diff options
-rw-r--r-- | source3/Makefile.in | 6 | ||||
-rw-r--r-- | source3/libgpo/gpo_parse.c | 257 |
2 files changed, 242 insertions, 21 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in index 0e4a9308de..19bd0afbf3 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -615,7 +615,7 @@ NET_OBJ = $(NET_OBJ1) $(PARAM_OBJ) $(SECRETS_OBJ) $(LIBSMB_OBJ) \ $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ) $(POPT_LIB_OBJ) \ $(SMBLDAP_OBJ) $(DCUTIL_OBJ) $(SERVER_MUTEX_OBJ) \ $(AFS_OBJ) $(AFS_SETTOKEN_OBJ) $(REGFIO_OBJ) $(READLINE_OBJ) \ - $(LDB_OBJ) $(LIBGPO_OBJ) lib/display_sec.o + $(LDB_OBJ) $(LIBGPO_OBJ) $(INIPARSER_OBJ) lib/display_sec.o CUPS_OBJ = client/smbspool.o $(PARAM_OBJ) $(LIBSMB_OBJ) \ $(LIB_NONSMBD_OBJ) $(KRBCLIENT_OBJ) $(SECRETS_OBJ) @@ -1031,9 +1031,9 @@ bin/smbctool@EXEEXT@: $(TOOL_OBJ) @BUILD_POPT@ bin/.dummy @echo Linking $@ @$(CC) $(FLAGS) @PIE_LDFLAGS@ -o $@ $(TOOL_OBJ) $(LDFLAGS) $(DYNEXP) $(TERMLDFLAGS) $(TERMLIBS) $(LIBS) @POPTLIBS@ $(KRB5LIBS) $(LDAP_LIBS) -Lbin -lsmbclient -bin/net@EXEEXT@: $(NET_OBJ) @BUILD_POPT@ bin/.dummy +bin/net@EXEEXT@: $(NET_OBJ) @BUILD_POPT@ @BUILD_INIPARSER@ bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) @PIE_LDFLAGS@ -o $@ $(NET_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) @POPTLIBS@ $(KRB5LIBS) $(UUID_LIBS) $(LDAP_LIBS) $(PASSDB_LIBS) $(TERMLDFLAGS) $(TERMLIBS) $(NSCD_LIBS) + @$(CC) $(FLAGS) @PIE_LDFLAGS@ -o $@ $(NET_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) @POPTLIBS@ $(KRB5LIBS) $(UUID_LIBS) $(LDAP_LIBS) $(PASSDB_LIBS) $(TERMLDFLAGS) $(TERMLIBS) $(NSCD_LIBS) @INIPARSERLIBS@ bin/profiles@EXEEXT@: $(PROFILES_OBJ) @BUILD_POPT@ bin/.dummy @echo Linking $@ diff --git a/source3/libgpo/gpo_parse.c b/source3/libgpo/gpo_parse.c index 54d86b7739..abfbe6ac10 100644 --- a/source3/libgpo/gpo_parse.c +++ b/source3/libgpo/gpo_parse.c @@ -1,7 +1,7 @@ /* * Unix SMB/CIFS implementation. * Group Policy Object Support - * Copyright (C) Guenther Deschner 2005 + * Copyright (C) Guenther Deschner 2005-2006 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -19,40 +19,263 @@ */ #include "includes.h" +#include "iniparser/src/iniparser.h" -#ifdef HAVE_LDAP +/**************************************************************** + parse the local gpt.ini file +****************************************************************/ #define GPT_INI_SECTION_GENERAL "General" #define GPT_INI_PARAMETER_VERSION "Version" #define GPT_INI_PARAMETER_DISPLAYNAME "displayName" -struct gpt_ini { +NTSTATUS parse_gpt_ini(TALLOC_CTX *mem_ctx, const char *filename, uint32 *version, char **display_name) +{ + NTSTATUS result; + uint32 v; + char *name = NULL; + dictionary *d; + + d = iniparser_load(filename); + if (d == NULL) { + return NT_STATUS_NO_SUCH_FILE; + } + + if ((name = iniparser_getstring(d, GPT_INI_SECTION_GENERAL + ":"GPT_INI_PARAMETER_DISPLAYNAME, NULL)) == NULL) { + DEBUG(1,("parse_gpt_ini: no name\n")); + /* + result = NT_STATUS_INTERNAL_DB_CORRUPTION; + goto out; + */ + } + + if (name && display_name) { + *display_name = talloc_strdup(mem_ctx, name); + if (*display_name == NULL) { + result = NT_STATUS_NO_MEMORY; + goto out; + } + } + + if ((v = iniparser_getint(d, GPT_INI_SECTION_GENERAL + ":"GPT_INI_PARAMETER_VERSION, Undefined)) == Undefined) { + DEBUG(10,("parse_gpt_ini: no version\n")); + result = NT_STATUS_INTERNAL_DB_CORRUPTION; + goto out; + } + + if (version) { + *version = v; + } + + result = NT_STATUS_OK; + out: + if (d) { + iniparser_freedict(d); + } + + return result; +} + +#if 0 /* not yet */ + +/**************************************************************** + parse the Version section from gpttmpl file +****************************************************************/ + +#define GPTTMPL_SECTION_VERSION "Version" +#define GPTTMPL_PARAMETER_REVISION "Revision" +#define GPTTMPL_PARAMETER_SIGNATURE "signature" +#define GPTTMPL_CHICAGO "$CHICAGO$" /* whatever this is good for... */ +#define GPTTMPL_SECTION_UNICODE "Unicode" +#define GPTTMPL_PARAMETER_UNICODE "Unicode" + +static NTSTATUS parse_gpttmpl(dictionary *d, uint32 *version_out) +{ + const char *signature = NULL; uint32 version; - const char *display_name; -}; -static uint32 version; + if ((signature = iniparser_getstring(d, GPTTMPL_SECTION_VERSION + ":"GPTTMPL_PARAMETER_SIGNATURE, NULL)) == NULL) { + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } + + if (!strequal(signature, GPTTMPL_CHICAGO)) { + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } + + if ((version = iniparser_getint(d, GPTTMPL_SECTION_VERSION + ":"GPTTMPL_PARAMETER_REVISION, Undefined)) == Undefined) { + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } + + if (version_out) { + *version_out = version; + } + + /* treat that as boolean */ + if ((!iniparser_getboolean(d, GPTTMPL_SECTION_UNICODE + ":"GPTTMPL_PARAMETER_UNICODE, Undefined)) == Undefined) { + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } + + return NT_STATUS_OK; +} + +/**************************************************************** + parse the "System Access" section from gpttmpl file +****************************************************************/ + +#define GPTTMPL_SECTION_SYSTEM_ACCESS "System Access" +#define GPTTMPL_PARAMETER_MINPWDAGE "MinimumPasswordAge" +#define GPTTMPL_PARAMETER_MAXPWDAGE "MaximumPasswordAge" +#define GPTTMPL_PARAMETER_MINPWDLEN "MinimumPasswordLength" +#define GPTTMPL_PARAMETER_PWDCOMPLEX "PasswordComplexity" +#define GPTTMPL_PARAMETER_PWDHISTORY "PasswordHistorySize" +#define GPTTMPL_PARAMETER_LOCKOUTCOUNT "LockoutBadCount" -static BOOL do_section(const char *section) +static NTSTATUS parse_gpttmpl_system_access(const char *filename) { - DEBUG(10,("do_section: %s\n", section)); + NTSTATUS status; + dictionary *d = NULL; + uint32 pwd_min_age, pwd_max_age, pwd_min_len, pwd_history; + uint32 lockout_count; + BOOL pwd_complex; + uint32 version; + + d = iniparser_load(filename); + if (d == NULL) { + return NT_STATUS_NO_SUCH_FILE; + } + + status = parse_gpttmpl(d, &version); + if (!NT_STATUS_IS_OK(status)) { + goto out; + } + + status = NT_STATUS_INVALID_PARAMETER; + + if ((pwd_min_age = iniparser_getint(d, GPTTMPL_SECTION_SYSTEM_ACCESS + ":"GPTTMPL_PARAMETER_MINPWDAGE, Undefined)) == Undefined) { + goto out; + } + + if ((pwd_max_age = iniparser_getint(d, GPTTMPL_SECTION_SYSTEM_ACCESS + ":"GPTTMPL_PARAMETER_MINPWDAGE, Undefined)) == Undefined) { + goto out; + } + + if ((pwd_min_len = iniparser_getint(d, GPTTMPL_SECTION_SYSTEM_ACCESS + ":"GPTTMPL_PARAMETER_MINPWDLEN, Undefined)) == Undefined) { + goto out; + } + + if ((pwd_complex = iniparser_getboolean(d, GPTTMPL_SECTION_SYSTEM_ACCESS + ":"GPTTMPL_PARAMETER_PWDCOMPLEX, Undefined)) == Undefined) { + goto out; + } + + if ((pwd_history = iniparser_getint(d, GPTTMPL_SECTION_SYSTEM_ACCESS + ":"GPTTMPL_PARAMETER_PWDHISTORY, Undefined)) == Undefined) { + goto out; + } + + if ((lockout_count = iniparser_getint(d, GPTTMPL_SECTION_SYSTEM_ACCESS + ":"GPTTMPL_PARAMETER_LOCKOUTCOUNT, Undefined)) == Undefined) { + goto out; + } + + /* TODO ? + RequireLogonToChangePassword = 0 + ForceLogoffWhenHourExpire = 0 + ClearTextPassword = 0 + */ + + status = NT_STATUS_OK; + + out: + if (d) { + iniparser_freedict(d); + } - return True; + return status; } -static BOOL do_parameter(const char *parameter, const char *value) +/**************************************************************** + parse the "Kerberos Policy" section from gpttmpl file +****************************************************************/ + +#define GPTTMPL_SECTION_KERBEROS_POLICY "Kerberos Policy" +#define GPTTMPL_PARAMETER_MAXTKTAGE "MaxTicketAge" +#define GPTTMPL_PARAMETER_MAXRENEWAGE "MaxRenewAge" +#define GPTTMPL_PARAMETER_MAXTGSAGE "MaxServiceAge" +#define GPTTMPL_PARAMETER_MAXCLOCKSKEW "MaxClockSkew" +#define GPTTMPL_PARAMETER_TKTVALIDATECLIENT "TicketValidateClient" + +static NTSTATUS parse_gpttmpl_kerberos_policy(const char *filename) { - DEBUG(10,("do_parameter: %s, %s\n", parameter, value)); - - if (strequal(parameter, GPT_INI_PARAMETER_VERSION)) { - version = atoi(value); + NTSTATUS status; + dictionary *d = NULL; + uint32 tkt_max_age, tkt_max_renew, tgs_max_age, max_clock_skew; + BOOL tkt_validate; + uint32 version; + + d = iniparser_load(filename); + if (d == NULL) { + return NT_STATUS_NO_SUCH_FILE; + } + + status = parse_gpttmpl(d, &version); + if (!NT_STATUS_IS_OK(status)) { + goto out; + } + + status = NT_STATUS_INVALID_PARAMETER; + + if ((tkt_max_age = iniparser_getint(d, GPTTMPL_SECTION_KERBEROS_POLICY + ":"GPTTMPL_PARAMETER_MAXTKTAGE, Undefined)) != Undefined) { + goto out; + } + + if ((tkt_max_renew = iniparser_getint(d, GPTTMPL_SECTION_KERBEROS_POLICY + ":"GPTTMPL_PARAMETER_MAXRENEWAGE, Undefined)) != Undefined) { + goto out; + } + + if ((tgs_max_age = iniparser_getint(d, GPTTMPL_SECTION_KERBEROS_POLICY + ":"GPTTMPL_PARAMETER_MAXTGSAGE, Undefined)) != Undefined) { + goto out; + } + + if ((max_clock_skew = iniparser_getint(d, GPTTMPL_SECTION_KERBEROS_POLICY + ":"GPTTMPL_PARAMETER_MAXCLOCKSKEW, Undefined)) != Undefined) { + goto out; } - return True; + + if ((tkt_validate = iniparser_getboolean(d, GPTTMPL_SECTION_KERBEROS_POLICY + ":"GPTTMPL_PARAMETER_TKTVALIDATECLIENT, Undefined)) != Undefined) { + goto out; + } + + status = NT_STATUS_OK; + + out: + if (d) { + iniparser_freedict(d); + } + + return status; } +#endif + /* -perfectly parseable with pm_process() :)) +perfectly parseable with iniparser: + +{GUID}/Machine/Microsoft/Windows NT/SecEdit/GptTmpl.inf + [Unicode] Unicode=yes @@ -76,5 +299,3 @@ TicketValidateClient = 1 signature="$CHICAGO$" Revision=1 */ - -#endif /* HAVE_LDAP */ |