source: trunk/server/source3/registry/reg_dispatcher.c

Last change on this file was 745, checked in by Silvan Scherrer, 13 years ago

Samba Server: updated trunk to 3.6.0
File size: 7.3 KB
Line 
1/*
2 * Unix SMB/CIFS implementation.
3 * Virtual Windows Registry Layer
4 * Copyright (C) Gerald Carter 2002-2005
5 * Copyright (C) Michael Adam 2006-2008
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
19 */
20
21/*
22 * Implementation of registry frontend view functions.
23 * Functions moved from reg_frontend.c to minimize linker deps.
24 */
25
26#include "includes.h"
27#include "registry.h"
28#include "reg_dispatcher.h"
29#include "../libcli/security/security.h"
30
31#undef DBGC_CLASS
32#define DBGC_CLASS DBGC_REGISTRY
33
34static const struct generic_mapping reg_generic_map =
35 { REG_KEY_READ, REG_KEY_WRITE, REG_KEY_EXECUTE, REG_KEY_ALL };
36
37/********************************************************************
38********************************************************************/
39
40static WERROR construct_registry_sd(TALLOC_CTX *ctx, struct security_descriptor **psd)
41{
42 struct security_ace ace[3];
43 size_t i = 0;
44 struct security_descriptor *sd;
45 struct security_acl *theacl;
46 size_t sd_size;
47
48 /* basic access for Everyone */
49
50 init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED,
51 REG_KEY_READ, 0);
52
53 /* Full Access 'BUILTIN\Administrators' */
54
55 init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators,
56 SEC_ACE_TYPE_ACCESS_ALLOWED, REG_KEY_ALL, 0);
57
58 /* Full Access 'NT Authority\System' */
59
60 init_sec_ace(&ace[i++], &global_sid_System, SEC_ACE_TYPE_ACCESS_ALLOWED,
61 REG_KEY_ALL, 0);
62
63 /* create the security descriptor */
64
65 theacl = make_sec_acl(ctx, NT4_ACL_REVISION, i, ace);
66 if (theacl == NULL) {
67 return WERR_NOMEM;
68 }
69
70 sd = make_sec_desc(ctx, SD_REVISION, SEC_DESC_SELF_RELATIVE,
71 &global_sid_Builtin_Administrators,
72 &global_sid_System, NULL, theacl,
73 &sd_size);
74 if (sd == NULL) {
75 return WERR_NOMEM;
76 }
77
78 *psd = sd;
79 return WERR_OK;
80}
81
82/***********************************************************************
83 High level wrapper function for storing registry subkeys
84 ***********************************************************************/
85
86bool store_reg_keys(struct registry_key_handle *key,
87 struct regsubkey_ctr *subkeys)
88{
89 if (key->ops && key->ops->store_subkeys)
90 return key->ops->store_subkeys(key->name, subkeys);
91
92 return false;
93}
94
95/***********************************************************************
96 High level wrapper function for storing registry values
97 ***********************************************************************/
98
99bool store_reg_values(struct registry_key_handle *key, struct regval_ctr *val)
100{
101 if (key->ops && key->ops->store_values)
102 return key->ops->store_values(key->name, val);
103
104 return false;
105}
106
107WERROR create_reg_subkey(struct registry_key_handle *key, const char *subkey)
108{
109 if (key->ops && key->ops->create_subkey) {
110 return key->ops->create_subkey(key->name, subkey);
111 }
112
113 return WERR_NOT_SUPPORTED;
114}
115
116WERROR delete_reg_subkey(struct registry_key_handle *key, const char *subkey)
117{
118 if (key->ops && key->ops->delete_subkey) {
119 return key->ops->delete_subkey(key->name, subkey);
120 }
121
122 return WERR_NOT_SUPPORTED;
123}
124
125/***********************************************************************
126 High level wrapper function for enumerating registry subkeys
127 Initialize the TALLOC_CTX if necessary
128 ***********************************************************************/
129
130int fetch_reg_keys(struct registry_key_handle *key,
131 struct regsubkey_ctr *subkey_ctr)
132{
133 int result = -1;
134
135 if (key->ops && key->ops->fetch_subkeys)
136 result = key->ops->fetch_subkeys(key->name, subkey_ctr);
137
138 return result;
139}
140
141/***********************************************************************
142 High level wrapper function for enumerating registry values
143 ***********************************************************************/
144
145int fetch_reg_values(struct registry_key_handle *key, struct regval_ctr *val)
146{
147 int result = -1;
148
149 DEBUG(10, ("fetch_reg_values called for key '%s' (ops %p)\n", key->name,
150 (key->ops) ? (void *)key->ops : NULL));
151
152 if (key->ops && key->ops->fetch_values)
153 result = key->ops->fetch_values(key->name, val);
154
155 return result;
156}
157
158/***********************************************************************
159 High level access check for passing the required access mask to the
160 underlying registry backend
161 ***********************************************************************/
162
163bool regkey_access_check(struct registry_key_handle *key, uint32 requested,
164 uint32 *granted,
165 const struct security_token *token )
166{
167 struct security_descriptor *sec_desc;
168 NTSTATUS status;
169 WERROR err;
170
171 /* root free-pass, like we have on all other pipes like samr, lsa, etc. */
172 if (geteuid() == sec_initial_uid()) {
173 *granted = REG_KEY_ALL;
174 return true;
175 }
176
177 /* use the default security check if the backend has not defined its
178 * own */
179
180 if (key->ops && key->ops->reg_access_check) {
181 return key->ops->reg_access_check(key->name, requested,
182 granted, token);
183 }
184
185 err = regkey_get_secdesc(talloc_tos(), key, &sec_desc);
186
187 if (!W_ERROR_IS_OK(err)) {
188 return false;
189 }
190
191 se_map_generic( &requested, &reg_generic_map );
192
193 status =se_access_check(sec_desc, token, requested, granted);
194 TALLOC_FREE(sec_desc);
195 if (!NT_STATUS_IS_OK(status)) {
196 return false;
197 }
198
199 return NT_STATUS_IS_OK(status);
200}
201
202WERROR regkey_get_secdesc(TALLOC_CTX *mem_ctx, struct registry_key_handle *key,
203 struct security_descriptor **psecdesc)
204{
205 struct security_descriptor *secdesc;
206 WERROR werr;
207
208 if (key->ops && key->ops->get_secdesc) {
209 werr = key->ops->get_secdesc(mem_ctx, key->name, psecdesc);
210 if (W_ERROR_IS_OK(werr)) {
211 return WERR_OK;
212 }
213 }
214
215 werr = construct_registry_sd(mem_ctx, &secdesc);
216 if (!W_ERROR_IS_OK(werr)) {
217 return werr;
218 }
219
220 *psecdesc = secdesc;
221 return WERR_OK;
222}
223
224WERROR regkey_set_secdesc(struct registry_key_handle *key,
225 struct security_descriptor *psecdesc)
226{
227 if (key->ops && key->ops->set_secdesc) {
228 return key->ops->set_secdesc(key->name, psecdesc);
229 }
230
231 return WERR_ACCESS_DENIED;
232}
233
234/**
235 * Check whether the in-memory version of the subkyes of a
236 * registry key needs update from disk.
237 */
238bool reg_subkeys_need_update(struct registry_key_handle *key,
239 struct regsubkey_ctr *subkeys)
240{
241 if (key->ops && key->ops->subkeys_need_update)
242 {
243 return key->ops->subkeys_need_update(subkeys);
244 }
245
246 return false;
247}
248
249/**
250 * Check whether the in-memory version of the values of a
251 * registry key needs update from disk.
252 */
253bool reg_values_need_update(struct registry_key_handle *key,
254 struct regval_ctr *values)
255{
256 if (key->ops && key->ops->values_need_update)
257 {
258 return key->ops->values_need_update(values);
259 }
260
261 return false;
262}
263
Note: See TracBrowser for help on using the repository browser.