s3:net: add a command "net registry setsd_sdd"
authorMichael Adam <obnox@samba.org>
Tue, 2 Mar 2010 13:43:53 +0000 (14:43 +0100)
committerMichael Adam <obnox@samba.org>
Wed, 3 Mar 2010 08:16:38 +0000 (09:16 +0100)
This permits to set the security descriptor of a registry
key from the unix command line.

Michael

source3/utils/net_registry.c

index 1006079a0332aa43d0542766a88034e227aca3d6..94d3bf4addc673e0b964c7f71307286c64e63fd0 100644 (file)
@@ -535,6 +535,86 @@ done:
        return ret;
 }
 
+static WERROR net_registry_setsd_internal(struct net_context *c,
+                                         TALLOC_CTX *mem_ctx,
+                                         const char *keyname,
+                                         struct security_descriptor *sd)
+{
+       WERROR werr;
+       struct registry_key *key = NULL;
+       TALLOC_CTX *ctx = talloc_stackframe();
+       uint32_t access_mask = REG_KEY_WRITE |
+                              SEC_FLAG_MAXIMUM_ALLOWED |
+                              SEC_FLAG_SYSTEM_SECURITY;
+
+       /*
+        * net_rpc_regsitry uses SEC_FLAG_SYSTEM_SECURITY, but access
+        * is denied with these perms right now...
+        */
+       access_mask = REG_KEY_WRITE;
+
+       if (strlen(keyname) == 0) {
+               d_fprintf(stderr, _("error: zero length key name given\n"));
+               werr = WERR_INVALID_PARAM;
+               goto done;
+       }
+
+       werr = open_key(ctx, keyname, access_mask, &key);
+       if (!W_ERROR_IS_OK(werr)) {
+               d_fprintf(stderr, "%s%s\n", _("open_key failed: "),
+                         win_errstr(werr));
+               goto done;
+       }
+
+       werr = reg_setkeysecurity(key, sd);
+       if (!W_ERROR_IS_OK(werr)) {
+               d_fprintf(stderr, "%s%s\n", _("reg_setkeysecurity failed: "),
+                         win_errstr(werr));
+               goto done;
+       }
+
+       werr = WERR_OK;
+
+done:
+       TALLOC_FREE(ctx);
+       return werr;
+}
+
+static int net_registry_setsd_sddl(struct net_context *c,
+                                  int argc, const char **argv)
+{
+       WERROR werr;
+       int ret = -1;
+       struct security_descriptor *secdesc = NULL;
+       TALLOC_CTX *ctx = talloc_stackframe();
+
+       if (argc != 2 || c->display_usage) {
+               d_printf("%s\n%s",
+                        _("Usage:"),
+                        _("net registry setsd_sddl <path> <security_descriptor>\n"));
+               d_printf("%s\n%s",
+                        _("Example:"),
+                        _("net registry setsd_sddl 'HKLM\\Software\\Samba'\n"));
+               goto done;
+       }
+
+       secdesc = sddl_decode(ctx, argv[1], get_global_sam_sid());
+       if (secdesc == NULL) {
+               goto done;
+       }
+
+       werr = net_registry_setsd_internal(c, ctx, argv[0], secdesc);
+       if (!W_ERROR_IS_OK(werr)) {
+               goto done;
+       }
+
+       ret = 0;
+
+done:
+       TALLOC_FREE(ctx);
+       return ret;
+}
+
 int net_registry(struct net_context *c, int argc, const char **argv)
 {
        int ret = -1;
@@ -612,6 +692,14 @@ int net_registry(struct net_context *c, int argc, const char **argv)
                        N_("net registry getsd_sddl\n"
                           "    Get security descriptor in sddl format")
                },
+               {
+                       "setsd_sddl",
+                       net_registry_setsd_sddl,
+                       NET_TRANSPORT_LOCAL,
+                       N_("Set security descriptor from sddl format string"),
+                       N_("net registry setsd_sddl\n"
+                          "    Set security descriptor from sddl format string")
+               },
        { NULL, NULL, 0, NULL, NULL }
        };