/*
* Unix SMB/CIFS implementation.
* Group Policy Support
* Copyright (C) Guenther Deschner 2007-2008,2010
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see .
*/
#include "includes.h"
#include "../libgpo/gpo_ini.h"
#include "../libgpo/gpo.h"
#include "libgpo/gpo_proto.h"
#include "registry.h"
#include "../librpc/gen_ndr/ndr_preg.h"
#include "libgpo/gpext/gpext.h"
#include "lib/util/util_file.h"
#define GP_EXT_NAME "registry"
/* more info can be found at:
* http://msdn2.microsoft.com/en-us/library/aa374407.aspx */
#define GP_REGPOL_FILE "Registry.pol"
#define GP_REGPOL_FILE_SIGNATURE 0x67655250 /* 'PReg' */
#define GP_REGPOL_FILE_VERSION 1
static TALLOC_CTX *ctx = NULL;
NTSTATUS gpext_registry_init(TALLOC_CTX *mem_ctx);
/****************************************************************
****************************************************************/
static bool reg_parse_value(TALLOC_CTX *mem_ctx,
const char **value,
enum gp_reg_action *action)
{
if (!*value) {
*action = GP_REG_ACTION_ADD_KEY;
return true;
}
if (strncmp(*value, "**", 2) != 0) {
*action = GP_REG_ACTION_ADD_VALUE;
return true;
}
if (strnequal(*value, "**DelVals.", 10)) {
*action = GP_REG_ACTION_DEL_ALL_VALUES;
return true;
}
if (strnequal(*value, "**Del.", 6)) {
*value = talloc_strdup(mem_ctx, *value + 6);
*action = GP_REG_ACTION_DEL_VALUE;
return true;
}
if (strnequal(*value, "**SecureKey", 11)) {
if (strnequal(*value, "**SecureKey=1", 13)) {
*action = GP_REG_ACTION_SEC_KEY_SET;
return true;
}
/*************** not tested from here on ***************/
if (strnequal(*value, "**SecureKey=0", 13)) {
smb_panic("not supported: **SecureKey=0");
*action = GP_REG_ACTION_SEC_KEY_RESET;
return true;
}
DEBUG(0,("unknown: SecureKey: %s\n", *value));
smb_panic("not supported SecureKey method");
return false;
}
if (strnequal(*value, "**DeleteValues", strlen("**DeleteValues"))) {
smb_panic("not supported: **DeleteValues");
*action = GP_REG_ACTION_DEL_VALUES;
return false;
}
if (strnequal(*value, "**DeleteKeys", strlen("**DeleteKeys"))) {
smb_panic("not supported: **DeleteKeys");
*action = GP_REG_ACTION_DEL_KEYS;
return false;
}
DEBUG(0,("unknown value: %s\n", *value));
smb_panic(*value);
return false;
}
/****************************************************************
****************************************************************/
static bool gp_reg_entry_from_file_entry(TALLOC_CTX *mem_ctx,
struct preg_entry *r,
struct gp_registry_entry **reg_entry)
{
struct registry_value *data = NULL;
struct gp_registry_entry *entry = NULL;
enum gp_reg_action action = GP_REG_ACTION_NONE;
enum ndr_err_code ndr_err;
ZERO_STRUCTP(*reg_entry);
data = talloc_zero(mem_ctx, struct registry_value);
if (!data)
return false;
data->type = r->type;
ndr_err = ndr_push_union_blob(
&data->data,
mem_ctx,
&r->data,
r->type,
(ndr_push_flags_fn_t)ndr_push_winreg_Data);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
DBG_WARNING("ndr_push_winreg_Data failed: %s\n",
ndr_errstr(ndr_err));
return false;
}
entry = talloc_zero(mem_ctx, struct gp_registry_entry);
if (!entry)
return false;
if (!reg_parse_value(mem_ctx, &r->valuename, &action))
return false;
entry->key = talloc_strdup(entry, r->keyname);
entry->value = talloc_strdup(entry, r->valuename);
entry->data = data;
entry->action = action;
*reg_entry = entry;
return true;
}
/****************************************************************
****************************************************************/
static NTSTATUS reg_parse_registry(TALLOC_CTX *mem_ctx,
uint32_t flags,
const char *filename,
struct gp_registry_entry **entries_p,
size_t *num_entries_p)
{
DATA_BLOB blob;
NTSTATUS status;
enum ndr_err_code ndr_err;
const char *real_filename = NULL;
struct preg_file r;
struct gp_registry_entry *entries = NULL;
size_t num_entries = 0;
int i;
status = gp_find_file(mem_ctx,
flags,
filename,
GP_REGPOL_FILE,
&real_filename);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
blob.data = (uint8_t *)file_load(real_filename, &blob.length, 0, NULL);
if (!blob.data) {
return NT_STATUS_CANNOT_LOAD_REGISTRY_FILE;
}
ndr_err = ndr_pull_struct_blob(&blob, mem_ctx, &r,
(ndr_pull_flags_fn_t)ndr_pull_preg_file);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
status = ndr_map_error2ntstatus(ndr_err);
goto out;
}
if (flags & GPO_INFO_FLAG_VERBOSE) {
NDR_PRINT_DEBUG(preg_file, &r);
}
if (!strequal(r.header.signature, "PReg")) {
status = NT_STATUS_INVALID_PARAMETER;
goto out;
}
if (r.header.version != GP_REGPOL_FILE_VERSION) {
status = NT_STATUS_INVALID_PARAMETER;
goto out;
}
for (i=0; i < r.num_entries; i++) {
struct gp_registry_entry *r_entry = NULL;
if (!gp_reg_entry_from_file_entry(mem_ctx,
&r.entries[i],
&r_entry)) {
status = NT_STATUS_NO_MEMORY;
goto out;
}
if (!add_gp_registry_entry_to_array(mem_ctx,
r_entry,
&entries,
&num_entries)) {
status = NT_STATUS_NO_MEMORY;
goto out;
}
}
*entries_p = entries;
*num_entries_p = num_entries;
status = NT_STATUS_OK;
out:
data_blob_free(&blob);
return status;
}
/****************************************************************
****************************************************************/
static WERROR reg_apply_registry(TALLOC_CTX *mem_ctx,
const struct security_token *token,
struct registry_key *root_key,
uint32_t flags,
struct gp_registry_entry *entries,
size_t num_entries)
{
struct gp_registry_context *reg_ctx = NULL;
WERROR werr;
size_t i;
if (num_entries == 0) {
return WERR_OK;
}
#if 0
if (flags & GPO_LIST_FLAG_MACHINE) {
werr = gp_init_reg_ctx(mem_ctx, KEY_HKLM, REG_KEY_WRITE,
get_system_token(),
®_ctx);
} else {
werr = gp_init_reg_ctx(mem_ctx, KEY_HKCU, REG_KEY_WRITE,
token,
®_ctx);
}
W_ERROR_NOT_OK_RETURN(werr);
#endif
for (i=0; inext) {
}
*/
for (gpo = changed_gpo_list; gpo; gpo = gpo->next) {
gpext_debug_header(0, "registry_process_group_policy", flags,
gpo, GP_EXT_GUID_REGISTRY, NULL);
status = gpo_get_unix_path(mem_ctx, gpo_cache_path,
gpo, &unix_path);
if (!NT_STATUS_IS_OK(status)) {
goto err_cache_path_free;
}
status = reg_parse_registry(mem_ctx,
flags,
unix_path,
&entries,
&num_entries);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("failed to parse registry: %s\n",
nt_errstr(status)));
goto err_cache_path_free;
}
dump_reg_entries(flags, "READ", entries, num_entries);
werr = reg_apply_registry(mem_ctx, token, root_key, flags,
entries, num_entries);
if (!W_ERROR_IS_OK(werr)) {
DEBUG(0,("failed to apply registry: %s\n",
win_errstr(werr)));
status = werror_to_ntstatus(werr);
goto err_cache_path_free;
}
}
status = NT_STATUS_OK;
err_cache_path_free:
talloc_free(gpo_cache_path);
talloc_free(entries);
return status;
}
/****************************************************************
****************************************************************/
static NTSTATUS registry_get_reg_config(TALLOC_CTX *mem_ctx,
struct gp_extension_reg_info **reg_info)
{
NTSTATUS status;
struct gp_extension_reg_info *info = NULL;
struct gp_extension_reg_table table[] = {
{ "ProcessGroupPolicy", REG_SZ, "registry_process_group_policy" },
{ NULL, REG_NONE, NULL }
};
info = talloc_zero(mem_ctx, struct gp_extension_reg_info);
NT_STATUS_HAVE_NO_MEMORY(info);
status = gpext_info_add_entry(mem_ctx, GP_EXT_NAME,
GP_EXT_GUID_REGISTRY,
table, info);
NT_STATUS_NOT_OK_RETURN(status);
*reg_info = info;
return NT_STATUS_OK;
}
/****************************************************************
****************************************************************/
static NTSTATUS registry_initialize(TALLOC_CTX *mem_ctx)
{
return NT_STATUS_OK;
}
/****************************************************************
****************************************************************/
static NTSTATUS registry_shutdown(void)
{
NTSTATUS status;
status = gpext_unregister_gp_extension(GP_EXT_NAME);
if (NT_STATUS_IS_OK(status)) {
return status;
}
TALLOC_FREE(ctx);
return NT_STATUS_OK;
}
/****************************************************************
****************************************************************/
static struct gp_extension_methods registry_methods = {
.initialize = registry_initialize,
.process_group_policy = registry_process_group_policy,
.get_reg_config = registry_get_reg_config,
.shutdown = registry_shutdown
};
/****************************************************************
****************************************************************/
NTSTATUS gpext_registry_init(TALLOC_CTX *mem_ctx)
{
NTSTATUS status;
ctx = talloc_init("gpext_registry_init");
NT_STATUS_HAVE_NO_MEMORY(ctx);
status = gpext_register_gp_extension(ctx, SMB_GPEXT_INTERFACE_VERSION,
GP_EXT_NAME, GP_EXT_GUID_REGISTRY,
®istry_methods);
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(ctx);
}
return status;
}