- Timestamp:
- 09/04/05 17:04:58 (19 years ago)
- Location:
- trunk
- Files:
-
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/include/regfio.h
r41 r53 102 102 struct regf_hbin; 103 103 typedef struct regf_hbin { 104 struct regf_hbin *prev, *next; 105 uint32 file_off; /* my offset in the registry file */ 106 uint32 free_off; /* offset to free space within the hbin record */ 107 uint32 free_size; /* amount of data left in the block */ 108 int ref_count; /* how many active records are pointing to this block (not used currently) */ 104 struct regf_hbin* prev; 105 struct regf_hbin* next; 106 uint32 file_off; /* my offset in the registry file */ 107 uint32 free_off; /* offset to free space within the hbin record */ 108 uint32 free_size; /* amount of data left in the block */ 109 int ref_count; /* how many active records are pointing to this block (not used currently) */ 109 110 110 char header[HBIN_HDR_SIZE]; /* "hbin" */ 111 uint32 first_hbin_off; /* offset from first hbin block */ 112 uint32 block_size; /* block size of this blockually a multiple of 4096Kb) */ 113 114 prs_struct ps; /* data */ 115 116 bool dirty; /* has this hbin block been modified? */ 111 uint8 header[HBIN_HDR_SIZE]; /* "hbin" */ 112 uint32 first_hbin_off; /* offset from first hbin block */ 113 uint32 block_size; /* block size of this blockually a multiple of 4096Kb) */ 114 prs_struct ps; /* data */ 115 bool dirty; /* has this hbin block been modified? */ 117 116 } REGF_HBIN; 118 117 … … 120 119 121 120 typedef struct { 122 123 121 uint32 nk_off; 122 uint8 keycheck[sizeof(uint32)]; 124 123 } REGF_HASH_REC; 125 124 126 125 typedef struct { 127 128 129 130 131 charheader[REC_HDR_SIZE];132 133 126 REGF_HBIN *hbin; /* pointer to HBIN record (in memory) containing this nk record */ 127 uint32 hbin_off; /* offset from beginning of this hbin block */ 128 uint32 rec_size; /* ((start_offset - end_offset) & 0xfffffff8) */ 129 130 uint8 header[REC_HDR_SIZE]; 131 uint16 num_keys; 132 REGF_HASH_REC *hashes; 134 133 } REGF_LF_REC; 135 134 … … 137 136 138 137 typedef struct { 139 140 141 142 143 144 charheader[REC_HDR_SIZE];145 char *valuename;146 147 148 uint8 *data;149 150 138 REGF_HBIN *hbin; /* pointer to HBIN record (in memory) containing this nk record */ 139 uint32 hbin_off; /* offset from beginning of this hbin block */ 140 uint32 rec_size; /* ((start_offset - end_offset) & 0xfffffff8) */ 141 uint32 rec_off; /* offset stored in the value list */ 142 143 uint8 header[REC_HDR_SIZE]; 144 char* valuename; 145 uint32 data_size; 146 uint32 data_off; 147 uint8* data; 148 uint32 type; 149 uint16 flag; 151 150 } REGF_VK_REC; 152 151 … … 156 155 157 156 typedef struct _regf_sk_rec { 158 159 160 161 162 163 157 struct _regf_sk_rec *next, *prev; 158 REGF_HBIN *hbin; /* pointer to HBIN record (in memory) containing this nk record */ 159 uint32 hbin_off; /* offset from beginning of this hbin block */ 160 uint32 rec_size; /* ((start_offset - end_offset) & 0xfffffff8) */ 161 162 uint32 sk_off; /* offset parsed from NK record used as a key 164 163 to lookup reference to this SK record */ 165 166 charheader[REC_HDR_SIZE];167 168 169 170 171 164 165 uint8 header[REC_HDR_SIZE]; 166 uint32 prev_sk_off; 167 uint32 next_sk_off; 168 uint32 ref_count; 169 uint32 size; 170 SEC_DESC *sec_desc; 172 171 } REGF_SK_REC; 173 172 … … 175 174 176 175 typedef struct { 177 178 179 180 181 182 183 184 charheader[REC_HDR_SIZE];185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 176 REGF_HBIN *hbin; /* pointer to HBIN record (in memory) containing this nk record */ 177 uint32 hbin_off; /* offset from beginning of this hbin block */ 178 uint32 subkey_index; /* index to next subkey record to return */ 179 uint32 rec_size; /* ((start_offset - end_offset) & 0xfffffff8) */ 180 181 /* header information */ 182 183 uint8 header[REC_HDR_SIZE]; 184 uint16 key_type; 185 NTTIME mtime; 186 uint32 parent_off; /* back pointer in registry hive */ 187 uint32 classname_off; 188 char *classname; 189 char *keyname; 190 191 /* max lengths */ 192 193 uint32 max_bytes_subkeyname; /* max subkey name * 2 */ 194 uint32 max_bytes_subkeyclassname; /* max subkey classname length (as if) */ 195 uint32 max_bytes_valuename; /* max valuename * 2 */ 196 uint32 max_bytes_value; /* max value data size */ 197 198 /* unknowns */ 199 200 uint32 unk_index; /* nigel says run time index ? */ 201 202 /* children */ 203 204 uint32 num_subkeys; 205 uint32 subkeys_off; /* hash records that point to NK records */ 206 uint32 num_values; 207 uint32 values_off; /* value lists which point to VK records */ 208 uint32 sk_off; /* offset to SK record */ 209 210 /* link in the other records here */ 211 212 REGF_LF_REC subkeys; 213 REGF_VK_REC *values; 214 REGF_SK_REC *sec_desc; 216 215 217 216 } REGF_NK_REC; … … 220 219 221 220 typedef struct { 222 /* run time information */ 223 224 int fd; /* file descriptor */ 225 int open_flags; /* flags passed to the open() call */ 226 void *mem_ctx; /* memory context for run-time file access information */ 227 REGF_HBIN *block_list; /* list of open hbin blocks */ 228 229 /* file format information */ 230 231 char header[REGF_HDR_SIZE]; /* "regf" */ 232 uint32 data_offset; /* offset to record in the first (or any?) hbin block */ 233 uint32 last_block; /* offset to last hbin block in file */ 234 uint32 checksum; /* XOR of bytes 0x0000 - 0x01FB */ 235 NTTIME mtime; 236 237 REGF_SK_REC *sec_desc_list; /* list of security descriptors referenced by NK records */ 238 239 /* unknowns used to simply writing */ 240 241 uint32 unknown1; 242 uint32 unknown2; 243 uint32 unknown3; 244 uint32 unknown4; 245 uint32 unknown5; 246 uint32 unknown6; 247 221 /* run time information */ 222 223 int fd; /* file descriptor */ 224 int open_flags; /* flags passed to the open() call */ 225 void *mem_ctx; /* memory context for run-time file access information */ 226 REGF_HBIN *block_list; /* list of open hbin blocks */ 227 228 /* file format information */ 229 230 uint8 header[REGF_HDR_SIZE]; /* "regf" */ 231 uint32 data_offset; /* offset to record in the first (or any?) hbin block */ 232 uint32 last_block; /* offset to last hbin block in file */ 233 uint32 checksum; /* XOR of bytes 0x0000 - 0x01FB */ 234 NTTIME mtime; 235 236 REGF_SK_REC *sec_desc_list; /* list of security descriptors referenced by NK records */ 237 238 /* unknowns used to simply writing */ 239 240 uint32 unknown1; 241 uint32 unknown2; 242 uint32 unknown3; 243 uint32 unknown4; 244 uint32 unknown5; 245 uint32 unknown6; 248 246 } REGF_FILE; 247 249 248 250 249 /* Function Declarations */ … … 253 252 int regfio_type_str2val(const char* str); 254 253 254 char* regfio_get_sacl(SEC_DESC *sec_desc); 255 char* regfio_get_dacl(SEC_DESC *sec_desc); 256 char* regfio_get_owner(SEC_DESC *sec_desc); 257 char* regfio_get_group(SEC_DESC *sec_desc); 258 255 259 REGF_FILE* regfio_open( const char *filename ); 256 260 int regfio_close( REGF_FILE *r ); -
trunk/include/smb_deps.h
r42 r53 184 184 uint16 *data16, uint32 ptr_uint16, uint32 start_offset); 185 185 bool prs_uint8(const char *name, prs_struct *ps, int depth, uint8 *data8); 186 bool prs_uint8s(bool charmode, const char *name, prs_struct *ps, int depth, uint8 *data8s, int len); 186 bool prs_uint8s(bool charmode, const char *name, prs_struct *ps, int depth, 187 uint8* data8s, int len); 187 188 bool prs_set_offset(prs_struct *ps, uint32 offset); 188 189 -
trunk/lib/regfio.c
r41 r53 29 29 30 30 31 /*******************************************************************32 *33 * TODO : Right now this code basically ignores classnames.34 *35 ******************************************************************/36 37 31 /* Registry types mapping */ 38 32 const VAL_STR reg_type_names[] = … … 79 73 80 74 75 /* Security descriptor parsing functions */ 76 77 const char* regfio_ace_type2str(uint8 type) 78 { 79 static const char* map[7] 80 = {"ALLOW", "DENY", "AUDIT", "ALARM", 81 "ALLOW CPD", "OBJ ALLOW", "OBJ DENY"}; 82 if(type < 7) 83 return map[type]; 84 else 85 /* XXX: would be nice to return the unknown integer value. 86 * However, as it is a const string, it can't be free()ed later on, 87 * so that would need to change. 88 */ 89 return "UNKNOWN"; 90 } 91 92 93 /* XXX: this could probably be more efficient */ 94 char* regfio_ace_flags2str(uint8 flags) 95 { 96 char* flg_output = malloc(21*sizeof(char)); 97 int some = 0; 98 99 if(flg_output == NULL) 100 return NULL; 101 102 flg_output[0] = '\0'; 103 if (!flags) 104 return flg_output; 105 106 if (flags & 0x01) { 107 if (some) strcat(flg_output, " "); 108 some = 1; 109 strcat(flg_output, "OI"); 110 } 111 if (flags & 0x02) { 112 if (some) strcat(flg_output, " "); 113 some = 1; 114 strcat(flg_output, "CI"); 115 } 116 if (flags & 0x04) { 117 if (some) strcat(flg_output, " "); 118 some = 1; 119 strcat(flg_output, "NP"); 120 } 121 if (flags & 0x08) { 122 if (some) strcat(flg_output, " "); 123 some = 1; 124 strcat(flg_output, "IO"); 125 } 126 if (flags & 0x10) { 127 if (some) strcat(flg_output, " "); 128 some = 1; 129 strcat(flg_output, "IA"); 130 } 131 if (flags == 0xF) { 132 if (some) strcat(flg_output, " "); 133 some = 1; 134 strcat(flg_output, "VI"); 135 } 136 137 return flg_output; 138 } 139 140 141 char* regfio_ace_perms2str(uint32 perms) 142 { 143 char* ret_val = malloc(9*sizeof(char)); 144 if(ret_val == NULL) 145 return NULL; 146 147 /* XXX: this should probably be parsed better */ 148 sprintf(ret_val, "%.8X", perms); 149 150 return ret_val; 151 } 152 153 154 char* regfio_sid2str(DOM_SID* sid) 155 { 156 uint32 i, size = MAXSUBAUTHS*11 + 24; 157 uint32 left = size; 158 uint8 comps = sid->num_auths; 159 char* ret_val = malloc(size); 160 161 if(ret_val == NULL) 162 return NULL; 163 164 if(comps > MAXSUBAUTHS) 165 comps = MAXSUBAUTHS; 166 167 left -= sprintf(ret_val, "S-%u-%u", sid->sid_rev_num, sid->id_auth[5]); 168 169 for (i = 0; i < comps; i++) 170 left -= snprintf(ret_val+(size-left), left, "-%u", sid->sub_auths[i]); 171 172 return ret_val; 173 } 174 175 176 char* regfio_get_acl(SEC_ACL* acl) 177 { 178 uint32 i, extra, size = 0; 179 const char* type_str; 180 char* flags_str; 181 char* perms_str; 182 char* sid_str; 183 char* ret_val = NULL; 184 char* ace_delim = ""; 185 char field_delim = ':'; 186 187 for (i = 0; i < acl->num_aces; i++) 188 { 189 sid_str = regfio_sid2str(&acl->ace[i].trustee); 190 type_str = regfio_ace_type2str(acl->ace[i].type); 191 perms_str = regfio_ace_perms2str(acl->ace[i].info.mask); 192 flags_str = regfio_ace_flags2str(acl->ace[i].flags); 193 194 if(flags_str == NULL || perms_str == NULL 195 || type_str == NULL || sid_str == NULL) 196 return NULL; 197 198 /* XXX: this is slow */ 199 extra = strlen(sid_str) + strlen(type_str) 200 + strlen(perms_str) + strlen(flags_str)+5; 201 ret_val = realloc(ret_val, size+extra); 202 if(ret_val == NULL) 203 return NULL; 204 size += snprintf(ret_val+size, extra, "%s%s%c%s%c%s%c%s", 205 ace_delim,sid_str, 206 field_delim,type_str, 207 field_delim,perms_str, 208 field_delim,flags_str); 209 ace_delim = "|"; 210 free(sid_str); 211 free(perms_str); 212 free(flags_str); 213 } 214 215 return ret_val; 216 } 217 218 219 char* regfio_get_sacl(SEC_DESC *sec_desc) 220 { 221 if (sec_desc->sacl) 222 return regfio_get_acl(sec_desc->sacl); 223 else 224 return NULL; 225 } 226 227 228 char* regfio_get_dacl(SEC_DESC *sec_desc) 229 { 230 if (sec_desc->dacl) 231 return regfio_get_acl(sec_desc->dacl); 232 else 233 return NULL; 234 } 235 236 237 char* regfio_get_owner(SEC_DESC *sec_desc) 238 { 239 return regfio_sid2str(sec_desc->owner_sid); 240 } 241 242 243 char* regfio_get_group(SEC_DESC *sec_desc) 244 { 245 return regfio_sid2str(sec_desc->grp_sid); 246 } 247 248 249 81 250 /******************************************************************* 82 251 *******************************************************************/ … … 117 286 /* make sure this is an hbin header */ 118 287 119 if ( strncmp( hdr, "hbin", HBIN_HDR_SIZE ) != 0 ) {288 if ( strncmp( (char*)hdr, "hbin", HBIN_HDR_SIZE ) != 0 ) { 120 289 /*DEBUG(0,("read_block: invalid block header!\n"));*/ 121 290 return -1; … … 161 330 /******************************************************************* 162 331 *******************************************************************/ 163 static bool prs_regf_block( const char *desc, prs_struct *ps, int depth, REGF_FILE *file ) 332 static bool prs_regf_block(const char *desc, prs_struct *ps, 333 int depth, REGF_FILE *file) 164 334 { 165 335 depth++; 166 336 167 if ( !prs_uint8s( true, "header", ps, depth, file->header, sizeof( file->header )))337 if(!prs_uint8s(true, "header", ps, depth, file->header, sizeof(file->header))) 168 338 return false; 169 339 … … 220 390 /******************************************************************* 221 391 *******************************************************************/ 222 static bool prs_hbin_block( const char *desc, prs_struct *ps, int depth, REGF_HBIN *hbin ) 392 static bool prs_hbin_block(const char *desc, prs_struct *ps, 393 int depth, REGF_HBIN *hbin) 223 394 { 224 395 uint32 block_size2; … … 226 397 depth++; 227 398 228 if ( !prs_uint8s( true, "header", ps, depth, hbin->header, sizeof( hbin->header )))399 if(!prs_uint8s(true, "header", ps, depth, hbin->header, sizeof(hbin->header))) 229 400 return false; 230 401 … … 336 507 return false; 337 508 338 if ( !prs_uint8s( true, "name", ps, depth, nk->keyname, name_length))339 return false; 340 341 if ( ps->io )509 if(!prs_uint8s(true, "name", ps, depth, (uint8*)nk->keyname, name_length)) 510 return false; 511 512 if(ps->io) 342 513 nk->keyname[name_length] = '\0'; 343 514 } … … 583 754 /******************************************************************* 584 755 *******************************************************************/ 585 static bool hbin_prs_lf_records( const char *desc, REGF_HBIN *hbin, int depth, REGF_NK_REC *nk ) 756 static bool hbin_prs_lf_records(const char *desc, REGF_HBIN *hbin, 757 int depth, REGF_NK_REC *nk) 586 758 { 587 759 int i; … … 609 781 return false; 610 782 611 if ( !prs_uint8s( true, "header", &hbin->ps, depth, lf->header, sizeof( lf->header )) ) 783 if(!prs_uint8s(true, "header", &hbin->ps, depth, 784 lf->header, sizeof(lf->header))) 612 785 return false; 613 786 … … 662 835 return false; 663 836 664 if ( !prs_uint8s( true, "header", ps, depth, sk->header, sizeof( sk->header )))837 if (!prs_uint8s(true, "header", ps, depth, sk->header, sizeof(sk->header))) 665 838 return false; 666 839 if ( !prs_uint16( "tag", ps, depth, &tag)) … … 743 916 return false; 744 917 } 745 if ( !prs_uint8s( true, "name", ps, depth, vk->valuename, name_length ) ) 918 if ( !prs_uint8s(true, "name", ps, depth, 919 (uint8*)vk->valuename, name_length) ) 746 920 return false; 747 921 } … … 1017 1191 static bool next_record( REGF_HBIN *hbin, const char *hdr, bool *eob ) 1018 1192 { 1019 charheader[REC_HDR_SIZE] = "";1193 uint8 header[REC_HDR_SIZE] = ""; 1020 1194 uint32 record_size; 1021 1195 uint32 curr_off, block_size; -
trunk/lib/smb_deps.c
r42 r53 427 427 Stream an array of uint8s. Length is number of uint8s. 428 428 ********************************************************************/ 429 bool prs_uint8s(bool charmode, const char *name, prs_struct *ps, int depth, uint8 *data8s, int len) 429 bool prs_uint8s(bool charmode, const char *name, prs_struct *ps, int depth, 430 uint8* data8s, int len) 430 431 { 431 432 int i; -
trunk/src/reglookup.c
r52 r53 146 146 { 147 147 case REG_SZ: 148 if (print_verbose)149 fprintf(stderr, "Len: %d\n", len);150 151 148 ascii_max = sizeof(char)*len; 152 149 ascii = malloc(ascii_max+4); … … 263 260 264 261 return NULL; 265 }266 267 268 /* Security descriptor print functions */269 /* XXX: these functions should be moved out into regfio library */270 const char* ace_type2str(uint8 type)271 {272 static const char* map[7]273 = {"ALLOW", "DENY", "AUDIT", "ALARM",274 "ALLOW CPD", "OBJ ALLOW", "OBJ DENY"};275 if(type < 7)276 return map[type];277 else278 return "UNKNOWN";279 }280 281 282 char* ace_flags2str(uint8 flags)283 {284 char* flg_output = malloc(21*sizeof(char));285 int some = 0;286 287 if(flg_output == NULL)288 return NULL;289 290 flg_output[0] = '\0';291 if (!flags)292 return flg_output;293 294 if (flags & 0x01) {295 if (some) strcat(flg_output, " ");296 some = 1;297 strcat(flg_output, "OI");298 }299 if (flags & 0x02) {300 if (some) strcat(flg_output, " ");301 some = 1;302 strcat(flg_output, "CI");303 }304 if (flags & 0x04) {305 if (some) strcat(flg_output, " ");306 some = 1;307 strcat(flg_output, "NP");308 }309 if (flags & 0x08) {310 if (some) strcat(flg_output, " ");311 some = 1;312 strcat(flg_output, "IO");313 }314 if (flags & 0x10) {315 if (some) strcat(flg_output, " ");316 some = 1;317 strcat(flg_output, "IA");318 }319 if (flags == 0xF) {320 if (some) strcat(flg_output, " ");321 some = 1;322 strcat(flg_output, "VI");323 }324 325 return flg_output;326 }327 328 329 char* ace_perms2str(uint32 perms)330 {331 char* ret_val = malloc(9*sizeof(char));332 sprintf(ret_val, "%.8X", perms);333 334 return ret_val;335 }336 337 338 char* sid2str(DOM_SID* sid)339 {340 uint32 i, size = MAXSUBAUTHS*11 + 24;341 uint32 left = size;342 uint8 comps = sid->num_auths;343 char* ret_val = malloc(size);344 345 if(ret_val == NULL)346 return NULL;347 348 if(comps > MAXSUBAUTHS)349 comps = MAXSUBAUTHS;350 351 left -= sprintf(ret_val, "S-%u-%u", sid->sid_rev_num, sid->id_auth[5]);352 353 for (i = 0; i < comps; i++)354 left -= snprintf(ret_val+(size-left), left, "-%u", sid->sub_auths[i]);355 356 return ret_val;357 }358 359 360 char* get_acl(SEC_ACL* acl)361 {362 uint32 i, extra, size = 0;363 const char* type_str;364 char* flags_str;365 char* perms_str;366 char* sid_str;367 char* ret_val = NULL;368 char* ace_delim = "";369 char field_delim = ':';370 371 for (i = 0; i < acl->num_aces; i++)372 {373 /* XXX: check for NULL */374 sid_str = sid2str(&acl->ace[i].trustee);375 type_str = ace_type2str(acl->ace[i].type);376 perms_str = ace_perms2str(acl->ace[i].info.mask);377 flags_str = ace_flags2str(acl->ace[i].flags);378 379 /* XXX: this is slow */380 extra = strlen(sid_str) + strlen(type_str)381 + strlen(perms_str) + strlen(flags_str)+5;382 ret_val = realloc(ret_val, size+extra);383 if(ret_val == NULL)384 return NULL;385 size += snprintf(ret_val+size, extra, "%s%s%c%s%c%s%c%s",386 ace_delim,sid_str,387 field_delim,type_str,388 field_delim,perms_str,389 field_delim,flags_str);390 ace_delim = "|";391 free(sid_str);392 free(perms_str);393 free(flags_str);394 }395 396 return ret_val;397 }398 399 400 char* get_sacl(SEC_DESC *sec_desc)401 {402 if (sec_desc->sacl)403 return get_acl(sec_desc->sacl);404 else405 return NULL;406 }407 408 409 char* get_dacl(SEC_DESC *sec_desc)410 {411 if (sec_desc->dacl)412 return get_acl(sec_desc->dacl);413 else414 return NULL;415 }416 417 418 char* get_owner(SEC_DESC *sec_desc)419 {420 return sid2str(sec_desc->owner_sid);421 }422 423 424 char* get_group(SEC_DESC *sec_desc)425 {426 return sid2str(sec_desc->grp_sid);427 262 } 428 263 … … 607 442 if(print_security) 608 443 { 609 owner = get_owner(k->sec_desc->sec_desc);610 group = get_group(k->sec_desc->sec_desc);611 sacl = get_sacl(k->sec_desc->sec_desc);612 dacl = get_dacl(k->sec_desc->sec_desc);444 owner = regfio_get_owner(k->sec_desc->sec_desc); 445 group = regfio_get_group(k->sec_desc->sec_desc); 446 sacl = regfio_get_sacl(k->sec_desc->sec_desc); 447 dacl = regfio_get_dacl(k->sec_desc->sec_desc); 613 448 if(owner == NULL) 614 449 owner = empty_str; … … 709 544 uint32 prefix_len; 710 545 char* cur_str = NULL; 546 char* path = NULL; 711 547 bool found_cur = true; 712 548 uint32 i; … … 754 590 && strcasecmp(sub->values[i].valuename, cur_str) == 0) 755 591 { 756 /* XXX: fix mem leak with stack2Path return value */ 757 printValue(&sub->values[i], stack2Path(nk_stack)); 592 path = stack2Path(nk_stack); 593 printValue(&sub->values[i], path); 594 if(path != NULL) 595 free(path); 758 596 return 0; 759 597 } … … 788 626 " <REGISTRY_FILE>\n"); 789 627 /* XXX: replace version string with Subversion property? */ 790 fprintf(stderr, "Version: 0.2 \n");628 fprintf(stderr, "Version: 0.2.1\n"); 791 629 fprintf(stderr, "Options:\n"); 792 630 fprintf(stderr, "\t-v\t sets verbose mode.\n");
Note: See TracChangeset
for help on using the changeset viewer.