Skip to content

Commit

Permalink
Update run_sync.py
Browse files Browse the repository at this point in the history
  • Loading branch information
@sfonteneau
sfonteneau authored Aug 3, 2024
1 parent a45922b commit 436e93b
Showing 1 changed file with 43 additions and 14 deletions.
57 changes: 43 additions & 14 deletions run_sync.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,16 +6,18 @@
import hashlib
import time
import configparser
import traceback
from peewee import SqliteDatabase,CharField,Model,TextField,DateTimeField

if "__file__" in locals():
sys.path.insert(0, os.path.dirname(os.path.realpath(__file__)))

from libsync import AdConnect,OpenLdapInfo
from libsync import AdConnect,OpenLdapInfo,write_log_json_data,logger,logging

azureconf='/etc/azureconf/azure.conf'
config = configparser.ConfigParser()
config.read(azureconf)
logfile = '/var/log/azure_ad_sync'

db = SqliteDatabase(config.get('common', 'dbpath'))

Expand All @@ -40,6 +42,12 @@ def run_sync(force=False):

dry_run = config.getboolean('common', 'dry_run')

if not dry_run:
if logfile:
fhandler = logging.FileHandler(logfile)
logger.addHandler(fhandler)


hash_synchronization = config.getboolean('common', 'hash_synchronization')


Expand Down Expand Up @@ -99,11 +107,11 @@ def run_sync(force=False):

if not AzureObject.table_exists():
# enable ad sync
print('enable ad sync')
write_log_json_data('enable_ad_sync',{"EnableDirSync":True})
azure.enable_ad_sync()

# enable password hash sync
print('enable password hash sync')
write_log_json_data('enable_password_hash_sync',{"PasswordHashSync":True})
azure.enable_password_hash_sync()

if not AzureObject.table_exists():
Expand All @@ -119,26 +127,38 @@ def run_sync(force=False):
# Delete user in azure and not found in samba
for user in azure.dict_az_user:
if not user in smb.dict_all_users_samba:
print('Delete user %s' % azure.dict_az_user[user])
azure.delete_user(user)
write_log_json_data('delete',azure.dict_az_user[user])
try:
azure.delete_user(user)
except:
write_log_json_data('error',{'sourceanchor':user,'action':'delete_user','traceback':traceback.format_exc()})
continue
if not dry_run:
AzureObject.delete().where(AzureObject.sourceanchor==user,AzureObject.object_type=='user').execute()


# Delete group in azure and not found in samba
for group in azure.dict_az_group:
if not group in smb.dict_all_group_samba:
print('Delete group %s' % azure.dict_az_group[group])
azure.delete_group(group)
write_log_json_data('delete',azure.dict_az_group[group])
try:
azure.delete_group(group)
except:
write_log_json_data('error',{'sourceanchor':group,'action':'delete_group','traceback':traceback.format_exc()})
continue
if not dry_run:
AzureObject.delete().where(AzureObject.sourceanchor==group,AzureObject.object_type=='group').execute()

#create all user found samba
for entry in smb.dict_all_users_samba:
last_data = AzureObject.select(AzureObject.last_data_send).where(AzureObject.sourceanchor==entry,AzureObject.object_type=='user').first()
if force or (not last_data) or json.loads(last_data.last_data_send) != smb.dict_all_users_samba[entry] :
print('Send user %s' % smb.dict_all_users_samba[entry])
azure.send_obj_to_az(smb.dict_all_users_samba[entry])
write_log_json_data('send',smb.dict_all_users_samba[entry])
try:
azure.send_obj_to_az(smb.dict_all_users_samba[entry])
except:
write_log_json_data('error',{'sourceanchor':entry,'action':'send_user','traceback':traceback.format_exc()})
continue
if not dry_run:
if not last_data:
AzureObject.insert(sourceanchor=entry,object_type='user',last_data_send =json.dumps(smb.dict_all_users_samba[entry]),last_data_send_date = datetime.datetime.now()).execute()
Expand All @@ -150,8 +170,12 @@ def run_sync(force=False):
for entry in smb.dict_all_group_samba:
last_data = AzureObject.select(AzureObject.last_data_send).where(AzureObject.sourceanchor==entry,AzureObject.object_type=='group').first()
if force or (not last_data) or json.loads(last_data.last_data_send) != smb.dict_all_group_samba[entry] :
print('Send group %s' % smb.dict_all_group_samba[entry])
azure.send_obj_to_az(smb.dict_all_group_samba[entry])
write_log_json_data('send',smb.dict_all_group_samba[entry])
try:
azure.send_obj_to_az(smb.dict_all_group_samba[entry])
except:
write_log_json_data('error',{'sourceanchor':entry,'action':'send_group','traceback':traceback.format_exc()})
continue
if not dry_run:
if not last_data:
AzureObject.insert(sourceanchor=entry,object_type='group',last_data_send =json.dumps(smb.dict_all_group_samba[entry]),last_data_send_date = datetime.datetime.now()).execute()
Expand All @@ -169,7 +193,7 @@ def run_sync(force=False):
sha2password= hash_for_data(smb.dict_id_hash[entry])
last_data = AzureObject.select(AzureObject.last_sha256_hashnt_send).where(AzureObject.sourceanchor==entry,AzureObject.object_type=='user').first()
if force or (not last_data) or last_data.last_sha256_hashnt_send != sha2password :
print('send hash for SourceAnchor: %s %s' % (entry,smb.dict_all_users_samba[entry]['onPremisesSamAccountName']))
write_log_json_data('send_nthash',{'SourceAnchor':entry,'onPremisesSamAccountName':smb.dict_all_users_samba[entry]['onPremisesSamAccountName'],'nthash':'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'})

# Microsoft is very slow between sending the account and sending the password
try:
Expand All @@ -178,9 +202,14 @@ def run_sync(force=False):
if "Result" in str(e):
print('Fail, we may be a little too fast for microsoft, we will wait and try again ...' )
time.sleep(30)
azure.send_hashnt(smb.dict_id_hash[entry],entry)
try:
azure.send_hashnt(smb.dict_id_hash[entry],entry)
except:
write_log_json_data('error',{'sourceanchor':entry,'action':'send_hashnt','traceback':traceback.format_exc()})
continue
else:
raise
write_log_json_data('error',{'sourceanchor':entry,'action':'send_hashnt','traceback':traceback.format_exc()})
continue

if not dry_run:
AzureObject.update(last_sha256_hashnt_send = sha2password,last_send_hashnt_date = datetime.datetime.now()).where(AzureObject.sourceanchor==entry).execute()
Expand Down

0 comments on commit 436e93b

Please sign in to comment.