[PR PATCH] [Updated] WIP: Make Group Policy Extensible, etc

[github at samba.org]

There is an updated pull request by dmulder against master on the Samba Samba Github repository

https://github.com/dmulder/samba gpo_extensible_030518
https://github.com/samba-team/samba/pull/177

WIP: Make Group Policy Extensible, etc
I'm posting these for comment. One thing still to do is to load the registry with the default gp_sec_ext extension (otherwise it must be loaded manually before anything is applied). Unless anyone thinks this *should* be manually configured.

Machine extensions can be applied with:
sudo /usr/sbin/gpupdate --target=Computer

User extensions are applied with:
sudo /usr/sbin/gpupdate --target=User --username=Administrator --password=<password>

Machine extensions can also be applied via winbind (already).

This patchset includes:

- The check_refresh_gpo_list() patches only because it depends on them (these are being discussed in a different thread).
- A fix for the gp_sec_ext. The extension should check for itself whether it should apply, not the gpupdate script.
- Add libgpo bindings register/unregister/list gp_extensions in the registry.
- Dynamically load extensions registered in HKLM/Software/Microsoft/Windows NT/CurrentVersion/Winlogon/GPExtensions.
- Adds user policy extensions (this is now a trivial change).
- Renames samba_gpoupdate to gpupdate, and changes the --machine parameter to --targer=Computer/User. This is how the gpupdate script works in Windows.
- Fixes a crash in the gpupdate script when the dc code is installed, but the machine is joined as a client.

I'm posting these now for comments/suggestions/improvements.

A patch file from https://github.com/samba-team/samba/pull/177.patch is attached
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: github-pr-gpo_extensible_030518-177.patch
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20180509/179ca47c/github-pr-gpo_extensible_030518-177.patch>