diff options
| author | Gerald Carter <jerry@samba.org> | 2005-06-17 01:57:18 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 10:57:19 -0500 |
| commit | 2f08a904eee772e7d99ae6e3e4c922f74732284f (patch) | |
| tree | 7d84272586f306cbd3ff017be886a2b7b88ce23a /source/rpc_server | |
| parent | f3319e224db8f79baa10413e0e2a96d2bc871f38 (diff) | |
| download | samba-2f08a904eee772e7d99ae6e3e4c922f74732284f.tar.gz samba-2f08a904eee772e7d99ae6e3e4c922f74732284f.tar.xz samba-2f08a904eee772e7d99ae6e3e4c922f74732284f.zip | |
r7664: add access check hooks to _reg_open_entry which are passed off
to the reg_XXX backend. If the backend does not define
a regkey_access_check() function, we default to using the
standard registry_access_check()
Diffstat (limited to 'source/rpc_server')
| -rw-r--r-- | source/rpc_server/srv_reg_nt.c | 35 |
1 files changed, 29 insertions, 6 deletions
diff --git a/source/rpc_server/srv_reg_nt.c b/source/rpc_server/srv_reg_nt.c index 2a80594128a..95af6c15c91 100644 --- a/source/rpc_server/srv_reg_nt.c +++ b/source/rpc_server/srv_reg_nt.c @@ -197,6 +197,10 @@ static WERROR open_registry_key(pipes_struct *p, POLICY_HND *hnd, REGISTRY_KEY * if ( !create_policy_hnd( p, hnd, free_regkey_info, regkey ) ) result = WERR_BADFILE; } + + /* save the access mask */ + + regkey->access_granted = access_granted; /* clean up */ @@ -402,9 +406,10 @@ WERROR _reg_open_hku(pipes_struct *p, REG_Q_OPEN_HIVE *q_u, REG_R_OPEN_HIVE *r_u WERROR _reg_open_entry(pipes_struct *p, REG_Q_OPEN_ENTRY *q_u, REG_R_OPEN_ENTRY *r_u) { - POLICY_HND pol; fstring name; REGISTRY_KEY *key = find_regkey_index_by_hnd(p, &q_u->pol); + REGISTRY_KEY *newkey; + uint32 access_granted; WERROR result; DEBUG(5,("reg_open_entry: Enter\n")); @@ -414,13 +419,31 @@ WERROR _reg_open_entry(pipes_struct *p, REG_Q_OPEN_ENTRY *q_u, REG_R_OPEN_ENTRY rpcstr_pull( name, q_u->name.string->buffer, sizeof(name), q_u->name.string->uni_str_len*2, 0 ); - result = open_registry_key( p, &pol, key, name, 0x0 ); - - init_reg_r_open_entry( r_u, &pol, result ); + /* check granted access first; what is the correct mask here? */ + + if ( !(key->access_granted & SEC_RIGHTS_ENUM_SUBKEYS) ) + return WERR_ACCESS_DENIED; + + /* open the key first to get the appropriate REGISTRY_HOOK + and then check the premissions */ + + if ( !W_ERROR_IS_OK(result = open_registry_key( p, &r_u->handle, key, name, 0 )) ) + return result; - DEBUG(5,("reg_open_entry: Exit\n")); + newkey = find_regkey_index_by_hnd(p, &r_u->handle); - return r_u->status; + /* finally allow the backend to check the access for the requested key */ + + if ( !regkey_access_check( newkey, q_u->access, &access_granted, p->pipe_user.nt_user_token ) ) { + close_registry_key( p, &r_u->handle ); + return WERR_ACCESS_DENIED; + } + + /* if successful, save the granted access mask */ + + newkey->access_granted = access_granted; + + return WERR_OK; } /******************************************************************* |