The branch, master has been updated
via c40e354fe1f libgpo: Remove unused code
via b2e418369b4 s3-net: disable net_ads_gpo_apply() and
net_ads_gpo_refresh()
from da766db4e8a libsmb: Apply some const to
parse_finfo_id_both_directory_info()
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit c40e354fe1fde2adcb16f5df7539d8ba41bb902b
Author: Stefan Metzmacher <me...@samba.org>
Date: Mon Nov 11 15:56:32 2019 +0100
libgpo: Remove unused code
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
Autobuild-User(master): Andreas Schneider <a...@cryptomilk.org>
Autobuild-Date(master): Tue May 26 11:22:07 UTC 2020 on sn-devel-184
commit b2e418369b41dd1238d66a759545b0d8bc88bf74
Author: David Mulder <dmul...@suse.com>
Date: Fri Oct 12 04:10:43 2018 -0600
s3-net: disable net_ads_gpo_apply() and net_ads_gpo_refresh()
These are now handled in samba-gpupdate, and the
net ads gpo refresh has not worked for some time.
Signed-off-by: David Mulder <dmul...@suse.com>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
libgpo/gpo.h | 14 ---
libgpo/gpo_fetch.c | 104 -------------------
libgpo/gpo_util.c | 121 ----------------------
source3/utils/net_ads_gpo.c | 245 --------------------------------------------
4 files changed, 484 deletions(-)
Changeset truncated at 500 lines:
diff --git a/libgpo/gpo.h b/libgpo/gpo.h
index 0bae44aeca9..740a5588f2c 100644
--- a/libgpo/gpo.h
+++ b/libgpo/gpo.h
@@ -166,10 +166,6 @@ NTSTATUS gpo_explode_filesyspath(TALLOC_CTX *mem_ctx,
char **service,
char **nt_path,
char **unix_path);
-NTSTATUS gpo_fetch_files(TALLOC_CTX *mem_ctx,
- ADS_STRUCT *ads,
- const char *cache_dir,
- const struct GROUP_POLICY_OBJECT *gpo);
NTSTATUS gpo_get_sysvol_gpt_version(TALLOC_CTX *mem_ctx,
const char *unix_path,
uint32_t *sysvol_version,
@@ -232,16 +228,6 @@ NTSTATUS gpo_process_gpo_list(TALLOC_CTX *mem_ctx,
const struct GROUP_POLICY_OBJECT
*changed_gpo_list,
const char *extensions_guid_filter,
uint32_t flags);
-NTSTATUS check_refresh_gpo(ADS_STRUCT *ads,
- TALLOC_CTX *mem_ctx,
- const char *cache_dir,
- uint32_t flags,
- const struct GROUP_POLICY_OBJECT *gpo);
-NTSTATUS check_refresh_gpo_list(ADS_STRUCT *ads,
- TALLOC_CTX *mem_ctx,
- const char *cache_dir,
- uint32_t flags,
- const struct GROUP_POLICY_OBJECT *gpo_list);
NTSTATUS gpo_get_unix_path(TALLOC_CTX *mem_ctx,
const char *cache_dir,
const struct GROUP_POLICY_OBJECT *gpo,
diff --git a/libgpo/gpo_fetch.c b/libgpo/gpo_fetch.c
index 3740d4e4b57..31d510db2a2 100644
--- a/libgpo/gpo_fetch.c
+++ b/libgpo/gpo_fetch.c
@@ -82,110 +82,6 @@ NTSTATUS gpo_explode_filesyspath(TALLOC_CTX *mem_ctx,
return NT_STATUS_OK;
}
-/****************************************************************
- prepare the local disc storage for "unix_path"
-****************************************************************/
-
-static NTSTATUS gpo_prepare_local_store(TALLOC_CTX *mem_ctx,
- const char *cache_dir,
- const char *unix_path)
-{
- char *current_dir;
- char *tok;
-
- current_dir = talloc_strdup(mem_ctx, cache_dir);
- NT_STATUS_HAVE_NO_MEMORY(current_dir);
-
- if ((mkdir(cache_dir, 0644)) < 0 && errno != EEXIST) {
- return NT_STATUS_ACCESS_DENIED;
- }
-
- while (next_token_talloc(mem_ctx, &unix_path, &tok, "/")) {
- if (strequal(tok, GPO_CACHE_DIR)) {
- break;
- }
- }
-
- while (next_token_talloc(mem_ctx, &unix_path, &tok, "/")) {
- current_dir = talloc_asprintf_append_buffer(current_dir, "/%s",
tok);
- NT_STATUS_HAVE_NO_MEMORY(current_dir);
-
- if ((mkdir(current_dir, 0644)) < 0 && errno != EEXIST) {
- return NT_STATUS_ACCESS_DENIED;
- }
- }
-
- return NT_STATUS_OK;
-}
-
-static NTSTATUS gpo_connect_server(ADS_STRUCT *ads,
- const char *server, const char *service,
void *ret_cli)
-{
- NTSTATUS result;
- struct cli_state *cli;
-
- result = cli_full_connection(&cli,
- lp_netbios_name(),
- server,
- NULL, 0,
- service, "A:",
- ads->auth.user_name, NULL,
- ads->auth.password,
- CLI_FULL_CONNECTION_USE_KERBEROS |
- CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS,
- SMB_SIGNING_REQUIRED);
- if (!NT_STATUS_IS_OK(result)) {
- DEBUG(10,("check_refresh_gpo: "
- "failed to connect: %s\n",
- nt_errstr(result)));
- return result;
- }
- *(struct cli_state **) ret_cli = cli;
- return NT_STATUS_OK;
-}
-
-/****************************************************************
- download a full GPO via CIFS
-****************************************************************/
-
-NTSTATUS gpo_fetch_files(TALLOC_CTX *mem_ctx,
- ADS_STRUCT *ads,
- const char *cache_dir,
- const struct GROUP_POLICY_OBJECT *gpo)
-{
- NTSTATUS result;
- char *server, *service, *nt_path, *unix_path;
- char *nt_ini_path, *unix_ini_path;
- struct cli_state *cli = NULL;
-
-
- result = gpo_explode_filesyspath(mem_ctx, cache_dir, gpo->file_sys_path,
- &server, &service, &nt_path,
- &unix_path);
- NT_STATUS_NOT_OK_RETURN(result);
-
- /* for now reuse the existing ds connection */
-
- result = gpo_connect_server(ads, server, service, &cli);
- NT_STATUS_NOT_OK_RETURN(result);
-
- result = gpo_prepare_local_store(mem_ctx, cache_dir, unix_path);
- NT_STATUS_NOT_OK_RETURN(result);
-
- unix_ini_path = talloc_asprintf(mem_ctx, "%s/%s", unix_path, GPT_INI);
- nt_ini_path = talloc_asprintf(mem_ctx, "%s\\%s", nt_path, GPT_INI);
- NT_STATUS_HAVE_NO_MEMORY(unix_ini_path);
- NT_STATUS_HAVE_NO_MEMORY(nt_ini_path);
-
- result = gpo_copy_file(mem_ctx, cli, nt_ini_path, unix_ini_path);
- NT_STATUS_NOT_OK_RETURN(result);
-
- result = gpo_sync_directories(mem_ctx, cli, nt_path, unix_path);
- NT_STATUS_NOT_OK_RETURN(result);
-
- return NT_STATUS_OK;
-}
-
/****************************************************************
get the locally stored gpt.ini version number
****************************************************************/
diff --git a/libgpo/gpo_util.c b/libgpo/gpo_util.c
index 6ad5c3b7f2f..c6d35841335 100644
--- a/libgpo/gpo_util.c
+++ b/libgpo/gpo_util.c
@@ -467,127 +467,6 @@ NTSTATUS gpo_process_gpo_list(TALLOC_CTX *mem_ctx,
return status;
}
-
-/****************************************************************
- check whether the version number in a GROUP_POLICY_OBJECT match those of the
- locally stored version. If not, fetch the required policy via CIFS
-****************************************************************/
-
-NTSTATUS check_refresh_gpo(ADS_STRUCT *ads,
- TALLOC_CTX *mem_ctx,
- const char *cache_dir,
- uint32_t flags,
- const struct GROUP_POLICY_OBJECT *gpo)
-{
- NTSTATUS result;
- char *server = NULL;
- char *share = NULL;
- char *nt_path = NULL;
- char *unix_path = NULL;
- uint32_t sysvol_gpt_version = 0;
- char *display_name = NULL;
-
- result = gpo_explode_filesyspath(mem_ctx, cache_dir, gpo->file_sys_path,
- &server, &share, &nt_path, &unix_path);
-
- if (!NT_STATUS_IS_OK(result)) {
- goto out;
- }
-
- result = gpo_get_sysvol_gpt_version(mem_ctx,
- unix_path,
- &sysvol_gpt_version,
- &display_name);
- if (!NT_STATUS_IS_OK(result) &&
- !NT_STATUS_EQUAL(result, NT_STATUS_NO_SUCH_FILE)) {
- DEBUG(10,("check_refresh_gpo: "
- "failed to get local gpt version: %s\n",
- nt_errstr(result)));
- goto out;
- }
-
- DEBUG(10,("check_refresh_gpo: versions gpo %d sysvol %d\n",
- gpo->version, sysvol_gpt_version));
-
- /* FIXME: handle GPO_INFO_FLAG_FORCED_REFRESH from flags */
-
- while (gpo->version > sysvol_gpt_version) {
-
- DEBUG(1,("check_refresh_gpo: need to refresh GPO\n"));
-
- result = gpo_fetch_files(mem_ctx, ads, cache_dir, gpo);
- if (!NT_STATUS_IS_OK(result)) {
- goto out;
- }
-
- result = gpo_get_sysvol_gpt_version(mem_ctx,
- unix_path,
- &sysvol_gpt_version,
- &display_name);
- if (!NT_STATUS_IS_OK(result)) {
- DEBUG(10,("check_refresh_gpo: "
- "failed to get local gpt version: %s\n",
- nt_errstr(result)));
- goto out;
- }
-
- if (gpo->version == sysvol_gpt_version) {
- break;
- }
- }
-
- DEBUG(10,("Name:\t\t\t%s (%s)\n", gpo->display_name, gpo->name));
- DEBUGADD(10,("sysvol GPT version:\t%d (user: %d, machine: %d)\n",
- sysvol_gpt_version,
- GPO_VERSION_USER(sysvol_gpt_version),
- GPO_VERSION_MACHINE(sysvol_gpt_version)));
- DEBUGADD(10,("LDAP GPO version:\t%d (user: %d, machine: %d)\n",
- gpo->version,
- GPO_VERSION_USER(gpo->version),
- GPO_VERSION_MACHINE(gpo->version)));
- DEBUGADD(10,("LDAP GPO link:\t\t%s\n", gpo->link));
-
- result = NT_STATUS_OK;
-
- out:
- return result;
-
-}
-
-/****************************************************************
- check whether the version numbers in the gpo_list match the locally stored, if
- not, go and get each required GPO via CIFS
- ****************************************************************/
-
-NTSTATUS check_refresh_gpo_list(ADS_STRUCT *ads,
- TALLOC_CTX *mem_ctx,
- const char *cache_dir,
- uint32_t flags,
- const struct GROUP_POLICY_OBJECT *gpo_list)
-{
- NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
- const struct GROUP_POLICY_OBJECT *gpo;
-
- if (!gpo_list) {
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- for (gpo = gpo_list; gpo; gpo = gpo->next) {
-
- result = check_refresh_gpo(ads, mem_ctx, cache_dir, flags, gpo);
- if (!NT_STATUS_IS_OK(result)) {
- goto out;
- }
- }
-
- result = NT_STATUS_OK;
-
- out:
- /* FIXME close cli connection */
-
- return result;
-}
-
/****************************************************************
****************************************************************/
diff --git a/source3/utils/net_ads_gpo.c b/source3/utils/net_ads_gpo.c
index 4a2d19a4ba5..1c6508bc653 100644
--- a/source3/utils/net_ads_gpo.c
+++ b/source3/utils/net_ads_gpo.c
@@ -26,147 +26,6 @@
#ifdef HAVE_ADS
-static int net_ads_gpo_refresh(struct net_context *c, int argc, const char
**argv)
-{
- TALLOC_CTX *mem_ctx;
- ADS_STRUCT *ads;
- ADS_STATUS status;
- const char *dn = NULL;
- struct GROUP_POLICY_OBJECT *gpo_list = NULL;
- struct GROUP_POLICY_OBJECT *read_list = NULL;
- uint32_t uac = 0;
- uint32_t flags = 0;
- struct GROUP_POLICY_OBJECT *gpo;
- NTSTATUS result;
- struct security_token *token = NULL;
- char *gpo_cache_path;
-
- if (argc < 1 || c->display_usage) {
- d_printf("%s\n%s\n%s",
- _("Usage:"),
- _("net ads gpo refresh <username|machinename>"),
- _(" Lists all GPOs assigned to an account and "
- "downloads them\n"
- " username\tUser to refresh GPOs for\n"
- " machinename\tMachine to refresh GPOs for\n"));
- return -1;
- }
-
- mem_ctx = talloc_init("net_ads_gpo_refresh");
- if (mem_ctx == NULL) {
- return -1;
- }
-
- status = ads_startup(c, false, &ads);
- if (!ADS_ERR_OK(status)) {
- d_printf(_("failed to connect AD server: %s\n"),
ads_errstr(status));
- goto out;
- }
-
- status = ads_find_samaccount(ads, mem_ctx, argv[0], &uac, &dn);
- if (!ADS_ERR_OK(status)) {
- d_printf(_("failed to find samaccount for %s\n"), argv[0]);
- goto out;
- }
-
- if (uac & UF_WORKSTATION_TRUST_ACCOUNT) {
- flags |= GPO_LIST_FLAG_MACHINE;
- }
-
- d_printf(_("\n%s: '%s' has dn: '%s'\n\n"),
- (uac & UF_WORKSTATION_TRUST_ACCOUNT) ? _("machine") : _("user"),
- argv[0], dn);
-
- d_printf(_("* fetching token "));
- if (uac & UF_WORKSTATION_TRUST_ACCOUNT) {
- status = gp_get_machine_token(ads, mem_ctx, dn, &token);
- } else {
- status = ads_get_sid_token(ads, mem_ctx, dn, &token);
- }
-
- if (!ADS_ERR_OK(status)) {
- d_printf(_("failed: %s\n"), ads_errstr(status));
- goto out;
- }
- d_printf(_("finished\n"));
-
- d_printf(_("* fetching GPO List "));
- status = ads_get_gpo_list(ads, mem_ctx, dn, flags, token, &gpo_list);
- if (!ADS_ERR_OK(status)) {
- d_printf(_("failed: %s\n"),
- ads_errstr(status));
- goto out;
- }
- d_printf(_("finished\n"));
-
- d_printf(_("* Refreshing Group Policy Data "));
- gpo_cache_path = cache_path(talloc_tos(), GPO_CACHE_DIR);
- if (gpo_cache_path == NULL) {
- d_printf(_("failed: %s\n"), nt_errstr(NT_STATUS_NO_MEMORY));
- goto out;
- }
- result = check_refresh_gpo_list(ads, mem_ctx,
- gpo_cache_path,
- flags,
- gpo_list);
- TALLOC_FREE(gpo_cache_path);
- if (!NT_STATUS_IS_OK(result)) {
- d_printf(_("failed: %s\n"), nt_errstr(result));
- goto out;
- }
- d_printf(_("finished\n"));
-
- d_printf(_("* storing GPO list to registry "));
-
- {
- WERROR werr = gp_reg_state_store(mem_ctx, flags, dn,
- token, gpo_list);
- if (!W_ERROR_IS_OK(werr)) {
- d_printf(_("failed: %s\n"), win_errstr(werr));
- goto out;
- }
- }
-
- d_printf(_("finished\n"));
-
- if (c->opt_verbose) {
-
- d_printf(_("* dumping GPO list\n"));
-
- for (gpo = gpo_list; gpo; gpo = gpo->next) {
- dump_gpo(gpo, 0);
- }
- }
-
- d_printf(_("* re-reading GPO list from registry "));
-
- {
- WERROR werr = gp_reg_state_read(mem_ctx, flags,
- &token->sids[0],
- &read_list);
- if (!W_ERROR_IS_OK(werr)) {
- d_printf(_("failed: %s\n"), win_errstr(werr));
- goto out;
- }
- }
-
- d_printf(_("finished\n"));
-
- if (c->opt_verbose) {
-
- d_printf(_("* dumping GPO list from registry\n"));
-
- for (gpo = read_list; gpo; gpo = gpo->next) {
- dump_gpo(gpo, 0);
- }
- }
-
- out:
- ads_destroy(&ads);
- talloc_destroy(mem_ctx);
- return 0;
-}
-
static int net_ads_gpo_list_all(struct net_context *c, int argc, const char
**argv)
{
ADS_STRUCT *ads;
@@ -324,92 +183,6 @@ out:
return 0;
}
-static int net_ads_gpo_apply(struct net_context *c, int argc, const char
**argv)
-{
- TALLOC_CTX *mem_ctx;
- ADS_STRUCT *ads;
- ADS_STATUS status;
- const char *dn = NULL;
- struct GROUP_POLICY_OBJECT *gpo_list;
- uint32_t uac = 0;
- uint32_t flags = 0;
- struct security_token *token = NULL;
- const char *filter = NULL;
-
- if (argc < 1 || c->display_usage) {
- d_printf("Usage:\n"
- "net ads gpo apply <username|machinename>\n"
- " Apply GPOs for machine/user\n"
- " username\tUsername to apply GPOs for\n"
- " machinename\tMachine to apply GPOs for\n");
- return -1;
- }
-
- mem_ctx = talloc_init("net_ads_gpo_apply");
- if (mem_ctx == NULL) {
- goto out;
- }
-
- if (argc >= 2) {
- filter = cse_gpo_name_to_guid_string(argv[1]);
- }
-
- status = ads_startup(c, false, &ads);
- /* filter = cse_gpo_name_to_guid_string("Security"); */
-
- if (!ADS_ERR_OK(status)) {
- d_printf("got: %s\n", ads_errstr(status));
- goto out;
- }
-
- status = ads_find_samaccount(ads, mem_ctx, argv[0], &uac, &dn);
- if (!ADS_ERR_OK(status)) {
- d_printf("failed to find samaccount for %s: %s\n",
- argv[0], ads_errstr(status));
- goto out;
- }
-
- if (uac & UF_WORKSTATION_TRUST_ACCOUNT) {
- flags |= GPO_LIST_FLAG_MACHINE;
- }
-
- if (c->opt_verbose) {
- flags |= GPO_INFO_FLAG_VERBOSE;
- }
-
- d_printf("%s: '%s' has dn: '%s'\n",
- (uac & UF_WORKSTATION_TRUST_ACCOUNT) ? "machine" : "user",
- argv[0], dn);
-
- if (uac & UF_WORKSTATION_TRUST_ACCOUNT) {
- status = gp_get_machine_token(ads, mem_ctx, dn, &token);
- } else {
- status = ads_get_sid_token(ads, mem_ctx, dn, &token);
- }
-
- if (!ADS_ERR_OK(status)) {
- goto out;
--
Samba Shared Repository
