summaryrefslogtreecommitdiff
path: root/source/libgpo/gpo_ldap.c
diff options
context:
space:
mode:
Diffstat (limited to 'source/libgpo/gpo_ldap.c')
-rw-r--r--source/libgpo/gpo_ldap.c205
1 files changed, 54 insertions, 151 deletions
diff --git a/source/libgpo/gpo_ldap.c b/source/libgpo/gpo_ldap.c
index 3f90fa4a621..6c1079832d0 100644
--- a/source/libgpo/gpo_ldap.c
+++ b/source/libgpo/gpo_ldap.c
@@ -28,24 +28,14 @@
ADS_STATUS ads_parse_gp_ext(TALLOC_CTX *mem_ctx,
const char *extension_raw,
- struct GP_EXT **gp_ext)
+ struct GP_EXT *gp_ext)
{
- struct GP_EXT *ext = NULL;
char **ext_list;
char **ext_strings = NULL;
int i;
- if (!extension_raw) {
- goto parse_error;
- }
-
DEBUG(20,("ads_parse_gp_ext: %s\n", extension_raw));
- ext = TALLOC_ZERO_P(mem_ctx, struct GP_EXT);
- if (!ext) {
- goto parse_error;
- }
-
ext_list = str_list_make_talloc(mem_ctx, extension_raw, "]");
if (ext_list == NULL) {
goto parse_error;
@@ -55,28 +45,28 @@ ADS_STATUS ads_parse_gp_ext(TALLOC_CTX *mem_ctx,
/* no op */
}
- ext->num_exts = i;
+ gp_ext->num_exts = i;
- if (ext->num_exts) {
- ext->extensions = TALLOC_ZERO_ARRAY(mem_ctx, char *, ext->num_exts);
- ext->extensions_guid = TALLOC_ZERO_ARRAY(mem_ctx, char *, ext->num_exts);
- ext->snapins = TALLOC_ZERO_ARRAY(mem_ctx, char *, ext->num_exts);
- ext->snapins_guid = TALLOC_ZERO_ARRAY(mem_ctx, char *, ext->num_exts);
+ if (gp_ext->num_exts) {
+ gp_ext->extensions = TALLOC_ZERO_ARRAY(mem_ctx, char *, gp_ext->num_exts);
+ gp_ext->extensions_guid = TALLOC_ZERO_ARRAY(mem_ctx, char *, gp_ext->num_exts);
+ gp_ext->snapins = TALLOC_ZERO_ARRAY(mem_ctx, char *, gp_ext->num_exts);
+ gp_ext->snapins_guid = TALLOC_ZERO_ARRAY(mem_ctx, char *, gp_ext->num_exts);
} else {
- ext->extensions = NULL;
- ext->extensions_guid = NULL;
- ext->snapins = NULL;
- ext->snapins_guid = NULL;
+ gp_ext->extensions = NULL;
+ gp_ext->extensions_guid = NULL;
+ gp_ext->snapins = NULL;
+ gp_ext->snapins_guid = NULL;
}
- ext->gp_extension = talloc_strdup(mem_ctx, extension_raw);
-
- if (ext->extensions == NULL || ext->extensions_guid == NULL ||
- ext->snapins == NULL || ext->snapins_guid == NULL ||
- ext->gp_extension == NULL) {
+ if (gp_ext->extensions == NULL || gp_ext->extensions_guid == NULL ||
+ gp_ext->snapins == NULL || gp_ext->snapins_guid == NULL ||
+ gp_ext->gp_extension == NULL) {
goto parse_error;
}
+ gp_ext->gp_extension = talloc_strdup(mem_ctx, extension_raw);
+
for (i = 0; ext_list[i] != NULL; i++) {
int k;
@@ -105,11 +95,11 @@ ADS_STATUS ads_parse_gp_ext(TALLOC_CTX *mem_ctx,
q++;
}
- ext->extensions[i] = talloc_strdup(mem_ctx, cse_gpo_guid_string_to_name(q));
- ext->extensions_guid[i] = talloc_strdup(mem_ctx, q);
+ gp_ext->extensions[i] = talloc_strdup(mem_ctx, cse_gpo_guid_string_to_name(q));
+ gp_ext->extensions_guid[i] = talloc_strdup(mem_ctx, q);
/* we might have no name for the guid */
- if (ext->extensions_guid[i] == NULL) {
+ if (gp_ext->extensions_guid[i] == NULL) {
goto parse_error;
}
@@ -122,11 +112,11 @@ ADS_STATUS ads_parse_gp_ext(TALLOC_CTX *mem_ctx,
}
/* FIXME: theoretically there could be more than one snapin per extension */
- ext->snapins[i] = talloc_strdup(mem_ctx, cse_snapin_gpo_guid_string_to_name(m));
- ext->snapins_guid[i] = talloc_strdup(mem_ctx, m);
+ gp_ext->snapins[i] = talloc_strdup(mem_ctx, cse_snapin_gpo_guid_string_to_name(m));
+ gp_ext->snapins_guid[i] = talloc_strdup(mem_ctx, m);
/* we might have no name for the guid */
- if (ext->snapins_guid[i] == NULL) {
+ if (gp_ext->snapins_guid[i] == NULL) {
goto parse_error;
}
}
@@ -139,8 +129,6 @@ ADS_STATUS ads_parse_gp_ext(TALLOC_CTX *mem_ctx,
str_list_free_talloc(mem_ctx, &ext_strings);
}
- *gp_ext = ext;
-
return ADS_ERROR(LDAP_SUCCESS);
parse_error:
@@ -158,15 +146,15 @@ parse_error:
parse the raw link string into a GP_LINK structure
****************************************************************/
-static ADS_STATUS gpo_parse_gplink(TALLOC_CTX *mem_ctx,
- const char *gp_link_raw,
- uint32 options,
- struct GP_LINK *gp_link)
+ADS_STATUS ads_parse_gplink(TALLOC_CTX *mem_ctx,
+ const char *gp_link_raw,
+ uint32 options,
+ struct GP_LINK *gp_link)
{
char **link_list;
int i;
- DEBUG(10,("gpo_parse_gplink: gPLink: %s\n", gp_link_raw));
+ DEBUG(10,("ads_parse_gplink: gPLink: %s\n", gp_link_raw));
link_list = str_list_make_talloc(mem_ctx, gp_link_raw, "]");
if (link_list == NULL) {
@@ -198,7 +186,7 @@ static ADS_STATUS gpo_parse_gplink(TALLOC_CTX *mem_ctx,
char *p, *q;
- DEBUGADD(10,("gpo_parse_gplink: processing link #%d\n", i));
+ DEBUGADD(10,("ads_parse_gplink: processing link #%d\n", i));
q = link_list[i];
if (q[0] == '[') {
@@ -219,8 +207,8 @@ static ADS_STATUS gpo_parse_gplink(TALLOC_CTX *mem_ctx,
gp_link->link_opts[i] = atoi(p + 1);
- DEBUGADD(10,("gpo_parse_gplink: link: %s\n", gp_link->link_names[i]));
- DEBUGADD(10,("gpo_parse_gplink: opt: %d\n", gp_link->link_opts[i]));
+ DEBUGADD(10,("ads_parse_gplink: link: %s\n", gp_link->link_names[i]));
+ DEBUGADD(10,("ads_parse_gplink: opt: %d\n", gp_link->link_opts[i]));
}
@@ -274,7 +262,7 @@ ADS_STATUS ads_get_gpo_link(ADS_STRUCT *ads,
return ADS_ERROR(LDAP_NO_SUCH_ATTRIBUTE);
}
- /* perfectly legal to have no options */
+ /* perfectly leggal to have no options */
if (!ads_pull_uint32(ads, res, "gPOptions", &gp_options)) {
DEBUG(10,("ads_get_gpo_link: no 'gPOptions' attribute found\n"));
gp_options = 0;
@@ -282,7 +270,7 @@ ADS_STATUS ads_get_gpo_link(ADS_STRUCT *ads,
ads_msgfree(ads, res);
- return gpo_parse_gplink(mem_ctx, gp_link, gp_options, gp_link_struct);
+ return ads_parse_gplink(mem_ctx, gp_link, gp_options, gp_link_struct);
}
/****************************************************************
@@ -446,9 +434,6 @@ ADS_STATUS ads_delete_gpo_link(ADS_STRUCT *ads,
gpo->machine_extensions = ads_pull_string(ads, mem_ctx, res, "gPCMachineExtensionNames");
gpo->user_extensions = ads_pull_string(ads, mem_ctx, res, "gPCUserExtensionNames");
- ads_pull_sd(ads, mem_ctx, res, "ntSecurityDescriptor", &gpo->security_descriptor);
- ADS_ERROR_HAVE_NO_MEMORY(gpo->security_descriptor);
-
return ADS_ERROR(LDAP_SUCCESS);
}
@@ -470,8 +455,7 @@ ADS_STATUS ads_get_gpo(ADS_STRUCT *ads,
const char *attrs[] = { "cn", "displayName", "flags", "gPCFileSysPath",
"gPCFunctionalityVersion", "gPCMachineExtensionNames",
"gPCUserExtensionNames", "gPCWQLFilter", "name",
- "versionNumber", "ntSecurityDescriptor", NULL};
- uint32 sd_flags = DACL_SECURITY_INFORMATION;
+ "versionNumber", NULL};
ZERO_STRUCTP(gpo);
@@ -485,9 +469,7 @@ ADS_STATUS ads_get_gpo(ADS_STRUCT *ads,
gpo_dn = gpo_dn + strlen("LDAP://");
}
- status = ads_search_retry_dn_sd_flags(ads, &res,
- sd_flags,
- gpo_dn, attrs);
+ status = ads_search_dn(ads, &res, gpo_dn, attrs);
} else if (display_name || guid_name) {
@@ -497,9 +479,9 @@ ADS_STATUS ads_get_gpo(ADS_STRUCT *ads,
display_name ? display_name : guid_name);
ADS_ERROR_HAVE_NO_MEMORY(filter);
- status = ads_do_search_all_sd_flags(ads, ads->config.bind_path,
- LDAP_SCOPE_SUBTREE, filter,
- attrs, sd_flags, &res);
+ status = ads_do_search_all(ads, ads->config.bind_path,
+ LDAP_SCOPE_SUBTREE, filter,
+ attrs, &res);
}
if (!ADS_ERR_OK(status)) {
@@ -530,14 +512,13 @@ ADS_STATUS ads_get_gpo(ADS_STRUCT *ads,
add a gplink to the GROUP_POLICY_OBJECT linked list
****************************************************************/
-static ADS_STATUS add_gplink_to_gpo_list(ADS_STRUCT *ads,
- TALLOC_CTX *mem_ctx,
- struct GROUP_POLICY_OBJECT **gpo_list,
- const char *link_dn,
- struct GP_LINK *gp_link,
- enum GPO_LINK_TYPE link_type,
- BOOL only_add_forced_gpos,
- struct GPO_SID_TOKEN *token)
+ADS_STATUS add_gplink_to_gpo_list(ADS_STRUCT *ads,
+ TALLOC_CTX *mem_ctx,
+ struct GROUP_POLICY_OBJECT **gpo_list,
+ const char *link_dn,
+ struct GP_LINK *gp_link,
+ enum GPO_LINK_TYPE link_type,
+ BOOL only_add_forced_gpos)
{
ADS_STATUS status;
int i;
@@ -561,23 +542,16 @@ static ADS_STATUS add_gplink_to_gpo_list(ADS_STRUCT *ads,
}
}
- new_gpo = TALLOC_ZERO_P(mem_ctx, struct GROUP_POLICY_OBJECT);
+ new_gpo = TALLOC_P(mem_ctx, struct GROUP_POLICY_OBJECT);
ADS_ERROR_HAVE_NO_MEMORY(new_gpo);
+ ZERO_STRUCTP(new_gpo);
+
status = ads_get_gpo(ads, mem_ctx, gp_link->link_names[i], NULL, NULL, new_gpo);
if (!ADS_ERR_OK(status)) {
- DEBUG(10,("failed to get gpo: %s\n", gp_link->link_names[i]));
return status;
}
- status = ADS_ERROR_NT(gpo_apply_security_filtering(new_gpo, token));
- if (!ADS_ERR_OK(status)) {
- DEBUG(10,("skipping GPO \"%s\" as object has no access to it\n",
- new_gpo->display_name));
- TALLOC_FREE(new_gpo);
- continue;
- }
-
new_gpo->link = link_dn;
new_gpo->link_type = link_type;
@@ -591,68 +565,6 @@ static ADS_STATUS add_gplink_to_gpo_list(ADS_STRUCT *ads,
}
/****************************************************************
-****************************************************************/
-
-static ADS_STATUS ads_get_gpo_sid_token(ADS_STRUCT *ads,
- TALLOC_CTX *mem_ctx,
- const char *dn,
- struct GPO_SID_TOKEN **token)
-{
- ADS_STATUS status;
- DOM_SID object_sid;
- DOM_SID primary_group_sid;
- DOM_SID *ad_token_sids;
- size_t num_ad_token_sids = 0;
- DOM_SID *token_sids;
- size_t num_token_sids = 0;
- struct GPO_SID_TOKEN *new_token = NULL;
- int i;
-
- new_token = TALLOC_ZERO_P(mem_ctx, struct GPO_SID_TOKEN);
- ADS_ERROR_HAVE_NO_MEMORY(new_token);
-
- status = ads_get_tokensids(ads, mem_ctx, dn,
- &object_sid, &primary_group_sid,
- &ad_token_sids, &num_ad_token_sids);
- if (!ADS_ERR_OK(status)) {
- return status;
- }
-
- new_token->object_sid = object_sid;
- new_token->primary_group_sid = primary_group_sid;
-
- token_sids = TALLOC_ARRAY(mem_ctx, DOM_SID, 1);
- ADS_ERROR_HAVE_NO_MEMORY(token_sids);
-
- for (i = 0; i < num_ad_token_sids; i++) {
-
- if (sid_check_is_in_builtin(&ad_token_sids[i])) {
- continue;
- }
-
- if (!add_sid_to_array_unique(mem_ctx, &ad_token_sids[i],
- &token_sids, &num_token_sids)) {
- return ADS_ERROR(LDAP_NO_MEMORY);
- }
- }
-
- /* Add S-1-5-11 to token */
- if (!add_sid_to_array_unique(mem_ctx, &global_sid_Authenticated_Users,
- &token_sids, &num_token_sids)) {
- return ADS_ERROR(LDAP_NO_MEMORY);
- }
-
-
- new_token->token_sids = token_sids;
- new_token->num_token_sids = num_token_sids;
-
- *token = new_token;
-
- return ADS_ERROR_LDAP(LDAP_SUCCESS);
-}
-
-
-/****************************************************************
get the full list of GROUP_POLICY_OBJECTs for a given dn
****************************************************************/
@@ -666,7 +578,6 @@ ADS_STATUS ads_get_gpo_list(ADS_STRUCT *ads,
ADS_STATUS status;
struct GP_LINK gp_link;
- struct GPO_SID_TOKEN *token = NULL;
const char *parent_dn, *site_dn, *tmp_dn;
BOOL add_only_forced_gpos = False;
@@ -674,11 +585,6 @@ ADS_STATUS ads_get_gpo_list(ADS_STRUCT *ads,
DEBUG(10,("ads_get_gpo_list: getting GPO list for [%s]\n", dn));
- status = ads_get_gpo_sid_token(ads, mem_ctx, dn, &token);
- if (!ADS_ERR_OK(status)) {
- return status;
- }
-
/* (L)ocal */
/* not yet... */
@@ -696,23 +602,22 @@ ADS_STATUS ads_get_gpo_list(ADS_STRUCT *ads,
status = ads_get_gpo_link(ads, mem_ctx, site_dn, &gp_link);
if (ADS_ERR_OK(status)) {
-
+
if (DEBUGLEVEL >= 100) {
dump_gplink(ads, mem_ctx, &gp_link);
}
-
+
status = add_gplink_to_gpo_list(ads, mem_ctx, gpo_list,
site_dn, &gp_link, GP_LINK_SITE,
- add_only_forced_gpos,
- token);
+ add_only_forced_gpos);
if (!ADS_ERR_OK(status)) {
return status;
}
-
+
if (flags & GPO_LIST_FLAG_SITEONLY) {
return ADS_ERROR(LDAP_SUCCESS);
}
-
+
/* inheritance can't be blocked at the site level */
}
}
@@ -744,8 +649,7 @@ ADS_STATUS ads_get_gpo_list(ADS_STRUCT *ads,
status = add_gplink_to_gpo_list(ads, mem_ctx,
gpo_list, parent_dn,
&gp_link, GP_LINK_DOMAIN,
- add_only_forced_gpos,
- token);
+ add_only_forced_gpos);
if (!ADS_ERR_OK(status)) {
return status;
}
@@ -784,8 +688,7 @@ ADS_STATUS ads_get_gpo_list(ADS_STRUCT *ads,
status = add_gplink_to_gpo_list(ads, mem_ctx,
gpo_list, parent_dn,
&gp_link, GP_LINK_OU,
- add_only_forced_gpos,
- token);
+ add_only_forced_gpos);
if (!ADS_ERR_OK(status)) {
return status;
}
View Lorry Controller Status