/* * Unix SMB/CIFS implementation. * Group Policy Object Support * Copyright (C) Guenther Deschner 2005-2006 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, see <http://www.gnu.org/licenses/>. */ #include "includes.h" #include "system/filesys.h" #include "../libgpo/gpo.h" #include "../libgpo/gpo_ini.h" #if _SAMBA_BUILD_ == 4 #include "param/param.h" #include "libcli/resolve/resolve.h" #include <tevent.h> #include "libcli/libcli.h" #include "libcli/raw/libcliraw.h" #include "libcli/libcli_proto.h" #include "libgpo/ads_convenience.h" #include "libgpo/gpo_s4.h" #include "lib/util/util.h" #else #include "libgpo/gpo_proto.h" #endif /**************************************************************** explode the GPO CIFS URI into their components ****************************************************************/ NTSTATUS gpo_explode_filesyspath(TALLOC_CTX *mem_ctx, const char *cache_dir, const char *file_sys_path, char **server, char **service, char **nt_path, char **unix_path) { char *path = NULL; *server = NULL; *service = NULL; *nt_path = NULL; *unix_path = NULL; if (!file_sys_path) { return NT_STATUS_OK; } if (!next_token_talloc(mem_ctx, &file_sys_path, server, "\\")) { return NT_STATUS_INVALID_PARAMETER; } NT_STATUS_HAVE_NO_MEMORY(*server); if (!next_token_talloc(mem_ctx, &file_sys_path, service, "\\")) { return NT_STATUS_INVALID_PARAMETER; } NT_STATUS_HAVE_NO_MEMORY(*service); if ((*nt_path = talloc_asprintf(mem_ctx, "\\%s", file_sys_path)) == NULL) { return NT_STATUS_NO_MEMORY; } NT_STATUS_HAVE_NO_MEMORY(*nt_path); if ((path = talloc_asprintf(mem_ctx, "%s/%s", cache_dir, file_sys_path)) == NULL) { return NT_STATUS_NO_MEMORY; } #if _SAMBA_BUILD_ == 4 path = string_sub_talloc(mem_ctx, path, "\\", "/"); #else path = talloc_string_sub(mem_ctx, path, "\\", "/"); #endif if (!path) { return NT_STATUS_NO_MEMORY; } *unix_path = talloc_strdup(mem_ctx, path); NT_STATUS_HAVE_NO_MEMORY(*unix_path); talloc_free(path); return NT_STATUS_OK; } /**************************************************************** prepare the local disc storage for "unix_path" ****************************************************************/ static NTSTATUS gpo_prepare_local_store(TALLOC_CTX *mem_ctx, const char *cache_dir, const char *unix_path) { char *current_dir; char *tok; current_dir = talloc_strdup(mem_ctx, cache_dir); NT_STATUS_HAVE_NO_MEMORY(current_dir); if ((mkdir(cache_dir, 0644)) < 0 && errno != EEXIST) { return NT_STATUS_ACCESS_DENIED; } while (next_token_talloc(mem_ctx, &unix_path, &tok, "/")) { if (strequal(tok, GPO_CACHE_DIR)) { break; } } while (next_token_talloc(mem_ctx, &unix_path, &tok, "/")) { current_dir = talloc_asprintf_append_buffer(current_dir, "/%s", tok); NT_STATUS_HAVE_NO_MEMORY(current_dir); if ((mkdir(current_dir, 0644)) < 0 && errno != EEXIST) { return NT_STATUS_ACCESS_DENIED; } } return NT_STATUS_OK; } static NTSTATUS gpo_connect_server(ADS_STRUCT *ads, struct loadparm_context *lp_ctx, const char *server, const char *service, void *ret_cli) { NTSTATUS result; #if _SAMBA_BUILD_ == 3 struct cli_state *cli; result = cli_full_connection(&cli, global_myname(), server, NULL, 0, service, "A:", ads->auth.user_name, NULL, ads->auth.password, CLI_FULL_CONNECTION_USE_KERBEROS | CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS, Undefined, NULL); if (!NT_STATUS_IS_OK(result)) { DEBUG(10,("check_refresh_gpo: " "failed to connect: %s\n", nt_errstr(result))); return result; } *(struct cli_state **) ret_cli = cli; #else struct smbcli_state *cli = NULL; struct smbcli_options options; struct smbcli_session_options session_options; lp_smbcli_options(lp_ctx, &options); lp_smbcli_session_options(lp_ctx, &session_options); result = smbcli_full_connection(NULL, &cli, server, NULL, service, NULL /*devtype*/, NULL /* socket options */, ads->credentials, lp_resolve_context(lp_ctx), tevent_context_init(ads), &options, &session_options, lp_iconv_convenience(lp_ctx), lp_gensec_settings(ads, lp_ctx)); if (!NT_STATUS_IS_OK(result)) { DEBUG(10,("failed to connect: %s\n", nt_errstr(result))); return result; } *(struct smbcli_state **) ret_cli = cli; #endif return NT_STATUS_OK; } /**************************************************************** download a full GPO via CIFS ****************************************************************/ NTSTATUS gpo_fetch_files(TALLOC_CTX *mem_ctx, ADS_STRUCT *ads, struct loadparm_context *lp_ctx, const char *cache_dir, struct GROUP_POLICY_OBJECT *gpo) { NTSTATUS result; char *server, *service, *nt_path, *unix_path; char *nt_ini_path, *unix_ini_path; #if _SAMBA_BUILD_ == 3 struct cli_state *cli; #else struct smbcli_state *cli; #endif result = gpo_explode_filesyspath(mem_ctx, cache_dir, gpo->file_sys_path, &server, &service, &nt_path, &unix_path); NT_STATUS_NOT_OK_RETURN(result); result = gpo_connect_server(ads, lp_ctx, server, service, &cli); NT_STATUS_NOT_OK_RETURN(result); result = gpo_prepare_local_store(mem_ctx, cache_dir, unix_path); NT_STATUS_NOT_OK_RETURN(result); unix_ini_path = talloc_asprintf(mem_ctx, "%s/%s", unix_path, GPT_INI); nt_ini_path = talloc_asprintf(mem_ctx, "%s\\%s", nt_path, GPT_INI); NT_STATUS_HAVE_NO_MEMORY(unix_ini_path); NT_STATUS_HAVE_NO_MEMORY(nt_ini_path); result = gpo_copy_file(mem_ctx, cli, nt_ini_path, unix_ini_path); NT_STATUS_NOT_OK_RETURN(result); result = gpo_sync_directories(mem_ctx, cli, nt_path, unix_path); NT_STATUS_NOT_OK_RETURN(result); return NT_STATUS_OK; } /**************************************************************** get the locally stored gpt.ini version number ****************************************************************/ NTSTATUS gpo_get_sysvol_gpt_version(TALLOC_CTX *mem_ctx, const char *unix_path, uint32_t *sysvol_version, char **display_name) { NTSTATUS status; uint32_t version = 0; char *local_path = NULL; char *name = NULL; if (!unix_path) { return NT_STATUS_OK; } local_path = talloc_asprintf(mem_ctx, "%s/%s", unix_path, GPT_INI); NT_STATUS_HAVE_NO_MEMORY(local_path); status = parse_gpt_ini(mem_ctx, local_path, &version, &name); if (!NT_STATUS_IS_OK(status)) { DEBUG(10,("gpo_get_sysvol_gpt_version: " "failed to parse ini [%s]: %s\n", local_path, nt_errstr(status))); return status; } if (sysvol_version) { *sysvol_version = version; } if (name && *display_name) { *display_name = talloc_strdup(mem_ctx, name); NT_STATUS_HAVE_NO_MEMORY(*display_name); } return NT_STATUS_OK; }