1 | /* |
---|
2 | * A utility to read a Windows NT/2K/XP/2K3 registry file, using |
---|
3 | * Gerald Carter''s regfio interface. |
---|
4 | * |
---|
5 | * Copyright (C) 2005 Timothy D. Morgan |
---|
6 | * Copyright (C) 2002 Richard Sharpe, rsharpe@richardsharpe.com |
---|
7 | * |
---|
8 | * This program is free software; you can redistribute it and/or modify |
---|
9 | * it under the terms of the GNU General Public License as published by |
---|
10 | * the Free Software Foundation; version 2 of the License. |
---|
11 | * |
---|
12 | * This program is distributed in the hope that it will be useful, |
---|
13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
---|
14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
---|
15 | * GNU General Public License for more details. |
---|
16 | * |
---|
17 | * You should have received a copy of the GNU General Public License |
---|
18 | * along with this program; if not, write to the Free Software |
---|
19 | * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. |
---|
20 | * |
---|
21 | * $Id: reglookup.c 42 2005-08-04 02:41:25Z tim $ |
---|
22 | */ |
---|
23 | |
---|
24 | |
---|
25 | #include <stdlib.h> |
---|
26 | #include <stdio.h> |
---|
27 | #include <string.h> |
---|
28 | #include <strings.h> |
---|
29 | #include <time.h> |
---|
30 | #include "../include/regfio.h" |
---|
31 | #include "../include/void_stack.h" |
---|
32 | |
---|
33 | /* Globals, influenced by command line parameters */ |
---|
34 | bool print_verbose = false; |
---|
35 | bool print_security = false; |
---|
36 | bool print_header = true; |
---|
37 | bool path_filter_enabled = false; |
---|
38 | bool type_filter_enabled = false; |
---|
39 | char* path_filter = NULL; |
---|
40 | int type_filter; |
---|
41 | char* registry_file = NULL; |
---|
42 | |
---|
43 | /* Other globals */ |
---|
44 | const char* special_chars = ",\"\\"; |
---|
45 | |
---|
46 | void bailOut(int code, char* message) |
---|
47 | { |
---|
48 | fprintf(stderr, message); |
---|
49 | exit(code); |
---|
50 | } |
---|
51 | |
---|
52 | |
---|
53 | /* Returns a newly malloc()ed string which contains original buffer, |
---|
54 | * except for non-printable or special characters are quoted in hex |
---|
55 | * with the syntax '\xQQ' where QQ is the hex ascii value of the quoted |
---|
56 | * character. A null terminator is added, as only ascii, not binary, |
---|
57 | * is returned. |
---|
58 | */ |
---|
59 | static char* quote_buffer(const unsigned char* str, |
---|
60 | unsigned int len, char* special) |
---|
61 | { |
---|
62 | unsigned int i; |
---|
63 | unsigned int num_written=0; |
---|
64 | unsigned int out_len = sizeof(char)*len+1; |
---|
65 | char* ret_val = malloc(out_len); |
---|
66 | |
---|
67 | if(ret_val == NULL) |
---|
68 | return NULL; |
---|
69 | |
---|
70 | for(i=0; i<len; i++) |
---|
71 | { |
---|
72 | if(str[i] < 32 || str[i] > 126 || strchr(special, str[i]) != NULL) |
---|
73 | { |
---|
74 | out_len += 3; |
---|
75 | /* XXX: may not be the most efficient way of getting enough memory. */ |
---|
76 | ret_val = realloc(ret_val, out_len); |
---|
77 | if(ret_val == NULL) |
---|
78 | break; |
---|
79 | num_written += snprintf(ret_val+num_written, (out_len)-num_written, |
---|
80 | "\\x%.2X", str[i]); |
---|
81 | } |
---|
82 | else |
---|
83 | ret_val[num_written++] = str[i]; |
---|
84 | } |
---|
85 | ret_val[num_written] = '\0'; |
---|
86 | |
---|
87 | return ret_val; |
---|
88 | } |
---|
89 | |
---|
90 | |
---|
91 | /* Returns a newly malloc()ed string which contains original string, |
---|
92 | * except for non-printable or special characters are quoted in hex |
---|
93 | * with the syntax '\xQQ' where QQ is the hex ascii value of the quoted |
---|
94 | * character. |
---|
95 | */ |
---|
96 | static char* quote_string(const char* str, char* special) |
---|
97 | { |
---|
98 | unsigned int len; |
---|
99 | |
---|
100 | if(str == NULL) |
---|
101 | return NULL; |
---|
102 | |
---|
103 | len = strlen(str); |
---|
104 | return quote_buffer((const unsigned char*)str, len, special); |
---|
105 | } |
---|
106 | |
---|
107 | |
---|
108 | /* |
---|
109 | * Convert from UniCode to Ascii ... Does not take into account other lang |
---|
110 | * Restrict by ascii_max if > 0 |
---|
111 | */ |
---|
112 | static int uni_to_ascii(unsigned char *uni, unsigned char *ascii, |
---|
113 | int ascii_max, int uni_max) |
---|
114 | { |
---|
115 | int i = 0; |
---|
116 | |
---|
117 | while (i < ascii_max && (uni[i*2] || uni[i*2+1])) |
---|
118 | { |
---|
119 | if (uni_max > 0 && (i*2) >= uni_max) break; |
---|
120 | ascii[i] = uni[i*2]; |
---|
121 | i++; |
---|
122 | } |
---|
123 | ascii[i] = '\0'; |
---|
124 | |
---|
125 | return i; |
---|
126 | } |
---|
127 | |
---|
128 | |
---|
129 | /* |
---|
130 | * Convert a data value to a string for display |
---|
131 | */ |
---|
132 | static unsigned char* data_to_ascii(unsigned char *datap, int len, int type) |
---|
133 | { |
---|
134 | unsigned char *asciip; |
---|
135 | unsigned int i; |
---|
136 | unsigned short num_nulls; |
---|
137 | unsigned char* ascii; |
---|
138 | unsigned char* cur_str; |
---|
139 | unsigned char* cur_ascii; |
---|
140 | char* cur_quoted; |
---|
141 | unsigned int cur_str_len; |
---|
142 | unsigned int ascii_max, cur_str_max; |
---|
143 | unsigned int str_rem, cur_str_rem, alen; |
---|
144 | |
---|
145 | switch (type) |
---|
146 | { |
---|
147 | case REG_SZ: |
---|
148 | if (print_verbose) |
---|
149 | fprintf(stderr, "Len: %d\n", len); |
---|
150 | |
---|
151 | ascii_max = sizeof(char)*len; |
---|
152 | ascii = malloc(ascii_max+4); |
---|
153 | if(ascii == NULL) |
---|
154 | return NULL; |
---|
155 | |
---|
156 | /* XXX: This has to be fixed. It has to be UNICODE */ |
---|
157 | uni_to_ascii(datap, ascii, len, ascii_max); |
---|
158 | cur_quoted = quote_string((char*)ascii, special_chars); |
---|
159 | free(ascii); |
---|
160 | return (unsigned char*)cur_quoted; |
---|
161 | break; |
---|
162 | |
---|
163 | case REG_EXPAND_SZ: |
---|
164 | ascii_max = sizeof(char)*len; |
---|
165 | ascii = malloc(ascii_max+2); |
---|
166 | if(ascii == NULL) |
---|
167 | return NULL; |
---|
168 | |
---|
169 | uni_to_ascii(datap, ascii, len, ascii_max); |
---|
170 | cur_quoted = quote_string((char*)ascii, special_chars); |
---|
171 | free(ascii); |
---|
172 | return (unsigned char*)cur_quoted; |
---|
173 | break; |
---|
174 | |
---|
175 | case REG_DWORD: |
---|
176 | ascii_max = sizeof(char)*10; |
---|
177 | ascii = malloc(ascii_max+1); |
---|
178 | if(ascii == NULL) |
---|
179 | return NULL; |
---|
180 | |
---|
181 | if (*(int *)datap == 0) |
---|
182 | snprintf((char*)ascii, ascii_max, "0"); |
---|
183 | else |
---|
184 | snprintf((char*)ascii, ascii_max, "0x%x", *(int *)datap); |
---|
185 | return ascii; |
---|
186 | break; |
---|
187 | |
---|
188 | /* XXX: this MULTI_SZ parser is pretty inefficient. Should be |
---|
189 | * redone with fewer malloc and better string concatenation. |
---|
190 | */ |
---|
191 | case REG_MULTI_SZ: |
---|
192 | ascii_max = sizeof(char)*len*4; |
---|
193 | cur_str_max = sizeof(char)*len+1; |
---|
194 | cur_str = malloc(cur_str_max); |
---|
195 | cur_ascii = malloc(cur_str_max); |
---|
196 | ascii = malloc(ascii_max+4); |
---|
197 | if(ascii == NULL || cur_str == NULL || cur_ascii == NULL) |
---|
198 | return NULL; |
---|
199 | |
---|
200 | /* Reads until it reaches 4 consecutive NULLs, |
---|
201 | * which is two nulls in unicode, or until it reaches len, or until we |
---|
202 | * run out of buffer. The latter should never happen, but we shouldn't |
---|
203 | * trust our file to have the right lengths/delimiters. |
---|
204 | */ |
---|
205 | asciip = ascii; |
---|
206 | num_nulls = 0; |
---|
207 | str_rem = ascii_max; |
---|
208 | cur_str_rem = cur_str_max; |
---|
209 | cur_str_len = 0; |
---|
210 | |
---|
211 | for(i=0; (i < len) && str_rem > 0; i++) |
---|
212 | { |
---|
213 | *(cur_str+cur_str_len) = *(datap+i); |
---|
214 | if(*(cur_str+cur_str_len) == 0) |
---|
215 | num_nulls++; |
---|
216 | else |
---|
217 | num_nulls = 0; |
---|
218 | cur_str_len++; |
---|
219 | |
---|
220 | if(num_nulls == 2) |
---|
221 | { |
---|
222 | uni_to_ascii(cur_str, cur_ascii, cur_str_max, 0); |
---|
223 | cur_quoted = quote_string((char*)cur_ascii, ",|\"\\"); |
---|
224 | alen = snprintf((char*)asciip, str_rem, "%s", cur_quoted); |
---|
225 | asciip += alen; |
---|
226 | str_rem -= alen; |
---|
227 | free(cur_quoted); |
---|
228 | |
---|
229 | if(*(datap+i+1) == 0 && *(datap+i+2) == 0) |
---|
230 | break; |
---|
231 | else |
---|
232 | { |
---|
233 | alen = snprintf((char*)asciip, str_rem, "%c", '|'); |
---|
234 | asciip += alen; |
---|
235 | str_rem -= alen; |
---|
236 | memset(cur_str, 0, cur_str_max); |
---|
237 | cur_str_len = 0; |
---|
238 | num_nulls = 0; |
---|
239 | /* To eliminate leading nulls in subsequent strings. */ |
---|
240 | i++; |
---|
241 | } |
---|
242 | } |
---|
243 | } |
---|
244 | *asciip = 0; |
---|
245 | free(cur_str); |
---|
246 | free(cur_ascii); |
---|
247 | return ascii; |
---|
248 | break; |
---|
249 | |
---|
250 | /* XXX: Dont know what to do with these yet, just print as binary... */ |
---|
251 | case REG_RESOURCE_LIST: |
---|
252 | case REG_FULL_RESOURCE_DESCRIPTOR: |
---|
253 | case REG_RESOURCE_REQUIREMENTS_LIST: |
---|
254 | |
---|
255 | case REG_BINARY: |
---|
256 | return (unsigned char*)quote_buffer(datap, len, special_chars); |
---|
257 | break; |
---|
258 | |
---|
259 | default: |
---|
260 | return NULL; |
---|
261 | break; |
---|
262 | } |
---|
263 | |
---|
264 | return NULL; |
---|
265 | } |
---|
266 | |
---|
267 | |
---|
268 | /* Security descriptor print functions */ |
---|
269 | |
---|
270 | const char* ace_type2str(uint8 type) |
---|
271 | { |
---|
272 | static const char* map[7] |
---|
273 | = {"ALLOW", "DENY", "AUDIT", "ALARM", |
---|
274 | "ALLOW CPD", "OBJ ALLOW", "OBJ DENY"}; |
---|
275 | if(type < 7) |
---|
276 | return map[type]; |
---|
277 | else |
---|
278 | return "UNKNOWN"; |
---|
279 | } |
---|
280 | |
---|
281 | |
---|
282 | char* ace_flags2str(uint8 flags) |
---|
283 | { |
---|
284 | char* flg_output = malloc(21*sizeof(char)); |
---|
285 | int some = 0; |
---|
286 | |
---|
287 | if(flg_output == NULL) |
---|
288 | return NULL; |
---|
289 | |
---|
290 | flg_output[0] = '\0'; |
---|
291 | if (!flags) |
---|
292 | return flg_output; |
---|
293 | |
---|
294 | if (flags & 0x01) { |
---|
295 | if (some) strcat(flg_output, " "); |
---|
296 | some = 1; |
---|
297 | strcat(flg_output, "OI"); |
---|
298 | } |
---|
299 | if (flags & 0x02) { |
---|
300 | if (some) strcat(flg_output, " "); |
---|
301 | some = 1; |
---|
302 | strcat(flg_output, "CI"); |
---|
303 | } |
---|
304 | if (flags & 0x04) { |
---|
305 | if (some) strcat(flg_output, " "); |
---|
306 | some = 1; |
---|
307 | strcat(flg_output, "NP"); |
---|
308 | } |
---|
309 | if (flags & 0x08) { |
---|
310 | if (some) strcat(flg_output, " "); |
---|
311 | some = 1; |
---|
312 | strcat(flg_output, "IO"); |
---|
313 | } |
---|
314 | if (flags & 0x10) { |
---|
315 | if (some) strcat(flg_output, " "); |
---|
316 | some = 1; |
---|
317 | strcat(flg_output, "IA"); |
---|
318 | } |
---|
319 | if (flags == 0xF) { |
---|
320 | if (some) strcat(flg_output, " "); |
---|
321 | some = 1; |
---|
322 | strcat(flg_output, "VI"); |
---|
323 | } |
---|
324 | |
---|
325 | return flg_output; |
---|
326 | } |
---|
327 | |
---|
328 | |
---|
329 | char* ace_perms2str(uint32 perms) |
---|
330 | { |
---|
331 | char* ret_val = malloc(9*sizeof(char)); |
---|
332 | sprintf(ret_val, "%8X", perms); |
---|
333 | |
---|
334 | return ret_val; |
---|
335 | } |
---|
336 | |
---|
337 | |
---|
338 | char* sid2str(DOM_SID* sid) |
---|
339 | { |
---|
340 | uint32 i, size = MAXSUBAUTHS*11 + 24; |
---|
341 | uint32 left = size; |
---|
342 | uint8 comps = sid->num_auths; |
---|
343 | char* ret_val = malloc(size); |
---|
344 | |
---|
345 | if(ret_val == NULL) |
---|
346 | return NULL; |
---|
347 | |
---|
348 | if(comps > MAXSUBAUTHS) |
---|
349 | comps = MAXSUBAUTHS; |
---|
350 | |
---|
351 | left -= sprintf(ret_val, "S-%u-%u", sid->sid_rev_num, sid->id_auth[5]); |
---|
352 | |
---|
353 | for (i = 0; i < comps; i++) |
---|
354 | left -= snprintf(ret_val+(size-left), left, "-%u", sid->sub_auths[i]); |
---|
355 | |
---|
356 | return ret_val; |
---|
357 | } |
---|
358 | |
---|
359 | |
---|
360 | char* get_acl(SEC_ACL* acl) |
---|
361 | { |
---|
362 | uint32 i, extra, size = 0; |
---|
363 | const char* type_str; |
---|
364 | char* flags_str; |
---|
365 | char* perms_str; |
---|
366 | char* sid_str; |
---|
367 | char* ret_val = NULL; |
---|
368 | char* ace_delim = ""; |
---|
369 | char field_delim = ':'; |
---|
370 | |
---|
371 | for (i = 0; i < acl->num_aces; i++) |
---|
372 | { |
---|
373 | /* XXX: check for NULL */ |
---|
374 | sid_str = sid2str(&acl->ace[i].trustee); |
---|
375 | type_str = ace_type2str(acl->ace[i].type); |
---|
376 | perms_str = ace_perms2str(acl->ace[i].info.mask); |
---|
377 | flags_str = ace_flags2str(acl->ace[i].flags); |
---|
378 | |
---|
379 | /* XXX: this is slow */ |
---|
380 | extra = strlen(sid_str) + strlen(type_str) |
---|
381 | + strlen(perms_str) + strlen(flags_str); |
---|
382 | ret_val = realloc(ret_val, size+extra+5); |
---|
383 | if(ret_val == NULL) |
---|
384 | return NULL; |
---|
385 | snprintf(ret_val+size, extra+4, "%s%s%c%s%c%s%c%s", |
---|
386 | ace_delim,sid_str, |
---|
387 | field_delim,type_str, |
---|
388 | field_delim,perms_str, |
---|
389 | field_delim,flags_str); |
---|
390 | size += extra; |
---|
391 | ace_delim = "|"; |
---|
392 | free(sid_str); |
---|
393 | free(perms_str); |
---|
394 | free(flags_str); |
---|
395 | } |
---|
396 | |
---|
397 | return ret_val; |
---|
398 | } |
---|
399 | |
---|
400 | |
---|
401 | char* get_sacl(SEC_DESC *sec_desc) |
---|
402 | { |
---|
403 | if (sec_desc->sacl) |
---|
404 | return get_acl(sec_desc->sacl); |
---|
405 | else |
---|
406 | return ""; |
---|
407 | } |
---|
408 | |
---|
409 | |
---|
410 | char* get_dacl(SEC_DESC *sec_desc) |
---|
411 | { |
---|
412 | if (sec_desc->dacl) |
---|
413 | return get_acl(sec_desc->dacl); |
---|
414 | else |
---|
415 | return ""; |
---|
416 | } |
---|
417 | |
---|
418 | |
---|
419 | char* get_owner(SEC_DESC *sec_desc) |
---|
420 | { |
---|
421 | return sid2str(sec_desc->owner_sid); |
---|
422 | } |
---|
423 | |
---|
424 | |
---|
425 | char* get_group(SEC_DESC *sec_desc) |
---|
426 | { |
---|
427 | return sid2str(sec_desc->grp_sid); |
---|
428 | } |
---|
429 | |
---|
430 | |
---|
431 | void_stack* path2Stack(const char* s) |
---|
432 | { |
---|
433 | void_stack* ret_val; |
---|
434 | void_stack* rev_ret = void_stack_new(1024); |
---|
435 | const char* cur = s; |
---|
436 | char* next = NULL; |
---|
437 | char* copy; |
---|
438 | |
---|
439 | if (rev_ret == NULL) |
---|
440 | return NULL; |
---|
441 | if (s == NULL) |
---|
442 | return rev_ret; |
---|
443 | |
---|
444 | while((next = strchr(cur, '/')) != NULL) |
---|
445 | { |
---|
446 | if ((next-cur) > 0) |
---|
447 | { |
---|
448 | copy = (char*)malloc((next-cur+1)*sizeof(char)); |
---|
449 | if(copy == NULL) |
---|
450 | bailOut(2, "ERROR: Memory allocation problem.\n"); |
---|
451 | |
---|
452 | memcpy(copy, cur, next-cur); |
---|
453 | copy[next-cur] = '\0'; |
---|
454 | void_stack_push(rev_ret, copy); |
---|
455 | } |
---|
456 | cur = next+1; |
---|
457 | } |
---|
458 | if(strlen(cur) > 0) |
---|
459 | { |
---|
460 | copy = strdup(cur); |
---|
461 | void_stack_push(rev_ret, copy); |
---|
462 | } |
---|
463 | |
---|
464 | ret_val = void_stack_copy_reverse(rev_ret); |
---|
465 | void_stack_destroy(rev_ret); |
---|
466 | |
---|
467 | return ret_val; |
---|
468 | } |
---|
469 | |
---|
470 | |
---|
471 | char* stack2Path(void_stack* nk_stack) |
---|
472 | { |
---|
473 | const REGF_NK_REC* cur; |
---|
474 | uint32 buf_left = 127; |
---|
475 | uint32 buf_len = buf_left+1; |
---|
476 | uint32 name_len = 0; |
---|
477 | uint32 grow_amt; |
---|
478 | char* buf; |
---|
479 | char* new_buf; |
---|
480 | void_stack_iterator* iter; |
---|
481 | |
---|
482 | buf = (char*)malloc((buf_len)*sizeof(char)); |
---|
483 | if (buf == NULL) |
---|
484 | return NULL; |
---|
485 | buf[0] = '\0'; |
---|
486 | |
---|
487 | iter = void_stack_iterator_new(nk_stack); |
---|
488 | if (iter == NULL) |
---|
489 | { |
---|
490 | free(buf); |
---|
491 | return NULL; |
---|
492 | } |
---|
493 | |
---|
494 | /* skip root element */ |
---|
495 | cur = void_stack_iterator_next(iter); |
---|
496 | |
---|
497 | while((cur = void_stack_iterator_next(iter)) != NULL) |
---|
498 | { |
---|
499 | buf[buf_len-buf_left-1] = '/'; |
---|
500 | buf_left -= 1; |
---|
501 | name_len = strlen(cur->keyname); |
---|
502 | if(name_len+1 > buf_left) |
---|
503 | { |
---|
504 | grow_amt = (uint32)(buf_len/2); |
---|
505 | buf_len += name_len+1+grow_amt-buf_left; |
---|
506 | if((new_buf = realloc(buf, buf_len)) == NULL) |
---|
507 | { |
---|
508 | free(buf); |
---|
509 | free(iter); |
---|
510 | return NULL; |
---|
511 | } |
---|
512 | buf = new_buf; |
---|
513 | buf_left = grow_amt + name_len + 1; |
---|
514 | } |
---|
515 | strncpy(buf+(buf_len-buf_left-1), cur->keyname, name_len); |
---|
516 | buf_left -= name_len; |
---|
517 | buf[buf_len-buf_left-1] = '\0'; |
---|
518 | } |
---|
519 | |
---|
520 | return buf; |
---|
521 | } |
---|
522 | |
---|
523 | |
---|
524 | void printValue(REGF_VK_REC* vk, char* prefix) |
---|
525 | { |
---|
526 | uint32 size; |
---|
527 | uint8 tmp_buf[4]; |
---|
528 | unsigned char* quoted_value; |
---|
529 | char* quoted_prefix; |
---|
530 | char* quoted_name; |
---|
531 | |
---|
532 | if(!type_filter_enabled || (vk->type == type_filter)) |
---|
533 | { |
---|
534 | /* Thanks Microsoft for making this process so straight-forward!!! */ |
---|
535 | size = (vk->data_size & ~VK_DATA_IN_OFFSET); |
---|
536 | if(vk->data_size & VK_DATA_IN_OFFSET) |
---|
537 | { |
---|
538 | tmp_buf[0] = (uint8)((vk->data_off >> 3) & 0xFF); |
---|
539 | tmp_buf[1] = (uint8)((vk->data_off >> 2) & 0xFF); |
---|
540 | tmp_buf[2] = (uint8)((vk->data_off >> 1) & 0xFF); |
---|
541 | tmp_buf[3] = (uint8)(vk->data_off & 0xFF); |
---|
542 | if(size > 4) |
---|
543 | size = 4; |
---|
544 | quoted_value = data_to_ascii(tmp_buf, 4, vk->type); |
---|
545 | } |
---|
546 | else |
---|
547 | { |
---|
548 | /* XXX: This is a safety hack. No data fields have yet been found |
---|
549 | * larger, but length limits are probably better got from fields |
---|
550 | * in the registry itself, within reason. |
---|
551 | */ |
---|
552 | if(size > 16384) |
---|
553 | { |
---|
554 | fprintf(stderr, "WARNING: key size %d larger than " |
---|
555 | "16384, truncating...\n", size); |
---|
556 | size = 16384; |
---|
557 | } |
---|
558 | quoted_value = data_to_ascii(vk->data, vk->data_size, vk->type); |
---|
559 | } |
---|
560 | |
---|
561 | /* XXX: Sometimes value names can be NULL in registry. Need to |
---|
562 | * figure out why and when, and generate the appropriate output |
---|
563 | * for that condition. |
---|
564 | */ |
---|
565 | quoted_prefix = quote_string(prefix, special_chars); |
---|
566 | quoted_name = quote_string(vk->valuename, special_chars); |
---|
567 | |
---|
568 | printf("%s/%s,%s,%s,,,,,\n", quoted_prefix, quoted_name, |
---|
569 | regfio_type_val2str(vk->type), quoted_value); |
---|
570 | |
---|
571 | if(quoted_value != NULL) |
---|
572 | free(quoted_value); |
---|
573 | if(quoted_prefix != NULL) |
---|
574 | free(quoted_prefix); |
---|
575 | if(quoted_name != NULL) |
---|
576 | free(quoted_name); |
---|
577 | } |
---|
578 | } |
---|
579 | |
---|
580 | |
---|
581 | void printValueList(REGF_NK_REC* nk, char* prefix) |
---|
582 | { |
---|
583 | uint32 i; |
---|
584 | |
---|
585 | for(i=0; i < nk->num_values; i++) |
---|
586 | printValue(&nk->values[i], prefix); |
---|
587 | } |
---|
588 | |
---|
589 | |
---|
590 | /* XXX: this function is god-awful. Needs to be re-designed. */ |
---|
591 | void printKeyTree(REGF_FILE* f, void_stack* nk_stack, char* prefix) |
---|
592 | { |
---|
593 | REGF_NK_REC* cur; |
---|
594 | REGF_NK_REC* sub; |
---|
595 | char* path = NULL; |
---|
596 | char* val_path = NULL; |
---|
597 | char* owner = NULL; |
---|
598 | char* group = NULL; |
---|
599 | char* sacl = NULL; |
---|
600 | char* dacl = NULL; |
---|
601 | char mtime[20]; |
---|
602 | time_t tmp_time[1]; |
---|
603 | struct tm* tmp_time_s = NULL; |
---|
604 | |
---|
605 | int key_type = regfio_type_str2val("KEY"); |
---|
606 | |
---|
607 | if((cur = (REGF_NK_REC*)void_stack_cur(nk_stack)) != NULL) |
---|
608 | { |
---|
609 | cur->subkey_index = 0; |
---|
610 | path = stack2Path(nk_stack); |
---|
611 | |
---|
612 | if(strlen(path) > 0) |
---|
613 | if(!type_filter_enabled || (key_type == type_filter)) |
---|
614 | { |
---|
615 | owner = get_owner(cur->sec_desc->sec_desc); |
---|
616 | group = get_group(cur->sec_desc->sec_desc); |
---|
617 | sacl = get_sacl(cur->sec_desc->sec_desc); |
---|
618 | dacl = get_dacl(cur->sec_desc->sec_desc); |
---|
619 | *tmp_time = nt_time_to_unix(&cur->mtime); |
---|
620 | tmp_time_s = gmtime(tmp_time); |
---|
621 | strftime(mtime, sizeof(mtime), "%Y-%m-%d %H:%M:%S", tmp_time_s); |
---|
622 | printf("%s%s,KEY,,%s,%s,%s,%s,%s\n", prefix, path, mtime, |
---|
623 | owner, group, sacl, dacl); |
---|
624 | if(owner != NULL) |
---|
625 | free(owner); |
---|
626 | owner = NULL; |
---|
627 | if(group != NULL) |
---|
628 | free(group); |
---|
629 | group = NULL; |
---|
630 | if(sacl != NULL) |
---|
631 | free(sacl); |
---|
632 | sacl = NULL; |
---|
633 | if(dacl != NULL) |
---|
634 | free(dacl); |
---|
635 | dacl = NULL; |
---|
636 | } |
---|
637 | if(!type_filter_enabled || (key_type != type_filter)) |
---|
638 | printValueList(cur, path); |
---|
639 | while((cur = (REGF_NK_REC*)void_stack_cur(nk_stack)) != NULL) |
---|
640 | { |
---|
641 | if((sub = regfio_fetch_subkey(f, cur)) != NULL) |
---|
642 | { |
---|
643 | sub->subkey_index = 0; |
---|
644 | void_stack_push(nk_stack, sub); |
---|
645 | path = stack2Path(nk_stack); |
---|
646 | if(path != NULL) |
---|
647 | { |
---|
648 | val_path = (char*)malloc(strlen(prefix)+strlen(path)+1); |
---|
649 | sprintf(val_path, "%s%s", prefix, path); |
---|
650 | if(!type_filter_enabled || (key_type == type_filter)) |
---|
651 | { |
---|
652 | owner = get_owner(sub->sec_desc->sec_desc); |
---|
653 | group = get_group(sub->sec_desc->sec_desc); |
---|
654 | sacl = get_sacl(sub->sec_desc->sec_desc); |
---|
655 | dacl = get_dacl(sub->sec_desc->sec_desc); |
---|
656 | *tmp_time = nt_time_to_unix(&cur->mtime); |
---|
657 | tmp_time_s = gmtime(tmp_time); |
---|
658 | strftime(mtime, sizeof(mtime), "%Y-%m-%d %H:%M:%S", tmp_time_s); |
---|
659 | printf("%s,KEY,,%s,%s,%s,%s,%s\n", val_path, mtime, |
---|
660 | owner, group, sacl, dacl); |
---|
661 | } |
---|
662 | if(!type_filter_enabled || (key_type != type_filter)) |
---|
663 | printValueList(sub, val_path); |
---|
664 | if(val_path != NULL) |
---|
665 | free(val_path); |
---|
666 | val_path = NULL; |
---|
667 | if(path != NULL) |
---|
668 | free(path); |
---|
669 | path = NULL; |
---|
670 | if(owner != NULL) |
---|
671 | free(owner); |
---|
672 | owner = NULL; |
---|
673 | if(group != NULL) |
---|
674 | free(group); |
---|
675 | group = NULL; |
---|
676 | /* XXX: causes segfaults. fix mem allocation bug */ |
---|
677 | /* if(sacl != NULL) |
---|
678 | free(sacl);*/ |
---|
679 | sacl = NULL; |
---|
680 | if(dacl != NULL) |
---|
681 | free(dacl); |
---|
682 | dacl = NULL; |
---|
683 | tmp_time_s = NULL; |
---|
684 | } |
---|
685 | } |
---|
686 | else |
---|
687 | { |
---|
688 | cur = void_stack_pop(nk_stack); |
---|
689 | /* XXX: This is just a shallow free. Need to write deep free |
---|
690 | * routines to replace the Samba code for this. |
---|
691 | */ |
---|
692 | if(cur != NULL) |
---|
693 | free(cur); |
---|
694 | } |
---|
695 | } |
---|
696 | } |
---|
697 | } |
---|
698 | |
---|
699 | |
---|
700 | /* |
---|
701 | * Returns 0 if path was found. |
---|
702 | * Returns 1 if path was not found. |
---|
703 | * Returns less than 0 on other error. |
---|
704 | */ |
---|
705 | int retrievePath(REGF_FILE* f, void_stack* nk_stack, |
---|
706 | void_stack* path_stack) |
---|
707 | { |
---|
708 | REGF_NK_REC* sub; |
---|
709 | REGF_NK_REC* cur; |
---|
710 | void_stack* sub_nk_stack; |
---|
711 | char* prefix; |
---|
712 | char* cur_str = NULL; |
---|
713 | bool found_cur = true; |
---|
714 | uint32 i; |
---|
715 | uint16 path_depth; |
---|
716 | if(path_stack == NULL) |
---|
717 | return -1; |
---|
718 | |
---|
719 | path_depth = void_stack_size(path_stack); |
---|
720 | if(path_depth < 1) |
---|
721 | return -2; |
---|
722 | |
---|
723 | if(void_stack_size(nk_stack) < 1) |
---|
724 | return -3; |
---|
725 | cur = (REGF_NK_REC*)void_stack_cur(nk_stack); |
---|
726 | |
---|
727 | while(void_stack_size(path_stack) > 1) |
---|
728 | { |
---|
729 | /* Search key records only */ |
---|
730 | cur_str = (char*)void_stack_pop(path_stack); |
---|
731 | |
---|
732 | found_cur = false; |
---|
733 | while(!found_cur && |
---|
734 | (sub = regfio_fetch_subkey(f, cur)) != NULL) |
---|
735 | { |
---|
736 | if(strcasecmp(sub->keyname, cur_str) == 0) |
---|
737 | { |
---|
738 | cur = sub; |
---|
739 | void_stack_push(nk_stack, sub); |
---|
740 | found_cur = true; |
---|
741 | } |
---|
742 | } |
---|
743 | free(cur_str); |
---|
744 | |
---|
745 | if(!found_cur) |
---|
746 | return 1; |
---|
747 | } |
---|
748 | |
---|
749 | /* Last round, search value and key records */ |
---|
750 | cur_str = (char*)void_stack_pop(path_stack); |
---|
751 | |
---|
752 | for(i=0; (i < cur->num_values); i++) |
---|
753 | { |
---|
754 | if(strcasecmp(sub->values[i].valuename, cur_str) == 0) |
---|
755 | { |
---|
756 | printValue(&sub->values[i], stack2Path(nk_stack)); |
---|
757 | return 0; |
---|
758 | } |
---|
759 | } |
---|
760 | |
---|
761 | while((sub = regfio_fetch_subkey(f, cur)) != NULL) |
---|
762 | { |
---|
763 | if(strcasecmp(sub->keyname, cur_str) == 0) |
---|
764 | { |
---|
765 | sub_nk_stack = void_stack_new(1024); |
---|
766 | void_stack_push(sub_nk_stack, sub); |
---|
767 | void_stack_push(nk_stack, sub); |
---|
768 | prefix = stack2Path(nk_stack); |
---|
769 | printKeyTree(f, sub_nk_stack, prefix); |
---|
770 | return 0; |
---|
771 | } |
---|
772 | } |
---|
773 | |
---|
774 | return 1; |
---|
775 | } |
---|
776 | |
---|
777 | |
---|
778 | static void usage(void) |
---|
779 | { |
---|
780 | fprintf(stderr, "Usage: readreg [-v] [-s]" |
---|
781 | " [-p <PATH_FILTER>] [-t <TYPE_FILTER>]" |
---|
782 | " <REGISTRY_FILE>\n"); |
---|
783 | /* XXX: replace version string with Subversion property? */ |
---|
784 | fprintf(stderr, "Version: 0.2\n"); |
---|
785 | fprintf(stderr, "Options:\n"); |
---|
786 | fprintf(stderr, "\t-v\t sets verbose mode.\n"); |
---|
787 | fprintf(stderr, "\t-s\t prints security descriptors.\n"); |
---|
788 | fprintf(stderr, "\t-p\t restrict output to elements below this path.\n"); |
---|
789 | fprintf(stderr, "\t-t\t restrict results to this specific data type.\n"); |
---|
790 | fprintf(stderr, "\n"); |
---|
791 | } |
---|
792 | |
---|
793 | |
---|
794 | int main(int argc, char** argv) |
---|
795 | { |
---|
796 | void_stack* nk_stack; |
---|
797 | void_stack* path_stack; |
---|
798 | REGF_FILE* f; |
---|
799 | REGF_NK_REC* root; |
---|
800 | int retr_path_ret; |
---|
801 | uint32 argi; |
---|
802 | |
---|
803 | /* Process command line arguments */ |
---|
804 | if(argc < 2) |
---|
805 | { |
---|
806 | usage(); |
---|
807 | bailOut(1, "ERROR: Requires 1 argument.\n"); |
---|
808 | } |
---|
809 | |
---|
810 | for(argi = 1; argi < argc; argi++) |
---|
811 | { |
---|
812 | if (strcmp("-p", argv[argi]) == 0) |
---|
813 | { |
---|
814 | if(++argi > argc) |
---|
815 | { |
---|
816 | usage(); |
---|
817 | bailOut(1, "ERROR: '-p' option requires parameter.\n"); |
---|
818 | } |
---|
819 | if((path_filter = strdup(argv[argi])) == NULL) |
---|
820 | bailOut(2, "ERROR: Memory allocation problem.\n"); |
---|
821 | |
---|
822 | path_filter_enabled = true; |
---|
823 | } |
---|
824 | else if (strcmp("-t", argv[argi]) == 0) |
---|
825 | { |
---|
826 | if(++argi > argc) |
---|
827 | { |
---|
828 | usage(); |
---|
829 | bailOut(1, "ERROR: '-t' option requires parameter.\n"); |
---|
830 | } |
---|
831 | if((type_filter = regfio_type_str2val(argv[argi])) == 0) |
---|
832 | { |
---|
833 | fprintf(stderr, "ERROR: Invalid type specified: %s.\n", argv[argi]); |
---|
834 | bailOut(1, ""); |
---|
835 | } |
---|
836 | |
---|
837 | type_filter_enabled = true; |
---|
838 | } |
---|
839 | else if (strcmp("-s", argv[argi]) == 0) |
---|
840 | print_security = true; |
---|
841 | else if (strcmp("-v", argv[argi]) == 0) |
---|
842 | print_verbose = true; |
---|
843 | else if (argv[argi][0] == '-') |
---|
844 | { |
---|
845 | usage(); |
---|
846 | fprintf(stderr, "ERROR: Unrecognized option: %s\n", argv[argi]); |
---|
847 | bailOut(1, ""); |
---|
848 | } |
---|
849 | else |
---|
850 | { |
---|
851 | if((registry_file = strdup(argv[argi])) == NULL) |
---|
852 | bailOut(2, "ERROR: Memory allocation problem.\n"); |
---|
853 | } |
---|
854 | } |
---|
855 | |
---|
856 | f = regfio_open(registry_file); |
---|
857 | if(f == NULL) |
---|
858 | { |
---|
859 | fprintf(stderr, "ERROR: Couldn't open registry file: %s\n", registry_file); |
---|
860 | bailOut(3, ""); |
---|
861 | } |
---|
862 | |
---|
863 | root = regfio_rootkey(f); |
---|
864 | nk_stack = void_stack_new(1024); |
---|
865 | |
---|
866 | if(void_stack_push(nk_stack, root)) |
---|
867 | { |
---|
868 | if(print_header) |
---|
869 | printf("PATH,TYPE,VALUE,MTIME,OWNER,GROUP,SACL,DACL\n"); |
---|
870 | |
---|
871 | path_stack = path2Stack(path_filter); |
---|
872 | if(void_stack_size(path_stack) < 1) |
---|
873 | printKeyTree(f, nk_stack, ""); |
---|
874 | else |
---|
875 | { |
---|
876 | retr_path_ret = retrievePath(f, nk_stack, path_stack); |
---|
877 | if(retr_path_ret == 1) |
---|
878 | fprintf(stderr, "WARNING: specified path not found.\n"); |
---|
879 | else if(retr_path_ret != 0) |
---|
880 | bailOut(4, "ERROR:\n"); |
---|
881 | } |
---|
882 | } |
---|
883 | else |
---|
884 | bailOut(2, "ERROR: Memory allocation problem.\n"); |
---|
885 | |
---|
886 | void_stack_destroy_deep(nk_stack); |
---|
887 | regfio_close(f); |
---|
888 | |
---|
889 | return 0; |
---|
890 | } |
---|