source: branches/samba-3.5.x/source3/registry/reg_dispatcher.c

Last change on this file was 414, checked in by Herwig Bauernfeind, 16 years ago

Samba 3.5.0: Initial import
File size: 6.7 KB
Line 
1/*
2 * Unix SMB/CIFS implementation.
3 * Virtual Windows Registry Layer
4 * Copyright (C) Gerald Carter 2002-2005
5 * Copyright (C) Michael Adam 2006-2008
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
19 */
20
21/*
22 * Implementation of registry frontend view functions.
23 * Functions moved from reg_frontend.c to minimize linker deps.
24 */
25
26#include "includes.h"
27
28#undef DBGC_CLASS
29#define DBGC_CLASS DBGC_REGISTRY
30
31static const struct generic_mapping reg_generic_map =
32 { REG_KEY_READ, REG_KEY_WRITE, REG_KEY_EXECUTE, REG_KEY_ALL };
33
34/********************************************************************
35********************************************************************/
36
37static WERROR construct_registry_sd(TALLOC_CTX *ctx, SEC_DESC **psd)
38{
39 SEC_ACE ace[3];
40 size_t i = 0;
41 SEC_DESC *sd;
42 SEC_ACL *theacl;
43 size_t sd_size;
44
45 /* basic access for Everyone */
46
47 init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED,
48 REG_KEY_READ, 0);
49
50 /* Full Access 'BUILTIN\Administrators' */
51
52 init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators,
53 SEC_ACE_TYPE_ACCESS_ALLOWED, REG_KEY_ALL, 0);
54
55 /* Full Access 'NT Authority\System' */
56
57 init_sec_ace(&ace[i++], &global_sid_System, SEC_ACE_TYPE_ACCESS_ALLOWED,
58 REG_KEY_ALL, 0);
59
60 /* create the security descriptor */
61
62 theacl = make_sec_acl(ctx, NT4_ACL_REVISION, i, ace);
63 if (theacl == NULL) {
64 return WERR_NOMEM;
65 }
66
67 sd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE,
68 &global_sid_Builtin_Administrators,
69 &global_sid_System, NULL, theacl,
70 &sd_size);
71 if (sd == NULL) {
72 return WERR_NOMEM;
73 }
74
75 *psd = sd;
76 return WERR_OK;
77}
78
79/***********************************************************************
80 High level wrapper function for storing registry subkeys
81 ***********************************************************************/
82
83bool store_reg_keys(struct registry_key_handle *key,
84 struct regsubkey_ctr *subkeys)
85{
86 if (key->ops && key->ops->store_subkeys)
87 return key->ops->store_subkeys(key->name, subkeys);
88
89 return false;
90}
91
92/***********************************************************************
93 High level wrapper function for storing registry values
94 ***********************************************************************/
95
96bool store_reg_values(struct registry_key_handle *key, struct regval_ctr *val)
97{
98 if (key->ops && key->ops->store_values)
99 return key->ops->store_values(key->name, val);
100
101 return false;
102}
103
104WERROR create_reg_subkey(struct registry_key_handle *key, const char *subkey)
105{
106 if (key->ops && key->ops->create_subkey) {
107 return key->ops->create_subkey(key->name, subkey);
108 }
109
110 return WERR_NOT_SUPPORTED;
111}
112
113WERROR delete_reg_subkey(struct registry_key_handle *key, const char *subkey)
114{
115 if (key->ops && key->ops->delete_subkey) {
116 return key->ops->delete_subkey(key->name, subkey);
117 }
118
119 return WERR_NOT_SUPPORTED;
120}
121
122/***********************************************************************
123 High level wrapper function for enumerating registry subkeys
124 Initialize the TALLOC_CTX if necessary
125 ***********************************************************************/
126
127int fetch_reg_keys(struct registry_key_handle *key,
128 struct regsubkey_ctr *subkey_ctr)
129{
130 int result = -1;
131
132 if (key->ops && key->ops->fetch_subkeys)
133 result = key->ops->fetch_subkeys(key->name, subkey_ctr);
134
135 return result;
136}
137
138/***********************************************************************
139 High level wrapper function for enumerating registry values
140 ***********************************************************************/
141
142int fetch_reg_values(struct registry_key_handle *key, struct regval_ctr *val)
143{
144 int result = -1;
145
146 DEBUG(10, ("fetch_reg_values called for key '%s' (ops %p)\n", key->name,
147 (key->ops) ? (void *)key->ops : NULL));
148
149 if (key->ops && key->ops->fetch_values)
150 result = key->ops->fetch_values(key->name, val);
151
152 return result;
153}
154
155/***********************************************************************
156 High level access check for passing the required access mask to the
157 underlying registry backend
158 ***********************************************************************/
159
160bool regkey_access_check(struct registry_key_handle *key, uint32 requested,
161 uint32 *granted,
162 const struct nt_user_token *token )
163{
164 SEC_DESC *sec_desc;
165 NTSTATUS status;
166 WERROR err;
167
168 /* use the default security check if the backend has not defined its
169 * own */
170
171 if (key->ops && key->ops->reg_access_check) {
172 return key->ops->reg_access_check(key->name, requested,
173 granted, token);
174 }
175
176 err = regkey_get_secdesc(talloc_tos(), key, &sec_desc);
177
178 if (!W_ERROR_IS_OK(err)) {
179 return false;
180 }
181
182 se_map_generic( &requested, &reg_generic_map );
183
184 status =se_access_check(sec_desc, token, requested, granted);
185 TALLOC_FREE(sec_desc);
186 if (!NT_STATUS_IS_OK(status)) {
187 return false;
188 }
189
190 return NT_STATUS_IS_OK(status);
191}
192
193WERROR regkey_get_secdesc(TALLOC_CTX *mem_ctx, struct registry_key_handle *key,
194 struct security_descriptor **psecdesc)
195{
196 struct security_descriptor *secdesc;
197 WERROR werr;
198
199 if (key->ops && key->ops->get_secdesc) {
200 werr = key->ops->get_secdesc(mem_ctx, key->name, psecdesc);
201 if (W_ERROR_IS_OK(werr)) {
202 return WERR_OK;
203 }
204 }
205
206 werr = construct_registry_sd(mem_ctx, &secdesc);
207 if (!W_ERROR_IS_OK(werr)) {
208 return werr;
209 }
210
211 *psecdesc = secdesc;
212 return WERR_OK;
213}
214
215WERROR regkey_set_secdesc(struct registry_key_handle *key,
216 struct security_descriptor *psecdesc)
217{
218 if (key->ops && key->ops->set_secdesc) {
219 return key->ops->set_secdesc(key->name, psecdesc);
220 }
221
222 return WERR_ACCESS_DENIED;
223}
224
225/**
226 * Check whether the in-memory version of the subkyes of a
227 * registry key needs update from disk.
228 */
229bool reg_subkeys_need_update(struct registry_key_handle *key,
230 struct regsubkey_ctr *subkeys)
231{
232 if (key->ops && key->ops->subkeys_need_update)
233 {
234 return key->ops->subkeys_need_update(subkeys);
235 }
236
237 return false;
238}
239
240/**
241 * Check whether the in-memory version of the values of a
242 * registry key needs update from disk.
243 */
244bool reg_values_need_update(struct registry_key_handle *key,
245 struct regval_ctr *values)
246{
247 if (key->ops && key->ops->values_need_update)
248 {
249 return key->ops->values_need_update(values);
250 }
251
252 return false;
253}
254
Note: See TracBrowser for help on using the repository browser.