2 * Unix SMB/CIFS implementation.
3 * Windows NT registry I/O library
4 * Copyright (c) Gerald (Jerry) Carter 2005
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, see <http://www.gnu.org/licenses/>.
22 #include "reg_objects.h"
23 #include "../librpc/gen_ndr/ndr_security.h"
26 #define DBGC_CLASS DBGC_REGISTRY
28 /*******************************************************************
30 * TODO : Right now this code basically ignores classnames.
32 ******************************************************************/
34 /*******************************************************************
35 Reads or writes an NTTIME structure.
36 ********************************************************************/
38 static bool smb_io_time(const char *desc, NTTIME *nttime, prs_struct *ps, int depth)
44 prs_debug(ps, depth, desc, "smb_io_time");
50 if (MARSHALLING(ps)) {
51 low = *nttime & 0xFFFFFFFF;
55 if(!prs_uint32("low ", ps, depth, &low)) /* low part */
57 if(!prs_uint32("high", ps, depth, &high)) /* high part */
60 if (UNMARSHALLING(ps)) {
61 *nttime = (((uint64_t)high << 32) + low);
67 /*******************************************************************
68 *******************************************************************/
70 static int write_block( REGF_FILE *file, prs_struct *ps, uint32 offset )
72 int bytes_written, returned;
73 char *buffer = prs_data_p( ps );
74 uint32 buffer_size = prs_data_size( ps );
80 /* check for end of file */
82 if (sys_fstat(file->fd, &sbuf, false)) {
83 DEBUG(0,("write_block: stat() failed! (%s)\n", strerror(errno)));
87 if ( lseek( file->fd, offset, SEEK_SET ) == -1 ) {
88 DEBUG(0,("write_block: lseek() failed! (%s)\n", strerror(errno) ));
92 bytes_written = returned = 0;
93 while ( bytes_written < buffer_size ) {
94 if ( (returned = write( file->fd, buffer+bytes_written, buffer_size-bytes_written )) == -1 ) {
95 DEBUG(0,("write_block: write() failed! (%s)\n", strerror(errno) ));
99 bytes_written += returned;
102 return bytes_written;
105 /*******************************************************************
106 *******************************************************************/
108 static int read_block( REGF_FILE *file, prs_struct *ps, uint32 file_offset, uint32 block_size )
110 int bytes_read, returned;
112 SMB_STRUCT_STAT sbuf;
114 /* check for end of file */
116 if (sys_fstat(file->fd, &sbuf, false)) {
117 DEBUG(0,("read_block: stat() failed! (%s)\n", strerror(errno)));
121 if ( (size_t)file_offset >= sbuf.st_ex_size )
124 /* if block_size == 0, we are parsing HBIN records and need
125 to read some of the header to get the block_size from there */
127 if ( block_size == 0 ) {
130 if ( lseek( file->fd, file_offset, SEEK_SET ) == -1 ) {
131 DEBUG(0,("read_block: lseek() failed! (%s)\n", strerror(errno) ));
135 returned = read( file->fd, hdr, 0x20 );
136 if ( (returned == -1) || (returned < 0x20) ) {
137 DEBUG(0,("read_block: failed to read in HBIN header. Is the file corrupt?\n"));
141 /* make sure this is an hbin header */
143 if ( strncmp( hdr, "hbin", HBIN_HDR_SIZE ) != 0 ) {
144 DEBUG(0,("read_block: invalid block header!\n"));
148 block_size = IVAL( hdr, 0x08 );
151 DEBUG(10,("read_block: block_size == 0x%x\n", block_size ));
153 /* set the offset, initialize the buffer, and read the block from disk */
155 if ( lseek( file->fd, file_offset, SEEK_SET ) == -1 ) {
156 DEBUG(0,("read_block: lseek() failed! (%s)\n", strerror(errno) ));
160 if (!prs_init( ps, block_size, file->mem_ctx, UNMARSHALL )) {
161 DEBUG(0,("read_block: prs_init() failed! (%s)\n", strerror(errno) ));
164 buffer = prs_data_p( ps );
165 bytes_read = returned = 0;
167 while ( bytes_read < block_size ) {
168 if ( (returned = read( file->fd, buffer+bytes_read, block_size-bytes_read )) == -1 ) {
169 DEBUG(0,("read_block: read() failed (%s)\n", strerror(errno) ));
172 if ( (returned == 0) && (bytes_read < block_size) ) {
173 DEBUG(0,("read_block: not a vald registry file ?\n" ));
177 bytes_read += returned;
183 /*******************************************************************
184 *******************************************************************/
186 static bool write_hbin_block( REGF_FILE *file, REGF_HBIN *hbin )
191 /* write free space record if any is available */
193 if ( hbin->free_off != REGF_OFFSET_NONE ) {
194 uint32 header = 0xffffffff;
196 if ( !prs_set_offset( &hbin->ps, hbin->free_off-sizeof(uint32) ) )
198 if ( !prs_uint32( "free_size", &hbin->ps, 0, &hbin->free_size ) )
200 if ( !prs_uint32( "free_header", &hbin->ps, 0, &header ) )
204 hbin->dirty = (write_block( file, &hbin->ps, hbin->file_off ) != -1);
209 /*******************************************************************
210 *******************************************************************/
212 static bool hbin_block_close( REGF_FILE *file, REGF_HBIN *hbin )
216 /* remove the block from the open list and flush it to disk */
218 for ( p=file->block_list; p && p!=hbin; p=p->next )
222 DLIST_REMOVE( file->block_list, hbin );
225 DEBUG(0,("hbin_block_close: block not in open list!\n"));
227 if ( !write_hbin_block( file, hbin ) )
233 /*******************************************************************
234 *******************************************************************/
236 static bool prs_regf_block( const char *desc, prs_struct *ps, int depth, REGF_FILE *file )
238 prs_debug(ps, depth, desc, "prs_regf_block");
241 if ( !prs_uint8s( True, "header", ps, depth, (uint8*)file->header, sizeof( file->header )) )
244 /* yes, these values are always identical so store them only once */
246 if ( !prs_uint32( "unknown1", ps, depth, &file->unknown1 ))
248 if ( !prs_uint32( "unknown1 (again)", ps, depth, &file->unknown1 ))
251 /* get the modtime */
253 if ( !prs_set_offset( ps, 0x0c ) )
255 if ( !smb_io_time( "modtime", &file->mtime, ps, depth ) )
260 if ( !prs_uint32( "unknown2", ps, depth, &file->unknown2 ))
262 if ( !prs_uint32( "unknown3", ps, depth, &file->unknown3 ))
264 if ( !prs_uint32( "unknown4", ps, depth, &file->unknown4 ))
266 if ( !prs_uint32( "unknown5", ps, depth, &file->unknown5 ))
269 /* get file offsets */
271 if ( !prs_set_offset( ps, 0x24 ) )
273 if ( !prs_uint32( "data_offset", ps, depth, &file->data_offset ))
275 if ( !prs_uint32( "last_block", ps, depth, &file->last_block ))
278 /* one more constant */
280 if ( !prs_uint32( "unknown6", ps, depth, &file->unknown6 ))
283 /* get the checksum */
285 if ( !prs_set_offset( ps, 0x01fc ) )
287 if ( !prs_uint32( "checksum", ps, depth, &file->checksum ))
293 /*******************************************************************
294 *******************************************************************/
296 static bool prs_hbin_block( const char *desc, prs_struct *ps, int depth, REGF_HBIN *hbin )
300 prs_debug(ps, depth, desc, "prs_regf_block");
303 if ( !prs_uint8s( True, "header", ps, depth, (uint8*)hbin->header, sizeof( hbin->header )) )
306 if ( !prs_uint32( "first_hbin_off", ps, depth, &hbin->first_hbin_off ))
309 /* The dosreg.cpp comments say that the block size is at 0x1c.
310 According to a WINXP NTUSER.dat file, this is wrong. The block_size
313 if ( !prs_uint32( "block_size", ps, depth, &hbin->block_size ))
316 block_size2 = hbin->block_size;
317 prs_set_offset( ps, 0x1c );
318 if ( !prs_uint32( "block_size2", ps, depth, &block_size2 ))
321 if ( MARSHALLING(ps) )
328 /*******************************************************************
329 *******************************************************************/
331 static bool prs_nk_rec( const char *desc, prs_struct *ps, int depth, REGF_NK_REC *nk )
333 uint16 class_length, name_length;
335 uint32 data_size, start_off, end_off;
336 uint32 unknown_off = REGF_OFFSET_NONE;
338 nk->hbin_off = prs_offset( ps );
339 start = nk->hbin_off;
341 prs_debug(ps, depth, desc, "prs_nk_rec");
344 /* back up and get the data_size */
346 if ( !prs_set_offset( ps, prs_offset(ps)-sizeof(uint32)) )
348 start_off = prs_offset( ps );
349 if ( !prs_uint32( "rec_size", ps, depth, &nk->rec_size ))
352 if ( !prs_uint8s( True, "header", ps, depth, (uint8*)nk->header, sizeof( nk->header )) )
355 if ( !prs_uint16( "key_type", ps, depth, &nk->key_type ))
357 if ( !smb_io_time( "mtime", &nk->mtime, ps, depth ))
360 if ( !prs_set_offset( ps, start+0x0010 ) )
362 if ( !prs_uint32( "parent_off", ps, depth, &nk->parent_off ))
364 if ( !prs_uint32( "num_subkeys", ps, depth, &nk->num_subkeys ))
367 if ( !prs_set_offset( ps, start+0x001c ) )
369 if ( !prs_uint32( "subkeys_off", ps, depth, &nk->subkeys_off ))
371 if ( !prs_uint32( "unknown_off", ps, depth, &unknown_off) )
374 if ( !prs_set_offset( ps, start+0x0024 ) )
376 if ( !prs_uint32( "num_values", ps, depth, &nk->num_values ))
378 if ( !prs_uint32( "values_off", ps, depth, &nk->values_off ))
380 if ( !prs_uint32( "sk_off", ps, depth, &nk->sk_off ))
382 if ( !prs_uint32( "classname_off", ps, depth, &nk->classname_off ))
385 if ( !prs_uint32( "max_bytes_subkeyname", ps, depth, &nk->max_bytes_subkeyname))
387 if ( !prs_uint32( "max_bytes_subkeyclassname", ps, depth, &nk->max_bytes_subkeyclassname))
389 if ( !prs_uint32( "max_bytes_valuename", ps, depth, &nk->max_bytes_valuename))
391 if ( !prs_uint32( "max_bytes_value", ps, depth, &nk->max_bytes_value))
393 if ( !prs_uint32( "unknown index", ps, depth, &nk->unk_index))
396 name_length = nk->keyname ? strlen(nk->keyname) : 0 ;
397 class_length = nk->classname ? strlen(nk->classname) : 0 ;
398 if ( !prs_uint16( "name_length", ps, depth, &name_length ))
400 if ( !prs_uint16( "class_length", ps, depth, &class_length ))
403 if ( class_length ) {
408 if ( UNMARSHALLING(ps) ) {
409 if ( !(nk->keyname = PRS_ALLOC_MEM( ps, char, name_length+1 )) )
413 if ( !prs_uint8s( True, "name", ps, depth, (uint8*)nk->keyname, name_length) )
416 if ( UNMARSHALLING(ps) )
417 nk->keyname[name_length] = '\0';
420 end_off = prs_offset( ps );
422 /* data_size must be divisible by 8 and large enough to hold the original record */
424 data_size = ((start_off - end_off) & 0xfffffff8 );
425 if ( data_size > nk->rec_size )
426 DEBUG(10,("Encountered reused record (0x%x < 0x%x)\n", data_size, nk->rec_size));
428 if ( MARSHALLING(ps) )
429 nk->hbin->dirty = True;
434 /*******************************************************************
435 *******************************************************************/
437 static uint32 regf_block_checksum( prs_struct *ps )
439 char *buffer = prs_data_p( ps );
443 /* XOR of all bytes 0x0000 - 0x01FB */
447 for ( i=0; i<0x01FB; i+=4 ) {
448 x = IVAL(buffer, i );
455 /*******************************************************************
456 *******************************************************************/
458 static bool read_regf_block( REGF_FILE *file )
463 /* grab the first block from the file */
465 if ( read_block( file, &ps, 0, REGF_BLOCKSIZE ) == -1 )
468 /* parse the block and verify the checksum */
470 if ( !prs_regf_block( "regf_header", &ps, 0, file ) )
473 checksum = regf_block_checksum( &ps );
477 if ( file->checksum != checksum ) {
478 DEBUG(0,("read_regf_block: invalid checksum\n" ));
485 /*******************************************************************
486 *******************************************************************/
488 static REGF_HBIN* read_hbin_block( REGF_FILE *file, off_t offset )
491 uint32 record_size, curr_off, block_size, header;
493 if ( !(hbin = TALLOC_ZERO_P(file->mem_ctx, REGF_HBIN)) )
495 hbin->file_off = offset;
498 if ( read_block( file, &hbin->ps, offset, 0 ) == -1 )
501 if ( !prs_hbin_block( "hbin", &hbin->ps, 0, hbin ) )
504 /* this should be the same thing as hbin->block_size but just in case */
506 block_size = prs_data_size( &hbin->ps );
508 /* Find the available free space offset. Always at the end,
509 so walk the record list and stop when you get to the end.
510 The end is defined by a record header of 0xffffffff. The
511 previous 4 bytes contains the amount of free space remaining
512 in the hbin block. */
514 /* remember that the record_size is in the 4 bytes preceeding the record itself */
516 if ( !prs_set_offset( &hbin->ps, file->data_offset+HBIN_HDR_SIZE-sizeof(uint32) ) )
521 curr_off = prs_offset( &hbin->ps );
522 while ( header != 0xffffffff ) {
523 /* not done yet so reset the current offset to the
524 next record_size field */
526 curr_off = curr_off+record_size;
528 /* for some reason the record_size of the last record in
529 an hbin block can extend past the end of the block
530 even though the record fits within the remaining
531 space....aaarrrgggghhhhhh */
533 if ( curr_off >= block_size ) {
539 if ( !prs_set_offset( &hbin->ps, curr_off) )
542 if ( !prs_uint32( "rec_size", &hbin->ps, 0, &record_size ) )
544 if ( !prs_uint32( "header", &hbin->ps, 0, &header ) )
547 SMB_ASSERT( record_size != 0 );
549 if ( record_size & 0x80000000 ) {
550 /* absolute_value(record_size) */
551 record_size = (record_size ^ 0xffffffff) + 1;
555 /* save the free space offset */
557 if ( header == 0xffffffff ) {
559 /* account for the fact that the curr_off is 4 bytes behind the actual
562 hbin->free_off = curr_off + sizeof(uint32);
563 hbin->free_size = record_size;
566 DEBUG(10,("read_hbin_block: free space offset == 0x%x\n", hbin->free_off));
568 if ( !prs_set_offset( &hbin->ps, file->data_offset+HBIN_HDR_SIZE ) )
574 /*******************************************************************
575 Input a random offset and receive the corresponding HBIN
577 *******************************************************************/
579 static bool hbin_contains_offset( REGF_HBIN *hbin, uint32 offset )
584 if ( (offset > hbin->first_hbin_off) && (offset < (hbin->first_hbin_off+hbin->block_size)) )
590 /*******************************************************************
591 Input a random offset and receive the corresponding HBIN
593 *******************************************************************/
595 static REGF_HBIN* lookup_hbin_block( REGF_FILE *file, uint32 offset )
597 REGF_HBIN *hbin = NULL;
600 /* start with the open list */
602 for ( hbin=file->block_list; hbin; hbin=hbin->next ) {
603 DEBUG(10,("lookup_hbin_block: address = 0x%x [0x%lx]\n", hbin->file_off, (unsigned long)hbin ));
604 if ( hbin_contains_offset( hbin, offset ) )
609 /* start at the beginning */
611 block_off = REGF_BLOCKSIZE;
613 /* cleanup before the next round */
615 prs_mem_free( &hbin->ps );
617 hbin = read_hbin_block( file, block_off );
620 block_off = hbin->file_off + hbin->block_size;
622 } while ( hbin && !hbin_contains_offset( hbin, offset ) );
626 DLIST_ADD( file->block_list, hbin );
631 /*******************************************************************
632 *******************************************************************/
634 static bool prs_hash_rec( const char *desc, prs_struct *ps, int depth, REGF_HASH_REC *hash )
636 prs_debug(ps, depth, desc, "prs_hash_rec");
639 if ( !prs_uint32( "nk_off", ps, depth, &hash->nk_off ))
641 if ( !prs_uint8s( True, "keycheck", ps, depth, hash->keycheck, sizeof( hash->keycheck )) )
647 /*******************************************************************
648 *******************************************************************/
650 static bool hbin_prs_lf_records( const char *desc, REGF_HBIN *hbin, int depth, REGF_NK_REC *nk )
653 REGF_LF_REC *lf = &nk->subkeys;
654 uint32 data_size, start_off, end_off;
656 prs_debug(&hbin->ps, depth, desc, "prs_lf_records");
659 /* check if we have anything to do first */
661 if ( nk->num_subkeys == 0 )
664 /* move to the LF record */
666 if ( !prs_set_offset( &hbin->ps, nk->subkeys_off + HBIN_HDR_SIZE - hbin->first_hbin_off ) )
669 /* backup and get the data_size */
671 if ( !prs_set_offset( &hbin->ps, prs_offset(&hbin->ps)-sizeof(uint32)) )
673 start_off = prs_offset( &hbin->ps );
674 if ( !prs_uint32( "rec_size", &hbin->ps, depth, &lf->rec_size ))
677 if ( !prs_uint8s( True, "header", &hbin->ps, depth, (uint8*)lf->header, sizeof( lf->header )) )
680 if ( !prs_uint16( "num_keys", &hbin->ps, depth, &lf->num_keys))
683 if ( UNMARSHALLING(&hbin->ps) ) {
685 if ( !(lf->hashes = PRS_ALLOC_MEM( &hbin->ps, REGF_HASH_REC, lf->num_keys )) )
692 for ( i=0; i<lf->num_keys; i++ ) {
693 if ( !prs_hash_rec( "hash_rec", &hbin->ps, depth, &lf->hashes[i] ) )
697 end_off = prs_offset( &hbin->ps );
699 /* data_size must be divisible by 8 and large enough to hold the original record */
701 data_size = ((start_off - end_off) & 0xfffffff8 );
702 if ( data_size > lf->rec_size )
703 DEBUG(10,("Encountered reused record (0x%x < 0x%x)\n", data_size, lf->rec_size));
705 if ( MARSHALLING(&hbin->ps) )
711 /*******************************************************************
712 *******************************************************************/
714 static bool hbin_prs_sk_rec( const char *desc, REGF_HBIN *hbin, int depth, REGF_SK_REC *sk )
716 prs_struct *ps = &hbin->ps;
718 uint32 data_size, start_off, end_off;
721 prs_debug(ps, depth, desc, "hbin_prs_sk_rec");
724 if ( !prs_set_offset( &hbin->ps, sk->sk_off + HBIN_HDR_SIZE - hbin->first_hbin_off ) )
727 /* backup and get the data_size */
729 if ( !prs_set_offset( &hbin->ps, prs_offset(&hbin->ps)-sizeof(uint32)) )
731 start_off = prs_offset( &hbin->ps );
732 if ( !prs_uint32( "rec_size", &hbin->ps, depth, &sk->rec_size ))
735 if ( !prs_uint8s( True, "header", ps, depth, (uint8*)sk->header, sizeof( sk->header )) )
737 if ( !prs_uint16( "tag", ps, depth, &tag))
740 if ( !prs_uint32( "prev_sk_off", ps, depth, &sk->prev_sk_off))
742 if ( !prs_uint32( "next_sk_off", ps, depth, &sk->next_sk_off))
744 if ( !prs_uint32( "ref_count", ps, depth, &sk->ref_count))
746 if ( !prs_uint32( "size", ps, depth, &sk->size))
751 TALLOC_CTX *mem_ctx = prs_get_mem_context(&hbin->ps);
754 if (MARSHALLING(&hbin->ps)) {
755 status = marshall_sec_desc(mem_ctx,
757 &blob.data, &blob.length);
758 if (!NT_STATUS_IS_OK(status))
760 if (!prs_copy_data_in(&hbin->ps, (const char *)blob.data, blob.length))
763 blob = data_blob_const(prs_data_p(&hbin->ps),
764 prs_data_size(&hbin->ps));
765 status = unmarshall_sec_desc(mem_ctx,
766 blob.data, blob.length,
768 if (!NT_STATUS_IS_OK(status))
770 prs_set_offset(&hbin->ps, blob.length);
774 end_off = prs_offset( &hbin->ps );
776 /* data_size must be divisible by 8 and large enough to hold the original record */
778 data_size = ((start_off - end_off) & 0xfffffff8 );
779 if ( data_size > sk->rec_size )
780 DEBUG(10,("Encountered reused record (0x%x < 0x%x)\n", data_size, sk->rec_size));
782 if ( MARSHALLING(&hbin->ps) )
788 /*******************************************************************
789 *******************************************************************/
791 static bool hbin_prs_vk_rec( const char *desc, REGF_HBIN *hbin, int depth, REGF_VK_REC *vk, REGF_FILE *file )
795 prs_struct *ps = &hbin->ps;
796 uint32 data_size, start_off, end_off;
798 prs_debug(ps, depth, desc, "prs_vk_rec");
801 /* backup and get the data_size */
803 if ( !prs_set_offset( &hbin->ps, prs_offset(&hbin->ps)-sizeof(uint32)) )
805 start_off = prs_offset( &hbin->ps );
806 if ( !prs_uint32( "rec_size", &hbin->ps, depth, &vk->rec_size ))
809 if ( !prs_uint8s( True, "header", ps, depth, (uint8*)vk->header, sizeof( vk->header )) )
812 if ( MARSHALLING(&hbin->ps) )
813 name_length = strlen(vk->valuename);
815 if ( !prs_uint16( "name_length", ps, depth, &name_length ))
817 if ( !prs_uint32( "data_size", ps, depth, &vk->data_size ))
819 if ( !prs_uint32( "data_off", ps, depth, &vk->data_off ))
821 if ( !prs_uint32( "type", ps, depth, &vk->type))
823 if ( !prs_uint16( "flag", ps, depth, &vk->flag))
826 offset = prs_offset( ps );
827 offset += 2; /* skip 2 bytes */
828 prs_set_offset( ps, offset );
832 if ( vk->flag&VK_FLAG_NAME_PRESENT ) {
834 if ( UNMARSHALLING(&hbin->ps) ) {
835 if ( !(vk->valuename = PRS_ALLOC_MEM( ps, char, name_length+1 )))
838 if ( !prs_uint8s( True, "name", ps, depth, (uint8*)vk->valuename, name_length ) )
842 end_off = prs_offset( &hbin->ps );
844 /* get the data if necessary */
846 if ( vk->data_size != 0 ) {
847 bool charmode = False;
849 if ( (vk->type == REG_SZ) || (vk->type == REG_MULTI_SZ) )
852 /* the data is stored in the offset if the size <= 4 */
854 if ( !(vk->data_size & VK_DATA_IN_OFFSET) ) {
855 REGF_HBIN *hblock = hbin;
856 uint32 data_rec_size;
858 if ( UNMARSHALLING(&hbin->ps) ) {
859 if ( !(vk->data = PRS_ALLOC_MEM( ps, uint8, vk->data_size) ) )
863 /* this data can be in another hbin */
864 if ( !hbin_contains_offset( hbin, vk->data_off ) ) {
865 if ( !(hblock = lookup_hbin_block( file, vk->data_off )) )
868 if ( !(prs_set_offset( &hblock->ps, (vk->data_off+HBIN_HDR_SIZE-hblock->first_hbin_off)-sizeof(uint32) )) )
871 if ( MARSHALLING(&hblock->ps) ) {
872 data_rec_size = ( (vk->data_size+sizeof(uint32)) & 0xfffffff8 ) + 8;
873 data_rec_size = ( data_rec_size - 1 ) ^ 0xFFFFFFFF;
875 if ( !prs_uint32( "data_rec_size", &hblock->ps, depth, &data_rec_size ))
877 if ( !prs_uint8s( charmode, "data", &hblock->ps, depth, vk->data, vk->data_size) )
880 if ( MARSHALLING(&hblock->ps) )
881 hblock->dirty = True;
884 if ( !(vk->data = PRS_ALLOC_MEM( ps, uint8, 4 ) ) )
886 SIVAL( vk->data, 0, vk->data_off );
891 /* data_size must be divisible by 8 and large enough to hold the original record */
893 data_size = ((start_off - end_off ) & 0xfffffff8 );
894 if ( data_size != vk->rec_size )
895 DEBUG(10,("prs_vk_rec: data_size check failed (0x%x < 0x%x)\n", data_size, vk->rec_size));
897 if ( MARSHALLING(&hbin->ps) )
903 /*******************************************************************
904 read a VK record which is contained in the HBIN block stored
905 in the prs_struct *ps.
906 *******************************************************************/
908 static bool hbin_prs_vk_records( const char *desc, REGF_HBIN *hbin, int depth, REGF_NK_REC *nk, REGF_FILE *file )
913 prs_debug(&hbin->ps, depth, desc, "prs_vk_records");
916 /* check if we have anything to do first */
918 if ( nk->num_values == 0 )
921 if ( UNMARSHALLING(&hbin->ps) ) {
922 if ( !(nk->values = PRS_ALLOC_MEM( &hbin->ps, REGF_VK_REC, nk->num_values ) ) )
926 /* convert the offset to something relative to this HBIN block */
928 if ( !prs_set_offset( &hbin->ps, nk->values_off+HBIN_HDR_SIZE-hbin->first_hbin_off-sizeof(uint32)) )
931 if ( MARSHALLING( &hbin->ps) ) {
932 record_size = ( ( nk->num_values * sizeof(uint32) ) & 0xfffffff8 ) + 8;
933 record_size = (record_size - 1) ^ 0xFFFFFFFF;
936 if ( !prs_uint32( "record_size", &hbin->ps, depth, &record_size ) )
939 for ( i=0; i<nk->num_values; i++ ) {
940 if ( !prs_uint32( "vk_off", &hbin->ps, depth, &nk->values[i].rec_off ) )
944 for ( i=0; i<nk->num_values; i++ ) {
945 REGF_HBIN *sub_hbin = hbin;
948 if ( !hbin_contains_offset( hbin, nk->values[i].rec_off ) ) {
949 sub_hbin = lookup_hbin_block( file, nk->values[i].rec_off );
951 DEBUG(0,("hbin_prs_vk_records: Failed to find HBIN block containing offset [0x%x]\n",
952 nk->values[i].hbin_off));
957 new_offset = nk->values[i].rec_off + HBIN_HDR_SIZE - sub_hbin->first_hbin_off;
958 if ( !prs_set_offset( &sub_hbin->ps, new_offset ) )
960 if ( !hbin_prs_vk_rec( "vk_rec", sub_hbin, depth, &nk->values[i], file ) )
964 if ( MARSHALLING(&hbin->ps) )
972 /*******************************************************************
973 *******************************************************************/
975 static REGF_SK_REC* find_sk_record_by_offset( REGF_FILE *file, uint32 offset )
979 for ( p_sk=file->sec_desc_list; p_sk; p_sk=p_sk->next ) {
980 if ( p_sk->sk_off == offset )
987 /*******************************************************************
988 *******************************************************************/
990 static REGF_SK_REC* find_sk_record_by_sec_desc( REGF_FILE *file, struct security_descriptor *sd )
994 for ( p=file->sec_desc_list; p; p=p->next ) {
995 if ( security_descriptor_equal( p->sec_desc, sd ) )
1004 /*******************************************************************
1005 *******************************************************************/
1007 static bool hbin_prs_key( REGF_FILE *file, REGF_HBIN *hbin, REGF_NK_REC *nk )
1010 REGF_HBIN *sub_hbin;
1012 prs_debug(&hbin->ps, depth, "", "fetch_key");
1015 /* get the initial nk record */
1017 if ( !prs_nk_rec( "nk_rec", &hbin->ps, depth, nk ))
1020 /* fill in values */
1022 if ( nk->num_values && (nk->values_off!=REGF_OFFSET_NONE) ) {
1024 if ( !hbin_contains_offset( hbin, nk->values_off ) ) {
1025 sub_hbin = lookup_hbin_block( file, nk->values_off );
1027 DEBUG(0,("hbin_prs_key: Failed to find HBIN block containing value_list_offset [0x%x]\n",
1033 if ( !hbin_prs_vk_records( "vk_rec", sub_hbin, depth, nk, file ))
1037 /* now get subkeys */
1039 if ( nk->num_subkeys && (nk->subkeys_off!=REGF_OFFSET_NONE) ) {
1041 if ( !hbin_contains_offset( hbin, nk->subkeys_off ) ) {
1042 sub_hbin = lookup_hbin_block( file, nk->subkeys_off );
1044 DEBUG(0,("hbin_prs_key: Failed to find HBIN block containing subkey_offset [0x%x]\n",
1050 if ( !hbin_prs_lf_records( "lf_rec", sub_hbin, depth, nk ))
1054 /* get the to the security descriptor. First look if we have already parsed it */
1056 if ( (nk->sk_off!=REGF_OFFSET_NONE) && !( nk->sec_desc = find_sk_record_by_offset( file, nk->sk_off )) ) {
1059 if ( !hbin_contains_offset( hbin, nk->sk_off ) ) {
1060 sub_hbin = lookup_hbin_block( file, nk->sk_off );
1062 DEBUG(0,("hbin_prs_key: Failed to find HBIN block containing sk_offset [0x%x]\n",
1068 if ( !(nk->sec_desc = TALLOC_ZERO_P( file->mem_ctx, REGF_SK_REC )) )
1070 nk->sec_desc->sk_off = nk->sk_off;
1071 if ( !hbin_prs_sk_rec( "sk_rec", sub_hbin, depth, nk->sec_desc ))
1074 /* add to the list of security descriptors (ref_count has been read from the files) */
1076 nk->sec_desc->sk_off = nk->sk_off;
1077 DLIST_ADD( file->sec_desc_list, nk->sec_desc );
1083 /*******************************************************************
1084 *******************************************************************/
1086 static bool next_record( REGF_HBIN *hbin, const char *hdr, bool *eob )
1088 uint8 header[REC_HDR_SIZE];
1090 uint32 curr_off, block_size;
1092 prs_struct *ps = &hbin->ps;
1094 curr_off = prs_offset( ps );
1095 if ( curr_off == 0 )
1096 prs_set_offset( ps, HBIN_HEADER_REC_SIZE );
1098 /* assume that the current offset is at the record header
1099 and we need to backup to read the record size */
1101 curr_off -= sizeof(uint32);
1103 block_size = prs_data_size( ps );
1105 memset( header, 0x0, sizeof(uint8)*REC_HDR_SIZE );
1108 curr_off = curr_off+record_size;
1109 if ( curr_off >= block_size )
1112 if ( !prs_set_offset( &hbin->ps, curr_off) )
1115 if ( !prs_uint32( "record_size", ps, 0, &record_size ) )
1117 if ( !prs_uint8s( True, "header", ps, 0, header, REC_HDR_SIZE ) )
1120 if ( record_size & 0x80000000 ) {
1121 /* absolute_value(record_size) */
1122 record_size = (record_size ^ 0xffffffff) + 1;
1125 if ( memcmp( header, hdr, REC_HDR_SIZE ) == 0 ) {
1127 curr_off += sizeof(uint32);
1131 /* mark prs_struct as done ( at end ) if no more SK records */
1132 /* mark end-of-block as True */
1135 prs_set_offset( &hbin->ps, prs_data_size(&hbin->ps) );
1140 if ( !prs_set_offset( ps, curr_off ) )
1146 /*******************************************************************
1147 *******************************************************************/
1149 static bool next_nk_record( REGF_FILE *file, REGF_HBIN *hbin, REGF_NK_REC *nk, bool *eob )
1151 if ( next_record( hbin, "nk", eob ) && hbin_prs_key( file, hbin, nk ) )
1157 /*******************************************************************
1158 Intialize the newly created REGF_BLOCK in *file and write the
1159 block header to disk
1160 *******************************************************************/
1162 static bool init_regf_block( REGF_FILE *file )
1167 if ( !prs_init( &ps, REGF_BLOCKSIZE, file->mem_ctx, MARSHALL ) )
1170 memcpy( file->header, "regf", REGF_HDR_SIZE );
1171 file->data_offset = 0x20;
1172 file->last_block = 0x1000;
1176 unix_to_nt_time( &file->mtime, time(NULL) );
1178 /* hard coded values...no diea what these are ... maybe in time */
1180 file->unknown1 = 0x2;
1181 file->unknown2 = 0x1;
1182 file->unknown3 = 0x3;
1183 file->unknown4 = 0x0;
1184 file->unknown5 = 0x1;
1185 file->unknown6 = 0x1;
1187 /* write header to the buffer */
1189 if ( !prs_regf_block( "regf_header", &ps, 0, file ) ) {
1194 /* calculate the checksum, re-marshall data (to include the checksum)
1195 and write to disk */
1197 file->checksum = regf_block_checksum( &ps );
1198 prs_set_offset( &ps, 0 );
1199 if ( !prs_regf_block( "regf_header", &ps, 0, file ) ) {
1204 if ( write_block( file, &ps, 0 ) == -1 ) {
1205 DEBUG(0,("init_regf_block: Failed to initialize registry header block!\n"));
1211 prs_mem_free( &ps );
1215 /*******************************************************************
1216 Open the registry file and then read in the REGF block to get the
1218 *******************************************************************/
1220 REGF_FILE* regfio_open( const char *filename, int flags, int mode )
1224 if ( !(rb = SMB_MALLOC_P(REGF_FILE)) ) {
1225 DEBUG(0,("ERROR allocating memory\n"));
1231 if ( !(rb->mem_ctx = talloc_init( "read_regf_block" )) ) {
1236 rb->open_flags = flags;
1238 /* open and existing file */
1240 if ( (rb->fd = open(filename, flags, mode)) == -1 ) {
1241 DEBUG(0,("regfio_open: failure to open %s (%s)\n", filename, strerror(errno)));
1246 /* check if we are creating a new file or overwriting an existing one */
1248 if ( flags & (O_CREAT|O_TRUNC) ) {
1249 if ( !init_regf_block( rb ) ) {
1250 DEBUG(0,("regfio_open: Failed to read initial REGF block\n"));
1259 /* read in an existing file */
1261 if ( !read_regf_block( rb ) ) {
1262 DEBUG(0,("regfio_open: Failed to read initial REGF block\n"));
1272 /*******************************************************************
1273 *******************************************************************/
1275 static void regfio_mem_free( REGF_FILE *file )
1277 /* free any talloc()'d memory */
1279 if ( file && file->mem_ctx )
1280 talloc_destroy( file->mem_ctx );
1283 /*******************************************************************
1284 *******************************************************************/
1286 int regfio_close( REGF_FILE *file )
1290 /* cleanup for a file opened for write */
1292 if ((file->fd != -1) && (file->open_flags & (O_WRONLY|O_RDWR))) {
1296 /* write of sd list */
1298 for ( sk=file->sec_desc_list; sk; sk=sk->next ) {
1299 hbin_prs_sk_rec( "sk_rec", sk->hbin, 0, sk );
1302 /* flush any dirty blocks */
1304 while ( file->block_list ) {
1305 hbin_block_close( file, file->block_list );
1310 unix_to_nt_time( &file->mtime, time(NULL) );
1312 if ( read_block( file, &ps, 0, REGF_BLOCKSIZE ) != -1 ) {
1313 /* now use for writing */
1314 prs_switch_type( &ps, MARSHALL );
1316 /* stream the block once, generate the checksum,
1317 and stream it again */
1318 prs_set_offset( &ps, 0 );
1319 prs_regf_block( "regf_blocK", &ps, 0, file );
1320 file->checksum = regf_block_checksum( &ps );
1321 prs_set_offset( &ps, 0 );
1322 prs_regf_block( "regf_blocK", &ps, 0, file );
1324 /* now we are ready to write it to disk */
1325 if ( write_block( file, &ps, 0 ) == -1 )
1326 DEBUG(0,("regfio_close: failed to update the regf header block!\n"));
1329 prs_mem_free( &ps );
1332 regfio_mem_free( file );
1334 /* nothing tdo do if there is no open file */
1346 /*******************************************************************
1347 *******************************************************************/
1349 static void regfio_flush( REGF_FILE *file )
1353 for ( hbin=file->block_list; hbin; hbin=hbin->next ) {
1354 write_hbin_block( file, hbin );
1358 /*******************************************************************
1359 There should be only *one* root key in the registry file based
1360 on my experience. --jerry
1361 *******************************************************************/
1363 REGF_NK_REC* regfio_rootkey( REGF_FILE *file )
1367 uint32 offset = REGF_BLOCKSIZE;
1374 if ( !(nk = TALLOC_ZERO_P( file->mem_ctx, REGF_NK_REC )) ) {
1375 DEBUG(0,("regfio_rootkey: talloc() failed!\n"));
1379 /* scan through the file on HBIN block at a time looking
1380 for an NK record with a type == 0x002c.
1381 Normally this is the first nk record in the first hbin
1382 block (but I'm not assuming that for now) */
1384 while ( (hbin = read_hbin_block( file, offset )) ) {
1388 if ( next_nk_record( file, hbin, nk, &eob ) ) {
1389 if ( nk->key_type == NK_TYPE_ROOTKEY ) {
1394 prs_mem_free( &hbin->ps );
1400 offset += hbin->block_size;
1404 DEBUG(0,("regfio_rootkey: corrupt registry file ? No root key record located\n"));
1408 DLIST_ADD( file->block_list, hbin );
1413 /*******************************************************************
1414 This acts as an interator over the subkeys defined for a given
1415 NK record. Remember that offsets are from the *first* HBIN block.
1416 *******************************************************************/
1418 REGF_NK_REC* regfio_fetch_subkey( REGF_FILE *file, REGF_NK_REC *nk )
1420 REGF_NK_REC *subkey;
1424 /* see if there is anything left to report */
1426 if ( !nk || (nk->subkeys_off==REGF_OFFSET_NONE) || (nk->subkey_index >= nk->num_subkeys) )
1429 /* find the HBIN block which should contain the nk record */
1431 if ( !(hbin = lookup_hbin_block( file, nk->subkeys.hashes[nk->subkey_index].nk_off )) ) {
1432 DEBUG(0,("hbin_prs_key: Failed to find HBIN block containing offset [0x%x]\n",
1433 nk->subkeys.hashes[nk->subkey_index].nk_off));
1437 nk_offset = nk->subkeys.hashes[nk->subkey_index].nk_off;
1438 if ( !prs_set_offset( &hbin->ps, (HBIN_HDR_SIZE + nk_offset - hbin->first_hbin_off) ) )
1442 if ( !(subkey = TALLOC_ZERO_P( file->mem_ctx, REGF_NK_REC )) )
1445 if ( !hbin_prs_key( file, hbin, subkey ) )
1452 /*******************************************************************
1453 *******************************************************************/
1455 static REGF_HBIN* regf_hbin_allocate( REGF_FILE *file, uint32 block_size )
1458 SMB_STRUCT_STAT sbuf;
1460 if ( !(hbin = TALLOC_ZERO_P( file->mem_ctx, REGF_HBIN )) )
1463 memcpy( hbin->header, "hbin", sizeof(HBIN_HDR_SIZE) );
1466 if (sys_fstat(file->fd, &sbuf, false)) {
1467 DEBUG(0,("regf_hbin_allocate: stat() failed! (%s)\n", strerror(errno)));
1471 hbin->file_off = sbuf.st_ex_size;
1473 hbin->free_off = HBIN_HEADER_REC_SIZE;
1474 hbin->free_size = block_size - hbin->free_off + sizeof(uint32);;
1476 hbin->block_size = block_size;
1477 hbin->first_hbin_off = hbin->file_off - REGF_BLOCKSIZE;
1479 if ( !prs_init( &hbin->ps, block_size, file->mem_ctx, MARSHALL ) )
1482 if ( !prs_hbin_block( "new_hbin", &hbin->ps, 0, hbin ) )
1485 if ( !write_hbin_block( file, hbin ) )
1488 file->last_block = hbin->file_off;
1493 /*******************************************************************
1494 *******************************************************************/
1496 static void update_free_space( REGF_HBIN *hbin, uint32 size_used )
1498 hbin->free_off += size_used;
1499 hbin->free_size -= size_used;
1501 if ( hbin->free_off >= hbin->block_size ) {
1502 hbin->free_off = REGF_OFFSET_NONE;
1508 /*******************************************************************
1509 *******************************************************************/
1511 static REGF_HBIN* find_free_space( REGF_FILE *file, uint32 size )
1513 REGF_HBIN *hbin, *p_hbin;
1517 /* check open block list */
1519 for ( hbin=file->block_list; hbin!=NULL; hbin=hbin->next ) {
1520 /* only check blocks that actually have available space */
1522 if ( hbin->free_off == REGF_OFFSET_NONE )
1525 /* check for a large enough available chunk */
1527 if ( (hbin->block_size - hbin->free_off) >= size ) {
1528 DLIST_PROMOTE( file->block_list, hbin );
1533 /* parse the file until we find a block with
1534 enough free space; save the last non-filled hbin */
1536 block_off = REGF_BLOCKSIZE;
1538 /* cleanup before the next round */
1541 prs_mem_free( &hbin->ps );
1543 hbin = read_hbin_block( file, block_off );
1547 /* make sure that we don't already have this block in memory */
1549 for ( p_hbin=file->block_list; p_hbin!=NULL; p_hbin=p_hbin->next ) {
1550 if ( p_hbin->file_off == hbin->file_off ) {
1556 block_off = hbin->file_off + hbin->block_size;
1559 prs_mem_free( &hbin->ps );
1564 /* if (cached block or (new block and not enough free space)) then continue looping */
1565 } while ( cached || (hbin && (hbin->free_size < size)) );
1567 /* no free space; allocate a new one */
1572 /* allocate in multiples of REGF_ALLOC_BLOCK; make sure (size + hbin_header) fits */
1574 alloc_size = (((size+HBIN_HEADER_REC_SIZE) / REGF_ALLOC_BLOCK ) + 1 ) * REGF_ALLOC_BLOCK;
1576 if ( !(hbin = regf_hbin_allocate( file, alloc_size )) ) {
1577 DEBUG(0,("find_free_space: regf_hbin_allocate() failed!\n"));
1580 DLIST_ADD( file->block_list, hbin );
1584 /* set the offset to be ready to write */
1586 if ( !prs_set_offset( &hbin->ps, hbin->free_off-sizeof(uint32) ) )
1589 /* write the record size as a placeholder for now, it should be
1590 probably updated by the caller once it all of the data necessary
1593 if ( !prs_uint32("allocated_size", &hbin->ps, 0, &size) )
1596 update_free_space( hbin, size );
1601 /*******************************************************************
1602 *******************************************************************/
1604 static uint32 sk_record_data_size( struct security_descriptor * sd )
1606 uint32 size, size_mod8;
1610 /* the record size is sizeof(hdr) + name + static members + data_size_field */
1612 size = sizeof(uint32)*5 + ndr_size_security_descriptor(sd, 0) + sizeof(uint32);
1615 size_mod8 = size & 0xfffffff8;
1616 if ( size_mod8 < size )
1622 /*******************************************************************
1623 *******************************************************************/
1625 static uint32 vk_record_data_size( REGF_VK_REC *vk )
1627 uint32 size, size_mod8;
1631 /* the record size is sizeof(hdr) + name + static members + data_size_field */
1633 size = REC_HDR_SIZE + (sizeof(uint16)*3) + (sizeof(uint32)*3) + sizeof(uint32);
1635 if ( vk->valuename )
1636 size += strlen(vk->valuename);
1639 size_mod8 = size & 0xfffffff8;
1640 if ( size_mod8 < size )
1646 /*******************************************************************
1647 *******************************************************************/
1649 static uint32 lf_record_data_size( uint32 num_keys )
1651 uint32 size, size_mod8;
1655 /* the record size is sizeof(hdr) + num_keys + sizeof of hash_array + data_size_uint32 */
1657 size = REC_HDR_SIZE + sizeof(uint16) + (sizeof(REGF_HASH_REC) * num_keys) + sizeof(uint32);
1660 size_mod8 = size & 0xfffffff8;
1661 if ( size_mod8 < size )
1667 /*******************************************************************
1668 *******************************************************************/
1670 static uint32 nk_record_data_size( REGF_NK_REC *nk )
1672 uint32 size, size_mod8;
1676 /* the record size is static + length_of_keyname + length_of_classname + data_size_uint32 */
1678 size = 0x4c + strlen(nk->keyname) + sizeof(uint32);
1680 if ( nk->classname )
1681 size += strlen( nk->classname );
1684 size_mod8 = size & 0xfffffff8;
1685 if ( size_mod8 < size )
1691 /*******************************************************************
1692 *******************************************************************/
1694 static bool create_vk_record(REGF_FILE *file, REGF_VK_REC *vk,
1695 struct regval_blob *value)
1697 char *name = regval_name(value);
1698 REGF_HBIN *data_hbin;
1702 memcpy( vk->header, "vk", REC_HDR_SIZE );
1705 vk->valuename = talloc_strdup( file->mem_ctx, regval_name(value) );
1706 vk->flag = VK_FLAG_NAME_PRESENT;
1709 vk->data_size = regval_size( value );
1710 vk->type = regval_type( value );
1712 if ( vk->data_size > sizeof(uint32) ) {
1713 uint32 data_size = ( (vk->data_size+sizeof(uint32)) & 0xfffffff8 ) + 8;
1715 vk->data = (uint8 *)TALLOC_MEMDUP( file->mem_ctx,
1716 regval_data_p(value),
1718 if (vk->data == NULL) {
1722 /* go ahead and store the offset....we'll pick this hbin block back up when
1723 we stream the data */
1725 if ((data_hbin = find_free_space(file, data_size )) == NULL) {
1728 vk->data_off = prs_offset( &data_hbin->ps ) + data_hbin->first_hbin_off - HBIN_HDR_SIZE;
1731 /* make sure we don't try to copy from a NULL value pointer */
1733 if ( vk->data_size != 0 )
1734 memcpy( &vk->data_off, regval_data_p(value), sizeof(uint32) );
1735 vk->data_size |= VK_DATA_IN_OFFSET;
1741 /*******************************************************************
1742 *******************************************************************/
1744 static int hashrec_cmp( REGF_HASH_REC *h1, REGF_HASH_REC *h2 )
1746 return StrCaseCmp( h1->fullname, h2->fullname );
1749 /*******************************************************************
1750 *******************************************************************/
1752 REGF_NK_REC* regfio_write_key( REGF_FILE *file, const char *name,
1753 struct regval_ctr *values, struct regsubkey_ctr *subkeys,
1754 struct security_descriptor *sec_desc, REGF_NK_REC *parent )
1757 REGF_HBIN *vlist_hbin = NULL;
1760 if ( !(nk = TALLOC_ZERO_P( file->mem_ctx, REGF_NK_REC )) )
1763 memcpy( nk->header, "nk", REC_HDR_SIZE );
1766 nk->key_type = NK_TYPE_ROOTKEY;
1768 nk->key_type = NK_TYPE_NORMALKEY;
1770 /* store the parent offset (or -1 if a the root key */
1772 nk->parent_off = parent ? (parent->hbin_off + parent->hbin->file_off - REGF_BLOCKSIZE - HBIN_HDR_SIZE ) : REGF_OFFSET_NONE;
1774 /* no classname currently */
1776 nk->classname_off = REGF_OFFSET_NONE;
1777 nk->classname = NULL;
1778 nk->keyname = talloc_strdup( file->mem_ctx, name );
1780 /* current modification time */
1782 unix_to_nt_time( &nk->mtime, time(NULL) );
1784 /* allocate the record on disk */
1786 size = nk_record_data_size( nk );
1787 nk->rec_size = ( size - 1 ) ^ 0XFFFFFFFF;
1788 if ((nk->hbin = find_free_space( file, size )) == NULL) {
1791 nk->hbin_off = prs_offset( &nk->hbin->ps );
1793 /* Update the hash record in the parent */
1796 REGF_HASH_REC *hash = &parent->subkeys.hashes[parent->subkey_index];
1798 hash->nk_off = prs_offset( &nk->hbin->ps ) + nk->hbin->first_hbin_off - HBIN_HDR_SIZE;
1799 memcpy( hash->keycheck, name, sizeof(uint32) );
1800 hash->fullname = talloc_strdup( file->mem_ctx, name );
1801 parent->subkey_index++;
1803 /* sort the list by keyname */
1804 TYPESAFE_QSORT(parent->subkeys.hashes, parent->subkey_index, hashrec_cmp);
1806 if ( !hbin_prs_lf_records( "lf_rec", parent->subkeys.hbin, 0, parent ) )
1810 /* write the security descriptor */
1812 nk->sk_off = REGF_OFFSET_NONE;
1814 uint32 sk_size = sk_record_data_size( sec_desc );
1817 /* search for it in the existing list of sd's */
1819 if ( (nk->sec_desc = find_sk_record_by_sec_desc( file, sec_desc )) == NULL ) {
1820 /* not found so add it to the list */
1822 if (!(sk_hbin = find_free_space( file, sk_size ))) {
1826 if ( !(nk->sec_desc = TALLOC_ZERO_P( file->mem_ctx, REGF_SK_REC )) )
1829 /* now we have to store the security descriptor in the list and
1830 update the offsets */
1832 memcpy( nk->sec_desc->header, "sk", REC_HDR_SIZE );
1833 nk->sec_desc->hbin = sk_hbin;
1834 nk->sec_desc->hbin_off = prs_offset( &sk_hbin->ps );
1835 nk->sec_desc->sk_off = prs_offset( &sk_hbin->ps ) + sk_hbin->first_hbin_off - HBIN_HDR_SIZE;
1836 nk->sec_desc->rec_size = (sk_size-1) ^ 0xFFFFFFFF;
1838 nk->sec_desc->sec_desc = sec_desc;
1839 nk->sec_desc->ref_count = 0;
1841 /* size value must be self-inclusive */
1842 nk->sec_desc->size = ndr_size_security_descriptor(sec_desc, 0)
1845 DLIST_ADD_END( file->sec_desc_list, nk->sec_desc, REGF_SK_REC *);
1847 /* update the offsets for us and the previous sd in the list.
1848 if this is the first record, then just set the next and prev
1849 offsets to ourself. */
1851 if ( DLIST_PREV(nk->sec_desc) ) {
1852 REGF_SK_REC *prev = DLIST_PREV(nk->sec_desc);
1854 nk->sec_desc->prev_sk_off = prev->hbin_off + prev->hbin->first_hbin_off - HBIN_HDR_SIZE;
1855 prev->next_sk_off = nk->sec_desc->sk_off;
1857 /* the end must loop around to the front */
1858 nk->sec_desc->next_sk_off = file->sec_desc_list->sk_off;
1860 /* and first must loop around to the tail */
1861 file->sec_desc_list->prev_sk_off = nk->sec_desc->sk_off;
1863 nk->sec_desc->prev_sk_off = nk->sec_desc->sk_off;
1864 nk->sec_desc->next_sk_off = nk->sec_desc->sk_off;
1868 /* bump the reference count +1 */
1870 nk->sk_off = nk->sec_desc->sk_off;
1871 nk->sec_desc->ref_count++;
1874 /* write the subkeys */
1876 nk->subkeys_off = REGF_OFFSET_NONE;
1877 if ( (nk->num_subkeys = regsubkey_ctr_numkeys( subkeys )) != 0 ) {
1878 uint32 lf_size = lf_record_data_size( nk->num_subkeys );
1882 if (!(nk->subkeys.hbin = find_free_space( file, lf_size ))) {
1885 nk->subkeys.hbin_off = prs_offset( &nk->subkeys.hbin->ps );
1886 nk->subkeys.rec_size = (lf_size-1) ^ 0xFFFFFFFF;
1887 nk->subkeys_off = prs_offset( &nk->subkeys.hbin->ps ) + nk->subkeys.hbin->first_hbin_off - HBIN_HDR_SIZE;
1889 memcpy( nk->subkeys.header, "lf", REC_HDR_SIZE );
1891 nk->subkeys.num_keys = nk->num_subkeys;
1892 if (nk->subkeys.num_keys) {
1893 if ( !(nk->subkeys.hashes = TALLOC_ZERO_ARRAY( file->mem_ctx, REGF_HASH_REC, nk->subkeys.num_keys )) )
1896 nk->subkeys.hashes = NULL;
1898 nk->subkey_index = 0;
1900 /* update the max_bytes_subkey{name,classname} fields */
1901 for ( i=0; i<nk->num_subkeys; i++ ) {
1902 namelen = strlen( regsubkey_ctr_specific_key(subkeys, i) );
1903 if ( namelen*2 > nk->max_bytes_subkeyname )
1904 nk->max_bytes_subkeyname = namelen * 2;
1908 /* write the values */
1910 nk->values_off = REGF_OFFSET_NONE;
1911 if ( (nk->num_values = regval_ctr_numvals( values )) != 0 ) {
1912 uint32 vlist_size = ( ( nk->num_values * sizeof(uint32) ) & 0xfffffff8 ) + 8;
1915 if (!(vlist_hbin = find_free_space( file, vlist_size ))) {
1918 nk->values_off = prs_offset( &vlist_hbin->ps ) + vlist_hbin->first_hbin_off - HBIN_HDR_SIZE;
1920 if (nk->num_values) {
1921 if ( !(nk->values = TALLOC_ARRAY( file->mem_ctx, REGF_VK_REC, nk->num_values )) )
1927 /* create the vk records */
1929 for ( i=0; i<nk->num_values; i++ ) {
1930 uint32 vk_size, namelen, datalen;
1931 struct regval_blob *r;
1933 r = regval_ctr_specific_value( values, i );
1934 create_vk_record( file, &nk->values[i], r );
1935 vk_size = vk_record_data_size( &nk->values[i] );
1936 nk->values[i].hbin = find_free_space( file, vk_size );
1937 nk->values[i].hbin_off = prs_offset( &nk->values[i].hbin->ps );
1938 nk->values[i].rec_size = ( vk_size - 1 ) ^ 0xFFFFFFFF;
1939 nk->values[i].rec_off = prs_offset( &nk->values[i].hbin->ps )
1940 + nk->values[i].hbin->first_hbin_off
1943 /* update the max bytes fields if necessary */
1945 namelen = strlen( regval_name(r) );
1946 if ( namelen*2 > nk->max_bytes_valuename )
1947 nk->max_bytes_valuename = namelen * 2;
1949 datalen = regval_size( r );
1950 if ( datalen > nk->max_bytes_value )
1951 nk->max_bytes_value = datalen;
1955 /* stream the records */
1957 prs_set_offset( &nk->hbin->ps, nk->hbin_off );
1958 if ( !prs_nk_rec( "nk_rec", &nk->hbin->ps, 0, nk ) )
1961 if ( nk->num_values ) {
1962 if ( !hbin_prs_vk_records( "vk_records", vlist_hbin, 0, nk, file ) )
1967 regfio_flush( file );