2
* Unix SMB/CIFS implementation.
3
* Windows NT registry I/O library
4
* Copyright (c) Gerald (Jerry) Carter 2005
6
* This program is free software; you can redistribute it and/or modify
7
* it under the terms of the GNU General Public License as published by
8
* the Free Software Foundation; either version 2 of the License, or
9
* (at your option) any later version.
11
* This program is distributed in the hope that it will be useful,
12
* but WITHOUT ANY WARRANTY; without even the implied warranty of
13
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14
* GNU General Public License for more details.
16
* You should have received a copy of the GNU General Public License
17
* along with this program; if not, write to the Free Software
18
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24
/*******************************************************************
26
* TODO : Right now this code basically ignores classnames.
28
******************************************************************/
31
/*******************************************************************
32
*******************************************************************/
34
static int write_block( REGF_FILE *file, prs_struct *ps, uint32 offset )
36
int bytes_written, returned;
37
char *buffer = prs_data_p( ps );
38
uint32 buffer_size = prs_data_size( ps );
44
/* check for end of file */
46
if ( sys_fstat( file->fd, &sbuf ) ) {
47
DEBUG(0,("write_block: stat() failed! (%s)\n", strerror(errno)));
51
if ( lseek( file->fd, offset, SEEK_SET ) == -1 ) {
52
DEBUG(0,("write_block: lseek() failed! (%s)\n", strerror(errno) ));
56
bytes_written = returned = 0;
57
while ( bytes_written < buffer_size ) {
58
if ( (returned = write( file->fd, buffer+bytes_written, buffer_size-bytes_written )) == -1 ) {
59
DEBUG(0,("write_block: write() failed! (%s)\n", strerror(errno) ));
63
bytes_written += returned;
69
/*******************************************************************
70
*******************************************************************/
72
static int read_block( REGF_FILE *file, prs_struct *ps, uint32 file_offset, uint32 block_size )
74
int bytes_read, returned;
78
/* check for end of file */
80
if ( sys_fstat( file->fd, &sbuf ) ) {
81
DEBUG(0,("read_block: stat() failed! (%s)\n", strerror(errno)));
85
if ( (size_t)file_offset >= sbuf.st_size )
88
/* if block_size == 0, we are parsing HBIN records and need
89
to read some of the header to get the block_size from there */
91
if ( block_size == 0 ) {
94
if ( lseek( file->fd, file_offset, SEEK_SET ) == -1 ) {
95
DEBUG(0,("read_block: lseek() failed! (%s)\n", strerror(errno) ));
99
returned = read( file->fd, hdr, 0x20 );
100
if ( (returned == -1) || (returned < 0x20) ) {
101
DEBUG(0,("read_block: failed to read in HBIN header. Is the file corrupt?\n"));
105
/* make sure this is an hbin header */
107
if ( strncmp( hdr, "hbin", HBIN_HDR_SIZE ) != 0 ) {
108
DEBUG(0,("read_block: invalid block header!\n"));
112
block_size = IVAL( hdr, 0x08 );
115
DEBUG(10,("read_block: block_size == 0x%x\n", block_size ));
117
/* set the offset, initialize the buffer, and read the block from disk */
119
if ( lseek( file->fd, file_offset, SEEK_SET ) == -1 ) {
120
DEBUG(0,("read_block: lseek() failed! (%s)\n", strerror(errno) ));
124
prs_init( ps, block_size, file->mem_ctx, UNMARSHALL );
125
buffer = prs_data_p( ps );
126
bytes_read = returned = 0;
128
while ( bytes_read < block_size ) {
129
if ( (returned = read( file->fd, buffer+bytes_read, block_size-bytes_read )) == -1 ) {
130
DEBUG(0,("read_block: read() failed (%s)\n", strerror(errno) ));
133
if ( (returned == 0) && (bytes_read < block_size) ) {
134
DEBUG(0,("read_block: not a vald registry file ?\n" ));
138
bytes_read += returned;
144
/*******************************************************************
145
*******************************************************************/
147
static BOOL write_hbin_block( REGF_FILE *file, REGF_HBIN *hbin )
152
/* write free space record if any is available */
154
if ( hbin->free_off != REGF_OFFSET_NONE ) {
155
uint32 header = 0xffffffff;
157
if ( !prs_set_offset( &hbin->ps, hbin->free_off-sizeof(uint32) ) )
159
if ( !prs_uint32( "free_size", &hbin->ps, 0, &hbin->free_size ) )
161
if ( !prs_uint32( "free_header", &hbin->ps, 0, &header ) )
165
hbin->dirty = (write_block( file, &hbin->ps, hbin->file_off ) != -1);
170
/*******************************************************************
171
*******************************************************************/
173
static BOOL hbin_block_close( REGF_FILE *file, REGF_HBIN *hbin )
177
/* remove the block from the open list and flush it to disk */
179
for ( p=file->block_list; p && p!=hbin; p=p->next )
183
DLIST_REMOVE( file->block_list, hbin );
186
DEBUG(0,("hbin_block_close: block not in open list!\n"));
188
if ( !write_hbin_block( file, hbin ) )
194
/*******************************************************************
195
*******************************************************************/
197
static BOOL prs_regf_block( const char *desc, prs_struct *ps, int depth, REGF_FILE *file )
199
prs_debug(ps, depth, desc, "prs_regf_block");
202
if ( !prs_uint8s( True, "header", ps, depth, (uint8*)file->header, sizeof( file->header )) )
205
/* yes, these values are always identical so store them only once */
207
if ( !prs_uint32( "unknown1", ps, depth, &file->unknown1 ))
209
if ( !prs_uint32( "unknown1 (again)", ps, depth, &file->unknown1 ))
212
/* get the modtime */
214
if ( !prs_set_offset( ps, 0x0c ) )
216
if ( !smb_io_time( "modtime", &file->mtime, ps, depth ) )
221
if ( !prs_uint32( "unknown2", ps, depth, &file->unknown2 ))
223
if ( !prs_uint32( "unknown3", ps, depth, &file->unknown3 ))
225
if ( !prs_uint32( "unknown4", ps, depth, &file->unknown4 ))
227
if ( !prs_uint32( "unknown5", ps, depth, &file->unknown5 ))
230
/* get file offsets */
232
if ( !prs_set_offset( ps, 0x24 ) )
234
if ( !prs_uint32( "data_offset", ps, depth, &file->data_offset ))
236
if ( !prs_uint32( "last_block", ps, depth, &file->last_block ))
239
/* one more constant */
241
if ( !prs_uint32( "unknown6", ps, depth, &file->unknown6 ))
244
/* get the checksum */
246
if ( !prs_set_offset( ps, 0x01fc ) )
248
if ( !prs_uint32( "checksum", ps, depth, &file->checksum ))
254
/*******************************************************************
255
*******************************************************************/
257
static BOOL prs_hbin_block( const char *desc, prs_struct *ps, int depth, REGF_HBIN *hbin )
261
prs_debug(ps, depth, desc, "prs_regf_block");
264
if ( !prs_uint8s( True, "header", ps, depth, (uint8*)hbin->header, sizeof( hbin->header )) )
267
if ( !prs_uint32( "first_hbin_off", ps, depth, &hbin->first_hbin_off ))
270
/* The dosreg.cpp comments say that the block size is at 0x1c.
271
According to a WINXP NTUSER.dat file, this is wrong. The block_size
274
if ( !prs_uint32( "block_size", ps, depth, &hbin->block_size ))
277
block_size2 = hbin->block_size;
278
prs_set_offset( ps, 0x1c );
279
if ( !prs_uint32( "block_size2", ps, depth, &block_size2 ))
282
if ( MARSHALLING(ps) )
289
/*******************************************************************
290
*******************************************************************/
292
static BOOL prs_nk_rec( const char *desc, prs_struct *ps, int depth, REGF_NK_REC *nk )
294
uint16 class_length, name_length;
296
uint32 data_size, start_off, end_off;
297
uint32 unknown_off = REGF_OFFSET_NONE;
299
nk->hbin_off = prs_offset( ps );
300
start = nk->hbin_off;
302
prs_debug(ps, depth, desc, "prs_nk_rec");
305
/* back up and get the data_size */
307
if ( !prs_set_offset( ps, prs_offset(ps)-sizeof(uint32)) )
309
start_off = prs_offset( ps );
310
if ( !prs_uint32( "rec_size", ps, depth, &nk->rec_size ))
313
if ( !prs_uint8s( True, "header", ps, depth, (uint8*)nk->header, sizeof( nk->header )) )
316
if ( !prs_uint16( "key_type", ps, depth, &nk->key_type ))
318
if ( !smb_io_time( "mtime", &nk->mtime, ps, depth ))
321
if ( !prs_set_offset( ps, start+0x0010 ) )
323
if ( !prs_uint32( "parent_off", ps, depth, &nk->parent_off ))
325
if ( !prs_uint32( "num_subkeys", ps, depth, &nk->num_subkeys ))
328
if ( !prs_set_offset( ps, start+0x001c ) )
330
if ( !prs_uint32( "subkeys_off", ps, depth, &nk->subkeys_off ))
332
if ( !prs_uint32( "unknown_off", ps, depth, &unknown_off) )
335
if ( !prs_set_offset( ps, start+0x0024 ) )
337
if ( !prs_uint32( "num_values", ps, depth, &nk->num_values ))
339
if ( !prs_uint32( "values_off", ps, depth, &nk->values_off ))
341
if ( !prs_uint32( "sk_off", ps, depth, &nk->sk_off ))
343
if ( !prs_uint32( "classname_off", ps, depth, &nk->classname_off ))
346
if ( !prs_uint32( "max_bytes_subkeyname", ps, depth, &nk->max_bytes_subkeyname))
348
if ( !prs_uint32( "max_bytes_subkeyclassname", ps, depth, &nk->max_bytes_subkeyclassname))
350
if ( !prs_uint32( "max_bytes_valuename", ps, depth, &nk->max_bytes_valuename))
352
if ( !prs_uint32( "max_bytes_value", ps, depth, &nk->max_bytes_value))
354
if ( !prs_uint32( "unknown index", ps, depth, &nk->unk_index))
357
name_length = nk->keyname ? strlen(nk->keyname) : 0 ;
358
class_length = nk->classname ? strlen(nk->classname) : 0 ;
359
if ( !prs_uint16( "name_length", ps, depth, &name_length ))
361
if ( !prs_uint16( "class_length", ps, depth, &class_length ))
364
if ( class_length ) {
369
if ( UNMARSHALLING(ps) ) {
370
if ( !(nk->keyname = PRS_ALLOC_MEM( ps, char, name_length+1 )) )
374
if ( !prs_uint8s( True, "name", ps, depth, (uint8*)nk->keyname, name_length) )
377
if ( UNMARSHALLING(ps) )
378
nk->keyname[name_length] = '\0';
381
end_off = prs_offset( ps );
383
/* data_size must be divisible by 8 and large enough to hold the original record */
385
data_size = ((start_off - end_off) & 0xfffffff8 );
386
if ( data_size > nk->rec_size )
387
DEBUG(10,("Encountered reused record (0x%x < 0x%x)\n", data_size, nk->rec_size));
389
if ( MARSHALLING(ps) )
390
nk->hbin->dirty = True;
395
/*******************************************************************
396
*******************************************************************/
398
static uint32 regf_block_checksum( prs_struct *ps )
400
char *buffer = prs_data_p( ps );
404
/* XOR of all bytes 0x0000 - 0x01FB */
408
for ( i=0; i<0x01FB; i+=4 ) {
409
x = IVAL(buffer, i );
416
/*******************************************************************
417
*******************************************************************/
419
static BOOL read_regf_block( REGF_FILE *file )
424
/* grab the first block from the file */
426
if ( read_block( file, &ps, 0, REGF_BLOCKSIZE ) == -1 )
429
/* parse the block and verify the checksum */
431
if ( !prs_regf_block( "regf_header", &ps, 0, file ) )
434
checksum = regf_block_checksum( &ps );
438
if ( file->checksum != checksum ) {
439
DEBUG(0,("read_regf_block: invalid checksum\n" ));
446
/*******************************************************************
447
*******************************************************************/
449
static REGF_HBIN* read_hbin_block( REGF_FILE *file, off_t offset )
452
uint32 record_size, curr_off, block_size, header;
454
if ( !(hbin = TALLOC_ZERO_P(file->mem_ctx, REGF_HBIN)) )
456
hbin->file_off = offset;
459
if ( read_block( file, &hbin->ps, offset, 0 ) == -1 )
462
if ( !prs_hbin_block( "hbin", &hbin->ps, 0, hbin ) )
465
/* this should be the same thing as hbin->block_size but just in case */
467
block_size = prs_data_size( &hbin->ps );
469
/* Find the available free space offset. Always at the end,
470
so walk the record list and stop when you get to the end.
471
The end is defined by a record header of 0xffffffff. The
472
previous 4 bytes contains the amount of free space remaining
473
in the hbin block. */
475
/* remember that the record_size is in the 4 bytes preceeding the record itself */
477
if ( !prs_set_offset( &hbin->ps, file->data_offset+HBIN_HDR_SIZE-sizeof(uint32) ) )
482
curr_off = prs_offset( &hbin->ps );
483
while ( header != 0xffffffff ) {
484
/* not done yet so reset the current offset to the
485
next record_size field */
487
curr_off = curr_off+record_size;
489
/* for some reason the record_size of the last record in
490
an hbin block can extend past the end of the block
491
even though the record fits within the remaining
492
space....aaarrrgggghhhhhh */
494
if ( curr_off >= block_size ) {
500
if ( !prs_set_offset( &hbin->ps, curr_off) )
503
if ( !prs_uint32( "rec_size", &hbin->ps, 0, &record_size ) )
505
if ( !prs_uint32( "header", &hbin->ps, 0, &header ) )
508
SMB_ASSERT( record_size != 0 );
510
if ( record_size & 0x80000000 ) {
511
/* absolute_value(record_size) */
512
record_size = (record_size ^ 0xffffffff) + 1;
516
/* save the free space offset */
518
if ( header == 0xffffffff ) {
520
/* account for the fact that the curr_off is 4 bytes behind the actual
523
hbin->free_off = curr_off + sizeof(uint32);
524
hbin->free_size = record_size;
527
DEBUG(10,("read_hbin_block: free space offset == 0x%x\n", hbin->free_off));
529
if ( !prs_set_offset( &hbin->ps, file->data_offset+HBIN_HDR_SIZE ) )
535
/*******************************************************************
536
Input a random offset and receive the corresponding HBIN
538
*******************************************************************/
540
static BOOL hbin_contains_offset( REGF_HBIN *hbin, uint32 offset )
545
if ( (offset > hbin->first_hbin_off) && (offset < (hbin->first_hbin_off+hbin->block_size)) )
551
/*******************************************************************
552
Input a random offset and receive the corresponding HBIN
554
*******************************************************************/
556
static REGF_HBIN* lookup_hbin_block( REGF_FILE *file, uint32 offset )
558
REGF_HBIN *hbin = NULL;
561
/* start with the open list */
563
for ( hbin=file->block_list; hbin; hbin=hbin->next ) {
564
DEBUG(10,("lookup_hbin_block: address = 0x%x [0x%lx]\n", hbin->file_off, (unsigned long)hbin ));
565
if ( hbin_contains_offset( hbin, offset ) )
570
/* start at the beginning */
572
block_off = REGF_BLOCKSIZE;
574
/* cleanup before the next round */
576
prs_mem_free( &hbin->ps );
578
hbin = read_hbin_block( file, block_off );
581
block_off = hbin->file_off + hbin->block_size;
583
} while ( hbin && !hbin_contains_offset( hbin, offset ) );
587
DLIST_ADD( file->block_list, hbin );
592
/*******************************************************************
593
*******************************************************************/
595
static BOOL prs_hash_rec( const char *desc, prs_struct *ps, int depth, REGF_HASH_REC *hash )
597
prs_debug(ps, depth, desc, "prs_hash_rec");
600
if ( !prs_uint32( "nk_off", ps, depth, &hash->nk_off ))
602
if ( !prs_uint8s( True, "keycheck", ps, depth, hash->keycheck, sizeof( hash->keycheck )) )
608
/*******************************************************************
609
*******************************************************************/
611
static BOOL hbin_prs_lf_records( const char *desc, REGF_HBIN *hbin, int depth, REGF_NK_REC *nk )
614
REGF_LF_REC *lf = &nk->subkeys;
615
uint32 data_size, start_off, end_off;
617
prs_debug(&hbin->ps, depth, desc, "prs_lf_records");
620
/* check if we have anything to do first */
622
if ( nk->num_subkeys == 0 )
625
/* move to the LF record */
627
if ( !prs_set_offset( &hbin->ps, nk->subkeys_off + HBIN_HDR_SIZE - hbin->first_hbin_off ) )
630
/* backup and get the data_size */
632
if ( !prs_set_offset( &hbin->ps, prs_offset(&hbin->ps)-sizeof(uint32)) )
634
start_off = prs_offset( &hbin->ps );
635
if ( !prs_uint32( "rec_size", &hbin->ps, depth, &lf->rec_size ))
638
if ( !prs_uint8s( True, "header", &hbin->ps, depth, (uint8*)lf->header, sizeof( lf->header )) )
641
if ( !prs_uint16( "num_keys", &hbin->ps, depth, &lf->num_keys))
644
if ( UNMARSHALLING(&hbin->ps) ) {
645
if ( !(lf->hashes = PRS_ALLOC_MEM( &hbin->ps, REGF_HASH_REC, lf->num_keys )) )
649
for ( i=0; i<lf->num_keys; i++ ) {
650
if ( !prs_hash_rec( "hash_rec", &hbin->ps, depth, &lf->hashes[i] ) )
654
end_off = prs_offset( &hbin->ps );
656
/* data_size must be divisible by 8 and large enough to hold the original record */
658
data_size = ((start_off - end_off) & 0xfffffff8 );
659
if ( data_size > lf->rec_size )
660
DEBUG(10,("Encountered reused record (0x%x < 0x%x)\n", data_size, lf->rec_size));
662
if ( MARSHALLING(&hbin->ps) )
668
/*******************************************************************
669
*******************************************************************/
671
static BOOL hbin_prs_sk_rec( const char *desc, REGF_HBIN *hbin, int depth, REGF_SK_REC *sk )
673
prs_struct *ps = &hbin->ps;
675
uint32 data_size, start_off, end_off;
678
prs_debug(ps, depth, desc, "hbin_prs_sk_rec");
681
if ( !prs_set_offset( &hbin->ps, sk->sk_off + HBIN_HDR_SIZE - hbin->first_hbin_off ) )
684
/* backup and get the data_size */
686
if ( !prs_set_offset( &hbin->ps, prs_offset(&hbin->ps)-sizeof(uint32)) )
688
start_off = prs_offset( &hbin->ps );
689
if ( !prs_uint32( "rec_size", &hbin->ps, depth, &sk->rec_size ))
692
if ( !prs_uint8s( True, "header", ps, depth, (uint8*)sk->header, sizeof( sk->header )) )
694
if ( !prs_uint16( "tag", ps, depth, &tag))
697
if ( !prs_uint32( "prev_sk_off", ps, depth, &sk->prev_sk_off))
699
if ( !prs_uint32( "next_sk_off", ps, depth, &sk->next_sk_off))
701
if ( !prs_uint32( "ref_count", ps, depth, &sk->ref_count))
703
if ( !prs_uint32( "size", ps, depth, &sk->size))
706
if ( !sec_io_desc( "sec_desc", &sk->sec_desc, ps, depth ))
709
end_off = prs_offset( &hbin->ps );
711
/* data_size must be divisible by 8 and large enough to hold the original record */
713
data_size = ((start_off - end_off) & 0xfffffff8 );
714
if ( data_size > sk->rec_size )
715
DEBUG(10,("Encountered reused record (0x%x < 0x%x)\n", data_size, sk->rec_size));
717
if ( MARSHALLING(&hbin->ps) )
723
/*******************************************************************
724
*******************************************************************/
726
static BOOL hbin_prs_vk_rec( const char *desc, REGF_HBIN *hbin, int depth, REGF_VK_REC *vk, REGF_FILE *file )
730
prs_struct *ps = &hbin->ps;
731
uint32 data_size, start_off, end_off;
733
prs_debug(ps, depth, desc, "prs_vk_rec");
736
/* backup and get the data_size */
738
if ( !prs_set_offset( &hbin->ps, prs_offset(&hbin->ps)-sizeof(uint32)) )
740
start_off = prs_offset( &hbin->ps );
741
if ( !prs_uint32( "rec_size", &hbin->ps, depth, &vk->rec_size ))
744
if ( !prs_uint8s( True, "header", ps, depth, (uint8*)vk->header, sizeof( vk->header )) )
747
if ( MARSHALLING(&hbin->ps) )
748
name_length = strlen(vk->valuename);
750
if ( !prs_uint16( "name_length", ps, depth, &name_length ))
752
if ( !prs_uint32( "data_size", ps, depth, &vk->data_size ))
754
if ( !prs_uint32( "data_off", ps, depth, &vk->data_off ))
756
if ( !prs_uint32( "type", ps, depth, &vk->type))
758
if ( !prs_uint16( "flag", ps, depth, &vk->flag))
761
offset = prs_offset( ps );
762
offset += 2; /* skip 2 bytes */
763
prs_set_offset( ps, offset );
767
if ( vk->flag&VK_FLAG_NAME_PRESENT ) {
769
if ( UNMARSHALLING(&hbin->ps) ) {
770
if ( !(vk->valuename = PRS_ALLOC_MEM( ps, char, name_length+1 )))
773
if ( !prs_uint8s( True, "name", ps, depth, (uint8*)vk->valuename, name_length ) )
777
end_off = prs_offset( &hbin->ps );
779
/* get the data if necessary */
781
if ( vk->data_size != 0 ) {
782
BOOL charmode = False;
784
if ( (vk->type == REG_SZ) || (vk->type == REG_MULTI_SZ) )
787
/* the data is stored in the offset if the size <= 4 */
789
if ( !(vk->data_size & VK_DATA_IN_OFFSET) ) {
790
REGF_HBIN *hblock = hbin;
791
uint32 data_rec_size;
793
if ( UNMARSHALLING(&hbin->ps) ) {
794
if ( !(vk->data = PRS_ALLOC_MEM( ps, uint8, vk->data_size) ) )
798
/* this data can be in another hbin */
799
if ( !hbin_contains_offset( hbin, vk->data_off ) ) {
800
if ( !(hblock = lookup_hbin_block( file, vk->data_off )) )
803
if ( !(prs_set_offset( &hblock->ps, (vk->data_off+HBIN_HDR_SIZE-hblock->first_hbin_off)-sizeof(uint32) )) )
806
if ( MARSHALLING(&hblock->ps) ) {
807
data_rec_size = ( (vk->data_size+sizeof(uint32)) & 0xfffffff8 ) + 8;
808
data_rec_size = ( data_rec_size - 1 ) ^ 0xFFFFFFFF;
810
if ( !prs_uint32( "data_rec_size", &hblock->ps, depth, &data_rec_size ))
812
if ( !prs_uint8s( charmode, "data", &hblock->ps, depth, vk->data, vk->data_size) )
815
if ( MARSHALLING(&hblock->ps) )
816
hblock->dirty = True;
819
if ( !(vk->data = PRS_ALLOC_MEM( ps, uint8, 4 ) ) )
821
SIVAL( vk->data, 0, vk->data_off );
826
/* data_size must be divisible by 8 and large enough to hold the original record */
828
data_size = ((start_off - end_off ) & 0xfffffff8 );
829
if ( data_size != vk->rec_size )
830
DEBUG(10,("prs_vk_rec: data_size check failed (0x%x < 0x%x)\n", data_size, vk->rec_size));
832
if ( MARSHALLING(&hbin->ps) )
838
/*******************************************************************
839
read a VK record which is contained in the HBIN block stored
840
in the prs_struct *ps.
841
*******************************************************************/
843
static BOOL hbin_prs_vk_records( const char *desc, REGF_HBIN *hbin, int depth, REGF_NK_REC *nk, REGF_FILE *file )
848
prs_debug(&hbin->ps, depth, desc, "prs_vk_records");
851
/* check if we have anything to do first */
853
if ( nk->num_values == 0 )
856
if ( UNMARSHALLING(&hbin->ps) ) {
857
if ( !(nk->values = PRS_ALLOC_MEM( &hbin->ps, REGF_VK_REC, nk->num_values ) ) )
861
/* convert the offset to something relative to this HBIN block */
863
if ( !prs_set_offset( &hbin->ps, nk->values_off+HBIN_HDR_SIZE-hbin->first_hbin_off-sizeof(uint32)) )
866
if ( MARSHALLING( &hbin->ps) ) {
867
record_size = ( ( nk->num_values * sizeof(uint32) ) & 0xfffffff8 ) + 8;
868
record_size = (record_size - 1) ^ 0xFFFFFFFF;
871
if ( !prs_uint32( "record_size", &hbin->ps, depth, &record_size ) )
874
for ( i=0; i<nk->num_values; i++ ) {
875
if ( !prs_uint32( "vk_off", &hbin->ps, depth, &nk->values[i].rec_off ) )
879
for ( i=0; i<nk->num_values; i++ ) {
880
REGF_HBIN *sub_hbin = hbin;
883
if ( !hbin_contains_offset( hbin, nk->values[i].rec_off ) ) {
884
sub_hbin = lookup_hbin_block( file, nk->values[i].rec_off );
886
DEBUG(0,("hbin_prs_vk_records: Failed to find HBIN block containing offset [0x%x]\n",
887
nk->values[i].hbin_off));
892
new_offset = nk->values[i].rec_off + HBIN_HDR_SIZE - sub_hbin->first_hbin_off;
893
if ( !prs_set_offset( &sub_hbin->ps, new_offset ) )
895
if ( !hbin_prs_vk_rec( "vk_rec", sub_hbin, depth, &nk->values[i], file ) )
899
if ( MARSHALLING(&hbin->ps) )
907
/*******************************************************************
908
*******************************************************************/
910
static REGF_SK_REC* find_sk_record_by_offset( REGF_FILE *file, uint32 offset )
914
for ( p_sk=file->sec_desc_list; p_sk; p_sk=p_sk->next ) {
915
if ( p_sk->sk_off == offset )
922
/*******************************************************************
923
*******************************************************************/
925
static REGF_SK_REC* find_sk_record_by_sec_desc( REGF_FILE *file, SEC_DESC *sd )
929
for ( p=file->sec_desc_list; p; p=p->next ) {
930
if ( sec_desc_equal( p->sec_desc, sd ) )
939
/*******************************************************************
940
*******************************************************************/
942
static BOOL hbin_prs_key( REGF_FILE *file, REGF_HBIN *hbin, REGF_NK_REC *nk )
947
prs_debug(&hbin->ps, depth, "", "fetch_key");
950
/* get the initial nk record */
952
if ( !prs_nk_rec( "nk_rec", &hbin->ps, depth, nk ))
957
if ( nk->num_values && (nk->values_off!=REGF_OFFSET_NONE) ) {
959
if ( !hbin_contains_offset( hbin, nk->values_off ) ) {
960
sub_hbin = lookup_hbin_block( file, nk->values_off );
962
DEBUG(0,("hbin_prs_key: Failed to find HBIN block containing value_list_offset [0x%x]\n",
968
if ( !hbin_prs_vk_records( "vk_rec", sub_hbin, depth, nk, file ))
972
/* now get subkeys */
974
if ( nk->num_subkeys && (nk->subkeys_off!=REGF_OFFSET_NONE) ) {
976
if ( !hbin_contains_offset( hbin, nk->subkeys_off ) ) {
977
sub_hbin = lookup_hbin_block( file, nk->subkeys_off );
979
DEBUG(0,("hbin_prs_key: Failed to find HBIN block containing subkey_offset [0x%x]\n",
985
if ( !hbin_prs_lf_records( "lf_rec", sub_hbin, depth, nk ))
989
/* get the to the security descriptor. First look if we have already parsed it */
991
if ( (nk->sk_off!=REGF_OFFSET_NONE) && !( nk->sec_desc = find_sk_record_by_offset( file, nk->sk_off )) ) {
994
if ( !hbin_contains_offset( hbin, nk->sk_off ) ) {
995
sub_hbin = lookup_hbin_block( file, nk->sk_off );
997
DEBUG(0,("hbin_prs_key: Failed to find HBIN block containing sk_offset [0x%x]\n",
1003
if ( !(nk->sec_desc = TALLOC_ZERO_P( file->mem_ctx, REGF_SK_REC )) )
1005
nk->sec_desc->sk_off = nk->sk_off;
1006
if ( !hbin_prs_sk_rec( "sk_rec", sub_hbin, depth, nk->sec_desc ))
1009
/* add to the list of security descriptors (ref_count has been read from the files) */
1011
nk->sec_desc->sk_off = nk->sk_off;
1012
DLIST_ADD( file->sec_desc_list, nk->sec_desc );
1018
/*******************************************************************
1019
*******************************************************************/
1021
static BOOL next_record( REGF_HBIN *hbin, const char *hdr, BOOL *eob )
1023
uint8 header[REC_HDR_SIZE];
1025
uint32 curr_off, block_size;
1027
prs_struct *ps = &hbin->ps;
1029
curr_off = prs_offset( ps );
1030
if ( curr_off == 0 )
1031
prs_set_offset( ps, HBIN_HEADER_REC_SIZE );
1033
/* assume that the current offset is at the record header
1034
and we need to backup to read the record size */
1036
curr_off -= sizeof(uint32);
1038
block_size = prs_data_size( ps );
1040
memset( header, 0x0, sizeof(uint8)*REC_HDR_SIZE );
1043
curr_off = curr_off+record_size;
1044
if ( curr_off >= block_size )
1047
if ( !prs_set_offset( &hbin->ps, curr_off) )
1050
if ( !prs_uint32( "record_size", ps, 0, &record_size ) )
1052
if ( !prs_uint8s( True, "header", ps, 0, header, REC_HDR_SIZE ) )
1055
if ( record_size & 0x80000000 ) {
1056
/* absolute_value(record_size) */
1057
record_size = (record_size ^ 0xffffffff) + 1;
1060
if ( memcmp( header, hdr, REC_HDR_SIZE ) == 0 ) {
1062
curr_off += sizeof(uint32);
1066
/* mark prs_struct as done ( at end ) if no more SK records */
1067
/* mark end-of-block as True */
1070
prs_set_offset( &hbin->ps, prs_data_size(&hbin->ps) );
1075
if ( !prs_set_offset( ps, curr_off ) )
1081
/*******************************************************************
1082
*******************************************************************/
1084
static BOOL next_nk_record( REGF_FILE *file, REGF_HBIN *hbin, REGF_NK_REC *nk, BOOL *eob )
1086
if ( next_record( hbin, "nk", eob ) && hbin_prs_key( file, hbin, nk ) )
1092
/*******************************************************************
1093
Intialize the newly created REGF_BLOCK in *file and write the
1094
block header to disk
1095
*******************************************************************/
1097
static BOOL init_regf_block( REGF_FILE *file )
1102
if ( !prs_init( &ps, REGF_BLOCKSIZE, file->mem_ctx, MARSHALL ) )
1105
memcpy( file->header, "regf", REGF_HDR_SIZE );
1106
file->data_offset = 0x20;
1107
file->last_block = 0x1000;
1111
unix_to_nt_time( &file->mtime, time(NULL) );
1113
/* hard coded values...no diea what these are ... maybe in time */
1115
file->unknown1 = 0x2;
1116
file->unknown2 = 0x1;
1117
file->unknown3 = 0x3;
1118
file->unknown4 = 0x0;
1119
file->unknown5 = 0x1;
1120
file->unknown6 = 0x1;
1122
/* write header to the buffer */
1124
if ( !prs_regf_block( "regf_header", &ps, 0, file ) ) {
1129
/* calculate the checksum, re-marshall data (to include the checksum)
1130
and write to disk */
1132
file->checksum = regf_block_checksum( &ps );
1133
prs_set_offset( &ps, 0 );
1134
if ( !prs_regf_block( "regf_header", &ps, 0, file ) ) {
1139
if ( write_block( file, &ps, 0 ) == -1 ) {
1140
DEBUG(0,("init_regf_block: Failed to initialize registry header block!\n"));
1146
prs_mem_free( &ps );
1150
/*******************************************************************
1151
Open the registry file and then read in the REGF block to get the
1153
*******************************************************************/
1155
REGF_FILE* regfio_open( const char *filename, int flags, int mode )
1159
if ( !(rb = SMB_MALLOC_P(REGF_FILE)) ) {
1160
DEBUG(0,("ERROR allocating memory\n"));
1166
if ( !(rb->mem_ctx = talloc_init( "read_regf_block" )) ) {
1171
rb->open_flags = flags;
1173
/* open and existing file */
1175
if ( (rb->fd = open(filename, flags, mode)) == -1 ) {
1176
DEBUG(0,("regfio_open: failure to open %s (%s)\n", filename, strerror(errno)));
1181
/* check if we are creating a new file or overwriting an existing one */
1183
if ( flags & (O_CREAT|O_TRUNC) ) {
1184
if ( !init_regf_block( rb ) ) {
1185
DEBUG(0,("regfio_open: Failed to read initial REGF block\n"));
1194
/* read in an existing file */
1196
if ( !read_regf_block( rb ) ) {
1197
DEBUG(0,("regfio_open: Failed to read initial REGF block\n"));
1207
/*******************************************************************
1208
*******************************************************************/
1210
static void regfio_mem_free( REGF_FILE *file )
1212
/* free any talloc()'d memory */
1214
if ( file && file->mem_ctx )
1215
talloc_destroy( file->mem_ctx );
1218
/*******************************************************************
1219
*******************************************************************/
1221
int regfio_close( REGF_FILE *file )
1225
/* cleanup for a file opened for write */
1227
if ( file->open_flags & (O_WRONLY|O_RDWR) ) {
1231
/* write of sd list */
1233
for ( sk=file->sec_desc_list; sk; sk=sk->next ) {
1234
hbin_prs_sk_rec( "sk_rec", sk->hbin, 0, sk );
1237
/* flush any dirty blocks */
1239
while ( file->block_list ) {
1240
hbin_block_close( file, file->block_list );
1245
unix_to_nt_time( &file->mtime, time(NULL) );
1247
if ( read_block( file, &ps, 0, REGF_BLOCKSIZE ) != -1 ) {
1248
/* now use for writing */
1249
prs_switch_type( &ps, MARSHALL );
1251
/* stream the block once, generate the checksum,
1252
and stream it again */
1253
prs_set_offset( &ps, 0 );
1254
prs_regf_block( "regf_blocK", &ps, 0, file );
1255
file->checksum = regf_block_checksum( &ps );
1256
prs_set_offset( &ps, 0 );
1257
prs_regf_block( "regf_blocK", &ps, 0, file );
1259
/* now we are ready to write it to disk */
1260
if ( write_block( file, &ps, 0 ) == -1 )
1261
DEBUG(0,("regfio_close: failed to update the regf header block!\n"));
1264
prs_mem_free( &ps );
1267
regfio_mem_free( file );
1269
/* nothing tdo do if there is no open file */
1271
if ( !file || (file->fd == -1) )
1281
/*******************************************************************
1282
*******************************************************************/
1284
static void regfio_flush( REGF_FILE *file )
1288
for ( hbin=file->block_list; hbin; hbin=hbin->next ) {
1289
write_hbin_block( file, hbin );
1293
/*******************************************************************
1294
There should be only *one* root key in the registry file based
1295
on my experience. --jerry
1296
*******************************************************************/
1298
REGF_NK_REC* regfio_rootkey( REGF_FILE *file )
1302
uint32 offset = REGF_BLOCKSIZE;
1309
if ( !(nk = TALLOC_ZERO_P( file->mem_ctx, REGF_NK_REC )) ) {
1310
DEBUG(0,("regfio_rootkey: talloc() failed!\n"));
1314
/* scan through the file on HBIN block at a time looking
1315
for an NK record with a type == 0x002c.
1316
Normally this is the first nk record in the first hbin
1317
block (but I'm not assuming that for now) */
1319
while ( (hbin = read_hbin_block( file, offset )) ) {
1323
if ( next_nk_record( file, hbin, nk, &eob ) ) {
1324
if ( nk->key_type == NK_TYPE_ROOTKEY ) {
1329
prs_mem_free( &hbin->ps );
1335
offset += hbin->block_size;
1339
DEBUG(0,("regfio_rootkey: corrupt registry file ? No root key record located\n"));
1343
DLIST_ADD( file->block_list, hbin );
1348
/*******************************************************************
1349
This acts as an interator over the subkeys defined for a given
1350
NK record. Remember that offsets are from the *first* HBIN block.
1351
*******************************************************************/
1353
REGF_NK_REC* regfio_fetch_subkey( REGF_FILE *file, REGF_NK_REC *nk )
1355
REGF_NK_REC *subkey;
1359
/* see if there is anything left to report */
1361
if ( !nk || (nk->subkeys_off==REGF_OFFSET_NONE) || (nk->subkey_index >= nk->num_subkeys) )
1364
/* find the HBIN block which should contain the nk record */
1366
if ( !(hbin = lookup_hbin_block( file, nk->subkeys.hashes[nk->subkey_index].nk_off )) ) {
1367
DEBUG(0,("hbin_prs_key: Failed to find HBIN block containing offset [0x%x]\n",
1368
nk->subkeys.hashes[nk->subkey_index].nk_off));
1372
nk_offset = nk->subkeys.hashes[nk->subkey_index].nk_off;
1373
if ( !prs_set_offset( &hbin->ps, (HBIN_HDR_SIZE + nk_offset - hbin->first_hbin_off) ) )
1377
if ( !(subkey = TALLOC_ZERO_P( file->mem_ctx, REGF_NK_REC )) )
1380
if ( !hbin_prs_key( file, hbin, subkey ) )
1387
/*******************************************************************
1388
*******************************************************************/
1390
static REGF_HBIN* regf_hbin_allocate( REGF_FILE *file, uint32 block_size )
1393
SMB_STRUCT_STAT sbuf;
1395
if ( !(hbin = TALLOC_ZERO_P( file->mem_ctx, REGF_HBIN )) )
1398
memcpy( hbin->header, "hbin", sizeof(HBIN_HDR_SIZE) );
1401
if ( sys_fstat( file->fd, &sbuf ) ) {
1402
DEBUG(0,("regf_hbin_allocate: stat() failed! (%s)\n", strerror(errno)));
1406
hbin->file_off = sbuf.st_size;
1408
hbin->free_off = HBIN_HEADER_REC_SIZE;
1409
hbin->free_size = block_size - hbin->free_off + sizeof(uint32);;
1411
hbin->block_size = block_size;
1412
hbin->first_hbin_off = hbin->file_off - REGF_BLOCKSIZE;
1414
if ( !prs_init( &hbin->ps, block_size, file->mem_ctx, MARSHALL ) )
1417
if ( !prs_hbin_block( "new_hbin", &hbin->ps, 0, hbin ) )
1420
if ( !write_hbin_block( file, hbin ) )
1423
file->last_block = hbin->file_off;
1428
/*******************************************************************
1429
*******************************************************************/
1431
static void update_free_space( REGF_HBIN *hbin, uint32 size_used )
1433
hbin->free_off += size_used;
1434
hbin->free_size -= size_used;
1436
if ( hbin->free_off >= hbin->block_size ) {
1437
hbin->free_off = REGF_OFFSET_NONE;
1443
/*******************************************************************
1444
*******************************************************************/
1446
static REGF_HBIN* find_free_space( REGF_FILE *file, uint32 size )
1448
REGF_HBIN *hbin, *p_hbin;
1452
/* check open block list */
1454
for ( hbin=file->block_list; hbin!=NULL; hbin=hbin->next ) {
1455
/* only check blocks that actually have available space */
1457
if ( hbin->free_off == REGF_OFFSET_NONE )
1460
/* check for a large enough available chunk */
1462
if ( (hbin->block_size - hbin->free_off) >= size ) {
1463
DLIST_PROMOTE( file->block_list, hbin );
1468
/* parse the file until we find a block with
1469
enough free space; save the last non-filled hbin */
1471
block_off = REGF_BLOCKSIZE;
1473
/* cleanup before the next round */
1476
prs_mem_free( &hbin->ps );
1478
hbin = read_hbin_block( file, block_off );
1482
/* make sure that we don't already have this block in memory */
1484
for ( p_hbin=file->block_list; p_hbin!=NULL; p_hbin=p_hbin->next ) {
1485
if ( p_hbin->file_off == hbin->file_off ) {
1491
block_off = hbin->file_off + hbin->block_size;
1494
prs_mem_free( &hbin->ps );
1499
/* if (cached block or (new block and not enough free space)) then continue looping */
1500
} while ( cached || (hbin && (hbin->free_size < size)) );
1502
/* no free space; allocate a new one */
1507
/* allocate in multiples of REGF_ALLOC_BLOCK; make sure (size + hbin_header) fits */
1509
alloc_size = (((size+HBIN_HEADER_REC_SIZE) / REGF_ALLOC_BLOCK ) + 1 ) * REGF_ALLOC_BLOCK;
1511
if ( !(hbin = regf_hbin_allocate( file, alloc_size )) ) {
1512
DEBUG(0,("find_free_space: regf_hbin_allocate() failed!\n"));
1515
DLIST_ADD( file->block_list, hbin );
1519
/* set the offset to be ready to write */
1521
if ( !prs_set_offset( &hbin->ps, hbin->free_off-sizeof(uint32) ) )
1524
/* write the record size as a placeholder for now, it should be
1525
probably updated by the caller once it all of the data necessary
1528
if ( !prs_uint32("allocated_size", &hbin->ps, 0, &size) )
1531
update_free_space( hbin, size );
1536
/*******************************************************************
1537
*******************************************************************/
1539
static uint32 sk_record_data_size( SEC_DESC * sd )
1541
uint32 size, size_mod8;
1545
/* the record size is sizeof(hdr) + name + static members + data_size_field */
1547
size = sizeof(uint32)*5 + sec_desc_size( sd ) + sizeof(uint32);
1550
size_mod8 = size & 0xfffffff8;
1551
if ( size_mod8 < size )
1557
/*******************************************************************
1558
*******************************************************************/
1560
static uint32 vk_record_data_size( REGF_VK_REC *vk )
1562
uint32 size, size_mod8;
1566
/* the record size is sizeof(hdr) + name + static members + data_size_field */
1568
size = REC_HDR_SIZE + (sizeof(uint16)*3) + (sizeof(uint32)*3) + sizeof(uint32);
1570
if ( vk->valuename )
1571
size += strlen(vk->valuename);
1574
size_mod8 = size & 0xfffffff8;
1575
if ( size_mod8 < size )
1581
/*******************************************************************
1582
*******************************************************************/
1584
static uint32 lf_record_data_size( uint32 num_keys )
1586
uint32 size, size_mod8;
1590
/* the record size is sizeof(hdr) + num_keys + sizeof of hash_array + data_size_uint32 */
1592
size = REC_HDR_SIZE + sizeof(uint16) + (sizeof(REGF_HASH_REC) * num_keys) + sizeof(uint32);
1595
size_mod8 = size & 0xfffffff8;
1596
if ( size_mod8 < size )
1602
/*******************************************************************
1603
*******************************************************************/
1605
static uint32 nk_record_data_size( REGF_NK_REC *nk )
1607
uint32 size, size_mod8;
1611
/* the record size is static + length_of_keyname + length_of_classname + data_size_uint32 */
1613
size = 0x4c + strlen(nk->keyname) + sizeof(uint32);
1615
if ( nk->classname )
1616
size += strlen( nk->classname );
1619
size_mod8 = size & 0xfffffff8;
1620
if ( size_mod8 < size )
1626
/*******************************************************************
1627
*******************************************************************/
1629
static BOOL create_vk_record( REGF_FILE *file, REGF_VK_REC *vk, REGISTRY_VALUE *value )
1631
char *name = regval_name(value);
1632
REGF_HBIN *data_hbin;
1636
memcpy( vk->header, "vk", REC_HDR_SIZE );
1639
vk->valuename = talloc_strdup( file->mem_ctx, regval_name(value) );
1640
vk->flag = VK_FLAG_NAME_PRESENT;
1643
vk->data_size = regval_size( value );
1644
vk->type = regval_type( value );
1646
if ( vk->data_size > sizeof(uint32) ) {
1647
uint32 data_size = ( (vk->data_size+sizeof(uint32)) & 0xfffffff8 ) + 8;
1649
vk->data = TALLOC_MEMDUP( file->mem_ctx, regval_data_p(value), vk->data_size );
1650
if (vk->data == NULL) {
1654
/* go ahead and store the offset....we'll pick this hbin block back up when
1655
we stream the data */
1657
if ((data_hbin = find_free_space(file, data_size )) == NULL) {
1660
vk->data_off = prs_offset( &data_hbin->ps ) + data_hbin->first_hbin_off - HBIN_HDR_SIZE;
1663
/* make sure we don't try to copy from a NULL value pointer */
1665
if ( vk->data_size != 0 )
1666
memcpy( &vk->data_off, regval_data_p(value), sizeof(uint32) );
1667
vk->data_size |= VK_DATA_IN_OFFSET;
1673
/*******************************************************************
1674
*******************************************************************/
1676
static int hashrec_cmp( REGF_HASH_REC *h1, REGF_HASH_REC *h2 )
1678
return StrCaseCmp( h1->fullname, h2->fullname );
1681
/*******************************************************************
1682
*******************************************************************/
1684
REGF_NK_REC* regfio_write_key( REGF_FILE *file, const char *name,
1685
REGVAL_CTR *values, REGSUBKEY_CTR *subkeys,
1686
SEC_DESC *sec_desc, REGF_NK_REC *parent )
1689
REGF_HBIN *vlist_hbin = NULL;
1692
if ( !(nk = TALLOC_ZERO_P( file->mem_ctx, REGF_NK_REC )) )
1695
memcpy( nk->header, "nk", REC_HDR_SIZE );
1698
nk->key_type = NK_TYPE_ROOTKEY;
1700
nk->key_type = NK_TYPE_NORMALKEY;
1702
/* store the parent offset (or -1 if a the root key */
1704
nk->parent_off = parent ? (parent->hbin_off + parent->hbin->file_off - REGF_BLOCKSIZE - HBIN_HDR_SIZE ) : REGF_OFFSET_NONE;
1706
/* no classname currently */
1708
nk->classname_off = REGF_OFFSET_NONE;
1709
nk->classname = NULL;
1710
nk->keyname = talloc_strdup( file->mem_ctx, name );
1712
/* current modification time */
1714
unix_to_nt_time( &nk->mtime, time(NULL) );
1716
/* allocate the record on disk */
1718
size = nk_record_data_size( nk );
1719
nk->rec_size = ( size - 1 ) ^ 0XFFFFFFFF;
1720
if ((nk->hbin = find_free_space( file, size )) == NULL) {
1723
nk->hbin_off = prs_offset( &nk->hbin->ps );
1725
/* Update the hash record in the parent */
1728
REGF_HASH_REC *hash = &parent->subkeys.hashes[parent->subkey_index];
1730
hash->nk_off = prs_offset( &nk->hbin->ps ) + nk->hbin->first_hbin_off - HBIN_HDR_SIZE;
1731
memcpy( hash->keycheck, name, sizeof(uint32) );
1732
hash->fullname = talloc_strdup( file->mem_ctx, name );
1733
parent->subkey_index++;
1735
/* sort the list by keyname */
1737
qsort( parent->subkeys.hashes, parent->subkey_index, sizeof(REGF_HASH_REC), QSORT_CAST hashrec_cmp );
1739
if ( !hbin_prs_lf_records( "lf_rec", parent->subkeys.hbin, 0, parent ) )
1743
/* write the security descriptor */
1745
nk->sk_off = REGF_OFFSET_NONE;
1747
uint32 sk_size = sk_record_data_size( sec_desc );
1749
REGF_SK_REC *tmp = NULL;
1751
/* search for it in the existing list of sd's */
1753
if ( (nk->sec_desc = find_sk_record_by_sec_desc( file, sec_desc )) == NULL ) {
1754
/* not found so add it to the list */
1756
if (!(sk_hbin = find_free_space( file, sk_size ))) {
1760
if ( !(nk->sec_desc = TALLOC_ZERO_P( file->mem_ctx, REGF_SK_REC )) )
1763
/* now we have to store the security descriptor in the list and
1764
update the offsets */
1766
memcpy( nk->sec_desc->header, "sk", REC_HDR_SIZE );
1767
nk->sec_desc->hbin = sk_hbin;
1768
nk->sec_desc->hbin_off = prs_offset( &sk_hbin->ps );
1769
nk->sec_desc->sk_off = prs_offset( &sk_hbin->ps ) + sk_hbin->first_hbin_off - HBIN_HDR_SIZE;
1770
nk->sec_desc->rec_size = (sk_size-1) ^ 0xFFFFFFFF;
1772
nk->sec_desc->sec_desc = sec_desc;
1773
nk->sec_desc->ref_count = 0;
1775
/* size value must be self-inclusive */
1776
nk->sec_desc->size = sec_desc_size(sec_desc) + sizeof(uint32);
1778
DLIST_ADD_END( file->sec_desc_list, nk->sec_desc, tmp );
1780
/* update the offsets for us and the previous sd in the list.
1781
if this is the first record, then just set the next and prev
1782
offsets to ourself. */
1784
if ( nk->sec_desc->prev ) {
1785
REGF_SK_REC *prev = nk->sec_desc->prev;
1787
nk->sec_desc->prev_sk_off = prev->hbin_off + prev->hbin->first_hbin_off - HBIN_HDR_SIZE;
1788
prev->next_sk_off = nk->sec_desc->sk_off;
1790
/* the end must loop around to the front */
1791
nk->sec_desc->next_sk_off = file->sec_desc_list->sk_off;
1793
/* and first must loop around to the tail */
1794
file->sec_desc_list->prev_sk_off = nk->sec_desc->sk_off;
1796
nk->sec_desc->prev_sk_off = nk->sec_desc->sk_off;
1797
nk->sec_desc->next_sk_off = nk->sec_desc->sk_off;
1801
/* bump the reference count +1 */
1803
nk->sk_off = nk->sec_desc->sk_off;
1804
nk->sec_desc->ref_count++;
1807
/* write the subkeys */
1809
nk->subkeys_off = REGF_OFFSET_NONE;
1810
if ( (nk->num_subkeys = regsubkey_ctr_numkeys( subkeys )) != 0 ) {
1811
uint32 lf_size = lf_record_data_size( nk->num_subkeys );
1815
if (!(nk->subkeys.hbin = find_free_space( file, lf_size ))) {
1818
nk->subkeys.hbin_off = prs_offset( &nk->subkeys.hbin->ps );
1819
nk->subkeys.rec_size = (lf_size-1) ^ 0xFFFFFFFF;
1820
nk->subkeys_off = prs_offset( &nk->subkeys.hbin->ps ) + nk->subkeys.hbin->first_hbin_off - HBIN_HDR_SIZE;
1822
memcpy( nk->subkeys.header, "lf", REC_HDR_SIZE );
1824
nk->subkeys.num_keys = nk->num_subkeys;
1825
if ( !(nk->subkeys.hashes = TALLOC_ZERO_ARRAY( file->mem_ctx, REGF_HASH_REC, nk->subkeys.num_keys )) )
1827
nk->subkey_index = 0;
1829
/* update the max_bytes_subkey{name,classname} fields */
1830
for ( i=0; i<nk->num_subkeys; i++ ) {
1831
namelen = strlen( regsubkey_ctr_specific_key(subkeys, i) );
1832
if ( namelen*2 > nk->max_bytes_subkeyname )
1833
nk->max_bytes_subkeyname = namelen * 2;
1837
/* write the values */
1839
nk->values_off = REGF_OFFSET_NONE;
1840
if ( (nk->num_values = regval_ctr_numvals( values )) != 0 ) {
1841
uint32 vlist_size = ( ( nk->num_values * sizeof(uint32) ) & 0xfffffff8 ) + 8;
1844
if (!(vlist_hbin = find_free_space( file, vlist_size ))) {
1847
nk->values_off = prs_offset( &vlist_hbin->ps ) + vlist_hbin->first_hbin_off - HBIN_HDR_SIZE;
1849
if ( !(nk->values = TALLOC_ARRAY( file->mem_ctx, REGF_VK_REC, nk->num_values )) )
1852
/* create the vk records */
1854
for ( i=0; i<nk->num_values; i++ ) {
1855
uint32 vk_size, namelen, datalen;
1858
r = regval_ctr_specific_value( values, i );
1859
create_vk_record( file, &nk->values[i], r );
1860
vk_size = vk_record_data_size( &nk->values[i] );
1861
nk->values[i].hbin = find_free_space( file, vk_size );
1862
nk->values[i].hbin_off = prs_offset( &nk->values[i].hbin->ps );
1863
nk->values[i].rec_size = ( vk_size - 1 ) ^ 0xFFFFFFFF;
1864
nk->values[i].rec_off = prs_offset( &nk->values[i].hbin->ps )
1865
+ nk->values[i].hbin->first_hbin_off
1868
/* update the max bytes fields if necessary */
1870
namelen = strlen( regval_name(r) );
1871
if ( namelen*2 > nk->max_bytes_valuename )
1872
nk->max_bytes_valuename = namelen * 2;
1874
datalen = regval_size( r );
1875
if ( datalen > nk->max_bytes_value )
1876
nk->max_bytes_value = datalen;
1880
/* stream the records */
1882
prs_set_offset( &nk->hbin->ps, nk->hbin_off );
1883
if ( !prs_nk_rec( "nk_rec", &nk->hbin->ps, 0, nk ) )
1886
if ( nk->num_values ) {
1887
if ( !hbin_prs_vk_records( "vk_records", vlist_hbin, 0, nk, file ) )
1892
regfio_flush( file );