2 * Unix SMB/CIFS implementation.
4 * Copyright (C) Guenther Deschner 2007-2008
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, see <http://www.gnu.org/licenses/>.
21 #include "../libgpo/gpo.h"
22 #include "../libgpo/gpext/gpext.h"
23 #include "librpc/gen_ndr/ndr_misc.h"
24 #include "lib/util/dlinklist.h"
25 #include "../libcli/registry/util_reg.h"
26 #include "libgpo/gpo_proto.h"
28 #include "registry/reg_api.h"
29 #include "lib/util/util_paths.h"
31 static struct gp_extension *extensions = NULL;
33 /****************************************************************
34 ****************************************************************/
36 struct gp_extension *gpext_get_gp_extension_list(void)
41 /****************************************************************
42 ****************************************************************/
44 /* see http://support.microsoft.com/kb/216358/en-us/ for more info */
46 struct gp_extension_reg_table gpext_reg_vals[] = {
49 .type = REG_EXPAND_SZ,
52 .val = "ProcessGroupPolicy",
56 .val = "NoMachinePolicy",
60 .val = "NoUserPolicy",
68 .val = "NoBackgroundPolicy",
72 .val = "NoGPOListChanges",
76 .val = "PerUserLocalSettings",
80 .val = "RequiresSuccessfulRegistry",
84 .val = "EnableAsynchronousProcessing",
88 .val = "ExtensionDebugLevel",
93 .val = "GenerateGroupPolicy", /* not supported on w2k */
97 .val = "NotifyLinkTransition",
101 .val = "ProcessGroupPolicyEx", /* not supported on w2k */
105 .val = "ExtensionEventSource", /* not supported on w2k */
106 .type = REG_MULTI_SZ,
109 .val = "GenerateGroupPolicy",
113 .val = "MaxNoGPOListChangesInterval",
119 /****************************************************************
120 ****************************************************************/
122 static struct gp_extension *get_extension_by_name(struct gp_extension *be,
125 struct gp_extension *b;
127 for (b = be; b; b = b->next) {
128 if (strequal(b->name, name)) {
136 /****************************************************************
137 ****************************************************************/
139 static struct gp_extension_methods *get_methods_by_name(struct gp_extension *be,
142 struct gp_extension *b;
144 for (b = be; b; b = b->next) {
145 if (strequal(b->name, name)) {
153 /****************************************************************
154 ****************************************************************/
156 NTSTATUS gpext_unregister_gp_extension(const char *name)
158 struct gp_extension *ext;
160 ext = get_extension_by_name(extensions, name);
165 DLIST_REMOVE(extensions, ext);
168 DEBUG(2,("Successfully removed GP extension '%s'\n", name));
173 /****************************************************************
174 ****************************************************************/
176 NTSTATUS gpext_register_gp_extension(TALLOC_CTX *gpext_ctx,
180 struct gp_extension_methods *methods)
182 struct gp_extension_methods *test;
183 struct gp_extension *entry;
187 return NT_STATUS_INTERNAL_DB_ERROR;
190 if ((version != SMB_GPEXT_INTERFACE_VERSION)) {
191 DEBUG(0,("Failed to register gp extension.\n"
192 "The module was compiled against "
193 "SMB_GPEXT_INTERFACE_VERSION %d,\n"
194 "current SMB_GPEXT_INTERFACE_VERSION is %d.\n"
195 "Please recompile against the current "
196 "version of samba!\n",
197 version, SMB_GPEXT_INTERFACE_VERSION));
198 return NT_STATUS_OBJECT_TYPE_MISMATCH;
201 if (!guid || !name || !name[0] || !methods) {
202 DEBUG(0,("Called with NULL pointer or empty name!\n"));
203 return NT_STATUS_INVALID_PARAMETER;
206 test = get_methods_by_name(extensions, name);
208 DEBUG(0,("GP extension module %s already registered!\n",
210 return NT_STATUS_OBJECT_NAME_COLLISION;
213 entry = talloc_zero(gpext_ctx, struct gp_extension);
214 NT_STATUS_HAVE_NO_MEMORY(entry);
216 entry->name = talloc_strdup(gpext_ctx, name);
217 NT_STATUS_HAVE_NO_MEMORY(entry->name);
219 entry->guid = talloc_zero(gpext_ctx, struct GUID);
220 NT_STATUS_HAVE_NO_MEMORY(entry->guid);
221 status = GUID_from_string(guid, entry->guid);
222 NT_STATUS_NOT_OK_RETURN(status);
224 entry->methods = methods;
225 DLIST_ADD(extensions, entry);
227 DEBUG(2,("Successfully added GP extension '%s' %s\n",
228 name, GUID_string2(gpext_ctx, entry->guid)));
233 /****************************************************************
234 ****************************************************************/
236 static NTSTATUS gp_extension_init_module(TALLOC_CTX *mem_ctx,
238 struct gp_extension **gpext)
241 struct gp_extension *ext = NULL;
243 ext = talloc_zero(mem_ctx, struct gp_extension);
244 NT_STATUS_HAVE_NO_MEMORY(gpext);
246 ext->methods = get_methods_by_name(extensions, name);
249 status = smb_probe_module(SAMBA_SUBSYSTEM_GPEXT,
251 if (!NT_STATUS_IS_OK(status)) {
255 ext->methods = get_methods_by_name(extensions, name);
257 return NT_STATUS_DLL_INIT_FAILED;
266 /****************************************************************
267 ****************************************************************/
269 static bool add_gp_extension_reg_entry_to_array(TALLOC_CTX *mem_ctx,
270 struct gp_extension_reg_entry *entry,
271 struct gp_extension_reg_entry **entries,
274 *entries = talloc_realloc(mem_ctx, *entries,
275 struct gp_extension_reg_entry,
277 if (*entries == NULL) {
282 (*entries)[*num].value = entry->value;
283 (*entries)[*num].data = entry->data;
289 /****************************************************************
290 ****************************************************************/
292 static bool add_gp_extension_reg_info_entry_to_array(TALLOC_CTX *mem_ctx,
293 struct gp_extension_reg_info_entry *entry,
294 struct gp_extension_reg_info_entry **entries,
297 *entries = talloc_realloc(mem_ctx, *entries,
298 struct gp_extension_reg_info_entry,
300 if (*entries == NULL) {
305 (*entries)[*num].guid = entry->guid;
306 (*entries)[*num].num_entries = entry->num_entries;
307 (*entries)[*num].entries = entry->entries;
313 /****************************************************************
314 ****************************************************************/
316 static NTSTATUS gp_ext_info_add_reg(TALLOC_CTX *mem_ctx,
317 struct gp_extension_reg_info_entry *entry,
319 enum winreg_Type type,
322 struct gp_extension_reg_entry *reg_entry = NULL;
323 struct registry_value *data = NULL;
325 reg_entry = talloc_zero(mem_ctx, struct gp_extension_reg_entry);
326 NT_STATUS_HAVE_NO_MEMORY(reg_entry);
328 data = talloc_zero(mem_ctx, struct registry_value);
329 NT_STATUS_HAVE_NO_MEMORY(data);
336 if (!push_reg_sz(mem_ctx, &data->data, data_s)) {
337 return NT_STATUS_NO_MEMORY;
341 uint32_t v = atoi(data_s);
342 data->data = data_blob_talloc(mem_ctx, NULL, 4);
343 SIVAL(data->data.data, 0, v);
347 return NT_STATUS_NOT_SUPPORTED;
350 reg_entry->value = value;
351 reg_entry->data = data;
353 if (!add_gp_extension_reg_entry_to_array(mem_ctx, reg_entry,
355 &entry->num_entries)) {
356 return NT_STATUS_NO_MEMORY;
362 /****************************************************************
363 ****************************************************************/
365 static NTSTATUS gp_ext_info_add_reg_table(TALLOC_CTX *mem_ctx,
367 struct gp_extension_reg_info_entry *entry,
368 struct gp_extension_reg_table *table)
371 const char *module_name = NULL;
374 module_name = talloc_asprintf(mem_ctx, "%s.%s", module, shlib_ext());
375 NT_STATUS_HAVE_NO_MEMORY(module_name);
377 status = gp_ext_info_add_reg(mem_ctx, entry,
378 "DllName", REG_EXPAND_SZ, module_name);
379 NT_STATUS_NOT_OK_RETURN(status);
381 for (i=0; table[i].val; i++) {
382 status = gp_ext_info_add_reg(mem_ctx, entry,
386 NT_STATUS_NOT_OK_RETURN(status);
392 /****************************************************************
393 ****************************************************************/
395 NTSTATUS gpext_info_add_entry(TALLOC_CTX *mem_ctx,
397 const char *ext_guid,
398 struct gp_extension_reg_table *table,
399 struct gp_extension_reg_info *info)
402 struct gp_extension_reg_info_entry *entry = NULL;
404 entry = talloc_zero(mem_ctx, struct gp_extension_reg_info_entry);
405 NT_STATUS_HAVE_NO_MEMORY(entry);
407 status = GUID_from_string(ext_guid, &entry->guid);
408 NT_STATUS_NOT_OK_RETURN(status);
410 status = gp_ext_info_add_reg_table(mem_ctx, module, entry, table);
411 NT_STATUS_NOT_OK_RETURN(status);
413 if (!add_gp_extension_reg_info_entry_to_array(mem_ctx, entry,
415 &info->num_entries)) {
416 return NT_STATUS_NO_MEMORY;
422 /****************************************************************
423 ****************************************************************/
425 static bool gp_extension_reg_info_verify_entry(struct gp_extension_reg_entry *entry)
429 for (i=0; gpext_reg_vals[i].val; i++) {
431 if ((strequal(entry->value, gpext_reg_vals[i].val)) &&
432 (entry->data->type == gpext_reg_vals[i].type)) {
440 /****************************************************************
441 ****************************************************************/
443 static bool gp_extension_reg_info_verify(struct gp_extension_reg_info_entry *entry)
447 for (i=0; i < entry->num_entries; i++) {
448 if (!gp_extension_reg_info_verify_entry(&entry->entries[i])) {
456 /****************************************************************
457 ****************************************************************/
459 static WERROR gp_extension_store_reg_vals(TALLOC_CTX *mem_ctx,
460 struct registry_key *key,
461 struct gp_extension_reg_info_entry *entry)
463 WERROR werr = WERR_OK;
466 for (i=0; i < entry->num_entries; i++) {
468 werr = reg_setvalue(key,
469 entry->entries[i].value,
470 entry->entries[i].data);
471 W_ERROR_NOT_OK_RETURN(werr);
477 /****************************************************************
478 ****************************************************************/
480 static WERROR gp_extension_store_reg_entry(TALLOC_CTX *mem_ctx,
481 struct gp_registry_context *reg_ctx,
482 struct gp_extension_reg_info_entry *entry)
485 struct registry_key *key = NULL;
486 const char *subkeyname = NULL;
488 if (!gp_extension_reg_info_verify(entry)) {
489 return WERR_INVALID_PARAMETER;
492 subkeyname = GUID_string2(mem_ctx, &entry->guid);
493 W_ERROR_HAVE_NO_MEMORY(subkeyname);
495 if (!strupper_m(discard_const_p(char, subkeyname))) {
496 return WERR_INVALID_PARAMETER;
499 werr = gp_store_reg_subkey(mem_ctx,
503 W_ERROR_NOT_OK_RETURN(werr);
505 werr = gp_extension_store_reg_vals(mem_ctx,
508 W_ERROR_NOT_OK_RETURN(werr);
513 /****************************************************************
514 ****************************************************************/
516 static WERROR gp_extension_store_reg(TALLOC_CTX *mem_ctx,
517 struct gp_registry_context *reg_ctx,
518 struct gp_extension_reg_info *info)
520 WERROR werr = WERR_OK;
527 for (i=0; i < info->num_entries; i++) {
528 werr = gp_extension_store_reg_entry(mem_ctx,
531 W_ERROR_NOT_OK_RETURN(werr);
537 /****************************************************************
538 ****************************************************************/
540 static NTSTATUS gp_glob_ext_list(TALLOC_CTX *mem_ctx,
541 const char ***ext_list,
542 size_t *ext_list_len)
545 struct dirent *dirent = NULL;
547 dir = opendir(modules_path(talloc_tos(),
548 SAMBA_SUBSYSTEM_GPEXT));
550 return map_nt_error_from_unix_common(errno);
553 while ((dirent = readdir(dir))) {
555 fstring name; /* forgive me... */
558 if ((strequal(dirent->d_name, ".")) ||
559 (strequal(dirent->d_name, ".."))) {
563 p = strrchr(dirent->d_name, '.');
566 return NT_STATUS_NO_MEMORY;
569 if (!strcsequal(p+1, shlib_ext())) {
570 DEBUG(10,("gp_glob_ext_list: not a *.so file: %s\n",
575 fstrcpy(name, dirent->d_name);
576 name[PTR_DIFF(p, dirent->d_name)] = 0;
578 if (!add_string_to_array(mem_ctx, name, ext_list,
581 return NT_STATUS_NO_MEMORY;
590 /****************************************************************
591 ****************************************************************/
593 NTSTATUS gpext_shutdown_gp_extensions(void)
595 struct gp_extension *ext = NULL;
597 for (ext = extensions; ext; ext = ext->next) {
598 if (ext->methods && ext->methods->shutdown) {
599 ext->methods->shutdown();
606 /****************************************************************
607 ****************************************************************/
609 NTSTATUS gpext_init_gp_extensions(TALLOC_CTX *mem_ctx)
614 const char **ext_array = NULL;
615 size_t ext_array_len = 0;
616 struct gp_extension *gpext = NULL;
617 struct gp_registry_context *reg_ctx = NULL;
619 if (gpext_get_gp_extension_list()) {
623 status = gp_glob_ext_list(mem_ctx, &ext_array, &ext_array_len);
624 NT_STATUS_NOT_OK_RETURN(status);
626 for (i=0; i<ext_array_len; i++) {
628 struct gp_extension_reg_info *info = NULL;
630 status = gp_extension_init_module(mem_ctx, ext_array[i],
632 if (!NT_STATUS_IS_OK(status)) {
636 if (gpext->methods->get_reg_config) {
638 status = gpext->methods->initialize(mem_ctx);
639 if (!NT_STATUS_IS_OK(status)) {
640 gpext->methods->shutdown();
644 status = gpext->methods->get_reg_config(mem_ctx,
646 if (!NT_STATUS_IS_OK(status)) {
647 gpext->methods->shutdown();
652 struct security_token *token;
654 token = registry_create_system_token(mem_ctx);
655 NT_STATUS_HAVE_NO_MEMORY(token);
657 werr = gp_init_reg_ctx(mem_ctx,
658 KEY_WINLOGON_GPEXT_PATH,
662 if (!W_ERROR_IS_OK(werr)) {
663 status = werror_to_ntstatus(werr);
664 gpext->methods->shutdown();
669 werr = gp_extension_store_reg(mem_ctx, reg_ctx, info);
670 if (!W_ERROR_IS_OK(werr)) {
671 DEBUG(1,("gp_extension_store_reg failed: %s\n",
674 gpext->methods->shutdown();
675 status = werror_to_ntstatus(werr);
684 TALLOC_FREE(reg_ctx);
689 /****************************************************************
690 ****************************************************************/
692 NTSTATUS gpext_free_gp_extensions(void)
694 struct gp_extension *ext, *ext_next = NULL;
696 for (ext = extensions; ext; ext = ext_next) {
697 ext_next = ext->next;
698 DLIST_REMOVE(extensions, ext);
707 /****************************************************************
708 ****************************************************************/
710 void gpext_debug_header(int lvl,
713 const struct GROUP_POLICY_OBJECT *gpo,
714 const char *extension_guid,
715 const char *snapin_guid)
717 char *flags_str = NULL;
719 DEBUG(lvl,("%s\n", name));
720 DEBUGADD(lvl,("\tgpo: %s (%s)\n", gpo->name,
722 DEBUGADD(lvl,("\tcse extension: %s (%s)\n", extension_guid,
723 cse_gpo_guid_string_to_name(extension_guid)));
724 DEBUGADD(lvl,("\tgplink: %s\n", gpo->link));
725 DEBUGADD(lvl,("\tsnapin: %s (%s)\n", snapin_guid,
726 cse_snapin_gpo_guid_string_to_name(snapin_guid)));
728 flags_str = gpo_flag_str(NULL, flags);
729 DEBUGADD(lvl,("\tflags: 0x%08x %s\n", flags, flags_str));
730 TALLOC_FREE(flags_str);
733 /****************************************************************
734 ****************************************************************/
736 static NTSTATUS gpext_check_gpo_for_gpext_presence(TALLOC_CTX *mem_ctx,
738 const struct GROUP_POLICY_OBJECT *gpo,
739 const struct GUID *guid,
740 bool *gpext_guid_present)
742 struct GP_EXT *gp_ext = NULL;
746 *gpext_guid_present = false;
749 if (gpo->link_type == GP_LINK_LOCAL) {
753 ok = gpo_get_gp_ext_from_gpo(mem_ctx, flags, gpo, &gp_ext);
755 return NT_STATUS_INVALID_PARAMETER;
758 if (gp_ext == NULL) {
762 for (i = 0; i < gp_ext->num_exts; i++) {
766 status = GUID_from_string(gp_ext->extensions_guid[i], &guid2);
767 if (!NT_STATUS_IS_OK(status)) {
770 if (GUID_equal(guid, &guid2)) {
771 *gpext_guid_present = true;
779 /****************************************************************
780 ****************************************************************/
782 NTSTATUS gpext_process_extension(TALLOC_CTX *mem_ctx,
784 const struct security_token *token,
785 struct registry_key *root_key,
786 const struct GROUP_POLICY_OBJECT *deleted_gpo_list,
787 const struct GROUP_POLICY_OBJECT *changed_gpo_list,
788 const char *extension_guid_filter)
791 struct gp_extension *ext = NULL;
792 const struct GROUP_POLICY_OBJECT *gpo;
793 struct GUID extension_guid_filter_guid;
795 status = gpext_init_gp_extensions(mem_ctx);
796 if (!NT_STATUS_IS_OK(status)) {
797 DEBUG(1,("gpext_init_gp_extensions failed: %s\n",
802 if (extension_guid_filter) {
803 status = GUID_from_string(extension_guid_filter,
804 &extension_guid_filter_guid);
805 if (!NT_STATUS_IS_OK(status)) {
810 for (ext = extensions; ext; ext = ext->next) {
812 struct GROUP_POLICY_OBJECT *deleted_gpo_list_filtered = NULL;
813 struct GROUP_POLICY_OBJECT *changed_gpo_list_filtered = NULL;
815 if (extension_guid_filter) {
816 if (!GUID_equal(&extension_guid_filter_guid, ext->guid)) {
821 for (gpo = deleted_gpo_list; gpo; gpo = gpo->next) {
823 bool is_present = false;
825 status = gpext_check_gpo_for_gpext_presence(mem_ctx,
830 if (!NT_STATUS_IS_OK(status)) {
835 struct GROUP_POLICY_OBJECT *new_gpo;
837 status = gpo_copy(mem_ctx, gpo, &new_gpo);
838 if (!NT_STATUS_IS_OK(status)) {
842 DLIST_ADD(deleted_gpo_list_filtered, new_gpo);
846 for (gpo = changed_gpo_list; gpo; gpo = gpo->next) {
848 bool is_present = false;
850 status = gpext_check_gpo_for_gpext_presence(mem_ctx,
855 if (!NT_STATUS_IS_OK(status)) {
860 struct GROUP_POLICY_OBJECT *new_gpo;
862 status = gpo_copy(mem_ctx, gpo, &new_gpo);
863 if (!NT_STATUS_IS_OK(status)) {
867 DLIST_ADD(changed_gpo_list_filtered, new_gpo);
871 status = ext->methods->initialize(mem_ctx);
872 NT_STATUS_NOT_OK_RETURN(status);
874 status = ext->methods->process_group_policy(mem_ctx,
878 deleted_gpo_list_filtered,
879 changed_gpo_list_filtered);
880 if (!NT_STATUS_IS_OK(status)) {
881 ext->methods->shutdown();