r10016: Support reading security descriptors on keys.
authorJelmer Vernooij <jelmer@samba.org>
Sat, 3 Sep 2005 23:23:14 +0000 (23:23 +0000)
committerGerald (Jerry) Carter <jerry@samba.org>
Wed, 10 Oct 2007 18:36:29 +0000 (13:36 -0500)
(This used to be commit b349e902c7b0140cd94e241ba9f81c83fa54f603)

source4/lib/registry/common/reg_interface.c
source4/lib/registry/reg_backend_nt4.c
source4/lib/registry/regf.idl
source4/lib/registry/tools/regtree.c

index 7f745143e64af7ecc2077ce54efba778fde4f49e..5297b1b3cfb3661d21b092c2359c73a18d8cbf9a 100644 (file)
@@ -427,6 +427,15 @@ WERROR reg_val_set(struct registry_key *key, const char *value, uint32_t type, D
 }
 
 
+WERROR reg_get_sec_desc(TALLOC_CTX *ctx, struct registry_key *key, struct security_descriptor **secdesc)
+{
+       /* A 'real' set function has preference */
+       if (key->hive->functions->key_get_sec_desc) 
+               return key->hive->functions->key_get_sec_desc(ctx, key, secdesc);
+
+       DEBUG(1, ("Backend '%s' doesn't support method get_sec_desc\n", key->hive->functions->name));
+       return WERR_NOT_SUPPORTED;
+}
 
 WERROR reg_del_value(struct registry_key *key, const char *valname)
 {
index e0f5ccd08c902e8e9777f923a0bedbfacc754c6e..b1c0d201f06a2e5db9841487e1386d4285f9f1d1 100644 (file)
@@ -21,6 +21,7 @@
 #include "registry.h"
 #include "system/filesys.h"
 #include "lib/registry/tdr_regf.h"
+#include "librpc/gen_ndr/ndr_security.h"
 
 /*
  * Read HBIN blocks into memory
@@ -251,6 +252,51 @@ static WERROR regf_get_subkey (TALLOC_CTX *ctx, struct registry_key *key, int id
        return WERR_OK;
 }
 
+static WERROR regf_get_sec_desc(TALLOC_CTX *ctx, struct registry_key *key, struct security_descriptor **sd)
+{
+       struct nk_block *nk = key->backend_data;
+       struct tdr_pull *tdr;
+       struct sk_block sk;
+       DATA_BLOB data;
+
+       data = regf_get_data(key->hive->backend_data, nk->sk_offset);
+       if (!data.data) {
+               DEBUG(0, ("Unable to find security descriptor\n"));
+               return WERR_GENERAL_FAILURE;
+       }
+
+       tdr = talloc_zero(ctx, struct tdr_pull);
+       if (!tdr)
+               return WERR_NOMEM;
+
+       tdr->data = data;
+
+       if (NT_STATUS_IS_ERR(tdr_pull_sk_block(tdr, &sk))) {
+               DEBUG(0, ("Error parsing SK block\n"));
+               return WERR_GENERAL_FAILURE;
+       }
+
+       if (strcmp(sk.header, "sk") != 0) {
+               DEBUG(0, ("Expected 'sk', got '%s'\n", sk.header));
+               return WERR_GENERAL_FAILURE;
+       }
+
+       *sd = talloc(ctx, struct security_descriptor);
+       if (!*sd)
+               return WERR_NOMEM;
+
+       data.data = sk.sec_desc;
+       data.length = sk.rec_size;
+       if (NT_STATUS_IS_ERR(ndr_pull_struct_blob(&data, ctx, *sd, (ndr_pull_flags_fn_t)ndr_pull_security_descriptor))) {
+               DEBUG(0, ("Error parsing security descriptor\n"));
+               return WERR_GENERAL_FAILURE;
+       }
+
+       talloc_free(tdr);
+
+       return WERR_OK;
+}
+
 static WERROR nt_open_hive (struct registry_hive *h, struct registry_key **key)
 {
        struct regf_data *regf;
@@ -342,6 +388,7 @@ static struct hive_operations reg_backend_nt4 = {
        .num_values = regf_num_values,
        .get_subkey_by_index = regf_get_subkey,
        .get_value_by_index = regf_get_value,
+       .key_get_sec_desc = regf_get_sec_desc,
 };
 
 NTSTATUS registry_nt4_init(void)
index 760183c01d56f0f94a46a5369b25874495d42b3f..3b0a66fc54dd7711d553edfdaf0c0859ae60c5cc 100644 (file)
@@ -100,9 +100,9 @@ interface regf
        } nk_block;
 
        /* sk (? Security Key ?) is the ACL of the registry. */
-       typedef [noprint,nopush,nopull] struct {
+       typedef [noprint,public] struct {
                [charset(DOS)] uint8 header[2];
-               uint16 uk1;
+               uint16 tag;
                uint32 prev_offset;
                uint32 next_offset;
                uint32 ref_cnt;
index 2385123b7fccbb82c0d0b4325bef2602cc8cb115..38dffed85dfb60601c40dc9c8d353f9e322ece61 100644 (file)
@@ -28,6 +28,7 @@ static void print_tree(int l, struct registry_key *p, int fullpath, int novals)
 {
        struct registry_key *subkey;
        struct registry_value *value;
+       struct security_descriptor *sec_desc;
        WERROR error;
        int i;
        TALLOC_CTX *mem_ctx;
@@ -68,9 +69,15 @@ static void print_tree(int l, struct registry_key *p, int fullpath, int novals)
                        DEBUG(0, ("Error occured while fetching values for '%s': %s\n", p->path, win_errstr(error)));
                }
        }
+
+       mem_ctx = talloc_init("sec_desc");
+       if (NT_STATUS_IS_ERR(reg_get_sec_desc(mem_ctx, p, &sec_desc))) {
+               DEBUG(0, ("Error getting security descriptor\n"));
+       }
+       talloc_free(mem_ctx);
 }
 
- int main(int argc, char **argv)
+int main(int argc, char **argv)
 {
        int opt, i;
        const char *backend = NULL;