Line data Source code
1 : /*
2 : * Unix SMB/CIFS implementation.
3 : * Group Policy Object Support
4 : * Copyright (C) Guenther Deschner 2005-2008
5 : *
6 : * This program is free software; you can redistribute it and/or modify
7 : * it under the terms of the GNU General Public License as published by
8 : * the Free Software Foundation; either version 3 of the License, or
9 : * (at your option) any later version.
10 : *
11 : * This program is distributed in the hope that it will be useful,
12 : * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 : * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 : * GNU General Public License for more details.
15 : *
16 : * You should have received a copy of the GNU General Public License
17 : * along with this program; if not, see <http://www.gnu.org/licenses/>.
18 : */
19 :
20 : #include "includes.h"
21 : #include "system/filesys.h"
22 : #include "librpc/gen_ndr/ndr_misc.h"
23 : #include "../librpc/gen_ndr/ndr_security.h"
24 : #include "../libgpo/gpo.h"
25 : #include "../libcli/security/security.h"
26 : #include "registry.h"
27 : #include "libgpo/gpo_proto.h"
28 : #include "libgpo/gpext/gpext.h"
29 :
30 : #if 0
31 : #define DEFAULT_DOMAIN_POLICY "Default Domain Policy"
32 : #define DEFAULT_DOMAIN_CONTROLLERS_POLICY "Default Domain Controllers Policy"
33 : #endif
34 :
35 : /* should we store a parsed guid ? */
36 : struct gp_table {
37 : const char *name;
38 : const char *guid_string;
39 : };
40 :
41 : #if 0 /* unused */
42 : static struct gp_table gpo_default_policy[] = {
43 : { DEFAULT_DOMAIN_POLICY,
44 : "31B2F340-016D-11D2-945F-00C04FB984F9" },
45 : { DEFAULT_DOMAIN_CONTROLLERS_POLICY,
46 : "6AC1786C-016F-11D2-945F-00C04fB984F9" },
47 : { NULL, NULL }
48 : };
49 : #endif
50 :
51 : /* the following is seen in gPCMachineExtensionNames / gPCUserExtensionNames */
52 :
53 : static struct gp_table gpo_cse_extensions[] = {
54 : /* used to be "Administrative Templates Extension" */
55 : /* "Registry Settings"
56 : (http://support.microsoft.com/kb/216357/EN-US/) */
57 : { "Registry Settings",
58 : GP_EXT_GUID_REGISTRY },
59 : { "Microsoft Disc Quota",
60 : "3610EDA5-77EF-11D2-8DC5-00C04FA31A66" },
61 : { "EFS recovery",
62 : "B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A" },
63 : { "Folder Redirection",
64 : "25537BA6-77A8-11D2-9B6C-0000F8080861" },
65 : { "IP Security",
66 : "E437BC1C-AA7D-11D2-A382-00C04F991E27" },
67 : { "Internet Explorer Branding",
68 : "A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B" },
69 : { "QoS Packet Scheduler",
70 : "426031c0-0b47-4852-b0ca-ac3d37bfcb39" },
71 : { "Scripts",
72 : GP_EXT_GUID_SCRIPTS },
73 : { "Security",
74 : GP_EXT_GUID_SECURITY },
75 : { "Software Installation",
76 : "C6DC5466-785A-11D2-84D0-00C04FB169F7" },
77 : { "Wireless Group Policy",
78 : "0ACDD40C-75AC-BAA0-BF6DE7E7FE63" },
79 : { "Application Management",
80 : "C6DC5466-785A-11D2-84D0-00C04FB169F7" },
81 : { "unknown",
82 : "3060E8D0-7020-11D2-842D-00C04FA372D4" },
83 : { NULL, NULL }
84 : };
85 :
86 : /* guess work */
87 : static struct gp_table gpo_cse_snapin_extensions[] = {
88 : { "Administrative Templates",
89 : "0F6B957D-509E-11D1-A7CC-0000F87571E3" },
90 : { "Certificates",
91 : "53D6AB1D-2488-11D1-A28C-00C04FB94F17" },
92 : { "EFS recovery policy processing",
93 : "B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A" },
94 : { "Folder Redirection policy processing",
95 : "25537BA6-77A8-11D2-9B6C-0000F8080861" },
96 : { "Folder Redirection",
97 : "88E729D6-BDC1-11D1-BD2A-00C04FB9603F" },
98 : { "Registry policy processing",
99 : "35378EAC-683F-11D2-A89A-00C04FBBCFA2" },
100 : { "Remote Installation Services",
101 : "3060E8CE-7020-11D2-842D-00C04FA372D4" },
102 : { "Security Settings",
103 : "803E14A0-B4FB-11D0-A0D0-00A0C90F574B" },
104 : { "Security policy processing",
105 : "827D319E-6EAC-11D2-A4EA-00C04F79F83A" },
106 : { "unknown",
107 : "3060E8D0-7020-11D2-842D-00C04FA372D4" },
108 : { "unknown2",
109 : "53D6AB1B-2488-11D1-A28C-00C04FB94F17" },
110 : { NULL, NULL }
111 : };
112 :
113 : /****************************************************************
114 : ****************************************************************/
115 :
116 0 : static const char *name_to_guid_string(const char *name,
117 : struct gp_table *table)
118 : {
119 0 : int i;
120 :
121 0 : for (i = 0; table[i].name; i++) {
122 0 : if (strequal(name, table[i].name)) {
123 0 : return table[i].guid_string;
124 : }
125 : }
126 :
127 0 : return NULL;
128 : }
129 :
130 : /****************************************************************
131 : ****************************************************************/
132 :
133 0 : static const char *guid_string_to_name(const char *guid_string,
134 : struct gp_table *table)
135 : {
136 0 : int i;
137 :
138 0 : for (i = 0; table[i].guid_string; i++) {
139 0 : if (strequal(guid_string, table[i].guid_string)) {
140 0 : return table[i].name;
141 : }
142 : }
143 :
144 0 : return NULL;
145 : }
146 :
147 : /****************************************************************
148 : ****************************************************************/
149 :
150 0 : static const char *snapin_guid_string_to_name(const char *guid_string,
151 : struct gp_table *table)
152 : {
153 0 : int i;
154 0 : for (i = 0; table[i].guid_string; i++) {
155 0 : if (strequal(guid_string, table[i].guid_string)) {
156 0 : return table[i].name;
157 : }
158 : }
159 0 : return NULL;
160 : }
161 :
162 : #if 0 /* unused */
163 : static const char *default_gpo_name_to_guid_string(const char *name)
164 : {
165 : return name_to_guid_string(name, gpo_default_policy);
166 : }
167 :
168 : static const char *default_gpo_guid_string_to_name(const char *guid)
169 : {
170 : return guid_string_to_name(guid, gpo_default_policy);
171 : }
172 : #endif
173 :
174 : /****************************************************************
175 : ****************************************************************/
176 :
177 0 : const char *cse_gpo_guid_string_to_name(const char *guid)
178 : {
179 0 : return guid_string_to_name(guid, gpo_cse_extensions);
180 : }
181 :
182 : /****************************************************************
183 : ****************************************************************/
184 :
185 0 : const char *cse_gpo_name_to_guid_string(const char *name)
186 : {
187 0 : return name_to_guid_string(name, gpo_cse_extensions);
188 : }
189 :
190 : /****************************************************************
191 : ****************************************************************/
192 :
193 0 : const char *cse_snapin_gpo_guid_string_to_name(const char *guid)
194 : {
195 0 : return snapin_guid_string_to_name(guid, gpo_cse_snapin_extensions);
196 : }
197 :
198 : /****************************************************************
199 : ****************************************************************/
200 :
201 0 : void dump_gp_ext(struct GP_EXT *gp_ext, int debuglevel)
202 : {
203 0 : int lvl = debuglevel;
204 0 : int i;
205 :
206 0 : if (gp_ext == NULL) {
207 0 : return;
208 : }
209 :
210 0 : DEBUG(lvl,("\t---------------------\n\n"));
211 0 : DEBUGADD(lvl,("\tname:\t\t\t%s\n", gp_ext->gp_extension));
212 :
213 0 : for (i=0; i< gp_ext->num_exts; i++) {
214 :
215 0 : DEBUGADD(lvl,("\textension:\t\t\t%s\n",
216 : gp_ext->extensions_guid[i]));
217 0 : DEBUGADD(lvl,("\textension (name):\t\t\t%s\n",
218 : gp_ext->extensions[i]));
219 :
220 0 : DEBUGADD(lvl,("\tsnapin:\t\t\t%s\n",
221 : gp_ext->snapins_guid[i]));
222 0 : DEBUGADD(lvl,("\tsnapin (name):\t\t\t%s\n",
223 : gp_ext->snapins[i]));
224 : }
225 : }
226 :
227 : #ifdef HAVE_LDAP
228 :
229 : /****************************************************************
230 : ****************************************************************/
231 :
232 0 : void dump_gpo(const struct GROUP_POLICY_OBJECT *gpo,
233 : int debuglevel)
234 : {
235 0 : int lvl = debuglevel;
236 0 : TALLOC_CTX *frame = talloc_stackframe();
237 :
238 0 : if (gpo == NULL) {
239 0 : goto out;
240 : }
241 :
242 0 : DEBUG(lvl,("---------------------\n\n"));
243 :
244 0 : DEBUGADD(lvl,("name:\t\t\t%s\n", gpo->name));
245 0 : DEBUGADD(lvl,("displayname:\t\t%s\n", gpo->display_name));
246 0 : DEBUGADD(lvl,("version:\t\t%d (0x%08x)\n", gpo->version, gpo->version));
247 0 : DEBUGADD(lvl,("version_user:\t\t%d (0x%04x)\n",
248 : GPO_VERSION_USER(gpo->version),
249 : GPO_VERSION_USER(gpo->version)));
250 0 : DEBUGADD(lvl,("version_machine:\t%d (0x%04x)\n",
251 : GPO_VERSION_MACHINE(gpo->version),
252 : GPO_VERSION_MACHINE(gpo->version)));
253 0 : DEBUGADD(lvl,("filesyspath:\t\t%s\n", gpo->file_sys_path));
254 0 : DEBUGADD(lvl,("dspath:\t\t%s\n", gpo->ds_path));
255 :
256 0 : DEBUGADD(lvl,("options:\t\t%d ", gpo->options));
257 0 : switch (gpo->options) {
258 0 : case GPFLAGS_ALL_ENABLED:
259 0 : DEBUGADD(lvl,("GPFLAGS_ALL_ENABLED\n"));
260 0 : break;
261 0 : case GPFLAGS_USER_SETTINGS_DISABLED:
262 0 : DEBUGADD(lvl,("GPFLAGS_USER_SETTINGS_DISABLED\n"));
263 0 : break;
264 0 : case GPFLAGS_MACHINE_SETTINGS_DISABLED:
265 0 : DEBUGADD(lvl,("GPFLAGS_MACHINE_SETTINGS_DISABLED\n"));
266 0 : break;
267 0 : case GPFLAGS_ALL_DISABLED:
268 0 : DEBUGADD(lvl,("GPFLAGS_ALL_DISABLED\n"));
269 0 : break;
270 0 : default:
271 0 : DEBUGADD(lvl,("unknown option: %d\n", gpo->options));
272 0 : break;
273 : }
274 :
275 0 : DEBUGADD(lvl,("link:\t\t\t%s\n", gpo->link));
276 0 : DEBUGADD(lvl,("link_type:\t\t%d ", gpo->link_type));
277 0 : switch (gpo->link_type) {
278 0 : case GP_LINK_UNKOWN:
279 0 : DEBUGADD(lvl,("GP_LINK_UNKOWN\n"));
280 0 : break;
281 0 : case GP_LINK_OU:
282 0 : DEBUGADD(lvl,("GP_LINK_OU\n"));
283 0 : break;
284 0 : case GP_LINK_DOMAIN:
285 0 : DEBUGADD(lvl,("GP_LINK_DOMAIN\n"));
286 0 : break;
287 0 : case GP_LINK_SITE:
288 0 : DEBUGADD(lvl,("GP_LINK_SITE\n"));
289 0 : break;
290 0 : case GP_LINK_MACHINE:
291 0 : DEBUGADD(lvl,("GP_LINK_MACHINE\n"));
292 0 : break;
293 0 : default:
294 0 : break;
295 : }
296 :
297 0 : DEBUGADD(lvl,("machine_extensions:\t%s\n", gpo->machine_extensions));
298 :
299 0 : if (gpo->machine_extensions) {
300 :
301 0 : struct GP_EXT *gp_ext = NULL;
302 :
303 0 : if (!ads_parse_gp_ext(frame, gpo->machine_extensions,
304 : &gp_ext)) {
305 0 : goto out;
306 : }
307 0 : dump_gp_ext(gp_ext, lvl);
308 : }
309 :
310 0 : DEBUGADD(lvl,("user_extensions:\t%s\n", gpo->user_extensions));
311 :
312 0 : if (gpo->user_extensions) {
313 :
314 0 : struct GP_EXT *gp_ext = NULL;
315 :
316 0 : if (!ads_parse_gp_ext(frame, gpo->user_extensions,
317 : &gp_ext)) {
318 0 : goto out;
319 : }
320 0 : dump_gp_ext(gp_ext, lvl);
321 : }
322 0 : if (gpo->security_descriptor) {
323 0 : DEBUGADD(lvl,("security descriptor:\n"));
324 :
325 0 : NDR_PRINT_DEBUG(security_descriptor, gpo->security_descriptor);
326 : }
327 0 : out:
328 0 : talloc_free(frame);
329 0 : }
330 :
331 : /****************************************************************
332 : ****************************************************************/
333 :
334 0 : void dump_gpo_list(const struct GROUP_POLICY_OBJECT *gpo_list,
335 : int debuglevel)
336 : {
337 0 : const struct GROUP_POLICY_OBJECT *gpo = NULL;
338 :
339 0 : for (gpo = gpo_list; gpo; gpo = gpo->next) {
340 0 : dump_gpo(gpo, debuglevel);
341 : }
342 0 : }
343 :
344 : /****************************************************************
345 : ****************************************************************/
346 :
347 0 : void dump_gplink(const struct GP_LINK *gp_link)
348 : {
349 0 : int i;
350 0 : int lvl = 10;
351 :
352 0 : if (gp_link == NULL) {
353 0 : return;
354 : }
355 :
356 0 : DEBUG(lvl,("---------------------\n\n"));
357 :
358 0 : DEBUGADD(lvl,("gplink: %s\n", gp_link->gp_link));
359 0 : DEBUGADD(lvl,("gpopts: %d ", gp_link->gp_opts));
360 0 : switch (gp_link->gp_opts) {
361 0 : case GPOPTIONS_INHERIT:
362 0 : DEBUGADD(lvl,("GPOPTIONS_INHERIT\n"));
363 0 : break;
364 0 : case GPOPTIONS_BLOCK_INHERITANCE:
365 0 : DEBUGADD(lvl,("GPOPTIONS_BLOCK_INHERITANCE\n"));
366 0 : break;
367 0 : default:
368 0 : break;
369 : }
370 :
371 0 : DEBUGADD(lvl,("num links: %d\n", gp_link->num_links));
372 :
373 0 : for (i = 0; i < gp_link->num_links; i++) {
374 :
375 0 : DEBUGADD(lvl,("---------------------\n\n"));
376 :
377 0 : DEBUGADD(lvl,("link: #%d\n", i + 1));
378 0 : DEBUGADD(lvl,("name: %s\n", gp_link->link_names[i]));
379 :
380 0 : DEBUGADD(lvl,("opt: %d ", gp_link->link_opts[i]));
381 0 : if (gp_link->link_opts[i] & GPO_LINK_OPT_ENFORCED) {
382 0 : DEBUGADD(lvl,("GPO_LINK_OPT_ENFORCED "));
383 : }
384 0 : if (gp_link->link_opts[i] & GPO_LINK_OPT_DISABLED) {
385 0 : DEBUGADD(lvl,("GPO_LINK_OPT_DISABLED"));
386 : }
387 0 : DEBUGADD(lvl,("\n"));
388 : }
389 : }
390 :
391 : #endif /* HAVE_LDAP */
392 :
393 : /****************************************************************
394 : ****************************************************************/
395 :
396 0 : bool gpo_get_gp_ext_from_gpo(TALLOC_CTX *mem_ctx,
397 : uint32_t flags,
398 : const struct GROUP_POLICY_OBJECT *gpo,
399 : struct GP_EXT **gp_ext)
400 : {
401 0 : ZERO_STRUCTP(*gp_ext);
402 :
403 0 : if (flags & GPO_INFO_FLAG_MACHINE) {
404 :
405 0 : if (gpo->machine_extensions) {
406 :
407 0 : if (!ads_parse_gp_ext(mem_ctx, gpo->machine_extensions,
408 : gp_ext)) {
409 0 : return false;
410 : }
411 : }
412 : } else {
413 :
414 0 : if (gpo->user_extensions) {
415 :
416 0 : if (!ads_parse_gp_ext(mem_ctx, gpo->user_extensions,
417 : gp_ext)) {
418 0 : return false;
419 : }
420 : }
421 : }
422 :
423 0 : return true;
424 : }
425 :
426 : /****************************************************************
427 : ****************************************************************/
428 :
429 0 : NTSTATUS gpo_process_gpo_list(TALLOC_CTX *mem_ctx,
430 : const struct security_token *token,
431 : const struct GROUP_POLICY_OBJECT *deleted_gpo_list,
432 : const struct GROUP_POLICY_OBJECT *changed_gpo_list,
433 : const char *extensions_guid_filter,
434 : uint32_t flags)
435 : {
436 0 : NTSTATUS status = NT_STATUS_OK;
437 0 : struct registry_key *root_key = NULL;
438 0 : struct gp_registry_context *reg_ctx = NULL;
439 0 : WERROR werr;
440 :
441 : /* get the key here */
442 0 : if (flags & GPO_LIST_FLAG_MACHINE) {
443 0 : werr = gp_init_reg_ctx(mem_ctx, KEY_HKLM, REG_KEY_WRITE,
444 : get_system_token(),
445 : ®_ctx);
446 : } else {
447 0 : werr = gp_init_reg_ctx(mem_ctx, KEY_HKCU, REG_KEY_WRITE,
448 : token,
449 : ®_ctx);
450 : }
451 0 : if (!W_ERROR_IS_OK(werr)) {
452 0 : talloc_free(reg_ctx);
453 0 : return werror_to_ntstatus(werr);
454 : }
455 :
456 0 : root_key = reg_ctx->curr_key;
457 :
458 0 : status = gpext_process_extension(mem_ctx,
459 : flags, token, root_key,
460 : deleted_gpo_list,
461 : changed_gpo_list,
462 : extensions_guid_filter);
463 0 : talloc_free(reg_ctx);
464 0 : talloc_free(root_key);
465 0 : gpext_free_gp_extensions();
466 :
467 0 : return status;
468 : }
469 :
470 : /****************************************************************
471 : ****************************************************************/
472 :
473 0 : NTSTATUS gpo_get_unix_path(TALLOC_CTX *mem_ctx,
474 : const char *cache_dir,
475 : const struct GROUP_POLICY_OBJECT *gpo,
476 : char **unix_path)
477 : {
478 0 : char *server, *share, *nt_path;
479 0 : return gpo_explode_filesyspath(mem_ctx, cache_dir, gpo->file_sys_path,
480 : &server, &share, &nt_path, unix_path);
481 : }
482 :
483 : /****************************************************************
484 : ****************************************************************/
485 :
486 0 : char *gpo_flag_str(TALLOC_CTX *ctx, uint32_t flags)
487 : {
488 0 : char *str = NULL;
489 :
490 0 : if (flags == 0) {
491 0 : return NULL;
492 : }
493 :
494 0 : str = talloc_strdup(ctx, "");
495 0 : if (!str) {
496 0 : return NULL;
497 : }
498 :
499 0 : if (flags & GPO_INFO_FLAG_SLOWLINK)
500 0 : str = talloc_strdup_append(str, "GPO_INFO_FLAG_SLOWLINK ");
501 0 : if (flags & GPO_INFO_FLAG_VERBOSE)
502 0 : str = talloc_strdup_append(str, "GPO_INFO_FLAG_VERBOSE ");
503 0 : if (flags & GPO_INFO_FLAG_SAFEMODE_BOOT)
504 0 : str = talloc_strdup_append(str, "GPO_INFO_FLAG_SAFEMODE_BOOT ");
505 0 : if (flags & GPO_INFO_FLAG_NOCHANGES)
506 0 : str = talloc_strdup_append(str, "GPO_INFO_FLAG_NOCHANGES ");
507 0 : if (flags & GPO_INFO_FLAG_MACHINE)
508 0 : str = talloc_strdup_append(str, "GPO_INFO_FLAG_MACHINE ");
509 0 : if (flags & GPO_INFO_FLAG_LOGRSOP_TRANSITION)
510 0 : str = talloc_strdup_append(str, "GPO_INFO_FLAG_LOGRSOP_TRANSITION ");
511 0 : if (flags & GPO_INFO_FLAG_LINKTRANSITION)
512 0 : str = talloc_strdup_append(str, "GPO_INFO_FLAG_LINKTRANSITION ");
513 0 : if (flags & GPO_INFO_FLAG_FORCED_REFRESH)
514 0 : str = talloc_strdup_append(str, "GPO_INFO_FLAG_FORCED_REFRESH ");
515 0 : if (flags & GPO_INFO_FLAG_BACKGROUND)
516 0 : str = talloc_strdup_append(str, "GPO_INFO_FLAG_BACKGROUND ");
517 :
518 0 : return str;
519 : }
520 :
521 : /****************************************************************
522 : ****************************************************************/
523 :
524 0 : NTSTATUS gp_find_file(TALLOC_CTX *mem_ctx,
525 : uint32_t flags,
526 : const char *filename,
527 : const char *suffix,
528 : const char **filename_out)
529 : {
530 0 : const char *tmp = NULL;
531 0 : struct stat sbuf;
532 0 : const char *path = NULL;
533 :
534 0 : if (flags & GPO_LIST_FLAG_MACHINE) {
535 0 : path = "Machine";
536 : } else {
537 0 : path = "User";
538 : }
539 :
540 0 : tmp = talloc_asprintf(mem_ctx, "%s/%s/%s", filename,
541 : path, suffix);
542 0 : NT_STATUS_HAVE_NO_MEMORY(tmp);
543 :
544 0 : if (stat(tmp, &sbuf) == 0) {
545 0 : *filename_out = tmp;
546 0 : return NT_STATUS_OK;
547 : }
548 :
549 0 : path = talloc_strdup_upper(mem_ctx, path);
550 0 : NT_STATUS_HAVE_NO_MEMORY(path);
551 :
552 0 : tmp = talloc_asprintf(mem_ctx, "%s/%s/%s", filename,
553 : path, suffix);
554 0 : NT_STATUS_HAVE_NO_MEMORY(tmp);
555 :
556 0 : if (stat(tmp, &sbuf) == 0) {
557 0 : *filename_out = tmp;
558 0 : return NT_STATUS_OK;
559 : }
560 :
561 0 : return NT_STATUS_NO_SUCH_FILE;
562 : }
563 :
564 : /****************************************************************
565 : ****************************************************************/
566 :
567 2 : ADS_STATUS gp_get_machine_token(ADS_STRUCT *ads,
568 : TALLOC_CTX *mem_ctx,
569 : const char *dn,
570 : struct security_token **token)
571 : {
572 : #ifdef HAVE_ADS
573 2 : struct security_token *ad_token = NULL;
574 0 : ADS_STATUS status;
575 0 : NTSTATUS ntstatus;
576 :
577 2 : status = ads_get_sid_token(ads, mem_ctx, dn, &ad_token);
578 2 : if (!ADS_ERR_OK(status)) {
579 0 : return status;
580 : }
581 2 : ntstatus = merge_with_system_token(mem_ctx, ad_token,
582 : token);
583 2 : if (!NT_STATUS_IS_OK(ntstatus)) {
584 0 : return ADS_ERROR_NT(ntstatus);
585 : }
586 2 : return ADS_SUCCESS;
587 : #else
588 0 : return ADS_ERROR_NT(NT_STATUS_NOT_SUPPORTED);
589 : #endif
590 : }
591 :
592 : /****************************************************************
593 : ****************************************************************/
594 :
595 0 : NTSTATUS gpo_copy(TALLOC_CTX *mem_ctx,
596 : const struct GROUP_POLICY_OBJECT *gpo_src,
597 : struct GROUP_POLICY_OBJECT **gpo_dst)
598 : {
599 0 : struct GROUP_POLICY_OBJECT *gpo;
600 :
601 0 : gpo = talloc_zero(mem_ctx, struct GROUP_POLICY_OBJECT);
602 0 : NT_STATUS_HAVE_NO_MEMORY(gpo);
603 :
604 0 : gpo->options = gpo_src->options;
605 0 : gpo->version = gpo_src->version;
606 :
607 0 : gpo->ds_path = talloc_strdup(gpo, gpo_src->ds_path);
608 0 : if (gpo->ds_path == NULL) {
609 0 : TALLOC_FREE(gpo);
610 0 : return NT_STATUS_NO_MEMORY;
611 : }
612 :
613 0 : gpo->file_sys_path = talloc_strdup(gpo, gpo_src->file_sys_path);
614 0 : if (gpo->file_sys_path == NULL) {
615 0 : TALLOC_FREE(gpo);
616 0 : return NT_STATUS_NO_MEMORY;
617 : }
618 :
619 0 : gpo->display_name = talloc_strdup(gpo, gpo_src->display_name);
620 0 : if (gpo->display_name == NULL) {
621 0 : TALLOC_FREE(gpo);
622 0 : return NT_STATUS_NO_MEMORY;
623 : }
624 :
625 0 : gpo->name = talloc_strdup(gpo, gpo_src->name);
626 0 : if (gpo->name == NULL) {
627 0 : TALLOC_FREE(gpo);
628 0 : return NT_STATUS_NO_MEMORY;
629 : }
630 :
631 0 : gpo->link = talloc_strdup(gpo, gpo_src->link);
632 0 : if (gpo->link == NULL) {
633 0 : TALLOC_FREE(gpo);
634 0 : return NT_STATUS_NO_MEMORY;
635 : }
636 :
637 0 : gpo->link_type = gpo_src->link_type;
638 :
639 0 : if (gpo_src->user_extensions) {
640 0 : gpo->user_extensions = talloc_strdup(gpo, gpo_src->user_extensions);
641 0 : if (gpo->user_extensions == NULL) {
642 0 : TALLOC_FREE(gpo);
643 0 : return NT_STATUS_NO_MEMORY;
644 : }
645 : }
646 :
647 0 : if (gpo_src->machine_extensions) {
648 0 : gpo->machine_extensions = talloc_strdup(gpo, gpo_src->machine_extensions);
649 0 : if (gpo->machine_extensions == NULL) {
650 0 : TALLOC_FREE(gpo);
651 0 : return NT_STATUS_NO_MEMORY;
652 : }
653 : }
654 :
655 0 : if (gpo_src->security_descriptor == NULL) {
656 : /* existing SD assumed */
657 0 : TALLOC_FREE(gpo);
658 0 : return NT_STATUS_INVALID_PARAMETER;
659 : }
660 0 : gpo->security_descriptor = security_descriptor_copy(gpo,
661 0 : gpo_src->security_descriptor);
662 0 : if (gpo->security_descriptor == NULL) {
663 0 : TALLOC_FREE(gpo);
664 0 : return NT_STATUS_NO_MEMORY;
665 : }
666 :
667 0 : gpo->next = gpo->prev = NULL;
668 :
669 0 : *gpo_dst = gpo;
670 :
671 0 : return NT_STATUS_OK;
672 : }
|
