* Copyright (C) Luke Kenneth Casson Leighton 1996-1997.
* Copyright (C) Paul Ashton 1997.
* Copyright (C) Jeremy Allison 2001.
- * Copyright (C) Gerald Carter 2002.
+ * Copyright (C) Gerald Carter 2002-2005.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
/* Implementation of registry functions. */
#include "includes.h"
+#include "regfio.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_RPC_SRV
((unsigned int)IVAL((hnd)->data5,4)),((unsigned int)sys_getpid())
-static REGISTRY_KEY *regkeys_list;
+static struct generic_mapping reg_generic_map = { REG_KEY_READ, REG_KEY_WRITE, REG_KEY_EXECUTE, REG_KEY_ALL };
+/********************************************************************
+********************************************************************/
+
+NTSTATUS registry_access_check( SEC_DESC *sec_desc, NT_USER_TOKEN *token,
+ uint32 access_desired, uint32 *access_granted )
+{
+ NTSTATUS result;
+
+ se_map_generic( &access_desired, ®_generic_map );
+ se_access_check( sec_desc, token, access_desired, access_granted, &result );
+
+ return result;
+}
+
+/********************************************************************
+********************************************************************/
+
+SEC_DESC* construct_registry_sd( TALLOC_CTX *ctx )
+{
+ SEC_ACE ace[2];
+ SEC_ACCESS mask;
+ size_t i = 0;
+ SEC_DESC *sd;
+ SEC_ACL *acl;
+ uint32 sd_size;
+
+ /* basic access for Everyone */
+
+ init_sec_access(&mask, REG_KEY_READ );
+ init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+
+ /* Full Access 'BUILTIN\Administrators' */
+
+ init_sec_access(&mask, REG_KEY_ALL );
+ init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+
+
+ /* create the security descriptor */
+
+ if ( !(acl = make_sec_acl(ctx, NT4_ACL_REVISION, i, ace)) )
+ return NULL;
+
+ if ( !(sd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL, acl, &sd_size)) )
+ return NULL;
+
+ return sd;
+}
/******************************************************************
free() function for REGISTRY_KEY
{
REGISTRY_KEY *info = (REGISTRY_KEY*)ptr;
- DLIST_REMOVE(regkeys_list, info);
-
SAFE_FREE(info);
}
HK[LM|U]\<key>\<key>\...
*******************************************************************/
-static NTSTATUS open_registry_key(pipes_struct *p, POLICY_HND *hnd, REGISTRY_KEY *parent,
- char *subkeyname, uint32 access_granted )
+static WERROR open_registry_key(pipes_struct *p, POLICY_HND *hnd, REGISTRY_KEY *parent,
+ const char *subkeyname, uint32 access_granted )
{
REGISTRY_KEY *regkey = NULL;
- pstring parent_keyname;
- NTSTATUS result = NT_STATUS_OK;
- REGSUBKEY_CTR subkeys;
+ WERROR result = WERR_OK;
+ REGSUBKEY_CTR *subkeys = NULL;
+ pstring subkeyname2;
+ int subkey_len;
- if ( parent ) {
- pstrcpy( parent_keyname, parent->name );
- pstrcat( parent_keyname, "\\" );
- }
- else
- *parent_keyname = '\0';
+ DEBUG(7,("open_registry_key: name = [%s][%s]\n",
+ parent ? parent->name : "NULL", subkeyname));
- DEBUG(7,("open_registry_key: name = [%s][%s]\n", parent_keyname, subkeyname));
+ /* strip any trailing '\'s */
+ pstrcpy( subkeyname2, subkeyname );
+ subkey_len = strlen ( subkeyname2 );
+ if ( subkey_len && subkeyname2[subkey_len-1] == '\\' )
+ subkeyname2[subkey_len-1] = '\0';
- /* All registry keys **must** have a name of non-zero length */
-
- if (!subkeyname || !*subkeyname )
- return NT_STATUS_OBJECT_NAME_NOT_FOUND;
-
- if ((regkey=(REGISTRY_KEY*)malloc(sizeof(REGISTRY_KEY))) == NULL)
- return NT_STATUS_NO_MEMORY;
+ if ((regkey=SMB_MALLOC_P(REGISTRY_KEY)) == NULL)
+ return WERR_NOMEM;
ZERO_STRUCTP( regkey );
- /* copy the name */
+ /*
+ * very crazy, but regedit.exe on Win2k will attempt to call
+ * REG_OPEN_ENTRY with a keyname of "". We should return a new
+ * (second) handle here on the key->name. regedt32.exe does
+ * not do this stupidity. --jerry
+ */
- pstrcpy( regkey->name, parent_keyname );
- pstrcat( regkey->name, subkeyname );
+ if ( !subkey_len ) {
+ pstrcpy( regkey->name, parent->name );
+ }
+ else {
+ pstrcpy( regkey->name, "" );
+ if ( parent ) {
+ pstrcat( regkey->name, parent->name );
+ pstrcat( regkey->name, "\\" );
+ }
+ pstrcat( regkey->name, subkeyname2 );
+ }
/* Look up the table of registry I/O operations */
if ( !(regkey->hook = reghook_cache_find( regkey->name )) ) {
DEBUG(0,("open_registry_key: Failed to assigned a REGISTRY_HOOK to [%s]\n",
regkey->name ));
- return NT_STATUS_OBJECT_PATH_NOT_FOUND;
+ result = WERR_BADFILE;
+ goto done;
}
/* check if the path really exists; failed is indicated by -1 */
/* if the subkey count failed, bail out */
- ZERO_STRUCTP( &subkeys );
-
- regsubkey_ctr_init( &subkeys );
-
- if ( fetch_reg_keys( regkey, &subkeys ) == -1 ) {
-
- /* don't really know what to return here */
-
- result = NT_STATUS_ACCESS_DENIED;
+ if ( !(subkeys = TALLOC_ZERO_P( p->mem_ctx, REGSUBKEY_CTR )) ) {
+ result = WERR_NOMEM;
+ goto done;
+ }
+
+ if ( fetch_reg_keys( regkey, subkeys ) == -1 ) {
+ result = WERR_BADFILE;
+ goto done;
}
- else {
- /*
- * This would previously return NT_STATUS_TOO_MANY_SECRETS
- * that doesn't sound quite right to me --jerry
- */
- if ( !create_policy_hnd( p, hnd, free_regkey_info, regkey ) )
- result = NT_STATUS_OBJECT_NAME_NOT_FOUND;
+ if ( !create_policy_hnd( p, hnd, free_regkey_info, regkey ) ) {
+ result = WERR_BADFILE;
+ goto done;
}
+ /* save the access mask */
+
+ regkey->access_granted = access_granted;
+
+done:
/* clean up */
- regsubkey_ctr_destroy( &subkeys );
+ TALLOC_FREE( subkeys );
if ( ! NT_STATUS_IS_OK(result) )
SAFE_FREE( regkey );
- else
- DLIST_ADD( regkeys_list, regkey );
-
DEBUG(7,("open_registry_key: exit\n"));
{
int num_subkeys, i;
uint32 max_len;
- REGSUBKEY_CTR subkeys;
+ REGSUBKEY_CTR *subkeys;
uint32 len;
if ( !key )
return False;
- ZERO_STRUCTP( &subkeys );
-
- regsubkey_ctr_init( &subkeys );
-
- if ( fetch_reg_keys( key, &subkeys ) == -1 )
+ if ( !(subkeys = TALLOC_ZERO_P( NULL, REGSUBKEY_CTR )) )
+ return False;
+
+ if ( fetch_reg_keys( key, subkeys ) == -1 )
return False;
/* find the longest string */
max_len = 0;
- num_subkeys = regsubkey_ctr_numkeys( &subkeys );
+ num_subkeys = regsubkey_ctr_numkeys( subkeys );
for ( i=0; i<num_subkeys; i++ ) {
- len = strlen( regsubkey_ctr_specific_key(&subkeys, i) );
+ len = strlen( regsubkey_ctr_specific_key(subkeys, i) );
max_len = MAX(max_len, len);
}
*maxnum = num_subkeys;
*maxlen = max_len*2;
- regsubkey_ctr_destroy( &subkeys );
+ TALLOC_FREE( subkeys );
return True;
}
/********************************************************************
- retrieve information about the values. We don't store values
- here. The registry tdb is intended to be a frontend to oether
- Samba tdb's (such as ntdrivers.tdb).
+ retrieve information about the values.
*******************************************************************/
static BOOL get_value_information( REGISTRY_KEY *key, uint32 *maxnum,
uint32 *maxlen, uint32 *maxsize )
{
- REGVAL_CTR values;
+ REGVAL_CTR *values;
REGISTRY_VALUE *val;
uint32 sizemax, lenmax;
int i, num_values;
if ( !key )
return False;
- ZERO_STRUCTP( &val );
-
- regval_ctr_init( &values );
+ if ( !(values = TALLOC_ZERO_P( NULL, REGVAL_CTR )) )
+ return False;
- if ( fetch_reg_values( key, &values ) == -1 )
+ if ( fetch_reg_values( key, values ) == -1 )
return False;
lenmax = sizemax = 0;
- num_values = regval_ctr_numvals( &values );
+ num_values = regval_ctr_numvals( values );
+
+ val = regval_ctr_specific_value( values, 0 );
- for ( i=0; i<num_values && val; i++ ) {
- val = regval_ctr_specific_value( &values, i );
- lenmax = MAX(lenmax, strlen(val[i].valuename)+1 );
- sizemax = MAX(sizemax, val[i].size );
+ for ( i=0; i<num_values && val; i++ )
+ {
+ lenmax = MAX(lenmax, val->valuename ? strlen(val->valuename)+1 : 0 );
+ sizemax = MAX(sizemax, val->size );
+
+ val = regval_ctr_specific_value( values, i );
}
*maxnum = num_values;
*maxlen = lenmax;
*maxsize = sizemax;
- regval_ctr_destroy( &values );
+ TALLOC_FREE( values );
return True;
}
reg_close
********************************************************************/
-NTSTATUS _reg_close(pipes_struct *p, REG_Q_CLOSE *q_u, REG_R_CLOSE *r_u)
+WERROR _reg_close(pipes_struct *p, REG_Q_CLOSE *q_u, REG_R_CLOSE *r_u)
{
- /* set up the REG unknown_1 response */
- ZERO_STRUCT(r_u->pol);
-
/* close the policy handle */
+
if (!close_registry_key(p, &q_u->pol))
- return NT_STATUS_OBJECT_NAME_INVALID;
+ return WERR_BADFID;
- return NT_STATUS_OK;
+ return WERR_OK;
}
/*******************************************************************
- reg_reply_open
********************************************************************/
-NTSTATUS _reg_open_hklm(pipes_struct *p, REG_Q_OPEN_HKLM *q_u, REG_R_OPEN_HKLM *r_u)
+WERROR _reg_open_hklm(pipes_struct *p, REG_Q_OPEN_HIVE *q_u, REG_R_OPEN_HIVE *r_u)
{
- return open_registry_key( p, &r_u->pol, NULL, KEY_HKLM, 0x0 );
+ SEC_DESC *sec_desc;
+ uint32 access_granted = 0;
+ NTSTATUS status;
+
+ /* perform access checks */
+ /* top level keys are done here without passing through the REGISTRY_HOOK api */
+
+ if ( !(sec_desc = construct_registry_sd( p->mem_ctx )) )
+ return WERR_NOMEM;
+
+ status = registry_access_check( sec_desc, p->pipe_user.nt_user_token, q_u->access, &access_granted );
+ if ( !NT_STATUS_IS_OK(status) )
+ return ntstatus_to_werror( status );
+
+ return open_registry_key( p, &r_u->pol, NULL, KEY_HKLM, access_granted );
}
/*******************************************************************
- reg_reply_open
********************************************************************/
-NTSTATUS _reg_open_hku(pipes_struct *p, REG_Q_OPEN_HKU *q_u, REG_R_OPEN_HKU *r_u)
+WERROR _reg_open_hkcr(pipes_struct *p, REG_Q_OPEN_HIVE *q_u, REG_R_OPEN_HIVE *r_u)
{
- return open_registry_key( p, &r_u->pol, NULL, KEY_HKU, 0x0 );
+ SEC_DESC *sec_desc;
+ uint32 access_granted = 0;
+ NTSTATUS status;
+
+ /* perform access checks */
+ /* top level keys are done here without passing through the REGISTRY_HOOK api */
+
+ if ( !(sec_desc = construct_registry_sd( p->mem_ctx )) )
+ return WERR_NOMEM;
+
+ status = registry_access_check( sec_desc, p->pipe_user.nt_user_token, q_u->access, &access_granted );
+ if ( !NT_STATUS_IS_OK(status) )
+ return ntstatus_to_werror( status );
+
+ return open_registry_key( p, &r_u->pol, NULL, KEY_HKCR, access_granted );
}
/*******************************************************************
- reg_reply_open_entry
********************************************************************/
-NTSTATUS _reg_open_entry(pipes_struct *p, REG_Q_OPEN_ENTRY *q_u, REG_R_OPEN_ENTRY *r_u)
+WERROR _reg_open_hku(pipes_struct *p, REG_Q_OPEN_HIVE *q_u, REG_R_OPEN_HIVE *r_u)
{
- POLICY_HND pol;
- fstring name;
- REGISTRY_KEY *key = find_regkey_index_by_hnd(p, &q_u->pol);
- NTSTATUS result;
-
- DEBUG(5,("reg_open_entry: Enter\n"));
-
- if ( !key )
- return NT_STATUS_INVALID_HANDLE;
-
- rpcstr_pull(name,q_u->uni_name.buffer,sizeof(name),q_u->uni_name.uni_str_len*2,0);
+ SEC_DESC *sec_desc;
+ uint32 access_granted = 0;
+ NTSTATUS status;
- DEBUG(5,("reg_open_entry: Enter\n"));
+ /* perform access checks */
+ /* top level keys are done here without passing through the REGISTRY_HOOK api */
- result = open_registry_key( p, &pol, key, name, 0x0 );
-
- init_reg_r_open_entry( r_u, &pol, result );
-
- DEBUG(5,("reg_open_entry: Exit\n"));
-
- return r_u->status;
+ if ( !(sec_desc = construct_registry_sd( p->mem_ctx )) )
+ return WERR_NOMEM;
+
+ status = registry_access_check( sec_desc, p->pipe_user.nt_user_token, q_u->access, &access_granted );
+ if ( !NT_STATUS_IS_OK(status) )
+ return ntstatus_to_werror( status );
+
+ return open_registry_key( p, &r_u->pol, NULL, KEY_HKU, access_granted );
}
/*******************************************************************
- reg_reply_info
+ reg_reply_open_entry
********************************************************************/
-NTSTATUS _reg_info(pipes_struct *p, REG_Q_INFO *q_u, REG_R_INFO *r_u)
+WERROR _reg_open_entry(pipes_struct *p, REG_Q_OPEN_ENTRY *q_u, REG_R_OPEN_ENTRY *r_u)
{
- NTSTATUS status = NT_STATUS_OK;
- char *value = NULL;
- uint32 type = 0x1; /* key type: REG_SZ */
- UNISTR2 *uni_key = NULL;
- BUFFER2 *buf = NULL;
fstring name;
- REGISTRY_KEY *key = find_regkey_index_by_hnd( p, &q_u->pol );
+ REGISTRY_KEY *parent = find_regkey_index_by_hnd(p, &q_u->pol);
+ REGISTRY_KEY *newkey;
+ uint32 access_granted;
+ WERROR result;
- DEBUG(5,("_reg_info: Enter\n"));
+ if ( !parent )
+ return WERR_BADFID;
- if ( !key )
- return NT_STATUS_INVALID_HANDLE;
-
- DEBUG(7,("_reg_info: policy key name = [%s]\n", key->name));
+ rpcstr_pull( name, q_u->name.string->buffer, sizeof(name), q_u->name.string->uni_str_len*2, 0 );
+
+ /* check granted access first; what is the correct mask here? */
+
+ if ( !(parent->access_granted & (SEC_RIGHTS_ENUM_SUBKEYS|SEC_RIGHTS_CREATE_SUBKEY|SEC_RIGHTS_QUERY_VALUE|SEC_RIGHTS_SET_VALUE)) )
+ return WERR_ACCESS_DENIED;
+
+ /* open the key first to get the appropriate REGISTRY_HOOK
+ and then check the premissions */
- rpcstr_pull(name, q_u->uni_type.buffer, sizeof(name), q_u->uni_type.uni_str_len*2, 0);
+ if ( !W_ERROR_IS_OK(result = open_registry_key( p, &r_u->handle, parent, name, 0 )) )
+ return result;
- DEBUG(5,("reg_info: checking subkey: %s\n", name));
+ newkey = find_regkey_index_by_hnd(p, &r_u->handle);
- uni_key = (UNISTR2 *)talloc_zero(p->mem_ctx, sizeof(UNISTR2));
- buf = (BUFFER2 *)talloc_zero(p->mem_ctx, sizeof(BUFFER2));
+ /* finally allow the backend to check the access for the requested key */
- if (!uni_key || !buf)
- return NT_STATUS_NO_MEMORY;
+ if ( !regkey_access_check( newkey, q_u->access, &access_granted, p->pipe_user.nt_user_token ) ) {
+ close_registry_key( p, &r_u->handle );
+ return WERR_ACCESS_DENIED;
+ }
- if ( strequal(name, "RefusePasswordChange") ) {
- type=0xF770;
- status = NT_STATUS_NO_SUCH_FILE;
- init_unistr2(uni_key, "", 0);
- init_buffer2(buf, (uint8*) uni_key->buffer, uni_key->uni_str_len*2);
+ /* if successful, save the granted access mask */
+
+ newkey->access_granted = access_granted;
+
+ return WERR_OK;
+}
+
+/*******************************************************************
+ reg_reply_info
+ ********************************************************************/
+
+WERROR _reg_query_value(pipes_struct *p, REG_Q_QUERY_VALUE *q_u, REG_R_QUERY_VALUE *r_u)
+{
+ WERROR status = WERR_BADFILE;
+ fstring name;
+ REGISTRY_KEY *regkey = find_regkey_index_by_hnd( p, &q_u->pol );
+ REGISTRY_VALUE *val = NULL;
+ REGVAL_CTR *regvals;
+ int i;
+
+ if ( !regkey )
+ return WERR_BADFID;
- buf->buf_max_len=4;
+ DEBUG(7,("_reg_info: policy key name = [%s]\n", regkey->name));
+
+ rpcstr_pull(name, q_u->name.string->buffer, sizeof(name), q_u->name.string->uni_str_len*2, 0);
- goto out;
- }
+ DEBUG(5,("reg_info: looking up value: [%s]\n", name));
- switch (lp_server_role()) {
- case ROLE_DOMAIN_PDC:
- case ROLE_DOMAIN_BDC:
- value = "LanmanNT";
- break;
- case ROLE_STANDALONE:
- value = "ServerNT";
- break;
- case ROLE_DOMAIN_MEMBER:
- value = "WinNT";
+ if ( !(regvals = TALLOC_P( p->mem_ctx, REGVAL_CTR )) )
+ return WERR_NOMEM;
+
+ for ( i=0; fetch_reg_values_specific(regkey, &val, i); i++ )
+ {
+ DEBUG(10,("_reg_info: Testing value [%s]\n", val->valuename));
+ if ( strequal( val->valuename, name ) ) {
+ DEBUG(10,("_reg_info: Found match for value [%s]\n", name));
+ status = WERR_OK;
break;
+ }
+
+ free_registry_value( val );
}
- /* This makes the server look like a member server to clients */
- /* which tells clients that we have our own local user and */
- /* group databases and helps with ACL support. */
-
- init_unistr2(uni_key, value, strlen(value)+1);
- init_buffer2(buf, (uint8*)uni_key->buffer, uni_key->uni_str_len*2);
-
- out:
- init_reg_r_info(q_u->ptr_buf, r_u, buf, type, status);
-
- DEBUG(5,("_reg_info: Exit\n"));
+ init_reg_r_query_value(q_u->ptr_buf, r_u, val, status);
+
+ TALLOC_FREE( regvals );
+ free_registry_value( val );
return status;
}
Implementation of REG_QUERY_KEY
****************************************************************************/
-NTSTATUS _reg_query_key(pipes_struct *p, REG_Q_QUERY_KEY *q_u, REG_R_QUERY_KEY *r_u)
+WERROR _reg_query_key(pipes_struct *p, REG_Q_QUERY_KEY *q_u, REG_R_QUERY_KEY *r_u)
{
- NTSTATUS status = NT_STATUS_OK;
+ WERROR status = WERR_OK;
REGISTRY_KEY *regkey = find_regkey_index_by_hnd( p, &q_u->pol );
- DEBUG(5,("_reg_query_key: Enter\n"));
-
if ( !regkey )
- return NT_STATUS_INVALID_HANDLE;
+ return WERR_BADFID;
- if ( !get_subkey_information( regkey, &r_u->num_subkeys, &r_u->max_subkeylen ) )
- return NT_STATUS_ACCESS_DENIED;
+ if ( !get_subkey_information( regkey, &r_u->num_subkeys, &r_u->max_subkeylen ) ) {
+ DEBUG(0,("_reg_query_key: get_subkey_information() failed!\n"));
+ return WERR_ACCESS_DENIED;
+ }
- if ( !get_value_information( regkey, &r_u->num_values, &r_u->max_valnamelen, &r_u->max_valbufsize ) )
- return NT_STATUS_ACCESS_DENIED;
+ if ( !get_value_information( regkey, &r_u->num_values, &r_u->max_valnamelen, &r_u->max_valbufsize ) ) {
+ DEBUG(0,("_reg_query_key: get_value_information() failed!\n"));
+ return WERR_ACCESS_DENIED;
+ }
r_u->sec_desc = 0x00000078; /* size for key's sec_desc */
ZERO_STRUCT(r_u->mod_time);
- DEBUG(5,("_reg_query_key: Exit\n"));
-
return status;
}
/*****************************************************************************
- Implementation of REG_UNKNOWN_1A
+ Implementation of REG_GETVERSION
****************************************************************************/
-NTSTATUS _reg_unknown_1a(pipes_struct *p, REG_Q_UNKNOWN_1A *q_u, REG_R_UNKNOWN_1A *r_u)
+WERROR _reg_getversion(pipes_struct *p, REG_Q_GETVERSION *q_u, REG_R_GETVERSION *r_u)
{
- NTSTATUS status = NT_STATUS_OK;
+ WERROR status = WERR_OK;
REGISTRY_KEY *regkey = find_regkey_index_by_hnd( p, &q_u->pol );
- DEBUG(5,("_reg_unknown_1a: Enter\n"));
-
if ( !regkey )
- return NT_STATUS_INVALID_HANDLE;
+ return WERR_BADFID;
- r_u->unknown = 0x00000005; /* seems to be consistent...no idea what it means */
-
- DEBUG(5,("_reg_unknown_1a: Exit\n"));
+ r_u->win_version = 0x00000005; /* Windows 2000 registry API version */
return status;
}
Implementation of REG_ENUM_KEY
****************************************************************************/
-NTSTATUS _reg_enum_key(pipes_struct *p, REG_Q_ENUM_KEY *q_u, REG_R_ENUM_KEY *r_u)
+WERROR _reg_enum_key(pipes_struct *p, REG_Q_ENUM_KEY *q_u, REG_R_ENUM_KEY *r_u)
{
- NTSTATUS status = NT_STATUS_OK;
+ WERROR status = WERR_OK;
REGISTRY_KEY *regkey = find_regkey_index_by_hnd( p, &q_u->pol );
- char *subkey;
-
+ char *subkey = NULL;
- DEBUG(5,("_reg_enum_key: Enter\n"));
if ( !regkey )
- return NT_STATUS_INVALID_HANDLE;
+ return WERR_BADFID;
DEBUG(8,("_reg_enum_key: enumerating key [%s]\n", regkey->name));
if ( !fetch_reg_keys_specific( regkey, &subkey, q_u->key_index ) )
{
- status = NT_STATUS_NO_MORE_ENTRIES;
+ status = WERR_NO_MORE_ITEMS;
goto done;
}
/* subkey has the string name now */
- init_reg_r_enum_key( r_u, subkey, q_u->unknown_1, q_u->unknown_2 );
-
- DEBUG(5,("_reg_enum_key: Exit\n"));
+ init_reg_r_enum_key( r_u, subkey );
done:
SAFE_FREE( subkey );
return status;
}
+/*****************************************************************************
+ Implementation of REG_ENUM_VALUE
+ ****************************************************************************/
+
+WERROR _reg_enum_value(pipes_struct *p, REG_Q_ENUM_VALUE *q_u, REG_R_ENUM_VALUE *r_u)
+{
+ WERROR status = WERR_OK;
+ REGISTRY_KEY *regkey = find_regkey_index_by_hnd( p, &q_u->pol );
+ REGISTRY_VALUE *val;
+
+
+ if ( !regkey )
+ return WERR_BADFID;
+
+ DEBUG(8,("_reg_enum_value: enumerating values for key [%s]\n", regkey->name));
+
+ if ( !fetch_reg_values_specific( regkey, &val, q_u->val_index ) ) {
+ status = WERR_NO_MORE_ITEMS;
+ goto done;
+ }
+
+ DEBUG(10,("_reg_enum_value: retrieved value named [%s]\n", val->valuename));
+
+ /* subkey has the string name now */
+
+ init_reg_r_enum_val( r_u, val );
+
+done:
+ free_registry_value( val );
+
+ return status;
+}
+
/*******************************************************************
reg_shutdwon
********************************************************************/
+WERROR _reg_shutdown(pipes_struct *p, REG_Q_SHUTDOWN *q_u, REG_R_SHUTDOWN *r_u)
+{
+ REG_Q_SHUTDOWN_EX q_u_ex;
+ REG_R_SHUTDOWN_EX r_u_ex;
+
+ /* copy fields (including stealing memory) */
+
+ q_u_ex.server = q_u->server;
+ q_u_ex.message = q_u->message;
+ q_u_ex.timeout = q_u->timeout;
+ q_u_ex.force = q_u->force;
+ q_u_ex.reboot = q_u->reboot;
+ q_u_ex.reason = 0x0; /* don't care for now */
+
+ /* thunk down to _reg_shutdown_ex() (just returns a status) */
+
+ return _reg_shutdown_ex( p, &q_u_ex, &r_u_ex );
+}
+
+/*******************************************************************
+ reg_shutdown_ex
+ ********************************************************************/
+
#define SHUTDOWN_R_STRING "-r"
#define SHUTDOWN_F_STRING "-f"
-NTSTATUS _reg_shutdown(pipes_struct *p, REG_Q_SHUTDOWN *q_u, REG_R_SHUTDOWN *r_u)
+WERROR _reg_shutdown_ex(pipes_struct *p, REG_Q_SHUTDOWN_EX *q_u, REG_R_SHUTDOWN_EX *r_u)
{
- NTSTATUS status = NT_STATUS_OK;
pstring shutdown_script;
- UNISTR2 unimsg = q_u->uni_msg;
pstring message;
pstring chkmsg;
fstring timeout;
+ fstring reason;
fstring r;
fstring f;
+ int ret;
+ BOOL can_shutdown;
- /* message */
- rpcstr_pull (message, unimsg.buffer, sizeof(message), unimsg.uni_str_len*2,0);
- /* security check */
- alpha_strcpy (chkmsg, message, NULL, sizeof(message));
- /* timeout */
- snprintf(timeout, sizeof(timeout), "%d", q_u->timeout);
- /* reboot */
- snprintf(r, sizeof(r), (q_u->flags & REG_REBOOT_ON_SHUTDOWN)?SHUTDOWN_R_STRING:"");
- /* force */
- snprintf(f, sizeof(f), (q_u->flags & REG_FORCE_SHUTDOWN)?SHUTDOWN_F_STRING:"");
- pstrcpy(shutdown_script, lp_shutdown_script());
+ pstrcpy(shutdown_script, lp_shutdown_script());
+
+ if ( !*shutdown_script )
+ return WERR_ACCESS_DENIED;
+
+ /* pull the message string and perform necessary sanity checks on it */
- if(*shutdown_script) {
- int shutdown_ret;
- all_string_sub(shutdown_script, "%m", chkmsg, sizeof(shutdown_script));
- all_string_sub(shutdown_script, "%t", timeout, sizeof(shutdown_script));
- all_string_sub(shutdown_script, "%r", r, sizeof(shutdown_script));
- all_string_sub(shutdown_script, "%f", f, sizeof(shutdown_script));
- shutdown_ret = smbrun(shutdown_script,NULL);
- DEBUG(3,("_reg_shutdown: Running the command `%s' gave %d\n",shutdown_script,shutdown_ret));
+ pstrcpy( message, "" );
+ if ( q_u->message ) {
+ UNISTR2 *msg_string = q_u->message->string;
+
+ rpcstr_pull( message, msg_string->buffer, sizeof(message), msg_string->uni_str_len*2, 0 );
}
+ alpha_strcpy (chkmsg, message, NULL, sizeof(message));
+
+ fstr_sprintf(timeout, "%d", q_u->timeout);
+ fstr_sprintf(r, (q_u->reboot) ? SHUTDOWN_R_STRING : "");
+ fstr_sprintf(f, (q_u->force) ? SHUTDOWN_F_STRING : "");
+ fstr_sprintf( reason, "%d", q_u->reason );
+
+ all_string_sub( shutdown_script, "%z", chkmsg, sizeof(shutdown_script) );
+ all_string_sub( shutdown_script, "%t", timeout, sizeof(shutdown_script) );
+ all_string_sub( shutdown_script, "%r", r, sizeof(shutdown_script) );
+ all_string_sub( shutdown_script, "%f", f, sizeof(shutdown_script) );
+ all_string_sub( shutdown_script, "%x", reason, sizeof(shutdown_script) );
+
+ can_shutdown = user_has_privileges( p->pipe_user.nt_user_token, &se_remote_shutdown );
+
+ /* IF someone has privs, run the shutdown script as root. OTHERWISE run it as not root
+ Take the error return from the script and provide it as the Windows return code. */
+
+ /********** BEGIN SeRemoteShutdownPrivilege BLOCK **********/
+
+ if ( can_shutdown )
+ become_root();
- return status;
+ ret = smbrun( shutdown_script, NULL );
+
+ if ( can_shutdown )
+ unbecome_root();
+
+ /********** END SeRemoteShutdownPrivilege BLOCK **********/
+
+ DEBUG(3,("_reg_shutdown_ex: Running the command `%s' gave %d\n",
+ shutdown_script, ret));
+
+
+ return (ret == 0) ? WERR_OK : WERR_ACCESS_DENIED;
}
+
+
+
/*******************************************************************
reg_abort_shutdwon
********************************************************************/
-NTSTATUS _reg_abort_shutdown(pipes_struct *p, REG_Q_ABORT_SHUTDOWN *q_u, REG_R_ABORT_SHUTDOWN *r_u)
+WERROR _reg_abort_shutdown(pipes_struct *p, REG_Q_ABORT_SHUTDOWN *q_u, REG_R_ABORT_SHUTDOWN *r_u)
{
- NTSTATUS status = NT_STATUS_OK;
pstring abort_shutdown_script;
+ int ret;
+ BOOL can_shutdown;
pstrcpy(abort_shutdown_script, lp_abort_shutdown_script());
- if(*abort_shutdown_script) {
- int abort_shutdown_ret;
- abort_shutdown_ret = smbrun(abort_shutdown_script,NULL);
- DEBUG(3,("_reg_abort_shutdown: Running the command `%s' gave %d\n",abort_shutdown_script,abort_shutdown_ret));
+ if ( !*abort_shutdown_script )
+ return WERR_ACCESS_DENIED;
+
+ can_shutdown = user_has_privileges( p->pipe_user.nt_user_token, &se_remote_shutdown );
+
+ /********** BEGIN SeRemoteShutdownPrivilege BLOCK **********/
+
+ if ( can_shutdown )
+ become_root();
+
+ ret = smbrun( abort_shutdown_script, NULL );
+
+ if ( can_shutdown )
+ unbecome_root();
+
+ /********** END SeRemoteShutdownPrivilege BLOCK **********/
+
+ DEBUG(3,("_reg_abort_shutdown: Running the command `%s' gave %d\n",
+ abort_shutdown_script, ret));
+
+
+ return (ret == 0) ? WERR_OK : WERR_ACCESS_DENIED;
+}
+
+/*******************************************************************
+ ********************************************************************/
+
+static int validate_reg_filename( pstring fname )
+{
+ char *p;
+ int num_services = lp_numservices();
+ int snum;
+ pstring share_path;
+ pstring unix_fname;
+
+ /* convert to a unix path, stripping the C:\ along the way */
+
+ if ( !(p = valid_share_pathname( fname ) ))
+ return -1;
+
+ /* has to exist within a valid file share */
+
+ for ( snum=0; snum<num_services; snum++ ) {
+
+ if ( !lp_snum_ok(snum) || lp_print_ok(snum) )
+ continue;
+
+ pstrcpy( share_path, lp_pathname(snum) );
+
+ /* make sure we have a path (e.g. [homes] ) */
+
+ if ( strlen( share_path ) == 0 )
+ continue;
+
+ if ( strncmp( share_path, p, strlen( share_path )) == 0 )
+ break;
}
+
+ /* p and fname are overlapping memory so copy out and back in again */
+
+ pstrcpy( unix_fname, p );
+ pstrcpy( fname, unix_fname );
+
+ return (snum < num_services) ? snum : -1;
+}
- return status;
+/*******************************************************************
+ Note: topkeypat is the *full* path that this *key will be
+ loaded into (including the name of the key)
+ ********************************************************************/
+
+static WERROR reg_load_tree( REGF_FILE *regfile, const char *topkeypath,
+ REGF_NK_REC *key )
+{
+ REGF_NK_REC *subkey;
+ REGISTRY_KEY registry_key;
+ REGVAL_CTR *values;
+ REGSUBKEY_CTR *subkeys;
+ int i;
+ pstring path;
+ WERROR result = WERR_OK;
+
+ /* initialize the REGISTRY_KEY structure */
+
+ if ( !(registry_key.hook = reghook_cache_find(topkeypath)) ) {
+ DEBUG(0,("reg_load_tree: Failed to assigned a REGISTRY_HOOK to [%s]\n",
+ topkeypath ));
+ return WERR_BADFILE;
+ }
+ pstrcpy( registry_key.name, topkeypath );
+
+ /* now start parsing the values and subkeys */
+
+ if ( !(subkeys = TALLOC_ZERO_P( regfile->mem_ctx, REGSUBKEY_CTR )) )
+ return WERR_NOMEM;
+
+ if ( !(values = TALLOC_ZERO_P( subkeys, REGVAL_CTR )) )
+ return WERR_NOMEM;
+
+ /* copy values into the REGVAL_CTR */
+
+ for ( i=0; i<key->num_values; i++ ) {
+ regval_ctr_addvalue( values, key->values[i].valuename, key->values[i].type,
+ key->values[i].data, (key->values[i].data_size & ~VK_DATA_IN_OFFSET) );
+ }
+
+ /* copy subkeys into the REGSUBKEY_CTR */
+
+ key->subkey_index = 0;
+ while ( (subkey = regfio_fetch_subkey( regfile, key )) ) {
+ regsubkey_ctr_addkey( subkeys, subkey->keyname );
+ }
+
+ /* write this key and values out */
+
+ if ( !store_reg_values( ®istry_key, values )
+ || !store_reg_keys( ®istry_key, subkeys ) )
+ {
+ DEBUG(0,("reg_load_tree: Failed to load %s!\n", topkeypath));
+ result = WERR_REG_IO_FAILURE;
+ }
+
+ TALLOC_FREE( subkeys );
+
+ if ( !W_ERROR_IS_OK(result) )
+ return result;
+
+ /* now continue to load each subkey registry tree */
+
+ key->subkey_index = 0;
+ while ( (subkey = regfio_fetch_subkey( regfile, key )) ) {
+ pstr_sprintf( path, "%s%s%s", topkeypath, "\\", subkey->keyname );
+ result = reg_load_tree( regfile, path, subkey );
+ if ( !W_ERROR_IS_OK(result) )
+ break;
+ }
+
+ return result;
+}
+
+/*******************************************************************
+ ********************************************************************/
+
+static WERROR restore_registry_key ( REGISTRY_KEY *krecord, const char *fname )
+{
+ REGF_FILE *regfile;
+ REGF_NK_REC *rootkey;
+ WERROR result;
+
+ /* open the registry file....fail if the file already exists */
+
+ if ( !(regfile = regfio_open( fname, (O_RDONLY), 0 )) ) {
+ DEBUG(0,("backup_registry_key: failed to open \"%s\" (%s)\n",
+ fname, strerror(errno) ));
+ return ( ntstatus_to_werror(map_nt_error_from_unix( errno )) );
+ }
+
+ /* get the rootkey from the regf file and then load the tree
+ via recursive calls */
+
+ if ( !(rootkey = regfio_rootkey( regfile )) )
+ return WERR_REG_FILE_INVALID;
+
+ result = reg_load_tree( regfile, krecord->name, rootkey );
+
+ /* cleanup */
+
+ regfio_close( regfile );
+
+ return result;
+}
+
+/*******************************************************************
+ ********************************************************************/
+
+WERROR _reg_restore_key(pipes_struct *p, REG_Q_RESTORE_KEY *q_u, REG_R_RESTORE_KEY *r_u)
+{
+ REGISTRY_KEY *regkey = find_regkey_index_by_hnd( p, &q_u->pol );
+ pstring filename;
+ int snum;
+
+ if ( !regkey )
+ return WERR_BADFID;
+
+ rpcstr_pull(filename, q_u->filename.string->buffer, sizeof(filename), q_u->filename.string->uni_str_len*2, STR_TERMINATE);
+
+ DEBUG(8,("_reg_restore_key: verifying restore of key [%s] from \"%s\"\n", regkey->name, filename));
+
+ if ( (snum = validate_reg_filename( filename )) == -1 )
+ return WERR_OBJECT_PATH_INVALID;
+
+ /* user must posses SeRestorePrivilege for this this proceed */
+
+ if ( !user_has_privileges( p->pipe_user.nt_user_token, &se_restore ) )
+ return WERR_ACCESS_DENIED;
+
+ DEBUG(2,("_reg_restore_key: Restoring [%s] from %s in share %s\n", regkey->name, filename, lp_servicename(snum) ));
+
+ return restore_registry_key( regkey, filename );
+}
+
+/********************************************************************
+********************************************************************/
+
+static WERROR reg_write_tree( REGF_FILE *regfile, const char *keypath,
+ REGF_NK_REC *parent, SEC_DESC *sec_desc )
+{
+ REGF_NK_REC *key;
+ REGVAL_CTR *values;
+ REGSUBKEY_CTR *subkeys;
+ int i, num_subkeys;
+ pstring key_tmp;
+ char *keyname, *parentpath;
+ pstring subkeypath;
+ char *subkeyname;
+ REGISTRY_KEY registry_key;
+ WERROR result = WERR_OK;
+
+ if ( !regfile )
+ return WERR_GENERAL_FAILURE;
+
+ if ( !keypath )
+ return WERR_OBJECT_PATH_INVALID;
+
+ /* split up the registry key path */
+
+ pstrcpy( key_tmp, keypath );
+ if ( !reg_split_key( key_tmp, &parentpath, &keyname ) )
+ return WERR_OBJECT_PATH_INVALID;
+
+ if ( !keyname )
+ keyname = parentpath;
+
+ /* we need a REGISTRY_KEY object here to enumerate subkeys and values */
+
+ ZERO_STRUCT( registry_key );
+ pstrcpy( registry_key.name, keypath );
+ if ( !(registry_key.hook = reghook_cache_find( registry_key.name )) )
+ return WERR_BADFILE;
+
+
+ /* lookup the values and subkeys */
+
+ if ( !(subkeys = TALLOC_ZERO_P( regfile->mem_ctx, REGSUBKEY_CTR )) )
+ return WERR_NOMEM;
+
+ if ( !(values = TALLOC_ZERO_P( subkeys, REGVAL_CTR )) )
+ return WERR_NOMEM;
+
+ fetch_reg_keys( ®istry_key, subkeys );
+ fetch_reg_values( ®istry_key, values );
+
+ /* write out this key */
+
+ if ( !(key = regfio_write_key( regfile, keyname, values, subkeys, sec_desc, parent )) ) {
+ result = WERR_CAN_NOT_COMPLETE;
+ goto done;
+ }
+
+ /* write each one of the subkeys out */
+
+ num_subkeys = regsubkey_ctr_numkeys( subkeys );
+ for ( i=0; i<num_subkeys; i++ ) {
+ subkeyname = regsubkey_ctr_specific_key( subkeys, i );
+ pstr_sprintf( subkeypath, "%s\\%s", keypath, subkeyname );
+ result = reg_write_tree( regfile, subkeypath, key, sec_desc );
+ if ( !W_ERROR_IS_OK(result) )
+ goto done;
+ }
+
+ DEBUG(6,("reg_write_tree: wrote key [%s]\n", keypath ));
+
+done:
+ TALLOC_FREE( subkeys );
+
+ return result;
+}
+
+/*******************************************************************
+ ********************************************************************/
+
+static WERROR make_default_reg_sd( TALLOC_CTX *ctx, SEC_DESC **psd )
+{
+ DOM_SID adm_sid, owner_sid;
+ SEC_ACE ace[2]; /* at most 2 entries */
+ SEC_ACCESS mask;
+ SEC_ACL *psa = NULL;
+ uint32 sd_size;
+
+ /* set the owner to BUILTIN\Administrator */
+
+ sid_copy(&owner_sid, &global_sid_Builtin);
+ sid_append_rid(&owner_sid, DOMAIN_USER_RID_ADMIN );
+
+
+ /* basic access for Everyone */
+
+ init_sec_access(&mask, reg_generic_map.generic_execute | reg_generic_map.generic_read );
+ init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+
+ /* add Full Access 'BUILTIN\Administrators' */
+
+ init_sec_access(&mask, reg_generic_map.generic_all);
+ sid_copy(&adm_sid, &global_sid_Builtin);
+ sid_append_rid(&adm_sid, BUILTIN_ALIAS_RID_ADMINS);
+ init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+
+ /* create the security descriptor */
+
+ if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 2, ace)) == NULL)
+ return WERR_NOMEM;
+
+ if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, &owner_sid, NULL, NULL, psa, &sd_size)) == NULL)
+ return WERR_NOMEM;
+
+ return WERR_OK;
+}
+
+/*******************************************************************
+ ********************************************************************/
+
+static WERROR backup_registry_key ( REGISTRY_KEY *krecord, const char *fname )
+{
+ REGF_FILE *regfile;
+ WERROR result;
+ SEC_DESC *sd = NULL;
+
+ /* open the registry file....fail if the file already exists */
+
+ if ( !(regfile = regfio_open( fname, (O_RDWR|O_CREAT|O_EXCL), (S_IREAD|S_IWRITE) )) ) {
+ DEBUG(0,("backup_registry_key: failed to open \"%s\" (%s)\n",
+ fname, strerror(errno) ));
+ return ( ntstatus_to_werror(map_nt_error_from_unix( errno )) );
+ }
+
+ if ( !W_ERROR_IS_OK(result = make_default_reg_sd( regfile->mem_ctx, &sd )) ) {
+ regfio_close( regfile );
+ return result;
+ }
+
+ /* write the registry tree to the file */
+
+ result = reg_write_tree( regfile, krecord->name, NULL, sd );
+
+ /* cleanup */
+
+ regfio_close( regfile );
+
+ return result;
+}
+
+/*******************************************************************
+ ********************************************************************/
+
+WERROR _reg_save_key(pipes_struct *p, REG_Q_SAVE_KEY *q_u, REG_R_SAVE_KEY *r_u)
+{
+ REGISTRY_KEY *regkey = find_regkey_index_by_hnd( p, &q_u->pol );
+ pstring filename;
+ int snum;
+
+ if ( !regkey )
+ return WERR_BADFID;
+
+ rpcstr_pull(filename, q_u->filename.string->buffer, sizeof(filename), q_u->filename.string->uni_str_len*2, STR_TERMINATE);
+
+ DEBUG(8,("_reg_save_key: verifying backup of key [%s] to \"%s\"\n", regkey->name, filename));
+
+ if ( (snum = validate_reg_filename( filename )) == -1 )
+ return WERR_OBJECT_PATH_INVALID;
+
+ DEBUG(2,("_reg_save_key: Saving [%s] to %s in share %s\n", regkey->name, filename, lp_servicename(snum) ));
+
+ return backup_registry_key( regkey, filename );
+
+ return WERR_OK;
+}
+
+/*******************************************************************
+ ********************************************************************/
+
+WERROR _reg_create_key_ex(pipes_struct *p, REG_Q_CREATE_KEY_EX *q_u, REG_R_CREATE_KEY_EX *r_u)
+{
+ REGISTRY_KEY *parent = find_regkey_index_by_hnd(p, &q_u->handle);
+ REGISTRY_KEY *newparent;
+ POLICY_HND newparent_handle;
+ REGSUBKEY_CTR *subkeys;
+ BOOL write_result;
+ pstring name;
+ WERROR result;
+
+ if ( !parent )
+ return WERR_BADFID;
+
+ rpcstr_pull( name, q_u->name.string->buffer, sizeof(name), q_u->name.string->uni_str_len*2, 0 );
+
+ /* ok. Here's what we do. */
+
+ if ( strrchr( name, '\\' ) ) {
+ pstring newkeyname;
+ char *ptr;
+ uint32 access_granted;
+
+ /* (1) check for enumerate rights on the parent handle. CLients can try
+ create things like 'SOFTWARE\Samba' on the HKLM handle.
+ (2) open the path to the child parent key if necessary */
+
+ if ( !(parent->access_granted & SEC_RIGHTS_ENUM_SUBKEYS) )
+ return WERR_ACCESS_DENIED;
+
+ pstrcpy( newkeyname, name );
+ ptr = strrchr( newkeyname, '\\' );
+ *ptr = '\0';
+
+ result = open_registry_key( p, &newparent_handle, parent, newkeyname, 0 );
+ if ( !W_ERROR_IS_OK(result) )
+ return result;
+
+ newparent = find_regkey_index_by_hnd(p, &newparent_handle);
+ SMB_ASSERT( newparent != NULL );
+
+ if ( !regkey_access_check( newparent, REG_KEY_READ|REG_KEY_WRITE, &access_granted, p->pipe_user.nt_user_token ) ) {
+ result = WERR_ACCESS_DENIED;
+ goto done;
+ }
+
+ newparent->access_granted = access_granted;
+
+ /* copy the new key name (just the lower most keyname) */
+
+ pstrcpy( name, ptr+1 );
+ }
+ else {
+ /* use the existing open key information */
+ newparent = parent;
+ memcpy( &newparent_handle, &q_u->handle, sizeof(POLICY_HND) );
+ }
+
+ /* (3) check for create subkey rights on the correct parent */
+
+ if ( !(newparent->access_granted & SEC_RIGHTS_CREATE_SUBKEY) ) {
+ result = WERR_ACCESS_DENIED;
+ goto done;
+ }
+
+ if ( !(subkeys = TALLOC_ZERO_P( p->mem_ctx, REGSUBKEY_CTR )) ) {
+ result = WERR_NOMEM;
+ goto done;
+ }
+
+ /* (4) lookup the current keys and add the new one */
+
+ fetch_reg_keys( newparent, subkeys );
+ regsubkey_ctr_addkey( subkeys, name );
+
+ /* now write to the registry backend */
+
+ write_result = store_reg_keys( newparent, subkeys );
+
+ TALLOC_FREE( subkeys );
+
+ if ( !write_result )
+ return WERR_REG_IO_FAILURE;
+
+ /* (5) open the new key and return the handle. Note that it is probably
+ not correct to grant full access on this open handle. We should pass
+ the new open through the regkey_access_check() like we do for
+ _reg_open_entry() but this is ok for now. */
+
+ result = open_registry_key( p, &r_u->handle, newparent, name, REG_KEY_ALL );
+
+done:
+ /* close any intermediate key handles */
+
+ if ( newparent != parent )
+ close_registry_key( p, &newparent_handle );
+
+ return result;
+}
+
+
+/*******************************************************************
+ ********************************************************************/
+
+WERROR _reg_set_value(pipes_struct *p, REG_Q_SET_VALUE *q_u, REG_R_SET_VALUE *r_u)
+{
+ REGISTRY_KEY *key = find_regkey_index_by_hnd(p, &q_u->handle);
+ REGVAL_CTR *values;
+ BOOL write_result;
+ fstring valuename;
+
+ if ( !key )
+ return WERR_BADFID;
+
+ /* access checks first */
+
+ if ( !(key->access_granted & SEC_RIGHTS_SET_VALUE) )
+ return WERR_ACCESS_DENIED;
+
+ rpcstr_pull( valuename, q_u->name.string->buffer, sizeof(valuename), q_u->name.string->uni_str_len*2, 0 );
+
+ /* verify the name */
+
+ if ( !*valuename )
+ return WERR_INVALID_PARAM;
+
+ DEBUG(8,("_reg_set_value: Setting value for [%s:%s]\n", key->name, valuename));
+
+ if ( !(values = TALLOC_ZERO_P( p->mem_ctx, REGVAL_CTR )) )
+ return WERR_NOMEM;
+
+ /* lookup the current values and add the new one */
+
+ fetch_reg_values( key, values );
+
+ regval_ctr_addvalue( values, valuename, q_u->type, q_u->value.buffer, q_u->value.buf_len );
+
+ /* now write to the registry backend */
+
+ write_result = store_reg_values( key, values );
+
+ TALLOC_FREE( values );
+
+ if ( !write_result )
+ return WERR_REG_IO_FAILURE;
+
+ return WERR_OK;
+}
+
+/*******************************************************************
+ ********************************************************************/
+
+WERROR _reg_delete_key(pipes_struct *p, REG_Q_DELETE_KEY *q_u, REG_R_DELETE_KEY *r_u)
+{
+ REGISTRY_KEY *parent = find_regkey_index_by_hnd(p, &q_u->handle);
+ REGISTRY_KEY *newparent;
+ POLICY_HND newparent_handle;
+ REGSUBKEY_CTR *subkeys;
+ BOOL write_result;
+ pstring name;
+ WERROR result;
+
+ if ( !parent )
+ return WERR_BADFID;
+
+ rpcstr_pull( name, q_u->name.string->buffer, sizeof(name), q_u->name.string->uni_str_len*2, 0 );
+
+ /* ok. Here's what we do. */
+
+ if ( strrchr( name, '\\' ) ) {
+ pstring newkeyname;
+ char *ptr;
+ uint32 access_granted;
+
+ /* (1) check for enumerate rights on the parent handle. CLients can try
+ create things like 'SOFTWARE\Samba' on the HKLM handle.
+ (2) open the path to the child parent key if necessary */
+
+ if ( !(parent->access_granted & SEC_RIGHTS_ENUM_SUBKEYS) )
+ return WERR_ACCESS_DENIED;
+
+ pstrcpy( newkeyname, name );
+ ptr = strrchr( newkeyname, '\\' );
+ *ptr = '\0';
+
+ result = open_registry_key( p, &newparent_handle, parent, newkeyname, 0 );
+ if ( !W_ERROR_IS_OK(result) )
+ return result;
+
+ newparent = find_regkey_index_by_hnd(p, &newparent_handle);
+ SMB_ASSERT( newparent != NULL );
+
+ if ( !regkey_access_check( newparent, REG_KEY_READ|REG_KEY_WRITE, &access_granted, p->pipe_user.nt_user_token ) ) {
+ result = WERR_ACCESS_DENIED;
+ goto done;
+ }
+
+ newparent->access_granted = access_granted;
+
+ /* copy the new key name (just the lower most keyname) */
+
+ pstrcpy( name, ptr+1 );
+ }
+ else {
+ /* use the existing open key information */
+ newparent = parent;
+ memcpy( &newparent_handle, &q_u->handle, sizeof(POLICY_HND) );
+ }
+
+ /* (3) check for create subkey rights on the correct parent */
+
+ if ( !(newparent->access_granted & STD_RIGHT_DELETE_ACCESS) ) {
+ result = WERR_ACCESS_DENIED;
+ goto done;
+ }
+
+ if ( !(subkeys = TALLOC_ZERO_P( p->mem_ctx, REGSUBKEY_CTR )) ) {
+ result = WERR_NOMEM;
+ goto done;
+ }
+
+ /* lookup the current keys and delete the new one */
+
+ fetch_reg_keys( newparent, subkeys );
+
+ regsubkey_ctr_delkey( subkeys, name );
+
+ /* now write to the registry backend */
+
+ write_result = store_reg_keys( newparent, subkeys );
+
+ TALLOC_FREE( subkeys );
+
+ result = write_result ? WERR_OK : WERR_REG_IO_FAILURE;
+
+done:
+ /* close any intermediate key handles */
+
+ if ( newparent != parent )
+ close_registry_key( p, &newparent_handle );
+
+ return result;
+}
+
+
+/*******************************************************************
+ ********************************************************************/
+
+WERROR _reg_delete_value(pipes_struct *p, REG_Q_DELETE_VALUE *q_u, REG_R_DELETE_VALUE *r_u)
+{
+ REGISTRY_KEY *key = find_regkey_index_by_hnd(p, &q_u->handle);
+ REGVAL_CTR *values;
+ BOOL write_result;
+ fstring valuename;
+
+ if ( !key )
+ return WERR_BADFID;
+
+ /* access checks first */
+
+ if ( !(key->access_granted & SEC_RIGHTS_SET_VALUE) )
+ return WERR_ACCESS_DENIED;
+
+ rpcstr_pull( valuename, q_u->name.string->buffer, sizeof(valuename), q_u->name.string->uni_str_len*2, 0 );
+
+ if ( !*valuename )
+ return WERR_INVALID_PARAM;
+
+ DEBUG(8,("_reg_delete_value: Setting value for [%s:%s]\n", key->name, valuename));
+
+ if ( !(values = TALLOC_ZERO_P( p->mem_ctx, REGVAL_CTR )) )
+ return WERR_NOMEM;
+
+ /* lookup the current values and add the new one */
+
+ fetch_reg_values( key, values );
+
+ regval_ctr_delvalue( values, valuename );
+
+ /* now write to the registry backend */
+
+ write_result = store_reg_values( key, values );
+
+ TALLOC_FREE( values );
+
+ if ( !write_result )
+ return WERR_REG_IO_FAILURE;
+
+ return WERR_OK;
+}
+
+/*******************************************************************
+ ********************************************************************/
+
+WERROR _reg_get_key_sec(pipes_struct *p, REG_Q_GET_KEY_SEC *q_u, REG_R_GET_KEY_SEC *r_u)
+{
+ REGISTRY_KEY *key = find_regkey_index_by_hnd(p, &q_u->handle);
+
+ if ( !key )
+ return WERR_BADFID;
+
+ /* access checks first */
+
+ if ( !(key->access_granted & STD_RIGHT_READ_CONTROL_ACCESS) )
+ return WERR_ACCESS_DENIED;
+
+ return WERR_ACCESS_DENIED;
+}
+
+/*******************************************************************
+ ********************************************************************/
+
+WERROR _reg_set_key_sec(pipes_struct *p, REG_Q_SET_KEY_SEC *q_u, REG_R_SET_KEY_SEC *r_u)
+{
+ REGISTRY_KEY *key = find_regkey_index_by_hnd(p, &q_u->handle);
+
+ if ( !key )
+ return WERR_BADFID;
+
+ /* access checks first */
+
+ if ( !(key->access_granted & STD_RIGHT_WRITE_DAC_ACCESS) )
+ return WERR_ACCESS_DENIED;
+
+ return WERR_ACCESS_DENIED;
}