[SCM] Samba Shared Repository - branch v3-2-test updated -
initial-v3-2-test-2406-g2c66413
Michael Adam
obnox at samba.org
Mon Feb 18 16:43:06 GMT 2008
The branch, v3-2-test has been updated
via 2c66413de284fb4cb9dc7def0ee4eb07b986c9ca (commit)
via 194e00822c349aa0c11641672b35b0e0c021da08 (commit)
via 9f0448ca323a6645ad662c97d92a7e30320e0c11 (commit)
via 91dbe79df2636959381825af6ab8a66abd7f97a1 (commit)
via d87fb13959f84dfbbd3e1cc875f78d6e8ad44130 (commit)
via 52e98157650d8dbc9b3ebb55f995ca543839543b (commit)
from f1fb9fd6f14fc53629871cbe4b8558ad5acc14f0 (commit)
http://gitweb.samba.org/?samba.git;a=shortlog;h=v3-2-test
- Log -----------------------------------------------------------------
commit 2c66413de284fb4cb9dc7def0ee4eb07b986c9ca
Author: Michael Adam <obnox at samba.org>
Date: Mon Feb 18 16:34:39 2008 +0100
Remove (now) unused function make_default_reg_sd().
Michael
commit 194e00822c349aa0c11641672b35b0e0c021da08
Author: Michael Adam <obnox at samba.org>
Date: Mon Feb 18 16:33:47 2008 +0100
Grab secdesc for key from registry for reg_savekey()
instead of construction another default secdesc.
Michael
commit 9f0448ca323a6645ad662c97d92a7e30320e0c11
Author: Michael Adam <obnox at samba.org>
Date: Mon Feb 18 16:03:16 2008 +0100
Add NT Authority\System as group sid to default registry key security descriptor.
Michael
commit 91dbe79df2636959381825af6ab8a66abd7f97a1
Author: Michael Adam <obnox at samba.org>
Date: Mon Feb 18 14:55:48 2008 +0100
Change construct_registry_sd() to return WERROR instead of the SEC_DESC *.
Michael
commit d87fb13959f84dfbbd3e1cc875f78d6e8ad44130
Author: Michael Adam <obnox at samba.org>
Date: Mon Feb 18 14:44:51 2008 +0100
Reformat construct_registry_sd() slightly (stick to coding rules).
Michael
commit 52e98157650d8dbc9b3ebb55f995ca543839543b
Author: Michael Adam <obnox at samba.org>
Date: Mon Feb 18 15:51:56 2008 +0100
Use BUILTIN\administrators as owner of the default registry key security descriptor.
Michael
-----------------------------------------------------------------------
Summary of changes:
source/registry/reg_api.c | 67 +++++--------------------------------
source/registry/reg_dispatcher.c | 47 ++++++++++++++++----------
2 files changed, 38 insertions(+), 76 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/registry/reg_api.c b/source/registry/reg_api.c
index aba5735..e52aaac 100644
--- a/source/registry/reg_api.c
+++ b/source/registry/reg_api.c
@@ -835,7 +835,7 @@ WERROR reg_restorekey(struct registry_key *key, const char *fname)
********************************************************************/
static WERROR reg_write_tree(REGF_FILE *regfile, const char *keypath,
- REGF_NK_REC *parent, SEC_DESC *sec_desc)
+ REGF_NK_REC *parent)
{
REGF_NK_REC *key;
REGVAL_CTR *values;
@@ -847,6 +847,7 @@ static WERROR reg_write_tree(REGF_FILE *regfile, const char *keypath,
char *subkeyname;
REGISTRY_KEY registry_key;
WERROR result = WERR_OK;
+ SEC_DESC *sec_desc = NULL;
if (!regfile) {
return WERR_GENERAL_FAILURE;
@@ -899,6 +900,11 @@ static WERROR reg_write_tree(REGF_FILE *regfile, const char *keypath,
fetch_reg_keys(®istry_key, subkeys);
fetch_reg_values(®istry_key, values);
+ result = regkey_get_secdesc(regfile->mem_ctx, ®istry_key, &sec_desc);
+ if (!W_ERROR_IS_OK(result)) {
+ goto done;
+ }
+
/* write out this key */
key = regfio_write_key(regfile, keyname, values, subkeys, sec_desc,
@@ -919,7 +925,7 @@ static WERROR reg_write_tree(REGF_FILE *regfile, const char *keypath,
result = WERR_NOMEM;
goto done;
}
- result = reg_write_tree(regfile, subkeypath, key, sec_desc);
+ result = reg_write_tree(regfile, subkeypath, key);
if (!W_ERROR_IS_OK(result))
goto done;
}
@@ -933,59 +939,10 @@ done:
return result;
}
-static const struct generic_mapping reg_generic_map =
- { REG_KEY_READ, REG_KEY_WRITE, REG_KEY_EXECUTE, REG_KEY_ALL };
-
-static WERROR make_default_reg_sd(TALLOC_CTX *ctx, SEC_DESC **psd)
-{
- DOM_SID adm_sid, owner_sid;
- SEC_ACE ace[2]; /* at most 2 entries */
- SEC_ACCESS mask;
- SEC_ACL *psa = NULL;
- size_t sd_size;
-
- /* set the owner to BUILTIN\Administrator */
-
- sid_copy(&owner_sid, &global_sid_Builtin);
- sid_append_rid(&owner_sid, DOMAIN_USER_RID_ADMIN );
-
-
- /* basic access for Everyone */
-
- init_sec_access(&mask, reg_generic_map.generic_execute
- | reg_generic_map.generic_read);
- init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED,
- mask, 0);
-
- /* add Full Access 'BUILTIN\Administrators' */
-
- init_sec_access(&mask, reg_generic_map.generic_all);
- sid_copy(&adm_sid, &global_sid_Builtin);
- sid_append_rid(&adm_sid, BUILTIN_ALIAS_RID_ADMINS);
- init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
-
- /* create the security descriptor */
-
- psa = make_sec_acl(ctx, NT4_ACL_REVISION, 2, ace);
- if (psa == NULL) {
- return WERR_NOMEM;
- }
-
- *psd = make_sec_desc(ctx, SECURITY_DESCRIPTOR_REVISION_1,
- SEC_DESC_SELF_RELATIVE, &owner_sid, NULL,
- NULL, psa, &sd_size);
- if (*psd == NULL) {
- return WERR_NOMEM;
- }
-
- return WERR_OK;
-}
-
static WERROR backup_registry_key(REGISTRY_KEY *krecord, const char *fname)
{
REGF_FILE *regfile;
WERROR result;
- SEC_DESC *sd = NULL;
/* open the registry file....fail if the file already exists */
@@ -997,15 +954,9 @@ static WERROR backup_registry_key(REGISTRY_KEY *krecord, const char *fname)
return ntstatus_to_werror(map_nt_error_from_unix(errno));
}
- result = make_default_reg_sd(regfile->mem_ctx, &sd);
- if (!W_ERROR_IS_OK(result)) {
- regfio_close(regfile);
- return result;
- }
-
/* write the registry tree to the file */
- result = reg_write_tree(regfile, krecord->name, NULL, sd);
+ result = reg_write_tree(regfile, krecord->name, NULL);
/* cleanup */
diff --git a/source/registry/reg_dispatcher.c b/source/registry/reg_dispatcher.c
index e6e7613..cdcd045 100644
--- a/source/registry/reg_dispatcher.c
+++ b/source/registry/reg_dispatcher.c
@@ -34,7 +34,7 @@ static const struct generic_mapping reg_generic_map =
/********************************************************************
********************************************************************/
-static SEC_DESC* construct_registry_sd( TALLOC_CTX *ctx )
+static WERROR construct_registry_sd(TALLOC_CTX *ctx, SEC_DESC **psd)
{
SEC_ACE ace[3];
SEC_ACCESS mask;
@@ -45,28 +45,39 @@ static SEC_DESC* construct_registry_sd( TALLOC_CTX *ctx )
/* basic access for Everyone */
- init_sec_access(&mask, REG_KEY_READ );
- init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+ init_sec_access(&mask, REG_KEY_READ);
+ init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED,
+ mask, 0);
/* Full Access 'BUILTIN\Administrators' */
- init_sec_access(&mask, REG_KEY_ALL );
- init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+ init_sec_access(&mask, REG_KEY_ALL);
+ init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators,
+ SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
/* Full Access 'NT Authority\System' */
init_sec_access(&mask, REG_KEY_ALL );
- init_sec_ace(&ace[i++], &global_sid_System, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+ init_sec_ace(&ace[i++], &global_sid_System, SEC_ACE_TYPE_ACCESS_ALLOWED,
+ mask, 0);
/* create the security descriptor */
- if ( !(acl = make_sec_acl(ctx, NT4_ACL_REVISION, i, ace)) )
- return NULL;
+ acl = make_sec_acl(ctx, NT4_ACL_REVISION, i, ace);
+ if (acl == NULL) {
+ return WERR_NOMEM;
+ }
- if ( !(sd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL, acl, &sd_size)) )
- return NULL;
+ sd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE,
+ &global_sid_Builtin_Administrators,
+ &global_sid_System, NULL, acl,
+ &sd_size);
+ if (sd == NULL) {
+ return WERR_NOMEM;
+ }
- return sd;
+ *psd = sd;
+ return WERR_OK;
}
/***********************************************************************
@@ -176,19 +187,19 @@ WERROR regkey_get_secdesc(TALLOC_CTX *mem_ctx, REGISTRY_KEY *key,
struct security_descriptor **psecdesc)
{
struct security_descriptor *secdesc;
+ WERROR werr;
if (key->hook && key->hook->ops && key->hook->ops->get_secdesc) {
- WERROR err;
-
- err = key->hook->ops->get_secdesc(mem_ctx, key->name,
- psecdesc);
- if (W_ERROR_IS_OK(err)) {
+ werr = key->hook->ops->get_secdesc(mem_ctx, key->name,
+ psecdesc);
+ if (W_ERROR_IS_OK(werr)) {
return WERR_OK;
}
}
- if (!(secdesc = construct_registry_sd(mem_ctx))) {
- return WERR_NOMEM;
+ werr = construct_registry_sd(mem_ctx, &secdesc);
+ if (!W_ERROR_IS_OK(werr)) {
+ return werr;
}
*psecdesc = secdesc;
--
Samba Shared Repository
More information about the samba-cvs
mailing list