diff options
| -rw-r--r-- | libgpo/config.mk | 4 | ||||
| -rw-r--r-- | libgpo/gpext/gpext.h | 40 | ||||
| -rw-r--r-- | libgpo/gpo.h | 114 | ||||
| -rw-r--r-- | libgpo/gpo_ldap.c | 27 | ||||
| -rw-r--r-- | libgpo/gpo_util.c | 10 | ||||
| -rw-r--r-- | source3/include/proto.h | 146 | ||||
| -rw-r--r-- | source3/libads/ads_utils.c | 5 | ||||
| -rw-r--r-- | source4/Makefile | 1 | ||||
| -rw-r--r-- | source4/libgpo/ads_convenience.c | 46 | ||||
| -rw-r--r-- | source4/libgpo/ads_convenience.h | 34 |
10 files changed, 245 insertions, 182 deletions
diff --git a/libgpo/config.mk b/libgpo/config.mk index 20901bf28c..9feb2f8a6d 100644 --- a/libgpo/config.mk +++ b/libgpo/config.mk @@ -1,4 +1,6 @@ [SUBSYSTEM::LIBGPO] +PRIVATE_DEPENDENCIES = LIBLDB LIBSAMBA-NET LIBGPO_OBJ_FILES = ../libgpo/gpo_util.o ../libgpo/gpo_sec.o \ - ../libgpo/gpext/gpext.o ../libgpo/gpo_fetch.o + ../libgpo/gpext/gpext.o ../libgpo/gpo_fetch.o \ + $(libgpodir)/ads_convenience.o diff --git a/libgpo/gpext/gpext.h b/libgpo/gpext/gpext.h index a3f9368f69..98519f102a 100644 --- a/libgpo/gpext/gpext.h +++ b/libgpo/gpext/gpext.h @@ -83,4 +83,44 @@ struct gp_extension_methods { NTSTATUS (*shutdown)(void); }; +/* The following definitions come from libgpo/gpext/gpext.c */ + +struct gp_extension *get_gp_extension_list(void); +NTSTATUS unregister_gp_extension(const char *name); +NTSTATUS register_gp_extension(TALLOC_CTX *gpext_ctx, + int version, + const char *name, + const char *guid, + struct gp_extension_methods *methods); +NTSTATUS gp_ext_info_add_entry(TALLOC_CTX *mem_ctx, + const char *module, + const char *ext_guid, + struct gp_extension_reg_table *table, + struct gp_extension_reg_info *info); +NTSTATUS shutdown_gp_extensions(void); +NTSTATUS init_gp_extensions(TALLOC_CTX *mem_ctx); +NTSTATUS free_gp_extensions(void); +void debug_gpext_header(int lvl, + const char *name, + uint32_t flags, + struct GROUP_POLICY_OBJECT *gpo, + const char *extension_guid, + const char *snapin_guid); +NTSTATUS process_gpo_list_with_extension(ADS_STRUCT *ads, + TALLOC_CTX *mem_ctx, + uint32_t flags, + const struct nt_user_token *token, + struct GROUP_POLICY_OBJECT *gpo_list, + const char *extension_guid, + const char *snapin_guid); +NTSTATUS gpext_process_extension(ADS_STRUCT *ads, + TALLOC_CTX *mem_ctx, + uint32_t flags, + const struct nt_user_token *token, + struct registry_key *root_key, + struct GROUP_POLICY_OBJECT *gpo, + const char *extension_guid, + const char *snapin_guid); + + #endif /* __GPEXT_H__ */ diff --git a/libgpo/gpo.h b/libgpo/gpo.h index c34dc4c750..7d89d04917 100644 --- a/libgpo/gpo.h +++ b/libgpo/gpo.h @@ -20,6 +20,10 @@ #ifndef __GPO_H__ #define __GPO_H__ +#if _SAMBA_BUILD_ == 4 +#include "source4/libgpo/ads_convenience.h" +#endif + enum GPO_LINK_TYPE { GP_LINK_UNKOWN = 0, GP_LINK_MACHINE = 1, @@ -160,6 +164,116 @@ struct gp_registry_context { #define ADS_EXTENDED_RIGHT_APPLY_GROUP_POLICY "edacfd8f-ffb3-11d1-b41d-00a0c968f939" +struct cli_state; + +/* The following definitions come from libgpo/gpo_fetch.c */ + +NTSTATUS gpo_explode_filesyspath(TALLOC_CTX *mem_ctx, + const char *file_sys_path, + char **server, + char **service, + char **nt_path, + char **unix_path); +NTSTATUS gpo_fetch_files(TALLOC_CTX *mem_ctx, + struct cli_state *cli, + struct GROUP_POLICY_OBJECT *gpo); +NTSTATUS gpo_get_sysvol_gpt_version(TALLOC_CTX *mem_ctx, + const char *unix_path, + uint32_t *sysvol_version, + char **display_name); + +/* The following definitions come from libgpo/gpo_ldap.c */ + +bool ads_parse_gp_ext(TALLOC_CTX *mem_ctx, + const char *extension_raw, + struct GP_EXT **gp_ext); +ADS_STATUS ads_get_gpo_link(ADS_STRUCT *ads, + TALLOC_CTX *mem_ctx, + const char *link_dn, + struct GP_LINK *gp_link_struct); +ADS_STATUS ads_add_gpo_link(ADS_STRUCT *ads, + TALLOC_CTX *mem_ctx, + const char *link_dn, + const char *gpo_dn, + uint32_t gpo_opt); +ADS_STATUS ads_delete_gpo_link(ADS_STRUCT *ads, + TALLOC_CTX *mem_ctx, + const char *link_dn, + const char *gpo_dn); +ADS_STATUS ads_get_gpo(ADS_STRUCT *ads, + TALLOC_CTX *mem_ctx, + const char *gpo_dn, + const char *display_name, + const char *guid_name, + struct GROUP_POLICY_OBJECT *gpo); +ADS_STATUS ads_get_sid_token(ADS_STRUCT *ads, + TALLOC_CTX *mem_ctx, + const char *dn, + struct nt_user_token **token); +ADS_STATUS ads_get_gpo_list(ADS_STRUCT *ads, + TALLOC_CTX *mem_ctx, + const char *dn, + uint32_t flags, + const struct nt_user_token *token, + struct GROUP_POLICY_OBJECT **gpo_list); + +/* The following definitions come from libgpo/gpo_sec.c */ + +NTSTATUS gpo_apply_security_filtering(const struct GROUP_POLICY_OBJECT *gpo, + const struct nt_user_token *token); + +/* The following definitions come from libgpo/gpo_util.c */ + +const char *cse_gpo_guid_string_to_name(const char *guid); +const char *cse_gpo_name_to_guid_string(const char *name); +const char *cse_snapin_gpo_guid_string_to_name(const char *guid); +void dump_gp_ext(struct GP_EXT *gp_ext, int debuglevel); +void dump_gpo(ADS_STRUCT *ads, + TALLOC_CTX *mem_ctx, + struct GROUP_POLICY_OBJECT *gpo, + int debuglevel); +void dump_gpo_list(ADS_STRUCT *ads, + TALLOC_CTX *mem_ctx, + struct GROUP_POLICY_OBJECT *gpo_list, + int debuglevel); +void dump_gplink(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, struct GP_LINK *gp_link); +ADS_STATUS gpo_process_a_gpo(ADS_STRUCT *ads, + TALLOC_CTX *mem_ctx, + const struct nt_user_token *token, + struct registry_key *root_key, + struct GROUP_POLICY_OBJECT *gpo, + const char *extension_guid_filter, + uint32_t flags); +ADS_STATUS gpo_process_gpo_list(ADS_STRUCT *ads, + TALLOC_CTX *mem_ctx, + const struct nt_user_token *token, + struct GROUP_POLICY_OBJECT *gpo_list, + const char *extensions_guid_filter, + uint32_t flags); +NTSTATUS check_refresh_gpo(ADS_STRUCT *ads, + TALLOC_CTX *mem_ctx, + uint32_t flags, + struct GROUP_POLICY_OBJECT *gpo, + struct cli_state **cli_out); +NTSTATUS check_refresh_gpo_list(ADS_STRUCT *ads, + TALLOC_CTX *mem_ctx, + uint32_t flags, + struct GROUP_POLICY_OBJECT *gpo_list); +NTSTATUS gpo_get_unix_path(TALLOC_CTX *mem_ctx, + struct GROUP_POLICY_OBJECT *gpo, + char **unix_path); +char *gpo_flag_str(uint32_t flags); +NTSTATUS gp_find_file(TALLOC_CTX *mem_ctx, + uint32_t flags, + const char *filename, + const char *suffix, + const char **filename_out); +ADS_STATUS gp_get_machine_token(ADS_STRUCT *ads, + TALLOC_CTX *mem_ctx, + const char *dn, + struct nt_user_token **token); + + #include "../libgpo/gpext/gpext.h" #endif diff --git a/libgpo/gpo_ldap.c b/libgpo/gpo_ldap.c index 788d6887a3..16c551ebab 100644 --- a/libgpo/gpo_ldap.c +++ b/libgpo/gpo_ldap.c @@ -19,6 +19,7 @@ #include "includes.h" #if _SAMBA_BUILD_ == 4 +#include "libgpo/gpo.h" #include "source4/libgpo/ads_convenience.h" #endif @@ -42,12 +43,12 @@ bool ads_parse_gp_ext(TALLOC_CTX *mem_ctx, DEBUG(20,("ads_parse_gp_ext: %s\n", extension_raw)); - ext = TALLOC_ZERO_P(mem_ctx, struct GP_EXT); + ext = talloc_zero(mem_ctx, struct GP_EXT); if (!ext) { goto parse_error; } - ext_list = str_list_make_v3(mem_ctx, extension_raw, "]"); + ext_list = str_list_make(mem_ctx, extension_raw, "]"); if (!ext_list) { goto parse_error; } @@ -59,13 +60,13 @@ bool ads_parse_gp_ext(TALLOC_CTX *mem_ctx, ext->num_exts = i; if (ext->num_exts) { - ext->extensions = TALLOC_ZERO_ARRAY(mem_ctx, char *, + ext->extensions = talloc_zero_array(mem_ctx, char *, ext->num_exts); - ext->extensions_guid = TALLOC_ZERO_ARRAY(mem_ctx, char *, + ext->extensions_guid = talloc_zero_array(mem_ctx, char *, ext->num_exts); - ext->snapins = TALLOC_ZERO_ARRAY(mem_ctx, char *, + ext->snapins = talloc_zero_array(mem_ctx, char *, ext->num_exts); - ext->snapins_guid = TALLOC_ZERO_ARRAY(mem_ctx, char *, + ext->snapins_guid = talloc_zero_array(mem_ctx, char *, ext->num_exts); } @@ -90,7 +91,7 @@ bool ads_parse_gp_ext(TALLOC_CTX *mem_ctx, p++; } - ext_strings = str_list_make_v3(mem_ctx, p, "}"); + ext_strings = str_list_make(mem_ctx, p, "}"); if (ext_strings == NULL) { goto parse_error; } @@ -140,8 +141,8 @@ bool ads_parse_gp_ext(TALLOC_CTX *mem_ctx, ret = true; parse_error: - TALLOC_FREE(ext_list); - TALLOC_FREE(ext_strings); + talloc_free(ext_list); + talloc_free(ext_strings); return ret; } @@ -178,9 +179,9 @@ static ADS_STATUS gpo_parse_gplink(TALLOC_CTX *mem_ctx, gp_link->num_links = i; if (gp_link->num_links) { - gp_link->link_names = TALLOC_ZERO_ARRAY(mem_ctx, char *, + gp_link->link_names = talloc_zero_array(mem_ctx, char *, gp_link->num_links); - gp_link->link_opts = TALLOC_ZERO_ARRAY(mem_ctx, uint32_t, + gp_link->link_opts = talloc_zero_array(mem_ctx, uint32_t, gp_link->num_links); } @@ -225,7 +226,7 @@ static ADS_STATUS gpo_parse_gplink(TALLOC_CTX *mem_ctx, status = ADS_SUCCESS; parse_error: - TALLOC_FREE(link_list); + talloc_free(link_list); return status; } @@ -595,7 +596,7 @@ static ADS_STATUS add_gplink_to_gpo_list(ADS_STRUCT *ads, DEBUG(10,("skipping GPO \"%s\" as object " "has no access to it\n", new_gpo->display_name)); - TALLOC_FREE(new_gpo); + talloc_free(new_gpo); continue; } diff --git a/libgpo/gpo_util.c b/libgpo/gpo_util.c index d5e3f24c8d..9bfb353dad 100644 --- a/libgpo/gpo_util.c +++ b/libgpo/gpo_util.c @@ -18,7 +18,11 @@ */ #include "includes.h" +#include "librpc/gen_ndr/ndr_misc.h" +#if _SAMBA_BUILD_ == 4 #include "../libgpo/gpo.h" +#include "source4/libgpo/ads_convenience.h" +#endif #undef strdup #define DEFAULT_DOMAIN_POLICY "Default Domain Policy" @@ -601,7 +605,7 @@ ADS_STATUS gpo_process_gpo_list(ADS_STRUCT *ads, done: gp_free_reg_ctx(reg_ctx); - TALLOC_FREE(root_key); + talloc_free(root_key); free_gp_extensions(); return status; @@ -660,7 +664,7 @@ NTSTATUS check_refresh_gpo(ADS_STRUCT *ads, result = cli_full_connection(&cli, global_myname(), - ads->config.ldap_server_name, + ads_get_ldap_server_name(ads), /* server */ NULL, 0, share, "A:", @@ -834,7 +838,7 @@ NTSTATUS gp_find_file(TALLOC_CTX *mem_ctx, path, suffix); NT_STATUS_HAVE_NO_MEMORY(tmp); - if (sys_stat(tmp, &sbuf) == 0) { + if (stat(tmp, &sbuf) == 0) { *filename_out = tmp; return NT_STATUS_OK; } diff --git a/source3/include/proto.h b/source3/include/proto.h index c40d9c680c..fa6dafa1b0 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -1676,6 +1676,7 @@ uint32 ads_uf2acb(uint32 uf); uint32 ads_uf2atype(uint32 uf); uint32 ads_gtype2atype(uint32 gtype); enum lsa_SidType ads_atype_map(uint32 atype); +const char *ads_get_ldap_server_name(ADS_STRUCT *ads); /* The following definitions come from libads/authdata.c */ @@ -1992,61 +1993,6 @@ ADS_STATUS ads_change_trust_account_password(ADS_STRUCT *ads, char *host_princip ADS_STATUS ads_guess_service_principal(ADS_STRUCT *ads, char **returned_principal); -/* The following definitions come from libgpo/gpext/gpext.c */ - -struct gp_extension *get_gp_extension_list(void); -NTSTATUS unregister_gp_extension(const char *name); -NTSTATUS register_gp_extension(TALLOC_CTX *gpext_ctx, - int version, - const char *name, - const char *guid, - struct gp_extension_methods *methods); -NTSTATUS gp_ext_info_add_entry(TALLOC_CTX *mem_ctx, - const char *module, - const char *ext_guid, - struct gp_extension_reg_table *table, - struct gp_extension_reg_info *info); -NTSTATUS shutdown_gp_extensions(void); -NTSTATUS init_gp_extensions(TALLOC_CTX *mem_ctx); -NTSTATUS free_gp_extensions(void); -void debug_gpext_header(int lvl, - const char *name, - uint32_t flags, - struct GROUP_POLICY_OBJECT *gpo, - const char *extension_guid, - const char *snapin_guid); -NTSTATUS process_gpo_list_with_extension(ADS_STRUCT *ads, - TALLOC_CTX *mem_ctx, - uint32_t flags, - const struct nt_user_token *token, - struct GROUP_POLICY_OBJECT *gpo_list, - const char *extension_guid, - const char *snapin_guid); -NTSTATUS gpext_process_extension(ADS_STRUCT *ads, - TALLOC_CTX *mem_ctx, - uint32_t flags, - const struct nt_user_token *token, - struct registry_key *root_key, - struct GROUP_POLICY_OBJECT *gpo, - const char *extension_guid, - const char *snapin_guid); - -/* The following definitions come from libgpo/gpo_fetch.c */ - -NTSTATUS gpo_explode_filesyspath(TALLOC_CTX *mem_ctx, - const char *file_sys_path, - char **server, - char **service, - char **nt_path, - char **unix_path); -NTSTATUS gpo_fetch_files(TALLOC_CTX *mem_ctx, - struct cli_state *cli, - struct GROUP_POLICY_OBJECT *gpo); -NTSTATUS gpo_get_sysvol_gpt_version(TALLOC_CTX *mem_ctx, - const char *unix_path, - uint32_t *sysvol_version, - char **display_name); - /* The following definitions come from libgpo/gpo_filesync.c */ NTSTATUS gpo_copy_file(TALLOC_CTX *mem_ctx, @@ -2065,41 +2011,6 @@ NTSTATUS parse_gpt_ini(TALLOC_CTX *mem_ctx, uint32_t *version, char **display_name); -/* The following definitions come from libgpo/gpo_ldap.c */ - -bool ads_parse_gp_ext(TALLOC_CTX *mem_ctx, - const char *extension_raw, - struct GP_EXT **gp_ext); -ADS_STATUS ads_get_gpo_link(ADS_STRUCT *ads, - TALLOC_CTX *mem_ctx, - const char *link_dn, - struct GP_LINK *gp_link_struct); -ADS_STATUS ads_add_gpo_link(ADS_STRUCT *ads, - TALLOC_CTX *mem_ctx, - const char *link_dn, - const char *gpo_dn, - uint32_t gpo_opt); -ADS_STATUS ads_delete_gpo_link(ADS_STRUCT *ads, - TALLOC_CTX *mem_ctx, - const char *link_dn, - const char *gpo_dn); -ADS_STATUS ads_get_gpo(ADS_STRUCT *ads, - TALLOC_CTX *mem_ctx, - const char *gpo_dn, - const char *display_name, - const char *guid_name, - struct GROUP_POLICY_OBJECT *gpo); -ADS_STATUS ads_get_sid_token(ADS_STRUCT *ads, - TALLOC_CTX *mem_ctx, - const char *dn, - struct nt_user_token **token); -ADS_STATUS ads_get_gpo_list(ADS_STRUCT *ads, - TALLOC_CTX *mem_ctx, - const char *dn, - uint32_t flags, - const struct nt_user_token *token, - struct GROUP_POLICY_OBJECT **gpo_list); - /* The following definitions come from libgpo/gpo_reg.c */ struct nt_user_token *registry_create_system_token(TALLOC_CTX *mem_ctx); @@ -2159,61 +2070,6 @@ WERROR reg_apply_registry_entry(TALLOC_CTX *mem_ctx, const struct nt_user_token *token, uint32_t flags); -/* The following definitions come from libgpo/gpo_sec.c */ - -NTSTATUS gpo_apply_security_filtering(const struct GROUP_POLICY_OBJECT *gpo, - const struct nt_user_token *token); - -/* The following definitions come from libgpo/gpo_util.c */ - -const char *cse_gpo_guid_string_to_name(const char *guid); -const char *cse_gpo_name_to_guid_string(const char *name); -const char *cse_snapin_gpo_guid_string_to_name(const char *guid); -void dump_gp_ext(struct GP_EXT *gp_ext, int debuglevel); -void dump_gpo(ADS_STRUCT *ads, - TALLOC_CTX *mem_ctx, - struct GROUP_POLICY_OBJECT *gpo, - int debuglevel); -void dump_gpo_list(ADS_STRUCT *ads, - TALLOC_CTX *mem_ctx, - struct GROUP_POLICY_OBJECT *gpo_list, - int debuglevel); -void dump_gplink(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, struct GP_LINK *gp_link); -ADS_STATUS gpo_process_a_gpo(ADS_STRUCT *ads, - TALLOC_CTX *mem_ctx, - const struct nt_user_token *token, - struct registry_key *root_key, - struct GROUP_POLICY_OBJECT *gpo, - const char *extension_guid_filter, - uint32_t flags); -ADS_STATUS gpo_process_gpo_list(ADS_STRUCT *ads, - TALLOC_CTX *mem_ctx, - const struct nt_user_token *token, - struct GROUP_POLICY_OBJECT *gpo_list, - const char *extensions_guid_filter, - uint32_t flags); -NTSTATUS check_refresh_gpo(ADS_STRUCT *ads, - TALLOC_CTX *mem_ctx, - uint32_t flags, - struct GROUP_POLICY_OBJECT *gpo, - struct cli_state **cli_out); -NTSTATUS check_refresh_gpo_list(ADS_STRUCT *ads, - TALLOC_CTX *mem_ctx, - uint32_t flags, - struct GROUP_POLICY_OBJECT *gpo_list); -NTSTATUS gpo_get_unix_path(TALLOC_CTX *mem_ctx, - struct GROUP_POLICY_OBJECT *gpo, - char **unix_path); -char *gpo_flag_str(uint32_t flags); -NTSTATUS gp_find_file(TALLOC_CTX *mem_ctx, - uint32_t flags, - const char *filename, - const char *suffix, - const char **filename_out); -ADS_STATUS gp_get_machine_token(ADS_STRUCT *ads, - TALLOC_CTX *mem_ctx, - const char *dn, - struct nt_user_token **token); #include "librpc/gen_ndr/ndr_dfs.h" #include "librpc/gen_ndr/ndr_dssetup.h" diff --git a/source3/libads/ads_utils.c b/source3/libads/ads_utils.c index 68efd69db9..fc2ea9d9fd 100644 --- a/source3/libads/ads_utils.c +++ b/source3/libads/ads_utils.c @@ -148,3 +148,8 @@ enum lsa_SidType ads_atype_map(uint32 atype) } return SID_NAME_UNKNOWN; } + +const char *ads_get_ldap_server_name(ADS_STRUCT *ads) +{ + return ads->config.ldap_server_name; +} diff --git a/source4/Makefile b/source4/Makefile index c42f0ba9ff..0229eaa88e 100644 --- a/source4/Makefile +++ b/source4/Makefile @@ -106,6 +106,7 @@ ntp_signdsrcdir := ntp_signd wmisrcdir := lib/wmi tallocsrcdir := ../lib/talloc comsrcdir := $(srcdir)/lib/com +libgpodir := libgpo include data.mk diff --git a/source4/libgpo/ads_convenience.c b/source4/libgpo/ads_convenience.c index 1c64197b3d..e168cb5e0e 100644 --- a/source4/libgpo/ads_convenience.c +++ b/source4/libgpo/ads_convenience.c @@ -25,38 +25,43 @@ #include "includes.h" #include "libnet/libnet.h" #include "librpc/gen_ndr/ndr_security.h" -#include "libgpo/source/ads_convenience.h" +#include "libgpo/ads_convenience.h" +#include "param/param.h" +#include "libcli/libcli.h" +#include "ldb_wrap.h" + +static ADS_STATUS ads_connect(ADS_STRUCT *ads); WERROR ads_startup (struct libnet_context *netctx, ADS_STRUCT **ads) { *ads = talloc(netctx, ADS_STRUCT); - *ads->netctx = netctx; + (*ads)->netctx = netctx; ads_connect(*ads); return WERR_OK; } -ADS_STATUS ads_connect(ADS_STRUCT *ads) +static ADS_STATUS ads_connect(ADS_STRUCT *ads) { - struct libnet_lookup_DCs *io; + struct libnet_LookupDCs *io; char *url; - io = talloc_zero(ads, struct libnet_lookup_DCs); + io = talloc_zero(ads, struct libnet_LookupDCs); /* We are looking for the PDC of the active domain. */ io->in.name_type = NBT_NAME_PDC; io->in.domain_name = lp_workgroup(ads->netctx->lp_ctx); - libnet_lookupDCs(ads->netctx, ads, io); + libnet_LookupDCs(ads->netctx, ads, io); - url = talloc_asprintf(ads, "ldap://%s", io->out.dcs[0]); + url = talloc_asprintf(ads, "ldap://%s", io->out.dcs[0].name); ads->ldbctx = ldb_wrap_connect(ads, ads->netctx->event_ctx, ads->netctx->lp_ctx, url, NULL, ads->netctx->cred, 0, NULL); if (ads->ldbctx == NULL) { - return ADS_STATUS_NT(NT_STATUS_UNSUCCESSFUL); + return ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL); } - return ADS_STATUS_NT(NT_STATUS_OK); + return ADS_ERROR_NT(NT_STATUS_OK); } ADS_STATUS ads_search_dn(ADS_STRUCT *ads, LDAPMessage **res, @@ -64,7 +69,7 @@ ADS_STATUS ads_search_dn(ADS_STRUCT *ads, LDAPMessage **res, { ADS_STATUS status; - status.err_state = ldb_search(ads->ldbctx, ads, res, + status.err.rc = ldb_search(ads->ldbctx, ads, res, ldb_dn_new(ads, ads->ldbctx, dn), LDB_SCOPE_BASE, attrs, @@ -81,8 +86,8 @@ const char * ads_get_dn(ADS_STRUCT *ads, LDAPMessage *res) bool ads_pull_sd(ADS_STRUCT *ads, TALLOC_CTX *ctx, LDAPMessage *res, const char *field, struct security_descriptor **sd) { - struct ldb_val *val; - struct ndr_err_code ndr_err; + const struct ldb_val *val; + enum ndr_err_code ndr_err; val = ldb_msg_find_ldb_val(res->msgs[0], field); @@ -103,18 +108,18 @@ bool ads_pull_sd(ADS_STRUCT *ads, TALLOC_CTX *ctx, LDAPMessage *res, const char ADS_STATUS ads_search_retry_dn_sd_flags(ADS_STRUCT *ads, LDAPMessage **res, uint32_t sd_flags, const char *dn, const char **attrs) { - return ads_search_sd_flags(ads, dn, LDB_SCOPE_BASE, "(objectclass=*)", attrs, sd_flags, res); + return ads_do_search_all_sd_flags(ads, dn, LDB_SCOPE_BASE, "(objectclass=*)", attrs, sd_flags, res); } -static ADS_STATUS ads_do_search_all_sd_flags (ADS_STRUCT *ads, const char *dn, int scope, +ADS_STATUS ads_do_search_all_sd_flags (ADS_STRUCT *ads, const char *dn, int scope, const char *filter, const char **attrs, uint32_t sd_flags, LDAPMessage **res) { - int count = 3; int rv; struct ldb_request *req; struct ldb_control **controls; struct ldb_parse_tree *tree; + struct ldb_dn *ldb_dn; controls = talloc_zero_array(ads, struct ldb_control *, 2); controls[0] = talloc(ads, struct ldb_control); @@ -124,13 +129,15 @@ static ADS_STATUS ads_do_search_all_sd_flags (ADS_STRUCT *ads, const char *dn, i tree = ldb_parse_tree(ads, filter); - rv = ldb_build_search_req_ex(&req, ads->ldbctx, ads, res, dn, scope, tree, attrs, controls, + ldb_dn = ldb_dn_new(ads, ads->ldbctx, dn); + + rv = ldb_build_search_req_ex(&req, ads->ldbctx, (TALLOC_CTX *)res, ldb_dn, scope, tree, attrs, controls, res, ldb_search_default_callback, NULL); if (rv != LDB_SUCCESS) { talloc_free(*res); talloc_free(req); talloc_free(tree); - return ADS_STATUS(irv); + return ADS_ERROR(rv); } rv = ldb_request(ads->ldbctx, req); if (rv == LDB_SUCCESS) { @@ -139,7 +146,7 @@ static ADS_STATUS ads_do_search_all_sd_flags (ADS_STRUCT *ads, const char *dn, i talloc_free(req); talloc_free(tree); - return ADS_STATUS(rv); + return ADS_ERROR(rv); } @@ -166,6 +173,7 @@ int ads_count_replies(ADS_STRUCT *ads, LDAPMessage *res) ADS_STATUS ads_msgfree(ADS_STRUCT *ads, LDAPMessage *res) { talloc_free(res); + return ADS_ERROR_NT(NT_STATUS_OK); } /* @@ -203,7 +211,7 @@ const char *ads_errstr(ADS_STATUS status) case ENUM_ADS_ERROR_SYSTEM: return strerror(status.err.rc); case ENUM_ADS_ERROR_LDAP: - return msg; + return ldb_strerror(status.err.rc); case ENUM_ADS_ERROR_NT: return get_friendly_nt_error_msg(ads_ntstatus(status)); default: diff --git a/source4/libgpo/ads_convenience.h b/source4/libgpo/ads_convenience.h index 13bd54b588..48e7357fda 100644 --- a/source4/libgpo/ads_convenience.h +++ b/source4/libgpo/ads_convenience.h @@ -22,9 +22,13 @@ #ifndef __ADS_CONVENIENCE_H__ #define __ADS_CONVENIENCE_H__ +#include "librpc/gen_ndr/security.h" + #define ADS_ERR_OK(status) ((status.error_type == ENUM_ADS_ERROR_NT) ? NT_STATUS_IS_OK(status.err.nt_status):(status.err.rc == 0)) #define ADS_ERROR(rc) ads_build_ldap_error(rc) #define ADS_ERROR_NT(rc) ads_build_nt_error(rc) +#define ADS_SUCCESS ADS_ERROR(0) + #define ADS_ERROR_HAVE_NO_MEMORY(x) do { \ if (!(x)) {\ return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);\ @@ -44,7 +48,7 @@ typedef struct { } ADS_STRUCT; typedef struct ldb_result LDAPMessage; -typedef struct void ** ADS_MODLIST; +typedef void ** ADS_MODLIST; /* there are 3 possible types of errors the ads subsystem can produce */ enum ads_error_type { ENUM_ADS_ERROR_LDAP, ENUM_ADS_ERROR_SYSTEM, ENUM_ADS_ERROR_NT}; @@ -58,4 +62,32 @@ typedef struct { int minor_status; } ADS_STATUS; + +/* Prototypes from ads_convenience.c */ +ADS_STATUS ads_build_nt_error(NTSTATUS); +ADS_STATUS ads_build_ldap_error(int); + +ADS_STATUS ads_startup (struct libnet_context *netctx, ADS_STRUCT **ads); +const char *ads_errstr(ADS_STATUS status); +const char * ads_get_dn(ADS_STRUCT *ads, LDAPMessage *res); +bool ads_pull_sd(ADS_STRUCT *ads, TALLOC_CTX *ctx, LDAPMessage *res, const char *field, struct security_descriptor **sd); +const char * ads_pull_string(ADS_STRUCT *ads, TALLOC_CTX *ctx, LDAPMessage *res, const char *field); +bool ads_pull_uint32(ADS_STRUCT *ads, LDAPMessage *res, const char *field, uint32_t *ret); +int ads_count_replies(ADS_STRUCT *ads, LDAPMessage *res); +ADS_STATUS ads_do_search_all_sd_flags (ADS_STRUCT *ads, const char *dn, int scope, + const char *filter, const char **attrs, + uint32_t sd_flags, LDAPMessage **res); +ADS_STATUS ads_search_dn(ADS_STRUCT *ads, LDAPMessage **res, + const char *dn, const char **attrs); +ADS_STATUS ads_search_retry_dn_sd_flags(ADS_STRUCT *ads, LDAPMessage **res, uint32_t sd_flags, + const char *dn, const char **attrs); +ADS_STATUS ads_msgfree(ADS_STRUCT *ads, LDAPMessage *res); +NTSTATUS ads_ntstatus(ADS_STATUS status); +ADS_STATUS ads_build_ldap_error(int ldb_error); +ADS_STATUS ads_build_nt_error(NTSTATUS nt_status); +ADS_MODLIST ads_init_mods(TALLOC_CTX *ctx); +ADS_STATUS ads_mod_str(TALLOC_CTX *ctx, ADS_MODLIST *mods, const char *name, const char *val); +ADS_STATUS ads_gen_mod(ADS_STRUCT *ads, const char *mod_dn, ADS_MODLIST mods); + + #endif |