2 * Unix SMB/CIFS implementation.
3 * Group Policy Object Support
4 * Copyright (C) Guenther Deschner 2005-2006
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, see <http://www.gnu.org/licenses/>.
21 #include "iniparser/src/iniparser.h"
23 /****************************************************************
24 parse the local gpt.ini file
25 ****************************************************************/
27 #define GPT_INI_SECTION_GENERAL "General"
28 #define GPT_INI_PARAMETER_VERSION "Version"
29 #define GPT_INI_PARAMETER_DISPLAYNAME "displayName"
31 NTSTATUS parse_gpt_ini(TALLOC_CTX *mem_ctx, const char *filename, uint32 *version, char **display_name)
38 d = iniparser_load(filename);
40 return NT_STATUS_NO_SUCH_FILE;
43 if ((name = iniparser_getstring(d, GPT_INI_SECTION_GENERAL
44 ":"GPT_INI_PARAMETER_DISPLAYNAME, NULL)) == NULL) {
45 /* the default domain policy and the default domain controller
46 * policy never have a displayname in their gpt.ini file */
47 DEBUG(10,("parse_gpt_ini: no name in %s\n", filename));
50 if (name && display_name) {
51 *display_name = talloc_strdup(mem_ctx, name);
52 if (*display_name == NULL) {
53 result = NT_STATUS_NO_MEMORY;
58 if ((v = iniparser_getint(d, GPT_INI_SECTION_GENERAL
59 ":"GPT_INI_PARAMETER_VERSION, Undefined)) == Undefined) {
60 DEBUG(10,("parse_gpt_ini: no version\n"));
61 result = NT_STATUS_INTERNAL_DB_CORRUPTION;
69 result = NT_STATUS_OK;
72 iniparser_freedict(d);
80 /****************************************************************
81 parse the Version section from gpttmpl file
82 ****************************************************************/
84 #define GPTTMPL_SECTION_VERSION "Version"
85 #define GPTTMPL_PARAMETER_REVISION "Revision"
86 #define GPTTMPL_PARAMETER_SIGNATURE "signature"
87 #define GPTTMPL_CHICAGO "$CHICAGO$" /* whatever this is good for... */
88 #define GPTTMPL_SECTION_UNICODE "Unicode"
89 #define GPTTMPL_PARAMETER_UNICODE "Unicode"
91 static NTSTATUS parse_gpttmpl(dictionary *d, uint32 *version_out)
93 const char *signature = NULL;
96 if ((signature = iniparser_getstring(d, GPTTMPL_SECTION_VERSION
97 ":"GPTTMPL_PARAMETER_SIGNATURE, NULL)) == NULL) {
98 return NT_STATUS_INTERNAL_DB_CORRUPTION;
101 if (!strequal(signature, GPTTMPL_CHICAGO)) {
102 return NT_STATUS_INTERNAL_DB_CORRUPTION;
105 if ((version = iniparser_getint(d, GPTTMPL_SECTION_VERSION
106 ":"GPTTMPL_PARAMETER_REVISION, Undefined)) == Undefined) {
107 return NT_STATUS_INTERNAL_DB_CORRUPTION;
111 *version_out = version;
114 /* treat that as boolean */
115 if ((!iniparser_getboolean(d, GPTTMPL_SECTION_UNICODE
116 ":"GPTTMPL_PARAMETER_UNICODE, Undefined)) == Undefined) {
117 return NT_STATUS_INTERNAL_DB_CORRUPTION;
123 /****************************************************************
124 parse the "System Access" section from gpttmpl file
125 ****************************************************************/
127 #define GPTTMPL_SECTION_SYSTEM_ACCESS "System Access"
128 #define GPTTMPL_PARAMETER_MINPWDAGE "MinimumPasswordAge"
129 #define GPTTMPL_PARAMETER_MAXPWDAGE "MaximumPasswordAge"
130 #define GPTTMPL_PARAMETER_MINPWDLEN "MinimumPasswordLength"
131 #define GPTTMPL_PARAMETER_PWDCOMPLEX "PasswordComplexity"
132 #define GPTTMPL_PARAMETER_PWDHISTORY "PasswordHistorySize"
133 #define GPTTMPL_PARAMETER_LOCKOUTCOUNT "LockoutBadCount"
135 static NTSTATUS parse_gpttmpl_system_access(const char *filename)
138 dictionary *d = NULL;
139 uint32 pwd_min_age, pwd_max_age, pwd_min_len, pwd_history;
140 uint32 lockout_count;
144 d = iniparser_load(filename);
146 return NT_STATUS_NO_SUCH_FILE;
149 status = parse_gpttmpl(d, &version);
150 if (!NT_STATUS_IS_OK(status)) {
154 status = NT_STATUS_INVALID_PARAMETER;
156 if ((pwd_min_age = iniparser_getint(d, GPTTMPL_SECTION_SYSTEM_ACCESS
157 ":"GPTTMPL_PARAMETER_MINPWDAGE, Undefined)) == Undefined) {
161 if ((pwd_max_age = iniparser_getint(d, GPTTMPL_SECTION_SYSTEM_ACCESS
162 ":"GPTTMPL_PARAMETER_MINPWDAGE, Undefined)) == Undefined) {
166 if ((pwd_min_len = iniparser_getint(d, GPTTMPL_SECTION_SYSTEM_ACCESS
167 ":"GPTTMPL_PARAMETER_MINPWDLEN, Undefined)) == Undefined) {
171 if ((pwd_complex = iniparser_getboolean(d, GPTTMPL_SECTION_SYSTEM_ACCESS
172 ":"GPTTMPL_PARAMETER_PWDCOMPLEX, Undefined)) == Undefined) {
176 if ((pwd_history = iniparser_getint(d, GPTTMPL_SECTION_SYSTEM_ACCESS
177 ":"GPTTMPL_PARAMETER_PWDHISTORY, Undefined)) == Undefined) {
181 if ((lockout_count = iniparser_getint(d, GPTTMPL_SECTION_SYSTEM_ACCESS
182 ":"GPTTMPL_PARAMETER_LOCKOUTCOUNT, Undefined)) == Undefined) {
187 RequireLogonToChangePassword = 0
188 ForceLogoffWhenHourExpire = 0
189 ClearTextPassword = 0
192 status = NT_STATUS_OK;
196 iniparser_freedict(d);
202 /****************************************************************
203 parse the "Kerberos Policy" section from gpttmpl file
204 ****************************************************************/
206 #define GPTTMPL_SECTION_KERBEROS_POLICY "Kerberos Policy"
207 #define GPTTMPL_PARAMETER_MAXTKTAGE "MaxTicketAge"
208 #define GPTTMPL_PARAMETER_MAXRENEWAGE "MaxRenewAge"
209 #define GPTTMPL_PARAMETER_MAXTGSAGE "MaxServiceAge"
210 #define GPTTMPL_PARAMETER_MAXCLOCKSKEW "MaxClockSkew"
211 #define GPTTMPL_PARAMETER_TKTVALIDATECLIENT "TicketValidateClient"
213 static NTSTATUS parse_gpttmpl_kerberos_policy(const char *filename)
216 dictionary *d = NULL;
217 uint32 tkt_max_age, tkt_max_renew, tgs_max_age, max_clock_skew;
221 d = iniparser_load(filename);
223 return NT_STATUS_NO_SUCH_FILE;
226 status = parse_gpttmpl(d, &version);
227 if (!NT_STATUS_IS_OK(status)) {
231 status = NT_STATUS_INVALID_PARAMETER;
233 if ((tkt_max_age = iniparser_getint(d, GPTTMPL_SECTION_KERBEROS_POLICY
234 ":"GPTTMPL_PARAMETER_MAXTKTAGE, Undefined)) != Undefined) {
238 if ((tkt_max_renew = iniparser_getint(d, GPTTMPL_SECTION_KERBEROS_POLICY
239 ":"GPTTMPL_PARAMETER_MAXRENEWAGE, Undefined)) != Undefined) {
243 if ((tgs_max_age = iniparser_getint(d, GPTTMPL_SECTION_KERBEROS_POLICY
244 ":"GPTTMPL_PARAMETER_MAXTGSAGE, Undefined)) != Undefined) {
248 if ((max_clock_skew = iniparser_getint(d, GPTTMPL_SECTION_KERBEROS_POLICY
249 ":"GPTTMPL_PARAMETER_MAXCLOCKSKEW, Undefined)) != Undefined) {
253 if ((tkt_validate = iniparser_getboolean(d, GPTTMPL_SECTION_KERBEROS_POLICY
254 ":"GPTTMPL_PARAMETER_TKTVALIDATECLIENT, Undefined)) != Undefined) {
258 status = NT_STATUS_OK;
262 iniparser_freedict(d);
272 perfectly parseable with iniparser:
274 {GUID}/Machine/Microsoft/Windows NT/SecEdit/GptTmpl.inf
280 MinimumPasswordAge = 1
281 MaximumPasswordAge = 42
282 MinimumPasswordLength = 7
283 PasswordComplexity = 1
284 PasswordHistorySize = 24
286 RequireLogonToChangePassword = 0
287 ForceLogoffWhenHourExpire = 0
288 ClearTextPassword = 0
294 TicketValidateClient = 1
296 signature="$CHICAGO$"