gp: Modify Machine Scripts CSE to use new files applier

Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

2 files changed, 33 insertions, 22 deletions

diff --git a/python/samba/gp/gp_scripts_ext.py b/python/samba/gp/gp_scripts_ext.py
index bbf609cf5d5..bee795cb9b8 100644
--- a/python/samba/gp/gp_scripts_ext.py
+++ b/python/samba/gp/gp_scripts_ext.py
@@ -16,8 +16,7 @@
 
 import os, re
 from subprocess import Popen, PIPE
-from samba.gp.gpclass import gp_pol_ext, drop_privileges
-from base64 import b64encode
+from samba.gp.gpclass import gp_pol_ext, drop_privileges, gp_file_applier
 from hashlib import blake2b
 from tempfile import NamedTemporaryFile
 from samba.gp.util.logging import log
@@ -36,19 +35,15 @@ end = '''
 ### autogenerated by samba ###
 '''
 
-class gp_scripts_ext(gp_pol_ext):
+class gp_scripts_ext(gp_pol_ext, gp_file_applier):
     def __str__(self):
         return 'Unix Settings/Scripts'
 
     def process_group_policy(self, deleted_gpo_list, changed_gpo_list, cdir=None):
         for guid, settings in deleted_gpo_list:
-            self.gp_db.set_guid(guid)
             if str(self) in settings:
                 for attribute, script in settings[str(self)].items():
-                    if os.path.exists(script):
-                        os.unlink(script)
-                    self.gp_db.delete(str(self), attribute)
-            self.gp_db.commit()
+                    self.unapply(guid, attribute, script)
 
         for gpo in changed_gpo_list:
             if gpo.file_sys_path:
@@ -57,27 +52,42 @@ class gp_scripts_ext(gp_pol_ext):
                              '%s\\Monthly Scripts' % reg_key : '/etc/cron.monthly',
                              '%s\\Weekly Scripts' % reg_key : '/etc/cron.weekly',
                              '%s\\Hourly Scripts' % reg_key : '/etc/cron.hourly' }
-                self.gp_db.set_guid(gpo.name)
                 pol_file = 'MACHINE/Registry.pol'
                 path = os.path.join(gpo.file_sys_path, pol_file)
                 pol_conf = self.parse(path)
                 if not pol_conf:
                     continue
+                policies = {}
                 for e in pol_conf.entries:
                     if e.keyname in sections.keys() and e.data.strip():
-                        cron_dir = sections[e.keyname] if not cdir else cdir
-                        attribute = '%s:%s' % (e.keyname,
-                                b64encode(e.data.encode()).decode())
-                        old_val = self.gp_db.retrieve(str(self), attribute)
-                        if not old_val:
-                            with NamedTemporaryFile(prefix='gp_', mode="w+",
-                                    delete=False, dir=cron_dir) as f:
-                                contents = '#!/bin/sh\n%s' % intro
-                                contents += '%s\n' % e.data
-                                f.write(contents)
-                                os.chmod(f.name, 0o700)
-                                self.gp_db.store(str(self), attribute, f.name)
-                        self.gp_db.commit()
+                        if e.keyname not in policies:
+                            policies[e.keyname] = []
+                        policies[e.keyname].append(e.data)
+                def applier_func(keyname, entries):
+                    ret = []
+                    cron_dir = sections[keyname] if not cdir else cdir
+                    for data in entries:
+                        with NamedTemporaryFile(prefix='gp_', mode="w+",
+                                                delete=False, dir=cron_dir) as f:
+                            contents = '#!/bin/sh\n%s' % intro
+                            contents += '%s\n' % data
+                            f.write(contents)
+                            os.chmod(f.name, 0o700)
+                            ret.append(f.name)
+                    return ret
+                for keyname, entries in policies.items():
+                    # Each GPO applies only one set of each type of script, so
+                    # so the attribute matches the keyname.
+                    attribute = keyname
+                    # The value hash is generated from the script entries,
+                    # ensuring any changes to this GPO will cause the scripts
+                    # to be rewritten.
+                    value_hash = self.generate_value_hash(*entries)
+                    self.apply(gpo.name, attribute, value_hash, applier_func,
+                               keyname, entries)
+
+                # Cleanup any old scripts that are no longer part of the policy
+                self.clean(gpo.name, keep=policies.keys())
 
     def rsop(self, gpo, target='MACHINE'):
         output = {}
diff --git a/python/samba/tests/gpo.py b/python/samba/tests/gpo.py
index 9873f13c1e3..f6a8f409130 100644
--- a/python/samba/tests/gpo.py
+++ b/python/samba/tests/gpo.py
@@ -7781,6 +7781,7 @@ class GPOTests(tests.TestCase):
                     gp_db = store.get_gplog(machine_creds.get_username())
                     applied_settings = gp_db.get_applied_settings([guid])
                     for _, fname in applied_settings[-1][-1][str(ext)].items():
+                        fname = fname.split(':')[-1]
                         self.assertIn(dname, fname,
                                       'Test file not created in tmp dir')
                         self.assertTrue(os.path.exists(fname),