Line data Source code
1 : /*
2 : * Unix SMB/CIFS implementation.
3 : * Group Policy Object Support
4 : * Copyright (C) Wilco Baan Hofman 2008-2010
5 : *
6 : * This program is free software; you can redistribute it and/or modify
7 : * it under the terms of the GNU General Public License as published by
8 : * the Free Software Foundation; either version 3 of the License, or
9 : * (at your option) any later version.
10 : *
11 : * This program is distributed in the hope that it will be useful,
12 : * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 : * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 : * GNU General Public License for more details.
15 : *
16 : * You should have received a copy of the GNU General Public License
17 : * along with this program; if not, see <http://www.gnu.org/licenses/>.
18 : */
19 : #include "includes.h"
20 : #include "system/dir.h"
21 : #include "system/filesys.h"
22 : #include "lib/policy/policy.h"
23 : #include "libcli/raw/smb.h"
24 : #include "libcli/libcli.h"
25 : #include "param/param.h"
26 : #include "libcli/resolve/resolve.h"
27 : #include "libcli/raw/libcliraw.h"
28 : #include <dirent.h>
29 : #include <errno.h>
30 :
31 : #define GP_MAX_DEPTH 25
32 :
33 : struct gp_file_entry {
34 : bool is_directory;
35 : const char *rel_path;
36 : };
37 : struct gp_file_list {
38 : uint32_t num_files;
39 : struct gp_file_entry *files;
40 : };
41 : struct gp_list_state {
42 : struct smbcli_tree *tree;
43 : uint8_t depth;
44 : const char *cur_rel_path;
45 : const char *share_path;
46 :
47 : struct gp_file_list list;
48 : };
49 :
50 : static NTSTATUS gp_do_list(const char *, struct gp_list_state *);
51 :
52 : /* Create a temporary policy directory */
53 0 : static const char *gp_tmpdir(TALLOC_CTX *mem_ctx)
54 : {
55 0 : char *gp_dir = talloc_asprintf(mem_ctx, "%s/policy", tmpdir());
56 0 : struct stat st;
57 0 : int rv;
58 :
59 0 : if (gp_dir == NULL) return NULL;
60 :
61 0 : if (stat(gp_dir, &st) != 0) {
62 0 : rv = mkdir(gp_dir, 0755);
63 0 : if (rv < 0) {
64 0 : DEBUG(0, ("Failed to create directory %s: %s\n",
65 : gp_dir, strerror(errno)));
66 0 : talloc_free(gp_dir);
67 0 : return NULL;
68 : }
69 : }
70 :
71 0 : return gp_dir;
72 : }
73 :
74 : /* This function is called by the smbcli_list function */
75 0 : static void gp_list_helper (struct clilist_file_info *info, const char *mask,
76 : void *list_state_ptr)
77 : {
78 0 : struct gp_list_state *state = list_state_ptr;
79 0 : const char *rel_path;
80 :
81 : /* Ignore . and .. directory entries */
82 0 : if (strcmp(info->name, ".") == 0 || strcmp(info->name, "..") == 0) {
83 0 : return;
84 : }
85 :
86 : /* Safety check against ../.. in filenames which may occur on non-POSIX
87 : * platforms */
88 0 : if (strstr(info->name, "../")) {
89 0 : return;
90 : }
91 :
92 0 : rel_path = talloc_asprintf(state, "%s\\%s", state->cur_rel_path, info->name);
93 0 : if (rel_path == NULL) return;
94 :
95 : /* Append entry to file list */
96 0 : state->list.files = talloc_realloc(state, state->list.files,
97 : struct gp_file_entry,
98 : state->list.num_files + 1);
99 0 : if (state->list.files == NULL) return;
100 :
101 0 : state->list.files[state->list.num_files].rel_path = rel_path;
102 :
103 : /* Directory */
104 0 : if (info->attrib & FILE_ATTRIBUTE_DIRECTORY) {
105 0 : state->list.files[state->list.num_files].is_directory = true;
106 0 : state->list.num_files++;
107 :
108 : /* Recurse into this directory if the depth is below the maximum */
109 0 : if (state->depth < GP_MAX_DEPTH) {
110 0 : gp_do_list(rel_path, state);
111 : }
112 :
113 0 : return;
114 : }
115 :
116 0 : state->list.files[state->list.num_files].is_directory = false;
117 0 : state->list.num_files++;
118 :
119 0 : return;
120 : }
121 :
122 0 : static NTSTATUS gp_do_list (const char *rel_path, struct gp_list_state *state)
123 : {
124 0 : uint16_t attributes;
125 0 : int rv;
126 0 : char *mask;
127 0 : const char *old_rel_path;
128 :
129 0 : attributes = FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN |
130 : FILE_ATTRIBUTE_DIRECTORY;
131 :
132 : /* Update the relative paths, while buffering the parent */
133 0 : old_rel_path = state->cur_rel_path;
134 0 : state->cur_rel_path = rel_path;
135 0 : state->depth++;
136 :
137 : /* Get the current mask */
138 0 : mask = talloc_asprintf(state, "%s%s\\*", state->share_path, rel_path);
139 0 : NT_STATUS_HAVE_NO_MEMORY(mask);
140 0 : rv = smbcli_list(state->tree, mask, attributes, gp_list_helper, state);
141 0 : talloc_free(mask);
142 :
143 : /* Go back to the state of the parent */
144 0 : state->cur_rel_path = old_rel_path;
145 0 : state->depth--;
146 :
147 0 : if (rv == -1)
148 0 : return NT_STATUS_UNSUCCESSFUL;
149 :
150 0 : return NT_STATUS_OK;
151 : }
152 :
153 0 : static NTSTATUS gp_cli_connect(struct gp_context *gp_ctx)
154 : {
155 0 : struct smbcli_options options;
156 0 : struct smbcli_session_options session_options;
157 :
158 0 : if (gp_ctx->cli != NULL)
159 0 : return NT_STATUS_OK;
160 :
161 0 : gp_ctx->cli = smbcli_state_init(gp_ctx);
162 :
163 0 : lpcfg_smbcli_options(gp_ctx->lp_ctx, &options);
164 0 : lpcfg_smbcli_session_options(gp_ctx->lp_ctx, &session_options);
165 :
166 0 : return smbcli_full_connection(gp_ctx,
167 : &gp_ctx->cli,
168 0 : gp_ctx->active_dc->name,
169 : lpcfg_smb_ports(gp_ctx->lp_ctx),
170 : "sysvol",
171 : NULL,
172 : lpcfg_socket_options(gp_ctx->lp_ctx),
173 : gp_ctx->credentials,
174 : lpcfg_resolve_context(gp_ctx->lp_ctx),
175 : gp_ctx->ev_ctx,
176 : &options,
177 : &session_options,
178 : lpcfg_gensec_settings(gp_ctx, gp_ctx->lp_ctx));
179 : }
180 :
181 0 : static char * gp_get_share_path(TALLOC_CTX *mem_ctx, const char *file_sys_path)
182 : {
183 0 : unsigned int i, bkslash_cnt;
184 :
185 : /* Get the path from the share down (\\..\..\(this\stuff) */
186 0 : for (i = 0, bkslash_cnt = 0; file_sys_path[i] != '\0'; i++) {
187 0 : if (file_sys_path[i] == '\\')
188 0 : bkslash_cnt++;
189 :
190 0 : if (bkslash_cnt == 4) {
191 0 : return talloc_strdup(mem_ctx, &file_sys_path[i]);
192 : }
193 : }
194 :
195 0 : return NULL;
196 : }
197 :
198 0 : static NTSTATUS gp_get_file (struct smbcli_tree *tree, const char *remote_src,
199 : const char *local_dst)
200 : {
201 0 : int fh_remote, fh_local;
202 0 : uint8_t *buf;
203 0 : size_t nread = 0;
204 0 : size_t buf_size = 1024;
205 0 : size_t file_size;
206 0 : uint16_t attr;
207 :
208 : /* Open the remote file */
209 0 : fh_remote = smbcli_open(tree, remote_src, O_RDONLY, DENY_NONE);
210 0 : if (fh_remote == -1) {
211 0 : DEBUG(0, ("Failed to open remote file: %s\n", remote_src));
212 0 : return NT_STATUS_UNSUCCESSFUL;
213 : }
214 :
215 : /* Open the local file */
216 0 : fh_local = open(local_dst, O_WRONLY | O_CREAT | O_TRUNC, 0644);
217 0 : if (fh_local == -1) {
218 0 : DEBUG(0, ("Failed to open local file: %s\n", local_dst));
219 0 : smbcli_close(tree, fh_remote);
220 0 : return NT_STATUS_UNSUCCESSFUL;
221 : }
222 :
223 : /* Get the remote file size for error checking */
224 0 : if (NT_STATUS_IS_ERR(smbcli_qfileinfo(tree, fh_remote,
225 0 : &attr, &file_size, NULL, NULL, NULL, NULL, NULL)) &&
226 0 : NT_STATUS_IS_ERR(smbcli_getattrE(tree, fh_remote,
227 : &attr, &file_size, NULL, NULL, NULL))) {
228 0 : DEBUG(0, ("Failed to get remote file size: %s\n", smbcli_errstr(tree)));
229 0 : smbcli_close(tree, fh_remote);
230 0 : close(fh_local);
231 0 : return NT_STATUS_UNSUCCESSFUL;
232 : }
233 :
234 0 : buf = talloc_zero_array(tree, uint8_t, buf_size);
235 0 : if (buf == NULL) {
236 0 : smbcli_close(tree, fh_remote);
237 0 : close(fh_local);
238 0 : return NT_STATUS_NO_MEMORY;
239 : }
240 :
241 : /* Copy the contents of the file */
242 0 : while (1) {
243 0 : int n = smbcli_read(tree, fh_remote, buf, nread, buf_size);
244 :
245 0 : if (n <= 0) {
246 0 : break;
247 : }
248 :
249 0 : if (write(fh_local, buf, n) != n) {
250 0 : DEBUG(0, ("Short write while copying file.\n"));
251 0 : smbcli_close(tree, fh_remote);
252 0 : close(fh_local);
253 0 : talloc_free(buf);
254 0 : return NT_STATUS_UNSUCCESSFUL;
255 : }
256 0 : nread += n;
257 : }
258 :
259 : /* Close the files */
260 0 : smbcli_close(tree, fh_remote);
261 0 : close(fh_local);
262 :
263 0 : talloc_free(buf);
264 :
265 : /* Bytes read should match the file size, or the copy was incomplete */
266 0 : if (nread != file_size) {
267 0 : DEBUG(0, ("Remote/local file size mismatch after copying file: "
268 : "%s (remote %zu, local %zu).\n",
269 : remote_src, file_size, nread));
270 0 : return NT_STATUS_UNSUCCESSFUL;
271 : }
272 :
273 0 : return NT_STATUS_OK;
274 : }
275 :
276 0 : static NTSTATUS gp_get_files(struct smbcli_tree *tree, const char *share_path,
277 : const char *local_path, struct gp_file_list *list)
278 : {
279 0 : uint32_t i;
280 0 : int rv;
281 0 : char *local_rel_path, *full_local_path, *full_remote_path;
282 0 : TALLOC_CTX *mem_ctx;
283 0 : NTSTATUS status;
284 :
285 0 : mem_ctx = talloc_new(tree);
286 0 : NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
287 :
288 0 : for (i = 0; i < list->num_files; i++) {
289 :
290 : /* Get local path by replacing backslashes with slashes */
291 0 : local_rel_path = talloc_strdup(mem_ctx, list->files[i].rel_path);
292 0 : if (local_rel_path == NULL) {
293 0 : TALLOC_FREE(mem_ctx);
294 0 : return NT_STATUS_NO_MEMORY;
295 : }
296 0 : string_replace(local_rel_path, '\\', '/');
297 :
298 0 : full_local_path = talloc_asprintf(mem_ctx, "%s%s", local_path,
299 : local_rel_path);
300 0 : if (full_local_path == NULL) {
301 0 : TALLOC_FREE(mem_ctx);
302 0 : return NT_STATUS_NO_MEMORY;
303 : }
304 :
305 : /* If the entry is a directory, create it. */
306 0 : if (list->files[i].is_directory == true) {
307 0 : rv = mkdir(full_local_path, 0755);
308 0 : if (rv < 0) {
309 0 : DEBUG(0, ("Failed to create directory %s: %s\n",
310 : full_local_path, strerror(errno)));
311 0 : talloc_free(mem_ctx);
312 0 : return NT_STATUS_UNSUCCESSFUL;
313 : }
314 0 : continue;
315 : }
316 :
317 0 : full_remote_path = talloc_asprintf(mem_ctx, "%s%s", share_path,
318 0 : list->files[i].rel_path);
319 0 : if (full_remote_path == NULL) {
320 0 : TALLOC_FREE(mem_ctx);
321 0 : return NT_STATUS_NO_MEMORY;
322 : }
323 :
324 : /* Get the file */
325 0 : status = gp_get_file(tree, full_remote_path, full_local_path);
326 0 : if (!NT_STATUS_IS_OK(status)) {
327 0 : DEBUG(0, ("Error getting file.\n"));
328 0 : talloc_free(mem_ctx);
329 0 : return status;
330 : }
331 : }
332 :
333 0 : return NT_STATUS_OK;
334 : }
335 :
336 0 : NTSTATUS gp_fetch_gpt (struct gp_context *gp_ctx, struct gp_object *gpo,
337 : const char **ret_local_path)
338 : {
339 0 : TALLOC_CTX *mem_ctx;
340 0 : struct gp_list_state *state;
341 0 : NTSTATUS status;
342 0 : struct stat st;
343 0 : int rv;
344 0 : const char *local_path, *share_path;
345 :
346 : /* Create a forked memory context, as a base for everything here */
347 0 : mem_ctx = talloc_new(gp_ctx);
348 0 : NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
349 :
350 0 : if (gp_ctx->cli == NULL) {
351 0 : status = gp_cli_connect(gp_ctx);
352 0 : if (!NT_STATUS_IS_OK(status)) {
353 0 : DEBUG(0, ("Failed to create cli connection to DC\n"));
354 0 : talloc_free(mem_ctx);
355 0 : return status;
356 : }
357 : }
358 :
359 : /* Get the remote path to copy from */
360 0 : share_path = gp_get_share_path(mem_ctx, gpo->file_sys_path);
361 0 : if (share_path == NULL) {
362 0 : TALLOC_FREE(mem_ctx);
363 0 : return NT_STATUS_NO_MEMORY;
364 : }
365 :
366 : /* Get the local path to copy to */
367 0 : local_path = talloc_asprintf(gp_ctx, "%s/%s", gp_tmpdir(mem_ctx), gpo->name);
368 0 : if (local_path == NULL) {
369 0 : TALLOC_FREE(mem_ctx);
370 0 : return NT_STATUS_NO_MEMORY;
371 : }
372 :
373 : /* Prepare the state structure */
374 0 : state = talloc_zero(mem_ctx, struct gp_list_state);
375 0 : if (state == NULL) {
376 0 : TALLOC_FREE(mem_ctx);
377 0 : return NT_STATUS_NO_MEMORY;
378 : }
379 :
380 0 : state->tree = gp_ctx->cli->tree;
381 0 : state->share_path = share_path;
382 :
383 : /* Create the GPO dir if it does not exist */
384 0 : if (stat(local_path, &st) != 0) {
385 0 : rv = mkdir(local_path, 0755);
386 0 : if (rv < 0) {
387 0 : DEBUG(0, ("Could not create local path\n"));
388 0 : talloc_free(mem_ctx);
389 0 : return NT_STATUS_UNSUCCESSFUL;
390 : }
391 : }
392 :
393 : /* Get the file list */
394 0 : status = gp_do_list("", state);
395 0 : if (!NT_STATUS_IS_OK(status)) {
396 0 : DEBUG(0, ("Could not list GPO files on remote server\n"));
397 0 : talloc_free(mem_ctx);
398 0 : return status;
399 : }
400 :
401 : /* If the list has no entries there is a problem. */
402 0 : if (state->list.num_files == 0) {
403 0 : DEBUG(0, ("File list is has no entries. Is the GPT directory empty?\n"));
404 0 : talloc_free(mem_ctx);
405 0 : return NT_STATUS_UNSUCCESSFUL;
406 : }
407 :
408 : /* Fetch the files */
409 0 : status = gp_get_files(gp_ctx->cli->tree, share_path, local_path, &state->list);
410 :
411 : /* Return the local path to the gpo */
412 0 : *ret_local_path = local_path;
413 :
414 0 : talloc_free(mem_ctx);
415 0 : return NT_STATUS_OK;
416 : }
417 :
418 0 : static NTSTATUS push_recursive (struct gp_context *gp_ctx, const char *local_path,
419 : const char *remote_path, int depth)
420 : {
421 0 : DIR *dir;
422 0 : struct dirent *dirent;
423 0 : char *entry_local_path = NULL;
424 0 : char *entry_remote_path = NULL;
425 0 : int local_fd = -1, remote_fd = -1;
426 0 : char buf[4096];
427 0 : ssize_t nread, total_read;
428 0 : ssize_t nwrite, total_write;
429 0 : struct stat s;
430 0 : NTSTATUS status;
431 :
432 0 : dir = opendir(local_path);
433 0 : if (!dir) {
434 0 : DEBUG(0, ("Failed to open directory: %s\n", local_path));
435 0 : return NT_STATUS_UNSUCCESSFUL;
436 : }
437 :
438 0 : while ((dirent = readdir(dir)) != NULL) {
439 0 : if (ISDOT(dirent->d_name) || ISDOTDOT(dirent->d_name)) {
440 0 : continue;
441 : }
442 :
443 0 : entry_local_path = talloc_asprintf(gp_ctx, "%s/%s", local_path,
444 0 : dirent->d_name);
445 0 : if (entry_local_path == NULL) {
446 0 : status = NT_STATUS_NO_MEMORY;
447 0 : goto done;
448 : }
449 :
450 0 : entry_remote_path = talloc_asprintf(gp_ctx, "%s\\%s",
451 0 : remote_path, dirent->d_name);
452 0 : if (entry_remote_path == NULL) {
453 0 : status = NT_STATUS_NO_MEMORY;
454 0 : goto done;
455 : }
456 :
457 0 : if (stat(entry_local_path, &s) != 0) {
458 0 : status = NT_STATUS_UNSUCCESSFUL;
459 0 : goto done;
460 : }
461 0 : if (s.st_mode & S_IFDIR) {
462 0 : DEBUG(6, ("Pushing directory %s to %s on sysvol\n",
463 : entry_local_path, entry_remote_path));
464 0 : status = smbcli_mkdir(gp_ctx->cli->tree,
465 : entry_remote_path);
466 0 : if (!NT_STATUS_IS_OK(status)) {
467 0 : goto done;
468 : }
469 0 : if (depth < GP_MAX_DEPTH) {
470 0 : status = push_recursive(gp_ctx,
471 : entry_local_path,
472 : entry_remote_path,
473 : depth + 1);
474 0 : if (!NT_STATUS_IS_OK(status)) {
475 0 : goto done;
476 : }
477 : }
478 : } else {
479 0 : DEBUG(6, ("Pushing file %s to %s on sysvol\n",
480 : entry_local_path, entry_remote_path));
481 0 : remote_fd = smbcli_open(gp_ctx->cli->tree,
482 : entry_remote_path,
483 : O_WRONLY | O_CREAT,
484 : 0);
485 0 : if (remote_fd < 0) {
486 0 : DEBUG(0, ("Failed to create remote file: %s\n",
487 : entry_remote_path));
488 0 : status = NT_STATUS_UNSUCCESSFUL;
489 0 : goto done;
490 : }
491 0 : local_fd = open(entry_local_path, O_RDONLY);
492 0 : if (local_fd < 0) {
493 0 : DEBUG(0, ("Failed to open local file: %s\n",
494 : entry_local_path));
495 0 : status = NT_STATUS_UNSUCCESSFUL;
496 0 : goto done;
497 : }
498 0 : total_read = 0;
499 0 : total_write = 0;
500 0 : while ((nread = read(local_fd, buf, sizeof(buf)))) {
501 0 : if (nread == -1) {
502 0 : DBG_ERR("read failed with errno %s\n",
503 : strerror(errno));
504 0 : status = NT_STATUS_UNSUCCESSFUL;
505 0 : goto done;
506 : }
507 0 : nwrite = smbcli_write(gp_ctx->cli->tree,
508 : remote_fd, 0, buf,
509 : total_read, nread);
510 0 : if (nwrite < 0) {
511 0 : status = NT_STATUS_UNSUCCESSFUL;
512 0 : goto done;
513 : }
514 0 : total_read += nread;
515 0 : total_write += nwrite;
516 : }
517 0 : if (total_read != total_write) {
518 : /* Weird and should not happen */
519 0 : status = NT_STATUS_UNEXPECTED_IO_ERROR;
520 0 : goto done;
521 : }
522 :
523 0 : close(local_fd);
524 0 : local_fd = -1;
525 0 : smbcli_close(gp_ctx->cli->tree, remote_fd);
526 0 : remote_fd = -1;
527 : }
528 0 : TALLOC_FREE(entry_local_path);
529 0 : TALLOC_FREE(entry_remote_path);
530 : }
531 :
532 0 : status = NT_STATUS_OK;
533 0 : done:
534 0 : if (local_fd != -1) {
535 0 : close(local_fd);
536 : }
537 0 : if (remote_fd != -1) {
538 0 : smbcli_close(gp_ctx->cli->tree, remote_fd);
539 : }
540 0 : talloc_free(entry_local_path);
541 0 : talloc_free(entry_remote_path);
542 :
543 0 : closedir(dir);
544 :
545 0 : return status;
546 : }
547 :
548 :
549 :
550 0 : NTSTATUS gp_push_gpt(struct gp_context *gp_ctx, const char *local_path,
551 : const char *file_sys_path)
552 : {
553 0 : NTSTATUS status;
554 0 : char *share_path;
555 :
556 0 : if (gp_ctx->cli == NULL) {
557 0 : status = gp_cli_connect(gp_ctx);
558 0 : if (!NT_STATUS_IS_OK(status)) {
559 0 : DEBUG(0, ("Failed to create cli connection to DC\n"));
560 0 : return status;
561 : }
562 : }
563 0 : share_path = gp_get_share_path(gp_ctx, file_sys_path);
564 :
565 0 : DEBUG(5, ("Copying %s to %s on sysvol\n", local_path, share_path));
566 :
567 0 : smbcli_mkdir(gp_ctx->cli->tree, share_path);
568 :
569 0 : status = push_recursive(gp_ctx, local_path, share_path, 0);
570 :
571 0 : talloc_free(share_path);
572 0 : return status;
573 : }
574 :
575 0 : NTSTATUS gp_create_gpt(struct gp_context *gp_ctx, const char *name,
576 : const char *file_sys_path)
577 : {
578 0 : TALLOC_CTX *mem_ctx;
579 0 : const char *tmp_dir, *policy_dir, *tmp_str;
580 0 : int rv;
581 0 : int fd;
582 0 : NTSTATUS status;
583 0 : const char *file_content = "[General]\r\nVersion=0\r\n";
584 :
585 : /* Create a forked memory context, as a base for everything here */
586 0 : mem_ctx = talloc_new(gp_ctx);
587 0 : NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
588 :
589 0 : tmp_dir = gp_tmpdir(mem_ctx);
590 0 : NT_STATUS_HAVE_NO_MEMORY(tmp_dir);
591 0 : policy_dir = talloc_asprintf(mem_ctx, "%s/%s", tmp_dir, name);
592 0 : NT_STATUS_HAVE_NO_MEMORY(policy_dir);
593 :
594 : /* Create the directories */
595 :
596 0 : rv = mkdir(policy_dir, 0755);
597 0 : if (rv < 0) {
598 0 : DEBUG(0, ("Could not create the policy dir: %s\n", policy_dir));
599 0 : talloc_free(mem_ctx);
600 0 : return NT_STATUS_UNSUCCESSFUL;
601 : }
602 :
603 0 : tmp_str = talloc_asprintf(mem_ctx, "%s/User", policy_dir);
604 0 : NT_STATUS_HAVE_NO_MEMORY(tmp_str);
605 0 : rv = mkdir(tmp_str, 0755);
606 0 : if (rv < 0) {
607 0 : DEBUG(0, ("Could not create the User dir: %s\n", tmp_str));
608 0 : talloc_free(mem_ctx);
609 0 : return NT_STATUS_UNSUCCESSFUL;
610 : }
611 :
612 0 : tmp_str = talloc_asprintf(mem_ctx, "%s/Machine", policy_dir);
613 0 : NT_STATUS_HAVE_NO_MEMORY(tmp_str);
614 0 : rv = mkdir(tmp_str, 0755);
615 0 : if (rv < 0) {
616 0 : DEBUG(0, ("Could not create the Machine dir: %s\n", tmp_str));
617 0 : talloc_free(mem_ctx);
618 0 : return NT_STATUS_UNSUCCESSFUL;
619 : }
620 :
621 : /* Create a GPT.INI with version 0 */
622 :
623 0 : tmp_str = talloc_asprintf(mem_ctx, "%s/GPT.INI", policy_dir);
624 0 : NT_STATUS_HAVE_NO_MEMORY(tmp_str);
625 0 : fd = open(tmp_str, O_CREAT | O_WRONLY, 0644);
626 0 : if (fd < 0) {
627 0 : DEBUG(0, ("Could not create the GPT.INI: %s\n", tmp_str));
628 0 : talloc_free(mem_ctx);
629 0 : return NT_STATUS_UNSUCCESSFUL;
630 : }
631 :
632 0 : rv = write(fd, file_content, strlen(file_content));
633 0 : close(fd);
634 0 : if (rv != strlen(file_content)) {
635 0 : DEBUG(0, ("Short write in GPT.INI\n"));
636 0 : talloc_free(mem_ctx);
637 0 : return NT_STATUS_UNSUCCESSFUL;
638 : }
639 :
640 : /* Upload the GPT to the sysvol share on a DC */
641 0 : status = gp_push_gpt(gp_ctx, policy_dir, file_sys_path);
642 0 : if (!NT_STATUS_IS_OK(status)) {
643 0 : talloc_free(mem_ctx);
644 0 : return status;
645 : }
646 :
647 0 : talloc_free(mem_ctx);
648 0 : return NT_STATUS_OK;
649 : }
650 :
651 0 : NTSTATUS gp_set_gpt_security_descriptor(struct gp_context *gp_ctx,
652 : struct gp_object *gpo,
653 : struct security_descriptor *sd)
654 : {
655 0 : TALLOC_CTX *mem_ctx;
656 0 : NTSTATUS status;
657 0 : union smb_setfileinfo fileinfo;
658 0 : union smb_open io;
659 0 : union smb_close io_close;
660 :
661 : /* Create a connection to sysvol if it is not already there */
662 0 : if (gp_ctx->cli == NULL) {
663 0 : status = gp_cli_connect(gp_ctx);
664 0 : if (!NT_STATUS_IS_OK(status)) {
665 0 : DEBUG(0, ("Failed to create cli connection to DC\n"));
666 0 : return status;
667 : }
668 : }
669 :
670 : /* Create a forked memory context which can be freed easily */
671 0 : mem_ctx = talloc_new(gp_ctx);
672 0 : NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
673 :
674 : /* Open the directory with NTCreate AndX call */
675 0 : io.generic.level = RAW_OPEN_NTCREATEX;
676 0 : io.ntcreatex.in.root_fid.fnum = 0;
677 0 : io.ntcreatex.in.flags = 0;
678 0 : io.ntcreatex.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
679 0 : io.ntcreatex.in.create_options = 0;
680 0 : io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
681 0 : io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
682 : NTCREATEX_SHARE_ACCESS_WRITE;
683 0 : io.ntcreatex.in.alloc_size = 0;
684 0 : io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
685 0 : io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
686 0 : io.ntcreatex.in.security_flags = 0;
687 0 : io.ntcreatex.in.fname = gp_get_share_path(mem_ctx, gpo->file_sys_path);
688 0 : status = smb_raw_open(gp_ctx->cli->tree, mem_ctx, &io);
689 0 : if (!NT_STATUS_IS_OK(status)) {
690 0 : DEBUG(0, ("Can't open GPT directory\n"));
691 0 : talloc_free(mem_ctx);
692 0 : return status;
693 : }
694 :
695 : /* Set the security descriptor on the directory */
696 0 : fileinfo.generic.level = RAW_SFILEINFO_SEC_DESC;
697 0 : fileinfo.set_secdesc.in.file.fnum = io.ntcreatex.out.file.fnum;
698 0 : fileinfo.set_secdesc.in.secinfo_flags = SECINFO_PROTECTED_DACL |
699 : SECINFO_OWNER |
700 : SECINFO_GROUP |
701 : SECINFO_DACL;
702 0 : fileinfo.set_secdesc.in.sd = sd;
703 0 : status = smb_raw_setfileinfo(gp_ctx->cli->tree, &fileinfo);
704 0 : if (!NT_STATUS_IS_OK(status)) {
705 0 : DEBUG(0, ("Failed to set security descriptor on the GPT\n"));
706 0 : talloc_free(mem_ctx);
707 0 : return status;
708 : }
709 :
710 : /* Close the directory */
711 0 : io_close.close.level = RAW_CLOSE_CLOSE;
712 0 : io_close.close.in.file.fnum = io.ntcreatex.out.file.fnum;
713 0 : io_close.close.in.write_time = 0;
714 0 : status = smb_raw_close(gp_ctx->cli->tree, &io_close);
715 0 : if (!NT_STATUS_IS_OK(status)) {
716 0 : DEBUG(0, ("Failed to close directory\n"));
717 0 : talloc_free(mem_ctx);
718 0 : return status;
719 : }
720 :
721 0 : talloc_free(mem_ctx);
722 0 : return NT_STATUS_OK;
723 : }
|
