search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix some more callers of PAC_DATA.
[Samba/gebeck_regimport.git] / source3 / registry / reg_dispatcher.c
blobe6e76134570512f1efaa812bbe8de8ff6fb6b0a7
1 /*
2 * Unix SMB/CIFS implementation.
3 * Virtual Windows Registry Layer
4 * Copyright (C) Gerald Carter 2002-2005
5 * Copyright (C) Michael Adam 2006-2008
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
19 */
20
21 /*
22 * Implementation of registry frontend view functions.
23 * Functions moved from reg_frontend.c to minimize linker deps.
24 */
25
26 #include "includes.h"
27
28 #undef DBGC_CLASS
29 #define DBGC_CLASS DBGC_REGISTRY
30
31 static const struct generic_mapping reg_generic_map =
32 { REG_KEY_READ, REG_KEY_WRITE, REG_KEY_EXECUTE, REG_KEY_ALL };
33
34 /********************************************************************
35 ********************************************************************/
36
37 static SEC_DESC* construct_registry_sd( TALLOC_CTX *ctx )
38 {
39 SEC_ACE ace[3];
40 SEC_ACCESS mask;
41 size_t i = 0;
42 SEC_DESC *sd;
43 SEC_ACL *acl;
44 size_t sd_size;
45
46 /* basic access for Everyone */
47
48 init_sec_access(&mask, REG_KEY_READ );
49 init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
50
51 /* Full Access 'BUILTIN\Administrators' */
52
53 init_sec_access(&mask, REG_KEY_ALL );
54 init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
55
56 /* Full Access 'NT Authority\System' */
57
58 init_sec_access(&mask, REG_KEY_ALL );
59 init_sec_ace(&ace[i++], &global_sid_System, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
60
61 /* create the security descriptor */
62
63 if ( !(acl = make_sec_acl(ctx, NT4_ACL_REVISION, i, ace)) )
64 return NULL;
65
66 if ( !(sd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL, acl, &sd_size)) )
67 return NULL;
68
69 return sd;
70 }
71
72 /***********************************************************************
73 High level wrapper function for storing registry subkeys
74 ***********************************************************************/
75
76 bool store_reg_keys( REGISTRY_KEY *key, REGSUBKEY_CTR *subkeys )
77 {
78 if ( key->hook && key->hook->ops && key->hook->ops->store_subkeys )
79 return key->hook->ops->store_subkeys( key->name, subkeys );
80
81 return false;
82 }
83
84 /***********************************************************************
85 High level wrapper function for storing registry values
86 ***********************************************************************/
87
88 bool store_reg_values( REGISTRY_KEY *key, REGVAL_CTR *val )
89 {
90 if ( key->hook && key->hook->ops && key->hook->ops->store_values )
91 return key->hook->ops->store_values( key->name, val );
92
93 return false;
94 }
95
96 /***********************************************************************
97 High level wrapper function for enumerating registry subkeys
98 Initialize the TALLOC_CTX if necessary
99 ***********************************************************************/
100
101 int fetch_reg_keys( REGISTRY_KEY *key, REGSUBKEY_CTR *subkey_ctr )
102 {
103 int result = -1;
104
105 if ( key->hook && key->hook->ops && key->hook->ops->fetch_subkeys )
106 result = key->hook->ops->fetch_subkeys( key->name, subkey_ctr );
107
108 return result;
109 }
110
111 /***********************************************************************
112 High level wrapper function for enumerating registry values
113 ***********************************************************************/
114
115 int fetch_reg_values( REGISTRY_KEY *key, REGVAL_CTR *val )
116 {
117 int result = -1;
118
119 DEBUG(10, ("fetch_reg_values called for key '%s' (ops %p)\n", key->name,
120 (key->hook && key->hook->ops) ? (void *)key->hook->ops : NULL));
121
122 if ( key->hook && key->hook->ops && key->hook->ops->fetch_values )
123 result = key->hook->ops->fetch_values( key->name, val );
124
125 return result;
126 }
127
128 /***********************************************************************
129 High level access check for passing the required access mask to the
130 underlying registry backend
131 ***********************************************************************/
132
133 bool regkey_access_check( REGISTRY_KEY *key, uint32 requested, uint32 *granted,
134 const struct nt_user_token *token )
135 {
136 SEC_DESC *sec_desc;
137 NTSTATUS status;
138 WERROR err;
139 TALLOC_CTX *mem_ctx;
140
141 /* use the default security check if the backend has not defined its
142 * own */
143
144 if (key->hook && key->hook->ops && key->hook->ops->reg_access_check) {
145 return key->hook->ops->reg_access_check( key->name, requested,
146 granted, token );
147 }
148
149 /*
150 * The secdesc routines can't yet cope with a NULL talloc ctx sanely.
151 */
152
153 if (!(mem_ctx = talloc_init("regkey_access_check"))) {
154 return false;
155 }
156
157 err = regkey_get_secdesc(mem_ctx, key, &sec_desc);
158
159 if (!W_ERROR_IS_OK(err)) {
160 TALLOC_FREE(mem_ctx);
161 return false;
162 }
163
164 se_map_generic( &requested, &reg_generic_map );
165
166 if (!se_access_check(sec_desc, token, requested, granted, &status)) {
167 TALLOC_FREE(mem_ctx);
168 return false;
169 }
170
171 TALLOC_FREE(mem_ctx);
172 return NT_STATUS_IS_OK(status);
173 }
174
175 WERROR regkey_get_secdesc(TALLOC_CTX *mem_ctx, REGISTRY_KEY *key,
176 struct security_descriptor **psecdesc)
177 {
178 struct security_descriptor *secdesc;
179
180 if (key->hook && key->hook->ops && key->hook->ops->get_secdesc) {
181 WERROR err;
182
183 err = key->hook->ops->get_secdesc(mem_ctx, key->name,
184 psecdesc);
185 if (W_ERROR_IS_OK(err)) {
186 return WERR_OK;
187 }
188 }
189
190 if (!(secdesc = construct_registry_sd(mem_ctx))) {
191 return WERR_NOMEM;
192 }
193
194 *psecdesc = secdesc;
195 return WERR_OK;
196 }
197
198 WERROR regkey_set_secdesc(REGISTRY_KEY *key,
199 struct security_descriptor *psecdesc)
200 {
201 if (key->hook && key->hook->ops && key->hook->ops->set_secdesc) {
202 return key->hook->ops->set_secdesc(key->name, psecdesc);
203 }
204
205 return WERR_ACCESS_DENIED;
206 }
207
208 /**
209 * Check whether the in-memory version of the subkyes of a
210 * registry key needs update from disk.
211 */
212 bool reg_subkeys_need_update(REGISTRY_KEY *key, REGSUBKEY_CTR *subkeys)
213 {
214 if (key->hook && key->hook->ops && key->hook->ops->subkeys_need_update)
215 {
216 return key->hook->ops->subkeys_need_update(subkeys);
217 }
218
219 return false;
220 }
221
222 /**
223 * Check whether the in-memory version of the values of a
224 * registry key needs update from disk.
225 */
226 bool reg_values_need_update(REGISTRY_KEY *key, REGVAL_CTR *values)
227 {
228 if (key->hook && key->hook->ops && key->hook->ops->values_need_update)
229 {
230 return key->hook->ops->values_need_update(values);
231 }
232
233 return false;
234 }
235
reg import