Author: gd Date: 2006-09-29 01:49:26 +0000 (Fri, 29 Sep 2006) New Revision: 18988
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=18988 Log: Check and refresh expired GPOs. Guenther Modified: branches/SAMBA_3_0/source/libgpo/gpo_util.c branches/SAMBA_3_0/source/utils/net_ads_gpo.c Changeset: Modified: branches/SAMBA_3_0/source/libgpo/gpo_util.c =================================================================== --- branches/SAMBA_3_0/source/libgpo/gpo_util.c 2006-09-29 01:42:28 UTC (rev 18987) +++ branches/SAMBA_3_0/source/libgpo/gpo_util.c 2006-09-29 01:49:26 UTC (rev 18988) @@ -1,7 +1,7 @@ /* * Unix SMB/CIFS implementation. * Group Policy Object Support - * Copyright (C) Guenther Deschner 2005 + * Copyright (C) Guenther Deschner 2005-2006 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -522,4 +522,127 @@ return ADS_ERROR(LDAP_SUCCESS); } +/**************************************************************** + check wether the version number in a GROUP_POLICY_OBJECT match those of the + locally stored version. If not, fetch the required policy via CIFS +****************************************************************/ + +NTSTATUS check_refresh_gpo(ADS_STRUCT *ads, + TALLOC_CTX *mem_ctx, + struct GROUP_POLICY_OBJECT *gpo, + struct cli_state **cli_out) +{ + NTSTATUS result; + char *server, *share, *nt_path, *unix_path; + uint32 sysvol_gpt_version = 0; + char *display_name; + struct cli_state *cli = NULL; + + result = ads_gpo_explode_filesyspath(ads, mem_ctx, gpo->file_sys_path, + &server, &share, &nt_path, &unix_path); + + if (!NT_STATUS_IS_OK(result)) { + goto out; + } + + result = ads_gpo_get_sysvol_gpt_version(ads, mem_ctx, + unix_path, + &sysvol_gpt_version, + &display_name); + if (!NT_STATUS_IS_OK(result) && + !NT_STATUS_EQUAL(result, NT_STATUS_NO_SUCH_FILE)) { + DEBUG(10,("check_refresh_gpo: failed to get local gpt version: %s\n", + nt_errstr(result))); + goto out; + } + + while (gpo->version > sysvol_gpt_version) { + + DEBUG(1,("check_refresh_gpo: need to refresh GPO\n")); + + if (*cli_out == NULL) { + + result = cli_full_connection(&cli, global_myname(), + server, /* ads->config.ldap_server_name, */ + NULL, 0, + share, "A:", + ads->auth.user_name, NULL, ads->auth.password, + CLI_FULL_CONNECTION_USE_KERBEROS, + Undefined, NULL); + if (!NT_STATUS_IS_OK(result)) { + DEBUG(10,("check_refresh_gpo: failed to connect: %s\n", nt_errstr(result))); + goto out; + } + + *cli_out = cli; + } + + result = ads_fetch_gpo_files(ads, mem_ctx, *cli_out, gpo); + if (!NT_STATUS_IS_OK(result)) { + goto out; + } + + result = ads_gpo_get_sysvol_gpt_version(ads, mem_ctx, + unix_path, + &sysvol_gpt_version, + &display_name); + if (!NT_STATUS_IS_OK(result)) { + DEBUG(10,("check_refresh_gpo: failed to get local gpt version: %s\n", + nt_errstr(result))); + goto out; + } + + if (gpo->version == sysvol_gpt_version) { + break; + } + } + + DEBUG(10,("Name:\t\t\t%s\n", gpo->display_name)); + DEBUGADD(10,("sysvol GPT version:\t%d (user: %d, machine: %d)\n", + sysvol_gpt_version, + GPO_VERSION_USER(sysvol_gpt_version), + GPO_VERSION_MACHINE(sysvol_gpt_version))); + DEBUGADD(10,("LDAP GPO version:\t%d (user: %d, machine: %d)\n", + gpo->version, + GPO_VERSION_USER(gpo->version), + GPO_VERSION_MACHINE(gpo->version))); + + result = NT_STATUS_OK; + + out: + return result; + +} + +/**************************************************************** + check wether the version numbers in the gpo_list match the locally stored, if + not, go and get each required GPO via CIFS + ****************************************************************/ + +NTSTATUS check_refresh_gpo_list(ADS_STRUCT *ads, + TALLOC_CTX *mem_ctx, + struct GROUP_POLICY_OBJECT *gpo_list) +{ + NTSTATUS result = NT_STATUS_UNSUCCESSFUL; + struct cli_state *cli = NULL; + struct GROUP_POLICY_OBJECT *gpo; + + for (gpo = gpo_list; gpo; gpo = gpo->next) { + + result = check_refresh_gpo(ads, mem_ctx, gpo, &cli); + if (!NT_STATUS_IS_OK(result)) { + goto out; + } + } + + result = NT_STATUS_OK; + + out: + if (cli) { + cli_shutdown(cli); + } + + return result; +} + #endif /* HAVE_LDAP */ Modified: branches/SAMBA_3_0/source/utils/net_ads_gpo.c =================================================================== --- branches/SAMBA_3_0/source/utils/net_ads_gpo.c 2006-09-29 01:42:28 UTC (rev 18987) +++ branches/SAMBA_3_0/source/utils/net_ads_gpo.c 2006-09-29 01:49:26 UTC (rev 18988) @@ -111,6 +111,11 @@ goto out; } + if (!NT_STATUS_IS_OK(result = check_refresh_gpo_list(ads, mem_ctx, gpo_list))) { + printf("failed to refresh GPOs: %s\n", nt_errstr(result)); + goto out; + } + for (gpo = gpo_list; gpo; gpo = gpo->next) { char *server, *share, *nt_path, *unix_path;
