#include "../libcli/security/security.h"
#include "registry.h"
#include "libgpo/gpo_proto.h"
+#include "libgpo/gpext/gpext.h"
#if 0
#define DEFAULT_DOMAIN_POLICY "Default Domain Policy"
/****************************************************************
****************************************************************/
-static bool gpo_get_gp_ext_from_gpo(TALLOC_CTX *mem_ctx,
- uint32_t flags,
- struct GROUP_POLICY_OBJECT *gpo,
- struct GP_EXT **gp_ext)
+bool gpo_get_gp_ext_from_gpo(TALLOC_CTX *mem_ctx,
+ uint32_t flags,
+ const struct GROUP_POLICY_OBJECT *gpo,
+ struct GP_EXT **gp_ext)
{
ZERO_STRUCTP(*gp_ext);
/****************************************************************
****************************************************************/
-NTSTATUS gpo_process_a_gpo(TALLOC_CTX *mem_ctx,
- const struct security_token *token,
- struct registry_key *root_key,
- struct GROUP_POLICY_OBJECT *gpo,
- const char *extension_guid_filter,
- uint32_t flags)
-{
- struct GP_EXT *gp_ext = NULL;
- int i;
-
- DEBUG(10,("gpo_process_a_gpo: processing gpo %s (%s)\n",
- gpo->name, gpo->display_name));
- if (extension_guid_filter) {
- DEBUGADD(10,("gpo_process_a_gpo: using filter %s (%s)\n",
- extension_guid_filter,
- cse_gpo_guid_string_to_name(extension_guid_filter)));
- }
-
- if (!gpo_get_gp_ext_from_gpo(mem_ctx, flags, gpo, &gp_ext)) {
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- if (!gp_ext || !gp_ext->num_exts) {
- if (flags & GPO_INFO_FLAG_VERBOSE) {
- DEBUG(0,("gpo_process_a_gpo: "
- "no policies in %s (%s) for this extension\n",
- gpo->name, gpo->display_name));
- }
- return NT_STATUS_OK;
- }
-
- for (i=0; i<gp_ext->num_exts; i++) {
-
- NTSTATUS ntstatus;
-
- if (extension_guid_filter &&
- !strequal(extension_guid_filter,
- gp_ext->extensions_guid[i])) {
- continue;
- }
-
- ntstatus = gpext_process_extension(mem_ctx,
- flags, token, root_key, gpo,
- gp_ext->extensions_guid[i],
- gp_ext->snapins_guid[i]);
- if (!NT_STATUS_IS_OK(ntstatus)) {
- return ntstatus;
- }
- }
-
- return NT_STATUS_OK;
-}
-
-/****************************************************************
-****************************************************************/
-
-static NTSTATUS gpo_process_gpo_list_by_ext(TALLOC_CTX *mem_ctx,
- const struct security_token *token,
- struct registry_key *root_key,
- struct GROUP_POLICY_OBJECT *gpo_list,
- const char *extensions_guid,
- uint32_t flags)
-{
- NTSTATUS status;
- struct GROUP_POLICY_OBJECT *gpo;
-
- for (gpo = gpo_list; gpo; gpo = gpo->next) {
-
- if (gpo->link_type == GP_LINK_LOCAL) {
- continue;
- }
-
-
- /* FIXME: we need to pass down the *list* down to the
- * extension, otherwise we cannot store the e.g. the *list* of
- * logon-scripts correctly (for more then one GPO) */
-
- status = gpo_process_a_gpo(mem_ctx, token, root_key,
- gpo, extensions_guid, flags);
-
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0,("failed to process gpo by ext: %s\n",
- nt_errstr(status)));
- return status;
- }
- }
-
- return NT_STATUS_OK;
-}
-
-/****************************************************************
-****************************************************************/
-
NTSTATUS gpo_process_gpo_list(TALLOC_CTX *mem_ctx,
const struct security_token *token,
- struct GROUP_POLICY_OBJECT *gpo_list,
+ const struct GROUP_POLICY_OBJECT *deleted_gpo_list,
+ const struct GROUP_POLICY_OBJECT *changed_gpo_list,
const char *extensions_guid_filter,
uint32_t flags)
{
NTSTATUS status = NT_STATUS_OK;
- struct gp_extension *gp_ext_list = NULL;
- struct gp_extension *gp_ext = NULL;
struct registry_key *root_key = NULL;
struct gp_registry_context *reg_ctx = NULL;
WERROR werr;
- status = gpext_init_gp_extensions(mem_ctx);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- gp_ext_list = gpext_get_gp_extension_list();
- if (!gp_ext_list) {
- return NT_STATUS_DLL_INIT_FAILED;
- }
-
/* get the key here */
if (flags & GPO_LIST_FLAG_MACHINE) {
werr = gp_init_reg_ctx(mem_ctx, KEY_HKLM, REG_KEY_WRITE,
root_key = reg_ctx->curr_key;
- for (gp_ext = gp_ext_list; gp_ext; gp_ext = gp_ext->next) {
-
- const char *guid_str = NULL;
-
- guid_str = GUID_string(mem_ctx, gp_ext->guid);
- if (!guid_str) {
- status = NT_STATUS_NO_MEMORY;
- goto done;
- }
-
- if (extensions_guid_filter &&
- (!strequal(guid_str, extensions_guid_filter))) {
- continue;
- }
-
- DEBUG(0,("-------------------------------------------------\n"));
- DEBUG(0,("gpo_process_gpo_list: processing ext: %s {%s}\n",
- gp_ext->name, guid_str));
-
-
- status = gpo_process_gpo_list_by_ext(mem_ctx, token,
- root_key, gpo_list,
- guid_str, flags);
- if (!NT_STATUS_IS_OK(status)) {
- goto done;
- }
- }
-
- done:
+ status = gpext_process_extension(mem_ctx,
+ flags, token, root_key,
+ deleted_gpo_list,
+ changed_gpo_list,
+ extensions_guid_filter);
talloc_free(reg_ctx);
talloc_free(root_key);
gpext_free_gp_extensions();
/****************************************************************
- check wether the version number in a GROUP_POLICY_OBJECT match those of the
+ check whether the version number in a GROUP_POLICY_OBJECT match those of the
locally stored version. If not, fetch the required policy via CIFS
****************************************************************/
TALLOC_CTX *mem_ctx,
const char *cache_dir,
uint32_t flags,
- struct GROUP_POLICY_OBJECT *gpo)
+ const struct GROUP_POLICY_OBJECT *gpo)
{
NTSTATUS result;
char *server = NULL;
}
/****************************************************************
- check wether the version numbers in the gpo_list match the locally stored, if
+ check whether the version numbers in the gpo_list match the locally stored, if
not, go and get each required GPO via CIFS
****************************************************************/
TALLOC_CTX *mem_ctx,
const char *cache_dir,
uint32_t flags,
- struct GROUP_POLICY_OBJECT *gpo_list)
+ const struct GROUP_POLICY_OBJECT *gpo_list)
{
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
- struct GROUP_POLICY_OBJECT *gpo;
+ const struct GROUP_POLICY_OBJECT *gpo;
if (!gpo_list) {
return NT_STATUS_INVALID_PARAMETER;
NTSTATUS gpo_get_unix_path(TALLOC_CTX *mem_ctx,
const char *cache_dir,
- struct GROUP_POLICY_OBJECT *gpo,
+ const struct GROUP_POLICY_OBJECT *gpo,
char **unix_path)
{
char *server, *share, *nt_path;
return ADS_ERROR_NT(NT_STATUS_NOT_SUPPORTED);
#endif
}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS gpo_copy(TALLOC_CTX *mem_ctx,
+ const struct GROUP_POLICY_OBJECT *gpo_src,
+ struct GROUP_POLICY_OBJECT **gpo_dst)
+{
+ struct GROUP_POLICY_OBJECT *gpo;
+
+ gpo = talloc_zero(mem_ctx, struct GROUP_POLICY_OBJECT);
+ NT_STATUS_HAVE_NO_MEMORY(gpo);
+
+ gpo->options = gpo_src->options;
+ gpo->version = gpo_src->version;
+
+ gpo->ds_path = talloc_strdup(gpo, gpo_src->ds_path);
+ if (gpo->ds_path == NULL) {
+ TALLOC_FREE(gpo);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ gpo->file_sys_path = talloc_strdup(gpo, gpo_src->file_sys_path);
+ if (gpo->file_sys_path == NULL) {
+ TALLOC_FREE(gpo);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ gpo->display_name = talloc_strdup(gpo, gpo_src->display_name);
+ if (gpo->display_name == NULL) {
+ TALLOC_FREE(gpo);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ gpo->name = talloc_strdup(gpo, gpo_src->name);
+ if (gpo->name == NULL) {
+ TALLOC_FREE(gpo);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ gpo->link = talloc_strdup(gpo, gpo_src->link);
+ if (gpo->link == NULL) {
+ TALLOC_FREE(gpo);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ gpo->link_type = gpo_src->link_type;
+
+ if (gpo_src->user_extensions) {
+ gpo->user_extensions = talloc_strdup(gpo, gpo_src->user_extensions);
+ if (gpo->user_extensions == NULL) {
+ TALLOC_FREE(gpo);
+ return NT_STATUS_NO_MEMORY;
+ }
+ }
+
+ if (gpo_src->machine_extensions) {
+ gpo->machine_extensions = talloc_strdup(gpo, gpo_src->machine_extensions);
+ if (gpo->machine_extensions == NULL) {
+ TALLOC_FREE(gpo);
+ return NT_STATUS_NO_MEMORY;
+ }
+ }
+
+ if (gpo_src->security_descriptor == NULL) {
+ /* existing SD assumed */
+ TALLOC_FREE(gpo);
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ gpo->security_descriptor = security_descriptor_copy(gpo,
+ gpo_src->security_descriptor);
+ if (gpo->security_descriptor == NULL) {
+ TALLOC_FREE(gpo);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ gpo->next = gpo->prev = NULL;
+
+ *gpo_dst = gpo;
+
+ return NT_STATUS_OK;
+}
git.samba.org / samba.git / blobdiff