gpo: Continue parsing GPOs even if one fails
[nivanova/samba-autobuild/.git] / source4 / dsdb / gpo / gpo_update.c
1 /*
2    Unix SMB/CIFS mplementation.
3    GPO update service
4
5    Copyright (C) Luke Morrison 2013
6
7    Inspired by dns_updates.c written by Andrew Trigell 2009
8
9    This program is free software; you can redistribute it and/or modify
10    it under the terms of the GNU General Public License as published by
11    the Free Software Foundation; either version 3 of the License, or
12    (at your option) any later version.
13
14    This program is distributed in the hope that it will be useful,
15    but WITHOUT ANY WARRANTY; without even the implied warranty of
16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17    GNU General Public License for more details.
18
19    You should have received a copy of the GNU General Public License
20    along with this program.  If not, see <http://www.gnu.org/licenses/
21
22 */
23
24 #include "includes.h"
25 #include "dsdb/samdb/samdb.h"
26 #include "auth/auth.h"
27 #include "smbd/service.h"
28 #include "lib/messaging/irpc.h"
29 #include "param/param.h"
30 #include "system/filesys.h"
31 #include "dsdb/common/util.h"
32 #include "libcli/composite/composite.h"
33 #include "libcli/security/dom_sid.h"
34 #include "librpc/gen_ndr/ndr_irpc.h"
35 #include "libds/common/roles.h"
36
37 struct gpoupdate_service {
38         struct auth_session_info *system_session_info;
39         struct task_server *task;
40
41         /* status for periodic sysvol/GPO scan update - >sysvscan */
42         struct {
43                 uint32_t interval;
44                 struct tevent_timer *te;
45                 struct tevent_req *subreq;
46                 NTSTATUS status;
47         } sysvscan;
48 };
49
50 /*
51 Called when the sysvol scan has finished
52 */
53 static void gpoupdate_sysvscan_done(struct tevent_req *subreq)
54 {
55         struct gpoupdate_service *service = tevent_req_callback_data(subreq,
56                                                                      struct
57                                                                      gpoupdate_service);
58         int ret;
59         int sys_errno;
60
61         service->sysvscan.subreq = NULL;
62
63         ret = samba_runcmd_recv(subreq, &sys_errno);
64         TALLOC_FREE(subreq);
65         if (ret != 0) {
66                 service->sysvscan.status =
67                     map_nt_error_from_unix_common(sys_errno);
68         } else {
69                 service->sysvscan.status = NT_STATUS_OK;
70         }
71
72         if (!NT_STATUS_IS_OK(service->sysvscan.status)) {
73                 DEBUG(0, (__location__ ": Failed GPO update - %s\n",
74                           nt_errstr(service->sysvscan.status)));
75         } else {
76                 DEBUG(3, ("Completed GPO update check OK\n"));
77         }
78 }
79
80 static NTSTATUS gpoupdate_sysvscan_schedule(struct gpoupdate_service *service);
81
82 static void gpoupdate_scan_apply(struct gpoupdate_service *service);
83
84 static void gpoupdate_sysvscan_handler_te(struct tevent_context *ev,
85                                           struct tevent_timer *te,
86                                           struct timeval t, void *ptr)
87 {
88         struct gpoupdate_service *service =
89             talloc_get_type(ptr, struct gpoupdate_service);
90
91         gpoupdate_scan_apply(service);
92         gpoupdate_sysvscan_schedule(service);
93 }
94
95 static NTSTATUS gpoupdate_sysvscan_schedule(struct gpoupdate_service *service)
96 {
97         /*
98          * This is configured, default to 900 sec (15 mins) in
99          * gpoupdate_task_init via gpoupdate:config interval
100          */
101         service->sysvscan.te =
102             tevent_add_timer(service->task->event_ctx, service,
103                              timeval_current_ofs(service->sysvscan.interval, 0),
104                              gpoupdate_sysvscan_handler_te, service);
105         NT_STATUS_HAVE_NO_MEMORY(service->sysvscan.te);
106         return NT_STATUS_OK;
107 }
108
109 static void gpoupdate_scan_apply(struct gpoupdate_service *service)
110 {
111         const char *const *gpo_update_command =
112             lpcfg_gpo_update_command(service->task->lp_ctx);
113         const char *smbconf = lpcfg_configfile(service->task->lp_ctx);
114         TALLOC_FREE(service->sysvscan.subreq);
115         DEBUG(3, ("Calling GPO update script\n"));
116         service->sysvscan.subreq = samba_runcmd_send(service,
117                                                      service->task->event_ctx,
118                                                      timeval_current_ofs(20, 0),
119                                                      2, 0,
120                                                      gpo_update_command,
121                                                      smbconf, NULL);
122         if (service->sysvscan.subreq == NULL) {
123                 DEBUG(0,
124                       (__location__
125                        ": samba_runcmd_send() failed with no memory\n"));
126                 return;
127         }
128         tevent_req_set_callback(service->sysvscan.subreq,
129                                 gpoupdate_sysvscan_done, service);
130 }
131
132 static void gpoupdate_task_init(struct task_server *task)
133 {
134         NTSTATUS status;
135         struct gpoupdate_service *service;
136
137         if (lpcfg_server_role(task->lp_ctx) != ROLE_ACTIVE_DIRECTORY_DC) {
138                 /* not useful for non-DC */
139                 return;
140         }
141
142         task_server_set_title(task, "task[gpoupdate]");
143
144         service = talloc_zero(task, struct gpoupdate_service);
145         if (!service) {
146                 task_server_terminate(task,
147                                       "gpoupdate_task_init: out of memory",
148                                       true);
149                 return;
150         }
151         service->task = task;
152         task->private_data = service;
153
154         service->system_session_info = system_session(service->task->lp_ctx);
155         if (!service->system_session_info) {
156                 task_server_terminate(task,
157                                       "gpoupdate: Failed to obtain server "
158                                       "credentials\n",
159                                       true);
160                 return;
161         }
162
163         service->sysvscan.interval = lpcfg_parm_int(task->lp_ctx, NULL,
164                                                     "gpoupdate",
165                                                     "config interval",
166                                                     900); /* in seconds */
167         status = gpoupdate_sysvscan_schedule(service);
168         if (!NT_STATUS_IS_OK(status)) {
169                 task_server_terminate(task,
170                                       talloc_asprintf(task,
171                                                       "gpoupdate: Failed to update "
172                                                       "sysvol scan schedule: %s\n",
173                                                       nt_errstr(status)),
174                                       true);
175                 return;
176         }
177 }
178
179 NTSTATUS server_service_gpoupdate_init(TALLOC_CTX *ctx);
180
181 /*
182   register ourselves as a available server
183 */
184 NTSTATUS server_service_gpoupdate_init(TALLOC_CTX *ctx)
185 {
186         struct service_details details = {
187                 .inhibit_fork_on_accept = true,
188                 .inhibit_pre_fork = true
189         };
190         return register_server_service(ctx, "gpoupdate",
191                                        gpoupdate_task_init,
192                                        &details);
193 }