2 * Unix SMB/CIFS implementation.
3 * Group Policy Object Support
4 * Copyright (C) Guenther Deschner 2007-2008
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, see <http://www.gnu.org/licenses/>.
21 #include "../libgpo/gpo.h"
22 #include "libgpo/gpo_proto.h"
24 #include "registry/reg_backend_db.h"
27 /****************************************************************
28 ****************************************************************/
30 struct nt_user_token
*registry_create_system_token(TALLOC_CTX
*mem_ctx
)
32 struct nt_user_token
*token
= NULL
;
34 token
= TALLOC_ZERO_P(mem_ctx
, struct nt_user_token
);
36 DEBUG(1,("talloc failed\n"));
40 token
->privileges
= se_priv_all
;
42 if (!NT_STATUS_IS_OK(add_sid_to_array(token
, &global_sid_System
,
43 &token
->user_sids
, &token
->num_sids
))) {
44 DEBUG(1,("Error adding nt-authority system sid to token\n"));
51 /****************************************************************
52 ****************************************************************/
54 WERROR
gp_init_reg_ctx(TALLOC_CTX
*mem_ctx
,
55 const char *initial_path
,
56 uint32_t desired_access
,
57 const struct nt_user_token
*token
,
58 struct gp_registry_context
**reg_ctx
)
60 struct gp_registry_context
*tmp_ctx
;
64 return WERR_INVALID_PARAM
;
67 werr
= registry_init_basic();
68 if (!W_ERROR_IS_OK(werr
)) {
72 tmp_ctx
= TALLOC_ZERO_P(mem_ctx
, struct gp_registry_context
);
73 W_ERROR_HAVE_NO_MEMORY(tmp_ctx
);
76 tmp_ctx
->token
= token
;
78 tmp_ctx
->token
= registry_create_system_token(mem_ctx
);
80 if (!tmp_ctx
->token
) {
86 if (!W_ERROR_IS_OK(werr
)) {
91 tmp_ctx
->path
= talloc_strdup(mem_ctx
, initial_path
);
97 werr
= reg_open_path(mem_ctx
, tmp_ctx
->path
, desired_access
,
98 tmp_ctx
->token
, &tmp_ctx
->curr_key
);
99 if (!W_ERROR_IS_OK(werr
)) {
100 TALLOC_FREE(tmp_ctx
);
110 /****************************************************************
111 ****************************************************************/
113 void gp_free_reg_ctx(struct gp_registry_context
*reg_ctx
)
115 TALLOC_FREE(reg_ctx
);
118 /****************************************************************
119 ****************************************************************/
121 WERROR
gp_store_reg_subkey(TALLOC_CTX
*mem_ctx
,
122 const char *subkeyname
,
123 struct registry_key
*curr_key
,
124 struct registry_key
**new_key
)
126 enum winreg_CreateAction action
= REG_ACTION_NONE
;
129 werr
= reg_createkey(mem_ctx
, curr_key
, subkeyname
,
130 REG_KEY_WRITE
, new_key
, &action
);
131 if (W_ERROR_IS_OK(werr
) && (action
!= REG_CREATED_NEW_KEY
)) {
138 /****************************************************************
139 ****************************************************************/
141 WERROR
gp_read_reg_subkey(TALLOC_CTX
*mem_ctx
,
142 struct gp_registry_context
*reg_ctx
,
143 const char *subkeyname
,
144 struct registry_key
**key
)
146 const char *tmp
= NULL
;
148 if (!reg_ctx
|| !subkeyname
|| !key
) {
149 return WERR_INVALID_PARAM
;
152 tmp
= talloc_asprintf(mem_ctx
, "%s\\%s", reg_ctx
->path
, subkeyname
);
153 W_ERROR_HAVE_NO_MEMORY(tmp
);
155 return reg_open_path(mem_ctx
, tmp
, REG_KEY_READ
,
156 reg_ctx
->token
, key
);
159 /****************************************************************
160 ****************************************************************/
162 WERROR
gp_store_reg_val_sz(TALLOC_CTX
*mem_ctx
,
163 struct registry_key
*key
,
164 const char *val_name
,
167 struct registry_value reg_val
;
168 ZERO_STRUCT(reg_val
);
171 val
= val
? val
: " ";
173 reg_val
.type
= REG_SZ
;
174 reg_val
.v
.sz
.len
= strlen(val
);
175 reg_val
.v
.sz
.str
= talloc_strdup(mem_ctx
, val
);
176 W_ERROR_HAVE_NO_MEMORY(reg_val
.v
.sz
.str
);
178 return reg_setvalue(key
, val_name
, ®_val
);
181 /****************************************************************
182 ****************************************************************/
184 static WERROR
gp_store_reg_val_dword(TALLOC_CTX
*mem_ctx
,
185 struct registry_key
*key
,
186 const char *val_name
,
189 struct registry_value reg_val
;
190 ZERO_STRUCT(reg_val
);
192 reg_val
.type
= REG_DWORD
;
193 reg_val
.v
.dword
= val
;
195 return reg_setvalue(key
, val_name
, ®_val
);
198 /****************************************************************
199 ****************************************************************/
201 WERROR
gp_read_reg_val_sz(TALLOC_CTX
*mem_ctx
,
202 struct registry_key
*key
,
203 const char *val_name
,
207 struct registry_value
*reg_val
= NULL
;
209 werr
= reg_queryvalue(mem_ctx
, key
, val_name
, ®_val
);
210 W_ERROR_NOT_OK_RETURN(werr
);
212 if (reg_val
->type
!= REG_SZ
) {
213 return WERR_INVALID_DATATYPE
;
216 *val
= talloc_strdup(mem_ctx
, reg_val
->v
.sz
.str
);
217 W_ERROR_HAVE_NO_MEMORY(*val
);
222 /****************************************************************
223 ****************************************************************/
225 static WERROR
gp_read_reg_val_dword(TALLOC_CTX
*mem_ctx
,
226 struct registry_key
*key
,
227 const char *val_name
,
231 struct registry_value
*reg_val
= NULL
;
233 werr
= reg_queryvalue(mem_ctx
, key
, val_name
, ®_val
);
234 W_ERROR_NOT_OK_RETURN(werr
);
236 if (reg_val
->type
!= REG_DWORD
) {
237 return WERR_INVALID_DATATYPE
;
240 *val
= reg_val
->v
.dword
;
245 /****************************************************************
246 ****************************************************************/
248 static WERROR
gp_store_reg_gpovals(TALLOC_CTX
*mem_ctx
,
249 struct registry_key
*key
,
250 struct GROUP_POLICY_OBJECT
*gpo
)
255 return WERR_INVALID_PARAM
;
258 werr
= gp_store_reg_val_dword(mem_ctx
, key
, "Version",
260 W_ERROR_NOT_OK_RETURN(werr
);
262 werr
= gp_store_reg_val_dword(mem_ctx
, key
, "WQLFilterPass",
264 W_ERROR_NOT_OK_RETURN(werr
);
266 werr
= gp_store_reg_val_dword(mem_ctx
, key
, "AccessDenied",
268 W_ERROR_NOT_OK_RETURN(werr
);
270 werr
= gp_store_reg_val_dword(mem_ctx
, key
, "GPO-Disabled",
271 (gpo
->options
& GPO_FLAG_DISABLE
));
272 W_ERROR_NOT_OK_RETURN(werr
);
274 werr
= gp_store_reg_val_dword(mem_ctx
, key
, "Options",
276 W_ERROR_NOT_OK_RETURN(werr
);
278 werr
= gp_store_reg_val_sz(mem_ctx
, key
, "GPOID",
280 W_ERROR_NOT_OK_RETURN(werr
);
282 werr
= gp_store_reg_val_sz(mem_ctx
, key
, "SOM",
284 W_ERROR_NOT_OK_RETURN(werr
);
286 werr
= gp_store_reg_val_sz(mem_ctx
, key
, "DisplayName",
288 W_ERROR_NOT_OK_RETURN(werr
);
290 werr
= gp_store_reg_val_sz(mem_ctx
, key
, "WQL-Id",
292 W_ERROR_NOT_OK_RETURN(werr
);
297 /****************************************************************
298 ****************************************************************/
300 static const char *gp_reg_groupmembership_path(TALLOC_CTX
*mem_ctx
,
301 const struct dom_sid
*sid
,
304 if (flags
& GPO_LIST_FLAG_MACHINE
) {
305 return "GroupMembership";
308 return talloc_asprintf(mem_ctx
, "%s\\%s", sid_string_tos(sid
),
312 /****************************************************************
313 ****************************************************************/
315 static WERROR
gp_reg_del_groupmembership(TALLOC_CTX
*mem_ctx
,
316 struct registry_key
*key
,
317 const struct nt_user_token
*token
,
320 const char *path
= NULL
;
322 path
= gp_reg_groupmembership_path(mem_ctx
, &token
->user_sids
[0],
324 W_ERROR_HAVE_NO_MEMORY(path
);
326 return reg_deletekey_recursive(mem_ctx
, key
, path
);
330 /****************************************************************
331 ****************************************************************/
333 static WERROR
gp_reg_store_groupmembership(TALLOC_CTX
*mem_ctx
,
334 struct gp_registry_context
*reg_ctx
,
335 const struct nt_user_token
*token
,
338 struct registry_key
*key
= NULL
;
341 const char *valname
= NULL
;
342 const char *path
= NULL
;
343 const char *val
= NULL
;
346 path
= gp_reg_groupmembership_path(mem_ctx
, &token
->user_sids
[0],
348 W_ERROR_HAVE_NO_MEMORY(path
);
350 gp_reg_del_groupmembership(mem_ctx
, reg_ctx
->curr_key
, token
, flags
);
352 werr
= gp_store_reg_subkey(mem_ctx
, path
,
353 reg_ctx
->curr_key
, &key
);
354 W_ERROR_NOT_OK_RETURN(werr
);
356 for (i
=0; i
<token
->num_sids
; i
++) {
358 valname
= talloc_asprintf(mem_ctx
, "Group%d", count
++);
359 W_ERROR_HAVE_NO_MEMORY(valname
);
361 val
= sid_string_talloc(mem_ctx
, &token
->user_sids
[i
]);
362 W_ERROR_HAVE_NO_MEMORY(val
);
363 werr
= gp_store_reg_val_sz(mem_ctx
, key
, valname
, val
);
364 W_ERROR_NOT_OK_RETURN(werr
);
367 werr
= gp_store_reg_val_dword(mem_ctx
, key
, "Count", count
);
368 W_ERROR_NOT_OK_RETURN(werr
);
373 /****************************************************************
374 ****************************************************************/
377 static WERROR
gp_reg_read_groupmembership(TALLOC_CTX
*mem_ctx
,
378 struct gp_registry_context
*reg_ctx
,
379 const struct dom_sid
*object_sid
,
380 struct nt_user_token
**token
,
383 struct registry_key
*key
= NULL
;
386 const char *valname
= NULL
;
387 const char *val
= NULL
;
388 const char *path
= NULL
;
390 int num_token_sids
= 0;
391 struct nt_user_token
*tmp_token
= NULL
;
393 tmp_token
= TALLOC_ZERO_P(mem_ctx
, struct nt_user_token
);
394 W_ERROR_HAVE_NO_MEMORY(tmp_token
);
396 path
= gp_reg_groupmembership_path(mem_ctx
, object_sid
, flags
);
397 W_ERROR_HAVE_NO_MEMORY(path
);
399 werr
= gp_read_reg_subkey(mem_ctx
, reg_ctx
, path
, &key
);
400 W_ERROR_NOT_OK_RETURN(werr
);
402 werr
= gp_read_reg_val_dword(mem_ctx
, key
, "Count", &count
);
403 W_ERROR_NOT_OK_RETURN(werr
);
405 for (i
=0; i
<count
; i
++) {
407 valname
= talloc_asprintf(mem_ctx
, "Group%d", i
);
408 W_ERROR_HAVE_NO_MEMORY(valname
);
410 werr
= gp_read_reg_val_sz(mem_ctx
, key
, valname
, &val
);
411 W_ERROR_NOT_OK_RETURN(werr
);
413 if (!string_to_sid(&tmp_token
->user_sids
[num_token_sids
++],
415 return WERR_INSUFFICIENT_BUFFER
;
419 tmp_token
->num_sids
= num_token_sids
;
426 /****************************************************************
427 ****************************************************************/
429 static const char *gp_req_state_path(TALLOC_CTX
*mem_ctx
,
430 const struct dom_sid
*sid
,
433 if (flags
& GPO_LIST_FLAG_MACHINE
) {
434 return GPO_REG_STATE_MACHINE
;
437 return talloc_asprintf(mem_ctx
, "%s\\%s", "State", sid_string_tos(sid
));
440 /****************************************************************
441 ****************************************************************/
443 static WERROR
gp_del_reg_state(TALLOC_CTX
*mem_ctx
,
444 struct registry_key
*key
,
447 return reg_deletesubkeys_recursive(mem_ctx
, key
, path
);
450 /****************************************************************
451 ****************************************************************/
453 WERROR
gp_reg_state_store(TALLOC_CTX
*mem_ctx
,
456 const struct nt_user_token
*token
,
457 struct GROUP_POLICY_OBJECT
*gpo_list
)
459 struct gp_registry_context
*reg_ctx
= NULL
;
460 WERROR werr
= WERR_GENERAL_FAILURE
;
461 const char *subkeyname
= NULL
;
462 struct GROUP_POLICY_OBJECT
*gpo
;
464 struct registry_key
*key
;
466 werr
= gp_init_reg_ctx(mem_ctx
, KEY_GROUP_POLICY
, REG_KEY_WRITE
,
468 W_ERROR_NOT_OK_RETURN(werr
);
470 werr
= gp_secure_key(mem_ctx
, flags
, reg_ctx
->curr_key
,
471 &token
->user_sids
[0]);
472 if (!W_ERROR_IS_OK(werr
)) {
473 DEBUG(0,("failed to secure key: %s\n", win_errstr(werr
)));
477 werr
= gp_reg_store_groupmembership(mem_ctx
, reg_ctx
, token
, flags
);
478 if (!W_ERROR_IS_OK(werr
)) {
479 DEBUG(0,("failed to store group membership: %s\n", win_errstr(werr
)));
483 subkeyname
= gp_req_state_path(mem_ctx
, &token
->user_sids
[0], flags
);
489 werr
= gp_del_reg_state(mem_ctx
, reg_ctx
->curr_key
, subkeyname
);
490 if (!W_ERROR_IS_OK(werr
)) {
491 DEBUG(0,("failed to delete old state: %s\n", win_errstr(werr
)));
495 werr
= gp_store_reg_subkey(mem_ctx
, subkeyname
,
496 reg_ctx
->curr_key
, ®_ctx
->curr_key
);
497 if (!W_ERROR_IS_OK(werr
)) {
501 werr
= gp_store_reg_val_sz(mem_ctx
, reg_ctx
->curr_key
,
502 "Distinguished-Name", dn
);
503 if (!W_ERROR_IS_OK(werr
)) {
507 /* store link list */
509 werr
= gp_store_reg_subkey(mem_ctx
, "GPLink-List",
510 reg_ctx
->curr_key
, &key
);
511 if (!W_ERROR_IS_OK(werr
)) {
517 werr
= gp_store_reg_subkey(mem_ctx
, "GPO-List",
518 reg_ctx
->curr_key
, ®_ctx
->curr_key
);
519 if (!W_ERROR_IS_OK(werr
)) {
523 for (gpo
= gpo_list
; gpo
; gpo
= gpo
->next
) {
525 subkeyname
= talloc_asprintf(mem_ctx
, "%d", count
++);
531 werr
= gp_store_reg_subkey(mem_ctx
, subkeyname
,
532 reg_ctx
->curr_key
, &key
);
533 if (!W_ERROR_IS_OK(werr
)) {
537 werr
= gp_store_reg_gpovals(mem_ctx
, key
, gpo
);
538 if (!W_ERROR_IS_OK(werr
)) {
539 DEBUG(0,("gp_reg_state_store: "
540 "gpo_store_reg_gpovals failed for %s: %s\n",
541 gpo
->display_name
, win_errstr(werr
)));
546 gp_free_reg_ctx(reg_ctx
);
550 /****************************************************************
551 ****************************************************************/
553 static WERROR
gp_read_reg_gpovals(TALLOC_CTX
*mem_ctx
,
554 struct registry_key
*key
,
555 struct GROUP_POLICY_OBJECT
*gpo
)
560 return WERR_INVALID_PARAM
;
563 werr
= gp_read_reg_val_dword(mem_ctx
, key
, "Version",
565 W_ERROR_NOT_OK_RETURN(werr
);
567 werr
= gp_read_reg_val_dword(mem_ctx
, key
, "Options",
569 W_ERROR_NOT_OK_RETURN(werr
);
571 werr
= gp_read_reg_val_sz(mem_ctx
, key
, "GPOID",
573 W_ERROR_NOT_OK_RETURN(werr
);
575 werr
= gp_read_reg_val_sz(mem_ctx
, key
, "SOM",
577 W_ERROR_NOT_OK_RETURN(werr
);
579 werr
= gp_read_reg_val_sz(mem_ctx
, key
, "DisplayName",
581 W_ERROR_NOT_OK_RETURN(werr
);
586 /****************************************************************
587 ****************************************************************/
589 static WERROR
gp_read_reg_gpo(TALLOC_CTX
*mem_ctx
,
590 struct registry_key
*key
,
591 struct GROUP_POLICY_OBJECT
**gpo_ret
)
593 struct GROUP_POLICY_OBJECT
*gpo
= NULL
;
596 if (!gpo_ret
|| !key
) {
597 return WERR_INVALID_PARAM
;
600 gpo
= TALLOC_ZERO_P(mem_ctx
, struct GROUP_POLICY_OBJECT
);
601 W_ERROR_HAVE_NO_MEMORY(gpo
);
603 werr
= gp_read_reg_gpovals(mem_ctx
, key
, gpo
);
604 W_ERROR_NOT_OK_RETURN(werr
);
611 /****************************************************************
612 ****************************************************************/
614 WERROR
gp_reg_state_read(TALLOC_CTX
*mem_ctx
,
616 const struct dom_sid
*sid
,
617 struct GROUP_POLICY_OBJECT
**gpo_list
)
619 struct gp_registry_context
*reg_ctx
= NULL
;
620 WERROR werr
= WERR_GENERAL_FAILURE
;
621 const char *subkeyname
= NULL
;
622 struct GROUP_POLICY_OBJECT
*gpo
= NULL
;
624 struct registry_key
*key
= NULL
;
625 const char *path
= NULL
;
626 const char *gp_state_path
= NULL
;
629 return WERR_INVALID_PARAM
;
632 ZERO_STRUCTP(gpo_list
);
634 gp_state_path
= gp_req_state_path(mem_ctx
, sid
, flags
);
635 if (!gp_state_path
) {
640 path
= talloc_asprintf(mem_ctx
, "%s\\%s\\%s",
649 werr
= gp_init_reg_ctx(mem_ctx
, path
, REG_KEY_READ
, NULL
, ®_ctx
);
650 if (!W_ERROR_IS_OK(werr
)) {
656 subkeyname
= talloc_asprintf(mem_ctx
, "%d", count
++);
662 werr
= gp_read_reg_subkey(mem_ctx
, reg_ctx
, subkeyname
, &key
);
663 if (W_ERROR_EQUAL(werr
, WERR_BADFILE
)) {
667 if (!W_ERROR_IS_OK(werr
)) {
668 DEBUG(0,("gp_reg_state_read: "
669 "gp_read_reg_subkey gave: %s\n",
674 werr
= gp_read_reg_gpo(mem_ctx
, key
, &gpo
);
675 if (!W_ERROR_IS_OK(werr
)) {
679 DLIST_ADD(*gpo_list
, gpo
);
683 gp_free_reg_ctx(reg_ctx
);
687 /****************************************************************
688 ****************************************************************/
690 static WERROR
gp_reg_generate_sd(TALLOC_CTX
*mem_ctx
,
691 const struct dom_sid
*sid
,
692 struct security_descriptor
**sd
,
695 struct security_ace ace
[6];
698 struct security_acl
*theacl
= NULL
;
700 uint8_t inherit_flags
;
703 init_sec_ace(&ace
[0],
705 SEC_ACE_TYPE_ACCESS_ALLOWED
,
709 init_sec_ace(&ace
[1],
710 &global_sid_Builtin_Administrators
,
711 SEC_ACE_TYPE_ACCESS_ALLOWED
,
715 init_sec_ace(&ace
[2],
716 sid
? sid
: &global_sid_Authenticated_Users
,
717 SEC_ACE_TYPE_ACCESS_ALLOWED
,
720 inherit_flags
= SEC_ACE_FLAG_OBJECT_INHERIT
|
721 SEC_ACE_FLAG_CONTAINER_INHERIT
|
722 SEC_ACE_FLAG_INHERIT_ONLY
;
725 init_sec_ace(&ace
[3],
727 SEC_ACE_TYPE_ACCESS_ALLOWED
,
728 mask
, inherit_flags
);
731 init_sec_ace(&ace
[4],
732 &global_sid_Builtin_Administrators
,
733 SEC_ACE_TYPE_ACCESS_ALLOWED
,
734 mask
, inherit_flags
);
737 init_sec_ace(&ace
[5],
738 sid
? sid
: &global_sid_Authenticated_Users
,
739 SEC_ACE_TYPE_ACCESS_ALLOWED
,
740 mask
, inherit_flags
);
742 theacl
= make_sec_acl(mem_ctx
, NT4_ACL_REVISION
, 6, ace
);
743 W_ERROR_HAVE_NO_MEMORY(theacl
);
745 *sd
= make_sec_desc(mem_ctx
, SD_REVISION
,
746 SEC_DESC_SELF_RELATIVE
|
747 SEC_DESC_DACL_AUTO_INHERITED
| /* really ? */
748 SEC_DESC_DACL_AUTO_INHERIT_REQ
, /* really ? */
751 W_ERROR_HAVE_NO_MEMORY(*sd
);
756 /****************************************************************
757 ****************************************************************/
759 WERROR
gp_secure_key(TALLOC_CTX
*mem_ctx
,
761 struct registry_key
*key
,
762 const struct dom_sid
*sid
)
764 struct security_descriptor
*sd
= NULL
;
766 const struct dom_sid
*sd_sid
= NULL
;
769 if (!(flags
& GPO_LIST_FLAG_MACHINE
)) {
773 werr
= gp_reg_generate_sd(mem_ctx
, sd_sid
, &sd
, &sd_size
);
774 W_ERROR_NOT_OK_RETURN(werr
);
776 return reg_setkeysecurity(key
, sd
);
779 /****************************************************************
780 ****************************************************************/
782 void dump_reg_val(int lvl
, const char *direction
,
783 const char *key
, const char *subkey
,
784 struct registry_value
*val
)
787 const char *type_str
= NULL
;
790 DEBUG(lvl
,("no val!\n"));
794 type_str
= str_regtype(val
->type
);
796 DEBUG(lvl
,("\tdump_reg_val:\t%s '%s'\n\t\t\t'%s' %s: ",
797 direction
, key
, subkey
, type_str
));
801 DEBUG(lvl
,("%d (0x%08x)\n",
802 (int)val
->v
.dword
, val
->v
.dword
));
805 DEBUG(lvl
,("%d (0x%016llx)\n",
807 (unsigned long long)val
->v
.qword
));
810 DEBUG(lvl
,("%s (length: %d)\n",
812 (int)val
->v
.sz
.len
));
815 DEBUG(lvl
,("(num_strings: %d)\n",
816 val
->v
.multi_sz
.num_strings
));
817 for (i
=0; i
< val
->v
.multi_sz
.num_strings
; i
++) {
818 DEBUGADD(lvl
,("\t%s\n",
819 val
->v
.multi_sz
.strings
[i
]));
826 dump_data(lvl
, val
->v
.binary
.data
,
827 val
->v
.binary
.length
);
830 DEBUG(lvl
,("unsupported type: %d\n", val
->type
));
835 /****************************************************************
836 ****************************************************************/
838 void dump_reg_entry(uint32_t flags
,
840 struct gp_registry_entry
*entry
)
842 if (!(flags
& GPO_INFO_FLAG_VERBOSE
))
851 /****************************************************************
852 ****************************************************************/
854 void dump_reg_entries(uint32_t flags
,
856 struct gp_registry_entry
*entries
,
861 if (!(flags
& GPO_INFO_FLAG_VERBOSE
))
864 for (i
=0; i
< num_entries
; i
++) {
865 dump_reg_entry(flags
, dir
, &entries
[i
]);
869 /****************************************************************
870 ****************************************************************/
872 bool add_gp_registry_entry_to_array(TALLOC_CTX
*mem_ctx
,
873 struct gp_registry_entry
*entry
,
874 struct gp_registry_entry
**entries
,
877 *entries
= TALLOC_REALLOC_ARRAY(mem_ctx
, *entries
,
878 struct gp_registry_entry
,
881 if (*entries
== NULL
) {
886 (*entries
)[*num
].action
= entry
->action
;
887 (*entries
)[*num
].key
= entry
->key
;
888 (*entries
)[*num
].value
= entry
->value
;
889 (*entries
)[*num
].data
= entry
->data
;
895 /****************************************************************
896 ****************************************************************/
898 static const char *gp_reg_action_str(enum gp_reg_action action
)
901 case GP_REG_ACTION_NONE
:
902 return "GP_REG_ACTION_NONE";
903 case GP_REG_ACTION_ADD_VALUE
:
904 return "GP_REG_ACTION_ADD_VALUE";
905 case GP_REG_ACTION_ADD_KEY
:
906 return "GP_REG_ACTION_ADD_KEY";
907 case GP_REG_ACTION_DEL_VALUES
:
908 return "GP_REG_ACTION_DEL_VALUES";
909 case GP_REG_ACTION_DEL_VALUE
:
910 return "GP_REG_ACTION_DEL_VALUE";
911 case GP_REG_ACTION_DEL_ALL_VALUES
:
912 return "GP_REG_ACTION_DEL_ALL_VALUES";
913 case GP_REG_ACTION_DEL_KEYS
:
914 return "GP_REG_ACTION_DEL_KEYS";
915 case GP_REG_ACTION_SEC_KEY_SET
:
916 return "GP_REG_ACTION_SEC_KEY_SET";
917 case GP_REG_ACTION_SEC_KEY_RESET
:
918 return "GP_REG_ACTION_SEC_KEY_RESET";
924 /****************************************************************
925 ****************************************************************/
927 WERROR
reg_apply_registry_entry(TALLOC_CTX
*mem_ctx
,
928 struct registry_key
*root_key
,
929 struct gp_registry_context
*reg_ctx
,
930 struct gp_registry_entry
*entry
,
931 const struct nt_user_token
*token
,
935 struct registry_key
*key
= NULL
;
937 if (flags
& GPO_INFO_FLAG_VERBOSE
) {
938 printf("about to store key: [%s]\n", entry
->key
);
939 printf(" value: [%s]\n", entry
->value
);
940 printf(" data: [%s]\n", str_regtype(entry
->data
->type
));
941 printf(" action: [%s]\n", gp_reg_action_str(entry
->action
));
944 werr
= gp_store_reg_subkey(mem_ctx
, entry
->key
,
946 /* reg_ctx->curr_key, &key); */
947 if (!W_ERROR_IS_OK(werr
)) {
948 DEBUG(0,("gp_store_reg_subkey failed: %s\n", win_errstr(werr
)));
952 switch (entry
->action
) {
953 case GP_REG_ACTION_NONE
:
954 case GP_REG_ACTION_ADD_KEY
:
957 case GP_REG_ACTION_SEC_KEY_SET
:
958 werr
= gp_secure_key(mem_ctx
, flags
,
960 &token
->user_sids
[0]);
961 if (!W_ERROR_IS_OK(werr
)) {
962 DEBUG(0,("reg_apply_registry_entry: "
963 "gp_secure_key failed: %s\n",
968 case GP_REG_ACTION_ADD_VALUE
:
969 werr
= reg_setvalue(key
, entry
->value
, entry
->data
);
970 if (!W_ERROR_IS_OK(werr
)) {
971 DEBUG(0,("reg_apply_registry_entry: "
972 "reg_setvalue failed: %s\n",
974 dump_reg_entry(flags
, "STORE", entry
);
978 case GP_REG_ACTION_DEL_VALUE
:
979 werr
= reg_deletevalue(key
, entry
->value
);
980 if (!W_ERROR_IS_OK(werr
)) {
981 DEBUG(0,("reg_apply_registry_entry: "
982 "reg_deletevalue failed: %s\n",
984 dump_reg_entry(flags
, "STORE", entry
);
988 case GP_REG_ACTION_DEL_ALL_VALUES
:
989 werr
= reg_deleteallvalues(key
);
990 if (!W_ERROR_IS_OK(werr
)) {
991 DEBUG(0,("reg_apply_registry_entry: "
992 "reg_deleteallvalues failed: %s\n",
994 dump_reg_entry(flags
, "STORE", entry
);
998 case GP_REG_ACTION_DEL_VALUES
:
999 case GP_REG_ACTION_DEL_KEYS
:
1000 case GP_REG_ACTION_SEC_KEY_RESET
:
1001 DEBUG(0,("reg_apply_registry_entry: "
1002 "not yet supported: %s (%d)\n",
1003 gp_reg_action_str(entry
->action
),
1005 return WERR_NOT_SUPPORTED
;
1007 DEBUG(0,("invalid action: %d\n", entry
->action
));
1008 return WERR_INVALID_PARAM
;