summaryrefslogtreecommitdiffstats
path: root/libgpo
diff options
context:
space:
mode:
Diffstat (limited to 'libgpo')
-rw-r--r--libgpo/config.mk2
-rw-r--r--libgpo/gpo.h12
-rw-r--r--libgpo/gpo_fetch.c79
-rw-r--r--libgpo/gpo_sec.c1
-rw-r--r--libgpo/gpo_util.c90
5 files changed, 126 insertions, 58 deletions
diff --git a/libgpo/config.mk b/libgpo/config.mk
index 9feb2f8a6d5..a9ad76c964a 100644
--- a/libgpo/config.mk
+++ b/libgpo/config.mk
@@ -3,4 +3,4 @@ PRIVATE_DEPENDENCIES = LIBLDB LIBSAMBA-NET
LIBGPO_OBJ_FILES = ../libgpo/gpo_util.o ../libgpo/gpo_sec.o \
../libgpo/gpext/gpext.o ../libgpo/gpo_fetch.o \
- $(libgpodir)/ads_convenience.o
+ $(libgpodir)/ads_convenience.o $(libgpodir)/gpo_filesync.o
diff --git a/libgpo/gpo.h b/libgpo/gpo.h
index 35adc9425b3..a8b5ad39344 100644
--- a/libgpo/gpo.h
+++ b/libgpo/gpo.h
@@ -176,8 +176,9 @@ NTSTATUS gpo_explode_filesyspath(TALLOC_CTX *mem_ctx,
char **nt_path,
char **unix_path);
NTSTATUS gpo_fetch_files(TALLOC_CTX *mem_ctx,
+ ADS_STRUCT *ads,
+ struct loadparm_context *lp_ctx,
const char *cache_path,
- struct cli_state *cli,
struct GROUP_POLICY_OBJECT *gpo);
NTSTATUS gpo_get_sysvol_gpt_version(TALLOC_CTX *mem_ctx,
const char *unix_path,
@@ -255,18 +256,20 @@ ADS_STATUS gpo_process_gpo_list(ADS_STRUCT *ads,
NTSTATUS check_refresh_gpo(ADS_STRUCT *ads,
TALLOC_CTX *mem_ctx,
const char *cache_path,
+ struct loadparm_context *lp_ctx,
uint32_t flags,
- struct GROUP_POLICY_OBJECT *gpo,
- struct cli_state **cli_out);
+ struct GROUP_POLICY_OBJECT *gpo);
NTSTATUS check_refresh_gpo_list(ADS_STRUCT *ads,
TALLOC_CTX *mem_ctx,
const char *cache_path,
+ struct loadparm_context *lp_ctx,
uint32_t flags,
struct GROUP_POLICY_OBJECT *gpo_list);
NTSTATUS gpo_get_unix_path(TALLOC_CTX *mem_ctx,
+ const char *cache_path,
struct GROUP_POLICY_OBJECT *gpo,
char **unix_path);
-char *gpo_flag_str(uint32_t flags);
+char *gpo_flag_str(TALLOC_CTX *mem_ctx, uint32_t flags);
NTSTATUS gp_find_file(TALLOC_CTX *mem_ctx,
uint32_t flags,
const char *filename,
@@ -274,6 +277,7 @@ NTSTATUS gp_find_file(TALLOC_CTX *mem_ctx,
const char **filename_out);
ADS_STATUS gp_get_machine_token(ADS_STRUCT *ads,
TALLOC_CTX *mem_ctx,
+ struct loadparm_context *lp_ctx,
const char *dn,
NT_USER_TOKEN **token);
diff --git a/libgpo/gpo_fetch.c b/libgpo/gpo_fetch.c
index ee3f28d1f3a..b6d50ad852c 100644
--- a/libgpo/gpo_fetch.c
+++ b/libgpo/gpo_fetch.c
@@ -21,6 +21,17 @@
#include "system/filesys.h"
#include "../libgpo/gpo.h"
+#if _SAMBA_BUILD_ == 4
+#include "param/param.h"
+#include "libcli/resolve/resolve.h"
+#include "../lib/tevent/tevent.h"
+#include "libcli/libcli.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/libcli_proto.h"
+#include "libgpo/ads_convenience.h"
+#include "libgpo/gpo.h"
+#endif
+
/****************************************************************
explode the GPO CIFS URI into their components
****************************************************************/
@@ -118,24 +129,90 @@ static NTSTATUS gpo_prepare_local_store(TALLOC_CTX *mem_ctx,
return NT_STATUS_OK;
}
+static NTSTATUS gpo_connect_server(ADS_STRUCT *ads, struct loadparm_context *lp_ctx,
+ const char *server, const char *service, void *ret_cli)
+{
+ NTSTATUS result;
+#if _SAMBA_BUILD_ == 3
+ struct cli_state *cli;
+
+
+ result = cli_full_connection(&cli,
+ global_myname(),
+ server,
+ NULL, 0,
+ service, "A:",
+ ads->auth.user_name, NULL,
+ ads->auth.password,
+ CLI_FULL_CONNECTION_USE_KERBEROS |
+ CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS,
+ Undefined, NULL);
+ if (!NT_STATUS_IS_OK(result)) {
+ DEBUG(10,("check_refresh_gpo: "
+ "failed to connect: %s\n",
+ nt_errstr(result)));
+ return result;
+ }
+ }
+ *(struct cli_state **) ret_cli = cli;
+#else
+ struct smbcli_state *cli = NULL;
+ struct smbcli_options options;
+ struct smbcli_session_options session_options;
+
+ lp_smbcli_options(lp_ctx, &options);
+ lp_smbcli_session_options(lp_ctx, &session_options);
+
+ result = smbcli_full_connection(NULL, &cli,
+ server,
+ NULL, service,
+ NULL /*devtype*/, NULL /* socket options */,
+ ads->credentials,
+ lp_resolve_context(lp_ctx),
+ tevent_context_init(ads),
+ &options,
+ &session_options,
+ lp_iconv_convenience(lp_ctx),
+ lp_gensec_settings(ads, lp_ctx));
+ if (!NT_STATUS_IS_OK(result)) {
+ DEBUG(10,("failed to connect: %s\n",
+ nt_errstr(result)));
+ return result;
+ }
+ *(struct smbcli_state **) ret_cli = cli;
+#endif
+ return NT_STATUS_OK;
+}
+
/****************************************************************
download a full GPO via CIFS
****************************************************************/
NTSTATUS gpo_fetch_files(TALLOC_CTX *mem_ctx,
+ ADS_STRUCT *ads,
+ struct loadparm_context *lp_ctx,
const char *cache_path,
- struct cli_state *cli,
struct GROUP_POLICY_OBJECT *gpo)
{
NTSTATUS result;
char *server, *service, *nt_path, *unix_path;
char *nt_ini_path, *unix_ini_path;
+#if _SAMBA_BUILD_ == 3
+ struct cli_state *cli;
+#else
+ struct smbcli_state *cli;
+#endif
+
result = gpo_explode_filesyspath(mem_ctx, cache_path, gpo->file_sys_path,
&server, &service, &nt_path,
&unix_path);
NT_STATUS_NOT_OK_RETURN(result);
+
+ result = gpo_connect_server(ads, lp_ctx, server, service, &cli);
+
+
result = gpo_prepare_local_store(mem_ctx, cache_path, unix_path);
NT_STATUS_NOT_OK_RETURN(result);
diff --git a/libgpo/gpo_sec.c b/libgpo/gpo_sec.c
index 1bcfa1cbf1a..5547f1e0cb9 100644
--- a/libgpo/gpo_sec.c
+++ b/libgpo/gpo_sec.c
@@ -23,6 +23,7 @@
#include "libgpo/ads_convenience.h"
#include "librpc/gen_ndr/security.h"
#include "librpc/gen_ndr/ndr_misc.h"
+#include "../libcli/security/secace.h"
#include "../libgpo/gpo.h"
#endif
diff --git a/libgpo/gpo_util.c b/libgpo/gpo_util.c
index 720db5a2e53..2dd7c496c82 100644
--- a/libgpo/gpo_util.c
+++ b/libgpo/gpo_util.c
@@ -16,17 +16,22 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
-
+#define TALLOC_DEPRECATED 1
#include "includes.h"
#include "librpc/gen_ndr/ndr_misc.h"
#if _SAMBA_BUILD_ == 4
+#include "system/filesys.h"
+#include "auth/auth.h"
#include "../libgpo/gpo.h"
+#include "../lib/talloc/talloc.h"
#include "source4/libgpo/ads_convenience.h"
#endif
#undef strdup
+#if 0
#define DEFAULT_DOMAIN_POLICY "Default Domain Policy"
#define DEFAULT_DOMAIN_CONTROLLERS_POLICY "Default Domain Controllers Policy"
+#endif
/* should we store a parsed guid ? */
struct gp_table {
@@ -571,7 +576,7 @@ ADS_STATUS gpo_process_gpo_list(ADS_STRUCT *ads,
}
#endif
if (!W_ERROR_IS_OK(werr)) {
- gp_free_reg_ctx(reg_ctx);
+ talloc_free(reg_ctx);
return ADS_ERROR_NT(werror_to_ntstatus(werr));
}
@@ -606,7 +611,7 @@ ADS_STATUS gpo_process_gpo_list(ADS_STRUCT *ads,
}
done:
- gp_free_reg_ctx(reg_ctx);
+ talloc_free(reg_ctx);
talloc_free(root_key);
free_gp_extensions();
@@ -622,9 +627,9 @@ ADS_STATUS gpo_process_gpo_list(ADS_STRUCT *ads,
NTSTATUS check_refresh_gpo(ADS_STRUCT *ads,
TALLOC_CTX *mem_ctx,
const char *cache_path,
+ struct loadparm_context *lp_ctx,
uint32_t flags,
- struct GROUP_POLICY_OBJECT *gpo,
- struct cli_state **cli_out)
+ struct GROUP_POLICY_OBJECT *gpo)
{
NTSTATUS result;
char *server = NULL;
@@ -633,7 +638,6 @@ NTSTATUS check_refresh_gpo(ADS_STRUCT *ads,
char *unix_path = NULL;
uint32_t sysvol_gpt_version = 0;
char *display_name = NULL;
- struct cli_state *cli = NULL;
result = gpo_explode_filesyspath(mem_ctx, cache_path, gpo->file_sys_path,
&server, &share, &nt_path, &unix_path);
@@ -663,32 +667,7 @@ NTSTATUS check_refresh_gpo(ADS_STRUCT *ads,
DEBUG(1,("check_refresh_gpo: need to refresh GPO\n"));
-#if _SAMBA_BUILD == 3
- if (*cli_out == NULL) {
- result = cli_full_connection(&cli,
- global_myname(),
- ads_get_ldap_server_name(ads),
- /* server */
- NULL, 0,
- share, "A:",
- ads->auth.user_name, NULL,
- ads->auth.password,
- CLI_FULL_CONNECTION_USE_KERBEROS |
- CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS,
- Undefined, NULL);
- if (!NT_STATUS_IS_OK(result)) {
- DEBUG(10,("check_refresh_gpo: "
- "failed to connect: %s\n",
- nt_errstr(result)));
- goto out;
- }
- *cli_out = cli;
- }
-#else
- /* TODO Implement */
-#endif
-
- result = gpo_fetch_files(mem_ctx, cache_path, *cli_out, gpo);
+ result = gpo_fetch_files(mem_ctx, ads, lp_ctx, cache_path, gpo);
if (!NT_STATUS_IS_OK(result)) {
goto out;
}
@@ -735,11 +714,11 @@ NTSTATUS check_refresh_gpo(ADS_STRUCT *ads,
NTSTATUS check_refresh_gpo_list(ADS_STRUCT *ads,
TALLOC_CTX *mem_ctx,
const char *cache_path,
+ struct loadparm_context *lp_ctx,
uint32_t flags,
struct GROUP_POLICY_OBJECT *gpo_list)
{
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
- struct cli_state *cli = NULL;
struct GROUP_POLICY_OBJECT *gpo;
if (!gpo_list) {
@@ -748,7 +727,7 @@ NTSTATUS check_refresh_gpo_list(ADS_STRUCT *ads,
for (gpo = gpo_list; gpo; gpo = gpo->next) {
- result = check_refresh_gpo(ads, mem_ctx, cache_path, flags, gpo, &cli);
+ result = check_refresh_gpo(ads, mem_ctx, cache_path, lp_ctx, flags, gpo);
if (!NT_STATUS_IS_OK(result)) {
goto out;
}
@@ -757,9 +736,7 @@ NTSTATUS check_refresh_gpo_list(ADS_STRUCT *ads,
result = NT_STATUS_OK;
out:
- if (cli) {
- cli_shutdown(cli);
- }
+ /* FIXME close cli connection */
return result;
}
@@ -768,45 +745,46 @@ NTSTATUS check_refresh_gpo_list(ADS_STRUCT *ads,
****************************************************************/
NTSTATUS gpo_get_unix_path(TALLOC_CTX *mem_ctx,
+ const char *cache_path,
struct GROUP_POLICY_OBJECT *gpo,
char **unix_path)
{
char *server, *share, *nt_path;
- return gpo_explode_filesyspath(mem_ctx, gpo->file_sys_path,
+ return gpo_explode_filesyspath(mem_ctx, cache_path, gpo->file_sys_path,
&server, &share, &nt_path, unix_path);
}
/****************************************************************
****************************************************************/
-char *gpo_flag_str(uint32_t flags)
+char *gpo_flag_str(TALLOC_CTX *ctx, uint32_t flags)
{
- fstring str = "";
+ char *str = NULL;
if (flags == 0) {
return NULL;
}
if (flags & GPO_INFO_FLAG_SLOWLINK)
- fstrcat(str, "GPO_INFO_FLAG_SLOWLINK ");
+ str = talloc_append_string(ctx, str, "GPO_INFO_FLAG_SLOWLINK ");
if (flags & GPO_INFO_FLAG_VERBOSE)
- fstrcat(str, "GPO_INFO_FLAG_VERBOSE ");
+ str = talloc_append_string(ctx, str, "GPO_INFO_FLAG_VERBOSE ");
if (flags & GPO_INFO_FLAG_SAFEMODE_BOOT)
- fstrcat(str, "GPO_INFO_FLAG_SAFEMODE_BOOT ");
+ str = talloc_append_string(ctx, str, "GPO_INFO_FLAG_SAFEMODE_BOOT ");
if (flags & GPO_INFO_FLAG_NOCHANGES)
- fstrcat(str, "GPO_INFO_FLAG_NOCHANGES ");
+ str = talloc_append_string(ctx, str, "GPO_INFO_FLAG_NOCHANGES ");
if (flags & GPO_INFO_FLAG_MACHINE)
- fstrcat(str, "GPO_INFO_FLAG_MACHINE ");
+ str = talloc_append_string(ctx, str, "GPO_INFO_FLAG_MACHINE ");
if (flags & GPO_INFO_FLAG_LOGRSOP_TRANSITION)
- fstrcat(str, "GPO_INFO_FLAG_LOGRSOP_TRANSITION ");
+ str = talloc_append_string(ctx, str, "GPO_INFO_FLAG_LOGRSOP_TRANSITION ");
if (flags & GPO_INFO_FLAG_LINKTRANSITION)
- fstrcat(str, "GPO_INFO_FLAG_LINKTRANSITION ");
+ str = talloc_append_string(ctx, str, "GPO_INFO_FLAG_LINKTRANSITION ");
if (flags & GPO_INFO_FLAG_FORCED_REFRESH)
- fstrcat(str, "GPO_INFO_FLAG_FORCED_REFRESH ");
+ str = talloc_append_string(ctx, str, "GPO_INFO_FLAG_FORCED_REFRESH ");
if (flags & GPO_INFO_FLAG_BACKGROUND)
- fstrcat(str, "GPO_INFO_FLAG_BACKGROUND ");
+ str = talloc_append_string(ctx, str, "GPO_INFO_FLAG_BACKGROUND ");
- return strdup(str);
+ return str;
}
/****************************************************************
@@ -857,12 +835,17 @@ NTSTATUS gp_find_file(TALLOC_CTX *mem_ctx,
ADS_STATUS gp_get_machine_token(ADS_STRUCT *ads,
TALLOC_CTX *mem_ctx,
+ struct loadparm_context *lp_ctx,
const char *dn,
NT_USER_TOKEN **token)
{
NT_USER_TOKEN *ad_token = NULL;
ADS_STATUS status;
+#if _SAMBA_BUILD_ == 4
+ struct auth_session_info *info;
+#else
NTSTATUS ntstatus;
+#endif
#ifndef HAVE_ADS
return ADS_ERROR_NT(NT_STATUS_NOT_SUPPORTED);
@@ -871,12 +854,15 @@ ADS_STATUS gp_get_machine_token(ADS_STRUCT *ads,
if (!ADS_ERR_OK(status)) {
return status;
}
-
+#if _SAMBA_BUILD_ == 4
+ info = system_session(mem_ctx, lp_ctx);
+ *token = info->security_token;
+#else
ntstatus = merge_nt_token(mem_ctx, ad_token, get_system_token(),
token);
if (!NT_STATUS_IS_OK(ntstatus)) {
return ADS_ERROR_NT(ntstatus);
}
-
+#endif
return ADS_SUCCESS;
}