From c333885fa11fcaca71fd6ddde9c3f09a06ececd0 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Mon, 23 Apr 2012 16:44:15 +0200 Subject: s3:registry: replace call to reg_openkey() in reg_createkey() by accesscheck. Signed-off-by: Andreas Schneider --- source3/registry/reg_api.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) (limited to 'source3/registry') diff --git a/source3/registry/reg_api.c b/source3/registry/reg_api.c index 3166dee7cb..a32ad8d38a 100644 --- a/source3/registry/reg_api.c +++ b/source3/registry/reg_api.c @@ -558,6 +558,7 @@ WERROR reg_createkey(TALLOC_CTX *ctx, struct registry_key *parent, TALLOC_CTX *mem_ctx; char *path, *end; WERROR err; + uint32_t access_granted; mem_ctx = talloc_new(ctx); if (mem_ctx == NULL) { @@ -618,14 +619,15 @@ WERROR reg_createkey(TALLOC_CTX *ctx, struct registry_key *parent, } /* - * We have to make a copy of the current key, as we opened it only - * with ENUM_SUBKEY access. + * We may (e.g. in the iteration) have opened the key with ENUM_SUBKEY. + * Instead of re-opening the key with CREATE_SUB_KEY, we simply + * duplicate the access check here and skip the expensive full open. */ - - err = reg_openkey(mem_ctx, key, "", KEY_CREATE_SUB_KEY, - &create_parent); - if (!W_ERROR_IS_OK(err)) { - goto trans_done; + if (!regkey_access_check(key->key, KEY_CREATE_SUB_KEY, &access_granted, + key->token)) + { + err = WERR_ACCESS_DENIED; + goto done; } /* @@ -641,7 +643,7 @@ WERROR reg_createkey(TALLOC_CTX *ctx, struct registry_key *parent, * Now open the newly created key */ - err = reg_openkey(ctx, create_parent, path, desired_access, pkey); + err = reg_openkey(ctx, key, path, desired_access, pkey); if (W_ERROR_IS_OK(err) && (paction != NULL)) { *paction = REG_CREATED_NEW_KEY; } -- cgit