Changeset 988 for vendor/current/libgpo/gpo_util.c
- Timestamp:
- Nov 24, 2016, 1:14:11 PM (9 years ago)
- File:
-
- 1 edited
-
vendor/current/libgpo/gpo_util.c (modified) (21 diffs)
Legend:
- Unmodified
- Added
- Removed
-
vendor/current/libgpo/gpo_util.c
r746 r988 17 17 * along with this program; if not, see <http://www.gnu.org/licenses/>. 18 18 */ 19 #define TALLOC_DEPRECATED 1 19 20 20 #include "includes.h" 21 21 #include "system/filesys.h" … … 24 24 #include "../libgpo/gpo.h" 25 25 #include "../libcli/security/security.h" 26 #if _SAMBA_BUILD_ == 4 27 #include "auth/auth.h" 28 #include <talloc.h> 29 #include "source4/libgpo/ads_convenience.h" 30 #endif 31 #undef strdup 26 #include "registry.h" 27 #include "libgpo/gpo_proto.h" 28 #include "libgpo/gpext/gpext.h" 32 29 33 30 #if 0 … … 233 230 ****************************************************************/ 234 231 235 void dump_gpo(ADS_STRUCT *ads, 236 TALLOC_CTX *mem_ctx, 237 struct GROUP_POLICY_OBJECT *gpo, 232 void dump_gpo(const struct GROUP_POLICY_OBJECT *gpo, 238 233 int debuglevel) 239 234 { 240 235 int lvl = debuglevel; 236 TALLOC_CTX *frame = talloc_stackframe(); 241 237 242 238 if (gpo == NULL) { 243 return;239 goto out; 244 240 } 245 241 … … 305 301 struct GP_EXT *gp_ext = NULL; 306 302 307 if (!ads_parse_gp_ext( mem_ctx, gpo->machine_extensions,303 if (!ads_parse_gp_ext(frame, gpo->machine_extensions, 308 304 &gp_ext)) { 309 return;305 goto out; 310 306 } 311 307 dump_gp_ext(gp_ext, lvl); … … 318 314 struct GP_EXT *gp_ext = NULL; 319 315 320 if (!ads_parse_gp_ext( mem_ctx, gpo->user_extensions,316 if (!ads_parse_gp_ext(frame, gpo->user_extensions, 321 317 &gp_ext)) { 322 return;318 goto out; 323 319 } 324 320 dump_gp_ext(gp_ext, lvl); … … 329 325 NDR_PRINT_DEBUG(security_descriptor, gpo->security_descriptor); 330 326 } 331 } 332 333 /**************************************************************** 334 ****************************************************************/ 335 336 void dump_gpo_list(ADS_STRUCT *ads, 337 TALLOC_CTX *mem_ctx, 338 327 out: 328 talloc_free(frame); 329 } 330 331 /**************************************************************** 332 ****************************************************************/ 333 334 void dump_gpo_list(const struct GROUP_POLICY_OBJECT *gpo_list, 339 335 int debuglevel) 340 336 { 341 struct GROUP_POLICY_OBJECT *gpo = NULL;337 const struct GROUP_POLICY_OBJECT *gpo = NULL; 342 338 343 339 for (gpo = gpo_list; gpo; gpo = gpo->next) { 344 dump_gpo(ads, mem_ctx, gpo, debuglevel); 345 } 346 } 347 348 /**************************************************************** 349 ****************************************************************/ 350 351 void dump_gplink(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, struct GP_LINK *gp_link) 352 { 353 ADS_STATUS status; 340 dump_gpo(gpo, debuglevel); 341 } 342 } 343 344 /**************************************************************** 345 ****************************************************************/ 346 347 void dump_gplink(const struct GP_LINK *gp_link) 348 { 354 349 int i; 355 350 int lvl = 10; … … 391 386 } 392 387 DEBUGADD(lvl,("\n")); 393 394 if (ads != NULL && mem_ctx != NULL) {395 396 struct GROUP_POLICY_OBJECT gpo;397 398 status = ads_get_gpo(ads, mem_ctx,399 gp_link->link_names[i],400 NULL, NULL, &gpo);401 if (!ADS_ERR_OK(status)) {402 DEBUG(lvl,("get gpo for %s failed: %s\n",403 gp_link->link_names[i],404 ads_errstr(status)));405 return;406 }407 dump_gpo(ads, mem_ctx, &gpo, lvl);408 }409 388 } 410 389 } … … 415 394 ****************************************************************/ 416 395 417 staticbool gpo_get_gp_ext_from_gpo(TALLOC_CTX *mem_ctx,418 419 420 396 bool gpo_get_gp_ext_from_gpo(TALLOC_CTX *mem_ctx, 397 uint32_t flags, 398 const struct GROUP_POLICY_OBJECT *gpo, 399 struct GP_EXT **gp_ext) 421 400 { 422 401 ZERO_STRUCTP(*gp_ext); … … 448 427 ****************************************************************/ 449 428 450 ADS_STATUS gpo_process_a_gpo(ADS_STRUCT *ads, 451 TALLOC_CTX *mem_ctx, 452 const struct security_token *token, 453 struct registry_key *root_key, 454 struct GROUP_POLICY_OBJECT *gpo, 455 const char *extension_guid_filter, 456 uint32_t flags) 457 { 458 struct GP_EXT *gp_ext = NULL; 459 int i; 460 461 DEBUG(10,("gpo_process_a_gpo: processing gpo %s (%s)\n", 462 gpo->name, gpo->display_name)); 463 if (extension_guid_filter) { 464 DEBUGADD(10,("gpo_process_a_gpo: using filter %s (%s)\n", 465 extension_guid_filter, 466 cse_gpo_guid_string_to_name(extension_guid_filter))); 467 } 468 469 if (!gpo_get_gp_ext_from_gpo(mem_ctx, flags, gpo, &gp_ext)) { 470 return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER); 471 } 472 473 if (!gp_ext || !gp_ext->num_exts) { 474 if (flags & GPO_INFO_FLAG_VERBOSE) { 475 DEBUG(0,("gpo_process_a_gpo: " 476 "no policies in %s (%s) for this extension\n", 477 gpo->name, gpo->display_name)); 478 } 479 return ADS_SUCCESS; 480 } 481 482 for (i=0; i<gp_ext->num_exts; i++) { 483 484 NTSTATUS ntstatus; 485 486 if (extension_guid_filter && 487 !strequal(extension_guid_filter, 488 gp_ext->extensions_guid[i])) { 489 continue; 490 } 491 492 ntstatus = gpext_process_extension(ads, mem_ctx, 493 flags, token, root_key, gpo, 494 gp_ext->extensions_guid[i], 495 gp_ext->snapins_guid[i]); 496 if (!NT_STATUS_IS_OK(ntstatus)) { 497 ADS_ERROR_NT(ntstatus); 498 } 499 } 500 501 return ADS_SUCCESS; 502 } 503 504 /**************************************************************** 505 ****************************************************************/ 506 507 static ADS_STATUS gpo_process_gpo_list_by_ext(ADS_STRUCT *ads, 508 TALLOC_CTX *mem_ctx, 509 const struct security_token *token, 510 struct registry_key *root_key, 511 struct GROUP_POLICY_OBJECT *gpo_list, 512 const char *extensions_guid, 513 uint32_t flags) 514 { 515 ADS_STATUS status; 516 struct GROUP_POLICY_OBJECT *gpo; 517 518 for (gpo = gpo_list; gpo; gpo = gpo->next) { 519 520 if (gpo->link_type == GP_LINK_LOCAL) { 521 continue; 522 } 523 524 525 /* FIXME: we need to pass down the *list* down to the 526 * extension, otherwise we cannot store the e.g. the *list* of 527 * logon-scripts correctly (for more then one GPO) */ 528 529 status = gpo_process_a_gpo(ads, mem_ctx, token, root_key, 530 gpo, extensions_guid, flags); 531 532 if (!ADS_ERR_OK(status)) { 533 DEBUG(0,("failed to process gpo by ext: %s\n", 534 ads_errstr(status))); 535 return status; 536 } 537 } 538 539 return ADS_SUCCESS; 540 } 541 542 /**************************************************************** 543 ****************************************************************/ 544 545 ADS_STATUS gpo_process_gpo_list(ADS_STRUCT *ads, 546 TALLOC_CTX *mem_ctx, 547 const struct security_token *token, 548 struct GROUP_POLICY_OBJECT *gpo_list, 549 const char *extensions_guid_filter, 550 uint32_t flags) 551 { 552 ADS_STATUS status = ADS_SUCCESS; 553 struct gp_extension *gp_ext_list = NULL; 554 struct gp_extension *gp_ext = NULL; 429 NTSTATUS gpo_process_gpo_list(TALLOC_CTX *mem_ctx, 430 const struct security_token *token, 431 const struct GROUP_POLICY_OBJECT *deleted_gpo_list, 432 const struct GROUP_POLICY_OBJECT *changed_gpo_list, 433 const char *extensions_guid_filter, 434 uint32_t flags) 435 { 436 NTSTATUS status = NT_STATUS_OK; 555 437 struct registry_key *root_key = NULL; 556 438 struct gp_registry_context *reg_ctx = NULL; 557 #if 0558 439 WERROR werr; 559 #endif 560 status = ADS_ERROR_NT(init_gp_extensions(mem_ctx)); 561 if (!ADS_ERR_OK(status)) { 562 return status; 563 } 564 565 gp_ext_list = get_gp_extension_list(); 566 if (!gp_ext_list) { 567 return ADS_ERROR_NT(NT_STATUS_DLL_INIT_FAILED); 568 } 569 /* FIXME Needs to be replaced with new patchfile_preg calls */ 570 #if 0 440 571 441 /* get the key here */ 572 442 if (flags & GPO_LIST_FLAG_MACHINE) { … … 581 451 if (!W_ERROR_IS_OK(werr)) { 582 452 talloc_free(reg_ctx); 583 return ADS_ERROR_NT(werror_to_ntstatus(werr)); 584 } 585 #endif 453 return werror_to_ntstatus(werr); 454 } 586 455 587 456 root_key = reg_ctx->curr_key; 588 457 589 for (gp_ext = gp_ext_list; gp_ext; gp_ext = gp_ext->next) { 590 591 const char *guid_str = NULL; 592 593 guid_str = GUID_string(mem_ctx, gp_ext->guid); 594 if (!guid_str) { 595 status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY); 596 goto done; 597 } 598 599 if (extensions_guid_filter && 600 (!strequal(guid_str, extensions_guid_filter))) { 601 continue; 602 } 603 604 DEBUG(0,("-------------------------------------------------\n")); 605 DEBUG(0,("gpo_process_gpo_list: processing ext: %s {%s}\n", 606 gp_ext->name, guid_str)); 607 608 609 status = gpo_process_gpo_list_by_ext(ads, mem_ctx, token, 610 root_key, gpo_list, 611 guid_str, flags); 612 if (!ADS_ERR_OK(status)) { 613 goto done; 614 } 615 } 616 617 done: 458 status = gpext_process_extension(mem_ctx, 459 flags, token, root_key, 460 deleted_gpo_list, 461 changed_gpo_list, 462 extensions_guid_filter); 618 463 talloc_free(reg_ctx); 619 464 talloc_free(root_key); 620 free_gp_extensions();465 gpext_free_gp_extensions(); 621 466 622 467 return status; … … 632 477 TALLOC_CTX *mem_ctx, 633 478 const char *cache_dir, 634 struct loadparm_context *lp_ctx,635 479 uint32_t flags, 636 struct GROUP_POLICY_OBJECT *gpo)480 const struct GROUP_POLICY_OBJECT *gpo) 637 481 { 638 482 NTSTATUS result; … … 672 516 DEBUG(1,("check_refresh_gpo: need to refresh GPO\n")); 673 517 674 result = gpo_fetch_files(mem_ctx, ads, lp_ctx,cache_dir, gpo);518 result = gpo_fetch_files(mem_ctx, ads, cache_dir, gpo); 675 519 if (!NT_STATUS_IS_OK(result)) { 676 520 goto out; … … 719 563 TALLOC_CTX *mem_ctx, 720 564 const char *cache_dir, 721 struct loadparm_context *lp_ctx,722 565 uint32_t flags, 723 struct GROUP_POLICY_OBJECT *gpo_list)566 const struct GROUP_POLICY_OBJECT *gpo_list) 724 567 { 725 568 NTSTATUS result = NT_STATUS_UNSUCCESSFUL; 726 struct GROUP_POLICY_OBJECT *gpo;569 const struct GROUP_POLICY_OBJECT *gpo; 727 570 728 571 if (!gpo_list) { … … 732 575 for (gpo = gpo_list; gpo; gpo = gpo->next) { 733 576 734 result = check_refresh_gpo(ads, mem_ctx, cache_dir, lp_ctx,flags, gpo);577 result = check_refresh_gpo(ads, mem_ctx, cache_dir, flags, gpo); 735 578 if (!NT_STATUS_IS_OK(result)) { 736 579 goto out; … … 751 594 NTSTATUS gpo_get_unix_path(TALLOC_CTX *mem_ctx, 752 595 const char *cache_dir, 753 struct GROUP_POLICY_OBJECT *gpo,596 const struct GROUP_POLICY_OBJECT *gpo, 754 597 char **unix_path) 755 598 { … … 770 613 } 771 614 615 str = talloc_strdup(ctx, ""); 616 if (!str) { 617 return NULL; 618 } 619 772 620 if (flags & GPO_INFO_FLAG_SLOWLINK) 773 str = talloc_ append_string(ctx,str, "GPO_INFO_FLAG_SLOWLINK ");621 str = talloc_strdup_append(str, "GPO_INFO_FLAG_SLOWLINK "); 774 622 if (flags & GPO_INFO_FLAG_VERBOSE) 775 str = talloc_ append_string(ctx,str, "GPO_INFO_FLAG_VERBOSE ");623 str = talloc_strdup_append(str, "GPO_INFO_FLAG_VERBOSE "); 776 624 if (flags & GPO_INFO_FLAG_SAFEMODE_BOOT) 777 str = talloc_ append_string(ctx,str, "GPO_INFO_FLAG_SAFEMODE_BOOT ");625 str = talloc_strdup_append(str, "GPO_INFO_FLAG_SAFEMODE_BOOT "); 778 626 if (flags & GPO_INFO_FLAG_NOCHANGES) 779 str = talloc_ append_string(ctx,str, "GPO_INFO_FLAG_NOCHANGES ");627 str = talloc_strdup_append(str, "GPO_INFO_FLAG_NOCHANGES "); 780 628 if (flags & GPO_INFO_FLAG_MACHINE) 781 str = talloc_ append_string(ctx,str, "GPO_INFO_FLAG_MACHINE ");629 str = talloc_strdup_append(str, "GPO_INFO_FLAG_MACHINE "); 782 630 if (flags & GPO_INFO_FLAG_LOGRSOP_TRANSITION) 783 str = talloc_ append_string(ctx,str, "GPO_INFO_FLAG_LOGRSOP_TRANSITION ");631 str = talloc_strdup_append(str, "GPO_INFO_FLAG_LOGRSOP_TRANSITION "); 784 632 if (flags & GPO_INFO_FLAG_LINKTRANSITION) 785 str = talloc_ append_string(ctx,str, "GPO_INFO_FLAG_LINKTRANSITION ");633 str = talloc_strdup_append(str, "GPO_INFO_FLAG_LINKTRANSITION "); 786 634 if (flags & GPO_INFO_FLAG_FORCED_REFRESH) 787 str = talloc_ append_string(ctx,str, "GPO_INFO_FLAG_FORCED_REFRESH ");635 str = talloc_strdup_append(str, "GPO_INFO_FLAG_FORCED_REFRESH "); 788 636 if (flags & GPO_INFO_FLAG_BACKGROUND) 789 str = talloc_ append_string(ctx,str, "GPO_INFO_FLAG_BACKGROUND ");637 str = talloc_strdup_append(str, "GPO_INFO_FLAG_BACKGROUND "); 790 638 791 639 return str; … … 840 688 ADS_STATUS gp_get_machine_token(ADS_STRUCT *ads, 841 689 TALLOC_CTX *mem_ctx, 842 struct loadparm_context *lp_ctx,843 690 const char *dn, 844 691 struct security_token **token) … … 847 694 struct security_token *ad_token = NULL; 848 695 ADS_STATUS status; 849 #if _SAMBA_BUILD_ == 4850 struct auth_session_info *info;851 #else852 696 NTSTATUS ntstatus; 853 #endif854 697 855 698 status = ads_get_sid_token(ads, mem_ctx, dn, &ad_token); … … 857 700 return status; 858 701 } 859 #if _SAMBA_BUILD_ == 4860 info = system_session(mem_ctx, lp_ctx);861 *token = info->security_token;862 #else863 702 ntstatus = merge_nt_token(mem_ctx, ad_token, get_system_token(), 864 703 token); … … 866 705 return ADS_ERROR_NT(ntstatus); 867 706 } 868 #endif869 707 return ADS_SUCCESS; 870 708 #else … … 872 710 #endif 873 711 } 712 713 /**************************************************************** 714 ****************************************************************/ 715 716 NTSTATUS gpo_copy(TALLOC_CTX *mem_ctx, 717 const struct GROUP_POLICY_OBJECT *gpo_src, 718 struct GROUP_POLICY_OBJECT **gpo_dst) 719 { 720 struct GROUP_POLICY_OBJECT *gpo; 721 722 gpo = talloc_zero(mem_ctx, struct GROUP_POLICY_OBJECT); 723 NT_STATUS_HAVE_NO_MEMORY(gpo); 724 725 gpo->options = gpo_src->options; 726 gpo->version = gpo_src->version; 727 728 gpo->ds_path = talloc_strdup(gpo, gpo_src->ds_path); 729 if (gpo->ds_path == NULL) { 730 TALLOC_FREE(gpo); 731 return NT_STATUS_NO_MEMORY; 732 } 733 734 gpo->file_sys_path = talloc_strdup(gpo, gpo_src->file_sys_path); 735 if (gpo->file_sys_path == NULL) { 736 TALLOC_FREE(gpo); 737 return NT_STATUS_NO_MEMORY; 738 } 739 740 gpo->display_name = talloc_strdup(gpo, gpo_src->display_name); 741 if (gpo->display_name == NULL) { 742 TALLOC_FREE(gpo); 743 return NT_STATUS_NO_MEMORY; 744 } 745 746 gpo->name = talloc_strdup(gpo, gpo_src->name); 747 if (gpo->name == NULL) { 748 TALLOC_FREE(gpo); 749 return NT_STATUS_NO_MEMORY; 750 } 751 752 gpo->link = talloc_strdup(gpo, gpo_src->link); 753 if (gpo->link == NULL) { 754 TALLOC_FREE(gpo); 755 return NT_STATUS_NO_MEMORY; 756 } 757 758 gpo->link_type = gpo_src->link_type; 759 760 if (gpo_src->user_extensions) { 761 gpo->user_extensions = talloc_strdup(gpo, gpo_src->user_extensions); 762 if (gpo->user_extensions == NULL) { 763 TALLOC_FREE(gpo); 764 return NT_STATUS_NO_MEMORY; 765 } 766 } 767 768 if (gpo_src->machine_extensions) { 769 gpo->machine_extensions = talloc_strdup(gpo, gpo_src->machine_extensions); 770 if (gpo->machine_extensions == NULL) { 771 TALLOC_FREE(gpo); 772 return NT_STATUS_NO_MEMORY; 773 } 774 } 775 776 if (gpo_src->security_descriptor == NULL) { 777 /* existing SD assumed */ 778 TALLOC_FREE(gpo); 779 return NT_STATUS_INVALID_PARAMETER; 780 } 781 gpo->security_descriptor = security_descriptor_copy(gpo, 782 gpo_src->security_descriptor); 783 if (gpo->security_descriptor == NULL) { 784 TALLOC_FREE(gpo); 785 return NT_STATUS_NO_MEMORY; 786 } 787 788 gpo->next = gpo->prev = NULL; 789 790 *gpo_dst = gpo; 791 792 return NT_STATUS_OK; 793 }
Note:
See TracChangeset
for help on using the changeset viewer.
