root/source3/libgpo/gpo_util.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. name_to_guid_string
  2. guid_string_to_name
  3. snapin_guid_string_to_name
  4. default_gpo_name_to_guid_string
  5. default_gpo_guid_string_to_name
  6. cse_gpo_guid_string_to_name
  7. cse_gpo_name_to_guid_string
  8. cse_snapin_gpo_guid_string_to_name
  9. dump_gp_ext
  10. dump_gpo
  11. dump_gpo_list
  12. dump_gplink
  13. gpo_get_gp_ext_from_gpo
  14. gpo_process_a_gpo
  15. gpo_process_gpo_list_by_ext
  16. gpo_process_gpo_list
  17. check_refresh_gpo
  18. check_refresh_gpo_list
  19. gpo_get_unix_path
  20. gpo_flag_str
  21. gp_find_file
  22. gp_get_machine_token

   1 /*
   2  *  Unix SMB/CIFS implementation.
   3  *  Group Policy Object Support
   4  *  Copyright (C) Guenther Deschner 2005-2008
   5  *
   6  *  This program is free software; you can redistribute it and/or modify
   7  *  it under the terms of the GNU General Public License as published by
   8  *  the Free Software Foundation; either version 3 of the License, or
   9  *  (at your option) any later version.
  10  *
  11  *  This program is distributed in the hope that it will be useful,
  12  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14  *  GNU General Public License for more details.
  15  *
  16  *  You should have received a copy of the GNU General Public License
  17  *  along with this program; if not, see <http://www.gnu.org/licenses/>.
  18  */
  19 
  20 #include "includes.h"
  21 
  22 #define DEFAULT_DOMAIN_POLICY "Default Domain Policy"
  23 #define DEFAULT_DOMAIN_CONTROLLERS_POLICY "Default Domain Controllers Policy"
  24 
  25 /* should we store a parsed guid ? */
  26 struct gp_table {
  27         const char *name;
  28         const char *guid_string;
  29 };
  30 
  31 #if 0 /* unused */
  32 static struct gp_table gpo_default_policy[] = {
  33         { DEFAULT_DOMAIN_POLICY,
  34                 "31B2F340-016D-11D2-945F-00C04FB984F9" },
  35         { DEFAULT_DOMAIN_CONTROLLERS_POLICY,
  36                 "6AC1786C-016F-11D2-945F-00C04fB984F9" },
  37         { NULL, NULL }
  38 };
  39 #endif
  40 
  41 /* the following is seen in gPCMachineExtensionNames / gPCUserExtensionNames */
  42 
  43 static struct gp_table gpo_cse_extensions[] = {
  44         /* used to be "Administrative Templates Extension" */
  45         /* "Registry Settings"
  46         (http://support.microsoft.com/kb/216357/EN-US/) */
  47         { "Registry Settings",
  48                 GP_EXT_GUID_REGISTRY },
  49         { "Microsoft Disc Quota",
  50                 "3610EDA5-77EF-11D2-8DC5-00C04FA31A66" },
  51         { "EFS recovery",
  52                 "B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A" },
  53         { "Folder Redirection",
  54                 "25537BA6-77A8-11D2-9B6C-0000F8080861" },
  55         { "IP Security",
  56                 "E437BC1C-AA7D-11D2-A382-00C04F991E27" },
  57         { "Internet Explorer Branding",
  58                 "A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B" },
  59         { "QoS Packet Scheduler",
  60                 "426031c0-0b47-4852-b0ca-ac3d37bfcb39" },
  61         { "Scripts",
  62                 GP_EXT_GUID_SCRIPTS },
  63         { "Security",
  64                 GP_EXT_GUID_SECURITY },
  65         { "Software Installation",
  66                 "C6DC5466-785A-11D2-84D0-00C04FB169F7" },
  67         { "Wireless Group Policy",
  68                 "0ACDD40C-75AC-BAA0-BF6DE7E7FE63" },
  69         { "Application Management",
  70                 "C6DC5466-785A-11D2-84D0-00C04FB169F7" },
  71         { "unknown",
  72                 "3060E8D0-7020-11D2-842D-00C04FA372D4" },
  73         { NULL, NULL }
  74 };
  75 
  76 /* guess work */
  77 static struct gp_table gpo_cse_snapin_extensions[] = {
  78         { "Administrative Templates",
  79                 "0F6B957D-509E-11D1-A7CC-0000F87571E3" },
  80         { "Certificates",
  81                 "53D6AB1D-2488-11D1-A28C-00C04FB94F17" },
  82         { "EFS recovery policy processing",
  83                 "B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A" },
  84         { "Folder Redirection policy processing",
  85                 "25537BA6-77A8-11D2-9B6C-0000F8080861" },
  86         { "Folder Redirection",
  87                 "88E729D6-BDC1-11D1-BD2A-00C04FB9603F" },
  88         { "Registry policy processing",
  89                 "35378EAC-683F-11D2-A89A-00C04FBBCFA2" },
  90         { "Remote Installation Services",
  91                 "3060E8CE-7020-11D2-842D-00C04FA372D4" },
  92         { "Security Settings",
  93                 "803E14A0-B4FB-11D0-A0D0-00A0C90F574B" },
  94         { "Security policy processing",
  95                 "827D319E-6EAC-11D2-A4EA-00C04F79F83A" },
  96         { "unknown",
  97                 "3060E8D0-7020-11D2-842D-00C04FA372D4" },
  98         { "unknown2",
  99                 "53D6AB1B-2488-11D1-A28C-00C04FB94F17" },
 100         { NULL, NULL }
 101 };
 102 
 103 /****************************************************************
 104 ****************************************************************/
 105 
 106 static const char *name_to_guid_string(const char *name,
     /* [<][>][^][v][top][bottom][index][help] */
 107                                        struct gp_table *table)
 108 {
 109         int i;
 110 
 111         for (i = 0; table[i].name; i++) {
 112                 if (strequal(name, table[i].name)) {
 113                         return table[i].guid_string;
 114                 }
 115         }
 116 
 117         return NULL;
 118 }
 119 
 120 /****************************************************************
 121 ****************************************************************/
 122 
 123 static const char *guid_string_to_name(const char *guid_string,
     /* [<][>][^][v][top][bottom][index][help] */
 124                                        struct gp_table *table)
 125 {
 126         int i;
 127 
 128         for (i = 0; table[i].guid_string; i++) {
 129                 if (strequal(guid_string, table[i].guid_string)) {
 130                         return table[i].name;
 131                 }
 132         }
 133 
 134         return NULL;
 135 }
 136 
 137 /****************************************************************
 138 ****************************************************************/
 139 
 140 static const char *snapin_guid_string_to_name(const char *guid_string,
     /* [<][>][^][v][top][bottom][index][help] */
 141                                               struct gp_table *table)
 142 {
 143         int i;
 144         for (i = 0; table[i].guid_string; i++) {
 145                 if (strequal(guid_string, table[i].guid_string)) {
 146                         return table[i].name;
 147                 }
 148         }
 149         return NULL;
 150 }
 151 
 152 #if 0 /* unused */
 153 static const char *default_gpo_name_to_guid_string(const char *name)
     /* [<][>][^][v][top][bottom][index][help] */
 154 {
 155         return name_to_guid_string(name, gpo_default_policy);
 156 }
 157 
 158 static const char *default_gpo_guid_string_to_name(const char *guid)
     /* [<][>][^][v][top][bottom][index][help] */
 159 {
 160         return guid_string_to_name(guid, gpo_default_policy);
 161 }
 162 #endif
 163 
 164 /****************************************************************
 165 ****************************************************************/
 166 
 167 const char *cse_gpo_guid_string_to_name(const char *guid)
     /* [<][>][^][v][top][bottom][index][help] */
 168 {
 169         return guid_string_to_name(guid, gpo_cse_extensions);
 170 }
 171 
 172 /****************************************************************
 173 ****************************************************************/
 174 
 175 const char *cse_gpo_name_to_guid_string(const char *name)
     /* [<][>][^][v][top][bottom][index][help] */
 176 {
 177         return name_to_guid_string(name, gpo_cse_extensions);
 178 }
 179 
 180 /****************************************************************
 181 ****************************************************************/
 182 
 183 const char *cse_snapin_gpo_guid_string_to_name(const char *guid)
     /* [<][>][^][v][top][bottom][index][help] */
 184 {
 185         return snapin_guid_string_to_name(guid, gpo_cse_snapin_extensions);
 186 }
 187 
 188 /****************************************************************
 189 ****************************************************************/
 190 
 191 void dump_gp_ext(struct GP_EXT *gp_ext, int debuglevel)
     /* [<][>][^][v][top][bottom][index][help] */
 192 {
 193         int lvl = debuglevel;
 194         int i;
 195 
 196         if (gp_ext == NULL) {
 197                 return;
 198         }
 199 
 200         DEBUG(lvl,("\t---------------------\n\n"));
 201         DEBUGADD(lvl,("\tname:\t\t\t%s\n", gp_ext->gp_extension));
 202 
 203         for (i=0; i< gp_ext->num_exts; i++) {
 204 
 205                 DEBUGADD(lvl,("\textension:\t\t\t%s\n",
 206                         gp_ext->extensions_guid[i]));
 207                 DEBUGADD(lvl,("\textension (name):\t\t\t%s\n",
 208                         gp_ext->extensions[i]));
 209 
 210                 DEBUGADD(lvl,("\tsnapin:\t\t\t%s\n",
 211                         gp_ext->snapins_guid[i]));
 212                 DEBUGADD(lvl,("\tsnapin (name):\t\t\t%s\n",
 213                         gp_ext->snapins[i]));
 214         }
 215 }
 216 
 217 #ifdef HAVE_LDAP
 218 
 219 /****************************************************************
 220 ****************************************************************/
 221 
 222 void dump_gpo(ADS_STRUCT *ads,
     /* [<][>][^][v][top][bottom][index][help] */
 223               TALLOC_CTX *mem_ctx,
 224               struct GROUP_POLICY_OBJECT *gpo,
 225               int debuglevel)
 226 {
 227         int lvl = debuglevel;
 228 
 229         if (gpo == NULL) {
 230                 return;
 231         }
 232 
 233         DEBUG(lvl,("---------------------\n\n"));
 234 
 235         DEBUGADD(lvl,("name:\t\t\t%s\n", gpo->name));
 236         DEBUGADD(lvl,("displayname:\t\t%s\n", gpo->display_name));
 237         DEBUGADD(lvl,("version:\t\t%d (0x%08x)\n", gpo->version, gpo->version));
 238         DEBUGADD(lvl,("version_user:\t\t%d (0x%04x)\n",
 239                 GPO_VERSION_USER(gpo->version),
 240                 GPO_VERSION_USER(gpo->version)));
 241         DEBUGADD(lvl,("version_machine:\t%d (0x%04x)\n",
 242                 GPO_VERSION_MACHINE(gpo->version),
 243                  GPO_VERSION_MACHINE(gpo->version)));
 244         DEBUGADD(lvl,("filesyspath:\t\t%s\n", gpo->file_sys_path));
 245         DEBUGADD(lvl,("dspath:\t\t%s\n", gpo->ds_path));
 246 
 247         DEBUGADD(lvl,("options:\t\t%d ", gpo->options));
 248         switch (gpo->options) {
 249                 case GPFLAGS_ALL_ENABLED:
 250                         DEBUGADD(lvl,("GPFLAGS_ALL_ENABLED\n"));
 251                         break;
 252                 case GPFLAGS_USER_SETTINGS_DISABLED:
 253                         DEBUGADD(lvl,("GPFLAGS_USER_SETTINGS_DISABLED\n"));
 254                         break;
 255                 case GPFLAGS_MACHINE_SETTINGS_DISABLED:
 256                         DEBUGADD(lvl,("GPFLAGS_MACHINE_SETTINGS_DISABLED\n"));
 257                         break;
 258                 case GPFLAGS_ALL_DISABLED:
 259                         DEBUGADD(lvl,("GPFLAGS_ALL_DISABLED\n"));
 260                         break;
 261                 default:
 262                         DEBUGADD(lvl,("unknown option: %d\n", gpo->options));
 263                         break;
 264         }
 265 
 266         DEBUGADD(lvl,("link:\t\t\t%s\n", gpo->link));
 267         DEBUGADD(lvl,("link_type:\t\t%d ", gpo->link_type));
 268         switch (gpo->link_type) {
 269                 case GP_LINK_UNKOWN:
 270                         DEBUGADD(lvl,("GP_LINK_UNKOWN\n"));
 271                         break;
 272                 case GP_LINK_OU:
 273                         DEBUGADD(lvl,("GP_LINK_OU\n"));
 274                         break;
 275                 case GP_LINK_DOMAIN:
 276                         DEBUGADD(lvl,("GP_LINK_DOMAIN\n"));
 277                         break;
 278                 case GP_LINK_SITE:
 279                         DEBUGADD(lvl,("GP_LINK_SITE\n"));
 280                         break;
 281                 case GP_LINK_MACHINE:
 282                         DEBUGADD(lvl,("GP_LINK_MACHINE\n"));
 283                         break;
 284                 default:
 285                         break;
 286         }
 287 
 288         DEBUGADD(lvl,("machine_extensions:\t%s\n", gpo->machine_extensions));
 289 
 290         if (gpo->machine_extensions) {
 291 
 292                 struct GP_EXT *gp_ext = NULL;
 293 
 294                 if (!ads_parse_gp_ext(mem_ctx, gpo->machine_extensions,
 295                                       &gp_ext)) {
 296                         return;
 297                 }
 298                 dump_gp_ext(gp_ext, lvl);
 299         }
 300 
 301         DEBUGADD(lvl,("user_extensions:\t%s\n", gpo->user_extensions));
 302 
 303         if (gpo->user_extensions) {
 304 
 305                 struct GP_EXT *gp_ext = NULL;
 306 
 307                 if (!ads_parse_gp_ext(mem_ctx, gpo->user_extensions,
 308                                       &gp_ext)) {
 309                         return;
 310                 }
 311                 dump_gp_ext(gp_ext, lvl);
 312         }
 313 
 314         DEBUGADD(lvl,("security descriptor:\n"));
 315 
 316         ads_disp_sd(ads, mem_ctx, gpo->security_descriptor);
 317 }
 318 
 319 /****************************************************************
 320 ****************************************************************/
 321 
 322 void dump_gpo_list(ADS_STRUCT *ads,
     /* [<][>][^][v][top][bottom][index][help] */
 323                    TALLOC_CTX *mem_ctx,
 324                    struct GROUP_POLICY_OBJECT *gpo_list,
 325                    int debuglevel)
 326 {
 327         struct GROUP_POLICY_OBJECT *gpo = NULL;
 328 
 329         for (gpo = gpo_list; gpo; gpo = gpo->next) {
 330                 dump_gpo(ads, mem_ctx, gpo, debuglevel);
 331         }
 332 }
 333 
 334 /****************************************************************
 335 ****************************************************************/
 336 
 337 void dump_gplink(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, struct GP_LINK *gp_link)
     /* [<][>][^][v][top][bottom][index][help] */
 338 {
 339         ADS_STATUS status;
 340         int i;
 341         int lvl = 10;
 342 
 343         if (gp_link == NULL) {
 344                 return;
 345         }
 346 
 347         DEBUG(lvl,("---------------------\n\n"));
 348 
 349         DEBUGADD(lvl,("gplink: %s\n", gp_link->gp_link));
 350         DEBUGADD(lvl,("gpopts: %d ", gp_link->gp_opts));
 351         switch (gp_link->gp_opts) {
 352                 case GPOPTIONS_INHERIT:
 353                         DEBUGADD(lvl,("GPOPTIONS_INHERIT\n"));
 354                         break;
 355                 case GPOPTIONS_BLOCK_INHERITANCE:
 356                         DEBUGADD(lvl,("GPOPTIONS_BLOCK_INHERITANCE\n"));
 357                         break;
 358                 default:
 359                         break;
 360         }
 361 
 362         DEBUGADD(lvl,("num links: %d\n", gp_link->num_links));
 363 
 364         for (i = 0; i < gp_link->num_links; i++) {
 365 
 366                 DEBUGADD(lvl,("---------------------\n\n"));
 367 
 368                 DEBUGADD(lvl,("link: #%d\n", i + 1));
 369                 DEBUGADD(lvl,("name: %s\n", gp_link->link_names[i]));
 370 
 371                 DEBUGADD(lvl,("opt: %d ", gp_link->link_opts[i]));
 372                 if (gp_link->link_opts[i] & GPO_LINK_OPT_ENFORCED) {
 373                         DEBUGADD(lvl,("GPO_LINK_OPT_ENFORCED "));
 374                 }
 375                 if (gp_link->link_opts[i] & GPO_LINK_OPT_DISABLED) {
 376                         DEBUGADD(lvl,("GPO_LINK_OPT_DISABLED"));
 377                 }
 378                 DEBUGADD(lvl,("\n"));
 379 
 380                 if (ads != NULL && mem_ctx != NULL) {
 381 
 382                         struct GROUP_POLICY_OBJECT gpo;
 383 
 384                         status = ads_get_gpo(ads, mem_ctx,
 385                                              gp_link->link_names[i],
 386                                              NULL, NULL, &gpo);
 387                         if (!ADS_ERR_OK(status)) {
 388                                 DEBUG(lvl,("get gpo for %s failed: %s\n",
 389                                         gp_link->link_names[i],
 390                                         ads_errstr(status)));
 391                                 return;
 392                         }
 393                         dump_gpo(ads, mem_ctx, &gpo, lvl);
 394                 }
 395         }
 396 }
 397 
 398 #endif /* HAVE_LDAP */
 399 
 400 /****************************************************************
 401 ****************************************************************/
 402 
 403 static bool gpo_get_gp_ext_from_gpo(TALLOC_CTX *mem_ctx,
     /* [<][>][^][v][top][bottom][index][help] */
 404                                     uint32_t flags,
 405                                     struct GROUP_POLICY_OBJECT *gpo,
 406                                     struct GP_EXT **gp_ext)
 407 {
 408         ZERO_STRUCTP(*gp_ext);
 409 
 410         if (flags & GPO_INFO_FLAG_MACHINE) {
 411 
 412                 if (gpo->machine_extensions) {
 413 
 414                         if (!ads_parse_gp_ext(mem_ctx, gpo->machine_extensions,
 415                                               gp_ext)) {
 416                                 return false;
 417                         }
 418                 }
 419         } else {
 420 
 421                 if (gpo->user_extensions) {
 422 
 423                         if (!ads_parse_gp_ext(mem_ctx, gpo->user_extensions,
 424                                               gp_ext)) {
 425                                 return false;
 426                         }
 427                 }
 428         }
 429 
 430         return true;
 431 }
 432 
 433 /****************************************************************
 434 ****************************************************************/
 435 
 436 ADS_STATUS gpo_process_a_gpo(ADS_STRUCT *ads,
     /* [<][>][^][v][top][bottom][index][help] */
 437                              TALLOC_CTX *mem_ctx,
 438                              const struct nt_user_token *token,
 439                              struct registry_key *root_key,
 440                              struct GROUP_POLICY_OBJECT *gpo,
 441                              const char *extension_guid_filter,
 442                              uint32_t flags)
 443 {
 444         struct GP_EXT *gp_ext = NULL;
 445         int i;
 446 
 447         DEBUG(10,("gpo_process_a_gpo: processing gpo %s (%s)\n",
 448                 gpo->name, gpo->display_name));
 449         if (extension_guid_filter) {
 450                 DEBUGADD(10,("gpo_process_a_gpo: using filter %s (%s)\n",
 451                         extension_guid_filter,
 452                         cse_gpo_guid_string_to_name(extension_guid_filter)));
 453         }
 454 
 455         if (!gpo_get_gp_ext_from_gpo(mem_ctx, flags, gpo, &gp_ext)) {
 456                 return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
 457         }
 458 
 459         if (!gp_ext || !gp_ext->num_exts) {
 460                 if (flags & GPO_INFO_FLAG_VERBOSE) {
 461                         DEBUG(0,("gpo_process_a_gpo: "
 462                                 "no policies in %s (%s) for this extension\n",
 463                                 gpo->name, gpo->display_name));
 464                 }
 465                 return ADS_SUCCESS;
 466         }
 467 
 468         for (i=0; i<gp_ext->num_exts; i++) {
 469 
 470                 NTSTATUS ntstatus;
 471 
 472                 if (extension_guid_filter &&
 473                     !strequal(extension_guid_filter,
 474                               gp_ext->extensions_guid[i])) {
 475                         continue;
 476                 }
 477 
 478                 ntstatus = gpext_process_extension(ads, mem_ctx,
 479                                                    flags, token, root_key, gpo,
 480                                                    gp_ext->extensions_guid[i],
 481                                                    gp_ext->snapins_guid[i]);
 482                 if (!NT_STATUS_IS_OK(ntstatus)) {
 483                         ADS_ERROR_NT(ntstatus);
 484                 }
 485         }
 486 
 487         return ADS_SUCCESS;
 488 }
 489 
 490 /****************************************************************
 491 ****************************************************************/
 492 
 493 static ADS_STATUS gpo_process_gpo_list_by_ext(ADS_STRUCT *ads,
     /* [<][>][^][v][top][bottom][index][help] */
 494                                               TALLOC_CTX *mem_ctx,
 495                                               const struct nt_user_token *token,
 496                                               struct registry_key *root_key,
 497                                               struct GROUP_POLICY_OBJECT *gpo_list,
 498                                               const char *extensions_guid,
 499                                               uint32_t flags)
 500 {
 501         ADS_STATUS status;
 502         struct GROUP_POLICY_OBJECT *gpo;
 503 
 504         for (gpo = gpo_list; gpo; gpo = gpo->next) {
 505 
 506                 if (gpo->link_type == GP_LINK_LOCAL) {
 507                         continue;
 508                 }
 509 
 510 
 511                 /* FIXME: we need to pass down the *list* down to the
 512                  * extension, otherwise we cannot store the e.g. the *list* of
 513                  * logon-scripts correctly (for more then one GPO) */
 514 
 515                 status = gpo_process_a_gpo(ads, mem_ctx, token, root_key,
 516                                            gpo, extensions_guid, flags);
 517 
 518                 if (!ADS_ERR_OK(status)) {
 519                         DEBUG(0,("failed to process gpo by ext: %s\n",
 520                                 ads_errstr(status)));
 521                         return status;
 522                 }
 523         }
 524 
 525         return ADS_SUCCESS;
 526 }
 527 
 528 /****************************************************************
 529 ****************************************************************/
 530 
 531 ADS_STATUS gpo_process_gpo_list(ADS_STRUCT *ads,
     /* [<][>][^][v][top][bottom][index][help] */
 532                                 TALLOC_CTX *mem_ctx,
 533                                 const struct nt_user_token *token,
 534                                 struct GROUP_POLICY_OBJECT *gpo_list,
 535                                 const char *extensions_guid_filter,
 536                                 uint32_t flags)
 537 {
 538         ADS_STATUS status = ADS_SUCCESS;
 539         struct gp_extension *gp_ext_list = NULL;
 540         struct gp_extension *gp_ext = NULL;
 541         struct registry_key *root_key = NULL;
 542         struct gp_registry_context *reg_ctx = NULL;
 543         WERROR werr;
 544 
 545         status = ADS_ERROR_NT(init_gp_extensions(mem_ctx));
 546         if (!ADS_ERR_OK(status)) {
 547                 return status;
 548         }
 549 
 550         gp_ext_list = get_gp_extension_list();
 551         if (!gp_ext_list) {
 552                 return ADS_ERROR_NT(NT_STATUS_DLL_INIT_FAILED);
 553         }
 554 
 555         /* get the key here */
 556         if (flags & GPO_LIST_FLAG_MACHINE) {
 557                 werr = gp_init_reg_ctx(mem_ctx, KEY_HKLM, REG_KEY_WRITE,
 558                                        get_system_token(),
 559                                        &reg_ctx);
 560         } else {
 561                 werr = gp_init_reg_ctx(mem_ctx, KEY_HKCU, REG_KEY_WRITE,
 562                                        token,
 563                                        &reg_ctx);
 564         }
 565         if (!W_ERROR_IS_OK(werr)) {
 566                 gp_free_reg_ctx(reg_ctx);
 567                 return ADS_ERROR_NT(werror_to_ntstatus(werr));
 568         }
 569 
 570         root_key = reg_ctx->curr_key;
 571 
 572         for (gp_ext = gp_ext_list; gp_ext; gp_ext = gp_ext->next) {
 573 
 574                 const char *guid_str = NULL;
 575 
 576                 guid_str = GUID_string(mem_ctx, gp_ext->guid);
 577                 if (!guid_str) {
 578                         status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
 579                         goto done;
 580                 }
 581 
 582                 if (extensions_guid_filter &&
 583                     (!strequal(guid_str, extensions_guid_filter)))  {
 584                         continue;
 585                 }
 586 
 587                 DEBUG(0,("-------------------------------------------------\n"));
 588                 DEBUG(0,("gpo_process_gpo_list: processing ext: %s {%s}\n",
 589                         gp_ext->name, guid_str));
 590 
 591 
 592                 status = gpo_process_gpo_list_by_ext(ads, mem_ctx, token,
 593                                                      root_key, gpo_list,
 594                                                      guid_str, flags);
 595                 if (!ADS_ERR_OK(status)) {
 596                         goto done;
 597                 }
 598         }
 599 
 600  done:
 601         gp_free_reg_ctx(reg_ctx);
 602         TALLOC_FREE(root_key);
 603         free_gp_extensions();
 604 
 605         return status;
 606 }
 607 
 608 
 609 /****************************************************************
 610  check wether the version number in a GROUP_POLICY_OBJECT match those of the
 611  locally stored version. If not, fetch the required policy via CIFS
 612 ****************************************************************/
 613 
 614 NTSTATUS check_refresh_gpo(ADS_STRUCT *ads,
     /* [<][>][^][v][top][bottom][index][help] */
 615                            TALLOC_CTX *mem_ctx,
 616                            uint32_t flags,
 617                            struct GROUP_POLICY_OBJECT *gpo,
 618                            struct cli_state **cli_out)
 619 {
 620         NTSTATUS result;
 621         char *server = NULL;
 622         char *share = NULL;
 623         char *nt_path = NULL;
 624         char *unix_path = NULL;
 625         uint32_t sysvol_gpt_version = 0;
 626         char *display_name = NULL;
 627         struct cli_state *cli = NULL;
 628 
 629         result = gpo_explode_filesyspath(mem_ctx, gpo->file_sys_path,
 630                                          &server, &share, &nt_path, &unix_path);
 631 
 632         if (!NT_STATUS_IS_OK(result)) {
 633                 goto out;
 634         }
 635 
 636         result = gpo_get_sysvol_gpt_version(mem_ctx,
 637                                             unix_path,
 638                                             &sysvol_gpt_version,
 639                                             &display_name);
 640         if (!NT_STATUS_IS_OK(result) &&
 641             !NT_STATUS_EQUAL(result, NT_STATUS_NO_SUCH_FILE)) {
 642                 DEBUG(10,("check_refresh_gpo: "
 643                         "failed to get local gpt version: %s\n",
 644                         nt_errstr(result)));
 645                 goto out;
 646         }
 647 
 648         DEBUG(10,("check_refresh_gpo: versions gpo %d sysvol %d\n",
 649                 gpo->version, sysvol_gpt_version));
 650 
 651         /* FIXME: handle GPO_INFO_FLAG_FORCED_REFRESH from flags */
 652 
 653         while (gpo->version > sysvol_gpt_version) {
 654 
 655                 DEBUG(1,("check_refresh_gpo: need to refresh GPO\n"));
 656 
 657                 if (*cli_out == NULL) {
 658 
 659                         result = cli_full_connection(&cli,
 660                                         global_myname(),
 661                                         ads->config.ldap_server_name,
 662                                         /* server */
 663                                         NULL, 0,
 664                                         share, "A:",
 665                                         ads->auth.user_name, NULL,
 666                                         ads->auth.password,
 667                                         CLI_FULL_CONNECTION_USE_KERBEROS |
 668                                         CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS,
 669                                         Undefined, NULL);
 670                         if (!NT_STATUS_IS_OK(result)) {
 671                                 DEBUG(10,("check_refresh_gpo: "
 672                                         "failed to connect: %s\n",
 673                                         nt_errstr(result)));
 674                                 goto out;
 675                         }
 676 
 677                         *cli_out = cli;
 678                 }
 679 
 680                 result = gpo_fetch_files(mem_ctx, *cli_out, gpo);
 681                 if (!NT_STATUS_IS_OK(result)) {
 682                         goto out;
 683                 }
 684 
 685                 result = gpo_get_sysvol_gpt_version(mem_ctx,
 686                                                     unix_path,
 687                                                     &sysvol_gpt_version,
 688                                                     &display_name);
 689                 if (!NT_STATUS_IS_OK(result)) {
 690                         DEBUG(10,("check_refresh_gpo: "
 691                                 "failed to get local gpt version: %s\n",
 692                                 nt_errstr(result)));
 693                         goto out;
 694                 }
 695 
 696                 if (gpo->version == sysvol_gpt_version) {
 697                         break;
 698                 }
 699         }
 700 
 701         DEBUG(10,("Name:\t\t\t%s (%s)\n", gpo->display_name, gpo->name));
 702         DEBUGADD(10,("sysvol GPT version:\t%d (user: %d, machine: %d)\n",
 703                 sysvol_gpt_version,
 704                 GPO_VERSION_USER(sysvol_gpt_version),
 705                 GPO_VERSION_MACHINE(sysvol_gpt_version)));
 706         DEBUGADD(10,("LDAP GPO version:\t%d (user: %d, machine: %d)\n",
 707                 gpo->version,
 708                 GPO_VERSION_USER(gpo->version),
 709                 GPO_VERSION_MACHINE(gpo->version)));
 710         DEBUGADD(10,("LDAP GPO link:\t\t%s\n", gpo->link));
 711 
 712         result = NT_STATUS_OK;
 713 
 714  out:
 715         return result;
 716 
 717 }
 718 
 719 /****************************************************************
 720  check wether the version numbers in the gpo_list match the locally stored, if
 721  not, go and get each required GPO via CIFS
 722  ****************************************************************/
 723 
 724 NTSTATUS check_refresh_gpo_list(ADS_STRUCT *ads,
     /* [<][>][^][v][top][bottom][index][help] */
 725                                 TALLOC_CTX *mem_ctx,
 726                                 uint32_t flags,
 727                                 struct GROUP_POLICY_OBJECT *gpo_list)
 728 {
 729         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 730         struct cli_state *cli = NULL;
 731         struct GROUP_POLICY_OBJECT *gpo;
 732 
 733         if (!gpo_list) {
 734                 return NT_STATUS_INVALID_PARAMETER;
 735         }
 736 
 737         for (gpo = gpo_list; gpo; gpo = gpo->next) {
 738 
 739                 result = check_refresh_gpo(ads, mem_ctx, flags, gpo, &cli);
 740                 if (!NT_STATUS_IS_OK(result)) {
 741                         goto out;
 742                 }
 743         }
 744 
 745         result = NT_STATUS_OK;
 746 
 747  out:
 748         if (cli) {
 749                 cli_shutdown(cli);
 750         }
 751 
 752         return result;
 753 }
 754 
 755 /****************************************************************
 756 ****************************************************************/
 757 
 758 NTSTATUS gpo_get_unix_path(TALLOC_CTX *mem_ctx,
     /* [<][>][^][v][top][bottom][index][help] */
 759                            struct GROUP_POLICY_OBJECT *gpo,
 760                            char **unix_path)
 761 {
 762         char *server, *share, *nt_path;
 763         return gpo_explode_filesyspath(mem_ctx, gpo->file_sys_path,
 764                                        &server, &share, &nt_path, unix_path);
 765 }
 766 
 767 /****************************************************************
 768 ****************************************************************/
 769 
 770 char *gpo_flag_str(uint32_t flags)
     /* [<][>][^][v][top][bottom][index][help] */
 771 {
 772         fstring str = "";
 773 
 774         if (flags == 0) {
 775                 return NULL;
 776         }
 777 
 778         if (flags & GPO_INFO_FLAG_SLOWLINK)
 779                 fstrcat(str, "GPO_INFO_FLAG_SLOWLINK ");
 780         if (flags & GPO_INFO_FLAG_VERBOSE)
 781                 fstrcat(str, "GPO_INFO_FLAG_VERBOSE ");
 782         if (flags & GPO_INFO_FLAG_SAFEMODE_BOOT)
 783                 fstrcat(str, "GPO_INFO_FLAG_SAFEMODE_BOOT ");
 784         if (flags & GPO_INFO_FLAG_NOCHANGES)
 785                 fstrcat(str, "GPO_INFO_FLAG_NOCHANGES ");
 786         if (flags & GPO_INFO_FLAG_MACHINE)
 787                 fstrcat(str, "GPO_INFO_FLAG_MACHINE ");
 788         if (flags & GPO_INFO_FLAG_LOGRSOP_TRANSITION)
 789                 fstrcat(str, "GPO_INFO_FLAG_LOGRSOP_TRANSITION ");
 790         if (flags & GPO_INFO_FLAG_LINKTRANSITION)
 791                 fstrcat(str, "GPO_INFO_FLAG_LINKTRANSITION ");
 792         if (flags & GPO_INFO_FLAG_FORCED_REFRESH)
 793                 fstrcat(str, "GPO_INFO_FLAG_FORCED_REFRESH ");
 794         if (flags & GPO_INFO_FLAG_BACKGROUND)
 795                 fstrcat(str, "GPO_INFO_FLAG_BACKGROUND ");
 796 
 797         return SMB_STRDUP(str);
 798 }
 799 
 800 /****************************************************************
 801 ****************************************************************/
 802 
 803 NTSTATUS gp_find_file(TALLOC_CTX *mem_ctx,
     /* [<][>][^][v][top][bottom][index][help] */
 804                       uint32_t flags,
 805                       const char *filename,
 806                       const char *suffix,
 807                       const char **filename_out)
 808 {
 809         const char *tmp = NULL;
 810         SMB_STRUCT_STAT sbuf;
 811         const char *path = NULL;
 812 
 813         if (flags & GPO_LIST_FLAG_MACHINE) {
 814                 path = "Machine";
 815         } else {
 816                 path = "User";
 817         }
 818 
 819         tmp = talloc_asprintf(mem_ctx, "%s/%s/%s", filename,
 820                               path, suffix);
 821         NT_STATUS_HAVE_NO_MEMORY(tmp);
 822 
 823         if (sys_stat(tmp, &sbuf) == 0) {
 824                 *filename_out = tmp;
 825                 return NT_STATUS_OK;
 826         }
 827 
 828         path = talloc_strdup_upper(mem_ctx, path);
 829         NT_STATUS_HAVE_NO_MEMORY(path);
 830 
 831         tmp = talloc_asprintf(mem_ctx, "%s/%s/%s", filename,
 832                               path, suffix);
 833         NT_STATUS_HAVE_NO_MEMORY(tmp);
 834 
 835         if (sys_stat(tmp, &sbuf) == 0) {
 836                 *filename_out = tmp;
 837                 return NT_STATUS_OK;
 838         }
 839 
 840         return NT_STATUS_NO_SUCH_FILE;
 841 }
 842 
 843 /****************************************************************
 844 ****************************************************************/
 845 
 846 ADS_STATUS gp_get_machine_token(ADS_STRUCT *ads,
     /* [<][>][^][v][top][bottom][index][help] */
 847                                 TALLOC_CTX *mem_ctx,
 848                                 const char *dn,
 849                                 struct nt_user_token **token)
 850 {
 851         struct nt_user_token *ad_token = NULL;
 852         ADS_STATUS status;
 853         NTSTATUS ntstatus;
 854 
 855 #ifndef HAVE_ADS
 856         return ADS_ERROR_NT(NT_STATUS_NOT_SUPPORTED);
 857 #endif
 858         status = ads_get_sid_token(ads, mem_ctx, dn, &ad_token);
 859         if (!ADS_ERR_OK(status)) {
 860                 return status;
 861         }
 862 
 863         ntstatus = merge_nt_token(mem_ctx, ad_token, get_system_token(),
 864                                   token);
 865         if (!NT_STATUS_IS_OK(ntstatus)) {
 866                 return ADS_ERROR_NT(ntstatus);
 867         }
 868 
 869         return ADS_SUCCESS;
 870 }

/* [<][>][^][v][top][bottom][index][help] */