Write package

2019-06-10 10:44:56 +02:00 · 2019-06-10 10:44:56 +02:00 · b05454796a
parent d1e7b9f655
commit b05454796a
2 changed files with 51 additions and 4 deletions
--- a/WAPT/control
+++ b/WAPT/control
@ -1,13 +1,13 @@
 package           : fws-lock-policy
-version           : 1
+version           : 9
 architecture      : all
 section           : base
 priority          : 
 maintainer        : Daniel Berteaud
 description       : Screen locking policy
 depends           : 
-conflicts         : 
-maturity          : DEV
+conflicts         : fws-disable-sleepmode
+maturity          : PROD
 locale            : all
 target_os         : windows
 min_os_version    : 5.0
@ -29,4 +29,4 @@ package_uuid      :
 signer            : Daniel Berteaud
 signer_fingerprint: 
 signature_date    : 
-signed_attributes : 
+signed_attributes : 
--- a/setup.py
+++ b/setup.py
@ -2,9 +2,56 @@
 from setuphelpers import *

 uninstallkey = []
+variables = {
+    'screen_lock_enabled': True,
+    'screen_lock_timeout': 900
+}
+
+# Read local variables file if available
+if isfile(makepath(programfiles32,'wapt','private','symetric.txt')) and isfile(makepath(programfiles32,'wapt','private','variables.txt')):
+    print('Reading local encrypted variables file')
+    from cryptography.fernet import Fernet
+    import yaml
+    f = Fernet(open(makepath(programfiles32,'wapt','private','symetric.txt'),'r').read())
+    variables.update(yaml.safe_load(f.decrypt(open(makepath(programfiles32,'wapt','private','variables.txt'),'r').read())))

 def install():
+    print('Configuring screen locking policy')
+    if variables['screen_lock_enabled'] == True:
+        registry_setstring(HKEY_LOCAL_MACHINE, r'SOFTWARE\Policies\Microsoft\Power\PowerSettings\3C0BC021-C8A8-4E07-A973-6B14CBCB2B7E', 'ACSettingIndex', variables['screen_lock_timeout'], REG_DWORD)
+        registry_setstring(HKEY_LOCAL_MACHINE, r'SOFTWARE\Policies\Microsoft\Power\PowerSettings\3C0BC021-C8A8-4E07-A973-6B14CBCB2B7E', 'DCSettingIndex', variables['screen_lock_timeout'], REG_DWORD)
+        registry_setstring(HKEY_LOCAL_MACHINE, r'SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System', 'NoDispScrSavPage', 1, REG_DWORD)
+    else:
+        for setting in ['ACSettingIndex','DCSettingIndex']:
+            registry_delete(HKEY_LOCAL_MACHINE, r'SOFTWARE\Policies\Microsoft\Power\PowerSettings\381b4222-f694-41f0-9685-ff5bb260df2e', setting)
+        registry_delete(HKEY_LOCAL_MACHINE, r'SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System', 'NoDispScrSavPage')
+
+def session_setup():
+    # For Windows 10, ACSettingIndex / DCSettingIndex is enough. But on previous version, screen locking is controlled by the screen saver
+    if variables['screen_lock_enabled'] == True:
+        registry_setstring(HKEY_CURRENT_USER, r'Control Panel\Desktop', 'ScreenSaveIsSecure', '1', REG_SZ)
+        registry_setstring(HKEY_CURRENT_USER, r'Control Panel\Desktop', 'ScreenSaveActive', '1', REG_SZ)
+        registry_setstring(HKEY_CURRENT_USER, r'Control Panel\Desktop', 'ScreenSaveTimeOut', str(variables['screen_lock_timeout']), REG_SZ)
+        registry_setstring(HKEY_CURRENT_USER, r'Control Panel\Desktop', 'SCRNSAVE.EXE', r'C:\Windows\system32\scrnsave.scr', REG_SZ)
+    else:
+        registry_delete(HKEY_CURRENT_USER, r'Control Panel\Desktop', 'ScreenSaveIsSecure')
+        registry_delete(HKEY_CURRENT_USER, r'Control Panel\Desktop', 'ScreenSaveActive')
+        registry_delete(HKEY_CURRENT_USER, r'Control Panel\Desktop', 'ScreenSaveTimeOut')
+        registry_delete(HKEY_CURRENT_USER, r'Control Panel\Desktop', 'SCRNSAVE.EXE')

 def uninstall():
+    print('Removing screen locking policy')
+    for setting in ['ACSettingIndex','DCSettingIndex']:
+        registry_delete(HKEY_LOCAL_MACHINE, r'SOFTWARE\Policies\Microsoft\Power\PowerSettings\381b4222-f694-41f0-9685-ff5bb260df2e', setting)
+    registry_delete(HKEY_LOCAL_MACHINE, r'SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System', 'NoDispScrSavPage')

 def audit():
+    for setting in ['ACSettingIndex','DCSettingIndex']:
+        if not registry_readstring(HKEY_LOCAL_MACHINE,r'SOFTWARE\Policies\Microsoft\Power\PowerSettings\381b4222-f694-41f0-9685-ff5bb260df2e\%s' % setting):
+            print(r'SOFTWARE\Policies\Microsoft\Power\PowerSettings\381b4222-f694-41f0-9685-ff5bb260df2e\%s does not exist' % setting)
+            return "ERROR"
+        value = registry_readstring(HKEY_LOCAL_MACHINE,r'SOFTWARE\Policies\Microsoft\Power\PowerSettings\381b4222-f694-41f0-9685-ff5bb260df2e\%s' % setting)
+        if value != variables['screen_lock_timeout'] :
+            print("Screen lock timeout is not %, it's % instead" % (variables['screen_lock_timeout'], value) )
+            return "WARNING"
+