[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-test-2406-g2c66413

Michael Adam obnox at samba.org
Mon Feb 18 16:43:06 GMT 2008


The branch, v3-2-test has been updated
       via  2c66413de284fb4cb9dc7def0ee4eb07b986c9ca (commit)
       via  194e00822c349aa0c11641672b35b0e0c021da08 (commit)
       via  9f0448ca323a6645ad662c97d92a7e30320e0c11 (commit)
       via  91dbe79df2636959381825af6ab8a66abd7f97a1 (commit)
       via  d87fb13959f84dfbbd3e1cc875f78d6e8ad44130 (commit)
       via  52e98157650d8dbc9b3ebb55f995ca543839543b (commit)
      from  f1fb9fd6f14fc53629871cbe4b8558ad5acc14f0 (commit)

http://gitweb.samba.org/?samba.git;a=shortlog;h=v3-2-test


- Log -----------------------------------------------------------------
commit 2c66413de284fb4cb9dc7def0ee4eb07b986c9ca
Author: Michael Adam <obnox at samba.org>
Date:   Mon Feb 18 16:34:39 2008 +0100

    Remove (now) unused function make_default_reg_sd().
    
    Michael

commit 194e00822c349aa0c11641672b35b0e0c021da08
Author: Michael Adam <obnox at samba.org>
Date:   Mon Feb 18 16:33:47 2008 +0100

    Grab secdesc for key from registry for reg_savekey()
    
    instead of construction another default secdesc.
    
    Michael

commit 9f0448ca323a6645ad662c97d92a7e30320e0c11
Author: Michael Adam <obnox at samba.org>
Date:   Mon Feb 18 16:03:16 2008 +0100

    Add NT Authority\System as group sid to default registry key security descriptor.
    
    Michael

commit 91dbe79df2636959381825af6ab8a66abd7f97a1
Author: Michael Adam <obnox at samba.org>
Date:   Mon Feb 18 14:55:48 2008 +0100

    Change construct_registry_sd() to return WERROR instead of the SEC_DESC *.
    
    Michael

commit d87fb13959f84dfbbd3e1cc875f78d6e8ad44130
Author: Michael Adam <obnox at samba.org>
Date:   Mon Feb 18 14:44:51 2008 +0100

    Reformat construct_registry_sd() slightly (stick to coding rules).
    
    Michael

commit 52e98157650d8dbc9b3ebb55f995ca543839543b
Author: Michael Adam <obnox at samba.org>
Date:   Mon Feb 18 15:51:56 2008 +0100

    Use BUILTIN\administrators as owner of the default registry key security descriptor.
    
    Michael

-----------------------------------------------------------------------

Summary of changes:
 source/registry/reg_api.c        |   67 +++++--------------------------------
 source/registry/reg_dispatcher.c |   47 ++++++++++++++++----------
 2 files changed, 38 insertions(+), 76 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/registry/reg_api.c b/source/registry/reg_api.c
index aba5735..e52aaac 100644
--- a/source/registry/reg_api.c
+++ b/source/registry/reg_api.c
@@ -835,7 +835,7 @@ WERROR reg_restorekey(struct registry_key *key, const char *fname)
 ********************************************************************/
 
 static WERROR reg_write_tree(REGF_FILE *regfile, const char *keypath,
-			     REGF_NK_REC *parent, SEC_DESC *sec_desc)
+			     REGF_NK_REC *parent)
 {
 	REGF_NK_REC *key;
 	REGVAL_CTR *values;
@@ -847,6 +847,7 @@ static WERROR reg_write_tree(REGF_FILE *regfile, const char *keypath,
 	char *subkeyname;
 	REGISTRY_KEY registry_key;
 	WERROR result = WERR_OK;
+	SEC_DESC *sec_desc = NULL;
 
 	if (!regfile) {
 		return WERR_GENERAL_FAILURE;
@@ -899,6 +900,11 @@ static WERROR reg_write_tree(REGF_FILE *regfile, const char *keypath,
 	fetch_reg_keys(&registry_key, subkeys);
 	fetch_reg_values(&registry_key, values);
 
+	result = regkey_get_secdesc(regfile->mem_ctx, &registry_key, &sec_desc);
+	if (!W_ERROR_IS_OK(result)) {
+		goto done;
+	}
+
 	/* write out this key */
 
 	key = regfio_write_key(regfile, keyname, values, subkeys, sec_desc,
@@ -919,7 +925,7 @@ static WERROR reg_write_tree(REGF_FILE *regfile, const char *keypath,
 			result = WERR_NOMEM;
 			goto done;
 		}
-		result = reg_write_tree(regfile, subkeypath, key, sec_desc);
+		result = reg_write_tree(regfile, subkeypath, key);
 		if (!W_ERROR_IS_OK(result))
 			goto done;
 	}
@@ -933,59 +939,10 @@ done:
 	return result;
 }
 
-static const struct generic_mapping reg_generic_map =
-	{ REG_KEY_READ, REG_KEY_WRITE, REG_KEY_EXECUTE, REG_KEY_ALL };
-
-static WERROR make_default_reg_sd(TALLOC_CTX *ctx, SEC_DESC **psd)
-{
-	DOM_SID adm_sid, owner_sid;
-	SEC_ACE ace[2];         /* at most 2 entries */
-	SEC_ACCESS mask;
-	SEC_ACL *psa = NULL;
-	size_t sd_size;
-
-	/* set the owner to BUILTIN\Administrator */
-
-	sid_copy(&owner_sid, &global_sid_Builtin);
-	sid_append_rid(&owner_sid, DOMAIN_USER_RID_ADMIN );
-	
-
-	/* basic access for Everyone */
-
-	init_sec_access(&mask, reg_generic_map.generic_execute
-			       | reg_generic_map.generic_read);
-	init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED,
-		     mask, 0);
-
-	/* add Full Access 'BUILTIN\Administrators' */
-
-	init_sec_access(&mask, reg_generic_map.generic_all);
-	sid_copy(&adm_sid, &global_sid_Builtin);
-	sid_append_rid(&adm_sid, BUILTIN_ALIAS_RID_ADMINS);
-	init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
-
-	/* create the security descriptor */
-
-	psa = make_sec_acl(ctx, NT4_ACL_REVISION, 2, ace);
-	if (psa == NULL) {
-		return WERR_NOMEM;
-	}
-
-	*psd = make_sec_desc(ctx, SECURITY_DESCRIPTOR_REVISION_1,
-			     SEC_DESC_SELF_RELATIVE, &owner_sid, NULL,
-			     NULL, psa, &sd_size);
-	if (*psd == NULL) {
-		return WERR_NOMEM;
-	}
-
-	return WERR_OK;
-}
-
 static WERROR backup_registry_key(REGISTRY_KEY *krecord, const char *fname)
 {
 	REGF_FILE *regfile;
 	WERROR result;
-	SEC_DESC *sd = NULL;
 
 	/* open the registry file....fail if the file already exists */
 
@@ -997,15 +954,9 @@ static WERROR backup_registry_key(REGISTRY_KEY *krecord, const char *fname)
 		return ntstatus_to_werror(map_nt_error_from_unix(errno));
 	}
 
-	result = make_default_reg_sd(regfile->mem_ctx, &sd);
-	if (!W_ERROR_IS_OK(result)) {
-		regfio_close(regfile);
-		return result;
-	}
-
 	/* write the registry tree to the file  */
 
-	result = reg_write_tree(regfile, krecord->name, NULL, sd);
+	result = reg_write_tree(regfile, krecord->name, NULL);
 
 	/* cleanup */
 
diff --git a/source/registry/reg_dispatcher.c b/source/registry/reg_dispatcher.c
index e6e7613..cdcd045 100644
--- a/source/registry/reg_dispatcher.c
+++ b/source/registry/reg_dispatcher.c
@@ -34,7 +34,7 @@ static const struct generic_mapping reg_generic_map =
 /********************************************************************
 ********************************************************************/
 
-static SEC_DESC* construct_registry_sd( TALLOC_CTX *ctx )
+static WERROR construct_registry_sd(TALLOC_CTX *ctx, SEC_DESC **psd)
 {
 	SEC_ACE ace[3];
 	SEC_ACCESS mask;
@@ -45,28 +45,39 @@ static SEC_DESC* construct_registry_sd( TALLOC_CTX *ctx )
 
 	/* basic access for Everyone */
 
-	init_sec_access(&mask, REG_KEY_READ );
-	init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+	init_sec_access(&mask, REG_KEY_READ);
+	init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED,
+		     mask, 0);
 
 	/* Full Access 'BUILTIN\Administrators' */
 
-	init_sec_access(&mask, REG_KEY_ALL );
-	init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+	init_sec_access(&mask, REG_KEY_ALL);
+	init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators,
+		     SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
 
 	/* Full Access 'NT Authority\System' */
 
 	init_sec_access(&mask, REG_KEY_ALL );
-	init_sec_ace(&ace[i++], &global_sid_System, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+	init_sec_ace(&ace[i++], &global_sid_System, SEC_ACE_TYPE_ACCESS_ALLOWED,
+		     mask, 0);
 
 	/* create the security descriptor */
 
-	if ( !(acl = make_sec_acl(ctx, NT4_ACL_REVISION, i, ace)) )
-		return NULL;
+	acl = make_sec_acl(ctx, NT4_ACL_REVISION, i, ace);
+	if (acl == NULL) {
+		return WERR_NOMEM;
+	}
 
-	if ( !(sd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL, acl, &sd_size)) )
-		return NULL;
+	sd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE,
+			   &global_sid_Builtin_Administrators,
+			   &global_sid_System, NULL, acl,
+			   &sd_size);
+	if (sd == NULL) {
+		return WERR_NOMEM;
+	}
 
-	return sd;
+	*psd = sd;
+	return WERR_OK;
 }
 
 /***********************************************************************
@@ -176,19 +187,19 @@ WERROR regkey_get_secdesc(TALLOC_CTX *mem_ctx, REGISTRY_KEY *key,
 			  struct security_descriptor **psecdesc)
 {
 	struct security_descriptor *secdesc;
+	WERROR werr;
 
 	if (key->hook && key->hook->ops && key->hook->ops->get_secdesc) {
-		WERROR err;
-
-		err = key->hook->ops->get_secdesc(mem_ctx, key->name,
-						  psecdesc);
-		if (W_ERROR_IS_OK(err)) {
+		werr = key->hook->ops->get_secdesc(mem_ctx, key->name,
+						   psecdesc);
+		if (W_ERROR_IS_OK(werr)) {
 			return WERR_OK;
 		}
 	}
 
-	if (!(secdesc = construct_registry_sd(mem_ctx))) {
-		return WERR_NOMEM;
+	werr = construct_registry_sd(mem_ctx, &secdesc);
+	if (!W_ERROR_IS_OK(werr)) {
+		return werr;
 	}
 
 	*psecdesc = secdesc;


-- 
Samba Shared Repository


More information about the samba-cvs mailing list