def set_info(self, name, value): ientry = info_entry(name, value) logdata = dict() logdata['varname'] = name logdata['value'] = value log('D19', logdata) self._info_upsert(ientry)
def __init__(self, sambacreds, username, domain, is_machine): self.cache_path = '/var/cache/gpupdate/creds/krb5cc_{}'.format( os.getpid()) self.__kinit_successful = machine_kinit(self.cache_path) self.storage = registry_factory('registry') self.storage.set_info('domain', domain) machine_name = get_machine_name() machine_sid = get_sid(domain, machine_name, is_machine) self.storage.set_info('machine_name', machine_name) self.storage.set_info('machine_sid', machine_sid) # User SID to work with HKCU hive self.username = username self._is_machine_username = is_machine if is_machine: self.sid = machine_sid else: self.sid = get_sid(self.storage.get_info('domain'), self.username) self.cache = cache_factory('regpol_cache') self.gpo_names = cache_factory('gpo_names') # Samba objects - LoadParm() and CredentialsOptions() self.sambacreds = sambacreds self.cache_dir = self.sambacreds.get_cache_dir() logdata = dict({'cachedir': self.cache_dir}) log('D7', logdata)
def backend_factory(dc, username, is_machine, no_domain=False): ''' Return one of backend objects. Please note that backends must store their configuration in a storage with administrator write permissions in order to prevent users from modifying policies enforced by domain administrators. ''' back = None config = GPConfig() if config.get_backend() == 'samba' and not no_domain: if not dc: dc = config.get_dc() if dc: ld = dict({'dc': dc}) log('D52', ld) sc = smbcreds(dc) domain = sc.get_domain() ldata = dict({'domain': domain}) log('D9', ldata) try: back = samba_backend(sc, username, domain, is_machine) except Exception as exc: logdata = dict({'error': str(exc)}) log('E7', logdata) if config.get_backend() == 'local' or no_domain: log('D8') try: back = nodomain_backend() except Exception as exc: logdata = dict({'error': str(exc)}) log('E8', logdata) return back
def add_drive(self, sid, dobj, policy_name): drv_entry = drive_entry(sid, dobj, policy_name) logdata = dict() logdata['uri'] = drv_entry.path logdata['sid'] = sid log('D39', logdata) self._drive_upsert(drv_entry)
def get_default(self, obj_id, default_value): result = self.get(obj_id) if result == None: logdata = dict() logdata['object'] = obj_id log('D43', logdata) self.store(obj_id, default_value) return str(default_value) return result.value
def add_hklm_entry(self, preg_entry, policy_name): ''' Write PReg entry to HKEY_LOCAL_MACHINE ''' pentry = samba_preg(preg_entry, policy_name) if not pentry.hive_key.rpartition('\\')[2].startswith('**'): self._hklm_upsert(pentry) else: logdata = dict({'key': pentry.hive_key}) log('D27', logdata)
def add_shortcut(self, sid, sc_obj, policy_name): ''' Store shortcut information in the database ''' sc_entry = ad_shortcut(sid, sc_obj, policy_name) logdata = dict() logdata['link'] = sc_entry.path logdata['sid'] = sid log('D41', logdata) self._shortcut_upsert(sc_entry)
def add_printer(self, sid, pobj, policy_name): ''' Store printer configuration in the database ''' prn_entry = printer_entry(sid, pobj, policy_name) logdata = dict() logdata['printer'] = prn_entry.name logdata['sid'] = sid log('D40', logdata) self._printer_upsert(prn_entry)
def get_local_gpt(sid): ''' Convert default policy to GPT and create object out of it. ''' log('D25') lp2gpt() local_policy = gpt(str(local_policy_cache()), sid) local_policy.set_name('Local Policy') return local_policy
def _upsert(self, obj): try: self.db_session.add(obj) self.db_session.commit() except Exception as exc: self.db_session.rollback() logdata = dict() logdata['msg'] = str(exc) log('D44', logdata) self.db_session.query(self.mapper_obj).filter(self.mapper_obj.str_id == obj.str_id).update({ 'value': obj.value }) self.db_session.commit()
def add_hkcu_entry(self, preg_entry, sid, policy_name): ''' Write PReg entry to HKEY_CURRENT_USER ''' hkcu_pentry = samba_hkcu_preg(sid, preg_entry, policy_name) logdata = dict({'sid': sid, 'policy': policy_name, 'key': hkcu_pentry.hive_key}) if not hkcu_pentry.hive_key.rpartition('\\')[2].startswith('**'): log('D26', logdata) self._hkcu_upsert(hkcu_pentry) else: log('D51', logdata)
def apply_user_context(user_appliers): for applier_name, applier_object in user_appliers.items(): log('D55', {'name': applier_name}) try: applier_object.user_context_apply() except Exception as exc: logdata = dict() logdata['applier'] = applier_name logdata['exception'] = str(exc) log('E20', logdata)
def _check_sysvol_present(self, gpo): ''' Check if there is SYSVOL path for GPO assigned ''' if not gpo.file_sys_path: # GPO named "Local Policy" has no entry by its nature so # no reason to print warning. if 'Local Policy' != gpo.name: logdata = dict({'gponame': gpo.name}) log('W4', logdata) return False return True
def add_envvar(self, sid, evobj, policy_name): ev_entry = envvar_entry(sid, evobj, policy_name) logdata = dict() logdata['envvar'] = ev_entry.name logdata['sid'] = sid log('D53', logdata) try: self._add(ev_entry) except Exception as exc: (self ._filter_sid_obj(envvar_entry, sid) .filter(envvar_entry.name == ev_entry.name) .update(ev_entry.update_fields())) self.db_session.commit()
def add_folder(self, sid, fobj, policy_name): fld_entry = folder_entry(sid, fobj, policy_name) logdata = dict() logdata['folder'] = fld_entry.path logdata['sid'] = sid log('D42', logdata) try: self._add(fld_entry) except Exception as exc: (self ._filter_sid_obj(folder_entry, sid) .filter(folder_entry.path == fld_entry.path) .update(fld_entry.update_fields())) self.db_session.commit()
def __init__(self, cache_name): self.cache_name = cache_name self.mapper_obj = mapping_factory(self.cache_name) self.storage_uri = os.path.join('sqlite:///{}/{}.sqlite'.format(cache_dir(), self.cache_name)) logdata = dict({'cache_file': self.storage_uri}) log('D20', logdata) self.db_cnt = create_engine(self.storage_uri, echo=False) self.__metadata = MetaData(self.db_cnt) self.cache_table = Table( self.cache_name, self.__metadata, Column('id', Integer, primary_key=True), Column('str_id', String(65536), unique=True), Column('value', String) ) self.__metadata.create_all(self.db_cnt) Session = sessionmaker(bind=self.db_cnt) self.db_session = Session() mapper(self.mapper_obj, self.cache_table)
def _get_gpts(self, username, sid): gpts = list() log('D45') # util.windows.smbcreds gpos = self.sambacreds.update_gpos(username) log('D46') for gpo in gpos: if self._check_sysvol_present(gpo): path = check_safe_path(gpo.file_sys_path).upper() slogdata = dict({ 'sysvol_path': gpo.file_sys_path, 'gpo_name': gpo.display_name, 'gpo_path': path }) log('D30', slogdata) gpt_abspath = os.path.join(self.cache_dir, 'gpo_cache', path) obj = gpt(gpt_abspath, sid) obj.set_name(gpo.display_name) gpts.append(obj) else: if 'Local Policy' == gpo.name: gpts.append(get_local_gpt(sid)) return gpts
def user_apply(self): ''' Run appliers for users. ''' if is_root(): for applier_name, applier_object in self.user_appliers.items(): try: applier_object.admin_context_apply() except Exception as exc: logdata = dict() logdata['applier'] = applier_name logdata['exception'] = str(exc) log('E19', logdata) try: with_privileges(self.username, applier_object.user_context_apply) except Exception as exc: logdata = dict() logdata['applier'] = applier_name logdata['exception'] = str(exc) log('E20', logdata) else: for applier_name, applier_object in self.user_appliers.items(): try: applier_object.user_context_apply() except Exception as exc: logdata = dict({'applier_name': applier_name, 'message': str(exc)}) log('E11', logdata)
def determine_username(username=None): ''' Checks if the specified username is valid in order to prevent unauthorized operations. ''' name = username # If username is not set then it will be the name # of process owner. if not username: name = get_process_user() logdata = dict({'username': name}) log('D2', logdata) if not username_match_uid(name): if not is_root(): raise Exception('Current process UID does not match specified username') logdata = dict({'username': name}) log('D15', logdata) return name
def __init__(self, username, is_machine): self.storage = registry_factory('registry') self.username = determine_username(username) self.is_machine = is_machine self.process_uname = get_process_user() self.sid = get_sid(self.storage.get_info('domain'), self.username, is_machine) self.machine_appliers = dict() self.machine_appliers['control'] = control_applier(self.storage) self.machine_appliers['polkit'] = polkit_applier(self.storage) self.machine_appliers['systemd'] = systemd_applier(self.storage) self.machine_appliers['firefox'] = firefox_applier(self.storage, self.sid, self.username) self.machine_appliers['chromium'] = chromium_applier(self.storage, self.sid, self.username) self.machine_appliers['shortcuts'] = shortcut_applier(self.storage) self.machine_appliers['gsettings'] = gsettings_applier(self.storage) self.machine_appliers['cups'] = cups_applier(self.storage) self.machine_appliers['firewall'] = firewall_applier(self.storage) self.machine_appliers['folders'] = folder_applier(self.storage, self.sid) self.machine_appliers['package'] = package_applier(self.storage) self.machine_appliers['ntp'] = ntp_applier(self.storage) self.machine_appliers['envvar'] = envvar_applier(self.storage, self.sid) # User appliers are expected to work with user-writable # files and settings, mostly in $HOME. self.user_appliers = dict() self.user_appliers['shortcuts'] = shortcut_applier_user(self.storage, self.sid, self.username) self.user_appliers['folders'] = folder_applier_user(self.storage, self.sid, self.username) self.user_appliers['gsettings'] = gsettings_applier_user(self.storage, self.sid, self.username) try: self.user_appliers['cifs'] = cifs_applier_user(self.storage, self.sid, self.username) except Exception as exc: logdata = dict() logdata['applier_name'] = 'cifs' logdata['msg'] = str(exc) log('E25', logdata) self.user_appliers['package'] = package_applier_user(self.storage, self.sid, self.username) self.user_appliers['polkit'] = polkit_applier_user(self.storage, self.sid, self.username) self.user_appliers['envvar'] = envvar_applier_user(self.storage, self.sid, self.username)
def __init__(self, gpt_path, sid): self.path = gpt_path self.sid = sid self.storage = registry_factory('registry') self.name = '' self.guid = self.path.rpartition('/')[2] if 'default' == self.guid: self.guid = 'Local Policy' self._machine_path = find_dir(self.path, 'Machine') self._user_path = find_dir(self.path, 'User') self.settings_list = [ 'shortcuts' , 'drives' , 'environmentvariables' , 'printers' , 'folders' , 'files' , 'inifiles' , 'services' , 'scheduledtasks' ] self.settings = dict() self.settings['machine'] = dict() self.settings['user'] = dict() self.settings['machine']['regpol'] = find_file(self._machine_path, 'registry.pol') self.settings['user']['regpol'] = find_file(self._user_path, 'registry.pol') for setting in self.settings_list: machine_preffile = find_preffile(self._machine_path, setting) user_preffile = find_preffile(self._user_path, setting) mlogdata = dict({'setting': setting, 'prefpath': machine_preffile}) log('D24', mlogdata) self.settings['machine'][setting] = machine_preffile ulogdata = dict({'setting': setting, 'prefpath': user_preffile}) log('D23', ulogdata) self.settings['user'][setting] = user_preffile
def retrieve_and_store(self): ''' Retrieve settings and strore it in a database ''' # Get policies for machine at first. machine_gpts = list() try: machine_gpts = self._get_gpts(get_machine_name(), self.storage.get_info('machine_sid')) except Exception as exc: log('F2') raise exc self.storage.wipe_hklm() self.storage.wipe_user(self.storage.get_info('machine_sid')) for gptobj in machine_gpts: try: gptobj.merge() except Exception as exc: logdata = dict() logdata['msg'] = str(exc) log('E26', logdata) # Load user GPT values in case user's name specified # This is a buggy implementation and should be tested more if not self._is_machine_username: user_gpts = list() try: user_gpts = self._get_gpts(self.username, self.sid) except Exception as exc: log('F3') raise exc self.storage.wipe_user(self.sid) for gptobj in user_gpts: try: gptobj.merge() except Exception as exc: logdata = dict() logdata['msg'] = str(exc) log('E27', logdata)
def machine_apply(self): ''' Run global appliers with administrator privileges. ''' if not is_root(): log('E13') return log('D16') for applier_name, applier_object in self.machine_appliers.items(): try: applier_object.apply() except Exception as exc: logdata = dict() logdata['applier_name'] = applier_name logdata['msg'] = str(exc) log('E24', logdata)
def merge(self): ''' Merge machine and user (if sid provided) settings to storage. ''' if self.sid == self.storage.get_info('machine_sid'): try: # Merge machine settings to registry if possible for preference_name, preference_path in self.settings['machine'].items(): if preference_path: preference_type = get_preftype(preference_path) logdata = dict({'pref': preference_type.value, 'sid': self.sid}) log('D28', logdata) preference_parser = get_parser(preference_type) preference_merger = get_merger(preference_type) preference_objects = preference_parser(preference_path) preference_merger(self.storage, self.sid, preference_objects, self.name) if self.settings['user']['regpol']: mulogdata = dict({'polfile': self.settings['machine']['regpol']}) log('D35', mulogdata) util.preg.merge_polfile(self.settings['user']['regpol'], sid=self.sid, policy_name=self.name) if self.settings['machine']['regpol']: mlogdata = dict({'polfile': self.settings['machine']['regpol']}) log('D34', mlogdata) util.preg.merge_polfile(self.settings['machine']['regpol'], policy_name=self.name) except Exception as exc: logdata = dict() logdata['gpt'] = self.name logdata['msg'] = str(exc) log('E28', logdata) else: # Merge user settings if UserPolicyMode set accordingly # and user settings (for HKCU) are exist. policy_mode = upm2str(self.get_policy_mode()) if 'Merge' == policy_mode or 'Not configured' == policy_mode: try: for preference_name, preference_path in self.settings['user'].items(): if preference_path: preference_type = get_preftype(preference_path) logdata = dict({'pref': preference_type.value, 'sid': self.sid}) log('D29', logdata) preference_parser = get_parser(preference_type) preference_merger = get_merger(preference_type) preference_objects = preference_parser(preference_path) preference_merger(self.storage, self.sid, preference_objects, self.name) except Exception as exc: logdata = dict() logdata['gpt'] = self.name logdata['msg'] = str(exc) log('E29', logdata)