[PATCH 10/23] gpo: Added modularity to samba_gpoupdate
David Mulder
dmulder at suse.com
Fri Mar 10 16:09:17 UTC 2017
From: Luke Morrison <luc785 at hotmail.com>
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Signed-off-by: Luke Morrison <luke at hubtrek.com>
---
source4/scripting/bin/samba_gpoupdate | 186 +++++++++++++++++++++++-----------
1 file changed, 125 insertions(+), 61 deletions(-)
diff --git a/source4/scripting/bin/samba_gpoupdate b/source4/scripting/bin/samba_gpoupdate
index 04742b0..e5e6507 100755
--- a/source4/scripting/bin/samba_gpoupdate
+++ b/source4/scripting/bin/samba_gpoupdate
@@ -1,5 +1,8 @@
#!/usr/bin/env python
-# Copyright Luke Morrison <luc785 at .hotmail.com> 2013
+# Copyright Luke Morrison <luc785 at .hotmail.com> July 2013
+# Co-Edited by Matthieu Pattou July 2013 from original August 2013
+# Edited by Garming Sam Feb. 2014
+# Edited by Luke Morrison April 2014
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -48,67 +51,120 @@ def gpo_parser(GPO_LIST, ldb, conn):
(ext, thefile) = entry
ext.parse(thefile, ldb, conn)
-parser = optparse.OptionParser("testsearchdn [options]")
-sambaopts = options.SambaOptions(parser)
-
-parser.add_option_group(sambaopts)
-parser.add_option_group(options.VersionOptions(parser))
-
-credopts = options.CredentialsOptions(parser)
-
-parser.add_option("-H", dest = "url", help="URL for the samdb")
-
-parser.add_option_group(credopts)
-
-opts, args = parser.parse_args()
-lp = sambaopts.get_loadparm()
-
-smbconf = lp.configfile
-creds = credopts.get_credentials(lp, fallback_machine=True)
-
-session = system_session()
-
-if not opts.url:
- url = lp.samdb_url()
-else:
- url = opts.url
-
-#########################
-#Inialize Samba Database#
-#########################
-
-test_ldb = SamDB(url, session_info=session,
- credentials=creds,lp=lp)
-
-schemadn = test_ldb.get_schema_basedn()
-
-basedn = test_ldb.get_default_basedn()
-
-'''Will need sysvol to write a basic GUID version dynamic log file'''
-path = '%s/Policies' % lp.get("realm").lower()
+class GPOServiceSetup:
+ def __init__(self):
+ """Initialize all components necessary to return instances of
+ a Samba lp context (smb.conf) and Samba LDB context
+ """
+
+ self.parser = optparse.OptionParser("testsearchdn [options]")
+ self.sambaopts = options.SambaOptions(self.parser)
+ self.credopts = None
+ self.opts = None
+ self.args = None
+ self.lp = None
+ self.smbconf = None
+ self.creds = None
+ self.url = None
+
+ # Setters or Initializers
+ def init_parser(self):
+ '''Get the command line options'''
+ self.parser.add_option_group(self.sambaopts)
+ self.parser.add_option_group(options.VersionOptions(self.parser))
+ self.init_credopts()
+ self.parser.add_option("-H", dest="url", help="URL for the samdb")
+ self.parser.add_option_group(self.credopts)
+
+ def init_argsopts(self):
+ '''Set the options and the arguments'''
+ (opts, args) = self.parser.parse_args()
+
+ self.opts = opts
+ self.args = args
+
+ def init_credopts(self):
+ '''Set Credential operations'''
+ self.credopts = options.CredentialsOptions(self.parser)
+
+ def init_lp(self):
+ '''Set the loadparm context'''
+ self.lp = self.sambaopts.get_loadparm()
+ self.smbconf = self.lp.configfile
+ if (not self.opts.url):
+ self.url = self.lp.samdb_url()
+ else:
+ self.url = self.opts.url
+
+ def init_session(self):
+ '''Initialize the session'''
+ self.creds = self.credopts.get_credentials(self.lp,
+ fallback_machine=True)
+ self.session = system_session()
+
+ def InitializeService(self):
+ '''Inializer for the thread'''
+ self.init_parser()
+ self.init_argsopts()
+ self.init_lp()
+ self.init_session()
+
+ # Getters
+ def Get_LDB(self):
+ '''Return a live instance of Samba'''
+ SambaDB = SamDB(self.url, session_info=self.session,
+ credentials=self.creds, lp=self.lp)
+ return SambaDB
+
+ def Get_lp_Content(self):
+ '''Return an instance of a local lp context'''
+ return self.lp
+
+ def Get_Creds(self):
+ '''Return an instance of a local creds'''
+ return self.creds
+
+
+def GetBackLog(sys_log):
+ """Reads BackLog and makes thread aware of which GPO are unchanged or empty
+ :param String sys_log: path to backLog
+ :return Dictionary previous_scanned_version: {Unedited GPO: Version Number}
+ *NOTE on Version below
+ """
+ previous_scanned_version = {}
+ if os.path.isfile(sys_log):
+ previous_scanned_version = scan_log(sys_log)
+ return previous_scanned_version
+ else:
+ return None
+
+# Set up the GPO service
+GPOService = GPOServiceSetup()
+GPOService.InitializeService()
+
+# Get the Samba Instance
+test_ldb = GPOService.Get_LDB()
+
+# Get The lp context
+lp = GPOService.Get_lp_Content()
+
+# Get the CREDS
+creds = GPOService.Get_Creds()
+
+# Read the readable backLog into a hashmap
+# then open writable backLog in same location
+BackLoggedGPO = None
sys_log = '%s/%s' % (lp.get("path", "sysvol"), 'syslog.txt')
+BackLoggedGPO = GetBackLog(sys_log)
+BackLog = open(sys_log, "w")
-'''Returns dict from previous logfile, then scraps the logfile '''
-previous_scanned_version = {'a' : 4}
-if os.path.isfile(sys_log):
- previous_scanned_version = scan_log(sys_log)
-sys_log = open(sys_log, "w")
-
-'''Establishes the hierarchy TODO - insert the link fom Microsoft and vouch why we dont care about site or local'''
-specific_ou = "OU=Domain Controllers"
-'''TODO Definitely get DC from Samba'''
-global_dn = test_ldb.domain_dn()
-print 'The global DN for this domain is ' + global_dn
-DC_OU = specific_ou + ',' + global_dn
-
-net = Net(creds=creds, lp=lp)
# We need to know writable DC to setup SMB connection
-flags = (nbt.NBT_SERVER_LDAP |
- nbt.NBT_SERVER_DS |
- nbt.NBT_SERVER_WRITABLE)
-cldap_ret = net.finddc(domain=lp.get('realm'), flags=flags)
+net = Net(creds=creds, lp=lp)
+cldap_ret = net.finddc(domain=lp.get('realm'), flags=(nbt.NBT_SERVER_LDAP |
+ nbt.NBT_SERVER_DS |
+ nbt.NBT_SERVER_WRITABLE))
dc_hostname = cldap_ret.pdc_dns_name
try:
@@ -116,16 +172,23 @@ try:
except Exception, e:
raise Exception("Error connecting to '%s' using SMB" % dc_hostname, e)
-guid_list = [x['name'] for x in conn.list(path)]
+# Get the dn of the domain, and the dn of readable/writable DC
+global_dn = test_ldb.domain_dn()
+DC_OU = "OU=Domain Controllers" + ',' + global_dn
+# Set up a List of the GUID for all GPO's
+guid_list = [x['name'] for x in conn.list('%s/Policies' % lp.get("realm").lower())]
+
+#Establish the Hierarchy for the GPO
hierarchy_gpos = samba4_gpo_hierarchy(test_ldb, guid_list, DC_OU, global_dn)
hierarchy_gpos.establish_hierarchy()
+#Write applicable GPO
for guid_eval in hierarchy_gpos.sorted_full:
guid = guid_eval[0]
gp_extensions = [gp_sec_ext()]
- local_path = path + '/' + guid + '/'
+ local_path = '%s/Policies' % lp.get("realm").lower() + '/' + guid + '/'
version = gpo.gpo_get_sysvol_gpt_version(lp.get("path", "sysvol") + '/' + local_path)[1]
gpolist = gp_path_list(local_path)
@@ -134,8 +197,9 @@ for guid_eval in hierarchy_gpos.sorted_full:
'''If an important GPO parse it. Will not parse if it has not changed, is empty, or is not in the right container'''
if guid_eval[1]:
if gpolist[0][1]:
- if (version != previous_scanned_version.get(guid)) and (version != 0):
+ if (version != BackLoggedGPO.get(guid)) and (version != 0):
print ('GPO %s has changed' % guid)
gpo_parser(gpolist, test_ldb, conn)
- sys_log.write('%s %i\n' % (guid,version))
+ BackLog.write('%s %i\n' % (guid, version))
+
--
2.10.2
More information about the samba-technical
mailing list