def run(self, gpo, source, target, user, group, mode, H=None,
sambaopts=None, credopts=None, versionopts=None):
- pass
+ self.lp = sambaopts.get_loadparm()
+ self.creds = credopts.get_credentials(self.lp, fallback_machine=True)
+
+ if not os.path.exists(source):
+ raise CommandError("Source '%s' does not exist" % source)
+
+ # We need to know writable DC to setup SMB connection
+ if H and H.startswith('ldap://'):
+ dc_hostname = H[7:]
+ self.url = H
+ else:
+ dc_hostname = netcmd_finddc(self.lp, self.creds)
+ self.url = dc_url(self.lp, self.creds, dc=dc_hostname)
+
+ # SMB connect to DC
+ conn = smb_connection(dc_hostname,
+ 'sysvol',
+ lp=self.lp,
+ creds=self.creds)
+
+ realm = self.lp.get('realm')
+ vgp_dir = '\\'.join([realm.lower(), 'Policies', gpo,
+ 'MACHINE\\VGP\\VTLA\\Unix\\Files'])
+ vgp_xml = '\\'.join([vgp_dir, 'manifest.xml'])
+ try:
+ xml_data = ET.ElementTree(ET.fromstring(conn.loadfile(vgp_xml)))
+ policy = xml_data.getroot().find('policysetting')
+ data = policy.find('data')
+ except NTSTATUSError as e:
+ # STATUS_OBJECT_NAME_INVALID, STATUS_OBJECT_NAME_NOT_FOUND,
+ # STATUS_OBJECT_PATH_NOT_FOUND
+ if e.args[0] in [0xC0000033, 0xC0000034, 0xC000003A]:
+ # The file doesn't exist, so create the xml structure
+ xml_data = ET.ElementTree(ET.Element('vgppolicy'))
+ policysetting = ET.SubElement(xml_data.getroot(),
+ 'policysetting')
+ pv = ET.SubElement(policysetting, 'version')
+ pv.text = '1'
+ name = ET.SubElement(policysetting, 'name')
+ name.text = 'Files'
+ description = ET.SubElement(policysetting, 'description')
+ description.text = 'Represents file data to set/copy on clients'
+ data = ET.SubElement(policysetting, 'data')
+ elif e.args[0] == 0xC0000022: # STATUS_ACCESS_DENIED
+ raise CommandError("The authenticated user does "
+ "not have sufficient privileges")
+ else:
+ raise
+
+ file_properties = ET.SubElement(data, 'file_properties')
+ source_elm = ET.SubElement(file_properties, 'source')
+ source_elm.text = os.path.basename(source)
+ target_elm = ET.SubElement(file_properties, 'target')
+ target_elm.text = target
+ user_elm = ET.SubElement(file_properties, 'user')
+ user_elm.text = user
+ group_elm = ET.SubElement(file_properties, 'group')
+ group_elm.text = group
+ for ptype, shift in [('user', 6), ('group', 3), ('other', 0)]:
+ permissions = ET.SubElement(file_properties, 'permissions')
+ permissions.set('type', ptype)
+ if int(mode, 8) & (0o4 << shift):
+ ET.SubElement(permissions, 'read')
+ if int(mode, 8) & (0o2 << shift):
+ ET.SubElement(permissions, 'write')
+ if int(mode, 8) & (0o1 << shift):
+ ET.SubElement(permissions, 'execute')
+
+ out = BytesIO()
+ xml_data.write(out, encoding='UTF-8', xml_declaration=True)
+ out.seek(0)
+ source_data = open(source, 'rb').read()
+ sysvol_source = '\\'.join([vgp_dir, os.path.basename(source)])
+ try:
+ create_directory_hier(conn, vgp_dir)
+ conn.savefile(vgp_xml, out.read())
+ conn.savefile(sysvol_source, source_data)
+ except NTSTATUSError as e:
+ if e.args[0] == 0xC0000022: # STATUS_ACCESS_DENIED
+ raise CommandError("The authenticated user does "
+ "not have sufficient privileges")
+ raise
class cmd_files(SuperCommand):
"""Manage Files Group Policy Objects"""