2008-09-27 00:36:45 +02:00
/*
* Unix SMB / CIFS implementation .
* Group Policy Support
2008-09-27 00:38:26 +02:00
* Copyright ( C ) Guenther Deschner 2005 - 2008
2008-09-27 00:36:45 +02:00
*
* This program is free software ; you can redistribute it and / or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation ; either version 3 of the License , or
* ( at your option ) any later version .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU General Public License for more details .
*
* You should have received a copy of the GNU General Public License
* along with this program ; if not , see < http : //www.gnu.org/licenses/>.
*/
# include "includes.h"
2010-05-10 00:07:10 +02:00
# include "../libgpo/gpo_ini.h"
# include "../libgpo/gpo.h"
# include "libgpo/gpo_proto.h"
2013-12-20 17:22:23 +01:00
# include "libgpo/gpext/gpext.h"
2008-09-27 00:36:45 +02:00
# define GP_EXT_NAME "security"
# define GPTTMPL_UNIX_PATH "Microsoft / Windows NT / SecEdit / GptTmpl.inf"
# define GPTTMPL_SECTION_UNICODE "Unicode"
# define GPTTMPL_SECTION_VERSION "Version"
# define GPTTMPL_SECTION_REGISTRY_VALUES "Registry Values"
# define GPTTMPL_SECTION_SYSTEM_ACCESS "System Access"
# define GPTTMPL_SECTION_KERBEROS_POLICY "Kerberos Policy"
# define GPTTMPL_SECTION_EVENT_AUDIT "Event Audit"
# define GPTTMPL_SECTION_PRIVILEGE_RIGHTS "Privilege Rights"
# define GPTTMPL_SECTION_APPLICATION_LOG "Application Log"
# define GPTTMPL_SECTION_SECURITY_LOG "Security Log"
# define GPTTMPL_SECTION_SYSTEM_LOG "System Log"
# define GPTTMPL_SECTION_GROUP_MEMBERSHIP "Group Membership"
# define GPTTMPL_SECTION_FILE_SECURITY "File Security"
# define GPTTMPL_SECTION_SERVICE_GENERAL_SETTING "Service General Setting"
2017-05-04 15:07:14 +02:00
NTSTATUS gpext_security_init ( TALLOC_CTX * mem_ctx ) ;
2008-09-27 00:36:45 +02:00
static TALLOC_CTX * ctx = NULL ;
struct gpttmpl_table {
const char * section ;
const char * parameter ;
enum winreg_Type type ;
} ;
/****************************************************************
parse the Version section from gpttmpl file
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
# define GPTTMPL_PARAMETER_REVISION "Revision"
# define GPTTMPL_PARAMETER_SIGNATURE "signature"
2013-12-11 00:59:55 +01:00
# define GPTTMPL_VALUE_CHICAGO "\"$CHICAGO$\"" /* whatever this is good for... */
2008-09-27 00:36:45 +02:00
# define GPTTMPL_PARAMETER_UNICODE "Unicode"
2009-04-20 16:51:33 +02:00
static NTSTATUS gpttmpl_parse_header ( struct gp_inifile_context * ini_ctx ,
2008-09-27 00:36:45 +02:00
uint32_t * version_out )
{
2016-09-27 18:18:51 +02:00
const char * signature = NULL ;
2009-04-20 16:51:33 +02:00
NTSTATUS result ;
2009-04-20 23:38:11 +02:00
int version ;
2013-12-11 00:50:03 +01:00
bool is_unicode = false ;
2008-09-27 00:36:45 +02:00
2009-04-20 16:51:33 +02:00
if ( ! ini_ctx ) {
2008-09-27 00:36:45 +02:00
return NT_STATUS_INVALID_PARAMETER ;
}
2009-04-20 16:51:33 +02:00
result = gp_inifile_getstring ( ini_ctx , GPTTMPL_SECTION_VERSION
" : " GPTTMPL_PARAMETER_SIGNATURE , & signature ) ;
if ( ! NT_STATUS_IS_OK ( result ) ) {
2008-09-27 00:36:45 +02:00
return NT_STATUS_INTERNAL_DB_CORRUPTION ;
}
if ( ! strequal ( signature , GPTTMPL_VALUE_CHICAGO ) ) {
return NT_STATUS_INTERNAL_DB_CORRUPTION ;
}
2009-04-20 16:51:33 +02:00
result = gp_inifile_getint ( ini_ctx , GPTTMPL_SECTION_VERSION
" : " GPTTMPL_PARAMETER_REVISION , & version ) ;
2009-04-20 23:38:11 +02:00
if ( ! NT_STATUS_IS_OK ( result ) ) {
2008-09-27 00:36:45 +02:00
return NT_STATUS_INTERNAL_DB_CORRUPTION ;
}
if ( version_out ) {
* version_out = version ;
}
2013-12-11 00:50:03 +01:00
result = gp_inifile_getbool ( ini_ctx , GPTTMPL_SECTION_UNICODE
2009-04-20 23:38:11 +02:00
" : " GPTTMPL_PARAMETER_UNICODE , & is_unicode ) ;
2009-04-20 16:51:33 +02:00
if ( ! NT_STATUS_IS_OK ( result ) | | ! is_unicode ) {
2008-09-27 00:36:45 +02:00
return NT_STATUS_INTERNAL_DB_CORRUPTION ;
}
return NT_STATUS_OK ;
}
/****************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static NTSTATUS gpttmpl_init_context ( TALLOC_CTX * mem_ctx ,
uint32_t flags ,
const char * unix_path ,
struct gp_inifile_context * * ini_ctx )
{
NTSTATUS status ;
uint32_t version ;
struct gp_inifile_context * tmp_ctx = NULL ;
status = gp_inifile_init_context ( mem_ctx , flags , unix_path ,
GPTTMPL_UNIX_PATH , & tmp_ctx ) ;
NT_STATUS_NOT_OK_RETURN ( status ) ;
2009-04-20 16:51:33 +02:00
status = gpttmpl_parse_header ( tmp_ctx , & version ) ;
2008-09-27 00:36:45 +02:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
DEBUG ( 1 , ( " gpttmpl_init_context: failed: %s \n " ,
nt_errstr ( status ) ) ) ;
TALLOC_FREE ( tmp_ctx ) ;
return status ;
}
* ini_ctx = tmp_ctx ;
return NT_STATUS_OK ;
}
/****************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static NTSTATUS gpttmpl_process ( struct gp_inifile_context * ini_ctx ,
struct registry_key * root_key ,
uint32_t flags )
{
return NT_STATUS_OK ;
}
/****************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2013-12-13 15:52:31 +01:00
static NTSTATUS security_process_group_policy ( TALLOC_CTX * mem_ctx ,
2008-09-27 00:36:45 +02:00
uint32_t flags ,
struct registry_key * root_key ,
2010-08-26 20:04:11 +10:00
const struct security_token * token ,
2013-12-19 22:23:44 +01:00
const struct GROUP_POLICY_OBJECT * deleted_gpo_list ,
const struct GROUP_POLICY_OBJECT * changed_gpo_list )
2008-09-27 00:36:45 +02:00
{
2018-04-19 09:39:33 +10:00
NTSTATUS status = NT_STATUS_OK ;
2008-09-27 00:36:45 +02:00
char * unix_path = NULL ;
struct gp_inifile_context * ini_ctx = NULL ;
2013-12-19 22:23:44 +01:00
const struct GROUP_POLICY_OBJECT * gpo ;
2018-08-16 10:51:44 +02:00
char * gpo_cache_path = cache_path ( talloc_tos ( ) , GPO_CACHE_DIR ) ;
2014-10-06 18:21:14 +02:00
if ( gpo_cache_path = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
2008-09-27 00:36:45 +02:00
2013-12-18 19:33:28 +01:00
/* implementation of the policy callback function, see
* http : //msdn.microsoft.com/en-us/library/aa373494%28v=vs.85%29.aspx
* for details - gd */
2008-09-27 00:36:45 +02:00
2013-12-18 19:33:28 +01:00
/* for now do not process the list of deleted group policies
2008-09-27 00:36:45 +02:00
2013-12-18 19:33:28 +01:00
for ( gpo = deleted_gpo_list ; gpo ; gpo = gpo - > next ) {
2008-09-27 00:36:45 +02:00
}
2013-12-18 19:33:28 +01:00
*/
2008-09-27 00:36:45 +02:00
2013-12-18 19:33:28 +01:00
for ( gpo = changed_gpo_list ; gpo ; gpo = gpo - > next ) {
gpext_debug_header ( 0 , " security_process_group_policy " , flags ,
2013-12-19 14:34:53 +01:00
gpo , GP_EXT_GUID_SECURITY , NULL ) ;
2013-12-18 19:33:28 +01:00
/* this handler processes the gpttmpl files and merge output to the
* registry */
2014-10-06 18:21:14 +02:00
status = gpo_get_unix_path ( mem_ctx , gpo_cache_path ,
2013-12-18 19:33:28 +01:00
gpo , & unix_path ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto out ;
}
status = gpttmpl_init_context ( mem_ctx , flags , unix_path ,
& ini_ctx ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto out ;
}
status = gpttmpl_process ( ini_ctx , root_key , flags ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto out ;
}
TALLOC_FREE ( ini_ctx ) ;
2008-09-27 00:36:45 +02:00
}
out :
if ( ! NT_STATUS_IS_OK ( status ) ) {
DEBUG ( 0 , ( " security_process_group_policy: %s \n " ,
nt_errstr ( status ) ) ) ;
}
TALLOC_FREE ( ini_ctx ) ;
2014-10-06 18:21:14 +02:00
talloc_free ( gpo_cache_path ) ;
2008-09-27 00:36:45 +02:00
return status ;
}
/****************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static NTSTATUS security_get_reg_config ( TALLOC_CTX * mem_ctx ,
struct gp_extension_reg_info * * reg_info )
{
NTSTATUS status ;
struct gp_extension_reg_info * info = NULL ;
struct gp_extension_reg_table table [ ] = {
/* FIXME: how can we store the "(Default)" value ??? */
/* { "", REG_SZ, "Security" }, */
{ " ProcessGroupPolicy " , REG_SZ , " security_process_group_policy " } ,
{ " NoUserPolicy " , REG_DWORD , " 1 " } ,
{ " ExtensionDebugLevel " , REG_DWORD , " 1 " } ,
{ NULL , REG_NONE , NULL }
} ;
2011-06-07 11:44:43 +10:00
info = talloc_zero ( mem_ctx , struct gp_extension_reg_info ) ;
2008-09-27 00:36:45 +02:00
NT_STATUS_HAVE_NO_MEMORY ( info ) ;
2013-12-18 15:43:23 +01:00
status = gpext_info_add_entry ( mem_ctx , GP_EXT_NAME ,
GP_EXT_GUID_SECURITY ,
table , info ) ;
2008-09-27 00:36:45 +02:00
NT_STATUS_NOT_OK_RETURN ( status ) ;
* reg_info = info ;
return NT_STATUS_OK ;
}
/****************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static NTSTATUS security_initialize ( TALLOC_CTX * mem_ctx )
{
return NT_STATUS_OK ;
}
/****************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static NTSTATUS security_shutdown ( void )
{
NTSTATUS status ;
2013-12-18 15:43:23 +01:00
status = gpext_unregister_gp_extension ( GP_EXT_NAME ) ;
2008-09-27 00:36:45 +02:00
if ( NT_STATUS_IS_OK ( status ) ) {
return status ;
}
TALLOC_FREE ( ctx ) ;
return NT_STATUS_OK ;
}
/****************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static struct gp_extension_methods security_methods = {
. initialize = security_initialize ,
. process_group_policy = security_process_group_policy ,
. get_reg_config = security_get_reg_config ,
. shutdown = security_shutdown
} ;
/****************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2017-04-24 13:25:41 +02:00
NTSTATUS gpext_security_init ( TALLOC_CTX * mem_ctx )
2008-09-27 00:36:45 +02:00
{
NTSTATUS status ;
ctx = talloc_init ( " gpext_security_init " ) ;
NT_STATUS_HAVE_NO_MEMORY ( ctx ) ;
2013-12-18 15:43:23 +01:00
status = gpext_register_gp_extension ( ctx , SMB_GPEXT_INTERFACE_VERSION ,
GP_EXT_NAME , GP_EXT_GUID_SECURITY ,
& security_methods ) ;
2008-09-27 00:36:45 +02:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
TALLOC_FREE ( ctx ) ;
}
return status ;
}