summaryrefslogtreecommitdiff
path: root/source4/lib/policy
diff options
context:
space:
mode:
Diffstat (limited to 'source4/lib/policy')
-rw-r--r--source4/lib/policy/gp_ldap.c126
-rw-r--r--source4/lib/policy/policy.h10
2 files changed, 89 insertions, 47 deletions
diff --git a/source4/lib/policy/gp_ldap.c b/source4/lib/policy/gp_ldap.c
index ee3da9d239..8f44adcc6d 100644
--- a/source4/lib/policy/gp_ldap.c
+++ b/source4/lib/policy/gp_ldap.c
@@ -51,59 +51,33 @@ static const struct gpo_stringmap gpo_inheritance [] = {
{ NULL, 0 }
};
+
static NTSTATUS parse_gpo(TALLOC_CTX *mem_ctx, struct ldb_message *msg, struct gp_object **ret)
{
- unsigned int i;
struct gp_object *gpo = talloc(mem_ctx, struct gp_object);
enum ndr_err_code ndr_err;
+ const DATA_BLOB *data;
gpo->dn = talloc_steal(mem_ctx, ldb_dn_get_linearized(msg->dn));
DEBUG(9, ("Parsing GPO LDAP data for %s\n", gpo->dn));
- for (i = 0; i < msg->num_elements; i++) {
- struct ldb_message_element *element = &msg->elements[i];
- if (strcmp(element->name, "displayName") == 0) {
- SMB_ASSERT(element->num_values > 0);
- gpo->display_name = talloc_strdup(gpo, (char *)element->values[0].data);
- DEBUG(10, ("Found displayname: %s\n", gpo->display_name));
- }
- if (strcmp(element->name, "name") == 0) {
- SMB_ASSERT(element->num_values > 0);
- gpo->name = talloc_strdup(gpo, (char *)element->values[0].data);
- DEBUG(10, ("Found name: %s\n", gpo->name));
- }
- if (strcmp(element->name, "flags") == 0) {
- char *end;
- SMB_ASSERT(element->num_values > 0);
- gpo->flags = (uint32_t) strtoll((char *)element->values[0].data, &end, 0);
- SMB_ASSERT(*end == 0);
- DEBUG(10, ("Found flags: %d\n", gpo->flags));
- }
- if (strcmp(element->name, "versionNumber") == 0) {
- char *end;
- SMB_ASSERT(element->num_values > 0);
- gpo->version = (uint32_t) strtoll((char *)element->values[0].data, &end, 0);
- SMB_ASSERT(*end == 0);
- DEBUG(10, ("Found version: %d\n", gpo->version));
- }
- if (strcmp(element->name, "gPCFileSysPath") == 0) {
- SMB_ASSERT(element->num_values > 0);
- gpo->file_sys_path = talloc_strdup(gpo, (char *)element->values[0].data);
- DEBUG(10, ("Found file system path: %s\n", gpo->file_sys_path));
- }
- if (strcmp(element->name, "nTSecurityDescriptor") == 0) {
- gpo->security_descriptor = talloc(mem_ctx, struct security_descriptor);
- ndr_err = ndr_pull_struct_blob(&element->values[0],
- mem_ctx,
- NULL,
- gpo->security_descriptor,
- (ndr_pull_flags_fn_t)ndr_pull_security_descriptor);
- if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
- return ndr_map_error2ntstatus(ndr_err);
- }
- DEBUG(10, ("Found security descriptor.\n"));
- }
+ gpo->display_name = talloc_steal(mem_ctx, ldb_msg_find_attr_as_string(msg, "displayName", ""));
+ gpo->name = talloc_steal(mem_ctx, ldb_msg_find_attr_as_string(msg, "name", ""));
+ gpo->flags = ldb_msg_find_attr_as_uint(msg, "name", 0);
+ gpo->version = ldb_msg_find_attr_as_uint(msg, "version", 0);
+ gpo->file_sys_path = talloc_steal(mem_ctx, ldb_msg_find_attr_as_string(msg, "gPCFileSysPath", ""));
+
+ /* Pull the security descriptor through the NDR library */
+ data = ldb_msg_find_ldb_val(msg, "nTSecurityDescriptor");
+ gpo->security_descriptor = talloc(mem_ctx, struct security_descriptor);
+ ndr_err = ndr_pull_struct_blob(data,
+ mem_ctx,
+ NULL,
+ gpo->security_descriptor,
+ (ndr_pull_flags_fn_t)ndr_pull_security_descriptor);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ return ndr_map_error2ntstatus(ndr_err);
}
*ret = gpo;
@@ -357,7 +331,7 @@ static NTSTATUS parse_gplink (TALLOC_CTX *mem_ctx, const char *gplink_str, struc
}
-NTSTATUS gp_get_gplinks(struct gp_context *gp_ctx, const char *req_dn, struct gp_link ***ret)
+NTSTATUS gp_get_gplinks(struct gp_context *gp_ctx, const char *dn_str, struct gp_link ***ret)
{
TALLOC_CTX *mem_ctx;
struct ldb_dn *dn;
@@ -371,7 +345,7 @@ NTSTATUS gp_get_gplinks(struct gp_context *gp_ctx, const char *req_dn, struct gp
/* Create a forked memory context, as a base for everything here */
mem_ctx = talloc_new(gp_ctx);
- dn = ldb_dn_new(mem_ctx, gp_ctx->ldb_ctx, req_dn);
+ dn = ldb_dn_new(mem_ctx, gp_ctx->ldb_ctx, dn_str);
rv = ldb_search(gp_ctx->ldb_ctx, mem_ctx, &result, dn, LDB_SCOPE_BASE, NULL, "(objectclass=*)");
if (rv != LDB_SUCCESS) {
@@ -566,3 +540,63 @@ NTSTATUS gp_list_gpos(struct gp_context *gp_ctx, struct security_token *token, c
*ret = gpos;
return NT_STATUS_OK;
}
+
+NTSTATUS gp_add_gplink(struct gp_context *gp_ctx, const char *dn_str, struct gp_link *gplink)
+{
+ TALLOC_CTX *mem_ctx;
+ struct ldb_result *result;
+ struct ldb_dn *dn;
+ struct ldb_message *msg;
+ const char *attrs[] = { "gPLink", NULL };
+ const char *gplink_str;
+ int rv;
+
+ /* Create a forked memory context, as a base for everything here */
+ mem_ctx = talloc_new(gp_ctx);
+
+ dn = ldb_dn_new(mem_ctx, gp_ctx->ldb_ctx, dn_str);
+
+ rv = ldb_search(gp_ctx->ldb_ctx, mem_ctx, &result, dn, LDB_SCOPE_BASE, attrs, "(objectclass=*)");
+ if (rv != LDB_SUCCESS) {
+ DEBUG(0, ("LDB search failed: %s\n%s\n", ldb_strerror(rv), ldb_errstring(gp_ctx->ldb_ctx)));
+ talloc_free(mem_ctx);
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ if (result->count != 1) {
+ talloc_free(mem_ctx);
+ return NT_STATUS_NOT_FOUND;
+ }
+
+ gplink_str = ldb_msg_find_attr_as_string(result->msgs[0], "gPLink", "");
+
+ if (strstr(gplink_str, gplink->dn) != NULL) {
+ talloc_free(mem_ctx);
+ return NT_STATUS_OBJECT_NAME_COLLISION;
+ }
+
+
+ /* Prepend the new GPO link to the string. This list is backwards in priority. */
+ gplink_str = talloc_asprintf(mem_ctx, "[LDAP://%s;%d]%s", gplink->dn, gplink->options, gplink_str);
+
+ msg = ldb_msg_new(mem_ctx);
+ msg->dn = dn;
+
+ rv = ldb_msg_add_string(msg, "gPLink", gplink_str);
+ if (rv != 0) {
+ DEBUG(0, ("LDB message add string failed: %s\n", ldb_strerror(rv)));
+ talloc_free(mem_ctx);
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+ msg->elements[0].flags = LDB_FLAG_MOD_REPLACE;
+
+ rv = ldb_modify(gp_ctx->ldb_ctx, msg);
+ if (rv != 0) {
+ DEBUG(0, ("LDB modify failed: %s\n", ldb_strerror(rv)));
+ talloc_free(mem_ctx);
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ talloc_free(mem_ctx);
+ return NT_STATUS_OK;
+}
diff --git a/source4/lib/policy/policy.h b/source4/lib/policy/policy.h
index 2e58094608..0f78b0f8b8 100644
--- a/source4/lib/policy/policy.h
+++ b/source4/lib/policy/policy.h
@@ -57,9 +57,11 @@ struct gp_link {
const char *dn;
};
+#if 0 /* Not used yet */
NTSTATUS gp_fetch_gpo(TALLOC_CTX *mem_ctx, struct ldb_context *ldb);
NTSTATUS gp_apply_gpo(TALLOC_CTX *mem_ctx, struct ldb_context *ldb);
NTSTATUS gp_check_refresh_gpo(TALLOC_CTX *mem_ctx, struct ldb_context *ldb);
+#endif
NTSTATUS gp_init(TALLOC_CTX *mem_ctx,
struct loadparm_context *lp_ctx,
@@ -67,12 +69,18 @@ NTSTATUS gp_init(TALLOC_CTX *mem_ctx,
struct tevent_context *ev_ctx,
struct gp_context **gp_ctx);
NTSTATUS gp_list_all_gpos(struct gp_context *gp_ctx, struct gp_object ***ret);
-NTSTATUS gp_get_gpo_info(struct gp_context *gp_ctx, const char *name, struct gp_object **ret);
NTSTATUS gp_get_gplinks(struct gp_context *gp_ctx, const char *req_dn, struct gp_link ***ret);
NTSTATUS gp_list_gpos(struct gp_context *gp_ctx, struct security_token *token, const char ***ret);
+NTSTATUS gp_get_gpo_info(struct gp_context *gp_ctx, const char *dn_str, struct gp_object **ret);
+NTSTATUS gp_set_gpo_info(struct gp_context *gp_ctx, const char *dn_str, struct gp_object *gpo);
+NTSTATUS gp_del_gpo(struct gp_context *gp_ctx, const char *dn_str);
+
NTSTATUS gp_get_gplink_options(TALLOC_CTX *mem_ctx, uint32_t flags, const char ***ret);
NTSTATUS gp_get_gpo_flags(TALLOC_CTX *mem_ctx, uint32_t flags, const char ***ret);
+NTSTATUS gp_add_gplink(struct gp_context *gp_ctx, const char *dn_str, struct gp_link *gplink);
+NTSTATUS gp_del_gplink(struct gp_context *gp_ctx, const char *dn_str, const char *gp_dn);
+
#endif