diff options
Diffstat (limited to 'source/rpc_server/srv_reg_nt.c')
-rw-r--r-- | source/rpc_server/srv_reg_nt.c | 205 |
1 files changed, 142 insertions, 63 deletions
diff --git a/source/rpc_server/srv_reg_nt.c b/source/rpc_server/srv_reg_nt.c index c11e0d59a05..f031a3213f2 100644 --- a/source/rpc_server/srv_reg_nt.c +++ b/source/rpc_server/srv_reg_nt.c @@ -5,7 +5,7 @@ * Copyright (C) Luke Kenneth Casson Leighton 1996-1997. * Copyright (C) Paul Ashton 1997. * Copyright (C) Jeremy Allison 2001. - * Copyright (C) Gerald Carter 2002. + * Copyright (C) Gerald Carter 2002-2005. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -291,7 +291,7 @@ WERROR _reg_close(pipes_struct *p, REG_Q_CLOSE *q_u, REG_R_CLOSE *r_u) /******************************************************************* ********************************************************************/ -WERROR _reg_open_hklm(pipes_struct *p, REG_Q_OPEN_HKLM *q_u, REG_R_OPEN_HKLM *r_u) +WERROR _reg_open_hklm(pipes_struct *p, REG_Q_OPEN_HIVE *q_u, REG_R_OPEN_HIVE *r_u) { return open_registry_key( p, &r_u->pol, NULL, KEY_HKLM, 0x0 ); } @@ -299,7 +299,7 @@ WERROR _reg_open_hklm(pipes_struct *p, REG_Q_OPEN_HKLM *q_u, REG_R_OPEN_HKLM *r_ /******************************************************************* ********************************************************************/ -WERROR _reg_open_hkcr(pipes_struct *p, REG_Q_OPEN_HKCR *q_u, REG_R_OPEN_HKCR *r_u) +WERROR _reg_open_hkcr(pipes_struct *p, REG_Q_OPEN_HIVE *q_u, REG_R_OPEN_HIVE *r_u) { return open_registry_key( p, &r_u->pol, NULL, KEY_HKCR, 0x0 ); } @@ -307,7 +307,7 @@ WERROR _reg_open_hkcr(pipes_struct *p, REG_Q_OPEN_HKCR *q_u, REG_R_OPEN_HKCR *r_ /******************************************************************* ********************************************************************/ -WERROR _reg_open_hku(pipes_struct *p, REG_Q_OPEN_HKU *q_u, REG_R_OPEN_HKU *r_u) +WERROR _reg_open_hku(pipes_struct *p, REG_Q_OPEN_HIVE *q_u, REG_R_OPEN_HIVE *r_u) { return open_registry_key( p, &r_u->pol, NULL, KEY_HKU, 0x0 ); } @@ -328,7 +328,7 @@ WERROR _reg_open_entry(pipes_struct *p, REG_Q_OPEN_ENTRY *q_u, REG_R_OPEN_ENTRY if ( !key ) return WERR_BADFID; /* This will be reported as an RPC fault anyway. */ - rpcstr_pull(name,q_u->uni_name.buffer,sizeof(name),q_u->uni_name.uni_str_len*2,0); + rpcstr_pull( name, q_u->name.string->buffer, sizeof(name), q_u->name.string->uni_str_len*2, 0 ); result = open_registry_key( p, &pol, key, name, 0x0 ); @@ -362,7 +362,7 @@ WERROR _reg_info(pipes_struct *p, REG_Q_INFO *q_u, REG_R_INFO *r_u) DEBUG(7,("_reg_info: policy key name = [%s]\n", regkey->name)); - rpcstr_pull(name, q_u->uni_type.buffer, sizeof(name), q_u->uni_type.uni_str_len*2, 0); + rpcstr_pull(name, q_u->name.string->buffer, sizeof(name), q_u->name.string->uni_str_len*2, 0); DEBUG(5,("reg_info: looking up value: [%s]\n", name)); @@ -439,7 +439,7 @@ WERROR _reg_info(pipes_struct *p, REG_Q_INFO *q_u, REG_R_INFO *r_u) out: - new_init_reg_r_info(q_u->ptr_buf, r_u, val, status); + init_reg_r_info(q_u->ptr_buf, r_u, val, status); regval_ctr_destroy( ®vals ); free_registry_value( val ); @@ -485,22 +485,22 @@ WERROR _reg_query_key(pipes_struct *p, REG_Q_QUERY_KEY *q_u, REG_R_QUERY_KEY *r_ /***************************************************************************** - Implementation of REG_UNKNOWN_1A + Implementation of REG_GETVERSION ****************************************************************************/ -WERROR _reg_unknown_1a(pipes_struct *p, REG_Q_UNKNOWN_1A *q_u, REG_R_UNKNOWN_1A *r_u) +WERROR _reg_getversion(pipes_struct *p, REG_Q_GETVERSION *q_u, REG_R_GETVERSION *r_u) { WERROR status = WERR_OK; REGISTRY_KEY *regkey = find_regkey_index_by_hnd( p, &q_u->pol ); - DEBUG(5,("_reg_unknown_1a: Enter\n")); + DEBUG(5,("_reg_getversion: Enter\n")); if ( !regkey ) return WERR_BADFID; /* This will be reported as an RPC fault anyway. */ r_u->unknown = 0x00000005; /* seems to be consistent...no idea what it means */ - DEBUG(5,("_reg_unknown_1a: Exit\n")); + DEBUG(5,("_reg_getversion: Exit\n")); return status; } @@ -561,8 +561,7 @@ WERROR _reg_enum_value(pipes_struct *p, REG_Q_ENUM_VALUE *q_u, REG_R_ENUM_VALUE DEBUG(8,("_reg_enum_key: enumerating values for key [%s]\n", regkey->name)); - if ( !fetch_reg_values_specific( regkey, &val, q_u->val_index ) ) - { + if ( !fetch_reg_values_specific( regkey, &val, q_u->val_index ) ) { status = WERR_NO_MORE_ITEMS; goto done; } @@ -587,110 +586,190 @@ done: reg_shutdwon ********************************************************************/ +WERROR _reg_shutdown(pipes_struct *p, REG_Q_SHUTDOWN *q_u, REG_R_SHUTDOWN *r_u) +{ + REG_Q_SHUTDOWN_EX q_u_ex; + REG_R_SHUTDOWN_EX r_u_ex; + + /* copy fields (including stealing memory) */ + + q_u_ex.server = q_u->server; + q_u_ex.message = q_u->message; + q_u_ex.timeout = q_u->timeout; + q_u_ex.force = q_u->force; + q_u_ex.reboot = q_u->reboot; + q_u_ex.reason = 0x0; /* don't care for now */ + + /* thunk down to _reg_shutdown_ex() (just returns a status) */ + + return _reg_shutdown_ex( p, &q_u_ex, &r_u_ex ); +} + +/******************************************************************* + reg_shutdown_ex + ********************************************************************/ + #define SHUTDOWN_R_STRING "-r" #define SHUTDOWN_F_STRING "-f" -WERROR _reg_shutdown(pipes_struct *p, REG_Q_SHUTDOWN *q_u, REG_R_SHUTDOWN *r_u) +WERROR _reg_shutdown_ex(pipes_struct *p, REG_Q_SHUTDOWN_EX *q_u, REG_R_SHUTDOWN_EX *r_u) { - WERROR status = WERR_OK; pstring shutdown_script; - UNISTR2 unimsg = q_u->uni_msg; pstring message; pstring chkmsg; fstring timeout; + fstring reason; fstring r; fstring f; + int ret; + BOOL can_shutdown; + + pstrcpy(shutdown_script, lp_shutdown_script()); - /* message */ - rpcstr_pull (message, unimsg.buffer, sizeof(message), unimsg.uni_str_len*2,0); - /* security check */ + if ( !*shutdown_script ) + return WERR_ACCESS_DENIED; + + /* pull the message string and perform necessary sanity checks on it */ + + pstrcpy( message, "" ); + if ( q_u->message ) { + UNISTR2 *msg_string = q_u->message->string; + + rpcstr_pull( message, msg_string->buffer, sizeof(message), msg_string->uni_str_len*2, 0 ); + } alpha_strcpy (chkmsg, message, NULL, sizeof(message)); - /* timeout */ + fstr_sprintf(timeout, "%d", q_u->timeout); - /* reboot */ fstr_sprintf(r, (q_u->reboot) ? SHUTDOWN_R_STRING : ""); - /* force */ fstr_sprintf(f, (q_u->force) ? SHUTDOWN_F_STRING : ""); + fstr_sprintf( reason, "%d", q_u->reason ); - pstrcpy(shutdown_script, lp_shutdown_script()); + all_string_sub( shutdown_script, "%z", chkmsg, sizeof(shutdown_script) ); + all_string_sub( shutdown_script, "%t", timeout, sizeof(shutdown_script) ); + all_string_sub( shutdown_script, "%r", r, sizeof(shutdown_script) ); + all_string_sub( shutdown_script, "%f", f, sizeof(shutdown_script) ); + all_string_sub( shutdown_script, "%x", reason, sizeof(shutdown_script) ); + + can_shutdown = user_has_privileges( p->pipe_user.nt_user_token, &se_remote_shutdown ); + + /* IF someone has privs, run the shutdown script as root. OTHERWISE run it as not root + Take the error return from the script and provide it as the Windows return code. */ + + /********** BEGIN SeRemoteShutdownPrivilege BLOCK **********/ + + if ( can_shutdown ) + become_root(); - if(*shutdown_script) { - int shutdown_ret; - SE_PRIV se_shutdown = SE_REMOTE_SHUTDOWN; - BOOL can_shutdown; + ret = smbrun( shutdown_script, NULL ); - can_shutdown = user_has_privileges( p->pipe_user.nt_user_token, &se_shutdown ); + if ( can_shutdown ) + unbecome_root(); + + /********** END SeRemoteShutdownPrivilege BLOCK **********/ + + DEBUG(3,("_reg_shutdown_ex: Running the command `%s' gave %d\n", + shutdown_script, ret)); - /********** BEGIN SeRemoteShutdownPrivilege BLOCK **********/ - if ( can_shutdown ) - become_root(); - all_string_sub(shutdown_script, "%m", chkmsg, sizeof(shutdown_script)); - all_string_sub(shutdown_script, "%t", timeout, sizeof(shutdown_script)); - all_string_sub(shutdown_script, "%r", r, sizeof(shutdown_script)); - all_string_sub(shutdown_script, "%f", f, sizeof(shutdown_script)); - shutdown_ret = smbrun(shutdown_script,NULL); - DEBUG(3,("_reg_shutdown: Running the command `%s' gave %d\n",shutdown_script,shutdown_ret)); - if ( can_shutdown ) - unbecome_root(); - /********** END SeRemoteShutdownPrivilege BLOCK **********/ - } - return status; + return (ret == 0) ? WERR_OK : WERR_ACCESS_DENIED; } + + + /******************************************************************* reg_abort_shutdwon ********************************************************************/ WERROR _reg_abort_shutdown(pipes_struct *p, REG_Q_ABORT_SHUTDOWN *q_u, REG_R_ABORT_SHUTDOWN *r_u) { - WERROR status = WERR_OK; pstring abort_shutdown_script; + int ret; + BOOL can_shutdown; pstrcpy(abort_shutdown_script, lp_abort_shutdown_script()); - if(*abort_shutdown_script) { - int abort_shutdown_ret; - SE_PRIV se_shutdown = SE_REMOTE_SHUTDOWN; - BOOL can_shutdown; + if ( !*abort_shutdown_script ) + return WERR_ACCESS_DENIED; - can_shutdown = user_has_privileges( p->pipe_user.nt_user_token, &se_shutdown ); + can_shutdown = user_has_privileges( p->pipe_user.nt_user_token, &se_remote_shutdown ); - /********** BEGIN SeRemoteShutdownPrivilege BLOCK **********/ - if ( can_shutdown ) - become_root(); - abort_shutdown_ret = smbrun(abort_shutdown_script,NULL); - DEBUG(3,("_reg_abort_shutdown: Running the command `%s' gave %d\n",abort_shutdown_script,abort_shutdown_ret)); - if ( can_shutdown ) - unbecome_root(); - /********** END SeRemoteShutdownPrivilege BLOCK **********/ + /********** BEGIN SeRemoteShutdownPrivilege BLOCK **********/ + + if ( can_shutdown ) + become_root(); - } + ret = smbrun( abort_shutdown_script, NULL ); + + if ( can_shutdown ) + unbecome_root(); + + /********** END SeRemoteShutdownPrivilege BLOCK **********/ - return status; + DEBUG(3,("_reg_abort_shutdown: Running the command `%s' gave %d\n", + abort_shutdown_script, ret)); + + + return (ret == 0) ? WERR_OK : WERR_ACCESS_DENIED; +} + +/******************************************************************* + ********************************************************************/ + +WERROR _reg_restore_key(pipes_struct *p, REG_Q_RESTORE_KEY *q_u, REG_R_RESTORE_KEY *r_u) +{ + REGISTRY_KEY *regkey = find_regkey_index_by_hnd( p, &q_u->pol ); + pstring filename; + + DEBUG(5,("_reg_restore_key: Enter\n")); + + /* + * basically this is a no op function which just verifies + * that the client gave us a valid registry key handle + */ + + if ( !regkey ) + return WERR_BADFID; + + rpcstr_pull(filename, q_u->filename.string->buffer, sizeof(filename), q_u->filename.string->uni_str_len*2, STR_TERMINATE); + + DEBUG(8,("_reg_restore_key: verifying restore of key [%s] from \"%s\"\n", regkey->name, filename)); + +#if 0 + validate_reg_filemame( filename ); + return restore_registry_key( regkey, filename ); +#endif + + return WERR_OK; } /******************************************************************* - REG_SAVE_KEY (0x14) ********************************************************************/ WERROR _reg_save_key(pipes_struct *p, REG_Q_SAVE_KEY *q_u, REG_R_SAVE_KEY *r_u) { REGISTRY_KEY *regkey = find_regkey_index_by_hnd( p, &q_u->pol ); + pstring filename; DEBUG(5,("_reg_save_key: Enter\n")); /* - * basically this is a no op function which just gverifies + * basically this is a no op function which just verifies * that the client gave us a valid registry key handle */ if ( !regkey ) - return WERR_BADFID; /* This will be reported as an RPC fault anyway. */ + return WERR_BADFID; - DEBUG(8,("_reg_save_key: berifying backup of key [%s]\n", regkey->name)); - + rpcstr_pull(filename, q_u->filename.string->buffer, sizeof(filename), q_u->filename.string->uni_str_len*2, STR_TERMINATE); + + DEBUG(8,("_reg_save_key: verifying backup of key [%s] to \"%s\"\n", regkey->name, filename)); + +#if 0 + validate_reg_filemame( filename ); + return backup_registry_key( regkey, filename ); +#endif return WERR_OK; } |