2 Samba Unix/Linux SMB client utility libeditreg.c
3 Copyright (C) 2004 Jelmer Vernooij, jelmer@samba.org
5 Backend for Windows '95 registry files. Explanation of file format
6 comes from http://www.cs.mun.ca/~michael/regutils/.
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */
25 * The registry starts with a header that contains pointers to
28 * After the main header follows the RGKN header (key index table).
29 * The RGKN keys are listed after each other. They are put into
30 * blocks, the first having a length of 0x2000 bytes, the others
31 * being 0x1000 bytes long.
33 * After the RGKN header follow one or more RGDB blocks. These blocks
34 * contain keys. A key is followed by its name and its values.
36 * Values are followed by their name and then their data.
38 * Basically the idea is that the RGKN contains the associations between
39 * the keys and the RGDB contains the actual data.
43 typedef unsigned short WORD;
45 typedef struct creg_block {
46 DWORD CREG_ID; /* CREG */
57 typedef struct rgkn_block {
58 DWORD RGKN_ID; /* RGKN */
68 typedef struct reg_id {
73 typedef struct rgkn_key {
74 DWORD type; /* 0x00000000 = normal key, 0x80000000 = free block */
75 DWORD hash; /* Contains either hash or size of free blocks that follows */
78 DWORD first_child_offset;
84 typedef struct rgdb_block {
85 DWORD RGDB_ID; /* RGDB */
90 DWORD free_offset; /* -1 if there is no free space */
97 typedef struct rgdb_key {
106 typedef struct rgdb_value {
113 typedef struct creg_struct_s {
120 RGDB_KEY ***rgdb_keys;
123 #define RGKN_START_SIZE 0x2000
124 #define RGKN_INC_SIZE 0x1000
126 #define LOCN_RGKN(creg, o) ((RGKN_KEY *)((creg)->base + sizeof(CREG_HDR) + o))
127 #define LOCN_RGDB_BLOCK(creg, o) (((creg)->base + (creg)->creg_hdr->rgdb_offset + o))
128 #define LOCN_RGDB_KEY(creg, rgdb, id) ((RGDB_KEY *)((creg)->rgdb_keys[(rgdb)][(id)]))
130 static DWORD str_to_dword(const char *a) {
132 unsigned long ret = 0;
133 for(i = strlen(a)-1; i >= 0; i--) {
134 ret = ret * 0x100 + a[i];
141 static DWORD calc_hash(const char *str) {
144 for(i = 0; str[i] && str[i] != '\\'; i++) {
145 ret+=toupper(str[i]);
150 static void parse_rgkn_block(CREG *creg, off_t start_off, off_t end_off)
153 for(i = start_off; end_off - i > sizeof(RGKN_KEY); i+= sizeof(RGKN_KEY)) {
154 RGKN_KEY *key = (RGKN_KEY *)LOCN_RGKN(creg, i);
156 DEBUG(4,("Regular, id: %d, %d, parent: %x, firstchild: %x, next: %x hash: %lX\n", key->id.id, key->id.rgdb, key->parent_offset, key->first_child_offset, key->next_offset, (long)key->hash));
157 } else if(key->type == 0x80000000) {
161 DEBUG(0,("Invalid key type in RGKN: %0X\n", key->type));
168 static void parse_rgdb_block(CREG *creg, RGDB_HDR *rgdb_hdr)
170 DWORD used_size = rgdb_hdr->size - rgdb_hdr->unused_size;
173 while(offset < used_size) {
174 RGDB_KEY *key = (RGDB_KEY *)(((char *)rgdb_hdr) + sizeof(RGDB_HDR) + offset);
176 if(!(key->id.id == 0xFFFF && key->id.rgdb == 0xFFFF))creg->rgdb_keys[key->id.rgdb][key->id.id] = key;
181 static WERROR w95_open_reg (TALLOC_CTX *mem_ctx, struct registry_hive *h, struct registry_key **root)
184 DWORD creg_id, rgkn_id;
188 creg = talloc_p(mem_ctx, CREG);
189 memset(creg, 0, sizeof(CREG));
190 h->backend_data = creg;
192 if((creg->fd = open(h->location, O_RDONLY, 0000)) < 0) {
196 if (fstat(creg->fd, &creg->sbuf) < 0) {
200 creg->base = mmap(0, creg->sbuf.st_size, PROT_READ, MAP_SHARED, creg->fd, 0);
202 if ((int)creg->base == 1) {
203 DEBUG(0,("Could not mmap file: %s, %s\n", h->location, strerror(errno)));
207 creg->creg_hdr = (CREG_HDR *)creg->base;
209 if ((creg_id = IVAL(&creg->creg_hdr->CREG_ID,0)) != str_to_dword("CREG")) {
210 DEBUG(0, ("Unrecognized Windows 95 registry header id: 0x%0X, %s\n",
211 creg_id, h->location));
215 creg->rgkn_hdr = (RGKN_HDR *)LOCN_RGKN(creg, 0);
217 if ((rgkn_id = IVAL(&creg->rgkn_hdr->RGKN_ID,0)) != str_to_dword("RGKN")) {
218 DEBUG(0, ("Unrecognized Windows 95 registry key index id: 0x%0X, %s\n",
219 rgkn_id, h->location));
224 /* If'ed out because we only need to parse this stuff when allocating new
225 * entries (which we don't do at the moment */
226 /* First parse the 0x2000 long block */
227 parse_rgkn_block(creg, sizeof(RGKN_HDR), 0x2000);
229 /* Then parse the other 0x1000 length blocks */
230 for(offset = 0x2000; offset < creg->rgkn_hdr->size; offset+=0x1000) {
231 parse_rgkn_block(creg, offset, offset+0x1000);
235 creg->rgdb_keys = talloc_array_p(mem_ctx, RGDB_KEY **, creg->creg_hdr->num_rgdb);
238 DEBUG(3, ("Reading %d rgdb entries\n", creg->creg_hdr->num_rgdb));
239 for(i = 0; i < creg->creg_hdr->num_rgdb; i++) {
240 RGDB_HDR *rgdb_hdr = (RGDB_HDR *)LOCN_RGDB_BLOCK(creg, offset);
242 if(strncmp((char *)&(rgdb_hdr->RGDB_ID), "RGDB", 4)) {
243 DEBUG(0, ("unrecognized rgdb entry: %4d, %s\n",
244 rgdb_hdr->RGDB_ID, h->location));
247 DEBUG(3, ("Valid rgdb entry, first free id: %d, max id: %d\n", rgdb_hdr->first_free_id, rgdb_hdr->max_id));
251 creg->rgdb_keys[i] = talloc_array_p(mem_ctx, RGDB_KEY *, rgdb_hdr->max_id+1);
252 memset(creg->rgdb_keys[i], 0, sizeof(RGDB_KEY *) * (rgdb_hdr->max_id+1));
254 parse_rgdb_block(creg, rgdb_hdr);
256 offset+=rgdb_hdr->size;
259 /* First element in rgkn should be root key */
260 *root = talloc_p(mem_ctx, struct registry_key);
261 (*root)->name = NULL;
262 (*root)->backend_data = LOCN_RGKN(creg, sizeof(RGKN_HDR));
267 static WERROR w95_get_subkey_by_index (TALLOC_CTX *mem_ctx, struct registry_key *parent, int n, struct registry_key **key)
269 CREG *creg = parent->hive->backend_data;
270 RGKN_KEY *rgkn_key = parent->backend_data;
275 /* Get id of first child */
276 child_offset = rgkn_key->first_child_offset;
278 while(child_offset != 0xFFFFFFFF) {
279 child = LOCN_RGKN(creg, child_offset);
281 /* n == cur ? return! */
284 rgdb_key = LOCN_RGDB_KEY(creg, child->id.rgdb, child->id.id);
286 DEBUG(0, ("Can't find %d,%d in RGDB table!\n", child->id.rgdb, child->id.id));
289 *key = talloc_p(mem_ctx, struct registry_key);
290 (*key)->backend_data = child;
291 (*key)->name = talloc_strndup(mem_ctx, (char *)rgdb_key + sizeof(RGDB_KEY), rgdb_key->name_len);
297 child_offset = child->next_offset;
300 return WERR_NO_MORE_ITEMS;
303 static WERROR w95_num_values(struct registry_key *k, int *count)
305 RGKN_KEY *rgkn_key = k->backend_data;
306 RGDB_KEY *rgdb_key = LOCN_RGDB_KEY((CREG *)k->hive->backend_data, rgkn_key->id.rgdb, rgkn_key->id.id);
308 if(!rgdb_key) return WERR_FOOBAR;
310 *count = rgdb_key->num_values;
315 static WERROR w95_get_value_by_id(TALLOC_CTX *mem_ctx, struct registry_key *k, int idx, struct registry_value **value)
317 RGKN_KEY *rgkn_key = k->backend_data;
320 RGDB_KEY *rgdb_key = LOCN_RGDB_KEY((CREG *)k->hive->backend_data, rgkn_key->id.rgdb, rgkn_key->id.id);
323 if(!rgdb_key) return WERR_FOOBAR;
325 if(idx >= rgdb_key->num_values) return WERR_NO_MORE_ITEMS;
327 for(i = 0; i < idx; i++) {
328 curval = (RGDB_VALUE *)(((char *)rgdb_key) + sizeof(RGDB_KEY) + rgdb_key->name_len + offset);
329 offset+=sizeof(RGDB_VALUE) + curval->name_len + curval->data_len;
332 *value = talloc_p(mem_ctx, struct registry_value);
333 (*value)->backend_data = curval;
334 (*value)->name = talloc_strndup(mem_ctx, (char *)curval+sizeof(RGDB_VALUE), curval->name_len);
336 (*value)->data_len = curval->data_len;
337 (*value)->data_blk = talloc_memdup(mem_ctx, (char *)curval+sizeof(RGDB_VALUE)+curval->name_len, curval->data_len);
338 (*value)->data_type = curval->type;
343 static struct registry_operations reg_backend_w95 = {
345 .open_hive = w95_open_reg,
346 .get_value_by_index = w95_get_value_by_id,
347 .num_values = w95_num_values,
348 .get_subkey_by_index = w95_get_subkey_by_index,
351 NTSTATUS registry_w95_init(void)
353 return register_backend("registry", ®_backend_w95);