summaryrefslogtreecommitdiff
path: root/source3/utils
diff options
context:
space:
mode:
authorMichael Adam <obnox@samba.org>2010-03-02 14:43:53 +0100
committerMichael Adam <obnox@samba.org>2010-03-03 09:16:38 +0100
commit27ae935a8df409ce7557bd369250fa450120fdfe (patch)
treefc111776cd57d3370f153efe980e4550ae31159f /source3/utils
parent6f4bdbccf79eecadf3092c397a8aa9dd45b9c866 (diff)
downloadsamba-27ae935a8df409ce7557bd369250fa450120fdfe.tar.gz
samba-27ae935a8df409ce7557bd369250fa450120fdfe.tar.bz2
samba-27ae935a8df409ce7557bd369250fa450120fdfe.zip
s3:net: add a command "net registry setsd_sdd"
This permits to set the security descriptor of a registry key from the unix command line. Michael
Diffstat (limited to 'source3/utils')
-rw-r--r--source3/utils/net_registry.c88
1 files changed, 88 insertions, 0 deletions
diff --git a/source3/utils/net_registry.c b/source3/utils/net_registry.c
index 1006079a03..94d3bf4add 100644
--- a/source3/utils/net_registry.c
+++ b/source3/utils/net_registry.c
@@ -535,6 +535,86 @@ done:
return ret;
}
+static WERROR net_registry_setsd_internal(struct net_context *c,
+ TALLOC_CTX *mem_ctx,
+ const char *keyname,
+ struct security_descriptor *sd)
+{
+ WERROR werr;
+ struct registry_key *key = NULL;
+ TALLOC_CTX *ctx = talloc_stackframe();
+ uint32_t access_mask = REG_KEY_WRITE |
+ SEC_FLAG_MAXIMUM_ALLOWED |
+ SEC_FLAG_SYSTEM_SECURITY;
+
+ /*
+ * net_rpc_regsitry uses SEC_FLAG_SYSTEM_SECURITY, but access
+ * is denied with these perms right now...
+ */
+ access_mask = REG_KEY_WRITE;
+
+ if (strlen(keyname) == 0) {
+ d_fprintf(stderr, _("error: zero length key name given\n"));
+ werr = WERR_INVALID_PARAM;
+ goto done;
+ }
+
+ werr = open_key(ctx, keyname, access_mask, &key);
+ if (!W_ERROR_IS_OK(werr)) {
+ d_fprintf(stderr, "%s%s\n", _("open_key failed: "),
+ win_errstr(werr));
+ goto done;
+ }
+
+ werr = reg_setkeysecurity(key, sd);
+ if (!W_ERROR_IS_OK(werr)) {
+ d_fprintf(stderr, "%s%s\n", _("reg_setkeysecurity failed: "),
+ win_errstr(werr));
+ goto done;
+ }
+
+ werr = WERR_OK;
+
+done:
+ TALLOC_FREE(ctx);
+ return werr;
+}
+
+static int net_registry_setsd_sddl(struct net_context *c,
+ int argc, const char **argv)
+{
+ WERROR werr;
+ int ret = -1;
+ struct security_descriptor *secdesc = NULL;
+ TALLOC_CTX *ctx = talloc_stackframe();
+
+ if (argc != 2 || c->display_usage) {
+ d_printf("%s\n%s",
+ _("Usage:"),
+ _("net registry setsd_sddl <path> <security_descriptor>\n"));
+ d_printf("%s\n%s",
+ _("Example:"),
+ _("net registry setsd_sddl 'HKLM\\Software\\Samba'\n"));
+ goto done;
+ }
+
+ secdesc = sddl_decode(ctx, argv[1], get_global_sam_sid());
+ if (secdesc == NULL) {
+ goto done;
+ }
+
+ werr = net_registry_setsd_internal(c, ctx, argv[0], secdesc);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ ret = 0;
+
+done:
+ TALLOC_FREE(ctx);
+ return ret;
+}
+
int net_registry(struct net_context *c, int argc, const char **argv)
{
int ret = -1;
@@ -612,6 +692,14 @@ int net_registry(struct net_context *c, int argc, const char **argv)
N_("net registry getsd_sddl\n"
" Get security descriptor in sddl format")
},
+ {
+ "setsd_sddl",
+ net_registry_setsd_sddl,
+ NET_TRANSPORT_LOCAL,
+ N_("Set security descriptor from sddl format string"),
+ N_("net registry setsd_sddl\n"
+ " Set security descriptor from sddl format string")
+ },
{ NULL, NULL, 0, NULL, NULL }
};