/* * Unix SMB/CIFS implementation. * RPC Pipe client / server routines * Copyright (C) Andrew Tridgell 1992-1997. * Copyright (C) Luke Kenneth Casson Leighton 1996-1997. * Copyright (C) Paul Ashton 1997. * Copyright (C) Jeremy Allison 2001. * Copyright (C) Gerald Carter 2002-2005. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ /* Implementation of registry functions. */ #include "includes.h" #include "regfio.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_RPC_SRV static struct generic_mapping reg_generic_map = { REG_KEY_READ, REG_KEY_WRITE, REG_KEY_EXECUTE, REG_KEY_ALL }; /****************************************************************** free() function for REGISTRY_KEY *****************************************************************/ static void free_regkey_info(void *ptr) { regkey_close_internal( (REGISTRY_KEY*)ptr ); } /****************************************************************** Find a registry key handle and return a REGISTRY_KEY *****************************************************************/ static REGISTRY_KEY *find_regkey_index_by_hnd(pipes_struct *p, POLICY_HND *hnd) { REGISTRY_KEY *regkey = NULL; if(!find_policy_by_hnd(p,hnd,(void **)(void *)®key)) { DEBUG(2,("find_regkey_index_by_hnd: Registry Key not found: ")); return NULL; } return regkey; } /******************************************************************* Function for open a new registry handle and creating a handle Note that P should be valid & hnd should already have space When we open a key, we store the full path to the key as HK[LM|U]\\\... *******************************************************************/ static WERROR open_registry_key( pipes_struct *p, POLICY_HND *hnd, REGISTRY_KEY **keyinfo, REGISTRY_KEY *parent, const char *subkeyname, uint32 access_desired ) { pstring keypath; int path_len; WERROR result = WERR_OK; /* create a full registry path and strip any trailing '\' characters */ pstr_sprintf( keypath, "%s%s%s", parent ? parent->name : "", parent ? "\\" : "", subkeyname ); path_len = strlen( keypath ); if ( path_len && keypath[path_len-1] == '\\' ) keypath[path_len-1] = '\0'; /* now do the internal open */ result = regkey_open_internal( keyinfo, keypath, p->pipe_user.nt_user_token, access_desired ); if ( !W_ERROR_IS_OK(result) ) return result; if ( !create_policy_hnd( p, hnd, free_regkey_info, *keyinfo ) ) { result = WERR_BADFILE; regkey_close_internal( *keyinfo ); } return result; } /******************************************************************* Function for open a new registry handle and creating a handle Note that P should be valid & hnd should already have space *******************************************************************/ static BOOL close_registry_key(pipes_struct *p, POLICY_HND *hnd) { REGISTRY_KEY *regkey = find_regkey_index_by_hnd(p, hnd); if ( !regkey ) { DEBUG(2,("close_registry_key: Invalid handle (%s:%u:%u)\n", OUR_HANDLE(hnd))); return False; } close_policy_hnd(p, hnd); return True; } /******************************************************************** retrieve information about the subkeys *******************************************************************/ static BOOL get_subkey_information( REGISTRY_KEY *key, uint32 *maxnum, uint32 *maxlen ) { int num_subkeys, i; uint32 max_len; REGSUBKEY_CTR *subkeys; uint32 len; if ( !key ) return False; if ( !(subkeys = TALLOC_ZERO_P( NULL, REGSUBKEY_CTR )) ) return False; if ( fetch_reg_keys( key, subkeys ) == -1 ) return False; /* find the longest string */ max_len = 0; num_subkeys = regsubkey_ctr_numkeys( subkeys ); for ( i=0; ivaluename ? strlen(val->valuename)+1 : 0 ); sizemax = MAX(sizemax, val->size ); val = regval_ctr_specific_value( values, i ); } *maxnum = num_values; *maxlen = lenmax; *maxsize = sizemax; TALLOC_FREE( values ); return True; } /******************************************************************** reg_close ********************************************************************/ WERROR _reg_close(pipes_struct *p, REG_Q_CLOSE *q_u, REG_R_CLOSE *r_u) { /* close the policy handle */ if (!close_registry_key(p, &q_u->pol)) return WERR_BADFID; return WERR_OK; } /******************************************************************* ********************************************************************/ WERROR _reg_open_hklm(pipes_struct *p, REG_Q_OPEN_HIVE *q_u, REG_R_OPEN_HIVE *r_u) { REGISTRY_KEY *keyinfo; return open_registry_key( p, &r_u->pol, &keyinfo, NULL, KEY_HKLM, q_u->access ); } /******************************************************************* ********************************************************************/ WERROR _reg_open_hkpd(pipes_struct *p, REG_Q_OPEN_HIVE *q_u, REG_R_OPEN_HIVE *r_u) { REGISTRY_KEY *keyinfo; return open_registry_key( p, &r_u->pol, &keyinfo, NULL, KEY_HKPD, q_u->access ); } /******************************************************************* ********************************************************************/ WERROR _reg_open_hkpt(pipes_struct *p, REG_Q_OPEN_HIVE *q_u, REG_R_OPEN_HIVE *r_u) { REGISTRY_KEY *keyinfo; return open_registry_key( p, &r_u->pol, &keyinfo, NULL, KEY_HKPT, q_u->access ); } /******************************************************************* ********************************************************************/ WERROR _reg_open_hkcr(pipes_struct *p, REG_Q_OPEN_HIVE *q_u, REG_R_OPEN_HIVE *r_u) { REGISTRY_KEY *keyinfo; return open_registry_key( p, &r_u->pol, &keyinfo, NULL, KEY_HKCR, q_u->access ); } /******************************************************************* ********************************************************************/ WERROR _reg_open_hku(pipes_struct *p, REG_Q_OPEN_HIVE *q_u, REG_R_OPEN_HIVE *r_u) { REGISTRY_KEY *keyinfo; return open_registry_key( p, &r_u->pol, &keyinfo, NULL, KEY_HKU, q_u->access ); } /******************************************************************* reg_reply_open_entry ********************************************************************/ WERROR _reg_open_entry(pipes_struct *p, REG_Q_OPEN_ENTRY *q_u, REG_R_OPEN_ENTRY *r_u) { fstring name; REGISTRY_KEY *parent = find_regkey_index_by_hnd(p, &q_u->pol); REGISTRY_KEY *newkey = NULL; uint32 check_rights; if ( !parent ) return WERR_BADFID; rpcstr_pull( name, q_u->name.string->buffer, sizeof(name), q_u->name.string->uni_str_len*2, 0 ); /* check granted access first; what is the correct mask here? */ check_rights = ( SEC_RIGHTS_ENUM_SUBKEYS| SEC_RIGHTS_CREATE_SUBKEY| SEC_RIGHTS_QUERY_VALUE| SEC_RIGHTS_SET_VALUE); if ( !(parent->access_granted & check_rights) ) { DEBUG(8,("Rights check failed, parent had %04x, check_rights %04x\n",parent->access_granted, check_rights)); return WERR_ACCESS_DENIED; } /* * very crazy, but regedit.exe on Win2k will attempt to call * REG_OPEN_ENTRY with a keyname of "". We should return a new * (second) handle here on the key->name. regedt32.exe does * not do this stupidity. --jerry */ return open_registry_key( p, &r_u->handle, &newkey, parent, name, q_u->access ); } /******************************************************************* reg_reply_info ********************************************************************/ WERROR _reg_query_value(pipes_struct *p, REG_Q_QUERY_VALUE *q_u, REG_R_QUERY_VALUE *r_u) { WERROR status = WERR_BADFILE; fstring name; REGISTRY_KEY *regkey = find_regkey_index_by_hnd( p, &q_u->pol ); REGISTRY_VALUE *val = NULL; REGVAL_CTR *regvals; int i; if ( !regkey ) return WERR_BADFID; DEBUG(7,("_reg_info: policy key name = [%s]\n", regkey->name)); DEBUG(7,("_reg_info: policy key type = [%08x]\n", regkey->type)); rpcstr_pull(name, q_u->name.string->buffer, sizeof(name), q_u->name.string->uni_str_len*2, 0); DEBUG(5,("_reg_info: looking up value: [%s]\n", name)); if ( !(regvals = TALLOC_ZERO_P( p->mem_ctx, REGVAL_CTR )) ) return WERR_NOMEM; /* Handle QueryValue calls on HKEY_PERFORMANCE_DATA */ if(regkey->type == REG_KEY_HKPD) { if(strequal(name, "Global")) { uint32 outbuf_len; prs_struct prs_hkpd; prs_init(&prs_hkpd, q_u->bufsize, p->mem_ctx, MARSHALL); status = reg_perfcount_get_hkpd(&prs_hkpd, q_u->bufsize, &outbuf_len, NULL); regval_ctr_addvalue(regvals, "HKPD", REG_BINARY, prs_hkpd.data_p, outbuf_len); val = dup_registry_value(regval_ctr_specific_value(regvals, 0)); prs_mem_free(&prs_hkpd); } else if(strequal(name, "Counter 009")) { uint32 base_index; uint32 buffer_size; char *buffer; buffer = NULL; base_index = reg_perfcount_get_base_index(); buffer_size = reg_perfcount_get_counter_names(base_index, &buffer); regval_ctr_addvalue(regvals, "Counter 009", REG_MULTI_SZ, buffer, buffer_size); val = dup_registry_value(regval_ctr_specific_value(regvals, 0)); if(buffer_size > 0) { SAFE_FREE(buffer); status = WERR_OK; } } else if(strequal(name, "Explain 009")) { uint32 base_index; uint32 buffer_size; char *buffer; buffer = NULL; base_index = reg_perfcount_get_base_index(); buffer_size = reg_perfcount_get_counter_help(base_index, &buffer); regval_ctr_addvalue(regvals, "Explain 009", REG_MULTI_SZ, buffer, buffer_size); val = dup_registry_value(regval_ctr_specific_value(regvals, 0)); if(buffer_size > 0) { SAFE_FREE(buffer); status = WERR_OK; } } else if(isdigit(name[0])) { /* we probably have a request for a specific object here */ uint32 outbuf_len; prs_struct prs_hkpd; prs_init(&prs_hkpd, q_u->bufsize, p->mem_ctx, MARSHALL); status = reg_perfcount_get_hkpd(&prs_hkpd, q_u->bufsize, &outbuf_len, name); regval_ctr_addvalue(regvals, "HKPD", REG_BINARY, prs_hkpd.data_p, outbuf_len); val = dup_registry_value(regval_ctr_specific_value(regvals, 0)); prs_mem_free(&prs_hkpd); } else { DEBUG(3,("Unsupported key name [%s] for HKPD.\n", name)); return WERR_BADFILE; } } /* HKPT calls can be handled out of reg_dynamic.c with the hkpt_params handler */ else { for ( i=0; fetch_reg_values_specific(regkey, &val, i); i++ ) { DEBUG(10,("_reg_info: Testing value [%s]\n", val->valuename)); if ( strequal( val->valuename, name ) ) { DEBUG(10,("_reg_info: Found match for value [%s]\n", name)); status = WERR_OK; break; } free_registry_value( val ); } } init_reg_r_query_value(q_u->ptr_buf, r_u, val, status); TALLOC_FREE( regvals ); free_registry_value( val ); return status; } /***************************************************************************** Implementation of REG_QUERY_KEY ****************************************************************************/ WERROR _reg_query_key(pipes_struct *p, REG_Q_QUERY_KEY *q_u, REG_R_QUERY_KEY *r_u) { WERROR status = WERR_OK; REGISTRY_KEY *regkey = find_regkey_index_by_hnd( p, &q_u->pol ); if ( !regkey ) return WERR_BADFID; if ( !get_subkey_information( regkey, &r_u->num_subkeys, &r_u->max_subkeylen ) ) { DEBUG(0,("_reg_query_key: get_subkey_information() failed!\n")); return WERR_ACCESS_DENIED; } if ( !get_value_information( regkey, &r_u->num_values, &r_u->max_valnamelen, &r_u->max_valbufsize ) ) { DEBUG(0,("_reg_query_key: get_value_information() failed!\n")); return WERR_ACCESS_DENIED; } r_u->sec_desc = 0x00000078; /* size for key's sec_desc */ /* Win9x set this to 0x0 since it does not keep timestamps. Doing the same here for simplicity --jerry */ ZERO_STRUCT(r_u->mod_time); return status; } /***************************************************************************** Implementation of REG_GETVERSION ****************************************************************************/ WERROR _reg_getversion(pipes_struct *p, REG_Q_GETVERSION *q_u, REG_R_GETVERSION *r_u) { WERROR status = WERR_OK; REGISTRY_KEY *regkey = find_regkey_index_by_hnd( p, &q_u->pol ); if ( !regkey ) return WERR_BADFID; r_u->win_version = 0x00000005; /* Windows 2000 registry API version */ return status; } /***************************************************************************** Implementation of REG_ENUM_KEY ****************************************************************************/ WERROR _reg_enum_key(pipes_struct *p, REG_Q_ENUM_KEY *q_u, REG_R_ENUM_KEY *r_u) { WERROR status = WERR_OK; REGISTRY_KEY *regkey = find_regkey_index_by_hnd( p, &q_u->pol ); char *subkey = NULL; if ( !regkey ) return WERR_BADFID; DEBUG(8,("_reg_enum_key: enumerating key [%s]\n", regkey->name)); if ( !fetch_reg_keys_specific( regkey, &subkey, q_u->key_index ) ) { status = WERR_NO_MORE_ITEMS; goto done; } DEBUG(10,("_reg_enum_key: retrieved subkey named [%s]\n", subkey)); /* subkey has the string name now */ init_reg_r_enum_key( r_u, subkey ); done: SAFE_FREE( subkey ); return status; } /***************************************************************************** Implementation of REG_ENUM_VALUE ****************************************************************************/ WERROR _reg_enum_value(pipes_struct *p, REG_Q_ENUM_VALUE *q_u, REG_R_ENUM_VALUE *r_u) { WERROR status = WERR_OK; REGISTRY_KEY *regkey = find_regkey_index_by_hnd( p, &q_u->pol ); REGISTRY_VALUE *val; if ( !regkey ) return WERR_BADFID; DEBUG(8,("_reg_enum_value: enumerating values for key [%s]\n", regkey->name)); if ( !fetch_reg_values_specific( regkey, &val, q_u->val_index ) ) { status = WERR_NO_MORE_ITEMS; goto done; } #if 0 /* JERRY TEST CODE */ if ( val->type == REG_MULTI_SZ ) { char **str; int num_strings = regval_convert_multi_sz( (uint16*)regval_data_p(val), regval_size(val), &str ); uint16 *buffer; size_t buf_size; if ( num_strings ) buf_size = regval_build_multi_sz( str, &buffer ); TALLOC_FREE( str ); TALLOC_FREE( buffer ); } #endif DEBUG(10,("_reg_enum_value: retrieved value named [%s]\n", val->valuename)); /* subkey has the string name now */ init_reg_r_enum_val( r_u, val ); done: free_registry_value( val ); return status; } /******************************************************************* reg_shutdwon ********************************************************************/ WERROR _reg_shutdown(pipes_struct *p, REG_Q_SHUTDOWN *q_u, REG_R_SHUTDOWN *r_u) { REG_Q_SHUTDOWN_EX q_u_ex; REG_R_SHUTDOWN_EX r_u_ex; /* copy fields (including stealing memory) */ q_u_ex.server = q_u->server; q_u_ex.message = q_u->message; q_u_ex.timeout = q_u->timeout; q_u_ex.force = q_u->force; q_u_ex.reboot = q_u->reboot; q_u_ex.reason = 0x0; /* don't care for now */ /* thunk down to _reg_shutdown_ex() (just returns a status) */ return _reg_shutdown_ex( p, &q_u_ex, &r_u_ex ); } /******************************************************************* reg_shutdown_ex ********************************************************************/ #define SHUTDOWN_R_STRING "-r" #define SHUTDOWN_F_STRING "-f" WERROR _reg_shutdown_ex(pipes_struct *p, REG_Q_SHUTDOWN_EX *q_u, REG_R_SHUTDOWN_EX *r_u) { pstring shutdown_script; pstring message; pstring chkmsg; fstring timeout; fstring reason; fstring r; fstring f; int ret; BOOL can_shutdown; pstrcpy(shutdown_script, lp_shutdown_script()); if ( !*shutdown_script ) return WERR_ACCESS_DENIED; /* pull the message string and perform necessary sanity checks on it */ pstrcpy( message, "" ); if ( q_u->message ) { UNISTR2 *msg_string = q_u->message->string; rpcstr_pull( message, msg_string->buffer, sizeof(message), msg_string->uni_str_len*2, 0 ); } alpha_strcpy (chkmsg, message, NULL, sizeof(message)); fstr_sprintf(timeout, "%d", q_u->timeout); fstr_sprintf(r, (q_u->reboot) ? SHUTDOWN_R_STRING : ""); fstr_sprintf(f, (q_u->force) ? SHUTDOWN_F_STRING : ""); fstr_sprintf( reason, "%d", q_u->reason ); all_string_sub( shutdown_script, "%z", chkmsg, sizeof(shutdown_script) ); all_string_sub( shutdown_script, "%t", timeout, sizeof(shutdown_script) ); all_string_sub( shutdown_script, "%r", r, sizeof(shutdown_script) ); all_string_sub( shutdown_script, "%f", f, sizeof(shutdown_script) ); all_string_sub( shutdown_script, "%x", reason, sizeof(shutdown_script) ); can_shutdown = user_has_privileges( p->pipe_user.nt_user_token, &se_remote_shutdown ); /* IF someone has privs, run the shutdown script as root. OTHERWISE run it as not root Take the error return from the script and provide it as the Windows return code. */ /********** BEGIN SeRemoteShutdownPrivilege BLOCK **********/ if ( can_shutdown ) become_root(); ret = smbrun( shutdown_script, NULL ); if ( can_shutdown ) unbecome_root(); /********** END SeRemoteShutdownPrivilege BLOCK **********/ DEBUG(3,("_reg_shutdown_ex: Running the command `%s' gave %d\n", shutdown_script, ret)); return (ret == 0) ? WERR_OK : WERR_ACCESS_DENIED; } /******************************************************************* reg_abort_shutdwon ********************************************************************/ WERROR _reg_abort_shutdown(pipes_struct *p, REG_Q_ABORT_SHUTDOWN *q_u, REG_R_ABORT_SHUTDOWN *r_u) { pstring abort_shutdown_script; int ret; BOOL can_shutdown; pstrcpy(abort_shutdown_script, lp_abort_shutdown_script()); if ( !*abort_shutdown_script ) return WERR_ACCESS_DENIED; can_shutdown = user_has_privileges( p->pipe_user.nt_user_token, &se_remote_shutdown ); /********** BEGIN SeRemoteShutdownPrivilege BLOCK **********/ if ( can_shutdown ) become_root(); ret = smbrun( abort_shutdown_script, NULL ); if ( can_shutdown ) unbecome_root(); /********** END SeRemoteShutdownPrivilege BLOCK **********/ DEBUG(3,("_reg_abort_shutdown: Running the command `%s' gave %d\n", abort_shutdown_script, ret)); return (ret == 0) ? WERR_OK : WERR_ACCESS_DENIED; } /******************************************************************* ********************************************************************/ static int validate_reg_filename( pstring fname ) { char *p; int num_services = lp_numservices(); int snum; pstring share_path; pstring unix_fname; /* convert to a unix path, stripping the C:\ along the way */ if ( !(p = valid_share_pathname( fname ) )) return -1; /* has to exist within a valid file share */ for ( snum=0; snummem_ctx, REGSUBKEY_CTR )) ) return WERR_NOMEM; if ( !(values = TALLOC_ZERO_P( subkeys, REGVAL_CTR )) ) return WERR_NOMEM; /* copy values into the REGVAL_CTR */ for ( i=0; inum_values; i++ ) { regval_ctr_addvalue( values, key->values[i].valuename, key->values[i].type, (char*)key->values[i].data, (key->values[i].data_size & ~VK_DATA_IN_OFFSET) ); } /* copy subkeys into the REGSUBKEY_CTR */ key->subkey_index = 0; while ( (subkey = regfio_fetch_subkey( regfile, key )) ) { regsubkey_ctr_addkey( subkeys, subkey->keyname ); } /* write this key and values out */ if ( !store_reg_values( ®istry_key, values ) || !store_reg_keys( ®istry_key, subkeys ) ) { DEBUG(0,("reg_load_tree: Failed to load %s!\n", topkeypath)); result = WERR_REG_IO_FAILURE; } TALLOC_FREE( subkeys ); if ( !W_ERROR_IS_OK(result) ) return result; /* now continue to load each subkey registry tree */ key->subkey_index = 0; while ( (subkey = regfio_fetch_subkey( regfile, key )) ) { pstr_sprintf( path, "%s%s%s", topkeypath, "\\", subkey->keyname ); result = reg_load_tree( regfile, path, subkey ); if ( !W_ERROR_IS_OK(result) ) break; } return result; } /******************************************************************* ********************************************************************/ static WERROR restore_registry_key ( REGISTRY_KEY *krecord, const char *fname ) { REGF_FILE *regfile; REGF_NK_REC *rootkey; WERROR result; /* open the registry file....fail if the file already exists */ if ( !(regfile = regfio_open( fname, (O_RDONLY), 0 )) ) { DEBUG(0,("backup_registry_key: failed to open \"%s\" (%s)\n", fname, strerror(errno) )); return ( ntstatus_to_werror(map_nt_error_from_unix( errno )) ); } /* get the rootkey from the regf file and then load the tree via recursive calls */ if ( !(rootkey = regfio_rootkey( regfile )) ) { regfio_close( regfile ); return WERR_REG_FILE_INVALID; } result = reg_load_tree( regfile, krecord->name, rootkey ); /* cleanup */ regfio_close( regfile ); return result; } /******************************************************************* ********************************************************************/ WERROR _reg_restore_key(pipes_struct *p, REG_Q_RESTORE_KEY *q_u, REG_R_RESTORE_KEY *r_u) { REGISTRY_KEY *regkey = find_regkey_index_by_hnd( p, &q_u->pol ); pstring filename; int snum; if ( !regkey ) return WERR_BADFID; rpcstr_pull(filename, q_u->filename.string->buffer, sizeof(filename), q_u->filename.string->uni_str_len*2, STR_TERMINATE); DEBUG(8,("_reg_restore_key: verifying restore of key [%s] from \"%s\"\n", regkey->name, filename)); if ( (snum = validate_reg_filename( filename )) == -1 ) return WERR_OBJECT_PATH_INVALID; /* user must posses SeRestorePrivilege for this this proceed */ if ( !user_has_privileges( p->pipe_user.nt_user_token, &se_restore ) ) return WERR_ACCESS_DENIED; DEBUG(2,("_reg_restore_key: Restoring [%s] from %s in share %s\n", regkey->name, filename, lp_servicename(snum) )); return restore_registry_key( regkey, filename ); } /******************************************************************** ********************************************************************/ static WERROR reg_write_tree( REGF_FILE *regfile, const char *keypath, REGF_NK_REC *parent, SEC_DESC *sec_desc ) { REGF_NK_REC *key; REGVAL_CTR *values; REGSUBKEY_CTR *subkeys; int i, num_subkeys; pstring key_tmp; char *keyname, *parentpath; pstring subkeypath; char *subkeyname; REGISTRY_KEY registry_key; WERROR result = WERR_OK; if ( !regfile ) return WERR_GENERAL_FAILURE; if ( !keypath ) return WERR_OBJECT_PATH_INVALID; /* split up the registry key path */ pstrcpy( key_tmp, keypath ); if ( !reg_split_key( key_tmp, &parentpath, &keyname ) ) return WERR_OBJECT_PATH_INVALID; if ( !keyname ) keyname = parentpath; /* we need a REGISTRY_KEY object here to enumerate subkeys and values */ ZERO_STRUCT( registry_key ); pstrcpy( registry_key.name, keypath ); if ( !(registry_key.hook = reghook_cache_find( registry_key.name )) ) return WERR_BADFILE; /* lookup the values and subkeys */ if ( !(subkeys = TALLOC_ZERO_P( regfile->mem_ctx, REGSUBKEY_CTR )) ) return WERR_NOMEM; if ( !(values = TALLOC_ZERO_P( subkeys, REGVAL_CTR )) ) return WERR_NOMEM; fetch_reg_keys( ®istry_key, subkeys ); fetch_reg_values( ®istry_key, values ); /* write out this key */ if ( !(key = regfio_write_key( regfile, keyname, values, subkeys, sec_desc, parent )) ) { result = WERR_CAN_NOT_COMPLETE; goto done; } /* write each one of the subkeys out */ num_subkeys = regsubkey_ctr_numkeys( subkeys ); for ( i=0; imem_ctx, &sd )) ) { regfio_close( regfile ); return result; } /* write the registry tree to the file */ result = reg_write_tree( regfile, krecord->name, NULL, sd ); /* cleanup */ regfio_close( regfile ); return result; } /******************************************************************* ********************************************************************/ WERROR _reg_save_key(pipes_struct *p, REG_Q_SAVE_KEY *q_u, REG_R_SAVE_KEY *r_u) { REGISTRY_KEY *regkey = find_regkey_index_by_hnd( p, &q_u->pol ); pstring filename; int snum; if ( !regkey ) return WERR_BADFID; rpcstr_pull(filename, q_u->filename.string->buffer, sizeof(filename), q_u->filename.string->uni_str_len*2, STR_TERMINATE); DEBUG(8,("_reg_save_key: verifying backup of key [%s] to \"%s\"\n", regkey->name, filename)); if ( (snum = validate_reg_filename( filename )) == -1 ) return WERR_OBJECT_PATH_INVALID; DEBUG(2,("_reg_save_key: Saving [%s] to %s in share %s\n", regkey->name, filename, lp_servicename(snum) )); return backup_registry_key( regkey, filename ); } /******************************************************************* ********************************************************************/ WERROR _reg_create_key_ex(pipes_struct *p, REG_Q_CREATE_KEY_EX *q_u, REG_R_CREATE_KEY_EX *r_u) { REGISTRY_KEY *parent = find_regkey_index_by_hnd(p, &q_u->handle); REGISTRY_KEY *newparentinfo, *keyinfo; POLICY_HND newparent_handle; REGSUBKEY_CTR *subkeys; BOOL write_result; pstring name; WERROR result; if ( !parent ) return WERR_BADFID; rpcstr_pull( name, q_u->name.string->buffer, sizeof(name), q_u->name.string->uni_str_len*2, 0 ); /* ok. Here's what we do. */ if ( strrchr( name, '\\' ) ) { pstring newkeyname; char *ptr; /* (1) check for enumerate rights on the parent handle. CLients can try create things like 'SOFTWARE\Samba' on the HKLM handle. (2) open the path to the child parent key if necessary */ if ( !(parent->access_granted & SEC_RIGHTS_ENUM_SUBKEYS) ) return WERR_ACCESS_DENIED; pstrcpy( newkeyname, name ); ptr = strrchr( newkeyname, '\\' ); *ptr = '\0'; result = open_registry_key( p, &newparent_handle, &newparentinfo, parent, newkeyname, (REG_KEY_READ|REG_KEY_WRITE) ); if ( !W_ERROR_IS_OK(result) ) return result; /* copy the new key name (just the lower most keyname) */ pstrcpy( name, ptr+1 ); } else { /* use the existing open key information */ newparentinfo = parent; memcpy( &newparent_handle, &q_u->handle, sizeof(POLICY_HND) ); } /* (3) check for create subkey rights on the correct parent */ if ( !(newparentinfo->access_granted & SEC_RIGHTS_CREATE_SUBKEY) ) { result = WERR_ACCESS_DENIED; goto done; } if ( !(subkeys = TALLOC_ZERO_P( p->mem_ctx, REGSUBKEY_CTR )) ) { result = WERR_NOMEM; goto done; } /* (4) lookup the current keys and add the new one */ fetch_reg_keys( newparentinfo, subkeys ); regsubkey_ctr_addkey( subkeys, name ); /* now write to the registry backend */ write_result = store_reg_keys( newparentinfo, subkeys ); TALLOC_FREE( subkeys ); if ( !write_result ) return WERR_REG_IO_FAILURE; /* (5) open the new key and return the handle. Note that it is probably not correct to grant full access on this open handle. */ result = open_registry_key( p, &r_u->handle, &keyinfo, newparentinfo, name, REG_KEY_READ ); keyinfo->access_granted = REG_KEY_ALL; done: /* close any intermediate key handles */ if ( newparentinfo != parent ) close_registry_key( p, &newparent_handle ); return result; } /******************************************************************* ********************************************************************/ WERROR _reg_set_value(pipes_struct *p, REG_Q_SET_VALUE *q_u, REG_R_SET_VALUE *r_u) { REGISTRY_KEY *key = find_regkey_index_by_hnd(p, &q_u->handle); REGVAL_CTR *values; BOOL write_result; fstring valuename; if ( !key ) return WERR_BADFID; /* access checks first */ if ( !(key->access_granted & SEC_RIGHTS_SET_VALUE) ) return WERR_ACCESS_DENIED; rpcstr_pull( valuename, q_u->name.string->buffer, sizeof(valuename), q_u->name.string->uni_str_len*2, 0 ); /* verify the name */ if ( !*valuename ) return WERR_INVALID_PARAM; DEBUG(8,("_reg_set_value: Setting value for [%s:%s]\n", key->name, valuename)); if ( !(values = TALLOC_ZERO_P( p->mem_ctx, REGVAL_CTR )) ) return WERR_NOMEM; /* lookup the current values and add the new one */ fetch_reg_values( key, values ); regval_ctr_addvalue( values, valuename, q_u->type, (char*)q_u->value.buffer, q_u->value.buf_len ); /* now write to the registry backend */ write_result = store_reg_values( key, values ); TALLOC_FREE( values ); if ( !write_result ) return WERR_REG_IO_FAILURE; return WERR_OK; } /******************************************************************* ********************************************************************/ WERROR _reg_delete_key(pipes_struct *p, REG_Q_DELETE_KEY *q_u, REG_R_DELETE_KEY *r_u) { REGISTRY_KEY *parent = find_regkey_index_by_hnd(p, &q_u->handle); REGISTRY_KEY *newparentinfo = NULL; POLICY_HND newparent_handle; REGSUBKEY_CTR *subkeys; BOOL write_result; pstring name; WERROR result; if ( !parent ) return WERR_BADFID; /* MSDN says parent the handle must have been opened with DELETE access */ /* (1) check for delete rights on the parent */ if ( !(parent->access_granted & STD_RIGHT_DELETE_ACCESS) ) { result = WERR_ACCESS_DENIED; goto done; } rpcstr_pull( name, q_u->name.string->buffer, sizeof(name), q_u->name.string->uni_str_len*2, 0 ); /* ok. Here's what we do. */ if ( strrchr( name, '\\' ) ) { pstring newkeyname; char *ptr; /* (2) open the path to the child parent key if necessary */ /* split the registry path and save the subkeyname */ pstrcpy( newkeyname, name ); ptr = strrchr( newkeyname, '\\' ); *ptr = '\0'; pstrcpy( name, ptr+1 ); result = open_registry_key( p, &newparent_handle, &newparentinfo, parent, newkeyname, (REG_KEY_READ|REG_KEY_WRITE) ); if ( !W_ERROR_IS_OK(result) ) return result; } else { /* use the existing open key information */ newparentinfo = parent; } if ( !(subkeys = TALLOC_ZERO_P( p->mem_ctx, REGSUBKEY_CTR )) ) { result = WERR_NOMEM; goto done; } /* lookup the current keys and delete the new one */ fetch_reg_keys( newparentinfo, subkeys ); regsubkey_ctr_delkey( subkeys, name ); /* now write to the registry backend */ write_result = store_reg_keys( newparentinfo, subkeys ); TALLOC_FREE( subkeys ); result = write_result ? WERR_OK : WERR_REG_IO_FAILURE; done: /* close any intermediate key handles */ if ( newparentinfo != parent ) close_registry_key( p, &newparent_handle ); return result; } /******************************************************************* ********************************************************************/ WERROR _reg_delete_value(pipes_struct *p, REG_Q_DELETE_VALUE *q_u, REG_R_DELETE_VALUE *r_u) { REGISTRY_KEY *key = find_regkey_index_by_hnd(p, &q_u->handle); REGVAL_CTR *values; BOOL write_result; fstring valuename; if ( !key ) return WERR_BADFID; /* access checks first */ if ( !(key->access_granted & SEC_RIGHTS_SET_VALUE) ) return WERR_ACCESS_DENIED; rpcstr_pull( valuename, q_u->name.string->buffer, sizeof(valuename), q_u->name.string->uni_str_len*2, 0 ); if ( !*valuename ) return WERR_INVALID_PARAM; DEBUG(8,("_reg_delete_value: Setting value for [%s:%s]\n", key->name, valuename)); if ( !(values = TALLOC_ZERO_P( p->mem_ctx, REGVAL_CTR )) ) return WERR_NOMEM; /* lookup the current values and add the new one */ fetch_reg_values( key, values ); regval_ctr_delvalue( values, valuename ); /* now write to the registry backend */ write_result = store_reg_values( key, values ); TALLOC_FREE( values ); if ( !write_result ) return WERR_REG_IO_FAILURE; return WERR_OK; } /******************************************************************* ********************************************************************/ WERROR _reg_get_key_sec(pipes_struct *p, REG_Q_GET_KEY_SEC *q_u, REG_R_GET_KEY_SEC *r_u) { REGISTRY_KEY *key = find_regkey_index_by_hnd(p, &q_u->handle); if ( !key ) return WERR_BADFID; /* access checks first */ if ( !(key->access_granted & STD_RIGHT_READ_CONTROL_ACCESS) ) return WERR_ACCESS_DENIED; return WERR_ACCESS_DENIED; } /******************************************************************* ********************************************************************/ WERROR _reg_set_key_sec(pipes_struct *p, REG_Q_SET_KEY_SEC *q_u, REG_R_SET_KEY_SEC *r_u) { REGISTRY_KEY *key = find_regkey_index_by_hnd(p, &q_u->handle); if ( !key ) return WERR_BADFID; /* access checks first */ if ( !(key->access_granted & STD_RIGHT_WRITE_DAC_ACCESS) ) return WERR_ACCESS_DENIED; return WERR_ACCESS_DENIED; }