diff --git a/source/lib/registry/interface.c b/source/lib/registry/interface.c index 4d75e99f005..4950e1dacda 100644 --- a/source/lib/registry/interface.c +++ b/source/lib/registry/interface.c @@ -275,3 +275,28 @@ _PUBLIC_ WERROR reg_key_flush(struct registry_key *key) return key->context->ops->flush_key(key); } + +_PUBLIC_ WERROR reg_get_security(TALLOC_CTX *mem_ctx, + const struct registry_key *key, + struct security_descriptor **security) +{ + if (key == NULL) + return WERR_INVALID_PARAM; + + if (key->context->ops->get_security == NULL) + return WERR_NOT_SUPPORTED; + + return key->context->ops->get_security(mem_ctx, key, security); +} + +_PUBLIC_ WERROR reg_set_security(struct registry_key *key, + struct security_descriptor *security) +{ + if (key == NULL) + return WERR_INVALID_PARAM; + + if (key->context->ops->set_security == NULL) + return WERR_NOT_SUPPORTED; + + return key->context->ops->set_security(key, security); +} diff --git a/source/lib/registry/registry.h b/source/lib/registry/registry.h index 9839786e012..616bbb82dcd 100644 --- a/source/lib/registry/registry.h +++ b/source/lib/registry/registry.h @@ -269,6 +269,12 @@ struct registry_key *reg_import_hive_key(struct registry_context *ctx, struct hive_key *hive, uint32_t predef_key, const char **elements); +WERROR reg_get_security(TALLOC_CTX *mem_ctx, + const struct registry_key *key, + struct security_descriptor **security); + +WERROR reg_set_security(struct registry_key *key, + struct security_descriptor *security); #endif /* _REGISTRY_H */ diff --git a/source/lib/registry/tests/registry.c b/source/lib/registry/tests/registry.c index dfc8e09d576..fd2e98eac89 100644 --- a/source/lib/registry/tests/registry.c +++ b/source/lib/registry/tests/registry.c @@ -25,6 +25,7 @@ #include "lib/cmdline/popt_common.h" #include "torture/torture.h" #include "librpc/gen_ndr/winreg.h" +#include "libcli/security/security.h" #include "system/filesys.h" NTSTATUS torture_temp_dir(struct torture_context *tctx, const char *prefix, @@ -365,6 +366,40 @@ static bool test_set_value(struct torture_context *tctx, const void *_data) return true; } +/** + * Test getting/setting security descriptors + */ +static bool test_security(struct torture_context *tctx, const void *_data) +{ + const struct registry_context *rctx = _data; + struct registry_key *subkey = NULL, *root; + WERROR error; + uint32_t data = 42; + struct security_descriptor *osd, *nsd; + + if (!create_test_key(tctx, rctx, "Düsseldorf", &root, &subkey)) + return false; + + osd = security_descriptor_create(tctx, + NULL, NULL, + SID_NT_AUTHENTICATED_USERS, + SEC_ACE_TYPE_ACCESS_ALLOWED, + SEC_GENERIC_ALL, + SEC_ACE_FLAG_OBJECT_INHERIT, + NULL); + + error = reg_set_security(subkey, osd); + torture_assert_werr_ok(tctx, error, "setting security"); + + error = reg_get_security(tctx, subkey, &nsd); + torture_assert_werr_ok (tctx, error, "setting security"); + + torture_assert(tctx, security_descriptor_equal(osd, nsd), + "security descriptor changed!"); + + return true; +} + /** * Test getting a value */ @@ -524,6 +559,8 @@ static void tcase_add_tests(struct torture_tcase *tcase) torture_tcase_add_simple_test(tcase, "query_key_nums", test_query_key_nums); torture_tcase_add_simple_test(tcase, "test_predef_key_by_name", test_predef_key_by_name); + torture_tcase_add_simple_test(tcase, "security", + test_security); torture_tcase_add_simple_test(tcase, "test_predef_key_by_name_invalid", test_predef_key_by_name_invalid); } diff --git a/source/rpc_server/winreg/rpc_winreg.c b/source/rpc_server/winreg/rpc_winreg.c index 11c366fcb71..05f47a4483e 100644 --- a/source/rpc_server/winreg/rpc_winreg.c +++ b/source/rpc_server/winreg/rpc_winreg.c @@ -490,11 +490,7 @@ static WERROR dcesrv_winreg_SetValue(struct dcesrv_call_state *dce_call, data.length = r->in.size; result = reg_val_set(key, r->in.name.name, r->in.type, data); - if (!W_ERROR_IS_OK(result)) { - return result; - } - - return WERR_OK; + return result; } diff --git a/source/samba4-knownfail b/source/samba4-knownfail index d968ae06892..451428077a9 100644 --- a/source/samba4-knownfail +++ b/source/samba4-knownfail @@ -5,5 +5,6 @@ BASE-DELETE/deltest20a BASE-DELETE/deltest20b RAW-OPLOCK/OPLOCK RPC-WINREG +LOCAL-REGISTRY/security # Not implemented yet RPC-WKSSVC.*NetWkstaGetInfo RPC-WKSSVC.*NetWkstaTransportEnum