* - builtin administrators sid
* - disk operators privilege
*/
-NT_USER_TOKEN *registry_create_admin_token(TALLOC_CTX *mem_ctx)
+NTSTATUS registry_create_admin_token(TALLOC_CTX *mem_ctx,
+ NT_USER_TOKEN **ptoken)
{
NTSTATUS status;
NT_USER_TOKEN *token = NULL;
+ if (ptoken == NULL) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
token = TALLOC_ZERO_P(mem_ctx, NT_USER_TOKEN);
if (token == NULL) {
DEBUG(1, ("talloc failed\n"));
+ status = NT_STATUS_NO_MEMORY;
goto done;
}
token->privileges = se_disk_operators;
"to fake token.\n"));
goto done;
}
+
+ *ptoken = token;
+
done:
- return token;
+ return status;
}
/*
struct registry_key **key)
{
WERROR werr = WERR_OK;
- NT_USER_TOKEN *token;
+ NT_USER_TOKEN *token = NULL;
TALLOC_CTX *tmp_ctx = NULL;
if (path == NULL) {
goto done;
}
- token = registry_create_admin_token(tmp_ctx);
- if (token == NULL) {
+ werr = ntstatus_to_werror(registry_create_admin_token(tmp_ctx, &token));
+ if (W_ERROR_IS_OK(werr)) {
DEBUG(1, ("Error creating admin token\n"));
- /* what is the appropriate error code here? */
- werr = WERR_CAN_NOT_COMPLETE;
goto done;
}
char *valname = NULL;
char *valstr = NULL;
uint32 idx = 0;
- NT_USER_TOKEN *token;
+ NT_USER_TOKEN *token = NULL;
ctx = talloc_init("process_registry_globals");
if (!ctx) {
goto done;
}
- if (!(token = registry_create_admin_token(ctx))) {
- DEBUG(1, ("Error creating admin token\n"));
+ werr = ntstatus_to_werror(registry_create_admin_token(ctx, &token));
+ if (!W_ERROR_IS_OK(werr)) {
+ DEBUG(1, ("Error creating admin token: %s\n",dos_errstr(werr)));
goto done;
}