svn commit: samba r10222 - in trunk/source/rpc_server: .
jerry at samba.org
jerry at samba.org
Wed Sep 14 12:53:18 GMT 2005
Author: jerry
Date: 2005-09-14 12:53:18 +0000 (Wed, 14 Sep 2005)
New Revision: 10222
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=10222
Log:
* remove additional regkey_access_check() from _reg_delete_key
* check for DELETE access on the requested handle and not on the
immediate parent.
Modified:
trunk/source/rpc_server/srv_reg_nt.c
Changeset:
Modified: trunk/source/rpc_server/srv_reg_nt.c
===================================================================
--- trunk/source/rpc_server/srv_reg_nt.c 2005-09-14 12:49:24 UTC (rev 10221)
+++ trunk/source/rpc_server/srv_reg_nt.c 2005-09-14 12:53:18 UTC (rev 10222)
@@ -1189,6 +1189,15 @@
if ( !parent )
return WERR_BADFID;
+
+ /* MSDN says parent the handle must have been opened with DELETE access */
+
+ /* (1) check for delete rights on the parent */
+
+ if ( !(parent->access_granted & STD_RIGHT_DELETE_ACCESS) ) {
+ result = WERR_ACCESS_DENIED;
+ goto done;
+ }
rpcstr_pull( name, q_u->name.string->buffer, sizeof(name), q_u->name.string->uni_str_len*2, 0 );
@@ -1197,47 +1206,24 @@
if ( strrchr( name, '\\' ) ) {
pstring newkeyname;
char *ptr;
- uint32 access_granted;
- /* (1) check for enumerate rights on the parent handle. CLients can try
- create things like 'SOFTWARE\Samba' on the HKLM handle.
- (2) open the path to the child parent key if necessary */
+ /* (2) open the path to the child parent key if necessary */
+ /* split the registry path and save the subkeyname */
- if ( !(parent->access_granted & SEC_RIGHTS_ENUM_SUBKEYS) )
- return WERR_ACCESS_DENIED;
-
pstrcpy( newkeyname, name );
ptr = strrchr( newkeyname, '\\' );
*ptr = '\0';
+ pstrcpy( name, ptr+1 );
- result = open_registry_key( p, &newparent_handle, &newparentinfo, parent, newkeyname, 0 );
+ result = open_registry_key( p, &newparent_handle, &newparentinfo, parent, newkeyname, (REG_KEY_READ|REG_KEY_WRITE) );
if ( !W_ERROR_IS_OK(result) )
return result;
-
- if ( !regkey_access_check( newparentinfo, REG_KEY_READ|REG_KEY_WRITE, &access_granted, p->pipe_user.nt_user_token ) ) {
- result = WERR_ACCESS_DENIED;
- goto done;
- }
-
- newparentinfo->access_granted = access_granted;
-
- /* copy the new key name (just the lower most keyname) */
-
- pstrcpy( name, ptr+1 );
}
else {
/* use the existing open key information */
newparentinfo = parent;
- memcpy( &newparent_handle, &q_u->handle, sizeof(POLICY_HND) );
}
- /* (3) check for delete rights on the correct parent */
-
- if ( !(newparentinfo->access_granted & STD_RIGHT_DELETE_ACCESS) ) {
- result = WERR_ACCESS_DENIED;
- goto done;
- }
-
if ( !(subkeys = TALLOC_ZERO_P( p->mem_ctx, REGSUBKEY_CTR )) ) {
result = WERR_NOMEM;
goto done;
More information about the samba-cvs
mailing list