*/
#include "includes.h"
#include "param/param.h"
-#include "lib/ldb/include/ldb.h"
-#include "lib/ldb_wrap.h"
+#include <ldb.h>
+#include "lib/ldb-samba/ldb_wrap.h"
#include "auth/credentials/credentials.h"
#include "../librpc/gen_ndr/nbt.h"
#include "libcli/libcli.h"
#include "libnet/libnet.h"
#include "../librpc/gen_ndr/ndr_security.h"
-#include "../libcli/security/dom_sid.h"
-#include "libcli/security/security.h"
+#include "../libcli/security/security.h"
+#include "libcli/ldap/ldap_ndr.h"
#include "../lib/talloc/talloc.h"
#include "lib/policy/policy.h"
{ "GPO_FLAG_MACHINE_DISABLE", GPO_FLAG_MACHINE_DISABLE },
{ NULL, 0 }
};
-static const struct gpo_stringmap gpo_inheritance [] = {
- { "GPO_INHERIT", GPO_INHERIT },
- { "GPO_BLOCK_INHERITANCE", GPO_BLOCK_INHERITANCE },
- { NULL, 0 }
-};
-
static NTSTATUS parse_gpo(TALLOC_CTX *mem_ctx, struct ldb_message *msg, struct gp_object **ret)
{
enum ndr_err_code ndr_err;
const DATA_BLOB *data;
+ NT_STATUS_HAVE_NO_MEMORY(gpo);
+
gpo->dn = talloc_strdup(mem_ctx, ldb_dn_get_linearized(msg->dn));
+ if (gpo->dn == NULL) {
+ TALLOC_FREE(gpo);
+ return NT_STATUS_NO_MEMORY;
+ }
DEBUG(9, ("Parsing GPO LDAP data for %s\n", gpo->dn));
- gpo->display_name = ldb_msg_find_attr_as_string(msg, "displayName", "");
- gpo->name = ldb_msg_find_attr_as_string(msg, "name", "");
- gpo->flags = ldb_msg_find_attr_as_uint(msg, "name", 0);
- gpo->version = ldb_msg_find_attr_as_uint(msg, "version", 0);
- gpo->file_sys_path = ldb_msg_find_attr_as_string(msg, "gPCFileSysPath", "");
+ gpo->display_name = talloc_strdup(gpo, ldb_msg_find_attr_as_string(msg, "displayName", ""));
+ if (gpo->display_name == NULL) {
+ TALLOC_FREE(gpo);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ gpo->name = talloc_strdup(gpo, ldb_msg_find_attr_as_string(msg, "name", ""));
+ if (gpo->name == NULL) {
+ TALLOC_FREE(gpo);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ gpo->flags = ldb_msg_find_attr_as_uint(msg, "flags", 0);
+ gpo->version = ldb_msg_find_attr_as_uint(msg, "versionNumber", 0);
- if (gpo->display_name[0] != '\0')
- gpo->display_name = talloc_strdup(mem_ctx, gpo->display_name);
- if (gpo->name[0] != '\0')
- gpo->name = talloc_strdup(mem_ctx, gpo->name);
- if (gpo->file_sys_path[0] != '\0')
- gpo->file_sys_path = talloc_strdup(mem_ctx, gpo->file_sys_path);
+ gpo->file_sys_path = talloc_strdup(gpo, ldb_msg_find_attr_as_string(msg, "gPCFileSysPath", ""));
+ if (gpo->file_sys_path == NULL) {
+ TALLOC_FREE(gpo);
+ return NT_STATUS_NO_MEMORY;
+ }
/* Pull the security descriptor through the NDR library */
data = ldb_msg_find_ldb_val(msg, "nTSecurityDescriptor");
- gpo->security_descriptor = talloc(mem_ctx, struct security_descriptor);
+ gpo->security_descriptor = talloc(gpo, struct security_descriptor);
+ if (gpo->security_descriptor == NULL) {
+ TALLOC_FREE(gpo);
+ return NT_STATUS_NO_MEMORY;
+ }
+
ndr_err = ndr_pull_struct_blob(data,
mem_ctx,
gpo->security_descriptor,
unsigned int i, count=0;
const char **flag_strs = talloc_array(mem_ctx, const char *, 1);
+ NT_STATUS_HAVE_NO_MEMORY(flag_strs);
+
flag_strs[0] = NULL;
for (i = 0; gpo_flags[i].str != NULL; i++) {
if (flags & gpo_flags[i].flags) {
flag_strs = talloc_realloc(mem_ctx, flag_strs, const char *, count+2);
+ NT_STATUS_HAVE_NO_MEMORY(flag_strs);
flag_strs[count] = gpo_flags[i].str;
flag_strs[count+1] = NULL;
count++;
unsigned int i, count=0;
const char **flag_strs = talloc_array(mem_ctx, const char *, 1);
+ NT_STATUS_HAVE_NO_MEMORY(flag_strs);
flag_strs[0] = NULL;
for (i = 0; gplink_options[i].str != NULL; i++) {
if (options & gplink_options[i].flags) {
flag_strs = talloc_realloc(mem_ctx, flag_strs, const char *, count+2);
+ NT_STATUS_HAVE_NO_MEMORY(flag_strs);
flag_strs[count] = gplink_options[i].str;
flag_strs[count+1] = NULL;
count++;
/* Prepare libnet lookup structure for looking a DC (PDC is correct). */
io = talloc_zero(mem_ctx, struct libnet_LookupDCs);
+ NT_STATUS_HAVE_NO_MEMORY(io);
io->in.name_type = NBT_NAME_PDC;
- io->in.domain_name = lp_workgroup(lp_ctx);
+ io->in.domain_name = lpcfg_workgroup(lp_ctx);
/* Find Active DC's */
rv = libnet_LookupDCs(net_ctx, mem_ctx, io);
/* Connect to ldap://DC_NAME with all relevant contexts*/
url = talloc_asprintf(mem_ctx, "ldap://%s", io->out.dcs[0].name);
+ NT_STATUS_HAVE_NO_MEMORY(url);
ldb_ctx = ldb_wrap_connect(mem_ctx, net_ctx->event_ctx, lp_ctx,
url, NULL, net_ctx->cred, 0);
if (ldb_ctx == NULL) {
return NT_STATUS_UNSUCCESSFUL;
}
-
*gp_ctx = talloc_zero(mem_ctx, struct gp_context);
+ NT_STATUS_HAVE_NO_MEMORY(gp_ctx);
+
(*gp_ctx)->lp_ctx = lp_ctx;
(*gp_ctx)->credentials = credentials;
(*gp_ctx)->ev_ctx = ev_ctx;
(*gp_ctx)->ldb_ctx = ldb_ctx;
- (*gp_ctx)->active_dc = io->out.dcs[0];
+ (*gp_ctx)->active_dc = talloc_reference(*gp_ctx, &io->out.dcs[0]);
/* We don't need to keep the libnet context */
talloc_free(net_ctx);
/* Create a forked memory context, as a base for everything here */
mem_ctx = talloc_new(gp_ctx);
+ NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
/* Create full ldb dn of the policies base object */
dn = ldb_get_default_basedn(gp_ctx->ldb_ctx);
DEBUG(10, ("Searching for policies in DN: %s\n", ldb_dn_get_linearized(dn)));
attrs = talloc_array(mem_ctx, const char *, 7);
+ if (attrs == NULL) {
+ TALLOC_FREE(mem_ctx);
+ return NT_STATUS_NO_MEMORY;
+ }
+
attrs[0] = "nTSecurityDescriptor";
attrs[1] = "versionNumber";
attrs[2] = "flags";
}
gpo = talloc_array(gp_ctx, struct gp_object *, result->count+1);
+ if (gpo == NULL) {
+ TALLOC_FREE(mem_ctx);
+ return NT_STATUS_NO_MEMORY;
+ }
+
gpo[result->count] = NULL;
for (i = 0; i < result->count; i++) {
/* Create a forked memory context, as a base for everything here */
mem_ctx = talloc_new(gp_ctx);
+ NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
/* Create an ldb dn struct for the dn string */
dn = ldb_dn_new(mem_ctx, gp_ctx->ldb_ctx, dn_str);
attrs = talloc_array(mem_ctx, const char *, 7);
+ if (attrs == NULL) {
+ TALLOC_FREE(mem_ctx);
+ return NT_STATUS_NO_MEMORY;
+ }
+
attrs[0] = "nTSecurityDescriptor";
attrs[1] = "versionNumber";
attrs[2] = "flags";
const char *gplink_start = "[LDAP://";
gplinks = talloc_array(mem_ctx, struct gp_link *, 1);
+ NT_STATUS_HAVE_NO_MEMORY(gplinks);
+
gplinks[0] = NULL;
/* Assuming every gPLink starts with "[LDAP://" */
for (pos = start; pos < strlen(gplink_str); pos++) {
if (gplink_str[pos] == ';') {
gplinks = talloc_realloc(mem_ctx, gplinks, struct gp_link *, idx+2);
+ NT_STATUS_HAVE_NO_MEMORY(gplinks);
gplinks[idx] = talloc(mem_ctx, struct gp_link);
+ NT_STATUS_HAVE_NO_MEMORY(gplinks[idx]);
gplinks[idx]->dn = talloc_strndup(mem_ctx,
gplink_str + start,
pos - start);
+ if (gplinks[idx]->dn == NULL) {
+ TALLOC_FREE(gplinks);
+ return NT_STATUS_NO_MEMORY;
+ }
for (start = pos + 1; gplink_str[pos] != ']'; pos++);
buf = talloc_strndup(gplinks, gplink_str + start, pos - start);
+ if (buf == NULL) {
+ TALLOC_FREE(gplinks);
+ return NT_STATUS_NO_MEMORY;
+ }
gplinks[idx]->options = (uint32_t) strtoll(buf, &end, 0);
talloc_free(buf);
/* Create a forked memory context, as a base for everything here */
mem_ctx = talloc_new(gp_ctx);
+ NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
dn = ldb_dn_new(mem_ctx, gp_ctx->ldb_ctx, dn_str);
if (strcmp(element->name, "gPLink") == 0) {
SMB_ASSERT(element->num_values > 0);
gplink_str = talloc_strdup(mem_ctx, (char *) element->values[0].data);
+ if (gplink_str == NULL) {
+ TALLOC_FREE(mem_ctx);
+ return NT_STATUS_NO_MEMORY;
+ }
goto found;
}
}
}
gplink_str = talloc_strdup(mem_ctx, "");
+ if (gplink_str == NULL) {
+ TALLOC_FREE(mem_ctx);
+ return NT_STATUS_NO_MEMORY;
+ }
found:
TALLOC_CTX *mem_ctx;
const char **gpos;
struct ldb_result *result;
- const char *sid;
+ char *sid;
struct ldb_dn *dn;
struct ldb_message_element *element;
bool inherit;
/* Create a forked memory context, as a base for everything here */
mem_ctx = talloc_new(gp_ctx);
+ NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
- sid = dom_sid_string(mem_ctx, token->user_sid);
+ sid = ldap_encode_ndr_dom_sid(mem_ctx,
+ &token->sids[PRIMARY_USER_SID_INDEX]);
+ NT_STATUS_HAVE_NO_MEMORY(sid);
/* Find the user DN and objectclass via the sid from the security token */
rv = ldb_search(gp_ctx->ldb_ctx,
}
gpos = talloc_array(gp_ctx, const char *, 1);
+ if (gpos == NULL) {
+ TALLOC_FREE(mem_ctx);
+ return NT_STATUS_NO_MEMORY;
+ }
gpos[0] = NULL;
/* Walk through the containers until we hit the root */
/* If the account does not have read access, this GPO does not apply
* to this account */
- status = sec_access_check(gpo->security_descriptor,
+ status = se_access_check(gpo->security_descriptor,
token,
(SEC_STD_READ_CONTROL | SEC_ADS_LIST | SEC_ADS_READ_PROP),
&access_granted);
/* Add the GPO to the list */
gpos = talloc_realloc(gp_ctx, gpos, const char *, count+2);
+ if (gpos == NULL) {
+ TALLOC_FREE(mem_ctx);
+ return NT_STATUS_NO_MEMORY;
+ }
gpos[count] = talloc_strdup(gp_ctx, gplinks[i]->dn);
+ if (gpos[count] == NULL) {
+ TALLOC_FREE(mem_ctx);
+ return NT_STATUS_NO_MEMORY;
+ }
gpos[count+1] = NULL;
count++;
/* Create a forked memory context, as a base for everything here */
mem_ctx = talloc_new(gp_ctx);
+ NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
dn = ldb_dn_new(mem_ctx, gp_ctx->ldb_ctx, dn_str);
start++;
}
gplink_str = talloc_asprintf(mem_ctx, "%s;%d%s", gplink_str, gplink->options, start);
+ if (gplink_str == NULL) {
+ TALLOC_FREE(mem_ctx);
+ return NT_STATUS_NO_MEMORY;
+ }
} else {
/* Prepend the new GPO link to the string. This list is backwards in priority. */
gplink_str = talloc_asprintf(mem_ctx, "[LDAP://%s;%d]%s", gplink->dn, gplink->options, gplink_str);
+ if (gplink_str == NULL) {
+ TALLOC_FREE(mem_ctx);
+ return NT_STATUS_NO_MEMORY;
+ }
}
msg = ldb_msg_new(mem_ctx);
+ if (msg == NULL) {
+ TALLOC_FREE(mem_ctx);
+ return NT_STATUS_NO_MEMORY;
+ }
+
msg->dn = dn;
rv = ldb_msg_add_string(msg, "gPLink", gplink_str);
- if (rv != 0) {
+ if (rv != LDB_SUCCESS) {
DEBUG(0, ("LDB message add string failed: %s\n", ldb_strerror(rv)));
talloc_free(mem_ctx);
return NT_STATUS_UNSUCCESSFUL;
msg->elements[0].flags = LDB_FLAG_MOD_REPLACE;
rv = ldb_modify(gp_ctx->ldb_ctx, msg);
- if (rv != 0) {
+ if (rv != LDB_SUCCESS) {
DEBUG(0, ("LDB modify failed: %s\n", ldb_strerror(rv)));
talloc_free(mem_ctx);
return NT_STATUS_UNSUCCESSFUL;
struct ldb_dn *dn;
struct ldb_message *msg;
const char *attrs[] = { "gPLink", NULL };
- const char *gplink_str;
+ const char *gplink_str, *search_string;
int rv;
char *p;
/* Create a forked memory context, as a base for everything here */
mem_ctx = talloc_new(gp_ctx);
+ NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
dn = ldb_dn_new(mem_ctx, gp_ctx->ldb_ctx, dn_str);
gplink_str = ldb_msg_find_attr_as_string(result->msgs[0], "gPLink", "");
/* If this GPO link already exists, alter the options, else add it */
- p = strcasestr(gplink_str, talloc_asprintf(mem_ctx, "[LDAP://%s", gplink_dn));
+ search_string = talloc_asprintf(mem_ctx, "[LDAP://%s]", gplink_dn);
+ if (search_string == NULL) {
+ TALLOC_FREE(mem_ctx);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ p = strcasestr(gplink_str, search_string);
if (p == NULL) {
talloc_free(mem_ctx);
return NT_STATUS_NOT_FOUND;
}
p++;
gplink_str = talloc_asprintf(mem_ctx, "%s%s", gplink_str, p);
+ if (gplink_str == NULL) {
+ TALLOC_FREE(mem_ctx);
+ return NT_STATUS_NO_MEMORY;
+ }
msg = ldb_msg_new(mem_ctx);
+ if (msg == NULL) {
+ TALLOC_FREE(mem_ctx);
+ return NT_STATUS_NO_MEMORY;
+ }
+
msg->dn = dn;
if (strcmp(gplink_str, "") == 0) {
rv = ldb_msg_add_empty(msg, "gPLink", LDB_FLAG_MOD_DELETE, NULL);
- if (rv != 0) {
+ if (rv != LDB_SUCCESS) {
DEBUG(0, ("LDB message add empty element failed: %s\n", ldb_strerror(rv)));
talloc_free(mem_ctx);
return NT_STATUS_UNSUCCESSFUL;
}
} else {
rv = ldb_msg_add_string(msg, "gPLink", gplink_str);
- if (rv != 0) {
+ if (rv != LDB_SUCCESS) {
DEBUG(0, ("LDB message add string failed: %s\n", ldb_strerror(rv)));
talloc_free(mem_ctx);
return NT_STATUS_UNSUCCESSFUL;
msg->elements[0].flags = LDB_FLAG_MOD_REPLACE;
}
rv = ldb_modify(gp_ctx->ldb_ctx, msg);
- if (rv != 0) {
+ if (rv != LDB_SUCCESS) {
DEBUG(0, ("LDB modify failed: %s\n", ldb_strerror(rv)));
talloc_free(mem_ctx);
return NT_STATUS_UNSUCCESSFUL;
/* Create a forked memory context, as a base for everything here */
mem_ctx = talloc_new(gp_ctx);
+ NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
dn = ldb_dn_new(mem_ctx, gp_ctx->ldb_ctx, dn_str);
int rv;
msg = ldb_msg_new(gp_ctx);
+ NT_STATUS_HAVE_NO_MEMORY(msg);
+
msg->dn = ldb_dn_new(msg, gp_ctx->ldb_ctx, dn_str);
inheritance_string = talloc_asprintf(msg, "%d", inheritance);
+ if (inheritance_string == NULL) {
+ TALLOC_FREE(msg);
+ return NT_STATUS_NO_MEMORY;
+ }
rv = ldb_msg_add_string(msg, "gPOptions", inheritance_string);
- if (rv != 0) {
+ if (rv != LDB_SUCCESS) {
DEBUG(0, ("LDB message add string failed: %s\n", ldb_strerror(rv)));
talloc_free(msg);
return NT_STATUS_UNSUCCESSFUL;
msg->elements[0].flags = LDB_FLAG_MOD_REPLACE;
rv = ldb_modify(gp_ctx->ldb_ctx, msg);
- if (rv != 0) {
+ if (rv != LDB_SUCCESS) {
DEBUG(0, ("LDB modify failed: %s\n", ldb_strerror(rv)));
talloc_free(msg);
return NT_STATUS_UNSUCCESSFUL;
struct ldb_message *msg;
TALLOC_CTX *mem_ctx;
int rv;
- char *dn_str;
+ char *dn_str, *flags_str, *version_str;
struct ldb_dn *child_dn, *gpo_dn;
mem_ctx = talloc_new(gp_ctx);
+ NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
/* CN={GUID} */
msg = ldb_msg_new(mem_ctx);
+ if (msg == NULL) {
+ TALLOC_FREE(mem_ctx);
+ return NT_STATUS_NO_MEMORY;
+ }
msg->dn = ldb_get_default_basedn(gp_ctx->ldb_ctx);
dn_str = talloc_asprintf(mem_ctx, "CN=%s,CN=Policies,CN=System", gpo->name);
+ if (dn_str == NULL) {
+ TALLOC_FREE(mem_ctx);
+ return NT_STATUS_NO_MEMORY;
+ }
+
child_dn = ldb_dn_new(mem_ctx, gp_ctx->ldb_ctx, dn_str);
rv = ldb_dn_add_child(msg->dn, child_dn);
if (!rv) goto ldb_msg_add_error;
+ flags_str = talloc_asprintf(mem_ctx, "%d", gpo->flags);
+ if (flags_str == NULL) {
+ TALLOC_FREE(mem_ctx);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ version_str = talloc_asprintf(mem_ctx, "%d", gpo->version);
+ if (version_str == NULL) {
+ TALLOC_FREE(mem_ctx);
+ return NT_STATUS_NO_MEMORY;
+ }
+
rv = ldb_msg_add_string(msg, "objectClass", "top");
if (rv != LDB_SUCCESS) goto ldb_msg_add_error;
rv = ldb_msg_add_string(msg, "objectClass", "container");
if (rv != LDB_SUCCESS) goto ldb_msg_add_error;
rv = ldb_msg_add_string(msg, "gPCFileSysPath", gpo->file_sys_path);
if (rv != LDB_SUCCESS) goto ldb_msg_add_error;
- rv = ldb_msg_add_string(msg, "flags",
- talloc_asprintf(mem_ctx, "%d", gpo->flags));
+ rv = ldb_msg_add_string(msg, "flags", flags_str);
if (rv != LDB_SUCCESS) goto ldb_msg_add_error;
- rv = ldb_msg_add_string(msg, "versionNumber",
- talloc_asprintf(mem_ctx, "%d", gpo->version));
+ rv = ldb_msg_add_string(msg, "versionNumber", version_str);
if (rv != LDB_SUCCESS) goto ldb_msg_add_error;
rv = ldb_msg_add_string(msg, "showInAdvancedViewOnly", "TRUE");
if (rv != LDB_SUCCESS) goto ldb_msg_add_error;
/* CN=User */
msg = ldb_msg_new(mem_ctx);
+ if (msg == NULL) {
+ TALLOC_FREE(mem_ctx);
+ return NT_STATUS_NO_MEMORY;
+ }
+
msg->dn = ldb_dn_copy(mem_ctx, gpo_dn);
child_dn = ldb_dn_new(mem_ctx, gp_ctx->ldb_ctx, "CN=User");
rv = ldb_dn_add_child(msg->dn, child_dn);
/* CN=Machine */
msg = ldb_msg_new(mem_ctx);
+ if (msg == NULL) {
+ TALLOC_FREE(mem_ctx);
+ return NT_STATUS_NO_MEMORY;
+ }
+
msg->dn = ldb_dn_copy(mem_ctx, gpo_dn);
child_dn = ldb_dn_new(mem_ctx, gp_ctx->ldb_ctx, "CN=Machine");
rv = ldb_dn_add_child(msg->dn, child_dn);
}
gpo->dn = talloc_strdup(gpo, ldb_dn_get_linearized(gpo_dn));
+ if (gpo->dn == NULL) {
+ TALLOC_FREE(mem_ctx);
+ return NT_STATUS_NO_MEMORY;
+ }
talloc_free(mem_ctx);
return NT_STATUS_OK;
/* Create a forked memory context to clean up easily */
mem_ctx = talloc_new(gp_ctx);
+ NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
/* Push the security descriptor through the NDR library */
ndr_err = ndr_push_struct_blob(&data,
/* Create a LDB message */
msg = ldb_msg_new(mem_ctx);
+ if (msg == NULL) {
+ TALLOC_FREE(mem_ctx);
+ return NT_STATUS_NO_MEMORY;
+ }
+
msg->dn = ldb_dn_new(mem_ctx, gp_ctx->ldb_ctx, dn_str);
rv = ldb_msg_add_value(msg, "nTSecurityDescriptor", &data, NULL);
- if (rv != 0) {
+ if (rv != LDB_SUCCESS) {
DEBUG(0, ("LDB message add element failed for adding nTSecurityDescriptor: %s\n", ldb_strerror(rv)));
talloc_free(mem_ctx);
return NT_STATUS_UNSUCCESSFUL;
msg->elements[0].flags = LDB_FLAG_MOD_REPLACE;
rv = ldb_modify(gp_ctx->ldb_ctx, msg);
- if (rv != 0) {
+ if (rv != LDB_SUCCESS) {
+ DEBUG(0, ("LDB modify failed: %s\n", ldb_strerror(rv)));
+ talloc_free(mem_ctx);
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ talloc_free(mem_ctx);
+ return NT_STATUS_OK;
+}
+
+/* This function sets flags, version and displayName on a GPO */
+NTSTATUS gp_set_ldap_gpo(struct gp_context *gp_ctx, struct gp_object *gpo)
+{
+ int rv;
+ TALLOC_CTX *mem_ctx;
+ struct ldb_message *msg;
+ char *version_str, *flags_str;
+
+ mem_ctx = talloc_new(gp_ctx);
+
+ msg = ldb_msg_new(mem_ctx);
+ if (msg == NULL) {
+ TALLOC_FREE(mem_ctx);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ msg->dn = ldb_dn_new(mem_ctx, gp_ctx->ldb_ctx, gpo->dn);
+
+ version_str = talloc_asprintf(mem_ctx, "%d", gpo->version);
+ if (msg == NULL) {
+ TALLOC_FREE(mem_ctx);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ flags_str = talloc_asprintf(mem_ctx, "%d", gpo->flags);
+ if (msg == NULL) {
+ TALLOC_FREE(mem_ctx);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ rv = ldb_msg_add_string(msg, "flags", flags_str);
+ if (rv != LDB_SUCCESS) {
+ DEBUG(0, ("LDB message add string failed for flags: %s\n", ldb_strerror(rv)));
+ talloc_free(mem_ctx);
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+ msg->elements[0].flags = LDB_FLAG_MOD_REPLACE;
+
+ rv = ldb_msg_add_string(msg, "version", version_str);
+ if (rv != LDB_SUCCESS) {
+ DEBUG(0, ("LDB message add string failed for version: %s\n", ldb_strerror(rv)));
+ talloc_free(mem_ctx);
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+ msg->elements[1].flags = LDB_FLAG_MOD_REPLACE;
+
+ rv = ldb_msg_add_string(msg, "displayName", gpo->display_name);
+ if (rv != LDB_SUCCESS) {
+ DEBUG(0, ("LDB message add string failed for displayName: %s\n", ldb_strerror(rv)));
+ talloc_free(mem_ctx);
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+ msg->elements[2].flags = LDB_FLAG_MOD_REPLACE;
+
+ rv = ldb_modify(gp_ctx->ldb_ctx, msg);
+ if (rv != LDB_SUCCESS) {
DEBUG(0, ("LDB modify failed: %s\n", ldb_strerror(rv)));
talloc_free(mem_ctx);
return NT_STATUS_UNSUCCESSFUL;