X-Git-Url: http://git.samba.org/samba.git/?a=blobdiff_plain;f=source3%2Frpc_server%2Fsrv_reg_nt.c;h=4db5ed0ed6227df9fb0d64bb3f6b005f9acade0f;hb=54abd2aa66069e6baf7769c496f46d9dba18db39;hp=f96de7e5339c894fa421e54008bdf3804df2b84b;hpb=2446d245df2acecb0b3babe5aee08181111b7a17;p=vlendec%2Fsamba-autobuild%2F.git diff --git a/source3/rpc_server/srv_reg_nt.c b/source3/rpc_server/srv_reg_nt.c index f96de7e5339..4db5ed0ed62 100644 --- a/source3/rpc_server/srv_reg_nt.c +++ b/source3/rpc_server/srv_reg_nt.c @@ -5,7 +5,7 @@ * Copyright (C) Luke Kenneth Casson Leighton 1996-1997. * Copyright (C) Paul Ashton 1997. * Copyright (C) Jeremy Allison 2001. - * Copyright (C) Gerald Carter 2002. + * Copyright (C) Gerald Carter 2002-2005. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -25,20 +25,16 @@ /* Implementation of registry functions. */ #include "includes.h" +#include "regfio.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_RPC_SRV -#define REGSTR_PRODUCTTYPE "ProductType" -#define REG_PT_WINNT "WinNT" -#define REG_PT_LANMANNT "LanmanNT" -#define REG_PT_SERVERNT "ServerNT" - #define OUR_HANDLE(hnd) (((hnd)==NULL)?"NULL":(IVAL((hnd)->data5,4)==(uint32)sys_getpid()?"OURS":"OTHER")), \ ((unsigned int)IVAL((hnd)->data5,4)),((unsigned int)sys_getpid()) - -static REGISTRY_KEY *regkeys_list; +static struct generic_mapping reg_generic_map = + { REG_KEY_READ, REG_KEY_WRITE, REG_KEY_EXECUTE, REG_KEY_ALL }; /****************************************************************** @@ -47,11 +43,7 @@ static REGISTRY_KEY *regkeys_list; static void free_regkey_info(void *ptr) { - REGISTRY_KEY *info = (REGISTRY_KEY*)ptr; - - DLIST_REMOVE(regkeys_list, info); - - SAFE_FREE(info); + TALLOC_FREE( ptr ); } /****************************************************************** @@ -79,83 +71,38 @@ static REGISTRY_KEY *find_regkey_index_by_hnd(pipes_struct *p, POLICY_HND *hnd) HK[LM|U]\\\... *******************************************************************/ -static NTSTATUS open_registry_key(pipes_struct *p, POLICY_HND *hnd, REGISTRY_KEY *parent, - char *subkeyname, uint32 access_granted ) +static WERROR open_registry_key( pipes_struct *p, POLICY_HND *hnd, + REGISTRY_KEY **keyinfo, REGISTRY_KEY *parent, + const char *subkeyname, uint32 access_desired ) { - REGISTRY_KEY *regkey = NULL; - NTSTATUS result = NT_STATUS_OK; - REGSUBKEY_CTR subkeys; - - DEBUG(7,("open_registry_key: name = [%s][%s]\n", - parent ? parent->name : "NULL", subkeyname)); + pstring keypath; + int path_len; + WERROR result = WERR_OK; - if ((regkey=(REGISTRY_KEY*)malloc(sizeof(REGISTRY_KEY))) == NULL) - return NT_STATUS_NO_MEMORY; - - ZERO_STRUCTP( regkey ); - - /* - * very crazy, but regedit.exe on Win2k will attempt to call - * REG_OPEN_ENTRY with a keyname of "". We should return a new - * (second) handle here on the key->name. regedt32.exe does - * not do this stupidity. --jerry - */ - - if (!subkeyname || !*subkeyname ) { - pstrcpy( regkey->name, parent->name ); - } - else { - pstrcpy( regkey->name, "" ); - if ( parent ) { - pstrcat( regkey->name, parent->name ); - pstrcat( regkey->name, "\\" ); - } - pstrcat( regkey->name, subkeyname ); - } - - /* Look up the table of registry I/O operations */ - - if ( !(regkey->hook = reghook_cache_find( regkey->name )) ) { - DEBUG(0,("open_registry_key: Failed to assigned a REGISTRY_HOOK to [%s]\n", - regkey->name )); - return NT_STATUS_OBJECT_PATH_NOT_FOUND; - } - - /* check if the path really exists; failed is indicated by -1 */ - /* if the subkey count failed, bail out */ - - ZERO_STRUCTP( &subkeys ); - - regsubkey_ctr_init( &subkeys ); + /* create a full registry path and strip any trailing '\' + characters */ + + pstr_sprintf( keypath, "%s%s%s", + parent ? parent->name : "", + parent ? "\\" : "", + subkeyname ); - if ( fetch_reg_keys( regkey, &subkeys ) == -1 ) { + path_len = strlen( keypath ); + if ( path_len && keypath[path_len-1] == '\\' ) + keypath[path_len-1] = '\0'; - /* don't really know what to return here */ + /* now do the internal open */ - result = NT_STATUS_NO_SUCH_FILE; - } - else { - /* - * This would previously return NT_STATUS_TOO_MANY_SECRETS - * that doesn't sound quite right to me --jerry - */ - - if ( !create_policy_hnd( p, hnd, free_regkey_info, regkey ) ) - result = NT_STATUS_OBJECT_NAME_NOT_FOUND; + result = regkey_open_internal( keyinfo, keypath, p->pipe_user.nt_user_token, access_desired ); + if ( !W_ERROR_IS_OK(result) ) + return result; + + if ( !create_policy_hnd( p, hnd, free_regkey_info, *keyinfo ) ) { + result = WERR_BADFILE; + TALLOC_FREE( *keyinfo ); } - /* clean up */ - - regsubkey_ctr_destroy( &subkeys ); - if ( ! NT_STATUS_IS_OK(result) ) - SAFE_FREE( regkey ); - else - DLIST_ADD( regkeys_list, regkey ); - - - DEBUG(7,("open_registry_key: exit\n")); - return result; } @@ -186,47 +133,44 @@ static BOOL get_subkey_information( REGISTRY_KEY *key, uint32 *maxnum, uint32 *m { int num_subkeys, i; uint32 max_len; - REGSUBKEY_CTR subkeys; + REGSUBKEY_CTR *subkeys; uint32 len; if ( !key ) return False; - ZERO_STRUCTP( &subkeys ); - - regsubkey_ctr_init( &subkeys ); - - if ( fetch_reg_keys( key, &subkeys ) == -1 ) + if ( !(subkeys = TALLOC_ZERO_P( NULL, REGSUBKEY_CTR )) ) + return False; + + if ( fetch_reg_keys( key, subkeys ) == -1 ) return False; /* find the longest string */ max_len = 0; - num_subkeys = regsubkey_ctr_numkeys( &subkeys ); + num_subkeys = regsubkey_ctr_numkeys( subkeys ); for ( i=0; ivaluename)+1 ); + lenmax = MAX(lenmax, val->valuename ? strlen(val->valuename)+1 : 0 ); sizemax = MAX(sizemax, val->size ); - val = regval_ctr_specific_value( &values, i ); + val = regval_ctr_specific_value( values, i ); } *maxnum = num_values; *maxlen = lenmax; *maxsize = sizemax; - regval_ctr_destroy( &values ); + TALLOC_FREE( values ); return True; } @@ -269,188 +211,246 @@ static BOOL get_value_information( REGISTRY_KEY *key, uint32 *maxnum, reg_close ********************************************************************/ -NTSTATUS _reg_close(pipes_struct *p, REG_Q_CLOSE *q_u, REG_R_CLOSE *r_u) +WERROR _reg_close(pipes_struct *p, REG_Q_CLOSE *q_u, REG_R_CLOSE *r_u) { - /* set up the REG unknown_1 response */ - ZERO_STRUCT(r_u->pol); - /* close the policy handle */ + if (!close_registry_key(p, &q_u->pol)) - return NT_STATUS_OBJECT_NAME_INVALID; + return WERR_BADFID; + + return WERR_OK; +} + +/******************************************************************* + ********************************************************************/ + +WERROR _reg_open_hklm(pipes_struct *p, REG_Q_OPEN_HIVE *q_u, REG_R_OPEN_HIVE *r_u) +{ + REGISTRY_KEY *keyinfo; + + return open_registry_key( p, &r_u->pol, &keyinfo, NULL, KEY_HKLM, q_u->access ); +} + +/******************************************************************* + ********************************************************************/ - return NT_STATUS_OK; +WERROR _reg_open_hkpd(pipes_struct *p, REG_Q_OPEN_HIVE *q_u, REG_R_OPEN_HIVE *r_u) +{ + REGISTRY_KEY *keyinfo; + + return open_registry_key( p, &r_u->pol, &keyinfo, NULL, KEY_HKPD, q_u->access ); } /******************************************************************* ********************************************************************/ -NTSTATUS _reg_open_hklm(pipes_struct *p, REG_Q_OPEN_HKLM *q_u, REG_R_OPEN_HKLM *r_u) +WERROR _reg_open_hkpt(pipes_struct *p, REG_Q_OPEN_HIVE *q_u, REG_R_OPEN_HIVE *r_u) { - return open_registry_key( p, &r_u->pol, NULL, KEY_HKLM, 0x0 ); + REGISTRY_KEY *keyinfo; + + return open_registry_key( p, &r_u->pol, &keyinfo, NULL, KEY_HKPT, q_u->access ); } /******************************************************************* ********************************************************************/ -NTSTATUS _reg_open_hkcr(pipes_struct *p, REG_Q_OPEN_HKCR *q_u, REG_R_OPEN_HKCR *r_u) +WERROR _reg_open_hkcr(pipes_struct *p, REG_Q_OPEN_HIVE *q_u, REG_R_OPEN_HIVE *r_u) { - return open_registry_key( p, &r_u->pol, NULL, KEY_HKCR, 0x0 ); + REGISTRY_KEY *keyinfo; + + return open_registry_key( p, &r_u->pol, &keyinfo, NULL, KEY_HKCR, q_u->access ); } /******************************************************************* ********************************************************************/ -NTSTATUS _reg_open_hku(pipes_struct *p, REG_Q_OPEN_HKU *q_u, REG_R_OPEN_HKU *r_u) +WERROR _reg_open_hku(pipes_struct *p, REG_Q_OPEN_HIVE *q_u, REG_R_OPEN_HIVE *r_u) { - return open_registry_key( p, &r_u->pol, NULL, KEY_HKU, 0x0 ); + REGISTRY_KEY *keyinfo; + + return open_registry_key( p, &r_u->pol, &keyinfo, NULL, KEY_HKU, q_u->access ); } /******************************************************************* reg_reply_open_entry ********************************************************************/ -NTSTATUS _reg_open_entry(pipes_struct *p, REG_Q_OPEN_ENTRY *q_u, REG_R_OPEN_ENTRY *r_u) +WERROR _reg_open_entry(pipes_struct *p, REG_Q_OPEN_ENTRY *q_u, REG_R_OPEN_ENTRY *r_u) { - POLICY_HND pol; fstring name; - REGISTRY_KEY *key = find_regkey_index_by_hnd(p, &q_u->pol); - NTSTATUS result; + REGISTRY_KEY *parent = find_regkey_index_by_hnd(p, &q_u->pol); + REGISTRY_KEY *newkey = NULL; + uint32 check_rights; - DEBUG(5,("reg_open_entry: Enter\n")); + if ( !parent ) + return WERR_BADFID; - if ( !key ) - return NT_STATUS_INVALID_HANDLE; - - rpcstr_pull(name,q_u->uni_name.buffer,sizeof(name),q_u->uni_name.uni_str_len*2,0); + rpcstr_pull( name, q_u->name.string->buffer, sizeof(name), q_u->name.string->uni_str_len*2, 0 ); - DEBUG(5,("reg_open_entry: Enter\n")); - - result = open_registry_key( p, &pol, key, name, 0x0 ); - - init_reg_r_open_entry( r_u, &pol, result ); - - DEBUG(5,("reg_open_entry: Exit\n")); + /* check granted access first; what is the correct mask here? */ - return r_u->status; + check_rights = ( SEC_RIGHTS_ENUM_SUBKEYS| + SEC_RIGHTS_CREATE_SUBKEY| + SEC_RIGHTS_QUERY_VALUE| + SEC_RIGHTS_SET_VALUE); + + if ( !(parent->access_granted & check_rights) ) + return WERR_ACCESS_DENIED; + + /* + * very crazy, but regedit.exe on Win2k will attempt to call + * REG_OPEN_ENTRY with a keyname of "". We should return a new + * (second) handle here on the key->name. regedt32.exe does + * not do this stupidity. --jerry + */ + + return open_registry_key( p, &r_u->handle, &newkey, parent, name, q_u->access ); } /******************************************************************* reg_reply_info ********************************************************************/ -NTSTATUS _reg_info(pipes_struct *p, REG_Q_INFO *q_u, REG_R_INFO *r_u) +WERROR _reg_query_value(pipes_struct *p, REG_Q_QUERY_VALUE *q_u, REG_R_QUERY_VALUE *r_u) { - NTSTATUS status = NT_STATUS_NO_SUCH_FILE; + WERROR status = WERR_BADFILE; fstring name; - char *value_ascii = ""; - fstring value; - int value_length; REGISTRY_KEY *regkey = find_regkey_index_by_hnd( p, &q_u->pol ); REGISTRY_VALUE *val = NULL; - REGISTRY_VALUE emptyval; - REGVAL_CTR regvals; + REGVAL_CTR *regvals; int i; - DEBUG(5,("_reg_info: Enter\n")); - if ( !regkey ) - return NT_STATUS_INVALID_HANDLE; + return WERR_BADFID; DEBUG(7,("_reg_info: policy key name = [%s]\n", regkey->name)); + DEBUG(7,("_reg_info: policy key type = [%08x]\n", regkey->type)); - rpcstr_pull(name, q_u->uni_type.buffer, sizeof(name), q_u->uni_type.uni_str_len*2, 0); + rpcstr_pull(name, q_u->name.string->buffer, sizeof(name), q_u->name.string->uni_str_len*2, 0); - DEBUG(5,("reg_info: looking up value: [%s]\n", name)); + DEBUG(5,("_reg_info: looking up value: [%s]\n", name)); - ZERO_STRUCTP( ®vals ); + if ( !(regvals = TALLOC_P( p->mem_ctx, REGVAL_CTR )) ) + return WERR_NOMEM; - regval_ctr_init( ®vals ); - - /* couple of hard coded registry values */ - - if ( strequal(name, "RefusePasswordChange") ) { - ZERO_STRUCTP( &emptyval ); - val = &emptyval; - - goto out; - } - - if ( strequal(name, REGSTR_PRODUCTTYPE) ) { - /* This makes the server look like a member server to clients */ - /* which tells clients that we have our own local user and */ - /* group databases and helps with ACL support. */ - - switch (lp_server_role()) { - case ROLE_DOMAIN_PDC: - case ROLE_DOMAIN_BDC: - value_ascii = REG_PT_LANMANNT; - break; - case ROLE_STANDALONE: - value_ascii = REG_PT_SERVERNT; - break; - case ROLE_DOMAIN_MEMBER: - value_ascii = REG_PT_WINNT; - break; + /* Handle QueryValue calls on HKEY_PERFORMANCE_DATA */ + if(regkey->type == REG_KEY_HKPD) + { + if(strequal(name, "Global")) + { + uint32 outbuf_len; + prs_struct prs_hkpd; + prs_init(&prs_hkpd, q_u->bufsize, p->mem_ctx, MARSHALL); + status = reg_perfcount_get_hkpd(&prs_hkpd, q_u->bufsize, &outbuf_len, NULL); + regval_ctr_addvalue(regvals, "HKPD", REG_BINARY, + prs_hkpd.data_p, outbuf_len); + val = dup_registry_value(regval_ctr_specific_value(regvals, 0)); + prs_mem_free(&prs_hkpd); + } + else if(strequal(name, "Counter 009")) + { + uint32 base_index; + uint32 buffer_size; + char *buffer; + + buffer = NULL; + base_index = reg_perfcount_get_base_index(); + buffer_size = reg_perfcount_get_counter_names(base_index, &buffer); + regval_ctr_addvalue(regvals, "Counter 009", + REG_MULTI_SZ, buffer, buffer_size); + + val = dup_registry_value(regval_ctr_specific_value(regvals, 0)); + + if(buffer_size > 0) + { + SAFE_FREE(buffer); + status = WERR_OK; + } + } + else if(strequal(name, "Explain 009")) + { + uint32 base_index; + uint32 buffer_size; + char *buffer; + + buffer = NULL; + base_index = reg_perfcount_get_base_index(); + buffer_size = reg_perfcount_get_counter_help(base_index, &buffer); + regval_ctr_addvalue(regvals, "Explain 009", + REG_MULTI_SZ, buffer, buffer_size); + + val = dup_registry_value(regval_ctr_specific_value(regvals, 0)); + + if(buffer_size > 0) + { + SAFE_FREE(buffer); + status = WERR_OK; + } + } + else if(isdigit(name[0])) + { + /* we probably have a request for a specific object here */ + uint32 outbuf_len; + prs_struct prs_hkpd; + prs_init(&prs_hkpd, q_u->bufsize, p->mem_ctx, MARSHALL); + status = reg_perfcount_get_hkpd(&prs_hkpd, q_u->bufsize, &outbuf_len, name); + regval_ctr_addvalue(regvals, "HKPD", REG_BINARY, + prs_hkpd.data_p, outbuf_len); + + val = dup_registry_value(regval_ctr_specific_value(regvals, 0)); + prs_mem_free(&prs_hkpd); + } + else + { + DEBUG(3,("Unsupported key name [%s] for HKPD.\n", name)); + return WERR_BADFILE; } - value_length = push_ucs2(value, value, value_ascii, - sizeof(value), - STR_TERMINATE|STR_NOALIGN); - regval_ctr_addvalue(®vals, REGSTR_PRODUCTTYPE, REG_SZ, - value, value_length); - - val = dup_registry_value( regval_ctr_specific_value( ®vals, 0 ) ); - - status = NT_STATUS_OK; - - goto out; } - - /* else fall back to actually looking up the value */ - - for ( i=0; fetch_reg_values_specific(regkey, &val, i); i++ ) + /* HKPT calls can be handled out of reg_dynamic.c with the hkpt_params handler */ + else { + for ( i=0; fetch_reg_values_specific(regkey, &val, i); i++ ) + { DEBUG(10,("_reg_info: Testing value [%s]\n", val->valuename)); - if ( StrCaseCmp( val->valuename, name ) == 0 ) { + if ( strequal( val->valuename, name ) ) { DEBUG(10,("_reg_info: Found match for value [%s]\n", name)); - status = NT_STATUS_OK; + status = WERR_OK; break; } free_registry_value( val ); + } } - -out: - new_init_reg_r_info(q_u->ptr_buf, r_u, val, status); + init_reg_r_query_value(q_u->ptr_buf, r_u, val, status); - regval_ctr_destroy( ®vals ); + TALLOC_FREE( regvals ); free_registry_value( val ); - DEBUG(5,("_reg_info: Exit\n")); - return status; } - /***************************************************************************** Implementation of REG_QUERY_KEY ****************************************************************************/ -NTSTATUS _reg_query_key(pipes_struct *p, REG_Q_QUERY_KEY *q_u, REG_R_QUERY_KEY *r_u) +WERROR _reg_query_key(pipes_struct *p, REG_Q_QUERY_KEY *q_u, REG_R_QUERY_KEY *r_u) { - NTSTATUS status = NT_STATUS_OK; + WERROR status = WERR_OK; REGISTRY_KEY *regkey = find_regkey_index_by_hnd( p, &q_u->pol ); - DEBUG(5,("_reg_query_key: Enter\n")); - if ( !regkey ) - return NT_STATUS_INVALID_HANDLE; + return WERR_BADFID; - if ( !get_subkey_information( regkey, &r_u->num_subkeys, &r_u->max_subkeylen ) ) - return NT_STATUS_ACCESS_DENIED; + if ( !get_subkey_information( regkey, &r_u->num_subkeys, &r_u->max_subkeylen ) ) { + DEBUG(0,("_reg_query_key: get_subkey_information() failed!\n")); + return WERR_ACCESS_DENIED; + } - if ( !get_value_information( regkey, &r_u->num_values, &r_u->max_valnamelen, &r_u->max_valbufsize ) ) - return NT_STATUS_ACCESS_DENIED; + if ( !get_value_information( regkey, &r_u->num_values, &r_u->max_valnamelen, &r_u->max_valbufsize ) ) { + DEBUG(0,("_reg_query_key: get_value_information() failed!\n")); + return WERR_ACCESS_DENIED; + } r_u->sec_desc = 0x00000078; /* size for key's sec_desc */ @@ -460,29 +460,23 @@ NTSTATUS _reg_query_key(pipes_struct *p, REG_Q_QUERY_KEY *q_u, REG_R_QUERY_KEY * ZERO_STRUCT(r_u->mod_time); - DEBUG(5,("_reg_query_key: Exit\n")); - return status; } /***************************************************************************** - Implementation of REG_UNKNOWN_1A + Implementation of REG_GETVERSION ****************************************************************************/ -NTSTATUS _reg_unknown_1a(pipes_struct *p, REG_Q_UNKNOWN_1A *q_u, REG_R_UNKNOWN_1A *r_u) +WERROR _reg_getversion(pipes_struct *p, REG_Q_GETVERSION *q_u, REG_R_GETVERSION *r_u) { - NTSTATUS status = NT_STATUS_OK; + WERROR status = WERR_OK; REGISTRY_KEY *regkey = find_regkey_index_by_hnd( p, &q_u->pol ); - DEBUG(5,("_reg_unknown_1a: Enter\n")); - if ( !regkey ) - return NT_STATUS_INVALID_HANDLE; - - r_u->unknown = 0x00000005; /* seems to be consistent...no idea what it means */ + return WERR_BADFID; - DEBUG(5,("_reg_unknown_1a: Exit\n")); + r_u->win_version = 0x00000005; /* Windows 2000 registry API version */ return status; } @@ -492,23 +486,21 @@ NTSTATUS _reg_unknown_1a(pipes_struct *p, REG_Q_UNKNOWN_1A *q_u, REG_R_UNKNOWN_1 Implementation of REG_ENUM_KEY ****************************************************************************/ -NTSTATUS _reg_enum_key(pipes_struct *p, REG_Q_ENUM_KEY *q_u, REG_R_ENUM_KEY *r_u) +WERROR _reg_enum_key(pipes_struct *p, REG_Q_ENUM_KEY *q_u, REG_R_ENUM_KEY *r_u) { - NTSTATUS status = NT_STATUS_OK; + WERROR status = WERR_OK; REGISTRY_KEY *regkey = find_regkey_index_by_hnd( p, &q_u->pol ); char *subkey = NULL; - DEBUG(5,("_reg_enum_key: Enter\n")); - if ( !regkey ) - return NT_STATUS_INVALID_HANDLE; + return WERR_BADFID; DEBUG(8,("_reg_enum_key: enumerating key [%s]\n", regkey->name)); if ( !fetch_reg_keys_specific( regkey, &subkey, q_u->key_index ) ) { - status = NT_STATUS_NO_MORE_ENTRIES; + status = WERR_NO_MORE_ITEMS; goto done; } @@ -516,9 +508,7 @@ NTSTATUS _reg_enum_key(pipes_struct *p, REG_Q_ENUM_KEY *q_u, REG_R_ENUM_KEY *r_u /* subkey has the string name now */ - init_reg_r_enum_key( r_u, subkey, q_u->unknown_1, q_u->unknown_2 ); - - DEBUG(5,("_reg_enum_key: Exit\n")); + init_reg_r_enum_key( r_u, subkey ); done: SAFE_FREE( subkey ); @@ -529,23 +519,20 @@ done: Implementation of REG_ENUM_VALUE ****************************************************************************/ -NTSTATUS _reg_enum_value(pipes_struct *p, REG_Q_ENUM_VALUE *q_u, REG_R_ENUM_VALUE *r_u) +WERROR _reg_enum_value(pipes_struct *p, REG_Q_ENUM_VALUE *q_u, REG_R_ENUM_VALUE *r_u) { - NTSTATUS status = NT_STATUS_OK; + WERROR status = WERR_OK; REGISTRY_KEY *regkey = find_regkey_index_by_hnd( p, &q_u->pol ); REGISTRY_VALUE *val; - DEBUG(5,("_reg_enum_value: Enter\n")); - if ( !regkey ) - return NT_STATUS_INVALID_HANDLE; + return WERR_BADFID; - DEBUG(8,("_reg_enum_key: enumerating values for key [%s]\n", regkey->name)); + DEBUG(8,("_reg_enum_value: enumerating values for key [%s]\n", regkey->name)); - if ( !fetch_reg_values_specific( regkey, &val, q_u->val_index ) ) - { - status = NT_STATUS_NO_MORE_ENTRIES; + if ( !fetch_reg_values_specific( regkey, &val, q_u->val_index ) ) { + status = WERR_NO_MORE_ITEMS; goto done; } @@ -555,9 +542,6 @@ NTSTATUS _reg_enum_value(pipes_struct *p, REG_Q_ENUM_VALUE *q_u, REG_R_ENUM_VALU init_reg_r_enum_val( r_u, val ); - - DEBUG(5,("_reg_enum_value: Exit\n")); - done: free_registry_value( val ); @@ -569,89 +553,784 @@ done: reg_shutdwon ********************************************************************/ +WERROR _reg_shutdown(pipes_struct *p, REG_Q_SHUTDOWN *q_u, REG_R_SHUTDOWN *r_u) +{ + REG_Q_SHUTDOWN_EX q_u_ex; + REG_R_SHUTDOWN_EX r_u_ex; + + /* copy fields (including stealing memory) */ + + q_u_ex.server = q_u->server; + q_u_ex.message = q_u->message; + q_u_ex.timeout = q_u->timeout; + q_u_ex.force = q_u->force; + q_u_ex.reboot = q_u->reboot; + q_u_ex.reason = 0x0; /* don't care for now */ + + /* thunk down to _reg_shutdown_ex() (just returns a status) */ + + return _reg_shutdown_ex( p, &q_u_ex, &r_u_ex ); +} + +/******************************************************************* + reg_shutdown_ex + ********************************************************************/ + #define SHUTDOWN_R_STRING "-r" #define SHUTDOWN_F_STRING "-f" -NTSTATUS _reg_shutdown(pipes_struct *p, REG_Q_SHUTDOWN *q_u, REG_R_SHUTDOWN *r_u) +WERROR _reg_shutdown_ex(pipes_struct *p, REG_Q_SHUTDOWN_EX *q_u, REG_R_SHUTDOWN_EX *r_u) { - NTSTATUS status = NT_STATUS_OK; pstring shutdown_script; - UNISTR2 unimsg = q_u->uni_msg; pstring message; pstring chkmsg; fstring timeout; + fstring reason; fstring r; fstring f; + int ret; + BOOL can_shutdown; - /* message */ - rpcstr_pull (message, unimsg.buffer, sizeof(message), unimsg.uni_str_len*2,0); - /* security check */ - alpha_strcpy (chkmsg, message, NULL, sizeof(message)); - /* timeout */ - snprintf(timeout, sizeof(timeout), "%d", q_u->timeout); - /* reboot */ - snprintf(r, sizeof(r), (q_u->flags & REG_REBOOT_ON_SHUTDOWN)?SHUTDOWN_R_STRING:""); - /* force */ - snprintf(f, sizeof(f), (q_u->flags & REG_FORCE_SHUTDOWN)?SHUTDOWN_F_STRING:""); - - pstrcpy(shutdown_script, lp_shutdown_script()); - - if(*shutdown_script) { - int shutdown_ret; - all_string_sub(shutdown_script, "%m", chkmsg, sizeof(shutdown_script)); - all_string_sub(shutdown_script, "%t", timeout, sizeof(shutdown_script)); - all_string_sub(shutdown_script, "%r", r, sizeof(shutdown_script)); - all_string_sub(shutdown_script, "%f", f, sizeof(shutdown_script)); - shutdown_ret = smbrun(shutdown_script,NULL); - DEBUG(3,("_reg_shutdown: Running the command `%s' gave %d\n",shutdown_script,shutdown_ret)); + + pstrcpy(shutdown_script, lp_shutdown_script()); + + if ( !*shutdown_script ) + return WERR_ACCESS_DENIED; + + /* pull the message string and perform necessary sanity checks on it */ + + pstrcpy( message, "" ); + if ( q_u->message ) { + UNISTR2 *msg_string = q_u->message->string; + + rpcstr_pull( message, msg_string->buffer, sizeof(message), msg_string->uni_str_len*2, 0 ); } + alpha_strcpy (chkmsg, message, NULL, sizeof(message)); + + fstr_sprintf(timeout, "%d", q_u->timeout); + fstr_sprintf(r, (q_u->reboot) ? SHUTDOWN_R_STRING : ""); + fstr_sprintf(f, (q_u->force) ? SHUTDOWN_F_STRING : ""); + fstr_sprintf( reason, "%d", q_u->reason ); + + all_string_sub( shutdown_script, "%z", chkmsg, sizeof(shutdown_script) ); + all_string_sub( shutdown_script, "%t", timeout, sizeof(shutdown_script) ); + all_string_sub( shutdown_script, "%r", r, sizeof(shutdown_script) ); + all_string_sub( shutdown_script, "%f", f, sizeof(shutdown_script) ); + all_string_sub( shutdown_script, "%x", reason, sizeof(shutdown_script) ); + + can_shutdown = user_has_privileges( p->pipe_user.nt_user_token, &se_remote_shutdown ); + + /* IF someone has privs, run the shutdown script as root. OTHERWISE run it as not root + Take the error return from the script and provide it as the Windows return code. */ + + /********** BEGIN SeRemoteShutdownPrivilege BLOCK **********/ + + if ( can_shutdown ) + become_root(); - return status; + ret = smbrun( shutdown_script, NULL ); + + if ( can_shutdown ) + unbecome_root(); + + /********** END SeRemoteShutdownPrivilege BLOCK **********/ + + DEBUG(3,("_reg_shutdown_ex: Running the command `%s' gave %d\n", + shutdown_script, ret)); + + + return (ret == 0) ? WERR_OK : WERR_ACCESS_DENIED; } + + + /******************************************************************* reg_abort_shutdwon ********************************************************************/ -NTSTATUS _reg_abort_shutdown(pipes_struct *p, REG_Q_ABORT_SHUTDOWN *q_u, REG_R_ABORT_SHUTDOWN *r_u) +WERROR _reg_abort_shutdown(pipes_struct *p, REG_Q_ABORT_SHUTDOWN *q_u, REG_R_ABORT_SHUTDOWN *r_u) { - NTSTATUS status = NT_STATUS_OK; pstring abort_shutdown_script; + int ret; + BOOL can_shutdown; pstrcpy(abort_shutdown_script, lp_abort_shutdown_script()); - if(*abort_shutdown_script) { - int abort_shutdown_ret; - abort_shutdown_ret = smbrun(abort_shutdown_script,NULL); - DEBUG(3,("_reg_abort_shutdown: Running the command `%s' gave %d\n",abort_shutdown_script,abort_shutdown_ret)); + if ( !*abort_shutdown_script ) + return WERR_ACCESS_DENIED; + + can_shutdown = user_has_privileges( p->pipe_user.nt_user_token, &se_remote_shutdown ); + + /********** BEGIN SeRemoteShutdownPrivilege BLOCK **********/ + + if ( can_shutdown ) + become_root(); + + ret = smbrun( abort_shutdown_script, NULL ); + + if ( can_shutdown ) + unbecome_root(); + + /********** END SeRemoteShutdownPrivilege BLOCK **********/ + + DEBUG(3,("_reg_abort_shutdown: Running the command `%s' gave %d\n", + abort_shutdown_script, ret)); + + + return (ret == 0) ? WERR_OK : WERR_ACCESS_DENIED; +} + +/******************************************************************* + ********************************************************************/ + +static int validate_reg_filename( pstring fname ) +{ + char *p; + int num_services = lp_numservices(); + int snum; + pstring share_path; + pstring unix_fname; + + /* convert to a unix path, stripping the C:\ along the way */ + + if ( !(p = valid_share_pathname( fname ) )) + return -1; + + /* has to exist within a valid file share */ + + for ( snum=0; snummem_ctx, REGSUBKEY_CTR )) ) + return WERR_NOMEM; + + if ( !(values = TALLOC_ZERO_P( subkeys, REGVAL_CTR )) ) + return WERR_NOMEM; + + /* copy values into the REGVAL_CTR */ + + for ( i=0; inum_values; i++ ) { + regval_ctr_addvalue( values, key->values[i].valuename, key->values[i].type, + (char*)key->values[i].data, (key->values[i].data_size & ~VK_DATA_IN_OFFSET) ); + } + + /* copy subkeys into the REGSUBKEY_CTR */ + + key->subkey_index = 0; + while ( (subkey = regfio_fetch_subkey( regfile, key )) ) { + regsubkey_ctr_addkey( subkeys, subkey->keyname ); + } + + /* write this key and values out */ + + if ( !store_reg_values( ®istry_key, values ) + || !store_reg_keys( ®istry_key, subkeys ) ) + { + DEBUG(0,("reg_load_tree: Failed to load %s!\n", topkeypath)); + result = WERR_REG_IO_FAILURE; + } + + TALLOC_FREE( subkeys ); + + if ( !W_ERROR_IS_OK(result) ) + return result; + + /* now continue to load each subkey registry tree */ + + key->subkey_index = 0; + while ( (subkey = regfio_fetch_subkey( regfile, key )) ) { + pstr_sprintf( path, "%s%s%s", topkeypath, "\\", subkey->keyname ); + result = reg_load_tree( regfile, path, subkey ); + if ( !W_ERROR_IS_OK(result) ) + break; + } + + return result; +} + +/******************************************************************* + ********************************************************************/ + +static WERROR restore_registry_key ( REGISTRY_KEY *krecord, const char *fname ) +{ + REGF_FILE *regfile; + REGF_NK_REC *rootkey; + WERROR result; + + /* open the registry file....fail if the file already exists */ + + if ( !(regfile = regfio_open( fname, (O_RDONLY), 0 )) ) { + DEBUG(0,("backup_registry_key: failed to open \"%s\" (%s)\n", + fname, strerror(errno) )); + return ( ntstatus_to_werror(map_nt_error_from_unix( errno )) ); + } + + /* get the rootkey from the regf file and then load the tree + via recursive calls */ + + if ( !(rootkey = regfio_rootkey( regfile )) ) + return WERR_REG_FILE_INVALID; + + result = reg_load_tree( regfile, krecord->name, rootkey ); + + /* cleanup */ + + regfio_close( regfile ); + + return result; } /******************************************************************* - REG_SAVE_KEY (0x14) ********************************************************************/ -NTSTATUS _reg_save_key(pipes_struct *p, REG_Q_SAVE_KEY *q_u, REG_R_SAVE_KEY *r_u) +WERROR _reg_restore_key(pipes_struct *p, REG_Q_RESTORE_KEY *q_u, REG_R_RESTORE_KEY *r_u) { REGISTRY_KEY *regkey = find_regkey_index_by_hnd( p, &q_u->pol ); + pstring filename; + int snum; - DEBUG(5,("_reg_save_key: Enter\n")); + if ( !regkey ) + return WERR_BADFID; + + rpcstr_pull(filename, q_u->filename.string->buffer, sizeof(filename), q_u->filename.string->uni_str_len*2, STR_TERMINATE); + + DEBUG(8,("_reg_restore_key: verifying restore of key [%s] from \"%s\"\n", regkey->name, filename)); + + if ( (snum = validate_reg_filename( filename )) == -1 ) + return WERR_OBJECT_PATH_INVALID; + + /* user must posses SeRestorePrivilege for this this proceed */ + + if ( !user_has_privileges( p->pipe_user.nt_user_token, &se_restore ) ) + return WERR_ACCESS_DENIED; + + DEBUG(2,("_reg_restore_key: Restoring [%s] from %s in share %s\n", regkey->name, filename, lp_servicename(snum) )); + + return restore_registry_key( regkey, filename ); +} + +/******************************************************************** +********************************************************************/ + +static WERROR reg_write_tree( REGF_FILE *regfile, const char *keypath, + REGF_NK_REC *parent, SEC_DESC *sec_desc ) +{ + REGF_NK_REC *key; + REGVAL_CTR *values; + REGSUBKEY_CTR *subkeys; + int i, num_subkeys; + pstring key_tmp; + char *keyname, *parentpath; + pstring subkeypath; + char *subkeyname; + REGISTRY_KEY registry_key; + WERROR result = WERR_OK; + + if ( !regfile ) + return WERR_GENERAL_FAILURE; + + if ( !keypath ) + return WERR_OBJECT_PATH_INVALID; + + /* split up the registry key path */ + + pstrcpy( key_tmp, keypath ); + if ( !reg_split_key( key_tmp, &parentpath, &keyname ) ) + return WERR_OBJECT_PATH_INVALID; + + if ( !keyname ) + keyname = parentpath; + + /* we need a REGISTRY_KEY object here to enumerate subkeys and values */ + + ZERO_STRUCT( registry_key ); + pstrcpy( registry_key.name, keypath ); + if ( !(registry_key.hook = reghook_cache_find( registry_key.name )) ) + return WERR_BADFILE; + + + /* lookup the values and subkeys */ + + if ( !(subkeys = TALLOC_ZERO_P( regfile->mem_ctx, REGSUBKEY_CTR )) ) + return WERR_NOMEM; + + if ( !(values = TALLOC_ZERO_P( subkeys, REGVAL_CTR )) ) + return WERR_NOMEM; + + fetch_reg_keys( ®istry_key, subkeys ); + fetch_reg_values( ®istry_key, values ); + + /* write out this key */ + + if ( !(key = regfio_write_key( regfile, keyname, values, subkeys, sec_desc, parent )) ) { + result = WERR_CAN_NOT_COMPLETE; + goto done; + } + + /* write each one of the subkeys out */ + + num_subkeys = regsubkey_ctr_numkeys( subkeys ); + for ( i=0; imem_ctx, &sd )) ) { + regfio_close( regfile ); + return result; + } + + /* write the registry tree to the file */ + + result = reg_write_tree( regfile, krecord->name, NULL, sd ); + + /* cleanup */ + + regfio_close( regfile ); + + return result; +} + +/******************************************************************* + ********************************************************************/ + +WERROR _reg_save_key(pipes_struct *p, REG_Q_SAVE_KEY *q_u, REG_R_SAVE_KEY *r_u) +{ + REGISTRY_KEY *regkey = find_regkey_index_by_hnd( p, &q_u->pol ); + pstring filename; + int snum; - /* - * basically this is a no op function which just gverifies - * that the client gave us a valid registry key handle - */ - if ( !regkey ) - return NT_STATUS_INVALID_HANDLE; + return WERR_BADFID; + + rpcstr_pull(filename, q_u->filename.string->buffer, sizeof(filename), q_u->filename.string->uni_str_len*2, STR_TERMINATE); + + DEBUG(8,("_reg_save_key: verifying backup of key [%s] to \"%s\"\n", regkey->name, filename)); + + if ( (snum = validate_reg_filename( filename )) == -1 ) + return WERR_OBJECT_PATH_INVALID; + + DEBUG(2,("_reg_save_key: Saving [%s] to %s in share %s\n", regkey->name, filename, lp_servicename(snum) )); + + return backup_registry_key( regkey, filename ); +} + +/******************************************************************* + ********************************************************************/ - DEBUG(8,("_reg_save_key: berifying backup of key [%s]\n", regkey->name)); +WERROR _reg_create_key_ex(pipes_struct *p, REG_Q_CREATE_KEY_EX *q_u, REG_R_CREATE_KEY_EX *r_u) +{ + REGISTRY_KEY *parent = find_regkey_index_by_hnd(p, &q_u->handle); + REGISTRY_KEY *newparentinfo, *keyinfo; + POLICY_HND newparent_handle; + REGSUBKEY_CTR *subkeys; + BOOL write_result; + pstring name; + WERROR result; + + if ( !parent ) + return WERR_BADFID; + + rpcstr_pull( name, q_u->name.string->buffer, sizeof(name), q_u->name.string->uni_str_len*2, 0 ); + + /* ok. Here's what we do. */ + + if ( strrchr( name, '\\' ) ) { + pstring newkeyname; + char *ptr; + + /* (1) check for enumerate rights on the parent handle. CLients can try + create things like 'SOFTWARE\Samba' on the HKLM handle. + (2) open the path to the child parent key if necessary */ + + if ( !(parent->access_granted & SEC_RIGHTS_ENUM_SUBKEYS) ) + return WERR_ACCESS_DENIED; + + pstrcpy( newkeyname, name ); + ptr = strrchr( newkeyname, '\\' ); + *ptr = '\0'; + + result = open_registry_key( p, &newparent_handle, &newparentinfo, + parent, newkeyname, (REG_KEY_READ|REG_KEY_WRITE) ); + + if ( !W_ERROR_IS_OK(result) ) + return result; + + /* copy the new key name (just the lower most keyname) */ + + pstrcpy( name, ptr+1 ); + } + else { + /* use the existing open key information */ + newparentinfo = parent; + memcpy( &newparent_handle, &q_u->handle, sizeof(POLICY_HND) ); + } + + /* (3) check for create subkey rights on the correct parent */ + + if ( !(newparentinfo->access_granted & SEC_RIGHTS_CREATE_SUBKEY) ) { + result = WERR_ACCESS_DENIED; + goto done; + } + + if ( !(subkeys = TALLOC_ZERO_P( p->mem_ctx, REGSUBKEY_CTR )) ) { + result = WERR_NOMEM; + goto done; + } + + /* (4) lookup the current keys and add the new one */ + + fetch_reg_keys( newparentinfo, subkeys ); + regsubkey_ctr_addkey( subkeys, name ); + + /* now write to the registry backend */ + + write_result = store_reg_keys( newparentinfo, subkeys ); + + TALLOC_FREE( subkeys ); + + if ( !write_result ) + return WERR_REG_IO_FAILURE; + + /* (5) open the new key and return the handle. Note that it is probably + not correct to grant full access on this open handle. */ + result = open_registry_key( p, &r_u->handle, &keyinfo, newparentinfo, name, REG_KEY_READ ); + keyinfo->access_granted = REG_KEY_ALL; - return NT_STATUS_OK; +done: + /* close any intermediate key handles */ + + if ( newparentinfo != parent ) + close_registry_key( p, &newparent_handle ); + + return result; } +/******************************************************************* + ********************************************************************/ + +WERROR _reg_set_value(pipes_struct *p, REG_Q_SET_VALUE *q_u, REG_R_SET_VALUE *r_u) +{ + REGISTRY_KEY *key = find_regkey_index_by_hnd(p, &q_u->handle); + REGVAL_CTR *values; + BOOL write_result; + fstring valuename; + + if ( !key ) + return WERR_BADFID; + + /* access checks first */ + + if ( !(key->access_granted & SEC_RIGHTS_SET_VALUE) ) + return WERR_ACCESS_DENIED; + + rpcstr_pull( valuename, q_u->name.string->buffer, sizeof(valuename), q_u->name.string->uni_str_len*2, 0 ); + + /* verify the name */ + + if ( !*valuename ) + return WERR_INVALID_PARAM; + + DEBUG(8,("_reg_set_value: Setting value for [%s:%s]\n", key->name, valuename)); + + if ( !(values = TALLOC_ZERO_P( p->mem_ctx, REGVAL_CTR )) ) + return WERR_NOMEM; + + /* lookup the current values and add the new one */ + + fetch_reg_values( key, values ); + + regval_ctr_addvalue( values, valuename, q_u->type, (char*)q_u->value.buffer, q_u->value.buf_len ); + + /* now write to the registry backend */ + + write_result = store_reg_values( key, values ); + + TALLOC_FREE( values ); + + if ( !write_result ) + return WERR_REG_IO_FAILURE; + + return WERR_OK; +} + +/******************************************************************* + ********************************************************************/ + +WERROR _reg_delete_key(pipes_struct *p, REG_Q_DELETE_KEY *q_u, REG_R_DELETE_KEY *r_u) +{ + REGISTRY_KEY *parent = find_regkey_index_by_hnd(p, &q_u->handle); + REGISTRY_KEY *newparentinfo; + POLICY_HND newparent_handle; + REGSUBKEY_CTR *subkeys; + BOOL write_result; + pstring name; + WERROR result; + + if ( !parent ) + return WERR_BADFID; + + /* MSDN says parent the handle must have been opened with DELETE access */ + + /* (1) check for delete rights on the parent */ + + if ( !(parent->access_granted & STD_RIGHT_DELETE_ACCESS) ) { + result = WERR_ACCESS_DENIED; + goto done; + } + + rpcstr_pull( name, q_u->name.string->buffer, sizeof(name), q_u->name.string->uni_str_len*2, 0 ); + + /* ok. Here's what we do. */ + + if ( strrchr( name, '\\' ) ) { + pstring newkeyname; + char *ptr; + + /* (2) open the path to the child parent key if necessary */ + /* split the registry path and save the subkeyname */ + + pstrcpy( newkeyname, name ); + ptr = strrchr( newkeyname, '\\' ); + *ptr = '\0'; + pstrcpy( name, ptr+1 ); + + result = open_registry_key( p, &newparent_handle, &newparentinfo, parent, newkeyname, (REG_KEY_READ|REG_KEY_WRITE) ); + if ( !W_ERROR_IS_OK(result) ) + return result; + } + else { + /* use the existing open key information */ + newparentinfo = parent; + } + + if ( !(subkeys = TALLOC_ZERO_P( p->mem_ctx, REGSUBKEY_CTR )) ) { + result = WERR_NOMEM; + goto done; + } + + /* lookup the current keys and delete the new one */ + + fetch_reg_keys( newparentinfo, subkeys ); + + regsubkey_ctr_delkey( subkeys, name ); + + /* now write to the registry backend */ + + write_result = store_reg_keys( newparentinfo, subkeys ); + + TALLOC_FREE( subkeys ); + + result = write_result ? WERR_OK : WERR_REG_IO_FAILURE; + +done: + /* close any intermediate key handles */ + + if ( newparentinfo != parent ) + close_registry_key( p, &newparent_handle ); + + return result; +} + + +/******************************************************************* + ********************************************************************/ + +WERROR _reg_delete_value(pipes_struct *p, REG_Q_DELETE_VALUE *q_u, REG_R_DELETE_VALUE *r_u) +{ + REGISTRY_KEY *key = find_regkey_index_by_hnd(p, &q_u->handle); + REGVAL_CTR *values; + BOOL write_result; + fstring valuename; + + if ( !key ) + return WERR_BADFID; + + /* access checks first */ + + if ( !(key->access_granted & SEC_RIGHTS_SET_VALUE) ) + return WERR_ACCESS_DENIED; + + rpcstr_pull( valuename, q_u->name.string->buffer, sizeof(valuename), q_u->name.string->uni_str_len*2, 0 ); + + if ( !*valuename ) + return WERR_INVALID_PARAM; + + DEBUG(8,("_reg_delete_value: Setting value for [%s:%s]\n", key->name, valuename)); + + if ( !(values = TALLOC_ZERO_P( p->mem_ctx, REGVAL_CTR )) ) + return WERR_NOMEM; + + /* lookup the current values and add the new one */ + + fetch_reg_values( key, values ); + + regval_ctr_delvalue( values, valuename ); + + /* now write to the registry backend */ + + write_result = store_reg_values( key, values ); + + TALLOC_FREE( values ); + + if ( !write_result ) + return WERR_REG_IO_FAILURE; + + return WERR_OK; +} + +/******************************************************************* + ********************************************************************/ + +WERROR _reg_get_key_sec(pipes_struct *p, REG_Q_GET_KEY_SEC *q_u, REG_R_GET_KEY_SEC *r_u) +{ + REGISTRY_KEY *key = find_regkey_index_by_hnd(p, &q_u->handle); + + if ( !key ) + return WERR_BADFID; + + /* access checks first */ + + if ( !(key->access_granted & STD_RIGHT_READ_CONTROL_ACCESS) ) + return WERR_ACCESS_DENIED; + + return WERR_ACCESS_DENIED; +} + +/******************************************************************* + ********************************************************************/ + +WERROR _reg_set_key_sec(pipes_struct *p, REG_Q_SET_KEY_SEC *q_u, REG_R_SET_KEY_SEC *r_u) +{ + REGISTRY_KEY *key = find_regkey_index_by_hnd(p, &q_u->handle); + + if ( !key ) + return WERR_BADFID; + + /* access checks first */ + + if ( !(key->access_granted & STD_RIGHT_WRITE_DAC_ACCESS) ) + return WERR_ACCESS_DENIED; + + return WERR_ACCESS_DENIED; +}