diff options
author | Jeremy Allison <jra@samba.org> | 2008-02-21 09:53:00 -0800 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2008-02-21 09:53:00 -0800 |
commit | 3a376f1cfa25f79eab8f41a42383f1bd982830ff (patch) | |
tree | c79b241e6b811dd058f7791cdb561587b1533db1 /source3/registry | |
parent | 34f23b7ea755eaef6012b653fbcff42714dddcb7 (diff) | |
parent | bf6dbf8e1b371770a2c9df99b27569c36587df39 (diff) | |
download | samba-3a376f1cfa25f79eab8f41a42383f1bd982830ff.tar.gz samba-3a376f1cfa25f79eab8f41a42383f1bd982830ff.tar.bz2 samba-3a376f1cfa25f79eab8f41a42383f1bd982830ff.zip |
Merge branch 'v3-2-test' of ssh://jra@git.samba.org/data/git/samba into v3-2-test
(This used to be commit beb0a76b93f9dd054dbc4192516e7008e59b27d9)
Diffstat (limited to 'source3/registry')
-rw-r--r-- | source3/registry/reg_api.c | 67 | ||||
-rw-r--r-- | source3/registry/reg_backend_db.c | 5 | ||||
-rw-r--r-- | source3/registry/reg_dispatcher.c | 47 | ||||
-rw-r--r-- | source3/registry/regfio.c | 4 |
4 files changed, 42 insertions, 81 deletions
diff --git a/source3/registry/reg_api.c b/source3/registry/reg_api.c index aba5735a0c..e52aaacb4d 100644 --- a/source3/registry/reg_api.c +++ b/source3/registry/reg_api.c @@ -835,7 +835,7 @@ WERROR reg_restorekey(struct registry_key *key, const char *fname) ********************************************************************/ static WERROR reg_write_tree(REGF_FILE *regfile, const char *keypath, - REGF_NK_REC *parent, SEC_DESC *sec_desc) + REGF_NK_REC *parent) { REGF_NK_REC *key; REGVAL_CTR *values; @@ -847,6 +847,7 @@ static WERROR reg_write_tree(REGF_FILE *regfile, const char *keypath, char *subkeyname; REGISTRY_KEY registry_key; WERROR result = WERR_OK; + SEC_DESC *sec_desc = NULL; if (!regfile) { return WERR_GENERAL_FAILURE; @@ -899,6 +900,11 @@ static WERROR reg_write_tree(REGF_FILE *regfile, const char *keypath, fetch_reg_keys(®istry_key, subkeys); fetch_reg_values(®istry_key, values); + result = regkey_get_secdesc(regfile->mem_ctx, ®istry_key, &sec_desc); + if (!W_ERROR_IS_OK(result)) { + goto done; + } + /* write out this key */ key = regfio_write_key(regfile, keyname, values, subkeys, sec_desc, @@ -919,7 +925,7 @@ static WERROR reg_write_tree(REGF_FILE *regfile, const char *keypath, result = WERR_NOMEM; goto done; } - result = reg_write_tree(regfile, subkeypath, key, sec_desc); + result = reg_write_tree(regfile, subkeypath, key); if (!W_ERROR_IS_OK(result)) goto done; } @@ -933,59 +939,10 @@ done: return result; } -static const struct generic_mapping reg_generic_map = - { REG_KEY_READ, REG_KEY_WRITE, REG_KEY_EXECUTE, REG_KEY_ALL }; - -static WERROR make_default_reg_sd(TALLOC_CTX *ctx, SEC_DESC **psd) -{ - DOM_SID adm_sid, owner_sid; - SEC_ACE ace[2]; /* at most 2 entries */ - SEC_ACCESS mask; - SEC_ACL *psa = NULL; - size_t sd_size; - - /* set the owner to BUILTIN\Administrator */ - - sid_copy(&owner_sid, &global_sid_Builtin); - sid_append_rid(&owner_sid, DOMAIN_USER_RID_ADMIN ); - - - /* basic access for Everyone */ - - init_sec_access(&mask, reg_generic_map.generic_execute - | reg_generic_map.generic_read); - init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, - mask, 0); - - /* add Full Access 'BUILTIN\Administrators' */ - - init_sec_access(&mask, reg_generic_map.generic_all); - sid_copy(&adm_sid, &global_sid_Builtin); - sid_append_rid(&adm_sid, BUILTIN_ALIAS_RID_ADMINS); - init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); - - /* create the security descriptor */ - - psa = make_sec_acl(ctx, NT4_ACL_REVISION, 2, ace); - if (psa == NULL) { - return WERR_NOMEM; - } - - *psd = make_sec_desc(ctx, SECURITY_DESCRIPTOR_REVISION_1, - SEC_DESC_SELF_RELATIVE, &owner_sid, NULL, - NULL, psa, &sd_size); - if (*psd == NULL) { - return WERR_NOMEM; - } - - return WERR_OK; -} - static WERROR backup_registry_key(REGISTRY_KEY *krecord, const char *fname) { REGF_FILE *regfile; WERROR result; - SEC_DESC *sd = NULL; /* open the registry file....fail if the file already exists */ @@ -997,15 +954,9 @@ static WERROR backup_registry_key(REGISTRY_KEY *krecord, const char *fname) return ntstatus_to_werror(map_nt_error_from_unix(errno)); } - result = make_default_reg_sd(regfile->mem_ctx, &sd); - if (!W_ERROR_IS_OK(result)) { - regfio_close(regfile); - return result; - } - /* write the registry tree to the file */ - result = reg_write_tree(regfile, krecord->name, NULL, sd); + result = reg_write_tree(regfile, krecord->name, NULL); /* cleanup */ diff --git a/source3/registry/reg_backend_db.c b/source3/registry/reg_backend_db.c index e162fb587f..52e0fd4289 100644 --- a/source3/registry/reg_backend_db.c +++ b/source3/registry/reg_backend_db.c @@ -258,8 +258,11 @@ bool regdb_init( void ) const char *vstring = "INFO/version"; uint32 vers_id; - if ( tdb_reg ) + if ( tdb_reg ) { + DEBUG(10,("regdb_init: incrementing refcount (%d)\n", tdb_refcount)); + tdb_refcount++; return true; + } if ( !(tdb_reg = tdb_wrap_open(NULL, state_path("registry.tdb"), 0, REG_TDB_FLAGS, O_RDWR, 0600)) ) { diff --git a/source3/registry/reg_dispatcher.c b/source3/registry/reg_dispatcher.c index e6e7613457..cdcd045904 100644 --- a/source3/registry/reg_dispatcher.c +++ b/source3/registry/reg_dispatcher.c @@ -34,7 +34,7 @@ static const struct generic_mapping reg_generic_map = /******************************************************************** ********************************************************************/ -static SEC_DESC* construct_registry_sd( TALLOC_CTX *ctx ) +static WERROR construct_registry_sd(TALLOC_CTX *ctx, SEC_DESC **psd) { SEC_ACE ace[3]; SEC_ACCESS mask; @@ -45,28 +45,39 @@ static SEC_DESC* construct_registry_sd( TALLOC_CTX *ctx ) /* basic access for Everyone */ - init_sec_access(&mask, REG_KEY_READ ); - init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); + init_sec_access(&mask, REG_KEY_READ); + init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, + mask, 0); /* Full Access 'BUILTIN\Administrators' */ - init_sec_access(&mask, REG_KEY_ALL ); - init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); + init_sec_access(&mask, REG_KEY_ALL); + init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators, + SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); /* Full Access 'NT Authority\System' */ init_sec_access(&mask, REG_KEY_ALL ); - init_sec_ace(&ace[i++], &global_sid_System, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); + init_sec_ace(&ace[i++], &global_sid_System, SEC_ACE_TYPE_ACCESS_ALLOWED, + mask, 0); /* create the security descriptor */ - if ( !(acl = make_sec_acl(ctx, NT4_ACL_REVISION, i, ace)) ) - return NULL; + acl = make_sec_acl(ctx, NT4_ACL_REVISION, i, ace); + if (acl == NULL) { + return WERR_NOMEM; + } - if ( !(sd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL, acl, &sd_size)) ) - return NULL; + sd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, + &global_sid_Builtin_Administrators, + &global_sid_System, NULL, acl, + &sd_size); + if (sd == NULL) { + return WERR_NOMEM; + } - return sd; + *psd = sd; + return WERR_OK; } /*********************************************************************** @@ -176,19 +187,19 @@ WERROR regkey_get_secdesc(TALLOC_CTX *mem_ctx, REGISTRY_KEY *key, struct security_descriptor **psecdesc) { struct security_descriptor *secdesc; + WERROR werr; if (key->hook && key->hook->ops && key->hook->ops->get_secdesc) { - WERROR err; - - err = key->hook->ops->get_secdesc(mem_ctx, key->name, - psecdesc); - if (W_ERROR_IS_OK(err)) { + werr = key->hook->ops->get_secdesc(mem_ctx, key->name, + psecdesc); + if (W_ERROR_IS_OK(werr)) { return WERR_OK; } } - if (!(secdesc = construct_registry_sd(mem_ctx))) { - return WERR_NOMEM; + werr = construct_registry_sd(mem_ctx, &secdesc); + if (!W_ERROR_IS_OK(werr)) { + return werr; } *psecdesc = secdesc; diff --git a/source3/registry/regfio.c b/source3/registry/regfio.c index 3740ff0ee4..1c3aad7a25 100644 --- a/source3/registry/regfio.c +++ b/source3/registry/regfio.c @@ -1171,7 +1171,6 @@ out: if ( !(rb->mem_ctx = talloc_init( "read_regf_block" )) ) { regfio_close( rb ); - SAFE_FREE(rb); return NULL; } @@ -1182,7 +1181,6 @@ out: if ( (rb->fd = open(filename, flags, mode)) == -1 ) { DEBUG(0,("regfio_open: failure to open %s (%s)\n", filename, strerror(errno))); regfio_close( rb ); - SAFE_FREE(rb); return NULL; } @@ -1192,7 +1190,6 @@ out: if ( !init_regf_block( rb ) ) { DEBUG(0,("regfio_open: Failed to read initial REGF block\n")); regfio_close( rb ); - SAFE_FREE(rb); return NULL; } @@ -1205,7 +1202,6 @@ out: if ( !read_regf_block( rb ) ) { DEBUG(0,("regfio_open: Failed to read initial REGF block\n")); regfio_close( rb ); - SAFE_FREE(rb); return NULL; } |