diff options
Diffstat (limited to 'libgpo')
-rw-r--r-- | libgpo/config.mk | 2 | ||||
-rw-r--r-- | libgpo/gpo.h | 12 | ||||
-rw-r--r-- | libgpo/gpo_fetch.c | 79 | ||||
-rw-r--r-- | libgpo/gpo_sec.c | 1 | ||||
-rw-r--r-- | libgpo/gpo_util.c | 90 |
5 files changed, 126 insertions, 58 deletions
diff --git a/libgpo/config.mk b/libgpo/config.mk index 9feb2f8a6d5..a9ad76c964a 100644 --- a/libgpo/config.mk +++ b/libgpo/config.mk @@ -3,4 +3,4 @@ PRIVATE_DEPENDENCIES = LIBLDB LIBSAMBA-NET LIBGPO_OBJ_FILES = ../libgpo/gpo_util.o ../libgpo/gpo_sec.o \ ../libgpo/gpext/gpext.o ../libgpo/gpo_fetch.o \ - $(libgpodir)/ads_convenience.o + $(libgpodir)/ads_convenience.o $(libgpodir)/gpo_filesync.o diff --git a/libgpo/gpo.h b/libgpo/gpo.h index 35adc9425b3..a8b5ad39344 100644 --- a/libgpo/gpo.h +++ b/libgpo/gpo.h @@ -176,8 +176,9 @@ NTSTATUS gpo_explode_filesyspath(TALLOC_CTX *mem_ctx, char **nt_path, char **unix_path); NTSTATUS gpo_fetch_files(TALLOC_CTX *mem_ctx, + ADS_STRUCT *ads, + struct loadparm_context *lp_ctx, const char *cache_path, - struct cli_state *cli, struct GROUP_POLICY_OBJECT *gpo); NTSTATUS gpo_get_sysvol_gpt_version(TALLOC_CTX *mem_ctx, const char *unix_path, @@ -255,18 +256,20 @@ ADS_STATUS gpo_process_gpo_list(ADS_STRUCT *ads, NTSTATUS check_refresh_gpo(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, const char *cache_path, + struct loadparm_context *lp_ctx, uint32_t flags, - struct GROUP_POLICY_OBJECT *gpo, - struct cli_state **cli_out); + struct GROUP_POLICY_OBJECT *gpo); NTSTATUS check_refresh_gpo_list(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, const char *cache_path, + struct loadparm_context *lp_ctx, uint32_t flags, struct GROUP_POLICY_OBJECT *gpo_list); NTSTATUS gpo_get_unix_path(TALLOC_CTX *mem_ctx, + const char *cache_path, struct GROUP_POLICY_OBJECT *gpo, char **unix_path); -char *gpo_flag_str(uint32_t flags); +char *gpo_flag_str(TALLOC_CTX *mem_ctx, uint32_t flags); NTSTATUS gp_find_file(TALLOC_CTX *mem_ctx, uint32_t flags, const char *filename, @@ -274,6 +277,7 @@ NTSTATUS gp_find_file(TALLOC_CTX *mem_ctx, const char **filename_out); ADS_STATUS gp_get_machine_token(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, + struct loadparm_context *lp_ctx, const char *dn, NT_USER_TOKEN **token); diff --git a/libgpo/gpo_fetch.c b/libgpo/gpo_fetch.c index ee3f28d1f3a..b6d50ad852c 100644 --- a/libgpo/gpo_fetch.c +++ b/libgpo/gpo_fetch.c @@ -21,6 +21,17 @@ #include "system/filesys.h" #include "../libgpo/gpo.h" +#if _SAMBA_BUILD_ == 4 +#include "param/param.h" +#include "libcli/resolve/resolve.h" +#include "../lib/tevent/tevent.h" +#include "libcli/libcli.h" +#include "libcli/raw/libcliraw.h" +#include "libcli/libcli_proto.h" +#include "libgpo/ads_convenience.h" +#include "libgpo/gpo.h" +#endif + /**************************************************************** explode the GPO CIFS URI into their components ****************************************************************/ @@ -118,24 +129,90 @@ static NTSTATUS gpo_prepare_local_store(TALLOC_CTX *mem_ctx, return NT_STATUS_OK; } +static NTSTATUS gpo_connect_server(ADS_STRUCT *ads, struct loadparm_context *lp_ctx, + const char *server, const char *service, void *ret_cli) +{ + NTSTATUS result; +#if _SAMBA_BUILD_ == 3 + struct cli_state *cli; + + + result = cli_full_connection(&cli, + global_myname(), + server, + NULL, 0, + service, "A:", + ads->auth.user_name, NULL, + ads->auth.password, + CLI_FULL_CONNECTION_USE_KERBEROS | + CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS, + Undefined, NULL); + if (!NT_STATUS_IS_OK(result)) { + DEBUG(10,("check_refresh_gpo: " + "failed to connect: %s\n", + nt_errstr(result))); + return result; + } + } + *(struct cli_state **) ret_cli = cli; +#else + struct smbcli_state *cli = NULL; + struct smbcli_options options; + struct smbcli_session_options session_options; + + lp_smbcli_options(lp_ctx, &options); + lp_smbcli_session_options(lp_ctx, &session_options); + + result = smbcli_full_connection(NULL, &cli, + server, + NULL, service, + NULL /*devtype*/, NULL /* socket options */, + ads->credentials, + lp_resolve_context(lp_ctx), + tevent_context_init(ads), + &options, + &session_options, + lp_iconv_convenience(lp_ctx), + lp_gensec_settings(ads, lp_ctx)); + if (!NT_STATUS_IS_OK(result)) { + DEBUG(10,("failed to connect: %s\n", + nt_errstr(result))); + return result; + } + *(struct smbcli_state **) ret_cli = cli; +#endif + return NT_STATUS_OK; +} + /**************************************************************** download a full GPO via CIFS ****************************************************************/ NTSTATUS gpo_fetch_files(TALLOC_CTX *mem_ctx, + ADS_STRUCT *ads, + struct loadparm_context *lp_ctx, const char *cache_path, - struct cli_state *cli, struct GROUP_POLICY_OBJECT *gpo) { NTSTATUS result; char *server, *service, *nt_path, *unix_path; char *nt_ini_path, *unix_ini_path; +#if _SAMBA_BUILD_ == 3 + struct cli_state *cli; +#else + struct smbcli_state *cli; +#endif + result = gpo_explode_filesyspath(mem_ctx, cache_path, gpo->file_sys_path, &server, &service, &nt_path, &unix_path); NT_STATUS_NOT_OK_RETURN(result); + + result = gpo_connect_server(ads, lp_ctx, server, service, &cli); + + result = gpo_prepare_local_store(mem_ctx, cache_path, unix_path); NT_STATUS_NOT_OK_RETURN(result); diff --git a/libgpo/gpo_sec.c b/libgpo/gpo_sec.c index 1bcfa1cbf1a..5547f1e0cb9 100644 --- a/libgpo/gpo_sec.c +++ b/libgpo/gpo_sec.c @@ -23,6 +23,7 @@ #include "libgpo/ads_convenience.h" #include "librpc/gen_ndr/security.h" #include "librpc/gen_ndr/ndr_misc.h" +#include "../libcli/security/secace.h" #include "../libgpo/gpo.h" #endif diff --git a/libgpo/gpo_util.c b/libgpo/gpo_util.c index 720db5a2e53..2dd7c496c82 100644 --- a/libgpo/gpo_util.c +++ b/libgpo/gpo_util.c @@ -16,17 +16,22 @@ * You should have received a copy of the GNU General Public License * along with this program; if not, see <http://www.gnu.org/licenses/>. */ - +#define TALLOC_DEPRECATED 1 #include "includes.h" #include "librpc/gen_ndr/ndr_misc.h" #if _SAMBA_BUILD_ == 4 +#include "system/filesys.h" +#include "auth/auth.h" #include "../libgpo/gpo.h" +#include "../lib/talloc/talloc.h" #include "source4/libgpo/ads_convenience.h" #endif #undef strdup +#if 0 #define DEFAULT_DOMAIN_POLICY "Default Domain Policy" #define DEFAULT_DOMAIN_CONTROLLERS_POLICY "Default Domain Controllers Policy" +#endif /* should we store a parsed guid ? */ struct gp_table { @@ -571,7 +576,7 @@ ADS_STATUS gpo_process_gpo_list(ADS_STRUCT *ads, } #endif if (!W_ERROR_IS_OK(werr)) { - gp_free_reg_ctx(reg_ctx); + talloc_free(reg_ctx); return ADS_ERROR_NT(werror_to_ntstatus(werr)); } @@ -606,7 +611,7 @@ ADS_STATUS gpo_process_gpo_list(ADS_STRUCT *ads, } done: - gp_free_reg_ctx(reg_ctx); + talloc_free(reg_ctx); talloc_free(root_key); free_gp_extensions(); @@ -622,9 +627,9 @@ ADS_STATUS gpo_process_gpo_list(ADS_STRUCT *ads, NTSTATUS check_refresh_gpo(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, const char *cache_path, + struct loadparm_context *lp_ctx, uint32_t flags, - struct GROUP_POLICY_OBJECT *gpo, - struct cli_state **cli_out) + struct GROUP_POLICY_OBJECT *gpo) { NTSTATUS result; char *server = NULL; @@ -633,7 +638,6 @@ NTSTATUS check_refresh_gpo(ADS_STRUCT *ads, char *unix_path = NULL; uint32_t sysvol_gpt_version = 0; char *display_name = NULL; - struct cli_state *cli = NULL; result = gpo_explode_filesyspath(mem_ctx, cache_path, gpo->file_sys_path, &server, &share, &nt_path, &unix_path); @@ -663,32 +667,7 @@ NTSTATUS check_refresh_gpo(ADS_STRUCT *ads, DEBUG(1,("check_refresh_gpo: need to refresh GPO\n")); -#if _SAMBA_BUILD == 3 - if (*cli_out == NULL) { - result = cli_full_connection(&cli, - global_myname(), - ads_get_ldap_server_name(ads), - /* server */ - NULL, 0, - share, "A:", - ads->auth.user_name, NULL, - ads->auth.password, - CLI_FULL_CONNECTION_USE_KERBEROS | - CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS, - Undefined, NULL); - if (!NT_STATUS_IS_OK(result)) { - DEBUG(10,("check_refresh_gpo: " - "failed to connect: %s\n", - nt_errstr(result))); - goto out; - } - *cli_out = cli; - } -#else - /* TODO Implement */ -#endif - - result = gpo_fetch_files(mem_ctx, cache_path, *cli_out, gpo); + result = gpo_fetch_files(mem_ctx, ads, lp_ctx, cache_path, gpo); if (!NT_STATUS_IS_OK(result)) { goto out; } @@ -735,11 +714,11 @@ NTSTATUS check_refresh_gpo(ADS_STRUCT *ads, NTSTATUS check_refresh_gpo_list(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, const char *cache_path, + struct loadparm_context *lp_ctx, uint32_t flags, struct GROUP_POLICY_OBJECT *gpo_list) { NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - struct cli_state *cli = NULL; struct GROUP_POLICY_OBJECT *gpo; if (!gpo_list) { @@ -748,7 +727,7 @@ NTSTATUS check_refresh_gpo_list(ADS_STRUCT *ads, for (gpo = gpo_list; gpo; gpo = gpo->next) { - result = check_refresh_gpo(ads, mem_ctx, cache_path, flags, gpo, &cli); + result = check_refresh_gpo(ads, mem_ctx, cache_path, lp_ctx, flags, gpo); if (!NT_STATUS_IS_OK(result)) { goto out; } @@ -757,9 +736,7 @@ NTSTATUS check_refresh_gpo_list(ADS_STRUCT *ads, result = NT_STATUS_OK; out: - if (cli) { - cli_shutdown(cli); - } + /* FIXME close cli connection */ return result; } @@ -768,45 +745,46 @@ NTSTATUS check_refresh_gpo_list(ADS_STRUCT *ads, ****************************************************************/ NTSTATUS gpo_get_unix_path(TALLOC_CTX *mem_ctx, + const char *cache_path, struct GROUP_POLICY_OBJECT *gpo, char **unix_path) { char *server, *share, *nt_path; - return gpo_explode_filesyspath(mem_ctx, gpo->file_sys_path, + return gpo_explode_filesyspath(mem_ctx, cache_path, gpo->file_sys_path, &server, &share, &nt_path, unix_path); } /**************************************************************** ****************************************************************/ -char *gpo_flag_str(uint32_t flags) +char *gpo_flag_str(TALLOC_CTX *ctx, uint32_t flags) { - fstring str = ""; + char *str = NULL; if (flags == 0) { return NULL; } if (flags & GPO_INFO_FLAG_SLOWLINK) - fstrcat(str, "GPO_INFO_FLAG_SLOWLINK "); + str = talloc_append_string(ctx, str, "GPO_INFO_FLAG_SLOWLINK "); if (flags & GPO_INFO_FLAG_VERBOSE) - fstrcat(str, "GPO_INFO_FLAG_VERBOSE "); + str = talloc_append_string(ctx, str, "GPO_INFO_FLAG_VERBOSE "); if (flags & GPO_INFO_FLAG_SAFEMODE_BOOT) - fstrcat(str, "GPO_INFO_FLAG_SAFEMODE_BOOT "); + str = talloc_append_string(ctx, str, "GPO_INFO_FLAG_SAFEMODE_BOOT "); if (flags & GPO_INFO_FLAG_NOCHANGES) - fstrcat(str, "GPO_INFO_FLAG_NOCHANGES "); + str = talloc_append_string(ctx, str, "GPO_INFO_FLAG_NOCHANGES "); if (flags & GPO_INFO_FLAG_MACHINE) - fstrcat(str, "GPO_INFO_FLAG_MACHINE "); + str = talloc_append_string(ctx, str, "GPO_INFO_FLAG_MACHINE "); if (flags & GPO_INFO_FLAG_LOGRSOP_TRANSITION) - fstrcat(str, "GPO_INFO_FLAG_LOGRSOP_TRANSITION "); + str = talloc_append_string(ctx, str, "GPO_INFO_FLAG_LOGRSOP_TRANSITION "); if (flags & GPO_INFO_FLAG_LINKTRANSITION) - fstrcat(str, "GPO_INFO_FLAG_LINKTRANSITION "); + str = talloc_append_string(ctx, str, "GPO_INFO_FLAG_LINKTRANSITION "); if (flags & GPO_INFO_FLAG_FORCED_REFRESH) - fstrcat(str, "GPO_INFO_FLAG_FORCED_REFRESH "); + str = talloc_append_string(ctx, str, "GPO_INFO_FLAG_FORCED_REFRESH "); if (flags & GPO_INFO_FLAG_BACKGROUND) - fstrcat(str, "GPO_INFO_FLAG_BACKGROUND "); + str = talloc_append_string(ctx, str, "GPO_INFO_FLAG_BACKGROUND "); - return strdup(str); + return str; } /**************************************************************** @@ -857,12 +835,17 @@ NTSTATUS gp_find_file(TALLOC_CTX *mem_ctx, ADS_STATUS gp_get_machine_token(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, + struct loadparm_context *lp_ctx, const char *dn, NT_USER_TOKEN **token) { NT_USER_TOKEN *ad_token = NULL; ADS_STATUS status; +#if _SAMBA_BUILD_ == 4 + struct auth_session_info *info; +#else NTSTATUS ntstatus; +#endif #ifndef HAVE_ADS return ADS_ERROR_NT(NT_STATUS_NOT_SUPPORTED); @@ -871,12 +854,15 @@ ADS_STATUS gp_get_machine_token(ADS_STRUCT *ads, if (!ADS_ERR_OK(status)) { return status; } - +#if _SAMBA_BUILD_ == 4 + info = system_session(mem_ctx, lp_ctx); + *token = info->security_token; +#else ntstatus = merge_nt_token(mem_ctx, ad_token, get_system_token(), token); if (!NT_STATUS_IS_OK(ntstatus)) { return ADS_ERROR_NT(ntstatus); } - +#endif return ADS_SUCCESS; } |