source/libgpo/gpo_parse.c

   1 /*
   2  *  Unix SMB/CIFS implementation.
   3  *  Group Policy Object Support
   4  *  Copyright (C) Guenther Deschner 2005-2006
   5  *
   6  *  This program is free software; you can redistribute it and/or modify
   7  *  it under the terms of the GNU General Public License as published by
   8  *  the Free Software Foundation; either version 2 of the License, or
   9  *  (at your option) any later version.
  10  *
  11  *  This program is distributed in the hope that it will be useful,
  12  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14  *  GNU General Public License for more details.
  15  *
  16  *  You should have received a copy of the GNU General Public License
  17  *  along with this program; if not, write to the Free Software
  18  *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  19  */
  20
  21 #include "includes.h"
  22 #include "iniparser/src/iniparser.h"
  23
  24 /****************************************************************
  25  parse the local gpt.ini file
  26 ****************************************************************/
  27
  28 #define GPT_INI_SECTION_GENERAL "General"
  29 #define GPT_INI_PARAMETER_VERSION "Version"
  30 #define GPT_INI_PARAMETER_DISPLAYNAME "displayName"
  31
  32 NTSTATUS parse_gpt_ini(TALLOC_CTX *mem_ctx, const char *filename, uint32 *version, char **display_name)
  33 {
  34         NTSTATUS result;
  35         uint32 v;
  36         char *name = NULL;
  37         dictionary *d;
  38
  39         d = iniparser_load(filename);
  40         if (d == NULL) {
  41                 return NT_STATUS_NO_SUCH_FILE;
  42         }
  43
  44         if ((name = iniparser_getstring(d, GPT_INI_SECTION_GENERAL
  45                         ":"GPT_INI_PARAMETER_DISPLAYNAME, NULL)) == NULL) {
  46                 /* the default domain policy and the default domain controller
  47                  * policy never have a displayname in their gpt.ini file */
  48                 DEBUG(10,("parse_gpt_ini: no name in %s\n", filename));
  49         }
  50
  51         if (name && display_name) {
  52                 *display_name = talloc_strdup(mem_ctx, name);
  53                 if (*display_name == NULL) {
  54                         result = NT_STATUS_NO_MEMORY;
  55                         goto out;
  56                 }
  57         }
  58
  59         if ((v = iniparser_getint(d, GPT_INI_SECTION_GENERAL
  60                         ":"GPT_INI_PARAMETER_VERSION, Undefined)) == Undefined) {
  61                 DEBUG(10,("parse_gpt_ini: no version\n"));
  62                 result = NT_STATUS_INTERNAL_DB_CORRUPTION;
  63                 goto out;
  64         }
  65
  66         if (version) {
  67                 *version = v;
  68         }
  69
  70         result = NT_STATUS_OK;
  71  out:
  72         if (d) {
  73                 iniparser_freedict(d);
  74         }
  75
  76         return result;
  77 }
  78
  79 #if 0 /* not yet */
  80
  81 /****************************************************************
  82  parse the Version section from gpttmpl file
  83 ****************************************************************/
  84
  85 #define GPTTMPL_SECTION_VERSION "Version"
  86 #define GPTTMPL_PARAMETER_REVISION "Revision"
  87 #define GPTTMPL_PARAMETER_SIGNATURE "signature"
  88 #define GPTTMPL_CHICAGO "$CHICAGO$" /* whatever this is good for... */
  89 #define GPTTMPL_SECTION_UNICODE "Unicode"
  90 #define GPTTMPL_PARAMETER_UNICODE "Unicode"
  91
  92 static NTSTATUS parse_gpttmpl(dictionary *d, uint32 *version_out)
  93 {
  94         const char *signature = NULL;
  95         uint32 version;
  96
  97         if ((signature = iniparser_getstring(d, GPTTMPL_SECTION_VERSION
  98                         ":"GPTTMPL_PARAMETER_SIGNATURE, NULL)) == NULL) {
  99                 return NT_STATUS_INTERNAL_DB_CORRUPTION;
 100         }
 101
 102         if (!strequal(signature, GPTTMPL_CHICAGO)) {
 103                 return NT_STATUS_INTERNAL_DB_CORRUPTION;
 104         }
 105
 106         if ((version = iniparser_getint(d, GPTTMPL_SECTION_VERSION
 107                         ":"GPTTMPL_PARAMETER_REVISION, Undefined)) == Undefined) {
 108                 return NT_STATUS_INTERNAL_DB_CORRUPTION;
 109         }
 110
 111         if (version_out) {
 112                 *version_out = version;
 113         }
 114
 115         /* treat that as boolean */
 116         if ((!iniparser_getboolean(d, GPTTMPL_SECTION_UNICODE
 117                         ":"GPTTMPL_PARAMETER_UNICODE, Undefined)) == Undefined) {
 118                 return NT_STATUS_INTERNAL_DB_CORRUPTION;
 119         }
 120
 121         return NT_STATUS_OK;
 122 }
 123
 124 /****************************************************************
 125  parse the "System Access" section from gpttmpl file
 126 ****************************************************************/
 127
 128 #define GPTTMPL_SECTION_SYSTEM_ACCESS "System Access"
 129 #define GPTTMPL_PARAMETER_MINPWDAGE "MinimumPasswordAge"
 130 #define GPTTMPL_PARAMETER_MAXPWDAGE "MaximumPasswordAge"
 131 #define GPTTMPL_PARAMETER_MINPWDLEN "MinimumPasswordLength"
 132 #define GPTTMPL_PARAMETER_PWDCOMPLEX "PasswordComplexity"
 133 #define GPTTMPL_PARAMETER_PWDHISTORY "PasswordHistorySize"
 134 #define GPTTMPL_PARAMETER_LOCKOUTCOUNT "LockoutBadCount"
 135
 136 static NTSTATUS parse_gpttmpl_system_access(const char *filename)
 137 {
 138         NTSTATUS status;
 139         dictionary *d = NULL;
 140         uint32 pwd_min_age, pwd_max_age, pwd_min_len, pwd_history;
 141         uint32 lockout_count;
 142         BOOL pwd_complex;
 143         uint32 version;
 144
 145         d = iniparser_load(filename);
 146         if (d == NULL) {
 147                 return NT_STATUS_NO_SUCH_FILE;
 148         }
 149
 150         status = parse_gpttmpl(d, &version);
 151         if (!NT_STATUS_IS_OK(status)) {
 152                 goto out;
 153         }
 154
 155         status = NT_STATUS_INVALID_PARAMETER;
 156
 157         if ((pwd_min_age = iniparser_getint(d, GPTTMPL_SECTION_SYSTEM_ACCESS
 158                         ":"GPTTMPL_PARAMETER_MINPWDAGE, Undefined)) == Undefined) {
 159                 goto out;
 160         }
 161
 162         if ((pwd_max_age = iniparser_getint(d, GPTTMPL_SECTION_SYSTEM_ACCESS
 163                         ":"GPTTMPL_PARAMETER_MINPWDAGE, Undefined)) == Undefined) {
 164                 goto out;
 165         }
 166
 167         if ((pwd_min_len = iniparser_getint(d, GPTTMPL_SECTION_SYSTEM_ACCESS
 168                         ":"GPTTMPL_PARAMETER_MINPWDLEN, Undefined)) == Undefined) {
 169                 goto out;
 170         }
 171
 172         if ((pwd_complex = iniparser_getboolean(d, GPTTMPL_SECTION_SYSTEM_ACCESS
 173                         ":"GPTTMPL_PARAMETER_PWDCOMPLEX, Undefined)) == Undefined) {
 174                 goto out;
 175         }
 176
 177         if ((pwd_history = iniparser_getint(d, GPTTMPL_SECTION_SYSTEM_ACCESS
 178                         ":"GPTTMPL_PARAMETER_PWDHISTORY, Undefined)) == Undefined) {
 179                 goto out;
 180         }
 181
 182         if ((lockout_count = iniparser_getint(d, GPTTMPL_SECTION_SYSTEM_ACCESS
 183                         ":"GPTTMPL_PARAMETER_LOCKOUTCOUNT, Undefined)) == Undefined) {
 184                 goto out;
 185         }
 186
 187         /* TODO ?
 188         RequireLogonToChangePassword = 0
 189         ForceLogoffWhenHourExpire = 0
 190         ClearTextPassword = 0
 191         */
 192
 193         status = NT_STATUS_OK;
 194
 195  out:
 196         if (d) {
 197                 iniparser_freedict(d);
 198         }
 199
 200         return status;
 201 }
 202
 203 /****************************************************************
 204  parse the "Kerberos Policy" section from gpttmpl file
 205 ****************************************************************/
 206
 207 #define GPTTMPL_SECTION_KERBEROS_POLICY "Kerberos Policy"
 208 #define GPTTMPL_PARAMETER_MAXTKTAGE "MaxTicketAge"
 209 #define GPTTMPL_PARAMETER_MAXRENEWAGE "MaxRenewAge"
 210 #define GPTTMPL_PARAMETER_MAXTGSAGE "MaxServiceAge"
 211 #define GPTTMPL_PARAMETER_MAXCLOCKSKEW "MaxClockSkew"
 212 #define GPTTMPL_PARAMETER_TKTVALIDATECLIENT "TicketValidateClient"
 213
 214 static NTSTATUS parse_gpttmpl_kerberos_policy(const char *filename)
 215 {
 216         NTSTATUS status;
 217         dictionary *d = NULL;
 218         uint32 tkt_max_age, tkt_max_renew, tgs_max_age, max_clock_skew;
 219         BOOL tkt_validate;
 220         uint32 version;
 221
 222         d = iniparser_load(filename);
 223         if (d == NULL) {
 224                 return NT_STATUS_NO_SUCH_FILE;
 225         }
 226
 227         status = parse_gpttmpl(d, &version);
 228         if (!NT_STATUS_IS_OK(status)) {
 229                 goto out;
 230         }
 231
 232         status = NT_STATUS_INVALID_PARAMETER;
 233
 234         if ((tkt_max_age = iniparser_getint(d, GPTTMPL_SECTION_KERBEROS_POLICY
 235                         ":"GPTTMPL_PARAMETER_MAXTKTAGE, Undefined)) != Undefined) {
 236                 goto out;
 237         }
 238
 239         if ((tkt_max_renew = iniparser_getint(d, GPTTMPL_SECTION_KERBEROS_POLICY
 240                         ":"GPTTMPL_PARAMETER_MAXRENEWAGE, Undefined)) != Undefined) {
 241                 goto out;
 242         }
 243
 244         if ((tgs_max_age = iniparser_getint(d, GPTTMPL_SECTION_KERBEROS_POLICY
 245                         ":"GPTTMPL_PARAMETER_MAXTGSAGE, Undefined)) != Undefined) {
 246                 goto out;
 247         }
 248
 249         if ((max_clock_skew = iniparser_getint(d, GPTTMPL_SECTION_KERBEROS_POLICY
 250                         ":"GPTTMPL_PARAMETER_MAXCLOCKSKEW, Undefined)) != Undefined) {
 251                 goto out;
 252         }
 253
 254         if ((tkt_validate = iniparser_getboolean(d, GPTTMPL_SECTION_KERBEROS_POLICY
 255                         ":"GPTTMPL_PARAMETER_TKTVALIDATECLIENT, Undefined)) != Undefined) {
 256                 goto out;
 257         }
 258
 259         status = NT_STATUS_OK;
 260
 261  out:
 262         if (d) {
 263                 iniparser_freedict(d);
 264         }
 265
 266         return status;
 267 }
 268
 269 #endif
 270
 271 /*
 272
 273 perfectly parseable with iniparser:
 274
 275 {GUID}/Machine/Microsoft/Windows NT/SecEdit/GptTmpl.inf
 276
 277
 278 [Unicode]
 279 Unicode=yes
 280 [System Access]
 281 MinimumPasswordAge = 1
 282 MaximumPasswordAge = 42
 283 MinimumPasswordLength = 7
 284 PasswordComplexity = 1
 285 PasswordHistorySize = 24
 286 LockoutBadCount = 0
 287 RequireLogonToChangePassword = 0
 288 ForceLogoffWhenHourExpire = 0
 289 ClearTextPassword = 0
 290 [Kerberos Policy]
 291 MaxTicketAge = 10
 292 MaxRenewAge = 7
 293 MaxServiceAge = 600
 294 MaxClockSkew = 5
 295 TicketValidateClient = 1
 296 [Version]
 297 signature="$CHICAGO$"
 298 Revision=1
 299 */