2007-08-14 15:17:50 +00:00
/*
2006-09-29 01:27:54 +00:00
* Unix SMB / CIFS implementation .
* Group Policy Object Support
* Copyright ( C ) Guenther Deschner 2005 - 2006
2007-08-14 15:17:50 +00:00
*
2006-09-29 01:27:54 +00:00
* This program is free software ; you can redistribute it and / or modify
* it under the terms of the GNU General Public License as published by
2007-07-09 19:25:36 +00:00
* the Free Software Foundation ; either version 3 of the License , or
2006-09-29 01:27:54 +00:00
* ( at your option ) any later version .
2007-08-14 15:17:50 +00:00
*
2006-09-29 01:27:54 +00:00
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU General Public License for more details .
2007-08-14 15:17:50 +00:00
*
2006-09-29 01:27:54 +00:00
* You should have received a copy of the GNU General Public License
2007-07-10 05:23:25 +00:00
* along with this program ; if not , see < http : //www.gnu.org/licenses/>.
2006-09-29 01:27:54 +00:00
*/
# include "includes.h"
2009-03-01 02:53:42 +01:00
# include "system/filesys.h"
# include "../libgpo/gpo.h"
2009-04-20 16:51:33 +02:00
# include "../libgpo/gpo_ini.h"
2006-09-29 01:27:54 +00:00
2009-03-15 04:40:12 +01:00
# if _SAMBA_BUILD_ == 4
# include "param/param.h"
# include "libcli/resolve/resolve.h"
# include "../lib/tevent/tevent.h"
# include "libcli/libcli.h"
# include "libcli/raw/libcliraw.h"
# include "libcli/libcli_proto.h"
# include "libgpo/ads_convenience.h"
2009-04-20 09:57:00 +02:00
# include "libgpo/gpo_s4.h"
2009-04-20 14:57:33 +02:00
# include "lib/util/util.h"
2009-03-15 04:40:12 +01:00
# endif
2006-09-29 01:27:54 +00:00
/****************************************************************
explode the GPO CIFS URI into their components
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2007-08-14 15:17:50 +00:00
NTSTATUS gpo_explode_filesyspath ( TALLOC_CTX * mem_ctx ,
2009-03-15 20:34:59 +01:00
const char * cache_dir ,
2007-08-14 15:17:50 +00:00
const char * file_sys_path ,
char * * server ,
char * * service ,
2007-07-09 15:48:17 +00:00
char * * nt_path ,
char * * unix_path )
2006-09-29 01:27:54 +00:00
{
2007-11-15 18:27:26 -08:00
char * path = NULL ;
2006-09-29 01:27:54 +00:00
* server = NULL ;
* service = NULL ;
* nt_path = NULL ;
* unix_path = NULL ;
2007-07-09 15:48:17 +00:00
if ( ! file_sys_path ) {
return NT_STATUS_OK ;
}
2007-12-07 17:32:32 -08:00
if ( ! next_token_talloc ( mem_ctx , & file_sys_path , server , " \\ " ) ) {
2006-09-29 01:27:54 +00:00
return NT_STATUS_INVALID_PARAMETER ;
}
2008-02-29 14:51:37 +01:00
NT_STATUS_HAVE_NO_MEMORY ( * server ) ;
2006-09-29 01:27:54 +00:00
2007-12-07 17:32:32 -08:00
if ( ! next_token_talloc ( mem_ctx , & file_sys_path , service , " \\ " ) ) {
2006-09-29 01:27:54 +00:00
return NT_STATUS_INVALID_PARAMETER ;
}
2008-02-29 14:51:37 +01:00
NT_STATUS_HAVE_NO_MEMORY ( * service ) ;
2006-09-29 01:27:54 +00:00
2007-08-14 15:17:50 +00:00
if ( ( * nt_path = talloc_asprintf ( mem_ctx , " \\ %s " , file_sys_path ) )
= = NULL ) {
2006-09-29 01:27:54 +00:00
return NT_STATUS_NO_MEMORY ;
}
2008-02-29 14:51:37 +01:00
NT_STATUS_HAVE_NO_MEMORY ( * nt_path ) ;
2006-09-29 01:27:54 +00:00
2007-11-15 18:27:26 -08:00
if ( ( path = talloc_asprintf ( mem_ctx ,
" %s/%s " ,
2009-03-15 20:34:59 +01:00
cache_dir ,
2007-11-15 18:27:26 -08:00
file_sys_path ) ) = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
2009-03-01 18:44:58 +01:00
# if _SAMBA_BUILD_ == 4
path = string_sub_talloc ( mem_ctx , path , " \\ " , " / " ) ;
# else
2007-11-15 18:27:26 -08:00
path = talloc_string_sub ( mem_ctx , path , " \\ " , " / " ) ;
2009-03-01 18:44:58 +01:00
# endif
2007-11-15 18:27:26 -08:00
if ( ! path ) {
return NT_STATUS_NO_MEMORY ;
}
2006-09-29 01:27:54 +00:00
2008-02-29 14:51:37 +01:00
* unix_path = talloc_strdup ( mem_ctx , path ) ;
NT_STATUS_HAVE_NO_MEMORY ( * unix_path ) ;
2006-09-29 01:27:54 +00:00
2009-03-01 02:53:42 +01:00
talloc_free ( path ) ;
2006-09-29 01:27:54 +00:00
return NT_STATUS_OK ;
}
/****************************************************************
prepare the local disc storage for " unix_path "
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2007-08-14 15:17:50 +00:00
static NTSTATUS gpo_prepare_local_store ( TALLOC_CTX * mem_ctx ,
2009-03-15 20:34:59 +01:00
const char * cache_dir ,
2007-07-09 15:48:17 +00:00
const char * unix_path )
2006-09-29 01:27:54 +00:00
{
char * current_dir ;
2007-12-07 17:32:32 -08:00
char * tok ;
2006-09-29 01:27:54 +00:00
2009-03-15 20:34:59 +01:00
current_dir = talloc_strdup ( mem_ctx , cache_dir ) ;
2006-09-29 01:27:54 +00:00
NT_STATUS_HAVE_NO_MEMORY ( current_dir ) ;
2009-03-15 20:34:59 +01:00
if ( ( mkdir ( cache_dir , 0644 ) ) < 0 & & errno ! = EEXIST ) {
2006-09-29 01:27:54 +00:00
return NT_STATUS_ACCESS_DENIED ;
}
2007-12-07 17:32:32 -08:00
while ( next_token_talloc ( mem_ctx , & unix_path , & tok , " / " ) ) {
2009-04-20 19:15:32 +02:00
if ( strequal ( tok , GPO_CACHE_DIR ) ) {
2006-09-29 01:27:54 +00:00
break ;
}
}
2007-12-07 17:32:32 -08:00
while ( next_token_talloc ( mem_ctx , & unix_path , & tok , " / " ) ) {
2007-09-14 17:42:10 +00:00
current_dir = talloc_asprintf_append_buffer ( current_dir , " /%s " , tok ) ;
2006-09-29 01:27:54 +00:00
NT_STATUS_HAVE_NO_MEMORY ( current_dir ) ;
if ( ( mkdir ( current_dir , 0644 ) ) < 0 & & errno ! = EEXIST ) {
return NT_STATUS_ACCESS_DENIED ;
}
}
return NT_STATUS_OK ;
}
2009-03-15 04:40:12 +01:00
static NTSTATUS gpo_connect_server ( ADS_STRUCT * ads , struct loadparm_context * lp_ctx ,
const char * server , const char * service , void * ret_cli )
{
NTSTATUS result ;
# if _SAMBA_BUILD_ == 3
struct cli_state * cli ;
result = cli_full_connection ( & cli ,
global_myname ( ) ,
server ,
NULL , 0 ,
service , " A: " ,
ads - > auth . user_name , NULL ,
ads - > auth . password ,
CLI_FULL_CONNECTION_USE_KERBEROS |
CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS ,
Undefined , NULL ) ;
if ( ! NT_STATUS_IS_OK ( result ) ) {
DEBUG ( 10 , ( " check_refresh_gpo: "
" failed to connect: %s \n " ,
nt_errstr ( result ) ) ) ;
2009-03-15 20:34:59 +01:00
return result ;
2009-03-15 04:40:12 +01:00
}
* ( struct cli_state * * ) ret_cli = cli ;
# else
struct smbcli_state * cli = NULL ;
struct smbcli_options options ;
struct smbcli_session_options session_options ;
lp_smbcli_options ( lp_ctx , & options ) ;
lp_smbcli_session_options ( lp_ctx , & session_options ) ;
result = smbcli_full_connection ( NULL , & cli ,
server ,
NULL , service ,
NULL /*devtype*/ , NULL /* socket options */ ,
ads - > credentials ,
lp_resolve_context ( lp_ctx ) ,
tevent_context_init ( ads ) ,
& options ,
& session_options ,
lp_iconv_convenience ( lp_ctx ) ,
lp_gensec_settings ( ads , lp_ctx ) ) ;
if ( ! NT_STATUS_IS_OK ( result ) ) {
DEBUG ( 10 , ( " failed to connect: %s \n " ,
nt_errstr ( result ) ) ) ;
return result ;
}
* ( struct smbcli_state * * ) ret_cli = cli ;
# endif
return NT_STATUS_OK ;
}
2006-09-29 01:27:54 +00:00
/****************************************************************
download a full GPO via CIFS
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2007-08-14 15:17:50 +00:00
NTSTATUS gpo_fetch_files ( TALLOC_CTX * mem_ctx ,
2009-03-15 04:40:12 +01:00
ADS_STRUCT * ads ,
struct loadparm_context * lp_ctx ,
2009-03-15 20:34:59 +01:00
const char * cache_dir ,
2007-07-09 15:48:17 +00:00
struct GROUP_POLICY_OBJECT * gpo )
2006-09-29 01:27:54 +00:00
{
NTSTATUS result ;
2007-08-14 15:17:50 +00:00
char * server , * service , * nt_path , * unix_path ;
char * nt_ini_path , * unix_ini_path ;
2009-03-15 04:40:12 +01:00
# if _SAMBA_BUILD_ == 3
struct cli_state * cli ;
# else
struct smbcli_state * cli ;
# endif
2006-09-29 01:27:54 +00:00
2009-03-15 20:34:59 +01:00
result = gpo_explode_filesyspath ( mem_ctx , cache_dir , gpo - > file_sys_path ,
2007-08-14 15:17:50 +00:00
& server , & service , & nt_path ,
& unix_path ) ;
2008-02-29 14:51:37 +01:00
NT_STATUS_NOT_OK_RETURN ( result ) ;
2006-09-29 01:27:54 +00:00
2009-03-15 04:40:12 +01:00
result = gpo_connect_server ( ads , lp_ctx , server , service , & cli ) ;
2009-04-20 19:15:32 +02:00
NT_STATUS_NOT_OK_RETURN ( result ) ;
2009-03-15 04:40:12 +01:00
2009-03-15 20:34:59 +01:00
result = gpo_prepare_local_store ( mem_ctx , cache_dir , unix_path ) ;
2008-02-29 14:51:37 +01:00
NT_STATUS_NOT_OK_RETURN ( result ) ;
2006-09-29 01:27:54 +00:00
unix_ini_path = talloc_asprintf ( mem_ctx , " %s/%s " , unix_path , GPT_INI ) ;
nt_ini_path = talloc_asprintf ( mem_ctx , " %s \\ %s " , nt_path , GPT_INI ) ;
2008-02-29 14:51:37 +01:00
NT_STATUS_HAVE_NO_MEMORY ( unix_ini_path ) ;
NT_STATUS_HAVE_NO_MEMORY ( nt_ini_path ) ;
2006-09-29 01:27:54 +00:00
2006-09-29 16:36:03 +00:00
result = gpo_copy_file ( mem_ctx , cli , nt_ini_path , unix_ini_path ) ;
2008-02-29 14:51:37 +01:00
NT_STATUS_NOT_OK_RETURN ( result ) ;
2006-09-29 01:27:54 +00:00
2006-09-29 16:36:03 +00:00
result = gpo_sync_directories ( mem_ctx , cli , nt_path , unix_path ) ;
2008-02-29 14:51:37 +01:00
NT_STATUS_NOT_OK_RETURN ( result ) ;
2006-09-29 01:27:54 +00:00
2008-02-29 14:51:37 +01:00
return NT_STATUS_OK ;
2006-09-29 01:27:54 +00:00
}
/****************************************************************
get the locally stored gpt . ini version number
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2007-08-14 15:17:50 +00:00
NTSTATUS gpo_get_sysvol_gpt_version ( TALLOC_CTX * mem_ctx ,
const char * unix_path ,
uint32_t * sysvol_version ,
2007-07-09 15:48:17 +00:00
char * * display_name )
2006-09-29 01:27:54 +00:00
{
NTSTATUS status ;
2007-08-14 15:17:50 +00:00
uint32_t version = 0 ;
2006-09-29 01:27:54 +00:00
char * local_path = NULL ;
char * name = NULL ;
2007-07-09 15:48:17 +00:00
if ( ! unix_path ) {
return NT_STATUS_OK ;
}
2006-09-29 01:27:54 +00:00
local_path = talloc_asprintf ( mem_ctx , " %s/%s " , unix_path , GPT_INI ) ;
NT_STATUS_HAVE_NO_MEMORY ( local_path ) ;
status = parse_gpt_ini ( mem_ctx , local_path , & version , & name ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2007-08-14 15:17:50 +00:00
DEBUG ( 10 , ( " gpo_get_sysvol_gpt_version: "
" failed to parse ini [%s]: %s \n " ,
2007-07-17 08:14:45 +00:00
local_path , nt_errstr ( status ) ) ) ;
2006-09-29 01:27:54 +00:00
return status ;
}
if ( sysvol_version ) {
* sysvol_version = version ;
}
if ( name & & * display_name ) {
* display_name = talloc_strdup ( mem_ctx , name ) ;
2007-04-23 10:04:15 +00:00
NT_STATUS_HAVE_NO_MEMORY ( * display_name ) ;
2006-09-29 01:27:54 +00:00
}
return NT_STATUS_OK ;
}