diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-05 17:47:29 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-05 17:47:29 +0000 |
commit | 4f5791ebd03eaec1c7da0865a383175b05102712 (patch) | |
tree | 8ce7b00f7a76baa386372422adebbe64510812d4 /source3/registry/regfio.c | |
parent | Initial commit. (diff) | |
download | samba-4f5791ebd03eaec1c7da0865a383175b05102712.tar.xz samba-4f5791ebd03eaec1c7da0865a383175b05102712.zip |
Adding upstream version 2:4.17.12+dfsg.upstream/2%4.17.12+dfsgupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r-- | source3/registry/regfio.c | 1994 |
1 files changed, 1994 insertions, 0 deletions
diff --git a/source3/registry/regfio.c b/source3/registry/regfio.c new file mode 100644 index 0000000..930ac83 --- /dev/null +++ b/source3/registry/regfio.c @@ -0,0 +1,1994 @@ +/* + * Unix SMB/CIFS implementation. + * Windows NT registry I/O library + * Copyright (c) Gerald (Jerry) Carter 2005 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see <http://www.gnu.org/licenses/>. + */ + +#include "includes.h" +#include "system/filesys.h" +#include "regfio.h" +#include "../librpc/gen_ndr/ndr_security.h" +#include "../libcli/security/security_descriptor.h" +#include "../libcli/security/secdesc.h" + +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_REGISTRY + +/******************************************************************* + * + * TODO : Right now this code basically ignores classnames. + * + ******************************************************************/ + +#if defined(PARANOID_MALLOC_CHECKER) +#define PRS_ALLOC_MEM(ps, type, count) (type *)prs_alloc_mem_((ps),sizeof(type),(count)) +#else +#define PRS_ALLOC_MEM(ps, type, count) (type *)prs_alloc_mem((ps),sizeof(type),(count)) +#endif + +/******************************************************************* + Reads or writes an NTTIME structure. +********************************************************************/ + +static bool smb_io_time(const char *desc, NTTIME *nttime, prs_struct *ps, int depth) +{ + uint32_t low, high; + if (nttime == NULL) + return False; + + prs_debug(ps, depth, desc, "smb_io_time"); + depth++; + + if(!prs_align(ps)) + return False; + + if (MARSHALLING(ps)) { + low = *nttime & 0xFFFFFFFF; + high = *nttime >> 32; + } + + if(!prs_uint32("low ", ps, depth, &low)) /* low part */ + return False; + if(!prs_uint32("high", ps, depth, &high)) /* high part */ + return False; + + if (UNMARSHALLING(ps)) { + *nttime = (((uint64_t)high << 32) + low); + } + + return True; +} + +/******************************************************************* +*******************************************************************/ + +static int write_block( REGF_FILE *file, prs_struct *ps, uint32_t offset ) +{ + int bytes_written, returned; + char *buffer = prs_data_p( ps ); + uint32_t buffer_size = prs_data_size( ps ); + SMB_STRUCT_STAT sbuf; + + if ( file->fd == -1 ) + return -1; + + /* check for end of file */ + + if (sys_fstat(file->fd, &sbuf, false)) { + DEBUG(0,("write_block: stat() failed! (%s)\n", strerror(errno))); + return -1; + } + + if ( lseek( file->fd, offset, SEEK_SET ) == -1 ) { + DEBUG(0,("write_block: lseek() failed! (%s)\n", strerror(errno) )); + return -1; + } + + bytes_written = returned = 0; + while ( bytes_written < buffer_size ) { + if ( (returned = write( file->fd, buffer+bytes_written, buffer_size-bytes_written )) == -1 ) { + DEBUG(0,("write_block: write() failed! (%s)\n", strerror(errno) )); + return False; + } + + bytes_written += returned; + } + + return bytes_written; +} + +/******************************************************************* +*******************************************************************/ + +static int read_block( REGF_FILE *file, prs_struct *ps, uint32_t file_offset, uint32_t block_size ) +{ + int bytes_read, returned; + char *buffer; + SMB_STRUCT_STAT sbuf; + + /* check for end of file */ + + if (sys_fstat(file->fd, &sbuf, false)) { + DEBUG(0,("read_block: stat() failed! (%s)\n", strerror(errno))); + return -1; + } + + if ( (size_t)file_offset >= sbuf.st_ex_size ) + return -1; + + /* if block_size == 0, we are parsing HBIN records and need + to read some of the header to get the block_size from there */ + + if ( block_size == 0 ) { + char hdr[0x20]; + + if ( lseek( file->fd, file_offset, SEEK_SET ) == -1 ) { + DEBUG(0,("read_block: lseek() failed! (%s)\n", strerror(errno) )); + return -1; + } + + returned = read( file->fd, hdr, 0x20 ); + if ( (returned == -1) || (returned < 0x20) ) { + DEBUG(0,("read_block: failed to read in HBIN header. Is the file corrupt?\n")); + return -1; + } + + /* make sure this is an hbin header */ + + if ( strncmp( hdr, "hbin", HBIN_HDR_SIZE ) != 0 ) { + DEBUG(0,("read_block: invalid block header!\n")); + return -1; + } + + block_size = IVAL( hdr, 0x08 ); + } + + DEBUG(10,("read_block: block_size == 0x%x\n", block_size )); + + /* set the offset, initialize the buffer, and read the block from disk */ + + if ( lseek( file->fd, file_offset, SEEK_SET ) == -1 ) { + DEBUG(0,("read_block: lseek() failed! (%s)\n", strerror(errno) )); + return -1; + } + + if (!prs_init( ps, block_size, file->mem_ctx, UNMARSHALL )) { + DEBUG(0,("read_block: prs_init() failed! (%s)\n", strerror(errno) )); + return -1; + } + buffer = prs_data_p( ps ); + bytes_read = returned = 0; + + while ( bytes_read < block_size ) { + if ( (returned = read( file->fd, buffer+bytes_read, block_size-bytes_read )) == -1 ) { + DEBUG(0,("read_block: read() failed (%s)\n", strerror(errno) )); + return False; + } + if ( (returned == 0) && (bytes_read < block_size) ) { + DEBUG(0,("read_block: not a valid registry file ?\n" )); + return False; + } + + bytes_read += returned; + } + + return bytes_read; +} + +/******************************************************************* +*******************************************************************/ + +static bool write_hbin_block( REGF_FILE *file, REGF_HBIN *hbin ) +{ + if ( !hbin->dirty ) + return True; + + /* write free space record if any is available */ + + if ( hbin->free_off != REGF_OFFSET_NONE ) { + uint32_t header = 0xffffffff; + + if ( !prs_set_offset( &hbin->ps, hbin->free_off-sizeof(uint32_t) ) ) + return False; + if ( !prs_uint32( "free_size", &hbin->ps, 0, &hbin->free_size ) ) + return False; + if ( !prs_uint32( "free_header", &hbin->ps, 0, &header ) ) + return False; + } + + hbin->dirty = (write_block( file, &hbin->ps, hbin->file_off ) != -1); + + return hbin->dirty; +} + +/******************************************************************* +*******************************************************************/ + +static bool hbin_block_close( REGF_FILE *file, REGF_HBIN *hbin ) +{ + REGF_HBIN *p; + + /* remove the block from the open list and flush it to disk */ + + for ( p=file->block_list; p && p!=hbin; p=p->next ) + ; + + if ( p == hbin ) { + DLIST_REMOVE( file->block_list, hbin ); + } + else + DEBUG(0,("hbin_block_close: block not in open list!\n")); + + if ( !write_hbin_block( file, hbin ) ) + return False; + + return True; +} + +/******************************************************************* +*******************************************************************/ + +static bool prs_regf_block( const char *desc, prs_struct *ps, int depth, REGF_FILE *file ) +{ + prs_debug(ps, depth, desc, "prs_regf_block"); + depth++; + + if ( !prs_uint8s( True, "header", ps, depth, (uint8_t *)file->header, sizeof( file->header )) ) + return False; + + /* yes, these values are always identical so store them only once */ + + if ( !prs_uint32( "unknown1", ps, depth, &file->unknown1 )) + return False; + if ( !prs_uint32( "unknown1 (again)", ps, depth, &file->unknown1 )) + return False; + + /* get the modtime */ + + if ( !prs_set_offset( ps, 0x0c ) ) + return False; + if ( !smb_io_time( "modtime", &file->mtime, ps, depth ) ) + return False; + + /* constants */ + + if ( !prs_uint32( "unknown2", ps, depth, &file->unknown2 )) + return False; + if ( !prs_uint32( "unknown3", ps, depth, &file->unknown3 )) + return False; + if ( !prs_uint32( "unknown4", ps, depth, &file->unknown4 )) + return False; + if ( !prs_uint32( "unknown5", ps, depth, &file->unknown5 )) + return False; + + /* get file offsets */ + + if ( !prs_set_offset( ps, 0x24 ) ) + return False; + if ( !prs_uint32( "data_offset", ps, depth, &file->data_offset )) + return False; + if ( !prs_uint32( "last_block", ps, depth, &file->last_block )) + return False; + + /* one more constant */ + + if ( !prs_uint32( "unknown6", ps, depth, &file->unknown6 )) + return False; + + /* get the checksum */ + + if ( !prs_set_offset( ps, 0x01fc ) ) + return False; + if ( !prs_uint32( "checksum", ps, depth, &file->checksum )) + return False; + + return True; +} + +/******************************************************************* +*******************************************************************/ + +static bool prs_hbin_block( const char *desc, prs_struct *ps, int depth, REGF_HBIN *hbin ) +{ + uint32_t block_size2; + + prs_debug(ps, depth, desc, "prs_hbin_block"); + depth++; + + if ( !prs_uint8s( True, "header", ps, depth, (uint8_t*)hbin->header, sizeof( hbin->header )) ) + return False; + + if ( !prs_uint32( "first_hbin_off", ps, depth, &hbin->first_hbin_off )) + return False; + + /* The dosreg.cpp comments say that the block size is at 0x1c. + According to a WINXP NTUSER.dat file, this is wrong. The block_size + is at 0x08 */ + + if ( !prs_uint32( "block_size", ps, depth, &hbin->block_size )) + return False; + + block_size2 = hbin->block_size; + prs_set_offset( ps, 0x1c ); + if ( !prs_uint32( "block_size2", ps, depth, &block_size2 )) + return False; + + if ( MARSHALLING(ps) ) + hbin->dirty = True; + + + return True; +} + +/******************************************************************* +*******************************************************************/ + +static bool prs_nk_rec( const char *desc, prs_struct *ps, int depth, REGF_NK_REC *nk ) +{ + uint16_t class_length, name_length; + uint32_t start; + uint32_t data_size, start_off, end_off; + uint32_t unknown_off = REGF_OFFSET_NONE; + + nk->hbin_off = prs_offset( ps ); + start = nk->hbin_off; + + prs_debug(ps, depth, desc, "prs_nk_rec"); + depth++; + + /* back up and get the data_size */ + + if ( !prs_set_offset( ps, prs_offset(ps)-sizeof(uint32_t)) ) + return False; + start_off = prs_offset( ps ); + if ( !prs_uint32( "rec_size", ps, depth, &nk->rec_size )) + return False; + + if ( !prs_uint8s( True, "header", ps, depth, (uint8_t *)nk->header, sizeof( nk->header )) ) + return False; + + if ( !prs_uint16( "key_type", ps, depth, &nk->key_type )) + return False; + if ( !smb_io_time( "mtime", &nk->mtime, ps, depth )) + return False; + + if ( !prs_set_offset( ps, start+0x0010 ) ) + return False; + if ( !prs_uint32( "parent_off", ps, depth, &nk->parent_off )) + return False; + if ( !prs_uint32( "num_subkeys", ps, depth, &nk->num_subkeys )) + return False; + + if ( !prs_set_offset( ps, start+0x001c ) ) + return False; + if ( !prs_uint32( "subkeys_off", ps, depth, &nk->subkeys_off )) + return False; + if ( !prs_uint32( "unknown_off", ps, depth, &unknown_off) ) + return False; + + if ( !prs_set_offset( ps, start+0x0024 ) ) + return False; + if ( !prs_uint32( "num_values", ps, depth, &nk->num_values )) + return False; + if ( !prs_uint32( "values_off", ps, depth, &nk->values_off )) + return False; + if ( !prs_uint32( "sk_off", ps, depth, &nk->sk_off )) + return False; + if ( !prs_uint32( "classname_off", ps, depth, &nk->classname_off )) + return False; + + if ( !prs_uint32( "max_bytes_subkeyname", ps, depth, &nk->max_bytes_subkeyname)) + return False; + if ( !prs_uint32( "max_bytes_subkeyclassname", ps, depth, &nk->max_bytes_subkeyclassname)) + return False; + if ( !prs_uint32( "max_bytes_valuename", ps, depth, &nk->max_bytes_valuename)) + return False; + if ( !prs_uint32( "max_bytes_value", ps, depth, &nk->max_bytes_value)) + return False; + if ( !prs_uint32( "unknown index", ps, depth, &nk->unk_index)) + return False; + + name_length = nk->keyname ? strlen(nk->keyname) : 0 ; + class_length = nk->classname ? strlen(nk->classname) : 0 ; + if ( !prs_uint16( "name_length", ps, depth, &name_length )) + return False; + if ( !prs_uint16( "class_length", ps, depth, &class_length )) + return False; + + if ( class_length ) { + ;; + } + + if ( name_length ) { + if ( UNMARSHALLING(ps) ) { + if ( !(nk->keyname = PRS_ALLOC_MEM( ps, char, name_length+1 )) ) + return False; + } + + if ( !prs_uint8s( True, "name", ps, depth, (uint8_t *)nk->keyname, name_length) ) + return False; + + if ( UNMARSHALLING(ps) ) + nk->keyname[name_length] = '\0'; + } + + end_off = prs_offset( ps ); + + /* data_size must be divisible by 8 and large enough to hold the original record */ + + data_size = ((start_off - end_off) & 0xfffffff8 ); + if ( data_size > nk->rec_size ) + DEBUG(10,("Encountered reused record (0x%x < 0x%x)\n", data_size, nk->rec_size)); + + if ( MARSHALLING(ps) ) + nk->hbin->dirty = True; + + return True; +} + +/******************************************************************* +*******************************************************************/ + +static uint32_t regf_block_checksum( prs_struct *ps ) +{ + char *buffer = prs_data_p( ps ); + uint32_t checksum, x; + int i; + + /* XOR of all bytes 0x0000 - 0x01FB */ + + checksum = x = 0; + + for ( i=0; i<0x01FB; i+=4 ) { + x = IVAL(buffer, i ); + checksum ^= x; + } + + return checksum; +} + +/******************************************************************* +*******************************************************************/ + +static bool read_regf_block( REGF_FILE *file ) +{ + prs_struct ps; + uint32_t checksum; + + /* grab the first block from the file */ + + if ( read_block( file, &ps, 0, REGF_BLOCKSIZE ) == -1 ) + return False; + + /* parse the block and verify the checksum */ + + if ( !prs_regf_block( "regf_header", &ps, 0, file ) ) + return False; + + checksum = regf_block_checksum( &ps ); + + prs_mem_free( &ps ); + + if ( file->checksum != checksum && !file->ignore_checksums) { + DEBUG(0,("read_regf_block: invalid checksum\n" )); + return False; + } + + return True; +} + +/******************************************************************* +*******************************************************************/ + +static REGF_HBIN* read_hbin_block( REGF_FILE *file, off_t offset ) +{ + REGF_HBIN *hbin; + uint32_t record_size, curr_off, block_size, header; + + if ( !(hbin = talloc_zero(file->mem_ctx, REGF_HBIN)) ) + return NULL; + hbin->file_off = offset; + hbin->free_off = -1; + + if ( read_block( file, &hbin->ps, offset, 0 ) == -1 ) + return NULL; + + if ( !prs_hbin_block( "hbin", &hbin->ps, 0, hbin ) ) + return NULL; + + /* this should be the same thing as hbin->block_size but just in case */ + + block_size = prs_data_size( &hbin->ps ); + + /* Find the available free space offset. Always at the end, + so walk the record list and stop when you get to the end. + The end is defined by a record header of 0xffffffff. The + previous 4 bytes contains the amount of free space remaining + in the hbin block. */ + + /* remember that the record_size is in the 4 bytes preceding the record itself */ + + if ( !prs_set_offset( &hbin->ps, file->data_offset+HBIN_HDR_SIZE-sizeof(uint32_t) ) ) + return NULL; + + record_size = 0; + header = 0; + curr_off = prs_offset( &hbin->ps ); + while ( header != 0xffffffff ) { + /* not done yet so reset the current offset to the + next record_size field */ + + curr_off = curr_off+record_size; + + /* for some reason the record_size of the last record in + an hbin block can extend past the end of the block + even though the record fits within the remaining + space....aaarrrgggghhhhhh */ + + if ( curr_off >= block_size ) { + record_size = -1; + curr_off = -1; + break; + } + + if ( !prs_set_offset( &hbin->ps, curr_off) ) + return NULL; + + if ( !prs_uint32( "rec_size", &hbin->ps, 0, &record_size ) ) + return NULL; + if ( !prs_uint32( "header", &hbin->ps, 0, &header ) ) + return NULL; + + if (record_size == 0) + return NULL; + + if ( record_size & 0x80000000 ) { + /* absolute_value(record_size) */ + record_size = (record_size ^ 0xffffffff) + 1; + } + } + + /* save the free space offset */ + + if ( header == 0xffffffff ) { + + /* account for the fact that the curr_off is 4 bytes behind the actual + record header */ + + hbin->free_off = curr_off + sizeof(uint32_t); + hbin->free_size = record_size; + } + + DEBUG(10,("read_hbin_block: free space offset == 0x%x\n", hbin->free_off)); + + if ( !prs_set_offset( &hbin->ps, file->data_offset+HBIN_HDR_SIZE ) ) + return NULL; + + return hbin; +} + +/******************************************************************* + Input a random offset and receive the corresponding HBIN + block for it +*******************************************************************/ + +static bool hbin_contains_offset( REGF_HBIN *hbin, uint32_t offset ) +{ + if ( !hbin ) + return False; + + if ( (offset > hbin->first_hbin_off) && (offset < (hbin->first_hbin_off+hbin->block_size)) ) + return True; + + return False; +} + +/******************************************************************* + Input a random offset and receive the corresponding HBIN + block for it +*******************************************************************/ + +static REGF_HBIN* lookup_hbin_block( REGF_FILE *file, uint32_t offset ) +{ + REGF_HBIN *hbin = NULL; + uint32_t block_off; + + /* start with the open list */ + + for ( hbin=file->block_list; hbin; hbin=hbin->next ) { + DEBUG(10,("lookup_hbin_block: address = 0x%x [0x%lx]\n", hbin->file_off, (unsigned long)hbin )); + if ( hbin_contains_offset( hbin, offset ) ) + return hbin; + } + + if ( !hbin ) { + /* start at the beginning */ + + block_off = REGF_BLOCKSIZE; + do { + /* cleanup before the next round */ + if ( hbin ) + prs_mem_free( &hbin->ps ); + + hbin = read_hbin_block( file, block_off ); + + if ( hbin ) + block_off = hbin->file_off + hbin->block_size; + + } while ( hbin && !hbin_contains_offset( hbin, offset ) ); + } + + if ( hbin ) + DLIST_ADD( file->block_list, hbin ); + + return hbin; +} + +/******************************************************************* +*******************************************************************/ + +static bool prs_hash_rec( const char *desc, prs_struct *ps, int depth, REGF_HASH_REC *hash ) +{ + prs_debug(ps, depth, desc, "prs_hash_rec"); + depth++; + + if ( !prs_uint32( "nk_off", ps, depth, &hash->nk_off )) + return False; + if ( !prs_uint8s( True, "keycheck", ps, depth, hash->keycheck, sizeof( hash->keycheck )) ) + return False; + + return True; +} + +/******************************************************************* +*******************************************************************/ + +static bool hbin_prs_lf_records( const char *desc, REGF_HBIN *hbin, int depth, REGF_NK_REC *nk ) +{ + int i; + REGF_LF_REC *lf = &nk->subkeys; + uint32_t data_size, start_off, end_off; + + prs_debug(&hbin->ps, depth, desc, "prs_lf_records"); + depth++; + + /* check if we have anything to do first */ + + if ( nk->num_subkeys == 0 ) + return True; + + /* move to the LF record */ + + if ( !prs_set_offset( &hbin->ps, nk->subkeys_off + HBIN_HDR_SIZE - hbin->first_hbin_off ) ) + return False; + + /* backup and get the data_size */ + + if ( !prs_set_offset( &hbin->ps, prs_offset(&hbin->ps)-sizeof(uint32_t)) ) + return False; + start_off = prs_offset( &hbin->ps ); + if ( !prs_uint32( "rec_size", &hbin->ps, depth, &lf->rec_size )) + return False; + + if ( !prs_uint8s( True, "header", &hbin->ps, depth, (uint8_t *)lf->header, sizeof( lf->header )) ) + return False; + + if ( !prs_uint16( "num_keys", &hbin->ps, depth, &lf->num_keys)) + return False; + + if ( UNMARSHALLING(&hbin->ps) ) { + if (lf->num_keys) { + if ( !(lf->hashes = PRS_ALLOC_MEM( &hbin->ps, REGF_HASH_REC, lf->num_keys )) ) + return False; + } else { + lf->hashes = NULL; + } + } + + for ( i=0; i<lf->num_keys; i++ ) { + if ( !prs_hash_rec( "hash_rec", &hbin->ps, depth, &lf->hashes[i] ) ) + return False; + } + + end_off = prs_offset( &hbin->ps ); + + /* data_size must be divisible by 8 and large enough to hold the original record */ + + data_size = ((start_off - end_off) & 0xfffffff8 ); + if ( data_size > lf->rec_size ) + DEBUG(10,("Encountered reused record (0x%x < 0x%x)\n", data_size, lf->rec_size)); + + if ( MARSHALLING(&hbin->ps) ) + hbin->dirty = True; + + return True; +} + +/******************************************************************* +*******************************************************************/ + +static bool hbin_prs_sk_rec( const char *desc, REGF_HBIN *hbin, int depth, REGF_SK_REC *sk ) +{ + prs_struct *ps = &hbin->ps; + uint16_t tag = 0xFFFF; + uint32_t data_size, start_off, end_off; + + + prs_debug(ps, depth, desc, "hbin_prs_sk_rec"); + depth++; + + if ( !prs_set_offset( &hbin->ps, sk->sk_off + HBIN_HDR_SIZE - hbin->first_hbin_off ) ) + return False; + + /* backup and get the data_size */ + + if ( !prs_set_offset( &hbin->ps, prs_offset(&hbin->ps)-sizeof(uint32_t)) ) + return False; + start_off = prs_offset( &hbin->ps ); + if ( !prs_uint32( "rec_size", &hbin->ps, depth, &sk->rec_size )) + return False; + + if ( !prs_uint8s( True, "header", ps, depth, (uint8_t *)sk->header, sizeof( sk->header )) ) + return False; + if ( !prs_uint16( "tag", ps, depth, &tag)) + return False; + + if ( !prs_uint32( "prev_sk_off", ps, depth, &sk->prev_sk_off)) + return False; + if ( !prs_uint32( "next_sk_off", ps, depth, &sk->next_sk_off)) + return False; + if ( !prs_uint32( "ref_count", ps, depth, &sk->ref_count)) + return False; + if ( !prs_uint32( "size", ps, depth, &sk->size)) + return False; + + { + NTSTATUS status; + TALLOC_CTX *mem_ctx = prs_get_mem_context(&hbin->ps); + DATA_BLOB blob; + + if (MARSHALLING(&hbin->ps)) { + status = marshall_sec_desc(mem_ctx, + sk->sec_desc, + &blob.data, &blob.length); + if (!NT_STATUS_IS_OK(status)) + return False; + if (!prs_copy_data_in(&hbin->ps, (const char *)blob.data, blob.length)) + return False; + } else { + blob = data_blob_const( + prs_data_p(&hbin->ps) + prs_offset(&hbin->ps), + prs_data_size(&hbin->ps) - prs_offset(&hbin->ps) + ); + status = unmarshall_sec_desc(mem_ctx, + blob.data, blob.length, + &sk->sec_desc); + if (!NT_STATUS_IS_OK(status)) + return False; + prs_set_offset(&hbin->ps, blob.length); + } + } + + end_off = prs_offset( &hbin->ps ); + + /* data_size must be divisible by 8 and large enough to hold the original record */ + + data_size = ((start_off - end_off) & 0xfffffff8 ); + if ( data_size > sk->rec_size ) + DEBUG(10,("Encountered reused record (0x%x < 0x%x)\n", data_size, sk->rec_size)); + + if ( MARSHALLING(&hbin->ps) ) + hbin->dirty = True; + + return True; +} + +/******************************************************************* +*******************************************************************/ + +static bool hbin_prs_vk_rec( const char *desc, REGF_HBIN *hbin, int depth, REGF_VK_REC *vk, REGF_FILE *file ) +{ + uint32_t offset; + uint16_t name_length; + prs_struct *ps = &hbin->ps; + uint32_t data_size, start_off, end_off; + + prs_debug(ps, depth, desc, "prs_vk_rec"); + depth++; + + /* backup and get the data_size */ + + if ( !prs_set_offset( &hbin->ps, prs_offset(&hbin->ps)-sizeof(uint32_t)) ) + return False; + start_off = prs_offset( &hbin->ps ); + if ( !prs_uint32( "rec_size", &hbin->ps, depth, &vk->rec_size )) + return False; + + if ( !prs_uint8s( True, "header", ps, depth, (uint8_t *)vk->header, sizeof( vk->header )) ) + return False; + + if ( MARSHALLING(&hbin->ps) ) + name_length = strlen(vk->valuename); + + if ( !prs_uint16( "name_length", ps, depth, &name_length )) + return False; + if ( !prs_uint32( "data_size", ps, depth, &vk->data_size )) + return False; + if ( !prs_uint32( "data_off", ps, depth, &vk->data_off )) + return False; + if ( !prs_uint32( "type", ps, depth, &vk->type)) + return False; + if ( !prs_uint16( "flag", ps, depth, &vk->flag)) + return False; + + offset = prs_offset( ps ); + offset += 2; /* skip 2 bytes */ + prs_set_offset( ps, offset ); + + /* get the name */ + + if ( vk->flag&VK_FLAG_NAME_PRESENT ) { + + if ( UNMARSHALLING(&hbin->ps) ) { + if ( !(vk->valuename = PRS_ALLOC_MEM( ps, char, name_length+1 ))) + return False; + } + if ( !prs_uint8s( True, "name", ps, depth, (uint8_t *)vk->valuename, name_length ) ) + return False; + } + + end_off = prs_offset( &hbin->ps ); + + /* get the data if necessary */ + + if ( vk->data_size != 0 ) { + bool charmode = False; + + if ( (vk->type == REG_SZ) || (vk->type == REG_MULTI_SZ) ) + charmode = True; + + /* the data is stored in the offset if the size <= 4 */ + + if ( !(vk->data_size & VK_DATA_IN_OFFSET) ) { + REGF_HBIN *hblock = hbin; + uint32_t data_rec_size; + + if ( UNMARSHALLING(&hbin->ps) ) { + if ( !(vk->data = PRS_ALLOC_MEM( ps, uint8_t, vk->data_size) ) ) + return False; + } + + /* this data can be in another hbin */ + if ( !hbin_contains_offset( hbin, vk->data_off ) ) { + if ( !(hblock = lookup_hbin_block( file, vk->data_off )) ) + return False; + } + if ( !(prs_set_offset( &hblock->ps, (vk->data_off+HBIN_HDR_SIZE-hblock->first_hbin_off)-sizeof(uint32_t) )) ) + return False; + + if ( MARSHALLING(&hblock->ps) ) { + data_rec_size = ( (vk->data_size+sizeof(uint32_t)) & 0xfffffff8 ) + 8; + data_rec_size = ( data_rec_size - 1 ) ^ 0xFFFFFFFF; + } + if ( !prs_uint32( "data_rec_size", &hblock->ps, depth, &data_rec_size )) + return False; + if ( !prs_uint8s( charmode, "data", &hblock->ps, depth, vk->data, vk->data_size) ) + return False; + + if ( MARSHALLING(&hblock->ps) ) + hblock->dirty = True; + } + else { + if ( !(vk->data = PRS_ALLOC_MEM( ps, uint8_t, 4 ) ) ) + return False; + SIVAL( vk->data, 0, vk->data_off ); + } + + } + + /* data_size must be divisible by 8 and large enough to hold the original record */ + + data_size = ((start_off - end_off ) & 0xfffffff8 ); + if ( data_size != vk->rec_size ) + DEBUG(10,("prs_vk_rec: data_size check failed (0x%x < 0x%x)\n", data_size, vk->rec_size)); + + if ( MARSHALLING(&hbin->ps) ) + hbin->dirty = True; + + return True; +} + +/******************************************************************* + read a VK record which is contained in the HBIN block stored + in the prs_struct *ps. +*******************************************************************/ + +static bool hbin_prs_vk_records( const char *desc, REGF_HBIN *hbin, int depth, REGF_NK_REC *nk, REGF_FILE *file ) +{ + int i; + uint32_t record_size; + + prs_debug(&hbin->ps, depth, desc, "prs_vk_records"); + depth++; + + /* check if we have anything to do first */ + + if ( nk->num_values == 0 ) + return True; + + if ( UNMARSHALLING(&hbin->ps) ) { + if ( !(nk->values = PRS_ALLOC_MEM( &hbin->ps, REGF_VK_REC, nk->num_values ) ) ) + return False; + } + + /* convert the offset to something relative to this HBIN block */ + + if ( !prs_set_offset( &hbin->ps, nk->values_off+HBIN_HDR_SIZE-hbin->first_hbin_off-sizeof(uint32_t)) ) + return False; + + if ( MARSHALLING( &hbin->ps) ) { + record_size = ( ( nk->num_values * sizeof(uint32_t) ) & 0xfffffff8 ) + 8; + record_size = (record_size - 1) ^ 0xFFFFFFFF; + } + + if ( !prs_uint32( "record_size", &hbin->ps, depth, &record_size ) ) + return False; + + for ( i=0; i<nk->num_values; i++ ) { + if ( !prs_uint32( "vk_off", &hbin->ps, depth, &nk->values[i].rec_off ) ) + return False; + } + + for ( i=0; i<nk->num_values; i++ ) { + REGF_HBIN *sub_hbin = hbin; + uint32_t new_offset; + + if ( !hbin_contains_offset( hbin, nk->values[i].rec_off ) ) { + sub_hbin = lookup_hbin_block( file, nk->values[i].rec_off ); + if ( !sub_hbin ) { + DEBUG(0,("hbin_prs_vk_records: Failed to find HBIN block containing offset [0x%x]\n", + nk->values[i].hbin_off)); + return False; + } + } + + new_offset = nk->values[i].rec_off + HBIN_HDR_SIZE - sub_hbin->first_hbin_off; + if ( !prs_set_offset( &sub_hbin->ps, new_offset ) ) + return False; + if ( !hbin_prs_vk_rec( "vk_rec", sub_hbin, depth, &nk->values[i], file ) ) + return False; + } + + if ( MARSHALLING(&hbin->ps) ) + hbin->dirty = True; + + + return True; +} + + +/******************************************************************* +*******************************************************************/ + +static REGF_SK_REC* find_sk_record_by_offset( REGF_FILE *file, uint32_t offset ) +{ + REGF_SK_REC *p_sk; + + for ( p_sk=file->sec_desc_list; p_sk; p_sk=p_sk->next ) { + if ( p_sk->sk_off == offset ) + return p_sk; + } + + return NULL; +} + +/******************************************************************* +*******************************************************************/ + +static REGF_SK_REC* find_sk_record_by_sec_desc( REGF_FILE *file, struct security_descriptor *sd ) +{ + REGF_SK_REC *p; + + for ( p=file->sec_desc_list; p; p=p->next ) { + if ( security_descriptor_equal( p->sec_desc, sd ) ) + return p; + } + + /* failure */ + + return NULL; +} + +/******************************************************************* +*******************************************************************/ + +static bool hbin_prs_key( REGF_FILE *file, REGF_HBIN *hbin, REGF_NK_REC *nk ) +{ + int depth = 0; + REGF_HBIN *sub_hbin; + + prs_debug(&hbin->ps, depth, "", "prs_key"); + depth++; + + /* get the initial nk record */ + + if ( !prs_nk_rec( "nk_rec", &hbin->ps, depth, nk )) + return False; + + /* fill in values */ + + if ( nk->num_values && (nk->values_off!=REGF_OFFSET_NONE) ) { + sub_hbin = hbin; + if ( !hbin_contains_offset( hbin, nk->values_off ) ) { + sub_hbin = lookup_hbin_block( file, nk->values_off ); + if ( !sub_hbin ) { + DEBUG(0,("hbin_prs_key: Failed to find HBIN block containing value_list_offset [0x%x]\n", + nk->values_off)); + return False; + } + } + + if ( !hbin_prs_vk_records( "vk_rec", sub_hbin, depth, nk, file )) + return False; + } + + /* now get subkeys */ + + if ( nk->num_subkeys && (nk->subkeys_off!=REGF_OFFSET_NONE) ) { + sub_hbin = hbin; + if ( !hbin_contains_offset( hbin, nk->subkeys_off ) ) { + sub_hbin = lookup_hbin_block( file, nk->subkeys_off ); + if ( !sub_hbin ) { + DEBUG(0,("hbin_prs_key: Failed to find HBIN block containing subkey_offset [0x%x]\n", + nk->subkeys_off)); + return False; + } + } + + if ( !hbin_prs_lf_records( "lf_rec", sub_hbin, depth, nk )) + return False; + } + + /* get the to the security descriptor. First look if we have already parsed it */ + + if ( (nk->sk_off!=REGF_OFFSET_NONE) && !( nk->sec_desc = find_sk_record_by_offset( file, nk->sk_off )) ) { + + sub_hbin = hbin; + if ( !hbin_contains_offset( hbin, nk->sk_off ) ) { + sub_hbin = lookup_hbin_block( file, nk->sk_off ); + if ( !sub_hbin ) { + DEBUG(0,("hbin_prs_key: Failed to find HBIN block containing sk_off [0x%x]\n", + nk->sk_off)); + return False; + } + } + + if ( !(nk->sec_desc = talloc_zero( file->mem_ctx, REGF_SK_REC )) ) + return False; + nk->sec_desc->sk_off = nk->sk_off; + if ( !hbin_prs_sk_rec( "sk_rec", sub_hbin, depth, nk->sec_desc )) + return False; + + /* add to the list of security descriptors (ref_count has been read from the files) */ + + nk->sec_desc->sk_off = nk->sk_off; + DLIST_ADD( file->sec_desc_list, nk->sec_desc ); + } + + return True; +} + +/******************************************************************* +*******************************************************************/ + +static bool next_record( REGF_HBIN *hbin, const char *hdr, bool *eob ) +{ + uint8_t header[REC_HDR_SIZE]; + uint32_t record_size; + uint32_t curr_off, block_size; + bool found = False; + prs_struct *ps = &hbin->ps; + + curr_off = prs_offset( ps ); + if ( curr_off == 0 ) + prs_set_offset( ps, HBIN_HEADER_REC_SIZE ); + + /* assume that the current offset is at the record header + and we need to backup to read the record size */ + + curr_off -= sizeof(uint32_t); + + block_size = prs_data_size( ps ); + record_size = 0; + memset( header, 0x0, sizeof(uint8_t)*REC_HDR_SIZE ); + while ( !found ) { + + curr_off = curr_off+record_size; + if ( curr_off >= block_size ) + break; + + if ( !prs_set_offset( &hbin->ps, curr_off) ) + return False; + + if ( !prs_uint32( "record_size", ps, 0, &record_size ) ) + return False; + if ( !prs_uint8s( True, "header", ps, 0, header, REC_HDR_SIZE ) ) + return False; + + if (record_size & 0x80000000) { + /* absolute_value(record_size) */ + record_size = (record_size ^ 0xffffffff) + 1; + } + + if (record_size < sizeof(REC_HDR_SIZE)) { + return false; + } + + if (memcmp(header, hdr, REC_HDR_SIZE) == 0) { + found = True; + curr_off += sizeof(uint32_t); + } + } + + /* mark prs_struct as done ( at end ) if no more SK records */ + /* mark end-of-block as True */ + + if ( !found ) { + prs_set_offset( &hbin->ps, prs_data_size(&hbin->ps) ); + *eob = True; + return False; + } + + if ( !prs_set_offset( ps, curr_off ) ) + return False; + + return True; +} + +/******************************************************************* +*******************************************************************/ + +static bool next_nk_record( REGF_FILE *file, REGF_HBIN *hbin, REGF_NK_REC *nk, bool *eob ) +{ + if ( next_record( hbin, "nk", eob ) && hbin_prs_key( file, hbin, nk ) ) + return True; + + return False; +} + +/******************************************************************* + Intialize the newly created REGF_BLOCK in *file and write the + block header to disk +*******************************************************************/ + +static bool init_regf_block( REGF_FILE *file ) +{ + prs_struct ps; + bool result = True; + + if ( !prs_init( &ps, REGF_BLOCKSIZE, file->mem_ctx, MARSHALL ) ) + return False; + + memcpy( file->header, "regf", REGF_HDR_SIZE ); + file->data_offset = 0x20; + file->last_block = 0x1000; + + /* set mod time */ + + unix_to_nt_time( &file->mtime, time(NULL) ); + + /* hard coded values...no diea what these are ... maybe in time */ + + file->unknown1 = 0x2; + file->unknown2 = 0x1; + file->unknown3 = 0x3; + file->unknown4 = 0x0; + file->unknown5 = 0x1; + file->unknown6 = 0x1; + + /* write header to the buffer */ + + if ( !prs_regf_block( "regf_header", &ps, 0, file ) ) { + result = False; + goto out; + } + + /* calculate the checksum, re-marshall data (to include the checksum) + and write to disk */ + + file->checksum = regf_block_checksum( &ps ); + prs_set_offset( &ps, 0 ); + if ( !prs_regf_block( "regf_header", &ps, 0, file ) ) { + result = False; + goto out; + } + + if ( write_block( file, &ps, 0 ) == -1 ) { + DEBUG(0,("init_regf_block: Failed to initialize registry header block!\n")); + result = False; + goto out; + } + +out: + prs_mem_free( &ps ); + + return result; +} +/******************************************************************* + Open the registry file and then read in the REGF block to get the + first hbin offset. +*******************************************************************/ + + REGF_FILE* regfio_open( const char *filename, int flags, int mode ) +{ + REGF_FILE *rb; + + if ( !(rb = SMB_MALLOC_P(REGF_FILE)) ) { + DEBUG(0,("ERROR allocating memory\n")); + return NULL; + } + ZERO_STRUCTP( rb ); + rb->fd = -1; + rb->ignore_checksums = false; + + if ( !(rb->mem_ctx = talloc_init( "regfio_open" )) ) { + regfio_close( rb ); + return NULL; + } + + rb->open_flags = flags; + + /* open and existing file */ + + if ( (rb->fd = open(filename, flags, mode)) == -1 ) { + DEBUG(0,("regfio_open: failure to open %s (%s)\n", filename, strerror(errno))); + regfio_close( rb ); + return NULL; + } + + /* check if we are creating a new file or overwriting an existing one */ + + if ( flags & (O_CREAT|O_TRUNC) ) { + if ( !init_regf_block( rb ) ) { + DEBUG(0,("regfio_open: Failed to read initial REGF block\n")); + regfio_close( rb ); + return NULL; + } + + /* success */ + return rb; + } + + /* read in an existing file */ + + if ( !read_regf_block( rb ) ) { + DEBUG(0,("regfio_open: Failed to read initial REGF block\n")); + regfio_close( rb ); + return NULL; + } + + /* success */ + + return rb; +} + +/******************************************************************* +*******************************************************************/ + +static void regfio_mem_free( REGF_FILE *file ) +{ + /* free any talloc()'d memory */ + + if ( file && file->mem_ctx ) + talloc_destroy( file->mem_ctx ); +} + +/******************************************************************* +*******************************************************************/ + + int regfio_close( REGF_FILE *file ) +{ + int fd; + + /* cleanup for a file opened for write */ + + if ((file->fd != -1) && (file->open_flags & (O_WRONLY|O_RDWR))) { + prs_struct ps; + REGF_SK_REC *sk; + + /* write of sd list */ + + for ( sk=file->sec_desc_list; sk; sk=sk->next ) { + hbin_prs_sk_rec( "sk_rec", sk->hbin, 0, sk ); + } + + /* flush any dirty blocks */ + + while ( file->block_list ) { + hbin_block_close( file, file->block_list ); + } + + ZERO_STRUCT( ps ); + + unix_to_nt_time( &file->mtime, time(NULL) ); + + if ( read_block( file, &ps, 0, REGF_BLOCKSIZE ) != -1 ) { + /* now use for writing */ + prs_switch_type( &ps, MARSHALL ); + + /* stream the block once, generate the checksum, + and stream it again */ + prs_set_offset( &ps, 0 ); + prs_regf_block( "regf_blocK", &ps, 0, file ); + file->checksum = regf_block_checksum( &ps ); + prs_set_offset( &ps, 0 ); + prs_regf_block( "regf_blocK", &ps, 0, file ); + + /* now we are ready to write it to disk */ + if ( write_block( file, &ps, 0 ) == -1 ) + DEBUG(0,("regfio_close: failed to update the regf header block!\n")); + } + + prs_mem_free( &ps ); + } + + regfio_mem_free( file ); + + /* nothing tdo do if there is no open file */ + + if (file->fd == -1) + return 0; + + fd = file->fd; + file->fd = -1; + SAFE_FREE( file ); + + return close( fd ); +} + +/******************************************************************* +*******************************************************************/ + +static void regfio_flush( REGF_FILE *file ) +{ + REGF_HBIN *hbin; + + for ( hbin=file->block_list; hbin; hbin=hbin->next ) { + write_hbin_block( file, hbin ); + } +} + +/******************************************************************* + There should be only *one* root key in the registry file based + on my experience. --jerry +*******************************************************************/ + +REGF_NK_REC* regfio_rootkey( REGF_FILE *file ) +{ + REGF_NK_REC *nk; + REGF_HBIN *hbin; + uint32_t offset = REGF_BLOCKSIZE; + bool found = False; + bool eob; + + if ( !file ) + return NULL; + + if ( !(nk = talloc_zero( file->mem_ctx, REGF_NK_REC )) ) { + DEBUG(0,("regfio_rootkey: talloc() failed!\n")); + return NULL; + } + + /* scan through the file on HBIN block at a time looking + for an NK record with a type == 0x002c. + Normally this is the first nk record in the first hbin + block (but I'm not assuming that for now) */ + + while ( (hbin = read_hbin_block( file, offset )) ) { + eob = False; + + while ( !eob) { + if ( next_nk_record( file, hbin, nk, &eob ) ) { + if ( nk->key_type == NK_TYPE_ROOTKEY ) { + found = True; + break; + } + } + prs_mem_free( &hbin->ps ); + } + + if ( found ) + break; + + offset += hbin->block_size; + } + + if ( !found ) { + DEBUG(0,("regfio_rootkey: corrupt registry file ? No root key record located\n")); + return NULL; + } + + DLIST_ADD( file->block_list, hbin ); + + return nk; +} + +/******************************************************************* + This acts as an interator over the subkeys defined for a given + NK record. Remember that offsets are from the *first* HBIN block. +*******************************************************************/ + + REGF_NK_REC* regfio_fetch_subkey( REGF_FILE *file, REGF_NK_REC *nk ) +{ + REGF_NK_REC *subkey; + REGF_HBIN *hbin; + uint32_t nk_offset; + + /* see if there is anything left to report */ + + if (nk == NULL || + nk->subkeys.hashes == NULL || + nk->subkey_index >= nk->subkeys.num_keys || + (nk->subkeys_off == REGF_OFFSET_NONE) || + (nk->subkey_index >= nk->num_subkeys)) { + return NULL; + } + + /* find the HBIN block which should contain the nk record */ + + hbin = lookup_hbin_block(file, + nk->subkeys.hashes[nk->subkey_index].nk_off); + if (hbin == NULL) { + DEBUG(0,("hbin_prs_key: Failed to find HBIN block containing offset [0x%x]\n", + nk->subkeys.hashes[nk->subkey_index].nk_off)); + return NULL; + } + + nk_offset = nk->subkeys.hashes[nk->subkey_index].nk_off; + if ( !prs_set_offset( &hbin->ps, (HBIN_HDR_SIZE + nk_offset - hbin->first_hbin_off) ) ) + return NULL; + + nk->subkey_index++; + if ( !(subkey = talloc_zero( file->mem_ctx, REGF_NK_REC )) ) + return NULL; + + if ( !hbin_prs_key( file, hbin, subkey ) ) + return NULL; + + return subkey; +} + + +/******************************************************************* +*******************************************************************/ + +static REGF_HBIN* regf_hbin_allocate( REGF_FILE *file, uint32_t block_size ) +{ + REGF_HBIN *hbin; + SMB_STRUCT_STAT sbuf; + + if ( !(hbin = talloc_zero( file->mem_ctx, REGF_HBIN )) ) + return NULL; + + memcpy( hbin->header, "hbin", HBIN_HDR_SIZE); + + + if (sys_fstat(file->fd, &sbuf, false)) { + DEBUG(0,("regf_hbin_allocate: stat() failed! (%s)\n", strerror(errno))); + return NULL; + } + + hbin->file_off = sbuf.st_ex_size; + + hbin->free_off = HBIN_HEADER_REC_SIZE; + hbin->free_size = block_size - hbin->free_off + sizeof(uint32_t); + + hbin->block_size = block_size; + hbin->first_hbin_off = hbin->file_off - REGF_BLOCKSIZE; + + if ( !prs_init( &hbin->ps, block_size, file->mem_ctx, MARSHALL ) ) + return NULL; + + if ( !prs_hbin_block( "new_hbin", &hbin->ps, 0, hbin ) ) + return NULL; + + if ( !write_hbin_block( file, hbin ) ) + return NULL; + + file->last_block = hbin->file_off; + + return hbin; +} + +/******************************************************************* +*******************************************************************/ + +static void update_free_space( REGF_HBIN *hbin, uint32_t size_used ) +{ + hbin->free_off += size_used; + hbin->free_size -= size_used; + + if ( hbin->free_off >= hbin->block_size ) { + hbin->free_off = REGF_OFFSET_NONE; + } + + return; +} + +/******************************************************************* +*******************************************************************/ + +static REGF_HBIN* find_free_space( REGF_FILE *file, uint32_t size ) +{ + REGF_HBIN *hbin, *p_hbin; + uint32_t block_off; + bool cached; + + /* check open block list */ + + for ( hbin=file->block_list; hbin!=NULL; hbin=hbin->next ) { + /* only check blocks that actually have available space */ + + if ( hbin->free_off == REGF_OFFSET_NONE ) + continue; + + /* check for a large enough available chunk */ + + if ( (hbin->block_size - hbin->free_off) >= size ) { + DLIST_PROMOTE( file->block_list, hbin ); + goto done; + } + } + + /* parse the file until we find a block with + enough free space; save the last non-filled hbin */ + + block_off = REGF_BLOCKSIZE; + do { + /* cleanup before the next round */ + cached = False; + if ( hbin ) + prs_mem_free( &hbin->ps ); + + hbin = read_hbin_block( file, block_off ); + + if ( hbin ) { + + /* make sure that we don't already have this block in memory */ + + for ( p_hbin=file->block_list; p_hbin!=NULL; p_hbin=p_hbin->next ) { + if ( p_hbin->file_off == hbin->file_off ) { + cached = True; + break; + } + } + + block_off = hbin->file_off + hbin->block_size; + + if ( cached ) { + prs_mem_free( &hbin->ps ); + hbin = NULL; + continue; + } + } + /* if (cached block or (new block and not enough free space)) then continue looping */ + } while ( cached || (hbin && (hbin->free_size < size)) ); + + /* no free space; allocate a new one */ + + if ( !hbin ) { + uint32_t alloc_size; + + /* allocate in multiples of REGF_ALLOC_BLOCK; make sure (size + hbin_header) fits */ + + alloc_size = (((size+HBIN_HEADER_REC_SIZE) / REGF_ALLOC_BLOCK ) + 1 ) * REGF_ALLOC_BLOCK; + + if ( !(hbin = regf_hbin_allocate( file, alloc_size )) ) { + DEBUG(0,("find_free_space: regf_hbin_allocate() failed!\n")); + return NULL; + } + DLIST_ADD( file->block_list, hbin ); + } + +done: + /* set the offset to be ready to write */ + + if ( !prs_set_offset( &hbin->ps, hbin->free_off-sizeof(uint32_t) ) ) + return NULL; + + /* write the record size as a placeholder for now, it should be + probably updated by the caller once it all of the data necessary + for the record */ + + if ( !prs_uint32("allocated_size", &hbin->ps, 0, &size) ) + return NULL; + + update_free_space( hbin, size ); + + return hbin; +} + +/******************************************************************* +*******************************************************************/ + +static uint32_t sk_record_data_size( struct security_descriptor * sd ) +{ + uint32_t size, size_mod8; + + size_mod8 = 0; + + /* the record size is sizeof(hdr) + name + static members + data_size_field */ + + size = sizeof(uint32_t)*5 + ndr_size_security_descriptor(sd, 0) + sizeof(uint32_t); + + /* multiple of 8 */ + size_mod8 = size & 0xfffffff8; + if ( size_mod8 < size ) + size_mod8 += 8; + + return size_mod8; +} + +/******************************************************************* +*******************************************************************/ + +static uint32_t vk_record_data_size( REGF_VK_REC *vk ) +{ + uint32_t size, size_mod8; + + size_mod8 = 0; + + /* the record size is sizeof(hdr) + name + static members + data_size_field */ + + size = REC_HDR_SIZE + (sizeof(uint16_t)*3) + (sizeof(uint32_t)*3) + sizeof(uint32_t); + + if ( vk->valuename ) + size += strlen(vk->valuename); + + /* multiple of 8 */ + size_mod8 = size & 0xfffffff8; + if ( size_mod8 < size ) + size_mod8 += 8; + + return size_mod8; +} + +/******************************************************************* +*******************************************************************/ + +static uint32_t lf_record_data_size( uint32_t num_keys ) +{ + uint32_t size, size_mod8; + + size_mod8 = 0; + + /* the record size is sizeof(hdr) + num_keys + sizeof of hash_array + data_size_uint32_t */ + + size = REC_HDR_SIZE + sizeof(uint16_t) + (sizeof(REGF_HASH_REC) * num_keys) + sizeof(uint32_t); + + /* multiple of 8 */ + size_mod8 = size & 0xfffffff8; + if ( size_mod8 < size ) + size_mod8 += 8; + + return size_mod8; +} + +/******************************************************************* +*******************************************************************/ + +static uint32_t nk_record_data_size( REGF_NK_REC *nk ) +{ + uint32_t size, size_mod8; + + size_mod8 = 0; + + /* the record size is static + length_of_keyname + length_of_classname + data_size_uint32_t */ + + size = 0x4c + strlen(nk->keyname) + sizeof(uint32_t); + + if ( nk->classname ) + size += strlen( nk->classname ); + + /* multiple of 8 */ + size_mod8 = size & 0xfffffff8; + if ( size_mod8 < size ) + size_mod8 += 8; + + return size_mod8; +} + +/******************************************************************* +*******************************************************************/ + +static bool create_vk_record(REGF_FILE *file, REGF_VK_REC *vk, + struct regval_blob *value) +{ + char *name = regval_name(value); + REGF_HBIN *data_hbin; + + ZERO_STRUCTP( vk ); + + memcpy( vk->header, "vk", REC_HDR_SIZE ); + + if ( name ) { + vk->valuename = talloc_strdup( file->mem_ctx, regval_name(value) ); + vk->flag = VK_FLAG_NAME_PRESENT; + } + + vk->data_size = regval_size( value ); + vk->type = regval_type( value ); + + if ( vk->data_size > sizeof(uint32_t) ) { + uint32_t data_size = ( (vk->data_size+sizeof(uint32_t)) & 0xfffffff8 ) + 8; + + vk->data = (uint8_t *)talloc_memdup( file->mem_ctx, + regval_data_p(value), + vk->data_size ); + if (vk->data == NULL) { + return False; + } + + /* go ahead and store the offset....we'll pick this hbin block back up when + we stream the data */ + + if ((data_hbin = find_free_space(file, data_size )) == NULL) { + return False; + } + vk->data_off = prs_offset( &data_hbin->ps ) + data_hbin->first_hbin_off - HBIN_HDR_SIZE; + } + else { + /* make sure we don't try to copy from a NULL value pointer */ + + if ( vk->data_size != 0 ) + memcpy( &vk->data_off, regval_data_p(value), vk->data_size); + vk->data_size |= VK_DATA_IN_OFFSET; + } + + return True; +} + +/******************************************************************* +*******************************************************************/ + +static int hashrec_cmp( REGF_HASH_REC *h1, REGF_HASH_REC *h2 ) +{ + return strcasecmp_m( h1->fullname, h2->fullname ); +} + +/******************************************************************* +*******************************************************************/ + + REGF_NK_REC* regfio_write_key( REGF_FILE *file, const char *name, + struct regval_ctr *values, struct regsubkey_ctr *subkeys, + struct security_descriptor *sec_desc, REGF_NK_REC *parent ) +{ + REGF_NK_REC *nk; + REGF_HBIN *vlist_hbin = NULL; + uint32_t size; + + if ( !(nk = talloc_zero( file->mem_ctx, REGF_NK_REC )) ) + return NULL; + + memcpy( nk->header, "nk", REC_HDR_SIZE ); + + if ( !parent ) + nk->key_type = NK_TYPE_ROOTKEY; + else + nk->key_type = NK_TYPE_NORMALKEY; + + /* store the parent offset (or -1 if a the root key */ + + nk->parent_off = parent ? (parent->hbin_off + parent->hbin->file_off - REGF_BLOCKSIZE - HBIN_HDR_SIZE ) : REGF_OFFSET_NONE; + + /* no classname currently */ + + nk->classname_off = REGF_OFFSET_NONE; + nk->classname = NULL; + nk->keyname = talloc_strdup( file->mem_ctx, name ); + + /* current modification time */ + + unix_to_nt_time( &nk->mtime, time(NULL) ); + + /* allocate the record on disk */ + + size = nk_record_data_size( nk ); + nk->rec_size = ( size - 1 ) ^ 0XFFFFFFFF; + if ((nk->hbin = find_free_space( file, size )) == NULL) { + return NULL; + } + nk->hbin_off = prs_offset( &nk->hbin->ps ); + + /* Update the hash record in the parent */ + + if ( parent ) { + REGF_HASH_REC *hash = &parent->subkeys.hashes[parent->subkey_index]; + + hash->nk_off = prs_offset( &nk->hbin->ps ) + nk->hbin->first_hbin_off - HBIN_HDR_SIZE; + memcpy(hash->keycheck, name, MIN(strlen(name),sizeof(uint32_t))); + hash->fullname = talloc_strdup( file->mem_ctx, name ); + parent->subkey_index++; + + /* sort the list by keyname */ + TYPESAFE_QSORT(parent->subkeys.hashes, parent->subkey_index, hashrec_cmp); + + if ( !hbin_prs_lf_records( "lf_rec", parent->subkeys.hbin, 0, parent ) ) + return NULL; + } + + /* write the security descriptor */ + + nk->sk_off = REGF_OFFSET_NONE; + if ( sec_desc ) { + uint32_t sk_size = sk_record_data_size( sec_desc ); + REGF_HBIN *sk_hbin; + + /* search for it in the existing list of sd's */ + + if ( (nk->sec_desc = find_sk_record_by_sec_desc( file, sec_desc )) == NULL ) { + /* not found so add it to the list */ + + if (!(sk_hbin = find_free_space( file, sk_size ))) { + return NULL; + } + + if ( !(nk->sec_desc = talloc_zero( file->mem_ctx, REGF_SK_REC )) ) + return NULL; + + /* now we have to store the security descriptor in the list and + update the offsets */ + + memcpy( nk->sec_desc->header, "sk", REC_HDR_SIZE ); + nk->sec_desc->hbin = sk_hbin; + nk->sec_desc->hbin_off = prs_offset( &sk_hbin->ps ); + nk->sec_desc->sk_off = prs_offset( &sk_hbin->ps ) + sk_hbin->first_hbin_off - HBIN_HDR_SIZE; + nk->sec_desc->rec_size = (sk_size-1) ^ 0xFFFFFFFF; + + nk->sec_desc->sec_desc = sec_desc; + nk->sec_desc->ref_count = 0; + + /* size value must be self-inclusive */ + nk->sec_desc->size = ndr_size_security_descriptor(sec_desc, 0) + + sizeof(uint32_t); + + DLIST_ADD_END( file->sec_desc_list, nk->sec_desc); + + /* update the offsets for us and the previous sd in the list. + if this is the first record, then just set the next and prev + offsets to ourself. */ + + if ( DLIST_PREV(nk->sec_desc) ) { + REGF_SK_REC *prev = DLIST_PREV(nk->sec_desc); + + nk->sec_desc->prev_sk_off = prev->hbin_off + prev->hbin->first_hbin_off - HBIN_HDR_SIZE; + prev->next_sk_off = nk->sec_desc->sk_off; + + /* the end must loop around to the front */ + nk->sec_desc->next_sk_off = file->sec_desc_list->sk_off; + + /* and first must loop around to the tail */ + file->sec_desc_list->prev_sk_off = nk->sec_desc->sk_off; + } else { + nk->sec_desc->prev_sk_off = nk->sec_desc->sk_off; + nk->sec_desc->next_sk_off = nk->sec_desc->sk_off; + } + } + + /* bump the reference count +1 */ + + nk->sk_off = nk->sec_desc->sk_off; + nk->sec_desc->ref_count++; + } + + /* write the subkeys */ + + nk->subkeys_off = REGF_OFFSET_NONE; + if ( (nk->num_subkeys = regsubkey_ctr_numkeys( subkeys )) != 0 ) { + uint32_t lf_size = lf_record_data_size( nk->num_subkeys ); + uint32_t namelen; + int i; + + if (!(nk->subkeys.hbin = find_free_space( file, lf_size ))) { + return NULL; + } + nk->subkeys.hbin_off = prs_offset( &nk->subkeys.hbin->ps ); + nk->subkeys.rec_size = (lf_size-1) ^ 0xFFFFFFFF; + nk->subkeys_off = prs_offset( &nk->subkeys.hbin->ps ) + nk->subkeys.hbin->first_hbin_off - HBIN_HDR_SIZE; + + memcpy( nk->subkeys.header, "lf", REC_HDR_SIZE ); + + nk->subkeys.num_keys = nk->num_subkeys; + if (nk->subkeys.num_keys) { + if ( !(nk->subkeys.hashes = talloc_zero_array( file->mem_ctx, REGF_HASH_REC, nk->subkeys.num_keys )) ) + return NULL; + } else { + nk->subkeys.hashes = NULL; + } + nk->subkey_index = 0; + + /* update the max_bytes_subkey{name,classname} fields */ + for ( i=0; i<nk->num_subkeys; i++ ) { + namelen = strlen( regsubkey_ctr_specific_key(subkeys, i) ); + if ( namelen*2 > nk->max_bytes_subkeyname ) + nk->max_bytes_subkeyname = namelen * 2; + } + } + + /* write the values */ + + nk->values_off = REGF_OFFSET_NONE; + if ( (nk->num_values = regval_ctr_numvals( values )) != 0 ) { + uint32_t vlist_size = ( ( nk->num_values * sizeof(uint32_t) ) & 0xfffffff8 ) + 8; + int i; + + if (!(vlist_hbin = find_free_space( file, vlist_size ))) { + return NULL; + } + nk->values_off = prs_offset( &vlist_hbin->ps ) + vlist_hbin->first_hbin_off - HBIN_HDR_SIZE; + + if (nk->num_values) { + if ( !(nk->values = talloc_array( file->mem_ctx, REGF_VK_REC, nk->num_values )) ) + return NULL; + } else { + nk->values = NULL; + } + + /* create the vk records */ + + for ( i=0; i<nk->num_values; i++ ) { + uint32_t vk_size, namelen, datalen; + struct regval_blob *r; + + r = regval_ctr_specific_value( values, i ); + create_vk_record( file, &nk->values[i], r ); + vk_size = vk_record_data_size( &nk->values[i] ); + nk->values[i].hbin = find_free_space( file, vk_size ); + nk->values[i].hbin_off = prs_offset( &nk->values[i].hbin->ps ); + nk->values[i].rec_size = ( vk_size - 1 ) ^ 0xFFFFFFFF; + nk->values[i].rec_off = prs_offset( &nk->values[i].hbin->ps ) + + nk->values[i].hbin->first_hbin_off + - HBIN_HDR_SIZE; + + /* update the max bytes fields if necessary */ + + namelen = strlen( regval_name(r) ); + if ( namelen*2 > nk->max_bytes_valuename ) + nk->max_bytes_valuename = namelen * 2; + + datalen = regval_size( r ); + if ( datalen > nk->max_bytes_value ) + nk->max_bytes_value = datalen; + } + } + + /* stream the records */ + + prs_set_offset( &nk->hbin->ps, nk->hbin_off ); + if ( !prs_nk_rec( "nk_rec", &nk->hbin->ps, 0, nk ) ) + return NULL; + + if ( nk->num_values ) { + if ( !hbin_prs_vk_records( "vk_records", vlist_hbin, 0, nk, file ) ) + return NULL; + } + + + regfio_flush( file ); + + return nk; +} + |