git.samba.org / nivanova / samba-autobuild / .git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
r23801: The FSF has moved around a lot. This fixes their Mass Ave address.
[nivanova/samba-autobuild/.git] / source3 / registry / reg_frontend_hilvl.c
1 /* 
2  *  Unix SMB/CIFS implementation.
3  *  Virtual Windows Registry Layer
4  *  Copyright (C) Gerald Carter                     2002-2005
5  *  Copyright (C) Michael Adam 2006
6  *
7  *  This program is free software; you can redistribute it and/or modify
8  *  it under the terms of the GNU General Public License as published by
9  *  the Free Software Foundation; either version 3 of the License, or
10  *  (at your option) any later version.
11  *  
12  *  This program is distributed in the hope that it will be useful,
13  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
14  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15  *  GNU General Public License for more details.
16  *  
17  *  You should have received a copy of the GNU General Public License
18  *  along with this program; if not, see <http://www.gnu.org/licenses/>.
19  */
20
21 /* 
22  * Implementation of registry frontend view functions. 
23  * Functions moved from reg_frontend.c to minimize linker deps.
24  */
25
26 #include "includes.h"
27
28
29 static struct generic_mapping reg_generic_map = 
30         { REG_KEY_READ, REG_KEY_WRITE, REG_KEY_EXECUTE, REG_KEY_ALL };
31
32 /********************************************************************
33 ********************************************************************/
34
35 static SEC_DESC* construct_registry_sd( TALLOC_CTX *ctx )
36 {
37         SEC_ACE ace[2]; 
38         SEC_ACCESS mask;
39         size_t i = 0;
40         SEC_DESC *sd;
41         SEC_ACL *acl;
42         size_t sd_size;
43
44         /* basic access for Everyone */
45         
46         init_sec_access(&mask, REG_KEY_READ );
47         init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
48         
49         /* Full Access 'BUILTIN\Administrators' */
50         
51         init_sec_access(&mask, REG_KEY_ALL );
52         init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
53         
54         
55         /* create the security descriptor */
56         
57         if ( !(acl = make_sec_acl(ctx, NT4_ACL_REVISION, i, ace)) )
58                 return NULL;
59
60         if ( !(sd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL, acl, &sd_size)) )
61                 return NULL;
62
63         return sd;
64 }
65
66 /***********************************************************************
67  High level wrapper function for storing registry subkeys
68  ***********************************************************************/
69  
70 BOOL store_reg_keys( REGISTRY_KEY *key, REGSUBKEY_CTR *subkeys )
71 {
72         if ( key->hook && key->hook->ops && key->hook->ops->store_subkeys )
73                 return key->hook->ops->store_subkeys( key->name, subkeys );
74                 
75         return False;
76
77 }
78
79 /***********************************************************************
80  High level wrapper function for storing registry values
81  ***********************************************************************/
82  
83 BOOL store_reg_values( REGISTRY_KEY *key, REGVAL_CTR *val )
84 {
85         if ( check_dynamic_reg_values( key ) )
86                 return False;
87
88         if ( key->hook && key->hook->ops && key->hook->ops->store_values )
89                 return key->hook->ops->store_values( key->name, val );
90
91         return False;
92 }
93
94 /***********************************************************************
95  High level wrapper function for enumerating registry subkeys
96  Initialize the TALLOC_CTX if necessary
97  ***********************************************************************/
98
99 int fetch_reg_keys( REGISTRY_KEY *key, REGSUBKEY_CTR *subkey_ctr )
100 {
101         int result = -1;
102         
103         if ( key->hook && key->hook->ops && key->hook->ops->fetch_subkeys )
104                 result = key->hook->ops->fetch_subkeys( key->name, subkey_ctr );
105
106         return result;
107 }
108
109 /***********************************************************************
110  High level wrapper function for enumerating registry values
111  ***********************************************************************/
112
113 int fetch_reg_values( REGISTRY_KEY *key, REGVAL_CTR *val )
114 {
115         int result = -1;
116         
117         if ( key->hook && key->hook->ops && key->hook->ops->fetch_values )
118                 result = key->hook->ops->fetch_values( key->name, val );
119         
120         /* if the backend lookup returned no data, try the dynamic overlay */
121         
122         if ( result == 0 ) {
123                 result = fetch_dynamic_reg_values( key, val );
124
125                 return ( result != -1 ) ? result : 0;
126         }
127         
128         return result;
129 }
130
131 /***********************************************************************
132  High level access check for passing the required access mask to the 
133  underlying registry backend
134  ***********************************************************************/
135
136 BOOL regkey_access_check( REGISTRY_KEY *key, uint32 requested, uint32 *granted,
137                           const struct nt_user_token *token )
138 {
139         SEC_DESC *sec_desc;
140         NTSTATUS status;
141         WERROR err;
142         TALLOC_CTX *mem_ctx;
143
144         /* use the default security check if the backend has not defined its
145          * own */
146
147         if (key->hook && key->hook->ops && key->hook->ops->reg_access_check) {
148                 return key->hook->ops->reg_access_check( key->name, requested,
149                                                          granted, token );
150         }
151
152         /*
153          * The secdesc routines can't yet cope with a NULL talloc ctx sanely.
154          */
155
156         if (!(mem_ctx = talloc_init("regkey_access_check"))) {
157                 return False;
158         }
159
160         err = regkey_get_secdesc(mem_ctx, key, &sec_desc);
161
162         if (!W_ERROR_IS_OK(err)) {
163                 TALLOC_FREE(mem_ctx);
164                 return False;
165         }
166
167         se_map_generic( &requested, &reg_generic_map );
168
169         if (!se_access_check(sec_desc, token, requested, granted, &status)) {
170                 TALLOC_FREE(mem_ctx);
171                 return False;
172         }
173
174         TALLOC_FREE(mem_ctx);
175         return NT_STATUS_IS_OK(status);
176 }
177
178 WERROR regkey_get_secdesc(TALLOC_CTX *mem_ctx, REGISTRY_KEY *key,
179                           struct security_descriptor **psecdesc)
180 {
181         struct security_descriptor *secdesc;
182
183         if (key->hook && key->hook->ops && key->hook->ops->get_secdesc) {
184                 WERROR err;
185
186                 err = key->hook->ops->get_secdesc(mem_ctx, key->name,
187                                                   psecdesc);
188                 if (W_ERROR_IS_OK(err)) {
189                         return WERR_OK;
190                 }
191         }
192
193         if (!(secdesc = construct_registry_sd(mem_ctx))) {
194                 return WERR_NOMEM;
195         }
196
197         *psecdesc = secdesc;
198         return WERR_OK;
199 }
Unnamed repository; edit this file 'description' to name the repository.