Changeset 745 for trunk/server/libgpo

Timestamp:

Nov 27, 2012, 4:43:17 PM (13 years ago)

Author:

Silvan Scherrer

Message:

Samba Server: updated trunk to 3.6.0

Location:

trunk/server

Files:

• . (modified) (1 prop)
• libgpo/config.mk (deleted)
• libgpo/gpext/gpext.c (modified) (5 diffs)
• libgpo/gpext/gpext.h (modified) (4 diffs)
• libgpo/gpo.h (modified) (7 diffs)
• libgpo/gpo_fetch.c (modified) (3 diffs)
• libgpo/gpo_ldap.c (modified) (8 diffs)
• libgpo/gpo_sec.c (modified) (6 diffs)
• libgpo/gpo_util.c (modified) (6 diffs)
• libgpo/wscript_build (copied) (copied from vendor/current/libgpo/wscript_build )

trunk/server/libgpo/gpext/gpext.c

@@ -19 +19 @@
 
 #include "includes.h"
+#include "../libgpo/gpo.h"
 #include "../libgpo/gpext/gpext.h"
 #include "librpc/gen_ndr/ndr_misc.h"
 #include "lib/util/dlinklist.h"
+#include "../libcli/registry/util_reg.h"
+#if _SAMBA_BUILD_ == 3
+#include "libgpo/gpo_proto.h"
+#include "registry.h"
+#include "registry/reg_api.h"
+#endif
 
 static struct gp_extension *extensions = NULL;
@@ -277 +284 @@
                 case REG_SZ:
                 case REG_EXPAND_SZ:
-                        data->v.sz.str = talloc_strdup(mem_ctx, data_s);
-                        NT_STATUS_HAVE_NO_MEMORY(data->v.sz.str);
-                        data->v.sz.len = strlen(data_s);
+                        if (!push_reg_sz(mem_ctx, &data->data, data_s)) {
+                                return NT_STATUS_NO_MEMORY;
+                        }
                         break;
-                case REG_DWORD:
-                        data->v.dword = atoi(data_s);
+                case REG_DWORD: {
+                        uint32_t v = atoi(data_s);
+                        data->data = data_blob_talloc(mem_ctx, NULL, 4);
+                        SIVAL(data->data.data, 0, v);
                         break;
+                }
                 default:
                         return NT_STATUS_NOT_SUPPORTED;
@@ -587 +597 @@
 
                         if (!reg_ctx) {
-                                NT_USER_TOKEN *token;
+                                struct security_token *token;
 
                                 token = registry_create_system_token(mem_ctx);
@@ -671 +681 @@
                            TALLOC_CTX *mem_ctx,
                            uint32_t flags,
-                           const NT_USER_TOKEN *token,
+                           const struct security_token *token,
                            struct GROUP_POLICY_OBJECT *gpo_list,
                            const char *extension_guid,
@@ -685 +695 @@
                                  TALLOC_CTX *mem_ctx,
                                  uint32_t flags,
-                                 const NT_USER_TOKEN *token,
+                                 const struct security_token *token,
                                  struct registry_key *root_key,
                                  struct GROUP_POLICY_OBJECT *gpo,

trunk/server/libgpo/gpext/gpext.h

@@ -66 +66 @@
                                          uint32_t flags,
                                          struct registry_key *root_key,
-                                         const NT_USER_TOKEN *token,
+                                         const struct security_token *token,
                                          struct GROUP_POLICY_OBJECT *gpo,
                                          const char *extension_guid,
@@ -74 +74 @@
                                          TALLOC_CTX *mem_ctx,
                                          uint32_t flags,
-                                         const NT_USER_TOKEN *token,
+                                         const struct security_token *token,
                                          struct GROUP_POLICY_OBJECT *gpo_list,
                                          const char *extension_guid);
@@ -110 +110 @@
                            TALLOC_CTX *mem_ctx,
                            uint32_t flags,
-                           const NT_USER_TOKEN *token,
+                           const struct security_token *token,
                            struct GROUP_POLICY_OBJECT *gpo_list,
                            const char *extension_guid,
@@ -117 +117 @@
                                  TALLOC_CTX *mem_ctx,
                                  uint32_t flags,
-                                 const NT_USER_TOKEN *token,
+                                 const struct security_token *token,
                                  struct registry_key *root_key,
                                  struct GROUP_POLICY_OBJECT *gpo,

trunk/server/libgpo/gpo.h

@@ -25 +25 @@
 #else
 struct loadparm_context;
+#include "ads.h"
 #endif
 
@@ -156 +157 @@
 
 struct gp_registry_context {
-        const NT_USER_TOKEN *token;
+        const struct security_token *token;
         const char *path;
         struct registry_key *curr_key;
@@ -215 +216 @@
                              TALLOC_CTX *mem_ctx,
                              const char *dn,
-                             NT_USER_TOKEN **token);
+                             struct security_token **token);
 ADS_STATUS ads_get_gpo_list(ADS_STRUCT *ads,
                             TALLOC_CTX *mem_ctx,
                             const char *dn,
                             uint32_t flags,
-                            const NT_USER_TOKEN *token,
+                            const struct security_token *token,
                             struct GROUP_POLICY_OBJECT **gpo_list);
 
@@ -226 +227 @@
 
 NTSTATUS gpo_apply_security_filtering(const struct GROUP_POLICY_OBJECT *gpo,
-                                      const NT_USER_TOKEN *token);
+                                      const struct security_token *token);
 
 /* The following definitions come from libgpo/gpo_util.c  */
@@ -245 +246 @@
 ADS_STATUS gpo_process_a_gpo(ADS_STRUCT *ads,
                              TALLOC_CTX *mem_ctx,
-                             const NT_USER_TOKEN *token,
+                             const struct security_token *token,
                              struct registry_key *root_key,
                              struct GROUP_POLICY_OBJECT *gpo,
@@ -252 +253 @@
 ADS_STATUS gpo_process_gpo_list(ADS_STRUCT *ads,
                                 TALLOC_CTX *mem_ctx,
-                                const NT_USER_TOKEN *token,
+                                const struct security_token *token,
                                 struct GROUP_POLICY_OBJECT *gpo_list,
                                 const char *extensions_guid_filter,
@@ -282 +283 @@
                                 struct loadparm_context *lp_ctx,
                                 const char *dn,
-                                NT_USER_TOKEN **token);
+                                struct security_token **token);
 
 

trunk/server/libgpo/gpo_fetch.c

@@ -26 +26 @@
 #include "param/param.h"
 #include "libcli/resolve/resolve.h"
-#include "../lib/tevent/tevent.h"
+#include <tevent.h>
 #include "libcli/libcli.h"
 #include "libcli/raw/libcliraw.h"
@@ -33 +33 @@
 #include "libgpo/gpo_s4.h"
 #include "lib/util/util.h"
+#else
+#include "libgpo/gpo_proto.h"
+#include "libsmb/libsmb.h"
 #endif
 
@@ -149 +152 @@
                         CLI_FULL_CONNECTION_USE_KERBEROS |
                         CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS,
-                        Undefined, NULL);
+                        Undefined);
         if (!NT_STATUS_IS_OK(result)) {
                 DEBUG(10,("check_refresh_gpo: "

trunk/server/libgpo/gpo_ldap.c

@@ -19 +19 @@
 
 #include "includes.h"
+#include "libgpo/gpo.h"
+#include "auth.h"
 #if _SAMBA_BUILD_ == 4
-#include "libgpo/gpo.h"
 #include "libgpo/gpo_s4.h"
 #include "source4/libgpo/ads_convenience.h"
 #endif
+#include "../libcli/security/security.h"
 
 /****************************************************************
@@ -486 +488 @@
                 "versionNumber",
                 NULL};
-        uint32_t sd_flags = DACL_SECURITY_INFORMATION;
+        uint32_t sd_flags = SECINFO_DACL;
 
         ZERO_STRUCTP(gpo);
@@ -553 +555 @@
                                          enum GPO_LINK_TYPE link_type,
                                          bool only_add_forced_gpos,
-                                         const NT_USER_TOKEN *token)
+                                         const struct security_token *token)
 {
         ADS_STATUS status;
@@ -620 +622 @@
                              TALLOC_CTX *mem_ctx,
                              const char *dn,
-                             NT_USER_TOKEN **token)
+                             struct security_token **token)
 {
         ADS_STATUS status;
-        DOM_SID object_sid;
-        DOM_SID primary_group_sid;
-        DOM_SID *ad_token_sids;
+        struct dom_sid object_sid;
+        struct dom_sid primary_group_sid;
+        struct dom_sid *ad_token_sids;
         size_t num_ad_token_sids = 0;
-        DOM_SID *token_sids;
-        size_t num_token_sids = 0;
-        NT_USER_TOKEN *new_token = NULL;
+        struct dom_sid *token_sids;
+        uint32_t num_token_sids = 0;
+        struct security_token *new_token = NULL;
         int i;
 
@@ -639 +641 @@
         }
 
-        token_sids = TALLOC_ARRAY(mem_ctx, DOM_SID, 1);
+        token_sids = TALLOC_ARRAY(mem_ctx, struct dom_sid, 1);
         ADS_ERROR_HAVE_NO_MEMORY(token_sids);
 
@@ -671 +673 @@
         *token = new_token;
 
-        debug_nt_user_token(DBGC_CLASS, 5, *token);
+        security_token_debug(DBGC_CLASS, 5, *token);
 
         return ADS_ERROR_LDAP(LDAP_SUCCESS);
@@ -711 +713 @@
                             const char *dn,
                             uint32_t flags,
-                            const NT_USER_TOKEN *token,
+                            const struct security_token *token,
                             struct GROUP_POLICY_OBJECT **gpo_list)
 {
@@ -725 +727 @@
         if (!dn) {
                 return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
+        }
+
+        if (!ads_set_sasl_wrap_flags(ads, ADS_AUTH_SASL_SIGN)) {
+                return ADS_ERROR(LDAP_INVALID_CREDENTIALS);
         }
 

trunk/server/libgpo/gpo_sec.c

@@ -19 +19 @@
 
 #include "includes.h"
-#include "libcli/security/dom_sid.h"
+#include "libcli/security/security.h"
+#include "../libgpo/gpo.h"
+#include "auth.h"
+#include "../librpc/ndr/libndr.h"
 #if _SAMBA_BUILD_ == 4
 #include "libgpo/ads_convenience.h"
@@ -25 +28 @@
 #include "librpc/gen_ndr/ndr_misc.h"
 #include "../libcli/security/secace.h"
-#include "../libgpo/gpo.h"
 #endif
 
@@ -102 +104 @@
 
 static NTSTATUS gpo_sd_check_ace_denied_object(const struct security_ace *ace,
-                                               const NT_USER_TOKEN *token)
+                                               const struct security_token *token)
 {
         char *sid_str;
@@ -124 +126 @@
 
 static NTSTATUS gpo_sd_check_ace_allowed_object(const struct security_ace *ace,
-                                                const NT_USER_TOKEN *token)
+                                                const struct security_token *token)
 {
         char *sid_str;
@@ -147 +149 @@
 
 static NTSTATUS gpo_sd_check_ace(const struct security_ace *ace,
-                                 const NT_USER_TOKEN *token)
+                                 const struct security_token *token)
 {
         switch (ace->type) {
@@ -163 +165 @@
 
 NTSTATUS gpo_apply_security_filtering(const struct GROUP_POLICY_OBJECT *gpo,
-                                      const NT_USER_TOKEN *token)
+                                      const struct security_token *token)
 {
         struct security_descriptor *sd = gpo->security_descriptor;

trunk/server/libgpo/gpo_util.c

@@ -19 +19 @@
 #define TALLOC_DEPRECATED 1
 #include "includes.h"
+#include "system/filesys.h"
 #include "librpc/gen_ndr/ndr_misc.h"
+#include "../librpc/gen_ndr/ndr_security.h"
+#include "../libgpo/gpo.h"
+#include "../libcli/security/security.h"
 #if _SAMBA_BUILD_ == 4
-#include "system/filesys.h"
 #include "auth/auth.h"
-#include "../libgpo/gpo.h"
-#include "../lib/talloc/talloc.h"
+#include <talloc.h>
 #include "source4/libgpo/ads_convenience.h"
 #endif
@@ -322 +324 @@
                 dump_gp_ext(gp_ext, lvl);
         }
-
-        DEBUGADD(lvl,("security descriptor:\n"));
-
-        NDR_PRINT_DEBUG(security_descriptor, gpo->security_descriptor);
+        if (gpo->security_descriptor) {
+                DEBUGADD(lvl,("security descriptor:\n"));
+
+                NDR_PRINT_DEBUG(security_descriptor, gpo->security_descriptor);
+        }
 }
 
@@ -447 +450 @@
 ADS_STATUS gpo_process_a_gpo(ADS_STRUCT *ads,
                              TALLOC_CTX *mem_ctx,
-                             const NT_USER_TOKEN *token,
+                             const struct security_token *token,
                              struct registry_key *root_key,
                              struct GROUP_POLICY_OBJECT *gpo,
@@ -504 +507 @@
 static ADS_STATUS gpo_process_gpo_list_by_ext(ADS_STRUCT *ads,
                                               TALLOC_CTX *mem_ctx,
-                                              const NT_USER_TOKEN *token,
+                                              const struct security_token *token,
                                               struct registry_key *root_key,
                                               struct GROUP_POLICY_OBJECT *gpo_list,
@@ -542 +545 @@
 ADS_STATUS gpo_process_gpo_list(ADS_STRUCT *ads,
                                 TALLOC_CTX *mem_ctx,
-                                const NT_USER_TOKEN *token,
+                                const struct security_token *token,
                                 struct GROUP_POLICY_OBJECT *gpo_list,
                                 const char *extensions_guid_filter,
@@ -839 +842 @@
                                 struct loadparm_context *lp_ctx,
                                 const char *dn,
-                                NT_USER_TOKEN **token)
-{
-        NT_USER_TOKEN *ad_token = NULL;
+                                struct security_token **token)
+{
+        struct security_token *ad_token = NULL;
         ADS_STATUS status;
 #if _SAMBA_BUILD_ == 4