gpo: Apply Group Policy Hourly Scripts

Signed-off-by: David Mulder <[email protected]> Reviewed-by: Douglas Bagnall <[email protected]>
mbarden · Aug 6, 2020 · 42f043a · 42f043a
1 parent ae56a07
commit 42f043a
Show file tree

Hide file tree

Showing 4 changed files with 23 additions and 7 deletions.
diff --git a/libgpo/admx/en-US/samba.adml b/libgpo/admx/en-US/samba.adml
@@ -8,12 +8,17 @@
       <string id="CAT_3338C1DD_8A00_4273_8547_158D8B8C19E9">Samba</string>
       <string id="CAT_7D8D7DC8_5A9D_4BE1_8227_F09CDD5AFFC6">Unix Settings</string>
       <string id="POL_9320E11F_AC80_4A7D_A5C8_1C0F3F727061">Daily Scripts</string>
+      <string id="POL_825D441F_905E_4C7E_9E4B_03013697C6C1">Hourly Scripts</string>
       <string id="POL_9320E11F_AC80_4A7D_A5C8_1C0F3F727061_Help">This policy setting allows you to execute commands, either local or on remote storage, daily.</string>
+      <string id="POL_825D441F_905E_4C7E_9E4B_03013697C6C1_Help">This policy setting allows you to execute commands, either local or on remote storage, hourly.</string>
     </stringTable>
     <presentationTable>
       <presentation id="POL_9320E11F_AC80_4A7D_A5C8_1C0F3F727061">
         <listBox refId="LST_2E9A4684_3C0E_415B_8FD6_D4AF68BC8AC6">Script and arguments</listBox>
       </presentation>
+      <presentation id="POL_825D441F_905E_4C7E_9E4B_03013697C6C1">
+        <listBox refId="LST_1AA93D59_6372_4F1E_90BB_D4CBBBB77238">Script and arguments</listBox>
+      </presentation>
     </presentationTable>
   </resources>
 </policyDefinitionResources>
diff --git a/libgpo/admx/samba.admx b/libgpo/admx/samba.admx
@@ -19,5 +19,12 @@
         <list id="LST_2E9A4684_3C0E_415B_8FD6_D4AF68BC8AC6" key="Software\Policies\Samba\Unix Settings\Daily Scripts" valueName="Daily Scripts" />
       </elements>
     </policy>
+    <policy name="POL_825D441F_905E_4C7E_9E4B_03013697C6C1" class="Machine" displayName="$(string.POL_825D441F_905E_4C7E_9E4B_03013697C6C1)" explainText="$(string.POL_825D441F_905E_4C7E_9E4B_03013697C6C1_Help)" presentation="$(presentation.POL_825D441F_905E_4C7E_9E4B_03013697C6C1)" key="Software\Policies\Samba\Unix Settings">
+      <parentCategory ref="CAT_7D8D7DC8_5A9D_4BE1_8227_F09CDD5AFFC6" />
+      <supportedOn ref="windows:SUPPORTED_WindowsVista" />
+      <elements>
+        <list id="LST_1AA93D59_6372_4F1E_90BB_D4CBBBB77238" key="Software\Policies\Samba\Unix Settings\Hourly Scripts" valueName="Hourly Scripts" />
+      </elements>
+    </policy>
   </policies>
 </policyDefinitions>
diff --git a/python/samba/gp_scripts_ext.py b/python/samba/gp_scripts_ext.py
@@ -21,9 +21,9 @@
 
 class gp_scripts_ext(gp_pol_ext):
     def __str__(self):
-        return 'Unix Settings/Daily Scripts'
+        return 'Unix Settings/Scripts'
 
-    def process_group_policy(self, deleted_gpo_list, changed_gpo_list, cdir='/etc/cron.daily'):
+    def process_group_policy(self, deleted_gpo_list, changed_gpo_list, cdir=None):
         for gpo in deleted_gpo_list:
             self.gp_db.set_guid(gpo[0])
             if str(self) in gpo[1]:
@@ -34,19 +34,24 @@ def process_group_policy(self, deleted_gpo_list, changed_gpo_list, cdir='/etc/cr
 
         for gpo in changed_gpo_list:
             if gpo.file_sys_path:
-                section_name = 'Software\\Policies\\Samba\\Unix Settings\\Daily Scripts'
+                reg_key = 'Software\\Policies\\Samba\\Unix Settings'
+                sections = { '%s\\Daily Scripts' % reg_key : '/etc/cron.daily',
+                             '%s\\Hourly Scripts' % reg_key : '/etc/cron.hourly' }
                 self.gp_db.set_guid(gpo.name)
                 pol_file = 'MACHINE/Registry.pol'
                 path = os.path.join(gpo.file_sys_path, pol_file)
                 pol_conf = self.parse(path)
                 if not pol_conf:
                     continue
                 for e in pol_conf.entries:
-                    if e.keyname == section_name and e.data.strip():
-                        attribute = b64encode(e.data.encode()).decode()
+                    if e.keyname in sections.keys() and e.data.strip():
+                        cron_dir = sections[e.keyname] if not cdir else cdir
+                        attribute = '%s:%s' % (e.keyname,
+                                b64encode(e.data.encode()).decode())
                         old_val = self.gp_db.retrieve(str(self), attribute)
                         if not old_val:
-                            with NamedTemporaryFile(mode="w+", delete=False, dir=cdir) as f:
+                            with NamedTemporaryFile(mode="w+", delete=False,
+                                    dir=cron_dir) as f:
                                 f.write('#!/bin/sh\n%s' % e.data)
                                 os.chmod(f.name, 0o700)
                                 self.gp_db.store(str(self), attribute, f.name)

diff --git a/selftest/knownfail.d/gpo b/selftest/knownfail.d/gpo