r6942: * merging the registry changes back to the 3.0 tree

* removing the testprns tool
(This used to be commit 81ffb0dbbbd244623507880c323a3c37e2b8dc4d)

1 files changed, 217 insertions, 20 deletions

diff --git a/source3/rpc_server/srv_reg_nt.c b/source3/rpc_server/srv_reg_nt.c
index f031a3213f..4211e9b9f4 100644
--- a/source3/rpc_server/srv_reg_nt.c
+++ b/source3/rpc_server/srv_reg_nt.c
@@ -25,6 +25,7 @@
 /* Implementation of registry functions. */
 
 #include "includes.h"
+#include "regfio.h"
 
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_RPC_SRV
@@ -38,6 +39,10 @@
 ((unsigned int)IVAL((hnd)->data5,4)),((unsigned int)sys_getpid())
 
 
+/* no idea if this is correct, just use the file access bits for now */
+
+struct generic_mapping reg_map = { REG_KEY_READ, REG_KEY_WRITE, REG_KEY_EXECUTE, REG_KEY_ALL };
+
 static REGISTRY_KEY *regkeys_list;
 
 
@@ -534,7 +539,7 @@ WERROR _reg_enum_key(pipes_struct *p, REG_Q_ENUM_KEY *q_u, REG_R_ENUM_KEY *r_u)
 	
 	/* subkey has the string name now */
 	
-	init_reg_r_enum_key( r_u, subkey, q_u->unknown_1, q_u->unknown_2 );
+	init_reg_r_enum_key( r_u, subkey );
 	
 	DEBUG(5,("_reg_enum_key: Exit\n"));
 	
@@ -625,6 +630,7 @@ WERROR _reg_shutdown_ex(pipes_struct *p, REG_Q_SHUTDOWN_EX *q_u, REG_R_SHUTDOWN_
 	int ret;
 	BOOL can_shutdown;
 	
+
  	pstrcpy(shutdown_script, lp_shutdown_script());
 	
 	if ( !*shutdown_script )
@@ -635,7 +641,7 @@ WERROR _reg_shutdown_ex(pipes_struct *p, REG_Q_SHUTDOWN_EX *q_u, REG_R_SHUTDOWN_
 	pstrcpy( message, "" );
 	if ( q_u->message ) {
 		UNISTR2 *msg_string = q_u->message->string;
-	
+		
 		rpcstr_pull( message, msg_string->buffer, sizeof(message), msg_string->uni_str_len*2, 0 );
 	}
 	alpha_strcpy (chkmsg, message, NULL, sizeof(message));
@@ -650,7 +656,7 @@ WERROR _reg_shutdown_ex(pipes_struct *p, REG_Q_SHUTDOWN_EX *q_u, REG_R_SHUTDOWN_
 	all_string_sub( shutdown_script, "%r", r, sizeof(shutdown_script) );
 	all_string_sub( shutdown_script, "%f", f, sizeof(shutdown_script) );
 	all_string_sub( shutdown_script, "%x", reason, sizeof(shutdown_script) );
-		
+
 	can_shutdown = user_has_privileges( p->pipe_user.nt_user_token, &se_remote_shutdown );
 		
 	/* IF someone has privs, run the shutdown script as root. OTHERWISE run it as not root
@@ -667,7 +673,7 @@ WERROR _reg_shutdown_ex(pipes_struct *p, REG_Q_SHUTDOWN_EX *q_u, REG_R_SHUTDOWN_
 		unbecome_root();
 
 	/********** END SeRemoteShutdownPrivilege BLOCK **********/
-
+	
 	DEBUG(3,("_reg_shutdown_ex: Running the command `%s' gave %d\n",
 		shutdown_script, ret));
 		
@@ -717,18 +723,56 @@ WERROR _reg_abort_shutdown(pipes_struct *p, REG_Q_ABORT_SHUTDOWN *q_u, REG_R_ABO
 /*******************************************************************
  ********************************************************************/
 
+static int validate_reg_filename( pstring fname )
+{
+	char *p;
+	int num_services = lp_numservices();
+	int snum;
+	pstring share_path;
+	pstring unix_fname;
+	
+	/* convert to a unix path, stripping the C:\ along the way */
+	
+	if ( !(p = valid_share_pathname( fname ) ))
+		return -1;
+
+	/* has to exist within a valid file share */
+			
+	for ( snum=0; snum<num_services; snum++ ) {
+	
+		if ( !lp_snum_ok(snum) || lp_print_ok(snum) )
+			continue;
+		
+		pstrcpy( share_path, lp_pathname(snum) );
+
+		/* make sure we have a path (e.g. [homes] ) */
+
+		if ( strlen( share_path ) == 0 )
+			continue;
+
+		if ( strncmp( share_path, p, strlen( share_path )) == 0 )
+			break;
+	}
+	
+	/* p and fname are overlapping memory so copy out and back in again */
+	
+	pstrcpy( unix_fname, p );
+	pstrcpy( fname, unix_fname );
+	
+	return (snum < num_services) ? snum : -1;
+}
+
+/*******************************************************************
+ ********************************************************************/
+
 WERROR _reg_restore_key(pipes_struct *p, REG_Q_RESTORE_KEY  *q_u, REG_R_RESTORE_KEY *r_u)
 {
 	REGISTRY_KEY	*regkey = find_regkey_index_by_hnd( p, &q_u->pol );
 	pstring         filename;
+	int             snum;
 	
 	DEBUG(5,("_reg_restore_key: Enter\n"));
 	
-	/* 
-	 * basically this is a no op function which just verifies 
-	 * that the client gave us a valid registry key handle 
-	 */
-	 
 	if ( !regkey )
 		return WERR_BADFID; 
 
@@ -736,14 +780,169 @@ WERROR _reg_restore_key(pipes_struct *p, REG_Q_RESTORE_KEY  *q_u, REG_R_RESTORE_
 
 	DEBUG(8,("_reg_restore_key: verifying restore of key [%s] from \"%s\"\n", regkey->name, filename));
 
+	if ( (snum = validate_reg_filename( filename )) == -1 )
+		return WERR_OBJECT_PATH_INVALID;
+		
+	DEBUG(2,("_reg_restore_key: Restoring [%s] from %s in share %s\n", regkey->name, filename, lp_servicename(snum) ));
+
 #if 0
-	validate_reg_filemame( filename );
 	return restore_registry_key( regkey, filename );
 #endif
 
 	return WERR_OK;
 }
 
+/********************************************************************
+********************************************************************/
+
+static WERROR reg_write_tree( REGF_FILE *regfile, const char *keypath,
+                              REGF_NK_REC *parent, SEC_DESC *sec_desc )
+{
+	REGF_NK_REC *key;
+	REGVAL_CTR values;
+	REGSUBKEY_CTR subkeys;
+	int i, num_subkeys;
+	pstring key_tmp;
+	char *keyname, *parentpath;
+	pstring subkeypath;
+	char *subkeyname;
+	REGISTRY_KEY registry_key;
+	WERROR result = WERR_OK;
+	
+	if ( !regfile )
+		return WERR_GENERAL_FAILURE;
+		
+	if ( !keypath )
+		return WERR_OBJECT_PATH_INVALID;
+		
+	/* split up the registry key path */
+	
+	pstrcpy( key_tmp, keypath );
+	if ( !reg_split_key( key_tmp, &parentpath, &keyname ) )
+		return WERR_OBJECT_PATH_INVALID;
+
+	if ( !keyname )
+		keyname = parentpath;
+
+	/* we need a REGISTRY_KEY object here to enumerate subkeys and values */
+	
+	ZERO_STRUCT( registry_key );
+	pstrcpy( registry_key.name, keypath );
+	if ( !(registry_key.hook = reghook_cache_find( registry_key.name )) )
+		return WERR_BADFILE;
+
+	
+	/* lookup the values and subkeys */
+	
+	ZERO_STRUCT( values );
+	ZERO_STRUCT( subkeys );
+	
+	regsubkey_ctr_init( &subkeys );
+	regval_ctr_init( &values );
+	
+	fetch_reg_keys( &registry_key, &subkeys );
+	fetch_reg_values( &registry_key, &values );
+
+	/* write out this key */
+		
+	if ( !(key = regfio_write_key( regfile, keyname, &values, &subkeys, sec_desc, parent )) ) {
+		result = WERR_CAN_NOT_COMPLETE;
+		goto done;
+	}
+
+	/* write each one of the subkeys out */
+
+	num_subkeys = regsubkey_ctr_numkeys( &subkeys );
+	for ( i=0; i<num_subkeys; i++ ) {
+		subkeyname = regsubkey_ctr_specific_key( &subkeys, i );
+		pstr_sprintf( subkeypath, "%s\\%s", keypath, subkeyname );
+		result = reg_write_tree( regfile, subkeypath, key, sec_desc );
+		if ( !W_ERROR_IS_OK(result) )
+			goto done;
+	}
+
+	DEBUG(6,("reg_write_tree: wrote key [%s]\n", keypath ));
+
+done:
+	regval_ctr_destroy( &values );
+	regsubkey_ctr_destroy( &subkeys );
+
+	return result;
+}
+
+/*******************************************************************
+ ********************************************************************/
+
+static WERROR make_default_reg_sd( TALLOC_CTX *ctx, SEC_DESC **psd )
+{
+	DOM_SID adm_sid, owner_sid;
+	SEC_ACE ace[2];         /* at most 2 entries */
+	SEC_ACCESS mask;
+	SEC_ACL *psa = NULL;
+	uint32 sd_size;
+
+	/* set the owner to BUILTIN\Administrator */
+
+	sid_copy(&owner_sid, &global_sid_Builtin);
+	sid_append_rid(&owner_sid, DOMAIN_USER_RID_ADMIN );
+	
+
+	/* basic access for Everyone */
+
+	init_sec_access(&mask, reg_map.generic_execute | reg_map.generic_read );
+	init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+
+	/* add Full Access 'BUILTIN\Administrators' */
+
+	init_sec_access(&mask, reg_map.generic_all);
+	sid_copy(&adm_sid, &global_sid_Builtin);
+	sid_append_rid(&adm_sid, BUILTIN_ALIAS_RID_ADMINS);
+	init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+
+        /* create the security descriptor */
+
+        if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 2, ace)) == NULL)
+                return WERR_NOMEM;
+
+        if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, &owner_sid, NULL, NULL, psa, &sd_size)) == NULL)
+                return WERR_NOMEM;
+
+	return WERR_OK;
+}
+
+/*******************************************************************
+ ********************************************************************/
+
+static WERROR backup_registry_key ( REGISTRY_KEY *krecord, const char *fname )
+{
+	REGF_FILE *regfile;
+	WERROR result;
+	SEC_DESC *sd = NULL;
+	
+	/* open the registry file....fail if the file already exists */
+	
+	if ( !(regfile = regfio_open( fname, (O_RDWR|O_CREAT|O_EXCL), (S_IREAD|S_IWRITE) )) ) {
+                DEBUG(0,("backup_registry_key: failed to open \"%s\" (%s)\n", 
+			fname, strerror(errno) ));
+		return ( ntstatus_to_werror(map_nt_error_from_unix( errno )) );
+        }
+	
+	if ( !W_ERROR_IS_OK(result = make_default_reg_sd( regfile->mem_ctx, &sd )) ) {
+		regfio_close( regfile );
+		return result;
+	}
+		
+	/* write the registry tree to the file  */
+	
+	result = reg_write_tree( regfile, krecord->name, NULL, sd );
+		
+	/* cleanup */
+	
+	regfio_close( regfile );
+	
+	return result;
+}
+
 /*******************************************************************
  ********************************************************************/
 
@@ -751,25 +950,23 @@ WERROR _reg_save_key(pipes_struct *p, REG_Q_SAVE_KEY  *q_u, REG_R_SAVE_KEY *r_u)
 {
 	REGISTRY_KEY	*regkey = find_regkey_index_by_hnd( p, &q_u->pol );
 	pstring         filename;
+	int             snum;
 	
 	DEBUG(5,("_reg_save_key: Enter\n"));
-	
-	/* 
-	 * basically this is a no op function which just verifies 
-	 * that the client gave us a valid registry key handle 
-	 */
-	 
+		 
 	if ( !regkey )
 		return WERR_BADFID; 
 
 	rpcstr_pull(filename, q_u->filename.string->buffer, sizeof(filename), q_u->filename.string->uni_str_len*2, STR_TERMINATE);
 
 	DEBUG(8,("_reg_save_key: verifying backup of key [%s] to \"%s\"\n", regkey->name, filename));
-
-#if 0
-	validate_reg_filemame( filename );
+	
+	if ( (snum = validate_reg_filename( filename )) == -1 )
+		return WERR_OBJECT_PATH_INVALID;
+		
+	DEBUG(2,("_reg_save_key: Saving [%s] to %s in share %s\n", regkey->name, filename, lp_servicename(snum) ));
+		
 	return backup_registry_key( regkey, filename );
-#endif
 
 	return WERR_OK;
 }