summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorWilco Baan Hofman <wilco@baanhofman.nl>2010-06-07 15:21:53 +0200
committerJelmer Vernooij <jelmer@samba.org>2010-06-20 17:19:13 +0200
commite18a172207b433a3f027541d4d5e98cea73dbcb6 (patch)
treea63664933c506d5adafda27c6519823f69e15ef5
parent04133225c1c3ab53191da50cae39f2019e7f7f01 (diff)
downloadsamba-e18a172207b433a3f027541d4d5e98cea73dbcb6.tar.gz
samba-e18a172207b433a3f027541d4d5e98cea73dbcb6.tar.bz2
samba-e18a172207b433a3f027541d4d5e98cea73dbcb6.zip
Add preliminary support for storing changed Group Policies.
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
-rw-r--r--source4/lib/policy/gp_ldap.c56
-rw-r--r--source4/lib/policy/gp_manage.c41
-rw-r--r--source4/lib/policy/policy.h4
3 files changed, 101 insertions, 0 deletions
diff --git a/source4/lib/policy/gp_ldap.c b/source4/lib/policy/gp_ldap.c
index 95d9808243..ea86fb8ac5 100644
--- a/source4/lib/policy/gp_ldap.c
+++ b/source4/lib/policy/gp_ldap.c
@@ -978,3 +978,59 @@ NTSTATUS gp_set_ads_acl (struct gp_context *gp_ctx, const char *dn_str, const st
talloc_free(mem_ctx);
return NT_STATUS_OK;
}
+
+/* This function sets flags, version and displayName on a GPO */
+NTSTATUS gp_set_ldap_gpo(struct gp_context *gp_ctx, struct gp_object *gpo)
+{
+ int rv;
+ TALLOC_CTX *mem_ctx;
+ struct ldb_message *msg;
+ char *version_str, *flags_str;
+
+ mem_ctx = talloc_new(gp_ctx);
+
+ msg = ldb_msg_new(mem_ctx);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(msg, mem_ctx);
+
+ msg->dn = ldb_dn_new(mem_ctx, gp_ctx->ldb_ctx, gpo->dn);
+
+ version_str = talloc_asprintf(mem_ctx, "%d", gpo->version);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(msg, mem_ctx);
+
+ flags_str = talloc_asprintf(mem_ctx, "%d", gpo->flags);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(msg, mem_ctx);
+
+ rv = ldb_msg_add_string(msg, "flags", flags_str);
+ if (rv != 0) {
+ DEBUG(0, ("LDB message add string failed for flags: %s\n", ldb_strerror(rv)));
+ talloc_free(mem_ctx);
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+ msg->elements[0].flags = LDB_FLAG_MOD_REPLACE;
+
+ rv = ldb_msg_add_string(msg, "version", version_str);
+ if (rv != 0) {
+ DEBUG(0, ("LDB message add string failed for version: %s\n", ldb_strerror(rv)));
+ talloc_free(mem_ctx);
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+ msg->elements[1].flags = LDB_FLAG_MOD_REPLACE;
+
+ rv = ldb_msg_add_string(msg, "displayName", gpo->display_name);
+ if (rv != 0) {
+ DEBUG(0, ("LDB message add string failed for displayName: %s\n", ldb_strerror(rv)));
+ talloc_free(mem_ctx);
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+ msg->elements[2].flags = LDB_FLAG_MOD_REPLACE;
+
+ rv = ldb_modify(gp_ctx->ldb_ctx, msg);
+ if (rv != 0) {
+ DEBUG(0, ("LDB modify failed: %s\n", ldb_strerror(rv)));
+ talloc_free(mem_ctx);
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ talloc_free(mem_ctx);
+ return NT_STATUS_OK;
+}
diff --git a/source4/lib/policy/gp_manage.c b/source4/lib/policy/gp_manage.c
index 476cef5af0..8d0ab2df4a 100644
--- a/source4/lib/policy/gp_manage.c
+++ b/source4/lib/policy/gp_manage.c
@@ -252,3 +252,44 @@ NTSTATUS gp_set_acl (struct gp_context *gp_ctx, const char *dn_str, const struct
talloc_free(mem_ctx);
return NT_STATUS_OK;
}
+
+NTSTATUS gp_push_gpo (struct gp_context *gp_ctx, const char *local_path, struct gp_object *gpo)
+{
+ NTSTATUS status;
+ TALLOC_CTX *mem_ctx;
+ struct gp_ini_context *ini;
+ char *filename;
+
+ mem_ctx = talloc_new(gp_ctx);
+ NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
+
+ /* Get version from ini file */
+ /* FIXME: The local file system may be case sensitive */
+ filename = talloc_asprintf(mem_ctx, "%s/%s", local_path, "GPT.INI");
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(filename, mem_ctx);
+ status = gp_parse_ini(mem_ctx, gp_ctx, local_path, &ini);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("Failed to parse GPT.INI.\n"));
+ talloc_free(mem_ctx);
+ return status;
+ }
+
+ /* Push the GPT to the remote sysvol */
+ status = gp_push_gpt(gp_ctx, local_path, gpo->file_sys_path);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("Failed to push GPT to DC's sysvol share.\n"));
+ talloc_free(mem_ctx);
+ return status;
+ }
+
+ /* Write version to LDAP */
+ status = gp_set_ldap_gpo(gp_ctx, gpo);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("Failed to set GPO options in DC's LDAP.\n"));
+ talloc_free(mem_ctx);
+ return status;
+ }
+
+ talloc_free(mem_ctx);
+ return NT_STATUS_OK;
+}
diff --git a/source4/lib/policy/policy.h b/source4/lib/policy/policy.h
index 8dc2f9ccb0..d22c3d6a9d 100644
--- a/source4/lib/policy/policy.h
+++ b/source4/lib/policy/policy.h
@@ -104,11 +104,15 @@ NTSTATUS gp_set_inheritance(struct gp_context *gp_ctx, const char *dn_str, enum
NTSTATUS gp_create_ldap_gpo(struct gp_context *gp_ctx, struct gp_object *gpo);
NTSTATUS gp_set_ads_acl (struct gp_context *gp_ctx, const char *dn_str, const struct security_descriptor *sd);
+NTSTATUS gp_push_gpo (struct gp_context *gp_ctx, const char *local_path, struct gp_object *gpo);
+NTSTATUS gp_set_ldap_gpo(struct gp_context *gp_ctx, struct gp_object *gpo);
/* File system functions */
NTSTATUS gp_fetch_gpt (struct gp_context *gp_ctx, struct gp_object *gpo, const char **path);
NTSTATUS gp_create_gpt(struct gp_context *gp_ctx, const char *name, const char *file_sys_path);
NTSTATUS gp_set_gpt_security_descriptor(struct gp_context *gp_ctx, struct gp_object *gpo, struct security_descriptor *sd);
+NTSTATUS gp_push_gpt(struct gp_context *gp_ctx, const char *local_path,
+ const char *file_sys_path);
/* Ini functions */
NTSTATUS gp_parse_ini(TALLOC_CTX *mem_ctx, struct gp_context *gp_ctx, const char *filename, struct gp_ini_context **ret);