sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-07-30 19:42:05 +03:00
Code Activity

libgpo: allow to pass down deleted and changed gpo list to CSE plugins.

Browse Source 
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This commit is contained in:
Günther Deschner
2013-12-18 19:33:28 +01:00
committed by Andreas Schneider
parent 19268c5c26
commit a9cb3031bc
6 changed files with 200 additions and 113 deletions
Download Patch File Download Diff File Expand all files Collapse all files

109
libgpo/gpext/gpext.c
View File

@ -744,14 +744,14 @@ NTSTATUS gpext_process_extension(TALLOC_CTX *mem_ctx,
uint32_t flags,
const struct security_token *token,
struct registry_key *root_key,
struct GROUP_POLICY_OBJECT *gpo,
const struct GROUP_POLICY_OBJECT *deleted_gpo_list,
const struct GROUP_POLICY_OBJECT *changed_gpo_list,
const char *extension_guid,
const char *snapin_guid)
{
NTSTATUS status;
struct gp_extension *ext = NULL;
struct GUID guid;
bool cse_found = false;
const struct GROUP_POLICY_OBJECT *gpo;
status = gpext_init_gp_extensions(mem_ctx);
if (!NT_STATUS_IS_OK(status)) {
@ -760,47 +760,76 @@ NTSTATUS gpext_process_extension(TALLOC_CTX *mem_ctx,
return status;
}
status = GUID_from_string(extension_guid, &guid);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
for (ext = extensions; ext; ext = ext->next) {
if (GUID_equal(ext->guid, &guid)) {
cse_found = true;
break;
struct GROUP_POLICY_OBJECT *deleted_gpo_list_filtered = NULL;
struct GROUP_POLICY_OBJECT *changed_gpo_list_filtered = NULL;
for (gpo = deleted_gpo_list; gpo; gpo = gpo->next) {
bool is_present = false;
status = gpext_check_gpo_for_gpext_presence(mem_ctx,
flags,
gpo,
ext->guid,
&is_present);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
if (is_present) {
struct GROUP_POLICY_OBJECT *new_gpo;
status = gpo_copy(mem_ctx, gpo, &new_gpo);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
DLIST_ADD(deleted_gpo_list_filtered, new_gpo);
}
}
for (gpo = changed_gpo_list; gpo; gpo = gpo->next) {
bool is_present = false;
status = gpext_check_gpo_for_gpext_presence(mem_ctx,
flags,
gpo,
ext->guid,
&is_present);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
if (is_present) {
struct GROUP_POLICY_OBJECT *new_gpo;
status = gpo_copy(mem_ctx, gpo, &new_gpo);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
DLIST_ADD(changed_gpo_list_filtered, new_gpo);
}
}
status = ext->methods->initialize(mem_ctx);
NT_STATUS_NOT_OK_RETURN(status);
status = ext->methods->process_group_policy(mem_ctx,
flags,
root_key,
token,
deleted_gpo_list_filtered,
changed_gpo_list_filtered,
extension_guid,
snapin_guid);
if (!NT_STATUS_IS_OK(status)) {
ext->methods->shutdown();
}
}
if (!cse_found) {
goto no_ext;
}
status = ext->methods->initialize(mem_ctx);
NT_STATUS_NOT_OK_RETURN(status);
status = ext->methods->process_group_policy(mem_ctx,
flags,
root_key,
token,
gpo,
extension_guid,
snapin_guid);
if (!NT_STATUS_IS_OK(status)) {
ext->methods->shutdown();
}
return status;
no_ext:
if (flags & GPO_INFO_FLAG_VERBOSE) {
DEBUG(0,("process_extension: no extension available for:\n"));
DEBUGADD(0,("%s (%s) (snapin: %s)\n",
extension_guid,
cse_gpo_guid_string_to_name(extension_guid),
snapin_guid));
}
return NT_STATUS_OK;
}

6
libgpo/gpext/gpext.h
View File

@ -65,7 +65,8 @@ struct gp_extension_methods {
uint32_t flags,
struct registry_key *root_key,
const struct security_token *token,
struct GROUP_POLICY_OBJECT *gpo,
struct GROUP_POLICY_OBJECT *deleted_gpo_list,
struct GROUP_POLICY_OBJECT *changed_gpo_list,
const char *extension_guid,
const char *snapin_guid);
@ -108,7 +109,8 @@ NTSTATUS gpext_process_extension(TALLOC_CTX *mem_ctx,
uint32_t flags,
const struct security_token *token,
struct registry_key *root_key,
struct GROUP_POLICY_OBJECT *gpo,
const struct GROUP_POLICY_OBJECT *deleted_gpo_list,
const struct GROUP_POLICY_OBJECT *changed_gpo_list,
const char *extension_guid,
const char *snapin_guid);

3
libgpo/gpo_util.c
View File

@ -467,7 +467,8 @@ static NTSTATUS gpo_process_a_gpo(TALLOC_CTX *mem_ctx,
}
ntstatus = gpext_process_extension(mem_ctx,
flags, token, root_key, gpo,
flags, token, root_key,
NULL, gpo,
gp_ext->extensions_guid[i],
gp_ext->snapins_guid[i]);
if (!NT_STATUS_IS_OK(ntstatus)) {

59
source3/libgpo/gpext/registry.c
View File

@ -273,7 +273,8 @@ static NTSTATUS registry_process_group_policy(TALLOC_CTX *mem_ctx,
uint32_t flags,
struct registry_key *root_key,
const struct security_token *token,
struct GROUP_POLICY_OBJECT *gpo,
struct GROUP_POLICY_OBJECT *deleted_gpo_list,
struct GROUP_POLICY_OBJECT *changed_gpo_list,
const char *extension_guid,
const char *snapin_guid)
{
@ -282,32 +283,48 @@ static NTSTATUS registry_process_group_policy(TALLOC_CTX *mem_ctx,
struct gp_registry_entry *entries = NULL;
size_t num_entries = 0;
char *unix_path = NULL;
struct GROUP_POLICY_OBJECT *gpo;
gpext_debug_header(0, "registry_process_group_policy", flags, gpo,
extension_guid, snapin_guid);
/* implementation of the policy callback function, see
* http://msdn.microsoft.com/en-us/library/aa373494%28v=vs.85%29.aspx
* for details - gd */
status = gpo_get_unix_path(mem_ctx, cache_path(GPO_CACHE_DIR), gpo, &unix_path);
NT_STATUS_NOT_OK_RETURN(status);
/* for now do not process the list of deleted group policies
status = reg_parse_registry(mem_ctx,
flags,
unix_path,
&entries,
&num_entries);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("failed to parse registry: %s\n",
nt_errstr(status)));
return status;
for (gpo = deleted_gpo_list; gpo; gpo = gpo->next) {
}
dump_reg_entries(flags, "READ", entries, num_entries);
*/
werr = reg_apply_registry(mem_ctx, token, root_key, flags,
entries, num_entries);
if (!W_ERROR_IS_OK(werr)) {
DEBUG(0,("failed to apply registry: %s\n",
win_errstr(werr)));
return werror_to_ntstatus(werr);
for (gpo = changed_gpo_list; gpo; gpo = gpo->next) {
gpext_debug_header(0, "registry_process_group_policy", flags,
gpo, extension_guid, snapin_guid);
status = gpo_get_unix_path(mem_ctx, cache_path(GPO_CACHE_DIR),
gpo, &unix_path);
NT_STATUS_NOT_OK_RETURN(status);
status = reg_parse_registry(mem_ctx,
flags,
unix_path,
&entries,
&num_entries);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("failed to parse registry: %s\n",
nt_errstr(status)));
return status;
}
dump_reg_entries(flags, "READ", entries, num_entries);
werr = reg_apply_registry(mem_ctx, token, root_key, flags,
entries, num_entries);
if (!W_ERROR_IS_OK(werr)) {
DEBUG(0,("failed to apply registry: %s\n",
win_errstr(werr)));
return werror_to_ntstatus(werr);
}
}
return NT_STATUS_OK;

86
source3/libgpo/gpext/scripts.c
View File

@ -339,7 +339,8 @@ static NTSTATUS scripts_process_group_policy(TALLOC_CTX *mem_ctx,
uint32_t flags,
struct registry_key *root_key,
const struct security_token *token,
struct GROUP_POLICY_OBJECT *gpo,
struct GROUP_POLICY_OBJECT *deleted_gpo_list,
struct GROUP_POLICY_OBJECT *changed_gpo_list,
const char *extension_guid,
const char *snapin_guid)
{
@ -356,44 +357,61 @@ static NTSTATUS scripts_process_group_policy(TALLOC_CTX *mem_ctx,
GP_SCRIPTS_INI_LOGON,
GP_SCRIPTS_INI_LOGOFF
};
struct GROUP_POLICY_OBJECT *gpo;
gpext_debug_header(0, "scripts_process_group_policy", flags, gpo,
extension_guid, snapin_guid);
/* implementation of the policy callback function, see
* http://msdn.microsoft.com/en-us/library/aa373494%28v=vs.85%29.aspx
* for details - gd */
status = gpo_get_unix_path(mem_ctx, cache_path(GPO_CACHE_DIR), gpo, &unix_path);
NT_STATUS_NOT_OK_RETURN(status);
/* for now do not process the list of deleted group policies
status = gp_inifile_init_context(mem_ctx, flags, unix_path,
GP_SCRIPTS_INI, &ini_ctx);
NT_STATUS_NOT_OK_RETURN(status);
for (i = 0; i < ARRAY_SIZE(list); i++) {
TALLOC_FREE(entries);
num_entries = 0;
status = scripts_parse_ini_section(ini_ctx, flags, list[i],
&entries, &num_entries);
if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
continue;
}
if (!NT_STATUS_IS_OK(status)) {
return status;
}
dump_reg_entries(flags, "READ", entries, num_entries);
werr = scripts_apply(ini_ctx->mem_ctx, token, root_key,
flags, list[i], gpo, entries, num_entries);
if (!W_ERROR_IS_OK(werr)) {
continue; /* FIXME: finally fix storing emtpy strings and REG_QWORD! */
TALLOC_FREE(ini_ctx);
return werror_to_ntstatus(werr);
}
for (gpo = deleted_gpo_list; gpo; gpo = gpo->next) {
}
*/
for (gpo = changed_gpo_list; gpo; gpo = gpo->next) {
gpext_debug_header(0, "scripts_process_group_policy", flags,
gpo, extension_guid, snapin_guid);
status = gpo_get_unix_path(mem_ctx, cache_path(GPO_CACHE_DIR),
gpo, &unix_path);
NT_STATUS_NOT_OK_RETURN(status);
status = gp_inifile_init_context(mem_ctx, flags, unix_path,
GP_SCRIPTS_INI, &ini_ctx);
NT_STATUS_NOT_OK_RETURN(status);
for (i = 0; i < ARRAY_SIZE(list); i++) {
TALLOC_FREE(entries);
num_entries = 0;
status = scripts_parse_ini_section(ini_ctx, flags, list[i],
&entries, &num_entries);
if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
continue;
}
if (!NT_STATUS_IS_OK(status)) {
return status;
}
dump_reg_entries(flags, "READ", entries, num_entries);
werr = scripts_apply(ini_ctx->mem_ctx, token, root_key,
flags, list[i], gpo, entries, num_entries);
if (!W_ERROR_IS_OK(werr)) {
continue; /* FIXME: finally fix storing emtpy strings and REG_QWORD! */
TALLOC_FREE(ini_ctx);
return werror_to_ntstatus(werr);
}
}
TALLOC_FREE(ini_ctx);
}
TALLOC_FREE(ini_ctx);
return NT_STATUS_OK;
}

50
source3/libgpo/gpext/security.c
View File

@ -144,33 +144,53 @@ static NTSTATUS security_process_group_policy(TALLOC_CTX *mem_ctx,
uint32_t flags,
struct registry_key *root_key,
const struct security_token *token,
struct GROUP_POLICY_OBJECT *gpo,
struct GROUP_POLICY_OBJECT *deleted_gpo_list,
struct GROUP_POLICY_OBJECT *changed_gpo_list,
const char *extension_guid,
const char *snapin_guid)
{
NTSTATUS status;
char *unix_path = NULL;
struct gp_inifile_context *ini_ctx = NULL;
struct GROUP_POLICY_OBJECT *gpo;
gpext_debug_header(0, "security_process_group_policy", flags, gpo,
extension_guid, snapin_guid);
/* implementation of the policy callback function, see
* http://msdn.microsoft.com/en-us/library/aa373494%28v=vs.85%29.aspx
* for details - gd */
/* this handler processes the gpttmpl files and merge output to the
* registry */
/* for now do not process the list of deleted group policies
status = gpo_get_unix_path(mem_ctx, cache_path(GPO_CACHE_DIR), gpo, &unix_path);
if (!NT_STATUS_IS_OK(status)) {
goto out;
for (gpo = deleted_gpo_list; gpo; gpo = gpo->next) {
}
status = gpttmpl_init_context(mem_ctx, flags, unix_path, &ini_ctx);
if (!NT_STATUS_IS_OK(status)) {
goto out;
}
*/
status = gpttmpl_process(ini_ctx, root_key, flags);
if (!NT_STATUS_IS_OK(status)) {
goto out;
for (gpo = changed_gpo_list; gpo; gpo = gpo->next) {
gpext_debug_header(0, "security_process_group_policy", flags,
gpo, extension_guid, snapin_guid);
/* this handler processes the gpttmpl files and merge output to the
* registry */
status = gpo_get_unix_path(mem_ctx, cache_path(GPO_CACHE_DIR),
gpo, &unix_path);
if (!NT_STATUS_IS_OK(status)) {
goto out;
}
status = gpttmpl_init_context(mem_ctx, flags, unix_path,
&ini_ctx);
if (!NT_STATUS_IS_OK(status)) {
goto out;
}
status = gpttmpl_process(ini_ctx, root_key, flags);
if (!NT_STATUS_IS_OK(status)) {
goto out;
}
TALLOC_FREE(ini_ctx);
}
out: