Example #1
0
 def __init__(self):
     self.plugins = dict()
     logging.info(slogm('Starting plugin manager'))
     try:
         self.plugins['adp'] = adp()
     except PluginInitError as exc:
         logging.error(slogm(exc))
Example #2
0
    def _start_chrony_client(self, server=None):
        srv = None
        if server:
            srv = server.data.rpartition(',')[0]
            logging.debug(slogm('NTP server is configured to {}'.format(srv)))

        start_command = ['/usr/bin/systemctl', 'start', 'chronyd']
        chrony_set_server = ['/usr/bin/chronyc', 'add', 'server', srv]
        chrony_disconnect_all = ['/usr/bin/chronyc', 'offline']
        chrony_connect = ['/usr/bin/chronyc', 'online', srv]

        logging.debug(slogm('Starting Chrony daemon'))

        proc = subprocess.Popen(start_command)
        proc.wait()

        if srv:
            logging.debug(slogm('Setting reference NTP server to {}'.format(srv)))

            proc = subprocess.Popen(chrony_disconnect_all)
            proc.wait()

            proc = subprocess.Popen(chrony_set_server)
            proc.wait()

            proc = subprocess.Popen(chrony_connect)
            proc.wait()
Example #3
0
    def apply(self):
        # Cleanup settings from previous run
        if os.path.exists(self.override_file):
            logging.debug(
                slogm('Removing GSettings policy file from previous run'))
            os.remove(self.override_file)

        # Calculate all configured gsettings
        for setting in self.gsettings_keys:
            valuename = setting.hive_key.rpartition('\\')[2]
            rp = valuename.rpartition('.')
            schema = rp[0]
            path = rp[2]
            self.gsettings.append(system_gsetting(schema, path, setting.data))

        # Create GSettings policy with highest available priority
        for gsetting in self.gsettings:
            gsetting.apply()

        # Recompile GSettings schemas with overrides
        try:
            proc = subprocess.run(
                args=['/usr/bin/glib-compile-schemas', self.__global_schema],
                capture_output=True,
                check=True)
        except Exception as exc:
            logging.debug(slogm('Error recompiling global GSettings schemas'))
Example #4
0
    def run(self):
        #for setting in self.gsettings_keys:
        #    valuename = setting.hive_key.rpartition('\\')[2]
        #    rp = valuename.rpartition('.')
        #    schema = rp[0]
        #    path = rp[2]
        #    self.gsettings.append(user_gsetting(schema, path, setting.data))

        # Calculate all mapped gsettings if mapping enabled
        if self.__windows_mapping_enabled:
            logging.debug(
                slogm('Mapping Windows policies to GSettings policies'))
            self.windows_mapping_append()
        else:
            logging.debug(
                slogm('GSettings windows policies mapping not enabled'))

        # Calculate all configured gsettings
        for setting in self.gsettings_keys:
            valuename = setting.hive_key.rpartition('\\')[2]
            rp = valuename.rpartition('.')
            schema = rp[0]
            path = rp[2]
            self.gsettings.append(user_gsetting(schema, path, setting.data))

        # Create GSettings policy with highest available priority
        for gsetting in self.gsettings:
            logging.debug(
                slogm('Applying user setting {}/{} to {}'.format(
                    gsetting.schema, gsetting.path, gsetting.value)))
            gsetting.apply()
Example #5
0
 def __init__(self):
     self.plugins = dict()
     logging.debug(slogm(message_with_code('D3')))
     try:
         self.plugins['adp'] = adp()
     except PluginInitError as exc:
         logging.warning(slogm(str(exc)))
Example #6
0
 def merge(self):
     '''
     Merge machine and user (if sid provided) settings to storage.
     '''
     if self.sid == self.storage.get_info('machine_sid'):
         # Merge machine settings to registry if possible
         if self._machine_regpol:
             logging.debug(slogm('Merging machine settings from {}'.format(self._machine_regpol)))
             util.preg.merge_polfile(self._machine_regpol)
         if self._user_regpol:
             logging.debug(slogm('Merging machine(user) settings from {}'.format(self._machine_regpol)))
             util.preg.merge_polfile(self._user_regpol, self.sid)
         if self._machine_shortcuts:
             logging.debug(slogm('Merging machine shortcuts from {}'.format(self._machine_shortcuts)))
             self._merge_shortcuts()
     else:
         # Merge user settings if UserPolicyMode set accordingly
         # and user settings (for HKCU) are exist.
         policy_mode = upm2str(self.get_policy_mode())
         if 'Merge' == policy_mode or 'Not configured' == policy_mode:
             if self._user_regpol:
                 logging.debug(slogm('Merging user settings from {} for {}'.format(self._user_regpol, self.sid)))
                 util.preg.merge_polfile(self._user_regpol, self.sid)
             if self._user_shortcuts:
                 logging.debug(slogm('Merging user shortcuts from {} for {}'.format(self._user_shortcuts, self.sid)))
                 self._merge_shortcuts()
Example #7
0
 def apply(self):
     if self.__module_enabled:
         logging.debug(slogm('Running GSettings applier for machine'))
         self.run()
     else:
         logging.debug(
             slogm('GSettings applier for machine will not be started'))
Example #8
0
    def set_control_status(self):
        if type(self.control_value) == int:
            status = self._map_control_status(self.control_value)
            if status == None:
                logging.error(
                    slogm('\'{}\' is not in possible values for control {}'.
                          format(self.control_value, self.control_name)))
                return
        elif type(self.control_value) == str:
            if self.control_value not in self.possible_values:
                logging.error(
                    slogm('\'{}\' is not in possible values for control {}'.
                          format(self.control_value, self.control_name)))
                return
            status = self.control_value

        logging.debug(
            slogm('Setting control {} to {}'.format(self.control_name,
                                                    status)))

        try:
            popen_call = ['/usr/sbin/control', self.control_name, status]
            with subprocess.Popen(popen_call, stdout=subprocess.PIPE) as proc:
                proc.wait()
        except:
            logging.error(
                slogm('Unable to set {} to {}'.format(self.control_name,
                                                      status)))
    def set_user_policy(self, name, obj):
        '''
        Please not that writing user preferences file is not considered
        a good practice and used mostly by various malware.
        '''
        if not self._is_machine_name:
            prefdir = os.path.join(util.get_homedir(self.username),
                                   self.__user_settings)
            os.makedirs(prefdir, exist_ok=True)

            prefpath = os.path.join(prefdir, 'Preferences')
            util.mk_homedir_path(self.username, self.__user_settings)
            settings = dict()
            try:
                with open(prefpath, 'r') as f:
                    settings = json.load(f)
            except FileNotFoundError as exc:
                logging.error(
                    slogm(
                        'Chromium preferences file {} does not exist at the moment'
                        .format(prefpath)))
            except:
                logging.error(
                    slogm(
                        'Error during attempt to read Chromium preferences for user {}'
                        .format(self.username)))

            if obj:
                settings[name] = obj

                with open(prefpath, 'w') as f:
                    json.dump(settings, f)
                logging.info(
                    slogm('Set user ({}) property \'{}\' to {}'.format(
                        self.username, name, obj)))
Example #10
0
 def apply(self):
     if self.__module_enabled:
         logging.debug(slogm('Running Firefox applier for machine'))
         self.machine_apply()
     else:
         logging.debug(
             slogm('Firefox applier for machine will not be started'))
Example #11
0
 def apply(self):
     if self.__module_enabled:
         logging.debug(slogm('Running Envvar applier for machine'))
         ev = Envvar(self.envvars, 'root')
         ev.act()
     else:
         logging.debug(
             slogm('Envvar applier for machine will not be started'))
Example #12
0
 def run(self):
     try:
         logging.info(slogm(message_with_code('D5')))
         subprocess.call(['/usr/bin/adp', 'fetch'])
         subprocess.call(['/usr/bin/adp', 'apply'])
     except Exception as exc:
         logging.error(slogm(message_with_code('E9')))
         raise exc
Example #13
0
 def apply(self):
     if self.__module_enabled:
         logging.debug(slogm('Running Folder applier for machine'))
         for directory_obj in self.folders:
             fld = Folder(directory_obj)
             fld.action()
     else:
         logging.debug(
             slogm('Folder applier for machine will not be started'))
Example #14
0
 def apply(self):
     '''
     Perform configuration of printer which is assigned to computer.
     '''
     if self.__module_enabled:
         logging.debug(slogm('Running CUPS applier for machine'))
         self.run()
     else:
         logging.debug(
             slogm('CUPS applier for machine will not be started'))
Example #15
0
 def user_context_apply(self):
     if self.__module_enabled:
         logging.debug(
             slogm('Running Folder applier for user in user context'))
         self.run()
     else:
         logging.debug(
             slogm(
                 'Folder applier for user administrator context will not be started'
             ))
Example #16
0
 def user_context_apply(self):
     if self.__module_enabled:
         logging.debug(
             slogm('Running Shortcut applier for user in user context'))
         self.run(True)
     else:
         logging.debug(
             slogm(
                 'Shortcut applier for user in user context will not be started'
             ))
Example #17
0
 def apply(self):
     '''
     Trigger control facility invocation.
     '''
     if self.__module_enabled:
         logging.debug(slogm('Running systemd applier for machine'))
         self.run()
     else:
         logging.debug(
             slogm('systemd applier for machine will not be started'))
Example #18
0
 def apply(self):
     '''
     All actual job done here.
     '''
     if self.__module_enabled:
         logging.debug(slogm('Running Chromium applier for machine'))
         self.machine_apply()
     else:
         logging.debug(
             slogm('Chromium applier for machine will not be started'))
Example #19
0
 def user_context_apply(self):
     if self.__module_enabled:
         logging.debug(
             slogm('Running GSettings applier for user in user context'))
         self.run()
     else:
         logging.debug(
             slogm(
                 'GSettings applier for user in user context will not be started'
             ))
Example #20
0
    def machine_apply(self):
        '''
        Write policies.json to Firefox installdir.
        '''
        self.set_policy('Homepage', self.get_home_page())
        self.set_boolean_policy('BlockAboutConfig')
        self.set_boolean_policy('BlockAboutProfiles')
        self.set_boolean_policy('BlockAboutSupport')
        self.set_boolean_policy('CaptivePortal')
        self.set_boolean_policy('DisableSetDesktopBackground')
        self.set_boolean_policy('DisableMasterPasswordCreation')
        self.set_boolean_policy('DisableBuiltinPDFViewer')
        self.set_boolean_policy('DisableDeveloperTools')
        self.set_boolean_policy('DisableFeedbackCommands')
        self.set_boolean_policy('DisableFirefoxScreenshots')
        self.set_boolean_policy('DisableFirefoxAccounts')
        self.set_boolean_policy('DisableFirefoxStudies')
        self.set_boolean_policy('DisableForgetButton')
        self.set_boolean_policy('DisableFormHistory')
        self.set_boolean_policy('DisablePasswordReveal')
        self.set_boolean_policy('DisablePocket')
        self.set_boolean_policy('DisablePrivateBrowsing')
        self.set_boolean_policy('DisableProfileImport')
        self.set_boolean_policy('DisableProfileRefresh')
        self.set_boolean_policy('DisableSafeMode')
        self.set_boolean_policy('DisableSystemAddonUpdate')
        self.set_boolean_policy('DisableTelemetry')
        self.set_boolean_policy('DontCheckDefaultBrowser')
        self.set_boolean_policy('ExtensionUpdate')
        self.set_boolean_policy('HardwareAcceleration')
        self.set_boolean_policy('PrimaryPassword')
        self.set_boolean_policy('NetworkPrediction')
        self.set_boolean_policy('NewTabPage')
        self.set_boolean_policy('NoDefaultBookmarks')
        self.set_boolean_policy('OfferToSaveLogins')
        self.set_boolean_policy('PasswordManagerEnabled')
        self.set_boolean_policy('PromptForDownloadLocation')
        self.set_boolean_policy('SanitizeOnShutdown')
        self.set_boolean_policy('SearchSuggestEnabled')

        destfile = os.path.join(self.__firefox_installdir1, 'policies.json')

        os.makedirs(self.__firefox_installdir1, exist_ok=True)
        with open(destfile, 'w') as f:
            json.dump(self.policies_json, f)
            logging.debug(
                slogm('Wrote Firefox preferences to {}'.format(destfile)))

        destfile = os.path.join(self.__firefox_installdir2, 'policies.json')
        os.makedirs(self.__firefox_installdir2, exist_ok=True)
        with open(destfile, 'w') as f:
            json.dump(self.policies_json, f)
            logging.debug(
                slogm('Wrote Firefox preferences to {}'.format(destfile)))
Example #21
0
    def generate(self):
        try:
            template = self.__template_environment.get_template(self.infilename)
            text = template.render(**self.args)

            with open(self.outfile, 'w') as f:
                f.write(text)

            logging.debug(slogm('Generated file {} with arguments {}'.format(self.outfile, self.args)))
        except Exception as exc:
            logging.error(slogm('Unable to generate file {} from {}'.format(self.outfile, self.infilename)))
Example #22
0
 def apply(self):
     '''
     Trigger control facility invocation.
     '''
     if self.__module_enabled:
         logging.debug(slogm('Running Polkit applier for machine'))
         for policy in self.policies:
             policy.generate()
     else:
         logging.debug(
             slogm('Polkit applier for machine will not be started'))
Example #23
0
 def user_context_apply(self):
     if self.__module_enabled:
         logging.debug(
             slogm('Running Envvar applier for user in user context'))
         ev = Envvar(self.envvars, self.username)
         ev.act()
     else:
         logging.debug(
             slogm(
                 'Envvar applier for user in user context will not be started'
             ))
Example #24
0
 def add_hkcu_entry(self, preg_entry, sid):
     '''
     Write PReg entry to HKEY_CURRENT_USER
     '''
     hkcu_pentry = samba_hkcu_preg(sid, preg_entry)
     if not hkcu_pentry.hive_key.rpartition('\\')[2].startswith('**'):
         logging.debug(slogm('Adding HKCU entry for {}'.format(sid)))
         self._hkcu_upsert(hkcu_pentry)
     else:
         logging.warning(
             slogm('Skipping branch deletion key: {}'.format(
                 hkcu_pentry.hive_key)))
Example #25
0
 def admin_context_apply(self):
     if self.__module_enabled:
         logging.debug(
             slogm(
                 'Running Shortcut applier for user in administrator context'
             ))
         self.run(False)
     else:
         logging.debug(
             slogm(
                 'Shortcut applier for user in administrator context will not be started'
             ))
Example #26
0
 def apply(self):
     if self.__module_enabled:
         logging.debug(slogm('Running Firewall applier for machine'))
         if '1' == self.firewall_enabled:
             logging.debug(slogm('Firewall is enabled'))
             self.run()
         else:
             logging.debug(
                 slogm('Firewall is disabled, settings will be reset'))
             proc = subprocess.Popen(self.__firewall_reset_cmd)
             proc.wait()
     else:
         logging.debug(slogm('Firewall applier will not be started'))
Example #27
0
 def __init__(self, storage):
     self.storage = storage
     deny_all = storage.filter_hklm_entries(self.__deny_all).first()
     # Deny_All hook: initialize defaults
     template_file = self.__polkit_map[self.__deny_all][0]
     template_vars = self.__polkit_map[self.__deny_all][1]
     if deny_all:
         logging.debug(slogm('Deny_All setting found: {}'.format(deny_all.data)))
         self.__polkit_map[self.__deny_all][1]['Deny_All'] = deny_all.data
     else:
         logging.debug(slogm('Deny_All setting not found'))
     self.policies = []
     self.policies.append(polkit(template_file, template_vars))
Example #28
0
    def set_control_status(self):
        status = self._map_control_status(self.control_value)
        logging.debug(
            slogm('Setting control {} to {}'.format(self.control_name,
                                                    status)))

        try:
            proc = subprocess.Popen(
                ['/usr/sbin/control', self.control_name, status],
                stdout=subprocess.PIPE)
        except:
            logging.error(
                slogm('Unable to set {} to {}'.format(self.control_name,
                                                      status)))
Example #29
0
    def run(self):
        server_type = self.storage.get_hklm_entry(self.ntp_server_type)
        server_address = self.storage.get_hklm_entry(self.ntp_server_address_key)
        ntp_server_enabled = self.storage.get_hklm_entry(self.ntp_server_enabled)
        ntp_client_enabled = self.storage.get_hklm_entry(self.ntp_client_enabled)

        if NTPServerType.NTP.value != server_type.data:
            logging.warning(slogm('Unsupported NTP server type: {}'.format(server_type)))
        else:
            logging.debug(slogm('Configuring NTP server...'))
            if '1' == ntp_server_enabled.data:
                logging.debug(slogm('NTP server is enabled'))
                self._start_chrony_client(server_address)
                self._chrony_as_server()
            elif '0' == ntp_server_enabled.data:
                logging.debug(slogm('NTP server is disabled'))
                self._chrony_as_client()
            else:
                logging.debug(slogm('NTP server is not configured'))

            if '1' == ntp_client_enabled.data:
                logging.debug(slogm('NTP client is enabled'))
                self._start_chrony_client()
            elif '0' == ntp_client_enabled.data:
                logging.debug(slogm('NTP client is disabled'))
                self._stop_chrony_client()
            else:
                logging.debug(slogm('NTP client is not configured'))
Example #30
0
 def admin_context_apply(self):
     '''
     Perform printer configuration assigned for user.
     '''
     if self.__module_enabled:
         logging.debug(
             slogm(
                 'Running CUPS applier for user in administrator context'))
         self.run()
     else:
         logging.debug(
             slogm(
                 'CUPS applier for user in administrator context will not be started'
             ))