2007-08-14 18:47:08 +04:00
/*
2006-02-04 01:19:41 +03:00
* Unix SMB / CIFS implementation .
* Group Policy Object Support
2007-08-14 18:47:08 +04:00
* Copyright ( C ) Guenther Deschner 2005 - 2007
*
2006-02-04 01:19:41 +03:00
* This program is free software ; you can redistribute it and / or modify
* it under the terms of the GNU General Public License as published by
2007-07-09 23:25:36 +04:00
* the Free Software Foundation ; either version 3 of the License , or
2006-02-04 01:19:41 +03:00
* ( at your option ) any later version .
2007-08-14 18:47:08 +04:00
*
2006-02-04 01:19:41 +03:00
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU General Public License for more details .
2007-08-14 18:47:08 +04:00
*
2006-02-04 01:19:41 +03:00
* You should have received a copy of the GNU General Public License
2007-07-10 09:23:25 +04:00
* along with this program ; if not , see < http : //www.gnu.org/licenses/>.
2006-02-04 01:19:41 +03:00
*/
# include "includes.h"
# define DEFAULT_DOMAIN_POLICY "Default Domain Policy"
# define DEFAULT_DOMAIN_CONTROLLERS_POLICY "Default Domain Controllers Policy"
2006-09-22 13:07:31 +04:00
/* should we store a parsed guid ? */
2007-08-14 18:47:08 +04:00
struct gp_table {
2006-02-04 01:19:41 +03:00
const char * name ;
const char * guid_string ;
} ;
2006-09-22 14:09:15 +04:00
#if 0 /* unused */
2007-08-14 18:47:08 +04:00
static struct gp_table gpo_default_policy [ ] = {
{ DEFAULT_DOMAIN_POLICY ,
2006-02-04 01:19:41 +03:00
" 31B2F340-016D-11D2-945F-00C04FB984F9 " } ,
2007-08-14 18:47:08 +04:00
{ DEFAULT_DOMAIN_CONTROLLERS_POLICY ,
2006-02-04 01:19:41 +03:00
" 6AC1786C-016F-11D2-945F-00C04fB984F9 " } ,
{ NULL , NULL }
} ;
2006-09-22 14:09:15 +04:00
# endif
2006-02-04 01:19:41 +03:00
2007-08-14 18:47:08 +04:00
/* the following is seen in gPCMachineExtensionNames / gPCUserExtensionNames */
2006-02-04 01:19:41 +03:00
2007-08-14 18:47:08 +04:00
static struct gp_table gpo_cse_extensions [ ] = {
/* used to be "Administrative Templates Extension" */
/* "Registry Settings"
( http : //support.microsoft.com/kb/216357/EN-US/) */
{ " Registry Settings " ,
2007-09-26 01:41:57 +04:00
GP_EXT_GUID_REGISTRY } ,
2007-08-14 18:47:08 +04:00
{ " Microsoft Disc Quota " ,
2006-02-04 01:19:41 +03:00
" 3610EDA5-77EF-11D2-8DC5-00C04FA31A66 " } ,
2007-08-14 18:47:08 +04:00
{ " EFS recovery " ,
2006-02-04 01:19:41 +03:00
" B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A " } ,
2007-08-14 18:47:08 +04:00
{ " Folder Redirection " ,
2006-02-04 01:19:41 +03:00
" 25537BA6-77A8-11D2-9B6C-0000F8080861 " } ,
2007-08-14 18:47:08 +04:00
{ " IP Security " ,
2006-02-04 01:19:41 +03:00
" E437BC1C-AA7D-11D2-A382-00C04F991E27 " } ,
2007-08-14 18:47:08 +04:00
{ " Internet Explorer Branding " ,
2006-02-04 01:19:41 +03:00
" A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B " } ,
2007-08-14 18:47:08 +04:00
{ " QoS Packet Scheduler " ,
2006-02-04 01:19:41 +03:00
" 426031c0-0b47-4852-b0ca-ac3d37bfcb39 " } ,
2007-08-14 18:47:08 +04:00
{ " Scripts " ,
2007-09-26 01:41:57 +04:00
GP_EXT_GUID_SCRIPTS } ,
2007-08-14 18:47:08 +04:00
{ " Security " ,
2007-09-26 01:41:57 +04:00
GP_EXT_GUID_SECURITY } ,
2007-08-14 18:47:08 +04:00
{ " Software Installation " ,
2006-02-04 01:19:41 +03:00
" C6DC5466-785A-11D2-84D0-00C04FB169F7 " } ,
2007-08-14 18:47:08 +04:00
{ " Wireless Group Policy " ,
2006-02-04 01:19:41 +03:00
" 0ACDD40C-75AC-BAA0-BF6DE7E7FE63 " } ,
2007-08-14 18:47:08 +04:00
{ " Application Management " ,
" C6DC5466-785A-11D2-84D0-00C04FB169F7 " } ,
{ " unknown " ,
" 3060E8D0-7020-11D2-842D-00C04FA372D4 " } ,
2006-02-04 01:19:41 +03:00
{ NULL , NULL }
} ;
/* guess work */
2007-08-14 18:47:08 +04:00
static struct gp_table gpo_cse_snapin_extensions [ ] = {
{ " Administrative Templates " ,
" 0F6B957D-509E-11D1-A7CC-0000F87571E3 " } ,
{ " Certificates " ,
" 53D6AB1D-2488-11D1-A28C-00C04FB94F17 " } ,
{ " EFS recovery policy processing " ,
" B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A " } ,
{ " Folder Redirection policy processing " ,
" 25537BA6-77A8-11D2-9B6C-0000F8080861 " } ,
{ " Folder Redirection " ,
" 88E729D6-BDC1-11D1-BD2A-00C04FB9603F " } ,
{ " Registry policy processing " ,
" 35378EAC-683F-11D2-A89A-00C04FBBCFA2 " } ,
{ " Remote Installation Services " ,
" 3060E8CE-7020-11D2-842D-00C04FA372D4 " } ,
{ " Security Settings " ,
" 803E14A0-B4FB-11D0-A0D0-00A0C90F574B " } ,
{ " Security policy processing " ,
" 827D319E-6EAC-11D2-A4EA-00C04F79F83A " } ,
{ " unknown " ,
" 3060E8D0-7020-11D2-842D-00C04FA372D4 " } ,
{ " unknown2 " ,
" 53D6AB1B-2488-11D1-A28C-00C04FB94F17 " } ,
{ NULL , NULL }
2006-02-04 01:19:41 +03:00
} ;
2007-07-14 03:38:19 +04:00
/****************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2007-08-14 18:47:08 +04:00
static const char * name_to_guid_string ( const char * name ,
struct gp_table * table )
2006-02-04 01:19:41 +03:00
{
int i ;
for ( i = 0 ; table [ i ] . name ; i + + ) {
if ( strequal ( name , table [ i ] . name ) ) {
return table [ i ] . guid_string ;
}
}
2007-08-14 18:47:08 +04:00
2006-02-04 01:19:41 +03:00
return NULL ;
}
2007-07-14 03:38:19 +04:00
/****************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2007-08-14 18:47:08 +04:00
static const char * guid_string_to_name ( const char * guid_string ,
struct gp_table * table )
2006-02-04 01:19:41 +03:00
{
int i ;
for ( i = 0 ; table [ i ] . guid_string ; i + + ) {
if ( strequal ( guid_string , table [ i ] . guid_string ) ) {
return table [ i ] . name ;
}
}
2007-08-14 18:47:08 +04:00
2006-02-04 01:19:41 +03:00
return NULL ;
}
2007-07-14 03:38:19 +04:00
/****************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2007-08-14 18:47:08 +04:00
static const char * snapin_guid_string_to_name ( const char * guid_string ,
struct gp_table * table )
2006-09-22 14:09:15 +04:00
{
int i ;
for ( i = 0 ; table [ i ] . guid_string ; i + + ) {
if ( strequal ( guid_string , table [ i ] . guid_string ) ) {
return table [ i ] . name ;
}
}
return NULL ;
}
#if 0 /* unused */
2006-02-04 01:19:41 +03:00
static const char * default_gpo_name_to_guid_string ( const char * name )
{
return name_to_guid_string ( name , gpo_default_policy ) ;
}
static const char * default_gpo_guid_string_to_name ( const char * guid )
{
return guid_string_to_name ( guid , gpo_default_policy ) ;
}
2006-09-22 14:09:15 +04:00
# endif
2006-02-04 01:19:41 +03:00
2007-07-14 03:38:19 +04:00
/****************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2006-02-04 01:19:41 +03:00
const char * cse_gpo_guid_string_to_name ( const char * guid )
{
return guid_string_to_name ( guid , gpo_cse_extensions ) ;
}
2007-07-14 03:38:19 +04:00
/****************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
const char * cse_gpo_name_to_guid_string ( const char * name )
2006-02-04 01:19:41 +03:00
{
return name_to_guid_string ( name , gpo_cse_extensions ) ;
}
2007-07-14 03:38:19 +04:00
/****************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2006-02-04 01:19:41 +03:00
const char * cse_snapin_gpo_guid_string_to_name ( const char * guid )
{
2006-09-22 14:09:15 +04:00
return snapin_guid_string_to_name ( guid , gpo_cse_snapin_extensions ) ;
2006-02-04 01:19:41 +03:00
}
2007-07-14 03:38:19 +04:00
/****************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2006-09-29 21:15:45 +04:00
void dump_gp_ext ( struct GP_EXT * gp_ext , int debuglevel )
2006-02-04 01:19:41 +03:00
{
2006-09-29 21:15:45 +04:00
int lvl = debuglevel ;
2006-02-04 01:19:41 +03:00
int i ;
if ( gp_ext = = NULL ) {
return ;
}
2006-09-29 21:15:45 +04:00
DEBUG ( lvl , ( " \t --------------------- \n \n " ) ) ;
DEBUGADD ( lvl , ( " \t name: \t \t \t %s \n " , gp_ext - > gp_extension ) ) ;
2006-02-04 01:19:41 +03:00
for ( i = 0 ; i < gp_ext - > num_exts ; i + + ) {
2007-08-14 18:47:08 +04:00
DEBUGADD ( lvl , ( " \t extension: \t \t \t %s \n " ,
gp_ext - > extensions_guid [ i ] ) ) ;
DEBUGADD ( lvl , ( " \t extension (name): \t \t \t %s \n " ,
gp_ext - > extensions [ i ] ) ) ;
DEBUGADD ( lvl , ( " \t snapin: \t \t \t %s \n " ,
gp_ext - > snapins_guid [ i ] ) ) ;
DEBUGADD ( lvl , ( " \t snapin (name): \t \t \t %s \n " ,
gp_ext - > snapins [ i ] ) ) ;
2006-02-04 01:19:41 +03:00
}
}
2007-08-20 13:47:13 +04:00
# ifdef HAVE_LDAP
2007-07-14 03:38:19 +04:00
/****************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2007-08-14 18:47:08 +04:00
void dump_gpo ( ADS_STRUCT * ads ,
TALLOC_CTX * mem_ctx ,
struct GROUP_POLICY_OBJECT * gpo ,
int debuglevel )
2006-02-04 01:19:41 +03:00
{
2006-09-29 21:15:45 +04:00
int lvl = debuglevel ;
2006-02-04 01:19:41 +03:00
if ( gpo = = NULL ) {
return ;
}
DEBUG ( lvl , ( " --------------------- \n \n " ) ) ;
DEBUGADD ( lvl , ( " name: \t \t \t %s \n " , gpo - > name ) ) ;
DEBUGADD ( lvl , ( " displayname: \t \t %s \n " , gpo - > display_name ) ) ;
DEBUGADD ( lvl , ( " version: \t \t %d (0x%08x) \n " , gpo - > version , gpo - > version ) ) ;
2007-08-14 18:47:08 +04:00
DEBUGADD ( lvl , ( " version_user: \t \t %d (0x%04x) \n " ,
GPO_VERSION_USER ( gpo - > version ) ,
GPO_VERSION_USER ( gpo - > version ) ) ) ;
DEBUGADD ( lvl , ( " version_machine: \t %d (0x%04x) \n " ,
GPO_VERSION_MACHINE ( gpo - > version ) ,
GPO_VERSION_MACHINE ( gpo - > version ) ) ) ;
2006-02-04 01:19:41 +03:00
DEBUGADD ( lvl , ( " filesyspath: \t \t %s \n " , gpo - > file_sys_path ) ) ;
DEBUGADD ( lvl , ( " dspath: \t \t %s \n " , gpo - > ds_path ) ) ;
DEBUGADD ( lvl , ( " options: \t \t %d " , gpo - > options ) ) ;
2007-07-14 03:34:42 +04:00
switch ( gpo - > options ) {
case GPFLAGS_ALL_ENABLED :
DEBUGADD ( lvl , ( " GPFLAGS_ALL_ENABLED \n " ) ) ;
break ;
case GPFLAGS_USER_SETTINGS_DISABLED :
DEBUGADD ( lvl , ( " GPFLAGS_USER_SETTINGS_DISABLED \n " ) ) ;
break ;
case GPFLAGS_MACHINE_SETTINGS_DISABLED :
DEBUGADD ( lvl , ( " GPFLAGS_MACHINE_SETTINGS_DISABLED \n " ) ) ;
break ;
case GPFLAGS_ALL_DISABLED :
DEBUGADD ( lvl , ( " GPFLAGS_ALL_DISABLED \n " ) ) ;
break ;
default :
DEBUGADD ( lvl , ( " unknown option: %d \n " , gpo - > options ) ) ;
break ;
2006-02-04 01:19:41 +03:00
}
DEBUGADD ( lvl , ( " link: \t \t \t %s \n " , gpo - > link ) ) ;
DEBUGADD ( lvl , ( " link_type: \t \t %d " , gpo - > link_type ) ) ;
switch ( gpo - > link_type ) {
2007-07-09 19:48:17 +04:00
case GP_LINK_UNKOWN :
DEBUGADD ( lvl , ( " GP_LINK_UNKOWN \n " ) ) ;
break ;
case GP_LINK_OU :
DEBUGADD ( lvl , ( " GP_LINK_OU \n " ) ) ;
break ;
case GP_LINK_DOMAIN :
DEBUGADD ( lvl , ( " GP_LINK_DOMAIN \n " ) ) ;
break ;
case GP_LINK_SITE :
DEBUGADD ( lvl , ( " GP_LINK_SITE \n " ) ) ;
break ;
case GP_LINK_MACHINE :
DEBUGADD ( lvl , ( " GP_LINK_MACHINE \n " ) ) ;
break ;
default :
break ;
2006-02-04 01:19:41 +03:00
}
2007-07-09 19:48:17 +04:00
DEBUGADD ( lvl , ( " machine_extensions: \t %s \n " , gpo - > machine_extensions ) ) ;
2006-02-04 01:19:41 +03:00
if ( gpo - > machine_extensions ) {
2007-07-09 19:48:17 +04:00
struct GP_EXT * gp_ext = NULL ;
2006-02-04 01:19:41 +03:00
2007-08-14 18:47:08 +04:00
if ( ! ads_parse_gp_ext ( mem_ctx , gpo - > machine_extensions ,
& gp_ext ) ) {
2006-02-04 01:19:41 +03:00
return ;
}
2007-07-09 19:48:17 +04:00
dump_gp_ext ( gp_ext , lvl ) ;
2006-02-04 01:19:41 +03:00
}
2007-08-14 18:47:08 +04:00
2007-07-09 19:48:17 +04:00
DEBUGADD ( lvl , ( " user_extensions: \t %s \n " , gpo - > user_extensions ) ) ;
2006-02-04 01:19:41 +03:00
if ( gpo - > user_extensions ) {
2007-08-14 18:47:08 +04:00
2007-07-09 19:48:17 +04:00
struct GP_EXT * gp_ext = NULL ;
2007-08-14 18:47:08 +04:00
if ( ! ads_parse_gp_ext ( mem_ctx , gpo - > user_extensions ,
& gp_ext ) ) {
2006-02-04 01:19:41 +03:00
return ;
}
2007-07-09 19:48:17 +04:00
dump_gp_ext ( gp_ext , lvl ) ;
2006-02-04 01:19:41 +03:00
}
2007-07-14 03:38:19 +04:00
DEBUGADD ( lvl , ( " security descriptor: \n " ) ) ;
ads_disp_sd ( ads , mem_ctx , gpo - > security_descriptor ) ;
2007-01-08 17:16:42 +03:00
}
2006-02-04 01:19:41 +03:00
2007-07-09 19:48:17 +04:00
/****************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2007-08-14 18:47:08 +04:00
void dump_gpo_list ( ADS_STRUCT * ads ,
TALLOC_CTX * mem_ctx ,
struct GROUP_POLICY_OBJECT * gpo_list ,
2007-07-09 19:48:17 +04:00
int debuglevel )
{
struct GROUP_POLICY_OBJECT * gpo = NULL ;
for ( gpo = gpo_list ; gpo ; gpo = gpo - > next ) {
2007-07-14 03:38:19 +04:00
dump_gpo ( ads , mem_ctx , gpo , debuglevel ) ;
2007-07-09 19:48:17 +04:00
}
}
/****************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2006-02-04 01:19:41 +03:00
void dump_gplink ( ADS_STRUCT * ads , TALLOC_CTX * mem_ctx , struct GP_LINK * gp_link )
{
ADS_STATUS status ;
int i ;
int lvl = 10 ;
if ( gp_link = = NULL ) {
return ;
}
DEBUG ( lvl , ( " --------------------- \n \n " ) ) ;
DEBUGADD ( lvl , ( " gplink: %s \n " , gp_link - > gp_link ) ) ;
DEBUGADD ( lvl , ( " gpopts: %d " , gp_link - > gp_opts ) ) ;
switch ( gp_link - > gp_opts ) {
2007-07-09 19:48:17 +04:00
case GPOPTIONS_INHERIT :
DEBUGADD ( lvl , ( " GPOPTIONS_INHERIT \n " ) ) ;
break ;
case GPOPTIONS_BLOCK_INHERITANCE :
DEBUGADD ( lvl , ( " GPOPTIONS_BLOCK_INHERITANCE \n " ) ) ;
break ;
default :
break ;
2006-02-04 01:19:41 +03:00
}
DEBUGADD ( lvl , ( " num links: %d \n " , gp_link - > num_links ) ) ;
for ( i = 0 ; i < gp_link - > num_links ; i + + ) {
2007-08-14 18:47:08 +04:00
2006-02-04 01:19:41 +03:00
DEBUGADD ( lvl , ( " --------------------- \n \n " ) ) ;
2007-08-14 18:47:08 +04:00
2006-02-04 01:19:41 +03:00
DEBUGADD ( lvl , ( " link: #%d \n " , i + 1 ) ) ;
DEBUGADD ( lvl , ( " name: %s \n " , gp_link - > link_names [ i ] ) ) ;
DEBUGADD ( lvl , ( " opt: %d " , gp_link - > link_opts [ i ] ) ) ;
if ( gp_link - > link_opts [ i ] & GPO_LINK_OPT_ENFORCED ) {
DEBUGADD ( lvl , ( " GPO_LINK_OPT_ENFORCED " ) ) ;
}
if ( gp_link - > link_opts [ i ] & GPO_LINK_OPT_DISABLED ) {
DEBUGADD ( lvl , ( " GPO_LINK_OPT_DISABLED " ) ) ;
}
DEBUGADD ( lvl , ( " \n " ) ) ;
if ( ads ! = NULL & & mem_ctx ! = NULL ) {
struct GROUP_POLICY_OBJECT gpo ;
2007-08-14 18:47:08 +04:00
status = ads_get_gpo ( ads , mem_ctx ,
gp_link - > link_names [ i ] ,
NULL , NULL , & gpo ) ;
2006-02-04 01:19:41 +03:00
if ( ! ADS_ERR_OK ( status ) ) {
2007-08-14 18:47:08 +04:00
DEBUG ( lvl , ( " get gpo for %s failed: %s \n " ,
gp_link - > link_names [ i ] ,
ads_errstr ( status ) ) ) ;
2006-02-04 01:19:41 +03:00
return ;
}
2007-07-14 03:38:19 +04:00
dump_gpo ( ads , mem_ctx , & gpo , lvl ) ;
2006-02-04 01:19:41 +03:00
}
}
}
2007-08-20 13:47:13 +04:00
# endif /* HAVE_LDAP */
2007-07-09 19:48:17 +04:00
/****************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2007-08-14 18:47:08 +04:00
NTSTATUS process_extension ( ADS_STRUCT * ads ,
TALLOC_CTX * mem_ctx ,
uint32_t flags ,
const struct nt_user_token * token ,
struct GROUP_POLICY_OBJECT * gpo ,
const char * extension_guid ,
const char * snapin_guid )
2006-02-04 01:19:41 +03:00
{
2007-08-14 18:47:08 +04:00
DEBUG ( 0 , ( " process_extension: no extension available for: \n " ) ) ;
DEBUGADD ( 0 , ( " %s (%s) (snapin: %s) \n " ,
extension_guid ,
cse_gpo_guid_string_to_name ( extension_guid ) ,
snapin_guid ) ) ;
2006-02-04 01:19:41 +03:00
2007-08-14 18:47:08 +04:00
return NT_STATUS_OK ;
2006-02-04 01:19:41 +03:00
}
2007-07-09 19:48:17 +04:00
/****************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2006-02-04 01:19:41 +03:00
ADS_STATUS gpo_process_a_gpo ( ADS_STRUCT * ads ,
TALLOC_CTX * mem_ctx ,
2007-08-14 18:47:08 +04:00
const struct nt_user_token * token ,
2006-02-04 01:19:41 +03:00
struct GROUP_POLICY_OBJECT * gpo ,
2007-07-09 19:48:17 +04:00
const char * extension_guid_filter ,
2007-08-14 18:47:08 +04:00
uint32_t flags )
2006-02-04 01:19:41 +03:00
{
2007-07-09 19:48:17 +04:00
struct GP_EXT * gp_ext = NULL ;
2006-02-04 01:19:41 +03:00
int i ;
2007-08-14 18:47:08 +04:00
DEBUG ( 10 , ( " gpo_process_a_gpo: processing gpo %s (%s) \n " ,
gpo - > name , gpo - > display_name ) ) ;
if ( extension_guid_filter ) {
DEBUGADD ( 10 , ( " gpo_process_a_gpo: using filter %s \n " ,
extension_guid_filter ) ) ;
}
2006-02-04 01:19:41 +03:00
if ( flags & GPO_LIST_FLAG_MACHINE ) {
if ( gpo - > machine_extensions ) {
2007-08-14 18:47:08 +04:00
if ( ! ads_parse_gp_ext ( mem_ctx , gpo - > machine_extensions ,
& gp_ext ) ) {
2007-08-20 13:47:13 +04:00
return ADS_ERROR_NT ( NT_STATUS_INVALID_PARAMETER ) ;
2006-02-04 01:19:41 +03:00
}
} else {
/* nothing to apply */
2007-05-16 13:42:29 +04:00
return ADS_SUCCESS ;
2006-02-04 01:19:41 +03:00
}
2007-08-14 18:47:08 +04:00
2006-02-04 01:19:41 +03:00
} else {
if ( gpo - > user_extensions ) {
2007-08-14 18:47:08 +04:00
if ( ! ads_parse_gp_ext ( mem_ctx , gpo - > user_extensions ,
& gp_ext ) ) {
2007-08-20 13:47:13 +04:00
return ADS_ERROR_NT ( NT_STATUS_INVALID_PARAMETER ) ;
2006-02-04 01:19:41 +03:00
}
} else {
/* nothing to apply */
2007-05-16 13:42:29 +04:00
return ADS_SUCCESS ;
2006-02-04 01:19:41 +03:00
}
}
2007-07-09 19:48:17 +04:00
for ( i = 0 ; i < gp_ext - > num_exts ; i + + ) {
2006-02-04 01:19:41 +03:00
2007-08-14 18:47:08 +04:00
NTSTATUS ntstatus ;
if ( extension_guid_filter & &
! strequal ( extension_guid_filter ,
gp_ext - > extensions_guid [ i ] ) ) {
2006-02-04 01:19:41 +03:00
continue ;
}
2007-08-14 18:47:08 +04:00
ntstatus = process_extension ( ads , mem_ctx ,
flags , token , gpo ,
gp_ext - > extensions_guid [ i ] ,
gp_ext - > snapins_guid [ i ] ) ;
if ( ! NT_STATUS_IS_OK ( ntstatus ) ) {
ADS_ERROR_NT ( ntstatus ) ;
2006-02-04 01:19:41 +03:00
}
}
2007-05-16 13:42:29 +04:00
return ADS_SUCCESS ;
2006-02-04 01:19:41 +03:00
}
2007-07-09 19:48:17 +04:00
/****************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2006-02-04 01:19:41 +03:00
ADS_STATUS gpo_process_gpo_list ( ADS_STRUCT * ads ,
TALLOC_CTX * mem_ctx ,
2007-08-14 18:47:08 +04:00
const struct nt_user_token * token ,
2007-07-09 19:48:17 +04:00
struct GROUP_POLICY_OBJECT * gpo_list ,
2006-02-04 01:19:41 +03:00
const char * extensions_guid ,
2007-08-14 18:47:08 +04:00
uint32_t flags )
2006-02-04 01:19:41 +03:00
{
ADS_STATUS status ;
2007-07-09 19:48:17 +04:00
struct GROUP_POLICY_OBJECT * gpo ;
2006-02-04 01:19:41 +03:00
2007-08-14 18:47:08 +04:00
/* FIXME: ok, this is wrong, windows does process the extensions and
* hands the list of gpos to each extension and not process each gpo
* with all extensions ( this is how the extension can store the list
* gplist in the registry ) */
2007-07-09 19:48:17 +04:00
for ( gpo = gpo_list ; gpo ; gpo = gpo - > next ) {
2007-08-14 18:47:08 +04:00
status = gpo_process_a_gpo ( ads , mem_ctx , token , gpo ,
2006-02-04 01:19:41 +03:00
extensions_guid , flags ) ;
2007-08-14 18:47:08 +04:00
2006-02-04 01:19:41 +03:00
if ( ! ADS_ERR_OK ( status ) ) {
2007-08-14 18:47:08 +04:00
DEBUG ( 0 , ( " failed to process gpo: %s \n " ,
ads_errstr ( status ) ) ) ;
2006-02-04 01:19:41 +03:00
return status ;
}
}
2007-05-16 13:42:29 +04:00
return ADS_SUCCESS ;
2006-02-04 01:19:41 +03:00
}
2006-09-29 05:49:26 +04:00
/****************************************************************
check wether the version number in a GROUP_POLICY_OBJECT match those of the
locally stored version . If not , fetch the required policy via CIFS
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2007-08-14 18:47:08 +04:00
NTSTATUS check_refresh_gpo ( ADS_STRUCT * ads ,
2006-09-29 05:49:26 +04:00
TALLOC_CTX * mem_ctx ,
2007-08-14 18:47:08 +04:00
uint32_t flags ,
2006-09-29 05:49:26 +04:00
struct GROUP_POLICY_OBJECT * gpo ,
struct cli_state * * cli_out )
{
NTSTATUS result ;
2007-07-09 19:48:17 +04:00
char * server = NULL ;
char * share = NULL ;
char * nt_path = NULL ;
char * unix_path = NULL ;
2007-08-14 18:47:08 +04:00
uint32_t sysvol_gpt_version = 0 ;
2007-07-09 19:48:17 +04:00
char * display_name = NULL ;
2006-09-29 05:49:26 +04:00
struct cli_state * cli = NULL ;
2007-08-14 18:47:08 +04:00
result = gpo_explode_filesyspath ( mem_ctx , gpo - > file_sys_path ,
2007-07-09 19:48:17 +04:00
& server , & share , & nt_path , & unix_path ) ;
2006-09-29 05:49:26 +04:00
if ( ! NT_STATUS_IS_OK ( result ) ) {
goto out ;
}
2007-08-14 18:47:08 +04:00
result = gpo_get_sysvol_gpt_version ( mem_ctx ,
2007-07-09 19:48:17 +04:00
unix_path ,
& sysvol_gpt_version ,
& display_name ) ;
2007-08-14 18:47:08 +04:00
if ( ! NT_STATUS_IS_OK ( result ) & &
2006-09-29 05:49:26 +04:00
! NT_STATUS_EQUAL ( result , NT_STATUS_NO_SUCH_FILE ) ) {
2007-08-14 18:47:08 +04:00
DEBUG ( 10 , ( " check_refresh_gpo: "
" failed to get local gpt version: %s \n " ,
2006-09-29 05:49:26 +04:00
nt_errstr ( result ) ) ) ;
goto out ;
}
2007-08-14 18:47:08 +04:00
DEBUG ( 10 , ( " check_refresh_gpo: versions gpo %d sysvol %d \n " ,
gpo - > version , sysvol_gpt_version ) ) ;
/* FIXME: handle GPO_INFO_FLAG_FORCED_REFRESH from flags */
2006-09-29 05:49:26 +04:00
while ( gpo - > version > sysvol_gpt_version ) {
DEBUG ( 1 , ( " check_refresh_gpo: need to refresh GPO \n " ) ) ;
if ( * cli_out = = NULL ) {
2007-08-14 18:47:08 +04:00
result = cli_full_connection ( & cli ,
global_myname ( ) ,
ads - > config . ldap_server_name ,
/* server */
NULL , 0 ,
share , " A: " ,
ads - > auth . user_name , NULL ,
ads - > auth . password ,
CLI_FULL_CONNECTION_USE_KERBEROS ,
Undefined , NULL ) ;
2006-09-29 05:49:26 +04:00
if ( ! NT_STATUS_IS_OK ( result ) ) {
2007-08-14 18:47:08 +04:00
DEBUG ( 10 , ( " check_refresh_gpo: "
" failed to connect: %s \n " ,
nt_errstr ( result ) ) ) ;
2006-09-29 05:49:26 +04:00
goto out ;
}
* cli_out = cli ;
}
2007-07-09 19:48:17 +04:00
result = gpo_fetch_files ( mem_ctx , * cli_out , gpo ) ;
2006-09-29 05:49:26 +04:00
if ( ! NT_STATUS_IS_OK ( result ) ) {
goto out ;
}
2007-08-14 18:47:08 +04:00
result = gpo_get_sysvol_gpt_version ( mem_ctx ,
unix_path ,
2007-07-09 19:48:17 +04:00
& sysvol_gpt_version ,
2007-08-14 18:47:08 +04:00
& display_name ) ;
2006-09-29 05:49:26 +04:00
if ( ! NT_STATUS_IS_OK ( result ) ) {
2007-08-14 18:47:08 +04:00
DEBUG ( 10 , ( " check_refresh_gpo: "
" failed to get local gpt version: %s \n " ,
2006-09-29 05:49:26 +04:00
nt_errstr ( result ) ) ) ;
goto out ;
}
2007-08-14 18:47:08 +04:00
2006-09-29 05:49:26 +04:00
if ( gpo - > version = = sysvol_gpt_version ) {
break ;
}
2007-08-14 18:47:08 +04:00
}
DEBUG ( 10 , ( " Name: \t \t \t %s (%s) \n " , gpo - > display_name , gpo - > name ) ) ;
DEBUGADD ( 10 , ( " sysvol GPT version: \t %d (user: %d, machine: %d) \n " ,
sysvol_gpt_version ,
GPO_VERSION_USER ( sysvol_gpt_version ) ,
GPO_VERSION_MACHINE ( sysvol_gpt_version ) ) ) ;
DEBUGADD ( 10 , ( " LDAP GPO version: \t %d (user: %d, machine: %d) \n " ,
2006-09-29 05:49:26 +04:00
gpo - > version ,
GPO_VERSION_USER ( gpo - > version ) ,
GPO_VERSION_MACHINE ( gpo - > version ) ) ) ;
result = NT_STATUS_OK ;
out :
return result ;
}
/****************************************************************
check wether the version numbers in the gpo_list match the locally stored , if
not , go and get each required GPO via CIFS
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2007-08-14 18:47:08 +04:00
NTSTATUS check_refresh_gpo_list ( ADS_STRUCT * ads ,
TALLOC_CTX * mem_ctx ,
uint32_t flags ,
2006-09-29 05:49:26 +04:00
struct GROUP_POLICY_OBJECT * gpo_list )
{
NTSTATUS result = NT_STATUS_UNSUCCESSFUL ;
struct cli_state * cli = NULL ;
struct GROUP_POLICY_OBJECT * gpo ;
2007-07-09 19:48:17 +04:00
if ( ! gpo_list ) {
return NT_STATUS_INVALID_PARAMETER ;
}
2006-09-29 05:49:26 +04:00
for ( gpo = gpo_list ; gpo ; gpo = gpo - > next ) {
2007-08-14 18:47:08 +04:00
result = check_refresh_gpo ( ads , mem_ctx , flags , gpo , & cli ) ;
2006-09-29 05:49:26 +04:00
if ( ! NT_STATUS_IS_OK ( result ) ) {
goto out ;
}
}
result = NT_STATUS_OK ;
out :
if ( cli ) {
cli_shutdown ( cli ) ;
}
return result ;
}
2007-08-14 19:17:50 +04:00
/****************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2008-02-29 18:03:23 +03:00
char * gpo_flag_str ( uint32_t flags )
{
fstring str = " " ;
if ( flags = = 0 ) {
return NULL ;
}
if ( flags & GPO_INFO_FLAG_SLOWLINK )
fstrcat ( str , " GPO_INFO_FLAG_SLOWLINK " ) ;
if ( flags & GPO_INFO_FLAG_VERBOSE )
fstrcat ( str , " GPO_INFO_FLAG_VERBOSE " ) ;
if ( flags & GPO_INFO_FLAG_SAFEMODE_BOOT )
fstrcat ( str , " GPO_INFO_FLAG_SAFEMODE_BOOT " ) ;
if ( flags & GPO_INFO_FLAG_NOCHANGES )
fstrcat ( str , " GPO_INFO_FLAG_NOCHANGES " ) ;
if ( flags & GPO_INFO_FLAG_MACHINE )
fstrcat ( str , " GPO_INFO_FLAG_MACHINE " ) ;
if ( flags & GPO_INFO_FLAG_LOGRSOP_TRANSITION )
fstrcat ( str , " GPO_INFO_FLAG_LOGRSOP_TRANSITION " ) ;
if ( flags & GPO_INFO_FLAG_LINKTRANSITION )
fstrcat ( str , " GPO_INFO_FLAG_LINKTRANSITION " ) ;
if ( flags & GPO_INFO_FLAG_FORCED_REFRESH )
fstrcat ( str , " GPO_INFO_FLAG_FORCED_REFRESH " ) ;
if ( flags & GPO_INFO_FLAG_BACKGROUND )
fstrcat ( str , " GPO_INFO_FLAG_BACKGROUND " ) ;
return SMB_STRDUP ( str ) ;
}
/****************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2007-08-14 19:17:50 +04:00
NTSTATUS gp_find_file ( TALLOC_CTX * mem_ctx ,
uint32_t flags ,
const char * filename ,
const char * suffix ,
const char * * filename_out )
{
const char * tmp = NULL ;
SMB_STRUCT_STAT sbuf ;
const char * path = NULL ;
if ( flags & GPO_LIST_FLAG_MACHINE ) {
path = " Machine " ;
} else {
path = " User " ;
}
tmp = talloc_asprintf ( mem_ctx , " %s/%s/%s " , filename ,
path , suffix ) ;
NT_STATUS_HAVE_NO_MEMORY ( tmp ) ;
if ( sys_stat ( tmp , & sbuf ) = = 0 ) {
* filename_out = tmp ;
return NT_STATUS_OK ;
}
2007-11-24 19:27:54 +03:00
tmp = talloc_asprintf_strupper_m ( mem_ctx , " %s/%s/%s " , filename , path ,
suffix ) ;
2007-08-14 19:17:50 +04:00
NT_STATUS_HAVE_NO_MEMORY ( tmp ) ;
if ( sys_stat ( tmp , & sbuf ) = = 0 ) {
* filename_out = tmp ;
return NT_STATUS_OK ;
}
return NT_STATUS_NO_SUCH_FILE ;
}