From: David Mulder Date: Thu, 5 Nov 2020 16:08:26 +0000 (-0700) Subject: gpo: Apply Group Policy OpenSSH settings from VGP X-Git-Tag: tevent-0.11.0~1779 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ddf1cbd345237162ac19596ac1db787e0d77de65;p=thirdparty%2Fsamba.git gpo: Apply Group Policy OpenSSH settings from VGP Signed-off-by: David Mulder Reviewed-by: Jeremy Allison --- diff --git a/python/samba/vgp_openssh_ext.py b/python/samba/vgp_openssh_ext.py index 6e0f3bb054d..488bfa728ae 100644 --- a/python/samba/vgp_openssh_ext.py +++ b/python/samba/vgp_openssh_ext.py @@ -14,9 +14,69 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . +import os from samba.gpclass import gp_xml_ext +from base64 import b64encode +from tempfile import NamedTemporaryFile +from samba.common import get_bytes, get_string + +intro = b''' +### autogenerated by samba +# +# This file is generated by the vgp_openssh_ext Group Policy +# Client Side Extension. To modify the contents of this file, +# modify the appropriate Group Policy objects which apply +# to this machine. DO NOT MODIFY THIS FILE DIRECTLY. +# + +''' class vgp_openssh_ext(gp_xml_ext): + def __str__(self): + return 'VGP/Unix Settings/OpenSSH' + def process_group_policy(self, deleted_gpo_list, changed_gpo_list, cfg_dir='/etc/ssh/sshd_config.d'): - pass + for guid, settings in deleted_gpo_list: + self.gp_db.set_guid(guid) + if str(self) in settings: + for attribute, sshd_config in settings[str(self)].items(): + if os.path.exists(sshd_config): + os.unlink(sshd_config) + self.gp_db.delete(str(self), attribute) + self.gp_db.commit() + + for gpo in changed_gpo_list: + if gpo.file_sys_path: + self.gp_db.set_guid(gpo.name) + xml = 'MACHINE/VGP/VTLA/SshCfg/SshD/manifest.xml' + path = os.path.join(gpo.file_sys_path, xml) + xml_conf = self.parse(path) + if not xml_conf: + continue + policy = xml_conf.find('policysetting') + data = policy.find('data') + configfile = data.find('configfile') + for configsection in configfile.findall('configsection'): + if configsection.find('sectionname').text: + continue + settings = {} + for kv in configsection.findall('keyvaluepair'): + settings[kv.find('key')] = kv.find('value') + attribute = get_string(b64encode(get_bytes(gpo.name) + + get_bytes(cfg_dir))) + fname = self.gp_db.retrieve(str(self), attribute) + if fname and os.path.exists(fname): + f = open(fname, 'w') + else: + f = NamedTemporaryFile(prefix='gp_', + delete=False, + dir=cfg_dir) + f.write(intro) + for k, v in settings.items(): + f.write(b'%s %s\n' % \ + (get_bytes(k.text), get_bytes(v.text))) + os.chmod(f.name, 0o640) + self.gp_db.store(str(self), attribute, f.name) + self.gp_db.commit() + f.close() diff --git a/selftest/knownfail.d/gpo b/selftest/knownfail.d/gpo deleted file mode 100644 index 7ceb3d33f20..00000000000 --- a/selftest/knownfail.d/gpo +++ /dev/null @@ -1 +0,0 @@ -^samba.tests.gpo.samba.tests.gpo.GPOTests.test_vgp_openssh diff --git a/source4/scripting/bin/samba-gpupdate b/source4/scripting/bin/samba-gpupdate index e2ed7216ff6..52de59fe3d9 100755 --- a/source4/scripting/bin/samba-gpupdate +++ b/source4/scripting/bin/samba-gpupdate @@ -39,6 +39,7 @@ from samba.gp_smb_conf_ext import gp_smb_conf_ext from samba.gp_msgs_ext import gp_msgs_ext from samba.vgp_symlink_ext import vgp_symlink_ext from samba.vgp_files_ext import vgp_files_ext +from samba.vgp_openssh_ext import vgp_openssh_ext import logging if __name__ == "__main__": @@ -97,6 +98,7 @@ if __name__ == "__main__": gp_extensions.append(gp_msgs_ext) gp_extensions.append(vgp_symlink_ext) gp_extensions.append(vgp_files_ext) + gp_extensions.append(vgp_openssh_ext) gp_extensions.extend(machine_exts) elif opts.target == 'User': gp_extensions.extend(user_exts)