From 38264bb3b86a3c9da941070f29ec08227c471d2b Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 15 Apr 2009 01:30:12 +0200 Subject: s3-secdesc: move all winreg access bits to IDL. Guenther --- source3/include/rpc_secdes.h | 35 ----------------------------------- source3/lib/smbconf/smbconf_reg.c | 2 +- source3/registry/reg_api.c | 28 ++++++++++++++-------------- source3/rpcclient/cmd_test.c | 2 +- source3/utils/net_rpc.c | 6 +++--- 5 files changed, 19 insertions(+), 54 deletions(-) (limited to 'source3') diff --git a/source3/include/rpc_secdes.h b/source3/include/rpc_secdes.h index c74d621f35..1ce3f84600 100644 --- a/source3/include/rpc_secdes.h +++ b/source3/include/rpc_secdes.h @@ -194,39 +194,4 @@ struct standard_mapping { SA_RIGHT_FILE_WRITE_DATA | \ SA_RIGHT_FILE_READ_DATA) -/* - * Access Bits for registry ACLS - */ - -/* used by registry ACLs */ - -#define SEC_RIGHTS_QUERY_VALUE 0x00000001 -#define SEC_RIGHTS_SET_VALUE 0x00000002 -#define SEC_RIGHTS_CREATE_SUBKEY 0x00000004 -#define SEC_RIGHTS_ENUM_SUBKEYS 0x00000008 -#define SEC_RIGHTS_NOTIFY 0x00000010 -#define SEC_RIGHTS_CREATE_LINK 0x00000020 -#define SEC_RIGHTS_MAXIMUM_ALLOWED 0x02000000 - - -#define REG_KEY_READ \ - ( STANDARD_RIGHTS_READ_ACCESS |\ - SEC_RIGHTS_QUERY_VALUE |\ - SEC_RIGHTS_ENUM_SUBKEYS |\ - SEC_RIGHTS_NOTIFY ) - -#define REG_KEY_EXECUTE REG_KEY_READ - -#define REG_KEY_WRITE \ - ( STANDARD_RIGHTS_WRITE_ACCESS |\ - SEC_RIGHTS_SET_VALUE |\ - SEC_RIGHTS_CREATE_SUBKEY ) - -#define REG_KEY_ALL \ - ( STANDARD_RIGHTS_REQUIRED_ACCESS |\ - REG_KEY_READ |\ - REG_KEY_WRITE |\ - SEC_RIGHTS_CREATE_LINK ) - - #endif /* _RPC_SECDES_H */ diff --git a/source3/lib/smbconf/smbconf_reg.c b/source3/lib/smbconf/smbconf_reg.c index 0ecac97575..54ce5348a7 100644 --- a/source3/lib/smbconf/smbconf_reg.c +++ b/source3/lib/smbconf/smbconf_reg.c @@ -567,7 +567,7 @@ static WERROR smbconf_reg_init(struct smbconf_ctx *ctx, const char *path) } werr = reg_open_path(ctx, ctx->path, - SEC_RIGHTS_ENUM_SUBKEYS | REG_KEY_WRITE, + KEY_ENUMERATE_SUB_KEYS | REG_KEY_WRITE, token, &rpd(ctx)->base_key); if (!W_ERROR_IS_OK(werr)) { goto done; diff --git a/source3/registry/reg_api.c b/source3/registry/reg_api.c index c1a78c14dc..817d43be6b 100644 --- a/source3/registry/reg_api.c +++ b/source3/registry/reg_api.c @@ -272,7 +272,7 @@ WERROR reg_openkey(TALLOC_CTX *mem_ctx, struct registry_key *parent, err = regkey_open_onelevel(mem_ctx, direct_parent, name_component, parent->token, - SEC_RIGHTS_ENUM_SUBKEYS, &tmp); + KEY_ENUMERATE_SUB_KEYS, &tmp); SAFE_FREE(name_component); if (!W_ERROR_IS_OK(err)) { @@ -301,7 +301,7 @@ WERROR reg_enumkey(TALLOC_CTX *mem_ctx, struct registry_key *key, { WERROR err; - if (!(key->key->access_granted & SEC_RIGHTS_ENUM_SUBKEYS)) { + if (!(key->key->access_granted & KEY_ENUMERATE_SUB_KEYS)) { return WERR_ACCESS_DENIED; } @@ -332,7 +332,7 @@ WERROR reg_enumvalue(TALLOC_CTX *mem_ctx, struct registry_key *key, struct registry_value *val; WERROR err; - if (!(key->key->access_granted & SEC_RIGHTS_QUERY_VALUE)) { + if (!(key->key->access_granted & KEY_QUERY_VALUE)) { return WERR_ACCESS_DENIED; } @@ -370,7 +370,7 @@ WERROR reg_queryvalue(TALLOC_CTX *mem_ctx, struct registry_key *key, WERROR err; uint32 i; - if (!(key->key->access_granted & SEC_RIGHTS_QUERY_VALUE)) { + if (!(key->key->access_granted & KEY_QUERY_VALUE)) { return WERR_ACCESS_DENIED; } @@ -399,7 +399,7 @@ WERROR reg_queryinfokey(struct registry_key *key, uint32_t *num_subkeys, WERROR err; struct security_descriptor *secdesc; - if (!(key->key->access_granted & SEC_RIGHTS_QUERY_VALUE)) { + if (!(key->key->access_granted & KEY_QUERY_VALUE)) { return WERR_ACCESS_DENIED; } @@ -483,7 +483,7 @@ WERROR reg_createkey(TALLOC_CTX *ctx, struct registry_key *parent, *end = '\0'; err = reg_createkey(mem_ctx, key, path, - SEC_RIGHTS_ENUM_SUBKEYS, &tmp, &action); + KEY_ENUMERATE_SUB_KEYS, &tmp, &action); if (!W_ERROR_IS_OK(err)) { goto done; } @@ -521,7 +521,7 @@ WERROR reg_createkey(TALLOC_CTX *ctx, struct registry_key *parent, * with ENUM_SUBKEY access. */ - err = reg_openkey(mem_ctx, key, "", SEC_RIGHTS_CREATE_SUBKEY, + err = reg_openkey(mem_ctx, key, "", KEY_CREATE_SUB_KEY, &create_parent); if (!W_ERROR_IS_OK(err)) { goto done; @@ -582,7 +582,7 @@ WERROR reg_deletekey(struct registry_key *parent, const char *path) *end = '\0'; err = reg_openkey(mem_ctx, parent, name, - SEC_RIGHTS_CREATE_SUBKEY, &tmp_key); + KEY_CREATE_SUB_KEY, &tmp_key); W_ERROR_NOT_OK_GOTO_DONE(err); parent = tmp_key; @@ -608,7 +608,7 @@ WERROR reg_setvalue(struct registry_key *key, const char *name, DATA_BLOB value_data; int res; - if (!(key->key->access_granted & SEC_RIGHTS_SET_VALUE)) { + if (!(key->key->access_granted & KEY_SET_VALUE)) { return WERR_ACCESS_DENIED; } @@ -655,7 +655,7 @@ WERROR reg_deletevalue(struct registry_key *key, const char *name) { WERROR err; - if (!(key->key->access_granted & SEC_RIGHTS_SET_VALUE)) { + if (!(key->key->access_granted & KEY_SET_VALUE)) { return WERR_ACCESS_DENIED; } @@ -982,7 +982,7 @@ WERROR reg_deleteallvalues(struct registry_key *key) WERROR err; int i; - if (!(key->key->access_granted & SEC_RIGHTS_SET_VALUE)) { + if (!(key->key->access_granted & KEY_SET_VALUE)) { return WERR_ACCESS_DENIED; } @@ -1038,7 +1038,7 @@ WERROR reg_open_path(TALLOC_CTX *mem_ctx, const char *orig_path, *p = '\0'; - err = reg_openhive(mem_ctx, path, SEC_RIGHTS_ENUM_SUBKEYS, token, + err = reg_openhive(mem_ctx, path, KEY_ENUMERATE_SUB_KEYS, token, &hive); if (!W_ERROR_IS_OK(err)) { SAFE_FREE(path); @@ -1209,7 +1209,7 @@ WERROR reg_create_path(TALLOC_CTX *mem_ctx, const char *orig_path, err = reg_openhive(mem_ctx, path, (strchr(p+1, '\\') != NULL) ? - SEC_RIGHTS_ENUM_SUBKEYS : SEC_RIGHTS_CREATE_SUBKEY, + KEY_ENUMERATE_SUB_KEYS : KEY_CREATE_SUB_KEY, token, &hive); if (!W_ERROR_IS_OK(err)) { SAFE_FREE(path); @@ -1249,7 +1249,7 @@ WERROR reg_delete_path(const struct nt_user_token *token, err = reg_openhive(NULL, path, (strchr(p+1, '\\') != NULL) ? - SEC_RIGHTS_ENUM_SUBKEYS : SEC_RIGHTS_CREATE_SUBKEY, + KEY_ENUMERATE_SUB_KEYS : KEY_CREATE_SUB_KEY, token, &hive); if (!W_ERROR_IS_OK(err)) { SAFE_FREE(path); diff --git a/source3/rpcclient/cmd_test.c b/source3/rpcclient/cmd_test.c index b7be038539..85e90a19b5 100644 --- a/source3/rpcclient/cmd_test.c +++ b/source3/rpcclient/cmd_test.c @@ -45,7 +45,7 @@ static NTSTATUS cmd_testme(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, } status = rpccli_lsa_open_policy(lsa_pipe, mem_ctx, False, - SEC_RIGHTS_QUERY_VALUE, &pol); + KEY_QUERY_VALUE, &pol); if (!NT_STATUS_IS_OK(status)) goto done; diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c index 845ceca573..29e2f4f05d 100644 --- a/source3/utils/net_rpc.c +++ b/source3/utils/net_rpc.c @@ -5596,7 +5596,7 @@ static int rpc_trustdom_establish(struct net_context *c, int argc, return -1; } - nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, true, SEC_RIGHTS_QUERY_VALUE, + nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, true, KEY_QUERY_VALUE, &connect_hnd); if (NT_STATUS_IS_ERR(nt_status)) { DEBUG(0, ("Couldn't open policy handle. Error was %s\n", @@ -5854,7 +5854,7 @@ static int rpc_trustdom_vampire(struct net_context *c, int argc, return -1; }; - nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, false, SEC_RIGHTS_QUERY_VALUE, + nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, false, KEY_QUERY_VALUE, &connect_hnd); if (NT_STATUS_IS_ERR(nt_status)) { DEBUG(0, ("Couldn't open policy handle. Error was %s\n", @@ -6011,7 +6011,7 @@ static int rpc_trustdom_list(struct net_context *c, int argc, const char **argv) return -1; }; - nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, false, SEC_RIGHTS_QUERY_VALUE, + nt_status = rpccli_lsa_open_policy2(pipe_hnd, mem_ctx, false, KEY_QUERY_VALUE, &connect_hnd); if (NT_STATUS_IS_ERR(nt_status)) { DEBUG(0, ("Couldn't open policy handle. Error was %s\n", -- cgit