svn commit: samba r6910 - in trunk/source: include registry
rpc_server
jerry at samba.org
jerry at samba.org
Thu May 19 17:00:41 GMT 2005
Author: jerry
Date: 2005-05-19 17:00:41 +0000 (Thu, 19 May 2005)
New Revision: 6910
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=6910
Log:
* Fix size calculation of sk_record
* add REG_KEY_XXX permissions sets
* set owner for default registry sd
Modified:
trunk/source/include/rpc_secdes.h
trunk/source/registry/regfio.c
trunk/source/rpc_server/srv_reg_nt.c
Changeset:
Modified: trunk/source/include/rpc_secdes.h
===================================================================
--- trunk/source/include/rpc_secdes.h 2005-05-19 16:38:04 UTC (rev 6909)
+++ trunk/source/include/rpc_secdes.h 2005-05-19 17:00:41 UTC (rev 6910)
@@ -22,16 +22,6 @@
#ifndef _RPC_SECDES_H /* _RPC_SECDES_H */
#define _RPC_SECDES_H
-#define SEC_RIGHTS_QUERY_VALUE 0x00000001
-#define SEC_RIGHTS_SET_VALUE 0x00000002
-#define SEC_RIGHTS_CREATE_SUBKEY 0x00000004
-#define SEC_RIGHTS_ENUM_SUBKEYS 0x00000008
-#define SEC_RIGHTS_NOTIFY 0x00000010
-#define SEC_RIGHTS_CREATE_LINK 0x00000020
-#define SEC_RIGHTS_READ 0x00020019
-#define SEC_RIGHTS_FULL_CONTROL 0x000f003f
-#define SEC_RIGHTS_MAXIMUM_ALLOWED 0x02000000
-
/* for ADS */
#define SEC_RIGHTS_LIST_CONTENTS 0x4
#define SEC_RIGHTS_LIST_OBJECT 0x80
@@ -518,5 +508,39 @@
SC_RIGHT_SVC_INTERROGATE | \
SC_RIGHT_SVC_USER_DEFINED_CONTROL )
+/*
+ * Access Bits for registry ACLS
+ */
+/* used by registry ACLs */
+
+#define SEC_RIGHTS_QUERY_VALUE 0x00000001
+#define SEC_RIGHTS_SET_VALUE 0x00000002
+#define SEC_RIGHTS_CREATE_SUBKEY 0x00000004
+#define SEC_RIGHTS_ENUM_SUBKEYS 0x00000008
+#define SEC_RIGHTS_NOTIFY 0x00000010
+#define SEC_RIGHTS_CREATE_LINK 0x00000020
+#define SEC_RIGHTS_MAXIMUM_ALLOWED 0x02000000
+
+
+#define REG_KEY_READ \
+ ( STANDARD_RIGHTS_READ_ACCESS |\
+ SEC_RIGHTS_QUERY_VALUE |\
+ SEC_RIGHTS_ENUM_SUBKEYS |\
+ SEC_RIGHTS_NOTIFY )
+
+#define REG_KEY_EXECUTE REG_KEY_READ
+
+#define REG_KEY_WRITE \
+ ( STANDARD_RIGHTS_READ_ACCESS |\
+ SEC_RIGHTS_SET_VALUE |\
+ SEC_RIGHTS_CREATE_SUBKEY )
+
+#define REG_KEY_ALL \
+ ( STANDARD_RIGHTS_REQUIRED_ACCESS |\
+ REG_KEY_READ |\
+ REG_KEY_WRITE |\
+ SEC_RIGHTS_CREATE_LINK )
+
+
#endif /* _RPC_SECDES_H */
Modified: trunk/source/registry/regfio.c
===================================================================
--- trunk/source/registry/regfio.c 2005-05-19 16:38:04 UTC (rev 6909)
+++ trunk/source/registry/regfio.c 2005-05-19 17:00:41 UTC (rev 6910)
@@ -1756,7 +1756,9 @@
nk->sec_desc->sec_desc = sec_desc;
nk->sec_desc->ref_count = 0;
- nk->sec_desc->size = sec_desc_size(sec_desc);
+
+ /* size value must be self-inclusive */
+ nk->sec_desc->size = sec_desc_size(sec_desc) + sizeof(uint32);
DLIST_ADD_END( file->sec_desc_list, nk->sec_desc, tmp );
@@ -1797,7 +1799,7 @@
memcpy( nk->subkeys.header, "lf", REC_HDR_SIZE );
nk->subkeys.num_keys = nk->num_subkeys;
- if ( !(nk->subkeys.hashes = TALLOC_ARRAY( file->mem_ctx, REGF_HASH_REC, nk->subkeys.num_keys )) )
+ if ( !(nk->subkeys.hashes = TALLOC_ZERO_ARRAY( file->mem_ctx, REGF_HASH_REC, nk->subkeys.num_keys )) )
return NULL;
nk->subkey_index = 0;
Modified: trunk/source/rpc_server/srv_reg_nt.c
===================================================================
--- trunk/source/rpc_server/srv_reg_nt.c 2005-05-19 16:38:04 UTC (rev 6909)
+++ trunk/source/rpc_server/srv_reg_nt.c 2005-05-19 17:00:41 UTC (rev 6910)
@@ -41,7 +41,7 @@
/* no idea if this is correct, just use the file access bits for now */
-struct generic_mapping reg_map = { GENERIC_RIGHTS_FILE_READ, GENERIC_RIGHTS_FILE_WRITE, GENERIC_RIGHTS_FILE_EXECUTE, GENERIC_RIGHTS_FILE_ALL_ACCESS };
+struct generic_mapping reg_map = { REG_KEY_READ, REG_KEY_WRITE, REG_KEY_EXECUTE, REG_KEY_ALL };
static REGISTRY_KEY *regkeys_list;
@@ -875,12 +875,18 @@
static WERROR make_default_reg_sd( TALLOC_CTX *ctx, SEC_DESC **psd )
{
- DOM_SID adm_sid;
+ DOM_SID adm_sid, owner_sid;
SEC_ACE ace[2]; /* at most 2 entries */
SEC_ACCESS mask;
SEC_ACL *psa = NULL;
uint32 sd_size;
+ /* set the owner to BUILTIN\Administrator */
+
+ sid_copy(&owner_sid, &global_sid_Builtin);
+ sid_append_rid(&owner_sid, DOMAIN_USER_RID_ADMIN );
+
+
/* basic access for Everyone */
init_sec_access(&mask, reg_map.generic_execute | reg_map.generic_read );
@@ -898,7 +904,7 @@
if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 2, ace)) == NULL)
return WERR_NOMEM;
- if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL, psa, &sd_size)) == NULL)
+ if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, &owner_sid, NULL, NULL, psa, &sd_size)) == NULL)
return WERR_NOMEM;
return WERR_OK;
More information about the samba-cvs
mailing list