import os, re
from subprocess import Popen, PIPE
-from samba.gp.gpclass import gp_pol_ext, drop_privileges
+from samba.gp.gpclass import gp_pol_ext, drop_privileges, gp_file_applier
from hashlib import blake2b
from tempfile import NamedTemporaryFile
### autogenerated by samba ###
'''
-class gp_centrify_crontab_ext(gp_pol_ext):
+class gp_centrify_crontab_ext(gp_pol_ext, gp_file_applier):
def __str__(self):
return 'Centrify/CrontabEntries'
def process_group_policy(self, deleted_gpo_list, changed_gpo_list,
cdir=None):
for guid, settings in deleted_gpo_list:
- self.gp_db.set_guid(guid)
if str(self) in settings:
for attribute, script in settings[str(self)].items():
- if os.path.exists(script):
- os.unlink(script)
- self.gp_db.delete(str(self), attribute)
- self.gp_db.commit()
+ self.unapply(guid, attribute, script)
for gpo in changed_gpo_list:
if gpo.file_sys_path:
section = \
'Software\\Policies\\Centrify\\UnixSettings\\CrontabEntries'
- self.gp_db.set_guid(gpo.name)
pol_file = 'MACHINE/Registry.pol'
path = os.path.join(gpo.file_sys_path, pol_file)
pol_conf = self.parse(path)
if not pol_conf:
continue
+ entries = []
for e in pol_conf.entries:
if e.keyname == section and e.data.strip():
cron_dir = '/etc/cron.d' if not cdir else cdir
- attribute = blake2b(e.data.encode()).hexdigest()
- old_val = self.gp_db.retrieve(str(self), attribute)
- if not old_val:
- with NamedTemporaryFile(prefix='gp_', mode="w+",
- delete=False, dir=cron_dir) as f:
- contents = '%s\n%s\n%s' % (intro, e.data, end)
- f.write(contents)
- self.gp_db.store(str(self), attribute, f.name)
- self.gp_db.commit()
+ entries.append(e.data)
+ def applier_func(entries):
+ with NamedTemporaryFile(prefix='gp_', mode="w+",
+ delete=False, dir=cron_dir) as f:
+ contents = intro
+ for entry in entries:
+ contents += '%s\n' % entry
+ contents += end
+ f.write(contents)
+ return [f.name]
+ attribute = self.generate_attribute(gpo.name)
+ value_hash = self.generate_value_hash(*entries)
+ self.apply(gpo.name, attribute, value_hash, applier_func,
+ entries)
+
+ # Remove scripts for this GPO which are no longer applied
+ self.clean(gpo.name, keep=attribute)
def rsop(self, gpo, target='MACHINE'):
output = {}