r24637: In order for "net rpc registry" to be able to write to

Samba's own registry, the access mask for opening the
registry for the write operations needs to be
SEC_RIGHTS_MAXIMUM_ALLOWED instead of REG_WRITE: we can
not open e.g. HKLM read write explicitly, since we can
not write to this virtual part of the registry, only
to the subkeys like 'HKLM\Software\Samba\smbconf' that
are stored on disk.

Note that MAXIMUM_ALLOWED is also what windows' regedit
passed to the open calls.

Michael
(This used to be commit 57c30f7319b35fa452e8a6c585810e55c7e934b2)

diff --git a/source3/utils/net_rpc_registry.c b/source3/utils/net_rpc_registry.c
index 0d54ff390731715933ec41e36f64d5bf841d57c1..459e7f9f8515fcbbc02696ad2352909db2d60194 100644 (file)
--- a/source3/utils/net_rpc_registry.c
+++ b/source3/utils/net_rpc_registry.c
@@ -354,7 +354,8 @@ static NTSTATUS rpc_registry_setvalue_internal(const DOM_SID *domain_sid,
        NTSTATUS status;
        struct registry_value value;
 
-       status = registry_openkey(mem_ctx, pipe_hnd, argv[0], REG_KEY_WRITE,
+       status = registry_openkey(mem_ctx, pipe_hnd, argv[0], 
+                                 SEC_RIGHTS_MAXIMUM_ALLOWED,
                                  &hive_hnd, &key_hnd);
        if (!NT_STATUS_IS_OK(status)) {
                d_fprintf(stderr, "registry_openkey failed: %s\n",
@@ -423,7 +424,8 @@ static NTSTATUS rpc_registry_deletevalue_internal(const DOM_SID *domain_sid,
 
        ZERO_STRUCT(valuename);
 
-       status = registry_openkey(mem_ctx, pipe_hnd, argv[0], REG_KEY_WRITE,
+       status = registry_openkey(mem_ctx, pipe_hnd, argv[0],
+                                 SEC_RIGHTS_MAXIMUM_ALLOWED,
                                  &hive_hnd, &key_hnd);
        if (!NT_STATUS_IS_OK(status)) {
                d_fprintf(stderr, "registry_openkey failed: %s\n",
@@ -481,7 +483,7 @@ static NTSTATUS rpc_registry_createkey_internal(const DOM_SID *domain_sid,
        }
 
        status = rpccli_winreg_Connect(pipe_hnd, mem_ctx, hive,
-                                      REG_KEY_READ|REG_KEY_WRITE,
+                                      SEC_RIGHTS_MAXIMUM_ALLOWED,
                                       &hive_hnd);
        if (!(NT_STATUS_IS_OK(status))) {
                return status;
@@ -548,7 +550,8 @@ static NTSTATUS rpc_registry_deletekey_internal(const DOM_SID *domain_sid,
                return NT_STATUS_INVALID_PARAMETER;
        }
 
-       status = rpccli_winreg_Connect(pipe_hnd, mem_ctx, hive, REG_KEY_WRITE,
+       status = rpccli_winreg_Connect(pipe_hnd, mem_ctx, hive,
+                                      SEC_RIGHTS_MAXIMUM_ALLOWED,
                                       &hive_hnd);
        if (!(NT_STATUS_IS_OK(status))) {
                return status;