mirror of
https://github.com/samba-team/samba.git
synced 2025-01-11 05:18:09 +03:00
b76e184c07
Signed-off-by: David Mulder <dmulder@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
141 lines
5.9 KiB
Python
Executable File
141 lines
5.9 KiB
Python
Executable File
#!/usr/bin/env python3
|
|
# Copyright Luke Morrison <luc785@.hotmail.com> July 2013
|
|
# Co-Edited by Matthieu Pattou July 2013 from original August 2013
|
|
# Edited by Garming Sam Feb. 2014
|
|
# Edited by Luke Morrison April 2014
|
|
# Edited by David Mulder May 2017
|
|
|
|
# This program is free software; you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation; either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
'''This script reads a log file of previous GPO, gets all GPO from sysvol
|
|
and sorts them by container. Then, it applies the ones that haven't been
|
|
applied, have changed, or is in the right container'''
|
|
|
|
import os
|
|
import sys
|
|
|
|
sys.path.insert(0, "bin/python")
|
|
|
|
import optparse
|
|
from samba import getopt as options
|
|
from samba.gp.gpclass import apply_gp, unapply_gp, GPOStorage, rsop
|
|
from samba.gp.gp_sec_ext import gp_krb_ext, gp_access_ext
|
|
from samba.gp.gp_ext_loader import get_gp_client_side_extensions
|
|
from samba.gp.gp_scripts_ext import gp_scripts_ext, gp_user_scripts_ext
|
|
from samba.gp.gp_sudoers_ext import gp_sudoers_ext
|
|
from samba.gp.vgp_sudoers_ext import vgp_sudoers_ext
|
|
from samba.gp.gp_smb_conf_ext import gp_smb_conf_ext
|
|
from samba.gp.gp_msgs_ext import gp_msgs_ext
|
|
from samba.gp.vgp_symlink_ext import vgp_symlink_ext
|
|
from samba.gp.vgp_files_ext import vgp_files_ext
|
|
from samba.gp.vgp_openssh_ext import vgp_openssh_ext
|
|
from samba.gp.vgp_motd_ext import vgp_motd_ext
|
|
from samba.gp.vgp_issue_ext import vgp_issue_ext
|
|
from samba.gp.vgp_startup_scripts_ext import vgp_startup_scripts_ext
|
|
from samba.gp.vgp_access_ext import vgp_access_ext
|
|
from samba.gp.gp_gnome_settings_ext import gp_gnome_settings_ext
|
|
from samba.gp.gp_cert_auto_enroll_ext import gp_cert_auto_enroll_ext
|
|
from samba.gp.gp_firefox_ext import gp_firefox_ext
|
|
from samba.gp.gp_chromium_ext import gp_chromium_ext, gp_chrome_ext
|
|
from samba.gp.gp_firewalld_ext import gp_firewalld_ext
|
|
from samba.gp.gp_centrify_sudoers_ext import gp_centrify_sudoers_ext
|
|
from samba.gp.gp_centrify_crontab_ext import gp_centrify_crontab_ext, \
|
|
gp_user_centrify_crontab_ext
|
|
from samba.gp.gp_drive_maps_ext import gp_drive_maps_user_ext
|
|
from samba.credentials import Credentials
|
|
from samba.gp.util.logging import logger_init
|
|
|
|
if __name__ == "__main__":
|
|
parser = optparse.OptionParser('samba-gpupdate [options]')
|
|
sambaopts = options.Samba3Options(parser)
|
|
|
|
# Get the command line options
|
|
parser.add_option_group(sambaopts)
|
|
parser.add_option_group(options.VersionOptions(parser))
|
|
credopts = options.CredentialsOptions(parser)
|
|
parser.add_option('-X', '--unapply', help='Unapply Group Policy',
|
|
action='store_true')
|
|
parser.add_option('--target', default='Computer', help='{Computer | User}',
|
|
choices=['Computer', 'User'])
|
|
parser.add_option('--force', help='Reapplies all policy settings',
|
|
action='store_true')
|
|
parser.add_option('--rsop', help='Print the Resultant Set of Policy',
|
|
action='store_true')
|
|
parser.add_option_group(credopts)
|
|
|
|
# Set the options and the arguments
|
|
(opts, args) = parser.parse_args()
|
|
|
|
# Set the loadparm context
|
|
lp = sambaopts.get_loadparm()
|
|
|
|
creds = credopts.get_credentials(lp, fallback_machine=True)
|
|
# Apply policy to the command line specified user
|
|
if opts.target == 'Computer':
|
|
username = creds.get_username()
|
|
elif opts.target == 'User':
|
|
username = '%s\\%s' % (creds.get_domain(), creds.get_username())
|
|
# Always supply the machine creds for fetching the gpo list
|
|
creds = Credentials()
|
|
creds.guess(lp)
|
|
creds.set_machine_account(lp)
|
|
|
|
# Set up logging
|
|
logger_init('samba-gpupdate', lp.log_level())
|
|
|
|
cache_dir = lp.get('cache directory')
|
|
store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb'))
|
|
|
|
machine_exts, user_exts = get_gp_client_side_extensions(lp.configfile)
|
|
gp_extensions = []
|
|
if opts.target == 'Computer':
|
|
gp_extensions.append(gp_access_ext)
|
|
gp_extensions.append(gp_krb_ext)
|
|
gp_extensions.append(gp_scripts_ext)
|
|
gp_extensions.append(gp_sudoers_ext)
|
|
gp_extensions.append(vgp_sudoers_ext)
|
|
gp_extensions.append(gp_centrify_sudoers_ext)
|
|
gp_extensions.append(gp_centrify_crontab_ext)
|
|
gp_extensions.append(gp_smb_conf_ext)
|
|
gp_extensions.append(gp_msgs_ext)
|
|
gp_extensions.append(vgp_symlink_ext)
|
|
gp_extensions.append(vgp_files_ext)
|
|
gp_extensions.append(vgp_openssh_ext)
|
|
gp_extensions.append(vgp_motd_ext)
|
|
gp_extensions.append(vgp_issue_ext)
|
|
gp_extensions.append(vgp_startup_scripts_ext)
|
|
gp_extensions.append(vgp_access_ext)
|
|
gp_extensions.append(gp_gnome_settings_ext)
|
|
gp_extensions.append(gp_cert_auto_enroll_ext)
|
|
gp_extensions.append(gp_firefox_ext)
|
|
gp_extensions.append(gp_chromium_ext)
|
|
gp_extensions.append(gp_chrome_ext)
|
|
gp_extensions.append(gp_firewalld_ext)
|
|
gp_extensions.extend(machine_exts)
|
|
elif opts.target == 'User':
|
|
gp_extensions.append(gp_user_scripts_ext)
|
|
gp_extensions.append(gp_user_centrify_crontab_ext)
|
|
gp_extensions.append(gp_drive_maps_user_ext)
|
|
gp_extensions.extend(user_exts)
|
|
|
|
if opts.rsop:
|
|
rsop(lp, creds, store, gp_extensions, username, opts.target)
|
|
elif not opts.unapply:
|
|
apply_gp(lp, creds, store, gp_extensions, username,
|
|
opts.target, opts.force)
|
|
else:
|
|
unapply_gp(lp, creds, store, gp_extensions, username,
|
|
opts.target)
|
|
|