import os
import tdb
sys.path.insert(0, "bin/python")
-import samba.gpo as gpo
-import optparse
-import ldb
-from samba.auth import system_session
-import samba.getopt as options
-from samba.samdb import SamDB
-from samba.netcmd import gpo as gpo_user
-import codecs
from samba import NTSTATUSError
from ConfigParser import ConfigParser
from StringIO import StringIO
from abc import ABCMeta, abstractmethod
import xml.etree.ElementTree as etree
+import re
try:
from enum import Enum
if attr is None:
attr = etree.SubElement(ext, 'attribute')
attr.attrib['name'] = attribute
- attr.text = old_val
+ attr.text = old_val
def retrieve(self, gp_ext_name, attribute):
''' Retrieve a stored attribute from the gp_log
exts = guid_obj.findall('gp_ext')
if exts is not None:
for ext in exts:
- ext_map = {val[0]: val[1] for (key, val) in \
- data_maps[ext.attrib['name']].items()}
attrs = ext.findall('attribute')
for attr in attrs:
- ret.append((attr.attrib['name'], attr.text,
- ext_map[attr.attrib['name']]))
+ func = None
+ if attr.attrib['name'] in data_maps[ext.attrib['name']]:
+ func = data_maps[ext.attrib['name']]\
+ [attr.attrib['name']][-1]
+ else:
+ for dmap in data_maps[ext.attrib['name']].keys():
+ if data_maps[ext.attrib['name']][dmap][0] == \
+ attr.attrib['name']:
+ func = data_maps[ext.attrib['name']][dmap][-1]
+ break
+ ret.append((attr.attrib['name'], attr.text, func))
return ret
def delete(self, gp_ext_name, attribute):
class gp_ext(object):
__metaclass__ = ABCMeta
+ def __init__(self, logger):
+ self.logger = logger
+
@abstractmethod
def list(self, rootpath):
pass
pass
@abstractmethod
- def parse(self, afile, ldb, conn, gp_db, lp):
+ def read(self, policy):
pass
+ def parse(self, afile, ldb, conn, gp_db, lp):
+ self.ldb = ldb
+ self.gp_db = gp_db
+ self.lp = lp
+
+ # Fixing the bug where only some Linux Boxes capitalize MACHINE
+ try:
+ blist = afile.split('/')
+ idx = afile.lower().split('/').index('machine')
+ for case in [
+ blist[idx].upper(),
+ blist[idx].capitalize(),
+ blist[idx].lower()
+ ]:
+ bfile = '/'.join(blist[:idx]) + '/' + case + '/' + \
+ '/'.join(blist[idx+1:])
+ try:
+ return self.read(conn.loadfile(bfile.replace('/', '\\')))
+ except NTSTATUSError:
+ continue
+ except ValueError:
+ try:
+ return self.read(conn.loadfile(afile.replace('/', '\\')))
+ except Exception as e:
+ self.logger.error(str(e))
+ return None
+
@abstractmethod
def __str__(self):
pass
-class inf_to():
+class gp_ext_setter():
__metaclass__ = ABCMeta
def __init__(self, logger, ldb, gp_db, lp, attribute, val):
def __str__(self):
pass
-class inf_to_kdc_tdb(inf_to):
+class inf_to_kdc_tdb(gp_ext_setter):
def mins_to_hours(self):
return '%d' % (int(self.val)/60)
def __str__(self):
return 'Kerberos Policy'
-class inf_to_ldb(inf_to):
+class inf_to_ldb(gp_ext_setter):
'''This class takes the .inf file parameter (essentially a GPO file mapped
to a GUID), hashmaps it to the Samba parameter, which then uses an ldb
object to update the parameter to Samba4. Not registry oriented whatsoever.
return 'System Access'
-class gp_sec_ext(gp_ext):
+class gp_inf_ext(gp_ext):
+ @abstractmethod
+ def list(self, rootpath):
+ pass
+
+ @abstractmethod
+ def apply_map(self):
+ pass
+
+ def read(self, policy):
+ ret = False
+ inftable = self.apply_map()
+
+ current_section = None
+
+ # So here we would declare a boolean,
+ # that would get changed to TRUE.
+ #
+ # If at any point in time a GPO was applied,
+ # then we return that boolean at the end.
+
+ inf_conf = ConfigParser()
+ inf_conf.optionxform=str
+ try:
+ inf_conf.readfp(StringIO(policy))
+ except:
+ inf_conf.readfp(StringIO(policy.decode('utf-16')))
+
+ for section in inf_conf.sections():
+ current_section = inftable.get(section)
+ if not current_section:
+ continue
+ for key, value in inf_conf.items(section):
+ if current_section.get(key):
+ (att, setter) = current_section.get(key)
+ value = value.encode('ascii', 'ignore')
+ ret = True
+ setter(self.logger, self.ldb, self.gp_db, self.lp, att,
+ value).update_samba()
+ self.gp_db.commit()
+ return ret
+
+ @abstractmethod
+ def __str__(self):
+ pass
+
+class gp_sec_ext(gp_inf_ext):
'''This class does the following two things:
1) Identifies the GPO if it has a certain kind of filepath,
2) Finally parses it.
count = 0
- def __init__(self, logger):
- self.logger = logger
-
def __str__(self):
return "Security GPO extension"
}
}
- def read_inf(self, path, conn):
- ret = False
- inftable = self.apply_map()
-
- policy = conn.loadfile(path.replace('/', '\\'))
- current_section = None
-
- # So here we would declare a boolean,
- # that would get changed to TRUE.
- #
- # If at any point in time a GPO was applied,
- # then we return that boolean at the end.
-
- inf_conf = ConfigParser()
- inf_conf.optionxform=str
- try:
- inf_conf.readfp(StringIO(policy))
- except:
- inf_conf.readfp(StringIO(policy.decode('utf-16')))
-
- for section in inf_conf.sections():
- current_section = inftable.get(section)
- if not current_section:
- continue
- for key, value in inf_conf.items(section):
- if current_section.get(key):
- (att, setter) = current_section.get(key)
- value = value.encode('ascii', 'ignore')
- ret = True
- setter(self.logger, self.ldb, self.gp_db, self.lp, att,
- value).update_samba()
- self.gp_db.commit()
- return ret
-
- def parse(self, afile, ldb, conn, gp_db, lp):
- self.ldb = ldb
- self.gp_db = gp_db
- self.lp = lp
-
- # Fixing the bug where only some Linux Boxes capitalize MACHINE
- if afile.endswith('inf'):
- try:
- blist = afile.split('/')
- idx = afile.lower().split('/').index('machine')
- for case in [blist[idx].upper(), blist[idx].capitalize(),
- blist[idx].lower()]:
- bfile = '/'.join(blist[:idx]) + '/' + case + '/' + \
- '/'.join(blist[idx+1:])
- try:
- return self.read_inf(bfile, conn)
- except NTSTATUSError:
- continue
- except ValueError:
- try:
- return self.read_inf(afile, conn)
- except:
- return None
-