diff options
author | Luke Morrison <luc785@hotmail.com> | 2014-01-31 13:27:05 +1300 |
---|---|---|
committer | Garming Sam <garming@samba.org> | 2017-11-20 21:41:14 +0100 |
commit | 148b7ae707f31e221fef79e80ccda2663d5526ee (patch) | |
tree | 371e388a08f5d3d6f0f7dfdc1db30d7bdf9e23ec /source3/libgpo | |
parent | a70aa65fa86ad12f75d94ec7b6a55e2040e38f2e (diff) | |
download | samba-148b7ae707f31e221fef79e80ccda2663d5526ee.tar.gz |
gpo: Add python libgpo bindings
Split from "Initial commit for GPO work done by Luke Morrison" by David Mulder
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Luke Morrison <luke@hubtrek.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source3/libgpo')
-rw-r--r-- | source3/libgpo/gpo_filesync.c | 246 | ||||
-rw-r--r-- | source3/libgpo/gpo_proto.h | 94 | ||||
-rw-r--r-- | source3/libgpo/gpo_reg.c | 1040 |
3 files changed, 0 insertions, 1380 deletions
diff --git a/source3/libgpo/gpo_filesync.c b/source3/libgpo/gpo_filesync.c deleted file mode 100644 index 6e3efdaf6c1..00000000000 --- a/source3/libgpo/gpo_filesync.c +++ /dev/null @@ -1,246 +0,0 @@ -/* - * Unix SMB/CIFS implementation. - * Group Policy Object Support - * Copyright (C) Guenther Deschner 2006 - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, see <http://www.gnu.org/licenses/>. - */ - -#include "includes.h" -#include "system/filesys.h" -#include "libsmb/libsmb.h" -#include "../libgpo/gpo.h" -#include "libgpo/gpo_proto.h" - -struct sync_context { - TALLOC_CTX *mem_ctx; - struct cli_state *cli; - char *remote_path; - char *local_path; - char *mask; - uint16_t attribute; -}; - -static NTSTATUS gpo_sync_func(const char *mnt, - struct file_info *info, - const char *mask, - void *state); - -NTSTATUS gpo_copy_file(TALLOC_CTX *mem_ctx, - struct cli_state *cli, - const char *nt_path, - const char *unix_path) -{ - NTSTATUS result; - uint16_t fnum; - int fd = -1; - char *data = NULL; - static int io_bufsize = 64512; - int read_size = io_bufsize; - off_t nread = 0; - - result = cli_openx(cli, nt_path, O_RDONLY, DENY_NONE, &fnum); - if (!NT_STATUS_IS_OK(result)) { - goto out; - } - - if ((fd = open(unix_path, O_WRONLY|O_CREAT|O_TRUNC, 0644)) == -1) { - result = map_nt_error_from_unix(errno); - goto out; - } - - if ((data = (char *)SMB_MALLOC(read_size)) == NULL) { - result = NT_STATUS_NO_MEMORY; - goto out; - } - - while (1) { - size_t n = 0; - - result = cli_read(cli, fnum, data, nread, read_size, &n); - if (!NT_STATUS_IS_OK(result)) { - goto out; - } - - if (n == 0) - break; - - if (write(fd, data, n) != n) { - break; - } - - nread += n; - } - - result = NT_STATUS_OK; - - out: - SAFE_FREE(data); - if (fnum) { - cli_close(cli, fnum); - } - if (fd != -1) { - close(fd); - } - - return result; -} - -/**************************************************************** - copy dir -****************************************************************/ - -static NTSTATUS gpo_copy_dir(const char *unix_path) -{ - if ((mkdir(unix_path, 0644)) < 0 && errno != EEXIST) { - return map_nt_error_from_unix(errno); - } - - return NT_STATUS_OK; -} - -/**************************************************************** - sync files -****************************************************************/ - -static NTSTATUS gpo_sync_files(struct sync_context *ctx) -{ - NTSTATUS status; - - DEBUG(3,("calling cli_list with mask: %s\n", ctx->mask)); - - status = cli_list(ctx->cli, ctx->mask, ctx->attribute, gpo_sync_func, - ctx); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(1, ("listing [%s] failed with error: %s\n", - ctx->mask, nt_errstr(status))); - return status; - } - - return status; -} - -/**************************************************************** - syncronisation call back -****************************************************************/ - -static NTSTATUS gpo_sync_func(const char *mnt, - struct file_info *info, - const char *mask, - void *state) -{ - NTSTATUS result; - struct sync_context *ctx; - fstring nt_filename, unix_filename; - fstring nt_dir, unix_dir; - char *old_nt_dir, *old_unix_dir; - - ctx = (struct sync_context *)state; - - if (strequal(info->name, ".") || strequal(info->name, "..")) { - return NT_STATUS_OK; - } - - DEBUG(5,("gpo_sync_func: got mask: [%s], name: [%s]\n", - mask, info->name)); - - if (info->mode & FILE_ATTRIBUTE_DIRECTORY) { - - DEBUG(3,("got dir: [%s]\n", info->name)); - - fstrcpy(nt_dir, ctx->remote_path); - fstrcat(nt_dir, "\\"); - fstrcat(nt_dir, info->name); - - fstrcpy(unix_dir, ctx->local_path); - fstrcat(unix_dir, "/"); - fstrcat(unix_dir, info->name); - - result = gpo_copy_dir(unix_dir); - if (!NT_STATUS_IS_OK(result)) { - DEBUG(1,("failed to copy dir: %s\n", - nt_errstr(result))); - return result; - } - - old_nt_dir = ctx->remote_path; - ctx->remote_path = talloc_strdup(ctx->mem_ctx, nt_dir); - - old_unix_dir = ctx->local_path; - ctx->local_path = talloc_strdup(ctx->mem_ctx, unix_dir); - - ctx->mask = talloc_asprintf(ctx->mem_ctx, - "%s\\*", - nt_dir); - if (!ctx->local_path || !ctx->mask || !ctx->remote_path) { - DEBUG(0,("gpo_sync_func: ENOMEM\n")); - return NT_STATUS_NO_MEMORY; - } - result = gpo_sync_files(ctx); - if (!NT_STATUS_IS_OK(result)) { - DEBUG(0,("could not sync files\n")); - return result; - } - - ctx->remote_path = old_nt_dir; - ctx->local_path = old_unix_dir; - return NT_STATUS_OK; - } - - DEBUG(3,("got file: [%s]\n", info->name)); - - fstrcpy(nt_filename, ctx->remote_path); - fstrcat(nt_filename, "\\"); - fstrcat(nt_filename, info->name); - - fstrcpy(unix_filename, ctx->local_path); - fstrcat(unix_filename, "/"); - fstrcat(unix_filename, info->name); - - result = gpo_copy_file(ctx->mem_ctx, ctx->cli, - nt_filename, unix_filename); - if (!NT_STATUS_IS_OK(result)) { - DEBUG(1,("failed to copy file: %s\n", - nt_errstr(result))); - } - return result; -} - - -/**************************************************************** - list a remote directory and download recursivly -****************************************************************/ - -NTSTATUS gpo_sync_directories(TALLOC_CTX *mem_ctx, - struct cli_state *cli, - const char *nt_path, - const char *local_path) -{ - struct sync_context ctx; - - ctx.mem_ctx = mem_ctx; - ctx.cli = cli; - ctx.remote_path = discard_const_p(char, nt_path); - ctx.local_path = discard_const_p(char, local_path); - ctx.attribute = (FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_DIRECTORY); - - ctx.mask = talloc_asprintf(mem_ctx, - "%s\\*", - nt_path); - if (!ctx.mask) { - return NT_STATUS_NO_MEMORY; - } - - return gpo_sync_files(&ctx); -} diff --git a/source3/libgpo/gpo_proto.h b/source3/libgpo/gpo_proto.h deleted file mode 100644 index 32a61eab214..00000000000 --- a/source3/libgpo/gpo_proto.h +++ /dev/null @@ -1,94 +0,0 @@ -/* - * Unix SMB/CIFS implementation. - * Group Policy Object Support - * - * Copyright (C) Guenther Deschner 2006-2008 - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, see <http://www.gnu.org/licenses/>. - */ - -#ifndef _LIBGPO_GPO_PROTO_H_ -#define _LIBGPO_GPO_PROTO_H_ - -/* The following definitions come from libgpo/gpo_filesync.c */ - -NTSTATUS gpo_copy_file(TALLOC_CTX *mem_ctx, - struct cli_state *cli, - const char *nt_path, - const char *unix_path); -NTSTATUS gpo_sync_directories(TALLOC_CTX *mem_ctx, - struct cli_state *cli, - const char *nt_path, - const char *local_path); - -/* The following definitions come from libgpo/gpo_reg.c */ - -struct security_token *registry_create_system_token(TALLOC_CTX *mem_ctx); -WERROR gp_init_reg_ctx(TALLOC_CTX *mem_ctx, - const char *initial_path, - uint32_t desired_access, - const struct security_token *token, - struct gp_registry_context **reg_ctx); -void gp_free_reg_ctx(struct gp_registry_context *reg_ctx); -WERROR gp_store_reg_subkey(TALLOC_CTX *mem_ctx, - const char *subkeyname, - struct registry_key *curr_key, - struct registry_key **new_key); -WERROR gp_read_reg_subkey(TALLOC_CTX *mem_ctx, - struct gp_registry_context *reg_ctx, - const char *subkeyname, - struct registry_key **key); -WERROR gp_store_reg_val_sz(TALLOC_CTX *mem_ctx, - struct registry_key *key, - const char *val_name, - const char *val); -WERROR gp_read_reg_val_sz(TALLOC_CTX *mem_ctx, - struct registry_key *key, - const char *val_name, - const char **val); -WERROR gp_reg_state_store(TALLOC_CTX *mem_ctx, - uint32_t flags, - const char *dn, - const struct security_token *token, - struct GROUP_POLICY_OBJECT *gpo_list); -WERROR gp_reg_state_read(TALLOC_CTX *mem_ctx, - uint32_t flags, - const struct dom_sid *sid, - struct GROUP_POLICY_OBJECT **gpo_list); -WERROR gp_secure_key(TALLOC_CTX *mem_ctx, - uint32_t flags, - struct registry_key *key, - const struct dom_sid *sid); -void dump_reg_val(int lvl, const char *direction, - const char *key, const char *subkey, - struct registry_value *val); -void dump_reg_entry(uint32_t flags, - const char *dir, - struct gp_registry_entry *entry); -void dump_reg_entries(uint32_t flags, - const char *dir, - struct gp_registry_entry *entries, - size_t num_entries); -bool add_gp_registry_entry_to_array(TALLOC_CTX *mem_ctx, - struct gp_registry_entry *entry, - struct gp_registry_entry **entries, - size_t *num); -WERROR reg_apply_registry_entry(TALLOC_CTX *mem_ctx, - struct registry_key *root_key, - struct gp_registry_context *reg_ctx, - struct gp_registry_entry *entry, - const struct security_token *token, - uint32_t flags); - -#endif /* _LIBGPO_GPO_PROTO_H_ */ diff --git a/source3/libgpo/gpo_reg.c b/source3/libgpo/gpo_reg.c deleted file mode 100644 index 7f5fbc4fff1..00000000000 --- a/source3/libgpo/gpo_reg.c +++ /dev/null @@ -1,1040 +0,0 @@ -/* - * Unix SMB/CIFS implementation. - * Group Policy Object Support - * Copyright (C) Guenther Deschner 2007-2008 - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, see <http://www.gnu.org/licenses/>. - */ - -#include "includes.h" -#include "../libgpo/gpo.h" -#include "libgpo/gpo_proto.h" -#include "registry.h" -#include "registry/reg_api.h" -#include "registry/reg_backend_db.h" -#include "registry/reg_api_util.h" -#include "registry/reg_init_basic.h" -#include "../libcli/security/security.h" -#include "../libcli/registry/util_reg.h" - - -/**************************************************************** -****************************************************************/ - -struct security_token *registry_create_system_token(TALLOC_CTX *mem_ctx) -{ - struct security_token *token = NULL; - - token = talloc_zero(mem_ctx, struct security_token); - if (!token) { - DEBUG(1,("talloc failed\n")); - return NULL; - } - - token->privilege_mask = SE_ALL_PRIVS; - - if (!NT_STATUS_IS_OK(add_sid_to_array(token, &global_sid_System, - &token->sids, &token->num_sids))) { - DEBUG(1,("Error adding nt-authority system sid to token\n")); - return NULL; - } - - return token; -} - -/**************************************************************** -****************************************************************/ - -WERROR gp_init_reg_ctx(TALLOC_CTX *mem_ctx, - const char *initial_path, - uint32_t desired_access, - const struct security_token *token, - struct gp_registry_context **reg_ctx) -{ - struct gp_registry_context *tmp_ctx; - WERROR werr; - - if (!reg_ctx) { - return WERR_INVALID_PARAMETER; - } - - werr = registry_init_basic(); - if (!W_ERROR_IS_OK(werr)) { - return werr; - } - - tmp_ctx = talloc_zero(mem_ctx, struct gp_registry_context); - W_ERROR_HAVE_NO_MEMORY(tmp_ctx); - - if (token) { - tmp_ctx->token = token; - } else { - tmp_ctx->token = registry_create_system_token(mem_ctx); - } - if (!tmp_ctx->token) { - TALLOC_FREE(tmp_ctx); - return WERR_NOT_ENOUGH_MEMORY; - } - - werr = regdb_open(); - if (!W_ERROR_IS_OK(werr)) { - return werr; - } - - if (initial_path) { - tmp_ctx->path = talloc_strdup(mem_ctx, initial_path); - if (!tmp_ctx->path) { - TALLOC_FREE(tmp_ctx); - return WERR_NOT_ENOUGH_MEMORY; - } - - werr = reg_open_path(mem_ctx, tmp_ctx->path, desired_access, - tmp_ctx->token, &tmp_ctx->curr_key); - if (!W_ERROR_IS_OK(werr)) { - TALLOC_FREE(tmp_ctx); - return werr; - } - } - - *reg_ctx = tmp_ctx; - - return WERR_OK; -} - -/**************************************************************** -****************************************************************/ - -void gp_free_reg_ctx(struct gp_registry_context *reg_ctx) -{ - TALLOC_FREE(reg_ctx); -} - -/**************************************************************** -****************************************************************/ - -WERROR gp_store_reg_subkey(TALLOC_CTX *mem_ctx, - const char *subkeyname, - struct registry_key *curr_key, - struct registry_key **new_key) -{ - enum winreg_CreateAction action = REG_ACTION_NONE; - WERROR werr; - - werr = reg_createkey(mem_ctx, curr_key, subkeyname, - REG_KEY_WRITE, new_key, &action); - if (W_ERROR_IS_OK(werr) && (action != REG_CREATED_NEW_KEY)) { - return WERR_OK; - } - - return werr; -} - -/**************************************************************** -****************************************************************/ - -WERROR gp_read_reg_subkey(TALLOC_CTX *mem_ctx, - struct gp_registry_context *reg_ctx, - const char *subkeyname, - struct registry_key **key) -{ - const char *tmp = NULL; - - if (!reg_ctx || !subkeyname || !key) { - return WERR_INVALID_PARAMETER; - } - - tmp = talloc_asprintf(mem_ctx, "%s\\%s", reg_ctx->path, subkeyname); - W_ERROR_HAVE_NO_MEMORY(tmp); - - return reg_open_path(mem_ctx, tmp, REG_KEY_READ, - reg_ctx->token, key); -} - -/**************************************************************** -****************************************************************/ - -WERROR gp_store_reg_val_sz(TALLOC_CTX *mem_ctx, - struct registry_key *key, - const char *val_name, - const char *val) -{ - struct registry_value reg_val; - - reg_val.type = REG_SZ; - if (!push_reg_sz(mem_ctx, ®_val.data, val)) { - return WERR_NOT_ENOUGH_MEMORY; - } - - return reg_setvalue(key, val_name, ®_val); -} - -/**************************************************************** -****************************************************************/ - -static WERROR gp_store_reg_val_dword(TALLOC_CTX *mem_ctx, - struct registry_key *key, - const char *val_name, - uint32_t val) -{ - struct registry_value reg_val; - - reg_val.type = REG_DWORD; - reg_val.data = data_blob_talloc(mem_ctx, NULL, 4); - SIVAL(reg_val.data.data, 0, val); - - return reg_setvalue(key, val_name, ®_val); -} - -/**************************************************************** -****************************************************************/ - -WERROR gp_read_reg_val_sz(TALLOC_CTX *mem_ctx, - struct registry_key *key, - const char *val_name, - const char **val) -{ - WERROR werr; - struct registry_value *reg_val = NULL; - - werr = reg_queryvalue(mem_ctx, key, val_name, ®_val); - W_ERROR_NOT_OK_RETURN(werr); - - if (reg_val->type != REG_SZ) { - return WERR_INVALID_DATATYPE; - } - - if (!pull_reg_sz(mem_ctx, ®_val->data, val)) { - return WERR_NOT_ENOUGH_MEMORY; - } - - return WERR_OK; -} - -/**************************************************************** -****************************************************************/ - -static WERROR gp_read_reg_val_dword(TALLOC_CTX *mem_ctx, - struct registry_key *key, - const char *val_name, - uint32_t *val) -{ - WERROR werr; - struct registry_value *reg_val = NULL; - - werr = reg_queryvalue(mem_ctx, key, val_name, ®_val); - W_ERROR_NOT_OK_RETURN(werr); - - if (reg_val->type != REG_DWORD) { - return WERR_INVALID_DATATYPE; - } - - if (reg_val->data.length < 4) { - return WERR_INSUFFICIENT_BUFFER; - } - *val = IVAL(reg_val->data.data, 0); - - return WERR_OK; -} - -/**************************************************************** -****************************************************************/ - -static WERROR gp_store_reg_gpovals(TALLOC_CTX *mem_ctx, - struct registry_key *key, - struct GROUP_POLICY_OBJECT *gpo) -{ - WERROR werr; - - if (!key || !gpo) { - return WERR_INVALID_PARAMETER; - } - - werr = gp_store_reg_val_dword(mem_ctx, key, "Version", - gpo->version); - W_ERROR_NOT_OK_RETURN(werr); - - werr = gp_store_reg_val_dword(mem_ctx, key, "WQLFilterPass", - true); /* fake */ - W_ERROR_NOT_OK_RETURN(werr); - - werr = gp_store_reg_val_dword(mem_ctx, key, "AccessDenied", - false); /* fake */ - W_ERROR_NOT_OK_RETURN(werr); - - werr = gp_store_reg_val_dword(mem_ctx, key, "GPO-Disabled", - (gpo->options & GPO_FLAG_DISABLE)); - W_ERROR_NOT_OK_RETURN(werr); - - werr = gp_store_reg_val_dword(mem_ctx, key, "Options", - gpo->options); - W_ERROR_NOT_OK_RETURN(werr); - - werr = gp_store_reg_val_sz(mem_ctx, key, "GPOID", - gpo->name); - W_ERROR_NOT_OK_RETURN(werr); - - werr = gp_store_reg_val_sz(mem_ctx, key, "SOM", - gpo->link ? gpo->link : ""); - W_ERROR_NOT_OK_RETURN(werr); - - werr = gp_store_reg_val_sz(mem_ctx, key, "DisplayName", - gpo->display_name); - W_ERROR_NOT_OK_RETURN(werr); - - werr = gp_store_reg_val_sz(mem_ctx, key, "WQL-Id", - ""); - W_ERROR_NOT_OK_RETURN(werr); - - return werr; -} - -/**************************************************************** -****************************************************************/ - -static const char *gp_reg_groupmembership_path(TALLOC_CTX *mem_ctx, - const struct dom_sid *sid, - uint32_t flags) -{ - if (flags & GPO_LIST_FLAG_MACHINE) { - return "GroupMembership"; - } - - return talloc_asprintf(mem_ctx, "%s\\%s", sid_string_tos(sid), - "GroupMembership"); -} - -/**************************************************************** -****************************************************************/ - -static WERROR gp_reg_del_groupmembership(TALLOC_CTX *mem_ctx, - struct registry_key *key, - const struct security_token *token, - uint32_t flags) -{ - const char *path = NULL; - - path = gp_reg_groupmembership_path(mem_ctx, &token->sids[0], - flags); - W_ERROR_HAVE_NO_MEMORY(path); - - return reg_deletekey_recursive(key, path); - -} - -/**************************************************************** -****************************************************************/ - -static WERROR gp_reg_store_groupmembership(TALLOC_CTX *mem_ctx, - struct gp_registry_context *reg_ctx, - const struct security_token *token, - uint32_t flags) -{ - struct registry_key *key = NULL; - WERROR werr; - int i = 0; - const char *valname = NULL; - const char *path = NULL; - const char *val = NULL; - int count = 0; - - path = gp_reg_groupmembership_path(mem_ctx, &token->sids[0], - flags); - W_ERROR_HAVE_NO_MEMORY(path); - - gp_reg_del_groupmembership(mem_ctx, reg_ctx->curr_key, token, flags); - - werr = gp_store_reg_subkey(mem_ctx, path, - reg_ctx->curr_key, &key); - W_ERROR_NOT_OK_RETURN(werr); - - for (i=0; i<token->num_sids; i++) { - - valname = talloc_asprintf(mem_ctx, "Group%d", count++); - W_ERROR_HAVE_NO_MEMORY(valname); - - val = sid_string_talloc(mem_ctx, &token->sids[i]); - W_ERROR_HAVE_NO_MEMORY(val); - werr = gp_store_reg_val_sz(mem_ctx, key, valname, val); - W_ERROR_NOT_OK_RETURN(werr); - } - - werr = gp_store_reg_val_dword(mem_ctx, key, "Count", count); - W_ERROR_NOT_OK_RETURN(werr); - - return WERR_OK; -} - -/**************************************************************** -****************************************************************/ -#if 0 -/* not used yet */ -static WERROR gp_reg_read_groupmembership(TALLOC_CTX *mem_ctx, - struct gp_registry_context *reg_ctx, - const struct dom_sid *object_sid, - struct security_token **token, - uint32_t flags) -{ - struct registry_key *key = NULL; - WERROR werr; - int i = 0; - const char *valname = NULL; - const char *val = NULL; - const char *path = NULL; - uint32_t count = 0; - int num_token_sids = 0; - struct security_token *tmp_token = NULL; - - tmp_token = talloc_zero(mem_ctx, struct security_token); - W_ERROR_HAVE_NO_MEMORY(tmp_token); - - path = gp_reg_groupmembership_path(mem_ctx, object_sid, flags); - W_ERROR_HAVE_NO_MEMORY(path); - - werr = gp_read_reg_subkey(mem_ctx, reg_ctx, path, &key); - W_ERROR_NOT_OK_RETURN(werr); - - werr = gp_read_reg_val_dword(mem_ctx, key, "Count", &count); - W_ERROR_NOT_OK_RETURN(werr); - - for (i=0; i<count; i++) { - - valname = talloc_asprintf(mem_ctx, "Group%d", i); - W_ERROR_HAVE_NO_MEMORY(valname); - - werr = gp_read_reg_val_sz(mem_ctx, key, valname, &val); - W_ERROR_NOT_OK_RETURN(werr); - - if (!string_to_sid(&tmp_token->sids[num_token_sids++], - val)) { - return WERR_INSUFFICIENT_BUFFER; - } - } - - tmp_token->num_sids = num_token_sids; - - *token = tmp_token; - - return WERR_OK; -} -#endif -/**************************************************************** -****************************************************************/ - -static const char *gp_req_state_path(TALLOC_CTX *mem_ctx, - const struct dom_sid *sid, - uint32_t flags) -{ - if (flags & GPO_LIST_FLAG_MACHINE) { - return GPO_REG_STATE_MACHINE; - } - - return talloc_asprintf(mem_ctx, "%s\\%s", "State", sid_string_tos(sid)); -} - -/**************************************************************** -****************************************************************/ - -static WERROR gp_del_reg_state(TALLOC_CTX *mem_ctx, - struct registry_key *key, - const char *path) -{ - return reg_deletesubkeys_recursive(key, path); -} - -/**************************************************************** -****************************************************************/ - -WERROR gp_reg_state_store(TALLOC_CTX *mem_ctx, - uint32_t flags, - const char *dn, - const struct security_token *token, - struct GROUP_POLICY_OBJECT *gpo_list) -{ - struct gp_registry_context *reg_ctx = NULL; - WERROR werr = WERR_GEN_FAILURE; - const char *subkeyname = NULL; - struct GROUP_POLICY_OBJECT *gpo; - int count = 0; - struct registry_key *key; - - werr = gp_init_reg_ctx(mem_ctx, KEY_GROUP_POLICY, REG_KEY_WRITE, - token, ®_ctx); - W_ERROR_NOT_OK_RETURN(werr); - - werr = gp_secure_key(mem_ctx, flags, reg_ctx->curr_key, - &token->sids[0]); - if (!W_ERROR_IS_OK(werr)) { - DEBUG(0,("failed to secure key: %s\n", win_errstr(werr))); - goto done; - } - - werr = gp_reg_store_groupmembership(mem_ctx, reg_ctx, token, flags); - if (!W_ERROR_IS_OK(werr)) { - DEBUG(0,("failed to store group membership: %s\n", win_errstr(werr))); - goto done; - } - - subkeyname = gp_req_state_path(mem_ctx, &token->sids[0], flags); - if (!subkeyname) { - werr = WERR_NOT_ENOUGH_MEMORY; - goto done; - } - - werr = gp_del_reg_state(mem_ctx, reg_ctx->curr_key, subkeyname); - if (!W_ERROR_IS_OK(werr)) { - DEBUG(0,("failed to delete old state: %s\n", win_errstr(werr))); - /* goto done; */ - } - - werr = gp_store_reg_subkey(mem_ctx, subkeyname, - reg_ctx->curr_key, ®_ctx->curr_key); - if (!W_ERROR_IS_OK(werr)) { - goto done; - } - - werr = gp_store_reg_val_sz(mem_ctx, reg_ctx->curr_key, - "Distinguished-Name", dn); - if (!W_ERROR_IS_OK(werr)) { - goto done; - } - - /* store link list */ - - werr = gp_store_reg_subkey(mem_ctx, "GPLink-List", - reg_ctx->curr_key, &key); - if (!W_ERROR_IS_OK(werr)) { - goto done; - } - - /* store gpo list */ - - werr = gp_store_reg_subkey(mem_ctx, "GPO-List", - reg_ctx->curr_key, ®_ctx->curr_key); - if (!W_ERROR_IS_OK(werr)) { - goto done; - } - - for (gpo = gpo_list; gpo; gpo = gpo->next) { - - subkeyname = talloc_asprintf(mem_ctx, "%d", count++); - if (!subkeyname) { - werr = WERR_NOT_ENOUGH_MEMORY; - goto done; - } - - werr = gp_store_reg_subkey(mem_ctx, subkeyname, - reg_ctx->curr_key, &key); - if (!W_ERROR_IS_OK(werr)) { - goto done; - } - - werr = gp_store_reg_gpovals(mem_ctx, key, gpo); - if (!W_ERROR_IS_OK(werr)) { - DEBUG(0,("gp_reg_state_store: " - "gp_store_reg_gpovals failed for %s: %s\n", - gpo->display_name, win_errstr(werr))); - goto done; - } - } - done: - gp_free_reg_ctx(reg_ctx); - return werr; -} - -/**************************************************************** -****************************************************************/ - -static WERROR gp_read_reg_gpovals(TALLOC_CTX *mem_ctx, - struct registry_key *key, - struct GROUP_POLICY_OBJECT *gpo) -{ - WERROR werr; - - if (!key || !gpo) { - return WERR_INVALID_PARAMETER; - } - - werr = gp_read_reg_val_dword(mem_ctx, key, "Version", - &gpo->version); - W_ERROR_NOT_OK_RETURN(werr); - - werr = gp_read_reg_val_dword(mem_ctx, key, "Options", - &gpo->options); - W_ERROR_NOT_OK_RETURN(werr); - - werr = gp_read_reg_val_sz(mem_ctx, key, "GPOID", - &gpo->name); - W_ERROR_NOT_OK_RETURN(werr); - - werr = gp_read_reg_val_sz(mem_ctx, key, "SOM", - &gpo->link); - W_ERROR_NOT_OK_RETURN(werr); - - werr = gp_read_reg_val_sz(mem_ctx, key, "DisplayName", - &gpo->display_name); - W_ERROR_NOT_OK_RETURN(werr); - - return werr; -} - -/**************************************************************** -****************************************************************/ - -static WERROR gp_read_reg_gpo(TALLOC_CTX *mem_ctx, - struct registry_key *key, - struct GROUP_POLICY_OBJECT **gpo_ret) -{ - struct GROUP_POLICY_OBJECT *gpo = NULL; - WERROR werr; - - if (!gpo_ret || !key) { - return WERR_INVALID_PARAMETER; - } - - gpo = talloc_zero(mem_ctx, struct GROUP_POLICY_OBJECT); - W_ERROR_HAVE_NO_MEMORY(gpo); - - werr = gp_read_reg_gpovals(mem_ctx, key, gpo); - W_ERROR_NOT_OK_RETURN(werr); - - *gpo_ret = gpo; - - return werr; -} - -/**************************************************************** -****************************************************************/ - -WERROR gp_reg_state_read(TALLOC_CTX *mem_ctx, - uint32_t flags, - const struct dom_sid *sid, - struct GROUP_POLICY_OBJECT **gpo_list) -{ - struct gp_registry_context *reg_ctx = NULL; - WERROR werr = WERR_GEN_FAILURE; - const char *subkeyname = NULL; - struct GROUP_POLICY_OBJECT *gpo = NULL; - int count = 0; - struct registry_key *key = NULL; - const char *path = NULL; - const char *gp_state_path = NULL; - - if (!gpo_list) { - return WERR_INVALID_PARAMETER; - } - - ZERO_STRUCTP(gpo_list); - - gp_state_path = gp_req_state_path(mem_ctx, sid, flags); - if (!gp_state_path) { - werr = WERR_NOT_ENOUGH_MEMORY; - goto done; - } - - path = talloc_asprintf(mem_ctx, "%s\\%s\\%s", - KEY_GROUP_POLICY, - gp_state_path, - "GPO-List"); - if (!path) { - werr = WERR_NOT_ENOUGH_MEMORY; - goto done; - } - - werr = gp_init_reg_ctx(mem_ctx, path, REG_KEY_READ, NULL, ®_ctx); - if (!W_ERROR_IS_OK(werr)) { - goto done; - } - - while (1) { - - subkeyname = talloc_asprintf(mem_ctx, "%d", count++); - if (!subkeyname) { - werr = WERR_NOT_ENOUGH_MEMORY; - goto done; - } - - werr = gp_read_reg_subkey(mem_ctx, reg_ctx, subkeyname, &key); - if (W_ERROR_EQUAL(werr, WERR_FILE_NOT_FOUND)) { - werr = WERR_OK; - break; - } - if (!W_ERROR_IS_OK(werr)) { - DEBUG(0,("gp_reg_state_read: " - "gp_read_reg_subkey gave: %s\n", - win_errstr(werr))); - goto done; - } - - werr = gp_read_reg_gpo(mem_ctx, key, &gpo); - if (!W_ERROR_IS_OK(werr)) { - goto done; - } - - DLIST_ADD(*gpo_list, gpo); - } - - done: - gp_free_reg_ctx(reg_ctx); - return werr; -} - -/**************************************************************** -****************************************************************/ - -static WERROR gp_reg_generate_sd(TALLOC_CTX *mem_ctx, - const struct dom_sid *sid, - struct security_descriptor **sd, - size_t *sd_size) -{ - struct security_ace ace[6]; - uint32_t mask; - - struct security_acl *theacl = NULL; - - uint8_t inherit_flags; - - mask = REG_KEY_ALL; - init_sec_ace(&ace[0], - &global_sid_System, - SEC_ACE_TYPE_ACCESS_ALLOWED, - mask, 0); - - mask = REG_KEY_ALL; - init_sec_ace(&ace[1], - &global_sid_Builtin_Administrators, - SEC_ACE_TYPE_ACCESS_ALLOWED, - mask, 0); - - mask = REG_KEY_READ; - init_sec_ace(&ace[2], - sid ? sid : &global_sid_Authenticated_Users, - SEC_ACE_TYPE_ACCESS_ALLOWED, - mask, 0); - - inherit_flags = SEC_ACE_FLAG_OBJECT_INHERIT | - SEC_ACE_FLAG_CONTAINER_INHERIT | - SEC_ACE_FLAG_INHERIT_ONLY; - - mask = REG_KEY_ALL; - init_sec_ace(&ace[3], - &global_sid_System, - SEC_ACE_TYPE_ACCESS_ALLOWED, - mask, inherit_flags); - - mask = REG_KEY_ALL; - init_sec_ace(&ace[4], - &global_sid_Builtin_Administrators, - SEC_ACE_TYPE_ACCESS_ALLOWED, - mask, inherit_flags); - - mask = REG_KEY_READ; - init_sec_ace(&ace[5], - sid ? sid : &global_sid_Authenticated_Users, - SEC_ACE_TYPE_ACCESS_ALLOWED, - mask, inherit_flags); - - theacl = make_sec_acl(mem_ctx, NT4_ACL_REVISION, 6, ace); - W_ERROR_HAVE_NO_MEMORY(theacl); - - *sd = make_sec_desc(mem_ctx, SD_REVISION, - SEC_DESC_SELF_RELATIVE | - SEC_DESC_DACL_AUTO_INHERITED | /* really ? */ - SEC_DESC_DACL_AUTO_INHERIT_REQ, /* really ? */ - NULL, NULL, NULL, - theacl, sd_size); - W_ERROR_HAVE_NO_MEMORY(*sd); - - return WERR_OK; -} - -/**************************************************************** -****************************************************************/ - -WERROR gp_secure_key(TALLOC_CTX *mem_ctx, - uint32_t flags, - struct registry_key *key, - const struct dom_sid *sid) -{ - struct security_descriptor *sd = NULL; - size_t sd_size = 0; - const struct dom_sid *sd_sid = NULL; - WERROR werr; - - if (!(flags & GPO_LIST_FLAG_MACHINE)) { - sd_sid = sid; - } - - werr = gp_reg_generate_sd(mem_ctx, sd_sid, &sd, &sd_size); - W_ERROR_NOT_OK_RETURN(werr); - - return reg_setkeysecurity(key, sd); -} - -/**************************************************************** -****************************************************************/ - -void dump_reg_val(int lvl, const char *direction, - const char *key, const char *subkey, - struct registry_value *val) -{ - int i = 0; - const char *type_str = NULL; - - if (!val) { - DEBUG(lvl,("no val!\n")); - return; - } - - type_str = str_regtype(val->type); - - DEBUG(lvl,("\tdump_reg_val:\t%s '%s'\n\t\t\t'%s' %s: ", - direction, key, subkey, type_str)); - - switch (val->type) { - case REG_DWORD: { - uint32_t v; - if (val->data.length < 4) { - break; - } - v = IVAL(val->data.data, 0); - DEBUG(lvl,("%d (0x%08x)\n", - (int)v, v)); - break; - } - case REG_QWORD: { - uint64_t v; - if (val->data.length < 8) { - break; - } - v = BVAL(val->data.data, 0); - DEBUG(lvl,("%d (0x%016llx)\n", - (int)v, - (unsigned long long)v)); - break; - } - case REG_SZ: { - const char *s; - if (!pull_reg_sz(talloc_tos(), &val->data, &s)) { - break; - } - DEBUG(lvl,("%s (length: %d)\n", - s, (int)strlen_m(s))); - break; - } - case REG_MULTI_SZ: { - const char **a; - if (!pull_reg_multi_sz(talloc_tos(), &val->data, &a)) { - break; - } - for (i=0; a[i] != NULL; i++) { - ;; - } - DEBUG(lvl,("(num_strings: %d)\n", i)); - for (i=0; a[i] != NULL; i++) { - DEBUGADD(lvl,("\t%s\n", a[i])); - } - break; - } - case REG_NONE: - DEBUG(lvl,("\n")); - break; - case REG_BINARY: - dump_data(lvl, val->data.data, - val->data.length); - break; - default: - DEBUG(lvl,("unsupported type: %d\n", val->type)); - break; - } -} - -/**************************************************************** -****************************************************************/ - -void dump_reg_entry(uint32_t flags, - const char *dir, - struct gp_registry_entry *entry) -{ - if (!(flags & GPO_INFO_FLAG_VERBOSE)) - return; - - dump_reg_val(1, dir, - entry->key, - entry->value, - entry->data); -} - -/**************************************************************** -****************************************************************/ - -void dump_reg_entries(uint32_t flags, - const char *dir, - struct gp_registry_entry *entries, - size_t num_entries) -{ - size_t i; - - if (!(flags & GPO_INFO_FLAG_VERBOSE)) - return; - - for (i=0; i < num_entries; i++) { - dump_reg_entry(flags, dir, &entries[i]); - } -} - -/**************************************************************** -****************************************************************/ - -bool add_gp_registry_entry_to_array(TALLOC_CTX *mem_ctx, - struct gp_registry_entry *entry, - struct gp_registry_entry **entries, - size_t *num) -{ - *entries = talloc_realloc(mem_ctx, *entries, - struct gp_registry_entry, - (*num)+1); - - if (*entries == NULL) { - *num = 0; - return false; - } - - (*entries)[*num].action = entry->action; - (*entries)[*num].key = entry->key; - (*entries)[*num].value = entry->value; - (*entries)[*num].data = entry->data; - - *num += 1; - return true; -} - -/**************************************************************** -****************************************************************/ - -static const char *gp_reg_action_str(enum gp_reg_action action) -{ - switch (action) { - case GP_REG_ACTION_NONE: - return "GP_REG_ACTION_NONE"; - case GP_REG_ACTION_ADD_VALUE: - return "GP_REG_ACTION_ADD_VALUE"; - case GP_REG_ACTION_ADD_KEY: - return "GP_REG_ACTION_ADD_KEY"; - case GP_REG_ACTION_DEL_VALUES: - return "GP_REG_ACTION_DEL_VALUES"; - case GP_REG_ACTION_DEL_VALUE: - return "GP_REG_ACTION_DEL_VALUE"; - case GP_REG_ACTION_DEL_ALL_VALUES: - return "GP_REG_ACTION_DEL_ALL_VALUES"; - case GP_REG_ACTION_DEL_KEYS: - return "GP_REG_ACTION_DEL_KEYS"; - case GP_REG_ACTION_SEC_KEY_SET: - return "GP_REG_ACTION_SEC_KEY_SET"; - case GP_REG_ACTION_SEC_KEY_RESET: - return "GP_REG_ACTION_SEC_KEY_RESET"; - default: - return "unknown"; - } -} - -/**************************************************************** -****************************************************************/ - -WERROR reg_apply_registry_entry(TALLOC_CTX *mem_ctx, - struct registry_key *root_key, - struct gp_registry_context *reg_ctx, - struct gp_registry_entry *entry, - const struct security_token *token, - uint32_t flags) -{ - WERROR werr; - struct registry_key *key = NULL; - - if (flags & GPO_INFO_FLAG_VERBOSE) { - printf("about to store key: [%s]\n", entry->key); - printf(" value: [%s]\n", entry->value); - printf(" data: [%s]\n", str_regtype(entry->data->type)); - printf(" action: [%s]\n", gp_reg_action_str(entry->action)); - } - - werr = gp_store_reg_subkey(mem_ctx, entry->key, - root_key, &key); - /* reg_ctx->curr_key, &key); */ - if (!W_ERROR_IS_OK(werr)) { - DEBUG(0,("gp_store_reg_subkey failed: %s\n", win_errstr(werr))); - return werr; - } - - switch (entry->action) { - case GP_REG_ACTION_NONE: - case GP_REG_ACTION_ADD_KEY: - return WERR_OK; - - case GP_REG_ACTION_SEC_KEY_SET: - werr = gp_secure_key(mem_ctx, flags, - key, - &token->sids[0]); - if (!W_ERROR_IS_OK(werr)) { - DEBUG(0,("reg_apply_registry_entry: " - "gp_secure_key failed: %s\n", - win_errstr(werr))); - return werr; - } - break; - case GP_REG_ACTION_ADD_VALUE: - werr = reg_setvalue(key, entry->value, entry->data); - if (!W_ERROR_IS_OK(werr)) { - DEBUG(0,("reg_apply_registry_entry: " - "reg_setvalue failed: %s\n", - win_errstr(werr))); - dump_reg_entry(flags, "STORE", entry); - return werr; - } - break; - case GP_REG_ACTION_DEL_VALUE: - werr = reg_deletevalue(key, entry->value); - if (!W_ERROR_IS_OK(werr)) { - DEBUG(0,("reg_apply_registry_entry: " - "reg_deletevalue failed: %s\n", - win_errstr(werr))); - dump_reg_entry(flags, "STORE", entry); - return werr; - } - break; - case GP_REG_ACTION_DEL_ALL_VALUES: - werr = reg_deleteallvalues(key); - if (!W_ERROR_IS_OK(werr)) { - DEBUG(0,("reg_apply_registry_entry: " - "reg_deleteallvalues failed: %s\n", - win_errstr(werr))); - dump_reg_entry(flags, "STORE", entry); - return werr; - } - break; - case GP_REG_ACTION_DEL_VALUES: - case GP_REG_ACTION_DEL_KEYS: - case GP_REG_ACTION_SEC_KEY_RESET: - DEBUG(0,("reg_apply_registry_entry: " - "not yet supported: %s (%d)\n", - gp_reg_action_str(entry->action), - entry->action)); - return WERR_NOT_SUPPORTED; - default: - DEBUG(0,("invalid action: %d\n", entry->action)); - return WERR_INVALID_PARAMETER; - } - - return werr; -} - |