source/registry/reg_frontend_hilvl.c

   1 /*
   2  *  Unix SMB/CIFS implementation.
   3  *  Virtual Windows Registry Layer
   4  *  Copyright (C) Gerald Carter                     2002-2005
   5  *  Copyright (C) Michael Adam 2006
   6  *
   7  *  This program is free software; you can redistribute it and/or modify
   8  *  it under the terms of the GNU General Public License as published by
   9  *  the Free Software Foundation; either version 3 of the License, or
  10  *  (at your option) any later version.
  11  *
  12  *  This program is distributed in the hope that it will be useful,
  13  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  14  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15  *  GNU General Public License for more details.
  16  *
  17  *  You should have received a copy of the GNU General Public License
  18  *  along with this program; if not, see <http://www.gnu.org/licenses/>.
  19  */
  20
  21 /*
  22  * Implementation of registry frontend view functions.
  23  * Functions moved from reg_frontend.c to minimize linker deps.
  24  */
  25
  26 #include "includes.h"
  27
  28 #undef DBGC_CLASS
  29 #define DBGC_CLASS DBGC_REGISTRY
  30
  31 static struct generic_mapping reg_generic_map =
  32         { REG_KEY_READ, REG_KEY_WRITE, REG_KEY_EXECUTE, REG_KEY_ALL };
  33
  34 /********************************************************************
  35 ********************************************************************/
  36
  37 static SEC_DESC* construct_registry_sd( TALLOC_CTX *ctx )
  38 {
  39         SEC_ACE ace[3];
  40         SEC_ACCESS mask;
  41         size_t i = 0;
  42         SEC_DESC *sd;
  43         SEC_ACL *acl;
  44         size_t sd_size;
  45
  46         /* basic access for Everyone */
  47
  48         init_sec_access(&mask, REG_KEY_READ );
  49         init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
  50
  51         /* Full Access 'BUILTIN\Administrators' */
  52
  53         init_sec_access(&mask, REG_KEY_ALL );
  54         init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
  55
  56         /* Full Access 'NT Authority\System' */
  57
  58         init_sec_access(&mask, REG_KEY_ALL );
  59         init_sec_ace(&ace[i++], &global_sid_System, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
  60
  61
  62         /* create the security descriptor */
  63
  64         if ( !(acl = make_sec_acl(ctx, NT4_ACL_REVISION, i, ace)) )
  65                 return NULL;
  66
  67         if ( !(sd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL, acl, &sd_size)) )
  68                 return NULL;
  69
  70         return sd;
  71 }
  72
  73 /***********************************************************************
  74  High level wrapper function for storing registry subkeys
  75  ***********************************************************************/
  76
  77 BOOL store_reg_keys( REGISTRY_KEY *key, REGSUBKEY_CTR *subkeys )
  78 {
  79         if ( key->hook && key->hook->ops && key->hook->ops->store_subkeys )
  80                 return key->hook->ops->store_subkeys( key->name, subkeys );
  81
  82         return False;
  83
  84 }
  85
  86 /***********************************************************************
  87  High level wrapper function for storing registry values
  88  ***********************************************************************/
  89
  90 BOOL store_reg_values( REGISTRY_KEY *key, REGVAL_CTR *val )
  91 {
  92         if ( check_dynamic_reg_values( key ) )
  93                 return False;
  94
  95         if ( key->hook && key->hook->ops && key->hook->ops->store_values )
  96                 return key->hook->ops->store_values( key->name, val );
  97
  98         return False;
  99 }
 100
 101 /***********************************************************************
 102  High level wrapper function for enumerating registry subkeys
 103  Initialize the TALLOC_CTX if necessary
 104  ***********************************************************************/
 105
 106 int fetch_reg_keys( REGISTRY_KEY *key, REGSUBKEY_CTR *subkey_ctr )
 107 {
 108         int result = -1;
 109
 110         if ( key->hook && key->hook->ops && key->hook->ops->fetch_subkeys )
 111                 result = key->hook->ops->fetch_subkeys( key->name, subkey_ctr );
 112
 113         return result;
 114 }
 115
 116 /***********************************************************************
 117  High level wrapper function for enumerating registry values
 118  ***********************************************************************/
 119
 120 int fetch_reg_values( REGISTRY_KEY *key, REGVAL_CTR *val )
 121 {
 122         int result = -1;
 123
 124         if ( key->hook && key->hook->ops && key->hook->ops->fetch_values )
 125                 result = key->hook->ops->fetch_values( key->name, val );
 126
 127         /* if the backend lookup returned no data, try the dynamic overlay */
 128
 129         if ( result == 0 ) {
 130                 result = fetch_dynamic_reg_values( key, val );
 131
 132                 return ( result != -1 ) ? result : 0;
 133         }
 134
 135         return result;
 136 }
 137
 138 /***********************************************************************
 139  High level access check for passing the required access mask to the
 140  underlying registry backend
 141  ***********************************************************************/
 142
 143 BOOL regkey_access_check( REGISTRY_KEY *key, uint32 requested, uint32 *granted,
 144                           const struct nt_user_token *token )
 145 {
 146         SEC_DESC *sec_desc;
 147         NTSTATUS status;
 148         WERROR err;
 149         TALLOC_CTX *mem_ctx;
 150
 151         /* use the default security check if the backend has not defined its
 152          * own */
 153
 154         if (key->hook && key->hook->ops && key->hook->ops->reg_access_check) {
 155                 return key->hook->ops->reg_access_check( key->name, requested,
 156                                                          granted, token );
 157         }
 158
 159         /*
 160          * The secdesc routines can't yet cope with a NULL talloc ctx sanely.
 161          */
 162
 163         if (!(mem_ctx = talloc_init("regkey_access_check"))) {
 164                 return False;
 165         }
 166
 167         err = regkey_get_secdesc(mem_ctx, key, &sec_desc);
 168
 169         if (!W_ERROR_IS_OK(err)) {
 170                 TALLOC_FREE(mem_ctx);
 171                 return False;
 172         }
 173
 174         se_map_generic( &requested, &reg_generic_map );
 175
 176         if (!se_access_check(sec_desc, token, requested, granted, &status)) {
 177                 TALLOC_FREE(mem_ctx);
 178                 return False;
 179         }
 180
 181         TALLOC_FREE(mem_ctx);
 182         return NT_STATUS_IS_OK(status);
 183 }
 184
 185 WERROR regkey_get_secdesc(TALLOC_CTX *mem_ctx, REGISTRY_KEY *key,
 186                           struct security_descriptor **psecdesc)
 187 {
 188         struct security_descriptor *secdesc;
 189
 190         if (key->hook && key->hook->ops && key->hook->ops->get_secdesc) {
 191                 WERROR err;
 192
 193                 err = key->hook->ops->get_secdesc(mem_ctx, key->name,
 194                                                   psecdesc);
 195                 if (W_ERROR_IS_OK(err)) {
 196                         return WERR_OK;
 197                 }
 198         }
 199
 200         if (!(secdesc = construct_registry_sd(mem_ctx))) {
 201                 return WERR_NOMEM;
 202         }
 203
 204         *psecdesc = secdesc;
 205         return WERR_OK;
 206 }