*/
#include "includes.h"
+#include "../libgpo/gpo.h"
+#include "libgpo/gpo_proto.h"
+#include "registry.h"
+#include "registry/reg_api.h"
+#include "registry/reg_backend_db.h"
+#include "registry/reg_api_util.h"
-extern REGISTRY_OPS regdb_ops;
-
-static int gp_reg_fetch_keys(const char *key, REGSUBKEY_CTR *subkey_ctr)
-{
- return regdb_ops.fetch_subkeys(key, subkey_ctr);
-}
-
-static bool gp_reg_store_keys(const char *key, REGSUBKEY_CTR *subkeys)
-{
- return regdb_ops.store_subkeys(key, subkeys);
-}
-
-static int gp_reg_fetch_values(const char *key, REGVAL_CTR *val)
-{
- return regdb_ops.fetch_values(key, val);
-}
-
-static bool gp_reg_store_values(const char *key, REGVAL_CTR *val)
-{
- return regdb_ops.store_values(key, val);
-}
-
-static WERROR gp_reg_get_secdesc(TALLOC_CTX *mem_ctx, const char *key,
- struct security_descriptor **psecdesc)
-{
- return regdb_ops.get_secdesc(mem_ctx, key, psecdesc);
-}
-
-static WERROR gp_reg_set_secdesc(const char *key,
- struct security_descriptor *secdesc)
-{
- return regdb_ops.set_secdesc(key, secdesc);
-}
-
/****************************************************************
****************************************************************/
-static REGISTRY_OPS gp_reg_ops = {
- .fetch_subkeys = gp_reg_fetch_keys,
- .fetch_values = gp_reg_fetch_values,
- .store_subkeys = gp_reg_store_keys,
- .store_values = gp_reg_store_values,
-/* .reg_access_check = gp_reg_reg_access_check, */
- .get_secdesc = gp_reg_get_secdesc,
- .set_secdesc = gp_reg_set_secdesc
-};
-
-/****************************************************************
-****************************************************************/
-
-struct nt_user_token *registry_create_system_token(TALLOC_CTX *mem_ctx)
+struct security_token *registry_create_system_token(TALLOC_CTX *mem_ctx)
{
- struct nt_user_token *token = NULL;
+ struct security_token *token = NULL;
- token = TALLOC_ZERO_P(mem_ctx, struct nt_user_token);
+ token = TALLOC_ZERO_P(mem_ctx, struct security_token);
if (!token) {
DEBUG(1,("talloc failed\n"));
return NULL;
}
- token->privileges = se_priv_all;
+ token->privilege_mask = SE_ALL_PRIVS;
if (!NT_STATUS_IS_OK(add_sid_to_array(token, &global_sid_System,
- &token->user_sids, &token->num_sids))) {
+ &token->sids, &token->num_sids))) {
DEBUG(1,("Error adding nt-authority system sid to token\n"));
return NULL;
}
WERROR gp_init_reg_ctx(TALLOC_CTX *mem_ctx,
const char *initial_path,
uint32_t desired_access,
- const struct nt_user_token *token,
+ const struct security_token *token,
struct gp_registry_context **reg_ctx)
{
struct gp_registry_context *tmp_ctx;
- static REGISTRY_HOOK gp_reg_hook;
WERROR werr;
if (!reg_ctx) {
return WERR_INVALID_PARAM;
}
- if (!regdb_init()) {
- return WERR_CAN_NOT_COMPLETE;
- }
-
- gp_reg_hook.keyname = initial_path; /* KEY_SAMBA_GROUP_POLICY */
- gp_reg_hook.ops = &gp_reg_ops;
-
- /* not sure about the cache hook */
- reghook_cache_init();
-
- if (!reghook_cache_add(&gp_reg_hook)) {
- return WERR_CAN_NOT_COMPLETE;
+ werr = registry_init_basic();
+ if (!W_ERROR_IS_OK(werr)) {
+ return werr;
}
tmp_ctx = TALLOC_ZERO_P(mem_ctx, struct gp_registry_context);
return WERR_NOMEM;
}
+ werr = regdb_open();
+ if (!W_ERROR_IS_OK(werr)) {
+ return werr;
+ }
+
if (initial_path) {
tmp_ctx->path = talloc_strdup(mem_ctx, initial_path);
if (!tmp_ctx->path) {
const char *val)
{
struct registry_value reg_val;
- ZERO_STRUCT(reg_val);
-
- /* FIXME: hack */
- val = val ? val : " ";
reg_val.type = REG_SZ;
- reg_val.v.sz.len = strlen(val);
- reg_val.v.sz.str = talloc_strdup(mem_ctx, val);
- W_ERROR_HAVE_NO_MEMORY(reg_val.v.sz.str);
+ if (!push_reg_sz(mem_ctx, ®_val.data, val)) {
+ return WERR_NOMEM;
+ }
return reg_setvalue(key, val_name, ®_val);
}
uint32_t val)
{
struct registry_value reg_val;
- ZERO_STRUCT(reg_val);
reg_val.type = REG_DWORD;
- reg_val.v.dword = val;
+ reg_val.data = data_blob_talloc(mem_ctx, NULL, 4);
+ SIVAL(reg_val.data.data, 0, val);
return reg_setvalue(key, val_name, ®_val);
}
return WERR_INVALID_DATATYPE;
}
- *val = talloc_strdup(mem_ctx, reg_val->v.sz.str);
- W_ERROR_HAVE_NO_MEMORY(*val);
+ if (!pull_reg_sz(mem_ctx, ®_val->data, val)) {
+ return WERR_NOMEM;
+ }
return WERR_OK;
}
return WERR_INVALID_DATATYPE;
}
- *val = reg_val->v.dword;
+ if (reg_val->data.length < 4) {
+ return WERR_INSUFFICIENT_BUFFER;
+ }
+ *val = IVAL(reg_val->data.data, 0);
return WERR_OK;
}
****************************************************************/
static const char *gp_reg_groupmembership_path(TALLOC_CTX *mem_ctx,
- const DOM_SID *sid,
+ const struct dom_sid *sid,
uint32_t flags)
{
if (flags & GPO_LIST_FLAG_MACHINE) {
static WERROR gp_reg_del_groupmembership(TALLOC_CTX *mem_ctx,
struct registry_key *key,
- const struct nt_user_token *token,
+ const struct security_token *token,
uint32_t flags)
{
const char *path = NULL;
- path = gp_reg_groupmembership_path(mem_ctx, &token->user_sids[0],
+ path = gp_reg_groupmembership_path(mem_ctx, &token->sids[0],
flags);
W_ERROR_HAVE_NO_MEMORY(path);
static WERROR gp_reg_store_groupmembership(TALLOC_CTX *mem_ctx,
struct gp_registry_context *reg_ctx,
- const struct nt_user_token *token,
+ const struct security_token *token,
uint32_t flags)
{
struct registry_key *key = NULL;
const char *val = NULL;
int count = 0;
- path = gp_reg_groupmembership_path(mem_ctx, &token->user_sids[0],
+ path = gp_reg_groupmembership_path(mem_ctx, &token->sids[0],
flags);
W_ERROR_HAVE_NO_MEMORY(path);
valname = talloc_asprintf(mem_ctx, "Group%d", count++);
W_ERROR_HAVE_NO_MEMORY(valname);
- val = sid_string_talloc(mem_ctx, &token->user_sids[i]);
+ val = sid_string_talloc(mem_ctx, &token->sids[i]);
W_ERROR_HAVE_NO_MEMORY(val);
werr = gp_store_reg_val_sz(mem_ctx, key, valname, val);
W_ERROR_NOT_OK_RETURN(werr);
/* not used yet */
static WERROR gp_reg_read_groupmembership(TALLOC_CTX *mem_ctx,
struct gp_registry_context *reg_ctx,
- const DOM_SID *object_sid,
- struct nt_user_token **token,
+ const struct dom_sid *object_sid,
+ struct security_token **token,
uint32_t flags)
{
struct registry_key *key = NULL;
const char *path = NULL;
uint32_t count = 0;
int num_token_sids = 0;
- struct nt_user_token *tmp_token = NULL;
+ struct security_token *tmp_token = NULL;
- tmp_token = TALLOC_ZERO_P(mem_ctx, struct nt_user_token);
+ tmp_token = TALLOC_ZERO_P(mem_ctx, struct security_token);
W_ERROR_HAVE_NO_MEMORY(tmp_token);
path = gp_reg_groupmembership_path(mem_ctx, object_sid, flags);
werr = gp_read_reg_val_sz(mem_ctx, key, valname, &val);
W_ERROR_NOT_OK_RETURN(werr);
- if (!string_to_sid(&tmp_token->user_sids[num_token_sids++],
+ if (!string_to_sid(&tmp_token->sids[num_token_sids++],
val)) {
return WERR_INSUFFICIENT_BUFFER;
}
****************************************************************/
static const char *gp_req_state_path(TALLOC_CTX *mem_ctx,
- const DOM_SID *sid,
+ const struct dom_sid *sid,
uint32_t flags)
{
if (flags & GPO_LIST_FLAG_MACHINE) {
WERROR gp_reg_state_store(TALLOC_CTX *mem_ctx,
uint32_t flags,
const char *dn,
- const struct nt_user_token *token,
+ const struct security_token *token,
struct GROUP_POLICY_OBJECT *gpo_list)
{
struct gp_registry_context *reg_ctx = NULL;
token, ®_ctx);
W_ERROR_NOT_OK_RETURN(werr);
- werr = gp_secure_key(mem_ctx, flags, KEY_GROUP_POLICY,
- &token->user_sids[0]);
+ werr = gp_secure_key(mem_ctx, flags, reg_ctx->curr_key,
+ &token->sids[0]);
if (!W_ERROR_IS_OK(werr)) {
- DEBUG(0,("failed to secure key: %s\n", dos_errstr(werr)));
+ DEBUG(0,("failed to secure key: %s\n", win_errstr(werr)));
goto done;
}
werr = gp_reg_store_groupmembership(mem_ctx, reg_ctx, token, flags);
if (!W_ERROR_IS_OK(werr)) {
- DEBUG(0,("failed to store group membership: %s\n", dos_errstr(werr)));
+ DEBUG(0,("failed to store group membership: %s\n", win_errstr(werr)));
goto done;
}
- subkeyname = gp_req_state_path(mem_ctx, &token->user_sids[0], flags);
+ subkeyname = gp_req_state_path(mem_ctx, &token->sids[0], flags);
if (!subkeyname) {
werr = WERR_NOMEM;
goto done;
werr = gp_del_reg_state(mem_ctx, reg_ctx->curr_key, subkeyname);
if (!W_ERROR_IS_OK(werr)) {
- DEBUG(0,("failed to delete old state: %s\n", dos_errstr(werr)));
+ DEBUG(0,("failed to delete old state: %s\n", win_errstr(werr)));
/* goto done; */
}
if (!W_ERROR_IS_OK(werr)) {
DEBUG(0,("gp_reg_state_store: "
"gpo_store_reg_gpovals failed for %s: %s\n",
- gpo->display_name, dos_errstr(werr)));
+ gpo->display_name, win_errstr(werr)));
goto done;
}
}
WERROR gp_reg_state_read(TALLOC_CTX *mem_ctx,
uint32_t flags,
- const DOM_SID *sid,
+ const struct dom_sid *sid,
struct GROUP_POLICY_OBJECT **gpo_list)
{
struct gp_registry_context *reg_ctx = NULL;
if (!W_ERROR_IS_OK(werr)) {
DEBUG(0,("gp_reg_state_read: "
"gp_read_reg_subkey gave: %s\n",
- dos_errstr(werr)));
+ win_errstr(werr)));
goto done;
}
****************************************************************/
static WERROR gp_reg_generate_sd(TALLOC_CTX *mem_ctx,
- const DOM_SID *sid,
+ const struct dom_sid *sid,
struct security_descriptor **sd,
size_t *sd_size)
{
- SEC_ACE ace[6];
- SEC_ACCESS mask;
+ struct security_ace ace[6];
+ uint32_t mask;
- SEC_ACL *acl = NULL;
+ struct security_acl *theacl = NULL;
uint8_t inherit_flags;
- init_sec_access(&mask, REG_KEY_ALL);
+ mask = REG_KEY_ALL;
init_sec_ace(&ace[0],
&global_sid_System,
SEC_ACE_TYPE_ACCESS_ALLOWED,
mask, 0);
- init_sec_access(&mask, REG_KEY_ALL);
+ mask = REG_KEY_ALL;
init_sec_ace(&ace[1],
&global_sid_Builtin_Administrators,
SEC_ACE_TYPE_ACCESS_ALLOWED,
mask, 0);
- init_sec_access(&mask, REG_KEY_READ);
+ mask = REG_KEY_READ;
init_sec_ace(&ace[2],
sid ? sid : &global_sid_Authenticated_Users,
SEC_ACE_TYPE_ACCESS_ALLOWED,
SEC_ACE_FLAG_CONTAINER_INHERIT |
SEC_ACE_FLAG_INHERIT_ONLY;
- init_sec_access(&mask, REG_KEY_ALL);
+ mask = REG_KEY_ALL;
init_sec_ace(&ace[3],
&global_sid_System,
SEC_ACE_TYPE_ACCESS_ALLOWED,
mask, inherit_flags);
- init_sec_access(&mask, REG_KEY_ALL);
+ mask = REG_KEY_ALL;
init_sec_ace(&ace[4],
&global_sid_Builtin_Administrators,
SEC_ACE_TYPE_ACCESS_ALLOWED,
mask, inherit_flags);
- init_sec_access(&mask, REG_KEY_READ);
+ mask = REG_KEY_READ;
init_sec_ace(&ace[5],
sid ? sid : &global_sid_Authenticated_Users,
SEC_ACE_TYPE_ACCESS_ALLOWED,
mask, inherit_flags);
- acl = make_sec_acl(mem_ctx, NT4_ACL_REVISION, 6, ace);
- W_ERROR_HAVE_NO_MEMORY(acl);
+ theacl = make_sec_acl(mem_ctx, NT4_ACL_REVISION, 6, ace);
+ W_ERROR_HAVE_NO_MEMORY(theacl);
- *sd = make_sec_desc(mem_ctx, SEC_DESC_REVISION,
+ *sd = make_sec_desc(mem_ctx, SD_REVISION,
SEC_DESC_SELF_RELATIVE |
SEC_DESC_DACL_AUTO_INHERITED | /* really ? */
SEC_DESC_DACL_AUTO_INHERIT_REQ, /* really ? */
NULL, NULL, NULL,
- acl, sd_size);
+ theacl, sd_size);
W_ERROR_HAVE_NO_MEMORY(*sd);
return WERR_OK;
WERROR gp_secure_key(TALLOC_CTX *mem_ctx,
uint32_t flags,
- const char *key,
- const DOM_SID *sid)
+ struct registry_key *key,
+ const struct dom_sid *sid)
{
struct security_descriptor *sd = NULL;
size_t sd_size = 0;
- const DOM_SID *sd_sid = NULL;
+ const struct dom_sid *sd_sid = NULL;
WERROR werr;
if (!(flags & GPO_LIST_FLAG_MACHINE)) {
werr = gp_reg_generate_sd(mem_ctx, sd_sid, &sd, &sd_size);
W_ERROR_NOT_OK_RETURN(werr);
- return gp_reg_set_secdesc(key, sd);
+ return reg_setkeysecurity(key, sd);
}
/****************************************************************
return;
}
- type_str = reg_type_lookup(val->type);
+ type_str = str_regtype(val->type);
- DEBUG(lvl,("\tdump_reg_val: %s '%s' '%s' %s: ",
+ DEBUG(lvl,("\tdump_reg_val:\t%s '%s'\n\t\t\t'%s' %s: ",
direction, key, subkey, type_str));
switch (val->type) {
- case REG_DWORD:
- DEBUG(lvl,("%d\n", (int)val->v.dword));
+ case REG_DWORD: {
+ uint32_t v;
+ if (val->data.length < 4) {
+ break;
+ }
+ v = IVAL(val->data.data, 0);
+ DEBUG(lvl,("%d (0x%08x)\n",
+ (int)v, v));
break;
- case REG_QWORD:
- DEBUG(lvl,("%d\n", (int)val->v.qword));
+ }
+ case REG_QWORD: {
+ uint64_t v;
+ if (val->data.length < 8) {
+ break;
+ }
+ v = BVAL(val->data.data, 0);
+ DEBUG(lvl,("%d (0x%016llx)\n",
+ (int)v,
+ (unsigned long long)v));
break;
- case REG_SZ:
+ }
+ case REG_SZ: {
+ const char *s;
+ if (!pull_reg_sz(talloc_tos(), &val->data, &s)) {
+ break;
+ }
DEBUG(lvl,("%s (length: %d)\n",
- val->v.sz.str,
- (int)val->v.sz.len));
+ s, (int)strlen_m(s)));
break;
- case REG_MULTI_SZ:
- DEBUG(lvl,("(num_strings: %d)\n",
- val->v.multi_sz.num_strings));
- for (i=0; i < val->v.multi_sz.num_strings; i++) {
- DEBUGADD(lvl,("\t%s\n",
- val->v.multi_sz.strings[i]));
+ }
+ case REG_MULTI_SZ: {
+ const char **a;
+ if (!pull_reg_multi_sz(talloc_tos(), &val->data, &a)) {
+ break;
+ }
+ for (i=0; a[i] != NULL; i++) {
+ ;;
+ }
+ DEBUG(lvl,("(num_strings: %d)\n", i));
+ for (i=0; a[i] != NULL; i++) {
+ DEBUGADD(lvl,("\t%s\n", a[i]));
}
break;
+ }
case REG_NONE:
DEBUG(lvl,("\n"));
break;
case REG_BINARY:
- dump_data(lvl, val->v.binary.data,
- val->v.binary.length);
+ dump_data(lvl, val->data.data,
+ val->data.length);
break;
default:
DEBUG(lvl,("unsupported type: %d\n", val->type));
default:
return "unknown";
}
-};
+}
/****************************************************************
****************************************************************/
struct registry_key *root_key,
struct gp_registry_context *reg_ctx,
struct gp_registry_entry *entry,
- const struct nt_user_token *token,
+ const struct security_token *token,
uint32_t flags)
{
WERROR werr;
if (flags & GPO_INFO_FLAG_VERBOSE) {
printf("about to store key: [%s]\n", entry->key);
printf(" value: [%s]\n", entry->value);
- printf(" data: [%s]\n", reg_type_lookup(entry->data->type));
+ printf(" data: [%s]\n", str_regtype(entry->data->type));
printf(" action: [%s]\n", gp_reg_action_str(entry->action));
}
root_key, &key);
/* reg_ctx->curr_key, &key); */
if (!W_ERROR_IS_OK(werr)) {
- DEBUG(0,("gp_store_reg_subkey failed: %s\n", dos_errstr(werr)));
+ DEBUG(0,("gp_store_reg_subkey failed: %s\n", win_errstr(werr)));
return werr;
}
case GP_REG_ACTION_SEC_KEY_SET:
werr = gp_secure_key(mem_ctx, flags,
- entry->key,
- &token->user_sids[0]);
+ key,
+ &token->sids[0]);
if (!W_ERROR_IS_OK(werr)) {
DEBUG(0,("reg_apply_registry_entry: "
"gp_secure_key failed: %s\n",
- dos_errstr(werr)));
+ win_errstr(werr)));
return werr;
}
break;
if (!W_ERROR_IS_OK(werr)) {
DEBUG(0,("reg_apply_registry_entry: "
"reg_setvalue failed: %s\n",
- dos_errstr(werr)));
+ win_errstr(werr)));
dump_reg_entry(flags, "STORE", entry);
return werr;
}
if (!W_ERROR_IS_OK(werr)) {
DEBUG(0,("reg_apply_registry_entry: "
"reg_deletevalue failed: %s\n",
- dos_errstr(werr)));
+ win_errstr(werr)));
dump_reg_entry(flags, "STORE", entry);
return werr;
}
if (!W_ERROR_IS_OK(werr)) {
DEBUG(0,("reg_apply_registry_entry: "
"reg_deleteallvalues failed: %s\n",
- dos_errstr(werr)));
+ win_errstr(werr)));
dump_reg_entry(flags, "STORE", entry);
return werr;
}