2007-08-14 18:47:08 +04:00
/*
2006-02-04 01:19:41 +03:00
* Unix SMB / CIFS implementation .
* Group Policy Object Support
2008-02-29 18:03:23 +03:00
* Copyright ( C ) Guenther Deschner 2005 - 2008
2007-08-14 18:47:08 +04:00
*
2006-02-04 01:19:41 +03:00
* This program is free software ; you can redistribute it and / or modify
* it under the terms of the GNU General Public License as published by
2007-07-09 23:25:36 +04:00
* the Free Software Foundation ; either version 3 of the License , or
2006-02-04 01:19:41 +03:00
* ( at your option ) any later version .
2007-08-14 18:47:08 +04:00
*
2006-02-04 01:19:41 +03:00
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU General Public License for more details .
2007-08-14 18:47:08 +04:00
*
2006-02-04 01:19:41 +03:00
* You should have received a copy of the GNU General Public License
2007-07-10 09:23:25 +04:00
* along with this program ; if not , see < http : //www.gnu.org/licenses/>.
2006-02-04 01:19:41 +03:00
*/
2009-03-01 04:13:21 +03:00
# ifndef __GPO_H__
# define __GPO_H__
2010-07-02 02:32:52 +04:00
# include "ads.h"
2009-03-01 18:25:57 +03:00
2006-02-04 01:19:41 +03:00
enum GPO_LINK_TYPE {
2006-09-29 03:04:17 +04:00
GP_LINK_UNKOWN = 0 ,
GP_LINK_MACHINE = 1 ,
GP_LINK_SITE = 2 ,
GP_LINK_DOMAIN = 3 ,
2008-02-29 17:46:14 +03:00
GP_LINK_OU = 4 ,
GP_LINK_LOCAL = 5 /* for convenience */
2006-02-04 01:19:41 +03:00
} ;
/* GPO_OPTIONS */
# define GPO_FLAG_DISABLE 0x00000001
# define GPO_FLAG_FORCE 0x00000002
/* GPO_LIST_FLAGS */
# define GPO_LIST_FLAG_MACHINE 0x00000001
# define GPO_LIST_FLAG_SITEONLY 0x00000002
2008-02-29 17:46:14 +03:00
/* following flags from http://support.microsoft.com/kb/312164/EN-US/ */
# define GPO_INFO_FLAG_MACHINE 0x00000001
# define GPO_INFO_FLAG_BACKGROUND 0x00000010
# define GPO_INFO_FLAG_SLOWLINK 0x00000020
# define GPO_INFO_FLAG_VERBOSE 0x00000040
# define GPO_INFO_FLAG_NOCHANGES 0x00000080
# define GPO_INFO_FLAG_LINKTRANSITION 0x00000100
# define GPO_INFO_FLAG_LOGRSOP_TRANSITION 0x00000200
# define GPO_INFO_FLAG_FORCED_REFRESH 0x00000400
# define GPO_INFO_FLAG_SAFEMODE_BOOT 0x00000800
2006-09-26 21:22:15 +04:00
# define GPO_VERSION_USER(x) (x >> 16)
# define GPO_VERSION_MACHINE(x) (x & 0xffff)
2006-02-04 01:19:41 +03:00
struct GROUP_POLICY_OBJECT {
2007-08-14 18:47:08 +04:00
uint32_t options ; /* GPFLAGS_* */
uint32_t version ;
2006-02-04 01:19:41 +03:00
const char * ds_path ;
const char * file_sys_path ;
const char * display_name ;
const char * name ;
const char * link ;
2007-07-14 03:28:12 +04:00
enum GPO_LINK_TYPE link_type ;
2006-02-04 01:19:41 +03:00
const char * user_extensions ;
const char * machine_extensions ;
2009-03-01 04:13:21 +03:00
struct security_descriptor * security_descriptor ;
2006-02-04 01:19:41 +03:00
struct GROUP_POLICY_OBJECT * next , * prev ;
} ;
/* the following is seen on the DS (see adssearch.pl for details) */
/* the type field in a 'gPLink', the same as GPO_FLAG ? */
# define GPO_LINK_OPT_NONE 0x00000000
# define GPO_LINK_OPT_DISABLED 0x00000001
# define GPO_LINK_OPT_ENFORCED 0x00000002
/* GPO_LINK_OPT_ENFORCED takes precedence over GPOPTIONS_BLOCK_INHERITANCE */
/* 'gPOptions', maybe a bitmask as well */
enum GPO_INHERIT {
2006-09-29 03:04:17 +04:00
GPOPTIONS_INHERIT = 0 ,
GPOPTIONS_BLOCK_INHERITANCE = 1
2006-02-04 01:19:41 +03:00
} ;
/* 'flags' in a 'groupPolicyContainer' object */
# define GPFLAGS_ALL_ENABLED 0x00000000
# define GPFLAGS_USER_SETTINGS_DISABLED 0x00000001
# define GPFLAGS_MACHINE_SETTINGS_DISABLED 0x00000002
# define GPFLAGS_ALL_DISABLED (GPFLAGS_USER_SETTINGS_DISABLED | \
GPFLAGS_MACHINE_SETTINGS_DISABLED )
struct GP_LINK {
const char * gp_link ; /* raw link name */
2007-08-14 18:47:08 +04:00
uint32_t gp_opts ; /* inheritance options GPO_INHERIT */
uint32_t num_links ; /* number of links */
2006-02-04 01:19:41 +03:00
char * * link_names ; /* array of parsed link names */
2007-08-14 18:47:08 +04:00
uint32_t * link_opts ; /* array of parsed link opts GPO_LINK_OPT_* */
2006-02-04 01:19:41 +03:00
} ;
struct GP_EXT {
const char * gp_extension ; /* raw extension name */
2007-08-14 18:47:08 +04:00
uint32_t num_exts ;
2006-02-04 01:19:41 +03:00
char * * extensions ;
char * * extensions_guid ;
char * * snapins ;
char * * snapins_guid ;
2008-02-29 17:46:14 +03:00
struct GP_EXT * next , * prev ;
2006-02-04 01:19:41 +03:00
} ;
2006-09-29 05:27:54 +04:00
# define GPO_CACHE_DIR "gpo_cache"
# define GPT_INI "GPT.INI"
2008-02-29 17:46:14 +03:00
# define GPO_REFRESH_INTERVAL 60*90
# define GPO_REG_STATE_MACHINE "State\\Machine"
enum gp_reg_action {
GP_REG_ACTION_NONE = 0 ,
GP_REG_ACTION_ADD_VALUE = 1 ,
GP_REG_ACTION_ADD_KEY = 2 ,
GP_REG_ACTION_DEL_VALUES = 3 ,
GP_REG_ACTION_DEL_VALUE = 4 ,
GP_REG_ACTION_DEL_ALL_VALUES = 5 ,
GP_REG_ACTION_DEL_KEYS = 6 ,
GP_REG_ACTION_SEC_KEY_SET = 7 ,
GP_REG_ACTION_SEC_KEY_RESET = 8
} ;
struct gp_registry_entry {
enum gp_reg_action action ;
const char * key ;
const char * value ;
struct registry_value * data ;
} ;
struct gp_registry_value {
const char * value ;
struct registry_value * data ;
} ;
struct gp_registry_entries {
size_t num_entries ;
struct gp_registry_entry * * entries ;
} ;
struct gp_registry_context {
2010-08-26 16:08:22 +04:00
const struct security_token * token ;
2008-02-29 17:46:14 +03:00
const char * path ;
struct registry_key * curr_key ;
} ;
2007-08-14 18:47:08 +04:00
2007-09-26 01:41:57 +04:00
# define GP_EXT_GUID_SECURITY "827D319E-6EAC-11D2-A4EA-00C04F79F83A"
# define GP_EXT_GUID_REGISTRY "35378EAC-683F-11D2-A89A-00C04FBBCFA2"
# define GP_EXT_GUID_SCRIPTS "42B5FAAE-6536-11D2-AE5A-0000F87571E3"
2009-03-01 04:44:51 +03:00
# define ADS_EXTENDED_RIGHT_APPLY_GROUP_POLICY "edacfd8f-ffb3-11d1-b41d-00a0c968f939"
2008-02-29 18:03:23 +03:00
2009-03-01 18:25:57 +03:00
struct cli_state ;
/* The following definitions come from libgpo/gpo_fetch.c */
NTSTATUS gpo_explode_filesyspath ( TALLOC_CTX * mem_ctx ,
2009-03-15 22:34:59 +03:00
const char * cache_dir ,
2009-03-01 18:25:57 +03:00
const char * file_sys_path ,
char * * server ,
char * * service ,
char * * nt_path ,
char * * unix_path ) ;
NTSTATUS gpo_fetch_files ( TALLOC_CTX * mem_ctx ,
2009-03-15 06:40:12 +03:00
ADS_STRUCT * ads ,
2009-03-15 22:34:59 +03:00
const char * cache_dir ,
2013-12-20 01:23:44 +04:00
const struct GROUP_POLICY_OBJECT * gpo ) ;
2009-03-01 18:25:57 +03:00
NTSTATUS gpo_get_sysvol_gpt_version ( TALLOC_CTX * mem_ctx ,
const char * unix_path ,
uint32_t * sysvol_version ,
char * * display_name ) ;
/* The following definitions come from libgpo/gpo_ldap.c */
bool ads_parse_gp_ext ( TALLOC_CTX * mem_ctx ,
const char * extension_raw ,
struct GP_EXT * * gp_ext ) ;
ADS_STATUS ads_get_gpo_link ( ADS_STRUCT * ads ,
TALLOC_CTX * mem_ctx ,
const char * link_dn ,
struct GP_LINK * gp_link_struct ) ;
ADS_STATUS ads_add_gpo_link ( ADS_STRUCT * ads ,
TALLOC_CTX * mem_ctx ,
const char * link_dn ,
const char * gpo_dn ,
uint32_t gpo_opt ) ;
ADS_STATUS ads_delete_gpo_link ( ADS_STRUCT * ads ,
TALLOC_CTX * mem_ctx ,
const char * link_dn ,
const char * gpo_dn ) ;
ADS_STATUS ads_get_gpo ( ADS_STRUCT * ads ,
TALLOC_CTX * mem_ctx ,
const char * gpo_dn ,
const char * display_name ,
const char * guid_name ,
struct GROUP_POLICY_OBJECT * gpo ) ;
ADS_STATUS ads_get_sid_token ( ADS_STRUCT * ads ,
TALLOC_CTX * mem_ctx ,
const char * dn ,
2010-08-26 16:08:22 +04:00
struct security_token * * token ) ;
2009-03-01 18:25:57 +03:00
ADS_STATUS ads_get_gpo_list ( ADS_STRUCT * ads ,
TALLOC_CTX * mem_ctx ,
const char * dn ,
uint32_t flags ,
2010-08-26 16:08:22 +04:00
const struct security_token * token ,
2009-03-01 18:25:57 +03:00
struct GROUP_POLICY_OBJECT * * gpo_list ) ;
/* The following definitions come from libgpo/gpo_sec.c */
NTSTATUS gpo_apply_security_filtering ( const struct GROUP_POLICY_OBJECT * gpo ,
2010-08-26 16:08:22 +04:00
const struct security_token * token ) ;
2009-03-01 18:25:57 +03:00
/* The following definitions come from libgpo/gpo_util.c */
const char * cse_gpo_guid_string_to_name ( const char * guid ) ;
const char * cse_gpo_name_to_guid_string ( const char * name ) ;
const char * cse_snapin_gpo_guid_string_to_name ( const char * guid ) ;
void dump_gp_ext ( struct GP_EXT * gp_ext , int debuglevel ) ;
2013-12-18 18:45:58 +04:00
void dump_gpo ( const struct GROUP_POLICY_OBJECT * gpo ,
2009-03-01 18:25:57 +03:00
int debuglevel ) ;
2013-12-18 18:45:58 +04:00
void dump_gpo_list ( const struct GROUP_POLICY_OBJECT * gpo_list ,
2009-03-01 18:25:57 +03:00
int debuglevel ) ;
2013-12-18 18:45:58 +04:00
void dump_gplink ( const struct GP_LINK * gp_link ) ;
2013-12-13 18:02:13 +04:00
NTSTATUS gpo_process_gpo_list ( TALLOC_CTX * mem_ctx ,
const struct security_token * token ,
2013-12-19 20:29:10 +04:00
const struct GROUP_POLICY_OBJECT * deleted_gpo_list ,
const struct GROUP_POLICY_OBJECT * changed_gpo_list ,
2013-12-13 18:02:13 +04:00
const char * extensions_guid_filter ,
uint32_t flags ) ;
2009-03-01 18:25:57 +03:00
NTSTATUS check_refresh_gpo ( ADS_STRUCT * ads ,
TALLOC_CTX * mem_ctx ,
2009-03-15 22:34:59 +03:00
const char * cache_dir ,
2009-03-01 18:25:57 +03:00
uint32_t flags ,
2013-12-20 01:23:44 +04:00
const struct GROUP_POLICY_OBJECT * gpo ) ;
2009-03-01 18:25:57 +03:00
NTSTATUS check_refresh_gpo_list ( ADS_STRUCT * ads ,
TALLOC_CTX * mem_ctx ,
2009-03-15 22:34:59 +03:00
const char * cache_dir ,
2009-03-01 18:25:57 +03:00
uint32_t flags ,
2013-12-20 01:23:44 +04:00
const struct GROUP_POLICY_OBJECT * gpo_list ) ;
2009-03-01 18:25:57 +03:00
NTSTATUS gpo_get_unix_path ( TALLOC_CTX * mem_ctx ,
2009-03-15 22:34:59 +03:00
const char * cache_dir ,
2013-12-20 01:23:44 +04:00
const struct GROUP_POLICY_OBJECT * gpo ,
2009-03-01 18:25:57 +03:00
char * * unix_path ) ;
2009-03-15 06:40:12 +03:00
char * gpo_flag_str ( TALLOC_CTX * mem_ctx , uint32_t flags ) ;
2009-03-01 18:25:57 +03:00
NTSTATUS gp_find_file ( TALLOC_CTX * mem_ctx ,
uint32_t flags ,
const char * filename ,
const char * suffix ,
const char * * filename_out ) ;
ADS_STATUS gp_get_machine_token ( ADS_STRUCT * ads ,
TALLOC_CTX * mem_ctx ,
const char * dn ,
2010-08-26 16:08:22 +04:00
struct security_token * * token ) ;
2009-03-01 18:25:57 +03:00
2013-12-18 23:02:58 +04:00
bool gpo_get_gp_ext_from_gpo ( TALLOC_CTX * mem_ctx ,
uint32_t flags ,
const struct GROUP_POLICY_OBJECT * gpo ,
struct GP_EXT * * gp_ext ) ;
2013-12-19 16:27:45 +04:00
NTSTATUS gpo_copy ( TALLOC_CTX * mem_ctx ,
const struct GROUP_POLICY_OBJECT * gpo_src ,
struct GROUP_POLICY_OBJECT * * gpo_dst ) ;
2009-03-01 18:25:57 +03:00
2009-03-01 04:13:21 +03:00
# endif
