r14599: Pass ACLs down the registry layer.

source/gtk/tools/gregedit.c

@@ -349,7 +349,7 @@ static void on_open_file_activate (GtkMenuItem *menuitem, gpointer user_data)
 	switch(result) {
 	case GTK_RESPONSE_OK:
 		filename = strdup(gtk_file_selection_get_filename(GTK_FILE_SELECTION(openfilewin)));
-		error = reg_open_hive(NULL, user_data, filename, NULL, &root);
+		error = reg_open_hive(NULL, user_data, filename, NULL, NULL, &root);
 		if(!W_ERROR_IS_OK(error)) {
 			gtk_show_werror(mainwin, "Error while opening hive", error);
 			break;
@@ -371,7 +371,7 @@ static void on_open_file_activate (GtkMenuItem *menuitem, gpointer user_data)
 static void on_open_gconf_activate(GtkMenuItem *menuitem, gpointer user_data)
 {
 	struct registry_key *root;
-	WERROR error = reg_open_hive(NULL, "gconf", NULL, NULL, &root);
+	WERROR error = reg_open_hive(NULL, "gconf", NULL, NULL, NULL, &root);
 	if(!W_ERROR_IS_OK(error)) {
 		gtk_show_werror(mainwin, "Error while opening GConf", error);
 		return;
@@ -385,7 +385,7 @@ static void on_open_gconf_activate(GtkMenuItem *menuitem, gpointer user_data)
 
 static void on_open_local_activate(GtkMenuItem *menuitem, gpointer user_data)
 {
-	WERROR error = reg_open_local(&registry);
+	WERROR error = reg_open_local(&registry, NULL, NULL);
 	if(!W_ERROR_IS_OK(error)) {
 		gtk_show_werror(mainwin, "Error while opening local registry", error);
 		return;
@@ -412,6 +412,7 @@ static void on_open_remote_activate(GtkMenuItem *menuitem, gpointer user_data)
 	cli_credentials_set_gtk_callbacks(creds);
 
 	error = reg_open_remote(&registry, 
+				NULL,
 				creds,
 				gtk_rpc_binding_dialog_get_binding_string(GTK_RPC_BINDING_DIALOG(rpcwin), mem_ctx),
 				NULL);
@@ -952,7 +953,7 @@ static GtkWidget* create_savefilewin (void)
 
 static int gregedit_load_defaults(void)
 {
-	WERROR error = reg_open_local(&registry);
+	WERROR error = reg_open_local(&registry, NULL, NULL);
 	if(!W_ERROR_IS_OK(error)) {
 		gtk_show_werror(mainwin, "Error while loading local registry", error);
 		return -1;

source/lib/ldb/common/ldb.c

@@ -106,7 +106,7 @@ int ldb_connect(struct ldb_context *ldb, const char *url, unsigned int flags, co
 	ldb_connect_fn fn;
 
 	if (strchr(url, ':') != NULL) {
-		backend = talloc_strndup(ldb, url, strchr(url, ':')-url-1);
+		backend = talloc_strndup(ldb, url, strchr(url, ':')-url);
 	} else {
 		/* Default to tdb */
 		backend = talloc_strdup(ldb, "tdb");

source/lib/registry/common/reg_interface.c

@@ -161,7 +161,7 @@ _PUBLIC_ WERROR reg_get_predefined_key(struct registry_context *ctx, uint32_t hk
 }
 
 /** Open a registry file/host/etc */
-_PUBLIC_ WERROR reg_open_hive(TALLOC_CTX *parent_ctx, const char *backend, const char *location, const char *credentials, struct registry_key **root)
+_PUBLIC_ WERROR reg_open_hive(TALLOC_CTX *parent_ctx, const char *backend, const char *location, struct auth_session_info *session_info, struct cli_credentials *credentials, struct registry_key **root)
 {
 	struct registry_hive *rethive;
 	struct registry_key *retkey = NULL;
@@ -181,6 +181,8 @@ _PUBLIC_ WERROR reg_open_hive(TALLOC_CTX *parent_ctx, const char *backend, const
 	
 	rethive = talloc(parent_ctx, struct registry_hive);
 	rethive->location = location?talloc_strdup(rethive, location):NULL;
+	rethive->session_info = talloc_reference(rethive, session_info);
+	rethive->credentials = talloc_reference(rethive, credentials);
 	rethive->functions = entry->hive_functions;
 	rethive->backend_data = NULL;
 

source/lib/registry/reg_backend_ldb.c

@@ -262,8 +262,8 @@ static WERROR ldb_open_hive(struct registry_hive *hive, struct registry_key **k)
 	struct ldb_context *wrap;
 
 	if (!hive->location) return WERR_INVALID_PARAM;
-	/* TODO: Support remoting with credentials and ACLs with session tokens */
+
-	wrap = ldb_wrap_connect(hive, hive->location, NULL, NULL, 0, NULL);
+	wrap = ldb_wrap_connect(hive, hive->location, hive->session_info, hive->credentials, 0, NULL);
 
 	if(!wrap) {
 		DEBUG(1, ("ldb_open_hive: unable to connect\n"));

source/lib/registry/reg_backend_rpc.c

@@ -356,7 +356,7 @@ static struct hive_operations reg_backend_rpc = {
 	.num_values = rpc_num_values,
 };
 
-_PUBLIC_ WERROR reg_open_remote(struct registry_context **ctx, struct cli_credentials *credentials, 
+_PUBLIC_ WERROR reg_open_remote(struct registry_context **ctx, struct auth_session_info *session_info, struct cli_credentials *credentials, 
 		       const char *location, struct event_context *ev)
 {
 	NTSTATUS status;

source/lib/registry/reg_samba.c

@@ -61,16 +61,18 @@ static WERROR reg_samba_get_predef (struct registry_context *ctx, uint32_t hkey,
 
 	/* FIXME: HKEY_LOCAL_MACHINE\Security\SAM is an alias for HKEY_LOCAL_MACHINE\SAM */
 
-	error = reg_open_hive(ctx, backend, location, NULL, k);
+	error = reg_open_hive(ctx, backend, location, ctx->session_info, ctx->credentials, k);
 
 	talloc_free(backend);
 
 	return error;
 }
 
-_PUBLIC_ WERROR reg_open_local (struct registry_context **ctx)
+_PUBLIC_ WERROR reg_open_local (struct registry_context **ctx, struct auth_session_info *session_info, struct cli_credentials *credentials)
 {
 	*ctx = talloc(NULL, struct registry_context);
+	(*ctx)->credentials = talloc_reference(*ctx, credentials);
+	(*ctx)->session_info = talloc_reference(*ctx, session_info);
 	(*ctx)->get_predefined_key = reg_samba_get_predef;
 	
 	return WERR_OK;

source/lib/registry/regf.idl

@@ -17,6 +17,7 @@ interface regf
 
 	/* 
 	 * Registry version number
+	 * 1.2.0.1 for WinNT 3.51
 	 * 1.3.0.1 for WinNT 4
 	 * 1.5.0.1 for WinXP
 	 */

source/lib/registry/registry.h

@@ -125,6 +125,8 @@ struct registry_hive
 {
 	const struct hive_operations *functions;
 	struct registry_key *root;
+	struct auth_session_info *session_info;
+	struct cli_credentials *credentials;
 	void *backend_data;
 	const char *location;
 };
@@ -133,6 +135,8 @@ struct registry_hive
  * contains zero or more hives */
 struct registry_context {
     void *backend_data;
+	struct cli_credentials *credentials;
+	struct auth_session_info *session_info;
 	WERROR (*get_predefined_key) (struct registry_context *, uint32_t hkey, struct registry_key **);
 };
 
@@ -164,6 +168,8 @@ struct reg_diff
 	struct reg_diff_key *keys;
 };
 
+struct auth_session_info;
+
 #include "lib/registry/registry_proto.h"
 
 #endif /* _REGISTRY_H */

source/lib/registry/tools/regdiff.c

@@ -54,14 +54,14 @@ int main(int argc, char **argv)
 		error = WERR_OK;
 		switch(opt)	{
 		case 'L':
-			if (!h1 && !from_null) error = reg_open_local(&h1);
+			if (!h1 && !from_null) error = reg_open_local(&h1, NULL, cmdline_credentials);
-			else if (!h2) error = reg_open_local(&h2);
+			else if (!h2) error = reg_open_local(&h2, NULL, cmdline_credentials);
 			break;
 		case 'R':
 			if (!h1 && !from_null) 
-				error = reg_open_remote(&h1, cmdline_credentials, 
+				error = reg_open_remote(&h1, NULL, cmdline_credentials, 
 							poptGetOptArg(pc), NULL);
-			else if (!h2) error = reg_open_remote(&h2, cmdline_credentials, 
+			else if (!h2) error = reg_open_remote(&h2, NULL, cmdline_credentials, 
 							      poptGetOptArg(pc), NULL);
 			break;
 		}

source/lib/registry/tools/regpatch.c

@@ -50,9 +50,9 @@ int main(int argc, char **argv)
 	}
 
 	if (remote) {
-		error = reg_open_remote (&h, cmdline_credentials, remote, NULL);
+		error = reg_open_remote (&h, NULL, cmdline_credentials, remote, NULL);
 	} else {
-		error = reg_open_local (&h);
+		error = reg_open_local (&h, NULL, cmdline_credentials);
 	}
 
 	if (W_ERROR_IS_OK(error)) {

source/lib/registry/tools/regshell.c

@@ -426,11 +426,11 @@ static char **reg_completion(const char *text, int start, int end)
 	}
 
 	if (remote) {
-		error = reg_open_remote (&h, cmdline_credentials, remote, NULL); 
+		error = reg_open_remote (&h, NULL, cmdline_credentials, remote, NULL); 
 	} else if (backend) {
-		error = reg_open_hive(NULL, backend, poptGetArg(pc), NULL, &curkey);
+		error = reg_open_hive(NULL, backend, poptGetArg(pc), NULL, cmdline_credentials, &curkey);
 	} else {
-		error = reg_open_local(&h);
+		error = reg_open_local(&h, NULL, cmdline_credentials);
 	}
 
 	if(!W_ERROR_IS_OK(error)) {

source/lib/registry/tools/regtree.c

@@ -107,11 +107,11 @@ int main(int argc, char **argv)
 	}
 
 	if (remote) {
-		error = reg_open_remote(&h, cmdline_credentials, remote, NULL);
+		error = reg_open_remote(&h, NULL, cmdline_credentials, remote, NULL);
 	} else if (backend) {
-	    error = reg_open_hive(NULL, backend, poptGetArg(pc), NULL, &root);
+	    error = reg_open_hive(NULL, backend, poptGetArg(pc), NULL, cmdline_credentials, &root);
 	} else {
-		error = reg_open_local (&h);
+		error = reg_open_local (&h, NULL, cmdline_credentials);
 	}
 
 	if(!W_ERROR_IS_OK(error)) {

source/rpc_server/winreg/rpc_winreg.c

@@ -32,7 +32,7 @@ enum handle_types { HTYPE_REGVAL, HTYPE_REGKEY };
 static NTSTATUS dcerpc_winreg_bind(struct dcesrv_call_state *dce_call, const struct dcesrv_interface *iface)
 {
 	struct registry_context *ctx;
-	reg_open_local(&ctx);
+	reg_open_local(&ctx, dce_call->conn->auth_state.session_info, NULL);
 
 	dce_call->context->private = ctx;
 

source/torture/local/registry.c

@@ -22,6 +22,7 @@
 
 #include "includes.h"
 #include "lib/registry/registry.h"
+#include "lib/cmdline/popt_common.h"
 
 static BOOL test_hive(TALLOC_CTX *mem_ctx, const char *backend, const char *location)
 {
@@ -34,7 +35,7 @@ static BOOL test_hive(TALLOC_CTX *mem_ctx, const char *backend, const char *loca
 		return True;
 	}
 
-	error = reg_open_hive(mem_ctx, backend, location, NULL, &root);
+	error = reg_open_hive(mem_ctx, backend, location, NULL, cmdline_credentials, &root);
 	if (!W_ERROR_IS_OK(error)) {
 		printf("reg_open_hive() failed\n"); 
 		return False;