Adjust samba 3 to the new gpo API. Still untested code.

[ira/wip.git] / libgpo / gpo_util.c

diff --git a/libgpo/gpo_util.c b/libgpo/gpo_util.c
index 505400be8c998a5ca9f638586b4aa6302921b2fb..7a23b5cbd37c6ea33024df4ee581779ca0de416e 100644 (file)
--- a/libgpo/gpo_util.c
+++ b/libgpo/gpo_util.c
@@ -16,13 +16,22 @@
  *  You should have received a copy of the GNU General Public License
  *  along with this program; if not, see <http://www.gnu.org/licenses/>.
  */
-
+#define TALLOC_DEPRECATED 1
 #include "includes.h"
+#include "librpc/gen_ndr/ndr_misc.h"
+#if _SAMBA_BUILD_ == 4
+#include "system/filesys.h"
+#include "auth/auth.h"
 #include "../libgpo/gpo.h"
+#include "../lib/talloc/talloc.h"
+#include "source4/libgpo/ads_convenience.h"
+#endif
 #undef strdup
 
+#if 0
 #define DEFAULT_DOMAIN_POLICY "Default Domain Policy"
 #define DEFAULT_DOMAIN_CONTROLLERS_POLICY "Default Domain Controllers Policy"
+#endif
 
 /* should we store a parsed guid ? */
 struct gp_table {
@@ -315,7 +324,7 @@ void dump_gpo(ADS_STRUCT *ads,
 
        DEBUGADD(lvl,("security descriptor:\n"));
 
-       ads_disp_sd(ads, mem_ctx, gpo->security_descriptor);
+       NDR_PRINT_DEBUG(security_descriptor, gpo->security_descriptor);
 }
 
 /****************************************************************
@@ -437,7 +446,7 @@ static bool gpo_get_gp_ext_from_gpo(TALLOC_CTX *mem_ctx,
 
 ADS_STATUS gpo_process_a_gpo(ADS_STRUCT *ads,
                             TALLOC_CTX *mem_ctx,
-                            const struct nt_user_token *token,
+                            const NT_USER_TOKEN *token,
                             struct registry_key *root_key,
                             struct GROUP_POLICY_OBJECT *gpo,
                             const char *extension_guid_filter,
@@ -494,7 +503,7 @@ ADS_STATUS gpo_process_a_gpo(ADS_STRUCT *ads,
 
 static ADS_STATUS gpo_process_gpo_list_by_ext(ADS_STRUCT *ads,
                                              TALLOC_CTX *mem_ctx,
-                                             const struct nt_user_token *token,
+                                             const NT_USER_TOKEN *token,
                                              struct registry_key *root_key,
                                              struct GROUP_POLICY_OBJECT *gpo_list,
                                              const char *extensions_guid,
@@ -532,7 +541,7 @@ static ADS_STATUS gpo_process_gpo_list_by_ext(ADS_STRUCT *ads,
 
 ADS_STATUS gpo_process_gpo_list(ADS_STRUCT *ads,
                                TALLOC_CTX *mem_ctx,
-                               const struct nt_user_token *token,
+                               const NT_USER_TOKEN *token,
                                struct GROUP_POLICY_OBJECT *gpo_list,
                                const char *extensions_guid_filter,
                                uint32_t flags)
@@ -542,8 +551,9 @@ ADS_STATUS gpo_process_gpo_list(ADS_STRUCT *ads,
        struct gp_extension *gp_ext = NULL;
        struct registry_key *root_key = NULL;
        struct gp_registry_context *reg_ctx = NULL;
+#if 0
        WERROR werr;
-
+#endif
        status = ADS_ERROR_NT(init_gp_extensions(mem_ctx));
        if (!ADS_ERR_OK(status)) {
                return status;
@@ -553,7 +563,8 @@ ADS_STATUS gpo_process_gpo_list(ADS_STRUCT *ads,
        if (!gp_ext_list) {
                return ADS_ERROR_NT(NT_STATUS_DLL_INIT_FAILED);
        }
-
+/* FIXME Needs to be replaced with new patchfile_preg calls */
+#if 0
        /* get the key here */
        if (flags & GPO_LIST_FLAG_MACHINE) {
                werr = gp_init_reg_ctx(mem_ctx, KEY_HKLM, REG_KEY_WRITE,
@@ -565,9 +576,10 @@ ADS_STATUS gpo_process_gpo_list(ADS_STRUCT *ads,
                                       &reg_ctx);
        }
        if (!W_ERROR_IS_OK(werr)) {
-               gp_free_reg_ctx(reg_ctx);
+               talloc_free(reg_ctx);
                return ADS_ERROR_NT(werror_to_ntstatus(werr));
        }
+#endif
 
        root_key = reg_ctx->curr_key;
 
@@ -600,8 +612,8 @@ ADS_STATUS gpo_process_gpo_list(ADS_STRUCT *ads,
        }
 
  done:
-       gp_free_reg_ctx(reg_ctx);
-       TALLOC_FREE(root_key);
+       talloc_free(reg_ctx);
+       talloc_free(root_key);
        free_gp_extensions();
 
        return status;
@@ -615,9 +627,10 @@ ADS_STATUS gpo_process_gpo_list(ADS_STRUCT *ads,
 
 NTSTATUS check_refresh_gpo(ADS_STRUCT *ads,
                           TALLOC_CTX *mem_ctx,
+                           const char *cache_dir,
+                           struct loadparm_context *lp_ctx,
                           uint32_t flags,
-                          struct GROUP_POLICY_OBJECT *gpo,
-                          struct cli_state **cli_out)
+                          struct GROUP_POLICY_OBJECT *gpo)
 {
        NTSTATUS result;
        char *server = NULL;
@@ -626,9 +639,8 @@ NTSTATUS check_refresh_gpo(ADS_STRUCT *ads,
        char *unix_path = NULL;
        uint32_t sysvol_gpt_version = 0;
        char *display_name = NULL;
-       struct cli_state *cli = NULL;
 
-       result = gpo_explode_filesyspath(mem_ctx, gpo->file_sys_path,
+       result = gpo_explode_filesyspath(mem_ctx, cache_dir, gpo->file_sys_path,
                                         &server, &share, &nt_path, &unix_path);
 
        if (!NT_STATUS_IS_OK(result)) {
@@ -656,30 +668,7 @@ NTSTATUS check_refresh_gpo(ADS_STRUCT *ads,
 
                DEBUG(1,("check_refresh_gpo: need to refresh GPO\n"));
 
-               if (*cli_out == NULL) {
-
-                       result = cli_full_connection(&cli,
-                                       global_myname(),
-                                       ads->config.ldap_server_name,
-                                       /* server */
-                                       NULL, 0,
-                                       share, "A:",
-                                       ads->auth.user_name, NULL,
-                                       ads->auth.password,
-                                       CLI_FULL_CONNECTION_USE_KERBEROS |
-                                       CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS,
-                                       Undefined, NULL);
-                       if (!NT_STATUS_IS_OK(result)) {
-                               DEBUG(10,("check_refresh_gpo: "
-                                       "failed to connect: %s\n",
-                                       nt_errstr(result)));
-                               goto out;
-                       }
-
-                       *cli_out = cli;
-               }
-
-               result = gpo_fetch_files(mem_ctx, *cli_out, gpo);
+               result = gpo_fetch_files(mem_ctx, ads, lp_ctx, cache_dir, gpo);
                if (!NT_STATUS_IS_OK(result)) {
                        goto out;
                }
@@ -725,11 +714,12 @@ NTSTATUS check_refresh_gpo(ADS_STRUCT *ads,
 
 NTSTATUS check_refresh_gpo_list(ADS_STRUCT *ads,
                                TALLOC_CTX *mem_ctx,
+                               const char *cache_dir,
+                                struct loadparm_context *lp_ctx,
                                uint32_t flags,
                                struct GROUP_POLICY_OBJECT *gpo_list)
 {
        NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-       struct cli_state *cli = NULL;
        struct GROUP_POLICY_OBJECT *gpo;
 
        if (!gpo_list) {
@@ -738,7 +728,7 @@ NTSTATUS check_refresh_gpo_list(ADS_STRUCT *ads,
 
        for (gpo = gpo_list; gpo; gpo = gpo->next) {
 
-               result = check_refresh_gpo(ads, mem_ctx, flags, gpo, &cli);
+               result = check_refresh_gpo(ads, mem_ctx, cache_dir, lp_ctx, flags, gpo);
                if (!NT_STATUS_IS_OK(result)) {
                        goto out;
                }
@@ -747,9 +737,7 @@ NTSTATUS check_refresh_gpo_list(ADS_STRUCT *ads,
        result = NT_STATUS_OK;
 
  out:
-       if (cli) {
-               cli_shutdown(cli);
-       }
+       /* FIXME close cli connection */
 
        return result;
 }
@@ -758,45 +746,46 @@ NTSTATUS check_refresh_gpo_list(ADS_STRUCT *ads,
 ****************************************************************/
 
 NTSTATUS gpo_get_unix_path(TALLOC_CTX *mem_ctx,
+                           const char *cache_dir,
                           struct GROUP_POLICY_OBJECT *gpo,
                           char **unix_path)
 {
        char *server, *share, *nt_path;
-       return gpo_explode_filesyspath(mem_ctx, gpo->file_sys_path,
+       return gpo_explode_filesyspath(mem_ctx, cache_dir, gpo->file_sys_path,
                                       &server, &share, &nt_path, unix_path);
 }
 
 /****************************************************************
 ****************************************************************/
 
-char *gpo_flag_str(uint32_t flags)
+char *gpo_flag_str(TALLOC_CTX *ctx, uint32_t flags)
 {
-       fstring str = "";
+       char *str = NULL;
 
        if (flags == 0) {
                return NULL;
        }
 
        if (flags & GPO_INFO_FLAG_SLOWLINK)
-               fstrcat(str, "GPO_INFO_FLAG_SLOWLINK ");
+               str = talloc_append_string(ctx, str, "GPO_INFO_FLAG_SLOWLINK ");
        if (flags & GPO_INFO_FLAG_VERBOSE)
-               fstrcat(str, "GPO_INFO_FLAG_VERBOSE ");
+               str = talloc_append_string(ctx, str, "GPO_INFO_FLAG_VERBOSE ");
        if (flags & GPO_INFO_FLAG_SAFEMODE_BOOT)
-               fstrcat(str, "GPO_INFO_FLAG_SAFEMODE_BOOT ");
+               str = talloc_append_string(ctx, str, "GPO_INFO_FLAG_SAFEMODE_BOOT ");
        if (flags & GPO_INFO_FLAG_NOCHANGES)
-               fstrcat(str, "GPO_INFO_FLAG_NOCHANGES ");
+               str = talloc_append_string(ctx, str, "GPO_INFO_FLAG_NOCHANGES ");
        if (flags & GPO_INFO_FLAG_MACHINE)
-               fstrcat(str, "GPO_INFO_FLAG_MACHINE ");
+               str = talloc_append_string(ctx, str, "GPO_INFO_FLAG_MACHINE ");
        if (flags & GPO_INFO_FLAG_LOGRSOP_TRANSITION)
-               fstrcat(str, "GPO_INFO_FLAG_LOGRSOP_TRANSITION ");
+               str = talloc_append_string(ctx, str, "GPO_INFO_FLAG_LOGRSOP_TRANSITION ");
        if (flags & GPO_INFO_FLAG_LINKTRANSITION)
-               fstrcat(str, "GPO_INFO_FLAG_LINKTRANSITION ");
+               str = talloc_append_string(ctx, str, "GPO_INFO_FLAG_LINKTRANSITION ");
        if (flags & GPO_INFO_FLAG_FORCED_REFRESH)
-               fstrcat(str, "GPO_INFO_FLAG_FORCED_REFRESH ");
+               str = talloc_append_string(ctx, str, "GPO_INFO_FLAG_FORCED_REFRESH ");
        if (flags & GPO_INFO_FLAG_BACKGROUND)
-               fstrcat(str, "GPO_INFO_FLAG_BACKGROUND ");
+               str = talloc_append_string(ctx, str, "GPO_INFO_FLAG_BACKGROUND ");
 
-       return strdup(str);
+       return str;
 }
 
 /****************************************************************
@@ -834,7 +823,7 @@ NTSTATUS gp_find_file(TALLOC_CTX *mem_ctx,
                              path, suffix);
        NT_STATUS_HAVE_NO_MEMORY(tmp);
 
-       if (sys_stat(tmp, &sbuf) == 0) {
+       if (stat(tmp, &sbuf) == 0) {
                *filename_out = tmp;
                return NT_STATUS_OK;
        }
@@ -847,12 +836,17 @@ NTSTATUS gp_find_file(TALLOC_CTX *mem_ctx,
 
 ADS_STATUS gp_get_machine_token(ADS_STRUCT *ads,
                                TALLOC_CTX *mem_ctx,
+                               struct loadparm_context *lp_ctx,
                                const char *dn,
-                               struct nt_user_token **token)
+                               NT_USER_TOKEN **token)
 {
-       struct nt_user_token *ad_token = NULL;
+       NT_USER_TOKEN *ad_token = NULL;
        ADS_STATUS status;
+#if _SAMBA_BUILD_ == 4
+       struct auth_session_info *info;
+#else
        NTSTATUS ntstatus;
+#endif
 
 #ifndef HAVE_ADS
        return ADS_ERROR_NT(NT_STATUS_NOT_SUPPORTED);
@@ -861,12 +855,15 @@ ADS_STATUS gp_get_machine_token(ADS_STRUCT *ads,
        if (!ADS_ERR_OK(status)) {
                return status;
        }
-
+#if _SAMBA_BUILD_ == 4
+       info = system_session(mem_ctx, lp_ctx);
+       *token = info->security_token;
+#else
        ntstatus = merge_nt_token(mem_ctx, ad_token, get_system_token(),
                                  token);
        if (!NT_STATUS_IS_OK(ntstatus)) {
                return ADS_ERROR_NT(ntstatus);
        }
-
+#endif
        return ADS_SUCCESS;
 }