uint32_t flags,
const struct security_token *token,
struct registry_key *root_key,
- struct GROUP_POLICY_OBJECT *gpo,
+ const struct GROUP_POLICY_OBJECT *deleted_gpo_list,
+ const struct GROUP_POLICY_OBJECT *changed_gpo_list,
const char *extension_guid,
const char *snapin_guid)
{
NTSTATUS status;
struct gp_extension *ext = NULL;
- struct GUID guid;
- bool cse_found = false;
+ const struct GROUP_POLICY_OBJECT *gpo;
status = gpext_init_gp_extensions(mem_ctx);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
- status = GUID_from_string(extension_guid, &guid);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
for (ext = extensions; ext; ext = ext->next) {
- if (GUID_equal(ext->guid, &guid)) {
- cse_found = true;
- break;
+ struct GROUP_POLICY_OBJECT *deleted_gpo_list_filtered = NULL;
+ struct GROUP_POLICY_OBJECT *changed_gpo_list_filtered = NULL;
+
+ for (gpo = deleted_gpo_list; gpo; gpo = gpo->next) {
+
+ bool is_present = false;
+
+ status = gpext_check_gpo_for_gpext_presence(mem_ctx,
+ flags,
+ gpo,
+ ext->guid,
+ &is_present);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ if (is_present) {
+ struct GROUP_POLICY_OBJECT *new_gpo;
+
+ status = gpo_copy(mem_ctx, gpo, &new_gpo);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ DLIST_ADD(deleted_gpo_list_filtered, new_gpo);
+ }
}
- }
- if (!cse_found) {
- goto no_ext;
- }
+ for (gpo = changed_gpo_list; gpo; gpo = gpo->next) {
- status = ext->methods->initialize(mem_ctx);
- NT_STATUS_NOT_OK_RETURN(status);
+ bool is_present = false;
- status = ext->methods->process_group_policy(mem_ctx,
- flags,
- root_key,
- token,
- gpo,
- extension_guid,
- snapin_guid);
- if (!NT_STATUS_IS_OK(status)) {
- ext->methods->shutdown();
- }
+ status = gpext_check_gpo_for_gpext_presence(mem_ctx,
+ flags,
+ gpo,
+ ext->guid,
+ &is_present);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
- return status;
+ if (is_present) {
+ struct GROUP_POLICY_OBJECT *new_gpo;
- no_ext:
- if (flags & GPO_INFO_FLAG_VERBOSE) {
- DEBUG(0,("process_extension: no extension available for:\n"));
- DEBUGADD(0,("%s (%s) (snapin: %s)\n",
- extension_guid,
- cse_gpo_guid_string_to_name(extension_guid),
- snapin_guid));
+ status = gpo_copy(mem_ctx, gpo, &new_gpo);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ DLIST_ADD(changed_gpo_list_filtered, new_gpo);
+ }
+ }
+
+ status = ext->methods->initialize(mem_ctx);
+ NT_STATUS_NOT_OK_RETURN(status);
+
+ status = ext->methods->process_group_policy(mem_ctx,
+ flags,
+ root_key,
+ token,
+ deleted_gpo_list_filtered,
+ changed_gpo_list_filtered,
+ extension_guid,
+ snapin_guid);
+ if (!NT_STATUS_IS_OK(status)) {
+ ext->methods->shutdown();
+ }
}
- return NT_STATUS_OK;
+ return status;
}
uint32_t flags,
struct registry_key *root_key,
const struct security_token *token,
- struct GROUP_POLICY_OBJECT *gpo,
+ struct GROUP_POLICY_OBJECT *deleted_gpo_list,
+ struct GROUP_POLICY_OBJECT *changed_gpo_list,
const char *extension_guid,
const char *snapin_guid);
uint32_t flags,
const struct security_token *token,
struct registry_key *root_key,
- struct GROUP_POLICY_OBJECT *gpo,
+ const struct GROUP_POLICY_OBJECT *deleted_gpo_list,
+ const struct GROUP_POLICY_OBJECT *changed_gpo_list,
const char *extension_guid,
const char *snapin_guid);
}
ntstatus = gpext_process_extension(mem_ctx,
- flags, token, root_key, gpo,
+ flags, token, root_key,
+ NULL, gpo,
gp_ext->extensions_guid[i],
gp_ext->snapins_guid[i]);
if (!NT_STATUS_IS_OK(ntstatus)) {
uint32_t flags,
struct registry_key *root_key,
const struct security_token *token,
- struct GROUP_POLICY_OBJECT *gpo,
+ struct GROUP_POLICY_OBJECT *deleted_gpo_list,
+ struct GROUP_POLICY_OBJECT *changed_gpo_list,
const char *extension_guid,
const char *snapin_guid)
{
struct gp_registry_entry *entries = NULL;
size_t num_entries = 0;
char *unix_path = NULL;
+ struct GROUP_POLICY_OBJECT *gpo;
- gpext_debug_header(0, "registry_process_group_policy", flags, gpo,
- extension_guid, snapin_guid);
+ /* implementation of the policy callback function, see
+ * http://msdn.microsoft.com/en-us/library/aa373494%28v=vs.85%29.aspx
+ * for details - gd */
- status = gpo_get_unix_path(mem_ctx, cache_path(GPO_CACHE_DIR), gpo, &unix_path);
- NT_STATUS_NOT_OK_RETURN(status);
+ /* for now do not process the list of deleted group policies
- status = reg_parse_registry(mem_ctx,
- flags,
- unix_path,
- &entries,
- &num_entries);
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0,("failed to parse registry: %s\n",
- nt_errstr(status)));
- return status;
+ for (gpo = deleted_gpo_list; gpo; gpo = gpo->next) {
}
- dump_reg_entries(flags, "READ", entries, num_entries);
+ */
+
+ for (gpo = changed_gpo_list; gpo; gpo = gpo->next) {
- werr = reg_apply_registry(mem_ctx, token, root_key, flags,
- entries, num_entries);
- if (!W_ERROR_IS_OK(werr)) {
- DEBUG(0,("failed to apply registry: %s\n",
- win_errstr(werr)));
- return werror_to_ntstatus(werr);
+ gpext_debug_header(0, "registry_process_group_policy", flags,
+ gpo, extension_guid, snapin_guid);
+
+ status = gpo_get_unix_path(mem_ctx, cache_path(GPO_CACHE_DIR),
+ gpo, &unix_path);
+ NT_STATUS_NOT_OK_RETURN(status);
+
+ status = reg_parse_registry(mem_ctx,
+ flags,
+ unix_path,
+ &entries,
+ &num_entries);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0,("failed to parse registry: %s\n",
+ nt_errstr(status)));
+ return status;
+ }
+
+ dump_reg_entries(flags, "READ", entries, num_entries);
+
+ werr = reg_apply_registry(mem_ctx, token, root_key, flags,
+ entries, num_entries);
+ if (!W_ERROR_IS_OK(werr)) {
+ DEBUG(0,("failed to apply registry: %s\n",
+ win_errstr(werr)));
+ return werror_to_ntstatus(werr);
+ }
}
return NT_STATUS_OK;
uint32_t flags,
struct registry_key *root_key,
const struct security_token *token,
- struct GROUP_POLICY_OBJECT *gpo,
+ struct GROUP_POLICY_OBJECT *deleted_gpo_list,
+ struct GROUP_POLICY_OBJECT *changed_gpo_list,
const char *extension_guid,
const char *snapin_guid)
{
GP_SCRIPTS_INI_LOGON,
GP_SCRIPTS_INI_LOGOFF
};
+ struct GROUP_POLICY_OBJECT *gpo;
- gpext_debug_header(0, "scripts_process_group_policy", flags, gpo,
- extension_guid, snapin_guid);
+ /* implementation of the policy callback function, see
+ * http://msdn.microsoft.com/en-us/library/aa373494%28v=vs.85%29.aspx
+ * for details - gd */
- status = gpo_get_unix_path(mem_ctx, cache_path(GPO_CACHE_DIR), gpo, &unix_path);
- NT_STATUS_NOT_OK_RETURN(status);
+ /* for now do not process the list of deleted group policies
- status = gp_inifile_init_context(mem_ctx, flags, unix_path,
- GP_SCRIPTS_INI, &ini_ctx);
- NT_STATUS_NOT_OK_RETURN(status);
+ for (gpo = deleted_gpo_list; gpo; gpo = gpo->next) {
+ }
- for (i = 0; i < ARRAY_SIZE(list); i++) {
+ */
- TALLOC_FREE(entries);
- num_entries = 0;
+ for (gpo = changed_gpo_list; gpo; gpo = gpo->next) {
- status = scripts_parse_ini_section(ini_ctx, flags, list[i],
- &entries, &num_entries);
- if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
- continue;
- }
+ gpext_debug_header(0, "scripts_process_group_policy", flags,
+ gpo, extension_guid, snapin_guid);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
+ status = gpo_get_unix_path(mem_ctx, cache_path(GPO_CACHE_DIR),
+ gpo, &unix_path);
+ NT_STATUS_NOT_OK_RETURN(status);
- dump_reg_entries(flags, "READ", entries, num_entries);
+ status = gp_inifile_init_context(mem_ctx, flags, unix_path,
+ GP_SCRIPTS_INI, &ini_ctx);
+ NT_STATUS_NOT_OK_RETURN(status);
- werr = scripts_apply(ini_ctx->mem_ctx, token, root_key,
- flags, list[i], gpo, entries, num_entries);
- if (!W_ERROR_IS_OK(werr)) {
- continue; /* FIXME: finally fix storing emtpy strings and REG_QWORD! */
- TALLOC_FREE(ini_ctx);
- return werror_to_ntstatus(werr);
+ for (i = 0; i < ARRAY_SIZE(list); i++) {
+
+ TALLOC_FREE(entries);
+ num_entries = 0;
+
+ status = scripts_parse_ini_section(ini_ctx, flags, list[i],
+ &entries, &num_entries);
+ if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
+ continue;
+ }
+
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ dump_reg_entries(flags, "READ", entries, num_entries);
+
+ werr = scripts_apply(ini_ctx->mem_ctx, token, root_key,
+ flags, list[i], gpo, entries, num_entries);
+ if (!W_ERROR_IS_OK(werr)) {
+ continue; /* FIXME: finally fix storing emtpy strings and REG_QWORD! */
+ TALLOC_FREE(ini_ctx);
+ return werror_to_ntstatus(werr);
+ }
}
+
+ TALLOC_FREE(ini_ctx);
}
- TALLOC_FREE(ini_ctx);
return NT_STATUS_OK;
}
uint32_t flags,
struct registry_key *root_key,
const struct security_token *token,
- struct GROUP_POLICY_OBJECT *gpo,
+ struct GROUP_POLICY_OBJECT *deleted_gpo_list,
+ struct GROUP_POLICY_OBJECT *changed_gpo_list,
const char *extension_guid,
const char *snapin_guid)
{
NTSTATUS status;
char *unix_path = NULL;
struct gp_inifile_context *ini_ctx = NULL;
+ struct GROUP_POLICY_OBJECT *gpo;
- gpext_debug_header(0, "security_process_group_policy", flags, gpo,
- extension_guid, snapin_guid);
+ /* implementation of the policy callback function, see
+ * http://msdn.microsoft.com/en-us/library/aa373494%28v=vs.85%29.aspx
+ * for details - gd */
- /* this handler processes the gpttmpl files and merge output to the
- * registry */
+ /* for now do not process the list of deleted group policies
- status = gpo_get_unix_path(mem_ctx, cache_path(GPO_CACHE_DIR), gpo, &unix_path);
- if (!NT_STATUS_IS_OK(status)) {
- goto out;
+ for (gpo = deleted_gpo_list; gpo; gpo = gpo->next) {
}
- status = gpttmpl_init_context(mem_ctx, flags, unix_path, &ini_ctx);
- if (!NT_STATUS_IS_OK(status)) {
- goto out;
- }
+ */
- status = gpttmpl_process(ini_ctx, root_key, flags);
- if (!NT_STATUS_IS_OK(status)) {
- goto out;
+ for (gpo = changed_gpo_list; gpo; gpo = gpo->next) {
+
+ gpext_debug_header(0, "security_process_group_policy", flags,
+ gpo, extension_guid, snapin_guid);
+
+ /* this handler processes the gpttmpl files and merge output to the
+ * registry */
+
+ status = gpo_get_unix_path(mem_ctx, cache_path(GPO_CACHE_DIR),
+ gpo, &unix_path);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto out;
+ }
+
+ status = gpttmpl_init_context(mem_ctx, flags, unix_path,
+ &ini_ctx);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto out;
+ }
+
+ status = gpttmpl_process(ini_ctx, root_key, flags);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto out;
+ }
+
+ TALLOC_FREE(ini_ctx);
}
out: