source: branches/samba-3.2.x/source/registry/reg_dispatcher.c

Last change on this file was 133, checked in by Paul Smedley, 17 years ago

Update trunk to 3.2.0pre3
File size: 6.4 KB
Line 
1/*
2 * Unix SMB/CIFS implementation.
3 * Virtual Windows Registry Layer
4 * Copyright (C) Gerald Carter 2002-2005
5 * Copyright (C) Michael Adam 2006-2008
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
19 */
20
21/*
22 * Implementation of registry frontend view functions.
23 * Functions moved from reg_frontend.c to minimize linker deps.
24 */
25
26#include "includes.h"
27
28#undef DBGC_CLASS
29#define DBGC_CLASS DBGC_REGISTRY
30
31static const struct generic_mapping reg_generic_map =
32 { REG_KEY_READ, REG_KEY_WRITE, REG_KEY_EXECUTE, REG_KEY_ALL };
33
34/********************************************************************
35********************************************************************/
36
37static WERROR construct_registry_sd(TALLOC_CTX *ctx, SEC_DESC **psd)
38{
39 SEC_ACE ace[3];
40 SEC_ACCESS mask;
41 size_t i = 0;
42 SEC_DESC *sd;
43 SEC_ACL *acl;
44 size_t sd_size;
45
46 /* basic access for Everyone */
47
48 init_sec_access(&mask, REG_KEY_READ);
49 init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED,
50 mask, 0);
51
52 /* Full Access 'BUILTIN\Administrators' */
53
54 init_sec_access(&mask, REG_KEY_ALL);
55 init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators,
56 SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
57
58 /* Full Access 'NT Authority\System' */
59
60 init_sec_access(&mask, REG_KEY_ALL );
61 init_sec_ace(&ace[i++], &global_sid_System, SEC_ACE_TYPE_ACCESS_ALLOWED,
62 mask, 0);
63
64 /* create the security descriptor */
65
66 acl = make_sec_acl(ctx, NT4_ACL_REVISION, i, ace);
67 if (acl == NULL) {
68 return WERR_NOMEM;
69 }
70
71 sd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE,
72 &global_sid_Builtin_Administrators,
73 &global_sid_System, NULL, acl,
74 &sd_size);
75 if (sd == NULL) {
76 return WERR_NOMEM;
77 }
78
79 *psd = sd;
80 return WERR_OK;
81}
82
83/***********************************************************************
84 High level wrapper function for storing registry subkeys
85 ***********************************************************************/
86
87bool store_reg_keys( REGISTRY_KEY *key, REGSUBKEY_CTR *subkeys )
88{
89 if (key->ops && key->ops->store_subkeys)
90 return key->ops->store_subkeys(key->name, subkeys);
91
92 return false;
93}
94
95/***********************************************************************
96 High level wrapper function for storing registry values
97 ***********************************************************************/
98
99bool store_reg_values( REGISTRY_KEY *key, REGVAL_CTR *val )
100{
101 if (key->ops && key->ops->store_values)
102 return key->ops->store_values(key->name, val);
103
104 return false;
105}
106
107/***********************************************************************
108 High level wrapper function for enumerating registry subkeys
109 Initialize the TALLOC_CTX if necessary
110 ***********************************************************************/
111
112int fetch_reg_keys( REGISTRY_KEY *key, REGSUBKEY_CTR *subkey_ctr )
113{
114 int result = -1;
115
116 if (key->ops && key->ops->fetch_subkeys)
117 result = key->ops->fetch_subkeys(key->name, subkey_ctr);
118
119 return result;
120}
121
122/***********************************************************************
123 High level wrapper function for enumerating registry values
124 ***********************************************************************/
125
126int fetch_reg_values( REGISTRY_KEY *key, REGVAL_CTR *val )
127{
128 int result = -1;
129
130 DEBUG(10, ("fetch_reg_values called for key '%s' (ops %p)\n", key->name,
131 (key->ops) ? (void *)key->ops : NULL));
132
133 if (key->ops && key->ops->fetch_values)
134 result = key->ops->fetch_values(key->name, val);
135
136 return result;
137}
138
139/***********************************************************************
140 High level access check for passing the required access mask to the
141 underlying registry backend
142 ***********************************************************************/
143
144bool regkey_access_check( REGISTRY_KEY *key, uint32 requested, uint32 *granted,
145 const struct nt_user_token *token )
146{
147 SEC_DESC *sec_desc;
148 NTSTATUS status;
149 WERROR err;
150 TALLOC_CTX *mem_ctx;
151
152 /* use the default security check if the backend has not defined its
153 * own */
154
155 if (key->ops && key->ops->reg_access_check) {
156 return key->ops->reg_access_check(key->name, requested,
157 granted, token);
158 }
159
160 /*
161 * The secdesc routines can't yet cope with a NULL talloc ctx sanely.
162 */
163
164 if (!(mem_ctx = talloc_init("regkey_access_check"))) {
165 return false;
166 }
167
168 err = regkey_get_secdesc(mem_ctx, key, &sec_desc);
169
170 if (!W_ERROR_IS_OK(err)) {
171 TALLOC_FREE(mem_ctx);
172 return false;
173 }
174
175 se_map_generic( &requested, &reg_generic_map );
176
177 if (!se_access_check(sec_desc, token, requested, granted, &status)) {
178 TALLOC_FREE(mem_ctx);
179 return false;
180 }
181
182 TALLOC_FREE(mem_ctx);
183 return NT_STATUS_IS_OK(status);
184}
185
186WERROR regkey_get_secdesc(TALLOC_CTX *mem_ctx, REGISTRY_KEY *key,
187 struct security_descriptor **psecdesc)
188{
189 struct security_descriptor *secdesc;
190 WERROR werr;
191
192 if (key->ops && key->ops->get_secdesc) {
193 werr = key->ops->get_secdesc(mem_ctx, key->name, psecdesc);
194 if (W_ERROR_IS_OK(werr)) {
195 return WERR_OK;
196 }
197 }
198
199 werr = construct_registry_sd(mem_ctx, &secdesc);
200 if (!W_ERROR_IS_OK(werr)) {
201 return werr;
202 }
203
204 *psecdesc = secdesc;
205 return WERR_OK;
206}
207
208WERROR regkey_set_secdesc(REGISTRY_KEY *key,
209 struct security_descriptor *psecdesc)
210{
211 if (key->ops && key->ops->set_secdesc) {
212 return key->ops->set_secdesc(key->name, psecdesc);
213 }
214
215 return WERR_ACCESS_DENIED;
216}
217
218/**
219 * Check whether the in-memory version of the subkyes of a
220 * registry key needs update from disk.
221 */
222bool reg_subkeys_need_update(REGISTRY_KEY *key, REGSUBKEY_CTR *subkeys)
223{
224 if (key->ops && key->ops->subkeys_need_update)
225 {
226 return key->ops->subkeys_need_update(subkeys);
227 }
228
229 return false;
230}
231
232/**
233 * Check whether the in-memory version of the values of a
234 * registry key needs update from disk.
235 */
236bool reg_values_need_update(REGISTRY_KEY *key, REGVAL_CTR *values)
237{
238 if (key->ops && key->ops->values_need_update)
239 {
240 return key->ops->values_need_update(values);
241 }
242
243 return false;
244}
245
Note: See TracBrowser for help on using the repository browser.