[ Index ] |
PHP Cross Reference of Unnamed Project |
[Summary view] [Print] [Text view]
1 #!/bin/bash 2 # $Id: logonpy-gpo.sh 8304 2014-12-07 22:13:11Z dbo $ 3 #shares_WinXP: profiles 4 #shares_Win2K: profiles 5 #shares_Vista: profiles 6 #shares_Seven: profiles 7 #action: start 8 #level: 01 9 10 11 function deleteREG 12 { 13 rm -f /home/netlogon/machine/$1/user.reg 14 } 15 16 function createREG 17 { 18 echo -e "REGEDIT4\r\n"> /home/netlogon/machine/$2/user.reg 19 flag=0 20 21 # on cherche les cles qui doivent etre passees a chaque fois 22 for pathreg in /home/netlogon/*.ref; do 23 reg=${pathreg##*/} 24 if [ -f "/home/netlogon/$reg" ]; then 25 sed -e "/^REGEDIT/d;/^Windows Registry Editor Version 5.00/d;s/HKEY_CURRENT_USER/HKEY_USERS\\\\$sid/g" /home/netlogon/$reg >> /home/netlogon/machine/$2/user.reg 26 flag=1 27 echo "on force $reg" 28 fi 29 done 30 # on cherche les cles a passer une seule fois 31 for pathreg in /home/netlogon/*.reg; do 32 reg=${pathreg##*/} 33 if [ ! -f /home/profiles/$profile/.$reg.lck -o -f /home/netlogon/forcereg.txt ]; then 34 sed -e "/^REGEDIT/d;/^Windows Registry Editor Version 5.00/d;s/HKEY_CURRENT_USER/HKEY_USERS\\\\$sid/g" /home/netlogon/$reg >> /home/netlogon/machine/$2/user.reg 35 touch /home/profiles/$profile/.$reg.lck 36 flag=1 37 echo "on ajoute $reg" 38 fi 39 done 40 if [ "$flag" == "0" ]; then 41 deleteREG $2 42 fi 43 } 44 45 function uploadGPO 46 { 47 smbclient //"$3"/ADMIN$ -A /home/netlogon/machine/$2/gpoPASSWD << EOF 48 mkdir System32\GroupPolicy 49 mkdir System32\GroupPolicy\User 50 mkdir System32\GroupPolicy\User\Scripts 51 mkdir System32\GroupPolicy\User\Scripts\Logon 52 mkdir System32\GroupPolicy\User\Scripts\Logoff 53 mkdir System32\GroupPolicy\Machine 54 mkdir System32\GroupPolicy\Machine\Scripts 55 mkdir System32\GroupPolicy\Machine\Scripts\Startup 56 mkdir System32\GroupPolicy\Machine\Scripts\Shutdown 57 put /home/netlogon/machine/$2/user.pol System32\GroupPolicy\User\registry.pol 58 put /home/netlogon/machine/$2/logon.cmd System32\GroupPolicy\User\Scripts\Logon\logon.cmd 59 put /home/netlogon/machine/$2/logoff.cmd System32\GroupPolicy\User\Scripts\Logoff\logoff.cmd 60 put /home/netlogon/machine/$2/machine.pol System32\GroupPolicy\Machine\registry.pol 61 put /home/netlogon/machine/$2/startup.cmd System32\GroupPolicy\Machine\Scripts\Startup\startup.cmd 62 put /home/netlogon/machine/$2/shutdown.cmd System32\GroupPolicy\Machine\Scripts\Shutdown\shutdown.cmd 63 put /home/netlogon/machine/$2/gpt.ini System32\GroupPolicy\gpt.ini 64 put /home/netlogon/scriptsU.ini System32\GroupPolicy\User\Scripts\scripts.ini 65 put /home/netlogon/scriptsC.ini System32\GroupPolicy\Machine\Scripts\scripts.ini 66 put /home/netlogon/machine/$2/printers.vbs printers.vbs 67 EOF 68 return $? 69 } 70 71 function setGPOversion 72 { 73 smbclient //"$3"/ADMIN$ -A /home/netlogon/machine/$2/gpoPASSWD << EOF 74 get System32\GroupPolicy\gpt.ini /home/netlogon/machine/$2/gpt.ini 75 EOF 76 if [ "$?" != "0" ]; then 77 return $? 78 fi 79 if [ ! -f /home/netlogon/machine/$machine/gpt.ini ]; then 80 cp -f /home/netlogon/gpt.ini /home/netlogon/machine/$machine/gpt.ini 81 else 82 GPO_VERS="$(grep Version /home/netlogon/machine/$machine/gpt.ini|cut -d '=' -f2|sed -e 's/\r//g')" 83 if [ -z "$GPO_VERS" ]; then 84 cp -f /home/netlogon/gpt.ini /home/netlogon/machine/$machine/gpt.ini 85 else 86 (( GPO_VERS+=65537 )) 87 sed -i "s/Version=.*/Version=$GPO_VERS\r/g" /home/netlogon/machine/$machine/gpt.ini 88 fi 89 return 0 90 fi 91 } 92 93 function uploadWallpaper 94 { 95 if [ -f "/var/se3/Docs/media/fonds_ecran/$1.$ext" ]; then 96 smbclient //"$3"/ADMIN$ -A /home/netlogon/machine/$2/gpoPASSWD << EOF 97 put /var/se3/Docs/media/fonds_ecran/$1.$ext Web\Wallpaper\\$1_se3.$ext 98 EOF 99 return $? 100 fi 101 return 0 102 } 103 function setADM 104 { 105 smbcacls //"$3"/ADMIN$ -A /home/netlogon/machine/$2/gpoPASSWD "/System32/Grouppolicy" -C "$2\\administrateur" || return $? 106 smbcacls //"$3"/ADMIN$ -A /home/netlogon/machine/$2/gpoPASSWD "/System32/Grouppolicy/gpt.ini" -C "$2\\administrateur" || return $? 107 smbcacls //"$3"/ADMIN$ -A /home/netlogon/machine/$2/gpoPASSWD "/System32/Grouppolicy/User" -C "$2\\administrateur" || return $? 108 smbcacls //"$3"/ADMIN$ -A /home/netlogon/machine/$2/gpoPASSWD "/System32/Grouppolicy/User/registry.pol" -C "$2\\administrateur" || return $? 109 smbcacls //"$3"/ADMIN$ -A /home/netlogon/machine/$2/gpoPASSWD "/System32/Grouppolicy/User/Scripts" -C "$2\\administrateur" || return $? 110 smbcacls //"$3"/ADMIN$ -A /home/netlogon/machine/$2/gpoPASSWD "/System32/Grouppolicy/User/Scripts/scripts.ini" -C "$2\\administrateur" || return $? 111 smbcacls //"$3"/ADMIN$ -A /home/netlogon/machine/$2/gpoPASSWD "/System32/Grouppolicy/User/Scripts/Logon" -C "$2\\administrateur" || return $? 112 smbcacls //"$3"/ADMIN$ -A /home/netlogon/machine/$2/gpoPASSWD "/System32/Grouppolicy/User/Scripts/Logon/logon.cmd" -C "$2\\administrateur" || return $? 113 smbcacls //"$3"/ADMIN$ -A /home/netlogon/machine/$2/gpoPASSWD "/System32/Grouppolicy/User/Scripts/Logoff" -C "$2\\administrateur" || return $? 114 smbcacls //"$3"/ADMIN$ -A /home/netlogon/machine/$2/gpoPASSWD "/System32/Grouppolicy/User/Scripts/Logoff/logoff.cmd" -C "$2\\administrateur" || return $? 115 smbcacls //"$3"/ADMIN$ -A /home/netlogon/machine/$2/gpoPASSWD "/System32/Grouppolicy/Machine" -C "$2\\administrateur" || return $? 116 smbcacls //"$3"/ADMIN$ -A /home/netlogon/machine/$2/gpoPASSWD "/System32/Grouppolicy/Machine/registry.pol" -C "$2\\administrateur" || return $? 117 smbcacls //"$3"/ADMIN$ -A /home/netlogon/machine/$2/gpoPASSWD "/System32/Grouppolicy/Machine/Scripts" -C "$2\\administrateur" || return $? 118 smbcacls //"$3"/ADMIN$ -A /home/netlogon/machine/$2/gpoPASSWD "/System32/Grouppolicy/Machine/Scripts/scripts.ini" -C "$2\\administrateur" || return $? 119 smbcacls //"$3"/ADMIN$ -A /home/netlogon/machine/$2/gpoPASSWD "/System32/Grouppolicy/Machine/Scripts/Startup" -C "$2\\administrateur" || return $? 120 smbcacls //"$3"/ADMIN$ -A /home/netlogon/machine/$2/gpoPASSWD "/System32/Grouppolicy/Machine/Scripts/Startup/startup.cmd" -C "$2\\administrateur" || return $? 121 smbcacls //"$3"/ADMIN$ -A /home/netlogon/machine/$2/gpoPASSWD "/System32/Grouppolicy/Machine/Scripts/Shutdown" -C "$2\\administrateur" || return $? 122 smbcacls //"$3"/ADMIN$ -A /home/netlogon/machine/$2/gpoPASSWD "/System32/Grouppolicy/Machine/Scripts/Shutdown/shutdown.cmd" -C "$2\\administrateur" || return $? 123 124 } 125 126 function setACL 127 { 128 smbcacls //"$3"/ADMIN$ -A /home/netlogon/machine/$2/gpoPASSWD "/System32/Grouppolicy/User/registry.pol" -a "ACL:$se3_domain\\$1:ALLOWED/0/RDX" || return $? 129 smbcacls //"$3"/ADMIN$ -A /home/netlogon/machine/$2/gpoPASSWD "/System32/Grouppolicy/User/Scripts/scripts.ini" -a "ACL:$se3_domain\\$1:ALLOWED/0/RDX" || return $? 130 smbcacls //"$3"/ADMIN$ -A /home/netlogon/machine/$2/gpoPASSWD "/System32/Grouppolicy/User/Scripts/Logon/logon.cmd" -a "ACL:$se3_domain\\$1:ALLOWED/0/RDX" || return $? 131 smbcacls //"$3"/ADMIN$ -A /home/netlogon/machine/$2/gpoPASSWD "/System32/Grouppolicy/User/Scripts/Logoff/logoff.cmd" -a "ACL:$se3_domain\\$1:ALLOWED/0/RDX" || return $? 132 smbcacls //"$3"/ADMIN$ -A /home/netlogon/machine/$2/gpoPASSWD "/System32/Grouppolicy/gpt.ini" -a "ACL:$se3_domain\\$1:ALLOWED/0/RDX" || return $? 133 rm -f /home/netlogon/machine/$2/fallback.bat 134 rm -f /home/netlogon/machine/$2/EnableGPO.bat 135 return 0 136 } 137 138 function EnableGPO # $netbiosname $arch 139 { 140 if [ "$2" == "Vista" ]||[ "$2" == "Seven" ] 141 then 142 SHARECMD="net share C\$=C: /GRANT:adminse3,FULL\r\nnet share ADMIN\$ /GRANT:adminse3,FULL\r\n" 143 else 144 SHARECMD="net share C\$=C:\r\nnet share ADMIN\$=%SystemRoot%\r\n" 145 fi 146 sed -e "s!%se3ip%!$se3ip!g;s!%machine%!$1!g;s!%sharecmd%!$SHARECMD!g;s!%user%!$user!g;s!%domain%!$se3_domain!g" /home/netlogon/EnableGPO.bat > /home/netlogon/machine/$1/EnableGPO.bat 147 echo -e "start /wait \\\\\\\\$se3ip\\\\netlogon\\\\cpau.exe -wait -lwop -hide -dec -file \\\\\\\\$se3ip\\\\netlogon\\\\machine\\\\gpo_helper.job\r\n" > /home/netlogon/machine/$1/fallback.bat 148 echo -e "call \\\\\\\\$se3ip\\\\netlogon\\\\machine\\\\$1\\\\logon.cmd\r\n" >>/home/netlogon/machine/$1/fallback.bat 149 chown adminse3:admins /home/netlogon/machine/$1/*.bat 150 chmod 664 /home/netlogon/machine/$1/*.bat 151 152 } 153 154 function mkgpopasswd #netbiosname 155 { 156 [ -f /home/netlogon/machine/$1 ] && rm -f /home/netlogon/machine/$1 157 [ ! -d /home/netlogon/machine/$1 ] && mkdir -p /home/netlogon/machine/$1 158 ( 159 echo username=$1\\adminse3 160 echo password=$xppass 161 )>/home/netlogon/machine/$1/gpoPASSWD 162 chmod 600 /home/netlogon/machine/$1/gpoPASSWD 163 } 164 165 166 user=$1 167 machine=$2 168 ip=$3 169 type=$4 170 171 case $type in 172 Vista|Seven) 173 ext=jpg 174 profile=$user.V2 175 ntuser=NTUSER.DAT 176 ;; 177 *) 178 ext=bmp 179 profile=$user 180 ntuser=ntuser.dat 181 ;; 182 esac 183 184 # on efface les verrous de plus de 5 minutes, y a pas de raison qu'ils soient encore la 185 find /home/netlogon -maxdepth 1 ! -cmin 5 -name *.$machine.lck -delete 186 187 # On ne le lance qu'une fois et pas si action domscripts en cours... 188 [ -f /home/netlogon/$user.$machine.lck -o -f /home/netlogon/machine/$machine/no-gpo-upload.lck ] && exit 0 189 if [ -f /home/netlogon/machine/$machine/action.bat ]; then 190 rm /home/netlogon/machine/$machine/action.bat 191 exit 0 192 fi 193 194 >/home/netlogon/$user.$machine.lck 195 196 # On ne lance que si ntuser.dat a ete modifie 197 if [ -f /home/profiles/$profile/$ntuser ]; then 198 mtime=$(stat -c %Z /home/profiles/$profile/$ntuser 2>/dev/null) 199 else 200 mtime=-1 201 fi 202 if [ ! -f /home/netlogon/machine/$machine/logon.lck ]; then 203 oldmtime=0 204 else 205 oldmtime=$(cat /home/netlogon/machine/$machine/logon.lck 2>/dev/null) 206 fi 207 if [ "$oldmtime" == "$mtime" ]; then 208 # session deja ouverte ou overfill ? 209 # overfill : on force l'execution au prochain coup (bof!) 210 if getent group | grep overfill | grep -q $user ; then 211 echo "0" > /home/netlogon/machine/$machine/logon.lck 212 waitdel=60 213 else 214 waitdel=1 215 fi 216 /usr/share/se3/sbin/waitDel.sh /home/netlogon/$user.$machine.lck $waitdel & 217 exit 0 218 else 219 # nouvelle session 220 waitdel=1 221 # si le rappatriment du profile lors du premier logoff ne se faisait pas, on perdrait les GPO au login suivant, d ou la condition qui suit. 222 [ "$mtime" != "-1" ] && echo "$mtime" > /home/netlogon/machine/$machine/logon.lck 223 fi 224 225 # initialisation des parametres 226 . /etc/se3/config_m.cache.sh 227 sid=$(ldapsearch -xLLL uid=$user sambaSID | grep sambaSID | sed "s/sambaSID: //") 228 229 230 mkgpopasswd $machine 231 232 # correction des droits sur les profiles si necessaire 233 if [ -d /home/profiles/$profile ]; then 234 prop=`stat -c%U /home/profiles/$profile` 235 if [ "$prop" != "$user" ]; then 236 chown -R $user:lcs-users /home/profile/$profile > /dev/null 2>&1 237 fi 238 else 239 mkdir -p /home/profiles/$profile 240 chown $user:lcs-users /home/profiles/$profile 241 #chmod 600 /home/profiles/$1 242 fi 243 244 # Check if some connexion already alive 245 /usr/share/se3/sbin/tcpcheck 30 $ip:139|grep -q "timed out" 246 if [ "$?" == "0" ] 247 then 248 [ ! -d "/home/$user" ] && /usr/share/se3/shares/shares.avail/mkhome.sh $user $machine $ip $type 249 EnableGPO $machine $type 250 rm -f /home/netlogon/$user.$machine.lck 251 exit 1 252 fi 253 echo "--------ouverture de session---------------" 254 [ ! -d "/home/$user" ] && /usr/share/se3/shares/shares.avail/mkhome.sh $user $machine $ip $type 255 256 # Wallpaper 257 if [ "$(cat /etc/se3/fonds_ecran/actif.txt 2>/dev/null)" == "1" ] 258 then 259 /usr/share/se3/sbin/mkwall.sh $user $ext 260 else 261 # Delete this file, don't want logonpy to activate wallpapers GPO 262 rm -f /var/se3/Docs/media/fonds_ecran/$user.* 263 fi 264 # Initial registry hack for wpkg 265 createREG $user $machine 266 if [ "$localmenu" == "1" ] 267 then 268 pathDemarrer="/home/profiles/$profile/Demarrer" 269 [ ! -d "$pathDemarrer" ] && mkdir -p "$pathDemarrer" && chown -R $user:lcs-users "/home/profiles/$profile" 270 else 271 pathDemarrer="/home/$user/profil/Demarrer" 272 chown $user:admins $pathDemarrer/Programmes 273 chmod -R 755 "$pathDemarrer" 274 fi 275 /usr/share/se3/logonpy/logon.py $user $machine $type 276 277 chown -R adminse3:admins /home/netlogon/machine/$machine 278 chmod 755 /home/netlogon/machine/$machine 279 chmod 664 /home/netlogon/machine/$machine/* 280 chmod 600 /home/netlogon/machine/$machine/gpoPASSWD 281 282 # on verifie que les GPO SE3 sont installee sur le poste, sinon on les installe 283 setGPOversion $user $machine $ip && smbcacls //"$ip"/ADMIN$ -A /home/netlogon/machine/$machine/gpoPASSWD "/system32/Grouppolicy/se3.log">/dev/null 2>&1 && uploadGPO $user $machine $ip 284 if [ "$?" == "0" ] 285 then 286 uploadWallpaper $user $machine $ip && setADM $user $machine $ip && setACL $user $machine $ip 287 if [ "$?" == "1" ] 288 then 289 EnableGPO $machine $type 290 fi 291 else 292 EnableGPO $machine $type 293 fi 294 # on n'efface le lock qu'au bout de quelques secondes 295 /usr/share/se3/sbin/waitDel.sh /home/netlogon/$user.$machine.lck $waitdel & 296
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
Generated: Tue Mar 17 22:47:18 2015 | Cross-referenced by PHPXref 0.7.1 |