2 * Unix SMB/CIFS implementation.
3 * Group Policy Object Support
4 * Copyright (C) Guenther Deschner 2007-2008
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, see <http://www.gnu.org/licenses/>.
21 #include "../libgpo/gpo.h"
22 #include "libgpo/gpo_proto.h"
25 /****************************************************************
26 ****************************************************************/
28 struct nt_user_token *registry_create_system_token(TALLOC_CTX *mem_ctx)
30 struct nt_user_token *token = NULL;
32 token = TALLOC_ZERO_P(mem_ctx, struct nt_user_token);
34 DEBUG(1,("talloc failed\n"));
38 token->privileges = se_priv_all;
40 if (!NT_STATUS_IS_OK(add_sid_to_array(token, &global_sid_System,
41 &token->user_sids, &token->num_sids))) {
42 DEBUG(1,("Error adding nt-authority system sid to token\n"));
49 /****************************************************************
50 ****************************************************************/
52 WERROR gp_init_reg_ctx(TALLOC_CTX *mem_ctx,
53 const char *initial_path,
54 uint32_t desired_access,
55 const struct nt_user_token *token,
56 struct gp_registry_context **reg_ctx)
58 struct gp_registry_context *tmp_ctx;
62 return WERR_INVALID_PARAM;
65 werr = registry_init_basic();
66 if (!W_ERROR_IS_OK(werr)) {
70 tmp_ctx = TALLOC_ZERO_P(mem_ctx, struct gp_registry_context);
71 W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
74 tmp_ctx->token = token;
76 tmp_ctx->token = registry_create_system_token(mem_ctx);
78 if (!tmp_ctx->token) {
84 if (!W_ERROR_IS_OK(werr)) {
89 tmp_ctx->path = talloc_strdup(mem_ctx, initial_path);
95 werr = reg_open_path(mem_ctx, tmp_ctx->path, desired_access,
96 tmp_ctx->token, &tmp_ctx->curr_key);
97 if (!W_ERROR_IS_OK(werr)) {
108 /****************************************************************
109 ****************************************************************/
111 void gp_free_reg_ctx(struct gp_registry_context *reg_ctx)
113 TALLOC_FREE(reg_ctx);
116 /****************************************************************
117 ****************************************************************/
119 WERROR gp_store_reg_subkey(TALLOC_CTX *mem_ctx,
120 const char *subkeyname,
121 struct registry_key *curr_key,
122 struct registry_key **new_key)
124 enum winreg_CreateAction action = REG_ACTION_NONE;
127 werr = reg_createkey(mem_ctx, curr_key, subkeyname,
128 REG_KEY_WRITE, new_key, &action);
129 if (W_ERROR_IS_OK(werr) && (action != REG_CREATED_NEW_KEY)) {
136 /****************************************************************
137 ****************************************************************/
139 WERROR gp_read_reg_subkey(TALLOC_CTX *mem_ctx,
140 struct gp_registry_context *reg_ctx,
141 const char *subkeyname,
142 struct registry_key **key)
144 const char *tmp = NULL;
146 if (!reg_ctx || !subkeyname || !key) {
147 return WERR_INVALID_PARAM;
150 tmp = talloc_asprintf(mem_ctx, "%s\\%s", reg_ctx->path, subkeyname);
151 W_ERROR_HAVE_NO_MEMORY(tmp);
153 return reg_open_path(mem_ctx, tmp, REG_KEY_READ,
154 reg_ctx->token, key);
157 /****************************************************************
158 ****************************************************************/
160 WERROR gp_store_reg_val_sz(TALLOC_CTX *mem_ctx,
161 struct registry_key *key,
162 const char *val_name,
165 struct registry_value reg_val;
166 ZERO_STRUCT(reg_val);
169 val = val ? val : " ";
171 reg_val.type = REG_SZ;
172 reg_val.v.sz.len = strlen(val);
173 reg_val.v.sz.str = talloc_strdup(mem_ctx, val);
174 W_ERROR_HAVE_NO_MEMORY(reg_val.v.sz.str);
176 return reg_setvalue(key, val_name, ®_val);
179 /****************************************************************
180 ****************************************************************/
182 static WERROR gp_store_reg_val_dword(TALLOC_CTX *mem_ctx,
183 struct registry_key *key,
184 const char *val_name,
187 struct registry_value reg_val;
188 ZERO_STRUCT(reg_val);
190 reg_val.type = REG_DWORD;
191 reg_val.v.dword = val;
193 return reg_setvalue(key, val_name, ®_val);
196 /****************************************************************
197 ****************************************************************/
199 WERROR gp_read_reg_val_sz(TALLOC_CTX *mem_ctx,
200 struct registry_key *key,
201 const char *val_name,
205 struct registry_value *reg_val = NULL;
207 werr = reg_queryvalue(mem_ctx, key, val_name, ®_val);
208 W_ERROR_NOT_OK_RETURN(werr);
210 if (reg_val->type != REG_SZ) {
211 return WERR_INVALID_DATATYPE;
214 *val = talloc_strdup(mem_ctx, reg_val->v.sz.str);
215 W_ERROR_HAVE_NO_MEMORY(*val);
220 /****************************************************************
221 ****************************************************************/
223 static WERROR gp_read_reg_val_dword(TALLOC_CTX *mem_ctx,
224 struct registry_key *key,
225 const char *val_name,
229 struct registry_value *reg_val = NULL;
231 werr = reg_queryvalue(mem_ctx, key, val_name, ®_val);
232 W_ERROR_NOT_OK_RETURN(werr);
234 if (reg_val->type != REG_DWORD) {
235 return WERR_INVALID_DATATYPE;
238 *val = reg_val->v.dword;
243 /****************************************************************
244 ****************************************************************/
246 static WERROR gp_store_reg_gpovals(TALLOC_CTX *mem_ctx,
247 struct registry_key *key,
248 struct GROUP_POLICY_OBJECT *gpo)
253 return WERR_INVALID_PARAM;
256 werr = gp_store_reg_val_dword(mem_ctx, key, "Version",
258 W_ERROR_NOT_OK_RETURN(werr);
260 werr = gp_store_reg_val_dword(mem_ctx, key, "WQLFilterPass",
262 W_ERROR_NOT_OK_RETURN(werr);
264 werr = gp_store_reg_val_dword(mem_ctx, key, "AccessDenied",
266 W_ERROR_NOT_OK_RETURN(werr);
268 werr = gp_store_reg_val_dword(mem_ctx, key, "GPO-Disabled",
269 (gpo->options & GPO_FLAG_DISABLE));
270 W_ERROR_NOT_OK_RETURN(werr);
272 werr = gp_store_reg_val_dword(mem_ctx, key, "Options",
274 W_ERROR_NOT_OK_RETURN(werr);
276 werr = gp_store_reg_val_sz(mem_ctx, key, "GPOID",
278 W_ERROR_NOT_OK_RETURN(werr);
280 werr = gp_store_reg_val_sz(mem_ctx, key, "SOM",
282 W_ERROR_NOT_OK_RETURN(werr);
284 werr = gp_store_reg_val_sz(mem_ctx, key, "DisplayName",
286 W_ERROR_NOT_OK_RETURN(werr);
288 werr = gp_store_reg_val_sz(mem_ctx, key, "WQL-Id",
290 W_ERROR_NOT_OK_RETURN(werr);
295 /****************************************************************
296 ****************************************************************/
298 static const char *gp_reg_groupmembership_path(TALLOC_CTX *mem_ctx,
302 if (flags & GPO_LIST_FLAG_MACHINE) {
303 return "GroupMembership";
306 return talloc_asprintf(mem_ctx, "%s\\%s", sid_string_tos(sid),
310 /****************************************************************
311 ****************************************************************/
313 static WERROR gp_reg_del_groupmembership(TALLOC_CTX *mem_ctx,
314 struct registry_key *key,
315 const struct nt_user_token *token,
318 const char *path = NULL;
320 path = gp_reg_groupmembership_path(mem_ctx, &token->user_sids[0],
322 W_ERROR_HAVE_NO_MEMORY(path);
324 return reg_deletekey_recursive(mem_ctx, key, path);
328 /****************************************************************
329 ****************************************************************/
331 static WERROR gp_reg_store_groupmembership(TALLOC_CTX *mem_ctx,
332 struct gp_registry_context *reg_ctx,
333 const struct nt_user_token *token,
336 struct registry_key *key = NULL;
339 const char *valname = NULL;
340 const char *path = NULL;
341 const char *val = NULL;
344 path = gp_reg_groupmembership_path(mem_ctx, &token->user_sids[0],
346 W_ERROR_HAVE_NO_MEMORY(path);
348 gp_reg_del_groupmembership(mem_ctx, reg_ctx->curr_key, token, flags);
350 werr = gp_store_reg_subkey(mem_ctx, path,
351 reg_ctx->curr_key, &key);
352 W_ERROR_NOT_OK_RETURN(werr);
354 for (i=0; i<token->num_sids; i++) {
356 valname = talloc_asprintf(mem_ctx, "Group%d", count++);
357 W_ERROR_HAVE_NO_MEMORY(valname);
359 val = sid_string_talloc(mem_ctx, &token->user_sids[i]);
360 W_ERROR_HAVE_NO_MEMORY(val);
361 werr = gp_store_reg_val_sz(mem_ctx, key, valname, val);
362 W_ERROR_NOT_OK_RETURN(werr);
365 werr = gp_store_reg_val_dword(mem_ctx, key, "Count", count);
366 W_ERROR_NOT_OK_RETURN(werr);
371 /****************************************************************
372 ****************************************************************/
375 static WERROR gp_reg_read_groupmembership(TALLOC_CTX *mem_ctx,
376 struct gp_registry_context *reg_ctx,
377 const DOM_SID *object_sid,
378 struct nt_user_token **token,
381 struct registry_key *key = NULL;
384 const char *valname = NULL;
385 const char *val = NULL;
386 const char *path = NULL;
388 int num_token_sids = 0;
389 struct nt_user_token *tmp_token = NULL;
391 tmp_token = TALLOC_ZERO_P(mem_ctx, struct nt_user_token);
392 W_ERROR_HAVE_NO_MEMORY(tmp_token);
394 path = gp_reg_groupmembership_path(mem_ctx, object_sid, flags);
395 W_ERROR_HAVE_NO_MEMORY(path);
397 werr = gp_read_reg_subkey(mem_ctx, reg_ctx, path, &key);
398 W_ERROR_NOT_OK_RETURN(werr);
400 werr = gp_read_reg_val_dword(mem_ctx, key, "Count", &count);
401 W_ERROR_NOT_OK_RETURN(werr);
403 for (i=0; i<count; i++) {
405 valname = talloc_asprintf(mem_ctx, "Group%d", i);
406 W_ERROR_HAVE_NO_MEMORY(valname);
408 werr = gp_read_reg_val_sz(mem_ctx, key, valname, &val);
409 W_ERROR_NOT_OK_RETURN(werr);
411 if (!string_to_sid(&tmp_token->user_sids[num_token_sids++],
413 return WERR_INSUFFICIENT_BUFFER;
417 tmp_token->num_sids = num_token_sids;
424 /****************************************************************
425 ****************************************************************/
427 static const char *gp_req_state_path(TALLOC_CTX *mem_ctx,
431 if (flags & GPO_LIST_FLAG_MACHINE) {
432 return GPO_REG_STATE_MACHINE;
435 return talloc_asprintf(mem_ctx, "%s\\%s", "State", sid_string_tos(sid));
438 /****************************************************************
439 ****************************************************************/
441 static WERROR gp_del_reg_state(TALLOC_CTX *mem_ctx,
442 struct registry_key *key,
445 return reg_deletesubkeys_recursive(mem_ctx, key, path);
448 /****************************************************************
449 ****************************************************************/
451 WERROR gp_reg_state_store(TALLOC_CTX *mem_ctx,
454 const struct nt_user_token *token,
455 struct GROUP_POLICY_OBJECT *gpo_list)
457 struct gp_registry_context *reg_ctx = NULL;
458 WERROR werr = WERR_GENERAL_FAILURE;
459 const char *subkeyname = NULL;
460 struct GROUP_POLICY_OBJECT *gpo;
462 struct registry_key *key;
464 werr = gp_init_reg_ctx(mem_ctx, KEY_GROUP_POLICY, REG_KEY_WRITE,
466 W_ERROR_NOT_OK_RETURN(werr);
468 werr = gp_secure_key(mem_ctx, flags, reg_ctx->curr_key,
469 &token->user_sids[0]);
470 if (!W_ERROR_IS_OK(werr)) {
471 DEBUG(0,("failed to secure key: %s\n", win_errstr(werr)));
475 werr = gp_reg_store_groupmembership(mem_ctx, reg_ctx, token, flags);
476 if (!W_ERROR_IS_OK(werr)) {
477 DEBUG(0,("failed to store group membership: %s\n", win_errstr(werr)));
481 subkeyname = gp_req_state_path(mem_ctx, &token->user_sids[0], flags);
487 werr = gp_del_reg_state(mem_ctx, reg_ctx->curr_key, subkeyname);
488 if (!W_ERROR_IS_OK(werr)) {
489 DEBUG(0,("failed to delete old state: %s\n", win_errstr(werr)));
493 werr = gp_store_reg_subkey(mem_ctx, subkeyname,
494 reg_ctx->curr_key, ®_ctx->curr_key);
495 if (!W_ERROR_IS_OK(werr)) {
499 werr = gp_store_reg_val_sz(mem_ctx, reg_ctx->curr_key,
500 "Distinguished-Name", dn);
501 if (!W_ERROR_IS_OK(werr)) {
505 /* store link list */
507 werr = gp_store_reg_subkey(mem_ctx, "GPLink-List",
508 reg_ctx->curr_key, &key);
509 if (!W_ERROR_IS_OK(werr)) {
515 werr = gp_store_reg_subkey(mem_ctx, "GPO-List",
516 reg_ctx->curr_key, ®_ctx->curr_key);
517 if (!W_ERROR_IS_OK(werr)) {
521 for (gpo = gpo_list; gpo; gpo = gpo->next) {
523 subkeyname = talloc_asprintf(mem_ctx, "%d", count++);
529 werr = gp_store_reg_subkey(mem_ctx, subkeyname,
530 reg_ctx->curr_key, &key);
531 if (!W_ERROR_IS_OK(werr)) {
535 werr = gp_store_reg_gpovals(mem_ctx, key, gpo);
536 if (!W_ERROR_IS_OK(werr)) {
537 DEBUG(0,("gp_reg_state_store: "
538 "gpo_store_reg_gpovals failed for %s: %s\n",
539 gpo->display_name, win_errstr(werr)));
544 gp_free_reg_ctx(reg_ctx);
548 /****************************************************************
549 ****************************************************************/
551 static WERROR gp_read_reg_gpovals(TALLOC_CTX *mem_ctx,
552 struct registry_key *key,
553 struct GROUP_POLICY_OBJECT *gpo)
558 return WERR_INVALID_PARAM;
561 werr = gp_read_reg_val_dword(mem_ctx, key, "Version",
563 W_ERROR_NOT_OK_RETURN(werr);
565 werr = gp_read_reg_val_dword(mem_ctx, key, "Options",
567 W_ERROR_NOT_OK_RETURN(werr);
569 werr = gp_read_reg_val_sz(mem_ctx, key, "GPOID",
571 W_ERROR_NOT_OK_RETURN(werr);
573 werr = gp_read_reg_val_sz(mem_ctx, key, "SOM",
575 W_ERROR_NOT_OK_RETURN(werr);
577 werr = gp_read_reg_val_sz(mem_ctx, key, "DisplayName",
579 W_ERROR_NOT_OK_RETURN(werr);
584 /****************************************************************
585 ****************************************************************/
587 static WERROR gp_read_reg_gpo(TALLOC_CTX *mem_ctx,
588 struct registry_key *key,
589 struct GROUP_POLICY_OBJECT **gpo_ret)
591 struct GROUP_POLICY_OBJECT *gpo = NULL;
594 if (!gpo_ret || !key) {
595 return WERR_INVALID_PARAM;
598 gpo = TALLOC_ZERO_P(mem_ctx, struct GROUP_POLICY_OBJECT);
599 W_ERROR_HAVE_NO_MEMORY(gpo);
601 werr = gp_read_reg_gpovals(mem_ctx, key, gpo);
602 W_ERROR_NOT_OK_RETURN(werr);
609 /****************************************************************
610 ****************************************************************/
612 WERROR gp_reg_state_read(TALLOC_CTX *mem_ctx,
615 struct GROUP_POLICY_OBJECT **gpo_list)
617 struct gp_registry_context *reg_ctx = NULL;
618 WERROR werr = WERR_GENERAL_FAILURE;
619 const char *subkeyname = NULL;
620 struct GROUP_POLICY_OBJECT *gpo = NULL;
622 struct registry_key *key = NULL;
623 const char *path = NULL;
624 const char *gp_state_path = NULL;
627 return WERR_INVALID_PARAM;
630 ZERO_STRUCTP(gpo_list);
632 gp_state_path = gp_req_state_path(mem_ctx, sid, flags);
633 if (!gp_state_path) {
638 path = talloc_asprintf(mem_ctx, "%s\\%s\\%s",
647 werr = gp_init_reg_ctx(mem_ctx, path, REG_KEY_READ, NULL, ®_ctx);
648 if (!W_ERROR_IS_OK(werr)) {
654 subkeyname = talloc_asprintf(mem_ctx, "%d", count++);
660 werr = gp_read_reg_subkey(mem_ctx, reg_ctx, subkeyname, &key);
661 if (W_ERROR_EQUAL(werr, WERR_BADFILE)) {
665 if (!W_ERROR_IS_OK(werr)) {
666 DEBUG(0,("gp_reg_state_read: "
667 "gp_read_reg_subkey gave: %s\n",
672 werr = gp_read_reg_gpo(mem_ctx, key, &gpo);
673 if (!W_ERROR_IS_OK(werr)) {
677 DLIST_ADD(*gpo_list, gpo);
681 gp_free_reg_ctx(reg_ctx);
685 /****************************************************************
686 ****************************************************************/
688 static WERROR gp_reg_generate_sd(TALLOC_CTX *mem_ctx,
690 struct security_descriptor **sd,
696 SEC_ACL *theacl = NULL;
698 uint8_t inherit_flags;
701 init_sec_ace(&ace[0],
703 SEC_ACE_TYPE_ACCESS_ALLOWED,
707 init_sec_ace(&ace[1],
708 &global_sid_Builtin_Administrators,
709 SEC_ACE_TYPE_ACCESS_ALLOWED,
713 init_sec_ace(&ace[2],
714 sid ? sid : &global_sid_Authenticated_Users,
715 SEC_ACE_TYPE_ACCESS_ALLOWED,
718 inherit_flags = SEC_ACE_FLAG_OBJECT_INHERIT |
719 SEC_ACE_FLAG_CONTAINER_INHERIT |
720 SEC_ACE_FLAG_INHERIT_ONLY;
723 init_sec_ace(&ace[3],
725 SEC_ACE_TYPE_ACCESS_ALLOWED,
726 mask, inherit_flags);
729 init_sec_ace(&ace[4],
730 &global_sid_Builtin_Administrators,
731 SEC_ACE_TYPE_ACCESS_ALLOWED,
732 mask, inherit_flags);
735 init_sec_ace(&ace[5],
736 sid ? sid : &global_sid_Authenticated_Users,
737 SEC_ACE_TYPE_ACCESS_ALLOWED,
738 mask, inherit_flags);
740 theacl = make_sec_acl(mem_ctx, NT4_ACL_REVISION, 6, ace);
741 W_ERROR_HAVE_NO_MEMORY(theacl);
743 *sd = make_sec_desc(mem_ctx, SEC_DESC_REVISION,
744 SEC_DESC_SELF_RELATIVE |
745 SEC_DESC_DACL_AUTO_INHERITED | /* really ? */
746 SEC_DESC_DACL_AUTO_INHERIT_REQ, /* really ? */
749 W_ERROR_HAVE_NO_MEMORY(*sd);
754 /****************************************************************
755 ****************************************************************/
757 WERROR gp_secure_key(TALLOC_CTX *mem_ctx,
759 struct registry_key *key,
762 struct security_descriptor *sd = NULL;
764 const DOM_SID *sd_sid = NULL;
767 if (!(flags & GPO_LIST_FLAG_MACHINE)) {
771 werr = gp_reg_generate_sd(mem_ctx, sd_sid, &sd, &sd_size);
772 W_ERROR_NOT_OK_RETURN(werr);
774 return reg_setkeysecurity(key, sd);
777 /****************************************************************
778 ****************************************************************/
780 void dump_reg_val(int lvl, const char *direction,
781 const char *key, const char *subkey,
782 struct registry_value *val)
785 const char *type_str = NULL;
788 DEBUG(lvl,("no val!\n"));
792 type_str = str_regtype(val->type);
794 DEBUG(lvl,("\tdump_reg_val:\t%s '%s'\n\t\t\t'%s' %s: ",
795 direction, key, subkey, type_str));
799 DEBUG(lvl,("%d (0x%08x)\n",
800 (int)val->v.dword, val->v.dword));
803 DEBUG(lvl,("%d (0x%016llx)\n",
805 (unsigned long long)val->v.qword));
808 DEBUG(lvl,("%s (length: %d)\n",
810 (int)val->v.sz.len));
813 DEBUG(lvl,("(num_strings: %d)\n",
814 val->v.multi_sz.num_strings));
815 for (i=0; i < val->v.multi_sz.num_strings; i++) {
816 DEBUGADD(lvl,("\t%s\n",
817 val->v.multi_sz.strings[i]));
824 dump_data(lvl, val->v.binary.data,
825 val->v.binary.length);
828 DEBUG(lvl,("unsupported type: %d\n", val->type));
833 /****************************************************************
834 ****************************************************************/
836 void dump_reg_entry(uint32_t flags,
838 struct gp_registry_entry *entry)
840 if (!(flags & GPO_INFO_FLAG_VERBOSE))
849 /****************************************************************
850 ****************************************************************/
852 void dump_reg_entries(uint32_t flags,
854 struct gp_registry_entry *entries,
859 if (!(flags & GPO_INFO_FLAG_VERBOSE))
862 for (i=0; i < num_entries; i++) {
863 dump_reg_entry(flags, dir, &entries[i]);
867 /****************************************************************
868 ****************************************************************/
870 bool add_gp_registry_entry_to_array(TALLOC_CTX *mem_ctx,
871 struct gp_registry_entry *entry,
872 struct gp_registry_entry **entries,
875 *entries = TALLOC_REALLOC_ARRAY(mem_ctx, *entries,
876 struct gp_registry_entry,
879 if (*entries == NULL) {
884 (*entries)[*num].action = entry->action;
885 (*entries)[*num].key = entry->key;
886 (*entries)[*num].value = entry->value;
887 (*entries)[*num].data = entry->data;
893 /****************************************************************
894 ****************************************************************/
896 static const char *gp_reg_action_str(enum gp_reg_action action)
899 case GP_REG_ACTION_NONE:
900 return "GP_REG_ACTION_NONE";
901 case GP_REG_ACTION_ADD_VALUE:
902 return "GP_REG_ACTION_ADD_VALUE";
903 case GP_REG_ACTION_ADD_KEY:
904 return "GP_REG_ACTION_ADD_KEY";
905 case GP_REG_ACTION_DEL_VALUES:
906 return "GP_REG_ACTION_DEL_VALUES";
907 case GP_REG_ACTION_DEL_VALUE:
908 return "GP_REG_ACTION_DEL_VALUE";
909 case GP_REG_ACTION_DEL_ALL_VALUES:
910 return "GP_REG_ACTION_DEL_ALL_VALUES";
911 case GP_REG_ACTION_DEL_KEYS:
912 return "GP_REG_ACTION_DEL_KEYS";
913 case GP_REG_ACTION_SEC_KEY_SET:
914 return "GP_REG_ACTION_SEC_KEY_SET";
915 case GP_REG_ACTION_SEC_KEY_RESET:
916 return "GP_REG_ACTION_SEC_KEY_RESET";
922 /****************************************************************
923 ****************************************************************/
925 WERROR reg_apply_registry_entry(TALLOC_CTX *mem_ctx,
926 struct registry_key *root_key,
927 struct gp_registry_context *reg_ctx,
928 struct gp_registry_entry *entry,
929 const struct nt_user_token *token,
933 struct registry_key *key = NULL;
935 if (flags & GPO_INFO_FLAG_VERBOSE) {
936 printf("about to store key: [%s]\n", entry->key);
937 printf(" value: [%s]\n", entry->value);
938 printf(" data: [%s]\n", str_regtype(entry->data->type));
939 printf(" action: [%s]\n", gp_reg_action_str(entry->action));
942 werr = gp_store_reg_subkey(mem_ctx, entry->key,
944 /* reg_ctx->curr_key, &key); */
945 if (!W_ERROR_IS_OK(werr)) {
946 DEBUG(0,("gp_store_reg_subkey failed: %s\n", win_errstr(werr)));
950 switch (entry->action) {
951 case GP_REG_ACTION_NONE:
952 case GP_REG_ACTION_ADD_KEY:
955 case GP_REG_ACTION_SEC_KEY_SET:
956 werr = gp_secure_key(mem_ctx, flags,
958 &token->user_sids[0]);
959 if (!W_ERROR_IS_OK(werr)) {
960 DEBUG(0,("reg_apply_registry_entry: "
961 "gp_secure_key failed: %s\n",
966 case GP_REG_ACTION_ADD_VALUE:
967 werr = reg_setvalue(key, entry->value, entry->data);
968 if (!W_ERROR_IS_OK(werr)) {
969 DEBUG(0,("reg_apply_registry_entry: "
970 "reg_setvalue failed: %s\n",
972 dump_reg_entry(flags, "STORE", entry);
976 case GP_REG_ACTION_DEL_VALUE:
977 werr = reg_deletevalue(key, entry->value);
978 if (!W_ERROR_IS_OK(werr)) {
979 DEBUG(0,("reg_apply_registry_entry: "
980 "reg_deletevalue failed: %s\n",
982 dump_reg_entry(flags, "STORE", entry);
986 case GP_REG_ACTION_DEL_ALL_VALUES:
987 werr = reg_deleteallvalues(key);
988 if (!W_ERROR_IS_OK(werr)) {
989 DEBUG(0,("reg_apply_registry_entry: "
990 "reg_deleteallvalues failed: %s\n",
992 dump_reg_entry(flags, "STORE", entry);
996 case GP_REG_ACTION_DEL_VALUES:
997 case GP_REG_ACTION_DEL_KEYS:
998 case GP_REG_ACTION_SEC_KEY_RESET:
999 DEBUG(0,("reg_apply_registry_entry: "
1000 "not yet supported: %s (%d)\n",
1001 gp_reg_action_str(entry->action),
1003 return WERR_NOT_SUPPORTED;
1005 DEBUG(0,("invalid action: %d\n", entry->action));
1006 return WERR_INVALID_PARAM;