From a0e5f96ff56f2c5851135f15b868833b4e792c22 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 7 Dec 2016 08:31:51 +0100
Subject: [PATCH] libgpo: pass cli_credentials instead of ADS_STRUCT to
 check_refresh_gpo*()

---
 libgpo/gpo.h                | 16 +++++++++-------
 libgpo/gpo_fetch.c          | 21 +++------------------
 libgpo/gpo_util.c           | 14 +++++++-------
 source3/utils/net_ads_gpo.c | 21 ++++++++++++++++++++-
 4 files changed, 39 insertions(+), 33 deletions(-)

diff --git a/libgpo/gpo.h b/libgpo/gpo.h
index 0bae44aeca9a..dd2d121069ec 100644
--- a/libgpo/gpo.h
+++ b/libgpo/gpo.h
@@ -22,6 +22,8 @@
 
 #include "ads.h"
 
+struct cli_credentials;
+
 enum GPO_LINK_TYPE {
 	GP_LINK_UNKOWN	= 0,
 	GP_LINK_MACHINE	= 1,
@@ -167,7 +169,7 @@ NTSTATUS gpo_explode_filesyspath(TALLOC_CTX *mem_ctx,
 				 char **nt_path,
 				 char **unix_path);
 NTSTATUS gpo_fetch_files(TALLOC_CTX *mem_ctx,
-                         ADS_STRUCT *ads,
+			 struct cli_credentials *creds,
                          const char *cache_dir,
 			 const struct GROUP_POLICY_OBJECT *gpo);
 NTSTATUS gpo_get_sysvol_gpt_version(TALLOC_CTX *mem_ctx,
@@ -232,14 +234,14 @@ NTSTATUS gpo_process_gpo_list(TALLOC_CTX *mem_ctx,
 			      const struct GROUP_POLICY_OBJECT *changed_gpo_list,
 			      const char *extensions_guid_filter,
 			      uint32_t flags);
-NTSTATUS check_refresh_gpo(ADS_STRUCT *ads,
-			   TALLOC_CTX *mem_ctx,
-                           const char *cache_dir,
+NTSTATUS check_refresh_gpo(TALLOC_CTX *mem_ctx,
+			   struct cli_credentials *creds,
+			   const char *cache_dir,
 			   uint32_t flags,
 			   const struct GROUP_POLICY_OBJECT *gpo);
-NTSTATUS check_refresh_gpo_list(ADS_STRUCT *ads,
-				TALLOC_CTX *mem_ctx,
-                                const char *cache_dir,
+NTSTATUS check_refresh_gpo_list(TALLOC_CTX *mem_ctx,
+				struct cli_credentials *creds,
+				const char *cache_dir,
 				uint32_t flags,
 				const struct GROUP_POLICY_OBJECT *gpo_list);
 NTSTATUS gpo_get_unix_path(TALLOC_CTX *mem_ctx,
diff --git a/libgpo/gpo_fetch.c b/libgpo/gpo_fetch.c
index 7ea78830cdce..80b812820d39 100644
--- a/libgpo/gpo_fetch.c
+++ b/libgpo/gpo_fetch.c
@@ -118,26 +118,12 @@ static NTSTATUS gpo_prepare_local_store(TALLOC_CTX *mem_ctx,
 	return NT_STATUS_OK;
 }
 
-static NTSTATUS gpo_connect_server(ADS_STRUCT *ads,
+static NTSTATUS gpo_connect_server(struct cli_credentials *creds,
                                    const char *server, const char *service, void *ret_cli)
 {
 	NTSTATUS result;
-	struct cli_credentials *creds = NULL;
 	struct cli_state *cli = NULL;
 
-	creds = cli_session_creds_init(NULL,
-				       ads->auth._user_name,
-				       NULL, /* domain (use default) */
-				       NULL, /* realm (use default) */
-				       ads->auth._password,
-				       true, /* use_kerberos */
-				       true, /* fallback_after_kerberos */
-				       false, /* use_ccache */
-				       false); /* pw_nt_hash */
-	if (creds == NULL) {
-		return NT_STATUS_NO_MEMORY;
-	}
-
 	result = cli_full_connection_creds(&cli,
 			lp_netbios_name(),
 			server,
@@ -145,7 +131,6 @@ static NTSTATUS gpo_connect_server(ADS_STRUCT *ads,
 			service, "A:",
 			creds, 0,
 			SMB_SIGNING_REQUIRED);
-	TALLOC_FREE(creds);
 	if (!NT_STATUS_IS_OK(result)) {
 		DEBUG(10,("check_refresh_gpo: "
 				"failed to connect: %s\n",
@@ -161,7 +146,7 @@ static NTSTATUS gpo_connect_server(ADS_STRUCT *ads,
 ****************************************************************/
 
 NTSTATUS gpo_fetch_files(TALLOC_CTX *mem_ctx,
-                         ADS_STRUCT *ads,
+			 struct cli_credentials *creds,
                          const char *cache_dir,
 			 const struct GROUP_POLICY_OBJECT *gpo)
 {
@@ -178,7 +163,7 @@ NTSTATUS gpo_fetch_files(TALLOC_CTX *mem_ctx,
 
 	/* for now reuse the existing ds connection */
 
-	result = gpo_connect_server(ads, server, service, &cli);
+	result = gpo_connect_server(creds, server, service, &cli);
 	NT_STATUS_NOT_OK_RETURN(result);
 
 	result = gpo_prepare_local_store(mem_ctx, cache_dir, unix_path);
diff --git a/libgpo/gpo_util.c b/libgpo/gpo_util.c
index 6ad5c3b7f2fa..0388775c8a82 100644
--- a/libgpo/gpo_util.c
+++ b/libgpo/gpo_util.c
@@ -473,9 +473,9 @@ NTSTATUS gpo_process_gpo_list(TALLOC_CTX *mem_ctx,
  locally stored version. If not, fetch the required policy via CIFS
 ****************************************************************/
 
-NTSTATUS check_refresh_gpo(ADS_STRUCT *ads,
-			   TALLOC_CTX *mem_ctx,
-                           const char *cache_dir,
+NTSTATUS check_refresh_gpo(TALLOC_CTX *mem_ctx,
+			   struct cli_credentials *creds,
+			   const char *cache_dir,
 			   uint32_t flags,
 			   const struct GROUP_POLICY_OBJECT *gpo)
 {
@@ -515,7 +515,7 @@ NTSTATUS check_refresh_gpo(ADS_STRUCT *ads,
 
 		DEBUG(1,("check_refresh_gpo: need to refresh GPO\n"));
 
-		result = gpo_fetch_files(mem_ctx, ads, cache_dir, gpo);
+		result = gpo_fetch_files(mem_ctx, creds, cache_dir, gpo);
 		if (!NT_STATUS_IS_OK(result)) {
 			goto out;
 		}
@@ -559,8 +559,8 @@ NTSTATUS check_refresh_gpo(ADS_STRUCT *ads,
  not, go and get each required GPO via CIFS
  ****************************************************************/
 
-NTSTATUS check_refresh_gpo_list(ADS_STRUCT *ads,
-				TALLOC_CTX *mem_ctx,
+NTSTATUS check_refresh_gpo_list(TALLOC_CTX *mem_ctx,
+				struct cli_credentials *creds,
 				const char *cache_dir,
 				uint32_t flags,
 				const struct GROUP_POLICY_OBJECT *gpo_list)
@@ -574,7 +574,7 @@ NTSTATUS check_refresh_gpo_list(ADS_STRUCT *ads,
 
 	for (gpo = gpo_list; gpo; gpo = gpo->next) {
 
-		result = check_refresh_gpo(ads, mem_ctx, cache_dir, flags, gpo);
+		result = check_refresh_gpo(mem_ctx, creds, cache_dir, flags, gpo);
 		if (!NT_STATUS_IS_OK(result)) {
 			goto out;
 		}
diff --git a/source3/utils/net_ads_gpo.c b/source3/utils/net_ads_gpo.c
index 791e836bfd98..c3f07ff75b6e 100644
--- a/source3/utils/net_ads_gpo.c
+++ b/source3/utils/net_ads_gpo.c
@@ -20,6 +20,7 @@
 #include "includes.h"
 #include "utils/net.h"
 #include "ads.h"
+#include "libsmb/libsmb.h"
 #include "../libgpo/gpo.h"
 #include "libgpo/gpo_proto.h"
 #include "../libds/common/flags.h"
@@ -40,6 +41,7 @@ static int net_ads_gpo_refresh(struct net_context *c, int argc, const char **arg
 	NTSTATUS result;
 	struct security_token *token = NULL;
 	char *gpo_cache_path;
+	struct cli_credentials *creds = NULL;
 
 	if (argc < 1 || c->display_usage) {
 		d_printf("%s\n%s\n%s",
@@ -105,11 +107,28 @@ static int net_ads_gpo_refresh(struct net_context *c, int argc, const char **arg
 		d_printf(_("failed: %s\n"), nt_errstr(NT_STATUS_NO_MEMORY));
 		goto out;
 	}
-	result = check_refresh_gpo_list(ads, mem_ctx,
+
+	creds = cli_session_creds_init(mem_ctx,
+				       ads->auth._user_name,
+				       NULL, /* domain (use default) */
+				       NULL, /* realm (use default) */
+				       ads->auth._password,
+				       true, /* use_kerberos */
+				       true, /* fallback_after_kerberos */
+				       false, /* use_ccache */
+				       false); /* pw_nt_hash */
+	if (creds == NULL) {
+		d_printf(_("cli_session_creds_init() failed: %s\n"),
+			 nt_errstr(NT_STATUS_NO_MEMORY));
+		goto out;
+	}
+
+	result = check_refresh_gpo_list(mem_ctx, creds,
 					gpo_cache_path,
 					flags,
 					gpo_list);
 	TALLOC_FREE(gpo_cache_path);
+	TALLOC_FREE(creds);
 	if (!NT_STATUS_IS_OK(result)) {
 		d_printf(_("failed: %s\n"), nt_errstr(result));
 		goto out;
-- 
2.34.1