Line data Source code
1 : /*
2 : * Unix SMB/CIFS implementation.
3 : * Group Policy Object Support
4 : * Copyright (C) Wilco Baan Hofman 2008-2010
5 : *
6 : * This program is free software; you can redistribute it and/or modify
7 : * it under the terms of the GNU General Public License as published by
8 : * the Free Software Foundation; either version 3 of the License, or
9 : * (at your option) any later version.
10 : *
11 : * This program is distributed in the hope that it will be useful,
12 : * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 : * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 : * GNU General Public License for more details.
15 : *
16 : * You should have received a copy of the GNU General Public License
17 : * along with this program; if not, see <http://www.gnu.org/licenses/>.
18 : */
19 : #include "includes.h"
20 : #include "system/filesys.h"
21 : #include "lib/policy/policy.h"
22 : #include "libcli/raw/smb.h"
23 : #include "libcli/libcli.h"
24 : #include "param/param.h"
25 : #include "libcli/resolve/resolve.h"
26 : #include "libcli/raw/libcliraw.h"
27 : #include <dirent.h>
28 : #include <errno.h>
29 :
30 : #define GP_MAX_DEPTH 25
31 :
32 : struct gp_file_entry {
33 : bool is_directory;
34 : const char *rel_path;
35 : };
36 : struct gp_file_list {
37 : uint32_t num_files;
38 : struct gp_file_entry *files;
39 : };
40 : struct gp_list_state {
41 : struct smbcli_tree *tree;
42 : uint8_t depth;
43 : const char *cur_rel_path;
44 : const char *share_path;
45 :
46 : struct gp_file_list list;
47 : };
48 :
49 : static NTSTATUS gp_do_list(const char *, struct gp_list_state *);
50 :
51 : /* Create a temporary policy directory */
52 0 : static const char *gp_tmpdir(TALLOC_CTX *mem_ctx)
53 : {
54 0 : char *gp_dir = talloc_asprintf(mem_ctx, "%s/policy", tmpdir());
55 : struct stat st;
56 : int rv;
57 :
58 0 : if (gp_dir == NULL) return NULL;
59 :
60 0 : if (stat(gp_dir, &st) != 0) {
61 0 : rv = mkdir(gp_dir, 0755);
62 0 : if (rv < 0) {
63 0 : DEBUG(0, ("Failed to create directory %s: %s\n",
64 : gp_dir, strerror(errno)));
65 0 : talloc_free(gp_dir);
66 0 : return NULL;
67 : }
68 : }
69 :
70 : return gp_dir;
71 : }
72 :
73 : /* This function is called by the smbcli_list function */
74 0 : static void gp_list_helper (struct clilist_file_info *info, const char *mask,
75 : void *list_state_ptr)
76 : {
77 0 : struct gp_list_state *state = list_state_ptr;
78 : const char *rel_path;
79 :
80 : /* Ignore . and .. directory entries */
81 0 : if (strcmp(info->name, ".") == 0 || strcmp(info->name, "..") == 0) {
82 : return;
83 : }
84 :
85 : /* Safety check against ../.. in filenames which may occur on non-POSIX
86 : * platforms */
87 0 : if (strstr(info->name, "../")) {
88 : return;
89 : }
90 :
91 0 : rel_path = talloc_asprintf(state, "%s\\%s", state->cur_rel_path, info->name);
92 0 : if (rel_path == NULL) return;
93 :
94 : /* Append entry to file list */
95 0 : state->list.files = talloc_realloc(state, state->list.files,
96 : struct gp_file_entry,
97 : state->list.num_files + 1);
98 0 : if (state->list.files == NULL) return;
99 :
100 0 : state->list.files[state->list.num_files].rel_path = rel_path;
101 :
102 : /* Directory */
103 0 : if (info->attrib & FILE_ATTRIBUTE_DIRECTORY) {
104 0 : state->list.files[state->list.num_files].is_directory = true;
105 0 : state->list.num_files++;
106 :
107 : /* Recurse into this directory if the depth is below the maximum */
108 0 : if (state->depth < GP_MAX_DEPTH) {
109 0 : gp_do_list(rel_path, state);
110 : }
111 :
112 : return;
113 : }
114 :
115 0 : state->list.files[state->list.num_files].is_directory = false;
116 0 : state->list.num_files++;
117 :
118 0 : return;
119 : }
120 :
121 0 : static NTSTATUS gp_do_list (const char *rel_path, struct gp_list_state *state)
122 : {
123 : uint16_t attributes;
124 : int rv;
125 : char *mask;
126 : const char *old_rel_path;
127 :
128 0 : attributes = FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN |
129 : FILE_ATTRIBUTE_DIRECTORY;
130 :
131 : /* Update the relative paths, while buffering the parent */
132 0 : old_rel_path = state->cur_rel_path;
133 0 : state->cur_rel_path = rel_path;
134 0 : state->depth++;
135 :
136 : /* Get the current mask */
137 0 : mask = talloc_asprintf(state, "%s%s\\*", state->share_path, rel_path);
138 0 : NT_STATUS_HAVE_NO_MEMORY(mask);
139 0 : rv = smbcli_list(state->tree, mask, attributes, gp_list_helper, state);
140 0 : talloc_free(mask);
141 :
142 : /* Go back to the state of the parent */
143 0 : state->cur_rel_path = old_rel_path;
144 0 : state->depth--;
145 :
146 0 : if (rv == -1)
147 0 : return NT_STATUS_UNSUCCESSFUL;
148 :
149 0 : return NT_STATUS_OK;
150 : }
151 :
152 0 : static NTSTATUS gp_cli_connect(struct gp_context *gp_ctx)
153 : {
154 : struct smbcli_options options;
155 : struct smbcli_session_options session_options;
156 :
157 0 : if (gp_ctx->cli != NULL)
158 0 : return NT_STATUS_OK;
159 :
160 0 : gp_ctx->cli = smbcli_state_init(gp_ctx);
161 :
162 0 : lpcfg_smbcli_options(gp_ctx->lp_ctx, &options);
163 0 : lpcfg_smbcli_session_options(gp_ctx->lp_ctx, &session_options);
164 :
165 0 : return smbcli_full_connection(gp_ctx,
166 : &gp_ctx->cli,
167 0 : gp_ctx->active_dc->name,
168 : lpcfg_smb_ports(gp_ctx->lp_ctx),
169 : "sysvol",
170 : NULL,
171 : lpcfg_socket_options(gp_ctx->lp_ctx),
172 : gp_ctx->credentials,
173 : lpcfg_resolve_context(gp_ctx->lp_ctx),
174 : gp_ctx->ev_ctx,
175 : &options,
176 : &session_options,
177 : lpcfg_gensec_settings(gp_ctx, gp_ctx->lp_ctx));
178 : }
179 :
180 0 : static char * gp_get_share_path(TALLOC_CTX *mem_ctx, const char *file_sys_path)
181 : {
182 : unsigned int i, bkslash_cnt;
183 :
184 : /* Get the path from the share down (\\..\..\(this\stuff) */
185 0 : for (i = 0, bkslash_cnt = 0; file_sys_path[i] != '\0'; i++) {
186 0 : if (file_sys_path[i] == '\\')
187 0 : bkslash_cnt++;
188 :
189 0 : if (bkslash_cnt == 4) {
190 0 : return talloc_strdup(mem_ctx, &file_sys_path[i]);
191 : }
192 : }
193 :
194 : return NULL;
195 : }
196 :
197 0 : static NTSTATUS gp_get_file (struct smbcli_tree *tree, const char *remote_src,
198 : const char *local_dst)
199 : {
200 : int fh_remote, fh_local;
201 : uint8_t *buf;
202 0 : size_t nread = 0;
203 0 : size_t buf_size = 1024;
204 : size_t file_size;
205 : uint16_t attr;
206 :
207 : /* Open the remote file */
208 0 : fh_remote = smbcli_open(tree, remote_src, O_RDONLY, DENY_NONE);
209 0 : if (fh_remote == -1) {
210 0 : DEBUG(0, ("Failed to open remote file: %s\n", remote_src));
211 0 : return NT_STATUS_UNSUCCESSFUL;
212 : }
213 :
214 : /* Open the local file */
215 0 : fh_local = open(local_dst, O_WRONLY | O_CREAT | O_TRUNC, 0644);
216 0 : if (fh_local == -1) {
217 0 : DEBUG(0, ("Failed to open local file: %s\n", local_dst));
218 0 : smbcli_close(tree, fh_remote);
219 0 : return NT_STATUS_UNSUCCESSFUL;
220 : }
221 :
222 : /* Get the remote file size for error checking */
223 0 : if (NT_STATUS_IS_ERR(smbcli_qfileinfo(tree, fh_remote,
224 0 : &attr, &file_size, NULL, NULL, NULL, NULL, NULL)) &&
225 0 : NT_STATUS_IS_ERR(smbcli_getattrE(tree, fh_remote,
226 : &attr, &file_size, NULL, NULL, NULL))) {
227 0 : DEBUG(0, ("Failed to get remote file size: %s\n", smbcli_errstr(tree)));
228 0 : smbcli_close(tree, fh_remote);
229 0 : close(fh_local);
230 0 : return NT_STATUS_UNSUCCESSFUL;
231 : }
232 :
233 0 : buf = talloc_zero_array(tree, uint8_t, buf_size);
234 0 : if (buf == NULL) {
235 0 : smbcli_close(tree, fh_remote);
236 0 : close(fh_local);
237 0 : return NT_STATUS_NO_MEMORY;
238 : }
239 :
240 : /* Copy the contents of the file */
241 0 : while (1) {
242 0 : int n = smbcli_read(tree, fh_remote, buf, nread, buf_size);
243 :
244 0 : if (n <= 0) {
245 : break;
246 : }
247 :
248 0 : if (write(fh_local, buf, n) != n) {
249 0 : DEBUG(0, ("Short write while copying file.\n"));
250 0 : smbcli_close(tree, fh_remote);
251 0 : close(fh_local);
252 0 : talloc_free(buf);
253 0 : return NT_STATUS_UNSUCCESSFUL;
254 : }
255 0 : nread += n;
256 : }
257 :
258 : /* Close the files */
259 0 : smbcli_close(tree, fh_remote);
260 0 : close(fh_local);
261 :
262 0 : talloc_free(buf);
263 :
264 : /* Bytes read should match the file size, or the copy was incomplete */
265 0 : if (nread != file_size) {
266 0 : DEBUG(0, ("Remote/local file size mismatch after copying file: "
267 : "%s (remote %zu, local %zu).\n",
268 : remote_src, file_size, nread));
269 0 : return NT_STATUS_UNSUCCESSFUL;
270 : }
271 :
272 0 : return NT_STATUS_OK;
273 : }
274 :
275 0 : static NTSTATUS gp_get_files(struct smbcli_tree *tree, const char *share_path,
276 : const char *local_path, struct gp_file_list *list)
277 : {
278 : uint32_t i;
279 : int rv;
280 : char *local_rel_path, *full_local_path, *full_remote_path;
281 : TALLOC_CTX *mem_ctx;
282 : NTSTATUS status;
283 :
284 0 : mem_ctx = talloc_new(tree);
285 0 : NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
286 :
287 0 : for (i = 0; i < list->num_files; i++) {
288 :
289 : /* Get local path by replacing backslashes with slashes */
290 0 : local_rel_path = talloc_strdup(mem_ctx, list->files[i].rel_path);
291 0 : if (local_rel_path == NULL) {
292 0 : TALLOC_FREE(mem_ctx);
293 0 : return NT_STATUS_NO_MEMORY;
294 : }
295 0 : string_replace(local_rel_path, '\\', '/');
296 :
297 0 : full_local_path = talloc_asprintf(mem_ctx, "%s%s", local_path,
298 : local_rel_path);
299 0 : if (full_local_path == NULL) {
300 0 : TALLOC_FREE(mem_ctx);
301 0 : return NT_STATUS_NO_MEMORY;
302 : }
303 :
304 : /* If the entry is a directory, create it. */
305 0 : if (list->files[i].is_directory == true) {
306 0 : rv = mkdir(full_local_path, 0755);
307 0 : if (rv < 0) {
308 0 : DEBUG(0, ("Failed to create directory %s: %s\n",
309 : full_local_path, strerror(errno)));
310 0 : talloc_free(mem_ctx);
311 0 : return NT_STATUS_UNSUCCESSFUL;
312 : }
313 0 : continue;
314 : }
315 :
316 0 : full_remote_path = talloc_asprintf(mem_ctx, "%s%s", share_path,
317 : list->files[i].rel_path);
318 0 : if (full_remote_path == NULL) {
319 0 : TALLOC_FREE(mem_ctx);
320 0 : return NT_STATUS_NO_MEMORY;
321 : }
322 :
323 : /* Get the file */
324 0 : status = gp_get_file(tree, full_remote_path, full_local_path);
325 0 : if (!NT_STATUS_IS_OK(status)) {
326 0 : DEBUG(0, ("Error getting file.\n"));
327 0 : talloc_free(mem_ctx);
328 0 : return status;
329 : }
330 : }
331 :
332 0 : return NT_STATUS_OK;
333 : }
334 :
335 0 : NTSTATUS gp_fetch_gpt (struct gp_context *gp_ctx, struct gp_object *gpo,
336 : const char **ret_local_path)
337 : {
338 : TALLOC_CTX *mem_ctx;
339 : struct gp_list_state *state;
340 : NTSTATUS status;
341 : struct stat st;
342 : int rv;
343 : const char *local_path, *share_path;
344 :
345 : /* Create a forked memory context, as a base for everything here */
346 0 : mem_ctx = talloc_new(gp_ctx);
347 0 : NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
348 :
349 0 : if (gp_ctx->cli == NULL) {
350 0 : status = gp_cli_connect(gp_ctx);
351 0 : if (!NT_STATUS_IS_OK(status)) {
352 0 : DEBUG(0, ("Failed to create cli connection to DC\n"));
353 0 : talloc_free(mem_ctx);
354 0 : return status;
355 : }
356 : }
357 :
358 : /* Get the remote path to copy from */
359 0 : share_path = gp_get_share_path(mem_ctx, gpo->file_sys_path);
360 0 : if (share_path == NULL) {
361 0 : TALLOC_FREE(mem_ctx);
362 0 : return NT_STATUS_NO_MEMORY;
363 : }
364 :
365 : /* Get the local path to copy to */
366 0 : local_path = talloc_asprintf(gp_ctx, "%s/%s", gp_tmpdir(mem_ctx), gpo->name);
367 0 : if (local_path == NULL) {
368 0 : TALLOC_FREE(mem_ctx);
369 0 : return NT_STATUS_NO_MEMORY;
370 : }
371 :
372 : /* Prepare the state structure */
373 0 : state = talloc_zero(mem_ctx, struct gp_list_state);
374 0 : if (state == NULL) {
375 0 : TALLOC_FREE(mem_ctx);
376 0 : return NT_STATUS_NO_MEMORY;
377 : }
378 :
379 0 : state->tree = gp_ctx->cli->tree;
380 0 : state->share_path = share_path;
381 :
382 : /* Create the GPO dir if it does not exist */
383 0 : if (stat(local_path, &st) != 0) {
384 0 : rv = mkdir(local_path, 0755);
385 0 : if (rv < 0) {
386 0 : DEBUG(0, ("Could not create local path\n"));
387 0 : talloc_free(mem_ctx);
388 0 : return NT_STATUS_UNSUCCESSFUL;
389 : }
390 : }
391 :
392 : /* Get the file list */
393 0 : status = gp_do_list("", state);
394 0 : if (!NT_STATUS_IS_OK(status)) {
395 0 : DEBUG(0, ("Could not list GPO files on remote server\n"));
396 0 : talloc_free(mem_ctx);
397 0 : return status;
398 : }
399 :
400 : /* If the list has no entries there is a problem. */
401 0 : if (state->list.num_files == 0) {
402 0 : DEBUG(0, ("File list is has no entries. Is the GPT directory empty?\n"));
403 0 : talloc_free(mem_ctx);
404 0 : return NT_STATUS_UNSUCCESSFUL;
405 : }
406 :
407 : /* Fetch the files */
408 0 : status = gp_get_files(gp_ctx->cli->tree, share_path, local_path, &state->list);
409 :
410 : /* Return the local path to the gpo */
411 0 : *ret_local_path = local_path;
412 :
413 0 : talloc_free(mem_ctx);
414 0 : return NT_STATUS_OK;
415 : }
416 :
417 0 : static NTSTATUS push_recursive (struct gp_context *gp_ctx, const char *local_path,
418 : const char *remote_path, int depth)
419 : {
420 : DIR *dir;
421 : struct dirent *dirent;
422 0 : char *entry_local_path = NULL;
423 0 : char *entry_remote_path = NULL;
424 0 : int local_fd = -1, remote_fd = -1;
425 : int buf[1024];
426 : int nread, total_read;
427 : struct stat s;
428 : NTSTATUS status;
429 :
430 0 : dir = opendir(local_path);
431 0 : while ((dirent = readdir(dir)) != NULL) {
432 0 : if (strcmp(dirent->d_name, ".") == 0 ||
433 0 : strcmp(dirent->d_name, "..") == 0) {
434 0 : continue;
435 : }
436 :
437 0 : entry_local_path = talloc_asprintf(gp_ctx, "%s/%s", local_path,
438 : dirent->d_name);
439 0 : if (entry_local_path == NULL) {
440 : status = NT_STATUS_NO_MEMORY;
441 : goto done;
442 : }
443 :
444 0 : entry_remote_path = talloc_asprintf(gp_ctx, "%s\\%s",
445 : remote_path, dirent->d_name);
446 0 : if (entry_remote_path == NULL) {
447 : status = NT_STATUS_NO_MEMORY;
448 : goto done;
449 : }
450 :
451 0 : if (stat(entry_local_path, &s) != 0) {
452 : status = NT_STATUS_UNSUCCESSFUL;
453 : goto done;
454 : }
455 0 : if (s.st_mode & S_IFDIR) {
456 0 : DEBUG(6, ("Pushing directory %s to %s on sysvol\n",
457 : entry_local_path, entry_remote_path));
458 0 : smbcli_mkdir(gp_ctx->cli->tree, entry_remote_path);
459 0 : if (depth < GP_MAX_DEPTH) {
460 0 : push_recursive(gp_ctx, entry_local_path,
461 : entry_remote_path, depth+1);
462 : }
463 : } else {
464 0 : DEBUG(6, ("Pushing file %s to %s on sysvol\n",
465 : entry_local_path, entry_remote_path));
466 0 : remote_fd = smbcli_open(gp_ctx->cli->tree,
467 : entry_remote_path,
468 : O_WRONLY | O_CREAT,
469 : 0);
470 0 : if (remote_fd < 0) {
471 0 : DEBUG(0, ("Failed to create remote file: %s\n",
472 : entry_remote_path));
473 : status = NT_STATUS_UNSUCCESSFUL;
474 : goto done;
475 : }
476 0 : local_fd = open(entry_local_path, O_RDONLY);
477 0 : if (local_fd < 0) {
478 0 : DEBUG(0, ("Failed to open local file: %s\n",
479 : entry_local_path));
480 : status = NT_STATUS_UNSUCCESSFUL;
481 : goto done;
482 : }
483 : total_read = 0;
484 0 : while ((nread = read(local_fd, &buf, sizeof(buf)))) {
485 0 : if (nread == -1) {
486 0 : DBG_ERR("read failed with errno %s\n",
487 : strerror(errno));
488 0 : status = NT_STATUS_UNSUCCESSFUL;
489 0 : close(local_fd);
490 0 : local_fd = -1;
491 0 : goto done;
492 : }
493 0 : smbcli_write(gp_ctx->cli->tree, remote_fd, 0,
494 : &buf, total_read, nread);
495 0 : total_read += nread;
496 : }
497 :
498 0 : close(local_fd);
499 0 : local_fd = -1;
500 0 : smbcli_close(gp_ctx->cli->tree, remote_fd);
501 0 : remote_fd = -1;
502 : }
503 0 : TALLOC_FREE(entry_local_path);
504 0 : TALLOC_FREE(entry_remote_path);
505 : }
506 :
507 : status = NT_STATUS_OK;
508 0 : done:
509 0 : if (local_fd != -1) {
510 0 : close(local_fd);
511 : }
512 0 : if (remote_fd != -1) {
513 0 : smbcli_close(gp_ctx->cli->tree, remote_fd);
514 : }
515 0 : talloc_free(entry_local_path);
516 0 : talloc_free(entry_remote_path);
517 :
518 0 : closedir(dir);
519 :
520 0 : return status;
521 : }
522 :
523 :
524 :
525 0 : NTSTATUS gp_push_gpt(struct gp_context *gp_ctx, const char *local_path,
526 : const char *file_sys_path)
527 : {
528 : NTSTATUS status;
529 : char *share_path;
530 :
531 0 : if (gp_ctx->cli == NULL) {
532 0 : status = gp_cli_connect(gp_ctx);
533 0 : if (!NT_STATUS_IS_OK(status)) {
534 0 : DEBUG(0, ("Failed to create cli connection to DC\n"));
535 0 : return status;
536 : }
537 : }
538 0 : share_path = gp_get_share_path(gp_ctx, file_sys_path);
539 :
540 0 : DEBUG(5, ("Copying %s to %s on sysvol\n", local_path, share_path));
541 :
542 0 : smbcli_mkdir(gp_ctx->cli->tree, share_path);
543 :
544 0 : status = push_recursive(gp_ctx, local_path, share_path, 0);
545 :
546 0 : talloc_free(share_path);
547 0 : return status;
548 : }
549 :
550 0 : NTSTATUS gp_create_gpt(struct gp_context *gp_ctx, const char *name,
551 : const char *file_sys_path)
552 : {
553 : TALLOC_CTX *mem_ctx;
554 : const char *tmp_dir, *policy_dir, *tmp_str;
555 : int rv;
556 : int fd;
557 : NTSTATUS status;
558 0 : const char *file_content = "[General]\r\nVersion=0\r\n";
559 :
560 : /* Create a forked memory context, as a base for everything here */
561 0 : mem_ctx = talloc_new(gp_ctx);
562 0 : NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
563 :
564 0 : tmp_dir = gp_tmpdir(mem_ctx);
565 0 : NT_STATUS_HAVE_NO_MEMORY(tmp_dir);
566 0 : policy_dir = talloc_asprintf(mem_ctx, "%s/%s", tmp_dir, name);
567 0 : NT_STATUS_HAVE_NO_MEMORY(policy_dir);
568 :
569 : /* Create the directories */
570 :
571 0 : rv = mkdir(policy_dir, 0755);
572 0 : if (rv < 0) {
573 0 : DEBUG(0, ("Could not create the policy dir: %s\n", policy_dir));
574 0 : talloc_free(mem_ctx);
575 0 : return NT_STATUS_UNSUCCESSFUL;
576 : }
577 :
578 0 : tmp_str = talloc_asprintf(mem_ctx, "%s/User", policy_dir);
579 0 : NT_STATUS_HAVE_NO_MEMORY(tmp_str);
580 0 : rv = mkdir(tmp_str, 0755);
581 0 : if (rv < 0) {
582 0 : DEBUG(0, ("Could not create the User dir: %s\n", tmp_str));
583 0 : talloc_free(mem_ctx);
584 0 : return NT_STATUS_UNSUCCESSFUL;
585 : }
586 :
587 0 : tmp_str = talloc_asprintf(mem_ctx, "%s/Machine", policy_dir);
588 0 : NT_STATUS_HAVE_NO_MEMORY(tmp_str);
589 0 : rv = mkdir(tmp_str, 0755);
590 0 : if (rv < 0) {
591 0 : DEBUG(0, ("Could not create the Machine dir: %s\n", tmp_str));
592 0 : talloc_free(mem_ctx);
593 0 : return NT_STATUS_UNSUCCESSFUL;
594 : }
595 :
596 : /* Create a GPT.INI with version 0 */
597 :
598 0 : tmp_str = talloc_asprintf(mem_ctx, "%s/GPT.INI", policy_dir);
599 0 : NT_STATUS_HAVE_NO_MEMORY(tmp_str);
600 0 : fd = open(tmp_str, O_CREAT | O_WRONLY, 0644);
601 0 : if (fd < 0) {
602 0 : DEBUG(0, ("Could not create the GPT.INI: %s\n", tmp_str));
603 0 : talloc_free(mem_ctx);
604 0 : return NT_STATUS_UNSUCCESSFUL;
605 : }
606 :
607 0 : rv = write(fd, file_content, strlen(file_content));
608 0 : close(fd);
609 0 : if (rv != strlen(file_content)) {
610 0 : DEBUG(0, ("Short write in GPT.INI\n"));
611 0 : talloc_free(mem_ctx);
612 0 : return NT_STATUS_UNSUCCESSFUL;
613 : }
614 :
615 : /* Upload the GPT to the sysvol share on a DC */
616 0 : status = gp_push_gpt(gp_ctx, policy_dir, file_sys_path);
617 0 : if (!NT_STATUS_IS_OK(status)) {
618 0 : talloc_free(mem_ctx);
619 0 : return status;
620 : }
621 :
622 0 : talloc_free(mem_ctx);
623 0 : return NT_STATUS_OK;
624 : }
625 :
626 0 : NTSTATUS gp_set_gpt_security_descriptor(struct gp_context *gp_ctx,
627 : struct gp_object *gpo,
628 : struct security_descriptor *sd)
629 : {
630 : TALLOC_CTX *mem_ctx;
631 : NTSTATUS status;
632 : union smb_setfileinfo fileinfo;
633 : union smb_open io;
634 : union smb_close io_close;
635 :
636 : /* Create a connection to sysvol if it is not already there */
637 0 : if (gp_ctx->cli == NULL) {
638 0 : status = gp_cli_connect(gp_ctx);
639 0 : if (!NT_STATUS_IS_OK(status)) {
640 0 : DEBUG(0, ("Failed to create cli connection to DC\n"));
641 0 : return status;
642 : }
643 : }
644 :
645 : /* Create a forked memory context which can be freed easily */
646 0 : mem_ctx = talloc_new(gp_ctx);
647 0 : NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
648 :
649 : /* Open the directory with NTCreate AndX call */
650 0 : io.generic.level = RAW_OPEN_NTCREATEX;
651 0 : io.ntcreatex.in.root_fid.fnum = 0;
652 0 : io.ntcreatex.in.flags = 0;
653 0 : io.ntcreatex.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
654 0 : io.ntcreatex.in.create_options = 0;
655 0 : io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
656 0 : io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
657 : NTCREATEX_SHARE_ACCESS_WRITE;
658 0 : io.ntcreatex.in.alloc_size = 0;
659 0 : io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
660 0 : io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
661 0 : io.ntcreatex.in.security_flags = 0;
662 0 : io.ntcreatex.in.fname = gp_get_share_path(mem_ctx, gpo->file_sys_path);
663 0 : status = smb_raw_open(gp_ctx->cli->tree, mem_ctx, &io);
664 0 : if (!NT_STATUS_IS_OK(status)) {
665 0 : DEBUG(0, ("Can't open GPT directory\n"));
666 0 : talloc_free(mem_ctx);
667 0 : return status;
668 : }
669 :
670 : /* Set the security descriptor on the directory */
671 0 : fileinfo.generic.level = RAW_SFILEINFO_SEC_DESC;
672 0 : fileinfo.set_secdesc.in.file.fnum = io.ntcreatex.out.file.fnum;
673 0 : fileinfo.set_secdesc.in.secinfo_flags = SECINFO_PROTECTED_DACL |
674 : SECINFO_OWNER |
675 : SECINFO_GROUP |
676 : SECINFO_DACL;
677 0 : fileinfo.set_secdesc.in.sd = sd;
678 0 : status = smb_raw_setfileinfo(gp_ctx->cli->tree, &fileinfo);
679 0 : if (!NT_STATUS_IS_OK(status)) {
680 0 : DEBUG(0, ("Failed to set security descriptor on the GPT\n"));
681 0 : talloc_free(mem_ctx);
682 0 : return status;
683 : }
684 :
685 : /* Close the directory */
686 0 : io_close.close.level = RAW_CLOSE_CLOSE;
687 0 : io_close.close.in.file.fnum = io.ntcreatex.out.file.fnum;
688 0 : io_close.close.in.write_time = 0;
689 0 : status = smb_raw_close(gp_ctx->cli->tree, &io_close);
690 0 : if (!NT_STATUS_IS_OK(status)) {
691 0 : DEBUG(0, ("Failed to close directory\n"));
692 0 : talloc_free(mem_ctx);
693 0 : return status;
694 : }
695 :
696 0 : talloc_free(mem_ctx);
697 0 : return NT_STATUS_OK;
698 : }
|
