summaryrefslogtreecommitdiff
path: root/source4/lib
diff options
context:
space:
mode:
authorJelmer Vernooij <jelmer@samba.org>2005-09-03 23:23:14 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:36:29 -0500
commiteac7fe4ebc6eb819fe3721051751e60b12e95684 (patch)
tree5dc13c770cd917d43ff66eb3d19b485d13ee23a8 /source4/lib
parent40cbd4625ae7f9799238594faa4f8cc54ead72e4 (diff)
downloadsamba-eac7fe4ebc6eb819fe3721051751e60b12e95684.tar.gz
samba-eac7fe4ebc6eb819fe3721051751e60b12e95684.tar.bz2
samba-eac7fe4ebc6eb819fe3721051751e60b12e95684.zip
r10016: Support reading security descriptors on keys.
(This used to be commit b349e902c7b0140cd94e241ba9f81c83fa54f603)
Diffstat (limited to 'source4/lib')
-rw-r--r--source4/lib/registry/common/reg_interface.c9
-rw-r--r--source4/lib/registry/reg_backend_nt4.c47
-rw-r--r--source4/lib/registry/regf.idl4
-rw-r--r--source4/lib/registry/tools/regtree.c9
4 files changed, 66 insertions, 3 deletions
diff --git a/source4/lib/registry/common/reg_interface.c b/source4/lib/registry/common/reg_interface.c
index 7f745143e6..5297b1b3cf 100644
--- a/source4/lib/registry/common/reg_interface.c
+++ b/source4/lib/registry/common/reg_interface.c
@@ -427,6 +427,15 @@ WERROR reg_val_set(struct registry_key *key, const char *value, uint32_t type, D
}
+WERROR reg_get_sec_desc(TALLOC_CTX *ctx, struct registry_key *key, struct security_descriptor **secdesc)
+{
+ /* A 'real' set function has preference */
+ if (key->hive->functions->key_get_sec_desc)
+ return key->hive->functions->key_get_sec_desc(ctx, key, secdesc);
+
+ DEBUG(1, ("Backend '%s' doesn't support method get_sec_desc\n", key->hive->functions->name));
+ return WERR_NOT_SUPPORTED;
+}
WERROR reg_del_value(struct registry_key *key, const char *valname)
{
diff --git a/source4/lib/registry/reg_backend_nt4.c b/source4/lib/registry/reg_backend_nt4.c
index e0f5ccd08c..b1c0d201f0 100644
--- a/source4/lib/registry/reg_backend_nt4.c
+++ b/source4/lib/registry/reg_backend_nt4.c
@@ -21,6 +21,7 @@
#include "registry.h"
#include "system/filesys.h"
#include "lib/registry/tdr_regf.h"
+#include "librpc/gen_ndr/ndr_security.h"
/*
* Read HBIN blocks into memory
@@ -251,6 +252,51 @@ static WERROR regf_get_subkey (TALLOC_CTX *ctx, struct registry_key *key, int id
return WERR_OK;
}
+static WERROR regf_get_sec_desc(TALLOC_CTX *ctx, struct registry_key *key, struct security_descriptor **sd)
+{
+ struct nk_block *nk = key->backend_data;
+ struct tdr_pull *tdr;
+ struct sk_block sk;
+ DATA_BLOB data;
+
+ data = regf_get_data(key->hive->backend_data, nk->sk_offset);
+ if (!data.data) {
+ DEBUG(0, ("Unable to find security descriptor\n"));
+ return WERR_GENERAL_FAILURE;
+ }
+
+ tdr = talloc_zero(ctx, struct tdr_pull);
+ if (!tdr)
+ return WERR_NOMEM;
+
+ tdr->data = data;
+
+ if (NT_STATUS_IS_ERR(tdr_pull_sk_block(tdr, &sk))) {
+ DEBUG(0, ("Error parsing SK block\n"));
+ return WERR_GENERAL_FAILURE;
+ }
+
+ if (strcmp(sk.header, "sk") != 0) {
+ DEBUG(0, ("Expected 'sk', got '%s'\n", sk.header));
+ return WERR_GENERAL_FAILURE;
+ }
+
+ *sd = talloc(ctx, struct security_descriptor);
+ if (!*sd)
+ return WERR_NOMEM;
+
+ data.data = sk.sec_desc;
+ data.length = sk.rec_size;
+ if (NT_STATUS_IS_ERR(ndr_pull_struct_blob(&data, ctx, *sd, (ndr_pull_flags_fn_t)ndr_pull_security_descriptor))) {
+ DEBUG(0, ("Error parsing security descriptor\n"));
+ return WERR_GENERAL_FAILURE;
+ }
+
+ talloc_free(tdr);
+
+ return WERR_OK;
+}
+
static WERROR nt_open_hive (struct registry_hive *h, struct registry_key **key)
{
struct regf_data *regf;
@@ -342,6 +388,7 @@ static struct hive_operations reg_backend_nt4 = {
.num_values = regf_num_values,
.get_subkey_by_index = regf_get_subkey,
.get_value_by_index = regf_get_value,
+ .key_get_sec_desc = regf_get_sec_desc,
};
NTSTATUS registry_nt4_init(void)
diff --git a/source4/lib/registry/regf.idl b/source4/lib/registry/regf.idl
index 760183c01d..3b0a66fc54 100644
--- a/source4/lib/registry/regf.idl
+++ b/source4/lib/registry/regf.idl
@@ -100,9 +100,9 @@ interface regf
} nk_block;
/* sk (? Security Key ?) is the ACL of the registry. */
- typedef [noprint,nopush,nopull] struct {
+ typedef [noprint,public] struct {
[charset(DOS)] uint8 header[2];
- uint16 uk1;
+ uint16 tag;
uint32 prev_offset;
uint32 next_offset;
uint32 ref_cnt;
diff --git a/source4/lib/registry/tools/regtree.c b/source4/lib/registry/tools/regtree.c
index 2385123b7f..38dffed85d 100644
--- a/source4/lib/registry/tools/regtree.c
+++ b/source4/lib/registry/tools/regtree.c
@@ -28,6 +28,7 @@ static void print_tree(int l, struct registry_key *p, int fullpath, int novals)
{
struct registry_key *subkey;
struct registry_value *value;
+ struct security_descriptor *sec_desc;
WERROR error;
int i;
TALLOC_CTX *mem_ctx;
@@ -68,9 +69,15 @@ static void print_tree(int l, struct registry_key *p, int fullpath, int novals)
DEBUG(0, ("Error occured while fetching values for '%s': %s\n", p->path, win_errstr(error)));
}
}
+
+ mem_ctx = talloc_init("sec_desc");
+ if (NT_STATUS_IS_ERR(reg_get_sec_desc(mem_ctx, p, &sec_desc))) {
+ DEBUG(0, ("Error getting security descriptor\n"));
+ }
+ talloc_free(mem_ctx);
}
- int main(int argc, char **argv)
+int main(int argc, char **argv)
{
int opt, i;
const char *backend = NULL;