diff options
Diffstat (limited to 'source3/libgpo')
-rw-r--r-- | source3/libgpo/gpo_fetch.c | 52 | ||||
-rw-r--r-- | source3/libgpo/gpo_ldap.c | 108 | ||||
-rw-r--r-- | source3/libgpo/gpo_util.c | 149 |
3 files changed, 181 insertions, 128 deletions
diff --git a/source3/libgpo/gpo_fetch.c b/source3/libgpo/gpo_fetch.c index abc5ab4684..c2ba7c2d82 100644 --- a/source3/libgpo/gpo_fetch.c +++ b/source3/libgpo/gpo_fetch.c @@ -24,13 +24,12 @@ explode the GPO CIFS URI into their components ****************************************************************/ -NTSTATUS ads_gpo_explode_filesyspath(ADS_STRUCT *ads, - TALLOC_CTX *mem_ctx, - const char *file_sys_path, - char **server, - char **service, - char **nt_path, - char **unix_path) +NTSTATUS gpo_explode_filesyspath(TALLOC_CTX *mem_ctx, + const char *file_sys_path, + char **server, + char **service, + char **nt_path, + char **unix_path) { fstring tok; pstring path; @@ -40,6 +39,10 @@ NTSTATUS ads_gpo_explode_filesyspath(ADS_STRUCT *ads, *nt_path = NULL; *unix_path = NULL; + if (!file_sys_path) { + return NT_STATUS_OK; + } + if (!next_token(&file_sys_path, tok, "\\", sizeof(tok))) { return NT_STATUS_INVALID_PARAMETER; } @@ -76,9 +79,8 @@ NTSTATUS ads_gpo_explode_filesyspath(ADS_STRUCT *ads, prepare the local disc storage for "unix_path" ****************************************************************/ -NTSTATUS ads_gpo_prepare_local_store(ADS_STRUCT *ads, - TALLOC_CTX *mem_ctx, - const char *unix_path) +static NTSTATUS gpo_prepare_local_store(TALLOC_CTX *mem_ctx, + const char *unix_path) { const char *top_dir = lock_path(GPO_CACHE_DIR); char *current_dir; @@ -115,21 +117,20 @@ NTSTATUS ads_gpo_prepare_local_store(ADS_STRUCT *ads, download a full GPO via CIFS ****************************************************************/ -NTSTATUS ads_fetch_gpo_files(ADS_STRUCT *ads, - TALLOC_CTX *mem_ctx, - struct cli_state *cli, - struct GROUP_POLICY_OBJECT *gpo) +NTSTATUS gpo_fetch_files(TALLOC_CTX *mem_ctx, + struct cli_state *cli, + struct GROUP_POLICY_OBJECT *gpo) { NTSTATUS result; char *server, *service, *nt_path, *unix_path, *nt_ini_path, *unix_ini_path; - result = ads_gpo_explode_filesyspath(ads, mem_ctx, gpo->file_sys_path, - &server, &service, &nt_path, &unix_path); + result = gpo_explode_filesyspath(mem_ctx, gpo->file_sys_path, + &server, &service, &nt_path, &unix_path); if (!NT_STATUS_IS_OK(result)) { goto out; } - result = ads_gpo_prepare_local_store(ads, mem_ctx, unix_path); + result = gpo_prepare_local_store(mem_ctx, unix_path); if (!NT_STATUS_IS_OK(result)) { goto out; } @@ -161,23 +162,26 @@ NTSTATUS ads_fetch_gpo_files(ADS_STRUCT *ads, get the locally stored gpt.ini version number ****************************************************************/ -NTSTATUS ads_gpo_get_sysvol_gpt_version(ADS_STRUCT *ads, - TALLOC_CTX *mem_ctx, - const char *unix_path, - uint32 *sysvol_version, - char **display_name) +NTSTATUS gpo_get_sysvol_gpt_version(TALLOC_CTX *mem_ctx, + const char *unix_path, + uint32 *sysvol_version, + char **display_name) { NTSTATUS status; - uint32 version; + uint32 version = 0; char *local_path = NULL; char *name = NULL; + if (!unix_path) { + return NT_STATUS_OK; + } + local_path = talloc_asprintf(mem_ctx, "%s/%s", unix_path, GPT_INI); NT_STATUS_HAVE_NO_MEMORY(local_path); status = parse_gpt_ini(mem_ctx, local_path, &version, &name); if (!NT_STATUS_IS_OK(status)) { - DEBUG(10,("ads_gpo_get_sysvol_gpt_version: failed to parse ini [%s]: %s\n", + DEBUG(10,("gpo_get_sysvol_gpt_version: failed to parse ini [%s]: %s\n", unix_path, nt_errstr(status))); return status; } diff --git a/source3/libgpo/gpo_ldap.c b/source3/libgpo/gpo_ldap.c index b595e531fe..3f90fa4a62 100644 --- a/source3/libgpo/gpo_ldap.c +++ b/source3/libgpo/gpo_ldap.c @@ -28,14 +28,24 @@ ADS_STATUS ads_parse_gp_ext(TALLOC_CTX *mem_ctx, const char *extension_raw, - struct GP_EXT *gp_ext) + struct GP_EXT **gp_ext) { + struct GP_EXT *ext = NULL; char **ext_list; char **ext_strings = NULL; int i; + if (!extension_raw) { + goto parse_error; + } + DEBUG(20,("ads_parse_gp_ext: %s\n", extension_raw)); + ext = TALLOC_ZERO_P(mem_ctx, struct GP_EXT); + if (!ext) { + goto parse_error; + } + ext_list = str_list_make_talloc(mem_ctx, extension_raw, "]"); if (ext_list == NULL) { goto parse_error; @@ -45,28 +55,28 @@ ADS_STATUS ads_parse_gp_ext(TALLOC_CTX *mem_ctx, /* no op */ } - gp_ext->num_exts = i; + ext->num_exts = i; - if (gp_ext->num_exts) { - gp_ext->extensions = TALLOC_ZERO_ARRAY(mem_ctx, char *, gp_ext->num_exts); - gp_ext->extensions_guid = TALLOC_ZERO_ARRAY(mem_ctx, char *, gp_ext->num_exts); - gp_ext->snapins = TALLOC_ZERO_ARRAY(mem_ctx, char *, gp_ext->num_exts); - gp_ext->snapins_guid = TALLOC_ZERO_ARRAY(mem_ctx, char *, gp_ext->num_exts); + if (ext->num_exts) { + ext->extensions = TALLOC_ZERO_ARRAY(mem_ctx, char *, ext->num_exts); + ext->extensions_guid = TALLOC_ZERO_ARRAY(mem_ctx, char *, ext->num_exts); + ext->snapins = TALLOC_ZERO_ARRAY(mem_ctx, char *, ext->num_exts); + ext->snapins_guid = TALLOC_ZERO_ARRAY(mem_ctx, char *, ext->num_exts); } else { - gp_ext->extensions = NULL; - gp_ext->extensions_guid = NULL; - gp_ext->snapins = NULL; - gp_ext->snapins_guid = NULL; + ext->extensions = NULL; + ext->extensions_guid = NULL; + ext->snapins = NULL; + ext->snapins_guid = NULL; } - if (gp_ext->extensions == NULL || gp_ext->extensions_guid == NULL || - gp_ext->snapins == NULL || gp_ext->snapins_guid == NULL || - gp_ext->gp_extension == NULL) { + ext->gp_extension = talloc_strdup(mem_ctx, extension_raw); + + if (ext->extensions == NULL || ext->extensions_guid == NULL || + ext->snapins == NULL || ext->snapins_guid == NULL || + ext->gp_extension == NULL) { goto parse_error; } - gp_ext->gp_extension = talloc_strdup(mem_ctx, extension_raw); - for (i = 0; ext_list[i] != NULL; i++) { int k; @@ -95,11 +105,11 @@ ADS_STATUS ads_parse_gp_ext(TALLOC_CTX *mem_ctx, q++; } - gp_ext->extensions[i] = talloc_strdup(mem_ctx, cse_gpo_guid_string_to_name(q)); - gp_ext->extensions_guid[i] = talloc_strdup(mem_ctx, q); + ext->extensions[i] = talloc_strdup(mem_ctx, cse_gpo_guid_string_to_name(q)); + ext->extensions_guid[i] = talloc_strdup(mem_ctx, q); /* we might have no name for the guid */ - if (gp_ext->extensions_guid[i] == NULL) { + if (ext->extensions_guid[i] == NULL) { goto parse_error; } @@ -112,11 +122,11 @@ ADS_STATUS ads_parse_gp_ext(TALLOC_CTX *mem_ctx, } /* FIXME: theoretically there could be more than one snapin per extension */ - gp_ext->snapins[i] = talloc_strdup(mem_ctx, cse_snapin_gpo_guid_string_to_name(m)); - gp_ext->snapins_guid[i] = talloc_strdup(mem_ctx, m); + ext->snapins[i] = talloc_strdup(mem_ctx, cse_snapin_gpo_guid_string_to_name(m)); + ext->snapins_guid[i] = talloc_strdup(mem_ctx, m); /* we might have no name for the guid */ - if (gp_ext->snapins_guid[i] == NULL) { + if (ext->snapins_guid[i] == NULL) { goto parse_error; } } @@ -129,6 +139,8 @@ ADS_STATUS ads_parse_gp_ext(TALLOC_CTX *mem_ctx, str_list_free_talloc(mem_ctx, &ext_strings); } + *gp_ext = ext; + return ADS_ERROR(LDAP_SUCCESS); parse_error: @@ -146,15 +158,15 @@ parse_error: parse the raw link string into a GP_LINK structure ****************************************************************/ -ADS_STATUS ads_parse_gplink(TALLOC_CTX *mem_ctx, - const char *gp_link_raw, - uint32 options, - struct GP_LINK *gp_link) +static ADS_STATUS gpo_parse_gplink(TALLOC_CTX *mem_ctx, + const char *gp_link_raw, + uint32 options, + struct GP_LINK *gp_link) { char **link_list; int i; - DEBUG(10,("ads_parse_gplink: gPLink: %s\n", gp_link_raw)); + DEBUG(10,("gpo_parse_gplink: gPLink: %s\n", gp_link_raw)); link_list = str_list_make_talloc(mem_ctx, gp_link_raw, "]"); if (link_list == NULL) { @@ -186,7 +198,7 @@ ADS_STATUS ads_parse_gplink(TALLOC_CTX *mem_ctx, char *p, *q; - DEBUGADD(10,("ads_parse_gplink: processing link #%d\n", i)); + DEBUGADD(10,("gpo_parse_gplink: processing link #%d\n", i)); q = link_list[i]; if (q[0] == '[') { @@ -207,8 +219,8 @@ ADS_STATUS ads_parse_gplink(TALLOC_CTX *mem_ctx, gp_link->link_opts[i] = atoi(p + 1); - DEBUGADD(10,("ads_parse_gplink: link: %s\n", gp_link->link_names[i])); - DEBUGADD(10,("ads_parse_gplink: opt: %d\n", gp_link->link_opts[i])); + DEBUGADD(10,("gpo_parse_gplink: link: %s\n", gp_link->link_names[i])); + DEBUGADD(10,("gpo_parse_gplink: opt: %d\n", gp_link->link_opts[i])); } @@ -262,7 +274,7 @@ ADS_STATUS ads_get_gpo_link(ADS_STRUCT *ads, return ADS_ERROR(LDAP_NO_SUCH_ATTRIBUTE); } - /* perfectly leggal to have no options */ + /* perfectly legal to have no options */ if (!ads_pull_uint32(ads, res, "gPOptions", &gp_options)) { DEBUG(10,("ads_get_gpo_link: no 'gPOptions' attribute found\n")); gp_options = 0; @@ -270,7 +282,7 @@ ADS_STATUS ads_get_gpo_link(ADS_STRUCT *ads, ads_msgfree(ads, res); - return ads_parse_gplink(mem_ctx, gp_link, gp_options, gp_link_struct); + return gpo_parse_gplink(mem_ctx, gp_link, gp_options, gp_link_struct); } /**************************************************************** @@ -518,14 +530,14 @@ ADS_STATUS ads_get_gpo(ADS_STRUCT *ads, add a gplink to the GROUP_POLICY_OBJECT linked list ****************************************************************/ -ADS_STATUS add_gplink_to_gpo_list(ADS_STRUCT *ads, - TALLOC_CTX *mem_ctx, - struct GROUP_POLICY_OBJECT **gpo_list, - const char *link_dn, - struct GP_LINK *gp_link, - enum GPO_LINK_TYPE link_type, - BOOL only_add_forced_gpos, - struct GPO_SID_TOKEN *token) +static ADS_STATUS add_gplink_to_gpo_list(ADS_STRUCT *ads, + TALLOC_CTX *mem_ctx, + struct GROUP_POLICY_OBJECT **gpo_list, + const char *link_dn, + struct GP_LINK *gp_link, + enum GPO_LINK_TYPE link_type, + BOOL only_add_forced_gpos, + struct GPO_SID_TOKEN *token) { ADS_STATUS status; int i; @@ -581,10 +593,10 @@ ADS_STATUS add_gplink_to_gpo_list(ADS_STRUCT *ads, /**************************************************************** ****************************************************************/ -ADS_STATUS ads_get_gpo_sid_token(ADS_STRUCT *ads, - TALLOC_CTX *mem_ctx, - const char *dn, - struct GPO_SID_TOKEN **token) +static ADS_STATUS ads_get_gpo_sid_token(ADS_STRUCT *ads, + TALLOC_CTX *mem_ctx, + const char *dn, + struct GPO_SID_TOKEN **token) { ADS_STATUS status; DOM_SID object_sid; @@ -684,11 +696,11 @@ ADS_STATUS ads_get_gpo_list(ADS_STRUCT *ads, status = ads_get_gpo_link(ads, mem_ctx, site_dn, &gp_link); if (ADS_ERR_OK(status)) { - + if (DEBUGLEVEL >= 100) { dump_gplink(ads, mem_ctx, &gp_link); } - + status = add_gplink_to_gpo_list(ads, mem_ctx, gpo_list, site_dn, &gp_link, GP_LINK_SITE, add_only_forced_gpos, @@ -696,11 +708,11 @@ ADS_STATUS ads_get_gpo_list(ADS_STRUCT *ads, if (!ADS_ERR_OK(status)) { return status; } - + if (flags & GPO_LIST_FLAG_SITEONLY) { return ADS_ERROR(LDAP_SUCCESS); } - + /* inheritance can't be blocked at the site level */ } } diff --git a/source3/libgpo/gpo_util.c b/source3/libgpo/gpo_util.c index 7c29a63ecc..6b3f55bb9f 100644 --- a/source3/libgpo/gpo_util.c +++ b/source3/libgpo/gpo_util.c @@ -221,54 +221,71 @@ void dump_gpo(TALLOC_CTX *mem_ctx, struct GROUP_POLICY_OBJECT *gpo, int debuglev DEBUGADD(lvl,("link:\t\t\t%s\n", gpo->link)); DEBUGADD(lvl,("link_type:\t\t%d ", gpo->link_type)); switch (gpo->link_type) { - case GP_LINK_UNKOWN: - DEBUGADD(lvl,("GP_LINK_UNKOWN\n")); - break; - case GP_LINK_OU: - DEBUGADD(lvl,("GP_LINK_OU\n")); - break; - case GP_LINK_DOMAIN: - DEBUGADD(lvl,("GP_LINK_DOMAIN\n")); - break; - case GP_LINK_SITE: - DEBUGADD(lvl,("GP_LINK_SITE\n")); - break; - case GP_LINK_MACHINE: - DEBUGADD(lvl,("GP_LINK_MACHINE\n")); - break; - default: - break; + case GP_LINK_UNKOWN: + DEBUGADD(lvl,("GP_LINK_UNKOWN\n")); + break; + case GP_LINK_OU: + DEBUGADD(lvl,("GP_LINK_OU\n")); + break; + case GP_LINK_DOMAIN: + DEBUGADD(lvl,("GP_LINK_DOMAIN\n")); + break; + case GP_LINK_SITE: + DEBUGADD(lvl,("GP_LINK_SITE\n")); + break; + case GP_LINK_MACHINE: + DEBUGADD(lvl,("GP_LINK_MACHINE\n")); + break; + default: + break; } + DEBUGADD(lvl,("machine_extensions:\t%s\n", gpo->machine_extensions)); + if (gpo->machine_extensions) { - struct GP_EXT gp_ext; + struct GP_EXT *gp_ext = NULL; ADS_STATUS status; - DEBUGADD(lvl,("machine_extensions:\t%s\n", gpo->machine_extensions)); - status = ads_parse_gp_ext(mem_ctx, gpo->machine_extensions, &gp_ext); if (!ADS_ERR_OK(status)) { return; } - dump_gp_ext(&gp_ext, lvl); + dump_gp_ext(gp_ext, lvl); } + DEBUGADD(lvl,("user_extensions:\t%s\n", gpo->user_extensions)); + if (gpo->user_extensions) { - struct GP_EXT gp_ext; + struct GP_EXT *gp_ext = NULL; ADS_STATUS status; - DEBUGADD(lvl,("user_extensions:\t%s\n", gpo->user_extensions)); - status = ads_parse_gp_ext(mem_ctx, gpo->user_extensions, &gp_ext); if (!ADS_ERR_OK(status)) { return; } - dump_gp_ext(&gp_ext, lvl); + dump_gp_ext(gp_ext, lvl); } } +/**************************************************************** +****************************************************************/ + +void dump_gpo_list(TALLOC_CTX *mem_ctx, + struct GROUP_POLICY_OBJECT *gpo_list, + int debuglevel) +{ + struct GROUP_POLICY_OBJECT *gpo = NULL; + + for (gpo = gpo_list; gpo; gpo = gpo->next) { + dump_gpo(mem_ctx, gpo, debuglevel); + } +} + +/**************************************************************** +****************************************************************/ + void dump_gplink(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, struct GP_LINK *gp_link) { ADS_STATUS status; @@ -284,14 +301,14 @@ void dump_gplink(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, struct GP_LINK *gp_link) DEBUGADD(lvl,("gplink: %s\n", gp_link->gp_link)); DEBUGADD(lvl,("gpopts: %d ", gp_link->gp_opts)); switch (gp_link->gp_opts) { - case GPOPTIONS_INHERIT: - DEBUGADD(lvl,("GPOPTIONS_INHERIT\n")); - break; - case GPOPTIONS_BLOCK_INHERITANCE: - DEBUGADD(lvl,("GPOPTIONS_BLOCK_INHERITANCE\n")); - break; - default: - break; + case GPOPTIONS_INHERIT: + DEBUGADD(lvl,("GPOPTIONS_INHERIT\n")); + break; + case GPOPTIONS_BLOCK_INHERITANCE: + DEBUGADD(lvl,("GPOPTIONS_BLOCK_INHERITANCE\n")); + break; + default: + break; } DEBUGADD(lvl,("num links: %d\n", gp_link->num_links)); @@ -326,6 +343,9 @@ void dump_gplink(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, struct GP_LINK *gp_link) } } +/**************************************************************** +****************************************************************/ + ADS_STATUS process_extension_with_snapin(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, const char *extension_guid, @@ -348,14 +368,17 @@ ADS_STATUS process_extension_with_snapin(ADS_STRUCT *ads, return ADS_SUCCESS; } +/**************************************************************** +****************************************************************/ + ADS_STATUS gpo_process_a_gpo(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, struct GROUP_POLICY_OBJECT *gpo, - const char *extension_guid, + const char *extension_guid_filter, uint32 flags) { ADS_STATUS status; - struct GP_EXT gp_ext; + struct GP_EXT *gp_ext = NULL; int i; if (flags & GPO_LIST_FLAG_MACHINE) { @@ -388,14 +411,15 @@ ADS_STATUS gpo_process_a_gpo(ADS_STRUCT *ads, } } - for (i=0; i<gp_ext.num_exts; i++) { + for (i=0; i<gp_ext->num_exts; i++) { - if (extension_guid && !strequal(extension_guid, gp_ext.extensions_guid[i])) { + if (extension_guid_filter && !strequal(extension_guid_filter, gp_ext->extensions_guid[i])) { continue; } - status = process_extension_with_snapin(ads, mem_ctx, gp_ext.extensions_guid[i], - gp_ext.snapins_guid[i]); + status = process_extension_with_snapin(ads, mem_ctx, + gp_ext->extensions_guid[i], + gp_ext->snapins_guid[i]); if (!ADS_ERR_OK(status)) { return status; } @@ -404,16 +428,19 @@ ADS_STATUS gpo_process_a_gpo(ADS_STRUCT *ads, return ADS_SUCCESS; } +/**************************************************************** +****************************************************************/ + ADS_STATUS gpo_process_gpo_list(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, - struct GROUP_POLICY_OBJECT **gpo_list, + struct GROUP_POLICY_OBJECT *gpo_list, const char *extensions_guid, uint32 flags) { ADS_STATUS status; - struct GROUP_POLICY_OBJECT *gpo = *gpo_list; + struct GROUP_POLICY_OBJECT *gpo; - for (gpo = *gpo_list; gpo; gpo = gpo->next) { + for (gpo = gpo_list; gpo; gpo = gpo->next) { status = gpo_process_a_gpo(ads, mem_ctx, gpo, extensions_guid, flags); @@ -455,6 +482,9 @@ ADS_STATUS gpo_lockout_policy(ADS_STRUCT *ads, return ADS_ERROR_NT(NT_STATUS_NOT_IMPLEMENTED); } +/**************************************************************** +****************************************************************/ + ADS_STATUS gpo_password_policy(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, const char *hostname, @@ -512,7 +542,7 @@ ADS_STATUS gpo_password_policy(ADS_STRUCT *ads, ads_memfree(ads, dn); - status = gpo_process_gpo_list(ads, mem_ctx, &gpo_list, + status = gpo_process_gpo_list(ads, mem_ctx, gpo_list, cse_gpo_name_to_guid_string("Security"), GPO_LIST_FLAG_MACHINE); if (!ADS_ERR_OK(status)) { @@ -533,22 +563,25 @@ NTSTATUS check_refresh_gpo(ADS_STRUCT *ads, struct cli_state **cli_out) { NTSTATUS result; - char *server, *share, *nt_path, *unix_path; + char *server = NULL; + char *share = NULL; + char *nt_path = NULL; + char *unix_path = NULL; uint32 sysvol_gpt_version = 0; - char *display_name; + char *display_name = NULL; struct cli_state *cli = NULL; - result = ads_gpo_explode_filesyspath(ads, mem_ctx, gpo->file_sys_path, - &server, &share, &nt_path, &unix_path); + result = gpo_explode_filesyspath(mem_ctx, gpo->file_sys_path, + &server, &share, &nt_path, &unix_path); if (!NT_STATUS_IS_OK(result)) { goto out; } - result = ads_gpo_get_sysvol_gpt_version(ads, mem_ctx, - unix_path, - &sysvol_gpt_version, - &display_name); + result = gpo_get_sysvol_gpt_version(mem_ctx, + unix_path, + &sysvol_gpt_version, + &display_name); if (!NT_STATUS_IS_OK(result) && !NT_STATUS_EQUAL(result, NT_STATUS_NO_SUCH_FILE)) { DEBUG(10,("check_refresh_gpo: failed to get local gpt version: %s\n", @@ -577,15 +610,15 @@ NTSTATUS check_refresh_gpo(ADS_STRUCT *ads, *cli_out = cli; } - result = ads_fetch_gpo_files(ads, mem_ctx, *cli_out, gpo); + result = gpo_fetch_files(mem_ctx, *cli_out, gpo); if (!NT_STATUS_IS_OK(result)) { goto out; } - result = ads_gpo_get_sysvol_gpt_version(ads, mem_ctx, - unix_path, - &sysvol_gpt_version, - &display_name); + result = gpo_get_sysvol_gpt_version(mem_ctx, + unix_path, + &sysvol_gpt_version, + &display_name); if (!NT_STATUS_IS_OK(result)) { DEBUG(10,("check_refresh_gpo: failed to get local gpt version: %s\n", nt_errstr(result))); @@ -627,6 +660,10 @@ NTSTATUS check_refresh_gpo_list(ADS_STRUCT *ads, struct cli_state *cli = NULL; struct GROUP_POLICY_OBJECT *gpo; + if (!gpo_list) { + return NT_STATUS_INVALID_PARAMETER; + } + for (gpo = gpo_list; gpo; gpo = gpo->next) { result = check_refresh_gpo(ads, mem_ctx, gpo, &cli); |