root/source3/libgpo/gpo_reg.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. registry_create_system_token
  2. gp_init_reg_ctx
  3. gp_free_reg_ctx
  4. gp_store_reg_subkey
  5. gp_read_reg_subkey
  6. gp_store_reg_val_sz
  7. gp_store_reg_val_dword
  8. gp_read_reg_val_sz
  9. gp_read_reg_val_dword
  10. gp_store_reg_gpovals
  11. gp_reg_groupmembership_path
  12. gp_reg_del_groupmembership
  13. gp_reg_store_groupmembership
  14. gp_reg_read_groupmembership
  15. gp_req_state_path
  16. gp_del_reg_state
  17. gp_reg_state_store
  18. gp_read_reg_gpovals
  19. gp_read_reg_gpo
  20. gp_reg_state_read
  21. gp_reg_generate_sd
  22. gp_secure_key
  23. dump_reg_val
  24. dump_reg_entry
  25. dump_reg_entries
  26. add_gp_registry_entry_to_array
  27. gp_reg_action_str
  28. reg_apply_registry_entry

   1 /*
   2  *  Unix SMB/CIFS implementation.
   3  *  Group Policy Object Support
   4  *  Copyright (C) Guenther Deschner 2007-2008
   5  *
   6  *  This program is free software; you can redistribute it and/or modify
   7  *  it under the terms of the GNU General Public License as published by
   8  *  the Free Software Foundation; either version 3 of the License, or
   9  *  (at your option) any later version.
  10  *
  11  *  This program is distributed in the hope that it will be useful,
  12  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14  *  GNU General Public License for more details.
  15  *
  16  *  You should have received a copy of the GNU General Public License
  17  *  along with this program; if not, see <http://www.gnu.org/licenses/>.
  18  */
  19 
  20 #include "includes.h"
  21 
  22 
  23 /****************************************************************
  24 ****************************************************************/
  25 
  26 struct nt_user_token *registry_create_system_token(TALLOC_CTX *mem_ctx)
     /* [<][>][^][v][top][bottom][index][help] */
  27 {
  28         struct nt_user_token *token = NULL;
  29 
  30         token = TALLOC_ZERO_P(mem_ctx, struct nt_user_token);
  31         if (!token) {
  32                 DEBUG(1,("talloc failed\n"));
  33                 return NULL;
  34         }
  35 
  36         token->privileges = se_priv_all;
  37 
  38         if (!NT_STATUS_IS_OK(add_sid_to_array(token, &global_sid_System,
  39                          &token->user_sids, &token->num_sids))) {
  40                 DEBUG(1,("Error adding nt-authority system sid to token\n"));
  41                 return NULL;
  42         }
  43 
  44         return token;
  45 }
  46 
  47 /****************************************************************
  48 ****************************************************************/
  49 
  50 WERROR gp_init_reg_ctx(TALLOC_CTX *mem_ctx,
     /* [<][>][^][v][top][bottom][index][help] */
  51                        const char *initial_path,
  52                        uint32_t desired_access,
  53                        const struct nt_user_token *token,
  54                        struct gp_registry_context **reg_ctx)
  55 {
  56         struct gp_registry_context *tmp_ctx;
  57         WERROR werr;
  58 
  59         if (!reg_ctx) {
  60                 return WERR_INVALID_PARAM;
  61         }
  62 
  63         werr = registry_init_basic();
  64         if (!W_ERROR_IS_OK(werr)) {
  65                 return werr;
  66         }
  67 
  68         tmp_ctx = TALLOC_ZERO_P(mem_ctx, struct gp_registry_context);
  69         W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
  70 
  71         if (token) {
  72                 tmp_ctx->token = token;
  73         } else {
  74                 tmp_ctx->token = registry_create_system_token(mem_ctx);
  75         }
  76         if (!tmp_ctx->token) {
  77                 TALLOC_FREE(tmp_ctx);
  78                 return WERR_NOMEM;
  79         }
  80 
  81         werr = regdb_open();
  82         if (!W_ERROR_IS_OK(werr)) {
  83                 return werr;
  84         }
  85 
  86         if (initial_path) {
  87                 tmp_ctx->path = talloc_strdup(mem_ctx, initial_path);
  88                 if (!tmp_ctx->path) {
  89                         TALLOC_FREE(tmp_ctx);
  90                         return WERR_NOMEM;
  91                 }
  92 
  93                 werr = reg_open_path(mem_ctx, tmp_ctx->path, desired_access,
  94                                      tmp_ctx->token, &tmp_ctx->curr_key);
  95                 if (!W_ERROR_IS_OK(werr)) {
  96                         TALLOC_FREE(tmp_ctx);
  97                         return werr;
  98                 }
  99         }
 100 
 101         *reg_ctx = tmp_ctx;
 102 
 103         return WERR_OK;
 104 }
 105 
 106 /****************************************************************
 107 ****************************************************************/
 108 
 109 void gp_free_reg_ctx(struct gp_registry_context *reg_ctx)
     /* [<][>][^][v][top][bottom][index][help] */
 110 {
 111         TALLOC_FREE(reg_ctx);
 112 }
 113 
 114 /****************************************************************
 115 ****************************************************************/
 116 
 117 WERROR gp_store_reg_subkey(TALLOC_CTX *mem_ctx,
     /* [<][>][^][v][top][bottom][index][help] */
 118                            const char *subkeyname,
 119                            struct registry_key *curr_key,
 120                            struct registry_key **new_key)
 121 {
 122         enum winreg_CreateAction action = REG_ACTION_NONE;
 123         WERROR werr;
 124 
 125         werr = reg_createkey(mem_ctx, curr_key, subkeyname,
 126                              REG_KEY_WRITE, new_key, &action);
 127         if (W_ERROR_IS_OK(werr) && (action != REG_CREATED_NEW_KEY)) {
 128                 return WERR_OK;
 129         }
 130 
 131         return werr;
 132 }
 133 
 134 /****************************************************************
 135 ****************************************************************/
 136 
 137 WERROR gp_read_reg_subkey(TALLOC_CTX *mem_ctx,
     /* [<][>][^][v][top][bottom][index][help] */
 138                           struct gp_registry_context *reg_ctx,
 139                           const char *subkeyname,
 140                           struct registry_key **key)
 141 {
 142         const char *tmp = NULL;
 143 
 144         if (!reg_ctx || !subkeyname || !key) {
 145                 return WERR_INVALID_PARAM;
 146         }
 147 
 148         tmp = talloc_asprintf(mem_ctx, "%s\\%s", reg_ctx->path, subkeyname);
 149         W_ERROR_HAVE_NO_MEMORY(tmp);
 150 
 151         return reg_open_path(mem_ctx, tmp, REG_KEY_READ,
 152                              reg_ctx->token, key);
 153 }
 154 
 155 /****************************************************************
 156 ****************************************************************/
 157 
 158 WERROR gp_store_reg_val_sz(TALLOC_CTX *mem_ctx,
     /* [<][>][^][v][top][bottom][index][help] */
 159                            struct registry_key *key,
 160                            const char *val_name,
 161                            const char *val)
 162 {
 163         struct registry_value reg_val;
 164         ZERO_STRUCT(reg_val);
 165 
 166         /* FIXME: hack */
 167         val = val ? val : " ";
 168 
 169         reg_val.type = REG_SZ;
 170         reg_val.v.sz.len = strlen(val);
 171         reg_val.v.sz.str = talloc_strdup(mem_ctx, val);
 172         W_ERROR_HAVE_NO_MEMORY(reg_val.v.sz.str);
 173 
 174         return reg_setvalue(key, val_name, &reg_val);
 175 }
 176 
 177 /****************************************************************
 178 ****************************************************************/
 179 
 180 static WERROR gp_store_reg_val_dword(TALLOC_CTX *mem_ctx,
     /* [<][>][^][v][top][bottom][index][help] */
 181                                      struct registry_key *key,
 182                                      const char *val_name,
 183                                      uint32_t val)
 184 {
 185         struct registry_value reg_val;
 186         ZERO_STRUCT(reg_val);
 187 
 188         reg_val.type = REG_DWORD;
 189         reg_val.v.dword = val;
 190 
 191         return reg_setvalue(key, val_name, &reg_val);
 192 }
 193 
 194 /****************************************************************
 195 ****************************************************************/
 196 
 197 WERROR gp_read_reg_val_sz(TALLOC_CTX *mem_ctx,
     /* [<][>][^][v][top][bottom][index][help] */
 198                           struct registry_key *key,
 199                           const char *val_name,
 200                           const char **val)
 201 {
 202         WERROR werr;
 203         struct registry_value *reg_val = NULL;
 204 
 205         werr = reg_queryvalue(mem_ctx, key, val_name, &reg_val);
 206         W_ERROR_NOT_OK_RETURN(werr);
 207 
 208         if (reg_val->type != REG_SZ) {
 209                 return WERR_INVALID_DATATYPE;
 210         }
 211 
 212         *val = talloc_strdup(mem_ctx, reg_val->v.sz.str);
 213         W_ERROR_HAVE_NO_MEMORY(*val);
 214 
 215         return WERR_OK;
 216 }
 217 
 218 /****************************************************************
 219 ****************************************************************/
 220 
 221 static WERROR gp_read_reg_val_dword(TALLOC_CTX *mem_ctx,
     /* [<][>][^][v][top][bottom][index][help] */
 222                                     struct registry_key *key,
 223                                     const char *val_name,
 224                                     uint32_t *val)
 225 {
 226         WERROR werr;
 227         struct registry_value *reg_val = NULL;
 228 
 229         werr = reg_queryvalue(mem_ctx, key, val_name, &reg_val);
 230         W_ERROR_NOT_OK_RETURN(werr);
 231 
 232         if (reg_val->type != REG_DWORD) {
 233                 return WERR_INVALID_DATATYPE;
 234         }
 235 
 236         *val = reg_val->v.dword;
 237 
 238         return WERR_OK;
 239 }
 240 
 241 /****************************************************************
 242 ****************************************************************/
 243 
 244 static WERROR gp_store_reg_gpovals(TALLOC_CTX *mem_ctx,
     /* [<][>][^][v][top][bottom][index][help] */
 245                                    struct registry_key *key,
 246                                    struct GROUP_POLICY_OBJECT *gpo)
 247 {
 248         WERROR werr;
 249 
 250         if (!key || !gpo) {
 251                 return WERR_INVALID_PARAM;
 252         }
 253 
 254         werr = gp_store_reg_val_dword(mem_ctx, key, "Version",
 255                                       gpo->version);
 256         W_ERROR_NOT_OK_RETURN(werr);
 257 
 258         werr = gp_store_reg_val_dword(mem_ctx, key, "WQLFilterPass",
 259                                       true); /* fake */
 260         W_ERROR_NOT_OK_RETURN(werr);
 261 
 262         werr = gp_store_reg_val_dword(mem_ctx, key, "AccessDenied",
 263                                       false); /* fake */
 264         W_ERROR_NOT_OK_RETURN(werr);
 265 
 266         werr = gp_store_reg_val_dword(mem_ctx, key, "GPO-Disabled",
 267                                       (gpo->options & GPO_FLAG_DISABLE));
 268         W_ERROR_NOT_OK_RETURN(werr);
 269 
 270         werr = gp_store_reg_val_dword(mem_ctx, key, "Options",
 271                                       gpo->options);
 272         W_ERROR_NOT_OK_RETURN(werr);
 273 
 274         werr = gp_store_reg_val_sz(mem_ctx, key, "GPOID",
 275                                    gpo->name);
 276         W_ERROR_NOT_OK_RETURN(werr);
 277 
 278         werr = gp_store_reg_val_sz(mem_ctx, key, "SOM",
 279                                    gpo->link);
 280         W_ERROR_NOT_OK_RETURN(werr);
 281 
 282         werr = gp_store_reg_val_sz(mem_ctx, key, "DisplayName",
 283                                    gpo->display_name);
 284         W_ERROR_NOT_OK_RETURN(werr);
 285 
 286         werr = gp_store_reg_val_sz(mem_ctx, key, "WQL-Id",
 287                                    NULL);
 288         W_ERROR_NOT_OK_RETURN(werr);
 289 
 290         return werr;
 291 }
 292 
 293 /****************************************************************
 294 ****************************************************************/
 295 
 296 static const char *gp_reg_groupmembership_path(TALLOC_CTX *mem_ctx,
     /* [<][>][^][v][top][bottom][index][help] */
 297                                                const DOM_SID *sid,
 298                                                uint32_t flags)
 299 {
 300         if (flags & GPO_LIST_FLAG_MACHINE) {
 301                 return "GroupMembership";
 302         }
 303 
 304         return talloc_asprintf(mem_ctx, "%s\\%s", sid_string_tos(sid),
 305                                "GroupMembership");
 306 }
 307 
 308 /****************************************************************
 309 ****************************************************************/
 310 
 311 static WERROR gp_reg_del_groupmembership(TALLOC_CTX *mem_ctx,
     /* [<][>][^][v][top][bottom][index][help] */
 312                                          struct registry_key *key,
 313                                          const struct nt_user_token *token,
 314                                          uint32_t flags)
 315 {
 316         const char *path = NULL;
 317 
 318         path = gp_reg_groupmembership_path(mem_ctx, &token->user_sids[0],
 319                                            flags);
 320         W_ERROR_HAVE_NO_MEMORY(path);
 321 
 322         return reg_deletekey_recursive(mem_ctx, key, path);
 323 
 324 }
 325 
 326 /****************************************************************
 327 ****************************************************************/
 328 
 329 static WERROR gp_reg_store_groupmembership(TALLOC_CTX *mem_ctx,
     /* [<][>][^][v][top][bottom][index][help] */
 330                                            struct gp_registry_context *reg_ctx,
 331                                            const struct nt_user_token *token,
 332                                            uint32_t flags)
 333 {
 334         struct registry_key *key = NULL;
 335         WERROR werr;
 336         int i = 0;
 337         const char *valname = NULL;
 338         const char *path = NULL;
 339         const char *val = NULL;
 340         int count = 0;
 341 
 342         path = gp_reg_groupmembership_path(mem_ctx, &token->user_sids[0],
 343                                            flags);
 344         W_ERROR_HAVE_NO_MEMORY(path);
 345 
 346         gp_reg_del_groupmembership(mem_ctx, reg_ctx->curr_key, token, flags);
 347 
 348         werr = gp_store_reg_subkey(mem_ctx, path,
 349                                    reg_ctx->curr_key, &key);
 350         W_ERROR_NOT_OK_RETURN(werr);
 351 
 352         for (i=0; i<token->num_sids; i++) {
 353 
 354                 valname = talloc_asprintf(mem_ctx, "Group%d", count++);
 355                 W_ERROR_HAVE_NO_MEMORY(valname);
 356 
 357                 val = sid_string_talloc(mem_ctx, &token->user_sids[i]);
 358                 W_ERROR_HAVE_NO_MEMORY(val);
 359                 werr = gp_store_reg_val_sz(mem_ctx, key, valname, val);
 360                 W_ERROR_NOT_OK_RETURN(werr);
 361         }
 362 
 363         werr = gp_store_reg_val_dword(mem_ctx, key, "Count", count);
 364         W_ERROR_NOT_OK_RETURN(werr);
 365 
 366         return WERR_OK;
 367 }
 368 
 369 /****************************************************************
 370 ****************************************************************/
 371 #if 0
 372 /* not used yet */
 373 static WERROR gp_reg_read_groupmembership(TALLOC_CTX *mem_ctx,
     /* [<][>][^][v][top][bottom][index][help] */
 374                                           struct gp_registry_context *reg_ctx,
 375                                           const DOM_SID *object_sid,
 376                                           struct nt_user_token **token,
 377                                           uint32_t flags)
 378 {
 379         struct registry_key *key = NULL;
 380         WERROR werr;
 381         int i = 0;
 382         const char *valname = NULL;
 383         const char *val = NULL;
 384         const char *path = NULL;
 385         uint32_t count = 0;
 386         int num_token_sids = 0;
 387         struct nt_user_token *tmp_token = NULL;
 388 
 389         tmp_token = TALLOC_ZERO_P(mem_ctx, struct nt_user_token);
 390         W_ERROR_HAVE_NO_MEMORY(tmp_token);
 391 
 392         path = gp_reg_groupmembership_path(mem_ctx, object_sid, flags);
 393         W_ERROR_HAVE_NO_MEMORY(path);
 394 
 395         werr = gp_read_reg_subkey(mem_ctx, reg_ctx, path, &key);
 396         W_ERROR_NOT_OK_RETURN(werr);
 397 
 398         werr = gp_read_reg_val_dword(mem_ctx, key, "Count", &count);
 399         W_ERROR_NOT_OK_RETURN(werr);
 400 
 401         for (i=0; i<count; i++) {
 402 
 403                 valname = talloc_asprintf(mem_ctx, "Group%d", i);
 404                 W_ERROR_HAVE_NO_MEMORY(valname);
 405 
 406                 werr = gp_read_reg_val_sz(mem_ctx, key, valname, &val);
 407                 W_ERROR_NOT_OK_RETURN(werr);
 408 
 409                 if (!string_to_sid(&tmp_token->user_sids[num_token_sids++],
 410                                    val)) {
 411                         return WERR_INSUFFICIENT_BUFFER;
 412                 }
 413         }
 414 
 415         tmp_token->num_sids = num_token_sids;
 416 
 417         *token = tmp_token;
 418 
 419         return WERR_OK;
 420 }
 421 #endif
 422 /****************************************************************
 423 ****************************************************************/
 424 
 425 static const char *gp_req_state_path(TALLOC_CTX *mem_ctx,
     /* [<][>][^][v][top][bottom][index][help] */
 426                                      const DOM_SID *sid,
 427                                      uint32_t flags)
 428 {
 429         if (flags & GPO_LIST_FLAG_MACHINE) {
 430                 return GPO_REG_STATE_MACHINE;
 431         }
 432 
 433         return talloc_asprintf(mem_ctx, "%s\\%s", "State", sid_string_tos(sid));
 434 }
 435 
 436 /****************************************************************
 437 ****************************************************************/
 438 
 439 static WERROR gp_del_reg_state(TALLOC_CTX *mem_ctx,
     /* [<][>][^][v][top][bottom][index][help] */
 440                                struct registry_key *key,
 441                                const char *path)
 442 {
 443         return reg_deletesubkeys_recursive(mem_ctx, key, path);
 444 }
 445 
 446 /****************************************************************
 447 ****************************************************************/
 448 
 449 WERROR gp_reg_state_store(TALLOC_CTX *mem_ctx,
     /* [<][>][^][v][top][bottom][index][help] */
 450                           uint32_t flags,
 451                           const char *dn,
 452                           const struct nt_user_token *token,
 453                           struct GROUP_POLICY_OBJECT *gpo_list)
 454 {
 455         struct gp_registry_context *reg_ctx = NULL;
 456         WERROR werr = WERR_GENERAL_FAILURE;
 457         const char *subkeyname = NULL;
 458         struct GROUP_POLICY_OBJECT *gpo;
 459         int count = 0;
 460         struct registry_key *key;
 461 
 462         werr = gp_init_reg_ctx(mem_ctx, KEY_GROUP_POLICY, REG_KEY_WRITE,
 463                                token, &reg_ctx);
 464         W_ERROR_NOT_OK_RETURN(werr);
 465 
 466         werr = gp_secure_key(mem_ctx, flags, reg_ctx->curr_key,
 467                              &token->user_sids[0]);
 468         if (!W_ERROR_IS_OK(werr)) {
 469                 DEBUG(0,("failed to secure key: %s\n", win_errstr(werr)));
 470                 goto done;
 471         }
 472 
 473         werr = gp_reg_store_groupmembership(mem_ctx, reg_ctx, token, flags);
 474         if (!W_ERROR_IS_OK(werr)) {
 475                 DEBUG(0,("failed to store group membership: %s\n", win_errstr(werr)));
 476                 goto done;
 477         }
 478 
 479         subkeyname = gp_req_state_path(mem_ctx, &token->user_sids[0], flags);
 480         if (!subkeyname) {
 481                 werr = WERR_NOMEM;
 482                 goto done;
 483         }
 484 
 485         werr = gp_del_reg_state(mem_ctx, reg_ctx->curr_key, subkeyname);
 486         if (!W_ERROR_IS_OK(werr)) {
 487                 DEBUG(0,("failed to delete old state: %s\n", win_errstr(werr)));
 488                 /* goto done; */
 489         }
 490 
 491         werr = gp_store_reg_subkey(mem_ctx, subkeyname,
 492                                    reg_ctx->curr_key, &reg_ctx->curr_key);
 493         if (!W_ERROR_IS_OK(werr)) {
 494                 goto done;
 495         }
 496 
 497         werr = gp_store_reg_val_sz(mem_ctx, reg_ctx->curr_key,
 498                                    "Distinguished-Name", dn);
 499         if (!W_ERROR_IS_OK(werr)) {
 500                 goto done;
 501         }
 502 
 503         /* store link list */
 504 
 505         werr = gp_store_reg_subkey(mem_ctx, "GPLink-List",
 506                                    reg_ctx->curr_key, &key);
 507         if (!W_ERROR_IS_OK(werr)) {
 508                 goto done;
 509         }
 510 
 511         /* store gpo list */
 512 
 513         werr = gp_store_reg_subkey(mem_ctx, "GPO-List",
 514                                    reg_ctx->curr_key, &reg_ctx->curr_key);
 515         if (!W_ERROR_IS_OK(werr)) {
 516                 goto done;
 517         }
 518 
 519         for (gpo = gpo_list; gpo; gpo = gpo->next) {
 520 
 521                 subkeyname = talloc_asprintf(mem_ctx, "%d", count++);
 522                 if (!subkeyname) {
 523                         werr = WERR_NOMEM;
 524                         goto done;
 525                 }
 526 
 527                 werr = gp_store_reg_subkey(mem_ctx, subkeyname,
 528                                            reg_ctx->curr_key, &key);
 529                 if (!W_ERROR_IS_OK(werr)) {
 530                         goto done;
 531                 }
 532 
 533                 werr = gp_store_reg_gpovals(mem_ctx, key, gpo);
 534                 if (!W_ERROR_IS_OK(werr)) {
 535                         DEBUG(0,("gp_reg_state_store: "
 536                                 "gpo_store_reg_gpovals failed for %s: %s\n",
 537                                 gpo->display_name, win_errstr(werr)));
 538                         goto done;
 539                 }
 540         }
 541  done:
 542         gp_free_reg_ctx(reg_ctx);
 543         return werr;
 544 }
 545 
 546 /****************************************************************
 547 ****************************************************************/
 548 
 549 static WERROR gp_read_reg_gpovals(TALLOC_CTX *mem_ctx,
     /* [<][>][^][v][top][bottom][index][help] */
 550                                   struct registry_key *key,
 551                                   struct GROUP_POLICY_OBJECT *gpo)
 552 {
 553         WERROR werr;
 554 
 555         if (!key || !gpo) {
 556                 return WERR_INVALID_PARAM;
 557         }
 558 
 559         werr = gp_read_reg_val_dword(mem_ctx, key, "Version",
 560                                      &gpo->version);
 561         W_ERROR_NOT_OK_RETURN(werr);
 562 
 563         werr = gp_read_reg_val_dword(mem_ctx, key, "Options",
 564                                      &gpo->options);
 565         W_ERROR_NOT_OK_RETURN(werr);
 566 
 567         werr = gp_read_reg_val_sz(mem_ctx, key, "GPOID",
 568                                   &gpo->name);
 569         W_ERROR_NOT_OK_RETURN(werr);
 570 
 571         werr = gp_read_reg_val_sz(mem_ctx, key, "SOM",
 572                                   &gpo->link);
 573         W_ERROR_NOT_OK_RETURN(werr);
 574 
 575         werr = gp_read_reg_val_sz(mem_ctx, key, "DisplayName",
 576                                   &gpo->display_name);
 577         W_ERROR_NOT_OK_RETURN(werr);
 578 
 579         return werr;
 580 }
 581 
 582 /****************************************************************
 583 ****************************************************************/
 584 
 585 static WERROR gp_read_reg_gpo(TALLOC_CTX *mem_ctx,
     /* [<][>][^][v][top][bottom][index][help] */
 586                               struct registry_key *key,
 587                               struct GROUP_POLICY_OBJECT **gpo_ret)
 588 {
 589         struct GROUP_POLICY_OBJECT *gpo = NULL;
 590         WERROR werr;
 591 
 592         if (!gpo_ret || !key) {
 593                 return WERR_INVALID_PARAM;
 594         }
 595 
 596         gpo = TALLOC_ZERO_P(mem_ctx, struct GROUP_POLICY_OBJECT);
 597         W_ERROR_HAVE_NO_MEMORY(gpo);
 598 
 599         werr = gp_read_reg_gpovals(mem_ctx, key, gpo);
 600         W_ERROR_NOT_OK_RETURN(werr);
 601 
 602         *gpo_ret = gpo;
 603 
 604         return werr;
 605 }
 606 
 607 /****************************************************************
 608 ****************************************************************/
 609 
 610 WERROR gp_reg_state_read(TALLOC_CTX *mem_ctx,
     /* [<][>][^][v][top][bottom][index][help] */
 611                          uint32_t flags,
 612                          const DOM_SID *sid,
 613                          struct GROUP_POLICY_OBJECT **gpo_list)
 614 {
 615         struct gp_registry_context *reg_ctx = NULL;
 616         WERROR werr = WERR_GENERAL_FAILURE;
 617         const char *subkeyname = NULL;
 618         struct GROUP_POLICY_OBJECT *gpo = NULL;
 619         int count = 0;
 620         struct registry_key *key = NULL;
 621         const char *path = NULL;
 622         const char *gp_state_path = NULL;
 623 
 624         if (!gpo_list) {
 625                 return WERR_INVALID_PARAM;
 626         }
 627 
 628         ZERO_STRUCTP(gpo_list);
 629 
 630         gp_state_path = gp_req_state_path(mem_ctx, sid, flags);
 631         if (!gp_state_path) {
 632                 werr = WERR_NOMEM;
 633                 goto done;
 634         }
 635 
 636         path = talloc_asprintf(mem_ctx, "%s\\%s\\%s",
 637                                KEY_GROUP_POLICY,
 638                                gp_state_path,
 639                                "GPO-List");
 640         if (!path) {
 641                 werr = WERR_NOMEM;
 642                 goto done;
 643         }
 644 
 645         werr = gp_init_reg_ctx(mem_ctx, path, REG_KEY_READ, NULL, &reg_ctx);
 646         if (!W_ERROR_IS_OK(werr)) {
 647                 goto done;
 648         }
 649 
 650         while (1) {
 651 
 652                 subkeyname = talloc_asprintf(mem_ctx, "%d", count++);
 653                 if (!subkeyname) {
 654                         werr = WERR_NOMEM;
 655                         goto done;
 656                 }
 657 
 658                 werr = gp_read_reg_subkey(mem_ctx, reg_ctx, subkeyname, &key);
 659                 if (W_ERROR_EQUAL(werr, WERR_BADFILE)) {
 660                         werr = WERR_OK;
 661                         break;
 662                 }
 663                 if (!W_ERROR_IS_OK(werr)) {
 664                         DEBUG(0,("gp_reg_state_read: "
 665                                 "gp_read_reg_subkey gave: %s\n",
 666                                 win_errstr(werr)));
 667                         goto done;
 668                 }
 669 
 670                 werr = gp_read_reg_gpo(mem_ctx, key, &gpo);
 671                 if (!W_ERROR_IS_OK(werr)) {
 672                         goto done;
 673                 }
 674 
 675                 DLIST_ADD(*gpo_list, gpo);
 676         }
 677 
 678  done:
 679         gp_free_reg_ctx(reg_ctx);
 680         return werr;
 681 }
 682 
 683 /****************************************************************
 684 ****************************************************************/
 685 
 686 static WERROR gp_reg_generate_sd(TALLOC_CTX *mem_ctx,
     /* [<][>][^][v][top][bottom][index][help] */
 687                                  const DOM_SID *sid,
 688                                  struct security_descriptor **sd,
 689                                  size_t *sd_size)
 690 {
 691         SEC_ACE ace[6];
 692         uint32_t mask;
 693 
 694         SEC_ACL *theacl = NULL;
 695 
 696         uint8_t inherit_flags;
 697 
 698         mask = REG_KEY_ALL;
 699         init_sec_ace(&ace[0],
 700                      &global_sid_System,
 701                      SEC_ACE_TYPE_ACCESS_ALLOWED,
 702                      mask, 0);
 703 
 704         mask = REG_KEY_ALL;
 705         init_sec_ace(&ace[1],
 706                      &global_sid_Builtin_Administrators,
 707                      SEC_ACE_TYPE_ACCESS_ALLOWED,
 708                      mask, 0);
 709 
 710         mask = REG_KEY_READ;
 711         init_sec_ace(&ace[2],
 712                      sid ? sid : &global_sid_Authenticated_Users,
 713                      SEC_ACE_TYPE_ACCESS_ALLOWED,
 714                      mask, 0);
 715 
 716         inherit_flags = SEC_ACE_FLAG_OBJECT_INHERIT |
 717                         SEC_ACE_FLAG_CONTAINER_INHERIT |
 718                         SEC_ACE_FLAG_INHERIT_ONLY;
 719 
 720         mask = REG_KEY_ALL;
 721         init_sec_ace(&ace[3],
 722                      &global_sid_System,
 723                      SEC_ACE_TYPE_ACCESS_ALLOWED,
 724                      mask, inherit_flags);
 725 
 726         mask = REG_KEY_ALL;
 727         init_sec_ace(&ace[4],
 728                      &global_sid_Builtin_Administrators,
 729                      SEC_ACE_TYPE_ACCESS_ALLOWED,
 730                      mask, inherit_flags);
 731 
 732         mask = REG_KEY_READ;
 733         init_sec_ace(&ace[5],
 734                      sid ? sid : &global_sid_Authenticated_Users,
 735                      SEC_ACE_TYPE_ACCESS_ALLOWED,
 736                      mask, inherit_flags);
 737 
 738         theacl = make_sec_acl(mem_ctx, NT4_ACL_REVISION, 6, ace);
 739         W_ERROR_HAVE_NO_MEMORY(theacl);
 740 
 741         *sd = make_sec_desc(mem_ctx, SEC_DESC_REVISION,
 742                             SEC_DESC_SELF_RELATIVE |
 743                             SEC_DESC_DACL_AUTO_INHERITED | /* really ? */
 744                             SEC_DESC_DACL_AUTO_INHERIT_REQ, /* really ? */
 745                             NULL, NULL, NULL,
 746                             theacl, sd_size);
 747         W_ERROR_HAVE_NO_MEMORY(*sd);
 748 
 749         return WERR_OK;
 750 }
 751 
 752 /****************************************************************
 753 ****************************************************************/
 754 
 755 WERROR gp_secure_key(TALLOC_CTX *mem_ctx,
     /* [<][>][^][v][top][bottom][index][help] */
 756                      uint32_t flags,
 757                      struct registry_key *key,
 758                      const DOM_SID *sid)
 759 {
 760         struct security_descriptor *sd = NULL;
 761         size_t sd_size = 0;
 762         const DOM_SID *sd_sid = NULL;
 763         WERROR werr;
 764 
 765         if (!(flags & GPO_LIST_FLAG_MACHINE)) {
 766                 sd_sid = sid;
 767         }
 768 
 769         werr = gp_reg_generate_sd(mem_ctx, sd_sid, &sd, &sd_size);
 770         W_ERROR_NOT_OK_RETURN(werr);
 771 
 772         return reg_setkeysecurity(key, sd);
 773 }
 774 
 775 /****************************************************************
 776 ****************************************************************/
 777 
 778 void dump_reg_val(int lvl, const char *direction,
     /* [<][>][^][v][top][bottom][index][help] */
 779                   const char *key, const char *subkey,
 780                   struct registry_value *val)
 781 {
 782         int i = 0;
 783         const char *type_str = NULL;
 784 
 785         if (!val) {
 786                 DEBUG(lvl,("no val!\n"));
 787                 return;
 788         }
 789 
 790         type_str = reg_type_lookup(val->type);
 791 
 792         DEBUG(lvl,("\tdump_reg_val:\t%s '%s'\n\t\t\t'%s' %s: ",
 793                 direction, key, subkey, type_str));
 794 
 795         switch (val->type) {
 796                 case REG_DWORD:
 797                         DEBUG(lvl,("%d (0x%08x)\n",
 798                                 (int)val->v.dword, val->v.dword));
 799                         break;
 800                 case REG_QWORD:
 801                         DEBUG(lvl,("%d (0x%016llx)\n",
 802                                 (int)val->v.qword,
 803                                 (unsigned long long)val->v.qword));
 804                         break;
 805                 case REG_SZ:
 806                         DEBUG(lvl,("%s (length: %d)\n",
 807                                    val->v.sz.str,
 808                                    (int)val->v.sz.len));
 809                         break;
 810                 case REG_MULTI_SZ:
 811                         DEBUG(lvl,("(num_strings: %d)\n",
 812                                    val->v.multi_sz.num_strings));
 813                         for (i=0; i < val->v.multi_sz.num_strings; i++) {
 814                                 DEBUGADD(lvl,("\t%s\n",
 815                                         val->v.multi_sz.strings[i]));
 816                         }
 817                         break;
 818                 case REG_NONE:
 819                         DEBUG(lvl,("\n"));
 820                         break;
 821                 case REG_BINARY:
 822                         dump_data(lvl, val->v.binary.data,
 823                                   val->v.binary.length);
 824                         break;
 825                 default:
 826                         DEBUG(lvl,("unsupported type: %d\n", val->type));
 827                         break;
 828         }
 829 }
 830 
 831 /****************************************************************
 832 ****************************************************************/
 833 
 834 void dump_reg_entry(uint32_t flags,
     /* [<][>][^][v][top][bottom][index][help] */
 835                     const char *dir,
 836                     struct gp_registry_entry *entry)
 837 {
 838         if (!(flags & GPO_INFO_FLAG_VERBOSE))
 839                 return;
 840 
 841         dump_reg_val(1, dir,
 842                      entry->key,
 843                      entry->value,
 844                      entry->data);
 845 }
 846 
 847 /****************************************************************
 848 ****************************************************************/
 849 
 850 void dump_reg_entries(uint32_t flags,
     /* [<][>][^][v][top][bottom][index][help] */
 851                       const char *dir,
 852                       struct gp_registry_entry *entries,
 853                       size_t num_entries)
 854 {
 855         size_t i;
 856 
 857         if (!(flags & GPO_INFO_FLAG_VERBOSE))
 858                 return;
 859 
 860         for (i=0; i < num_entries; i++) {
 861                 dump_reg_entry(flags, dir, &entries[i]);
 862         }
 863 }
 864 
 865 /****************************************************************
 866 ****************************************************************/
 867 
 868 bool add_gp_registry_entry_to_array(TALLOC_CTX *mem_ctx,
     /* [<][>][^][v][top][bottom][index][help] */
 869                                     struct gp_registry_entry *entry,
 870                                     struct gp_registry_entry **entries,
 871                                     size_t *num)
 872 {
 873         *entries = TALLOC_REALLOC_ARRAY(mem_ctx, *entries,
 874                                         struct gp_registry_entry,
 875                                         (*num)+1);
 876 
 877         if (*entries == NULL) {
 878                 *num = 0;
 879                 return false;
 880         }
 881 
 882         (*entries)[*num].action = entry->action;
 883         (*entries)[*num].key = entry->key;
 884         (*entries)[*num].value = entry->value;
 885         (*entries)[*num].data = entry->data;
 886 
 887         *num += 1;
 888         return true;
 889 }
 890 
 891 /****************************************************************
 892 ****************************************************************/
 893 
 894 static const char *gp_reg_action_str(enum gp_reg_action action)
     /* [<][>][^][v][top][bottom][index][help] */
 895 {
 896         switch (action) {
 897                 case GP_REG_ACTION_NONE:
 898                         return "GP_REG_ACTION_NONE";
 899                 case GP_REG_ACTION_ADD_VALUE:
 900                         return "GP_REG_ACTION_ADD_VALUE";
 901                 case GP_REG_ACTION_ADD_KEY:
 902                         return "GP_REG_ACTION_ADD_KEY";
 903                 case GP_REG_ACTION_DEL_VALUES:
 904                         return "GP_REG_ACTION_DEL_VALUES";
 905                 case GP_REG_ACTION_DEL_VALUE:
 906                         return "GP_REG_ACTION_DEL_VALUE";
 907                 case GP_REG_ACTION_DEL_ALL_VALUES:
 908                         return "GP_REG_ACTION_DEL_ALL_VALUES";
 909                 case GP_REG_ACTION_DEL_KEYS:
 910                         return "GP_REG_ACTION_DEL_KEYS";
 911                 case GP_REG_ACTION_SEC_KEY_SET:
 912                         return "GP_REG_ACTION_SEC_KEY_SET";
 913                 case GP_REG_ACTION_SEC_KEY_RESET:
 914                         return "GP_REG_ACTION_SEC_KEY_RESET";
 915                 default:
 916                         return "unknown";
 917         }
 918 }
 919 
 920 /****************************************************************
 921 ****************************************************************/
 922 
 923 WERROR reg_apply_registry_entry(TALLOC_CTX *mem_ctx,
     /* [<][>][^][v][top][bottom][index][help] */
 924                                 struct registry_key *root_key,
 925                                 struct gp_registry_context *reg_ctx,
 926                                 struct gp_registry_entry *entry,
 927                                 const struct nt_user_token *token,
 928                                 uint32_t flags)
 929 {
 930         WERROR werr;
 931         struct registry_key *key = NULL;
 932 
 933         if (flags & GPO_INFO_FLAG_VERBOSE) {
 934                 printf("about to store key:    [%s]\n", entry->key);
 935                 printf("               value:  [%s]\n", entry->value);
 936                 printf("               data:   [%s]\n", reg_type_lookup(entry->data->type));
 937                 printf("               action: [%s]\n", gp_reg_action_str(entry->action));
 938         }
 939 
 940         werr = gp_store_reg_subkey(mem_ctx, entry->key,
 941                                    root_key, &key);
 942                                    /* reg_ctx->curr_key, &key); */
 943         if (!W_ERROR_IS_OK(werr)) {
 944                 DEBUG(0,("gp_store_reg_subkey failed: %s\n", win_errstr(werr)));
 945                 return werr;
 946         }
 947 
 948         switch (entry->action) {
 949                 case GP_REG_ACTION_NONE:
 950                 case GP_REG_ACTION_ADD_KEY:
 951                         return WERR_OK;
 952 
 953                 case GP_REG_ACTION_SEC_KEY_SET:
 954                         werr = gp_secure_key(mem_ctx, flags,
 955                                              key,
 956                                              &token->user_sids[0]);
 957                         if (!W_ERROR_IS_OK(werr)) {
 958                                 DEBUG(0,("reg_apply_registry_entry: "
 959                                         "gp_secure_key failed: %s\n",
 960                                         win_errstr(werr)));
 961                                 return werr;
 962                         }
 963                         break;
 964                 case GP_REG_ACTION_ADD_VALUE:
 965                         werr = reg_setvalue(key, entry->value, entry->data);
 966                         if (!W_ERROR_IS_OK(werr)) {
 967                                 DEBUG(0,("reg_apply_registry_entry: "
 968                                         "reg_setvalue failed: %s\n",
 969                                         win_errstr(werr)));
 970                                 dump_reg_entry(flags, "STORE", entry);
 971                                 return werr;
 972                         }
 973                         break;
 974                 case GP_REG_ACTION_DEL_VALUE:
 975                         werr = reg_deletevalue(key, entry->value);
 976                         if (!W_ERROR_IS_OK(werr)) {
 977                                 DEBUG(0,("reg_apply_registry_entry: "
 978                                         "reg_deletevalue failed: %s\n",
 979                                         win_errstr(werr)));
 980                                 dump_reg_entry(flags, "STORE", entry);
 981                                 return werr;
 982                         }
 983                         break;
 984                 case GP_REG_ACTION_DEL_ALL_VALUES:
 985                         werr = reg_deleteallvalues(key);
 986                         if (!W_ERROR_IS_OK(werr)) {
 987                                 DEBUG(0,("reg_apply_registry_entry: "
 988                                         "reg_deleteallvalues failed: %s\n",
 989                                         win_errstr(werr)));
 990                                 dump_reg_entry(flags, "STORE", entry);
 991                                 return werr;
 992                         }
 993                         break;
 994                 case GP_REG_ACTION_DEL_VALUES:
 995                 case GP_REG_ACTION_DEL_KEYS:
 996                 case GP_REG_ACTION_SEC_KEY_RESET:
 997                         DEBUG(0,("reg_apply_registry_entry: "
 998                                 "not yet supported: %s (%d)\n",
 999                                 gp_reg_action_str(entry->action),
1000                                 entry->action));
1001                         return WERR_NOT_SUPPORTED;
1002                 default:
1003                         DEBUG(0,("invalid action: %d\n", entry->action));
1004                         return WERR_INVALID_PARAM;
1005         }
1006 
1007         return werr;
1008 }
1009 

/* [<][>][^][v][top][bottom][index][help] */