search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
rap: use rap_LogonHours in rap_NetUserInfo11 as well.
[Samba/ekacnet.git] / source3 / registry / reg_dispatcher.c
blob0c61564d769471640fdc4cccc00a4faa76be39b4
1 /*
2 * Unix SMB/CIFS implementation.
3 * Virtual Windows Registry Layer
4 * Copyright (C) Gerald Carter 2002-2005
5 * Copyright (C) Michael Adam 2006-2008
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
19 */
20
21 /*
22 * Implementation of registry frontend view functions.
23 * Functions moved from reg_frontend.c to minimize linker deps.
24 */
25
26 #include "includes.h"
27 #include "registry.h"
28 #include "reg_dispatcher.h"
29
30 #undef DBGC_CLASS
31 #define DBGC_CLASS DBGC_REGISTRY
32
33 static const struct generic_mapping reg_generic_map =
34 { REG_KEY_READ, REG_KEY_WRITE, REG_KEY_EXECUTE, REG_KEY_ALL };
35
36 /********************************************************************
37 ********************************************************************/
38
39 static WERROR construct_registry_sd(TALLOC_CTX *ctx, struct security_descriptor **psd)
40 {
41 struct security_ace ace[3];
42 size_t i = 0;
43 struct security_descriptor *sd;
44 struct security_acl *theacl;
45 size_t sd_size;
46
47 /* basic access for Everyone */
48
49 init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED,
50 REG_KEY_READ, 0);
51
52 /* Full Access 'BUILTIN\Administrators' */
53
54 init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators,
55 SEC_ACE_TYPE_ACCESS_ALLOWED, REG_KEY_ALL, 0);
56
57 /* Full Access 'NT Authority\System' */
58
59 init_sec_ace(&ace[i++], &global_sid_System, SEC_ACE_TYPE_ACCESS_ALLOWED,
60 REG_KEY_ALL, 0);
61
62 /* create the security descriptor */
63
64 theacl = make_sec_acl(ctx, NT4_ACL_REVISION, i, ace);
65 if (theacl == NULL) {
66 return WERR_NOMEM;
67 }
68
69 sd = make_sec_desc(ctx, SD_REVISION, SEC_DESC_SELF_RELATIVE,
70 &global_sid_Builtin_Administrators,
71 &global_sid_System, NULL, theacl,
72 &sd_size);
73 if (sd == NULL) {
74 return WERR_NOMEM;
75 }
76
77 *psd = sd;
78 return WERR_OK;
79 }
80
81 /***********************************************************************
82 High level wrapper function for storing registry subkeys
83 ***********************************************************************/
84
85 bool store_reg_keys(struct registry_key_handle *key,
86 struct regsubkey_ctr *subkeys)
87 {
88 if (key->ops && key->ops->store_subkeys)
89 return key->ops->store_subkeys(key->name, subkeys);
90
91 return false;
92 }
93
94 /***********************************************************************
95 High level wrapper function for storing registry values
96 ***********************************************************************/
97
98 bool store_reg_values(struct registry_key_handle *key, struct regval_ctr *val)
99 {
100 if (key->ops && key->ops->store_values)
101 return key->ops->store_values(key->name, val);
102
103 return false;
104 }
105
106 WERROR create_reg_subkey(struct registry_key_handle *key, const char *subkey)
107 {
108 if (key->ops && key->ops->create_subkey) {
109 return key->ops->create_subkey(key->name, subkey);
110 }
111
112 return WERR_NOT_SUPPORTED;
113 }
114
115 WERROR delete_reg_subkey(struct registry_key_handle *key, const char *subkey)
116 {
117 if (key->ops && key->ops->delete_subkey) {
118 return key->ops->delete_subkey(key->name, subkey);
119 }
120
121 return WERR_NOT_SUPPORTED;
122 }
123
124 /***********************************************************************
125 High level wrapper function for enumerating registry subkeys
126 Initialize the TALLOC_CTX if necessary
127 ***********************************************************************/
128
129 int fetch_reg_keys(struct registry_key_handle *key,
130 struct regsubkey_ctr *subkey_ctr)
131 {
132 int result = -1;
133
134 if (key->ops && key->ops->fetch_subkeys)
135 result = key->ops->fetch_subkeys(key->name, subkey_ctr);
136
137 return result;
138 }
139
140 /***********************************************************************
141 High level wrapper function for enumerating registry values
142 ***********************************************************************/
143
144 int fetch_reg_values(struct registry_key_handle *key, struct regval_ctr *val)
145 {
146 int result = -1;
147
148 DEBUG(10, ("fetch_reg_values called for key '%s' (ops %p)\n", key->name,
149 (key->ops) ? (void *)key->ops : NULL));
150
151 if (key->ops && key->ops->fetch_values)
152 result = key->ops->fetch_values(key->name, val);
153
154 return result;
155 }
156
157 /***********************************************************************
158 High level access check for passing the required access mask to the
159 underlying registry backend
160 ***********************************************************************/
161
162 bool regkey_access_check(struct registry_key_handle *key, uint32 requested,
163 uint32 *granted,
164 const struct nt_user_token *token )
165 {
166 struct security_descriptor *sec_desc;
167 NTSTATUS status;
168 WERROR err;
169
170 /* root free-pass, like we have on all other pipes like samr, lsa, etc. */
171 if (geteuid() == sec_initial_uid()) {
172 *granted = REG_KEY_ALL;
173 return true;
174 }
175
176 /* use the default security check if the backend has not defined its
177 * own */
178
179 if (key->ops && key->ops->reg_access_check) {
180 return key->ops->reg_access_check(key->name, requested,
181 granted, token);
182 }
183
184 err = regkey_get_secdesc(talloc_tos(), key, &sec_desc);
185
186 if (!W_ERROR_IS_OK(err)) {
187 return false;
188 }
189
190 se_map_generic( &requested, &reg_generic_map );
191
192 status =se_access_check(sec_desc, token, requested, granted);
193 TALLOC_FREE(sec_desc);
194 if (!NT_STATUS_IS_OK(status)) {
195 return false;
196 }
197
198 return NT_STATUS_IS_OK(status);
199 }
200
201 WERROR regkey_get_secdesc(TALLOC_CTX *mem_ctx, struct registry_key_handle *key,
202 struct security_descriptor **psecdesc)
203 {
204 struct security_descriptor *secdesc;
205 WERROR werr;
206
207 if (key->ops && key->ops->get_secdesc) {
208 werr = key->ops->get_secdesc(mem_ctx, key->name, psecdesc);
209 if (W_ERROR_IS_OK(werr)) {
210 return WERR_OK;
211 }
212 }
213
214 werr = construct_registry_sd(mem_ctx, &secdesc);
215 if (!W_ERROR_IS_OK(werr)) {
216 return werr;
217 }
218
219 *psecdesc = secdesc;
220 return WERR_OK;
221 }
222
223 WERROR regkey_set_secdesc(struct registry_key_handle *key,
224 struct security_descriptor *psecdesc)
225 {
226 if (key->ops && key->ops->set_secdesc) {
227 return key->ops->set_secdesc(key->name, psecdesc);
228 }
229
230 return WERR_ACCESS_DENIED;
231 }
232
233 /**
234 * Check whether the in-memory version of the subkyes of a
235 * registry key needs update from disk.
236 */
237 bool reg_subkeys_need_update(struct registry_key_handle *key,
238 struct regsubkey_ctr *subkeys)
239 {
240 if (key->ops && key->ops->subkeys_need_update)
241 {
242 return key->ops->subkeys_need_update(subkeys);
243 }
244
245 return false;
246 }
247
248 /**
249 * Check whether the in-memory version of the values of a
250 * registry key needs update from disk.
251 */
252 bool reg_values_need_update(struct registry_key_handle *key,
253 struct regval_ctr *values)
254 {
255 if (key->ops && key->ops->values_need_update)
256 {
257 return key->ops->values_need_update(values);
258 }
259
260 return false;
261 }
262