Changeset 253 for trunk/python

Timestamp:

06/12/11 22:27:42 (13 years ago)

Author:

tim

Message:

added preliminary interface to security descriptors in pyregfi
misc bug fixes

Location:

trunk/python/pyregfi

Files:

• __init__.py (modified) (2 diffs)
• structures.py (modified) (5 diffs)

trunk/python/pyregfi/__init__.py

@@ -295 +295 @@
 
 
-## Registry security record and descriptor
-# XXX: Access to security descriptors not yet implemented
+
+## Represents a registry SK record which contains a security descriptor
+# 
 class Security(_StructureWrapper):
-    pass
+    ## Number of keys referencing this SK record 
+    ref_count = 1
+
+    ## The absolute file offset of the SK record's cell in the Hive file
+    offset = 0xCAFEBABE
+
+    ## The @ref SecurityDescriptor for this SK record
+    descriptor = object()
+
+    def __init__(self, hive, base):
+        super(Security, self).__init__(hive, base)
+        # XXX: add checks for NULL pointers
+        self.descriptor = winsec.SecurityDescriptor(base.contents.sec_desc.contents)
+
+    ## Loads the "previous" Security record in the hive
+    #
+    # @note
+    # SK records are included in a circular, doubly-linked list.
+    # To iterate over all SK records, be sure to check for the repetition of
+    # the SK record you started with to determine when all have been traversed.
+    def next_security(self):
+        return Security(self._hive,
+                        regfi.regfi_next_sk(self._hive.file, self._base))
+
+    ## Loads the "previous" Security record in the hive
+    #
+    # @note
+    # SK records are included in a circular, doubly-linked list.
+    # To iterate over all SK records, be sure to check for the repetition of
+    # the SK record you started with to determine when all have been traversed.
+    def prev_security(self):
+        return Security(self._hive,
+                        regfi.regfi_prev_sk(self._hive.file, self._base))
+
 
 ## Abstract class for ValueList and SubkeyList
@@ -1038 +1072 @@
 del Key.name,Key.name_raw,Key.offset,Key.modified,Key.flags
 del Hive.root,Hive.modified,Hive.sequence1,Hive.sequence2,Hive.major_version,Hive.minor_version
+del Security.ref_count,Security.offset,Security.descriptor

trunk/python/pyregfi/structures.py

@@ -21 +21 @@
 REGFI_DATA_TYPE = c_uint32
 REGFI_NTTIME = c_uint64
+
+REGFI_REGF_SIZE = 0x1000
 
 # Prototype everything first so we don't have to worry about reference order
@@ -94 +96 @@
 read_cb_type = CB_FACTORY(c_int64, POINTER(REGFI_RAW_FILE), POINTER(c_char), c_size_t, use_errno=True)
 
+
+from winsec import *
 
 REGFI_VK._fields_ = [('offset', c_uint32),
@@ -113 +117 @@
 REGFI_SK._fields_ = [('offset', c_uint32),
                      ('cell_size', c_uint32),
-                     ('sec_desc', c_void_p), #XXX
+                     ('sec_desc', POINTER(WINSEC_DESC)),
                      ('hbin_off', c_uint32),
                      ('prev_sk_off', c_uint32),
@@ -261 +265 @@
 regfi.regfi_fetch_sk.restype = POINTER(REGFI_SK)
 
+regfi.regfi_next_sk.argtypes = [POINTER(REGFI_FILE), POINTER(REGFI_SK)]
+regfi.regfi_next_sk.restype = POINTER(REGFI_SK)
+
+regfi.regfi_prev_sk.argtypes = [POINTER(REGFI_FILE), POINTER(REGFI_SK)]
+regfi.regfi_prev_sk.restype = POINTER(REGFI_SK)
+
 regfi.regfi_fetch_data.argtypes = [POINTER(REGFI_FILE), POINTER(REGFI_VK)]
 regfi.regfi_fetch_data.restype = POINTER(REGFI_DATA)
@@ -283 +293 @@
 regfi.regfi_get_parentkey.restype = POINTER(REGFI_NK)
 
-regfi.regfi_nt2unix_time.argtypes = [POINTER(REGFI_NTTIME)]
+regfi.regfi_nt2unix_time.argtypes = [REGFI_NTTIME]
 regfi.regfi_nt2unix_time.restype = c_double