- Timestamp:
- 06/12/11 22:27:42 (13 years ago)
- Location:
- trunk
- Files:
-
- 10 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/SConstruct
r246 r253 61 61 if sys.version_info[0] == 2: 62 62 install_items.append('pyregfi2-install.log') 63 env.Command('pyregfi2-install.log', ['python/pyregfi/__init__.py', 'python/pyregfi/structures.py'], 63 env.Command('pyregfi2-install.log', ['python/pyregfi/__init__.py', 64 'python/pyregfi/structures.py', 65 'python/pyregfi/winsec.py'], 64 66 "python pyregfi-distutils.py install | tee pyregfi2-install.log") 65 67 … … 67 69 if python_path != '': 68 70 install_items.append('pyregfi3-install.log') 69 env.Command('pyregfi3-install.log', ['python/pyregfi/__init__.py', 'python/pyregfi/structures.py'], 71 env.Command('pyregfi3-install.log', ['python/pyregfi/__init__.py', 72 'python/pyregfi/structures.py', 73 'python/pyregfi/winsec.py'], 70 74 "python3 pyregfi-distutils.py install | tee pyregfi3-install.log") 71 75 -
trunk/include/lru_cache.h
r201 r253 37 37 #include <talloc.h> 38 38 39 /* GCC-specific macro for library exports */ 40 #ifdef _EXPORT 41 #undef _EXPORT 42 #endif 43 #define _EXPORT __attribute__((visibility("default"))) 39 #include "compat.h" 40 44 41 45 42 struct lru_cache_element; … … 74 71 * XXX: finish documenting. 75 72 */ 76 _EXPORT 73 _EXPORT() 77 74 lru_cache* lru_cache_create(uint32_t max_keys, uint32_t secret); 78 75 … … 81 78 * XXX: finish documenting. 82 79 */ 83 _EXPORT 80 _EXPORT() 84 81 lru_cache* lru_cache_create_ctx(void* talloc_ctx, uint32_t max_keys, 85 82 uint32_t secret, bool talloc_data); … … 89 86 * XXX: finish documenting. 90 87 */ 91 _EXPORT 88 _EXPORT() 92 89 void lru_cache_destroy(lru_cache* ht); 93 90 … … 96 93 * XXX: finish documenting. 97 94 */ 98 _EXPORT 95 _EXPORT() 99 96 bool lru_cache_update(lru_cache* ht, const void* index, 100 97 uint32_t index_len, void* data); … … 106 103 * If no data was found at index, NULL is returned. 107 104 */ 108 _EXPORT 105 _EXPORT() 109 106 void* lru_cache_find(lru_cache* ht, const void* index, 110 107 uint32_t index_len); … … 118 115 * at index. 119 116 */ 120 _EXPORT 117 _EXPORT() 121 118 bool lru_cache_remove(lru_cache* ht, const void* index, 122 119 uint32_t index_len); -
trunk/include/range_list.h
r201 r253 38 38 #include <talloc.h> 39 39 40 /* GCC-specific macro for library exports */ 41 #ifdef _EXPORT 42 #undef _EXPORT 43 #endif 44 #define _EXPORT __attribute__((visibility("default"))) 40 #include "compat.h" 45 41 46 42 typedef struct _range_list_element … … 65 61 * @return A newly allocated range_list, or NULL if an error occurred. 66 62 */ 67 _EXPORT 63 _EXPORT() 68 64 range_list* range_list_new(); 69 65 … … 76 72 * @param rl the range_list to be free()d. 77 73 */ 78 _EXPORT 74 _EXPORT() 79 75 void range_list_free(range_list* rl); 80 76 … … 86 82 * @return The number of elements currently in the list. 87 83 */ 88 _EXPORT 84 _EXPORT() 89 85 uint32_t range_list_size(const range_list* rl); 90 86 … … 106 102 * errors may also be possible. 107 103 */ 108 _EXPORT 104 _EXPORT() 109 105 bool range_list_add(range_list* rl, uint32_t offset, uint32_t length, void* data); 110 106 … … 119 115 * @return true if the element was successfully removed, false otherwise. 120 116 */ 121 _EXPORT 117 _EXPORT() 122 118 bool range_list_remove(range_list* rl, uint32_t index); 123 119 … … 131 127 * available. 132 128 */ 133 _EXPORT 129 _EXPORT() 134 130 const range_list_element* range_list_get(const range_list* rl, uint32_t index); 135 131 … … 142 138 * @return A matching element index or a negative value if none could be found. 143 139 */ 144 _EXPORT 140 _EXPORT() 145 141 int32_t range_list_find(const range_list* rl, uint32_t offset); 146 142 … … 157 153 * element was never set. 158 154 */ 159 _EXPORT 155 _EXPORT() 160 156 void* range_list_find_data(const range_list* rl, uint32_t offset); 161 157 … … 179 175 * @return true if the element was successfully split, false otherwise. 180 176 */ 181 _EXPORT 177 _EXPORT() 182 178 bool range_list_split_element(range_list* rl, uint32_t index, uint32_t offset); 183 179 … … 192 188 * @return true if the specified range exists and is complete, false otherwise. 193 189 */ 194 _EXPORT 190 _EXPORT() 195 191 bool range_list_has_range(range_list* rl, uint32_t start, uint32_t length); 196 192 -
trunk/include/regfi.h
r252 r253 74 74 75 75 /* regfi headers */ 76 #include <byteorder.h> 77 #include <winsec.h> 78 #include <void_stack.h> 79 #include <range_list.h> 80 #include <lru_cache.h> 81 82 /* GCC-specific macro for library exports */ 83 #ifdef _EXPORT 84 #undef _EXPORT 85 #endif 86 #ifdef REGFI_WIN32 87 #define _EXPORT() __declspec(dllexport) 88 #else 89 #define _EXPORT() __attribute__((visibility("default"))) 90 #endif 91 92 #ifndef EOVERFLOW 93 # define EOVERFLOW E2BIG 94 #endif 76 #include "compat.h" 77 #include "byteorder.h" 78 #include "winsec.h" 79 #include "void_stack.h" 80 #include "range_list.h" 81 #include "lru_cache.h" 95 82 96 83 /******************************************************************************/ … … 1094 1081 1095 1082 1083 /** Returns the next SK (security) record referenced by the supplied SK record 1084 * 1085 * @param file the file from which sk is derived 1086 * @param sk the SK record whose next sibling SK record is desired 1087 * 1088 * @return A read-only SK structure, or NULL on failure. 1089 * 1090 * @note 1091 * SK records are included in a circular, doubly-linked list. 1092 * To iterate over all SK records, be sure to check for the repetition of 1093 * the SK record you started with to determine when all have been traversed. 1094 * 1095 * @ingroup regfiBase 1096 */ 1097 _EXPORT() 1098 const REGFI_SK* regfi_next_sk(REGFI_FILE* file, const REGFI_SK* sk); 1099 1100 1101 /** Returns the previous SK (security) record referenced by the supplied SK record 1102 * 1103 * @param file the file from which sk is derived 1104 * @param sk the SK record whose previous sibling SK record is desired 1105 * 1106 * @return A read-only SK structure, or NULL on failure. 1107 * 1108 * @note 1109 * SK records are included in a circular, doubly-linked list. 1110 * To iterate over all SK records, be sure to check for the repetition of 1111 * the SK record you started with to determine when all have been traversed. 1112 * 1113 * @ingroup regfiBase 1114 */ 1115 _EXPORT() 1116 const REGFI_SK* regfi_prev_sk(REGFI_FILE* file, const REGFI_SK* sk); 1117 1118 1096 1119 /** Retrieves data for a given value. 1097 1120 * … … 1542 1565 _EXPORT() 1543 1566 const REGFI_SK* regfi_load_sk(REGFI_FILE* file, uint32_t offset, 1544 1567 bool strict); 1545 1568 1546 1569 -
trunk/include/void_stack.h
r201 r253 34 34 #include <talloc.h> 35 35 36 /* GCC-specific macro for library exports */ 37 #ifdef _EXPORT 38 #undef _EXPORT 39 #endif 40 #define _EXPORT __attribute__((visibility("default"))) 36 #include "compat.h" 41 37 42 38 /** XXX: document this. */ … … 65 61 * or NULL if an error occurred. 66 62 */ 67 _EXPORT 63 _EXPORT() 68 64 void_stack* void_stack_new(unsigned short max_size); 69 65 … … 75 71 * @return a pointer to the duplicate void_stack, or NULL if an error occurred. 76 72 */ 77 _EXPORT 73 _EXPORT() 78 74 void_stack* void_stack_copy(const void_stack* v); 79 75 … … 86 82 * (which will be in reverse order), or NULL if an error occurred. 87 83 */ 88 _EXPORT 84 _EXPORT() 89 85 void_stack* void_stack_copy_reverse(const void_stack* v); 90 86 … … 95 91 * @param stack the stack to be free()d. 96 92 */ 97 _EXPORT 93 _EXPORT() 98 94 void void_stack_free(void_stack* stack); 99 95 … … 108 104 * @param stack the stack to be free()d. 109 105 */ 110 _EXPORT 106 _EXPORT() 111 107 void void_stack_free_deep(void_stack* stack); 112 108 … … 118 114 * @return the number of elements currently on the stack. 119 115 */ 120 _EXPORT 116 _EXPORT() 121 117 unsigned short void_stack_size(const void_stack* stack); 122 118 … … 129 125 * on the stack. 130 126 */ 131 _EXPORT 127 _EXPORT() 132 128 void* void_stack_pop(void_stack* stack); 133 129 … … 140 136 * @return true if the element was successfully added, false otherwise. 141 137 */ 142 _EXPORT 138 _EXPORT() 143 139 bool void_stack_push(void_stack* stack, void* e); 144 140 … … 151 147 * no elements exist in the stack. 152 148 */ 153 _EXPORT 149 _EXPORT() 154 150 const void* void_stack_cur(const void_stack* stack); 155 151 … … 161 157 * @return a new void_stack_iterator, or NULL if an error occurred. 162 158 */ 163 _EXPORT 159 _EXPORT() 164 160 void_stack_iterator* void_stack_iterator_new(const void_stack* stack); 165 161 … … 171 167 * @param iter the void_stack_iterator to be free()d. 172 168 */ 173 _EXPORT 169 _EXPORT() 174 170 void void_stack_iterator_free(void_stack_iterator* iter); 175 171 … … 183 179 * @return a pointer to the next element. 184 180 */ 185 _EXPORT 181 _EXPORT() 186 182 const void* void_stack_iterator_next(void_stack_iterator* iter); 187 183 -
trunk/include/winsec.h
r201 r253 46 46 #include <talloc.h> 47 47 48 #include "compat.h" 48 49 #include "byteorder.h" 49 50 /* GCC-specific macro for library exports */51 #ifdef _EXPORT52 #undef _EXPORT53 #endif54 #define _EXPORT __attribute__((visibility("default")))55 50 56 51 … … 223 218 * XXX: finish documenting 224 219 */ 225 _EXPORT 220 _EXPORT() 226 221 WINSEC_DESC* winsec_parse_descriptor(const uint8_t* buf, uint32_t buf_len); 227 222 … … 231 226 * XXX: finish documenting 232 227 */ 233 _EXPORT 228 _EXPORT() 234 229 void winsec_free_descriptor(WINSEC_DESC* desc); 235 230 … … 238 233 * XXX: finish documenting 239 234 */ 240 _EXPORT 235 _EXPORT() 241 236 WINSEC_DESC* winsec_parse_desc(void* talloc_ctx, 242 237 const uint8_t* buf, uint32_t buf_len); … … 246 241 * XXX: finish documenting 247 242 */ 248 _EXPORT 243 _EXPORT() 249 244 WINSEC_ACL* winsec_parse_acl(void* talloc_ctx, 250 245 const uint8_t* buf, uint32_t buf_len); … … 254 249 * XXX: finish documenting 255 250 */ 256 _EXPORT 251 _EXPORT() 257 252 WINSEC_ACE* winsec_parse_ace(void* talloc_ctx, 258 253 const uint8_t* buf, uint32_t buf_len); … … 262 257 * XXX: finish documenting 263 258 */ 264 _EXPORT 259 _EXPORT() 265 260 WINSEC_DOM_SID* winsec_parse_dom_sid(void* talloc_ctx, 266 261 const uint8_t* buf, uint32_t buf_len); … … 270 265 * XXX: finish documenting 271 266 */ 272 _EXPORT 267 _EXPORT() 273 268 WINSEC_UUID* winsec_parse_uuid(void* talloc_ctx, 274 269 const uint8_t* buf, uint32_t buf_len); … … 279 274 * XXX: finish documenting 280 275 */ 281 _EXPORT 276 _EXPORT() 282 277 size_t winsec_sid_size(const WINSEC_DOM_SID* sid); 283 278 … … 286 281 * XXX: finish documenting 287 282 */ 288 _EXPORT 283 _EXPORT() 289 284 int winsec_sid_compare_auth(const WINSEC_DOM_SID* sid1, const WINSEC_DOM_SID* sid2); 290 285 … … 293 288 * XXX: finish documenting 294 289 */ 295 _EXPORT 290 _EXPORT() 296 291 int winsec_sid_compare(const WINSEC_DOM_SID* sid1, const WINSEC_DOM_SID* sid2); 297 292 … … 300 295 * XXX: finish documenting 301 296 */ 302 _EXPORT 297 _EXPORT() 303 298 bool winsec_sid_equal(const WINSEC_DOM_SID* sid1, const WINSEC_DOM_SID* sid2); 304 299 … … 307 302 * XXX: finish documenting 308 303 */ 309 _EXPORT 304 _EXPORT() 305 char* winsec_sid2str(const WINSEC_DOM_SID* sid); 306 307 /** 308 * 309 * XXX: finish documenting 310 */ 311 _EXPORT() 310 312 bool winsec_desc_equal(WINSEC_DESC* s1, WINSEC_DESC* s2); 311 313 … … 314 316 * XXX: finish documenting 315 317 */ 316 _EXPORT 318 _EXPORT() 317 319 bool winsec_acl_equal(WINSEC_ACL* s1, WINSEC_ACL* s2); 318 320 … … 321 323 * XXX: finish documenting 322 324 */ 323 _EXPORT 325 _EXPORT() 324 326 bool winsec_ace_equal(WINSEC_ACE* s1, WINSEC_ACE* s2); 325 327 … … 328 330 * XXX: finish documenting 329 331 */ 330 _EXPORT 332 _EXPORT() 331 333 bool winsec_ace_object(uint8_t type); 332 334 -
trunk/lib/regfi.c
r252 r253 403 403 404 404 405 char* regfi_sid2str(WINSEC_DOM_SID* sid)406 {407 uint32_t i, size = WINSEC_MAX_SUBAUTHS*11 + 24;408 uint32_t left = size;409 uint8_t comps = sid->num_auths;410 char* ret_val = malloc(size);411 412 if(ret_val == NULL)413 return NULL;414 415 if(comps > WINSEC_MAX_SUBAUTHS)416 comps = WINSEC_MAX_SUBAUTHS;417 418 left -= sprintf(ret_val, "S-%u-%u", sid->sid_rev_num, sid->id_auth[5]);419 420 for (i = 0; i < comps; i++)421 left -= snprintf(ret_val+(size-left), left, "-%u", sid->sub_auths[i]);422 423 return ret_val;424 }425 426 427 405 char* regfi_get_acl(WINSEC_ACL* acl) 428 406 { … … 440 418 for (i = 0; i < acl->num_aces && !failed; i++) 441 419 { 442 sid_str = regfi_sid2str(acl->aces[i]->trustee);420 sid_str = winsec_sid2str(acl->aces[i]->trustee); 443 421 type_str = regfi_ace_type2str(acl->aces[i]->type); 444 422 perms_str = regfi_ace_perms2str(acl->aces[i]->access_mask); … … 505 483 char* regfi_get_owner(WINSEC_DESC *sec_desc) 506 484 { 507 return regfi_sid2str(sec_desc->owner_sid);485 return winsec_sid2str(sec_desc->owner_sid); 508 486 } 509 487 … … 511 489 char* regfi_get_group(WINSEC_DESC *sec_desc) 512 490 { 513 return regfi_sid2str(sec_desc->grp_sid);491 return winsec_sid2str(sec_desc->grp_sid); 514 492 } 515 493 … … 1500 1478 } 1501 1479 } 1480 else 1481 ret_val = talloc_reference(NULL, ret_val); 1502 1482 1503 1483 unlock: … … 2067 2047 2068 2048 return regfi_load_sk(file, key->sk_off + REGFI_REGF_SIZE, true); 2049 } 2050 2051 2052 /****************************************************************************** 2053 *****************************************************************************/ 2054 const REGFI_SK* regfi_next_sk(REGFI_FILE* file, const REGFI_SK* sk) 2055 { 2056 if(sk == NULL || sk->next_sk_off == REGFI_OFFSET_NONE) 2057 return NULL; 2058 2059 return regfi_load_sk(file, sk->next_sk_off + REGFI_REGF_SIZE, true); 2060 } 2061 2062 2063 /****************************************************************************** 2064 *****************************************************************************/ 2065 const REGFI_SK* regfi_prev_sk(REGFI_FILE* file, const REGFI_SK* sk) 2066 { 2067 if(sk == NULL || sk->prev_sk_off == REGFI_OFFSET_NONE) 2068 return NULL; 2069 2070 return regfi_load_sk(file, sk->prev_sk_off + REGFI_REGF_SIZE, true); 2069 2071 } 2070 2072 -
trunk/lib/winsec.c
r169 r253 226 226 ret_val->size = SVAL(buf, 0x2); 227 227 ret_val->access_mask = IVAL(buf, 0x4); 228 228 ret_val->obj_guid = NULL; 229 ret_val->inh_guid = NULL; 230 229 231 offset = 0x8; 230 232 … … 246 248 offset += sizeof(WINSEC_UUID); 247 249 } 248 else249 ret_val->obj_guid = NULL;250 250 251 251 if(ret_val->obj_flags & WINSEC_ACE_OBJECT_INHERITED_PRESENT) … … 260 260 offset += sizeof(WINSEC_UUID); 261 261 } 262 else263 ret_val->inh_guid = NULL;264 262 } 265 263 … … 410 408 411 409 /****************************************************************************** 410 ******************************************************************************/ 411 char* winsec_sid2str(const WINSEC_DOM_SID* sid) 412 { 413 uint32_t i, size = WINSEC_MAX_SUBAUTHS*11 + 24; 414 uint32_t left = size; 415 uint8_t comps = sid->num_auths; 416 char* ret_val = malloc(size); 417 418 if(ret_val == NULL) 419 return NULL; 420 421 if(comps > WINSEC_MAX_SUBAUTHS) 422 comps = WINSEC_MAX_SUBAUTHS; 423 424 left -= sprintf(ret_val, "S-%u-%u", sid->sid_rev_num, sid->id_auth[5]); 425 426 for (i = 0; i < comps; i++) 427 left -= snprintf(ret_val+(size-left), left, "-%u", sid->sub_auths[i]); 428 429 return ret_val; 430 } 431 432 433 /****************************************************************************** 412 434 * Compares two WINSEC_DESC structures. 413 435 ******************************************************************************/ -
trunk/python/pyregfi/__init__.py
r252 r253 295 295 296 296 297 ## Registry security record and descriptor 298 # XXX: Access to security descriptors not yet implemented 297 298 ## Represents a registry SK record which contains a security descriptor 299 # 299 300 class Security(_StructureWrapper): 300 pass 301 ## Number of keys referencing this SK record 302 ref_count = 1 303 304 ## The absolute file offset of the SK record's cell in the Hive file 305 offset = 0xCAFEBABE 306 307 ## The @ref SecurityDescriptor for this SK record 308 descriptor = object() 309 310 def __init__(self, hive, base): 311 super(Security, self).__init__(hive, base) 312 # XXX: add checks for NULL pointers 313 self.descriptor = winsec.SecurityDescriptor(base.contents.sec_desc.contents) 314 315 ## Loads the "previous" Security record in the hive 316 # 317 # @note 318 # SK records are included in a circular, doubly-linked list. 319 # To iterate over all SK records, be sure to check for the repetition of 320 # the SK record you started with to determine when all have been traversed. 321 def next_security(self): 322 return Security(self._hive, 323 regfi.regfi_next_sk(self._hive.file, self._base)) 324 325 ## Loads the "previous" Security record in the hive 326 # 327 # @note 328 # SK records are included in a circular, doubly-linked list. 329 # To iterate over all SK records, be sure to check for the repetition of 330 # the SK record you started with to determine when all have been traversed. 331 def prev_security(self): 332 return Security(self._hive, 333 regfi.regfi_prev_sk(self._hive.file, self._base)) 334 301 335 302 336 ## Abstract class for ValueList and SubkeyList … … 1038 1072 del Key.name,Key.name_raw,Key.offset,Key.modified,Key.flags 1039 1073 del Hive.root,Hive.modified,Hive.sequence1,Hive.sequence2,Hive.major_version,Hive.minor_version 1074 del Security.ref_count,Security.offset,Security.descriptor -
trunk/python/pyregfi/structures.py
r252 r253 21 21 REGFI_DATA_TYPE = c_uint32 22 22 REGFI_NTTIME = c_uint64 23 24 REGFI_REGF_SIZE = 0x1000 23 25 24 26 # Prototype everything first so we don't have to worry about reference order … … 94 96 read_cb_type = CB_FACTORY(c_int64, POINTER(REGFI_RAW_FILE), POINTER(c_char), c_size_t, use_errno=True) 95 97 98 99 from winsec import * 96 100 97 101 REGFI_VK._fields_ = [('offset', c_uint32), … … 113 117 REGFI_SK._fields_ = [('offset', c_uint32), 114 118 ('cell_size', c_uint32), 115 ('sec_desc', c_void_p), #XXX119 ('sec_desc', POINTER(WINSEC_DESC)), 116 120 ('hbin_off', c_uint32), 117 121 ('prev_sk_off', c_uint32), … … 261 265 regfi.regfi_fetch_sk.restype = POINTER(REGFI_SK) 262 266 267 regfi.regfi_next_sk.argtypes = [POINTER(REGFI_FILE), POINTER(REGFI_SK)] 268 regfi.regfi_next_sk.restype = POINTER(REGFI_SK) 269 270 regfi.regfi_prev_sk.argtypes = [POINTER(REGFI_FILE), POINTER(REGFI_SK)] 271 regfi.regfi_prev_sk.restype = POINTER(REGFI_SK) 272 263 273 regfi.regfi_fetch_data.argtypes = [POINTER(REGFI_FILE), POINTER(REGFI_VK)] 264 274 regfi.regfi_fetch_data.restype = POINTER(REGFI_DATA) … … 283 293 regfi.regfi_get_parentkey.restype = POINTER(REGFI_NK) 284 294 285 regfi.regfi_nt2unix_time.argtypes = [ POINTER(REGFI_NTTIME)]295 regfi.regfi_nt2unix_time.argtypes = [REGFI_NTTIME] 286 296 regfi.regfi_nt2unix_time.restype = c_double 287 297
Note: See TracChangeset
for help on using the changeset viewer.