s3:registry: move reg_objects.h to registry/ and use it only where needed
[kai/samba.git] / source3 / registry / reg_api.c
index 66296f0ddd14262152640870d9b7f190ee7d975c..4f3b7a2f86a101ea286fdeb10294b43908fbb651 100644 (file)
  */
 
 #include "includes.h"
+#include "registry.h"
+#include "reg_cachehook.h"
 #include "regfio.h"
+#include "reg_util_internal.h"
+#include "reg_backend_db.h"
+#include "reg_dispatcher.h"
+#include "reg_util_marshalling.h"
+#include "reg_objects.h"
 
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_REGISTRY
 
 static WERROR fill_value_cache(struct registry_key *key)
 {
+       WERROR werr;
+
        if (key->values != NULL) {
                if (!reg_values_need_update(key->key, key->values)) {
                        return WERR_OK;
                }
        }
 
-       if (!(key->values = TALLOC_ZERO_P(key, REGVAL_CTR))) {
-               return WERR_NOMEM;
-       }
+       werr = regval_ctr_init(key, &(key->values));
+       W_ERROR_NOT_OK_RETURN(werr);
+
        if (fetch_reg_values(key->key, key->values) == -1) {
                TALLOC_FREE(key->values);
                return WERR_BADFILE;
@@ -113,7 +122,7 @@ static WERROR fill_subkey_cache(struct registry_key *key)
        return WERR_OK;
 }
 
-static int regkey_destructor(REGISTRY_KEY *key)
+static int regkey_destructor(struct registry_key_handle *key)
 {
        return regdb_close();
 }
@@ -127,7 +136,7 @@ static WERROR regkey_open_onelevel(TALLOC_CTX *mem_ctx,
 {
        WERROR          result = WERR_OK;
        struct registry_key *regkey;
-       REGISTRY_KEY *key;
+       struct registry_key_handle *key;
        struct regsubkey_ctr    *subkeys = NULL;
 
        DEBUG(7,("regkey_open_onelevel: name = [%s]\n", name));
@@ -136,7 +145,8 @@ static WERROR regkey_open_onelevel(TALLOC_CTX *mem_ctx,
 
        if (!(regkey = TALLOC_ZERO_P(mem_ctx, struct registry_key)) ||
            !(regkey->token = dup_nt_token(regkey, token)) ||
-           !(regkey->key = TALLOC_ZERO_P(regkey, REGISTRY_KEY))) {
+           !(regkey->key = TALLOC_ZERO_P(regkey, struct registry_key_handle)))
+       {
                result = WERR_NOMEM;
                goto done;
        }
@@ -147,9 +157,9 @@ static WERROR regkey_open_onelevel(TALLOC_CTX *mem_ctx,
 
        key = regkey->key;
        talloc_set_destructor(key, regkey_destructor);
-               
+
        /* initialization */
-       
+
        key->type = REG_KEY_GENERIC;
 
        if (name[0] == '\0') {
@@ -181,12 +191,12 @@ static WERROR regkey_open_onelevel(TALLOC_CTX *mem_ctx,
 
        if( StrnCaseCmp(key->name, KEY_HKPD, strlen(KEY_HKPD)) == 0 )
                key->type = REG_KEY_HKPD;
-       
+
        /* Look up the table of registry I/O operations */
 
        if ( !(key->ops = reghook_cache_find( key->name )) ) {
                DEBUG(0,("reg_open_onelevel: Failed to assign "
-                        "REGISTRY_OPS to [%s]\n", key->name ));
+                        "registry_ops to [%s]\n", key->name ));
                result = WERR_BADFILE;
                goto done;
        }
@@ -214,7 +224,7 @@ static WERROR regkey_open_onelevel(TALLOC_CTX *mem_ctx,
 
        *pregkey = regkey;
        result = WERR_OK;
-       
+
 done:
        if ( !W_ERROR_IS_OK(result) ) {
                TALLOC_FREE(regkey);
@@ -272,7 +282,7 @@ WERROR reg_openkey(TALLOC_CTX *mem_ctx, struct registry_key *parent,
 
                err = regkey_open_onelevel(mem_ctx, direct_parent,
                                           name_component, parent->token,
-                                          SEC_RIGHTS_ENUM_SUBKEYS, &tmp);
+                                          KEY_ENUMERATE_SUB_KEYS, &tmp);
                SAFE_FREE(name_component);
 
                if (!W_ERROR_IS_OK(err)) {
@@ -301,7 +311,7 @@ WERROR reg_enumkey(TALLOC_CTX *mem_ctx, struct registry_key *key,
 {
        WERROR err;
 
-       if (!(key->key->access_granted & SEC_RIGHTS_ENUM_SUBKEYS)) {
+       if (!(key->key->access_granted & KEY_ENUMERATE_SUB_KEYS)) {
                return WERR_ACCESS_DENIED;
        }
 
@@ -330,9 +340,10 @@ WERROR reg_enumvalue(TALLOC_CTX *mem_ctx, struct registry_key *key,
                     uint32 idx, char **pname, struct registry_value **pval)
 {
        struct registry_value *val;
+       struct regval_blob *blob;
        WERROR err;
 
-       if (!(key->key->access_granted & SEC_RIGHTS_QUERY_VALUE)) {
+       if (!(key->key->access_granted & KEY_QUERY_VALUE)) {
                return WERR_ACCESS_DENIED;
        }
 
@@ -340,22 +351,23 @@ WERROR reg_enumvalue(TALLOC_CTX *mem_ctx, struct registry_key *key,
                return err;
        }
 
-       if (idx >= key->values->num_values) {
+       if (idx >= regval_ctr_numvals(key->values)) {
                return WERR_NO_MORE_ITEMS;
        }
 
+       blob = regval_ctr_specific_value(key->values, idx);
        err = registry_pull_value(mem_ctx, &val,
-                                 key->values->values[idx]->type,
-                                 key->values->values[idx]->data_p,
-                                 key->values->values[idx]->size,
-                                 key->values->values[idx]->size);
+                                 regval_type(blob),
+                                 regval_data_p(blob),
+                                 regval_size(blob),
+                                 regval_size(blob));
        if (!W_ERROR_IS_OK(err)) {
                return err;
        }
 
        if (pname
            && !(*pname = talloc_strdup(
-                        mem_ctx, key->values->values[idx]->valuename))) {
+                        mem_ctx, regval_name(blob)))) {
                SAFE_FREE(val);
                return WERR_NOMEM;
        }
@@ -370,7 +382,7 @@ WERROR reg_queryvalue(TALLOC_CTX *mem_ctx, struct registry_key *key,
        WERROR err;
        uint32 i;
 
-       if (!(key->key->access_granted & SEC_RIGHTS_QUERY_VALUE)) {
+       if (!(key->key->access_granted & KEY_QUERY_VALUE)) {
                return WERR_ACCESS_DENIED;
        }
 
@@ -378,8 +390,10 @@ WERROR reg_queryvalue(TALLOC_CTX *mem_ctx, struct registry_key *key,
                return err;
        }
 
-       for (i=0; i<key->values->num_values; i++) {
-               if (strequal(key->values->values[i]->valuename, name)) {
+       for (i=0; i < regval_ctr_numvals(key->values); i++) {
+               struct regval_blob *blob;
+               blob = regval_ctr_specific_value(key->values, i);
+               if (strequal(regval_name(blob), name)) {
                        return reg_enumvalue(mem_ctx, key, i, NULL, pval);
                }
        }
@@ -399,7 +413,7 @@ WERROR reg_queryinfokey(struct registry_key *key, uint32_t *num_subkeys,
        WERROR err;
        struct security_descriptor *secdesc;
 
-       if (!(key->key->access_granted & SEC_RIGHTS_QUERY_VALUE)) {
+       if (!(key->key->access_granted & KEY_QUERY_VALUE)) {
                return WERR_ACCESS_DENIED;
        }
 
@@ -420,13 +434,14 @@ WERROR reg_queryinfokey(struct registry_key *key, uint32_t *num_subkeys,
 
        max_len = 0;
        max_size = 0;
-       for (i=0; i<key->values->num_values; i++) {
-               max_len = MAX(max_len,
-                             strlen(key->values->values[i]->valuename));
-               max_size = MAX(max_size, key->values->values[i]->size);
+       for (i=0; i < regval_ctr_numvals(key->values); i++) {
+               struct regval_blob *blob;
+               blob = regval_ctr_specific_value(key->values, i);
+               max_len = MAX(max_len, strlen(regval_name(blob)));
+               max_size = MAX(max_size, regval_size(blob));
        }
 
-       *num_values = key->values->num_values;
+       *num_values = regval_ctr_numvals(key->values);
        *max_valnamelen = max_len;
        *max_valbufsize = max_size;
 
@@ -440,7 +455,7 @@ WERROR reg_queryinfokey(struct registry_key *key, uint32_t *num_subkeys,
                return err;
        }
 
-       *secdescsize = ndr_size_security_descriptor(secdesc, NULL, 0);
+       *secdescsize = ndr_size_security_descriptor(secdesc, 0);
        TALLOC_FREE(mem_ctx);
 
        *last_changed_time = 0;
@@ -459,6 +474,16 @@ WERROR reg_createkey(TALLOC_CTX *ctx, struct registry_key *parent,
        char *path, *end;
        WERROR err;
 
+       /*
+        * We must refuse to handle subkey-paths containing
+        * a '/' character because at a lower level, after
+        * normalization, '/' is treated as a key separator
+        * just like '\\'.
+        */
+       if (strchr(subkeypath, '/') != NULL) {
+               return WERR_INVALID_PARAM;
+       }
+
        if (!(mem_ctx = talloc_new(ctx))) return WERR_NOMEM;
 
        if (!(path = talloc_strdup(mem_ctx, subkeypath))) {
@@ -473,7 +498,7 @@ WERROR reg_createkey(TALLOC_CTX *ctx, struct registry_key *parent,
                *end = '\0';
 
                err = reg_createkey(mem_ctx, key, path,
-                                   SEC_RIGHTS_ENUM_SUBKEYS, &tmp, &action);
+                                   KEY_ENUMERATE_SUB_KEYS, &tmp, &action);
                if (!W_ERROR_IS_OK(err)) {
                        goto done;
                }
@@ -511,7 +536,7 @@ WERROR reg_createkey(TALLOC_CTX *ctx, struct registry_key *parent,
         * with ENUM_SUBKEY access.
         */
 
-       err = reg_openkey(mem_ctx, key, "", SEC_RIGHTS_CREATE_SUBKEY,
+       err = reg_openkey(mem_ctx, key, "", KEY_CREATE_SUB_KEY,
                          &create_parent);
        if (!W_ERROR_IS_OK(err)) {
                goto done;
@@ -524,14 +549,8 @@ WERROR reg_createkey(TALLOC_CTX *ctx, struct registry_key *parent,
        err = fill_subkey_cache(create_parent);
        if (!W_ERROR_IS_OK(err)) goto done;
 
-       err = regsubkey_ctr_addkey(create_parent->subkeys, path);
-       if (!W_ERROR_IS_OK(err)) goto done;
-
-       if (!store_reg_keys(create_parent->key, create_parent->subkeys)) {
-               TALLOC_FREE(create_parent->subkeys);
-               err = WERR_REG_IO_FAILURE;
-               goto done;
-       }
+       err = create_reg_subkey(key->key, path);
+       W_ERROR_NOT_OK_GOTO_DONE(err);
 
        /*
         * Now open the newly created key
@@ -550,40 +569,36 @@ WERROR reg_createkey(TALLOC_CTX *ctx, struct registry_key *parent,
 WERROR reg_deletekey(struct registry_key *parent, const char *path)
 {
        WERROR err;
-       TALLOC_CTX *mem_ctx;
        char *name, *end;
-       int num_subkeys;
        struct registry_key *tmp_key, *key;
+       TALLOC_CTX *mem_ctx = talloc_stackframe();
 
-       if (!(mem_ctx = talloc_init("reg_createkey"))) return WERR_NOMEM;
-
-       if (!(name = talloc_strdup(mem_ctx, path))) {
+       name = talloc_strdup(mem_ctx, path);
+       if (name == NULL) {
                err = WERR_NOMEM;
-               goto error;
+               goto done;
        }
 
        /* check if the key has subkeys */
        err = reg_openkey(mem_ctx, parent, name, REG_KEY_READ, &key);
-       if (!W_ERROR_IS_OK(err)) {
-               goto error;
-       }
-       if (!W_ERROR_IS_OK(err = fill_subkey_cache(key))) {
-               goto error;
-       }
+       W_ERROR_NOT_OK_GOTO_DONE(err);
+
+       err = fill_subkey_cache(key);
+       W_ERROR_NOT_OK_GOTO_DONE(err);
+
        if (regsubkey_ctr_numkeys(key->subkeys) > 0) {
                err = WERR_ACCESS_DENIED;
-               goto error;
+               goto done;
        }
 
        /* no subkeys - proceed with delete */
-       if ((end = strrchr(name, '\\')) != NULL) {
+       end = strrchr(name, '\\');
+       if (end != NULL) {
                *end = '\0';
 
                err = reg_openkey(mem_ctx, parent, name,
-                                 SEC_RIGHTS_CREATE_SUBKEY, &tmp_key);
-               if (!W_ERROR_IS_OK(err)) {
-                       goto error;
-               }
+                                 KEY_CREATE_SUB_KEY, &tmp_key);
+               W_ERROR_NOT_OK_GOTO_DONE(err);
 
                parent = tmp_key;
                name = end+1;
@@ -591,31 +606,12 @@ WERROR reg_deletekey(struct registry_key *parent, const char *path)
 
        if (name[0] == '\0') {
                err = WERR_INVALID_PARAM;
-               goto error;
-       }
-
-       if (!W_ERROR_IS_OK(err = fill_subkey_cache(parent))) {
-               goto error;
-       }
-
-       num_subkeys = regsubkey_ctr_numkeys(parent->subkeys);
-
-       if (regsubkey_ctr_delkey(parent->subkeys, name) == num_subkeys) {
-               err = WERR_BADFILE;
-               goto error;
-       }
-
-       if (!store_reg_keys(parent->key, parent->subkeys)) {
-               TALLOC_FREE(parent->subkeys);
-               err = WERR_REG_IO_FAILURE;
-               goto error;
+               goto done;
        }
 
-       regkey_set_secdesc(key->key, NULL);
+       err = delete_reg_subkey(parent->key, name);
 
-       err = WERR_OK;
-
- error:
+done:
        TALLOC_FREE(mem_ctx);
        return err;
 }
@@ -627,7 +623,7 @@ WERROR reg_setvalue(struct registry_key *key, const char *name,
        DATA_BLOB value_data;
        int res;
 
-       if (!(key->key->access_granted & SEC_RIGHTS_SET_VALUE)) {
+       if (!(key->key->access_granted & KEY_SET_VALUE)) {
                return WERR_ACCESS_DENIED;
        }
 
@@ -641,7 +637,7 @@ WERROR reg_setvalue(struct registry_key *key, const char *name,
        }
 
        res = regval_ctr_addvalue(key->values, name, val->type,
-                                 (char *)value_data.data, value_data.length);
+                                 value_data.data, value_data.length);
        TALLOC_FREE(value_data.data);
 
        if (res == 0) {
@@ -659,22 +655,22 @@ WERROR reg_setvalue(struct registry_key *key, const char *name,
 
 static WERROR reg_value_exists(struct registry_key *key, const char *name)
 {
-       int i;
+       struct regval_blob *blob;
 
-       for (i=0; i<key->values->num_values; i++) {
-               if (strequal(key->values->values[i]->valuename, name)) {
-                       return WERR_OK;
-               }
-       }
+       blob = regval_ctr_getvalue(key->values, name);
 
-       return WERR_BADFILE;
+       if (blob == NULL) {
+               return WERR_BADFILE;
+       } else {
+               return WERR_OK;
+       }
 }
 
 WERROR reg_deletevalue(struct registry_key *key, const char *name)
 {
        WERROR err;
 
-       if (!(key->key->access_granted & SEC_RIGHTS_SET_VALUE)) {
+       if (!(key->key->access_granted & KEY_SET_VALUE)) {
                return WERR_ACCESS_DENIED;
        }
 
@@ -728,18 +724,18 @@ static WERROR reg_load_tree(REGF_FILE *regfile, const char *topkeypath,
                            REGF_NK_REC *key)
 {
        REGF_NK_REC *subkey;
-       REGISTRY_KEY registry_key;
-       REGVAL_CTR *values;
+       struct registry_key_handle registry_key;
+       struct regval_ctr *values;
        struct regsubkey_ctr *subkeys;
        int i;
        char *path = NULL;
        WERROR result = WERR_OK;
 
-       /* initialize the REGISTRY_KEY structure */
+       /* initialize the struct registry_key_handle structure */
 
        registry_key.ops = reghook_cache_find(topkeypath);
        if (!registry_key.ops) {
-               DEBUG(0, ("reg_load_tree: Failed to assign  REGISTRY_OPS "
+               DEBUG(0, ("reg_load_tree: Failed to assign registry_ops "
                          "to [%s]\n", topkeypath));
                return WERR_BADFILE;
        }
@@ -755,17 +751,15 @@ static WERROR reg_load_tree(REGF_FILE *regfile, const char *topkeypath,
        result = regsubkey_ctr_init(regfile->mem_ctx, &subkeys);
        W_ERROR_NOT_OK_RETURN(result);
 
-       values = TALLOC_ZERO_P(subkeys, REGVAL_CTR);
-       if (values == NULL) {
-               return WERR_NOMEM;
-       }
+       result = regval_ctr_init(subkeys, &values);
+       W_ERROR_NOT_OK_RETURN(result);
 
-       /* copy values into the REGVAL_CTR */
+       /* copy values into the struct regval_ctr */
 
        for (i=0; i<key->num_values; i++) {
                regval_ctr_addvalue(values, key->values[i].valuename,
                                    key->values[i].type,
-                                   (char*)key->values[i].data,
+                                   key->values[i].data,
                                    (key->values[i].data_size & ~VK_DATA_IN_OFFSET));
        }
 
@@ -818,7 +812,8 @@ static WERROR reg_load_tree(REGF_FILE *regfile, const char *topkeypath,
 /*******************************************************************
  ********************************************************************/
 
-static WERROR restore_registry_key(REGISTRY_KEY *krecord, const char *fname)
+static WERROR restore_registry_key(struct registry_key_handle *krecord,
+                                  const char *fname)
 {
        REGF_FILE *regfile;
        REGF_NK_REC *rootkey;
@@ -862,16 +857,16 @@ static WERROR reg_write_tree(REGF_FILE *regfile, const char *keypath,
                             REGF_NK_REC *parent)
 {
        REGF_NK_REC *key;
-       REGVAL_CTR *values;
+       struct regval_ctr *values;
        struct regsubkey_ctr *subkeys;
        int i, num_subkeys;
        char *key_tmp = NULL;
        char *keyname, *parentpath;
        char *subkeypath = NULL;
        char *subkeyname;
-       REGISTRY_KEY registry_key;
+       struct registry_key_handle registry_key;
        WERROR result = WERR_OK;
-       SEC_DESC *sec_desc = NULL;
+       struct security_descriptor *sec_desc = NULL;
 
        if (!regfile) {
                return WERR_GENERAL_FAILURE;
@@ -895,7 +890,7 @@ static WERROR reg_write_tree(REGF_FILE *regfile, const char *keypath,
                keyname = parentpath;
        }
 
-       /* we need a REGISTRY_KEY object here to enumerate subkeys and values */
+       /* we need a registry_key_handle object here to enumerate subkeys and values */
 
        ZERO_STRUCT(registry_key);
 
@@ -914,10 +909,8 @@ static WERROR reg_write_tree(REGF_FILE *regfile, const char *keypath,
        result = regsubkey_ctr_init(regfile->mem_ctx, &subkeys);
        W_ERROR_NOT_OK_RETURN(result);
 
-       values = TALLOC_ZERO_P(subkeys, REGVAL_CTR);
-       if (values == NULL) {
-               return WERR_NOMEM;
-       }
+       result = regval_ctr_init(subkeys, &values); 
+       W_ERROR_NOT_OK_RETURN(result);
 
        fetch_reg_keys(&registry_key, subkeys);
        fetch_reg_values(&registry_key, values);
@@ -961,7 +954,8 @@ done:
        return result;
 }
 
-static WERROR backup_registry_key(REGISTRY_KEY *krecord, const char *fname)
+static WERROR backup_registry_key(struct registry_key_handle *krecord,
+                                 const char *fname)
 {
        REGF_FILE *regfile;
        WERROR result;
@@ -1001,7 +995,7 @@ WERROR reg_deleteallvalues(struct registry_key *key)
        WERROR err;
        int i;
 
-       if (!(key->key->access_granted & SEC_RIGHTS_SET_VALUE)) {
+       if (!(key->key->access_granted & KEY_SET_VALUE)) {
                return WERR_ACCESS_DENIED;
        }
 
@@ -1009,8 +1003,10 @@ WERROR reg_deleteallvalues(struct registry_key *key)
                return err;
        }
 
-       for (i=0; i<key->values->num_values; i++) {
-               regval_ctr_delvalue(key->values, key->values->values[i]->valuename);
+       for (i=0; i < regval_ctr_numvals(key->values); i++) {
+               struct regval_blob *blob;
+               blob = regval_ctr_specific_value(key->values, i);
+               regval_ctr_delvalue(key->values, regval_name(blob));
        }
 
        if (!store_reg_values(key->key, key->values)) {
@@ -1057,7 +1053,7 @@ WERROR reg_open_path(TALLOC_CTX *mem_ctx, const char *orig_path,
 
        *p = '\0';
 
-       err = reg_openhive(mem_ctx, path, SEC_RIGHTS_ENUM_SUBKEYS, token,
+       err = reg_openhive(mem_ctx, path, KEY_ENUMERATE_SUB_KEYS, token,
                           &hive);
        if (!W_ERROR_IS_OK(err)) {
                SAFE_FREE(path);
@@ -1091,6 +1087,7 @@ static WERROR reg_deletekey_recursive_internal(TALLOC_CTX *ctx,
        WERROR werr = WERR_OK;
        struct registry_key *key;
        char *subkey_name = NULL;
+       uint32 i;
 
        mem_ctx = talloc_new(ctx);
        if (mem_ctx == NULL) {
@@ -1104,25 +1101,21 @@ static WERROR reg_deletekey_recursive_internal(TALLOC_CTX *ctx,
                goto done;
        }
 
-       while (W_ERROR_IS_OK(werr = reg_enumkey(mem_ctx, key, 0,
-                                               &subkey_name, NULL)))
-       {
+       werr = fill_subkey_cache(key);
+       W_ERROR_NOT_OK_GOTO_DONE(werr);
+
+       /*
+        * loop from top to bottom for perfomance:
+        * this way, we need to rehash the regsubkey containers less
+        */
+       for (i = regsubkey_ctr_numkeys(key->subkeys) ; i > 0; i--) {
+               subkey_name = regsubkey_ctr_specific_key(key->subkeys, i-1);
                werr = reg_deletekey_recursive_internal(mem_ctx, key,
-                                                       subkey_name,
-                                                       true);
-               if (!W_ERROR_IS_OK(werr)) {
-                       goto done;
-               }
-       }
-       if (!W_ERROR_EQUAL(WERR_NO_MORE_ITEMS, werr)) {
-               DEBUG(1, ("reg_deletekey_recursive_internal: "
-                         "Error enumerating subkeys: %s\n",
-                         win_errstr(werr)));
-               goto done;
+                                       subkey_name,
+                                       true);
+               W_ERROR_NOT_OK_GOTO_DONE(werr);
        }
 
-       werr = WERR_OK;
-
        if (del_key) {
                /* now delete the actual key */
                werr = reg_deletekey(parent, path);
@@ -1151,6 +1144,9 @@ static WERROR reg_deletekey_recursive_trans(TALLOC_CTX *ctx,
        werr = reg_deletekey_recursive_internal(ctx, parent, path, del_key);
 
        if (!W_ERROR_IS_OK(werr)) {
+               DEBUG(1, (__location__ " failed to delete key '%s' from key "
+                         "'%s': %s\n", path, parent->key->name,
+                         win_errstr(werr)));
                werr = regdb_transaction_cancel();
                if (!W_ERROR_IS_OK(werr)) {
                        DEBUG(0, ("reg_deletekey_recursive_trans: "
@@ -1228,7 +1224,7 @@ WERROR reg_create_path(TALLOC_CTX *mem_ctx, const char *orig_path,
 
        err = reg_openhive(mem_ctx, path,
                           (strchr(p+1, '\\') != NULL) ?
-                          SEC_RIGHTS_ENUM_SUBKEYS : SEC_RIGHTS_CREATE_SUBKEY,
+                          KEY_ENUMERATE_SUB_KEYS : KEY_CREATE_SUB_KEY,
                           token, &hive);
        if (!W_ERROR_IS_OK(err)) {
                SAFE_FREE(path);
@@ -1268,7 +1264,7 @@ WERROR reg_delete_path(const struct nt_user_token *token,
 
        err = reg_openhive(NULL, path,
                           (strchr(p+1, '\\') != NULL) ?
-                          SEC_RIGHTS_ENUM_SUBKEYS : SEC_RIGHTS_CREATE_SUBKEY,
+                          KEY_ENUMERATE_SUB_KEYS : KEY_CREATE_SUB_KEY,
                           token, &hive);
        if (!W_ERROR_IS_OK(err)) {
                SAFE_FREE(path);