diff options
Diffstat (limited to 'source4/scripting/bin/samba-gpupdate')
| -rwxr-xr-x | source4/scripting/bin/samba-gpupdate | 140 |
1 files changed, 140 insertions, 0 deletions
diff --git a/source4/scripting/bin/samba-gpupdate b/source4/scripting/bin/samba-gpupdate new file mode 100755 index 0000000..0f1c9a1 --- /dev/null +++ b/source4/scripting/bin/samba-gpupdate @@ -0,0 +1,140 @@ +#!/usr/bin/env python3 +# Copyright Luke Morrison <luc785@.hotmail.com> July 2013 +# Co-Edited by Matthieu Pattou July 2013 from original August 2013 +# Edited by Garming Sam Feb. 2014 +# Edited by Luke Morrison April 2014 +# Edited by David Mulder May 2017 + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +'''This script reads a log file of previous GPO, gets all GPO from sysvol +and sorts them by container. Then, it applies the ones that haven't been +applied, have changed, or is in the right container''' + +import os +import sys + +sys.path.insert(0, "bin/python") + +import optparse +from samba import getopt as options +from samba.gp.gpclass import apply_gp, unapply_gp, GPOStorage, rsop +from samba.gp.gp_sec_ext import gp_krb_ext, gp_access_ext +from samba.gp.gp_ext_loader import get_gp_client_side_extensions +from samba.gp.gp_scripts_ext import gp_scripts_ext, gp_user_scripts_ext +from samba.gp.gp_sudoers_ext import gp_sudoers_ext +from samba.gp.vgp_sudoers_ext import vgp_sudoers_ext +from samba.gp.gp_smb_conf_ext import gp_smb_conf_ext +from samba.gp.gp_msgs_ext import gp_msgs_ext +from samba.gp.vgp_symlink_ext import vgp_symlink_ext +from samba.gp.vgp_files_ext import vgp_files_ext +from samba.gp.vgp_openssh_ext import vgp_openssh_ext +from samba.gp.vgp_motd_ext import vgp_motd_ext +from samba.gp.vgp_issue_ext import vgp_issue_ext +from samba.gp.vgp_startup_scripts_ext import vgp_startup_scripts_ext +from samba.gp.vgp_access_ext import vgp_access_ext +from samba.gp.gp_gnome_settings_ext import gp_gnome_settings_ext +from samba.gp.gp_cert_auto_enroll_ext import gp_cert_auto_enroll_ext +from samba.gp.gp_firefox_ext import gp_firefox_ext +from samba.gp.gp_chromium_ext import gp_chromium_ext, gp_chrome_ext +from samba.gp.gp_firewalld_ext import gp_firewalld_ext +from samba.gp.gp_centrify_sudoers_ext import gp_centrify_sudoers_ext +from samba.gp.gp_centrify_crontab_ext import gp_centrify_crontab_ext, \ + gp_user_centrify_crontab_ext +from samba.gp.gp_drive_maps_ext import gp_drive_maps_user_ext +from samba.credentials import Credentials +from samba.gp.util.logging import logger_init + +if __name__ == "__main__": + parser = optparse.OptionParser('samba-gpupdate [options]') + sambaopts = options.Samba3Options(parser) + + # Get the command line options + parser.add_option_group(sambaopts) + parser.add_option_group(options.VersionOptions(parser)) + credopts = options.CredentialsOptions(parser) + parser.add_option('-X', '--unapply', help='Unapply Group Policy', + action='store_true') + parser.add_option('--target', default='Computer', help='{Computer | User}', + choices=['Computer', 'User']) + parser.add_option('--force', help='Reapplies all policy settings', + action='store_true') + parser.add_option('--rsop', help='Print the Resultant Set of Policy', + action='store_true') + parser.add_option_group(credopts) + + # Set the options and the arguments + (opts, args) = parser.parse_args() + + # Set the loadparm context + lp = sambaopts.get_loadparm() + + creds = credopts.get_credentials(lp, fallback_machine=True) + # Apply policy to the command line specified user + if opts.target == 'Computer': + username = creds.get_username() + elif opts.target == 'User': + username = '%s\\%s' % (creds.get_domain(), creds.get_username()) + # Always supply the machine creds for fetching the gpo list + creds = Credentials() + creds.guess(lp) + creds.set_machine_account(lp) + + # Set up logging + logger_init('samba-gpupdate', lp.log_level()) + + cache_dir = lp.get('cache directory') + store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb')) + + machine_exts, user_exts = get_gp_client_side_extensions(lp.configfile) + gp_extensions = [] + if opts.target == 'Computer': + gp_extensions.append(gp_access_ext) + gp_extensions.append(gp_krb_ext) + gp_extensions.append(gp_scripts_ext) + gp_extensions.append(gp_sudoers_ext) + gp_extensions.append(vgp_sudoers_ext) + gp_extensions.append(gp_centrify_sudoers_ext) + gp_extensions.append(gp_centrify_crontab_ext) + gp_extensions.append(gp_smb_conf_ext) + gp_extensions.append(gp_msgs_ext) + gp_extensions.append(vgp_symlink_ext) + gp_extensions.append(vgp_files_ext) + gp_extensions.append(vgp_openssh_ext) + gp_extensions.append(vgp_motd_ext) + gp_extensions.append(vgp_issue_ext) + gp_extensions.append(vgp_startup_scripts_ext) + gp_extensions.append(vgp_access_ext) + gp_extensions.append(gp_gnome_settings_ext) + gp_extensions.append(gp_cert_auto_enroll_ext) + gp_extensions.append(gp_firefox_ext) + gp_extensions.append(gp_chromium_ext) + gp_extensions.append(gp_chrome_ext) + gp_extensions.append(gp_firewalld_ext) + gp_extensions.extend(machine_exts) + elif opts.target == 'User': + gp_extensions.append(gp_user_scripts_ext) + gp_extensions.append(gp_user_centrify_crontab_ext) + gp_extensions.append(gp_drive_maps_user_ext) + gp_extensions.extend(user_exts) + + if opts.rsop: + rsop(lp, creds, store, gp_extensions, username, opts.target) + elif not opts.unapply: + apply_gp(lp, creds, store, gp_extensions, username, + opts.target, opts.force) + else: + unapply_gp(lp, creds, store, gp_extensions, username, + opts.target) + |