From: David Mulder Date: Wed, 25 Aug 2021 19:04:47 +0000 (-0600) Subject: gpo: Test Group Policy Firefox Extension X-Git-Tag: ldb-2.5.0~821 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c5bbb1777ecd595d8472380302949f45bf50dcf8;p=thirdparty%2Fsamba.git gpo: Test Group Policy Firefox Extension Signed-off-by: David Mulder Reviewed-by: Jeremy Allison --- diff --git a/python/samba/gp_firefox_ext.py b/python/samba/gp_firefox_ext.py new file mode 100644 index 00000000000..ecf6b0004e0 --- /dev/null +++ b/python/samba/gp_firefox_ext.py @@ -0,0 +1,26 @@ +# gp_firefox_ext samba gpo policy +# Copyright (C) David Mulder 2021 +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +from samba.gpclass import gp_pol_ext + +class gp_firefox_ext(gp_pol_ext): + def process_group_policy(self, deleted_gpo_list, changed_gpo_list, + policy_dir=None): + pass + + def rsop(self, gpo): + output = {} + return output diff --git a/python/samba/tests/gpo.py b/python/samba/tests/gpo.py index 6fdf9664f48..4efa50d1a35 100644 --- a/python/samba/tests/gpo.py +++ b/python/samba/tests/gpo.py @@ -42,6 +42,7 @@ from samba.vgp_issue_ext import vgp_issue_ext from samba.vgp_access_ext import vgp_access_ext from samba.gp_gnome_settings_ext import gp_gnome_settings_ext from samba.gp_cert_auto_enroll_ext import gp_cert_auto_enroll_ext +from samba.gp_firefox_ext import gp_firefox_ext import logging from samba.credentials import Credentials from samba.gp_msgs_ext import gp_msgs_ext @@ -58,6 +59,7 @@ from configparser import ConfigParser from samba.gpclass import get_dc_hostname from samba import Ldb from samba.auth import system_session +import json realm = os.environ.get('REALM') policies = realm + '/POLICIES' @@ -227,6 +229,1661 @@ b""" """ +firefox_reg_pol = \ +b""" + + + + Software\\Policies\\Mozilla\\Firefox + ExtensionSettings + { "*": { "blocked_install_message": "Custom error message.", "install_sources": ["about:addons","https://addons.mozilla.org/"], "installation_mode": "blocked", "allowed_types": ["extension"] }, "uBlock0@raymondhill.net": { "installation_mode": "force_installed", "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi" }, "https-everywhere@eff.org": { "installation_mode": "allowed" } } + + + Software\\Policies\\Mozilla\\Firefox + ExtensionUpdate + 1 + + + Software\\Policies\\Mozilla\\Firefox + SearchSuggestEnabled + 1 + + + Software\\Policies\\Mozilla\\Firefox + AppAutoUpdate + 1 + + + Software\\Policies\\Mozilla\\Firefox + AppUpdateURL + https://yoursite.com + + + Software\\Policies\\Mozilla\\Firefox + BlockAboutAddons + 1 + + + Software\\Policies\\Mozilla\\Firefox + BlockAboutConfig + 1 + + + Software\\Policies\\Mozilla\\Firefox + BlockAboutProfiles + 1 + + + Software\\Policies\\Mozilla\\Firefox + BlockAboutSupport + 1 + + + Software\\Policies\\Mozilla\\Firefox + CaptivePortal + 1 + + + Software\\Policies\\Mozilla\\Firefox + DefaultDownloadDirectory + ${home}/Downloads + + + Software\\Policies\\Mozilla\\Firefox + DisableAppUpdate + 1 + + + Software\\Policies\\Mozilla\\Firefox + DisableBuiltinPDFViewer + 1 + + + Software\\Policies\\Mozilla\\Firefox + DisableDefaultBrowserAgent + 1 + + + Software\\Policies\\Mozilla\\Firefox + DisableDeveloperTools + 1 + + + Software\\Policies\\Mozilla\\Firefox + DisableFeedbackCommands + 1 + + + Software\\Policies\\Mozilla\\Firefox + DisableFirefoxAccounts + 1 + + + Software\\Policies\\Mozilla\\Firefox + DisableFirefoxScreenshots + 1 + + + Software\\Policies\\Mozilla\\Firefox + DisableFirefoxStudies + 1 + + + Software\\Policies\\Mozilla\\Firefox + DisableForgetButton + 1 + + + Software\\Policies\\Mozilla\\Firefox + DisableFormHistory + 1 + + + Software\\Policies\\Mozilla\\Firefox + DisableMasterPasswordCreation + 1 + + + Software\\Policies\\Mozilla\\Firefox + DisablePasswordReveal + 1 + + + Software\\Policies\\Mozilla\\Firefox + DisablePocket + 1 + + + Software\\Policies\\Mozilla\\Firefox + DisablePrivateBrowsing + 1 + + + Software\\Policies\\Mozilla\\Firefox + DisableProfileImport + 1 + + + Software\\Policies\\Mozilla\\Firefox + DisableProfileRefresh + 1 + + + Software\\Policies\\Mozilla\\Firefox + DisableSafeMode + 1 + + + Software\\Policies\\Mozilla\\Firefox + DisableSetDesktopBackground + 1 + + + Software\\Policies\\Mozilla\\Firefox + DisableSystemAddonUpdate + 1 + + + Software\\Policies\\Mozilla\\Firefox + DisableTelemetry + 1 + + + Software\\Policies\\Mozilla\\Firefox + DisplayBookmarksToolbar + 1 + + + Software\\Policies\\Mozilla\\Firefox + DisplayMenuBar + default-on + + + Software\\Policies\\Mozilla\\Firefox + DontCheckDefaultBrowser + 1 + + + Software\\Policies\\Mozilla\\Firefox + DownloadDirectory + ${home}/Downloads + + + Software\\Policies\\Mozilla\\Firefox + Handlers + { "mimeTypes": { "application/msword": { "action": "useSystemDefault", "ask": true } }, "schemes": { "mailto": { "action": "useHelperApp", "ask": true, "handlers": [{ "name": "Gmail", "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&url=%s" }] } }, "extensions": { "pdf": { "action": "useHelperApp", "ask": true, "handlers": [{ "name": "Adobe Acrobat", "path": "/usr/bin/acroread" }] } } } + + + Software\\Policies\\Mozilla\\Firefox + HardwareAcceleration + 1 + + + Software\\Policies\\Mozilla\\Firefox + ManagedBookmarks + [ { "toplevel_name": "My managed bookmarks folder" }, { "url": "example.com", "name": "Example" }, { "name": "Mozilla links", "children": [ { "url": "https://mozilla.org", "name": "Mozilla.org" }, { "url": "https://support.mozilla.org/", "name": "SUMO" } ] } ] + + + Software\\Policies\\Mozilla\\Firefox + NetworkPrediction + 1 + + + Software\\Policies\\Mozilla\\Firefox + NewTabPage + 1 + + + Software\\Policies\\Mozilla\\Firefox + NoDefaultBookmarks + 1 + + + Software\\Policies\\Mozilla\\Firefox + OfferToSaveLogins + 1 + + + Software\\Policies\\Mozilla\\Firefox + OfferToSaveLoginsDefault + 1 + + + Software\\Policies\\Mozilla\\Firefox + OverrideFirstRunPage + http://example.org + + + Software\\Policies\\Mozilla\\Firefox + OverridePostUpdatePage + http://example.org + + + Software\\Policies\\Mozilla\\Firefox + PasswordManagerEnabled + 1 + + + Software\\Policies\\Mozilla\\Firefox + Preferences + { "accessibility.force_disabled": { "Value": 1, "Status": "default" }, "browser.cache.disk.parent_directory": { "Value": "SOME_NATIVE_PATH", "Status": "user" }, "browser.tabs.warnOnClose": { "Value": false, "Status": "locked" } } + + + Software\\Policies\\Mozilla\\Firefox + PrimaryPassword + 1 + + + Software\\Policies\\Mozilla\\Firefox + PromptForDownloadLocation + 1 + + + Software\\Policies\\Mozilla\\Firefox\\RequestedLocales + **delvals. + + + + Software\\Policies\\Mozilla\\Firefox\\RequestedLocales + 1 + de + + + Software\\Policies\\Mozilla\\Firefox\\RequestedLocales + 2 + en-US + + + Software\\Policies\\Mozilla\\Firefox + SSLVersionMax + tls1.3 + + + Software\\Policies\\Mozilla\\Firefox + SSLVersionMin + tls1.3 + + + Software\\Policies\\Mozilla\\Firefox + SearchBar + unified + + + Software\\Policies\\Mozilla\\Firefox\\Authentication + Locked + 1 + + + Software\\Policies\\Mozilla\\Firefox\\Authentication + PrivateBrowsing + 1 + + + Software\\Policies\\Mozilla\\Firefox\\Authentication\\AllowNonFQDN + NTLM + 1 + + + Software\\Policies\\Mozilla\\Firefox\\Authentication\\AllowNonFQDN + SPNEGO + 1 + + + Software\\Policies\\Mozilla\\Firefox\\Authentication\\AllowProxies + NTLM + 1 + + + Software\\Policies\\Mozilla\\Firefox\\Authentication\\AllowProxies + SPNEGO + 1 + + + Software\\Policies\\Mozilla\\Firefox\\Authentication\\Delegated + **delvals. + + + + Software\\Policies\\Mozilla\\Firefox\\Authentication\\Delegated + 1 + mydomain.com + + + Software\\Policies\\Mozilla\\Firefox\\Authentication\\Delegated + 1 + https://myotherdomain.com + + + Software\\Policies\\Mozilla\\Firefox\\Authentication\\NTLM + **delvals. + + + + Software\\Policies\\Mozilla\\Firefox\\Authentication\\NTLM + 1 + mydomain.com + + + Software\\Policies\\Mozilla\\Firefox\\Authentication\\NTLM + 1 + https://myotherdomain.com + + + Software\\Policies\\Mozilla\\Firefox\\Authentication\\SPNEGO + **delvals. + + + + Software\\Policies\\Mozilla\\Firefox\\Authentication\\SPNEGO + 1 + mydomain.com + + + Software\\Policies\\Mozilla\\Firefox\\Authentication\\SPNEGO + 1 + https://myotherdomain.com + + + Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\1 + Title + Example + + + Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\1 + URL + https://example.com + + + Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\1 + Favicon + https://example.com/favicon.ico + + + Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\1 + Placement + menu + + + Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\1 + Folder + FolderName + + + Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\10 + Title + Samba + + + Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\10 + URL + www.samba.org + + + Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\10 + Favicon + + + + Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\10 + Placement + toolbar + + + Software\\Policies\\Mozilla\\Firefox\\Bookmarks\\10 + Folder + + + + Software\\Policies\\Mozilla\\Firefox\\Cookies + AcceptThirdParty + never + + + Software\\Policies\\Mozilla\\Firefox\\Cookies + Default + 1 + + + Software\\Policies\\Mozilla\\Firefox\\Cookies + ExpireAtSessionEnd + 1 + + + Software\\Policies\\Mozilla\\Firefox\\Cookies + Locked + 1 + + + Software\\Policies\\Mozilla\\Firefox\\Cookies + RejectTracker + 1 + + + Software\\Policies\\Mozilla\\Firefox\\Cookies\\Allow + **delvals. + + + + Software\\Policies\\Mozilla\\Firefox\\Cookies\\Allow + 1 + http://example.org/ + + + Software\\Policies\\Mozilla\\Firefox\\Cookies\\AllowSession + **delvals. + + + + Software\\Policies\\Mozilla\\Firefox\\Cookies\\AllowSession + 1 + http://example.edu/ + + + Software\\Policies\\Mozilla\\Firefox\\Cookies\\Block + **delvals. + + + + Software\\Policies\\Mozilla\\Firefox\\Cookies\\Block + 1 + http://example.edu/ + + + Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers + TLS_DHE_RSA_WITH_AES_128_CBC_SHA + 1 + + + Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers + TLS_DHE_RSA_WITH_AES_256_CBC_SHA + 1 + + + Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers + TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 + 1 + + + Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA + 1 + + + Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + 1 + + + Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA + 1 + + + Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers + TLS_RSA_WITH_3DES_EDE_CBC_SHA + 1 + + + Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers + TLS_RSA_WITH_AES_128_CBC_SHA + 1 + + + Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers + TLS_RSA_WITH_AES_128_GCM_SHA256 + 1 + + + Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers + TLS_RSA_WITH_AES_256_CBC_SHA + 1 + + + Software\\Policies\\Mozilla\\Firefox\\DisabledCiphers + TLS_RSA_WITH_AES_256_GCM_SHA384 + 1 + + + Software\\Policies\\Mozilla\\Firefox\\DisableSecurityBypass + InvalidCertificate + 1 + + + Software\\Policies\\Mozilla\\Firefox\\DisableSecurityBypass + SafeBrowsing + 1 + + + Software\\Policies\\Mozilla\\Firefox\\DNSOverHTTPS + Enabled + 1 + + + Software\\Policies\\Mozilla\\Firefox\\DNSOverHTTPS + Locked + 1 + + + Software\\Policies\\Mozilla\\Firefox\\DNSOverHTTPS + ProviderURL + URL_TO_ALTERNATE_PROVIDER + + + Software\\Policies\\Mozilla\\Firefox\\DNSOverHTTPS\\ExcludedDomains + **delvals. + + + + Software\\Policies\\Mozilla\\Firefox\\DNSOverHTTPS\\ExcludedDomains + 1 + example.com + + + Software\\Policies\\Mozilla\\Firefox\\EnableTrackingProtection + Value + 1 + + + Software\\Policies\\Mozilla\\Firefox\\EnableTrackingProtection + Cryptomining + 1 + + + Software\\Policies\\Mozilla\\Firefox\\EnableTrackingProtection + Fingerprinting + 1 + + + Software\\Policies\\Mozilla\\Firefox\\EnableTrackingProtection + Locked + 1 + + + Software\\Policies\\Mozilla\\Firefox\\EnableTrackingProtection\\Exceptions + **delvals. + + + + Software\\Policies\\Mozilla\\Firefox\\EnableTrackingProtection\\Exceptions + 1 + https://example.com + + + Software\\Policies\\Mozilla\\Firefox\\EncryptedMediaExtensions + Enabled + 1 + + + Software\\Policies\\Mozilla\\Firefox\\EncryptedMediaExtensions + Locked + 1 + + + Software\\Policies\\Mozilla\\Firefox\\Extensions\\Install + **delvals. + + + + Software\\Policies\\Mozilla\\Firefox\\Extensions\\Install + 1 + https://addons.mozilla.org/firefox/downloads/somefile.xpi + + + Software\\Policies\\Mozilla\\Firefox\\Extensions\\Install + 2 + //path/to/xpi + + + Software\\Policies\\Mozilla\\Firefox\\Extensions\\Locked + **delvals. + + + + Software\\Policies\\Mozilla\\Firefox\\Extensions\\Locked + 1 + addon_id@mozilla.org + + + Software\\Policies\\Mozilla\\Firefox\\Extensions\\Uninstall + **delvals. + + + + Software\\Policies\\Mozilla\\Firefox\\Extensions\\Uninstall + 1 + bad_addon_id@mozilla.org + + + Software\\Policies\\Mozilla\\Firefox\\FirefoxHome + Search + 1 + + + Software\\Policies\\Mozilla\\Firefox\\FirefoxHome + TopSites + 1 + + + Software\\Policies\\Mozilla\\Firefox\\FirefoxHome + Highlights + 1 + + + Software\\Policies\\Mozilla\\Firefox\\FirefoxHome + Pocket + 1 + + + Software\\Policies\\Mozilla\\Firefox\\FirefoxHome + Snippets + 1 + + + Software\\Policies\\Mozilla\\Firefox\\FirefoxHome + Locked + 1 + + + Software\\Policies\\Mozilla\\Firefox\\FlashPlugin + Default + 1 + + + Software\\Policies\\Mozilla\\Firefox\\FlashPlugin + Locked + 1 + + + Software\\Policies\\Mozilla\\Firefox\\FlashPlugin\\Allow + **delvals. + + + + Software\\Policies\\Mozilla\\Firefox\\FlashPlugin\\Allow + 1 + http://example.org/ + + + Software\\Policies\\Mozilla\\Firefox\\FlashPlugin\\Block + **delvals. + + + + Software\\Policies\\Mozilla\\Firefox\\FlashPlugin\\Block + 1 + http://example.edu/ + + + Software\\Policies\\Mozilla\\Firefox\\Homepage + StartPage + homepage + + + Software\\Policies\\Mozilla\\Firefox\\Homepage + URL + http://example.com/ + + + Software\\Policies\\Mozilla\\Firefox\\Homepage + Locked + 1 + + + Software\\Policies\\Mozilla\\Firefox\\Homepage\\Additional + **delvals. + + + + Software\\Policies\\Mozilla\\Firefox\\Homepage\\Additional + 1 + http://example.org/ + + + Software\\Policies\\Mozilla\\Firefox\\Homepage\\Additional + 2 + http://example.edu/ + + + Software\\Policies\\Mozilla\\Firefox\\InstallAddonsPermission + Default + 1 + + + Software\\Policies\\Mozilla\\Firefox\\InstallAddonsPermission\\Allow + **delvals. + + + + Software\\Policies\\Mozilla\\Firefox\\InstallAddonsPermission\\Allow + 1 + http://example.org/ + + + Software\\Policies\\Mozilla\\Firefox\\InstallAddonsPermission\\Allow + 2 + http://example.edu/ + + + Software\\Policies\\Mozilla\\Firefox\\LocalFileLinks + **delvals. + + + + Software\\Policies\\Mozilla\\Firefox\\LocalFileLinks + 1 + http://example.org/ + + + Software\\Policies\\Mozilla\\Firefox\\LocalFileLinks + 2 + http://example.edu/ + + + Software\\Policies\\Mozilla\\Firefox\\PDFjs + EnablePermissions + 1 + + + Software\\Policies\\Mozilla\\Firefox\\PDFjs + Enabled + 1 + + + Software\\Policies\\Mozilla\\Firefox\\Permissions\\Autoplay + Default + block-audio + + + Software\\Policies\\Mozilla\\Firefox\\Permissions\\Autoplay + Locked + 1 + + + Software\\Policies\\Mozilla\\Firefox\\Permissions\\Autoplay\\Allow + **delvals. + + + + Software\\Policies\\Mozilla\\Firefox\\Permissions\\Autoplay\\Allow + 1 + https://example.org + + + Software\\Policies\\Mozilla\\Firefox\\Permissions\\Autoplay\\Block + **delvals. + + + + Software\\Policies\\Mozilla\\Firefox\\Permissions\\Autoplay\\Block + 1 + https://example.edu + + + Software\\Policies\\Mozilla\\Firefox\\Permissions\\Camera + BlockNewRequests + 1 + + + Software\\Policies\\Mozilla\\Firefox\\Permissions\\Camera + Locked + 1 + + + Software\\Policies\\Mozilla\\Firefox\\Permissions\\Camera\\Allow + **delvals. + + + + Software\\Policies\\Mozilla\\Firefox\\Permissions\\Camera\\Allow + 1 + https://example.org + + + Software\\Policies\\Mozilla\\Firefox\\Permissions\\Camera\\Allow + 2 + https://example.org:1234 + + + Software\\Policies\\Mozilla\\Firefox\\Permissions\\Camera\\Block + **delvals. + + + + Software\\Policies\\Mozilla\\Firefox\\Permissions\\Camera\\Block + 1 + https://example.edu + + + Software\\Policies\\Mozilla\\Firefox\\Permissions\\Location + BlockNewRequests + 1 + + + Software\\Policies\\Mozilla\\Firefox\\Permissions\\Location + Locked + 1 + + + Software\\Policies\\Mozilla\\Firefox\\Permissions\\Location\\Allow + **delvals. + + + + Software\\Policies\\Mozilla\\Firefox\\Permissions\\Location\\Allow + 1 + https://example.org + + + Software\\Policies\\Mozilla\\Firefox\\Permissions\\Location\\Block + **delvals. + + + + Software\\Policies\\Mozilla\\Firefox\\Permissions\\Location\\Block + 1 + https://example.edu + + + Software\\Policies\\Mozilla\\Firefox\\Permissions\\Microphone + BlockNewRequests + 1 + + + Software\\Policies\\Mozilla\\Firefox\\Permissions\\Microphone + Locked + 1 + + + Software\\Policies\\Mozilla\\Firefox\\Permissions\\Microphone\\Allow + **delvals. + + + + Software\\Policies\\Mozilla\\Firefox\\Permissions\\Microphone\\Allow + 1 + https://example.org + + + Software\\Policies\\Mozilla\\Firefox\\Permissions\\Microphone\\Block + **delvals. + + + + Software\\Policies\\Mozilla\\Firefox\\Permissions\\Microphone\\Block + 1 + https://example.edu + + + Software\\Policies\\Mozilla\\Firefox\\Permissions\\Notifications + BlockNewRequests + 1 + + + Software\\Policies\\Mozilla\\Firefox\\Permissions\\Notifications + Locked + 1 + + + Software\\Policies\\Mozilla\\Firefox\\Permissions\\Notifications\\Allow + **delvals. + + + + Software\\Policies\\Mozilla\\Firefox\\Permissions\\Notifications\\Allow + 1 + https://example.org + + + Software\\Policies\\Mozilla\\Firefox\\Permissions\\Notifications\\Block + **delvals. + + + + Software\\Policies\\Mozilla\\Firefox\\Permissions\\Notifications\\Block + 1 + https://example.edu + + + Software\\Policies\\Mozilla\\Firefox\\Permissions\\VirtualReality + BlockNewRequests + 1 + + + Software\\Policies\\Mozilla\\Firefox\\Permissions\\VirtualReality + Locked + 1 + + + Software\\Policies\\Mozilla\\Firefox\\Permissions\\VirtualReality\\Allow + **delvals. + + + + Software\\Policies\\Mozilla\\Firefox\\Permissions\\VirtualReality\\Allow + 1 + https://example.org + + + Software\\Policies\\Mozilla\\Firefox\\Permissions\\VirtualReality\\Block + **delvals. + + + + Software\\Policies\\Mozilla\\Firefox\\Permissions\\VirtualReality\\Block + 1 + https://example.edu + + + Software\\Policies\\Mozilla\\Firefox\\PictureInPicture + Enabled + 1 + + + Software\\Policies\\Mozilla\\Firefox\\PictureInPicture + Locked + 1 + + + Software\\Policies\\Mozilla\\Firefox\\PopupBlocking + Default + 1 + + + Software\\Policies\\Mozilla\\Firefox\\PopupBlocking + Locked + 1 + + + Software\\Policies\\Mozilla\\Firefox\\PopupBlocking\\Allow + **delvals. + + + + Software\\Policies\\Mozilla\\Firefox\\PopupBlocking\\Allow + 1 + http://example.org/ + + + Software\\Policies\\Mozilla\\Firefox\\PopupBlocking\\Allow + 2 + http://example.edu/ + + + Software\\Policies\\Mozilla\\Firefox\\Proxy + Locked + 1 + + + Software\\Policies\\Mozilla\\Firefox\\Proxy + Mode + autoDetect + + + Software\\Policies\\Mozilla\\Firefox\\Proxy + HTTPProxy + hostname + + + Software\\Policies\\Mozilla\\Firefox\\Proxy + UseHTTPProxyForAllProtocols + 1 + + + Software\\Policies\\Mozilla\\Firefox\\Proxy + SSLProxy + hostname + + + Software\\Policies\\Mozilla\\Firefox\\Proxy + FTPProxy + hostname + + + Software\\Policies\\Mozilla\\Firefox\\Proxy + SOCKSProxy + hostname + + + Software\\Policies\\Mozilla\\Firefox\\Proxy + SOCKSVersion + 5 + + + Software\\Policies\\Mozilla\\Firefox\\Proxy + Passthrough + <local> + + + Software\\Policies\\Mozilla\\Firefox\\Proxy + AutoConfigURL + URL_TO_AUTOCONFIG + + + Software\\Policies\\Mozilla\\Firefox\\Proxy + AutoLogin + 1 + + + Software\\Policies\\Mozilla\\Firefox\\Proxy + UseProxyForDNS + 1 + + + Software\\Policies\\Mozilla\\Firefox + SanitizeOnShutdown + 1 + + + Software\\Policies\\Mozilla\\Firefox\\SearchEngines + Default + Google + + + Software\\Policies\\Mozilla\\Firefox\\SearchEngines + PreventInstalls + 1 + + + Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1 + Name + Example1 + + + Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1 + URLTemplate + https://www.example.org/q={searchTerms} + + + Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1 + Method + POST + + + Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1 + IconURL + https://www.example.org/favicon.ico + + + Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1 + Alias + example + + + Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1 + Description + Description + + + Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1 + SuggestURLTemplate + https://www.example.org/suggestions/q={searchTerms} + + + Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Add\\1 + PostData + name=value&q={searchTerms} + + + Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Remove + **delvals. + + + + Software\\Policies\\Mozilla\\Firefox\\SearchEngines\\Remove + 1 + Bing + + + Software\\Policies\\Mozilla\\Firefox\\SupportMenu + Title + Support Menu + + + Software\\Policies\\Mozilla\\Firefox\\SupportMenu + URL + http://example.com/support + + + Software\\Policies\\Mozilla\\Firefox\\SupportMenu + AccessKey + S + + + Software\\Policies\\Mozilla\\Firefox\\UserMessaging + ExtensionRecommendations + 1 + + + Software\\Policies\\Mozilla\\Firefox\\UserMessaging + FeatureRecommendations + 1 + + + Software\\Policies\\Mozilla\\Firefox\\UserMessaging + WhatsNew + 1 + + + Software\\Policies\\Mozilla\\Firefox\\UserMessaging + UrlbarInterventions + 1 + + + Software\\Policies\\Mozilla\\Firefox\\UserMessaging + SkipOnboarding + 1 + + + Software\\Policies\\Mozilla\\Firefox\\WebsiteFilter\\Block + **delvals. + + + + Software\\Policies\\Mozilla\\Firefox\\WebsiteFilter\\Block + 1 + <all_urls> + + + Software\\Policies\\Mozilla\\Firefox\\WebsiteFilter\\Exceptions + **delvals. + + + + Software\\Policies\\Mozilla\\Firefox\\WebsiteFilter\\Exceptions + 1 + http://example.org/* + + + Software\\Policies\\Mozilla\\Firefox + AllowedDomainsForApps + managedfirefox.com,example.com + + + Software\\Policies\\Mozilla\\Firefox + BackgroundAppUpdate + 1 + + + Software\\Policies\\Mozilla\\Firefox\\Certificates + ImportEnterpriseRoots + 1 + + + Software\\Policies\\Mozilla\\Firefox\\Certificates\\Install + **delvals. + + + + Software\\Policies\\Mozilla\\Firefox\\Certificates\\Install + 1 + cert1.der + + + Software\\Policies\\Mozilla\\Firefox\\Certificates\\Install + 2 + /home/username/cert2.pem + + + Software\\Policies\\Mozilla\\Firefox\\SecurityDevices + NAME_OF_DEVICE + PATH_TO_LIBRARY_FOR_DEVICE + + + Software\\Policies\\Mozilla\\Firefox + ShowHomeButton + 1 + + + Software\\Policies\\Mozilla\\Firefox + AutoLaunchProtocolsFromOrigins + [{"protocol": "zoommtg", "allowed_origins": ["https://somesite.zoom.us"]}] + + +""" + +firefox_json_expected = \ +""" +{ + "policies": { + "AppAutoUpdate": true, + "AllowedDomainsForApps": "managedfirefox.com,example.com", + "AppUpdateURL": "https://yoursite.com", + "Authentication": { + "SPNEGO": [ + "mydomain.com", + "https://myotherdomain.com" + ], + "Delegated": [ + "mydomain.com", + "https://myotherdomain.com" + ], + "NTLM": [ + "mydomain.com", + "https://myotherdomain.com" + ], + "AllowNonFQDN": { + "SPNEGO": true, + "NTLM": true + }, + "AllowProxies": { + "SPNEGO": true, + "NTLM": true + }, + "Locked": true, + "PrivateBrowsing": true + }, + "AutoLaunchProtocolsFromOrigins": [ + { + "protocol": "zoommtg", + "allowed_origins": [ + "https://somesite.zoom.us" + ] + } + ], + "BackgroundAppUpdate": true, + "BlockAboutAddons": true, + "BlockAboutConfig": true, + "BlockAboutProfiles": true, + "BlockAboutSupport": true, + "Bookmarks": [ + { + "Title": "Example", + "URL": "https://example.com", + "Favicon": "https://example.com/favicon.ico", + "Placement": "menu", + "Folder": "FolderName" + }, + { + "Title": "Samba", + "URL": "www.samba.org", + "Favicon": "", + "Placement": "toolbar", + "Folder": "" + } + ], + "CaptivePortal": true, + "Certificates": { + "ImportEnterpriseRoots": true, + "Install": [ + "cert1.der", + "/home/username/cert2.pem" + ] + }, + "Cookies": { + "Allow": [ + "http://example.org/" + ], + "AllowSession": [ + "http://example.edu/" + ], + "Block": [ + "http://example.edu/" + ], + "Default": true, + "AcceptThirdParty": "never", + "ExpireAtSessionEnd": true, + "RejectTracker": true, + "Locked": true + }, + "DisableSetDesktopBackground": true, + "DisableMasterPasswordCreation": true, + "DisableAppUpdate": true, + "DisableBuiltinPDFViewer": true, + "DisabledCiphers": { + "TLS_DHE_RSA_WITH_AES_128_CBC_SHA": true, + "TLS_DHE_RSA_WITH_AES_256_CBC_SHA": true, + "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA": true, + "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA": true, + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256": true, + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256": true, + "TLS_RSA_WITH_AES_128_CBC_SHA": true, + "TLS_RSA_WITH_AES_256_CBC_SHA": true, + "TLS_RSA_WITH_3DES_EDE_CBC_SHA": true, + "TLS_RSA_WITH_AES_128_GCM_SHA256": true, + "TLS_RSA_WITH_AES_256_GCM_SHA384": true + }, + "DisableDefaultBrowserAgent": true, + "DisableDeveloperTools": true, + "DisableFeedbackCommands": true, + "DisableFirefoxScreenshots": true, + "DisableFirefoxAccounts": true, + "DisableFirefoxStudies": true, + "DisableForgetButton": true, + "DisableFormHistory": true, + "DisablePasswordReveal": true, + "DisablePocket": true, + "DisablePrivateBrowsing": true, + "DisableProfileImport": true, + "DisableProfileRefresh": true, + "DisableSafeMode": true, + "DisableSecurityBypass": { + "InvalidCertificate": true, + "SafeBrowsing": true + }, + "DisableSystemAddonUpdate": true, + "DisableTelemetry": true, + "DisplayBookmarksToolbar": true, + "DisplayMenuBar": "default-on", + "DNSOverHTTPS": { + "Enabled": true, + "ProviderURL": "URL_TO_ALTERNATE_PROVIDER", + "Locked": true, + "ExcludedDomains": [ + "example.com" + ] + }, + "DontCheckDefaultBrowser": true, + "EnableTrackingProtection": { + "Value": true, + "Locked": true, + "Cryptomining": true, + "Fingerprinting": true, + "Exceptions": [ + "https://example.com" + ] + }, + "EncryptedMediaExtensions": { + "Enabled": true, + "Locked": true + }, + "Extensions": { + "Install": [ + "https://addons.mozilla.org/firefox/downloads/somefile.xpi", + "//path/to/xpi" + ], + "Uninstall": [ + "bad_addon_id@mozilla.org" + ], + "Locked": [ + "addon_id@mozilla.org" + ] + }, + "ExtensionSettings": { + "*": { + "blocked_install_message": "Custom error message.", + "install_sources": [ + "about:addons", + "https://addons.mozilla.org/" + ], + "installation_mode": "blocked", + "allowed_types": [ + "extension" + ] + }, + "uBlock0@raymondhill.net": { + "installation_mode": "force_installed", + "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi" + }, + "https-everywhere@eff.org": { + "installation_mode": "allowed" + } + }, + "ExtensionUpdate": true, + "FlashPlugin": { + "Allow": [ + "http://example.org/" + ], + "Block": [ + "http://example.edu/" + ], + "Default": true, + "Locked": true + }, + "Handlers": { + "mimeTypes": { + "application/msword": { + "action": "useSystemDefault", + "ask": true + } + }, + "schemes": { + "mailto": { + "action": "useHelperApp", + "ask": true, + "handlers": [ + { + "name": "Gmail", + "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&url=%s" + } + ] + } + }, + "extensions": { + "pdf": { + "action": "useHelperApp", + "ask": true, + "handlers": [ + { + "name": "Adobe Acrobat", + "path": "/usr/bin/acroread" + } + ] + } + } + }, + "FirefoxHome": { + "Search": true, + "TopSites": true, + "Highlights": true, + "Pocket": true, + "Snippets": true, + "Locked": true + }, + "HardwareAcceleration": true, + "Homepage": { + "URL": "http://example.com/", + "Locked": true, + "Additional": [ + "http://example.org/", + "http://example.edu/" + ], + "StartPage": "homepage" + }, + "InstallAddonsPermission": { + "Allow": [ + "http://example.org/", + "http://example.edu/" + ], + "Default": true + }, + "LocalFileLinks": [ + "http://example.org/", + "http://example.edu/" + ], + "ManagedBookmarks": [ + { + "toplevel_name": "My managed bookmarks folder" + }, + { + "url": "example.com", + "name": "Example" + }, + { + "name": "Mozilla links", + "children": [ + { + "url": "https://mozilla.org", + "name": "Mozilla.org" + }, + { + "url": "https://support.mozilla.org/", + "name": "SUMO" + } + ] + } + ], + "PrimaryPassword": true, + "NoDefaultBookmarks": true, + "OfferToSaveLogins": true, + "OfferToSaveLoginsDefault": true, + "OverrideFirstRunPage": "http://example.org", + "OverridePostUpdatePage": "http://example.org", + "PasswordManagerEnabled": true, + "PSFjs": { + "Enabled": true, + "EnablePermissions": true + }, + "Permissions": { + "Camera": { + "Allow": [ + "https://example.org", + "https://example.org:1234" + ], + "Block": [ + "https://example.edu" + ], + "BlockNewRequests": true, + "Locked": true + }, + "Microphone": { + "Allow": [ + "https://example.org" + ], + "Block": [ + "https://example.edu" + ], + "BlockNewRequests": true, + "Locked": true + }, + "Location": { + "Allow": [ + "https://example.org" + ], + "Block": [ + "https://example.edu" + ], + "BlockNewRequests": true, + "Locked": true + }, + "Notifications": { + "Allow": [ + "https://example.org" + ], + "Block": [ + "https://example.edu" + ], + "BlockNewRequests": true, + "Locked": true + }, + "Autoplay": { + "Allow": [ + "https://example.org" + ], + "Block": [ + "https://example.edu" + ], + "Default": "block-audio", + "Locked": true + }, + "VirtualReality": { + "Allow": [ + "https://example.org" + ], + "Block": [ + "https://example.edu" + ], + "BlockNewRequests": true, + "Locked": true + } + }, + "PictureInPicture": { + "Enabled": true, + "Locked": true + }, + "PopupBlocking": { + "Allow": [ + "http://example.org/", + "http://example.edu/" + ], + "Default": true, + "Locked": true + }, + "Preferences": { + "accessibility.force_disabled": { + "Value": 1, + "Status": "default" + }, + "browser.cache.disk.parent_directory": { + "Value": "SOME_NATIVE_PATH", + "Status": "user" + }, + "browser.tabs.warnOnClose": { + "Value": false, + "Status": "locked" + } + }, + "PromptForDownloadLocation": true, + "Proxy": { + "Mode": "autoDetect", + "Locked": true, + "HTTPProxy": "hostname", + "UseHTTPProxyForAllProtocols": true, + "SSLProxy": "hostname", + "FTPProxy": "hostname", + "SOCKSProxy": "hostname", + "SOCKSVersion": 5, + "Passthrough": "", + "AutoConfigURL": "URL_TO_AUTOCONFIG", + "AutoLogin": true, + "UseProxyForDNS": true + }, + "SanitizeOnShutdown": true, + "SearchEngines": { + "Add": [ + { + "Name": "Example1", + "URLTemplate": "https://www.example.org/q={searchTerms}", + "Method": "POST", + "IconURL": "https://www.example.org/favicon.ico", + "Alias": "example", + "Description": "Description", + "PostData": "name=value&q={searchTerms}", + "SuggestURLTemplate": "https://www.example.org/suggestions/q={searchTerms}" + } + ], + "Remove": [ + "Bing" + ], + "Default": "Google", + "PreventInstalls": true + }, + "SearchSuggestEnabled": true, + "SecurityDevices": { + "NAME_OF_DEVICE": "PATH_TO_LIBRARY_FOR_DEVICE" + }, + "ShowHomeButton": true, + "SSLVersionMax": "tls1.3", + "SSLVersionMin": "tls1.3", + "SupportMenu": { + "Title": "Support Menu", + "URL": "http://example.com/support", + "AccessKey": "S" + }, + "UserMessaging": { + "WhatsNew": true, + "ExtensionRecommendations": true, + "FeatureRecommendations": true, + "UrlbarInterventions": true, + "SkipOnboarding": true + }, + "WebsiteFilter": { + "Block": [ + "" + ], + "Exceptions": [ + "http://example.org/*" + ] + }, + "DefaultDownloadDirectory": "${home}/Downloads", + "DownloadDirectory": "${home}/Downloads", + "NetworkPrediction": true, + "NewTabPage": true, + "RequestedLocales": ["de", "en-US"], + "SearchBar": "unified" + } +} +""" + def days2rel_nttime(val): seconds = 60 minutes = 60 @@ -2066,3 +3723,61 @@ class GPOTests(tests.TestCase): # Unstage the Registry.pol file unstage_file(reg_pol) + + def test_gp_firefox_ext(self): + local_path = self.lp.cache_path('gpo_cache') + guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}' + reg_pol = os.path.join(local_path, policies, guid, + 'MACHINE/REGISTRY.POL') + logger = logging.getLogger('gpo_tests') + cache_dir = self.lp.get('cache directory') + store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb')) + + machine_creds = Credentials() + machine_creds.guess(self.lp) + machine_creds.set_machine_account() + + # Initialize the group policy extension + ext = gp_firefox_ext(logger, self.lp, machine_creds, + machine_creds.get_username(), store) + + ads = gpo.ADS_STRUCT(self.server, self.lp, machine_creds) + if ads.connect(): + gpos = ads.get_gpo_list(machine_creds.get_username()) + + # Stage the Registry.pol file with test data + parser = GPPolParser() + parser.load_xml(etree.fromstring(firefox_reg_pol.strip())) + ret = stage_file(reg_pol, ndr_pack(parser.pol_file)) + self.assertTrue(ret, 'Could not create the target %s' % reg_pol) + + with TemporaryDirectory() as dname: + ext.process_group_policy([], gpos, dname) + policies_file = os.path.join(dname, 'policies.json') + with open(policies_file, 'r') as r: + policy_data = json.load(r) + expected_policy_data = json.loads(firefox_json_expected) + self.assertIn('policies', policy_data, 'Policies were not applied') + self.assertEqual(expected_policy_data['policies'].keys(), + policy_data['policies'].keys(), + 'Firefox policies are missing') + for name in expected_policy_data['policies'].keys(): + self.assertEqual(expected_policy_data['policies'][name], + policy_data['policies'][name], + 'Policies were not applied') + + # Verify RSOP does not fail + ext.rsop([g for g in gpos if g.name == guid][0]) + + # Unapply the policy + gp_db = store.get_gplog(machine_creds.get_username()) + del_gpos = get_deleted_gpos_list(gp_db, []) + ext.process_group_policy(del_gpos, [], dname) + if os.path.exists(policies_file): + data = json.load(open(policies_file, 'r')) + if 'policies' in data.keys(): + self.assertEqual(len(data['policies'].keys()), 0, + 'The policy was not unapplied') + + # Unstage the Registry.pol file + unstage_file(reg_pol) diff --git a/selftest/knownfail.d/gpo b/selftest/knownfail.d/gpo new file mode 100644 index 00000000000..83bc9f0ac1f --- /dev/null +++ b/selftest/knownfail.d/gpo @@ -0,0 +1 @@ +^samba.tests.gpo.samba.tests.gpo.GPOTests.test_gp_cert_auto_enroll_ext