.filter_hklm_entries(install_branch)
+        self.remove_packages_setting = self.storage.filter_hklm_entries(remove_branch)
         for package in self.install_packages_setting:
             if not is_rpm_installed(package.data):
                 self.install_packages.add(package.data)
@@ -137,13 +131,13 @@ if __name__ == '__main__':
     gettext.textdomain('gpoa')
     logger = logging.getLogger()
     parser = argparse.ArgumentParser(description='Package applier')
-    parser.add_argument('--sid', type = str, help = 'sid', nargs = '?', default = None)
+    parser.add_argument('--user', type = str, help = 'user', nargs = '?', default = None)
     parser.add_argument('--loglevel', type = int, help = 'loglevel', nargs = '?', default = 30)
 
     args = parser.parse_args()
     logger.setLevel(args.loglevel)
-    if args.sid:
-        applier = Pkcon_applier(args.sid)
+    if args.user:
+        applier = Pkcon_applier(args.user)
     else:
         applier = Pkcon_applier()
     applier.apply()

gpoa/storage/__init__.py

@@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2023 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -16,12 +16,19 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-from .sqlite_registry import sqlite_registry
-from .sqlite_cache import sqlite_cache
 
-def cache_factory(cache_name):
-    return sqlite_cache(cache_name)
+from storage.dconf_registry import Dconf_registry
 
-def registry_factory(registry_name='registry', registry_dir=None):
-    return sqlite_registry(registry_name, registry_dir)
+def registry_factory(registry_name='', envprofile=None , username=None):
+    if username:
+        Dconf_registry._username = username
+    else:
+        Dconf_registry._envprofile = 'system'
+    if envprofile:
+        Dconf_registry._envprofile = envprofile
+
+    if registry_name == 'dconf':
+        return Dconf_registry()
+    else:
+        return Dconf_registry
 

gpoa/storage/dconf_registry.py

@@ -0,0 +1,576 @@
+#
+# GPOA - GPO Applier for Linux
+#
+# Copyright (C) 2019-2023 BaseALT Ltd.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import subprocess
+from pathlib import Path
+from util.util import string_to_literal_eval, touch_file, get_uid_by_username
+from util.logging import log
+import re
+
+
+class PregDconf():
+    def __init__(self, keyname, valuename, type_preg, data):
+        self.keyname = keyname
+        self.valuename = valuename
+        self.hive_key = '{}/{}'.format(self.keyname, self.valuename)
+        self.type = type_preg
+        self.data = data
+
+
+class gplist(list):
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+
+    def first(self):
+        if self:
+            return self[0]
+        else:
+            return None
+
+    def count(self):
+        return len(self)
+
+class Dconf_registry():
+    '''
+    A class variable that represents a global registry dictionary shared among instances of the class
+    '''
+    _ReadQueue = 'Software/BaseALT/Policies/ReadQueue'
+    global_registry_dict = dict({_ReadQueue:{}})
+    __template_file = '/usr/share/dconf/user_mandatory.template'
+    _policies_path = 'Software/'
+    _policies_win_path = 'SOFTWARE/'
+    _gpt_read_flag = False
+    __dconf_dict_flag = False
+    __dconf_dict = dict()
+    _username = None
+    _envprofile = None
+
+    list_keys = list()
+    _info = dict()
+
+    shortcuts = list()
+    folders = list()
+    files = list()
+    drives = list()
+    scheduledtasks = list()
+    environmentvariables = list()
+    inifiles = list()
+    services = list()
+    printers = list()
+    scripts = list()
+    networkshares = list()
+
+
+
+    @classmethod
+    def set_info(cls, key , data):
+        cls._info[key] = data
+
+
+    @classmethod
+    def get_info(cls, key):
+        return cls._info.setdefault(key, None)
+
+
+    @staticmethod
+    def get_matching_keys(path):
+        if path[0] != '/':
+            path = '/' + path
+        logdata = dict()
+        envprofile = get_dconf_envprofile()
+        try:
+            process = subprocess.Popen(['dconf', 'list', path],
+                                       env=envprofile, stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True)
+            logdata['path'] = path
+            log('D204', logdata)
+            output, error = process.communicate()
+            if not output and not error:
+                return
+            if not error:
+                keys = output.strip().split('\n')
+                for key in keys:
+                    Dconf_registry.get_matching_keys(f'{path}{key}')
+            else:
+                Dconf_registry.list_keys.append(path)
+            return Dconf_registry.list_keys
+        except Exception as exc:
+            logdata['exc'] = exc
+            log('E69', logdata)
+            return None
+
+    @staticmethod
+    def get_key_values(keys):
+        key_values = {}
+        for key in keys:
+            key_values[key] = Dconf_registry.get_key_value(key)
+        return key_values
+
+    @staticmethod
+    def get_key_value(key):
+        logdata = dict()
+        envprofile = get_dconf_envprofile()
+        try:
+            process = subprocess.Popen(['dconf', 'read', key],
+                                       env=envprofile, stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True)
+            logdata['key'] = key
+            output, error = process.communicate()
+
+            if not error:
+                return string_to_literal_eval(string_to_literal_eval(output))
+            else:
+                return None
+        except Exception as exc:
+            logdata['exc'] = exc
+            log('E70', logdata)
+        return None
+
+    @staticmethod
+    def dconf_update():
+        logdata = dict()
+        try:
+            process = subprocess.Popen(['dconf', 'update'],
+                                        stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True)
+            output, error = process.communicate()
+
+            if error:
+                logdata['error'] = error
+                log('E71', logdata)
+            else:
+                logdata['outpupt'] = output
+                log('D206', logdata)
+        except Exception as exc:
+            logdata['exc'] = exc
+            log('E72', logdata)
+
+    @classmethod
+    def check_profile_template(cls):
+        if Path(cls.__template_file).exists():
+            return True
+        else:
+            return None
+
+    @classmethod
+    def apply_template(cls, uid):
+        logdata = dict()
+        if uid and cls.check_profile_template():
+            with open(cls.__template_file, "r") as f:
+                template = f.read()
+            # Replace the "{uid}" placeholder with the actual UID value
+            content = template.replace("{{uid}}", str(uid))
+
+        elif uid:
+            content = f"user-db:user\n" \
+              f"system-db:policy\n" \
+              f"system-db:policy{uid}\n" \
+              f"system-db:local\n" \
+              f"system-db:default\n" \
+              f"system-db:local\n" \
+              f"system-db:policy{uid}\n" \
+              f"system-db:policy\n"
+        else:
+            logdata['uid'] = uid
+            log('W24', logdata)
+            return
+
+        user_mandatory = f'/run/dconf/user/{uid}'
+        touch_file(user_mandatory)
+
+        with open(user_mandatory, "w") as f:
+            f.write(content)
+
+
+    @classmethod
+    def get_policies_from_dconf(cls):
+        return cls.get_dictionary_from_dconf(cls._policies_path, cls._policies_win_path)
+
+
+    @classmethod
+    def get_dictionary_from_dconf(self, *startswith_list):
+        output_dict = {}
+        for startswith in startswith_list:
+            dconf_dict = self.get_key_values(self.get_matching_keys(startswith))
+            for key, value in dconf_dict.items():
+                keys_tmp = key.split('/')
+                update_dict(output_dict.setdefault('/'.join(keys_tmp[:-1])[1:], {}), {keys_tmp[-1]: value})
+
+        log('D207')
+        return output_dict
+
+
+    @classmethod
+    def filter_entries(cls, startswith):
+        if startswith[-1] == '%':
+            startswith = startswith[:-1]
+            if startswith[-1] == '/' or startswith[-1] == '\\':
+                startswith = startswith[:-1]
+            return filter_dict_keys(startswith, flatten_dictionary(cls.global_registry_dict))
+        return filter_dict_keys(startswith, flatten_dictionary(cls.global_registry_dict))
+
+
+    @classmethod
+    def filter_hklm_entries(cls, startswith):
+        pregs = cls.filter_entries(startswith)
+        list_entiers = list()
+        for keyname, value in pregs.items():
+            if isinstance(value, dict):
+                for valuename, data in value.items():
+                    list_entiers.append(PregDconf(
+                        keyname, convert_string_dconf(valuename), find_preg_type(data), data))
+            elif isinstance(value, list):
+                for data in value:
+                    list_entiers.append(PregDconf(
+                        keyname, convert_string_dconf(data), find_preg_type(data), data))
+            else:
+                list_entiers.append(PregDconf(
+                        '/'.join(keyname.split('/')[:-1]), convert_string_dconf(keyname.split('/')[-1]), find_preg_type(value), value))
+
+
+        return gplist(list_entiers)
+
+
+    @classmethod
+    def filter_hkcu_entries(cls, sid, startswith):
+        return cls.filter_hklm_entries(startswith)
+
+
+    @classmethod
+    def get_storage(cls,dictionary = None):
+        if dictionary:
+            result = dictionary
+        elif Dconf_registry._gpt_read_flag:
+            result = Dconf_registry.global_registry_dict
+        else:
+            if Dconf_registry.__dconf_dict_flag:
+                result = Dconf_registry.__dconf_dict
+            else:
+                Dconf_registry.__dconf_dict = Dconf_registry.get_policies_from_dconf()
+                result = Dconf_registry.__dconf_dict
+                Dconf_registry.__dconf_dict_flag = True
+        return result
+
+
+    @classmethod
+    def filling_storage_from_dconf(cls):
+        Dconf_registry.global_registry_dict = Dconf_registry.get_storage()
+
+
+    @classmethod
+    def get_entry(cls, path, dictionary = None):
+        logdata = dict()
+        result = Dconf_registry.get_storage(dictionary)
+
+        keys = path.split("\\") if "\\" in path else path.split("/")
+        key = '/'.join(keys[:-1]) if keys[0] else '/'.join(keys[:-1])[1:]
+
+        if isinstance(result, dict) and key in result.keys():
+            data = result.get(key).get(keys[-1])
+            return PregDconf(
+                key, convert_string_dconf(keys[-1]), find_preg_type(data), data)
+        else:
+            logdata['path'] = path
+            log('D208', logdata)
+            return None
+
+
+    @classmethod
+    def get_hkcu_entry(cls, sid, hive_key, dictionary = None):
+        return cls.get_hklm_entry(hive_key, dictionary)
+
+
+    @classmethod
+    def get_hklm_entry(cls, hive_key, dictionary = None):
+        return cls.get_entry(hive_key, dictionary)
+
+
+
+    @classmethod
+    def add_shortcut(cls, sid, sc_obj, policy_name):
+        cls.shortcuts.append(sc_obj)
+
+
+    @classmethod
+    def add_printer(cls, sid, pobj, policy_name):
+        cls.printers.append(pobj)
+
+
+    @classmethod
+    def add_drive(cls, sid, dobj, policy_name):
+        cls.drives.append(dobj)
+
+
+    @classmethod
+    def add_folder(cls, sid, fobj, policy_name):
+        cls.folders.append(fobj)
+
+
+    @classmethod
+    def add_envvar(self, sid, evobj, policy_name):
+        self.environmentvariables.append(evobj)
+
+
+    @classmethod
+    def add_script(cls, sid, scrobj, policy_name):
+        cls.scripts.append(scrobj)
+
+
+    @classmethod
+    def add_file(cls, sid, fileobj, policy_name):
+        cls.files.append(fileobj)
+
+
+    @classmethod
+    def add_ini(cls, sid, iniobj, policy_name):
+        cls.inifiles.append(iniobj)
+
+
+    @classmethod
+    def add_networkshare(cls, sid, networkshareobj, policy_name):
+        cls.networkshares.append(networkshareobj)
+
+
+    @classmethod
+    def get_shortcuts(cls, sid):
+        return cls.shortcuts
+
+
+    @classmethod
+    def get_printers(cls, sid):
+        return cls.printers
+
+
+    @classmethod
+    def get_drives(cls, sid):
+        return cls.drives
+
+    @classmethod
+    def get_folders(cls, sid):
+        return cls.folders
+
+
+    @classmethod
+    def get_envvars(cls, sid):
+        return cls.environmentvariables
+
+
+    @classmethod
+    def get_scripts(cls, sid, action):
+        action_scripts = list()
+        for part in cls.scripts:
+            if action == 'LOGON':
+                action_scripts.append(part)
+            elif action == 'LOGOFF':
+                action_scripts.append(part)
+            elif action == 'STARTUP':
+                action_scripts.append(part)
+            elif action == 'SHUTDOWN':
+                action_scripts.append(part)
+        return action_scripts
+
+
+    @classmethod
+    def get_files(cls, sid):
+        return cls.files
+
+
+    @classmethod
+    def get_networkshare(cls, sid):
+        return cls.networkshares
+
+
+    @classmethod
+    def get_ini(cls, sid):
+        return cls.inifiles
+
+
+    @classmethod
+    def wipe_user(cls, sid):
+        cls.wipe_hklm()
+
+
+    @classmethod
+    def wipe_hklm(cls):
+        cls.global_registry_dict = dict({cls._ReadQueue:{}})
+
+
+def filter_dict_keys(starting_string, input_dict):
+    result = dict()
+    for key in input_dict:
+        key_list = remove_empty_values(re.split(r'\\|/', key))
+        start_list = remove_empty_values(re.split(r'\\|/', starting_string))
+        if key_list[:len(start_list)] == start_list:
+            result[key] = input_dict.get(key)
+
+    return result
+
+
+def find_preg_type(argument):
+    if isinstance(argument, int):
+        return 4
+    else:
+        return 1
+
+
+def update_dict(dict1, dict2):
+    '''
+    Updates dict1 with the key-value pairs from dict2
+    '''
+    for key, value in dict2.items():
+        if key in dict1:
+            # If both values are dictionaries, recursively call the update_dict function
+            if isinstance(dict1[key], dict) and isinstance(value, dict):
+                update_dict(dict1[key], value)
+            # If the value in dict1 is a list, extend it with unique values from value
+            elif isinstance(dict1[key], list):
+                dict1[key].extend(set(value) - set(dict1[key]))
+            else:
+                # If the value in dict1 is not a dictionary or the value in dict2 is not a dictionary,
+                # replace the value in dict1 with the value from dict2
+                dict1[key] = value
+        else:
+            # If the key does not exist in dict1, add the key-value pair from dict2 to dict1
+            dict1[key] = value
+
+
+def add_to_dict(string, policy_name, username, version):
+    if username is None:
+        correct_path = '/'.join(string.split('/')[:-2])
+        machine= '{}/Machine'.format(Dconf_registry._ReadQueue)
+        dictionary = Dconf_registry.global_registry_dict.setdefault(machine, dict())
+    else:
+        correct_path = '/'.join(string.split('/')[:-2])
+        user = '{}/User'.format(Dconf_registry._ReadQueue)
+        dictionary = Dconf_registry.global_registry_dict.setdefault(user, dict())
+
+    dictionary[len(dictionary)] = (policy_name, correct_path, version)
+
+
+def load_preg_dconf(pregfile, pathfile, policy_name, username, version=None):
+    '''
+    Loads the configuration from preg registry into a dictionary
+    '''
+    dd = dict()
+    for i in pregfile.entries:
+        # Skip this entry if the valuename starts with '**del'
+        if i.valuename.startswith('**del'):
+            continue
+        valuename = convert_string_dconf(i.valuename)
+        data = check_data(i.data, i.type)
+        if i.valuename != i.data and i.valuename:
+            if i.keyname.replace('\\', '/') in dd:
+                # If the key exists in dd, update its value with the new key-value pair
+                dd[i.keyname.replace('\\', '/')].update({valuename.replace('\\', '/'):data})
+            else:
+                # If the key does not exist in dd, create a new key-value pair
+                dd[i.keyname.replace('\\', '/')] = {valuename.replace('\\', '/'):data}
+
+        elif not i.valuename:
+            keyname_tmp = i.keyname.replace('\\', '/').split('/')
+            keyname = '/'.join(keyname_tmp[:-1])
+            if keyname in dd:
+                # If the key exists in dd, update its value with the new key-value pair
+                dd[keyname].update({keyname_tmp[-1]:data})
+            else:
+                # If the key does not exist in dd, create a new key-value pair
+                dd[keyname] = {keyname_tmp[-1]:data}
+
+        else:
+            # If the value name is the same as the data,
+            # split the keyname and add the data to the appropriate location in dd.
+            all_list_key = i.keyname.split('\\')
+            dd_target = dd.setdefault('/'.join(all_list_key[:-1]),{})
+            dd_target.setdefault(all_list_key[-1], []).append(data)
+
+    # Update the global registry dictionary with the contents of dd
+    add_to_dict(pathfile, policy_name, username, version)
+    update_dict(Dconf_registry.global_registry_dict, dd)
+
+
+def create_dconf_ini_file(filename, data):
+    '''
+    Create an ini-file based on a dictionary of dictionaries.
+    Args:
+        data (dict): The dictionary of dictionaries containing the data for the ini-file.
+        filename (str): The filename to save the ini-file.
+    Returns:
+        None
+    Raises:
+        None
+    '''
+    with open(filename, 'w') as file:
+        for section, section_data in data.items():
+            file.write(f'[{section}]\n')
+            for key, value in section_data.items():
+                if isinstance(value, int):
+                    file.write(f'{key} = {value}\n')
+                else:
+                    file.write(f'{key} = "{value}"\n')
+            file.write('\n')
+    logdata = dict()
+    logdata['path'] = filename
+    log('D209', logdata)
+    Dconf_registry.dconf_update()
+
+def check_data(data, t_data):
+    if isinstance(data, bytes):
+        return None
+    elif t_data > 1:
+        return str(data)
+    return data
+
+def convert_string_dconf(input_string):
+    # Check if the input string contains '%semicolon%'
+    if '%semicolon%' in input_string:
+        # If it contains, replace '%semicolon%' with ';'
+        output_string = input_string.replace('%semicolon%', ';')
+    else:
+        # If it doesn't contain, replace ';' with '%semicolon%'
+        output_string = input_string.replace(';', '%semicolon%')
+
+    return output_string
+
+def remove_empty_values(input_list):
+    return list(filter(None, input_list))
+
+def flatten_dictionary(input_dict, result=None, current_key=''):
+    if result is None:
+        result = {}
+
+    for key, value in input_dict.items():
+        new_key = f"{current_key}/{key}" if current_key else key
+
+        if isinstance(value, dict):
+            flatten_dictionary(value, result, new_key)
+        else:
+            result[new_key] = value
+
+    return result
+
+def get_dconf_envprofile():
+    dconf_envprofile = {'default': {'DCONF_PROFILE': 'default'},
+                    'local': {'DCONF_PROFILE': 'local'},
+                    'system': {'DCONF_PROFILE': 'system'}
+                    }
+
+    if Dconf_registry._envprofile:
+        return dconf_envprofile.get(Dconf_registry._envprofile, dconf_envprofile['system'])
+
+    if not Dconf_registry._username:
+        return dconf_envprofile['system']
+
+    profile = '/run/dconf/user/{}'.format(get_uid_by_username(Dconf_registry._username))
+    return {'DCONF_PROFILE': profile}

gpoa/storage/fs_file_cache.py

@@ -19,35 +19,47 @@
 
 import os
 import os.path
+import tempfile
 from pathlib import Path
 import smbc
 
 
 from util.logging import log
-from util.paths import file_cache_dir, UNCPath
+from util.paths import file_cache_dir, file_cache_path_home, UNCPath
 from util.exceptions import NotUNCPathError
 
 
 class fs_file_cache:
     __read_blocksize = 4096
 
-    def __init__(self, cache_name):
+    def __init__(self, cache_name, username = None):
         self.cache_name = cache_name
-        self.storage_uri = file_cache_dir()
+        if username:
+            try:
+                self.storage_uri = file_cache_path_home(username)
+            except:
+                self.storage_uri = file_cache_dir()
+        else:
+            self.storage_uri = file_cache_dir()
         logdata = dict({'cache_file': self.storage_uri})
         log('D20', logdata)
         self.samba_context = smbc.Context(use_kerberos=1)
                 #, debug=10)
 
-    def store(self, uri):
-        destdir = uri
+    def store(self, uri, destfile = None):
         try:
             uri_path = UNCPath(uri)
-            file_name = os.path.basename(uri_path.get_path())
-            file_path = os.path.dirname(uri_path.get_path())
-            destdir = Path('{}/{}/{}'.format(self.storage_uri,
-                uri_path.get_domain(),
-                file_path))
+            if not destfile:
+                file_name = os.path.basename(uri_path.get_path())
+                file_path = os.path.dirname(uri_path.get_path())
+                destdir = Path('{}/{}/{}'.format(self.storage_uri,
+                    uri_path.get_domain(),
+                    file_path))
+            else:
+                destdir = destfile.parent
+        except NotUNCPathError:
+            return None
+
         except Exception as exc:
             logdata = dict({'exception': str(exc)})
             log('D144', logdata)
@@ -56,20 +68,27 @@ class fs_file_cache:
         if not destdir.exists():
             destdir.mkdir(parents=True, exist_ok=True)
 
-        destfile = Path('{}/{}/{}'.format(self.storage_uri,
-            uri_path.get_domain(),
-            uri_path.get_path()))
+        if not destfile:
+            destfile = Path('{}/{}/{}'.format(self.storage_uri,
+                uri_path.get_domain(),
+                uri_path.get_path()))
 
-        with open(destfile, 'wb') as df:
-            df.truncate()
-            df.flush()
+        try:
+            fd, tmpfile = tempfile.mkstemp('', str(destfile))
+            df = os.fdopen(fd, 'wb')
             file_handler = self.samba_context.open(str(uri_path), os.O_RDONLY)
             while True:
                 data = file_handler.read(self.__read_blocksize)
                 if not data:
                     break
                 df.write(data)
-            df.flush()
+            df.close()
+            os.rename(tmpfile, destfile)
+            os.chmod(destfile, 0o644)
+        except:
+            tmppath = Path(tmpfile)
+            if tmppath.exists():
+                tmppath.unlink()
 
     def get(self, uri):
         destfile = uri

gpoa/storage/record_types.py

@@ -115,6 +115,13 @@ class drive_entry(object):
         self.password = dobj.password
         self.dir = dobj.dir
         self.path = dobj.path
+        self.action = dobj.action
+        self.thisDrive = dobj.thisDrive
+        self.allDrives = dobj.allDrives
+        self.label = dobj.label
+        self.persistent = dobj.persistent
+        self.useLetter = dobj.useLetter
+
 
     def update_fields(self):
         fields = dict()
@@ -123,6 +130,12 @@ class drive_entry(object):
         fields['password'] = self.password
         fields['dir'] = self.dir
         fields['path'] = self.path
+        fields['action'] = self.action
+        fields['thisDrive'] = self.thisDrive
+        fields['allDrives'] = self.allDrives
+        fields['label'] = self.label
+        fields['persistent'] = self.persistent
+        fields['useLetter'] = self.useLetter
 
         return fields
 
@@ -138,6 +151,7 @@ class folder_entry(object):
         self.delete_folder = str(fobj.delete_folder)
         self.delete_sub_folders = str(fobj.delete_sub_folders)
         self.delete_files = str(fobj.delete_files)
+        self.hidden_folder = str(fobj.hidden_folder)
 
     def update_fields(self):
         '''
@@ -149,6 +163,8 @@ class folder_entry(object):
         fields['delete_folder'] = self.delete_folder
         fields['delete_sub_folders'] = self.delete_sub_folders
         fields['delete_files'] = self.delete_files
+        fields['hidden_folder'] = self.hidden_folder
+
 
         return fields
 
@@ -203,17 +219,17 @@ class file_entry(object):
     '''
     Object mapping representing FILES.XML
     '''
-    def __init__(self, sid, scrobj, policy_name):
+    def __init__(self, sid, fileobj, policy_name):
         self.sid = sid
         self.policy_name = policy_name
-        self.action = scrobj.action
-        self.fromPath = scrobj.fromPath
-        self.targetPath = scrobj.targetPath
-        self.readOnly = scrobj.readOnly
-        self.archive = scrobj.archive
-        self.hidden = scrobj.hidden
-        self.suppress = scrobj.suppress
-
+        self.action = fileobj.action
+        self.fromPath = fileobj.fromPath
+        self.targetPath = fileobj.targetPath
+        self.readOnly = fileobj.readOnly
+        self.archive = fileobj.archive
+        self.hidden = fileobj.hidden
+        self.suppress = fileobj.suppress
+        self.executable = fileobj.executable
 
     def update_fields(self):
         '''
@@ -228,6 +244,7 @@ class file_entry(object):
         fields['archive'] = self.archive
         fields['hidden'] = self.hidden
         fields['suppress'] = self.suppress
+        fields['executable'] = self.executable
 
         return fields
 

gpoa/storage/sqlite_cache.py

@@ -26,13 +26,11 @@ from sqlalchemy import (
     Column,
     Integer,
     String,
-    MetaData
-)
-from sqlalchemy.orm import (
-    mapper,
-    sessionmaker
 )
 
+from sqlalchemy.orm import sessionmaker
+from .sqlite_registry_compat import sqlite_registry_compat
+
 from util.logging import log
 from util.paths import cache_dir
 
@@ -55,7 +53,8 @@ class sqlite_cache(cache):
         logdata = dict({'cache_file': self.storage_uri})
         log('D20', logdata)
         self.db_cnt = create_engine(self.storage_uri, echo=False)
-        self.__metadata = MetaData(self.db_cnt)
+        self.__compat = sqlite_registry_compat(self.db_cnt)
+        self.__metadata = self.__compat.metadata()
         self.cache_table = Table(
             self.cache_name,
             self.__metadata,
@@ -67,7 +66,8 @@ class sqlite_cache(cache):
         self.__metadata.create_all(self.db_cnt)
         Session = sessionmaker(bind=self.db_cnt)
         self.db_session = Session()
-        mapper(self.mapper_obj, self.cache_table)
+        mapper_reg = self.__compat
+        mapper_reg.map_imperatively(self.mapper_obj, self.cache_table)
 
     def store(self, str_id, value):
         obj = self.mapper_obj(str_id, value)

gpoa/storage/sqlite_registry.py

@@ -24,13 +24,11 @@ from sqlalchemy import (
     Column,
     Integer,
     String,
-    MetaData,
     UniqueConstraint
 )
-from sqlalchemy.orm import (
-    mapper,
-    sessionmaker
-)
+
+from sqlalchemy.orm import sessionmaker
+from .sqlite_registry_compat import sqlite_registry_compat
 
 from util.logging import log
 from util.paths import cache_dir
@@ -58,7 +56,8 @@ class sqlite_registry(registry):
             cdir = cache_dir()
         self.db_path = os.path.join('sqlite:///{}/{}.sqlite'.format(cdir, self.db_name))
         self.db_cnt = create_engine(self.db_path, echo=False)
-        self.__metadata = MetaData(self.db_cnt)
+        self.__compat = sqlite_registry_compat(self.db_cnt)
+        self.__metadata = self.__compat.metadata()
         self.__info = Table(
             'info',
             self.__metadata,
@@ -121,6 +120,12 @@ class sqlite_registry(registry):
             , Column('dir', String)
             , Column('policy_name', String)
             , Column('path', String)
+            , Column('action', String)
+            , Column('thisDrive', String)
+            , Column('allDrives', String)
+            , Column('label', String)
+            , Column('persistent', String)
+            , Column('useLetter', String)
             , UniqueConstraint('sid', 'dir')
         )
         self.__folders = Table(
@@ -134,6 +139,7 @@ class sqlite_registry(registry):
             , Column('delete_folder', String)
             , Column('delete_sub_folders', String)
             , Column('delete_files', String)
+            , Column('hidden_folder', String)
             , UniqueConstraint('sid', 'path')
         )
         self.__envvars = Table(
@@ -172,6 +178,7 @@ class sqlite_registry(registry):
             , Column('archive', String)
             , Column('hidden', String)
             , Column('suppress', String)
+            , Column('executable', String)
             , UniqueConstraint('sid', 'policy_name', 'targetPath', 'fromPath')
         )
         self.__ini = Table(
@@ -206,19 +213,20 @@ class sqlite_registry(registry):
         self.__metadata.create_all(self.db_cnt)
         Session = sessionmaker(bind=self.db_cnt)
         self.db_session = Session()
+        mapper_reg = self.__compat
         try:
-            mapper(info_entry, self.__info)
-            mapper(samba_preg, self.__hklm)
-            mapper(samba_hkcu_preg, self.__hkcu)
-            mapper(ad_shortcut, self.__shortcuts)
-            mapper(printer_entry, self.__printers)
-            mapper(drive_entry, self.__drives)
-            mapper(folder_entry, self.__folders)
-            mapper(envvar_entry, self.__envvars)
-            mapper(script_entry, self.__scripts)
-            mapper(file_entry, self.__files)
-            mapper(ini_entry, self.__ini)
-            mapper(networkshare_entry, self.__networkshare)
+            mapper_reg.map_imperatively(info_entry, self.__info)
+            mapper_reg.map_imperatively(samba_preg, self.__hklm)
+            mapper_reg.map_imperatively(samba_hkcu_preg, self.__hkcu)
+            mapper_reg.map_imperatively(ad_shortcut, self.__shortcuts)
+            mapper_reg.map_imperatively(printer_entry, self.__printers)
+            mapper_reg.map_imperatively(drive_entry, self.__drives)
+            mapper_reg.map_imperatively(folder_entry, self.__folders)
+            mapper_reg.map_imperatively(envvar_entry, self.__envvars)
+            mapper_reg.map_imperatively(script_entry, self.__scripts)
+            mapper_reg.map_imperatively(file_entry, self.__files)
+            mapper_reg.map_imperatively(ini_entry, self.__ini)
+            mapper_reg.map_imperatively(networkshare_entry, self.__networkshare)
         except:
             pass
             #logging.error('Error creating mapper')
@@ -481,7 +489,7 @@ class sqlite_registry(registry):
         logdata['name'] = networkshareentry.name
         logdata['path'] = networkshareentry.path
         logdata['action'] = networkshareentry.action
-        log('D179', logdata)
+        log('D186', logdata)
         try:
             self._add(networkshareentry)
         except Exception as exc:

gpoa/storage/sqlite_registry_compat.py

@@ -0,0 +1,45 @@
+#
+# GPOA - GPO Applier for Linux
+#
+# Copyright (C) 2024 BaseALT Ltd.
+# Copyright (C) 2024 Evgeny SInelnikov <sin@altlinux.org>.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+__compat__ = False
+
+from sqlalchemy import MetaData
+
+try:
+    from sqlalchemy.orm import registry
+except:
+    from sqlalchemy.orm import mapper
+    __compat__ = True
+
+class sqlite_registry_compat:
+    def __init__(self, db_cnt):
+        if not __compat__:
+            self.__registry = registry()
+            self.__metadata = MetaData()
+        else:
+            self.__metadata = MetaData(db_cnt)
+
+    def metadata(self):
+        return self.__metadata
+
+    def map_imperatively(self, obj, table):
+        if __compat__:
+            mapper(obj, table)
+        else:
+            self.__registry.map_imperatively(obj, table)

gpoa/templates/47-alt_group_policy_permissions.rules.j2

@@ -0,0 +1,63 @@
+{#
+ # GPOA - GPO Applier for Linux
+ #
+ # Copyright (C) 2019-2022 BaseALT Ltd.
+ #
+ # This program is free software: you can redistribute it and/or modify
+ # it under the terms of the GNU General Public License as published by
+ # the Free Software Foundation, either version 3 of the License, or
+ # (at your option) any later version.
+ #
+ # This program is distributed in the hope that it will be useful,
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ # GNU General Public License for more details.
+ #
+ # You should have received a copy of the GNU General Public License
+ # along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ #}
+
+{% if No|length %}
+polkit.addRule(function (action, subject) {
+    if ({% for res in No -%}
+        action.id == "{{res}}"{% if No|length == loop.index %}){ {% else %} ||{% endif %}
+        {% endfor %}    return polkit.Result.NO;
+    }
+});
+{% endif %}{% if Yes|length %}
+polkit.addRule(function (action, subject) {
+	if ({% for res in Yes -%}
+		action.id == "{{res}}"{% if Yes|length == loop.index %}){ {% else %} ||{% endif %}
+		{% endfor %}    return polkit.Result.YES;
+	}
+});
+{% endif %}{% if Auth_self|length %}
+polkit.addRule(function (action, subject) {
+	if ({% for res in Auth_self -%}
+		action.id == "{{res}}"{% if Auth_self|length == loop.index %}){ {% else %} ||{% endif %}
+		{% endfor %}    return polkit.Result.AUTH_SELF;
+	}
+});
+{% endif %}{% if Auth_admin|length %}
+polkit.addRule(function (action, subject) {
+	if ({% for res in Auth_admin -%}
+		action.id == "{{res}}"{% if Auth_admin|length == loop.index %}){ {% else %} ||{% endif %}
+		{% endfor %}    return polkit.Result.AUTH_ADMIN;
+	}
+});
+{% endif %}{% if Auth_self_keep|length %}
+polkit.addRule(function (action, subject) {
+	if ({% for res in Auth_self_keep -%}
+		action.id == "{{res}}"{% if Auth_self_keep|length == loop.index %}){ {% else %} ||{% endif %}
+		{% endfor %}    return polkit.Result.AUTH_SELF_KEEP;
+	}
+});
+{% endif %}{% if Auth_admin_keep|length %}
+polkit.addRule(function (action, subject) {
+	if ({% for res in Auth_admin_keep -%}
+		action.id == "{{res}}"{% if Auth_admin_keep|length == loop.index %}){ {% else %} ||{% endif %}
+		{% endfor %}    return polkit.Result.AUTH_ADMIN_KEEP;
+    }
+});
+
+{% endif %}

gpoa/templates/48-alt_group_policy_permissions_user.rules.j2

@@ -0,0 +1,63 @@
+{#
+ # GPOA - GPO Applier for Linux
+ #
+ # Copyright (C) 2019-2022 BaseALT Ltd.
+ #
+ # This program is free software: you can redistribute it and/or modify
+ # it under the terms of the GNU General Public License as published by
+ # the Free Software Foundation, either version 3 of the License, or
+ # (at your option) any later version.
+ #
+ # This program is distributed in the hope that it will be useful,
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ # GNU General Public License for more details.
+ #
+ # You should have received a copy of the GNU General Public License
+ # along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ #}
+
+{% if No|length %}
+polkit.addRule(function (action, subject) {
+    if ({% for res in No -%}
+        action.id == "{{res}}" {% if No|length == loop.index %}&&{% else %}||{% endif %}
+        {% endfor %}subject.user == "{{User}}") {
+			return polkit.Result.NO;
+    }
+});{% endif %}{% if Yes|length %}
+polkit.addRule(function (action, subject) {
+    if ({% for res in Yes -%}
+        action.id == "{{res}}" {% if Yes|length == loop.index %}&&{% else %}||{% endif %}
+        {% endfor %}subject.user == "{{User}}") {
+			return polkit.Result.YES;
+    }
+});{% endif %}{% if Auth_self|length %}
+polkit.addRule(function (action, subject) {
+    if ({% for res in Auth_self -%}
+        action.id == "{{res}}" {% if Auth_self|length == loop.index %}&&{% else %}||{% endif %}
+        {% endfor %}subject.user == "{{User}}") {
+			return polkit.Result.AUTH_SELF;
+    }
+});{% endif %}{% if Auth_admin|length %}
+polkit.addRule(function (action, subject) {
+    if ({% for res in Auth_admin -%}
+        action.id == "{{res}}" {% if Auth_admin|length == loop.index %}&&{% else %}||{% endif %}
+        {% endfor %}subject.user == "{{User}}") {
+			return polkit.Result.AUTH_ADMIN;
+    }
+});{% endif %}{% if Auth_self_keep|length %}
+polkit.addRule(function (action, subject) {
+    if ({% for res in Auth_self_keep -%}
+        action.id == "{{res}}" {% if Auth_self_keep|length == loop.index %}&&{% else %}||{% endif %}
+        {% endfor %}subject.user == "{{User}}") {
+			return polkit.Result.AUTH_SELF_KEEP;
+    }
+});{% endif %}{% if Auth_admin_keep|length %}
+polkit.addRule(function (action, subject) {
+    if ({% for res in Auth_admin_keep -%}
+        action.id == "{{res}}" {% if Auth_admin_keep|length == loop.index %}&&{% else %}||{% endif %}
+        {% endfor %}subject.user == "{{User}}") {
+			return polkit.Result.AUTH_ADMIN_KEEP;
+    }
+});
+{% endif %}

gpoa/templates/48-gpoa_disk_permissions_user.rules.j2

@@ -17,7 +17,7 @@
  # along with this program.  If not, see <http://www.gnu.org/licenses/>.
  #}
 
-{% if Deny_All == '1' %}
+{% if Deny_All == 1 %}
 polkit.addRule(function (action, subject) {
 	if ((action.id == "org.freedesktop.udisks2.filesystem-mount" ||
 	    action.id == "org.freedesktop.udisks2.filesystem-mount-system" ||

gpoa/templates/49-alt_group_policy_permissions.rules.j2

@@ -0,0 +1,63 @@
+{#
+ # GPOA - GPO Applier for Linux
+ #
+ # Copyright (C) 2019-2022 BaseALT Ltd.
+ #
+ # This program is free software: you can redistribute it and/or modify
+ # it under the terms of the GNU General Public License as published by
+ # the Free Software Foundation, either version 3 of the License, or
+ # (at your option) any later version.
+ #
+ # This program is distributed in the hope that it will be useful,
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ # GNU General Public License for more details.
+ #
+ # You should have received a copy of the GNU General Public License
+ # along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ #}
+
+{% if No|length %}
+polkit.addRule(function (action, subject) {
+    if ({% for res in No -%}
+        action.id == "{{res}}"{% if No|length == loop.index %}){ {% else %} ||{% endif %}
+        {% endfor %}    return polkit.Result.NO;
+    }
+});
+{% endif %}{% if Yes|length %}
+polkit.addRule(function (action, subject) {
+	if ({% for res in Yes -%}
+		action.id == "{{res}}"{% if Yes|length == loop.index %}){ {% else %} ||{% endif %}
+		{% endfor %}    return polkit.Result.YES;
+	}
+});
+{% endif %}{% if Auth_self|length %}
+polkit.addRule(function (action, subject) {
+	if ({% for res in Auth_self -%}
+		action.id == "{{res}}"{% if Auth_self|length == loop.index %}){ {% else %} ||{% endif %}
+		{% endfor %}    return polkit.Result.AUTH_SELF;
+	}
+});
+{% endif %}{% if Auth_admin|length %}
+polkit.addRule(function (action, subject) {
+	if ({% for res in Auth_admin -%}
+		action.id == "{{res}}"{% if Auth_admin|length == loop.index %}){ {% else %} ||{% endif %}
+		{% endfor %}    return polkit.Result.AUTH_ADMIN;
+	}
+});
+{% endif %}{% if Auth_self_keep|length %}
+polkit.addRule(function (action, subject) {
+	if ({% for res in Auth_self_keep -%}
+		action.id == "{{res}}"{% if Auth_self_keep|length == loop.index %}){ {% else %} ||{% endif %}
+		{% endfor %}    return polkit.Result.AUTH_SELF_KEEP;
+	}
+});
+{% endif %}{% if Auth_admin_keep|length %}
+polkit.addRule(function (action, subject) {
+	if ({% for res in Auth_admin_keep -%}
+		action.id == "{{res}}"{% if Auth_admin_keep|length == loop.index %}){ {% else %} ||{% endif %}
+		{% endfor %}    return polkit.Result.AUTH_ADMIN_KEEP;
+    }
+});
+
+{% endif %}

gpoa/templates/49-gpoa_disk_permissions.rules.j2

@@ -17,7 +17,7 @@
  # along with this program.  If not, see <http://www.gnu.org/licenses/>.
  #}
 
-{% if Deny_All == '1' %}
+{% if Deny_All == 1 %}
 polkit.addRule(function (action, subject) {
 	if (action.id == "org.freedesktop.udisks2.filesystem-mount" ||
 	    action.id == "org.freedesktop.udisks2.filesystem-mount-system" ||

gpoa/templates/autofs_auto.j2

@@ -16,5 +16,5 @@
  # You should have received a copy of the GNU General Public License
  # along with this program.  If not, see <http://www.gnu.org/licenses/>.
  #}
-{{ home_dir }}/net	{{ mount_file }}	-t 120  --browse
+{{ home_dir }}/{{mntTarget}}	{{ mount_file }}	-t 120  --browse
 

gpoa/templates/autofs_auto_hide.j2

@@ -0,0 +1,20 @@
+{#
+ # GPOA - GPO Applier for Linux
+ #
+ # Copyright (C) 2019-2022 BaseALT Ltd.
+ #
+ # This program is free software: you can redistribute it and/or modify
+ # it under the terms of the GNU General Public License as published by
+ # the Free Software Foundation, either version 3 of the License, or
+ # (at your option) any later version.
+ #
+ # This program is distributed in the hope that it will be useful,
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ # GNU General Public License for more details.
+ #
+ # You should have received a copy of the GNU General Public License
+ # along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ #}
+{{ home_dir }}/.{{mntTarget}}	{{ mount_file }}	-t 120
+

gpoa/templates/autofs_mountpoints.j2

@@ -1,7 +1,7 @@
 {#
  # GPOA - GPO Applier for Linux
  #
- # Copyright (C) 2019-2020 BaseALT Ltd.
+ # Copyright (C) 2019-2022 BaseALT Ltd.
  #
  # This program is free software: you can redistribute it and/or modify
  # it under the terms of the GNU General Public License as published by
@@ -17,5 +17,11 @@
  # along with this program.  If not, see <http://www.gnu.org/licenses/>.
  #}
 {%- for drv in drives %}
-{{ drv.dir }}	-fstype=cifs,cruid=$USER,sec=krb5,noperm	:{{ drv.path }}
+{% if (drv.thisDrive != 'HIDE') %}
+{% if drv.label %}
+"{{ drv.label }}"	-fstype=cifs,cruid=$USER,sec=krb5,noperm,cifsacl	:{{ drv.path }}
+{% else %}
+"{{ drv.dir }}"	-fstype=cifs,cruid=$USER,sec=krb5,noperm,cifsacl	:{{ drv.path }}
+{% endif %}
+{% endif %}
 {% endfor %}

gpoa/templates/autofs_mountpoints_hide.j2

@@ -0,0 +1,27 @@
+{#
+ # GPOA - GPO Applier for Linux
+ #
+ # Copyright (C) 2019-2022 BaseALT Ltd.
+ #
+ # This program is free software: you can redistribute it and/or modify
+ # it under the terms of the GNU General Public License as published by
+ # the Free Software Foundation, either version 3 of the License, or
+ # (at your option) any later version.
+ #
+ # This program is distributed in the hope that it will be useful,
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ # GNU General Public License for more details.
+ #
+ # You should have received a copy of the GNU General Public License
+ # along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ #}
+{%- for drv in drives %}
+{% if (drv.thisDrive == 'HIDE') %}
+{% if drv.label %}
+"{{ drv.label }}"	-fstype=cifs,cruid=$USER,sec=krb5,noperm,cifsacl	:{{ drv.path }}
+{% else %}
+"{{ drv.dir }}"	-fstype=cifs,cruid=$USER,sec=krb5,noperm,cifsacl	:{{ drv.path }}
+{% endif %}
+{% endif %}
+{% endfor %}

gpoa/util/exceptions.py

@@ -46,3 +46,10 @@ class NotUNCPathError(Exception):
     def __str__(self):
         return self.path
 
+class GetGPOListFail(Exception):
+    def __init__(self, exc):
+        self.exc = exc
+
+    def __str__(self):
+        return self.exc
+

gpoa/util/gpoa_ini_parsing.py

@@ -0,0 +1,356 @@
+#
+# GPOA - GPO Applier for Linux
+#
+# Copyright (C) 2019-2023 BaseALT Ltd.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+from configobj import (ConfigObj, NestingError, Section,
+                        DuplicateError, ParseError, UnreprError,
+                        UnknownType,UnreprError,
+                        BOM_UTF8, DEFAULT_INDENT_TYPE, BOM_LIST,
+                        match_utf8, unrepr)
+import six
+import re
+import sys
+import os
+
+# Michael Foord: fuzzyman AT voidspace DOT org DOT uk
+# Nicola Larosa: nico AT tekNico DOT net
+# Rob Dennis: rdennis AT gmail DOT com
+# Eli Courtwright: eli AT courtwright DOT org
+# This class based on the ConfigObj module, distributed under the BSD-3-Clause license.
+# This class includes modified code from the ConfigObj module mentioned above.
+# The original authors and their contact information are listed in the comments above.
+# For more information about ConfigObj, please visit the main repository:
+# https://github.com/DiffSK/configobj
+
+
+class GpoaConfigObj(ConfigObj):
+
+    _sectionmarker = re.compile(r'''^
+        (\s*)                     # 1: indentation
+        ((?:\[\s*)+)              # 2: section marker open
+        (                         # 3: section name open
+            (?:"\s*\S.*?\s*")|    # at least one non-space with double quotes
+            (?:'\s*\S.*?\s*')|    # at least one non-space with single quotes
+            (?:[^'"\s].*?)        # at least one non-space unquoted
+        )                         # section name close
+        ((?:\s*\])+)              # 4: section marker close
+        (\s*(?:[#;].*)?)?           # 5: optional comment
+        $''',
+        re.VERBOSE)
+
+    _valueexp = re.compile(r'''^
+        (?:
+            (?:
+                (
+                    (?:
+                        (?:
+                            (?:".*?")|              # double quotes
+                            (?:'.*?')|              # single quotes
+                            (?:[^'",\#][^,\#]*?)    # unquoted
+                        )
+                        \s*,\s*                     # comma
+                    )*      # match all list items ending in a comma (if any)
+                )
+                (
+                    (?:".*?")|                      # double quotes
+                    (?:'.*?')|                      # single quotes
+                    (?:[^'",\#\s][^,]*?)|           # unquoted
+                    (?:(?<!,))                      # Empty value
+                )?          # last item in a list - or string value
+            )|
+            (,)             # alternatively a single comma - empty list
+        )
+        (\s*(?:[#;].*)?)?     # optional comment
+        $''',
+        re.VERBOSE)
+
+    COMMENT_MARKERS = ['#', ';']
+
+    def _handle_comment(self, comment):
+        """Deal with a comment."""
+        if not comment:
+            return ''
+        start = self.indent_type
+        if not comment.lstrip().startswith(tuple(self.COMMENT_MARKERS)):
+            start += ' # '
+        return start + comment.strip()
+
+    def _parse(self, infile):
+        """Actually parse the config file."""
+        temp_list_values = self.list_values
+        if self.unrepr:
+            self.list_values = False
+
+        comment_list = []
+        done_start = False
+        this_section = self
+        maxline = len(infile) - 1
+        cur_index = -1
+        reset_comment = False
+        comment_markers = tuple(self.COMMENT_MARKERS)
+
+        while cur_index < maxline:
+            if reset_comment:
+                comment_list = []
+            cur_index += 1
+            line = infile[cur_index]
+            sline = line.strip()
+            # do we have anything on the line ?
+            if not sline or sline.startswith(comment_markers):
+                reset_comment = False
+                comment_list.append(line)
+                continue
+
+            if not done_start:
+                # preserve initial comment
+                self.initial_comment = comment_list
+                comment_list = []
+                done_start = True
+
+            reset_comment = True
+            # first we check if it's a section marker
+            mat = self._sectionmarker.match(line)
+            if mat is not None:
+                # is a section line
+                (indent, sect_open, sect_name, sect_close, comment) = mat.groups()
+                if indent and (self.indent_type is None):
+                    self.indent_type = indent
+                cur_depth = sect_open.count('[')
+                if cur_depth != sect_close.count(']'):
+                    self._handle_error("Cannot compute the section depth",
+                                       NestingError, infile, cur_index)
+                    continue
+
+                if cur_depth < this_section.depth:
+                    # the new section is dropping back to a previous level
+                    try:
+                        parent = self._match_depth(this_section,
+                                                   cur_depth).parent
+                    except SyntaxError:
+                        self._handle_error("Cannot compute nesting level",
+                                           NestingError, infile, cur_index)
+                        continue
+                elif cur_depth == this_section.depth:
+                    # the new section is a sibling of the current section
+                    parent = this_section.parent
+                elif cur_depth == this_section.depth + 1:
+                    # the new section is a child the current section
+                    parent = this_section
+                else:
+                    self._handle_error("Section too nested",
+                                       NestingError, infile, cur_index)
+                    continue
+
+                sect_name = self._unquote(sect_name)
+                if sect_name in parent:
+                    self._handle_error('Duplicate section name',
+                                       DuplicateError, infile, cur_index)
+                    continue
+
+                # create the new section
+                this_section = Section(
+                    parent,
+                    cur_depth,
+                    self,
+                    name=sect_name)
+                parent[sect_name] = this_section
+                parent.inline_comments[sect_name] = comment
+                parent.comments[sect_name] = comment_list
+                continue
+            #
+            # it's not a section marker,
+            # so it should be a valid ``key = value`` line
+            mat = self._keyword.match(line)
+            if mat is None:
+                self._handle_error(
+                    'Invalid line ({!r}) (matched as neither section nor keyword)'.format(line),
+                    ParseError, infile, cur_index)
+            else:
+                # is a keyword value
+                # value will include any inline comment
+                (indent, key, value) = mat.groups()
+                if indent and (self.indent_type is None):
+                    self.indent_type = indent
+                # check for a multiline value
+                if value[:3] in ['"""', "'''"]:
+                    try:
+                        value, comment, cur_index = self._multiline(
+                            value, infile, cur_index, maxline)
+                    except SyntaxError:
+                        self._handle_error(
+                            'Parse error in multiline value',
+                            ParseError, infile, cur_index)
+                        continue
+                    else:
+                        if self.unrepr:
+                            comment = ''
+                            try:
+                                value = unrepr(value)
+                            except Exception as cause:
+                                if isinstance(cause, UnknownType):
+                                    msg = 'Unknown name or type in value'
+                                else:
+                                    msg = 'Parse error from unrepr-ing multiline value'
+                                self._handle_error(msg, UnreprError, infile, cur_index)
+                                continue
+                else:
+                    if self.unrepr:
+                        comment = ''
+                        try:
+                            value = unrepr(value)
+                        except Exception as cause:
+                            if isinstance(cause, UnknownType):
+                                msg = 'Unknown name or type in value'
+                            else:
+                                msg = 'Parse error from unrepr-ing value'
+                            self._handle_error(msg, UnreprError, infile, cur_index)
+                            continue
+                    else:
+                        # extract comment and lists
+                        try:
+                            (value, comment) = self._handle_value(value)
+                        except SyntaxError:
+                            self._handle_error(
+                                'Parse error in value',
+                                ParseError, infile, cur_index)
+                            continue
+                #
+                key = self._unquote(key)
+                if key in this_section:
+                    self._handle_error(
+                        'Duplicate keyword name',
+                        DuplicateError, infile, cur_index)
+                    continue
+                # add the key.
+                # we set unrepr because if we have got this far we will never
+                # be creating a new section
+                this_section.__setitem__(key, value, unrepr=True)
+                this_section.inline_comments[key] = comment
+                this_section.comments[key] = comment_list
+                continue
+        #
+        if self.indent_type is None:
+            # no indentation used, set the type accordingly
+            self.indent_type = ''
+
+        # preserve the final comment
+        if not self and not self.initial_comment:
+            self.initial_comment = comment_list
+        elif not reset_comment:
+            self.final_comment = comment_list
+        self.list_values = temp_list_values
+
+
+    def write(self, outfile=None, section=None):
+        if self.indent_type is None:
+            # this can be true if initialised from a dictionary
+            self.indent_type = DEFAULT_INDENT_TYPE
+
+        out = []
+        comment_markers = tuple(self.COMMENT_MARKERS)
+        comment_marker_default = comment_markers[0] + ' '
+        if section is None:
+            int_val = self.interpolation
+            self.interpolation = False
+            section = self
+            for line in self.initial_comment:
+                line = self._decode_element(line)
+                stripped_line = line.strip()
+                if stripped_line and not stripped_line.startswith(comment_markers):
+                    line = comment_marker_default + line
+                out.append(line)
+
+        indent_string = self.indent_type * section.depth
+        for entry in (section.scalars + section.sections):
+            if entry in section.defaults:
+                # don't write out default values
+                continue
+            for comment_line in section.comments[entry]:
+                comment_line = self._decode_element(comment_line.lstrip())
+                if comment_line and not comment_line.startswith(comment_markers):
+                    comment_line = comment_marker_default + comment_line
+                out.append(indent_string + comment_line)
+            this_entry = section[entry]
+            comment = self._handle_comment(section.inline_comments[entry])
+
+            if isinstance(this_entry, Section):
+                # a section
+                out.append(self._write_marker(
+                    indent_string,
+                    this_entry.depth,
+                    entry,
+                    comment))
+                out.extend(self.write(section=this_entry))
+            else:
+                out.append(self._write_line(
+                    indent_string,
+                    entry,
+                    this_entry,
+                    comment))
+
+        if section is self:
+            for line in self.final_comment:
+                line = self._decode_element(line)
+                stripped_line = line.strip()
+                if stripped_line and not stripped_line.startswith(comment_markers):
+                    line = comment_marker_default + line
+                out.append(line)
+            self.interpolation = int_val
+
+        if section is not self:
+            return out
+
+        if (self.filename is None) and (outfile is None):
+            # output a list of lines
+            # might need to encode
+            # NOTE: This will *screw* UTF16, each line will start with the BOM
+            if self.encoding:
+                out = [l.encode(self.encoding) for l in out]
+            if (self.BOM and ((self.encoding is None) or
+                (BOM_LIST.get(self.encoding.lower()) == 'utf_8'))):
+                # Add the UTF8 BOM
+                if not out:
+                    out.append('')
+                out[0] = BOM_UTF8 + out[0]
+            return out
+
+        # Turn the list to a string, joined with correct newlines
+        newline = self.newlines or os.linesep
+        if (getattr(outfile, 'mode', None) is not None and outfile.mode == 'w'
+            and sys.platform == 'win32' and newline == '\r\n'):
+            # Windows specific hack to avoid writing '\r\r\n'
+            newline = '\n'
+        output = newline.join(out)
+        if not output.endswith(newline):
+            output += newline
+
+        if isinstance(output, six.binary_type):
+            output_bytes = output
+        else:
+            output_bytes = output.encode(self.encoding or
+                                         self.default_encoding or
+                                         'ascii')
+
+        if self.BOM and ((self.encoding is None) or match_utf8(self.encoding)):
+            # Add the UTF8 BOM
+            output_bytes = BOM_UTF8 + output_bytes
+
+        if outfile is not None:
+            outfile.write(output_bytes)
+        else:
+            with open(self.filename, 'wb') as h:
+                h.write(output_bytes)

gpoa/util/paths.py

@@ -21,6 +21,7 @@ import pathlib
 import os
 from pathlib import Path
 from urllib.parse import urlparse
+from util.util import get_homedir
 
 from .config import GPConfig
 from .exceptions import NotUNCPathError
@@ -67,12 +68,19 @@ def file_cache_dir():
     Returns path pointing to gpupdate's cache directory
     '''
     cachedir = pathlib.Path('/var/cache/gpupdate_file_cache')
-
     if not cachedir.exists():
         cachedir.mkdir(parents=True, exist_ok=True)
 
     return cachedir
 
+def file_cache_path_home(username) -> str:
+    '''
+    Returns the path pointing to the gpupdate cache directory in the /home directory.
+    '''
+    cachedir = f'{get_homedir(username)}/.cache/gpupdate'
+
+    return cachedir
+
 def local_policy_cache():
     '''
     Returns path to directory where lies local policy settings cache
@@ -85,6 +93,15 @@ def local_policy_cache():
 
     return lpcache
 
+def get_dconf_config_path(uid = None):
+    if uid:
+        return f'/etc/dconf/db/policy{uid}.d/policy{uid}.ini'
+    else:
+        return '/etc/dconf/db/policy.d/policy.ini'
+
+def get_desktop_files_directory():
+    return '/usr/share/applications'
+
 class UNCPath:
     def __init__(self, path):
         self.path = path

gpoa/util/preg.py

@@ -19,6 +19,7 @@
 
 from xml.etree import ElementTree
 from storage import registry_factory
+from storage.dconf_registry import load_preg_dconf
 
 from samba.gp_parse.gp_pol import GPPolParser
 
@@ -80,10 +81,16 @@ def preg_keymap(preg):
     return keymap
 
 
-def merge_polfile(preg, sid=None, reg_name='registry', reg_path=None, policy_name='Unknown'):
+def merge_polfile(preg, sid=None, reg_name='registry', reg_path=None, policy_name='Unknown', username='Machine', version=None):
     pregfile = load_preg(preg)
+    if sid is None and username == 'Machine':
+        load_preg_dconf(pregfile, preg, policy_name, None, version)
+    else:
+        load_preg_dconf(pregfile, preg, policy_name, username, version)
     logdata = dict({'pregfile': preg})
     log('D32', logdata)
+    #log dconf
+    return
     storage = registry_factory(reg_name, reg_path)
     for entry in pregfile.entries:
         if not sid:

gpoa/util/users.py

@@ -47,7 +47,6 @@ def username_match_uid(username):
     '''
     Check the passed username matches current process UID.
     '''
-    uid = os.getuid()
     process_username = get_process_user()
 
     if process_username == username:

gpoa/util/util.py

@@ -23,6 +23,7 @@ import subprocess
 import re
 from pathlib import Path
 from .samba import smbopts
+import ast
 
 
 def get_machine_name():
@@ -105,20 +106,7 @@ def get_backends():
     '''
     Get the list of backends supported by GPOA
     '''
-    command = ['/usr/sbin/gpoa', '--list-backends']
-    backends = list()
-    out = list()
-
-    with subprocess.Popen(command, stdout=subprocess.PIPE) as proc:
-        out = proc.stdout.read().decode('utf-8')
-        proc.wait()
-    out = out.split('\n')
-    for line in out:
-        tmpline = line.replace('\n', '')
-        if tmpline != '':
-            backends.append(tmpline)
-
-    return backends
+    return ['local', 'samba']
 
 def get_default_policy_name():
     '''
@@ -180,3 +168,21 @@ def get_policy_variants():
 
     return general_listing
 
+def string_to_literal_eval(string):
+    try:
+        literaleval = ast.literal_eval(string)
+    except:
+        literaleval = string
+    return literaleval
+
+def touch_file(filename):
+    path = Path(filename)
+    path.parent.mkdir(parents=True, exist_ok=True)
+    path.touch()
+
+def get_uid_by_username(username):
+    try:
+        user_info = pwd.getpwnam(username)
+        return user_info.pw_uid
+    except KeyError:
+        return None

gpoa/util/windows.py

@@ -21,19 +21,30 @@ import os
 import subprocess
 from samba import getopt as options
 from samba import NTSTATUSError
-from samba.gpclass import get_dc_hostname, check_refresh_gpo_list
+
+try:
+    from samba.gpclass import get_dc_hostname, check_refresh_gpo_list
+except ImportError:
+    from samba.gp.gpclass import get_dc_hostname, check_refresh_gpo_list
+
 from samba.netcmd.common import netcmd_get_domain_infos_via_cldap
 import samba.gpo
 
-from storage import cache_factory
-from messages import message_with_code
 from .xdg import (
       xdg_get_desktop
 )
 from .util import get_homedir
+from .exceptions import GetGPOListFail
 from .logging import log
 from .samba import smbopts
-
+from gpoa.storage import registry_factory
+from samba.samdb import SamDB
+from samba.auth import system_session
+import optparse
+import ldb
+import ipaddress
+import netifaces
+import random
 
 class smbcreds (smbopts):
 
@@ -42,6 +53,13 @@ class smbcreds (smbopts):
         self.credopts = options.CredentialsOptions(self.parser)
         self.creds = self.credopts.get_credentials(self.lp, fallback_machine=True)
         self.set_dc(dc_fqdn)
+        self.sDomain =  SiteDomainScanner(self.creds, self.lp, self.selected_dc)
+        self.dc_site_servers = self.sDomain.select_site_servers()
+        self.all_servers = self.sDomain.select_all_servers()
+        [self.all_servers.remove(element)
+        for element in self.dc_site_servers
+        if element in self.all_servers]
+        self.pdc_emulator_server = self.sDomain.select_pdc_emulator_server()
 
     def get_dc(self):
         return self.selected_dc
@@ -107,17 +125,32 @@ class smbcreds (smbopts):
                     log('I2', ldata)
 
         except Exception as exc:
+            if self.selected_dc != self.pdc_emulator_server:
+                raise GetGPOListFail(exc)
             logdata = dict({'username': username, 'dc': self.selected_dc})
             log('E17', logdata)
 
         return gpos
 
     def update_gpos(self, username):
-        gpos = self.get_gpos(username)
 
         list_selected_dc = set()
+
+
+
+        if self.dc_site_servers:
+            self.selected_dc = self.dc_site_servers.pop()
+
+        self.all_servers = [dc for dc in self.all_servers if dc != self.selected_dc]
         list_selected_dc.add(self.selected_dc)
 
+        try:
+            gpos = self.get_gpos(username)
+
+        except GetGPOListFail:
+            self.selected_dc = self.pdc_emulator_server
+            gpos = self.get_gpos(username)
+
         while list_selected_dc:
             logdata = dict()
             logdata['username'] = username
@@ -129,20 +162,136 @@ class smbcreds (smbopts):
                 list_selected_dc.clear()
             except NTSTATUSError as smb_exc:
                 logdata['smb_exc'] = str(smb_exc)
-                self.selected_dc = get_dc_hostname(self.creds, self.lp)
-                if self.selected_dc not in list_selected_dc:
-                    logdata['action'] = 'Search another dc'
-                    log('W11', logdata)
-                    list_selected_dc.add(self.selected_dc)
+                if not check_scroll_enabled():
+                    if self.pdc_emulator_server and self.selected_dc != self.pdc_emulator_server:
+                        self.selected_dc = self.pdc_emulator_server
+                        logdata['action'] = 'Selected pdc'
+                        logdata['pdc'] = self.selected_dc
+                        log('W11', logdata)
+                    else:
+                        log('F1', logdata)
+                        raise smb_exc
                 else:
-                    log('F1', logdata)
-                    raise smb_exc
+                    if self.dc_site_servers:
+                        self.selected_dc = self.dc_site_servers.pop()
+                    elif self.all_servers:
+                        self.selected_dc = self.all_servers.pop()
+                    else:
+                        self.selected_dc = self.pdc_emulator_server
+
+
+                    if self.selected_dc not in list_selected_dc:
+                        logdata['action'] = 'Search another dc'
+                        logdata['another_dc'] = self.selected_dc
+                        log('W11', logdata)
+                        list_selected_dc.add(self.selected_dc)
+                    else:
+                        log('F1', logdata)
+                        raise smb_exc
             except Exception as exc:
                 logdata['exc'] = str(exc)
                 log('F1', logdata)
                 raise exc
         return gpos
 
+
+class SiteDomainScanner:
+    def __init__(self, smbcreds, lp, dc):
+        self.samdb = SamDB(url='ldap://{}'.format(dc), session_info=system_session(), credentials=smbcreds, lp=lp)
+        self.pdc_emulator = self._search_pdc_emulator()
+
+    @staticmethod
+    def _get_ldb_single_message_attr(ldb_message, attr_name, encoding='utf8'):
+        if attr_name in ldb_message:
+            return ldb_message[attr_name][0].decode(encoding)
+        else:
+            return None
+
+    @staticmethod
+    def _get_ldb_single_result_attr(ldb_result, attr_name, encoding='utf8'):
+        if len(ldb_result) == 1 and attr_name in ldb_result[0]:
+            return ldb_result[0][attr_name][0].decode(encoding)
+        else:
+            return None
+
+    def _get_server_hostname(self, ds_service_name):
+        ds_service_name_dn = ldb.Dn(self.samdb, ds_service_name)
+        server_dn = ds_service_name_dn.parent()
+        res = self.samdb.search(server_dn, scope=ldb.SCOPE_BASE)
+        return self._get_ldb_single_result_attr(res, 'dNSHostName')
+
+    def _search_pdc_emulator(self):
+        res = self.samdb.search(self.samdb.domain_dn(), scope=ldb.SCOPE_BASE)
+        pdc_settings_object = self._get_ldb_single_result_attr(res, 'fSMORoleOwner')
+        return self._get_server_hostname(pdc_settings_object)
+
+    def get_ip_addresses(self):
+        interface_list = netifaces.interfaces()
+        addresses = []
+        for iface in interface_list:
+            address_entry = netifaces.ifaddresses(iface)
+            if netifaces.AF_INET in address_entry:
+                addresses.extend(ipaddress.ip_address(ipv4_address_entry['addr']) for ipv4_address_entry in address_entry[netifaces.AF_INET])
+            if netifaces.AF_INET6 in address_entry:
+                addresses.extend(ipaddress.ip_address(ipv6_address_entry['addr']) for ipv6_address_entry in address_entry[netifaces.AF_INET6])
+        return addresses
+
+    def get_ad_subnets_sites(self):
+        subnet_dn = ldb.Dn(self.samdb, "CN=Subnets,CN=Sites")
+        config_dn = self.samdb.get_config_basedn()
+        subnet_dn.add_base(config_dn)
+        res = self.samdb.search(subnet_dn, ldb.SCOPE_ONELEVEL, expression='objectClass=subnet', attrs=['cn', 'siteObject'])
+        subnets = {ipaddress.ip_network(self._get_ldb_single_message_attr(msg, 'cn')): self._get_ldb_single_message_attr(msg, 'siteObject') for msg in res}
+        return subnets
+
+    def get_ad_site_servers(self, site):
+        servers_dn = ldb.Dn(self.samdb, "CN=Servers")
+        site_dn = ldb.Dn(self.samdb, site)
+        servers_dn.add_base(site_dn)
+        res = self.samdb.search(servers_dn, ldb.SCOPE_ONELEVEL, expression='objectClass=server', attrs=['dNSHostName'])
+        servers = [self._get_ldb_single_message_attr(msg, 'dNSHostName') for msg in res]
+        random.shuffle(servers)
+        return servers
+
+    def get_ad_all_servers(self):
+        sites_dn = ldb.Dn(self.samdb, "CN=Sites")
+        config_dn = self.samdb.get_config_basedn()
+        sites_dn.add_base(config_dn)
+        res = self.samdb.search(sites_dn, ldb.SCOPE_SUBTREE, expression='objectClass=server', attrs=['dNSHostName'])
+        servers = [self._get_ldb_single_message_attr(msg, 'dNSHostName') for msg in res]
+        random.shuffle(servers)
+        return servers
+
+    def check_ip_in_subnets(self, ip_addresses, subnets_sites):
+        return next((subnets_sites[subnet] for subnet in subnets_sites.keys()
+                     if any(ip_address in subnet for ip_address in ip_addresses)), None)
+
+    def select_site_servers(self):
+        try:
+            ip_addresses = self.get_ip_addresses()
+            subnets_sites = self.get_ad_subnets_sites()
+
+            our_site = self.check_ip_in_subnets(ip_addresses, subnets_sites)
+
+            servers = []
+            if our_site:
+                servers = self.get_ad_site_servers(our_site)
+            random.shuffle(servers)
+            return servers
+        except Exception as e:
+            return []
+
+    def select_all_servers(self):
+        try:
+            servers = self.get_ad_all_servers()
+            random.shuffle(servers)
+            return servers
+        except Exception as e:
+            return []
+
+    def select_pdc_emulator_server(self):
+        return self.pdc_emulator
+
 def expand_windows_var(text, username=None):
     '''
     Scan the line for percent-encoded variables and expand them.
@@ -166,7 +315,9 @@ def expand_windows_var(text, username=None):
 
     result = text
     for var in variables.keys():
-        result = result.replace('%{}%'.format(var), variables[var])
+        result = result.replace('%{}%'.format(var),
+                                 variables[var] if variables[var][-1] == '/'
+                                 else variables[var] +'/')
 
     return result
 
@@ -182,3 +333,11 @@ def transform_windows_path(text):
 
     return result
 
+def check_scroll_enabled():
+    storage = registry_factory()
+    enable_scroll = '/Software/BaseALT/Policies/GPUpdate/ScrollSysvolDC'
+    if storage.get_key_value(enable_scroll):
+        data = storage.get_hklm_entry(enable_scroll).data
+        return bool(int(data))
+    else:
+        return False

gpupdate.spec

@@ -1,7 +1,39 @@
 %define _unpackaged_files_terminate_build 1
+#add_python3_self_prov_path %buildroot%python3_sitelibdir/gpoa
+
+%add_python3_req_skip backend
+%add_python3_req_skip frontend.frontend_manager
+%add_python3_req_skip gpt.envvars
+%add_python3_req_skip gpt.folders
+%add_python3_req_skip gpt.gpt
+%add_python3_req_skip gpt.printers
+%add_python3_req_skip gpt.shortcuts
+%add_python3_req_skip messages
+%add_python3_req_skip storage
+%add_python3_req_skip storage.fs_file_cache
+%add_python3_req_skip storage.dconf_registry
+%add_python3_req_skip util
+%add_python3_req_skip util.arguments
+%add_python3_req_skip util.config
+%add_python3_req_skip util.dbus
+%add_python3_req_skip util.exceptions
+%add_python3_req_skip util.kerberos
+%add_python3_req_skip util.logging
+%add_python3_req_skip util.paths
+%add_python3_req_skip util.preg
+%add_python3_req_skip util.roles
+%add_python3_req_skip util.rpm
+%add_python3_req_skip util.sid
+%add_python3_req_skip util.signals
+%add_python3_req_skip util.system
+%add_python3_req_skip util.users
+%add_python3_req_skip util.util
+%add_python3_req_skip util.windows
+%add_python3_req_skip util.xml
+%add_python3_req_skip util.gpoa_ini_parsing
 
 Name: gpupdate
-Version: 0.9.11.2
+Version: 0.10.1
 Release: alt1
 
 Summary: GPT applier
@@ -16,11 +48,13 @@ BuildRequires: rpm-build-python3
 BuildRequires: gettext-tools
 Requires: python3-module-rpm
 Requires: python3-module-dbus
+Requires: python3-module-configobj
 Requires: oddjob-%name >= 0.2.0
 Requires: libnss-role >= 0.5.0
 Requires: local-policy >= 0.4.9
 Requires: pam-config >= 1.9.0
 Requires: autofs
+Requires: dconf-profile
 # This is needed by shortcuts_applier
 Requires: desktop-file-utils
 # This is needed for smb file cache support
@@ -108,7 +142,7 @@ fi
 # Remove storage in case we've lost compatibility between versions.
 # The storage will be regenerated on GPOA start.
 %define active_policy %_sysconfdir/local-policy/active
-%triggerpostun -- %name < 0.9.10
+%triggerpostun -- %name < 0.9.13.6
 rm -f %_cachedir/%name/registry.sqlite
 if test -L %active_policy; then
 	sed -i "s|^\s*local-policy\s*=.*|local-policy = $(readlink -f %active_policy)|" \
@@ -151,6 +185,115 @@ fi
 %exclude %python3_sitelibdir/gpoa/test
 
 %changelog
+* Tue Jun 04 2024 Valery Sinelnikov <greh@altlinux.org> 0.10.1-alt1
+- Added handling of unexpected data types when writing to dconf
+
+* Mon May 13 2024 Valery Sinelnikov <greh@altlinux.org> 0.10.0-alt1
+- A method for storing registry keys obtained from GPOs (Group Policy Objects)
+  has undergone significant repairs. We have switched from using SQLite
+  to using Dconf to improve data storage efficiency
+
+* Wed Mar 13 2024 Valery Sinelnikov <greh@altlinux.org> 0.9.13.9-alt1
+- Fixed premature removal of double slash
+
+* Thu Feb 22 2024 Valery Sinelnikov <greh@altlinux.org> 0.9.13.8-alt1
+- Added search for dc on the site
+- Added compatibility support for the oldest versions of SQLAlchemy
+
+* Mon Feb 05 2024 Valery Sinelnikov <greh@altlinux.org> 0.9.13.7-alt1
+- Editing the cache size in the Yandex browser has returned (closes: 44621)
+- Removed unnecessary calls to subprocess
+
+* Wed Jan 31 2024 Valery Sinelnikov <greh@altlinux.org> 0.9.13.6-alt1
+- Added support for hidden attribute for folders (closes: 48964)
+- Added support for Cyrillic and spaces for mounting disks (closes: 49229)
+
+* Fri Jan 12 2024 Valery Sinelnikov <greh@altlinux.org> 0.9.13.5-alt1
+- Fixed blocking check for machine policies with multiple sections (closes: 48971)
+- Extension of the valuename_typeint list for the admx-chromium 120.0
+- Extension of the valuename_typeint list for the admx-yandex 118.0
+- Changed PAM logic to prevent re-call (closes: 48973)
+- Changed timer option OnStartupSec to prevent re-call
+
+* Mon Dec 18 2023 Valery Sinelnikov <greh@altlinux.org> 0.9.13.4-alt1
+- Fixed regular expression to search for wallpaper management section (closes: 48828)
+
+* Wed Dec 13 2023 Valery Sinelnikov <greh@altlinux.org> 0.9.13.3-alt1
+- Fixed bug handling of invalid username
+  when requesting cache (closes: 48310)
+
+* Tue Nov 28 2023 Valery Sinelnikov <greh@altlinux.org> 0.9.13.2-alt1
+- Fixed kde_applier bug (closes: 47995)
+
+* Wed Oct 18 2023 Valery Sinelnikov <greh@altlinux.org> 0.9.13.1-alt1
+- Fixed kde_applier bug (closes: 47995)
+- Fixed kde_applier bug (closes: 47996)
+- Fixed kde_applier bug (closes: 47998)
+- Fixed kde_applier bug (closes: 47820)
+- Fixed shortcut_applier bug (closes: 47638)
+- Fixed shortcut_applier bug (closes: 47641)
+- Fixed systemd_applier bug (closes: 47652)
+
+* Tue Sep 19 2023 Valery Sinelnikov <greh@altlinux.org> 0.9.13.0-alt1
+- Added KDE applier
+- Fixed loopback policy processing
+- Fixed appliers exception for some chromium policies
+- Fixed ntp error
+- cifs_appliers, polkit_appliers changed to non-experimental
+
+* Wed Jun 14 2023 Valery Sinelnikov <greh@altlinux.org> 0.9.12.6-alt1
+- Added support for dictionaries as policy values for
+  yandex_browser_applier and chromium_applier
+- Extended functionality of ConfigObj to save comments ';'
+- Added support for SQLAlchemy2 in storage
+- Added 'cifsacl' option to mount templates
+
+* Fri May 26 2023 Valery Sinelnikov <greh@altlinux.org> 0.9.12.5-alt1
+- Fixed editing cache volume (DiskCacheSize) in Yandex browser (closes: 44621)
+- The access to caching files has been fixed
+
+* Sun Mar 19 2023 Evgeny Sinelnikov <sin@altlinux.org> 0.9.12.4-alt1
+- Fixed an implementation of replace action in folder applier
+- Improve file cache store() with copy in temporary file before saving
+- Added implementation of using executable bit in file copy applier
+- Fixed debug messages typos in file copy applier
+
+* Tue Feb 28 2023 Evgeny Sinelnikov <sin@altlinux.org> 0.9.12.3-alt1
+- Add support of set copyied files to be executed by paths and suffixes (extensions).
+- Add support of saving comments in ini files.
+- Add support samba-4.17 python interface for gp.gpclass instead of gpclass.
+
+* Thu Dec 29 2022 Valery Sinelnikov <greh@altlinux.org> 0.9.12.2-alt2
+- Fixed a typo in cifs_applier.py
+
+* Thu Dec 29 2022 Evgeny Sinelnikov <sin@altlinux.org> 0.9.12.2-alt1
+- Add support of create and delete symlinks in user home directory for mapped
+  network drives in cifs applier
+- Fix file copy applier support of delete files with substitution
+
+* Tue Dec 13 2022 Evgeny Sinelnikov <sin@altlinux.org> 0.9.12.1-alt1
+- Update file copy applier with substitution support
+- Update translations for several logs
+
+* Mon Dec 12 2022 Evgeny Sinelnikov <sin@altlinux.org> 0.9.12-alt2
+- Update release with forgotten changes
+
+* Sun Dec 11 2022 Evgeny Sinelnikov <sin@altlinux.org> 0.9.12-alt1
+- Fixed mapped drive maps for user and add support for machine
+ + Added label option support
+ + Fixed letters collisions and assigning as Windows
+- Replaced cifs applier mountpoints into shown gvfs directories:
+ + /media/gpupdate/Drive - for system shares
+ + /media/gpupdate/.Drive - for system hidden shares
+ + /run/media/USERNAME/DriveUser - for user shares
+ + /run/media/USERNAME/.DriveUser - for user hidden shares
+- Added network shares support for user
+- Fixed bug (closes: 44026) for chromium applier
+- Added keylist handling when generating firefox settings (closes: 44209)
+- Added a check of the need to scroll DC (scrolling DCs disabled by default!)
+- Added the ability to generate rules for all polkit actions
+- Added applier for Yandex.Browser
+
 * Fri Sep 30 2022 Valery Sinelnikov <greh@altlinux.org> 0.9.11.2-alt1
 - Fixed formation of the correct path for creating a user directory