diff options
Diffstat (limited to 'source3/libgpo/gpo_util.c')
-rw-r--r-- | source3/libgpo/gpo_util.c | 426 |
1 files changed, 198 insertions, 228 deletions
diff --git a/source3/libgpo/gpo_util.c b/source3/libgpo/gpo_util.c index 385d6bd53a..c6e1b71885 100644 --- a/source3/libgpo/gpo_util.c +++ b/source3/libgpo/gpo_util.c @@ -1,18 +1,18 @@ -/* +/* * Unix SMB/CIFS implementation. * Group Policy Object Support - * Copyright (C) Guenther Deschner 2005-2006 - * + * Copyright (C) Guenther Deschner 2005-2007 + * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. - * + * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. - * + * * You should have received a copy of the GNU General Public License * along with this program; if not, see <http://www.gnu.org/licenses/>. */ @@ -25,88 +25,88 @@ #define DEFAULT_DOMAIN_CONTROLLERS_POLICY "Default Domain Controllers Policy" /* should we store a parsed guid ? */ -struct gpo_table { +struct gp_table { const char *name; const char *guid_string; }; -struct snapin_table { - const char *name; - const char *guid_string; - ADS_STATUS (*snapin_fn)(ADS_STRUCT *, TALLOC_CTX *mem_ctx, - struct GROUP_POLICY_OBJECT *gpo, - const char *, const char *); -}; - #if 0 /* unused */ -static struct gpo_table gpo_default_policy[] = { - { DEFAULT_DOMAIN_POLICY, +static struct gp_table gpo_default_policy[] = { + { DEFAULT_DOMAIN_POLICY, "31B2F340-016D-11D2-945F-00C04FB984F9" }, - { DEFAULT_DOMAIN_CONTROLLERS_POLICY, + { DEFAULT_DOMAIN_CONTROLLERS_POLICY, "6AC1786C-016F-11D2-945F-00C04fB984F9" }, { NULL, NULL } }; #endif -/* the following is seen in gPCMachineExtensionNames or gPCUserExtensionNames */ +/* the following is seen in gPCMachineExtensionNames / gPCUserExtensionNames */ -static struct gpo_table gpo_cse_extensions[] = { - { "Administrative Templates Extension", - "35378EAC-683F-11D2-A89A-00C04FBBCFA2" }, /* Registry Policy ? */ - { "Microsoft Disc Quota", +static struct gp_table gpo_cse_extensions[] = { + /* used to be "Administrative Templates Extension" */ + /* "Registry Settings" + (http://support.microsoft.com/kb/216357/EN-US/) */ + { "Registry Settings", + GP_EXT_REGISTRY }, + { "Microsoft Disc Quota", "3610EDA5-77EF-11D2-8DC5-00C04FA31A66" }, - { "EFS recovery", + { "EFS recovery", "B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A" }, - { "Folder Redirection", + { "Folder Redirection", "25537BA6-77A8-11D2-9B6C-0000F8080861" }, - { "IP Security", + { "IP Security", "E437BC1C-AA7D-11D2-A382-00C04F991E27" }, - { "Internet Explorer Branding", + { "Internet Explorer Branding", "A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B" }, - { "QoS Packet Scheduler", + { "QoS Packet Scheduler", "426031c0-0b47-4852-b0ca-ac3d37bfcb39" }, - { "Scripts", - "42B5FAAE-6536-11D2-AE5A-0000F87571E3" }, - { "Security", - "827D319E-6EAC-11D2-A4EA-00C04F79F83A" }, - { "Software Installation", + { "Scripts", + GP_EXT_SCRIPTS }, + { "Security", + GP_EXT_SECURITY }, + { "Software Installation", "C6DC5466-785A-11D2-84D0-00C04FB169F7" }, - { "Wireless Group Policy", + { "Wireless Group Policy", "0ACDD40C-75AC-BAA0-BF6DE7E7FE63" }, + { "Application Management", + "C6DC5466-785A-11D2-84D0-00C04FB169F7" }, + { "unknown", + "3060E8D0-7020-11D2-842D-00C04FA372D4" }, { NULL, NULL } }; /* guess work */ -static struct snapin_table gpo_cse_snapin_extensions[] = { - { "Administrative Templates", - "0F6B957D-509E-11D1-A7CC-0000F87571E3", gpo_snapin_handler_none }, - { "Certificates", - "53D6AB1D-2488-11D1-A28C-00C04FB94F17", gpo_snapin_handler_none }, - { "EFS recovery policy processing", - "B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A", gpo_snapin_handler_none }, - { "Folder Redirection policy processing", - "25537BA6-77A8-11D2-9B6C-0000F8080861", gpo_snapin_handler_none }, - { "Folder Redirection", - "88E729D6-BDC1-11D1-BD2A-00C04FB9603F", gpo_snapin_handler_none }, - { "Registry policy processing", - "35378EAC-683F-11D2-A89A-00C04FBBCFA2", gpo_snapin_handler_none }, - { "Remote Installation Services", - "3060E8CE-7020-11D2-842D-00C04FA372D4", gpo_snapin_handler_none }, - { "Security Settings", - "803E14A0-B4FB-11D0-A0D0-00A0C90F574B", gpo_snapin_handler_security_settings }, - { "Security policy processing", - "827D319E-6EAC-11D2-A4EA-00C04F79F83A", gpo_snapin_handler_security_settings }, - { "unknown", - "3060E8D0-7020-11D2-842D-00C04FA372D4", gpo_snapin_handler_none }, - { "unknown2", - "53D6AB1B-2488-11D1-A28C-00C04FB94F17", gpo_snapin_handler_none }, - { NULL, NULL, NULL } +static struct gp_table gpo_cse_snapin_extensions[] = { + { "Administrative Templates", + "0F6B957D-509E-11D1-A7CC-0000F87571E3" }, + { "Certificates", + "53D6AB1D-2488-11D1-A28C-00C04FB94F17" }, + { "EFS recovery policy processing", + "B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A" }, + { "Folder Redirection policy processing", + "25537BA6-77A8-11D2-9B6C-0000F8080861" }, + { "Folder Redirection", + "88E729D6-BDC1-11D1-BD2A-00C04FB9603F" }, + { "Registry policy processing", + "35378EAC-683F-11D2-A89A-00C04FBBCFA2" }, + { "Remote Installation Services", + "3060E8CE-7020-11D2-842D-00C04FA372D4" }, + { "Security Settings", + "803E14A0-B4FB-11D0-A0D0-00A0C90F574B" }, + { "Security policy processing", + "827D319E-6EAC-11D2-A4EA-00C04F79F83A" }, + { "unknown", + "3060E8D0-7020-11D2-842D-00C04FA372D4" }, + { "unknown2", + "53D6AB1B-2488-11D1-A28C-00C04FB94F17" }, + { NULL, NULL } }; /**************************************************************** ****************************************************************/ -static const char *name_to_guid_string(const char *name, struct gpo_table *table) +static const char *name_to_guid_string(const char *name, + struct gp_table *table) { int i; @@ -115,14 +115,15 @@ static const char *name_to_guid_string(const char *name, struct gpo_table *table return table[i].guid_string; } } - + return NULL; } /**************************************************************** ****************************************************************/ -static const char *guid_string_to_name(const char *guid_string, struct gpo_table *table) +static const char *guid_string_to_name(const char *guid_string, + struct gp_table *table) { int i; @@ -131,15 +132,15 @@ static const char *guid_string_to_name(const char *guid_string, struct gpo_table return table[i].name; } } - + return NULL; } /**************************************************************** ****************************************************************/ -static const char *snapin_guid_string_to_name(const char *guid_string, - struct snapin_table *table) +static const char *snapin_guid_string_to_name(const char *guid_string, + struct gp_table *table) { int i; for (i = 0; table[i].guid_string; i++) { @@ -203,18 +204,25 @@ void dump_gp_ext(struct GP_EXT *gp_ext, int debuglevel) for (i=0; i< gp_ext->num_exts; i++) { - DEBUGADD(lvl,("\textension:\t\t\t%s\n", gp_ext->extensions_guid[i])); - DEBUGADD(lvl,("\textension (name):\t\t\t%s\n", gp_ext->extensions[i])); - - DEBUGADD(lvl,("\tsnapin:\t\t\t%s\n", gp_ext->snapins_guid[i])); - DEBUGADD(lvl,("\tsnapin (name):\t\t\t%s\n", gp_ext->snapins[i])); + DEBUGADD(lvl,("\textension:\t\t\t%s\n", + gp_ext->extensions_guid[i])); + DEBUGADD(lvl,("\textension (name):\t\t\t%s\n", + gp_ext->extensions[i])); + + DEBUGADD(lvl,("\tsnapin:\t\t\t%s\n", + gp_ext->snapins_guid[i])); + DEBUGADD(lvl,("\tsnapin (name):\t\t\t%s\n", + gp_ext->snapins[i])); } } /**************************************************************** ****************************************************************/ -void dump_gpo(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, struct GROUP_POLICY_OBJECT *gpo, int debuglevel) +void dump_gpo(ADS_STRUCT *ads, + TALLOC_CTX *mem_ctx, + struct GROUP_POLICY_OBJECT *gpo, + int debuglevel) { int lvl = debuglevel; @@ -227,10 +235,12 @@ void dump_gpo(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, struct GROUP_POLICY_OBJECT * DEBUGADD(lvl,("name:\t\t\t%s\n", gpo->name)); DEBUGADD(lvl,("displayname:\t\t%s\n", gpo->display_name)); DEBUGADD(lvl,("version:\t\t%d (0x%08x)\n", gpo->version, gpo->version)); - DEBUGADD(lvl,("version_user:\t\t%d (0x%04x)\n", GPO_VERSION_USER(gpo->version), - GPO_VERSION_USER(gpo->version))); - DEBUGADD(lvl,("version_machine:\t%d (0x%04x)\n", GPO_VERSION_MACHINE(gpo->version), - GPO_VERSION_MACHINE(gpo->version))); + DEBUGADD(lvl,("version_user:\t\t%d (0x%04x)\n", + GPO_VERSION_USER(gpo->version), + GPO_VERSION_USER(gpo->version))); + DEBUGADD(lvl,("version_machine:\t%d (0x%04x)\n", + GPO_VERSION_MACHINE(gpo->version), + GPO_VERSION_MACHINE(gpo->version))); DEBUGADD(lvl,("filesyspath:\t\t%s\n", gpo->file_sys_path)); DEBUGADD(lvl,("dspath:\t\t%s\n", gpo->ds_path)); @@ -280,24 +290,22 @@ void dump_gpo(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, struct GROUP_POLICY_OBJECT * if (gpo->machine_extensions) { struct GP_EXT *gp_ext = NULL; - ADS_STATUS status; - status = ads_parse_gp_ext(mem_ctx, gpo->machine_extensions, &gp_ext); - if (!ADS_ERR_OK(status)) { + if (!ads_parse_gp_ext(mem_ctx, gpo->machine_extensions, + &gp_ext)) { return; } dump_gp_ext(gp_ext, lvl); } - + DEBUGADD(lvl,("user_extensions:\t%s\n", gpo->user_extensions)); if (gpo->user_extensions) { - + struct GP_EXT *gp_ext = NULL; - ADS_STATUS status; - - status = ads_parse_gp_ext(mem_ctx, gpo->user_extensions, &gp_ext); - if (!ADS_ERR_OK(status)) { + + if (!ads_parse_gp_ext(mem_ctx, gpo->user_extensions, + &gp_ext)) { return; } dump_gp_ext(gp_ext, lvl); @@ -311,9 +319,9 @@ void dump_gpo(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, struct GROUP_POLICY_OBJECT * /**************************************************************** ****************************************************************/ -void dump_gpo_list(ADS_STRUCT *ads, - TALLOC_CTX *mem_ctx, - struct GROUP_POLICY_OBJECT *gpo_list, +void dump_gpo_list(ADS_STRUCT *ads, + TALLOC_CTX *mem_ctx, + struct GROUP_POLICY_OBJECT *gpo_list, int debuglevel) { struct GROUP_POLICY_OBJECT *gpo = NULL; @@ -354,9 +362,9 @@ void dump_gplink(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, struct GP_LINK *gp_link) DEBUGADD(lvl,("num links: %d\n", gp_link->num_links)); for (i = 0; i < gp_link->num_links; i++) { - + DEBUGADD(lvl,("---------------------\n\n")); - + DEBUGADD(lvl,("link: #%d\n", i + 1)); DEBUGADD(lvl,("name: %s\n", gp_link->link_names[i])); @@ -373,9 +381,13 @@ void dump_gplink(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, struct GP_LINK *gp_link) struct GROUP_POLICY_OBJECT gpo; - status = ads_get_gpo(ads, mem_ctx, gp_link->link_names[i], NULL, NULL, &gpo); + status = ads_get_gpo(ads, mem_ctx, + gp_link->link_names[i], + NULL, NULL, &gpo); if (!ADS_ERR_OK(status)) { - DEBUG(lvl,("get gpo for %s failed: %s\n", gp_link->link_names[i], ads_errstr(status))); + DEBUG(lvl,("get gpo for %s failed: %s\n", + gp_link->link_names[i], + ads_errstr(status))); return; } dump_gpo(ads, mem_ctx, &gpo, lvl); @@ -386,27 +398,21 @@ void dump_gplink(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, struct GP_LINK *gp_link) /**************************************************************** ****************************************************************/ -ADS_STATUS process_extension_with_snapin(ADS_STRUCT *ads, - TALLOC_CTX *mem_ctx, - struct GROUP_POLICY_OBJECT *gpo, - const char *extension_guid, - const char *snapin_guid) +NTSTATUS process_extension(ADS_STRUCT *ads, + TALLOC_CTX *mem_ctx, + uint32_t flags, + const struct nt_user_token *token, + struct GROUP_POLICY_OBJECT *gpo, + const char *extension_guid, + const char *snapin_guid) { - int i; - - for (i=0; gpo_cse_snapin_extensions[i].guid_string; i++) { - - if (strcmp(gpo_cse_snapin_extensions[i].guid_string, snapin_guid) == 0) { - - return gpo_cse_snapin_extensions[i].snapin_fn(ads, mem_ctx, gpo, - extension_guid, snapin_guid); - } - } - - DEBUG(10,("process_extension_with_snapin: no snapin handler for extension %s (%s) found\n", - extension_guid, snapin_guid)); + DEBUG(0,("process_extension: no extension available for:\n")); + DEBUGADD(0,("%s (%s) (snapin: %s)\n", + extension_guid, + cse_gpo_guid_string_to_name(extension_guid), + snapin_guid)); - return ADS_SUCCESS; + return NT_STATUS_OK; } /**************************************************************** @@ -414,37 +420,42 @@ ADS_STATUS process_extension_with_snapin(ADS_STRUCT *ads, ADS_STATUS gpo_process_a_gpo(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, + const struct nt_user_token *token, struct GROUP_POLICY_OBJECT *gpo, const char *extension_guid_filter, - uint32 flags) + uint32_t flags) { - ADS_STATUS status; struct GP_EXT *gp_ext = NULL; int i; - + + DEBUG(10,("gpo_process_a_gpo: processing gpo %s (%s)\n", + gpo->name, gpo->display_name)); + if (extension_guid_filter) { + DEBUGADD(10,("gpo_process_a_gpo: using filter %s\n", + extension_guid_filter)); + } + if (flags & GPO_LIST_FLAG_MACHINE) { if (gpo->machine_extensions) { - status = ads_parse_gp_ext(mem_ctx, gpo->machine_extensions, &gp_ext); - - if (!ADS_ERR_OK(status)) { - return status; + if (!ads_parse_gp_ext(mem_ctx, gpo->machine_extensions, + &gp_ext)) { + return ADS_ERROR(LDAP_PARAM_ERROR); } } else { /* nothing to apply */ return ADS_SUCCESS; } - + } else { if (gpo->user_extensions) { - - status = ads_parse_gp_ext(mem_ctx, gpo->user_extensions, &gp_ext); - if (!ADS_ERR_OK(status)) { - return status; + if (!ads_parse_gp_ext(mem_ctx, gpo->user_extensions, + &gp_ext)) { + return ADS_ERROR(LDAP_PARAM_ERROR); } } else { /* nothing to apply */ @@ -454,15 +465,20 @@ ADS_STATUS gpo_process_a_gpo(ADS_STRUCT *ads, for (i=0; i<gp_ext->num_exts; i++) { - if (extension_guid_filter && !strequal(extension_guid_filter, gp_ext->extensions_guid[i])) { + NTSTATUS ntstatus; + + if (extension_guid_filter && + !strequal(extension_guid_filter, + gp_ext->extensions_guid[i])) { continue; } - status = process_extension_with_snapin(ads, mem_ctx, gpo, - gp_ext->extensions_guid[i], - gp_ext->snapins_guid[i]); - if (!ADS_ERR_OK(status)) { - return status; + ntstatus = process_extension(ads, mem_ctx, + flags, token, gpo, + gp_ext->extensions_guid[i], + gp_ext->snapins_guid[i]); + if (!NT_STATUS_IS_OK(ntstatus)) { + ADS_ERROR_NT(ntstatus); } } @@ -474,19 +490,27 @@ ADS_STATUS gpo_process_a_gpo(ADS_STRUCT *ads, ADS_STATUS gpo_process_gpo_list(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, + const struct nt_user_token *token, struct GROUP_POLICY_OBJECT *gpo_list, const char *extensions_guid, - uint32 flags) + uint32_t flags) { ADS_STATUS status; struct GROUP_POLICY_OBJECT *gpo; + /* FIXME: ok, this is wrong, windows does process the extensions and + * hands the list of gpos to each extension and not process each gpo + * with all extensions (this is how the extension can store the list + * gplist in the registry) */ + for (gpo = gpo_list; gpo; gpo = gpo->next) { - - status = gpo_process_a_gpo(ads, mem_ctx, gpo, + + status = gpo_process_a_gpo(ads, mem_ctx, token, gpo, extensions_guid, flags); - + if (!ADS_ERR_OK(status)) { + DEBUG(0,("failed to process gpo: %s\n", + ads_errstr(status))); return status; } @@ -495,80 +519,14 @@ ADS_STATUS gpo_process_gpo_list(ADS_STRUCT *ads, return ADS_SUCCESS; } -ADS_STATUS gpo_snapin_handler_none(ADS_STRUCT *ads, - TALLOC_CTX *mem_ctx, - struct GROUP_POLICY_OBJECT *gpo, - const char *extension_guid, - const char *snapin_guid) -{ - DEBUG(10,("gpo_snapin_handler_none\n")); - - return ADS_SUCCESS; -} - -ADS_STATUS gpo_snapin_handler_security_settings(ADS_STRUCT *ads, - TALLOC_CTX *mem_ctx, - struct GROUP_POLICY_OBJECT *gpo, - const char *extension_guid, - const char *snapin_guid) -{ - DEBUG(10,("gpo_snapin_handler_security_settings\n")); - - return ADS_SUCCESS; -} - -ADS_STATUS gpo_lockout_policy(ADS_STRUCT *ads, - TALLOC_CTX *mem_ctx, - const char *hostname, - SAM_UNK_INFO_12 *lockout_policy) -{ - return ADS_ERROR_NT(NT_STATUS_NOT_IMPLEMENTED); -} - -/**************************************************************** -****************************************************************/ - -ADS_STATUS gpo_password_policy(ADS_STRUCT *ads, - TALLOC_CTX *mem_ctx, - const char *hostname, - SAM_UNK_INFO_1 *password_policy) -{ - ADS_STATUS status; - struct GROUP_POLICY_OBJECT *gpo_list; - const char *dn = NULL; - uint32 uac = 0; - - status = ads_find_samaccount(ads, mem_ctx, hostname, &uac, &dn); - if (!ADS_ERR_OK(status)) { - return status; - } - - if (!(uac & UF_WORKSTATION_TRUST_ACCOUNT)) { - return ADS_ERROR(LDAP_NO_SUCH_OBJECT); - } - - status = ads_get_gpo_list(ads, mem_ctx, dn, GPO_LIST_FLAG_MACHINE, &gpo_list); - if (!ADS_ERR_OK(status)) { - return status; - } - - status = gpo_process_gpo_list(ads, mem_ctx, gpo_list, - cse_gpo_name_to_guid_string("Security"), - GPO_LIST_FLAG_MACHINE); - if (!ADS_ERR_OK(status)) { - return status; - } - - return ADS_SUCCESS; -} - /**************************************************************** check wether the version number in a GROUP_POLICY_OBJECT match those of the locally stored version. If not, fetch the required policy via CIFS ****************************************************************/ -NTSTATUS check_refresh_gpo(ADS_STRUCT *ads, +NTSTATUS check_refresh_gpo(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, + uint32_t flags, struct GROUP_POLICY_OBJECT *gpo, struct cli_state **cli_out) { @@ -577,43 +535,54 @@ NTSTATUS check_refresh_gpo(ADS_STRUCT *ads, char *share = NULL; char *nt_path = NULL; char *unix_path = NULL; - uint32 sysvol_gpt_version = 0; + uint32_t sysvol_gpt_version = 0; char *display_name = NULL; struct cli_state *cli = NULL; - result = gpo_explode_filesyspath(mem_ctx, gpo->file_sys_path, + result = gpo_explode_filesyspath(mem_ctx, gpo->file_sys_path, &server, &share, &nt_path, &unix_path); if (!NT_STATUS_IS_OK(result)) { goto out; } - result = gpo_get_sysvol_gpt_version(mem_ctx, + result = gpo_get_sysvol_gpt_version(mem_ctx, unix_path, &sysvol_gpt_version, &display_name); - if (!NT_STATUS_IS_OK(result) && + if (!NT_STATUS_IS_OK(result) && !NT_STATUS_EQUAL(result, NT_STATUS_NO_SUCH_FILE)) { - DEBUG(10,("check_refresh_gpo: failed to get local gpt version: %s\n", + DEBUG(10,("check_refresh_gpo: " + "failed to get local gpt version: %s\n", nt_errstr(result))); goto out; } + DEBUG(10,("check_refresh_gpo: versions gpo %d sysvol %d\n", + gpo->version, sysvol_gpt_version)); + + /* FIXME: handle GPO_INFO_FLAG_FORCED_REFRESH from flags */ + while (gpo->version > sysvol_gpt_version) { DEBUG(1,("check_refresh_gpo: need to refresh GPO\n")); if (*cli_out == NULL) { - result = cli_full_connection(&cli, global_myname(), - server, /* ads->config.ldap_server_name, */ - NULL, 0, - share, "A:", - ads->auth.user_name, NULL, ads->auth.password, - CLI_FULL_CONNECTION_USE_KERBEROS, - Undefined, NULL); + result = cli_full_connection(&cli, + global_myname(), + ads->config.ldap_server_name, + /* server */ + NULL, 0, + share, "A:", + ads->auth.user_name, NULL, + ads->auth.password, + CLI_FULL_CONNECTION_USE_KERBEROS, + Undefined, NULL); if (!NT_STATUS_IS_OK(result)) { - DEBUG(10,("check_refresh_gpo: failed to connect: %s\n", nt_errstr(result))); + DEBUG(10,("check_refresh_gpo: " + "failed to connect: %s\n", + nt_errstr(result))); goto out; } @@ -625,27 +594,28 @@ NTSTATUS check_refresh_gpo(ADS_STRUCT *ads, goto out; } - result = gpo_get_sysvol_gpt_version(mem_ctx, - unix_path, + result = gpo_get_sysvol_gpt_version(mem_ctx, + unix_path, &sysvol_gpt_version, - &display_name); + &display_name); if (!NT_STATUS_IS_OK(result)) { - DEBUG(10,("check_refresh_gpo: failed to get local gpt version: %s\n", + DEBUG(10,("check_refresh_gpo: " + "failed to get local gpt version: %s\n", nt_errstr(result))); goto out; } - + if (gpo->version == sysvol_gpt_version) { break; } - } - - DEBUG(10,("Name:\t\t\t%s\n", gpo->display_name)); - DEBUGADD(10,("sysvol GPT version:\t%d (user: %d, machine: %d)\n", - sysvol_gpt_version, - GPO_VERSION_USER(sysvol_gpt_version), - GPO_VERSION_MACHINE(sysvol_gpt_version))); - DEBUGADD(10,("LDAP GPO version:\t%d (user: %d, machine: %d)\n", + } + + DEBUG(10,("Name:\t\t\t%s (%s)\n", gpo->display_name, gpo->name)); + DEBUGADD(10,("sysvol GPT version:\t%d (user: %d, machine: %d)\n", + sysvol_gpt_version, + GPO_VERSION_USER(sysvol_gpt_version), + GPO_VERSION_MACHINE(sysvol_gpt_version))); + DEBUGADD(10,("LDAP GPO version:\t%d (user: %d, machine: %d)\n", gpo->version, GPO_VERSION_USER(gpo->version), GPO_VERSION_MACHINE(gpo->version))); @@ -662,8 +632,9 @@ NTSTATUS check_refresh_gpo(ADS_STRUCT *ads, not, go and get each required GPO via CIFS ****************************************************************/ -NTSTATUS check_refresh_gpo_list(ADS_STRUCT *ads, - TALLOC_CTX *mem_ctx, +NTSTATUS check_refresh_gpo_list(ADS_STRUCT *ads, + TALLOC_CTX *mem_ctx, + uint32_t flags, struct GROUP_POLICY_OBJECT *gpo_list) { NTSTATUS result = NT_STATUS_UNSUCCESSFUL; @@ -676,7 +647,7 @@ NTSTATUS check_refresh_gpo_list(ADS_STRUCT *ads, for (gpo = gpo_list; gpo; gpo = gpo->next) { - result = check_refresh_gpo(ads, mem_ctx, gpo, &cli); + result = check_refresh_gpo(ads, mem_ctx, flags, gpo, &cli); if (!NT_STATUS_IS_OK(result)) { goto out; } @@ -691,5 +662,4 @@ NTSTATUS check_refresh_gpo_list(ADS_STRUCT *ads, return result; } - #endif /* HAVE_LDAP */ |