| blob | 9d155a9a11a910725f9f322776f0e27d23174243 |
1 /*
2 Samba Unix/Linux SMB client utility editreg.c
3 Copyright (C) 2002 Richard Sharpe, rsharpe@richardsharpe.com
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; either version 2 of the License, or
8 (at your option) any later version.
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with this program; if not, write to the Free Software
17 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */
19 /*************************************************************************
21 A utility to edit a Windows NT/2K etc registry file.
23 Many of the ideas in here come from other people and software.
24 I first looked in Wine in misc/registry.c and was also influenced by
25 http://www.wednesday.demon.co.uk/dosreg.html
27 Which seems to contain comments from someone else. I reproduce them here
28 incase the site above disappears. It actually comes from
29 http://home.eunet.no/~pnordahl/ntpasswd/WinReg.txt.
31 The goal here is to read the registry into memory, manipulate it, and then
32 write it out if it was changed by any actions of the user.
34 The windows NT registry has 2 different blocks, where one can occur many
35 times...
37 the "regf"-Block
38 ================
40 "regf" is obviosly the abbreviation for "Registry file". "regf" is the
41 signature of the header-block which is always 4kb in size, although only
42 the first 64 bytes seem to be used and a checksum is calculated over
43 the first 0x200 bytes only!
45 Offset Size Contents
46 0x00000000 D-Word ID: ASCII-"regf" = 0x66676572
47 0x00000004 D-Word ???? //see struct REGF
48 0x00000008 D-Word ???? Always the same value as at 0x00000004
49 0x0000000C Q-Word last modify date in WinNT date-format
50 0x00000014 D-Word 1
51 0x00000018 D-Word 3
52 0x0000001C D-Word 0
53 0x00000020 D-Word 1
54 0x00000024 D-Word Offset of 1st key record
55 0x00000028 D-Word Size of the data-blocks (Filesize-4kb)
56 0x0000002C D-Word 1
57 0x000001FC D-Word Sum of all D-Words from 0x00000000 to
58 0x000001FB //XOR of all words. Nigel
60 I have analyzed more registry files (from multiple machines running
61 NT 4.0 german version) and could not find an explanation for the values
62 marked with ???? the rest of the first 4kb page is not important...
64 the "hbin"-Block
65 ================
66 I don't know what "hbin" stands for, but this block is always a multiple
67 of 4kb in size.
69 Inside these hbin-blocks the different records are placed. The memory-
70 management looks like a C-compiler heap management to me...
72 hbin-Header
73 ===========
74 Offset Size Contents
75 0x0000 D-Word ID: ASCII-"hbin" = 0x6E696268
76 0x0004 D-Word Offset from the 1st hbin-Block
77 0x0008 D-Word Offset to the next hbin-Block
78 0x001C D-Word Block-size
80 The values in 0x0008 and 0x001C should be the same, so I don't know
81 if they are correct or swapped...
83 From offset 0x0020 inside a hbin-block data is stored with the following
84 format:
86 Offset Size Contents
87 0x0000 D-Word Data-block size //this size must be a
88 multiple of 8. Nigel
89 0x0004 ???? Data
91 If the size field is negative (bit 31 set), the corresponding block
92 is free and has a size of -blocksize!
94 That does not seem to be true. All block lengths seem to be negative! (Richard Sharpe)
96 The data is stored as one record per block. Block size is a multiple
97 of 4 and the last block reaches the next hbin-block, leaving no room.
99 Records in the hbin-blocks
100 ==========================
102 nk-Record
104 The nk-record can be treated as a kombination of tree-record and
105 key-record of the win 95 registry.
107 lf-Record
109 The lf-record is the counterpart to the RGKN-record (the
110 hash-function)
112 vk-Record
114 The vk-record consists information to a single value.
116 sk-Record
118 sk (? Security Key ?) is the ACL of the registry.
120 Value-Lists
122 The value-lists contain information about which values are inside a
123 sub-key and don't have a header.
125 Datas
127 The datas of the registry are (like the value-list) stored without a
128 header.
130 All offset-values are relative to the first hbin-block and point to the
131 block-size field of the record-entry. to get the file offset, you have to add
132 the header size (4kb) and the size field (4 bytes)...
134 the nk-Record
135 =============
136 Offset Size Contents
137 0x0000 Word ID: ASCII-"nk" = 0x6B6E
138 0x0002 Word for the root-key: 0x2C, otherwise 0x20 //key symbolic links 0x10. Nigel
139 0x0004 Q-Word write-date/time in windows nt notation
140 0x0010 D-Word Offset of Owner/Parent key
141 0x0014 D-Word number of sub-Keys
142 0x001C D-Word Offset of the sub-key lf-Records
143 0x0024 D-Word number of values
144 0x0028 D-Word Offset of the Value-List
145 0x002C D-Word Offset of the sk-Record
147 0x0030 D-Word Offset of the Class-Name //see NK structure for the use of these fields. Nigel
148 0x0044 D-Word Unused (data-trash) //some kind of run time index. Does not appear to be important. Nigel
149 0x0048 Word name-length
150 0x004A Word class-name length
151 0x004C ???? key-name
153 the Value-List
154 ==============
155 Offset Size Contents
156 0x0000 D-Word Offset 1st Value
157 0x0004 D-Word Offset 2nd Value
158 0x???? D-Word Offset nth Value
160 To determine the number of values, you have to look at the owner-nk-record!
162 Der vk-Record
163 =============
164 Offset Size Contents
165 0x0000 Word ID: ASCII-"vk" = 0x6B76
166 0x0002 Word name length
167 0x0004 D-Word length of the data //if top bit is set when offset contains data. Nigel
168 0x0008 D-Word Offset of Data
169 0x000C D-Word Type of value
170 0x0010 Word Flag
171 0x0012 Word Unused (data-trash)
172 0x0014 ???? Name
174 If bit 0 of the flag-word is set, a name is present, otherwise the value has no name (=default)
176 If the data-size is lower 5, the data-offset value is used to store the data itself!
178 The data-types
179 ==============
180 Wert Beteutung
181 0x0001 RegSZ: character string (in UNICODE!)
182 0x0002 ExpandSZ: string with "%var%" expanding (UNICODE!)
183 0x0003 RegBin: raw-binary value
184 0x0004 RegDWord: Dword
185 0x0007 RegMultiSZ: multiple strings, seperated with 0
186 (UNICODE!)
188 The "lf"-record
189 ===============
190 Offset Size Contents
191 0x0000 Word ID: ASCII-"lf" = 0x666C
192 0x0002 Word number of keys
193 0x0004 ???? Hash-Records
195 Hash-Record
196 ===========
197 Offset Size Contents
198 0x0000 D-Word Offset of corresponding "nk"-Record
199 0x0004 D-Word ASCII: the first 4 characters of the key-name, padded with 0's. Case sensitiv!
201 Keep in mind, that the value at 0x0004 is used for checking the data-consistency! If you change the
202 key-name you have to change the hash-value too!
204 //These hashrecords must be sorted low to high within the lf record. Nigel.
206 The "sk"-block
207 ==============
208 (due to the complexity of the SAM-info, not clear jet)
209 (This is just a security descriptor in the data. R Sharpe.)
212 Offset Size Contents
213 0x0000 Word ID: ASCII-"sk" = 0x6B73
214 0x0002 Word Unused
215 0x0004 D-Word Offset of previous "sk"-Record
216 0x0008 D-Word Offset of next "sk"-Record
217 0x000C D-Word usage-counter
218 0x0010 D-Word Size of "sk"-record in bytes
219 ???? //standard self
220 relative security desciptor. Nigel
221 ???? ???? Security and auditing settings...
222 ????
224 The usage counter counts the number of references to this
225 "sk"-record. You can use one "sk"-record for the entire registry!
227 Windows nt date/time format
228 ===========================
229 The time-format is a 64-bit integer which is incremented every
230 0,0000001 seconds by 1 (I don't know how accurate it realy is!)
231 It starts with 0 at the 1st of january 1601 0:00! All values are
232 stored in GMT time! The time-zone is important to get the real
233 time!
235 Common values for win95 and win-nt
236 ==================================
237 Offset values marking an "end of list", are either 0 or -1 (0xFFFFFFFF).
238 If a value has no name (length=0, flag(bit 0)=0), it is treated as the
239 "Default" entry...
240 If a value has no data (length=0), it is displayed as empty.
242 simplyfied win-3.?? registry:
243 =============================
245 +-----------+
246 | next rec. |---+ +----->+------------+
247 | first sub | | | | Usage cnt. |
248 | name | | +-->+------------+ | | length |
249 | value | | | | next rec. | | | text |------->+-------+
250 +-----------+ | | | name rec. |--+ +------------+ | xxxxx |
251 +------------+ | | value rec. |-------->+------------+ +-------+
252 v | +------------+ | Usage cnt. |
253 +-----------+ | | length |
254 | next rec. | | | text |------->+-------+
255 | first sub |------+ +------------+ | xxxxx |
256 | name | +-------+
257 | value |
258 +-----------+
260 Greatly simplyfied structure of the nt-registry:
261 ================================================
263 +---------------------------------------------------------------+
264 | |
265 v |
266 +---------+ +---------->+-----------+ +----->+---------+ |
267 | "nk" | | | lf-rec. | | | nk-rec. | |
268 | ID | | | # of keys | | | parent |---+
269 | Date | | | 1st key |--+ | .... |
270 | parent | | +-----------+ +---------+
271 | suk-keys|-----+
272 | values |--------------------->+----------+
273 | SK-rec. |---------------+ | 1. value |--> +----------+
274 | class |--+ | +----------+ | vk-rec. |
275 +---------+ | | | .... |
276 v | | data |--> +-------+
277 +------------+ | +----------+ | xxxxx |
278 | Class name | | +-------+
279 +------------+ |
280 v
281 +---------+ +---------+
282 +----->| next sk |--->| Next sk |--+
283 | +---| prev sk |<---| prev sk | |
284 | | | .... | | ... | |
285 | | +---------+ +---------+ |
286 | | ^ |
287 | | | |
288 | +--------------------+ |
289 +----------------------------------+
291 ---------------------------------------------------------------------------
293 Hope this helps.... (Although it was "fun" for me to uncover this things,
294 it took me several sleepless nights ;)
296 B.D.
298 *************************************************************************/
300 #include <stdio.h>
301 #include <stdlib.h>
302 #include <errno.h>
303 #include <assert.h>
304 #include <sys/types.h>
305 #include <sys/stat.h>
306 #include <unistd.h>
307 #include <sys/mman.h>
308 #include <string.h>
309 #include <fcntl.h>
311 #define False 0
312 #define True 1
313 #define REG_KEY_LIST_SIZE 10
315 /*
316 * Structures for dealing with the on-disk format of the registry
317 */
319 #define IVAL(buf) ((unsigned int) \
320 (unsigned int)*((unsigned char *)(buf)+3)<<24| \
321 (unsigned int)*((unsigned char *)(buf)+2)<<16| \
322 (unsigned int)*((unsigned char *)(buf)+1)<<8| \
323 (unsigned int)*((unsigned char *)(buf)+0))
325 #define SVAL(buf) ((unsigned short) \
326 (unsigned short)*((unsigned char *)(buf)+1)<<8| \
327 (unsigned short)*((unsigned char *)(buf)+0))
329 #define CVAL(buf) ((unsigned char)*((unsigned char *)(buf)))
334 /*
335 * These definitions are for the in-memory registry structure.
336 * It is a tree structure that mimics what you see with tools like regedit
337 */
339 /*
340 * DateTime struct for Windows
341 */
347 /*
348 * Definition of a Key. It has a name, classname, date/time last modified,
349 * sub-keys, values, and a security descriptor
350 */
352 #define REG_ROOT_KEY 1
353 #define REG_SUB_KEY 2
354 #define REG_SYM_LINK 3
369 /*
370 * The KEY_LIST struct lists sub-keys.
371 */
392 #ifndef MAXSUBAUTHS
393 #define MAXSUBAUTHS 15
394 #endif
420 #define SEC_DESC_NON 0
421 #define SEC_DESC_RES 1
422 #define SEC_DESC_OCU 2
429 };
431 /*
432 * All of the structures below actually have a four-byte lenght before them
433 * which always seems to be negative. The following macro retrieves that
434 * size as an integer
435 */
437 #define BLK_SIZE(b) ((int)*(int *)(((int *)b)-1))
442 #define REG_REGF_ID 0x66676572
446 DWORD uk1;
447 DWORD uk2;
456 DWORD chksum;
460 DWORD dblocksize;
464 #define REG_HBIN_ID 0x6E696268
468 DWORD next_off;
469 DWORD prev_off;
470 DWORD uk1;
471 DWORD uk2;
472 DWORD uk3;
473 DWORD uk4;
474 DWORD blk_size;
475 HBIN_SUB_HDR hbin_sub_hdr;
478 #define REG_NK_ID 0x6B6E
481 WORD NK_ID;
482 WORD type;
484 DWORD uk1;
485 DWORD own_off;
486 DWORD subk_num;
487 DWORD uk2;
488 DWORD lf_off;
489 DWORD uk3;
490 DWORD val_cnt;
491 DWORD val_off;
492 DWORD sk_off;
493 DWORD clsnam_off;
495 DWORD unk5;
496 WORD nam_len;
497 WORD clsnam_len;
501 #define REG_SK_ID 0x6B73
504 WORD SK_ID;
505 WORD uk1;
506 DWORD prev_off;
507 DWORD next_off;
508 DWORD ref_cnt;
509 DWORD rec_size;
518 DOM_SID trustee;
522 WORD rev;
523 WORD size;
524 DWORD num_aces;
529 WORD rev;
530 WORD type;
531 DWORD owner_off;
532 DWORD group_off;
533 DWORD sacl_off;
534 DWORD dacl_off;
538 DWORD nk_off;
542 #define REG_LF_ID 0x666C
545 WORD LF_ID;
546 WORD key_count;
552 #define REG_VK_ID 0x6B76
555 WORD VK_ID;
556 WORD nam_len;
558 DWORD dat_off;
559 DWORD dat_type;
561 WORD unk1;
565 #define REG_TYPE_NONE 0
566 #define REG_TYPE_REGSZ 1
567 #define REG_TYPE_EXPANDSZ 2
568 #define REG_TYPE_BIN 3
569 #define REG_TYPE_DWORD 4
570 #define REG_TYPE_MULTISZ 7
577 /* A map of sk offsets in the regf to KEY_SEC_DESCs for quick lookup etc */
590 NTTIME last_mod_time;
594 };
598 /*
599 * An API for accessing/creating/destroying items above
600 */
602 /*
603 * Iterate over the keys, depth first, calling a function for each key
604 * and indicating if it is terminal or non-terminal and if it has values.
605 *
606 * In addition, for each value in the list, call a value list function
607 */
620 val_print_f val_print);
624 {
634 terminal,
640 }
641 }
644 }
649 val_print_f val_print)
650 {
659 }
660 }
662 }
666 val_print_f val_print)
667 {
674 /* List the key first, then the values, then the sub-keys */
684 }
686 /*
687 * If we have a security print routine, call it
688 * If the security print routine returns false, stop.
689 */
693 }
702 /*
703 * Now, iterate through the values in the val_list
704 */
709 val_print)) {
713 }
715 /*
716 * Now, iterate through the keys in the key list
717 */
724 }
728 }
732 /*
733 * Find key by name in a list ...
734 * Take the first component and search for that in the list
735 */
737 {
748 }
750 /*
751 * Find key by name in a tree ... We will assume absolute names here, but we
752 * need the root of the tree ...
753 */
755 {
764 /*
765 * Make sure that the first component is correct ...
766 */
771 c2++;
772 }
779 }
783 }
784 error:
787 }
789 /* Make, delete keys */
792 {
797 };
799 }
802 {
809 }
811 }
815 {
822 }
824 }
826 /*
827 * Find the key, and if it exists, delete it ...
828 */
830 {
840 }
844 }
847 {
852 }
855 {
860 }
863 }
866 {
875 }
877 }
880 {
890 }
892 }
895 {
900 /*
901 * There should always be a next and prev, even if they point to us
902 */
906 }
907 }
909 }
912 {
918 /*
919 * We will delete the owner if we are not the root and told to ...
920 */
926 /* Find our owner, look in keylist for us and shuffle up */
927 /* Perhaps should be a function */
933 /* Just find the entry ... */
934 }
938 }
942 /*
943 * Shuffle up. Works for the last one also
944 */
947 }
950 }
951 }
957 }
959 }
961 /*
962 * Add a value to the key specified ...
963 */
965 {
968 }
970 /*
971 * Delete a value. Should perhaps return the value ...
972 */
974 {
977 }
979 /*
980 * Add a key to the tree ... We walk down the components matching until
981 * we don't find any. There must be a match on the first component ...
982 * We return the key structure for the final component as that is
983 * often where we want to add values ...
984 */
986 /*
987 * Create a 1 component key name and set its parent to parent
988 */
990 {
995 /* There should not be more than one component */
1004 error:
1007 }
1009 /*
1010 * Convert a string of the form S-1-5-x[-y-z-r] to a SID
1011 */
1013 {
1025 }
1027 /* We only allow strings of form S-1-5... */
1039 }
1042 }
1045 i++;
1047 }
1050 }
1052 /*
1053 * We will implement inheritence that is based on what the parent's SEC_DESC
1054 * says, but the Owner and Group SIDs can be overwridden from the command line
1055 * and additional ACEs can be applied from the command line etc.
1056 */
1058 {
1062 }
1064 /*
1065 * Create an initial security descriptor and init other structures, if needed
1066 * We assume that the initial security stuff is empty ...
1067 */
1069 {
1074 }
1078 /*
1079 * Add a sub-key
1080 */
1082 {
1097 }
1102 }
1104 /*
1105 * If we reach here we could not find the the first component
1106 * so create it ...
1107 */
1116 c2++;
1117 }
1121 }
1130 }
1132 /*
1133 * add the new key at the new slot
1134 * FIXME: Sort the list someday
1135 */
1137 /*
1138 * We want to create the key, and then do the rest
1139 */
1149 /*
1150 * Next, pull security from the parent, but override by with
1151 * anything passed in on the command line
1152 */
1159 }
1165 error:
1169 }
1172 {
1175 }
1177 /*
1178 * This routine only adds a key from the root down.
1179 * It calls helper functions to handle sub-key lists and sub-keys
1180 */
1182 {
1186 /*
1187 * Look until we hit the first component that does not exist, and
1188 * then add from there. However, if the first component does not
1189 * match and the path we are given is the root, then it must match
1190 */
1200 c2++;
1201 }
1203 /*
1204 * If the root does not exist, create it and make it equal to the
1205 * first component ...
1206 */
1219 }
1221 /*
1222 * If we don't match, then we have to return error ...
1223 * If we do match on this component, check the next one in the
1224 * list, and if not found, add it ... short circuit, add all the
1225 * way down
1226 */
1230 }
1236 error:
1240 }
1242 /*
1243 * Load and unload a registry file.
1244 *
1245 * Load, loads it into memory as a tree, while unload sealizes/flattens it
1246 */
1248 /*
1249 * Get the starting record for NT Registry file
1250 */
1252 /*
1253 * Where we keep all the regf stuff for one registry.
1254 * This is the structure that we use to tie the in memory tree etc
1255 * together. By keeping separate structs, we can operate on different
1256 * registries at the same time.
1257 * Currently, the SK_MAP is an array of mapping structure.
1258 * Since we only need this on input and output, we fill in the structure
1259 * as we go on input. On output, we know how many SK items we have, so
1260 * we can allocate the structure as we need to.
1261 * If you add stuff here that is dynamically allocated, add the
1262 * appropriate free statements below.
1263 */
1265 #define REGF_REGTYPE_NONE 0
1266 #define REGF_REGTYPE_NT 1
1267 #define REGF_REGTYPE_W9X 2
1269 #define TTTONTTIME(r, t1, t2) (r)->last_mod_time.low = (t1); \
1270 (r)->last_mod_time.high = (t2);
1272 #define REGF_HDR_BLKSIZ 0x1000
1274 #define OFF(f) ((f) + REGF_HDR_BLKSIZ + 4)
1275 #define LOCN(base, f) ((base) + OFF(f))
1284 };
1287 {
1295 i++;
1297 }
1301 }
1303 /*
1304 * Convert from UniCode to Ascii ... Does not take into account other lang
1305 * Restrict by ascii_max if > 0
1306 */
1309 {
1315 i++;
1317 }
1322 }
1324 /*
1325 * Convert a data value to a string for display
1326 */
1328 {
1349 }
1357 else
1368 }
1372 }
1377 {
1379 }
1382 {
1384 }
1386 /* Create a regf structure and init it */
1389 {
1394 }
1396 /* Free all the bits and pieces ... Assumes regf was malloc'd */
1397 /* If you add stuff to REGF, add the relevant free bits here */
1399 {
1412 }
1414 /* Get the header of the registry. Return a pointer to the structure
1415 * If the mmap'd area has not been allocated, then mmap the input file
1416 */
1418 {
1429 }
1433 }
1441 }
1442 }
1444 /*
1445 * At this point, regf->base != NULL, and we should be able to read the
1446 * header
1447 */
1452 }
1454 /*
1455 * Validate a regf header
1456 * For now, do nothing, but we should check the checksum
1457 */
1459 {
1463 }
1465 /*
1466 * Process an SK header ...
1467 * Every time we see a new one, add it to the map. Otherwise, just look it up.
1468 * We will do a simple linear search for the moment, since many KEYs have the
1469 * same security descriptor.
1470 * We allocate the map in increments of 10 entries.
1471 */
1473 /*
1474 * Create a new entry in the map, and increase the size of the map if needed
1475 */
1478 {
1484 }
1489 }
1498 }
1499 /*
1500 * ndx already points at the first entry of the new block
1501 */
1503 }
1507 }
1509 }
1511 /*
1512 * Search for a KEY_SEC_DESC in the sk_map, but don't create one if not
1513 * found
1514 */
1517 {
1527 }
1531 }
1533 /*
1534 * Allocate a KEY_SEC_DESC if we can't find one in the map
1535 */
1538 {
1543 }
1548 }
1552 }
1554 }
1555 }
1557 /*
1558 * Allocate storage and duplicate a SID
1559 * We could allocate the SID to be only the size needed, but I am too lazy.
1560 */
1562 {
1571 }
1574 }
1576 }
1578 /*
1579 * Allocate space for an ACE and duplicate the registry encoded one passed in
1580 */
1582 {
1594 }
1596 /*
1597 * Allocate space for an ACL and duplicate the registry encoded one passed in
1598 */
1600 {
1617 /* XXX: FIXME, should handle malloc errors */
1618 }
1621 }
1624 {
1631 }
1639 }
1644 }
1646 /* Now pick up the SACL and DACL */
1650 else
1655 else
1659 }
1662 {
1673 }
1679 }
1681 /*
1682 * Now, we need to look up the SK Record in the map, and return it
1683 * Since the map contains the SK_OFF mapped to KEY_SEC_DESC, we can
1684 * use that
1685 */
1692 }
1694 /* Here, we have an item in the map that has been reserved, or tmp==NULL. */
1698 /*
1699 * Now, allocate a KEY_SEC_DESC, and parse the structure here, and add the
1700 * new KEY_SEC_DESC to the mapping structure, since the offset supplied is
1701 * the actual offset of structure. The same offset will be used by
1702 * all future references to this structure
1703 * We could put all this unpleasantness in a function.
1704 */
1711 /*
1712 * Allocate an entry in the SK_MAP ...
1713 * We don't need to free tmp, because that is done for us if the
1714 * sm_map entry can't be expanded when we need more space in the map.
1715 */
1719 }
1720 }
1725 /*
1726 * Now, process the actual sec desc and plug the values in
1727 */
1732 /*
1733 * Now forward and back links. Here we allocate an entry in the sk_map
1734 * if it does not exist, and mark it reserved
1735 */
1745 }
1747 /*
1748 * Process a VK header and return a value
1749 */
1751 {
1763 }
1775 }
1785 }
1786 }
1787 else
1790 /*
1791 * Allocate space and copy the data as a BLOB
1792 */
1800 }
1807 }
1811 }
1814 }
1818 /*
1819 * We need to save the data area as well
1820 */
1826 error:
1827 /* XXX: FIXME, free the partially allocated struct */
1830 }
1832 /*
1833 * Process a VL Header and return a list of values
1834 */
1836 {
1846 }
1851 }
1859 }
1860 }
1866 error:
1867 /* XXX: FIXME, free the partially allocated structure */
1869 }
1871 /*
1872 * Process an LF Header and return a list of sub-keys
1873 */
1875 {
1886 }
1894 /* Now, we should allocate a KEY_LIST struct and fill it in ... */
1899 }
1912 }
1913 }
1917 error:
1920 }
1922 /*
1923 * This routine is passed an NK_HDR pointer and retrieves the entire tree
1924 * from there down. It returns a REG_KEY *.
1925 */
1927 {
1942 }
1949 /*
1950 * The value of -size should be ge
1951 * (sizeof(NK_HDR) - 1 + name_len)
1952 * The -1 accounts for the fact that we included the first byte of
1953 * the name in the structure. clsname_len is the length of the thing
1954 * pointed to by clsnam_off
1955 */
1961 /*return NULL;*/
1962 }
1967 /* Fish out the key name and process the LF list */
1971 /* Allocate the key struct now */
1986 }
1988 /*
1989 * Fish out the class name, it is in UNICODE, while the key name is
1990 * ASCII :-)
1991 */
2003 /*
2004 * I am keeping class name as an ascii string for the moment.
2005 * That means it needs to be converted on output.
2006 * It will also piss off people who need Unicode/UTF-8 strings. Sorry.
2007 * XXX: FIXME
2008 */
2013 }
2017 }
2019 /*
2020 * Process the owner offset ...
2021 */
2029 /*
2030 * We should verify that the owner field is correct ...
2031 * for now, we don't worry ...
2032 */
2036 /*
2037 * If there are any values, process them here
2038 */
2050 }
2052 }
2054 /*
2055 * Also handle the SK header ...
2056 */
2065 }
2069 /*
2070 * No more subkeys if lf_off == -1
2071 */
2080 }
2082 }
2086 error:
2089 }
2092 {
2098 /* Get the header */
2102 }
2104 /* Now process that header and start to read the rest in */
2110 }
2112 /*
2113 * Validate the header ...
2114 */
2119 }
2121 /* Update the last mod date, and then go get the first NK record and on */
2125 /*
2126 * The hbin hdr seems to be just uninteresting garbage. Check that
2127 * it is there, but that is all.
2128 */
2136 }
2138 /*
2139 * Get a pointer to the first key from the hreg_hdr
2140 */
2144 /*
2145 * Now, get the registry tree by processing that NK recursively
2146 */
2152 /*
2153 * Unmap the registry file, as we might want to read in another
2154 * tree etc.
2155 */
2162 }
2164 /*
2165 * Story the registry in the output file
2166 */
2168 {
2171 }
2173 /*
2174 * Routines to parse a REGEDIT4 file
2175 *
2176 * The file consists of:
2177 *
2178 * REGEDIT4
2179 * \[[-]key-path\]\n
2180 * <value-spec>*
2181 *
2182 * Format:
2183 * [cmd:]name=type:value
2184 *
2185 * cmd = a|d|c|add|delete|change|as|ds|cs
2186 *
2187 * There can be more than one key-path and value-spec.
2188 *
2189 * Since we want to support more than one type of file format, we
2190 * construct a command-file structure that keeps info about the command file
2191 */
2193 #define FMT_UNREC -1
2194 #define FMT_REGEDIT4 0
2195 #define FMT_EDITREG1_1 1
2200 #define CMD_NONE 0
2201 #define CMD_ADD_KEY 1
2202 #define CMD_DEL_KEY 2
2204 #define CMD_KEY 1
2205 #define CMD_VAL 2
2226 /*
2227 * Some routines to handle lines of info in the command files
2228 */
2230 {
2236 }
2241 }
2242 }
2245 {
2254 }
2258 }
2261 {
2265 }
2266 }
2269 {
2278 }
2285 }
2287 #define INIT_ALLOC 10
2289 /*
2290 * Read a line from the input file.
2291 * NULL returned when EOF and no chars read
2292 * Otherwise we return a cmd_line *
2293 * Exit if other errors
2294 */
2296 {
2305 }
2309 /*
2310 * Allocate some space for the line. We extend later if needed.
2311 */
2317 }
2319 /*
2320 * Now read in the chars to EOL. Don't store the EOL in the
2321 * line. What about CR?
2322 */
2327 /*
2328 * Allocate some more memory
2329 */
2334 }
2336 }
2338 i++;
2339 }
2341 /* read 0 and we were at loc'n 0, return NULL */
2345 }
2351 }
2353 /*
2354 * parse_value: parse out a value. We pull it apart as:
2355 *
2356 * <value> ::= <value-name>=<type>:<value-string>
2357 *
2358 * <value-name> ::= char-string-without-spaces | '"' char-string '"'
2359 *
2360 * If it parsed OK, return the <value-name> as a string, and the
2361 * value type and value-string in parameters.
2362 *
2363 * The value name can be empty. There can only be one empty name in
2364 * a list of values. A value of - removes the value entirely.
2365 */
2368 {
2374 }
2376 }
2379 {
2389 /*
2390 * Beginning and end should be '"' or neither should be so
2391 */
2399 }
2402 }
2405 {
2425 }
2428 {
2432 }
2435 {
2442 /* FIXME: Better return codes etc ... */
2449 /* Now, parse the name ... */
2454 /* Now, split the remainder and parse on type and val ... */
2468 /* Now, parse the value string. It should return a newly malloc'd string */
2479 error:
2484 }
2486 /*
2487 * Parse out a key. Look for a correctly formatted key [...]
2488 * and whether it is a delete or add? A delete is signalled
2489 * by a - in front of the key.
2490 * Assumes that there are no leading and trailing spaces
2491 */
2494 {
2506 }
2512 }
2514 /*
2515 * Parse a line to determine if we have a key or a value
2516 * We only check for key or val ...
2517 */
2520 {
2526 else
2528 }
2530 /*
2531 * We seek to offset 0, read in the required number of bytes,
2532 * and compare to the correct value.
2533 * We then seek back to the original location
2534 */
2536 {
2544 }
2548 }
2553 }
2560 }
2563 }
2565 }
2568 }
2570 /*
2571 * Run though the data in the line and strip anything after a comment
2572 * char.
2573 */
2575 {
2584 }
2585 }
2586 }
2588 /*
2589 * trim leading space
2590 */
2593 {
2602 }
2603 }
2604 }
2606 /*
2607 * trim trailing spaces
2608 */
2610 {
2619 }
2620 }
2621 }
2623 /*
2624 * Get a command ... This consists of possibly multiple lines:
2625 * [key]
2626 * values*
2627 * possibly Empty line
2628 *
2629 * value ::= <value-name>=<value-type>':'<value-string>
2630 * <value-name> is some path, possibly enclosed in quotes ...
2631 * We alctually look for the next key to terminate a previous key
2632 */
2634 {
2643 }
2656 }
2658 /*
2659 * Parse out the bits ...
2660 */
2667 }
2671 /*
2672 * We need to add the value stuff to the list
2673 * There could be a \ on the end which we need to
2674 * handle at some time
2675 */
2683 }
2687 }
2695 }
2696 }
2698 }
2703 error:
2707 }
2710 {
2713 }
2716 {
2724 }
2728 }
2733 }
2740 }
2743 }
2746 {
2748 }
2751 {
2754 }
2763 CMD_OPS default_cmd_ops[] = {
2767 };
2772 CMD_OPS cmd_ops;
2775 /*
2776 * Create a new command file structure
2777 */
2780 {
2785 /*
2786 * Let's check if the file exists ...
2787 * No use creating the cmd_file structure if the file does not exist
2788 */
2793 }
2798 }
2800 /*
2801 * Let's fill in some of the fields;
2802 */
2809 }
2811 /*
2812 * Now, try to find the format by indexing through the table
2813 */
2818 }
2819 i++;
2820 }
2822 /*
2823 * If we got here, return NULL, as we could not figure out the type
2824 * of command file.
2825 *
2826 * What about errors?
2827 */
2831 }
2833 /*
2834 * Extract commands from the command file, and execute them.
2835 * We pass a table of command callbacks for that
2836 */
2838 /*
2839 * Main code from here on ...
2840 */
2842 /*
2843 * key print function here ...
2844 */
2848 {
2853 }
2855 /*
2856 * Sec Desc print functions
2857 */
2860 {
2885 }
2886 }
2889 {
2897 }
2902 }
2907 }
2912 }
2917 }
2922 }
2927 }
2929 }
2932 {
2934 }
2937 {
2945 }
2947 }
2950 {
2960 }
2961 }
2964 {
2974 }
2978 }
2980 }
2982 /*
2983 * Value print function here ...
2984 */
2987 {
2998 }
3001 {
3009 }
3012 {
3026 }
3028 /*
3029 * Now, process the arguments
3030 */
3046 print_keys++;
3047 regf_opt++;
3051 print_security++;
3052 regf_opt++;
3056 verbose++;
3057 regf_opt++;
3061 regf_opt++;
3068 }
3069 }
3074 }
3081 }
3083 /* Now, open it, and bring it into memory :-) */
3088 }
3089 }
3096 }
3098 }
3107 /*
3108 * Now, apply the requests to the tree ...
3109 */
3116 /* If we found it, apply the other bits, else create such a key */
3123 }
3127 }
3130 }
3133 /*
3134 * Any value does not matter ...
3135 * Find the key if it exists, and delete it ...
3136 */
3140 }
3141 }
3143 }
3145 /*
3146 * At this point, we should have a registry in memory and should be able
3147 * to iterate over it.
3148 */
3152 }
3155 }