Context Navigation

source: trunk/lib/regfi.c @ 97

Last change on this file since 97 was 97, checked in by tim, 17 years ago
begun the work of rewriting the lowest layer parsing routines
Property svn:keywords set to `Id`
File size: 44.8 KB

Line
1	/*
2	* Branched from Samba project Subversion repository, version #7470:
3	* http://viewcvs.samba.org/cgi-bin/viewcvs.cgi/trunk/source/registry/regfio.c?rev=7470&view=auto
4	*
5	* Unix SMB/CIFS implementation.
6	* Windows NT registry I/O library
7	*
8	* Copyright (C) 2005-2008 Timothy D. Morgan
9	* Copyright (C) 2005 Gerald (Jerry) Carter
10	*
11	* This program is free software; you can redistribute it and/or modify
12	* it under the terms of the GNU General Public License as published by
13	* the Free Software Foundation; version 2 of the License.
14	*
15	* This program is distributed in the hope that it will be useful,
16	* but WITHOUT ANY WARRANTY; without even the implied warranty of
17	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18	* GNU General Public License for more details.
19	*
20	* You should have received a copy of the GNU General Public License
21	* along with this program; if not, write to the Free Software
22	* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
23	*
24	* $Id: regfi.c 97 2008-02-27 01:04:14Z tim $
25	*/
26
27	#include "../include/regfi.h"
28
29
30	/* Registry types mapping */
31	const unsigned int regfi_num_reg_types = 12;
32	static const char* regfi_type_names[] =
33	{"NONE", "SZ", "EXPAND_SZ", "BINARY", "DWORD", "DWORD_BE", "LINK",
34	"MULTI_SZ", "RSRC_LIST", "RSRC_DESC", "RSRC_REQ_LIST", "QWORD"};
35
36
37	/* Returns NULL on error */
38	const char* regfi_type_val2str(unsigned int val)
39	{
40	if(val == REG_KEY)
41	return "KEY";
42
43	if(val >= regfi_num_reg_types)
44	return NULL;
45
46	return regfi_type_names[val];
47	}
48
49
50	/* Returns -1 on error */
51	int regfi_type_str2val(const char* str)
52	{
53	int i;
54
55	if(strcmp("KEY", str) == 0)
56	return REG_KEY;
57
58	for(i=0; i < regfi_num_reg_types; i++)
59	if (strcmp(regfi_type_names[i], str) == 0)
60	return i;
61
62	if(strcmp("DWORD_LE", str) == 0)
63	return REG_DWORD_LE;
64
65	return -1;
66	}
67
68
69	/* Security descriptor parsing functions */
70
71	const char* regfi_ace_type2str(uint8 type)
72	{
73	static const char* map[7]
74	= {"ALLOW", "DENY", "AUDIT", "ALARM",
75	"ALLOW CPD", "OBJ ALLOW", "OBJ DENY"};
76	if(type < 7)
77	return map[type];
78	else
79	/* XXX: would be nice to return the unknown integer value.
80	* However, as it is a const string, it can't be free()ed later on,
81	* so that would need to change.
82	*/
83	return "UNKNOWN";
84	}
85
86
87	/* XXX: need a better reference on the meaning of each flag. */
88	/* For more info, see:
89	* http://msdn2.microsoft.com/en-us/library/aa772242.aspx
90	*/
91	char* regfi_ace_flags2str(uint8 flags)
92	{
93	static const char* flag_map[32] =
94	{ "OI", /* Object Inherit */
95	"CI", /* Container Inherit */
96	"NP", /* Non-Propagate */
97	"IO", /* Inherit Only */
98	"IA", /* Inherited ACE */
99	NULL,
100	NULL,
101	NULL,
102	};
103
104	char* ret_val = malloc(35*sizeof(char));
105	char* fo = ret_val;
106	uint32 i;
107	uint8 f;
108
109	if(ret_val == NULL)
110	return NULL;
111
112	fo[0] = '\0';
113	if (!flags)
114	return ret_val;
115
116	for(i=0; i < 8; i++)
117	{
118	f = (1<<i);
119	if((flags & f) && (flag_map[i] != NULL))
120	{
121	strcpy(fo, flag_map[i]);
122	fo += strlen(flag_map[i]);
123	*(fo++) = ' ';
124	flags ^= f;
125	}
126	}
127
128	/* Any remaining unknown flags are added at the end in hex. */
129	if(flags != 0)
130	sprintf(fo, "0x%.2X ", flags);
131
132	/* Chop off the last space if we've written anything to ret_val */
133	if(fo != ret_val)
134	fo[-1] = '\0';
135
136	/* XXX: what was this old VI flag for??
137	XXX: Is this check right? 0xF == 1\|2\|4\|8, which makes it redundant...
138	if (flags == 0xF) {
139	if (some) strcat(flg_output, " ");
140	some = 1;
141	strcat(flg_output, "VI");
142	}
143	*/
144
145	return ret_val;
146	}
147
148
149	char* regfi_ace_perms2str(uint32 perms)
150	{
151	uint32 i, p;
152	/* This is more than is needed by a fair margin. */
153	char* ret_val = malloc(350*sizeof(char));
154	char* r = ret_val;
155
156	/* Each represents one of 32 permissions bits. NULL is for undefined/reserved bits.
157	* For more information, see:
158	* http://msdn2.microsoft.com/en-gb/library/aa374892.aspx
159	* http://msdn2.microsoft.com/en-gb/library/ms724878.aspx
160	*/
161	static const char* perm_map[32] =
162	{/* object-specific permissions (registry keys, in this case) */
163	"QRY_VAL", /* KEY_QUERY_VALUE */
164	"SET_VAL", /* KEY_SET_VALUE */
165	"CREATE_KEY", /* KEY_CREATE_SUB_KEY */
166	"ENUM_KEYS", /* KEY_ENUMERATE_SUB_KEYS */
167	"NOTIFY", /* KEY_NOTIFY */
168	"CREATE_LNK", /* KEY_CREATE_LINK - Reserved for system use. */
169	NULL,
170	NULL,
171	"WOW64_64", /* KEY_WOW64_64KEY */
172	"WOW64_32", /* KEY_WOW64_32KEY */
173	NULL,
174	NULL,
175	NULL,
176	NULL,
177	NULL,
178	NULL,
179	/* standard access rights */
180	"DELETE", /* DELETE */
181	"R_CONT", /* READ_CONTROL */
182	"W_DAC", /* WRITE_DAC */
183	"W_OWNER", /* WRITE_OWNER */
184	"SYNC", /* SYNCHRONIZE - Shouldn't be set in registries */
185	NULL,
186	NULL,
187	NULL,
188	/* other generic */
189	"SYS_SEC", /* ACCESS_SYSTEM_SECURITY */
190	"MAX_ALLWD", /* MAXIMUM_ALLOWED */
191	NULL,
192	NULL,
193	"GEN_A", /* GENERIC_ALL */
194	"GEN_X", /* GENERIC_EXECUTE */
195	"GEN_W", /* GENERIC_WRITE */
196	"GEN_R", /* GENERIC_READ */
197	};
198
199
200	if(ret_val == NULL)
201	return NULL;
202
203	r[0] = '\0';
204	for(i=0; i < 32; i++)
205	{
206	p = (1<<i);
207	if((perms & p) && (perm_map[i] != NULL))
208	{
209	strcpy(r, perm_map[i]);
210	r += strlen(perm_map[i]);
211	*(r++) = ' ';
212	perms ^= p;
213	}
214	}
215
216	/* Any remaining unknown permission bits are added at the end in hex. */
217	if(perms != 0)
218	sprintf(r, "0x%.8X ", perms);
219
220	/* Chop off the last space if we've written anything to ret_val */
221	if(r != ret_val)
222	r[-1] = '\0';
223
224	return ret_val;
225	}
226
227
228	char* regfi_sid2str(DOM_SID* sid)
229	{
230	uint32 i, size = MAXSUBAUTHS*11 + 24;
231	uint32 left = size;
232	uint8 comps = sid->num_auths;
233	char* ret_val = malloc(size);
234
235	if(ret_val == NULL)
236	return NULL;
237
238	if(comps > MAXSUBAUTHS)
239	comps = MAXSUBAUTHS;
240
241	left -= sprintf(ret_val, "S-%u-%u", sid->sid_rev_num, sid->id_auth[5]);
242
243	for (i = 0; i < comps; i++)
244	left -= snprintf(ret_val+(size-left), left, "-%u", sid->sub_auths[i]);
245
246	return ret_val;
247	}
248
249
250	char* regfi_get_acl(SEC_ACL* acl)
251	{
252	uint32 i, extra, size = 0;
253	const char* type_str;
254	char* flags_str;
255	char* perms_str;
256	char* sid_str;
257	char* ace_delim = "";
258	char* ret_val = NULL;
259	char* tmp_val = NULL;
260	bool failed = false;
261	char field_delim = ':';
262
263	for (i = 0; i < acl->num_aces && !failed; i++)
264	{
265	sid_str = regfi_sid2str(&acl->ace[i].trustee);
266	type_str = regfi_ace_type2str(acl->ace[i].type);
267	perms_str = regfi_ace_perms2str(acl->ace[i].info.mask);
268	flags_str = regfi_ace_flags2str(acl->ace[i].flags);
269
270	if(flags_str != NULL && perms_str != NULL
271	&& type_str != NULL && sid_str != NULL)
272	{
273	/* XXX: this is slow */
274	extra = strlen(sid_str) + strlen(type_str)
275	+ strlen(perms_str) + strlen(flags_str)+5;
276	tmp_val = realloc(ret_val, size+extra);
277
278	if(tmp_val == NULL)
279	{
280	free(ret_val);
281	failed = true;
282	}
283	else
284	{
285	ret_val = tmp_val;
286	size += snprintf(ret_val+size, extra, "%s%s%c%s%c%s%c%s",
287	ace_delim,sid_str,
288	field_delim,type_str,
289	field_delim,perms_str,
290	field_delim,flags_str);
291	ace_delim = "\|";
292	}
293	}
294	else
295	failed = true;
296
297	if(sid_str != NULL)
298	free(sid_str);
299	if(sid_str != NULL)
300	free(perms_str);
301	if(sid_str != NULL)
302	free(flags_str);
303	}
304
305	return ret_val;
306	}
307
308
309	char* regfi_get_sacl(SEC_DESC *sec_desc)
310	{
311	if (sec_desc->sacl)
312	return regfi_get_acl(sec_desc->sacl);
313	else
314	return NULL;
315	}
316
317
318	char* regfi_get_dacl(SEC_DESC *sec_desc)
319	{
320	if (sec_desc->dacl)
321	return regfi_get_acl(sec_desc->dacl);
322	else
323	return NULL;
324	}
325
326
327	char* regfi_get_owner(SEC_DESC *sec_desc)
328	{
329	return regfi_sid2str(sec_desc->owner_sid);
330	}
331
332
333	char* regfi_get_group(SEC_DESC *sec_desc)
334	{
335	return regfi_sid2str(sec_desc->grp_sid);
336	}
337
338
339
340	/*******************************************************************
341	*******************************************************************/
342	static bool prs_nk_rec( const char desc, prs_struct ps,
343	int depth, REGF_NK_REC *nk )
344	{
345	uint16 class_length, name_length;
346	uint32 start;
347	uint32 data_size, start_off, end_off;
348	uint32 unknown_off = REGF_OFFSET_NONE;
349
350	nk->hbin_off = ps->data_offset;
351	start = nk->hbin_off;
352
353	depth++;
354
355	/* back up and get the data_size */
356	if ( !prs_set_offset( ps, ps->data_offset-sizeof(uint32)) )
357	return false;
358	start_off = ps->data_offset;
359	if ( !prs_uint32( "rec_size", ps, depth, &nk->rec_size ))
360	return false;
361
362	if (!prs_uint8s("header", ps, depth, nk->header, sizeof(nk->header)))
363	return false;
364
365	if ( !prs_uint16( "key_type", ps, depth, &nk->key_type ))
366	return false;
367	if ( !smb_io_time( "mtime", &nk->mtime, ps, depth ))
368	return false;
369
370	if ( !prs_set_offset( ps, start+0x0010 ) )
371	return false;
372	if ( !prs_uint32( "parent_off", ps, depth, &nk->parent_off ))
373	return false;
374	if ( !prs_uint32( "num_subkeys", ps, depth, &nk->num_subkeys ))
375	return false;
376
377	if ( !prs_set_offset( ps, start+0x001c ) )
378	return false;
379	if ( !prs_uint32( "subkeys_off", ps, depth, &nk->subkeys_off ))
380	return false;
381	if ( !prs_uint32( "unknown_off", ps, depth, &unknown_off) )
382	return false;
383
384	if ( !prs_set_offset( ps, start+0x0024 ) )
385	return false;
386	if ( !prs_uint32( "num_values", ps, depth, &nk->num_values ))
387	return false;
388	if ( !prs_uint32( "values_off", ps, depth, &nk->values_off ))
389	return false;
390	if ( !prs_uint32( "sk_off", ps, depth, &nk->sk_off ))
391	return false;
392	if ( !prs_uint32( "classname_off", ps, depth, &nk->classname_off ))
393	return false;
394
395	if (!prs_uint32("max_bytes_subkeyname", ps, depth, &nk->max_bytes_subkeyname))
396	return false;
397	if ( !prs_uint32( "max_bytes_subkeyclassname", ps,
398	depth, &nk->max_bytes_subkeyclassname))
399	{ return false; }
400	if ( !prs_uint32( "max_bytes_valuename", ps, depth, &nk->max_bytes_valuename))
401	return false;
402	if ( !prs_uint32( "max_bytes_value", ps, depth, &nk->max_bytes_value))
403	return false;
404	if ( !prs_uint32( "unknown index", ps, depth, &nk->unk_index))
405	return false;
406
407	name_length = nk->keyname ? strlen(nk->keyname) : 0 ;
408	class_length = nk->classname ? strlen(nk->classname) : 0 ;
409	if ( !prs_uint16( "name_length", ps, depth, &name_length ))
410	return false;
411	if ( !prs_uint16( "class_length", ps, depth, &class_length ))
412	return false;
413
414	if ( class_length )
415	{
416	/* XXX: why isn't this parsed? */
417	;;
418	}
419
420	if ( name_length )
421	{
422	if(ps->io && !(nk->keyname = (char*)zcalloc(sizeof(char), name_length+1)))
423	return false;
424
425	if(!prs_uint8s("name", ps, depth, (uint8*)nk->keyname, name_length))
426	return false;
427
428	if(ps->io)
429	nk->keyname[name_length] = '\0';
430	}
431
432	end_off = ps->data_offset;
433
434	/* data_size must be divisible by 8 and large enough to hold
435	the original record */
436
437	data_size = ((start_off - end_off) & 0xfffffff8 );
438	/*if ( data_size > nk->rec_size )
439	DEBUG(10,("Encountered reused record (0x%x < 0x%x)\n", data_size, nk->rec_size));*/
440
441	return true;
442	}
443
444
445	/*******************************************************************
446	Input a randon offset and receive the correpsonding HBIN
447	block for it
448	*******************************************************************/
449	static bool hbin_contains_offset( REGF_HBIN *hbin, uint32 offset )
450	{
451	if ( !hbin )
452	return false;
453
454	if ( (offset > hbin->first_hbin_off) && (offset < (hbin->first_hbin_off+hbin->block_size)) )
455	return true;
456
457	return false;
458	}
459
460
461	/*******************************************************************
462	Input a randon offset and receive the correpsonding HBIN
463	block for it
464	*******************************************************************/
465	static REGF_HBIN* lookup_hbin_block( REGF_FILE *file, uint32 offset )
466	{
467	REGF_HBIN *hbin = NULL;
468	uint32 block_off;
469
470	/* start with the open list */
471
472	for ( hbin=file->block_list; hbin; hbin=hbin->next ) {
473	/* DEBUG(10,("lookup_hbin_block: address = 0x%x [0x%x]\n", hbin->file_off, (uint32)hbin ));*/
474	if ( hbin_contains_offset( hbin, offset ) )
475	return hbin;
476	}
477
478	if ( !hbin ) {
479	/* start at the beginning */
480
481	block_off = REGF_BLOCKSIZE;
482	do {
483	/* cleanup before the next round */
484	if ( hbin )
485	{
486	if(hbin->ps.is_dynamic)
487	SAFE_FREE(hbin->ps.data_p);
488	hbin->ps.is_dynamic = false;
489	hbin->ps.buffer_size = 0;
490	hbin->ps.data_offset = 0;
491	}
492
493	hbin = regfi_parse_hbin(file, block_off, true, false);
494
495	if ( hbin )
496	block_off = hbin->file_off + hbin->block_size;
497
498	} while ( hbin && !hbin_contains_offset( hbin, offset ) );
499	}
500
501	if ( hbin )
502	/* XXX: this kind of caching needs to be re-evaluated */
503	DLIST_ADD( file->block_list, hbin );
504
505	return hbin;
506	}
507
508
509	/*******************************************************************
510	*******************************************************************/
511	static bool prs_hash_rec( const char desc, prs_struct ps, int depth, REGF_HASH_REC *hash )
512	{
513	depth++;
514
515	if ( !prs_uint32( "nk_off", ps, depth, &hash->nk_off ))
516	return false;
517	if ( !prs_uint8s("keycheck", ps, depth, hash->keycheck, sizeof( hash->keycheck )) )
518	return false;
519
520	return true;
521	}
522
523
524	/*******************************************************************
525	*******************************************************************/
526	static bool hbin_prs_lf_records(const char desc, REGF_HBIN hbin,
527	int depth, REGF_NK_REC *nk)
528	{
529	int i;
530	REGF_LF_REC *lf = &nk->subkeys;
531	uint32 data_size, start_off, end_off;
532
533	depth++;
534
535	/* check if we have anything to do first */
536
537	if ( nk->num_subkeys == 0 )
538	return true;
539
540	/* move to the LF record */
541
542	if ( !prs_set_offset( &hbin->ps, nk->subkeys_off + HBIN_MAGIC_SIZE - hbin->first_hbin_off ) )
543	return false;
544
545	/* backup and get the data_size */
546
547	if ( !prs_set_offset( &hbin->ps, hbin->ps.data_offset-sizeof(uint32)) )
548	return false;
549	start_off = hbin->ps.data_offset;
550	if ( !prs_uint32( "rec_size", &hbin->ps, depth, &lf->rec_size ))
551	return false;
552
553	if(!prs_uint8s("header", &hbin->ps, depth,
554	lf->header, sizeof(lf->header)))
555	return false;
556
557	if ( !prs_uint16( "num_keys", &hbin->ps, depth, &lf->num_keys))
558	return false;
559
560	if ( hbin->ps.io ) {
561	if ( !(lf->hashes = (REGF_HASH_REC*)zcalloc(sizeof(REGF_HASH_REC), lf->num_keys )) )
562	return false;
563	}
564
565	for ( i=0; i<lf->num_keys; i++ ) {
566	if ( !prs_hash_rec( "hash_rec", &hbin->ps, depth, &lf->hashes[i] ) )
567	return false;
568	}
569
570	end_off = hbin->ps.data_offset;
571
572	/* data_size must be divisible by 8 and large enough to hold the original record */
573
574	data_size = ((start_off - end_off) & 0xfffffff8 );
575	/* if ( data_size > lf->rec_size )*/
576	/DEBUG(10,("Encountered reused record (0x%x < 0x%x)\n", data_size, lf->rec_size));/
577
578	return true;
579	}
580
581
582	/*******************************************************************
583	*******************************************************************/
584	static bool hbin_prs_sk_rec( const char desc, REGF_HBIN hbin, int depth, REGF_SK_REC *sk )
585	{
586	prs_struct *ps = &hbin->ps;
587	uint16 tag = 0xFFFF;
588	uint32 data_size, start_off, end_off;
589
590
591	depth++;
592
593	if ( !prs_set_offset( &hbin->ps, sk->sk_off + HBIN_MAGIC_SIZE - hbin->first_hbin_off ) )
594	return false;
595
596	/* backup and get the data_size */
597
598	if ( !prs_set_offset( &hbin->ps, hbin->ps.data_offset-sizeof(uint32)) )
599	return false;
600	start_off = hbin->ps.data_offset;
601	if ( !prs_uint32( "rec_size", &hbin->ps, depth, &sk->rec_size ))
602	return false;
603
604	if (!prs_uint8s("header", ps, depth, sk->header, sizeof(sk->header)))
605	return false;
606	if ( !prs_uint16( "tag", ps, depth, &tag))
607	return false;
608
609	if ( !prs_uint32( "prev_sk_off", ps, depth, &sk->prev_sk_off))
610	return false;
611	if ( !prs_uint32( "next_sk_off", ps, depth, &sk->next_sk_off))
612	return false;
613	if ( !prs_uint32( "ref_count", ps, depth, &sk->ref_count))
614	return false;
615	if ( !prs_uint32( "size", ps, depth, &sk->size))
616	return false;
617
618	if ( !sec_io_desc( "sec_desc", &sk->sec_desc, ps, depth ))
619	return false;
620
621	end_off = hbin->ps.data_offset;
622
623	/* data_size must be divisible by 8 and large enough to hold the original record */
624
625	data_size = ((start_off - end_off) & 0xfffffff8 );
626	/* if ( data_size > sk->rec_size )*/
627	/DEBUG(10,("Encountered reused record (0x%x < 0x%x)\n", data_size, sk->rec_size));/
628
629	return true;
630	}
631
632
633	/*******************************************************************
634	*******************************************************************/
635	static bool hbin_prs_vk_rec( const char desc, REGF_HBIN hbin, int depth,
636	REGF_VK_REC vk, REGF_FILE file )
637	{
638	uint32 offset;
639	uint16 name_length;
640	prs_struct *ps = &hbin->ps;
641	uint32 data_size, start_off, end_off;
642
643	depth++;
644
645	/* backup and get the data_size */
646
647	if ( !prs_set_offset( &hbin->ps, hbin->ps.data_offset-sizeof(uint32)) )
648	return false;
649	start_off = hbin->ps.data_offset;
650	if ( !prs_uint32( "rec_size", &hbin->ps, depth, &vk->rec_size ))
651	return false;
652
653	if ( !prs_uint8s("header", ps, depth, vk->header, sizeof( vk->header )) )
654	return false;
655
656	if ( !hbin->ps.io )
657	name_length = strlen(vk->valuename);
658
659	if ( !prs_uint16( "name_length", ps, depth, &name_length ))
660	return false;
661	if ( !prs_uint32( "data_size", ps, depth, &vk->data_size ))
662	return false;
663	if ( !prs_uint32( "data_off", ps, depth, &vk->data_off ))
664	return false;
665	if ( !prs_uint32( "type", ps, depth, &vk->type))
666	return false;
667	if ( !prs_uint16( "flag", ps, depth, &vk->flag))
668	return false;
669
670	offset = ps->data_offset;
671	offset += 2; /* skip 2 bytes */
672	prs_set_offset( ps, offset );
673
674	/* get the name */
675
676	if ( vk->flag&VK_FLAG_NAME_PRESENT ) {
677
678	if ( hbin->ps.io ) {
679	if ( !(vk->valuename = (char*)zcalloc(sizeof(char), name_length+1 )))
680	return false;
681	}
682	if ( !prs_uint8s("name", ps, depth,
683	(uint8*)vk->valuename, name_length) )
684	return false;
685	}
686
687	end_off = hbin->ps.data_offset;
688
689	/* get the data if necessary */
690
691	if ( vk->data_size != 0 )
692	{
693	/* the data is stored in the offset if the size <= 4 */
694	if ( !(vk->data_size & VK_DATA_IN_OFFSET) )
695	{
696	REGF_HBIN *hblock = hbin;
697	uint32 data_rec_size;
698
699	if ( hbin->ps.io )
700	{
701	if ( !(vk->data = (uint8*)zcalloc(sizeof(uint8), vk->data_size) ) )
702	return false;
703	}
704
705	/* this data can be in another hbin */
706	if ( !hbin_contains_offset( hbin, vk->data_off ) )
707	{
708	if ( !(hblock = lookup_hbin_block( file, vk->data_off )) )
709	return false;
710	}
711	if (!(prs_set_offset(&hblock->ps,
712	(vk->data_off
713	+ HBIN_MAGIC_SIZE
714	- hblock->first_hbin_off)
715	- sizeof(uint32))))
716	{ return false; }
717
718	if ( !hblock->ps.io )
719	{
720	data_rec_size = ( (vk->data_size+sizeof(uint32)) & 0xfffffff8 ) + 8;
721	data_rec_size = ( data_rec_size - 1 ) ^ 0xFFFFFFFF;
722	}
723	if ( !prs_uint32( "data_rec_size", &hblock->ps, depth, &data_rec_size ))
724	return false;
725	if(!prs_uint8s("data", &hblock->ps, depth,
726	vk->data, vk->data_size))
727	return false;
728
729	}
730	else
731	{
732	if(!(vk->data = zcalloc(sizeof(uint8), 4)))
733	return false;
734	SIVAL( vk->data, 0, vk->data_off );
735	}
736
737	}
738
739	/* data_size must be divisible by 8 and large enough to hold the original record */
740
741	data_size = ((start_off - end_off ) & 0xfffffff8 );
742	/* XXX: should probably print a warning here */
743	/*if ( data_size != vk->rec_size )
744	DEBUG(10,("prs_vk_rec: data_size check failed (0x%x < 0x%x)\n", data_size, vk->rec_size));*/
745
746	return true;
747	}
748
749
750	/*******************************************************************
751	read a VK record which is contained in the HBIN block stored
752	in the prs_struct *ps.
753	*******************************************************************/
754	static bool hbin_prs_vk_records(const char desc, REGF_HBIN hbin,
755	int depth, REGF_NK_REC nk, REGF_FILE file)
756	{
757	int i;
758	uint32 record_size;
759
760	depth++;
761
762	/* check if we have anything to do first */
763	if(nk->num_values == 0)
764	return true;
765
766	if(hbin->ps.io)
767	{
768	if (!(nk->values = (REGF_VK_REC*)zcalloc(sizeof(REGF_VK_REC),
769	nk->num_values )))
770	return false;
771	}
772
773	/* convert the offset to something relative to this HBIN block */
774	if (!prs_set_offset(&hbin->ps,
775	nk->values_off
776	+ HBIN_MAGIC_SIZE
777	- hbin->first_hbin_off
778	- sizeof(uint32)))
779	{ return false; }
780
781	if ( !hbin->ps.io )
782	{
783	record_size = ( ( nk->num_values * sizeof(uint32) ) & 0xfffffff8 ) + 8;
784	record_size = (record_size - 1) ^ 0xFFFFFFFF;
785	}
786
787	if ( !prs_uint32( "record_size", &hbin->ps, depth, &record_size ) )
788	return false;
789
790	for ( i=0; i<nk->num_values; i++ )
791	{
792	if ( !prs_uint32( "vk_off", &hbin->ps, depth, &nk->values[i].rec_off ) )
793	return false;
794	}
795
796	for ( i=0; i<nk->num_values; i++ )
797	{
798	REGF_HBIN *sub_hbin = hbin;
799	uint32 new_offset;
800
801	if ( !hbin_contains_offset( hbin, nk->values[i].rec_off ) )
802	{
803	sub_hbin = lookup_hbin_block( file, nk->values[i].rec_off );
804	if ( !sub_hbin )
805	{
806	/*DEBUG(0,("hbin_prs_vk_records: Failed to find HBIN block containing offset [0x%x]\n",
807	nk->values[i].hbin_off));*/
808	return false;
809	}
810	}
811
812	new_offset = nk->values[i].rec_off
813	+ HBIN_MAGIC_SIZE
814	- sub_hbin->first_hbin_off;
815
816	if (!prs_set_offset(&sub_hbin->ps, new_offset))
817	return false;
818	if (!hbin_prs_vk_rec("vk_rec", sub_hbin, depth, &nk->values[i], file))
819	return false;
820	}
821
822	return true;
823	}
824
825
826	/*******************************************************************
827	*******************************************************************/
828	static REGF_SK_REC* find_sk_record_by_offset( REGF_FILE *file, uint32 offset )
829	{
830	REGF_SK_REC *p_sk;
831
832	for ( p_sk=file->sec_desc_list; p_sk; p_sk=p_sk->next ) {
833	if ( p_sk->sk_off == offset )
834	return p_sk;
835	}
836
837	return NULL;
838	}
839
840
841	/*******************************************************************
842	*******************************************************************/
843	static REGF_SK_REC* find_sk_record_by_sec_desc( REGF_FILE file, SEC_DESC sd )
844	{
845	REGF_SK_REC *p;
846
847	for ( p=file->sec_desc_list; p; p=p->next ) {
848	if ( sec_desc_equal( p->sec_desc, sd ) )
849	return p;
850	}
851
852	/* failure */
853
854	return NULL;
855	}
856
857
858	/*******************************************************************
859	*******************************************************************/
860	static bool hbin_prs_key( REGF_FILE file, REGF_HBIN hbin, REGF_NK_REC *nk )
861	{
862	int depth = 0;
863	REGF_HBIN *sub_hbin;
864
865	depth++;
866
867	/* get the initial nk record */
868	if (!prs_nk_rec("nk_rec", &hbin->ps, depth, nk))
869	return false;
870
871	/* fill in values */
872	if ( nk->num_values && (nk->values_off!=REGF_OFFSET_NONE) )
873	{
874	sub_hbin = hbin;
875	if ( !hbin_contains_offset( hbin, nk->values_off ) )
876	{
877	sub_hbin = lookup_hbin_block( file, nk->values_off );
878	if ( !sub_hbin )
879	{
880	/*DEBUG(0,("hbin_prs_key: Failed to find HBIN block containing value_list_offset [0x%x]\n",
881	nk->values_off));*/
882	return false;
883	}
884	}
885
886	if(!hbin_prs_vk_records("vk_rec", sub_hbin, depth, nk, file))
887	return false;
888	}
889
890	/* now get subkeys */
891	if ( nk->num_subkeys && (nk->subkeys_off!=REGF_OFFSET_NONE) )
892	{
893	sub_hbin = hbin;
894	if ( !hbin_contains_offset( hbin, nk->subkeys_off ) )
895	{
896	sub_hbin = lookup_hbin_block( file, nk->subkeys_off );
897	if ( !sub_hbin )
898	{
899	/*DEBUG(0,("hbin_prs_key: Failed to find HBIN block containing subkey_offset [0x%x]\n",
900	nk->subkeys_off));*/
901	return false;
902	}
903	}
904
905	if (!hbin_prs_lf_records("lf_rec", sub_hbin, depth, nk))
906	return false;
907	}
908
909	/* get the to the security descriptor. First look if we have already parsed it */
910
911	if ((nk->sk_off!=REGF_OFFSET_NONE)
912	&& !(nk->sec_desc = find_sk_record_by_offset( file, nk->sk_off )))
913	{
914	sub_hbin = hbin;
915	if (!hbin_contains_offset(hbin, nk->sk_off))
916	{
917	sub_hbin = lookup_hbin_block( file, nk->sk_off );
918	if ( !sub_hbin ) {
919	/*DEBUG(0,("hbin_prs_key: Failed to find HBIN block containing sk_offset [0x%x]\n",
920	nk->subkeys_off));*/
921	return false;
922	}
923	}
924
925	if ( !(nk->sec_desc = (REGF_SK_REC*)zalloc(sizeof(REGF_SK_REC) )) )
926	return false;
927	nk->sec_desc->sk_off = nk->sk_off;
928	if ( !hbin_prs_sk_rec( "sk_rec", sub_hbin, depth, nk->sec_desc ))
929	return false;
930
931	/* add to the list of security descriptors (ref_count has been read from the files) */
932
933	nk->sec_desc->sk_off = nk->sk_off;
934	/* XXX: this kind of caching needs to be re-evaluated */
935	DLIST_ADD( file->sec_desc_list, nk->sec_desc );
936	}
937
938	return true;
939	}
940
941
942	/*******************************************************************
943	*******************************************************************/
944	static bool next_record( REGF_HBIN hbin, const char hdr, bool *eob )
945	{
946	uint8 header[REC_HDR_SIZE] = "";
947	uint32 record_size;
948	uint32 curr_off, block_size;
949	bool found = false;
950	prs_struct *ps = &hbin->ps;
951
952	curr_off = ps->data_offset;
953	if ( curr_off == 0 )
954	prs_set_offset( ps, HBIN_HEADER_REC_SIZE+4 );
955
956	/* assume that the current offset is at the reacord header
957	and we need to backup to read the record size */
958	curr_off -= sizeof(uint32);
959
960	block_size = ps->buffer_size;
961	record_size = 0;
962	while ( !found )
963	{
964	curr_off = curr_off+record_size;
965	if ( curr_off >= block_size )
966	break;
967
968	if ( !prs_set_offset( &hbin->ps, curr_off) )
969	return false;
970
971	if ( !prs_uint32( "record_size", ps, 0, &record_size ) )
972	return false;
973	if ( !prs_uint8s("header", ps, 0, header, REC_HDR_SIZE ) )
974	return false;
975
976	if ( record_size & 0x80000000 ) {
977	/* absolute_value(record_size) */
978	record_size = (record_size ^ 0xffffffff) + 1;
979	}
980
981	if ( memcmp( header, hdr, REC_HDR_SIZE ) == 0 ) {
982	found = true;
983	curr_off += sizeof(uint32);
984	}
985	}
986
987	/* mark prs_struct as done ( at end ) if no more SK records */
988	/* mark end-of-block as true */
989	if ( !found )
990	{
991	prs_set_offset( &hbin->ps, hbin->ps.buffer_size );
992	*eob = true;
993	return false;
994	}
995
996	if (!prs_set_offset(ps, curr_off))
997	return false;
998
999	return true;
1000	}
1001
1002
1003	/*******************************************************************
1004	*******************************************************************/
1005	static bool next_nk_record(REGF_FILE file, REGF_HBIN hbin,
1006	REGF_NK_REC nk, bool eob)
1007	{
1008	if (next_record(hbin, "nk", eob)
1009	&& hbin_prs_key(file, hbin, nk))
1010	return true;
1011
1012	return false;
1013	}
1014
1015
1016	/*******************************************************************
1017	* Open the registry file and then read in the REGF block to get the
1018	* first hbin offset.
1019	*******************************************************************/
1020	REGF_FILE* regfi_open(const char* filename)
1021	{
1022	REGF_FILE* rb;
1023	int fd;
1024	int flags = O_RDONLY;
1025
1026	/* open an existing file */
1027	if ((fd = open(filename, flags)) == -1)
1028	{
1029	/* DEBUG(0,("regfi_open: failure to open %s (%s)\n", filename, strerror(errno)));*/
1030	return NULL;
1031	}
1032
1033	/* read in an existing file */
1034	if ((rb = regfi_parse_regf(fd, true)) == NULL)
1035	{
1036	/* DEBUG(0,("regfi_open: Failed to read initial REGF block\n"));*/
1037	close(fd);
1038	return NULL;
1039	}
1040
1041	/* success */
1042	return rb;
1043	}
1044
1045
1046	/*******************************************************************
1047	XXX: should this be nuked?
1048	*******************************************************************/
1049	static void regfi_mem_free( REGF_FILE *file )
1050	{
1051	/* free any zalloc()'d memory */
1052
1053	/* if ( file && file->mem_ctx )
1054	free(file->mem_ctx);
1055	*/
1056	}
1057
1058
1059	/*******************************************************************
1060	*******************************************************************/
1061	int regfi_close( REGF_FILE *file )
1062	{
1063	int fd;
1064
1065	regfi_mem_free( file );
1066
1067	/* nothing to do if there is no open file */
1068
1069	if ( !file \|\| (file->fd == -1) )
1070	return 0;
1071
1072	fd = file->fd;
1073	file->fd = -1;
1074	SAFE_FREE( file );
1075
1076	return close( fd );
1077	}
1078
1079
1080	/******************************************************************************
1081	* There should be only one root key in the registry file based
1082	* on my experience. --jerry
1083	*****************************************************************************/
1084	REGF_NK_REC* regfi_rootkey( REGF_FILE *file )
1085	{
1086	REGF_NK_REC *nk;
1087	REGF_HBIN *hbin;
1088	uint32 offset = REGF_BLOCKSIZE;
1089	bool found = false;
1090	bool eob;
1091
1092	if ( !file )
1093	return NULL;
1094
1095	if ( !(nk = (REGF_NK_REC*)zalloc(sizeof(REGF_NK_REC) )) ) {
1096	/DEBUG(0,("regfi_rootkey: zalloc() failed!\n"));/
1097	return NULL;
1098	}
1099
1100	/* scan through the file on HBIN block at a time looking
1101	for an NK record with a type == 0x002c.
1102	Normally this is the first nk record in the first hbin
1103	block (but I'm not assuming that for now) */
1104
1105	while ( (hbin = regfi_parse_hbin(file, offset, true, false)) ) {
1106	eob = false;
1107
1108	while ( !eob) {
1109	if ( next_nk_record( file, hbin, nk, &eob ) ) {
1110	if ( nk->key_type == NK_TYPE_ROOTKEY ) {
1111	found = true;
1112	break;
1113	}
1114	}
1115	if(hbin->ps.is_dynamic)
1116	SAFE_FREE(hbin->ps.data_p);
1117	hbin->ps.is_dynamic = false;
1118	hbin->ps.buffer_size = 0;
1119	hbin->ps.data_offset = 0;
1120	}
1121
1122	if ( found )
1123	break;
1124
1125	offset += hbin->block_size;
1126	}
1127
1128	if ( !found ) {
1129	/DEBUG(0,("regfi_rootkey: corrupt registry file ? No root key record located\n"));/
1130	return NULL;
1131	}
1132
1133	/* XXX: this kind of caching needs to be re-evaluated */
1134	DLIST_ADD( file->block_list, hbin );
1135
1136	return nk;
1137	}
1138
1139
1140	/******************************************************************************
1141	*****************************************************************************/
1142	void regfi_key_free(REGF_NK_REC* nk)
1143	{
1144	uint32 i;
1145
1146	if((nk->values != NULL) && (nk->values_off!=REGF_OFFSET_NONE))
1147	{
1148	for(i=0; i < nk->num_values; i++)
1149	{
1150	if(nk->values[i].valuename != NULL)
1151	free(nk->values[i].valuename);
1152	if(nk->values[i].data != NULL)
1153	free(nk->values[i].data);
1154	}
1155	free(nk->values);
1156	}
1157
1158	if(nk->keyname != NULL)
1159	free(nk->keyname);
1160	if(nk->classname != NULL)
1161	free(nk->classname);
1162
1163	/* XXX: not freeing hbin because these are cached. This needs to be reviewed. */
1164	/* XXX: not freeing sec_desc because these are cached. This needs to be reviewed. */
1165	free(nk);
1166	}
1167
1168
1169	/******************************************************************************
1170	*****************************************************************************/
1171	REGFI_ITERATOR* regfi_iterator_new(REGF_FILE* fh)
1172	{
1173	REGF_NK_REC* root;
1174	REGFI_ITERATOR* ret_val = (REGFI_ITERATOR*)malloc(sizeof(REGFI_ITERATOR));
1175	if(ret_val == NULL)
1176	return NULL;
1177
1178	root = regfi_rootkey(fh);
1179	if(root == NULL)
1180	{
1181	free(ret_val);
1182	return NULL;
1183	}
1184
1185	ret_val->key_positions = void_stack_new(REGF_MAX_DEPTH);
1186	if(ret_val->key_positions == NULL)
1187	{
1188	free(ret_val);
1189	free(root);
1190	return NULL;
1191	}
1192
1193	ret_val->f = fh;
1194	ret_val->cur_key = root;
1195	ret_val->cur_subkey = 0;
1196	ret_val->cur_value = 0;
1197
1198	return ret_val;
1199	}
1200
1201
1202	/******************************************************************************
1203	*****************************************************************************/
1204	void regfi_iterator_free(REGFI_ITERATOR* i)
1205	{
1206	REGFI_ITER_POSITION* cur;
1207
1208	if(i->cur_key != NULL)
1209	regfi_key_free(i->cur_key);
1210
1211	while((cur = (REGFI_ITER_POSITION*)void_stack_pop(i->key_positions)) != NULL)
1212	{
1213	regfi_key_free(cur->nk);
1214	free(cur);
1215	}
1216
1217	free(i);
1218	}
1219
1220
1221
1222	/******************************************************************************
1223	*****************************************************************************/
1224	/* XXX: some way of indicating reason for failure should be added. */
1225	bool regfi_iterator_down(REGFI_ITERATOR* i)
1226	{
1227	REGF_NK_REC* subkey;
1228	REGFI_ITER_POSITION* pos;
1229
1230	pos = (REGFI_ITER_POSITION*)malloc(sizeof(REGFI_ITER_POSITION));
1231	if(pos == NULL)
1232	return false;
1233
1234	subkey = (REGF_NK_REC*)regfi_iterator_cur_subkey(i);
1235	if(subkey == NULL)
1236	{
1237	free(pos);
1238	return false;
1239	}
1240
1241	pos->nk = i->cur_key;
1242	pos->cur_subkey = i->cur_subkey;
1243	if(!void_stack_push(i->key_positions, pos))
1244	{
1245	free(pos);
1246	regfi_key_free(subkey);
1247	return false;
1248	}
1249
1250	i->cur_key = subkey;
1251	i->cur_subkey = 0;
1252	i->cur_value = 0;
1253
1254	return true;
1255	}
1256
1257
1258	/******************************************************************************
1259	*****************************************************************************/
1260	bool regfi_iterator_up(REGFI_ITERATOR* i)
1261	{
1262	REGFI_ITER_POSITION* pos;
1263
1264	pos = (REGFI_ITER_POSITION*)void_stack_pop(i->key_positions);
1265	if(pos == NULL)
1266	return false;
1267
1268	regfi_key_free(i->cur_key);
1269	i->cur_key = pos->nk;
1270	i->cur_subkey = pos->cur_subkey;
1271	i->cur_value = 0;
1272	free(pos);
1273
1274	return true;
1275	}
1276
1277
1278	/******************************************************************************
1279	*****************************************************************************/
1280	bool regfi_iterator_to_root(REGFI_ITERATOR* i)
1281	{
1282	while(regfi_iterator_up(i))
1283	continue;
1284
1285	return true;
1286	}
1287
1288
1289	/******************************************************************************
1290	*****************************************************************************/
1291	bool regfi_iterator_find_subkey(REGFI_ITERATOR* i, const char* subkey_name)
1292	{
1293	REGF_NK_REC* subkey;
1294	bool found = false;
1295	uint32 old_subkey = i->cur_subkey;
1296
1297	if(subkey_name == NULL)
1298	return false;
1299
1300	/* XXX: this alloc/free of each sub key might be a bit excessive */
1301	subkey = (REGF_NK_REC*)regfi_iterator_first_subkey(i);
1302	while((subkey != NULL) && (found == false))
1303	{
1304	if(subkey->keyname != NULL
1305	&& strcasecmp(subkey->keyname, subkey_name) == 0)
1306	found = true;
1307	else
1308	{
1309	regfi_key_free(subkey);
1310	subkey = (REGF_NK_REC*)regfi_iterator_next_subkey(i);
1311	}
1312	}
1313
1314	if(found == false)
1315	{
1316	i->cur_subkey = old_subkey;
1317	return false;
1318	}
1319
1320	regfi_key_free(subkey);
1321	return true;
1322	}
1323
1324
1325	/******************************************************************************
1326	*****************************************************************************/
1327	bool regfi_iterator_walk_path(REGFI_ITERATOR* i, const char** path)
1328	{
1329	uint32 x;
1330	if(path == NULL)
1331	return false;
1332
1333	for(x=0;
1334	((path[x] != NULL) && regfi_iterator_find_subkey(i, path[x])
1335	&& regfi_iterator_down(i));
1336	x++)
1337	{ continue; }
1338
1339	if(path[x] == NULL)
1340	return true;
1341
1342	/* XXX: is this the right number of times? */
1343	for(; x > 0; x--)
1344	regfi_iterator_up(i);
1345
1346	return false;
1347	}
1348
1349
1350	/******************************************************************************
1351	*****************************************************************************/
1352	const REGF_NK_REC* regfi_iterator_cur_key(REGFI_ITERATOR* i)
1353	{
1354	return i->cur_key;
1355	}
1356
1357
1358	/******************************************************************************
1359	*****************************************************************************/
1360	const REGF_NK_REC* regfi_iterator_first_subkey(REGFI_ITERATOR* i)
1361	{
1362	i->cur_subkey = 0;
1363	return regfi_iterator_cur_subkey(i);
1364	}
1365
1366
1367	/******************************************************************************
1368	*****************************************************************************/
1369	const REGF_NK_REC* regfi_iterator_cur_subkey(REGFI_ITERATOR* i)
1370	{
1371	REGF_NK_REC* subkey;
1372	REGF_HBIN* hbin;
1373	uint32 nk_offset;
1374
1375	/* see if there is anything left to report */
1376	if (!(i->cur_key) \|\| (i->cur_key->subkeys_off==REGF_OFFSET_NONE)
1377	\|\| (i->cur_subkey >= i->cur_key->num_subkeys))
1378	return NULL;
1379
1380	nk_offset = i->cur_key->subkeys.hashes[i->cur_subkey].nk_off;
1381
1382	/* find the HBIN block which should contain the nk record */
1383	hbin = lookup_hbin_block(i->f, nk_offset);
1384	if(!hbin)
1385	{
1386	/* XXX: should print out some kind of error message every time here */
1387	/*DEBUG(0,("hbin_prs_key: Failed to find HBIN block containing offset [0x%x]\n",
1388	i->cur_key->subkeys.hashes[i->cur_subkey].nk_off));*/
1389	return NULL;
1390	}
1391
1392	if(!prs_set_offset(&hbin->ps,
1393	HBIN_MAGIC_SIZE + nk_offset - hbin->first_hbin_off))
1394	return NULL;
1395
1396	if(!(subkey = (REGF_NK_REC*)zalloc(sizeof(REGF_NK_REC))))
1397	return NULL;
1398
1399	if(!hbin_prs_key(i->f, hbin, subkey))
1400	{
1401	regfi_key_free(subkey);
1402	return NULL;
1403	}
1404
1405	return subkey;
1406	}
1407
1408
1409	/******************************************************************************
1410	*****************************************************************************/
1411	/* XXX: some way of indicating reason for failure should be added. */
1412	const REGF_NK_REC* regfi_iterator_next_subkey(REGFI_ITERATOR* i)
1413	{
1414	const REGF_NK_REC* subkey;
1415
1416	i->cur_subkey++;
1417	subkey = regfi_iterator_cur_subkey(i);
1418
1419	if(subkey == NULL)
1420	i->cur_subkey--;
1421
1422	return subkey;
1423	}
1424
1425
1426	/******************************************************************************
1427	*****************************************************************************/
1428	bool regfi_iterator_find_value(REGFI_ITERATOR* i, const char* value_name)
1429	{
1430	const REGF_VK_REC* cur;
1431	bool found = false;
1432
1433	/* XXX: cur->valuename can be NULL in the registry.
1434	* Should we allow for a way to search for that?
1435	*/
1436	if(value_name == NULL)
1437	return false;
1438
1439	cur = regfi_iterator_first_value(i);
1440	while((cur != NULL) && (found == false))
1441	{
1442	if((cur->valuename != NULL)
1443	&& (strcasecmp(cur->valuename, value_name) == 0))
1444	found = true;
1445	else
1446	cur = regfi_iterator_next_value(i);
1447	}
1448
1449	return found;
1450	}
1451
1452
1453	/******************************************************************************
1454	*****************************************************************************/
1455	const REGF_VK_REC* regfi_iterator_first_value(REGFI_ITERATOR* i)
1456	{
1457	i->cur_value = 0;
1458	return regfi_iterator_cur_value(i);
1459	}
1460
1461
1462	/******************************************************************************
1463	*****************************************************************************/
1464	const REGF_VK_REC* regfi_iterator_cur_value(REGFI_ITERATOR* i)
1465	{
1466	REGF_VK_REC* ret_val = NULL;
1467	if(i->cur_value < i->cur_key->num_values)
1468	ret_val = &(i->cur_key->values[i->cur_value]);
1469
1470	return ret_val;
1471	}
1472
1473
1474	/******************************************************************************
1475	*****************************************************************************/
1476	const REGF_VK_REC* regfi_iterator_next_value(REGFI_ITERATOR* i)
1477	{
1478	const REGF_VK_REC* ret_val;
1479
1480	i->cur_value++;
1481	ret_val = regfi_iterator_cur_value(i);
1482	if(ret_val == NULL)
1483	i->cur_value--;
1484
1485	return ret_val;
1486	}
1487
1488
1489
1490	/****************/
1491	/* Experimental */
1492	/****************/
1493	/*
1494	typedef struct {
1495	uint32 offset;
1496	uint32 size;
1497	} REGFI_CELL_INFO;
1498
1499	typedef struct {
1500	uint32 count
1501	REGFI_CELL_INFO** cells;
1502	} REGFI_CELL_LIST;
1503	*/
1504
1505
1506	/*******************************************************************
1507	* Computes the checksum of the registry file header.
1508	* buffer must be at least the size of an regf header (4096 bytes).
1509	*******************************************************************/
1510	static uint32 regfi_compute_header_checksum(uint8* buffer)
1511	{
1512	uint32 checksum, x;
1513	int i;
1514
1515	/* XOR of all bytes 0x0000 - 0x01FB */
1516
1517	checksum = x = 0;
1518
1519	for ( i=0; i<0x01FB; i+=4 ) {
1520	x = IVAL(buffer, i );
1521	checksum ^= x;
1522	}
1523
1524	return checksum;
1525	}
1526
1527
1528	/*******************************************************************
1529	* TODO: add way to return more detailed error information.
1530	*******************************************************************/
1531	REGF_FILE* regfi_parse_regf(int fd, bool strict)
1532	{
1533	uint8 file_header[REGF_BLOCKSIZE];
1534	uint32 ret, length;
1535	uint32 file_length;
1536	struct stat sbuf;
1537	REGF_FILE* ret_val;
1538
1539	/* Determine file length. Must be at least big enough
1540	* for the header and one hbin.
1541	*/
1542	if (fstat(fd, &sbuf) == -1)
1543	return NULL;
1544	file_length = sbuf.st_size;
1545	if(file_length < REGF_BLOCKSIZE+REGF_ALLOC_BLOCK)
1546	return NULL;
1547
1548	ret_val = (REGF_FILE*)zalloc(sizeof(REGF_FILE));
1549	if(ret_val == NULL)
1550	return NULL;
1551
1552	ret_val->fd = fd;
1553	ret_val->file_length = file_length;
1554
1555	length = REGF_BLOCKSIZE;
1556	if((ret = regfi_read(fd, file_header, &length)) != 0
1557	\|\| length != REGF_BLOCKSIZE)
1558	{
1559	free(ret_val);
1560	return NULL;
1561	}
1562
1563	ret_val->checksum = IVAL(file_header, 0x1FC);
1564	ret_val->computed_checksum = regfi_compute_header_checksum(file_header);
1565	if (strict && (ret_val->checksum != ret_val->computed_checksum))
1566	{
1567	free(ret_val);
1568	return NULL;
1569	}
1570
1571	memcpy(ret_val->magic, file_header, 4);
1572	if(strict && (memcmp(ret_val->magic, "regf", 4) != 0))
1573	{
1574	free(ret_val);
1575	return NULL;
1576	}
1577
1578	ret_val->unknown1 = IVAL(file_header, 0x4);
1579	ret_val->unknown2 = IVAL(file_header, 0x8);
1580
1581	ret_val->mtime.low = IVAL(file_header, 0xC);
1582	ret_val->mtime.high = IVAL(file_header, 0x10);
1583
1584	ret_val->unknown3 = IVAL(file_header, 0x14);
1585	ret_val->unknown4 = IVAL(file_header, 0x18);
1586	ret_val->unknown5 = IVAL(file_header, 0x1C);
1587	ret_val->unknown6 = IVAL(file_header, 0x20);
1588
1589	ret_val->data_offset = IVAL(file_header, 0x24);
1590	ret_val->last_block = IVAL(file_header, 0x28);
1591
1592	ret_val->unknown7 = IVAL(file_header, 0x2C);
1593
1594	return ret_val;
1595	}
1596
1597
1598
1599	/*******************************************************************
1600	* Given real file offset, read and parse the hbin at that location
1601	* along with it's associated cells. If save_unalloc is true, a list
1602	* of unallocated cell offsets will be stored in TODO.
1603	*******************************************************************/
1604	/* TODO: Need a way to return types of errors. Also need to free
1605	* the hbin/ps when an error occurs.
1606	*/
1607	REGF_HBIN* regfi_parse_hbin(REGF_FILE* file, uint32 offset,
1608	bool strict, bool save_unalloc)
1609	{
1610	REGF_HBIN *hbin;
1611	uint8 hbin_header[HBIN_HEADER_REC_SIZE];
1612	uint32 length, curr_off;
1613	int32 cell_len;
1614	bool is_unalloc;
1615
1616	if(!(hbin = (REGF_HBIN*)zalloc(sizeof(REGF_HBIN))))
1617	return NULL;
1618	hbin->file_off = offset;
1619
1620	if(lseek(file->fd, offset, SEEK_SET) == -1)
1621	return NULL;
1622
1623	length = HBIN_HEADER_REC_SIZE;
1624	if((regfi_read(file->fd, hbin_header, &length) != 0)
1625	\|\| length != HBIN_HEADER_REC_SIZE)
1626	return NULL;
1627
1628	if(lseek(file->fd, offset, SEEK_SET) == -1)
1629	return NULL;
1630
1631	memcpy(hbin->magic, hbin_header, 4);
1632	if(strict && (memcmp(hbin->magic, "hbin", 4) != 0))
1633	return NULL;
1634
1635	hbin->first_hbin_off = IVAL(hbin_header, 0x4);
1636	hbin->block_size = IVAL(hbin_header, 0x8);
1637	/* this should be the same thing as hbin->block_size but just in case */
1638	hbin->next_block = IVAL(hbin_header, 0x1C);
1639
1640
1641	/* TODO: This check is this more of a way to determine if they are ever
1642	* not the same than to really do sanity checking. This may need
1643	* to be changed or removed once these fields are better understood. */
1644	if(strict && (hbin->block_size != hbin->next_block))
1645	{
1646	fprintf(stderr, "DEBUG: hbin->block_size != hbin->next_block\n");
1647	return NULL;
1648	}
1649
1650
1651	/* Ensure the block size is a multiple of 0x1000 and doesn't run off
1652	* the end of the file.
1653	*/
1654	/* TODO: This may need to be relaxed for dealing with
1655	* partial or corrupt files. */
1656	if((offset + hbin->block_size > file->file_length)
1657	\|\| (hbin->block_size & 0xFFFFF000) != hbin->block_size)
1658	return NULL;
1659
1660
1661	/* TODO: need to get rid of this, but currently lots depends on the
1662	* ps structure.
1663	*/
1664	if(!prs_init(&hbin->ps, hbin->block_size, file->mem_ctx, UNMARSHALL))
1665	return NULL;
1666	length = hbin->block_size;
1667	if((regfi_read(file->fd, (uint8*)hbin->ps.data_p, &length) != 0)
1668	\|\| length != hbin->block_size)
1669	return NULL;
1670
1671
1672	if(save_unalloc)
1673	{
1674	is_unalloc = false;
1675	cell_len = 0;
1676	curr_off = HBIN_HEADER_REC_SIZE;
1677	while ( curr_off < hbin->block_size )
1678	{
1679	cell_len = IVALS(hbin->ps.data_p, curr_off);
1680
1681	if(cell_len > 0)
1682	is_unalloc = true;
1683	else
1684	cell_len = -1*cell_len;
1685
1686	if((cell_len == 0) \|\| ((cell_len & 0xFFFFFFFC) != cell_len))
1687	/* TODO: should report an error here. */
1688	break;
1689
1690	/* for some reason the record_size of the last record in
1691	an hbin block can extend past the end of the block
1692	even though the record fits within the remaining
1693	space....aaarrrgggghhhhhh */
1694	if(curr_off + cell_len >= hbin->block_size)
1695	cell_len = hbin->block_size - curr_off;
1696
1697	if(is_unalloc)
1698	/* TODO: save cell info */
1699
1700	curr_off = curr_off+cell_len;
1701	}
1702	}
1703
1704	/* TODO: need to get rid of this, but currently lots depends on the
1705	* ps structure.
1706	*/
1707	if(!prs_set_offset(&hbin->ps, file->data_offset+HBIN_MAGIC_SIZE))
1708	return NULL;
1709
1710	return hbin;
1711	}
1712
1713
1714	/*****************************************************************************
1715	* This function is just like read(2), except that it continues to
1716	* re-try reading from the file descriptor if EINTR or EAGAIN is received.
1717	* regfi_read will attempt to read length bytes from fd and write them to buf.
1718	*
1719	* On success, 0 is returned. Upon failure, an errno code is returned.
1720	*
1721	* The number of bytes successfully read is returned through the length
1722	* parameter by reference. If both the return value and length parameter are
1723	* returned as 0, then EOF was encountered immediately
1724	*****************************************************************************/
1725	uint32 regfi_read(int fd, uint8* buf, uint32* length)
1726	{
1727	uint32 rsize = 0;
1728	uint32 rret = 0;
1729
1730	do
1731	{
1732	rret = read(fd, buf + rsize, *length - rsize);
1733	if(rret > 0)
1734	rsize += rret;
1735	}while(*length - rsize > 0
1736	&& (rret > 0 \|\| (rret == -1 && (errno == EAGAIN \|\| errno == EINTR))));
1737
1738	*length = rsize;
1739	if (rret == -1 && errno != EINTR && errno != EAGAIN)
1740	return errno;
1741
1742	return 0;
1743	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: