r7648: adding REGISTRY_HOOK->reg_access_check() for authprization checks on RegOpenKey(); passing it off to the backend code for a given path

(This used to be commit 867fd3052bbfdd45856886999619e2ebc6552675)

7 files changed, 43 insertions, 37 deletions

diff --git a/source3/include/rpc_reg.h b/source3/include/rpc_reg.h
index 83b44ce7c9..c83802b3f5 100644
--- a/source3/include/rpc_reg.h
+++ b/source3/include/rpc_reg.h
@@ -92,10 +92,11 @@
  
 typedef struct {
 	/* functions for enumerating subkeys and values */	
-	int 	(*subkey_fn)( char *key, REGSUBKEY_CTR *subkeys);
-	int 	(*value_fn) ( char *key, REGVAL_CTR *val );
-	BOOL 	(*store_subkeys_fn)( char *key, REGSUBKEY_CTR *subkeys );
-	BOOL 	(*store_values_fn)( char *key, REGVAL_CTR *val );
+	int 	(*fetch_subkeys)( char *key, REGSUBKEY_CTR *subkeys);
+	int 	(*fetch_values) ( char *key, REGVAL_CTR *val );
+	BOOL 	(*store_subkeys)( char *key, REGSUBKEY_CTR *subkeys );
+	BOOL 	(*store_values)( char *key, REGVAL_CTR *val );
+	BOOL	(*reg_access_check)( uint32 parent_granted, uint32 requested, uint32 *granted );
 } REGISTRY_OPS;
 
 typedef struct {
@@ -282,12 +283,12 @@ typedef struct {
 /***********************************************/
 
 typedef struct {
-	POLICY_HND pol;       /* policy handle */
+	POLICY_HND pol;
 } REG_Q_GETVERSION;
 
 typedef struct {
-	uint32 unknown;         /* 0x0500 0000 */
-	WERROR status;         /* return status */
+	uint32 win_version;
+	WERROR status;
 } REG_R_GETVERSION;
 
 
diff --git a/source3/registry/reg_db.c b/source3/registry/reg_db.c
index 19f7e64479..7efa032e39 100644
--- a/source3/registry/reg_db.c
+++ b/source3/registry/reg_db.c
@@ -347,7 +347,8 @@ REGISTRY_OPS regdb_ops = {
 	regdb_fetch_reg_keys,
 	regdb_fetch_reg_values,
 	regdb_store_reg_keys,
-	regdb_store_reg_values
+	regdb_store_reg_values,
+	NULL
 };
 
 
diff --git a/source3/registry/reg_eventlog.c b/source3/registry/reg_eventlog.c
index 50e4995b9e..4c3f144980 100644
--- a/source3/registry/reg_eventlog.c
+++ b/source3/registry/reg_eventlog.c
@@ -302,5 +302,6 @@ REGISTRY_OPS eventlog_ops = {
 	eventlog_subkey_info,
 	eventlog_value_info,
 	eventlog_store_subkey,
-	eventlog_store_value
+	eventlog_store_value,
+	NULL
 };
diff --git a/source3/registry/reg_frontend.c b/source3/registry/reg_frontend.c
index 8333bcd31f..196007d3cb 100644
--- a/source3/registry/reg_frontend.c
+++ b/source3/registry/reg_frontend.c
@@ -79,8 +79,8 @@ BOOL init_registry( void )
  
 BOOL store_reg_keys( REGISTRY_KEY *key, REGSUBKEY_CTR *subkeys )
 {
-	if ( key->hook && key->hook->ops && key->hook->ops->store_subkeys_fn )
-		return key->hook->ops->store_subkeys_fn( key->name, subkeys );
+	if ( key->hook && key->hook->ops && key->hook->ops->store_subkeys )
+		return key->hook->ops->store_subkeys( key->name, subkeys );
 	else
 		return False;
 
@@ -92,8 +92,8 @@ BOOL store_reg_keys( REGISTRY_KEY *key, REGSUBKEY_CTR *subkeys )
  
 BOOL store_reg_values( REGISTRY_KEY *key, REGVAL_CTR *val )
 {
-	if ( key->hook && key->hook->ops && key->hook->ops->store_values_fn )
-		return key->hook->ops->store_values_fn( key->name, val );
+	if ( key->hook && key->hook->ops && key->hook->ops->store_values )
+		return key->hook->ops->store_values( key->name, val );
 	else
 		return False;
 }
@@ -108,8 +108,8 @@ int fetch_reg_keys( REGISTRY_KEY *key, REGSUBKEY_CTR *subkey_ctr )
 {
 	int result = -1;
 	
-	if ( key->hook && key->hook->ops && key->hook->ops->subkey_fn )
-		result = key->hook->ops->subkey_fn( key->name, subkey_ctr );
+	if ( key->hook && key->hook->ops && key->hook->ops->fetch_subkeys )
+		result = key->hook->ops->fetch_subkeys( key->name, subkey_ctr );
 
 	return result;
 }
@@ -176,8 +176,8 @@ int fetch_reg_values( REGISTRY_KEY *key, REGVAL_CTR *val )
 {
 	int result = -1;
 	
-	if ( key->hook && key->hook->ops && key->hook->ops->value_fn )
-		result = key->hook->ops->value_fn( key->name, val );
+	if ( key->hook && key->hook->ops && key->hook->ops->fetch_values )
+		result = key->hook->ops->fetch_values( key->name, val );
 
 	return result;
 }
diff --git a/source3/registry/reg_printing.c b/source3/registry/reg_printing.c
index 8e1e8ae40b..b0fb4ab9d9 100644
--- a/source3/registry/reg_printing.c
+++ b/source3/registry/reg_printing.c
@@ -928,7 +928,8 @@ REGISTRY_OPS printing_ops = {
 	printing_subkey_info,
 	printing_value_info,
 	printing_store_subkey,
-	printing_store_value
+	printing_store_value,
+	NULL
 };
 
 
diff --git a/source3/registry/reg_shares.c b/source3/registry/reg_shares.c
index 7538db7623..4531327d94 100644
--- a/source3/registry/reg_shares.c
+++ b/source3/registry/reg_shares.c
@@ -158,7 +158,8 @@ REGISTRY_OPS shares_reg_ops = {
 	shares_subkey_info,
 	shares_value_info,
 	shares_store_subkey,
-	shares_store_value
+	shares_store_value,
+	NULL
 };
 
 
diff --git a/source3/rpc_server/srv_reg_nt.c b/source3/rpc_server/srv_reg_nt.c
index 01c60a473f..ec9a79f534 100644
--- a/source3/rpc_server/srv_reg_nt.c
+++ b/source3/rpc_server/srv_reg_nt.c
@@ -46,7 +46,7 @@ struct generic_mapping reg_map = { REG_KEY_READ, REG_KEY_WRITE, REG_KEY_EXECUTE,
 /********************************************************************
 ********************************************************************/
 
-static NTSTATUS registry_access_check( SEC_DESC *sec_desc, NT_USER_TOKEN *token, 
+NTSTATUS registry_access_check( SEC_DESC *sec_desc, NT_USER_TOKEN *token, 
                                      uint32 access_desired, uint32 *access_granted )
 {
 	NTSTATUS result;
@@ -59,7 +59,7 @@ static NTSTATUS registry_access_check( SEC_DESC *sec_desc, NT_USER_TOKEN *token,
 /********************************************************************
 ********************************************************************/
 
-static SEC_DESC* construct_reg_hive_sd( TALLOC_CTX *ctx )
+SEC_DESC* construct_registry_sd( TALLOC_CTX *ctx )
 {
 	SEC_ACE ace[2];	
 	SEC_ACCESS mask;
@@ -322,12 +322,10 @@ static BOOL get_value_information( REGISTRY_KEY *key, uint32 *maxnum,
 
 WERROR _reg_close(pipes_struct *p, REG_Q_CLOSE *q_u, REG_R_CLOSE *r_u)
 {
-	/* set up the REG unknown_1 response */
-	ZERO_STRUCT(r_u->pol);
-
 	/* close the policy handle */
-	if (!close_registry_key(p, &q_u->pol))
-		return WERR_BADFID; /* This will be reported as an RPC fault anyway. */
+
+	if ( !close_registry_key(p, &q_u->pol) )
+		return WERR_BADFID; 
 
 	return WERR_OK;
 }
@@ -342,8 +340,9 @@ WERROR _reg_open_hklm(pipes_struct *p, REG_Q_OPEN_HIVE *q_u, REG_R_OPEN_HIVE *r_
 	NTSTATUS status;
 	
 	/* perform access checks */
+	/* top level keys are done here without passing through the REGISTRY_HOOK api */
 	
-	if ( !(sec_desc = construct_reg_hive_sd( p->mem_ctx )) )
+	if ( !(sec_desc = construct_registry_sd( p->mem_ctx )) )
 		return WERR_NOMEM;
 		
 	status = registry_access_check( sec_desc, p->pipe_user.nt_user_token, q_u->access, &access_granted );
@@ -363,8 +362,9 @@ WERROR _reg_open_hkcr(pipes_struct *p, REG_Q_OPEN_HIVE *q_u, REG_R_OPEN_HIVE *r_
 	NTSTATUS status;
 	
 	/* perform access checks */
+	/* top level keys are done here without passing through the REGISTRY_HOOK api */
 	
-	if ( !(sec_desc = construct_reg_hive_sd( p->mem_ctx )) )
+	if ( !(sec_desc = construct_registry_sd( p->mem_ctx )) )
 		return WERR_NOMEM;
 		
 	status = registry_access_check( sec_desc, p->pipe_user.nt_user_token, q_u->access, &access_granted );
@@ -384,8 +384,9 @@ WERROR _reg_open_hku(pipes_struct *p, REG_Q_OPEN_HIVE *q_u, REG_R_OPEN_HIVE *r_u
 	NTSTATUS status;
 	
 	/* perform access checks */
+	/* top level keys are done here without passing through the REGISTRY_HOOK api */
 	
-	if ( !(sec_desc = construct_reg_hive_sd( p->mem_ctx )) )
+	if ( !(sec_desc = construct_registry_sd( p->mem_ctx )) )
 		return WERR_NOMEM;
 		
 	status = registry_access_check( sec_desc, p->pipe_user.nt_user_token, q_u->access, &access_granted );
@@ -409,8 +410,8 @@ WERROR _reg_open_entry(pipes_struct *p, REG_Q_OPEN_ENTRY *q_u, REG_R_OPEN_ENTRY
 	DEBUG(5,("reg_open_entry: Enter\n"));
 
 	if ( !key )
-		return WERR_BADFID; /* This will be reported as an RPC fault anyway. */
-
+		return WERR_BADFID;
+		
 	rpcstr_pull( name, q_u->name.string->buffer, sizeof(name), q_u->name.string->uni_str_len*2, 0 );
 	
 	result = open_registry_key( p, &pol, key, name, 0x0 );
@@ -441,7 +442,7 @@ WERROR _reg_info(pipes_struct *p, REG_Q_INFO *q_u, REG_R_INFO *r_u)
 	DEBUG(5,("_reg_info: Enter\n"));
 
 	if ( !regkey )
-		return WERR_BADFID; /* This will be reported as an RPC fault anyway. */
+		return WERR_BADFID;
 		
 	DEBUG(7,("_reg_info: policy key name = [%s]\n", regkey->name));
 	
@@ -545,7 +546,7 @@ WERROR _reg_query_key(pipes_struct *p, REG_Q_QUERY_KEY *q_u, REG_R_QUERY_KEY *r_
 	DEBUG(5,("_reg_query_key: Enter\n"));
 	
 	if ( !regkey )
-		return WERR_BADFID; /* This will be reported as an RPC fault anyway. */
+		return WERR_BADFID; 
 	
 	if ( !get_subkey_information( regkey, &r_u->num_subkeys, &r_u->max_subkeylen ) )
 		return WERR_ACCESS_DENIED;
@@ -579,9 +580,9 @@ WERROR _reg_getversion(pipes_struct *p, REG_Q_GETVERSION *q_u, REG_R_GETVERSION
 	DEBUG(5,("_reg_getversion: Enter\n"));
 	
 	if ( !regkey )
-		return WERR_BADFID; /* This will be reported as an RPC fault anyway. */
+		return WERR_BADFID;
 	
-	r_u->unknown = 0x00000005;	/* seems to be consistent...no idea what it means */
+	r_u->win_version = 0x00000005;	/* Windows 2000 registry API version */
 	
 	DEBUG(5,("_reg_getversion: Exit\n"));
 	
@@ -603,7 +604,7 @@ WERROR _reg_enum_key(pipes_struct *p, REG_Q_ENUM_KEY *q_u, REG_R_ENUM_KEY *r_u)
 	DEBUG(5,("_reg_enum_key: Enter\n"));
 	
 	if ( !regkey )
-		return WERR_BADFID; /* This will be reported as an RPC fault anyway. */
+		return WERR_BADFID; 
 
 	DEBUG(8,("_reg_enum_key: enumerating key [%s]\n", regkey->name));
 	
@@ -640,7 +641,7 @@ WERROR _reg_enum_value(pipes_struct *p, REG_Q_ENUM_VALUE *q_u, REG_R_ENUM_VALUE
 	DEBUG(5,("_reg_enum_value: Enter\n"));
 	
 	if ( !regkey )
-		return WERR_BADFID; /* This will be reported as an RPC fault anyway. */
+		return WERR_BADFID; 
 
 	DEBUG(8,("_reg_enum_key: enumerating values for key [%s]\n", regkey->name));