summaryrefslogtreecommitdiff
path: root/source3/libads
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2006-09-28 21:33:54 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:14:53 -0500
commit73f4ac012aaebfe4f778f6971ce59049c242be7b (patch)
tree953ae713a4ddaacf367c4ee8ae87753bc7e1d5b6 /source3/libads
parent18d417663395febe60b23f376b2e92c9869e1126 (diff)
downloadsamba-73f4ac012aaebfe4f778f6971ce59049c242be7b.tar.gz
samba-73f4ac012aaebfe4f778f6971ce59049c242be7b.tar.bz2
samba-73f4ac012aaebfe4f778f6971ce59049c242be7b.zip
r18982: Move the gpo related functions to "libgpo".
Guenther (This used to be commit 1308a842716bc3bd1a9853b9b206dc7308a8c1dd)
Diffstat (limited to 'source3/libads')
-rw-r--r--source3/libads/gpo.c682
-rw-r--r--source3/libads/gpo_util.c523
2 files changed, 0 insertions, 1205 deletions
diff --git a/source3/libads/gpo.c b/source3/libads/gpo.c
deleted file mode 100644
index 4a121e9f6a..0000000000
--- a/source3/libads/gpo.c
+++ /dev/null
@@ -1,682 +0,0 @@
-/*
- * Unix SMB/CIFS implementation.
- * Group Policy Object Support
- * Copyright (C) Guenther Deschner 2005
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- */
-
-#include "includes.h"
-
-#ifdef HAVE_LDAP
-
-ADS_STATUS ads_parse_gp_ext(TALLOC_CTX *mem_ctx,
- const char *extension_raw,
- struct GP_EXT *gp_ext)
-{
- char **ext_list;
- char **ext_strings;
- int i;
-
- DEBUG(20,("ads_parse_gp_ext: %s\n", extension_raw));
-
- ext_list = str_list_make_talloc(mem_ctx, extension_raw, "]");
- if (ext_list == NULL) {
- goto parse_error;
- }
-
- for (i = 0; ext_list[i] != NULL; i++) {
- /* no op */
- }
-
- gp_ext->num_exts = i;
-
- gp_ext->extensions = TALLOC_ZERO_ARRAY(mem_ctx, char *, gp_ext->num_exts);
- gp_ext->extensions_guid = TALLOC_ZERO_ARRAY(mem_ctx, char *, gp_ext->num_exts);
- gp_ext->snapins = TALLOC_ZERO_ARRAY(mem_ctx, char *, gp_ext->num_exts);
- gp_ext->snapins_guid = TALLOC_ZERO_ARRAY(mem_ctx, char *, gp_ext->num_exts);
-
- gp_ext->gp_extension = talloc_strdup(mem_ctx, extension_raw);
-
- if (gp_ext->extensions == NULL || gp_ext->extensions_guid == NULL ||
- gp_ext->snapins == NULL || gp_ext->snapins_guid == NULL ||
- gp_ext->gp_extension == NULL) {
- goto parse_error;
- }
-
- for (i = 0; ext_list[i] != NULL; i++) {
-
- int k;
- char *p, *q;
-
- DEBUGADD(10,("extension #%d\n", i));
-
- p = ext_list[i];
-
- if (p[0] == '[') {
- p++;
- }
-
- ext_strings = str_list_make_talloc(mem_ctx, p, "}");
- if (ext_strings == NULL) {
- goto parse_error;
- }
-
- for (k = 0; ext_strings[k] != NULL; k++) {
- /* no op */
- }
-
- q = ext_strings[0];
-
- if (q[0] == '{') {
- q++;
- }
-
- gp_ext->extensions[i] = talloc_strdup(mem_ctx, cse_gpo_guid_string_to_name(q));
- gp_ext->extensions_guid[i] = talloc_strdup(mem_ctx, q);
-
- /* we might have no name for the guid */
- if (gp_ext->extensions_guid[i] == NULL) {
- goto parse_error;
- }
-
- for (k = 1; ext_strings[k] != NULL; k++) {
-
- char *m = ext_strings[k];
-
- if (m[0] == '{') {
- m++;
- }
-
- /* FIXME: theoretically there could be more than one snapin per extension */
- gp_ext->snapins[i] = talloc_strdup(mem_ctx, cse_snapin_gpo_guid_string_to_name(m));
- gp_ext->snapins_guid[i] = talloc_strdup(mem_ctx, m);
-
- /* we might have no name for the guid */
- if (gp_ext->snapins_guid[i] == NULL) {
- goto parse_error;
- }
- }
- }
-
- if (ext_list) {
- str_list_free_talloc(mem_ctx, &ext_list);
- }
- if (ext_strings) {
- str_list_free_talloc(mem_ctx, &ext_strings);
- }
-
- return ADS_ERROR(LDAP_SUCCESS);
-
-parse_error:
- if (ext_list) {
- str_list_free_talloc(mem_ctx, &ext_list);
- }
- if (ext_strings) {
- str_list_free_talloc(mem_ctx, &ext_strings);
- }
-
- return ADS_ERROR(LDAP_NO_MEMORY);
-}
-
-ADS_STATUS ads_parse_gplink(TALLOC_CTX *mem_ctx,
- const char *gp_link_raw,
- uint32 options,
- struct GP_LINK *gp_link)
-{
- char **link_list;
- int i;
-
- DEBUG(10,("ads_parse_gplink: gPLink: %s\n", gp_link_raw));
-
- link_list = str_list_make_talloc(mem_ctx, gp_link_raw, "]");
- if (link_list == NULL) {
- goto parse_error;
- }
-
- for (i = 0; link_list[i] != NULL; i++) {
- /* no op */
- }
-
- gp_link->gp_opts = options;
- gp_link->num_links = i;
-
- gp_link->link_names = TALLOC_ZERO_ARRAY(mem_ctx, char *, gp_link->num_links);
- gp_link->link_opts = TALLOC_ZERO_ARRAY(mem_ctx, uint32, gp_link->num_links);
-
- gp_link->gp_link = talloc_strdup(mem_ctx, gp_link_raw);
-
- if (gp_link->link_names == NULL || gp_link->link_opts == NULL || gp_link->gp_link == NULL) {
- goto parse_error;
- }
-
- for (i = 0; link_list[i] != NULL; i++) {
-
- char *p, *q;
-
- DEBUGADD(10,("ads_parse_gplink: processing link #%d\n", i));
-
- q = link_list[i];
- if (q[0] == '[') {
- q++;
- };
-
- p = strchr(q, ';');
-
- if (p == NULL) {
- goto parse_error;
- }
-
- gp_link->link_names[i] = talloc_strdup(mem_ctx, q);
- if (gp_link->link_names[i] == NULL) {
- goto parse_error;
- }
- gp_link->link_names[i][PTR_DIFF(p, q)] = 0;
-
- gp_link->link_opts[i] = atoi(p + 1);
-
- DEBUGADD(10,("ads_parse_gplink: link: %s\n", gp_link->link_names[i]));
- DEBUGADD(10,("ads_parse_gplink: opt: %d\n", gp_link->link_opts[i]));
-
- }
-
- if (link_list) {
- str_list_free_talloc(mem_ctx, &link_list);
- }
-
- return ADS_ERROR(LDAP_SUCCESS);
-
-parse_error:
- if (link_list) {
- str_list_free_talloc(mem_ctx, &link_list);
- }
-
- return ADS_ERROR(LDAP_NO_MEMORY);
-}
-
-ADS_STATUS ads_get_gpo_link(ADS_STRUCT *ads,
- TALLOC_CTX *mem_ctx,
- const char *link_dn,
- struct GP_LINK *gp_link_struct)
-{
- ADS_STATUS status;
- const char *attrs[] = {"gPLink", "gPOptions", NULL};
- LDAPMessage *res = NULL;
- const char *gp_link;
- uint32 gp_options;
-
- ZERO_STRUCTP(gp_link_struct);
-
- status = ads_search_dn(ads, &res, link_dn, attrs);
- if (!ADS_ERR_OK(status)) {
- DEBUG(10,("ads_get_gpo_link: search failed with %s\n", ads_errstr(status)));
- return status;
- }
-
- if (ads_count_replies(ads, res) != 1) {
- DEBUG(10,("ads_get_gpo_link: no result\n"));
- ads_msgfree(ads, res);
- return ADS_ERROR(LDAP_NO_SUCH_OBJECT);
- }
-
- gp_link = ads_pull_string(ads, mem_ctx, res, "gPLink");
- if (gp_link == NULL) {
- DEBUG(10,("ads_get_gpo_link: no 'gPLink' attribute found\n"));
- ads_msgfree(ads, res);
- return ADS_ERROR(LDAP_NO_SUCH_ATTRIBUTE);
- }
-
- if (!ads_pull_uint32(ads, res, "gPOptions", &gp_options)) {
- DEBUG(10,("ads_get_gpo_link: no 'gPOptions' attribute found\n"));
- gp_options = 0;
- }
-
- ads_msgfree(ads, res);
-
- return ads_parse_gplink(mem_ctx, gp_link, gp_options, gp_link_struct);
-}
-
-ADS_STATUS ads_add_gpo_link(ADS_STRUCT *ads,
- TALLOC_CTX *mem_ctx,
- const char *link_dn,
- const char *gpo_dn,
- uint32 gpo_opt)
-{
- ADS_STATUS status;
- const char *attrs[] = {"gPLink", NULL};
- LDAPMessage *res = NULL;
- const char *gp_link, *gp_link_new;
- ADS_MODLIST mods;
-
-
- /* although ADS allows to set anything here, we better check here if
- * the gpo_dn is sane */
-
- if (!strnequal(gpo_dn, "LDAP://CN={", strlen("LDAP://CN={")) != 0) {
- return ADS_ERROR(LDAP_INVALID_DN_SYNTAX);
- }
-
- status = ads_search_dn(ads, &res, link_dn, attrs);
- if (!ADS_ERR_OK(status)) {
- DEBUG(10,("ads_add_gpo_link: search failed with %s\n", ads_errstr(status)));
- return status;
- }
-
- if (ads_count_replies(ads, res) != 1) {
- DEBUG(10,("ads_add_gpo_link: no result\n"));
- ads_msgfree(ads, res);
- return ADS_ERROR(LDAP_NO_SUCH_OBJECT);
- }
-
- gp_link = ads_pull_string(ads, mem_ctx, res, "gPLink");
- if (gp_link == NULL) {
- gp_link_new = talloc_asprintf(mem_ctx, "[%s;%d]", gpo_dn, gpo_opt);
- } else {
- gp_link_new = talloc_asprintf(mem_ctx, "%s[%s;%d]", gp_link, gpo_dn, gpo_opt);
- }
-
- ads_msgfree(ads, res);
- if (gp_link_new == NULL) {
- return ADS_ERROR(LDAP_NO_MEMORY);
- }
-
- mods = ads_init_mods(mem_ctx);
- if (mods == NULL) {
- return ADS_ERROR(LDAP_NO_MEMORY);
- }
-
- status = ads_mod_str(mem_ctx, &mods, "gPLink", gp_link_new);
- if (!ADS_ERR_OK(status)) {
- return status;
- }
-
- return ads_gen_mod(ads, link_dn, mods);
-}
-
-/* untested & broken */
-ADS_STATUS ads_delete_gpo_link(ADS_STRUCT *ads,
- TALLOC_CTX *mem_ctx,
- const char *link_dn,
- const char *gpo_dn)
-{
- ADS_STATUS status;
- const char *attrs[] = {"gPLink", NULL};
- LDAPMessage *res = NULL;
- const char *gp_link, *gp_link_new = NULL;
- ADS_MODLIST mods;
-
- /* check for a sane gpo_dn */
- if (gpo_dn[0] != '[') {
- DEBUG(10,("ads_delete_gpo_link: first char not: [\n"));
- return ADS_ERROR(LDAP_INVALID_DN_SYNTAX);
- }
-
- if (gpo_dn[strlen(gpo_dn)] != ']') {
- DEBUG(10,("ads_delete_gpo_link: last char not: ]\n"));
- return ADS_ERROR(LDAP_INVALID_DN_SYNTAX);
- }
-
- status = ads_search_dn(ads, &res, link_dn, attrs);
- if (!ADS_ERR_OK(status)) {
- DEBUG(10,("ads_delete_gpo_link: search failed with %s\n", ads_errstr(status)));
- return status;
- }
-
- if (ads_count_replies(ads, res) != 1) {
- DEBUG(10,("ads_delete_gpo_link: no result\n"));
- ads_msgfree(ads, res);
- return ADS_ERROR(LDAP_NO_SUCH_OBJECT);
- }
-
- gp_link = ads_pull_string(ads, mem_ctx, res, "gPLink");
- if (gp_link == NULL) {
- return ADS_ERROR(LDAP_NO_SUCH_ATTRIBUTE);
- }
-
- /* find link to delete */
- /* gp_link_new = talloc_asprintf(mem_ctx, "%s[%s;%d]", gp_link, gpo_dn, gpo_opt); */
-
- ads_msgfree(ads, res);
- if (gp_link_new == NULL) {
- return ADS_ERROR(LDAP_NO_MEMORY);
- }
-
- mods = ads_init_mods(mem_ctx);
- if (mods == NULL) {
- return ADS_ERROR(LDAP_NO_MEMORY);
- }
-
- status = ads_mod_str(mem_ctx, &mods, "gPLink", gp_link_new);
- if (!ADS_ERR_OK(status)) {
- return status;
- }
-
- return ads_gen_mod(ads, link_dn, mods);
-}
-
- ADS_STATUS ads_parse_gpo(ADS_STRUCT *ads,
- TALLOC_CTX *mem_ctx,
- LDAPMessage *res,
- const char *gpo_dn,
- struct GROUP_POLICY_OBJECT *gpo)
-{
- ZERO_STRUCTP(gpo);
-
- if (res == NULL) {
- return ADS_ERROR(LDAP_NO_MEMORY);
- }
-
- if (gpo_dn) {
- gpo->ds_path = talloc_strdup(mem_ctx, gpo_dn);
- } else {
- gpo->ds_path = ads_get_dn(ads, res);
- }
- if (gpo->ds_path == NULL) {
- return ADS_ERROR(LDAP_NO_MEMORY);
- }
-
- if (!ads_pull_uint32(ads, res, "versionNumber", &gpo->version)) {
- return ADS_ERROR(LDAP_NO_MEMORY);
- }
-
- /* split here for convenience */
- gpo->version_user = GPO_VERSION_USER(gpo->version);
- gpo->version_machine = GPO_VERSION_MACHINE(gpo->version);
-
- /* sure ??? */
- if (!ads_pull_uint32(ads, res, "flags", &gpo->options)) {
- return ADS_ERROR(LDAP_NO_MEMORY);
- }
-
- gpo->file_sys_path = ads_pull_string(ads, mem_ctx, res, "gPCFileSysPath");
- if (gpo->file_sys_path == NULL) {
- return ADS_ERROR(LDAP_NO_MEMORY);
- }
-
- gpo->display_name = ads_pull_string(ads, mem_ctx, res, "displayName");
- if (gpo->display_name == NULL) {
- return ADS_ERROR(LDAP_NO_MEMORY);
- }
-
- gpo->name = ads_pull_string(ads, mem_ctx, res, "name");
- if (gpo->name == NULL) {
- return ADS_ERROR(LDAP_NO_MEMORY);
- }
-
- /* ???, this is optional to have and what does it depend on, the 'flags' ?) */
- gpo->machine_extensions = ads_pull_string(ads, mem_ctx, res, "gPCMachineExtensionNames");
- gpo->user_extensions = ads_pull_string(ads, mem_ctx, res, "gPCUserExtensionNames");
-
- return ADS_ERROR(LDAP_SUCCESS);
-}
-
-ADS_STATUS ads_get_gpo(ADS_STRUCT *ads,
- TALLOC_CTX *mem_ctx,
- const char *gpo_dn,
- const char *display_name,
- const char *guid_name,
- struct GROUP_POLICY_OBJECT *gpo)
-{
- ADS_STATUS status;
- LDAPMessage *res = NULL;
- char *dn;
- const char *filter;
- const char *attrs[] = { "cn", "displayName", "flags", "gPCFileSysPath",
- "gPCFunctionalityVersion", "gPCMachineExtensionNames",
- "gPCUserExtensionNames", "gPCWQLFilter", "name",
- "versionNumber", NULL};
-
- ZERO_STRUCTP(gpo);
-
- if (!gpo_dn && !display_name && !guid_name) {
- return ADS_ERROR(LDAP_NO_SUCH_OBJECT);
- }
-
- if (gpo_dn) {
-
- if (strnequal(gpo_dn, "LDAP://", strlen("LDAP://")) != 0) {
- gpo_dn = gpo_dn + strlen("LDAP://");
- }
-
- status = ads_search_dn(ads, &res, gpo_dn, attrs);
-
- } else if (display_name || guid_name) {
-
- filter = talloc_asprintf(mem_ctx,
- "(&(objectclass=groupPolicyContainer)(%s=%s))",
- display_name ? "displayName" : "name",
- display_name ? display_name : guid_name);
- if (filter == NULL) {
- return ADS_ERROR(LDAP_NO_MEMORY);
- }
-
- status = ads_do_search_all(ads, ads->config.bind_path,
- LDAP_SCOPE_SUBTREE, filter,
- attrs, &res);
- }
-
- if (!ADS_ERR_OK(status)) {
- DEBUG(10,("ads_get_gpo: search failed with %s\n", ads_errstr(status)));
- return status;
- }
-
- if (ads_count_replies(ads, res) != 1) {
- DEBUG(10,("ads_get_gpo: no result\n"));
- ads_msgfree(ads, res);
- return ADS_ERROR(LDAP_NO_SUCH_OBJECT);
- }
-
- dn = ads_get_dn(ads, res);
- if (dn == NULL) {
- ads_msgfree(ads, res);
- return ADS_ERROR(LDAP_NO_MEMORY);
- }
-
- status = ads_parse_gpo(ads, mem_ctx, res, dn, gpo);
- ads_msgfree(ads, res);
- ads_memfree(ads, dn);
-
- return status;
-}
-
-ADS_STATUS add_gplink_to_gpo_list(ADS_STRUCT *ads,
- TALLOC_CTX *mem_ctx,
- struct GROUP_POLICY_OBJECT **gpo_list,
- const char *link_dn,
- struct GP_LINK *gp_link,
- enum GPO_LINK_TYPE link_type,
- BOOL only_add_forced_gpos)
-{
- ADS_STATUS status;
- int i;
-
- for (i = 0; i < gp_link->num_links; i++) {
-
- struct GROUP_POLICY_OBJECT *new_gpo = NULL;
-
- if (gp_link->link_opts[i] & GPO_LINK_OPT_DISABLED) {
- DEBUG(10,("skipping disabled GPO\n"));
- continue;
- }
-
- if (only_add_forced_gpos) {
-
- if (! (gp_link->link_opts[i] & GPO_LINK_OPT_ENFORCED)) {
- DEBUG(10,("skipping nonenforced GPO link because GPOPTIONS_BLOCK_INHERITANCE has been set\n"));
- continue;
- } else {
- DEBUG(10,("adding enforced GPO link although the GPOPTIONS_BLOCK_INHERITANCE has been set\n"));
- }
- }
-
- new_gpo = TALLOC_P(mem_ctx, struct GROUP_POLICY_OBJECT);
- if (new_gpo == NULL) {
- return ADS_ERROR(LDAP_NO_MEMORY);
- }
-
- ZERO_STRUCTP(new_gpo);
-
- status = ads_get_gpo(ads, mem_ctx, gp_link->link_names[i], NULL, NULL, new_gpo);
- if (!ADS_ERR_OK(status)) {
- return status;
- }
-
- new_gpo->link = link_dn;
- new_gpo->link_type = link_type;
-
- DLIST_ADD(*gpo_list, new_gpo);
-
- DEBUG(10,("add_gplink_to_gplist: added GPLINK #%d %s to GPO list\n",
- i, gp_link->link_names[i]));
- }
-
- return ADS_ERROR(LDAP_SUCCESS);
-}
-
-ADS_STATUS ads_get_gpo_list(ADS_STRUCT *ads,
- TALLOC_CTX *mem_ctx,
- const char *dn,
- uint32 flags,
- struct GROUP_POLICY_OBJECT **gpo_list)
-{
- /* (L)ocal (S)ite (D)omain (O)rganizational(U)nit */
-
- ADS_STATUS status;
- struct GP_LINK gp_link;
- const char *parent_dn, *site_dn, *tmp_dn;
- BOOL add_only_forced_gpos = False;
-
- ZERO_STRUCTP(gpo_list);
-
- DEBUG(10,("ads_get_gpo_list: getting GPO list for [%s]\n", dn));
-
- /* (L)ocal */
- /* not yet... */
-
- /* (S)ite */
-
- /* are site GPOs valid for users as well ??? */
- if (flags & GPO_LIST_FLAG_MACHINE) {
-
- status = ads_site_dn_for_machine(ads, mem_ctx, ads->config.ldap_server_name, &site_dn);
- if (!ADS_ERR_OK(status)) {
- return status;
- }
-
- DEBUG(10,("ads_get_gpo_list: query SITE: [%s] for GPOs\n", site_dn));
-
- status = ads_get_gpo_link(ads, mem_ctx, site_dn, &gp_link);
- if (ADS_ERR_OK(status)) {
-
- if (DEBUGLEVEL >= 100) {
- dump_gplink(ads, mem_ctx, &gp_link);
- }
-
- status = add_gplink_to_gpo_list(ads, mem_ctx, gpo_list,
- site_dn, &gp_link, GP_LINK_SITE,
- add_only_forced_gpos);
- if (!ADS_ERR_OK(status)) {
- return status;
- }
-
- if (flags & GPO_LIST_FLAG_SITEONLY) {
- return ADS_ERROR(LDAP_SUCCESS);
- }
-
- /* inheritance can't be blocked at the site level */
- }
- }
-
- tmp_dn = dn;
-
- while ( (parent_dn = ads_parent_dn(tmp_dn)) &&
- (!strequal(parent_dn, ads_parent_dn(ads->config.bind_path))) ) {
-
- /* (D)omain */
-
- /* An account can just be a member of one domain */
- if (strncmp(parent_dn, "DC=", strlen("DC=")) == 0) {
-
- DEBUG(10,("ads_get_gpo_list: query DC: [%s] for GPOs\n", parent_dn));
-
- status = ads_get_gpo_link(ads, mem_ctx, parent_dn, &gp_link);
- if (ADS_ERR_OK(status)) {
-
- if (DEBUGLEVEL >= 100) {
- dump_gplink(ads, mem_ctx, &gp_link);
- }
-
- /* block inheritance from now on */
- if (gp_link.gp_opts & GPOPTIONS_BLOCK_INHERITANCE) {
- add_only_forced_gpos = True;
- }
-
- status = add_gplink_to_gpo_list(ads, mem_ctx,
- gpo_list, parent_dn,
- &gp_link, GP_LINK_DOMAIN,
- add_only_forced_gpos);
- if (!ADS_ERR_OK(status)) {
- return status;
- }
- }
- }
-
- tmp_dn = parent_dn;
- }
-
- /* reset dn again */
- tmp_dn = dn;
-
- while ( (parent_dn = ads_parent_dn(tmp_dn)) &&
- (!strequal(parent_dn, ads_parent_dn(ads->config.bind_path))) ) {
-
-
- /* (O)rganizational(U)nit */
-
- /* An account can be a member of more OUs */
- if (strncmp(parent_dn, "OU=", strlen("OU=")) == 0) {
-
- DEBUG(10,("ads_get_gpo_list: query OU: [%s] for GPOs\n", parent_dn));
-
- status = ads_get_gpo_link(ads, mem_ctx, parent_dn, &gp_link);
- if (ADS_ERR_OK(status)) {
-
- if (DEBUGLEVEL >= 100) {
- dump_gplink(ads, mem_ctx, &gp_link);
- }
-
- /* block inheritance from now on */
- if (gp_link.gp_opts & GPOPTIONS_BLOCK_INHERITANCE) {
- add_only_forced_gpos = True;
- }
-
- status = add_gplink_to_gpo_list(ads, mem_ctx,
- gpo_list, parent_dn,
- &gp_link, GP_LINK_OU,
- add_only_forced_gpos);
- if (!ADS_ERR_OK(status)) {
- return status;
- }
- }
- }
-
- tmp_dn = parent_dn;
-
- };
-
- return ADS_ERROR(LDAP_SUCCESS);
-}
-
-#endif /* HAVE_LDAP */
diff --git a/source3/libads/gpo_util.c b/source3/libads/gpo_util.c
deleted file mode 100644
index a30df6e9eb..0000000000
--- a/source3/libads/gpo_util.c
+++ /dev/null
@@ -1,523 +0,0 @@
-/*
- * Unix SMB/CIFS implementation.
- * Group Policy Object Support
- * Copyright (C) Guenther Deschner 2005
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- */
-
-#include "includes.h"
-
-#ifdef HAVE_LDAP
-
-#define DEFAULT_DOMAIN_POLICY "Default Domain Policy"
-#define DEFAULT_DOMAIN_CONTROLLERS_POLICY "Default Domain Controllers Policy"
-
-/* should we store a parsed guid ? */
-struct gpo_table {
- const char *name;
- const char *guid_string;
-};
-
-struct snapin_table {
- const char *name;
- const char *guid_string;
- ADS_STATUS (*snapin_fn)(ADS_STRUCT *, TALLOC_CTX *mem_ctx, const char *, const char *);
-};
-
-#if 0 /* unused */
-static struct gpo_table gpo_default_policy[] = {
- { DEFAULT_DOMAIN_POLICY,
- "31B2F340-016D-11D2-945F-00C04FB984F9" },
- { DEFAULT_DOMAIN_CONTROLLERS_POLICY,
- "6AC1786C-016F-11D2-945F-00C04fB984F9" },
- { NULL, NULL }
-};
-#endif
-
-/* the following is seen in gPCMachineExtensionNames or gPCUserExtensionNames */
-
-static struct gpo_table gpo_cse_extensions[] = {
- { "Administrative Templates Extension",
- "35378EAC-683F-11D2-A89A-00C04FBBCFA2" }, /* Registry Policy ? */
- { "Microsoft Disc Quota",
- "3610EDA5-77EF-11D2-8DC5-00C04FA31A66" },
- { "EFS recovery",
- "B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A" },
- { "Folder Redirection",
- "25537BA6-77A8-11D2-9B6C-0000F8080861" },
- { "IP Security",
- "E437BC1C-AA7D-11D2-A382-00C04F991E27" },
- { "Internet Explorer Branding",
- "A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B" },
- { "QoS Packet Scheduler",
- "426031c0-0b47-4852-b0ca-ac3d37bfcb39" },
- { "Scripts",
- "42B5FAAE-6536-11D2-AE5A-0000F87571E3" },
- { "Security",
- "827D319E-6EAC-11D2-A4EA-00C04F79F83A" },
- { "Software Installation",
- "C6DC5466-785A-11D2-84D0-00C04FB169F7" },
- { "Wireless Group Policy",
- "0ACDD40C-75AC-BAA0-BF6DE7E7FE63" },
- { NULL, NULL }
-};
-
-/* guess work */
-static struct snapin_table gpo_cse_snapin_extensions[] = {
- { "Administrative Templates",
- "0F6B957D-509E-11D1-A7CC-0000F87571E3", gpo_snapin_handler_none },
- { "Certificates",
- "53D6AB1D-2488-11D1-A28C-00C04FB94F17", gpo_snapin_handler_none },
- { "EFS recovery policy processing",
- "B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A", gpo_snapin_handler_none },
- { "Folder Redirection policy processing",
- "25537BA6-77A8-11D2-9B6C-0000F8080861", gpo_snapin_handler_none },
- { "Folder Redirection",
- "88E729D6-BDC1-11D1-BD2A-00C04FB9603F", gpo_snapin_handler_none },
- { "Registry policy processing",
- "35378EAC-683F-11D2-A89A-00C04FBBCFA2", gpo_snapin_handler_none },
- { "Remote Installation Services",
- "3060E8CE-7020-11D2-842D-00C04FA372D4", gpo_snapin_handler_none },
- { "Security Settings",
- "803E14A0-B4FB-11D0-A0D0-00A0C90F574B", gpo_snapin_handler_security_settings },
- { "Security policy processing",
- "827D319E-6EAC-11D2-A4EA-00C04F79F83A", gpo_snapin_handler_security_settings },
- { "unknown",
- "3060E8D0-7020-11D2-842D-00C04FA372D4", gpo_snapin_handler_none },
- { "unknown2",
- "53D6AB1B-2488-11D1-A28C-00C04FB94F17", gpo_snapin_handler_none },
- { NULL, NULL, NULL }
-};
-
-static const char *name_to_guid_string(const char *name, struct gpo_table *table)
-{
- int i;
-
- for (i = 0; table[i].name; i++) {
- if (strequal(name, table[i].name)) {
- return table[i].guid_string;
- }
- }
-
- return NULL;
-}
-
-static const char *guid_string_to_name(const char *guid_string, struct gpo_table *table)
-{
- int i;
-
- for (i = 0; table[i].guid_string; i++) {
- if (strequal(guid_string, table[i].guid_string)) {
- return table[i].name;
- }
- }
-
- return NULL;
-}
-
-static const char *snapin_guid_string_to_name(const char *guid_string,
- struct snapin_table *table)
-{
- int i;
- for (i = 0; table[i].guid_string; i++) {
- if (strequal(guid_string, table[i].guid_string)) {
- return table[i].name;
- }
- }
- return NULL;
-}
-
-#if 0 /* unused */
-static const char *default_gpo_name_to_guid_string(const char *name)
-{
- return name_to_guid_string(name, gpo_default_policy);
-}
-
-static const char *default_gpo_guid_string_to_name(const char *guid)
-{
- return guid_string_to_name(guid, gpo_default_policy);
-}
-#endif
-
-const char *cse_gpo_guid_string_to_name(const char *guid)
-{
- return guid_string_to_name(guid, gpo_cse_extensions);
-}
-
-static const char *cse_gpo_name_to_guid_string(const char *name)
-{
- return name_to_guid_string(name, gpo_cse_extensions);
-}
-
-const char *cse_snapin_gpo_guid_string_to_name(const char *guid)
-{
- return snapin_guid_string_to_name(guid, gpo_cse_snapin_extensions);
-}
-
-void dump_gp_ext(struct GP_EXT *gp_ext)
-{
- int lvl = 10;
- int i;
-
- if (gp_ext == NULL) {
- return;
- }
-
- DEBUG(lvl,("---------------------\n\n"));
- DEBUGADD(lvl,("name:\t\t\t%s\n", gp_ext->gp_extension));
-
- for (i=0; i< gp_ext->num_exts; i++) {
-
- DEBUGADD(lvl,("extension:\t\t\t%s\n", gp_ext->extensions_guid[i]));
- DEBUGADD(lvl,("extension (name):\t\t\t%s\n", gp_ext->extensions[i]));
-
- DEBUGADD(lvl,("snapin:\t\t\t%s\n", gp_ext->snapins_guid[i]));
- DEBUGADD(lvl,("snapin (name):\t\t\t%s\n", gp_ext->snapins[i]));
- }
-}
-
-void dump_gpo(TALLOC_CTX *mem_ctx, struct GROUP_POLICY_OBJECT *gpo)
-{
- int lvl = 1;
-
- if (gpo == NULL) {
- return;
- }
-
- DEBUG(lvl,("---------------------\n\n"));
-
- DEBUGADD(lvl,("name:\t\t\t%s\n", gpo->name));
- DEBUGADD(lvl,("displayname:\t\t%s\n", gpo->display_name));
- DEBUGADD(lvl,("version:\t\t%d (0x%08x)\n", gpo->version, gpo->version));
- DEBUGADD(lvl,("version_user:\t\t%d (0x%04x)\n", gpo->version_user, gpo->version_user));
- DEBUGADD(lvl,("version_machine:\t%d (0x%04x)\n", gpo->version_machine, gpo->version_machine));
- DEBUGADD(lvl,("filesyspath:\t\t%s\n", gpo->file_sys_path));
- DEBUGADD(lvl,("dspath:\t\t%s\n", gpo->ds_path));
-
- DEBUGADD(lvl,("options:\t\t%d ", gpo->options));
- if (gpo->options & GPFLAGS_USER_SETTINGS_DISABLED) {
- DEBUGADD(lvl,("GPFLAGS_USER_SETTINGS_DISABLED "));
- }
- if (gpo->options & GPFLAGS_MACHINE_SETTINGS_DISABLED) {
- DEBUGADD(lvl,("GPFLAGS_MACHINE_SETTINGS_DISABLED"));
- }
- DEBUGADD(lvl,("\n"));
-
- DEBUGADD(lvl,("link:\t\t\t%s\n", gpo->link));
- DEBUGADD(lvl,("link_type:\t\t%d ", gpo->link_type));
- switch (gpo->link_type) {
- case GP_LINK_UNKOWN:
- DEBUGADD(lvl,("GP_LINK_UNKOWN\n"));
- break;
- case GP_LINK_OU:
- DEBUGADD(lvl,("GP_LINK_OU\n"));
- break;
- case GP_LINK_DOMAIN:
- DEBUGADD(lvl,("GP_LINK_DOMAIN\n"));
- break;
- case GP_LINK_SITE:
- DEBUGADD(lvl,("GP_LINK_SITE\n"));
- break;
- case GP_LINK_MACHINE:
- DEBUGADD(lvl,("GP_LINK_MACHINE\n"));
- break;
- default:
- break;
- }
-
- if (gpo->machine_extensions) {
-
- struct GP_EXT gp_ext;
- ADS_STATUS status;
-
- DEBUGADD(lvl,("machine_extensions:\t%s\n", gpo->machine_extensions));
-
- status = ads_parse_gp_ext(mem_ctx, gpo->machine_extensions, &gp_ext);
- if (!ADS_ERR_OK(status)) {
- return;
- }
- dump_gp_ext(&gp_ext);
- }
-
- if (gpo->user_extensions) {
-
- struct GP_EXT gp_ext;
- ADS_STATUS status;
-
- DEBUGADD(lvl,("user_extensions:\t%s\n", gpo->user_extensions));
-
- status = ads_parse_gp_ext(mem_ctx, gpo->user_extensions, &gp_ext);
- if (!ADS_ERR_OK(status)) {
- return;
- }
- dump_gp_ext(&gp_ext);
- }
-};
-
-void dump_gplink(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, struct GP_LINK *gp_link)
-{
- ADS_STATUS status;
- int i;
- int lvl = 10;
-
- if (gp_link == NULL) {
- return;
- }
-
- DEBUG(lvl,("---------------------\n\n"));
-
- DEBUGADD(lvl,("gplink: %s\n", gp_link->gp_link));
- DEBUGADD(lvl,("gpopts: %d ", gp_link->gp_opts));
- switch (gp_link->gp_opts) {
- case GPOPTIONS_INHERIT:
- DEBUGADD(lvl,("GPOPTIONS_INHERIT\n"));
- break;
- case GPOPTIONS_BLOCK_INHERITANCE:
- DEBUGADD(lvl,("GPOPTIONS_BLOCK_INHERITANCE\n"));
- break;
- default:
- break;
- }
-
- DEBUGADD(lvl,("num links: %d\n", gp_link->num_links));
-
- for (i = 0; i < gp_link->num_links; i++) {
-
- DEBUGADD(lvl,("---------------------\n\n"));
-
- DEBUGADD(lvl,("link: #%d\n", i + 1));
- DEBUGADD(lvl,("name: %s\n", gp_link->link_names[i]));
-
- DEBUGADD(lvl,("opt: %d ", gp_link->link_opts[i]));
- if (gp_link->link_opts[i] & GPO_LINK_OPT_ENFORCED) {
- DEBUGADD(lvl,("GPO_LINK_OPT_ENFORCED "));
- }
- if (gp_link->link_opts[i] & GPO_LINK_OPT_DISABLED) {
- DEBUGADD(lvl,("GPO_LINK_OPT_DISABLED"));
- }
- DEBUGADD(lvl,("\n"));
-
- if (ads != NULL && mem_ctx != NULL) {
-
- struct GROUP_POLICY_OBJECT gpo;
-
- status = ads_get_gpo(ads, mem_ctx, gp_link->link_names[i], NULL, NULL, &gpo);
- if (!ADS_ERR_OK(status)) {
- DEBUG(lvl,("get gpo for %s failed: %s\n", gp_link->link_names[i], ads_errstr(status)));
- return;
- }
- dump_gpo(mem_ctx, &gpo);
- }
- }
-}
-
-ADS_STATUS process_extension_with_snapin(ADS_STRUCT *ads,
- TALLOC_CTX *mem_ctx,
- const char *extension_guid,
- const char *snapin_guid)
-{
- int i;
-
- for (i=0; gpo_cse_snapin_extensions[i].guid_string; i++) {
-
- if (strcmp(gpo_cse_snapin_extensions[i].guid_string, snapin_guid) == 0) {
-
- return gpo_cse_snapin_extensions[i].snapin_fn(ads, mem_ctx,
- extension_guid, snapin_guid);
- }
- }
-
- DEBUG(10,("process_extension_with_snapin: no snapin handler for extension %s (%s) found\n",
- extension_guid, snapin_guid));
-
- return ADS_ERROR(LDAP_SUCCESS);
-}
-
-ADS_STATUS gpo_process_a_gpo(ADS_STRUCT *ads,
- TALLOC_CTX *mem_ctx,
- struct GROUP_POLICY_OBJECT *gpo,
- const char *extension_guid,
- uint32 flags)
-{
- ADS_STATUS status;
- struct GP_EXT gp_ext;
- int i;
-
- if (flags & GPO_LIST_FLAG_MACHINE) {
-
- if (gpo->machine_extensions) {
-
- status = ads_parse_gp_ext(mem_ctx, gpo->machine_extensions, &gp_ext);
-
- if (!ADS_ERR_OK(status)) {
- return status;
- }
-
- } else {
- /* nothing to apply */
- return ADS_ERROR(LDAP_SUCCESS);
- }
-
- } else {
-
- if (gpo->user_extensions) {
-
- status = ads_parse_gp_ext(mem_ctx, gpo->user_extensions, &gp_ext);
-
- if (!ADS_ERR_OK(status)) {
- return status;
- }
- } else {
- /* nothing to apply */
- return ADS_ERROR(LDAP_SUCCESS);
- }
- }
-
- for (i=0; i<gp_ext.num_exts; i++) {
-
- if (extension_guid && !strequal(extension_guid, gp_ext.extensions_guid[i])) {
- continue;
- }
-
- status = process_extension_with_snapin(ads, mem_ctx, gp_ext.extensions_guid[i],
- gp_ext.snapins_guid[i]);
- if (!ADS_ERR_OK(status)) {
- return status;
- }
- }
-
- return ADS_ERROR(LDAP_SUCCESS);
-}
-
-ADS_STATUS gpo_process_gpo_list(ADS_STRUCT *ads,
- TALLOC_CTX *mem_ctx,
- struct GROUP_POLICY_OBJECT **gpo_list,
- const char *extensions_guid,
- uint32 flags)
-{
- ADS_STATUS status;
- struct GROUP_POLICY_OBJECT *gpo = *gpo_list;
-
- for (gpo = *gpo_list; gpo; gpo = gpo->next) {
-
- status = gpo_process_a_gpo(ads, mem_ctx, gpo,
- extensions_guid, flags);
-
- if (!ADS_ERR_OK(status)) {
- return status;
- }
-
- }
-
- return ADS_ERROR(LDAP_SUCCESS);
-}
-
-ADS_STATUS gpo_snapin_handler_none(ADS_STRUCT *ads,
- TALLOC_CTX *mem_ctx,
- const char *extension_guid,
- const char *snapin_guid)
-{
- DEBUG(10,("gpo_snapin_handler_none\n"));
-
- return ADS_ERROR(LDAP_SUCCESS);
-}
-
-ADS_STATUS gpo_snapin_handler_security_settings(ADS_STRUCT *ads,
- TALLOC_CTX *mem_ctx,
- const char *extension_guid,
- const char *snapin_guid)
-{
- DEBUG(10,("gpo_snapin_handler_security_settings\n"));
-
- return ADS_ERROR(LDAP_SUCCESS);
-}
-
-ADS_STATUS gpo_lockout_policy(ADS_STRUCT *ads,
- TALLOC_CTX *mem_ctx,
- const char *hostname,
- SAM_UNK_INFO_12 *lockout_policy)
-{
- return ADS_ERROR_NT(NT_STATUS_NOT_IMPLEMENTED);
-}
-
-ADS_STATUS gpo_password_policy(ADS_STRUCT *ads,
- TALLOC_CTX *mem_ctx,
- const char *hostname,
- SAM_UNK_INFO_1 *password_policy)
-{
- ADS_STATUS status;
- struct GROUP_POLICY_OBJECT *gpo_list;
- const char *attrs[] = {"distinguishedName", "userAccountControl", NULL};
- char *filter, *dn;
- LDAPMessage *res = NULL;
- uint32 uac;
-
- filter = talloc_asprintf(mem_ctx, "(&(objectclass=user)(sAMAccountName=%s))", hostname);
- if (filter == NULL) {
- return ADS_ERROR(LDAP_NO_MEMORY);
- }
-
- status = ads_do_search_all(ads, ads->config.bind_path,
- LDAP_SCOPE_SUBTREE,
- filter, attrs, &res);
-
- if (!ADS_ERR_OK(status)) {
- return status;
- }
-
- if (ads_count_replies(ads, res) != 1) {
- ads_msgfree(ads, res);
- return ADS_ERROR(LDAP_NO_SUCH_OBJECT);
- }
-
- dn = ads_get_dn(ads, res);
- if (dn == NULL) {
- ads_msgfree(ads, res);
- return ADS_ERROR(LDAP_NO_MEMORY);
- }
-
- if (!ads_pull_uint32(ads, res, "userAccountControl", &uac)) {
- ads_msgfree(ads, res);
- ads_memfree(ads, dn);
- return ADS_ERROR(LDAP_NO_MEMORY);
- }
-
- ads_msgfree(ads, res);
-
- if (!(uac & UF_WORKSTATION_TRUST_ACCOUNT)) {
- ads_memfree(ads, dn);
- return ADS_ERROR(LDAP_NO_SUCH_OBJECT);
- }
-
- status = ads_get_gpo_list(ads, mem_ctx, dn, GPO_LIST_FLAG_MACHINE, &gpo_list);
- if (!ADS_ERR_OK(status)) {
- ads_memfree(ads, dn);
- return status;
- }
-
- ads_memfree(ads, dn);
-
- status = gpo_process_gpo_list(ads, mem_ctx, &gpo_list,
- cse_gpo_name_to_guid_string("Security"),
- GPO_LIST_FLAG_MACHINE);
- if (!ADS_ERR_OK(status)) {
- return status;
- }
-
- return ADS_ERROR(LDAP_SUCCESS);
-}
-
-#endif /* HAVE_LDAP */