diff options
| author | Wilco Baan Hofman <wilco@baanhofman.nl> | 2010-05-20 16:56:40 +0200 |
|---|---|---|
| committer | Jelmer Vernooij <jelmer@samba.org> | 2010-06-20 17:19:12 +0200 |
| commit | c36bd5de6a479b87baeb1632af2304c049079703 (patch) | |
| tree | a39e369e956a348f0ff636b2c0917e961105f03a /source4/lib/policy/gp_ldap.c | |
| parent | 5434171296e33ffe493995589ae41b123a12d9aa (diff) | |
| download | samba-c36bd5de6a479b87baeb1632af2304c049079703.tar.gz samba-c36bd5de6a479b87baeb1632af2304c049079703.tar.bz2 samba-c36bd5de6a479b87baeb1632af2304c049079703.zip | |
Add net gpo setacl support. Create gp_set_acl function. Show ACL in net gpo show.
Cleanup memory allocation of gp_create_gpo
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Diffstat (limited to 'source4/lib/policy/gp_ldap.c')
| -rw-r--r-- | source4/lib/policy/gp_ldap.c | 47 |
1 files changed, 46 insertions, 1 deletions
diff --git a/source4/lib/policy/gp_ldap.c b/source4/lib/policy/gp_ldap.c index 5ef161d12c..730c4d8e0b 100644 --- a/source4/lib/policy/gp_ldap.c +++ b/source4/lib/policy/gp_ldap.c @@ -29,7 +29,7 @@ #include "../libcli/security/dom_sid.h" #include "libcli/security/security.h" #include "../lib/talloc/talloc.h" -#include "policy.h" +#include "lib/policy/policy.h" struct gpo_stringmap { const char *str; @@ -868,3 +868,48 @@ NTSTATUS gp_create_ldap_gpo(struct gp_context *gp_ctx, struct gp_object *gpo) talloc_free(mem_ctx); return NT_STATUS_UNSUCCESSFUL; } + +NTSTATUS gp_set_ads_acl (struct gp_context *gp_ctx, const char *dn_str, const struct security_descriptor *sd) +{ + TALLOC_CTX *mem_ctx; + DATA_BLOB data; + enum ndr_err_code ndr_err; + struct ldb_message *msg; + int rv; + + /* Create a forked memory context to clean up easily */ + mem_ctx = talloc_new(gp_ctx); + + /* Push the security descriptor through the NDR library */ + ndr_err = ndr_push_struct_blob(&data, + mem_ctx, + lp_iconv_convenience(gp_ctx->lp_ctx), + sd, + (ndr_push_flags_fn_t)ndr_push_security_descriptor); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + return ndr_map_error2ntstatus(ndr_err); + } + + + /* Create a LDB message */ + msg = ldb_msg_new(mem_ctx); + msg->dn = ldb_dn_new(mem_ctx, gp_ctx->ldb_ctx, dn_str); + + rv = ldb_msg_add_value(msg, "nTSecurityDescriptor", &data, NULL); + if (rv != 0) { + DEBUG(0, ("LDB message add element failed for adding nTSecurityDescriptor: %s\n", ldb_strerror(rv))); + talloc_free(mem_ctx); + return NT_STATUS_UNSUCCESSFUL; + } + msg->elements[0].flags = LDB_FLAG_MOD_REPLACE; + + rv = ldb_modify(gp_ctx->ldb_ctx, msg); + if (rv != 0) { + DEBUG(0, ("LDB modify failed: %s\n", ldb_strerror(rv))); + talloc_free(mem_ctx); + return NT_STATUS_UNSUCCESSFUL; + } + + talloc_free(mem_ctx); + return NT_STATUS_OK; +} |