def __init__(self):
self.plugins = dict()
logging.info(slogm('Starting plugin manager'))
try:
self.plugins['adp'] = adp()
except PluginInitError as exc:
logging.error(slogm(exc))
def _start_chrony_client(self, server=None):
srv = None
if server:
srv = server.data.rpartition(',')[0]
logging.debug(slogm('NTP server is configured to {}'.format(srv)))
start_command = ['/usr/bin/systemctl', 'start', 'chronyd']
chrony_set_server = ['/usr/bin/chronyc', 'add', 'server', srv]
chrony_disconnect_all = ['/usr/bin/chronyc', 'offline']
chrony_connect = ['/usr/bin/chronyc', 'online', srv]
logging.debug(slogm('Starting Chrony daemon'))
proc = subprocess.Popen(start_command)
proc.wait()
if srv:
logging.debug(slogm('Setting reference NTP server to {}'.format(srv)))
proc = subprocess.Popen(chrony_disconnect_all)
proc.wait()
proc = subprocess.Popen(chrony_set_server)
proc.wait()
proc = subprocess.Popen(chrony_connect)
proc.wait()
def apply(self):
# Cleanup settings from previous run
if os.path.exists(self.override_file):
logging.debug(
slogm('Removing GSettings policy file from previous run'))
os.remove(self.override_file)
# Calculate all configured gsettings
for setting in self.gsettings_keys:
valuename = setting.hive_key.rpartition('\\')[2]
rp = valuename.rpartition('.')
schema = rp[0]
path = rp[2]
self.gsettings.append(system_gsetting(schema, path, setting.data))
# Create GSettings policy with highest available priority
for gsetting in self.gsettings:
gsetting.apply()
# Recompile GSettings schemas with overrides
try:
proc = subprocess.run(
args=['/usr/bin/glib-compile-schemas', self.__global_schema],
capture_output=True,
check=True)
except Exception as exc:
logging.debug(slogm('Error recompiling global GSettings schemas'))
def run(self):
#for setting in self.gsettings_keys:
# valuename = setting.hive_key.rpartition('\\')[2]
# rp = valuename.rpartition('.')
# schema = rp[0]
# path = rp[2]
# self.gsettings.append(user_gsetting(schema, path, setting.data))
# Calculate all mapped gsettings if mapping enabled
if self.__windows_mapping_enabled:
logging.debug(
slogm('Mapping Windows policies to GSettings policies'))
self.windows_mapping_append()
else:
logging.debug(
slogm('GSettings windows policies mapping not enabled'))
# Calculate all configured gsettings
for setting in self.gsettings_keys:
valuename = setting.hive_key.rpartition('\\')[2]
rp = valuename.rpartition('.')
schema = rp[0]
path = rp[2]
self.gsettings.append(user_gsetting(schema, path, setting.data))
# Create GSettings policy with highest available priority
for gsetting in self.gsettings:
logging.debug(
slogm('Applying user setting {}/{} to {}'.format(
gsetting.schema, gsetting.path, gsetting.value)))
gsetting.apply()
def __init__(self):
self.plugins = dict()
logging.debug(slogm(message_with_code('D3')))
try:
self.plugins['adp'] = adp()
except PluginInitError as exc:
logging.warning(slogm(str(exc)))
def merge(self):
'''
Merge machine and user (if sid provided) settings to storage.
'''
if self.sid == self.storage.get_info('machine_sid'):
# Merge machine settings to registry if possible
if self._machine_regpol:
logging.debug(slogm('Merging machine settings from {}'.format(self._machine_regpol)))
util.preg.merge_polfile(self._machine_regpol)
if self._user_regpol:
logging.debug(slogm('Merging machine(user) settings from {}'.format(self._machine_regpol)))
util.preg.merge_polfile(self._user_regpol, self.sid)
if self._machine_shortcuts:
logging.debug(slogm('Merging machine shortcuts from {}'.format(self._machine_shortcuts)))
self._merge_shortcuts()
else:
# Merge user settings if UserPolicyMode set accordingly
# and user settings (for HKCU) are exist.
policy_mode = upm2str(self.get_policy_mode())
if 'Merge' == policy_mode or 'Not configured' == policy_mode:
if self._user_regpol:
logging.debug(slogm('Merging user settings from {} for {}'.format(self._user_regpol, self.sid)))
util.preg.merge_polfile(self._user_regpol, self.sid)
if self._user_shortcuts:
logging.debug(slogm('Merging user shortcuts from {} for {}'.format(self._user_shortcuts, self.sid)))
self._merge_shortcuts()
def apply(self):
if self.__module_enabled:
logging.debug(slogm('Running GSettings applier for machine'))
self.run()
else:
logging.debug(
slogm('GSettings applier for machine will not be started'))
def set_control_status(self):
if type(self.control_value) == int:
status = self._map_control_status(self.control_value)
if status == None:
logging.error(
slogm('\'{}\' is not in possible values for control {}'.
format(self.control_value, self.control_name)))
return
elif type(self.control_value) == str:
if self.control_value not in self.possible_values:
logging.error(
slogm('\'{}\' is not in possible values for control {}'.
format(self.control_value, self.control_name)))
return
status = self.control_value
logging.debug(
slogm('Setting control {} to {}'.format(self.control_name,
status)))
try:
popen_call = ['/usr/sbin/control', self.control_name, status]
with subprocess.Popen(popen_call, stdout=subprocess.PIPE) as proc:
proc.wait()
except:
logging.error(
slogm('Unable to set {} to {}'.format(self.control_name,
status)))
def set_user_policy(self, name, obj):
'''
Please not that writing user preferences file is not considered
a good practice and used mostly by various malware.
'''
if not self._is_machine_name:
prefdir = os.path.join(util.get_homedir(self.username),
self.__user_settings)
os.makedirs(prefdir, exist_ok=True)
prefpath = os.path.join(prefdir, 'Preferences')
util.mk_homedir_path(self.username, self.__user_settings)
settings = dict()
try:
with open(prefpath, 'r') as f:
settings = json.load(f)
except FileNotFoundError as exc:
logging.error(
slogm(
'Chromium preferences file {} does not exist at the moment'
.format(prefpath)))
except:
logging.error(
slogm(
'Error during attempt to read Chromium preferences for user {}'
.format(self.username)))
if obj:
settings[name] = obj
with open(prefpath, 'w') as f:
json.dump(settings, f)
logging.info(
slogm('Set user ({}) property \'{}\' to {}'.format(
self.username, name, obj)))
def apply(self):
if self.__module_enabled:
logging.debug(slogm('Running Firefox applier for machine'))
self.machine_apply()
else:
logging.debug(
slogm('Firefox applier for machine will not be started'))
def apply(self):
if self.__module_enabled:
logging.debug(slogm('Running Envvar applier for machine'))
ev = Envvar(self.envvars, 'root')
ev.act()
else:
logging.debug(
slogm('Envvar applier for machine will not be started'))
def run(self):
try:
logging.info(slogm(message_with_code('D5')))
subprocess.call(['/usr/bin/adp', 'fetch'])
subprocess.call(['/usr/bin/adp', 'apply'])
except Exception as exc:
logging.error(slogm(message_with_code('E9')))
raise exc
def apply(self):
if self.__module_enabled:
logging.debug(slogm('Running Folder applier for machine'))
for directory_obj in self.folders:
fld = Folder(directory_obj)
fld.action()
else:
logging.debug(
slogm('Folder applier for machine will not be started'))
def apply(self):
'''
Perform configuration of printer which is assigned to computer.
'''
if self.__module_enabled:
logging.debug(slogm('Running CUPS applier for machine'))
self.run()
else:
logging.debug(
slogm('CUPS applier for machine will not be started'))
def user_context_apply(self):
if self.__module_enabled:
logging.debug(
slogm('Running Folder applier for user in user context'))
self.run()
else:
logging.debug(
slogm(
'Folder applier for user administrator context will not be started'
))
def user_context_apply(self):
if self.__module_enabled:
logging.debug(
slogm('Running Shortcut applier for user in user context'))
self.run(True)
else:
logging.debug(
slogm(
'Shortcut applier for user in user context will not be started'
))
def apply(self):
'''
Trigger control facility invocation.
'''
if self.__module_enabled:
logging.debug(slogm('Running systemd applier for machine'))
self.run()
else:
logging.debug(
slogm('systemd applier for machine will not be started'))
def apply(self):
'''
All actual job done here.
'''
if self.__module_enabled:
logging.debug(slogm('Running Chromium applier for machine'))
self.machine_apply()
else:
logging.debug(
slogm('Chromium applier for machine will not be started'))
def user_context_apply(self):
if self.__module_enabled:
logging.debug(
slogm('Running GSettings applier for user in user context'))
self.run()
else:
logging.debug(
slogm(
'GSettings applier for user in user context will not be started'
))
def machine_apply(self):
'''
Write policies.json to Firefox installdir.
'''
self.set_policy('Homepage', self.get_home_page())
self.set_boolean_policy('BlockAboutConfig')
self.set_boolean_policy('BlockAboutProfiles')
self.set_boolean_policy('BlockAboutSupport')
self.set_boolean_policy('CaptivePortal')
self.set_boolean_policy('DisableSetDesktopBackground')
self.set_boolean_policy('DisableMasterPasswordCreation')
self.set_boolean_policy('DisableBuiltinPDFViewer')
self.set_boolean_policy('DisableDeveloperTools')
self.set_boolean_policy('DisableFeedbackCommands')
self.set_boolean_policy('DisableFirefoxScreenshots')
self.set_boolean_policy('DisableFirefoxAccounts')
self.set_boolean_policy('DisableFirefoxStudies')
self.set_boolean_policy('DisableForgetButton')
self.set_boolean_policy('DisableFormHistory')
self.set_boolean_policy('DisablePasswordReveal')
self.set_boolean_policy('DisablePocket')
self.set_boolean_policy('DisablePrivateBrowsing')
self.set_boolean_policy('DisableProfileImport')
self.set_boolean_policy('DisableProfileRefresh')
self.set_boolean_policy('DisableSafeMode')
self.set_boolean_policy('DisableSystemAddonUpdate')
self.set_boolean_policy('DisableTelemetry')
self.set_boolean_policy('DontCheckDefaultBrowser')
self.set_boolean_policy('ExtensionUpdate')
self.set_boolean_policy('HardwareAcceleration')
self.set_boolean_policy('PrimaryPassword')
self.set_boolean_policy('NetworkPrediction')
self.set_boolean_policy('NewTabPage')
self.set_boolean_policy('NoDefaultBookmarks')
self.set_boolean_policy('OfferToSaveLogins')
self.set_boolean_policy('PasswordManagerEnabled')
self.set_boolean_policy('PromptForDownloadLocation')
self.set_boolean_policy('SanitizeOnShutdown')
self.set_boolean_policy('SearchSuggestEnabled')
destfile = os.path.join(self.__firefox_installdir1, 'policies.json')
os.makedirs(self.__firefox_installdir1, exist_ok=True)
with open(destfile, 'w') as f:
json.dump(self.policies_json, f)
logging.debug(
slogm('Wrote Firefox preferences to {}'.format(destfile)))
destfile = os.path.join(self.__firefox_installdir2, 'policies.json')
os.makedirs(self.__firefox_installdir2, exist_ok=True)
with open(destfile, 'w') as f:
json.dump(self.policies_json, f)
logging.debug(
slogm('Wrote Firefox preferences to {}'.format(destfile)))
def generate(self):
try:
template = self.__template_environment.get_template(self.infilename)
text = template.render(**self.args)
with open(self.outfile, 'w') as f:
f.write(text)
logging.debug(slogm('Generated file {} with arguments {}'.format(self.outfile, self.args)))
except Exception as exc:
logging.error(slogm('Unable to generate file {} from {}'.format(self.outfile, self.infilename)))
def apply(self):
'''
Trigger control facility invocation.
'''
if self.__module_enabled:
logging.debug(slogm('Running Polkit applier for machine'))
for policy in self.policies:
policy.generate()
else:
logging.debug(
slogm('Polkit applier for machine will not be started'))
def user_context_apply(self):
if self.__module_enabled:
logging.debug(
slogm('Running Envvar applier for user in user context'))
ev = Envvar(self.envvars, self.username)
ev.act()
else:
logging.debug(
slogm(
'Envvar applier for user in user context will not be started'
))
def add_hkcu_entry(self, preg_entry, sid):
'''
Write PReg entry to HKEY_CURRENT_USER
'''
hkcu_pentry = samba_hkcu_preg(sid, preg_entry)
if not hkcu_pentry.hive_key.rpartition('\\')[2].startswith('**'):
logging.debug(slogm('Adding HKCU entry for {}'.format(sid)))
self._hkcu_upsert(hkcu_pentry)
else:
logging.warning(
slogm('Skipping branch deletion key: {}'.format(
hkcu_pentry.hive_key)))
def admin_context_apply(self):
if self.__module_enabled:
logging.debug(
slogm(
'Running Shortcut applier for user in administrator context'
))
self.run(False)
else:
logging.debug(
slogm(
'Shortcut applier for user in administrator context will not be started'
))
def apply(self):
if self.__module_enabled:
logging.debug(slogm('Running Firewall applier for machine'))
if '1' == self.firewall_enabled:
logging.debug(slogm('Firewall is enabled'))
self.run()
else:
logging.debug(
slogm('Firewall is disabled, settings will be reset'))
proc = subprocess.Popen(self.__firewall_reset_cmd)
proc.wait()
else:
logging.debug(slogm('Firewall applier will not be started'))
def __init__(self, storage):
self.storage = storage
deny_all = storage.filter_hklm_entries(self.__deny_all).first()
# Deny_All hook: initialize defaults
template_file = self.__polkit_map[self.__deny_all][0]
template_vars = self.__polkit_map[self.__deny_all][1]
if deny_all:
logging.debug(slogm('Deny_All setting found: {}'.format(deny_all.data)))
self.__polkit_map[self.__deny_all][1]['Deny_All'] = deny_all.data
else:
logging.debug(slogm('Deny_All setting not found'))
self.policies = []
self.policies.append(polkit(template_file, template_vars))
def set_control_status(self):
status = self._map_control_status(self.control_value)
logging.debug(
slogm('Setting control {} to {}'.format(self.control_name,
status)))
try:
proc = subprocess.Popen(
['/usr/sbin/control', self.control_name, status],
stdout=subprocess.PIPE)
except:
logging.error(
slogm('Unable to set {} to {}'.format(self.control_name,
status)))
def run(self):
server_type = self.storage.get_hklm_entry(self.ntp_server_type)
server_address = self.storage.get_hklm_entry(self.ntp_server_address_key)
ntp_server_enabled = self.storage.get_hklm_entry(self.ntp_server_enabled)
ntp_client_enabled = self.storage.get_hklm_entry(self.ntp_client_enabled)
if NTPServerType.NTP.value != server_type.data:
logging.warning(slogm('Unsupported NTP server type: {}'.format(server_type)))
else:
logging.debug(slogm('Configuring NTP server...'))
if '1' == ntp_server_enabled.data:
logging.debug(slogm('NTP server is enabled'))
self._start_chrony_client(server_address)
self._chrony_as_server()
elif '0' == ntp_server_enabled.data:
logging.debug(slogm('NTP server is disabled'))
self._chrony_as_client()
else:
logging.debug(slogm('NTP server is not configured'))
if '1' == ntp_client_enabled.data:
logging.debug(slogm('NTP client is enabled'))
self._start_chrony_client()
elif '0' == ntp_client_enabled.data:
logging.debug(slogm('NTP client is disabled'))
self._stop_chrony_client()
else:
logging.debug(slogm('NTP client is not configured'))
def admin_context_apply(self):
'''
Perform printer configuration assigned for user.
'''
if self.__module_enabled:
logging.debug(
slogm(
'Running CUPS applier for user in administrator context'))
self.run()
else:
logging.debug(
slogm(
'CUPS applier for user in administrator context will not be started'
))