Context Navigation

source: trunk/src/reglookup.c@ 209

Last change on this file since 209 was 206, checked in by tim, 15 years ago

simplified part of regfi API to move string encoding to the REGFI_FILE object

additional pyregfi implementation

Property svn:keywords set to Id

File size: 17.3 KB

Rev	Line
[30]	1	/*
[135]	2	* A utility to read a Windows NT and later registry files.
[30]	3	*
[170]	4	* Copyright (C) 2005-2010 Timothy D. Morgan
	5	* Copyright (C) 2010 Tobias Mueller (portions of '-i' code)
[42]	6	* Copyright (C) 2002 Richard Sharpe, rsharpe@richardsharpe.com
[30]	7	*
	8	* This program is free software; you can redistribute it and/or modify
	9	* it under the terms of the GNU General Public License as published by
[111]	10	* the Free Software Foundation; version 3 of the License.
[30]	11	*
	12	* This program is distributed in the hope that it will be useful,
	13	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	14	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	15	* GNU General Public License for more details.
	16	*
	17	* You should have received a copy of the GNU General Public License
	18	* along with this program; if not, write to the Free Software
	19	* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
	20	*
	21	* $Id: reglookup.c 206 2010-08-25 15:20:32Z tim $
	22	*/
	23
	24
	25	#include <stdlib.h>
	26	#include <stdio.h>
	27	#include <string.h>
[33]	28	#include <strings.h>
[42]	29	#include <time.h>
[147]	30	#include "regfi.h"
	31	#include "void_stack.h"
[30]	32
[40]	33	/* Globals, influenced by command line parameters */
[170]	34	bool print_value_mtime = false;
[40]	35	bool print_verbose = false;
	36	bool print_security = false;
[42]	37	bool print_header = true;
[40]	38	bool path_filter_enabled = false;
	39	bool type_filter_enabled = false;
	40	char* path_filter = NULL;
	41	int type_filter;
[181]	42	const char* registry_file = NULL;
[40]	43
[42]	44	/* Other globals */
[135]	45	REGFI_FILE* f;
[66]	46
[40]	47
[116]	48	/* XXX: A hack to share some functions with reglookup-recover.c.
[125]	49	* Should move these into a proper library at some point.
[111]	50	*/
	51	#include "common.c"
[61]	52
[38]	53
[203]	54	void printValue(REGFI_ITERATOR* iter, const REGFI_VK* vk, char* prefix)
[41]	55	{
[184]	56	const REGFI_DATA* data;
[111]	57	char* quoted_value = NULL;
	58	char* quoted_name = NULL;
	59	char* conv_error = NULL;
	60	const char* str_type = NULL;
[170]	61	char mtime[20];
	62	time_t tmp_time[1];
	63	struct tm* tmp_time_s = NULL;
[41]	64
[172]	65	quoted_name = get_quoted_valuename(vk);
[111]	66	if (quoted_name == NULL)
	67	{ /* Value names are NULL when we're looking at the "(default)" value.
	68	* Currently we just return a 0-length string to try an eliminate
	69	* ambiguity with a literal "(default)" value. The data type of a line
	70	* in the output allows one to differentiate between the parent key and
	71	* this value.
	72	*/
	73	quoted_name = malloc(1*sizeof(char));
	74	if(quoted_name == NULL)
[143]	75	bailOut(REGLOOKUP_EXIT_OSERR, "ERROR: Could not allocate sufficient memory.\n");
[111]	76	quoted_name[0] = '\0';
	77	}
[159]	78
[206]	79	data = regfi_fetch_data(iter->f, vk);
[41]	80
[159]	81	printMsgs(iter->f);
	82	if(data != NULL)
[41]	83	{
[159]	84	quoted_value = data_to_ascii(data, &conv_error);
[138]	85	if(quoted_value == NULL)
	86	{
	87	if(conv_error == NULL)
	88	fprintf(stderr, "WARN: Could not quote value for '%s/%s'. "
	89	"Memory allocation failure likely.\n", prefix, quoted_name);
	90	else
	91	fprintf(stderr, "WARN: Could not quote value for '%s/%s'. "
	92	"Returned error: %s\n", prefix, quoted_name, conv_error);
	93	}
[159]	94	else if(conv_error != NULL)
	95	fprintf(stderr, "WARN: While quoting value for '%s/%s', "
[138]	96	"warning returned: %s\n", prefix, quoted_name, conv_error);
[184]	97	regfi_free_record(data);
[138]	98	}
[41]	99
[170]	100	if(print_value_mtime)
	101	{
	102	*tmp_time = regfi_nt2unix_time(&iter->cur_key->mtime);
	103	tmp_time_s = gmtime(tmp_time);
	104	strftime(mtime, sizeof(mtime), "%Y-%m-%d %H:%M:%S", tmp_time_s);
	105	}
	106	else
	107	mtime[0] = '\0';
	108
[111]	109	str_type = regfi_type_val2str(vk->type);
	110	if(print_security)
[41]	111	{
[111]	112	if(str_type == NULL)
[170]	113	printf("%s/%s,0x%.8X,%s,%s,,,,\n", prefix, quoted_name,
	114	vk->type, quoted_value, mtime);
[66]	115	else
[170]	116	printf("%s/%s,%s,%s,%s,,,,\n", prefix, quoted_name,
	117	str_type, quoted_value, mtime);
[71]	118	}
[111]	119	else
	120	{
	121	if(str_type == NULL)
[170]	122	printf("%s/%s,0x%.8X,%s,%s\n", prefix, quoted_name,
	123	vk->type, quoted_value, mtime);
[111]	124	else
[170]	125	printf("%s/%s,%s,%s,%s\n", prefix, quoted_name,
	126	str_type, quoted_value, mtime);
[111]	127	}
[42]	128
[111]	129	if(quoted_value != NULL)
	130	free(quoted_value);
	131	if(quoted_name != NULL)
	132	free(quoted_name);
	133	if(conv_error != NULL)
	134	free(conv_error);
[41]	135	}
	136
	137
[81]	138	char** splitPath(const char* s)
[30]	139	{
[81]	140	char** ret_val;
[38]	141	const char* cur = s;
[33]	142	char* next = NULL;
[38]	143	char* copy;
[168]	144	uint32_t ret_cur = 0;
[38]	145
[135]	146	ret_val = (char*)malloc((REGFI_MAX_DEPTH+1+1)sizeof(char**));
[81]	147	if (ret_val == NULL)
[38]	148	return NULL;
[81]	149	ret_val[0] = NULL;
	150
	151	/* We return a well-formed, 0-length, path even when input is icky. */
[37]	152	if (s == NULL)
[81]	153	return ret_val;
[38]	154
	155	while((next = strchr(cur, '/')) != NULL)
[33]	156	{
[38]	157	if ((next-cur) > 0)
	158	{
	159	copy = (char)malloc((next-cur+1)sizeof(char));
	160	if(copy == NULL)
[143]	161	bailOut(REGLOOKUP_EXIT_OSERR, "ERROR: Memory allocation problem.\n");
[38]	162
	163	memcpy(copy, cur, next-cur);
	164	copy[next-cur] = '\0';
[81]	165	ret_val[ret_cur++] = copy;
[135]	166	if(ret_cur < (REGFI_MAX_DEPTH+1+1))
[81]	167	ret_val[ret_cur] = NULL;
	168	else
[143]	169	bailOut(REGLOOKUP_EXIT_DATAERR, "ERROR: Registry maximum depth exceeded.\n");
[38]	170	}
	171	cur = next+1;
[33]	172	}
[81]	173
	174	/* Grab last element, if path doesn't end in '/'. */
[33]	175	if(strlen(cur) > 0)
[38]	176	{
	177	copy = strdup(cur);
[81]	178	ret_val[ret_cur++] = copy;
[135]	179	if(ret_cur < (REGFI_MAX_DEPTH+1+1))
[81]	180	ret_val[ret_cur] = NULL;
	181	else
[143]	182	bailOut(REGLOOKUP_EXIT_DATAERR, "ERROR: Registry maximum depth exceeded.\n");
[38]	183	}
[33]	184
	185	return ret_val;
	186	}
	187
[81]	188
[83]	189	void freePath(char** path)
	190	{
[168]	191	uint32_t i;
[83]	192
	193	if(path == NULL)
	194	return;
	195
	196	for(i=0; path[i] != NULL; i++)
	197	free(path[i]);
	198
	199	free(path);
	200	}
	201
	202
[81]	203	/* Returns a quoted path from an iterator's stack */
	204	char* iter2Path(REGFI_ITERATOR* i)
[33]	205	{
[81]	206	const REGFI_ITER_POSITION* cur;
[203]	207	const REGFI_NK* tmp_key;
[168]	208	uint32_t buf_left = 127;
	209	uint32_t buf_len = buf_left+1;
	210	uint32_t name_len = 0;
	211	uint32_t grow_amt;
[81]	212	char* buf;
[31]	213	char* new_buf;
[66]	214	char* name;
[31]	215	void_stack_iterator* iter;
	216
	217	buf = (char)malloc((buf_len)sizeof(char));
	218	if (buf == NULL)
	219	return NULL;
[54]	220	buf[0] = '\0';
[30]	221
[81]	222	iter = void_stack_iterator_new(i->key_positions);
[31]	223	if (iter == NULL)
[30]	224	{
[31]	225	free(buf);
	226	return NULL;
[30]	227	}
	228
[33]	229	/* skip root element */
[81]	230	if(void_stack_size(i->key_positions) < 1)
	231	{
	232	buf[0] = '/';
	233	buf[1] = '\0';
	234	return buf;
	235	}
[33]	236	cur = void_stack_iterator_next(iter);
	237
[81]	238	do
[31]	239	{
[81]	240	cur = void_stack_iterator_next(iter);
	241	if (cur == NULL)
[161]	242	tmp_key = i->cur_key;
[81]	243	else
[161]	244	tmp_key = cur->nk;
[81]	245
[172]	246	name = get_quoted_keyname(tmp_key);
[161]	247
[33]	248	buf[buf_len-buf_left-1] = '/';
	249	buf_left -= 1;
[66]	250	name_len = strlen(name);
[31]	251	if(name_len+1 > buf_left)
	252	{
[168]	253	grow_amt = (uint32_t)(buf_len/2);
[31]	254	buf_len += name_len+1+grow_amt-buf_left;
	255	if((new_buf = realloc(buf, buf_len)) == NULL)
	256	{
[136]	257	free(name);
[31]	258	free(buf);
	259	free(iter);
	260	return NULL;
	261	}
	262	buf = new_buf;
	263	buf_left = grow_amt + name_len + 1;
	264	}
[66]	265	strncpy(buf+(buf_len-buf_left-1), name, name_len);
[31]	266	buf_left -= name_len;
	267	buf[buf_len-buf_left-1] = '\0';
[66]	268	free(name);
[81]	269	} while(cur != NULL);
[30]	270
[31]	271	return buf;
	272	}
[30]	273
[31]	274
[137]	275	void printValueList(REGFI_ITERATOR* iter, char* prefix)
[32]	276	{
[203]	277	const REGFI_VK* value;
[80]	278
[199]	279	regfi_iterator_first_value(iter);
	280	while((value = regfi_iterator_cur_value(iter)) != NULL)
[81]	281	{
	282	if(!type_filter_enabled \|\| (value->type == type_filter))
[159]	283	printValue(iter, value, prefix);
[184]	284	regfi_free_record(value);
[199]	285	regfi_iterator_next_value(iter);
[138]	286	printMsgs(iter->f);
[81]	287	}
[33]	288	}
	289
[37]	290
[137]	291	void printKey(REGFI_ITERATOR* iter, char* full_path)
[33]	292	{
[43]	293	static char empty_str[1] = "";
[42]	294	char* owner = NULL;
	295	char* group = NULL;
	296	char* sacl = NULL;
	297	char* dacl = NULL;
[178]	298	char mtime[24];
[125]	299	char* quoted_classname;
[203]	300	const REGFI_SK* sk;
	301	const REGFI_NK* key = regfi_iterator_cur_key(iter);
[184]	302	const REGFI_CLASSNAME* classname;
[42]	303
[184]	304	formatTime(&key->mtime, mtime);
[43]	305
[206]	306	if(print_security && (sk=regfi_fetch_sk(iter->f, key)))
[43]	307	{
[109]	308	owner = regfi_get_owner(sk->sec_desc);
	309	group = regfi_get_group(sk->sec_desc);
	310	sacl = regfi_get_sacl(sk->sec_desc);
	311	dacl = regfi_get_dacl(sk->sec_desc);
[184]	312	regfi_free_record(sk);
	313
[43]	314	if(owner == NULL)
	315	owner = empty_str;
	316	if(group == NULL)
	317	group = empty_str;
	318	if(sacl == NULL)
	319	sacl = empty_str;
	320	if(dacl == NULL)
	321	dacl = empty_str;
	322
[206]	323	classname = regfi_fetch_classname(iter->f, key);
[160]	324	printMsgs(iter->f);
	325	if(classname != NULL)
[126]	326	{
[160]	327	if(classname->interpreted == NULL)
[126]	328	{
[160]	329	fprintf(stderr, "WARN: Could not convert class name"
	330	" charset for key '%s'. Quoting raw...\n", full_path);
	331	quoted_classname = quote_buffer(classname->raw, classname->size,
	332	key_special_chars);
[126]	333	}
[160]	334	else
	335	quoted_classname = quote_string(classname->interpreted,
	336	key_special_chars);
	337
	338	if(quoted_classname == NULL)
[126]	339	{
[160]	340	fprintf(stderr, "ERROR: Could not quote classname"
	341	" for key '%s' due to unknown error.\n", full_path);
	342	quoted_classname = empty_str;
[126]	343	}
	344	}
[125]	345	else
	346	quoted_classname = empty_str;
[184]	347	regfi_free_record(classname);
[43]	348
[138]	349	printMsgs(iter->f);
[125]	350	printf("%s,KEY,,%s,%s,%s,%s,%s,%s\n", full_path, mtime,
	351	owner, group, sacl, dacl, quoted_classname);
	352
[43]	353	if(owner != empty_str)
	354	free(owner);
	355	if(group != empty_str)
	356	free(group);
	357	if(sacl != empty_str)
	358	free(sacl);
	359	if(dacl != empty_str)
	360	free(dacl);
[125]	361	if(quoted_classname != empty_str)
	362	free(quoted_classname);
[43]	363	}
	364	else
[66]	365	printf("%s,KEY,,%s\n", full_path, mtime);
[184]	366
	367	regfi_free_record(key);
[43]	368	}
	369
	370
[81]	371	void printKeyTree(REGFI_ITERATOR* iter)
[43]	372	{
[203]	373	const REGFI_NK* root = NULL;
	374	const REGFI_NK* cur = NULL;
	375	const REGFI_NK* sub = NULL;
[43]	376	char* path = NULL;
[78]	377	int key_type = regfi_type_str2val("KEY");
[81]	378	bool print_this = true;
	379
	380	root = cur = regfi_iterator_cur_key(iter);
[199]	381	regfi_iterator_first_subkey(iter);
	382	sub = regfi_iterator_cur_subkey(iter);
[138]	383	printMsgs(iter->f);
[137]	384
[81]	385	if(root == NULL)
[143]	386	bailOut(REGLOOKUP_EXIT_DATAERR, "ERROR: root cannot be NULL.\n");
[81]	387
	388	do
[31]	389	{
[81]	390	if(print_this)
[54]	391	{
[81]	392	path = iter2Path(iter);
	393	if(path == NULL)
[143]	394	bailOut(REGLOOKUP_EXIT_OSERR, "ERROR: Could not construct iterator's path.\n");
[137]	395
[81]	396	if(!type_filter_enabled \|\| (key_type == type_filter))
[109]	397	printKey(iter, path);
[81]	398	if(!type_filter_enabled \|\| (key_type != type_filter))
	399	printValueList(iter, path);
	400
	401	free(path);
[54]	402	}
[66]	403
[81]	404	if(sub == NULL)
[31]	405	{
[81]	406	if(cur != root)
[31]	407	{
[81]	408	/* We're done with this sub-tree, going up and hitting other branches. */
	409	if(!regfi_iterator_up(iter))
[137]	410	{
[138]	411	printMsgs(iter->f);
[143]	412	bailOut(REGLOOKUP_EXIT_DATAERR, "ERROR: could not traverse iterator upward.\n");
[137]	413	}
	414
[81]	415	cur = regfi_iterator_cur_key(iter);
	416	if(cur == NULL)
[137]	417	{
[138]	418	printMsgs(iter->f);
[143]	419	bailOut(REGLOOKUP_EXIT_DATAERR, "ERROR: unexpected NULL for key.\n");
[137]	420	}
[150]	421
[199]	422	regfi_iterator_next_subkey(iter);
	423	sub = regfi_iterator_cur_subkey(iter);
[66]	424	}
[81]	425	print_this = false;
[31]	426	}
[81]	427	else
	428	{ /* We have unexplored sub-keys.
	429	* Let's move down and print this first sub-tree out.
	430	*/
	431	if(!regfi_iterator_down(iter))
[137]	432	{
[138]	433	printMsgs(iter->f);
[143]	434	bailOut(REGLOOKUP_EXIT_DATAERR, "ERROR: could not traverse iterator downward.\n");
[137]	435	}
[81]	436
[150]	437	cur = regfi_iterator_cur_key(iter);
[184]	438	regfi_free_record(sub);
[199]	439	regfi_iterator_first_subkey(iter);
	440	sub = regfi_iterator_cur_subkey(iter);
[81]	441	print_this = true;
	442	}
[138]	443	printMsgs(iter->f);
[81]	444	} while(!((cur == root) && (sub == NULL)));
	445
[54]	446	if(print_verbose)
[138]	447	fprintf(stderr, "INFO: Finished printing key tree.\n");
[30]	448	}
	449
[81]	450
[140]	451	/* XXX: What if there is BOTH a value AND a key with that name??
	452	* What if there are multiple keys/values with the same name??
	453	*/
[33]	454	/*
[80]	455	* Returns 0 if path was not found.
	456	* Returns 1 if path was found as value.
	457	* Returns 2 if path was found as key.
[33]	458	* Returns less than 0 on other error.
	459	*/
[80]	460	int retrievePath(REGFI_ITERATOR* iter, char** path)
[33]	461	{
[203]	462	const REGFI_VK* value;
[81]	463	char* tmp_path_joined;
	464	const char** tmp_path;
[168]	465	uint32_t i;
[80]	466
	467	if(path == NULL)
[33]	468	return -1;
	469
[80]	470	/* One extra for any value at the end, and one more for NULL */
[135]	471	tmp_path = (const char)malloc(sizeof(const char)*(REGFI_MAX_DEPTH+1+1));
[80]	472	if(tmp_path == NULL)
[33]	473	return -2;
	474
[80]	475	/* Strip any potential value name at end of path */
	476	for(i=0;
[136]	477	(path[i] != NULL) && (path[i+1] != NULL) && (i < REGFI_MAX_DEPTH+1);
[80]	478	i++)
[136]	479	{ tmp_path[i] = path[i]; }
[80]	480	tmp_path[i] = NULL;
	481
[54]	482	if(print_verbose)
[138]	483	fprintf(stderr, "INFO: Attempting to retrieve specified path: %s\n",
[54]	484	path_filter);
	485
[82]	486	/* Special check for '/' path filter */
	487	if(path[0] == NULL)
	488	{
	489	if(print_verbose)
[138]	490	fprintf(stderr, "INFO: Found final path element as root key.\n");
[136]	491	free(tmp_path);
[82]	492	return 2;
	493	}
	494
[80]	495	if(!regfi_iterator_walk_path(iter, tmp_path))
[33]	496	{
[138]	497	printMsgs(iter->f);
[80]	498	free(tmp_path);
	499	return 0;
[33]	500	}
	501
[80]	502	if(regfi_iterator_find_value(iter, path[i]))
	503	{
	504	if(print_verbose)
[138]	505	fprintf(stderr, "INFO: Found final path element as value.\n");
[33]	506
[80]	507	value = regfi_iterator_cur_value(iter);
[138]	508	printMsgs(iter->f);
[81]	509	tmp_path_joined = iter2Path(iter);
[54]	510
[80]	511	if((value == NULL) \|\| (tmp_path_joined == NULL))
[143]	512	bailOut(REGLOOKUP_EXIT_OSERR, "ERROR: Unexpected error before printValue.\n");
[54]	513
[121]	514	if(!type_filter_enabled \|\| (value->type == type_filter))
[159]	515	printValue(iter, value, tmp_path_joined);
[54]	516
[184]	517	regfi_free_record(value);
[80]	518	free(tmp_path);
	519	free(tmp_path_joined);
	520	return 1;
[33]	521	}
[80]	522	else if(regfi_iterator_find_subkey(iter, path[i]))
[33]	523	{
[138]	524	printMsgs(iter->f);
[80]	525	if(print_verbose)
[138]	526	fprintf(stderr, "INFO: Found final path element as key.\n");
[82]	527
	528	if(!regfi_iterator_down(iter))
[137]	529	{
[138]	530	printMsgs(iter->f);
[143]	531	bailOut(REGLOOKUP_EXIT_DATAERR, "ERROR: Unexpected error on traversing path filter key.\n");
[137]	532	}
[82]	533
[80]	534	return 2;
[33]	535	}
[138]	536	printMsgs(iter->f);
[33]	537
[54]	538	if(print_verbose)
[138]	539	fprintf(stderr, "INFO: Could not find last element of path.\n");
[54]	540
[80]	541	return 0;
[33]	542	}
	543
	544
[37]	545	static void usage(void)
	546	{
[61]	547	fprintf(stderr, "Usage: reglookup [-v] [-s]"
[40]	548	" [-p <PATH_FILTER>] [-t <TYPE_FILTER>]"
[39]	549	" <REGISTRY_FILE>\n");
[111]	550	fprintf(stderr, "Version: %s\n", REGLOOKUP_VERSION);
[39]	551	fprintf(stderr, "Options:\n");
	552	fprintf(stderr, "\t-v\t sets verbose mode.\n");
[47]	553	fprintf(stderr, "\t-h\t enables header row. (default)\n");
	554	fprintf(stderr, "\t-H\t disables header row.\n");
[44]	555	fprintf(stderr, "\t-s\t enables security descriptor output.\n");
	556	fprintf(stderr, "\t-S\t disables security descriptor output. (default)\n");
[40]	557	fprintf(stderr, "\t-p\t restrict output to elements below this path.\n");
	558	fprintf(stderr, "\t-t\t restrict results to this specific data type.\n");
[170]	559	fprintf(stderr, "\t-i\t includes parent key modification times with child values.\n");
[37]	560	fprintf(stderr, "\n");
	561	}
	562
	563
[30]	564	int main(int argc, char** argv)
	565	{
[80]	566	char** path = NULL;
	567	REGFI_ITERATOR* iter;
[178]	568	int retr_path_ret, fd;
[168]	569	uint32_t argi, arge;
[31]	570
[37]	571	/* Process command line arguments */
[30]	572	if(argc < 2)
	573	{
[37]	574	usage();
[143]	575	bailOut(REGLOOKUP_EXIT_USAGE, "ERROR: Requires at least one argument.\n");
[30]	576	}
[37]	577
[44]	578	arge = argc-1;
	579	for(argi = 1; argi < arge; argi++)
[37]	580	{
[40]	581	if (strcmp("-p", argv[argi]) == 0)
[37]	582	{
[44]	583	if(++argi >= arge)
[37]	584	{
	585	usage();
[143]	586	bailOut(REGLOOKUP_EXIT_USAGE, "ERROR: '-p' option requires parameter.\n");
[37]	587	}
[40]	588	if((path_filter = strdup(argv[argi])) == NULL)
[143]	589	bailOut(REGLOOKUP_EXIT_OSERR, "ERROR: Memory allocation problem.\n");
[38]	590
[40]	591	path_filter_enabled = true;
[37]	592	}
	593	else if (strcmp("-t", argv[argi]) == 0)
	594	{
[44]	595	if(++argi >= arge)
[37]	596	{
	597	usage();
[143]	598	bailOut(REGLOOKUP_EXIT_USAGE, "ERROR: '-t' option requires parameter.\n");
[37]	599	}
[78]	600	if((type_filter = regfi_type_str2val(argv[argi])) < 0)
[40]	601	{
	602	fprintf(stderr, "ERROR: Invalid type specified: %s.\n", argv[argi]);
[143]	603	bailOut(REGLOOKUP_EXIT_USAGE, "");
[40]	604	}
[37]	605	type_filter_enabled = true;
	606	}
[47]	607	else if (strcmp("-h", argv[argi]) == 0)
	608	print_header = true;
	609	else if (strcmp("-H", argv[argi]) == 0)
	610	print_header = false;
[37]	611	else if (strcmp("-s", argv[argi]) == 0)
	612	print_security = true;
[44]	613	else if (strcmp("-S", argv[argi]) == 0)
	614	print_security = false;
[37]	615	else if (strcmp("-v", argv[argi]) == 0)
	616	print_verbose = true;
[170]	617	else if (strcmp("-i", argv[argi]) == 0)
	618	print_value_mtime = true;
[44]	619	else
[37]	620	{
[38]	621	usage();
[37]	622	fprintf(stderr, "ERROR: Unrecognized option: %s\n", argv[argi]);
[143]	623	bailOut(REGLOOKUP_EXIT_USAGE, "");
[37]	624	}
	625	}
[181]	626	registry_file = argv[argi];
[30]	627
[182]	628	if(print_verbose)
[185]	629	regfi_log_set_mask(REGFI_LOG_INFO\|REGFI_LOG_WARN\|REGFI_LOG_ERROR);
[182]	630
[178]	631	fd = openHive(registry_file);
	632	if(fd < 0)
[37]	633	{
	634	fprintf(stderr, "ERROR: Couldn't open registry file: %s\n", registry_file);
[143]	635	bailOut(REGLOOKUP_EXIT_NOINPUT, "");
[37]	636	}
[182]	637
[206]	638	/* XXX: add command line option to choose output encoding */
	639	f = regfi_alloc(fd, REGFI_ENCODING_ASCII);
[178]	640	if(f == NULL)
	641	{
	642	close(fd);
	643	bailOut(REGLOOKUP_EXIT_NOINPUT, "ERROR: Failed to create REGFI_FILE structure.\n");
	644	}
	645
[206]	646	iter = regfi_iterator_new(f);
[80]	647	if(iter == NULL)
[158]	648	{
	649	printMsgs(f);
[143]	650	bailOut(REGLOOKUP_EXIT_OSERR, "ERROR: Couldn't create registry iterator.\n");
[158]	651	}
[30]	652
[81]	653	if(print_header)
	654	{
	655	if(print_security)
[125]	656	printf("PATH,TYPE,VALUE,MTIME,OWNER,GROUP,SACL,DACL,CLASS\n");
[81]	657	else
	658	printf("PATH,TYPE,VALUE,MTIME\n");
	659	}
	660
[80]	661	if(path_filter_enabled && path_filter != NULL)
	662	path = splitPath(path_filter);
[81]	663
[80]	664	if(path != NULL)
[33]	665	{
[80]	666	retr_path_ret = retrievePath(iter, path);
[138]	667	printMsgs(iter->f);
[83]	668	freePath(path);
	669
[80]	670	if(retr_path_ret == 0)
[141]	671	fprintf(stderr, "WARN: Specified path '%s' not found.\n", path_filter);
[80]	672	else if (retr_path_ret == 2)
[81]	673	printKeyTree(iter);
[93]	674	else if(retr_path_ret < 0)
	675	{
	676	fprintf(stderr, "ERROR: retrievePath() returned %d.\n",
	677	retr_path_ret);
[143]	678	bailOut(REGLOOKUP_EXIT_DATAERR,
	679	"ERROR: Unknown error occurred in retrieving path.\n");
[93]	680	}
[33]	681	}
[37]	682	else
[81]	683	printKeyTree(iter);
[31]	684
[80]	685	regfi_iterator_free(iter);
[178]	686	regfi_free(f);
	687	close(fd);
[30]	688
	689	return 0;
	690	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: