samba-mirror

mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00

Author	SHA1	Message	Date
Lutz Justen	5f2576a9af	lib: gpo: Put enforced GPOs at the end of the list. Enforced GPOs should be applied on top of all non-enforced GPOs, so that they override policies set in non-enforced GPOs. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13046 Signed-off-by: Lutz Justen <ljusten@google.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Sat Sep 23 05:25:19 CEST 2017 on sn-devel-144	2017-09-23 05:25:19 +02:00
Lutz Justen	69410c0a02	lib: gpo: Fixes issue with GPOPTIONS_BLOCK_INHERITANCE. GP links with the GPOPTIONS_BLOCK_INHERITANCE option set were blocking GPOs from the same link (i.e. an OU with the flag set would block its own GPOs). This patch makes sure the GPOs from the link are added to the list. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13046 Signed-off-by: Lutz Justen <ljusten@google.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>	2017-09-23 01:25:24 +02:00
Lutz Justen	6a531773b8	lib: gpo: Changes order to match GPO application order. The order of GPOs in a gpo_list generated by ads_get_gpo_list did not match the order of application. Since GPOs are pushed to the FRONT of gpo_list, GPOs have to be pushed in the opposite order of application. (Pushing to front is useful to get inheritance blocking right). BUG: https://bugzilla.samba.org/show_bug.cgi?id=13046 Signed-off-by: Lutz Justen <ljusten@google.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>	2017-09-23 01:25:24 +02:00
Stefan Metzmacher	6ca2cfaff9	CVE-2017-12150: libgpo: make use of SMB_SIGNING_REQUIRED in gpo_connect_server() It's important that we use a signed connection to get the GPOs! BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997 Signed-off-by: Stefan Metzmacher <metze@samba.org>	2017-09-20 13:04:10 +02:00
Volker Lendecke	a433f1a757	lib: Give util_paths.c its own header Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2017-06-24 01:21:10 +02:00
Jeremy Allison	24622bab3a	s3: libgpo: Allow skipping GPO objects that don't have the expected LDAP attributes. We expect the following attributes to be present in an LDAP GPO object: displayName flags gPCFileSysPath name ntSecurityDescriptor versionNumber and fail if a result is returned without them. Change this to skip results that don't contain these attributes instead. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12695 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>	2017-03-16 20:30:19 +01:00
Günther Deschner	9a55940e95	libgpo: Fix error check in gp_inifile_init_context_direct() Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2017-01-20 11:18:21 +01:00
Günther Deschner	c586c3d962	libgpo: allow empty values in gp inifile parsing code. Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Jan 6 16:16:02 CET 2017 on sn-devel-144	2017-01-06 16:16:01 +01:00
Günther Deschner	235aa67544	libgpo: default to empty values if none are there Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2017-01-06 12:28:19 +01:00
Günther Deschner	06978c6541	libgpo: deal with non utf16-le ini files. Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2017-01-06 12:28:19 +01:00
Günther Deschner	dcb2680163	libgpo: apply some const. Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2017-01-06 12:28:19 +01:00
Günther Deschner	8e5251c1f3	libgpo: add gp_inifile_enum_section() Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2017-01-06 12:28:18 +01:00
Günther Deschner	5c16dfe325	libgpo: add gp_inifile_init_context_direct() This varient ignores the group policy flags and does not try to find the right unix path. Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2017-01-06 12:28:18 +01:00
Günther Deschner	2f0703b02e	werror: replace WERR_INVALID_PARAM with WERR_INVALID_PARAMETER in libgpo/gpext/gpext.c Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2016-09-28 00:04:22 +02:00
Günther Deschner	add8419783	libgpo: accept more boolean matches in gp_inifile_getbool(). Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2016-09-11 19:57:26 +02:00
Jeremy Allison	2a8ccc0841	libgpo: Correctly use the 'server' parameter after parsing it out of the GPO path. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12135 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>	2016-08-10 08:18:17 +02:00
Andrew Bartlett	c86d508f65	libgpo: Fix compiler errors when building with --address-sanitizer Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>	2016-06-16 04:40:12 +02:00
Mathieu Parent	c315fce17e	Fix various spelling errors Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Nov 6 13:43:45 CET 2015 on sn-devel-104	2015-11-06 13:43:45 +01:00
Günther Deschner	a62cc2ce44	samba: pass down size_t instead of int to add_string_to_array(). Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Mon Nov 17 19:53:22 CET 2014 on sn-devel-104	2014-11-17 19:53:22 +01:00
David Disseldorp	b7caabdb9e	libgpo: replace dup_sec_desc() usage Use security_descriptor_copy() instead, which is also provided by libcli. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2014-05-28 17:52:13 +02:00
Garming Sam	952bc3cad0	Remove a number of NT_STATUS_HAVE_NO_MEMORY_AND_FREE macros from the codebase. Following the current coding guidelines, it is considered bad practice to return from within a macro and change control flow as they look like normal function calls. Change-Id: I133eb5a699757ae57b87d3bd3ebbcf5b556b0268 Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2014-03-05 16:33:21 +01:00
Günther Deschner	8e5f4eab76	libgpo: apply some const. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Tue Jan 7 18:52:42 CET 2014 on sn-devel-104	2014-01-07 18:52:42 +01:00
Günther Deschner	88a0c401fc	libgpo: only use libgpo/gpext/gpext.h where really needed. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2014-01-07 16:59:39 +01:00
Günther Deschner	c3f9d9929c	libgpo: allow to pass down a list of deleted GPOs in gpo_process_gpo_list(). Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2014-01-07 16:59:39 +01:00
Günther Deschner	a78b4d4f65	libgpo: remove some unused code and remove that important FIXME note. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2014-01-07 16:59:39 +01:00
Günther Deschner	f6bc219850	libgpo: directly call gpext_process_extension() from gpo_process_gpo_list. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2014-01-07 16:59:38 +01:00
Günther Deschner	685da81365	libgpo: implement CSE filtering in gpext_process_extension(). Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2014-01-07 16:59:38 +01:00
Günther Deschner	bb351dec9b	libgpo: remove gpext_process_gpo_list_with_extension in favor of gpext_process_extension. gpext_preocess_extension properly deals with GPO lists now. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2014-01-07 16:59:38 +01:00
Günther Deschner	1010a01119	libgpo: remove extension_guid and snapin_guid (the tool guid) from the process callback. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2014-01-07 16:59:38 +01:00
Günther Deschner	a9cb3031bc	libgpo: allow to pass down deleted and changed gpo list to CSE plugins. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2014-01-07 16:59:38 +01:00
Günther Deschner	19268c5c26	libgpo/gpext: add new gpext_check_gpo_for_gpext_presence() helper function. It will be used to inspect single members of a gpo list for the presence of a CSE guid. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2014-01-07 16:59:38 +01:00
Günther Deschner	288e883fb0	libgpo: add gpo_copy(). Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2014-01-07 16:59:38 +01:00
Günther Deschner	57498dc569	libgpo: make gpo_get_gp_ext_from_gpo public. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2014-01-07 16:59:38 +01:00
Günther Deschner	3ef7919e3a	libgpo: make gpo_process_a_gpo() static to the util code. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2014-01-07 16:59:38 +01:00
Günther Deschner	0a15360f35	libgpo: remove unused gp_registry_entry2 struct. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2014-01-07 16:59:38 +01:00
Günther Deschner	9a4e007d90	libgpo: remove ads reference from dump calls and make them take const structs. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2014-01-07 16:59:38 +01:00
Günther Deschner	c39425f14b	libgpo: prefix some more calls with gpext_. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2014-01-07 16:59:38 +01:00
Günther Deschner	69997e2911	libgpo: rename debug_gpext_header to gpext_debug_header. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2014-01-07 16:59:38 +01:00
Günther Deschner	ec790f84be	libgpo: remove unused process_group_policy2 callback from CSE module API. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Wed Dec 18 16:45:20 CET 2013 on sn-devel-104	2013-12-18 16:45:20 +01:00
Günther Deschner	65a3ed5134	libgpo: remove some unnecessary usage of ADS_STATUS. Use NTSTATUS instead. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2013-12-18 14:48:24 +01:00
Günther Deschner	172d6cd0d0	libgpo: remove unrequired references to ads_struct. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2013-12-18 14:48:24 +01:00
Günther Deschner	e3be1d1188	libgpo: clean up CSE api, remove unrequired references to ads_struct. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2013-12-18 14:48:24 +01:00
Günther Deschner	8fef712eff	libgpo: clean up CSE module api, remove unrequired references to ads_struct. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2013-12-18 14:48:24 +01:00
Günther Deschner	103e672ef5	libgpo: support probing for parameters in gp_inifile_get functions. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2013-12-18 14:48:24 +01:00
Günther Deschner	785c3c12a9	libgpo: check for talloc failures in ini file parsing routines. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2013-12-18 14:48:24 +01:00
Günther Deschner	12c7b9498c	libgpo: add gp_inifile_getbool(). Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2013-12-12 13:34:51 +01:00
Günther Deschner	c329a6abcc	libgpo: fix segfault in gpo_process_gpo_list(). Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2013-12-12 13:34:50 +01:00
Günther Deschner	bc870ee845	libgpo: remove use of deprecated talloc functions. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2013-12-12 13:34:50 +01:00
Günther Deschner	feffac8068	libgpo: remove unused libgpo wscript_build. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2013-12-12 13:34:50 +01:00
Günther Deschner	36abc1c4e6	libgpo: use existing connection to the ds for the sysvol queries. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2013-12-12 13:34:50 +01:00

1 2 3

114 Commits