source3/registry/reg_dispatcher.c

   1 /*
   2  *  Unix SMB/CIFS implementation.
   3  *  Virtual Windows Registry Layer
   4  *  Copyright (C) Gerald Carter                     2002-2005
   5  *  Copyright (C) Michael Adam                      2006-2008
   6  *
   7  *  This program is free software; you can redistribute it and/or modify
   8  *  it under the terms of the GNU General Public License as published by
   9  *  the Free Software Foundation; either version 3 of the License, or
  10  *  (at your option) any later version.
  11  *
  12  *  This program is distributed in the hope that it will be useful,
  13  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  14  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15  *  GNU General Public License for more details.
  16  *
  17  *  You should have received a copy of the GNU General Public License
  18  *  along with this program; if not, see <http://www.gnu.org/licenses/>.
  19  */
  20
  21 /*
  22  * Implementation of registry frontend view functions.
  23  * Functions moved from reg_frontend.c to minimize linker deps.
  24  */
  25
  26 #include "includes.h"
  27 #include "registry.h"
  28 #include "reg_dispatcher.h"
  29 #include "../libcli/security/security.h"
  30
  31 #undef DBGC_CLASS
  32 #define DBGC_CLASS DBGC_REGISTRY
  33
  34 static const struct generic_mapping reg_generic_map =
  35         { REG_KEY_READ, REG_KEY_WRITE, REG_KEY_EXECUTE, REG_KEY_ALL };
  36
  37 /********************************************************************
  38 ********************************************************************/
  39
  40 static WERROR construct_registry_sd(TALLOC_CTX *ctx, struct security_descriptor **psd)
  41 {
  42         struct security_ace ace[3];
  43         size_t i = 0;
  44         struct security_descriptor *sd;
  45         struct security_acl *theacl;
  46         size_t sd_size;
  47
  48         /* basic access for Everyone */
  49
  50         init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED,
  51                      REG_KEY_READ, 0);
  52
  53         /* Full Access 'BUILTIN\Administrators' */
  54
  55         init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators,
  56                      SEC_ACE_TYPE_ACCESS_ALLOWED, REG_KEY_ALL, 0);
  57
  58         /* Full Access 'NT Authority\System' */
  59
  60         init_sec_ace(&ace[i++], &global_sid_System, SEC_ACE_TYPE_ACCESS_ALLOWED,
  61                      REG_KEY_ALL, 0);
  62
  63         /* create the security descriptor */
  64
  65         theacl = make_sec_acl(ctx, NT4_ACL_REVISION, i, ace);
  66         if (theacl == NULL) {
  67                 return WERR_NOMEM;
  68         }
  69
  70         sd = make_sec_desc(ctx, SD_REVISION, SEC_DESC_SELF_RELATIVE,
  71                            &global_sid_Builtin_Administrators,
  72                            &global_sid_System, NULL, theacl,
  73                            &sd_size);
  74         if (sd == NULL) {
  75                 return WERR_NOMEM;
  76         }
  77
  78         *psd = sd;
  79         return WERR_OK;
  80 }
  81
  82 /***********************************************************************
  83  High level wrapper function for storing registry subkeys
  84  ***********************************************************************/
  85
  86 bool store_reg_keys(struct registry_key_handle *key,
  87                     struct regsubkey_ctr *subkeys)
  88 {
  89         if (key->ops && key->ops->store_subkeys)
  90                 return key->ops->store_subkeys(key->name, subkeys);
  91
  92         return false;
  93 }
  94
  95 /***********************************************************************
  96  High level wrapper function for storing registry values
  97  ***********************************************************************/
  98
  99 bool store_reg_values(struct registry_key_handle *key, struct regval_ctr *val)
 100 {
 101         if (key->ops && key->ops->store_values)
 102                 return key->ops->store_values(key->name, val);
 103
 104         return false;
 105 }
 106
 107 WERROR create_reg_subkey(struct registry_key_handle *key, const char *subkey)
 108 {
 109         if (key->ops && key->ops->create_subkey) {
 110                 return key->ops->create_subkey(key->name, subkey);
 111         }
 112
 113         return WERR_NOT_SUPPORTED;
 114 }
 115
 116 WERROR delete_reg_subkey(struct registry_key_handle *key, const char *subkey)
 117 {
 118         if (key->ops && key->ops->delete_subkey) {
 119                 return key->ops->delete_subkey(key->name, subkey);
 120         }
 121
 122         return WERR_NOT_SUPPORTED;
 123 }
 124
 125 /***********************************************************************
 126  High level wrapper function for enumerating registry subkeys
 127  Initialize the TALLOC_CTX if necessary
 128  ***********************************************************************/
 129
 130 int fetch_reg_keys(struct registry_key_handle *key,
 131                    struct regsubkey_ctr *subkey_ctr)
 132 {
 133         int result = -1;
 134
 135         if (key->ops && key->ops->fetch_subkeys)
 136                 result = key->ops->fetch_subkeys(key->name, subkey_ctr);
 137
 138         return result;
 139 }
 140
 141 /***********************************************************************
 142  High level wrapper function for enumerating registry values
 143  ***********************************************************************/
 144
 145 int fetch_reg_values(struct registry_key_handle *key, struct regval_ctr *val)
 146 {
 147         int result = -1;
 148
 149         DEBUG(10, ("fetch_reg_values called for key '%s' (ops %p)\n", key->name,
 150                    (key->ops) ? (void *)key->ops : NULL));
 151
 152         if (key->ops && key->ops->fetch_values)
 153                 result = key->ops->fetch_values(key->name, val);
 154
 155         return result;
 156 }
 157
 158 /***********************************************************************
 159  High level access check for passing the required access mask to the
 160  underlying registry backend
 161  ***********************************************************************/
 162
 163 bool regkey_access_check(struct registry_key_handle *key, uint32 requested,
 164                          uint32 *granted,
 165                          const struct security_token *token )
 166 {
 167         struct security_descriptor *sec_desc;
 168         NTSTATUS status;
 169         WERROR err;
 170
 171         /* root free-pass, like we have on all other pipes like samr, lsa, etc. */
 172         if (geteuid() == sec_initial_uid()) {
 173                 *granted = REG_KEY_ALL;
 174                 return true;
 175         }
 176
 177         /* use the default security check if the backend has not defined its
 178          * own */
 179
 180         if (key->ops && key->ops->reg_access_check) {
 181                 return key->ops->reg_access_check(key->name, requested,
 182                                                   granted, token);
 183         }
 184
 185         err = regkey_get_secdesc(talloc_tos(), key, &sec_desc);
 186
 187         if (!W_ERROR_IS_OK(err)) {
 188                 return false;
 189         }
 190
 191         se_map_generic( &requested, &reg_generic_map );
 192
 193         status =se_access_check(sec_desc, token, requested, granted);
 194         TALLOC_FREE(sec_desc);
 195         if (!NT_STATUS_IS_OK(status)) {
 196                 return false;
 197         }
 198
 199         return NT_STATUS_IS_OK(status);
 200 }
 201
 202 WERROR regkey_get_secdesc(TALLOC_CTX *mem_ctx, struct registry_key_handle *key,
 203                           struct security_descriptor **psecdesc)
 204 {
 205         struct security_descriptor *secdesc;
 206         WERROR werr;
 207
 208         if (key->ops && key->ops->get_secdesc) {
 209                 werr = key->ops->get_secdesc(mem_ctx, key->name, psecdesc);
 210                 if (W_ERROR_IS_OK(werr)) {
 211                         return WERR_OK;
 212                 }
 213         }
 214
 215         werr = construct_registry_sd(mem_ctx, &secdesc);
 216         if (!W_ERROR_IS_OK(werr)) {
 217                 return werr;
 218         }
 219
 220         *psecdesc = secdesc;
 221         return WERR_OK;
 222 }
 223
 224 WERROR regkey_set_secdesc(struct registry_key_handle *key,
 225                           struct security_descriptor *psecdesc)
 226 {
 227         if (key->ops && key->ops->set_secdesc) {
 228                 return key->ops->set_secdesc(key->name, psecdesc);
 229         }
 230
 231         return WERR_ACCESS_DENIED;
 232 }
 233
 234 /**
 235  * Check whether the in-memory version of the subkyes of a
 236  * registry key needs update from disk.
 237  */
 238 bool reg_subkeys_need_update(struct registry_key_handle *key,
 239                              struct regsubkey_ctr *subkeys)
 240 {
 241         if (key->ops && key->ops->subkeys_need_update)
 242         {
 243                 return key->ops->subkeys_need_update(subkeys);
 244         }
 245
 246         return false;
 247 }
 248
 249 /**
 250  * Check whether the in-memory version of the values of a
 251  * registry key needs update from disk.
 252  */
 253 bool reg_values_need_update(struct registry_key_handle *key,
 254                             struct regval_ctr *values)
 255 {
 256         if (key->ops && key->ops->values_need_update)
 257         {
 258                 return key->ops->values_need_update(values);
 259         }
 260
 261         return false;
 262 }
 263