search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Changed add_gplink to set_gplink, so we can change gPLink options as well.
[Samba.git] / source4 / lib / policy / gp_ldap.c
blobe1faed13622ddd6d87eb92c1f9a4ebe044ebe759
1 /*
2 * Unix SMB/CIFS implementation.
3 * Group Policy Object Support
4 * Copyright (C) Jelmer Vernooij 2008
5 * Copyright (C) Wilco Baan Hofman 2008-2010
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
19 */
20 #include "includes.h"
21 #include "param/param.h"
22 #include "lib/ldb/include/ldb.h"
23 #include "lib/ldb_wrap.h"
24 #include "auth/credentials/credentials.h"
25 #include "../librpc/gen_ndr/nbt.h"
26 #include "libcli/libcli.h"
27 #include "libnet/libnet.h"
28 #include "../librpc/gen_ndr/ndr_security.h"
29 #include "../libcli/security/dom_sid.h"
30 #include "libcli/security/security.h"
31 #include "../lib/talloc/talloc.h"
32 #include "policy.h"
33
34 struct gpo_stringmap {
35 const char *str;
36 uint32_t flags;
37 };
38 static const struct gpo_stringmap gplink_options [] = {
39 { "GPLINK_OPT_DISABLE", GPLINK_OPT_DISABLE },
40 { "GPLINK_OPT_ENFORCE", GPLINK_OPT_ENFORCE },
41 { NULL, 0 }
42 };
43 static const struct gpo_stringmap gpo_flags [] = {
44 { "GPO_FLAG_USER_DISABLE", GPO_FLAG_USER_DISABLE },
45 { "GPO_FLAG_MACHINE_DISABLE", GPO_FLAG_MACHINE_DISABLE },
46 { NULL, 0 }
47 };
48 static const struct gpo_stringmap gpo_inheritance [] = {
49 { "GPO_INHERIT", GPO_INHERIT },
50 { "GPO_BLOCK_INHERITANCE", GPO_BLOCK_INHERITANCE },
51 { NULL, 0 }
52 };
53
54
55 static NTSTATUS parse_gpo(TALLOC_CTX *mem_ctx, struct ldb_message *msg, struct gp_object **ret)
56 {
57 struct gp_object *gpo = talloc(mem_ctx, struct gp_object);
58 enum ndr_err_code ndr_err;
59 const DATA_BLOB *data;
60
61 gpo->dn = talloc_steal(mem_ctx, ldb_dn_get_linearized(msg->dn));
62
63 DEBUG(9, ("Parsing GPO LDAP data for %s\n", gpo->dn));
64
65 gpo->display_name = talloc_steal(mem_ctx, ldb_msg_find_attr_as_string(msg, "displayName", ""));
66 gpo->name = talloc_steal(mem_ctx, ldb_msg_find_attr_as_string(msg, "name", ""));
67 gpo->flags = ldb_msg_find_attr_as_uint(msg, "name", 0);
68 gpo->version = ldb_msg_find_attr_as_uint(msg, "version", 0);
69 gpo->file_sys_path = talloc_steal(mem_ctx, ldb_msg_find_attr_as_string(msg, "gPCFileSysPath", ""));
70
71 /* Pull the security descriptor through the NDR library */
72 data = ldb_msg_find_ldb_val(msg, "nTSecurityDescriptor");
73 gpo->security_descriptor = talloc(mem_ctx, struct security_descriptor);
74 ndr_err = ndr_pull_struct_blob(data,
75 mem_ctx,
76 NULL,
77 gpo->security_descriptor,
78 (ndr_pull_flags_fn_t)ndr_pull_security_descriptor);
79 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
80 return ndr_map_error2ntstatus(ndr_err);
81 }
82
83 *ret = gpo;
84 return NT_STATUS_OK;
85 }
86
87 NTSTATUS gp_get_gpo_flags(TALLOC_CTX *mem_ctx, uint32_t flags, const char ***ret)
88 {
89 unsigned int i, count=0;
90 const char **flag_strs = talloc_array(mem_ctx, const char *, 1);
91
92 flag_strs[0] = NULL;
93
94 for (i = 0; gpo_flags[i].str != NULL; i++) {
95 if (flags & gpo_flags[i].flags) {
96 flag_strs = talloc_realloc(mem_ctx, flag_strs, const char *, count+2);
97 flag_strs[count] = gpo_flags[i].str;
98 flag_strs[count+1] = NULL;
99 count++;
100 }
101 }
102 *ret = flag_strs;
103 return NT_STATUS_OK;
104 }
105
106 NTSTATUS gp_get_gplink_options(TALLOC_CTX *mem_ctx, uint32_t options, const char ***ret)
107 {
108 unsigned int i, count=0;
109 const char **flag_strs = talloc_array(mem_ctx, const char *, 1);
110
111 flag_strs[0] = NULL;
112
113 for (i = 0; gplink_options[i].str != NULL; i++) {
114 if (options & gplink_options[i].flags) {
115 flag_strs = talloc_realloc(mem_ctx, flag_strs, const char *, count+2);
116 flag_strs[count] = gplink_options[i].str;
117 flag_strs[count+1] = NULL;
118 count++;
119 }
120 }
121 *ret = flag_strs;
122 return NT_STATUS_OK;
123 }
124
125 NTSTATUS gp_init(TALLOC_CTX *mem_ctx,
126 struct loadparm_context *lp_ctx,
127 struct cli_credentials *credentials,
128 struct tevent_context *ev_ctx,
129 struct gp_context **gp_ctx)
130 {
131
132 struct libnet_LookupDCs *io;
133 char *url;
134 struct libnet_context *net_ctx;
135 struct ldb_context *ldb_ctx;
136 NTSTATUS rv;
137
138 /* Initialise the libnet context */
139 net_ctx = libnet_context_init(ev_ctx, lp_ctx);
140 net_ctx->cred = credentials;
141
142 /* Prepare libnet lookup structure for looking a DC (PDC is correct). */
143 io = talloc_zero(mem_ctx, struct libnet_LookupDCs);
144 io->in.name_type = NBT_NAME_PDC;
145 io->in.domain_name = lp_workgroup(lp_ctx);
146
147 /* Find Active DC's */
148 rv = libnet_LookupDCs(net_ctx, mem_ctx, io);
149 if (!NT_STATUS_IS_OK(rv)) {
150 DEBUG(0, ("Failed to lookup DCs in domain\n"));
151 return rv;
152 }
153
154 /* Connect to ldap://DC_NAME with all relevant contexts*/
155 url = talloc_asprintf(mem_ctx, "ldap://%s", io->out.dcs[0].name);
156 ldb_ctx = ldb_wrap_connect(mem_ctx, net_ctx->event_ctx, lp_ctx,
157 url, NULL, net_ctx->cred, 0);
158 if (ldb_ctx == NULL) {
159 DEBUG(0, ("Can't connect to DC's LDAP with url %s\n", url));
160 return NT_STATUS_UNSUCCESSFUL;
161 }
162
163 /* We don't need to keep the libnet context */
164 talloc_free(net_ctx);
165
166 *gp_ctx = talloc_zero(mem_ctx, struct gp_context);
167 (*gp_ctx)->lp_ctx = lp_ctx;
168 (*gp_ctx)->credentials = credentials;
169 (*gp_ctx)->ev_ctx = ev_ctx;
170 (*gp_ctx)->ldb_ctx = ldb_ctx;
171 return NT_STATUS_OK;
172 }
173
174 NTSTATUS gp_list_all_gpos(struct gp_context *gp_ctx, struct gp_object ***ret)
175 {
176 struct ldb_result *result;
177 int rv;
178 NTSTATUS status;
179 TALLOC_CTX *mem_ctx;
180 struct ldb_dn *dn;
181 struct gp_object **gpo;
182 unsigned int i; /* same as in struct ldb_result */
183 const char **attrs;
184
185 /* Create a forked memory context, as a base for everything here */
186 mem_ctx = talloc_new(gp_ctx);
187
188 /* Create full ldb dn of the policies base object */
189 dn = ldb_get_default_basedn(gp_ctx->ldb_ctx);
190 rv = ldb_dn_add_child(dn, ldb_dn_new(mem_ctx, gp_ctx->ldb_ctx, "CN=Policies,CN=System"));
191 if (!rv) {
192 DEBUG(0, ("Can't append subtree to DN\n"));
193 talloc_free(mem_ctx);
194 return NT_STATUS_UNSUCCESSFUL;
195 }
196
197 DEBUG(10, ("Searching for policies in DN: %s\n", ldb_dn_get_linearized(dn)));
198
199 attrs = talloc_array(mem_ctx, const char *, 7);
200 attrs[0] = "nTSecurityDescriptor";
201 attrs[1] = "versionNumber";
202 attrs[2] = "flags";
203 attrs[3] = "name";
204 attrs[4] = "displayName";
205 attrs[5] = "gPCFileSysPath";
206 attrs[6] = NULL;
207
208 rv = ldb_search(gp_ctx->ldb_ctx, mem_ctx, &result, dn, LDB_SCOPE_ONELEVEL, attrs, "(objectClass=groupPolicyContainer)");
209 if (rv != LDB_SUCCESS) {
210 DEBUG(0, ("LDB search failed: %s\n%s\n", ldb_strerror(rv),ldb_errstring(gp_ctx->ldb_ctx)));
211 talloc_free(mem_ctx);
212 return NT_STATUS_UNSUCCESSFUL;
213 }
214
215 gpo = talloc_array(gp_ctx, struct gp_object *, result->count+1);
216 gpo[result->count] = NULL;
217
218 for (i = 0; i < result->count; i++) {
219 status = parse_gpo(gp_ctx, result->msgs[i], &gpo[i]);
220 if (!NT_STATUS_IS_OK(status)) {
221 DEBUG(0, ("Failed to parse GPO.\n"));
222 talloc_free(mem_ctx);
223 return status;
224 }
225 }
226
227 talloc_free(mem_ctx);
228
229 *ret = gpo;
230 return NT_STATUS_OK;
231 }
232
233 NTSTATUS gp_get_gpo_info(struct gp_context *gp_ctx, const char *dn_str, struct gp_object **ret)
234 {
235 struct ldb_result *result;
236 struct ldb_dn *dn;
237 struct gp_object *gpo;
238 int rv;
239 NTSTATUS status;
240 TALLOC_CTX *mem_ctx;
241 const char **attrs;
242
243 /* Create a forked memory context, as a base for everything here */
244 mem_ctx = talloc_new(gp_ctx);
245
246 /* Create an ldb dn struct for the dn string */
247 dn = ldb_dn_new(mem_ctx, gp_ctx->ldb_ctx, dn_str);
248
249 attrs = talloc_array(mem_ctx, const char *, 7);
250 attrs[0] = "nTSecurityDescriptor";
251 attrs[1] = "versionNumber";
252 attrs[2] = "flags";
253 attrs[3] = "name";
254 attrs[4] = "displayName";
255 attrs[5] = "gPCFileSysPath";
256 attrs[6] = NULL;
257
258 rv = ldb_search(gp_ctx->ldb_ctx,
259 mem_ctx,
260 &result,
261 dn,
262 LDB_SCOPE_BASE,
263 attrs,
264 "objectClass=groupPolicyContainer");
265 if (rv != LDB_SUCCESS) {
266 DEBUG(0, ("LDB search failed: %s\n%s\n", ldb_strerror(rv),ldb_errstring(gp_ctx->ldb_ctx)));
267 talloc_free(mem_ctx);
268 return NT_STATUS_UNSUCCESSFUL;
269 }
270
271 /* We expect exactly one record */
272 if (result->count != 1) {
273 DEBUG(0, ("Could not find GPC with dn %s\n", dn_str));
274 talloc_free(mem_ctx);
275 return NT_STATUS_NOT_FOUND;
276 }
277
278 status = parse_gpo(gp_ctx, result->msgs[0], &gpo);
279 if (!NT_STATUS_IS_OK(status)) {
280 DEBUG(0, ("Failed to parse GPO.\n"));
281 talloc_free(mem_ctx);
282 return status;
283 }
284
285 talloc_free(mem_ctx);
286
287 *ret = gpo;
288 return NT_STATUS_OK;
289 }
290
291 static NTSTATUS parse_gplink (TALLOC_CTX *mem_ctx, const char *gplink_str, struct gp_link ***ret)
292 {
293 int start, idx=0;
294 int pos;
295 struct gp_link **gplinks;
296 char *buf, *end;
297
298 gplinks = talloc_array(mem_ctx, struct gp_link *, 1);
299 gplinks[0] = NULL;
300
301 /* Assuming every gPLink starts with "[LDAP://" */
302 start = 8;
303
304 for (pos = start; pos < strlen(gplink_str); pos++) {
305 if (gplink_str[pos] == ';') {
306 gplinks = talloc_realloc(mem_ctx, gplinks, struct gp_link *, idx+2);
307 gplinks[idx] = talloc(mem_ctx, struct gp_link);
308 gplinks[idx]->dn = talloc_strndup(mem_ctx,
309 gplink_str + start,
310 pos - start);
311
312 for (start = pos + 1; gplink_str[pos] != ']'; pos++);
313
314 buf = talloc_strndup(gplinks, gplink_str + start, pos - start);
315 gplinks[idx]->options = (uint32_t) strtoll(buf, &end, 0);
316 talloc_free(buf);
317
318 /* Set the last entry in the array to be NULL */
319 gplinks[idx + 1] = NULL;
320
321 /* Increment the array index, the string position past
322 the next "[LDAP://", and set the start reference */
323 idx++;
324 pos += 9;
325 start = pos;
326 }
327 }
328
329 *ret = gplinks;
330 return NT_STATUS_OK;
331 }
332
333
334 NTSTATUS gp_get_gplinks(struct gp_context *gp_ctx, const char *dn_str, struct gp_link ***ret)
335 {
336 TALLOC_CTX *mem_ctx;
337 struct ldb_dn *dn;
338 struct ldb_result *result;
339 struct gp_link **gplinks;
340 char *gplink_str;
341 int rv;
342 unsigned int i, j;
343 NTSTATUS status;
344
345 /* Create a forked memory context, as a base for everything here */
346 mem_ctx = talloc_new(gp_ctx);
347
348 dn = ldb_dn_new(mem_ctx, gp_ctx->ldb_ctx, dn_str);
349
350 rv = ldb_search(gp_ctx->ldb_ctx, mem_ctx, &result, dn, LDB_SCOPE_BASE, NULL, "(objectclass=*)");
351 if (rv != LDB_SUCCESS) {
352 DEBUG(0, ("LDB search failed: %s\n%s\n", ldb_strerror(rv), ldb_errstring(gp_ctx->ldb_ctx)));
353 talloc_free(mem_ctx);
354 return NT_STATUS_UNSUCCESSFUL;
355 }
356
357 for (i = 0; i < result->count; i++) {
358 for (j = 0; j < result->msgs[i]->num_elements; j++) {
359 struct ldb_message_element *element = &result->msgs[i]->elements[j];
360
361 if (strcmp(element->name, "gPLink") == 0) {
362 SMB_ASSERT(element->num_values > 0);
363 gplink_str = talloc_strdup(mem_ctx, (char *) element->values[0].data);
364 goto found;
365 }
366 }
367 }
368 DEBUG(0, ("Object or gPLink attribute not found.\n"));
369 return NT_STATUS_NOT_FOUND;
370
371 found:
372
373 status = parse_gplink(gp_ctx, gplink_str, &gplinks);
374 if (!NT_STATUS_IS_OK(status)) {
375 DEBUG(0, ("Failed to parse gPLink\n"));
376 return status;
377 }
378
379 talloc_free(mem_ctx);
380
381 *ret = gplinks;
382 return NT_STATUS_OK;
383 }
384
385 NTSTATUS gp_list_gpos(struct gp_context *gp_ctx, struct security_token *token, const char ***ret)
386 {
387 TALLOC_CTX *mem_ctx;
388 const char **gpos;
389 struct ldb_result *result;
390 const char *sid;
391 struct ldb_dn *dn;
392 struct ldb_message_element *element;
393 int inherit;
394 const char *attrs[] = { "objectClass", NULL };
395 int rv;
396 NTSTATUS status;
397 unsigned int count = 0;
398 unsigned int i;
399 enum {
400 ACCOUNT_TYPE_USER = 0,
401 ACCOUNT_TYPE_MACHINE = 1
402 } account_type;
403
404 /* Create a forked memory context, as a base for everything here */
405 mem_ctx = talloc_new(gp_ctx);
406
407 sid = dom_sid_string(mem_ctx, token->user_sid);
408
409 /* Find the user DN and objectclass via the sid from the security token */
410 rv = ldb_search(gp_ctx->ldb_ctx,
411 mem_ctx,
412 &result,
413 ldb_get_default_basedn(gp_ctx->ldb_ctx),
414 LDB_SCOPE_SUBTREE,
415 attrs,
416 "(&(objectclass=user)(objectSid=%s))", sid);
417 if (rv != LDB_SUCCESS) {
418 DEBUG(0, ("LDB search failed: %s\n%s\n", ldb_strerror(rv),
419 ldb_errstring(gp_ctx->ldb_ctx)));
420 talloc_free(mem_ctx);
421 return NT_STATUS_UNSUCCESSFUL;
422 }
423 if (result->count != 1) {
424 DEBUG(0, ("Could not find user with sid %s.\n", sid));
425 talloc_free(mem_ctx);
426 return NT_STATUS_UNSUCCESSFUL;
427 }
428 DEBUG(10,("Found DN for this user: %s\n", ldb_dn_get_linearized(result->msgs[0]->dn)));
429
430 element = ldb_msg_find_element(result->msgs[0], "objectClass");
431
432 /* We need to know if this account is a user or machine. */
433 account_type = ACCOUNT_TYPE_USER;
434 for (i = 0; i < element->num_values; i++) {
435 if (strcmp((char *)element->values[i].data, "computer") == 0) {
436 account_type = ACCOUNT_TYPE_MACHINE;
437 DEBUG(10, ("This user is a machine\n"));
438 }
439 }
440
441 gpos = talloc_array(gp_ctx, const char *, 1);
442 gpos[0] = NULL;
443
444 /* Walk through the containers until we hit the root */
445 inherit = 1;
446 dn = ldb_dn_get_parent(mem_ctx, result->msgs[0]->dn);
447 while (ldb_dn_compare_base(ldb_get_default_basedn(gp_ctx->ldb_ctx), dn) == 0) {
448 const char *gpo_attrs[] = { "gPLink", "gPOptions", NULL };
449 struct gp_link **gplinks;
450 enum gpo_inheritance gpoptions;
451
452 DEBUG(10, ("Getting gPLinks for DN: %s\n", ldb_dn_get_linearized(dn)));
453
454 /* Get the gPLink and gPOptions attributes from the container */
455 rv = ldb_search(gp_ctx->ldb_ctx,
456 mem_ctx,
457 &result,
458 dn,
459 LDB_SCOPE_BASE,
460 gpo_attrs,
461 "objectclass=*");
462 if (rv != LDB_SUCCESS) {
463 DEBUG(0, ("LDB search failed: %s\n%s\n", ldb_strerror(rv),
464 ldb_errstring(gp_ctx->ldb_ctx)));
465 talloc_free(mem_ctx);
466 return NT_STATUS_UNSUCCESSFUL;
467 }
468
469 /* Parse the gPLink attribute, put it into a nice struct array */
470 status = parse_gplink(mem_ctx, ldb_msg_find_attr_as_string(result->msgs[0], "gPLink", ""), &gplinks);
471 if (!NT_STATUS_IS_OK(status)) {
472 DEBUG(0, ("Failed to parse gPLink\n"));
473 talloc_free(mem_ctx);
474 return status;
475 }
476
477 /* Check all group policy links on this container */
478 for (i = 0; gplinks[i] != NULL; i++) {
479 struct gp_object *gpo;
480 uint32_t access_granted;
481
482 /* If inheritance was blocked at a higher level and this
483 * gplink is not enforced, it should not be applied */
484 if (!inherit && !(gplinks[i]->options & GPLINK_OPT_ENFORCE))
485 continue;
486
487 /* Don't apply disabled links */
488 if (gplinks[i]->options & GPLINK_OPT_DISABLE)
489 continue;
490
491 /* Get GPO information */
492 status = gp_get_gpo_info(gp_ctx, gplinks[i]->dn, &gpo);
493 if (!NT_STATUS_IS_OK(status)) {
494 DEBUG(0, ("Failed to get gpo information for %s\n", gplinks[i]->dn));
495 talloc_free(mem_ctx);
496 return status;
497 }
498
499 /* If the account does not have read access, this GPO does not apply
500 * to this account */
501 status = sec_access_check(gpo->security_descriptor,
502 token,
503 (SEC_STD_READ_CONTROL | SEC_ADS_LIST | SEC_ADS_READ_PROP),
504 &access_granted);
505 if (!NT_STATUS_IS_OK(status)) {
506 continue;
507 }
508
509 /* If the account is a user and the GPO has user disabled flag, or
510 * a machine and the GPO has machine disabled flag, this GPO does
511 * not apply to this account */
512 if ((account_type == ACCOUNT_TYPE_USER &&
513 (gpo->flags & GPO_FLAG_USER_DISABLE)) ||
514 (account_type == ACCOUNT_TYPE_MACHINE &&
515 (gpo->flags & GPO_FLAG_MACHINE_DISABLE))) {
516 continue;
517 }
518
519 /* Add the GPO to the list */
520 gpos = talloc_realloc(gp_ctx, gpos, const char *, count+2);
521 gpos[count] = talloc_strdup(gp_ctx, gplinks[i]->dn);
522 gpos[count+1] = NULL;
523 count++;
524
525 /* Clean up */
526 talloc_free(gpo);
527 }
528
529 /* If inheritance is blocked, then we should only add enforced gPLinks
530 * higher up */
531 gpoptions = ldb_msg_find_attr_as_uint(result->msgs[0], "gPOptions", 0);
532 if (gpoptions == GPO_BLOCK_INHERITANCE) {
533 inherit = 0;
534 }
535 dn = ldb_dn_get_parent(mem_ctx, dn);
536 }
537
538 talloc_free(mem_ctx);
539
540 *ret = gpos;
541 return NT_STATUS_OK;
542 }
543
544 NTSTATUS gp_set_gplink(struct gp_context *gp_ctx, const char *dn_str, struct gp_link *gplink)
545 {
546 TALLOC_CTX *mem_ctx;
547 struct ldb_result *result;
548 struct ldb_dn *dn;
549 struct ldb_message *msg;
550 const char *attrs[] = { "gPLink", NULL };
551 const char *gplink_str;
552 int rv;
553 char *start;
554
555 /* Create a forked memory context, as a base for everything here */
556 mem_ctx = talloc_new(gp_ctx);
557
558 dn = ldb_dn_new(mem_ctx, gp_ctx->ldb_ctx, dn_str);
559
560 rv = ldb_search(gp_ctx->ldb_ctx, mem_ctx, &result, dn, LDB_SCOPE_BASE, attrs, "(objectclass=*)");
561 if (rv != LDB_SUCCESS) {
562 DEBUG(0, ("LDB search failed: %s\n%s\n", ldb_strerror(rv), ldb_errstring(gp_ctx->ldb_ctx)));
563 talloc_free(mem_ctx);
564 return NT_STATUS_UNSUCCESSFUL;
565 }
566
567 if (result->count != 1) {
568 talloc_free(mem_ctx);
569 return NT_STATUS_NOT_FOUND;
570 }
571
572 gplink_str = ldb_msg_find_attr_as_string(result->msgs[0], "gPLink", "");
573
574 /* If this GPO link already exists, alter the options, else add it */
575 if ((start = strcasestr(gplink_str, gplink->dn)) != NULL) {
576 start += strlen(gplink->dn);
577 *start = '\0';
578 start++;
579 while (*start != ']' && *start != '\0') {
580 start++;
581 }
582 gplink_str = talloc_asprintf(mem_ctx, "%s;%d%s\n", gplink_str, gplink->options, start);
583
584 } else {
585 /* Prepend the new GPO link to the string. This list is backwards in priority. */
586 gplink_str = talloc_asprintf(mem_ctx, "[LDAP://%s;%d]%s", gplink->dn, gplink->options, gplink_str);
587 }
588
589
590
591 msg = ldb_msg_new(mem_ctx);
592 msg->dn = dn;
593
594 rv = ldb_msg_add_string(msg, "gPLink", gplink_str);
595 if (rv != 0) {
596 DEBUG(0, ("LDB message add string failed: %s\n", ldb_strerror(rv)));
597 talloc_free(mem_ctx);
598 return NT_STATUS_UNSUCCESSFUL;
599 }
600 msg->elements[0].flags = LDB_FLAG_MOD_REPLACE;
601
602 rv = ldb_modify(gp_ctx->ldb_ctx, msg);
603 if (rv != 0) {
604 DEBUG(0, ("LDB modify failed: %s\n", ldb_strerror(rv)));
605 talloc_free(mem_ctx);
606 return NT_STATUS_UNSUCCESSFUL;
607 }
608
609 talloc_free(mem_ctx);
610 return NT_STATUS_OK;
611 }
Samba GIT mirror