2 * Unix SMB/CIFS implementation.
3 * Group Policy Object Support
4 * Copyright (C) Guenther Deschner 2007-2008
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, see <http://www.gnu.org/licenses/>.
21 #include "../libgpo/gpo.h"
22 #include "libgpo/gpo_proto.h"
24 #include "registry/reg_backend_db.h"
25 #include "registry/reg_api_util.h"
28 /****************************************************************
29 ****************************************************************/
31 struct security_token *registry_create_system_token(TALLOC_CTX *mem_ctx)
33 struct security_token *token = NULL;
35 token = TALLOC_ZERO_P(mem_ctx, struct security_token);
37 DEBUG(1,("talloc failed\n"));
41 token->privilege_mask = SE_ALL_PRIVS;
43 if (!NT_STATUS_IS_OK(add_sid_to_array(token, &global_sid_System,
44 &token->sids, &token->num_sids))) {
45 DEBUG(1,("Error adding nt-authority system sid to token\n"));
52 /****************************************************************
53 ****************************************************************/
55 WERROR gp_init_reg_ctx(TALLOC_CTX *mem_ctx,
56 const char *initial_path,
57 uint32_t desired_access,
58 const struct security_token *token,
59 struct gp_registry_context **reg_ctx)
61 struct gp_registry_context *tmp_ctx;
65 return WERR_INVALID_PARAM;
68 werr = registry_init_basic();
69 if (!W_ERROR_IS_OK(werr)) {
73 tmp_ctx = TALLOC_ZERO_P(mem_ctx, struct gp_registry_context);
74 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
77 tmp_ctx->token = token;
79 tmp_ctx->token = registry_create_system_token(mem_ctx);
81 if (!tmp_ctx->token) {
87 if (!W_ERROR_IS_OK(werr)) {
92 tmp_ctx->path = talloc_strdup(mem_ctx, initial_path);
98 werr = reg_open_path(mem_ctx, tmp_ctx->path, desired_access,
99 tmp_ctx->token, &tmp_ctx->curr_key);
100 if (!W_ERROR_IS_OK(werr)) {
101 TALLOC_FREE(tmp_ctx);
111 /****************************************************************
112 ****************************************************************/
114 void gp_free_reg_ctx(struct gp_registry_context *reg_ctx)
116 TALLOC_FREE(reg_ctx);
119 /****************************************************************
120 ****************************************************************/
122 WERROR gp_store_reg_subkey(TALLOC_CTX *mem_ctx,
123 const char *subkeyname,
124 struct registry_key *curr_key,
125 struct registry_key **new_key)
127 enum winreg_CreateAction action = REG_ACTION_NONE;
130 werr = reg_createkey(mem_ctx, curr_key, subkeyname,
131 REG_KEY_WRITE, new_key, &action);
132 if (W_ERROR_IS_OK(werr) && (action != REG_CREATED_NEW_KEY)) {
139 /****************************************************************
140 ****************************************************************/
142 WERROR gp_read_reg_subkey(TALLOC_CTX *mem_ctx,
143 struct gp_registry_context *reg_ctx,
144 const char *subkeyname,
145 struct registry_key **key)
147 const char *tmp = NULL;
149 if (!reg_ctx || !subkeyname || !key) {
150 return WERR_INVALID_PARAM;
153 tmp = talloc_asprintf(mem_ctx, "%s\\%s", reg_ctx->path, subkeyname);
154 W_ERROR_HAVE_NO_MEMORY(tmp);
156 return reg_open_path(mem_ctx, tmp, REG_KEY_READ,
157 reg_ctx->token, key);
160 /****************************************************************
161 ****************************************************************/
163 WERROR gp_store_reg_val_sz(TALLOC_CTX *mem_ctx,
164 struct registry_key *key,
165 const char *val_name,
168 struct registry_value reg_val;
170 reg_val.type = REG_SZ;
171 if (!push_reg_sz(mem_ctx, ®_val.data, val)) {
175 return reg_setvalue(key, val_name, ®_val);
178 /****************************************************************
179 ****************************************************************/
181 static WERROR gp_store_reg_val_dword(TALLOC_CTX *mem_ctx,
182 struct registry_key *key,
183 const char *val_name,
186 struct registry_value reg_val;
188 reg_val.type = REG_DWORD;
189 reg_val.data = data_blob_talloc(mem_ctx, NULL, 4);
190 SIVAL(reg_val.data.data, 0, val);
192 return reg_setvalue(key, val_name, ®_val);
195 /****************************************************************
196 ****************************************************************/
198 WERROR gp_read_reg_val_sz(TALLOC_CTX *mem_ctx,
199 struct registry_key *key,
200 const char *val_name,
204 struct registry_value *reg_val = NULL;
206 werr = reg_queryvalue(mem_ctx, key, val_name, ®_val);
207 W_ERROR_NOT_OK_RETURN(werr);
209 if (reg_val->type != REG_SZ) {
210 return WERR_INVALID_DATATYPE;
213 if (!pull_reg_sz(mem_ctx, ®_val->data, val)) {
220 /****************************************************************
221 ****************************************************************/
223 static WERROR gp_read_reg_val_dword(TALLOC_CTX *mem_ctx,
224 struct registry_key *key,
225 const char *val_name,
229 struct registry_value *reg_val = NULL;
231 werr = reg_queryvalue(mem_ctx, key, val_name, ®_val);
232 W_ERROR_NOT_OK_RETURN(werr);
234 if (reg_val->type != REG_DWORD) {
235 return WERR_INVALID_DATATYPE;
238 if (reg_val->data.length < 4) {
239 return WERR_INSUFFICIENT_BUFFER;
241 *val = IVAL(reg_val->data.data, 0);
246 /****************************************************************
247 ****************************************************************/
249 static WERROR gp_store_reg_gpovals(TALLOC_CTX *mem_ctx,
250 struct registry_key *key,
251 struct GROUP_POLICY_OBJECT *gpo)
256 return WERR_INVALID_PARAM;
259 werr = gp_store_reg_val_dword(mem_ctx, key, "Version",
261 W_ERROR_NOT_OK_RETURN(werr);
263 werr = gp_store_reg_val_dword(mem_ctx, key, "WQLFilterPass",
265 W_ERROR_NOT_OK_RETURN(werr);
267 werr = gp_store_reg_val_dword(mem_ctx, key, "AccessDenied",
269 W_ERROR_NOT_OK_RETURN(werr);
271 werr = gp_store_reg_val_dword(mem_ctx, key, "GPO-Disabled",
272 (gpo->options & GPO_FLAG_DISABLE));
273 W_ERROR_NOT_OK_RETURN(werr);
275 werr = gp_store_reg_val_dword(mem_ctx, key, "Options",
277 W_ERROR_NOT_OK_RETURN(werr);
279 werr = gp_store_reg_val_sz(mem_ctx, key, "GPOID",
281 W_ERROR_NOT_OK_RETURN(werr);
283 werr = gp_store_reg_val_sz(mem_ctx, key, "SOM",
285 W_ERROR_NOT_OK_RETURN(werr);
287 werr = gp_store_reg_val_sz(mem_ctx, key, "DisplayName",
289 W_ERROR_NOT_OK_RETURN(werr);
291 werr = gp_store_reg_val_sz(mem_ctx, key, "WQL-Id",
293 W_ERROR_NOT_OK_RETURN(werr);
298 /****************************************************************
299 ****************************************************************/
301 static const char *gp_reg_groupmembership_path(TALLOC_CTX *mem_ctx,
302 const struct dom_sid *sid,
305 if (flags & GPO_LIST_FLAG_MACHINE) {
306 return "GroupMembership";
309 return talloc_asprintf(mem_ctx, "%s\\%s", sid_string_tos(sid),
313 /****************************************************************
314 ****************************************************************/
316 static WERROR gp_reg_del_groupmembership(TALLOC_CTX *mem_ctx,
317 struct registry_key *key,
318 const struct security_token *token,
321 const char *path = NULL;
323 path = gp_reg_groupmembership_path(mem_ctx, &token->sids[0],
325 W_ERROR_HAVE_NO_MEMORY(path);
327 return reg_deletekey_recursive(mem_ctx, key, path);
331 /****************************************************************
332 ****************************************************************/
334 static WERROR gp_reg_store_groupmembership(TALLOC_CTX *mem_ctx,
335 struct gp_registry_context *reg_ctx,
336 const struct security_token *token,
339 struct registry_key *key = NULL;
342 const char *valname = NULL;
343 const char *path = NULL;
344 const char *val = NULL;
347 path = gp_reg_groupmembership_path(mem_ctx, &token->sids[0],
349 W_ERROR_HAVE_NO_MEMORY(path);
351 gp_reg_del_groupmembership(mem_ctx, reg_ctx->curr_key, token, flags);
353 werr = gp_store_reg_subkey(mem_ctx, path,
354 reg_ctx->curr_key, &key);
355 W_ERROR_NOT_OK_RETURN(werr);
357 for (i=0; i<token->num_sids; i++) {
359 valname = talloc_asprintf(mem_ctx, "Group%d", count++);
360 W_ERROR_HAVE_NO_MEMORY(valname);
362 val = sid_string_talloc(mem_ctx, &token->sids[i]);
363 W_ERROR_HAVE_NO_MEMORY(val);
364 werr = gp_store_reg_val_sz(mem_ctx, key, valname, val);
365 W_ERROR_NOT_OK_RETURN(werr);
368 werr = gp_store_reg_val_dword(mem_ctx, key, "Count", count);
369 W_ERROR_NOT_OK_RETURN(werr);
374 /****************************************************************
375 ****************************************************************/
378 static WERROR gp_reg_read_groupmembership(TALLOC_CTX *mem_ctx,
379 struct gp_registry_context *reg_ctx,
380 const struct dom_sid *object_sid,
381 struct security_token **token,
384 struct registry_key *key = NULL;
387 const char *valname = NULL;
388 const char *val = NULL;
389 const char *path = NULL;
391 int num_token_sids = 0;
392 struct security_token *tmp_token = NULL;
394 tmp_token = TALLOC_ZERO_P(mem_ctx, struct security_token);
395 W_ERROR_HAVE_NO_MEMORY(tmp_token);
397 path = gp_reg_groupmembership_path(mem_ctx, object_sid, flags);
398 W_ERROR_HAVE_NO_MEMORY(path);
400 werr = gp_read_reg_subkey(mem_ctx, reg_ctx, path, &key);
401 W_ERROR_NOT_OK_RETURN(werr);
403 werr = gp_read_reg_val_dword(mem_ctx, key, "Count", &count);
404 W_ERROR_NOT_OK_RETURN(werr);
406 for (i=0; i<count; i++) {
408 valname = talloc_asprintf(mem_ctx, "Group%d", i);
409 W_ERROR_HAVE_NO_MEMORY(valname);
411 werr = gp_read_reg_val_sz(mem_ctx, key, valname, &val);
412 W_ERROR_NOT_OK_RETURN(werr);
414 if (!string_to_sid(&tmp_token->sids[num_token_sids++],
416 return WERR_INSUFFICIENT_BUFFER;
420 tmp_token->num_sids = num_token_sids;
427 /****************************************************************
428 ****************************************************************/
430 static const char *gp_req_state_path(TALLOC_CTX *mem_ctx,
431 const struct dom_sid *sid,
434 if (flags & GPO_LIST_FLAG_MACHINE) {
435 return GPO_REG_STATE_MACHINE;
438 return talloc_asprintf(mem_ctx, "%s\\%s", "State", sid_string_tos(sid));
441 /****************************************************************
442 ****************************************************************/
444 static WERROR gp_del_reg_state(TALLOC_CTX *mem_ctx,
445 struct registry_key *key,
448 return reg_deletesubkeys_recursive(mem_ctx, key, path);
451 /****************************************************************
452 ****************************************************************/
454 WERROR gp_reg_state_store(TALLOC_CTX *mem_ctx,
457 const struct security_token *token,
458 struct GROUP_POLICY_OBJECT *gpo_list)
460 struct gp_registry_context *reg_ctx = NULL;
461 WERROR werr = WERR_GENERAL_FAILURE;
462 const char *subkeyname = NULL;
463 struct GROUP_POLICY_OBJECT *gpo;
465 struct registry_key *key;
467 werr = gp_init_reg_ctx(mem_ctx, KEY_GROUP_POLICY, REG_KEY_WRITE,
469 W_ERROR_NOT_OK_RETURN(werr);
471 werr = gp_secure_key(mem_ctx, flags, reg_ctx->curr_key,
473 if (!W_ERROR_IS_OK(werr)) {
474 DEBUG(0,("failed to secure key: %s\n", win_errstr(werr)));
478 werr = gp_reg_store_groupmembership(mem_ctx, reg_ctx, token, flags);
479 if (!W_ERROR_IS_OK(werr)) {
480 DEBUG(0,("failed to store group membership: %s\n", win_errstr(werr)));
484 subkeyname = gp_req_state_path(mem_ctx, &token->sids[0], flags);
490 werr = gp_del_reg_state(mem_ctx, reg_ctx->curr_key, subkeyname);
491 if (!W_ERROR_IS_OK(werr)) {
492 DEBUG(0,("failed to delete old state: %s\n", win_errstr(werr)));
496 werr = gp_store_reg_subkey(mem_ctx, subkeyname,
497 reg_ctx->curr_key, ®_ctx->curr_key);
498 if (!W_ERROR_IS_OK(werr)) {
502 werr = gp_store_reg_val_sz(mem_ctx, reg_ctx->curr_key,
503 "Distinguished-Name", dn);
504 if (!W_ERROR_IS_OK(werr)) {
508 /* store link list */
510 werr = gp_store_reg_subkey(mem_ctx, "GPLink-List",
511 reg_ctx->curr_key, &key);
512 if (!W_ERROR_IS_OK(werr)) {
518 werr = gp_store_reg_subkey(mem_ctx, "GPO-List",
519 reg_ctx->curr_key, ®_ctx->curr_key);
520 if (!W_ERROR_IS_OK(werr)) {
524 for (gpo = gpo_list; gpo; gpo = gpo->next) {
526 subkeyname = talloc_asprintf(mem_ctx, "%d", count++);
532 werr = gp_store_reg_subkey(mem_ctx, subkeyname,
533 reg_ctx->curr_key, &key);
534 if (!W_ERROR_IS_OK(werr)) {
538 werr = gp_store_reg_gpovals(mem_ctx, key, gpo);
539 if (!W_ERROR_IS_OK(werr)) {
540 DEBUG(0,("gp_reg_state_store: "
541 "gpo_store_reg_gpovals failed for %s: %s\n",
542 gpo->display_name, win_errstr(werr)));
547 gp_free_reg_ctx(reg_ctx);
551 /****************************************************************
552 ****************************************************************/
554 static WERROR gp_read_reg_gpovals(TALLOC_CTX *mem_ctx,
555 struct registry_key *key,
556 struct GROUP_POLICY_OBJECT *gpo)
561 return WERR_INVALID_PARAM;
564 werr = gp_read_reg_val_dword(mem_ctx, key, "Version",
566 W_ERROR_NOT_OK_RETURN(werr);
568 werr = gp_read_reg_val_dword(mem_ctx, key, "Options",
570 W_ERROR_NOT_OK_RETURN(werr);
572 werr = gp_read_reg_val_sz(mem_ctx, key, "GPOID",
574 W_ERROR_NOT_OK_RETURN(werr);
576 werr = gp_read_reg_val_sz(mem_ctx, key, "SOM",
578 W_ERROR_NOT_OK_RETURN(werr);
580 werr = gp_read_reg_val_sz(mem_ctx, key, "DisplayName",
582 W_ERROR_NOT_OK_RETURN(werr);
587 /****************************************************************
588 ****************************************************************/
590 static WERROR gp_read_reg_gpo(TALLOC_CTX *mem_ctx,
591 struct registry_key *key,
592 struct GROUP_POLICY_OBJECT **gpo_ret)
594 struct GROUP_POLICY_OBJECT *gpo = NULL;
597 if (!gpo_ret || !key) {
598 return WERR_INVALID_PARAM;
601 gpo = TALLOC_ZERO_P(mem_ctx, struct GROUP_POLICY_OBJECT);
602 W_ERROR_HAVE_NO_MEMORY(gpo);
604 werr = gp_read_reg_gpovals(mem_ctx, key, gpo);
605 W_ERROR_NOT_OK_RETURN(werr);
612 /****************************************************************
613 ****************************************************************/
615 WERROR gp_reg_state_read(TALLOC_CTX *mem_ctx,
617 const struct dom_sid *sid,
618 struct GROUP_POLICY_OBJECT **gpo_list)
620 struct gp_registry_context *reg_ctx = NULL;
621 WERROR werr = WERR_GENERAL_FAILURE;
622 const char *subkeyname = NULL;
623 struct GROUP_POLICY_OBJECT *gpo = NULL;
625 struct registry_key *key = NULL;
626 const char *path = NULL;
627 const char *gp_state_path = NULL;
630 return WERR_INVALID_PARAM;
633 ZERO_STRUCTP(gpo_list);
635 gp_state_path = gp_req_state_path(mem_ctx, sid, flags);
636 if (!gp_state_path) {
641 path = talloc_asprintf(mem_ctx, "%s\\%s\\%s",
650 werr = gp_init_reg_ctx(mem_ctx, path, REG_KEY_READ, NULL, ®_ctx);
651 if (!W_ERROR_IS_OK(werr)) {
657 subkeyname = talloc_asprintf(mem_ctx, "%d", count++);
663 werr = gp_read_reg_subkey(mem_ctx, reg_ctx, subkeyname, &key);
664 if (W_ERROR_EQUAL(werr, WERR_BADFILE)) {
668 if (!W_ERROR_IS_OK(werr)) {
669 DEBUG(0,("gp_reg_state_read: "
670 "gp_read_reg_subkey gave: %s\n",
675 werr = gp_read_reg_gpo(mem_ctx, key, &gpo);
676 if (!W_ERROR_IS_OK(werr)) {
680 DLIST_ADD(*gpo_list, gpo);
684 gp_free_reg_ctx(reg_ctx);
688 /****************************************************************
689 ****************************************************************/
691 static WERROR gp_reg_generate_sd(TALLOC_CTX *mem_ctx,
692 const struct dom_sid *sid,
693 struct security_descriptor **sd,
696 struct security_ace ace[6];
699 struct security_acl *theacl = NULL;
701 uint8_t inherit_flags;
704 init_sec_ace(&ace[0],
706 SEC_ACE_TYPE_ACCESS_ALLOWED,
710 init_sec_ace(&ace[1],
711 &global_sid_Builtin_Administrators,
712 SEC_ACE_TYPE_ACCESS_ALLOWED,
716 init_sec_ace(&ace[2],
717 sid ? sid : &global_sid_Authenticated_Users,
718 SEC_ACE_TYPE_ACCESS_ALLOWED,
721 inherit_flags = SEC_ACE_FLAG_OBJECT_INHERIT |
722 SEC_ACE_FLAG_CONTAINER_INHERIT |
723 SEC_ACE_FLAG_INHERIT_ONLY;
726 init_sec_ace(&ace[3],
728 SEC_ACE_TYPE_ACCESS_ALLOWED,
729 mask, inherit_flags);
732 init_sec_ace(&ace[4],
733 &global_sid_Builtin_Administrators,
734 SEC_ACE_TYPE_ACCESS_ALLOWED,
735 mask, inherit_flags);
738 init_sec_ace(&ace[5],
739 sid ? sid : &global_sid_Authenticated_Users,
740 SEC_ACE_TYPE_ACCESS_ALLOWED,
741 mask, inherit_flags);
743 theacl = make_sec_acl(mem_ctx, NT4_ACL_REVISION, 6, ace);
744 W_ERROR_HAVE_NO_MEMORY(theacl);
746 *sd = make_sec_desc(mem_ctx, SD_REVISION,
747 SEC_DESC_SELF_RELATIVE |
748 SEC_DESC_DACL_AUTO_INHERITED | /* really ? */
749 SEC_DESC_DACL_AUTO_INHERIT_REQ, /* really ? */
752 W_ERROR_HAVE_NO_MEMORY(*sd);
757 /****************************************************************
758 ****************************************************************/
760 WERROR gp_secure_key(TALLOC_CTX *mem_ctx,
762 struct registry_key *key,
763 const struct dom_sid *sid)
765 struct security_descriptor *sd = NULL;
767 const struct dom_sid *sd_sid = NULL;
770 if (!(flags & GPO_LIST_FLAG_MACHINE)) {
774 werr = gp_reg_generate_sd(mem_ctx, sd_sid, &sd, &sd_size);
775 W_ERROR_NOT_OK_RETURN(werr);
777 return reg_setkeysecurity(key, sd);
780 /****************************************************************
781 ****************************************************************/
783 void dump_reg_val(int lvl, const char *direction,
784 const char *key, const char *subkey,
785 struct registry_value *val)
788 const char *type_str = NULL;
791 DEBUG(lvl,("no val!\n"));
795 type_str = str_regtype(val->type);
797 DEBUG(lvl,("\tdump_reg_val:\t%s '%s'\n\t\t\t'%s' %s: ",
798 direction, key, subkey, type_str));
803 if (val->data.length < 4) {
806 v = IVAL(val->data.data, 0);
807 DEBUG(lvl,("%d (0x%08x)\n",
813 if (val->data.length < 8) {
816 v = BVAL(val->data.data, 0);
817 DEBUG(lvl,("%d (0x%016llx)\n",
819 (unsigned long long)v));
824 if (!pull_reg_sz(talloc_tos(), &val->data, &s)) {
827 DEBUG(lvl,("%s (length: %d)\n",
828 s, (int)strlen_m(s)));
833 if (!pull_reg_multi_sz(talloc_tos(), &val->data, &a)) {
836 for (i=0; a[i] != NULL; i++) {
839 DEBUG(lvl,("(num_strings: %d)\n", i));
840 for (i=0; a[i] != NULL; i++) {
841 DEBUGADD(lvl,("\t%s\n", a[i]));
849 dump_data(lvl, val->data.data,
853 DEBUG(lvl,("unsupported type: %d\n", val->type));
858 /****************************************************************
859 ****************************************************************/
861 void dump_reg_entry(uint32_t flags,
863 struct gp_registry_entry *entry)
865 if (!(flags & GPO_INFO_FLAG_VERBOSE))
874 /****************************************************************
875 ****************************************************************/
877 void dump_reg_entries(uint32_t flags,
879 struct gp_registry_entry *entries,
884 if (!(flags & GPO_INFO_FLAG_VERBOSE))
887 for (i=0; i < num_entries; i++) {
888 dump_reg_entry(flags, dir, &entries[i]);
892 /****************************************************************
893 ****************************************************************/
895 bool add_gp_registry_entry_to_array(TALLOC_CTX *mem_ctx,
896 struct gp_registry_entry *entry,
897 struct gp_registry_entry **entries,
900 *entries = TALLOC_REALLOC_ARRAY(mem_ctx, *entries,
901 struct gp_registry_entry,
904 if (*entries == NULL) {
909 (*entries)[*num].action = entry->action;
910 (*entries)[*num].key = entry->key;
911 (*entries)[*num].value = entry->value;
912 (*entries)[*num].data = entry->data;
918 /****************************************************************
919 ****************************************************************/
921 static const char *gp_reg_action_str(enum gp_reg_action action)
924 case GP_REG_ACTION_NONE:
925 return "GP_REG_ACTION_NONE";
926 case GP_REG_ACTION_ADD_VALUE:
927 return "GP_REG_ACTION_ADD_VALUE";
928 case GP_REG_ACTION_ADD_KEY:
929 return "GP_REG_ACTION_ADD_KEY";
930 case GP_REG_ACTION_DEL_VALUES:
931 return "GP_REG_ACTION_DEL_VALUES";
932 case GP_REG_ACTION_DEL_VALUE:
933 return "GP_REG_ACTION_DEL_VALUE";
934 case GP_REG_ACTION_DEL_ALL_VALUES:
935 return "GP_REG_ACTION_DEL_ALL_VALUES";
936 case GP_REG_ACTION_DEL_KEYS:
937 return "GP_REG_ACTION_DEL_KEYS";
938 case GP_REG_ACTION_SEC_KEY_SET:
939 return "GP_REG_ACTION_SEC_KEY_SET";
940 case GP_REG_ACTION_SEC_KEY_RESET:
941 return "GP_REG_ACTION_SEC_KEY_RESET";
947 /****************************************************************
948 ****************************************************************/
950 WERROR reg_apply_registry_entry(TALLOC_CTX *mem_ctx,
951 struct registry_key *root_key,
952 struct gp_registry_context *reg_ctx,
953 struct gp_registry_entry *entry,
954 const struct security_token *token,
958 struct registry_key *key = NULL;
960 if (flags & GPO_INFO_FLAG_VERBOSE) {
961 printf("about to store key: [%s]\n", entry->key);
962 printf(" value: [%s]\n", entry->value);
963 printf(" data: [%s]\n", str_regtype(entry->data->type));
964 printf(" action: [%s]\n", gp_reg_action_str(entry->action));
967 werr = gp_store_reg_subkey(mem_ctx, entry->key,
969 /* reg_ctx->curr_key, &key); */
970 if (!W_ERROR_IS_OK(werr)) {
971 DEBUG(0,("gp_store_reg_subkey failed: %s\n", win_errstr(werr)));
975 switch (entry->action) {
976 case GP_REG_ACTION_NONE:
977 case GP_REG_ACTION_ADD_KEY:
980 case GP_REG_ACTION_SEC_KEY_SET:
981 werr = gp_secure_key(mem_ctx, flags,
984 if (!W_ERROR_IS_OK(werr)) {
985 DEBUG(0,("reg_apply_registry_entry: "
986 "gp_secure_key failed: %s\n",
991 case GP_REG_ACTION_ADD_VALUE:
992 werr = reg_setvalue(key, entry->value, entry->data);
993 if (!W_ERROR_IS_OK(werr)) {
994 DEBUG(0,("reg_apply_registry_entry: "
995 "reg_setvalue failed: %s\n",
997 dump_reg_entry(flags, "STORE", entry);
1001 case GP_REG_ACTION_DEL_VALUE:
1002 werr = reg_deletevalue(key, entry->value);
1003 if (!W_ERROR_IS_OK(werr)) {
1004 DEBUG(0,("reg_apply_registry_entry: "
1005 "reg_deletevalue failed: %s\n",
1007 dump_reg_entry(flags, "STORE", entry);
1011 case GP_REG_ACTION_DEL_ALL_VALUES:
1012 werr = reg_deleteallvalues(key);
1013 if (!W_ERROR_IS_OK(werr)) {
1014 DEBUG(0,("reg_apply_registry_entry: "
1015 "reg_deleteallvalues failed: %s\n",
1017 dump_reg_entry(flags, "STORE", entry);
1021 case GP_REG_ACTION_DEL_VALUES:
1022 case GP_REG_ACTION_DEL_KEYS:
1023 case GP_REG_ACTION_SEC_KEY_RESET:
1024 DEBUG(0,("reg_apply_registry_entry: "
1025 "not yet supported: %s (%d)\n",
1026 gp_reg_action_str(entry->action),
1028 return WERR_NOT_SUPPORTED;
1030 DEBUG(0,("invalid action: %d\n", entry->action));
1031 return WERR_INVALID_PARAM;