r22796: Add security descriptor to GROUP_POLICY_OBJECT structure (in preparation of

adding GPO security filtering for libgpo).

Guenther
(This used to be commit b376a39fbf42a6a541fd311418c4a980b9fd4b9e)

diff --git a/source3/include/gpo.h b/source3/include/gpo.h
index c3ae20dd20bda00cad4e79b032d22cf7a4d88b4f..a13c81b554d07761c2b32a12573edb833cae3997 100644 (file)
--- a/source3/include/gpo.h
+++ b/source3/include/gpo.h
@@ -49,6 +49,7 @@ struct GROUP_POLICY_OBJECT {
        uint32 link_type; /* GPO_LINK_TYPE */
        const char *user_extensions;
        const char *machine_extensions;
+       SEC_DESC *security_descriptor;
        struct GROUP_POLICY_OBJECT *next, *prev;
 };
 

diff --git a/source3/include/includes.h b/source3/include/includes.h
index 5acd7abc3600b3883747250668ebf031248432b5..1fa3aae8f79ea4ab56c7350f60608cf29c4a44e3 100644 (file)
--- a/source3/include/includes.h
+++ b/source3/include/includes.h
@@ -643,7 +643,6 @@ typedef int BOOL;
 
 #include "nt_status.h"
 #include "ads.h"
-#include "gpo.h"
 #include "ads_dns.h"
 #include "interfaces.h"
 #include "trans2.h"
@@ -668,6 +667,7 @@ typedef int BOOL;
 #include "mapping.h"
 #include "passdb.h"
 #include "rpc_secdes.h"
+#include "gpo.h"
 #include "authdata.h"
 #include "msdfs.h"
 #include "rap.h"

diff --git a/source3/libgpo/gpo_ldap.c b/source3/libgpo/gpo_ldap.c
index 6c1079832d0f5b47a102685f048a57f5c7ebd207..112d2bb1f9bacacdab497a7fb09927cff837d17e 100644 (file)
--- a/source3/libgpo/gpo_ldap.c
+++ b/source3/libgpo/gpo_ldap.c
@@ -434,6 +434,9 @@ ADS_STATUS ads_delete_gpo_link(ADS_STRUCT *ads,
        gpo->machine_extensions = ads_pull_string(ads, mem_ctx, res, "gPCMachineExtensionNames");
        gpo->user_extensions = ads_pull_string(ads, mem_ctx, res, "gPCUserExtensionNames");
 
+       ads_pull_sd(ads, mem_ctx, res, "ntSecurityDescriptor", &gpo->security_descriptor);
+       ADS_ERROR_HAVE_NO_MEMORY(gpo->security_descriptor);
+
        return ADS_ERROR(LDAP_SUCCESS);
 }
 
@@ -455,7 +458,7 @@ ADS_STATUS ads_get_gpo(ADS_STRUCT *ads,
        const char *attrs[] = { "cn", "displayName", "flags", "gPCFileSysPath", 
                                "gPCFunctionalityVersion", "gPCMachineExtensionNames", 
                                "gPCUserExtensionNames", "gPCWQLFilter", "name", 
-                               "versionNumber", NULL};
+                               "versionNumber", "ntSecurityDescriptor", NULL};
 
        ZERO_STRUCTP(gpo);