diff options
Diffstat (limited to 'source/rpc_server/srv_reg_nt.c')
-rw-r--r-- | source/rpc_server/srv_reg_nt.c | 205 |
1 files changed, 63 insertions, 142 deletions
diff --git a/source/rpc_server/srv_reg_nt.c b/source/rpc_server/srv_reg_nt.c index f031a3213f2..c11e0d59a05 100644 --- a/source/rpc_server/srv_reg_nt.c +++ b/source/rpc_server/srv_reg_nt.c @@ -5,7 +5,7 @@ * Copyright (C) Luke Kenneth Casson Leighton 1996-1997. * Copyright (C) Paul Ashton 1997. * Copyright (C) Jeremy Allison 2001. - * Copyright (C) Gerald Carter 2002-2005. + * Copyright (C) Gerald Carter 2002. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -291,7 +291,7 @@ WERROR _reg_close(pipes_struct *p, REG_Q_CLOSE *q_u, REG_R_CLOSE *r_u) /******************************************************************* ********************************************************************/ -WERROR _reg_open_hklm(pipes_struct *p, REG_Q_OPEN_HIVE *q_u, REG_R_OPEN_HIVE *r_u) +WERROR _reg_open_hklm(pipes_struct *p, REG_Q_OPEN_HKLM *q_u, REG_R_OPEN_HKLM *r_u) { return open_registry_key( p, &r_u->pol, NULL, KEY_HKLM, 0x0 ); } @@ -299,7 +299,7 @@ WERROR _reg_open_hklm(pipes_struct *p, REG_Q_OPEN_HIVE *q_u, REG_R_OPEN_HIVE *r_ /******************************************************************* ********************************************************************/ -WERROR _reg_open_hkcr(pipes_struct *p, REG_Q_OPEN_HIVE *q_u, REG_R_OPEN_HIVE *r_u) +WERROR _reg_open_hkcr(pipes_struct *p, REG_Q_OPEN_HKCR *q_u, REG_R_OPEN_HKCR *r_u) { return open_registry_key( p, &r_u->pol, NULL, KEY_HKCR, 0x0 ); } @@ -307,7 +307,7 @@ WERROR _reg_open_hkcr(pipes_struct *p, REG_Q_OPEN_HIVE *q_u, REG_R_OPEN_HIVE *r_ /******************************************************************* ********************************************************************/ -WERROR _reg_open_hku(pipes_struct *p, REG_Q_OPEN_HIVE *q_u, REG_R_OPEN_HIVE *r_u) +WERROR _reg_open_hku(pipes_struct *p, REG_Q_OPEN_HKU *q_u, REG_R_OPEN_HKU *r_u) { return open_registry_key( p, &r_u->pol, NULL, KEY_HKU, 0x0 ); } @@ -328,7 +328,7 @@ WERROR _reg_open_entry(pipes_struct *p, REG_Q_OPEN_ENTRY *q_u, REG_R_OPEN_ENTRY if ( !key ) return WERR_BADFID; /* This will be reported as an RPC fault anyway. */ - rpcstr_pull( name, q_u->name.string->buffer, sizeof(name), q_u->name.string->uni_str_len*2, 0 ); + rpcstr_pull(name,q_u->uni_name.buffer,sizeof(name),q_u->uni_name.uni_str_len*2,0); result = open_registry_key( p, &pol, key, name, 0x0 ); @@ -362,7 +362,7 @@ WERROR _reg_info(pipes_struct *p, REG_Q_INFO *q_u, REG_R_INFO *r_u) DEBUG(7,("_reg_info: policy key name = [%s]\n", regkey->name)); - rpcstr_pull(name, q_u->name.string->buffer, sizeof(name), q_u->name.string->uni_str_len*2, 0); + rpcstr_pull(name, q_u->uni_type.buffer, sizeof(name), q_u->uni_type.uni_str_len*2, 0); DEBUG(5,("reg_info: looking up value: [%s]\n", name)); @@ -439,7 +439,7 @@ WERROR _reg_info(pipes_struct *p, REG_Q_INFO *q_u, REG_R_INFO *r_u) out: - init_reg_r_info(q_u->ptr_buf, r_u, val, status); + new_init_reg_r_info(q_u->ptr_buf, r_u, val, status); regval_ctr_destroy( ®vals ); free_registry_value( val ); @@ -485,22 +485,22 @@ WERROR _reg_query_key(pipes_struct *p, REG_Q_QUERY_KEY *q_u, REG_R_QUERY_KEY *r_ /***************************************************************************** - Implementation of REG_GETVERSION + Implementation of REG_UNKNOWN_1A ****************************************************************************/ -WERROR _reg_getversion(pipes_struct *p, REG_Q_GETVERSION *q_u, REG_R_GETVERSION *r_u) +WERROR _reg_unknown_1a(pipes_struct *p, REG_Q_UNKNOWN_1A *q_u, REG_R_UNKNOWN_1A *r_u) { WERROR status = WERR_OK; REGISTRY_KEY *regkey = find_regkey_index_by_hnd( p, &q_u->pol ); - DEBUG(5,("_reg_getversion: Enter\n")); + DEBUG(5,("_reg_unknown_1a: Enter\n")); if ( !regkey ) return WERR_BADFID; /* This will be reported as an RPC fault anyway. */ r_u->unknown = 0x00000005; /* seems to be consistent...no idea what it means */ - DEBUG(5,("_reg_getversion: Exit\n")); + DEBUG(5,("_reg_unknown_1a: Exit\n")); return status; } @@ -561,7 +561,8 @@ WERROR _reg_enum_value(pipes_struct *p, REG_Q_ENUM_VALUE *q_u, REG_R_ENUM_VALUE DEBUG(8,("_reg_enum_key: enumerating values for key [%s]\n", regkey->name)); - if ( !fetch_reg_values_specific( regkey, &val, q_u->val_index ) ) { + if ( !fetch_reg_values_specific( regkey, &val, q_u->val_index ) ) + { status = WERR_NO_MORE_ITEMS; goto done; } @@ -586,190 +587,110 @@ done: reg_shutdwon ********************************************************************/ -WERROR _reg_shutdown(pipes_struct *p, REG_Q_SHUTDOWN *q_u, REG_R_SHUTDOWN *r_u) -{ - REG_Q_SHUTDOWN_EX q_u_ex; - REG_R_SHUTDOWN_EX r_u_ex; - - /* copy fields (including stealing memory) */ - - q_u_ex.server = q_u->server; - q_u_ex.message = q_u->message; - q_u_ex.timeout = q_u->timeout; - q_u_ex.force = q_u->force; - q_u_ex.reboot = q_u->reboot; - q_u_ex.reason = 0x0; /* don't care for now */ - - /* thunk down to _reg_shutdown_ex() (just returns a status) */ - - return _reg_shutdown_ex( p, &q_u_ex, &r_u_ex ); -} - -/******************************************************************* - reg_shutdown_ex - ********************************************************************/ - #define SHUTDOWN_R_STRING "-r" #define SHUTDOWN_F_STRING "-f" -WERROR _reg_shutdown_ex(pipes_struct *p, REG_Q_SHUTDOWN_EX *q_u, REG_R_SHUTDOWN_EX *r_u) +WERROR _reg_shutdown(pipes_struct *p, REG_Q_SHUTDOWN *q_u, REG_R_SHUTDOWN *r_u) { + WERROR status = WERR_OK; pstring shutdown_script; + UNISTR2 unimsg = q_u->uni_msg; pstring message; pstring chkmsg; fstring timeout; - fstring reason; fstring r; fstring f; - int ret; - BOOL can_shutdown; - - pstrcpy(shutdown_script, lp_shutdown_script()); - if ( !*shutdown_script ) - return WERR_ACCESS_DENIED; - - /* pull the message string and perform necessary sanity checks on it */ - - pstrcpy( message, "" ); - if ( q_u->message ) { - UNISTR2 *msg_string = q_u->message->string; - - rpcstr_pull( message, msg_string->buffer, sizeof(message), msg_string->uni_str_len*2, 0 ); - } + /* message */ + rpcstr_pull (message, unimsg.buffer, sizeof(message), unimsg.uni_str_len*2,0); + /* security check */ alpha_strcpy (chkmsg, message, NULL, sizeof(message)); - + /* timeout */ fstr_sprintf(timeout, "%d", q_u->timeout); + /* reboot */ fstr_sprintf(r, (q_u->reboot) ? SHUTDOWN_R_STRING : ""); + /* force */ fstr_sprintf(f, (q_u->force) ? SHUTDOWN_F_STRING : ""); - fstr_sprintf( reason, "%d", q_u->reason ); - all_string_sub( shutdown_script, "%z", chkmsg, sizeof(shutdown_script) ); - all_string_sub( shutdown_script, "%t", timeout, sizeof(shutdown_script) ); - all_string_sub( shutdown_script, "%r", r, sizeof(shutdown_script) ); - all_string_sub( shutdown_script, "%f", f, sizeof(shutdown_script) ); - all_string_sub( shutdown_script, "%x", reason, sizeof(shutdown_script) ); - - can_shutdown = user_has_privileges( p->pipe_user.nt_user_token, &se_remote_shutdown ); - - /* IF someone has privs, run the shutdown script as root. OTHERWISE run it as not root - Take the error return from the script and provide it as the Windows return code. */ - - /********** BEGIN SeRemoteShutdownPrivilege BLOCK **********/ - - if ( can_shutdown ) - become_root(); + pstrcpy(shutdown_script, lp_shutdown_script()); - ret = smbrun( shutdown_script, NULL ); + if(*shutdown_script) { + int shutdown_ret; + SE_PRIV se_shutdown = SE_REMOTE_SHUTDOWN; + BOOL can_shutdown; - if ( can_shutdown ) - unbecome_root(); - - /********** END SeRemoteShutdownPrivilege BLOCK **********/ - - DEBUG(3,("_reg_shutdown_ex: Running the command `%s' gave %d\n", - shutdown_script, ret)); + can_shutdown = user_has_privileges( p->pipe_user.nt_user_token, &se_shutdown ); + /********** BEGIN SeRemoteShutdownPrivilege BLOCK **********/ + if ( can_shutdown ) + become_root(); + all_string_sub(shutdown_script, "%m", chkmsg, sizeof(shutdown_script)); + all_string_sub(shutdown_script, "%t", timeout, sizeof(shutdown_script)); + all_string_sub(shutdown_script, "%r", r, sizeof(shutdown_script)); + all_string_sub(shutdown_script, "%f", f, sizeof(shutdown_script)); + shutdown_ret = smbrun(shutdown_script,NULL); + DEBUG(3,("_reg_shutdown: Running the command `%s' gave %d\n",shutdown_script,shutdown_ret)); + if ( can_shutdown ) + unbecome_root(); + /********** END SeRemoteShutdownPrivilege BLOCK **********/ + } - return (ret == 0) ? WERR_OK : WERR_ACCESS_DENIED; + return status; } - - - /******************************************************************* reg_abort_shutdwon ********************************************************************/ WERROR _reg_abort_shutdown(pipes_struct *p, REG_Q_ABORT_SHUTDOWN *q_u, REG_R_ABORT_SHUTDOWN *r_u) { + WERROR status = WERR_OK; pstring abort_shutdown_script; - int ret; - BOOL can_shutdown; pstrcpy(abort_shutdown_script, lp_abort_shutdown_script()); - if ( !*abort_shutdown_script ) - return WERR_ACCESS_DENIED; - - can_shutdown = user_has_privileges( p->pipe_user.nt_user_token, &se_remote_shutdown ); - - /********** BEGIN SeRemoteShutdownPrivilege BLOCK **********/ - - if ( can_shutdown ) - become_root(); + if(*abort_shutdown_script) { + int abort_shutdown_ret; + SE_PRIV se_shutdown = SE_REMOTE_SHUTDOWN; + BOOL can_shutdown; - ret = smbrun( abort_shutdown_script, NULL ); - - if ( can_shutdown ) - unbecome_root(); + can_shutdown = user_has_privileges( p->pipe_user.nt_user_token, &se_shutdown ); - /********** END SeRemoteShutdownPrivilege BLOCK **********/ - - DEBUG(3,("_reg_abort_shutdown: Running the command `%s' gave %d\n", - abort_shutdown_script, ret)); + /********** BEGIN SeRemoteShutdownPrivilege BLOCK **********/ + if ( can_shutdown ) + become_root(); + abort_shutdown_ret = smbrun(abort_shutdown_script,NULL); + DEBUG(3,("_reg_abort_shutdown: Running the command `%s' gave %d\n",abort_shutdown_script,abort_shutdown_ret)); + if ( can_shutdown ) + unbecome_root(); + /********** END SeRemoteShutdownPrivilege BLOCK **********/ + } - return (ret == 0) ? WERR_OK : WERR_ACCESS_DENIED; -} - -/******************************************************************* - ********************************************************************/ - -WERROR _reg_restore_key(pipes_struct *p, REG_Q_RESTORE_KEY *q_u, REG_R_RESTORE_KEY *r_u) -{ - REGISTRY_KEY *regkey = find_regkey_index_by_hnd( p, &q_u->pol ); - pstring filename; - - DEBUG(5,("_reg_restore_key: Enter\n")); - - /* - * basically this is a no op function which just verifies - * that the client gave us a valid registry key handle - */ - - if ( !regkey ) - return WERR_BADFID; - - rpcstr_pull(filename, q_u->filename.string->buffer, sizeof(filename), q_u->filename.string->uni_str_len*2, STR_TERMINATE); - - DEBUG(8,("_reg_restore_key: verifying restore of key [%s] from \"%s\"\n", regkey->name, filename)); - -#if 0 - validate_reg_filemame( filename ); - return restore_registry_key( regkey, filename ); -#endif - - return WERR_OK; + return status; } /******************************************************************* + REG_SAVE_KEY (0x14) ********************************************************************/ WERROR _reg_save_key(pipes_struct *p, REG_Q_SAVE_KEY *q_u, REG_R_SAVE_KEY *r_u) { REGISTRY_KEY *regkey = find_regkey_index_by_hnd( p, &q_u->pol ); - pstring filename; DEBUG(5,("_reg_save_key: Enter\n")); /* - * basically this is a no op function which just verifies + * basically this is a no op function which just gverifies * that the client gave us a valid registry key handle */ if ( !regkey ) - return WERR_BADFID; - - rpcstr_pull(filename, q_u->filename.string->buffer, sizeof(filename), q_u->filename.string->uni_str_len*2, STR_TERMINATE); - - DEBUG(8,("_reg_save_key: verifying backup of key [%s] to \"%s\"\n", regkey->name, filename)); + return WERR_BADFID; /* This will be reported as an RPC fault anyway. */ -#if 0 - validate_reg_filemame( filename ); - return backup_registry_key( regkey, filename ); -#endif + DEBUG(8,("_reg_save_key: berifying backup of key [%s]\n", regkey->name)); + return WERR_OK; } |