2 Unix SMB/CIFS mplementation.
5 Copyright (C) Luke Morrison 2013
7 Inspired by dns_updates.c written by Andrew Trigell 2009
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/
25 #include "dsdb/samdb/samdb.h"
26 #include "auth/auth.h"
27 #include "smbd/service.h"
28 #include "lib/messaging/irpc.h"
29 #include "param/param.h"
30 #include "system/filesys.h"
31 #include "dsdb/common/util.h"
32 #include "libcli/composite/composite.h"
33 #include "libcli/security/dom_sid.h"
34 #include "librpc/gen_ndr/ndr_irpc.h"
35 #include "libds/common/roles.h"
37 struct gpoupdate_service {
38 struct auth_session_info *system_session_info;
39 struct task_server *task;
41 /* status for periodic sysvol/GPO scan update - >sysvscan */
44 struct tevent_timer *te;
45 struct tevent_req *subreq;
51 Called when the sysvol scan has finished
53 static void gpoupdate_sysvscan_done(struct tevent_req *subreq)
55 struct gpoupdate_service *service = tevent_req_callback_data(subreq,
61 service->sysvscan.subreq = NULL;
63 ret = samba_runcmd_recv(subreq, &sys_errno);
66 service->sysvscan.status =
67 map_nt_error_from_unix_common(sys_errno);
69 service->sysvscan.status = NT_STATUS_OK;
72 if (!NT_STATUS_IS_OK(service->sysvscan.status)) {
73 DEBUG(0, (__location__ ": Failed GPO update - %s\n",
74 nt_errstr(service->sysvscan.status)));
76 DEBUG(3, ("Completed GPO update check OK\n"));
80 static NTSTATUS gpoupdate_sysvscan_schedule(struct gpoupdate_service *service);
82 static void gpoupdate_scan_apply(struct gpoupdate_service *service);
84 static void gpoupdate_sysvscan_handler_te(struct tevent_context *ev,
85 struct tevent_timer *te,
86 struct timeval t, void *ptr)
88 struct gpoupdate_service *service =
89 talloc_get_type(ptr, struct gpoupdate_service);
91 gpoupdate_scan_apply(service);
92 gpoupdate_sysvscan_schedule(service);
95 static NTSTATUS gpoupdate_sysvscan_schedule(struct gpoupdate_service *service)
98 * This is configured, default to 900 sec (15 mins) in
99 * gpoupdate_task_init via gpoupdate:config interval
101 service->sysvscan.te =
102 tevent_add_timer(service->task->event_ctx, service,
103 timeval_current_ofs(service->sysvscan.interval, 0),
104 gpoupdate_sysvscan_handler_te, service);
105 NT_STATUS_HAVE_NO_MEMORY(service->sysvscan.te);
109 static void gpoupdate_scan_apply(struct gpoupdate_service *service)
111 const char *const *gpo_update_command =
112 lpcfg_gpo_update_command(service->task->lp_ctx);
113 const char *smbconf = lpcfg_configfile(service->task->lp_ctx);
114 TALLOC_FREE(service->sysvscan.subreq);
115 DEBUG(3, ("Calling GPO update script\n"));
116 service->sysvscan.subreq = samba_runcmd_send(service,
117 service->task->event_ctx,
118 timeval_current_ofs(20, 0),
122 if (service->sysvscan.subreq == NULL) {
125 ": samba_runcmd_send() failed with no memory\n"));
128 tevent_req_set_callback(service->sysvscan.subreq,
129 gpoupdate_sysvscan_done, service);
132 static void gpoupdate_task_init(struct task_server *task)
135 struct gpoupdate_service *service;
137 if (lpcfg_server_role(task->lp_ctx) != ROLE_ACTIVE_DIRECTORY_DC) {
138 /* not useful for non-DC */
142 task_server_set_title(task, "task[gpoupdate]");
144 service = talloc_zero(task, struct gpoupdate_service);
146 task_server_terminate(task,
147 "gpoupdate_task_init: out of memory",
151 service->task = task;
152 task->private_data = service;
154 service->system_session_info = system_session(service->task->lp_ctx);
155 if (!service->system_session_info) {
156 task_server_terminate(task,
157 "gpoupdate: Failed to obtain server credentials\n",
162 service->sysvscan.interval = lpcfg_parm_int(task->lp_ctx, NULL, "gpoupdate", "config interval", 900); /* in seconds */
163 status = gpoupdate_sysvscan_schedule(service);
164 if (!NT_STATUS_IS_OK(status)) {
165 task_server_terminate(task, talloc_asprintf(task,
166 "gpoupdate: Failed to update sysvol scan schedule: %s\n",
173 NTSTATUS server_service_gpoupdate_init(TALLOC_CTX *ctx);
176 register ourselves as a available server
178 NTSTATUS server_service_gpoupdate_init(TALLOC_CTX *ctx)
180 struct service_details details = {
181 .inhibit_fork_on_accept = true,
182 .inhibit_pre_fork = true
184 return register_server_service(ctx, "gpoupdate",