source: trunk/include/regfi.h @ 83

Last change on this file since 83 was 81, checked in by tim, 18 years ago

Finished incorporating changes to reglookup to work with new regfi interface.

Compiles now, but is minimally tested.

  • Property svn:keywords set to Id
File size: 9.4 KB
Line 
1/*
2 * Branched from Samba project, Subversion repository version #6903:
3 *   http://websvn.samba.org/cgi-bin/viewcvs.cgi/trunk/source/include/regfio.h
4 *
5 * Unix SMB/CIFS implementation.
6 * Windows NT registry I/O library
7 *
8 * Copyright (C) 2005-2007 Timothy D. Morgan
9 * Copyright (C) 2005 Gerald (Jerry) Carter
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; version 2 of the License.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
23 *
24 * $Id: regfi.h 81 2007-01-17 16:47:39Z tim $
25 */
26
27/************************************************************
28 * Most of this information was obtained from
29 * http://www.wednesday.demon.co.uk/dosreg.html
30 * Thanks Nigel!
31 ***********************************************************/
32
33#ifndef _REGFI_H
34#define _REGFI_H
35
36#include <stdlib.h>
37#include <stdio.h>
38#include <stdbool.h>
39#include <string.h>
40#include <errno.h>
41#include <time.h>
42#include <fcntl.h>
43#include <sys/stat.h>
44#include <sys/types.h>
45#include <unistd.h>
46#include <assert.h>
47
48#include "smb_deps.h"
49#include "void_stack.h"
50
51/******************************************************************************/
52/* Macros */
53 
54/* Registry data types */
55#define REG_NONE                       0
56#define REG_SZ                         1
57#define REG_EXPAND_SZ                  2
58#define REG_BINARY                     3
59#define REG_DWORD                      4
60#define REG_DWORD_LE                   4  /* DWORD, little endian */
61#define REG_DWORD_BE                   5  /* DWORD, big endian */
62#define REG_LINK                       6
63#define REG_MULTI_SZ                   7
64#define REG_RESOURCE_LIST              8
65#define REG_FULL_RESOURCE_DESCRIPTOR   9
66#define REG_RESOURCE_REQUIREMENTS_LIST 10
67#define REG_QWORD                      11 /* 64-bit little endian */
68/* XXX: Has MS defined a REG_QWORD_BE? */
69/* Not a real type in the registry */
70#define REG_KEY                        0x7FFFFFFF
71
72
73#define REGF_BLOCKSIZE          0x1000
74#define REGF_ALLOC_BLOCK        0x1000
75#define REGF_MAX_DEPTH          512
76
77/* header sizes for various records */
78
79#define REGF_HDR_SIZE           4
80#define HBIN_HDR_SIZE           4
81#define HBIN_HEADER_REC_SIZE    0x24
82#define REC_HDR_SIZE            2
83
84#define REGF_OFFSET_NONE        0xffffffff
85
86/* Flags for the vk records */
87
88#define VK_FLAG_NAME_PRESENT    0x0001
89#define VK_DATA_IN_OFFSET       0x80000000
90#define VK_MAX_DATA_LENGTH      1024*1024
91
92/* NK record macros */
93
94#define NK_TYPE_LINKKEY         0x0010
95#define NK_TYPE_NORMALKEY       0x0020
96#define NK_TYPE_ROOTKEY         0x002c
97
98#define HBIN_STORE_REF(x, y) { x->hbin = y; y->ref_count++ };
99/* if the count == 0; we can clean up */
100#define HBIN_REMOVE_REF(x, y){ x->hbin = NULL; y->ref_count-- };
101
102
103/* HBIN block */
104struct regf_hbin;
105typedef struct regf_hbin {
106  struct regf_hbin* prev;
107  struct regf_hbin* next;
108  uint32 file_off;       /* my offset in the registry file */
109  uint32 free_off;       /* offset to free space within the hbin record */
110  uint32 free_size;      /* amount of data left in the block */
111  int    ref_count;      /* how many active records are pointing to this
112                          * block (not used currently)
113                          */
114       
115  uint8  header[HBIN_HDR_SIZE]; /* "hbin" */
116  uint32 first_hbin_off; /* offset from first hbin block */
117  uint32 block_size;     /* block size of this block is
118                          * usually a multiple of 4096Kb
119                          */
120  prs_struct ps;         /* data */
121  bool dirty;            /* has this hbin block been modified? */
122} REGF_HBIN;
123
124/* ??? List -- list of key offsets and hashed names for consistency */
125typedef struct {
126  uint32 nk_off;
127  uint8 keycheck[sizeof(uint32)];
128} REGF_HASH_REC;
129
130typedef struct {
131  REGF_HBIN *hbin;       /* pointer to HBIN record (in memory) containing
132                          * this nk record
133                          */
134  uint32 hbin_off;       /* offset from beginning of this hbin block */
135  uint32 rec_size;       /* ((start_offset - end_offset) & 0xfffffff8) */
136 
137  uint8 header[REC_HDR_SIZE];
138  uint16 num_keys;
139  REGF_HASH_REC *hashes;
140} REGF_LF_REC;
141
142/* Key Value */
143
144typedef struct {
145  REGF_HBIN *hbin;      /* pointer to HBIN record (in memory) containing
146                         * this nk record
147                         */
148  uint32 hbin_off;      /* offset from beginning of this hbin block */
149  uint32 rec_size;      /* ((start_offset - end_offset) & 0xfffffff8) */
150  uint32 rec_off;       /* offset stored in the value list */
151 
152  uint8  header[REC_HDR_SIZE];
153  char*  valuename;
154  uint32 data_size;
155  uint32 data_off;
156  uint8* data;
157  uint32 type;
158  uint16 flag;
159} REGF_VK_REC;
160
161
162/* Key Security */
163struct _regf_sk_rec;
164
165typedef struct _regf_sk_rec {
166  struct _regf_sk_rec *next, *prev;
167  REGF_HBIN *hbin;      /* pointer to HBIN record (in memory) containing
168                         * this nk record
169                         */
170  uint32 hbin_off;      /* offset from beginning of this hbin block */
171  uint32 rec_size;      /* ((start_offset - end_offset) & 0xfffffff8) */
172 
173  uint32 sk_off;        /* offset parsed from NK record used as a key
174                         * to lookup reference to this SK record
175                         */
176 
177  uint8  header[REC_HDR_SIZE];
178  uint32 prev_sk_off;
179  uint32 next_sk_off;
180  uint32 ref_count;
181  uint32 size;
182  SEC_DESC *sec_desc;
183} REGF_SK_REC;
184
185
186/* Key Name */ 
187typedef struct {
188  REGF_HBIN *hbin;      /* pointer to HBIN record (in memory) containing
189                         * this nk record
190                         */
191  uint32 hbin_off;      /* offset from beginning of this hbin block */
192  /*uint32 subkey_index;*/      /* index to next subkey record to return */
193  uint32 rec_size;      /* ((start_offset - end_offset) & 0xfffffff8) */
194 
195  /* header information */
196  uint8  header[REC_HDR_SIZE];
197  uint16 key_type;
198  NTTIME mtime;
199  uint32 parent_off;    /* back pointer in registry hive */
200  uint32 classname_off; 
201  char *classname;
202  char *keyname;
203 
204  /* max lengths */
205  uint32 max_bytes_subkeyname;      /* max subkey name * 2 */
206  uint32 max_bytes_subkeyclassname; /* max subkey classname length (as if) */
207  uint32 max_bytes_valuename;       /* max valuename * 2 */
208  uint32 max_bytes_value;           /* max value data size */
209 
210  /* unknowns */
211  uint32 unk_index;                 /* nigel says run time index ? */
212 
213  /* children */
214  uint32 num_subkeys;
215  uint32 subkeys_off;   /* hash records that point to NK records */     
216  uint32 num_values;
217  uint32 values_off;    /* value lists which point to VK records */
218  uint32 sk_off;        /* offset to SK record */
219 
220  /* link in the other records here */
221  REGF_LF_REC subkeys;
222  REGF_VK_REC* values;
223  REGF_SK_REC* sec_desc;
224       
225} REGF_NK_REC;
226
227
228/* REGF block */
229typedef struct {
230  /* run time information */
231  int fd;         /* file descriptor */
232  int open_flags; /* flags passed to the open() call */
233  void *mem_ctx;  /* memory context for run-time file access information */
234  REGF_HBIN *block_list; /* list of open hbin blocks */
235 
236  /* file format information */
237 
238  uint8  header[REGF_HDR_SIZE]; /* "regf" */
239  uint32 data_offset;           /* offset to record in the first (or any?)
240                                 * hbin block
241                                 */
242  uint32 last_block;            /* offset to last hbin block in file */
243  uint32 checksum;              /* XOR of bytes 0x0000 - 0x01FB */
244  NTTIME mtime;
245 
246  REGF_SK_REC *sec_desc_list;   /* list of security descriptors referenced
247                                 * by NK records
248                                 */
249 
250  /* unknowns */
251  uint32 unknown1;
252  uint32 unknown2;
253  uint32 unknown3;
254  uint32 unknown4;
255  uint32 unknown5;
256  uint32 unknown6;
257} REGF_FILE;
258
259
260typedef struct {
261  REGF_FILE* f;
262  void_stack* key_positions;
263  REGF_NK_REC* cur_key;
264  uint32 cur_subkey;
265  uint32 cur_value;
266} REGFI_ITERATOR;
267
268
269typedef struct {
270  REGF_NK_REC* nk;
271  uint32 cur_subkey;
272  /* We could store a cur_value here as well, but didn't see
273   * the use in it right now.
274   */
275} REGFI_ITER_POSITION;
276
277
278/******************************************************************************/
279/* Function Declarations */
280
281const char*   regfi_type_val2str(unsigned int val);
282int           regfi_type_str2val(const char* str);
283
284char*         regfi_get_sacl(SEC_DESC* sec_desc);
285char*         regfi_get_dacl(SEC_DESC* sec_desc);
286char*         regfi_get_owner(SEC_DESC* sec_desc);
287char*         regfi_get_group(SEC_DESC* sec_desc);
288
289REGF_FILE*    regfi_open(const char* filename);
290int           regfi_close(REGF_FILE* r);
291
292REGF_NK_REC*  regfi_rootkey(REGF_FILE* file);
293/* REGF_NK_REC*  regfi_fetch_subkey( REGF_FILE* file, REGF_NK_REC* nk ); */
294
295void            regfi_key_free(REGF_NK_REC* nk);
296
297REGFI_ITERATOR* regfi_iterator_new(REGF_FILE* fh);
298void            regfi_iterator_free(REGFI_ITERATOR* i);
299bool            regfi_iterator_down(REGFI_ITERATOR* i);
300bool            regfi_iterator_up(REGFI_ITERATOR* i);
301bool            regfi_iterator_to_root(REGFI_ITERATOR* i);
302
303bool            regfi_iterator_find_subkey(REGFI_ITERATOR* i, const char* subkey_name);
304bool            regfi_iterator_walk_path(REGFI_ITERATOR* i, const char** path);
305/* XXX: these which return NK and VK records should return them as consts */
306REGF_NK_REC*    regfi_iterator_cur_key(REGFI_ITERATOR* i);
307REGF_NK_REC*    regfi_iterator_first_subkey(REGFI_ITERATOR* i);
308REGF_NK_REC*    regfi_iterator_cur_subkey(REGFI_ITERATOR* i);
309REGF_NK_REC*    regfi_iterator_next_subkey(REGFI_ITERATOR* i);
310
311bool            regfi_iterator_find_value(REGFI_ITERATOR* i, const char* value_name);
312REGF_VK_REC*    regfi_iterator_first_value(REGFI_ITERATOR* i);
313REGF_VK_REC*    regfi_iterator_cur_value(REGFI_ITERATOR* i);
314REGF_VK_REC*    regfi_iterator_next_value(REGFI_ITERATOR* i);
315
316#endif  /* _REGFI_H */
Note: See TracBrowser for help on using the repository browser.