You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1513 lines
43 KiB
1513 lines
43 KiB
/*++
|
|
|
|
|
|
|
|
Copyright (c) 1991 Microsoft Corporation
|
|
|
|
Module Name:
|
|
|
|
Regkey.c
|
|
|
|
Abstract:
|
|
|
|
This module contains the server side implementation for the Win32
|
|
Registry APIs to open, create, flush and close keys. That is:
|
|
|
|
- BaseRegCloseKey
|
|
- BaseRegCreateKey
|
|
- BaseRegFlushKey
|
|
- BaseRegOpenKey
|
|
|
|
Author:
|
|
|
|
David J. Gilman (davegi) 15-Nov-1991
|
|
|
|
Notes:
|
|
|
|
These notes apply to the Win32 Registry API implementation as a whole
|
|
and not just to this module.
|
|
|
|
On the client side, modules contain RPC wrappers for both the new
|
|
Win32 and compatible Win 3.1 APIs. The Win 3.1 wrappers generally
|
|
supply default parameters before calling the Win32 wrappers. In some
|
|
cases they may need to call multiple Win32 wrappers in order to
|
|
function correctly (e.g. RegSetValue sometimes needs to call
|
|
RegCreateKeyEx). The Win32 wrappers are quite thin and usually do
|
|
nothing more than map a predefined handle to a real handle and perform
|
|
ANSI<->Unicode translations. In some cases (e.g. RegCreateKeyEx) the
|
|
wrapper also converts some argument (e.g. SECURITY_ATTRIBUTES) to an
|
|
RPCable representation. In both the Win 3.1 and Win32 cases ANSI and
|
|
Unicode implementations are provided.
|
|
|
|
On the server side, there is one entry point for each of the Win32
|
|
APIs. Each contains an identical interface with the client side
|
|
wrapper with the exception that all string / count arguments are
|
|
passed as a single counted Unicode string. Pictorially, for an API
|
|
named "F":
|
|
|
|
RegWin31FA() RegWin31FW() (client side)
|
|
|
|
| |
|
|
| |
|
|
| |
|
|
| |
|
|
V V
|
|
|
|
RegWin32FExA() RegWin32FExW()
|
|
|
|
| |
|
|
^ ^
|
|
v v (RPC)
|
|
| |
|
|
| |
|
|
+----> BaseRegF() <---+ (server side)
|
|
|
|
|
|
This yields smaller code (as the string conversion is done only once
|
|
per API) at the cost of slightly higher maintenance (i.e. Win 3.1
|
|
default parameter replacement and Win32 string conversions must be
|
|
manually kept in synch).
|
|
|
|
Another option would be to have a calling sequence that looks like,
|
|
|
|
RegWin31FA() RegWin31FW()
|
|
|
|
| |
|
|
| |
|
|
| |
|
|
V V
|
|
|
|
RegWin32FExA() -----> RegWin32FExW()
|
|
|
|
and have the RegWin32FExW() API perform all of the actual work. This
|
|
method is generally less efficient. It requires the RegWin32FExA()
|
|
API to convert its ANSI string arguments to counted Unicode strings,
|
|
extract the buffers to call the RegWin32FExW() API only to have it
|
|
rebuild a counted Unicode string. However in some cases (e.g.
|
|
RegConnectRegistry) where a counted Unicode string was not needed in
|
|
the Unicode API this method is used.
|
|
|
|
Details of an API's functionality, arguments and return value can be
|
|
found in the base implementations (e.g. BaseRegF()). All other
|
|
function headers contain only minimal routine descriptions and no
|
|
descriptions of their arguments or return value.
|
|
|
|
The comment string "Win3.1ism" indicates special code for Win 3.1
|
|
compatability.
|
|
|
|
Throughout the implementation the following variable names are used
|
|
and always refer to the same thing:
|
|
|
|
Obja - An OBJECT_ATTRIBUTES structure.
|
|
Status - A NTSTATUS value.
|
|
Error - A Win32 Registry error code (n.b. one of the error
|
|
values is ERROR_SUCCESS).
|
|
|
|
--*/
|
|
|
|
#include <rpc.h>
|
|
#include <string.h>
|
|
#include <wchar.h>
|
|
#include "regrpc.h"
|
|
#include "localreg.h"
|
|
#include "regclass.h"
|
|
#include "regecls.h"
|
|
#include "regsec.h"
|
|
#include <malloc.h>
|
|
|
|
#ifdef LOCAL
|
|
#include "tsappcmp.h"
|
|
|
|
#ifdef LEAK_TRACK
|
|
#include "regleak.h"
|
|
#endif // LEAK_TRACK
|
|
|
|
#endif
|
|
|
|
NTSTATUS
|
|
BaseRegCreateMultipartKey(
|
|
IN HKEY hkDestKey,
|
|
IN PUNICODE_STRING pDestSubKey,
|
|
IN PUNICODE_STRING lpClass OPTIONAL,
|
|
IN DWORD dwOptions,
|
|
IN REGSAM samDesired,
|
|
IN PRPC_SECURITY_ATTRIBUTES pRpcSecurityAttributes OPTIONAL,
|
|
OUT PHKEY phkResult,
|
|
OUT LPDWORD lpdwDisposition OPTIONAL,
|
|
ULONG Attributes);
|
|
|
|
|
|
#if DBG
|
|
extern HANDLE RestrictedMachineHandle;
|
|
#endif
|
|
|
|
NTSTATUS
|
|
OpenMachineKey(PHANDLE phKey);
|
|
|
|
BOOL
|
|
InitializeRegCreateKey(
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This function was used to initialize a critical section that no longer
|
|
exists. This critical section was used when a key name '\', and multiple
|
|
multiple keys were to be created. The API used the wcstok defined in the
|
|
kernel, which was not multi-threaded safe.
|
|
|
|
This function now will always return TRUE. It will not be removed from the code
|
|
to avoid change in the rpc interface.
|
|
|
|
Arguments:
|
|
|
|
None.
|
|
|
|
Return Value:
|
|
|
|
Returns TRUE always.
|
|
|
|
--*/
|
|
|
|
{
|
|
return( TRUE );
|
|
|
|
}
|
|
|
|
|
|
|
|
BOOL
|
|
CleanupRegCreateKey(
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This function was used to clean up a critical section that no longer
|
|
exists. This critical section was used when a key name '\', and multiple
|
|
multiple keys were to be created. The API used the wcstok defined in the
|
|
kernel, which was not multi-threaded safe.
|
|
|
|
This function now will always return TRUE. It will not be removed from the code
|
|
to avoid change in the rpc interface.
|
|
|
|
|
|
|
|
Arguments:
|
|
|
|
None.
|
|
|
|
Return Value:
|
|
|
|
Returns TRUE if the cleanup succeeds.
|
|
|
|
--*/
|
|
|
|
{
|
|
return( TRUE );
|
|
}
|
|
|
|
|
|
|
|
error_status_t
|
|
BaseRegCloseKeyInternal(
|
|
IN OUT PHKEY phKey
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Closes a key handle.
|
|
|
|
Arguments:
|
|
|
|
phKey - Supplies a handle to an open key to be closed.
|
|
|
|
Return Value:
|
|
|
|
Returns ERROR_SUCCESS (0) for success; error-code for failure.
|
|
|
|
--*/
|
|
|
|
{
|
|
NTSTATUS Status;
|
|
#if defined(LEAK_TRACK)
|
|
BOOL fTrack;
|
|
#endif // defined(LEAK_TRACK)
|
|
|
|
//
|
|
// Call out to Perflib if the HKEY is HKEY_PERFOMANCE_DATA.
|
|
//
|
|
|
|
if(( *phKey == HKEY_PERFORMANCE_DATA ) ||
|
|
( *phKey == HKEY_PERFORMANCE_TEXT ) ||
|
|
( *phKey == HKEY_PERFORMANCE_NLSTEXT )) {
|
|
|
|
Status = PerfRegCloseKey( phKey );
|
|
return (error_status_t)Status;
|
|
}
|
|
|
|
ASSERT( IsPredefinedRegistryHandle( *phKey ) == FALSE );
|
|
|
|
#ifndef LOCAL
|
|
//
|
|
// Quick check for a "restricted" handle; then this turns to noop as the global restricted handle will
|
|
// be cleaned up when the service is terminated
|
|
//
|
|
if ( REGSEC_CHECK_HANDLE( *phKey ) )
|
|
{
|
|
*phKey = REGSEC_CLEAR_HANDLE( *phKey );
|
|
ASSERT( RestrictedMachineHandle == *phKey );
|
|
*phKey = NULL;
|
|
return ERROR_SUCCESS;
|
|
}
|
|
|
|
#endif //LOCAL
|
|
|
|
#ifdef LOCAL
|
|
//
|
|
// now we need to remove any state for registry key enumeration associated
|
|
// with this key if it's a class registration parent
|
|
//
|
|
if (REG_CLASS_IS_SPECIAL_KEY(*phKey)) {
|
|
|
|
// this may not succeed since someone could have already removed this key
|
|
(void) EnumTableRemoveKey(
|
|
&gClassesEnumTable,
|
|
*phKey,
|
|
ENUM_TABLE_REMOVEKEY_CRITERIA_ANYTHREAD);
|
|
}
|
|
|
|
#if defined(LEAK_TRACK)
|
|
|
|
if (g_RegLeakTraceInfo.bEnableLeakTrack) {
|
|
fTrack = RegLeakTableIsTrackedObject(&gLeakTable, *phKey);
|
|
}
|
|
|
|
#endif // defined(LEAK_TRACK)
|
|
|
|
#endif // LOCAL
|
|
|
|
|
|
Status = NtClose( *phKey );
|
|
|
|
if( NT_SUCCESS( Status )) {
|
|
|
|
#ifdef LOCAL
|
|
#if defined(LEAK_TRACK)
|
|
|
|
if (g_RegLeakTraceInfo.bEnableLeakTrack) {
|
|
if (fTrack) {
|
|
(void) UnTrackObject(*phKey);
|
|
}
|
|
}
|
|
|
|
#endif // defined(LEAK_TRACK)
|
|
#endif // LOCAL
|
|
|
|
//
|
|
// Set the handle to NULL so that RPC knows that it has been closed.
|
|
//
|
|
*phKey = NULL;
|
|
|
|
return ERROR_SUCCESS;
|
|
|
|
} else {
|
|
|
|
return (error_status_t)RtlNtStatusToDosError( Status );
|
|
}
|
|
}
|
|
|
|
|
|
|
|
error_status_t
|
|
BaseRegCloseKey(
|
|
IN OUT PHKEY phKey
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Closes a key handle.
|
|
|
|
Arguments:
|
|
|
|
phKey - Supplies a handle to an open key to be closed.
|
|
|
|
Return Value:
|
|
|
|
Returns ERROR_SUCCESS (0) for success; error-code for failure.
|
|
|
|
--*/
|
|
|
|
{
|
|
error_status_t Error;
|
|
|
|
#ifndef LOCAL
|
|
RPC_STATUS _rpcstatus = RpcImpersonateClient( NULL );
|
|
#if DBG
|
|
if( _rpcstatus != ERROR_SUCCESS ) {
|
|
DbgPrint("WINREG: BaseRegCloseKey: Failed to impersonate in process %p, thread %p, for handle %p \n",NtCurrentProcess(),NtCurrentThread(),*phKey);
|
|
}
|
|
#endif
|
|
#endif //LOCAL
|
|
|
|
Error = BaseRegCloseKeyInternal(phKey);
|
|
|
|
#ifndef LOCAL
|
|
|
|
#if DBG
|
|
if( Error != ERROR_SUCCESS ) {
|
|
DbgPrint("WINREG: BaseRegCloseKeyInternal without impersonation returned %lx\n",Error);
|
|
}
|
|
#endif
|
|
|
|
if (_rpcstatus == ERROR_SUCCESS) {
|
|
_rpcstatus = RpcRevertToSelf();
|
|
}
|
|
#endif
|
|
|
|
return Error;
|
|
}
|
|
|
|
|
|
error_status_t
|
|
BaseRegCreateKey(
|
|
IN HKEY hKey,
|
|
IN PUNICODE_STRING lpSubKey,
|
|
IN PUNICODE_STRING lpClass OPTIONAL,
|
|
IN DWORD dwOptions,
|
|
IN REGSAM samDesired,
|
|
IN PRPC_SECURITY_ATTRIBUTES pRpcSecurityAttributes OPTIONAL,
|
|
OUT PHKEY phkResult,
|
|
OUT LPDWORD lpdwDisposition OPTIONAL
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Create a new key, with the specified name, or open an already existing
|
|
key. RegCreateKeyExW is atomic, meaning that one can use it to create
|
|
a key as a lock. If a second caller creates the same key, the call
|
|
will return a value that says whether the key already existed or not,
|
|
and thus whether the caller "owns" the "lock" or not. RegCreateKeyExW
|
|
does NOT truncate an existing entry, so the lock entry may contain
|
|
data.
|
|
|
|
Arguments:
|
|
|
|
hKey - Supplies a handle to an open key. The lpSubKey key path
|
|
parameter is relative to this key handle. Any of the predefined
|
|
reserved handle values or a previously opened key handle may be used
|
|
for hKey.
|
|
|
|
lpSubKey - Supplies the downward key path to the key to create.
|
|
lpSubKey is always relative to the key specified by hKey.
|
|
This parameter may not be NULL.
|
|
|
|
lpClass - Supplies the class (object type) of this key. Ignored if
|
|
the key already exists. No class is associated with this key if
|
|
this parameter is NULL.
|
|
|
|
dwOptions - Supplies special options. Only one is currently defined:
|
|
|
|
REG_VOLATILE - Specifies that this key should not be preserved
|
|
across reboot. The default is not volatile. This is ignored
|
|
if the key already exists.
|
|
|
|
WARNING: All descendent keys of a volatile key are also volatile.
|
|
|
|
samDesired - Supplies the requested security access mask. This
|
|
access mask describes the desired security access to the newly
|
|
created key.
|
|
|
|
lpSecurityAttributes - Supplies a pointer to a SECURITY_ATTRIBUTES
|
|
structure for the newly created key. This parameter is ignored
|
|
if NULL or not supported by the OS.
|
|
|
|
phkResult - Returns an open handle to the newly created key.
|
|
|
|
lpdwDisposition - Returns the disposition state, which can be one of:
|
|
|
|
REG_CREATED_NEW_KEY - the key did not exist and was created.
|
|
|
|
REG_OPENED_EXISTING_KEY - the key already existed, and was simply
|
|
opened without being changed.
|
|
|
|
This parameter is ignored if NULL.
|
|
|
|
Return Value:
|
|
|
|
Returns ERROR_SUCCESS (0) for success; error-code for failure.
|
|
|
|
If successful, RegCreateKeyEx creates the new key (or opens the key if
|
|
it already exists), and returns an open handle to the newly created
|
|
key in phkResult. Newly created keys have no value; RegSetValue, or
|
|
RegSetValueEx must be called to set values. hKey must have been
|
|
opened for KEY_CREATE_SUB_KEY access.
|
|
|
|
--*/
|
|
|
|
{
|
|
OBJECT_ATTRIBUTES Obja;
|
|
ULONG Attributes;
|
|
NTSTATUS Status;
|
|
#if DBG
|
|
HANDLE DebugKey = hKey;
|
|
#endif
|
|
HKEY hkDestKey;
|
|
UNICODE_STRING DestClassSubkey;
|
|
PUNICODE_STRING pDestSubkey;
|
|
DWORD dwDisposition;
|
|
BOOL fRetryOnAccessDenied;
|
|
BOOL fRetried;
|
|
BOOL fTrySingleCreate;
|
|
#if LOCAL
|
|
SKeySemantics keyinfo;
|
|
BYTE rgNameInfoBuf[REG_MAX_CLASSKEY_LEN];
|
|
REGSAM OriginalSam = samDesired;
|
|
UNICODE_STRING TmpStr = *lpSubKey; //used to keep original SubKey string
|
|
|
|
|
|
memset(&keyinfo, 0, sizeof(keyinfo));
|
|
#endif
|
|
|
|
#ifndef LOCAL
|
|
BOOL UseFakeMachineKey = FALSE;
|
|
#endif LOCAL
|
|
|
|
ASSERT( IsPredefinedRegistryHandle( hKey ) == FALSE );
|
|
ASSERT( lpSubKey->Length > 0 );
|
|
|
|
DestClassSubkey.Buffer = NULL;
|
|
|
|
//
|
|
// For class registrations, retry on access denied in machine hive --
|
|
// if we do retry, this will be set to FALSE so we only retry once
|
|
//
|
|
fRetryOnAccessDenied = TRUE;
|
|
fRetried = FALSE;
|
|
|
|
//
|
|
// First attempt should do create with a single ntcreatekey call
|
|
// If that doesn't work, this gets set to false so we remember if we
|
|
// have to retry for access denied in the machine hive
|
|
//
|
|
fTrySingleCreate = TRUE;
|
|
|
|
hkDestKey = NULL;
|
|
pDestSubkey = NULL;
|
|
|
|
|
|
//
|
|
// Check for malformed arguments from malicious clients
|
|
//
|
|
if( (lpSubKey == NULL) ||
|
|
(lpSubKey->Length < sizeof(UNICODE_NULL)) ||
|
|
(lpSubKey->Buffer == NULL) ||
|
|
((lpSubKey->Length % sizeof(WCHAR)) != 0) ||
|
|
(lpSubKey->Buffer[lpSubKey->Length / sizeof(WCHAR) - 1] != L'\0') ||
|
|
(phkResult == NULL) ||
|
|
(lpClass == NULL) ||
|
|
(lpClass->Length & 1) ) {
|
|
return(ERROR_INVALID_PARAMETER);
|
|
}
|
|
|
|
//
|
|
// Quick check for a "restricted" handle
|
|
//
|
|
if ( REGSEC_CHECK_HANDLE( hKey ) )
|
|
{
|
|
if ( ! REGSEC_CHECK_PATH( hKey, lpSubKey ) )
|
|
{
|
|
return( ERROR_ACCESS_DENIED );
|
|
}
|
|
|
|
hKey = REGSEC_CLEAR_HANDLE( hKey );
|
|
ASSERT( RestrictedMachineHandle == hKey );
|
|
#ifndef LOCAL
|
|
UseFakeMachineKey = TRUE;
|
|
#endif LOCAL
|
|
}
|
|
|
|
//
|
|
// Impersonate the client.
|
|
//
|
|
|
|
RPC_IMPERSONATE_CLIENT( NULL );
|
|
|
|
//
|
|
// Initialize the variable that will contain the handle to NULL
|
|
// to ensure that in case of error the API will not return a
|
|
// bogus handle. This is required otherwise RPC will get confused.
|
|
// Note that RPC should have already initialized it to 0.
|
|
//
|
|
*phkResult = NULL;
|
|
|
|
//
|
|
// Subtract the NULLs from the Length of the provided strings.
|
|
// These were added on the client side so that the NULLs were
|
|
// transmitted by RPC.
|
|
//
|
|
lpSubKey->Length -= sizeof( UNICODE_NULL );
|
|
|
|
if( lpSubKey->Buffer[0] == ( WCHAR )'\\' ) {
|
|
//
|
|
// Do not accept a key name that starts with '\', even though
|
|
// the code below would handle it. This is to ensure that
|
|
// RegCreateKeyEx and RegOpenKeyEx will behave in the same way
|
|
// when they get a key name that starts with '\'.
|
|
//
|
|
Status = STATUS_OBJECT_PATH_INVALID;
|
|
goto cleanup;
|
|
}
|
|
|
|
if ( lpClass->Length > 0 ) {
|
|
lpClass->Length -= sizeof( UNICODE_NULL );
|
|
}
|
|
|
|
//
|
|
// Determine the correct set of attributes.
|
|
//
|
|
|
|
Attributes = OBJ_CASE_INSENSITIVE;
|
|
|
|
if( ARGUMENT_PRESENT( pRpcSecurityAttributes )) {
|
|
|
|
if( pRpcSecurityAttributes->bInheritHandle ) {
|
|
|
|
Attributes |= OBJ_INHERIT;
|
|
}
|
|
}
|
|
|
|
if (dwOptions & REG_OPTION_OPEN_LINK) {
|
|
Attributes |= OBJ_OPENLINK;
|
|
}
|
|
|
|
#ifdef LOCAL
|
|
if (REG_CLASS_IS_SPECIAL_KEY(hKey) ||
|
|
( (gdwRegistryExtensionFlags & TERMSRV_ENABLE_PER_USER_CLASSES_REDIRECTION )
|
|
&& ExtractClassKey(&hKey,lpSubKey) ) ) {
|
|
|
|
//
|
|
// Find more information
|
|
// about this key -- the most important piece of information
|
|
// is whether it's a class registration key
|
|
//
|
|
keyinfo._pFullPath = (PKEY_NAME_INFORMATION) rgNameInfoBuf;
|
|
keyinfo._cbFullPath = sizeof(rgNameInfoBuf);
|
|
keyinfo._fAllocedNameBuf = FALSE;
|
|
|
|
//
|
|
// see if this is a class registration
|
|
//
|
|
Status = BaseRegGetKeySemantics(hKey, lpSubKey, &keyinfo);
|
|
|
|
// if we can't determine what type of key this is, leave
|
|
if (!NT_SUCCESS(Status)) {
|
|
goto cleanup;
|
|
}
|
|
|
|
Status = BaseRegMapClassRegistrationKey(
|
|
hKey,
|
|
lpSubKey,
|
|
&keyinfo,
|
|
&DestClassSubkey,
|
|
&fRetryOnAccessDenied,
|
|
&hkDestKey,
|
|
&pDestSubkey);
|
|
|
|
if (!NT_SUCCESS(Status)) {
|
|
goto cleanup;
|
|
}
|
|
|
|
} else
|
|
#endif // LOCAL
|
|
{
|
|
#ifdef LOCAL
|
|
memset(&keyinfo, 0, sizeof(keyinfo));
|
|
#endif // LOCAL
|
|
|
|
hkDestKey = hKey;
|
|
pDestSubkey = lpSubKey;
|
|
}
|
|
|
|
#ifndef LOCAL
|
|
//
|
|
// open a new key in the caller's context
|
|
//
|
|
if( UseFakeMachineKey ) {
|
|
Status = OpenMachineKey(&hkDestKey);
|
|
if( !NT_SUCCESS(Status) ) {
|
|
goto cleanup;
|
|
}
|
|
//
|
|
// hkDestKey opened here will be used throught the function to perform the appropiate
|
|
// open and it'll be closed on cleanup path (see commented below at the end of the function)
|
|
//
|
|
//if (hkDestKey && (hkDestKey != hKey)) {
|
|
// NtClose(hkDestKey);
|
|
//}
|
|
|
|
}
|
|
#endif LOCAL
|
|
|
|
for (;;) {
|
|
|
|
#ifdef LOCAL
|
|
|
|
Status = STATUS_OBJECT_NAME_NOT_FOUND;
|
|
|
|
if (fTrySingleCreate)
|
|
{
|
|
#endif
|
|
|
|
//
|
|
// Validate the security descriptor.
|
|
//
|
|
if( ARGUMENT_PRESENT( pRpcSecurityAttributes ) &&
|
|
pRpcSecurityAttributes->RpcSecurityDescriptor.lpSecurityDescriptor)
|
|
{
|
|
if( !RtlValidRelativeSecurityDescriptor((PSECURITY_DESCRIPTOR)(pRpcSecurityAttributes->RpcSecurityDescriptor.lpSecurityDescriptor),
|
|
pRpcSecurityAttributes->RpcSecurityDescriptor.cbInSecurityDescriptor,
|
|
0 )) {
|
|
//
|
|
// We were passed a bogus security descriptor to set. Bail out
|
|
//
|
|
|
|
Status = STATUS_INVALID_PARAMETER;
|
|
goto cleanup;
|
|
}
|
|
}
|
|
|
|
//
|
|
// Try to create the specified key. This will work if there is only
|
|
// one key being created or if the key already exists. If more than
|
|
// one key needs to be created, this will fail and we will have to
|
|
// do all the complicated stuff to create each intermediate key.
|
|
//
|
|
InitializeObjectAttributes(&Obja,
|
|
pDestSubkey,
|
|
Attributes,
|
|
hkDestKey,
|
|
ARGUMENT_PRESENT( pRpcSecurityAttributes )
|
|
? pRpcSecurityAttributes
|
|
->RpcSecurityDescriptor.lpSecurityDescriptor
|
|
: NULL);
|
|
Status = NtCreateKey(phkResult,
|
|
samDesired,
|
|
&Obja,
|
|
0,
|
|
lpClass,
|
|
dwOptions,
|
|
&dwDisposition);
|
|
|
|
|
|
#ifdef LOCAL
|
|
if (gpfnTermsrvCreateRegEntry && NT_SUCCESS(Status) && (dwDisposition == REG_CREATED_NEW_KEY)) {
|
|
//
|
|
// Terminal Server application compatiblity
|
|
// Store the newly created key in the Terminal Server registry tracking database
|
|
//
|
|
|
|
gpfnTermsrvCreateRegEntry(*phkResult,
|
|
&Obja,
|
|
0,
|
|
lpClass,
|
|
dwOptions);
|
|
}
|
|
|
|
}
|
|
|
|
#ifdef CLASSES_RETRY_ON_ACCESS_DENIED
|
|
if (fTrySingleCreate && (STATUS_ACCESS_DENIED == Status) && keyinfo._fCombinedClasses &&
|
|
fRetryOnAccessDenied ) {
|
|
|
|
Status = BaseRegMapClassOnAccessDenied(
|
|
&keyinfo,
|
|
&hkDestKey,
|
|
pDestSubkey,
|
|
&fRetryOnAccessDenied);
|
|
|
|
if (NT_SUCCESS(Status)) {
|
|
fRetried = TRUE;
|
|
continue;
|
|
}
|
|
|
|
// we failed for some reason -- exit
|
|
break;
|
|
|
|
}
|
|
#else
|
|
//if (it's terminal server; we're trying to create single key;
|
|
//we've got ASSESS_DENIED trying to create key
|
|
//a key we want to create is HKCR subkey(keyinfo._fCombinedClasses!=0);
|
|
//Registry flag is set to allow per user classes redirection.
|
|
//(fRetryOnAccessDenied !=0 - means that parent key is not in the user hive))
|
|
//then try to create the key in the user hive.
|
|
if ( (gdwRegistryExtensionFlags & TERMSRV_ENABLE_PER_USER_CLASSES_REDIRECTION)
|
|
&& fTrySingleCreate && (STATUS_ACCESS_DENIED == Status)
|
|
&& keyinfo._fCombinedClasses && fRetryOnAccessDenied
|
|
) {
|
|
|
|
|
|
if (DestClassSubkey.Buffer) {
|
|
RegClassHeapFree(DestClassSubkey.Buffer);
|
|
DestClassSubkey.Buffer=NULL;
|
|
}
|
|
|
|
Status = BaseRegMapClassOnAccessDenied(
|
|
&keyinfo,
|
|
&hkDestKey,
|
|
pDestSubkey,
|
|
&fRetryOnAccessDenied);
|
|
|
|
if (NT_SUCCESS(Status)) {
|
|
fRetried = TRUE;
|
|
continue;
|
|
}
|
|
|
|
// we failed for some reason -- exit
|
|
break;
|
|
|
|
}
|
|
#endif // CLASSES_RETRY_ON_ACCESS_DENIED
|
|
#endif // LOCAL
|
|
|
|
fTrySingleCreate = FALSE;
|
|
|
|
if (NT_SUCCESS(Status)) {
|
|
|
|
if (lpdwDisposition) {
|
|
*lpdwDisposition = dwDisposition;
|
|
}
|
|
|
|
} else {
|
|
|
|
Status = BaseRegCreateMultipartKey(
|
|
hkDestKey,
|
|
pDestSubkey,
|
|
lpClass,
|
|
dwOptions,
|
|
samDesired,
|
|
pRpcSecurityAttributes,
|
|
phkResult,
|
|
lpdwDisposition,
|
|
Attributes);
|
|
}
|
|
|
|
#ifdef LOCAL
|
|
#ifdef CLASSES_RETRY_ON_ACCESS_DENIED
|
|
if ((STATUS_ACCESS_DENIED == Status) && keyinfo._fCombinedClasses &&
|
|
fRetryOnAccessDenied ) {
|
|
|
|
Status = BaseRegMapClassOnAccessDenied(
|
|
&keyinfo,
|
|
&hkDestKey,
|
|
pDestSubkey,
|
|
&fRetryOnAccessDenied);
|
|
|
|
if (NT_SUCCESS(Status)) {
|
|
fRetried = TRUE;
|
|
continue;
|
|
}
|
|
|
|
break;
|
|
|
|
}
|
|
#else
|
|
//We've tried to create single key and failed (Status !=STATUS_ACCESS_DENIED)
|
|
//then we tried to create multipart key and got access denied
|
|
//thus we've got here
|
|
if ( (gdwRegistryExtensionFlags & TERMSRV_ENABLE_PER_USER_CLASSES_REDIRECTION)
|
|
&& (STATUS_ACCESS_DENIED == Status)
|
|
&& keyinfo._fCombinedClasses && fRetryOnAccessDenied
|
|
) {
|
|
|
|
if (DestClassSubkey.Buffer) {
|
|
RegClassHeapFree(DestClassSubkey.Buffer);
|
|
DestClassSubkey.Buffer=NULL;
|
|
}
|
|
|
|
Status = BaseRegMapClassOnAccessDenied(
|
|
&keyinfo,
|
|
&hkDestKey,
|
|
pDestSubkey,
|
|
&fRetryOnAccessDenied);
|
|
|
|
if (NT_SUCCESS(Status)) {
|
|
fRetried = TRUE;
|
|
continue;
|
|
}
|
|
|
|
break;
|
|
|
|
}
|
|
#endif // CLASSES_RETRY_ON_ACCESS_DENIED
|
|
|
|
if (NT_SUCCESS(Status)) {
|
|
if (keyinfo._fCombinedClasses) {
|
|
// mark this key as part of hkcr
|
|
*phkResult = REG_CLASS_SET_SPECIAL_KEY(*phkResult);
|
|
}
|
|
}
|
|
|
|
#endif // LOCAL
|
|
|
|
break;
|
|
}
|
|
|
|
cleanup:
|
|
|
|
|
|
#ifdef CLASSES_RETRY_ON_ACCESS_DENIED
|
|
//
|
|
// Memory was allocated if we retried, so free it
|
|
//
|
|
if (fRetried && pDestSubkey->Buffer) {
|
|
RtlFreeHeap(RtlProcessHeap(), 0, pDestSubkey->Buffer);
|
|
pDestSubkey->Buffer = NULL;
|
|
}
|
|
#endif // CLASSES_RETRY_ON_ACCESS_DENIED
|
|
|
|
if (hkDestKey && (hkDestKey != hKey)) {
|
|
NtClose(hkDestKey);
|
|
}
|
|
|
|
#ifdef LOCAL
|
|
if (DestClassSubkey.Buffer) {
|
|
RegClassHeapFree(DestClassSubkey.Buffer);
|
|
}
|
|
|
|
BaseRegReleaseKeySemantics(&keyinfo);
|
|
|
|
*lpSubKey = TmpStr; //restore original SubKey string
|
|
#endif // LOCAL
|
|
|
|
if (NT_SUCCESS(Status)) {
|
|
#ifdef LOCAL
|
|
#if defined(LEAK_TRACK)
|
|
|
|
if (g_RegLeakTraceInfo.bEnableLeakTrack) {
|
|
(void) TrackObject(*phkResult);
|
|
}
|
|
|
|
#endif // defined(LEAK_TRACK)
|
|
#endif LOCAL
|
|
// disabled, for the case where we specifically close a predefined key inside
|
|
// RegOpenKeyExA and RegOpenKeyExW
|
|
//ASSERT( *phkResult != DebugKey );
|
|
}
|
|
|
|
RPC_REVERT_TO_SELF();
|
|
|
|
return (error_status_t)RtlNtStatusToDosError( Status );
|
|
|
|
}
|
|
|
|
|
|
|
|
NTSTATUS
|
|
BaseRegCreateMultipartKey(
|
|
IN HKEY hkDestKey,
|
|
IN PUNICODE_STRING pDestSubKey,
|
|
IN PUNICODE_STRING lpClass OPTIONAL,
|
|
IN DWORD dwOptions,
|
|
IN REGSAM samDesired,
|
|
IN PRPC_SECURITY_ATTRIBUTES pRpcSecurityAttributes OPTIONAL,
|
|
OUT PHKEY phkResult,
|
|
OUT LPDWORD lpdwDisposition OPTIONAL,
|
|
ULONG Attributes)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This function creates registry keys for which multiple path components
|
|
are nonexistent. It parses the key path and creates each intermediate
|
|
subkey.
|
|
|
|
Arguments:
|
|
|
|
See BaseRegCreateKey.
|
|
|
|
Return Value:
|
|
|
|
Returns STATUS_SUCCESS on success, other NTSTATUS if failed.
|
|
|
|
--*/
|
|
{
|
|
LPWSTR KeyBuffer;
|
|
ULONG NumberOfSubKeys;
|
|
LPWSTR p;
|
|
ULONG i;
|
|
LPWSTR Token;
|
|
UNICODE_STRING KeyName;
|
|
HANDLE TempHandle1;
|
|
HANDLE TempHandle2;
|
|
OBJECT_ATTRIBUTES Obja;
|
|
NTSTATUS Status;
|
|
DWORD dwDisposition;
|
|
#ifdef LOCAL
|
|
REGSAM OriginalSam = samDesired;
|
|
#endif // LOCAL
|
|
|
|
dwDisposition = REG_OPENED_EXISTING_KEY;
|
|
TempHandle1 = NULL;
|
|
|
|
//
|
|
// Win3.1ism - Loop through each '\' separated component in the
|
|
// supplied sub key and create a key for each component. This is
|
|
// guaranteed to work at least once because lpSubKey was validated
|
|
// on the client side.
|
|
//
|
|
|
|
|
|
//
|
|
// Initialize the buffer to be tokenized.
|
|
//
|
|
|
|
KeyBuffer = pDestSubKey->Buffer;
|
|
|
|
//
|
|
// Find out the number of subkeys to be created
|
|
//
|
|
NumberOfSubKeys = 1;
|
|
p = KeyBuffer;
|
|
while ( ( p = wcschr( p, ( WCHAR )'\\' ) ) != NULL ) {
|
|
p++;
|
|
NumberOfSubKeys++;
|
|
}
|
|
|
|
for( i = 0, Token = KeyBuffer; i < NumberOfSubKeys; i++ ) {
|
|
|
|
ASSERT(Token != NULL);
|
|
|
|
if( ( *Token == ( WCHAR )'\\' ) &&
|
|
( i != NumberOfSubKeys - 1 ) ) {
|
|
//
|
|
// If the first character of the key name is '\', and the key
|
|
// is not the last to be created, then ignore this key name.
|
|
// This condition can happen if the key name contains
|
|
// consecutive '\'.
|
|
// This behavior is consistent with the one we had in the past
|
|
// when the API used wcstok() to get the key names.
|
|
// Note that if the key name is an empty string, we return a handle
|
|
// that is different than hKey, even though both point to the same
|
|
// key. This is by design.
|
|
//
|
|
Token++;
|
|
continue;
|
|
}
|
|
|
|
//
|
|
// Convert the token to a counted Unicode string.
|
|
//
|
|
KeyName.Buffer = Token;
|
|
if (i == NumberOfSubKeys - 1) {
|
|
KeyName.Length = wcslen(Token)*sizeof(WCHAR);
|
|
} else {
|
|
KeyName.Length = (USHORT)(wcschr(Token, ( WCHAR )'\\') - Token)*sizeof(WCHAR);
|
|
}
|
|
|
|
//
|
|
// Remember the intermediate handle (NULL the first time through).
|
|
//
|
|
|
|
TempHandle2 = TempHandle1;
|
|
|
|
{
|
|
//
|
|
// Initialize the OBJECT_ATTRIBUTES structure, close the
|
|
// intermediate key and create or open the key.
|
|
//
|
|
|
|
InitializeObjectAttributes(
|
|
&Obja,
|
|
&KeyName,
|
|
Attributes,
|
|
hkDestKey,
|
|
ARGUMENT_PRESENT( pRpcSecurityAttributes )
|
|
? pRpcSecurityAttributes
|
|
->RpcSecurityDescriptor.lpSecurityDescriptor
|
|
: NULL
|
|
);
|
|
|
|
Status = NtCreateKey(
|
|
&TempHandle1,
|
|
( i == NumberOfSubKeys - 1 )? samDesired :
|
|
(samDesired & KEY_WOW64_RES) | MAXIMUM_ALLOWED,
|
|
&Obja,
|
|
0,
|
|
lpClass,
|
|
dwOptions,
|
|
&dwDisposition
|
|
);
|
|
|
|
if (NT_SUCCESS(Status) && lpdwDisposition) {
|
|
*lpdwDisposition = dwDisposition;
|
|
}
|
|
|
|
#ifdef LOCAL
|
|
// This code is in Hydra 4. We have disabled this for NT 5
|
|
// for now till we are sure that its needed to get some imporatant
|
|
// app to work on Hydra 5. Otherwise this should be removed
|
|
if ( gdwRegistryExtensionFlags & TERMSRV_ENABLE_ACCESS_FLAG_MODIFICATION ) {
|
|
|
|
// For Terminal Server only.
|
|
// Some apps try to create/open the key with all of the access bits
|
|
// turned on. We'll mask off the ones they don't have access to by
|
|
// default, (at least under HKEY_LOCAL_MACHINE\Software) and try to
|
|
// open the key again.
|
|
if (Status == STATUS_ACCESS_DENIED) {
|
|
//MAXIMUM_ALLOWED does not include ACCESS_SYSTEM_SECURITY
|
|
//so if user asks for this permission, we need to add it.
|
|
//It could result in ACCESS_DENIED error but for
|
|
//TS App. Compat. it is not important.
|
|
Status = NtCreateKey(
|
|
&TempHandle1,
|
|
(samDesired & (KEY_WOW64_RES | ACCESS_SYSTEM_SECURITY) ) | MAXIMUM_ALLOWED,
|
|
&Obja,
|
|
0,
|
|
lpClass,
|
|
dwOptions,
|
|
&dwDisposition);
|
|
|
|
// Give app back the original error
|
|
if (!NT_SUCCESS(Status)) {
|
|
Status = STATUS_ACCESS_DENIED;
|
|
}
|
|
|
|
if (lpdwDisposition) {
|
|
*lpdwDisposition = dwDisposition;
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
if (gpfnTermsrvCreateRegEntry && NT_SUCCESS(Status) && (dwDisposition == REG_CREATED_NEW_KEY)) {
|
|
|
|
//
|
|
// Terminal Server application compatiblity
|
|
// Store the newly created key in the Terminal Server registry tracking database
|
|
//
|
|
gpfnTermsrvCreateRegEntry(TempHandle1,
|
|
&Obja,
|
|
0,
|
|
lpClass,
|
|
dwOptions);
|
|
}
|
|
#endif
|
|
}
|
|
|
|
//
|
|
// Initialize the next object directory (i.e. parent key) handle.
|
|
//
|
|
|
|
hkDestKey = TempHandle1;
|
|
|
|
//
|
|
// Close the intermediate key.
|
|
// This fails the first time through the loop since the
|
|
// handle is NULL.
|
|
//
|
|
|
|
if( TempHandle2 != NULL ) {
|
|
NtClose( TempHandle2 );
|
|
}
|
|
|
|
//
|
|
// If creating the key failed, map and return the error.
|
|
//
|
|
|
|
if( ! NT_SUCCESS( Status )) {
|
|
return Status;
|
|
}
|
|
|
|
Token = wcschr( Token, ( WCHAR )'\\') + 1;
|
|
|
|
}
|
|
|
|
//
|
|
// Only set the return value once we know we've
|
|
// succeeded.
|
|
//
|
|
*phkResult = hkDestKey;
|
|
|
|
return STATUS_SUCCESS;
|
|
}
|
|
|
|
|
|
|
|
error_status_t
|
|
BaseRegFlushKey(
|
|
IN HKEY hKey
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Flush changes to backing store. Flush will not return until the data
|
|
has been written to backing store. It will flush all the attributes
|
|
of a single key. Closing a key without flushing it will NOT abort
|
|
changes.
|
|
|
|
Arguments:
|
|
|
|
hKey - Supplies a handle to the open key.
|
|
|
|
Return Value:
|
|
|
|
Returns ERROR_SUCCESS (0) for success; error-code for failure.
|
|
|
|
If successful, RegFlushKey will flush to backing store any changes
|
|
made to the key.
|
|
|
|
Notes:
|
|
|
|
RegFlushKey may also flush other data in the Registry, and therefore
|
|
can be expensive, it should not be called gratuitously.
|
|
|
|
--*/
|
|
|
|
{
|
|
if ((hKey == HKEY_PERFORMANCE_DATA) ||
|
|
(hKey == HKEY_PERFORMANCE_TEXT) ||
|
|
(hKey == HKEY_PERFORMANCE_NLSTEXT)) {
|
|
return(ERROR_SUCCESS);
|
|
}
|
|
|
|
ASSERT( IsPredefinedRegistryHandle( hKey ) == FALSE );
|
|
|
|
|
|
//
|
|
// Call the Nt Api to flush the key, map the NTSTATUS code to a
|
|
// Win32 Registry error code and return.
|
|
//
|
|
|
|
return (error_status_t)RtlNtStatusToDosError( NtFlushKey( hKey ));
|
|
}
|
|
|
|
error_status_t
|
|
BaseRegOpenKey(
|
|
IN HKEY hKey,
|
|
IN PUNICODE_STRING lpSubKey,
|
|
IN DWORD dwOptions,
|
|
IN REGSAM samDesired,
|
|
OUT PHKEY phkResult
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Open a key for access, returning a handle to the key. If the key is
|
|
not present, it is not created (see RegCreateKeyExW).
|
|
|
|
Arguments:
|
|
|
|
hKey - Supplies a handle to an open key. The lpSubKey pathname
|
|
parameter is relative to this key handle. Any of the predefined
|
|
reserved handle values or a previously opened key handle may be used
|
|
for hKey. NULL is not permitted.
|
|
|
|
lpSubKey - Supplies the downward key path to the key to open.
|
|
lpSubKey is always relative to the key specified by hKey.
|
|
|
|
dwOptions -- reserved.
|
|
|
|
samDesired -- This access mask describes the desired security access
|
|
for the key.
|
|
|
|
phkResult -- Returns the handle to the newly opened key.
|
|
|
|
Return Value:
|
|
|
|
Returns ERROR_SUCCESS (0) for success; error-code for failure.
|
|
|
|
If successful, RegOpenKeyEx will return the handle to the newly opened
|
|
key in phkResult.
|
|
|
|
--*/
|
|
|
|
{
|
|
OBJECT_ATTRIBUTES Obja;
|
|
NTSTATUS Status = STATUS_OBJECT_NAME_NOT_FOUND;
|
|
error_status_t ret = ERROR_SUCCESS;
|
|
#ifdef LOCAL
|
|
UNICODE_STRING TmpStr = *lpSubKey; //used to keep original SubKey string
|
|
#endif
|
|
|
|
#ifndef LOCAL
|
|
BOOL UseFakeMachineKey = FALSE;
|
|
#endif
|
|
|
|
UNREFERENCED_PARAMETER( dwOptions );
|
|
|
|
ASSERT( IsPredefinedRegistryHandle( hKey ) == FALSE );
|
|
|
|
//
|
|
// Check for malformed arguments from malicious clients
|
|
//
|
|
if( (lpSubKey == NULL) ||
|
|
(lpSubKey->Length < sizeof(UNICODE_NULL)) ||
|
|
((lpSubKey->Length % sizeof(WCHAR)) != 0) ||
|
|
(phkResult == NULL) ) {
|
|
return(ERROR_INVALID_PARAMETER);
|
|
}
|
|
|
|
//
|
|
// Need to NULL this out param for compat with NT4, even though SDK
|
|
// does not define this out param on api failure -- bad apps were written
|
|
// which rely on this. Used to get NULLed by call to NtOpenKey, but since
|
|
// we don't always call that now, we need to do this here in user mode. Also
|
|
// need an exception wrapper since NtOpenKey would simply return an error if
|
|
// the pointer were invalid, whereas in user mode we access violate if we simply
|
|
// assign -- yet another fix needed for app compatibility as some apps on NT 4
|
|
// were actually passing in a bad pointer and ignoring the error returned
|
|
// by the api as part of their normal operation.
|
|
//
|
|
|
|
__try {
|
|
|
|
*phkResult = NULL;
|
|
|
|
} __except ( EXCEPTION_EXECUTE_HANDLER ) {
|
|
|
|
Status = GetExceptionCode();
|
|
|
|
#if DBG
|
|
DbgPrint( "WINREG Error: Exception %x in BaseRegOpenKey\n",
|
|
Status );
|
|
#endif
|
|
ret = RtlNtStatusToDosError( Status );
|
|
}
|
|
|
|
//
|
|
// This will only be true if there was an exception above --
|
|
// return the exception code as an error
|
|
//
|
|
|
|
if (ERROR_SUCCESS != ret) {
|
|
return ret;
|
|
}
|
|
|
|
//
|
|
// Quick check for a "restricted" handle
|
|
//
|
|
|
|
if ( REGSEC_CHECK_HANDLE( hKey ) )
|
|
{
|
|
if ( ! REGSEC_CHECK_PATH( hKey, lpSubKey ) )
|
|
{
|
|
return( ERROR_ACCESS_DENIED );
|
|
}
|
|
|
|
hKey = REGSEC_CLEAR_HANDLE( hKey );
|
|
ASSERT( RestrictedMachineHandle == hKey );
|
|
#ifndef LOCAL
|
|
UseFakeMachineKey = TRUE;
|
|
#endif LOCAL
|
|
}
|
|
|
|
//
|
|
// Impersonate the client.
|
|
//
|
|
|
|
RPC_IMPERSONATE_CLIENT( NULL );
|
|
|
|
#ifndef LOCAL
|
|
//
|
|
// open a new key in the caller's context
|
|
//
|
|
if( UseFakeMachineKey ) {
|
|
Status = OpenMachineKey(&hKey);
|
|
if( !NT_SUCCESS(Status) ) {
|
|
ret = RtlNtStatusToDosError( Status );
|
|
RPC_REVERT_TO_SELF();
|
|
return ret;
|
|
}
|
|
}
|
|
#endif LOCAL
|
|
//
|
|
// Subtract the NULLs from the Length of the provided string.
|
|
// This was added on the client side so that the NULL was
|
|
// transmited by RPC.
|
|
//
|
|
lpSubKey->Length -= sizeof( UNICODE_NULL );
|
|
|
|
//
|
|
// Initialize the OBJECT_ATTRIBUTES structure and open the key.
|
|
//
|
|
|
|
InitializeObjectAttributes(
|
|
&Obja,
|
|
lpSubKey,
|
|
dwOptions & REG_OPTION_OPEN_LINK ? (OBJ_OPENLINK | OBJ_CASE_INSENSITIVE)
|
|
: OBJ_CASE_INSENSITIVE,
|
|
hKey,
|
|
NULL
|
|
);
|
|
|
|
#ifdef LOCAL
|
|
if ( REG_CLASS_IS_SPECIAL_KEY(hKey) ||
|
|
( (gdwRegistryExtensionFlags & TERMSRV_ENABLE_PER_USER_CLASSES_REDIRECTION)
|
|
&& ExtractClassKey(&hKey,lpSubKey) ) ) {
|
|
Status = BaseRegOpenClassKey(
|
|
hKey,
|
|
lpSubKey,
|
|
dwOptions,
|
|
samDesired,
|
|
phkResult);
|
|
|
|
} else
|
|
#endif // LOCAL
|
|
{
|
|
//
|
|
// Obja was initialized above
|
|
//
|
|
|
|
Status = NtOpenKey(
|
|
phkResult,
|
|
samDesired,
|
|
&Obja);
|
|
}
|
|
|
|
#ifndef LOCAL
|
|
//
|
|
// close the fake machine key
|
|
//
|
|
if( UseFakeMachineKey ) {
|
|
NtClose(hKey);
|
|
}
|
|
#endif LOCAL
|
|
|
|
RPC_REVERT_TO_SELF();
|
|
|
|
ret = (error_status_t)RtlNtStatusToDosError( Status );
|
|
|
|
#ifdef LOCAL
|
|
if (STATUS_ACCESS_DENIED == Status)
|
|
{
|
|
//If key could not be opened with SamDesired access
|
|
//open it with MAXIMUM_ALLOWED.
|
|
//do it only if it's terminal server and proper
|
|
//flag is set in the registry.
|
|
if ( gdwRegistryExtensionFlags & TERMSRV_ENABLE_ACCESS_FLAG_MODIFICATION )
|
|
{
|
|
{
|
|
//MAXIMUM_ALLOWED does not include ACCESS_SYSTEM_SECURITY
|
|
//so if user asks for this permission, we need to add it.
|
|
//It could result in ACCESS_DENIED error but for
|
|
//TS App. Compat. it is not important.
|
|
if(REG_CLASS_IS_SPECIAL_KEY(hKey))
|
|
{
|
|
Status = BaseRegOpenClassKey(
|
|
hKey,
|
|
lpSubKey,
|
|
dwOptions,
|
|
(samDesired & (KEY_WOW64_RES | ACCESS_SYSTEM_SECURITY)) | MAXIMUM_ALLOWED,
|
|
phkResult);
|
|
}
|
|
else
|
|
{
|
|
Status = NtOpenKey(
|
|
phkResult,
|
|
(samDesired & (KEY_WOW64_RES | ACCESS_SYSTEM_SECURITY)) | MAXIMUM_ALLOWED,
|
|
&Obja);
|
|
}
|
|
|
|
|
|
// Give app back the original error
|
|
if (!NT_SUCCESS(Status)) {
|
|
Status = STATUS_ACCESS_DENIED;
|
|
}
|
|
ret = (error_status_t)RtlNtStatusToDosError( Status );
|
|
}
|
|
|
|
}
|
|
}
|
|
|
|
|
|
if ((!REG_CLASS_IS_SPECIAL_KEY(hKey)) && !NT_SUCCESS(Status) && gpfnTermsrvOpenRegEntry) {
|
|
|
|
//
|
|
// Obja was initialized above
|
|
//
|
|
|
|
if (gpfnTermsrvOpenRegEntry(phkResult,
|
|
samDesired,
|
|
&Obja)) {
|
|
Status = STATUS_SUCCESS;
|
|
ret = (error_status_t)RtlNtStatusToDosError( Status );
|
|
}
|
|
}
|
|
#if defined(LEAK_TRACK)
|
|
|
|
if (g_RegLeakTraceInfo.bEnableLeakTrack) {
|
|
if (ERROR_SUCCESS == ret) {
|
|
(void) TrackObject(*phkResult);
|
|
}
|
|
}
|
|
|
|
#endif (LEAK_TRACK)
|
|
|
|
*lpSubKey = TmpStr; //Restore original SubKey string
|
|
|
|
#endif // LOCAL
|
|
|
|
return ret;
|
|
}
|
|
|
|
//
|
|
// BaseRegGetVersion - new for Chicago to determine what version a registry
|
|
// key is connected to.
|
|
//
|
|
|
|
error_status_t
|
|
BaseRegGetVersion(
|
|
IN HKEY hKey,
|
|
OUT LPDWORD lpdwVersion
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
New for Win95, allows a caller to determine what version a registry
|
|
key is connected to.
|
|
|
|
Arguments:
|
|
|
|
hKey - Supplies a handle to an open key.
|
|
|
|
lpdwVersion - Returns the registry version.
|
|
|
|
Return Value:
|
|
|
|
Returns ERROR_SUCCESS (0) for success;
|
|
|
|
If successful, BaseRegGetVersion returns the registry version in lpdwVersion
|
|
|
|
--*/
|
|
{
|
|
if (lpdwVersion != NULL) {
|
|
*lpdwVersion = REMOTE_REGISTRY_VERSION;
|
|
return(ERROR_SUCCESS);
|
|
}
|
|
//
|
|
// ERROR_NOACCESS is kind of a weird thing to return,
|
|
// but we want to return something different in the
|
|
// NULL case because that is how we tell whether we
|
|
// are talking to a Win95 machine. Win95's implementation
|
|
// of BaseRegGetVersion does not actually fill in the
|
|
// version. It just returns ERROR_SUCCESS or
|
|
// ERROR_INVALID_PARAMETER.
|
|
//
|
|
return(ERROR_NOACCESS);
|
|
}
|
|
|