mirror of
				https://github.com/altlinux/gpupdate.git
				synced 2025-10-25 23:33:11 +03:00 
			
		
		
		
	Compare commits
	
		
			338 Commits
		
	
	
		
			ntp_applie
			...
			fix_firefo
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| 0f4f9fbae8 | |||
| ea2854bec0 | |||
|  | 4d6a5d750c | ||
|  | 84e1340362 | ||
| 5ee05df574 | |||
|  | 2a993f0400 | ||
|  | b878b7e1b3 | ||
|  | c57d1bac9e | ||
| b9b5239448 | |||
| aae2776790 | |||
|  | a20aa841d6 | ||
|  | 8c7819d96f | ||
|  | 3d9473f979 | ||
|  | 01f48be853 | ||
|  | 1638098fd4 | ||
|  | 047e5459af | ||
|  | 5baa4245e3 | ||
| ec6b9f7887 | |||
| 22d0d23b89 | |||
| fd3a32e8e1 | |||
|  | 9e849e8fe3 | ||
|  | d65f3ed942 | ||
|  | 31298be840 | ||
|  | 5c889fd57e | ||
|  | 4e2874c972 | ||
|  | 63e50ac2df | ||
|  | ad2a87e20d | ||
|  | e9c3a4262a | ||
|  | b5706ec6e1 | ||
|  | 61e7350429 | ||
|  | c9a274fc79 | ||
|  | 127c9f7183 | ||
|  | a27f8ba5dd | ||
|  | fafe2c34b4 | ||
|  | 9c91ddc7ba | ||
|  | 1f02ed650b | ||
|  | fc47df4649 | ||
|  | 42b8bdb82a | ||
|  | 2a174edeef | ||
|  | 9b8529b39b | ||
|  | 062ff742c3 | ||
|  | 1764560c49 | ||
|  | b439e04a2f | ||
|  | e413f95633 | ||
|  | 675f37ab85 | ||
|  | 9932c682ef | ||
|  | 018b30cdc4 | ||
|  | 249eb69ade | ||
|  | 1ab8c7aee0 | ||
|  | 400a5fab7d | ||
|  | e7851e88b3 | ||
|  | 0761637666 | ||
|  | dda4d987cb | ||
|  | 609ec0e8b8 | ||
|  | c0b28a0655 | ||
|  | 78aad11e06 | ||
|  | 59bebbc45e | ||
|  | e92656add0 | ||
|  | 5d24579d2f | ||
|  | ce284b61be | ||
|  | 7a8118ac63 | ||
|  | 18d8e73acd | ||
|  | 58235cb1a1 | ||
|  | e0d88cc076 | ||
|  | c8b0927090 | ||
|  | a4a79d8c99 | ||
|  | 408609fa58 | ||
|  | 6efebfad89 | ||
| 12865b0b43 | |||
| 9117dddcee | |||
| 1e267f5cb6 | |||
| 62ed015ea9 | |||
| 3e6b7cd040 | |||
| 209eb84d6d | |||
| 7f3b47a23c | |||
| 08ba87c8d8 | |||
| f2a45a2a6d | |||
| 9c544adc94 | |||
| a225c9aa7f | |||
| 51c8711da6 | |||
| 54eb4188a7 | |||
|  | 89d5e36d6c | ||
|  | 6cd5ab4ee2 | ||
|  | 0c913c68e3 | ||
|  | 12d746a1dc | ||
|  | 0a25f3a1d6 | ||
|  | 1eaab893c8 | ||
|  | 05ea872831 | ||
|  | d0506dba29 | ||
|  | dd28587b20 | ||
|  | 1a288c84f5 | ||
|  | cadc3eda52 | ||
|  | 8d3e6691d4 | ||
|  | cb54fa5d78 | ||
|  | 53ffc072f0 | ||
|  | 7a59bcb65b | ||
|  | b81a727cd4 | ||
|  | 11b33dd148 | ||
|  | 1ccc18a31f | ||
|  | 9a3afeebdf | ||
|  | 0720471cca | ||
|  | dd43ddaad6 | ||
|  | 6fc059aaac | ||
|  | 8cfb6f0bb3 | ||
|  | ddcdc322f8 | ||
|  | 4ee52f06d6 | ||
|  | 603efc2deb | ||
|  | 9fc5007590 | ||
|  | a6210f8b29 | ||
|  | 175f244a5f | ||
|  | 0d4ce533bc | ||
|  | 8e22235df2 | ||
|  | 0519d2703c | ||
|  | 1ca9b006e1 | ||
|  | 8cc5a8904b | ||
|  | 70cdef2e71 | ||
|  | 3baffeb12d | ||
|  | a0d9dc585f | ||
|  | 388125415b | ||
|  | 14c7e5db21 | ||
|  | 582a85df88 | ||
|  | 18ddc54626 | ||
|  | 6bad9a331d | ||
|  | 16b5747620 | ||
|  | 47015ec312 | ||
|  | 666c88bdf1 | ||
|  | bd5262353b | ||
|  | e1d5712b83 | ||
|  | bcb9108424 | ||
|  | 82bb88ca34 | ||
|  | 518685f361 | ||
|  | 39e3d15fa8 | ||
|  | 7a755bbb3e | ||
|  | 41260df1a1 | ||
|  | 0d1b60158a | ||
|  | b244df8f2d | ||
|  | e48ca4fc8e | ||
|  | 82d52d1c9f | ||
|  | e6a51d02fb | ||
|  | 28e2d9c94b | ||
|  | 60137feed0 | ||
|  | a86c49e471 | ||
|  | 8c5d0bbb06 | ||
|  | c26fbf8042 | ||
|  | 83e70d5e7a | ||
|  | c383b8df9b | ||
|  | fc810c3362 | ||
|  | 7e225c837a | ||
|  | b053544512 | ||
|  | 9b4527d334 | ||
|  | 3794ffa5be | ||
|  | fe68f0cca8 | ||
|  | d83cf4d29d | ||
|  | 47dc1df796 | ||
|  | 5d2fb3f719 | ||
|  | 3fded83c75 | ||
|  | aeab315c3d | ||
|  | 446fa532db | ||
|  | ac2190809a | ||
|  | 66bae5a1af | ||
|  | 4f41c64c98 | ||
|  | 729f916646 | ||
|  | 1b150e21c7 | ||
| 459993d133 | |||
| 7ee065309b | |||
| 22c4f97a15 | |||
|  | e62b366cf2 | ||
|  | fbdd8cc79a | ||
|  | 8fddb3494a | ||
|  | 4b3e621650 | ||
|  | 4a2842b872 | ||
|  | 682797fb90 | ||
|  | 12bd7a5b51 | ||
|  | 0674340f74 | ||
|  | 5486bcfcef | ||
|  | d935557c4c | ||
|  | c6b6cdfff3 | ||
| 2d7144c1b4 | |||
|  | 4cca8b241a | ||
|  | a50f8c0d04 | ||
|  | 8c4ce9f8a6 | ||
|  | bb1183c471 | ||
| db74303e73 | |||
|  | ced9d35ec4 | ||
|  | d84b754292 | ||
|  | 7507c558ba | ||
| 9fb411c2e2 | |||
|  | b8dc00443f | ||
| 179b16baa4 | |||
| 209e4e3128 | |||
| 2fb59a1b7c | |||
| d82cfcfe89 | |||
| 220313a1fb | |||
|  | 38378440ff | ||
| debe48c06b | |||
| b84715cfe4 | |||
| abad246ab2 | |||
|  | 5bc8309abd | ||
|  | a18e1a6cce | ||
| 8420f50f9c | |||
| 07662349ca | |||
|  | a1281d3ac0 | ||
|  | 5c0fc9bed0 | ||
|  | 78815c5ecd | ||
|  | 7a0571278f | ||
|  | 7e666043be | ||
|  | e733c346b3 | ||
|  | 7e26d8397c | ||
|  | b0d3ab2384 | ||
| d744cf8f6e | |||
| 443b410dfa | |||
|  | 721c66b20d | ||
| 9fbe8f76be | |||
| 3c95c0c84b | |||
|  | ed42f3cf6a | ||
| 5dabd2c259 | |||
| 1f32d4efae | |||
|  | 5c809a2d5a | ||
|  | bec19cf69e | ||
|  | 583b47ae7c | ||
|  | 264cedd342 | ||
|  | de6db7ad2b | ||
| 17c8aef19f | |||
| e402d399e9 | |||
| 5258880419 | |||
| 3fd6d9558e | |||
| d26290a720 | |||
| f1800a834f | |||
| 93806b342d | |||
| 17ea444bcb | |||
| fc0495abd0 | |||
| c9da82376a | |||
| ae9ced2794 | |||
| 6c231c8b4d | |||
| 6461aa6836 | |||
| 5eeba1e73a | |||
| ca4399b9b5 | |||
| 377aa07b9f | |||
| 38d1f0e571 | |||
|  | 04651494be | ||
|  | 4c7e69f7f6 | ||
|  | 51f4b3aa18 | ||
|  | beb555bdf2 | ||
|  | bb55c38e21 | ||
|  | 5df3c6f468 | ||
|  | 7edaa4afe7 | ||
|  | 486e035649 | ||
|  | 51bd701b2d | ||
|  | de0635952f | ||
|  | 21b4ced721 | ||
|  | 2567bb9c45 | ||
|  | a4db4d9cd0 | ||
|  | 8cdc84aef6 | ||
|  | 8b82278934 | ||
|  | 4b4adbf3e1 | ||
|  | 0e6c3bb6aa | ||
|  | fa315bb599 | ||
|  | d54cd790b1 | ||
|  | c729b8a6d6 | ||
|  | 142d6eda50 | ||
|  | ae8dd798ab | ||
|  | 8121eb8d6f | ||
|  | be15051ba5 | ||
|  | 7f7a154e1b | ||
|  | 72c34a7475 | ||
|  | abc3a3f609 | ||
|  | ce2d1c6e05 | ||
|  | 58cff92891 | ||
|  | 6bcd916203 | ||
|  | c924adc4b0 | ||
|  | 9e1760ae9d | ||
|  | 1a90996259 | ||
|  | 11768248e4 | ||
|  | 34d7124a46 | ||
|  | c5c80b9091 | ||
|  | 1b3d046d05 | ||
|  | 5c2e4fe356 | ||
|  | ff5645ef73 | ||
|  | 3fb3f2e857 | ||
|  | f75c79cbeb | ||
|  | 43c8031da5 | ||
|  | 4f1c2f288e | ||
|  | 26908178d3 | ||
|  | fe63894ad8 | ||
|  | 1bf898f1d0 | ||
|  | 2c71b5e53a | ||
|  | 601e8b1072 | ||
|  | 2c15d1cea0 | ||
|  | 52fc6ea4de | ||
|  | 3621e80055 | ||
|  | d9191e47fa | ||
|  | 87d873862a | ||
|  | 9dc833a970 | ||
|  | 45bf77a64a | ||
|  | 5be7cc14b0 | ||
|  | 1f0e417ff1 | ||
|  | 1d31c72946 | ||
|  | eb7538249f | ||
|  | 0dacf2f657 | ||
|  | 13f1529306 | ||
|  | 3b2d0c0af2 | ||
|  | aea8f6ed0a | ||
|  | 322f28baa7 | ||
|  | 3860bf6b74 | ||
|  | abcc660118 | ||
|  | b7e61e4ab8 | ||
|  | ca50d7f73b | ||
|  | d9f3bd3b8c | ||
|  | b4e50c2ef8 | ||
|  | e46d717af8 | ||
|  | 83c0395ee4 | ||
|  | eef4823e56 | ||
|  | 4100edcacf | ||
|  | 89e72eeaff | ||
|  | ce54bae087 | ||
|  | bbbde0c46a | ||
|  | a43f47abd4 | ||
|  | 60ab746ce3 | ||
|  | 418d182726 | ||
|  | ccb3dd53a8 | ||
|  | bb0beb4a92 | ||
|  | dda3ca452b | ||
|  | 0d54a2a0c8 | ||
|  | c1a4e67ba3 | ||
|  | b10dde3b21 | ||
|  | c7b632fbb8 | ||
|  | a00366650a | ||
|  | a10beac915 | ||
|  | d409d68052 | ||
|  | 5fdefaecc0 | ||
|  | 0e3d3598f1 | ||
|  | 556a8f833c | ||
|  | a17dd4a9b4 | ||
|  | 681c4828a6 | ||
|  | e670c03026 | ||
|  | 5bd64352f1 | ||
|  | 56b7186c15 | ||
|  | 6b0cfbe2b5 | 
							
								
								
									
										22
									
								
								completions/gpoa
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										22
									
								
								completions/gpoa
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,22 @@ | ||||
| _gpoa() | ||||
| { | ||||
|     local cur prev words cword split | ||||
|     _init_completion -s || return | ||||
|  | ||||
|     case $prev in | ||||
|         --dc) | ||||
|             _filedir | ||||
|             return | ||||
|             ;; | ||||
|         --loglevel) | ||||
|             COMPREPLY=($(compgen -W '0 1 2 3 4 5' -- "$cur")) | ||||
|             return | ||||
|             ;; | ||||
|         *) | ||||
|             COMPREPLY=($(compgen -W '--dc --nodomain --noupdate --noplugins --list-backends --loglevel --help' -- "$cur")) | ||||
|             return | ||||
|             ;; | ||||
|     esac | ||||
| } | ||||
|  | ||||
| complete -F _gpoa gpoa | ||||
							
								
								
									
										27
									
								
								completions/gpupdate
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										27
									
								
								completions/gpupdate
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,27 @@ | ||||
| _gpupdate() | ||||
| { | ||||
|     local cur prev words cword split | ||||
|     _init_completion -s || return | ||||
|  | ||||
|     case $prev in | ||||
|         -u|--user) | ||||
|             _filedir | ||||
|             return | ||||
|             ;; | ||||
|         -t|--target) | ||||
|             COMPREPLY=($(compgen -W 'ALL USER COMPUTER' -- "$cur")) | ||||
|             return | ||||
|             ;; | ||||
|         -l|--loglevel) | ||||
|             COMPREPLY=($(compgen -W '0 1 2 3 4 5' -- "$cur")) | ||||
|             return | ||||
|             ;; | ||||
|         *) | ||||
|             COMPREPLY=($(compgen -W '--user --target --loglevel --system --help' -- "$cur")) | ||||
|             return | ||||
|             ;; | ||||
|     esac | ||||
| } | ||||
|  | ||||
| complete -F _gpupdate gpupdate | ||||
|  | ||||
							
								
								
									
										18
									
								
								completions/gpupdate-setup
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										18
									
								
								completions/gpupdate-setup
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,18 @@ | ||||
| _gpupdate-setup() | ||||
| { | ||||
|     local cur prev words cword split | ||||
|     _init_completion -s || return | ||||
|  | ||||
|     case $prev in | ||||
|         set-backend) | ||||
|             COMPREPLY=($(compgen -W 'local samba' -- "$cur")) | ||||
|             return | ||||
|             ;; | ||||
|         *) | ||||
|             COMPREPLY=($(compgen -W 'list list-backends status enable disable update write set-backend default-policy active-policy active-backend' -- "$cur")) | ||||
|             return | ||||
|             ;; | ||||
|     esac | ||||
| } | ||||
|  | ||||
| complete -F _gpupdate-setup gpupdate-setup | ||||
							
								
								
									
										1
									
								
								dist/gpupdate-scripts-run-user.service
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										1
									
								
								dist/gpupdate-scripts-run-user.service
									
									
									
									
										vendored
									
									
								
							| @@ -1,6 +1,5 @@ | ||||
| [Unit] | ||||
| Description=Run Group Policy scripts for a user | ||||
| After=gpupdate-user.service | ||||
|  | ||||
| [Service] | ||||
| Type=oneshot | ||||
|   | ||||
							
								
								
									
										2
									
								
								dist/gpupdate-user.timer
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										2
									
								
								dist/gpupdate-user.timer
									
									
									
									
										vendored
									
									
								
							| @@ -2,7 +2,7 @@ | ||||
| Description=Run gpupdate-user every hour | ||||
|  | ||||
| [Timer] | ||||
| OnStartupSec=1 | ||||
| OnStartupSec=60min | ||||
| OnUnitActiveSec=60min | ||||
|  | ||||
| [Install] | ||||
|   | ||||
							
								
								
									
										2
									
								
								dist/gpupdate.timer
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										2
									
								
								dist/gpupdate.timer
									
									
									
									
										vendored
									
									
								
							| @@ -2,7 +2,7 @@ | ||||
| Description=Run gpupdate every hour | ||||
|  | ||||
| [Timer] | ||||
| OnStartupSec=1 | ||||
| OnStartupSec=60min | ||||
| OnUnitActiveSec=60min | ||||
|  | ||||
| [Install] | ||||
|   | ||||
							
								
								
									
										9
									
								
								dist/system-policy-gpupdate
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										9
									
								
								dist/system-policy-gpupdate
									
									
									
									
										vendored
									
									
								
							| @@ -2,11 +2,12 @@ | ||||
| session		[success=2 perm_denied=ignore default=die]	pam_localuser.so | ||||
| session		substack	gpupdate-remote-policy | ||||
| session		[default=1]	pam_permit.so | ||||
| session		[default=6]	pam_permit.so | ||||
| session		[default=7]	pam_permit.so | ||||
| session		[success=1 default=ignore]	pam_succeed_if.so user ingroup users quiet | ||||
| session		[default=4]	pam_permit.so | ||||
| session		[default=5]	pam_permit.so | ||||
| session		[success=1 default=ignore]	pam_succeed_if.so uid >= 500 quiet | ||||
| session		[default=2]	pam_permit.so | ||||
| session		[default=3]	pam_permit.so | ||||
| session		[success=1 default=ignore]	pam_succeed_if.so service = systemd-user quiet | ||||
| -session	required	pam_oddjob_gpupdate.so | ||||
| session		optional	pam_env.so user_readenv=1 conffile=/etc/gpupdate/environment user_envfile=.gpupdate_environment | ||||
| session		required	pam_permit.so | ||||
| session		required	pam_permit.so | ||||
| @@ -22,6 +22,9 @@ from .samba_backend import samba_backend | ||||
| from .nodomain_backend import nodomain_backend | ||||
| from util.logging import log | ||||
| from util.config import GPConfig | ||||
| from util.util import get_uid_by_username, touch_file | ||||
| from util.paths import get_dconf_config_path | ||||
| from storage.dconf_registry import Dconf_registry, create_dconf_ini_file | ||||
|  | ||||
| def backend_factory(dc, username, is_machine, no_domain = False): | ||||
|     ''' | ||||
| @@ -59,3 +62,12 @@ def backend_factory(dc, username, is_machine, no_domain = False): | ||||
|  | ||||
|     return back | ||||
|  | ||||
| def save_dconf(username, is_machine): | ||||
|     if is_machine: | ||||
|         uid = None | ||||
|     else: | ||||
|         uid = get_uid_by_username(username) if not is_machine else None | ||||
|     target_file = get_dconf_config_path(uid) | ||||
|     touch_file(target_file) | ||||
|     Dconf_registry.apply_template(uid) | ||||
|     create_dconf_ini_file(target_file,Dconf_registry.global_registry_dict) | ||||
|   | ||||
| @@ -35,7 +35,7 @@ class nodomain_backend(applier_backend): | ||||
|         domain = None | ||||
|         machine_name = get_machine_name() | ||||
|         machine_sid = get_sid(domain, machine_name, True) | ||||
|         self.storage = registry_factory('registry') | ||||
|         self.storage = registry_factory() | ||||
|         self.storage.set_info('domain', domain) | ||||
|         self.storage.set_info('machine_name', machine_name) | ||||
|         self.storage.set_info('machine_sid', machine_sid) | ||||
|   | ||||
| @@ -18,10 +18,13 @@ | ||||
|  | ||||
| import os | ||||
| # Facility to determine GPTs for user | ||||
| from samba.gpclass import check_safe_path | ||||
| try: | ||||
|     from samba.gpclass import check_safe_path | ||||
| except ImportError: | ||||
|     from samba.gp.gpclass import check_safe_path | ||||
|  | ||||
| from .applier_backend import applier_backend | ||||
| from storage import cache_factory, registry_factory | ||||
| from storage import registry_factory | ||||
| from gpt.gpt import gpt, get_local_gpt | ||||
| from util.util import ( | ||||
|     get_machine_name, | ||||
| @@ -36,14 +39,15 @@ import util.preg | ||||
| from util.logging import log | ||||
|  | ||||
| class samba_backend(applier_backend): | ||||
|     __user_policy_mode_key = 'Software\\Policies\\Microsoft\\Windows\\System\\UserPolicyMode' | ||||
|     __user_policy_mode_key = '/SOFTWARE/Policies/Microsoft/Windows/System/UserPolicyMode' | ||||
|     __user_policy_mode_key_win = '/Software/Policies/Microsoft/Windows/System/UserPolicyMode' | ||||
|  | ||||
|     def __init__(self, sambacreds, username, domain, is_machine): | ||||
|         self.cache_path = '/var/cache/gpupdate/creds/krb5cc_{}'.format(os.getpid()) | ||||
|         self.__kinit_successful = machine_kinit(self.cache_path) | ||||
|         if not self.__kinit_successful: | ||||
|             raise Exception('kinit is not successful') | ||||
|         self.storage = registry_factory('registry') | ||||
|         self.storage = registry_factory() | ||||
|         self.storage.set_info('domain', domain) | ||||
|         machine_name = get_machine_name() | ||||
|         machine_sid = get_sid(domain, machine_name, is_machine) | ||||
| @@ -58,9 +62,6 @@ class samba_backend(applier_backend): | ||||
|         else: | ||||
|             self.sid = get_sid(self.storage.get_info('domain'), self.username) | ||||
|  | ||||
|         self.cache = cache_factory('regpol_cache') | ||||
|         self.gpo_names = cache_factory('gpo_names') | ||||
|  | ||||
|         # Samba objects - LoadParm() and CredentialsOptions() | ||||
|         self.sambacreds = sambacreds | ||||
|  | ||||
| @@ -78,9 +79,11 @@ class samba_backend(applier_backend): | ||||
|         is possible to work with user's part of GPT. This value is | ||||
|         checked only if working for user's SID. | ||||
|         ''' | ||||
|         upm = self.storage.get_hklm_entry(self.__user_policy_mode_key) | ||||
|         if upm and upm.data: | ||||
|             upm = int(upm.data) | ||||
|         upm_key = self.storage.get_key_value(self.__user_policy_mode_key) | ||||
|         upm_win_key = self.storage.get_key_value(self.__user_policy_mode_key_win) | ||||
|         upm = upm_key if upm_key else upm_win_key | ||||
|         if upm: | ||||
|             upm = int(upm) | ||||
|             if upm < 0 or upm > 2: | ||||
|                 upm = 0 | ||||
|         else: | ||||
| @@ -140,6 +143,7 @@ class samba_backend(applier_backend): | ||||
|             if policy_mode > 0: | ||||
|                 for gptobj in machine_gpts: | ||||
|                     try: | ||||
|                         gptobj.sid = self.sid | ||||
|                         gptobj.merge_user() | ||||
|                     except Exception as exc: | ||||
|                         logdata = dict() | ||||
| @@ -172,7 +176,16 @@ class samba_backend(applier_backend): | ||||
|                 slogdata = dict({'sysvol_path': gpo.file_sys_path, 'gpo_name': gpo.display_name, 'gpo_path': path}) | ||||
|                 log('D30', slogdata) | ||||
|                 gpt_abspath = os.path.join(self.cache_dir, 'gpo_cache', path) | ||||
|                 obj = gpt(gpt_abspath, sid) | ||||
|                 gpo_version=None | ||||
|                 try: | ||||
|                     gpo_version=gpo.version | ||||
|                 except: | ||||
|                     log('D210') | ||||
|  | ||||
|                 if self._is_machine_username: | ||||
|                     obj = gpt(gpt_abspath, sid, None, version=gpo_version) | ||||
|                 else: | ||||
|                     obj = gpt(gpt_abspath, sid, self.username, version=gpo_version) | ||||
|                 obj.set_name(gpo.display_name) | ||||
|                 gpts.append(obj) | ||||
|             else: | ||||
| @@ -188,9 +201,9 @@ def upm2str(upm_num): | ||||
|     result = 'Not configured' | ||||
|  | ||||
|     if upm_num in [1, '1']: | ||||
|         result = 'Replace' | ||||
|  | ||||
|     if upm_num in [2, '2']: | ||||
|         result = 'Merge' | ||||
|  | ||||
|     if upm_num in [2, '2']: | ||||
|         result = 'Replace' | ||||
|  | ||||
|     return result | ||||
|   | ||||
| @@ -18,43 +18,42 @@ | ||||
|  | ||||
| from abc import ABC | ||||
|  | ||||
| import logging | ||||
| from util.logging import slogm | ||||
| from util.logging import log | ||||
|  | ||||
| def check_experimental_enabled(storage): | ||||
|     experimental_enable_flag = 'Software\\BaseALT\\Policies\\GPUpdate\\GlobalExperimental' | ||||
|     flag = storage.get_hklm_entry(experimental_enable_flag) | ||||
|     experimental_enable_flag = '/Software/BaseALT/Policies/GPUpdate/GlobalExperimental' | ||||
|     flag = storage.get_key_value(experimental_enable_flag) | ||||
|  | ||||
|     result = False | ||||
|  | ||||
|     if flag and '1' == flag.data: | ||||
|     if flag and '1' == str(flag): | ||||
|         result = True | ||||
|  | ||||
|     return result | ||||
|  | ||||
| def check_windows_mapping_enabled(storage): | ||||
|     windows_mapping_enable_flag = 'Software\\BaseALT\\Policies\\GPUpdate\\WindowsPoliciesMapping' | ||||
|     flag = storage.get_hklm_entry(windows_mapping_enable_flag) | ||||
|     windows_mapping_enable_flag = '/Software/BaseALT/Policies/GPUpdate/WindowsPoliciesMapping' | ||||
|     flag = storage.get_key_value(windows_mapping_enable_flag) | ||||
|  | ||||
|     result = True | ||||
|  | ||||
|     if flag and '0' == flag.data: | ||||
|     flag = str(flag) | ||||
|     if flag and '0' == flag: | ||||
|         result = False | ||||
|  | ||||
|     return result | ||||
|  | ||||
| def check_module_enabled(storage, module_name): | ||||
|     gpupdate_module_enable_branch = 'Software\\BaseALT\\Policies\\GPUpdate' | ||||
|     gpupdate_module_flag = '{}\\{}'.format(gpupdate_module_enable_branch, module_name) | ||||
|     flag = storage.get_hklm_entry(gpupdate_module_flag) | ||||
|     gpupdate_module_enable_branch = '/Software/BaseALT/Policies/GPUpdate' | ||||
|     gpupdate_module_flag = '{}/{}'.format(gpupdate_module_enable_branch, module_name) | ||||
|     flag = storage.get_key_value(gpupdate_module_flag) | ||||
|  | ||||
|     result = None | ||||
|  | ||||
|     flag = str(flag) | ||||
|     if flag: | ||||
|         if '1' == flag.data: | ||||
|         if '1' == flag: | ||||
|             result =  True | ||||
|         if '0' == flag.data: | ||||
|             result = False | ||||
|         else: | ||||
|             result =  False | ||||
|  | ||||
|     return result | ||||
|  | ||||
|   | ||||
| @@ -92,6 +92,8 @@ class Envvar: | ||||
|                 value = value.replace('\\', '/') | ||||
|             exist_line = None | ||||
|             for line in lines: | ||||
|                 if line == '\n': | ||||
|                     continue | ||||
|                 if line.split()[0] == name: | ||||
|                     exist_line = line | ||||
|                     break | ||||
|   | ||||
| @@ -28,88 +28,154 @@ from pathlib import Path | ||||
| from util.windows import expand_windows_var | ||||
| from util.util import get_homedir | ||||
| from util.exceptions import NotUNCPathError | ||||
| from util.paths import UNCPath | ||||
| import fnmatch | ||||
|  | ||||
| class Files_cp: | ||||
|     def __init__(self, file_obj, file_cache ,username=None): | ||||
|     def __init__(self, file_obj, file_cache, exe_check, username=None): | ||||
|         self.file_cache = file_cache | ||||
|         self.exe_check = exe_check | ||||
|         targetPath = expand_windows_var(file_obj.targetPath, username).replace('\\', '/') | ||||
|         self.targetPath = check_target_path(targetPath, username) | ||||
|         if not self.targetPath: | ||||
|             return | ||||
|         self.fromPath = (expand_windows_var(file_obj.fromPath, username).replace('\\', '/') | ||||
|                         if file_obj.fromPath else None) | ||||
|         self.isTargetPathDirectory = False | ||||
|         self.action = action_letter2enum(file_obj.action) | ||||
|         self.readOnly = str2bool(file_obj.readOnly) | ||||
|         self.archive = str2bool(file_obj.archive) | ||||
|         self.hidden = str2bool(file_obj.hidden) | ||||
|         self.suppress = str2bool(file_obj.suppress) | ||||
|         self.executable = str2bool(file_obj.executable) | ||||
|         self.username = username | ||||
|         self.fromPathFiles = self.get_list_files() | ||||
|         self.fromPathFiles = list() | ||||
|         if self.fromPath: | ||||
|             if targetPath[-1] == '/' or self.is_pattern(Path(self.fromPath).name): | ||||
|                 self.isTargetPathDirectory = True | ||||
|             self.get_list_files() | ||||
|         self.act() | ||||
|  | ||||
|     def get_target_file(self, targetPath, fromPath): | ||||
|     def get_target_file(self, targetPath:Path, fromFile:str) -> Path: | ||||
|         try: | ||||
|             if fromPath and targetPath.is_dir(): | ||||
|                 if self.hidden: | ||||
|                     return targetPath.joinpath('.' + fromPath.name) | ||||
|             if fromFile: | ||||
|                 fromFileName = Path(fromFile).name | ||||
|                 if self.isTargetPathDirectory: | ||||
|                     targetPath.mkdir(parents = True, exist_ok = True) | ||||
|                 else: | ||||
|                     return targetPath.joinpath(fromPath.name) | ||||
|                     targetPath.parent.mkdir(parents = True, exist_ok = True) | ||||
|                     targetPath = targetPath.parent | ||||
|                     fromFileName = self.targetPath.name | ||||
|                 if self.hidden: | ||||
|                     return targetPath.joinpath('.' + fromFileName) | ||||
|                 else: | ||||
|                     return targetPath.joinpath(fromFileName) | ||||
|  | ||||
|             else: | ||||
|                 if not self.hidden: | ||||
|                     return targetPath | ||||
|                 else: | ||||
|                     return targetPath.parent.joinpath('.' + targetPath.name) | ||||
|  | ||||
|         except Exception as exc: | ||||
|             logdata = dict({'exc': exc}) | ||||
|             logdata = dict() | ||||
|             logdata['targetPath'] = targetPath | ||||
|             logdata['fromFile'] = fromFile | ||||
|             logdata['exc'] = exc | ||||
|             log('D163', logdata) | ||||
|  | ||||
|     def set_read_only(self, targetFile): | ||||
|         if  self.readOnly: | ||||
|             shutil.os.chmod(targetFile, int('444', base = 8)) | ||||
|         return None | ||||
|  | ||||
|     def copy_target_file(self, targetFile:Path, fromFile:str): | ||||
|         try: | ||||
|             uri_path = UNCPath(fromFile) | ||||
|             self.file_cache.store(fromFile, targetFile) | ||||
|         except NotUNCPathError as exc: | ||||
|             fromFilePath = Path(fromFile) | ||||
|             if fromFilePath.exists(): | ||||
|                 targetFile.write_bytes(fromFilePath.read_bytes()) | ||||
|         except Exception as exc: | ||||
|             logdata = dict() | ||||
|             logdata['targetFile'] = targetFile | ||||
|             logdata['fromFile'] = fromFile | ||||
|             logdata['exc'] = exc | ||||
|             log('W15', logdata) | ||||
|  | ||||
|     def set_exe_file(self, targetFile, fromFile): | ||||
|         if self.executable: | ||||
|             return True | ||||
|         if Path(fromFile).suffix in self.exe_check.get_list_markers(): | ||||
|             targetPath = targetFile.parent | ||||
|             for i in self.exe_check.get_list_paths(): | ||||
|                 if targetPath == Path(i): | ||||
|                     return True | ||||
|         return False | ||||
|  | ||||
|     def set_mod_file(self, targetFile, fromFile): | ||||
|         if not targetFile.is_file(): | ||||
|             return | ||||
|         if self.set_exe_file(targetFile, fromFile): | ||||
|             if self.readOnly: | ||||
|                 shutil.os.chmod(targetFile, 0o555) | ||||
|             else: | ||||
|                 shutil.os.chmod(targetFile, 0o755) | ||||
|         else: | ||||
|             shutil.os.chmod(targetFile, int('664', base = 8)) | ||||
|             if self.readOnly: | ||||
|                 shutil.os.chmod(targetFile, 0o444) | ||||
|             else: | ||||
|                 shutil.os.chmod(targetFile, 0o644) | ||||
|  | ||||
|     def _create_action(self): | ||||
|         for fromPath in self.fromPathFiles: | ||||
|         logdata = dict() | ||||
|         for fromFile in self.fromPathFiles: | ||||
|             targetFile = None | ||||
|  | ||||
|             try: | ||||
|                 targetFile = self.get_target_file(self.targetPath, fromPath) | ||||
|                 if not targetFile.exists(): | ||||
|                     targetFile.write_bytes(fromPath.read_bytes()) | ||||
|                 targetFile = self.get_target_file(self.targetPath, fromFile) | ||||
|                 if targetFile and not targetFile.exists(): | ||||
|                     self.copy_target_file(targetFile, fromFile) | ||||
|                     if self.username: | ||||
|                         shutil.chown(targetFile, self.username) | ||||
|                     self.set_read_only(targetFile) | ||||
|                     self.set_mod_file(targetFile, fromFile) | ||||
|                     logdata['File'] = targetFile | ||||
|                     log('D191', logdata) | ||||
|             except Exception as exc: | ||||
|                 logdata = dict() | ||||
|                 logdata['exc'] = exc | ||||
|                 logdata['fromPath'] = fromPath | ||||
|                 logdata['fromPath'] = fromFile | ||||
|                 logdata['targetPath'] = self.targetPath | ||||
|                 logdata['targetFile'] = targetFile | ||||
|                 log('D164', logdata) | ||||
|  | ||||
|     def _delete_action(self): | ||||
|         targetFile = Path(self.targetPath) | ||||
|         try: | ||||
|             if targetFile.exists(): | ||||
|                 targetFile.unlink() | ||||
|         except Exception as exc: | ||||
|             logdata = dict() | ||||
|             logdata['exc'] = exc | ||||
|             logdata['targetPath'] = self.targetPath | ||||
|             logdata['targetFile'] = targetFile | ||||
|             log('D165', logdata) | ||||
|         list_target = [self.targetPath.name] | ||||
|         if self.is_pattern(self.targetPath.name) and self.targetPath.parent.exists() and self.targetPath.parent.is_dir(): | ||||
|             list_target = fnmatch.filter([str(x.name) for x in self.targetPath.parent.iterdir() if x.is_file()], self.targetPath.name) | ||||
|         logdata = dict() | ||||
|         for targetFile in list_target: | ||||
|             targetFile = self.targetPath.parent.joinpath(targetFile) | ||||
|             try: | ||||
|                 if targetFile.exists(): | ||||
|                     targetFile.unlink() | ||||
|                     logdata['File'] = targetFile | ||||
|                     log('D193', logdata) | ||||
|  | ||||
|             except Exception as exc: | ||||
|                 logdata['exc'] = exc | ||||
|                 logdata['targetPath'] = self.targetPath | ||||
|                 logdata['targetFile'] = targetFile | ||||
|                 log('D165', logdata) | ||||
|  | ||||
|     def _update_action(self): | ||||
|         for fromPath in self.fromPathFiles: | ||||
|             targetFile = self.get_target_file(self.targetPath, fromPath) | ||||
|         logdata = dict() | ||||
|         for fromFile in self.fromPathFiles: | ||||
|             targetFile = self.get_target_file(self.targetPath, fromFile) | ||||
|             try: | ||||
|                 targetFile.write_bytes(fromPath.read_bytes()) | ||||
|                 self.copy_target_file(targetFile, fromFile) | ||||
|                 if self.username: | ||||
|                     shutil.chown(self.targetPath, self.username) | ||||
|                 self.set_read_only(targetFile) | ||||
|                 self.set_mod_file(targetFile, fromFile) | ||||
|                 logdata['File'] = targetFile | ||||
|                 log('D192', logdata) | ||||
|             except Exception as exc: | ||||
|                 logdata = dict() | ||||
|                 logdata['exc'] = exc | ||||
|                 logdata['fromPath'] = self.fromPath | ||||
|                 logdata['targetPath'] = self.targetPath | ||||
| @@ -127,70 +193,76 @@ class Files_cp: | ||||
|             self._delete_action() | ||||
|             self._create_action() | ||||
|  | ||||
|     def is_pattern(self, name): | ||||
|         if name.find('*') != -1 or name.find('?') != -1: | ||||
|             return True | ||||
|         else: | ||||
|             return False | ||||
|  | ||||
|     def get_list_files(self): | ||||
|         ls_all_files = list() | ||||
|         logdata = dict() | ||||
|         logdata['targetPath'] = self.targetPath | ||||
|         if self.fromPath and self.fromPath.split('/')[-1] != '*': | ||||
|         logdata['targetPath'] = str(self.targetPath) | ||||
|         fromFilePath = Path(self.fromPath) | ||||
|         if not self.is_pattern(fromFilePath.name): | ||||
|             self.fromPathFiles.append(self.fromPath) | ||||
|         else: | ||||
|             fromPathDir = self.fromPath[:self.fromPath.rfind('/')] | ||||
|  | ||||
|             try: | ||||
|                 self.file_cache.store(self.fromPath) | ||||
|                 fromPath = Path(self.file_cache.get(self.fromPath)) | ||||
|                 ls_all_files.append(fromPath) | ||||
|                 uri_path = UNCPath(fromPathDir) | ||||
|                 ls_files = self.file_cache.get_ls_smbdir(fromPathDir) | ||||
|                 if ls_files: | ||||
|                     filtered_ls_files = fnmatch.filter(ls_files, fromFilePath.name) | ||||
|                     if filtered_ls_files: | ||||
|                         self.fromPathFiles = [fromPathDir + '/' + file_s for file_s in filtered_ls_files] | ||||
|             except NotUNCPathError as exc: | ||||
|                 fromPath = Path(self.fromPath) | ||||
|                 if fromPath.exists(): | ||||
|                     ls_all_files.append(fromPath) | ||||
|             except Exception as exc: | ||||
|                 logdata['fromPath'] = self.fromPath | ||||
|                 logdata['exc'] = exc | ||||
|                 log('W13', logdata) | ||||
|         elif self.fromPath and len(self.fromPath.split('/')) > 2: | ||||
|             ls_files = self.file_cache.get_ls_smbdir(self.fromPath[:-1]) | ||||
|             if ls_files: | ||||
|                 ls_from_paths = [self.fromPath[:-1] + file_s for file_s in ls_files] | ||||
|                 for from_path in ls_from_paths: | ||||
|                     try: | ||||
|                         self.file_cache.store(from_path) | ||||
|                         fromPath = Path(self.file_cache.get(from_path)) | ||||
|                         ls_all_files.append(fromPath) | ||||
|                     except Exception as exc: | ||||
|                         logdata['fromPath'] = self.fromPath | ||||
|                         logdata['exc'] = exc | ||||
|                         log('W13', logdata) | ||||
|             else: | ||||
|                 try: | ||||
|                     fromLocalPath = Path(self.fromPath[:-1]) | ||||
|                     if fromLocalPath.is_dir(): | ||||
|                         ls = [fromFile for fromFile in fromLocalPath.iterdir() if fromFile.is_file()] | ||||
|                         for fromPath in ls: | ||||
|                             ls_all_files.append(fromPath) | ||||
|                     exact_path = Path(fromPathDir) | ||||
|                     if exact_path.is_dir(): | ||||
|                         self.fromPathFiles = [str(fromFile) for fromFile in exact_path.iterdir() if fromFile.is_file()] | ||||
|                 except Exception as exc: | ||||
|                     logdata['fromPath'] = self.fromPath | ||||
|                     logdata['exc'] = exc | ||||
|                     log('W13', logdata) | ||||
|         else: | ||||
|             fromPath = Path(self.fromPath) if self.fromPath else None | ||||
|             ls_all_files.append(fromPath) | ||||
|         return ls_all_files | ||||
|                     log('W3316', logdata) | ||||
|             except Exception as exc: | ||||
|                 logdata['fromPath'] = self.fromPath | ||||
|                 logdata['exc'] = exc | ||||
|                 log('W3317', logdata) | ||||
|  | ||||
| def check_target_path(path_to_check, username = None): | ||||
|     ''' | ||||
|     Function for checking the correctness of the path | ||||
|     ''' | ||||
|     if not path_to_check: | ||||
|         return None | ||||
|  | ||||
|     checking = Path(path_to_check) | ||||
|     if checking.is_dir(): | ||||
|         if username and path_to_check == '/': | ||||
|             return Path(get_homedir(username)) | ||||
|         return checking | ||||
|     #Check for path directory without '/something' suffix | ||||
|     elif (len(path_to_check.split('/')) > 2 | ||||
|           and Path(path_to_check.replace(path_to_check.split('/')[-1], '')).is_dir()): | ||||
|         return checking | ||||
|     elif username: | ||||
|         target_path = Path(get_homedir(username)) | ||||
|         res = target_path.joinpath(path_to_check | ||||
|                                     if path_to_check[0] != '/' | ||||
|                                     else path_to_check[1:]) | ||||
|         return res | ||||
|     else: | ||||
|         return False | ||||
|     rootpath = Path('/') | ||||
|     if username: | ||||
|         rootpath = Path(get_homedir(username)) | ||||
|  | ||||
|     return rootpath.joinpath(checking) | ||||
|  | ||||
| class Execution_check(): | ||||
|  | ||||
|     __etension_marker_key_name = 'ExtensionMarker' | ||||
|     __marker_usage_path_key_name = 'MarkerUsagePath' | ||||
|     __hklm_branch = 'Software\\BaseALT\\Policies\\GroupPolicies\\Files' | ||||
|  | ||||
|     def __init__(self, storage): | ||||
|         etension_marker_branch = '{}\\{}%'.format(self.__hklm_branch, self.__etension_marker_key_name) | ||||
|         marker_usage_path_branch = '{}\\{}%'.format(self.__hklm_branch, self.__marker_usage_path_key_name) | ||||
|         self.etension_marker = storage.filter_hklm_entries(etension_marker_branch) | ||||
|         self.marker_usage_path = storage.filter_hklm_entries(marker_usage_path_branch) | ||||
|         self.list_paths = list() | ||||
|         self.list_markers = list() | ||||
|         for marker in self.etension_marker: | ||||
|             self.list_markers.append(marker.data) | ||||
|         for usage_path in self.marker_usage_path: | ||||
|             self.list_paths.append(usage_path.data) | ||||
|  | ||||
|     def get_list_paths(self): | ||||
|         return self.list_paths | ||||
|  | ||||
|     def get_list_markers(self): | ||||
|         return self.list_markers | ||||
|   | ||||
| @@ -36,20 +36,24 @@ def remove_dir_tree(path, delete_files=False, delete_folder=False, delete_sub_fo | ||||
|             content.remove(entry) | ||||
|         if entry.is_dir() and delete_sub_folders: | ||||
|             content.remove(entry) | ||||
|             remove_dir_tree(entry, delete_files, delete_folder, delete_sub_folders) | ||||
|             content.extend(remove_dir_tree(entry, delete_files, delete_folder, delete_sub_folders)) | ||||
|  | ||||
|     if delete_folder and not content: | ||||
|         path.rmdir() | ||||
|  | ||||
|     return content | ||||
|  | ||||
| def str2bool(boolstr): | ||||
|     if boolstr and boolstr.lower() in ['true', 'yes', '1']: | ||||
|     if isinstance(boolstr, bool): | ||||
|         return boolstr | ||||
|     elif boolstr and boolstr.lower() in ['true', 'yes', '1']: | ||||
|         return True | ||||
|     return False | ||||
|  | ||||
|  | ||||
| class Folder: | ||||
|     def __init__(self, folder_object, username=None): | ||||
|         folder_path = expand_windows_var(folder_object.path, username).replace('\\', '/') | ||||
|         folder_path = expand_windows_var(folder_object.path, username).replace('\\', '/').replace('//', '/') | ||||
|         if username: | ||||
|             folder_path = folder_path.replace(get_homedir(username), '') | ||||
|             self.folder_path = Path(get_homedir(username)).joinpath(folder_path if folder_path [0] != '/' else folder_path [1:]) | ||||
| @@ -59,18 +63,26 @@ class Folder: | ||||
|         self.delete_files = str2bool(folder_object.delete_files) | ||||
|         self.delete_folder = str2bool(folder_object.delete_folder) | ||||
|         self.delete_sub_folders = str2bool(folder_object.delete_sub_folders) | ||||
|         self.hidden_folder = str2bool(folder_object.hidden_folder) | ||||
|  | ||||
|     def _create_action(self): | ||||
|         self.folder_path.mkdir(parents=True, exist_ok=True) | ||||
|  | ||||
|     def _delete_action(self): | ||||
|         if self.folder_path.exists(): | ||||
|             if self.action == FileAction.REPLACE: | ||||
|                 self.delete_folder = True | ||||
|             remove_dir_tree(self.folder_path, | ||||
|                 self.delete_files, | ||||
|                 self.delete_folder, | ||||
|                 self.delete_sub_folders) | ||||
|  | ||||
|     def act(self): | ||||
|         if self.hidden_folder == True and str(self.folder_path.name)[0] != '.': | ||||
|             path_components = list(self.folder_path.parts) | ||||
|             path_components[-1] = '.' + path_components[-1] | ||||
|             new_folder_path = Path(*path_components) | ||||
|             self.folder_path = new_folder_path | ||||
|         if self.action == FileAction.CREATE: | ||||
|             self._create_action() | ||||
|         if self.action == FileAction.UPDATE: | ||||
|   | ||||
| @@ -24,10 +24,9 @@ from gpt.folders import ( | ||||
| ) | ||||
| from util.logging import log | ||||
| from pathlib import Path | ||||
| import configparser | ||||
| from util.windows import expand_windows_var | ||||
| from util.util import get_homedir | ||||
|  | ||||
| from util.gpoa_ini_parsing import GpoaConfigObj | ||||
|  | ||||
|  | ||||
| class Ini_file: | ||||
| @@ -42,53 +41,55 @@ class Ini_file: | ||||
|         self.action = action_letter2enum(ini_obj.action) | ||||
|         self.key = ini_obj.property | ||||
|         self.value = ini_obj.value | ||||
|         self.config = configparser.ConfigParser() | ||||
|         self.act() | ||||
|  | ||||
|     def _create_action(self): | ||||
|         if self.section not in self.config: | ||||
|             self.config[self.section] = dict() | ||||
|  | ||||
|         self.config[self.section][self.key] = self.value | ||||
|  | ||||
|         with self.path.open("w", encoding="utf-8") as configfile: | ||||
|             self.config.write(configfile) | ||||
|  | ||||
|  | ||||
|  | ||||
|     def _delete_action(self): | ||||
|         if not self.path.exists(): | ||||
|             return | ||||
|  | ||||
|         if not self.section: | ||||
|             self.path.unlink() | ||||
|             return | ||||
|         if not self.key: | ||||
|             self.config.remove_section(self.section) | ||||
|         elif self.section in self.config: | ||||
|             self.config.remove_option(self.section, self.key) | ||||
|  | ||||
|         with self.path.open("w", encoding="utf-8") as configfile: | ||||
|             self.config.write(configfile) | ||||
|  | ||||
|  | ||||
|     def act(self): | ||||
|         try: | ||||
|             self.config.read(self.path) | ||||
|             self.config = GpoaConfigObj(str(self.path), unrepr=False) | ||||
|         except Exception as exc: | ||||
|             logdata = {'exc': exc} | ||||
|             log('D176', logdata) | ||||
|             return | ||||
|         if self.action == FileAction.CREATE: | ||||
|             self._create_action() | ||||
|         if self.action == FileAction.UPDATE: | ||||
|             self._delete_action() | ||||
|             self._create_action() | ||||
|         if self.action == FileAction.DELETE: | ||||
|             self._delete_action() | ||||
|         if self.action == FileAction.REPLACE: | ||||
|             self._delete_action() | ||||
|             self._create_action() | ||||
|  | ||||
|         self.act() | ||||
|  | ||||
|     def _create_action(self): | ||||
|         if self.path.is_dir(): | ||||
|             return | ||||
|         if self.section not in self.config: | ||||
|             self.config[self.section] = dict() | ||||
|  | ||||
|         self.config[self.section][self.key] = self.value | ||||
|         self.config.write() | ||||
|  | ||||
|  | ||||
|     def _delete_action(self): | ||||
|         if not self.path.exists() or self.path.is_dir(): | ||||
|             return | ||||
|         if not self.section: | ||||
|             self.path.unlink() | ||||
|             return | ||||
|         if self.section in self.config: | ||||
|             if not self.key: | ||||
|                 self.config.pop(self.section) | ||||
|             elif self.key in self.config[self.section]: | ||||
|                 self.config[self.section].pop(self.key) | ||||
|         self.config.write() | ||||
|  | ||||
|  | ||||
|     def act(self): | ||||
|         try: | ||||
|             if self.action == FileAction.CREATE: | ||||
|                 self._create_action() | ||||
|             if self.action == FileAction.UPDATE: | ||||
|                 self._create_action() | ||||
|             if self.action == FileAction.DELETE: | ||||
|                 self._delete_action() | ||||
|             if self.action == FileAction.REPLACE: | ||||
|                 self._create_action() | ||||
|         except Exception as exc: | ||||
|             logdata = dict() | ||||
|             logdata['action'] = self.action | ||||
|             logdata['exc'] = exc | ||||
|             log('W23', logdata) | ||||
|  | ||||
|  | ||||
| def check_path(path_to_check, username = None): | ||||
|     ''' | ||||
|   | ||||
| @@ -26,14 +26,15 @@ from util.logging import log | ||||
| from util.windows import expand_windows_var | ||||
|  | ||||
|  | ||||
|  | ||||
| class Networkshare: | ||||
|  | ||||
|     def __init__(self, networkshare_obj): | ||||
|     def __init__(self, networkshare_obj, username = None): | ||||
|         self.net_full_cmd = ['/usr/bin/net', 'usershare'] | ||||
|         self.net_cmd_check = ['/usr/bin/net', 'usershare', 'list'] | ||||
|         self.cmd = list() | ||||
|         self.name = networkshare_obj.name | ||||
|         self.path = expand_windows_var(networkshare_obj.path).replace('\\', '/') if networkshare_obj.path else None | ||||
|         self.path = expand_windows_var(networkshare_obj.path, username).replace('\\', '/') if networkshare_obj.path else None | ||||
|  | ||||
|         self.action = action_letter2enum(networkshare_obj.action) | ||||
|         self.allRegular =  networkshare_obj.allRegular | ||||
|         self.comment = networkshare_obj.comment | ||||
| @@ -43,11 +44,22 @@ class Networkshare: | ||||
|         self.acl = 'Everyone:' | ||||
|         self.act() | ||||
|  | ||||
|     def _run_net_full_cmd(self): | ||||
|     def check_list_net(self): | ||||
|         try: | ||||
|             subprocess.call(self.net_full_cmd, stderr=subprocess.DEVNULL) | ||||
|             res = subprocess.check_output(self.net_cmd_check, encoding='utf-8') | ||||
|             return res | ||||
|         except Exception as exc: | ||||
|             return exc | ||||
|  | ||||
|     def _run_net_full_cmd(self): | ||||
|         logdata = dict() | ||||
|         try: | ||||
|             res = subprocess.check_output(self.net_full_cmd, stderr=subprocess.DEVNULL, encoding='utf-8') | ||||
|             if res: | ||||
|                 logdata['cmd'] = self.net_full_cmd | ||||
|                 logdata['answer'] = res | ||||
|             log('D190', logdata) | ||||
|         except Exception as exc: | ||||
|             logdata = dict() | ||||
|             logdata['cmd'] = self.net_full_cmd | ||||
|             logdata['exc'] = exc | ||||
|             log('D182', logdata) | ||||
| @@ -58,7 +70,7 @@ class Networkshare: | ||||
|         self.net_full_cmd.append(self.name) | ||||
|         self.net_full_cmd.append(self.path) | ||||
|         self.net_full_cmd.append(self.comment) | ||||
|         self.net_full_cmd.append(self.acl + 'F' if self.abe == 'ENABLE' else self.acl + 'R') | ||||
|         self.net_full_cmd.append(self.acl + 'F') | ||||
|         self.net_full_cmd.append(self._guest) | ||||
|         self._run_net_full_cmd() | ||||
|  | ||||
|   | ||||
| @@ -18,9 +18,8 @@ | ||||
|  | ||||
| import os | ||||
| import jinja2 | ||||
| import logging | ||||
|  | ||||
| from util.logging import slogm, log | ||||
| from util.logging import log | ||||
|  | ||||
| class polkit: | ||||
|     __template_path = '/usr/share/gpupdate/templates' | ||||
| @@ -38,7 +37,19 @@ class polkit: | ||||
|         else: | ||||
|             self.outfile = os.path.join(self.__policy_dir, '{}.rules'.format(self.template_name)) | ||||
|  | ||||
|     def _is_empty(self): | ||||
|         for key, item in self.args.items(): | ||||
|             if key == 'User': | ||||
|                 continue | ||||
|             elif item: | ||||
|                 return False | ||||
|         return True | ||||
|  | ||||
|     def generate(self): | ||||
|         if self._is_empty(): | ||||
|             if os.path.isfile(self.outfile): | ||||
|                 os.remove(self.outfile) | ||||
|             return | ||||
|         try: | ||||
|             template = self.__template_environment.get_template(self.infilename) | ||||
|             text = template.render(**self.args) | ||||
|   | ||||
| @@ -49,9 +49,13 @@ class systemd_unit: | ||||
|             service_state = self._get_state() | ||||
|  | ||||
|             if not service_state in ['active', 'activating']: | ||||
|                 logdata = dict() | ||||
|                 logdata['unit'] = self.unit_name | ||||
|                 log('E46', logdata) | ||||
|                 service_timer_name =  self.unit_name.replace(".service", ".timer") | ||||
|                 self.unit = self.manager.LoadUnit(dbus.String(service_timer_name)) | ||||
|                 service_state = self._get_state() | ||||
|                 if not service_state in ['active', 'activating']: | ||||
|                     logdata = dict() | ||||
|                     logdata['unit'] = self.unit_name | ||||
|                     log('E46', logdata) | ||||
|         else: | ||||
|             self.manager.StopUnit(self.unit_name, 'replace') | ||||
|             self.manager.DisableUnitFiles([self.unit_name], dbus.Boolean(False)) | ||||
| @@ -62,7 +66,7 @@ class systemd_unit: | ||||
|  | ||||
|             service_state = self._get_state() | ||||
|  | ||||
|             if not service_state in ['stopped']: | ||||
|             if not service_state in ['stopped', 'deactivating', 'inactive']: | ||||
|                 logdata = dict() | ||||
|                 logdata['unit'] = self.unit_name | ||||
|                 log('E46', logdata) | ||||
|   | ||||
| @@ -24,13 +24,13 @@ from .applier_frontend import ( | ||||
| import json | ||||
| import os | ||||
| from util.logging import log | ||||
| from util.util import is_machine_name | ||||
| from util.util import is_machine_name, string_to_literal_eval | ||||
|  | ||||
| class chromium_applier(applier_frontend): | ||||
|     __module_name = 'ChromiumApplier' | ||||
|     __module_enabled = True | ||||
|     __module_experimental = False | ||||
|     __registry_branch = 'Software\\Policies\\Google\\Chrome' | ||||
|     __registry_branch = 'Software/Policies/Google/Chrome' | ||||
|     __managed_policies_path = '/etc/chromium/policies/managed' | ||||
|     __recommended_policies_path = '/etc/chromium/policies/recommended' | ||||
|  | ||||
| @@ -65,7 +65,7 @@ class chromium_applier(applier_frontend): | ||||
|         #Replacing all nested dictionaries with a list | ||||
|         dict_item_to_list = ( | ||||
|             lambda target_dict : | ||||
|                 {key:[*val.values()] if type(val) == dict else val for key,val in target_dict.items()} | ||||
|                 {key:[*val.values()] if type(val) == dict else string_to_literal_eval(val) for key,val in target_dict.items()} | ||||
|             ) | ||||
|         os.makedirs(self.__managed_policies_path, exist_ok=True) | ||||
|         with open(destfile, 'w') as f: | ||||
| @@ -98,48 +98,64 @@ class chromium_applier(applier_frontend): | ||||
|         ''' | ||||
|         List of keys resulting from parsing chrome.admx with parsing_chrom_admx_intvalues.py | ||||
|         ''' | ||||
|         valuename_typeint = (['DefaultCookiesSetting', | ||||
|                             'DefaultFileHandlingGuardSetting', | ||||
|         valuename_typeint = (['DefaultClipboardSetting', | ||||
|                             'DefaultCookiesSetting', | ||||
|                             'DefaultFileSystemReadGuardSetting', | ||||
|                             'DefaultFileSystemWriteGuardSetting', | ||||
|                             'DefaultGeolocationSetting', | ||||
|                             'DefaultImagesSetting', | ||||
|                             'DefaultInsecureContentSetting', | ||||
|                             'DefaultJavaScriptJitSetting', | ||||
|                             'DefaultJavaScriptSetting', | ||||
|                             'DefaultPopupsSetting', | ||||
|                             'DefaultLocalFontsSetting', | ||||
|                             'DefaultNotificationsSetting', | ||||
|                             'DefaultGeolocationSetting', | ||||
|                             'DefaultPopupsSetting', | ||||
|                             'DefaultSensorsSetting', | ||||
|                             'DefaultWebBluetoothGuardSetting', | ||||
|                             'DefaultWebUsbGuardSetting', | ||||
|                             'DefaultSerialGuardSetting', | ||||
|                             'LegacySameSiteCookieBehaviorEnabled', | ||||
|                             'ProxyServerMode', | ||||
|                             'DefaultThirdPartyStoragePartitioningSetting', | ||||
|                             'DefaultWebBluetoothGuardSetting', | ||||
|                             'DefaultWebHidGuardSetting', | ||||
|                             'DefaultWebUsbGuardSetting', | ||||
|                             'DefaultWindowManagementSetting', | ||||
|                             'DefaultMediaStreamSetting', | ||||
|                             'PrintRasterizationMode', | ||||
|                             'DefaultPluginsSetting', | ||||
|                             'DefaultKeygenSetting', | ||||
|                             'ChromeFrameRendererSettings', | ||||
|                             'SafeBrowsingProtectionLevel', | ||||
|                             'PasswordProtectionWarningTrigger', | ||||
|                             'SafeBrowsingProtectionLevel_recommended', | ||||
|                             'RestoreOnStartup', | ||||
|                             'RestoreOnStartup_recommended', | ||||
|                             'DefaultWindowPlacementSetting', | ||||
|                             'ProxyServerMode', | ||||
|                             'ExtensionManifestV2Availability', | ||||
|                             'ExtensionUnpublishedAvailability', | ||||
|                             'BrowserSwitcherParsingMode', | ||||
|                             'CloudAPAuthEnabled', | ||||
|                             'AdsSettingForIntrusiveAdsSites', | ||||
|                             'AmbientAuthenticationInPrivateModesEnabled', | ||||
|                             'BatterySaverModeAvailability', | ||||
|                             'BrowserSignin', | ||||
|                             'ChromeVariations', | ||||
|                             'DeveloperToolsAvailability', | ||||
|                             'DownloadRestrictions', | ||||
|                             'DownloadRestrictions_recommended', | ||||
|                             'ForceYouTubeRestrict', | ||||
|                             'HeadlessMode', | ||||
|                             'IncognitoModeAvailability', | ||||
|                             'IntranetRedirectBehavior', | ||||
|                             'NetworkPredictionOptions', | ||||
|                             'NetworkPredictionOptions_recommended', | ||||
|                             'ProfilePickerOnStartupAvailability', | ||||
|                             'RelaunchNotification', | ||||
|                             'SafeSitesFilterBehavior']) | ||||
|                             'SafeSitesFilterBehavior', | ||||
|                             'UserAgentReduction', | ||||
|                             'BatterySaverModeAvailability_recommended', | ||||
|                             'DownloadRestrictions_recommended', | ||||
|                             'NetworkPredictionOptions_recommended', | ||||
|                             'PrintPostScriptMode', | ||||
|                             'PrintRasterizationMode', | ||||
|                             'ChromeFrameRendererSettings', | ||||
|                             'DefaultFileHandlingGuardSetting', | ||||
|                             'DefaultKeygenSetting', | ||||
|                             'DefaultPluginsSetting', | ||||
|                             'LegacySameSiteCookieBehaviorEnabled', | ||||
|                             'ForceMajorVersionToMinorPositionInUserAgent', | ||||
|                             'PasswordProtectionWarningTrigger', | ||||
|                             'SafeBrowsingProtectionLevel', | ||||
|                             'SafeBrowsingProtectionLevel_recommended', | ||||
|                             'RestoreOnStartup', | ||||
|                             'RestoreOnStartup_recommended']) | ||||
|         return valuename_typeint | ||||
|  | ||||
|  | ||||
| @@ -152,7 +168,7 @@ class chromium_applier(applier_frontend): | ||||
|         ''' | ||||
|         Parse registry path string and leave key parameters | ||||
|         ''' | ||||
|         parts = hivekeyname.replace(self.__registry_branch, '').split('\\') | ||||
|         parts = hivekeyname.replace(self.__registry_branch, '').split('/') | ||||
|         return parts | ||||
|  | ||||
|  | ||||
|   | ||||
| @@ -1,7 +1,7 @@ | ||||
| # | ||||
| # GPOA - GPO Applier for Linux | ||||
| # | ||||
| # Copyright (C) 2019-2020 BaseALT Ltd. | ||||
| # Copyright (C) 2019-2022 BaseALT Ltd. | ||||
| # | ||||
| # This program is free software: you can redistribute it and/or modify | ||||
| # it under the terms of the GNU General Public License as published by | ||||
| @@ -16,20 +16,18 @@ | ||||
| # You should have received a copy of the GNU General Public License | ||||
| # along with this program.  If not, see <http://www.gnu.org/licenses/>. | ||||
|  | ||||
| import fileinput | ||||
| import jinja2 | ||||
| import os | ||||
| import subprocess | ||||
| import logging | ||||
| from pathlib import Path | ||||
| import string | ||||
|  | ||||
| from .applier_frontend import ( | ||||
|       applier_frontend | ||||
|     , check_enabled | ||||
| ) | ||||
| from gpt.drives import json2drive | ||||
| from util.util import get_homedir | ||||
| from util.logging import slogm, log | ||||
| from util.logging import log | ||||
|  | ||||
| def storage_get_drives(storage, sid): | ||||
|     drives = storage.get_drives(sid) | ||||
| @@ -50,45 +48,159 @@ def add_line_if_missing(filename, ins_line): | ||||
|             f.write(ins_line + '\n') | ||||
|             f.flush() | ||||
|  | ||||
| def remove_chars_before_colon(input_string): | ||||
|     if ":" in input_string: | ||||
|         colon_index = input_string.index(":") | ||||
|         result_string = input_string[colon_index + 1:] | ||||
|         return result_string | ||||
|     else: | ||||
|         return input_string | ||||
|  | ||||
| def remove_escaped_quotes(input_string): | ||||
|     result_string = input_string.replace('"', '').replace("'", '') | ||||
|     return result_string | ||||
|  | ||||
|  | ||||
| class Drive_list: | ||||
|     __alphabet = string.ascii_uppercase | ||||
|     def __init__(self): | ||||
|         self.dict_drives = dict() | ||||
|  | ||||
|     def __get_letter(self, letter): | ||||
|         slice_letters = set(self.__alphabet[self.__alphabet.find(letter) + 1:]) - set(self.dict_drives.keys()) | ||||
|         free_letters = sorted(slice_letters) | ||||
|         if free_letters: | ||||
|             return free_letters[0] | ||||
|         else: | ||||
|             return None | ||||
|  | ||||
|     def append(self, drive:dict): | ||||
|         cur_dir = drive['dir'] | ||||
|         if cur_dir not in set(self.dict_drives.keys()): | ||||
|             if drive['action'] == 'D': | ||||
|                 return | ||||
|             self.dict_drives[cur_dir] = drive | ||||
|             return | ||||
|  | ||||
|         else: | ||||
|             if drive['action'] == 'C': | ||||
|                 if drive['useLetter'] == '1': | ||||
|                     return | ||||
|                 else: | ||||
|                     new_dir = self.__get_letter(cur_dir) | ||||
|                     if not new_dir: | ||||
|                         return | ||||
|                     drive['dir'] = new_dir | ||||
|                     self.dict_drives[new_dir] = drive | ||||
|                     return | ||||
|  | ||||
|             if drive['action'] == 'U': | ||||
|                 self.dict_drives[cur_dir]['thisDrive'] = drive['thisDrive'] | ||||
|                 self.dict_drives[cur_dir]['allDrives'] = drive['allDrives'] | ||||
|                 self.dict_drives[cur_dir]['label'] = drive['label'] | ||||
|                 self.dict_drives[cur_dir]['persistent'] = drive['persistent'] | ||||
|                 self.dict_drives[cur_dir]['useLetter'] = drive['useLetter'] | ||||
|                 return | ||||
|  | ||||
|             if drive['action'] == 'R': | ||||
|                 self.dict_drives[cur_dir] = drive | ||||
|                 return | ||||
|             if drive['action'] == 'D': | ||||
|                 if drive['useLetter'] == '1': | ||||
|                     self.dict_drives.pop(cur_dir, None) | ||||
|                 else: | ||||
|                     keys_set = set(self.dict_drives.keys()) | ||||
|                     slice_letters = set(self.__alphabet[self.__alphabet.find(cur_dir):]) | ||||
|                     for letter_dir in (keys_set & slice_letters): | ||||
|                         self.dict_drives.pop(letter_dir, None) | ||||
|  | ||||
|     def __call__(self): | ||||
|         return list(self.dict_drives.values()) | ||||
|  | ||||
|     def len(self): | ||||
|         return len(self.dict_drives) | ||||
|  | ||||
| class cifs_applier(applier_frontend): | ||||
|     def __init__(self, storage): | ||||
|         pass | ||||
|     __module_name = 'CIFSApplier' | ||||
|     __module_enabled = True | ||||
|     __module_experimental = False | ||||
|  | ||||
|     def __init__(self, storage, sid): | ||||
|         self.applier_cifs = cifs_applier_user(storage, sid, None) | ||||
|         self.__module_enabled = check_enabled( | ||||
|               storage | ||||
|             , self.__module_name | ||||
|             , self.__module_experimental | ||||
|         ) | ||||
|  | ||||
|     def apply(self): | ||||
|         pass | ||||
|         if self.__module_enabled: | ||||
|             log('D179') | ||||
|             self.applier_cifs._admin_context_apply() | ||||
|         else: | ||||
|             log('D180') | ||||
|  | ||||
| class cifs_applier_user(applier_frontend): | ||||
|     __module_name = 'CIFSApplierUser' | ||||
|     __module_enabled = False | ||||
|     __module_experimental = True | ||||
|     __module_enabled = True | ||||
|     __module_experimental = False | ||||
|     __auto_file = '/etc/auto.master' | ||||
|     __auto_dir = '/etc/auto.master.gpupdate.d' | ||||
|     __template_path = '/usr/share/gpupdate/templates' | ||||
|     __template_mountpoints = 'autofs_mountpoints.j2' | ||||
|     __template_identity = 'autofs_identity.j2' | ||||
|     __template_auto = 'autofs_auto.j2' | ||||
|     __template_mountpoints_hide = 'autofs_mountpoints_hide.j2' | ||||
|     __template_auto_hide = 'autofs_auto_hide.j2' | ||||
|     __enable_home_link = 'Software\\BaseALT\\Policies\\GPUpdate\\DriveMapsHome' | ||||
|     __enable_home_link_user = 'Software\\BaseALT\\Policies\\GPUpdate\\DriveMapsHomeUser' | ||||
|     __target_mountpoint = '/media/gpupdate' | ||||
|     __target_mountpoint_user = '/run/media' | ||||
|     __mountpoint_dirname = 'drives.system' | ||||
|     __mountpoint_dirname_user = 'drives' | ||||
|  | ||||
|     def __init__(self, storage, sid, username): | ||||
|         self.storage = storage | ||||
|         self.sid = sid | ||||
|         self.username = username | ||||
|         self.state_home_link = False | ||||
|         self.state_home_link_user = False | ||||
|  | ||||
|         if username: | ||||
|             self.home = self.__target_mountpoint_user + '/' + username | ||||
|             self.state_home_link = self.check_enable_home_link(self.__enable_home_link) | ||||
|             self.state_home_link_user = self.check_enable_home_link(self.__enable_home_link_user) | ||||
|         else: | ||||
|             self.home = self.__target_mountpoint | ||||
|  | ||||
|         self.home = get_homedir(username) | ||||
|         conf_file = '{}.conf'.format(sid) | ||||
|         conf_hide_file = '{}_hide.conf'.format(sid) | ||||
|         autofs_file = '{}.autofs'.format(sid) | ||||
|         autofs_hide_file = '{}_hide.autofs'.format(sid) | ||||
|         cred_file = '{}.creds'.format(sid) | ||||
|  | ||||
|         self.auto_master_d = Path(self.__auto_dir) | ||||
|  | ||||
|         self.user_config = self.auto_master_d / conf_file | ||||
|         self.user_config_hide = self.auto_master_d / conf_hide_file | ||||
|         if os.path.exists(self.user_config.resolve()): | ||||
|             self.user_config.unlink() | ||||
|         if os.path.exists(self.user_config_hide.resolve()): | ||||
|             self.user_config_hide.unlink() | ||||
|         self.user_autofs = self.auto_master_d / autofs_file | ||||
|         self.user_autofs_hide = self.auto_master_d / autofs_hide_file | ||||
|         if os.path.exists(self.user_autofs.resolve()): | ||||
|             self.user_autofs.unlink() | ||||
|         if os.path.exists(self.user_autofs_hide.resolve()): | ||||
|             self.user_autofs_hide.unlink() | ||||
|         self.user_creds = self.auto_master_d / cred_file | ||||
|  | ||||
|         self.mount_dir = Path(os.path.join(self.home, 'net')) | ||||
|         if username: | ||||
|             self.mntTarget = self.__mountpoint_dirname_user | ||||
|         else: | ||||
|             self.mntTarget = self.__mountpoint_dirname | ||||
|  | ||||
|         self.mount_dir = Path(os.path.join(self.home)) | ||||
|         self.drives = storage_get_drives(self.storage, self.sid) | ||||
|  | ||||
|         self.template_loader = jinja2.FileSystemLoader(searchpath=self.__template_path) | ||||
| @@ -98,12 +210,21 @@ class cifs_applier_user(applier_frontend): | ||||
|         self.template_indentity = self.template_env.get_template(self.__template_identity) | ||||
|         self.template_auto = self.template_env.get_template(self.__template_auto) | ||||
|  | ||||
|         self.template_mountpoints_hide = self.template_env.get_template(self.__template_mountpoints_hide) | ||||
|         self.template_auto_hide = self.template_env.get_template(self.__template_auto_hide) | ||||
|  | ||||
|         self.__module_enabled = check_enabled( | ||||
|               self.storage | ||||
|             , self.__module_name | ||||
|             , self.__module_experimental | ||||
|         ) | ||||
|  | ||||
|     def check_enable_home_link(self, enable_home_link): | ||||
|         if self.storage.get_hkcu_entry(self.sid, enable_home_link): | ||||
|             data = self.storage.get_hkcu_entry(self.sid, enable_home_link).data | ||||
|             return bool(int(data)) if data else None | ||||
|         else: | ||||
|             return False | ||||
|  | ||||
|     def user_context_apply(self): | ||||
|         ''' | ||||
| @@ -111,7 +232,7 @@ class cifs_applier_user(applier_frontend): | ||||
|         ''' | ||||
|         pass | ||||
|  | ||||
|     def __admin_context_apply(self): | ||||
|     def _admin_context_apply(self): | ||||
|         # Create /etc/auto.master.gpupdate.d directory | ||||
|         self.auto_master_d.mkdir(parents=True, exist_ok=True) | ||||
|         # Create user's destination mount directory | ||||
| @@ -122,28 +243,42 @@ class cifs_applier_user(applier_frontend): | ||||
|         add_line_if_missing(self.__auto_file, auto_destdir) | ||||
|  | ||||
|         # Collect data for drive settings | ||||
|         drive_list = list() | ||||
|         drive_list = Drive_list() | ||||
|         for drv in self.drives: | ||||
|             drive_settings = dict() | ||||
|             drive_settings['dir'] = drv.dir | ||||
|             drive_settings['login'] = drv.login | ||||
|             drive_settings['password'] = drv.password | ||||
|             drive_settings['path'] = drv.path.replace('\\', '/') | ||||
|             drive_settings['path'] = remove_chars_before_colon(drv.path.replace('\\', '/')) | ||||
|             drive_settings['action'] = drv.action | ||||
|             drive_settings['thisDrive'] = drv.thisDrive | ||||
|             drive_settings['allDrives'] = drv.allDrives | ||||
|             drive_settings['label'] = remove_escaped_quotes(drv.label) | ||||
|             drive_settings['persistent'] = drv.persistent | ||||
|             drive_settings['useLetter'] = drv.useLetter | ||||
|  | ||||
|             drive_list.append(drive_settings) | ||||
|  | ||||
|         if len(drive_list) > 0: | ||||
|         if drive_list.len() > 0: | ||||
|             mount_settings = dict() | ||||
|             mount_settings['drives'] = drive_list | ||||
|             mount_settings['drives'] = drive_list() | ||||
|             mount_text = self.template_mountpoints.render(**mount_settings) | ||||
|  | ||||
|             mount_text_hide = self.template_mountpoints_hide.render(**mount_settings) | ||||
|  | ||||
|             with open(self.user_config.resolve(), 'w') as f: | ||||
|                 f.truncate() | ||||
|                 f.write(mount_text) | ||||
|                 f.flush() | ||||
|  | ||||
|             with open(self.user_config_hide.resolve(), 'w') as f: | ||||
|                 f.truncate() | ||||
|                 f.write(mount_text_hide) | ||||
|                 f.flush() | ||||
|  | ||||
|             autofs_settings = dict() | ||||
|             autofs_settings['home_dir'] = self.home | ||||
|             autofs_settings['mntTarget'] = self.mntTarget | ||||
|             autofs_settings['mount_file'] = self.user_config.resolve() | ||||
|             autofs_text = self.template_auto.render(**autofs_settings) | ||||
|  | ||||
| @@ -152,13 +287,71 @@ class cifs_applier_user(applier_frontend): | ||||
|                 f.write(autofs_text) | ||||
|                 f.flush() | ||||
|  | ||||
|             autofs_settings['mount_file'] = self.user_config_hide.resolve() | ||||
|             autofs_text = self.template_auto_hide.render(**autofs_settings) | ||||
|             with open(self.user_autofs_hide.resolve(), 'w') as f: | ||||
|                 f.truncate() | ||||
|                 f.write(autofs_text) | ||||
|                 f.flush() | ||||
|  | ||||
|             if self.username: | ||||
|                 self.update_drivemaps_home_links() | ||||
|  | ||||
|             subprocess.check_call(['/bin/systemctl', 'restart', 'autofs']) | ||||
|  | ||||
|     def update_drivemaps_home_links(self): | ||||
|         dUser = Path(get_homedir(self.username)+'/net.' + self.__mountpoint_dirname_user) | ||||
|         dUserHide = Path(get_homedir(self.username)+'/.net.' + self.__mountpoint_dirname_user) | ||||
|  | ||||
|         if self.state_home_link_user: | ||||
|             dUserMountpoint = Path(self.home).joinpath(self.__mountpoint_dirname_user) | ||||
|             dUserMountpointHide = Path(self.home).joinpath('.' + self.__mountpoint_dirname_user) | ||||
|  | ||||
|             if not dUser.exists(): | ||||
|                 try: | ||||
|                     os.symlink(dUserMountpoint, dUser, True) | ||||
|                 except  Exception as exc: | ||||
|                     log('D194', {'exc': exc}) | ||||
|  | ||||
|             if not dUserHide.exists(): | ||||
|                 try: | ||||
|                     os.symlink(dUserMountpointHide, dUserHide, True) | ||||
|                 except  Exception as exc: | ||||
|                     log('D196', {'exc': exc}) | ||||
|         else: | ||||
|             if dUser.is_symlink() and dUser.owner() == 'root': | ||||
|                 dUser.unlink() | ||||
|             if dUserHide.is_symlink() and dUserHide.owner() == 'root': | ||||
|                 dUserHide.unlink() | ||||
|  | ||||
|         dMachine = Path(get_homedir(self.username)+'/net.' + self.__mountpoint_dirname) | ||||
|         dMachineHide = Path(get_homedir(self.username)+'/.net.' + self.__mountpoint_dirname) | ||||
|  | ||||
|         if self.state_home_link: | ||||
|             dMachineMountpoint = Path(self.__target_mountpoint).joinpath(self.__mountpoint_dirname) | ||||
|             dMachineMountpointHide = Path(self.__target_mountpoint).joinpath('.' + self.__mountpoint_dirname) | ||||
|  | ||||
|             if not dMachine.exists(): | ||||
|                 try: | ||||
|                     os.symlink(dMachineMountpoint, dMachine, True) | ||||
|                 except  Exception as exc: | ||||
|                     log('D195', {'exc': exc}) | ||||
|  | ||||
|             if not dMachineHide.exists(): | ||||
|                 try: | ||||
|                     os.symlink(dMachineMountpointHide, dMachineHide, True) | ||||
|                 except  Exception as exc: | ||||
|                     log('D197', {'exc': exc}) | ||||
|         else: | ||||
|             if dMachine.is_symlink() and dMachine.owner() == 'root': | ||||
|                 dMachine.unlink() | ||||
|             if dMachineHide.is_symlink() and dMachineHide.owner() == 'root': | ||||
|                 dMachineHide.unlink() | ||||
|  | ||||
|     def admin_context_apply(self): | ||||
|         if self.__module_enabled: | ||||
|             log('D146') | ||||
|             self.__admin_context_apply() | ||||
|             self._admin_context_apply() | ||||
|         else: | ||||
|             log('D147') | ||||
|  | ||||
|   | ||||
| @@ -29,11 +29,11 @@ class control_applier(applier_frontend): | ||||
|     __module_name = 'ControlApplier' | ||||
|     __module_experimental = False | ||||
|     __module_enabled = True | ||||
|     _registry_branch = 'Software\\BaseALT\\Policies\\Control' | ||||
|     _registry_branch = 'Software/BaseALT/Policies/Control' | ||||
|  | ||||
|     def __init__(self, storage): | ||||
|         self.storage = storage | ||||
|         self.control_settings = self.storage.filter_hklm_entries('Software\\BaseALT\\Policies\\Control%') | ||||
|         self.control_settings = self.storage.filter_hklm_entries(self._registry_branch) | ||||
|         self.controls = list() | ||||
|         self.__module_enabled = check_enabled( | ||||
|               self.storage | ||||
| @@ -43,7 +43,7 @@ class control_applier(applier_frontend): | ||||
|  | ||||
|     def run(self): | ||||
|         for setting in self.control_settings: | ||||
|             valuename = setting.hive_key.rpartition('\\')[2] | ||||
|             valuename = setting.hive_key.rpartition('/')[2] | ||||
|             try: | ||||
|                 self.controls.append(control(valuename, int(setting.data))) | ||||
|                 logdata = dict() | ||||
|   | ||||
| @@ -81,8 +81,12 @@ class cups_applier(applier_frontend): | ||||
|         if not is_rpm_installed('cups'): | ||||
|             log('W9') | ||||
|             return | ||||
|  | ||||
|         self.cups_connection = cups.Connection() | ||||
|         try: | ||||
|             self.cups_connection = cups.Connection() | ||||
|         except Exception as exc: | ||||
|             logdata = dict() | ||||
|             logdata['exc', exc] | ||||
|             log('W20', logdata) | ||||
|         self.printers = storage_get_printers(self.storage, self.storage.get_info('machine_sid')) | ||||
|  | ||||
|         if self.printers: | ||||
|   | ||||
| @@ -17,7 +17,7 @@ | ||||
| # along with this program.  If not, see <http://www.gnu.org/licenses/>. | ||||
|  | ||||
|  | ||||
| from .appliers.file_cp import Files_cp | ||||
| from .appliers.file_cp import Files_cp, Execution_check | ||||
| from .applier_frontend import ( | ||||
|       applier_frontend | ||||
|     , check_enabled | ||||
| @@ -33,6 +33,7 @@ class file_applier(applier_frontend): | ||||
|  | ||||
|     def __init__(self, storage, file_cache, sid): | ||||
|         self.storage = storage | ||||
|         self.exe_check = Execution_check(storage) | ||||
|         self.sid = sid | ||||
|         self.file_cache = file_cache | ||||
|         self.files = self.storage.get_files(self.sid) | ||||
| @@ -40,7 +41,7 @@ class file_applier(applier_frontend): | ||||
|  | ||||
|     def run(self): | ||||
|         for file in self.files: | ||||
|             Files_cp(file, self.file_cache) | ||||
|             Files_cp(file, self.file_cache, self.exe_check) | ||||
|  | ||||
|     def apply(self): | ||||
|         if self.__module_enabled: | ||||
| @@ -59,6 +60,7 @@ class file_applier_user(applier_frontend): | ||||
|         self.file_cache = file_cache | ||||
|         self.sid = sid | ||||
|         self.username = username | ||||
|         self.exe_check = Execution_check(storage) | ||||
|         self.files = self.storage.get_files(self.sid) | ||||
|         self.__module_enabled = check_enabled( | ||||
|               self.storage | ||||
| @@ -68,7 +70,7 @@ class file_applier_user(applier_frontend): | ||||
|  | ||||
|     def run(self): | ||||
|         for file in self.files: | ||||
|             Files_cp(file, self.file_cache, self.username) | ||||
|             Files_cp(file, self.file_cache, self.exe_check, self.username) | ||||
|  | ||||
|     def admin_context_apply(self): | ||||
|         if self.__module_enabled: | ||||
|   | ||||
| @@ -33,13 +33,13 @@ from .applier_frontend import ( | ||||
|     , check_enabled | ||||
| ) | ||||
| from util.logging import log | ||||
| from util.util import is_machine_name | ||||
| from util.util import is_machine_name, try_dict_to_literal_eval | ||||
|  | ||||
| class firefox_applier(applier_frontend): | ||||
|     __module_name = 'FirefoxApplier' | ||||
|     __module_experimental = False | ||||
|     __module_enabled = True | ||||
|     __registry_branch = 'Software\\Policies\\Mozilla\\Firefox\\' | ||||
|     __registry_branch = 'Software/Policies/Mozilla/Firefox' | ||||
|     __firefox_installdir1 = '/usr/lib64/firefox/distribution' | ||||
|     __firefox_installdir2 = '/etc/firefox/policies' | ||||
|  | ||||
| @@ -69,19 +69,26 @@ class firefox_applier(applier_frontend): | ||||
|         ''' | ||||
|         Parse registry path string and leave key parameters | ||||
|         ''' | ||||
|         parts = hivekeyname.replace(self.__registry_branch, '').split('\\') | ||||
|         parts = hivekeyname.replace(self.__registry_branch, '').split('/') | ||||
|         return parts | ||||
|  | ||||
|     def create_dict(self, firefox_keys): | ||||
|         ''' | ||||
|         Collect dictionaries from registry keys into a general dictionary | ||||
|         ''' | ||||
|         excp = ['SOCKSVersion'] | ||||
|         counts = dict() | ||||
|         for it_data in firefox_keys: | ||||
|             branch = counts | ||||
|             try: | ||||
|                 if type(it_data.data) is bytes: | ||||
|                     it_data.data = it_data.data.decode(encoding='utf-16').replace('\x00','') | ||||
|                 json_data = try_dict_to_literal_eval(it_data.data) | ||||
|                 if json_data: | ||||
|                     it_data.data = json_data | ||||
|                     it_data.type = 7 | ||||
|                 else: | ||||
|                     it_data.data = clean_data_firefox(it_data.data) | ||||
|                 #Cases when it is necessary to create nested dictionaries | ||||
|                 if it_data.valuename != it_data.data: | ||||
|                     parts = self.get_parts(it_data.hive_key) | ||||
| @@ -90,7 +97,12 @@ class firefox_applier(applier_frontend): | ||||
|                         branch = branch.setdefault(part, {}) | ||||
|                     #dictionary key value initialization | ||||
|                     if it_data.type == 4: | ||||
|                         branch[parts[-1]] = self.get_boolean(it_data.data) | ||||
|                         if it_data.valuename in excp: | ||||
|                             branch[parts[-1]] = int(it_data.data) | ||||
|                         else: | ||||
|                             branch[parts[-1]] = self.get_boolean(it_data.data) | ||||
|                     elif it_data.type == 7: | ||||
|                         branch[parts[-1]] = it_data.data | ||||
|                     else: | ||||
|                         branch[parts[-1]] = str(it_data.data).replace('\\', '/') | ||||
|                 #Cases when it is necessary to create lists in a dictionary | ||||
| @@ -160,6 +172,9 @@ def dict_item_to_list(dictionary:dict) -> dict: | ||||
|     ''' | ||||
|     Replacing dictionaries with numeric keys with a List | ||||
|     ''' | ||||
|     if '' in dictionary: | ||||
|         dictionary = dictionary.pop('') | ||||
|  | ||||
|     for key,val in dictionary.items(): | ||||
|         if type(val) == dict: | ||||
|             if key_dict_is_digit(val): | ||||
| @@ -167,3 +182,6 @@ def dict_item_to_list(dictionary:dict) -> dict: | ||||
|             else: | ||||
|                 dict_item_to_list(dictionary[key]) | ||||
|     return dictionary | ||||
|  | ||||
| def clean_data_firefox(data): | ||||
|     return data.replace("'", '\"') | ||||
|   | ||||
| @@ -45,7 +45,9 @@ from .folder_applier import ( | ||||
|       folder_applier | ||||
|     , folder_applier_user | ||||
| ) | ||||
| from .cifs_applier import cifs_applier_user | ||||
| from .cifs_applier import ( | ||||
|       cifs_applier_user | ||||
|     , cifs_applier) | ||||
| from .ntp_applier import ntp_applier | ||||
| from .envvar_applier import ( | ||||
|       envvar_applier | ||||
| @@ -66,6 +68,11 @@ from .ini_applier import ( | ||||
|     , ini_applier_user | ||||
| ) | ||||
|  | ||||
| from .kde_applier import ( | ||||
|       kde_applier | ||||
|     , kde_applier_user | ||||
| ) | ||||
|  | ||||
| from .networkshare_applier import networkshare_applier | ||||
| from .yandex_browser_applier import yandex_browser_applier | ||||
|  | ||||
| @@ -121,12 +128,12 @@ class frontend_manager: | ||||
|     ''' | ||||
|  | ||||
|     def __init__(self, username, is_machine): | ||||
|         self.storage = registry_factory('registry') | ||||
|         self.username = determine_username(username) | ||||
|         self.storage = registry_factory('dconf', username=self.username) | ||||
|         self.is_machine = is_machine | ||||
|         self.process_uname = get_process_user() | ||||
|         self.sid = get_sid(self.storage.get_info('domain'), self.username, is_machine) | ||||
|         self.file_cache = fs_file_cache('file_cache') | ||||
|         self.file_cache = fs_file_cache('file_cache', self.username) | ||||
|  | ||||
|         self.machine_appliers = dict() | ||||
|         self.user_appliers = dict() | ||||
| @@ -144,6 +151,13 @@ class frontend_manager: | ||||
|         self.machine_appliers['yandex_browser'] = yandex_browser_applier(self.storage, self.sid, self.username) | ||||
|         self.machine_appliers['shortcuts'] = shortcut_applier(self.storage) | ||||
|         self.machine_appliers['gsettings'] = gsettings_applier(self.storage, self.file_cache) | ||||
|         try: | ||||
|             self.machine_appliers['cifs'] = cifs_applier(self.storage, self.sid) | ||||
|         except Exception as exc: | ||||
|             logdata = dict() | ||||
|             logdata['applier_name'] = 'cifs' | ||||
|             logdata['msg'] = str(exc) | ||||
|             log('E24', logdata) | ||||
|         self.machine_appliers['cups'] = cups_applier(self.storage) | ||||
|         self.machine_appliers['firewall'] = firewall_applier(self.storage) | ||||
|         self.machine_appliers['folders'] = folder_applier(self.storage, self.sid) | ||||
| @@ -154,6 +168,7 @@ class frontend_manager: | ||||
|         self.machine_appliers['scripts'] = scripts_applier(self.storage, self.sid) | ||||
|         self.machine_appliers['files'] = file_applier(self.storage, self.file_cache, self.sid) | ||||
|         self.machine_appliers['ini'] = ini_applier(self.storage, self.sid) | ||||
|         self.machine_appliers['kde'] = kde_applier(self.storage) | ||||
|  | ||||
|     def _init_user_appliers(self): | ||||
|         # User appliers are expected to work with user-writable | ||||
| @@ -171,9 +186,11 @@ class frontend_manager: | ||||
|         self.user_appliers['package'] = package_applier_user(self.storage, self.sid, self.username) | ||||
|         self.user_appliers['polkit'] = polkit_applier_user(self.storage, self.sid, self.username) | ||||
|         self.user_appliers['envvar'] = envvar_applier_user(self.storage, self.sid, self.username) | ||||
|         self.user_appliers['networkshare'] = networkshare_applier(self.storage, self.sid, self.username) | ||||
|         self.user_appliers['scripts'] = scripts_applier_user(self.storage, self.sid, self.username) | ||||
|         self.user_appliers['files'] = file_applier_user(self.storage, self.file_cache, self.sid, self.username) | ||||
|         self.user_appliers['ini'] = ini_applier_user(self.storage, self.sid, self.username) | ||||
|         self.user_appliers['kde'] = kde_applier_user(self.storage, self.sid, self.username, self.file_cache) | ||||
|  | ||||
|     def machine_apply(self): | ||||
|         ''' | ||||
|   | ||||
| @@ -16,7 +16,7 @@ | ||||
| # You should have received a copy of the GNU General Public License | ||||
| # along with this program.  If not, see <http://www.gnu.org/licenses/>. | ||||
|  | ||||
| import logging | ||||
| from util.exceptions import NotUNCPathError | ||||
| import os | ||||
| import pwd | ||||
| import subprocess | ||||
| @@ -59,14 +59,14 @@ class gsettings_applier(applier_frontend): | ||||
|     __module_name = 'GSettingsApplier' | ||||
|     __module_experimental = False | ||||
|     __module_enabled = True | ||||
|     __registry_branch = 'Software\\BaseALT\\Policies\\GSettings\\' | ||||
|     __registry_branch = 'Software\\BaseALT\\Policies\\gsettings\\' | ||||
|     __registry_locks_branch = 'Software\\BaseALT\\Policies\\GSettingsLocks\\' | ||||
|     __wallpaper_entry = 'Software\\BaseALT\\Policies\\GSettings\\org.mate.background.picture-filename' | ||||
|     __vino_authentication_methods_entry = 'Software\\BaseALT\\Policies\\GSettings\\org.gnome.Vino.authentication-methods' | ||||
|     __wallpaper_entry = 'Software/BaseALT/Policies/gsettings/org.mate.background.picture-filename' | ||||
|     __vino_authentication_methods_entry = 'Software/BaseALT/Policies/gsettings/org.gnome.Vino.authentication-methods' | ||||
|     __global_schema = '/usr/share/glib-2.0/schemas' | ||||
|     __override_priority_file = 'zzz_policy.gschema.override' | ||||
|     __override_old_file = '0_policy.gschema.override' | ||||
|     __windows_settings = dict() | ||||
|  | ||||
|  | ||||
|     def __init__(self, storage, file_cache): | ||||
|         self.storage = storage | ||||
| @@ -108,13 +108,13 @@ class gsettings_applier(applier_frontend): | ||||
|  | ||||
|         # Get all configured gsettings locks | ||||
|         for lock in self.gsettings_locks: | ||||
|             valuename = lock.hive_key.rpartition('\\')[2] | ||||
|             valuename = lock.hive_key.rpartition('/')[2] | ||||
|             self.locks[valuename] = int(lock.data) | ||||
|  | ||||
|         # Calculate all configured gsettings | ||||
|         for setting in self.gsettings_keys: | ||||
|             helper = None | ||||
|             valuename = setting.hive_key.rpartition('\\')[2] | ||||
|             valuename = setting.hive_key.rpartition('/')[2] | ||||
|             rp = valuename.rpartition('.') | ||||
|             schema = rp[0] | ||||
|             path = rp[2] | ||||
| @@ -184,9 +184,9 @@ class gsettings_applier_user(applier_frontend): | ||||
|     __module_name = 'GSettingsApplierUser' | ||||
|     __module_experimental = False | ||||
|     __module_enabled = True | ||||
|     __registry_branch = 'Software\\BaseALT\\Policies\\GSettings\\' | ||||
|     __wallpaper_entry = 'Software\\BaseALT\\Policies\\GSettings\\org.mate.background.picture-filename' | ||||
|     __vino_authentication_methods_entry = 'Software\\BaseALT\\Policies\\GSettings\\org.gnome.Vino.authentication-methods' | ||||
|     __registry_branch = 'Software\\BaseALT\\Policies\\gsettings\\' | ||||
|     __wallpaper_entry = 'Software/BaseALT/Policies/gsettings/org.mate.background.picture-filename' | ||||
|     __vino_authentication_methods_entry = 'Software/BaseALT/Policies/gsettings/org.gnome.Vino.authentication-methods' | ||||
|  | ||||
|     def __init__(self, storage, file_cache, sid, username): | ||||
|         self.storage = storage | ||||
| @@ -204,25 +204,25 @@ class gsettings_applier_user(applier_frontend): | ||||
|         mapping = [ | ||||
|               # Disable or enable screen saver | ||||
|               GSettingsMapping( | ||||
|                   'Software\\Policies\\Microsoft\\Windows\\Control Panel\\Desktop\\ScreenSaveActive' | ||||
|                   'Software/Policies/Microsoft/Windows/Control Panel/Desktop/ScreenSaveActive' | ||||
|                 , 'org.mate.screensaver' | ||||
|                 , 'idle-activation-enabled' | ||||
|               ) | ||||
|               # Timeout in seconds for screen saver activation. The value of zero effectively disables screensaver start | ||||
|             , GSettingsMapping( | ||||
|                   'Software\\Policies\\Microsoft\\Windows\\Control Panel\\Desktop\\ScreenSaveTimeOut' | ||||
|                   'Software/Policies/Microsoft/Windows/Control Panel/Desktop/ScreenSaveTimeOut' | ||||
|                 , 'org.mate.session' | ||||
|                 , 'idle-delay' | ||||
|               ) | ||||
|               # Enable or disable password protection for screen saver | ||||
|             , GSettingsMapping( | ||||
|                   'Software\\Policies\\Microsoft\\Windows\\Control Panel\\Desktop\\ScreenSaverIsSecure' | ||||
|                   'Software/Policies/Microsoft/Windows/Control Panel/Desktop/ScreenSaverIsSecure' | ||||
|                 , 'org.mate.screensaver' | ||||
|                 , 'lock-enabled' | ||||
|               ) | ||||
|               # Specify image which will be used as a wallpaper | ||||
|             , GSettingsMapping( | ||||
|                   'Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Wallpaper' | ||||
|                   'Software/Microsoft/Windows/CurrentVersion/Policies/System/Wallpaper' | ||||
|                 , 'org.mate.background' | ||||
|                 , 'picture-filename' | ||||
|               ) | ||||
| @@ -251,15 +251,6 @@ class gsettings_applier_user(applier_frontend): | ||||
|         return uri_fetch(schema, path, value, self.file_cache) | ||||
|  | ||||
|     def run(self): | ||||
|         #for setting in self.gsettings_keys: | ||||
|         #    valuename = setting.hive_key.rpartition('\\')[2] | ||||
|         #    rp = valuename.rpartition('.') | ||||
|         #    schema = rp[0] | ||||
|         #    path = rp[2] | ||||
|         #    self.gsettings.append(user_gsetting(schema, path, setting.data)) | ||||
|  | ||||
|  | ||||
|         # Calculate all mapped gsettings if mapping enabled | ||||
|         if self.__windows_mapping_enabled: | ||||
|             log('D83') | ||||
|             self.windows_mapping_append() | ||||
| @@ -268,7 +259,7 @@ class gsettings_applier_user(applier_frontend): | ||||
|  | ||||
|         # Calculate all configured gsettings | ||||
|         for setting in self.gsettings_keys: | ||||
|             valuename = setting.hive_key.rpartition('\\')[2] | ||||
|             valuename = setting.hive_key.rpartition('/')[2] | ||||
|             rp = valuename.rpartition('.') | ||||
|             schema = rp[0] | ||||
|             path = rp[2] | ||||
| @@ -293,8 +284,10 @@ class gsettings_applier_user(applier_frontend): | ||||
|         try: | ||||
|             entry = self.__wallpaper_entry | ||||
|             filter_result = self.storage.get_hkcu_entry(self.sid, entry) | ||||
|             if filter_result: | ||||
|             if filter_result and filter_result.data: | ||||
|                 self.file_cache.store(filter_result.data) | ||||
|         except NotUNCPathError: | ||||
|             ... | ||||
|         except Exception as exc: | ||||
|             logdata = dict() | ||||
|             logdata['exception'] = str(exc) | ||||
|   | ||||
| @@ -68,11 +68,11 @@ class ini_applier_user(applier_frontend): | ||||
|             Ini_file(inifile, self.username) | ||||
|  | ||||
|     def admin_context_apply(self): | ||||
|         pass | ||||
|  | ||||
|     def user_context_apply(self): | ||||
|         if self.__module_enabled: | ||||
|             log('D173') | ||||
|             self.run() | ||||
|         else: | ||||
|             log('D174') | ||||
|  | ||||
|     def user_context_apply(self): | ||||
|         pass | ||||
|   | ||||
							
								
								
									
										292
									
								
								gpoa/frontend/kde_applier.py
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										292
									
								
								gpoa/frontend/kde_applier.py
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,292 @@ | ||||
| # | ||||
| # GPOA - GPO Applier for Linux | ||||
| # | ||||
| # Copyright (C) 2019-2024 BaseALT Ltd. | ||||
| # | ||||
| # This program is free software: you can redistribute it and/or modify | ||||
| # it under the terms of the GNU General Public License as published by | ||||
| # the Free Software Foundation, either version 3 of the License, or | ||||
| # (at your option) any later version. | ||||
| # | ||||
| # This program is distributed in the hope that it will be useful, | ||||
| # but WITHOUT ANY WARRANTY; without even the implied warranty of | ||||
| # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the | ||||
| # GNU General Public License for more details. | ||||
| # | ||||
| # You should have received a copy of the GNU General Public License | ||||
| # along with this program.  If not, see <http://www.gnu.org/licenses/>. | ||||
|  | ||||
| from .applier_frontend import applier_frontend, check_enabled | ||||
| from util.logging import log | ||||
| from util.util import get_homedir | ||||
| from util.exceptions import NotUNCPathError | ||||
| import os | ||||
| import subprocess | ||||
| import re | ||||
| import dbus | ||||
|  | ||||
| class kde_applier(applier_frontend): | ||||
|     __module_name = 'KdeApplier' | ||||
|     __module_experimental = True | ||||
|     __module_enabled = False | ||||
|     __hklm_branch = 'Software\\BaseALT\\Policies\\KDE\\' | ||||
|     __hklm_lock_branch = 'Software\\BaseALT\\Policies\\KDELocks\\' | ||||
|  | ||||
|     def __init__(self, storage): | ||||
|         self.storage = storage | ||||
|         self.locks_dict = {} | ||||
|         self.locks_data_dict = {} | ||||
|         self.all_kde_settings = {} | ||||
|         kde_filter = '{}%'.format(self.__hklm_branch) | ||||
|         locks_filter = '{}%'.format(self.__hklm_lock_branch) | ||||
|         self.locks_settings = self.storage.filter_hklm_entries(locks_filter) | ||||
|         self.kde_settings = self.storage.filter_hklm_entries(kde_filter) | ||||
|         self.all_kde_settings = {} | ||||
|  | ||||
|         self.__module_enabled = check_enabled( | ||||
|             self.storage, | ||||
|             self.__module_name, | ||||
|             self.__module_experimental | ||||
|         ) | ||||
|  | ||||
|     def apply(self): | ||||
|         if self.__module_enabled: | ||||
|             log('D198') | ||||
|             create_dict(self.kde_settings, self.all_kde_settings, self.locks_settings, self.locks_dict) | ||||
|             apply(self.all_kde_settings, self.locks_dict) | ||||
|         else: | ||||
|             log('D199') | ||||
|  | ||||
| class kde_applier_user(applier_frontend): | ||||
|     __module_name = 'KdeApplierUser' | ||||
|     __module_experimental = True | ||||
|     __module_enabled = False | ||||
|     __hkcu_branch = 'Software\\BaseALT\\Policies\\KDE\\' | ||||
|     __hkcu_lock_branch = 'Software\\BaseALT\\Policies\\KDELocks\\' | ||||
|  | ||||
|     def __init__(self, storage, sid=None, username=None, file_cache = None): | ||||
|         self.storage = storage | ||||
|         self.username = username | ||||
|         self.sid = sid | ||||
|         self.file_cache = file_cache | ||||
|         self.locks_dict = {} | ||||
|         self.locks_data_dict = {} | ||||
|         self.all_kde_settings = {} | ||||
|         kde_filter = '{}%'.format(self.__hkcu_branch) | ||||
|         locks_filter = '{}%'.format(self.__hkcu_lock_branch) | ||||
|         self.locks_settings = self.storage.filter_hkcu_entries(self.sid, locks_filter) | ||||
|         self.kde_settings = self.storage.filter_hkcu_entries(self.sid, kde_filter) | ||||
|         self.__module_enabled = check_enabled( | ||||
|             self.storage, | ||||
|             self.__module_name, | ||||
|             self.__module_experimental | ||||
|         ) | ||||
|  | ||||
|     def admin_context_apply(self): | ||||
|         pass | ||||
|  | ||||
|     def user_context_apply(self): | ||||
|         ''' | ||||
|         Change settings applied in user context | ||||
|         ''' | ||||
|         if self.__module_enabled: | ||||
|             log('D200') | ||||
|             create_dict(self.kde_settings, self.all_kde_settings, self.locks_settings, self.locks_dict, self.file_cache, self.username) | ||||
|             apply(self.all_kde_settings, self.locks_dict, self.username) | ||||
|         else: | ||||
|             log('D201') | ||||
|  | ||||
| def create_dict(kde_settings, all_kde_settings, locks_settings, locks_dict, file_cache = None, username = None): | ||||
|         for locks in locks_settings: | ||||
|             locks_dict[locks.valuename] = locks.data | ||||
|         for setting in kde_settings: | ||||
|             try: | ||||
|                 file_name, section, value = setting.keyname.split("/")[-2], setting.keyname.split("/")[-1], setting.valuename | ||||
|                 data = setting.data | ||||
|                 if file_name == 'wallpaper': | ||||
|                     apply_for_wallpaper(data, file_cache, username) | ||||
|                 else: | ||||
|                     if file_name not in all_kde_settings: | ||||
|                         all_kde_settings[file_name] = {} | ||||
|                     if section not in all_kde_settings[file_name]: | ||||
|                         all_kde_settings[file_name][section] = {} | ||||
|                     all_kde_settings[file_name][section][value] = data | ||||
|  | ||||
|             except Exception as exc: | ||||
|                 logdata = dict() | ||||
|                 logdata['file_name'] = file_name | ||||
|                 logdata['section'] = section | ||||
|                 logdata['value'] = value | ||||
|                 logdata['data'] = data | ||||
|                 logdata['exc'] = exc | ||||
|                 log('W16', logdata) | ||||
|  | ||||
| def apply(all_kde_settings, locks_dict, username = None): | ||||
|     logdata = dict() | ||||
|     if username is None: | ||||
|         system_path_settings = '/etc/xdg/' | ||||
|         system_files = [ | ||||
|             "baloofilerc", | ||||
|             "kcminputrc", | ||||
|             "kded_device_automounterrc", | ||||
|             "kdeglobals", | ||||
|             "ksplashrc", | ||||
|             "kwinrc", | ||||
|             "plasma-localerc", | ||||
|             "plasmarc", | ||||
|             "powermanagementprofilesrc" | ||||
|         ] | ||||
|         for file in system_files: | ||||
|             file_to_remove = f'{system_path_settings}{file}' | ||||
|             if os.path.exists(file_to_remove): | ||||
|                 os.remove(file_to_remove) | ||||
|         for file_name, sections in all_kde_settings.items(): | ||||
|             file_path = f'{system_path_settings}{file_name}' | ||||
|             with open(file_path, 'w') as file: | ||||
|                 for section, keys in sections.items(): | ||||
|                     section = section.replace(')(', '][') | ||||
|                     file.write(f'[{section}]\n') | ||||
|                     for key, value in keys.items(): | ||||
|                         lock = f"{file_name}.{section}.{key}".replace('][', ')(') | ||||
|                         if lock in locks_dict and locks_dict[lock] == 1: | ||||
|                             file.write(f'{key}[$i]={value}\n') | ||||
|                         else: | ||||
|                             file.write(f'{key}={value}\n') | ||||
|                     file.write('\n') | ||||
|     else: | ||||
|         for file_name, sections in all_kde_settings.items(): | ||||
|             path = f'{get_homedir(username)}/.config/{file_name}' | ||||
|             if not os.path.exists(path): | ||||
|                 open(path, 'a').close() | ||||
|             else: | ||||
|                 pass | ||||
|             for section, keys in sections.items(): | ||||
|                 for key, value in keys.items(): | ||||
|                     lock = f"{file_name}.{section}.{key}" | ||||
|                     if lock in locks_dict and locks_dict[lock] == 1: | ||||
|                         command = [ | ||||
|                             'kwriteconfig5', | ||||
|                             '--file', file_name, | ||||
|                             '--group', section, | ||||
|                             '--key', key +'/$i/', | ||||
|                             '--type', 'string', | ||||
|                             value | ||||
|                         ] | ||||
|                     else: | ||||
|                         command = [ | ||||
|                             'kwriteconfig5', | ||||
|                             '--file', file_name, | ||||
|                             '--group', section, | ||||
|                             '--key', key, | ||||
|                             '--type', 'string', | ||||
|                             value | ||||
|                         ] | ||||
|                     try: | ||||
|                         clear_locks_settings(username, file_name, key) | ||||
|                         subprocess.run(command, check=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE) | ||||
|                     except: | ||||
|                             logdata['command'] = command | ||||
|                             log('W22', logdata) | ||||
|             new_content = [] | ||||
|             file_path = f'{get_homedir(username)}/.config/{file_name}' | ||||
|             try: | ||||
|                 with open(file_path, 'r') as file: | ||||
|                     for line in file: | ||||
|                         line = line.replace('/$i/', '[$i]').replace(')(', '][') | ||||
|                         new_content.append(line) | ||||
|                 with open(file_path, 'w') as file: | ||||
|                     file.writelines(new_content) | ||||
|                 logdata['file'] = file_name | ||||
|                 log('D202', logdata) | ||||
|             except Exception as exc: | ||||
|                 logdata['exc'] = exc | ||||
|                 log('W19', logdata) | ||||
|  | ||||
| def clear_locks_settings(username, file_name, key): | ||||
|     ''' | ||||
|     Method to remove old locked settings | ||||
|     ''' | ||||
|     file_path = f'{get_homedir(username)}/.config/{file_name}' | ||||
|     with open(file_path, 'r') as file: | ||||
|         lines = file.readlines() | ||||
|     with open(file_path, 'w') as file: | ||||
|         for line in lines: | ||||
|             if f'{key}[$i]=' not in line: | ||||
|                 file.write(line) | ||||
|     for line in lines: | ||||
|         if f'{key}[$i]=' in line: | ||||
|             logdata = dict() | ||||
|             logdata['line'] = line.strip() | ||||
|             log('I10', logdata) | ||||
|  | ||||
| def apply_for_wallpaper(data, file_cache, username): | ||||
|     ''' | ||||
|     Method to change wallpaper | ||||
|     ''' | ||||
|     logdata = dict() | ||||
|     path_to_wallpaper = f'{get_homedir(username)}/.config/plasma-org.kde.plasma.desktop-appletsrc' | ||||
|     try: | ||||
|         try: | ||||
|             file_cache.store(data) | ||||
|             data = file_cache.get(data) | ||||
|         except NotUNCPathError: | ||||
|             data = data | ||||
|         os.environ["XDG_DATA_DIRS"] = "/usr/share/kf5:" | ||||
|             #Variable for system detection of directories before files with .colors extension | ||||
|         os.environ["DISPLAY"] = ":0" | ||||
|             #Variable for command execution plasma-apply-colorscheme | ||||
|         os.environ["XDG_RUNTIME_DIR"] = f"/run/user/{os.getuid()}" | ||||
|         os.environ["DBUS_SESSION_BUS_ADDRESS"] = f"unix:path=/run/user/{os.getuid()}/bus"#plasma-apply-wallpaperimage | ||||
|         os.environ["PATH"] = "/usr/lib/kf5/bin:" | ||||
|             #environment variable for accessing binary files without hard links | ||||
|         if os.path.isfile(path_to_wallpaper): | ||||
|             id_desktop = get_id_desktop(path_to_wallpaper) | ||||
|             command = [ | ||||
|                 'kwriteconfig5', | ||||
|                 '--file', 'plasma-org.kde.plasma.desktop-appletsrc', | ||||
|                 '--group', 'Containments', | ||||
|                 '--group', id_desktop, | ||||
|                 '--group', 'Wallpaper', | ||||
|                 '--group', 'org.kde.image', | ||||
|                 '--group', 'General', | ||||
|                 '--key', 'Image', | ||||
|                  '--type', 'string', | ||||
|                 data | ||||
|                 ] | ||||
|             try: | ||||
|                 subprocess.run(command, check=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE) | ||||
|             except: | ||||
|                     logdata['command'] = command | ||||
|                     log('E68', logdata) | ||||
|             try: | ||||
|                 session_bus = dbus.SessionBus() | ||||
|                 plasma_shell = session_bus.get_object('org.kde.plasmashell', '/PlasmaShell', introspect='org.kde.PlasmaShell') | ||||
|                 plasma_shell_iface = dbus.Interface(plasma_shell, 'org.kde.PlasmaShell') | ||||
|                 plasma_shell_iface.refreshCurrentShell() | ||||
|             except: | ||||
|                 pass | ||||
|         else: | ||||
|             logdata['file'] = path_to_wallpaper | ||||
|             log('W21', logdata) | ||||
|     except OSError as exc: | ||||
|         logdata['exc'] = exc | ||||
|         log('W17', logdata) | ||||
|     except Exception as exc: | ||||
|         logdata['exc'] = exc | ||||
|         log('E67', logdata) | ||||
|  | ||||
| def get_id_desktop(path_to_wallpaper): | ||||
|     ''' | ||||
|     Method for getting desktop id. It is currently accepted that this number is one of the sections in the configuration file. | ||||
|     ''' | ||||
|     pattern = r'\[Containments\]\[(\d+)\][^\[]*activityId=([^\s]+)' | ||||
|     try: | ||||
|         with open(path_to_wallpaper, 'r') as file: | ||||
|             file_content = file.read() | ||||
|         match = re.search(pattern, file_content) | ||||
|         if match: | ||||
|             return match.group(1) | ||||
|         else: | ||||
|             return None | ||||
|     except: | ||||
|         return None | ||||
| @@ -25,22 +25,34 @@ from util.logging import log | ||||
|  | ||||
| class networkshare_applier(applier_frontend): | ||||
|     __module_name = 'NetworksharesApplier' | ||||
|     __module_name_user = 'NetworksharesApplierUser' | ||||
|     __module_experimental = True | ||||
|     __module_enabled = False | ||||
|  | ||||
|     def __init__(self, storage, sid): | ||||
|     def __init__(self, storage, sid, username = None): | ||||
|         self.storage = storage | ||||
|         self.sid = sid | ||||
|         self.username = username | ||||
|         self.networkshare_info = self.storage.get_networkshare(self.sid) | ||||
|         self.__module_enabled = check_enabled(self.storage, self.__module_name, self.__module_experimental) | ||||
|         self.__module_enabled_user = check_enabled(self.storage, self.__module_name_user, self.__module_experimental) | ||||
|  | ||||
|     def run(self): | ||||
|         for networkshar in self.networkshare_info: | ||||
|             Networkshare(networkshar) | ||||
|         for networkshare in self.networkshare_info: | ||||
|             Networkshare(networkshare, self.username) | ||||
|  | ||||
|     def apply(self): | ||||
|         if self.__module_enabled: | ||||
|             log('D180') | ||||
|             log('D187') | ||||
|             self.run() | ||||
|         else: | ||||
|             log('D181') | ||||
|     def admin_context_apply(self): | ||||
|         pass | ||||
|  | ||||
|     def user_context_apply(self): | ||||
|         if self.__module_enabled_user: | ||||
|             log('D188') | ||||
|             self.run() | ||||
|         else: | ||||
|             log('D189') | ||||
|   | ||||
| @@ -117,7 +117,7 @@ class ntp_applier(applier_frontend): | ||||
|         ntp_server_enabled = self.storage.get_hklm_entry(self.ntp_server_enabled) | ||||
|         ntp_client_enabled = self.storage.get_hklm_entry(self.ntp_client_enabled) | ||||
|  | ||||
|         if server_type: | ||||
|         if server_type and server_type.data: | ||||
|             if NTPServerType.NTP.value != server_type.data: | ||||
|                 logdata = dict() | ||||
|                 logdata['server_type'] = server_type | ||||
| @@ -125,7 +125,7 @@ class ntp_applier(applier_frontend): | ||||
|             else: | ||||
|                 log('D126') | ||||
|                 if ntp_server_enabled: | ||||
|                     if '1' == ntp_server_enabled.data: | ||||
|                     if '1' == ntp_server_enabled.data and server_address: | ||||
|                         log('D127') | ||||
|                         self._start_chrony_client(server_address) | ||||
|                         self._chrony_as_server() | ||||
| @@ -135,7 +135,7 @@ class ntp_applier(applier_frontend): | ||||
|                     else: | ||||
|                         log('D129') | ||||
|  | ||||
|                 if ntp_client_enabled: | ||||
|                 elif ntp_client_enabled: | ||||
|                     if '1' == ntp_client_enabled.data: | ||||
|                         log('D130') | ||||
|                         self._start_chrony_client() | ||||
|   | ||||
| @@ -62,8 +62,7 @@ class package_applier(applier_frontend): | ||||
|         ) | ||||
|     def run(self): | ||||
|         for flag in self.sync_packages_setting: | ||||
|             if flag.data: | ||||
|                 self.flagSync = bool(int(flag.data)) | ||||
|             self.flagSync = bool(flag.data) | ||||
|  | ||||
|         if 0 < self.install_packages_setting.count() or 0 < self.remove_packages_setting.count(): | ||||
|             if self.flagSync: | ||||
| @@ -104,8 +103,8 @@ class package_applier_user(applier_frontend): | ||||
|         self.username = username | ||||
|         self.fulcmd = list() | ||||
|         self.fulcmd.append('/usr/libexec/gpupdate/pkcon_runner') | ||||
|         self.fulcmd.append('--sid') | ||||
|         self.fulcmd.append(self.sid) | ||||
|         self.fulcmd.append('--user') | ||||
|         self.fulcmd.append(self.username) | ||||
|         self.fulcmd.append('--loglevel') | ||||
|         logger = logging.getLogger() | ||||
|         self.fulcmd.append(str(logger.level)) | ||||
| @@ -119,7 +118,7 @@ class package_applier_user(applier_frontend): | ||||
|         self.sync_packages_setting = self.storage.filter_hkcu_entries(self.sid, sync_branch) | ||||
|         self.flagSync = False | ||||
|  | ||||
|         self.__module_enabled = check_enabled(self.storage, self.__module_name, self.__module_enabled) | ||||
|         self.__module_enabled = check_enabled(self.storage, self.__module_name, self.__module_experimental) | ||||
|  | ||||
|     def user_context_apply(self): | ||||
|         ''' | ||||
|   | ||||
| @@ -29,28 +29,64 @@ class polkit_applier(applier_frontend): | ||||
|     __module_experimental = False | ||||
|     __module_enabled = True | ||||
|     __deny_all_win = 'Software\\Policies\\Microsoft\\Windows\\RemovableStorageDevices\\Deny_All' | ||||
|     __deny_all = 'Software\\BaseALT\\Policies\\GPUpdate\\RemovableStorageDevices\\Deny_All' | ||||
|     __registry_branch = 'Software\\BaseALT\\Policies\\Polkit\\' | ||||
|     __registry_locks_branch = 'Software\\BaseALT\\Policies\\PolkitLocks\\' | ||||
|     __polkit_map = { | ||||
|         __deny_all: ['49-gpoa_disk_permissions', { 'Deny_All': 0 }] | ||||
|         __deny_all_win: ['49-gpoa_disk_permissions', { 'Deny_All': 0 }], | ||||
|         __registry_branch : ['49-alt_group_policy_permissions', {}], | ||||
|         __registry_locks_branch : ['47-alt_group_policy_permissions', {}] | ||||
|     } | ||||
|  | ||||
|     def __init__(self, storage): | ||||
|         self.storage = storage | ||||
|         deny_all = storage.filter_hklm_entries(self.__deny_all).first() | ||||
|         if not deny_all and check_windows_mapping_enabled(self.storage): | ||||
|             deny_all = storage.filter_hklm_entries(self.__deny_all_win).first() | ||||
|         deny_all_win = None | ||||
|         if check_windows_mapping_enabled(self.storage): | ||||
|             deny_all_win = storage.filter_hklm_entries(self.__deny_all_win).first() | ||||
|         # Deny_All hook: initialize defaults | ||||
|         template_file = self.__polkit_map[self.__deny_all][0] | ||||
|         template_vars = self.__polkit_map[self.__deny_all][1] | ||||
|         if deny_all: | ||||
|         polkit_filter = '{}%'.format(self.__registry_branch) | ||||
|         polkit_locks_filter = '{}%'.format(self.__registry_locks_branch) | ||||
|         self.polkit_keys = self.storage.filter_hklm_entries(polkit_filter) | ||||
|         self.polkit_locks = self.storage.filter_hklm_entries(polkit_locks_filter) | ||||
|         template_file = self.__polkit_map[self.__deny_all_win][0] | ||||
|         template_vars = self.__polkit_map[self.__deny_all_win][1] | ||||
|         template_file_all = self.__polkit_map[self.__registry_branch][0] | ||||
|         template_vars_all = self.__polkit_map[self.__registry_branch][1] | ||||
|         template_file_all_lock = self.__polkit_map[self.__registry_locks_branch][0] | ||||
|         template_vars_all_lock = self.__polkit_map[self.__registry_locks_branch][1] | ||||
|         locks = list() | ||||
|         for lock in self.polkit_locks: | ||||
|             if bool(int(lock.data)): | ||||
|                 locks.append(lock.valuename) | ||||
|  | ||||
|         dict_lists_rules = {'No': [[], []], | ||||
|                             'Yes': [[], []], | ||||
|                             'Auth_self' : [[], []], | ||||
|                             'Auth_admin': [[], []], | ||||
|                             'Auth_self_keep': [[], []], | ||||
|                             'Auth_admin_keep': [[], []]} | ||||
|  | ||||
|         check_and_add_to_list = (lambda it, act: dict_lists_rules[act][0].append(it.valuename) | ||||
|                                 if it.valuename not in locks | ||||
|                                 else dict_lists_rules[act][1].append(it.valuename)) | ||||
|  | ||||
|         for it_data in self.polkit_keys: | ||||
|             check_and_add_to_list(it_data, it_data.data) | ||||
|  | ||||
|         for key, item in dict_lists_rules.items(): | ||||
|             self.__polkit_map[self.__registry_branch][1][key] = item[0] | ||||
|             self.__polkit_map[self.__registry_locks_branch][1][key] = item[1] | ||||
|  | ||||
|         if deny_all_win: | ||||
|             logdata = dict() | ||||
|             logdata['Deny_All'] = deny_all.data | ||||
|             logdata['Deny_All_win'] = deny_all_win.data | ||||
|             log('D69', logdata) | ||||
|             self.__polkit_map[self.__deny_all][1]['Deny_All'] = deny_all.data | ||||
|             self.__polkit_map[self.__deny_all_win][1]['Deny_All'] = deny_all_win.data | ||||
|         else: | ||||
|             log('D71') | ||||
|         self.policies = [] | ||||
|         self.policies.append(polkit(template_file, template_vars)) | ||||
|         self.policies.append(polkit(template_file_all, template_vars_all)) | ||||
|         self.policies.append(polkit(template_file_all_lock, template_vars_all_lock)) | ||||
|         self.__module_enabled = check_enabled( | ||||
|               self.storage | ||||
|             , self.__module_name | ||||
| @@ -73,33 +109,54 @@ class polkit_applier_user(applier_frontend): | ||||
|     __module_experimental = False | ||||
|     __module_enabled = True | ||||
|     __deny_all_win = 'Software\\Policies\\Microsoft\\Windows\\RemovableStorageDevices\\Deny_All' | ||||
|     __deny_all = 'Software\\BaseALT\\Policies\\GPUpdate\\RemovableStorageDevices\\Deny_All' | ||||
|     __registry_branch = 'Software\\BaseALT\\Policies\\Polkit\\' | ||||
|     __polkit_map = { | ||||
|             __deny_all: ['48-gpoa_disk_permissions_user', { 'Deny_All': 0, 'User': '' }] | ||||
|             __deny_all_win: ['48-gpoa_disk_permissions_user', { 'Deny_All': 0, 'User': '' }], | ||||
|             __registry_branch : ['48-alt_group_policy_permissions_user', {'User': ''}] | ||||
|     } | ||||
|  | ||||
|     def __init__(self, storage, sid, username): | ||||
|         self.storage = storage | ||||
|         self.sid = sid | ||||
|         self.username = username | ||||
|  | ||||
|         deny_all = storage.filter_hkcu_entries(self.sid, self.__deny_all).first() | ||||
|         if not deny_all and check_windows_mapping_enabled(self.storage): | ||||
|             deny_all = storage.filter_hkcu_entries(self.sid, self.__deny_all_win).first() | ||||
|         deny_all_win = None | ||||
|         if check_windows_mapping_enabled(self.storage): | ||||
|             deny_all_win = storage.filter_hkcu_entries(self.sid, self.__deny_all_win).first() | ||||
|         polkit_filter = '{}%'.format(self.__registry_branch) | ||||
|         self.polkit_keys = self.storage.filter_hkcu_entries(self.sid, polkit_filter) | ||||
|         # Deny_All hook: initialize defaults | ||||
|         template_file = self.__polkit_map[self.__deny_all][0] | ||||
|         template_vars = self.__polkit_map[self.__deny_all][1] | ||||
|         if deny_all: | ||||
|         template_file = self.__polkit_map[self.__deny_all_win][0] | ||||
|         template_vars = self.__polkit_map[self.__deny_all_win][1] | ||||
|         template_file_all = self.__polkit_map[self.__registry_branch][0] | ||||
|         template_vars_all = self.__polkit_map[self.__registry_branch][1] | ||||
|  | ||||
|         dict_lists_rules = {'No': [], | ||||
|                             'Yes': [], | ||||
|                             'Auth_self': [], | ||||
|                             'Auth_admin': [], | ||||
|                             'Auth_self_keep': [], | ||||
|                             'Auth_admin_keep': []} | ||||
|  | ||||
|         for it_data in self.polkit_keys: | ||||
|             dict_lists_rules[it_data.data].append(it_data.valuename) | ||||
|  | ||||
|         self.__polkit_map[self.__registry_branch][1]['User'] = self.username | ||||
|  | ||||
|         for key, item in dict_lists_rules.items(): | ||||
|             self.__polkit_map[self.__registry_branch][1][key] = item | ||||
|  | ||||
|         if deny_all_win: | ||||
|             logdata = dict() | ||||
|             logdata['user'] = self.username | ||||
|             logdata['Deny_All'] = deny_all.data | ||||
|             logdata['Deny_All_win'] = deny_all_win.data | ||||
|             log('D70', logdata) | ||||
|             self.__polkit_map[self.__deny_all][1]['Deny_All'] = deny_all.data | ||||
|             self.__polkit_map[self.__deny_all][1]['User'] = self.username | ||||
|             self.__polkit_map[self.__deny_all_win][1]['Deny_All'] = deny_all_win.data | ||||
|             self.__polkit_map[self.__deny_all_win][1]['User'] = self.username | ||||
|         else: | ||||
|             log('D72') | ||||
|         self.policies = [] | ||||
|         self.policies.append(polkit(template_file, template_vars, self.username)) | ||||
|         self.policies.append(polkit(template_file_all, template_vars_all, self.username)) | ||||
|         self.__module_enabled = check_enabled( | ||||
|               self.storage | ||||
|             , self.__module_name | ||||
|   | ||||
| @@ -19,9 +19,7 @@ | ||||
| import os | ||||
| import shutil | ||||
| from pathlib import Path | ||||
| import pysss_nss_idmap | ||||
|  | ||||
| from django.template import base | ||||
| from util.logging import log | ||||
| from .appliers.folder import remove_dir_tree | ||||
| from .applier_frontend import ( | ||||
| @@ -150,10 +148,10 @@ def install_script(storage_script_entry, script_dir, access_permissions): | ||||
|     shutil.copyfile(storage_script_entry.path, script_file) | ||||
|  | ||||
|     os.chmod(script_file, int(access_permissions, base = 8)) | ||||
|     if storage_script_entry.arg: | ||||
|     if storage_script_entry.args: | ||||
|         dir_path = script_dir + '/' + script_name + '.arg' | ||||
|         dir_arg = Path(dir_path) | ||||
|         dir_arg.mkdir(parents=True, exist_ok=True) | ||||
|         file_arg = open(dir_path + '/arg', 'w') | ||||
|         file_arg.write(storage_script_entry.arg) | ||||
|         file_arg.write(storage_script_entry.args) | ||||
|         file_arg.close() | ||||
|   | ||||
| @@ -38,8 +38,7 @@ def storage_get_shortcuts(storage, sid, username=None): | ||||
|     shortcut_objs = storage.get_shortcuts(sid) | ||||
|     shortcuts = list() | ||||
|  | ||||
|     for sc_obj in shortcut_objs: | ||||
|         sc = json2sc(sc_obj.shortcut) | ||||
|     for sc in shortcut_objs: | ||||
|         if username: | ||||
|             sc.set_expanded_path(expand_windows_var(sc.path, username)) | ||||
|         shortcuts.append(sc) | ||||
|   | ||||
| @@ -29,11 +29,11 @@ class systemd_applier(applier_frontend): | ||||
|     __module_name = 'SystemdApplier' | ||||
|     __module_experimental = False | ||||
|     __module_enabled = True | ||||
|     __registry_branch = 'Software\\BaseALT\\Policies\\SystemdUnits' | ||||
|     __registry_branch = 'Software/BaseALT/Policies/SystemdUnits' | ||||
|  | ||||
|     def __init__(self, storage): | ||||
|         self.storage = storage | ||||
|         self.systemd_unit_settings = self.storage.filter_hklm_entries('Software\\BaseALT\\Policies\\SystemdUnits%') | ||||
|         self.systemd_unit_settings = self.storage.filter_hklm_entries(self.__registry_branch) | ||||
|         self.units = [] | ||||
|         self.__module_enabled = check_enabled( | ||||
|               self.storage | ||||
| @@ -43,7 +43,7 @@ class systemd_applier(applier_frontend): | ||||
|  | ||||
|     def run(self): | ||||
|         for setting in self.systemd_unit_settings: | ||||
|             valuename = setting.hive_key.rpartition('\\')[2] | ||||
|             valuename = setting.hive_key.rpartition('/')[2] | ||||
|             try: | ||||
|                 self.units.append(systemd_unit(valuename, int(setting.data))) | ||||
|                 logdata = dict() | ||||
| @@ -76,7 +76,7 @@ class systemd_applier_user(applier_frontend): | ||||
|     __module_name = 'SystemdApplierUser' | ||||
|     __module_experimental = False | ||||
|     __module_enabled = True | ||||
|     __registry_branch = 'Software\\BaseALT\\Policies\\SystemdUnits' | ||||
|     __registry_branch = 'Software/BaseALT/Policies/SystemdUnits' | ||||
|  | ||||
|     def __init__(self, storage, sid, username): | ||||
|         self.storage = storage | ||||
|   | ||||
| @@ -24,13 +24,13 @@ from .applier_frontend import ( | ||||
| import json | ||||
| import os | ||||
| from util.logging import log | ||||
| from util.util import is_machine_name | ||||
| from util.util import is_machine_name, string_to_literal_eval | ||||
|  | ||||
| class yandex_browser_applier(applier_frontend): | ||||
|     __module_name = 'YandexBrowserApplier' | ||||
|     __module_enabled = True | ||||
|     __module_experimental = False | ||||
|     __registry_branch = 'Software\\Policies\\YandexBrowser' | ||||
|     __registry_branch = 'Software/Policies/YandexBrowser' | ||||
|     __managed_policies_path = '/etc/opt/yandex/browser/policies/managed' | ||||
|     __recommended_policies_path = '/etc/opt/yandex/browser/policies/recommended' | ||||
|  | ||||
| @@ -65,7 +65,7 @@ class yandex_browser_applier(applier_frontend): | ||||
|         #Replacing all nested dictionaries with a list | ||||
|         dict_item_to_list = ( | ||||
|             lambda target_dict : | ||||
|                 {key:[*val.values()] if type(val) == dict else val for key,val in target_dict.items()} | ||||
|                 {key:[*val.values()] if type(val) == dict else string_to_literal_eval(val) for key,val in target_dict.items()} | ||||
|             ) | ||||
|         os.makedirs(self.__managed_policies_path, exist_ok=True) | ||||
|         with open(destfile, 'w') as f: | ||||
| @@ -98,19 +98,48 @@ class yandex_browser_applier(applier_frontend): | ||||
|         ''' | ||||
|         List of keys resulting from parsing chrome.admx with parsing_chrom_admx_intvalues.py | ||||
|         ''' | ||||
|         valuename_typeint = (['TurboSettings', | ||||
|                             'DefaultPluginsSetting', | ||||
|                             'BrowserSignin', | ||||
|         valuename_typeint = (['DefaultPageSaveSettings', | ||||
|                             'DefaultUploadSetting', | ||||
|                             'YandexAutoLaunchMode', | ||||
|                             'DefaultClipboardSetting', | ||||
|                             'DefaultFileSystemReadGuardSetting', | ||||
|                             'DefaultFileSystemWriteGuardSetting', | ||||
|                             'DefaultImagesSetting', | ||||
|                             'DefaultJavaScriptJitSetting', | ||||
|                             'DefaultJavaScriptSetting', | ||||
|                             'DefaultLocalFontsSetting', | ||||
|                             'DefaultPopupsSetting', | ||||
|                             'DefaultSensorsSetting', | ||||
|                             'DefaultSerialGuardSetting', | ||||
|                             'DefaultWebBluetoothGuardSetting', | ||||
|                             'DefaultWebHidGuardSetting', | ||||
|                             'DefaultWebUsbGuardSetting', | ||||
|                             'DefaultWindowManagementSetting', | ||||
|                             'SafeSitesFilterBehavior', | ||||
|                             'YandexUserFeedbackMode', | ||||
|                             'TurboSettings', | ||||
|                             'SidePanelMode', | ||||
|                             'RestoreOnStartup', | ||||
|                             'RestoreOnStartup_recommended', | ||||
|                             'BrowserSwitcherParsingMode', | ||||
|                             'DefaultNotificationsSetting', | ||||
|                             'YandexPowerSavingMode', | ||||
|                             'ChromeVariations', | ||||
|                             'DeveloperToolsAvailability', | ||||
|                             'DownloadRestrictions', | ||||
|                             'NetworkPredictionOptions', | ||||
|                             'DownloadRestrictions_recommended', | ||||
|                             'NetworkPredictionOptions_recommended', | ||||
|                             'DefaultCookiesSetting', | ||||
|                             'DefaultGeolocationSetting', | ||||
|                             'DefaultPopupsSetting', | ||||
|                             'DeveloperToolsAvailability', | ||||
|                             'IncognitoModeAvailability', | ||||
|                             'DefaultPrintingSettings', | ||||
|                             'DefaultPluginsSetting', | ||||
|                             'DefaultInsecureContentSetting', | ||||
|                             'PasswordProtectionWarningTrigger', | ||||
|                             'SafeBrowsingProtectionLevel', | ||||
|                             'SafeBrowsingProtectionLevel_recommended', | ||||
|                             'SidePanelMode', | ||||
|                             'YandexAutoLaunchMode']) | ||||
|                             'DiskCacheSize']) | ||||
|         return valuename_typeint | ||||
|  | ||||
|  | ||||
| @@ -123,7 +152,7 @@ class yandex_browser_applier(applier_frontend): | ||||
|         ''' | ||||
|         Parse registry path string and leave key parameters | ||||
|         ''' | ||||
|         parts = hivekeyname.replace(self.__registry_branch, '').split('\\') | ||||
|         parts = hivekeyname.replace(self.__registry_branch, '').split('/') | ||||
|         return parts | ||||
|  | ||||
|  | ||||
|   | ||||
| @@ -23,7 +23,7 @@ import signal | ||||
| import gettext | ||||
| import locale | ||||
|  | ||||
| from backend import backend_factory | ||||
| from backend import backend_factory, save_dconf | ||||
| from frontend.frontend_manager import frontend_manager, determine_username | ||||
| from plugin import plugin_manager | ||||
| from messages import message_with_code | ||||
| @@ -159,6 +159,7 @@ class gpoa_controller: | ||||
|                         einfo = geterr() | ||||
|                         logdata.update(einfo) | ||||
|                         log('E3', logdata) | ||||
|         save_dconf(self.username, self.is_machine) | ||||
|  | ||||
|     def start_frontend(self): | ||||
|         ''' | ||||
|   | ||||
| @@ -67,6 +67,12 @@ def read_drives(drives_file): | ||||
|         drive_obj.set_pass(decrypt_pass(props.get('cpassword'))) | ||||
|         drive_obj.set_dir(props.get('letter')) | ||||
|         drive_obj.set_path(props.get('path')) | ||||
|         drive_obj.set_action(props.get('action')) | ||||
|         drive_obj.set_thisDrive(props.get('thisDrive')) | ||||
|         drive_obj.set_allDrives(props.get('allDrives')) | ||||
|         drive_obj.set_label(props.get('label')) | ||||
|         drive_obj.set_persistent(props.get('persistent')) | ||||
|         drive_obj.set_useLetter(props.get('useLetter')) | ||||
|  | ||||
|         drives.append(drive_obj) | ||||
|  | ||||
| @@ -93,6 +99,12 @@ class drivemap: | ||||
|         self.password = None | ||||
|         self.dir = None | ||||
|         self.path = None | ||||
|         self.action = None | ||||
|         self.thisDrive = None | ||||
|         self.allDrives = None | ||||
|         self.label = None | ||||
|         self.persistent = None | ||||
|         self.useLetter = None | ||||
|  | ||||
|     def set_login(self, username): | ||||
|         self.login = username | ||||
| @@ -110,6 +122,24 @@ class drivemap: | ||||
|     def set_path(self, path): | ||||
|         self.path = path | ||||
|  | ||||
|     def set_action(self, action): | ||||
|         self.action = action | ||||
|  | ||||
|     def set_thisDrive(self, thisDrive): | ||||
|         self.thisDrive = thisDrive | ||||
|  | ||||
|     def set_allDrives(self, allDrives): | ||||
|         self.allDrives = allDrives | ||||
|  | ||||
|     def set_label(self, label): | ||||
|         self.label = label | ||||
|  | ||||
|     def set_persistent(self, persistent): | ||||
|         self.persistent = persistent | ||||
|  | ||||
|     def set_useLetter(self, useLetter): | ||||
|         self.useLetter = useLetter | ||||
|  | ||||
|     def to_json(self): | ||||
|         drive = dict() | ||||
|         drive['login'] = self.login | ||||
|   | ||||
| @@ -30,6 +30,7 @@ def read_files(filesxml): | ||||
|         fil_obj.set_archive(props.get('archive', default=None)) | ||||
|         fil_obj.set_hidden(props.get('hidden', default=None)) | ||||
|         fil_obj.set_suppress(props.get('suppress', default=None)) | ||||
|         fil_obj.set_executable(props.get('executable', default=None)) | ||||
|         files.append(fil_obj) | ||||
|  | ||||
|     return files | ||||
| @@ -54,3 +55,5 @@ class fileentry: | ||||
|         self.hidden = hidden | ||||
|     def set_suppress(self, suppress): | ||||
|         self.suppress = suppress | ||||
|     def set_executable(self, executable): | ||||
|         self.executable = executable | ||||
|   | ||||
| @@ -66,9 +66,11 @@ def read_folders(folders_file): | ||||
|         fld_obj.set_delete_folder(folder_int2bool(props.get('deleteFolder', default=1))) | ||||
|         fld_obj.set_delete_sub_folders(folder_int2bool(props.get('deleteSubFolders', default=1))) | ||||
|         fld_obj.set_delete_files(folder_int2bool(props.get('deleteFiles', default=1))) | ||||
|         fld_obj.set_hidden_folder(folder_int2bool(props.get('hidden', default=0))) | ||||
|  | ||||
|         folders.append(fld_obj) | ||||
|  | ||||
|  | ||||
|     return folders | ||||
|  | ||||
| def merge_folders(storage, sid, folder_objects, policy_name): | ||||
| @@ -83,6 +85,7 @@ class folderentry: | ||||
|         self.delete_folder = False | ||||
|         self.delete_sub_folders = False | ||||
|         self.delete_files = False | ||||
|         self.hidden_folder = False | ||||
|  | ||||
|     def set_action(self, action): | ||||
|         self.action = action | ||||
| @@ -96,3 +99,5 @@ class folderentry: | ||||
|     def set_delete_files(self, del_bool): | ||||
|         self.delete_files = del_bool | ||||
|  | ||||
|     def set_hidden_folder(self, hid_bool): | ||||
|         self.hidden_folder = hid_bool | ||||
| @@ -153,10 +153,13 @@ def get_merger(preference_type): | ||||
|     return mergers[preference_type] | ||||
|  | ||||
| class gpt: | ||||
|     def __init__(self, gpt_path, sid): | ||||
|     def __init__(self, gpt_path, sid, username='Machine', version=None): | ||||
|         self.path = gpt_path | ||||
|         self.username = username | ||||
|         self.sid = sid | ||||
|         self.storage = registry_factory('registry') | ||||
|         self.storage = registry_factory() | ||||
|         self.storage._gpt_read_flag = True | ||||
|         self.version = version | ||||
|         self.name = '' | ||||
|         self.guid = self.path.rpartition('/')[2] | ||||
|         if 'default' == self.guid: | ||||
| @@ -214,7 +217,7 @@ class gpt: | ||||
|             if self.settings['machine']['regpol']: | ||||
|                 mlogdata = dict({'polfile': self.settings['machine']['regpol']}) | ||||
|                 log('D34', mlogdata) | ||||
|                 util.preg.merge_polfile(self.settings['machine']['regpol'], policy_name=self.name) | ||||
|                 util.preg.merge_polfile(self.settings['machine']['regpol'], policy_name=self.name, version=self.version) | ||||
|             # Merge machine preferences to registry if possible | ||||
|             for preference_name, preference_path in self.settings['machine'].items(): | ||||
|                 if preference_path: | ||||
| @@ -240,7 +243,11 @@ class gpt: | ||||
|             if self.settings['user']['regpol']: | ||||
|                 mulogdata = dict({'polfile': self.settings['user']['regpol']}) | ||||
|                 log('D35', mulogdata) | ||||
|                 util.preg.merge_polfile(self.settings['user']['regpol'], sid=self.sid, policy_name=self.name) | ||||
|                 util.preg.merge_polfile(self.settings['user']['regpol'], | ||||
|                                         sid=self.sid, | ||||
|                                         policy_name=self.name, | ||||
|                                         username=self.username, | ||||
|                                         version=self.version) | ||||
|             # Merge user preferences to registry if possible | ||||
|             for preference_name, preference_path in self.settings['user'].items(): | ||||
|                 if preference_path: | ||||
|   | ||||
| @@ -17,6 +17,7 @@ | ||||
| # along with this program.  If not, see <http://www.gnu.org/licenses/>. | ||||
|  | ||||
| from util.xml import get_xml_root | ||||
| from storage.dconf_registry import Dconf_registry | ||||
|  | ||||
| def read_networkshares(networksharesxml): | ||||
|     networkshares = list() | ||||
|   | ||||
| @@ -24,9 +24,10 @@ def read_polfile(filename): | ||||
|     return load_preg(filename).entries | ||||
|  | ||||
| def merge_polfile(storage, sid, policy_objects, policy_name): | ||||
|     for entry in policy_objects: | ||||
|         if not sid: | ||||
|             storage.add_hklm_entry(entry, policy_name) | ||||
|         else: | ||||
|             storage.add_hkcu_entry(entry, sid, policy_name) | ||||
|     pass | ||||
|     # for entry in policy_objects: | ||||
|     #     if not sid: | ||||
|     #         storage.add_hklm_entry(entry, policy_name) | ||||
|     #     else: | ||||
|     #         storage.add_hkcu_entry(entry, sid, policy_name) | ||||
|  | ||||
|   | ||||
| @@ -61,19 +61,19 @@ def read_scripts(scripts_file): | ||||
|                     section_scripts[key_index].set_args(config[act][key]) | ||||
|     if logon_scripts: | ||||
|         for i in sorted(logon_scripts.keys()): | ||||
|             scripts.add_script(act_upper, logon_scripts[i]) | ||||
|             scripts.add_script('LOGON', logon_scripts[i]) | ||||
|  | ||||
|     if logoff_scripts: | ||||
|         for i in sorted(logoff_scripts.keys()): | ||||
|             scripts.add_script(act_upper, logoff_scripts[i]) | ||||
|             scripts.add_script('LOGOFF', logoff_scripts[i]) | ||||
|  | ||||
|     if startup_scripts: | ||||
|         for i in sorted(startup_scripts.keys()): | ||||
|             scripts.add_script(act_upper, startup_scripts[i]) | ||||
|             scripts.add_script('STARTUP', startup_scripts[i]) | ||||
|  | ||||
|     if shutdown_scripts: | ||||
|         for i in sorted(shutdown_scripts.keys()): | ||||
|             scripts.add_script(act_upper, shutdown_scripts[i]) | ||||
|             scripts.add_script('SHUTDOWN', shutdown_scripts[i]) | ||||
|  | ||||
|  | ||||
|     return scripts | ||||
|   | ||||
| @@ -27,6 +27,7 @@ import json | ||||
|  | ||||
| from util.windows import transform_windows_path | ||||
| from util.xml import get_xml_root | ||||
| from util.paths import get_desktop_files_directory | ||||
|  | ||||
| class TargetType(Enum): | ||||
|     FILESYSTEM = 'FILESYSTEM' | ||||
| @@ -85,6 +86,9 @@ def read_shortcuts(shortcuts_file): | ||||
|         sc.set_guid(link.get('uid')) | ||||
|         sc.set_usercontext(link.get('userContext', False)) | ||||
|         sc.set_icon(props.get('iconPath')) | ||||
|         if props.get('comment'): | ||||
|             sc.set_comment(props.get('comment')) | ||||
|  | ||||
|         shortcuts.append(sc) | ||||
|  | ||||
|     return shortcuts | ||||
| @@ -105,11 +109,26 @@ def json2sc(json_str): | ||||
|     sc.set_clsid(json_obj['clsid']) | ||||
|     sc.set_guid(json_obj['guid']) | ||||
|     sc.set_usercontext(json_obj['is_in_user_context']) | ||||
|     if 'comment' in json_obj: | ||||
|         sc.set_comment(json_obj['comment']) | ||||
|     if 'icon' in json_obj: | ||||
|         sc.set_icon(json_obj['icon']) | ||||
|  | ||||
|     return sc | ||||
|  | ||||
| def find_desktop_entry(binary_path): | ||||
|     desktop_dir = get_desktop_files_directory() | ||||
|     binary_name = ''.join(binary_path.split('/')[-1]) | ||||
|     desktop_file_path = Path(f"{desktop_dir}/{binary_name}.desktop") | ||||
|  | ||||
|     if desktop_file_path.exists(): | ||||
|         desktop_entry = DesktopEntry() | ||||
|         desktop_entry.parse(desktop_file_path) | ||||
|         return desktop_entry | ||||
|  | ||||
|     return None | ||||
|  | ||||
|  | ||||
| class shortcut: | ||||
|     def __init__(self, dest, path, arguments, name=None, action=None, ttype=TargetType.FILESYSTEM): | ||||
|         ''' | ||||
| @@ -119,16 +138,34 @@ class shortcut: | ||||
|         :param name: Name of the application | ||||
|         :param type: Link type - FILESYSTEM or URL | ||||
|         ''' | ||||
|         self.dest = dest | ||||
|         self.dest = self.replace_slashes(dest) | ||||
|         self.path = path | ||||
|         self.expanded_path = None | ||||
|         self.arguments = arguments | ||||
|         self.name = name | ||||
|         self.name = self.replace_name(name) | ||||
|         self.action = action | ||||
|         self.changed = '' | ||||
|         self.icon = None | ||||
|         self.comment = '' | ||||
|         self.is_in_user_context = self.set_usercontext() | ||||
|         self.type = ttype | ||||
|         self.desktop_file_template = None | ||||
|  | ||||
|     def replace_slashes(self, input_path): | ||||
|         if input_path.startswith('%'): | ||||
|             index = input_path.find('%', 1) | ||||
|             if index != -1: | ||||
|                 replace_path = input_path[:index + 2] + input_path[index + 2:].replace('/','-') | ||||
|                 return replace_path | ||||
|         return input_path.replace('/','-') | ||||
|  | ||||
|     def replace_name(self, input_name): | ||||
|         if input_name.startswith('%'): | ||||
|             index = input_name.find('%', 1) | ||||
|             if index != -1: | ||||
|                 replace_name = input_name[index + 2:] | ||||
|                 return replace_name | ||||
|         return input_name | ||||
|  | ||||
|     def __str__(self): | ||||
|         result = self.to_json() | ||||
| @@ -149,6 +186,9 @@ class shortcut: | ||||
|     def set_icon(self, icon_name): | ||||
|         self.icon = icon_name | ||||
|  | ||||
|     def set_comment(self, comment): | ||||
|         self.comment = comment | ||||
|  | ||||
|     def set_type(self, ttype): | ||||
|         ''' | ||||
|         Set type of the hyperlink - FILESYSTEM or URL | ||||
| @@ -194,6 +234,8 @@ class shortcut: | ||||
|         content['type'] = ttype2str(self.type) | ||||
|         if self.icon: | ||||
|             content['icon'] = self.icon | ||||
|         if self.comment: | ||||
|             content['comment'] = self.comment | ||||
|         result = self.desktop() | ||||
|         result.content.update(content) | ||||
|  | ||||
| @@ -206,6 +248,7 @@ class shortcut: | ||||
|         if dest: | ||||
|             self.desktop_file = DesktopEntry(dest) | ||||
|         else: | ||||
|             self.desktop_file_template = find_desktop_entry(self.path) | ||||
|             self.desktop_file = DesktopEntry() | ||||
|             self.desktop_file.addGroup('Desktop Entry') | ||||
|             self.desktop_file.set('Version', '1.0') | ||||
| @@ -230,11 +273,18 @@ class shortcut: | ||||
|         if self.type == TargetType.URL: | ||||
|             self.desktop_file.set('URL', desktop_path) | ||||
|         else: | ||||
|             self.desktop_file.set('Terminal', 'false') | ||||
|             str2bool_lambda = (lambda boolstr: boolstr if isinstance(boolstr, bool) | ||||
|                                else boolstr and boolstr.lower() in ['True', 'true', 'yes', '1']) | ||||
|             if self.desktop_file_template: | ||||
|                 terminal_state = str2bool_lambda(self.desktop_file_template.get('Terminal')) | ||||
|                 self.desktop_file.set('Terminal', 'true' if terminal_state else 'false') | ||||
|             self.desktop_file.set('Exec', '{} {}'.format(desktop_path, self.arguments)) | ||||
|             self.desktop_file.set('Comment', self.comment) | ||||
|  | ||||
|         if self.icon: | ||||
|             self.desktop_file.set('Icon', self.icon) | ||||
|         elif self.desktop_file_template and self.desktop_file_template.get('Icon', False): | ||||
|             self.desktop_file.set('Icon', self.desktop_file_template.get('Icon')) | ||||
|  | ||||
|     def _write_desktop(self, dest, create_only=False, read_firstly=False): | ||||
|         ''' | ||||
|   | ||||
| @@ -146,10 +146,10 @@ def is_unit_enabled(unit_name, unit_global=False): | ||||
|  | ||||
| def get_status(): | ||||
|     ''' | ||||
|     Check that gpupdate.service and gpupdate-user.service are enabled. | ||||
|     Check that gpupdate.timer and gpupdate-user.timer are enabled. | ||||
|     ''' | ||||
|     is_gpupdate = is_unit_enabled('gpupdate.service') | ||||
|     is_gpupdate_user = is_unit_enabled('gpupdate-user.service', unit_global=True) | ||||
|     is_gpupdate = is_unit_enabled('gpupdate.timer') | ||||
|     is_gpupdate_user = is_unit_enabled('gpupdate-user.timer', unit_global=True) | ||||
|  | ||||
|     if is_gpupdate and is_gpupdate_user: | ||||
|         return True | ||||
| @@ -218,7 +218,7 @@ def enable_gp(policy_name, backend_type): | ||||
|     cmd_set_gpupdate_policy = ['/usr/sbin/control', 'system-policy', 'gpupdate'] | ||||
|     cmd_gpoa_nodomain = ['/usr/sbin/gpoa', '--nodomain', '--loglevel', '5'] | ||||
|     cmd_enable_gpupdate_service = ['/bin/systemctl', 'enable', 'gpupdate.service'] | ||||
|     cmd_enable_gpupdate_user_service = ['/bin/systemctl', '--global', 'enable', 'gpupdate-user.service'] | ||||
|     cmd_enable_gpupdate_user_service = ['/bin/systemctl', '--global', 'disable', 'gpupdate-user.service'] | ||||
|     cmd_enable_gpupdate_timer = ['/bin/systemctl', 'enable', 'gpupdate.timer'] | ||||
|     cmd_enable_gpupdate_user_timer = ['/bin/systemctl', '--global', 'enable', 'gpupdate-user.timer'] | ||||
|     cmd_enable_gpupdate_scripts_service = ['/bin/systemctl', 'enable', 'gpupdate-scripts-run.service'] | ||||
| @@ -254,11 +254,7 @@ def enable_gp(policy_name, backend_type): | ||||
|     # Enable gpupdate-setup.service for all users | ||||
|     if not rollback_on_error(cmd_enable_gpupdate_user_service): | ||||
|         return | ||||
|     if not is_unit_enabled('gpupdate-user.service', unit_global=True): | ||||
|         disable_gp() | ||||
|         return | ||||
|  | ||||
|         # Enable gpupdate-scripts-run.service | ||||
|     # Enable gpupdate-scripts-run.service | ||||
|     if not rollback_on_error(cmd_enable_gpupdate_scripts_service): | ||||
|         return | ||||
|     if not is_unit_enabled('gpupdate-scripts-run.service'): | ||||
|   | ||||
| @@ -62,6 +62,9 @@ msgstr "Политика Chromium" | ||||
| msgid "Set user property to" | ||||
| msgstr "Установка свойств  для пользователя" | ||||
|  | ||||
| msgid "The line in the configuration file was cleared" | ||||
| msgstr "В конфигурационном файле была очищена строка" | ||||
|  | ||||
| # Error | ||||
| msgid "Insufficient permissions to run gpupdate" | ||||
| msgstr "Недостаточно прав для запуска gpupdate" | ||||
| @@ -228,6 +231,27 @@ msgstr "Ошибка очистки каталога для машины" | ||||
| msgid "Error cleaning directory for user" | ||||
| msgstr "Ошибка очистки каталога для пользователя" | ||||
|  | ||||
| msgid "Error while executing command for widgets" | ||||
| msgstr "Ошибка при выполнении команды для виджетов" | ||||
|  | ||||
| msgid "Error creating environment variables" | ||||
| msgstr "Ошибка создания переменных среды" | ||||
|  | ||||
| msgid "Error running kwriteconfig5 command" | ||||
| msgstr "Ошибка выполнения команды kwriteconfig5" | ||||
|  | ||||
| msgid "Error getting list of keys" | ||||
| msgstr "Ошибка получения списка ключей" | ||||
|  | ||||
| msgid "Error getting key value" | ||||
| msgstr "Ошибка при получении значения ключей" | ||||
|  | ||||
| msgid "Failed to update dconf database" | ||||
| msgstr "Не удалось обновить базу данных dconf" | ||||
|  | ||||
| msgid "Exception occurred while updating dconf database" | ||||
| msgstr "Возникло исключение при обновлении базы данных dconf" | ||||
|  | ||||
| # Error_end | ||||
|  | ||||
| # Debug | ||||
| @@ -723,11 +747,11 @@ msgstr "Запуск применение настроек ini файлов дл | ||||
| msgid "Running ini applier for machine will not be started" | ||||
| msgstr "Применение настроек ini файлов для машины не будет запущено" | ||||
|  | ||||
| msgid "Running ini applier for user in administrator context" | ||||
| msgstr "Запуск применение настроек ini файлов для пользователя в контексте администратора" | ||||
| msgid "Running ini applier for user in user context" | ||||
| msgstr "Запуск применение настроек ini файлов для пользователя в контексте пользователя" | ||||
|  | ||||
| msgid "Running ini applier for user in administrator context will not be started" | ||||
| msgstr "Применение настроек ini файлов для пользователя в контексте администратора не будет запущено" | ||||
| msgid "Running ini applier for user in user context will not be started" | ||||
| msgstr "Применение настроек ini файлов для пользователя в контексте пользователя не будет запущено" | ||||
|  | ||||
| msgid "Ini-file path not recognized" | ||||
| msgstr "Путь к ini-файлу не распознан" | ||||
| @@ -741,6 +765,12 @@ msgstr "Сохранение информации об ini-файле" | ||||
| msgid "Dictionary key generation failed" | ||||
| msgstr "Формирования ключа словаря не удалось" | ||||
|  | ||||
| msgid "Running CIFS applier for machine" | ||||
| msgstr "Запуск применение настроек CIFS для машины" | ||||
|  | ||||
| msgid "CIFS applier for machine will not be started" | ||||
| msgstr "Применение настроек CIFS для машины не будет запущено" | ||||
|  | ||||
| msgid "Saving information about network shares" | ||||
| msgstr "Сохранение информации о сетевых ресурсах" | ||||
|  | ||||
| @@ -762,6 +792,84 @@ msgstr "Yandex_browser_applier для машины не запустится" | ||||
| msgid "Wrote YandexBrowser preferences to" | ||||
| msgstr "Запись настройки Яндекс Браузера в" | ||||
|  | ||||
| msgid "Running networkshare applier for user" | ||||
| msgstr "Запуск применение настроек сетевых каталогов для пользователя" | ||||
|  | ||||
| msgid "File copy" | ||||
| msgstr "Копирование файла" | ||||
|  | ||||
| msgid "Running networkshare applier for user will not be started" | ||||
| msgstr "Применение настроек сетевых каталогов для пользователя не будет запущено" | ||||
|  | ||||
| msgid "File update" | ||||
| msgstr "Обновление файла" | ||||
|  | ||||
| msgid "Applying settings for network share" | ||||
| msgstr "Применение настроек для сетевой папки" | ||||
|  | ||||
| msgid "Deleting a file" | ||||
| msgstr "Удаление файла" | ||||
|  | ||||
| msgid "Running GPOA by root for user" | ||||
| msgstr "Запуск GPOA от root для пользователя" | ||||
|  | ||||
| msgid "The GPOA process was started for computer" | ||||
| msgstr "Процесс GPOA запущен для компьютера" | ||||
|  | ||||
| msgid "Running networkshare applier for machine will not be started" | ||||
| msgstr "Применение настроек сетевых каталогов для машины не будет запущено" | ||||
|  | ||||
| msgid "Failed to create a symlink to the network drives mountpoint" | ||||
| msgstr "Не удалось создать ссылку на точку монтирования сетевых дисков пользователя" | ||||
|  | ||||
| msgid "Failed to create a symlink to the system network drives mountpoint" | ||||
| msgstr "Не удалось создать ссылку на точку монтирования системных сетевых дисков" | ||||
|  | ||||
| msgid "Failed to create a symlink to the hidden network drives mountpoint" | ||||
| msgstr "Не удалось создать ссылку на точку монтирования скрытых сетевых дисков пользователя" | ||||
|  | ||||
| msgid "Failed to create a symlink to the hidden system network drives mountpoint" | ||||
| msgstr "Не удалось создать ссылку на точку монтирования скрытых системных сетевых дисков" | ||||
|  | ||||
| msgid "Running KDE applier for machine" | ||||
| msgstr "Запуск применения настроек KDE для машины" | ||||
|  | ||||
| msgid "KDE applier for machine will not be started" | ||||
| msgstr "Применение настроек KDE для машины не удалось" | ||||
|  | ||||
| msgid "Running KDE applier for user in user context" | ||||
| msgstr "Запуск применения настроек KDE в контексте пользователя" | ||||
|  | ||||
| msgid "KDE applier for user in user context will not be started" | ||||
| msgstr "KDE в контексте пользователя не запускается" | ||||
|  | ||||
| msgid "Changing the configuration file" | ||||
| msgstr "Изменение конфигурационного файла" | ||||
|  | ||||
| msgid "Widget command completed successfully" | ||||
| msgstr "Команда для виджетов выполнена успешно" | ||||
|  | ||||
| msgid "Getting a list of keys" | ||||
| msgstr "Получение списка ключей" | ||||
|  | ||||
| msgid "Getting the key value" | ||||
| msgstr "Получение значения ключа" | ||||
|  | ||||
| msgid "Successfully updated dconf database" | ||||
| msgstr "База данных dconf успешно обновлена" | ||||
|  | ||||
| msgid "Creating a dictionary with keys and values from the dconf database" | ||||
| msgstr "Формирование словаря с ключами и значениями из базы dconf" | ||||
|  | ||||
| msgid "No entry found for the specified path" | ||||
| msgstr "Не найдено записей по указанному пути" | ||||
|  | ||||
| msgid "Creating an ini file with policies for dconf" | ||||
| msgstr "Создание ini-файла с политиками для  dconf" | ||||
|  | ||||
| msgid "GPO version was not found" | ||||
| msgstr "Версия GPO не найдена" | ||||
|  | ||||
| # Debug_end | ||||
|  | ||||
| # Warning | ||||
| @@ -808,6 +916,36 @@ msgstr "Не удалось кэшировать файл" | ||||
| msgid "Could not create a valid list of keys" | ||||
| msgstr "Не удалось создать допустимый список ключей" | ||||
|  | ||||
| msgid "Failed to copy file" | ||||
| msgstr "Не удалось скопировать файл" | ||||
|  | ||||
| msgid "Failed to create KDE settings list" | ||||
| msgstr "Не удалось создать список настроек KDE" | ||||
|  | ||||
| msgid "Could not find application tools" | ||||
| msgstr "Не удалось найти инструменты применения" | ||||
|  | ||||
| msgid "Failed to open KDE settings" | ||||
| msgstr "Не удалось открыть настройки KDE" | ||||
|  | ||||
| msgid "Failed to change KDE configuration file" | ||||
| msgstr "Не удалось изменить файл конфигурации KDE" | ||||
|  | ||||
| msgid "Error connecting to server" | ||||
| msgstr "Ошибка при подключении к серверу" | ||||
|  | ||||
| msgid "Wallpaper configuration file not found" | ||||
| msgstr "Конфигурационный файл для обоев не найден" | ||||
|  | ||||
| msgid "The user setting was not installed, conflict with computer setting" | ||||
| msgstr "Пользовательская настройка не была установлена, конфликт с настройкой компьютера" | ||||
|  | ||||
| msgid "Action for ini file failed" | ||||
| msgstr "Не удалось выполнить действие для INI-файла" | ||||
|  | ||||
| msgid "Couldn't get the uid" | ||||
| msgstr "Не удалось получить uid" | ||||
|  | ||||
| # Fatal | ||||
| msgid "Unable to refresh GPO list" | ||||
| msgstr "Невозможно обновить список объектов групповых политик" | ||||
|   | ||||
| @@ -30,6 +30,7 @@ def info_code(code): | ||||
|     info_ids[7] = 'Firefox policy' | ||||
|     info_ids[8] = 'Chromium policy' | ||||
|     info_ids[9] = 'Set user property to' | ||||
|     info_ids[10] = 'The line in the configuration file was cleared' | ||||
|  | ||||
|     return info_ids.get(code, 'Unknown info code') | ||||
|  | ||||
| @@ -99,8 +100,13 @@ def error_code(code): | ||||
|     error_ids[63] = 'Error merging user GPT (from machine GPO)' | ||||
|     error_ids[64] = 'Error to cleanup directory for machine' | ||||
|     error_ids[65] = 'Error to cleanup directory for user' | ||||
|  | ||||
|  | ||||
|     error_ids[66] = 'Error while executing command for widgets' | ||||
|     error_ids[67] = 'Error creating environment variables' | ||||
|     error_ids[68] = 'Error running kwriteconfig5 command' | ||||
|     error_ids[69] = 'Error getting list of keys' | ||||
|     error_ids[70] = 'Error getting key value' | ||||
|     error_ids[71] = 'Failed to update dconf database' | ||||
|     error_ids[72] = 'Exception occurred while updating dconf database' | ||||
|     return error_ids.get(code, 'Unknown error code') | ||||
|  | ||||
| def debug_code(code): | ||||
| @@ -277,19 +283,44 @@ def debug_code(code): | ||||
|     debug_ids[170] = 'Running File copy applier for user in administrator context will not be started' | ||||
|     debug_ids[171] = 'Running ini applier for machine' | ||||
|     debug_ids[172] = 'Running ini applier for machine will not be started' | ||||
|     debug_ids[173] = 'Running ini applier for user in administrator context' | ||||
|     debug_ids[174] = 'Running ini applier for user in administrator context will not be started' | ||||
|     debug_ids[173] = 'Running ini applier for user in user context' | ||||
|     debug_ids[174] = 'Running ini applier for user in user context will not be started' | ||||
|     debug_ids[175] = 'Ini-file path not recognized' | ||||
|     debug_ids[176] = 'Ini-file is not readable' | ||||
|     debug_ids[177] = 'Saving information about ini-file' | ||||
|     debug_ids[178] = 'Dictionary key generation failed' | ||||
|     debug_ids[179] = 'Saving information about network shares' | ||||
|     debug_ids[180] = 'Running networkshare applier for machine' | ||||
|     debug_ids[179] = 'Running CIFS applier for machine' | ||||
|     debug_ids[180] = 'CIFS applier for machine will not be started' | ||||
|     debug_ids[181] = 'Running networkshare applier for machine will not be started' | ||||
|     debug_ids[182] = 'Apply network share data action failed' | ||||
|     debug_ids[183] = 'Running yandex_browser_applier for machine' | ||||
|     debug_ids[184] = 'Yandex_browser_applier for machine will not be started' | ||||
|     debug_ids[185] = 'Wrote YandexBrowser preferences to' | ||||
|     debug_ids[186] = 'Saving information about network shares' | ||||
|     debug_ids[187] = 'Running networkshare applier for machine' | ||||
|     debug_ids[188] = 'Running networkshare applier for user' | ||||
|     debug_ids[189] = 'Running networkshare applier for user will not be started' | ||||
|     debug_ids[190] = 'Applying settings for network share' | ||||
|     debug_ids[191] = 'File copy' | ||||
|     debug_ids[192] = 'File update' | ||||
|     debug_ids[193] = 'Deleting a file' | ||||
|     debug_ids[194] = 'Failed to create a symlink to the network drives mountpoint' | ||||
|     debug_ids[195] = 'Failed to create a symlink to the system network drives mountpoint' | ||||
|     debug_ids[196] = 'Failed to create a symlink to the hidden network drives mountpoint' | ||||
|     debug_ids[197] = 'Failed to create a symlink to the hidden system network drives mountpoint' | ||||
|     debug_ids[198] = 'Running KDE applier for machine' | ||||
|     debug_ids[199] = 'KDE applier for machine will not be started' | ||||
|     debug_ids[200] = 'Running KDE applier for user in user context' | ||||
|     debug_ids[201] = 'KDE applier for user in user context will not be started' | ||||
|     debug_ids[202] = 'Changing the configuration file' | ||||
|     debug_ids[203] = 'Widget command completed successfully' | ||||
|     debug_ids[204] = 'Getting a list of keys' | ||||
|     debug_ids[205] = 'Getting the key value' | ||||
|     debug_ids[206] = 'Successfully updated dconf database' | ||||
|     debug_ids[207] = 'Creating a dictionary with keys and values from the dconf database' | ||||
|     debug_ids[208] = 'No entry found for the specified path' | ||||
|     debug_ids[209] = 'Creating an ini file with policies for dconf' | ||||
|     debug_ids[210] = 'GPO version was not found' | ||||
|  | ||||
|     return debug_ids.get(code, 'Unknown debug code') | ||||
|  | ||||
| @@ -315,6 +346,17 @@ def warning_code(code): | ||||
|     warning_ids[12] = 'Failed to read the list of files' | ||||
|     warning_ids[13] = 'Failed to caching the file' | ||||
|     warning_ids[14] = 'Could not create a valid list of keys' | ||||
|     warning_ids[15] = 'Failed to copy file' | ||||
|     warning_ids[16] = 'Failed to create KDE settings list' | ||||
|     warning_ids[17] = 'Could not find application tools' | ||||
|     warning_ids[18] = 'Failed to open KDE settings' | ||||
|     warning_ids[19] = 'Failed to change KDE configuration file' | ||||
|     warning_ids[20] = 'Error connecting to server' | ||||
|     warning_ids[21] = 'Wallpaper configuration file not found' | ||||
|     warning_ids[22] = 'The user setting was not installed, conflict with computer setting' | ||||
|     warning_ids[23] = 'Action for ini file failed' | ||||
|     warning_ids[24] = 'Couldn\'t get the uid' | ||||
|  | ||||
|  | ||||
|     return warning_ids.get(code, 'Unknown warning code') | ||||
|  | ||||
|   | ||||
| @@ -44,35 +44,29 @@ def is_rpm_installed(rpm_name): | ||||
|  | ||||
| class Pkcon_applier: | ||||
|  | ||||
|     def __init__(self, sid = None): | ||||
|     def __init__(self, user = None): | ||||
|         self.__install_key_name = 'Install' | ||||
|         self.__remove_key_name = 'Remove' | ||||
|         self.__hkcu_branch = 'Software\\BaseALT\\Policies\\Packages' | ||||
|         self.__hklm_branch = 'Software\\BaseALT\\Policies\\Packages' | ||||
|         self.__hklm_branch = '/Software/BaseALT/Policies/Packages' | ||||
|         self.__install_command = ['/usr/bin/pkcon', '-y', 'install'] | ||||
|         self.__remove_command = ['/usr/bin/pkcon', '-y', 'remove'] | ||||
|         self.__reinstall_command = ['/usr/bin/pkcon', '-y', 'reinstall'] | ||||
|         self.install_packages = set() | ||||
|         self.remove_packages = set() | ||||
|         self.storage = registry_factory('registry') | ||||
|         if sid: | ||||
|             install_branch_user = '{}\\{}%'.format(self.__hkcu_branch, self.__install_key_name) | ||||
|             remove_branch_user = '{}\\{}%'.format(self.__hkcu_branch, self.__remove_key_name) | ||||
|             self.install_packages_setting = self.storage.filter_hkcu_entries(sid, install_branch_user) | ||||
|             self.remove_packages_setting = self.storage.filter_hkcu_entries(sid, remove_branch_user) | ||||
|         else: | ||||
|             install_branch = '{}\\{}%'.format(self.__hklm_branch, self.__install_key_name) | ||||
|             remove_branch = '{}\\{}%'.format(self.__hklm_branch, self.__remove_key_name) | ||||
|             self.install_packages_setting = self.storage.filter_hklm_entries(install_branch) | ||||
|             self.remove_packages_setting = self.storage.filter_hklm_entries(remove_branch) | ||||
|         self.storage = registry_factory(username=user) | ||||
|         self.storage.filling_storage_from_dconf() | ||||
|         install_branch = '{}/{}'.format(self.__hklm_branch, self.__install_key_name) | ||||
|         remove_branch = '{}/{}'.format(self.__hklm_branch, self.__remove_key_name) | ||||
|         self.install_packages_setting = self.storage.get_key_value(install_branch) | ||||
|         self.remove_packages_setting = self.storage.get_key_value(remove_branch) | ||||
|         for package in self.install_packages_setting: | ||||
|             if not is_rpm_installed(package.data): | ||||
|                 self.install_packages.add(package.data) | ||||
|             if not is_rpm_installed(package): | ||||
|                 self.install_packages.add(package) | ||||
|         for package in self.remove_packages_setting: | ||||
|             if package.data in self.install_packages: | ||||
|                 self.install_packages.remove(package.data) | ||||
|             if is_rpm_installed(package.data): | ||||
|                 self.remove_packages.add(package.data) | ||||
|             if package in self.install_packages: | ||||
|                 self.install_packages.remove(package) | ||||
|             if is_rpm_installed(package): | ||||
|                 self.remove_packages.add(package) | ||||
|  | ||||
|     def apply(self): | ||||
|         log('D142') | ||||
| @@ -137,13 +131,13 @@ if __name__ == '__main__': | ||||
|     gettext.textdomain('gpoa') | ||||
|     logger = logging.getLogger() | ||||
|     parser = argparse.ArgumentParser(description='Package applier') | ||||
|     parser.add_argument('--sid', type = str, help = 'sid', nargs = '?', default = None) | ||||
|     parser.add_argument('--user', type = str, help = 'user', nargs = '?', default = None) | ||||
|     parser.add_argument('--loglevel', type = int, help = 'loglevel', nargs = '?', default = 30) | ||||
|  | ||||
|     args = parser.parse_args() | ||||
|     logger.setLevel(args.loglevel) | ||||
|     if args.sid: | ||||
|         applier = Pkcon_applier(args.sid) | ||||
|     if args.user: | ||||
|         applier = Pkcon_applier(args.user) | ||||
|     else: | ||||
|         applier = Pkcon_applier() | ||||
|     applier.apply() | ||||
|   | ||||
| @@ -21,6 +21,8 @@ import subprocess | ||||
| import argparse | ||||
| import os | ||||
| from pathlib import Path | ||||
| import psutil | ||||
| import time | ||||
|  | ||||
| class Scripts_runner: | ||||
|     ''' | ||||
| @@ -104,12 +106,39 @@ class Scripts_runner: | ||||
|  | ||||
|     def run_cmd_subprocess(self, cmd): | ||||
|         try: | ||||
|             subprocess.Popen(cmd) | ||||
|             subprocess.run(cmd) | ||||
|             return 'Script run: {}'.format(cmd) | ||||
|         except Exception as exc: | ||||
|             return exc | ||||
|  | ||||
| def find_process_by_name_and_script(name, script_path): | ||||
|  | ||||
|     for proc in psutil.process_iter(['pid', 'name', 'cmdline']): | ||||
|         try: | ||||
|             # Check if the process name matches and the script path is in the command line arguments | ||||
|             if proc.info['name'] == name and script_path in proc.info['cmdline']: | ||||
|                 return proc | ||||
|         except (psutil.NoSuchProcess, psutil.AccessDenied, psutil.ZombieProcess): | ||||
|             continue | ||||
|     return None | ||||
|  | ||||
| def wait_for_process(name, script_path, check_interval=1): | ||||
|  | ||||
|     process = find_process_by_name_and_script(name, script_path) | ||||
|     if not process: | ||||
|         print(f"Process with name {name} and script path {script_path} not found.") | ||||
|         return | ||||
|  | ||||
|     try: | ||||
|         # Loop to wait for the process to finish | ||||
|         while process.is_running(): | ||||
|             print(f"Waiting for process {name} with PID {process.pid} to finish...") | ||||
|             time.sleep(check_interval) | ||||
|         print(f"Process {name} with PID {process.pid} has finished.") | ||||
|         return | ||||
|     except (psutil.NoSuchProcess, psutil.AccessDenied): | ||||
|         print(f"Process {name} with PID {process.pid} is no longer accessible.") | ||||
|         return | ||||
|  | ||||
| if __name__ == '__main__': | ||||
|     parser = argparse.ArgumentParser(description='Scripts runner') | ||||
| @@ -117,6 +146,9 @@ if __name__ == '__main__': | ||||
|     parser.add_argument('--user', type = str, help = 'User name ', nargs = '?', default = None) | ||||
|     parser.add_argument('--action', type = str, help = 'MACHINE : [STARTUP or SHUTDOWN], USER : [LOGON or LOGOFF]', nargs = '?', default = None) | ||||
|  | ||||
|     process_name = "python3" | ||||
|     script_path = "/usr/sbin/gpoa" | ||||
|     wait_for_process(process_name, script_path) | ||||
|     args = parser.parse_args() | ||||
|     try: | ||||
|         Scripts_runner(args.mode, args.user, args.action) | ||||
|   | ||||
| @@ -1,7 +1,7 @@ | ||||
| # | ||||
| # GPOA - GPO Applier for Linux | ||||
| # | ||||
| # Copyright (C) 2019-2020 BaseALT Ltd. | ||||
| # Copyright (C) 2019-2023 BaseALT Ltd. | ||||
| # | ||||
| # This program is free software: you can redistribute it and/or modify | ||||
| # it under the terms of the GNU General Public License as published by | ||||
| @@ -16,12 +16,19 @@ | ||||
| # You should have received a copy of the GNU General Public License | ||||
| # along with this program.  If not, see <http://www.gnu.org/licenses/>. | ||||
|  | ||||
| from .sqlite_registry import sqlite_registry | ||||
| from .sqlite_cache import sqlite_cache | ||||
|  | ||||
| def cache_factory(cache_name): | ||||
|     return sqlite_cache(cache_name) | ||||
| from storage.dconf_registry import Dconf_registry | ||||
|  | ||||
| def registry_factory(registry_name='registry', registry_dir=None): | ||||
|     return sqlite_registry(registry_name, registry_dir) | ||||
| def registry_factory(registry_name='', envprofile=None , username=None): | ||||
|     if username: | ||||
|         Dconf_registry._username = username | ||||
|     else: | ||||
|         Dconf_registry._envprofile = 'system' | ||||
|     if envprofile: | ||||
|         Dconf_registry._envprofile = envprofile | ||||
|  | ||||
|     if registry_name == 'dconf': | ||||
|         return Dconf_registry() | ||||
|     else: | ||||
|         return Dconf_registry | ||||
|  | ||||
|   | ||||
							
								
								
									
										591
									
								
								gpoa/storage/dconf_registry.py
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										591
									
								
								gpoa/storage/dconf_registry.py
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,591 @@ | ||||
| # | ||||
| # GPOA - GPO Applier for Linux | ||||
| # | ||||
| # Copyright (C) 2019-2023 BaseALT Ltd. | ||||
| # | ||||
| # This program is free software: you can redistribute it and/or modify | ||||
| # it under the terms of the GNU General Public License as published by | ||||
| # the Free Software Foundation, either version 3 of the License, or | ||||
| # (at your option) any later version. | ||||
| # | ||||
| # This program is distributed in the hope that it will be useful, | ||||
| # but WITHOUT ANY WARRANTY; without even the implied warranty of | ||||
| # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the | ||||
| # GNU General Public License for more details. | ||||
| # | ||||
| # You should have received a copy of the GNU General Public License | ||||
| # along with this program.  If not, see <http://www.gnu.org/licenses/>. | ||||
|  | ||||
| import subprocess | ||||
| from pathlib import Path | ||||
| from util.util import string_to_literal_eval, touch_file, get_uid_by_username | ||||
| from util.logging import log | ||||
| import re | ||||
|  | ||||
|  | ||||
| class PregDconf(): | ||||
|     def __init__(self, keyname, valuename, type_preg, data): | ||||
|         self.keyname = keyname | ||||
|         self.valuename = valuename | ||||
|         self.hive_key = '{}/{}'.format(self.keyname, self.valuename) | ||||
|         self.type = type_preg | ||||
|         self.data = data | ||||
|  | ||||
|  | ||||
| class gplist(list): | ||||
|     def __init__(self, *args, **kwargs): | ||||
|         super().__init__(*args, **kwargs) | ||||
|  | ||||
|     def first(self): | ||||
|         if self: | ||||
|             return self[0] | ||||
|         else: | ||||
|             return None | ||||
|  | ||||
|     def count(self): | ||||
|         return len(self) | ||||
|  | ||||
| class Dconf_registry(): | ||||
|     ''' | ||||
|     A class variable that represents a global registry dictionary shared among instances of the class | ||||
|     ''' | ||||
|     _ReadQueue = 'Software/BaseALT/Policies/ReadQueue' | ||||
|     global_registry_dict = dict({_ReadQueue:{}}) | ||||
|     __template_file = '/usr/share/dconf/user_mandatory.template' | ||||
|     _policies_path = 'Software/' | ||||
|     _policies_win_path = 'SOFTWARE/' | ||||
|     _gpt_read_flag = False | ||||
|     __dconf_dict_flag = False | ||||
|     __dconf_dict = dict() | ||||
|     _username = None | ||||
|     _envprofile = None | ||||
|  | ||||
|     list_keys = list() | ||||
|     _info = dict() | ||||
|  | ||||
|     shortcuts = list() | ||||
|     folders = list() | ||||
|     files = list() | ||||
|     drives = list() | ||||
|     scheduledtasks = list() | ||||
|     environmentvariables = list() | ||||
|     inifiles = list() | ||||
|     services = list() | ||||
|     printers = list() | ||||
|     scripts = list() | ||||
|     networkshares = list() | ||||
|  | ||||
|  | ||||
|  | ||||
|     @classmethod | ||||
|     def set_info(cls, key , data): | ||||
|         cls._info[key] = data | ||||
|  | ||||
|  | ||||
|     @classmethod | ||||
|     def get_info(cls, key): | ||||
|         return cls._info.setdefault(key, None) | ||||
|  | ||||
|  | ||||
|     @staticmethod | ||||
|     def get_matching_keys(path): | ||||
|         if path[0] != '/': | ||||
|             path = '/' + path | ||||
|         logdata = dict() | ||||
|         envprofile = get_dconf_envprofile() | ||||
|         try: | ||||
|             process = subprocess.Popen(['dconf', 'list', path], | ||||
|                                        env=envprofile, stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True) | ||||
|             logdata['path'] = path | ||||
|             log('D204', logdata) | ||||
|             output, error = process.communicate() | ||||
|             if not output and not error: | ||||
|                 return | ||||
|             if not error: | ||||
|                 keys = output.strip().split('\n') | ||||
|                 for key in keys: | ||||
|                     Dconf_registry.get_matching_keys(f'{path}{key}') | ||||
|             else: | ||||
|                 Dconf_registry.list_keys.append(path) | ||||
|             return Dconf_registry.list_keys | ||||
|         except Exception as exc: | ||||
|             logdata['exc'] = exc | ||||
|             log('E69', logdata) | ||||
|             return None | ||||
|  | ||||
|     @staticmethod | ||||
|     def get_key_values(keys): | ||||
|         key_values = {} | ||||
|         for key in keys: | ||||
|             key_values[key] = Dconf_registry.get_key_value(key) | ||||
|         return key_values | ||||
|  | ||||
|     @staticmethod | ||||
|     def get_key_value(key): | ||||
|         logdata = dict() | ||||
|         envprofile = get_dconf_envprofile() | ||||
|         try: | ||||
|             process = subprocess.Popen(['dconf', 'read', key], | ||||
|                                        env=envprofile, stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True) | ||||
|             logdata['key'] = key | ||||
|             output, error = process.communicate() | ||||
|  | ||||
|             if not error: | ||||
|                 return string_to_literal_eval(string_to_literal_eval(output)) | ||||
|             else: | ||||
|                 return None | ||||
|         except Exception as exc: | ||||
|             logdata['exc'] = exc | ||||
|             log('E70', logdata) | ||||
|         return None | ||||
|  | ||||
|     @staticmethod | ||||
|     def dconf_update(): | ||||
|         logdata = dict() | ||||
|         try: | ||||
|             process = subprocess.Popen(['dconf', 'update'], | ||||
|                                         stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True) | ||||
|             output, error = process.communicate() | ||||
|  | ||||
|             if error: | ||||
|                 logdata['error'] = error | ||||
|                 log('E71', logdata) | ||||
|             else: | ||||
|                 logdata['outpupt'] = output | ||||
|                 log('D206', logdata) | ||||
|         except Exception as exc: | ||||
|             logdata['exc'] = exc | ||||
|             log('E72', logdata) | ||||
|  | ||||
|     @classmethod | ||||
|     def check_profile_template(cls): | ||||
|         if Path(cls.__template_file).exists(): | ||||
|             return True | ||||
|         else: | ||||
|             return None | ||||
|  | ||||
|     @classmethod | ||||
|     def apply_template(cls, uid): | ||||
|         logdata = dict() | ||||
|         if uid and cls.check_profile_template(): | ||||
|             with open(cls.__template_file, "r") as f: | ||||
|                 template = f.read() | ||||
|             # Replace the "{uid}" placeholder with the actual UID value | ||||
|             content = template.replace("{{uid}}", str(uid)) | ||||
|  | ||||
|         elif uid: | ||||
|             content = f"user-db:user\n" \ | ||||
|               f"system-db:policy\n" \ | ||||
|               f"system-db:policy{uid}\n" \ | ||||
|               f"system-db:local\n" \ | ||||
|               f"system-db:default\n" \ | ||||
|               f"system-db:local\n" \ | ||||
|               f"system-db:policy{uid}\n" \ | ||||
|               f"system-db:policy\n" | ||||
|         else: | ||||
|             logdata['uid'] = uid | ||||
|             log('W24', logdata) | ||||
|             return | ||||
|  | ||||
|         user_mandatory = f'/run/dconf/user/{uid}' | ||||
|         touch_file(user_mandatory) | ||||
|  | ||||
|         with open(user_mandatory, "w") as f: | ||||
|             f.write(content) | ||||
|  | ||||
|  | ||||
|     @classmethod | ||||
|     def get_policies_from_dconf(cls): | ||||
|         return cls.get_dictionary_from_dconf(cls._policies_path, cls._policies_win_path) | ||||
|  | ||||
|  | ||||
|     @classmethod | ||||
|     def get_dictionary_from_dconf(self, *startswith_list): | ||||
|         output_dict = {} | ||||
|         for startswith in startswith_list: | ||||
|             dconf_dict = self.get_key_values(self.get_matching_keys(startswith)) | ||||
|             for key, value in dconf_dict.items(): | ||||
|                 keys_tmp = key.split('/') | ||||
|                 update_dict(output_dict.setdefault('/'.join(keys_tmp[:-1])[1:], {}), {keys_tmp[-1]: str(value)}) | ||||
|  | ||||
|         log('D207') | ||||
|         return output_dict | ||||
|  | ||||
|  | ||||
|     @classmethod | ||||
|     def filter_entries(cls, startswith): | ||||
|         if startswith[-1] == '%': | ||||
|             startswith = startswith[:-1] | ||||
|             if startswith[-1] == '/' or startswith[-1] == '\\': | ||||
|                 startswith = startswith[:-1] | ||||
|             return filter_dict_keys(startswith, flatten_dictionary(cls.global_registry_dict)) | ||||
|         return filter_dict_keys(startswith, flatten_dictionary(cls.global_registry_dict)) | ||||
|  | ||||
|  | ||||
|     @classmethod | ||||
|     def filter_hklm_entries(cls, startswith): | ||||
|         pregs = cls.filter_entries(startswith) | ||||
|         list_entiers = list() | ||||
|         for keyname, value in pregs.items(): | ||||
|             if isinstance(value, dict): | ||||
|                 for valuename, data in value.items(): | ||||
|                     list_entiers.append(PregDconf( | ||||
|                         keyname, convert_string_dconf(valuename), find_preg_type(data), data)) | ||||
|             elif isinstance(value, list): | ||||
|                 for data in value: | ||||
|                     list_entiers.append(PregDconf( | ||||
|                         keyname, convert_string_dconf(data), find_preg_type(data), data)) | ||||
|             else: | ||||
|                 list_entiers.append(PregDconf( | ||||
|                         '/'.join(keyname.split('/')[:-1]), convert_string_dconf(keyname.split('/')[-1]), find_preg_type(value), value)) | ||||
|  | ||||
|  | ||||
|         return gplist(list_entiers) | ||||
|  | ||||
|  | ||||
|     @classmethod | ||||
|     def filter_hkcu_entries(cls, sid, startswith): | ||||
|         return cls.filter_hklm_entries(startswith) | ||||
|  | ||||
|  | ||||
|     @classmethod | ||||
|     def get_storage(cls,dictionary = None): | ||||
|         if dictionary: | ||||
|             result = dictionary | ||||
|         elif Dconf_registry._gpt_read_flag: | ||||
|             result = Dconf_registry.global_registry_dict | ||||
|         else: | ||||
|             if Dconf_registry.__dconf_dict_flag: | ||||
|                 result = Dconf_registry.__dconf_dict | ||||
|             else: | ||||
|                 Dconf_registry.__dconf_dict = Dconf_registry.get_policies_from_dconf() | ||||
|                 result = Dconf_registry.__dconf_dict | ||||
|                 Dconf_registry.__dconf_dict_flag = True | ||||
|         return result | ||||
|  | ||||
|  | ||||
|     @classmethod | ||||
|     def filling_storage_from_dconf(cls): | ||||
|         Dconf_registry.global_registry_dict = Dconf_registry.get_storage() | ||||
|  | ||||
|  | ||||
|     @classmethod | ||||
|     def get_entry(cls, path, dictionary = None): | ||||
|         logdata = dict() | ||||
|         result = Dconf_registry.get_storage(dictionary) | ||||
|  | ||||
|         keys = path.split("\\") if "\\" in path else path.split("/") | ||||
|         key = '/'.join(keys[:-1]) if keys[0] else '/'.join(keys[:-1])[1:] | ||||
|  | ||||
|         if isinstance(result, dict) and key in result.keys(): | ||||
|             data = result.get(key).get(keys[-1]) | ||||
|             return PregDconf( | ||||
|                 key, convert_string_dconf(keys[-1]), find_preg_type(data), data) | ||||
|         else: | ||||
|             logdata['path'] = path | ||||
|             log('D208', logdata) | ||||
|             return None | ||||
|  | ||||
|  | ||||
|     @classmethod | ||||
|     def get_hkcu_entry(cls, sid, hive_key, dictionary = None): | ||||
|         return cls.get_hklm_entry(hive_key, dictionary) | ||||
|  | ||||
|  | ||||
|     @classmethod | ||||
|     def get_hklm_entry(cls, hive_key, dictionary = None): | ||||
|         return cls.get_entry(hive_key, dictionary) | ||||
|  | ||||
|  | ||||
|  | ||||
|     @classmethod | ||||
|     def add_shortcut(cls, sid, sc_obj, policy_name): | ||||
|         cls.shortcuts.append(sc_obj) | ||||
|  | ||||
|  | ||||
|     @classmethod | ||||
|     def add_printer(cls, sid, pobj, policy_name): | ||||
|         cls.printers.append(pobj) | ||||
|  | ||||
|  | ||||
|     @classmethod | ||||
|     def add_drive(cls, sid, dobj, policy_name): | ||||
|         cls.drives.append(dobj) | ||||
|  | ||||
|  | ||||
|     @classmethod | ||||
|     def add_folder(cls, sid, fobj, policy_name): | ||||
|         cls.folders.append(fobj) | ||||
|  | ||||
|  | ||||
|     @classmethod | ||||
|     def add_envvar(self, sid, evobj, policy_name): | ||||
|         self.environmentvariables.append(evobj) | ||||
|  | ||||
|  | ||||
|     @classmethod | ||||
|     def add_script(cls, sid, scrobj, policy_name): | ||||
|         cls.scripts.append(scrobj) | ||||
|  | ||||
|  | ||||
|     @classmethod | ||||
|     def add_file(cls, sid, fileobj, policy_name): | ||||
|         cls.files.append(fileobj) | ||||
|  | ||||
|  | ||||
|     @classmethod | ||||
|     def add_ini(cls, sid, iniobj, policy_name): | ||||
|         cls.inifiles.append(iniobj) | ||||
|  | ||||
|  | ||||
|     @classmethod | ||||
|     def add_networkshare(cls, sid, networkshareobj, policy_name): | ||||
|         cls.networkshares.append(networkshareobj) | ||||
|  | ||||
|  | ||||
|     @classmethod | ||||
|     def get_shortcuts(cls, sid): | ||||
|         return cls.shortcuts | ||||
|  | ||||
|  | ||||
|     @classmethod | ||||
|     def get_printers(cls, sid): | ||||
|         return cls.printers | ||||
|  | ||||
|  | ||||
|     @classmethod | ||||
|     def get_drives(cls, sid): | ||||
|         return cls.drives | ||||
|  | ||||
|     @classmethod | ||||
|     def get_folders(cls, sid): | ||||
|         return cls.folders | ||||
|  | ||||
|  | ||||
|     @classmethod | ||||
|     def get_envvars(cls, sid): | ||||
|         return cls.environmentvariables | ||||
|  | ||||
|  | ||||
|     @classmethod | ||||
|     def get_scripts(cls, sid, action): | ||||
|         action_scripts = list() | ||||
|         for part in cls.scripts: | ||||
|             if action == 'LOGON' and part.action == 'LOGON': | ||||
|                 action_scripts.append(part) | ||||
|             elif action == 'LOGOFF' and part.action == 'LOGOFF': | ||||
|                 action_scripts.append(part) | ||||
|             elif action == 'STARTUP' and part.action == 'STARTUP': | ||||
|                 action_scripts.append(part) | ||||
|             elif action == 'SHUTDOWN' and part.action == 'SHUTDOWN': | ||||
|                 action_scripts.append(part) | ||||
|         return action_scripts | ||||
|  | ||||
|  | ||||
|     @classmethod | ||||
|     def get_files(cls, sid): | ||||
|         return cls.files | ||||
|  | ||||
|  | ||||
|     @classmethod | ||||
|     def get_networkshare(cls, sid): | ||||
|         return cls.networkshares | ||||
|  | ||||
|  | ||||
|     @classmethod | ||||
|     def get_ini(cls, sid): | ||||
|         return cls.inifiles | ||||
|  | ||||
|  | ||||
|     @classmethod | ||||
|     def wipe_user(cls, sid): | ||||
|         cls.wipe_hklm() | ||||
|  | ||||
|  | ||||
|     @classmethod | ||||
|     def wipe_hklm(cls): | ||||
|         cls.global_registry_dict = dict({cls._ReadQueue:{}}) | ||||
|  | ||||
|  | ||||
| def filter_dict_keys(starting_string, input_dict): | ||||
|     result = dict() | ||||
|     for key in input_dict: | ||||
|         key_list = remove_empty_values(re.split(r'\\|/', key)) | ||||
|         start_list = remove_empty_values(re.split(r'\\|/', starting_string)) | ||||
|         if key_list[:len(start_list)] == start_list: | ||||
|             result[key] = input_dict.get(key) | ||||
|  | ||||
|     return result | ||||
|  | ||||
|  | ||||
| def find_preg_type(argument): | ||||
|     if isinstance(argument, int): | ||||
|         return 4 | ||||
|     else: | ||||
|         return 1 | ||||
|  | ||||
|  | ||||
| def update_dict(dict1, dict2): | ||||
|     ''' | ||||
|     Updates dict1 with the key-value pairs from dict2 | ||||
|     ''' | ||||
|     for key, value in dict2.items(): | ||||
|         if key in dict1: | ||||
|             # If both values are dictionaries, recursively call the update_dict function | ||||
|             if isinstance(dict1[key], dict) and isinstance(value, dict): | ||||
|                 update_dict(dict1[key], value) | ||||
|             # If the value in dict1 is a list, extend it with unique values from value | ||||
|             elif isinstance(dict1[key], list): | ||||
|                 dict1[key].extend(set(value) - set(dict1[key])) | ||||
|             else: | ||||
|                 # If the value in dict1 is not a dictionary or the value in dict2 is not a dictionary, | ||||
|                 # replace the value in dict1 with the value from dict2 | ||||
|                 dict1[key] = value | ||||
|         else: | ||||
|             # If the key does not exist in dict1, add the key-value pair from dict2 to dict1 | ||||
|             dict1[key] = value | ||||
|  | ||||
|  | ||||
| def add_to_dict(string, policy_name, username, version): | ||||
|     if username is None: | ||||
|         correct_path = '/'.join(string.split('/')[:-2]) | ||||
|         machine= '{}/Machine'.format(Dconf_registry._ReadQueue) | ||||
|         dictionary = Dconf_registry.global_registry_dict.setdefault(machine, dict()) | ||||
|     else: | ||||
|         correct_path = '/'.join(string.split('/')[:-2]) | ||||
|         user = '{}/User'.format(Dconf_registry._ReadQueue) | ||||
|         dictionary = Dconf_registry.global_registry_dict.setdefault(user, dict()) | ||||
|  | ||||
|     dictionary[len(dictionary)] = (policy_name, correct_path, version) | ||||
|  | ||||
|  | ||||
| def load_preg_dconf(pregfile, pathfile, policy_name, username, version=None): | ||||
|     ''' | ||||
|     Loads the configuration from preg registry into a dictionary | ||||
|     ''' | ||||
|     dd = dict() | ||||
|     for i in pregfile.entries: | ||||
|         # Skip this entry if the valuename starts with '**del' | ||||
|         if i.valuename.lower().startswith('**del'): | ||||
|             continue | ||||
|         valuename = convert_string_dconf(i.valuename) | ||||
|         data = check_data(i.data, i.type) | ||||
|         if i.valuename != i.data and i.valuename: | ||||
|             if i.keyname.replace('\\', '/') in dd: | ||||
|                 # If the key exists in dd, update its value with the new key-value pair | ||||
|                 dd[i.keyname.replace('\\', '/')].update({valuename.replace('\\', '/'):data}) | ||||
|             else: | ||||
|                 # If the key does not exist in dd, create a new key-value pair | ||||
|                 dd[i.keyname.replace('\\', '/')] = {valuename.replace('\\', '/'):data} | ||||
|  | ||||
|         elif not i.valuename: | ||||
|             keyname_tmp = i.keyname.replace('\\', '/').split('/') | ||||
|             keyname = '/'.join(keyname_tmp[:-1]) | ||||
|             if keyname in dd: | ||||
|                 # If the key exists in dd, update its value with the new key-value pair | ||||
|                 dd[keyname].update({keyname_tmp[-1]:data}) | ||||
|             else: | ||||
|                 # If the key does not exist in dd, create a new key-value pair | ||||
|                 dd[keyname] = {keyname_tmp[-1]:data} | ||||
|  | ||||
|         else: | ||||
|             # If the value name is the same as the data, | ||||
|             # split the keyname and add the data to the appropriate location in dd. | ||||
|             all_list_key = i.keyname.split('\\') | ||||
|             dd_target = dd.setdefault('/'.join(all_list_key[:-1]),{}) | ||||
|             dd_target.setdefault(all_list_key[-1], []).append(data) | ||||
|  | ||||
|     # Update the global registry dictionary with the contents of dd | ||||
|     add_to_dict(pathfile, policy_name, username, version) | ||||
|     update_dict(Dconf_registry.global_registry_dict, dd) | ||||
|  | ||||
|  | ||||
| def create_dconf_ini_file(filename, data): | ||||
|     ''' | ||||
|     Create an ini-file based on a dictionary of dictionaries. | ||||
|     Args: | ||||
|         data (dict): The dictionary of dictionaries containing the data for the ini-file. | ||||
|         filename (str): The filename to save the ini-file. | ||||
|     Returns: | ||||
|         None | ||||
|     Raises: | ||||
|         None | ||||
|     ''' | ||||
|     with open(filename, 'w') as file: | ||||
|         for section, section_data in data.items(): | ||||
|             file.write(f'[{section}]\n') | ||||
|             for key, value in section_data.items(): | ||||
|                 if isinstance(value, int): | ||||
|                     file.write(f'{key} = {value}\n') | ||||
|                 else: | ||||
|                     file.write(f'{key} = "{value}"\n') | ||||
|             file.write('\n') | ||||
|     logdata = dict() | ||||
|     logdata['path'] = filename | ||||
|     log('D209', logdata) | ||||
|     Dconf_registry.dconf_update() | ||||
|  | ||||
| def clean_data(data): | ||||
|     try: | ||||
|         cleaned_string = data.replace('\n', '').replace('\r', '') | ||||
|         cleaned_string = cleaned_string.replace('"', "'") | ||||
|         return cleaned_string | ||||
|     except: | ||||
|         return None | ||||
|  | ||||
| def check_data(data, t_data): | ||||
|     if isinstance(data, bytes): | ||||
|         if t_data == 7: | ||||
|             return clean_data(data.decode('utf-16').replace('\x00','')) | ||||
|         else: | ||||
|             return None | ||||
|     elif t_data == 4: | ||||
|         return data | ||||
|     return clean_data(data) | ||||
|  | ||||
| def convert_string_dconf(input_string): | ||||
|     macros = { | ||||
|         '#': '%sharp%', | ||||
|         ';': '%semicolon%', | ||||
|         '//': '%doubleslash%' | ||||
|     } | ||||
|     output_string = input_string | ||||
|     for key, value in macros.items(): | ||||
|         if key in input_string: | ||||
|             output_string = input_string.replace(key, value) | ||||
|         elif value in input_string: | ||||
|             output_string = input_string.replace(value, key) | ||||
|  | ||||
|     return output_string | ||||
|  | ||||
| def remove_empty_values(input_list): | ||||
|     return list(filter(None, input_list)) | ||||
|  | ||||
| def flatten_dictionary(input_dict, result=None, current_key=''): | ||||
|     if result is None: | ||||
|         result = {} | ||||
|  | ||||
|     for key, value in input_dict.items(): | ||||
|         new_key = f"{current_key}/{key}" if current_key else key | ||||
|  | ||||
|         if isinstance(value, dict): | ||||
|             flatten_dictionary(value, result, new_key) | ||||
|         else: | ||||
|             result[new_key] = value | ||||
|  | ||||
|     return result | ||||
|  | ||||
| def get_dconf_envprofile(): | ||||
|     dconf_envprofile = {'default': {'DCONF_PROFILE': 'default'}, | ||||
|                     'local': {'DCONF_PROFILE': 'local'}, | ||||
|                     'system': {'DCONF_PROFILE': 'system'} | ||||
|                     } | ||||
|  | ||||
|     if Dconf_registry._envprofile: | ||||
|         return dconf_envprofile.get(Dconf_registry._envprofile, dconf_envprofile['system']) | ||||
|  | ||||
|     if not Dconf_registry._username: | ||||
|         return dconf_envprofile['system'] | ||||
|  | ||||
|     profile = '/run/dconf/user/{}'.format(get_uid_by_username(Dconf_registry._username)) | ||||
|     return {'DCONF_PROFILE': profile} | ||||
| @@ -19,35 +19,47 @@ | ||||
|  | ||||
| import os | ||||
| import os.path | ||||
| import tempfile | ||||
| from pathlib import Path | ||||
| import smbc | ||||
|  | ||||
|  | ||||
| from util.logging import log | ||||
| from util.paths import file_cache_dir, UNCPath | ||||
| from util.paths import file_cache_dir, file_cache_path_home, UNCPath | ||||
| from util.exceptions import NotUNCPathError | ||||
|  | ||||
|  | ||||
| class fs_file_cache: | ||||
|     __read_blocksize = 4096 | ||||
|  | ||||
|     def __init__(self, cache_name): | ||||
|     def __init__(self, cache_name, username = None): | ||||
|         self.cache_name = cache_name | ||||
|         self.storage_uri = file_cache_dir() | ||||
|         if username: | ||||
|             try: | ||||
|                 self.storage_uri = file_cache_path_home(username) | ||||
|             except: | ||||
|                 self.storage_uri = file_cache_dir() | ||||
|         else: | ||||
|             self.storage_uri = file_cache_dir() | ||||
|         logdata = dict({'cache_file': self.storage_uri}) | ||||
|         log('D20', logdata) | ||||
|         self.samba_context = smbc.Context(use_kerberos=1) | ||||
|                 #, debug=10) | ||||
|  | ||||
|     def store(self, uri): | ||||
|         destdir = uri | ||||
|     def store(self, uri, destfile = None): | ||||
|         try: | ||||
|             uri_path = UNCPath(uri) | ||||
|             file_name = os.path.basename(uri_path.get_path()) | ||||
|             file_path = os.path.dirname(uri_path.get_path()) | ||||
|             destdir = Path('{}/{}/{}'.format(self.storage_uri, | ||||
|                 uri_path.get_domain(), | ||||
|                 file_path)) | ||||
|             if not destfile: | ||||
|                 file_name = os.path.basename(uri_path.get_path()) | ||||
|                 file_path = os.path.dirname(uri_path.get_path()) | ||||
|                 destdir = Path('{}/{}/{}'.format(self.storage_uri, | ||||
|                     uri_path.get_domain(), | ||||
|                     file_path)) | ||||
|             else: | ||||
|                 destdir = destfile.parent | ||||
|         except NotUNCPathError: | ||||
|             return None | ||||
|  | ||||
|         except Exception as exc: | ||||
|             logdata = dict({'exception': str(exc)}) | ||||
|             log('D144', logdata) | ||||
| @@ -56,20 +68,27 @@ class fs_file_cache: | ||||
|         if not destdir.exists(): | ||||
|             destdir.mkdir(parents=True, exist_ok=True) | ||||
|  | ||||
|         destfile = Path('{}/{}/{}'.format(self.storage_uri, | ||||
|             uri_path.get_domain(), | ||||
|             uri_path.get_path())) | ||||
|         if not destfile: | ||||
|             destfile = Path('{}/{}/{}'.format(self.storage_uri, | ||||
|                 uri_path.get_domain(), | ||||
|                 uri_path.get_path())) | ||||
|  | ||||
|         with open(destfile, 'wb') as df: | ||||
|             df.truncate() | ||||
|             df.flush() | ||||
|         try: | ||||
|             fd, tmpfile = tempfile.mkstemp('', str(destfile)) | ||||
|             df = os.fdopen(fd, 'wb') | ||||
|             file_handler = self.samba_context.open(str(uri_path), os.O_RDONLY) | ||||
|             while True: | ||||
|                 data = file_handler.read(self.__read_blocksize) | ||||
|                 if not data: | ||||
|                     break | ||||
|                 df.write(data) | ||||
|             df.flush() | ||||
|             df.close() | ||||
|             os.rename(tmpfile, destfile) | ||||
|             os.chmod(destfile, 0o644) | ||||
|         except: | ||||
|             tmppath = Path(tmpfile) | ||||
|             if tmppath.exists(): | ||||
|                 tmppath.unlink() | ||||
|  | ||||
|     def get(self, uri): | ||||
|         destfile = uri | ||||
|   | ||||
| @@ -115,6 +115,13 @@ class drive_entry(object): | ||||
|         self.password = dobj.password | ||||
|         self.dir = dobj.dir | ||||
|         self.path = dobj.path | ||||
|         self.action = dobj.action | ||||
|         self.thisDrive = dobj.thisDrive | ||||
|         self.allDrives = dobj.allDrives | ||||
|         self.label = dobj.label | ||||
|         self.persistent = dobj.persistent | ||||
|         self.useLetter = dobj.useLetter | ||||
|  | ||||
|  | ||||
|     def update_fields(self): | ||||
|         fields = dict() | ||||
| @@ -123,6 +130,12 @@ class drive_entry(object): | ||||
|         fields['password'] = self.password | ||||
|         fields['dir'] = self.dir | ||||
|         fields['path'] = self.path | ||||
|         fields['action'] = self.action | ||||
|         fields['thisDrive'] = self.thisDrive | ||||
|         fields['allDrives'] = self.allDrives | ||||
|         fields['label'] = self.label | ||||
|         fields['persistent'] = self.persistent | ||||
|         fields['useLetter'] = self.useLetter | ||||
|  | ||||
|         return fields | ||||
|  | ||||
| @@ -138,6 +151,7 @@ class folder_entry(object): | ||||
|         self.delete_folder = str(fobj.delete_folder) | ||||
|         self.delete_sub_folders = str(fobj.delete_sub_folders) | ||||
|         self.delete_files = str(fobj.delete_files) | ||||
|         self.hidden_folder = str(fobj.hidden_folder) | ||||
|  | ||||
|     def update_fields(self): | ||||
|         ''' | ||||
| @@ -149,6 +163,8 @@ class folder_entry(object): | ||||
|         fields['delete_folder'] = self.delete_folder | ||||
|         fields['delete_sub_folders'] = self.delete_sub_folders | ||||
|         fields['delete_files'] = self.delete_files | ||||
|         fields['hidden_folder'] = self.hidden_folder | ||||
|  | ||||
|  | ||||
|         return fields | ||||
|  | ||||
| @@ -203,17 +219,17 @@ class file_entry(object): | ||||
|     ''' | ||||
|     Object mapping representing FILES.XML | ||||
|     ''' | ||||
|     def __init__(self, sid, scrobj, policy_name): | ||||
|     def __init__(self, sid, fileobj, policy_name): | ||||
|         self.sid = sid | ||||
|         self.policy_name = policy_name | ||||
|         self.action = scrobj.action | ||||
|         self.fromPath = scrobj.fromPath | ||||
|         self.targetPath = scrobj.targetPath | ||||
|         self.readOnly = scrobj.readOnly | ||||
|         self.archive = scrobj.archive | ||||
|         self.hidden = scrobj.hidden | ||||
|         self.suppress = scrobj.suppress | ||||
|  | ||||
|         self.action = fileobj.action | ||||
|         self.fromPath = fileobj.fromPath | ||||
|         self.targetPath = fileobj.targetPath | ||||
|         self.readOnly = fileobj.readOnly | ||||
|         self.archive = fileobj.archive | ||||
|         self.hidden = fileobj.hidden | ||||
|         self.suppress = fileobj.suppress | ||||
|         self.executable = fileobj.executable | ||||
|  | ||||
|     def update_fields(self): | ||||
|         ''' | ||||
| @@ -228,6 +244,7 @@ class file_entry(object): | ||||
|         fields['archive'] = self.archive | ||||
|         fields['hidden'] = self.hidden | ||||
|         fields['suppress'] = self.suppress | ||||
|         fields['executable'] = self.executable | ||||
|  | ||||
|         return fields | ||||
|  | ||||
|   | ||||
| @@ -26,13 +26,11 @@ from sqlalchemy import ( | ||||
|     Column, | ||||
|     Integer, | ||||
|     String, | ||||
|     MetaData | ||||
| ) | ||||
| from sqlalchemy.orm import ( | ||||
|     mapper, | ||||
|     sessionmaker | ||||
| ) | ||||
|  | ||||
| from sqlalchemy.orm import sessionmaker | ||||
| from .sqlite_registry_compat import sqlite_registry_compat | ||||
|  | ||||
| from util.logging import log | ||||
| from util.paths import cache_dir | ||||
|  | ||||
| @@ -55,7 +53,8 @@ class sqlite_cache(cache): | ||||
|         logdata = dict({'cache_file': self.storage_uri}) | ||||
|         log('D20', logdata) | ||||
|         self.db_cnt = create_engine(self.storage_uri, echo=False) | ||||
|         self.__metadata = MetaData(self.db_cnt) | ||||
|         self.__compat = sqlite_registry_compat(self.db_cnt) | ||||
|         self.__metadata = self.__compat.metadata() | ||||
|         self.cache_table = Table( | ||||
|             self.cache_name, | ||||
|             self.__metadata, | ||||
| @@ -67,7 +66,8 @@ class sqlite_cache(cache): | ||||
|         self.__metadata.create_all(self.db_cnt) | ||||
|         Session = sessionmaker(bind=self.db_cnt) | ||||
|         self.db_session = Session() | ||||
|         mapper(self.mapper_obj, self.cache_table) | ||||
|         mapper_reg = self.__compat | ||||
|         mapper_reg.map_imperatively(self.mapper_obj, self.cache_table) | ||||
|  | ||||
|     def store(self, str_id, value): | ||||
|         obj = self.mapper_obj(str_id, value) | ||||
|   | ||||
| @@ -24,13 +24,11 @@ from sqlalchemy import ( | ||||
|     Column, | ||||
|     Integer, | ||||
|     String, | ||||
|     MetaData, | ||||
|     UniqueConstraint | ||||
| ) | ||||
| from sqlalchemy.orm import ( | ||||
|     mapper, | ||||
|     sessionmaker | ||||
| ) | ||||
|  | ||||
| from sqlalchemy.orm import sessionmaker | ||||
| from .sqlite_registry_compat import sqlite_registry_compat | ||||
|  | ||||
| from util.logging import log | ||||
| from util.paths import cache_dir | ||||
| @@ -58,7 +56,8 @@ class sqlite_registry(registry): | ||||
|             cdir = cache_dir() | ||||
|         self.db_path = os.path.join('sqlite:///{}/{}.sqlite'.format(cdir, self.db_name)) | ||||
|         self.db_cnt = create_engine(self.db_path, echo=False) | ||||
|         self.__metadata = MetaData(self.db_cnt) | ||||
|         self.__compat = sqlite_registry_compat(self.db_cnt) | ||||
|         self.__metadata = self.__compat.metadata() | ||||
|         self.__info = Table( | ||||
|             'info', | ||||
|             self.__metadata, | ||||
| @@ -121,6 +120,12 @@ class sqlite_registry(registry): | ||||
|             , Column('dir', String) | ||||
|             , Column('policy_name', String) | ||||
|             , Column('path', String) | ||||
|             , Column('action', String) | ||||
|             , Column('thisDrive', String) | ||||
|             , Column('allDrives', String) | ||||
|             , Column('label', String) | ||||
|             , Column('persistent', String) | ||||
|             , Column('useLetter', String) | ||||
|             , UniqueConstraint('sid', 'dir') | ||||
|         ) | ||||
|         self.__folders = Table( | ||||
| @@ -134,6 +139,7 @@ class sqlite_registry(registry): | ||||
|             , Column('delete_folder', String) | ||||
|             , Column('delete_sub_folders', String) | ||||
|             , Column('delete_files', String) | ||||
|             , Column('hidden_folder', String) | ||||
|             , UniqueConstraint('sid', 'path') | ||||
|         ) | ||||
|         self.__envvars = Table( | ||||
| @@ -172,6 +178,7 @@ class sqlite_registry(registry): | ||||
|             , Column('archive', String) | ||||
|             , Column('hidden', String) | ||||
|             , Column('suppress', String) | ||||
|             , Column('executable', String) | ||||
|             , UniqueConstraint('sid', 'policy_name', 'targetPath', 'fromPath') | ||||
|         ) | ||||
|         self.__ini = Table( | ||||
| @@ -206,19 +213,20 @@ class sqlite_registry(registry): | ||||
|         self.__metadata.create_all(self.db_cnt) | ||||
|         Session = sessionmaker(bind=self.db_cnt) | ||||
|         self.db_session = Session() | ||||
|         mapper_reg = self.__compat | ||||
|         try: | ||||
|             mapper(info_entry, self.__info) | ||||
|             mapper(samba_preg, self.__hklm) | ||||
|             mapper(samba_hkcu_preg, self.__hkcu) | ||||
|             mapper(ad_shortcut, self.__shortcuts) | ||||
|             mapper(printer_entry, self.__printers) | ||||
|             mapper(drive_entry, self.__drives) | ||||
|             mapper(folder_entry, self.__folders) | ||||
|             mapper(envvar_entry, self.__envvars) | ||||
|             mapper(script_entry, self.__scripts) | ||||
|             mapper(file_entry, self.__files) | ||||
|             mapper(ini_entry, self.__ini) | ||||
|             mapper(networkshare_entry, self.__networkshare) | ||||
|             mapper_reg.map_imperatively(info_entry, self.__info) | ||||
|             mapper_reg.map_imperatively(samba_preg, self.__hklm) | ||||
|             mapper_reg.map_imperatively(samba_hkcu_preg, self.__hkcu) | ||||
|             mapper_reg.map_imperatively(ad_shortcut, self.__shortcuts) | ||||
|             mapper_reg.map_imperatively(printer_entry, self.__printers) | ||||
|             mapper_reg.map_imperatively(drive_entry, self.__drives) | ||||
|             mapper_reg.map_imperatively(folder_entry, self.__folders) | ||||
|             mapper_reg.map_imperatively(envvar_entry, self.__envvars) | ||||
|             mapper_reg.map_imperatively(script_entry, self.__scripts) | ||||
|             mapper_reg.map_imperatively(file_entry, self.__files) | ||||
|             mapper_reg.map_imperatively(ini_entry, self.__ini) | ||||
|             mapper_reg.map_imperatively(networkshare_entry, self.__networkshare) | ||||
|         except: | ||||
|             pass | ||||
|             #logging.error('Error creating mapper') | ||||
| @@ -481,7 +489,7 @@ class sqlite_registry(registry): | ||||
|         logdata['name'] = networkshareentry.name | ||||
|         logdata['path'] = networkshareentry.path | ||||
|         logdata['action'] = networkshareentry.action | ||||
|         log('D179', logdata) | ||||
|         log('D186', logdata) | ||||
|         try: | ||||
|             self._add(networkshareentry) | ||||
|         except Exception as exc: | ||||
|   | ||||
							
								
								
									
										45
									
								
								gpoa/storage/sqlite_registry_compat.py
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										45
									
								
								gpoa/storage/sqlite_registry_compat.py
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,45 @@ | ||||
| # | ||||
| # GPOA - GPO Applier for Linux | ||||
| # | ||||
| # Copyright (C) 2024 BaseALT Ltd. | ||||
| # Copyright (C) 2024 Evgeny SInelnikov <sin@altlinux.org>. | ||||
| # | ||||
| # This program is free software: you can redistribute it and/or modify | ||||
| # it under the terms of the GNU General Public License as published by | ||||
| # the Free Software Foundation, either version 3 of the License, or | ||||
| # (at your option) any later version. | ||||
| # | ||||
| # This program is distributed in the hope that it will be useful, | ||||
| # but WITHOUT ANY WARRANTY; without even the implied warranty of | ||||
| # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the | ||||
| # GNU General Public License for more details. | ||||
| # | ||||
| # You should have received a copy of the GNU General Public License | ||||
| # along with this program.  If not, see <http://www.gnu.org/licenses/>. | ||||
|  | ||||
| __compat__ = False | ||||
|  | ||||
| from sqlalchemy import MetaData | ||||
|  | ||||
| try: | ||||
|     from sqlalchemy.orm import registry | ||||
| except: | ||||
|     from sqlalchemy.orm import mapper | ||||
|     __compat__ = True | ||||
|  | ||||
| class sqlite_registry_compat: | ||||
|     def __init__(self, db_cnt): | ||||
|         if not __compat__: | ||||
|             self.__registry = registry() | ||||
|             self.__metadata = MetaData() | ||||
|         else: | ||||
|             self.__metadata = MetaData(db_cnt) | ||||
|  | ||||
|     def metadata(self): | ||||
|         return self.__metadata | ||||
|  | ||||
|     def map_imperatively(self, obj, table): | ||||
|         if __compat__: | ||||
|             mapper(obj, table) | ||||
|         else: | ||||
|             self.__registry.map_imperatively(obj, table) | ||||
							
								
								
									
										63
									
								
								gpoa/templates/47-alt_group_policy_permissions.rules.j2
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										63
									
								
								gpoa/templates/47-alt_group_policy_permissions.rules.j2
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,63 @@ | ||||
| {# | ||||
|  # GPOA - GPO Applier for Linux | ||||
|  # | ||||
|  # Copyright (C) 2019-2022 BaseALT Ltd. | ||||
|  # | ||||
|  # This program is free software: you can redistribute it and/or modify | ||||
|  # it under the terms of the GNU General Public License as published by | ||||
|  # the Free Software Foundation, either version 3 of the License, or | ||||
|  # (at your option) any later version. | ||||
|  # | ||||
|  # This program is distributed in the hope that it will be useful, | ||||
|  # but WITHOUT ANY WARRANTY; without even the implied warranty of | ||||
|  # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the | ||||
|  # GNU General Public License for more details. | ||||
|  # | ||||
|  # You should have received a copy of the GNU General Public License | ||||
|  # along with this program.  If not, see <http://www.gnu.org/licenses/>. | ||||
|  #} | ||||
|  | ||||
| {% if No|length %} | ||||
| polkit.addRule(function (action, subject) { | ||||
|     if ({% for res in No -%} | ||||
|         action.id == "{{res}}"{% if No|length == loop.index %}){ {% else %} ||{% endif %} | ||||
|         {% endfor %}    return polkit.Result.NO; | ||||
|     } | ||||
| }); | ||||
| {% endif %}{% if Yes|length %} | ||||
| polkit.addRule(function (action, subject) { | ||||
| 	if ({% for res in Yes -%} | ||||
| 		action.id == "{{res}}"{% if Yes|length == loop.index %}){ {% else %} ||{% endif %} | ||||
| 		{% endfor %}    return polkit.Result.YES; | ||||
| 	} | ||||
| }); | ||||
| {% endif %}{% if Auth_self|length %} | ||||
| polkit.addRule(function (action, subject) { | ||||
| 	if ({% for res in Auth_self -%} | ||||
| 		action.id == "{{res}}"{% if Auth_self|length == loop.index %}){ {% else %} ||{% endif %} | ||||
| 		{% endfor %}    return polkit.Result.AUTH_SELF; | ||||
| 	} | ||||
| }); | ||||
| {% endif %}{% if Auth_admin|length %} | ||||
| polkit.addRule(function (action, subject) { | ||||
| 	if ({% for res in Auth_admin -%} | ||||
| 		action.id == "{{res}}"{% if Auth_admin|length == loop.index %}){ {% else %} ||{% endif %} | ||||
| 		{% endfor %}    return polkit.Result.AUTH_ADMIN; | ||||
| 	} | ||||
| }); | ||||
| {% endif %}{% if Auth_self_keep|length %} | ||||
| polkit.addRule(function (action, subject) { | ||||
| 	if ({% for res in Auth_self_keep -%} | ||||
| 		action.id == "{{res}}"{% if Auth_self_keep|length == loop.index %}){ {% else %} ||{% endif %} | ||||
| 		{% endfor %}    return polkit.Result.AUTH_SELF_KEEP; | ||||
| 	} | ||||
| }); | ||||
| {% endif %}{% if Auth_admin_keep|length %} | ||||
| polkit.addRule(function (action, subject) { | ||||
| 	if ({% for res in Auth_admin_keep -%} | ||||
| 		action.id == "{{res}}"{% if Auth_admin_keep|length == loop.index %}){ {% else %} ||{% endif %} | ||||
| 		{% endfor %}    return polkit.Result.AUTH_ADMIN_KEEP; | ||||
|     } | ||||
| }); | ||||
|  | ||||
| {% endif %} | ||||
							
								
								
									
										63
									
								
								gpoa/templates/48-alt_group_policy_permissions_user.rules.j2
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										63
									
								
								gpoa/templates/48-alt_group_policy_permissions_user.rules.j2
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,63 @@ | ||||
| {# | ||||
|  # GPOA - GPO Applier for Linux | ||||
|  # | ||||
|  # Copyright (C) 2019-2022 BaseALT Ltd. | ||||
|  # | ||||
|  # This program is free software: you can redistribute it and/or modify | ||||
|  # it under the terms of the GNU General Public License as published by | ||||
|  # the Free Software Foundation, either version 3 of the License, or | ||||
|  # (at your option) any later version. | ||||
|  # | ||||
|  # This program is distributed in the hope that it will be useful, | ||||
|  # but WITHOUT ANY WARRANTY; without even the implied warranty of | ||||
|  # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the | ||||
|  # GNU General Public License for more details. | ||||
|  # | ||||
|  # You should have received a copy of the GNU General Public License | ||||
|  # along with this program.  If not, see <http://www.gnu.org/licenses/>. | ||||
|  #} | ||||
|  | ||||
| {% if No|length %} | ||||
| polkit.addRule(function (action, subject) { | ||||
|     if ({% for res in No -%} | ||||
|         action.id == "{{res}}" {% if No|length == loop.index %}&&{% else %}||{% endif %} | ||||
|         {% endfor %}subject.user == "{{User}}") { | ||||
| 			return polkit.Result.NO; | ||||
|     } | ||||
| });{% endif %}{% if Yes|length %} | ||||
| polkit.addRule(function (action, subject) { | ||||
|     if ({% for res in Yes -%} | ||||
|         action.id == "{{res}}" {% if Yes|length == loop.index %}&&{% else %}||{% endif %} | ||||
|         {% endfor %}subject.user == "{{User}}") { | ||||
| 			return polkit.Result.YES; | ||||
|     } | ||||
| });{% endif %}{% if Auth_self|length %} | ||||
| polkit.addRule(function (action, subject) { | ||||
|     if ({% for res in Auth_self -%} | ||||
|         action.id == "{{res}}" {% if Auth_self|length == loop.index %}&&{% else %}||{% endif %} | ||||
|         {% endfor %}subject.user == "{{User}}") { | ||||
| 			return polkit.Result.AUTH_SELF; | ||||
|     } | ||||
| });{% endif %}{% if Auth_admin|length %} | ||||
| polkit.addRule(function (action, subject) { | ||||
|     if ({% for res in Auth_admin -%} | ||||
|         action.id == "{{res}}" {% if Auth_admin|length == loop.index %}&&{% else %}||{% endif %} | ||||
|         {% endfor %}subject.user == "{{User}}") { | ||||
| 			return polkit.Result.AUTH_ADMIN; | ||||
|     } | ||||
| });{% endif %}{% if Auth_self_keep|length %} | ||||
| polkit.addRule(function (action, subject) { | ||||
|     if ({% for res in Auth_self_keep -%} | ||||
|         action.id == "{{res}}" {% if Auth_self_keep|length == loop.index %}&&{% else %}||{% endif %} | ||||
|         {% endfor %}subject.user == "{{User}}") { | ||||
| 			return polkit.Result.AUTH_SELF_KEEP; | ||||
|     } | ||||
| });{% endif %}{% if Auth_admin_keep|length %} | ||||
| polkit.addRule(function (action, subject) { | ||||
|     if ({% for res in Auth_admin_keep -%} | ||||
|         action.id == "{{res}}" {% if Auth_admin_keep|length == loop.index %}&&{% else %}||{% endif %} | ||||
|         {% endfor %}subject.user == "{{User}}") { | ||||
| 			return polkit.Result.AUTH_ADMIN_KEEP; | ||||
|     } | ||||
| }); | ||||
| {% endif %} | ||||
| @@ -17,7 +17,7 @@ | ||||
|  # along with this program.  If not, see <http://www.gnu.org/licenses/>. | ||||
|  #} | ||||
|  | ||||
| {% if Deny_All == '1' %} | ||||
| {% if Deny_All == 1 %} | ||||
| polkit.addRule(function (action, subject) { | ||||
| 	if ((action.id == "org.freedesktop.udisks2.filesystem-mount" || | ||||
| 	    action.id == "org.freedesktop.udisks2.filesystem-mount-system" || | ||||
|   | ||||
							
								
								
									
										63
									
								
								gpoa/templates/49-alt_group_policy_permissions.rules.j2
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										63
									
								
								gpoa/templates/49-alt_group_policy_permissions.rules.j2
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,63 @@ | ||||
| {# | ||||
|  # GPOA - GPO Applier for Linux | ||||
|  # | ||||
|  # Copyright (C) 2019-2022 BaseALT Ltd. | ||||
|  # | ||||
|  # This program is free software: you can redistribute it and/or modify | ||||
|  # it under the terms of the GNU General Public License as published by | ||||
|  # the Free Software Foundation, either version 3 of the License, or | ||||
|  # (at your option) any later version. | ||||
|  # | ||||
|  # This program is distributed in the hope that it will be useful, | ||||
|  # but WITHOUT ANY WARRANTY; without even the implied warranty of | ||||
|  # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the | ||||
|  # GNU General Public License for more details. | ||||
|  # | ||||
|  # You should have received a copy of the GNU General Public License | ||||
|  # along with this program.  If not, see <http://www.gnu.org/licenses/>. | ||||
|  #} | ||||
|  | ||||
| {% if No|length %} | ||||
| polkit.addRule(function (action, subject) { | ||||
|     if ({% for res in No -%} | ||||
|         action.id == "{{res}}"{% if No|length == loop.index %}){ {% else %} ||{% endif %} | ||||
|         {% endfor %}    return polkit.Result.NO; | ||||
|     } | ||||
| }); | ||||
| {% endif %}{% if Yes|length %} | ||||
| polkit.addRule(function (action, subject) { | ||||
| 	if ({% for res in Yes -%} | ||||
| 		action.id == "{{res}}"{% if Yes|length == loop.index %}){ {% else %} ||{% endif %} | ||||
| 		{% endfor %}    return polkit.Result.YES; | ||||
| 	} | ||||
| }); | ||||
| {% endif %}{% if Auth_self|length %} | ||||
| polkit.addRule(function (action, subject) { | ||||
| 	if ({% for res in Auth_self -%} | ||||
| 		action.id == "{{res}}"{% if Auth_self|length == loop.index %}){ {% else %} ||{% endif %} | ||||
| 		{% endfor %}    return polkit.Result.AUTH_SELF; | ||||
| 	} | ||||
| }); | ||||
| {% endif %}{% if Auth_admin|length %} | ||||
| polkit.addRule(function (action, subject) { | ||||
| 	if ({% for res in Auth_admin -%} | ||||
| 		action.id == "{{res}}"{% if Auth_admin|length == loop.index %}){ {% else %} ||{% endif %} | ||||
| 		{% endfor %}    return polkit.Result.AUTH_ADMIN; | ||||
| 	} | ||||
| }); | ||||
| {% endif %}{% if Auth_self_keep|length %} | ||||
| polkit.addRule(function (action, subject) { | ||||
| 	if ({% for res in Auth_self_keep -%} | ||||
| 		action.id == "{{res}}"{% if Auth_self_keep|length == loop.index %}){ {% else %} ||{% endif %} | ||||
| 		{% endfor %}    return polkit.Result.AUTH_SELF_KEEP; | ||||
| 	} | ||||
| }); | ||||
| {% endif %}{% if Auth_admin_keep|length %} | ||||
| polkit.addRule(function (action, subject) { | ||||
| 	if ({% for res in Auth_admin_keep -%} | ||||
| 		action.id == "{{res}}"{% if Auth_admin_keep|length == loop.index %}){ {% else %} ||{% endif %} | ||||
| 		{% endfor %}    return polkit.Result.AUTH_ADMIN_KEEP; | ||||
|     } | ||||
| }); | ||||
|  | ||||
| {% endif %} | ||||
| @@ -17,7 +17,7 @@ | ||||
|  # along with this program.  If not, see <http://www.gnu.org/licenses/>. | ||||
|  #} | ||||
|  | ||||
| {% if Deny_All == '1' %} | ||||
| {% if Deny_All == 1 %} | ||||
| polkit.addRule(function (action, subject) { | ||||
| 	if (action.id == "org.freedesktop.udisks2.filesystem-mount" || | ||||
| 	    action.id == "org.freedesktop.udisks2.filesystem-mount-system" || | ||||
|   | ||||
| @@ -16,5 +16,5 @@ | ||||
|  # You should have received a copy of the GNU General Public License | ||||
|  # along with this program.  If not, see <http://www.gnu.org/licenses/>. | ||||
|  #} | ||||
| {{ home_dir }}/net	{{ mount_file }}	-t 120  --browse | ||||
| {{ home_dir }}/{{mntTarget}}	{{ mount_file }}	-t 120  --browse | ||||
|  | ||||
|   | ||||
							
								
								
									
										20
									
								
								gpoa/templates/autofs_auto_hide.j2
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										20
									
								
								gpoa/templates/autofs_auto_hide.j2
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,20 @@ | ||||
| {# | ||||
|  # GPOA - GPO Applier for Linux | ||||
|  # | ||||
|  # Copyright (C) 2019-2022 BaseALT Ltd. | ||||
|  # | ||||
|  # This program is free software: you can redistribute it and/or modify | ||||
|  # it under the terms of the GNU General Public License as published by | ||||
|  # the Free Software Foundation, either version 3 of the License, or | ||||
|  # (at your option) any later version. | ||||
|  # | ||||
|  # This program is distributed in the hope that it will be useful, | ||||
|  # but WITHOUT ANY WARRANTY; without even the implied warranty of | ||||
|  # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the | ||||
|  # GNU General Public License for more details. | ||||
|  # | ||||
|  # You should have received a copy of the GNU General Public License | ||||
|  # along with this program.  If not, see <http://www.gnu.org/licenses/>. | ||||
|  #} | ||||
| {{ home_dir }}/.{{mntTarget}}	{{ mount_file }}	-t 120 | ||||
|  | ||||
| @@ -1,7 +1,7 @@ | ||||
| {# | ||||
|  # GPOA - GPO Applier for Linux | ||||
|  # | ||||
|  # Copyright (C) 2019-2020 BaseALT Ltd. | ||||
|  # Copyright (C) 2019-2022 BaseALT Ltd. | ||||
|  # | ||||
|  # This program is free software: you can redistribute it and/or modify | ||||
|  # it under the terms of the GNU General Public License as published by | ||||
| @@ -17,5 +17,11 @@ | ||||
|  # along with this program.  If not, see <http://www.gnu.org/licenses/>. | ||||
|  #} | ||||
| {%- for drv in drives %} | ||||
| {{ drv.dir }}	-fstype=cifs,cruid=$USER,sec=krb5,noperm	:{{ drv.path }} | ||||
| {% if (drv.thisDrive != 'HIDE') %} | ||||
| {% if drv.label %} | ||||
| "{{ drv.label }}"	-fstype=cifs,cruid=$USER,sec=krb5,noperm,cifsacl	:{{ drv.path }} | ||||
| {% else %} | ||||
| "{{ drv.dir }}"	-fstype=cifs,cruid=$USER,sec=krb5,noperm,cifsacl	:{{ drv.path }} | ||||
| {% endif %} | ||||
| {% endif %} | ||||
| {% endfor %} | ||||
|   | ||||
							
								
								
									
										27
									
								
								gpoa/templates/autofs_mountpoints_hide.j2
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										27
									
								
								gpoa/templates/autofs_mountpoints_hide.j2
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,27 @@ | ||||
| {# | ||||
|  # GPOA - GPO Applier for Linux | ||||
|  # | ||||
|  # Copyright (C) 2019-2022 BaseALT Ltd. | ||||
|  # | ||||
|  # This program is free software: you can redistribute it and/or modify | ||||
|  # it under the terms of the GNU General Public License as published by | ||||
|  # the Free Software Foundation, either version 3 of the License, or | ||||
|  # (at your option) any later version. | ||||
|  # | ||||
|  # This program is distributed in the hope that it will be useful, | ||||
|  # but WITHOUT ANY WARRANTY; without even the implied warranty of | ||||
|  # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the | ||||
|  # GNU General Public License for more details. | ||||
|  # | ||||
|  # You should have received a copy of the GNU General Public License | ||||
|  # along with this program.  If not, see <http://www.gnu.org/licenses/>. | ||||
|  #} | ||||
| {%- for drv in drives %} | ||||
| {% if (drv.thisDrive == 'HIDE') %} | ||||
| {% if drv.label %} | ||||
| "{{ drv.label }}"	-fstype=cifs,cruid=$USER,sec=krb5,noperm,cifsacl	:{{ drv.path }} | ||||
| {% else %} | ||||
| "{{ drv.dir }}"	-fstype=cifs,cruid=$USER,sec=krb5,noperm,cifsacl	:{{ drv.path }} | ||||
| {% endif %} | ||||
| {% endif %} | ||||
| {% endfor %} | ||||
| @@ -46,3 +46,10 @@ class NotUNCPathError(Exception): | ||||
|     def __str__(self): | ||||
|         return self.path | ||||
|  | ||||
| class GetGPOListFail(Exception): | ||||
|     def __init__(self, exc): | ||||
|         self.exc = exc | ||||
|  | ||||
|     def __str__(self): | ||||
|         return self.exc | ||||
|  | ||||
|   | ||||
							
								
								
									
										356
									
								
								gpoa/util/gpoa_ini_parsing.py
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										356
									
								
								gpoa/util/gpoa_ini_parsing.py
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,356 @@ | ||||
| # | ||||
| # GPOA - GPO Applier for Linux | ||||
| # | ||||
| # Copyright (C) 2019-2023 BaseALT Ltd. | ||||
| # | ||||
| # This program is free software: you can redistribute it and/or modify | ||||
| # it under the terms of the GNU General Public License as published by | ||||
| # the Free Software Foundation, either version 3 of the License, or | ||||
| # (at your option) any later version. | ||||
| # | ||||
| # This program is distributed in the hope that it will be useful, | ||||
| # but WITHOUT ANY WARRANTY; without even the implied warranty of | ||||
| # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the | ||||
| # GNU General Public License for more details. | ||||
| # | ||||
| # You should have received a copy of the GNU General Public License | ||||
| # along with this program.  If not, see <http://www.gnu.org/licenses/>. | ||||
|  | ||||
| from configobj import (ConfigObj, NestingError, Section, | ||||
|                         DuplicateError, ParseError, UnreprError, | ||||
|                         UnknownType,UnreprError, | ||||
|                         BOM_UTF8, DEFAULT_INDENT_TYPE, BOM_LIST, | ||||
|                         match_utf8, unrepr) | ||||
| import six | ||||
| import re | ||||
| import sys | ||||
| import os | ||||
|  | ||||
| # Michael Foord: fuzzyman AT voidspace DOT org DOT uk | ||||
| # Nicola Larosa: nico AT tekNico DOT net | ||||
| # Rob Dennis: rdennis AT gmail DOT com | ||||
| # Eli Courtwright: eli AT courtwright DOT org | ||||
| # This class based on the ConfigObj module, distributed under the BSD-3-Clause license. | ||||
| # This class includes modified code from the ConfigObj module mentioned above. | ||||
| # The original authors and their contact information are listed in the comments above. | ||||
| # For more information about ConfigObj, please visit the main repository: | ||||
| # https://github.com/DiffSK/configobj | ||||
|  | ||||
|  | ||||
| class GpoaConfigObj(ConfigObj): | ||||
|  | ||||
|     _sectionmarker = re.compile(r'''^ | ||||
|         (\s*)                     # 1: indentation | ||||
|         ((?:\[\s*)+)              # 2: section marker open | ||||
|         (                         # 3: section name open | ||||
|             (?:"\s*\S.*?\s*")|    # at least one non-space with double quotes | ||||
|             (?:'\s*\S.*?\s*')|    # at least one non-space with single quotes | ||||
|             (?:[^'"\s].*?)        # at least one non-space unquoted | ||||
|         )                         # section name close | ||||
|         ((?:\s*\])+)              # 4: section marker close | ||||
|         (\s*(?:[#;].*)?)?           # 5: optional comment | ||||
|         $''', | ||||
|         re.VERBOSE) | ||||
|  | ||||
|     _valueexp = re.compile(r'''^ | ||||
|         (?: | ||||
|             (?: | ||||
|                 ( | ||||
|                     (?: | ||||
|                         (?: | ||||
|                             (?:".*?")|              # double quotes | ||||
|                             (?:'.*?')|              # single quotes | ||||
|                             (?:[^'",\#][^,\#]*?)    # unquoted | ||||
|                         ) | ||||
|                         \s*,\s*                     # comma | ||||
|                     )*      # match all list items ending in a comma (if any) | ||||
|                 ) | ||||
|                 ( | ||||
|                     (?:".*?")|                      # double quotes | ||||
|                     (?:'.*?')|                      # single quotes | ||||
|                     (?:[^'",\#\s][^,]*?)|           # unquoted | ||||
|                     (?:(?<!,))                      # Empty value | ||||
|                 )?          # last item in a list - or string value | ||||
|             )| | ||||
|             (,)             # alternatively a single comma - empty list | ||||
|         ) | ||||
|         (\s*(?:[#;].*)?)?     # optional comment | ||||
|         $''', | ||||
|         re.VERBOSE) | ||||
|  | ||||
|     COMMENT_MARKERS = ['#', ';'] | ||||
|  | ||||
|     def _handle_comment(self, comment): | ||||
|         """Deal with a comment.""" | ||||
|         if not comment: | ||||
|             return '' | ||||
|         start = self.indent_type | ||||
|         if not comment.lstrip().startswith(tuple(self.COMMENT_MARKERS)): | ||||
|             start += ' # ' | ||||
|         return start + comment.strip() | ||||
|  | ||||
|     def _parse(self, infile): | ||||
|         """Actually parse the config file.""" | ||||
|         temp_list_values = self.list_values | ||||
|         if self.unrepr: | ||||
|             self.list_values = False | ||||
|  | ||||
|         comment_list = [] | ||||
|         done_start = False | ||||
|         this_section = self | ||||
|         maxline = len(infile) - 1 | ||||
|         cur_index = -1 | ||||
|         reset_comment = False | ||||
|         comment_markers = tuple(self.COMMENT_MARKERS) | ||||
|  | ||||
|         while cur_index < maxline: | ||||
|             if reset_comment: | ||||
|                 comment_list = [] | ||||
|             cur_index += 1 | ||||
|             line = infile[cur_index] | ||||
|             sline = line.strip() | ||||
|             # do we have anything on the line ? | ||||
|             if not sline or sline.startswith(comment_markers): | ||||
|                 reset_comment = False | ||||
|                 comment_list.append(line) | ||||
|                 continue | ||||
|  | ||||
|             if not done_start: | ||||
|                 # preserve initial comment | ||||
|                 self.initial_comment = comment_list | ||||
|                 comment_list = [] | ||||
|                 done_start = True | ||||
|  | ||||
|             reset_comment = True | ||||
|             # first we check if it's a section marker | ||||
|             mat = self._sectionmarker.match(line) | ||||
|             if mat is not None: | ||||
|                 # is a section line | ||||
|                 (indent, sect_open, sect_name, sect_close, comment) = mat.groups() | ||||
|                 if indent and (self.indent_type is None): | ||||
|                     self.indent_type = indent | ||||
|                 cur_depth = sect_open.count('[') | ||||
|                 if cur_depth != sect_close.count(']'): | ||||
|                     self._handle_error("Cannot compute the section depth", | ||||
|                                        NestingError, infile, cur_index) | ||||
|                     continue | ||||
|  | ||||
|                 if cur_depth < this_section.depth: | ||||
|                     # the new section is dropping back to a previous level | ||||
|                     try: | ||||
|                         parent = self._match_depth(this_section, | ||||
|                                                    cur_depth).parent | ||||
|                     except SyntaxError: | ||||
|                         self._handle_error("Cannot compute nesting level", | ||||
|                                            NestingError, infile, cur_index) | ||||
|                         continue | ||||
|                 elif cur_depth == this_section.depth: | ||||
|                     # the new section is a sibling of the current section | ||||
|                     parent = this_section.parent | ||||
|                 elif cur_depth == this_section.depth + 1: | ||||
|                     # the new section is a child the current section | ||||
|                     parent = this_section | ||||
|                 else: | ||||
|                     self._handle_error("Section too nested", | ||||
|                                        NestingError, infile, cur_index) | ||||
|                     continue | ||||
|  | ||||
|                 sect_name = self._unquote(sect_name) | ||||
|                 if sect_name in parent: | ||||
|                     self._handle_error('Duplicate section name', | ||||
|                                        DuplicateError, infile, cur_index) | ||||
|                     continue | ||||
|  | ||||
|                 # create the new section | ||||
|                 this_section = Section( | ||||
|                     parent, | ||||
|                     cur_depth, | ||||
|                     self, | ||||
|                     name=sect_name) | ||||
|                 parent[sect_name] = this_section | ||||
|                 parent.inline_comments[sect_name] = comment | ||||
|                 parent.comments[sect_name] = comment_list | ||||
|                 continue | ||||
|             # | ||||
|             # it's not a section marker, | ||||
|             # so it should be a valid ``key = value`` line | ||||
|             mat = self._keyword.match(line) | ||||
|             if mat is None: | ||||
|                 self._handle_error( | ||||
|                     'Invalid line ({!r}) (matched as neither section nor keyword)'.format(line), | ||||
|                     ParseError, infile, cur_index) | ||||
|             else: | ||||
|                 # is a keyword value | ||||
|                 # value will include any inline comment | ||||
|                 (indent, key, value) = mat.groups() | ||||
|                 if indent and (self.indent_type is None): | ||||
|                     self.indent_type = indent | ||||
|                 # check for a multiline value | ||||
|                 if value[:3] in ['"""', "'''"]: | ||||
|                     try: | ||||
|                         value, comment, cur_index = self._multiline( | ||||
|                             value, infile, cur_index, maxline) | ||||
|                     except SyntaxError: | ||||
|                         self._handle_error( | ||||
|                             'Parse error in multiline value', | ||||
|                             ParseError, infile, cur_index) | ||||
|                         continue | ||||
|                     else: | ||||
|                         if self.unrepr: | ||||
|                             comment = '' | ||||
|                             try: | ||||
|                                 value = unrepr(value) | ||||
|                             except Exception as cause: | ||||
|                                 if isinstance(cause, UnknownType): | ||||
|                                     msg = 'Unknown name or type in value' | ||||
|                                 else: | ||||
|                                     msg = 'Parse error from unrepr-ing multiline value' | ||||
|                                 self._handle_error(msg, UnreprError, infile, cur_index) | ||||
|                                 continue | ||||
|                 else: | ||||
|                     if self.unrepr: | ||||
|                         comment = '' | ||||
|                         try: | ||||
|                             value = unrepr(value) | ||||
|                         except Exception as cause: | ||||
|                             if isinstance(cause, UnknownType): | ||||
|                                 msg = 'Unknown name or type in value' | ||||
|                             else: | ||||
|                                 msg = 'Parse error from unrepr-ing value' | ||||
|                             self._handle_error(msg, UnreprError, infile, cur_index) | ||||
|                             continue | ||||
|                     else: | ||||
|                         # extract comment and lists | ||||
|                         try: | ||||
|                             (value, comment) = self._handle_value(value) | ||||
|                         except SyntaxError: | ||||
|                             self._handle_error( | ||||
|                                 'Parse error in value', | ||||
|                                 ParseError, infile, cur_index) | ||||
|                             continue | ||||
|                 # | ||||
|                 key = self._unquote(key) | ||||
|                 if key in this_section: | ||||
|                     self._handle_error( | ||||
|                         'Duplicate keyword name', | ||||
|                         DuplicateError, infile, cur_index) | ||||
|                     continue | ||||
|                 # add the key. | ||||
|                 # we set unrepr because if we have got this far we will never | ||||
|                 # be creating a new section | ||||
|                 this_section.__setitem__(key, value, unrepr=True) | ||||
|                 this_section.inline_comments[key] = comment | ||||
|                 this_section.comments[key] = comment_list | ||||
|                 continue | ||||
|         # | ||||
|         if self.indent_type is None: | ||||
|             # no indentation used, set the type accordingly | ||||
|             self.indent_type = '' | ||||
|  | ||||
|         # preserve the final comment | ||||
|         if not self and not self.initial_comment: | ||||
|             self.initial_comment = comment_list | ||||
|         elif not reset_comment: | ||||
|             self.final_comment = comment_list | ||||
|         self.list_values = temp_list_values | ||||
|  | ||||
|  | ||||
|     def write(self, outfile=None, section=None): | ||||
|         if self.indent_type is None: | ||||
|             # this can be true if initialised from a dictionary | ||||
|             self.indent_type = DEFAULT_INDENT_TYPE | ||||
|  | ||||
|         out = [] | ||||
|         comment_markers = tuple(self.COMMENT_MARKERS) | ||||
|         comment_marker_default = comment_markers[0] + ' ' | ||||
|         if section is None: | ||||
|             int_val = self.interpolation | ||||
|             self.interpolation = False | ||||
|             section = self | ||||
|             for line in self.initial_comment: | ||||
|                 line = self._decode_element(line) | ||||
|                 stripped_line = line.strip() | ||||
|                 if stripped_line and not stripped_line.startswith(comment_markers): | ||||
|                     line = comment_marker_default + line | ||||
|                 out.append(line) | ||||
|  | ||||
|         indent_string = self.indent_type * section.depth | ||||
|         for entry in (section.scalars + section.sections): | ||||
|             if entry in section.defaults: | ||||
|                 # don't write out default values | ||||
|                 continue | ||||
|             for comment_line in section.comments[entry]: | ||||
|                 comment_line = self._decode_element(comment_line.lstrip()) | ||||
|                 if comment_line and not comment_line.startswith(comment_markers): | ||||
|                     comment_line = comment_marker_default + comment_line | ||||
|                 out.append(indent_string + comment_line) | ||||
|             this_entry = section[entry] | ||||
|             comment = self._handle_comment(section.inline_comments[entry]) | ||||
|  | ||||
|             if isinstance(this_entry, Section): | ||||
|                 # a section | ||||
|                 out.append(self._write_marker( | ||||
|                     indent_string, | ||||
|                     this_entry.depth, | ||||
|                     entry, | ||||
|                     comment)) | ||||
|                 out.extend(self.write(section=this_entry)) | ||||
|             else: | ||||
|                 out.append(self._write_line( | ||||
|                     indent_string, | ||||
|                     entry, | ||||
|                     this_entry, | ||||
|                     comment)) | ||||
|  | ||||
|         if section is self: | ||||
|             for line in self.final_comment: | ||||
|                 line = self._decode_element(line) | ||||
|                 stripped_line = line.strip() | ||||
|                 if stripped_line and not stripped_line.startswith(comment_markers): | ||||
|                     line = comment_marker_default + line | ||||
|                 out.append(line) | ||||
|             self.interpolation = int_val | ||||
|  | ||||
|         if section is not self: | ||||
|             return out | ||||
|  | ||||
|         if (self.filename is None) and (outfile is None): | ||||
|             # output a list of lines | ||||
|             # might need to encode | ||||
|             # NOTE: This will *screw* UTF16, each line will start with the BOM | ||||
|             if self.encoding: | ||||
|                 out = [l.encode(self.encoding) for l in out] | ||||
|             if (self.BOM and ((self.encoding is None) or | ||||
|                 (BOM_LIST.get(self.encoding.lower()) == 'utf_8'))): | ||||
|                 # Add the UTF8 BOM | ||||
|                 if not out: | ||||
|                     out.append('') | ||||
|                 out[0] = BOM_UTF8 + out[0] | ||||
|             return out | ||||
|  | ||||
|         # Turn the list to a string, joined with correct newlines | ||||
|         newline = self.newlines or os.linesep | ||||
|         if (getattr(outfile, 'mode', None) is not None and outfile.mode == 'w' | ||||
|             and sys.platform == 'win32' and newline == '\r\n'): | ||||
|             # Windows specific hack to avoid writing '\r\r\n' | ||||
|             newline = '\n' | ||||
|         output = newline.join(out) | ||||
|         if not output.endswith(newline): | ||||
|             output += newline | ||||
|  | ||||
|         if isinstance(output, six.binary_type): | ||||
|             output_bytes = output | ||||
|         else: | ||||
|             output_bytes = output.encode(self.encoding or | ||||
|                                          self.default_encoding or | ||||
|                                          'ascii') | ||||
|  | ||||
|         if self.BOM and ((self.encoding is None) or match_utf8(self.encoding)): | ||||
|             # Add the UTF8 BOM | ||||
|             output_bytes = BOM_UTF8 + output_bytes | ||||
|  | ||||
|         if outfile is not None: | ||||
|             outfile.write(output_bytes) | ||||
|         else: | ||||
|             with open(self.filename, 'wb') as h: | ||||
|                 h.write(output_bytes) | ||||
| @@ -21,6 +21,7 @@ import pathlib | ||||
| import os | ||||
| from pathlib import Path | ||||
| from urllib.parse import urlparse | ||||
| from util.util import get_homedir | ||||
|  | ||||
| from .config import GPConfig | ||||
| from .exceptions import NotUNCPathError | ||||
| @@ -67,12 +68,19 @@ def file_cache_dir(): | ||||
|     Returns path pointing to gpupdate's cache directory | ||||
|     ''' | ||||
|     cachedir = pathlib.Path('/var/cache/gpupdate_file_cache') | ||||
|  | ||||
|     if not cachedir.exists(): | ||||
|         cachedir.mkdir(parents=True, exist_ok=True) | ||||
|  | ||||
|     return cachedir | ||||
|  | ||||
| def file_cache_path_home(username) -> str: | ||||
|     ''' | ||||
|     Returns the path pointing to the gpupdate cache directory in the /home directory. | ||||
|     ''' | ||||
|     cachedir = f'{get_homedir(username)}/.cache/gpupdate' | ||||
|  | ||||
|     return cachedir | ||||
|  | ||||
| def local_policy_cache(): | ||||
|     ''' | ||||
|     Returns path to directory where lies local policy settings cache | ||||
| @@ -85,6 +93,15 @@ def local_policy_cache(): | ||||
|  | ||||
|     return lpcache | ||||
|  | ||||
| def get_dconf_config_path(uid = None): | ||||
|     if uid: | ||||
|         return f'/etc/dconf/db/policy{uid}.d/policy{uid}.ini' | ||||
|     else: | ||||
|         return '/etc/dconf/db/policy.d/policy.ini' | ||||
|  | ||||
| def get_desktop_files_directory(): | ||||
|     return '/usr/share/applications' | ||||
|  | ||||
| class UNCPath: | ||||
|     def __init__(self, path): | ||||
|         self.path = path | ||||
|   | ||||
| @@ -19,6 +19,7 @@ | ||||
|  | ||||
| from xml.etree import ElementTree | ||||
| from storage import registry_factory | ||||
| from storage.dconf_registry import load_preg_dconf | ||||
|  | ||||
| from samba.gp_parse.gp_pol import GPPolParser | ||||
|  | ||||
| @@ -80,10 +81,16 @@ def preg_keymap(preg): | ||||
|     return keymap | ||||
|  | ||||
|  | ||||
| def merge_polfile(preg, sid=None, reg_name='registry', reg_path=None, policy_name='Unknown'): | ||||
| def merge_polfile(preg, sid=None, reg_name='registry', reg_path=None, policy_name='Unknown', username='Machine', version=None): | ||||
|     pregfile = load_preg(preg) | ||||
|     if sid is None and username == 'Machine': | ||||
|         load_preg_dconf(pregfile, preg, policy_name, None, version) | ||||
|     else: | ||||
|         load_preg_dconf(pregfile, preg, policy_name, username, version) | ||||
|     logdata = dict({'pregfile': preg}) | ||||
|     log('D32', logdata) | ||||
|     #log dconf | ||||
|     return | ||||
|     storage = registry_factory(reg_name, reg_path) | ||||
|     for entry in pregfile.entries: | ||||
|         if not sid: | ||||
|   | ||||
| @@ -47,7 +47,6 @@ def username_match_uid(username): | ||||
|     ''' | ||||
|     Check the passed username matches current process UID. | ||||
|     ''' | ||||
|     uid = os.getuid() | ||||
|     process_username = get_process_user() | ||||
|  | ||||
|     if process_username == username: | ||||
|   | ||||
| @@ -23,6 +23,7 @@ import subprocess | ||||
| import re | ||||
| from pathlib import Path | ||||
| from .samba import smbopts | ||||
| import ast | ||||
|  | ||||
|  | ||||
| def get_machine_name(): | ||||
| @@ -105,20 +106,7 @@ def get_backends(): | ||||
|     ''' | ||||
|     Get the list of backends supported by GPOA | ||||
|     ''' | ||||
|     command = ['/usr/sbin/gpoa', '--list-backends'] | ||||
|     backends = list() | ||||
|     out = list() | ||||
|  | ||||
|     with subprocess.Popen(command, stdout=subprocess.PIPE) as proc: | ||||
|         out = proc.stdout.read().decode('utf-8') | ||||
|         proc.wait() | ||||
|     out = out.split('\n') | ||||
|     for line in out: | ||||
|         tmpline = line.replace('\n', '') | ||||
|         if tmpline != '': | ||||
|             backends.append(tmpline) | ||||
|  | ||||
|     return backends | ||||
|     return ['local', 'samba'] | ||||
|  | ||||
| def get_default_policy_name(): | ||||
|     ''' | ||||
| @@ -180,3 +168,31 @@ def get_policy_variants(): | ||||
|  | ||||
|     return general_listing | ||||
|  | ||||
| def string_to_literal_eval(string): | ||||
|     try: | ||||
|         literaleval = ast.literal_eval(string) | ||||
|     except: | ||||
|         literaleval = string | ||||
|     return literaleval | ||||
|  | ||||
| def try_dict_to_literal_eval(string): | ||||
|     try: | ||||
|         literaleval = ast.literal_eval(string) | ||||
|         if isinstance(literaleval ,dict): | ||||
|             return literaleval | ||||
|         else: | ||||
|             return None | ||||
|     except: | ||||
|         return None | ||||
|  | ||||
| def touch_file(filename): | ||||
|     path = Path(filename) | ||||
|     path.parent.mkdir(parents=True, exist_ok=True) | ||||
|     path.touch() | ||||
|  | ||||
| def get_uid_by_username(username): | ||||
|     try: | ||||
|         user_info = pwd.getpwnam(username) | ||||
|         return user_info.pw_uid | ||||
|     except KeyError: | ||||
|         return None | ||||
|   | ||||
| @@ -21,19 +21,30 @@ import os | ||||
| import subprocess | ||||
| from samba import getopt as options | ||||
| from samba import NTSTATUSError | ||||
| from samba.gpclass import get_dc_hostname, check_refresh_gpo_list | ||||
|  | ||||
| try: | ||||
|     from samba.gpclass import get_dc_hostname, check_refresh_gpo_list | ||||
| except ImportError: | ||||
|     from samba.gp.gpclass import get_dc_hostname, check_refresh_gpo_list | ||||
|  | ||||
| from samba.netcmd.common import netcmd_get_domain_infos_via_cldap | ||||
| import samba.gpo | ||||
|  | ||||
| from storage import cache_factory | ||||
| from messages import message_with_code | ||||
| from .xdg import ( | ||||
|       xdg_get_desktop | ||||
| ) | ||||
| from .util import get_homedir | ||||
| from .exceptions import GetGPOListFail | ||||
| from .logging import log | ||||
| from .samba import smbopts | ||||
|  | ||||
| from gpoa.storage import registry_factory | ||||
| from samba.samdb import SamDB | ||||
| from samba.auth import system_session | ||||
| import optparse | ||||
| import ldb | ||||
| import ipaddress | ||||
| import netifaces | ||||
| import random | ||||
|  | ||||
| class smbcreds (smbopts): | ||||
|  | ||||
| @@ -42,6 +53,13 @@ class smbcreds (smbopts): | ||||
|         self.credopts = options.CredentialsOptions(self.parser) | ||||
|         self.creds = self.credopts.get_credentials(self.lp, fallback_machine=True) | ||||
|         self.set_dc(dc_fqdn) | ||||
|         self.sDomain =  SiteDomainScanner(self.creds, self.lp, self.selected_dc) | ||||
|         self.dc_site_servers = self.sDomain.select_site_servers() | ||||
|         self.all_servers = self.sDomain.select_all_servers() | ||||
|         [self.all_servers.remove(element) | ||||
|         for element in self.dc_site_servers | ||||
|         if element in self.all_servers] | ||||
|         self.pdc_emulator_server = self.sDomain.select_pdc_emulator_server() | ||||
|  | ||||
|     def get_dc(self): | ||||
|         return self.selected_dc | ||||
| @@ -107,17 +125,32 @@ class smbcreds (smbopts): | ||||
|                     log('I2', ldata) | ||||
|  | ||||
|         except Exception as exc: | ||||
|             if self.selected_dc != self.pdc_emulator_server: | ||||
|                 raise GetGPOListFail(exc) | ||||
|             logdata = dict({'username': username, 'dc': self.selected_dc}) | ||||
|             log('E17', logdata) | ||||
|  | ||||
|         return gpos | ||||
|  | ||||
|     def update_gpos(self, username): | ||||
|         gpos = self.get_gpos(username) | ||||
|  | ||||
|         list_selected_dc = set() | ||||
|  | ||||
|  | ||||
|  | ||||
|         if self.dc_site_servers: | ||||
|             self.selected_dc = self.dc_site_servers.pop() | ||||
|  | ||||
|         self.all_servers = [dc for dc in self.all_servers if dc != self.selected_dc] | ||||
|         list_selected_dc.add(self.selected_dc) | ||||
|  | ||||
|         try: | ||||
|             gpos = self.get_gpos(username) | ||||
|  | ||||
|         except GetGPOListFail: | ||||
|             self.selected_dc = self.pdc_emulator_server | ||||
|             gpos = self.get_gpos(username) | ||||
|  | ||||
|         while list_selected_dc: | ||||
|             logdata = dict() | ||||
|             logdata['username'] = username | ||||
| @@ -129,20 +162,136 @@ class smbcreds (smbopts): | ||||
|                 list_selected_dc.clear() | ||||
|             except NTSTATUSError as smb_exc: | ||||
|                 logdata['smb_exc'] = str(smb_exc) | ||||
|                 self.selected_dc = get_dc_hostname(self.creds, self.lp) | ||||
|                 if self.selected_dc not in list_selected_dc: | ||||
|                     logdata['action'] = 'Search another dc' | ||||
|                     log('W11', logdata) | ||||
|                     list_selected_dc.add(self.selected_dc) | ||||
|                 if not check_scroll_enabled(): | ||||
|                     if self.pdc_emulator_server and self.selected_dc != self.pdc_emulator_server: | ||||
|                         self.selected_dc = self.pdc_emulator_server | ||||
|                         logdata['action'] = 'Selected pdc' | ||||
|                         logdata['pdc'] = self.selected_dc | ||||
|                         log('W11', logdata) | ||||
|                     else: | ||||
|                         log('F1', logdata) | ||||
|                         raise smb_exc | ||||
|                 else: | ||||
|                     log('F1', logdata) | ||||
|                     raise smb_exc | ||||
|                     if self.dc_site_servers: | ||||
|                         self.selected_dc = self.dc_site_servers.pop() | ||||
|                     elif self.all_servers: | ||||
|                         self.selected_dc = self.all_servers.pop() | ||||
|                     else: | ||||
|                         self.selected_dc = self.pdc_emulator_server | ||||
|  | ||||
|  | ||||
|                     if self.selected_dc not in list_selected_dc: | ||||
|                         logdata['action'] = 'Search another dc' | ||||
|                         logdata['another_dc'] = self.selected_dc | ||||
|                         log('W11', logdata) | ||||
|                         list_selected_dc.add(self.selected_dc) | ||||
|                     else: | ||||
|                         log('F1', logdata) | ||||
|                         raise smb_exc | ||||
|             except Exception as exc: | ||||
|                 logdata['exc'] = str(exc) | ||||
|                 log('F1', logdata) | ||||
|                 raise exc | ||||
|         return gpos | ||||
|  | ||||
|  | ||||
| class SiteDomainScanner: | ||||
|     def __init__(self, smbcreds, lp, dc): | ||||
|         self.samdb = SamDB(url='ldap://{}'.format(dc), session_info=system_session(), credentials=smbcreds, lp=lp) | ||||
|         self.pdc_emulator = self._search_pdc_emulator() | ||||
|  | ||||
|     @staticmethod | ||||
|     def _get_ldb_single_message_attr(ldb_message, attr_name, encoding='utf8'): | ||||
|         if attr_name in ldb_message: | ||||
|             return ldb_message[attr_name][0].decode(encoding) | ||||
|         else: | ||||
|             return None | ||||
|  | ||||
|     @staticmethod | ||||
|     def _get_ldb_single_result_attr(ldb_result, attr_name, encoding='utf8'): | ||||
|         if len(ldb_result) == 1 and attr_name in ldb_result[0]: | ||||
|             return ldb_result[0][attr_name][0].decode(encoding) | ||||
|         else: | ||||
|             return None | ||||
|  | ||||
|     def _get_server_hostname(self, ds_service_name): | ||||
|         ds_service_name_dn = ldb.Dn(self.samdb, ds_service_name) | ||||
|         server_dn = ds_service_name_dn.parent() | ||||
|         res = self.samdb.search(server_dn, scope=ldb.SCOPE_BASE) | ||||
|         return self._get_ldb_single_result_attr(res, 'dNSHostName') | ||||
|  | ||||
|     def _search_pdc_emulator(self): | ||||
|         res = self.samdb.search(self.samdb.domain_dn(), scope=ldb.SCOPE_BASE) | ||||
|         pdc_settings_object = self._get_ldb_single_result_attr(res, 'fSMORoleOwner') | ||||
|         return self._get_server_hostname(pdc_settings_object) | ||||
|  | ||||
|     def get_ip_addresses(self): | ||||
|         interface_list = netifaces.interfaces() | ||||
|         addresses = [] | ||||
|         for iface in interface_list: | ||||
|             address_entry = netifaces.ifaddresses(iface) | ||||
|             if netifaces.AF_INET in address_entry: | ||||
|                 addresses.extend(ipaddress.ip_address(ipv4_address_entry['addr']) for ipv4_address_entry in address_entry[netifaces.AF_INET]) | ||||
|             if netifaces.AF_INET6 in address_entry: | ||||
|                 addresses.extend(ipaddress.ip_address(ipv6_address_entry['addr']) for ipv6_address_entry in address_entry[netifaces.AF_INET6]) | ||||
|         return addresses | ||||
|  | ||||
|     def get_ad_subnets_sites(self): | ||||
|         subnet_dn = ldb.Dn(self.samdb, "CN=Subnets,CN=Sites") | ||||
|         config_dn = self.samdb.get_config_basedn() | ||||
|         subnet_dn.add_base(config_dn) | ||||
|         res = self.samdb.search(subnet_dn, ldb.SCOPE_ONELEVEL, expression='objectClass=subnet', attrs=['cn', 'siteObject']) | ||||
|         subnets = {ipaddress.ip_network(self._get_ldb_single_message_attr(msg, 'cn')): self._get_ldb_single_message_attr(msg, 'siteObject') for msg in res} | ||||
|         return subnets | ||||
|  | ||||
|     def get_ad_site_servers(self, site): | ||||
|         servers_dn = ldb.Dn(self.samdb, "CN=Servers") | ||||
|         site_dn = ldb.Dn(self.samdb, site) | ||||
|         servers_dn.add_base(site_dn) | ||||
|         res = self.samdb.search(servers_dn, ldb.SCOPE_ONELEVEL, expression='objectClass=server', attrs=['dNSHostName']) | ||||
|         servers = [self._get_ldb_single_message_attr(msg, 'dNSHostName') for msg in res] | ||||
|         random.shuffle(servers) | ||||
|         return servers | ||||
|  | ||||
|     def get_ad_all_servers(self): | ||||
|         sites_dn = ldb.Dn(self.samdb, "CN=Sites") | ||||
|         config_dn = self.samdb.get_config_basedn() | ||||
|         sites_dn.add_base(config_dn) | ||||
|         res = self.samdb.search(sites_dn, ldb.SCOPE_SUBTREE, expression='objectClass=server', attrs=['dNSHostName']) | ||||
|         servers = [self._get_ldb_single_message_attr(msg, 'dNSHostName') for msg in res] | ||||
|         random.shuffle(servers) | ||||
|         return servers | ||||
|  | ||||
|     def check_ip_in_subnets(self, ip_addresses, subnets_sites): | ||||
|         return next((subnets_sites[subnet] for subnet in subnets_sites.keys() | ||||
|                      if any(ip_address in subnet for ip_address in ip_addresses)), None) | ||||
|  | ||||
|     def select_site_servers(self): | ||||
|         try: | ||||
|             ip_addresses = self.get_ip_addresses() | ||||
|             subnets_sites = self.get_ad_subnets_sites() | ||||
|  | ||||
|             our_site = self.check_ip_in_subnets(ip_addresses, subnets_sites) | ||||
|  | ||||
|             servers = [] | ||||
|             if our_site: | ||||
|                 servers = self.get_ad_site_servers(our_site) | ||||
|             random.shuffle(servers) | ||||
|             return servers | ||||
|         except Exception as e: | ||||
|             return [] | ||||
|  | ||||
|     def select_all_servers(self): | ||||
|         try: | ||||
|             servers = self.get_ad_all_servers() | ||||
|             random.shuffle(servers) | ||||
|             return servers | ||||
|         except Exception as e: | ||||
|             return [] | ||||
|  | ||||
|     def select_pdc_emulator_server(self): | ||||
|         return self.pdc_emulator | ||||
|  | ||||
| def expand_windows_var(text, username=None): | ||||
|     ''' | ||||
|     Scan the line for percent-encoded variables and expand them. | ||||
| @@ -166,7 +315,9 @@ def expand_windows_var(text, username=None): | ||||
|  | ||||
|     result = text | ||||
|     for var in variables.keys(): | ||||
|         result = result.replace('%{}%'.format(var), variables[var]) | ||||
|         result = result.replace('%{}%'.format(var), | ||||
|                                  variables[var] if variables[var][-1] == '/' | ||||
|                                  else variables[var] +'/') | ||||
|  | ||||
|     return result | ||||
|  | ||||
| @@ -182,3 +333,11 @@ def transform_windows_path(text): | ||||
|  | ||||
|     return result | ||||
|  | ||||
| def check_scroll_enabled(): | ||||
|     storage = registry_factory() | ||||
|     enable_scroll = '/Software/BaseALT/Policies/GPUpdate/ScrollSysvolDC' | ||||
|     if storage.get_key_value(enable_scroll): | ||||
|         data = storage.get_hklm_entry(enable_scroll).data | ||||
|         return bool(int(data)) | ||||
|     else: | ||||
|         return False | ||||
|   | ||||
							
								
								
									
										177
									
								
								gpupdate.spec
									
									
									
									
									
								
							
							
						
						
									
										177
									
								
								gpupdate.spec
									
									
									
									
									
								
							| @@ -1,7 +1,39 @@ | ||||
| %define _unpackaged_files_terminate_build 1 | ||||
| #add_python3_self_prov_path %buildroot%python3_sitelibdir/gpoa | ||||
|  | ||||
| %add_python3_req_skip backend | ||||
| %add_python3_req_skip frontend.frontend_manager | ||||
| %add_python3_req_skip gpt.envvars | ||||
| %add_python3_req_skip gpt.folders | ||||
| %add_python3_req_skip gpt.gpt | ||||
| %add_python3_req_skip gpt.printers | ||||
| %add_python3_req_skip gpt.shortcuts | ||||
| %add_python3_req_skip messages | ||||
| %add_python3_req_skip storage | ||||
| %add_python3_req_skip storage.fs_file_cache | ||||
| %add_python3_req_skip storage.dconf_registry | ||||
| %add_python3_req_skip util | ||||
| %add_python3_req_skip util.arguments | ||||
| %add_python3_req_skip util.config | ||||
| %add_python3_req_skip util.dbus | ||||
| %add_python3_req_skip util.exceptions | ||||
| %add_python3_req_skip util.kerberos | ||||
| %add_python3_req_skip util.logging | ||||
| %add_python3_req_skip util.paths | ||||
| %add_python3_req_skip util.preg | ||||
| %add_python3_req_skip util.roles | ||||
| %add_python3_req_skip util.rpm | ||||
| %add_python3_req_skip util.sid | ||||
| %add_python3_req_skip util.signals | ||||
| %add_python3_req_skip util.system | ||||
| %add_python3_req_skip util.users | ||||
| %add_python3_req_skip util.util | ||||
| %add_python3_req_skip util.windows | ||||
| %add_python3_req_skip util.xml | ||||
| %add_python3_req_skip util.gpoa_ini_parsing | ||||
|  | ||||
| Name: gpupdate | ||||
| Version: 0.9.11.2 | ||||
| Version: 0.10.4 | ||||
| Release: alt1 | ||||
|  | ||||
| Summary: GPT applier | ||||
| @@ -16,11 +48,13 @@ BuildRequires: rpm-build-python3 | ||||
| BuildRequires: gettext-tools | ||||
| Requires: python3-module-rpm | ||||
| Requires: python3-module-dbus | ||||
| Requires: python3-module-configobj | ||||
| Requires: oddjob-%name >= 0.2.0 | ||||
| Requires: libnss-role >= 0.5.0 | ||||
| Requires: local-policy >= 0.4.9 | ||||
| Requires: pam-config >= 1.9.0 | ||||
| Requires: autofs | ||||
| Requires: dconf-profile | ||||
| # This is needed by shortcuts_applier | ||||
| Requires: desktop-file-utils | ||||
| # This is needed for smb file cache support | ||||
| @@ -87,6 +121,9 @@ install -Dm0644 dist/%name-remote-policy %buildroot%_sysconfdir/pam.d/%name-remo | ||||
| install -Dm0644 dist/%name.ini %buildroot%_sysconfdir/%name/%name.ini | ||||
| install -Dm0644 doc/gpoa.1 %buildroot/%_man1dir/gpoa.1 | ||||
| install -Dm0644 doc/gpupdate.1 %buildroot/%_man1dir/gpupdate.1 | ||||
| install -Dm0644 completions/gpoa %buildroot/%_datadir/bash-completion/completions/gpoa | ||||
| install -Dm0644 completions/gpupdate %buildroot/%_datadir/bash-completion/completions/gpupdate | ||||
| install -Dm0644 completions/gpupdate-setup %buildroot/%_datadir/bash-completion/completions/gpupdate-setup | ||||
|  | ||||
| for i in gpupdate-localusers \ | ||||
| 	 gpupdate-group-users \ | ||||
| @@ -108,7 +145,7 @@ fi | ||||
| # Remove storage in case we've lost compatibility between versions. | ||||
| # The storage will be regenerated on GPOA start. | ||||
| %define active_policy %_sysconfdir/local-policy/active | ||||
| %triggerpostun -- %name < 0.9.10 | ||||
| %triggerpostun -- %name < 0.9.13.6 | ||||
| rm -f %_cachedir/%name/registry.sqlite | ||||
| if test -L %active_policy; then | ||||
| 	sed -i "s|^\s*local-policy\s*=.*|local-policy = $(readlink -f %active_policy)|" \ | ||||
| @@ -133,9 +170,12 @@ fi | ||||
| %_unitdir/%name.timer | ||||
| %_man1dir/gpoa.1.* | ||||
| %_man1dir/gpupdate.1.* | ||||
| /usr/lib/systemd/user/%name-user.service | ||||
| /usr/lib/systemd/user/%name-user.timer | ||||
| /usr/lib/systemd/user/%name-scripts-run-user.service | ||||
| %_datadir/bash-completion/completions/gpoa | ||||
| %_datadir/bash-completion/completions/gpupdate | ||||
| %_datadir/bash-completion/completions/gpupdate-setup | ||||
| %_user_unitdir/%name-user.service | ||||
| %_user_unitdir/%name-user.timer | ||||
| %_user_unitdir/%name-scripts-run-user.service | ||||
| %dir %_sysconfdir/%name | ||||
| %_sysconfdir/control.d/facilities/* | ||||
| %config(noreplace) %_sysconfdir/%name/environment | ||||
| @@ -151,6 +191,133 @@ fi | ||||
| %exclude %python3_sitelibdir/gpoa/test | ||||
|  | ||||
| %changelog | ||||
| * Thu Jun 27 2024 Valery Sinelnikov <greh@altlinux.org> 0.10.4-alt1 | ||||
| - Fixed the definition of the module activation check (closes: 50755) | ||||
| - Fixed sorting of scripts (closes: 50756) | ||||
| - Fixed reading key values from dconf | ||||
| - Changed the method for getting the list of packages for pkcon_runner | ||||
|  | ||||
| * Wed Jun 19 2024 Valery Sinelnikov <greh@altlinux.org> 0.10.3-alt1 | ||||
| - Added autocompletion for gpoa, gpupdate, gpupdate-setup | ||||
| - Added correct work with json data in keys for the Firefox browser | ||||
| - Polkit_appliers changed to non-experimental | ||||
| - Fixed bug of not clearing kde applier settings (closes: 50336) | ||||
| - Fixed registry key reading (closes: 50553) | ||||
| - Added waiting for data generation for scripts (closes: 50667) | ||||
|  | ||||
| * Fri Jun 07 2024 Valery Sinelnikov <greh@altlinux.org> 0.10.2-alt1 | ||||
| - Added some fixes to dconf_registry and scripts | ||||
| - Fixed windows registry key reading for loopback | ||||
|  | ||||
| * Tue Jun 04 2024 Valery Sinelnikov <greh@altlinux.org> 0.10.1-alt1 | ||||
| - Added handling of unexpected data types when writing to dconf | ||||
|  | ||||
| * Mon May 13 2024 Valery Sinelnikov <greh@altlinux.org> 0.10.0-alt1 | ||||
| - A method for storing registry keys obtained from GPOs (Group Policy Objects) | ||||
|   has undergone significant repairs. We have switched from using SQLite | ||||
|   to using Dconf to improve data storage efficiency | ||||
|  | ||||
| * Wed Mar 13 2024 Valery Sinelnikov <greh@altlinux.org> 0.9.13.9-alt1 | ||||
| - Fixed premature removal of double slash | ||||
|  | ||||
| * Thu Feb 22 2024 Valery Sinelnikov <greh@altlinux.org> 0.9.13.8-alt1 | ||||
| - Added search for dc on the site | ||||
| - Added compatibility support for the oldest versions of SQLAlchemy | ||||
|  | ||||
| * Mon Feb 05 2024 Valery Sinelnikov <greh@altlinux.org> 0.9.13.7-alt1 | ||||
| - Editing the cache size in the Yandex browser has returned (closes: 44621) | ||||
| - Removed unnecessary calls to subprocess | ||||
|  | ||||
| * Wed Jan 31 2024 Valery Sinelnikov <greh@altlinux.org> 0.9.13.6-alt1 | ||||
| - Added support for hidden attribute for folders (closes: 48964) | ||||
| - Added support for Cyrillic and spaces for mounting disks (closes: 49229) | ||||
|  | ||||
| * Fri Jan 12 2024 Valery Sinelnikov <greh@altlinux.org> 0.9.13.5-alt1 | ||||
| - Fixed blocking check for machine policies with multiple sections (closes: 48971) | ||||
| - Extension of the valuename_typeint list for the admx-chromium 120.0 | ||||
| - Extension of the valuename_typeint list for the admx-yandex 118.0 | ||||
| - Changed PAM logic to prevent re-call (closes: 48973) | ||||
| - Changed timer option OnStartupSec to prevent re-call | ||||
|  | ||||
| * Mon Dec 18 2023 Valery Sinelnikov <greh@altlinux.org> 0.9.13.4-alt1 | ||||
| - Fixed regular expression to search for wallpaper management section (closes: 48828) | ||||
|  | ||||
| * Wed Dec 13 2023 Valery Sinelnikov <greh@altlinux.org> 0.9.13.3-alt1 | ||||
| - Fixed bug handling of invalid username | ||||
|   when requesting cache (closes: 48310) | ||||
|  | ||||
| * Tue Nov 28 2023 Valery Sinelnikov <greh@altlinux.org> 0.9.13.2-alt1 | ||||
| - Fixed kde_applier bug (closes: 47995) | ||||
|  | ||||
| * Wed Oct 18 2023 Valery Sinelnikov <greh@altlinux.org> 0.9.13.1-alt1 | ||||
| - Fixed kde_applier bug (closes: 47995) | ||||
| - Fixed kde_applier bug (closes: 47996) | ||||
| - Fixed kde_applier bug (closes: 47998) | ||||
| - Fixed kde_applier bug (closes: 47820) | ||||
| - Fixed shortcut_applier bug (closes: 47638) | ||||
| - Fixed shortcut_applier bug (closes: 47641) | ||||
| - Fixed systemd_applier bug (closes: 47652) | ||||
|  | ||||
| * Tue Sep 19 2023 Valery Sinelnikov <greh@altlinux.org> 0.9.13.0-alt1 | ||||
| - Added KDE applier | ||||
| - Fixed loopback policy processing | ||||
| - Fixed appliers exception for some chromium policies | ||||
| - Fixed ntp error | ||||
| - cifs_appliers, polkit_appliers changed to non-experimental | ||||
|  | ||||
| * Wed Jun 14 2023 Valery Sinelnikov <greh@altlinux.org> 0.9.12.6-alt1 | ||||
| - Added support for dictionaries as policy values for | ||||
|   yandex_browser_applier and chromium_applier | ||||
| - Extended functionality of ConfigObj to save comments ';' | ||||
| - Added support for SQLAlchemy2 in storage | ||||
| - Added 'cifsacl' option to mount templates | ||||
|  | ||||
| * Fri May 26 2023 Valery Sinelnikov <greh@altlinux.org> 0.9.12.5-alt1 | ||||
| - Fixed editing cache volume (DiskCacheSize) in Yandex browser (closes: 44621) | ||||
| - The access to caching files has been fixed | ||||
|  | ||||
| * Sun Mar 19 2023 Evgeny Sinelnikov <sin@altlinux.org> 0.9.12.4-alt1 | ||||
| - Fixed an implementation of replace action in folder applier | ||||
| - Improve file cache store() with copy in temporary file before saving | ||||
| - Added implementation of using executable bit in file copy applier | ||||
| - Fixed debug messages typos in file copy applier | ||||
|  | ||||
| * Tue Feb 28 2023 Evgeny Sinelnikov <sin@altlinux.org> 0.9.12.3-alt1 | ||||
| - Add support of set copyied files to be executed by paths and suffixes (extensions). | ||||
| - Add support of saving comments in ini files. | ||||
| - Add support samba-4.17 python interface for gp.gpclass instead of gpclass. | ||||
|  | ||||
| * Thu Dec 29 2022 Valery Sinelnikov <greh@altlinux.org> 0.9.12.2-alt2 | ||||
| - Fixed a typo in cifs_applier.py | ||||
|  | ||||
| * Thu Dec 29 2022 Evgeny Sinelnikov <sin@altlinux.org> 0.9.12.2-alt1 | ||||
| - Add support of create and delete symlinks in user home directory for mapped | ||||
|   network drives in cifs applier | ||||
| - Fix file copy applier support of delete files with substitution | ||||
|  | ||||
| * Tue Dec 13 2022 Evgeny Sinelnikov <sin@altlinux.org> 0.9.12.1-alt1 | ||||
| - Update file copy applier with substitution support | ||||
| - Update translations for several logs | ||||
|  | ||||
| * Mon Dec 12 2022 Evgeny Sinelnikov <sin@altlinux.org> 0.9.12-alt2 | ||||
| - Update release with forgotten changes | ||||
|  | ||||
| * Sun Dec 11 2022 Evgeny Sinelnikov <sin@altlinux.org> 0.9.12-alt1 | ||||
| - Fixed mapped drive maps for user and add support for machine | ||||
|  + Added label option support | ||||
|  + Fixed letters collisions and assigning as Windows | ||||
| - Replaced cifs applier mountpoints into shown gvfs directories: | ||||
|  + /media/gpupdate/Drive - for system shares | ||||
|  + /media/gpupdate/.Drive - for system hidden shares | ||||
|  + /run/media/USERNAME/DriveUser - for user shares | ||||
|  + /run/media/USERNAME/.DriveUser - for user hidden shares | ||||
| - Added network shares support for user | ||||
| - Fixed bug (closes: 44026) for chromium applier | ||||
| - Added keylist handling when generating firefox settings (closes: 44209) | ||||
| - Added a check of the need to scroll DC (scrolling DCs disabled by default!) | ||||
| - Added the ability to generate rules for all polkit actions | ||||
| - Added applier for Yandex.Browser | ||||
|  | ||||
| * Fri Sep 30 2022 Valery Sinelnikov <greh@altlinux.org> 0.9.11.2-alt1 | ||||
| - Fixed formation of the correct path for creating a user directory | ||||
|  | ||||
|   | ||||
		Reference in New Issue
	
	Block a user