search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
messaging4: Move str_list_add
[Samba.git] / source4 / lib / policy / gp_ldap.c
blobee7c07fef27ae8857b67b0d1f5d56cab33b6e759
1 /*
2 * Unix SMB/CIFS implementation.
3 * Group Policy Object Support
4 * Copyright (C) Jelmer Vernooij 2008
5 * Copyright (C) Wilco Baan Hofman 2008-2010
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
19 */
20 #include "includes.h"
21 #include "param/param.h"
22 #include <ldb.h>
23 #include "lib/ldb-samba/ldb_wrap.h"
24 #include "auth/credentials/credentials.h"
25 #include "../librpc/gen_ndr/nbt.h"
26 #include "libcli/libcli.h"
27 #include "libnet/libnet.h"
28 #include "../librpc/gen_ndr/ndr_security.h"
29 #include "../libcli/security/security.h"
30 #include "libcli/ldap/ldap_ndr.h"
31 #include "../lib/talloc/talloc.h"
32 #include "lib/policy/policy.h"
33
34 struct gpo_stringmap {
35 const char *str;
36 uint32_t flags;
37 };
38 static const struct gpo_stringmap gplink_options [] = {
39 { "GPLINK_OPT_DISABLE", GPLINK_OPT_DISABLE },
40 { "GPLINK_OPT_ENFORCE", GPLINK_OPT_ENFORCE },
41 { NULL, 0 }
42 };
43 static const struct gpo_stringmap gpo_flags [] = {
44 { "GPO_FLAG_USER_DISABLE", GPO_FLAG_USER_DISABLE },
45 { "GPO_FLAG_MACHINE_DISABLE", GPO_FLAG_MACHINE_DISABLE },
46 { NULL, 0 }
47 };
48 static const struct gpo_stringmap gpo_inheritance [] = {
49 { "GPO_INHERIT", GPO_INHERIT },
50 { "GPO_BLOCK_INHERITANCE", GPO_BLOCK_INHERITANCE },
51 { NULL, 0 }
52 };
53
54
55 static NTSTATUS parse_gpo(TALLOC_CTX *mem_ctx, struct ldb_message *msg, struct gp_object **ret)
56 {
57 struct gp_object *gpo = talloc(mem_ctx, struct gp_object);
58 enum ndr_err_code ndr_err;
59 const DATA_BLOB *data;
60
61 NT_STATUS_HAVE_NO_MEMORY(gpo);
62
63 gpo->dn = talloc_strdup(mem_ctx, ldb_dn_get_linearized(msg->dn));
64 if (gpo->dn == NULL) {
65 TALLOC_FREE(gpo);
66 return NT_STATUS_NO_MEMORY;
67 }
68
69 DEBUG(9, ("Parsing GPO LDAP data for %s\n", gpo->dn));
70
71 gpo->display_name = talloc_strdup(gpo, ldb_msg_find_attr_as_string(msg, "displayName", ""));
72 if (gpo->display_name == NULL) {
73 TALLOC_FREE(gpo);
74 return NT_STATUS_NO_MEMORY;
75 }
76
77 gpo->name = talloc_strdup(gpo, ldb_msg_find_attr_as_string(msg, "name", ""));
78 if (gpo->name == NULL) {
79 TALLOC_FREE(gpo);
80 return NT_STATUS_NO_MEMORY;
81 }
82
83 gpo->flags = ldb_msg_find_attr_as_uint(msg, "flags", 0);
84 gpo->version = ldb_msg_find_attr_as_uint(msg, "versionNumber", 0);
85
86 gpo->file_sys_path = talloc_strdup(gpo, ldb_msg_find_attr_as_string(msg, "gPCFileSysPath", ""));
87 if (gpo->file_sys_path == NULL) {
88 TALLOC_FREE(gpo);
89 return NT_STATUS_NO_MEMORY;
90 }
91
92 /* Pull the security descriptor through the NDR library */
93 data = ldb_msg_find_ldb_val(msg, "nTSecurityDescriptor");
94 gpo->security_descriptor = talloc(gpo, struct security_descriptor);
95 if (gpo->security_descriptor == NULL) {
96 TALLOC_FREE(gpo);
97 return NT_STATUS_NO_MEMORY;
98 }
99
100 ndr_err = ndr_pull_struct_blob(data,
101 mem_ctx,
102 gpo->security_descriptor,
103 (ndr_pull_flags_fn_t)ndr_pull_security_descriptor);
104 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
105 return ndr_map_error2ntstatus(ndr_err);
106 }
107
108 *ret = gpo;
109 return NT_STATUS_OK;
110 }
111
112 NTSTATUS gp_get_gpo_flags(TALLOC_CTX *mem_ctx, uint32_t flags, const char ***ret)
113 {
114 unsigned int i, count=0;
115 const char **flag_strs = talloc_array(mem_ctx, const char *, 1);
116
117 NT_STATUS_HAVE_NO_MEMORY(flag_strs);
118
119 flag_strs[0] = NULL;
120
121 for (i = 0; gpo_flags[i].str != NULL; i++) {
122 if (flags & gpo_flags[i].flags) {
123 flag_strs = talloc_realloc(mem_ctx, flag_strs, const char *, count+2);
124 NT_STATUS_HAVE_NO_MEMORY(flag_strs);
125 flag_strs[count] = gpo_flags[i].str;
126 flag_strs[count+1] = NULL;
127 count++;
128 }
129 }
130 *ret = flag_strs;
131 return NT_STATUS_OK;
132 }
133
134 NTSTATUS gp_get_gplink_options(TALLOC_CTX *mem_ctx, uint32_t options, const char ***ret)
135 {
136 unsigned int i, count=0;
137 const char **flag_strs = talloc_array(mem_ctx, const char *, 1);
138
139 NT_STATUS_HAVE_NO_MEMORY(flag_strs);
140 flag_strs[0] = NULL;
141
142 for (i = 0; gplink_options[i].str != NULL; i++) {
143 if (options & gplink_options[i].flags) {
144 flag_strs = talloc_realloc(mem_ctx, flag_strs, const char *, count+2);
145 NT_STATUS_HAVE_NO_MEMORY(flag_strs);
146 flag_strs[count] = gplink_options[i].str;
147 flag_strs[count+1] = NULL;
148 count++;
149 }
150 }
151 *ret = flag_strs;
152 return NT_STATUS_OK;
153 }
154
155 NTSTATUS gp_init(TALLOC_CTX *mem_ctx,
156 struct loadparm_context *lp_ctx,
157 struct cli_credentials *credentials,
158 struct tevent_context *ev_ctx,
159 struct gp_context **gp_ctx)
160 {
161
162 struct libnet_LookupDCs *io;
163 char *url;
164 struct libnet_context *net_ctx;
165 struct ldb_context *ldb_ctx;
166 NTSTATUS rv;
167
168 /* Initialise the libnet context */
169 net_ctx = libnet_context_init(ev_ctx, lp_ctx);
170 net_ctx->cred = credentials;
171
172 /* Prepare libnet lookup structure for looking a DC (PDC is correct). */
173 io = talloc_zero(mem_ctx, struct libnet_LookupDCs);
174 NT_STATUS_HAVE_NO_MEMORY(io);
175 io->in.name_type = NBT_NAME_PDC;
176 io->in.domain_name = lpcfg_workgroup(lp_ctx);
177
178 /* Find Active DC's */
179 rv = libnet_LookupDCs(net_ctx, mem_ctx, io);
180 if (!NT_STATUS_IS_OK(rv)) {
181 DEBUG(0, ("Failed to lookup DCs in domain\n"));
182 return rv;
183 }
184
185 /* Connect to ldap://DC_NAME with all relevant contexts*/
186 url = talloc_asprintf(mem_ctx, "ldap://%s", io->out.dcs[0].name);
187 NT_STATUS_HAVE_NO_MEMORY(url);
188 ldb_ctx = ldb_wrap_connect(mem_ctx, net_ctx->event_ctx, lp_ctx,
189 url, NULL, net_ctx->cred, 0);
190 if (ldb_ctx == NULL) {
191 DEBUG(0, ("Can't connect to DC's LDAP with url %s\n", url));
192 return NT_STATUS_UNSUCCESSFUL;
193 }
194
195 *gp_ctx = talloc_zero(mem_ctx, struct gp_context);
196 NT_STATUS_HAVE_NO_MEMORY(gp_ctx);
197
198 (*gp_ctx)->lp_ctx = lp_ctx;
199 (*gp_ctx)->credentials = credentials;
200 (*gp_ctx)->ev_ctx = ev_ctx;
201 (*gp_ctx)->ldb_ctx = ldb_ctx;
202 (*gp_ctx)->active_dc = talloc_reference(*gp_ctx, &io->out.dcs[0]);
203
204 /* We don't need to keep the libnet context */
205 talloc_free(net_ctx);
206 return NT_STATUS_OK;
207 }
208
209 NTSTATUS gp_list_all_gpos(struct gp_context *gp_ctx, struct gp_object ***ret)
210 {
211 struct ldb_result *result;
212 int rv;
213 NTSTATUS status;
214 TALLOC_CTX *mem_ctx;
215 struct ldb_dn *dn;
216 struct gp_object **gpo;
217 unsigned int i; /* same as in struct ldb_result */
218 const char **attrs;
219
220 /* Create a forked memory context, as a base for everything here */
221 mem_ctx = talloc_new(gp_ctx);
222 NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
223
224 /* Create full ldb dn of the policies base object */
225 dn = ldb_get_default_basedn(gp_ctx->ldb_ctx);
226 rv = ldb_dn_add_child(dn, ldb_dn_new(mem_ctx, gp_ctx->ldb_ctx, "CN=Policies,CN=System"));
227 if (!rv) {
228 DEBUG(0, ("Can't append subtree to DN\n"));
229 talloc_free(mem_ctx);
230 return NT_STATUS_UNSUCCESSFUL;
231 }
232
233 DEBUG(10, ("Searching for policies in DN: %s\n", ldb_dn_get_linearized(dn)));
234
235 attrs = talloc_array(mem_ctx, const char *, 7);
236 if (attrs == NULL) {
237 TALLOC_FREE(mem_ctx);
238 return NT_STATUS_NO_MEMORY;
239 }
240
241 attrs[0] = "nTSecurityDescriptor";
242 attrs[1] = "versionNumber";
243 attrs[2] = "flags";
244 attrs[3] = "name";
245 attrs[4] = "displayName";
246 attrs[5] = "gPCFileSysPath";
247 attrs[6] = NULL;
248
249 rv = ldb_search(gp_ctx->ldb_ctx, mem_ctx, &result, dn, LDB_SCOPE_ONELEVEL, attrs, "(objectClass=groupPolicyContainer)");
250 if (rv != LDB_SUCCESS) {
251 DEBUG(0, ("LDB search failed: %s\n%s\n", ldb_strerror(rv), ldb_errstring(gp_ctx->ldb_ctx)));
252 talloc_free(mem_ctx);
253 return NT_STATUS_UNSUCCESSFUL;
254 }
255
256 gpo = talloc_array(gp_ctx, struct gp_object *, result->count+1);
257 if (gpo == NULL) {
258 TALLOC_FREE(mem_ctx);
259 return NT_STATUS_NO_MEMORY;
260 }
261
262 gpo[result->count] = NULL;
263
264 for (i = 0; i < result->count; i++) {
265 status = parse_gpo(gp_ctx, result->msgs[i], &gpo[i]);
266 if (!NT_STATUS_IS_OK(status)) {
267 DEBUG(0, ("Failed to parse GPO.\n"));
268 talloc_free(mem_ctx);
269 return status;
270 }
271 }
272
273 talloc_free(mem_ctx);
274
275 *ret = gpo;
276 return NT_STATUS_OK;
277 }
278
279 NTSTATUS gp_get_gpo_info(struct gp_context *gp_ctx, const char *dn_str, struct gp_object **ret)
280 {
281 struct ldb_result *result;
282 struct ldb_dn *dn;
283 struct gp_object *gpo;
284 int rv;
285 NTSTATUS status;
286 TALLOC_CTX *mem_ctx;
287 const char **attrs;
288
289 /* Create a forked memory context, as a base for everything here */
290 mem_ctx = talloc_new(gp_ctx);
291 NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
292
293 /* Create an ldb dn struct for the dn string */
294 dn = ldb_dn_new(mem_ctx, gp_ctx->ldb_ctx, dn_str);
295
296 attrs = talloc_array(mem_ctx, const char *, 7);
297 if (attrs == NULL) {
298 TALLOC_FREE(mem_ctx);
299 return NT_STATUS_NO_MEMORY;
300 }
301
302 attrs[0] = "nTSecurityDescriptor";
303 attrs[1] = "versionNumber";
304 attrs[2] = "flags";
305 attrs[3] = "name";
306 attrs[4] = "displayName";
307 attrs[5] = "gPCFileSysPath";
308 attrs[6] = NULL;
309
310 rv = ldb_search(gp_ctx->ldb_ctx,
311 mem_ctx,
312 &result,
313 dn,
314 LDB_SCOPE_BASE,
315 attrs,
316 "objectClass=groupPolicyContainer");
317 if (rv != LDB_SUCCESS) {
318 DEBUG(0, ("LDB search failed: %s\n%s\n", ldb_strerror(rv), ldb_errstring(gp_ctx->ldb_ctx)));
319 talloc_free(mem_ctx);
320 return NT_STATUS_UNSUCCESSFUL;
321 }
322
323 /* We expect exactly one record */
324 if (result->count != 1) {
325 DEBUG(0, ("Could not find GPC with dn %s\n", dn_str));
326 talloc_free(mem_ctx);
327 return NT_STATUS_NOT_FOUND;
328 }
329
330 status = parse_gpo(gp_ctx, result->msgs[0], &gpo);
331 if (!NT_STATUS_IS_OK(status)) {
332 DEBUG(0, ("Failed to parse GPO.\n"));
333 talloc_free(mem_ctx);
334 return status;
335 }
336
337 talloc_free(mem_ctx);
338
339 *ret = gpo;
340 return NT_STATUS_OK;
341 }
342
343 static NTSTATUS parse_gplink (TALLOC_CTX *mem_ctx, const char *gplink_str, struct gp_link ***ret)
344 {
345 int start, idx=0;
346 int pos;
347 struct gp_link **gplinks;
348 char *buf, *end;
349 const char *gplink_start = "[LDAP://";
350
351 gplinks = talloc_array(mem_ctx, struct gp_link *, 1);
352 NT_STATUS_HAVE_NO_MEMORY(gplinks);
353
354 gplinks[0] = NULL;
355
356 /* Assuming every gPLink starts with "[LDAP://" */
357 start = strlen(gplink_start);
358
359 for (pos = start; pos < strlen(gplink_str); pos++) {
360 if (gplink_str[pos] == ';') {
361 gplinks = talloc_realloc(mem_ctx, gplinks, struct gp_link *, idx+2);
362 NT_STATUS_HAVE_NO_MEMORY(gplinks);
363 gplinks[idx] = talloc(mem_ctx, struct gp_link);
364 NT_STATUS_HAVE_NO_MEMORY(gplinks[idx]);
365 gplinks[idx]->dn = talloc_strndup(mem_ctx,
366 gplink_str + start,
367 pos - start);
368 if (gplinks[idx]->dn == NULL) {
369 TALLOC_FREE(gplinks);
370 return NT_STATUS_NO_MEMORY;
371 }
372
373 for (start = pos + 1; gplink_str[pos] != ']'; pos++);
374
375 buf = talloc_strndup(gplinks, gplink_str + start, pos - start);
376 if (buf == NULL) {
377 TALLOC_FREE(gplinks);
378 return NT_STATUS_NO_MEMORY;
379 }
380 gplinks[idx]->options = (uint32_t) strtoll(buf, &end, 0);
381 talloc_free(buf);
382
383 /* Set the last entry in the array to be NULL */
384 gplinks[idx + 1] = NULL;
385
386 /* Increment the array index, the string position past
387 the next "[LDAP://", and set the start reference */
388 idx++;
389 pos += strlen(gplink_start)+1;
390 start = pos;
391 }
392 }
393
394 *ret = gplinks;
395 return NT_STATUS_OK;
396 }
397
398
399 NTSTATUS gp_get_gplinks(struct gp_context *gp_ctx, const char *dn_str, struct gp_link ***ret)
400 {
401 TALLOC_CTX *mem_ctx;
402 struct ldb_dn *dn;
403 struct ldb_result *result;
404 struct gp_link **gplinks;
405 char *gplink_str;
406 int rv;
407 unsigned int i, j;
408 NTSTATUS status;
409
410 /* Create a forked memory context, as a base for everything here */
411 mem_ctx = talloc_new(gp_ctx);
412 NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
413
414 dn = ldb_dn_new(mem_ctx, gp_ctx->ldb_ctx, dn_str);
415
416 rv = ldb_search(gp_ctx->ldb_ctx, mem_ctx, &result, dn, LDB_SCOPE_BASE, NULL, "(objectclass=*)");
417 if (rv != LDB_SUCCESS) {
418 DEBUG(0, ("LDB search failed: %s\n%s\n", ldb_strerror(rv), ldb_errstring(gp_ctx->ldb_ctx)));
419 talloc_free(mem_ctx);
420 return NT_STATUS_UNSUCCESSFUL;
421 }
422
423 for (i = 0; i < result->count; i++) {
424 for (j = 0; j < result->msgs[i]->num_elements; j++) {
425 struct ldb_message_element *element = &result->msgs[i]->elements[j];
426
427 if (strcmp(element->name, "gPLink") == 0) {
428 SMB_ASSERT(element->num_values > 0);
429 gplink_str = talloc_strdup(mem_ctx, (char *) element->values[0].data);
430 if (gplink_str == NULL) {
431 TALLOC_FREE(mem_ctx);
432 return NT_STATUS_NO_MEMORY;
433 }
434 goto found;
435 }
436 }
437 }
438 gplink_str = talloc_strdup(mem_ctx, "");
439 if (gplink_str == NULL) {
440 TALLOC_FREE(mem_ctx);
441 return NT_STATUS_NO_MEMORY;
442 }
443
444 found:
445
446 status = parse_gplink(gp_ctx, gplink_str, &gplinks);
447 if (!NT_STATUS_IS_OK(status)) {
448 DEBUG(0, ("Failed to parse gPLink\n"));
449 return status;
450 }
451
452 talloc_free(mem_ctx);
453
454 *ret = gplinks;
455 return NT_STATUS_OK;
456 }
457
458 NTSTATUS gp_list_gpos(struct gp_context *gp_ctx, struct security_token *token, const char ***ret)
459 {
460 TALLOC_CTX *mem_ctx;
461 const char **gpos;
462 struct ldb_result *result;
463 char *sid;
464 struct ldb_dn *dn;
465 struct ldb_message_element *element;
466 bool inherit;
467 const char *attrs[] = { "objectClass", NULL };
468 int rv;
469 NTSTATUS status;
470 unsigned int count = 0;
471 unsigned int i;
472 enum {
473 ACCOUNT_TYPE_USER = 0,
474 ACCOUNT_TYPE_MACHINE = 1
475 } account_type;
476
477 /* Create a forked memory context, as a base for everything here */
478 mem_ctx = talloc_new(gp_ctx);
479 NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
480
481 sid = ldap_encode_ndr_dom_sid(mem_ctx,
482 &token->sids[PRIMARY_USER_SID_INDEX]);
483 NT_STATUS_HAVE_NO_MEMORY(sid);
484
485 /* Find the user DN and objectclass via the sid from the security token */
486 rv = ldb_search(gp_ctx->ldb_ctx,
487 mem_ctx,
488 &result,
489 ldb_get_default_basedn(gp_ctx->ldb_ctx),
490 LDB_SCOPE_SUBTREE,
491 attrs,
492 "(&(objectclass=user)(objectSid=%s))", sid);
493 if (rv != LDB_SUCCESS) {
494 DEBUG(0, ("LDB search failed: %s\n%s\n", ldb_strerror(rv),
495 ldb_errstring(gp_ctx->ldb_ctx)));
496 talloc_free(mem_ctx);
497 return NT_STATUS_UNSUCCESSFUL;
498 }
499 if (result->count != 1) {
500 DEBUG(0, ("Could not find user with sid %s.\n", sid));
501 talloc_free(mem_ctx);
502 return NT_STATUS_UNSUCCESSFUL;
503 }
504 DEBUG(10,("Found DN for this user: %s\n", ldb_dn_get_linearized(result->msgs[0]->dn)));
505
506 element = ldb_msg_find_element(result->msgs[0], "objectClass");
507
508 /* We need to know if this account is a user or machine. */
509 account_type = ACCOUNT_TYPE_USER;
510 for (i = 0; i < element->num_values; i++) {
511 if (strcmp((char *)element->values[i].data, "computer") == 0) {
512 account_type = ACCOUNT_TYPE_MACHINE;
513 DEBUG(10, ("This user is a machine\n"));
514 }
515 }
516
517 gpos = talloc_array(gp_ctx, const char *, 1);
518 if (gpos == NULL) {
519 TALLOC_FREE(mem_ctx);
520 return NT_STATUS_NO_MEMORY;
521 }
522 gpos[0] = NULL;
523
524 /* Walk through the containers until we hit the root */
525 inherit = 1;
526 dn = ldb_dn_get_parent(mem_ctx, result->msgs[0]->dn);
527 while (ldb_dn_compare_base(ldb_get_default_basedn(gp_ctx->ldb_ctx), dn) == 0) {
528 const char *gpo_attrs[] = { "gPLink", "gPOptions", NULL };
529 struct gp_link **gplinks;
530 enum gpo_inheritance gpoptions;
531
532 DEBUG(10, ("Getting gPLinks for DN: %s\n", ldb_dn_get_linearized(dn)));
533
534 /* Get the gPLink and gPOptions attributes from the container */
535 rv = ldb_search(gp_ctx->ldb_ctx,
536 mem_ctx,
537 &result,
538 dn,
539 LDB_SCOPE_BASE,
540 gpo_attrs,
541 "objectclass=*");
542 if (rv != LDB_SUCCESS) {
543 DEBUG(0, ("LDB search failed: %s\n%s\n", ldb_strerror(rv),
544 ldb_errstring(gp_ctx->ldb_ctx)));
545 talloc_free(mem_ctx);
546 return NT_STATUS_UNSUCCESSFUL;
547 }
548
549 /* Parse the gPLink attribute, put it into a nice struct array */
550 status = parse_gplink(mem_ctx, ldb_msg_find_attr_as_string(result->msgs[0], "gPLink", ""), &gplinks);
551 if (!NT_STATUS_IS_OK(status)) {
552 DEBUG(0, ("Failed to parse gPLink\n"));
553 talloc_free(mem_ctx);
554 return status;
555 }
556
557 /* Check all group policy links on this container */
558 for (i = 0; gplinks[i] != NULL; i++) {
559 struct gp_object *gpo;
560 uint32_t access_granted;
561
562 /* If inheritance was blocked at a higher level and this
563 * gplink is not enforced, it should not be applied */
564 if (!inherit && !(gplinks[i]->options & GPLINK_OPT_ENFORCE))
565 continue;
566
567 /* Don't apply disabled links */
568 if (gplinks[i]->options & GPLINK_OPT_DISABLE)
569 continue;
570
571 /* Get GPO information */
572 status = gp_get_gpo_info(gp_ctx, gplinks[i]->dn, &gpo);
573 if (!NT_STATUS_IS_OK(status)) {
574 DEBUG(0, ("Failed to get gpo information for %s\n", gplinks[i]->dn));
575 talloc_free(mem_ctx);
576 return status;
577 }
578
579 /* If the account does not have read access, this GPO does not apply
580 * to this account */
581 status = se_access_check(gpo->security_descriptor,
582 token,
583 (SEC_STD_READ_CONTROL | SEC_ADS_LIST | SEC_ADS_READ_PROP),
584 &access_granted);
585 if (!NT_STATUS_IS_OK(status)) {
586 continue;
587 }
588
589 /* If the account is a user and the GPO has user disabled flag, or
590 * a machine and the GPO has machine disabled flag, this GPO does
591 * not apply to this account */
592 if ((account_type == ACCOUNT_TYPE_USER &&
593 (gpo->flags & GPO_FLAG_USER_DISABLE)) ||
594 (account_type == ACCOUNT_TYPE_MACHINE &&
595 (gpo->flags & GPO_FLAG_MACHINE_DISABLE))) {
596 continue;
597 }
598
599 /* Add the GPO to the list */
600 gpos = talloc_realloc(gp_ctx, gpos, const char *, count+2);
601 if (gpos == NULL) {
602 TALLOC_FREE(mem_ctx);
603 return NT_STATUS_NO_MEMORY;
604 }
605 gpos[count] = talloc_strdup(gp_ctx, gplinks[i]->dn);
606 if (gpos[count] == NULL) {
607 TALLOC_FREE(mem_ctx);
608 return NT_STATUS_NO_MEMORY;
609 }
610 gpos[count+1] = NULL;
611 count++;
612
613 /* Clean up */
614 talloc_free(gpo);
615 }
616
617 /* If inheritance is blocked, then we should only add enforced gPLinks
618 * higher up */
619 gpoptions = ldb_msg_find_attr_as_uint(result->msgs[0], "gPOptions", 0);
620 if (gpoptions == GPO_BLOCK_INHERITANCE) {
621 inherit = 0;
622 }
623 dn = ldb_dn_get_parent(mem_ctx, dn);
624 }
625
626 talloc_free(mem_ctx);
627
628 *ret = gpos;
629 return NT_STATUS_OK;
630 }
631
632 NTSTATUS gp_set_gplink(struct gp_context *gp_ctx, const char *dn_str, struct gp_link *gplink)
633 {
634 TALLOC_CTX *mem_ctx;
635 struct ldb_result *result;
636 struct ldb_dn *dn;
637 struct ldb_message *msg;
638 const char *attrs[] = { "gPLink", NULL };
639 const char *gplink_str;
640 int rv;
641 char *start;
642
643 /* Create a forked memory context, as a base for everything here */
644 mem_ctx = talloc_new(gp_ctx);
645 NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
646
647 dn = ldb_dn_new(mem_ctx, gp_ctx->ldb_ctx, dn_str);
648
649 rv = ldb_search(gp_ctx->ldb_ctx, mem_ctx, &result, dn, LDB_SCOPE_BASE, attrs, "(objectclass=*)");
650 if (rv != LDB_SUCCESS) {
651 DEBUG(0, ("LDB search failed: %s\n%s\n", ldb_strerror(rv), ldb_errstring(gp_ctx->ldb_ctx)));
652 talloc_free(mem_ctx);
653 return NT_STATUS_UNSUCCESSFUL;
654 }
655
656 if (result->count != 1) {
657 talloc_free(mem_ctx);
658 return NT_STATUS_NOT_FOUND;
659 }
660
661 gplink_str = ldb_msg_find_attr_as_string(result->msgs[0], "gPLink", "");
662
663 /* If this GPO link already exists, alter the options, else add it */
664 if ((start = strcasestr(gplink_str, gplink->dn)) != NULL) {
665 start += strlen(gplink->dn);
666 *start = '\0';
667 start++;
668 while (*start != ']' && *start != '\0') {
669 start++;
670 }
671 gplink_str = talloc_asprintf(mem_ctx, "%s;%d%s", gplink_str, gplink->options, start);
672 if (gplink_str == NULL) {
673 TALLOC_FREE(mem_ctx);
674 return NT_STATUS_NO_MEMORY;
675 }
676
677 } else {
678 /* Prepend the new GPO link to the string. This list is backwards in priority. */
679 gplink_str = talloc_asprintf(mem_ctx, "[LDAP://%s;%d]%s", gplink->dn, gplink->options, gplink_str);
680 if (gplink_str == NULL) {
681 TALLOC_FREE(mem_ctx);
682 return NT_STATUS_NO_MEMORY;
683 }
684 }
685
686
687
688 msg = ldb_msg_new(mem_ctx);
689 if (msg == NULL) {
690 TALLOC_FREE(mem_ctx);
691 return NT_STATUS_NO_MEMORY;
692 }
693
694 msg->dn = dn;
695
696 rv = ldb_msg_add_string(msg, "gPLink", gplink_str);
697 if (rv != LDB_SUCCESS) {
698 DEBUG(0, ("LDB message add string failed: %s\n", ldb_strerror(rv)));
699 talloc_free(mem_ctx);
700 return NT_STATUS_UNSUCCESSFUL;
701 }
702 msg->elements[0].flags = LDB_FLAG_MOD_REPLACE;
703
704 rv = ldb_modify(gp_ctx->ldb_ctx, msg);
705 if (rv != LDB_SUCCESS) {
706 DEBUG(0, ("LDB modify failed: %s\n", ldb_strerror(rv)));
707 talloc_free(mem_ctx);
708 return NT_STATUS_UNSUCCESSFUL;
709 }
710
711 talloc_free(mem_ctx);
712 return NT_STATUS_OK;
713 }
714
715 NTSTATUS gp_del_gplink(struct gp_context *gp_ctx, const char *dn_str, const char *gplink_dn)
716 {
717 TALLOC_CTX *mem_ctx;
718 struct ldb_result *result;
719 struct ldb_dn *dn;
720 struct ldb_message *msg;
721 const char *attrs[] = { "gPLink", NULL };
722 const char *gplink_str, *search_string;
723 int rv;
724 char *p;
725
726 /* Create a forked memory context, as a base for everything here */
727 mem_ctx = talloc_new(gp_ctx);
728 NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
729
730 dn = ldb_dn_new(mem_ctx, gp_ctx->ldb_ctx, dn_str);
731
732 rv = ldb_search(gp_ctx->ldb_ctx, mem_ctx, &result, dn, LDB_SCOPE_BASE, attrs, "(objectclass=*)");
733 if (rv != LDB_SUCCESS) {
734 DEBUG(0, ("LDB search failed: %s\n%s\n", ldb_strerror(rv), ldb_errstring(gp_ctx->ldb_ctx)));
735 talloc_free(mem_ctx);
736 return NT_STATUS_UNSUCCESSFUL;
737 }
738
739 if (result->count != 1) {
740 talloc_free(mem_ctx);
741 return NT_STATUS_NOT_FOUND;
742 }
743
744 gplink_str = ldb_msg_find_attr_as_string(result->msgs[0], "gPLink", "");
745
746 /* If this GPO link already exists, alter the options, else add it */
747 search_string = talloc_asprintf(mem_ctx, "[LDAP://%s]", gplink_dn);
748 if (search_string == NULL) {
749 TALLOC_FREE(mem_ctx);
750 return NT_STATUS_NO_MEMORY;
751 }
752
753 p = strcasestr(gplink_str, search_string);
754 if (p == NULL) {
755 talloc_free(mem_ctx);
756 return NT_STATUS_NOT_FOUND;
757 }
758
759 *p = '\0';
760 p++;
761 while (*p != ']' && *p != '\0') {
762 p++;
763 }
764 p++;
765 gplink_str = talloc_asprintf(mem_ctx, "%s%s", gplink_str, p);
766 if (gplink_str == NULL) {
767 TALLOC_FREE(mem_ctx);
768 return NT_STATUS_NO_MEMORY;
769 }
770
771
772 msg = ldb_msg_new(mem_ctx);
773 if (msg == NULL) {
774 TALLOC_FREE(mem_ctx);
775 return NT_STATUS_NO_MEMORY;
776 }
777
778 msg->dn = dn;
779
780 if (strcmp(gplink_str, "") == 0) {
781 rv = ldb_msg_add_empty(msg, "gPLink", LDB_FLAG_MOD_DELETE, NULL);
782 if (rv != LDB_SUCCESS) {
783 DEBUG(0, ("LDB message add empty element failed: %s\n", ldb_strerror(rv)));
784 talloc_free(mem_ctx);
785 return NT_STATUS_UNSUCCESSFUL;
786 }
787 } else {
788 rv = ldb_msg_add_string(msg, "gPLink", gplink_str);
789 if (rv != LDB_SUCCESS) {
790 DEBUG(0, ("LDB message add string failed: %s\n", ldb_strerror(rv)));
791 talloc_free(mem_ctx);
792 return NT_STATUS_UNSUCCESSFUL;
793 }
794 msg->elements[0].flags = LDB_FLAG_MOD_REPLACE;
795 }
796 rv = ldb_modify(gp_ctx->ldb_ctx, msg);
797 if (rv != LDB_SUCCESS) {
798 DEBUG(0, ("LDB modify failed: %s\n", ldb_strerror(rv)));
799 talloc_free(mem_ctx);
800 return NT_STATUS_UNSUCCESSFUL;
801 }
802
803 talloc_free(mem_ctx);
804 return NT_STATUS_OK;
805 }
806
807 NTSTATUS gp_get_inheritance(struct gp_context *gp_ctx, const char *dn_str, enum gpo_inheritance *inheritance)
808 {
809 TALLOC_CTX *mem_ctx;
810 struct ldb_result *result;
811 struct ldb_dn *dn;
812 const char *attrs[] = { "gPOptions", NULL };
813 int rv;
814
815 /* Create a forked memory context, as a base for everything here */
816 mem_ctx = talloc_new(gp_ctx);
817 NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
818
819 dn = ldb_dn_new(mem_ctx, gp_ctx->ldb_ctx, dn_str);
820
821 rv = ldb_search(gp_ctx->ldb_ctx, mem_ctx, &result, dn, LDB_SCOPE_BASE, attrs, "(objectclass=*)");
822 if (rv != LDB_SUCCESS) {
823 DEBUG(0, ("LDB search failed: %s\n%s\n", ldb_strerror(rv), ldb_errstring(gp_ctx->ldb_ctx)));
824 talloc_free(mem_ctx);
825 return NT_STATUS_UNSUCCESSFUL;
826 }
827
828 if (result->count != 1) {
829 talloc_free(mem_ctx);
830 return NT_STATUS_NOT_FOUND;
831 }
832
833 *inheritance = ldb_msg_find_attr_as_uint(result->msgs[0], "gPOptions", 0);
834
835 talloc_free(mem_ctx);
836 return NT_STATUS_OK;
837 }
838
839 NTSTATUS gp_set_inheritance(struct gp_context *gp_ctx, const char *dn_str, enum gpo_inheritance inheritance)
840 {
841 char *inheritance_string;
842 struct ldb_message *msg;
843 int rv;
844
845 msg = ldb_msg_new(gp_ctx);
846 NT_STATUS_HAVE_NO_MEMORY(msg);
847
848 msg->dn = ldb_dn_new(msg, gp_ctx->ldb_ctx, dn_str);
849
850 inheritance_string = talloc_asprintf(msg, "%d", inheritance);
851 if (inheritance_string == NULL) {
852 TALLOC_FREE(msg);
853 return NT_STATUS_NO_MEMORY;
854 }
855
856 rv = ldb_msg_add_string(msg, "gPOptions", inheritance_string);
857 if (rv != LDB_SUCCESS) {
858 DEBUG(0, ("LDB message add string failed: %s\n", ldb_strerror(rv)));
859 talloc_free(msg);
860 return NT_STATUS_UNSUCCESSFUL;
861 }
862 msg->elements[0].flags = LDB_FLAG_MOD_REPLACE;
863
864 rv = ldb_modify(gp_ctx->ldb_ctx, msg);
865 if (rv != LDB_SUCCESS) {
866 DEBUG(0, ("LDB modify failed: %s\n", ldb_strerror(rv)));
867 talloc_free(msg);
868 return NT_STATUS_UNSUCCESSFUL;
869 }
870
871 talloc_free(msg);
872 return NT_STATUS_OK;
873 }
874
875 NTSTATUS gp_create_ldap_gpo(struct gp_context *gp_ctx, struct gp_object *gpo)
876 {
877 struct ldb_message *msg;
878 TALLOC_CTX *mem_ctx;
879 int rv;
880 char *dn_str, *flags_str, *version_str;
881 struct ldb_dn *child_dn, *gpo_dn;
882
883 mem_ctx = talloc_new(gp_ctx);
884 NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
885
886 /* CN={GUID} */
887 msg = ldb_msg_new(mem_ctx);
888 if (msg == NULL) {
889 TALLOC_FREE(mem_ctx);
890 return NT_STATUS_NO_MEMORY;
891 }
892
893 msg->dn = ldb_get_default_basedn(gp_ctx->ldb_ctx);
894 dn_str = talloc_asprintf(mem_ctx, "CN=%s,CN=Policies,CN=System", gpo->name);
895 if (dn_str == NULL) {
896 TALLOC_FREE(mem_ctx);
897 return NT_STATUS_NO_MEMORY;
898 }
899
900 child_dn = ldb_dn_new(mem_ctx, gp_ctx->ldb_ctx, dn_str);
901 rv = ldb_dn_add_child(msg->dn, child_dn);
902 if (!rv) goto ldb_msg_add_error;
903
904 flags_str = talloc_asprintf(mem_ctx, "%d", gpo->flags);
905 if (flags_str == NULL) {
906 TALLOC_FREE(mem_ctx);
907 return NT_STATUS_NO_MEMORY;
908 }
909
910 version_str = talloc_asprintf(mem_ctx, "%d", gpo->version);
911 if (version_str == NULL) {
912 TALLOC_FREE(mem_ctx);
913 return NT_STATUS_NO_MEMORY;
914 }
915
916 rv = ldb_msg_add_string(msg, "objectClass", "top");
917 if (rv != LDB_SUCCESS) goto ldb_msg_add_error;
918 rv = ldb_msg_add_string(msg, "objectClass", "container");
919 if (rv != LDB_SUCCESS) goto ldb_msg_add_error;
920 rv = ldb_msg_add_string(msg, "objectClass", "groupPolicyContainer");
921 if (rv != LDB_SUCCESS) goto ldb_msg_add_error;
922 rv = ldb_msg_add_string(msg, "displayName", gpo->display_name);
923 if (rv != LDB_SUCCESS) goto ldb_msg_add_error;
924 rv = ldb_msg_add_string(msg, "name", gpo->name);
925 if (rv != LDB_SUCCESS) goto ldb_msg_add_error;
926 rv = ldb_msg_add_string(msg, "CN", gpo->name);
927 if (rv != LDB_SUCCESS) goto ldb_msg_add_error;
928 rv = ldb_msg_add_string(msg, "gPCFileSysPath", gpo->file_sys_path);
929 if (rv != LDB_SUCCESS) goto ldb_msg_add_error;
930 rv = ldb_msg_add_string(msg, "flags", flags_str);
931 if (rv != LDB_SUCCESS) goto ldb_msg_add_error;
932 rv = ldb_msg_add_string(msg, "versionNumber", version_str);
933 if (rv != LDB_SUCCESS) goto ldb_msg_add_error;
934 rv = ldb_msg_add_string(msg, "showInAdvancedViewOnly", "TRUE");
935 if (rv != LDB_SUCCESS) goto ldb_msg_add_error;
936 rv = ldb_msg_add_string(msg, "gpCFunctionalityVersion", "2");
937 if (rv != LDB_SUCCESS) goto ldb_msg_add_error;
938
939 rv = ldb_add(gp_ctx->ldb_ctx, msg);
940 if (rv != LDB_SUCCESS) {
941 DEBUG(0, ("LDB add error: %s\n", ldb_errstring(gp_ctx->ldb_ctx)));
942 talloc_free(mem_ctx);
943 return NT_STATUS_UNSUCCESSFUL;
944 }
945
946 gpo_dn = msg->dn;
947
948 /* CN=User */
949 msg = ldb_msg_new(mem_ctx);
950 if (msg == NULL) {
951 TALLOC_FREE(mem_ctx);
952 return NT_STATUS_NO_MEMORY;
953 }
954
955 msg->dn = ldb_dn_copy(mem_ctx, gpo_dn);
956 child_dn = ldb_dn_new(mem_ctx, gp_ctx->ldb_ctx, "CN=User");
957 rv = ldb_dn_add_child(msg->dn, child_dn);
958 if (!rv) goto ldb_msg_add_error;
959
960 rv = ldb_msg_add_string(msg, "objectClass", "top");
961 if (rv != LDB_SUCCESS) goto ldb_msg_add_error;
962 rv = ldb_msg_add_string(msg, "objectClass", "container");
963 if (rv != LDB_SUCCESS) goto ldb_msg_add_error;
964 rv = ldb_msg_add_string(msg, "showInAdvancedViewOnly", "TRUE");
965 if (rv != LDB_SUCCESS) goto ldb_msg_add_error;
966 rv = ldb_msg_add_string(msg, "CN", "User");
967 if (rv != LDB_SUCCESS) goto ldb_msg_add_error;
968 rv = ldb_msg_add_string(msg, "name", "User");
969 if (rv != LDB_SUCCESS) goto ldb_msg_add_error;
970
971 rv = ldb_add(gp_ctx->ldb_ctx, msg);
972 if (rv != LDB_SUCCESS) {
973 DEBUG(0, ("LDB add error: %s\n", ldb_errstring(gp_ctx->ldb_ctx)));
974 talloc_free(mem_ctx);
975 return NT_STATUS_UNSUCCESSFUL;
976 }
977
978 /* CN=Machine */
979 msg = ldb_msg_new(mem_ctx);
980 if (msg == NULL) {
981 TALLOC_FREE(mem_ctx);
982 return NT_STATUS_NO_MEMORY;
983 }
984
985 msg->dn = ldb_dn_copy(mem_ctx, gpo_dn);
986 child_dn = ldb_dn_new(mem_ctx, gp_ctx->ldb_ctx, "CN=Machine");
987 rv = ldb_dn_add_child(msg->dn, child_dn);
988 if (!rv) goto ldb_msg_add_error;
989
990 rv = ldb_msg_add_string(msg, "objectClass", "top");
991 if (rv != LDB_SUCCESS) goto ldb_msg_add_error;
992 rv = ldb_msg_add_string(msg, "objectClass", "container");
993 if (rv != LDB_SUCCESS) goto ldb_msg_add_error;
994 rv = ldb_msg_add_string(msg, "showInAdvancedViewOnly", "TRUE");
995 if (rv != LDB_SUCCESS) goto ldb_msg_add_error;
996 rv = ldb_msg_add_string(msg, "CN", "Machine");
997 if (rv != LDB_SUCCESS) goto ldb_msg_add_error;
998 rv = ldb_msg_add_string(msg, "name", "Machine");
999 if (rv != LDB_SUCCESS) goto ldb_msg_add_error;
1000
1001 rv = ldb_add(gp_ctx->ldb_ctx, msg);
1002 if (rv != LDB_SUCCESS) {
1003 DEBUG(0, ("LDB add error: %s\n", ldb_errstring(gp_ctx->ldb_ctx)));
1004 talloc_free(mem_ctx);
1005 return NT_STATUS_UNSUCCESSFUL;
1006 }
1007
1008 gpo->dn = talloc_strdup(gpo, ldb_dn_get_linearized(gpo_dn));
1009 if (gpo->dn == NULL) {
1010 TALLOC_FREE(mem_ctx);
1011 return NT_STATUS_NO_MEMORY;
1012 }
1013
1014 talloc_free(mem_ctx);
1015 return NT_STATUS_OK;
1016
1017 ldb_msg_add_error:
1018 DEBUG(0, ("LDB Error adding element to ldb message\n"));
1019 talloc_free(mem_ctx);
1020 return NT_STATUS_UNSUCCESSFUL;
1021 }
1022
1023 NTSTATUS gp_set_ads_acl (struct gp_context *gp_ctx, const char *dn_str, const struct security_descriptor *sd)
1024 {
1025 TALLOC_CTX *mem_ctx;
1026 DATA_BLOB data;
1027 enum ndr_err_code ndr_err;
1028 struct ldb_message *msg;
1029 int rv;
1030
1031 /* Create a forked memory context to clean up easily */
1032 mem_ctx = talloc_new(gp_ctx);
1033 NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
1034
1035 /* Push the security descriptor through the NDR library */
1036 ndr_err = ndr_push_struct_blob(&data,
1037 mem_ctx,
1038 sd,
1039 (ndr_push_flags_fn_t)ndr_push_security_descriptor);
1040 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1041 return ndr_map_error2ntstatus(ndr_err);
1042 }
1043
1044
1045 /* Create a LDB message */
1046 msg = ldb_msg_new(mem_ctx);
1047 if (msg == NULL) {
1048 TALLOC_FREE(mem_ctx);
1049 return NT_STATUS_NO_MEMORY;
1050 }
1051
1052 msg->dn = ldb_dn_new(mem_ctx, gp_ctx->ldb_ctx, dn_str);
1053
1054 rv = ldb_msg_add_value(msg, "nTSecurityDescriptor", &data, NULL);
1055 if (rv != LDB_SUCCESS) {
1056 DEBUG(0, ("LDB message add element failed for adding nTSecurityDescriptor: %s\n", ldb_strerror(rv)));
1057 talloc_free(mem_ctx);
1058 return NT_STATUS_UNSUCCESSFUL;
1059 }
1060 msg->elements[0].flags = LDB_FLAG_MOD_REPLACE;
1061
1062 rv = ldb_modify(gp_ctx->ldb_ctx, msg);
1063 if (rv != LDB_SUCCESS) {
1064 DEBUG(0, ("LDB modify failed: %s\n", ldb_strerror(rv)));
1065 talloc_free(mem_ctx);
1066 return NT_STATUS_UNSUCCESSFUL;
1067 }
1068
1069 talloc_free(mem_ctx);
1070 return NT_STATUS_OK;
1071 }
1072
1073 /* This function sets flags, version and displayName on a GPO */
1074 NTSTATUS gp_set_ldap_gpo(struct gp_context *gp_ctx, struct gp_object *gpo)
1075 {
1076 int rv;
1077 TALLOC_CTX *mem_ctx;
1078 struct ldb_message *msg;
1079 char *version_str, *flags_str;
1080
1081 mem_ctx = talloc_new(gp_ctx);
1082
1083 msg = ldb_msg_new(mem_ctx);
1084 if (msg == NULL) {
1085 TALLOC_FREE(mem_ctx);
1086 return NT_STATUS_NO_MEMORY;
1087 }
1088
1089 msg->dn = ldb_dn_new(mem_ctx, gp_ctx->ldb_ctx, gpo->dn);
1090
1091 version_str = talloc_asprintf(mem_ctx, "%d", gpo->version);
1092 if (msg == NULL) {
1093 TALLOC_FREE(mem_ctx);
1094 return NT_STATUS_NO_MEMORY;
1095 }
1096
1097 flags_str = talloc_asprintf(mem_ctx, "%d", gpo->flags);
1098 if (msg == NULL) {
1099 TALLOC_FREE(mem_ctx);
1100 return NT_STATUS_NO_MEMORY;
1101 }
1102
1103 rv = ldb_msg_add_string(msg, "flags", flags_str);
1104 if (rv != LDB_SUCCESS) {
1105 DEBUG(0, ("LDB message add string failed for flags: %s\n", ldb_strerror(rv)));
1106 talloc_free(mem_ctx);
1107 return NT_STATUS_UNSUCCESSFUL;
1108 }
1109 msg->elements[0].flags = LDB_FLAG_MOD_REPLACE;
1110
1111 rv = ldb_msg_add_string(msg, "version", version_str);
1112 if (rv != LDB_SUCCESS) {
1113 DEBUG(0, ("LDB message add string failed for version: %s\n", ldb_strerror(rv)));
1114 talloc_free(mem_ctx);
1115 return NT_STATUS_UNSUCCESSFUL;
1116 }
1117 msg->elements[1].flags = LDB_FLAG_MOD_REPLACE;
1118
1119 rv = ldb_msg_add_string(msg, "displayName", gpo->display_name);
1120 if (rv != LDB_SUCCESS) {
1121 DEBUG(0, ("LDB message add string failed for displayName: %s\n", ldb_strerror(rv)));
1122 talloc_free(mem_ctx);
1123 return NT_STATUS_UNSUCCESSFUL;
1124 }
1125 msg->elements[2].flags = LDB_FLAG_MOD_REPLACE;
1126
1127 rv = ldb_modify(gp_ctx->ldb_ctx, msg);
1128 if (rv != LDB_SUCCESS) {
1129 DEBUG(0, ("LDB modify failed: %s\n", ldb_strerror(rv)));
1130 talloc_free(mem_ctx);
1131 return NT_STATUS_UNSUCCESSFUL;
1132 }
1133
1134 talloc_free(mem_ctx);
1135 return NT_STATUS_OK;
1136 }
Samba GIT mirror