2 * Unix SMB/CIFS implementation.
3 * Group Policy Object Support
4 * Copyright (C) Guenther Deschner 2007-2008
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, see <http://www.gnu.org/licenses/>.
21 #include "../libgpo/gpo.h"
22 #include "libgpo/gpo_proto.h"
24 #include "registry/reg_api.h"
25 #include "registry/reg_backend_db.h"
26 #include "registry/reg_api_util.h"
27 #include "registry/reg_init_basic.h"
28 #include "../libcli/security/security.h"
29 #include "libcli/security/dom_sid.h"
30 #include "../libcli/registry/util_reg.h"
33 /****************************************************************
34 ****************************************************************/
36 struct security_token
*registry_create_system_token(TALLOC_CTX
*mem_ctx
)
38 struct security_token
*token
= NULL
;
40 token
= talloc_zero(mem_ctx
, struct security_token
);
42 DEBUG(1,("talloc failed\n"));
46 token
->privilege_mask
= SE_ALL_PRIVS
;
48 if (!NT_STATUS_IS_OK(add_sid_to_array(token
, &global_sid_System
,
49 &token
->sids
, &token
->num_sids
))) {
50 DEBUG(1,("Error adding nt-authority system sid to token\n"));
57 /****************************************************************
58 ****************************************************************/
60 WERROR
gp_init_reg_ctx(TALLOC_CTX
*mem_ctx
,
61 const char *initial_path
,
62 uint32_t desired_access
,
63 const struct security_token
*token
,
64 struct gp_registry_context
**reg_ctx
)
66 struct gp_registry_context
*tmp_ctx
;
70 return WERR_INVALID_PARAMETER
;
73 werr
= registry_init_basic();
74 if (!W_ERROR_IS_OK(werr
)) {
78 tmp_ctx
= talloc_zero(mem_ctx
, struct gp_registry_context
);
79 W_ERROR_HAVE_NO_MEMORY(tmp_ctx
);
82 tmp_ctx
->token
= token
;
84 tmp_ctx
->token
= registry_create_system_token(mem_ctx
);
86 if (!tmp_ctx
->token
) {
88 return WERR_NOT_ENOUGH_MEMORY
;
92 if (!W_ERROR_IS_OK(werr
)) {
97 tmp_ctx
->path
= talloc_strdup(mem_ctx
, initial_path
);
100 return WERR_NOT_ENOUGH_MEMORY
;
103 werr
= reg_open_path(mem_ctx
, tmp_ctx
->path
, desired_access
,
104 tmp_ctx
->token
, &tmp_ctx
->curr_key
);
105 if (!W_ERROR_IS_OK(werr
)) {
106 TALLOC_FREE(tmp_ctx
);
116 /****************************************************************
117 ****************************************************************/
119 void gp_free_reg_ctx(struct gp_registry_context
*reg_ctx
)
121 TALLOC_FREE(reg_ctx
);
124 /****************************************************************
125 ****************************************************************/
127 WERROR
gp_store_reg_subkey(TALLOC_CTX
*mem_ctx
,
128 const char *subkeyname
,
129 struct registry_key
*curr_key
,
130 struct registry_key
**new_key
)
132 enum winreg_CreateAction action
= REG_ACTION_NONE
;
135 werr
= reg_createkey(mem_ctx
, curr_key
, subkeyname
,
136 REG_KEY_WRITE
, new_key
, &action
);
137 if (W_ERROR_IS_OK(werr
) && (action
!= REG_CREATED_NEW_KEY
)) {
144 /****************************************************************
145 ****************************************************************/
147 WERROR
gp_read_reg_subkey(TALLOC_CTX
*mem_ctx
,
148 struct gp_registry_context
*reg_ctx
,
149 const char *subkeyname
,
150 struct registry_key
**key
)
152 const char *tmp
= NULL
;
154 if (!reg_ctx
|| !subkeyname
|| !key
) {
155 return WERR_INVALID_PARAMETER
;
158 tmp
= talloc_asprintf(mem_ctx
, "%s\\%s", reg_ctx
->path
, subkeyname
);
159 W_ERROR_HAVE_NO_MEMORY(tmp
);
161 return reg_open_path(mem_ctx
, tmp
, REG_KEY_READ
,
162 reg_ctx
->token
, key
);
165 /****************************************************************
166 ****************************************************************/
168 WERROR
gp_store_reg_val_sz(TALLOC_CTX
*mem_ctx
,
169 struct registry_key
*key
,
170 const char *val_name
,
173 struct registry_value reg_val
;
175 reg_val
.type
= REG_SZ
;
176 if (!push_reg_sz(mem_ctx
, ®_val
.data
, val
)) {
177 return WERR_NOT_ENOUGH_MEMORY
;
180 return reg_setvalue(key
, val_name
, ®_val
);
183 /****************************************************************
184 ****************************************************************/
186 static WERROR
gp_store_reg_val_dword(TALLOC_CTX
*mem_ctx
,
187 struct registry_key
*key
,
188 const char *val_name
,
191 struct registry_value reg_val
;
193 reg_val
.type
= REG_DWORD
;
194 reg_val
.data
= data_blob_talloc(mem_ctx
, NULL
, 4);
195 SIVAL(reg_val
.data
.data
, 0, val
);
197 return reg_setvalue(key
, val_name
, ®_val
);
200 /****************************************************************
201 ****************************************************************/
203 WERROR
gp_read_reg_val_sz(TALLOC_CTX
*mem_ctx
,
204 struct registry_key
*key
,
205 const char *val_name
,
209 struct registry_value
*reg_val
= NULL
;
211 werr
= reg_queryvalue(mem_ctx
, key
, val_name
, ®_val
);
212 W_ERROR_NOT_OK_RETURN(werr
);
214 if (reg_val
->type
!= REG_SZ
) {
215 return WERR_INVALID_DATATYPE
;
218 if (!pull_reg_sz(mem_ctx
, ®_val
->data
, val
)) {
219 return WERR_NOT_ENOUGH_MEMORY
;
225 /****************************************************************
226 ****************************************************************/
228 static WERROR
gp_read_reg_val_dword(TALLOC_CTX
*mem_ctx
,
229 struct registry_key
*key
,
230 const char *val_name
,
234 struct registry_value
*reg_val
= NULL
;
236 werr
= reg_queryvalue(mem_ctx
, key
, val_name
, ®_val
);
237 W_ERROR_NOT_OK_RETURN(werr
);
239 if (reg_val
->type
!= REG_DWORD
) {
240 return WERR_INVALID_DATATYPE
;
243 if (reg_val
->data
.length
< 4) {
244 return WERR_INSUFFICIENT_BUFFER
;
246 *val
= IVAL(reg_val
->data
.data
, 0);
251 /****************************************************************
252 ****************************************************************/
254 static WERROR
gp_store_reg_gpovals(TALLOC_CTX
*mem_ctx
,
255 struct registry_key
*key
,
256 struct GROUP_POLICY_OBJECT
*gpo
)
261 return WERR_INVALID_PARAMETER
;
264 werr
= gp_store_reg_val_dword(mem_ctx
, key
, "Version",
266 W_ERROR_NOT_OK_RETURN(werr
);
268 werr
= gp_store_reg_val_dword(mem_ctx
, key
, "WQLFilterPass",
270 W_ERROR_NOT_OK_RETURN(werr
);
272 werr
= gp_store_reg_val_dword(mem_ctx
, key
, "AccessDenied",
274 W_ERROR_NOT_OK_RETURN(werr
);
276 werr
= gp_store_reg_val_dword(mem_ctx
, key
, "GPO-Disabled",
277 (gpo
->options
& GPO_FLAG_DISABLE
));
278 W_ERROR_NOT_OK_RETURN(werr
);
280 werr
= gp_store_reg_val_dword(mem_ctx
, key
, "Options",
282 W_ERROR_NOT_OK_RETURN(werr
);
284 werr
= gp_store_reg_val_sz(mem_ctx
, key
, "GPOID",
286 W_ERROR_NOT_OK_RETURN(werr
);
288 werr
= gp_store_reg_val_sz(mem_ctx
, key
, "SOM",
289 gpo
->link
? gpo
->link
: "");
290 W_ERROR_NOT_OK_RETURN(werr
);
292 werr
= gp_store_reg_val_sz(mem_ctx
, key
, "DisplayName",
294 W_ERROR_NOT_OK_RETURN(werr
);
296 werr
= gp_store_reg_val_sz(mem_ctx
, key
, "WQL-Id",
298 W_ERROR_NOT_OK_RETURN(werr
);
303 /****************************************************************
304 ****************************************************************/
306 static const char *gp_reg_groupmembership_path(TALLOC_CTX
*mem_ctx
,
307 const struct dom_sid
*sid
,
310 struct dom_sid_buf sidbuf
;
312 if (flags
& GPO_LIST_FLAG_MACHINE
) {
313 return "GroupMembership";
316 return talloc_asprintf(
319 dom_sid_str_buf(sid
, &sidbuf
),
323 /****************************************************************
324 ****************************************************************/
326 static WERROR
gp_reg_del_groupmembership(TALLOC_CTX
*mem_ctx
,
327 struct registry_key
*key
,
328 const struct security_token
*token
,
331 const char *path
= NULL
;
333 path
= gp_reg_groupmembership_path(mem_ctx
, &token
->sids
[PRIMARY_USER_SID_INDEX
],
335 W_ERROR_HAVE_NO_MEMORY(path
);
337 return reg_deletekey_recursive(key
, path
);
341 /****************************************************************
342 ****************************************************************/
344 static WERROR
gp_reg_store_groupmembership(TALLOC_CTX
*mem_ctx
,
345 struct gp_registry_context
*reg_ctx
,
346 const struct security_token
*token
,
349 struct registry_key
*key
= NULL
;
352 const char *valname
= NULL
;
353 const char *path
= NULL
;
356 path
= gp_reg_groupmembership_path(mem_ctx
, &token
->sids
[PRIMARY_USER_SID_INDEX
],
358 W_ERROR_HAVE_NO_MEMORY(path
);
360 gp_reg_del_groupmembership(mem_ctx
, reg_ctx
->curr_key
, token
, flags
);
362 werr
= gp_store_reg_subkey(mem_ctx
, path
,
363 reg_ctx
->curr_key
, &key
);
364 W_ERROR_NOT_OK_RETURN(werr
);
366 for (i
=0; i
<token
->num_sids
; i
++) {
367 struct dom_sid_buf buf
;
369 valname
= talloc_asprintf(mem_ctx
, "Group%d", count
++);
370 W_ERROR_HAVE_NO_MEMORY(valname
);
372 werr
= gp_store_reg_val_sz(
376 dom_sid_str_buf(&token
->sids
[i
], &buf
));
377 W_ERROR_NOT_OK_RETURN(werr
);
380 werr
= gp_store_reg_val_dword(mem_ctx
, key
, "Count", count
);
381 W_ERROR_NOT_OK_RETURN(werr
);
386 /****************************************************************
387 ****************************************************************/
390 static WERROR
gp_reg_read_groupmembership(TALLOC_CTX
*mem_ctx
,
391 struct gp_registry_context
*reg_ctx
,
392 const struct dom_sid
*object_sid
,
393 struct security_token
**token
,
396 struct registry_key
*key
= NULL
;
399 const char *valname
= NULL
;
400 const char *val
= NULL
;
401 const char *path
= NULL
;
403 int num_token_sids
= 0;
404 struct security_token
*tmp_token
= NULL
;
406 tmp_token
= talloc_zero(mem_ctx
, struct security_token
);
407 W_ERROR_HAVE_NO_MEMORY(tmp_token
);
409 path
= gp_reg_groupmembership_path(mem_ctx
, object_sid
, flags
);
410 W_ERROR_HAVE_NO_MEMORY(path
);
412 werr
= gp_read_reg_subkey(mem_ctx
, reg_ctx
, path
, &key
);
413 W_ERROR_NOT_OK_RETURN(werr
);
415 werr
= gp_read_reg_val_dword(mem_ctx
, key
, "Count", &count
);
416 W_ERROR_NOT_OK_RETURN(werr
);
418 for (i
=0; i
<count
; i
++) {
420 valname
= talloc_asprintf(mem_ctx
, "Group%d", i
);
421 W_ERROR_HAVE_NO_MEMORY(valname
);
423 werr
= gp_read_reg_val_sz(mem_ctx
, key
, valname
, &val
);
424 W_ERROR_NOT_OK_RETURN(werr
);
426 if (!string_to_sid(&tmp_token
->sids
[num_token_sids
++],
428 return WERR_INSUFFICIENT_BUFFER
;
432 tmp_token
->num_sids
= num_token_sids
;
439 /****************************************************************
440 ****************************************************************/
442 static const char *gp_req_state_path(TALLOC_CTX
*mem_ctx
,
443 const struct dom_sid
*sid
,
446 struct dom_sid_buf sidbuf
;
448 if (flags
& GPO_LIST_FLAG_MACHINE
) {
449 return GPO_REG_STATE_MACHINE
;
452 return talloc_asprintf(
456 dom_sid_str_buf(sid
, &sidbuf
));
459 /****************************************************************
460 ****************************************************************/
462 static WERROR
gp_del_reg_state(TALLOC_CTX
*mem_ctx
,
463 struct registry_key
*key
,
466 return reg_deletesubkeys_recursive(key
, path
);
469 /****************************************************************
470 ****************************************************************/
472 WERROR
gp_reg_state_store(TALLOC_CTX
*mem_ctx
,
475 const struct security_token
*token
,
476 struct GROUP_POLICY_OBJECT
*gpo_list
)
478 struct gp_registry_context
*reg_ctx
= NULL
;
479 WERROR werr
= WERR_GEN_FAILURE
;
480 const char *subkeyname
= NULL
;
481 struct GROUP_POLICY_OBJECT
*gpo
;
483 struct registry_key
*key
;
485 werr
= gp_init_reg_ctx(mem_ctx
, KEY_GROUP_POLICY
, REG_KEY_WRITE
,
487 W_ERROR_NOT_OK_RETURN(werr
);
489 werr
= gp_secure_key(mem_ctx
, flags
, reg_ctx
->curr_key
,
490 &token
->sids
[PRIMARY_USER_SID_INDEX
]);
491 if (!W_ERROR_IS_OK(werr
)) {
492 DEBUG(0,("failed to secure key: %s\n", win_errstr(werr
)));
496 werr
= gp_reg_store_groupmembership(mem_ctx
, reg_ctx
, token
, flags
);
497 if (!W_ERROR_IS_OK(werr
)) {
498 DEBUG(0,("failed to store group membership: %s\n", win_errstr(werr
)));
502 subkeyname
= gp_req_state_path(mem_ctx
, &token
->sids
[PRIMARY_USER_SID_INDEX
], flags
);
504 werr
= WERR_NOT_ENOUGH_MEMORY
;
508 werr
= gp_del_reg_state(mem_ctx
, reg_ctx
->curr_key
, subkeyname
);
509 if (!W_ERROR_IS_OK(werr
)) {
510 DEBUG(0,("failed to delete old state: %s\n", win_errstr(werr
)));
514 werr
= gp_store_reg_subkey(mem_ctx
, subkeyname
,
515 reg_ctx
->curr_key
, ®_ctx
->curr_key
);
516 if (!W_ERROR_IS_OK(werr
)) {
520 werr
= gp_store_reg_val_sz(mem_ctx
, reg_ctx
->curr_key
,
521 "Distinguished-Name", dn
);
522 if (!W_ERROR_IS_OK(werr
)) {
526 /* store link list */
528 werr
= gp_store_reg_subkey(mem_ctx
, "GPLink-List",
529 reg_ctx
->curr_key
, &key
);
530 if (!W_ERROR_IS_OK(werr
)) {
536 werr
= gp_store_reg_subkey(mem_ctx
, "GPO-List",
537 reg_ctx
->curr_key
, ®_ctx
->curr_key
);
538 if (!W_ERROR_IS_OK(werr
)) {
542 for (gpo
= gpo_list
; gpo
; gpo
= gpo
->next
) {
544 subkeyname
= talloc_asprintf(mem_ctx
, "%d", count
++);
546 werr
= WERR_NOT_ENOUGH_MEMORY
;
550 werr
= gp_store_reg_subkey(mem_ctx
, subkeyname
,
551 reg_ctx
->curr_key
, &key
);
552 if (!W_ERROR_IS_OK(werr
)) {
556 werr
= gp_store_reg_gpovals(mem_ctx
, key
, gpo
);
557 if (!W_ERROR_IS_OK(werr
)) {
558 DEBUG(0,("gp_reg_state_store: "
559 "gp_store_reg_gpovals failed for %s: %s\n",
560 gpo
->display_name
, win_errstr(werr
)));
565 gp_free_reg_ctx(reg_ctx
);
569 /****************************************************************
570 ****************************************************************/
572 static WERROR
gp_read_reg_gpovals(TALLOC_CTX
*mem_ctx
,
573 struct registry_key
*key
,
574 struct GROUP_POLICY_OBJECT
*gpo
)
579 return WERR_INVALID_PARAMETER
;
582 werr
= gp_read_reg_val_dword(mem_ctx
, key
, "Version",
584 W_ERROR_NOT_OK_RETURN(werr
);
586 werr
= gp_read_reg_val_dword(mem_ctx
, key
, "Options",
588 W_ERROR_NOT_OK_RETURN(werr
);
590 werr
= gp_read_reg_val_sz(mem_ctx
, key
, "GPOID",
592 W_ERROR_NOT_OK_RETURN(werr
);
594 werr
= gp_read_reg_val_sz(mem_ctx
, key
, "SOM",
596 W_ERROR_NOT_OK_RETURN(werr
);
598 werr
= gp_read_reg_val_sz(mem_ctx
, key
, "DisplayName",
600 W_ERROR_NOT_OK_RETURN(werr
);
605 /****************************************************************
606 ****************************************************************/
608 static WERROR
gp_read_reg_gpo(TALLOC_CTX
*mem_ctx
,
609 struct registry_key
*key
,
610 struct GROUP_POLICY_OBJECT
**gpo_ret
)
612 struct GROUP_POLICY_OBJECT
*gpo
= NULL
;
615 if (!gpo_ret
|| !key
) {
616 return WERR_INVALID_PARAMETER
;
619 gpo
= talloc_zero(mem_ctx
, struct GROUP_POLICY_OBJECT
);
620 W_ERROR_HAVE_NO_MEMORY(gpo
);
622 werr
= gp_read_reg_gpovals(mem_ctx
, key
, gpo
);
623 W_ERROR_NOT_OK_RETURN(werr
);
630 /****************************************************************
631 ****************************************************************/
633 WERROR
gp_reg_state_read(TALLOC_CTX
*mem_ctx
,
635 const struct dom_sid
*sid
,
636 struct GROUP_POLICY_OBJECT
**gpo_list
)
638 struct gp_registry_context
*reg_ctx
= NULL
;
639 WERROR werr
= WERR_GEN_FAILURE
;
640 const char *subkeyname
= NULL
;
641 struct GROUP_POLICY_OBJECT
*gpo
= NULL
;
643 struct registry_key
*key
= NULL
;
644 const char *path
= NULL
;
645 const char *gp_state_path
= NULL
;
648 return WERR_INVALID_PARAMETER
;
651 ZERO_STRUCTP(gpo_list
);
653 gp_state_path
= gp_req_state_path(mem_ctx
, sid
, flags
);
654 if (!gp_state_path
) {
655 werr
= WERR_NOT_ENOUGH_MEMORY
;
659 path
= talloc_asprintf(mem_ctx
, "%s\\%s\\%s",
664 werr
= WERR_NOT_ENOUGH_MEMORY
;
668 werr
= gp_init_reg_ctx(mem_ctx
, path
, REG_KEY_READ
, NULL
, ®_ctx
);
669 if (!W_ERROR_IS_OK(werr
)) {
675 subkeyname
= talloc_asprintf(mem_ctx
, "%d", count
++);
677 werr
= WERR_NOT_ENOUGH_MEMORY
;
681 werr
= gp_read_reg_subkey(mem_ctx
, reg_ctx
, subkeyname
, &key
);
682 if (W_ERROR_EQUAL(werr
, WERR_FILE_NOT_FOUND
)) {
686 if (!W_ERROR_IS_OK(werr
)) {
687 DEBUG(0,("gp_reg_state_read: "
688 "gp_read_reg_subkey gave: %s\n",
693 werr
= gp_read_reg_gpo(mem_ctx
, key
, &gpo
);
694 if (!W_ERROR_IS_OK(werr
)) {
698 DLIST_ADD(*gpo_list
, gpo
);
702 gp_free_reg_ctx(reg_ctx
);
706 /****************************************************************
707 ****************************************************************/
709 static WERROR
gp_reg_generate_sd(TALLOC_CTX
*mem_ctx
,
710 const struct dom_sid
*sid
,
711 struct security_descriptor
**sd
,
714 struct security_ace ace
[6];
717 struct security_acl
*theacl
= NULL
;
719 uint8_t inherit_flags
;
722 init_sec_ace(&ace
[0],
724 SEC_ACE_TYPE_ACCESS_ALLOWED
,
728 init_sec_ace(&ace
[1],
729 &global_sid_Builtin_Administrators
,
730 SEC_ACE_TYPE_ACCESS_ALLOWED
,
734 init_sec_ace(&ace
[2],
735 sid
? sid
: &global_sid_Authenticated_Users
,
736 SEC_ACE_TYPE_ACCESS_ALLOWED
,
739 inherit_flags
= SEC_ACE_FLAG_OBJECT_INHERIT
|
740 SEC_ACE_FLAG_CONTAINER_INHERIT
|
741 SEC_ACE_FLAG_INHERIT_ONLY
;
744 init_sec_ace(&ace
[3],
746 SEC_ACE_TYPE_ACCESS_ALLOWED
,
747 mask
, inherit_flags
);
750 init_sec_ace(&ace
[4],
751 &global_sid_Builtin_Administrators
,
752 SEC_ACE_TYPE_ACCESS_ALLOWED
,
753 mask
, inherit_flags
);
756 init_sec_ace(&ace
[5],
757 sid
? sid
: &global_sid_Authenticated_Users
,
758 SEC_ACE_TYPE_ACCESS_ALLOWED
,
759 mask
, inherit_flags
);
761 theacl
= make_sec_acl(mem_ctx
, NT4_ACL_REVISION
, 6, ace
);
762 W_ERROR_HAVE_NO_MEMORY(theacl
);
764 *sd
= make_sec_desc(mem_ctx
, SD_REVISION
,
765 SEC_DESC_SELF_RELATIVE
|
766 SEC_DESC_DACL_AUTO_INHERITED
| /* really ? */
767 SEC_DESC_DACL_AUTO_INHERIT_REQ
, /* really ? */
770 W_ERROR_HAVE_NO_MEMORY(*sd
);
775 /****************************************************************
776 ****************************************************************/
778 WERROR
gp_secure_key(TALLOC_CTX
*mem_ctx
,
780 struct registry_key
*key
,
781 const struct dom_sid
*sid
)
783 struct security_descriptor
*sd
= NULL
;
785 const struct dom_sid
*sd_sid
= NULL
;
788 if (!(flags
& GPO_LIST_FLAG_MACHINE
)) {
792 werr
= gp_reg_generate_sd(mem_ctx
, sd_sid
, &sd
, &sd_size
);
793 W_ERROR_NOT_OK_RETURN(werr
);
795 return reg_setkeysecurity(key
, sd
);
798 /****************************************************************
799 ****************************************************************/
801 void dump_reg_val(int lvl
, const char *direction
,
802 const char *key
, const char *subkey
,
803 struct registry_value
*val
)
806 const char *type_str
= NULL
;
809 DEBUG(lvl
,("no val!\n"));
813 type_str
= str_regtype(val
->type
);
815 DEBUG(lvl
,("\tdump_reg_val:\t%s '%s'\n\t\t\t'%s' %s: ",
816 direction
, key
, subkey
, type_str
));
821 if (val
->data
.length
< 4) {
824 v
= IVAL(val
->data
.data
, 0);
825 DEBUG(lvl
,("%d (0x%08x)\n",
831 if (val
->data
.length
< 8) {
834 v
= BVAL(val
->data
.data
, 0);
835 DEBUG(lvl
,("%d (0x%016llx)\n",
837 (unsigned long long)v
));
842 if (!pull_reg_sz(talloc_tos(), &val
->data
, &s
)) {
845 DEBUG(lvl
,("%s (length: %d)\n",
846 s
, (int)strlen_m(s
)));
851 if (!pull_reg_multi_sz(talloc_tos(), &val
->data
, &a
)) {
854 for (i
=0; a
[i
] != NULL
; i
++) {
857 DEBUG(lvl
,("(num_strings: %d)\n", i
));
858 for (i
=0; a
[i
] != NULL
; i
++) {
859 DEBUGADD(lvl
,("\t%s\n", a
[i
]));
867 dump_data(lvl
, val
->data
.data
,
871 DEBUG(lvl
,("unsupported type: %d\n", val
->type
));
876 /****************************************************************
877 ****************************************************************/
879 void dump_reg_entry(uint32_t flags
,
881 struct gp_registry_entry
*entry
)
883 if (!(flags
& GPO_INFO_FLAG_VERBOSE
))
892 /****************************************************************
893 ****************************************************************/
895 void dump_reg_entries(uint32_t flags
,
897 struct gp_registry_entry
*entries
,
902 if (!(flags
& GPO_INFO_FLAG_VERBOSE
))
905 for (i
=0; i
< num_entries
; i
++) {
906 dump_reg_entry(flags
, dir
, &entries
[i
]);
910 /****************************************************************
911 ****************************************************************/
913 bool add_gp_registry_entry_to_array(TALLOC_CTX
*mem_ctx
,
914 struct gp_registry_entry
*entry
,
915 struct gp_registry_entry
**entries
,
918 *entries
= talloc_realloc(mem_ctx
, *entries
,
919 struct gp_registry_entry
,
922 if (*entries
== NULL
) {
927 (*entries
)[*num
].action
= entry
->action
;
928 (*entries
)[*num
].key
= entry
->key
;
929 (*entries
)[*num
].value
= entry
->value
;
930 (*entries
)[*num
].data
= entry
->data
;
936 /****************************************************************
937 ****************************************************************/
939 static const char *gp_reg_action_str(enum gp_reg_action action
)
942 case GP_REG_ACTION_NONE
:
943 return "GP_REG_ACTION_NONE";
944 case GP_REG_ACTION_ADD_VALUE
:
945 return "GP_REG_ACTION_ADD_VALUE";
946 case GP_REG_ACTION_ADD_KEY
:
947 return "GP_REG_ACTION_ADD_KEY";
948 case GP_REG_ACTION_DEL_VALUES
:
949 return "GP_REG_ACTION_DEL_VALUES";
950 case GP_REG_ACTION_DEL_VALUE
:
951 return "GP_REG_ACTION_DEL_VALUE";
952 case GP_REG_ACTION_DEL_ALL_VALUES
:
953 return "GP_REG_ACTION_DEL_ALL_VALUES";
954 case GP_REG_ACTION_DEL_KEYS
:
955 return "GP_REG_ACTION_DEL_KEYS";
956 case GP_REG_ACTION_SEC_KEY_SET
:
957 return "GP_REG_ACTION_SEC_KEY_SET";
958 case GP_REG_ACTION_SEC_KEY_RESET
:
959 return "GP_REG_ACTION_SEC_KEY_RESET";
965 /****************************************************************
966 ****************************************************************/
968 WERROR
reg_apply_registry_entry(TALLOC_CTX
*mem_ctx
,
969 struct registry_key
*root_key
,
970 struct gp_registry_context
*reg_ctx
,
971 struct gp_registry_entry
*entry
,
972 const struct security_token
*token
,
976 struct registry_key
*key
= NULL
;
978 if (flags
& GPO_INFO_FLAG_VERBOSE
) {
979 printf("about to store key: [%s]\n", entry
->key
);
980 printf(" value: [%s]\n", entry
->value
);
981 printf(" data: [%s]\n", str_regtype(entry
->data
->type
));
982 printf(" action: [%s]\n", gp_reg_action_str(entry
->action
));
985 werr
= gp_store_reg_subkey(mem_ctx
, entry
->key
,
987 /* reg_ctx->curr_key, &key); */
988 if (!W_ERROR_IS_OK(werr
)) {
989 DEBUG(0,("gp_store_reg_subkey failed: %s\n", win_errstr(werr
)));
993 switch (entry
->action
) {
994 case GP_REG_ACTION_NONE
:
995 case GP_REG_ACTION_ADD_KEY
:
998 case GP_REG_ACTION_SEC_KEY_SET
:
999 werr
= gp_secure_key(mem_ctx
, flags
,
1001 &token
->sids
[PRIMARY_USER_SID_INDEX
]);
1002 if (!W_ERROR_IS_OK(werr
)) {
1003 DEBUG(0,("reg_apply_registry_entry: "
1004 "gp_secure_key failed: %s\n",
1009 case GP_REG_ACTION_ADD_VALUE
:
1010 werr
= reg_setvalue(key
, entry
->value
, entry
->data
);
1011 if (!W_ERROR_IS_OK(werr
)) {
1012 DEBUG(0,("reg_apply_registry_entry: "
1013 "reg_setvalue failed: %s\n",
1015 dump_reg_entry(flags
, "STORE", entry
);
1019 case GP_REG_ACTION_DEL_VALUE
:
1020 werr
= reg_deletevalue(key
, entry
->value
);
1021 if (!W_ERROR_IS_OK(werr
)) {
1022 DEBUG(0,("reg_apply_registry_entry: "
1023 "reg_deletevalue failed: %s\n",
1025 dump_reg_entry(flags
, "STORE", entry
);
1029 case GP_REG_ACTION_DEL_ALL_VALUES
:
1030 werr
= reg_deleteallvalues(key
);
1031 if (!W_ERROR_IS_OK(werr
)) {
1032 DEBUG(0,("reg_apply_registry_entry: "
1033 "reg_deleteallvalues failed: %s\n",
1035 dump_reg_entry(flags
, "STORE", entry
);
1039 case GP_REG_ACTION_DEL_VALUES
:
1040 case GP_REG_ACTION_DEL_KEYS
:
1041 case GP_REG_ACTION_SEC_KEY_RESET
:
1042 DEBUG(0,("reg_apply_registry_entry: "
1043 "not yet supported: %s (%d)\n",
1044 gp_reg_action_str(entry
->action
),
1046 return WERR_NOT_SUPPORTED
;
1048 DEBUG(0,("invalid action: %d\n", entry
->action
));
1049 return WERR_INVALID_PARAMETER
;