Changeset 140


Ignore:
Timestamp:
02/09/09 14:53:39 (15 years ago)
Author:
tim
Message:

Misc error message changes.

Added and removed some comments.

Updated TODO list.

Location:
trunk
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • trunk/doc/devel/TODO

    r122 r140  
    2929
    3030 - The interface between reglookup.c and regfi.c is much better than it
    31    used to be, but the iter2Stack function needs to be moved into the
    32    library, which means the \xQQ quoting syntax will have to go with it.
    33    This syntax will need to be more carefully documented if it's going
    34    to be a part of the library.
     31   used to be, but the parsing of data objects needs to be moved into the
     32   library.  The quoting syntax should stay in reglookup/reglookup-recover
     33   but the basic parsing of data types into proper structures should
     34   happen in the library so that they are accessible to other users of the
     35   library.
    3536
    36  - NK/VK/SK record caching.  Right now, HBINs and perhaps SK records are
     37 - NK/VK/SK record caching.  Right now, HBIN metadata and SK records are
    3738   cached, but it's pretty haphazard, and NK/VK records are repeatedly
    38    re-parsed.  A generic caching library should be introduced which can
    39    cache many of these records with a specific memory limit in mind. 
    40    I think this will speed things up greatly.
     39   re-parsed.  A generic caching library has been introduced but needs to
     40   be applied to NK records at a minimum.  Eventually, VK records and
     41   data should also be cached separately and only be parsed when needed,
     42   rather than when a key is loaded up front.  Caching also needs
     43   configurable object limits, preferrably configurable at build-time.
    4144
    4245 - It might be nice to have a way to filter results by security
     
    4750   lower-level functions of regfi.c.
    4851
    49  - The stuff in smb_deps.h and smb_deps.c needs to be cleaned up.  The
    50    eventual goal is to have it all either integrated into regfi, or to
    51    be eliminated, or broken out into small supporting libraries, as
    52    necessary.  It is currently just a jumble of old Samba code that I
    53    haven't decided where to put yet.
     52 - The smb_deps.h and smb_deps.c content is almost eliminated.  Just need
     53   to integrate parts that are being kept into regfi or other modules.
    5454
    55  - At least one user reported that they use reglookup on a Windows host
    56    through Cygwin, but after version 0.3.0 came out, the dependency on
    57    libiconv caused that to break.  libiconv seems to be a portability
    58    issue on other platforms as well.  However, it's interface is a POSIX
    59    standard, and I think I'd like to keep it around.  Perhaps it would
    60    be nice if reglookup could be cross-compiled using MinGW.  Then a
    61    binary could be distributed for that platform.  This app was never
    62    meant for Windows though, so this isn't a high priority.
     55 - Need to figure out a reasonably correct way to convert UTF-16LE charaters
     56   to ASCII under Windows/MingW or other platforms that don't have proper
     57   libiconv support yet.  Then a build-time option or autodetection can
     58   dictate which version of conversion function is used.
     59
     60 - It appears the registry may actually support UTF-16LE names on keys,
     61   if the key type field is set appropriately.  Once data parsing is
     62   integrated into regfi, then the UTF-16LE handling routines (which
     63   would then be built-in) should be used to properly handle this case.
    6364
    6465 - Grep through the source for 'XXX', and you'll find more.
  • trunk/include/regfi.h

    r139 r140  
    136136#if 0
    137137/* Initial hypothesis of NK flags: */
     138/***********************************/
    138139#define REGFI_NK_FLAG_LINK         0x0010
    139140/* The name will be in ASCII if this next bit is set, otherwise UTF-16LE */
     
    332333                                 */
    333334 
     335  /* XXX: Some of these we have some clues about (major/minor version, etc).
     336   *      Should verify and update names accordingly.
     337   */
    334338  /* unknown data structure values */
    335339  uint32 unknown1;
     
    343347
    344348
    345 
     349/* XXX: Should move all caching (SK records, HBINs, NKs, etc) to a single
     350 *      structure, probably REGFI_FILE.  Once key caching is in place,
     351 *      convert key_positions stack to store just key offsets rather than
     352 *      whole keys.
     353 */
    346354typedef struct
    347355{
  • trunk/lib/regfi.c

    r139 r140  
    200200  if(fo != ret_val)
    201201    fo[-1] = '\0';
    202 
    203   /* XXX: what was this old VI flag for??
    204      XXX: Is this check right?  0xF == 1|2|4|8, which makes it redundant...
    205   if (flags == 0xF) {
    206     if (some) strcat(flg_output, " ");
    207     some = 1;
    208     strcat(flg_output, "VI");
    209   }
    210   */
    211202
    212203  return ret_val;
     
    814805  ret_val->magic[1] = sk_header[1];
    815806
    816   /* XXX: Can additional validation be added here? */
    817807  ret_val->unknown_tag = SVAL(sk_header, 0x2);
    818808  ret_val->prev_sk_off = IVAL(sk_header, 0x4);
     
    821811  ret_val->desc_size = IVAL(sk_header, 0x10);
    822812
     813  if(ret_val->prev_sk_off != (ret_val->prev_sk_off & 0xFFFFFFF8)
     814     || ret_val->next_sk_off != (ret_val->next_sk_off & 0xFFFFFFF8))
     815  {
     816    regfi_add_message(file, REGFI_MSG_WARN, "SK record's next/previous offsets"
     817                      " are not a multiple of 8 while parsing SK record at"
     818                      " offset 0x%.8X.", offset);
     819    free(ret_val);
     820    return NULL;
     821  }
     822
    823823  if(ret_val->desc_size + REGFI_SK_MIN_LENGTH > ret_val->cell_size)
    824824  {
    825     regfi_add_message(file, REGFI_MSG_ERROR, "Security descriptor too large for"
     825    regfi_add_message(file, REGFI_MSG_WARN, "Security descriptor too large for"
    826826                      " cell while parsing SK record at offset 0x%.8X.",
    827827                      offset);
     
    886886  if((num_values * sizeof(uint32)) > cell_length-sizeof(uint32))
    887887  {
    888     regfi_add_message(file, REGFI_MSG_ERROR, "Too many values found"
     888    regfi_add_message(file, REGFI_MSG_WARN, "Too many values found"
    889889                      " while parsing value list at offset 0x%.8X.", offset);
     890    /* XXX: During non-strict, should reduce num_values appropriately and
     891     *      continue instead of bailing out.
     892     */
    890893    return NULL;
    891894  }
     
    10801083      if(nk->subkeys == NULL)
    10811084      {
    1082         /* XXX: Should we free the key and bail out here instead? 
    1083          *      During nonstrict?
    1084          */
     1085        regfi_add_message(file, REGFI_MSG_WARN, "Could not load subkey list"
     1086                          " while parsing NK record at offset 0x%.8X.", offset);
    10851087        nk->num_subkeys = 0;
    10861088      }
     
    18431845     || (strict && ret_val->cell_size != (ret_val->cell_size & 0xFFFFFFF8)))
    18441846  {
    1845     regfi_add_message(file, REGFI_MSG_ERROR, "A length check failed while"
     1847    regfi_add_message(file, REGFI_MSG_WARN, "A length check failed while"
    18461848                      " parsing NK record at offset 0x%.8X.", offset);
    18471849    free(ret_val);
     
    19611963                        offset);
    19621964    }
    1963     /* XXX: Should add this back and make it more strict?
    1964     if(strict && ret_val->classname == NULL)
    1965         return NULL;
    1966     */
     1965
     1966    if(ret_val->classname == NULL)
     1967    {
     1968      regfi_add_message(file, REGFI_MSG_WARN, "Could not parse class"
     1969                        " name while parsing NK record at offset 0x%.8X.",
     1970                        offset);
     1971      return NULL;
     1972    }
    19671973  }
    19681974
     
    23032309     
    23042310      if((cell_len == 0) || ((cell_len & 0xFFFFFFF8) != cell_len))
    2305         /* XXX: should report an error here. */
     2311      {
     2312        regfi_add_message(file, REGFI_MSG_ERROR, "Bad cell length encountered"
     2313                          " while parsing unallocated cells at offset 0x%.8X.",
     2314                          hbin->file_off+curr_off);
    23062315        break;
    2307      
     2316      }
     2317
    23082318      /* for some reason the record_size of the last record in
    23092319         an hbin block can extend past the end of the block
  • trunk/src/reglookup.c

    r138 r140  
    446446
    447447
    448 /* XXX: what if there is BOTH a value AND a key with that name?? */
     448/* XXX: What if there is BOTH a value AND a key with that name??
     449 *      What if there are multiple keys/values with the same name??
     450 */
    449451/*
    450452 * Returns 0 if path was not found.
Note: See TracChangeset for help on using the changeset viewer.