wineserver: Added support for read/only Registry, similar to unprivileged users (try 2)
Paul Chitescu
paulc at voip.null.ro
Fri Nov 27 10:12:59 CST 2009
Changelog:
wineserver: Added support for read/only Registry, similar to
unprivileged users
Rationale:
This is a first step towards implementing shared wine prefixes with
most users being unprivileged and a single Administrator (power user, etc.)
capable of installing programs.
How it works:
For selected Registry files (system.reg and userdef.reg) the code will
attempt to initially load them by opening the file in read/write mode.
If opening R/W succeeds the current behavior is unchanged, the keys
are created write accessible to the user.
If opening R/W fails the operation is retried in R/O mode. If that
succeeds the current key is flagged KEY_READONLY causing the entire loaded
branch to inherit this flag.
The create_key handler refuses to allow non-volatile keys to be
created in a R/O parent key. However, if MAXIMUM_ALLOWED access is specified
the access is silently downgraded to KEY_READ and the key is opened instead.
The open_key handler checks the access rights if the requested key is
flagged R/O. If MAXIMUM_ALLOWED access is specified (Windows regedit.exe does
so) the access is silently downgraded to KEY_READ. Else if any of the write or
delete flags are set (KEY_DENIED) the request is refused with access denied.
This is pretty much what a Guest or unprivileged user gets when accessing the
Registry on a Windows system (except we don't implement object ownership).
Changes from previous patch version:
- fallback to open_key in create_key handler if write access is not required
- can be applied with patch -p0 or -p1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: wineserver_registry_ro2.patch
Type: text/x-patch
Size: 4819 bytes
Desc: not available
URL: <http://www.winehq.org/pipermail/wine-patches/attachments/20091127/3ddef18f/attachment.bin>
More information about the wine-patches
mailing list