Changeset 140

Timestamp:

02/09/09 14:53:39 (16 years ago)

Author:

tim

Message:

Misc error message changes.

Added and removed some comments.

Updated TODO list.

Location:

trunk

Files:

• doc/devel/TODO (modified) (2 diffs)
• include/regfi.h (modified) (3 diffs)
• lib/regfi.c (modified) (8 diffs)
• src/reglookup.c (modified) (1 diff)

trunk/doc/devel/TODO

@@ -29 +29 @@
 
  - The interface between reglookup.c and regfi.c is much better than it
-   used to be, but the iter2Stack function needs to be moved into the 
-   library, which means the \xQQ quoting syntax will have to go with it.
-   This syntax will need to be more carefully documented if it's going 
-   to be a part of the library.
+   used to be, but the parsing of data objects needs to be moved into the
+   library.  The quoting syntax should stay in reglookup/reglookup-recover
+   but the basic parsing of data types into proper structures should 
+   happen in the library so that they are accessible to other users of the
+   library.
 
- - NK/VK/SK record caching.  Right now, HBINs and perhaps SK records are 
+ - NK/VK/SK record caching.  Right now, HBIN metadata and SK records are 
    cached, but it's pretty haphazard, and NK/VK records are repeatedly
-   re-parsed.  A generic caching library should be introduced which can
-   cache many of these records with a specific memory limit in mind.  
-   I think this will speed things up greatly.
+   re-parsed.  A generic caching library has been introduced but needs to 
+   be applied to NK records at a minimum.  Eventually, VK records and 
+   data should also be cached separately and only be parsed when needed, 
+   rather than when a key is loaded up front.  Caching also needs 
+   configurable object limits, preferrably configurable at build-time.
 
  - It might be nice to have a way to filter results by security 
@@ -47 +50 @@
    lower-level functions of regfi.c.
 
- - The stuff in smb_deps.h and smb_deps.c needs to be cleaned up.  The
-   eventual goal is to have it all either integrated into regfi, or to
-   be eliminated, or broken out into small supporting libraries, as
-   necessary.  It is currently just a jumble of old Samba code that I
-   haven't decided where to put yet.
+ - The smb_deps.h and smb_deps.c content is almost eliminated.  Just need
+   to integrate parts that are being kept into regfi or other modules.
 
- - At least one user reported that they use reglookup on a Windows host 
-   through Cygwin, but after version 0.3.0 came out, the dependency on
-   libiconv caused that to break.  libiconv seems to be a portability
-   issue on other platforms as well.  However, it's interface is a POSIX
-   standard, and I think I'd like to keep it around.  Perhaps it would 
-   be nice if reglookup could be cross-compiled using MinGW.  Then a 
-   binary could be distributed for that platform.  This app was never 
-   meant for Windows though, so this isn't a high priority.
+ - Need to figure out a reasonably correct way to convert UTF-16LE charaters
+   to ASCII under Windows/MingW or other platforms that don't have proper 
+   libiconv support yet.  Then a build-time option or autodetection can 
+   dictate which version of conversion function is used.
+
+ - It appears the registry may actually support UTF-16LE names on keys, 
+   if the key type field is set appropriately.  Once data parsing is 
+   integrated into regfi, then the UTF-16LE handling routines (which 
+   would then be built-in) should be used to properly handle this case.
 
  - Grep through the source for 'XXX', and you'll find more.

trunk/include/regfi.h

@@ -136 +136 @@
 #if 0
 /* Initial hypothesis of NK flags: */
+/***********************************/
 #define REGFI_NK_FLAG_LINK         0x0010
 /* The name will be in ASCII if this next bit is set, otherwise UTF-16LE */
@@ -332 +333 @@
                                  */
   
+  /* XXX: Some of these we have some clues about (major/minor version, etc). 
+   *      Should verify and update names accordingly. 
+   */
   /* unknown data structure values */
   uint32 unknown1;
@@ -343 +347 @@
 
 
-
+/* XXX: Should move all caching (SK records, HBINs, NKs, etc) to a single
+ *      structure, probably REGFI_FILE.  Once key caching is in place, 
+ *      convert key_positions stack to store just key offsets rather than
+ *      whole keys.
+ */
 typedef struct 
 {

trunk/lib/regfi.c

@@ -200 +200 @@
   if(fo != ret_val)
     fo[-1] = '\0';
-
-  /* XXX: what was this old VI flag for??
-     XXX: Is this check right?  0xF == 1|2|4|8, which makes it redundant...
-  if (flags == 0xF) {
-    if (some) strcat(flg_output, " ");
-    some = 1;
-    strcat(flg_output, "VI");
-  }
-  */
 
   return ret_val;
@@ -814 +805 @@
   ret_val->magic[1] = sk_header[1];
 
-  /* XXX: Can additional validation be added here? */
   ret_val->unknown_tag = SVAL(sk_header, 0x2);
   ret_val->prev_sk_off = IVAL(sk_header, 0x4);
@@ -821 +811 @@
   ret_val->desc_size = IVAL(sk_header, 0x10);
 
+  if(ret_val->prev_sk_off != (ret_val->prev_sk_off & 0xFFFFFFF8) 
+     || ret_val->next_sk_off != (ret_val->next_sk_off & 0xFFFFFFF8))
+  {
+    regfi_add_message(file, REGFI_MSG_WARN, "SK record's next/previous offsets"
+                      " are not a multiple of 8 while parsing SK record at"
+                      " offset 0x%.8X.", offset);
+    free(ret_val);
+    return NULL;
+  }
+
   if(ret_val->desc_size + REGFI_SK_MIN_LENGTH > ret_val->cell_size)
   {
-    regfi_add_message(file, REGFI_MSG_ERROR, "Security descriptor too large for"
+    regfi_add_message(file, REGFI_MSG_WARN, "Security descriptor too large for"
                       " cell while parsing SK record at offset 0x%.8X.", 
                       offset);
@@ -886 +886 @@
   if((num_values * sizeof(uint32)) > cell_length-sizeof(uint32))
   {
-    regfi_add_message(file, REGFI_MSG_ERROR, "Too many values found"
+    regfi_add_message(file, REGFI_MSG_WARN, "Too many values found"
                       " while parsing value list at offset 0x%.8X.", offset);
+    /* XXX: During non-strict, should reduce num_values appropriately and
+     *      continue instead of bailing out.
+     */
     return NULL;
   }
@@ -1080 +1083 @@
       if(nk->subkeys == NULL)
       {
-        /* XXX: Should we free the key and bail out here instead?  
-         *      During nonstrict? 
-         */
+        regfi_add_message(file, REGFI_MSG_WARN, "Could not load subkey list"
+                          " while parsing NK record at offset 0x%.8X.", offset);
         nk->num_subkeys = 0;
       }
@@ -1843 +1845 @@
      || (strict && ret_val->cell_size != (ret_val->cell_size & 0xFFFFFFF8)))
   {
-    regfi_add_message(file, REGFI_MSG_ERROR, "A length check failed while"
+    regfi_add_message(file, REGFI_MSG_WARN, "A length check failed while"
                       " parsing NK record at offset 0x%.8X.", offset);
     free(ret_val);
@@ -1961 +1963 @@
                         offset);
     }
-    /* XXX: Should add this back and make it more strict?
-    if(strict && ret_val->classname == NULL)
-        return NULL;
-    */
+
+    if(ret_val->classname == NULL)
+    {
+      regfi_add_message(file, REGFI_MSG_WARN, "Could not parse class"
+                        " name while parsing NK record at offset 0x%.8X.", 
+                        offset);
+      return NULL;
+    }
   }
 
@@ -2303 +2309 @@
       
       if((cell_len == 0) || ((cell_len & 0xFFFFFFF8) != cell_len))
-        /* XXX: should report an error here. */
+      {
+        regfi_add_message(file, REGFI_MSG_ERROR, "Bad cell length encountered"
+                          " while parsing unallocated cells at offset 0x%.8X.",
+                          hbin->file_off+curr_off);
         break;
-      
+      }
+
       /* for some reason the record_size of the last record in
          an hbin block can extend past the end of the block

trunk/src/reglookup.c

@@ -446 +446 @@
 
 
-/* XXX: what if there is BOTH a value AND a key with that name?? */
+/* XXX: What if there is BOTH a value AND a key with that name?? 
+ *      What if there are multiple keys/values with the same name?? 
+ */
 /*
  * Returns 0 if path was not found.