source3/registry/reg_util_token.c

   1 /*
   2  * Unix SMB/CIFS implementation.
   3  * Registry helper routines
   4  * Copyright (C) Michael Adam 2007
   5  *
   6  * This program is free software; you can redistribute it and/or modify it
   7  * under the terms of the GNU General Public License as published by the Free
   8  * Software Foundation; either version 3 of the License, or (at your option)
   9  * any later version.
  10  *
  11  * This program is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
  14  * more details.
  15  *
  16  * You should have received a copy of the GNU General Public License along with
  17  * this program; if not, see <http://www.gnu.org/licenses/>.
  18  */
  19
  20 #include "includes.h"
  21 #include "reg_util_token.h"
  22 #include "../libcli/security/security.h"
  23
  24 /*
  25  * create a fake token just with enough rights to
  26  * locally access the registry:
  27  *
  28  * - builtin administrators sid
  29  * - disk operators privilege
  30  */
  31 NTSTATUS registry_create_admin_token(TALLOC_CTX *mem_ctx,
  32                                      struct security_token **ptoken)
  33 {
  34         NTSTATUS status;
  35         struct security_token *token = NULL;
  36
  37         if (ptoken == NULL) {
  38                 return NT_STATUS_INVALID_PARAMETER;
  39         }
  40
  41         token = talloc_zero(mem_ctx, struct security_token);
  42         if (token == NULL) {
  43                 DEBUG(1, ("talloc failed\n"));
  44                 status = NT_STATUS_NO_MEMORY;
  45                 goto done;
  46         }
  47         security_token_set_privilege(token, SEC_PRIV_DISK_OPERATOR);
  48
  49         status = add_sid_to_array(token, &global_sid_Builtin_Administrators,
  50                                   &token->sids, &token->num_sids);
  51         if (!NT_STATUS_IS_OK(status)) {
  52                 DEBUG(1, ("Error adding builtin administrators sid "
  53                           "to fake token.\n"));
  54                 goto done;
  55         }
  56
  57         *ptoken = token;
  58
  59 done:
  60         return status;
  61 }