search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ctdb-tests: Update statd-callout tests to handle both modes
[samba4-gss.git] / source3 / libgpo / gpext / security.c
bloba915eec61e4f9dfb0a2e15a6babd9a24e4ae3d0a
1 /*
2 * Unix SMB/CIFS implementation.
3 * Group Policy Support
4 * Copyright (C) Guenther Deschner 2005-2008
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21 #include "../libgpo/gpo_ini.h"
22 #include "../libgpo/gpo.h"
23 #include "libgpo/gpo_proto.h"
24 #include "libgpo/gpext/gpext.h"
25
26 #define GP_EXT_NAME "security"
27
28 #define GPTTMPL_UNIX_PATH "Microsoft/Windows NT/SecEdit/GptTmpl.inf"
29
30 #define GPTTMPL_SECTION_UNICODE "Unicode"
31 #define GPTTMPL_SECTION_VERSION "Version"
32
33 #define GPTTMPL_SECTION_REGISTRY_VALUES "Registry Values"
34 #define GPTTMPL_SECTION_SYSTEM_ACCESS "System Access"
35 #define GPTTMPL_SECTION_KERBEROS_POLICY "Kerberos Policy"
36 #define GPTTMPL_SECTION_EVENT_AUDIT "Event Audit"
37 #define GPTTMPL_SECTION_PRIVILEGE_RIGHTS "Privilege Rights"
38 #define GPTTMPL_SECTION_APPLICATION_LOG "Application Log"
39 #define GPTTMPL_SECTION_SECURITY_LOG "Security Log"
40 #define GPTTMPL_SECTION_SYSTEM_LOG "System Log"
41 #define GPTTMPL_SECTION_GROUP_MEMBERSHIP "Group Membership"
42 #define GPTTMPL_SECTION_FILE_SECURITY "File Security"
43 #define GPTTMPL_SECTION_SERVICE_GENERAL_SETTING "Service General Setting"
44
45 NTSTATUS gpext_security_init(TALLOC_CTX *mem_ctx);
46
47 static TALLOC_CTX *ctx = NULL;
48
49 struct gpttmpl_table {
50 const char *section;
51 const char *parameter;
52 enum winreg_Type type;
53 };
54
55 /****************************************************************
56 parse the Version section from gpttmpl file
57 ****************************************************************/
58
59 #define GPTTMPL_PARAMETER_REVISION "Revision"
60 #define GPTTMPL_PARAMETER_SIGNATURE "signature"
61 #define GPTTMPL_VALUE_CHICAGO "\"$CHICAGO$\"" /* whatever this is good for... */
62 #define GPTTMPL_PARAMETER_UNICODE "Unicode"
63
64 static NTSTATUS gpttmpl_parse_header(struct gp_inifile_context *ini_ctx,
65 uint32_t *version_out)
66 {
67 const char *signature = NULL;
68 NTSTATUS result;
69 int version;
70 bool is_unicode = false;
71
72 if (!ini_ctx) {
73 return NT_STATUS_INVALID_PARAMETER;
74 }
75
76 result = gp_inifile_getstring(ini_ctx, GPTTMPL_SECTION_VERSION
77 ":"GPTTMPL_PARAMETER_SIGNATURE, &signature);
78 if (!NT_STATUS_IS_OK(result)) {
79 return NT_STATUS_INTERNAL_DB_CORRUPTION;
80 }
81
82 if (!strequal(signature, GPTTMPL_VALUE_CHICAGO)) {
83 return NT_STATUS_INTERNAL_DB_CORRUPTION;
84 }
85 result = gp_inifile_getint(ini_ctx, GPTTMPL_SECTION_VERSION
86 ":"GPTTMPL_PARAMETER_REVISION, &version);
87 if (!NT_STATUS_IS_OK(result)) {
88 return NT_STATUS_INTERNAL_DB_CORRUPTION;
89 }
90
91 if (version_out) {
92 *version_out = version;
93 }
94
95 result = gp_inifile_getbool(ini_ctx, GPTTMPL_SECTION_UNICODE
96 ":"GPTTMPL_PARAMETER_UNICODE, &is_unicode);
97 if (!NT_STATUS_IS_OK(result) || !is_unicode) {
98 return NT_STATUS_INTERNAL_DB_CORRUPTION;
99 }
100
101 return NT_STATUS_OK;
102 }
103
104 /****************************************************************
105 ****************************************************************/
106
107 static NTSTATUS gpttmpl_init_context(TALLOC_CTX *mem_ctx,
108 uint32_t flags,
109 const char *unix_path,
110 struct gp_inifile_context **ini_ctx)
111 {
112 NTSTATUS status;
113 uint32_t version;
114 struct gp_inifile_context *tmp_ctx = NULL;
115
116 status = gp_inifile_init_context(mem_ctx, flags, unix_path,
117 GPTTMPL_UNIX_PATH, &tmp_ctx);
118 NT_STATUS_NOT_OK_RETURN(status);
119
120 status = gpttmpl_parse_header(tmp_ctx, &version);
121 if (!NT_STATUS_IS_OK(status)) {
122 DEBUG(1,("gpttmpl_init_context: failed: %s\n",
123 nt_errstr(status)));
124 TALLOC_FREE(tmp_ctx);
125 return status;
126 }
127
128 *ini_ctx = tmp_ctx;
129
130 return NT_STATUS_OK;
131 }
132
133 /****************************************************************
134 ****************************************************************/
135
136 static NTSTATUS gpttmpl_process(struct gp_inifile_context *ini_ctx,
137 struct registry_key *root_key,
138 uint32_t flags)
139 {
140 return NT_STATUS_OK;
141 }
142
143 /****************************************************************
144 ****************************************************************/
145
146 static NTSTATUS security_process_group_policy(TALLOC_CTX *mem_ctx,
147 uint32_t flags,
148 struct registry_key *root_key,
149 const struct security_token *token,
150 const struct GROUP_POLICY_OBJECT *deleted_gpo_list,
151 const struct GROUP_POLICY_OBJECT *changed_gpo_list)
152 {
153 NTSTATUS status = NT_STATUS_OK;
154 char *unix_path = NULL;
155 struct gp_inifile_context *ini_ctx = NULL;
156 const struct GROUP_POLICY_OBJECT *gpo;
157 char *gpo_cache_path = cache_path(talloc_tos(), GPO_CACHE_DIR);
158 if (gpo_cache_path == NULL) {
159 return NT_STATUS_NO_MEMORY;
160 }
161
162 /* implementation of the policy callback function, see
163 * http://msdn.microsoft.com/en-us/library/aa373494%28v=vs.85%29.aspx
164 * for details - gd */
165
166 /* for now do not process the list of deleted group policies
167
168 for (gpo = deleted_gpo_list; gpo; gpo = gpo->next) {
169 }
170
171 */
172
173 for (gpo = changed_gpo_list; gpo; gpo = gpo->next) {
174
175 gpext_debug_header(0, "security_process_group_policy", flags,
176 gpo, GP_EXT_GUID_SECURITY, NULL);
177
178 /* this handler processes the gpttmpl files and merge output to the
179 * registry */
180
181 status = gpo_get_unix_path(mem_ctx, gpo_cache_path,
182 gpo, &unix_path);
183 if (!NT_STATUS_IS_OK(status)) {
184 goto out;
185 }
186
187 status = gpttmpl_init_context(mem_ctx, flags, unix_path,
188 &ini_ctx);
189 if (!NT_STATUS_IS_OK(status)) {
190 goto out;
191 }
192
193 status = gpttmpl_process(ini_ctx, root_key, flags);
194 if (!NT_STATUS_IS_OK(status)) {
195 goto out;
196 }
197
198 TALLOC_FREE(ini_ctx);
199 }
200
201 out:
202 if (!NT_STATUS_IS_OK(status)) {
203 DEBUG(0,("security_process_group_policy: %s\n",
204 nt_errstr(status)));
205 }
206 TALLOC_FREE(ini_ctx);
207 talloc_free(gpo_cache_path);
208
209 return status;
210 }
211
212 /****************************************************************
213 ****************************************************************/
214
215 static NTSTATUS security_get_reg_config(TALLOC_CTX *mem_ctx,
216 struct gp_extension_reg_info **reg_info)
217 {
218 NTSTATUS status;
219 struct gp_extension_reg_info *info = NULL;
220
221 struct gp_extension_reg_table table[] = {
222 /* FIXME: how can we store the "(Default)" value ??? */
223 /* { "", REG_SZ, "Security" }, */
224 { "ProcessGroupPolicy", REG_SZ, "security_process_group_policy" },
225 { "NoUserPolicy", REG_DWORD, "1" },
226 { "ExtensionDebugLevel", REG_DWORD, "1" },
227 { NULL, REG_NONE, NULL }
228 };
229
230 info = talloc_zero(mem_ctx, struct gp_extension_reg_info);
231 NT_STATUS_HAVE_NO_MEMORY(info);
232
233 status = gpext_info_add_entry(mem_ctx, GP_EXT_NAME,
234 GP_EXT_GUID_SECURITY,
235 table, info);
236 NT_STATUS_NOT_OK_RETURN(status);
237
238 *reg_info = info;
239
240 return NT_STATUS_OK;
241 }
242
243
244 /****************************************************************
245 ****************************************************************/
246
247 static NTSTATUS security_initialize(TALLOC_CTX *mem_ctx)
248 {
249 return NT_STATUS_OK;
250 }
251
252 /****************************************************************
253 ****************************************************************/
254
255 static NTSTATUS security_shutdown(void)
256 {
257 NTSTATUS status;
258
259 status = gpext_unregister_gp_extension(GP_EXT_NAME);
260 if (NT_STATUS_IS_OK(status)) {
261 return status;
262 }
263
264 TALLOC_FREE(ctx);
265
266 return NT_STATUS_OK;
267 }
268
269 /****************************************************************
270 ****************************************************************/
271
272 static struct gp_extension_methods security_methods = {
273 .initialize = security_initialize,
274 .process_group_policy = security_process_group_policy,
275 .get_reg_config = security_get_reg_config,
276 .shutdown = security_shutdown
277 };
278
279 /****************************************************************
280 ****************************************************************/
281
282 NTSTATUS gpext_security_init(TALLOC_CTX *mem_ctx)
283 {
284 NTSTATUS status;
285
286 ctx = talloc_init("gpext_security_init");
287 NT_STATUS_HAVE_NO_MEMORY(ctx);
288
289 status = gpext_register_gp_extension(ctx, SMB_GPEXT_INTERFACE_VERSION,
290 GP_EXT_NAME, GP_EXT_GUID_SECURITY,
291 &security_methods);
292 if (!NT_STATUS_IS_OK(status)) {
293 TALLOC_FREE(ctx);
294 }
295
296 return status;
297 }
GSS-enabled samba4