Merge branch 'v3-2-test' of ssh://jra@git.samba.org/data/git/samba into v3-2-test

(This used to be commit beb0a76b93f9dd054dbc4192516e7008e59b27d9)

4 files changed, 42 insertions, 81 deletions

diff --git a/source3/registry/reg_api.c b/source3/registry/reg_api.c
index aba5735a0c..e52aaacb4d 100644
--- a/source3/registry/reg_api.c
+++ b/source3/registry/reg_api.c
@@ -835,7 +835,7 @@ WERROR reg_restorekey(struct registry_key *key, const char *fname)
 ********************************************************************/
 
 static WERROR reg_write_tree(REGF_FILE *regfile, const char *keypath,
-			     REGF_NK_REC *parent, SEC_DESC *sec_desc)
+			     REGF_NK_REC *parent)
 {
 	REGF_NK_REC *key;
 	REGVAL_CTR *values;
@@ -847,6 +847,7 @@ static WERROR reg_write_tree(REGF_FILE *regfile, const char *keypath,
 	char *subkeyname;
 	REGISTRY_KEY registry_key;
 	WERROR result = WERR_OK;
+	SEC_DESC *sec_desc = NULL;
 
 	if (!regfile) {
 		return WERR_GENERAL_FAILURE;
@@ -899,6 +900,11 @@ static WERROR reg_write_tree(REGF_FILE *regfile, const char *keypath,
 	fetch_reg_keys(&registry_key, subkeys);
 	fetch_reg_values(&registry_key, values);
 
+	result = regkey_get_secdesc(regfile->mem_ctx, &registry_key, &sec_desc);
+	if (!W_ERROR_IS_OK(result)) {
+		goto done;
+	}
+
 	/* write out this key */
 
 	key = regfio_write_key(regfile, keyname, values, subkeys, sec_desc,
@@ -919,7 +925,7 @@ static WERROR reg_write_tree(REGF_FILE *regfile, const char *keypath,
 			result = WERR_NOMEM;
 			goto done;
 		}
-		result = reg_write_tree(regfile, subkeypath, key, sec_desc);
+		result = reg_write_tree(regfile, subkeypath, key);
 		if (!W_ERROR_IS_OK(result))
 			goto done;
 	}
@@ -933,59 +939,10 @@ done:
 	return result;
 }
 
-static const struct generic_mapping reg_generic_map =
-	{ REG_KEY_READ, REG_KEY_WRITE, REG_KEY_EXECUTE, REG_KEY_ALL };
-
-static WERROR make_default_reg_sd(TALLOC_CTX *ctx, SEC_DESC **psd)
-{
-	DOM_SID adm_sid, owner_sid;
-	SEC_ACE ace[2];         /* at most 2 entries */
-	SEC_ACCESS mask;
-	SEC_ACL *psa = NULL;
-	size_t sd_size;
-
-	/* set the owner to BUILTIN\Administrator */
-
-	sid_copy(&owner_sid, &global_sid_Builtin);
-	sid_append_rid(&owner_sid, DOMAIN_USER_RID_ADMIN );
-	
-
-	/* basic access for Everyone */
-
-	init_sec_access(&mask, reg_generic_map.generic_execute
-			       | reg_generic_map.generic_read);
-	init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED,
-		     mask, 0);
-
-	/* add Full Access 'BUILTIN\Administrators' */
-
-	init_sec_access(&mask, reg_generic_map.generic_all);
-	sid_copy(&adm_sid, &global_sid_Builtin);
-	sid_append_rid(&adm_sid, BUILTIN_ALIAS_RID_ADMINS);
-	init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
-
-	/* create the security descriptor */
-
-	psa = make_sec_acl(ctx, NT4_ACL_REVISION, 2, ace);
-	if (psa == NULL) {
-		return WERR_NOMEM;
-	}
-
-	*psd = make_sec_desc(ctx, SECURITY_DESCRIPTOR_REVISION_1,
-			     SEC_DESC_SELF_RELATIVE, &owner_sid, NULL,
-			     NULL, psa, &sd_size);
-	if (*psd == NULL) {
-		return WERR_NOMEM;
-	}
-
-	return WERR_OK;
-}
-
 static WERROR backup_registry_key(REGISTRY_KEY *krecord, const char *fname)
 {
 	REGF_FILE *regfile;
 	WERROR result;
-	SEC_DESC *sd = NULL;
 
 	/* open the registry file....fail if the file already exists */
 
@@ -997,15 +954,9 @@ static WERROR backup_registry_key(REGISTRY_KEY *krecord, const char *fname)
 		return ntstatus_to_werror(map_nt_error_from_unix(errno));
 	}
 
-	result = make_default_reg_sd(regfile->mem_ctx, &sd);
-	if (!W_ERROR_IS_OK(result)) {
-		regfio_close(regfile);
-		return result;
-	}
-
 	/* write the registry tree to the file  */
 
-	result = reg_write_tree(regfile, krecord->name, NULL, sd);
+	result = reg_write_tree(regfile, krecord->name, NULL);
 
 	/* cleanup */
 
diff --git a/source3/registry/reg_backend_db.c b/source3/registry/reg_backend_db.c
index e162fb587f..52e0fd4289 100644
--- a/source3/registry/reg_backend_db.c
+++ b/source3/registry/reg_backend_db.c
@@ -258,8 +258,11 @@ bool regdb_init( void )
 	const char *vstring = "INFO/version";
 	uint32 vers_id;
 
-	if ( tdb_reg )
+	if ( tdb_reg ) {
+		DEBUG(10,("regdb_init: incrementing refcount (%d)\n", tdb_refcount));
+		tdb_refcount++;
 		return true;
+	}
 
 	if ( !(tdb_reg = tdb_wrap_open(NULL, state_path("registry.tdb"), 0, REG_TDB_FLAGS, O_RDWR, 0600)) )
 	{
diff --git a/source3/registry/reg_dispatcher.c b/source3/registry/reg_dispatcher.c
index e6e7613457..cdcd045904 100644
--- a/source3/registry/reg_dispatcher.c
+++ b/source3/registry/reg_dispatcher.c
@@ -34,7 +34,7 @@ static const struct generic_mapping reg_generic_map =
 /********************************************************************
 ********************************************************************/
 
-static SEC_DESC* construct_registry_sd( TALLOC_CTX *ctx )
+static WERROR construct_registry_sd(TALLOC_CTX *ctx, SEC_DESC **psd)
 {
 	SEC_ACE ace[3];
 	SEC_ACCESS mask;
@@ -45,28 +45,39 @@ static SEC_DESC* construct_registry_sd( TALLOC_CTX *ctx )
 
 	/* basic access for Everyone */
 
-	init_sec_access(&mask, REG_KEY_READ );
-	init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+	init_sec_access(&mask, REG_KEY_READ);
+	init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED,
+		     mask, 0);
 
 	/* Full Access 'BUILTIN\Administrators' */
 
-	init_sec_access(&mask, REG_KEY_ALL );
-	init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+	init_sec_access(&mask, REG_KEY_ALL);
+	init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators,
+		     SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
 
 	/* Full Access 'NT Authority\System' */
 
 	init_sec_access(&mask, REG_KEY_ALL );
-	init_sec_ace(&ace[i++], &global_sid_System, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+	init_sec_ace(&ace[i++], &global_sid_System, SEC_ACE_TYPE_ACCESS_ALLOWED,
+		     mask, 0);
 
 	/* create the security descriptor */
 
-	if ( !(acl = make_sec_acl(ctx, NT4_ACL_REVISION, i, ace)) )
-		return NULL;
+	acl = make_sec_acl(ctx, NT4_ACL_REVISION, i, ace);
+	if (acl == NULL) {
+		return WERR_NOMEM;
+	}
 
-	if ( !(sd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL, acl, &sd_size)) )
-		return NULL;
+	sd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE,
+			   &global_sid_Builtin_Administrators,
+			   &global_sid_System, NULL, acl,
+			   &sd_size);
+	if (sd == NULL) {
+		return WERR_NOMEM;
+	}
 
-	return sd;
+	*psd = sd;
+	return WERR_OK;
 }
 
 /***********************************************************************
@@ -176,19 +187,19 @@ WERROR regkey_get_secdesc(TALLOC_CTX *mem_ctx, REGISTRY_KEY *key,
 			  struct security_descriptor **psecdesc)
 {
 	struct security_descriptor *secdesc;
+	WERROR werr;
 
 	if (key->hook && key->hook->ops && key->hook->ops->get_secdesc) {
-		WERROR err;
-
-		err = key->hook->ops->get_secdesc(mem_ctx, key->name,
-						  psecdesc);
-		if (W_ERROR_IS_OK(err)) {
+		werr = key->hook->ops->get_secdesc(mem_ctx, key->name,
+						   psecdesc);
+		if (W_ERROR_IS_OK(werr)) {
 			return WERR_OK;
 		}
 	}
 
-	if (!(secdesc = construct_registry_sd(mem_ctx))) {
-		return WERR_NOMEM;
+	werr = construct_registry_sd(mem_ctx, &secdesc);
+	if (!W_ERROR_IS_OK(werr)) {
+		return werr;
 	}
 
 	*psecdesc = secdesc;
diff --git a/source3/registry/regfio.c b/source3/registry/regfio.c
index 3740ff0ee4..1c3aad7a25 100644
--- a/source3/registry/regfio.c
+++ b/source3/registry/regfio.c
@@ -1171,7 +1171,6 @@ out:
 	
 	if ( !(rb->mem_ctx = talloc_init( "read_regf_block" )) ) {
 		regfio_close( rb );
-		SAFE_FREE(rb);
 		return NULL;
 	}
 
@@ -1182,7 +1181,6 @@ out:
 	if ( (rb->fd = open(filename, flags, mode)) == -1 ) {
 		DEBUG(0,("regfio_open: failure to open %s (%s)\n", filename, strerror(errno)));
 		regfio_close( rb );
-		SAFE_FREE(rb);
 		return NULL;
 	}
 	
@@ -1192,7 +1190,6 @@ out:
 		if ( !init_regf_block( rb ) ) {
 			DEBUG(0,("regfio_open: Failed to read initial REGF block\n"));
 			regfio_close( rb );
-			SAFE_FREE(rb);
 			return NULL;
 		}
 		
@@ -1205,7 +1202,6 @@ out:
 	if ( !read_regf_block( rb ) ) {
 		DEBUG(0,("regfio_open: Failed to read initial REGF block\n"));
 		regfio_close( rb );
-		SAFE_FREE(rb);
 		return NULL;
 	}