source3/libgpo/gpext/security.c

   1 /*
   2  *  Unix SMB/CIFS implementation.
   3  *  Group Policy Support
   4  *  Copyright (C) Guenther Deschner 2005-2008
   5  *
   6  *  This program is free software; you can redistribute it and/or modify
   7  *  it under the terms of the GNU General Public License as published by
   8  *  the Free Software Foundation; either version 3 of the License, or
   9  *  (at your option) any later version.
  10  *
  11  *  This program is distributed in the hope that it will be useful,
  12  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14  *  GNU General Public License for more details.
  15  *
  16  *  You should have received a copy of the GNU General Public License
  17  *  along with this program; if not, see <http://www.gnu.org/licenses/>.
  18  */
  19
  20 #include "includes.h"
  21 #include "libgpo/gpo_ini.h"
  22
  23 #define GP_EXT_NAME "security"
  24
  25 #define GPTTMPL_UNIX_PATH  "Microsoft/Windows NT/SecEdit/GptTmpl.inf"
  26
  27 #define GPTTMPL_SECTION_UNICODE                 "Unicode"
  28 #define GPTTMPL_SECTION_VERSION                 "Version"
  29
  30 #define GPTTMPL_SECTION_REGISTRY_VALUES         "Registry Values"
  31 #define GPTTMPL_SECTION_SYSTEM_ACCESS           "System Access"
  32 #define GPTTMPL_SECTION_KERBEROS_POLICY         "Kerberos Policy"
  33 #define GPTTMPL_SECTION_EVENT_AUDIT             "Event Audit"
  34 #define GPTTMPL_SECTION_PRIVILEGE_RIGHTS        "Privilege Rights"
  35 #define GPTTMPL_SECTION_APPLICATION_LOG         "Application Log"
  36 #define GPTTMPL_SECTION_SECURITY_LOG            "Security Log"
  37 #define GPTTMPL_SECTION_SYSTEM_LOG              "System Log"
  38 #define GPTTMPL_SECTION_GROUP_MEMBERSHIP        "Group Membership"
  39 #define GPTTMPL_SECTION_FILE_SECURITY           "File Security"
  40 #define GPTTMPL_SECTION_SERVICE_GENERAL_SETTING "Service General Setting"
  41
  42 static TALLOC_CTX *ctx = NULL;
  43
  44 struct gpttmpl_table {
  45         const char *section;
  46         const char *parameter;
  47         enum winreg_Type type;
  48 };
  49
  50 /****************************************************************
  51  parse the Version section from gpttmpl file
  52 ****************************************************************/
  53
  54 #define GPTTMPL_PARAMETER_REVISION "Revision"
  55 #define GPTTMPL_PARAMETER_SIGNATURE "signature"
  56 #define GPTTMPL_VALUE_CHICAGO "$CHICAGO$" /* whatever this is good for... */
  57 #define GPTTMPL_PARAMETER_UNICODE "Unicode"
  58
  59 static NTSTATUS gpttmpl_parse_header(dictionary *dict,
  60                                      uint32_t *version_out)
  61 {
  62         const char *signature = NULL;
  63         uint32_t version;
  64
  65         if (!dict) {
  66                 return NT_STATUS_INVALID_PARAMETER;
  67         }
  68
  69         if ((signature = iniparser_getstring(dict, GPTTMPL_SECTION_VERSION
  70                         ":"GPTTMPL_PARAMETER_SIGNATURE, NULL)) == NULL) {
  71                 return NT_STATUS_INTERNAL_DB_CORRUPTION;
  72         }
  73
  74         if (!strequal(signature, GPTTMPL_VALUE_CHICAGO)) {
  75                 return NT_STATUS_INTERNAL_DB_CORRUPTION;
  76         }
  77
  78         if ((version = iniparser_getint(dict, GPTTMPL_SECTION_VERSION
  79                         ":"GPTTMPL_PARAMETER_REVISION, Undefined)) == Undefined) {
  80                 return NT_STATUS_INTERNAL_DB_CORRUPTION;
  81         }
  82
  83         if (version_out) {
  84                 *version_out = version;
  85         }
  86
  87         /* treat that as boolean */
  88         if ((!iniparser_getboolean(dict, GPTTMPL_SECTION_UNICODE
  89                         ":"GPTTMPL_PARAMETER_UNICODE, Undefined)) == Undefined) {
  90                 return NT_STATUS_INTERNAL_DB_CORRUPTION;
  91         }
  92
  93         return NT_STATUS_OK;
  94 }
  95
  96 /****************************************************************
  97 ****************************************************************/
  98
  99 static NTSTATUS gpttmpl_init_context(TALLOC_CTX *mem_ctx,
 100                                      uint32_t flags,
 101                                      const char *unix_path,
 102                                      struct gp_inifile_context **ini_ctx)
 103 {
 104         NTSTATUS status;
 105         uint32_t version;
 106         struct gp_inifile_context *tmp_ctx = NULL;
 107
 108         status = gp_inifile_init_context(mem_ctx, flags, unix_path,
 109                                          GPTTMPL_UNIX_PATH, &tmp_ctx);
 110         NT_STATUS_NOT_OK_RETURN(status);
 111
 112         status = gpttmpl_parse_header(tmp_ctx->dict, &version);
 113         if (!NT_STATUS_IS_OK(status)) {
 114                 DEBUG(1,("gpttmpl_init_context: failed: %s\n",
 115                         nt_errstr(status)));
 116                 TALLOC_FREE(tmp_ctx);
 117                 return status;
 118         }
 119
 120         *ini_ctx = tmp_ctx;
 121
 122         return NT_STATUS_OK;
 123 }
 124
 125 /****************************************************************
 126 ****************************************************************/
 127
 128 static NTSTATUS gpttmpl_process(struct gp_inifile_context *ini_ctx,
 129                                 struct registry_key *root_key,
 130                                 uint32_t flags)
 131 {
 132         return NT_STATUS_OK;
 133 }
 134
 135 /****************************************************************
 136 ****************************************************************/
 137
 138 static NTSTATUS security_process_group_policy(ADS_STRUCT *ads,
 139                                               TALLOC_CTX *mem_ctx,
 140                                               uint32_t flags,
 141                                               struct registry_key *root_key,
 142                                               const struct nt_user_token *token,
 143                                               struct GROUP_POLICY_OBJECT *gpo,
 144                                               const char *extension_guid,
 145                                               const char *snapin_guid)
 146 {
 147         NTSTATUS status;
 148         char *unix_path = NULL;
 149         struct gp_inifile_context *ini_ctx = NULL;
 150
 151         debug_gpext_header(0, "security_process_group_policy", flags, gpo,
 152                            extension_guid, snapin_guid);
 153
 154         /* this handler processes the gpttmpl files and merge output to the
 155          * registry */
 156
 157         status = gpo_get_unix_path(mem_ctx, gpo, &unix_path);
 158         if (!NT_STATUS_IS_OK(status)) {
 159                 goto out;
 160         }
 161
 162         status = gpttmpl_init_context(mem_ctx, flags, unix_path, &ini_ctx);
 163         if (!NT_STATUS_IS_OK(status)) {
 164                 goto out;
 165         }
 166
 167         status = gpttmpl_process(ini_ctx, root_key, flags);
 168         if (!NT_STATUS_IS_OK(status)) {
 169                 goto out;
 170         }
 171
 172  out:
 173         if (!NT_STATUS_IS_OK(status)) {
 174                 DEBUG(0,("security_process_group_policy: %s\n",
 175                         nt_errstr(status)));
 176         }
 177         TALLOC_FREE(ini_ctx);
 178
 179         return status;
 180 }
 181
 182 /****************************************************************
 183 ****************************************************************/
 184
 185 static NTSTATUS security_get_reg_config(TALLOC_CTX *mem_ctx,
 186                                         struct gp_extension_reg_info **reg_info)
 187 {
 188         NTSTATUS status;
 189         struct gp_extension_reg_info *info = NULL;
 190
 191         struct gp_extension_reg_table table[] = {
 192                 /* FIXME: how can we store the "(Default)" value ??? */
 193                 /* { "", REG_SZ, "Security" }, */
 194                 { "ProcessGroupPolicy", REG_SZ, "security_process_group_policy" },
 195                 { "NoUserPolicy", REG_DWORD, "1" },
 196                 { "ExtensionDebugLevel", REG_DWORD, "1" },
 197                 { NULL, REG_NONE, NULL }
 198         };
 199
 200         info = TALLOC_ZERO_P(mem_ctx, struct gp_extension_reg_info);
 201         NT_STATUS_HAVE_NO_MEMORY(info);
 202
 203         status = gp_ext_info_add_entry(mem_ctx, GP_EXT_NAME,
 204                                        GP_EXT_GUID_SECURITY,
 205                                        table, info);
 206         NT_STATUS_NOT_OK_RETURN(status);
 207
 208         *reg_info = info;
 209
 210         return NT_STATUS_OK;
 211 }
 212
 213
 214 /****************************************************************
 215 ****************************************************************/
 216
 217 static NTSTATUS security_initialize(TALLOC_CTX *mem_ctx)
 218 {
 219         return NT_STATUS_OK;
 220 }
 221
 222 /****************************************************************
 223 ****************************************************************/
 224
 225 static NTSTATUS security_shutdown(void)
 226 {
 227         NTSTATUS status;
 228
 229         status = unregister_gp_extension(GP_EXT_NAME);
 230         if (NT_STATUS_IS_OK(status)) {
 231                 return status;
 232         }
 233
 234         TALLOC_FREE(ctx);
 235
 236         return NT_STATUS_OK;
 237 }
 238
 239 /****************************************************************
 240 ****************************************************************/
 241
 242 static struct gp_extension_methods security_methods = {
 243         .initialize             = security_initialize,
 244         .process_group_policy   = security_process_group_policy,
 245         .get_reg_config         = security_get_reg_config,
 246         .shutdown               = security_shutdown
 247 };
 248
 249 /****************************************************************
 250 ****************************************************************/
 251
 252 NTSTATUS gpext_security_init(void)
 253 {
 254         NTSTATUS status;
 255
 256         ctx = talloc_init("gpext_security_init");
 257         NT_STATUS_HAVE_NO_MEMORY(ctx);
 258
 259         status = register_gp_extension(ctx, SMB_GPEXT_INTERFACE_VERSION,
 260                                        GP_EXT_NAME, GP_EXT_GUID_SECURITY,
 261                                        &security_methods);
 262         if (!NT_STATUS_IS_OK(status)) {
 263                 TALLOC_FREE(ctx);
 264         }
 265
 266         return status;
 267 }