bool regkey_access_check( REGISTRY_KEY *key, uint32 requested, uint32 *granted,
const struct nt_user_token *token )
{
SEC_DESC *sec_desc;
NTSTATUS status;
WERROR err;
/* use the default security check if the backend has not defined its
* own */
if (key->ops && key->ops->reg_access_check) {
return key->ops->reg_access_check(key->name, requested,
granted, token);
}
err = regkey_get_secdesc(talloc_tos(), key, &sec_desc);
if (!W_ERROR_IS_OK(err)) {
return false;
}
se_map_generic( &requested, ®_generic_map );
status =se_access_check(sec_desc, token, requested, granted);
TALLOC_FREE(sec_desc);
if (!NT_STATUS_IS_OK(status)) {
return false;
}
return NT_STATUS_IS_OK(status);
}
bool regkey_access_check( REGISTRY_KEY *key, uint32 requested, uint32 *granted,
const struct nt_user_token *token )
{
SEC_DESC *sec_desc;
NTSTATUS status;
WERROR err;
TALLOC_CTX *mem_ctx;
/* use the default security check if the backend has not defined its
* own */
if (key->ops && key->ops->reg_access_check) {
return key->ops->reg_access_check(key->name, requested,
granted, token);
}
/*
* The secdesc routines can't yet cope with a NULL talloc ctx sanely.
*/
if (!(mem_ctx = talloc_init("regkey_access_check"))) {
return false;
}
err = regkey_get_secdesc(mem_ctx, key, &sec_desc);
if (!W_ERROR_IS_OK(err)) {
TALLOC_FREE(mem_ctx);
return false;
}
se_map_generic( &requested, ®_generic_map );
status =se_access_check(sec_desc, token, requested, granted);
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(mem_ctx);
return false;
}
TALLOC_FREE(mem_ctx);
return NT_STATUS_IS_OK(status);
}
bool regkey_access_check(struct registry_key_handle *key, uint32 requested,
uint32 *granted,
const struct security_token *token )
{
struct security_descriptor *sec_desc;
NTSTATUS status;
WERROR err;
/* root free-pass, like we have on all other pipes like samr, lsa, etc. */
if (geteuid() == sec_initial_uid()) {
*granted = REG_KEY_ALL;
return true;
}
/* use the default security check if the backend has not defined its
* own */
if (key->ops && key->ops->reg_access_check) {
return key->ops->reg_access_check(key->name, requested,
granted, token);
}
err = regkey_get_secdesc(talloc_tos(), key, &sec_desc);
if (!W_ERROR_IS_OK(err)) {
return false;
}
se_map_generic( &requested, ®_generic_map );
status =se_access_check(sec_desc, token, requested, granted);
TALLOC_FREE(sec_desc);
if (!NT_STATUS_IS_OK(status)) {
return false;
}
return NT_STATUS_IS_OK(status);
}
static WERROR reg_write_tree(REGF_FILE *regfile, const char *keypath,
REGF_NK_REC *parent)
{
REGF_NK_REC *key;
struct regval_ctr *values;
struct regsubkey_ctr *subkeys;
int i, num_subkeys;
char *key_tmp = NULL;
char *keyname, *parentpath;
char *subkeypath = NULL;
char *subkeyname;
struct registry_key_handle registry_key;
WERROR result = WERR_OK;
struct security_descriptor *sec_desc = NULL;
if (!regfile) {
return WERR_GENERAL_FAILURE;
}
if (!keypath) {
return WERR_OBJECT_PATH_INVALID;
}
/* split up the registry key path */
key_tmp = talloc_strdup(regfile->mem_ctx, keypath);
if (!key_tmp) {
return WERR_NOMEM;
}
if (!reg_split_key(key_tmp, &parentpath, &keyname)) {
return WERR_OBJECT_PATH_INVALID;
}
if (!keyname) {
keyname = parentpath;
}
/* we need a registry_key_handle object here to enumerate subkeys and values */
ZERO_STRUCT(registry_key);
registry_key.name = talloc_strdup(regfile->mem_ctx, keypath);
if (registry_key.name == NULL) {
return WERR_NOMEM;
}
registry_key.ops = reghook_cache_find(registry_key.name);
if (registry_key.ops == NULL) {
return WERR_BADFILE;
}
/* lookup the values and subkeys */
result = regsubkey_ctr_init(regfile->mem_ctx, &subkeys);
W_ERROR_NOT_OK_RETURN(result);
result = regval_ctr_init(subkeys, &values);
W_ERROR_NOT_OK_RETURN(result);
fetch_reg_keys(®istry_key, subkeys);
fetch_reg_values(®istry_key, values);
result = regkey_get_secdesc(regfile->mem_ctx, ®istry_key, &sec_desc);
if (!W_ERROR_IS_OK(result)) {
goto done;
}
/* write out this key */
key = regfio_write_key(regfile, keyname, values, subkeys, sec_desc,
parent);
if (key == NULL) {
result = WERR_CAN_NOT_COMPLETE;
goto done;
}
/* write each one of the subkeys out */
num_subkeys = regsubkey_ctr_numkeys(subkeys);
for (i=0; i<num_subkeys; i++) {
subkeyname = regsubkey_ctr_specific_key(subkeys, i);
subkeypath = talloc_asprintf(regfile->mem_ctx, "%s\\%s",
keypath, subkeyname);
if (subkeypath == NULL) {
result = WERR_NOMEM;
goto done;
}
result = reg_write_tree(regfile, subkeypath, key);
if (!W_ERROR_IS_OK(result))
goto done;
}
DEBUG(6, ("reg_write_tree: wrote key [%s]\n", keypath));
done:
TALLOC_FREE(subkeys);
TALLOC_FREE(registry_key.name);
return result;
}
