lib: gpo: Changes order to match GPO application order.

The order of GPOs in a gpo_list generated by ads_get_gpo_list
did not match the order of application. Since GPOs are pushed
to the FRONT of gpo_list, GPOs have to be pushed in the opposite
order of application. (Pushing to front is useful to get
inheritance blocking right).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13046

Signed-off-by: Lutz Justen <ljusten@google.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

diff --git a/libgpo/gpo_ldap.c b/libgpo/gpo_ldap.c
index 4533d61a1e34a3ea25624cd432d6c5a51d1fa215..7ede12c3c21d9c0667b2f82eb9a7342e99e91b77 100644 (file)
--- a/libgpo/gpo_ldap.c
+++ b/libgpo/gpo_ldap.c
@@ -812,12 +812,6 @@ ADS_STATUS ads_get_gpo_list(ADS_STRUCT *ads,
                                        dump_gplink(&gp_link);
                                }
 
-                               /* block inheritance from now on */
-                               if (gp_link.gp_opts &
-                                   GPOPTIONS_BLOCK_INHERITANCE) {
-                                       add_only_forced_gpos = true;
-                               }
-
                                status = add_gplink_to_gpo_list(ads,
                                                        mem_ctx,
                                                        gpo_list,
@@ -829,6 +823,12 @@ ADS_STATUS ads_get_gpo_list(ADS_STRUCT *ads,
                                if (!ADS_ERR_OK(status)) {
                                        return status;
                                }
+
+                               /* block inheritance from now on */
+                               if (gp_link.gp_opts &
+                                   GPOPTIONS_BLOCK_INHERITANCE) {
+                                       add_only_forced_gpos = true;
+                               }
                        }
                }
 
@@ -858,12 +858,6 @@ ADS_STATUS ads_get_gpo_list(ADS_STRUCT *ads,
                                        dump_gplink(&gp_link);
                                }
 
-                               /* block inheritance from now on */
-                               if (gp_link.gp_opts &
-                                   GPOPTIONS_BLOCK_INHERITANCE) {
-                                       add_only_forced_gpos = true;
-                               }
-
                                status = add_gplink_to_gpo_list(ads,
                                                        mem_ctx,
                                                        gpo_list,
@@ -875,6 +869,12 @@ ADS_STATUS ads_get_gpo_list(ADS_STRUCT *ads,
                                if (!ADS_ERR_OK(status)) {
                                        return status;
                                }
+
+                               /* block inheritance from now on */
+                               if (gp_link.gp_opts &
+                                   GPOPTIONS_BLOCK_INHERITANCE) {
+                                       add_only_forced_gpos = true;
+                               }
                        }
                }