summaryrefslogtreecommitdiff
path: root/source3/rpc_server
diff options
context:
space:
mode:
authorGerald Carter <jerry@samba.org>2005-06-16 20:45:55 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 10:57:18 -0500
commit17eb05228ee93c9790a0bacbfb0e5e282aa180d2 (patch)
tree94b39bd39618a73f0f08fbfeccfbeb040491c496 /source3/rpc_server
parent2fbb43ad82c16ae83da39ff61f665697564c3482 (diff)
downloadsamba-17eb05228ee93c9790a0bacbfb0e5e282aa180d2.tar.gz
samba-17eb05228ee93c9790a0bacbfb0e5e282aa180d2.tar.bz2
samba-17eb05228ee93c9790a0bacbfb0e5e282aa180d2.zip
r7648: adding REGISTRY_HOOK->reg_access_check() for authprization checks on RegOpenKey(); passing it off to the backend code for a given path
(This used to be commit 867fd3052bbfdd45856886999619e2ebc6552675)
Diffstat (limited to 'source3/rpc_server')
-rw-r--r--source3/rpc_server/srv_reg_nt.c37
1 files changed, 19 insertions, 18 deletions
diff --git a/source3/rpc_server/srv_reg_nt.c b/source3/rpc_server/srv_reg_nt.c
index 01c60a473f..ec9a79f534 100644
--- a/source3/rpc_server/srv_reg_nt.c
+++ b/source3/rpc_server/srv_reg_nt.c
@@ -46,7 +46,7 @@ struct generic_mapping reg_map = { REG_KEY_READ, REG_KEY_WRITE, REG_KEY_EXECUTE,
/********************************************************************
********************************************************************/
-static NTSTATUS registry_access_check( SEC_DESC *sec_desc, NT_USER_TOKEN *token,
+NTSTATUS registry_access_check( SEC_DESC *sec_desc, NT_USER_TOKEN *token,
uint32 access_desired, uint32 *access_granted )
{
NTSTATUS result;
@@ -59,7 +59,7 @@ static NTSTATUS registry_access_check( SEC_DESC *sec_desc, NT_USER_TOKEN *token,
/********************************************************************
********************************************************************/
-static SEC_DESC* construct_reg_hive_sd( TALLOC_CTX *ctx )
+SEC_DESC* construct_registry_sd( TALLOC_CTX *ctx )
{
SEC_ACE ace[2];
SEC_ACCESS mask;
@@ -322,12 +322,10 @@ static BOOL get_value_information( REGISTRY_KEY *key, uint32 *maxnum,
WERROR _reg_close(pipes_struct *p, REG_Q_CLOSE *q_u, REG_R_CLOSE *r_u)
{
- /* set up the REG unknown_1 response */
- ZERO_STRUCT(r_u->pol);
-
/* close the policy handle */
- if (!close_registry_key(p, &q_u->pol))
- return WERR_BADFID; /* This will be reported as an RPC fault anyway. */
+
+ if ( !close_registry_key(p, &q_u->pol) )
+ return WERR_BADFID;
return WERR_OK;
}
@@ -342,8 +340,9 @@ WERROR _reg_open_hklm(pipes_struct *p, REG_Q_OPEN_HIVE *q_u, REG_R_OPEN_HIVE *r_
NTSTATUS status;
/* perform access checks */
+ /* top level keys are done here without passing through the REGISTRY_HOOK api */
- if ( !(sec_desc = construct_reg_hive_sd( p->mem_ctx )) )
+ if ( !(sec_desc = construct_registry_sd( p->mem_ctx )) )
return WERR_NOMEM;
status = registry_access_check( sec_desc, p->pipe_user.nt_user_token, q_u->access, &access_granted );
@@ -363,8 +362,9 @@ WERROR _reg_open_hkcr(pipes_struct *p, REG_Q_OPEN_HIVE *q_u, REG_R_OPEN_HIVE *r_
NTSTATUS status;
/* perform access checks */
+ /* top level keys are done here without passing through the REGISTRY_HOOK api */
- if ( !(sec_desc = construct_reg_hive_sd( p->mem_ctx )) )
+ if ( !(sec_desc = construct_registry_sd( p->mem_ctx )) )
return WERR_NOMEM;
status = registry_access_check( sec_desc, p->pipe_user.nt_user_token, q_u->access, &access_granted );
@@ -384,8 +384,9 @@ WERROR _reg_open_hku(pipes_struct *p, REG_Q_OPEN_HIVE *q_u, REG_R_OPEN_HIVE *r_u
NTSTATUS status;
/* perform access checks */
+ /* top level keys are done here without passing through the REGISTRY_HOOK api */
- if ( !(sec_desc = construct_reg_hive_sd( p->mem_ctx )) )
+ if ( !(sec_desc = construct_registry_sd( p->mem_ctx )) )
return WERR_NOMEM;
status = registry_access_check( sec_desc, p->pipe_user.nt_user_token, q_u->access, &access_granted );
@@ -409,8 +410,8 @@ WERROR _reg_open_entry(pipes_struct *p, REG_Q_OPEN_ENTRY *q_u, REG_R_OPEN_ENTRY
DEBUG(5,("reg_open_entry: Enter\n"));
if ( !key )
- return WERR_BADFID; /* This will be reported as an RPC fault anyway. */
-
+ return WERR_BADFID;
+
rpcstr_pull( name, q_u->name.string->buffer, sizeof(name), q_u->name.string->uni_str_len*2, 0 );
result = open_registry_key( p, &pol, key, name, 0x0 );
@@ -441,7 +442,7 @@ WERROR _reg_info(pipes_struct *p, REG_Q_INFO *q_u, REG_R_INFO *r_u)
DEBUG(5,("_reg_info: Enter\n"));
if ( !regkey )
- return WERR_BADFID; /* This will be reported as an RPC fault anyway. */
+ return WERR_BADFID;
DEBUG(7,("_reg_info: policy key name = [%s]\n", regkey->name));
@@ -545,7 +546,7 @@ WERROR _reg_query_key(pipes_struct *p, REG_Q_QUERY_KEY *q_u, REG_R_QUERY_KEY *r_
DEBUG(5,("_reg_query_key: Enter\n"));
if ( !regkey )
- return WERR_BADFID; /* This will be reported as an RPC fault anyway. */
+ return WERR_BADFID;
if ( !get_subkey_information( regkey, &r_u->num_subkeys, &r_u->max_subkeylen ) )
return WERR_ACCESS_DENIED;
@@ -579,9 +580,9 @@ WERROR _reg_getversion(pipes_struct *p, REG_Q_GETVERSION *q_u, REG_R_GETVERSION
DEBUG(5,("_reg_getversion: Enter\n"));
if ( !regkey )
- return WERR_BADFID; /* This will be reported as an RPC fault anyway. */
+ return WERR_BADFID;
- r_u->unknown = 0x00000005; /* seems to be consistent...no idea what it means */
+ r_u->win_version = 0x00000005; /* Windows 2000 registry API version */
DEBUG(5,("_reg_getversion: Exit\n"));
@@ -603,7 +604,7 @@ WERROR _reg_enum_key(pipes_struct *p, REG_Q_ENUM_KEY *q_u, REG_R_ENUM_KEY *r_u)
DEBUG(5,("_reg_enum_key: Enter\n"));
if ( !regkey )
- return WERR_BADFID; /* This will be reported as an RPC fault anyway. */
+ return WERR_BADFID;
DEBUG(8,("_reg_enum_key: enumerating key [%s]\n", regkey->name));
@@ -640,7 +641,7 @@ WERROR _reg_enum_value(pipes_struct *p, REG_Q_ENUM_VALUE *q_u, REG_R_ENUM_VALUE
DEBUG(5,("_reg_enum_value: Enter\n"));
if ( !regkey )
- return WERR_BADFID; /* This will be reported as an RPC fault anyway. */
+ return WERR_BADFID;
DEBUG(8,("_reg_enum_key: enumerating values for key [%s]\n", regkey->name));