diff options
author | Günther Deschner <gd@samba.org> | 2007-11-06 00:50:47 +0100 |
---|---|---|
committer | Günther Deschner <gd@samba.org> | 2007-11-06 00:50:47 +0100 |
commit | 99d9993fdb9cdf5ac054329ddf5e9c4f258f9049 (patch) | |
tree | ae7ed28f3fc736fc72919a47d2479ee7b015c58e /source3/registry | |
parent | 3fd2d4ed856bc4fa053e1c03926ca71bb4ab1a9f (diff) | |
download | samba-99d9993fdb9cdf5ac054329ddf5e9c4f258f9049.tar.gz samba-99d9993fdb9cdf5ac054329ddf5e9c4f258f9049.tar.bz2 samba-99d9993fdb9cdf5ac054329ddf5e9c4f258f9049.zip |
When deleting a key from the registry make sure the non-default
security descriptor gets deleted as well.
Guenther
(This used to be commit d140d68537225b6a6a99be3d9b09354e3f6ad8c9)
Diffstat (limited to 'source3/registry')
-rw-r--r-- | source3/registry/reg_api.c | 11 | ||||
-rw-r--r-- | source3/registry/reg_db.c | 15 | ||||
-rw-r--r-- | source3/registry/reg_frontend.c | 10 | ||||
-rw-r--r-- | source3/registry/reg_frontend_hilvl.c | 10 |
4 files changed, 32 insertions, 14 deletions
diff --git a/source3/registry/reg_api.c b/source3/registry/reg_api.c index 17a0efe007..b3d024d7b4 100644 --- a/source3/registry/reg_api.c +++ b/source3/registry/reg_api.c @@ -498,7 +498,7 @@ WERROR reg_deletekey(struct registry_key *parent, const char *path) TALLOC_CTX *mem_ctx; char *name, *end; int num_subkeys; - struct registry_key *tmp_key; + struct registry_key *tmp_key, *key; if (!(mem_ctx = talloc_init("reg_createkey"))) return WERR_NOMEM; @@ -508,14 +508,14 @@ WERROR reg_deletekey(struct registry_key *parent, const char *path) } /* check if the key has subkeys */ - err = reg_openkey(mem_ctx, parent, name, REG_KEY_READ, &tmp_key); + err = reg_openkey(mem_ctx, parent, name, REG_KEY_READ, &key); if (!W_ERROR_IS_OK(err)) { goto error; } - if (!W_ERROR_IS_OK(err = fill_subkey_cache(tmp_key))) { + if (!W_ERROR_IS_OK(err = fill_subkey_cache(key))) { goto error; } - if (tmp_key->subkeys->num_subkeys > 0) { + if (key->subkeys->num_subkeys > 0) { err = WERR_ACCESS_DENIED; goto error; } @@ -556,7 +556,10 @@ WERROR reg_deletekey(struct registry_key *parent, const char *path) goto error; } + regkey_set_secdesc(key->key, NULL); + err = WERR_OK; + error: TALLOC_FREE(mem_ctx); return err; diff --git a/source3/registry/reg_db.c b/source3/registry/reg_db.c index 8dd61fcdff..4947b2ad52 100644 --- a/source3/registry/reg_db.c +++ b/source3/registry/reg_db.c @@ -788,6 +788,21 @@ static WERROR regdb_set_secdesc(const char *key, } normalize_dbkey(tdbkey); + if (secdesc == NULL) { + /* assuming a delete */ + int tdb_ret; + + tdb_ret = tdb_trans_delete(tdb_reg->tdb, + string_term_tdb_data(tdbkey)); + if (tdb_ret == -1) { + err = ntstatus_to_werror(map_nt_error_from_unix(errno)); + } else { + err = WERR_OK; + } + + goto done; + } + err = ntstatus_to_werror(marshall_sec_desc(mem_ctx, secdesc, &tdbdata.dptr, &tdbdata.dsize)); diff --git a/source3/registry/reg_frontend.c b/source3/registry/reg_frontend.c index 00972390bd..577df1c3d4 100644 --- a/source3/registry/reg_frontend.c +++ b/source3/registry/reg_frontend.c @@ -101,16 +101,6 @@ WERROR regkey_open_internal( TALLOC_CTX *ctx, REGISTRY_KEY **regkey, return WERR_OK; } -WERROR regkey_set_secdesc(REGISTRY_KEY *key, - struct security_descriptor *psecdesc) -{ - if (key->hook && key->hook->ops && key->hook->ops->set_secdesc) { - return key->hook->ops->set_secdesc(key->name, psecdesc); - } - - return WERR_ACCESS_DENIED; -} - /* * Utility function to create a registry key without opening the hive * before. Assumes the hive already exists. diff --git a/source3/registry/reg_frontend_hilvl.c b/source3/registry/reg_frontend_hilvl.c index 08429c6dfe..a4b78b24c0 100644 --- a/source3/registry/reg_frontend_hilvl.c +++ b/source3/registry/reg_frontend_hilvl.c @@ -204,3 +204,13 @@ WERROR regkey_get_secdesc(TALLOC_CTX *mem_ctx, REGISTRY_KEY *key, *psecdesc = secdesc; return WERR_OK; } + +WERROR regkey_set_secdesc(REGISTRY_KEY *key, + struct security_descriptor *psecdesc) +{ + if (key->hook && key->hook->ops && key->hook->ops->set_secdesc) { + return key->hook->ops->set_secdesc(key->name, psecdesc); + } + + return WERR_ACCESS_DENIED; +} |