bool regkey_access_check( REGISTRY_KEY *key, uint32 requested, uint32 *granted, const struct nt_user_token *token ) { SEC_DESC *sec_desc; NTSTATUS status; WERROR err; /* use the default security check if the backend has not defined its * own */ if (key->ops && key->ops->reg_access_check) { return key->ops->reg_access_check(key->name, requested, granted, token); } err = regkey_get_secdesc(talloc_tos(), key, &sec_desc); if (!W_ERROR_IS_OK(err)) { return false; } se_map_generic( &requested, ®_generic_map ); status =se_access_check(sec_desc, token, requested, granted); TALLOC_FREE(sec_desc); if (!NT_STATUS_IS_OK(status)) { return false; } return NT_STATUS_IS_OK(status); }
bool regkey_access_check( REGISTRY_KEY *key, uint32 requested, uint32 *granted, const struct nt_user_token *token ) { SEC_DESC *sec_desc; NTSTATUS status; WERROR err; TALLOC_CTX *mem_ctx; /* use the default security check if the backend has not defined its * own */ if (key->ops && key->ops->reg_access_check) { return key->ops->reg_access_check(key->name, requested, granted, token); } /* * The secdesc routines can't yet cope with a NULL talloc ctx sanely. */ if (!(mem_ctx = talloc_init("regkey_access_check"))) { return false; } err = regkey_get_secdesc(mem_ctx, key, &sec_desc); if (!W_ERROR_IS_OK(err)) { TALLOC_FREE(mem_ctx); return false; } se_map_generic( &requested, ®_generic_map ); status =se_access_check(sec_desc, token, requested, granted); if (!NT_STATUS_IS_OK(status)) { TALLOC_FREE(mem_ctx); return false; } TALLOC_FREE(mem_ctx); return NT_STATUS_IS_OK(status); }
bool regkey_access_check(struct registry_key_handle *key, uint32 requested, uint32 *granted, const struct security_token *token ) { struct security_descriptor *sec_desc; NTSTATUS status; WERROR err; /* root free-pass, like we have on all other pipes like samr, lsa, etc. */ if (geteuid() == sec_initial_uid()) { *granted = REG_KEY_ALL; return true; } /* use the default security check if the backend has not defined its * own */ if (key->ops && key->ops->reg_access_check) { return key->ops->reg_access_check(key->name, requested, granted, token); } err = regkey_get_secdesc(talloc_tos(), key, &sec_desc); if (!W_ERROR_IS_OK(err)) { return false; } se_map_generic( &requested, ®_generic_map ); status =se_access_check(sec_desc, token, requested, granted); TALLOC_FREE(sec_desc); if (!NT_STATUS_IS_OK(status)) { return false; } return NT_STATUS_IS_OK(status); }
static WERROR reg_write_tree(REGF_FILE *regfile, const char *keypath, REGF_NK_REC *parent) { REGF_NK_REC *key; struct regval_ctr *values; struct regsubkey_ctr *subkeys; int i, num_subkeys; char *key_tmp = NULL; char *keyname, *parentpath; char *subkeypath = NULL; char *subkeyname; struct registry_key_handle registry_key; WERROR result = WERR_OK; struct security_descriptor *sec_desc = NULL; if (!regfile) { return WERR_GENERAL_FAILURE; } if (!keypath) { return WERR_OBJECT_PATH_INVALID; } /* split up the registry key path */ key_tmp = talloc_strdup(regfile->mem_ctx, keypath); if (!key_tmp) { return WERR_NOMEM; } if (!reg_split_key(key_tmp, &parentpath, &keyname)) { return WERR_OBJECT_PATH_INVALID; } if (!keyname) { keyname = parentpath; } /* we need a registry_key_handle object here to enumerate subkeys and values */ ZERO_STRUCT(registry_key); registry_key.name = talloc_strdup(regfile->mem_ctx, keypath); if (registry_key.name == NULL) { return WERR_NOMEM; } registry_key.ops = reghook_cache_find(registry_key.name); if (registry_key.ops == NULL) { return WERR_BADFILE; } /* lookup the values and subkeys */ result = regsubkey_ctr_init(regfile->mem_ctx, &subkeys); W_ERROR_NOT_OK_RETURN(result); result = regval_ctr_init(subkeys, &values); W_ERROR_NOT_OK_RETURN(result); fetch_reg_keys(®istry_key, subkeys); fetch_reg_values(®istry_key, values); result = regkey_get_secdesc(regfile->mem_ctx, ®istry_key, &sec_desc); if (!W_ERROR_IS_OK(result)) { goto done; } /* write out this key */ key = regfio_write_key(regfile, keyname, values, subkeys, sec_desc, parent); if (key == NULL) { result = WERR_CAN_NOT_COMPLETE; goto done; } /* write each one of the subkeys out */ num_subkeys = regsubkey_ctr_numkeys(subkeys); for (i=0; i<num_subkeys; i++) { subkeyname = regsubkey_ctr_specific_key(subkeys, i); subkeypath = talloc_asprintf(regfile->mem_ctx, "%s\\%s", keypath, subkeyname); if (subkeypath == NULL) { result = WERR_NOMEM; goto done; } result = reg_write_tree(regfile, subkeypath, key); if (!W_ERROR_IS_OK(result)) goto done; } DEBUG(6, ("reg_write_tree: wrote key [%s]\n", keypath)); done: TALLOC_FREE(subkeys); TALLOC_FREE(registry_key.name); return result; }