2 * Unix SMB/CIFS implementation.
3 * Virtual Windows Registry Layer
4 * Copyright (C) Gerald Carter 2002-2005
5 * Copyright (C) Michael Adam 2006-2008
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
22 * Implementation of registry frontend view functions.
23 * Functions moved from reg_frontend.c to minimize linker deps.
29 #define DBGC_CLASS DBGC_REGISTRY
31 static const struct generic_mapping reg_generic_map =
32 { REG_KEY_READ, REG_KEY_WRITE, REG_KEY_EXECUTE, REG_KEY_ALL };
34 /********************************************************************
35 ********************************************************************/
37 static WERROR construct_registry_sd(TALLOC_CTX *ctx, SEC_DESC **psd)
45 /* basic access for Everyone */
47 init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED,
50 /* Full Access 'BUILTIN\Administrators' */
52 init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators,
53 SEC_ACE_TYPE_ACCESS_ALLOWED, REG_KEY_ALL, 0);
55 /* Full Access 'NT Authority\System' */
57 init_sec_ace(&ace[i++], &global_sid_System, SEC_ACE_TYPE_ACCESS_ALLOWED,
60 /* create the security descriptor */
62 theacl = make_sec_acl(ctx, NT4_ACL_REVISION, i, ace);
67 sd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE,
68 &global_sid_Builtin_Administrators,
69 &global_sid_System, NULL, theacl,
79 /***********************************************************************
80 High level wrapper function for storing registry subkeys
81 ***********************************************************************/
83 bool store_reg_keys( REGISTRY_KEY *key, REGSUBKEY_CTR *subkeys )
85 if (key->ops && key->ops->store_subkeys)
86 return key->ops->store_subkeys(key->name, subkeys);
91 /***********************************************************************
92 High level wrapper function for storing registry values
93 ***********************************************************************/
95 bool store_reg_values( REGISTRY_KEY *key, REGVAL_CTR *val )
97 if (key->ops && key->ops->store_values)
98 return key->ops->store_values(key->name, val);
103 /***********************************************************************
104 High level wrapper function for enumerating registry subkeys
105 Initialize the TALLOC_CTX if necessary
106 ***********************************************************************/
108 int fetch_reg_keys( REGISTRY_KEY *key, REGSUBKEY_CTR *subkey_ctr )
112 if (key->ops && key->ops->fetch_subkeys)
113 result = key->ops->fetch_subkeys(key->name, subkey_ctr);
118 /***********************************************************************
119 High level wrapper function for enumerating registry values
120 ***********************************************************************/
122 int fetch_reg_values( REGISTRY_KEY *key, REGVAL_CTR *val )
126 DEBUG(10, ("fetch_reg_values called for key '%s' (ops %p)\n", key->name,
127 (key->ops) ? (void *)key->ops : NULL));
129 if (key->ops && key->ops->fetch_values)
130 result = key->ops->fetch_values(key->name, val);
135 /***********************************************************************
136 High level access check for passing the required access mask to the
137 underlying registry backend
138 ***********************************************************************/
140 bool regkey_access_check( REGISTRY_KEY *key, uint32 requested, uint32 *granted,
141 const struct nt_user_token *token )
148 /* use the default security check if the backend has not defined its
151 if (key->ops && key->ops->reg_access_check) {
152 return key->ops->reg_access_check(key->name, requested,
157 * The secdesc routines can't yet cope with a NULL talloc ctx sanely.
160 if (!(mem_ctx = talloc_init("regkey_access_check"))) {
164 err = regkey_get_secdesc(mem_ctx, key, &sec_desc);
166 if (!W_ERROR_IS_OK(err)) {
167 TALLOC_FREE(mem_ctx);
171 se_map_generic( &requested, ®_generic_map );
173 status =se_access_check(sec_desc, token, requested, granted);
174 if (!NT_STATUS_IS_OK(status)) {
175 TALLOC_FREE(mem_ctx);
179 TALLOC_FREE(mem_ctx);
180 return NT_STATUS_IS_OK(status);
183 WERROR regkey_get_secdesc(TALLOC_CTX *mem_ctx, REGISTRY_KEY *key,
184 struct security_descriptor **psecdesc)
186 struct security_descriptor *secdesc;
189 if (key->ops && key->ops->get_secdesc) {
190 werr = key->ops->get_secdesc(mem_ctx, key->name, psecdesc);
191 if (W_ERROR_IS_OK(werr)) {
196 werr = construct_registry_sd(mem_ctx, &secdesc);
197 if (!W_ERROR_IS_OK(werr)) {
205 WERROR regkey_set_secdesc(REGISTRY_KEY *key,
206 struct security_descriptor *psecdesc)
208 if (key->ops && key->ops->set_secdesc) {
209 return key->ops->set_secdesc(key->name, psecdesc);
212 return WERR_ACCESS_DENIED;
216 * Check whether the in-memory version of the subkyes of a
217 * registry key needs update from disk.
219 bool reg_subkeys_need_update(REGISTRY_KEY *key, REGSUBKEY_CTR *subkeys)
221 if (key->ops && key->ops->subkeys_need_update)
223 return key->ops->subkeys_need_update(subkeys);
230 * Check whether the in-memory version of the values of a
231 * registry key needs update from disk.
233 bool reg_values_need_update(REGISTRY_KEY *key, REGVAL_CTR *values)
235 if (key->ops && key->ops->values_need_update)
237 return key->ops->values_need_update(values);