diff options
author | Gerald Carter <jerry@samba.org> | 2005-06-29 16:35:32 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 10:58:07 -0500 |
commit | 270b90e25f2ec5fcb1283588a9e605b7228e0e41 (patch) | |
tree | f84f6736eab9650035426c30acb781a11a7a2046 | |
parent | 2e7f22e833fbb549f698460f9ed4d81af68b86e9 (diff) | |
download | samba-270b90e25f2ec5fcb1283588a9e605b7228e0e41.tar.gz samba-270b90e25f2ec5fcb1283588a9e605b7228e0e41.tar.bz2 samba-270b90e25f2ec5fcb1283588a9e605b7228e0e41.zip |
r7995: * privileges are local except when they're *not*
printmig.exe assumes that the LUID of the SeBackupPrivlege
on the target server matches the LUID of the privilege
on the local client. Even though an LUID is never guaranteed
to be the same across reboots. How *awful*! My cat could
write better code! (more on my cat later....)
* Set the privelege LUID in the global PRIVS[] array
* Rename RegCreateKey() to RegCreateKeyEx() to better match MSDN
* Rename the unknown field in RegCreateKeyEx() to disposition
(guess according to MSDN)
* Add the capability to define REG_TDB_ONLY for using the reg_db.c
functions and stress the RegXXX() rpc functions.
(This used to be commit 0d6352da4800aabc04dfd7c65a6afe6af7cd2d4b)
-rw-r--r-- | source3/include/privileges.h | 24 | ||||
-rw-r--r-- | source3/include/rpc_reg.h | 8 | ||||
-rw-r--r-- | source3/lib/privileges.c | 124 | ||||
-rw-r--r-- | source3/registry/reg_db.c | 14 | ||||
-rw-r--r-- | source3/registry/reg_frontend.c | 3 | ||||
-rw-r--r-- | source3/registry/reg_objects.c | 10 | ||||
-rw-r--r-- | source3/registry/reg_printing.c | 55 | ||||
-rw-r--r-- | source3/rpc_client/cli_reg.c | 14 | ||||
-rw-r--r-- | source3/rpc_parse/parse_reg.c | 12 | ||||
-rw-r--r-- | source3/rpc_server/srv_lsa_nt.c | 2 | ||||
-rw-r--r-- | source3/rpc_server/srv_reg.c | 14 | ||||
-rw-r--r-- | source3/rpc_server/srv_reg_nt.c | 26 | ||||
-rw-r--r-- | source3/rpc_server/srv_spoolss_nt.c | 7 |
13 files changed, 159 insertions, 154 deletions
diff --git a/source3/include/privileges.h b/source3/include/privileges.h index 38edee84e8..052cbb6c5f 100644 --- a/source3/include/privileges.h +++ b/source3/include/privileges.h @@ -82,25 +82,22 @@ extern const SE_PRIV se_restore; #define PR_LOG_ON_SERVICE 0x0010 -#ifndef _BOOL -typedef int BOOL; -#define _BOOL /* So we don't typedef BOOL again in vfs.h */ -#endif - -typedef struct LUID -{ - uint32 low; +typedef struct { uint32 high; + uint32 low; } LUID; -typedef struct LUID_ATTR -{ +typedef struct { LUID luid; uint32 attr; } LUID_ATTR; -typedef struct privilege_set -{ +#ifndef _BOOL +typedef int BOOL; +#define _BOOL /* So we don't typedef BOOL again in vfs.h */ +#endif + +typedef struct { TALLOC_CTX *mem_ctx; BOOL ext_ctx; uint32 count; @@ -108,10 +105,11 @@ typedef struct privilege_set LUID_ATTR *set; } PRIVILEGE_SET; -typedef struct _PRIVS { +typedef struct { SE_PRIV se_priv; const char *name; const char *description; + LUID luid; } PRIVS; #endif /* PRIVILEGES_H */ diff --git a/source3/include/rpc_reg.h b/source3/include/rpc_reg.h index 7d6469bc8e..a35e534952 100644 --- a/source3/include/rpc_reg.h +++ b/source3/include/rpc_reg.h @@ -34,7 +34,7 @@ #define REG_OPEN_HKPD 0x03 #define REG_OPEN_HKU 0x04 #define REG_CLOSE 0x05 -#define REG_CREATE_KEY 0x06 +#define REG_CREATE_KEY_EX 0x06 #define REG_DELETE_KEY 0x07 #define REG_DELETE_VALUE 0x08 #define REG_ENUM_KEY 0x09 @@ -225,13 +225,13 @@ typedef struct { uint32 ptr3; SEC_DESC_BUF *data; uint32 unknown_2; /* 0x0000 0000 */ -} REG_Q_CREATE_KEY; +} REG_Q_CREATE_KEY_EX; typedef struct { POLICY_HND handle; - uint32 unknown; + uint32 disposition; WERROR status; -} REG_R_CREATE_KEY; +} REG_R_CREATE_KEY_EX; /***********************************************/ diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c index ae98d8940f..30db2fc2bb 100644 --- a/source3/lib/privileges.c +++ b/source3/lib/privileges.c @@ -25,8 +25,6 @@ #define PRIVPREFIX "PRIV_" -#define GENERATE_LUID_LOW(x) (x)+1; - static const SE_PRIV se_priv_all = SE_ALL_PRIVS; static const SE_PRIV se_priv_end = SE_END; @@ -43,60 +41,65 @@ const SE_PRIV se_restore = SE_RESTORE; /******************************************************************** This is a list of privileges reported by a WIndows 2000 SP4 AD DC - just for reference purposes: - - SeCreateTokenPrivilege Create a token object - SeAssignPrimaryTokenPrivilege Replace a process level token - SeLockMemoryPrivilege Lock pages in memory - SeIncreaseQuotaPrivilege Increase quotas - SeMachineAccountPrivilege Add workstations to domain - SeTcbPrivilege Act as part of the operating system - SeSecurityPrivilege Manage auditing and security log - SeTakeOwnershipPrivilege Take ownership of files or other objects - SeLoadDriverPrivilege Load and unload device drivers - SeSystemProfilePrivilege Profile system performance - SeSystemtimePrivilege Change the system time - SeProfileSingleProcessPrivilege Profile single process - SeIncreaseBasePriorityPrivilege Increase scheduling priority - SeCreatePagefilePrivilege Create a pagefile - SeCreatePermanentPrivilege Create permanent shared objects - SeBackupPrivilege Back up files and directories - SeRestorePrivilege Restore files and directories - SeShutdownPrivilege Shut down the system - SeDebugPrivilege Debug programs - SeAuditPrivilege Generate security audits - SeSystemEnvironmentPrivilege Modify firmware environment values - SeChangeNotifyPrivilege Bypass traverse checking - SeRemoteShutdownPrivilege Force shutdown from a remote system - SeUndockPrivilege Remove computer from docking station - SeSyncAgentPrivilege Synchronize directory service data - SeEnableDelegationPrivilege Enable computer and user accounts to be trusted for delegation - SeManageVolumePrivilege Perform volume maintenance tasks - SeImpersonatePrivilege Impersonate a client after authentication - SeCreateGlobalPrivilege Create global objects - -********************************************************************/ - - + just for reference purposes (and I know the LUID is not guaranteed + across reboots): + + SeCreateTokenPrivilege Create a token object ( 0x0, 0x2 ) + SeAssignPrimaryTokenPrivilege Replace a process level token ( 0x0, 0x3 ) + SeLockMemoryPrivilege Lock pages in memory ( 0x0, 0x4 ) + SeIncreaseQuotaPrivilege Increase quotas ( 0x0, 0x5 ) + SeMachineAccountPrivilege Add workstations to domain ( 0x0, 0x6 ) + SeTcbPrivilege Act as part of the operating system ( 0x0, 0x7 ) + SeSecurityPrivilege Manage auditing and security log ( 0x0, 0x8 ) + SeTakeOwnershipPrivilege Take ownership of files or other objects ( 0x0, 0x9 ) + SeLoadDriverPrivilege Load and unload device drivers ( 0x0, 0xa ) + SeSystemProfilePrivilege Profile system performance ( 0x0, 0xb ) + SeSystemtimePrivilege Change the system time ( 0x0, 0xc ) + SeProfileSingleProcessPrivilege Profile single process ( 0x0, 0xd ) + SeIncreaseBasePriorityPrivilege Increase scheduling priority ( 0x0, 0xe ) + SeCreatePagefilePrivilege Create a pagefile ( 0x0, 0xf ) + SeCreatePermanentPrivilege Create permanent shared objects ( 0x0, 0x10 ) + SeBackupPrivilege Back up files and directories ( 0x0, 0x11 ) + SeRestorePrivilege Restore files and directories ( 0x0, 0x12 ) + SeShutdownPrivilege Shut down the system ( 0x0, 0x13 ) + SeDebugPrivilege Debug programs ( 0x0, 0x14 ) + SeAuditPrivilege Generate security audits ( 0x0, 0x15 ) + SeSystemEnvironmentPrivilege Modify firmware environment values ( 0x0, 0x16 ) + SeChangeNotifyPrivilege Bypass traverse checking ( 0x0, 0x17 ) + SeRemoteShutdownPrivilege Force shutdown from a remote system ( 0x0, 0x18 ) + SeUndockPrivilege Remove computer from docking station ( 0x0, 0x19 ) + SeSyncAgentPrivilege Synchronize directory service data ( 0x0, 0x1a ) + SeEnableDelegationPrivilege Enable computer and user accounts to be trusted for delegation ( 0x0, 0x1b ) + SeManageVolumePrivilege Perform volume maintenance tasks ( 0x0, 0x1c ) + SeImpersonatePrivilege Impersonate a client after authentication ( 0x0, 0x1d ) + SeCreateGlobalPrivilege Create global objects ( 0x0, 0x1e ) + + ********************************************************************/ + +/* we have to define the LUID here due to a horrible check by printmig.exe + that requires the SeBackupPrivilege match what is in Windows. So match + those that we implement and start Samba privileges at 0x1001 */ + PRIVS privs[] = { #if 0 /* usrmgr will display these twice if you include them. We don't use them but we'll keep the bitmasks reserved in privileges.h anyways */ - {SE_NETWORK_LOGON, "SeNetworkLogonRight", "Access this computer from network"}, - {SE_INTERACTIVE_LOGON, "SeInteractiveLogonRight", "Log on locally"}, - {SE_BATCH_LOGON, "SeBatchLogonRight", "Log on as a batch job"}, - {SE_SERVICE_LOGON, "SeServiceLogonRight", "Log on as a service"}, + {SE_NETWORK_LOGON, "SeNetworkLogonRight", "Access this computer from network", { 0x0, 0x0 }}, + {SE_INTERACTIVE_LOGON, "SeInteractiveLogonRight", "Log on locally", { 0x0, 0x0 }}, + {SE_BATCH_LOGON, "SeBatchLogonRight", "Log on as a batch job", { 0x0, 0x0 }}, + {SE_SERVICE_LOGON, "SeServiceLogonRight", "Log on as a service", { 0x0, 0x0 }}, #endif - {SE_MACHINE_ACCOUNT, "SeMachineAccountPrivilege", "Add machines to domain"}, - {SE_PRINT_OPERATOR, "SePrintOperatorPrivilege", "Manage printers"}, - {SE_ADD_USERS, "SeAddUsersPrivilege", "Add users and groups to the domain"}, - {SE_REMOTE_SHUTDOWN, "SeRemoteShutdownPrivilege", "Force shutdown from a remote system"}, - {SE_DISK_OPERATOR, "SeDiskOperatorPrivilege", "Manage disk shares"}, - {SE_BACKUP, "SeBackupPrivilege", "Back up files and directories"}, - {SE_RESTORE, "SeRestorePrivilege", "Restore files and directories"}, - {SE_TAKE_OWNERSHIP, "SeTakeOwnershipPrivilege", "Take ownership of files or other objects"}, - - {SE_END, "", ""} + {SE_MACHINE_ACCOUNT, "SeMachineAccountPrivilege", "Add machines to domain", { 0x0, 0x0006 }}, + {SE_TAKE_OWNERSHIP, "SeTakeOwnershipPrivilege", "Take ownership of files or other objects",{ 0x0, 0x0009 }}, + {SE_BACKUP, "SeBackupPrivilege", "Back up files and directories", { 0x0, 0x0011 }}, + {SE_RESTORE, "SeRestorePrivilege", "Restore files and directories", { 0x0, 0x0012 }}, + {SE_REMOTE_SHUTDOWN, "SeRemoteShutdownPrivilege", "Force shutdown from a remote system", { 0x0, 0x0018 }}, + + {SE_PRINT_OPERATOR, "SePrintOperatorPrivilege", "Manage printers", { 0x0, 0x1001 }}, + {SE_ADD_USERS, "SeAddUsersPrivilege", "Add users and groups to the domain", { 0x0, 0x1002 }}, + {SE_DISK_OPERATOR, "SeDiskOperatorPrivilege", "Manage disk shares", { 0x0, 0x1003 }}, + + {SE_END, "", "", { 0x0, 0x0 }} }; typedef struct { @@ -109,7 +112,6 @@ typedef struct { SID_LIST sids; } PRIV_SID_LIST; - /*************************************************************************** copy an SE_PRIV structure ****************************************************************************/ @@ -402,7 +404,7 @@ LUID_ATTR get_privilege_luid( SE_PRIV *mask ) for ( i=0; !se_priv_equal(&privs[i].se_priv, &se_priv_end); i++ ) { if ( se_priv_equal( &privs[i].se_priv, mask ) ) { - priv_luid.luid.low = GENERATE_LUID_LOW(i); + priv_luid.luid = privs[i].luid; break; } } @@ -746,17 +748,19 @@ BOOL user_has_any_privilege(NT_USER_TOKEN *token, const SE_PRIV *privilege) char* luid_to_privilege_name(const LUID *set) { static fstring name; - int max = count_all_privileges(); + int i; if (set->high != 0) return NULL; - if ( set->low > max ) - return NULL; - - fstrcpy( name, privs[set->low - 1].name ); + for ( i=0; !se_priv_equal(&privs[i].se_priv, &se_priv_end); i++ ) { + if ( set->low == privs[i].luid.low ) { + fstrcpy( name, privs[set->low - 1].name ); + return name; + } + } - return name; + return NULL; } /******************************************************************* @@ -792,7 +796,7 @@ BOOL se_priv_to_privilege_set( PRIVILEGE_SET *set, SE_PRIV *mask ) if ( !is_privilege_assigned(mask, &privs[i].se_priv) ) continue; - luid.luid.low = GENERATE_LUID_LOW(i); + luid.luid = privs[i].luid; if ( !privilege_set_add( set, luid ) ) return False; diff --git a/source3/registry/reg_db.c b/source3/registry/reg_db.c index 884949375b..741bc4127b 100644 --- a/source3/registry/reg_db.c +++ b/source3/registry/reg_db.c @@ -399,7 +399,7 @@ static int regdb_unpack_values(REGVAL_CTR *values, char *buf, int buflen) int len = 0; uint32 type; pstring valuename; - int size; + uint32 size; uint8 *data_p; uint32 num_values = 0; int i; @@ -413,17 +413,21 @@ static int regdb_unpack_values(REGVAL_CTR *values, char *buf, int buflen) for ( i=0; i<num_values; i++ ) { /* unpack the next regval */ + type = REG_NONE; + size = 0; + data_p = NULL; len += tdb_unpack(buf+len, buflen-len, "fdB", valuename, &type, &size, &data_p); - /* add the new value */ - - regval_ctr_addvalue( values, valuename, type, (const char *)data_p, size ); + /* add the new value. Paranoid protective code -- make sure data_p is valid */ - SAFE_FREE(data_p); /* 'B' option to tdbpack does a malloc() */ + if ( size && data_p ) { + regval_ctr_addvalue( values, valuename, type, (const char *)data_p, size ); + SAFE_FREE(data_p); /* 'B' option to tdb_unpack does a malloc() */ + } DEBUG(8,("specific: [%s], len: %d\n", valuename, size)); } diff --git a/source3/registry/reg_frontend.c b/source3/registry/reg_frontend.c index 440f108cc9..51ad23b498 100644 --- a/source3/registry/reg_frontend.c +++ b/source3/registry/reg_frontend.c @@ -31,13 +31,16 @@ extern REGISTRY_OPS shares_reg_ops; extern REGISTRY_OPS regdb_ops; /* these are the default */ /* array of REGISTRY_HOOK's which are read into a tree for easy access */ +/* #define REG_TDB_ONLY 1 */ REGISTRY_HOOK reg_hooks[] = { +#ifndef REG_TDB_ONLY { KEY_PRINTING, &printing_ops }, { KEY_PRINTING_2K, &printing_ops }, { KEY_PRINTING_PORTS, &printing_ops }, { KEY_EVENTLOG, &eventlog_ops }, { KEY_SHARES, &shares_reg_ops }, +#endif { NULL, NULL } }; diff --git a/source3/registry/reg_objects.c b/source3/registry/reg_objects.c index 7ee2cd8414..b3b47ae0e1 100644 --- a/source3/registry/reg_objects.c +++ b/source3/registry/reg_objects.c @@ -94,7 +94,7 @@ int regsubkey_ctr_delkey( REGSUBKEY_CTR *ctr, const char *keyname ) /* update if we have any keys left */ ctr->num_subkeys--; - if ( ctr->num_subkeys ) + if ( i < ctr->num_subkeys ) memmove( &ctr->subkeys[i], &ctr->subkeys[i+1], sizeof(char*) * (ctr->num_subkeys-i) ); return ctr->num_subkeys; @@ -232,7 +232,7 @@ uint8* regval_data_p( REGISTRY_VALUE *val ) /********************************************************************** *********************************************************************/ -int regval_size( REGISTRY_VALUE *val ) +uint32 regval_size( REGISTRY_VALUE *val ) { return val->size; } @@ -392,10 +392,10 @@ int regval_ctr_delvalue( REGVAL_CTR *ctr, const char *name ) if ( i == ctr->num_values ) return ctr->num_values; - /* just shift everything down one */ + /* If 'i' was not the last element, just shift everything down one */ ctr->num_values--; - if ( ctr->num_values ) - memmove( ctr->values[i], ctr->values[i+1], sizeof(REGISTRY_VALUE)*(ctr->num_values-i) ); + if ( i < ctr->num_values ) + memmove( ctr->values[i], ctr->values[i+1], sizeof(REGISTRY_VALUE*)*(ctr->num_values-i) ); return ctr->num_values; } diff --git a/source3/registry/reg_printing.c b/source3/registry/reg_printing.c index 30f2d74660..6fedb524d6 100644 --- a/source3/registry/reg_printing.c +++ b/source3/registry/reg_printing.c @@ -38,7 +38,6 @@ static const char *top_level_keys[MAX_TOP_LEVEL_KEYS] = { "Forms", "Printers" }; - /********************************************************************** It is safe to assume that every registry path passed into on of @@ -832,6 +831,7 @@ static int handle_printing_subpath( char *key, REGSUBKEY_CTR *subkeys, REGVAL_CT return result; } + /********************************************************************** Enumerate registry subkey names given a registry path. Caller is responsible for freeing memory to **subkeys @@ -840,7 +840,6 @@ static int handle_printing_subpath( char *key, REGSUBKEY_CTR *subkeys, REGVAL_CT static int printing_subkey_info( const char *key, REGSUBKEY_CTR *subkey_ctr ) { char *path; - BOOL top_level = False; int num_subkeys = 0; DEBUG(10,("printing_subkey_info: key=>[%s]\n", key)); @@ -849,25 +848,22 @@ static int printing_subkey_info( const char *key, REGSUBKEY_CTR *subkey_ctr ) /* check to see if we are dealing with the top level key */ - if ( !path ) - top_level = True; - - if ( top_level ) { - /* check between the two top level keys here */ - - if ( strequal( KEY_PRINTING, key ) ) { - regsubkey_ctr_addkey( subkey_ctr, "Environments" ); - regsubkey_ctr_addkey( subkey_ctr, "Forms" ); - } - else if ( strequal( KEY_PRINTING_2K, key ) ) { - regsubkey_ctr_addkey( subkey_ctr, "Printers" ); - } - } - else + if ( path ) { num_subkeys = handle_printing_subpath( path, subkey_ctr, NULL ); + SAFE_FREE( path ); + return num_subkeys; + } - SAFE_FREE( path ); - + /* handle top level keys here */ + + if ( strequal( KEY_PRINTING, key ) ) { + regsubkey_ctr_addkey( subkey_ctr, "Environments" ); + regsubkey_ctr_addkey( subkey_ctr, "Forms" ); + } + else if ( strequal( KEY_PRINTING_2K, key ) ) { + regsubkey_ctr_addkey( subkey_ctr, "Printers" ); + } + return num_subkeys; } @@ -879,25 +875,22 @@ static int printing_subkey_info( const char *key, REGSUBKEY_CTR *subkey_ctr ) static int printing_value_info( const char *key, REGVAL_CTR *val ) { char *path; - BOOL top_level = False; int num_values = 0; DEBUG(10,("printing_value_info: key=>[%s]\n", key)); path = trim_reg_path( key ); + + if ( path ) { + num_values = handle_printing_subpath( path, NULL, val ); + SAFE_FREE( path ); + return num_values; + } - /* check to see if we are dealing with the top level key */ - - if ( !path ) - top_level = True; + /* top level key */ - /* fill in values from the getprinterdata_printer_server() */ - if ( top_level ) { - if ( strequal( key, KEY_PRINTING_PORTS ) ) - num_values = fill_ports_values( val ); - } else - num_values = handle_printing_subpath( path, NULL, val ); - + if ( strequal( key, KEY_PRINTING_PORTS ) ) + num_values = fill_ports_values( val ); return num_values; } diff --git a/source3/rpc_client/cli_reg.c b/source3/rpc_client/cli_reg.c index c3a1aba90d..97ae8b29e7 100644 --- a/source3/rpc_client/cli_reg.c +++ b/source3/rpc_client/cli_reg.c @@ -438,12 +438,12 @@ WERROR cli_reg_delete_key(struct cli_state *cli, TALLOC_CTX *mem_ctx, /**************************************************************************** do a REG Create Key ****************************************************************************/ -WERROR cli_reg_create_key(struct cli_state *cli, TALLOC_CTX *mem_ctx, +WERROR cli_reg_create_key_ex(struct cli_state *cli, TALLOC_CTX *mem_ctx, POLICY_HND *hnd, char *key_name, char *key_class, uint32 access_desired, POLICY_HND *key) { - REG_Q_CREATE_KEY in; - REG_R_CREATE_KEY out; + REG_Q_CREATE_KEY_EX in; + REG_R_CREATE_KEY_EX out; prs_struct qbuf, rbuf; SEC_DESC *sec; SEC_DESC_BUF *sec_buf; @@ -461,13 +461,13 @@ WERROR cli_reg_create_key(struct cli_state *cli, TALLOC_CTX *mem_ctx, if ( !(sec_buf = make_sec_desc_buf(mem_ctx, sec_len, sec)) ) return WERR_GENERAL_FAILURE; - init_reg_q_create_key(&in, hnd, key_name, key_class, access_desired, sec_buf); + init_reg_q_create_key_ex(&in, hnd, key_name, key_class, access_desired, sec_buf); - CLI_DO_RPC( cli, mem_ctx, PI_WINREG, REG_CREATE_KEY, + CLI_DO_RPC( cli, mem_ctx, PI_WINREG, REG_CREATE_KEY_EX, in, out, qbuf, rbuf, - reg_io_q_create_key, - reg_io_r_create_key, + reg_io_q_create_key_ex, + reg_io_r_create_key_ex, WERR_GENERAL_FAILURE ); diff --git a/source3/rpc_parse/parse_reg.c b/source3/rpc_parse/parse_reg.c index 9048f0f58f..c46eef1300 100644 --- a/source3/rpc_parse/parse_reg.c +++ b/source3/rpc_parse/parse_reg.c @@ -206,7 +206,7 @@ static BOOL reg_io_hdrbuf_sec(uint32 ptr, uint32 *ptr3, BUFHDR *hdr_sec, Inits a registry key create request ********************************************************************/ -void init_reg_q_create_key(REG_Q_CREATE_KEY *q_c, POLICY_HND *hnd, +void init_reg_q_create_key_ex(REG_Q_CREATE_KEY_EX *q_c, POLICY_HND *hnd, char *name, char *key_class, uint32 access_desired, SEC_DESC_BUF *sec_buf) { @@ -234,13 +234,13 @@ void init_reg_q_create_key(REG_Q_CREATE_KEY *q_c, POLICY_HND *hnd, Marshalls a registry key create request ********************************************************************/ -BOOL reg_io_q_create_key(const char *desc, REG_Q_CREATE_KEY *q_u, +BOOL reg_io_q_create_key_ex(const char *desc, REG_Q_CREATE_KEY_EX *q_u, prs_struct *ps, int depth) { if ( !q_u ) return False; - prs_debug(ps, depth, desc, "reg_io_q_create_key"); + prs_debug(ps, depth, desc, "reg_io_q_create_key_ex"); depth++; if(!prs_align(ps)) @@ -285,13 +285,13 @@ BOOL reg_io_q_create_key(const char *desc, REG_Q_CREATE_KEY *q_u, Unmarshalls a registry key create response ********************************************************************/ -BOOL reg_io_r_create_key(const char *desc, REG_R_CREATE_KEY *r_u, +BOOL reg_io_r_create_key_ex(const char *desc, REG_R_CREATE_KEY_EX *r_u, prs_struct *ps, int depth) { if ( !r_u ) return False; - prs_debug(ps, depth, desc, "reg_io_r_create_key"); + prs_debug(ps, depth, desc, "reg_io_r_create_key_ex"); depth++; if(!prs_align(ps)) @@ -299,7 +299,7 @@ BOOL reg_io_r_create_key(const char *desc, REG_R_CREATE_KEY *r_u, if(!smb_io_pol_hnd("", &r_u->handle, ps, depth)) return False; - if(!prs_uint32("unknown", ps, depth, &r_u->unknown)) + if(!prs_uint32("disposition", ps, depth, &r_u->disposition)) return False; if(!prs_werror("status", ps, depth, &r_u->status)) diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c index b724508e0b..15d420538e 100644 --- a/source3/rpc_server/srv_lsa_nt.c +++ b/source3/rpc_server/srv_lsa_nt.c @@ -1544,7 +1544,7 @@ NTSTATUS _lsa_lookup_priv_value(pipes_struct *p, LSA_Q_LOOKUP_PRIV_VALUE *q_u, L unistr2_to_ascii(name, &q_u->privname.unistring, sizeof(name)); - DEBUG(10,("_lsa_priv_get_dispname: name = %s\n", name)); + DEBUG(10,("_lsa_lookup_priv_value: name = %s\n", name)); if ( !se_priv_from_name( name, &mask ) ) return NT_STATUS_NO_SUCH_PRIVILEGE; diff --git a/source3/rpc_server/srv_reg.c b/source3/rpc_server/srv_reg.c index efff8e6722..871b1a9f12 100644 --- a/source3/rpc_server/srv_reg.c +++ b/source3/rpc_server/srv_reg.c @@ -419,22 +419,22 @@ static BOOL api_reg_save_key(pipes_struct *p) /******************************************************************* ******************************************************************/ -static BOOL api_reg_create_key(pipes_struct *p) +static BOOL api_reg_create_key_ex(pipes_struct *p) { - REG_Q_CREATE_KEY q_u; - REG_R_CREATE_KEY r_u; + REG_Q_CREATE_KEY_EX q_u; + REG_R_CREATE_KEY_EX r_u; prs_struct *data = &p->in_data.data; prs_struct *rdata = &p->out_data.rdata; ZERO_STRUCT(q_u); ZERO_STRUCT(r_u); - if(!reg_io_q_create_key("", &q_u, data, 0)) + if(!reg_io_q_create_key_ex("", &q_u, data, 0)) return False; - r_u.status = _reg_create_key(p, &q_u, &r_u); + r_u.status = _reg_create_key_ex(p, &q_u, &r_u); - if(!reg_io_r_create_key("", &r_u, rdata, 0)) + if(!reg_io_r_create_key_ex("", &r_u, rdata, 0)) return False; return True; @@ -584,7 +584,7 @@ static struct api_struct api_reg_cmds[] = { "REG_GETVERSION" , REG_GETVERSION , api_reg_getversion }, { "REG_SAVE_KEY" , REG_SAVE_KEY , api_reg_save_key }, { "REG_RESTORE_KEY" , REG_RESTORE_KEY , api_reg_restore_key }, - { "REG_CREATE_KEY" , REG_CREATE_KEY , api_reg_create_key }, + { "REG_CREATE_KEY_EX" , REG_CREATE_KEY_EX , api_reg_create_key_ex }, { "REG_SET_VALUE" , REG_SET_VALUE , api_reg_set_value }, { "REG_DELETE_KEY" , REG_DELETE_KEY , api_reg_delete_key }, { "REG_DELETE_VALUE" , REG_DELETE_VALUE , api_reg_delete_value }, diff --git a/source3/rpc_server/srv_reg_nt.c b/source3/rpc_server/srv_reg_nt.c index 158888967b..7170c0a301 100644 --- a/source3/rpc_server/srv_reg_nt.c +++ b/source3/rpc_server/srv_reg_nt.c @@ -30,17 +30,10 @@ #undef DBGC_CLASS #define DBGC_CLASS DBGC_RPC_SRV -#define REGSTR_PRODUCTTYPE "ProductType" -#define REG_PT_WINNT "WinNT" -#define REG_PT_LANMANNT "LanmanNT" -#define REG_PT_SERVERNT "ServerNT" - #define OUR_HANDLE(hnd) (((hnd)==NULL)?"NULL":(IVAL((hnd)->data5,4)==(uint32)sys_getpid()?"OURS":"OTHER")), \ ((unsigned int)IVAL((hnd)->data5,4)),((unsigned int)sys_getpid()) -/* no idea if this is correct, just use the file access bits for now */ - static struct generic_mapping reg_generic_map = { REG_KEY_READ, REG_KEY_WRITE, REG_KEY_EXECUTE, REG_KEY_ALL }; /******************************************************************** @@ -266,9 +259,7 @@ static BOOL get_subkey_information( REGISTRY_KEY *key, uint32 *maxnum, uint32 *m } /******************************************************************** - retrieve information about the values. We don't store values - here. The registry tdb is intended to be a frontend to oether - Samba tdb's (such as ntdrivers.tdb). + retrieve information about the values. *******************************************************************/ static BOOL get_value_information( REGISTRY_KEY *key, uint32 *maxnum, @@ -294,7 +285,7 @@ static BOOL get_value_information( REGISTRY_KEY *key, uint32 *maxnum, for ( i=0; i<num_values && val; i++ ) { - lenmax = MAX(lenmax, strlen(val->valuename)+1 ); + lenmax = MAX(lenmax, val->valuename ? strlen(val->valuename)+1 : 0 ); sizemax = MAX(sizemax, val->size ); val = regval_ctr_specific_value( &values, i ); @@ -1106,7 +1097,7 @@ WERROR _reg_save_key(pipes_struct *p, REG_Q_SAVE_KEY *q_u, REG_R_SAVE_KEY *r_u) /******************************************************************* ********************************************************************/ -WERROR _reg_create_key(pipes_struct *p, REG_Q_CREATE_KEY *q_u, REG_R_CREATE_KEY *r_u) +WERROR _reg_create_key_ex(pipes_struct *p, REG_Q_CREATE_KEY_EX *q_u, REG_R_CREATE_KEY_EX *r_u) { REGISTRY_KEY *parent = find_regkey_index_by_hnd(p, &q_u->handle); REGISTRY_KEY *newparent; @@ -1223,6 +1214,12 @@ WERROR _reg_set_value(pipes_struct *p, REG_Q_SET_VALUE *q_u, REG_R_SET_VALUE *r rpcstr_pull( valuename, q_u->name.string->buffer, sizeof(valuename), q_u->name.string->uni_str_len*2, 0 ); + /* verify the name */ + + if ( !*valuename ) + return WERR_INVALID_PARAM; + + DEBUG(8,("_reg_set_value: Setting value for [%s:%s]\n", key->name, valuename)); regval_ctr_init( &values ); @@ -1357,6 +1354,11 @@ WERROR _reg_delete_value(pipes_struct *p, REG_Q_DELETE_VALUE *q_u, REG_R_DELETE rpcstr_pull( valuename, q_u->name.string->buffer, sizeof(valuename), q_u->name.string->uni_str_len*2, 0 ); + if ( !*valuename ) + return WERR_INVALID_PARAM; + + DEBUG(8,("_reg_delete_value: Setting value for [%s:%s]\n", key->name, valuename)); + regval_ctr_init( &values ); /* lookup the current values and add the new one */ diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c index e05bfa1eaa..12e8e2bd41 100644 --- a/source3/rpc_server/srv_spoolss_nt.c +++ b/source3/rpc_server/srv_spoolss_nt.c @@ -2211,7 +2211,8 @@ static WERROR get_printer_dataex( TALLOC_CTX *ctx, NT_PRINTER_INFO_LEVEL *printe uint32 *needed, uint32 in_size ) { REGISTRY_VALUE *val; - int size, data_len; + uint32 size; + int data_len; if ( !(val = get_printer_data( printer->info_2, key, value)) ) return WERR_BADFILE; @@ -8030,7 +8031,7 @@ WERROR _spoolss_enumprinterdata(pipes_struct *p, SPOOL_Q_ENUMPRINTERDATA *q_u, S result = WERR_NOMEM; goto done; } - data_len = (size_t)regval_size(val); + data_len = regval_size(val); memcpy( *data_out, regval_data_p(val), data_len ); *out_data_len = data_len; } @@ -9250,7 +9251,7 @@ WERROR _spoolss_enumprinterdataex(pipes_struct *p, SPOOL_Q_ENUMPRINTERDATAEX *q_ int i; REGISTRY_VALUE *val; char *value_name; - int data_len; + uint32 data_len; DEBUG(4,("_spoolss_enumprinterdataex\n")); |