source: releases/0.2.2/lib/regfio.c @ 273

Last change on this file since 273 was 59, checked in by tim, 19 years ago

Updated version

Code format cleanup, some comments added.

  • Property svn:keywords set to Id
File size: 37.2 KB
Line 
1/*
2 * Branched from Samba project Subversion repository, version #7470:
3 *   http://websvn.samba.org/cgi-bin/viewcvs.cgi/trunk/source/registry/regfio.c
4 *
5 * Unix SMB/CIFS implementation.
6 * Windows NT registry I/O library
7 *
8 * Copyright (C) 2005 Timothy D. Morgan
9 * Copyright (C) 2005 Gerald (Jerry) Carter
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; version 2 of the License.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 
23 *
24 * $Id: regfio.c 59 2005-10-03 01:26:12Z tim $
25 */
26
27#include "../include/regfio.h"
28
29
30
31/* Registry types mapping */
32const VAL_STR reg_type_names[] = 
33{
34  { REG_SZ,                        "SZ"           },
35  { REG_EXPAND_SZ,                 "EXPAND_SZ"    },
36  { REG_BINARY,                    "BINARY"       },
37  { REG_DWORD,                     "DWORD"        },
38  { REG_DWORD_BE,                  "DWORD_BE"     },
39  { REG_LINK,                      "LINK"         },
40  { REG_MULTI_SZ,                  "MULTI_SZ"     },
41  { REG_RESOURCE_LIST,             "RSRC_LIST"    },
42  { REG_FULL_RESOURCE_DESCRIPTOR,  "RSRC_DESC"    },
43  { REG_RESOURCE_REQUIREMENTS_LIST,"RSRC_REQ_LIST"},
44  { REG_KEY,                       "KEY"          },
45  { 0,                             NULL           },
46};
47
48
49/* Returns NULL on error */
50const char* regfio_type_val2str(unsigned int val)
51{
52  int i;
53
54  for(i=0; reg_type_names[i].val && reg_type_names[i].str; i++)
55    if (reg_type_names[i].val == val) 
56      return reg_type_names[i].str;
57
58  return NULL;
59}
60
61
62/* Returns 0 on error */
63int regfio_type_str2val(const char* str)
64{
65  int i;
66
67  for(i=0; reg_type_names[i].val && reg_type_names[i].str; i++) 
68    if (strcmp(reg_type_names[i].str, str) == 0) 
69      return reg_type_names[i].val;
70
71  return 0;
72}
73
74
75/* Security descriptor parsing functions  */
76
77const char* regfio_ace_type2str(uint8 type)
78{
79  static const char* map[7] 
80    = {"ALLOW", "DENY", "AUDIT", "ALARM", 
81       "ALLOW CPD", "OBJ ALLOW", "OBJ DENY"};
82  if(type < 7)
83    return map[type];
84  else
85    /* XXX: would be nice to return the unknown integer value. 
86     *      However, as it is a const string, it can't be free()ed later on,
87     *      so that would need to change.
88     */
89    return "UNKNOWN";
90}
91
92
93/* XXX: this could probably be more efficient */
94char* regfio_ace_flags2str(uint8 flags)
95{
96  char* flg_output = malloc(21*sizeof(char));
97  int some = 0;
98
99  if(flg_output == NULL)
100    return NULL;
101
102  flg_output[0] = '\0';
103  if (!flags)
104    return flg_output;
105
106  if (flags & 0x01) {
107    if (some) strcat(flg_output, " ");
108    some = 1;
109    strcat(flg_output, "OI");
110  }
111  if (flags & 0x02) {
112    if (some) strcat(flg_output, " ");
113    some = 1;
114    strcat(flg_output, "CI");
115  }
116  if (flags & 0x04) {
117    if (some) strcat(flg_output, " ");
118    some = 1;
119    strcat(flg_output, "NP");
120  }
121  if (flags & 0x08) {
122    if (some) strcat(flg_output, " ");
123    some = 1;
124    strcat(flg_output, "IO");
125  }
126  if (flags & 0x10) {
127    if (some) strcat(flg_output, " ");
128    some = 1;
129    strcat(flg_output, "IA");
130  }
131  /* XXX: Is this check right?  0xF == 1|2|4|8, which makes it redundant... */
132  if (flags == 0xF) {
133    if (some) strcat(flg_output, " ");
134    some = 1;
135    strcat(flg_output, "VI");
136  }
137
138  return flg_output;
139}
140
141
142char* regfio_ace_perms2str(uint32 perms)
143{
144  char* ret_val = malloc(9*sizeof(char));
145  if(ret_val == NULL)
146    return NULL;
147
148  /* XXX: this should probably be parsed better */
149  sprintf(ret_val, "%.8X", perms);
150
151  return ret_val;
152}
153
154
155char* regfio_sid2str(DOM_SID* sid)
156{
157  uint32 i, size = MAXSUBAUTHS*11 + 24;
158  uint32 left = size;
159  uint8 comps = sid->num_auths;
160  char* ret_val = malloc(size);
161 
162  if(ret_val == NULL)
163    return NULL;
164
165  if(comps > MAXSUBAUTHS)
166    comps = MAXSUBAUTHS;
167
168  left -= sprintf(ret_val, "S-%u-%u", sid->sid_rev_num, sid->id_auth[5]);
169
170  for (i = 0; i < comps; i++) 
171    left -= snprintf(ret_val+(size-left), left, "-%u", sid->sub_auths[i]);
172
173  return ret_val;
174}
175
176
177char* regfio_get_acl(SEC_ACL* acl)
178{
179  uint32 i, extra, size = 0;
180  const char* type_str;
181  char* flags_str;
182  char* perms_str;
183  char* sid_str;
184  char* ret_val = NULL;
185  char* ace_delim = "";
186  char field_delim = ':';
187
188  for (i = 0; i < acl->num_aces; i++)
189  {
190    sid_str = regfio_sid2str(&acl->ace[i].trustee);
191    type_str = regfio_ace_type2str(acl->ace[i].type);
192    perms_str = regfio_ace_perms2str(acl->ace[i].info.mask);
193    flags_str = regfio_ace_flags2str(acl->ace[i].flags);
194   
195    if(flags_str == NULL || perms_str == NULL 
196       || type_str == NULL || sid_str == NULL)
197      return NULL;
198
199    /* XXX: this is slow */
200    extra = strlen(sid_str) + strlen(type_str) 
201          + strlen(perms_str) + strlen(flags_str)+5;
202    ret_val = realloc(ret_val, size+extra);
203    if(ret_val == NULL)
204      return NULL;
205    size += snprintf(ret_val+size, extra, "%s%s%c%s%c%s%c%s",
206                     ace_delim,sid_str,
207                     field_delim,type_str,
208                     field_delim,perms_str,
209                     field_delim,flags_str);
210    ace_delim = "|";
211    free(sid_str);
212    free(perms_str);
213    free(flags_str);
214  }
215
216  return ret_val;
217}
218
219
220char* regfio_get_sacl(SEC_DESC *sec_desc)
221{
222  if (sec_desc->sacl)
223    return regfio_get_acl(sec_desc->sacl);
224  else
225    return NULL;
226}
227
228
229char* regfio_get_dacl(SEC_DESC *sec_desc)
230{
231  if (sec_desc->dacl)
232    return regfio_get_acl(sec_desc->dacl);
233  else
234    return NULL;
235}
236
237
238char* regfio_get_owner(SEC_DESC *sec_desc)
239{
240  return regfio_sid2str(sec_desc->owner_sid);
241}
242
243
244char* regfio_get_group(SEC_DESC *sec_desc)
245{
246  return regfio_sid2str(sec_desc->grp_sid);
247}
248
249
250
251/*******************************************************************
252 *******************************************************************/
253static int read_block( REGF_FILE *file, prs_struct *ps, uint32 file_offset, 
254                       uint32 block_size )
255{
256  int bytes_read, returned;
257  char *buffer;
258  SMB_STRUCT_STAT sbuf;
259
260  /* check for end of file */
261
262  if ( fstat( file->fd, &sbuf ) ) {
263    /*DEBUG(0,("read_block: stat() failed! (%s)\n", strerror(errno)));*/
264    return -1;
265  }
266
267  if ( (size_t)file_offset >= sbuf.st_size )
268    return -1;
269       
270  /* if block_size == 0, we are parsnig HBIN records and need
271     to read some of the header to get the block_size from there */
272           
273  if ( block_size == 0 ) {
274    uint8 hdr[0x20];
275
276    if ( lseek( file->fd, file_offset, SEEK_SET ) == -1 ) {
277      /*DEBUG(0,("read_block: lseek() failed! (%s)\n", strerror(errno) ));*/
278      return -1;
279    }
280
281    returned = read( file->fd, hdr, 0x20 );
282    if ( (returned == -1) || (returned < 0x20) ) {
283      /*DEBUG(0,("read_block: failed to read in HBIN header. Is the file corrupt?\n"));*/
284      return -1;
285    }
286
287    /* make sure this is an hbin header */
288
289    if ( strncmp( (char*)hdr, "hbin", HBIN_HDR_SIZE ) != 0 ) {
290      /*DEBUG(0,("read_block: invalid block header!\n"));*/
291      return -1;
292    }
293
294    block_size = IVAL( hdr, 0x08 );
295  }
296
297  /*DEBUG(10,("read_block: block_size == 0x%x\n", block_size ));*/
298
299  /* set the offset, initialize the buffer, and read the block from disk */
300
301  if ( lseek( file->fd, file_offset, SEEK_SET ) == -1 ) {
302    /*DEBUG(0,("read_block: lseek() failed! (%s)\n", strerror(errno) ));*/
303    return -1;
304  }
305       
306  prs_init( ps, block_size, file->mem_ctx, UNMARSHALL );
307  buffer = ps->data_p;
308  bytes_read = returned = 0;
309
310  while ( bytes_read < block_size ) 
311  {
312    if((returned = 
313        read(file->fd, buffer+bytes_read, block_size-bytes_read)) == -1)
314    {
315      /*DEBUG(0,("read_block: read() failed (%s)\n", strerror(errno) ));*/
316      return false;
317    }
318    if ((returned == 0) && (bytes_read < block_size)) 
319    {
320      /*DEBUG(0,("read_block: not a vald registry file ?\n" ));*/
321      return false;
322    }   
323
324    bytes_read += returned;
325  }
326       
327  return bytes_read;
328}
329
330
331/*******************************************************************
332 *******************************************************************/
333static bool prs_regf_block(const char *desc, prs_struct *ps, 
334                           int depth, REGF_FILE *file)
335{
336  depth++;
337       
338  if(!prs_uint8s(true, "header", ps, depth, file->header, sizeof(file->header)))
339    return false;
340       
341  /* yes, these values are always identical so store them only once */
342       
343  if ( !prs_uint32( "unknown1", ps, depth, &file->unknown1 ))
344    return false;
345  if ( !prs_uint32( "unknown1 (again)", ps, depth, &file->unknown1 ))
346    return false;
347
348  /* get the modtime */
349       
350  if ( !prs_set_offset( ps, 0x0c ) )
351    return false;
352  if ( !smb_io_time( "modtime", &file->mtime, ps, depth ) )
353    return false;
354
355  /* constants */
356       
357  if ( !prs_uint32( "unknown2", ps, depth, &file->unknown2 ))
358    return false;
359  if ( !prs_uint32( "unknown3", ps, depth, &file->unknown3 ))
360    return false;
361  if ( !prs_uint32( "unknown4", ps, depth, &file->unknown4 ))
362    return false;
363  if ( !prs_uint32( "unknown5", ps, depth, &file->unknown5 ))
364    return false;
365
366  /* get file offsets */
367       
368  if ( !prs_set_offset( ps, 0x24 ) )
369    return false;
370  if ( !prs_uint32( "data_offset", ps, depth, &file->data_offset ))
371    return false;
372  if ( !prs_uint32( "last_block", ps, depth, &file->last_block ))
373    return false;
374               
375  /* one more constant */
376       
377  if ( !prs_uint32( "unknown6", ps, depth, &file->unknown6 ))
378    return false;
379               
380  /* get the checksum */
381       
382  if ( !prs_set_offset( ps, 0x01fc ) )
383    return false;
384  if ( !prs_uint32( "checksum", ps, depth, &file->checksum ))
385    return false;
386       
387  return true;
388}
389
390
391/*******************************************************************
392 *******************************************************************/
393static bool prs_hbin_block(const char *desc, prs_struct *ps, 
394                           int depth, REGF_HBIN *hbin)
395{
396  uint32 block_size2;
397
398  depth++;
399       
400  if(!prs_uint8s(true, "header", ps, depth, hbin->header, sizeof(hbin->header)))
401    return false;
402
403  if ( !prs_uint32( "first_hbin_off", ps, depth, &hbin->first_hbin_off ))
404    return false;
405
406  /* The dosreg.cpp comments say that the block size is at 0x1c.
407     According to a WINXP NTUSER.dat file, this is wrong.  The block_size
408     is at 0x08 */
409
410  if ( !prs_uint32( "block_size", ps, depth, &hbin->block_size ))
411    return false;
412
413  block_size2 = hbin->block_size;
414  prs_set_offset( ps, 0x1c );
415  if ( !prs_uint32( "block_size2", ps, depth, &block_size2 ))
416    return false;
417
418  if ( !ps->io )
419    hbin->dirty = true;
420       
421
422  return true;
423}
424
425
426/*******************************************************************
427 *******************************************************************/
428static bool prs_nk_rec( const char *desc, prs_struct *ps, 
429                        int depth, REGF_NK_REC *nk )
430{
431  uint16 class_length, name_length;
432  uint32 start;
433  uint32 data_size, start_off, end_off;
434  uint32 unknown_off = REGF_OFFSET_NONE;
435
436  nk->hbin_off = ps->data_offset;
437  start = nk->hbin_off;
438       
439  depth++;
440       
441  /* back up and get the data_size */   
442  if ( !prs_set_offset( ps, ps->data_offset-sizeof(uint32)) )
443    return false;
444  start_off = ps->data_offset;
445  if ( !prs_uint32( "rec_size", ps, depth, &nk->rec_size ))
446    return false;
447       
448  if (!prs_uint8s(true, "header", ps, depth, nk->header, sizeof(nk->header)))
449    return false;
450               
451  if ( !prs_uint16( "key_type", ps, depth, &nk->key_type ))
452    return false;
453  if ( !smb_io_time( "mtime", &nk->mtime, ps, depth ))
454    return false;
455               
456  if ( !prs_set_offset( ps, start+0x0010 ) )
457    return false;
458  if ( !prs_uint32( "parent_off", ps, depth, &nk->parent_off ))
459    return false;
460  if ( !prs_uint32( "num_subkeys", ps, depth, &nk->num_subkeys ))
461    return false;
462               
463  if ( !prs_set_offset( ps, start+0x001c ) )
464    return false;
465  if ( !prs_uint32( "subkeys_off", ps, depth, &nk->subkeys_off ))
466    return false;
467  if ( !prs_uint32( "unknown_off", ps, depth, &unknown_off) )
468    return false;
469               
470  if ( !prs_set_offset( ps, start+0x0024 ) )
471    return false;
472  if ( !prs_uint32( "num_values", ps, depth, &nk->num_values ))
473    return false;
474  if ( !prs_uint32( "values_off", ps, depth, &nk->values_off ))
475    return false;
476  if ( !prs_uint32( "sk_off", ps, depth, &nk->sk_off ))
477    return false;
478  if ( !prs_uint32( "classname_off", ps, depth, &nk->classname_off ))
479    return false;
480
481  if (!prs_uint32("max_bytes_subkeyname", ps, depth, &nk->max_bytes_subkeyname))
482    return false;
483  if ( !prs_uint32( "max_bytes_subkeyclassname", ps, 
484                    depth, &nk->max_bytes_subkeyclassname))
485  { return false; }
486  if ( !prs_uint32( "max_bytes_valuename", ps, depth, &nk->max_bytes_valuename))
487    return false;
488  if ( !prs_uint32( "max_bytes_value", ps, depth, &nk->max_bytes_value))
489    return false;
490  if ( !prs_uint32( "unknown index", ps, depth, &nk->unk_index))
491    return false;
492
493  name_length = nk->keyname ? strlen(nk->keyname) : 0 ;
494  class_length = nk->classname ? strlen(nk->classname) : 0 ;
495  if ( !prs_uint16( "name_length", ps, depth, &name_length ))
496    return false;
497  if ( !prs_uint16( "class_length", ps, depth, &class_length ))
498    return false;       
499               
500  if ( class_length ) 
501  {
502    ;;
503  }
504       
505  if ( name_length ) 
506  {
507    if(ps->io && !(nk->keyname = (char*)zcalloc(sizeof(char), name_length+1)))
508        return false;
509
510    if(!prs_uint8s(true, "name", ps, depth, (uint8*)nk->keyname, name_length))
511      return false;
512
513    if(ps->io)
514      nk->keyname[name_length] = '\0';
515  }
516
517  end_off = ps->data_offset;
518
519  /* data_size must be divisible by 8 and large enough to hold
520     the original record */
521
522  data_size = ((start_off - end_off) & 0xfffffff8 );
523  /*if ( data_size > nk->rec_size )
524      DEBUG(10,("Encountered reused record (0x%x < 0x%x)\n", data_size, nk->rec_size));*/
525
526  if ( !ps->io )
527    nk->hbin->dirty = true;
528 
529  nk->subkey_index = 0;
530  return true;
531}
532
533
534/*******************************************************************
535 *******************************************************************/
536static uint32 regf_block_checksum( prs_struct *ps )
537{
538  char *buffer = ps->data_p;
539  uint32 checksum, x;
540  int i;
541
542  /* XOR of all bytes 0x0000 - 0x01FB */
543               
544  checksum = x = 0;
545       
546  for ( i=0; i<0x01FB; i+=4 ) {
547    x = IVAL(buffer, i );
548    checksum ^= x;
549  }
550       
551  return checksum;
552}
553
554
555/*******************************************************************
556 *******************************************************************/
557static bool read_regf_block( REGF_FILE *file )
558{
559  prs_struct ps;
560  uint32 checksum;
561       
562  /* grab the first block from the file */
563               
564  if ( read_block( file, &ps, 0, REGF_BLOCKSIZE ) == -1 )
565    return false;
566       
567  /* parse the block and verify the checksum */
568       
569  if ( !prs_regf_block( "regf_header", &ps, 0, file ) )
570    return false;       
571               
572  checksum = regf_block_checksum( &ps );
573       
574  if(ps.is_dynamic)
575    SAFE_FREE(ps.data_p);
576  ps.is_dynamic = false;
577  ps.buffer_size = 0;
578  ps.data_offset = 0;
579
580  if ( file->checksum !=  checksum ) {
581    /*DEBUG(0,("read_regf_block: invalid checksum\n" ));*/
582    return false;
583  }
584
585  return true;
586}
587
588
589/*******************************************************************
590 *******************************************************************/
591static REGF_HBIN* read_hbin_block( REGF_FILE *file, off_t offset )
592{
593  REGF_HBIN *hbin;
594  uint32 record_size, curr_off, block_size, header;
595       
596  if ( !(hbin = (REGF_HBIN*)zalloc(sizeof(REGF_HBIN))) ) 
597    return NULL;
598  hbin->file_off = offset;
599  hbin->free_off = -1;
600               
601  if ( read_block( file, &hbin->ps, offset, 0 ) == -1 )
602    return NULL;
603       
604  if ( !prs_hbin_block( "hbin", &hbin->ps, 0, hbin ) )
605    return NULL;       
606
607  /* this should be the same thing as hbin->block_size but just in case */
608
609  block_size = hbin->ps.buffer_size;
610
611  /* Find the available free space offset.  Always at the end,
612     so walk the record list and stop when you get to the end.
613     The end is defined by a record header of 0xffffffff.  The
614     previous 4 bytes contains the amount of free space remaining
615     in the hbin block. */
616
617  /* remember that the record_size is in the 4 bytes preceeding the record itself */
618
619  if ( !prs_set_offset( &hbin->ps, file->data_offset+HBIN_HDR_SIZE-sizeof(uint32) ) )
620    return false;
621
622  record_size = 0;
623  curr_off = hbin->ps.data_offset;
624  while ( header != 0xffffffff ) {
625    /* not done yet so reset the current offset to the
626       next record_size field */
627
628    curr_off = curr_off+record_size;
629
630    /* for some reason the record_size of the last record in
631       an hbin block can extend past the end of the block
632       even though the record fits within the remaining
633       space....aaarrrgggghhhhhh */
634
635    if ( curr_off >= block_size ) {
636      record_size = -1;
637      curr_off = -1;
638      break;
639    }
640
641    if ( !prs_set_offset( &hbin->ps, curr_off) )
642      return false;
643
644    if ( !prs_uint32( "rec_size", &hbin->ps, 0, &record_size ) )
645      return false;
646    if ( !prs_uint32( "header", &hbin->ps, 0, &header ) )
647      return false;
648               
649    assert( record_size != 0 );
650
651    if ( record_size & 0x80000000 ) {
652      /* absolute_value(record_size) */
653      record_size = (record_size ^ 0xffffffff) + 1;
654    }
655  }
656
657  /* save the free space offset */
658
659  if ( header == 0xffffffff ) {
660
661    /* account for the fact that the curr_off is 4 bytes behind the actual
662       record header */
663
664    hbin->free_off = curr_off + sizeof(uint32);
665    hbin->free_size = record_size;
666  }
667
668  /*DEBUG(10,("read_hbin_block: free space offset == 0x%x\n", hbin->free_off));*/
669
670  if ( !prs_set_offset( &hbin->ps, file->data_offset+HBIN_HDR_SIZE )  )
671    return false;
672       
673  return hbin;
674}
675
676
677/*******************************************************************
678 Input a randon offset and receive the correpsonding HBIN
679 block for it
680*******************************************************************/
681static bool hbin_contains_offset( REGF_HBIN *hbin, uint32 offset )
682{
683  if ( !hbin )
684    return false;
685       
686  if ( (offset > hbin->first_hbin_off) && (offset < (hbin->first_hbin_off+hbin->block_size)) )
687    return true;
688               
689  return false;
690}
691
692
693/*******************************************************************
694 Input a randon offset and receive the correpsonding HBIN
695 block for it
696*******************************************************************/
697static REGF_HBIN* lookup_hbin_block( REGF_FILE *file, uint32 offset )
698{
699  REGF_HBIN *hbin = NULL;
700  uint32 block_off;
701
702  /* start with the open list */
703
704  for ( hbin=file->block_list; hbin; hbin=hbin->next ) {
705    /* DEBUG(10,("lookup_hbin_block: address = 0x%x [0x%x]\n", hbin->file_off, (uint32)hbin ));*/
706    if ( hbin_contains_offset( hbin, offset ) )
707      return hbin;
708  }
709       
710  if ( !hbin ) {
711    /* start at the beginning */
712
713    block_off = REGF_BLOCKSIZE;
714    do {
715      /* cleanup before the next round */
716      if ( hbin )
717      {
718        if(hbin->ps.is_dynamic)
719          SAFE_FREE(hbin->ps.data_p);
720        hbin->ps.is_dynamic = false;
721        hbin->ps.buffer_size = 0;
722        hbin->ps.data_offset = 0;
723      }
724
725      hbin = read_hbin_block( file, block_off );
726
727      if ( hbin ) 
728        block_off = hbin->file_off + hbin->block_size;
729
730    } while ( hbin && !hbin_contains_offset( hbin, offset ) );
731  }
732
733  if ( hbin )
734    DLIST_ADD( file->block_list, hbin );
735
736  return hbin;
737}
738
739
740/*******************************************************************
741 *******************************************************************/
742static bool prs_hash_rec( const char *desc, prs_struct *ps, int depth, REGF_HASH_REC *hash )
743{
744  depth++;
745
746  if ( !prs_uint32( "nk_off", ps, depth, &hash->nk_off ))
747    return false;
748  if ( !prs_uint8s( true, "keycheck", ps, depth, hash->keycheck, sizeof( hash->keycheck )) )
749    return false;
750       
751  return true;
752}
753
754
755/*******************************************************************
756 *******************************************************************/
757static bool hbin_prs_lf_records(const char *desc, REGF_HBIN *hbin, 
758                                int depth, REGF_NK_REC *nk)
759{
760  int i;
761  REGF_LF_REC *lf = &nk->subkeys;
762  uint32 data_size, start_off, end_off;
763
764  depth++;
765
766  /* check if we have anything to do first */
767       
768  if ( nk->num_subkeys == 0 )
769    return true;
770
771  /* move to the LF record */
772
773  if ( !prs_set_offset( &hbin->ps, nk->subkeys_off + HBIN_HDR_SIZE - hbin->first_hbin_off ) )
774    return false;
775
776  /* backup and get the data_size */
777       
778  if ( !prs_set_offset( &hbin->ps, hbin->ps.data_offset-sizeof(uint32)) )
779    return false;
780  start_off = hbin->ps.data_offset;
781  if ( !prs_uint32( "rec_size", &hbin->ps, depth, &lf->rec_size ))
782    return false;
783
784  if(!prs_uint8s(true, "header", &hbin->ps, depth, 
785                 lf->header, sizeof(lf->header)))
786    return false;
787               
788  if ( !prs_uint16( "num_keys", &hbin->ps, depth, &lf->num_keys))
789    return false;
790
791  if ( hbin->ps.io ) {
792    if ( !(lf->hashes = (REGF_HASH_REC*)zcalloc(sizeof(REGF_HASH_REC), lf->num_keys )) )
793      return false;
794  }
795
796  for ( i=0; i<lf->num_keys; i++ ) {
797    if ( !prs_hash_rec( "hash_rec", &hbin->ps, depth, &lf->hashes[i] ) )
798      return false;
799  }
800
801  end_off = hbin->ps.data_offset;
802
803  /* data_size must be divisible by 8 and large enough to hold the original record */
804
805  data_size = ((start_off - end_off) & 0xfffffff8 );
806  /*  if ( data_size > lf->rec_size )*/
807    /*DEBUG(10,("Encountered reused record (0x%x < 0x%x)\n", data_size, lf->rec_size));*/
808
809  if ( !hbin->ps.io )
810    hbin->dirty = true;
811
812  return true;
813}
814
815
816/*******************************************************************
817 *******************************************************************/
818static bool hbin_prs_sk_rec( const char *desc, REGF_HBIN *hbin, int depth, REGF_SK_REC *sk )
819{
820  prs_struct *ps = &hbin->ps;
821  uint16 tag = 0xFFFF;
822  uint32 data_size, start_off, end_off;
823
824
825  depth++;
826
827  if ( !prs_set_offset( &hbin->ps, sk->sk_off + HBIN_HDR_SIZE - hbin->first_hbin_off ) )
828    return false;
829
830  /* backup and get the data_size */
831       
832  if ( !prs_set_offset( &hbin->ps, hbin->ps.data_offset-sizeof(uint32)) )
833    return false;
834  start_off = hbin->ps.data_offset;
835  if ( !prs_uint32( "rec_size", &hbin->ps, depth, &sk->rec_size ))
836    return false;
837
838  if (!prs_uint8s(true, "header", ps, depth, sk->header, sizeof(sk->header)))
839    return false;
840  if ( !prs_uint16( "tag", ps, depth, &tag))
841    return false;
842
843  if ( !prs_uint32( "prev_sk_off", ps, depth, &sk->prev_sk_off))
844    return false;
845  if ( !prs_uint32( "next_sk_off", ps, depth, &sk->next_sk_off))
846    return false;
847  if ( !prs_uint32( "ref_count", ps, depth, &sk->ref_count))
848    return false;
849  if ( !prs_uint32( "size", ps, depth, &sk->size))
850    return false;
851
852  if ( !sec_io_desc( "sec_desc", &sk->sec_desc, ps, depth )) 
853    return false;
854
855  end_off = hbin->ps.data_offset;
856
857  /* data_size must be divisible by 8 and large enough to hold the original record */
858
859  data_size = ((start_off - end_off) & 0xfffffff8 );
860  /*  if ( data_size > sk->rec_size )*/
861    /*DEBUG(10,("Encountered reused record (0x%x < 0x%x)\n", data_size, sk->rec_size));*/
862
863  if ( !hbin->ps.io )
864    hbin->dirty = true;
865
866  return true;
867}
868
869
870/*******************************************************************
871 *******************************************************************/
872static bool hbin_prs_vk_rec( const char *desc, REGF_HBIN *hbin, int depth, 
873                             REGF_VK_REC *vk, REGF_FILE *file )
874{
875  uint32 offset;
876  uint16 name_length;
877  prs_struct *ps = &hbin->ps;
878  uint32 data_size, start_off, end_off;
879
880  depth++;
881
882  /* backup and get the data_size */
883       
884  if ( !prs_set_offset( &hbin->ps, hbin->ps.data_offset-sizeof(uint32)) )
885    return false;
886  start_off = hbin->ps.data_offset;
887  if ( !prs_uint32( "rec_size", &hbin->ps, depth, &vk->rec_size ))
888    return false;
889
890  if ( !prs_uint8s( true, "header", ps, depth, vk->header, sizeof( vk->header )) )
891    return false;
892
893  if ( !hbin->ps.io )
894    name_length = strlen(vk->valuename);
895
896  if ( !prs_uint16( "name_length", ps, depth, &name_length ))
897    return false;
898  if ( !prs_uint32( "data_size", ps, depth, &vk->data_size ))
899    return false;
900  if ( !prs_uint32( "data_off", ps, depth, &vk->data_off ))
901    return false;
902  if ( !prs_uint32( "type", ps, depth, &vk->type))
903    return false;
904  if ( !prs_uint16( "flag", ps, depth, &vk->flag))
905    return false;
906
907  offset = ps->data_offset;
908  offset += 2;  /* skip 2 bytes */
909  prs_set_offset( ps, offset );
910
911  /* get the name */
912
913  if ( vk->flag&VK_FLAG_NAME_PRESENT ) {
914
915    if ( hbin->ps.io ) {
916      if ( !(vk->valuename = (char*)zcalloc(sizeof(char), name_length+1 )))
917        return false;
918    }
919    if ( !prs_uint8s(true, "name", ps, depth, 
920                     (uint8*)vk->valuename, name_length) )
921      return false;
922  }
923
924  end_off = hbin->ps.data_offset;
925
926  /* get the data if necessary */
927
928  if ( vk->data_size != 0 ) 
929  {
930    bool charmode = false;
931
932    if ( (vk->type == REG_SZ) || (vk->type == REG_MULTI_SZ) )
933      charmode = true;
934
935    /* the data is stored in the offset if the size <= 4 */
936    if ( !(vk->data_size & VK_DATA_IN_OFFSET) ) 
937    {
938      REGF_HBIN *hblock = hbin;
939      uint32 data_rec_size;
940
941      if ( hbin->ps.io ) 
942      {
943        if ( !(vk->data = (uint8*)zcalloc(sizeof(uint8), vk->data_size) ) )
944          return false;
945      }
946
947      /* this data can be in another hbin */
948      if ( !hbin_contains_offset( hbin, vk->data_off ) ) 
949      {
950        if ( !(hblock = lookup_hbin_block( file, vk->data_off )) )
951          return false;
952      }
953      if (!(prs_set_offset(&hblock->ps, 
954                           (vk->data_off
955                            + HBIN_HDR_SIZE
956                            - hblock->first_hbin_off)
957                           - sizeof(uint32))))
958      { return false; }
959
960      if ( !hblock->ps.io ) 
961      {
962        data_rec_size = ( (vk->data_size+sizeof(uint32)) & 0xfffffff8 ) + 8;
963        data_rec_size = ( data_rec_size - 1 ) ^ 0xFFFFFFFF;
964      }
965      if ( !prs_uint32( "data_rec_size", &hblock->ps, depth, &data_rec_size ))
966        return false;
967      if(!prs_uint8s(charmode, "data", &hblock->ps, depth, 
968                     vk->data, vk->data_size))
969        return false;
970
971      if ( !hblock->ps.io )
972        hblock->dirty = true;
973    }
974    else 
975    {
976      if(!(vk->data = zcalloc(sizeof(uint8), 4)))
977        return false;
978      SIVAL( vk->data, 0, vk->data_off );
979    }
980               
981  }
982
983  /* data_size must be divisible by 8 and large enough to hold the original record */
984
985  data_size = ((start_off - end_off ) & 0xfffffff8 );
986  /*if ( data_size !=  vk->rec_size )
987    DEBUG(10,("prs_vk_rec: data_size check failed (0x%x < 0x%x)\n", data_size, vk->rec_size));*/
988
989  if ( !hbin->ps.io )
990    hbin->dirty = true;
991
992  return true;
993}
994
995
996/*******************************************************************
997 read a VK record which is contained in the HBIN block stored
998 in the prs_struct *ps.
999*******************************************************************/
1000static bool hbin_prs_vk_records(const char *desc, REGF_HBIN *hbin, 
1001                                int depth, REGF_NK_REC *nk, REGF_FILE *file)
1002{
1003  int i;
1004  uint32 record_size;
1005
1006  depth++;
1007       
1008  /* check if we have anything to do first */
1009  if(nk->num_values == 0)
1010    return true;
1011               
1012  if(hbin->ps.io)
1013  {
1014    if (!(nk->values = (REGF_VK_REC*)zcalloc(sizeof(REGF_VK_REC), 
1015                                              nk->num_values )))
1016      return false;
1017  }
1018       
1019  /* convert the offset to something relative to this HBIN block */
1020  if (!prs_set_offset(&hbin->ps, 
1021                      nk->values_off
1022                      + HBIN_HDR_SIZE
1023                      - hbin->first_hbin_off
1024                      - sizeof(uint32)))
1025  { return false; }
1026
1027  if ( !hbin->ps.io ) 
1028  { 
1029    record_size = ( ( nk->num_values * sizeof(uint32) ) & 0xfffffff8 ) + 8;
1030    record_size = (record_size - 1) ^ 0xFFFFFFFF;
1031  }
1032
1033  if ( !prs_uint32( "record_size", &hbin->ps, depth, &record_size ) )
1034    return false;
1035               
1036  for ( i=0; i<nk->num_values; i++ ) 
1037  {
1038    if ( !prs_uint32( "vk_off", &hbin->ps, depth, &nk->values[i].rec_off ) )
1039      return false;
1040  }
1041
1042  for ( i=0; i<nk->num_values; i++ ) 
1043  {
1044    REGF_HBIN *sub_hbin = hbin;
1045    uint32 new_offset;
1046       
1047    if ( !hbin_contains_offset( hbin, nk->values[i].rec_off ) ) 
1048    {
1049      sub_hbin = lookup_hbin_block( file, nk->values[i].rec_off );
1050      if ( !sub_hbin ) 
1051      {
1052        /*DEBUG(0,("hbin_prs_vk_records: Failed to find HBIN block containing offset [0x%x]\n",
1053          nk->values[i].hbin_off));*/
1054        return false;
1055      }
1056    }
1057               
1058    new_offset = nk->values[i].rec_off
1059      + HBIN_HDR_SIZE
1060      - sub_hbin->first_hbin_off;
1061
1062    if (!prs_set_offset(&sub_hbin->ps, new_offset))
1063      return false;
1064    if (!hbin_prs_vk_rec("vk_rec", sub_hbin, depth, &nk->values[i], file))
1065      return false;
1066  }
1067
1068  if ( !hbin->ps.io )
1069    hbin->dirty = true;
1070
1071  return true;
1072}
1073
1074
1075/*******************************************************************
1076 *******************************************************************/
1077static REGF_SK_REC* find_sk_record_by_offset( REGF_FILE *file, uint32 offset )
1078{
1079  REGF_SK_REC *p_sk;
1080       
1081  for ( p_sk=file->sec_desc_list; p_sk; p_sk=p_sk->next ) {
1082    if ( p_sk->sk_off == offset ) 
1083      return p_sk;
1084  }
1085       
1086  return NULL;
1087}
1088
1089
1090/*******************************************************************
1091 *******************************************************************/
1092static REGF_SK_REC* find_sk_record_by_sec_desc( REGF_FILE *file, SEC_DESC *sd )
1093{
1094  REGF_SK_REC *p;
1095
1096  for ( p=file->sec_desc_list; p; p=p->next ) {
1097    if ( sec_desc_equal( p->sec_desc, sd ) )
1098      return p;
1099  }
1100
1101  /* failure */
1102
1103  return NULL;
1104}
1105
1106
1107/*******************************************************************
1108 *******************************************************************/
1109static bool hbin_prs_key( REGF_FILE *file, REGF_HBIN *hbin, REGF_NK_REC *nk )
1110{
1111  int depth = 0;
1112  REGF_HBIN *sub_hbin;
1113       
1114  depth++;
1115
1116  /* get the initial nk record */
1117  if (!prs_nk_rec("nk_rec", &hbin->ps, depth, nk))
1118    return false;
1119
1120  /* fill in values */
1121  if ( nk->num_values && (nk->values_off!=REGF_OFFSET_NONE) ) 
1122  {
1123    sub_hbin = hbin;
1124    if ( !hbin_contains_offset( hbin, nk->values_off ) ) 
1125    {
1126      sub_hbin = lookup_hbin_block( file, nk->values_off );
1127      if ( !sub_hbin ) 
1128      {
1129        /*DEBUG(0,("hbin_prs_key: Failed to find HBIN block containing value_list_offset [0x%x]\n",
1130          nk->values_off));*/
1131        return false;
1132      }
1133    }
1134               
1135    if(!hbin_prs_vk_records("vk_rec", sub_hbin, depth, nk, file))
1136      return false;
1137  }
1138               
1139  /* now get subkeys */
1140  if ( nk->num_subkeys && (nk->subkeys_off!=REGF_OFFSET_NONE) ) 
1141  {
1142    sub_hbin = hbin;
1143    if ( !hbin_contains_offset( hbin, nk->subkeys_off ) ) 
1144    {
1145      sub_hbin = lookup_hbin_block( file, nk->subkeys_off );
1146      if ( !sub_hbin ) 
1147      {
1148        /*DEBUG(0,("hbin_prs_key: Failed to find HBIN block containing subkey_offset [0x%x]\n",
1149          nk->subkeys_off));*/
1150        return false;
1151      }
1152    }
1153               
1154    if (!hbin_prs_lf_records("lf_rec", sub_hbin, depth, nk))
1155      return false;
1156  }
1157
1158  /* get the to the security descriptor.  First look if we have already parsed it */
1159       
1160  if ((nk->sk_off!=REGF_OFFSET_NONE) 
1161      && !(nk->sec_desc = find_sk_record_by_offset( file, nk->sk_off )))
1162  {
1163    sub_hbin = hbin;
1164    if (!hbin_contains_offset(hbin, nk->sk_off))
1165    {
1166      sub_hbin = lookup_hbin_block( file, nk->sk_off );
1167      if ( !sub_hbin ) {
1168        /*DEBUG(0,("hbin_prs_key: Failed to find HBIN block containing sk_offset [0x%x]\n",
1169          nk->subkeys_off));*/
1170        return false;
1171      }
1172    }
1173               
1174    if ( !(nk->sec_desc = (REGF_SK_REC*)zalloc(sizeof(REGF_SK_REC) )) )
1175      return false;
1176    nk->sec_desc->sk_off = nk->sk_off;
1177    if ( !hbin_prs_sk_rec( "sk_rec", sub_hbin, depth, nk->sec_desc ))
1178      return false;
1179                       
1180    /* add to the list of security descriptors (ref_count has been read from the files) */
1181
1182    nk->sec_desc->sk_off = nk->sk_off;
1183    DLIST_ADD( file->sec_desc_list, nk->sec_desc );
1184  }
1185               
1186  return true;
1187}
1188
1189
1190/*******************************************************************
1191 *******************************************************************/
1192static bool next_record( REGF_HBIN *hbin, const char *hdr, bool *eob )
1193{
1194  uint8 header[REC_HDR_SIZE] = "";
1195  uint32 record_size;
1196  uint32 curr_off, block_size;
1197  bool found = false;
1198  prs_struct *ps = &hbin->ps;
1199       
1200  curr_off = ps->data_offset;
1201  if ( curr_off == 0 )
1202    prs_set_offset( ps, HBIN_HEADER_REC_SIZE );
1203
1204  /* assume that the current offset is at the reacord header
1205     and we need to backup to read the record size */
1206  curr_off -= sizeof(uint32);
1207
1208  block_size = ps->buffer_size;
1209  record_size = 0;
1210  while ( !found ) 
1211  {
1212    curr_off = curr_off+record_size;
1213    if ( curr_off >= block_size ) 
1214      break;
1215
1216    if ( !prs_set_offset( &hbin->ps, curr_off) )
1217      return false;
1218
1219    if ( !prs_uint32( "record_size", ps, 0, &record_size ) )
1220      return false;
1221    if ( !prs_uint8s( true, "header", ps, 0, header, REC_HDR_SIZE ) )
1222      return false;
1223
1224    if ( record_size & 0x80000000 ) {
1225      /* absolute_value(record_size) */
1226      record_size = (record_size ^ 0xffffffff) + 1;
1227    }
1228
1229    if ( memcmp( header, hdr, REC_HDR_SIZE ) == 0 ) {
1230      found = true;
1231      curr_off += sizeof(uint32);
1232    }
1233  } 
1234
1235  /* mark prs_struct as done ( at end ) if no more SK records */
1236  /* mark end-of-block as true */       
1237  if ( !found )
1238  {
1239    prs_set_offset( &hbin->ps, hbin->ps.buffer_size );
1240    *eob = true;
1241    return false;
1242  }
1243
1244  if (!prs_set_offset(ps, curr_off))
1245    return false;
1246
1247  return true;
1248}
1249
1250
1251/*******************************************************************
1252 *******************************************************************/
1253static bool next_nk_record(REGF_FILE *file, REGF_HBIN *hbin, 
1254                           REGF_NK_REC *nk, bool *eob)
1255{
1256  if (next_record(hbin, "nk", eob) 
1257      && hbin_prs_key(file, hbin, nk))
1258    return true;
1259       
1260  return false;
1261}
1262
1263
1264/*******************************************************************
1265 Open the registry file and then read in the REGF block to get the
1266 first hbin offset.
1267*******************************************************************/
1268REGF_FILE* regfio_open( const char *filename )
1269{
1270  REGF_FILE *rb;
1271  int flags = O_RDONLY;
1272
1273  if ( !(rb = (REGF_FILE*)malloc(sizeof(REGF_FILE))) ) {
1274    /* DEBUG(0,("ERROR allocating memory\n")); */
1275    return NULL;
1276  }
1277  memset(rb, 0, sizeof(REGF_FILE));
1278  rb->fd = -1;
1279       
1280  /*    if ( !(rb->mem_ctx = talloc_init( "read_regf_block" )) )
1281    {
1282    regfio_close( rb );
1283    return NULL;
1284    }
1285  */
1286  rb->open_flags = flags;
1287       
1288  /* open and existing file */
1289
1290  if ( (rb->fd = open(filename, flags)) == -1 ) {
1291    /* DEBUG(0,("regfio_open: failure to open %s (%s)\n", filename, strerror(errno)));*/
1292    regfio_close( rb );
1293    return NULL;
1294  }
1295       
1296  /* read in an existing file */
1297       
1298  if ( !read_regf_block( rb ) ) {
1299    /* DEBUG(0,("regfio_open: Failed to read initial REGF block\n"));*/
1300    regfio_close( rb );
1301    return NULL;
1302  }
1303       
1304  /* success */
1305       
1306  return rb;
1307}
1308
1309
1310/*******************************************************************
1311 *******************************************************************/
1312static void regfio_mem_free( REGF_FILE *file )
1313{
1314  /* free any zalloc()'d memory */
1315       
1316  /*    if ( file && file->mem_ctx )
1317    free(file->mem_ctx);
1318  */
1319}
1320
1321
1322/*******************************************************************
1323 *******************************************************************/
1324int regfio_close( REGF_FILE *file )
1325{
1326  int fd;
1327
1328  regfio_mem_free( file );
1329
1330  /* nothing to do if there is no open file */
1331
1332  if ( !file || (file->fd == -1) )
1333    return 0;
1334               
1335  fd = file->fd;
1336  file->fd = -1;
1337  SAFE_FREE( file );
1338
1339  return close( fd );
1340}
1341
1342
1343/*******************************************************************
1344 There should be only *one* root key in the registry file based
1345 on my experience.  --jerry
1346*******************************************************************/
1347REGF_NK_REC* regfio_rootkey( REGF_FILE *file )
1348{
1349  REGF_NK_REC *nk;
1350  REGF_HBIN   *hbin;
1351  uint32      offset = REGF_BLOCKSIZE;
1352  bool        found = false;
1353  bool        eob;
1354       
1355  if ( !file )
1356    return NULL;
1357               
1358  if ( !(nk = (REGF_NK_REC*)zalloc(sizeof(REGF_NK_REC) )) ) {
1359    /*DEBUG(0,("regfio_rootkey: zalloc() failed!\n"));*/
1360    return NULL;
1361  }
1362       
1363  /* scan through the file on HBIN block at a time looking
1364     for an NK record with a type == 0x002c.
1365     Normally this is the first nk record in the first hbin
1366     block (but I'm not assuming that for now) */
1367       
1368  while ( (hbin = read_hbin_block( file, offset )) ) {
1369    eob = false;
1370
1371    while ( !eob) {
1372      if ( next_nk_record( file, hbin, nk, &eob ) ) {
1373        if ( nk->key_type == NK_TYPE_ROOTKEY ) {
1374          found = true;
1375          break;
1376        }
1377      }
1378      if(hbin->ps.is_dynamic)
1379        SAFE_FREE(hbin->ps.data_p);
1380      hbin->ps.is_dynamic = false;
1381      hbin->ps.buffer_size = 0;
1382      hbin->ps.data_offset = 0;
1383    }
1384               
1385    if ( found ) 
1386      break;
1387
1388    offset += hbin->block_size;
1389  }
1390       
1391  if ( !found ) {
1392    /*DEBUG(0,("regfio_rootkey: corrupt registry file ?  No root key record located\n"));*/
1393    return NULL;
1394  }
1395
1396  DLIST_ADD( file->block_list, hbin );
1397
1398  return nk;           
1399}
1400
1401
1402/* XXX: An interator struct should be used instead, and this function
1403 *   should operate on it, so the state of iteration isn't stored in the
1404 * REGF_NK_REC struct itself.
1405 */
1406/*******************************************************************
1407 This acts as an interator over the subkeys defined for a given
1408 NK record.  Remember that offsets are from the *first* HBIN block.
1409*******************************************************************/
1410REGF_NK_REC* regfio_fetch_subkey( REGF_FILE *file, REGF_NK_REC *nk )
1411{
1412  REGF_NK_REC *subkey;
1413  REGF_HBIN   *hbin;
1414  uint32      nk_offset;
1415
1416  /* see if there is anything left to report */
1417  if (!nk || (nk->subkeys_off==REGF_OFFSET_NONE) 
1418      || (nk->subkey_index >= nk->num_subkeys))
1419    return NULL;
1420
1421  /* find the HBIN block which should contain the nk record */
1422  if(!(hbin
1423       = lookup_hbin_block(file, nk->subkeys.hashes[nk->subkey_index].nk_off )))
1424  {
1425    /*DEBUG(0,("hbin_prs_key: Failed to find HBIN block containing offset [0x%x]\n",
1426      nk->subkeys.hashes[nk->subkey_index].nk_off));*/
1427    return NULL;
1428  }
1429       
1430  nk_offset = nk->subkeys.hashes[nk->subkey_index].nk_off;
1431  if(!prs_set_offset(&hbin->ps, 
1432                     (HBIN_HDR_SIZE + nk_offset - hbin->first_hbin_off)))
1433    return NULL;
1434               
1435  nk->subkey_index++;
1436  if(!(subkey = (REGF_NK_REC*)zalloc(sizeof(REGF_NK_REC))))
1437    return NULL;
1438
1439  if(!hbin_prs_key(file, hbin, subkey))
1440    return NULL;
1441
1442  return subkey;
1443}
Note: See TracBrowser for help on using the repository browser.