Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

814 lines
26 KiB

/*++
Copyright (c) 1991 Microsoft Corporation
Module Name:
cmparse2.c
Abstract:
This module contains parse routines for the configuration manager, particularly
the registry.
Author:
Bryan M. Willman (bryanwi) 10-Sep-1991
Revision History:
--*/
#include "cmp.h"
BOOLEAN
CmpOKToFollowLink( IN PCMHIVE OrigHive,
IN PCMHIVE DestHive
);
#ifdef ALLOC_PRAGMA
#pragma alloc_text(PAGE,CmpDoCreate)
#pragma alloc_text(PAGE,CmpDoCreateChild)
#endif
extern PCM_KEY_CONTROL_BLOCK CmpKeyControlBlockRoot;
NTSTATUS
CmpDoCreate(
IN PHHIVE Hive,
IN HCELL_INDEX Cell,
IN PACCESS_STATE AccessState,
IN PUNICODE_STRING Name,
IN KPROCESSOR_MODE AccessMode,
IN PCM_PARSE_CONTEXT Context,
IN PCM_KEY_CONTROL_BLOCK ParentKcb,
IN PCMHIVE OriginatingHive OPTIONAL,
OUT PVOID *Object
)
/*++
Routine Description:
Performs the first step in the creation of a registry key. This
routine checks to make sure the caller has the proper access to
create a key here, and allocates space for the child in the parent
cell. It then calls CmpDoCreateChild to initialize the key and
create the key object.
This two phase creation allows us to share the child creation code
with the creation of link nodes.
Arguments:
Hive - supplies a pointer to the hive control structure for the hive
Cell - supplies index of node to create child under.
AccessState - Running security access state information for operation.
Name - supplies pointer to a UNICODE string which is the name of
the child to be created.
AccessMode - Access mode of the original caller.
Context - pointer to CM_PARSE_CONTEXT structure passed through
the object manager
BaseName - Name of object create is relative to
KeyName - Relative name (to BaseName)
Object - The address of a variable to receive the created key object, if
any.
Return Value:
NTSTATUS
--*/
{
NTSTATUS status;
PCELL_DATA pdata;
HCELL_INDEX KeyCell;
ULONG ParentType;
ACCESS_MASK AdditionalAccess;
BOOLEAN CreateAccess;
PCM_KEY_BODY KeyBody;
PSECURITY_DESCRIPTOR SecurityDescriptor;
LARGE_INTEGER TimeStamp;
BOOLEAN BackupRestore;
KPROCESSOR_MODE mode;
PCM_KEY_NODE ParentNode;
#ifdef CMP_KCB_CACHE_VALIDATION
//
// we this only for debug validation purposes. We shall delete it even
// for debug code after we make sure it works OK.
//
ULONG Index;
#endif //CMP_KCB_CACHE_VALIDATION
CmKdPrintEx((DPFLTR_CONFIG_ID,CML_PARSE,"CmpDoCreate:\n"));
BackupRestore = FALSE;
if (ARGUMENT_PRESENT(Context)) {
if (Context->CreateOptions & REG_OPTION_BACKUP_RESTORE) {
//
// allow backup operators to create new keys
//
BackupRestore = TRUE;
}
//
// Operation is a create, so set Disposition
//
Context->Disposition = REG_CREATED_NEW_KEY;
}
/*
//
// this is a create, so we need exclusive access on the registry
// first get the time stamp to see if somebody messed with this key
// this might be more easier if we decide to cache the LastWriteTime
// in the KCB ; now it IS !!!
//
TimeStamp = ParentKcb->KcbLastWriteTime;
*/
if( CmIsKcbReadOnly(ParentKcb) ) {
//
// key is protected
//
return STATUS_ACCESS_DENIED;
}
CmpUnlockRegistry();
CmpLockRegistryExclusive();
#ifdef CHECK_REGISTRY_USECOUNT
CmpCheckRegistryUseCount();
#endif //CHECK_REGISTRY_USECOUNT
//
// make sure nothing changed in between:
// 1. ParentKcb is still valid
// 2. Child was not already added by somebody else
//
if( ParentKcb->Delete ) {
//
// key was deleted in between
//
return STATUS_OBJECT_NAME_NOT_FOUND;
}
/*
Apparently KeQuerySystemTime doesn't give us a fine resolution to copunt on
//
// we need to read the parent again (because of the mapping view stuff !)
//
if( TimeStamp.QuadPart != ParentKcb->KcbLastWriteTime.QuadPart ) {
//
// key was changed in between; possibly this key was already created ==> reparse
//
return STATUS_REPARSE;
}
*/
//
// apparently, the KeQuerySystemTime doesn't give us a fine resolution
// so we have to search if the child has not been created already
//
ParentNode = (PCM_KEY_NODE)HvGetCell(Hive, Cell);
if( ParentNode == NULL ) {
//
// we couldn't map the bin containing this cell
//
return STATUS_INSUFFICIENT_RESOURCES;
}
// release the cell right here as we are holding the reglock exclusive
HvReleaseCell(Hive,Cell);
if( CmpFindSubKeyByName(Hive,ParentNode,Name) != HCELL_NIL ) {
//
// key was changed in between; possibly this key was already created ==> reparse
//
#ifdef CHECK_REGISTRY_USECOUNT
CmpCheckRegistryUseCount();
#endif //CHECK_REGISTRY_USECOUNT
return STATUS_REPARSE;
}
if(!CmpOKToFollowLink(OriginatingHive,(PCMHIVE)Hive) ) {
//
// about to cross class of trust boundary
//
return STATUS_ACCESS_DENIED;
}
ASSERT( Cell == ParentKcb->KeyCell );
#ifdef CMP_KCB_CACHE_VALIDATION
//
// Check to make sure the caller can create a sub-key here.
//
//
// get the security descriptor from cache
//
if( CmpFindSecurityCellCacheIndex ((PCMHIVE)Hive,ParentNode->Security,&Index) == FALSE ) {
#ifdef CHECK_REGISTRY_USECOUNT
CmpCheckRegistryUseCount();
#endif //CHECK_REGISTRY_USECOUNT
return STATUS_INSUFFICIENT_RESOURCES;
}
ASSERT( ((PCMHIVE)Hive)->SecurityCache[Index].Cell == ParentNode->Security );
ASSERT( ((PCMHIVE)Hive)->SecurityCache[Index].CachedSecurity == ParentKcb->CachedSecurity );
#endif //CMP_KCB_CACHE_VALIDATION
ASSERT( ParentKcb->CachedSecurity != NULL );
SecurityDescriptor = &(ParentKcb->CachedSecurity->Descriptor);
ParentType = HvGetCellType(Cell);
if ( (ParentType == Volatile) &&
((Context->CreateOptions & REG_OPTION_VOLATILE) == 0) )
{
//
// Trying to create stable child under volatile parent, report error
//
#ifdef CHECK_REGISTRY_USECOUNT
CmpCheckRegistryUseCount();
#endif //CHECK_REGISTRY_USECOUNT
return STATUS_CHILD_MUST_BE_VOLATILE;
}
#ifdef CMP_KCB_CACHE_VALIDATION
ASSERT( ParentNode->Flags == ParentKcb->Flags );
#endif //CMP_KCB_CACHE_VALIDATION
if (ParentKcb->Flags & KEY_SYM_LINK) {
//
// Disallow attempts to create anything under a symbolic link
//
#ifdef CHECK_REGISTRY_USECOUNT
CmpCheckRegistryUseCount();
#endif //CHECK_REGISTRY_USECOUNT
return STATUS_ACCESS_DENIED;
}
AdditionalAccess = (Context->CreateOptions & REG_OPTION_CREATE_LINK) ? KEY_CREATE_LINK : 0;
if( BackupRestore == TRUE ) {
//
// this is a create to support a backup or restore
// operation, do the special case work
//
AccessState->RemainingDesiredAccess = 0;
AccessState->PreviouslyGrantedAccess = 0;
mode = KeGetPreviousMode();
if (SeSinglePrivilegeCheck(SeBackupPrivilege, mode)) {
AccessState->PreviouslyGrantedAccess |=
KEY_READ | ACCESS_SYSTEM_SECURITY;
}
if (SeSinglePrivilegeCheck(SeRestorePrivilege, mode)) {
AccessState->PreviouslyGrantedAccess |=
KEY_WRITE | ACCESS_SYSTEM_SECURITY | WRITE_DAC | WRITE_OWNER;
}
if (AccessState->PreviouslyGrantedAccess == 0) {
CmKdPrintEx((DPFLTR_CONFIG_ID,CML_PARSE,"CmpDoCreate for backup restore: access denied\n"));
status = STATUS_ACCESS_DENIED;
//
// this is not a backup-restore operator; deny the create
//
CreateAccess = FALSE;
} else {
//
// allow backup operators to create new keys
//
status = STATUS_SUCCESS;
CreateAccess = TRUE;
}
} else {
//
// The FullName is not used in the routine CmpCheckCreateAccess,
//
CreateAccess = CmpCheckCreateAccess(NULL,
SecurityDescriptor,
AccessState,
AccessMode,
AdditionalAccess,
&status);
}
if (CreateAccess) {
//
// Security check passed, so we can go ahead and create
// the sub-key.
//
if ( !HvMarkCellDirty(Hive, Cell) ) {
#ifdef CHECK_REGISTRY_USECOUNT
CmpCheckRegistryUseCount();
#endif //CHECK_REGISTRY_USECOUNT
return STATUS_NO_LOG_SPACE;
}
//
// Create and initialize the new sub-key
//
status = CmpDoCreateChild( Hive,
Cell,
SecurityDescriptor,
AccessState,
Name,
AccessMode,
Context,
ParentKcb,
0,
&KeyCell,
Object );
if (NT_SUCCESS(status)) {
PCM_KEY_NODE KeyNode;
//
// Child successfully created, add to parent's list.
//
if (! CmpAddSubKey(Hive, Cell, KeyCell)) {
//
// Unable to add child, so free it
//
CmpFreeKeyByCell(Hive, KeyCell, FALSE);
#ifdef CHECK_REGISTRY_USECOUNT
CmpCheckRegistryUseCount();
#endif //CHECK_REGISTRY_USECOUNT
return STATUS_INSUFFICIENT_RESOURCES;
}
KeyNode = (PCM_KEY_NODE)HvGetCell(Hive, Cell);
if( KeyNode == NULL ) {
//
// we couldn't map the bin containing this cell
// this shouldn't happen as we successfully marked the cell as dirty
//
ASSERT( FALSE );
#ifdef CHECK_REGISTRY_USECOUNT
CmpCheckRegistryUseCount();
#endif //CHECK_REGISTRY_USECOUNT
return STATUS_INSUFFICIENT_RESOURCES;
}
// release the cell right here as we are holding the reglock exclusive
HvReleaseCell(Hive,Cell);
KeyBody = (PCM_KEY_BODY)(*Object);
//
// A new key is created, invalid the subkey info of the parent KCB.
//
ASSERT_CM_LOCK_OWNED_EXCLUSIVE();
CmpCleanUpSubKeyInfo (KeyBody->KeyControlBlock->ParentKcb);
//
// Update max keyname and class name length fields
//
//some sanity asserts first
ASSERT( KeyBody->KeyControlBlock->ParentKcb->KeyCell == Cell );
ASSERT( KeyBody->KeyControlBlock->ParentKcb->KeyHive == Hive );
ASSERT( KeyBody->KeyControlBlock->ParentKcb == ParentKcb );
ASSERT( KeyBody->KeyControlBlock->ParentKcb->KcbMaxNameLen == KeyNode->MaxNameLen );
//
// update the LastWriteTime on both keynode and kcb;
//
KeQuerySystemTime(&TimeStamp);
KeyNode->LastWriteTime = TimeStamp;
KeyBody->KeyControlBlock->ParentKcb->KcbLastWriteTime = TimeStamp;
if (KeyNode->MaxNameLen < Name->Length) {
KeyNode->MaxNameLen = Name->Length;
// update the kcb cache too
KeyBody->KeyControlBlock->ParentKcb->KcbMaxNameLen = Name->Length;
}
if (KeyNode->MaxClassLen < Context->Class.Length) {
KeyNode->MaxClassLen = Context->Class.Length;
}
if (Context->CreateOptions & REG_OPTION_CREATE_LINK) {
pdata = HvGetCell(Hive, KeyCell);
if( pdata == NULL ) {
//
// we couldn't map the bin containing this cell
// this shouldn't happen as we just allocated the cell
// (i.e. it must be PINNED into memory at this point)
//
ASSERT( FALSE );
#ifdef CHECK_REGISTRY_USECOUNT
CmpCheckRegistryUseCount();
#endif //CHECK_REGISTRY_USECOUNT
return STATUS_INSUFFICIENT_RESOURCES;
}
// release the cell right here as we are holding the reglock exclusive
HvReleaseCell(Hive,KeyCell);
pdata->u.KeyNode.Flags |= KEY_SYM_LINK;
KeyBody->KeyControlBlock->Flags = pdata->u.KeyNode.Flags;
}
#ifdef CM_BREAK_ON_KEY_OPEN
if( KeyBody->KeyControlBlock->ParentKcb->Flags & KEY_BREAK_ON_OPEN ) {
DbgPrint("\n\n Current process is creating a subkey to a key tagged as BREAK ON OPEN\n");
DbgPrint("\nPlease type the following in the debugger window: !reg kcb %p\n\n\n",KeyBody->KeyControlBlock);
try {
DbgBreakPoint();
} except (EXCEPTION_EXECUTE_HANDLER) {
//
// no debugger enabled, just keep going
//
}
}
#endif //CM_BREAK_ON_KEY_OPEN
}
}
#ifdef CHECK_REGISTRY_USECOUNT
CmpCheckRegistryUseCount();
#endif //CHECK_REGISTRY_USECOUNT
return status;
}
NTSTATUS
CmpDoCreateChild(
IN PHHIVE Hive,
IN HCELL_INDEX ParentCell,
IN PSECURITY_DESCRIPTOR ParentDescriptor OPTIONAL,
IN PACCESS_STATE AccessState,
IN PUNICODE_STRING Name,
IN KPROCESSOR_MODE AccessMode,
IN PCM_PARSE_CONTEXT Context,
IN PCM_KEY_CONTROL_BLOCK ParentKcb,
IN USHORT Flags,
OUT PHCELL_INDEX KeyCell,
OUT PVOID *Object
)
/*++
Routine Description:
Creates a new sub-key. This is called by CmpDoCreate to create child
sub-keys and CmpCreateLinkNode to create root sub-keys.
Arguments:
Hive - supplies a pointer to the hive control structure for the hive
ParentCell - supplies cell index of parent cell
ParentDescriptor - Supplies security descriptor of parent key, for use
in inheriting ACLs.
AccessState - Running security access state information for operation.
Name - Supplies pointer to a UNICODE string which is the name of the
child to be created.
AccessMode - Access mode of the original caller.
Context - Supplies pointer to CM_PARSE_CONTEXT structure passed through
the object manager.
BaseName - Name of object create is relative to
KeyName - Relative name (to BaseName)
Flags - Supplies any flags to be set in the newly created node
KeyCell - Receives the cell index of the newly created sub-key, if any.
Object - Receives a pointer to the created key object, if any.
Return Value:
STATUS_SUCCESS - sub-key successfully created. New object is returned in
Object, and the new cell's cell index is returned in KeyCell.
!STATUS_SUCCESS - appropriate error message.
--*/
{
ULONG alloc=0;
NTSTATUS Status = STATUS_SUCCESS;
PCM_KEY_BODY KeyBody;
HCELL_INDEX ClassCell=HCELL_NIL;
PCM_KEY_NODE KeyNode;
PCELL_DATA CellData;
PCM_KEY_CONTROL_BLOCK kcb = NULL;
ULONG StorageType;
PSECURITY_DESCRIPTOR NewDescriptor = NULL;
LARGE_INTEGER systemtime;
ASSERT_CM_LOCK_OWNED_EXCLUSIVE();
CmKdPrintEx((DPFLTR_CONFIG_ID,CML_PARSE,"CmpDoCreateChild:\n"));
//
// Get allocation type
//
StorageType = Stable;
try {
if (Context->CreateOptions & REG_OPTION_VOLATILE) {
StorageType = Volatile;
}
//
// Allocate child cell
//
*KeyCell = HvAllocateCell(
Hive,
CmpHKeyNodeSize(Hive, Name),
StorageType,
HCELL_NIL
);
if (*KeyCell == HCELL_NIL) {
Status = STATUS_INSUFFICIENT_RESOURCES;
leave;
}
alloc = 1;
KeyNode = (PCM_KEY_NODE)HvGetCell(Hive, *KeyCell);
if( KeyNode == NULL ) {
//
// we couldn't map the bin containing this cell
// this shouldn't happen as we just allocated the cell
// (i.e. it must be PINNED into memory at this point)
//
ASSERT( FALSE );
Status = STATUS_INSUFFICIENT_RESOURCES;
leave;
}
// release the cell right here as we are holding the reglock exclusive
HvReleaseCell(Hive,*KeyCell);
//
// Allocate cell for class name
//
if (Context->Class.Length > 0) {
ClassCell = HvAllocateCell(Hive, Context->Class.Length, StorageType,*KeyCell);
if (ClassCell == HCELL_NIL) {
Status = STATUS_INSUFFICIENT_RESOURCES;
leave;
}
}
alloc = 2;
//
// Allocate the object manager object
//
Status = ObCreateObject(AccessMode,
CmpKeyObjectType,
NULL,
AccessMode,
NULL,
sizeof(CM_KEY_BODY),
0,
0,
Object);
if (NT_SUCCESS(Status)) {
KeyBody = (PCM_KEY_BODY)(*Object);
//
// We have managed to allocate all of the objects we need to,
// so initialize them
//
//
// Mark the object as uninitialized (in case we get an error too soon)
//
KeyBody->Type = KEY_BODY_TYPE;
KeyBody->KeyControlBlock = NULL;
//
// Fill in the class name
//
if (Context->Class.Length > 0) {
CellData = HvGetCell(Hive, ClassCell);
if( CellData == NULL ) {
//
// we couldn't map the bin containing this cell
// this shouldn't happen as we just allocated the cell
// (i.e. it must be PINNED into memory at this point)
//
ASSERT( FALSE );
Status = STATUS_INSUFFICIENT_RESOURCES;
ObDereferenceObject(*Object);
leave;
}
// release the cell right here as we are holding the reglock exclusive
HvReleaseCell(Hive,ClassCell);
try {
RtlCopyMemory(
&(CellData->u.KeyString[0]),
Context->Class.Buffer,
Context->Class.Length
);
} except(EXCEPTION_EXECUTE_HANDLER) {
ObDereferenceObject(*Object);
Status = GetExceptionCode();
leave;
}
}
//
// Fill in the new key itself
//
KeyNode->Signature = CM_KEY_NODE_SIGNATURE;
KeyNode->Flags = Flags;
KeQuerySystemTime(&systemtime);
KeyNode->LastWriteTime = systemtime;
KeyNode->Spare = 0;
KeyNode->Parent = ParentCell;
KeyNode->SubKeyCounts[Stable] = 0;
KeyNode->SubKeyCounts[Volatile] = 0;
KeyNode->SubKeyLists[Stable] = HCELL_NIL;
KeyNode->SubKeyLists[Volatile] = HCELL_NIL;
KeyNode->ValueList.Count = 0;
KeyNode->ValueList.List = HCELL_NIL;
KeyNode->Security = HCELL_NIL;
KeyNode->Class = ClassCell;
KeyNode->ClassLength = Context->Class.Length;
KeyNode->MaxValueDataLen = 0;
KeyNode->MaxNameLen = 0;
KeyNode->MaxValueNameLen = 0;
KeyNode->MaxClassLen = 0;
KeyNode->NameLength = CmpCopyName(Hive,
KeyNode->Name,
Name);
if (KeyNode->NameLength < Name->Length) {
KeyNode->Flags |= KEY_COMP_NAME;
}
if (Context->CreateOptions & REG_OPTION_PREDEF_HANDLE) {
KeyNode->ValueList.Count = (ULONG)((ULONG_PTR)Context->PredefinedHandle);
KeyNode->Flags |= KEY_PREDEF_HANDLE;
}
//
// Create kcb here so all data are filled in.
//
// Allocate a key control block
//
kcb = CmpCreateKeyControlBlock(Hive, *KeyCell, KeyNode, ParentKcb, FALSE, Name);
if (kcb == NULL) {
ObDereferenceObject(*Object);
Status = STATUS_INSUFFICIENT_RESOURCES;
leave;
}
ASSERT(kcb->RefCount == 1);
alloc = 3;
#if DBG
if( kcb->ExtFlags & CM_KCB_KEY_NON_EXIST ) {
//
// we shouldn't fall into this
//
ObDereferenceObject(*Object);
DbgBreakPoint();
Status = STATUS_OBJECT_NAME_NOT_FOUND;
leave;
}
#endif //DBG
//
// Fill in CM specific fields in the object
//
KeyBody->Type = KEY_BODY_TYPE;
KeyBody->KeyControlBlock = kcb;
KeyBody->NotifyBlock = NULL;
KeyBody->ProcessID = PsGetCurrentProcessId();
ENLIST_KEYBODY_IN_KEYBODY_LIST(KeyBody);
//
// Assign a security descriptor to the object. Note that since
// registry keys are container objects, and ObAssignSecurity
// assumes that the only container object in the world is
// the ObpDirectoryObjectType, we have to call SeAssignSecurity
// directly in order to get the right inheritance.
//
Status = SeAssignSecurity(ParentDescriptor,
AccessState->SecurityDescriptor,
&NewDescriptor,
TRUE, // container object
&AccessState->SubjectSecurityContext,
&CmpKeyObjectType->TypeInfo.GenericMapping,
CmpKeyObjectType->TypeInfo.PoolType);
if (NT_SUCCESS(Status)) {
Status = CmpSecurityMethod(*Object,
AssignSecurityDescriptor,
NULL,
NewDescriptor,
NULL,
NULL,
CmpKeyObjectType->TypeInfo.PoolType,
&CmpKeyObjectType->TypeInfo.GenericMapping);
}
//
// Since the security descriptor now lives in the hive,
// free the in-memory copy
//
SeDeassignSecurity( &NewDescriptor );
if (!NT_SUCCESS(Status)) {
//
// Note that the dereference will clean up the kcb, so
// make sure and decrement the allocation count here.
//
// Also mark the kcb as deleted so it does not get
// inappropriately cached.
//
ASSERT_CM_LOCK_OWNED_EXCLUSIVE();
kcb->Delete = TRUE;
CmpRemoveKeyControlBlock(kcb);
ObDereferenceObject(*Object);
alloc = 2;
} else {
CmpReportNotify(
kcb,
kcb->KeyHive,
kcb->KeyCell,
REG_NOTIFY_CHANGE_NAME
);
}
}
} finally {
if (!NT_SUCCESS(Status)) {
//
// Clean up allocations
//
switch (alloc) {
case 3:
//
// Mark KCB as deleted so it does not get inadvertently added to
// the delayed close list. That would have fairly disastrous effects
// as the KCB points to storage we are about to free.
//
ASSERT_CM_LOCK_OWNED_EXCLUSIVE();
kcb->Delete = TRUE;
CmpRemoveKeyControlBlock(kcb);
CmpDereferenceKeyControlBlockWithLock(kcb);
// DELIBERATE FALL
case 2:
if (Context->Class.Length > 0) {
HvFreeCell(Hive, ClassCell);
}
// DELIBERATE FALL
case 1:
HvFreeCell(Hive, *KeyCell);
// DELIBERATE FALL
}
#ifdef CM_CHECK_FOR_ORPHANED_KCBS
DbgPrint("CmpDoCreateChild failed with status %lx for hive = %p , NodeName = %.*S\n",Status,Hive,Name->Length/2,Name->Buffer);
#endif //CM_CHECK_FOR_ORPHANED_KCBS
}
}
return(Status);
}