ubuntu / adsys Goto Github PK

View Code? Open in Web Editor NEW

193.0 18.0 43.0 9.37 MB

Active Directory bridging tool suite

License: GNU General Public License v3.0

Python 9.17% Go 88.34% Shell 0.44% C 1.46% Dockerfile 0.03% Batchfile 0.02% Inno Setup 0.18% PowerShell 0.37%

active-directory group-policy ubuntu ubuntu-desktop

adsys's Introduction

adsys

Active Directory GPO support.

Documentation and Usage

The documentation and the command line reference is available on Read The Docs as well as the documentation for the current development release.

Installing development versions

For every commit on the main branch of the adsys repository, the GitHub Actions CI builds a development version of the adwatchd project. This is NOT a stable version of the application and should not be used for production purposes. However, it may prove useful to preview features or bugfixes not yet available as part of a stable release.

To get access to the build artifact you need to be logged in on GitHub. Then, click on any passing run of the QA workflow that has the Windows tests for adwatchd job, and look for the adwatchd_setup file.

Troubleshooting

If AD authentication works but adsys fails to fetch GPOs (e.g. you see can't get policies errors on login), please perform the following steps:

Add the following to /etc/samba/smb.conf:

log level = 10

Run sudo login {user}@{domain} in a terminal, replacing with your AD credentials
Paste the output in the bug report

The adsysctl command can also be useful to fetch logs for the daemon and client:

# You can increase the amount of information that will be displayed by using a more verbose tag (-vv or -vvv).
# Note that this command will start a watcher that will print logs as they are generated, so you will need to perform
# actions (such as trying to login) while the command is running.
adsysctl service cat -v

Additionally, you can check the system journal to look at more logs about adsys: Remember that adsys runs with privileges, so you will need to run the following commands as root.

# You can use the -b flag to control how many boots the log will show (e.g. -b 0 will show the current boot only)
journalctl -b0 | grep adsys

# You can also get the logs of the individual units:
systemctl list-units | grep adsys # this will show all adsys related systemd units

# The -u flag will show the logs of the specified unit
journalctl -b0 -u adsysd.service # this command will only show the adsysd.service logs of the current boot

adsys's People

Contributors

Stargazers

Watchers

Forkers

tubbz-alt global-localhost global19 global19-atlassian-net ogyeet10 upils terrorizer1980 classicvalues jms560 bdh1993 mwhudson adrast gabrielnagy avds1198 adrixjorge jim-manolo gitmitdata agubm eduardok chencxf12369 githangar stephen-murcott wwersse rick-gomez-9 schopin-pro liushuyu esa-kian x0f5c3 hawkhero2 igibek projectoperations sitedata matze-s zikkuratti yardapestr brasil-iot florinlacatus lgc33 gmpy99 hopedpocketts campolargo yaron-cider silvrbckw

adsys's Issues

Stuck at install on 22.04 alpha

Stuck at install on 22.04

Thank you in advance for helping us to improve ADSys!
Please read through the template below and answer all relevant questions. Your additional work here is greatly appreciated and will help us respond as quickly as possible. For general support or usage questions, use Ubuntu Discourse. Finally, to avoid duplicates, please search existing Issues before submitting one here.

By submitting an Issue to this repository, you agree to the terms within the Ubuntu Code of Conduct.

Description

Provide a clear and concise description of the issue, including what you expected to happen.
Expected:
Install adsys package through apt
Configure
Use

Actual:
$ sudo apt install adsys hangs at adsys-gpo-refresh.service is a disabled or a static unit not running, not starting it.
Waited overnight, came back, still stuck
$ sudo dpkg -a --configure fails 3x before $ sudo dpkg -r adsys

Reproduction

Detail the steps taken to reproduce this error, what was expected, and whether this issue can be reproduced consistently or if it is intermittent.

Steps:
$ sudo apt install -y adsys

output:

Setting up adsys (0.8) ...
Created symlink /etc/systemd/user/default.target.wants/adsys-user-scripts.service → /usr/lib/systemd/user/adsys-user-scripts.service.
Created symlink /etc/systemd/system/multi-user.target.wants/adsys-boot.service → /lib/systemd/system/adsys-boot.service.
Created symlink /etc/systemd/system/timers.target.wants/adsys-gpo-refresh.timer → /lib/systemd/system/adsys-gpo-refresh.timer.
Created symlink /etc/systemd/system/default.target.wants/adsys-machine-scripts.service → /lib/systemd/system/adsys-machine-scripts.service.
Created symlink /etc/systemd/system/sockets.target.wants/adsysd.socket → /lib/systemd/system/adsysd.socket.
adsys-gpo-refresh.service is a disabled or a static unit not running, not starting it.
adsysd.service is a disabled or a static unit not running, not starting it.

Terminated

$ sudo rm -rf /var/lib/dpkg/lock* 

(tried 3x)

$ sudo dpkg --configure -a
Setting up adsys (0.8) ...
adsys-gpo-refresh.service is a disabled or a static unit not running, not starting it.

**[stuck]**

^CCould not execute systemctl:  at /usr/bin/deb-systemd-invoke line 142. 
dpkg: error processing package adsys (--configure):
 installed adsys package post-installation script subprocess was interrupted

$ sudo dpkg -r adsys

Where applicable, please include:

Code sample to reproduce the issue

Log files (redact/remove sensitive information)

Application settings (redact/remove sensitive information)

Screenshots

Environment

Please provide the following:

For ubuntu users, please run and copy the following

ubuntu-bug adsys --save=/tmp/report
Copy paste below /tmp/report content:

ProblemType: Bug
ApportVersion: 2.20.11-0ubuntu77
Architecture: amd64
CasperMD5CheckResult: pass
Date: Tue Feb 22 07:14:59 2022
DistroRelease: Ubuntu 22.04
InstallationDate: Installed on 2022-02-17 (4 days ago)
InstallationMedia: Ubuntu 22.04 LTS "Jammy Jellyfish" - Alpha amd64 (20220202)
NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
Package: adsys (not installed)
ProcCpuinfoMinimal:
 processor	: 11
 vendor_id	: GenuineIntel
 cpu family	: 6
 model		: 158
 model name	: Intel(R) Core(TM) i7-8750H CPU @ 2.20GHz
 stepping	: 10
 microcode	: 0xec
 cpu MHz		: 2200.000
 cache size	: 9216 KB
 physical id	: 0
 siblings	: 12
 core id		: 5
 cpu cores	: 6
 apicid		: 11
 initial apicid	: 11
 fpu		: yes
 fpu_exception	: yes
 cpuid level	: 22
 wp		: yes
 flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch cpuid_fault epb invpcid_single pti ssbd ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 avx2 smep bmi2 erms invpcid mpx rdseed adx smap clflushopt intel_pt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp md_clear flush_l1d arch_capabilities
 vmx flags	: vnmi preemption_timer invvpid ept_x_only ept_ad ept_1gb flexpriority tsc_offset vtpr mtf vapic ept vpid unrestricted_guest ple pml ept_mode_based_exec
 bugs		: cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs itlb_multihit srbds
 bogomips	: 4399.99
 clflush size	: 64
 cache_alignment	: 64
 address sizes	: 39 bits physical, 48 bits virtual
 power management:
ProcEnviron:
 LANGUAGE=
 TERM=xterm-256color
 PATH=(custom, no user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
ProcVersionSignature: Ubuntu 5.15.0-22.22-generic 5.15.19
SourcePackage: adsys
Tags:  jammy
Uname: Linux 5.15.0-22-generic x86_64
UpgradeStatus: No upgrade log present (probably fresh install)
_MarkForUpload: True

Installed versions

OS: (/etc/os-release)

PRETTY_NAME="Ubuntu Jammy Jellyfish (development branch)"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04 (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy

ADSys version: (adsysctl version output)
Could not install adsys

Additional context

Add any other context about the problem here.

Sorry, I didn't realize this is unsupported in 22.04 until I went to file bug report and saw another issue asking about ver. support status.

report FYI re: future support jammy

Clarify supported releases

The wiki states ADSys is supported on Ubuntu starting from 20.04.4 LTS. This might be a mistake as the latest Ubuntu LTS release is 20.04.2. If not a mistake it should be specified 20.04.4 is not yet released.

Rethink ADSYS_SKIP_ROOT_CALLS usage

This is in production code for tests when doing Chown syscalls in multiple managers. In addition to the code duplication in every single manager, we should probably rethink our strategy there to have something more centralized and independant of env variable (and ideally, not in production code!)

Cannot parse policy entries with unsupported types

Description

Policies with unsupported types are currently unable to be parsed. Even if Ubuntu doesn't support these types we should still be able to parse the Microsoft ones - otherwise we are unable to apply any of the GPOs.

Reproduction

Attempt to apply any policy containing objects with types other than regSz (1), regMultiSz (7) or regDword (4). Applying will fail with an error like the following: 3 type is not supported for key EFSBlob. Here 3 stands for binary data.

DE-31 Documentation missing

Good day everyone i have some question about the documentation:
Beyond what the usage page proposed there are some point that are no clarified:
Requirements: Compatible with ? Windows Server 2012R2, 2016, 2019 ?

sssd requires a modification in order to adsys to allow the client to login: ad_server = ad.example.com otherwise it will complaint about no having an AD server define in the sssd.conf file.

ADMX files:
The GPC Templates show in this post from where are they gather ? adsysctl policy admx all ?
https://discourse.ubuntu.com/t/desktop-team-updates-monday-25th-january-2021/20519/3

Thanks

Feature Request: Manage energy profile settings

Hi, I would like to know if in the near future adsys could manage energy profile settings, like turning off the screen after certain time or suspend the PC after some time without activity. Regards

Lockdown breaks dconf

I have configured the picture uri to disabled on Ubuntu 22.04. Afterwards I am as expected no longer able to change the wallpaper, but I can also not set any other dconf settings anymore, like changing the keyboard layout.
After setting the GPO Option back to Not Configured I can still not set the wallpaper again or any other dconf value.
The dconf configuration directory for that user ~/.config/dconf/ does not exist, nor it's created while changing a value.
I have tried to move the computer and user out of the OUs where the Policies are active, without success. Only removing adsys completely solved the issue.

go test ./... should pass with non permissive user

As per our discussion, we should skip the tests that needs root, and write in the skip comment that it needs the env variable to run.

ofc, CI and package build (if we can run them: build and autopkgtests) needs to be updated.

Stabilize tests coverage

Coverage changes quite with irrelevant changes being done.

This could be timeouts not triggering as expected or anything else unexpected. We should investigate and try to make them more stable.

Policies manager don’t have tests for mount

We noted it down for later, but after the integration tests, I think we missed track of it.

Investigate changes in coverage when no related files are modified

From time to time we get reports of coverage changing on PRs when there are no changes in the affected files (e.g. dependency bumps, documentation updates). Both Codecov (which we use) and Coveralls don't seem to have a way to inspect this coverage diff online, so our best bet would be to download the raw coverage output from Codecov and compare it with local test runs to see the difference.

Example PRs:

#506
#503

If the changes prove to be too complicated we should open separate issues for them once we figure out the problems.

Replace systemctl direct call in scripts with dbus call

This allows a more integrated experience by not having to rely on external command.

This will need:

to be mocked in the package tests
to be mocked in the integration tests
remove the whole command override

Purging the package doesn't remove/unload managed resources

Purging the adsys package doesn't remove managed resources, such as loaded apparmor rules, dconf profiles, sudo/polkit entries, etc.

We should implement a purge command that takes care of this, and ensure we call it in a prerm script when the adsys package is purged.

Ubuntu

Please do not report security vulnerabilities here
Use launchpad ADSys private bugs which is monitored by our security team. On ubuntu machine, it’s best to use ubuntu-bug adsys to collect relevant information.

By submitting an Issue to this repository, you agree to the terms within the Ubuntu Code of Conduct.

Describe the problem you'd like to have solved

A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Describe the ideal solution

A clear and concise description of what you want to happen.

Alternatives and current workarounds

A clear and concise description of any alternatives you've considered or any workarounds that are currently in place.

Environment

Please provide the following:

For ubuntu users, please run and copy the following

ubuntu-bug adsys --save=/tmp/report
Copy paste below /tmp/report content:

COPY REPORT CONTENT HERE.

Installed versions

OS: (/etc/os-release)
ADSys version: (adsysctl version output)

Additional context

Add any other context about the problem here.

It is necessary to add a case that does not use quotation marks.

Please do not report security vulnerabilities here
Use launchpad ADSys private bugs which is monitored by our security team. On ubuntu machine, it’s best to use ubuntu-bug adsys to collect relevant information.

By submitting an Issue to this repository, you agree to the terms within the Ubuntu Code of Conduct.

Describe the problem you'd like to have solved

I made a policy to adjust the screen saver time by modifying the admx and adml files.
I used the "meta:s" option, but it was a problem in this part.
Quotations mark must not be used to implement the policy.
When using quotation marks, the dconf policy and gsetting policy are displayed differently as shown in the following image.

I entered it on the AD server.

It was confirmed in "/etc/dconf/db/user.d/adsys".

Describe the ideal solution

Add meta option of string type that removes quotation marks

Golden should always be normalized

Golden file generation should use the same helper for normalizing the golden name.

We need then to discuss if we shouldn’t have them by test group name, like TestNew/Subtest/golden or golden/TestNew/Subtest. This will need to take into account we have some fixtures per tests sometimes.

Cannot parse policies with empty values

Description

In addition to empty data, some Microsoft policy entries happen to have empty values as well. See the following entry:

// [key;value;type;size;data]
00000000: 5052 6567 0100 0000 5b00 5300 6f00 6600  PReg....[.S.o.f.
00000010: 7400 7700 6100 7200 6500 5c00 5000 6f00  t.w.a.r.e.\.P.o.
00000020: 6c00 6900 6300 6900 6500 7300 5c00 4d00  l.i.c.i.e.s.\.M.
00000030: 6900 6300 7200 6f00 7300 6f00 6600 7400  i.c.r.o.s.o.f.t.
00000040: 5c00 5300 7900 7300 7400 6500 6d00 4300  \.S.y.s.t.e.m.C.
00000050: 6500 7200 7400 6900 6600 6900 6300 6100  e.r.t.i.f.i.c.a.
00000060: 7400 6500 7300 5c00 4100 4300 5200 5300  t.e.s.\.A.C.R.S.
00000070: 5c00 4300 6500 7200 7400 6900 6600 6900  \.C.e.r.t.i.f.i.
00000080: 6300 6100 7400 6500 7300 0000 3b00 0000  c.a.t.e.s...;...
00000090: 3b00 0000 0000 3b00 0000 0000 3b00 5d00  ;.....;.....;.].

This fails hard when parsing, returning the following empty value in error:

adsys/internal/ad/registry/registry.go

Line 251 in 9e82924

return nil, fmt.Errorf("empty value in %s", strings.ToValidUTF8(s.Text(), "?"))

While this is indeed undesirable for Ubuntu policies, we still want to be able to parse Windows policies that exhibit this behavior.

Reproduction

I've been able to reproduce this issue when applying the Default Domain Policy on an Ubuntu 22.04 machine (adsysctl update -m). Now that we fixed #346 and we can properly parse policies from uppercase paths like the Default Domain Policy, this issue could become more prevalent.

Suggested fix

As we don't want Microsoft policies to prevent us from applying our own, we should avoid returning an error in this case. Introduce an error field on the registry.policyRawEntry and entry.Entry structs which is populated if a non-fatal error like this one occured during parsing.

Then, when iterating over the decoded policies, policies which don't match our key prefix are already excluded -- so we just need to check if the decoded policy has an error and show it accordingly.

Feature request: Implement Azure AD support

Hello everyone,

I was just wondering whether Azure AD support is planned for the future? As a lot of customers prefer using Azure AD instead of local AD instances this would be a great functionality in my opinion.

I understand that Azure AD is completely different from a technical perspective.

macOS support

Please do not report security vulnerabilities here
Use launchpad ADSys private bugs which is monitored by our security team. On ubuntu machine, it’s best to use ubuntu-bug adsys to collect relevant information.

By submitting an Issue to this repository, you agree to the terms within the Ubuntu Code of Conduct.

Describe the problem you'd like to have solved

do you intend to support use of adsys on macOS

Describe the ideal solution

provide more information about the macOS references in Readme.md

Alternatives and current workarounds

n/a

Environment

Please provide the following:

For ubuntu users, please run and copy the following

ubuntu-bug adsys --save=/tmp/report
Copy paste below /tmp/report content:

COPY REPORT CONTENT HERE.

Installed versions

OS: (/etc/os-release)
ADSys version: (adsysctl version output)

Additional context

Add any other context about the problem here.

adsys proxy settings

Hello,

I am not able to find proxy settings configuration in admx/adml file for GPO implementation in Ubuntu clients.

Is there any settings for proxy server configuration in GPO?

Feature request: mount printers from windows printer server

Dear adsys team.

I just see a Demo vidéo from your project.

I'm really excited and can already see some of our (non-IT) colleagues moving from Windows to Ubuntu.
It will be easier with your tools.
I think your integrations are good, but one or two points are missing which seem to me currently essential in the business world:
1.Mount a printer from a windows print server (or cups and samba similar)
2.Mount a shared folder from a windows (or samba) shared folder.

Do you think it is possible for you to integrate something with CUPS for the printers and Nautilus for the shared folder?

You will certainly tell me that it is possible with the logon script but a real integration would greatly fulfill your project.

If these functions exist and I missed something please excuse me.

Many thanks in advance.

Standardize in capital/non capital letters for subtests

We are not consistent for now here.

Fix special encoding when domain name has special characters

We only supported "." previously when transforming special characters in domain name to dbus path.

sss has some more specific transformation when going from string to object path. We need to follow the same rules.

Azure Active Directory Domain causes installation to get stuck

Description

When attempting to join a domain with a url path the installation process of Ubuntu 21.04 halts and you are unable to do anything to cancel or revert the change with out rebooting.

Reproduction

Run through the installation of Ubuntu 21.04 and attempt to place a url into the Domain field, the url is pointing to an Azure Active Directory, which I learned later that it wasn't supported yet. However, this still is a bug that causes the window to freeze and prevent continuation of setup.

Environment

Running Windows 11 and Ubuntu 21.04 on Hyper-V

For ubuntu users, please run and copy the following

States cannot obtain the report for a package that is not installed.

Does it work with fedora?

Does this work with Fedora too?
Since Ubuntu is switching soon to Flutter I am forced to switch to fedora.
So is this working there as well?

Unable to login as a user of the joined Active Directory

Please do not report security vulnerabilities here
Use launchpad ADSys private bugs which is monitored by our security team. On ubuntu machine, it’s best to use ubuntu-bug adsys to collect relevant information.

By submitting an Issue to this repository, you agree to the terms within the Ubuntu Code of Conduct.

Description

Unable to login as a user of the joined Active Directory

Here my error message.
sudo login > user > passwd > error

Reproduction

It is presumed that this problem occurred when ADCS(Active Drictory Certificate Service) was added, but it is not clear.
Linux OS was the same setting.
I tried setting up after reading wiki, but I couldn't solve it.

- same settings

Linux
1. Install package (realmd, sssd, sssd-tools, libnss-sss, libpam-sss, adcli, samba-common-bin, oddjob, oddjob-mkhomedir)
2. Join AD (sudo realm join -U $AD $Domain > Check realm list > join is OK)
3. Change /usr/share/pam-configs/mkhomedir > sudo pam-auth-update
4. sudo realm permit user@domain
5. Test login (sudo login > user@domain > passwd > login is OK)
  - Before installing the adsys.
6. Install adsys package and make /etc/adsys.yaml

Window
1. Install Window server OS
2. Make AD domain

- different settings

Window
1. AD CS, IIS

I can't login after installing the adsys package.
I think it's a problem related to the certificate.
I referred to the following link.
https://ubuntu.com/server/docs/service-sssd
My sssd setting is as follows.

My /etc/adsys.yaml is as follows.

Is there a setting that I made a mistake in?
Should id_provider be set to ldap to set the certificate?
I need help.

Environment

ADSys version: 0.8~22.04

Windows tests are flacky, and we should do something about it

We have quite some failures in CI due to windows testing. We should tackle them to not let that slip through and starting having the habit of "rerunning tests"

Print logs when GPO is already up to date

We are lacking logs for telling when we don’t update a GPO or assets.

Cannot parse policy entries with no data

Description

The Default Domain Policy for Computers has a bunch of SystemCertificates keys with no data which adsys fails to parse. Here are some examples:

Software\Policies\Microsoft\SystemCertificates\ACRS\Certificates
Software\Policies\Microsoft\SystemCertificates\ACRS\CRLs
Software\Policies\Microsoft\SystemCertificates\ACRS\CTLs
Software\Policies\Microsoft\SystemCertificates\CA\Certificates
Software\Policies\Microsoft\SystemCertificates\CA\CRLs
Software\Policies\Microsoft\SystemCertificates\CA\CTLs
Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates
Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs
Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs
Software\Policies\Microsoft\SystemCertificates\DPNGRA\Certificates
Software\Policies\Microsoft\SystemCertificates\DPNGRA\CRLs
Software\Policies\Microsoft\SystemCertificates\DPNGRA\CTLs
Software\Policies\Microsoft\SystemCertificates\FVE\Certificates
Software\Policies\Microsoft\SystemCertificates\FVE\CRLs
Software\Policies\Microsoft\SystemCertificates\FVE\CTLs
Software\Policies\Microsoft\SystemCertificates\FVE_NKP\Certificates
Software\Policies\Microsoft\SystemCertificates\FVE_NKP\CRLs
Software\Policies\Microsoft\SystemCertificates\FVE_NKP\CTLs
Software\Policies\Microsoft\SystemCertificates\Root\Certificates
Software\Policies\Microsoft\SystemCertificates\Root\CRLs
Software\Policies\Microsoft\SystemCertificates\Root\CTLs
Software\Policies\Microsoft\SystemCertificates\Trust\Certificates
Software\Policies\Microsoft\SystemCertificates\Trust\CRLs
Software\Policies\Microsoft\SystemCertificates\Trust\CTLs
Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates
Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs
Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs
Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Certificates
Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\CRLs
Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\CTLs

When examined with a hex editor, these look like the following:

00000000: 5052 6567 0100 0000 5b00 5300 6f00 6600  PReg....[.S.o.f.
00000010: 7400 7700 6100 7200 6500 5c00 5000 6f00  t.w.a.r.e.\.P.o.
00000020: 6c00 6900 6300 6900 6500 7300 5c00 4d00  l.i.c.i.e.s.\.M.
00000030: 6900 6300 7200 6f00 7300 6f00 6600 7400  i.c.r.o.s.o.f.t.
00000040: 5c00 5300 7900 7300 7400 6500 6d00 4300  \.S.y.s.t.e.m.C.
00000050: 6500 7200 7400 6900 6600 6900 6300 6100  e.r.t.i.f.i.c.a.
00000060: 7400 6500 7300 5c00 4100 4300 5200 5300  t.e.s.\.A.C.R.S.
00000070: 5c00 4300 6500 7200 7400 6900 6600 6900  \.C.e.r.t.i.f.i.
00000080: 6300 6100 7400 6500 7300 0000 3b00 0000  c.a.t.e.s...;...
00000090: 3b00 0000 0000 3b00 0000 0000 3b00 5d00  ;.....;.....;.].

The last field of the [key;value;type;size;data] stanza is entirely empty (semicolon succeeded immediately by a closing brace) whereas we expect a null character:

adsys/internal/ad/registry/registry.go

Line 200 in 9e82924

sectionEnd := []byte{0, 0, ']', 0} // \0] in UTF-16 (little endian)

> sudo adsysctl update -m
ERROR/home/gabi/repo/ubuntu/adsys/cmd/adsysd/main.go:50 main.run() Error from server: error while updating policy: can't get policies for "ubuntu2204": one or more error while parsing downloaded elements: /var/cache/adsys/sysvol/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/MACHINE/Registry.pol :can't parse policy: invalid policy: empty value in Software\Policies\Microsoft\SystemCertificates\ACRS\Certificates;;;;][Software\Policies\Microsoft\SystemCertificates\ACRS\CRLs;;;;][Software\Policies\Microsoft\SystemCertificates\ACRS\CTLs;;;;][Software\Policies\Microsoft\SystemCertificates\CA\Certificates;;;;][Software\Policies\Microsoft\SystemCertificates\CA\CRLs;;;;][Software\Policies\Microsoft\SystemCertificates\CA\CTLs;;;;][Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates;;;;][Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs;;;;][Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs;;;;][Software\Policies\Microsoft\SystemCertificates\DPNGRA\Certificates;;;;][Software\Policies\Microsoft\SystemCertificates\DPNGRA\CRLs;;;;][Software\Policies\Microsoft\SystemCertificates\DPNGRA\CTLs;;;;][Software\Policies\Microsoft\SystemCertificates\FVE\Certificates;;;;][Software\Policies\Microsoft\SystemCertificates\FVE\CRLs;;;;][Software\Policies\Microsoft\SystemCertificates\FVE\CTLs;;;;][Software\Policies\Microsoft\SystemCertificates\FVE_NKP\Certificates;;;;][Software\Policies\Microsoft\SystemCertificates\FVE_NKP\CRLs;;;;][Software\Policies\Microsoft\SystemCertificates\FVE_NKP\CTLs;;;;][Software\Policies\Microsoft\SystemCertificates\Root\Certificates;;;;][Software\Policies\Microsoft\SystemCertificates\Root\CRLs;;;;][Software\Policies\Microsoft\SystemCertificates\Root\CTLs;;;;][Software\Policies\Microsoft\SystemCertificates\Trust\Certificates;;;;][Software\Policies\Microsoft\SystemCertificates\Trust\CRLs;;;;][Software\Policies\Microsoft\SystemCertificates\Trust\CTLs;;;;][Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates;;;;][Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs;;;;][Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs;;;;][Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Certificates;;;;][Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\CRLs;;;;][Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\CTLs;;;;][Software\Policies\Ubuntu\gdm\dconf\org\gnome\desktop\interface\clock-show-date;metaValues;;?;{"20.04":{"empty":"false","meta":"b"},"22.04":{"empty":"false","meta":"b"},"all":{"empty":"false","meta":"b"}}

Using a section separator like []byte{';', 0, ']', 0} would solve the issue.

Reproduction

adwatchd can help install and update new admx/adml file.

admx/adml files updates regularly.

It can be cool to update them too (storing the folder they are in) everytime you update adwatchd itself. This will ease the setup too.

Stabilize integration test coverage

We have an issue when the coverage is called more than once in the same test. Prevent that from happening again and deal with the python case.

Move all shared golden functionalities to testutils

We should move all shared golden functionalities to testutils:

functions that updates golden
remove the tree manual comparison in some tests
install the update flag from testutils
Reshape CompareTreesForFiltering so update with the update flag. However, it’s used a couple of times to only compare, so care should be taken.

Does ADSys also work with AzureAD/AAD?

Hello,
if my company has only AAD for authentication, can i use ADSys on my Ubuntu laptop, also?

Change periodic refresh timer to be the same as Microsoft's

Describe the problem you'd like to have solved

When adding the ADSys documentation to the Whitepaper, we noticed that ADSys has a refresh time of 30 min but Microsoft's is 90 min. @jibel had me update the document to say 90 min, so just opening an issue so we don't forget to update our timer to be 90 min as we are reporting in the whitepaper.

Describe the ideal solution

A refresh timer that is in sync with Microsoft's for minimized confusion.

Mutexes should be transfered to a higher manager level

Right now, mutexes are used to secure the application of the policies, but they are used locally by each policy handler. We could unify them in a single one controlled by the "global" manager.

Applied command should be able to list machine only policies

We are missing an applied -m command and suggesting it if we try to show applied rules for a non AD user, like root.

Investigate adding a tesutils helper function for tc.wantErr

Can we base assertion on wantErr and stop the test if we need it?

This is what is in Skip() (but using private function).

	c.finished = true
	runtime.Goexit()

The issue is that we need to return/end with success. The helper may returns a bool otherwise, but is it a better syntax?

Testutils: always print debug logs in tests

All tests should have debug logged included. This should be factored out in testutils.

internal/watcher: TestRefreshGracePeriod is failing on our kinetic box

This test is failing for jibel and I on kinetic

time="2022-10-20T11:50:34+02:00" level=debug msg="Watching /tmp/TestRefreshGracePeriod1003041317/001/withsubdir and children"
time="2022-10-20T11:50:34+02:00" level=debug msg="Watching: /tmp/TestRefreshGracePeriod1003041317/001/withsubdir"
time="2022-10-20T11:50:34+02:00" level=debug msg="Watching: /tmp/TestRefreshGracePeriod1003041317/001/withsubdir/GPT.INI"
time="2022-10-20T11:50:34+02:00" level=debug msg="Watching: /tmp/TestRefreshGracePeriod1003041317/001/withsubdir/alreadyexists"
time="2022-10-20T11:50:34+02:00" level=debug msg="Watching: /tmp/TestRefreshGracePeriod1003041317/001/withsubdir/alreadyexistsDir"
time="2022-10-20T11:50:34+02:00" level=debug msg="Watching: /tmp/TestRefreshGracePeriod1003041317/001/withsubdir/alreadyexistsDir/GPT.INI"
time="2022-10-20T11:50:34+02:00" level=debug msg="Watching: /tmp/TestRefreshGracePeriod1003041317/001/withsubdir/alreadyexistsDir/alreadyexists"
time="2022-10-20T11:50:34+02:00" level=debug msg="Got event: WRITE         \"/tmp/TestRefreshGracePeriod1003041317/001/withsubdir/alreadyexists\""
time="2022-10-20T11:50:34+02:00" level=debug msg="Got event: WRITE         \"/tmp/TestRefreshGracePeriod1003041317/001/withsubdir/alreadyexists\""
time="2022-10-20T11:50:34+02:00" level=debug msg="Got event: WRITE         \"/tmp/TestRefreshGracePeriod1003041317/001/withsubdir/alreadyexists\""
time="2022-10-20T11:50:34+02:00" level=debug msg="Got event: WRITE         \"/tmp/TestRefreshGracePeriod1003041317/001/withsubdir/alreadyexists\""
time="2022-10-20T11:50:35+02:00" level=info msg="Bumping version for /tmp/TestRefreshGracePeriod1003041317/001/withsubdir/GPT.INI"
time="2022-10-20T11:50:35+02:00" level=debug msg="Got event: WRITE         \"/tmp/TestRefreshGracePeriod1003041317/001/withsubdir/GPT.INI\""
time="2022-10-20T11:50:35+02:00" level=debug msg="Got event: WRITE         \"/tmp/TestRefreshGracePeriod1003041317/001/withsubdir/GPT.INI\""
time="2022-10-20T11:50:35+02:00" level=debug msg="Got event: WRITE         \"/tmp/TestRefreshGracePeriod1003041317/001/withsubdir/GPT.INI\""
time="2022-10-20T11:50:35+02:00" level=debug msg="Got event: WRITE         \"/tmp/TestRefreshGracePeriod1003041317/001/withsubdir/GPT.INI\""
time="2022-10-20T11:50:35+02:00" level=debug msg="Got event: WRITE         \"/tmp/TestRefreshGracePeriod1003041317/001/withsubdir/alreadyexistsDir/alreadyexists\""
time="2022-10-20T11:50:35+02:00" level=debug msg="Got event: WRITE         \"/tmp/TestRefreshGracePeriod1003041317/001/withsubdir/alreadyexistsDir/alreadyexists\""
time="2022-10-20T11:50:35+02:00" level=debug msg="Got event: WRITE         \"/tmp/TestRefreshGracePeriod1003041317/001/withsubdir/alreadyexistsDir/alreadyexists\""
time="2022-10-20T11:50:35+02:00" level=debug msg="Got event: WRITE         \"/tmp/TestRefreshGracePeriod1003041317/001/withsubdir/alreadyexistsDir/alreadyexists\""
time="2022-10-20T11:50:36+02:00" level=info msg="Bumping version for /tmp/TestRefreshGracePeriod1003041317/001/withsubdir/GPT.INI"
time="2022-10-20T11:50:36+02:00" level=debug msg="Got event: WRITE         \"/tmp/TestRefreshGracePeriod1003041317/001/withsubdir/GPT.INI\""
time="2022-10-20T11:50:36+02:00" level=debug msg="Got event: WRITE         \"/tmp/TestRefreshGracePeriod1003041317/001/withsubdir/GPT.INI\""
time="2022-10-20T11:50:36+02:00" level=debug msg="Got event: WRITE         \"/tmp/TestRefreshGracePeriod1003041317/001/withsubdir/GPT.INI\""
time="2022-10-20T11:50:36+02:00" level=debug msg="Got event: WRITE         \"/tmp/TestRefreshGracePeriod1003041317/001/withsubdir/GPT.INI\""
time="2022-10-20T11:50:41+02:00" level=info msg="Watcher stopped"
--- FAIL: TestRefreshGracePeriod (7.19s)
    watcher_test.go:222: 
        	Error Trace:	/tmp/adsys/internal/watcher/watcher_test.go:433
        	            				/tmp/adsys/internal/watcher/watcher_test.go:222
        	Error:      	Not equal: 
        	            	expected: 2
        	            	actual  : 3
        	Test:       	TestRefreshGracePeriod
        	Messages:   	GPT.ini version is not equal to the expected one
    watcher_test.go:234: 
        	Error Trace:	/tmp/adsys/internal/watcher/watcher_test.go:433
        	            				/tmp/adsys/internal/watcher/watcher_test.go:234
        	Error:      	Not equal: 
        	            	expected: 2
        	            	actual  : 4
        	Test:       	TestRefreshGracePeriod
        	Messages:   	GPT.ini version is not equal to the expected one
    watcher_test.go:240: 
        	Error Trace:	/tmp/adsys/internal/watcher/watcher_test.go:433
        	            				/tmp/adsys/internal/watcher/watcher_test.go:240
        	Error:      	Not equal: 
        	            	expected: 3
        	            	actual  : 4
        	Test:       	TestRefreshGracePeriod
        	Messages:   	GPT.ini version is not equal to the expected one
FAIL
FAIL	github.com/ubuntu/adsys/internal/watcher	7.196s
FAIL

Refactor watchdtui using the new bubbles `Validate` API

Describe the problem you'd like to have solved

The new bubbles release comes with a Validate API which we can use to validate our TUI inputs (directories and config file). Currently, validation is done via arbitrary functions that directly operate on the textinput.Model objects, e.g.

adsys/internal/watchdtui/watchdtui.go

Lines 397 to 435 in e298b39

    
           // updateConfigInputError updates the error state of the config input. 
        
           func updateConfigInputError(input *textinput.Model) { 
        
           	value := input.Value() 
        
           	// If the config input is empty, clean up the error message 
        
           	if value == "" { 
        
           		input.Err = nil 
        
           		return 
        
           	} 
        
           	absPath, _ := filepath.Abs(value) 
        
           	stat, err := os.Stat(value) 
        
           	// If the config file does not exist, we're good 
        
           	if errors.Is(err, os.ErrNotExist) { 
        
           		input.Err = nil 
        
           		if !filepath.IsAbs(value) { 
        
           			input.Err = fmt.Errorf(i18n.G("%s will be the absolute path"), absPath) 
        
           		} 
        
           		return 
        
           	} 
        
           	// If we got another error, display it 
        
           	if err != nil { 
        
           		input.Err = err 
        
           		return 
        
           	} 
        
           	if stat.IsDir() { 
        
           		input.Err = fmt.Errorf(i18n.G("%s is a directory; will create %s.yaml inside"), absPath, watchdconfig.CmdName) 
        
           		return 
        
           	} 
        
           	if stat.Mode().IsRegular() { 
        
           		input.Err = fmt.Errorf(i18n.G("%s: file already exists and will be overwritten"), absPath) 
        
           		return 
        
           	} 
        
           	input.Err = nil 
        
           }

Describe the ideal solution

Input validation is done via the newly added API.

Username is case sensitive when applying policies on login

Description

When logging in (either via login or ssh) to an AD account using different case combinations, adsysd uses the specified account name instead of the lowercase one reported by getent/whoami to apply the GPOs. I believe this comes from the pam_get_item call here.

This works but has the unintended side effect of producing multiple dconf profile files for each variant of the username:

root@ubuntu2204:~# ls /etc/dconf/profile/ | grep -i administrator
[email protected]
[email protected]
[email protected]

Of course this all stems from the username retrieved by PAM so there might be more unintended side-effects, the dconf one being the easiest to observe.

I would expect the same username to be used regardless of the case used when logging in.

Reproduction

logging in with a capitalized username

root@ubuntu2204:~# getent passwd [email protected]
[email protected]:*:1130200500:1130200513:Administrator:/home/[email protected]:/bin/bash
root@ubuntu2204:~# login [email protected]
Password: 
Last login: Fri Jul  8 07:50:51 UTC 2022 from 192.168.0.123 on pts/3
Applying user settings
[email protected]@ubuntu2204:~$ echo $DCONF_PROFILE 
[email protected]
[email protected]@ubuntu2204:~$ whoami
[email protected]

DEBUG github.com/ubuntu/adsys/internal/grpc/logconnections/logconnections.go:60 loggedServerStream.RecvMsg() [[60190:262930]] Requesting with parameters: IsComputer: false, All: false, Target: [email protected], Krb5Cc: /tmp/krb5cc_1130200500_OeOOjt 
DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:533 (*AD).NormalizeTargetName() [[60190:262930]] NormalizeTargetName for "[email protected]", type "user" 
DEBUG github.com/ubuntu/adsys/internal/authorizer/authorizer.go:111 Authorizer.IsAllowedFromContext() [[60190:262930]] Check if grpc request peer is authorized 
DEBUG github.com/ubuntu/adsys/internal/authorizer/authorizer.go:150 Authorizer.isAllowed() [[60190:262930]] Authorized as being administrator 
DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:210 (*AD).GetPolicies() [[60190:262930]] GetPolicies for "[email protected]", type "user" 
DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:278 (*AD).GetPolicies() [[60190:262930]] Getting gpo list with arguments: "--objectclass user ldap://WIN-C1Q6GS1T2JH.warthogs.biz [email protected]" 
DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:300 (*AD).GetPolicies() [[60190:262930]] GPO "Default Domain Policy" for "[email protected]" available at "smb://warthogs.biz/sysvol/warthogs.biz/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}" 
DEBUG github.com/ubuntu/adsys/internal/ad/download.go:113 (*AD).fetch.func2() [[60190:262930]] Analyzing "assets" 
DEBUG github.com/ubuntu/adsys/internal/ad/download.go:113 (*AD).fetch.func2() [[60190:262930]] Analyzing "Default Domain Policy" 
INFO github.com/ubuntu/adsys/internal/ad/download.go:124 (*AD).fetch.func2() [[60190:262930]] No assets directory with GPT.INI file found on AD, skipping assets download 
DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:449 (*AD).parseGPOs.func1() [[60190:262930]] Parsing GPO "Default Domain Policy" 
DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:459 (*AD).parseGPOs.func1() [[60190:262930]] Policy "Default Domain Policy" doesn't have any policy for class "user" open /var/cache/adsys/sysvol/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/User/Registry.pol: no such file or directory 
DEBUG github.com/ubuntu/adsys/internal/policies/policies.go:48 New() [[60190:262930]] Creating new policies 
INFO github.com/ubuntu/adsys/internal/policies/manager.go:155 (*Manager).ApplyPolicies() [[60190:262930]] Apply policy for [email protected] (machine: false) 
DEBUG github.com/ubuntu/adsys/internal/policies/dconf/dconf.go:70 (*Manager).ApplyPolicy() [[60190:262930]] Applying dconf policy to [email protected] 
DEBUG github.com/ubuntu/adsys/internal/policies/dconf/dconf.go:219 writeProfile() [[60190:262930]] Update user profile /etc/dconf/profile/[email protected] 
...

logging in with a lowercase username

root@ubuntu2204:~# getent passwd [email protected]
[email protected]:*:1130200500:1130200513:Administrator:/home/[email protected]:/bin/bash
root@ubuntu2204:~# login [email protected]
Password: 
Last login: Fri Jul  8 08:00:38 UTC 2022 on pts/4
Applying user settings
[email protected]@ubuntu2204:~$ echo $DCONF_PROFILE 
[email protected]
[email protected]@ubuntu2204:~$ whoami
[email protected]

DEBUG github.com/ubuntu/adsys/internal/grpc/logconnections/logconnections.go:60 loggedServerStream.RecvMsg() [[60293:296508]] Requesting with parameters: IsComputer: false, All: false, Target: [email protected], Krb5Cc: /tmp/krb5cc_1130200500_OeOOjt 
DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:533 (*AD).NormalizeTargetName() [[60293:296508]] NormalizeTargetName for "[email protected]", type "user" 
DEBUG github.com/ubuntu/adsys/internal/authorizer/authorizer.go:111 Authorizer.IsAllowedFromContext() [[60293:296508]] Check if grpc request peer is authorized 
DEBUG github.com/ubuntu/adsys/internal/authorizer/authorizer.go:150 Authorizer.isAllowed() [[60293:296508]] Authorized as being administrator 
DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:210 (*AD).GetPolicies() [[60293:296508]] GetPolicies for "[email protected]", type "user" 
DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:278 (*AD).GetPolicies() [[60293:296508]] Getting gpo list with arguments: "--objectclass user ldap://WIN-C1Q6GS1T2JH.warthogs.biz [email protected]" 
DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:300 (*AD).GetPolicies() [[60293:296508]] GPO "Default Domain Policy" for "[email protected]" available at "smb://warthogs.biz/sysvol/warthogs.biz/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}" 
DEBUG github.com/ubuntu/adsys/internal/ad/download.go:113 (*AD).fetch.func2() [[60293:296508]] Analyzing "assets" 
DEBUG github.com/ubuntu/adsys/internal/ad/download.go:113 (*AD).fetch.func2() [[60293:296508]] Analyzing "Default Domain Policy" 
INFO github.com/ubuntu/adsys/internal/ad/download.go:124 (*AD).fetch.func2() [[60293:296508]] No assets directory with GPT.INI file found on AD, skipping assets download 
DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:449 (*AD).parseGPOs.func1() [[60293:296508]] Parsing GPO "Default Domain Policy" 
DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:459 (*AD).parseGPOs.func1() [[60293:296508]] Policy "Default Domain Policy" doesn't have any policy for class "user" open /var/cache/adsys/sysvol/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/User/Registry.pol: no such file or directory 
DEBUG github.com/ubuntu/adsys/internal/policies/policies.go:48 New() [[60293:296508]] Creating new policies 
INFO github.com/ubuntu/adsys/internal/policies/manager.go:155 (*Manager).ApplyPolicies() [[60293:296508]] Apply policy for [email protected] (machine: false) 
DEBUG github.com/ubuntu/adsys/internal/policies/dconf/dconf.go:70 (*Manager).ApplyPolicy() [[60293:296508]] Applying dconf policy to [email protected] 
DEBUG github.com/ubuntu/adsys/internal/policies/dconf/dconf.go:219 writeProfile() [[60293:296508]] Update user profile /etc/dconf/profile/[email protected] 
...

applying policies for the current logged in user -- here adsys uses the lowercase username from the start:

root@ubuntu2204:~# login [email protected]
Password: 
Last login: Fri Jul  8 08:10:13 UTC 2022 on pts/4
Applying user settings
[email protected]@ubuntu2204:~$ adsysctl update -vvv
...
DEBUG github.com/ubuntu/adsys/internal/grpc/logconnections/logconnections.go:60 loggedServerStream.RecvMsg() Requesting with parameters: IsComputer: false, All: false, Target: [email protected], Krb5Cc: /tmp/krb5cc_1130200500_OeOOjt 
DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:533 (*AD).NormalizeTargetName() NormalizeTargetName for "[email protected]", type "user" 
...
INFO github.com/ubuntu/adsys/internal/policies/manager.go:155 (*Manager).ApplyPolicies() Apply policy for [email protected] (machine: false) 
DEBUG github.com/ubuntu/adsys/internal/policies/dconf/dconf.go:70 (*Manager).ApplyPolicy() Applying dconf policy to [email protected] 
DEBUG github.com/ubuntu/adsys/internal/policies/dconf/dconf.go:219 writeProfile() Update user profile /etc/dconf/profile/[email protected] 
DEBUG github.com/ubuntu/adsys/internal/policies/scripts/scripts.go:92 (*Manager).ApplyPolicy() Applying scripts policy to [email protected] 
...

Environment

OS: Ubuntu 22.04 LTS
ADSys version: 0.8.4

Refactoring optional functionals for stubs when used in more than one layers.

We have some functional parameters that bubbles up in multiple layers so that we can mock entire set of features. Some examples like in #461 shows that it’s weird to always have functional parameters calls.

Can we do better? Find another pattern with some test stubs that we can optionally attach and pass bindly between layers?
This bug is some architecture/thinking process before doing a proper refactoring around it throughout the code base.

Generated admx/adml should describe if a key requires Ubuntu Pro

We should annotate automatically all non gsettings key notes with the information that Ubuntu Pro is required.

GDM login screen is not updated

Investigate bug.

Applied command should says what rules are not applied

Applied command should display a message for unapplied rules due to missing Ubuntu Pro subscription on the client (or don’t show them at all)

Invalid GPT.INI: version not found (prevents login if adsys is enabled in PAM)

It would appear that at some point, AD group policy ini file can omit "Version=" tag.
We have one of this kind of policy, domain default policy that has never been edited and is totally empty.
Windows doesn't care. Group policy editor shows 0 as version. But Ubuntu 22 with ADsys will not let users log in.

Error message:
ERROR Error from server: error while updating policy: can't get policies for "[email protected]": can't download all gpos and assets: one or more error while fetching GPOs and assets: can't download "Default Domain Policy": can't check if Default Domain Policy needs refreshing: invalid remote GPT.INI: version not found

using pam-auth-update and deselecting ADsys Authentication lets user in, but ofc without policies being applied.

Fix some policies content path being exported as capitalized "MACHINE" vs "Machine" for instance

Description

ADSys cannot update GPOs on Jammy Jellyfish 22.04 because of misnamed folders. adsysctl expects the folders to be title cased (e.g. Machine), but they are uppercase (e.g. MACHINE). This prevents any GPOs from being applied.

Reproduction

Create GPO in AD and apply to computers/users. (Tested with default policy and brand new policy.) Example: disable terminal.

Restart and/or manually sync the client machine.

Login and attempt to open terminal.

Environment

ProblemType: Bug
ApportVersion: 2.20.11-0ubuntu82.1
Architecture: amd64
CasperMD5CheckResult: pass
Date: Fri Jun 10 18:18:16 2022
Dependencies:
 adduser 3.118ubuntu5
 apt 2.4.5
 apt-utils 2.4.5
 bind9-host 1:9.18.1-1ubuntu1.1
 bind9-libs 1:9.18.1-1ubuntu1.1
 ca-certificates 20211016
 cracklib-runtime 2.9.6-3.4build4
 dbus 1.12.20-2ubuntu4
 debconf 1.5.79ubuntu1
 debconf-i18n 1.5.79ubuntu1
 dirmngr 2.2.27-3ubuntu2
 distro-info 1.1build1
 distro-info-data 0.52ubuntu0.1
 dpkg 1.21.1ubuntu2.1
 file 1:5.41-3
 gcc-12-base 12-20220319-1ubuntu1
 gnupg 2.2.27-3ubuntu2
 gnupg-l10n 2.2.27-3ubuntu2
 gnupg-utils 2.2.27-3ubuntu2
 gpg 2.2.27-3ubuntu2
 gpg-agent 2.2.27-3ubuntu2
 gpg-wks-client 2.2.27-3ubuntu2
 gpg-wks-server 2.2.27-3ubuntu2
 gpgconf 2.2.27-3ubuntu2
 gpgsm 2.2.27-3ubuntu2
 gpgv 2.2.27-3ubuntu2
 init-system-helpers 1.62
 iso-codes 4.9.0-1
 ldap-utils 2.5.11+dfsg-1~exp1ubuntu3.1
 libacl1 2.3.1-1
 libapparmor1 3.0.4-2ubuntu2
 libapt-pkg6.0 2.4.5
 libassuan0 2.5.5-1build1
 libaudit-common 1:3.0.7-1build1
 libaudit1 1:3.0.7-1build1
 libavahi-client3 0.8-5ubuntu5
 libavahi-common-data 0.8-5ubuntu5
 libavahi-common3 0.8-5ubuntu5
 libbasicobjects0 0.6.2-1
 libblkid1 2.37.2-4ubuntu3
 libbsd0 0.11.5-1
 libbz2-1.0 1.0.8-5build1
 libc-ares2 1.18.1-1build1
 libc6 2.35-0ubuntu3
 libcap-ng0 0.7.9-2.2build3
 libcap2 1:2.44-1build3
 libcollection4 0.6.2-1
 libcom-err2 1.46.5-2ubuntu1.1
 libcrack2 2.9.6-3.4build4
 libcrypt1 1:4.4.27-1
 libcups2 2.4.1op1-1ubuntu4.1
 libdb5.3 5.3.28+dfsg1-0.8ubuntu3
 libdbus-1-3 1.12.20-2ubuntu4
 libdhash1 0.6.2-1
 libexpat1 2.4.7-1
 libffi8 3.4.2-4
 libgcc-s1 12-20220319-1ubuntu1
 libgcrypt20 1.9.4-3ubuntu3
 libglib2.0-0 2.72.1-1
 libglib2.0-data 2.72.1-1
 libgmp10 2:6.2.1+dfsg-3ubuntu1
 libgnutls30 3.7.3-4ubuntu1
 libgpg-error0 1.43-3
 libgpgme11 1.16.0-1.2ubuntu4
 libgpm2 1.20.7-10build1
 libgssapi-krb5-2 1.19.2-2
 libhogweed6 3.7.3-1build2
 libicu70 70.1-2
 libidn2-0 2.3.2-2build1
 libini-config5 0.6.2-1
 libipa-hbac0 2.6.3-1ubuntu3
 libjansson4 2.13.1-1.1build3
 libjson-c5 0.15-3~ubuntu1.22.04.1
 libjson-glib-1.0-0 1.6.6-1build1
 libjson-glib-1.0-common 1.6.6-1build1
 libk5crypto3 1.19.2-2
 libkeyutils1 1.6.1-2ubuntu3
 libkrb5-3 1.19.2-2
 libkrb5support0 1.19.2-2
 libksba8 1.6.0-2build1
 libldap-2.5-0 2.5.11+dfsg-1~exp1ubuntu3.1
 libldap-common 2.5.11+dfsg-1~exp1ubuntu3.1
 libldb2 2:2.4.2-0ubuntu1
 liblmdb0 0.9.24-1build2
 liblocale-gettext-perl 1.07-4build3
 liblz4-1 1.9.3-2build2
 liblzma5 5.2.5-2ubuntu1
 libmagic-mgc 1:5.41-3
 libmagic1 1:5.41-3
 libmaxminddb0 1.5.2-1build2
 libmd0 1.0.4-1build1
 libmount1 2.37.2-4ubuntu3
 libmpdec3 2.5.1-2build2
 libncursesw6 6.3-2
 libnettle8 3.7.3-1build2
 libnfsidmap1 1:2.6.1-1ubuntu1
 libnghttp2-14 1.43.0-1build3
 libnl-3-200 3.5.0-0.1
 libnl-route-3-200 3.5.0-0.1
 libnpth0 1.6-3build2
 libnsl2 1.3.0-2build2
 libnss-sss 2.6.3-1ubuntu3
 libp11-kit0 0.24.0-6build1
 libpam-modules 1.4.0-11ubuntu2
 libpam-modules-bin 1.4.0-11ubuntu2
 libpam-pwquality 1.4.4-1build2
 libpam-runtime 1.4.0-11ubuntu2
 libpam-sss 2.6.3-1ubuntu3
 libpam0g 1.4.0-11ubuntu2
 libpath-utils1 0.6.2-1
 libpcre2-8-0 10.39-3build1
 libpcre3 2:8.39-13ubuntu0.22.04.1
 libpolkit-gobject-1-0 0.105-33
 libpopt0 1.18-3build1
 libpwquality-common 1.4.4-1build2
 libpwquality1 1.4.4-1build2
 libpython3-stdlib 3.10.4-0ubuntu2
 libpython3.10 3.10.4-3
 libpython3.10-minimal 3.10.4-3
 libpython3.10-stdlib 3.10.4-3
 libreadline8 8.1.2-1
 libref-array1 0.6.2-1
 libsasl2-2 2.1.27+dfsg2-3ubuntu1
 libsasl2-modules 2.1.27+dfsg2-3ubuntu1
 libsasl2-modules-db 2.1.27+dfsg2-3ubuntu1
 libsasl2-modules-gssapi-mit 2.1.27+dfsg2-3ubuntu1
 libseccomp2 2.5.3-2ubuntu2
 libselinux1 3.3-1build2
 libsemanage-common 3.3-1build2
 libsemanage2 3.3-1build2
 libsepol2 3.3-1build1
 libsmartcols1 2.37.2-4ubuntu3
 libsmbclient 2:4.15.5~dfsg-0ubuntu5
 libsqlite3-0 3.37.2-2
 libssl3 3.0.2-0ubuntu1.2
 libsss-certmap0 2.6.3-1ubuntu3
 libsss-idmap0 2.6.3-1ubuntu3
 libsss-nss-idmap0 2.6.3-1ubuntu3
 libstdc++6 12-20220319-1ubuntu1
 libsystemd0 249.11-0ubuntu3.1
 libtalloc2 2.3.3-2build1
 libtasn1-6 4.18.0-4build1
 libtdb1 1.4.5-2build1
 libtevent0 0.11.0-1build1
 libtext-charwidth-perl 0.04-10build3
 libtext-iconv-perl 1.7-7build3
 libtext-wrapi18n-perl 0.06-9
 libtinfo6 6.3-2
 libtirpc-common 1.3.2-2build1
 libtirpc3 1.3.2-2build1
 libudev1 249.11-0ubuntu3.1
 libunistring2 1.0-1
 libuuid1 2.37.2-4ubuntu3
 libuv1 1.43.0-1
 libwbclient0 2:4.15.5~dfsg-0ubuntu5
 libxml2 2.9.13+dfsg-1ubuntu0.1
 libxxhash0 0.8.1-1
 libyaml-0-2 0.2.2-1build2
 libzstd1 1.4.8+dfsg-3build1
 lsb-base 11.1.0ubuntu4
 lsb-release 11.1.0ubuntu4
 media-types 7.0.0
 openssl 3.0.2-0ubuntu1.2
 passwd 1:4.8.1-2ubuntu2
 perl-base 5.34.0-3ubuntu1
 pinentry-curses 1.1.1-1build2
 python-apt-common 2.3.0ubuntu2
 python3 3.10.4-0ubuntu2
 python3-apt 2.3.0ubuntu2
 python3-gpg 1.16.0-1.2ubuntu4
 python3-ldb 2:2.4.2-0ubuntu1
 python3-minimal 3.10.4-0ubuntu2
 python3-pkg-resources 59.6.0-1.2
 python3-samba 2:4.15.5~dfsg-0ubuntu5
 python3-sss 2.6.3-1ubuntu3
 python3-talloc 2.3.3-2build1
 python3-tdb 1.4.5-2build1
 python3-yaml 5.4.1-1ubuntu1
 python3.10 3.10.4-3
 python3.10-minimal 3.10.4-3
 readline-common 8.1.2-1
 samba-dsdb-modules 2:4.15.5~dfsg-0ubuntu5
 samba-libs 2:4.15.5~dfsg-0ubuntu5
 sensible-utils 0.0.17
 shared-mime-info 2.1-2
 sssd 2.6.3-1ubuntu3
 sssd-ad 2.6.3-1ubuntu3
 sssd-ad-common 2.6.3-1ubuntu3
 sssd-common 2.6.3-1ubuntu3
 sssd-dbus 2.6.3-1ubuntu3
 sssd-ipa 2.6.3-1ubuntu3
 sssd-krb5 2.6.3-1ubuntu3
 sssd-krb5-common 2.6.3-1ubuntu3
 sssd-ldap 2.6.3-1ubuntu3
 sssd-proxy 2.6.3-1ubuntu3
 tar 1.34+dfsg-1build3
 ubuntu-advantage-desktop-daemon 1.9~22.04.1
 ubuntu-advantage-tools 27.8~22.04.1
 ubuntu-keyring 2021.03.26
 uuid-runtime 2.37.2-4ubuntu3
 wamerican 2020.12.07-2
 xdg-user-dirs 0.17-2ubuntu4
 zlib1g 1:1.2.11.dfsg-2ubuntu9
DistroRelease: Ubuntu 22.04
InstallationDate: Installed on 2022-06-07 (3 days ago)
InstallationMedia: Ubuntu 22.04 LTS "Jammy Jellyfish" - Release amd64 (20220419)
NonfreeKernelModules: zfs zunicode zcommon znvpair zavl icp
Package: adsys 0.8.4
PackageArchitecture: amd64
ProcCpuinfoMinimal:
 processor	: 1
 vendor_id	: AuthenticAMD
 cpu family	: 23
 model		: 8
 model name	: AMD Ryzen 7 2700X Eight-Core Processor
 stepping	: 2
 microcode	: 0x800820d
 cpu MHz		: 3693.060
 cache size	: 512 KB
 physical id	: 1
 siblings	: 1
 core id		: 0
 cpu cores	: 1
 apicid		: 1
 initial apicid	: 1
 fpu		: yes
 fpu_exception	: yes
 cpuid level	: 13
 wp		: yes
 flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm rep_good nopl cpuid extd_apicid tsc_known_freq pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm cmp_legacy svm cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw perfctr_core ssbd ibpb vmmcall fsgsbase tsc_adjust bmi1 avx2 smep bmi2 rdseed adx smap clflushopt sha_ni xsaveopt xsavec xgetbv1 xsaves clzero xsaveerptr virt_ssbd arat npt nrip_save tsc_scale vmcb_clean arch_capabilities
 bugs		: sysret_ss_attrs null_seg spectre_v1 spectre_v2 spec_store_bypass
 bogomips	: 7386.12
 TLB size	: 1024 4K pages
 clflush size	: 64
 cache_alignment	: 64
 address sizes	: 48 bits physical, 48 bits virtual
 power management:
ProcEnviron:
 TERM=xterm-256color
 PATH=(custom, no user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
ProcVersionSignature: Ubuntu 5.15.0-37.39-generic 5.15.35
RelatedPackageVersions:
 sssd          2.6.3-1ubuntu3
 python3-samba 2:4.15.5~dfsg-0ubuntu5
SourcePackage: adsys
Tags:  jammy
Uname: Linux 5.15.0-37-generic x86_64
UpgradeStatus: No upgrade log present (probably fresh install)
_MarkForUpload: True
modified.conffile..etc.polkit-1.localauthority.conf.d.99-adsys-privilege-enforcement.conf: [deleted]
modified.conffile..etc.sudoers.d.99-adsys-privilege-enforcement: [deleted]

Installed versions

OS: 22.04 LTS (Jammy Jellyfish)
ADSys version:
adsysctl 0.8.4
adsysd 0.8.4

Additional context

User running adsysctl update -vvv:

INFO github.com/ubuntu/adsys/internal/config/config.go:62 Init() No configuration file: Config File "adsys" Not Found in "[/home/[email protected] /etc]".
We will only use the defaults, env variables or flags. 
DEBUG Connecting as [[6631:012933]]                
DEBUG github.com/ubuntu/adsys/internal/grpc/logconnections/logconnections.go:27 StreamServerInterceptor.func1() New request /service/UpdatePolicy 
DEBUG github.com/ubuntu/adsys/internal/grpc/logconnections/logconnections.go:60 loggedServerStream.RecvMsg() Requesting with parameters: IsComputer: false, All: false, Target: [email protected], Krb5Cc: /tmp/krb5cc_720601104_AcWNB0 
DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:533 (*AD).NormalizeTargetName() NormalizeTargetName for "[email protected]", type "user" 
DEBUG github.com/ubuntu/adsys/internal/authorizer/authorizer.go:111 Authorizer.IsAllowedFromContext() Check if grpc request peer is authorized 
DEBUG github.com/ubuntu/adsys/internal/authorizer/authorizer.go:191 Authorizer.isAllowed() Polkit call result, authorized: true 
DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:210 (*AD).GetPolicies() GetPolicies for "[email protected]", type "user" 
DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:278 (*AD).GetPolicies() Getting gpo list with arguments: "--objectclass user ldap://example.example.com [email protected]" 
DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:300 (*AD).GetPolicies() GPO "Default Domain Policy" for "[email protected]" available at "smb://example.com/sysvol/example.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}" 
DEBUG github.com/ubuntu/adsys/internal/ad/download.go:113 (*AD).fetch.func2() Analyzing "assets" 
DEBUG github.com/ubuntu/adsys/internal/ad/download.go:113 (*AD).fetch.func2() Analyzing "Default Domain Policy" 
INFO github.com/ubuntu/adsys/internal/ad/download.go:124 (*AD).fetch.func2() No assets directory with GPT.INI file found on AD, skipping assets download 
DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:449 (*AD).parseGPOs.func1() Parsing GPO "Default Domain Policy" 
DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:459 (*AD).parseGPOs.func1() Policy "Default Domain Policy" doesn't have any policy for class "user" open /var/cache/adsys/sysvol/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/User/Registry.pol: no such file or directory 
DEBUG github.com/ubuntu/adsys/internal/policies/policies.go:48 New() Creating new policies 
INFO github.com/ubuntu/adsys/internal/policies/manager.go:155 (*Manager).ApplyPolicies() Apply policy for [email protected] (machine: false) 
DEBUG github.com/ubuntu/adsys/internal/policies/manager.go:249 (*Manager).getSubscriptionState() Refresh subscription state 
DEBUG github.com/ubuntu/adsys/internal/policies/dconf/dconf.go:70 (*Manager).ApplyPolicy() Applying dconf policy to [email protected] 
DEBUG github.com/ubuntu/adsys/internal/policies/dconf/dconf.go:219 writeProfile() Update user profile /etc/dconf/profile/[email protected] 
DEBUG github.com/ubuntu/adsys/internal/policies/manager.go:257 (*Manager).getSubscriptionState.func1() Ubuntu advantage is enabled for GPO restrictions 
DEBUG github.com/ubuntu/adsys/internal/policies/scripts/scripts.go:92 (*Manager).ApplyPolicy() Applying scripts policy to [email protected]

Admin running sudo adsysctl update -a -vvv:

INFO github.com/ubuntu/adsys/internal/config/config.go:62 Init() No configuration file: Config File "adsys" Not Found in "[/home/jake /root /etc]".
We will only use the defaults, env variables or flags. 
DEBUG Connecting as [[6835:416247]]                
DEBUG github.com/ubuntu/adsys/internal/grpc/logconnections/logconnections.go:27 StreamServerInterceptor.func1() New request /service/UpdatePolicy 
DEBUG github.com/ubuntu/adsys/internal/grpc/logconnections/logconnections.go:60 loggedServerStream.RecvMsg() Requesting with parameters: IsComputer: false, All: true, Target: , Krb5Cc:  
DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:533 (*AD).NormalizeTargetName() NormalizeTargetName for "", type "computer" 
DEBUG github.com/ubuntu/adsys/internal/authorizer/authorizer.go:111 Authorizer.IsAllowedFromContext() Check if grpc request peer is authorized 
DEBUG github.com/ubuntu/adsys/internal/authorizer/authorizer.go:150 Authorizer.isAllowed() Authorized as being administrator 
DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:210 (*AD).GetPolicies() GetPolicies for "adsys", type "computer" 
DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:278 (*AD).GetPolicies() Getting gpo list with arguments: "--objectclass computer ldap://example.example.com adsys" 
DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:300 (*AD).GetPolicies() GPO "Default Domain Policy" for "adsys" available at "smb://example.com/sysvol/example.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}" 
DEBUG github.com/ubuntu/adsys/internal/ad/download.go:113 (*AD).fetch.func2() Analyzing "assets" 
DEBUG github.com/ubuntu/adsys/internal/ad/download.go:113 (*AD).fetch.func2() Analyzing "Default Domain Policy" 
INFO github.com/ubuntu/adsys/internal/ad/download.go:124 (*AD).fetch.func2() No assets directory with GPT.INI file found on AD, skipping assets download 
DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:449 (*AD).parseGPOs.func1() Parsing GPO "Default Domain Policy" 
DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:459 (*AD).parseGPOs.func1() Policy "Default Domain Policy" doesn't have any policy for class "computer" open /var/cache/adsys/sysvol/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/Machine/Registry.pol: no such file or directory 
DEBUG github.com/ubuntu/adsys/internal/policies/policies.go:48 New() Creating new policies 
INFO github.com/ubuntu/adsys/internal/policies/manager.go:155 (*Manager).ApplyPolicies() Apply policy for adsys (machine: true) 
DEBUG github.com/ubuntu/adsys/internal/policies/manager.go:249 (*Manager).getSubscriptionState() Refresh subscription state 
DEBUG github.com/ubuntu/adsys/internal/policies/dconf/dconf.go:70 (*Manager).ApplyPolicy() Applying dconf policy to adsys 
DEBUG github.com/ubuntu/adsys/internal/policies/manager.go:257 (*Manager).getSubscriptionState.func1() Ubuntu advantage is enabled for GPO restrictions 
DEBUG github.com/ubuntu/adsys/internal/policies/scripts/scripts.go:92 (*Manager).ApplyPolicy() Applying scripts policy to adsys 
DEBUG github.com/ubuntu/adsys/internal/policies/privilege/privilege.go:78 (*Manager).ApplyPolicy() Applying privilege policy to adsys 
DEBUG github.com/ubuntu/adsys/internal/policies/gdm/gdm.go:61 (*Manager).ApplyPolicy() ApplyPolicy gdm policy 
DEBUG github.com/ubuntu/adsys/internal/policies/dconf/dconf.go:70 (*Manager).ApplyPolicy() Applying dconf policy to gdm 
DEBUG github.com/ubuntu/adsys/internal/policies/dconf/dconf.go:219 writeProfile() Update user profile /etc/dconf/profile/gdm 
DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:382 (*AD).ListActiveUsers() ListActiveUsers 
DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:210 (*AD).GetPolicies() GetPolicies for "[email protected]", type "user" 
DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:278 (*AD).GetPolicies() Getting gpo list with arguments: "--objectclass user ldap://example.example.com [email protected]" 
DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:300 (*AD).GetPolicies() GPO "Default Domain Policy" for "[email protected]" available at "smb://example.com/sysvol/example.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}" 
DEBUG github.com/ubuntu/adsys/internal/ad/download.go:113 (*AD).fetch.func2() Analyzing "assets" 
DEBUG github.com/ubuntu/adsys/internal/ad/download.go:113 (*AD).fetch.func2() Analyzing "Default Domain Policy" 
INFO github.com/ubuntu/adsys/internal/ad/download.go:124 (*AD).fetch.func2() No assets directory with GPT.INI file found on AD, skipping assets download 
DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:449 (*AD).parseGPOs.func1() Parsing GPO "Default Domain Policy" 
DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:459 (*AD).parseGPOs.func1() Policy "Default Domain Policy" doesn't have any policy for class "user" open /var/cache/adsys/sysvol/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/User/Registry.pol: no such file or directory 
DEBUG github.com/ubuntu/adsys/internal/policies/policies.go:48 New() Creating new policies 
INFO github.com/ubuntu/adsys/internal/policies/manager.go:155 (*Manager).ApplyPolicies() Apply policy for [email protected] (machine: false)
DEBUG github.com/ubuntu/adsys/internal/policies/manager.go:249 (*Manager).getSubscriptionState() Refresh subscription state 
DEBUG github.com/ubuntu/adsys/internal/policies/dconf/dconf.go:70 (*Manager).ApplyPolicy() Applying dconf policy to [email protected] 
DEBUG github.com/ubuntu/adsys/internal/policies/dconf/dconf.go:219 writeProfile() Update user profile /etc/dconf/profile/[email protected] 
DEBUG github.com/ubuntu/adsys/internal/policies/manager.go:257 (*Manager).getSubscriptionState.func1() Ubuntu advantage is enabled for GPO restrictions 
DEBUG github.com/ubuntu/adsys/internal/policies/scripts/scripts.go:92 (*Manager).ApplyPolicy() Applying scripts policy to [email protected]

sudo ls -lh /var/cache/adsys/sysvol/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/:

-rw------- 1 root root 27 Jun 10 18:13 GPT.INI
drwx------ 4 root root  6 Jun 10 18:13 MACHINE
drwx------ 2 root root  4 Jun 10 18:13 USER

Important errors:

DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:459 (*AD).parseGPOs.func1() Policy "Default Domain Policy" doesn't have any policy for class "computer" open /var/cache/adsys/sysvol/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/Machine/Registry.pol: no such file or directory 
[...]
DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:459 (*AD).parseGPOs.func1() Policy "Default Domain Policy" doesn't have any policy for class "user" open /var/cache/adsys/sysvol/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/User/Registry.pol: no such file or directory

Enhancement: adwatchd can scaffold distribution assets creation

The intructions to create scripts and other assets directory is tedious, even if simple.

Maybe on first init and with a command line, we can request the distro name, sysvol folder and then scaffold with:

creating the distro directory
creating the scripts/ and apparmor/ subfolders
create a first GPT.ini content with version 0.

(documentation for scripts and apparmor needs to be updated then too)

internal/ad/internal_test.go: replace usage of md5Tree

Mordernize with our comparetree function in testutils.

Status command should show if the user has an Ubuntu Pro subscription support

The status command doesn’t show up if the machine is attached or not to an UA subscription

	// updateConfigInputError updates the error state of the config input.
	func updateConfigInputError(input *textinput.Model) {
	value := input.Value()
	// If the config input is empty, clean up the error message
	if value == "" {
	input.Err = nil
	return
	}

	absPath, _ := filepath.Abs(value)
	stat, err := os.Stat(value)

	// If the config file does not exist, we're good
	if errors.Is(err, os.ErrNotExist) {
	input.Err = nil
	if !filepath.IsAbs(value) {
	input.Err = fmt.Errorf(i18n.G("%s will be the absolute path"), absPath)
	}
	return
	}

	// If we got another error, display it
	if err != nil {
	input.Err = err
	return
	}

	if stat.IsDir() {
	input.Err = fmt.Errorf(i18n.G("%s is a directory; will create %s.yaml inside"), absPath, watchdconfig.CmdName)
	return
	}

	if stat.Mode().IsRegular() {
	input.Err = fmt.Errorf(i18n.G("%s: file already exists and will be overwritten"), absPath)
	return
	}

	input.Err = nil
	}

ubuntu / adsys Goto Github PK

adsys's Introduction

adsys

Documentation and Usage

Installing development versions

Troubleshooting

adsys's People

Contributors

Stargazers

Watchers

Forkers

adsys's Issues

Description

Reproduction

Environment

For ubuntu users, please run and copy the following

Installed versions

Additional context

Description

Reproduction

Describe the problem you'd like to have solved

Describe the ideal solution

Alternatives and current workarounds

Environment

For ubuntu users, please run and copy the following

Installed versions

Additional context

Describe the problem you'd like to have solved

Describe the ideal solution

Description

Reproduction

Suggested fix

Describe the problem you'd like to have solved

Describe the ideal solution

Alternatives and current workarounds

Environment

For ubuntu users, please run and copy the following

Installed versions

Additional context

Description

Reproduction

Environment

For ubuntu users, please run and copy the following

Description

Reproduction

- same settings

- different settings

Environment

Description

Reproduction

Describe the problem you'd like to have solved

Describe the ideal solution

Describe the problem you'd like to have solved

Describe the ideal solution

Description

Reproduction

Environment

Description

Reproduction

Environment

Installed versions

Additional context

Recommend Projects

Recommend Topics

Recommend Org