1 | /* |
---|
2 | * Branched from Samba project Subversion repository, version #7470: |
---|
3 | * http://websvn.samba.org/cgi-bin/viewcvs.cgi/trunk/source/registry/regfio.c |
---|
4 | * |
---|
5 | * Unix SMB/CIFS implementation. |
---|
6 | * Windows NT registry I/O library |
---|
7 | * |
---|
8 | * Copyright (C) 2005-2006 Timothy D. Morgan |
---|
9 | * Copyright (C) 2005 Gerald (Jerry) Carter |
---|
10 | * |
---|
11 | * This program is free software; you can redistribute it and/or modify |
---|
12 | * it under the terms of the GNU General Public License as published by |
---|
13 | * the Free Software Foundation; version 2 of the License. |
---|
14 | * |
---|
15 | * This program is distributed in the hope that it will be useful, |
---|
16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
---|
17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
---|
18 | * GNU General Public License for more details. |
---|
19 | * |
---|
20 | * You should have received a copy of the GNU General Public License |
---|
21 | * along with this program; if not, write to the Free Software |
---|
22 | * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. |
---|
23 | * |
---|
24 | * $Id: regfi.c 80 2007-01-17 01:46:07Z tim $ |
---|
25 | */ |
---|
26 | |
---|
27 | #include "../include/regfio.h" |
---|
28 | |
---|
29 | |
---|
30 | /* Registry types mapping */ |
---|
31 | const unsigned int regfi_num_reg_types = 12; |
---|
32 | static const char* regfi_type_names[] = |
---|
33 | {"NONE", "SZ", "EXPAND_SZ", "BINARY", "DWORD", "DWORD_BE", "LINK", |
---|
34 | "MULTI_SZ", "RSRC_LIST", "RSRC_DESC", "RSRC_REQ_LIST", "QWORD"}; |
---|
35 | |
---|
36 | |
---|
37 | /* Returns NULL on error */ |
---|
38 | const char* regfi_type_val2str(unsigned int val) |
---|
39 | { |
---|
40 | if(val == REG_KEY) |
---|
41 | return "KEY"; |
---|
42 | |
---|
43 | if(val >= regfi_num_reg_types) |
---|
44 | return NULL; |
---|
45 | |
---|
46 | return regfi_type_names[val]; |
---|
47 | } |
---|
48 | |
---|
49 | |
---|
50 | /* Returns -1 on error */ |
---|
51 | int regfi_type_str2val(const char* str) |
---|
52 | { |
---|
53 | int i; |
---|
54 | |
---|
55 | if(strcmp("KEY", str) == 0) |
---|
56 | return REG_KEY; |
---|
57 | |
---|
58 | for(i=0; i < regfi_num_reg_types; i++) |
---|
59 | if (strcmp(regfi_type_names[i], str) == 0) |
---|
60 | return i; |
---|
61 | |
---|
62 | if(strcmp("DWORD_LE", str) == 0) |
---|
63 | return REG_DWORD_LE; |
---|
64 | |
---|
65 | return -1; |
---|
66 | } |
---|
67 | |
---|
68 | |
---|
69 | /* Security descriptor parsing functions */ |
---|
70 | |
---|
71 | const char* regfi_ace_type2str(uint8 type) |
---|
72 | { |
---|
73 | static const char* map[7] |
---|
74 | = {"ALLOW", "DENY", "AUDIT", "ALARM", |
---|
75 | "ALLOW CPD", "OBJ ALLOW", "OBJ DENY"}; |
---|
76 | if(type < 7) |
---|
77 | return map[type]; |
---|
78 | else |
---|
79 | /* XXX: would be nice to return the unknown integer value. |
---|
80 | * However, as it is a const string, it can't be free()ed later on, |
---|
81 | * so that would need to change. |
---|
82 | */ |
---|
83 | return "UNKNOWN"; |
---|
84 | } |
---|
85 | |
---|
86 | |
---|
87 | /* XXX: need a better reference on the meaning of each flag. */ |
---|
88 | /* For more info, see: |
---|
89 | * http://msdn2.microsoft.com/en-us/library/aa772242.aspx |
---|
90 | */ |
---|
91 | char* regfi_ace_flags2str(uint8 flags) |
---|
92 | { |
---|
93 | static const char* flag_map[32] = |
---|
94 | { "OI", |
---|
95 | "CI", |
---|
96 | "NP", |
---|
97 | "IO", |
---|
98 | "IA", |
---|
99 | NULL, |
---|
100 | NULL, |
---|
101 | NULL, |
---|
102 | }; |
---|
103 | |
---|
104 | char* ret_val = malloc(35*sizeof(char)); |
---|
105 | char* fo = ret_val; |
---|
106 | uint32 i; |
---|
107 | uint8 f; |
---|
108 | |
---|
109 | if(ret_val == NULL) |
---|
110 | return NULL; |
---|
111 | |
---|
112 | fo[0] = '\0'; |
---|
113 | if (!flags) |
---|
114 | return ret_val; |
---|
115 | |
---|
116 | for(i=0; i < 8; i++) |
---|
117 | { |
---|
118 | f = (1<<i); |
---|
119 | if((flags & f) && (flag_map[i] != NULL)) |
---|
120 | { |
---|
121 | strcpy(fo, flag_map[i]); |
---|
122 | fo += strlen(flag_map[i]); |
---|
123 | *(fo++) = ' '; |
---|
124 | flags ^= f; |
---|
125 | } |
---|
126 | } |
---|
127 | |
---|
128 | /* Any remaining unknown flags are added at the end in hex. */ |
---|
129 | if(flags != 0) |
---|
130 | sprintf(fo, "0x%.2X ", flags); |
---|
131 | |
---|
132 | /* Chop off the last space if we've written anything to ret_val */ |
---|
133 | if(fo != ret_val) |
---|
134 | fo[-1] = '\0'; |
---|
135 | |
---|
136 | /* XXX: what was this old VI flag for?? |
---|
137 | XXX: Is this check right? 0xF == 1|2|4|8, which makes it redundant... |
---|
138 | if (flags == 0xF) { |
---|
139 | if (some) strcat(flg_output, " "); |
---|
140 | some = 1; |
---|
141 | strcat(flg_output, "VI"); |
---|
142 | } |
---|
143 | */ |
---|
144 | |
---|
145 | return ret_val; |
---|
146 | } |
---|
147 | |
---|
148 | |
---|
149 | char* regfi_ace_perms2str(uint32 perms) |
---|
150 | { |
---|
151 | uint32 i, p; |
---|
152 | /* This is more than is needed by a fair margin. */ |
---|
153 | char* ret_val = malloc(350*sizeof(char)); |
---|
154 | char* r = ret_val; |
---|
155 | |
---|
156 | /* Each represents one of 32 permissions bits. NULL is for undefined/reserved bits. |
---|
157 | * For more information, see: |
---|
158 | * http://msdn2.microsoft.com/en-gb/library/aa374892.aspx |
---|
159 | * http://msdn2.microsoft.com/en-gb/library/ms724878.aspx |
---|
160 | */ |
---|
161 | static const char* perm_map[32] = |
---|
162 | {/* object-specific permissions (registry keys, in this case) */ |
---|
163 | "QRY_VAL", /* KEY_QUERY_VALUE */ |
---|
164 | "SET_VAL", /* KEY_SET_VALUE */ |
---|
165 | "CREATE_KEY", /* KEY_CREATE_SUB_KEY */ |
---|
166 | "ENUM_KEYS", /* KEY_ENUMERATE_SUB_KEYS */ |
---|
167 | "NOTIFY", /* KEY_NOTIFY */ |
---|
168 | "CREATE_LNK", /* KEY_CREATE_LINK - Reserved for system use. */ |
---|
169 | NULL, |
---|
170 | NULL, |
---|
171 | "WOW64_64", /* KEY_WOW64_64KEY */ |
---|
172 | "WOW64_32", /* KEY_WOW64_32KEY */ |
---|
173 | NULL, |
---|
174 | NULL, |
---|
175 | NULL, |
---|
176 | NULL, |
---|
177 | NULL, |
---|
178 | NULL, |
---|
179 | /* standard access rights */ |
---|
180 | "DELETE", /* DELETE */ |
---|
181 | "R_CONT", /* READ_CONTROL */ |
---|
182 | "W_DAC", /* WRITE_DAC */ |
---|
183 | "W_OWNER", /* WRITE_OWNER */ |
---|
184 | "SYNC", /* SYNCHRONIZE - Shouldn't be set in registries */ |
---|
185 | NULL, |
---|
186 | NULL, |
---|
187 | NULL, |
---|
188 | /* other generic */ |
---|
189 | "SYS_SEC", /* ACCESS_SYSTEM_SECURITY */ |
---|
190 | "MAX_ALLWD", /* MAXIMUM_ALLOWED */ |
---|
191 | NULL, |
---|
192 | NULL, |
---|
193 | "GEN_A", /* GENERIC_ALL */ |
---|
194 | "GEN_X", /* GENERIC_EXECUTE */ |
---|
195 | "GEN_W", /* GENERIC_WRITE */ |
---|
196 | "GEN_R", /* GENERIC_READ */ |
---|
197 | }; |
---|
198 | |
---|
199 | |
---|
200 | if(ret_val == NULL) |
---|
201 | return NULL; |
---|
202 | |
---|
203 | r[0] = '\0'; |
---|
204 | for(i=0; i < 32; i++) |
---|
205 | { |
---|
206 | p = (1<<i); |
---|
207 | if((perms & p) && (perm_map[i] != NULL)) |
---|
208 | { |
---|
209 | strcpy(r, perm_map[i]); |
---|
210 | r += strlen(perm_map[i]); |
---|
211 | *(r++) = ' '; |
---|
212 | perms ^= p; |
---|
213 | } |
---|
214 | } |
---|
215 | |
---|
216 | /* Any remaining unknown permission bits are added at the end in hex. */ |
---|
217 | if(perms != 0) |
---|
218 | sprintf(r, "0x%.8X ", perms); |
---|
219 | |
---|
220 | /* Chop off the last space if we've written anything to ret_val */ |
---|
221 | if(r != ret_val) |
---|
222 | r[-1] = '\0'; |
---|
223 | |
---|
224 | return ret_val; |
---|
225 | } |
---|
226 | |
---|
227 | |
---|
228 | char* regfi_sid2str(DOM_SID* sid) |
---|
229 | { |
---|
230 | uint32 i, size = MAXSUBAUTHS*11 + 24; |
---|
231 | uint32 left = size; |
---|
232 | uint8 comps = sid->num_auths; |
---|
233 | char* ret_val = malloc(size); |
---|
234 | |
---|
235 | if(ret_val == NULL) |
---|
236 | return NULL; |
---|
237 | |
---|
238 | if(comps > MAXSUBAUTHS) |
---|
239 | comps = MAXSUBAUTHS; |
---|
240 | |
---|
241 | left -= sprintf(ret_val, "S-%u-%u", sid->sid_rev_num, sid->id_auth[5]); |
---|
242 | |
---|
243 | for (i = 0; i < comps; i++) |
---|
244 | left -= snprintf(ret_val+(size-left), left, "-%u", sid->sub_auths[i]); |
---|
245 | |
---|
246 | return ret_val; |
---|
247 | } |
---|
248 | |
---|
249 | |
---|
250 | char* regfi_get_acl(SEC_ACL* acl) |
---|
251 | { |
---|
252 | uint32 i, extra, size = 0; |
---|
253 | const char* type_str; |
---|
254 | char* flags_str; |
---|
255 | char* perms_str; |
---|
256 | char* sid_str; |
---|
257 | char* ace_delim = ""; |
---|
258 | char* ret_val = NULL; |
---|
259 | char* tmp_val = NULL; |
---|
260 | bool failed = false; |
---|
261 | char field_delim = ':'; |
---|
262 | |
---|
263 | for (i = 0; i < acl->num_aces && !failed; i++) |
---|
264 | { |
---|
265 | sid_str = regfi_sid2str(&acl->ace[i].trustee); |
---|
266 | type_str = regfi_ace_type2str(acl->ace[i].type); |
---|
267 | perms_str = regfi_ace_perms2str(acl->ace[i].info.mask); |
---|
268 | flags_str = regfi_ace_flags2str(acl->ace[i].flags); |
---|
269 | |
---|
270 | if(flags_str != NULL && perms_str != NULL |
---|
271 | && type_str != NULL && sid_str != NULL) |
---|
272 | { |
---|
273 | /* XXX: this is slow */ |
---|
274 | extra = strlen(sid_str) + strlen(type_str) |
---|
275 | + strlen(perms_str) + strlen(flags_str)+5; |
---|
276 | tmp_val = realloc(ret_val, size+extra); |
---|
277 | |
---|
278 | if(tmp_val == NULL) |
---|
279 | { |
---|
280 | free(ret_val); |
---|
281 | failed = true; |
---|
282 | } |
---|
283 | else |
---|
284 | { |
---|
285 | ret_val = tmp_val; |
---|
286 | size += snprintf(ret_val+size, extra, "%s%s%c%s%c%s%c%s", |
---|
287 | ace_delim,sid_str, |
---|
288 | field_delim,type_str, |
---|
289 | field_delim,perms_str, |
---|
290 | field_delim,flags_str); |
---|
291 | ace_delim = "|"; |
---|
292 | } |
---|
293 | } |
---|
294 | else |
---|
295 | failed = true; |
---|
296 | |
---|
297 | if(sid_str != NULL) |
---|
298 | free(sid_str); |
---|
299 | if(sid_str != NULL) |
---|
300 | free(perms_str); |
---|
301 | if(sid_str != NULL) |
---|
302 | free(flags_str); |
---|
303 | } |
---|
304 | |
---|
305 | return ret_val; |
---|
306 | } |
---|
307 | |
---|
308 | |
---|
309 | char* regfi_get_sacl(SEC_DESC *sec_desc) |
---|
310 | { |
---|
311 | if (sec_desc->sacl) |
---|
312 | return regfi_get_acl(sec_desc->sacl); |
---|
313 | else |
---|
314 | return NULL; |
---|
315 | } |
---|
316 | |
---|
317 | |
---|
318 | char* regfi_get_dacl(SEC_DESC *sec_desc) |
---|
319 | { |
---|
320 | if (sec_desc->dacl) |
---|
321 | return regfi_get_acl(sec_desc->dacl); |
---|
322 | else |
---|
323 | return NULL; |
---|
324 | } |
---|
325 | |
---|
326 | |
---|
327 | char* regfi_get_owner(SEC_DESC *sec_desc) |
---|
328 | { |
---|
329 | return regfi_sid2str(sec_desc->owner_sid); |
---|
330 | } |
---|
331 | |
---|
332 | |
---|
333 | char* regfi_get_group(SEC_DESC *sec_desc) |
---|
334 | { |
---|
335 | return regfi_sid2str(sec_desc->grp_sid); |
---|
336 | } |
---|
337 | |
---|
338 | |
---|
339 | |
---|
340 | /******************************************************************* |
---|
341 | *******************************************************************/ |
---|
342 | static int read_block( REGF_FILE *file, prs_struct *ps, uint32 file_offset, |
---|
343 | uint32 block_size ) |
---|
344 | { |
---|
345 | const int hdr_size = 0x20; |
---|
346 | int bytes_read, returned; |
---|
347 | char *buffer; |
---|
348 | SMB_STRUCT_STAT sbuf; |
---|
349 | |
---|
350 | /* check for end of file */ |
---|
351 | |
---|
352 | if ( fstat( file->fd, &sbuf ) ) { |
---|
353 | /*DEBUG(0,("read_block: stat() failed! (%s)\n", strerror(errno)));*/ |
---|
354 | return -1; |
---|
355 | } |
---|
356 | |
---|
357 | if ( (size_t)file_offset >= sbuf.st_size ) |
---|
358 | return -1; |
---|
359 | |
---|
360 | /* if block_size == 0, we are parsnig HBIN records and need |
---|
361 | to read some of the header to get the block_size from there */ |
---|
362 | |
---|
363 | if ( block_size == 0 ) { |
---|
364 | uint8 hdr[0x20]; |
---|
365 | |
---|
366 | if ( lseek( file->fd, file_offset, SEEK_SET ) == -1 ) { |
---|
367 | /*DEBUG(0,("read_block: lseek() failed! (%s)\n", strerror(errno) ));*/ |
---|
368 | return -1; |
---|
369 | } |
---|
370 | |
---|
371 | bytes_read = returned = 0; |
---|
372 | while (bytes_read < hdr_size) |
---|
373 | { |
---|
374 | returned = read(file->fd, hdr + bytes_read, hdr_size - bytes_read); |
---|
375 | if(returned == -1 && errno != EINTR && errno != EAGAIN) |
---|
376 | { |
---|
377 | /*DEBUG(0,("read_block: read of hdr failed (%s)\n",strerror(errno)));*/ |
---|
378 | return -1; |
---|
379 | } |
---|
380 | |
---|
381 | if(returned == 0) |
---|
382 | return -1; |
---|
383 | |
---|
384 | bytes_read += returned; |
---|
385 | } |
---|
386 | |
---|
387 | /* make sure this is an hbin header */ |
---|
388 | |
---|
389 | if ( strncmp( (char*)hdr, "hbin", HBIN_HDR_SIZE ) != 0 ) { |
---|
390 | /*DEBUG(0,("read_block: invalid block header!\n"));*/ |
---|
391 | return -1; |
---|
392 | } |
---|
393 | |
---|
394 | block_size = IVAL( hdr, 0x08 ); |
---|
395 | } |
---|
396 | |
---|
397 | /*DEBUG(10,("read_block: block_size == 0x%x\n", block_size ));*/ |
---|
398 | |
---|
399 | /* set the offset, initialize the buffer, and read the block from disk */ |
---|
400 | |
---|
401 | if ( lseek( file->fd, file_offset, SEEK_SET ) == -1 ) { |
---|
402 | /*DEBUG(0,("read_block: lseek() failed! (%s)\n", strerror(errno) ));*/ |
---|
403 | return -1; |
---|
404 | } |
---|
405 | |
---|
406 | prs_init( ps, block_size, file->mem_ctx, UNMARSHALL ); |
---|
407 | buffer = ps->data_p; |
---|
408 | bytes_read = returned = 0; |
---|
409 | |
---|
410 | while ( bytes_read < block_size ) |
---|
411 | { |
---|
412 | returned = read(file->fd, buffer+bytes_read, block_size-bytes_read); |
---|
413 | if(returned == -1 && errno != EINTR && errno != EAGAIN) |
---|
414 | { |
---|
415 | /*DEBUG(0,("read_block: read() failed (%s)\n", strerror(errno) ));*/ |
---|
416 | return -1; |
---|
417 | } |
---|
418 | |
---|
419 | if ((returned == 0) && (bytes_read < block_size)) |
---|
420 | { |
---|
421 | /*DEBUG(0,("read_block: not a vald registry file ?\n" ));*/ |
---|
422 | return -1; |
---|
423 | } |
---|
424 | |
---|
425 | bytes_read += returned; |
---|
426 | } |
---|
427 | |
---|
428 | return bytes_read; |
---|
429 | } |
---|
430 | |
---|
431 | |
---|
432 | /******************************************************************* |
---|
433 | *******************************************************************/ |
---|
434 | static bool prs_regf_block(const char *desc, prs_struct *ps, |
---|
435 | int depth, REGF_FILE *file) |
---|
436 | { |
---|
437 | depth++; |
---|
438 | |
---|
439 | if(!prs_uint8s(true, "header", ps, depth, file->header, sizeof(file->header))) |
---|
440 | return false; |
---|
441 | |
---|
442 | /* yes, these values are always identical so store them only once */ |
---|
443 | |
---|
444 | if ( !prs_uint32( "unknown1", ps, depth, &file->unknown1 )) |
---|
445 | return false; |
---|
446 | if ( !prs_uint32( "unknown1 (again)", ps, depth, &file->unknown1 )) |
---|
447 | return false; |
---|
448 | |
---|
449 | /* get the modtime */ |
---|
450 | |
---|
451 | if ( !prs_set_offset( ps, 0x0c ) ) |
---|
452 | return false; |
---|
453 | if ( !smb_io_time( "modtime", &file->mtime, ps, depth ) ) |
---|
454 | return false; |
---|
455 | |
---|
456 | /* constants */ |
---|
457 | |
---|
458 | if ( !prs_uint32( "unknown2", ps, depth, &file->unknown2 )) |
---|
459 | return false; |
---|
460 | if ( !prs_uint32( "unknown3", ps, depth, &file->unknown3 )) |
---|
461 | return false; |
---|
462 | if ( !prs_uint32( "unknown4", ps, depth, &file->unknown4 )) |
---|
463 | return false; |
---|
464 | if ( !prs_uint32( "unknown5", ps, depth, &file->unknown5 )) |
---|
465 | return false; |
---|
466 | |
---|
467 | /* get file offsets */ |
---|
468 | |
---|
469 | if ( !prs_set_offset( ps, 0x24 ) ) |
---|
470 | return false; |
---|
471 | if ( !prs_uint32( "data_offset", ps, depth, &file->data_offset )) |
---|
472 | return false; |
---|
473 | if ( !prs_uint32( "last_block", ps, depth, &file->last_block )) |
---|
474 | return false; |
---|
475 | |
---|
476 | /* one more constant */ |
---|
477 | |
---|
478 | if ( !prs_uint32( "unknown6", ps, depth, &file->unknown6 )) |
---|
479 | return false; |
---|
480 | |
---|
481 | /* get the checksum */ |
---|
482 | |
---|
483 | if ( !prs_set_offset( ps, 0x01fc ) ) |
---|
484 | return false; |
---|
485 | if ( !prs_uint32( "checksum", ps, depth, &file->checksum )) |
---|
486 | return false; |
---|
487 | |
---|
488 | return true; |
---|
489 | } |
---|
490 | |
---|
491 | |
---|
492 | /******************************************************************* |
---|
493 | *******************************************************************/ |
---|
494 | static bool prs_hbin_block(const char *desc, prs_struct *ps, |
---|
495 | int depth, REGF_HBIN *hbin) |
---|
496 | { |
---|
497 | uint32 block_size2; |
---|
498 | |
---|
499 | depth++; |
---|
500 | |
---|
501 | if(!prs_uint8s(true, "header", ps, depth, hbin->header, sizeof(hbin->header))) |
---|
502 | return false; |
---|
503 | |
---|
504 | if ( !prs_uint32( "first_hbin_off", ps, depth, &hbin->first_hbin_off )) |
---|
505 | return false; |
---|
506 | |
---|
507 | /* The dosreg.cpp comments say that the block size is at 0x1c. |
---|
508 | According to a WINXP NTUSER.dat file, this is wrong. The block_size |
---|
509 | is at 0x08 */ |
---|
510 | |
---|
511 | if ( !prs_uint32( "block_size", ps, depth, &hbin->block_size )) |
---|
512 | return false; |
---|
513 | |
---|
514 | block_size2 = hbin->block_size; |
---|
515 | prs_set_offset( ps, 0x1c ); |
---|
516 | if ( !prs_uint32( "block_size2", ps, depth, &block_size2 )) |
---|
517 | return false; |
---|
518 | |
---|
519 | if ( !ps->io ) |
---|
520 | hbin->dirty = true; |
---|
521 | |
---|
522 | |
---|
523 | return true; |
---|
524 | } |
---|
525 | |
---|
526 | |
---|
527 | /******************************************************************* |
---|
528 | *******************************************************************/ |
---|
529 | static bool prs_nk_rec( const char *desc, prs_struct *ps, |
---|
530 | int depth, REGF_NK_REC *nk ) |
---|
531 | { |
---|
532 | uint16 class_length, name_length; |
---|
533 | uint32 start; |
---|
534 | uint32 data_size, start_off, end_off; |
---|
535 | uint32 unknown_off = REGF_OFFSET_NONE; |
---|
536 | |
---|
537 | nk->hbin_off = ps->data_offset; |
---|
538 | start = nk->hbin_off; |
---|
539 | |
---|
540 | depth++; |
---|
541 | |
---|
542 | /* back up and get the data_size */ |
---|
543 | if ( !prs_set_offset( ps, ps->data_offset-sizeof(uint32)) ) |
---|
544 | return false; |
---|
545 | start_off = ps->data_offset; |
---|
546 | if ( !prs_uint32( "rec_size", ps, depth, &nk->rec_size )) |
---|
547 | return false; |
---|
548 | |
---|
549 | if (!prs_uint8s(true, "header", ps, depth, nk->header, sizeof(nk->header))) |
---|
550 | return false; |
---|
551 | |
---|
552 | if ( !prs_uint16( "key_type", ps, depth, &nk->key_type )) |
---|
553 | return false; |
---|
554 | if ( !smb_io_time( "mtime", &nk->mtime, ps, depth )) |
---|
555 | return false; |
---|
556 | |
---|
557 | if ( !prs_set_offset( ps, start+0x0010 ) ) |
---|
558 | return false; |
---|
559 | if ( !prs_uint32( "parent_off", ps, depth, &nk->parent_off )) |
---|
560 | return false; |
---|
561 | if ( !prs_uint32( "num_subkeys", ps, depth, &nk->num_subkeys )) |
---|
562 | return false; |
---|
563 | |
---|
564 | if ( !prs_set_offset( ps, start+0x001c ) ) |
---|
565 | return false; |
---|
566 | if ( !prs_uint32( "subkeys_off", ps, depth, &nk->subkeys_off )) |
---|
567 | return false; |
---|
568 | if ( !prs_uint32( "unknown_off", ps, depth, &unknown_off) ) |
---|
569 | return false; |
---|
570 | |
---|
571 | if ( !prs_set_offset( ps, start+0x0024 ) ) |
---|
572 | return false; |
---|
573 | if ( !prs_uint32( "num_values", ps, depth, &nk->num_values )) |
---|
574 | return false; |
---|
575 | if ( !prs_uint32( "values_off", ps, depth, &nk->values_off )) |
---|
576 | return false; |
---|
577 | if ( !prs_uint32( "sk_off", ps, depth, &nk->sk_off )) |
---|
578 | return false; |
---|
579 | if ( !prs_uint32( "classname_off", ps, depth, &nk->classname_off )) |
---|
580 | return false; |
---|
581 | |
---|
582 | if (!prs_uint32("max_bytes_subkeyname", ps, depth, &nk->max_bytes_subkeyname)) |
---|
583 | return false; |
---|
584 | if ( !prs_uint32( "max_bytes_subkeyclassname", ps, |
---|
585 | depth, &nk->max_bytes_subkeyclassname)) |
---|
586 | { return false; } |
---|
587 | if ( !prs_uint32( "max_bytes_valuename", ps, depth, &nk->max_bytes_valuename)) |
---|
588 | return false; |
---|
589 | if ( !prs_uint32( "max_bytes_value", ps, depth, &nk->max_bytes_value)) |
---|
590 | return false; |
---|
591 | if ( !prs_uint32( "unknown index", ps, depth, &nk->unk_index)) |
---|
592 | return false; |
---|
593 | |
---|
594 | name_length = nk->keyname ? strlen(nk->keyname) : 0 ; |
---|
595 | class_length = nk->classname ? strlen(nk->classname) : 0 ; |
---|
596 | if ( !prs_uint16( "name_length", ps, depth, &name_length )) |
---|
597 | return false; |
---|
598 | if ( !prs_uint16( "class_length", ps, depth, &class_length )) |
---|
599 | return false; |
---|
600 | |
---|
601 | if ( class_length ) |
---|
602 | { |
---|
603 | /* XXX: why isn't this parsed? */ |
---|
604 | ;; |
---|
605 | } |
---|
606 | |
---|
607 | if ( name_length ) |
---|
608 | { |
---|
609 | if(ps->io && !(nk->keyname = (char*)zcalloc(sizeof(char), name_length+1))) |
---|
610 | return false; |
---|
611 | |
---|
612 | if(!prs_uint8s(true, "name", ps, depth, (uint8*)nk->keyname, name_length)) |
---|
613 | return false; |
---|
614 | |
---|
615 | if(ps->io) |
---|
616 | nk->keyname[name_length] = '\0'; |
---|
617 | } |
---|
618 | |
---|
619 | end_off = ps->data_offset; |
---|
620 | |
---|
621 | /* data_size must be divisible by 8 and large enough to hold |
---|
622 | the original record */ |
---|
623 | |
---|
624 | data_size = ((start_off - end_off) & 0xfffffff8 ); |
---|
625 | /*if ( data_size > nk->rec_size ) |
---|
626 | DEBUG(10,("Encountered reused record (0x%x < 0x%x)\n", data_size, nk->rec_size));*/ |
---|
627 | |
---|
628 | if ( !ps->io ) |
---|
629 | nk->hbin->dirty = true; |
---|
630 | |
---|
631 | nk->subkey_index = 0; |
---|
632 | return true; |
---|
633 | } |
---|
634 | |
---|
635 | |
---|
636 | /******************************************************************* |
---|
637 | *******************************************************************/ |
---|
638 | static uint32 regf_block_checksum( prs_struct *ps ) |
---|
639 | { |
---|
640 | char *buffer = ps->data_p; |
---|
641 | uint32 checksum, x; |
---|
642 | int i; |
---|
643 | |
---|
644 | /* XOR of all bytes 0x0000 - 0x01FB */ |
---|
645 | |
---|
646 | checksum = x = 0; |
---|
647 | |
---|
648 | for ( i=0; i<0x01FB; i+=4 ) { |
---|
649 | x = IVAL(buffer, i ); |
---|
650 | checksum ^= x; |
---|
651 | } |
---|
652 | |
---|
653 | return checksum; |
---|
654 | } |
---|
655 | |
---|
656 | |
---|
657 | /******************************************************************* |
---|
658 | *******************************************************************/ |
---|
659 | static bool read_regf_block( REGF_FILE *file ) |
---|
660 | { |
---|
661 | prs_struct ps; |
---|
662 | uint32 checksum; |
---|
663 | |
---|
664 | /* grab the first block from the file */ |
---|
665 | |
---|
666 | if ( read_block( file, &ps, 0, REGF_BLOCKSIZE ) == -1 ) |
---|
667 | return false; |
---|
668 | |
---|
669 | /* parse the block and verify the checksum */ |
---|
670 | |
---|
671 | if ( !prs_regf_block( "regf_header", &ps, 0, file ) ) |
---|
672 | return false; |
---|
673 | |
---|
674 | checksum = regf_block_checksum( &ps ); |
---|
675 | |
---|
676 | if(ps.is_dynamic) |
---|
677 | SAFE_FREE(ps.data_p); |
---|
678 | ps.is_dynamic = false; |
---|
679 | ps.buffer_size = 0; |
---|
680 | ps.data_offset = 0; |
---|
681 | |
---|
682 | if ( file->checksum != checksum ) { |
---|
683 | /*DEBUG(0,("read_regf_block: invalid checksum\n" ));*/ |
---|
684 | return false; |
---|
685 | } |
---|
686 | |
---|
687 | return true; |
---|
688 | } |
---|
689 | |
---|
690 | |
---|
691 | /******************************************************************* |
---|
692 | *******************************************************************/ |
---|
693 | static REGF_HBIN* read_hbin_block( REGF_FILE *file, off_t offset ) |
---|
694 | { |
---|
695 | REGF_HBIN *hbin; |
---|
696 | uint32 record_size, curr_off, block_size, header; |
---|
697 | |
---|
698 | if ( !(hbin = (REGF_HBIN*)zalloc(sizeof(REGF_HBIN))) ) |
---|
699 | return NULL; |
---|
700 | hbin->file_off = offset; |
---|
701 | hbin->free_off = -1; |
---|
702 | |
---|
703 | if ( read_block( file, &hbin->ps, offset, 0 ) == -1 ) |
---|
704 | return NULL; |
---|
705 | |
---|
706 | if ( !prs_hbin_block( "hbin", &hbin->ps, 0, hbin ) ) |
---|
707 | return NULL; |
---|
708 | |
---|
709 | /* this should be the same thing as hbin->block_size but just in case */ |
---|
710 | |
---|
711 | block_size = hbin->ps.buffer_size; |
---|
712 | |
---|
713 | /* Find the available free space offset. Always at the end, |
---|
714 | so walk the record list and stop when you get to the end. |
---|
715 | The end is defined by a record header of 0xffffffff. The |
---|
716 | previous 4 bytes contains the amount of free space remaining |
---|
717 | in the hbin block. */ |
---|
718 | |
---|
719 | /* remember that the record_size is in the 4 bytes preceeding the record itself */ |
---|
720 | |
---|
721 | if ( !prs_set_offset( &hbin->ps, file->data_offset+HBIN_HDR_SIZE-sizeof(uint32) ) ) |
---|
722 | return false; |
---|
723 | |
---|
724 | record_size = 0; |
---|
725 | curr_off = hbin->ps.data_offset; |
---|
726 | while ( header != 0xffffffff ) { |
---|
727 | /* not done yet so reset the current offset to the |
---|
728 | next record_size field */ |
---|
729 | |
---|
730 | curr_off = curr_off+record_size; |
---|
731 | |
---|
732 | /* for some reason the record_size of the last record in |
---|
733 | an hbin block can extend past the end of the block |
---|
734 | even though the record fits within the remaining |
---|
735 | space....aaarrrgggghhhhhh */ |
---|
736 | |
---|
737 | if ( curr_off >= block_size ) { |
---|
738 | record_size = -1; |
---|
739 | curr_off = -1; |
---|
740 | break; |
---|
741 | } |
---|
742 | |
---|
743 | if ( !prs_set_offset( &hbin->ps, curr_off) ) |
---|
744 | return false; |
---|
745 | |
---|
746 | if ( !prs_uint32( "rec_size", &hbin->ps, 0, &record_size ) ) |
---|
747 | return false; |
---|
748 | if ( !prs_uint32( "header", &hbin->ps, 0, &header ) ) |
---|
749 | return false; |
---|
750 | |
---|
751 | assert( record_size != 0 ); |
---|
752 | |
---|
753 | if ( record_size & 0x80000000 ) { |
---|
754 | /* absolute_value(record_size) */ |
---|
755 | record_size = (record_size ^ 0xffffffff) + 1; |
---|
756 | } |
---|
757 | } |
---|
758 | |
---|
759 | /* save the free space offset */ |
---|
760 | |
---|
761 | if ( header == 0xffffffff ) { |
---|
762 | |
---|
763 | /* account for the fact that the curr_off is 4 bytes behind the actual |
---|
764 | record header */ |
---|
765 | |
---|
766 | hbin->free_off = curr_off + sizeof(uint32); |
---|
767 | hbin->free_size = record_size; |
---|
768 | } |
---|
769 | |
---|
770 | /*DEBUG(10,("read_hbin_block: free space offset == 0x%x\n", hbin->free_off));*/ |
---|
771 | |
---|
772 | if ( !prs_set_offset( &hbin->ps, file->data_offset+HBIN_HDR_SIZE ) ) |
---|
773 | return false; |
---|
774 | |
---|
775 | return hbin; |
---|
776 | } |
---|
777 | |
---|
778 | |
---|
779 | /******************************************************************* |
---|
780 | Input a randon offset and receive the correpsonding HBIN |
---|
781 | block for it |
---|
782 | *******************************************************************/ |
---|
783 | static bool hbin_contains_offset( REGF_HBIN *hbin, uint32 offset ) |
---|
784 | { |
---|
785 | if ( !hbin ) |
---|
786 | return false; |
---|
787 | |
---|
788 | if ( (offset > hbin->first_hbin_off) && (offset < (hbin->first_hbin_off+hbin->block_size)) ) |
---|
789 | return true; |
---|
790 | |
---|
791 | return false; |
---|
792 | } |
---|
793 | |
---|
794 | |
---|
795 | /******************************************************************* |
---|
796 | Input a randon offset and receive the correpsonding HBIN |
---|
797 | block for it |
---|
798 | *******************************************************************/ |
---|
799 | static REGF_HBIN* lookup_hbin_block( REGF_FILE *file, uint32 offset ) |
---|
800 | { |
---|
801 | REGF_HBIN *hbin = NULL; |
---|
802 | uint32 block_off; |
---|
803 | |
---|
804 | /* start with the open list */ |
---|
805 | |
---|
806 | for ( hbin=file->block_list; hbin; hbin=hbin->next ) { |
---|
807 | /* DEBUG(10,("lookup_hbin_block: address = 0x%x [0x%x]\n", hbin->file_off, (uint32)hbin ));*/ |
---|
808 | if ( hbin_contains_offset( hbin, offset ) ) |
---|
809 | return hbin; |
---|
810 | } |
---|
811 | |
---|
812 | if ( !hbin ) { |
---|
813 | /* start at the beginning */ |
---|
814 | |
---|
815 | block_off = REGF_BLOCKSIZE; |
---|
816 | do { |
---|
817 | /* cleanup before the next round */ |
---|
818 | if ( hbin ) |
---|
819 | { |
---|
820 | if(hbin->ps.is_dynamic) |
---|
821 | SAFE_FREE(hbin->ps.data_p); |
---|
822 | hbin->ps.is_dynamic = false; |
---|
823 | hbin->ps.buffer_size = 0; |
---|
824 | hbin->ps.data_offset = 0; |
---|
825 | } |
---|
826 | |
---|
827 | hbin = read_hbin_block( file, block_off ); |
---|
828 | |
---|
829 | if ( hbin ) |
---|
830 | block_off = hbin->file_off + hbin->block_size; |
---|
831 | |
---|
832 | } while ( hbin && !hbin_contains_offset( hbin, offset ) ); |
---|
833 | } |
---|
834 | |
---|
835 | if ( hbin ) |
---|
836 | /* XXX: this kind of caching needs to be re-evaluated */ |
---|
837 | DLIST_ADD( file->block_list, hbin ); |
---|
838 | |
---|
839 | return hbin; |
---|
840 | } |
---|
841 | |
---|
842 | |
---|
843 | /******************************************************************* |
---|
844 | *******************************************************************/ |
---|
845 | static bool prs_hash_rec( const char *desc, prs_struct *ps, int depth, REGF_HASH_REC *hash ) |
---|
846 | { |
---|
847 | depth++; |
---|
848 | |
---|
849 | if ( !prs_uint32( "nk_off", ps, depth, &hash->nk_off )) |
---|
850 | return false; |
---|
851 | if ( !prs_uint8s( true, "keycheck", ps, depth, hash->keycheck, sizeof( hash->keycheck )) ) |
---|
852 | return false; |
---|
853 | |
---|
854 | return true; |
---|
855 | } |
---|
856 | |
---|
857 | |
---|
858 | /******************************************************************* |
---|
859 | *******************************************************************/ |
---|
860 | static bool hbin_prs_lf_records(const char *desc, REGF_HBIN *hbin, |
---|
861 | int depth, REGF_NK_REC *nk) |
---|
862 | { |
---|
863 | int i; |
---|
864 | REGF_LF_REC *lf = &nk->subkeys; |
---|
865 | uint32 data_size, start_off, end_off; |
---|
866 | |
---|
867 | depth++; |
---|
868 | |
---|
869 | /* check if we have anything to do first */ |
---|
870 | |
---|
871 | if ( nk->num_subkeys == 0 ) |
---|
872 | return true; |
---|
873 | |
---|
874 | /* move to the LF record */ |
---|
875 | |
---|
876 | if ( !prs_set_offset( &hbin->ps, nk->subkeys_off + HBIN_HDR_SIZE - hbin->first_hbin_off ) ) |
---|
877 | return false; |
---|
878 | |
---|
879 | /* backup and get the data_size */ |
---|
880 | |
---|
881 | if ( !prs_set_offset( &hbin->ps, hbin->ps.data_offset-sizeof(uint32)) ) |
---|
882 | return false; |
---|
883 | start_off = hbin->ps.data_offset; |
---|
884 | if ( !prs_uint32( "rec_size", &hbin->ps, depth, &lf->rec_size )) |
---|
885 | return false; |
---|
886 | |
---|
887 | if(!prs_uint8s(true, "header", &hbin->ps, depth, |
---|
888 | lf->header, sizeof(lf->header))) |
---|
889 | return false; |
---|
890 | |
---|
891 | if ( !prs_uint16( "num_keys", &hbin->ps, depth, &lf->num_keys)) |
---|
892 | return false; |
---|
893 | |
---|
894 | if ( hbin->ps.io ) { |
---|
895 | if ( !(lf->hashes = (REGF_HASH_REC*)zcalloc(sizeof(REGF_HASH_REC), lf->num_keys )) ) |
---|
896 | return false; |
---|
897 | } |
---|
898 | |
---|
899 | for ( i=0; i<lf->num_keys; i++ ) { |
---|
900 | if ( !prs_hash_rec( "hash_rec", &hbin->ps, depth, &lf->hashes[i] ) ) |
---|
901 | return false; |
---|
902 | } |
---|
903 | |
---|
904 | end_off = hbin->ps.data_offset; |
---|
905 | |
---|
906 | /* data_size must be divisible by 8 and large enough to hold the original record */ |
---|
907 | |
---|
908 | data_size = ((start_off - end_off) & 0xfffffff8 ); |
---|
909 | /* if ( data_size > lf->rec_size )*/ |
---|
910 | /*DEBUG(10,("Encountered reused record (0x%x < 0x%x)\n", data_size, lf->rec_size));*/ |
---|
911 | |
---|
912 | if ( !hbin->ps.io ) |
---|
913 | hbin->dirty = true; |
---|
914 | |
---|
915 | return true; |
---|
916 | } |
---|
917 | |
---|
918 | |
---|
919 | /******************************************************************* |
---|
920 | *******************************************************************/ |
---|
921 | static bool hbin_prs_sk_rec( const char *desc, REGF_HBIN *hbin, int depth, REGF_SK_REC *sk ) |
---|
922 | { |
---|
923 | prs_struct *ps = &hbin->ps; |
---|
924 | uint16 tag = 0xFFFF; |
---|
925 | uint32 data_size, start_off, end_off; |
---|
926 | |
---|
927 | |
---|
928 | depth++; |
---|
929 | |
---|
930 | if ( !prs_set_offset( &hbin->ps, sk->sk_off + HBIN_HDR_SIZE - hbin->first_hbin_off ) ) |
---|
931 | return false; |
---|
932 | |
---|
933 | /* backup and get the data_size */ |
---|
934 | |
---|
935 | if ( !prs_set_offset( &hbin->ps, hbin->ps.data_offset-sizeof(uint32)) ) |
---|
936 | return false; |
---|
937 | start_off = hbin->ps.data_offset; |
---|
938 | if ( !prs_uint32( "rec_size", &hbin->ps, depth, &sk->rec_size )) |
---|
939 | return false; |
---|
940 | |
---|
941 | if (!prs_uint8s(true, "header", ps, depth, sk->header, sizeof(sk->header))) |
---|
942 | return false; |
---|
943 | if ( !prs_uint16( "tag", ps, depth, &tag)) |
---|
944 | return false; |
---|
945 | |
---|
946 | if ( !prs_uint32( "prev_sk_off", ps, depth, &sk->prev_sk_off)) |
---|
947 | return false; |
---|
948 | if ( !prs_uint32( "next_sk_off", ps, depth, &sk->next_sk_off)) |
---|
949 | return false; |
---|
950 | if ( !prs_uint32( "ref_count", ps, depth, &sk->ref_count)) |
---|
951 | return false; |
---|
952 | if ( !prs_uint32( "size", ps, depth, &sk->size)) |
---|
953 | return false; |
---|
954 | |
---|
955 | if ( !sec_io_desc( "sec_desc", &sk->sec_desc, ps, depth )) |
---|
956 | return false; |
---|
957 | |
---|
958 | end_off = hbin->ps.data_offset; |
---|
959 | |
---|
960 | /* data_size must be divisible by 8 and large enough to hold the original record */ |
---|
961 | |
---|
962 | data_size = ((start_off - end_off) & 0xfffffff8 ); |
---|
963 | /* if ( data_size > sk->rec_size )*/ |
---|
964 | /*DEBUG(10,("Encountered reused record (0x%x < 0x%x)\n", data_size, sk->rec_size));*/ |
---|
965 | |
---|
966 | if ( !hbin->ps.io ) |
---|
967 | hbin->dirty = true; |
---|
968 | |
---|
969 | return true; |
---|
970 | } |
---|
971 | |
---|
972 | |
---|
973 | /******************************************************************* |
---|
974 | *******************************************************************/ |
---|
975 | static bool hbin_prs_vk_rec( const char *desc, REGF_HBIN *hbin, int depth, |
---|
976 | REGF_VK_REC *vk, REGF_FILE *file ) |
---|
977 | { |
---|
978 | uint32 offset; |
---|
979 | uint16 name_length; |
---|
980 | prs_struct *ps = &hbin->ps; |
---|
981 | uint32 data_size, start_off, end_off; |
---|
982 | |
---|
983 | depth++; |
---|
984 | |
---|
985 | /* backup and get the data_size */ |
---|
986 | |
---|
987 | if ( !prs_set_offset( &hbin->ps, hbin->ps.data_offset-sizeof(uint32)) ) |
---|
988 | return false; |
---|
989 | start_off = hbin->ps.data_offset; |
---|
990 | if ( !prs_uint32( "rec_size", &hbin->ps, depth, &vk->rec_size )) |
---|
991 | return false; |
---|
992 | |
---|
993 | if ( !prs_uint8s( true, "header", ps, depth, vk->header, sizeof( vk->header )) ) |
---|
994 | return false; |
---|
995 | |
---|
996 | if ( !hbin->ps.io ) |
---|
997 | name_length = strlen(vk->valuename); |
---|
998 | |
---|
999 | if ( !prs_uint16( "name_length", ps, depth, &name_length )) |
---|
1000 | return false; |
---|
1001 | if ( !prs_uint32( "data_size", ps, depth, &vk->data_size )) |
---|
1002 | return false; |
---|
1003 | if ( !prs_uint32( "data_off", ps, depth, &vk->data_off )) |
---|
1004 | return false; |
---|
1005 | if ( !prs_uint32( "type", ps, depth, &vk->type)) |
---|
1006 | return false; |
---|
1007 | if ( !prs_uint16( "flag", ps, depth, &vk->flag)) |
---|
1008 | return false; |
---|
1009 | |
---|
1010 | offset = ps->data_offset; |
---|
1011 | offset += 2; /* skip 2 bytes */ |
---|
1012 | prs_set_offset( ps, offset ); |
---|
1013 | |
---|
1014 | /* get the name */ |
---|
1015 | |
---|
1016 | if ( vk->flag&VK_FLAG_NAME_PRESENT ) { |
---|
1017 | |
---|
1018 | if ( hbin->ps.io ) { |
---|
1019 | if ( !(vk->valuename = (char*)zcalloc(sizeof(char), name_length+1 ))) |
---|
1020 | return false; |
---|
1021 | } |
---|
1022 | if ( !prs_uint8s(true, "name", ps, depth, |
---|
1023 | (uint8*)vk->valuename, name_length) ) |
---|
1024 | return false; |
---|
1025 | } |
---|
1026 | |
---|
1027 | end_off = hbin->ps.data_offset; |
---|
1028 | |
---|
1029 | /* get the data if necessary */ |
---|
1030 | |
---|
1031 | if ( vk->data_size != 0 ) |
---|
1032 | { |
---|
1033 | bool charmode = false; |
---|
1034 | |
---|
1035 | if ( (vk->type == REG_SZ) || (vk->type == REG_MULTI_SZ) ) |
---|
1036 | charmode = true; |
---|
1037 | |
---|
1038 | /* the data is stored in the offset if the size <= 4 */ |
---|
1039 | if ( !(vk->data_size & VK_DATA_IN_OFFSET) ) |
---|
1040 | { |
---|
1041 | REGF_HBIN *hblock = hbin; |
---|
1042 | uint32 data_rec_size; |
---|
1043 | |
---|
1044 | if ( hbin->ps.io ) |
---|
1045 | { |
---|
1046 | if ( !(vk->data = (uint8*)zcalloc(sizeof(uint8), vk->data_size) ) ) |
---|
1047 | return false; |
---|
1048 | } |
---|
1049 | |
---|
1050 | /* this data can be in another hbin */ |
---|
1051 | if ( !hbin_contains_offset( hbin, vk->data_off ) ) |
---|
1052 | { |
---|
1053 | if ( !(hblock = lookup_hbin_block( file, vk->data_off )) ) |
---|
1054 | return false; |
---|
1055 | } |
---|
1056 | if (!(prs_set_offset(&hblock->ps, |
---|
1057 | (vk->data_off |
---|
1058 | + HBIN_HDR_SIZE |
---|
1059 | - hblock->first_hbin_off) |
---|
1060 | - sizeof(uint32)))) |
---|
1061 | { return false; } |
---|
1062 | |
---|
1063 | if ( !hblock->ps.io ) |
---|
1064 | { |
---|
1065 | data_rec_size = ( (vk->data_size+sizeof(uint32)) & 0xfffffff8 ) + 8; |
---|
1066 | data_rec_size = ( data_rec_size - 1 ) ^ 0xFFFFFFFF; |
---|
1067 | } |
---|
1068 | if ( !prs_uint32( "data_rec_size", &hblock->ps, depth, &data_rec_size )) |
---|
1069 | return false; |
---|
1070 | if(!prs_uint8s(charmode, "data", &hblock->ps, depth, |
---|
1071 | vk->data, vk->data_size)) |
---|
1072 | return false; |
---|
1073 | |
---|
1074 | if ( !hblock->ps.io ) |
---|
1075 | hblock->dirty = true; |
---|
1076 | } |
---|
1077 | else |
---|
1078 | { |
---|
1079 | if(!(vk->data = zcalloc(sizeof(uint8), 4))) |
---|
1080 | return false; |
---|
1081 | SIVAL( vk->data, 0, vk->data_off ); |
---|
1082 | } |
---|
1083 | |
---|
1084 | } |
---|
1085 | |
---|
1086 | /* data_size must be divisible by 8 and large enough to hold the original record */ |
---|
1087 | |
---|
1088 | data_size = ((start_off - end_off ) & 0xfffffff8 ); |
---|
1089 | /* XXX: should probably print a warning here */ |
---|
1090 | /*if ( data_size != vk->rec_size ) |
---|
1091 | DEBUG(10,("prs_vk_rec: data_size check failed (0x%x < 0x%x)\n", data_size, vk->rec_size));*/ |
---|
1092 | |
---|
1093 | if ( !hbin->ps.io ) |
---|
1094 | hbin->dirty = true; |
---|
1095 | |
---|
1096 | return true; |
---|
1097 | } |
---|
1098 | |
---|
1099 | |
---|
1100 | /******************************************************************* |
---|
1101 | read a VK record which is contained in the HBIN block stored |
---|
1102 | in the prs_struct *ps. |
---|
1103 | *******************************************************************/ |
---|
1104 | static bool hbin_prs_vk_records(const char *desc, REGF_HBIN *hbin, |
---|
1105 | int depth, REGF_NK_REC *nk, REGF_FILE *file) |
---|
1106 | { |
---|
1107 | int i; |
---|
1108 | uint32 record_size; |
---|
1109 | |
---|
1110 | depth++; |
---|
1111 | |
---|
1112 | /* check if we have anything to do first */ |
---|
1113 | if(nk->num_values == 0) |
---|
1114 | return true; |
---|
1115 | |
---|
1116 | if(hbin->ps.io) |
---|
1117 | { |
---|
1118 | if (!(nk->values = (REGF_VK_REC*)zcalloc(sizeof(REGF_VK_REC), |
---|
1119 | nk->num_values ))) |
---|
1120 | return false; |
---|
1121 | } |
---|
1122 | |
---|
1123 | /* convert the offset to something relative to this HBIN block */ |
---|
1124 | if (!prs_set_offset(&hbin->ps, |
---|
1125 | nk->values_off |
---|
1126 | + HBIN_HDR_SIZE |
---|
1127 | - hbin->first_hbin_off |
---|
1128 | - sizeof(uint32))) |
---|
1129 | { return false; } |
---|
1130 | |
---|
1131 | if ( !hbin->ps.io ) |
---|
1132 | { |
---|
1133 | record_size = ( ( nk->num_values * sizeof(uint32) ) & 0xfffffff8 ) + 8; |
---|
1134 | record_size = (record_size - 1) ^ 0xFFFFFFFF; |
---|
1135 | } |
---|
1136 | |
---|
1137 | if ( !prs_uint32( "record_size", &hbin->ps, depth, &record_size ) ) |
---|
1138 | return false; |
---|
1139 | |
---|
1140 | for ( i=0; i<nk->num_values; i++ ) |
---|
1141 | { |
---|
1142 | if ( !prs_uint32( "vk_off", &hbin->ps, depth, &nk->values[i].rec_off ) ) |
---|
1143 | return false; |
---|
1144 | } |
---|
1145 | |
---|
1146 | for ( i=0; i<nk->num_values; i++ ) |
---|
1147 | { |
---|
1148 | REGF_HBIN *sub_hbin = hbin; |
---|
1149 | uint32 new_offset; |
---|
1150 | |
---|
1151 | if ( !hbin_contains_offset( hbin, nk->values[i].rec_off ) ) |
---|
1152 | { |
---|
1153 | sub_hbin = lookup_hbin_block( file, nk->values[i].rec_off ); |
---|
1154 | if ( !sub_hbin ) |
---|
1155 | { |
---|
1156 | /*DEBUG(0,("hbin_prs_vk_records: Failed to find HBIN block containing offset [0x%x]\n", |
---|
1157 | nk->values[i].hbin_off));*/ |
---|
1158 | return false; |
---|
1159 | } |
---|
1160 | } |
---|
1161 | |
---|
1162 | new_offset = nk->values[i].rec_off |
---|
1163 | + HBIN_HDR_SIZE |
---|
1164 | - sub_hbin->first_hbin_off; |
---|
1165 | |
---|
1166 | if (!prs_set_offset(&sub_hbin->ps, new_offset)) |
---|
1167 | return false; |
---|
1168 | if (!hbin_prs_vk_rec("vk_rec", sub_hbin, depth, &nk->values[i], file)) |
---|
1169 | return false; |
---|
1170 | } |
---|
1171 | |
---|
1172 | if ( !hbin->ps.io ) |
---|
1173 | hbin->dirty = true; |
---|
1174 | |
---|
1175 | return true; |
---|
1176 | } |
---|
1177 | |
---|
1178 | |
---|
1179 | /******************************************************************* |
---|
1180 | *******************************************************************/ |
---|
1181 | static REGF_SK_REC* find_sk_record_by_offset( REGF_FILE *file, uint32 offset ) |
---|
1182 | { |
---|
1183 | REGF_SK_REC *p_sk; |
---|
1184 | |
---|
1185 | for ( p_sk=file->sec_desc_list; p_sk; p_sk=p_sk->next ) { |
---|
1186 | if ( p_sk->sk_off == offset ) |
---|
1187 | return p_sk; |
---|
1188 | } |
---|
1189 | |
---|
1190 | return NULL; |
---|
1191 | } |
---|
1192 | |
---|
1193 | |
---|
1194 | /******************************************************************* |
---|
1195 | *******************************************************************/ |
---|
1196 | static REGF_SK_REC* find_sk_record_by_sec_desc( REGF_FILE *file, SEC_DESC *sd ) |
---|
1197 | { |
---|
1198 | REGF_SK_REC *p; |
---|
1199 | |
---|
1200 | for ( p=file->sec_desc_list; p; p=p->next ) { |
---|
1201 | if ( sec_desc_equal( p->sec_desc, sd ) ) |
---|
1202 | return p; |
---|
1203 | } |
---|
1204 | |
---|
1205 | /* failure */ |
---|
1206 | |
---|
1207 | return NULL; |
---|
1208 | } |
---|
1209 | |
---|
1210 | |
---|
1211 | /******************************************************************* |
---|
1212 | *******************************************************************/ |
---|
1213 | static bool hbin_prs_key( REGF_FILE *file, REGF_HBIN *hbin, REGF_NK_REC *nk ) |
---|
1214 | { |
---|
1215 | int depth = 0; |
---|
1216 | REGF_HBIN *sub_hbin; |
---|
1217 | |
---|
1218 | depth++; |
---|
1219 | |
---|
1220 | /* get the initial nk record */ |
---|
1221 | if (!prs_nk_rec("nk_rec", &hbin->ps, depth, nk)) |
---|
1222 | return false; |
---|
1223 | |
---|
1224 | /* fill in values */ |
---|
1225 | if ( nk->num_values && (nk->values_off!=REGF_OFFSET_NONE) ) |
---|
1226 | { |
---|
1227 | sub_hbin = hbin; |
---|
1228 | if ( !hbin_contains_offset( hbin, nk->values_off ) ) |
---|
1229 | { |
---|
1230 | sub_hbin = lookup_hbin_block( file, nk->values_off ); |
---|
1231 | if ( !sub_hbin ) |
---|
1232 | { |
---|
1233 | /*DEBUG(0,("hbin_prs_key: Failed to find HBIN block containing value_list_offset [0x%x]\n", |
---|
1234 | nk->values_off));*/ |
---|
1235 | return false; |
---|
1236 | } |
---|
1237 | } |
---|
1238 | |
---|
1239 | if(!hbin_prs_vk_records("vk_rec", sub_hbin, depth, nk, file)) |
---|
1240 | return false; |
---|
1241 | } |
---|
1242 | |
---|
1243 | /* now get subkeys */ |
---|
1244 | if ( nk->num_subkeys && (nk->subkeys_off!=REGF_OFFSET_NONE) ) |
---|
1245 | { |
---|
1246 | sub_hbin = hbin; |
---|
1247 | if ( !hbin_contains_offset( hbin, nk->subkeys_off ) ) |
---|
1248 | { |
---|
1249 | sub_hbin = lookup_hbin_block( file, nk->subkeys_off ); |
---|
1250 | if ( !sub_hbin ) |
---|
1251 | { |
---|
1252 | /*DEBUG(0,("hbin_prs_key: Failed to find HBIN block containing subkey_offset [0x%x]\n", |
---|
1253 | nk->subkeys_off));*/ |
---|
1254 | return false; |
---|
1255 | } |
---|
1256 | } |
---|
1257 | |
---|
1258 | if (!hbin_prs_lf_records("lf_rec", sub_hbin, depth, nk)) |
---|
1259 | return false; |
---|
1260 | } |
---|
1261 | |
---|
1262 | /* get the to the security descriptor. First look if we have already parsed it */ |
---|
1263 | |
---|
1264 | if ((nk->sk_off!=REGF_OFFSET_NONE) |
---|
1265 | && !(nk->sec_desc = find_sk_record_by_offset( file, nk->sk_off ))) |
---|
1266 | { |
---|
1267 | sub_hbin = hbin; |
---|
1268 | if (!hbin_contains_offset(hbin, nk->sk_off)) |
---|
1269 | { |
---|
1270 | sub_hbin = lookup_hbin_block( file, nk->sk_off ); |
---|
1271 | if ( !sub_hbin ) { |
---|
1272 | /*DEBUG(0,("hbin_prs_key: Failed to find HBIN block containing sk_offset [0x%x]\n", |
---|
1273 | nk->subkeys_off));*/ |
---|
1274 | return false; |
---|
1275 | } |
---|
1276 | } |
---|
1277 | |
---|
1278 | if ( !(nk->sec_desc = (REGF_SK_REC*)zalloc(sizeof(REGF_SK_REC) )) ) |
---|
1279 | return false; |
---|
1280 | nk->sec_desc->sk_off = nk->sk_off; |
---|
1281 | if ( !hbin_prs_sk_rec( "sk_rec", sub_hbin, depth, nk->sec_desc )) |
---|
1282 | return false; |
---|
1283 | |
---|
1284 | /* add to the list of security descriptors (ref_count has been read from the files) */ |
---|
1285 | |
---|
1286 | nk->sec_desc->sk_off = nk->sk_off; |
---|
1287 | /* XXX: this kind of caching needs to be re-evaluated */ |
---|
1288 | DLIST_ADD( file->sec_desc_list, nk->sec_desc ); |
---|
1289 | } |
---|
1290 | |
---|
1291 | return true; |
---|
1292 | } |
---|
1293 | |
---|
1294 | |
---|
1295 | /******************************************************************* |
---|
1296 | *******************************************************************/ |
---|
1297 | static bool next_record( REGF_HBIN *hbin, const char *hdr, bool *eob ) |
---|
1298 | { |
---|
1299 | uint8 header[REC_HDR_SIZE] = ""; |
---|
1300 | uint32 record_size; |
---|
1301 | uint32 curr_off, block_size; |
---|
1302 | bool found = false; |
---|
1303 | prs_struct *ps = &hbin->ps; |
---|
1304 | |
---|
1305 | curr_off = ps->data_offset; |
---|
1306 | if ( curr_off == 0 ) |
---|
1307 | prs_set_offset( ps, HBIN_HEADER_REC_SIZE ); |
---|
1308 | |
---|
1309 | /* assume that the current offset is at the reacord header |
---|
1310 | and we need to backup to read the record size */ |
---|
1311 | curr_off -= sizeof(uint32); |
---|
1312 | |
---|
1313 | block_size = ps->buffer_size; |
---|
1314 | record_size = 0; |
---|
1315 | while ( !found ) |
---|
1316 | { |
---|
1317 | curr_off = curr_off+record_size; |
---|
1318 | if ( curr_off >= block_size ) |
---|
1319 | break; |
---|
1320 | |
---|
1321 | if ( !prs_set_offset( &hbin->ps, curr_off) ) |
---|
1322 | return false; |
---|
1323 | |
---|
1324 | if ( !prs_uint32( "record_size", ps, 0, &record_size ) ) |
---|
1325 | return false; |
---|
1326 | if ( !prs_uint8s( true, "header", ps, 0, header, REC_HDR_SIZE ) ) |
---|
1327 | return false; |
---|
1328 | |
---|
1329 | if ( record_size & 0x80000000 ) { |
---|
1330 | /* absolute_value(record_size) */ |
---|
1331 | record_size = (record_size ^ 0xffffffff) + 1; |
---|
1332 | } |
---|
1333 | |
---|
1334 | if ( memcmp( header, hdr, REC_HDR_SIZE ) == 0 ) { |
---|
1335 | found = true; |
---|
1336 | curr_off += sizeof(uint32); |
---|
1337 | } |
---|
1338 | } |
---|
1339 | |
---|
1340 | /* mark prs_struct as done ( at end ) if no more SK records */ |
---|
1341 | /* mark end-of-block as true */ |
---|
1342 | if ( !found ) |
---|
1343 | { |
---|
1344 | prs_set_offset( &hbin->ps, hbin->ps.buffer_size ); |
---|
1345 | *eob = true; |
---|
1346 | return false; |
---|
1347 | } |
---|
1348 | |
---|
1349 | if (!prs_set_offset(ps, curr_off)) |
---|
1350 | return false; |
---|
1351 | |
---|
1352 | return true; |
---|
1353 | } |
---|
1354 | |
---|
1355 | |
---|
1356 | /******************************************************************* |
---|
1357 | *******************************************************************/ |
---|
1358 | static bool next_nk_record(REGF_FILE *file, REGF_HBIN *hbin, |
---|
1359 | REGF_NK_REC *nk, bool *eob) |
---|
1360 | { |
---|
1361 | if (next_record(hbin, "nk", eob) |
---|
1362 | && hbin_prs_key(file, hbin, nk)) |
---|
1363 | return true; |
---|
1364 | |
---|
1365 | return false; |
---|
1366 | } |
---|
1367 | |
---|
1368 | |
---|
1369 | /******************************************************************* |
---|
1370 | Open the registry file and then read in the REGF block to get the |
---|
1371 | first hbin offset. |
---|
1372 | *******************************************************************/ |
---|
1373 | REGF_FILE* regfi_open( const char *filename ) |
---|
1374 | { |
---|
1375 | REGF_FILE *rb; |
---|
1376 | int flags = O_RDONLY; |
---|
1377 | |
---|
1378 | if ( !(rb = (REGF_FILE*)malloc(sizeof(REGF_FILE))) ) { |
---|
1379 | /* DEBUG(0,("ERROR allocating memory\n")); */ |
---|
1380 | return NULL; |
---|
1381 | } |
---|
1382 | memset(rb, 0, sizeof(REGF_FILE)); |
---|
1383 | rb->fd = -1; |
---|
1384 | |
---|
1385 | /* if ( !(rb->mem_ctx = talloc_init( "read_regf_block" )) ) |
---|
1386 | { |
---|
1387 | regfi_close( rb ); |
---|
1388 | return NULL; |
---|
1389 | } |
---|
1390 | */ |
---|
1391 | rb->open_flags = flags; |
---|
1392 | |
---|
1393 | /* open and existing file */ |
---|
1394 | |
---|
1395 | if ( (rb->fd = open(filename, flags)) == -1 ) { |
---|
1396 | /* DEBUG(0,("regfi_open: failure to open %s (%s)\n", filename, strerror(errno)));*/ |
---|
1397 | regfi_close( rb ); |
---|
1398 | return NULL; |
---|
1399 | } |
---|
1400 | |
---|
1401 | /* read in an existing file */ |
---|
1402 | |
---|
1403 | if ( !read_regf_block( rb ) ) { |
---|
1404 | /* DEBUG(0,("regfi_open: Failed to read initial REGF block\n"));*/ |
---|
1405 | regfi_close( rb ); |
---|
1406 | return NULL; |
---|
1407 | } |
---|
1408 | |
---|
1409 | /* success */ |
---|
1410 | |
---|
1411 | return rb; |
---|
1412 | } |
---|
1413 | |
---|
1414 | |
---|
1415 | /******************************************************************* |
---|
1416 | XXX: should this be nuked? |
---|
1417 | *******************************************************************/ |
---|
1418 | static void regfi_mem_free( REGF_FILE *file ) |
---|
1419 | { |
---|
1420 | /* free any zalloc()'d memory */ |
---|
1421 | |
---|
1422 | /* if ( file && file->mem_ctx ) |
---|
1423 | free(file->mem_ctx); |
---|
1424 | */ |
---|
1425 | } |
---|
1426 | |
---|
1427 | |
---|
1428 | /******************************************************************* |
---|
1429 | *******************************************************************/ |
---|
1430 | int regfi_close( REGF_FILE *file ) |
---|
1431 | { |
---|
1432 | int fd; |
---|
1433 | |
---|
1434 | regfi_mem_free( file ); |
---|
1435 | |
---|
1436 | /* nothing to do if there is no open file */ |
---|
1437 | |
---|
1438 | if ( !file || (file->fd == -1) ) |
---|
1439 | return 0; |
---|
1440 | |
---|
1441 | fd = file->fd; |
---|
1442 | file->fd = -1; |
---|
1443 | SAFE_FREE( file ); |
---|
1444 | |
---|
1445 | return close( fd ); |
---|
1446 | } |
---|
1447 | |
---|
1448 | |
---|
1449 | /****************************************************************************** |
---|
1450 | * There should be only *one* root key in the registry file based |
---|
1451 | * on my experience. --jerry |
---|
1452 | *****************************************************************************/ |
---|
1453 | REGF_NK_REC* regfi_rootkey( REGF_FILE *file ) |
---|
1454 | { |
---|
1455 | REGF_NK_REC *nk; |
---|
1456 | REGF_HBIN *hbin; |
---|
1457 | uint32 offset = REGF_BLOCKSIZE; |
---|
1458 | bool found = false; |
---|
1459 | bool eob; |
---|
1460 | |
---|
1461 | if ( !file ) |
---|
1462 | return NULL; |
---|
1463 | |
---|
1464 | if ( !(nk = (REGF_NK_REC*)zalloc(sizeof(REGF_NK_REC) )) ) { |
---|
1465 | /*DEBUG(0,("regfi_rootkey: zalloc() failed!\n"));*/ |
---|
1466 | return NULL; |
---|
1467 | } |
---|
1468 | |
---|
1469 | /* scan through the file on HBIN block at a time looking |
---|
1470 | for an NK record with a type == 0x002c. |
---|
1471 | Normally this is the first nk record in the first hbin |
---|
1472 | block (but I'm not assuming that for now) */ |
---|
1473 | |
---|
1474 | while ( (hbin = read_hbin_block( file, offset )) ) { |
---|
1475 | eob = false; |
---|
1476 | |
---|
1477 | while ( !eob) { |
---|
1478 | if ( next_nk_record( file, hbin, nk, &eob ) ) { |
---|
1479 | if ( nk->key_type == NK_TYPE_ROOTKEY ) { |
---|
1480 | found = true; |
---|
1481 | break; |
---|
1482 | } |
---|
1483 | } |
---|
1484 | if(hbin->ps.is_dynamic) |
---|
1485 | SAFE_FREE(hbin->ps.data_p); |
---|
1486 | hbin->ps.is_dynamic = false; |
---|
1487 | hbin->ps.buffer_size = 0; |
---|
1488 | hbin->ps.data_offset = 0; |
---|
1489 | } |
---|
1490 | |
---|
1491 | if ( found ) |
---|
1492 | break; |
---|
1493 | |
---|
1494 | offset += hbin->block_size; |
---|
1495 | } |
---|
1496 | |
---|
1497 | if ( !found ) { |
---|
1498 | /*DEBUG(0,("regfi_rootkey: corrupt registry file ? No root key record located\n"));*/ |
---|
1499 | return NULL; |
---|
1500 | } |
---|
1501 | |
---|
1502 | /* XXX: this kind of caching needs to be re-evaluated */ |
---|
1503 | DLIST_ADD( file->block_list, hbin ); |
---|
1504 | |
---|
1505 | return nk; |
---|
1506 | } |
---|
1507 | |
---|
1508 | |
---|
1509 | /****************************************************************************** |
---|
1510 | *****************************************************************************/ |
---|
1511 | void regfi_key_free(REGF_NK_REC* nk) |
---|
1512 | { |
---|
1513 | uint32 i; |
---|
1514 | |
---|
1515 | if((nk->values != NULL) && (nk->values_off!=REGF_OFFSET_NONE)) |
---|
1516 | { |
---|
1517 | for(i=0; i < nk->num_values; i++) |
---|
1518 | regfi_value_free(nk->values[i]); |
---|
1519 | free(nk->values); |
---|
1520 | } |
---|
1521 | |
---|
1522 | if(nk->keyname != NULL) |
---|
1523 | free(nk->keyname); |
---|
1524 | if(nk->classname != NULL) |
---|
1525 | free(nk->classname); |
---|
1526 | |
---|
1527 | /* XXX: not freeing hbin because these are cached. This needs to be reviewed. */ |
---|
1528 | /* XXX: not freeing sec_desc because these are cached. This needs to be reviewed. */ |
---|
1529 | free(nk); |
---|
1530 | } |
---|
1531 | |
---|
1532 | |
---|
1533 | /****************************************************************************** |
---|
1534 | *****************************************************************************/ |
---|
1535 | void regfi_value_free(REGF_VK_REC* vk) |
---|
1536 | { |
---|
1537 | if(vk->valuename != NULL) |
---|
1538 | free(vk->valuename); |
---|
1539 | if(vk->data != NULL) |
---|
1540 | free(vk->data); |
---|
1541 | |
---|
1542 | /* XXX: not freeing hbin because these are cached. This needs to be reviewed. */ |
---|
1543 | free(vk); |
---|
1544 | } |
---|
1545 | |
---|
1546 | |
---|
1547 | /****************************************************************************** |
---|
1548 | *****************************************************************************/ |
---|
1549 | REGFI_ITERATOR* regfi_iterator_new(REGF_FILE* fh) |
---|
1550 | { |
---|
1551 | REGF_NK_REC* root; |
---|
1552 | REGFI_ITERATOR* ret_val = (REGFI_ITERATOR*)malloc(sizeof(REGFI_ITERATOR)); |
---|
1553 | if(ret_val == NULL) |
---|
1554 | return NULL; |
---|
1555 | |
---|
1556 | root = regfi_rootkey(f); |
---|
1557 | if(root == NULL) |
---|
1558 | { |
---|
1559 | free(ret_val); |
---|
1560 | return NULL; |
---|
1561 | } |
---|
1562 | |
---|
1563 | ret_val->key_positions = void_stack_new(REGF_MAX_DEPTH); |
---|
1564 | if(ret_val->key_positions == NULL) |
---|
1565 | { |
---|
1566 | free(ret_val); |
---|
1567 | free(root); |
---|
1568 | return NULL; |
---|
1569 | } |
---|
1570 | |
---|
1571 | ret_val->f = fh; |
---|
1572 | ret_val->cur_key = root; |
---|
1573 | ret_val->cur_subkey = 0; |
---|
1574 | ret_val->cur_value = 0; |
---|
1575 | |
---|
1576 | return ret_val; |
---|
1577 | } |
---|
1578 | |
---|
1579 | |
---|
1580 | /****************************************************************************** |
---|
1581 | *****************************************************************************/ |
---|
1582 | void regfi_iterator_free(REGFI_ITERATOR* i) |
---|
1583 | { |
---|
1584 | REGFI_ITER_POSITION* cur; |
---|
1585 | |
---|
1586 | if(i->cur_key != NULL) |
---|
1587 | regfi_key_free(i->cur_key); |
---|
1588 | |
---|
1589 | while((cur = (REGFI_ITER_POSITION*)void_stack_pop(i->key_positions)) != NULL) |
---|
1590 | { |
---|
1591 | regfi_key_free(cur->nk); |
---|
1592 | free(cur); |
---|
1593 | } |
---|
1594 | |
---|
1595 | free(i); |
---|
1596 | } |
---|
1597 | |
---|
1598 | |
---|
1599 | |
---|
1600 | /****************************************************************************** |
---|
1601 | *****************************************************************************/ |
---|
1602 | /* XXX: some way of indicating reason for failure should be added. */ |
---|
1603 | bool regfi_iterator_down(REGFI_ITERATOR* i) |
---|
1604 | { |
---|
1605 | REGF_NK_REC* subkey; |
---|
1606 | REGFI_ITER_POSITION* pos; |
---|
1607 | |
---|
1608 | pos = (REGFI_ITER_POSITION*)malloc(sizeof(REGFI_ITER_POSITION)); |
---|
1609 | if(pos == NULL) |
---|
1610 | return false; |
---|
1611 | |
---|
1612 | subkey = regfi_iterator_cur_subkey(i); |
---|
1613 | if(subkey == NULL) |
---|
1614 | { |
---|
1615 | free(pos); |
---|
1616 | return false; |
---|
1617 | } |
---|
1618 | |
---|
1619 | pos->nk = i->cur_key; |
---|
1620 | pos->cur_subkey = i->cur_subkey; |
---|
1621 | if(!void_stack_push(i->key_positions, pos)) |
---|
1622 | { |
---|
1623 | free(pos); |
---|
1624 | regfi_key_free(subkey); |
---|
1625 | return false; |
---|
1626 | } |
---|
1627 | |
---|
1628 | i->cur_key = subkey; |
---|
1629 | i->cur_subkey = 0; |
---|
1630 | i->cur_value = 0; |
---|
1631 | |
---|
1632 | return true; |
---|
1633 | } |
---|
1634 | |
---|
1635 | |
---|
1636 | /****************************************************************************** |
---|
1637 | *****************************************************************************/ |
---|
1638 | bool regfi_iterator_up(REGFI_ITERATOR* i) |
---|
1639 | { |
---|
1640 | REGFI_ITER_POSITION* pos; |
---|
1641 | |
---|
1642 | pos = (REGFI_ITER_POSITION*)void_stack_pop(i->key_positions); |
---|
1643 | if(pos == NULL) |
---|
1644 | return false; |
---|
1645 | |
---|
1646 | regfi_key_free(i->cur_key); |
---|
1647 | i->cur_key = pos->nk; |
---|
1648 | i->cur_subkey = pos->cur_subkey; |
---|
1649 | i->cur_value = 0; |
---|
1650 | free(pos); |
---|
1651 | |
---|
1652 | return true; |
---|
1653 | } |
---|
1654 | |
---|
1655 | |
---|
1656 | /****************************************************************************** |
---|
1657 | *****************************************************************************/ |
---|
1658 | bool regfi_iterator_to_root(REGFI_ITERATOR* i) |
---|
1659 | { |
---|
1660 | while(regfi_iterator_up(i)) |
---|
1661 | continue; |
---|
1662 | |
---|
1663 | return true; |
---|
1664 | } |
---|
1665 | |
---|
1666 | |
---|
1667 | /****************************************************************************** |
---|
1668 | *****************************************************************************/ |
---|
1669 | bool regfi_iterator_find_subkey(REGFI_ITERATOR* i, const char* subkey_name) |
---|
1670 | { |
---|
1671 | REGF_NK_REC* subkey; |
---|
1672 | bool found = false; |
---|
1673 | uint32 old_subkey = i->cur_subkey; |
---|
1674 | |
---|
1675 | if(subkey_name == NULL) |
---|
1676 | return false; |
---|
1677 | |
---|
1678 | /* XXX: this alloc/free of each sub key might be a bit excessive */ |
---|
1679 | subkey = regfi_iterator_first_subkey(i); |
---|
1680 | while((subkey != NULL) && (found == false)) |
---|
1681 | { |
---|
1682 | if(subkey->keyname != NULL |
---|
1683 | && strcasecmp(subkey->keyname, subkey_name) == 0) |
---|
1684 | found = true; |
---|
1685 | |
---|
1686 | regfi_key_free(subkey); |
---|
1687 | subkey = regfi_iterator_next_subkey(i); |
---|
1688 | } |
---|
1689 | |
---|
1690 | if(found == false) |
---|
1691 | { |
---|
1692 | i->cur_subkey = old_subkey; |
---|
1693 | return false; |
---|
1694 | } |
---|
1695 | |
---|
1696 | return true; |
---|
1697 | } |
---|
1698 | |
---|
1699 | |
---|
1700 | /****************************************************************************** |
---|
1701 | *****************************************************************************/ |
---|
1702 | bool regfi_iterator_walk_path(REGFI_ITERATOR* i, const char** path) |
---|
1703 | { |
---|
1704 | uint32 x; |
---|
1705 | if(path == NULL) |
---|
1706 | return false; |
---|
1707 | |
---|
1708 | for(x=0; |
---|
1709 | ((path[x] != NULL) && regfi_iterator_find_subkey(i, path[x]) |
---|
1710 | && regfi_iterator_down(i)); |
---|
1711 | x++) |
---|
1712 | { continue; } |
---|
1713 | |
---|
1714 | if(path[x] == NULL) |
---|
1715 | return true; |
---|
1716 | |
---|
1717 | /* XXX: is this the right number of times? */ |
---|
1718 | for(; x > 0; x--) |
---|
1719 | regfi_iterator_up(i); |
---|
1720 | |
---|
1721 | return false; |
---|
1722 | } |
---|
1723 | |
---|
1724 | |
---|
1725 | /****************************************************************************** |
---|
1726 | *****************************************************************************/ |
---|
1727 | REGF_NK_REC* regfi_iterator_cur_key(REGFI_ITERATOR* i); |
---|
1728 | { |
---|
1729 | return i->cur_key; |
---|
1730 | } |
---|
1731 | |
---|
1732 | |
---|
1733 | /****************************************************************************** |
---|
1734 | *****************************************************************************/ |
---|
1735 | REGF_NK_REC* regfi_iterator_first_subkey(REGFI_ITERATOR* i) |
---|
1736 | { |
---|
1737 | REGF_NK_REC* subkey; |
---|
1738 | REGF_HBIN* hbin; |
---|
1739 | |
---|
1740 | i->cur_subkey = 0; |
---|
1741 | return regfi_iterator_cur_subkey(i); |
---|
1742 | } |
---|
1743 | |
---|
1744 | |
---|
1745 | /****************************************************************************** |
---|
1746 | *****************************************************************************/ |
---|
1747 | REGF_NK_REC* regfi_iterator_cur_subkey(REGFI_ITERATOR* i) |
---|
1748 | { |
---|
1749 | REGF_NK_REC* subkey; |
---|
1750 | REGF_HBIN* hbin; |
---|
1751 | uint32 nk_offset; |
---|
1752 | |
---|
1753 | /* see if there is anything left to report */ |
---|
1754 | if (!(i->cur_key) || (i->cur_key->subkeys_off==REGF_OFFSET_NONE) |
---|
1755 | || (i->cur_subkey >= i->cur_key->num_subkeys)) |
---|
1756 | return NULL; |
---|
1757 | |
---|
1758 | nk_offset = i->cur_key->subkeys.hashes[i->cur_subkey].nk_off; |
---|
1759 | |
---|
1760 | /* find the HBIN block which should contain the nk record */ |
---|
1761 | hbin = lookup_hbin_block(i->f, nk_offset); |
---|
1762 | if(!hbin) |
---|
1763 | { |
---|
1764 | /* XXX: should print out some kind of error message every time here */ |
---|
1765 | /*DEBUG(0,("hbin_prs_key: Failed to find HBIN block containing offset [0x%x]\n", |
---|
1766 | i->cur_key->subkeys.hashes[i->cur_subkey].nk_off));*/ |
---|
1767 | return NULL; |
---|
1768 | } |
---|
1769 | |
---|
1770 | if(!prs_set_offset(&hbin->ps, |
---|
1771 | HBIN_HDR_SIZE + nk_offset - hbin->first_hbin_off)) |
---|
1772 | return NULL; |
---|
1773 | |
---|
1774 | if(!(subkey = (REGF_NK_REC*)zalloc(sizeof(REGF_NK_REC)))) |
---|
1775 | return NULL; |
---|
1776 | |
---|
1777 | if(!hbin_prs_key(i->f, hbin, subkey)) |
---|
1778 | { |
---|
1779 | regfi_key_free(subkey); |
---|
1780 | return NULL; |
---|
1781 | } |
---|
1782 | |
---|
1783 | return subkey; |
---|
1784 | } |
---|
1785 | |
---|
1786 | |
---|
1787 | /****************************************************************************** |
---|
1788 | *****************************************************************************/ |
---|
1789 | /* XXX: some way of indicating reason for failure should be added. */ |
---|
1790 | REGF_NK_REC* regfi_iterator_next_subkey(REGFI_ITERATOR* i) |
---|
1791 | { |
---|
1792 | REGF_NK_REC* subkey; |
---|
1793 | |
---|
1794 | i->cur_subkey++; |
---|
1795 | subkey = regfi_iterator_cur_subkey(i); |
---|
1796 | |
---|
1797 | if(subkey == NULL) |
---|
1798 | i->cur_subkey--; |
---|
1799 | |
---|
1800 | return subkey; |
---|
1801 | } |
---|
1802 | |
---|
1803 | |
---|
1804 | /****************************************************************************** |
---|
1805 | *****************************************************************************/ |
---|
1806 | bool regfi_iterator_find_value(REGFI_ITERATOR* i, const char* value_name) |
---|
1807 | { |
---|
1808 | REGF_VK_REC* cur; |
---|
1809 | bool found = false; |
---|
1810 | |
---|
1811 | /* XXX: cur->valuename can be NULL in the registry. |
---|
1812 | * Should we allow for a way to search for that? |
---|
1813 | */ |
---|
1814 | if(value_name == NULL) |
---|
1815 | return false; |
---|
1816 | |
---|
1817 | cur = regfi_iterator_first_value(i); |
---|
1818 | while((cur != NULL) && (found == false)) |
---|
1819 | { |
---|
1820 | if((cur->valuename != NULL) |
---|
1821 | && (strcasecmp(cur->valuename, value_name) == 0)) |
---|
1822 | found = true; |
---|
1823 | cur = retfi_iterator_next_value(i); |
---|
1824 | } |
---|
1825 | |
---|
1826 | if(cur == NULL) |
---|
1827 | return false; |
---|
1828 | |
---|
1829 | return true; |
---|
1830 | } |
---|
1831 | |
---|
1832 | |
---|
1833 | /****************************************************************************** |
---|
1834 | *****************************************************************************/ |
---|
1835 | REGF_VK_REC* regfi_iterator_first_value(REGFI_ITERATOR* i) |
---|
1836 | { |
---|
1837 | i->cur_value = 0; |
---|
1838 | return regfi_iterator_cur_value(i); |
---|
1839 | } |
---|
1840 | |
---|
1841 | |
---|
1842 | /****************************************************************************** |
---|
1843 | *****************************************************************************/ |
---|
1844 | REGF_VK_REC* regfi_iterator_cur_value(REGFI_ITERATOR* i) |
---|
1845 | { |
---|
1846 | REGF_VK_REC* ret_val = NULL; |
---|
1847 | if(i->cur_value < i->cur_key->num_values) |
---|
1848 | ret_val = i->cur_key->values[i]; |
---|
1849 | |
---|
1850 | return ret_val; |
---|
1851 | } |
---|
1852 | |
---|
1853 | |
---|
1854 | /****************************************************************************** |
---|
1855 | *****************************************************************************/ |
---|
1856 | REGF_VK_REC* regfi_iterator_next_value(REGFI_ITERATOR* i) |
---|
1857 | { |
---|
1858 | REGF_VK_REC* ret_val; |
---|
1859 | |
---|
1860 | i->cur_value++; |
---|
1861 | ret_val = regfi_iterator_cur_value(i); |
---|
1862 | if(ret_val == NULL) |
---|
1863 | i->cur_value--; |
---|
1864 | |
---|
1865 | return ret_val; |
---|
1866 | } |
---|