mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
r24413: Minor edits for libgpo.
Guenther
(This used to be commit 5dc791f4cf)
This commit is contained in:
Günther Deschner
Gerald (Jerry) Carter
parent
2da44a2dee
commit
444fd1e848
@ -1,23 +1,22 @@
|
||||
/*
|
||||
/*
|
||||
* Unix SMB/CIFS implementation.
|
||||
* Group Policy Object Support
|
||||
* Copyright (C) Guenther Deschner 2005
|
||||
*
|
||||
* Copyright (C) Guenther Deschner 2005-2007
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
|
||||
enum GPO_LINK_TYPE {
|
||||
GP_LINK_UNKOWN = 0,
|
||||
GP_LINK_MACHINE = 1,
|
||||
@ -38,8 +37,8 @@ enum GPO_LINK_TYPE {
|
||||
#define GPO_VERSION_MACHINE(x) (x & 0xffff)
|
||||
|
||||
struct GROUP_POLICY_OBJECT {
|
||||
uint32 options; /* GPFLAGS_* */
|
||||
uint32 version;
|
||||
uint32_t options; /* GPFLAGS_* */
|
||||
uint32_t version;
|
||||
const char *ds_path;
|
||||
const char *file_sys_path;
|
||||
const char *display_name;
|
||||
@ -76,15 +75,15 @@ enum GPO_INHERIT {
|
||||
|
||||
struct GP_LINK {
|
||||
const char *gp_link; /* raw link name */
|
||||
uint32 gp_opts; /* inheritance options GPO_INHERIT */
|
||||
uint32 num_links; /* number of links */
|
||||
uint32_t gp_opts; /* inheritance options GPO_INHERIT */
|
||||
uint32_t num_links; /* number of links */
|
||||
char **link_names; /* array of parsed link names */
|
||||
uint32 *link_opts; /* array of parsed link opts GPO_LINK_OPT_* */
|
||||
uint32_t *link_opts; /* array of parsed link opts GPO_LINK_OPT_* */
|
||||
};
|
||||
|
||||
struct GP_EXT {
|
||||
const char *gp_extension; /* raw extension name */
|
||||
uint32 num_exts;
|
||||
uint32_t num_exts;
|
||||
char **extensions;
|
||||
char **extensions_guid;
|
||||
char **snapins;
|
||||
@ -93,3 +92,7 @@ struct GP_EXT {
|
||||
|
||||
#define GPO_CACHE_DIR "gpo_cache"
|
||||
#define GPT_INI "GPT.INI"
|
||||
|
||||
#define GP_EXT_SECURITY "827D319E-6EAC-11D2-A4EA-00C04F79F83A"
|
||||
#define GP_EXT_REGISTRY "35378EAC-683F-11D2-A89A-00C04FBBCFA2"
|
||||
#define GP_EXT_SCRIPTS "42B5FAAE-6536-11D2-AE5A-0000F87571E3"
|
||||
|
||||
@ -25,13 +25,13 @@
|
||||
parse the raw extension string into a GP_EXT structure
|
||||
****************************************************************/
|
||||
|
||||
ADS_STATUS ads_parse_gp_ext(TALLOC_CTX *mem_ctx,
|
||||
const char *extension_raw,
|
||||
struct GP_EXT **gp_ext)
|
||||
BOOL ads_parse_gp_ext(TALLOC_CTX *mem_ctx,
|
||||
const char *extension_raw,
|
||||
struct GP_EXT **gp_ext)
|
||||
{
|
||||
ADS_STATUS status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
|
||||
BOOL ret = False;
|
||||
struct GP_EXT *ext = NULL;
|
||||
char **ext_list;
|
||||
char **ext_list = NULL;
|
||||
char **ext_strings = NULL;
|
||||
int i;
|
||||
|
||||
@ -47,7 +47,7 @@ ADS_STATUS ads_parse_gp_ext(TALLOC_CTX *mem_ctx,
|
||||
}
|
||||
|
||||
ext_list = str_list_make_talloc(mem_ctx, extension_raw, "]");
|
||||
if (ext_list == NULL) {
|
||||
if (!ext_list) {
|
||||
goto parse_error;
|
||||
}
|
||||
|
||||
@ -56,24 +56,23 @@ ADS_STATUS ads_parse_gp_ext(TALLOC_CTX *mem_ctx,
|
||||
}
|
||||
|
||||
ext->num_exts = i;
|
||||
|
||||
|
||||
if (ext->num_exts) {
|
||||
ext->extensions = TALLOC_ZERO_ARRAY(mem_ctx, char *, ext->num_exts);
|
||||
ext->extensions_guid = TALLOC_ZERO_ARRAY(mem_ctx, char *, ext->num_exts);
|
||||
ext->snapins = TALLOC_ZERO_ARRAY(mem_ctx, char *, ext->num_exts);
|
||||
ext->snapins_guid = TALLOC_ZERO_ARRAY(mem_ctx, char *, ext->num_exts);
|
||||
} else {
|
||||
ext->extensions = NULL;
|
||||
ext->extensions_guid = NULL;
|
||||
ext->snapins = NULL;
|
||||
ext->snapins_guid = NULL;
|
||||
ext->extensions = TALLOC_ZERO_ARRAY(mem_ctx, char *,
|
||||
ext->num_exts);
|
||||
ext->extensions_guid = TALLOC_ZERO_ARRAY(mem_ctx, char *,
|
||||
ext->num_exts);
|
||||
ext->snapins = TALLOC_ZERO_ARRAY(mem_ctx, char *,
|
||||
ext->num_exts);
|
||||
ext->snapins_guid = TALLOC_ZERO_ARRAY(mem_ctx, char *,
|
||||
ext->num_exts);
|
||||
}
|
||||
|
||||
ext->gp_extension = talloc_strdup(mem_ctx, extension_raw);
|
||||
|
||||
if (ext->extensions == NULL || ext->extensions_guid == NULL ||
|
||||
ext->snapins == NULL || ext->snapins_guid == NULL ||
|
||||
ext->gp_extension == NULL) {
|
||||
if (!ext->extensions || !ext->extensions_guid ||
|
||||
!ext->snapins || !ext->snapins_guid ||
|
||||
!ext->gp_extension) {
|
||||
goto parse_error;
|
||||
}
|
||||
|
||||
@ -81,7 +80,7 @@ ADS_STATUS ads_parse_gp_ext(TALLOC_CTX *mem_ctx,
|
||||
|
||||
int k;
|
||||
char *p, *q;
|
||||
|
||||
|
||||
DEBUGADD(10,("extension #%d\n", i));
|
||||
|
||||
p = ext_list[i];
|
||||
@ -105,14 +104,15 @@ ADS_STATUS ads_parse_gp_ext(TALLOC_CTX *mem_ctx,
|
||||
q++;
|
||||
}
|
||||
|
||||
ext->extensions[i] = talloc_strdup(mem_ctx, cse_gpo_guid_string_to_name(q));
|
||||
ext->extensions[i] = talloc_strdup(mem_ctx,
|
||||
cse_gpo_guid_string_to_name(q));
|
||||
ext->extensions_guid[i] = talloc_strdup(mem_ctx, q);
|
||||
|
||||
/* we might have no name for the guid */
|
||||
if (ext->extensions_guid[i] == NULL) {
|
||||
goto parse_error;
|
||||
}
|
||||
|
||||
|
||||
for (k = 1; ext_strings[k] != NULL; k++) {
|
||||
|
||||
char *m = ext_strings[k];
|
||||
@ -121,8 +121,10 @@ ADS_STATUS ads_parse_gp_ext(TALLOC_CTX *mem_ctx,
|
||||
m++;
|
||||
}
|
||||
|
||||
/* FIXME: theoretically there could be more than one snapin per extension */
|
||||
ext->snapins[i] = talloc_strdup(mem_ctx, cse_snapin_gpo_guid_string_to_name(m));
|
||||
/* FIXME: theoretically there could be more than one
|
||||
* snapin per extension */
|
||||
ext->snapins[i] = talloc_strdup(mem_ctx,
|
||||
cse_snapin_gpo_guid_string_to_name(m));
|
||||
ext->snapins_guid[i] = talloc_strdup(mem_ctx, m);
|
||||
|
||||
/* we might have no name for the guid */
|
||||
@ -134,35 +136,38 @@ ADS_STATUS ads_parse_gp_ext(TALLOC_CTX *mem_ctx,
|
||||
|
||||
*gp_ext = ext;
|
||||
|
||||
status = ADS_ERROR_NT(NT_STATUS_OK);
|
||||
ret = True;
|
||||
|
||||
parse_error:
|
||||
parse_error:
|
||||
if (ext_list) {
|
||||
str_list_free_talloc(mem_ctx, &ext_list);
|
||||
str_list_free_talloc(mem_ctx, &ext_list);
|
||||
}
|
||||
if (ext_strings) {
|
||||
str_list_free_talloc(mem_ctx, &ext_strings);
|
||||
str_list_free_talloc(mem_ctx, &ext_strings);
|
||||
}
|
||||
|
||||
return status;
|
||||
return ret;
|
||||
}
|
||||
|
||||
/****************************************************************
|
||||
parse the raw link string into a GP_LINK structure
|
||||
****************************************************************/
|
||||
|
||||
static ADS_STATUS gpo_parse_gplink(TALLOC_CTX *mem_ctx,
|
||||
static ADS_STATUS gpo_parse_gplink(TALLOC_CTX *mem_ctx,
|
||||
const char *gp_link_raw,
|
||||
uint32 options,
|
||||
uint32_t options,
|
||||
struct GP_LINK *gp_link)
|
||||
{
|
||||
ADS_STATUS status = ADS_ERROR(LDAP_NO_MEMORY);
|
||||
char **link_list;
|
||||
int i;
|
||||
|
||||
|
||||
ZERO_STRUCTP(gp_link);
|
||||
|
||||
DEBUG(10,("gpo_parse_gplink: gPLink: %s\n", gp_link_raw));
|
||||
|
||||
link_list = str_list_make_talloc(mem_ctx, gp_link_raw, "]");
|
||||
if (link_list == NULL) {
|
||||
if (!link_list) {
|
||||
goto parse_error;
|
||||
}
|
||||
|
||||
@ -172,18 +177,17 @@ static ADS_STATUS gpo_parse_gplink(TALLOC_CTX *mem_ctx,
|
||||
|
||||
gp_link->gp_opts = options;
|
||||
gp_link->num_links = i;
|
||||
|
||||
|
||||
if (gp_link->num_links) {
|
||||
gp_link->link_names = TALLOC_ZERO_ARRAY(mem_ctx, char *, gp_link->num_links);
|
||||
gp_link->link_opts = TALLOC_ZERO_ARRAY(mem_ctx, uint32, gp_link->num_links);
|
||||
} else {
|
||||
gp_link->link_names = NULL;
|
||||
gp_link->link_opts = NULL;
|
||||
gp_link->link_names = TALLOC_ZERO_ARRAY(mem_ctx, char *,
|
||||
gp_link->num_links);
|
||||
gp_link->link_opts = TALLOC_ZERO_ARRAY(mem_ctx, uint32_t,
|
||||
gp_link->num_links);
|
||||
}
|
||||
|
||||
|
||||
gp_link->gp_link = talloc_strdup(mem_ctx, gp_link_raw);
|
||||
|
||||
if (gp_link->link_names == NULL || gp_link->link_opts == NULL || gp_link->gp_link == NULL) {
|
||||
if (!gp_link->link_names || !gp_link->link_opts || !gp_link->gp_link) {
|
||||
goto parse_error;
|
||||
}
|
||||
|
||||
@ -199,7 +203,7 @@ static ADS_STATUS gpo_parse_gplink(TALLOC_CTX *mem_ctx,
|
||||
};
|
||||
|
||||
p = strchr(q, ';');
|
||||
|
||||
|
||||
if (p == NULL) {
|
||||
goto parse_error;
|
||||
}
|
||||
@ -212,23 +216,22 @@ static ADS_STATUS gpo_parse_gplink(TALLOC_CTX *mem_ctx,
|
||||
|
||||
gp_link->link_opts[i] = atoi(p + 1);
|
||||
|
||||
DEBUGADD(10,("gpo_parse_gplink: link: %s\n", gp_link->link_names[i]));
|
||||
DEBUGADD(10,("gpo_parse_gplink: opt: %d\n", gp_link->link_opts[i]));
|
||||
DEBUGADD(10,("gpo_parse_gplink: link: %s\n",
|
||||
gp_link->link_names[i]));
|
||||
DEBUGADD(10,("gpo_parse_gplink: opt: %d\n",
|
||||
gp_link->link_opts[i]));
|
||||
|
||||
}
|
||||
|
||||
status = ADS_SUCCESS;
|
||||
|
||||
parse_error:
|
||||
|
||||
if (link_list) {
|
||||
str_list_free_talloc(mem_ctx, &link_list);
|
||||
}
|
||||
|
||||
return ADS_ERROR(LDAP_SUCCESS);
|
||||
|
||||
parse_error:
|
||||
if (link_list) {
|
||||
str_list_free_talloc(mem_ctx, &link_list);
|
||||
}
|
||||
|
||||
return ADS_ERROR(LDAP_NO_MEMORY);
|
||||
return status;
|
||||
}
|
||||
|
||||
/****************************************************************
|
||||
@ -244,13 +247,14 @@ ADS_STATUS ads_get_gpo_link(ADS_STRUCT *ads,
|
||||
const char *attrs[] = {"gPLink", "gPOptions", NULL};
|
||||
LDAPMessage *res = NULL;
|
||||
const char *gp_link;
|
||||
uint32 gp_options;
|
||||
uint32_t gp_options;
|
||||
|
||||
ZERO_STRUCTP(gp_link_struct);
|
||||
|
||||
status = ads_search_dn(ads, &res, link_dn, attrs);
|
||||
if (!ADS_ERR_OK(status)) {
|
||||
DEBUG(10,("ads_get_gpo_link: search failed with %s\n", ads_errstr(status)));
|
||||
DEBUG(10,("ads_get_gpo_link: search failed with %s\n",
|
||||
ads_errstr(status)));
|
||||
return status;
|
||||
}
|
||||
|
||||
@ -260,33 +264,34 @@ ADS_STATUS ads_get_gpo_link(ADS_STRUCT *ads,
|
||||
return ADS_ERROR(LDAP_NO_SUCH_OBJECT);
|
||||
}
|
||||
|
||||
gp_link = ads_pull_string(ads, mem_ctx, res, "gPLink");
|
||||
gp_link = ads_pull_string(ads, mem_ctx, res, "gPLink");
|
||||
if (gp_link == NULL) {
|
||||
DEBUG(10,("ads_get_gpo_link: no 'gPLink' attribute found\n"));
|
||||
ads_msgfree(ads, res);
|
||||
return ADS_ERROR(LDAP_NO_SUCH_ATTRIBUTE);
|
||||
return ADS_ERROR(LDAP_NO_SUCH_ATTRIBUTE);
|
||||
}
|
||||
|
||||
/* perfectly legal to have no options */
|
||||
if (!ads_pull_uint32(ads, res, "gPOptions", &gp_options)) {
|
||||
DEBUG(10,("ads_get_gpo_link: no 'gPOptions' attribute found\n"));
|
||||
DEBUG(10,("ads_get_gpo_link: "
|
||||
"no 'gPOptions' attribute found\n"));
|
||||
gp_options = 0;
|
||||
}
|
||||
|
||||
ads_msgfree(ads, res);
|
||||
|
||||
return gpo_parse_gplink(mem_ctx, gp_link, gp_options, gp_link_struct);
|
||||
return gpo_parse_gplink(mem_ctx, gp_link, gp_options, gp_link_struct);
|
||||
}
|
||||
|
||||
/****************************************************************
|
||||
helper call to add a gp link
|
||||
****************************************************************/
|
||||
|
||||
ADS_STATUS ads_add_gpo_link(ADS_STRUCT *ads,
|
||||
TALLOC_CTX *mem_ctx,
|
||||
const char *link_dn,
|
||||
const char *gpo_dn,
|
||||
uint32 gpo_opt)
|
||||
ADS_STATUS ads_add_gpo_link(ADS_STRUCT *ads,
|
||||
TALLOC_CTX *mem_ctx,
|
||||
const char *link_dn,
|
||||
const char *gpo_dn,
|
||||
uint32_t gpo_opt)
|
||||
{
|
||||
ADS_STATUS status;
|
||||
const char *attrs[] = {"gPLink", NULL};
|
||||
@ -298,12 +303,13 @@ ADS_STATUS ads_add_gpo_link(ADS_STRUCT *ads,
|
||||
* the gpo_dn is sane */
|
||||
|
||||
if (!strnequal(gpo_dn, "LDAP://CN={", strlen("LDAP://CN={")) != 0) {
|
||||
return ADS_ERROR(LDAP_INVALID_DN_SYNTAX);
|
||||
return ADS_ERROR(LDAP_INVALID_DN_SYNTAX);
|
||||
}
|
||||
|
||||
status = ads_search_dn(ads, &res, link_dn, attrs);
|
||||
if (!ADS_ERR_OK(status)) {
|
||||
DEBUG(10,("ads_add_gpo_link: search failed with %s\n", ads_errstr(status)));
|
||||
DEBUG(10,("ads_add_gpo_link: search failed with %s\n",
|
||||
ads_errstr(status)));
|
||||
return status;
|
||||
}
|
||||
|
||||
@ -313,11 +319,13 @@ ADS_STATUS ads_add_gpo_link(ADS_STRUCT *ads,
|
||||
return ADS_ERROR(LDAP_NO_SUCH_OBJECT);
|
||||
}
|
||||
|
||||
gp_link = ads_pull_string(ads, mem_ctx, res, "gPLink");
|
||||
gp_link = ads_pull_string(ads, mem_ctx, res, "gPLink");
|
||||
if (gp_link == NULL) {
|
||||
gp_link_new = talloc_asprintf(mem_ctx, "[%s;%d]", gpo_dn, gpo_opt);
|
||||
gp_link_new = talloc_asprintf(mem_ctx, "[%s;%d]",
|
||||
gpo_dn, gpo_opt);
|
||||
} else {
|
||||
gp_link_new = talloc_asprintf(mem_ctx, "%s[%s;%d]", gp_link, gpo_dn, gpo_opt);
|
||||
gp_link_new = talloc_asprintf(mem_ctx, "%s[%s;%d]",
|
||||
gp_link, gpo_dn, gpo_opt);
|
||||
}
|
||||
|
||||
ads_msgfree(ads, res);
|
||||
@ -331,7 +339,7 @@ ADS_STATUS ads_add_gpo_link(ADS_STRUCT *ads,
|
||||
return status;
|
||||
}
|
||||
|
||||
return ads_gen_mod(ads, link_dn, mods);
|
||||
return ads_gen_mod(ads, link_dn, mods);
|
||||
}
|
||||
|
||||
/****************************************************************
|
||||
@ -339,9 +347,9 @@ ADS_STATUS ads_add_gpo_link(ADS_STRUCT *ads,
|
||||
****************************************************************/
|
||||
|
||||
/* untested & broken */
|
||||
ADS_STATUS ads_delete_gpo_link(ADS_STRUCT *ads,
|
||||
TALLOC_CTX *mem_ctx,
|
||||
const char *link_dn,
|
||||
ADS_STATUS ads_delete_gpo_link(ADS_STRUCT *ads,
|
||||
TALLOC_CTX *mem_ctx,
|
||||
const char *link_dn,
|
||||
const char *gpo_dn)
|
||||
{
|
||||
ADS_STATUS status;
|
||||
@ -355,7 +363,7 @@ ADS_STATUS ads_delete_gpo_link(ADS_STRUCT *ads,
|
||||
DEBUG(10,("ads_delete_gpo_link: first char not: [\n"));
|
||||
return ADS_ERROR(LDAP_INVALID_DN_SYNTAX);
|
||||
}
|
||||
|
||||
|
||||
if (gpo_dn[strlen(gpo_dn)] != ']') {
|
||||
DEBUG(10,("ads_delete_gpo_link: last char not: ]\n"));
|
||||
return ADS_ERROR(LDAP_INVALID_DN_SYNTAX);
|
||||
@ -363,7 +371,8 @@ ADS_STATUS ads_delete_gpo_link(ADS_STRUCT *ads,
|
||||
|
||||
status = ads_search_dn(ads, &res, link_dn, attrs);
|
||||
if (!ADS_ERR_OK(status)) {
|
||||
DEBUG(10,("ads_delete_gpo_link: search failed with %s\n", ads_errstr(status)));
|
||||
DEBUG(10,("ads_delete_gpo_link: search failed with %s\n",
|
||||
ads_errstr(status)));
|
||||
return status;
|
||||
}
|
||||
|
||||
@ -373,13 +382,14 @@ ADS_STATUS ads_delete_gpo_link(ADS_STRUCT *ads,
|
||||
return ADS_ERROR(LDAP_NO_SUCH_OBJECT);
|
||||
}
|
||||
|
||||
gp_link = ads_pull_string(ads, mem_ctx, res, "gPLink");
|
||||
gp_link = ads_pull_string(ads, mem_ctx, res, "gPLink");
|
||||
if (gp_link == NULL) {
|
||||
return ADS_ERROR(LDAP_NO_SUCH_ATTRIBUTE);
|
||||
}
|
||||
|
||||
/* find link to delete */
|
||||
/* gp_link_new = talloc_asprintf(mem_ctx, "%s[%s;%d]", gp_link, gpo_dn, gpo_opt); */
|
||||
/* gp_link_new = talloc_asprintf(mem_ctx, "%s[%s;%d]", gp_link,
|
||||
gpo_dn, gpo_opt); */
|
||||
|
||||
ads_msgfree(ads, res);
|
||||
ADS_ERROR_HAVE_NO_MEMORY(gp_link_new);
|
||||
@ -392,7 +402,7 @@ ADS_STATUS ads_delete_gpo_link(ADS_STRUCT *ads,
|
||||
return status;
|
||||
}
|
||||
|
||||
return ads_gen_mod(ads, link_dn, mods);
|
||||
return ads_gen_mod(ads, link_dn, mods);
|
||||
}
|
||||
|
||||
/****************************************************************
|
||||
@ -425,19 +435,25 @@ ADS_STATUS ads_delete_gpo_link(ADS_STRUCT *ads,
|
||||
return ADS_ERROR(LDAP_NO_MEMORY);
|
||||
}
|
||||
|
||||
gpo->file_sys_path = ads_pull_string(ads, mem_ctx, res, "gPCFileSysPath");
|
||||
gpo->file_sys_path = ads_pull_string(ads, mem_ctx, res,
|
||||
"gPCFileSysPath");
|
||||
ADS_ERROR_HAVE_NO_MEMORY(gpo->file_sys_path);
|
||||
|
||||
gpo->display_name = ads_pull_string(ads, mem_ctx, res, "displayName");
|
||||
gpo->display_name = ads_pull_string(ads, mem_ctx, res,
|
||||
"displayName");
|
||||
ADS_ERROR_HAVE_NO_MEMORY(gpo->display_name);
|
||||
|
||||
gpo->name = ads_pull_string(ads, mem_ctx, res, "name");
|
||||
gpo->name = ads_pull_string(ads, mem_ctx, res,
|
||||
"name");
|
||||
ADS_ERROR_HAVE_NO_MEMORY(gpo->name);
|
||||
|
||||
gpo->machine_extensions = ads_pull_string(ads, mem_ctx, res, "gPCMachineExtensionNames");
|
||||
gpo->user_extensions = ads_pull_string(ads, mem_ctx, res, "gPCUserExtensionNames");
|
||||
gpo->machine_extensions = ads_pull_string(ads, mem_ctx, res,
|
||||
"gPCMachineExtensionNames");
|
||||
gpo->user_extensions = ads_pull_string(ads, mem_ctx, res,
|
||||
"gPCUserExtensionNames");
|
||||
|
||||
ads_pull_sd(ads, mem_ctx, res, "ntSecurityDescriptor", &gpo->security_descriptor);
|
||||
ads_pull_sd(ads, mem_ctx, res, "ntSecurityDescriptor",
|
||||
&gpo->security_descriptor);
|
||||
ADS_ERROR_HAVE_NO_MEMORY(gpo->security_descriptor);
|
||||
|
||||
return ADS_ERROR(LDAP_SUCCESS);
|
||||
@ -458,11 +474,20 @@ ADS_STATUS ads_get_gpo(ADS_STRUCT *ads,
|
||||
LDAPMessage *res = NULL;
|
||||
char *dn;
|
||||
const char *filter;
|
||||
const char *attrs[] = { "cn", "displayName", "flags", "gPCFileSysPath",
|
||||
"gPCFunctionalityVersion", "gPCMachineExtensionNames",
|
||||
"gPCUserExtensionNames", "gPCWQLFilter", "name",
|
||||
"versionNumber", "ntSecurityDescriptor", NULL};
|
||||
uint32 sd_flags = DACL_SECURITY_INFORMATION;
|
||||
const char *attrs[] = {
|
||||
"cn",
|
||||
"displayName",
|
||||
"flags",
|
||||
"gPCFileSysPath",
|
||||
"gPCFunctionalityVersion",
|
||||
"gPCMachineExtensionNames",
|
||||
"gPCUserExtensionNames",
|
||||
"gPCWQLFilter",
|
||||
"name",
|
||||
"ntSecurityDescriptor",
|
||||
"versionNumber",
|
||||
NULL};
|
||||
uint32_t sd_flags = DACL_SECURITY_INFORMATION;
|
||||
|
||||
ZERO_STRUCTP(gpo);
|
||||
|
||||
@ -471,30 +496,31 @@ ADS_STATUS ads_get_gpo(ADS_STRUCT *ads,
|
||||
}
|
||||
|
||||
if (gpo_dn) {
|
||||
|
||||
|
||||
if (strnequal(gpo_dn, "LDAP://", strlen("LDAP://")) != 0) {
|
||||
gpo_dn = gpo_dn + strlen("LDAP://");
|
||||
}
|
||||
|
||||
status = ads_search_retry_dn_sd_flags(ads, &res,
|
||||
status = ads_search_retry_dn_sd_flags(ads, &res,
|
||||
sd_flags,
|
||||
gpo_dn, attrs);
|
||||
|
||||
|
||||
} else if (display_name || guid_name) {
|
||||
|
||||
filter = talloc_asprintf(mem_ctx,
|
||||
"(&(objectclass=groupPolicyContainer)(%s=%s))",
|
||||
display_name ? "displayName" : "name",
|
||||
display_name ? display_name : guid_name);
|
||||
filter = talloc_asprintf(mem_ctx,
|
||||
"(&(objectclass=groupPolicyContainer)(%s=%s))",
|
||||
display_name ? "displayName" : "name",
|
||||
display_name ? display_name : guid_name);
|
||||
ADS_ERROR_HAVE_NO_MEMORY(filter);
|
||||
|
||||
status = ads_do_search_all_sd_flags(ads, ads->config.bind_path,
|
||||
LDAP_SCOPE_SUBTREE, filter,
|
||||
LDAP_SCOPE_SUBTREE, filter,
|
||||
attrs, sd_flags, &res);
|
||||
}
|
||||
|
||||
if (!ADS_ERR_OK(status)) {
|
||||
DEBUG(10,("ads_get_gpo: search failed with %s\n", ads_errstr(status)));
|
||||
DEBUG(10,("ads_get_gpo: search failed with %s\n",
|
||||
ads_errstr(status)));
|
||||
return status;
|
||||
}
|
||||
|
||||
@ -509,7 +535,7 @@ ADS_STATUS ads_get_gpo(ADS_STRUCT *ads,
|
||||
ads_msgfree(ads, res);
|
||||
return ADS_ERROR(LDAP_NO_MEMORY);
|
||||
}
|
||||
|
||||
|
||||
status = ads_parse_gpo(ads, mem_ctx, res, dn, gpo);
|
||||
ads_msgfree(ads, res);
|
||||
ads_memfree(ads, dn);
|
||||
@ -522,7 +548,7 @@ ADS_STATUS ads_get_gpo(ADS_STRUCT *ads,
|
||||
****************************************************************/
|
||||
|
||||
static ADS_STATUS add_gplink_to_gpo_list(ADS_STRUCT *ads,
|
||||
TALLOC_CTX *mem_ctx,
|
||||
TALLOC_CTX *mem_ctx,
|
||||
struct GROUP_POLICY_OBJECT **gpo_list,
|
||||
const char *link_dn,
|
||||
struct GP_LINK *gp_link,
|
||||
@ -543,39 +569,47 @@ static ADS_STATUS add_gplink_to_gpo_list(ADS_STRUCT *ads,
|
||||
}
|
||||
|
||||
if (only_add_forced_gpos) {
|
||||
|
||||
if (! (gp_link->link_opts[i] & GPO_LINK_OPT_ENFORCED)) {
|
||||
DEBUG(10,("skipping nonenforced GPO link because GPOPTIONS_BLOCK_INHERITANCE has been set\n"));
|
||||
|
||||
if (!(gp_link->link_opts[i] & GPO_LINK_OPT_ENFORCED)) {
|
||||
DEBUG(10,("skipping nonenforced GPO link "
|
||||
"because GPOPTIONS_BLOCK_INHERITANCE "
|
||||
"has been set\n"));
|
||||
continue;
|
||||
} else {
|
||||
DEBUG(10,("adding enforced GPO link although the GPOPTIONS_BLOCK_INHERITANCE has been set\n"));
|
||||
DEBUG(10,("adding enforced GPO link although "
|
||||
"the GPOPTIONS_BLOCK_INHERITANCE "
|
||||
"has been set\n"));
|
||||
}
|
||||
}
|
||||
|
||||
new_gpo = TALLOC_ZERO_P(mem_ctx, struct GROUP_POLICY_OBJECT);
|
||||
ADS_ERROR_HAVE_NO_MEMORY(new_gpo);
|
||||
|
||||
status = ads_get_gpo(ads, mem_ctx, gp_link->link_names[i], NULL, NULL, new_gpo);
|
||||
status = ads_get_gpo(ads, mem_ctx, gp_link->link_names[i],
|
||||
NULL, NULL, new_gpo);
|
||||
if (!ADS_ERR_OK(status)) {
|
||||
DEBUG(10,("failed to get gpo: %s\n", gp_link->link_names[i]));
|
||||
DEBUG(10,("failed to get gpo: %s\n",
|
||||
gp_link->link_names[i]));
|
||||
return status;
|
||||
}
|
||||
|
||||
status = ADS_ERROR_NT(gpo_apply_security_filtering(new_gpo, token));
|
||||
status = ADS_ERROR_NT(gpo_apply_security_filtering(new_gpo,
|
||||
token));
|
||||
if (!ADS_ERR_OK(status)) {
|
||||
DEBUG(10,("skipping GPO \"%s\" as object has no access to it\n",
|
||||
DEBUG(10,("skipping GPO \"%s\" as object "
|
||||
"has no access to it\n",
|
||||
new_gpo->display_name));
|
||||
TALLOC_FREE(new_gpo);
|
||||
continue;
|
||||
}
|
||||
|
||||
new_gpo->link = link_dn;
|
||||
new_gpo->link_type = link_type;
|
||||
new_gpo->link_type = link_type;
|
||||
|
||||
DLIST_ADD(*gpo_list, new_gpo);
|
||||
|
||||
DEBUG(10,("add_gplink_to_gplist: added GPLINK #%d %s to GPO list\n",
|
||||
i, gp_link->link_names[i]));
|
||||
DEBUG(10,("add_gplink_to_gplist: added GPLINK #%d %s "
|
||||
"to GPO list\n", i, gp_link->link_names[i]));
|
||||
}
|
||||
|
||||
return ADS_ERROR(LDAP_SUCCESS);
|
||||
@ -599,7 +633,7 @@ ADS_STATUS ads_get_sid_token(ADS_STRUCT *ads,
|
||||
struct nt_user_token *new_token = NULL;
|
||||
int i;
|
||||
|
||||
status = ads_get_tokensids(ads, mem_ctx, dn,
|
||||
status = ads_get_tokensids(ads, mem_ctx, dn,
|
||||
&object_sid, &primary_group_sid,
|
||||
&ad_token_sids, &num_ad_token_sids);
|
||||
if (!ADS_ERR_OK(status)) {
|
||||
@ -609,24 +643,24 @@ ADS_STATUS ads_get_sid_token(ADS_STRUCT *ads,
|
||||
token_sids = TALLOC_ARRAY(mem_ctx, DOM_SID, 1);
|
||||
ADS_ERROR_HAVE_NO_MEMORY(token_sids);
|
||||
|
||||
if (!add_sid_to_array_unique(mem_ctx, &primary_group_sid, &token_sids,
|
||||
if (!add_sid_to_array_unique(mem_ctx, &primary_group_sid, &token_sids,
|
||||
&num_token_sids)) {
|
||||
return ADS_ERROR(LDAP_NO_MEMORY);
|
||||
}
|
||||
|
||||
for (i = 0; i < num_ad_token_sids; i++) {
|
||||
|
||||
|
||||
if (sid_check_is_in_builtin(&ad_token_sids[i])) {
|
||||
continue;
|
||||
}
|
||||
|
||||
if (!add_sid_to_array_unique(mem_ctx, &ad_token_sids[i],
|
||||
if (!add_sid_to_array_unique(mem_ctx, &ad_token_sids[i],
|
||||
&token_sids, &num_token_sids)) {
|
||||
return ADS_ERROR(LDAP_NO_MEMORY);
|
||||
}
|
||||
}
|
||||
|
||||
new_token = create_local_nt_token(mem_ctx, &object_sid, False,
|
||||
new_token = create_local_nt_token(mem_ctx, &object_sid, False,
|
||||
num_token_sids, token_sids);
|
||||
ADS_ERROR_HAVE_NO_MEMORY(new_token);
|
||||
|
||||
@ -637,21 +671,48 @@ ADS_STATUS ads_get_sid_token(ADS_STRUCT *ads,
|
||||
return ADS_ERROR_LDAP(LDAP_SUCCESS);
|
||||
}
|
||||
|
||||
/****************************************************************
|
||||
****************************************************************/
|
||||
|
||||
static ADS_STATUS add_local_policy_to_gpo_list(TALLOC_CTX *mem_ctx,
|
||||
struct GROUP_POLICY_OBJECT **gpo_list,
|
||||
enum GPO_LINK_TYPE link_type)
|
||||
{
|
||||
struct GROUP_POLICY_OBJECT *gpo = NULL;
|
||||
|
||||
ADS_ERROR_HAVE_NO_MEMORY(gpo_list);
|
||||
|
||||
gpo = TALLOC_ZERO_P(mem_ctx, struct GROUP_POLICY_OBJECT);
|
||||
ADS_ERROR_HAVE_NO_MEMORY(gpo);
|
||||
|
||||
gpo->name = talloc_strdup(mem_ctx, "Local Policy");
|
||||
ADS_ERROR_HAVE_NO_MEMORY(gpo->name);
|
||||
|
||||
gpo->display_name = talloc_strdup(mem_ctx, "Local Policy");
|
||||
ADS_ERROR_HAVE_NO_MEMORY(gpo->display_name);
|
||||
|
||||
gpo->link_type = link_type;
|
||||
|
||||
DLIST_ADD(*gpo_list, gpo);
|
||||
|
||||
return ADS_ERROR_NT(NT_STATUS_OK);
|
||||
}
|
||||
|
||||
/****************************************************************
|
||||
get the full list of GROUP_POLICY_OBJECTs for a given dn
|
||||
****************************************************************/
|
||||
|
||||
ADS_STATUS ads_get_gpo_list(ADS_STRUCT *ads,
|
||||
TALLOC_CTX *mem_ctx,
|
||||
ADS_STATUS ads_get_gpo_list(ADS_STRUCT *ads,
|
||||
TALLOC_CTX *mem_ctx,
|
||||
const char *dn,
|
||||
uint32 flags,
|
||||
uint32_t flags,
|
||||
const struct nt_user_token *token,
|
||||
struct GROUP_POLICY_OBJECT **gpo_list)
|
||||
{
|
||||
/* (L)ocal (S)ite (D)omain (O)rganizational(U)nit */
|
||||
|
||||
|
||||
ADS_STATUS status;
|
||||
struct GP_LINK gp_link;
|
||||
struct nt_user_token *token = NULL;
|
||||
const char *parent_dn, *site_dn, *tmp_dn;
|
||||
BOOL add_only_forced_gpos = False;
|
||||
|
||||
@ -663,25 +724,27 @@ ADS_STATUS ads_get_gpo_list(ADS_STRUCT *ads,
|
||||
|
||||
DEBUG(10,("ads_get_gpo_list: getting GPO list for [%s]\n", dn));
|
||||
|
||||
status = ads_get_sid_token(ads, mem_ctx, dn, &token);
|
||||
/* (L)ocal */
|
||||
status = add_local_policy_to_gpo_list(mem_ctx, gpo_list,
|
||||
GP_LINK_UNKOWN);
|
||||
if (!ADS_ERR_OK(status)) {
|
||||
return status;
|
||||
}
|
||||
|
||||
/* (L)ocal */
|
||||
/* not yet... */
|
||||
|
||||
/* (S)ite */
|
||||
|
||||
/* are site GPOs valid for users as well ??? */
|
||||
if (flags & GPO_LIST_FLAG_MACHINE) {
|
||||
|
||||
status = ads_site_dn_for_machine(ads, mem_ctx, ads->config.ldap_server_name, &site_dn);
|
||||
status = ads_site_dn_for_machine(ads, mem_ctx,
|
||||
ads->config.ldap_server_name,
|
||||
&site_dn);
|
||||
if (!ADS_ERR_OK(status)) {
|
||||
return status;
|
||||
}
|
||||
|
||||
DEBUG(10,("ads_get_gpo_list: query SITE: [%s] for GPOs\n", site_dn));
|
||||
DEBUG(10,("ads_get_gpo_list: query SITE: [%s] for GPOs\n",
|
||||
site_dn));
|
||||
|
||||
status = ads_get_gpo_link(ads, mem_ctx, site_dn, &gp_link);
|
||||
if (ADS_ERR_OK(status)) {
|
||||
@ -690,8 +753,9 @@ ADS_STATUS ads_get_gpo_list(ADS_STRUCT *ads,
|
||||
dump_gplink(ads, mem_ctx, &gp_link);
|
||||
}
|
||||
|
||||
status = add_gplink_to_gpo_list(ads, mem_ctx, gpo_list,
|
||||
site_dn, &gp_link, GP_LINK_SITE,
|
||||
status = add_gplink_to_gpo_list(ads, mem_ctx, gpo_list,
|
||||
site_dn, &gp_link,
|
||||
GP_LINK_SITE,
|
||||
add_only_forced_gpos,
|
||||
token);
|
||||
if (!ADS_ERR_OK(status)) {
|
||||
@ -708,33 +772,39 @@ ADS_STATUS ads_get_gpo_list(ADS_STRUCT *ads,
|
||||
|
||||
tmp_dn = dn;
|
||||
|
||||
while ( (parent_dn = ads_parent_dn(tmp_dn)) &&
|
||||
(!strequal(parent_dn, ads_parent_dn(ads->config.bind_path))) ) {
|
||||
while ((parent_dn = ads_parent_dn(tmp_dn)) &&
|
||||
(!strequal(parent_dn, ads_parent_dn(ads->config.bind_path)))) {
|
||||
|
||||
/* (D)omain */
|
||||
|
||||
/* An account can just be a member of one domain */
|
||||
if (strncmp(parent_dn, "DC=", strlen("DC=")) == 0) {
|
||||
|
||||
DEBUG(10,("ads_get_gpo_list: query DC: [%s] for GPOs\n", parent_dn));
|
||||
DEBUG(10,("ads_get_gpo_list: query DC: [%s] for GPOs\n",
|
||||
parent_dn));
|
||||
|
||||
status = ads_get_gpo_link(ads, mem_ctx, parent_dn, &gp_link);
|
||||
status = ads_get_gpo_link(ads, mem_ctx, parent_dn,
|
||||
&gp_link);
|
||||
if (ADS_ERR_OK(status)) {
|
||||
|
||||
|
||||
if (DEBUGLEVEL >= 100) {
|
||||
dump_gplink(ads, mem_ctx, &gp_link);
|
||||
}
|
||||
|
||||
/* block inheritance from now on */
|
||||
if (gp_link.gp_opts & GPOPTIONS_BLOCK_INHERITANCE) {
|
||||
if (gp_link.gp_opts &
|
||||
GPOPTIONS_BLOCK_INHERITANCE) {
|
||||
add_only_forced_gpos = True;
|
||||
}
|
||||
|
||||
status = add_gplink_to_gpo_list(ads, mem_ctx,
|
||||
gpo_list, parent_dn,
|
||||
&gp_link, GP_LINK_DOMAIN,
|
||||
add_only_forced_gpos,
|
||||
token);
|
||||
status = add_gplink_to_gpo_list(ads,
|
||||
mem_ctx,
|
||||
gpo_list,
|
||||
parent_dn,
|
||||
&gp_link,
|
||||
GP_LINK_DOMAIN,
|
||||
add_only_forced_gpos,
|
||||
token);
|
||||
if (!ADS_ERR_OK(status)) {
|
||||
return status;
|
||||
}
|
||||
@ -746,19 +816,21 @@ ADS_STATUS ads_get_gpo_list(ADS_STRUCT *ads,
|
||||
|
||||
/* reset dn again */
|
||||
tmp_dn = dn;
|
||||
|
||||
while ( (parent_dn = ads_parent_dn(tmp_dn)) &&
|
||||
(!strequal(parent_dn, ads_parent_dn(ads->config.bind_path))) ) {
|
||||
|
||||
while ((parent_dn = ads_parent_dn(tmp_dn)) &&
|
||||
(!strequal(parent_dn, ads_parent_dn(ads->config.bind_path)))) {
|
||||
|
||||
|
||||
/* (O)rganizational(U)nit */
|
||||
|
||||
/* An account can be a member of more OUs */
|
||||
if (strncmp(parent_dn, "OU=", strlen("OU=")) == 0) {
|
||||
|
||||
DEBUG(10,("ads_get_gpo_list: query OU: [%s] for GPOs\n", parent_dn));
|
||||
|
||||
status = ads_get_gpo_link(ads, mem_ctx, parent_dn, &gp_link);
|
||||
DEBUG(10,("ads_get_gpo_list: query OU: [%s] for GPOs\n",
|
||||
parent_dn));
|
||||
|
||||
status = ads_get_gpo_link(ads, mem_ctx, parent_dn,
|
||||
&gp_link);
|
||||
if (ADS_ERR_OK(status)) {
|
||||
|
||||
if (DEBUGLEVEL >= 100) {
|
||||
@ -766,15 +838,19 @@ ADS_STATUS ads_get_gpo_list(ADS_STRUCT *ads,
|
||||
}
|
||||
|
||||
/* block inheritance from now on */
|
||||
if (gp_link.gp_opts & GPOPTIONS_BLOCK_INHERITANCE) {
|
||||
if (gp_link.gp_opts &
|
||||
GPOPTIONS_BLOCK_INHERITANCE) {
|
||||
add_only_forced_gpos = True;
|
||||
}
|
||||
|
||||
status = add_gplink_to_gpo_list(ads, mem_ctx,
|
||||
gpo_list, parent_dn,
|
||||
&gp_link, GP_LINK_OU,
|
||||
add_only_forced_gpos,
|
||||
token);
|
||||
status = add_gplink_to_gpo_list(ads,
|
||||
mem_ctx,
|
||||
gpo_list,
|
||||
parent_dn,
|
||||
&gp_link,
|
||||
GP_LINK_OU,
|
||||
add_only_forced_gpos,
|
||||
token);
|
||||
if (!ADS_ERR_OK(status)) {
|
||||
return status;
|
||||
}
|
||||
|
||||
@ -74,225 +74,3 @@ NTSTATUS parse_gpt_ini(TALLOC_CTX *mem_ctx, const char *filename, uint32 *versio
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
#if 0 /* not yet */
|
||||
|
||||
/****************************************************************
|
||||
parse the Version section from gpttmpl file
|
||||
****************************************************************/
|
||||
|
||||
#define GPTTMPL_SECTION_VERSION "Version"
|
||||
#define GPTTMPL_PARAMETER_REVISION "Revision"
|
||||
#define GPTTMPL_PARAMETER_SIGNATURE "signature"
|
||||
#define GPTTMPL_CHICAGO "$CHICAGO$" /* whatever this is good for... */
|
||||
#define GPTTMPL_SECTION_UNICODE "Unicode"
|
||||
#define GPTTMPL_PARAMETER_UNICODE "Unicode"
|
||||
|
||||
static NTSTATUS parse_gpttmpl(dictionary *d, uint32 *version_out)
|
||||
{
|
||||
const char *signature = NULL;
|
||||
uint32 version;
|
||||
|
||||
if ((signature = iniparser_getstring(d, GPTTMPL_SECTION_VERSION
|
||||
":"GPTTMPL_PARAMETER_SIGNATURE, NULL)) == NULL) {
|
||||
return NT_STATUS_INTERNAL_DB_CORRUPTION;
|
||||
}
|
||||
|
||||
if (!strequal(signature, GPTTMPL_CHICAGO)) {
|
||||
return NT_STATUS_INTERNAL_DB_CORRUPTION;
|
||||
}
|
||||
|
||||
if ((version = iniparser_getint(d, GPTTMPL_SECTION_VERSION
|
||||
":"GPTTMPL_PARAMETER_REVISION, Undefined)) == Undefined) {
|
||||
return NT_STATUS_INTERNAL_DB_CORRUPTION;
|
||||
}
|
||||
|
||||
if (version_out) {
|
||||
*version_out = version;
|
||||
}
|
||||
|
||||
/* treat that as boolean */
|
||||
if ((!iniparser_getboolean(d, GPTTMPL_SECTION_UNICODE
|
||||
":"GPTTMPL_PARAMETER_UNICODE, Undefined)) == Undefined) {
|
||||
return NT_STATUS_INTERNAL_DB_CORRUPTION;
|
||||
}
|
||||
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
/****************************************************************
|
||||
parse the "System Access" section from gpttmpl file
|
||||
****************************************************************/
|
||||
|
||||
#define GPTTMPL_SECTION_SYSTEM_ACCESS "System Access"
|
||||
#define GPTTMPL_PARAMETER_MINPWDAGE "MinimumPasswordAge"
|
||||
#define GPTTMPL_PARAMETER_MAXPWDAGE "MaximumPasswordAge"
|
||||
#define GPTTMPL_PARAMETER_MINPWDLEN "MinimumPasswordLength"
|
||||
#define GPTTMPL_PARAMETER_PWDCOMPLEX "PasswordComplexity"
|
||||
#define GPTTMPL_PARAMETER_PWDHISTORY "PasswordHistorySize"
|
||||
#define GPTTMPL_PARAMETER_LOCKOUTCOUNT "LockoutBadCount"
|
||||
|
||||
static NTSTATUS parse_gpttmpl_system_access(const char *filename)
|
||||
{
|
||||
NTSTATUS status;
|
||||
dictionary *d = NULL;
|
||||
uint32 pwd_min_age, pwd_max_age, pwd_min_len, pwd_history;
|
||||
uint32 lockout_count;
|
||||
BOOL pwd_complex;
|
||||
uint32 version;
|
||||
|
||||
d = iniparser_load(filename);
|
||||
if (d == NULL) {
|
||||
return NT_STATUS_NO_SUCH_FILE;
|
||||
}
|
||||
|
||||
status = parse_gpttmpl(d, &version);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
goto out;
|
||||
}
|
||||
|
||||
status = NT_STATUS_INVALID_PARAMETER;
|
||||
|
||||
if ((pwd_min_age = iniparser_getint(d, GPTTMPL_SECTION_SYSTEM_ACCESS
|
||||
":"GPTTMPL_PARAMETER_MINPWDAGE, Undefined)) == Undefined) {
|
||||
goto out;
|
||||
}
|
||||
|
||||
if ((pwd_max_age = iniparser_getint(d, GPTTMPL_SECTION_SYSTEM_ACCESS
|
||||
":"GPTTMPL_PARAMETER_MINPWDAGE, Undefined)) == Undefined) {
|
||||
goto out;
|
||||
}
|
||||
|
||||
if ((pwd_min_len = iniparser_getint(d, GPTTMPL_SECTION_SYSTEM_ACCESS
|
||||
":"GPTTMPL_PARAMETER_MINPWDLEN, Undefined)) == Undefined) {
|
||||
goto out;
|
||||
}
|
||||
|
||||
if ((pwd_complex = iniparser_getboolean(d, GPTTMPL_SECTION_SYSTEM_ACCESS
|
||||
":"GPTTMPL_PARAMETER_PWDCOMPLEX, Undefined)) == Undefined) {
|
||||
goto out;
|
||||
}
|
||||
|
||||
if ((pwd_history = iniparser_getint(d, GPTTMPL_SECTION_SYSTEM_ACCESS
|
||||
":"GPTTMPL_PARAMETER_PWDHISTORY, Undefined)) == Undefined) {
|
||||
goto out;
|
||||
}
|
||||
|
||||
if ((lockout_count = iniparser_getint(d, GPTTMPL_SECTION_SYSTEM_ACCESS
|
||||
":"GPTTMPL_PARAMETER_LOCKOUTCOUNT, Undefined)) == Undefined) {
|
||||
goto out;
|
||||
}
|
||||
|
||||
/* TODO ?
|
||||
RequireLogonToChangePassword = 0
|
||||
ForceLogoffWhenHourExpire = 0
|
||||
ClearTextPassword = 0
|
||||
*/
|
||||
|
||||
status = NT_STATUS_OK;
|
||||
|
||||
out:
|
||||
if (d) {
|
||||
iniparser_freedict(d);
|
||||
}
|
||||
|
||||
return status;
|
||||
}
|
||||
|
||||
/****************************************************************
|
||||
parse the "Kerberos Policy" section from gpttmpl file
|
||||
****************************************************************/
|
||||
|
||||
#define GPTTMPL_SECTION_KERBEROS_POLICY "Kerberos Policy"
|
||||
#define GPTTMPL_PARAMETER_MAXTKTAGE "MaxTicketAge"
|
||||
#define GPTTMPL_PARAMETER_MAXRENEWAGE "MaxRenewAge"
|
||||
#define GPTTMPL_PARAMETER_MAXTGSAGE "MaxServiceAge"
|
||||
#define GPTTMPL_PARAMETER_MAXCLOCKSKEW "MaxClockSkew"
|
||||
#define GPTTMPL_PARAMETER_TKTVALIDATECLIENT "TicketValidateClient"
|
||||
|
||||
static NTSTATUS parse_gpttmpl_kerberos_policy(const char *filename)
|
||||
{
|
||||
NTSTATUS status;
|
||||
dictionary *d = NULL;
|
||||
uint32 tkt_max_age, tkt_max_renew, tgs_max_age, max_clock_skew;
|
||||
BOOL tkt_validate;
|
||||
uint32 version;
|
||||
|
||||
d = iniparser_load(filename);
|
||||
if (d == NULL) {
|
||||
return NT_STATUS_NO_SUCH_FILE;
|
||||
}
|
||||
|
||||
status = parse_gpttmpl(d, &version);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
goto out;
|
||||
}
|
||||
|
||||
status = NT_STATUS_INVALID_PARAMETER;
|
||||
|
||||
if ((tkt_max_age = iniparser_getint(d, GPTTMPL_SECTION_KERBEROS_POLICY
|
||||
":"GPTTMPL_PARAMETER_MAXTKTAGE, Undefined)) != Undefined) {
|
||||
goto out;
|
||||
}
|
||||
|
||||
if ((tkt_max_renew = iniparser_getint(d, GPTTMPL_SECTION_KERBEROS_POLICY
|
||||
":"GPTTMPL_PARAMETER_MAXRENEWAGE, Undefined)) != Undefined) {
|
||||
goto out;
|
||||
}
|
||||
|
||||
if ((tgs_max_age = iniparser_getint(d, GPTTMPL_SECTION_KERBEROS_POLICY
|
||||
":"GPTTMPL_PARAMETER_MAXTGSAGE, Undefined)) != Undefined) {
|
||||
goto out;
|
||||
}
|
||||
|
||||
if ((max_clock_skew = iniparser_getint(d, GPTTMPL_SECTION_KERBEROS_POLICY
|
||||
":"GPTTMPL_PARAMETER_MAXCLOCKSKEW, Undefined)) != Undefined) {
|
||||
goto out;
|
||||
}
|
||||
|
||||
if ((tkt_validate = iniparser_getboolean(d, GPTTMPL_SECTION_KERBEROS_POLICY
|
||||
":"GPTTMPL_PARAMETER_TKTVALIDATECLIENT, Undefined)) != Undefined) {
|
||||
goto out;
|
||||
}
|
||||
|
||||
status = NT_STATUS_OK;
|
||||
|
||||
out:
|
||||
if (d) {
|
||||
iniparser_freedict(d);
|
||||
}
|
||||
|
||||
return status;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
/*
|
||||
|
||||
perfectly parseable with iniparser:
|
||||
|
||||
{GUID}/Machine/Microsoft/Windows NT/SecEdit/GptTmpl.inf
|
||||
|
||||
|
||||
[Unicode]
|
||||
Unicode=yes
|
||||
[System Access]
|
||||
MinimumPasswordAge = 1
|
||||
MaximumPasswordAge = 42
|
||||
MinimumPasswordLength = 7
|
||||
PasswordComplexity = 1
|
||||
PasswordHistorySize = 24
|
||||
LockoutBadCount = 0
|
||||
RequireLogonToChangePassword = 0
|
||||
ForceLogoffWhenHourExpire = 0
|
||||
ClearTextPassword = 0
|
||||
[Kerberos Policy]
|
||||
MaxTicketAge = 10
|
||||
MaxRenewAge = 7
|
||||
MaxServiceAge = 600
|
||||
MaxClockSkew = 5
|
||||
TicketValidateClient = 1
|
||||
[Version]
|
||||
signature="$CHICAGO$"
|
||||
Revision=1
|
||||
*/
|
||||
|
||||
@ -1,18 +1,18 @@
|
||||
/*
|
||||
/*
|
||||
* Unix SMB/CIFS implementation.
|
||||
* Group Policy Object Support
|
||||
* Copyright (C) Guenther Deschner 2007
|
||||
*
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
@ -70,7 +70,7 @@ static BOOL gpo_sd_check_agp_object(const SEC_ACE *ace)
|
||||
/****************************************************************
|
||||
****************************************************************/
|
||||
|
||||
static BOOL gpo_sd_check_agp_access_bits(uint32 access_mask)
|
||||
static BOOL gpo_sd_check_agp_access_bits(uint32_t access_mask)
|
||||
{
|
||||
return (access_mask & SEC_RIGHTS_EXTENDED);
|
||||
}
|
||||
@ -79,9 +79,9 @@ static BOOL gpo_sd_check_agp_access_bits(uint32 access_mask)
|
||||
/****************************************************************
|
||||
****************************************************************/
|
||||
|
||||
static BOOL gpo_sd_check_read_access_bits(uint32 access_mask)
|
||||
static BOOL gpo_sd_check_read_access_bits(uint32_t access_mask)
|
||||
{
|
||||
uint32 read_bits = SEC_RIGHTS_LIST_CONTENTS |
|
||||
uint32_t read_bits = SEC_RIGHTS_LIST_CONTENTS |
|
||||
SEC_RIGHTS_READ_ALL_PROP |
|
||||
SEC_RIGHTS_READ_PERMS;
|
||||
|
||||
@ -92,13 +92,14 @@ static BOOL gpo_sd_check_read_access_bits(uint32 access_mask)
|
||||
/****************************************************************
|
||||
****************************************************************/
|
||||
|
||||
static NTSTATUS gpo_sd_check_ace_denied_object(const SEC_ACE *ace,
|
||||
const struct nt_user_token *token)
|
||||
static NTSTATUS gpo_sd_check_ace_denied_object(const SEC_ACE *ace,
|
||||
const struct nt_user_token *token)
|
||||
{
|
||||
if (gpo_sd_check_agp_object(ace) &&
|
||||
gpo_sd_check_agp_access_bits(ace->access_mask) &&
|
||||
nt_token_check_sid(&ace->trustee, token)) {
|
||||
DEBUG(10,("gpo_sd_check_ace_denied_object: Access denied as of ace for %s\n",
|
||||
DEBUG(10,("gpo_sd_check_ace_denied_object: "
|
||||
"Access denied as of ace for %s\n",
|
||||
sid_string_static(&ace->trustee)));
|
||||
return NT_STATUS_ACCESS_DENIED;
|
||||
}
|
||||
@ -109,13 +110,14 @@ static NTSTATUS gpo_sd_check_ace_denied_object(const SEC_ACE *ace,
|
||||
/****************************************************************
|
||||
****************************************************************/
|
||||
|
||||
static NTSTATUS gpo_sd_check_ace_allowed_object(const SEC_ACE *ace,
|
||||
const struct nt_user_token *token)
|
||||
static NTSTATUS gpo_sd_check_ace_allowed_object(const SEC_ACE *ace,
|
||||
const struct nt_user_token *token)
|
||||
{
|
||||
if (gpo_sd_check_agp_object(ace) &&
|
||||
gpo_sd_check_agp_access_bits(ace->access_mask) &&
|
||||
gpo_sd_check_agp_access_bits(ace->access_mask) &&
|
||||
nt_token_check_sid(&ace->trustee, token)) {
|
||||
DEBUG(10,("gpo_sd_check_ace_allowed_object: Access granted as of ace for %s\n",
|
||||
DEBUG(10,("gpo_sd_check_ace_allowed_object: "
|
||||
"Access granted as of ace for %s\n",
|
||||
sid_string_static(&ace->trustee)));
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
@ -126,8 +128,8 @@ static NTSTATUS gpo_sd_check_ace_allowed_object(const SEC_ACE *ace,
|
||||
/****************************************************************
|
||||
****************************************************************/
|
||||
|
||||
static NTSTATUS gpo_sd_check_ace(const SEC_ACE *ace,
|
||||
const struct nt_user_token *token)
|
||||
static NTSTATUS gpo_sd_check_ace(const SEC_ACE *ace,
|
||||
const struct nt_user_token *token)
|
||||
{
|
||||
switch (ace->type) {
|
||||
case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT:
|
||||
@ -142,7 +144,7 @@ static NTSTATUS gpo_sd_check_ace(const SEC_ACE *ace,
|
||||
/****************************************************************
|
||||
****************************************************************/
|
||||
|
||||
NTSTATUS gpo_apply_security_filtering(const struct GROUP_POLICY_OBJECT *gpo,
|
||||
NTSTATUS gpo_apply_security_filtering(const struct GROUP_POLICY_OBJECT *gpo,
|
||||
const struct nt_user_token *token)
|
||||
{
|
||||
SEC_DESC *sd = gpo->security_descriptor;
|
||||
|
||||
@ -1,18 +1,18 @@
|
||||
/*
|
||||
/*
|
||||
* Unix SMB/CIFS implementation.
|
||||
* Group Policy Object Support
|
||||
* Copyright (C) Guenther Deschner 2005-2006
|
||||
*
|
||||
* Copyright (C) Guenther Deschner 2005-2007
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
@ -25,88 +25,88 @@
|
||||
#define DEFAULT_DOMAIN_CONTROLLERS_POLICY "Default Domain Controllers Policy"
|
||||
|
||||
/* should we store a parsed guid ? */
|
||||
struct gpo_table {
|
||||
struct gp_table {
|
||||
const char *name;
|
||||
const char *guid_string;
|
||||
};
|
||||
|
||||
struct snapin_table {
|
||||
const char *name;
|
||||
const char *guid_string;
|
||||
ADS_STATUS (*snapin_fn)(ADS_STRUCT *, TALLOC_CTX *mem_ctx,
|
||||
struct GROUP_POLICY_OBJECT *gpo,
|
||||
const char *, const char *);
|
||||
};
|
||||
|
||||
#if 0 /* unused */
|
||||
static struct gpo_table gpo_default_policy[] = {
|
||||
{ DEFAULT_DOMAIN_POLICY,
|
||||
static struct gp_table gpo_default_policy[] = {
|
||||
{ DEFAULT_DOMAIN_POLICY,
|
||||
"31B2F340-016D-11D2-945F-00C04FB984F9" },
|
||||
{ DEFAULT_DOMAIN_CONTROLLERS_POLICY,
|
||||
{ DEFAULT_DOMAIN_CONTROLLERS_POLICY,
|
||||
"6AC1786C-016F-11D2-945F-00C04fB984F9" },
|
||||
{ NULL, NULL }
|
||||
};
|
||||
#endif
|
||||
|
||||
/* the following is seen in gPCMachineExtensionNames or gPCUserExtensionNames */
|
||||
/* the following is seen in gPCMachineExtensionNames / gPCUserExtensionNames */
|
||||
|
||||
static struct gpo_table gpo_cse_extensions[] = {
|
||||
{ "Administrative Templates Extension",
|
||||
"35378EAC-683F-11D2-A89A-00C04FBBCFA2" }, /* Registry Policy ? */
|
||||
{ "Microsoft Disc Quota",
|
||||
static struct gp_table gpo_cse_extensions[] = {
|
||||
/* used to be "Administrative Templates Extension" */
|
||||
/* "Registry Settings"
|
||||
(http://support.microsoft.com/kb/216357/EN-US/) */
|
||||
{ "Registry Settings",
|
||||
GP_EXT_REGISTRY },
|
||||
{ "Microsoft Disc Quota",
|
||||
"3610EDA5-77EF-11D2-8DC5-00C04FA31A66" },
|
||||
{ "EFS recovery",
|
||||
{ "EFS recovery",
|
||||
"B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A" },
|
||||
{ "Folder Redirection",
|
||||
{ "Folder Redirection",
|
||||
"25537BA6-77A8-11D2-9B6C-0000F8080861" },
|
||||
{ "IP Security",
|
||||
{ "IP Security",
|
||||
"E437BC1C-AA7D-11D2-A382-00C04F991E27" },
|
||||
{ "Internet Explorer Branding",
|
||||
{ "Internet Explorer Branding",
|
||||
"A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B" },
|
||||
{ "QoS Packet Scheduler",
|
||||
{ "QoS Packet Scheduler",
|
||||
"426031c0-0b47-4852-b0ca-ac3d37bfcb39" },
|
||||
{ "Scripts",
|
||||
"42B5FAAE-6536-11D2-AE5A-0000F87571E3" },
|
||||
{ "Security",
|
||||
"827D319E-6EAC-11D2-A4EA-00C04F79F83A" },
|
||||
{ "Software Installation",
|
||||
{ "Scripts",
|
||||
GP_EXT_SCRIPTS },
|
||||
{ "Security",
|
||||
GP_EXT_SECURITY },
|
||||
{ "Software Installation",
|
||||
"C6DC5466-785A-11D2-84D0-00C04FB169F7" },
|
||||
{ "Wireless Group Policy",
|
||||
{ "Wireless Group Policy",
|
||||
"0ACDD40C-75AC-BAA0-BF6DE7E7FE63" },
|
||||
{ "Application Management",
|
||||
"C6DC5466-785A-11D2-84D0-00C04FB169F7" },
|
||||
{ "unknown",
|
||||
"3060E8D0-7020-11D2-842D-00C04FA372D4" },
|
||||
{ NULL, NULL }
|
||||
};
|
||||
|
||||
/* guess work */
|
||||
static struct snapin_table gpo_cse_snapin_extensions[] = {
|
||||
{ "Administrative Templates",
|
||||
"0F6B957D-509E-11D1-A7CC-0000F87571E3", gpo_snapin_handler_none },
|
||||
{ "Certificates",
|
||||
"53D6AB1D-2488-11D1-A28C-00C04FB94F17", gpo_snapin_handler_none },
|
||||
{ "EFS recovery policy processing",
|
||||
"B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A", gpo_snapin_handler_none },
|
||||
{ "Folder Redirection policy processing",
|
||||
"25537BA6-77A8-11D2-9B6C-0000F8080861", gpo_snapin_handler_none },
|
||||
{ "Folder Redirection",
|
||||
"88E729D6-BDC1-11D1-BD2A-00C04FB9603F", gpo_snapin_handler_none },
|
||||
{ "Registry policy processing",
|
||||
"35378EAC-683F-11D2-A89A-00C04FBBCFA2", gpo_snapin_handler_none },
|
||||
{ "Remote Installation Services",
|
||||
"3060E8CE-7020-11D2-842D-00C04FA372D4", gpo_snapin_handler_none },
|
||||
{ "Security Settings",
|
||||
"803E14A0-B4FB-11D0-A0D0-00A0C90F574B", gpo_snapin_handler_security_settings },
|
||||
{ "Security policy processing",
|
||||
"827D319E-6EAC-11D2-A4EA-00C04F79F83A", gpo_snapin_handler_security_settings },
|
||||
{ "unknown",
|
||||
"3060E8D0-7020-11D2-842D-00C04FA372D4", gpo_snapin_handler_none },
|
||||
{ "unknown2",
|
||||
"53D6AB1B-2488-11D1-A28C-00C04FB94F17", gpo_snapin_handler_none },
|
||||
{ NULL, NULL, NULL }
|
||||
static struct gp_table gpo_cse_snapin_extensions[] = {
|
||||
{ "Administrative Templates",
|
||||
"0F6B957D-509E-11D1-A7CC-0000F87571E3" },
|
||||
{ "Certificates",
|
||||
"53D6AB1D-2488-11D1-A28C-00C04FB94F17" },
|
||||
{ "EFS recovery policy processing",
|
||||
"B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A" },
|
||||
{ "Folder Redirection policy processing",
|
||||
"25537BA6-77A8-11D2-9B6C-0000F8080861" },
|
||||
{ "Folder Redirection",
|
||||
"88E729D6-BDC1-11D1-BD2A-00C04FB9603F" },
|
||||
{ "Registry policy processing",
|
||||
"35378EAC-683F-11D2-A89A-00C04FBBCFA2" },
|
||||
{ "Remote Installation Services",
|
||||
"3060E8CE-7020-11D2-842D-00C04FA372D4" },
|
||||
{ "Security Settings",
|
||||
"803E14A0-B4FB-11D0-A0D0-00A0C90F574B" },
|
||||
{ "Security policy processing",
|
||||
"827D319E-6EAC-11D2-A4EA-00C04F79F83A" },
|
||||
{ "unknown",
|
||||
"3060E8D0-7020-11D2-842D-00C04FA372D4" },
|
||||
{ "unknown2",
|
||||
"53D6AB1B-2488-11D1-A28C-00C04FB94F17" },
|
||||
{ NULL, NULL }
|
||||
};
|
||||
|
||||
/****************************************************************
|
||||
****************************************************************/
|
||||
|
||||
static const char *name_to_guid_string(const char *name, struct gpo_table *table)
|
||||
static const char *name_to_guid_string(const char *name,
|
||||
struct gp_table *table)
|
||||
{
|
||||
int i;
|
||||
|
||||
@ -115,14 +115,15 @@ static const char *name_to_guid_string(const char *name, struct gpo_table *table
|
||||
return table[i].guid_string;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/****************************************************************
|
||||
****************************************************************/
|
||||
|
||||
static const char *guid_string_to_name(const char *guid_string, struct gpo_table *table)
|
||||
static const char *guid_string_to_name(const char *guid_string,
|
||||
struct gp_table *table)
|
||||
{
|
||||
int i;
|
||||
|
||||
@ -131,15 +132,15 @@ static const char *guid_string_to_name(const char *guid_string, struct gpo_table
|
||||
return table[i].name;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/****************************************************************
|
||||
****************************************************************/
|
||||
|
||||
static const char *snapin_guid_string_to_name(const char *guid_string,
|
||||
struct snapin_table *table)
|
||||
static const char *snapin_guid_string_to_name(const char *guid_string,
|
||||
struct gp_table *table)
|
||||
{
|
||||
int i;
|
||||
for (i = 0; table[i].guid_string; i++) {
|
||||
@ -203,18 +204,25 @@ void dump_gp_ext(struct GP_EXT *gp_ext, int debuglevel)
|
||||
|
||||
for (i=0; i< gp_ext->num_exts; i++) {
|
||||
|
||||
DEBUGADD(lvl,("\textension:\t\t\t%s\n", gp_ext->extensions_guid[i]));
|
||||
DEBUGADD(lvl,("\textension (name):\t\t\t%s\n", gp_ext->extensions[i]));
|
||||
|
||||
DEBUGADD(lvl,("\tsnapin:\t\t\t%s\n", gp_ext->snapins_guid[i]));
|
||||
DEBUGADD(lvl,("\tsnapin (name):\t\t\t%s\n", gp_ext->snapins[i]));
|
||||
DEBUGADD(lvl,("\textension:\t\t\t%s\n",
|
||||
gp_ext->extensions_guid[i]));
|
||||
DEBUGADD(lvl,("\textension (name):\t\t\t%s\n",
|
||||
gp_ext->extensions[i]));
|
||||
|
||||
DEBUGADD(lvl,("\tsnapin:\t\t\t%s\n",
|
||||
gp_ext->snapins_guid[i]));
|
||||
DEBUGADD(lvl,("\tsnapin (name):\t\t\t%s\n",
|
||||
gp_ext->snapins[i]));
|
||||
}
|
||||
}
|
||||
|
||||
/****************************************************************
|
||||
****************************************************************/
|
||||
|
||||
void dump_gpo(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, struct GROUP_POLICY_OBJECT *gpo, int debuglevel)
|
||||
void dump_gpo(ADS_STRUCT *ads,
|
||||
TALLOC_CTX *mem_ctx,
|
||||
struct GROUP_POLICY_OBJECT *gpo,
|
||||
int debuglevel)
|
||||
{
|
||||
int lvl = debuglevel;
|
||||
|
||||
@ -227,10 +235,12 @@ void dump_gpo(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, struct GROUP_POLICY_OBJECT *
|
||||
DEBUGADD(lvl,("name:\t\t\t%s\n", gpo->name));
|
||||
DEBUGADD(lvl,("displayname:\t\t%s\n", gpo->display_name));
|
||||
DEBUGADD(lvl,("version:\t\t%d (0x%08x)\n", gpo->version, gpo->version));
|
||||
DEBUGADD(lvl,("version_user:\t\t%d (0x%04x)\n", GPO_VERSION_USER(gpo->version),
|
||||
GPO_VERSION_USER(gpo->version)));
|
||||
DEBUGADD(lvl,("version_machine:\t%d (0x%04x)\n", GPO_VERSION_MACHINE(gpo->version),
|
||||
GPO_VERSION_MACHINE(gpo->version)));
|
||||
DEBUGADD(lvl,("version_user:\t\t%d (0x%04x)\n",
|
||||
GPO_VERSION_USER(gpo->version),
|
||||
GPO_VERSION_USER(gpo->version)));
|
||||
DEBUGADD(lvl,("version_machine:\t%d (0x%04x)\n",
|
||||
GPO_VERSION_MACHINE(gpo->version),
|
||||
GPO_VERSION_MACHINE(gpo->version)));
|
||||
DEBUGADD(lvl,("filesyspath:\t\t%s\n", gpo->file_sys_path));
|
||||
DEBUGADD(lvl,("dspath:\t\t%s\n", gpo->ds_path));
|
||||
|
||||
@ -280,24 +290,22 @@ void dump_gpo(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, struct GROUP_POLICY_OBJECT *
|
||||
if (gpo->machine_extensions) {
|
||||
|
||||
struct GP_EXT *gp_ext = NULL;
|
||||
ADS_STATUS status;
|
||||
|
||||
status = ads_parse_gp_ext(mem_ctx, gpo->machine_extensions, &gp_ext);
|
||||
if (!ADS_ERR_OK(status)) {
|
||||
if (!ads_parse_gp_ext(mem_ctx, gpo->machine_extensions,
|
||||
&gp_ext)) {
|
||||
return;
|
||||
}
|
||||
dump_gp_ext(gp_ext, lvl);
|
||||
}
|
||||
|
||||
|
||||
DEBUGADD(lvl,("user_extensions:\t%s\n", gpo->user_extensions));
|
||||
|
||||
if (gpo->user_extensions) {
|
||||
|
||||
|
||||
struct GP_EXT *gp_ext = NULL;
|
||||
ADS_STATUS status;
|
||||
|
||||
status = ads_parse_gp_ext(mem_ctx, gpo->user_extensions, &gp_ext);
|
||||
if (!ADS_ERR_OK(status)) {
|
||||
|
||||
if (!ads_parse_gp_ext(mem_ctx, gpo->user_extensions,
|
||||
&gp_ext)) {
|
||||
return;
|
||||
}
|
||||
dump_gp_ext(gp_ext, lvl);
|
||||
@ -311,9 +319,9 @@ void dump_gpo(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, struct GROUP_POLICY_OBJECT *
|
||||
/****************************************************************
|
||||
****************************************************************/
|
||||
|
||||
void dump_gpo_list(ADS_STRUCT *ads,
|
||||
TALLOC_CTX *mem_ctx,
|
||||
struct GROUP_POLICY_OBJECT *gpo_list,
|
||||
void dump_gpo_list(ADS_STRUCT *ads,
|
||||
TALLOC_CTX *mem_ctx,
|
||||
struct GROUP_POLICY_OBJECT *gpo_list,
|
||||
int debuglevel)
|
||||
{
|
||||
struct GROUP_POLICY_OBJECT *gpo = NULL;
|
||||
@ -354,9 +362,9 @@ void dump_gplink(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, struct GP_LINK *gp_link)
|
||||
DEBUGADD(lvl,("num links: %d\n", gp_link->num_links));
|
||||
|
||||
for (i = 0; i < gp_link->num_links; i++) {
|
||||
|
||||
|
||||
DEBUGADD(lvl,("---------------------\n\n"));
|
||||
|
||||
|
||||
DEBUGADD(lvl,("link: #%d\n", i + 1));
|
||||
DEBUGADD(lvl,("name: %s\n", gp_link->link_names[i]));
|
||||
|
||||
@ -373,9 +381,13 @@ void dump_gplink(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, struct GP_LINK *gp_link)
|
||||
|
||||
struct GROUP_POLICY_OBJECT gpo;
|
||||
|
||||
status = ads_get_gpo(ads, mem_ctx, gp_link->link_names[i], NULL, NULL, &gpo);
|
||||
status = ads_get_gpo(ads, mem_ctx,
|
||||
gp_link->link_names[i],
|
||||
NULL, NULL, &gpo);
|
||||
if (!ADS_ERR_OK(status)) {
|
||||
DEBUG(lvl,("get gpo for %s failed: %s\n", gp_link->link_names[i], ads_errstr(status)));
|
||||
DEBUG(lvl,("get gpo for %s failed: %s\n",
|
||||
gp_link->link_names[i],
|
||||
ads_errstr(status)));
|
||||
return;
|
||||
}
|
||||
dump_gpo(ads, mem_ctx, &gpo, lvl);
|
||||
@ -386,27 +398,21 @@ void dump_gplink(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, struct GP_LINK *gp_link)
|
||||
/****************************************************************
|
||||
****************************************************************/
|
||||
|
||||
ADS_STATUS process_extension_with_snapin(ADS_STRUCT *ads,
|
||||
TALLOC_CTX *mem_ctx,
|
||||
struct GROUP_POLICY_OBJECT *gpo,
|
||||
const char *extension_guid,
|
||||
const char *snapin_guid)
|
||||
NTSTATUS process_extension(ADS_STRUCT *ads,
|
||||
TALLOC_CTX *mem_ctx,
|
||||
uint32_t flags,
|
||||
const struct nt_user_token *token,
|
||||
struct GROUP_POLICY_OBJECT *gpo,
|
||||
const char *extension_guid,
|
||||
const char *snapin_guid)
|
||||
{
|
||||
int i;
|
||||
DEBUG(0,("process_extension: no extension available for:\n"));
|
||||
DEBUGADD(0,("%s (%s) (snapin: %s)\n",
|
||||
extension_guid,
|
||||
cse_gpo_guid_string_to_name(extension_guid),
|
||||
snapin_guid));
|
||||
|
||||
for (i=0; gpo_cse_snapin_extensions[i].guid_string; i++) {
|
||||
|
||||
if (strcmp(gpo_cse_snapin_extensions[i].guid_string, snapin_guid) == 0) {
|
||||
|
||||
return gpo_cse_snapin_extensions[i].snapin_fn(ads, mem_ctx, gpo,
|
||||
extension_guid, snapin_guid);
|
||||
}
|
||||
}
|
||||
|
||||
DEBUG(10,("process_extension_with_snapin: no snapin handler for extension %s (%s) found\n",
|
||||
extension_guid, snapin_guid));
|
||||
|
||||
return ADS_SUCCESS;
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
/****************************************************************
|
||||
@ -414,37 +420,42 @@ ADS_STATUS process_extension_with_snapin(ADS_STRUCT *ads,
|
||||
|
||||
ADS_STATUS gpo_process_a_gpo(ADS_STRUCT *ads,
|
||||
TALLOC_CTX *mem_ctx,
|
||||
const struct nt_user_token *token,
|
||||
struct GROUP_POLICY_OBJECT *gpo,
|
||||
const char *extension_guid_filter,
|
||||
uint32 flags)
|
||||
uint32_t flags)
|
||||
{
|
||||
ADS_STATUS status;
|
||||
struct GP_EXT *gp_ext = NULL;
|
||||
int i;
|
||||
|
||||
|
||||
DEBUG(10,("gpo_process_a_gpo: processing gpo %s (%s)\n",
|
||||
gpo->name, gpo->display_name));
|
||||
if (extension_guid_filter) {
|
||||
DEBUGADD(10,("gpo_process_a_gpo: using filter %s\n",
|
||||
extension_guid_filter));
|
||||
}
|
||||
|
||||
if (flags & GPO_LIST_FLAG_MACHINE) {
|
||||
|
||||
if (gpo->machine_extensions) {
|
||||
|
||||
status = ads_parse_gp_ext(mem_ctx, gpo->machine_extensions, &gp_ext);
|
||||
|
||||
if (!ADS_ERR_OK(status)) {
|
||||
return status;
|
||||
if (!ads_parse_gp_ext(mem_ctx, gpo->machine_extensions,
|
||||
&gp_ext)) {
|
||||
return ADS_ERROR(LDAP_PARAM_ERROR);
|
||||
}
|
||||
|
||||
} else {
|
||||
/* nothing to apply */
|
||||
return ADS_SUCCESS;
|
||||
}
|
||||
|
||||
|
||||
} else {
|
||||
|
||||
if (gpo->user_extensions) {
|
||||
|
||||
status = ads_parse_gp_ext(mem_ctx, gpo->user_extensions, &gp_ext);
|
||||
|
||||
if (!ADS_ERR_OK(status)) {
|
||||
return status;
|
||||
if (!ads_parse_gp_ext(mem_ctx, gpo->user_extensions,
|
||||
&gp_ext)) {
|
||||
return ADS_ERROR(LDAP_PARAM_ERROR);
|
||||
}
|
||||
} else {
|
||||
/* nothing to apply */
|
||||
@ -454,15 +465,20 @@ ADS_STATUS gpo_process_a_gpo(ADS_STRUCT *ads,
|
||||
|
||||
for (i=0; i<gp_ext->num_exts; i++) {
|
||||
|
||||
if (extension_guid_filter && !strequal(extension_guid_filter, gp_ext->extensions_guid[i])) {
|
||||
NTSTATUS ntstatus;
|
||||
|
||||
if (extension_guid_filter &&
|
||||
!strequal(extension_guid_filter,
|
||||
gp_ext->extensions_guid[i])) {
|
||||
continue;
|
||||
}
|
||||
|
||||
status = process_extension_with_snapin(ads, mem_ctx, gpo,
|
||||
gp_ext->extensions_guid[i],
|
||||
gp_ext->snapins_guid[i]);
|
||||
if (!ADS_ERR_OK(status)) {
|
||||
return status;
|
||||
ntstatus = process_extension(ads, mem_ctx,
|
||||
flags, token, gpo,
|
||||
gp_ext->extensions_guid[i],
|
||||
gp_ext->snapins_guid[i]);
|
||||
if (!NT_STATUS_IS_OK(ntstatus)) {
|
||||
ADS_ERROR_NT(ntstatus);
|
||||
}
|
||||
}
|
||||
|
||||
@ -474,19 +490,27 @@ ADS_STATUS gpo_process_a_gpo(ADS_STRUCT *ads,
|
||||
|
||||
ADS_STATUS gpo_process_gpo_list(ADS_STRUCT *ads,
|
||||
TALLOC_CTX *mem_ctx,
|
||||
const struct nt_user_token *token,
|
||||
struct GROUP_POLICY_OBJECT *gpo_list,
|
||||
const char *extensions_guid,
|
||||
uint32 flags)
|
||||
uint32_t flags)
|
||||
{
|
||||
ADS_STATUS status;
|
||||
struct GROUP_POLICY_OBJECT *gpo;
|
||||
|
||||
/* FIXME: ok, this is wrong, windows does process the extensions and
|
||||
* hands the list of gpos to each extension and not process each gpo
|
||||
* with all extensions (this is how the extension can store the list
|
||||
* gplist in the registry) */
|
||||
|
||||
for (gpo = gpo_list; gpo; gpo = gpo->next) {
|
||||
|
||||
status = gpo_process_a_gpo(ads, mem_ctx, gpo,
|
||||
|
||||
status = gpo_process_a_gpo(ads, mem_ctx, token, gpo,
|
||||
extensions_guid, flags);
|
||||
|
||||
|
||||
if (!ADS_ERR_OK(status)) {
|
||||
DEBUG(0,("failed to process gpo: %s\n",
|
||||
ads_errstr(status)));
|
||||
return status;
|
||||
}
|
||||
|
||||
@ -495,80 +519,14 @@ ADS_STATUS gpo_process_gpo_list(ADS_STRUCT *ads,
|
||||
return ADS_SUCCESS;
|
||||
}
|
||||
|
||||
ADS_STATUS gpo_snapin_handler_none(ADS_STRUCT *ads,
|
||||
TALLOC_CTX *mem_ctx,
|
||||
struct GROUP_POLICY_OBJECT *gpo,
|
||||
const char *extension_guid,
|
||||
const char *snapin_guid)
|
||||
{
|
||||
DEBUG(10,("gpo_snapin_handler_none\n"));
|
||||
|
||||
return ADS_SUCCESS;
|
||||
}
|
||||
|
||||
ADS_STATUS gpo_snapin_handler_security_settings(ADS_STRUCT *ads,
|
||||
TALLOC_CTX *mem_ctx,
|
||||
struct GROUP_POLICY_OBJECT *gpo,
|
||||
const char *extension_guid,
|
||||
const char *snapin_guid)
|
||||
{
|
||||
DEBUG(10,("gpo_snapin_handler_security_settings\n"));
|
||||
|
||||
return ADS_SUCCESS;
|
||||
}
|
||||
|
||||
ADS_STATUS gpo_lockout_policy(ADS_STRUCT *ads,
|
||||
TALLOC_CTX *mem_ctx,
|
||||
const char *hostname,
|
||||
SAM_UNK_INFO_12 *lockout_policy)
|
||||
{
|
||||
return ADS_ERROR_NT(NT_STATUS_NOT_IMPLEMENTED);
|
||||
}
|
||||
|
||||
/****************************************************************
|
||||
****************************************************************/
|
||||
|
||||
ADS_STATUS gpo_password_policy(ADS_STRUCT *ads,
|
||||
TALLOC_CTX *mem_ctx,
|
||||
const char *hostname,
|
||||
SAM_UNK_INFO_1 *password_policy)
|
||||
{
|
||||
ADS_STATUS status;
|
||||
struct GROUP_POLICY_OBJECT *gpo_list;
|
||||
const char *dn = NULL;
|
||||
uint32 uac = 0;
|
||||
|
||||
status = ads_find_samaccount(ads, mem_ctx, hostname, &uac, &dn);
|
||||
if (!ADS_ERR_OK(status)) {
|
||||
return status;
|
||||
}
|
||||
|
||||
if (!(uac & UF_WORKSTATION_TRUST_ACCOUNT)) {
|
||||
return ADS_ERROR(LDAP_NO_SUCH_OBJECT);
|
||||
}
|
||||
|
||||
status = ads_get_gpo_list(ads, mem_ctx, dn, GPO_LIST_FLAG_MACHINE, &gpo_list);
|
||||
if (!ADS_ERR_OK(status)) {
|
||||
return status;
|
||||
}
|
||||
|
||||
status = gpo_process_gpo_list(ads, mem_ctx, gpo_list,
|
||||
cse_gpo_name_to_guid_string("Security"),
|
||||
GPO_LIST_FLAG_MACHINE);
|
||||
if (!ADS_ERR_OK(status)) {
|
||||
return status;
|
||||
}
|
||||
|
||||
return ADS_SUCCESS;
|
||||
}
|
||||
|
||||
/****************************************************************
|
||||
check wether the version number in a GROUP_POLICY_OBJECT match those of the
|
||||
locally stored version. If not, fetch the required policy via CIFS
|
||||
****************************************************************/
|
||||
|
||||
NTSTATUS check_refresh_gpo(ADS_STRUCT *ads,
|
||||
NTSTATUS check_refresh_gpo(ADS_STRUCT *ads,
|
||||
TALLOC_CTX *mem_ctx,
|
||||
uint32_t flags,
|
||||
struct GROUP_POLICY_OBJECT *gpo,
|
||||
struct cli_state **cli_out)
|
||||
{
|
||||
@ -577,43 +535,54 @@ NTSTATUS check_refresh_gpo(ADS_STRUCT *ads,
|
||||
char *share = NULL;
|
||||
char *nt_path = NULL;
|
||||
char *unix_path = NULL;
|
||||
uint32 sysvol_gpt_version = 0;
|
||||
uint32_t sysvol_gpt_version = 0;
|
||||
char *display_name = NULL;
|
||||
struct cli_state *cli = NULL;
|
||||
|
||||
result = gpo_explode_filesyspath(mem_ctx, gpo->file_sys_path,
|
||||
result = gpo_explode_filesyspath(mem_ctx, gpo->file_sys_path,
|
||||
&server, &share, &nt_path, &unix_path);
|
||||
|
||||
if (!NT_STATUS_IS_OK(result)) {
|
||||
goto out;
|
||||
}
|
||||
|
||||
result = gpo_get_sysvol_gpt_version(mem_ctx,
|
||||
result = gpo_get_sysvol_gpt_version(mem_ctx,
|
||||
unix_path,
|
||||
&sysvol_gpt_version,
|
||||
&display_name);
|
||||
if (!NT_STATUS_IS_OK(result) &&
|
||||
if (!NT_STATUS_IS_OK(result) &&
|
||||
!NT_STATUS_EQUAL(result, NT_STATUS_NO_SUCH_FILE)) {
|
||||
DEBUG(10,("check_refresh_gpo: failed to get local gpt version: %s\n",
|
||||
DEBUG(10,("check_refresh_gpo: "
|
||||
"failed to get local gpt version: %s\n",
|
||||
nt_errstr(result)));
|
||||
goto out;
|
||||
}
|
||||
|
||||
DEBUG(10,("check_refresh_gpo: versions gpo %d sysvol %d\n",
|
||||
gpo->version, sysvol_gpt_version));
|
||||
|
||||
/* FIXME: handle GPO_INFO_FLAG_FORCED_REFRESH from flags */
|
||||
|
||||
while (gpo->version > sysvol_gpt_version) {
|
||||
|
||||
DEBUG(1,("check_refresh_gpo: need to refresh GPO\n"));
|
||||
|
||||
if (*cli_out == NULL) {
|
||||
|
||||
result = cli_full_connection(&cli, global_myname(),
|
||||
server, /* ads->config.ldap_server_name, */
|
||||
NULL, 0,
|
||||
share, "A:",
|
||||
ads->auth.user_name, NULL, ads->auth.password,
|
||||
CLI_FULL_CONNECTION_USE_KERBEROS,
|
||||
Undefined, NULL);
|
||||
result = cli_full_connection(&cli,
|
||||
global_myname(),
|
||||
ads->config.ldap_server_name,
|
||||
/* server */
|
||||
NULL, 0,
|
||||
share, "A:",
|
||||
ads->auth.user_name, NULL,
|
||||
ads->auth.password,
|
||||
CLI_FULL_CONNECTION_USE_KERBEROS,
|
||||
Undefined, NULL);
|
||||
if (!NT_STATUS_IS_OK(result)) {
|
||||
DEBUG(10,("check_refresh_gpo: failed to connect: %s\n", nt_errstr(result)));
|
||||
DEBUG(10,("check_refresh_gpo: "
|
||||
"failed to connect: %s\n",
|
||||
nt_errstr(result)));
|
||||
goto out;
|
||||
}
|
||||
|
||||
@ -625,27 +594,28 @@ NTSTATUS check_refresh_gpo(ADS_STRUCT *ads,
|
||||
goto out;
|
||||
}
|
||||
|
||||
result = gpo_get_sysvol_gpt_version(mem_ctx,
|
||||
unix_path,
|
||||
result = gpo_get_sysvol_gpt_version(mem_ctx,
|
||||
unix_path,
|
||||
&sysvol_gpt_version,
|
||||
&display_name);
|
||||
&display_name);
|
||||
if (!NT_STATUS_IS_OK(result)) {
|
||||
DEBUG(10,("check_refresh_gpo: failed to get local gpt version: %s\n",
|
||||
DEBUG(10,("check_refresh_gpo: "
|
||||
"failed to get local gpt version: %s\n",
|
||||
nt_errstr(result)));
|
||||
goto out;
|
||||
}
|
||||
|
||||
|
||||
if (gpo->version == sysvol_gpt_version) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
DEBUG(10,("Name:\t\t\t%s\n", gpo->display_name));
|
||||
DEBUGADD(10,("sysvol GPT version:\t%d (user: %d, machine: %d)\n",
|
||||
sysvol_gpt_version,
|
||||
GPO_VERSION_USER(sysvol_gpt_version),
|
||||
GPO_VERSION_MACHINE(sysvol_gpt_version)));
|
||||
DEBUGADD(10,("LDAP GPO version:\t%d (user: %d, machine: %d)\n",
|
||||
DEBUG(10,("Name:\t\t\t%s (%s)\n", gpo->display_name, gpo->name));
|
||||
DEBUGADD(10,("sysvol GPT version:\t%d (user: %d, machine: %d)\n",
|
||||
sysvol_gpt_version,
|
||||
GPO_VERSION_USER(sysvol_gpt_version),
|
||||
GPO_VERSION_MACHINE(sysvol_gpt_version)));
|
||||
DEBUGADD(10,("LDAP GPO version:\t%d (user: %d, machine: %d)\n",
|
||||
gpo->version,
|
||||
GPO_VERSION_USER(gpo->version),
|
||||
GPO_VERSION_MACHINE(gpo->version)));
|
||||
@ -662,8 +632,9 @@ NTSTATUS check_refresh_gpo(ADS_STRUCT *ads,
|
||||
not, go and get each required GPO via CIFS
|
||||
****************************************************************/
|
||||
|
||||
NTSTATUS check_refresh_gpo_list(ADS_STRUCT *ads,
|
||||
TALLOC_CTX *mem_ctx,
|
||||
NTSTATUS check_refresh_gpo_list(ADS_STRUCT *ads,
|
||||
TALLOC_CTX *mem_ctx,
|
||||
uint32_t flags,
|
||||
struct GROUP_POLICY_OBJECT *gpo_list)
|
||||
{
|
||||
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
|
||||
@ -676,7 +647,7 @@ NTSTATUS check_refresh_gpo_list(ADS_STRUCT *ads,
|
||||
|
||||
for (gpo = gpo_list; gpo; gpo = gpo->next) {
|
||||
|
||||
result = check_refresh_gpo(ads, mem_ctx, gpo, &cli);
|
||||
result = check_refresh_gpo(ads, mem_ctx, flags, gpo, &cli);
|
||||
if (!NT_STATUS_IS_OK(result)) {
|
||||
goto out;
|
||||
}
|
||||
@ -691,5 +662,4 @@ NTSTATUS check_refresh_gpo_list(ADS_STRUCT *ads,
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
#endif /* HAVE_LDAP */
|
||||
|
||||
@ -52,7 +52,8 @@ static int net_ads_gpo_refresh(int argc, const char **argv)
|
||||
uint32 flags = 0;
|
||||
struct GROUP_POLICY_OBJECT *gpo;
|
||||
NTSTATUS result;
|
||||
|
||||
struct nt_user_token *token = NULL;
|
||||
|
||||
if (argc < 1) {
|
||||
printf("usage: net ads gpo refresh <username|machinename>\n");
|
||||
return -1;
|
||||
@ -82,12 +83,17 @@ static int net_ads_gpo_refresh(int argc, const char **argv)
|
||||
(uac & UF_WORKSTATION_TRUST_ACCOUNT) ? "machine" : "user",
|
||||
argv[0], dn);
|
||||
|
||||
status = ads_get_gpo_list(ads, mem_ctx, dn, flags, &gpo_list);
|
||||
status = ads_get_sid_token(ads, mem_ctx, dn, &token);
|
||||
if (!ADS_ERR_OK(status)) {
|
||||
goto out;
|
||||
}
|
||||
|
||||
if (!NT_STATUS_IS_OK(result = check_refresh_gpo_list(ads, mem_ctx, gpo_list))) {
|
||||
status = ads_get_gpo_list(ads, mem_ctx, dn, flags, token, &gpo_list);
|
||||
if (!ADS_ERR_OK(status)) {
|
||||
goto out;
|
||||
}
|
||||
|
||||
if (!NT_STATUS_IS_OK(result = check_refresh_gpo_list(ads, mem_ctx, flags, gpo_list))) {
|
||||
printf("failed to refresh GPOs: %s\n", nt_errstr(result));
|
||||
goto out;
|
||||
}
|
||||
@ -206,6 +212,7 @@ static int net_ads_gpo_list(int argc, const char **argv)
|
||||
uint32 uac = 0;
|
||||
uint32 flags = 0;
|
||||
struct GROUP_POLICY_OBJECT *gpo_list;
|
||||
struct nt_user_token *token = NULL;
|
||||
|
||||
if (argc < 1) {
|
||||
printf("usage: net ads gpo list <username|machinename>\n");
|
||||
@ -235,7 +242,12 @@ static int net_ads_gpo_list(int argc, const char **argv)
|
||||
(uac & UF_WORKSTATION_TRUST_ACCOUNT) ? "machine" : "user",
|
||||
argv[0], dn);
|
||||
|
||||
status = ads_get_gpo_list(ads, mem_ctx, dn, flags, &gpo_list);
|
||||
status = ads_get_sid_token(ads, mem_ctx, dn, &token);
|
||||
if (!ADS_ERR_OK(status)) {
|
||||
goto out;
|
||||
}
|
||||
|
||||
status = ads_get_gpo_list(ads, mem_ctx, dn, flags, token, &gpo_list);
|
||||
if (!ADS_ERR_OK(status)) {
|
||||
goto out;
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user