From 17eb05228ee93c9790a0bacbfb0e5e282aa180d2 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Thu, 16 Jun 2005 20:45:55 +0000 Subject: r7648: adding REGISTRY_HOOK->reg_access_check() for authprization checks on RegOpenKey(); passing it off to the backend code for a given path (This used to be commit 867fd3052bbfdd45856886999619e2ebc6552675) --- source3/include/rpc_reg.h | 15 ++++++++------- source3/registry/reg_db.c | 3 ++- source3/registry/reg_eventlog.c | 3 ++- source3/registry/reg_frontend.c | 16 ++++++++-------- source3/registry/reg_printing.c | 3 ++- source3/registry/reg_shares.c | 3 ++- source3/rpc_server/srv_reg_nt.c | 37 +++++++++++++++++++------------------ 7 files changed, 43 insertions(+), 37 deletions(-) (limited to 'source3') diff --git a/source3/include/rpc_reg.h b/source3/include/rpc_reg.h index 83b44ce7c9..c83802b3f5 100644 --- a/source3/include/rpc_reg.h +++ b/source3/include/rpc_reg.h @@ -92,10 +92,11 @@ typedef struct { /* functions for enumerating subkeys and values */ - int (*subkey_fn)( char *key, REGSUBKEY_CTR *subkeys); - int (*value_fn) ( char *key, REGVAL_CTR *val ); - BOOL (*store_subkeys_fn)( char *key, REGSUBKEY_CTR *subkeys ); - BOOL (*store_values_fn)( char *key, REGVAL_CTR *val ); + int (*fetch_subkeys)( char *key, REGSUBKEY_CTR *subkeys); + int (*fetch_values) ( char *key, REGVAL_CTR *val ); + BOOL (*store_subkeys)( char *key, REGSUBKEY_CTR *subkeys ); + BOOL (*store_values)( char *key, REGVAL_CTR *val ); + BOOL (*reg_access_check)( uint32 parent_granted, uint32 requested, uint32 *granted ); } REGISTRY_OPS; typedef struct { @@ -282,12 +283,12 @@ typedef struct { /***********************************************/ typedef struct { - POLICY_HND pol; /* policy handle */ + POLICY_HND pol; } REG_Q_GETVERSION; typedef struct { - uint32 unknown; /* 0x0500 0000 */ - WERROR status; /* return status */ + uint32 win_version; + WERROR status; } REG_R_GETVERSION; diff --git a/source3/registry/reg_db.c b/source3/registry/reg_db.c index 19f7e64479..7efa032e39 100644 --- a/source3/registry/reg_db.c +++ b/source3/registry/reg_db.c @@ -347,7 +347,8 @@ REGISTRY_OPS regdb_ops = { regdb_fetch_reg_keys, regdb_fetch_reg_values, regdb_store_reg_keys, - regdb_store_reg_values + regdb_store_reg_values, + NULL }; diff --git a/source3/registry/reg_eventlog.c b/source3/registry/reg_eventlog.c index 50e4995b9e..4c3f144980 100644 --- a/source3/registry/reg_eventlog.c +++ b/source3/registry/reg_eventlog.c @@ -302,5 +302,6 @@ REGISTRY_OPS eventlog_ops = { eventlog_subkey_info, eventlog_value_info, eventlog_store_subkey, - eventlog_store_value + eventlog_store_value, + NULL }; diff --git a/source3/registry/reg_frontend.c b/source3/registry/reg_frontend.c index 8333bcd31f..196007d3cb 100644 --- a/source3/registry/reg_frontend.c +++ b/source3/registry/reg_frontend.c @@ -79,8 +79,8 @@ BOOL init_registry( void ) BOOL store_reg_keys( REGISTRY_KEY *key, REGSUBKEY_CTR *subkeys ) { - if ( key->hook && key->hook->ops && key->hook->ops->store_subkeys_fn ) - return key->hook->ops->store_subkeys_fn( key->name, subkeys ); + if ( key->hook && key->hook->ops && key->hook->ops->store_subkeys ) + return key->hook->ops->store_subkeys( key->name, subkeys ); else return False; @@ -92,8 +92,8 @@ BOOL store_reg_keys( REGISTRY_KEY *key, REGSUBKEY_CTR *subkeys ) BOOL store_reg_values( REGISTRY_KEY *key, REGVAL_CTR *val ) { - if ( key->hook && key->hook->ops && key->hook->ops->store_values_fn ) - return key->hook->ops->store_values_fn( key->name, val ); + if ( key->hook && key->hook->ops && key->hook->ops->store_values ) + return key->hook->ops->store_values( key->name, val ); else return False; } @@ -108,8 +108,8 @@ int fetch_reg_keys( REGISTRY_KEY *key, REGSUBKEY_CTR *subkey_ctr ) { int result = -1; - if ( key->hook && key->hook->ops && key->hook->ops->subkey_fn ) - result = key->hook->ops->subkey_fn( key->name, subkey_ctr ); + if ( key->hook && key->hook->ops && key->hook->ops->fetch_subkeys ) + result = key->hook->ops->fetch_subkeys( key->name, subkey_ctr ); return result; } @@ -176,8 +176,8 @@ int fetch_reg_values( REGISTRY_KEY *key, REGVAL_CTR *val ) { int result = -1; - if ( key->hook && key->hook->ops && key->hook->ops->value_fn ) - result = key->hook->ops->value_fn( key->name, val ); + if ( key->hook && key->hook->ops && key->hook->ops->fetch_values ) + result = key->hook->ops->fetch_values( key->name, val ); return result; } diff --git a/source3/registry/reg_printing.c b/source3/registry/reg_printing.c index 8e1e8ae40b..b0fb4ab9d9 100644 --- a/source3/registry/reg_printing.c +++ b/source3/registry/reg_printing.c @@ -928,7 +928,8 @@ REGISTRY_OPS printing_ops = { printing_subkey_info, printing_value_info, printing_store_subkey, - printing_store_value + printing_store_value, + NULL }; diff --git a/source3/registry/reg_shares.c b/source3/registry/reg_shares.c index 7538db7623..4531327d94 100644 --- a/source3/registry/reg_shares.c +++ b/source3/registry/reg_shares.c @@ -158,7 +158,8 @@ REGISTRY_OPS shares_reg_ops = { shares_subkey_info, shares_value_info, shares_store_subkey, - shares_store_value + shares_store_value, + NULL }; diff --git a/source3/rpc_server/srv_reg_nt.c b/source3/rpc_server/srv_reg_nt.c index 01c60a473f..ec9a79f534 100644 --- a/source3/rpc_server/srv_reg_nt.c +++ b/source3/rpc_server/srv_reg_nt.c @@ -46,7 +46,7 @@ struct generic_mapping reg_map = { REG_KEY_READ, REG_KEY_WRITE, REG_KEY_EXECUTE, /******************************************************************** ********************************************************************/ -static NTSTATUS registry_access_check( SEC_DESC *sec_desc, NT_USER_TOKEN *token, +NTSTATUS registry_access_check( SEC_DESC *sec_desc, NT_USER_TOKEN *token, uint32 access_desired, uint32 *access_granted ) { NTSTATUS result; @@ -59,7 +59,7 @@ static NTSTATUS registry_access_check( SEC_DESC *sec_desc, NT_USER_TOKEN *token, /******************************************************************** ********************************************************************/ -static SEC_DESC* construct_reg_hive_sd( TALLOC_CTX *ctx ) +SEC_DESC* construct_registry_sd( TALLOC_CTX *ctx ) { SEC_ACE ace[2]; SEC_ACCESS mask; @@ -322,12 +322,10 @@ static BOOL get_value_information( REGISTRY_KEY *key, uint32 *maxnum, WERROR _reg_close(pipes_struct *p, REG_Q_CLOSE *q_u, REG_R_CLOSE *r_u) { - /* set up the REG unknown_1 response */ - ZERO_STRUCT(r_u->pol); - /* close the policy handle */ - if (!close_registry_key(p, &q_u->pol)) - return WERR_BADFID; /* This will be reported as an RPC fault anyway. */ + + if ( !close_registry_key(p, &q_u->pol) ) + return WERR_BADFID; return WERR_OK; } @@ -342,8 +340,9 @@ WERROR _reg_open_hklm(pipes_struct *p, REG_Q_OPEN_HIVE *q_u, REG_R_OPEN_HIVE *r_ NTSTATUS status; /* perform access checks */ + /* top level keys are done here without passing through the REGISTRY_HOOK api */ - if ( !(sec_desc = construct_reg_hive_sd( p->mem_ctx )) ) + if ( !(sec_desc = construct_registry_sd( p->mem_ctx )) ) return WERR_NOMEM; status = registry_access_check( sec_desc, p->pipe_user.nt_user_token, q_u->access, &access_granted ); @@ -363,8 +362,9 @@ WERROR _reg_open_hkcr(pipes_struct *p, REG_Q_OPEN_HIVE *q_u, REG_R_OPEN_HIVE *r_ NTSTATUS status; /* perform access checks */ + /* top level keys are done here without passing through the REGISTRY_HOOK api */ - if ( !(sec_desc = construct_reg_hive_sd( p->mem_ctx )) ) + if ( !(sec_desc = construct_registry_sd( p->mem_ctx )) ) return WERR_NOMEM; status = registry_access_check( sec_desc, p->pipe_user.nt_user_token, q_u->access, &access_granted ); @@ -384,8 +384,9 @@ WERROR _reg_open_hku(pipes_struct *p, REG_Q_OPEN_HIVE *q_u, REG_R_OPEN_HIVE *r_u NTSTATUS status; /* perform access checks */ + /* top level keys are done here without passing through the REGISTRY_HOOK api */ - if ( !(sec_desc = construct_reg_hive_sd( p->mem_ctx )) ) + if ( !(sec_desc = construct_registry_sd( p->mem_ctx )) ) return WERR_NOMEM; status = registry_access_check( sec_desc, p->pipe_user.nt_user_token, q_u->access, &access_granted ); @@ -409,8 +410,8 @@ WERROR _reg_open_entry(pipes_struct *p, REG_Q_OPEN_ENTRY *q_u, REG_R_OPEN_ENTRY DEBUG(5,("reg_open_entry: Enter\n")); if ( !key ) - return WERR_BADFID; /* This will be reported as an RPC fault anyway. */ - + return WERR_BADFID; + rpcstr_pull( name, q_u->name.string->buffer, sizeof(name), q_u->name.string->uni_str_len*2, 0 ); result = open_registry_key( p, &pol, key, name, 0x0 ); @@ -441,7 +442,7 @@ WERROR _reg_info(pipes_struct *p, REG_Q_INFO *q_u, REG_R_INFO *r_u) DEBUG(5,("_reg_info: Enter\n")); if ( !regkey ) - return WERR_BADFID; /* This will be reported as an RPC fault anyway. */ + return WERR_BADFID; DEBUG(7,("_reg_info: policy key name = [%s]\n", regkey->name)); @@ -545,7 +546,7 @@ WERROR _reg_query_key(pipes_struct *p, REG_Q_QUERY_KEY *q_u, REG_R_QUERY_KEY *r_ DEBUG(5,("_reg_query_key: Enter\n")); if ( !regkey ) - return WERR_BADFID; /* This will be reported as an RPC fault anyway. */ + return WERR_BADFID; if ( !get_subkey_information( regkey, &r_u->num_subkeys, &r_u->max_subkeylen ) ) return WERR_ACCESS_DENIED; @@ -579,9 +580,9 @@ WERROR _reg_getversion(pipes_struct *p, REG_Q_GETVERSION *q_u, REG_R_GETVERSION DEBUG(5,("_reg_getversion: Enter\n")); if ( !regkey ) - return WERR_BADFID; /* This will be reported as an RPC fault anyway. */ + return WERR_BADFID; - r_u->unknown = 0x00000005; /* seems to be consistent...no idea what it means */ + r_u->win_version = 0x00000005; /* Windows 2000 registry API version */ DEBUG(5,("_reg_getversion: Exit\n")); @@ -603,7 +604,7 @@ WERROR _reg_enum_key(pipes_struct *p, REG_Q_ENUM_KEY *q_u, REG_R_ENUM_KEY *r_u) DEBUG(5,("_reg_enum_key: Enter\n")); if ( !regkey ) - return WERR_BADFID; /* This will be reported as an RPC fault anyway. */ + return WERR_BADFID; DEBUG(8,("_reg_enum_key: enumerating key [%s]\n", regkey->name)); @@ -640,7 +641,7 @@ WERROR _reg_enum_value(pipes_struct *p, REG_Q_ENUM_VALUE *q_u, REG_R_ENUM_VALUE DEBUG(5,("_reg_enum_value: Enter\n")); if ( !regkey ) - return WERR_BADFID; /* This will be reported as an RPC fault anyway. */ + return WERR_BADFID; DEBUG(8,("_reg_enum_key: enumerating values for key [%s]\n", regkey->name)); -- cgit