libgpo: allow to pass down deleted and changed gpo list to CSE plugins.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

6 files changed, 189 insertions, 102 deletions

diff --git a/libgpo/gpext/gpext.c b/libgpo/gpext/gpext.c
index 3596d0c74e..6f960d24d0 100644
--- a/libgpo/gpext/gpext.c
+++ b/libgpo/gpext/gpext.c
@@ -744,14 +744,14 @@ NTSTATUS gpext_process_extension(TALLOC_CTX *mem_ctx,
 				 uint32_t flags,
 				 const struct security_token *token,
 				 struct registry_key *root_key,
-				 struct GROUP_POLICY_OBJECT *gpo,
+				 const struct GROUP_POLICY_OBJECT *deleted_gpo_list,
+				 const struct GROUP_POLICY_OBJECT *changed_gpo_list,
 				 const char *extension_guid,
 				 const char *snapin_guid)
 {
 	NTSTATUS status;
 	struct gp_extension *ext = NULL;
-	struct GUID guid;
-	bool cse_found = false;
+	const struct GROUP_POLICY_OBJECT *gpo;
 
 	status = gpext_init_gp_extensions(mem_ctx);
 	if (!NT_STATUS_IS_OK(status)) {
@@ -760,47 +760,76 @@ NTSTATUS gpext_process_extension(TALLOC_CTX *mem_ctx,
 		return status;
 	}
 
-	status = GUID_from_string(extension_guid, &guid);
-	if (!NT_STATUS_IS_OK(status)) {
-		return status;
-	}
-
 	for (ext = extensions; ext; ext = ext->next) {
 
-		if (GUID_equal(ext->guid, &guid)) {
-			cse_found = true;
-			break;
+		struct GROUP_POLICY_OBJECT *deleted_gpo_list_filtered = NULL;
+		struct GROUP_POLICY_OBJECT *changed_gpo_list_filtered = NULL;
+
+		for (gpo = deleted_gpo_list; gpo; gpo = gpo->next) {
+
+			bool is_present = false;
+
+			status = gpext_check_gpo_for_gpext_presence(mem_ctx,
+								    flags,
+								    gpo,
+								    ext->guid,
+								    &is_present);
+			if (!NT_STATUS_IS_OK(status)) {
+				return status;
+			}
+
+			if (is_present) {
+				struct GROUP_POLICY_OBJECT *new_gpo;
+
+				status = gpo_copy(mem_ctx, gpo, &new_gpo);
+				if (!NT_STATUS_IS_OK(status)) {
+					return status;
+				}
+
+				DLIST_ADD(deleted_gpo_list_filtered, new_gpo);
+			}
 		}
-	}
 
-	if (!cse_found) {
-		goto no_ext;
-	}
+		for (gpo = changed_gpo_list; gpo; gpo = gpo->next) {
 
-	status = ext->methods->initialize(mem_ctx);
-	NT_STATUS_NOT_OK_RETURN(status);
+			bool is_present = false;
 
-	status = ext->methods->process_group_policy(mem_ctx,
-						    flags,
-						    root_key,
-						    token,
-						    gpo,
-						    extension_guid,
-						    snapin_guid);
-	if (!NT_STATUS_IS_OK(status)) {
-		ext->methods->shutdown();
-	}
+			status = gpext_check_gpo_for_gpext_presence(mem_ctx,
+								    flags,
+								    gpo,
+								    ext->guid,
+								    &is_present);
+			if (!NT_STATUS_IS_OK(status)) {
+				return status;
+			}
 
-	return status;
+			if (is_present) {
+				struct GROUP_POLICY_OBJECT *new_gpo;
 
- no_ext:
-	if (flags & GPO_INFO_FLAG_VERBOSE) {
-		DEBUG(0,("process_extension: no extension available for:\n"));
-		DEBUGADD(0,("%s (%s) (snapin: %s)\n",
-			extension_guid,
-			cse_gpo_guid_string_to_name(extension_guid),
-			snapin_guid));
+				status = gpo_copy(mem_ctx, gpo, &new_gpo);
+				if (!NT_STATUS_IS_OK(status)) {
+					return status;
+				}
+
+				DLIST_ADD(changed_gpo_list_filtered, new_gpo);
+			}
+		}
+
+		status = ext->methods->initialize(mem_ctx);
+		NT_STATUS_NOT_OK_RETURN(status);
+
+		status = ext->methods->process_group_policy(mem_ctx,
+							    flags,
+							    root_key,
+							    token,
+							    deleted_gpo_list_filtered,
+							    changed_gpo_list_filtered,
+							    extension_guid,
+							    snapin_guid);
+		if (!NT_STATUS_IS_OK(status)) {
+			ext->methods->shutdown();
+		}
 	}
 
-	return NT_STATUS_OK;
+	return status;
 }
diff --git a/libgpo/gpext/gpext.h b/libgpo/gpext/gpext.h
index c8024a25e8..767bd062b9 100644
--- a/libgpo/gpext/gpext.h
+++ b/libgpo/gpext/gpext.h
@@ -65,7 +65,8 @@ struct gp_extension_methods {
 					 uint32_t flags,
 					 struct registry_key *root_key,
 					 const struct security_token *token,
-					 struct GROUP_POLICY_OBJECT *gpo,
+					 struct GROUP_POLICY_OBJECT *deleted_gpo_list,
+					 struct GROUP_POLICY_OBJECT *changed_gpo_list,
 					 const char *extension_guid,
 					 const char *snapin_guid);
 
@@ -108,7 +109,8 @@ NTSTATUS gpext_process_extension(TALLOC_CTX *mem_ctx,
 				 uint32_t flags,
 				 const struct security_token *token,
 				 struct registry_key *root_key,
-				 struct GROUP_POLICY_OBJECT *gpo,
+				 const struct GROUP_POLICY_OBJECT *deleted_gpo_list,
+				 const struct GROUP_POLICY_OBJECT *changed_gpo_list,
 				 const char *extension_guid,
 				 const char *snapin_guid);
 
diff --git a/libgpo/gpo_util.c b/libgpo/gpo_util.c
index 88ebdc0d40..3edb4a59c7 100644
--- a/libgpo/gpo_util.c
+++ b/libgpo/gpo_util.c
@@ -467,7 +467,8 @@ static NTSTATUS gpo_process_a_gpo(TALLOC_CTX *mem_ctx,
 		}
 
 		ntstatus = gpext_process_extension(mem_ctx,
-						   flags, token, root_key, gpo,
+						   flags, token, root_key,
+						   NULL, gpo,
 						   gp_ext->extensions_guid[i],
 						   gp_ext->snapins_guid[i]);
 		if (!NT_STATUS_IS_OK(ntstatus)) {
diff --git a/source3/libgpo/gpext/registry.c b/source3/libgpo/gpext/registry.c
index ec6dcdf4c2..71e8308448 100644
--- a/source3/libgpo/gpext/registry.c
+++ b/source3/libgpo/gpext/registry.c
@@ -273,7 +273,8 @@ static NTSTATUS registry_process_group_policy(TALLOC_CTX *mem_ctx,
 					      uint32_t flags,
 					      struct registry_key *root_key,
 					      const struct security_token *token,
-					      struct GROUP_POLICY_OBJECT *gpo,
+					      struct GROUP_POLICY_OBJECT *deleted_gpo_list,
+					      struct GROUP_POLICY_OBJECT *changed_gpo_list,
 					      const char *extension_guid,
 					      const char *snapin_guid)
 {
@@ -282,32 +283,48 @@ static NTSTATUS registry_process_group_policy(TALLOC_CTX *mem_ctx,
 	struct gp_registry_entry *entries = NULL;
 	size_t num_entries = 0;
 	char *unix_path = NULL;
+	struct GROUP_POLICY_OBJECT *gpo;
 
-	gpext_debug_header(0, "registry_process_group_policy", flags, gpo,
-			   extension_guid, snapin_guid);
+	/* implementation of the policy callback function, see
+	 * http://msdn.microsoft.com/en-us/library/aa373494%28v=vs.85%29.aspx
+	 * for details - gd */
 
-	status = gpo_get_unix_path(mem_ctx, cache_path(GPO_CACHE_DIR), gpo, &unix_path);
-	NT_STATUS_NOT_OK_RETURN(status);
+	/* for now do not process the list of deleted group policies
 
-	status = reg_parse_registry(mem_ctx,
-				    flags,
-				    unix_path,
-				    &entries,
-				    &num_entries);
-	if (!NT_STATUS_IS_OK(status)) {
-		DEBUG(0,("failed to parse registry: %s\n",
-			nt_errstr(status)));
-		return status;
+	for (gpo = deleted_gpo_list; gpo; gpo = gpo->next) {
 	}
 
-	dump_reg_entries(flags, "READ", entries, num_entries);
+	*/
+
+	for (gpo = changed_gpo_list; gpo; gpo = gpo->next) {
 
-	werr = reg_apply_registry(mem_ctx, token, root_key, flags,
-				  entries, num_entries);
-	if (!W_ERROR_IS_OK(werr)) {
-		DEBUG(0,("failed to apply registry: %s\n",
-			win_errstr(werr)));
-		return werror_to_ntstatus(werr);
+		gpext_debug_header(0, "registry_process_group_policy", flags,
+				   gpo, extension_guid, snapin_guid);
+
+		status = gpo_get_unix_path(mem_ctx, cache_path(GPO_CACHE_DIR),
+					   gpo, &unix_path);
+		NT_STATUS_NOT_OK_RETURN(status);
+
+		status = reg_parse_registry(mem_ctx,
+					    flags,
+					    unix_path,
+					    &entries,
+					    &num_entries);
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(0,("failed to parse registry: %s\n",
+				nt_errstr(status)));
+			return status;
+		}
+
+		dump_reg_entries(flags, "READ", entries, num_entries);
+
+		werr = reg_apply_registry(mem_ctx, token, root_key, flags,
+					  entries, num_entries);
+		if (!W_ERROR_IS_OK(werr)) {
+			DEBUG(0,("failed to apply registry: %s\n",
+				win_errstr(werr)));
+			return werror_to_ntstatus(werr);
+		}
 	}
 
 	return NT_STATUS_OK;
diff --git a/source3/libgpo/gpext/scripts.c b/source3/libgpo/gpext/scripts.c
index 2ac11db310..18914cab3d 100644
--- a/source3/libgpo/gpext/scripts.c
+++ b/source3/libgpo/gpext/scripts.c
@@ -339,7 +339,8 @@ static NTSTATUS scripts_process_group_policy(TALLOC_CTX *mem_ctx,
 					     uint32_t flags,
 					     struct registry_key *root_key,
 					     const struct security_token *token,
-					     struct GROUP_POLICY_OBJECT *gpo,
+					     struct GROUP_POLICY_OBJECT *deleted_gpo_list,
+					     struct GROUP_POLICY_OBJECT *changed_gpo_list,
 					     const char *extension_guid,
 					     const char *snapin_guid)
 {
@@ -356,44 +357,61 @@ static NTSTATUS scripts_process_group_policy(TALLOC_CTX *mem_ctx,
 		GP_SCRIPTS_INI_LOGON,
 		GP_SCRIPTS_INI_LOGOFF
 	};
+	struct GROUP_POLICY_OBJECT *gpo;
 
-	gpext_debug_header(0, "scripts_process_group_policy", flags, gpo,
-			   extension_guid, snapin_guid);
+	/* implementation of the policy callback function, see
+	 * http://msdn.microsoft.com/en-us/library/aa373494%28v=vs.85%29.aspx
+	 * for details - gd */
 
-	status = gpo_get_unix_path(mem_ctx, cache_path(GPO_CACHE_DIR), gpo, &unix_path);
-	NT_STATUS_NOT_OK_RETURN(status);
+	/* for now do not process the list of deleted group policies
 
-	status = gp_inifile_init_context(mem_ctx, flags, unix_path,
-					 GP_SCRIPTS_INI, &ini_ctx);
-	NT_STATUS_NOT_OK_RETURN(status);
+	for (gpo = deleted_gpo_list; gpo; gpo = gpo->next) {
+	}
 
-	for (i = 0; i < ARRAY_SIZE(list); i++) {
+	*/
 
-		TALLOC_FREE(entries);
-		num_entries = 0;
+	for (gpo = changed_gpo_list; gpo; gpo = gpo->next) {
 
-		status = scripts_parse_ini_section(ini_ctx, flags, list[i],
-						   &entries, &num_entries);
-		if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
-			continue;
-		}
+		gpext_debug_header(0, "scripts_process_group_policy", flags,
+				   gpo, extension_guid, snapin_guid);
 
-		if (!NT_STATUS_IS_OK(status)) {
-			return status;
-		}
+		status = gpo_get_unix_path(mem_ctx, cache_path(GPO_CACHE_DIR),
+					   gpo, &unix_path);
+		NT_STATUS_NOT_OK_RETURN(status);
 
-		dump_reg_entries(flags, "READ", entries, num_entries);
+		status = gp_inifile_init_context(mem_ctx, flags, unix_path,
+						 GP_SCRIPTS_INI, &ini_ctx);
+		NT_STATUS_NOT_OK_RETURN(status);
 
-		werr = scripts_apply(ini_ctx->mem_ctx, token, root_key,
-				     flags, list[i], gpo, entries, num_entries);
-		if (!W_ERROR_IS_OK(werr)) {
-			continue; /* FIXME: finally fix storing emtpy strings and REG_QWORD! */
-			TALLOC_FREE(ini_ctx);
-			return werror_to_ntstatus(werr);
+		for (i = 0; i < ARRAY_SIZE(list); i++) {
+
+			TALLOC_FREE(entries);
+			num_entries = 0;
+
+			status = scripts_parse_ini_section(ini_ctx, flags, list[i],
+							   &entries, &num_entries);
+			if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
+				continue;
+			}
+
+			if (!NT_STATUS_IS_OK(status)) {
+				return status;
+			}
+
+			dump_reg_entries(flags, "READ", entries, num_entries);
+
+			werr = scripts_apply(ini_ctx->mem_ctx, token, root_key,
+					     flags, list[i], gpo, entries, num_entries);
+			if (!W_ERROR_IS_OK(werr)) {
+				continue; /* FIXME: finally fix storing emtpy strings and REG_QWORD! */
+				TALLOC_FREE(ini_ctx);
+				return werror_to_ntstatus(werr);
+			}
 		}
+
+		TALLOC_FREE(ini_ctx);
 	}
 
-	TALLOC_FREE(ini_ctx);
 	return NT_STATUS_OK;
 }
 
diff --git a/source3/libgpo/gpext/security.c b/source3/libgpo/gpext/security.c
index 8226491827..29d57aa4ea 100644
--- a/source3/libgpo/gpext/security.c
+++ b/source3/libgpo/gpext/security.c
@@ -144,33 +144,53 @@ static NTSTATUS security_process_group_policy(TALLOC_CTX *mem_ctx,
 					      uint32_t flags,
 					      struct registry_key *root_key,
 					      const struct security_token *token,
-					      struct GROUP_POLICY_OBJECT *gpo,
+					      struct GROUP_POLICY_OBJECT *deleted_gpo_list,
+					      struct GROUP_POLICY_OBJECT *changed_gpo_list,
 					      const char *extension_guid,
 					      const char *snapin_guid)
 {
 	NTSTATUS status;
 	char *unix_path = NULL;
 	struct gp_inifile_context *ini_ctx = NULL;
+	struct GROUP_POLICY_OBJECT *gpo;
 
-	gpext_debug_header(0, "security_process_group_policy", flags, gpo,
-			   extension_guid, snapin_guid);
+	/* implementation of the policy callback function, see
+	 * http://msdn.microsoft.com/en-us/library/aa373494%28v=vs.85%29.aspx
+	 * for details - gd */
 
-	/* this handler processes the gpttmpl files and merge output to the
-	 * registry */
+	/* for now do not process the list of deleted group policies
 
-	status = gpo_get_unix_path(mem_ctx, cache_path(GPO_CACHE_DIR), gpo, &unix_path);
-	if (!NT_STATUS_IS_OK(status)) {
-		goto out;
+	for (gpo = deleted_gpo_list; gpo; gpo = gpo->next) {
 	}
 
-	status = gpttmpl_init_context(mem_ctx, flags, unix_path, &ini_ctx);
-	if (!NT_STATUS_IS_OK(status)) {
-		goto out;
-	}
+	*/
 
-	status = gpttmpl_process(ini_ctx, root_key, flags);
-	if (!NT_STATUS_IS_OK(status)) {
-		goto out;
+	for (gpo = changed_gpo_list; gpo; gpo = gpo->next) {
+
+		gpext_debug_header(0, "security_process_group_policy", flags,
+				   gpo, extension_guid, snapin_guid);
+
+		/* this handler processes the gpttmpl files and merge output to the
+		 * registry */
+
+		status = gpo_get_unix_path(mem_ctx, cache_path(GPO_CACHE_DIR),
+					   gpo, &unix_path);
+		if (!NT_STATUS_IS_OK(status)) {
+			goto out;
+		}
+
+		status = gpttmpl_init_context(mem_ctx, flags, unix_path,
+					      &ini_ctx);
+		if (!NT_STATUS_IS_OK(status)) {
+			goto out;
+		}
+
+		status = gpttmpl_process(ini_ctx, root_key, flags);
+		if (!NT_STATUS_IS_OK(status)) {
+			goto out;
+		}
+
+		TALLOC_FREE(ini_ctx);
 	}
 
  out: