/** * Utility function to open a complete registry path including the hive prefix. */ WERROR reg_open_path(TALLOC_CTX *mem_ctx, const char *orig_path, uint32 desired_access, const struct security_token *token, struct registry_key **pkey) { struct registry_key *hive, *key; char *path, *p; WERROR err; if (!(path = SMB_STRDUP(orig_path))) { return WERR_NOMEM; } p = strchr(path, '\\'); if ((p == NULL) || (p[1] == '\0')) { /* * No key behind the hive, just return the hive */ err = reg_openhive(mem_ctx, path, desired_access, token, &hive); if (!W_ERROR_IS_OK(err)) { SAFE_FREE(path); return err; } SAFE_FREE(path); *pkey = hive; return WERR_OK; } *p = '\0'; err = reg_openhive(mem_ctx, path, KEY_ENUMERATE_SUB_KEYS, token, &hive); if (!W_ERROR_IS_OK(err)) { SAFE_FREE(path); return err; } err = reg_openkey(mem_ctx, hive, p+1, desired_access, &key); TALLOC_FREE(hive); SAFE_FREE(path); if (!W_ERROR_IS_OK(err)) { return err; } *pkey = key; return WERR_OK; }
WERROR reg_create_path(TALLOC_CTX *mem_ctx, const char *orig_path, uint32 desired_access, const struct security_token *token, enum winreg_CreateAction *paction, struct registry_key **pkey) { struct registry_key *hive; char *path, *p; WERROR err; if (!(path = SMB_STRDUP(orig_path))) { return WERR_NOMEM; } p = strchr(path, '\\'); if ((p == NULL) || (p[1] == '\0')) { /* * No key behind the hive, just return the hive */ err = reg_openhive(mem_ctx, path, desired_access, token, &hive); if (!W_ERROR_IS_OK(err)) { SAFE_FREE(path); return err; } SAFE_FREE(path); *pkey = hive; *paction = REG_OPENED_EXISTING_KEY; return WERR_OK; } *p = '\0'; err = reg_openhive(mem_ctx, path, (strchr(p+1, '\\') != NULL) ? KEY_ENUMERATE_SUB_KEYS : KEY_CREATE_SUB_KEY, token, &hive); if (!W_ERROR_IS_OK(err)) { SAFE_FREE(path); return err; } err = reg_createkey(mem_ctx, hive, p+1, desired_access, pkey, paction); SAFE_FREE(path); TALLOC_FREE(hive); return err; }
WERROR reg_delete_path(const struct security_token *token, const char *orig_path) { struct registry_key *hive; char *path, *p; WERROR err; if (!(path = SMB_STRDUP(orig_path))) { return WERR_NOMEM; } p = strchr(path, '\\'); if ((p == NULL) || (p[1] == '\0')) { SAFE_FREE(path); return WERR_INVALID_PARAM; } *p = '\0'; err = reg_openhive(NULL, path, (strchr(p+1, '\\') != NULL) ? KEY_ENUMERATE_SUB_KEYS : KEY_CREATE_SUB_KEY, token, &hive); if (!W_ERROR_IS_OK(err)) { SAFE_FREE(path); return err; } err = reg_deletekey_recursive(hive, p+1); SAFE_FREE(path); TALLOC_FREE(hive); return err; }
/** * split given path into hive and remaining path and open the hive key */ static WERROR open_hive(TALLOC_CTX *ctx, const char *path, uint32 desired_access, struct registry_key **hive, char **subkeyname) { WERROR werr; struct security_token *token = NULL; char *hivename = NULL; char *tmp_subkeyname = NULL; TALLOC_CTX *tmp_ctx = talloc_stackframe(); if ((hive == NULL) || (subkeyname == NULL)) { werr = WERR_INVALID_PARAM; goto done; } werr = split_hive_key(tmp_ctx, path, &hivename, &tmp_subkeyname); if (!W_ERROR_IS_OK(werr)) { goto done; } *subkeyname = talloc_strdup(ctx, tmp_subkeyname); if (*subkeyname == NULL) { werr = WERR_NOMEM; goto done; } werr = ntstatus_to_werror(registry_create_admin_token(tmp_ctx, &token)); if (!W_ERROR_IS_OK(werr)) { goto done; } werr = reg_openhive(ctx, hivename, desired_access, token, hive); if (!W_ERROR_IS_OK(werr)) { goto done; } werr = WERR_OK; done: TALLOC_FREE(tmp_ctx); return werr; }
/********************************************************************* for an eventlog, add in a source name. If the eventlog doesn't exist (not in the list) do nothing. If a source for the log already exists, change the information (remove, replace) *********************************************************************/ static bool eventlog_add_source( const char *eventlog, const char *sourcename, const char *messagefile ) { /* Find all of the eventlogs, add keys for each of them */ /* need to add to the value KEY_EVENTLOG/<eventlog>/Sources string (Creating if necessary) need to add KEY of source to KEY_EVENTLOG/<eventlog>/<source> */ const char **elogs = lp_eventlog_list( ); const char **wrklist, **wp; char *evtlogpath = NULL; int ii = 0; bool already_in; int i; int numsources = 0; TALLOC_CTX *ctx = talloc_stackframe(); WERROR werr; struct registry_key *key_hive, *key_eventlog, *key_source; struct security_token *token = NULL; const char *hive_name, *relpath; enum winreg_CreateAction action; struct registry_value *value; static const uint32_t ACCESS = REG_KEY_READ | REG_KEY_WRITE; bool ret = false; if (!elogs) { d_printf("No Eventlogs configured\n"); goto done; } for ( i = 0; elogs[i]; i++ ) { if ( strequal( elogs[i], eventlog ) ) break; } if ( !elogs[i] ) { d_printf("Eventlog [%s] not found in list of valid event logs\n", eventlog); goto done; } /* have to assume that the evenlog key itself exists at this point */ /* add in a key of [sourcename] under the eventlog key */ /* todo add to Sources */ evtlogpath = talloc_asprintf(ctx, "%s\\%s", KEY_EVENTLOG, eventlog); if (!evtlogpath) { d_printf("Out of memory\n"); goto done; } relpath = evtlogpath + sizeof(KEY_EVENTLOG); hive_name = talloc_strndup(ctx, evtlogpath, relpath - evtlogpath); if (!hive_name) { d_printf("Out of memory\n"); goto done; } relpath++; werr = ntstatus_to_werror(registry_create_admin_token(ctx, &token)); if (!W_ERROR_IS_OK(werr)) { d_printf("Failed to create admin token: %s\n", win_errstr(werr)); goto done; } werr = reg_openhive(ctx, hive_name, ACCESS, token, &key_hive); if (!W_ERROR_IS_OK(werr)) { d_printf("Failed to open hive [%s]: %s\n", hive_name, win_errstr(werr)); goto done; } werr = reg_openkey(ctx, key_hive, relpath, ACCESS, &key_eventlog); if (!W_ERROR_IS_OK(werr)) { d_printf("Failed to open key [%s]: %s\n", evtlogpath, win_errstr(werr)); goto done; } werr = reg_queryvalue(ctx, key_eventlog, "Sources", &value); if (!W_ERROR_IS_OK(werr)) { d_printf("Failed to get value \"Sources\" for [%s]: %s\n", evtlogpath, win_errstr(werr)); goto done; } /* perhaps this adding a new string to a multi_sz should be a fn? */ /* check to see if it's there already */ if ( value->type != REG_MULTI_SZ ) { d_printf("Wrong type for \"Sources\", should be REG_MULTI_SZ\n"); goto done; } /* convert to a 'regulah' chars to do some comparisons */ already_in = false; wrklist = NULL; dump_data(1, value->data.data, value->data.length); if (!pull_reg_multi_sz(ctx, &value->data, &wrklist)) { d_printf("Failed to pull REG_MULTI_SZ from \"Sources\"\n"); goto done; } for (ii=0; wrklist[ii]; ii++) { numsources++; } if (numsources > 0) { /* see if it's in there already */ wp = wrklist; while (wp && *wp ) { if ( strequal( *wp, sourcename ) ) { d_printf("Source name [%s] already in list for [%s] \n", sourcename, eventlog); already_in = true; break; } wp++; } } else { d_printf("Nothing in the sources list, this might be a problem\n"); } if ( !already_in ) { /* make a new list with an additional entry; copy values, add another */ wp = talloc_realloc(ctx, wrklist, const char *, numsources + 2 ); if ( !wp ) { d_printf("Out of memory\n"); goto done; } wp[numsources] = sourcename; wp[numsources+1] = NULL; if (!push_reg_multi_sz(ctx, &value->data, wp)) { d_printf("Failed to push Sources\n"); goto done; } dump_data( 1, value->data.data, value->data.length); werr = reg_setvalue(key_eventlog, "Sources", value); if (!W_ERROR_IS_OK(werr)) { d_printf("Failed to set value Sources: %s\n", win_errstr(werr)); goto done; } } else {