summaryrefslogtreecommitdiff
path: root/source3/libgpo/gpo_util.c
diff options
context:
space:
mode:
Diffstat (limited to 'source3/libgpo/gpo_util.c')
-rw-r--r--source3/libgpo/gpo_util.c426
1 files changed, 198 insertions, 228 deletions
diff --git a/source3/libgpo/gpo_util.c b/source3/libgpo/gpo_util.c
index 385d6bd53a..c6e1b71885 100644
--- a/source3/libgpo/gpo_util.c
+++ b/source3/libgpo/gpo_util.c
@@ -1,18 +1,18 @@
-/*
+/*
* Unix SMB/CIFS implementation.
* Group Policy Object Support
- * Copyright (C) Guenther Deschner 2005-2006
- *
+ * Copyright (C) Guenther Deschner 2005-2007
+ *
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
- *
+ *
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
- *
+ *
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
@@ -25,88 +25,88 @@
#define DEFAULT_DOMAIN_CONTROLLERS_POLICY "Default Domain Controllers Policy"
/* should we store a parsed guid ? */
-struct gpo_table {
+struct gp_table {
const char *name;
const char *guid_string;
};
-struct snapin_table {
- const char *name;
- const char *guid_string;
- ADS_STATUS (*snapin_fn)(ADS_STRUCT *, TALLOC_CTX *mem_ctx,
- struct GROUP_POLICY_OBJECT *gpo,
- const char *, const char *);
-};
-
#if 0 /* unused */
-static struct gpo_table gpo_default_policy[] = {
- { DEFAULT_DOMAIN_POLICY,
+static struct gp_table gpo_default_policy[] = {
+ { DEFAULT_DOMAIN_POLICY,
"31B2F340-016D-11D2-945F-00C04FB984F9" },
- { DEFAULT_DOMAIN_CONTROLLERS_POLICY,
+ { DEFAULT_DOMAIN_CONTROLLERS_POLICY,
"6AC1786C-016F-11D2-945F-00C04fB984F9" },
{ NULL, NULL }
};
#endif
-/* the following is seen in gPCMachineExtensionNames or gPCUserExtensionNames */
+/* the following is seen in gPCMachineExtensionNames / gPCUserExtensionNames */
-static struct gpo_table gpo_cse_extensions[] = {
- { "Administrative Templates Extension",
- "35378EAC-683F-11D2-A89A-00C04FBBCFA2" }, /* Registry Policy ? */
- { "Microsoft Disc Quota",
+static struct gp_table gpo_cse_extensions[] = {
+ /* used to be "Administrative Templates Extension" */
+ /* "Registry Settings"
+ (http://support.microsoft.com/kb/216357/EN-US/) */
+ { "Registry Settings",
+ GP_EXT_REGISTRY },
+ { "Microsoft Disc Quota",
"3610EDA5-77EF-11D2-8DC5-00C04FA31A66" },
- { "EFS recovery",
+ { "EFS recovery",
"B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A" },
- { "Folder Redirection",
+ { "Folder Redirection",
"25537BA6-77A8-11D2-9B6C-0000F8080861" },
- { "IP Security",
+ { "IP Security",
"E437BC1C-AA7D-11D2-A382-00C04F991E27" },
- { "Internet Explorer Branding",
+ { "Internet Explorer Branding",
"A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B" },
- { "QoS Packet Scheduler",
+ { "QoS Packet Scheduler",
"426031c0-0b47-4852-b0ca-ac3d37bfcb39" },
- { "Scripts",
- "42B5FAAE-6536-11D2-AE5A-0000F87571E3" },
- { "Security",
- "827D319E-6EAC-11D2-A4EA-00C04F79F83A" },
- { "Software Installation",
+ { "Scripts",
+ GP_EXT_SCRIPTS },
+ { "Security",
+ GP_EXT_SECURITY },
+ { "Software Installation",
"C6DC5466-785A-11D2-84D0-00C04FB169F7" },
- { "Wireless Group Policy",
+ { "Wireless Group Policy",
"0ACDD40C-75AC-BAA0-BF6DE7E7FE63" },
+ { "Application Management",
+ "C6DC5466-785A-11D2-84D0-00C04FB169F7" },
+ { "unknown",
+ "3060E8D0-7020-11D2-842D-00C04FA372D4" },
{ NULL, NULL }
};
/* guess work */
-static struct snapin_table gpo_cse_snapin_extensions[] = {
- { "Administrative Templates",
- "0F6B957D-509E-11D1-A7CC-0000F87571E3", gpo_snapin_handler_none },
- { "Certificates",
- "53D6AB1D-2488-11D1-A28C-00C04FB94F17", gpo_snapin_handler_none },
- { "EFS recovery policy processing",
- "B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A", gpo_snapin_handler_none },
- { "Folder Redirection policy processing",
- "25537BA6-77A8-11D2-9B6C-0000F8080861", gpo_snapin_handler_none },
- { "Folder Redirection",
- "88E729D6-BDC1-11D1-BD2A-00C04FB9603F", gpo_snapin_handler_none },
- { "Registry policy processing",
- "35378EAC-683F-11D2-A89A-00C04FBBCFA2", gpo_snapin_handler_none },
- { "Remote Installation Services",
- "3060E8CE-7020-11D2-842D-00C04FA372D4", gpo_snapin_handler_none },
- { "Security Settings",
- "803E14A0-B4FB-11D0-A0D0-00A0C90F574B", gpo_snapin_handler_security_settings },
- { "Security policy processing",
- "827D319E-6EAC-11D2-A4EA-00C04F79F83A", gpo_snapin_handler_security_settings },
- { "unknown",
- "3060E8D0-7020-11D2-842D-00C04FA372D4", gpo_snapin_handler_none },
- { "unknown2",
- "53D6AB1B-2488-11D1-A28C-00C04FB94F17", gpo_snapin_handler_none },
- { NULL, NULL, NULL }
+static struct gp_table gpo_cse_snapin_extensions[] = {
+ { "Administrative Templates",
+ "0F6B957D-509E-11D1-A7CC-0000F87571E3" },
+ { "Certificates",
+ "53D6AB1D-2488-11D1-A28C-00C04FB94F17" },
+ { "EFS recovery policy processing",
+ "B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A" },
+ { "Folder Redirection policy processing",
+ "25537BA6-77A8-11D2-9B6C-0000F8080861" },
+ { "Folder Redirection",
+ "88E729D6-BDC1-11D1-BD2A-00C04FB9603F" },
+ { "Registry policy processing",
+ "35378EAC-683F-11D2-A89A-00C04FBBCFA2" },
+ { "Remote Installation Services",
+ "3060E8CE-7020-11D2-842D-00C04FA372D4" },
+ { "Security Settings",
+ "803E14A0-B4FB-11D0-A0D0-00A0C90F574B" },
+ { "Security policy processing",
+ "827D319E-6EAC-11D2-A4EA-00C04F79F83A" },
+ { "unknown",
+ "3060E8D0-7020-11D2-842D-00C04FA372D4" },
+ { "unknown2",
+ "53D6AB1B-2488-11D1-A28C-00C04FB94F17" },
+ { NULL, NULL }
};
/****************************************************************
****************************************************************/
-static const char *name_to_guid_string(const char *name, struct gpo_table *table)
+static const char *name_to_guid_string(const char *name,
+ struct gp_table *table)
{
int i;
@@ -115,14 +115,15 @@ static const char *name_to_guid_string(const char *name, struct gpo_table *table
return table[i].guid_string;
}
}
-
+
return NULL;
}
/****************************************************************
****************************************************************/
-static const char *guid_string_to_name(const char *guid_string, struct gpo_table *table)
+static const char *guid_string_to_name(const char *guid_string,
+ struct gp_table *table)
{
int i;
@@ -131,15 +132,15 @@ static const char *guid_string_to_name(const char *guid_string, struct gpo_table
return table[i].name;
}
}
-
+
return NULL;
}
/****************************************************************
****************************************************************/
-static const char *snapin_guid_string_to_name(const char *guid_string,
- struct snapin_table *table)
+static const char *snapin_guid_string_to_name(const char *guid_string,
+ struct gp_table *table)
{
int i;
for (i = 0; table[i].guid_string; i++) {
@@ -203,18 +204,25 @@ void dump_gp_ext(struct GP_EXT *gp_ext, int debuglevel)
for (i=0; i< gp_ext->num_exts; i++) {
- DEBUGADD(lvl,("\textension:\t\t\t%s\n", gp_ext->extensions_guid[i]));
- DEBUGADD(lvl,("\textension (name):\t\t\t%s\n", gp_ext->extensions[i]));
-
- DEBUGADD(lvl,("\tsnapin:\t\t\t%s\n", gp_ext->snapins_guid[i]));
- DEBUGADD(lvl,("\tsnapin (name):\t\t\t%s\n", gp_ext->snapins[i]));
+ DEBUGADD(lvl,("\textension:\t\t\t%s\n",
+ gp_ext->extensions_guid[i]));
+ DEBUGADD(lvl,("\textension (name):\t\t\t%s\n",
+ gp_ext->extensions[i]));
+
+ DEBUGADD(lvl,("\tsnapin:\t\t\t%s\n",
+ gp_ext->snapins_guid[i]));
+ DEBUGADD(lvl,("\tsnapin (name):\t\t\t%s\n",
+ gp_ext->snapins[i]));
}
}
/****************************************************************
****************************************************************/
-void dump_gpo(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, struct GROUP_POLICY_OBJECT *gpo, int debuglevel)
+void dump_gpo(ADS_STRUCT *ads,
+ TALLOC_CTX *mem_ctx,
+ struct GROUP_POLICY_OBJECT *gpo,
+ int debuglevel)
{
int lvl = debuglevel;
@@ -227,10 +235,12 @@ void dump_gpo(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, struct GROUP_POLICY_OBJECT *
DEBUGADD(lvl,("name:\t\t\t%s\n", gpo->name));
DEBUGADD(lvl,("displayname:\t\t%s\n", gpo->display_name));
DEBUGADD(lvl,("version:\t\t%d (0x%08x)\n", gpo->version, gpo->version));
- DEBUGADD(lvl,("version_user:\t\t%d (0x%04x)\n", GPO_VERSION_USER(gpo->version),
- GPO_VERSION_USER(gpo->version)));
- DEBUGADD(lvl,("version_machine:\t%d (0x%04x)\n", GPO_VERSION_MACHINE(gpo->version),
- GPO_VERSION_MACHINE(gpo->version)));
+ DEBUGADD(lvl,("version_user:\t\t%d (0x%04x)\n",
+ GPO_VERSION_USER(gpo->version),
+ GPO_VERSION_USER(gpo->version)));
+ DEBUGADD(lvl,("version_machine:\t%d (0x%04x)\n",
+ GPO_VERSION_MACHINE(gpo->version),
+ GPO_VERSION_MACHINE(gpo->version)));
DEBUGADD(lvl,("filesyspath:\t\t%s\n", gpo->file_sys_path));
DEBUGADD(lvl,("dspath:\t\t%s\n", gpo->ds_path));
@@ -280,24 +290,22 @@ void dump_gpo(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, struct GROUP_POLICY_OBJECT *
if (gpo->machine_extensions) {
struct GP_EXT *gp_ext = NULL;
- ADS_STATUS status;
- status = ads_parse_gp_ext(mem_ctx, gpo->machine_extensions, &gp_ext);
- if (!ADS_ERR_OK(status)) {
+ if (!ads_parse_gp_ext(mem_ctx, gpo->machine_extensions,
+ &gp_ext)) {
return;
}
dump_gp_ext(gp_ext, lvl);
}
-
+
DEBUGADD(lvl,("user_extensions:\t%s\n", gpo->user_extensions));
if (gpo->user_extensions) {
-
+
struct GP_EXT *gp_ext = NULL;
- ADS_STATUS status;
-
- status = ads_parse_gp_ext(mem_ctx, gpo->user_extensions, &gp_ext);
- if (!ADS_ERR_OK(status)) {
+
+ if (!ads_parse_gp_ext(mem_ctx, gpo->user_extensions,
+ &gp_ext)) {
return;
}
dump_gp_ext(gp_ext, lvl);
@@ -311,9 +319,9 @@ void dump_gpo(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, struct GROUP_POLICY_OBJECT *
/****************************************************************
****************************************************************/
-void dump_gpo_list(ADS_STRUCT *ads,
- TALLOC_CTX *mem_ctx,
- struct GROUP_POLICY_OBJECT *gpo_list,
+void dump_gpo_list(ADS_STRUCT *ads,
+ TALLOC_CTX *mem_ctx,
+ struct GROUP_POLICY_OBJECT *gpo_list,
int debuglevel)
{
struct GROUP_POLICY_OBJECT *gpo = NULL;
@@ -354,9 +362,9 @@ void dump_gplink(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, struct GP_LINK *gp_link)
DEBUGADD(lvl,("num links: %d\n", gp_link->num_links));
for (i = 0; i < gp_link->num_links; i++) {
-
+
DEBUGADD(lvl,("---------------------\n\n"));
-
+
DEBUGADD(lvl,("link: #%d\n", i + 1));
DEBUGADD(lvl,("name: %s\n", gp_link->link_names[i]));
@@ -373,9 +381,13 @@ void dump_gplink(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, struct GP_LINK *gp_link)
struct GROUP_POLICY_OBJECT gpo;
- status = ads_get_gpo(ads, mem_ctx, gp_link->link_names[i], NULL, NULL, &gpo);
+ status = ads_get_gpo(ads, mem_ctx,
+ gp_link->link_names[i],
+ NULL, NULL, &gpo);
if (!ADS_ERR_OK(status)) {
- DEBUG(lvl,("get gpo for %s failed: %s\n", gp_link->link_names[i], ads_errstr(status)));
+ DEBUG(lvl,("get gpo for %s failed: %s\n",
+ gp_link->link_names[i],
+ ads_errstr(status)));
return;
}
dump_gpo(ads, mem_ctx, &gpo, lvl);
@@ -386,27 +398,21 @@ void dump_gplink(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, struct GP_LINK *gp_link)
/****************************************************************
****************************************************************/
-ADS_STATUS process_extension_with_snapin(ADS_STRUCT *ads,
- TALLOC_CTX *mem_ctx,
- struct GROUP_POLICY_OBJECT *gpo,
- const char *extension_guid,
- const char *snapin_guid)
+NTSTATUS process_extension(ADS_STRUCT *ads,
+ TALLOC_CTX *mem_ctx,
+ uint32_t flags,
+ const struct nt_user_token *token,
+ struct GROUP_POLICY_OBJECT *gpo,
+ const char *extension_guid,
+ const char *snapin_guid)
{
- int i;
-
- for (i=0; gpo_cse_snapin_extensions[i].guid_string; i++) {
-
- if (strcmp(gpo_cse_snapin_extensions[i].guid_string, snapin_guid) == 0) {
-
- return gpo_cse_snapin_extensions[i].snapin_fn(ads, mem_ctx, gpo,
- extension_guid, snapin_guid);
- }
- }
-
- DEBUG(10,("process_extension_with_snapin: no snapin handler for extension %s (%s) found\n",
- extension_guid, snapin_guid));
+ DEBUG(0,("process_extension: no extension available for:\n"));
+ DEBUGADD(0,("%s (%s) (snapin: %s)\n",
+ extension_guid,
+ cse_gpo_guid_string_to_name(extension_guid),
+ snapin_guid));
- return ADS_SUCCESS;
+ return NT_STATUS_OK;
}
/****************************************************************
@@ -414,37 +420,42 @@ ADS_STATUS process_extension_with_snapin(ADS_STRUCT *ads,
ADS_STATUS gpo_process_a_gpo(ADS_STRUCT *ads,
TALLOC_CTX *mem_ctx,
+ const struct nt_user_token *token,
struct GROUP_POLICY_OBJECT *gpo,
const char *extension_guid_filter,
- uint32 flags)
+ uint32_t flags)
{
- ADS_STATUS status;
struct GP_EXT *gp_ext = NULL;
int i;
-
+
+ DEBUG(10,("gpo_process_a_gpo: processing gpo %s (%s)\n",
+ gpo->name, gpo->display_name));
+ if (extension_guid_filter) {
+ DEBUGADD(10,("gpo_process_a_gpo: using filter %s\n",
+ extension_guid_filter));
+ }
+
if (flags & GPO_LIST_FLAG_MACHINE) {
if (gpo->machine_extensions) {
- status = ads_parse_gp_ext(mem_ctx, gpo->machine_extensions, &gp_ext);
-
- if (!ADS_ERR_OK(status)) {
- return status;
+ if (!ads_parse_gp_ext(mem_ctx, gpo->machine_extensions,
+ &gp_ext)) {
+ return ADS_ERROR(LDAP_PARAM_ERROR);
}
} else {
/* nothing to apply */
return ADS_SUCCESS;
}
-
+
} else {
if (gpo->user_extensions) {
-
- status = ads_parse_gp_ext(mem_ctx, gpo->user_extensions, &gp_ext);
- if (!ADS_ERR_OK(status)) {
- return status;
+ if (!ads_parse_gp_ext(mem_ctx, gpo->user_extensions,
+ &gp_ext)) {
+ return ADS_ERROR(LDAP_PARAM_ERROR);
}
} else {
/* nothing to apply */
@@ -454,15 +465,20 @@ ADS_STATUS gpo_process_a_gpo(ADS_STRUCT *ads,
for (i=0; i<gp_ext->num_exts; i++) {
- if (extension_guid_filter && !strequal(extension_guid_filter, gp_ext->extensions_guid[i])) {
+ NTSTATUS ntstatus;
+
+ if (extension_guid_filter &&
+ !strequal(extension_guid_filter,
+ gp_ext->extensions_guid[i])) {
continue;
}
- status = process_extension_with_snapin(ads, mem_ctx, gpo,
- gp_ext->extensions_guid[i],
- gp_ext->snapins_guid[i]);
- if (!ADS_ERR_OK(status)) {
- return status;
+ ntstatus = process_extension(ads, mem_ctx,
+ flags, token, gpo,
+ gp_ext->extensions_guid[i],
+ gp_ext->snapins_guid[i]);
+ if (!NT_STATUS_IS_OK(ntstatus)) {
+ ADS_ERROR_NT(ntstatus);
}
}
@@ -474,19 +490,27 @@ ADS_STATUS gpo_process_a_gpo(ADS_STRUCT *ads,
ADS_STATUS gpo_process_gpo_list(ADS_STRUCT *ads,
TALLOC_CTX *mem_ctx,
+ const struct nt_user_token *token,
struct GROUP_POLICY_OBJECT *gpo_list,
const char *extensions_guid,
- uint32 flags)
+ uint32_t flags)
{
ADS_STATUS status;
struct GROUP_POLICY_OBJECT *gpo;
+ /* FIXME: ok, this is wrong, windows does process the extensions and
+ * hands the list of gpos to each extension and not process each gpo
+ * with all extensions (this is how the extension can store the list
+ * gplist in the registry) */
+
for (gpo = gpo_list; gpo; gpo = gpo->next) {
-
- status = gpo_process_a_gpo(ads, mem_ctx, gpo,
+
+ status = gpo_process_a_gpo(ads, mem_ctx, token, gpo,
extensions_guid, flags);
-
+
if (!ADS_ERR_OK(status)) {
+ DEBUG(0,("failed to process gpo: %s\n",
+ ads_errstr(status)));
return status;
}
@@ -495,80 +519,14 @@ ADS_STATUS gpo_process_gpo_list(ADS_STRUCT *ads,
return ADS_SUCCESS;
}
-ADS_STATUS gpo_snapin_handler_none(ADS_STRUCT *ads,
- TALLOC_CTX *mem_ctx,
- struct GROUP_POLICY_OBJECT *gpo,
- const char *extension_guid,
- const char *snapin_guid)
-{
- DEBUG(10,("gpo_snapin_handler_none\n"));
-
- return ADS_SUCCESS;
-}
-
-ADS_STATUS gpo_snapin_handler_security_settings(ADS_STRUCT *ads,
- TALLOC_CTX *mem_ctx,
- struct GROUP_POLICY_OBJECT *gpo,
- const char *extension_guid,
- const char *snapin_guid)
-{
- DEBUG(10,("gpo_snapin_handler_security_settings\n"));
-
- return ADS_SUCCESS;
-}
-
-ADS_STATUS gpo_lockout_policy(ADS_STRUCT *ads,
- TALLOC_CTX *mem_ctx,
- const char *hostname,
- SAM_UNK_INFO_12 *lockout_policy)
-{
- return ADS_ERROR_NT(NT_STATUS_NOT_IMPLEMENTED);
-}
-
-/****************************************************************
-****************************************************************/
-
-ADS_STATUS gpo_password_policy(ADS_STRUCT *ads,
- TALLOC_CTX *mem_ctx,
- const char *hostname,
- SAM_UNK_INFO_1 *password_policy)
-{
- ADS_STATUS status;
- struct GROUP_POLICY_OBJECT *gpo_list;
- const char *dn = NULL;
- uint32 uac = 0;
-
- status = ads_find_samaccount(ads, mem_ctx, hostname, &uac, &dn);
- if (!ADS_ERR_OK(status)) {
- return status;
- }
-
- if (!(uac & UF_WORKSTATION_TRUST_ACCOUNT)) {
- return ADS_ERROR(LDAP_NO_SUCH_OBJECT);
- }
-
- status = ads_get_gpo_list(ads, mem_ctx, dn, GPO_LIST_FLAG_MACHINE, &gpo_list);
- if (!ADS_ERR_OK(status)) {
- return status;
- }
-
- status = gpo_process_gpo_list(ads, mem_ctx, gpo_list,
- cse_gpo_name_to_guid_string("Security"),
- GPO_LIST_FLAG_MACHINE);
- if (!ADS_ERR_OK(status)) {
- return status;
- }
-
- return ADS_SUCCESS;
-}
-
/****************************************************************
check wether the version number in a GROUP_POLICY_OBJECT match those of the
locally stored version. If not, fetch the required policy via CIFS
****************************************************************/
-NTSTATUS check_refresh_gpo(ADS_STRUCT *ads,
+NTSTATUS check_refresh_gpo(ADS_STRUCT *ads,
TALLOC_CTX *mem_ctx,
+ uint32_t flags,
struct GROUP_POLICY_OBJECT *gpo,
struct cli_state **cli_out)
{
@@ -577,43 +535,54 @@ NTSTATUS check_refresh_gpo(ADS_STRUCT *ads,
char *share = NULL;
char *nt_path = NULL;
char *unix_path = NULL;
- uint32 sysvol_gpt_version = 0;
+ uint32_t sysvol_gpt_version = 0;
char *display_name = NULL;
struct cli_state *cli = NULL;
- result = gpo_explode_filesyspath(mem_ctx, gpo->file_sys_path,
+ result = gpo_explode_filesyspath(mem_ctx, gpo->file_sys_path,
&server, &share, &nt_path, &unix_path);
if (!NT_STATUS_IS_OK(result)) {
goto out;
}
- result = gpo_get_sysvol_gpt_version(mem_ctx,
+ result = gpo_get_sysvol_gpt_version(mem_ctx,
unix_path,
&sysvol_gpt_version,
&display_name);
- if (!NT_STATUS_IS_OK(result) &&
+ if (!NT_STATUS_IS_OK(result) &&
!NT_STATUS_EQUAL(result, NT_STATUS_NO_SUCH_FILE)) {
- DEBUG(10,("check_refresh_gpo: failed to get local gpt version: %s\n",
+ DEBUG(10,("check_refresh_gpo: "
+ "failed to get local gpt version: %s\n",
nt_errstr(result)));
goto out;
}
+ DEBUG(10,("check_refresh_gpo: versions gpo %d sysvol %d\n",
+ gpo->version, sysvol_gpt_version));
+
+ /* FIXME: handle GPO_INFO_FLAG_FORCED_REFRESH from flags */
+
while (gpo->version > sysvol_gpt_version) {
DEBUG(1,("check_refresh_gpo: need to refresh GPO\n"));
if (*cli_out == NULL) {
- result = cli_full_connection(&cli, global_myname(),
- server, /* ads->config.ldap_server_name, */
- NULL, 0,
- share, "A:",
- ads->auth.user_name, NULL, ads->auth.password,
- CLI_FULL_CONNECTION_USE_KERBEROS,
- Undefined, NULL);
+ result = cli_full_connection(&cli,
+ global_myname(),
+ ads->config.ldap_server_name,
+ /* server */
+ NULL, 0,
+ share, "A:",
+ ads->auth.user_name, NULL,
+ ads->auth.password,
+ CLI_FULL_CONNECTION_USE_KERBEROS,
+ Undefined, NULL);
if (!NT_STATUS_IS_OK(result)) {
- DEBUG(10,("check_refresh_gpo: failed to connect: %s\n", nt_errstr(result)));
+ DEBUG(10,("check_refresh_gpo: "
+ "failed to connect: %s\n",
+ nt_errstr(result)));
goto out;
}
@@ -625,27 +594,28 @@ NTSTATUS check_refresh_gpo(ADS_STRUCT *ads,
goto out;
}
- result = gpo_get_sysvol_gpt_version(mem_ctx,
- unix_path,
+ result = gpo_get_sysvol_gpt_version(mem_ctx,
+ unix_path,
&sysvol_gpt_version,
- &display_name);
+ &display_name);
if (!NT_STATUS_IS_OK(result)) {
- DEBUG(10,("check_refresh_gpo: failed to get local gpt version: %s\n",
+ DEBUG(10,("check_refresh_gpo: "
+ "failed to get local gpt version: %s\n",
nt_errstr(result)));
goto out;
}
-
+
if (gpo->version == sysvol_gpt_version) {
break;
}
- }
-
- DEBUG(10,("Name:\t\t\t%s\n", gpo->display_name));
- DEBUGADD(10,("sysvol GPT version:\t%d (user: %d, machine: %d)\n",
- sysvol_gpt_version,
- GPO_VERSION_USER(sysvol_gpt_version),
- GPO_VERSION_MACHINE(sysvol_gpt_version)));
- DEBUGADD(10,("LDAP GPO version:\t%d (user: %d, machine: %d)\n",
+ }
+
+ DEBUG(10,("Name:\t\t\t%s (%s)\n", gpo->display_name, gpo->name));
+ DEBUGADD(10,("sysvol GPT version:\t%d (user: %d, machine: %d)\n",
+ sysvol_gpt_version,
+ GPO_VERSION_USER(sysvol_gpt_version),
+ GPO_VERSION_MACHINE(sysvol_gpt_version)));
+ DEBUGADD(10,("LDAP GPO version:\t%d (user: %d, machine: %d)\n",
gpo->version,
GPO_VERSION_USER(gpo->version),
GPO_VERSION_MACHINE(gpo->version)));
@@ -662,8 +632,9 @@ NTSTATUS check_refresh_gpo(ADS_STRUCT *ads,
not, go and get each required GPO via CIFS
****************************************************************/
-NTSTATUS check_refresh_gpo_list(ADS_STRUCT *ads,
- TALLOC_CTX *mem_ctx,
+NTSTATUS check_refresh_gpo_list(ADS_STRUCT *ads,
+ TALLOC_CTX *mem_ctx,
+ uint32_t flags,
struct GROUP_POLICY_OBJECT *gpo_list)
{
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
@@ -676,7 +647,7 @@ NTSTATUS check_refresh_gpo_list(ADS_STRUCT *ads,
for (gpo = gpo_list; gpo; gpo = gpo->next) {
- result = check_refresh_gpo(ads, mem_ctx, gpo, &cli);
+ result = check_refresh_gpo(ads, mem_ctx, flags, gpo, &cli);
if (!NT_STATUS_IS_OK(result)) {
goto out;
}
@@ -691,5 +662,4 @@ NTSTATUS check_refresh_gpo_list(ADS_STRUCT *ads,
return result;
}
-
#endif /* HAVE_LDAP */
generated by cgit (git 2.34.1) at 2024-07-10 19:59:06 +0000