source3/libgpo/gpo_parse.c

   1 /*
   2  *  Unix SMB/CIFS implementation.
   3  *  Group Policy Object Support
   4  *  Copyright (C) Guenther Deschner 2005-2006
   5  *
   6  *  This program is free software; you can redistribute it and/or modify
   7  *  it under the terms of the GNU General Public License as published by
   8  *  the Free Software Foundation; either version 3 of the License, or
   9  *  (at your option) any later version.
  10  *
  11  *  This program is distributed in the hope that it will be useful,
  12  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14  *  GNU General Public License for more details.
  15  *
  16  *  You should have received a copy of the GNU General Public License
  17  *  along with this program; if not, see <http://www.gnu.org/licenses/>.
  18  */
  19
  20 #include "includes.h"
  21 #include "iniparser/src/iniparser.h"
  22
  23 /****************************************************************
  24  parse the local gpt.ini file
  25 ****************************************************************/
  26
  27 #define GPT_INI_SECTION_GENERAL "General"
  28 #define GPT_INI_PARAMETER_VERSION "Version"
  29 #define GPT_INI_PARAMETER_DISPLAYNAME "displayName"
  30
  31 NTSTATUS parse_gpt_ini(TALLOC_CTX *mem_ctx, const char *filename, uint32 *version, char **display_name)
  32 {
  33         NTSTATUS result;
  34         uint32 v;
  35         char *name = NULL;
  36         dictionary *d;
  37
  38         d = iniparser_load(filename);
  39         if (d == NULL) {
  40                 return NT_STATUS_NO_SUCH_FILE;
  41         }
  42
  43         if ((name = iniparser_getstring(d, GPT_INI_SECTION_GENERAL
  44                         ":"GPT_INI_PARAMETER_DISPLAYNAME, NULL)) == NULL) {
  45                 /* the default domain policy and the default domain controller
  46                  * policy never have a displayname in their gpt.ini file */
  47                 DEBUG(10,("parse_gpt_ini: no name in %s\n", filename));
  48         }
  49
  50         if (name && display_name) {
  51                 *display_name = talloc_strdup(mem_ctx, name);
  52                 if (*display_name == NULL) {
  53                         result = NT_STATUS_NO_MEMORY;
  54                         goto out;
  55                 }
  56         }
  57
  58         if ((v = iniparser_getint(d, GPT_INI_SECTION_GENERAL
  59                         ":"GPT_INI_PARAMETER_VERSION, Undefined)) == Undefined) {
  60                 DEBUG(10,("parse_gpt_ini: no version\n"));
  61                 result = NT_STATUS_INTERNAL_DB_CORRUPTION;
  62                 goto out;
  63         }
  64
  65         if (version) {
  66                 *version = v;
  67         }
  68
  69         result = NT_STATUS_OK;
  70  out:
  71         if (d) {
  72                 iniparser_freedict(d);
  73         }
  74
  75         return result;
  76 }
  77
  78 #if 0 /* not yet */
  79
  80 /****************************************************************
  81  parse the Version section from gpttmpl file
  82 ****************************************************************/
  83
  84 #define GPTTMPL_SECTION_VERSION "Version"
  85 #define GPTTMPL_PARAMETER_REVISION "Revision"
  86 #define GPTTMPL_PARAMETER_SIGNATURE "signature"
  87 #define GPTTMPL_CHICAGO "$CHICAGO$" /* whatever this is good for... */
  88 #define GPTTMPL_SECTION_UNICODE "Unicode"
  89 #define GPTTMPL_PARAMETER_UNICODE "Unicode"
  90
  91 static NTSTATUS parse_gpttmpl(dictionary *d, uint32 *version_out)
  92 {
  93         const char *signature = NULL;
  94         uint32 version;
  95
  96         if ((signature = iniparser_getstring(d, GPTTMPL_SECTION_VERSION
  97                         ":"GPTTMPL_PARAMETER_SIGNATURE, NULL)) == NULL) {
  98                 return NT_STATUS_INTERNAL_DB_CORRUPTION;
  99         }
 100
 101         if (!strequal(signature, GPTTMPL_CHICAGO)) {
 102                 return NT_STATUS_INTERNAL_DB_CORRUPTION;
 103         }
 104
 105         if ((version = iniparser_getint(d, GPTTMPL_SECTION_VERSION
 106                         ":"GPTTMPL_PARAMETER_REVISION, Undefined)) == Undefined) {
 107                 return NT_STATUS_INTERNAL_DB_CORRUPTION;
 108         }
 109
 110         if (version_out) {
 111                 *version_out = version;
 112         }
 113
 114         /* treat that as boolean */
 115         if ((!iniparser_getboolean(d, GPTTMPL_SECTION_UNICODE
 116                         ":"GPTTMPL_PARAMETER_UNICODE, Undefined)) == Undefined) {
 117                 return NT_STATUS_INTERNAL_DB_CORRUPTION;
 118         }
 119
 120         return NT_STATUS_OK;
 121 }
 122
 123 /****************************************************************
 124  parse the "System Access" section from gpttmpl file
 125 ****************************************************************/
 126
 127 #define GPTTMPL_SECTION_SYSTEM_ACCESS "System Access"
 128 #define GPTTMPL_PARAMETER_MINPWDAGE "MinimumPasswordAge"
 129 #define GPTTMPL_PARAMETER_MAXPWDAGE "MaximumPasswordAge"
 130 #define GPTTMPL_PARAMETER_MINPWDLEN "MinimumPasswordLength"
 131 #define GPTTMPL_PARAMETER_PWDCOMPLEX "PasswordComplexity"
 132 #define GPTTMPL_PARAMETER_PWDHISTORY "PasswordHistorySize"
 133 #define GPTTMPL_PARAMETER_LOCKOUTCOUNT "LockoutBadCount"
 134
 135 static NTSTATUS parse_gpttmpl_system_access(const char *filename)
 136 {
 137         NTSTATUS status;
 138         dictionary *d = NULL;
 139         uint32 pwd_min_age, pwd_max_age, pwd_min_len, pwd_history;
 140         uint32 lockout_count;
 141         BOOL pwd_complex;
 142         uint32 version;
 143
 144         d = iniparser_load(filename);
 145         if (d == NULL) {
 146                 return NT_STATUS_NO_SUCH_FILE;
 147         }
 148
 149         status = parse_gpttmpl(d, &version);
 150         if (!NT_STATUS_IS_OK(status)) {
 151                 goto out;
 152         }
 153
 154         status = NT_STATUS_INVALID_PARAMETER;
 155
 156         if ((pwd_min_age = iniparser_getint(d, GPTTMPL_SECTION_SYSTEM_ACCESS
 157                         ":"GPTTMPL_PARAMETER_MINPWDAGE, Undefined)) == Undefined) {
 158                 goto out;
 159         }
 160
 161         if ((pwd_max_age = iniparser_getint(d, GPTTMPL_SECTION_SYSTEM_ACCESS
 162                         ":"GPTTMPL_PARAMETER_MINPWDAGE, Undefined)) == Undefined) {
 163                 goto out;
 164         }
 165
 166         if ((pwd_min_len = iniparser_getint(d, GPTTMPL_SECTION_SYSTEM_ACCESS
 167                         ":"GPTTMPL_PARAMETER_MINPWDLEN, Undefined)) == Undefined) {
 168                 goto out;
 169         }
 170
 171         if ((pwd_complex = iniparser_getboolean(d, GPTTMPL_SECTION_SYSTEM_ACCESS
 172                         ":"GPTTMPL_PARAMETER_PWDCOMPLEX, Undefined)) == Undefined) {
 173                 goto out;
 174         }
 175
 176         if ((pwd_history = iniparser_getint(d, GPTTMPL_SECTION_SYSTEM_ACCESS
 177                         ":"GPTTMPL_PARAMETER_PWDHISTORY, Undefined)) == Undefined) {
 178                 goto out;
 179         }
 180
 181         if ((lockout_count = iniparser_getint(d, GPTTMPL_SECTION_SYSTEM_ACCESS
 182                         ":"GPTTMPL_PARAMETER_LOCKOUTCOUNT, Undefined)) == Undefined) {
 183                 goto out;
 184         }
 185
 186         /* TODO ?
 187         RequireLogonToChangePassword = 0
 188         ForceLogoffWhenHourExpire = 0
 189         ClearTextPassword = 0
 190         */
 191
 192         status = NT_STATUS_OK;
 193
 194  out:
 195         if (d) {
 196                 iniparser_freedict(d);
 197         }
 198
 199         return status;
 200 }
 201
 202 /****************************************************************
 203  parse the "Kerberos Policy" section from gpttmpl file
 204 ****************************************************************/
 205
 206 #define GPTTMPL_SECTION_KERBEROS_POLICY "Kerberos Policy"
 207 #define GPTTMPL_PARAMETER_MAXTKTAGE "MaxTicketAge"
 208 #define GPTTMPL_PARAMETER_MAXRENEWAGE "MaxRenewAge"
 209 #define GPTTMPL_PARAMETER_MAXTGSAGE "MaxServiceAge"
 210 #define GPTTMPL_PARAMETER_MAXCLOCKSKEW "MaxClockSkew"
 211 #define GPTTMPL_PARAMETER_TKTVALIDATECLIENT "TicketValidateClient"
 212
 213 static NTSTATUS parse_gpttmpl_kerberos_policy(const char *filename)
 214 {
 215         NTSTATUS status;
 216         dictionary *d = NULL;
 217         uint32 tkt_max_age, tkt_max_renew, tgs_max_age, max_clock_skew;
 218         BOOL tkt_validate;
 219         uint32 version;
 220
 221         d = iniparser_load(filename);
 222         if (d == NULL) {
 223                 return NT_STATUS_NO_SUCH_FILE;
 224         }
 225
 226         status = parse_gpttmpl(d, &version);
 227         if (!NT_STATUS_IS_OK(status)) {
 228                 goto out;
 229         }
 230
 231         status = NT_STATUS_INVALID_PARAMETER;
 232
 233         if ((tkt_max_age = iniparser_getint(d, GPTTMPL_SECTION_KERBEROS_POLICY
 234                         ":"GPTTMPL_PARAMETER_MAXTKTAGE, Undefined)) != Undefined) {
 235                 goto out;
 236         }
 237
 238         if ((tkt_max_renew = iniparser_getint(d, GPTTMPL_SECTION_KERBEROS_POLICY
 239                         ":"GPTTMPL_PARAMETER_MAXRENEWAGE, Undefined)) != Undefined) {
 240                 goto out;
 241         }
 242
 243         if ((tgs_max_age = iniparser_getint(d, GPTTMPL_SECTION_KERBEROS_POLICY
 244                         ":"GPTTMPL_PARAMETER_MAXTGSAGE, Undefined)) != Undefined) {
 245                 goto out;
 246         }
 247
 248         if ((max_clock_skew = iniparser_getint(d, GPTTMPL_SECTION_KERBEROS_POLICY
 249                         ":"GPTTMPL_PARAMETER_MAXCLOCKSKEW, Undefined)) != Undefined) {
 250                 goto out;
 251         }
 252
 253         if ((tkt_validate = iniparser_getboolean(d, GPTTMPL_SECTION_KERBEROS_POLICY
 254                         ":"GPTTMPL_PARAMETER_TKTVALIDATECLIENT, Undefined)) != Undefined) {
 255                 goto out;
 256         }
 257
 258         status = NT_STATUS_OK;
 259
 260  out:
 261         if (d) {
 262                 iniparser_freedict(d);
 263         }
 264
 265         return status;
 266 }
 267
 268 #endif
 269
 270 /*
 271
 272 perfectly parseable with iniparser:
 273
 274 {GUID}/Machine/Microsoft/Windows NT/SecEdit/GptTmpl.inf
 275
 276
 277 [Unicode]
 278 Unicode=yes
 279 [System Access]
 280 MinimumPasswordAge = 1
 281 MaximumPasswordAge = 42
 282 MinimumPasswordLength = 7
 283 PasswordComplexity = 1
 284 PasswordHistorySize = 24
 285 LockoutBadCount = 0
 286 RequireLogonToChangePassword = 0
 287 ForceLogoffWhenHourExpire = 0
 288 ClearTextPassword = 0
 289 [Kerberos Policy]
 290 MaxTicketAge = 10
 291 MaxRenewAge = 7
 292 MaxServiceAge = 600
 293 MaxClockSkew = 5
 294 TicketValidateClient = 1
 295 [Version]
 296 signature="$CHICAGO$"
 297 Revision=1
 298 */