def galleries_list(fspath, stat=False, **args): term.banner("LIST OF GALLERIES") compact = not stat galleries = search_galleries(fspath) if compact: print(term.em('# '), end='') print_gallery_name('Name', term.em) print(term.em("{1}{0}".format('Albums', SYMBOL_SEPARATOR_CLEAR))) for i, gallery in enumerate(galleries): if compact: print(term.p("{:<5d}".format(i)), end='') print_gallery_name(gallery.name) print(term.p("{1}{0}".format( ', '.join(str(x) for x in gallery.albums), SYMBOL_SEPARATOR ))) else: print_gallery_name(gallery.name, term.em, end='\n') print(term.p("{0:>20}: {1}".format('Albums', ', '.join(str(x) for x in gallery.albums)))) nop, notp, sod = gallery_stat(gallery.path) print(term.p("{0:>20}: {1!s}".format("Number of pictures", nop))) print(term.p("{0:>20}: {1}".format("Size on disk", humanfriendly.format_size(sod)))) print()
def deviceDetection(): import wmi local_machine = wmi.WMI() for os in local_machine.Win32_OperatingSystem(): p(os.Caption) #disk_watcher = local_machine. p(local_machine.methods.keys())
def print_checklist_warning(): # Print a warning reminding IT staff to properly secure the laptop in the Bios txt = """ }}mn====================================================================== }}mn| }}rbWARNING!!! }}xxEnsure that the boot from USB or boot from SD card }}mn| }}mn| }}xxoptions in the bios are disabled and that the admin password is }}mn| }}mn| }}xxset to a strong random password. }}mn| }}mn======================================================================}}xx """ p(txt)
def print_app_header(): # Print a the header for the app txt = """ }}mn====================================================================== }}mn| }}ybOPE Credential App }}mn| }}mn| }}dnThis app will add student credentials to the computer and }}mn| }}mn| }}dnsecure the laptop for inmate use. }}mn| }}mn======================================================================}}dn """ term.p(txt)
def disable_student_accounts(): # Get a list of accounts that are in the students group global STUDENTS_GROUP p("}}cb-- Disabling local student accounts in " + str(STUDENTS_GROUP) + " group...}}xx") try: grp = accounts.local_group(STUDENTS_GROUP) except winsys.exc.x_not_found as ex: # p("}}yn" + str(STUDENTS_GROUP) + " group not found - skipping disable student accounts...}}xx") return for user in grp: user_name = str(user.name) p("}}cn\t-" + user_name + "}}xx") disable_account(user_name)
def create_local_students_group(): global STUDENTS_GROUP # Ensure the local students group exists ret = True try: accounts.LocalGroup.create(STUDENTS_GROUP) # except pywintypes.error as err: except Exception as err: if err.args[2] == "The specified local group already exists.": pass else: # Unexpected error p("}}rb" + str(err) + "}}xx") ret = False return ret
def listUSB(): import usb import usb.core import usb.util #busses = usb.busses() #for bus in busses: # devices = bus.devices # for dev in devices: # print "Device: ", dev devices = usb.core.find(find_all=True) #n = devices.next() #print n for dev in devices: d_class = dev.bDeviceClass p("Device Found: " + str(dev.bcdDevice)) try: p(dev) except: pass
def test_reg(): global STUDENTS_GROUP key = winreg.OpenKey(winreg.HKEY_LOCAL_MACHINE, "Software", 0, winreg.KEY_WOW64_64KEY | winreg.KEY_READ) p("SUB KEYS: ") enum_done = False i = 0 try: while enum_done is False: sub_key = winreg.EnumKey(key, i) p("-- SK: " + str(sub_key)) i += 1 # p("Ref: " + str(winreg.QueryReflectionKey(winreg.HKEY_LOCAL_MACHINE))) except WindowsError as ex: # No more values if ex.errno == 22: # p("---_DONE") # Don't flag an error when we are out of entries pass else: p("-- ERR " + str(ex) + " " + str(ex.errno)) pass
def scratch(): # print("Installing Admin Services...") # print("Installing offline LMS app...") # print ("Applying security rules...") p("\tDownloading firewall rules...") url = api_url + "lms/get_firewall_list.json" p("\n\nURL: " + url) request = urllib3.Request(url, None, headers) json_str = "" try: response = urllib3.urlopen(request) json_str = response.read() except urllib3.HTTPError as ex: if ex.code == 403: p("}}rbInvalid ADMIN Password!}}xx") return False else: p("}}rbHTTP Error!}}xx") p("}}mn" + str(ex) + "}}xx") return False except Exception as ex: p("}}rbUnable to communicate with SMC tool!}}xx") p("}}mn" + str(ex) + "}}xx") return False firewall_response = None try: firewall_response = json.loads(json_str) except Exception as ex: p("}}rbUnable to interpret firewall response from SMC}}xx") p("}}mn" + str(ex) + "}}xx") return False for rule in firewall_response: p("}}ybApplying Firewall Rule: " + str(rule["rule_name"])) fw_cmd = "netsh advfirewall firewall delete rule \"" + str( rule["rule_name"]) + "\"" p("\t\t}}rn" + fw_cmd) os.system(fw_cmd) fw_cmd = "netsh advfirewall firewall add rule name=\"" + str( rule["rule_name"]) + "\"" if rule["protocol"] != "": fw_cmd += " protocol=" + rule["protocol"] if rule["rmtusrgrp"] != "": fw_cmd += " rmtusrgrp=" + rule["rmtusrgrp"] if rule["rmtcomputergrp"] != "": fw_cmd += " rmtcomputergrp=" + rule["rmtcomputergrp"] if rule["description"] != "": fw_cmd += " description=\"" + rule["description"].replace( "\"", "") + "\"" if rule["service"] != "": fw_cmd += " service=\"" + rule["service"] + "\"" if rule["fw_action"] != "": fw_cmd += " action=" + rule["fw_action"] if rule["fw_security"] != "": fw_cmd += " security=" + rule["fw_security"] if rule["program"] != "": fw_cmd += " program=\"" + rule["program"].replace("\"", "") + "\"" if rule["profile"] != "": fw_cmd += " profile=" + rule["profile"] if rule["direction"] != "": fw_cmd += " direction=" + rule["direction"] if rule["remoteip"] != "": fw_cmd += " remoteip=" + rule["remoteip"] if rule["fw_enable"] != "": fw_cmd += " enable=" + rule["fw_enable"] if rule["remoteport"] != "": fw_cmd += " remoteport=" + rule["remoteport"] if rule["localport"] != "": fw_cmd += " localport=" + rule["localport"] if rule["localip"] != "": fw_cmd += " localip=" + rule["localip"] if rule["edge"] != "": fw_cmd += " edge=" + rule["edge"] if rule["interfacetype"] != "": fw_cmd += " interfacetype=" + rule["interfacetype"] p("\t\t}}rb" + fw_cmd) os.system(fw_cmd) # Turn the firewall on # netsh advfirewall set allprofiles state on # Default Settings # netsh advfirewall reset # Set logging # netsh advfirewall set currentprofile logging filename "C:\temp\pfirewall.log" # Block ping # netsh advfirewall firewall add rule name="All ICMP V4" dir=in action=block protocol=icmpv4 # Allow ping # netsh advfirewall firewall add rule name="All ICMP V4" dir=in action=allow protocol=icmpv4 # Allow or deny port # netsh advfirewall firewall add rule name="Open SQL Server Port 1433" dir=in action=allow protocol=TCP localport=1433 # netsh advfirewall firewall delete rule name="Open SQL Server Port 1433" protocol=tcp localport=1433 # Enable program # netsh advfirewall firewall add rule name="Allow Messenger" dir=in action=allow program="C:\programfiles\messenger\msnmsgr.exe" # Enable remote manatement # netsh advfirewall firewall set rule group="remote administration" new enable=yes # Enable remote desktop # netsh advfirewall firewall set rule group="remote desktop" new enable=Yes # Export settings # netsh advfirewall export "C:\temp\WFconfiguration.wfw" # Get repo over test cert # git -c http.sslVerify=false clone https://example.com/path/to/git # TODO # Download current policy zip file # unzip # import # /mergedpolicy -- to combine domain/local cmd = "cd policy_dir; secedit /export /cfg gp.ini /log export.log" # netsh -- import firewall rules # download netsh import # run netsh import command print_checklist_warning() p("}}ybPress enter when done}}xx", False) a = input() return True
def main(): global APP_FOLDER if win_util.is_admin() is not True: p("}}rbApp must be run as Admin user with elevated (UAC) privileges!!!}}xx" ) return False global admin_user, admin_pass, smc_url, student_user, server_name, home_root canvas_access_token = "" canvas_url = "https://canvas.ed" win_util.disable_guest_account() # win_util.test_reg() # See if we already have a user credentialed. last_student_user = win_util.get_credentialed_student_name( default_value="") last_smc_url = win_util.get_last_smc_url(default_value="https://smc.ed") last_admin_user = win_util.get_last_admin_user(default_value="admin") # p("LAST STUDENT USER: "******"}}ynEnter URL for SMC Server }}cn[enter for " + last_smc_url + "]:}}xx ", False) tmp = input() tmp = tmp.strip() if tmp == "": tmp = last_smc_url smc_url = tmp p( "}}ynPlease enter the ADMIN user name }}cn[enter for " + last_admin_user + "]:}}xx ", False) tmp = input() tmp = tmp.strip() if tmp == "": tmp = last_admin_user admin_user = tmp p("}}ynPlease enter ADMIN password }}cn[characters will not show]:}}xx", False) tmp = getpass.getpass(" ") if tmp == "": p("}}rbA password is required.}}xx") return False admin_pass = tmp tmp = "" last_student_user_prompt = "" while tmp.strip() == "": if last_student_user != "": last_student_user_prompt = " }}cn[enter for previous student " + last_student_user + "]" # p("}}mb\t- Found previously credentialed user: }}xx" + str(last_student_user)) p( "}}ynPlease enter the username for the student" + last_student_user_prompt + ":}}xx ", False) tmp = input() if tmp.strip() == "": tmp = last_student_user student_user = tmp.strip() result = verify_ope_account_in_smc(student_user, smc_url, admin_user, admin_pass) if result is None: p("}}rbERR - User doesn't exist in smc??}}xx") sys.exit(-1) laptop_admin_user, laptop_admin_password, student_full_name = result if laptop_admin_user == "" or laptop_admin_password == "": p("}}rbERR - Please set the laptop admin credentials in the SMC before continuing (Admin -> Configure App -> Laptop Admin Credentials) }}xx" ) sys.exit(-1) if student_full_name == "": p("}}rbERR - Unable to find student user in the SMC? Make sure it is imported.}}xx" ) sys.exit(-1) # Show confirm info txt = """ }}mn====================================================================== }}mn| }}ybConfirm Credential Parameters }}mn| }}mn| }}ynSMC URL: }}cn<smc_url>}}mn| }}mn| }}ynAdmin User: }}cn<admin_user>}}mn| }}mn| }}ynAdmin Password: }}cn<admin_pass>}}mn| }}mn| }}ynStudent Username: }}cn<student_user>}}mn| }}mn======================================================================}}xx """ txt = txt.replace("<smc_url>", smc_url.ljust(47)) txt = txt.replace("<admin_user>", admin_user.ljust(47)) txt = txt.replace("<admin_pass>", "******".ljust(47)) student_text = student_user + " (" + student_full_name + ")" txt = txt.replace("<student_user>", student_text.ljust(47)) p(txt) p("}}ybPress Y to continue: }}xx", False) tmp = input() tmp = tmp.strip().lower() if tmp != "y": p("}}cnCanceled / Not credentialing....}}xx") return False api_url = smc_url if not api_url.endswith("/"): api_url += "/" key = base64.b64encode(str(admin_user + ':' + admin_pass).encode()).decode() headers = {'Authorization': 'Basic ' + key} # password_manager = urllib3.HTTPPasswordMgrWithDefaultRealm() # password_manager.add_password(None, api_url, admin_user, admin_pass) # handler = urllib3.HTTPBasicAuthHandler(password_manager) # opener = urllib3.build_opener(handler) # ssl_context = ssl._create_unverified_context() p("\n}}gnStarting Credential Process...}}xx\n") url = api_url + "lms/credential_student.json/" + student_user try: resp = requests.get( url, headers=headers, verify=False) # urllib3.Request(url, None, headers) except requests.ConnectionError as error_message: p("}}rbConnection error trying to connect to SMC server}}xx") p("}}yn" + str(error_message) + "}}xx") return False if resp is None: # Unable to get a response? p("}}rbInvalid response from SMC server!}}xx") return False if resp.status_code == requests.codes.forbidden: p("}}rbError authenticating with SMC server - check password and try again.}}xx" ) return False try: resp.raise_for_status() except Exception as error_message: p("}}rbGeneral error trying to connect to SMC server}}xx") p("}}yn" + str(error_message) + "}}xx") return False smc_response = None try: smc_response = resp.json() except ValueError as error_message: p("}}rbInvalid JSON response from SMC}}xx") p("}}yn" + str(error_message) + "}}xx") return False except Exception as error_message: p("}}rbUNKNOWN ERROR}}xx") p("}}yn" + str(error_message) + "}}xx") return False # Interpret response from SMC try: # p("RESP: " + str(smc_response)) msg = smc_response["msg"] if msg == "Invalid User!": p("\n}}rbInvalid User!}}xx") p("}}mnUser doesn't exit in system, please import this student in the SMC first!}}xx" ) return False if msg == "No username specified!": p("\n}}rbInvalid User!}}xx") p("}}mnNo user with this name exists, please import this student in the SMC first!}}xx" ) return False if "unable to connect to canvas db" in msg: p("\n}}rbSMC Unable to connect to Canvas DB - make sure canvas app is running and\n" + "the SMC tool is configured to talk to Canvas}}xx") p("}}yn" + str(msg) + "}}xx") return False if "Unable to find user in canvas:" in msg: p("\n}}rbInvalid User!}}xx") p("}}mnUser exists in SMC but not in Canvas, please rerun import this student in the SMC to correct the issue!}}xx" ) full_name = smc_response["full_name"] canvas_access_token = smc_response["key"] hash = smc_response["hash"] student_full_name = str(smc_response["full_name"]) canvas_url = str(smc_response['canvas_url']) except Exception as error_message: p("}}rbUnable to interpret response from SMC - no msg parameter returned}}xx" ) p("}}mn" + str(ex) + "}}xx") return False #print(json.dumps(smc_response)) #p("Response: " + canvas_access_token + " ---- " + str(hash)) #print(canvas_access_token) #print(hash) pw = win_util.decrypt(hash, canvas_access_token) p("}}gnCreating local student windows account...") win_util.create_local_student_account(student_user, student_full_name, pw) p("}}gnCreating local admin windows account...") try: win_util.create_local_admin_account(laptop_admin_user, "OPE Laptop Admin", laptop_admin_password) except Exception as ex: p("}}rbError setting up OPE Laptop Admin Account " + str(ex)) laptop_admin_password = "" # Store the access token in the registry where the LMS app can pick it up p("}}gn\nSaving canvas credentials for student...") # key = win_util.create_reg_key(r"HKLM\Software\OPE\OPELMS", student_user) # key = win_util.create_reg_key(r"HKLM\Software\OPE\OPELMS\student") # key.canvas_access_token = canvas_access_token # key.user_name = student_user win_util.set_registry_value('canvas_access_token', canvas_access_token) win_util.set_registry_value('user_name', student_user) win_util.set_registry_value('canvas_url', canvas_url) win_util.set_registry_value('smc_url', smc_url) win_util.set_registry_value('admin_user', admin_user) win_util.set_registry_permissions(student_user) # p("}}gnCanvas access granted for student.}}xx") p("\n}}gnSetting up LMS App...}}xx") # Create shortcut lnk_path = "c:\\users\\public\\desktop\\OPE LMS.lnk" # Modify so that desktop shortcut point to where the app really is, not the hard coded dir # exe_path = "c:\\programdata\\ope\\ope_laptop_binaries\\lms\\ope_lms.exe" LMS_FOLDER = os.path.join(os.path.dirname(APP_FOLDER), "lms") exe_path = os.path.join(LMS_FOLDER, "ope_lms.exe") # ico_path = "c:\\programdata\\ope\\ope_laptop_binaries\\lms\\logo_icon.ico" ico_path = os.path.join(LMS_FOLDER, "logo_icon.ico") shortcut = pythoncom.CoCreateInstance(shell.CLSID_ShellLink, None, pythoncom.CLSCTX_INPROC_SERVER, shell.IID_IShellLink) shortcut.SetPath(exe_path) shortcut.SetDescription( "Offline LMS app for Open Prison Education project") shortcut.SetIconLocation(ico_path, 0) persist_file = shortcut.QueryInterface(pythoncom.IID_IPersistFile) persist_file.Save(lnk_path, 0) # If current user is not the laptop_admin_user - ask if we should disable this account? me = accounts.me() if laptop_admin_user != me.name: p("}}rb!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" ) p("}}rbYou are currently logged in as " + str(me.name) + " but the Laptop Admin user is " + str(laptop_admin_user) + ".") p("}}rb---> Please make sure to set a password and/or disable accounts that aren't needed on this laptop.}}xx" ) p("}}rb!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" ) countdown = 8 while countdown > 0: p("\r}}mb" + str(countdown) + "}}xx", end="") time.sleep(1) countdown -= 1 p("\n}}gbCanvas token saved.}}xx") p("") p("}}zn --------------> !!!!!CONFIRM BIOS!!!!! <-------------- }}xx" ) p("}}zn --------------> VERIFY BIOS PASSWORD/SETTINGS BEFORE HANDING OUT LAPTOP! <-------------- }}xx" ) countdown = 8 while countdown > 0: p("\r}}mb" + str(countdown) + "}}xx", end="") time.sleep(1) countdown -= 1 return True
def verify_ope_account_in_smc(user_name, smc_url, admin_user, admin_pw): # Bounce off the SMC server to see if the student account exists in SMC # NOTE - this one does NOT check canvas for the user laptop_admin_user = "" laptop_admin_password = "" student_full_name = "" api_url = smc_url if not api_url.endswith("/"): api_url += "/" # Need to use basic auth for this key = base64.b64encode(str(admin_user + ':' + admin_pass).encode()).decode() headers = {'Authorization': 'Basic ' + key} p("\n}}gnChecking user status in SMC tool...}}xx\n") url = api_url + "lms/verify_ope_account_in_smc.json/" + student_user try: resp = requests.get(url, headers=headers, verify=False) # urllib3.Get(url, None, headers) except requests.ConnectionError as error_message: p("}}rbConnection error trying to connect to SMC server}}xx") p("}}yn" + str(error_message) + "}}xx") return None if resp is None: # Unable to get a response? p("}}rbInvalid response from SMC server!}}xx") return None if resp.status_code == requests.codes.forbidden: p("}}rbError authenticating with SMC server - check password and try again.}}xx" ) return None try: resp.raise_for_status() except Exception as error_message: p("}}rbGeneral error trying to connect to SMC server}}xx") p("}}ybApplyingMake sure SMC is fully up to date}}xx") p("}}yn" + str(error_message) + "}}xx") return None smc_response = None try: smc_response = resp.json() except ValueError as error_message: p("}}rbInvalid JSON reponse from SMC}}xx") p("}}yn" + str(error_message) + "}}xx") return None except Exception as error_message: p("}}rbUNKNOWN ERROR}}xx") p("}}yn" + str(error_message) + "}}xx") return None # Interpret response from SMC try: msg = smc_response["msg"] if msg.startswith("Invalid User!"): p("\n}}rbInvalid User!}}xx") p("}}mnUser doesn't exit in system, please import this student in the SMC first!}}xx" ) return None if msg == "No username specified!": p("\n}}rbInvalid User!}}xx") p("}}mnNo user with this name exists, please import this student in the SMC first!}}xx" ) return None student_full_name = smc_response["student_full_name"] laptop_admin_user = smc_response["laptop_admin_user"] laptop_admin_password = smc_response["laptop_admin_password"] except Exception as error_message: p("}}rbUnable to interpret response from SMC - no msg parameter returned}}xx" ) p("}}mn" + str(error_message) + "}}xx") # p(str(smc_response)) return None return (laptop_admin_user, laptop_admin_password, student_full_name)
def optimize(gallery_name, fspath, **args): gallery = get_gallery(fspath, gallery_name) term.banner("OPTIMIZE IMAGES (JPEG)") dry = args.get('dry_run') try: subprocess.call(['djpeg', '-version'], stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL) subprocess.call(['cjpeg', '-version'], stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL) except FileNotFoundError as x: term.banner("MOZJPEG MUST BE INSTALLED", type='INFO') raise GSError("OPTIMIZE: {0}".format(x)) if dry: term.banner("DRY RUN", type='INFO') for directory in ['p', 't']: path = os.path.join(gallery.path, directory) for root, directories, files in os.walk(path): for filename in sorted(fnmatch.filter(files, '*.jpg')): path = os.path.join(root, filename) size = os.path.getsize(path) if size: djpeg = subprocess.Popen(['djpeg', path], stdout=subprocess.PIPE) cjpeg = subprocess.Popen(['cjpeg', '-quality', '92', '-opt', '-sample', '1x1', '-notrellis' ], stdin=djpeg.stdout, stdout=subprocess.PIPE) new_size = 0 new_path = None if dry: with cjpeg: for chunk in iter(lambda: cjpeg.stdout.read(4096), b''): new_size = new_size + len(chunk) else: new_path = path + ".new" with cjpeg, open(new_path, 'wb') as f: for chunk in iter(lambda: cjpeg.stdout.read(4096), b''): f.write(chunk) new_size = new_size + len(chunk) ratio = 100 / size * new_size print(term.p("{0:32} {1:6.2f}% {2:8} {3:8}".format(filename, ratio, size, new_size)), end=' ') if new_path: if ratio < 95: print("... gained {0:.2f}%".format(100 - ratio), end=' ') shutil.move(new_path, path) else: print("... skipping", end=' ') os.remove(new_path) print() term.banner("DONE", type='INFO')
def disable_guest_account(): try: disable_account("Guest") except Exception as ex: p("}}rbERROR disabling guest account " + str(ex) + "}}xx") pass
def create_local_admin_account(user_name, full_name, password): # Create local admin account ret = True admin = None try: p("}}yn\tAdding Admin account (" + user_name + ")...}}xx") accounts.User.create(user_name, password) # p("}}yn\t\tDone.}}xx") # except pywintypes.error as err: except Exception as err: if err.args[2] == "The account already exists.": pass else: # Unexpected error p("}}rb" + str(err) + "}}xx") ret = False # Get the student object admin = accounts.user(user_name) # Set properties for this student # win32net.NetUserChangePassword(None, user_name, old_pw, password) user_data = dict() user_data['name'] = user_name user_data['full_name'] = full_name user_data['password'] = password user_data[ 'flags'] = win32netcon.UF_NORMAL_ACCOUNT | win32netcon.UF_PASSWD_CANT_CHANGE | win32netcon.UF_DONT_EXPIRE_PASSWD | win32netcon.UF_SCRIPT user_data['priv'] = win32netcon.USER_PRIV_ADMIN user_data['comment'] = 'OPE Admin Account' # user_data['home_dir'] = home_dir # user_data['home_dir_drive'] = "h:" user_data['primary_group_id'] = ntsecuritycon.DOMAIN_GROUP_RID_USERS user_data['password_expired'] = 0 user_data['acct_expires'] = win32netcon.TIMEQ_FOREVER win32net.NetUserSetInfo(None, user_name, 3, user_data) # Add user to the required groups p("}}yn\tAdding user to Administrators group...}}xx") grp = accounts.LocalGroup(accounts.group("Administrators").sid) users_grp = accounts.LocalGroup(accounts.group("Users").sid) try: # Add to administrators group grp.add(admin) # except pywintypes.error as err: except Exception as err: if err.args[ 2] == "The specified account name is already a member of the group.": pass else: # Unexpected error p("}}rb" + str(err) + "}}xx") ret = False try: # Add to users group users_grp.add(admin) # except pywintypes.error as err: except Exception as err: if err.args[ 2] == "The specified account name is already a member of the group.": pass else: # Unexpected error p("}}rb" + str(err) + "}}xx") ret = False return ret
def create_local_student_account(user_name, full_name, password): global STUDENTS_GROUP # Ensure the Students group exists ret = create_local_students_group() # Create local student account student = None try: p("}}yn\tAdding student account (" + user_name + ")...}}xx") accounts.User.create(user_name, password) # except pywintypes.error as err: except Exception as err: if err.args[2] == "The account already exists.": pass else: # Unexpected error p("}}rb" + str(err) + "}}xx") ret = False # Get the student object student = accounts.user(user_name) # Set properties for this student # win32net.NetUserChangePassword(None, user_name, old_pw, password) user_data = dict() user_data['name'] = user_name user_data['full_name'] = full_name user_data['password'] = password user_data[ 'flags'] = win32netcon.UF_NORMAL_ACCOUNT | win32netcon.UF_PASSWD_CANT_CHANGE | win32netcon.UF_DONT_EXPIRE_PASSWD | win32netcon.UF_SCRIPT user_data['priv'] = win32netcon.USER_PRIV_USER user_data['comment'] = 'OPE Student Account' # user_data['home_dir'] = home_dir # user_data['home_dir_drive'] = "h:" user_data['primary_group_id'] = ntsecuritycon.DOMAIN_GROUP_RID_USERS user_data['password_expired'] = 0 user_data['acct_expires'] = win32netcon.TIMEQ_FOREVER win32net.NetUserSetInfo(None, user_name, 3, user_data) # Add student to the students group p("}}yn\tAdding student to students group...}}xx") grp = accounts.LocalGroup(accounts.group(STUDENTS_GROUP).sid) users_grp = accounts.LocalGroup(accounts.group("Users").sid) try: # Add to students group grp.add(student) # except pywintypes.error as err: except Exception as err: if err.args[ 2] == "The specified account name is already a member of the group.": pass else: # Unexpected error p("}}rb" + str(err) + "}}xx") ret = False try: # Add to users group users_grp.add(student) # except pywintypes.error as err: except Exception as err: if err.args[ 2] == "The specified account name is already a member of the group.": pass else: # Unexpected error p("}}rb" + str(err) + "}}xx") ret = False # # home_dir = "%s\\%s" % (server_name, user_name) # return ret
def listNics(): system_nics = [ "WAN Miniport (IP)", "WAN Miniport (IPv6)", "WAN Miniport (Network Monitor)", "WAN Miniport (PPPOE)", "WAN Miniport (PPTP)", "WAN Miniport (L2TP)", "WAN Miniport (IKEv2)", "WAN Miniport (SSTP)", "Microsoft Wi-Fi Direct Virtual Adapter", "Teredo Tunneling Pseudo-Interface", "Microsoft Kernel Debug Network Adapter", ] approved_nics = [ "Realtek USB GbE Family Controller", ] import win32com.client strComputer = "." objWMIService = win32com.client.Dispatch("WbemScripting.SWbemLocator") objSWbemServices = objWMIService.ConnectServer(strComputer, "root\cimv2") colItems = objSWbemServices.ExecQuery("Select * from Win32_NetworkAdapter") for objItem in colItems: if objItem.Name in approved_nics: p("***Device found - on approved list: ", objItem.Name, str(objItem.NetConnectionID)) continue elif objItem.Name in system_nics: #p("***Device found - system nic - ignoring: ", objItem.Name) continue else: p("***Device found :", objItem.Name) dev_id = objItem.NetConnectionID if dev_id: p(" ---> !!! unauthorized !!!, disabling...", str(dev_id)) cmd = "netsh interface set interface \"" + dev_id + "\" DISABLED" #print cmd os.system(cmd) else: #p(" ---> unauthorized, not plugged in...") pass continue p("========================================================") p("Adapter Type: ", objItem.AdapterType) p("Adapter Type Id: ", objItem.AdapterTypeId) p("AutoSense: ", objItem.AutoSense) p("Availability: ", objItem.Availability) p("Caption: ", objItem.Caption) p("Config Manager Error Code: ", objItem.ConfigManagerErrorCode) p("Config Manager User Config: ", objItem.ConfigManagerUserConfig) p("Creation Class Name: ", objItem.CreationClassName) p("Description: ", objItem.Description) p("Device ID: ", objItem.DeviceID) #p("Error Cleared: ", objItem.ErrorCleared) #p("Error Description: ", objItem.ErrorDescription) #p("Index: ", objItem.Index) #p("Install Date: ", objItem.InstallDate) #p("Installed: ", objItem.Installed) #p("Last Error Code: ", objItem.LastErrorCode) #p("MAC Address: ", objItem.MACAddress) p("Manufacturer: ", objItem.Manufacturer) #p("Max Number Controlled: ", objItem.MaxNumberControlled) #p("Max Speed: ", objItem.MaxSpeed) p("Name: ", objItem.Name) p("Net Connection ID: ", objItem.NetConnectionID) p("Net Connection Status: ", objItem.NetConnectionStatus) z = objItem.NetworkAddresses if z is None: a = 1 else: for x in z: p("Network Addresses: ", x) #print "Permanent Address: ", objItem.PermanentAddress p("PNP Device ID: ", objItem.PNPDeviceID) #z = objItem.PowerManagementCapabilities #if z is None: # a = 1 #else: # for x in z: # p("Power Management Capabilities: ", x) #p("Power Management Supported: ", objItem.PowerManagementSupported) p("Product Name: ", objItem.ProductName) p("Service Name: ", objItem.ServiceName) #p("Speed: ", objItem.Speed) #p("Status: ", objItem.Status) #p("Status Info: ", objItem.StatusInfo) p("System Creation Class Name: ", objItem.SystemCreationClassName) p("System Name: ", objItem.SystemName)
def main(): global admin_user, admin_pass, smc_url, student_user, server_name, home_root canvas_access_token = "" print_app_header() # Ask for admnin user/pass and website tmp = raw_input( term.translateColorCodes( "}}ynEnter URL for SMC Server }}cn[enter for default " + smc_url + "]:}}dn ")) tmp = tmp.strip() if tmp == "": tmp = smc_url smc_url = tmp tmp = raw_input( term.translateColorCodes( "}}ynPlease enter the ADMIN user name }}cn[enter for default " + admin_user + "]:}}dn ")) tmp = tmp.strip() if tmp == "": tmp = admin_user admin_user = tmp p("}}ynPlease enter ADMIN password }}cn[characters will not show]:}}dn", False) tmp = getpass.getpass(" ") if tmp == "": p("}}rbA password is required.}}dn") return False admin_pass = tmp tmp = "" while tmp.strip() == "": tmp = raw_input( term.translateColorCodes( "}}ynPlease enter the username for the student:}}dn ")) student_user = tmp.strip() txt = """ }}mn====================================================================== }}mn| }}ybCredential Computer }}mn| }}mn| }}ynSMC URL: }}cn<smc_url>}}mn| }}mn| }}ynAdmin User: }}cn<admin_user>}}mn| }}mn| }}ynAdmin Password: }}cn<admin_pass>}}mn| }}mn| }}ynStudent Username: }}cn<student_user>}}mn| }}mn======================================================================}}dn """ txt = txt.replace("<smc_url>", smc_url.ljust(47)) txt = txt.replace("<admin_user>", admin_user.ljust(47)) txt = txt.replace("<admin_pass>", "******".ljust(47)) txt = txt.replace("<student_user>", student_user.ljust(47)) p(txt) tmp = raw_input(term.translateColorCodes("}}ybPress Y to continue: }}dn")) tmp = tmp.strip().lower() if tmp == "y": api_url = smc_url if not api_url.endswith("/"): api_url += "/" key = base64.b64encode(admin_user + ':' + admin_pass) headers = {'Authorization': 'Basic ' + key} # password_manager = urllib2.HTTPPasswordMgrWithDefaultRealm() # password_manager.add_password(None, api_url, admin_user, admin_pass) # handler = urllib2.HTTPBasicAuthHandler(password_manager) # opener = urllib2.build_opener(handler) # ssl_context = ssl._create_unverified_context() p("\n}}gnGetting Canvas Auth Key...}}dn\n") url = api_url + "lms/credential_student.json/" + student_user request = urllib2.Request(url, None, headers) json_str = "" try: response = urllib2.urlopen(request) json_str = response.read() except urllib2.HTTPError as ex: if ex.code == 403: p("}}rbInvalid ADMIN Password!}}dn") return False else: p("}}rbHTTP Error!}}dn") p("}}mn" + str(ex) + "}}dn") return False except Exception as ex: p("}}rbUnable to communicate with SMC tool!}}dn") p("}}mn" + str(ex) + "}}dn") return False canvas_response = None try: canvas_response = json.loads(json_str) except Exception as ex: p("}}rbUnable to interpret response from SMC}}dn") p("}}mn" + str(ex) + "}}dn") return False if "msg" in canvas_response: if canvas_response["msg"] == "Invalid User!": p("\n}}rbInvalid User!}}dn") p("}}mnUser doesn't exit in system, please import this student in the SMC first!}}dn" ) return False canvas_access_token = str(canvas_response["key"]) hash = str(canvas_response["hash"]) student_full_name = str(canvas_response["full_name"]) #print("Response: " + canvas_access_token + " ---- " + hash) pw = win_util.decrypt(hash, canvas_access_token) p("}}gnCreating local windows account...") win_util.create_local_student_account(student_user, student_full_name, pw) # Store the access token in the registry where the LMS app can pick it up p("}}gnSaving canvas credentials for student...") key = win_util.create_reg_key(r"HKLM\Software\OPE\OPELMS", student_user) key = win_util.create_reg_key(r"HKLM\Software\OPE\OPELMS\student") key.canvas_access_token = canvas_access_token print("Installing Admin Services...") print("Installing offline LMS app...") print("Applying security rules...") p("\tDownloading firewall rules...") url = api_url + "lms/get_firewall_list.json" p("\n\nURL: " + url) request = urllib2.Request(url, None, headers) json_str = "" try: response = urllib2.urlopen(request) json_str = response.read() except urllib2.HTTPError as ex: if ex.code == 403: p("}}rbInvalid ADMIN Password!}}dn") return False else: p("}}rbHTTP Error!}}dn") p("}}mn" + str(ex) + "}}dn") return False except Exception as ex: p("}}rbUnable to communicate with SMC tool!}}dn") p("}}mn" + str(ex) + "}}dn") return False firewall_response = None try: firewall_response = json.loads(json_str) except Exception as ex: p("}}rbUnable to interpret firewall response from SMC}}dn") p("}}mn" + str(ex) + "}}dn") return False for rule in firewall_response: p("}}ybApplying Firewall Rule: " + str(rule["rule_name"])) fw_cmd = "netsh advfirewall firewall delete rule \"" + str( rule["rule_name"]) + "\"" p("\t\t}}rn" + fw_cmd) os.system(fw_cmd) fw_cmd = "netsh advfirewall firewall add rule name=\"" + str( rule["rule_name"]) + "\"" if rule["protocol"] != "": fw_cmd += " protocol=" + rule["protocol"] if rule["rmtusrgrp"] != "": fw_cmd += " rmtusrgrp=" + rule["rmtusrgrp"] if rule["rmtcomputergrp"] != "": fw_cmd += " rmtcomputergrp=" + rule["rmtcomputergrp"] if rule["description"] != "": fw_cmd += " description=\"" + rule["description"].replace( "\"", "") + "\"" if rule["service"] != "": fw_cmd += " service=\"" + rule["service"] + "\"" if rule["fw_action"] != "": fw_cmd += " action=" + rule["fw_action"] if rule["fw_security"] != "": fw_cmd += " security=" + rule["fw_security"] if rule["program"] != "": fw_cmd += " program=\"" + rule["program"].replace("\"", "") + "\"" if rule["profile"] != "": fw_cmd += " profile=" + rule["profile"] if rule["direction"] != "": fw_cmd += " direction=" + rule["direction"] if rule["remoteip"] != "": fw_cmd += " remoteip=" + rule["remoteip"] if rule["fw_enable"] != "": fw_cmd += " enable=" + rule["fw_enable"] if rule["remoteport"] != "": fw_cmd += " remoteport=" + rule["remoteport"] if rule["localport"] != "": fw_cmd += " localport=" + rule["localport"] if rule["localip"] != "": fw_cmd += " localip=" + rule["localip"] if rule["edge"] != "": fw_cmd += " edge=" + rule["edge"] if rule["interfacetype"] != "": fw_cmd += " interfacetype=" + rule["interfacetype"] p("\t\t}}rb" + fw_cmd) os.system(fw_cmd) # Turn the firewall on # netsh advfirewall set allprofiles state on # Default Settings # netsh advfirewall reset # Set logging # netsh advfirewall set currentprofile logging filename "C:\temp\pfirewall.log" # Block ping # netsh advfirewall firewall add rule name="All ICMP V4" dir=in action=block protocol=icmpv4 # Allow ping # netsh advfirewall firewall add rule name="All ICMP V4" dir=in action=allow protocol=icmpv4 # Allow or deny port # netsh advfirewall firewall add rule name="Open SQL Server Port 1433" dir=in action=allow protocol=TCP localport=1433 # netsh advfirewall firewall delete rule name="Open SQL Server Port 1433" protocol=tcp localport=1433 # Enable program # netsh advfirewall firewall add rule name="Allow Messenger" dir=in action=allow program="C:\programfiles\messenger\msnmsgr.exe" # Enable remote manatement # netsh advfirewall firewall set rule group="remote administration" new enable=yes # Enable remote desktop # netsh advfirewall firewall set rule group="remote desktop" new enable=Yes # Export settings # netsh advfirewall export "C:\temp\WFconfiguration.wfw" # Get repo over test cert # git -c http.sslVerify=false clone https://example.com/path/to/git # TODO # Download current policy zip file # unzip # import # /mergedpolicy -- to combine domain/local cmd = "cd policy_dir; secedit /export /cfg gp.ini /log export.log" # netsh -- import firewall rules # download netsh import # run netsh import command print_checklist_warning() a = raw_input( term.translateColorCodes("}}ybPress enter when done}}dn"))