source4/dsdb/gpo/gpo_update.c

   1 /*
   2    Unix SMB/CIFS mplementation.
   3    GPO update service
   4
   5    Copyright (C) Luke Morrison 2013
   6
   7    Inspired by dns_updates.c written by Andrew Trigell 2009
   8
   9    This program is free software; you can redistribute it and/or modify
  10    it under the terms of the GNU General Public License as published by
  11    the Free Software Foundation; either version 3 of the License, or
  12    (at your option) any later version.
  13
  14    This program is distributed in the hope that it will be useful,
  15    but WITHOUT ANY WARRANTY; without even the implied warranty of
  16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17    GNU General Public License for more details.
  18
  19    You should have received a copy of the GNU General Public License
  20    along with this program.  If not, see <http://www.gnu.org/licenses/
  21
  22 */
  23
  24 #include "includes.h"
  25 #include "dsdb/samdb/samdb.h"
  26 #include "auth/auth.h"
  27 #include "smbd/service.h"
  28 #include "lib/messaging/irpc.h"
  29 #include "param/param.h"
  30 #include "system/filesys.h"
  31 #include "dsdb/common/util.h"
  32 #include "libcli/composite/composite.h"
  33 #include "libcli/security/dom_sid.h"
  34 #include "librpc/gen_ndr/ndr_irpc.h"
  35 #include "libds/common/roles.h"
  36
  37 struct gpoupdate_service {
  38         struct auth_session_info *system_session_info;
  39         struct task_server *task;
  40
  41         /* status for periodic sysvol/GPO scan update - >sysvscan */
  42         struct {
  43                 uint32_t interval;
  44                 struct tevent_timer *te;
  45                 struct tevent_req *subreq;
  46                 NTSTATUS status;
  47         } sysvscan;
  48 };
  49
  50 /*
  51 Called when the sysvol scan has finished
  52 */
  53 static void gpoupdate_sysvscan_done(struct tevent_req *subreq)
  54 {
  55         struct gpoupdate_service *service = tevent_req_callback_data(subreq,
  56                                                                      struct
  57                                                                      gpoupdate_service);
  58         int ret;
  59         int sys_errno;
  60
  61         service->sysvscan.subreq = NULL;
  62
  63         ret = samba_runcmd_recv(subreq, &sys_errno);
  64         TALLOC_FREE(subreq);
  65         if (ret != 0) {
  66                 service->sysvscan.status =
  67                     map_nt_error_from_unix_common(sys_errno);
  68         } else {
  69                 service->sysvscan.status = NT_STATUS_OK;
  70         }
  71
  72         if (!NT_STATUS_IS_OK(service->sysvscan.status)) {
  73                 DEBUG(0, (__location__ ": Failed GPO update - %s\n",
  74                           nt_errstr(service->sysvscan.status)));
  75         } else {
  76                 DEBUG(3, ("Completed GPO update check OK\n"));
  77         }
  78 }
  79
  80 static NTSTATUS gpoupdate_sysvscan_schedule(struct gpoupdate_service *service);
  81
  82 static void gpoupdate_scan_apply(struct gpoupdate_service *service);
  83
  84 static void gpoupdate_sysvscan_handler_te(struct tevent_context *ev,
  85                                           struct tevent_timer *te,
  86                                           struct timeval t, void *ptr)
  87 {
  88         struct gpoupdate_service *service =
  89             talloc_get_type(ptr, struct gpoupdate_service);
  90
  91         gpoupdate_scan_apply(service);
  92         gpoupdate_sysvscan_schedule(service);
  93 }
  94
  95 static NTSTATUS gpoupdate_sysvscan_schedule(struct gpoupdate_service *service)
  96 {
  97         /*
  98          * This is configured, default to 900 sec (15 mins) in
  99          * gpoupdate_task_init via gpoupdate:config interval
 100          */
 101         service->sysvscan.te =
 102             tevent_add_timer(service->task->event_ctx, service,
 103                              timeval_current_ofs(service->sysvscan.interval, 0),
 104                              gpoupdate_sysvscan_handler_te, service);
 105         NT_STATUS_HAVE_NO_MEMORY(service->sysvscan.te);
 106         return NT_STATUS_OK;
 107 }
 108
 109 static void gpoupdate_scan_apply(struct gpoupdate_service *service)
 110 {
 111         const char *const *gpo_update_command =
 112             lpcfg_gpo_update_command(service->task->lp_ctx);
 113         const char *smbconf = lpcfg_configfile(service->task->lp_ctx);
 114         TALLOC_FREE(service->sysvscan.subreq);
 115         DEBUG(3, ("Calling GPO update script\n"));
 116         service->sysvscan.subreq = samba_runcmd_send(service,
 117                                                      service->task->event_ctx,
 118                                                      timeval_current_ofs(20, 0),
 119                                                      2, 0,
 120                                                      gpo_update_command,
 121                                                      smbconf, NULL);
 122         if (service->sysvscan.subreq == NULL) {
 123                 DEBUG(0,
 124                       (__location__
 125                        ": samba_runcmd_send() failed with no memory\n"));
 126                 return;
 127         }
 128         tevent_req_set_callback(service->sysvscan.subreq,
 129                                 gpoupdate_sysvscan_done, service);
 130 }
 131
 132 static void gpoupdate_task_init(struct task_server *task)
 133 {
 134         NTSTATUS status;
 135         struct gpoupdate_service *service;
 136
 137         if (lpcfg_server_role(task->lp_ctx) != ROLE_ACTIVE_DIRECTORY_DC) {
 138                 /* not useful for non-DC */
 139                 return;
 140         }
 141
 142         task_server_set_title(task, "task[gpoupdate]");
 143
 144         service = talloc_zero(task, struct gpoupdate_service);
 145         if (!service) {
 146                 task_server_terminate(task,
 147                                       "gpoupdate_task_init: out of memory",
 148                                       true);
 149                 return;
 150         }
 151         service->task = task;
 152         task->private_data = service;
 153
 154         service->system_session_info = system_session(service->task->lp_ctx);
 155         if (!service->system_session_info) {
 156                 task_server_terminate(task,
 157                                       "gpoupdate: Failed to obtain server credentials\n",
 158                                       true);
 159                 return;
 160         }
 161
 162         service->sysvscan.interval = lpcfg_parm_int(task->lp_ctx, NULL, "gpoupdate", "config interval", 900);   /* in seconds */
 163         status = gpoupdate_sysvscan_schedule(service);
 164         if (!NT_STATUS_IS_OK(status)) {
 165                 task_server_terminate(task, talloc_asprintf(task,
 166                                                             "gpoupdate: Failed to update sysvol scan schedule: %s\n",
 167                                                             nt_errstr(status)),
 168                                       true);
 169                 return;
 170         }
 171 }
 172
 173 NTSTATUS server_service_gpoupdate_init(TALLOC_CTX *ctx);
 174
 175 /*
 176   register ourselves as a available server
 177 */
 178 NTSTATUS server_service_gpoupdate_init(TALLOC_CTX *ctx)
 179 {
 180         struct service_details details = {
 181                 .inhibit_fork_on_accept = true,
 182                 .inhibit_pre_fork = true
 183         };
 184         return register_server_service(ctx, "gpoupdate",
 185                                        gpoupdate_task_init,
 186                                        &details);
 187 }