diff options
author | Günther Deschner <gd@samba.org> | 2009-04-15 01:30:12 +0200 |
---|---|---|
committer | Günther Deschner <gd@samba.org> | 2009-04-21 12:42:51 +0200 |
commit | 38264bb3b86a3c9da941070f29ec08227c471d2b (patch) | |
tree | 2114d951d07ddeed4dce904eb9c9c9e3557242d5 | |
parent | da92e54236293460e307edd52ca7f1e20c6f23ef (diff) | |
download | samba-38264bb3b86a3c9da941070f29ec08227c471d2b.tar.gz samba-38264bb3b86a3c9da941070f29ec08227c471d2b.tar.bz2 samba-38264bb3b86a3c9da941070f29ec08227c471d2b.zip |
s3-secdesc: move all winreg access bits to IDL.
Guenther
-rw-r--r-- | librpc/gen_ndr/winreg.h | 4 | ||||
-rw-r--r-- | librpc/idl/winreg.idl | 20 | ||||
-rw-r--r-- | source3/include/rpc_secdes.h | 35 | ||||
-rw-r--r-- | source3/lib/smbconf/smbconf_reg.c | 2 | ||||
-rw-r--r-- | source3/registry/reg_api.c | 28 | ||||
-rw-r--r-- | source3/rpcclient/cmd_test.c | 2 | ||||
-rw-r--r-- | source3/utils/net_rpc.c | 6 |
7 files changed, 43 insertions, 54 deletions
diff --git a/librpc/gen_ndr/winreg.h b/librpc/gen_ndr/winreg.h index e0300fd0e7..103817c466 100644 --- a/librpc/gen_ndr/winreg.h +++ b/librpc/gen_ndr/winreg.h @@ -9,6 +9,10 @@ #ifndef _HEADER_winreg #define _HEADER_winreg +#define REG_KEY_READ ( (STANDARD_RIGHTS_READ_ACCESS|KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY) ) +#define REG_KEY_EXECUTE ( REG_KEY_READ ) +#define REG_KEY_WRITE ( (STANDARD_RIGHTS_WRITE_ACCESS|KEY_SET_VALUE|KEY_CREATE_SUB_KEY) ) +#define REG_KEY_ALL ( (STANDARD_RIGHTS_REQUIRED_ACCESS|REG_KEY_READ|REG_KEY_WRITE|KEY_CREATE_LINK) ) /* bitmap winreg_AccessMask */ #define KEY_QUERY_VALUE ( 0x00001 ) #define KEY_SET_VALUE ( 0x00002 ) diff --git a/librpc/idl/winreg.idl b/librpc/idl/winreg.idl index b905bdea7b..18b5edcb5d 100644 --- a/librpc/idl/winreg.idl +++ b/librpc/idl/winreg.idl @@ -14,6 +14,10 @@ import "lsa.idl", "security.idl"; { typedef bitmap security_secinfo security_secinfo; + /* + * Access Bits for registry ACLS + */ + typedef [bitmap32bit] bitmap { KEY_QUERY_VALUE = 0x00001, KEY_SET_VALUE = 0x00002, @@ -25,6 +29,22 @@ import "lsa.idl", "security.idl"; KEY_WOW64_32KEY = 0x00200 } winreg_AccessMask; + const int REG_KEY_READ = ( STANDARD_RIGHTS_READ_ACCESS | + KEY_QUERY_VALUE | + KEY_ENUMERATE_SUB_KEYS | + KEY_NOTIFY); + + const int REG_KEY_EXECUTE = REG_KEY_READ; + + const int REG_KEY_WRITE = ( STANDARD_RIGHTS_WRITE_ACCESS | + KEY_SET_VALUE | + KEY_CREATE_SUB_KEY); + + const int REG_KEY_ALL = ( STANDARD_RIGHTS_REQUIRED_ACCESS | + REG_KEY_READ | + REG_KEY_WRITE | + KEY_CREATE_LINK); + typedef [public,v1_enum] enum { REG_NONE = 0, REG_SZ = 1, diff --git a/source3/include/rpc_secdes.h b/source3/include/rpc_secdes.h index c74d621f35..1ce3f84600 100644 --- a/source3/include/rpc_secdes.h +++ b/source3/include/rpc_secdes.h @@ -194,39 +194,4 @@ struct standard_mapping { SA_RIGHT_FILE_WRITE_DATA | \ SA_RIGHT_FILE_READ_DATA) -/* - * Access Bits for registry ACLS - */ - -/* used by registry ACLs */ - -#define SEC_RIGHTS_QUERY_VALUE 0x00000001 -#define SEC_RIGHTS_SET_VALUE 0x00000002 -#define SEC_RIGHTS_CREATE_SUBKEY 0x00000004 -#define SEC_RIGHTS_ENUM_SUBKEYS 0x00000008 -#define SEC_RIGHTS_NOTIFY 0x00000010 -#define SEC_RIGHTS_CREATE_LINK 0x00000020 -#define SEC_RIGHTS_MAXIMUM_ALLOWED 0x02000000 - - -#define REG_KEY_READ \ - ( STANDARD_RIGHTS_READ_ACCESS |\ - SEC_RIGHTS_QUERY_VALUE |\ - SEC_RIGHTS_ENUM_SUBKEYS |\ - SEC_RIGHTS_NOTIFY ) - -#define REG_KEY_EXECUTE REG_KEY_READ - -#define REG_KEY_WRITE \ - ( STANDARD_RIGHTS_WRITE_ACCESS |\ - SEC_RIGHTS_SET_VALUE |\ - SEC_RIGHTS_CREATE_SUBKEY ) - -#define REG_KEY_ALL \ - ( STANDARD_RIGHTS_REQUIRED_ACCESS |\ - REG_KEY_READ |\ - REG_KEY_WRITE |\ - SEC_RIGHTS_CREATE_LINK ) - - #endif /* _RPC_SECDES_H */ diff --git a/source3/lib/smbconf/smbconf_reg.c b/source3/lib/smbconf/smbconf_reg.c index 0ecac97575..54ce5348a7 100644 --- a/source3/lib/smbconf/smbconf_reg.c +++ b/source3/lib/smbconf/smbconf_reg.c @@ -567,7 +567,7 @@ static WERROR smbconf_reg_init(struct smbconf_ctx *ctx, const char *path) } werr = reg_open_path(ctx, ctx->path, - SEC_RIGHTS_ENUM_SUBKEYS | REG_KEY_WRITE, + KEY_ENUMERATE_SUB_KEYS | REG_KEY_WRITE, token, &rpd(ctx)->base_key); if (!W_ERROR_IS_OK(werr)) { goto done; diff --git a/source3/registry/reg_api.c b/source3/registry/reg_api.c index c1a78c14dc..817d43be6b 100644 --- a/source3/registry/reg_api.c +++ b/source3/registry/reg_api.c @@ -272,7 +272,7 @@ WERROR reg_openkey(TALLOC_CTX *mem_ctx, struct registry_key *parent, err = regkey_open_onelevel(mem_ctx, direct_parent, name_component, parent->token, - SEC_RIGHTS_ENUM_SUBKEYS, &tmp); + KEY_ENUMERATE_SUB_KEYS, &tmp); SAFE_FREE(name_component); if (!W_ERROR_IS_OK(err)) { @@ -301,7 +301,7 @@ WERROR reg_enumkey(TALLOC_CTX *mem_ctx, struct registry_key *key, { WERROR err; - if (!(key->key->access_granted & SEC_RIGHTS_ENUM_SUBKEYS)) { + if (!(key->key->access_granted & KEY_ENUMERATE_SUB_KEYS)) { return WERR_ACCESS_DENIED; } @@ -332,7 +332,7 @@ WERROR reg_enumvalue(TALLOC_CTX *mem_ctx, struct registry_key *key, struct registry_value *val; WERROR err; - if (!(key->key->access_granted & SEC_RIGHTS_QUERY_VALUE)) { + if (!(key->key->access_granted & KEY_QUERY_VALUE)) { return WERR_ACCESS_DENIED; } @@ -370,7 +370,7 @@ WERROR reg_queryvalue(TALLOC_CTX *mem_ctx, struct registry_key *key, WERROR err; uint32 i; - if (!(key->key->access_granted & SEC_RIGHTS_QUERY_VALUE)) { + if (!(key->key->access_granted & KEY_QUERY_VALUE)) { return WERR_ACCESS_DENIED; } @@ -399,7 +399,7 @@ WERROR reg_queryinfokey(struct registry_key *key, uint32_t *num_subkeys, WERROR err; struct security_descriptor *secdesc; - if (!(key->key->access_granted & SEC_RIGHTS_QUERY_VALUE)) { + if (!(key->key->access_granted & KEY_QUERY_VALUE)) { return WERR_ACCESS_DENIED; } @@ -483,7 +483,7 @@ WERROR reg_createkey(TALLOC_CTX *ctx, struct registry_key *parent, *end = '\0'; err = reg_createkey(mem_ctx, key, path, - SEC_RIGHTS_ENUM_SUBKEYS, &tmp, &action); + KEY_ENUMERATE_SUB_KEYS, &tmp, &action); if (!W_ERROR_IS_OK(err)) { goto done; } @@ -521,7 +521,7 @@ WERROR reg_createkey(TALLOC_CTX *ctx, struct registry_key *parent, * with ENUM_SUBKEY access. */ - err = reg_openkey(mem_ctx, key, "", SEC_RIGHTS_CREATE_SUBKEY, + err = reg_openkey(mem_ctx, key, "", KEY_CREATE_SUB_KEY, &create_parent); if (!W_ERROR_IS_OK(err)) { goto done; @@ -582,7 +582,7 @@ WERROR reg_deletekey(struct registry_key *parent, const char *path) *end = '\0'; err = reg_openkey(mem_ctx, parent, name, - SEC_RIGHTS_CREATE_SUBKEY, &tmp_key); + KEY_CREATE_SUB_KEY, &tmp_key); W_ERROR_NOT_OK_GOTO_DONE(err); parent = tmp_key; @@ -608,7 +608,7 @@ WERROR reg_setvalue(struct registry_key *key, const char *name, DATA_BLOB value_data; int res; - if (!(key->key->access_granted & SEC_RIGHTS_SET_VALUE)) { + if (!(key->key->access_granted & KEY_SET_VALUE)) { return WERR_ACCESS_DENIED; } @@ -655,7 +655,7 @@ WERROR reg_deletevalue(struct registry_key *key, const char *name) { WERROR err; - if (!(key->key->access_granted & SEC_RIGHTS_SET_VALUE)) { + if (!(key->key->access_granted & KEY_SET_VALUE)) { return WERR_ACCESS_DENIED; } @@ -982,7 +982,7 @@ WERROR reg_deleteallvalues(struct registry_key *key) WERROR err; int i; - if (!(key->key->access_granted & SEC_RIGHTS_SET_VALUE)) { + if (!(key->key->access_granted & KEY_SET_VALUE)) { return WERR_ACCESS_DENIED; } @@ -1038,7 +1038,7 @@ WERROR reg_open_path(TALLOC_CTX *mem_ctx, const char *orig_path, *p = '\0'; - err = reg_openhive(mem_ctx, path, SEC_RIGHTS_ENUM_SUBKEYS, token, + err = reg_openhive(mem_ctx, path, KEY_ENUMERATE_SUB_KEYS, token, &hive); if (!W_ERROR_IS_OK(err)) { SAFE_FREE(path); @@ -1209,7 +1209,7 @@ WERROR reg_create_path(TALLOC_CTX *mem_ctx, const char *orig_path, err = reg_openhive(mem_ctx, path, (strchr(p+1, '\\') != NULL) ? - SEC_RIGHTS_ENUM_SUBKEYS : SEC_RIGHTS_CREATE_SUBKEY, + KEY_ENUMERATE_SUB_KEYS : KEY_CREATE_SUB_KEY, token, &hive); if (!W_ERROR_IS_OK(err)) { SAFE_FREE(path); @@ -1249,7 +1249,7 @@ WERROR reg_delete_path(const struct nt_user_token *token, err = reg_openhive(NULL, path, (strchr(p+1, '\\') != NULL) ? - SEC_RIGHTS_ENUM_SUBKEYS : SEC_RIGHTS_CREATE_SUBKEY, + KEY_ENUMERATE_SUB_KEYS : KEY_CREATE_SUB_KEY, token, &hive); if (!W_ERROR_IS_OK(err)) { SAFE_FREE(path); diff --git a/source3/rpcclient/cmd_test.c b/source3/rpcclient/cmd_test.c index b7be038539..85e90a19b5 100644 --- a/source3/rpcclient/cmd_test.c +++ b/source3/rpcclient/cmd_test.c @@ -45,7 +45,7 @@ static NTSTATUS cmd_testme(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, } status = rpccli_lsa_open_policy(lsa_pipe, mem_ctx, False, - SEC_RIGHTS_QUERY_VALUE, &pol); + KEY_QUERY_VALUE, &pol); if (!NT_STATUS_IS_OK(status)) goto done; diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c index 845ceca573..29e2f4f05d 100644 --- a/source3/utils/net_rpc.c +++ b/source3/utils/net_rpc.c @@ -5596,7 +5596,7 @@ static int rpc_trustdom_establish(struct net_context *c, int argc, return -1; } - nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, true, SEC_RIGHTS_QUERY_VALUE, + nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, true, KEY_QUERY_VALUE, &connect_hnd); if (NT_STATUS_IS_ERR(nt_status)) { DEBUG(0, ("Couldn't open policy handle. Error was %s\n", @@ -5854,7 +5854,7 @@ static int rpc_trustdom_vampire(struct net_context *c, int argc, return -1; }; - nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, false, SEC_RIGHTS_QUERY_VALUE, + nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, false, KEY_QUERY_VALUE, &connect_hnd); if (NT_STATUS_IS_ERR(nt_status)) { DEBUG(0, ("Couldn't open policy handle. Error was %s\n", @@ -6011,7 +6011,7 @@ static int rpc_trustdom_list(struct net_context *c, int argc, const char **argv) return -1; }; - nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, false, SEC_RIGHTS_QUERY_VALUE, + nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, false, KEY_QUERY_VALUE, &connect_hnd); if (NT_STATUS_IS_ERR(nt_status)) { DEBUG(0, ("Couldn't open policy handle. Error was %s\n", |