summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2009-04-15 01:30:12 +0200
committerGünther Deschner <gd@samba.org>2009-04-21 12:42:51 +0200
commit38264bb3b86a3c9da941070f29ec08227c471d2b (patch)
tree2114d951d07ddeed4dce904eb9c9c9e3557242d5
parentda92e54236293460e307edd52ca7f1e20c6f23ef (diff)
downloadsamba-38264bb3b86a3c9da941070f29ec08227c471d2b.tar.gz
samba-38264bb3b86a3c9da941070f29ec08227c471d2b.tar.bz2
samba-38264bb3b86a3c9da941070f29ec08227c471d2b.zip
s3-secdesc: move all winreg access bits to IDL.
Guenther
-rw-r--r--librpc/gen_ndr/winreg.h4
-rw-r--r--librpc/idl/winreg.idl20
-rw-r--r--source3/include/rpc_secdes.h35
-rw-r--r--source3/lib/smbconf/smbconf_reg.c2
-rw-r--r--source3/registry/reg_api.c28
-rw-r--r--source3/rpcclient/cmd_test.c2
-rw-r--r--source3/utils/net_rpc.c6
7 files changed, 43 insertions, 54 deletions
diff --git a/librpc/gen_ndr/winreg.h b/librpc/gen_ndr/winreg.h
index e0300fd0e7..103817c466 100644
--- a/librpc/gen_ndr/winreg.h
+++ b/librpc/gen_ndr/winreg.h
@@ -9,6 +9,10 @@
#ifndef _HEADER_winreg
#define _HEADER_winreg
+#define REG_KEY_READ ( (STANDARD_RIGHTS_READ_ACCESS|KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY) )
+#define REG_KEY_EXECUTE ( REG_KEY_READ )
+#define REG_KEY_WRITE ( (STANDARD_RIGHTS_WRITE_ACCESS|KEY_SET_VALUE|KEY_CREATE_SUB_KEY) )
+#define REG_KEY_ALL ( (STANDARD_RIGHTS_REQUIRED_ACCESS|REG_KEY_READ|REG_KEY_WRITE|KEY_CREATE_LINK) )
/* bitmap winreg_AccessMask */
#define KEY_QUERY_VALUE ( 0x00001 )
#define KEY_SET_VALUE ( 0x00002 )
diff --git a/librpc/idl/winreg.idl b/librpc/idl/winreg.idl
index b905bdea7b..18b5edcb5d 100644
--- a/librpc/idl/winreg.idl
+++ b/librpc/idl/winreg.idl
@@ -14,6 +14,10 @@ import "lsa.idl", "security.idl";
{
typedef bitmap security_secinfo security_secinfo;
+ /*
+ * Access Bits for registry ACLS
+ */
+
typedef [bitmap32bit] bitmap {
KEY_QUERY_VALUE = 0x00001,
KEY_SET_VALUE = 0x00002,
@@ -25,6 +29,22 @@ import "lsa.idl", "security.idl";
KEY_WOW64_32KEY = 0x00200
} winreg_AccessMask;
+ const int REG_KEY_READ = ( STANDARD_RIGHTS_READ_ACCESS |
+ KEY_QUERY_VALUE |
+ KEY_ENUMERATE_SUB_KEYS |
+ KEY_NOTIFY);
+
+ const int REG_KEY_EXECUTE = REG_KEY_READ;
+
+ const int REG_KEY_WRITE = ( STANDARD_RIGHTS_WRITE_ACCESS |
+ KEY_SET_VALUE |
+ KEY_CREATE_SUB_KEY);
+
+ const int REG_KEY_ALL = ( STANDARD_RIGHTS_REQUIRED_ACCESS |
+ REG_KEY_READ |
+ REG_KEY_WRITE |
+ KEY_CREATE_LINK);
+
typedef [public,v1_enum] enum {
REG_NONE = 0,
REG_SZ = 1,
diff --git a/source3/include/rpc_secdes.h b/source3/include/rpc_secdes.h
index c74d621f35..1ce3f84600 100644
--- a/source3/include/rpc_secdes.h
+++ b/source3/include/rpc_secdes.h
@@ -194,39 +194,4 @@ struct standard_mapping {
SA_RIGHT_FILE_WRITE_DATA | \
SA_RIGHT_FILE_READ_DATA)
-/*
- * Access Bits for registry ACLS
- */
-
-/* used by registry ACLs */
-
-#define SEC_RIGHTS_QUERY_VALUE 0x00000001
-#define SEC_RIGHTS_SET_VALUE 0x00000002
-#define SEC_RIGHTS_CREATE_SUBKEY 0x00000004
-#define SEC_RIGHTS_ENUM_SUBKEYS 0x00000008
-#define SEC_RIGHTS_NOTIFY 0x00000010
-#define SEC_RIGHTS_CREATE_LINK 0x00000020
-#define SEC_RIGHTS_MAXIMUM_ALLOWED 0x02000000
-
-
-#define REG_KEY_READ \
- ( STANDARD_RIGHTS_READ_ACCESS |\
- SEC_RIGHTS_QUERY_VALUE |\
- SEC_RIGHTS_ENUM_SUBKEYS |\
- SEC_RIGHTS_NOTIFY )
-
-#define REG_KEY_EXECUTE REG_KEY_READ
-
-#define REG_KEY_WRITE \
- ( STANDARD_RIGHTS_WRITE_ACCESS |\
- SEC_RIGHTS_SET_VALUE |\
- SEC_RIGHTS_CREATE_SUBKEY )
-
-#define REG_KEY_ALL \
- ( STANDARD_RIGHTS_REQUIRED_ACCESS |\
- REG_KEY_READ |\
- REG_KEY_WRITE |\
- SEC_RIGHTS_CREATE_LINK )
-
-
#endif /* _RPC_SECDES_H */
diff --git a/source3/lib/smbconf/smbconf_reg.c b/source3/lib/smbconf/smbconf_reg.c
index 0ecac97575..54ce5348a7 100644
--- a/source3/lib/smbconf/smbconf_reg.c
+++ b/source3/lib/smbconf/smbconf_reg.c
@@ -567,7 +567,7 @@ static WERROR smbconf_reg_init(struct smbconf_ctx *ctx, const char *path)
}
werr = reg_open_path(ctx, ctx->path,
- SEC_RIGHTS_ENUM_SUBKEYS | REG_KEY_WRITE,
+ KEY_ENUMERATE_SUB_KEYS | REG_KEY_WRITE,
token, &rpd(ctx)->base_key);
if (!W_ERROR_IS_OK(werr)) {
goto done;
diff --git a/source3/registry/reg_api.c b/source3/registry/reg_api.c
index c1a78c14dc..817d43be6b 100644
--- a/source3/registry/reg_api.c
+++ b/source3/registry/reg_api.c
@@ -272,7 +272,7 @@ WERROR reg_openkey(TALLOC_CTX *mem_ctx, struct registry_key *parent,
err = regkey_open_onelevel(mem_ctx, direct_parent,
name_component, parent->token,
- SEC_RIGHTS_ENUM_SUBKEYS, &tmp);
+ KEY_ENUMERATE_SUB_KEYS, &tmp);
SAFE_FREE(name_component);
if (!W_ERROR_IS_OK(err)) {
@@ -301,7 +301,7 @@ WERROR reg_enumkey(TALLOC_CTX *mem_ctx, struct registry_key *key,
{
WERROR err;
- if (!(key->key->access_granted & SEC_RIGHTS_ENUM_SUBKEYS)) {
+ if (!(key->key->access_granted & KEY_ENUMERATE_SUB_KEYS)) {
return WERR_ACCESS_DENIED;
}
@@ -332,7 +332,7 @@ WERROR reg_enumvalue(TALLOC_CTX *mem_ctx, struct registry_key *key,
struct registry_value *val;
WERROR err;
- if (!(key->key->access_granted & SEC_RIGHTS_QUERY_VALUE)) {
+ if (!(key->key->access_granted & KEY_QUERY_VALUE)) {
return WERR_ACCESS_DENIED;
}
@@ -370,7 +370,7 @@ WERROR reg_queryvalue(TALLOC_CTX *mem_ctx, struct registry_key *key,
WERROR err;
uint32 i;
- if (!(key->key->access_granted & SEC_RIGHTS_QUERY_VALUE)) {
+ if (!(key->key->access_granted & KEY_QUERY_VALUE)) {
return WERR_ACCESS_DENIED;
}
@@ -399,7 +399,7 @@ WERROR reg_queryinfokey(struct registry_key *key, uint32_t *num_subkeys,
WERROR err;
struct security_descriptor *secdesc;
- if (!(key->key->access_granted & SEC_RIGHTS_QUERY_VALUE)) {
+ if (!(key->key->access_granted & KEY_QUERY_VALUE)) {
return WERR_ACCESS_DENIED;
}
@@ -483,7 +483,7 @@ WERROR reg_createkey(TALLOC_CTX *ctx, struct registry_key *parent,
*end = '\0';
err = reg_createkey(mem_ctx, key, path,
- SEC_RIGHTS_ENUM_SUBKEYS, &tmp, &action);
+ KEY_ENUMERATE_SUB_KEYS, &tmp, &action);
if (!W_ERROR_IS_OK(err)) {
goto done;
}
@@ -521,7 +521,7 @@ WERROR reg_createkey(TALLOC_CTX *ctx, struct registry_key *parent,
* with ENUM_SUBKEY access.
*/
- err = reg_openkey(mem_ctx, key, "", SEC_RIGHTS_CREATE_SUBKEY,
+ err = reg_openkey(mem_ctx, key, "", KEY_CREATE_SUB_KEY,
&create_parent);
if (!W_ERROR_IS_OK(err)) {
goto done;
@@ -582,7 +582,7 @@ WERROR reg_deletekey(struct registry_key *parent, const char *path)
*end = '\0';
err = reg_openkey(mem_ctx, parent, name,
- SEC_RIGHTS_CREATE_SUBKEY, &tmp_key);
+ KEY_CREATE_SUB_KEY, &tmp_key);
W_ERROR_NOT_OK_GOTO_DONE(err);
parent = tmp_key;
@@ -608,7 +608,7 @@ WERROR reg_setvalue(struct registry_key *key, const char *name,
DATA_BLOB value_data;
int res;
- if (!(key->key->access_granted & SEC_RIGHTS_SET_VALUE)) {
+ if (!(key->key->access_granted & KEY_SET_VALUE)) {
return WERR_ACCESS_DENIED;
}
@@ -655,7 +655,7 @@ WERROR reg_deletevalue(struct registry_key *key, const char *name)
{
WERROR err;
- if (!(key->key->access_granted & SEC_RIGHTS_SET_VALUE)) {
+ if (!(key->key->access_granted & KEY_SET_VALUE)) {
return WERR_ACCESS_DENIED;
}
@@ -982,7 +982,7 @@ WERROR reg_deleteallvalues(struct registry_key *key)
WERROR err;
int i;
- if (!(key->key->access_granted & SEC_RIGHTS_SET_VALUE)) {
+ if (!(key->key->access_granted & KEY_SET_VALUE)) {
return WERR_ACCESS_DENIED;
}
@@ -1038,7 +1038,7 @@ WERROR reg_open_path(TALLOC_CTX *mem_ctx, const char *orig_path,
*p = '\0';
- err = reg_openhive(mem_ctx, path, SEC_RIGHTS_ENUM_SUBKEYS, token,
+ err = reg_openhive(mem_ctx, path, KEY_ENUMERATE_SUB_KEYS, token,
&hive);
if (!W_ERROR_IS_OK(err)) {
SAFE_FREE(path);
@@ -1209,7 +1209,7 @@ WERROR reg_create_path(TALLOC_CTX *mem_ctx, const char *orig_path,
err = reg_openhive(mem_ctx, path,
(strchr(p+1, '\\') != NULL) ?
- SEC_RIGHTS_ENUM_SUBKEYS : SEC_RIGHTS_CREATE_SUBKEY,
+ KEY_ENUMERATE_SUB_KEYS : KEY_CREATE_SUB_KEY,
token, &hive);
if (!W_ERROR_IS_OK(err)) {
SAFE_FREE(path);
@@ -1249,7 +1249,7 @@ WERROR reg_delete_path(const struct nt_user_token *token,
err = reg_openhive(NULL, path,
(strchr(p+1, '\\') != NULL) ?
- SEC_RIGHTS_ENUM_SUBKEYS : SEC_RIGHTS_CREATE_SUBKEY,
+ KEY_ENUMERATE_SUB_KEYS : KEY_CREATE_SUB_KEY,
token, &hive);
if (!W_ERROR_IS_OK(err)) {
SAFE_FREE(path);
diff --git a/source3/rpcclient/cmd_test.c b/source3/rpcclient/cmd_test.c
index b7be038539..85e90a19b5 100644
--- a/source3/rpcclient/cmd_test.c
+++ b/source3/rpcclient/cmd_test.c
@@ -45,7 +45,7 @@ static NTSTATUS cmd_testme(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
}
status = rpccli_lsa_open_policy(lsa_pipe, mem_ctx, False,
- SEC_RIGHTS_QUERY_VALUE, &pol);
+ KEY_QUERY_VALUE, &pol);
if (!NT_STATUS_IS_OK(status))
goto done;
diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
index 845ceca573..29e2f4f05d 100644
--- a/source3/utils/net_rpc.c
+++ b/source3/utils/net_rpc.c
@@ -5596,7 +5596,7 @@ static int rpc_trustdom_establish(struct net_context *c, int argc,
return -1;
}
- nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, true, SEC_RIGHTS_QUERY_VALUE,
+ nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, true, KEY_QUERY_VALUE,
&connect_hnd);
if (NT_STATUS_IS_ERR(nt_status)) {
DEBUG(0, ("Couldn't open policy handle. Error was %s\n",
@@ -5854,7 +5854,7 @@ static int rpc_trustdom_vampire(struct net_context *c, int argc,
return -1;
};
- nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, false, SEC_RIGHTS_QUERY_VALUE,
+ nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, false, KEY_QUERY_VALUE,
&connect_hnd);
if (NT_STATUS_IS_ERR(nt_status)) {
DEBUG(0, ("Couldn't open policy handle. Error was %s\n",
@@ -6011,7 +6011,7 @@ static int rpc_trustdom_list(struct net_context *c, int argc, const char **argv)
return -1;
};
- nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, false, SEC_RIGHTS_QUERY_VALUE,
+ nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, false, KEY_QUERY_VALUE,
&connect_hnd);
if (NT_STATUS_IS_ERR(nt_status)) {
DEBUG(0, ("Couldn't open policy handle. Error was %s\n",