root/source3/registry/regfio.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. write_block
  2. read_block
  3. write_hbin_block
  4. hbin_block_close
  5. prs_regf_block
  6. prs_hbin_block
  7. prs_nk_rec
  8. regf_block_checksum
  9. read_regf_block
  10. read_hbin_block
  11. hbin_contains_offset
  12. lookup_hbin_block
  13. prs_hash_rec
  14. hbin_prs_lf_records
  15. hbin_prs_sk_rec
  16. hbin_prs_vk_rec
  17. hbin_prs_vk_records
  18. find_sk_record_by_offset
  19. find_sk_record_by_sec_desc
  20. hbin_prs_key
  21. next_record
  22. next_nk_record
  23. init_regf_block
  24. regfio_open
  25. regfio_mem_free
  26. regfio_close
  27. regfio_flush
  28. regfio_rootkey
  29. regfio_fetch_subkey
  30. regf_hbin_allocate
  31. update_free_space
  32. find_free_space
  33. sk_record_data_size
  34. vk_record_data_size
  35. lf_record_data_size
  36. nk_record_data_size
  37. create_vk_record
  38. hashrec_cmp
  39. regfio_write_key

   1 /*
   2  * Unix SMB/CIFS implementation.
   3  * Windows NT registry I/O library
   4  * Copyright (c) Gerald (Jerry) Carter               2005
   5  *
   6  * This program is free software; you can redistribute it and/or modify
   7  * it under the terms of the GNU General Public License as published by
   8  * the Free Software Foundation; either version 3 of the License, or
   9  * (at your option) any later version.
  10  *
  11  * This program is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14  * GNU General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU General Public License
  17  * along with this program; if not, see <http://www.gnu.org/licenses/>.  
  18  */
  19 
  20 #include "includes.h"
  21 #include "regfio.h"
  22 
  23 #undef DBGC_CLASS
  24 #define DBGC_CLASS DBGC_REGISTRY
  25 
  26 /*******************************************************************
  27  *
  28  * TODO : Right now this code basically ignores classnames.
  29  *
  30  ******************************************************************/
  31 
  32 
  33 /*******************************************************************
  34 *******************************************************************/
  35 
  36 static int write_block( REGF_FILE *file, prs_struct *ps, uint32 offset )
     /* [<][>][^][v][top][bottom][index][help] */
  37 {
  38         int bytes_written, returned;
  39         char *buffer = prs_data_p( ps );
  40         uint32 buffer_size = prs_data_size( ps );
  41         SMB_STRUCT_STAT sbuf;
  42 
  43         if ( file->fd == -1 )
  44                 return -1;
  45 
  46         /* check for end of file */
  47 
  48         if ( sys_fstat( file->fd, &sbuf ) ) {
  49                 DEBUG(0,("write_block: stat() failed! (%s)\n", strerror(errno)));
  50                 return -1;
  51         }
  52 
  53         if ( lseek( file->fd, offset, SEEK_SET ) == -1 ) {
  54                 DEBUG(0,("write_block: lseek() failed! (%s)\n", strerror(errno) ));
  55                 return -1;
  56         }
  57         
  58         bytes_written = returned = 0;
  59         while ( bytes_written < buffer_size ) {
  60                 if ( (returned = write( file->fd, buffer+bytes_written, buffer_size-bytes_written )) == -1 ) {
  61                         DEBUG(0,("write_block: write() failed! (%s)\n", strerror(errno) ));
  62                         return False;
  63                 }
  64                                 
  65                 bytes_written += returned;
  66         }
  67         
  68         return bytes_written;
  69 }
  70 
  71 /*******************************************************************
  72 *******************************************************************/
  73 
  74 static int read_block( REGF_FILE *file, prs_struct *ps, uint32 file_offset, uint32 block_size )
     /* [<][>][^][v][top][bottom][index][help] */
  75 {
  76         int bytes_read, returned;
  77         char *buffer;
  78         SMB_STRUCT_STAT sbuf;
  79 
  80         /* check for end of file */
  81 
  82         if ( sys_fstat( file->fd, &sbuf ) ) {
  83                 DEBUG(0,("read_block: stat() failed! (%s)\n", strerror(errno)));
  84                 return -1;
  85         }
  86 
  87         if ( (size_t)file_offset >= sbuf.st_size )
  88                 return -1;
  89         
  90         /* if block_size == 0, we are parsing HBIN records and need 
  91            to read some of the header to get the block_size from there */
  92            
  93         if ( block_size == 0 ) {
  94                 char hdr[0x20];
  95 
  96                 if ( lseek( file->fd, file_offset, SEEK_SET ) == -1 ) {
  97                         DEBUG(0,("read_block: lseek() failed! (%s)\n", strerror(errno) ));
  98                         return -1;
  99                 }
 100 
 101                 returned = read( file->fd, hdr, 0x20 );
 102                 if ( (returned == -1) || (returned < 0x20) ) {
 103                         DEBUG(0,("read_block: failed to read in HBIN header. Is the file corrupt?\n"));
 104                         return -1;
 105                 }
 106 
 107                 /* make sure this is an hbin header */
 108 
 109                 if ( strncmp( hdr, "hbin", HBIN_HDR_SIZE ) != 0 ) {
 110                         DEBUG(0,("read_block: invalid block header!\n"));
 111                         return -1;
 112                 }
 113 
 114                 block_size = IVAL( hdr, 0x08 );
 115         }
 116 
 117         DEBUG(10,("read_block: block_size == 0x%x\n", block_size ));
 118 
 119         /* set the offset, initialize the buffer, and read the block from disk */
 120 
 121         if ( lseek( file->fd, file_offset, SEEK_SET ) == -1 ) {
 122                 DEBUG(0,("read_block: lseek() failed! (%s)\n", strerror(errno) ));
 123                 return -1;
 124         }
 125         
 126         if (!prs_init( ps, block_size, file->mem_ctx, UNMARSHALL )) {
 127                 DEBUG(0,("read_block: prs_init() failed! (%s)\n", strerror(errno) ));
 128                 return -1;
 129         }
 130         buffer = prs_data_p( ps );
 131         bytes_read = returned = 0;
 132 
 133         while ( bytes_read < block_size ) {
 134                 if ( (returned = read( file->fd, buffer+bytes_read, block_size-bytes_read )) == -1 ) {
 135                         DEBUG(0,("read_block: read() failed (%s)\n", strerror(errno) ));
 136                         return False;
 137                 }
 138                 if ( (returned == 0) && (bytes_read < block_size) ) {
 139                         DEBUG(0,("read_block: not a vald registry file ?\n" ));
 140                         return False;
 141                 }       
 142                 
 143                 bytes_read += returned;
 144         }
 145         
 146         return bytes_read;
 147 }
 148 
 149 /*******************************************************************
 150 *******************************************************************/
 151 
 152 static bool write_hbin_block( REGF_FILE *file, REGF_HBIN *hbin )
     /* [<][>][^][v][top][bottom][index][help] */
 153 {
 154         if ( !hbin->dirty )
 155                 return True;
 156 
 157         /* write free space record if any is available */
 158 
 159         if ( hbin->free_off != REGF_OFFSET_NONE ) {
 160                 uint32 header = 0xffffffff;
 161 
 162                 if ( !prs_set_offset( &hbin->ps, hbin->free_off-sizeof(uint32) ) )
 163                         return False;
 164                 if ( !prs_uint32( "free_size", &hbin->ps, 0, &hbin->free_size ) )
 165                         return False;
 166                 if ( !prs_uint32( "free_header", &hbin->ps, 0, &header ) )
 167                         return False;
 168         }
 169 
 170         hbin->dirty = (write_block( file, &hbin->ps, hbin->file_off ) != -1);
 171 
 172         return hbin->dirty;
 173 }
 174 
 175 /*******************************************************************
 176 *******************************************************************/
 177 
 178 static bool hbin_block_close( REGF_FILE *file, REGF_HBIN *hbin )
     /* [<][>][^][v][top][bottom][index][help] */
 179 {
 180         REGF_HBIN *p;
 181 
 182         /* remove the block from the open list and flush it to disk */
 183 
 184         for ( p=file->block_list; p && p!=hbin; p=p->next )
 185                 ;;
 186 
 187         if ( p == hbin ) {
 188                 DLIST_REMOVE( file->block_list, hbin );
 189         }
 190         else
 191                 DEBUG(0,("hbin_block_close: block not in open list!\n"));
 192 
 193         if ( !write_hbin_block( file, hbin ) )
 194                 return False;
 195 
 196         return True;
 197 }
 198 
 199 /*******************************************************************
 200 *******************************************************************/
 201 
 202 static bool prs_regf_block( const char *desc, prs_struct *ps, int depth, REGF_FILE *file )
     /* [<][>][^][v][top][bottom][index][help] */
 203 {
 204         prs_debug(ps, depth, desc, "prs_regf_block");
 205         depth++;
 206         
 207         if ( !prs_uint8s( True, "header", ps, depth, (uint8*)file->header, sizeof( file->header )) )
 208                 return False;
 209         
 210         /* yes, these values are always identical so store them only once */
 211         
 212         if ( !prs_uint32( "unknown1", ps, depth, &file->unknown1 ))
 213                 return False;
 214         if ( !prs_uint32( "unknown1 (again)", ps, depth, &file->unknown1 ))
 215                 return False;
 216 
 217         /* get the modtime */
 218         
 219         if ( !prs_set_offset( ps, 0x0c ) )
 220                 return False;
 221         if ( !smb_io_time( "modtime", &file->mtime, ps, depth ) )
 222                 return False;
 223 
 224         /* constants */
 225         
 226         if ( !prs_uint32( "unknown2", ps, depth, &file->unknown2 ))
 227                 return False;
 228         if ( !prs_uint32( "unknown3", ps, depth, &file->unknown3 ))
 229                 return False;
 230         if ( !prs_uint32( "unknown4", ps, depth, &file->unknown4 ))
 231                 return False;
 232         if ( !prs_uint32( "unknown5", ps, depth, &file->unknown5 ))
 233                 return False;
 234 
 235         /* get file offsets */
 236         
 237         if ( !prs_set_offset( ps, 0x24 ) )
 238                 return False;
 239         if ( !prs_uint32( "data_offset", ps, depth, &file->data_offset ))
 240                 return False;
 241         if ( !prs_uint32( "last_block", ps, depth, &file->last_block ))
 242                 return False;
 243                 
 244         /* one more constant */
 245         
 246         if ( !prs_uint32( "unknown6", ps, depth, &file->unknown6 ))
 247                 return False;
 248                 
 249         /* get the checksum */
 250         
 251         if ( !prs_set_offset( ps, 0x01fc ) )
 252                 return False;
 253         if ( !prs_uint32( "checksum", ps, depth, &file->checksum ))
 254                 return False;
 255         
 256         return True;
 257 }
 258 
 259 /*******************************************************************
 260 *******************************************************************/
 261 
 262 static bool prs_hbin_block( const char *desc, prs_struct *ps, int depth, REGF_HBIN *hbin )
     /* [<][>][^][v][top][bottom][index][help] */
 263 {
 264         uint32 block_size2;
 265 
 266         prs_debug(ps, depth, desc, "prs_regf_block");
 267         depth++;
 268         
 269         if ( !prs_uint8s( True, "header", ps, depth, (uint8*)hbin->header, sizeof( hbin->header )) )
 270                 return False;
 271 
 272         if ( !prs_uint32( "first_hbin_off", ps, depth, &hbin->first_hbin_off ))
 273                 return False;
 274 
 275         /* The dosreg.cpp comments say that the block size is at 0x1c.
 276            According to a WINXP NTUSER.dat file, this is wrong.  The block_size
 277            is at 0x08 */
 278 
 279         if ( !prs_uint32( "block_size", ps, depth, &hbin->block_size ))
 280                 return False;
 281 
 282         block_size2 = hbin->block_size;
 283         prs_set_offset( ps, 0x1c );
 284         if ( !prs_uint32( "block_size2", ps, depth, &block_size2 ))
 285                 return False;
 286 
 287         if ( MARSHALLING(ps) )
 288                 hbin->dirty = True;
 289         
 290 
 291         return True;
 292 }
 293 
 294 /*******************************************************************
 295 *******************************************************************/
 296 
 297 static bool prs_nk_rec( const char *desc, prs_struct *ps, int depth, REGF_NK_REC *nk )
     /* [<][>][^][v][top][bottom][index][help] */
 298 {
 299         uint16 class_length, name_length;
 300         uint32 start;
 301         uint32 data_size, start_off, end_off;
 302         uint32 unknown_off = REGF_OFFSET_NONE;
 303 
 304         nk->hbin_off = prs_offset( ps );
 305         start = nk->hbin_off;
 306         
 307         prs_debug(ps, depth, desc, "prs_nk_rec");
 308         depth++;
 309         
 310         /* back up and get the data_size */
 311         
 312         if ( !prs_set_offset( ps, prs_offset(ps)-sizeof(uint32)) )
 313                 return False;
 314         start_off = prs_offset( ps );
 315         if ( !prs_uint32( "rec_size", ps, depth, &nk->rec_size ))
 316                 return False;
 317         
 318         if ( !prs_uint8s( True, "header", ps, depth, (uint8*)nk->header, sizeof( nk->header )) )
 319                 return False;
 320                 
 321         if ( !prs_uint16( "key_type", ps, depth, &nk->key_type ))
 322                 return False;
 323         if ( !smb_io_time( "mtime", &nk->mtime, ps, depth ))
 324                 return False;
 325                 
 326         if ( !prs_set_offset( ps, start+0x0010 ) )
 327                 return False;
 328         if ( !prs_uint32( "parent_off", ps, depth, &nk->parent_off ))
 329                 return False;
 330         if ( !prs_uint32( "num_subkeys", ps, depth, &nk->num_subkeys ))
 331                 return False;
 332                 
 333         if ( !prs_set_offset( ps, start+0x001c ) )
 334                 return False;
 335         if ( !prs_uint32( "subkeys_off", ps, depth, &nk->subkeys_off ))
 336                 return False;
 337         if ( !prs_uint32( "unknown_off", ps, depth, &unknown_off) )
 338                 return False;
 339                 
 340         if ( !prs_set_offset( ps, start+0x0024 ) )
 341                 return False;
 342         if ( !prs_uint32( "num_values", ps, depth, &nk->num_values ))
 343                 return False;
 344         if ( !prs_uint32( "values_off", ps, depth, &nk->values_off ))
 345                 return False;
 346         if ( !prs_uint32( "sk_off", ps, depth, &nk->sk_off ))
 347                 return False;
 348         if ( !prs_uint32( "classname_off", ps, depth, &nk->classname_off ))
 349                 return False;
 350 
 351         if ( !prs_uint32( "max_bytes_subkeyname", ps, depth, &nk->max_bytes_subkeyname))
 352                 return False;
 353         if ( !prs_uint32( "max_bytes_subkeyclassname", ps, depth, &nk->max_bytes_subkeyclassname))
 354                 return False;
 355         if ( !prs_uint32( "max_bytes_valuename", ps, depth, &nk->max_bytes_valuename))
 356                 return False;
 357         if ( !prs_uint32( "max_bytes_value", ps, depth, &nk->max_bytes_value))
 358                 return False;
 359         if ( !prs_uint32( "unknown index", ps, depth, &nk->unk_index))
 360                 return False;
 361 
 362         name_length = nk->keyname ? strlen(nk->keyname) : 0 ;
 363         class_length = nk->classname ? strlen(nk->classname) : 0 ;
 364         if ( !prs_uint16( "name_length", ps, depth, &name_length ))
 365                 return False;
 366         if ( !prs_uint16( "class_length", ps, depth, &class_length ))
 367                 return False;   
 368                 
 369         if ( class_length ) {
 370                 ;;
 371         }
 372         
 373         if ( name_length ) {
 374                 if ( UNMARSHALLING(ps) ) {
 375                         if ( !(nk->keyname = PRS_ALLOC_MEM( ps, char, name_length+1 )) )
 376                                 return False;
 377                 }
 378 
 379                 if ( !prs_uint8s( True, "name", ps, depth, (uint8*)nk->keyname, name_length) )
 380                         return False;
 381 
 382                 if ( UNMARSHALLING(ps) ) 
 383                         nk->keyname[name_length] = '\0';
 384         }
 385 
 386         end_off = prs_offset( ps );
 387 
 388         /* data_size must be divisible by 8 and large enough to hold the original record */
 389 
 390         data_size = ((start_off - end_off) & 0xfffffff8 );
 391         if ( data_size > nk->rec_size )
 392                 DEBUG(10,("Encountered reused record (0x%x < 0x%x)\n", data_size, nk->rec_size));
 393 
 394         if ( MARSHALLING(ps) )
 395                 nk->hbin->dirty = True;
 396 
 397         return True;
 398 }
 399 
 400 /*******************************************************************
 401 *******************************************************************/
 402 
 403 static uint32 regf_block_checksum( prs_struct *ps )
     /* [<][>][^][v][top][bottom][index][help] */
 404 {
 405         char *buffer = prs_data_p( ps );
 406         uint32 checksum, x;
 407         int i;
 408 
 409         /* XOR of all bytes 0x0000 - 0x01FB */
 410                 
 411         checksum = x = 0;
 412         
 413         for ( i=0; i<0x01FB; i+=4 ) {
 414                 x = IVAL(buffer, i );
 415                 checksum ^= x;
 416         }
 417         
 418         return checksum;
 419 }
 420 
 421 /*******************************************************************
 422 *******************************************************************/
 423 
 424 static bool read_regf_block( REGF_FILE *file )
     /* [<][>][^][v][top][bottom][index][help] */
 425 {
 426         prs_struct ps;
 427         uint32 checksum;
 428         
 429         /* grab the first block from the file */
 430                 
 431         if ( read_block( file, &ps, 0, REGF_BLOCKSIZE ) == -1 )
 432                 return False;
 433         
 434         /* parse the block and verify the checksum */
 435         
 436         if ( !prs_regf_block( "regf_header", &ps, 0, file ) )
 437                 return False;   
 438                 
 439         checksum = regf_block_checksum( &ps );
 440         
 441         prs_mem_free( &ps );
 442         
 443         if ( file->checksum !=  checksum ) {
 444                 DEBUG(0,("read_regf_block: invalid checksum\n" ));
 445                 return False;
 446         }
 447 
 448         return True;
 449 }
 450 
 451 /*******************************************************************
 452 *******************************************************************/
 453 
 454 static REGF_HBIN* read_hbin_block( REGF_FILE *file, off_t offset )
     /* [<][>][^][v][top][bottom][index][help] */
 455 {
 456         REGF_HBIN *hbin;
 457         uint32 record_size, curr_off, block_size, header;
 458         
 459         if ( !(hbin = TALLOC_ZERO_P(file->mem_ctx, REGF_HBIN)) ) 
 460                 return NULL;
 461         hbin->file_off = offset;
 462         hbin->free_off = -1;
 463                 
 464         if ( read_block( file, &hbin->ps, offset, 0 ) == -1 )
 465                 return NULL;
 466         
 467         if ( !prs_hbin_block( "hbin", &hbin->ps, 0, hbin ) )
 468                 return NULL;    
 469 
 470         /* this should be the same thing as hbin->block_size but just in case */
 471 
 472         block_size = prs_data_size( &hbin->ps );        
 473 
 474         /* Find the available free space offset.  Always at the end,
 475            so walk the record list and stop when you get to the end.
 476            The end is defined by a record header of 0xffffffff.  The 
 477            previous 4 bytes contains the amount of free space remaining 
 478            in the hbin block. */
 479 
 480         /* remember that the record_size is in the 4 bytes preceeding the record itself */
 481 
 482         if ( !prs_set_offset( &hbin->ps, file->data_offset+HBIN_HDR_SIZE-sizeof(uint32) ) )
 483                 return False;
 484 
 485         record_size = 0;
 486         header = 0;
 487         curr_off = prs_offset( &hbin->ps );
 488         while ( header != 0xffffffff ) {
 489                 /* not done yet so reset the current offset to the 
 490                    next record_size field */
 491 
 492                 curr_off = curr_off+record_size;
 493 
 494                 /* for some reason the record_size of the last record in
 495                    an hbin block can extend past the end of the block
 496                    even though the record fits within the remaining 
 497                    space....aaarrrgggghhhhhh */
 498 
 499                 if ( curr_off >= block_size ) {
 500                         record_size = -1;
 501                         curr_off = -1;
 502                         break;
 503                 }
 504 
 505                 if ( !prs_set_offset( &hbin->ps, curr_off) )
 506                         return False;
 507 
 508                 if ( !prs_uint32( "rec_size", &hbin->ps, 0, &record_size ) )
 509                         return False;
 510                 if ( !prs_uint32( "header", &hbin->ps, 0, &header ) )
 511                         return False;
 512                 
 513                 SMB_ASSERT( record_size != 0 );
 514 
 515                 if ( record_size & 0x80000000 ) {
 516                         /* absolute_value(record_size) */
 517                         record_size = (record_size ^ 0xffffffff) + 1;
 518                 }
 519         }
 520 
 521         /* save the free space offset */
 522 
 523         if ( header == 0xffffffff ) {
 524 
 525                 /* account for the fact that the curr_off is 4 bytes behind the actual 
 526                    record header */
 527 
 528                 hbin->free_off = curr_off + sizeof(uint32);
 529                 hbin->free_size = record_size;
 530         }
 531 
 532         DEBUG(10,("read_hbin_block: free space offset == 0x%x\n", hbin->free_off));
 533 
 534         if ( !prs_set_offset( &hbin->ps, file->data_offset+HBIN_HDR_SIZE )  )
 535                 return False;
 536         
 537         return hbin;
 538 }
 539 
 540 /*******************************************************************
 541  Input a random offset and receive the corresponding HBIN 
 542  block for it
 543 *******************************************************************/
 544 
 545 static bool hbin_contains_offset( REGF_HBIN *hbin, uint32 offset )
     /* [<][>][^][v][top][bottom][index][help] */
 546 {
 547         if ( !hbin )
 548                 return False;
 549         
 550         if ( (offset > hbin->first_hbin_off) && (offset < (hbin->first_hbin_off+hbin->block_size)) )
 551                 return True;
 552                 
 553         return False;
 554 }
 555 
 556 /*******************************************************************
 557  Input a random offset and receive the corresponding HBIN 
 558  block for it
 559 *******************************************************************/
 560 
 561 static REGF_HBIN* lookup_hbin_block( REGF_FILE *file, uint32 offset )
     /* [<][>][^][v][top][bottom][index][help] */
 562 {
 563         REGF_HBIN *hbin = NULL;
 564         uint32 block_off;
 565 
 566         /* start with the open list */
 567 
 568         for ( hbin=file->block_list; hbin; hbin=hbin->next ) {
 569                 DEBUG(10,("lookup_hbin_block: address = 0x%x [0x%lx]\n", hbin->file_off, (unsigned long)hbin ));
 570                 if ( hbin_contains_offset( hbin, offset ) )
 571                         return hbin;
 572         }
 573         
 574         if ( !hbin ) {
 575                 /* start at the beginning */
 576 
 577                 block_off = REGF_BLOCKSIZE;
 578                 do {
 579                         /* cleanup before the next round */
 580                         if ( hbin )
 581                                 prs_mem_free( &hbin->ps );
 582 
 583                         hbin = read_hbin_block( file, block_off );
 584 
 585                         if ( hbin ) 
 586                                 block_off = hbin->file_off + hbin->block_size;
 587 
 588                 } while ( hbin && !hbin_contains_offset( hbin, offset ) );
 589         }
 590 
 591         if ( hbin )
 592                 DLIST_ADD( file->block_list, hbin );
 593 
 594         return hbin;
 595 }
 596 
 597 /*******************************************************************
 598 *******************************************************************/
 599 
 600 static bool prs_hash_rec( const char *desc, prs_struct *ps, int depth, REGF_HASH_REC *hash )
     /* [<][>][^][v][top][bottom][index][help] */
 601 {
 602         prs_debug(ps, depth, desc, "prs_hash_rec");
 603         depth++;
 604 
 605         if ( !prs_uint32( "nk_off", ps, depth, &hash->nk_off ))
 606                 return False;
 607         if ( !prs_uint8s( True, "keycheck", ps, depth, hash->keycheck, sizeof( hash->keycheck )) )
 608                 return False;
 609         
 610         return True;
 611 }
 612 
 613 /*******************************************************************
 614 *******************************************************************/
 615 
 616 static bool hbin_prs_lf_records( const char *desc, REGF_HBIN *hbin, int depth, REGF_NK_REC *nk )
     /* [<][>][^][v][top][bottom][index][help] */
 617 {
 618         int i;
 619         REGF_LF_REC *lf = &nk->subkeys;
 620         uint32 data_size, start_off, end_off;
 621 
 622         prs_debug(&hbin->ps, depth, desc, "prs_lf_records");
 623         depth++;
 624 
 625         /* check if we have anything to do first */
 626         
 627         if ( nk->num_subkeys == 0 )
 628                 return True;
 629 
 630         /* move to the LF record */
 631 
 632         if ( !prs_set_offset( &hbin->ps, nk->subkeys_off + HBIN_HDR_SIZE - hbin->first_hbin_off ) )
 633                 return False;
 634 
 635         /* backup and get the data_size */
 636         
 637         if ( !prs_set_offset( &hbin->ps, prs_offset(&hbin->ps)-sizeof(uint32)) )
 638                 return False;
 639         start_off = prs_offset( &hbin->ps );
 640         if ( !prs_uint32( "rec_size", &hbin->ps, depth, &lf->rec_size ))
 641                 return False;
 642 
 643         if ( !prs_uint8s( True, "header", &hbin->ps, depth, (uint8*)lf->header, sizeof( lf->header )) )
 644                 return False;
 645                 
 646         if ( !prs_uint16( "num_keys", &hbin->ps, depth, &lf->num_keys))
 647                 return False;
 648 
 649         if ( UNMARSHALLING(&hbin->ps) ) {
 650                 if (lf->num_keys) {
 651                         if ( !(lf->hashes = PRS_ALLOC_MEM( &hbin->ps, REGF_HASH_REC, lf->num_keys )) )
 652                                 return False;
 653                 } else {
 654                         lf->hashes = NULL;
 655                 }
 656         }
 657 
 658         for ( i=0; i<lf->num_keys; i++ ) {
 659                 if ( !prs_hash_rec( "hash_rec", &hbin->ps, depth, &lf->hashes[i] ) )
 660                         return False;
 661         }
 662 
 663         end_off = prs_offset( &hbin->ps );
 664 
 665         /* data_size must be divisible by 8 and large enough to hold the original record */
 666 
 667         data_size = ((start_off - end_off) & 0xfffffff8 );
 668         if ( data_size > lf->rec_size )
 669                 DEBUG(10,("Encountered reused record (0x%x < 0x%x)\n", data_size, lf->rec_size));
 670 
 671         if ( MARSHALLING(&hbin->ps) )
 672                 hbin->dirty = True;
 673 
 674         return True;
 675 }
 676 
 677 /*******************************************************************
 678 *******************************************************************/
 679 
 680 static bool hbin_prs_sk_rec( const char *desc, REGF_HBIN *hbin, int depth, REGF_SK_REC *sk )
     /* [<][>][^][v][top][bottom][index][help] */
 681 {
 682         prs_struct *ps = &hbin->ps;
 683         uint16 tag = 0xFFFF;
 684         uint32 data_size, start_off, end_off;
 685 
 686 
 687         prs_debug(ps, depth, desc, "hbin_prs_sk_rec");
 688         depth++;
 689 
 690         if ( !prs_set_offset( &hbin->ps, sk->sk_off + HBIN_HDR_SIZE - hbin->first_hbin_off ) )
 691                 return False;
 692 
 693         /* backup and get the data_size */
 694         
 695         if ( !prs_set_offset( &hbin->ps, prs_offset(&hbin->ps)-sizeof(uint32)) )
 696                 return False;
 697         start_off = prs_offset( &hbin->ps );
 698         if ( !prs_uint32( "rec_size", &hbin->ps, depth, &sk->rec_size ))
 699                 return False;
 700 
 701         if ( !prs_uint8s( True, "header", ps, depth, (uint8*)sk->header, sizeof( sk->header )) )
 702                 return False;
 703         if ( !prs_uint16( "tag", ps, depth, &tag))
 704                 return False;
 705 
 706         if ( !prs_uint32( "prev_sk_off", ps, depth, &sk->prev_sk_off))
 707                 return False;
 708         if ( !prs_uint32( "next_sk_off", ps, depth, &sk->next_sk_off))
 709                 return False;
 710         if ( !prs_uint32( "ref_count", ps, depth, &sk->ref_count))
 711                 return False;
 712         if ( !prs_uint32( "size", ps, depth, &sk->size))
 713                 return False;
 714 
 715         {
 716                 NTSTATUS status;
 717                 TALLOC_CTX *mem_ctx = prs_get_mem_context(&hbin->ps);
 718                 DATA_BLOB blob;
 719 
 720                 if (MARSHALLING(&hbin->ps)) {
 721                         status = marshall_sec_desc(mem_ctx,
 722                                                    sk->sec_desc,
 723                                                    &blob.data, &blob.length);
 724                         if (!NT_STATUS_IS_OK(status))
 725                                 return False;
 726                         if (!prs_copy_data_in(&hbin->ps, (const char *)blob.data, blob.length))
 727                                 return False;
 728                 } else {
 729                         blob = data_blob_const(prs_data_p(&hbin->ps),
 730                                                prs_data_size(&hbin->ps));
 731                         status = unmarshall_sec_desc(mem_ctx,
 732                                                      blob.data, blob.length,
 733                                                      &sk->sec_desc);
 734                         if (!NT_STATUS_IS_OK(status))
 735                                 return False;
 736                         prs_set_offset(&hbin->ps, blob.length);
 737                 }
 738         }
 739 
 740         end_off = prs_offset( &hbin->ps );
 741 
 742         /* data_size must be divisible by 8 and large enough to hold the original record */
 743 
 744         data_size = ((start_off - end_off) & 0xfffffff8 );
 745         if ( data_size > sk->rec_size )
 746                 DEBUG(10,("Encountered reused record (0x%x < 0x%x)\n", data_size, sk->rec_size));
 747 
 748         if ( MARSHALLING(&hbin->ps) )
 749                 hbin->dirty = True;
 750 
 751         return True;
 752 }
 753 
 754 /*******************************************************************
 755 *******************************************************************/
 756 
 757 static bool hbin_prs_vk_rec( const char *desc, REGF_HBIN *hbin, int depth, REGF_VK_REC *vk, REGF_FILE *file )
     /* [<][>][^][v][top][bottom][index][help] */
 758 {
 759         uint32 offset;
 760         uint16 name_length;
 761         prs_struct *ps = &hbin->ps;
 762         uint32 data_size, start_off, end_off;
 763 
 764         prs_debug(ps, depth, desc, "prs_vk_rec");
 765         depth++;
 766 
 767         /* backup and get the data_size */
 768         
 769         if ( !prs_set_offset( &hbin->ps, prs_offset(&hbin->ps)-sizeof(uint32)) )
 770                 return False;
 771         start_off = prs_offset( &hbin->ps );
 772         if ( !prs_uint32( "rec_size", &hbin->ps, depth, &vk->rec_size ))
 773                 return False;
 774 
 775         if ( !prs_uint8s( True, "header", ps, depth, (uint8*)vk->header, sizeof( vk->header )) )
 776                 return False;
 777 
 778         if ( MARSHALLING(&hbin->ps) )
 779                 name_length = strlen(vk->valuename);
 780 
 781         if ( !prs_uint16( "name_length", ps, depth, &name_length ))
 782                 return False;
 783         if ( !prs_uint32( "data_size", ps, depth, &vk->data_size ))
 784                 return False;
 785         if ( !prs_uint32( "data_off", ps, depth, &vk->data_off ))
 786                 return False;
 787         if ( !prs_uint32( "type", ps, depth, &vk->type))
 788                 return False;
 789         if ( !prs_uint16( "flag", ps, depth, &vk->flag))
 790                 return False;
 791 
 792         offset = prs_offset( ps );
 793         offset += 2;    /* skip 2 bytes */
 794         prs_set_offset( ps, offset );
 795 
 796         /* get the name */
 797 
 798         if ( vk->flag&VK_FLAG_NAME_PRESENT ) {
 799 
 800                 if ( UNMARSHALLING(&hbin->ps) ) {
 801                         if ( !(vk->valuename = PRS_ALLOC_MEM( ps, char, name_length+1 )))
 802                                 return False;
 803                 }
 804                 if ( !prs_uint8s( True, "name", ps, depth, (uint8*)vk->valuename, name_length ) )
 805                         return False;
 806         }
 807 
 808         end_off = prs_offset( &hbin->ps );
 809 
 810         /* get the data if necessary */
 811 
 812         if ( vk->data_size != 0 ) {
 813                 bool charmode = False;
 814 
 815                 if ( (vk->type == REG_SZ) || (vk->type == REG_MULTI_SZ) )
 816                         charmode = True;
 817 
 818                 /* the data is stored in the offset if the size <= 4 */
 819 
 820                 if ( !(vk->data_size & VK_DATA_IN_OFFSET) ) {
 821                         REGF_HBIN *hblock = hbin;
 822                         uint32 data_rec_size;
 823 
 824                         if ( UNMARSHALLING(&hbin->ps) ) {
 825                                 if ( !(vk->data = PRS_ALLOC_MEM( ps, uint8, vk->data_size) ) )
 826                                         return False;
 827                         }
 828 
 829                         /* this data can be in another hbin */
 830                         if ( !hbin_contains_offset( hbin, vk->data_off ) ) {
 831                                 if ( !(hblock = lookup_hbin_block( file, vk->data_off )) )
 832                                         return False;
 833                         }
 834                         if ( !(prs_set_offset( &hblock->ps, (vk->data_off+HBIN_HDR_SIZE-hblock->first_hbin_off)-sizeof(uint32) )) )
 835                                 return False;
 836 
 837                         if ( MARSHALLING(&hblock->ps) ) {
 838                                 data_rec_size = ( (vk->data_size+sizeof(uint32)) & 0xfffffff8 ) + 8;
 839                                 data_rec_size = ( data_rec_size - 1 ) ^ 0xFFFFFFFF;
 840                         }
 841                         if ( !prs_uint32( "data_rec_size", &hblock->ps, depth, &data_rec_size ))
 842                                 return False;
 843                         if ( !prs_uint8s( charmode, "data", &hblock->ps, depth, vk->data, vk->data_size) )
 844                                 return False;
 845 
 846                         if ( MARSHALLING(&hblock->ps) )
 847                                 hblock->dirty = True;
 848                 }
 849                 else {
 850                         if ( !(vk->data = PRS_ALLOC_MEM( ps, uint8, 4 ) ) )
 851                                 return False;
 852                         SIVAL( vk->data, 0, vk->data_off );
 853                 }
 854                 
 855         }
 856 
 857         /* data_size must be divisible by 8 and large enough to hold the original record */
 858 
 859         data_size = ((start_off - end_off ) & 0xfffffff8 );
 860         if ( data_size !=  vk->rec_size )
 861                 DEBUG(10,("prs_vk_rec: data_size check failed (0x%x < 0x%x)\n", data_size, vk->rec_size));
 862 
 863         if ( MARSHALLING(&hbin->ps) )
 864                 hbin->dirty = True;
 865 
 866         return True;
 867 }
 868 
 869 /*******************************************************************
 870  read a VK record which is contained in the HBIN block stored 
 871  in the prs_struct *ps.
 872 *******************************************************************/
 873 
 874 static bool hbin_prs_vk_records( const char *desc, REGF_HBIN *hbin, int depth, REGF_NK_REC *nk, REGF_FILE *file )
     /* [<][>][^][v][top][bottom][index][help] */
 875 {
 876         int i;
 877         uint32 record_size;
 878 
 879         prs_debug(&hbin->ps, depth, desc, "prs_vk_records");
 880         depth++;
 881         
 882         /* check if we have anything to do first */
 883         
 884         if ( nk->num_values == 0 )
 885                 return True;
 886                 
 887         if ( UNMARSHALLING(&hbin->ps) ) {
 888                 if ( !(nk->values = PRS_ALLOC_MEM( &hbin->ps, REGF_VK_REC, nk->num_values ) ) )
 889                         return False;
 890         }
 891         
 892         /* convert the offset to something relative to this HBIN block */
 893         
 894         if ( !prs_set_offset( &hbin->ps, nk->values_off+HBIN_HDR_SIZE-hbin->first_hbin_off-sizeof(uint32)) )
 895                 return False;
 896 
 897         if ( MARSHALLING( &hbin->ps) ) { 
 898                 record_size = ( ( nk->num_values * sizeof(uint32) ) & 0xfffffff8 ) + 8;
 899                 record_size = (record_size - 1) ^ 0xFFFFFFFF;
 900         }
 901 
 902         if ( !prs_uint32( "record_size", &hbin->ps, depth, &record_size ) )
 903                 return False;
 904                 
 905         for ( i=0; i<nk->num_values; i++ ) {
 906                 if ( !prs_uint32( "vk_off", &hbin->ps, depth, &nk->values[i].rec_off ) )
 907                         return False;
 908         }
 909 
 910         for ( i=0; i<nk->num_values; i++ ) {
 911                 REGF_HBIN *sub_hbin = hbin;
 912                 uint32 new_offset;
 913         
 914                 if ( !hbin_contains_offset( hbin, nk->values[i].rec_off ) ) {
 915                         sub_hbin = lookup_hbin_block( file, nk->values[i].rec_off );
 916                         if ( !sub_hbin ) {
 917                                 DEBUG(0,("hbin_prs_vk_records: Failed to find HBIN block containing offset [0x%x]\n", 
 918                                         nk->values[i].hbin_off));
 919                                 return False;
 920                         }
 921                 }
 922                 
 923                 new_offset = nk->values[i].rec_off + HBIN_HDR_SIZE - sub_hbin->first_hbin_off;
 924                 if ( !prs_set_offset( &sub_hbin->ps, new_offset ) )
 925                         return False;
 926                 if ( !hbin_prs_vk_rec( "vk_rec", sub_hbin, depth, &nk->values[i], file ) )
 927                         return False;
 928         }
 929 
 930         if ( MARSHALLING(&hbin->ps) )
 931                 hbin->dirty = True;
 932 
 933 
 934         return True;
 935 }
 936 
 937 
 938 /*******************************************************************
 939 *******************************************************************/
 940 
 941 static REGF_SK_REC* find_sk_record_by_offset( REGF_FILE *file, uint32 offset )
     /* [<][>][^][v][top][bottom][index][help] */
 942 {
 943         REGF_SK_REC *p_sk;
 944         
 945         for ( p_sk=file->sec_desc_list; p_sk; p_sk=p_sk->next ) {
 946                 if ( p_sk->sk_off == offset ) 
 947                         return p_sk;
 948         }
 949         
 950         return NULL;
 951 }
 952 
 953 /*******************************************************************
 954 *******************************************************************/
 955 
 956 static REGF_SK_REC* find_sk_record_by_sec_desc( REGF_FILE *file, SEC_DESC *sd )
     /* [<][>][^][v][top][bottom][index][help] */
 957 {
 958         REGF_SK_REC *p;
 959 
 960         for ( p=file->sec_desc_list; p; p=p->next ) {
 961                 if ( sec_desc_equal( p->sec_desc, sd ) )
 962                         return p;
 963         }
 964 
 965         /* failure */
 966 
 967         return NULL;
 968 }
 969 
 970 /*******************************************************************
 971 *******************************************************************/
 972 
 973 static bool hbin_prs_key( REGF_FILE *file, REGF_HBIN *hbin, REGF_NK_REC *nk )
     /* [<][>][^][v][top][bottom][index][help] */
 974 {
 975         int depth = 0;
 976         REGF_HBIN *sub_hbin;
 977         
 978         prs_debug(&hbin->ps, depth, "", "fetch_key");
 979         depth++;
 980 
 981         /* get the initial nk record */
 982         
 983         if ( !prs_nk_rec( "nk_rec", &hbin->ps, depth, nk ))
 984                 return False;
 985 
 986         /* fill in values */
 987         
 988         if ( nk->num_values && (nk->values_off!=REGF_OFFSET_NONE) ) {
 989                 sub_hbin = hbin;
 990                 if ( !hbin_contains_offset( hbin, nk->values_off ) ) {
 991                         sub_hbin = lookup_hbin_block( file, nk->values_off );
 992                         if ( !sub_hbin ) {
 993                                 DEBUG(0,("hbin_prs_key: Failed to find HBIN block containing value_list_offset [0x%x]\n", 
 994                                         nk->values_off));
 995                                 return False;
 996                         }
 997                 }
 998                 
 999                 if ( !hbin_prs_vk_records( "vk_rec", sub_hbin, depth, nk, file ))
1000                         return False;
1001         }
1002                 
1003         /* now get subkeys */
1004         
1005         if ( nk->num_subkeys && (nk->subkeys_off!=REGF_OFFSET_NONE) ) {
1006                 sub_hbin = hbin;
1007                 if ( !hbin_contains_offset( hbin, nk->subkeys_off ) ) {
1008                         sub_hbin = lookup_hbin_block( file, nk->subkeys_off );
1009                         if ( !sub_hbin ) {
1010                                 DEBUG(0,("hbin_prs_key: Failed to find HBIN block containing subkey_offset [0x%x]\n", 
1011                                         nk->subkeys_off));
1012                                 return False;
1013                         }
1014                 }
1015                 
1016                 if ( !hbin_prs_lf_records( "lf_rec", sub_hbin, depth, nk ))
1017                         return False;
1018         }
1019 
1020         /* get the to the security descriptor.  First look if we have already parsed it */
1021         
1022         if ( (nk->sk_off!=REGF_OFFSET_NONE) && !( nk->sec_desc = find_sk_record_by_offset( file, nk->sk_off )) ) {
1023 
1024                 sub_hbin = hbin;
1025                 if ( !hbin_contains_offset( hbin, nk->sk_off ) ) {
1026                         sub_hbin = lookup_hbin_block( file, nk->sk_off );
1027                         if ( !sub_hbin ) {
1028                                 DEBUG(0,("hbin_prs_key: Failed to find HBIN block containing sk_offset [0x%x]\n", 
1029                                         nk->subkeys_off));
1030                                 return False;
1031                         }
1032                 }
1033                 
1034                 if ( !(nk->sec_desc = TALLOC_ZERO_P( file->mem_ctx, REGF_SK_REC )) )
1035                         return False;
1036                 nk->sec_desc->sk_off = nk->sk_off;
1037                 if ( !hbin_prs_sk_rec( "sk_rec", sub_hbin, depth, nk->sec_desc ))
1038                         return False;
1039                         
1040                 /* add to the list of security descriptors (ref_count has been read from the files) */
1041 
1042                 nk->sec_desc->sk_off = nk->sk_off;
1043                 DLIST_ADD( file->sec_desc_list, nk->sec_desc );
1044         }
1045                 
1046         return True;
1047 }
1048 
1049 /*******************************************************************
1050 *******************************************************************/
1051 
1052 static bool next_record( REGF_HBIN *hbin, const char *hdr, bool *eob )
     /* [<][>][^][v][top][bottom][index][help] */
1053 {
1054         uint8 header[REC_HDR_SIZE];
1055         uint32 record_size;
1056         uint32 curr_off, block_size;
1057         bool found = False;
1058         prs_struct *ps = &hbin->ps;
1059         
1060         curr_off = prs_offset( ps );
1061         if ( curr_off == 0 )
1062                 prs_set_offset( ps, HBIN_HEADER_REC_SIZE );
1063 
1064         /* assume that the current offset is at the record header 
1065            and we need to backup to read the record size */
1066 
1067         curr_off -= sizeof(uint32);
1068 
1069         block_size = prs_data_size( ps );
1070         record_size = 0;
1071         memset( header, 0x0, sizeof(uint8)*REC_HDR_SIZE );
1072         while ( !found ) {
1073 
1074                 curr_off = curr_off+record_size;
1075                 if ( curr_off >= block_size ) 
1076                         break;
1077 
1078                 if ( !prs_set_offset( &hbin->ps, curr_off) )
1079                         return False;
1080 
1081                 if ( !prs_uint32( "record_size", ps, 0, &record_size ) )
1082                         return False;
1083                 if ( !prs_uint8s( True, "header", ps, 0, header, REC_HDR_SIZE ) )
1084                         return False;
1085 
1086                 if ( record_size & 0x80000000 ) {
1087                         /* absolute_value(record_size) */
1088                         record_size = (record_size ^ 0xffffffff) + 1;
1089                 }
1090 
1091                 if ( memcmp( header, hdr, REC_HDR_SIZE ) == 0 ) {
1092                         found = True;
1093                         curr_off += sizeof(uint32);
1094                 }
1095         } 
1096 
1097         /* mark prs_struct as done ( at end ) if no more SK records */
1098         /* mark end-of-block as True */
1099         
1100         if ( !found ) {
1101                 prs_set_offset( &hbin->ps, prs_data_size(&hbin->ps) );
1102                 *eob = True;
1103                 return False;
1104         }
1105                 
1106         if ( !prs_set_offset( ps, curr_off ) )
1107                 return False;
1108 
1109         return True;
1110 }
1111 
1112 /*******************************************************************
1113 *******************************************************************/
1114 
1115 static bool next_nk_record( REGF_FILE *file, REGF_HBIN *hbin, REGF_NK_REC *nk, bool *eob )
     /* [<][>][^][v][top][bottom][index][help] */
1116 {
1117         if ( next_record( hbin, "nk", eob ) && hbin_prs_key( file, hbin, nk ) )
1118                 return True;
1119         
1120         return False;
1121 }
1122 
1123 /*******************************************************************
1124  Intialize the newly created REGF_BLOCK in *file and write the 
1125  block header to disk 
1126 *******************************************************************/
1127 
1128 static bool init_regf_block( REGF_FILE *file )
     /* [<][>][^][v][top][bottom][index][help] */
1129 {       
1130         prs_struct ps;
1131         bool result = True;
1132         
1133         if ( !prs_init( &ps, REGF_BLOCKSIZE, file->mem_ctx, MARSHALL ) )
1134                 return False;
1135                 
1136         memcpy( file->header, "regf", REGF_HDR_SIZE );
1137         file->data_offset = 0x20;
1138         file->last_block  = 0x1000;
1139         
1140         /* set mod time */
1141         
1142         unix_to_nt_time( &file->mtime, time(NULL) );
1143         
1144         /* hard coded values...no diea what these are ... maybe in time */
1145         
1146         file->unknown1 = 0x2;
1147         file->unknown2 = 0x1;
1148         file->unknown3 = 0x3;
1149         file->unknown4 = 0x0;
1150         file->unknown5 = 0x1;
1151         file->unknown6 = 0x1;
1152         
1153         /* write header to the buffer */
1154         
1155         if ( !prs_regf_block( "regf_header", &ps, 0, file ) ) {
1156                 result = False;
1157                 goto out;
1158         }
1159         
1160         /* calculate the checksum, re-marshall data (to include the checksum) 
1161            and write to disk */
1162         
1163         file->checksum = regf_block_checksum( &ps );
1164         prs_set_offset( &ps, 0 );
1165         if ( !prs_regf_block( "regf_header", &ps, 0, file ) ) {
1166                 result = False;
1167                 goto out;
1168         }
1169                 
1170         if ( write_block( file, &ps, 0 ) == -1 ) {
1171                 DEBUG(0,("init_regf_block: Failed to initialize registry header block!\n"));
1172                 result = False;
1173                 goto out;
1174         }
1175         
1176 out:
1177         prs_mem_free( &ps );
1178 
1179         return result;
1180 }
1181 /*******************************************************************
1182  Open the registry file and then read in the REGF block to get the 
1183  first hbin offset.
1184 *******************************************************************/
1185 
1186  REGF_FILE* regfio_open( const char *filename, int flags, int mode )
     /* [<][>][^][v][top][bottom][index][help] */
1187 {
1188         REGF_FILE *rb;
1189         
1190         if ( !(rb = SMB_MALLOC_P(REGF_FILE)) ) {
1191                 DEBUG(0,("ERROR allocating memory\n"));
1192                 return NULL;
1193         }
1194         ZERO_STRUCTP( rb );
1195         rb->fd = -1;
1196         
1197         if ( !(rb->mem_ctx = talloc_init( "read_regf_block" )) ) {
1198                 regfio_close( rb );
1199                 return NULL;
1200         }
1201 
1202         rb->open_flags = flags;
1203         
1204         /* open and existing file */
1205 
1206         if ( (rb->fd = open(filename, flags, mode)) == -1 ) {
1207                 DEBUG(0,("regfio_open: failure to open %s (%s)\n", filename, strerror(errno)));
1208                 regfio_close( rb );
1209                 return NULL;
1210         }
1211         
1212         /* check if we are creating a new file or overwriting an existing one */
1213                 
1214         if ( flags & (O_CREAT|O_TRUNC) ) {
1215                 if ( !init_regf_block( rb ) ) {
1216                         DEBUG(0,("regfio_open: Failed to read initial REGF block\n"));
1217                         regfio_close( rb );
1218                         return NULL;
1219                 }
1220                 
1221                 /* success */
1222                 return rb;
1223         }
1224         
1225         /* read in an existing file */
1226         
1227         if ( !read_regf_block( rb ) ) {
1228                 DEBUG(0,("regfio_open: Failed to read initial REGF block\n"));
1229                 regfio_close( rb );
1230                 return NULL;
1231         }
1232         
1233         /* success */
1234         
1235         return rb;
1236 }
1237 
1238 /*******************************************************************
1239 *******************************************************************/
1240 
1241 static void regfio_mem_free( REGF_FILE *file )
     /* [<][>][^][v][top][bottom][index][help] */
1242 {
1243         /* free any talloc()'d memory */
1244         
1245         if ( file && file->mem_ctx )
1246                 talloc_destroy( file->mem_ctx );        
1247 }
1248 
1249 /*******************************************************************
1250 *******************************************************************/
1251 
1252  int regfio_close( REGF_FILE *file )
     /* [<][>][^][v][top][bottom][index][help] */
1253 {
1254         int fd;
1255 
1256         /* cleanup for a file opened for write */
1257 
1258         if ((file->fd != -1) && (file->open_flags & (O_WRONLY|O_RDWR))) {
1259                 prs_struct ps;
1260                 REGF_SK_REC *sk;
1261 
1262                 /* write of sd list */
1263 
1264                 for ( sk=file->sec_desc_list; sk; sk=sk->next ) {
1265                         hbin_prs_sk_rec( "sk_rec", sk->hbin, 0, sk );
1266                 }
1267 
1268                 /* flush any dirty blocks */
1269 
1270                 while ( file->block_list ) {
1271                         hbin_block_close( file, file->block_list );
1272                 } 
1273 
1274                 ZERO_STRUCT( ps );
1275 
1276                 unix_to_nt_time( &file->mtime, time(NULL) );
1277 
1278                 if ( read_block( file, &ps, 0, REGF_BLOCKSIZE ) != -1 ) {
1279                         /* now use for writing */
1280                         prs_switch_type( &ps, MARSHALL );
1281 
1282                         /* stream the block once, generate the checksum, 
1283                            and stream it again */
1284                         prs_set_offset( &ps, 0 );
1285                         prs_regf_block( "regf_blocK", &ps, 0, file );
1286                         file->checksum = regf_block_checksum( &ps );
1287                         prs_set_offset( &ps, 0 );
1288                         prs_regf_block( "regf_blocK", &ps, 0, file );
1289 
1290                         /* now we are ready to write it to disk */
1291                         if ( write_block( file, &ps, 0 ) == -1 )
1292                                 DEBUG(0,("regfio_close: failed to update the regf header block!\n"));
1293                 }
1294 
1295                 prs_mem_free( &ps );
1296         }
1297         
1298         regfio_mem_free( file );
1299 
1300         /* nothing tdo do if there is no open file */
1301 
1302         if (file->fd == -1)
1303                 return 0;
1304                 
1305         fd = file->fd;
1306         file->fd = -1;
1307         SAFE_FREE( file );
1308 
1309         return close( fd );
1310 }
1311 
1312 /*******************************************************************
1313 *******************************************************************/
1314 
1315 static void regfio_flush( REGF_FILE *file )
     /* [<][>][^][v][top][bottom][index][help] */
1316 {
1317         REGF_HBIN *hbin;
1318 
1319         for ( hbin=file->block_list; hbin; hbin=hbin->next ) {
1320                 write_hbin_block( file, hbin );
1321         }
1322 }
1323 
1324 /*******************************************************************
1325  There should be only *one* root key in the registry file based 
1326  on my experience.  --jerry
1327 *******************************************************************/
1328 
1329 REGF_NK_REC* regfio_rootkey( REGF_FILE *file )
     /* [<][>][^][v][top][bottom][index][help] */
1330 {
1331         REGF_NK_REC *nk;
1332         REGF_HBIN   *hbin;
1333         uint32      offset = REGF_BLOCKSIZE;
1334         bool        found = False;
1335         bool        eob;
1336         
1337         if ( !file )
1338                 return NULL;
1339                 
1340         if ( !(nk = TALLOC_ZERO_P( file->mem_ctx, REGF_NK_REC )) ) {
1341                 DEBUG(0,("regfio_rootkey: talloc() failed!\n"));
1342                 return NULL;
1343         }
1344         
1345         /* scan through the file on HBIN block at a time looking 
1346            for an NK record with a type == 0x002c.
1347            Normally this is the first nk record in the first hbin 
1348            block (but I'm not assuming that for now) */
1349         
1350         while ( (hbin = read_hbin_block( file, offset )) ) {
1351                 eob = False;
1352 
1353                 while ( !eob) {
1354                         if ( next_nk_record( file, hbin, nk, &eob ) ) {
1355                                 if ( nk->key_type == NK_TYPE_ROOTKEY ) {
1356                                         found = True;
1357                                         break;
1358                                 }
1359                         }
1360                         prs_mem_free( &hbin->ps );
1361                 }
1362                 
1363                 if ( found ) 
1364                         break;
1365 
1366                 offset += hbin->block_size;
1367         }
1368         
1369         if ( !found ) {
1370                 DEBUG(0,("regfio_rootkey: corrupt registry file ?  No root key record located\n"));
1371                 return NULL;
1372         }
1373 
1374         DLIST_ADD( file->block_list, hbin );
1375 
1376         return nk;              
1377 }
1378 
1379 /*******************************************************************
1380  This acts as an interator over the subkeys defined for a given 
1381  NK record.  Remember that offsets are from the *first* HBIN block.
1382 *******************************************************************/
1383 
1384  REGF_NK_REC* regfio_fetch_subkey( REGF_FILE *file, REGF_NK_REC *nk )
     /* [<][>][^][v][top][bottom][index][help] */
1385 {
1386         REGF_NK_REC *subkey;
1387         REGF_HBIN   *hbin;
1388         uint32      nk_offset;
1389 
1390         /* see if there is anything left to report */
1391         
1392         if ( !nk || (nk->subkeys_off==REGF_OFFSET_NONE) || (nk->subkey_index >= nk->num_subkeys) )
1393                 return NULL;
1394 
1395         /* find the HBIN block which should contain the nk record */
1396         
1397         if ( !(hbin = lookup_hbin_block( file, nk->subkeys.hashes[nk->subkey_index].nk_off )) ) {
1398                 DEBUG(0,("hbin_prs_key: Failed to find HBIN block containing offset [0x%x]\n", 
1399                         nk->subkeys.hashes[nk->subkey_index].nk_off));
1400                 return NULL;
1401         }
1402         
1403         nk_offset = nk->subkeys.hashes[nk->subkey_index].nk_off;
1404         if ( !prs_set_offset( &hbin->ps, (HBIN_HDR_SIZE + nk_offset - hbin->first_hbin_off) ) )
1405                 return NULL;
1406                 
1407         nk->subkey_index++;
1408         if ( !(subkey = TALLOC_ZERO_P( file->mem_ctx, REGF_NK_REC )) )
1409                 return NULL;
1410                 
1411         if ( !hbin_prs_key( file, hbin, subkey ) )
1412                 return NULL;
1413         
1414         return subkey;
1415 }
1416 
1417 
1418 /*******************************************************************
1419 *******************************************************************/
1420 
1421 static REGF_HBIN* regf_hbin_allocate( REGF_FILE *file, uint32 block_size )
     /* [<][>][^][v][top][bottom][index][help] */
1422 {
1423         REGF_HBIN *hbin;
1424         SMB_STRUCT_STAT sbuf;
1425 
1426         if ( !(hbin = TALLOC_ZERO_P( file->mem_ctx, REGF_HBIN )) )
1427                 return NULL;
1428 
1429         memcpy( hbin->header, "hbin", sizeof(HBIN_HDR_SIZE) );
1430 
1431 
1432         if ( sys_fstat( file->fd, &sbuf ) ) {
1433                 DEBUG(0,("regf_hbin_allocate: stat() failed! (%s)\n", strerror(errno)));
1434                 return NULL;
1435         }
1436 
1437         hbin->file_off       = sbuf.st_size;
1438 
1439         hbin->free_off       = HBIN_HEADER_REC_SIZE;
1440         hbin->free_size      = block_size - hbin->free_off + sizeof(uint32);;
1441 
1442         hbin->block_size     = block_size;
1443         hbin->first_hbin_off = hbin->file_off - REGF_BLOCKSIZE;
1444 
1445         if ( !prs_init( &hbin->ps, block_size, file->mem_ctx, MARSHALL ) )
1446                 return NULL;
1447 
1448         if ( !prs_hbin_block( "new_hbin", &hbin->ps, 0, hbin ) )
1449                 return NULL;
1450 
1451         if ( !write_hbin_block( file, hbin ) )
1452                 return NULL;
1453 
1454         file->last_block = hbin->file_off;
1455 
1456         return hbin;
1457 }
1458 
1459 /*******************************************************************
1460 *******************************************************************/
1461 
1462 static void update_free_space( REGF_HBIN *hbin, uint32 size_used )
     /* [<][>][^][v][top][bottom][index][help] */
1463 {
1464         hbin->free_off  += size_used;
1465         hbin->free_size -= size_used;
1466 
1467         if ( hbin->free_off >= hbin->block_size ) {
1468                 hbin->free_off = REGF_OFFSET_NONE;
1469         }
1470 
1471         return;
1472 }
1473 
1474 /*******************************************************************
1475 *******************************************************************/
1476 
1477 static REGF_HBIN* find_free_space( REGF_FILE *file, uint32 size )
     /* [<][>][^][v][top][bottom][index][help] */
1478 {
1479         REGF_HBIN *hbin, *p_hbin;
1480         uint32 block_off;
1481         bool cached;
1482 
1483         /* check open block list */
1484 
1485         for ( hbin=file->block_list; hbin!=NULL; hbin=hbin->next ) {
1486                 /* only check blocks that actually have available space */
1487 
1488                 if ( hbin->free_off == REGF_OFFSET_NONE )
1489                         continue;
1490 
1491                 /* check for a large enough available chunk */
1492 
1493                 if ( (hbin->block_size - hbin->free_off) >= size ) {
1494                         DLIST_PROMOTE( file->block_list, hbin );
1495                         goto done;                      
1496                 }
1497         }
1498 
1499         /* parse the file until we find a block with 
1500            enough free space; save the last non-filled hbin */
1501 
1502         block_off = REGF_BLOCKSIZE;
1503         do {
1504                 /* cleanup before the next round */
1505                 cached = False;
1506                 if ( hbin )
1507                         prs_mem_free( &hbin->ps );
1508 
1509                 hbin = read_hbin_block( file, block_off );
1510 
1511                 if ( hbin ) {
1512 
1513                         /* make sure that we don't already have this block in memory */
1514 
1515                         for ( p_hbin=file->block_list; p_hbin!=NULL; p_hbin=p_hbin->next ) {
1516                                 if ( p_hbin->file_off == hbin->file_off ) {
1517                                         cached = True;  
1518                                         break;
1519                                 }
1520                         }
1521 
1522                         block_off = hbin->file_off + hbin->block_size;
1523 
1524                         if ( cached ) {
1525                                 prs_mem_free( &hbin->ps );
1526                                 hbin = NULL;
1527                                 continue;
1528                         }
1529                 }
1530         /* if (cached block or (new block and not enough free space)) then continue looping */
1531         } while ( cached || (hbin && (hbin->free_size < size)) );
1532         
1533         /* no free space; allocate a new one */
1534 
1535         if ( !hbin ) {
1536                 uint32 alloc_size;
1537 
1538                 /* allocate in multiples of REGF_ALLOC_BLOCK; make sure (size + hbin_header) fits */
1539 
1540                 alloc_size = (((size+HBIN_HEADER_REC_SIZE) / REGF_ALLOC_BLOCK ) + 1 ) * REGF_ALLOC_BLOCK;
1541 
1542                 if ( !(hbin = regf_hbin_allocate( file, alloc_size )) ) {
1543                         DEBUG(0,("find_free_space: regf_hbin_allocate() failed!\n"));
1544                         return NULL;
1545                 }
1546                 DLIST_ADD( file->block_list, hbin );
1547         }
1548 
1549 done:
1550         /* set the offset to be ready to write */
1551 
1552         if ( !prs_set_offset( &hbin->ps, hbin->free_off-sizeof(uint32) ) )
1553                 return NULL;
1554 
1555         /* write the record size as a placeholder for now, it should be
1556            probably updated by the caller once it all of the data necessary 
1557            for the record */
1558 
1559         if ( !prs_uint32("allocated_size", &hbin->ps, 0, &size) )
1560                 return False;
1561 
1562         update_free_space( hbin, size );
1563         
1564         return hbin;
1565 }
1566 
1567 /*******************************************************************
1568 *******************************************************************/
1569 
1570 static uint32 sk_record_data_size( SEC_DESC * sd )
     /* [<][>][^][v][top][bottom][index][help] */
1571 {
1572         uint32 size, size_mod8;
1573 
1574         size_mod8 = 0;
1575 
1576         /* the record size is sizeof(hdr) + name + static members + data_size_field */
1577 
1578         size = sizeof(uint32)*5 + ndr_size_security_descriptor(sd, NULL, 0) + sizeof(uint32);
1579 
1580         /* multiple of 8 */
1581         size_mod8 = size & 0xfffffff8;
1582         if ( size_mod8 < size )
1583                 size_mod8 += 8;
1584 
1585         return size_mod8;
1586 }
1587 
1588 /*******************************************************************
1589 *******************************************************************/
1590 
1591 static uint32 vk_record_data_size( REGF_VK_REC *vk )
     /* [<][>][^][v][top][bottom][index][help] */
1592 {
1593         uint32 size, size_mod8;
1594 
1595         size_mod8 = 0;
1596 
1597         /* the record size is sizeof(hdr) + name + static members + data_size_field */
1598 
1599         size = REC_HDR_SIZE + (sizeof(uint16)*3) + (sizeof(uint32)*3) + sizeof(uint32);
1600 
1601         if ( vk->valuename )
1602                 size += strlen(vk->valuename);
1603 
1604         /* multiple of 8 */
1605         size_mod8 = size & 0xfffffff8;
1606         if ( size_mod8 < size )
1607                 size_mod8 += 8;
1608 
1609         return size_mod8;
1610 }
1611 
1612 /*******************************************************************
1613 *******************************************************************/
1614 
1615 static uint32 lf_record_data_size( uint32 num_keys )
     /* [<][>][^][v][top][bottom][index][help] */
1616 {
1617         uint32 size, size_mod8;
1618 
1619         size_mod8 = 0;
1620 
1621         /* the record size is sizeof(hdr) + num_keys + sizeof of hash_array + data_size_uint32 */
1622 
1623         size = REC_HDR_SIZE + sizeof(uint16) + (sizeof(REGF_HASH_REC) * num_keys) + sizeof(uint32);
1624 
1625         /* multiple of 8 */
1626         size_mod8 = size & 0xfffffff8;
1627         if ( size_mod8 < size )
1628                 size_mod8 += 8;
1629 
1630         return size_mod8;
1631 }
1632 
1633 /*******************************************************************
1634 *******************************************************************/
1635 
1636 static uint32 nk_record_data_size( REGF_NK_REC *nk )
     /* [<][>][^][v][top][bottom][index][help] */
1637 {
1638         uint32 size, size_mod8;
1639 
1640         size_mod8 = 0;
1641 
1642         /* the record size is static + length_of_keyname + length_of_classname + data_size_uint32 */
1643 
1644         size = 0x4c + strlen(nk->keyname) + sizeof(uint32);
1645 
1646         if ( nk->classname )
1647                 size += strlen( nk->classname );
1648 
1649         /* multiple of 8 */
1650         size_mod8 = size & 0xfffffff8;
1651         if ( size_mod8 < size )
1652                 size_mod8 += 8;
1653 
1654         return size_mod8;
1655 }
1656 
1657 /*******************************************************************
1658 *******************************************************************/
1659 
1660 static bool create_vk_record( REGF_FILE *file, REGF_VK_REC *vk, REGISTRY_VALUE *value )
     /* [<][>][^][v][top][bottom][index][help] */
1661 {
1662         char *name = regval_name(value);
1663         REGF_HBIN *data_hbin;
1664 
1665         ZERO_STRUCTP( vk );
1666 
1667         memcpy( vk->header, "vk", REC_HDR_SIZE );
1668 
1669         if ( name ) {
1670                 vk->valuename = talloc_strdup( file->mem_ctx, regval_name(value) );
1671                 vk->flag = VK_FLAG_NAME_PRESENT;
1672         }
1673 
1674         vk->data_size = regval_size( value );
1675         vk->type      = regval_type( value );
1676 
1677         if ( vk->data_size > sizeof(uint32) ) {
1678                 uint32 data_size = ( (vk->data_size+sizeof(uint32)) & 0xfffffff8 ) + 8;
1679 
1680                 vk->data = (uint8 *)TALLOC_MEMDUP( file->mem_ctx,
1681                                                    regval_data_p(value),
1682                                                    vk->data_size );
1683                 if (vk->data == NULL) {
1684                         return False;
1685                 }
1686 
1687                 /* go ahead and store the offset....we'll pick this hbin block back up when 
1688                    we stream the data */
1689 
1690                 if ((data_hbin = find_free_space(file, data_size )) == NULL) {
1691                         return False;
1692                 }
1693                 vk->data_off = prs_offset( &data_hbin->ps ) + data_hbin->first_hbin_off - HBIN_HDR_SIZE;
1694         }
1695         else {
1696                 /* make sure we don't try to copy from a NULL value pointer */
1697 
1698                 if ( vk->data_size != 0 ) 
1699                         memcpy( &vk->data_off, regval_data_p(value), sizeof(uint32) );
1700                 vk->data_size |= VK_DATA_IN_OFFSET;             
1701         }
1702 
1703         return True;
1704 }
1705 
1706 /*******************************************************************
1707 *******************************************************************/
1708 
1709 static int hashrec_cmp( REGF_HASH_REC *h1, REGF_HASH_REC *h2 )
     /* [<][>][^][v][top][bottom][index][help] */
1710 {
1711         return StrCaseCmp( h1->fullname, h2->fullname );
1712 }
1713 
1714 /*******************************************************************
1715 *******************************************************************/
1716 
1717  REGF_NK_REC* regfio_write_key( REGF_FILE *file, const char *name, 
     /* [<][>][^][v][top][bottom][index][help] */
1718                                REGVAL_CTR *values, struct regsubkey_ctr *subkeys,
1719                                SEC_DESC *sec_desc, REGF_NK_REC *parent )
1720 {
1721         REGF_NK_REC *nk;
1722         REGF_HBIN *vlist_hbin = NULL;
1723         uint32 size;
1724 
1725         if ( !(nk = TALLOC_ZERO_P( file->mem_ctx, REGF_NK_REC )) )
1726                 return NULL;
1727 
1728         memcpy( nk->header, "nk", REC_HDR_SIZE );
1729 
1730         if ( !parent )
1731                 nk->key_type = NK_TYPE_ROOTKEY;
1732         else
1733                 nk->key_type = NK_TYPE_NORMALKEY;
1734 
1735         /* store the parent offset (or -1 if a the root key */
1736 
1737         nk->parent_off = parent ? (parent->hbin_off + parent->hbin->file_off - REGF_BLOCKSIZE - HBIN_HDR_SIZE ) : REGF_OFFSET_NONE;
1738 
1739         /* no classname currently */
1740 
1741         nk->classname_off = REGF_OFFSET_NONE;
1742         nk->classname = NULL;
1743         nk->keyname = talloc_strdup( file->mem_ctx, name );
1744 
1745         /* current modification time */
1746 
1747         unix_to_nt_time( &nk->mtime, time(NULL) );
1748 
1749         /* allocate the record on disk */
1750 
1751         size = nk_record_data_size( nk );
1752         nk->rec_size = ( size - 1 ) ^ 0XFFFFFFFF;
1753         if ((nk->hbin = find_free_space( file, size )) == NULL) {
1754                 return NULL;
1755         }
1756         nk->hbin_off = prs_offset( &nk->hbin->ps );
1757 
1758         /* Update the hash record in the parent */
1759         
1760         if ( parent ) {
1761                 REGF_HASH_REC *hash = &parent->subkeys.hashes[parent->subkey_index];
1762 
1763                 hash->nk_off = prs_offset( &nk->hbin->ps ) + nk->hbin->first_hbin_off - HBIN_HDR_SIZE;
1764                 memcpy( hash->keycheck, name, sizeof(uint32) );
1765                 hash->fullname = talloc_strdup( file->mem_ctx, name );
1766                 parent->subkey_index++;
1767 
1768                 /* sort the list by keyname */
1769 
1770                 qsort( parent->subkeys.hashes, parent->subkey_index, sizeof(REGF_HASH_REC), QSORT_CAST hashrec_cmp );
1771 
1772                 if ( !hbin_prs_lf_records( "lf_rec", parent->subkeys.hbin, 0, parent ) )
1773                         return False;
1774         }
1775 
1776         /* write the security descriptor */
1777 
1778         nk->sk_off = REGF_OFFSET_NONE;
1779         if ( sec_desc ) {
1780                 uint32 sk_size = sk_record_data_size( sec_desc );
1781                 REGF_HBIN *sk_hbin;
1782 
1783                 /* search for it in the existing list of sd's */
1784 
1785                 if ( (nk->sec_desc = find_sk_record_by_sec_desc( file, sec_desc )) == NULL ) {
1786                         /* not found so add it to the list */
1787 
1788                         if (!(sk_hbin = find_free_space( file, sk_size ))) {
1789                                 return NULL;
1790                         }
1791 
1792                         if ( !(nk->sec_desc = TALLOC_ZERO_P( file->mem_ctx, REGF_SK_REC )) )
1793                                 return NULL;
1794         
1795                         /* now we have to store the security descriptor in the list and 
1796                            update the offsets */
1797 
1798                         memcpy( nk->sec_desc->header, "sk", REC_HDR_SIZE );
1799                         nk->sec_desc->hbin      = sk_hbin;
1800                         nk->sec_desc->hbin_off  = prs_offset( &sk_hbin->ps );
1801                         nk->sec_desc->sk_off    = prs_offset( &sk_hbin->ps ) + sk_hbin->first_hbin_off - HBIN_HDR_SIZE;
1802                         nk->sec_desc->rec_size  = (sk_size-1)  ^ 0xFFFFFFFF;
1803 
1804                         nk->sec_desc->sec_desc  = sec_desc;
1805                         nk->sec_desc->ref_count = 0;
1806                         
1807                         /* size value must be self-inclusive */
1808                         nk->sec_desc->size      = ndr_size_security_descriptor(sec_desc, NULL, 0)
1809                                 + sizeof(uint32);
1810 
1811                         DLIST_ADD_END( file->sec_desc_list, nk->sec_desc, REGF_SK_REC *);
1812 
1813                         /* update the offsets for us and the previous sd in the list.
1814                            if this is the first record, then just set the next and prev
1815                            offsets to ourself. */
1816 
1817                         if ( nk->sec_desc->prev ) {
1818                                 REGF_SK_REC *prev = nk->sec_desc->prev;
1819 
1820                                 nk->sec_desc->prev_sk_off = prev->hbin_off + prev->hbin->first_hbin_off - HBIN_HDR_SIZE;
1821                                 prev->next_sk_off = nk->sec_desc->sk_off;
1822 
1823                                 /* the end must loop around to the front */
1824                                 nk->sec_desc->next_sk_off = file->sec_desc_list->sk_off;
1825 
1826                                 /* and first must loop around to the tail */
1827                                 file->sec_desc_list->prev_sk_off = nk->sec_desc->sk_off;
1828                         } else {
1829                                 nk->sec_desc->prev_sk_off = nk->sec_desc->sk_off;
1830                                 nk->sec_desc->next_sk_off = nk->sec_desc->sk_off;
1831                         }
1832                 }
1833 
1834                 /* bump the reference count +1 */
1835 
1836                 nk->sk_off = nk->sec_desc->sk_off;
1837                 nk->sec_desc->ref_count++;
1838         }
1839 
1840         /* write the subkeys */
1841 
1842         nk->subkeys_off = REGF_OFFSET_NONE;
1843         if ( (nk->num_subkeys = regsubkey_ctr_numkeys( subkeys )) != 0 ) {
1844                 uint32 lf_size = lf_record_data_size( nk->num_subkeys );
1845                 uint32 namelen;
1846                 int i;
1847                 
1848                 if (!(nk->subkeys.hbin = find_free_space( file, lf_size ))) {
1849                         return NULL;
1850                 }
1851                 nk->subkeys.hbin_off = prs_offset( &nk->subkeys.hbin->ps );
1852                 nk->subkeys.rec_size = (lf_size-1) ^ 0xFFFFFFFF;
1853                 nk->subkeys_off = prs_offset( &nk->subkeys.hbin->ps ) + nk->subkeys.hbin->first_hbin_off - HBIN_HDR_SIZE;
1854 
1855                 memcpy( nk->subkeys.header, "lf", REC_HDR_SIZE );
1856                 
1857                 nk->subkeys.num_keys = nk->num_subkeys;
1858                 if (nk->subkeys.num_keys) {
1859                         if ( !(nk->subkeys.hashes = TALLOC_ZERO_ARRAY( file->mem_ctx, REGF_HASH_REC, nk->subkeys.num_keys )) )
1860                                 return NULL;
1861                 } else {
1862                         nk->subkeys.hashes = NULL;
1863                 }
1864                 nk->subkey_index = 0;
1865 
1866                 /* update the max_bytes_subkey{name,classname} fields */
1867                 for ( i=0; i<nk->num_subkeys; i++ ) {
1868                         namelen = strlen( regsubkey_ctr_specific_key(subkeys, i) );
1869                         if ( namelen*2 > nk->max_bytes_subkeyname )
1870                                 nk->max_bytes_subkeyname = namelen * 2;
1871                 }
1872         }
1873 
1874         /* write the values */
1875 
1876         nk->values_off = REGF_OFFSET_NONE;
1877         if ( (nk->num_values = regval_ctr_numvals( values )) != 0 ) {
1878                 uint32 vlist_size = ( ( nk->num_values * sizeof(uint32) ) & 0xfffffff8 ) + 8;
1879                 int i;
1880                 
1881                 if (!(vlist_hbin = find_free_space( file, vlist_size ))) {
1882                         return NULL;
1883                 }
1884                 nk->values_off = prs_offset( &vlist_hbin->ps ) + vlist_hbin->first_hbin_off - HBIN_HDR_SIZE;
1885         
1886                 if (nk->num_values) {
1887                         if ( !(nk->values = TALLOC_ARRAY( file->mem_ctx, REGF_VK_REC, nk->num_values )) )
1888                                 return NULL;
1889                 } else {
1890                         nk->values = NULL;
1891                 }
1892 
1893                 /* create the vk records */
1894 
1895                 for ( i=0; i<nk->num_values; i++ ) {
1896                         uint32 vk_size, namelen, datalen;
1897                         REGISTRY_VALUE *r;
1898 
1899                         r = regval_ctr_specific_value( values, i );
1900                         create_vk_record( file, &nk->values[i], r );
1901                         vk_size = vk_record_data_size( &nk->values[i] );
1902                         nk->values[i].hbin = find_free_space( file, vk_size );
1903                         nk->values[i].hbin_off = prs_offset( &nk->values[i].hbin->ps );
1904                         nk->values[i].rec_size = ( vk_size - 1 ) ^ 0xFFFFFFFF;
1905                         nk->values[i].rec_off = prs_offset( &nk->values[i].hbin->ps ) 
1906                                 + nk->values[i].hbin->first_hbin_off 
1907                                 - HBIN_HDR_SIZE;
1908 
1909                         /* update the max bytes fields if necessary */
1910 
1911                         namelen = strlen( regval_name(r) );
1912                         if ( namelen*2 > nk->max_bytes_valuename )
1913                                 nk->max_bytes_valuename = namelen * 2;
1914 
1915                         datalen = regval_size( r );
1916                         if ( datalen > nk->max_bytes_value )
1917                                 nk->max_bytes_value = datalen;
1918                 }
1919         }
1920 
1921         /* stream the records */        
1922         
1923         prs_set_offset( &nk->hbin->ps, nk->hbin_off );
1924         if ( !prs_nk_rec( "nk_rec", &nk->hbin->ps, 0, nk ) )
1925                 return False;
1926 
1927         if ( nk->num_values ) {
1928                 if ( !hbin_prs_vk_records( "vk_records", vlist_hbin, 0, nk, file ) )
1929                         return False;
1930         }
1931 
1932 
1933         regfio_flush( file );
1934 
1935         return nk;
1936 }
1937 

/* [<][>][^][v][top][bottom][index][help] */