diff options
author | Wilco Baan Hofman <wilco@baanhofman.nl> | 2010-06-07 15:21:53 +0200 |
---|---|---|
committer | Jelmer Vernooij <jelmer@samba.org> | 2010-06-20 17:19:13 +0200 |
commit | e18a172207b433a3f027541d4d5e98cea73dbcb6 (patch) | |
tree | a63664933c506d5adafda27c6519823f69e15ef5 | |
parent | 04133225c1c3ab53191da50cae39f2019e7f7f01 (diff) | |
download | samba-e18a172207b433a3f027541d4d5e98cea73dbcb6.tar.gz samba-e18a172207b433a3f027541d4d5e98cea73dbcb6.tar.bz2 samba-e18a172207b433a3f027541d4d5e98cea73dbcb6.zip |
Add preliminary support for storing changed Group Policies.
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
-rw-r--r-- | source4/lib/policy/gp_ldap.c | 56 | ||||
-rw-r--r-- | source4/lib/policy/gp_manage.c | 41 | ||||
-rw-r--r-- | source4/lib/policy/policy.h | 4 |
3 files changed, 101 insertions, 0 deletions
diff --git a/source4/lib/policy/gp_ldap.c b/source4/lib/policy/gp_ldap.c index 95d9808243..ea86fb8ac5 100644 --- a/source4/lib/policy/gp_ldap.c +++ b/source4/lib/policy/gp_ldap.c @@ -978,3 +978,59 @@ NTSTATUS gp_set_ads_acl (struct gp_context *gp_ctx, const char *dn_str, const st talloc_free(mem_ctx); return NT_STATUS_OK; } + +/* This function sets flags, version and displayName on a GPO */ +NTSTATUS gp_set_ldap_gpo(struct gp_context *gp_ctx, struct gp_object *gpo) +{ + int rv; + TALLOC_CTX *mem_ctx; + struct ldb_message *msg; + char *version_str, *flags_str; + + mem_ctx = talloc_new(gp_ctx); + + msg = ldb_msg_new(mem_ctx); + NT_STATUS_HAVE_NO_MEMORY_AND_FREE(msg, mem_ctx); + + msg->dn = ldb_dn_new(mem_ctx, gp_ctx->ldb_ctx, gpo->dn); + + version_str = talloc_asprintf(mem_ctx, "%d", gpo->version); + NT_STATUS_HAVE_NO_MEMORY_AND_FREE(msg, mem_ctx); + + flags_str = talloc_asprintf(mem_ctx, "%d", gpo->flags); + NT_STATUS_HAVE_NO_MEMORY_AND_FREE(msg, mem_ctx); + + rv = ldb_msg_add_string(msg, "flags", flags_str); + if (rv != 0) { + DEBUG(0, ("LDB message add string failed for flags: %s\n", ldb_strerror(rv))); + talloc_free(mem_ctx); + return NT_STATUS_UNSUCCESSFUL; + } + msg->elements[0].flags = LDB_FLAG_MOD_REPLACE; + + rv = ldb_msg_add_string(msg, "version", version_str); + if (rv != 0) { + DEBUG(0, ("LDB message add string failed for version: %s\n", ldb_strerror(rv))); + talloc_free(mem_ctx); + return NT_STATUS_UNSUCCESSFUL; + } + msg->elements[1].flags = LDB_FLAG_MOD_REPLACE; + + rv = ldb_msg_add_string(msg, "displayName", gpo->display_name); + if (rv != 0) { + DEBUG(0, ("LDB message add string failed for displayName: %s\n", ldb_strerror(rv))); + talloc_free(mem_ctx); + return NT_STATUS_UNSUCCESSFUL; + } + msg->elements[2].flags = LDB_FLAG_MOD_REPLACE; + + rv = ldb_modify(gp_ctx->ldb_ctx, msg); + if (rv != 0) { + DEBUG(0, ("LDB modify failed: %s\n", ldb_strerror(rv))); + talloc_free(mem_ctx); + return NT_STATUS_UNSUCCESSFUL; + } + + talloc_free(mem_ctx); + return NT_STATUS_OK; +} diff --git a/source4/lib/policy/gp_manage.c b/source4/lib/policy/gp_manage.c index 476cef5af0..8d0ab2df4a 100644 --- a/source4/lib/policy/gp_manage.c +++ b/source4/lib/policy/gp_manage.c @@ -252,3 +252,44 @@ NTSTATUS gp_set_acl (struct gp_context *gp_ctx, const char *dn_str, const struct talloc_free(mem_ctx); return NT_STATUS_OK; } + +NTSTATUS gp_push_gpo (struct gp_context *gp_ctx, const char *local_path, struct gp_object *gpo) +{ + NTSTATUS status; + TALLOC_CTX *mem_ctx; + struct gp_ini_context *ini; + char *filename; + + mem_ctx = talloc_new(gp_ctx); + NT_STATUS_HAVE_NO_MEMORY(mem_ctx); + + /* Get version from ini file */ + /* FIXME: The local file system may be case sensitive */ + filename = talloc_asprintf(mem_ctx, "%s/%s", local_path, "GPT.INI"); + NT_STATUS_HAVE_NO_MEMORY_AND_FREE(filename, mem_ctx); + status = gp_parse_ini(mem_ctx, gp_ctx, local_path, &ini); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("Failed to parse GPT.INI.\n")); + talloc_free(mem_ctx); + return status; + } + + /* Push the GPT to the remote sysvol */ + status = gp_push_gpt(gp_ctx, local_path, gpo->file_sys_path); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("Failed to push GPT to DC's sysvol share.\n")); + talloc_free(mem_ctx); + return status; + } + + /* Write version to LDAP */ + status = gp_set_ldap_gpo(gp_ctx, gpo); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("Failed to set GPO options in DC's LDAP.\n")); + talloc_free(mem_ctx); + return status; + } + + talloc_free(mem_ctx); + return NT_STATUS_OK; +} diff --git a/source4/lib/policy/policy.h b/source4/lib/policy/policy.h index 8dc2f9ccb0..d22c3d6a9d 100644 --- a/source4/lib/policy/policy.h +++ b/source4/lib/policy/policy.h @@ -104,11 +104,15 @@ NTSTATUS gp_set_inheritance(struct gp_context *gp_ctx, const char *dn_str, enum NTSTATUS gp_create_ldap_gpo(struct gp_context *gp_ctx, struct gp_object *gpo); NTSTATUS gp_set_ads_acl (struct gp_context *gp_ctx, const char *dn_str, const struct security_descriptor *sd); +NTSTATUS gp_push_gpo (struct gp_context *gp_ctx, const char *local_path, struct gp_object *gpo); +NTSTATUS gp_set_ldap_gpo(struct gp_context *gp_ctx, struct gp_object *gpo); /* File system functions */ NTSTATUS gp_fetch_gpt (struct gp_context *gp_ctx, struct gp_object *gpo, const char **path); NTSTATUS gp_create_gpt(struct gp_context *gp_ctx, const char *name, const char *file_sys_path); NTSTATUS gp_set_gpt_security_descriptor(struct gp_context *gp_ctx, struct gp_object *gpo, struct security_descriptor *sd); +NTSTATUS gp_push_gpt(struct gp_context *gp_ctx, const char *local_path, + const char *file_sys_path); /* Ini functions */ NTSTATUS gp_parse_ini(TALLOC_CTX *mem_ctx, struct gp_context *gp_ctx, const char *filename, struct gp_ini_context **ret); |