static WERROR reg_apply_registry(TALLOC_CTX *mem_ctx,
const struct security_token *token,
struct registry_key *root_key,
uint32_t flags,
struct gp_registry_entry *entries,
size_t num_entries)
{
struct gp_registry_context *reg_ctx = NULL;
WERROR werr;
size_t i;
if (num_entries == 0) {
return WERR_OK;
}
#if 0
if (flags & GPO_LIST_FLAG_MACHINE) {
werr = gp_init_reg_ctx(mem_ctx, KEY_HKLM, REG_KEY_WRITE,
get_system_token(),
®_ctx);
} else {
werr = gp_init_reg_ctx(mem_ctx, KEY_HKCU, REG_KEY_WRITE,
token,
®_ctx);
}
W_ERROR_NOT_OK_RETURN(werr);
#endif
for (i=0; i<num_entries; i++) {
/* FIXME: maybe we should check here if we attempt to go beyond
* the 4 allowed reg keys */
werr = reg_apply_registry_entry(mem_ctx, root_key,
reg_ctx,
&(entries)[i],
token, flags);
if (!W_ERROR_IS_OK(werr)) {
DEBUG(0,("failed to apply registry: %s\n",
win_errstr(werr)));
goto done;
}
}
done:
gp_free_reg_ctx(reg_ctx);
return werr;
}
static WERROR scripts_apply(TALLOC_CTX *mem_ctx,
const struct security_token *token,
struct registry_key *root_key,
uint32_t flags,
const char *section,
const struct GROUP_POLICY_OBJECT *gpo,
struct gp_registry_entry *entries,
size_t num_entries)
{
struct gp_registry_context *reg_ctx = NULL;
WERROR werr;
size_t i;
const char *keystr = NULL;
int count = 0;
if (num_entries == 0) {
return WERR_OK;
}
#if 0
if (flags & GPO_INFO_FLAG_MACHINE) {
struct security_token *tmp_token;
tmp_token = registry_create_system_token(mem_ctx);
W_ERROR_HAVE_NO_MEMORY(tmp_token);
werr = gp_init_reg_ctx(mem_ctx, KEY_HKLM, REG_KEY_WRITE,
tmp_token,
®_ctx);
} else {
werr = gp_init_reg_ctx(mem_ctx, KEY_HKCU, REG_KEY_WRITE,
token,
®_ctx);
}
W_ERROR_NOT_OK_RETURN(werr);
#endif
keystr = talloc_asprintf(mem_ctx, "%s\\%s\\%d", KEY_GP_SCRIPTS,
section, count++);
W_ERROR_HAVE_NO_MEMORY(keystr);
reg_deletekey_recursive(root_key, keystr);
werr = gp_store_reg_subkey(mem_ctx, keystr,
root_key, &root_key);
if (!W_ERROR_IS_OK(werr)) {
goto done;
}
werr = scripts_store_reg_gpovals(mem_ctx, root_key, gpo);
if (!W_ERROR_IS_OK(werr)) {
goto done;
}
for (i=0; i<num_entries; i++) {
werr = reg_apply_registry_entry(mem_ctx, root_key, reg_ctx,
&(entries)[i],
token, flags);
if (!W_ERROR_IS_OK(werr)) {
DEBUG(0,("failed to apply registry: %s\n",
win_errstr(werr)));
goto done;
}
}
done:
gp_free_reg_ctx(reg_ctx);
return werr;
}
ADS_STATUS gpo_process_gpo_list(ADS_STRUCT *ads,
TALLOC_CTX *mem_ctx,
const struct security_token *token,
struct GROUP_POLICY_OBJECT *gpo_list,
const char *extensions_guid_filter,
uint32_t flags)
{
ADS_STATUS status = ADS_SUCCESS;
struct gp_extension *gp_ext_list = NULL;
struct gp_extension *gp_ext = NULL;
struct registry_key *root_key = NULL;
struct gp_registry_context *reg_ctx = NULL;
#if 0
WERROR werr;
#endif
status = ADS_ERROR_NT(init_gp_extensions(mem_ctx));
if (!ADS_ERR_OK(status)) {
return status;
}
gp_ext_list = get_gp_extension_list();
if (!gp_ext_list) {
return ADS_ERROR_NT(NT_STATUS_DLL_INIT_FAILED);
}
/* FIXME Needs to be replaced with new patchfile_preg calls */
#if 0
/* get the key here */
if (flags & GPO_LIST_FLAG_MACHINE) {
werr = gp_init_reg_ctx(mem_ctx, KEY_HKLM, REG_KEY_WRITE,
get_system_token(),
®_ctx);
} else {
werr = gp_init_reg_ctx(mem_ctx, KEY_HKCU, REG_KEY_WRITE,
token,
®_ctx);
}
if (!W_ERROR_IS_OK(werr)) {
talloc_free(reg_ctx);
return ADS_ERROR_NT(werror_to_ntstatus(werr));
}
#endif
root_key = reg_ctx->curr_key;
for (gp_ext = gp_ext_list; gp_ext; gp_ext = gp_ext->next) {
const char *guid_str = NULL;
guid_str = GUID_string(mem_ctx, gp_ext->guid);
if (!guid_str) {
status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
goto done;
}
if (extensions_guid_filter &&
(!strequal(guid_str, extensions_guid_filter))) {
continue;
}
DEBUG(0,("-------------------------------------------------\n"));
DEBUG(0,("gpo_process_gpo_list: processing ext: %s {%s}\n",
gp_ext->name, guid_str));
status = gpo_process_gpo_list_by_ext(ads, mem_ctx, token,
root_key, gpo_list,
guid_str, flags);
if (!ADS_ERR_OK(status)) {
goto done;
}
}
done:
talloc_free(reg_ctx);
talloc_free(root_key);
free_gp_extensions();
return status;
}
WERROR gp_reg_state_read(TALLOC_CTX *mem_ctx,
uint32_t flags,
const struct dom_sid *sid,
struct GROUP_POLICY_OBJECT **gpo_list)
{
struct gp_registry_context *reg_ctx = NULL;
WERROR werr = WERR_GENERAL_FAILURE;
const char *subkeyname = NULL;
struct GROUP_POLICY_OBJECT *gpo = NULL;
int count = 0;
struct registry_key *key = NULL;
const char *path = NULL;
const char *gp_state_path = NULL;
if (!gpo_list) {
return WERR_INVALID_PARAM;
}
ZERO_STRUCTP(gpo_list);
gp_state_path = gp_req_state_path(mem_ctx, sid, flags);
if (!gp_state_path) {
werr = WERR_NOMEM;
goto done;
}
path = talloc_asprintf(mem_ctx, "%s\\%s\\%s",
KEY_GROUP_POLICY,
gp_state_path,
"GPO-List");
if (!path) {
werr = WERR_NOMEM;
goto done;
}
werr = gp_init_reg_ctx(mem_ctx, path, REG_KEY_READ, NULL, ®_ctx);
if (!W_ERROR_IS_OK(werr)) {
goto done;
}
while (1) {
subkeyname = talloc_asprintf(mem_ctx, "%d", count++);
if (!subkeyname) {
werr = WERR_NOMEM;
goto done;
}
werr = gp_read_reg_subkey(mem_ctx, reg_ctx, subkeyname, &key);
if (W_ERROR_EQUAL(werr, WERR_BADFILE)) {
werr = WERR_OK;
break;
}
if (!W_ERROR_IS_OK(werr)) {
DEBUG(0,("gp_reg_state_read: "
"gp_read_reg_subkey gave: %s\n",
win_errstr(werr)));
goto done;
}
werr = gp_read_reg_gpo(mem_ctx, key, &gpo);
if (!W_ERROR_IS_OK(werr)) {
goto done;
}
DLIST_ADD(*gpo_list, gpo);
}
done:
gp_free_reg_ctx(reg_ctx);
return werr;
}
WERROR gp_reg_state_store(TALLOC_CTX *mem_ctx,
uint32_t flags,
const char *dn,
const struct security_token *token,
struct GROUP_POLICY_OBJECT *gpo_list)
{
struct gp_registry_context *reg_ctx = NULL;
WERROR werr = WERR_GENERAL_FAILURE;
const char *subkeyname = NULL;
struct GROUP_POLICY_OBJECT *gpo;
int count = 0;
struct registry_key *key;
werr = gp_init_reg_ctx(mem_ctx, KEY_GROUP_POLICY, REG_KEY_WRITE,
token, ®_ctx);
W_ERROR_NOT_OK_RETURN(werr);
werr = gp_secure_key(mem_ctx, flags, reg_ctx->curr_key,
&token->sids[0]);
if (!W_ERROR_IS_OK(werr)) {
DEBUG(0,("failed to secure key: %s\n", win_errstr(werr)));
goto done;
}
werr = gp_reg_store_groupmembership(mem_ctx, reg_ctx, token, flags);
if (!W_ERROR_IS_OK(werr)) {
DEBUG(0,("failed to store group membership: %s\n", win_errstr(werr)));
goto done;
}
subkeyname = gp_req_state_path(mem_ctx, &token->sids[0], flags);
if (!subkeyname) {
werr = WERR_NOMEM;
goto done;
}
werr = gp_del_reg_state(mem_ctx, reg_ctx->curr_key, subkeyname);
if (!W_ERROR_IS_OK(werr)) {
DEBUG(0,("failed to delete old state: %s\n", win_errstr(werr)));
/* goto done; */
}
werr = gp_store_reg_subkey(mem_ctx, subkeyname,
reg_ctx->curr_key, ®_ctx->curr_key);
if (!W_ERROR_IS_OK(werr)) {
goto done;
}
werr = gp_store_reg_val_sz(mem_ctx, reg_ctx->curr_key,
"Distinguished-Name", dn);
if (!W_ERROR_IS_OK(werr)) {
goto done;
}
/* store link list */
werr = gp_store_reg_subkey(mem_ctx, "GPLink-List",
reg_ctx->curr_key, &key);
if (!W_ERROR_IS_OK(werr)) {
goto done;
}
/* store gpo list */
werr = gp_store_reg_subkey(mem_ctx, "GPO-List",
reg_ctx->curr_key, ®_ctx->curr_key);
if (!W_ERROR_IS_OK(werr)) {
goto done;
}
for (gpo = gpo_list; gpo; gpo = gpo->next) {
subkeyname = talloc_asprintf(mem_ctx, "%d", count++);
if (!subkeyname) {
werr = WERR_NOMEM;
goto done;
}
werr = gp_store_reg_subkey(mem_ctx, subkeyname,
reg_ctx->curr_key, &key);
if (!W_ERROR_IS_OK(werr)) {
goto done;
}
werr = gp_store_reg_gpovals(mem_ctx, key, gpo);
if (!W_ERROR_IS_OK(werr)) {
DEBUG(0,("gp_reg_state_store: "
"gpo_store_reg_gpovals failed for %s: %s\n",
gpo->display_name, win_errstr(werr)));
goto done;
}
}
done:
gp_free_reg_ctx(reg_ctx);
return werr;
}
