search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
r11069: make sure to zero memory when allocating a a REGVAL_CTR struct
[Samba.git] / source / rpc_server / srv_reg_nt.c
blob4cd824c9ef998d0645eb9449708e351dfb7d4f2a
1 /*
2 * Unix SMB/CIFS implementation.
3 * RPC Pipe client / server routines
4 * Copyright (C) Andrew Tridgell 1992-1997.
5 * Copyright (C) Luke Kenneth Casson Leighton 1996-1997.
6 * Copyright (C) Paul Ashton 1997.
7 * Copyright (C) Jeremy Allison 2001.
8 * Copyright (C) Gerald Carter 2002-2005.
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
23 */
24
25 /* Implementation of registry functions. */
26
27 #include "includes.h"
28 #include "regfio.h"
29
30 #undef DBGC_CLASS
31 #define DBGC_CLASS DBGC_RPC_SRV
32
33 #define OUR_HANDLE(hnd) (((hnd)==NULL)?"NULL":(IVAL((hnd)->data5,4)==(uint32)sys_getpid()?"OURS":"OTHER")), \
34 ((unsigned int)IVAL((hnd)->data5,4)),((unsigned int)sys_getpid())
35
36 static struct generic_mapping reg_generic_map =
37 { REG_KEY_READ, REG_KEY_WRITE, REG_KEY_EXECUTE, REG_KEY_ALL };
38
39
40 /******************************************************************
41 free() function for REGISTRY_KEY
42 *****************************************************************/
43
44 static void free_regkey_info(void *ptr)
45 {
46 regkey_close_internal( (REGISTRY_KEY*)ptr );
47 }
48
49 /******************************************************************
50 Find a registry key handle and return a REGISTRY_KEY
51 *****************************************************************/
52
53 static REGISTRY_KEY *find_regkey_index_by_hnd(pipes_struct *p, POLICY_HND *hnd)
54 {
55 REGISTRY_KEY *regkey = NULL;
56
57 if(!find_policy_by_hnd(p,hnd,(void **)&regkey)) {
58 DEBUG(2,("find_regkey_index_by_hnd: Registry Key not found: "));
59 return NULL;
60 }
61
62 return regkey;
63 }
64
65
66 /*******************************************************************
67 Function for open a new registry handle and creating a handle
68 Note that P should be valid & hnd should already have space
69
70 When we open a key, we store the full path to the key as
71 HK[LM|U]\<key>\<key>\...
72 *******************************************************************/
73
74 static WERROR open_registry_key( pipes_struct *p, POLICY_HND *hnd,
75 REGISTRY_KEY **keyinfo, REGISTRY_KEY *parent,
76 const char *subkeyname, uint32 access_desired )
77 {
78 pstring keypath;
79 int path_len;
80 WERROR result = WERR_OK;
81
82 /* create a full registry path and strip any trailing '\'
83 characters */
84
85 pstr_sprintf( keypath, "%s%s%s",
86 parent ? parent->name : "",
87 parent ? "\\" : "",
88 subkeyname );
89
90 path_len = strlen( keypath );
91 if ( path_len && keypath[path_len-1] == '\\' )
92 keypath[path_len-1] = '\0';
93
94 /* now do the internal open */
95
96 result = regkey_open_internal( keyinfo, keypath, p->pipe_user.nt_user_token, access_desired );
97 if ( !W_ERROR_IS_OK(result) )
98 return result;
99
100 if ( !create_policy_hnd( p, hnd, free_regkey_info, *keyinfo ) ) {
101 result = WERR_BADFILE;
102 regkey_close_internal( *keyinfo );
103 }
104
105 return result;
106 }
107
108 /*******************************************************************
109 Function for open a new registry handle and creating a handle
110 Note that P should be valid & hnd should already have space
111 *******************************************************************/
112
113 static BOOL close_registry_key(pipes_struct *p, POLICY_HND *hnd)
114 {
115 REGISTRY_KEY *regkey = find_regkey_index_by_hnd(p, hnd);
116
117 if ( !regkey ) {
118 DEBUG(2,("close_registry_key: Invalid handle (%s:%u:%u)\n", OUR_HANDLE(hnd)));
119 return False;
120 }
121
122 close_policy_hnd(p, hnd);
123
124 return True;
125 }
126
127 /********************************************************************
128 retrieve information about the subkeys
129 *******************************************************************/
130
131 static BOOL get_subkey_information( REGISTRY_KEY *key, uint32 *maxnum, uint32 *maxlen )
132 {
133 int num_subkeys, i;
134 uint32 max_len;
135 REGSUBKEY_CTR *subkeys;
136 uint32 len;
137
138 if ( !key )
139 return False;
140
141 if ( !(subkeys = TALLOC_ZERO_P( NULL, REGSUBKEY_CTR )) )
142 return False;
143
144 if ( fetch_reg_keys( key, subkeys ) == -1 )
145 return False;
146
147 /* find the longest string */
148
149 max_len = 0;
150 num_subkeys = regsubkey_ctr_numkeys( subkeys );
151
152 for ( i=0; i<num_subkeys; i++ ) {
153 len = strlen( regsubkey_ctr_specific_key(subkeys, i) );
154 max_len = MAX(max_len, len);
155 }
156
157 *maxnum = num_subkeys;
158 *maxlen = max_len*2;
159
160 TALLOC_FREE( subkeys );
161
162 return True;
163 }
164
165 /********************************************************************
166 retrieve information about the values.
167 *******************************************************************/
168
169 static BOOL get_value_information( REGISTRY_KEY *key, uint32 *maxnum,
170 uint32 *maxlen, uint32 *maxsize )
171 {
172 REGVAL_CTR *values;
173 REGISTRY_VALUE *val;
174 uint32 sizemax, lenmax;
175 int i, num_values;
176
177 if ( !key )
178 return False;
179
180 if ( !(values = TALLOC_ZERO_P( NULL, REGVAL_CTR )) )
181 return False;
182
183 if ( fetch_reg_values( key, values ) == -1 )
184 return False;
185
186 lenmax = sizemax = 0;
187 num_values = regval_ctr_numvals( values );
188
189 val = regval_ctr_specific_value( values, 0 );
190
191 for ( i=0; i<num_values && val; i++ )
192 {
193 lenmax = MAX(lenmax, val->valuename ? strlen(val->valuename)+1 : 0 );
194 sizemax = MAX(sizemax, val->size );
195
196 val = regval_ctr_specific_value( values, i );
197 }
198
199 *maxnum = num_values;
200 *maxlen = lenmax;
201 *maxsize = sizemax;
202
203 TALLOC_FREE( values );
204
205 return True;
206 }
207
208
209 /********************************************************************
210 reg_close
211 ********************************************************************/
212
213 WERROR _reg_close(pipes_struct *p, REG_Q_CLOSE *q_u, REG_R_CLOSE *r_u)
214 {
215 /* close the policy handle */
216
217 if (!close_registry_key(p, &q_u->pol))
218 return WERR_BADFID;
219
220 return WERR_OK;
221 }
222
223 /*******************************************************************
224 ********************************************************************/
225
226 WERROR _reg_open_hklm(pipes_struct *p, REG_Q_OPEN_HIVE *q_u, REG_R_OPEN_HIVE *r_u)
227 {
228 REGISTRY_KEY *keyinfo;
229
230 return open_registry_key( p, &r_u->pol, &keyinfo, NULL, KEY_HKLM, q_u->access );
231 }
232
233 /*******************************************************************
234 ********************************************************************/
235
236 WERROR _reg_open_hkpd(pipes_struct *p, REG_Q_OPEN_HIVE *q_u, REG_R_OPEN_HIVE *r_u)
237 {
238 REGISTRY_KEY *keyinfo;
239
240 return open_registry_key( p, &r_u->pol, &keyinfo, NULL, KEY_HKPD, q_u->access );
241 }
242
243 /*******************************************************************
244 ********************************************************************/
245
246 WERROR _reg_open_hkpt(pipes_struct *p, REG_Q_OPEN_HIVE *q_u, REG_R_OPEN_HIVE *r_u)
247 {
248 REGISTRY_KEY *keyinfo;
249
250 return open_registry_key( p, &r_u->pol, &keyinfo, NULL, KEY_HKPT, q_u->access );
251 }
252
253 /*******************************************************************
254 ********************************************************************/
255
256 WERROR _reg_open_hkcr(pipes_struct *p, REG_Q_OPEN_HIVE *q_u, REG_R_OPEN_HIVE *r_u)
257 {
258 REGISTRY_KEY *keyinfo;
259
260 return open_registry_key( p, &r_u->pol, &keyinfo, NULL, KEY_HKCR, q_u->access );
261 }
262
263 /*******************************************************************
264 ********************************************************************/
265
266 WERROR _reg_open_hku(pipes_struct *p, REG_Q_OPEN_HIVE *q_u, REG_R_OPEN_HIVE *r_u)
267 {
268 REGISTRY_KEY *keyinfo;
269
270 return open_registry_key( p, &r_u->pol, &keyinfo, NULL, KEY_HKU, q_u->access );
271 }
272
273 /*******************************************************************
274 reg_reply_open_entry
275 ********************************************************************/
276
277 WERROR _reg_open_entry(pipes_struct *p, REG_Q_OPEN_ENTRY *q_u, REG_R_OPEN_ENTRY *r_u)
278 {
279 fstring name;
280 REGISTRY_KEY *parent = find_regkey_index_by_hnd(p, &q_u->pol);
281 REGISTRY_KEY *newkey = NULL;
282 uint32 check_rights;
283
284 if ( !parent )
285 return WERR_BADFID;
286
287 rpcstr_pull( name, q_u->name.string->buffer, sizeof(name), q_u->name.string->uni_str_len*2, 0 );
288
289 /* check granted access first; what is the correct mask here? */
290
291 check_rights = ( SEC_RIGHTS_ENUM_SUBKEYS|
292 SEC_RIGHTS_CREATE_SUBKEY|
293 SEC_RIGHTS_QUERY_VALUE|
294 SEC_RIGHTS_SET_VALUE);
295
296 if ( !(parent->access_granted & check_rights) ) {
297 DEBUG(8,("Rights check failed, parent had %04x, check_rights %04x\n",parent->access_granted, check_rights));
298 return WERR_ACCESS_DENIED;
299 }
300
301 /*
302 * very crazy, but regedit.exe on Win2k will attempt to call
303 * REG_OPEN_ENTRY with a keyname of "". We should return a new
304 * (second) handle here on the key->name. regedt32.exe does
305 * not do this stupidity. --jerry
306 */
307
308 return open_registry_key( p, &r_u->handle, &newkey, parent, name, q_u->access );
309 }
310
311 /*******************************************************************
312 reg_reply_info
313 ********************************************************************/
314
315 WERROR _reg_query_value(pipes_struct *p, REG_Q_QUERY_VALUE *q_u, REG_R_QUERY_VALUE *r_u)
316 {
317 WERROR status = WERR_BADFILE;
318 fstring name;
319 REGISTRY_KEY *regkey = find_regkey_index_by_hnd( p, &q_u->pol );
320 REGISTRY_VALUE *val = NULL;
321 REGVAL_CTR *regvals;
322 int i;
323
324 if ( !regkey )
325 return WERR_BADFID;
326
327 DEBUG(7,("_reg_info: policy key name = [%s]\n", regkey->name));
328 DEBUG(7,("_reg_info: policy key type = [%08x]\n", regkey->type));
329
330 rpcstr_pull(name, q_u->name.string->buffer, sizeof(name), q_u->name.string->uni_str_len*2, 0);
331
332 DEBUG(5,("_reg_info: looking up value: [%s]\n", name));
333
334 if ( !(regvals = TALLOC_ZERO_P( p->mem_ctx, REGVAL_CTR )) )
335 return WERR_NOMEM;
336
337 /* Handle QueryValue calls on HKEY_PERFORMANCE_DATA */
338 if(regkey->type == REG_KEY_HKPD)
339 {
340 if(strequal(name, "Global"))
341 {
342 uint32 outbuf_len;
343 prs_struct prs_hkpd;
344 prs_init(&prs_hkpd, q_u->bufsize, p->mem_ctx, MARSHALL);
345 status = reg_perfcount_get_hkpd(&prs_hkpd, q_u->bufsize, &outbuf_len, NULL);
346 regval_ctr_addvalue(regvals, "HKPD", REG_BINARY,
347 prs_hkpd.data_p, outbuf_len);
348 val = dup_registry_value(regval_ctr_specific_value(regvals, 0));
349 prs_mem_free(&prs_hkpd);
350 }
351 else if(strequal(name, "Counter 009"))
352 {
353 uint32 base_index;
354 uint32 buffer_size;
355 char *buffer;
356
357 buffer = NULL;
358 base_index = reg_perfcount_get_base_index();
359 buffer_size = reg_perfcount_get_counter_names(base_index, &buffer);
360 regval_ctr_addvalue(regvals, "Counter 009",
361 REG_MULTI_SZ, buffer, buffer_size);
362
363 val = dup_registry_value(regval_ctr_specific_value(regvals, 0));
364
365 if(buffer_size > 0)
366 {
367 SAFE_FREE(buffer);
368 status = WERR_OK;
369 }
370 }
371 else if(strequal(name, "Explain 009"))
372 {
373 uint32 base_index;
374 uint32 buffer_size;
375 char *buffer;
376
377 buffer = NULL;
378 base_index = reg_perfcount_get_base_index();
379 buffer_size = reg_perfcount_get_counter_help(base_index, &buffer);
380 regval_ctr_addvalue(regvals, "Explain 009",
381 REG_MULTI_SZ, buffer, buffer_size);
382
383 val = dup_registry_value(regval_ctr_specific_value(regvals, 0));
384
385 if(buffer_size > 0)
386 {
387 SAFE_FREE(buffer);
388 status = WERR_OK;
389 }
390 }
391 else if(isdigit(name[0]))
392 {
393 /* we probably have a request for a specific object here */
394 uint32 outbuf_len;
395 prs_struct prs_hkpd;
396 prs_init(&prs_hkpd, q_u->bufsize, p->mem_ctx, MARSHALL);
397 status = reg_perfcount_get_hkpd(&prs_hkpd, q_u->bufsize, &outbuf_len, name);
398 regval_ctr_addvalue(regvals, "HKPD", REG_BINARY,
399 prs_hkpd.data_p, outbuf_len);
400
401 val = dup_registry_value(regval_ctr_specific_value(regvals, 0));
402 prs_mem_free(&prs_hkpd);
403 }
404 else
405 {
406 DEBUG(3,("Unsupported key name [%s] for HKPD.\n", name));
407 return WERR_BADFILE;
408 }
409 }
410 /* HKPT calls can be handled out of reg_dynamic.c with the hkpt_params handler */
411 else
412 {
413 for ( i=0; fetch_reg_values_specific(regkey, &val, i); i++ )
414 {
415 DEBUG(10,("_reg_info: Testing value [%s]\n", val->valuename));
416 if ( strequal( val->valuename, name ) ) {
417 DEBUG(10,("_reg_info: Found match for value [%s]\n", name));
418 status = WERR_OK;
419 break;
420 }
421
422 free_registry_value( val );
423 }
424 }
425
426 init_reg_r_query_value(q_u->ptr_buf, r_u, val, status);
427
428 TALLOC_FREE( regvals );
429 free_registry_value( val );
430
431 return status;
432 }
433
434 /*****************************************************************************
435 Implementation of REG_QUERY_KEY
436 ****************************************************************************/
437
438 WERROR _reg_query_key(pipes_struct *p, REG_Q_QUERY_KEY *q_u, REG_R_QUERY_KEY *r_u)
439 {
440 WERROR status = WERR_OK;
441 REGISTRY_KEY *regkey = find_regkey_index_by_hnd( p, &q_u->pol );
442
443 if ( !regkey )
444 return WERR_BADFID;
445
446 if ( !get_subkey_information( regkey, &r_u->num_subkeys, &r_u->max_subkeylen ) ) {
447 DEBUG(0,("_reg_query_key: get_subkey_information() failed!\n"));
448 return WERR_ACCESS_DENIED;
449 }
450
451 if ( !get_value_information( regkey, &r_u->num_values, &r_u->max_valnamelen, &r_u->max_valbufsize ) ) {
452 DEBUG(0,("_reg_query_key: get_value_information() failed!\n"));
453 return WERR_ACCESS_DENIED;
454 }
455
456
457 r_u->sec_desc = 0x00000078; /* size for key's sec_desc */
458
459 /* Win9x set this to 0x0 since it does not keep timestamps.
460 Doing the same here for simplicity --jerry */
461
462 ZERO_STRUCT(r_u->mod_time);
463
464 return status;
465 }
466
467
468 /*****************************************************************************
469 Implementation of REG_GETVERSION
470 ****************************************************************************/
471
472 WERROR _reg_getversion(pipes_struct *p, REG_Q_GETVERSION *q_u, REG_R_GETVERSION *r_u)
473 {
474 WERROR status = WERR_OK;
475 REGISTRY_KEY *regkey = find_regkey_index_by_hnd( p, &q_u->pol );
476
477 if ( !regkey )
478 return WERR_BADFID;
479
480 r_u->win_version = 0x00000005; /* Windows 2000 registry API version */
481
482 return status;
483 }
484
485
486 /*****************************************************************************
487 Implementation of REG_ENUM_KEY
488 ****************************************************************************/
489
490 WERROR _reg_enum_key(pipes_struct *p, REG_Q_ENUM_KEY *q_u, REG_R_ENUM_KEY *r_u)
491 {
492 WERROR status = WERR_OK;
493 REGISTRY_KEY *regkey = find_regkey_index_by_hnd( p, &q_u->pol );
494 char *subkey = NULL;
495
496
497 if ( !regkey )
498 return WERR_BADFID;
499
500 DEBUG(8,("_reg_enum_key: enumerating key [%s]\n", regkey->name));
501
502 if ( !fetch_reg_keys_specific( regkey, &subkey, q_u->key_index ) )
503 {
504 status = WERR_NO_MORE_ITEMS;
505 goto done;
506 }
507
508 DEBUG(10,("_reg_enum_key: retrieved subkey named [%s]\n", subkey));
509
510 /* subkey has the string name now */
511
512 init_reg_r_enum_key( r_u, subkey );
513
514 done:
515 SAFE_FREE( subkey );
516 return status;
517 }
518
519 /*****************************************************************************
520 Implementation of REG_ENUM_VALUE
521 ****************************************************************************/
522
523 WERROR _reg_enum_value(pipes_struct *p, REG_Q_ENUM_VALUE *q_u, REG_R_ENUM_VALUE *r_u)
524 {
525 WERROR status = WERR_OK;
526 REGISTRY_KEY *regkey = find_regkey_index_by_hnd( p, &q_u->pol );
527 REGISTRY_VALUE *val;
528
529
530 if ( !regkey )
531 return WERR_BADFID;
532
533 DEBUG(8,("_reg_enum_value: enumerating values for key [%s]\n", regkey->name));
534
535 if ( !fetch_reg_values_specific( regkey, &val, q_u->val_index ) ) {
536 status = WERR_NO_MORE_ITEMS;
537 goto done;
538 }
539
540 if ( val->type == REG_MULTI_SZ ) {
541
542 }
543
544 DEBUG(10,("_reg_enum_value: retrieved value named [%s]\n", val->valuename));
545
546 /* subkey has the string name now */
547
548 init_reg_r_enum_val( r_u, val );
549
550 done:
551 free_registry_value( val );
552
553 return status;
554 }
555
556
557 /*******************************************************************
558 reg_shutdwon
559 ********************************************************************/
560
561 WERROR _reg_shutdown(pipes_struct *p, REG_Q_SHUTDOWN *q_u, REG_R_SHUTDOWN *r_u)
562 {
563 REG_Q_SHUTDOWN_EX q_u_ex;
564 REG_R_SHUTDOWN_EX r_u_ex;
565
566 /* copy fields (including stealing memory) */
567
568 q_u_ex.server = q_u->server;
569 q_u_ex.message = q_u->message;
570 q_u_ex.timeout = q_u->timeout;
571 q_u_ex.force = q_u->force;
572 q_u_ex.reboot = q_u->reboot;
573 q_u_ex.reason = 0x0; /* don't care for now */
574
575 /* thunk down to _reg_shutdown_ex() (just returns a status) */
576
577 return _reg_shutdown_ex( p, &q_u_ex, &r_u_ex );
578 }
579
580 /*******************************************************************
581 reg_shutdown_ex
582 ********************************************************************/
583
584 #define SHUTDOWN_R_STRING "-r"
585 #define SHUTDOWN_F_STRING "-f"
586
587
588 WERROR _reg_shutdown_ex(pipes_struct *p, REG_Q_SHUTDOWN_EX *q_u, REG_R_SHUTDOWN_EX *r_u)
589 {
590 pstring shutdown_script;
591 pstring message;
592 pstring chkmsg;
593 fstring timeout;
594 fstring reason;
595 fstring r;
596 fstring f;
597 int ret;
598 BOOL can_shutdown;
599
600
601 pstrcpy(shutdown_script, lp_shutdown_script());
602
603 if ( !*shutdown_script )
604 return WERR_ACCESS_DENIED;
605
606 /* pull the message string and perform necessary sanity checks on it */
607
608 pstrcpy( message, "" );
609 if ( q_u->message ) {
610 UNISTR2 *msg_string = q_u->message->string;
611
612 rpcstr_pull( message, msg_string->buffer, sizeof(message), msg_string->uni_str_len*2, 0 );
613 }
614 alpha_strcpy (chkmsg, message, NULL, sizeof(message));
615
616 fstr_sprintf(timeout, "%d", q_u->timeout);
617 fstr_sprintf(r, (q_u->reboot) ? SHUTDOWN_R_STRING : "");
618 fstr_sprintf(f, (q_u->force) ? SHUTDOWN_F_STRING : "");
619 fstr_sprintf( reason, "%d", q_u->reason );
620
621 all_string_sub( shutdown_script, "%z", chkmsg, sizeof(shutdown_script) );
622 all_string_sub( shutdown_script, "%t", timeout, sizeof(shutdown_script) );
623 all_string_sub( shutdown_script, "%r", r, sizeof(shutdown_script) );
624 all_string_sub( shutdown_script, "%f", f, sizeof(shutdown_script) );
625 all_string_sub( shutdown_script, "%x", reason, sizeof(shutdown_script) );
626
627 can_shutdown = user_has_privileges( p->pipe_user.nt_user_token, &se_remote_shutdown );
628
629 /* IF someone has privs, run the shutdown script as root. OTHERWISE run it as not root
630 Take the error return from the script and provide it as the Windows return code. */
631
632 /********** BEGIN SeRemoteShutdownPrivilege BLOCK **********/
633
634 if ( can_shutdown )
635 become_root();
636
637 ret = smbrun( shutdown_script, NULL );
638
639 if ( can_shutdown )
640 unbecome_root();
641
642 /********** END SeRemoteShutdownPrivilege BLOCK **********/
643
644 DEBUG(3,("_reg_shutdown_ex: Running the command `%s' gave %d\n",
645 shutdown_script, ret));
646
647
648 return (ret == 0) ? WERR_OK : WERR_ACCESS_DENIED;
649 }
650
651
652
653
654 /*******************************************************************
655 reg_abort_shutdwon
656 ********************************************************************/
657
658 WERROR _reg_abort_shutdown(pipes_struct *p, REG_Q_ABORT_SHUTDOWN *q_u, REG_R_ABORT_SHUTDOWN *r_u)
659 {
660 pstring abort_shutdown_script;
661 int ret;
662 BOOL can_shutdown;
663
664 pstrcpy(abort_shutdown_script, lp_abort_shutdown_script());
665
666 if ( !*abort_shutdown_script )
667 return WERR_ACCESS_DENIED;
668
669 can_shutdown = user_has_privileges( p->pipe_user.nt_user_token, &se_remote_shutdown );
670
671 /********** BEGIN SeRemoteShutdownPrivilege BLOCK **********/
672
673 if ( can_shutdown )
674 become_root();
675
676 ret = smbrun( abort_shutdown_script, NULL );
677
678 if ( can_shutdown )
679 unbecome_root();
680
681 /********** END SeRemoteShutdownPrivilege BLOCK **********/
682
683 DEBUG(3,("_reg_abort_shutdown: Running the command `%s' gave %d\n",
684 abort_shutdown_script, ret));
685
686
687 return (ret == 0) ? WERR_OK : WERR_ACCESS_DENIED;
688 }
689
690 /*******************************************************************
691 ********************************************************************/
692
693 static int validate_reg_filename( pstring fname )
694 {
695 char *p;
696 int num_services = lp_numservices();
697 int snum;
698 pstring share_path;
699 pstring unix_fname;
700
701 /* convert to a unix path, stripping the C:\ along the way */
702
703 if ( !(p = valid_share_pathname( fname ) ))
704 return -1;
705
706 /* has to exist within a valid file share */
707
708 for ( snum=0; snum<num_services; snum++ ) {
709
710 if ( !lp_snum_ok(snum) || lp_print_ok(snum) )
711 continue;
712
713 pstrcpy( share_path, lp_pathname(snum) );
714
715 /* make sure we have a path (e.g. [homes] ) */
716
717 if ( strlen( share_path ) == 0 )
718 continue;
719
720 if ( strncmp( share_path, p, strlen( share_path )) == 0 )
721 break;
722 }
723
724 /* p and fname are overlapping memory so copy out and back in again */
725
726 pstrcpy( unix_fname, p );
727 pstrcpy( fname, unix_fname );
728
729 return (snum < num_services) ? snum : -1;
730 }
731
732 /*******************************************************************
733 Note: topkeypat is the *full* path that this *key will be
734 loaded into (including the name of the key)
735 ********************************************************************/
736
737 static WERROR reg_load_tree( REGF_FILE *regfile, const char *topkeypath,
738 REGF_NK_REC *key )
739 {
740 REGF_NK_REC *subkey;
741 REGISTRY_KEY registry_key;
742 REGVAL_CTR *values;
743 REGSUBKEY_CTR *subkeys;
744 int i;
745 pstring path;
746 WERROR result = WERR_OK;
747
748 /* initialize the REGISTRY_KEY structure */
749
750 if ( !(registry_key.hook = reghook_cache_find(topkeypath)) ) {
751 DEBUG(0,("reg_load_tree: Failed to assigned a REGISTRY_HOOK to [%s]\n",
752 topkeypath ));
753 return WERR_BADFILE;
754 }
755 pstrcpy( registry_key.name, topkeypath );
756
757 /* now start parsing the values and subkeys */
758
759 if ( !(subkeys = TALLOC_ZERO_P( regfile->mem_ctx, REGSUBKEY_CTR )) )
760 return WERR_NOMEM;
761
762 if ( !(values = TALLOC_ZERO_P( subkeys, REGVAL_CTR )) )
763 return WERR_NOMEM;
764
765 /* copy values into the REGVAL_CTR */
766
767 for ( i=0; i<key->num_values; i++ ) {
768 regval_ctr_addvalue( values, key->values[i].valuename, key->values[i].type,
769 (char*)key->values[i].data, (key->values[i].data_size & ~VK_DATA_IN_OFFSET) );
770 }
771
772 /* copy subkeys into the REGSUBKEY_CTR */
773
774 key->subkey_index = 0;
775 while ( (subkey = regfio_fetch_subkey( regfile, key )) ) {
776 regsubkey_ctr_addkey( subkeys, subkey->keyname );
777 }
778
779 /* write this key and values out */
780
781 if ( !store_reg_values( &registry_key, values )
782 || !store_reg_keys( &registry_key, subkeys ) )
783 {
784 DEBUG(0,("reg_load_tree: Failed to load %s!\n", topkeypath));
785 result = WERR_REG_IO_FAILURE;
786 }
787
788 TALLOC_FREE( subkeys );
789
790 if ( !W_ERROR_IS_OK(result) )
791 return result;
792
793 /* now continue to load each subkey registry tree */
794
795 key->subkey_index = 0;
796 while ( (subkey = regfio_fetch_subkey( regfile, key )) ) {
797 pstr_sprintf( path, "%s%s%s", topkeypath, "\\", subkey->keyname );
798 result = reg_load_tree( regfile, path, subkey );
799 if ( !W_ERROR_IS_OK(result) )
800 break;
801 }
802
803 return result;
804 }
805
806 /*******************************************************************
807 ********************************************************************/
808
809 static WERROR restore_registry_key ( REGISTRY_KEY *krecord, const char *fname )
810 {
811 REGF_FILE *regfile;
812 REGF_NK_REC *rootkey;
813 WERROR result;
814
815 /* open the registry file....fail if the file already exists */
816
817 if ( !(regfile = regfio_open( fname, (O_RDONLY), 0 )) ) {
818 DEBUG(0,("backup_registry_key: failed to open \"%s\" (%s)\n",
819 fname, strerror(errno) ));
820 return ( ntstatus_to_werror(map_nt_error_from_unix( errno )) );
821 }
822
823 /* get the rootkey from the regf file and then load the tree
824 via recursive calls */
825
826 if ( !(rootkey = regfio_rootkey( regfile )) )
827 return WERR_REG_FILE_INVALID;
828
829 result = reg_load_tree( regfile, krecord->name, rootkey );
830
831 /* cleanup */
832
833 regfio_close( regfile );
834
835 return result;
836 }
837
838 /*******************************************************************
839 ********************************************************************/
840
841 WERROR _reg_restore_key(pipes_struct *p, REG_Q_RESTORE_KEY *q_u, REG_R_RESTORE_KEY *r_u)
842 {
843 REGISTRY_KEY *regkey = find_regkey_index_by_hnd( p, &q_u->pol );
844 pstring filename;
845 int snum;
846
847 if ( !regkey )
848 return WERR_BADFID;
849
850 rpcstr_pull(filename, q_u->filename.string->buffer, sizeof(filename), q_u->filename.string->uni_str_len*2, STR_TERMINATE);
851
852 DEBUG(8,("_reg_restore_key: verifying restore of key [%s] from \"%s\"\n", regkey->name, filename));
853
854 if ( (snum = validate_reg_filename( filename )) == -1 )
855 return WERR_OBJECT_PATH_INVALID;
856
857 /* user must posses SeRestorePrivilege for this this proceed */
858
859 if ( !user_has_privileges( p->pipe_user.nt_user_token, &se_restore ) )
860 return WERR_ACCESS_DENIED;
861
862 DEBUG(2,("_reg_restore_key: Restoring [%s] from %s in share %s\n", regkey->name, filename, lp_servicename(snum) ));
863
864 return restore_registry_key( regkey, filename );
865 }
866
867 /********************************************************************
868 ********************************************************************/
869
870 static WERROR reg_write_tree( REGF_FILE *regfile, const char *keypath,
871 REGF_NK_REC *parent, SEC_DESC *sec_desc )
872 {
873 REGF_NK_REC *key;
874 REGVAL_CTR *values;
875 REGSUBKEY_CTR *subkeys;
876 int i, num_subkeys;
877 pstring key_tmp;
878 char *keyname, *parentpath;
879 pstring subkeypath;
880 char *subkeyname;
881 REGISTRY_KEY registry_key;
882 WERROR result = WERR_OK;
883
884 if ( !regfile )
885 return WERR_GENERAL_FAILURE;
886
887 if ( !keypath )
888 return WERR_OBJECT_PATH_INVALID;
889
890 /* split up the registry key path */
891
892 pstrcpy( key_tmp, keypath );
893 if ( !reg_split_key( key_tmp, &parentpath, &keyname ) )
894 return WERR_OBJECT_PATH_INVALID;
895
896 if ( !keyname )
897 keyname = parentpath;
898
899 /* we need a REGISTRY_KEY object here to enumerate subkeys and values */
900
901 ZERO_STRUCT( registry_key );
902 pstrcpy( registry_key.name, keypath );
903 if ( !(registry_key.hook = reghook_cache_find( registry_key.name )) )
904 return WERR_BADFILE;
905
906
907 /* lookup the values and subkeys */
908
909 if ( !(subkeys = TALLOC_ZERO_P( regfile->mem_ctx, REGSUBKEY_CTR )) )
910 return WERR_NOMEM;
911
912 if ( !(values = TALLOC_ZERO_P( subkeys, REGVAL_CTR )) )
913 return WERR_NOMEM;
914
915 fetch_reg_keys( &registry_key, subkeys );
916 fetch_reg_values( &registry_key, values );
917
918 /* write out this key */
919
920 if ( !(key = regfio_write_key( regfile, keyname, values, subkeys, sec_desc, parent )) ) {
921 result = WERR_CAN_NOT_COMPLETE;
922 goto done;
923 }
924
925 /* write each one of the subkeys out */
926
927 num_subkeys = regsubkey_ctr_numkeys( subkeys );
928 for ( i=0; i<num_subkeys; i++ ) {
929 subkeyname = regsubkey_ctr_specific_key( subkeys, i );
930 pstr_sprintf( subkeypath, "%s\\%s", keypath, subkeyname );
931 result = reg_write_tree( regfile, subkeypath, key, sec_desc );
932 if ( !W_ERROR_IS_OK(result) )
933 goto done;
934 }
935
936 DEBUG(6,("reg_write_tree: wrote key [%s]\n", keypath ));
937
938 done:
939 TALLOC_FREE( subkeys );
940
941 return result;
942 }
943
944 /*******************************************************************
945 ********************************************************************/
946
947 static WERROR make_default_reg_sd( TALLOC_CTX *ctx, SEC_DESC **psd )
948 {
949 DOM_SID adm_sid, owner_sid;
950 SEC_ACE ace[2]; /* at most 2 entries */
951 SEC_ACCESS mask;
952 SEC_ACL *psa = NULL;
953 size_t sd_size;
954
955 /* set the owner to BUILTIN\Administrator */
956
957 sid_copy(&owner_sid, &global_sid_Builtin);
958 sid_append_rid(&owner_sid, DOMAIN_USER_RID_ADMIN );
959
960
961 /* basic access for Everyone */
962
963 init_sec_access(&mask, reg_generic_map.generic_execute | reg_generic_map.generic_read );
964 init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
965
966 /* add Full Access 'BUILTIN\Administrators' */
967
968 init_sec_access(&mask, reg_generic_map.generic_all);
969 sid_copy(&adm_sid, &global_sid_Builtin);
970 sid_append_rid(&adm_sid, BUILTIN_ALIAS_RID_ADMINS);
971 init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
972
973 /* create the security descriptor */
974
975 if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 2, ace)) == NULL)
976 return WERR_NOMEM;
977
978 if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, &owner_sid, NULL, NULL, psa, &sd_size)) == NULL)
979 return WERR_NOMEM;
980
981 return WERR_OK;
982 }
983
984 /*******************************************************************
985 ********************************************************************/
986
987 static WERROR backup_registry_key ( REGISTRY_KEY *krecord, const char *fname )
988 {
989 REGF_FILE *regfile;
990 WERROR result;
991 SEC_DESC *sd = NULL;
992
993 /* open the registry file....fail if the file already exists */
994
995 if ( !(regfile = regfio_open( fname, (O_RDWR|O_CREAT|O_EXCL), (S_IREAD|S_IWRITE) )) ) {
996 DEBUG(0,("backup_registry_key: failed to open \"%s\" (%s)\n",
997 fname, strerror(errno) ));
998 return ( ntstatus_to_werror(map_nt_error_from_unix( errno )) );
999 }
1000
1001 if ( !W_ERROR_IS_OK(result = make_default_reg_sd( regfile->mem_ctx, &sd )) ) {
1002 regfio_close( regfile );
1003 return result;
1004 }
1005
1006 /* write the registry tree to the file */
1007
1008 result = reg_write_tree( regfile, krecord->name, NULL, sd );
1009
1010 /* cleanup */
1011
1012 regfio_close( regfile );
1013
1014 return result;
1015 }
1016
1017 /*******************************************************************
1018 ********************************************************************/
1019
1020 WERROR _reg_save_key(pipes_struct *p, REG_Q_SAVE_KEY *q_u, REG_R_SAVE_KEY *r_u)
1021 {
1022 REGISTRY_KEY *regkey = find_regkey_index_by_hnd( p, &q_u->pol );
1023 pstring filename;
1024 int snum;
1025
1026 if ( !regkey )
1027 return WERR_BADFID;
1028
1029 rpcstr_pull(filename, q_u->filename.string->buffer, sizeof(filename), q_u->filename.string->uni_str_len*2, STR_TERMINATE);
1030
1031 DEBUG(8,("_reg_save_key: verifying backup of key [%s] to \"%s\"\n", regkey->name, filename));
1032
1033 if ( (snum = validate_reg_filename( filename )) == -1 )
1034 return WERR_OBJECT_PATH_INVALID;
1035
1036 DEBUG(2,("_reg_save_key: Saving [%s] to %s in share %s\n", regkey->name, filename, lp_servicename(snum) ));
1037
1038 return backup_registry_key( regkey, filename );
1039 }
1040
1041 /*******************************************************************
1042 ********************************************************************/
1043
1044 WERROR _reg_create_key_ex(pipes_struct *p, REG_Q_CREATE_KEY_EX *q_u, REG_R_CREATE_KEY_EX *r_u)
1045 {
1046 REGISTRY_KEY *parent = find_regkey_index_by_hnd(p, &q_u->handle);
1047 REGISTRY_KEY *newparentinfo, *keyinfo;
1048 POLICY_HND newparent_handle;
1049 REGSUBKEY_CTR *subkeys;
1050 BOOL write_result;
1051 pstring name;
1052 WERROR result;
1053
1054 if ( !parent )
1055 return WERR_BADFID;
1056
1057 rpcstr_pull( name, q_u->name.string->buffer, sizeof(name), q_u->name.string->uni_str_len*2, 0 );
1058
1059 /* ok. Here's what we do. */
1060
1061 if ( strrchr( name, '\\' ) ) {
1062 pstring newkeyname;
1063 char *ptr;
1064
1065 /* (1) check for enumerate rights on the parent handle. CLients can try
1066 create things like 'SOFTWARE\Samba' on the HKLM handle.
1067 (2) open the path to the child parent key if necessary */
1068
1069 if ( !(parent->access_granted & SEC_RIGHTS_ENUM_SUBKEYS) )
1070 return WERR_ACCESS_DENIED;
1071
1072 pstrcpy( newkeyname, name );
1073 ptr = strrchr( newkeyname, '\\' );
1074 *ptr = '\0';
1075
1076 result = open_registry_key( p, &newparent_handle, &newparentinfo,
1077 parent, newkeyname, (REG_KEY_READ|REG_KEY_WRITE) );
1078
1079 if ( !W_ERROR_IS_OK(result) )
1080 return result;
1081
1082 /* copy the new key name (just the lower most keyname) */
1083
1084 pstrcpy( name, ptr+1 );
1085 }
1086 else {
1087 /* use the existing open key information */
1088 newparentinfo = parent;
1089 memcpy( &newparent_handle, &q_u->handle, sizeof(POLICY_HND) );
1090 }
1091
1092 /* (3) check for create subkey rights on the correct parent */
1093
1094 if ( !(newparentinfo->access_granted & SEC_RIGHTS_CREATE_SUBKEY) ) {
1095 result = WERR_ACCESS_DENIED;
1096 goto done;
1097 }
1098
1099 if ( !(subkeys = TALLOC_ZERO_P( p->mem_ctx, REGSUBKEY_CTR )) ) {
1100 result = WERR_NOMEM;
1101 goto done;
1102 }
1103
1104 /* (4) lookup the current keys and add the new one */
1105
1106 fetch_reg_keys( newparentinfo, subkeys );
1107 regsubkey_ctr_addkey( subkeys, name );
1108
1109 /* now write to the registry backend */
1110
1111 write_result = store_reg_keys( newparentinfo, subkeys );
1112
1113 TALLOC_FREE( subkeys );
1114
1115 if ( !write_result )
1116 return WERR_REG_IO_FAILURE;
1117
1118 /* (5) open the new key and return the handle. Note that it is probably
1119 not correct to grant full access on this open handle. */
1120
1121 result = open_registry_key( p, &r_u->handle, &keyinfo, newparentinfo, name, REG_KEY_READ );
1122 keyinfo->access_granted = REG_KEY_ALL;
1123
1124 done:
1125 /* close any intermediate key handles */
1126
1127 if ( newparentinfo != parent )
1128 close_registry_key( p, &newparent_handle );
1129
1130 return result;
1131 }
1132
1133
1134 /*******************************************************************
1135 ********************************************************************/
1136
1137 WERROR _reg_set_value(pipes_struct *p, REG_Q_SET_VALUE *q_u, REG_R_SET_VALUE *r_u)
1138 {
1139 REGISTRY_KEY *key = find_regkey_index_by_hnd(p, &q_u->handle);
1140 REGVAL_CTR *values;
1141 BOOL write_result;
1142 fstring valuename;
1143
1144 if ( !key )
1145 return WERR_BADFID;
1146
1147 /* access checks first */
1148
1149 if ( !(key->access_granted & SEC_RIGHTS_SET_VALUE) )
1150 return WERR_ACCESS_DENIED;
1151
1152 rpcstr_pull( valuename, q_u->name.string->buffer, sizeof(valuename), q_u->name.string->uni_str_len*2, 0 );
1153
1154 /* verify the name */
1155
1156 if ( !*valuename )
1157 return WERR_INVALID_PARAM;
1158
1159 DEBUG(8,("_reg_set_value: Setting value for [%s:%s]\n", key->name, valuename));
1160
1161 if ( !(values = TALLOC_ZERO_P( p->mem_ctx, REGVAL_CTR )) )
1162 return WERR_NOMEM;
1163
1164 /* lookup the current values and add the new one */
1165
1166 fetch_reg_values( key, values );
1167
1168 regval_ctr_addvalue( values, valuename, q_u->type, (char*)q_u->value.buffer, q_u->value.buf_len );
1169
1170 /* now write to the registry backend */
1171
1172 write_result = store_reg_values( key, values );
1173
1174 TALLOC_FREE( values );
1175
1176 if ( !write_result )
1177 return WERR_REG_IO_FAILURE;
1178
1179 return WERR_OK;
1180 }
1181
1182 /*******************************************************************
1183 ********************************************************************/
1184
1185 WERROR _reg_delete_key(pipes_struct *p, REG_Q_DELETE_KEY *q_u, REG_R_DELETE_KEY *r_u)
1186 {
1187 REGISTRY_KEY *parent = find_regkey_index_by_hnd(p, &q_u->handle);
1188 REGISTRY_KEY *newparentinfo;
1189 POLICY_HND newparent_handle;
1190 REGSUBKEY_CTR *subkeys;
1191 BOOL write_result;
1192 pstring name;
1193 WERROR result;
1194
1195 if ( !parent )
1196 return WERR_BADFID;
1197
1198 /* MSDN says parent the handle must have been opened with DELETE access */
1199
1200 /* (1) check for delete rights on the parent */
1201
1202 if ( !(parent->access_granted & STD_RIGHT_DELETE_ACCESS) ) {
1203 result = WERR_ACCESS_DENIED;
1204 goto done;
1205 }
1206
1207 rpcstr_pull( name, q_u->name.string->buffer, sizeof(name), q_u->name.string->uni_str_len*2, 0 );
1208
1209 /* ok. Here's what we do. */
1210
1211 if ( strrchr( name, '\\' ) ) {
1212 pstring newkeyname;
1213 char *ptr;
1214
1215 /* (2) open the path to the child parent key if necessary */
1216 /* split the registry path and save the subkeyname */
1217
1218 pstrcpy( newkeyname, name );
1219 ptr = strrchr( newkeyname, '\\' );
1220 *ptr = '\0';
1221 pstrcpy( name, ptr+1 );
1222
1223 result = open_registry_key( p, &newparent_handle, &newparentinfo, parent, newkeyname, (REG_KEY_READ|REG_KEY_WRITE) );
1224 if ( !W_ERROR_IS_OK(result) )
1225 return result;
1226 }
1227 else {
1228 /* use the existing open key information */
1229 newparentinfo = parent;
1230 }
1231
1232 if ( !(subkeys = TALLOC_ZERO_P( p->mem_ctx, REGSUBKEY_CTR )) ) {
1233 result = WERR_NOMEM;
1234 goto done;
1235 }
1236
1237 /* lookup the current keys and delete the new one */
1238
1239 fetch_reg_keys( newparentinfo, subkeys );
1240
1241 regsubkey_ctr_delkey( subkeys, name );
1242
1243 /* now write to the registry backend */
1244
1245 write_result = store_reg_keys( newparentinfo, subkeys );
1246
1247 TALLOC_FREE( subkeys );
1248
1249 result = write_result ? WERR_OK : WERR_REG_IO_FAILURE;
1250
1251 done:
1252 /* close any intermediate key handles */
1253
1254 if ( newparentinfo != parent )
1255 close_registry_key( p, &newparent_handle );
1256
1257 return result;
1258 }
1259
1260
1261 /*******************************************************************
1262 ********************************************************************/
1263
1264 WERROR _reg_delete_value(pipes_struct *p, REG_Q_DELETE_VALUE *q_u, REG_R_DELETE_VALUE *r_u)
1265 {
1266 REGISTRY_KEY *key = find_regkey_index_by_hnd(p, &q_u->handle);
1267 REGVAL_CTR *values;
1268 BOOL write_result;
1269 fstring valuename;
1270
1271 if ( !key )
1272 return WERR_BADFID;
1273
1274 /* access checks first */
1275
1276 if ( !(key->access_granted & SEC_RIGHTS_SET_VALUE) )
1277 return WERR_ACCESS_DENIED;
1278
1279 rpcstr_pull( valuename, q_u->name.string->buffer, sizeof(valuename), q_u->name.string->uni_str_len*2, 0 );
1280
1281 if ( !*valuename )
1282 return WERR_INVALID_PARAM;
1283
1284 DEBUG(8,("_reg_delete_value: Setting value for [%s:%s]\n", key->name, valuename));
1285
1286 if ( !(values = TALLOC_ZERO_P( p->mem_ctx, REGVAL_CTR )) )
1287 return WERR_NOMEM;
1288
1289 /* lookup the current values and add the new one */
1290
1291 fetch_reg_values( key, values );
1292
1293 regval_ctr_delvalue( values, valuename );
1294
1295 /* now write to the registry backend */
1296
1297 write_result = store_reg_values( key, values );
1298
1299 TALLOC_FREE( values );
1300
1301 if ( !write_result )
1302 return WERR_REG_IO_FAILURE;
1303
1304 return WERR_OK;
1305 }
1306
1307 /*******************************************************************
1308 ********************************************************************/
1309
1310 WERROR _reg_get_key_sec(pipes_struct *p, REG_Q_GET_KEY_SEC *q_u, REG_R_GET_KEY_SEC *r_u)
1311 {
1312 REGISTRY_KEY *key = find_regkey_index_by_hnd(p, &q_u->handle);
1313
1314 if ( !key )
1315 return WERR_BADFID;
1316
1317 /* access checks first */
1318
1319 if ( !(key->access_granted & STD_RIGHT_READ_CONTROL_ACCESS) )
1320 return WERR_ACCESS_DENIED;
1321
1322 return WERR_ACCESS_DENIED;
1323 }
1324
1325 /*******************************************************************
1326 ********************************************************************/
1327
1328 WERROR _reg_set_key_sec(pipes_struct *p, REG_Q_SET_KEY_SEC *q_u, REG_R_SET_KEY_SEC *r_u)
1329 {
1330 REGISTRY_KEY *key = find_regkey_index_by_hnd(p, &q_u->handle);
1331
1332 if ( !key )
1333 return WERR_BADFID;
1334
1335 /* access checks first */
1336
1337 if ( !(key->access_granted & STD_RIGHT_WRITE_DAC_ACCESS) )
1338 return WERR_ACCESS_DENIED;
1339
1340 return WERR_ACCESS_DENIED;
1341 }
Samba GIT mirror