ret.append((attr.attrib['name'], attr.text, func))
return ret
+ def get_applied_guids(self):
+ ''' Return a list of applied ext guids
+ return - List of guids for gpos that have applied settings
+ to the system.
+ '''
+ guids = []
+ user_obj = self.gpdb.find('user[@name="%s"]' % self.user)
+ if user_obj is not None:
+ apply_log = user_obj.find('applylog')
+ if apply_log is not None:
+ guid_objs = apply_log.findall('guid[@count]')
+ guids_by_count = [(g.get('count'), g.get('value'))
+ for g in guid_objs]
+ guids_by_count.sort(reverse=True)
+ guids.extend(guid for count, guid in guids_by_count)
+ return guids
+
+ def get_applied_settings(self, guids):
+ ''' Return a list of applied ext guids
+ return - List of tuples containing the guid of a gpo, then
+ a dictionary of policies and their values prior
+ policy application. These are sorted so that the
+ most recently applied settings are removed first.
+ '''
+ ret = []
+ user_obj = self.gpdb.find('user[@name="%s"]' % self.user)
+ for guid in guids:
+ guid_settings = user_obj.find('guid[@value="%s"]' % guid)
+ exts = guid_settings.findall('gp_ext')
+ settings = {}
+ for ext in exts:
+ attr_dict = {}
+ attrs = ext.findall('attribute')
+ for attr in attrs:
+ attr_dict[attr.attrib['name']] = attr.text
+ settings[ext.attrib['name']] = attr_dict
+ ret.append((guid, settings))
+ return ret
+
def delete(self, gp_ext_name, attribute):
''' Remove an attribute from the gp_log
param gp_ext_name - name of extension from which to remove the
class gp_ext(object):
__metaclass__ = ABCMeta
- def __init__(self, logger):
+ def __init__(self, logger, lp, creds, store):
self.logger = logger
+ self.lp = lp
+ self.creds = creds
+ self.gp_db = store.get_gplog(creds.get_username())
@abstractmethod
- def list(self, rootpath):
- pass
-
- @abstractmethod
- def apply_map(self):
+ def process_group_policy(self, deleted_gpo_list, changed_gpo_list):
pass
@abstractmethod
def read(self, policy):
pass
- def parse(self, afile, ldb, gp_db, lp):
- self.ldb = ldb
- self.gp_db = gp_db
- self.lp = lp
-
+ def parse(self, afile):
local_path = self.lp.cache_path('gpo_cache')
data_file = os.path.join(local_path, check_safe_path(afile).upper())
if os.path.exists(data_file):
pass
-class gp_ext_setter():
+class gp_ext_setter(object):
__metaclass__ = ABCMeta
- def __init__(self, logger, ldb, gp_db, lp, attribute, val):
+ def __init__(self, logger, gp_db, lp, creds, attribute, val):
self.logger = logger
- self.ldb = ldb
self.attribute = attribute
self.val = val
self.lp = lp
+ self.creds = creds
self.gp_db = gp_db
def explicit(self):
class gp_inf_ext(gp_ext):
def read(self, policy):
- ret = False
- inftable = self.apply_map()
-
- current_section = None
-
- # So here we would declare a boolean,
- # that would get changed to TRUE.
- #
- # If at any point in time a GPO was applied,
- # then we return that boolean at the end.
-
inf_conf = ConfigParser()
inf_conf.optionxform = str
try:
inf_conf.readfp(StringIO(policy))
except:
inf_conf.readfp(StringIO(policy.decode('utf-16')))
-
- for section in inf_conf.sections():
- current_section = inftable.get(section)
- if not current_section:
- continue
- for key, value in inf_conf.items(section):
- if current_section.get(key):
- (att, setter) = current_section.get(key)
- value = value.encode('ascii', 'ignore')
- ret = True
- setter(self.logger, self.ldb, self.gp_db, self.lp, att,
- value).update_samba()
- self.gp_db.commit()
- return ret
+ return inf_conf
''' Fetch the hostname of a writable DC '''
return int(gpo.gpo_get_sysvol_gpt_version(gpt_path)[1])
-def apply_gp(lp, creds, test_ldb, logger, store, gp_extensions):
+def apply_gp(lp, creds, logger, store, gp_extensions):
gp_db = store.get_gplog(creds.get_username())
dc_hostname = get_dc_hostname(creds, lp)
gpos = get_gpo_list(dc_hostname, creds, lp)
% dc_hostname)
return
+ changed_gpos = []
for gpo_obj in gpos:
- guid = gpo_obj.name
- if guid == 'Local Policy':
+ if not gpo_obj.file_sys_path:
continue
- path = os.path.join(lp.get('realm'), 'Policies', guid).upper()
+ guid = gpo_obj.name
+ path = check_safe_path(gpo_obj.file_sys_path).upper()
version = gpo_version(lp, path)
if version != store.get_int(guid):
logger.info('GPO %s has changed' % guid)
- gp_db.state(GPOSTATE.APPLY)
- else:
- gp_db.state(GPOSTATE.ENFORCE)
- gp_db.set_guid(guid)
- store.start()
- for ext in gp_extensions:
- try:
- ext.parse(ext.list(path), test_ldb, gp_db, lp)
- except Exception as e:
- logger.error('Failed to parse gpo %s for extension %s' %
- (guid, str(ext)))
- logger.error('Message was: ' + str(e))
- store.cancel()
- continue
+ changed_gpos.append(gpo_obj)
+
+ store.start()
+ for ext in gp_extensions:
+ try:
+ ext.process_group_policy([], changed_gpos)
+ except Exception as e:
+ logger.error('Failed to apply extension %s' % str(ext))
+ logger.error('Message was: ' + str(e))
+ continue
+ for gpo_obj in gpos:
+ if not gpo_obj.file_sys_path:
+ continue
+ guid = gpo_obj.name
+ path = check_safe_path(gpo_obj.file_sys_path).upper()
+ version = gpo_version(lp, path)
store.store(guid, '%i' % version)
- store.commit()
+ store.commit()
def unapply_log(gp_db):
break
-def unapply_gp(lp, creds, test_ldb, logger, store, gp_extensions):
+def unapply_gp(lp, creds, logger, store, gp_extensions):
gp_db = store.get_gplog(creds.get_username())
gp_db.state(GPOSTATE.UNAPPLY)
for gpo_guid in unapply_log(gp_db):
gp_db.set_guid(gpo_guid)
unapply_attributes = gp_db.list(gp_extensions)
for attr in unapply_attributes:
- attr_obj = attr[-1](logger, test_ldb, gp_db, lp, attr[0], attr[1])
+ attr_obj = attr[-1](logger, gp_db, lp, attr[0], attr[1])
attr_obj.mapper()[attr[0]][0](attr[1]) # Set the old value
gp_db.delete(str(attr_obj), attr[0])
gp_db.commit()