2 * Unix SMB/CIFS implementation.
3 * Virtual Windows Registry Layer
4 * Copyright (C) Gerald Carter 2002-2005
5 * Copyright (C) Michael Adam 2006
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
22 * Implementation of registry frontend view functions.
23 * Functions moved from reg_frontend.c to minimize linker deps.
29 static struct generic_mapping reg_generic_map =
30 { REG_KEY_READ, REG_KEY_WRITE, REG_KEY_EXECUTE, REG_KEY_ALL };
32 /********************************************************************
33 ********************************************************************/
35 static SEC_DESC* construct_registry_sd( TALLOC_CTX *ctx )
44 /* basic access for Everyone */
46 init_sec_access(&mask, REG_KEY_READ );
47 init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
49 /* Full Access 'BUILTIN\Administrators' */
51 init_sec_access(&mask, REG_KEY_ALL );
52 init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
55 /* create the security descriptor */
57 if ( !(acl = make_sec_acl(ctx, NT4_ACL_REVISION, i, ace)) )
60 if ( !(sd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL, acl, &sd_size)) )
66 /***********************************************************************
67 High level wrapper function for storing registry subkeys
68 ***********************************************************************/
70 BOOL store_reg_keys( REGISTRY_KEY *key, REGSUBKEY_CTR *subkeys )
72 if ( key->hook && key->hook->ops && key->hook->ops->store_subkeys )
73 return key->hook->ops->store_subkeys( key->name, subkeys );
79 /***********************************************************************
80 High level wrapper function for storing registry values
81 ***********************************************************************/
83 BOOL store_reg_values( REGISTRY_KEY *key, REGVAL_CTR *val )
85 if ( check_dynamic_reg_values( key ) )
88 if ( key->hook && key->hook->ops && key->hook->ops->store_values )
89 return key->hook->ops->store_values( key->name, val );
94 /***********************************************************************
95 High level wrapper function for enumerating registry subkeys
96 Initialize the TALLOC_CTX if necessary
97 ***********************************************************************/
99 int fetch_reg_keys( REGISTRY_KEY *key, REGSUBKEY_CTR *subkey_ctr )
103 if ( key->hook && key->hook->ops && key->hook->ops->fetch_subkeys )
104 result = key->hook->ops->fetch_subkeys( key->name, subkey_ctr );
109 /***********************************************************************
110 High level wrapper function for enumerating registry values
111 ***********************************************************************/
113 int fetch_reg_values( REGISTRY_KEY *key, REGVAL_CTR *val )
117 if ( key->hook && key->hook->ops && key->hook->ops->fetch_values )
118 result = key->hook->ops->fetch_values( key->name, val );
120 /* if the backend lookup returned no data, try the dynamic overlay */
123 result = fetch_dynamic_reg_values( key, val );
125 return ( result != -1 ) ? result : 0;
131 /***********************************************************************
132 High level access check for passing the required access mask to the
133 underlying registry backend
134 ***********************************************************************/
136 BOOL regkey_access_check( REGISTRY_KEY *key, uint32 requested, uint32 *granted,
137 const struct nt_user_token *token )
144 /* use the default security check if the backend has not defined its
147 if (key->hook && key->hook->ops && key->hook->ops->reg_access_check) {
148 return key->hook->ops->reg_access_check( key->name, requested,
153 * The secdesc routines can't yet cope with a NULL talloc ctx sanely.
156 if (!(mem_ctx = talloc_init("regkey_access_check"))) {
160 err = regkey_get_secdesc(mem_ctx, key, &sec_desc);
162 if (!W_ERROR_IS_OK(err)) {
163 TALLOC_FREE(mem_ctx);
167 se_map_generic( &requested, ®_generic_map );
169 if (!se_access_check(sec_desc, token, requested, granted, &status)) {
170 TALLOC_FREE(mem_ctx);
174 TALLOC_FREE(mem_ctx);
175 return NT_STATUS_IS_OK(status);
178 WERROR regkey_get_secdesc(TALLOC_CTX *mem_ctx, REGISTRY_KEY *key,
179 struct security_descriptor **psecdesc)
181 struct security_descriptor *secdesc;
183 if (key->hook && key->hook->ops && key->hook->ops->get_secdesc) {
186 err = key->hook->ops->get_secdesc(mem_ctx, key->name,
188 if (W_ERROR_IS_OK(err)) {
193 if (!(secdesc = construct_registry_sd(mem_ctx))) {