2 * Unix SMB/CIFS implementation.
3 * Virtual Windows Registry Layer
4 * Copyright (C) Gerald Carter 2002-2005
5 * Copyright (C) Michael Adam 2006
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
23 * Implementation of registry frontend view functions.
24 * Functions moved from reg_frontend.c to minimize linker deps.
30 static struct generic_mapping reg_generic_map
=
31 { REG_KEY_READ
, REG_KEY_WRITE
, REG_KEY_EXECUTE
, REG_KEY_ALL
};
33 /********************************************************************
34 ********************************************************************/
36 static SEC_DESC
* construct_registry_sd( TALLOC_CTX
*ctx
)
45 /* basic access for Everyone */
47 init_sec_access(&mask
, REG_KEY_READ
);
48 init_sec_ace(&ace
[i
++], &global_sid_World
, SEC_ACE_TYPE_ACCESS_ALLOWED
, mask
, 0);
50 /* Full Access 'BUILTIN\Administrators' */
52 init_sec_access(&mask
, REG_KEY_ALL
);
53 init_sec_ace(&ace
[i
++], &global_sid_Builtin_Administrators
, SEC_ACE_TYPE_ACCESS_ALLOWED
, mask
, 0);
56 /* create the security descriptor */
58 if ( !(acl
= make_sec_acl(ctx
, NT4_ACL_REVISION
, i
, ace
)) )
61 if ( !(sd
= make_sec_desc(ctx
, SEC_DESC_REVISION
, SEC_DESC_SELF_RELATIVE
, NULL
, NULL
, NULL
, acl
, &sd_size
)) )
67 /***********************************************************************
68 High level wrapper function for storing registry subkeys
69 ***********************************************************************/
71 BOOL
store_reg_keys( REGISTRY_KEY
*key
, REGSUBKEY_CTR
*subkeys
)
73 if ( key
->hook
&& key
->hook
->ops
&& key
->hook
->ops
->store_subkeys
)
74 return key
->hook
->ops
->store_subkeys( key
->name
, subkeys
);
80 /***********************************************************************
81 High level wrapper function for storing registry values
82 ***********************************************************************/
84 BOOL
store_reg_values( REGISTRY_KEY
*key
, REGVAL_CTR
*val
)
86 if ( check_dynamic_reg_values( key
) )
89 if ( key
->hook
&& key
->hook
->ops
&& key
->hook
->ops
->store_values
)
90 return key
->hook
->ops
->store_values( key
->name
, val
);
95 /***********************************************************************
96 High level wrapper function for enumerating registry subkeys
97 Initialize the TALLOC_CTX if necessary
98 ***********************************************************************/
100 int fetch_reg_keys( REGISTRY_KEY
*key
, REGSUBKEY_CTR
*subkey_ctr
)
104 if ( key
->hook
&& key
->hook
->ops
&& key
->hook
->ops
->fetch_subkeys
)
105 result
= key
->hook
->ops
->fetch_subkeys( key
->name
, subkey_ctr
);
110 /***********************************************************************
111 High level wrapper function for enumerating registry values
112 ***********************************************************************/
114 int fetch_reg_values( REGISTRY_KEY
*key
, REGVAL_CTR
*val
)
118 if ( key
->hook
&& key
->hook
->ops
&& key
->hook
->ops
->fetch_values
)
119 result
= key
->hook
->ops
->fetch_values( key
->name
, val
);
121 /* if the backend lookup returned no data, try the dynamic overlay */
124 result
= fetch_dynamic_reg_values( key
, val
);
126 return ( result
!= -1 ) ? result
: 0;
132 /***********************************************************************
133 High level access check for passing the required access mask to the
134 underlying registry backend
135 ***********************************************************************/
137 BOOL
regkey_access_check( REGISTRY_KEY
*key
, uint32 requested
, uint32
*granted
,
138 const struct nt_user_token
*token
)
145 /* use the default security check if the backend has not defined its
148 if (key
->hook
&& key
->hook
->ops
&& key
->hook
->ops
->reg_access_check
) {
149 return key
->hook
->ops
->reg_access_check( key
->name
, requested
,
154 * The secdesc routines can't yet cope with a NULL talloc ctx sanely.
157 if (!(mem_ctx
= talloc_init("regkey_access_check"))) {
161 err
= regkey_get_secdesc(mem_ctx
, key
, &sec_desc
);
163 if (!W_ERROR_IS_OK(err
)) {
164 TALLOC_FREE(mem_ctx
);
168 se_map_generic( &requested
, ®_generic_map
);
170 if (!se_access_check(sec_desc
, token
, requested
, granted
, &status
)) {
171 TALLOC_FREE(mem_ctx
);
175 TALLOC_FREE(mem_ctx
);
176 return NT_STATUS_IS_OK(status
);
179 WERROR
regkey_get_secdesc(TALLOC_CTX
*mem_ctx
, REGISTRY_KEY
*key
,
180 struct security_descriptor
**psecdesc
)
182 struct security_descriptor
*secdesc
;
184 if (key
->hook
&& key
->hook
->ops
&& key
->hook
->ops
->get_secdesc
) {
187 err
= key
->hook
->ops
->get_secdesc(mem_ctx
, key
->name
,
189 if (W_ERROR_IS_OK(err
)) {
194 if (!(secdesc
= construct_registry_sd(mem_ctx
))) {