svn commit: samba r6910 - in trunk/source: include registry rpc_server

jerry at samba.org jerry at samba.org
Thu May 19 17:00:41 GMT 2005 

Author: jerry
Date: 2005-05-19 17:00:41 +0000 (Thu, 19 May 2005)
New Revision: 6910

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=6910

Log:
* Fix size calculation of sk_record
* add REG_KEY_XXX permissions sets
* set owner for default registry sd



Modified:
   trunk/source/include/rpc_secdes.h
   trunk/source/registry/regfio.c
   trunk/source/rpc_server/srv_reg_nt.c


Changeset:
Modified: trunk/source/include/rpc_secdes.h
===================================================================
--- trunk/source/include/rpc_secdes.h	2005-05-19 16:38:04 UTC (rev 6909)
+++ trunk/source/include/rpc_secdes.h	2005-05-19 17:00:41 UTC (rev 6910)
@@ -22,16 +22,6 @@
 #ifndef _RPC_SECDES_H /* _RPC_SECDES_H */
 #define _RPC_SECDES_H 
 
-#define SEC_RIGHTS_QUERY_VALUE		0x00000001
-#define SEC_RIGHTS_SET_VALUE		0x00000002
-#define SEC_RIGHTS_CREATE_SUBKEY	0x00000004
-#define SEC_RIGHTS_ENUM_SUBKEYS		0x00000008
-#define SEC_RIGHTS_NOTIFY		0x00000010
-#define SEC_RIGHTS_CREATE_LINK		0x00000020
-#define SEC_RIGHTS_READ			0x00020019
-#define SEC_RIGHTS_FULL_CONTROL		0x000f003f
-#define SEC_RIGHTS_MAXIMUM_ALLOWED	0x02000000
-
 /* for ADS */
 #define	SEC_RIGHTS_LIST_CONTENTS	0x4
 #define SEC_RIGHTS_LIST_OBJECT		0x80
@@ -518,5 +508,39 @@
 	  SC_RIGHT_SVC_INTERROGATE		| \
 	  SC_RIGHT_SVC_USER_DEFINED_CONTROL )
 
+/*
+ * Access Bits for registry ACLS
+ */
 
+/* used by registry ACLs */
+
+#define SEC_RIGHTS_QUERY_VALUE		0x00000001
+#define SEC_RIGHTS_SET_VALUE		0x00000002
+#define SEC_RIGHTS_CREATE_SUBKEY	0x00000004
+#define SEC_RIGHTS_ENUM_SUBKEYS		0x00000008
+#define SEC_RIGHTS_NOTIFY		0x00000010
+#define SEC_RIGHTS_CREATE_LINK		0x00000020
+#define SEC_RIGHTS_MAXIMUM_ALLOWED	0x02000000
+
+
+#define REG_KEY_READ \
+	( STANDARD_RIGHTS_READ_ACCESS 		|\
+	  SEC_RIGHTS_QUERY_VALUE 		|\
+	  SEC_RIGHTS_ENUM_SUBKEYS 		|\
+	  SEC_RIGHTS_NOTIFY )
+	  
+#define REG_KEY_EXECUTE	REG_KEY_READ
+
+#define REG_KEY_WRITE \
+	( STANDARD_RIGHTS_READ_ACCESS 		|\
+	  SEC_RIGHTS_SET_VALUE 			|\
+	  SEC_RIGHTS_CREATE_SUBKEY )
+
+#define REG_KEY_ALL \
+	( STANDARD_RIGHTS_REQUIRED_ACCESS 	|\
+	  REG_KEY_READ 				|\
+	  REG_KEY_WRITE 			|\
+	  SEC_RIGHTS_CREATE_LINK )
+
+
 #endif /* _RPC_SECDES_H */

Modified: trunk/source/registry/regfio.c
===================================================================
--- trunk/source/registry/regfio.c	2005-05-19 16:38:04 UTC (rev 6909)
+++ trunk/source/registry/regfio.c	2005-05-19 17:00:41 UTC (rev 6910)
@@ -1756,7 +1756,9 @@
 
 			nk->sec_desc->sec_desc  = sec_desc;
 			nk->sec_desc->ref_count = 0;
-			nk->sec_desc->size      = sec_desc_size(sec_desc);
+			
+			/* size value must be self-inclusive */
+			nk->sec_desc->size      = sec_desc_size(sec_desc) + sizeof(uint32);
 
 			DLIST_ADD_END( file->sec_desc_list, nk->sec_desc, tmp );
 
@@ -1797,7 +1799,7 @@
 		memcpy( nk->subkeys.header, "lf", REC_HDR_SIZE );
 		
 		nk->subkeys.num_keys = nk->num_subkeys;
-		if ( !(nk->subkeys.hashes = TALLOC_ARRAY( file->mem_ctx, REGF_HASH_REC, nk->subkeys.num_keys )) )
+		if ( !(nk->subkeys.hashes = TALLOC_ZERO_ARRAY( file->mem_ctx, REGF_HASH_REC, nk->subkeys.num_keys )) )
 			return NULL;
 		nk->subkey_index = 0;
 

Modified: trunk/source/rpc_server/srv_reg_nt.c
===================================================================
--- trunk/source/rpc_server/srv_reg_nt.c	2005-05-19 16:38:04 UTC (rev 6909)
+++ trunk/source/rpc_server/srv_reg_nt.c	2005-05-19 17:00:41 UTC (rev 6910)
@@ -41,7 +41,7 @@
 
 /* no idea if this is correct, just use the file access bits for now */
 
-struct generic_mapping reg_map = { GENERIC_RIGHTS_FILE_READ, GENERIC_RIGHTS_FILE_WRITE, GENERIC_RIGHTS_FILE_EXECUTE, GENERIC_RIGHTS_FILE_ALL_ACCESS };
+struct generic_mapping reg_map = { REG_KEY_READ, REG_KEY_WRITE, REG_KEY_EXECUTE, REG_KEY_ALL };
 
 static REGISTRY_KEY *regkeys_list;
 
@@ -875,12 +875,18 @@
 
 static WERROR make_default_reg_sd( TALLOC_CTX *ctx, SEC_DESC **psd )
 {
-	DOM_SID adm_sid;
+	DOM_SID adm_sid, owner_sid;
 	SEC_ACE ace[2];         /* at most 2 entries */
 	SEC_ACCESS mask;
 	SEC_ACL *psa = NULL;
 	uint32 sd_size;
 
+	/* set the owner to BUILTIN\Administrator */
+
+	sid_copy(&owner_sid, &global_sid_Builtin);
+	sid_append_rid(&owner_sid, DOMAIN_USER_RID_ADMIN );
+	
+
 	/* basic access for Everyone */
 
 	init_sec_access(&mask, reg_map.generic_execute | reg_map.generic_read );
@@ -898,7 +904,7 @@
         if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 2, ace)) == NULL)
                 return WERR_NOMEM;
 
-        if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL, psa, &sd_size)) == NULL)
+        if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, &owner_sid, NULL, NULL, psa, &sd_size)) == NULL)
                 return WERR_NOMEM;
 
 	return WERR_OK;

More information about the samba-cvs mailing list