svn commit: samba r25362 - in branches: SAMBA_3_2/source/registry SAMBA_3_2_0/source/registry

Wed, 26 Sep 2007 14:47:15 -0700 

Author: gd
Date: 2007-09-26 21:46:43 +0000 (Wed, 26 Sep 2007)
New Revision: 25362

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=25362

Log:
Add "NT Authority\System" with Full Access to the default registry security
descriptor.

Guenther

Modified:
   branches/SAMBA_3_2/source/registry/reg_frontend_hilvl.c
   branches/SAMBA_3_2_0/source/registry/reg_frontend_hilvl.c


Changeset:
Modified: branches/SAMBA_3_2/source/registry/reg_frontend_hilvl.c
===================================================================
--- branches/SAMBA_3_2/source/registry/reg_frontend_hilvl.c     2007-09-26 
19:28:40 UTC (rev 25361)
+++ branches/SAMBA_3_2/source/registry/reg_frontend_hilvl.c     2007-09-26 
21:46:43 UTC (rev 25362)
@@ -34,7 +34,7 @@
 
 static SEC_DESC* construct_registry_sd( TALLOC_CTX *ctx )
 {
-       SEC_ACE ace[2]; 
+       SEC_ACE ace[3];
        SEC_ACCESS mask;
        size_t i = 0;
        SEC_DESC *sd;
@@ -50,8 +50,13 @@
        
        init_sec_access(&mask, REG_KEY_ALL );
        init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators, 
SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+
+       /* Full Access 'NT Authority\System' */
+
+       init_sec_access(&mask, REG_KEY_ALL );
+       init_sec_ace(&ace[i++], &global_sid_System, 
SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+
        
-       
        /* create the security descriptor */
        
        if ( !(acl = make_sec_acl(ctx, NT4_ACL_REVISION, i, ace)) )

Modified: branches/SAMBA_3_2_0/source/registry/reg_frontend_hilvl.c
===================================================================
--- branches/SAMBA_3_2_0/source/registry/reg_frontend_hilvl.c   2007-09-26 
19:28:40 UTC (rev 25361)
+++ branches/SAMBA_3_2_0/source/registry/reg_frontend_hilvl.c   2007-09-26 
21:46:43 UTC (rev 25362)
@@ -34,7 +34,7 @@
 
 static SEC_DESC* construct_registry_sd( TALLOC_CTX *ctx )
 {
-       SEC_ACE ace[2]; 
+       SEC_ACE ace[3];
        SEC_ACCESS mask;
        size_t i = 0;
        SEC_DESC *sd;
@@ -50,8 +50,13 @@
        
        init_sec_access(&mask, REG_KEY_ALL );
        init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators, 
SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+
+       /* Full Access 'NT Authority\System' */
+
+       init_sec_access(&mask, REG_KEY_ALL );
+       init_sec_ace(&ace[i++], &global_sid_System, 
SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+
        
-       
        /* create the security descriptor */
        
        if ( !(acl = make_sec_acl(ctx, NT4_ACL_REVISION, i, ace)) )

Reply via email to