source3/libgpo/gpext/security.c

   1 /*
   2  *  Unix SMB/CIFS implementation.
   3  *  Group Policy Support
   4  *  Copyright (C) Guenther Deschner 2005-2008
   5  *
   6  *  This program is free software; you can redistribute it and/or modify
   7  *  it under the terms of the GNU General Public License as published by
   8  *  the Free Software Foundation; either version 3 of the License, or
   9  *  (at your option) any later version.
  10  *
  11  *  This program is distributed in the hope that it will be useful,
  12  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14  *  GNU General Public License for more details.
  15  *
  16  *  You should have received a copy of the GNU General Public License
  17  *  along with this program; if not, see <http://www.gnu.org/licenses/>.
  18  */
  19
  20 #include "includes.h"
  21 #include "../libgpo/gpo_ini.h"
  22 #include "../libgpo/gpo.h"
  23 #include "libgpo/gpo_proto.h"
  24
  25 #define GP_EXT_NAME "security"
  26
  27 #define GPTTMPL_UNIX_PATH  "Microsoft/Windows NT/SecEdit/GptTmpl.inf"
  28
  29 #define GPTTMPL_SECTION_UNICODE                 "Unicode"
  30 #define GPTTMPL_SECTION_VERSION                 "Version"
  31
  32 #define GPTTMPL_SECTION_REGISTRY_VALUES         "Registry Values"
  33 #define GPTTMPL_SECTION_SYSTEM_ACCESS           "System Access"
  34 #define GPTTMPL_SECTION_KERBEROS_POLICY         "Kerberos Policy"
  35 #define GPTTMPL_SECTION_EVENT_AUDIT             "Event Audit"
  36 #define GPTTMPL_SECTION_PRIVILEGE_RIGHTS        "Privilege Rights"
  37 #define GPTTMPL_SECTION_APPLICATION_LOG         "Application Log"
  38 #define GPTTMPL_SECTION_SECURITY_LOG            "Security Log"
  39 #define GPTTMPL_SECTION_SYSTEM_LOG              "System Log"
  40 #define GPTTMPL_SECTION_GROUP_MEMBERSHIP        "Group Membership"
  41 #define GPTTMPL_SECTION_FILE_SECURITY           "File Security"
  42 #define GPTTMPL_SECTION_SERVICE_GENERAL_SETTING "Service General Setting"
  43
  44 static TALLOC_CTX *ctx = NULL;
  45
  46 struct gpttmpl_table {
  47         const char *section;
  48         const char *parameter;
  49         enum winreg_Type type;
  50 };
  51
  52 /****************************************************************
  53  parse the Version section from gpttmpl file
  54 ****************************************************************/
  55
  56 #define GPTTMPL_PARAMETER_REVISION "Revision"
  57 #define GPTTMPL_PARAMETER_SIGNATURE "signature"
  58 #define GPTTMPL_VALUE_CHICAGO "\"$CHICAGO$\"" /* whatever this is good for... */
  59 #define GPTTMPL_PARAMETER_UNICODE "Unicode"
  60
  61 static NTSTATUS gpttmpl_parse_header(struct gp_inifile_context *ini_ctx,
  62                                      uint32_t *version_out)
  63 {
  64         char *signature = NULL;
  65         NTSTATUS result;
  66         int version;
  67         bool is_unicode = false;
  68
  69         if (!ini_ctx) {
  70                 return NT_STATUS_INVALID_PARAMETER;
  71         }
  72
  73         result = gp_inifile_getstring(ini_ctx, GPTTMPL_SECTION_VERSION
  74                         ":"GPTTMPL_PARAMETER_SIGNATURE, &signature);
  75         if (!NT_STATUS_IS_OK(result)) {
  76                 return NT_STATUS_INTERNAL_DB_CORRUPTION;
  77         }
  78
  79         if (!strequal(signature, GPTTMPL_VALUE_CHICAGO)) {
  80                 return NT_STATUS_INTERNAL_DB_CORRUPTION;
  81         }
  82         result = gp_inifile_getint(ini_ctx, GPTTMPL_SECTION_VERSION
  83                         ":"GPTTMPL_PARAMETER_REVISION, &version);
  84         if (!NT_STATUS_IS_OK(result)) {
  85                 return NT_STATUS_INTERNAL_DB_CORRUPTION;
  86         }
  87
  88         if (version_out) {
  89                 *version_out = version;
  90         }
  91
  92         result = gp_inifile_getbool(ini_ctx, GPTTMPL_SECTION_UNICODE
  93                         ":"GPTTMPL_PARAMETER_UNICODE, &is_unicode);
  94         if (!NT_STATUS_IS_OK(result) || !is_unicode) {
  95                 return NT_STATUS_INTERNAL_DB_CORRUPTION;
  96         }
  97
  98         return NT_STATUS_OK;
  99 }
 100
 101 /****************************************************************
 102 ****************************************************************/
 103
 104 static NTSTATUS gpttmpl_init_context(TALLOC_CTX *mem_ctx,
 105                                      uint32_t flags,
 106                                      const char *unix_path,
 107                                      struct gp_inifile_context **ini_ctx)
 108 {
 109         NTSTATUS status;
 110         uint32_t version;
 111         struct gp_inifile_context *tmp_ctx = NULL;
 112
 113         status = gp_inifile_init_context(mem_ctx, flags, unix_path,
 114                                          GPTTMPL_UNIX_PATH, &tmp_ctx);
 115         NT_STATUS_NOT_OK_RETURN(status);
 116
 117         status = gpttmpl_parse_header(tmp_ctx, &version);
 118         if (!NT_STATUS_IS_OK(status)) {
 119                 DEBUG(1,("gpttmpl_init_context: failed: %s\n",
 120                         nt_errstr(status)));
 121                 TALLOC_FREE(tmp_ctx);
 122                 return status;
 123         }
 124
 125         *ini_ctx = tmp_ctx;
 126
 127         return NT_STATUS_OK;
 128 }
 129
 130 /****************************************************************
 131 ****************************************************************/
 132
 133 static NTSTATUS gpttmpl_process(struct gp_inifile_context *ini_ctx,
 134                                 struct registry_key *root_key,
 135                                 uint32_t flags)
 136 {
 137         return NT_STATUS_OK;
 138 }
 139
 140 /****************************************************************
 141 ****************************************************************/
 142
 143 static NTSTATUS security_process_group_policy(TALLOC_CTX *mem_ctx,
 144                                               uint32_t flags,
 145                                               struct registry_key *root_key,
 146                                               const struct security_token *token,
 147                                               struct GROUP_POLICY_OBJECT *gpo,
 148                                               const char *extension_guid,
 149                                               const char *snapin_guid)
 150 {
 151         NTSTATUS status;
 152         char *unix_path = NULL;
 153         struct gp_inifile_context *ini_ctx = NULL;
 154
 155         debug_gpext_header(0, "security_process_group_policy", flags, gpo,
 156                            extension_guid, snapin_guid);
 157
 158         /* this handler processes the gpttmpl files and merge output to the
 159          * registry */
 160
 161         status = gpo_get_unix_path(mem_ctx, cache_path(GPO_CACHE_DIR), gpo, &unix_path);
 162         if (!NT_STATUS_IS_OK(status)) {
 163                 goto out;
 164         }
 165
 166         status = gpttmpl_init_context(mem_ctx, flags, unix_path, &ini_ctx);
 167         if (!NT_STATUS_IS_OK(status)) {
 168                 goto out;
 169         }
 170
 171         status = gpttmpl_process(ini_ctx, root_key, flags);
 172         if (!NT_STATUS_IS_OK(status)) {
 173                 goto out;
 174         }
 175
 176  out:
 177         if (!NT_STATUS_IS_OK(status)) {
 178                 DEBUG(0,("security_process_group_policy: %s\n",
 179                         nt_errstr(status)));
 180         }
 181         TALLOC_FREE(ini_ctx);
 182
 183         return status;
 184 }
 185
 186 /****************************************************************
 187 ****************************************************************/
 188
 189 static NTSTATUS security_get_reg_config(TALLOC_CTX *mem_ctx,
 190                                         struct gp_extension_reg_info **reg_info)
 191 {
 192         NTSTATUS status;
 193         struct gp_extension_reg_info *info = NULL;
 194
 195         struct gp_extension_reg_table table[] = {
 196                 /* FIXME: how can we store the "(Default)" value ??? */
 197                 /* { "", REG_SZ, "Security" }, */
 198                 { "ProcessGroupPolicy", REG_SZ, "security_process_group_policy" },
 199                 { "NoUserPolicy", REG_DWORD, "1" },
 200                 { "ExtensionDebugLevel", REG_DWORD, "1" },
 201                 { NULL, REG_NONE, NULL }
 202         };
 203
 204         info = talloc_zero(mem_ctx, struct gp_extension_reg_info);
 205         NT_STATUS_HAVE_NO_MEMORY(info);
 206
 207         status = gp_ext_info_add_entry(mem_ctx, GP_EXT_NAME,
 208                                        GP_EXT_GUID_SECURITY,
 209                                        table, info);
 210         NT_STATUS_NOT_OK_RETURN(status);
 211
 212         *reg_info = info;
 213
 214         return NT_STATUS_OK;
 215 }
 216
 217
 218 /****************************************************************
 219 ****************************************************************/
 220
 221 static NTSTATUS security_initialize(TALLOC_CTX *mem_ctx)
 222 {
 223         return NT_STATUS_OK;
 224 }
 225
 226 /****************************************************************
 227 ****************************************************************/
 228
 229 static NTSTATUS security_shutdown(void)
 230 {
 231         NTSTATUS status;
 232
 233         status = unregister_gp_extension(GP_EXT_NAME);
 234         if (NT_STATUS_IS_OK(status)) {
 235                 return status;
 236         }
 237
 238         TALLOC_FREE(ctx);
 239
 240         return NT_STATUS_OK;
 241 }
 242
 243 /****************************************************************
 244 ****************************************************************/
 245
 246 static struct gp_extension_methods security_methods = {
 247         .initialize             = security_initialize,
 248         .process_group_policy   = security_process_group_policy,
 249         .get_reg_config         = security_get_reg_config,
 250         .shutdown               = security_shutdown
 251 };
 252
 253 /****************************************************************
 254 ****************************************************************/
 255
 256 NTSTATUS gpext_security_init(void)
 257 {
 258         NTSTATUS status;
 259
 260         ctx = talloc_init("gpext_security_init");
 261         NT_STATUS_HAVE_NO_MEMORY(ctx);
 262
 263         status = register_gp_extension(ctx, SMB_GPEXT_INTERFACE_VERSION,
 264                                        GP_EXT_NAME, GP_EXT_GUID_SECURITY,
 265                                        &security_methods);
 266         if (!NT_STATUS_IS_OK(status)) {
 267                 TALLOC_FREE(ctx);
 268         }
 269
 270         return status;
 271 }