libcli/auth: let netlogon_creds_copy() make use of ndr_deepcopy_struct()
[samba4-gss.git] / source3 / registry / reg_dispatcher.c
blob097b6d4d30fc45c65769dd58f23bc9e0982a0685
1 /*
2 * Unix SMB/CIFS implementation.
3 * Virtual Windows Registry Layer
4 * Copyright (C) Gerald Carter 2002-2005
5 * Copyright (C) Michael Adam 2006-2008
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
22 * Implementation of registry frontend view functions.
23 * Functions moved from reg_frontend.c to minimize linker deps.
26 #include "includes.h"
27 #include "system/passwd.h" /* uid_wrapper */
28 #include "registry.h"
29 #include "reg_dispatcher.h"
30 #include "../libcli/security/security.h"
32 #undef DBGC_CLASS
33 #define DBGC_CLASS DBGC_REGISTRY
35 static const struct generic_mapping reg_generic_map =
36 { REG_KEY_READ, REG_KEY_WRITE, REG_KEY_EXECUTE, REG_KEY_ALL };
38 /********************************************************************
39 ********************************************************************/
41 static WERROR construct_registry_sd(TALLOC_CTX *ctx, struct security_descriptor **psd)
43 struct security_ace ace[3] = {};
44 size_t i = 0;
45 struct security_descriptor *sd;
46 struct security_acl *theacl;
47 size_t sd_size;
49 /* basic access for Everyone */
51 init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED,
52 REG_KEY_READ, 0);
54 /* Full Access 'BUILTIN\Administrators' */
56 init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators,
57 SEC_ACE_TYPE_ACCESS_ALLOWED, REG_KEY_ALL, 0);
59 /* Full Access 'NT Authority\System' */
61 init_sec_ace(&ace[i++], &global_sid_System, SEC_ACE_TYPE_ACCESS_ALLOWED,
62 REG_KEY_ALL, 0);
64 /* create the security descriptor */
66 theacl = make_sec_acl(ctx, NT4_ACL_REVISION, i, ace);
67 if (theacl == NULL) {
68 return WERR_NOT_ENOUGH_MEMORY;
71 sd = make_sec_desc(ctx, SD_REVISION, SEC_DESC_SELF_RELATIVE,
72 &global_sid_Builtin_Administrators,
73 &global_sid_System, NULL, theacl,
74 &sd_size);
75 if (sd == NULL) {
76 return WERR_NOT_ENOUGH_MEMORY;
79 *psd = sd;
80 return WERR_OK;
83 /***********************************************************************
84 High level wrapper function for storing registry subkeys
85 ***********************************************************************/
87 bool store_reg_keys(struct registry_key_handle *key,
88 struct regsubkey_ctr *subkeys)
90 if (key->ops && key->ops->store_subkeys)
91 return key->ops->store_subkeys(key->name, subkeys);
93 return false;
96 /***********************************************************************
97 High level wrapper function for storing registry values
98 ***********************************************************************/
100 bool store_reg_values(struct registry_key_handle *key, struct regval_ctr *val)
102 if (key->ops && key->ops->store_values)
103 return key->ops->store_values(key->name, val);
105 return false;
108 WERROR create_reg_subkey(struct registry_key_handle *key, const char *subkey)
110 if (key->ops && key->ops->create_subkey) {
111 return key->ops->create_subkey(key->name, subkey);
114 return WERR_NOT_SUPPORTED;
117 WERROR delete_reg_subkey(struct registry_key_handle *key, const char *subkey, bool lazy)
119 if (key->ops && key->ops->delete_subkey) {
120 return key->ops->delete_subkey(key->name, subkey, lazy);
123 return WERR_NOT_SUPPORTED;
126 /***********************************************************************
127 High level wrapper function for enumerating registry subkeys
128 Initialize the TALLOC_CTX if necessary
129 ***********************************************************************/
131 int fetch_reg_keys(struct registry_key_handle *key,
132 struct regsubkey_ctr *subkey_ctr)
134 int result = -1;
136 if (key->ops && key->ops->fetch_subkeys)
137 result = key->ops->fetch_subkeys(key->name, subkey_ctr);
139 return result;
142 /***********************************************************************
143 High level wrapper function for enumerating registry values
144 ***********************************************************************/
146 int fetch_reg_values(struct registry_key_handle *key, struct regval_ctr *val)
148 int result = -1;
150 DEBUG(10, ("fetch_reg_values called for key '%s' (ops %p)\n", key->name,
151 (key->ops) ? (void *)key->ops : NULL));
153 if (key->ops && key->ops->fetch_values)
154 result = key->ops->fetch_values(key->name, val);
156 return result;
159 /***********************************************************************
160 High level access check for passing the required access mask to the
161 underlying registry backend
162 ***********************************************************************/
164 bool regkey_access_check(struct registry_key_handle *key, uint32_t requested,
165 uint32_t *granted,
166 const struct security_token *token )
168 struct security_descriptor *sec_desc;
169 NTSTATUS status;
170 WERROR err;
172 /* root free-pass, like we have on all other pipes like samr, lsa, etc. */
173 if (root_mode()) {
174 *granted = REG_KEY_ALL;
175 return true;
178 /* use the default security check if the backend has not defined its
179 * own */
181 if (key->ops && key->ops->reg_access_check) {
182 return key->ops->reg_access_check(key->name, requested,
183 granted, token);
186 err = regkey_get_secdesc(talloc_tos(), key, &sec_desc);
188 if (!W_ERROR_IS_OK(err)) {
189 return false;
192 se_map_generic( &requested, &reg_generic_map );
194 status =se_access_check(sec_desc, token, requested, granted);
195 TALLOC_FREE(sec_desc);
196 if (!NT_STATUS_IS_OK(status)) {
197 return false;
200 return NT_STATUS_IS_OK(status);
203 WERROR regkey_get_secdesc(TALLOC_CTX *mem_ctx, struct registry_key_handle *key,
204 struct security_descriptor **psecdesc)
206 struct security_descriptor *secdesc;
207 WERROR werr;
209 if (key->ops && key->ops->get_secdesc) {
210 werr = key->ops->get_secdesc(mem_ctx, key->name, psecdesc);
211 if (W_ERROR_IS_OK(werr)) {
212 return WERR_OK;
216 werr = construct_registry_sd(mem_ctx, &secdesc);
217 if (!W_ERROR_IS_OK(werr)) {
218 return werr;
221 *psecdesc = secdesc;
222 return WERR_OK;
225 WERROR regkey_set_secdesc(struct registry_key_handle *key,
226 struct security_descriptor *psecdesc)
228 if (key->ops && key->ops->set_secdesc) {
229 return key->ops->set_secdesc(key->name, psecdesc);
232 return WERR_ACCESS_DENIED;
236 * Check whether the in-memory version of the subkyes of a
237 * registry key needs update from disk.
239 bool reg_subkeys_need_update(struct registry_key_handle *key,
240 struct regsubkey_ctr *subkeys)
242 if (key->ops && key->ops->subkeys_need_update)
244 return key->ops->subkeys_need_update(subkeys);
247 return true;
251 * Check whether the in-memory version of the values of a
252 * registry key needs update from disk.
254 bool reg_values_need_update(struct registry_key_handle *key,
255 struct regval_ctr *values)
257 if (key->ops && key->ops->values_need_update)
259 return key->ops->values_need_update(values);
262 return true;