[ Index ]

PHP Cross Reference of Unnamed Project

title

Body

[close]

/se3-logonpy/usr/share/se3/shares/shares.avail/ -> logonpy-gpo.sh (source)

   1  #!/bin/bash
   2  # $Id: logonpy-gpo.sh 8304 2014-12-07 22:13:11Z dbo $
   3  #shares_WinXP: profiles
   4  #shares_Win2K: profiles
   5  #shares_Vista: profiles
   6  #shares_Seven: profiles
   7  #action: start
   8  #level: 01
   9  
  10  
  11  function deleteREG
  12  {
  13  rm -f /home/netlogon/machine/$1/user.reg
  14  }
  15  
  16  function createREG
  17  {
  18  echo -e "REGEDIT4\r\n"> /home/netlogon/machine/$2/user.reg
  19  flag=0
  20  
  21  # on cherche les cles qui doivent etre passees a chaque fois
  22  for pathreg in /home/netlogon/*.ref; do
  23      reg=${pathreg##*/}
  24      if  [ -f "/home/netlogon/$reg" ]; then 
  25          sed -e "/^REGEDIT/d;/^Windows Registry Editor Version 5.00/d;s/HKEY_CURRENT_USER/HKEY_USERS\\\\$sid/g" /home/netlogon/$reg >> /home/netlogon/machine/$2/user.reg
  26          flag=1
  27          echo "on force $reg"
  28      fi
  29  done
  30  # on cherche les cles a passer une seule fois
  31  for pathreg in /home/netlogon/*.reg; do
  32      reg=${pathreg##*/}
  33      if [ ! -f /home/profiles/$profile/.$reg.lck -o -f /home/netlogon/forcereg.txt ]; then
  34           sed -e "/^REGEDIT/d;/^Windows Registry Editor Version 5.00/d;s/HKEY_CURRENT_USER/HKEY_USERS\\\\$sid/g" /home/netlogon/$reg >> /home/netlogon/machine/$2/user.reg
  35               touch /home/profiles/$profile/.$reg.lck
  36           flag=1
  37           echo "on ajoute $reg"
  38      fi
  39  done
  40  if [ "$flag" == "0" ]; then
  41          deleteREG $2
  42  fi
  43  }
  44  
  45  function uploadGPO
  46  {
  47  smbclient  //"$3"/ADMIN$ -A /home/netlogon/machine/$2/gpoPASSWD << EOF
  48      mkdir System32\GroupPolicy
  49      mkdir System32\GroupPolicy\User
  50      mkdir System32\GroupPolicy\User\Scripts
  51      mkdir System32\GroupPolicy\User\Scripts\Logon
  52      mkdir System32\GroupPolicy\User\Scripts\Logoff
  53      mkdir System32\GroupPolicy\Machine
  54      mkdir System32\GroupPolicy\Machine\Scripts
  55      mkdir System32\GroupPolicy\Machine\Scripts\Startup
  56      mkdir System32\GroupPolicy\Machine\Scripts\Shutdown
  57      put /home/netlogon/machine/$2/user.pol System32\GroupPolicy\User\registry.pol
  58      put /home/netlogon/machine/$2/logon.cmd System32\GroupPolicy\User\Scripts\Logon\logon.cmd
  59      put /home/netlogon/machine/$2/logoff.cmd System32\GroupPolicy\User\Scripts\Logoff\logoff.cmd
  60      put /home/netlogon/machine/$2/machine.pol System32\GroupPolicy\Machine\registry.pol
  61      put /home/netlogon/machine/$2/startup.cmd System32\GroupPolicy\Machine\Scripts\Startup\startup.cmd
  62      put /home/netlogon/machine/$2/shutdown.cmd System32\GroupPolicy\Machine\Scripts\Shutdown\shutdown.cmd
  63      put /home/netlogon/machine/$2/gpt.ini System32\GroupPolicy\gpt.ini
  64      put /home/netlogon/scriptsU.ini System32\GroupPolicy\User\Scripts\scripts.ini
  65      put /home/netlogon/scriptsC.ini System32\GroupPolicy\Machine\Scripts\scripts.ini
  66      put /home/netlogon/machine/$2/printers.vbs printers.vbs
  67  EOF
  68      return $?
  69  }
  70  
  71  function setGPOversion
  72  {
  73  smbclient  //"$3"/ADMIN$ -A /home/netlogon/machine/$2/gpoPASSWD << EOF
  74     get System32\GroupPolicy\gpt.ini /home/netlogon/machine/$2/gpt.ini
  75  EOF
  76  if [ "$?" != "0" ]; then
  77      return $?    
  78  fi    
  79  if [ ! -f /home/netlogon/machine/$machine/gpt.ini ]; then
  80      cp -f /home/netlogon/gpt.ini /home/netlogon/machine/$machine/gpt.ini
  81  else
  82      GPO_VERS="$(grep Version /home/netlogon/machine/$machine/gpt.ini|cut -d '=' -f2|sed -e 's/\r//g')"
  83      if [ -z "$GPO_VERS" ]; then 
  84          cp -f /home/netlogon/gpt.ini /home/netlogon/machine/$machine/gpt.ini
  85      else    
  86          (( GPO_VERS+=65537 ))
  87          sed -i "s/Version=.*/Version=$GPO_VERS\r/g" /home/netlogon/machine/$machine/gpt.ini
  88      fi
  89      return 0
  90  fi
  91  }
  92  
  93  function uploadWallpaper
  94  {
  95  if [  -f "/var/se3/Docs/media/fonds_ecran/$1.$ext" ]; then
  96      smbclient  //"$3"/ADMIN$ -A /home/netlogon/machine/$2/gpoPASSWD << EOF
  97      put /var/se3/Docs/media/fonds_ecran/$1.$ext Web\Wallpaper\\$1_se3.$ext
  98  EOF
  99  return $?
 100  fi
 101  return 0
 102  }
 103  function setADM
 104  {
 105      smbcacls //"$3"/ADMIN$ -A /home/netlogon/machine/$2/gpoPASSWD "/System32/Grouppolicy" -C "$2\\administrateur" || return $?
 106      smbcacls //"$3"/ADMIN$ -A /home/netlogon/machine/$2/gpoPASSWD "/System32/Grouppolicy/gpt.ini" -C "$2\\administrateur" || return $?
 107      smbcacls //"$3"/ADMIN$ -A /home/netlogon/machine/$2/gpoPASSWD "/System32/Grouppolicy/User" -C "$2\\administrateur" || return $?
 108      smbcacls //"$3"/ADMIN$ -A /home/netlogon/machine/$2/gpoPASSWD "/System32/Grouppolicy/User/registry.pol" -C "$2\\administrateur" || return $?
 109      smbcacls //"$3"/ADMIN$ -A /home/netlogon/machine/$2/gpoPASSWD  "/System32/Grouppolicy/User/Scripts" -C "$2\\administrateur" || return $?
 110      smbcacls //"$3"/ADMIN$ -A /home/netlogon/machine/$2/gpoPASSWD  "/System32/Grouppolicy/User/Scripts/scripts.ini" -C "$2\\administrateur" || return $?
 111      smbcacls //"$3"/ADMIN$ -A /home/netlogon/machine/$2/gpoPASSWD  "/System32/Grouppolicy/User/Scripts/Logon" -C "$2\\administrateur" || return $?
 112      smbcacls //"$3"/ADMIN$ -A /home/netlogon/machine/$2/gpoPASSWD  "/System32/Grouppolicy/User/Scripts/Logon/logon.cmd" -C "$2\\administrateur" || return $?
 113      smbcacls //"$3"/ADMIN$ -A /home/netlogon/machine/$2/gpoPASSWD  "/System32/Grouppolicy/User/Scripts/Logoff" -C "$2\\administrateur" || return $?
 114      smbcacls //"$3"/ADMIN$ -A /home/netlogon/machine/$2/gpoPASSWD  "/System32/Grouppolicy/User/Scripts/Logoff/logoff.cmd" -C "$2\\administrateur" || return $?
 115      smbcacls //"$3"/ADMIN$ -A /home/netlogon/machine/$2/gpoPASSWD "/System32/Grouppolicy/Machine" -C "$2\\administrateur" || return $?
 116      smbcacls //"$3"/ADMIN$ -A /home/netlogon/machine/$2/gpoPASSWD "/System32/Grouppolicy/Machine/registry.pol" -C "$2\\administrateur" || return $?
 117      smbcacls //"$3"/ADMIN$ -A /home/netlogon/machine/$2/gpoPASSWD  "/System32/Grouppolicy/Machine/Scripts" -C "$2\\administrateur" || return $?
 118      smbcacls //"$3"/ADMIN$ -A /home/netlogon/machine/$2/gpoPASSWD  "/System32/Grouppolicy/Machine/Scripts/scripts.ini" -C "$2\\administrateur" || return $?
 119      smbcacls //"$3"/ADMIN$ -A /home/netlogon/machine/$2/gpoPASSWD  "/System32/Grouppolicy/Machine/Scripts/Startup" -C "$2\\administrateur" || return $?
 120      smbcacls //"$3"/ADMIN$ -A /home/netlogon/machine/$2/gpoPASSWD  "/System32/Grouppolicy/Machine/Scripts/Startup/startup.cmd" -C "$2\\administrateur" || return $?
 121      smbcacls //"$3"/ADMIN$ -A /home/netlogon/machine/$2/gpoPASSWD  "/System32/Grouppolicy/Machine/Scripts/Shutdown" -C "$2\\administrateur" || return $?
 122      smbcacls //"$3"/ADMIN$ -A /home/netlogon/machine/$2/gpoPASSWD  "/System32/Grouppolicy/Machine/Scripts/Shutdown/shutdown.cmd" -C "$2\\administrateur" || return $?
 123      
 124  }
 125  
 126  function setACL
 127  {
 128      smbcacls //"$3"/ADMIN$ -A /home/netlogon/machine/$2/gpoPASSWD "/System32/Grouppolicy/User/registry.pol" -a "ACL:$se3_domain\\$1:ALLOWED/0/RDX" || return $?
 129      smbcacls //"$3"/ADMIN$ -A /home/netlogon/machine/$2/gpoPASSWD  "/System32/Grouppolicy/User/Scripts/scripts.ini" -a "ACL:$se3_domain\\$1:ALLOWED/0/RDX" || return $?
 130      smbcacls //"$3"/ADMIN$  -A /home/netlogon/machine/$2/gpoPASSWD "/System32/Grouppolicy/User/Scripts/Logon/logon.cmd" -a "ACL:$se3_domain\\$1:ALLOWED/0/RDX" || return $?
 131      smbcacls //"$3"/ADMIN$  -A /home/netlogon/machine/$2/gpoPASSWD "/System32/Grouppolicy/User/Scripts/Logoff/logoff.cmd" -a "ACL:$se3_domain\\$1:ALLOWED/0/RDX" || return $?
 132      smbcacls //"$3"/ADMIN$  -A /home/netlogon/machine/$2/gpoPASSWD "/System32/Grouppolicy/gpt.ini" -a "ACL:$se3_domain\\$1:ALLOWED/0/RDX" || return $?
 133      rm -f /home/netlogon/machine/$2/fallback.bat
 134      rm -f /home/netlogon/machine/$2/EnableGPO.bat
 135      return 0
 136  }
 137  
 138  function EnableGPO # $netbiosname $arch
 139  {
 140      if [ "$2" == "Vista" ]||[ "$2" == "Seven" ]
 141      then
 142          SHARECMD="net share C\$=C: /GRANT:adminse3,FULL\r\nnet share ADMIN\$ /GRANT:adminse3,FULL\r\n"
 143      else
 144          SHARECMD="net share C\$=C:\r\nnet share ADMIN\$=%SystemRoot%\r\n"
 145      fi
 146      sed -e "s!%se3ip%!$se3ip!g;s!%machine%!$1!g;s!%sharecmd%!$SHARECMD!g;s!%user%!$user!g;s!%domain%!$se3_domain!g" /home/netlogon/EnableGPO.bat > /home/netlogon/machine/$1/EnableGPO.bat
 147      echo -e "start /wait \\\\\\\\$se3ip\\\\netlogon\\\\cpau.exe -wait -lwop -hide -dec -file \\\\\\\\$se3ip\\\\netlogon\\\\machine\\\\gpo_helper.job\r\n" > /home/netlogon/machine/$1/fallback.bat
 148      echo -e "call \\\\\\\\$se3ip\\\\netlogon\\\\machine\\\\$1\\\\logon.cmd\r\n" >>/home/netlogon/machine/$1/fallback.bat
 149      chown adminse3:admins /home/netlogon/machine/$1/*.bat
 150      chmod 664 /home/netlogon/machine/$1/*.bat
 151      
 152  }
 153  
 154  function mkgpopasswd #netbiosname
 155  {
 156  [ -f /home/netlogon/machine/$1 ] && rm -f /home/netlogon/machine/$1
 157  [ ! -d /home/netlogon/machine/$1 ] && mkdir -p /home/netlogon/machine/$1
 158  (
 159  echo username=$1\\adminse3
 160  echo password=$xppass
 161  )>/home/netlogon/machine/$1/gpoPASSWD
 162  chmod 600 /home/netlogon/machine/$1/gpoPASSWD
 163  }
 164  
 165  
 166  user=$1 
 167  machine=$2 
 168  ip=$3
 169  type=$4
 170  
 171  case $type in
 172  Vista|Seven)
 173      ext=jpg
 174      profile=$user.V2
 175      ntuser=NTUSER.DAT
 176  ;;
 177  *)
 178      ext=bmp
 179      profile=$user
 180      ntuser=ntuser.dat
 181  ;;
 182  esac
 183  
 184  # on efface les verrous de plus de 5 minutes, y a pas de raison qu'ils soient encore la
 185  find /home/netlogon -maxdepth 1 ! -cmin 5 -name *.$machine.lck -delete
 186  
 187  # On ne le lance qu'une fois et pas si action domscripts en cours...
 188  [ -f  /home/netlogon/$user.$machine.lck -o -f /home/netlogon/machine/$machine/no-gpo-upload.lck  ] && exit 0
 189  if [ -f /home/netlogon/machine/$machine/action.bat ]; then
 190      rm /home/netlogon/machine/$machine/action.bat 
 191      exit 0
 192  fi    
 193  
 194  >/home/netlogon/$user.$machine.lck
 195  
 196  # On ne lance que si ntuser.dat a ete modifie 
 197  if [ -f /home/profiles/$profile/$ntuser ]; then
 198      mtime=$(stat -c %Z /home/profiles/$profile/$ntuser 2>/dev/null)
 199  else
 200      mtime=-1
 201  fi
 202  if [ ! -f /home/netlogon/machine/$machine/logon.lck ]; then
 203      oldmtime=0
 204  else
 205      oldmtime=$(cat /home/netlogon/machine/$machine/logon.lck 2>/dev/null)
 206  fi
 207  if [ "$oldmtime" == "$mtime" ]; then
 208      # session deja ouverte ou overfill ?
 209      # overfill : on force l'execution au prochain coup (bof!)
 210      if getent group | grep overfill | grep -q $user ; then
 211          echo "0" > /home/netlogon/machine/$machine/logon.lck
 212          waitdel=60
 213      else
 214          waitdel=1
 215      fi        
 216      /usr/share/se3/sbin/waitDel.sh /home/netlogon/$user.$machine.lck $waitdel &
 217      exit 0           
 218  else
 219      # nouvelle session
 220      waitdel=1
 221      # si le rappatriment du profile lors du premier logoff ne se faisait pas, on perdrait les GPO au login suivant, d ou la condition qui suit.
 222      [ "$mtime" != "-1" ] && echo "$mtime" > /home/netlogon/machine/$machine/logon.lck
 223  fi
 224  
 225  # initialisation des parametres
 226  . /etc/se3/config_m.cache.sh
 227  sid=$(ldapsearch -xLLL uid=$user sambaSID | grep sambaSID | sed "s/sambaSID: //")
 228  
 229  
 230  mkgpopasswd $machine
 231  
 232  # correction des droits sur les profiles si necessaire
 233  if [ -d /home/profiles/$profile ]; then
 234      prop=`stat -c%U /home/profiles/$profile`
 235      if [ "$prop" != "$user" ]; then
 236           chown -R $user:lcs-users /home/profile/$profile > /dev/null 2>&1
 237      fi
 238  else
 239      mkdir -p /home/profiles/$profile
 240      chown  $user:lcs-users /home/profiles/$profile
 241      #chmod 600 /home/profiles/$1
 242  fi
 243  
 244  # Check if some connexion already alive
 245  /usr/share/se3/sbin/tcpcheck 30 $ip:139|grep -q "timed out" 
 246  if [ "$?" == "0" ]
 247  then
 248      [ ! -d "/home/$user" ] && /usr/share/se3/shares/shares.avail/mkhome.sh $user $machine $ip $type
 249          EnableGPO $machine $type 
 250      rm -f /home/netlogon/$user.$machine.lck
 251      exit 1
 252  fi
 253  echo "--------ouverture de session---------------"
 254  [ ! -d "/home/$user" ] && /usr/share/se3/shares/shares.avail/mkhome.sh $user $machine $ip $type
 255  
 256  # Wallpaper
 257  if [ "$(cat /etc/se3/fonds_ecran/actif.txt 2>/dev/null)" == "1" ]
 258  then
 259      /usr/share/se3/sbin/mkwall.sh $user $ext
 260  else
 261      # Delete this file, don't want logonpy to activate wallpapers GPO
 262      rm -f /var/se3/Docs/media/fonds_ecran/$user.*
 263  fi
 264  # Initial registry hack for wpkg
 265  createREG $user $machine
 266  if [ "$localmenu" == "1" ]
 267  then
 268      pathDemarrer="/home/profiles/$profile/Demarrer"
 269      [ ! -d "$pathDemarrer" ] && mkdir -p "$pathDemarrer" && chown -R  $user:lcs-users "/home/profiles/$profile"
 270  else
 271      pathDemarrer="/home/$user/profil/Demarrer"
 272      chown $user:admins $pathDemarrer/Programmes
 273      chmod -R 755 "$pathDemarrer"
 274  fi
 275  /usr/share/se3/logonpy/logon.py $user $machine $type
 276  
 277  chown -R adminse3:admins /home/netlogon/machine/$machine
 278  chmod 755 /home/netlogon/machine/$machine
 279  chmod 664 /home/netlogon/machine/$machine/*
 280  chmod 600 /home/netlogon/machine/$machine/gpoPASSWD
 281  
 282  # on verifie que les GPO SE3 sont installee sur le poste, sinon on les installe
 283  setGPOversion $user $machine $ip && smbcacls //"$ip"/ADMIN$ -A /home/netlogon/machine/$machine/gpoPASSWD "/system32/Grouppolicy/se3.log">/dev/null 2>&1 && uploadGPO $user $machine $ip
 284  if [ "$?" == "0" ]
 285  then
 286      uploadWallpaper $user $machine $ip && setADM $user $machine $ip && setACL $user $machine $ip 
 287      if [ "$?" == "1" ]
 288      then
 289          EnableGPO $machine $type
 290      fi
 291  else        
 292      EnableGPO $machine $type
 293  fi
 294  # on n'efface le lock qu'au bout de quelques secondes
 295  /usr/share/se3/sbin/waitDel.sh /home/netlogon/$user.$machine.lck $waitdel &
 296  


Generated: Tue Mar 17 22:47:18 2015 Cross-referenced by PHPXref 0.7.1