s3:registry: replace call to reg_openkey() in reg_createkey() by accesscheck. (cherry...

[ddiss/samba.git] / source3 / registry / reg_api.c

diff --git a/source3/registry/reg_api.c b/source3/registry/reg_api.c
index bfc7aec35d1a6f85d2461a5fc95d12e915c68c32..55e364feae99b869a3becee0898406d1b49c69dc 100644 (file)
--- a/source3/registry/reg_api.c
+++ b/source3/registry/reg_api.c
@@ -116,7 +116,7 @@ static WERROR fill_subkey_cache(struct registry_key *key)
 
        if (fetch_reg_keys(key->key, key->subkeys) == -1) {
                TALLOC_FREE(key->subkeys);
-               return WERR_NO_MORE_ITEMS;
+               return WERR_BADFILE;
        }
 
        return WERR_OK;
@@ -137,7 +137,6 @@ static WERROR regkey_open_onelevel(TALLOC_CTX *mem_ctx,
        WERROR          result = WERR_OK;
        struct registry_key *regkey;
        struct registry_key_handle *key;
-       struct regsubkey_ctr    *subkeys = NULL;
 
        DEBUG(7,("regkey_open_onelevel: name = [%s]\n", name));
 
@@ -203,21 +202,13 @@ static WERROR regkey_open_onelevel(TALLOC_CTX *mem_ctx,
                goto done;
        }
 
-       /* check if the path really exists; failed is indicated by -1 */
-       /* if the subkey count failed, bail out */
+       /* FIXME: Existence is currently checked by fetching the subkeys */
 
-       result = regsubkey_ctr_init(key, &subkeys);
+       result = fill_subkey_cache(regkey);
        if (!W_ERROR_IS_OK(result)) {
                goto done;
        }
 
-       if ( fetch_reg_keys( key, subkeys ) == -1 )  {
-               result = WERR_BADFILE;
-               goto done;
-       }
-
-       TALLOC_FREE( subkeys );
-
        if ( !regkey_access_check( key, access_desired, &key->access_granted,
                                   token ) ) {
                result = WERR_ACCESS_DENIED;
@@ -566,6 +557,7 @@ WERROR reg_createkey(TALLOC_CTX *ctx, struct registry_key *parent,
        TALLOC_CTX *mem_ctx;
        char *path, *end;
        WERROR err;
+       uint32_t access_granted;
 
        mem_ctx = talloc_new(ctx);
        if (mem_ctx == NULL) {
@@ -626,25 +618,21 @@ WERROR reg_createkey(TALLOC_CTX *ctx, struct registry_key *parent,
        }
 
        /*
-        * We have to make a copy of the current key, as we opened it only
-        * with ENUM_SUBKEY access.
+        * We may (e.g. in the iteration) have opened the key with ENUM_SUBKEY.
+        * Instead of re-opening the key with CREATE_SUB_KEY, we simply
+        * duplicate the access check here and skip the expensive full open.
         */
-
-       err = reg_openkey(mem_ctx, key, "", KEY_CREATE_SUB_KEY,
-                         &create_parent);
-       if (!W_ERROR_IS_OK(err)) {
-               goto trans_done;
+       if (!regkey_access_check(key->key, KEY_CREATE_SUB_KEY, &access_granted,
+                                key->token))
+       {
+               err = WERR_ACCESS_DENIED;
+               goto done;
        }
 
        /*
         * Actually create the subkey
         */
 
-       err = fill_subkey_cache(create_parent);
-       if (!W_ERROR_IS_OK(err)) {
-               goto trans_done;
-       }
-
        err = create_reg_subkey(key->key, path);
        if (!W_ERROR_IS_OK(err)) {
                goto trans_done;
@@ -654,7 +642,7 @@ WERROR reg_createkey(TALLOC_CTX *ctx, struct registry_key *parent,
         * Now open the newly created key
         */
 
-       err = reg_openkey(ctx, create_parent, path, desired_access, pkey);
+       err = reg_openkey(ctx, key, path, desired_access, pkey);
        if (W_ERROR_IS_OK(err) && (paction != NULL)) {
                *paction = REG_CREATED_NEW_KEY;
        }