2 * Unix SMB/CIFS implementation.
3 * Group Policy Object Support
4 * Copyright (C) Guenther Deschner 2007-2008
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, see <http://www.gnu.org/licenses/>.
23 /****************************************************************
24 ****************************************************************/
26 struct nt_user_token
*registry_create_system_token(TALLOC_CTX
*mem_ctx
)
28 struct nt_user_token
*token
= NULL
;
30 token
= TALLOC_ZERO_P(mem_ctx
, struct nt_user_token
);
32 DEBUG(1,("talloc failed\n"));
36 token
->privileges
= se_priv_all
;
38 if (!NT_STATUS_IS_OK(add_sid_to_array(token
, &global_sid_System
,
39 &token
->user_sids
, &token
->num_sids
))) {
40 DEBUG(1,("Error adding nt-authority system sid to token\n"));
47 /****************************************************************
48 ****************************************************************/
50 WERROR
gp_init_reg_ctx(TALLOC_CTX
*mem_ctx
,
51 const char *initial_path
,
52 uint32_t desired_access
,
53 const struct nt_user_token
*token
,
54 struct gp_registry_context
**reg_ctx
)
56 struct gp_registry_context
*tmp_ctx
;
60 return WERR_INVALID_PARAM
;
63 if (!registry_init_basic()) {
64 return WERR_CAN_NOT_COMPLETE
;
67 tmp_ctx
= TALLOC_ZERO_P(mem_ctx
, struct gp_registry_context
);
68 W_ERROR_HAVE_NO_MEMORY(tmp_ctx
);
71 tmp_ctx
->token
= token
;
73 tmp_ctx
->token
= registry_create_system_token(mem_ctx
);
75 if (!tmp_ctx
->token
) {
81 if (!W_ERROR_IS_OK(werr
)) {
86 tmp_ctx
->path
= talloc_strdup(mem_ctx
, initial_path
);
92 werr
= reg_open_path(mem_ctx
, tmp_ctx
->path
, desired_access
,
93 tmp_ctx
->token
, &tmp_ctx
->curr_key
);
94 if (!W_ERROR_IS_OK(werr
)) {
105 /****************************************************************
106 ****************************************************************/
108 void gp_free_reg_ctx(struct gp_registry_context
*reg_ctx
)
110 TALLOC_FREE(reg_ctx
);
113 /****************************************************************
114 ****************************************************************/
116 WERROR
gp_store_reg_subkey(TALLOC_CTX
*mem_ctx
,
117 const char *subkeyname
,
118 struct registry_key
*curr_key
,
119 struct registry_key
**new_key
)
121 enum winreg_CreateAction action
= REG_ACTION_NONE
;
124 werr
= reg_createkey(mem_ctx
, curr_key
, subkeyname
,
125 REG_KEY_WRITE
, new_key
, &action
);
126 if (W_ERROR_IS_OK(werr
) && (action
!= REG_CREATED_NEW_KEY
)) {
133 /****************************************************************
134 ****************************************************************/
136 WERROR
gp_read_reg_subkey(TALLOC_CTX
*mem_ctx
,
137 struct gp_registry_context
*reg_ctx
,
138 const char *subkeyname
,
139 struct registry_key
**key
)
141 const char *tmp
= NULL
;
143 if (!reg_ctx
|| !subkeyname
|| !key
) {
144 return WERR_INVALID_PARAM
;
147 tmp
= talloc_asprintf(mem_ctx
, "%s\\%s", reg_ctx
->path
, subkeyname
);
148 W_ERROR_HAVE_NO_MEMORY(tmp
);
150 return reg_open_path(mem_ctx
, tmp
, REG_KEY_READ
,
151 reg_ctx
->token
, key
);
154 /****************************************************************
155 ****************************************************************/
157 WERROR
gp_store_reg_val_sz(TALLOC_CTX
*mem_ctx
,
158 struct registry_key
*key
,
159 const char *val_name
,
162 struct registry_value reg_val
;
163 ZERO_STRUCT(reg_val
);
166 val
= val
? val
: " ";
168 reg_val
.type
= REG_SZ
;
169 reg_val
.v
.sz
.len
= strlen(val
);
170 reg_val
.v
.sz
.str
= talloc_strdup(mem_ctx
, val
);
171 W_ERROR_HAVE_NO_MEMORY(reg_val
.v
.sz
.str
);
173 return reg_setvalue(key
, val_name
, ®_val
);
176 /****************************************************************
177 ****************************************************************/
179 static WERROR
gp_store_reg_val_dword(TALLOC_CTX
*mem_ctx
,
180 struct registry_key
*key
,
181 const char *val_name
,
184 struct registry_value reg_val
;
185 ZERO_STRUCT(reg_val
);
187 reg_val
.type
= REG_DWORD
;
188 reg_val
.v
.dword
= val
;
190 return reg_setvalue(key
, val_name
, ®_val
);
193 /****************************************************************
194 ****************************************************************/
196 WERROR
gp_read_reg_val_sz(TALLOC_CTX
*mem_ctx
,
197 struct registry_key
*key
,
198 const char *val_name
,
202 struct registry_value
*reg_val
= NULL
;
204 werr
= reg_queryvalue(mem_ctx
, key
, val_name
, ®_val
);
205 W_ERROR_NOT_OK_RETURN(werr
);
207 if (reg_val
->type
!= REG_SZ
) {
208 return WERR_INVALID_DATATYPE
;
211 *val
= talloc_strdup(mem_ctx
, reg_val
->v
.sz
.str
);
212 W_ERROR_HAVE_NO_MEMORY(*val
);
217 /****************************************************************
218 ****************************************************************/
220 static WERROR
gp_read_reg_val_dword(TALLOC_CTX
*mem_ctx
,
221 struct registry_key
*key
,
222 const char *val_name
,
226 struct registry_value
*reg_val
= NULL
;
228 werr
= reg_queryvalue(mem_ctx
, key
, val_name
, ®_val
);
229 W_ERROR_NOT_OK_RETURN(werr
);
231 if (reg_val
->type
!= REG_DWORD
) {
232 return WERR_INVALID_DATATYPE
;
235 *val
= reg_val
->v
.dword
;
240 /****************************************************************
241 ****************************************************************/
243 static WERROR
gp_store_reg_gpovals(TALLOC_CTX
*mem_ctx
,
244 struct registry_key
*key
,
245 struct GROUP_POLICY_OBJECT
*gpo
)
250 return WERR_INVALID_PARAM
;
253 werr
= gp_store_reg_val_dword(mem_ctx
, key
, "Version",
255 W_ERROR_NOT_OK_RETURN(werr
);
257 werr
= gp_store_reg_val_dword(mem_ctx
, key
, "WQLFilterPass",
259 W_ERROR_NOT_OK_RETURN(werr
);
261 werr
= gp_store_reg_val_dword(mem_ctx
, key
, "AccessDenied",
263 W_ERROR_NOT_OK_RETURN(werr
);
265 werr
= gp_store_reg_val_dword(mem_ctx
, key
, "GPO-Disabled",
266 (gpo
->options
& GPO_FLAG_DISABLE
));
267 W_ERROR_NOT_OK_RETURN(werr
);
269 werr
= gp_store_reg_val_dword(mem_ctx
, key
, "Options",
271 W_ERROR_NOT_OK_RETURN(werr
);
273 werr
= gp_store_reg_val_sz(mem_ctx
, key
, "GPOID",
275 W_ERROR_NOT_OK_RETURN(werr
);
277 werr
= gp_store_reg_val_sz(mem_ctx
, key
, "SOM",
279 W_ERROR_NOT_OK_RETURN(werr
);
281 werr
= gp_store_reg_val_sz(mem_ctx
, key
, "DisplayName",
283 W_ERROR_NOT_OK_RETURN(werr
);
285 werr
= gp_store_reg_val_sz(mem_ctx
, key
, "WQL-Id",
287 W_ERROR_NOT_OK_RETURN(werr
);
292 /****************************************************************
293 ****************************************************************/
295 static const char *gp_reg_groupmembership_path(TALLOC_CTX
*mem_ctx
,
299 if (flags
& GPO_LIST_FLAG_MACHINE
) {
300 return "GroupMembership";
303 return talloc_asprintf(mem_ctx
, "%s\\%s", sid_string_tos(sid
),
307 /****************************************************************
308 ****************************************************************/
310 static WERROR
gp_reg_del_groupmembership(TALLOC_CTX
*mem_ctx
,
311 struct registry_key
*key
,
312 const struct nt_user_token
*token
,
315 const char *path
= NULL
;
317 path
= gp_reg_groupmembership_path(mem_ctx
, &token
->user_sids
[0],
319 W_ERROR_HAVE_NO_MEMORY(path
);
321 return reg_deletekey_recursive(mem_ctx
, key
, path
);
325 /****************************************************************
326 ****************************************************************/
328 static WERROR
gp_reg_store_groupmembership(TALLOC_CTX
*mem_ctx
,
329 struct gp_registry_context
*reg_ctx
,
330 const struct nt_user_token
*token
,
333 struct registry_key
*key
= NULL
;
336 const char *valname
= NULL
;
337 const char *path
= NULL
;
338 const char *val
= NULL
;
341 path
= gp_reg_groupmembership_path(mem_ctx
, &token
->user_sids
[0],
343 W_ERROR_HAVE_NO_MEMORY(path
);
345 gp_reg_del_groupmembership(mem_ctx
, reg_ctx
->curr_key
, token
, flags
);
347 werr
= gp_store_reg_subkey(mem_ctx
, path
,
348 reg_ctx
->curr_key
, &key
);
349 W_ERROR_NOT_OK_RETURN(werr
);
351 for (i
=0; i
<token
->num_sids
; i
++) {
353 valname
= talloc_asprintf(mem_ctx
, "Group%d", count
++);
354 W_ERROR_HAVE_NO_MEMORY(valname
);
356 val
= sid_string_talloc(mem_ctx
, &token
->user_sids
[i
]);
357 W_ERROR_HAVE_NO_MEMORY(val
);
358 werr
= gp_store_reg_val_sz(mem_ctx
, key
, valname
, val
);
359 W_ERROR_NOT_OK_RETURN(werr
);
362 werr
= gp_store_reg_val_dword(mem_ctx
, key
, "Count", count
);
363 W_ERROR_NOT_OK_RETURN(werr
);
368 /****************************************************************
369 ****************************************************************/
372 static WERROR
gp_reg_read_groupmembership(TALLOC_CTX
*mem_ctx
,
373 struct gp_registry_context
*reg_ctx
,
374 const DOM_SID
*object_sid
,
375 struct nt_user_token
**token
,
378 struct registry_key
*key
= NULL
;
381 const char *valname
= NULL
;
382 const char *val
= NULL
;
383 const char *path
= NULL
;
385 int num_token_sids
= 0;
386 struct nt_user_token
*tmp_token
= NULL
;
388 tmp_token
= TALLOC_ZERO_P(mem_ctx
, struct nt_user_token
);
389 W_ERROR_HAVE_NO_MEMORY(tmp_token
);
391 path
= gp_reg_groupmembership_path(mem_ctx
, object_sid
, flags
);
392 W_ERROR_HAVE_NO_MEMORY(path
);
394 werr
= gp_read_reg_subkey(mem_ctx
, reg_ctx
, path
, &key
);
395 W_ERROR_NOT_OK_RETURN(werr
);
397 werr
= gp_read_reg_val_dword(mem_ctx
, key
, "Count", &count
);
398 W_ERROR_NOT_OK_RETURN(werr
);
400 for (i
=0; i
<count
; i
++) {
402 valname
= talloc_asprintf(mem_ctx
, "Group%d", i
);
403 W_ERROR_HAVE_NO_MEMORY(valname
);
405 werr
= gp_read_reg_val_sz(mem_ctx
, key
, valname
, &val
);
406 W_ERROR_NOT_OK_RETURN(werr
);
408 if (!string_to_sid(&tmp_token
->user_sids
[num_token_sids
++],
410 return WERR_INSUFFICIENT_BUFFER
;
414 tmp_token
->num_sids
= num_token_sids
;
421 /****************************************************************
422 ****************************************************************/
424 static const char *gp_req_state_path(TALLOC_CTX
*mem_ctx
,
428 if (flags
& GPO_LIST_FLAG_MACHINE
) {
429 return GPO_REG_STATE_MACHINE
;
432 return talloc_asprintf(mem_ctx
, "%s\\%s", "State", sid_string_tos(sid
));
435 /****************************************************************
436 ****************************************************************/
438 static WERROR
gp_del_reg_state(TALLOC_CTX
*mem_ctx
,
439 struct registry_key
*key
,
442 return reg_deletesubkeys_recursive(mem_ctx
, key
, path
);
445 /****************************************************************
446 ****************************************************************/
448 WERROR
gp_reg_state_store(TALLOC_CTX
*mem_ctx
,
451 const struct nt_user_token
*token
,
452 struct GROUP_POLICY_OBJECT
*gpo_list
)
454 struct gp_registry_context
*reg_ctx
= NULL
;
455 WERROR werr
= WERR_GENERAL_FAILURE
;
456 const char *subkeyname
= NULL
;
457 struct GROUP_POLICY_OBJECT
*gpo
;
459 struct registry_key
*key
;
461 werr
= gp_init_reg_ctx(mem_ctx
, KEY_GROUP_POLICY
, REG_KEY_WRITE
,
463 W_ERROR_NOT_OK_RETURN(werr
);
465 werr
= gp_secure_key(mem_ctx
, flags
, reg_ctx
->curr_key
,
466 &token
->user_sids
[0]);
467 if (!W_ERROR_IS_OK(werr
)) {
468 DEBUG(0,("failed to secure key: %s\n", dos_errstr(werr
)));
472 werr
= gp_reg_store_groupmembership(mem_ctx
, reg_ctx
, token
, flags
);
473 if (!W_ERROR_IS_OK(werr
)) {
474 DEBUG(0,("failed to store group membership: %s\n", dos_errstr(werr
)));
478 subkeyname
= gp_req_state_path(mem_ctx
, &token
->user_sids
[0], flags
);
484 werr
= gp_del_reg_state(mem_ctx
, reg_ctx
->curr_key
, subkeyname
);
485 if (!W_ERROR_IS_OK(werr
)) {
486 DEBUG(0,("failed to delete old state: %s\n", dos_errstr(werr
)));
490 werr
= gp_store_reg_subkey(mem_ctx
, subkeyname
,
491 reg_ctx
->curr_key
, ®_ctx
->curr_key
);
492 if (!W_ERROR_IS_OK(werr
)) {
496 werr
= gp_store_reg_val_sz(mem_ctx
, reg_ctx
->curr_key
,
497 "Distinguished-Name", dn
);
498 if (!W_ERROR_IS_OK(werr
)) {
502 /* store link list */
504 werr
= gp_store_reg_subkey(mem_ctx
, "GPLink-List",
505 reg_ctx
->curr_key
, &key
);
506 if (!W_ERROR_IS_OK(werr
)) {
512 werr
= gp_store_reg_subkey(mem_ctx
, "GPO-List",
513 reg_ctx
->curr_key
, ®_ctx
->curr_key
);
514 if (!W_ERROR_IS_OK(werr
)) {
518 for (gpo
= gpo_list
; gpo
; gpo
= gpo
->next
) {
520 subkeyname
= talloc_asprintf(mem_ctx
, "%d", count
++);
526 werr
= gp_store_reg_subkey(mem_ctx
, subkeyname
,
527 reg_ctx
->curr_key
, &key
);
528 if (!W_ERROR_IS_OK(werr
)) {
532 werr
= gp_store_reg_gpovals(mem_ctx
, key
, gpo
);
533 if (!W_ERROR_IS_OK(werr
)) {
534 DEBUG(0,("gp_reg_state_store: "
535 "gpo_store_reg_gpovals failed for %s: %s\n",
536 gpo
->display_name
, dos_errstr(werr
)));
541 gp_free_reg_ctx(reg_ctx
);
545 /****************************************************************
546 ****************************************************************/
548 static WERROR
gp_read_reg_gpovals(TALLOC_CTX
*mem_ctx
,
549 struct registry_key
*key
,
550 struct GROUP_POLICY_OBJECT
*gpo
)
555 return WERR_INVALID_PARAM
;
558 werr
= gp_read_reg_val_dword(mem_ctx
, key
, "Version",
560 W_ERROR_NOT_OK_RETURN(werr
);
562 werr
= gp_read_reg_val_dword(mem_ctx
, key
, "Options",
564 W_ERROR_NOT_OK_RETURN(werr
);
566 werr
= gp_read_reg_val_sz(mem_ctx
, key
, "GPOID",
568 W_ERROR_NOT_OK_RETURN(werr
);
570 werr
= gp_read_reg_val_sz(mem_ctx
, key
, "SOM",
572 W_ERROR_NOT_OK_RETURN(werr
);
574 werr
= gp_read_reg_val_sz(mem_ctx
, key
, "DisplayName",
576 W_ERROR_NOT_OK_RETURN(werr
);
581 /****************************************************************
582 ****************************************************************/
584 static WERROR
gp_read_reg_gpo(TALLOC_CTX
*mem_ctx
,
585 struct registry_key
*key
,
586 struct GROUP_POLICY_OBJECT
**gpo_ret
)
588 struct GROUP_POLICY_OBJECT
*gpo
= NULL
;
591 if (!gpo_ret
|| !key
) {
592 return WERR_INVALID_PARAM
;
595 gpo
= TALLOC_ZERO_P(mem_ctx
, struct GROUP_POLICY_OBJECT
);
596 W_ERROR_HAVE_NO_MEMORY(gpo
);
598 werr
= gp_read_reg_gpovals(mem_ctx
, key
, gpo
);
599 W_ERROR_NOT_OK_RETURN(werr
);
606 /****************************************************************
607 ****************************************************************/
609 WERROR
gp_reg_state_read(TALLOC_CTX
*mem_ctx
,
612 struct GROUP_POLICY_OBJECT
**gpo_list
)
614 struct gp_registry_context
*reg_ctx
= NULL
;
615 WERROR werr
= WERR_GENERAL_FAILURE
;
616 const char *subkeyname
= NULL
;
617 struct GROUP_POLICY_OBJECT
*gpo
= NULL
;
619 struct registry_key
*key
= NULL
;
620 const char *path
= NULL
;
621 const char *gp_state_path
= NULL
;
624 return WERR_INVALID_PARAM
;
627 ZERO_STRUCTP(gpo_list
);
629 gp_state_path
= gp_req_state_path(mem_ctx
, sid
, flags
);
630 if (!gp_state_path
) {
635 path
= talloc_asprintf(mem_ctx
, "%s\\%s\\%s",
644 werr
= gp_init_reg_ctx(mem_ctx
, path
, REG_KEY_READ
, NULL
, ®_ctx
);
645 if (!W_ERROR_IS_OK(werr
)) {
651 subkeyname
= talloc_asprintf(mem_ctx
, "%d", count
++);
657 werr
= gp_read_reg_subkey(mem_ctx
, reg_ctx
, subkeyname
, &key
);
658 if (W_ERROR_EQUAL(werr
, WERR_BADFILE
)) {
662 if (!W_ERROR_IS_OK(werr
)) {
663 DEBUG(0,("gp_reg_state_read: "
664 "gp_read_reg_subkey gave: %s\n",
669 werr
= gp_read_reg_gpo(mem_ctx
, key
, &gpo
);
670 if (!W_ERROR_IS_OK(werr
)) {
674 DLIST_ADD(*gpo_list
, gpo
);
678 gp_free_reg_ctx(reg_ctx
);
682 /****************************************************************
683 ****************************************************************/
685 static WERROR
gp_reg_generate_sd(TALLOC_CTX
*mem_ctx
,
687 struct security_descriptor
**sd
,
695 uint8_t inherit_flags
;
697 init_sec_access(&mask
, REG_KEY_ALL
);
698 init_sec_ace(&ace
[0],
700 SEC_ACE_TYPE_ACCESS_ALLOWED
,
703 init_sec_access(&mask
, REG_KEY_ALL
);
704 init_sec_ace(&ace
[1],
705 &global_sid_Builtin_Administrators
,
706 SEC_ACE_TYPE_ACCESS_ALLOWED
,
709 init_sec_access(&mask
, REG_KEY_READ
);
710 init_sec_ace(&ace
[2],
711 sid
? sid
: &global_sid_Authenticated_Users
,
712 SEC_ACE_TYPE_ACCESS_ALLOWED
,
715 inherit_flags
= SEC_ACE_FLAG_OBJECT_INHERIT
|
716 SEC_ACE_FLAG_CONTAINER_INHERIT
|
717 SEC_ACE_FLAG_INHERIT_ONLY
;
719 init_sec_access(&mask
, REG_KEY_ALL
);
720 init_sec_ace(&ace
[3],
722 SEC_ACE_TYPE_ACCESS_ALLOWED
,
723 mask
, inherit_flags
);
725 init_sec_access(&mask
, REG_KEY_ALL
);
726 init_sec_ace(&ace
[4],
727 &global_sid_Builtin_Administrators
,
728 SEC_ACE_TYPE_ACCESS_ALLOWED
,
729 mask
, inherit_flags
);
731 init_sec_access(&mask
, REG_KEY_READ
);
732 init_sec_ace(&ace
[5],
733 sid
? sid
: &global_sid_Authenticated_Users
,
734 SEC_ACE_TYPE_ACCESS_ALLOWED
,
735 mask
, inherit_flags
);
737 acl
= make_sec_acl(mem_ctx
, NT4_ACL_REVISION
, 6, ace
);
738 W_ERROR_HAVE_NO_MEMORY(acl
);
740 *sd
= make_sec_desc(mem_ctx
, SEC_DESC_REVISION
,
741 SEC_DESC_SELF_RELATIVE
|
742 SEC_DESC_DACL_AUTO_INHERITED
| /* really ? */
743 SEC_DESC_DACL_AUTO_INHERIT_REQ
, /* really ? */
746 W_ERROR_HAVE_NO_MEMORY(*sd
);
751 /****************************************************************
752 ****************************************************************/
754 WERROR
gp_secure_key(TALLOC_CTX
*mem_ctx
,
756 struct registry_key
*key
,
759 struct security_descriptor
*sd
= NULL
;
761 const DOM_SID
*sd_sid
= NULL
;
764 if (!(flags
& GPO_LIST_FLAG_MACHINE
)) {
768 werr
= gp_reg_generate_sd(mem_ctx
, sd_sid
, &sd
, &sd_size
);
769 W_ERROR_NOT_OK_RETURN(werr
);
771 return reg_setkeysecurity(key
, sd
);
774 /****************************************************************
775 ****************************************************************/
777 void dump_reg_val(int lvl
, const char *direction
,
778 const char *key
, const char *subkey
,
779 struct registry_value
*val
)
782 const char *type_str
= NULL
;
785 DEBUG(lvl
,("no val!\n"));
789 type_str
= reg_type_lookup(val
->type
);
791 DEBUG(lvl
,("\tdump_reg_val: %s '%s' '%s' %s: ",
792 direction
, key
, subkey
, type_str
));
796 DEBUG(lvl
,("%d\n", (int)val
->v
.dword
));
799 DEBUG(lvl
,("%d\n", (int)val
->v
.qword
));
802 DEBUG(lvl
,("%s (length: %d)\n",
804 (int)val
->v
.sz
.len
));
807 DEBUG(lvl
,("(num_strings: %d)\n",
808 val
->v
.multi_sz
.num_strings
));
809 for (i
=0; i
< val
->v
.multi_sz
.num_strings
; i
++) {
810 DEBUGADD(lvl
,("\t%s\n",
811 val
->v
.multi_sz
.strings
[i
]));
818 dump_data(lvl
, val
->v
.binary
.data
,
819 val
->v
.binary
.length
);
822 DEBUG(lvl
,("unsupported type: %d\n", val
->type
));
827 /****************************************************************
828 ****************************************************************/
830 void dump_reg_entry(uint32_t flags
,
832 struct gp_registry_entry
*entry
)
834 if (!(flags
& GPO_INFO_FLAG_VERBOSE
))
843 /****************************************************************
844 ****************************************************************/
846 void dump_reg_entries(uint32_t flags
,
848 struct gp_registry_entry
*entries
,
853 if (!(flags
& GPO_INFO_FLAG_VERBOSE
))
856 for (i
=0; i
< num_entries
; i
++) {
857 dump_reg_entry(flags
, dir
, &entries
[i
]);
861 /****************************************************************
862 ****************************************************************/
864 bool add_gp_registry_entry_to_array(TALLOC_CTX
*mem_ctx
,
865 struct gp_registry_entry
*entry
,
866 struct gp_registry_entry
**entries
,
869 *entries
= TALLOC_REALLOC_ARRAY(mem_ctx
, *entries
,
870 struct gp_registry_entry
,
873 if (*entries
== NULL
) {
878 (*entries
)[*num
].action
= entry
->action
;
879 (*entries
)[*num
].key
= entry
->key
;
880 (*entries
)[*num
].value
= entry
->value
;
881 (*entries
)[*num
].data
= entry
->data
;
887 /****************************************************************
888 ****************************************************************/
890 static const char *gp_reg_action_str(enum gp_reg_action action
)
893 case GP_REG_ACTION_NONE
:
894 return "GP_REG_ACTION_NONE";
895 case GP_REG_ACTION_ADD_VALUE
:
896 return "GP_REG_ACTION_ADD_VALUE";
897 case GP_REG_ACTION_ADD_KEY
:
898 return "GP_REG_ACTION_ADD_KEY";
899 case GP_REG_ACTION_DEL_VALUES
:
900 return "GP_REG_ACTION_DEL_VALUES";
901 case GP_REG_ACTION_DEL_VALUE
:
902 return "GP_REG_ACTION_DEL_VALUE";
903 case GP_REG_ACTION_DEL_ALL_VALUES
:
904 return "GP_REG_ACTION_DEL_ALL_VALUES";
905 case GP_REG_ACTION_DEL_KEYS
:
906 return "GP_REG_ACTION_DEL_KEYS";
907 case GP_REG_ACTION_SEC_KEY_SET
:
908 return "GP_REG_ACTION_SEC_KEY_SET";
909 case GP_REG_ACTION_SEC_KEY_RESET
:
910 return "GP_REG_ACTION_SEC_KEY_RESET";
916 /****************************************************************
917 ****************************************************************/
919 WERROR
reg_apply_registry_entry(TALLOC_CTX
*mem_ctx
,
920 struct registry_key
*root_key
,
921 struct gp_registry_context
*reg_ctx
,
922 struct gp_registry_entry
*entry
,
923 const struct nt_user_token
*token
,
927 struct registry_key
*key
= NULL
;
929 if (flags
& GPO_INFO_FLAG_VERBOSE
) {
930 printf("about to store key: [%s]\n", entry
->key
);
931 printf(" value: [%s]\n", entry
->value
);
932 printf(" data: [%s]\n", reg_type_lookup(entry
->data
->type
));
933 printf(" action: [%s]\n", gp_reg_action_str(entry
->action
));
936 werr
= gp_store_reg_subkey(mem_ctx
, entry
->key
,
938 /* reg_ctx->curr_key, &key); */
939 if (!W_ERROR_IS_OK(werr
)) {
940 DEBUG(0,("gp_store_reg_subkey failed: %s\n", dos_errstr(werr
)));
944 switch (entry
->action
) {
945 case GP_REG_ACTION_NONE
:
946 case GP_REG_ACTION_ADD_KEY
:
949 case GP_REG_ACTION_SEC_KEY_SET
:
950 werr
= gp_secure_key(mem_ctx
, flags
,
952 &token
->user_sids
[0]);
953 if (!W_ERROR_IS_OK(werr
)) {
954 DEBUG(0,("reg_apply_registry_entry: "
955 "gp_secure_key failed: %s\n",
960 case GP_REG_ACTION_ADD_VALUE
:
961 werr
= reg_setvalue(key
, entry
->value
, entry
->data
);
962 if (!W_ERROR_IS_OK(werr
)) {
963 DEBUG(0,("reg_apply_registry_entry: "
964 "reg_setvalue failed: %s\n",
966 dump_reg_entry(flags
, "STORE", entry
);
970 case GP_REG_ACTION_DEL_VALUE
:
971 werr
= reg_deletevalue(key
, entry
->value
);
972 if (!W_ERROR_IS_OK(werr
)) {
973 DEBUG(0,("reg_apply_registry_entry: "
974 "reg_deletevalue failed: %s\n",
976 dump_reg_entry(flags
, "STORE", entry
);
980 case GP_REG_ACTION_DEL_ALL_VALUES
:
981 werr
= reg_deleteallvalues(key
);
982 if (!W_ERROR_IS_OK(werr
)) {
983 DEBUG(0,("reg_apply_registry_entry: "
984 "reg_deleteallvalues failed: %s\n",
986 dump_reg_entry(flags
, "STORE", entry
);
990 case GP_REG_ACTION_DEL_VALUES
:
991 case GP_REG_ACTION_DEL_KEYS
:
992 case GP_REG_ACTION_SEC_KEY_RESET
:
993 DEBUG(0,("reg_apply_registry_entry: "
994 "not yet supported: %s (%d)\n",
995 gp_reg_action_str(entry
->action
),
997 return WERR_NOT_SUPPORTED
;
999 DEBUG(0,("invalid action: %d\n", entry
->action
));
1000 return WERR_INVALID_PARAM
;