sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-12-23 00:23:53 +03:00
Code Activity

gp: Modify Centrify Crontab compatible CSE to use new files applier

Browse Source 
Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This commit is contained in:
David Mulder
2022-12-05 10:41:27 -07:00
committed by Jeremy Allison
parent f20ca1a7db
commit acdc7fbe89
1 changed files with 21 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
python/samba/gp/gp_centrify_crontab_ext.py
View File

@@ -16,7 +16,7 @@
import os, re import os, re
from subprocess import Popen, PIPE from subprocess import Popen, PIPE
from samba.gp.gpclass import gp_pol_ext, drop_privileges from samba.gp.gpclass import gp_pol_ext, drop_privileges, gp_file_applier
from hashlib import blake2b from hashlib import blake2b
from tempfile import NamedTemporaryFile from tempfile import NamedTemporaryFile
@@ -34,43 +34,47 @@ end = '''
### autogenerated by samba ### ### autogenerated by samba ###
''' '''
class gp_centrify_crontab_ext(gp_pol_ext): class gp_centrify_crontab_ext(gp_pol_ext, gp_file_applier):
def __str__(self): def __str__(self):
return 'Centrify/CrontabEntries' return 'Centrify/CrontabEntries'
def process_group_policy(self, deleted_gpo_list, changed_gpo_list, def process_group_policy(self, deleted_gpo_list, changed_gpo_list,
cdir=None): cdir=None):
for guid, settings in deleted_gpo_list: for guid, settings in deleted_gpo_list:
self.gp_db.set_guid(guid)
if str(self) in settings: if str(self) in settings:
for attribute, script in settings[str(self)].items(): for attribute, script in settings[str(self)].items():
if os.path.exists(script): self.unapply(guid, attribute, script)
os.unlink(script)
self.gp_db.delete(str(self), attribute)
self.gp_db.commit()
for gpo in changed_gpo_list: for gpo in changed_gpo_list:
if gpo.file_sys_path: if gpo.file_sys_path:
section = \ section = \
'Software\\Policies\\Centrify\\UnixSettings\\CrontabEntries' 'Software\\Policies\\Centrify\\UnixSettings\\CrontabEntries'
self.gp_db.set_guid(gpo.name)
pol_file = 'MACHINE/Registry.pol' pol_file = 'MACHINE/Registry.pol'
path = os.path.join(gpo.file_sys_path, pol_file) path = os.path.join(gpo.file_sys_path, pol_file)
pol_conf = self.parse(path) pol_conf = self.parse(path)
if not pol_conf: if not pol_conf:
continue continue
entries = []
for e in pol_conf.entries: for e in pol_conf.entries:
if e.keyname == section and e.data.strip(): if e.keyname == section and e.data.strip():
cron_dir = '/etc/cron.d' if not cdir else cdir cron_dir = '/etc/cron.d' if not cdir else cdir
attribute = blake2b(e.data.encode()).hexdigest() entries.append(e.data)
old_val = self.gp_db.retrieve(str(self), attribute) def applier_func(entries):
if not old_val: with NamedTemporaryFile(prefix='gp_', mode="w+",
with NamedTemporaryFile(prefix='gp_', mode="w+", delete=False, dir=cron_dir) as f:
delete=False, dir=cron_dir) as f: contents = intro
contents = '%s\n%s\n%s' % (intro, e.data, end) for entry in entries:
f.write(contents) contents += '%s\n' % entry
self.gp_db.store(str(self), attribute, f.name) contents += end
self.gp_db.commit() f.write(contents)
return [f.name]
attribute = self.generate_attribute(gpo.name)
value_hash = self.generate_value_hash(*entries)
self.apply(gpo.name, attribute, value_hash, applier_func,
entries)
# Remove scripts for this GPO which are no longer applied
self.clean(gpo.name, keep=attribute)
def rsop(self, gpo, target='MACHINE'): def rsop(self, gpo, target='MACHINE'):
output = {} output = {}