2 * Unix SMB/CIFS implementation.
3 * Group Policy Object Support
4 * Copyright (C) Guenther Deschner 2007-2008
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, see <http://www.gnu.org/licenses/>.
23 extern REGISTRY_OPS regdb_ops;
25 static int gp_reg_fetch_keys(const char *key, REGSUBKEY_CTR *subkey_ctr)
27 return regdb_ops.fetch_subkeys(key, subkey_ctr);
30 static bool gp_reg_store_keys(const char *key, REGSUBKEY_CTR *subkeys)
32 return regdb_ops.store_subkeys(key, subkeys);
35 static int gp_reg_fetch_values(const char *key, REGVAL_CTR *val)
37 return regdb_ops.fetch_values(key, val);
40 static bool gp_reg_store_values(const char *key, REGVAL_CTR *val)
42 return regdb_ops.store_values(key, val);
45 static WERROR gp_reg_get_secdesc(TALLOC_CTX *mem_ctx, const char *key,
46 struct security_descriptor **psecdesc)
48 return regdb_ops.get_secdesc(mem_ctx, key, psecdesc);
51 static WERROR gp_reg_set_secdesc(const char *key,
52 struct security_descriptor *secdesc)
54 return regdb_ops.set_secdesc(key, secdesc);
57 /****************************************************************
58 ****************************************************************/
60 static REGISTRY_OPS gp_reg_ops = {
61 .fetch_subkeys = gp_reg_fetch_keys,
62 .fetch_values = gp_reg_fetch_values,
63 .store_subkeys = gp_reg_store_keys,
64 .store_values = gp_reg_store_values,
65 /* .reg_access_check = gp_reg_reg_access_check, */
66 .get_secdesc = gp_reg_get_secdesc,
67 .set_secdesc = gp_reg_set_secdesc
70 /****************************************************************
71 ****************************************************************/
73 struct nt_user_token *registry_create_system_token(TALLOC_CTX *mem_ctx)
75 struct nt_user_token *token = NULL;
77 token = TALLOC_ZERO_P(mem_ctx, struct nt_user_token);
79 DEBUG(1,("talloc failed\n"));
83 token->privileges = se_priv_all;
85 if (!NT_STATUS_IS_OK(add_sid_to_array(token, &global_sid_System,
86 &token->user_sids, &token->num_sids))) {
87 DEBUG(1,("Error adding nt-authority system sid to token\n"));
94 /****************************************************************
95 ****************************************************************/
97 WERROR gp_init_reg_ctx(TALLOC_CTX *mem_ctx,
98 const char *initial_path,
99 uint32_t desired_access,
100 const struct nt_user_token *token,
101 struct gp_registry_context **reg_ctx)
103 struct gp_registry_context *tmp_ctx;
104 static REGISTRY_HOOK gp_reg_hook;
108 return WERR_INVALID_PARAM;
112 return WERR_CAN_NOT_COMPLETE;
115 gp_reg_hook.keyname = initial_path; /* KEY_SAMBA_GROUP_POLICY */
116 gp_reg_hook.ops = &gp_reg_ops;
118 /* not sure about the cache hook */
119 reghook_cache_init();
121 if (!reghook_cache_add(&gp_reg_hook)) {
122 return WERR_CAN_NOT_COMPLETE;
125 tmp_ctx = TALLOC_ZERO_P(mem_ctx, struct gp_registry_context);
126 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
129 tmp_ctx->token = token;
131 tmp_ctx->token = registry_create_system_token(mem_ctx);
133 if (!tmp_ctx->token) {
134 TALLOC_FREE(tmp_ctx);
139 tmp_ctx->path = talloc_strdup(mem_ctx, initial_path);
140 if (!tmp_ctx->path) {
141 TALLOC_FREE(tmp_ctx);
145 werr = reg_open_path(mem_ctx, tmp_ctx->path, desired_access,
146 tmp_ctx->token, &tmp_ctx->curr_key);
147 if (!W_ERROR_IS_OK(werr)) {
148 TALLOC_FREE(tmp_ctx);
158 /****************************************************************
159 ****************************************************************/
161 void gp_free_reg_ctx(struct gp_registry_context *reg_ctx)
163 TALLOC_FREE(reg_ctx);
166 /****************************************************************
167 ****************************************************************/
169 WERROR gp_store_reg_subkey(TALLOC_CTX *mem_ctx,
170 const char *subkeyname,
171 struct registry_key *curr_key,
172 struct registry_key **new_key)
174 enum winreg_CreateAction action = REG_ACTION_NONE;
177 werr = reg_createkey(mem_ctx, curr_key, subkeyname,
178 REG_KEY_WRITE, new_key, &action);
179 if (W_ERROR_IS_OK(werr) && (action != REG_CREATED_NEW_KEY)) {
186 /****************************************************************
187 ****************************************************************/
189 WERROR gp_read_reg_subkey(TALLOC_CTX *mem_ctx,
190 struct gp_registry_context *reg_ctx,
191 const char *subkeyname,
192 struct registry_key **key)
194 const char *tmp = NULL;
196 if (!reg_ctx || !subkeyname || !key) {
197 return WERR_INVALID_PARAM;
200 tmp = talloc_asprintf(mem_ctx, "%s\\%s", reg_ctx->path, subkeyname);
201 W_ERROR_HAVE_NO_MEMORY(tmp);
203 return reg_open_path(mem_ctx, tmp, REG_KEY_READ,
204 reg_ctx->token, key);
207 /****************************************************************
208 ****************************************************************/
210 WERROR gp_store_reg_val_sz(TALLOC_CTX *mem_ctx,
211 struct registry_key *key,
212 const char *val_name,
215 struct registry_value reg_val;
216 ZERO_STRUCT(reg_val);
219 val = val ? val : " ";
221 reg_val.type = REG_SZ;
222 reg_val.v.sz.len = strlen(val);
223 reg_val.v.sz.str = talloc_strdup(mem_ctx, val);
224 W_ERROR_HAVE_NO_MEMORY(reg_val.v.sz.str);
226 return reg_setvalue(key, val_name, ®_val);
229 /****************************************************************
230 ****************************************************************/
232 static WERROR gp_store_reg_val_dword(TALLOC_CTX *mem_ctx,
233 struct registry_key *key,
234 const char *val_name,
237 struct registry_value reg_val;
238 ZERO_STRUCT(reg_val);
240 reg_val.type = REG_DWORD;
241 reg_val.v.dword = val;
243 return reg_setvalue(key, val_name, ®_val);
246 /****************************************************************
247 ****************************************************************/
249 WERROR gp_read_reg_val_sz(TALLOC_CTX *mem_ctx,
250 struct registry_key *key,
251 const char *val_name,
255 struct registry_value *reg_val = NULL;
257 werr = reg_queryvalue(mem_ctx, key, val_name, ®_val);
258 W_ERROR_NOT_OK_RETURN(werr);
260 if (reg_val->type != REG_SZ) {
261 return WERR_INVALID_DATATYPE;
264 *val = talloc_strdup(mem_ctx, reg_val->v.sz.str);
265 W_ERROR_HAVE_NO_MEMORY(*val);
270 /****************************************************************
271 ****************************************************************/
273 static WERROR gp_read_reg_val_dword(TALLOC_CTX *mem_ctx,
274 struct registry_key *key,
275 const char *val_name,
279 struct registry_value *reg_val = NULL;
281 werr = reg_queryvalue(mem_ctx, key, val_name, ®_val);
282 W_ERROR_NOT_OK_RETURN(werr);
284 if (reg_val->type != REG_DWORD) {
285 return WERR_INVALID_DATATYPE;
288 *val = reg_val->v.dword;
293 /****************************************************************
294 ****************************************************************/
296 static WERROR gp_store_reg_gpovals(TALLOC_CTX *mem_ctx,
297 struct registry_key *key,
298 struct GROUP_POLICY_OBJECT *gpo)
303 return WERR_INVALID_PARAM;
306 werr = gp_store_reg_val_dword(mem_ctx, key, "Version",
308 W_ERROR_NOT_OK_RETURN(werr);
310 werr = gp_store_reg_val_dword(mem_ctx, key, "WQLFilterPass",
312 W_ERROR_NOT_OK_RETURN(werr);
314 werr = gp_store_reg_val_dword(mem_ctx, key, "AccessDenied",
316 W_ERROR_NOT_OK_RETURN(werr);
318 werr = gp_store_reg_val_dword(mem_ctx, key, "GPO-Disabled",
319 (gpo->options & GPO_FLAG_DISABLE));
320 W_ERROR_NOT_OK_RETURN(werr);
322 werr = gp_store_reg_val_dword(mem_ctx, key, "Options",
324 W_ERROR_NOT_OK_RETURN(werr);
326 werr = gp_store_reg_val_sz(mem_ctx, key, "GPOID",
328 W_ERROR_NOT_OK_RETURN(werr);
330 werr = gp_store_reg_val_sz(mem_ctx, key, "SOM",
332 W_ERROR_NOT_OK_RETURN(werr);
334 werr = gp_store_reg_val_sz(mem_ctx, key, "DisplayName",
336 W_ERROR_NOT_OK_RETURN(werr);
338 werr = gp_store_reg_val_sz(mem_ctx, key, "WQL-Id",
340 W_ERROR_NOT_OK_RETURN(werr);
345 /****************************************************************
346 ****************************************************************/
348 static const char *gp_reg_groupmembership_path(TALLOC_CTX *mem_ctx,
352 if (flags & GPO_LIST_FLAG_MACHINE) {
353 return "GroupMembership";
356 return talloc_asprintf(mem_ctx, "%s\\%s", sid_string_tos(sid),
360 /****************************************************************
361 ****************************************************************/
363 static WERROR gp_reg_del_groupmembership(TALLOC_CTX *mem_ctx,
364 struct registry_key *key,
365 const struct nt_user_token *token,
368 const char *path = NULL;
370 path = gp_reg_groupmembership_path(mem_ctx, &token->user_sids[0],
372 W_ERROR_HAVE_NO_MEMORY(path);
374 return reg_deletekey_recursive(mem_ctx, key, path);
378 /****************************************************************
379 ****************************************************************/
381 static WERROR gp_reg_store_groupmembership(TALLOC_CTX *mem_ctx,
382 struct gp_registry_context *reg_ctx,
383 const struct nt_user_token *token,
386 struct registry_key *key = NULL;
389 const char *valname = NULL;
390 const char *path = NULL;
391 const char *val = NULL;
394 path = gp_reg_groupmembership_path(mem_ctx, &token->user_sids[0],
396 W_ERROR_HAVE_NO_MEMORY(path);
398 gp_reg_del_groupmembership(mem_ctx, reg_ctx->curr_key, token, flags);
400 werr = gp_store_reg_subkey(mem_ctx, path,
401 reg_ctx->curr_key, &key);
402 W_ERROR_NOT_OK_RETURN(werr);
404 for (i=0; i<token->num_sids; i++) {
406 valname = talloc_asprintf(mem_ctx, "Group%d", count++);
407 W_ERROR_HAVE_NO_MEMORY(valname);
409 val = sid_string_talloc(mem_ctx, &token->user_sids[i]);
410 W_ERROR_HAVE_NO_MEMORY(val);
411 werr = gp_store_reg_val_sz(mem_ctx, key, valname, val);
412 W_ERROR_NOT_OK_RETURN(werr);
415 werr = gp_store_reg_val_dword(mem_ctx, key, "Count", count);
416 W_ERROR_NOT_OK_RETURN(werr);
421 /****************************************************************
422 ****************************************************************/
425 static WERROR gp_reg_read_groupmembership(TALLOC_CTX *mem_ctx,
426 struct gp_registry_context *reg_ctx,
427 const DOM_SID *object_sid,
428 struct nt_user_token **token,
431 struct registry_key *key = NULL;
434 const char *valname = NULL;
435 const char *val = NULL;
436 const char *path = NULL;
438 int num_token_sids = 0;
439 struct nt_user_token *tmp_token = NULL;
441 tmp_token = TALLOC_ZERO_P(mem_ctx, struct nt_user_token);
442 W_ERROR_HAVE_NO_MEMORY(tmp_token);
444 path = gp_reg_groupmembership_path(mem_ctx, object_sid, flags);
445 W_ERROR_HAVE_NO_MEMORY(path);
447 werr = gp_read_reg_subkey(mem_ctx, reg_ctx, path, &key);
448 W_ERROR_NOT_OK_RETURN(werr);
450 werr = gp_read_reg_val_dword(mem_ctx, key, "Count", &count);
451 W_ERROR_NOT_OK_RETURN(werr);
453 for (i=0; i<count; i++) {
455 valname = talloc_asprintf(mem_ctx, "Group%d", i);
456 W_ERROR_HAVE_NO_MEMORY(valname);
458 werr = gp_read_reg_val_sz(mem_ctx, key, valname, &val);
459 W_ERROR_NOT_OK_RETURN(werr);
461 if (!string_to_sid(&tmp_token->user_sids[num_token_sids++],
463 return WERR_INSUFFICIENT_BUFFER;
467 tmp_token->num_sids = num_token_sids;
474 /****************************************************************
475 ****************************************************************/
477 static const char *gp_req_state_path(TALLOC_CTX *mem_ctx,
481 if (flags & GPO_LIST_FLAG_MACHINE) {
482 return GPO_REG_STATE_MACHINE;
485 return talloc_asprintf(mem_ctx, "%s\\%s", "State", sid_string_tos(sid));
488 /****************************************************************
489 ****************************************************************/
491 static WERROR gp_del_reg_state(TALLOC_CTX *mem_ctx,
492 struct registry_key *key,
495 return reg_deletesubkeys_recursive(mem_ctx, key, path);
498 /****************************************************************
499 ****************************************************************/
501 WERROR gp_reg_state_store(TALLOC_CTX *mem_ctx,
504 const struct nt_user_token *token,
505 struct GROUP_POLICY_OBJECT *gpo_list)
507 struct gp_registry_context *reg_ctx = NULL;
508 WERROR werr = WERR_GENERAL_FAILURE;
509 const char *subkeyname = NULL;
510 struct GROUP_POLICY_OBJECT *gpo;
512 struct registry_key *key;
514 werr = gp_init_reg_ctx(mem_ctx, KEY_GROUP_POLICY, REG_KEY_WRITE,
516 W_ERROR_NOT_OK_RETURN(werr);
518 werr = gp_secure_key(mem_ctx, flags, reg_ctx->curr_key,
519 &token->user_sids[0]);
520 if (!W_ERROR_IS_OK(werr)) {
521 DEBUG(0,("failed to secure key: %s\n", dos_errstr(werr)));
525 werr = gp_reg_store_groupmembership(mem_ctx, reg_ctx, token, flags);
526 if (!W_ERROR_IS_OK(werr)) {
527 DEBUG(0,("failed to store group membership: %s\n", dos_errstr(werr)));
531 subkeyname = gp_req_state_path(mem_ctx, &token->user_sids[0], flags);
537 werr = gp_del_reg_state(mem_ctx, reg_ctx->curr_key, subkeyname);
538 if (!W_ERROR_IS_OK(werr)) {
539 DEBUG(0,("failed to delete old state: %s\n", dos_errstr(werr)));
543 werr = gp_store_reg_subkey(mem_ctx, subkeyname,
544 reg_ctx->curr_key, ®_ctx->curr_key);
545 if (!W_ERROR_IS_OK(werr)) {
549 werr = gp_store_reg_val_sz(mem_ctx, reg_ctx->curr_key,
550 "Distinguished-Name", dn);
551 if (!W_ERROR_IS_OK(werr)) {
555 /* store link list */
557 werr = gp_store_reg_subkey(mem_ctx, "GPLink-List",
558 reg_ctx->curr_key, &key);
559 if (!W_ERROR_IS_OK(werr)) {
565 werr = gp_store_reg_subkey(mem_ctx, "GPO-List",
566 reg_ctx->curr_key, ®_ctx->curr_key);
567 if (!W_ERROR_IS_OK(werr)) {
571 for (gpo = gpo_list; gpo; gpo = gpo->next) {
573 subkeyname = talloc_asprintf(mem_ctx, "%d", count++);
579 werr = gp_store_reg_subkey(mem_ctx, subkeyname,
580 reg_ctx->curr_key, &key);
581 if (!W_ERROR_IS_OK(werr)) {
585 werr = gp_store_reg_gpovals(mem_ctx, key, gpo);
586 if (!W_ERROR_IS_OK(werr)) {
587 DEBUG(0,("gp_reg_state_store: "
588 "gpo_store_reg_gpovals failed for %s: %s\n",
589 gpo->display_name, dos_errstr(werr)));
594 gp_free_reg_ctx(reg_ctx);
598 /****************************************************************
599 ****************************************************************/
601 static WERROR gp_read_reg_gpovals(TALLOC_CTX *mem_ctx,
602 struct registry_key *key,
603 struct GROUP_POLICY_OBJECT *gpo)
608 return WERR_INVALID_PARAM;
611 werr = gp_read_reg_val_dword(mem_ctx, key, "Version",
613 W_ERROR_NOT_OK_RETURN(werr);
615 werr = gp_read_reg_val_dword(mem_ctx, key, "Options",
617 W_ERROR_NOT_OK_RETURN(werr);
619 werr = gp_read_reg_val_sz(mem_ctx, key, "GPOID",
621 W_ERROR_NOT_OK_RETURN(werr);
623 werr = gp_read_reg_val_sz(mem_ctx, key, "SOM",
625 W_ERROR_NOT_OK_RETURN(werr);
627 werr = gp_read_reg_val_sz(mem_ctx, key, "DisplayName",
629 W_ERROR_NOT_OK_RETURN(werr);
634 /****************************************************************
635 ****************************************************************/
637 static WERROR gp_read_reg_gpo(TALLOC_CTX *mem_ctx,
638 struct registry_key *key,
639 struct GROUP_POLICY_OBJECT **gpo_ret)
641 struct GROUP_POLICY_OBJECT *gpo = NULL;
644 if (!gpo_ret || !key) {
645 return WERR_INVALID_PARAM;
648 gpo = TALLOC_ZERO_P(mem_ctx, struct GROUP_POLICY_OBJECT);
649 W_ERROR_HAVE_NO_MEMORY(gpo);
651 werr = gp_read_reg_gpovals(mem_ctx, key, gpo);
652 W_ERROR_NOT_OK_RETURN(werr);
659 /****************************************************************
660 ****************************************************************/
662 WERROR gp_reg_state_read(TALLOC_CTX *mem_ctx,
665 struct GROUP_POLICY_OBJECT **gpo_list)
667 struct gp_registry_context *reg_ctx = NULL;
668 WERROR werr = WERR_GENERAL_FAILURE;
669 const char *subkeyname = NULL;
670 struct GROUP_POLICY_OBJECT *gpo = NULL;
672 struct registry_key *key = NULL;
673 const char *path = NULL;
674 const char *gp_state_path = NULL;
677 return WERR_INVALID_PARAM;
680 ZERO_STRUCTP(gpo_list);
682 gp_state_path = gp_req_state_path(mem_ctx, sid, flags);
683 if (!gp_state_path) {
688 path = talloc_asprintf(mem_ctx, "%s\\%s\\%s",
697 werr = gp_init_reg_ctx(mem_ctx, path, REG_KEY_READ, NULL, ®_ctx);
698 if (!W_ERROR_IS_OK(werr)) {
704 subkeyname = talloc_asprintf(mem_ctx, "%d", count++);
710 werr = gp_read_reg_subkey(mem_ctx, reg_ctx, subkeyname, &key);
711 if (W_ERROR_EQUAL(werr, WERR_BADFILE)) {
715 if (!W_ERROR_IS_OK(werr)) {
716 DEBUG(0,("gp_reg_state_read: "
717 "gp_read_reg_subkey gave: %s\n",
722 werr = gp_read_reg_gpo(mem_ctx, key, &gpo);
723 if (!W_ERROR_IS_OK(werr)) {
727 DLIST_ADD(*gpo_list, gpo);
731 gp_free_reg_ctx(reg_ctx);
735 /****************************************************************
736 ****************************************************************/
738 static WERROR gp_reg_generate_sd(TALLOC_CTX *mem_ctx,
740 struct security_descriptor **sd,
748 uint8_t inherit_flags;
750 init_sec_access(&mask, REG_KEY_ALL);
751 init_sec_ace(&ace[0],
753 SEC_ACE_TYPE_ACCESS_ALLOWED,
756 init_sec_access(&mask, REG_KEY_ALL);
757 init_sec_ace(&ace[1],
758 &global_sid_Builtin_Administrators,
759 SEC_ACE_TYPE_ACCESS_ALLOWED,
762 init_sec_access(&mask, REG_KEY_READ);
763 init_sec_ace(&ace[2],
764 sid ? sid : &global_sid_Authenticated_Users,
765 SEC_ACE_TYPE_ACCESS_ALLOWED,
768 inherit_flags = SEC_ACE_FLAG_OBJECT_INHERIT |
769 SEC_ACE_FLAG_CONTAINER_INHERIT |
770 SEC_ACE_FLAG_INHERIT_ONLY;
772 init_sec_access(&mask, REG_KEY_ALL);
773 init_sec_ace(&ace[3],
775 SEC_ACE_TYPE_ACCESS_ALLOWED,
776 mask, inherit_flags);
778 init_sec_access(&mask, REG_KEY_ALL);
779 init_sec_ace(&ace[4],
780 &global_sid_Builtin_Administrators,
781 SEC_ACE_TYPE_ACCESS_ALLOWED,
782 mask, inherit_flags);
784 init_sec_access(&mask, REG_KEY_READ);
785 init_sec_ace(&ace[5],
786 sid ? sid : &global_sid_Authenticated_Users,
787 SEC_ACE_TYPE_ACCESS_ALLOWED,
788 mask, inherit_flags);
790 acl = make_sec_acl(mem_ctx, NT4_ACL_REVISION, 6, ace);
791 W_ERROR_HAVE_NO_MEMORY(acl);
793 *sd = make_sec_desc(mem_ctx, SEC_DESC_REVISION,
794 SEC_DESC_SELF_RELATIVE |
795 SEC_DESC_DACL_AUTO_INHERITED | /* really ? */
796 SEC_DESC_DACL_AUTO_INHERIT_REQ, /* really ? */
799 W_ERROR_HAVE_NO_MEMORY(*sd);
804 /****************************************************************
805 ****************************************************************/
807 WERROR gp_secure_key(TALLOC_CTX *mem_ctx,
809 struct registry_key *key,
812 struct security_descriptor *sd = NULL;
814 const DOM_SID *sd_sid = NULL;
817 if (!(flags & GPO_LIST_FLAG_MACHINE)) {
821 werr = gp_reg_generate_sd(mem_ctx, sd_sid, &sd, &sd_size);
822 W_ERROR_NOT_OK_RETURN(werr);
824 return reg_setkeysecurity(key, sd);
827 /****************************************************************
828 ****************************************************************/
830 void dump_reg_val(int lvl, const char *direction,
831 const char *key, const char *subkey,
832 struct registry_value *val)
835 const char *type_str = NULL;
838 DEBUG(lvl,("no val!\n"));
842 type_str = reg_type_lookup(val->type);
844 DEBUG(lvl,("\tdump_reg_val: %s '%s' '%s' %s: ",
845 direction, key, subkey, type_str));
849 DEBUG(lvl,("%d\n", (int)val->v.dword));
852 DEBUG(lvl,("%d\n", (int)val->v.qword));
855 DEBUG(lvl,("%s (length: %d)\n",
857 (int)val->v.sz.len));
860 DEBUG(lvl,("(num_strings: %d)\n",
861 val->v.multi_sz.num_strings));
862 for (i=0; i < val->v.multi_sz.num_strings; i++) {
863 DEBUGADD(lvl,("\t%s\n",
864 val->v.multi_sz.strings[i]));
871 dump_data(lvl, val->v.binary.data,
872 val->v.binary.length);
875 DEBUG(lvl,("unsupported type: %d\n", val->type));
880 /****************************************************************
881 ****************************************************************/
883 void dump_reg_entry(uint32_t flags,
885 struct gp_registry_entry *entry)
887 if (!(flags & GPO_INFO_FLAG_VERBOSE))
896 /****************************************************************
897 ****************************************************************/
899 void dump_reg_entries(uint32_t flags,
901 struct gp_registry_entry *entries,
906 if (!(flags & GPO_INFO_FLAG_VERBOSE))
909 for (i=0; i < num_entries; i++) {
910 dump_reg_entry(flags, dir, &entries[i]);
914 /****************************************************************
915 ****************************************************************/
917 bool add_gp_registry_entry_to_array(TALLOC_CTX *mem_ctx,
918 struct gp_registry_entry *entry,
919 struct gp_registry_entry **entries,
922 *entries = TALLOC_REALLOC_ARRAY(mem_ctx, *entries,
923 struct gp_registry_entry,
926 if (*entries == NULL) {
931 (*entries)[*num].action = entry->action;
932 (*entries)[*num].key = entry->key;
933 (*entries)[*num].value = entry->value;
934 (*entries)[*num].data = entry->data;
940 /****************************************************************
941 ****************************************************************/
943 static const char *gp_reg_action_str(enum gp_reg_action action)
946 case GP_REG_ACTION_NONE:
947 return "GP_REG_ACTION_NONE";
948 case GP_REG_ACTION_ADD_VALUE:
949 return "GP_REG_ACTION_ADD_VALUE";
950 case GP_REG_ACTION_ADD_KEY:
951 return "GP_REG_ACTION_ADD_KEY";
952 case GP_REG_ACTION_DEL_VALUES:
953 return "GP_REG_ACTION_DEL_VALUES";
954 case GP_REG_ACTION_DEL_VALUE:
955 return "GP_REG_ACTION_DEL_VALUE";
956 case GP_REG_ACTION_DEL_ALL_VALUES:
957 return "GP_REG_ACTION_DEL_ALL_VALUES";
958 case GP_REG_ACTION_DEL_KEYS:
959 return "GP_REG_ACTION_DEL_KEYS";
960 case GP_REG_ACTION_SEC_KEY_SET:
961 return "GP_REG_ACTION_SEC_KEY_SET";
962 case GP_REG_ACTION_SEC_KEY_RESET:
963 return "GP_REG_ACTION_SEC_KEY_RESET";
969 /****************************************************************
970 ****************************************************************/
972 WERROR reg_apply_registry_entry(TALLOC_CTX *mem_ctx,
973 struct registry_key *root_key,
974 struct gp_registry_context *reg_ctx,
975 struct gp_registry_entry *entry,
976 const struct nt_user_token *token,
980 struct registry_key *key = NULL;
982 if (flags & GPO_INFO_FLAG_VERBOSE) {
983 printf("about to store key: [%s]\n", entry->key);
984 printf(" value: [%s]\n", entry->value);
985 printf(" data: [%s]\n", reg_type_lookup(entry->data->type));
986 printf(" action: [%s]\n", gp_reg_action_str(entry->action));
989 werr = gp_store_reg_subkey(mem_ctx, entry->key,
991 /* reg_ctx->curr_key, &key); */
992 if (!W_ERROR_IS_OK(werr)) {
993 DEBUG(0,("gp_store_reg_subkey failed: %s\n", dos_errstr(werr)));
997 switch (entry->action) {
998 case GP_REG_ACTION_NONE:
999 case GP_REG_ACTION_ADD_KEY:
1002 case GP_REG_ACTION_SEC_KEY_SET:
1003 werr = gp_secure_key(mem_ctx, flags,
1005 &token->user_sids[0]);
1006 if (!W_ERROR_IS_OK(werr)) {
1007 DEBUG(0,("reg_apply_registry_entry: "
1008 "gp_secure_key failed: %s\n",
1013 case GP_REG_ACTION_ADD_VALUE:
1014 werr = reg_setvalue(key, entry->value, entry->data);
1015 if (!W_ERROR_IS_OK(werr)) {
1016 DEBUG(0,("reg_apply_registry_entry: "
1017 "reg_setvalue failed: %s\n",
1019 dump_reg_entry(flags, "STORE", entry);
1023 case GP_REG_ACTION_DEL_VALUE:
1024 werr = reg_deletevalue(key, entry->value);
1025 if (!W_ERROR_IS_OK(werr)) {
1026 DEBUG(0,("reg_apply_registry_entry: "
1027 "reg_deletevalue failed: %s\n",
1029 dump_reg_entry(flags, "STORE", entry);
1033 case GP_REG_ACTION_DEL_ALL_VALUES:
1034 werr = reg_deleteallvalues(key);
1035 if (!W_ERROR_IS_OK(werr)) {
1036 DEBUG(0,("reg_apply_registry_entry: "
1037 "reg_deleteallvalues failed: %s\n",
1039 dump_reg_entry(flags, "STORE", entry);
1043 case GP_REG_ACTION_DEL_VALUES:
1044 case GP_REG_ACTION_DEL_KEYS:
1045 case GP_REG_ACTION_SEC_KEY_RESET:
1046 DEBUG(0,("reg_apply_registry_entry: "
1047 "not yet supported: %s (%d)\n",
1048 gp_reg_action_str(entry->action),
1050 return WERR_NOT_SUPPORTED;
1052 DEBUG(0,("invalid action: %d\n", entry->action));
1053 return WERR_INVALID_PARAM;