2 * Unix SMB/CIFS implementation.
3 * Group Policy Object Support
4 * Copyright (C) Guenther Deschner 2005-2008
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, see <http://www.gnu.org/licenses/>.
19 #define TALLOC_DEPRECATED 1
21 #include "librpc/gen_ndr/ndr_misc.h"
22 #include "../librpc/gen_ndr/ndr_security.h"
23 #include "../libgpo/gpo.h"
24 #if _SAMBA_BUILD_ == 4
25 #include "system/filesys.h"
26 #include "auth/auth.h"
27 #include "../lib/talloc/talloc.h"
28 #include "source4/libgpo/ads_convenience.h"
33 #define DEFAULT_DOMAIN_POLICY "Default Domain Policy"
34 #define DEFAULT_DOMAIN_CONTROLLERS_POLICY "Default Domain Controllers Policy"
37 /* should we store a parsed guid ? */
40 const char *guid_string;
44 static struct gp_table gpo_default_policy[] = {
45 { DEFAULT_DOMAIN_POLICY,
46 "31B2F340-016D-11D2-945F-00C04FB984F9" },
47 { DEFAULT_DOMAIN_CONTROLLERS_POLICY,
48 "6AC1786C-016F-11D2-945F-00C04fB984F9" },
53 /* the following is seen in gPCMachineExtensionNames / gPCUserExtensionNames */
55 static struct gp_table gpo_cse_extensions[] = {
56 /* used to be "Administrative Templates Extension" */
57 /* "Registry Settings"
58 (http://support.microsoft.com/kb/216357/EN-US/) */
59 { "Registry Settings",
60 GP_EXT_GUID_REGISTRY },
61 { "Microsoft Disc Quota",
62 "3610EDA5-77EF-11D2-8DC5-00C04FA31A66" },
64 "B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A" },
65 { "Folder Redirection",
66 "25537BA6-77A8-11D2-9B6C-0000F8080861" },
68 "E437BC1C-AA7D-11D2-A382-00C04F991E27" },
69 { "Internet Explorer Branding",
70 "A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B" },
71 { "QoS Packet Scheduler",
72 "426031c0-0b47-4852-b0ca-ac3d37bfcb39" },
74 GP_EXT_GUID_SCRIPTS },
76 GP_EXT_GUID_SECURITY },
77 { "Software Installation",
78 "C6DC5466-785A-11D2-84D0-00C04FB169F7" },
79 { "Wireless Group Policy",
80 "0ACDD40C-75AC-BAA0-BF6DE7E7FE63" },
81 { "Application Management",
82 "C6DC5466-785A-11D2-84D0-00C04FB169F7" },
84 "3060E8D0-7020-11D2-842D-00C04FA372D4" },
89 static struct gp_table gpo_cse_snapin_extensions[] = {
90 { "Administrative Templates",
91 "0F6B957D-509E-11D1-A7CC-0000F87571E3" },
93 "53D6AB1D-2488-11D1-A28C-00C04FB94F17" },
94 { "EFS recovery policy processing",
95 "B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A" },
96 { "Folder Redirection policy processing",
97 "25537BA6-77A8-11D2-9B6C-0000F8080861" },
98 { "Folder Redirection",
99 "88E729D6-BDC1-11D1-BD2A-00C04FB9603F" },
100 { "Registry policy processing",
101 "35378EAC-683F-11D2-A89A-00C04FBBCFA2" },
102 { "Remote Installation Services",
103 "3060E8CE-7020-11D2-842D-00C04FA372D4" },
104 { "Security Settings",
105 "803E14A0-B4FB-11D0-A0D0-00A0C90F574B" },
106 { "Security policy processing",
107 "827D319E-6EAC-11D2-A4EA-00C04F79F83A" },
109 "3060E8D0-7020-11D2-842D-00C04FA372D4" },
111 "53D6AB1B-2488-11D1-A28C-00C04FB94F17" },
115 /****************************************************************
116 ****************************************************************/
118 static const char *name_to_guid_string(const char *name,
119 struct gp_table *table)
123 for (i = 0; table[i].name; i++) {
124 if (strequal(name, table[i].name)) {
125 return table[i].guid_string;
132 /****************************************************************
133 ****************************************************************/
135 static const char *guid_string_to_name(const char *guid_string,
136 struct gp_table *table)
140 for (i = 0; table[i].guid_string; i++) {
141 if (strequal(guid_string, table[i].guid_string)) {
142 return table[i].name;
149 /****************************************************************
150 ****************************************************************/
152 static const char *snapin_guid_string_to_name(const char *guid_string,
153 struct gp_table *table)
156 for (i = 0; table[i].guid_string; i++) {
157 if (strequal(guid_string, table[i].guid_string)) {
158 return table[i].name;
165 static const char *default_gpo_name_to_guid_string(const char *name)
167 return name_to_guid_string(name, gpo_default_policy);
170 static const char *default_gpo_guid_string_to_name(const char *guid)
172 return guid_string_to_name(guid, gpo_default_policy);
176 /****************************************************************
177 ****************************************************************/
179 const char *cse_gpo_guid_string_to_name(const char *guid)
181 return guid_string_to_name(guid, gpo_cse_extensions);
184 /****************************************************************
185 ****************************************************************/
187 const char *cse_gpo_name_to_guid_string(const char *name)
189 return name_to_guid_string(name, gpo_cse_extensions);
192 /****************************************************************
193 ****************************************************************/
195 const char *cse_snapin_gpo_guid_string_to_name(const char *guid)
197 return snapin_guid_string_to_name(guid, gpo_cse_snapin_extensions);
200 /****************************************************************
201 ****************************************************************/
203 void dump_gp_ext(struct GP_EXT *gp_ext, int debuglevel)
205 int lvl = debuglevel;
208 if (gp_ext == NULL) {
212 DEBUG(lvl,("\t---------------------\n\n"));
213 DEBUGADD(lvl,("\tname:\t\t\t%s\n", gp_ext->gp_extension));
215 for (i=0; i< gp_ext->num_exts; i++) {
217 DEBUGADD(lvl,("\textension:\t\t\t%s\n",
218 gp_ext->extensions_guid[i]));
219 DEBUGADD(lvl,("\textension (name):\t\t\t%s\n",
220 gp_ext->extensions[i]));
222 DEBUGADD(lvl,("\tsnapin:\t\t\t%s\n",
223 gp_ext->snapins_guid[i]));
224 DEBUGADD(lvl,("\tsnapin (name):\t\t\t%s\n",
225 gp_ext->snapins[i]));
231 /****************************************************************
232 ****************************************************************/
234 void dump_gpo(ADS_STRUCT *ads,
236 struct GROUP_POLICY_OBJECT *gpo,
239 int lvl = debuglevel;
245 DEBUG(lvl,("---------------------\n\n"));
247 DEBUGADD(lvl,("name:\t\t\t%s\n", gpo->name));
248 DEBUGADD(lvl,("displayname:\t\t%s\n", gpo->display_name));
249 DEBUGADD(lvl,("version:\t\t%d (0x%08x)\n", gpo->version, gpo->version));
250 DEBUGADD(lvl,("version_user:\t\t%d (0x%04x)\n",
251 GPO_VERSION_USER(gpo->version),
252 GPO_VERSION_USER(gpo->version)));
253 DEBUGADD(lvl,("version_machine:\t%d (0x%04x)\n",
254 GPO_VERSION_MACHINE(gpo->version),
255 GPO_VERSION_MACHINE(gpo->version)));
256 DEBUGADD(lvl,("filesyspath:\t\t%s\n", gpo->file_sys_path));
257 DEBUGADD(lvl,("dspath:\t\t%s\n", gpo->ds_path));
259 DEBUGADD(lvl,("options:\t\t%d ", gpo->options));
260 switch (gpo->options) {
261 case GPFLAGS_ALL_ENABLED:
262 DEBUGADD(lvl,("GPFLAGS_ALL_ENABLED\n"));
264 case GPFLAGS_USER_SETTINGS_DISABLED:
265 DEBUGADD(lvl,("GPFLAGS_USER_SETTINGS_DISABLED\n"));
267 case GPFLAGS_MACHINE_SETTINGS_DISABLED:
268 DEBUGADD(lvl,("GPFLAGS_MACHINE_SETTINGS_DISABLED\n"));
270 case GPFLAGS_ALL_DISABLED:
271 DEBUGADD(lvl,("GPFLAGS_ALL_DISABLED\n"));
274 DEBUGADD(lvl,("unknown option: %d\n", gpo->options));
278 DEBUGADD(lvl,("link:\t\t\t%s\n", gpo->link));
279 DEBUGADD(lvl,("link_type:\t\t%d ", gpo->link_type));
280 switch (gpo->link_type) {
282 DEBUGADD(lvl,("GP_LINK_UNKOWN\n"));
285 DEBUGADD(lvl,("GP_LINK_OU\n"));
288 DEBUGADD(lvl,("GP_LINK_DOMAIN\n"));
291 DEBUGADD(lvl,("GP_LINK_SITE\n"));
293 case GP_LINK_MACHINE:
294 DEBUGADD(lvl,("GP_LINK_MACHINE\n"));
300 DEBUGADD(lvl,("machine_extensions:\t%s\n", gpo->machine_extensions));
302 if (gpo->machine_extensions) {
304 struct GP_EXT *gp_ext = NULL;
306 if (!ads_parse_gp_ext(mem_ctx, gpo->machine_extensions,
310 dump_gp_ext(gp_ext, lvl);
313 DEBUGADD(lvl,("user_extensions:\t%s\n", gpo->user_extensions));
315 if (gpo->user_extensions) {
317 struct GP_EXT *gp_ext = NULL;
319 if (!ads_parse_gp_ext(mem_ctx, gpo->user_extensions,
323 dump_gp_ext(gp_ext, lvl);
325 if (gpo->security_descriptor) {
326 DEBUGADD(lvl,("security descriptor:\n"));
328 NDR_PRINT_DEBUG(security_descriptor, gpo->security_descriptor);
332 /****************************************************************
333 ****************************************************************/
335 void dump_gpo_list(ADS_STRUCT *ads,
337 struct GROUP_POLICY_OBJECT *gpo_list,
340 struct GROUP_POLICY_OBJECT *gpo = NULL;
342 for (gpo = gpo_list; gpo; gpo = gpo->next) {
343 dump_gpo(ads, mem_ctx, gpo, debuglevel);
347 /****************************************************************
348 ****************************************************************/
350 void dump_gplink(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, struct GP_LINK *gp_link)
356 if (gp_link == NULL) {
360 DEBUG(lvl,("---------------------\n\n"));
362 DEBUGADD(lvl,("gplink: %s\n", gp_link->gp_link));
363 DEBUGADD(lvl,("gpopts: %d ", gp_link->gp_opts));
364 switch (gp_link->gp_opts) {
365 case GPOPTIONS_INHERIT:
366 DEBUGADD(lvl,("GPOPTIONS_INHERIT\n"));
368 case GPOPTIONS_BLOCK_INHERITANCE:
369 DEBUGADD(lvl,("GPOPTIONS_BLOCK_INHERITANCE\n"));
375 DEBUGADD(lvl,("num links: %d\n", gp_link->num_links));
377 for (i = 0; i < gp_link->num_links; i++) {
379 DEBUGADD(lvl,("---------------------\n\n"));
381 DEBUGADD(lvl,("link: #%d\n", i + 1));
382 DEBUGADD(lvl,("name: %s\n", gp_link->link_names[i]));
384 DEBUGADD(lvl,("opt: %d ", gp_link->link_opts[i]));
385 if (gp_link->link_opts[i] & GPO_LINK_OPT_ENFORCED) {
386 DEBUGADD(lvl,("GPO_LINK_OPT_ENFORCED "));
388 if (gp_link->link_opts[i] & GPO_LINK_OPT_DISABLED) {
389 DEBUGADD(lvl,("GPO_LINK_OPT_DISABLED"));
391 DEBUGADD(lvl,("\n"));
393 if (ads != NULL && mem_ctx != NULL) {
395 struct GROUP_POLICY_OBJECT gpo;
397 status = ads_get_gpo(ads, mem_ctx,
398 gp_link->link_names[i],
400 if (!ADS_ERR_OK(status)) {
401 DEBUG(lvl,("get gpo for %s failed: %s\n",
402 gp_link->link_names[i],
403 ads_errstr(status)));
406 dump_gpo(ads, mem_ctx, &gpo, lvl);
411 #endif /* HAVE_LDAP */
413 /****************************************************************
414 ****************************************************************/
416 static bool gpo_get_gp_ext_from_gpo(TALLOC_CTX *mem_ctx,
418 struct GROUP_POLICY_OBJECT *gpo,
419 struct GP_EXT **gp_ext)
421 ZERO_STRUCTP(*gp_ext);
423 if (flags & GPO_INFO_FLAG_MACHINE) {
425 if (gpo->machine_extensions) {
427 if (!ads_parse_gp_ext(mem_ctx, gpo->machine_extensions,
434 if (gpo->user_extensions) {
436 if (!ads_parse_gp_ext(mem_ctx, gpo->user_extensions,
446 /****************************************************************
447 ****************************************************************/
449 ADS_STATUS gpo_process_a_gpo(ADS_STRUCT *ads,
451 const NT_USER_TOKEN *token,
452 struct registry_key *root_key,
453 struct GROUP_POLICY_OBJECT *gpo,
454 const char *extension_guid_filter,
457 struct GP_EXT *gp_ext = NULL;
460 DEBUG(10,("gpo_process_a_gpo: processing gpo %s (%s)\n",
461 gpo->name, gpo->display_name));
462 if (extension_guid_filter) {
463 DEBUGADD(10,("gpo_process_a_gpo: using filter %s (%s)\n",
464 extension_guid_filter,
465 cse_gpo_guid_string_to_name(extension_guid_filter)));
468 if (!gpo_get_gp_ext_from_gpo(mem_ctx, flags, gpo, &gp_ext)) {
469 return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
472 if (!gp_ext || !gp_ext->num_exts) {
473 if (flags & GPO_INFO_FLAG_VERBOSE) {
474 DEBUG(0,("gpo_process_a_gpo: "
475 "no policies in %s (%s) for this extension\n",
476 gpo->name, gpo->display_name));
481 for (i=0; i<gp_ext->num_exts; i++) {
485 if (extension_guid_filter &&
486 !strequal(extension_guid_filter,
487 gp_ext->extensions_guid[i])) {
491 ntstatus = gpext_process_extension(ads, mem_ctx,
492 flags, token, root_key, gpo,
493 gp_ext->extensions_guid[i],
494 gp_ext->snapins_guid[i]);
495 if (!NT_STATUS_IS_OK(ntstatus)) {
496 ADS_ERROR_NT(ntstatus);
503 /****************************************************************
504 ****************************************************************/
506 static ADS_STATUS gpo_process_gpo_list_by_ext(ADS_STRUCT *ads,
508 const NT_USER_TOKEN *token,
509 struct registry_key *root_key,
510 struct GROUP_POLICY_OBJECT *gpo_list,
511 const char *extensions_guid,
515 struct GROUP_POLICY_OBJECT *gpo;
517 for (gpo = gpo_list; gpo; gpo = gpo->next) {
519 if (gpo->link_type == GP_LINK_LOCAL) {
524 /* FIXME: we need to pass down the *list* down to the
525 * extension, otherwise we cannot store the e.g. the *list* of
526 * logon-scripts correctly (for more then one GPO) */
528 status = gpo_process_a_gpo(ads, mem_ctx, token, root_key,
529 gpo, extensions_guid, flags);
531 if (!ADS_ERR_OK(status)) {
532 DEBUG(0,("failed to process gpo by ext: %s\n",
533 ads_errstr(status)));
541 /****************************************************************
542 ****************************************************************/
544 ADS_STATUS gpo_process_gpo_list(ADS_STRUCT *ads,
546 const NT_USER_TOKEN *token,
547 struct GROUP_POLICY_OBJECT *gpo_list,
548 const char *extensions_guid_filter,
551 ADS_STATUS status = ADS_SUCCESS;
552 struct gp_extension *gp_ext_list = NULL;
553 struct gp_extension *gp_ext = NULL;
554 struct registry_key *root_key = NULL;
555 struct gp_registry_context *reg_ctx = NULL;
559 status = ADS_ERROR_NT(init_gp_extensions(mem_ctx));
560 if (!ADS_ERR_OK(status)) {
564 gp_ext_list = get_gp_extension_list();
566 return ADS_ERROR_NT(NT_STATUS_DLL_INIT_FAILED);
568 /* FIXME Needs to be replaced with new patchfile_preg calls */
570 /* get the key here */
571 if (flags & GPO_LIST_FLAG_MACHINE) {
572 werr = gp_init_reg_ctx(mem_ctx, KEY_HKLM, REG_KEY_WRITE,
576 werr = gp_init_reg_ctx(mem_ctx, KEY_HKCU, REG_KEY_WRITE,
580 if (!W_ERROR_IS_OK(werr)) {
581 talloc_free(reg_ctx);
582 return ADS_ERROR_NT(werror_to_ntstatus(werr));
586 root_key = reg_ctx->curr_key;
588 for (gp_ext = gp_ext_list; gp_ext; gp_ext = gp_ext->next) {
590 const char *guid_str = NULL;
592 guid_str = GUID_string(mem_ctx, gp_ext->guid);
594 status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
598 if (extensions_guid_filter &&
599 (!strequal(guid_str, extensions_guid_filter))) {
603 DEBUG(0,("-------------------------------------------------\n"));
604 DEBUG(0,("gpo_process_gpo_list: processing ext: %s {%s}\n",
605 gp_ext->name, guid_str));
608 status = gpo_process_gpo_list_by_ext(ads, mem_ctx, token,
611 if (!ADS_ERR_OK(status)) {
617 talloc_free(reg_ctx);
618 talloc_free(root_key);
619 free_gp_extensions();
625 /****************************************************************
626 check wether the version number in a GROUP_POLICY_OBJECT match those of the
627 locally stored version. If not, fetch the required policy via CIFS
628 ****************************************************************/
630 NTSTATUS check_refresh_gpo(ADS_STRUCT *ads,
632 const char *cache_dir,
633 struct loadparm_context *lp_ctx,
635 struct GROUP_POLICY_OBJECT *gpo)
640 char *nt_path = NULL;
641 char *unix_path = NULL;
642 uint32_t sysvol_gpt_version = 0;
643 char *display_name = NULL;
645 result = gpo_explode_filesyspath(mem_ctx, cache_dir, gpo->file_sys_path,
646 &server, &share, &nt_path, &unix_path);
648 if (!NT_STATUS_IS_OK(result)) {
652 result = gpo_get_sysvol_gpt_version(mem_ctx,
656 if (!NT_STATUS_IS_OK(result) &&
657 !NT_STATUS_EQUAL(result, NT_STATUS_NO_SUCH_FILE)) {
658 DEBUG(10,("check_refresh_gpo: "
659 "failed to get local gpt version: %s\n",
664 DEBUG(10,("check_refresh_gpo: versions gpo %d sysvol %d\n",
665 gpo->version, sysvol_gpt_version));
667 /* FIXME: handle GPO_INFO_FLAG_FORCED_REFRESH from flags */
669 while (gpo->version > sysvol_gpt_version) {
671 DEBUG(1,("check_refresh_gpo: need to refresh GPO\n"));
673 result = gpo_fetch_files(mem_ctx, ads, lp_ctx, cache_dir, gpo);
674 if (!NT_STATUS_IS_OK(result)) {
678 result = gpo_get_sysvol_gpt_version(mem_ctx,
682 if (!NT_STATUS_IS_OK(result)) {
683 DEBUG(10,("check_refresh_gpo: "
684 "failed to get local gpt version: %s\n",
689 if (gpo->version == sysvol_gpt_version) {
694 DEBUG(10,("Name:\t\t\t%s (%s)\n", gpo->display_name, gpo->name));
695 DEBUGADD(10,("sysvol GPT version:\t%d (user: %d, machine: %d)\n",
697 GPO_VERSION_USER(sysvol_gpt_version),
698 GPO_VERSION_MACHINE(sysvol_gpt_version)));
699 DEBUGADD(10,("LDAP GPO version:\t%d (user: %d, machine: %d)\n",
701 GPO_VERSION_USER(gpo->version),
702 GPO_VERSION_MACHINE(gpo->version)));
703 DEBUGADD(10,("LDAP GPO link:\t\t%s\n", gpo->link));
705 result = NT_STATUS_OK;
712 /****************************************************************
713 check wether the version numbers in the gpo_list match the locally stored, if
714 not, go and get each required GPO via CIFS
715 ****************************************************************/
717 NTSTATUS check_refresh_gpo_list(ADS_STRUCT *ads,
719 const char *cache_dir,
720 struct loadparm_context *lp_ctx,
722 struct GROUP_POLICY_OBJECT *gpo_list)
724 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
725 struct GROUP_POLICY_OBJECT *gpo;
728 return NT_STATUS_INVALID_PARAMETER;
731 for (gpo = gpo_list; gpo; gpo = gpo->next) {
733 result = check_refresh_gpo(ads, mem_ctx, cache_dir, lp_ctx, flags, gpo);
734 if (!NT_STATUS_IS_OK(result)) {
739 result = NT_STATUS_OK;
742 /* FIXME close cli connection */
747 /****************************************************************
748 ****************************************************************/
750 NTSTATUS gpo_get_unix_path(TALLOC_CTX *mem_ctx,
751 const char *cache_dir,
752 struct GROUP_POLICY_OBJECT *gpo,
755 char *server, *share, *nt_path;
756 return gpo_explode_filesyspath(mem_ctx, cache_dir, gpo->file_sys_path,
757 &server, &share, &nt_path, unix_path);
760 /****************************************************************
761 ****************************************************************/
763 char *gpo_flag_str(TALLOC_CTX *ctx, uint32_t flags)
771 if (flags & GPO_INFO_FLAG_SLOWLINK)
772 str = talloc_append_string(ctx, str, "GPO_INFO_FLAG_SLOWLINK ");
773 if (flags & GPO_INFO_FLAG_VERBOSE)
774 str = talloc_append_string(ctx, str, "GPO_INFO_FLAG_VERBOSE ");
775 if (flags & GPO_INFO_FLAG_SAFEMODE_BOOT)
776 str = talloc_append_string(ctx, str, "GPO_INFO_FLAG_SAFEMODE_BOOT ");
777 if (flags & GPO_INFO_FLAG_NOCHANGES)
778 str = talloc_append_string(ctx, str, "GPO_INFO_FLAG_NOCHANGES ");
779 if (flags & GPO_INFO_FLAG_MACHINE)
780 str = talloc_append_string(ctx, str, "GPO_INFO_FLAG_MACHINE ");
781 if (flags & GPO_INFO_FLAG_LOGRSOP_TRANSITION)
782 str = talloc_append_string(ctx, str, "GPO_INFO_FLAG_LOGRSOP_TRANSITION ");
783 if (flags & GPO_INFO_FLAG_LINKTRANSITION)
784 str = talloc_append_string(ctx, str, "GPO_INFO_FLAG_LINKTRANSITION ");
785 if (flags & GPO_INFO_FLAG_FORCED_REFRESH)
786 str = talloc_append_string(ctx, str, "GPO_INFO_FLAG_FORCED_REFRESH ");
787 if (flags & GPO_INFO_FLAG_BACKGROUND)
788 str = talloc_append_string(ctx, str, "GPO_INFO_FLAG_BACKGROUND ");
793 /****************************************************************
794 ****************************************************************/
796 NTSTATUS gp_find_file(TALLOC_CTX *mem_ctx,
798 const char *filename,
800 const char **filename_out)
802 const char *tmp = NULL;
804 const char *path = NULL;
806 if (flags & GPO_LIST_FLAG_MACHINE) {
812 tmp = talloc_asprintf(mem_ctx, "%s/%s/%s", filename,
814 NT_STATUS_HAVE_NO_MEMORY(tmp);
816 if (stat(tmp, &sbuf) == 0) {
821 path = talloc_strdup_upper(mem_ctx, path);
822 NT_STATUS_HAVE_NO_MEMORY(path);
824 tmp = talloc_asprintf(mem_ctx, "%s/%s/%s", filename,
826 NT_STATUS_HAVE_NO_MEMORY(tmp);
828 if (stat(tmp, &sbuf) == 0) {
833 return NT_STATUS_NO_SUCH_FILE;
836 /****************************************************************
837 ****************************************************************/
839 ADS_STATUS gp_get_machine_token(ADS_STRUCT *ads,
841 struct loadparm_context *lp_ctx,
843 NT_USER_TOKEN **token)
845 NT_USER_TOKEN *ad_token = NULL;
847 #if _SAMBA_BUILD_ == 4
848 struct auth_session_info *info;
854 return ADS_ERROR_NT(NT_STATUS_NOT_SUPPORTED);
856 status = ads_get_sid_token(ads, mem_ctx, dn, &ad_token);
857 if (!ADS_ERR_OK(status)) {
860 #if _SAMBA_BUILD_ == 4
861 info = system_session(mem_ctx, lp_ctx);
862 *token = info->security_token;
864 ntstatus = merge_nt_token(mem_ctx, ad_token, get_system_token(),
866 if (!NT_STATUS_IS_OK(ntstatus)) {
867 return ADS_ERROR_NT(ntstatus);
git.samba.org / ira / wip.git / blob