/* [<][>][^][v][top][bottom][index][help] */
DEFINITIONS
This source file includes following definitions.
- construct_registry_sd
- store_reg_keys
- store_reg_values
- create_reg_subkey
- delete_reg_subkey
- fetch_reg_keys
- fetch_reg_values
- regkey_access_check
- regkey_get_secdesc
- regkey_set_secdesc
- reg_subkeys_need_update
- reg_values_need_update
1 /*
2 * Unix SMB/CIFS implementation.
3 * Virtual Windows Registry Layer
4 * Copyright (C) Gerald Carter 2002-2005
5 * Copyright (C) Michael Adam 2006-2008
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
19 */
20
21 /*
22 * Implementation of registry frontend view functions.
23 * Functions moved from reg_frontend.c to minimize linker deps.
24 */
25
26 #include "includes.h"
27
28 #undef DBGC_CLASS
29 #define DBGC_CLASS DBGC_REGISTRY
30
31 static const struct generic_mapping reg_generic_map =
32 { REG_KEY_READ, REG_KEY_WRITE, REG_KEY_EXECUTE, REG_KEY_ALL };
33
34 /********************************************************************
35 ********************************************************************/
36
37 static WERROR construct_registry_sd(TALLOC_CTX *ctx, SEC_DESC **psd)
/* [<][>][^][v][top][bottom][index][help] */
38 {
39 SEC_ACE ace[3];
40 size_t i = 0;
41 SEC_DESC *sd;
42 SEC_ACL *theacl;
43 size_t sd_size;
44
45 /* basic access for Everyone */
46
47 init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED,
48 REG_KEY_READ, 0);
49
50 /* Full Access 'BUILTIN\Administrators' */
51
52 init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators,
53 SEC_ACE_TYPE_ACCESS_ALLOWED, REG_KEY_ALL, 0);
54
55 /* Full Access 'NT Authority\System' */
56
57 init_sec_ace(&ace[i++], &global_sid_System, SEC_ACE_TYPE_ACCESS_ALLOWED,
58 REG_KEY_ALL, 0);
59
60 /* create the security descriptor */
61
62 theacl = make_sec_acl(ctx, NT4_ACL_REVISION, i, ace);
63 if (theacl == NULL) {
64 return WERR_NOMEM;
65 }
66
67 sd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE,
68 &global_sid_Builtin_Administrators,
69 &global_sid_System, NULL, theacl,
70 &sd_size);
71 if (sd == NULL) {
72 return WERR_NOMEM;
73 }
74
75 *psd = sd;
76 return WERR_OK;
77 }
78
79 /***********************************************************************
80 High level wrapper function for storing registry subkeys
81 ***********************************************************************/
82
83 bool store_reg_keys( REGISTRY_KEY *key, struct regsubkey_ctr *subkeys )
/* [<][>][^][v][top][bottom][index][help] */
84 {
85 if (key->ops && key->ops->store_subkeys)
86 return key->ops->store_subkeys(key->name, subkeys);
87
88 return false;
89 }
90
91 /***********************************************************************
92 High level wrapper function for storing registry values
93 ***********************************************************************/
94
95 bool store_reg_values( REGISTRY_KEY *key, REGVAL_CTR *val )
/* [<][>][^][v][top][bottom][index][help] */
96 {
97 if (key->ops && key->ops->store_values)
98 return key->ops->store_values(key->name, val);
99
100 return false;
101 }
102
103 WERROR create_reg_subkey(REGISTRY_KEY *key, const char *subkey)
/* [<][>][^][v][top][bottom][index][help] */
104 {
105 if (key->ops && key->ops->create_subkey) {
106 return key->ops->create_subkey(key->name, subkey);
107 }
108
109 return WERR_NOT_SUPPORTED;
110 }
111
112 WERROR delete_reg_subkey(REGISTRY_KEY *key, const char *subkey)
/* [<][>][^][v][top][bottom][index][help] */
113 {
114 if (key->ops && key->ops->delete_subkey) {
115 return key->ops->delete_subkey(key->name, subkey);
116 }
117
118 return WERR_NOT_SUPPORTED;
119 }
120
121 /***********************************************************************
122 High level wrapper function for enumerating registry subkeys
123 Initialize the TALLOC_CTX if necessary
124 ***********************************************************************/
125
126 int fetch_reg_keys( REGISTRY_KEY *key, struct regsubkey_ctr *subkey_ctr )
/* [<][>][^][v][top][bottom][index][help] */
127 {
128 int result = -1;
129
130 if (key->ops && key->ops->fetch_subkeys)
131 result = key->ops->fetch_subkeys(key->name, subkey_ctr);
132
133 return result;
134 }
135
136 /***********************************************************************
137 High level wrapper function for enumerating registry values
138 ***********************************************************************/
139
140 int fetch_reg_values( REGISTRY_KEY *key, REGVAL_CTR *val )
/* [<][>][^][v][top][bottom][index][help] */
141 {
142 int result = -1;
143
144 DEBUG(10, ("fetch_reg_values called for key '%s' (ops %p)\n", key->name,
145 (key->ops) ? (void *)key->ops : NULL));
146
147 if (key->ops && key->ops->fetch_values)
148 result = key->ops->fetch_values(key->name, val);
149
150 return result;
151 }
152
153 /***********************************************************************
154 High level access check for passing the required access mask to the
155 underlying registry backend
156 ***********************************************************************/
157
158 bool regkey_access_check( REGISTRY_KEY *key, uint32 requested, uint32 *granted,
/* [<][>][^][v][top][bottom][index][help] */
159 const struct nt_user_token *token )
160 {
161 SEC_DESC *sec_desc;
162 NTSTATUS status;
163 WERROR err;
164
165 /* use the default security check if the backend has not defined its
166 * own */
167
168 if (key->ops && key->ops->reg_access_check) {
169 return key->ops->reg_access_check(key->name, requested,
170 granted, token);
171 }
172
173 err = regkey_get_secdesc(talloc_tos(), key, &sec_desc);
174
175 if (!W_ERROR_IS_OK(err)) {
176 return false;
177 }
178
179 se_map_generic( &requested, ®_generic_map );
180
181 status =se_access_check(sec_desc, token, requested, granted);
182 TALLOC_FREE(sec_desc);
183 if (!NT_STATUS_IS_OK(status)) {
184 return false;
185 }
186
187 return NT_STATUS_IS_OK(status);
188 }
189
190 WERROR regkey_get_secdesc(TALLOC_CTX *mem_ctx, REGISTRY_KEY *key,
/* [<][>][^][v][top][bottom][index][help] */
191 struct security_descriptor **psecdesc)
192 {
193 struct security_descriptor *secdesc;
194 WERROR werr;
195
196 if (key->ops && key->ops->get_secdesc) {
197 werr = key->ops->get_secdesc(mem_ctx, key->name, psecdesc);
198 if (W_ERROR_IS_OK(werr)) {
199 return WERR_OK;
200 }
201 }
202
203 werr = construct_registry_sd(mem_ctx, &secdesc);
204 if (!W_ERROR_IS_OK(werr)) {
205 return werr;
206 }
207
208 *psecdesc = secdesc;
209 return WERR_OK;
210 }
211
212 WERROR regkey_set_secdesc(REGISTRY_KEY *key,
/* [<][>][^][v][top][bottom][index][help] */
213 struct security_descriptor *psecdesc)
214 {
215 if (key->ops && key->ops->set_secdesc) {
216 return key->ops->set_secdesc(key->name, psecdesc);
217 }
218
219 return WERR_ACCESS_DENIED;
220 }
221
222 /**
223 * Check whether the in-memory version of the subkyes of a
224 * registry key needs update from disk.
225 */
226 bool reg_subkeys_need_update(REGISTRY_KEY *key, struct regsubkey_ctr *subkeys)
/* [<][>][^][v][top][bottom][index][help] */
227 {
228 if (key->ops && key->ops->subkeys_need_update)
229 {
230 return key->ops->subkeys_need_update(subkeys);
231 }
232
233 return false;
234 }
235
236 /**
237 * Check whether the in-memory version of the values of a
238 * registry key needs update from disk.
239 */
240 bool reg_values_need_update(REGISTRY_KEY *key, REGVAL_CTR *values)
/* [<][>][^][v][top][bottom][index][help] */
241 {
242 if (key->ops && key->ops->values_need_update)
243 {
244 return key->ops->values_need_update(values);
245 }
246
247 return false;
248 }
249