diff options
author | David Mulder <dmulder@samba.org> | 2022-11-29 14:01:13 -0700 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2022-12-21 02:04:36 +0000 |
commit | f3e24a325ea6d2d574f42f0e7f9f1e1fb040366c (patch) | |
tree | 8d1fbb4efe3f51f78a53e5449efe1a5e6001782a | |
parent | 64f4930dc0d46c21fefd8a798534b58670036faa (diff) | |
download | samba-f3e24a325ea6d2d574f42f0e7f9f1e1fb040366c.tar.gz |
gp: Modify Machine Scripts CSE to use new files applier
Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
-rw-r--r-- | python/samba/gp/gp_scripts_ext.py | 54 | ||||
-rw-r--r-- | python/samba/tests/gpo.py | 1 |
2 files changed, 33 insertions, 22 deletions
diff --git a/python/samba/gp/gp_scripts_ext.py b/python/samba/gp/gp_scripts_ext.py index bbf609cf5d5..bee795cb9b8 100644 --- a/python/samba/gp/gp_scripts_ext.py +++ b/python/samba/gp/gp_scripts_ext.py @@ -16,8 +16,7 @@ import os, re from subprocess import Popen, PIPE -from samba.gp.gpclass import gp_pol_ext, drop_privileges -from base64 import b64encode +from samba.gp.gpclass import gp_pol_ext, drop_privileges, gp_file_applier from hashlib import blake2b from tempfile import NamedTemporaryFile from samba.gp.util.logging import log @@ -36,19 +35,15 @@ end = ''' ### autogenerated by samba ### ''' -class gp_scripts_ext(gp_pol_ext): +class gp_scripts_ext(gp_pol_ext, gp_file_applier): def __str__(self): return 'Unix Settings/Scripts' def process_group_policy(self, deleted_gpo_list, changed_gpo_list, cdir=None): for guid, settings in deleted_gpo_list: - self.gp_db.set_guid(guid) if str(self) in settings: for attribute, script in settings[str(self)].items(): - if os.path.exists(script): - os.unlink(script) - self.gp_db.delete(str(self), attribute) - self.gp_db.commit() + self.unapply(guid, attribute, script) for gpo in changed_gpo_list: if gpo.file_sys_path: @@ -57,27 +52,42 @@ class gp_scripts_ext(gp_pol_ext): '%s\\Monthly Scripts' % reg_key : '/etc/cron.monthly', '%s\\Weekly Scripts' % reg_key : '/etc/cron.weekly', '%s\\Hourly Scripts' % reg_key : '/etc/cron.hourly' } - self.gp_db.set_guid(gpo.name) pol_file = 'MACHINE/Registry.pol' path = os.path.join(gpo.file_sys_path, pol_file) pol_conf = self.parse(path) if not pol_conf: continue + policies = {} for e in pol_conf.entries: if e.keyname in sections.keys() and e.data.strip(): - cron_dir = sections[e.keyname] if not cdir else cdir - attribute = '%s:%s' % (e.keyname, - b64encode(e.data.encode()).decode()) - old_val = self.gp_db.retrieve(str(self), attribute) - if not old_val: - with NamedTemporaryFile(prefix='gp_', mode="w+", - delete=False, dir=cron_dir) as f: - contents = '#!/bin/sh\n%s' % intro - contents += '%s\n' % e.data - f.write(contents) - os.chmod(f.name, 0o700) - self.gp_db.store(str(self), attribute, f.name) - self.gp_db.commit() + if e.keyname not in policies: + policies[e.keyname] = [] + policies[e.keyname].append(e.data) + def applier_func(keyname, entries): + ret = [] + cron_dir = sections[keyname] if not cdir else cdir + for data in entries: + with NamedTemporaryFile(prefix='gp_', mode="w+", + delete=False, dir=cron_dir) as f: + contents = '#!/bin/sh\n%s' % intro + contents += '%s\n' % data + f.write(contents) + os.chmod(f.name, 0o700) + ret.append(f.name) + return ret + for keyname, entries in policies.items(): + # Each GPO applies only one set of each type of script, so + # so the attribute matches the keyname. + attribute = keyname + # The value hash is generated from the script entries, + # ensuring any changes to this GPO will cause the scripts + # to be rewritten. + value_hash = self.generate_value_hash(*entries) + self.apply(gpo.name, attribute, value_hash, applier_func, + keyname, entries) + + # Cleanup any old scripts that are no longer part of the policy + self.clean(gpo.name, keep=policies.keys()) def rsop(self, gpo, target='MACHINE'): output = {} diff --git a/python/samba/tests/gpo.py b/python/samba/tests/gpo.py index 9873f13c1e3..f6a8f409130 100644 --- a/python/samba/tests/gpo.py +++ b/python/samba/tests/gpo.py @@ -7781,6 +7781,7 @@ class GPOTests(tests.TestCase): gp_db = store.get_gplog(machine_creds.get_username()) applied_settings = gp_db.get_applied_settings([guid]) for _, fname in applied_settings[-1][-1][str(ext)].items(): + fname = fname.split(':')[-1] self.assertIn(dname, fname, 'Test file not created in tmp dir') self.assertTrue(os.path.exists(fname), |