/* Samba CIFS implementation Registry backend for REGF files Copyright (C) 2005-2007 Jelmer Vernooij, jelmer@samba.org Copyright (C) 2006-2010 Wilco Baan Hofman, wilco@baanhofman.nl This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ #include "includes.h" #include "system/filesys.h" #include "system/time.h" #include "lib/registry/tdr_regf.h" #include "librpc/gen_ndr/ndr_security.h" #include "librpc/gen_ndr/winreg.h" #include "lib/registry/registry.h" #include "libcli/security/security.h" static struct hive_operations reg_backend_regf; /** * There are several places on the web where the REGF format is explained; * * TODO: Links */ /* TODO: * - Return error codes that make more sense * - Locking * - do more things in-memory */ /* * Read HBIN blocks into memory */ struct regf_data { int fd; struct hbin_block **hbins; struct regf_hdr *header; time_t last_write; }; static WERROR regf_save_hbin(struct regf_data *data, bool flush); struct regf_key_data { struct hive_key key; struct regf_data *hive; uint32_t offset; struct nk_block *nk; }; static struct hbin_block *hbin_by_offset(const struct regf_data *data, uint32_t offset, uint32_t *rel_offset) { unsigned int i; for (i = 0; data->hbins[i]; i++) { if (offset >= data->hbins[i]->offset_from_first && offset < data->hbins[i]->offset_from_first+ data->hbins[i]->offset_to_next) { if (rel_offset != NULL) *rel_offset = offset - data->hbins[i]->offset_from_first - 0x20; return data->hbins[i]; } } return NULL; } /** * Validate a regf header * For now, do nothing, but we should check the checksum */ static uint32_t regf_hdr_checksum(const uint8_t *buffer) { uint32_t checksum = 0, x; unsigned int i; for (i = 0; i < 0x01FB; i+= 4) { x = IVAL(buffer, i); checksum ^= x; } return checksum; } /** * Obtain the contents of a HBIN block */ static DATA_BLOB hbin_get(const struct regf_data *data, uint32_t offset) { DATA_BLOB ret; struct hbin_block *hbin; uint32_t rel_offset; ret.data = NULL; ret.length = 0; hbin = hbin_by_offset(data, offset, &rel_offset); if (hbin == NULL) { DEBUG(1, ("Can't find HBIN at 0x%04x\n", offset)); return ret; } ret.length = IVAL(hbin->data, rel_offset); if (!(ret.length & 0x80000000)) { DEBUG(0, ("Trying to use dirty block at 0x%04x\n", offset)); return ret; } /* remove high bit */ ret.length = (ret.length ^ 0xffffffff) + 1; ret.length -= 4; /* 4 bytes for the length... */ ret.data = hbin->data + (offset - hbin->offset_from_first - 0x20) + 4; return ret; } static bool hbin_get_tdr(struct regf_data *regf, uint32_t offset, TALLOC_CTX *ctx, tdr_pull_fn_t pull_fn, void *p) { struct tdr_pull *pull = tdr_pull_init(regf); pull->data = hbin_get(regf, offset); if (!pull->data.data) { DEBUG(1, ("Unable to get data at 0x%04x\n", offset)); talloc_free(pull); return false; } if (NT_STATUS_IS_ERR(pull_fn(pull, ctx, p))) { DEBUG(1, ("Error parsing record at 0x%04x using tdr\n", offset)); talloc_free(pull); return false; } talloc_free(pull); return true; } /* Allocate some new data */ static DATA_BLOB hbin_alloc(struct regf_data *data, uint32_t size, uint32_t *offset) { DATA_BLOB ret; uint32_t rel_offset = (uint32_t) -1; /* Relative offset ! */ struct hbin_block *hbin = NULL; unsigned int i; *offset = 0; if (size == 0) return data_blob(NULL, 0); size += 4; /* Need to include int32 for the length */ /* Allocate as a multiple of 8 */ size = (size + 7) & ~7; ret.data = NULL; ret.length = 0; for (i = 0; (hbin = data->hbins[i]); i++) { int j; int32_t my_size; for (j = 0; j < hbin->offset_to_next-0x20; j+= my_size) { my_size = IVALS(hbin->data, j); if (my_size == 0x0) { DEBUG(0, ("Invalid zero-length block! File is corrupt.\n")); return ret; } if (my_size % 8 != 0) { DEBUG(0, ("Encountered non-aligned block!\n")); } if (my_size < 0) { /* Used... */ my_size = -my_size; } else if (my_size == size) { /* exact match */ rel_offset = j; DEBUG(4, ("Found free block of exact size %d in middle of HBIN\n", size)); break; } else if (my_size > size) { /* data will remain */ rel_offset = j; /* Split this block and mark the next block as free */ SIVAL(hbin->data, rel_offset+size, my_size-size); DEBUG(4, ("Found free block of size %d (needing %d) in middle of HBIN\n", my_size, size)); break; } } if (rel_offset != -1) break; } /* No space available in previous hbins, * allocate new one */ if (data->hbins[i] == NULL) { DEBUG(4, ("No space available in other HBINs for block of size %d, allocating new HBIN\n", size)); /* Add extra hbin block */ data->hbins = talloc_realloc(data, data->hbins, struct hbin_block *, i+2); hbin = talloc(data->hbins, struct hbin_block); SMB_ASSERT(hbin != NULL); data->hbins[i] = hbin; data->hbins[i+1] = NULL; /* Set hbin data */ hbin->HBIN_ID = talloc_strdup(hbin, "hbin"); hbin->offset_from_first = (i == 0?0:data->hbins[i-1]->offset_from_first+data->hbins[i-1]->offset_to_next); hbin->offset_to_next = 0x1000; hbin->unknown[0] = 0; hbin->unknown[1] = 0; unix_to_nt_time(&hbin->last_change, time(NULL)); hbin->block_size = hbin->offset_to_next; hbin->data = talloc_zero_array(hbin, uint8_t, hbin->block_size - 0x20); /* Update the regf header */ data->header->last_block += hbin->offset_to_next; /* Set the next block to it's proper size and set the * rel_offset for this block */ SIVAL(hbin->data, size, hbin->block_size - size - 0x20); rel_offset = 0x0; } /* Set size and mark as used */ SIVAL(hbin->data, rel_offset, -size); ret.data = hbin->data + rel_offset + 0x4; /* Skip past length */ ret.length = size - 0x4; if (offset) { uint32_t new_rel_offset; *offset = hbin->offset_from_first + rel_offset + 0x20; SMB_ASSERT(hbin_by_offset(data, *offset, &new_rel_offset) == hbin); SMB_ASSERT(new_rel_offset == rel_offset); } return ret; } /* Store a data blob. Return the offset at which it was stored */ static uint32_t hbin_store (struct regf_data *data, DATA_BLOB blob) { uint32_t ret; DATA_BLOB dest = hbin_alloc(data, blob.length, &ret); memcpy(dest.data, blob.data, blob.length); /* Make sure that we have no tailing garbage in the block */ if (dest.length > blob.length) { memset(dest.data + blob.length, 0, dest.length - blob.length); } return ret; } static uint32_t hbin_store_tdr(struct regf_data *data, tdr_push_fn_t push_fn, void *p) { struct tdr_push *push = tdr_push_init(data); uint32_t ret; if (NT_STATUS_IS_ERR(push_fn(push, p))) { DEBUG(0, ("Error during push\n")); return -1; } ret = hbin_store(data, push->data); talloc_free(push); return ret; } /* Free existing data */ static void hbin_free (struct regf_data *data, uint32_t offset) { int32_t size; uint32_t rel_offset; int32_t next_size; struct hbin_block *hbin; SMB_ASSERT (offset > 0); hbin = hbin_by_offset(data, offset, &rel_offset); if (hbin == NULL) return; /* Get original size */ size = IVALS(hbin->data, rel_offset); if (size > 0) { DEBUG(1, ("Trying to free already freed block at 0x%04x\n", offset)); return; } /* Mark as unused */ size = -size; /* If the next block is free, merge into big free block */ if (rel_offset + size < hbin->offset_to_next - 0x20) { next_size = IVALS(hbin->data, rel_offset+size); if (next_size > 0) { size += next_size; } } /* Write block size */ SIVALS(hbin->data, rel_offset, size); } /** * Store a data blob data was already stored, but has changed in size * Will try to save it at the current location if possible, otherwise * does a free + store */ static uint32_t hbin_store_resize(struct regf_data *data, uint32_t orig_offset, DATA_BLOB blob) { uint32_t rel_offset; struct hbin_block *hbin = hbin_by_offset(data, orig_offset, &rel_offset); int32_t my_size; int32_t orig_size; int32_t needed_size; int32_t possible_size; unsigned int i; SMB_ASSERT(orig_offset > 0); if (!hbin) return hbin_store(data, blob); /* Get original size */ orig_size = -IVALS(hbin->data, rel_offset); needed_size = blob.length + 4; /* Add int32 containing length */ needed_size = (needed_size + 7) & ~7; /* Align */ /* Fits into current allocated block */ if (orig_size >= needed_size) { memcpy(hbin->data + rel_offset + 0x4, blob.data, blob.length); /* If the difference in size is greater than 0x4, split the block * and free/merge it */ if (orig_size - needed_size > 0x4) { SIVALS(hbin->data, rel_offset, -needed_size); SIVALS(hbin->data, rel_offset + needed_size, needed_size-orig_size); hbin_free(data, orig_offset + needed_size); } return orig_offset; } possible_size = orig_size; /* Check if it can be combined with the next few free records */ for (i = rel_offset; i < hbin->offset_to_next - 0x20; i += my_size) { if (IVALS(hbin->data, i) < 0) /* Used */ break; my_size = IVALS(hbin->data, i); if (my_size == 0x0) { DEBUG(0, ("Invalid zero-length block! File is corrupt.\n")); break; } else { possible_size += my_size; } if (possible_size >= blob.length) { SIVAL(hbin->data, rel_offset, -possible_size); memcpy(hbin->data + rel_offset + 0x4, blob.data, blob.length); return orig_offset; } } hbin_free(data, orig_offset); return hbin_store(data, blob); } static uint32_t hbin_store_tdr_resize(struct regf_data *regf, tdr_push_fn_t push_fn, uint32_t orig_offset, void *p) { struct tdr_push *push = tdr_push_init(regf); uint32_t ret; if (NT_STATUS_IS_ERR(push_fn(push, p))) { DEBUG(0, ("Error during push\n")); return -1; } ret = hbin_store_resize(regf, orig_offset, push->data); talloc_free(push); return ret; } static uint32_t regf_create_lh_hash(const char *name) { char *hash_name; uint32_t ret = 0; uint16_t i; hash_name = strupper_talloc(NULL, name); for (i = 0; *(hash_name + i) != 0; i++) { ret *= 37; ret += *(hash_name + i); } talloc_free(hash_name); return ret; } static WERROR regf_get_info(TALLOC_CTX *mem_ctx, const struct hive_key *key, const char **classname, uint32_t *num_subkeys, uint32_t *num_values, NTTIME *last_mod_time, uint32_t *max_subkeynamelen, uint32_t *max_valnamelen, uint32_t *max_valbufsize) { const struct regf_key_data *private_data = (const struct regf_key_data *)key; if (num_subkeys != NULL) *num_subkeys = private_data->nk->num_subkeys; if (num_values != NULL) *num_values = private_data->nk->num_values; if (classname != NULL) { if (private_data->nk->clsname_offset != -1) { DATA_BLOB data = hbin_get(private_data->hive, private_data->nk->clsname_offset); *classname = talloc_strndup(mem_ctx, (char*)data.data, private_data->nk->clsname_length); W_ERROR_HAVE_NO_MEMORY(*classname); } else *classname = NULL; } /* TODO: Last mod time */ /* TODO: max valnamelen */ /* TODO: max valbufsize */ /* TODO: max subkeynamelen */ return WERR_OK; } static struct regf_key_data *regf_get_key(TALLOC_CTX *ctx, struct regf_data *regf, uint32_t offset) { struct nk_block *nk; struct regf_key_data *ret; ret = talloc_zero(ctx, struct regf_key_data); ret->key.ops = ®_backend_regf; ret->hive = talloc_reference(ret, regf); ret->offset = offset; nk = talloc(ret, struct nk_block); if (nk == NULL) return NULL; ret->nk = nk; if (!hbin_get_tdr(regf, offset, nk, (tdr_pull_fn_t)tdr_pull_nk_block, nk)) { DEBUG(0, ("Unable to find HBIN data for offset 0x%x\n", offset)); return NULL; } if (strcmp(nk->header, "nk") != 0) { DEBUG(0, ("Expected nk record, got %s\n", nk->header)); talloc_free(ret); return NULL; } return ret; } static WERROR regf_get_value(TALLOC_CTX *ctx, struct hive_key *key, uint32_t idx, const char **name, uint32_t *data_type, DATA_BLOB *data) { const struct regf_key_data *private_data = (const struct regf_key_data *)key; struct vk_block *vk; struct regf_data *regf = private_data->hive; uint32_t vk_offset; DATA_BLOB tmp; if (idx >= private_data->nk->num_values) return WERR_NO_MORE_ITEMS; tmp = hbin_get(regf, private_data->nk->values_offset); if (!tmp.data) { DEBUG(0, ("Unable to find value list at 0x%x\n", private_data->nk->values_offset)); return WERR_GENERAL_FAILURE; } if (tmp.length < private_data->nk->num_values * 4) { DEBUG(1, ("Value counts mismatch\n")); } vk_offset = IVAL(tmp.data, idx * 4); vk = talloc(NULL, struct vk_block); W_ERROR_HAVE_NO_MEMORY(vk); if (!hbin_get_tdr(regf, vk_offset, vk, (tdr_pull_fn_t)tdr_pull_vk_block, vk)) { DEBUG(0, ("Unable to get VK block at 0x%x\n", vk_offset)); talloc_free(vk); return WERR_GENERAL_FAILURE; } /* FIXME: name character set ?*/ if (name != NULL) { *name = talloc_strndup(ctx, vk->data_name, vk->name_length); W_ERROR_HAVE_NO_MEMORY(*name); } if (data_type != NULL) *data_type = vk->data_type; if (vk->data_length & 0x80000000) { /* this is data of type "REG_DWORD" or "REG_DWORD_BIG_ENDIAN" */ data->data = talloc_size(ctx, sizeof(uint32_t)); W_ERROR_HAVE_NO_MEMORY(data->data); SIVAL(data->data, 0, vk->data_offset); data->length = sizeof(uint32_t); } else { *data = hbin_get(regf, vk->data_offset); } if (data->length < vk->data_length) { DEBUG(1, ("Read data less than indicated data length!\n")); } talloc_free(vk); return WERR_OK; } static WERROR regf_get_value_by_name(TALLOC_CTX *mem_ctx, struct hive_key *key, const char *name, uint32_t *type, DATA_BLOB *data) { unsigned int i; const char *vname; WERROR error; /* FIXME: Do binary search? Is this list sorted at all? */ for (i = 0; W_ERROR_IS_OK(error = regf_get_value(mem_ctx, key, i, &vname, type, data)); i++) { if (!strcmp(vname, name)) return WERR_OK; } if (W_ERROR_EQUAL(error, WERR_NO_MORE_ITEMS)) return WERR_BADFILE; return error; } static WERROR regf_get_subkey_by_index(TALLOC_CTX *ctx, const struct hive_key *key, uint32_t idx, const char **name, const char **classname, NTTIME *last_mod_time) { DATA_BLOB data; struct regf_key_data *ret; const struct regf_key_data *private_data = (const struct regf_key_data *)key; struct nk_block *nk = private_data->nk; uint32_t key_off=0; if (idx >= nk->num_subkeys) return WERR_NO_MORE_ITEMS; /* Make sure that we don't crash if the key is empty */ if (nk->subkeys_offset == -1) { return WERR_NO_MORE_ITEMS; } data = hbin_get(private_data->hive, nk->subkeys_offset); if (!data.data) { DEBUG(0, ("Unable to find subkey list at 0x%x\n", nk->subkeys_offset)); return WERR_GENERAL_FAILURE; } if (!strncmp((char *)data.data, "li", 2)) { struct li_block li; struct tdr_pull *pull = tdr_pull_init(private_data->hive); DEBUG(10, ("Subkeys in LI list\n")); pull->data = data; if (NT_STATUS_IS_ERR(tdr_pull_li_block(pull, nk, &li))) { DEBUG(0, ("Error parsing LI list\n")); talloc_free(pull); return WERR_GENERAL_FAILURE; } talloc_free(pull); SMB_ASSERT(!strncmp(li.header, "li", 2)); if (li.key_count != nk->num_subkeys) { DEBUG(0, ("Subkey counts don't match\n")); return WERR_GENERAL_FAILURE; } key_off = li.nk_offset[idx]; } else if (!strncmp((char *)data.data, "lf", 2)) { struct lf_block lf; struct tdr_pull *pull = tdr_pull_init(private_data->hive); DEBUG(10, ("Subkeys in LF list\n")); pull->data = data; if (NT_STATUS_IS_ERR(tdr_pull_lf_block(pull, nk, &lf))) { DEBUG(0, ("Error parsing LF list\n")); talloc_free(pull); return WERR_GENERAL_FAILURE; } talloc_free(pull); SMB_ASSERT(!strncmp(lf.header, "lf", 2)); if (lf.key_count != nk->num_subkeys) { DEBUG(0, ("Subkey counts don't match\n")); return WERR_GENERAL_FAILURE; } key_off = lf.hr[idx].nk_offset; } else if (!strncmp((char *)data.data, "lh", 2)) { struct lh_block lh; struct tdr_pull *pull = tdr_pull_init(private_data->hive); DEBUG(10, ("Subkeys in LH list\n")); pull->data = data; if (NT_STATUS_IS_ERR(tdr_pull_lh_block(pull, nk, &lh))) { DEBUG(0, ("Error parsing LH list\n")); talloc_free(pull); return WERR_GENERAL_FAILURE; } talloc_free(pull); SMB_ASSERT(!strncmp(lh.header, "lh", 2)); if (lh.key_count != nk->num_subkeys) { DEBUG(0, ("Subkey counts don't match\n")); return WERR_GENERAL_FAILURE; } key_off = lh.hr[idx].nk_offset; } else if (!strncmp((char *)data.data, "ri", 2)) { struct ri_block ri; struct tdr_pull *pull = tdr_pull_init(ctx); uint16_t i; uint16_t sublist_count = 0; DEBUG(10, ("Subkeys in RI list\n")); pull->data = data; if (NT_STATUS_IS_ERR(tdr_pull_ri_block(pull, nk, &ri))) { DEBUG(0, ("Error parsing RI list\n")); talloc_free(pull); return WERR_GENERAL_FAILURE; } SMB_ASSERT(!strncmp(ri.header, "ri", 2)); for (i = 0; i < ri.key_count; i++) { DATA_BLOB list_data; /* Get sublist data blob */ list_data = hbin_get(private_data->hive, ri.offset[i]); if (!list_data.data) { DEBUG(0, ("Error getting RI list.")); talloc_free(pull); return WERR_GENERAL_FAILURE; } pull->data = list_data; if (!strncmp((char *)list_data.data, "li", 2)) { struct li_block li; DEBUG(10, ("Subkeys in RI->LI list\n")); if (NT_STATUS_IS_ERR(tdr_pull_li_block(pull, nk, &li))) { DEBUG(0, ("Error parsing LI list from RI\n")); talloc_free(pull); return WERR_GENERAL_FAILURE; } SMB_ASSERT(!strncmp(li.header, "li", 2)); /* Advance to next sublist if necessary */ if (idx >= sublist_count + li.key_count) { sublist_count += li.key_count; continue; } key_off = li.nk_offset[idx - sublist_count]; sublist_count += li.key_count; break; } else if (!strncmp((char *)list_data.data, "lh", 2)) { struct lh_block lh; DEBUG(10, ("Subkeys in RI->LH list\n")); if (NT_STATUS_IS_ERR(tdr_pull_lh_block(pull, nk, &lh))) { DEBUG(0, ("Error parsing LH list from RI\n")); talloc_free(pull); return WERR_GENERAL_FAILURE; } SMB_ASSERT(!strncmp(lh.header, "lh", 2)); /* Advance to next sublist if necessary */ if (idx >= sublist_count + lh.key_count) { sublist_count += lh.key_count; continue; } key_off = lh.hr[idx - sublist_count].nk_offset; sublist_count += lh.key_count; break; } else { DEBUG(0,("Unknown sublist in ri block\n")); talloc_free(pull); return WERR_GENERAL_FAILURE; } } talloc_free(pull); if (idx > sublist_count) { return WERR_NO_MORE_ITEMS; } } else { DEBUG(0, ("Unknown type for subkey list (0x%04x): %c%c\n", nk->subkeys_offset, data.data[0], data.data[1])); return WERR_GENERAL_FAILURE; } ret = regf_get_key (ctx, private_data->hive, key_off); if (classname != NULL) { if (ret->nk->clsname_offset != -1) { DATA_BLOB db = hbin_get(ret->hive, ret->nk->clsname_offset); *classname = talloc_strndup(ctx, (char*)db.data, ret->nk->clsname_length); W_ERROR_HAVE_NO_MEMORY(*classname); } else *classname = NULL; } if (last_mod_time != NULL) *last_mod_time = ret->nk->last_change; if (name != NULL) *name = talloc_steal(ctx, ret->nk->key_name); talloc_free(ret); return WERR_OK; } static WERROR regf_match_subkey_by_name(TALLOC_CTX *ctx, const struct hive_key *key, uint32_t offset, const char *name, uint32_t *ret) { DATA_BLOB subkey_data; struct nk_block subkey; struct tdr_pull *pull; const struct regf_key_data *private_data = (const struct regf_key_data *)key; subkey_data = hbin_get(private_data->hive, offset); if (!subkey_data.data) { DEBUG(0, ("Unable to retrieve subkey HBIN\n")); return WERR_GENERAL_FAILURE; } pull = tdr_pull_init(ctx); pull->data = subkey_data; if (NT_STATUS_IS_ERR(tdr_pull_nk_block(pull, ctx, &subkey))) { DEBUG(0, ("Error parsing NK structure.\n")); talloc_free(pull); return WERR_GENERAL_FAILURE; } talloc_free(pull); if (strncmp(subkey.header, "nk", 2)) { DEBUG(0, ("Not an NK structure.\n")); return WERR_GENERAL_FAILURE; } if (!strcasecmp(subkey.key_name, name)) { *ret = offset; } else { *ret = 0; } return WERR_OK; } static WERROR regf_get_subkey_by_name(TALLOC_CTX *ctx, const struct hive_key *key, const char *name, struct hive_key **ret) { DATA_BLOB data; const struct regf_key_data *private_data = (const struct regf_key_data *)key; struct nk_block *nk = private_data->nk; uint32_t key_off = 0; /* Make sure that we don't crash if the key is empty */ if (nk->subkeys_offset == -1) { return WERR_BADFILE; } data = hbin_get(private_data->hive, nk->subkeys_offset); if (!data.data) { DEBUG(0, ("Unable to find subkey list\n")); return WERR_GENERAL_FAILURE; } if (!strncmp((char *)data.data, "li", 2)) { struct li_block li; struct tdr_pull *pull = tdr_pull_init(ctx); uint16_t i; DEBUG(10, ("Subkeys in LI list\n")); pull->data = data; if (NT_STATUS_IS_ERR(tdr_pull_li_block(pull, nk, &li))) { DEBUG(0, ("Error parsing LI list\n")); talloc_free(pull); return WERR_GENERAL_FAILURE; } talloc_free(pull); SMB_ASSERT(!strncmp(li.header, "li", 2)); if (li.key_count != nk->num_subkeys) { DEBUG(0, ("Subkey counts don't match\n")); return WERR_GENERAL_FAILURE; } for (i = 0; i < li.key_count; i++) { W_ERROR_NOT_OK_RETURN(regf_match_subkey_by_name(nk, key, li.nk_offset[i], name, &key_off)); if (key_off != 0) break; } if (key_off == 0) return WERR_BADFILE; } else if (!strncmp((char *)data.data, "lf", 2)) { struct lf_block lf; struct tdr_pull *pull = tdr_pull_init(ctx); uint16_t i; DEBUG(10, ("Subkeys in LF list\n")); pull->data = data; if (NT_STATUS_IS_ERR(tdr_pull_lf_block(pull, nk, &lf))) { DEBUG(0, ("Error parsing LF list\n")); talloc_free(pull); return WERR_GENERAL_FAILURE; } talloc_free(pull); SMB_ASSERT(!strncmp(lf.header, "lf", 2)); if (lf.key_count != nk->num_subkeys) { DEBUG(0, ("Subkey counts don't match\n")); return WERR_GENERAL_FAILURE; } for (i = 0; i < lf.key_count; i++) { if (strncmp(lf.hr[i].hash, name, 4)) { continue; } W_ERROR_NOT_OK_RETURN(regf_match_subkey_by_name(nk, key, lf.hr[i].nk_offset, name, &key_off)); if (key_off != 0) break; } if (key_off == 0) return WERR_BADFILE; } else if (!strncmp((char *)data.data, "lh", 2)) { struct lh_block lh; struct tdr_pull *pull = tdr_pull_init(ctx); uint16_t i; uint32_t hash; DEBUG(10, ("Subkeys in LH list\n")); pull->data = data; if (NT_STATUS_IS_ERR(tdr_pull_lh_block(pull, nk, &lh))) { DEBUG(0, ("Error parsing LH list\n")); talloc_free(pull); return WERR_GENERAL_FAILURE; } talloc_free(pull); SMB_ASSERT(!strncmp(lh.header, "lh", 2)); if (lh.key_count != nk->num_subkeys) { DEBUG(0, ("Subkey counts don't match\n")); return WERR_GENERAL_FAILURE; } hash = regf_create_lh_hash(name); for (i = 0; i < lh.key_count; i++) { if (lh.hr[i].base37 != hash) { continue; } W_ERROR_NOT_OK_RETURN(regf_match_subkey_by_name(nk, key, lh.hr[i].nk_offset, name, &key_off)); if (key_off != 0) break; } if (key_off == 0) return WERR_BADFILE; } else if (!strncmp((char *)data.data, "ri", 2)) { struct ri_block ri; struct tdr_pull *pull = tdr_pull_init(ctx); uint16_t i, j; DEBUG(10, ("Subkeys in RI list\n")); pull->data = data; if (NT_STATUS_IS_ERR(tdr_pull_ri_block(pull, nk, &ri))) { DEBUG(0, ("Error parsing RI list\n")); talloc_free(pull); return WERR_GENERAL_FAILURE; } SMB_ASSERT(!strncmp(ri.header, "ri", 2)); for (i = 0; i < ri.key_count; i++) { DATA_BLOB list_data; /* Get sublist data blob */ list_data = hbin_get(private_data->hive, ri.offset[i]); if (list_data.data == NULL) { DEBUG(0, ("Error getting RI list.")); talloc_free(pull); return WERR_GENERAL_FAILURE; } pull->data = list_data; if (!strncmp((char *)list_data.data, "li", 2)) { struct li_block li; if (NT_STATUS_IS_ERR(tdr_pull_li_block(pull, nk, &li))) { DEBUG(0, ("Error parsing LI list from RI\n")); talloc_free(pull); return WERR_GENERAL_FAILURE; } SMB_ASSERT(!strncmp(li.header, "li", 2)); for (j = 0; j < li.key_count; j++) { W_ERROR_NOT_OK_RETURN(regf_match_subkey_by_name(nk, key, li.nk_offset[j], name, &key_off)); if (key_off) break; } } else if (!strncmp((char *)list_data.data, "lh", 2)) { struct lh_block lh; uint32_t hash; if (NT_STATUS_IS_ERR(tdr_pull_lh_block(pull, nk, &lh))) { DEBUG(0, ("Error parsing LH list from RI\n")); talloc_free(pull); return WERR_GENERAL_FAILURE; } SMB_ASSERT(!strncmp(lh.header, "lh", 2)); hash = regf_create_lh_hash(name); for (j = 0; j < lh.key_count; j++) { if (lh.hr[j].base37 != hash) { continue; } W_ERROR_NOT_OK_RETURN(regf_match_subkey_by_name(nk, key, lh.hr[j].nk_offset, name, &key_off)); if (key_off) break; } } if (key_off) break; } talloc_free(pull); if (!key_off) return WERR_BADFILE; } else { DEBUG(0, ("Unknown subkey list type.\n")); return WERR_GENERAL_FAILURE; } *ret = (struct hive_key *)regf_get_key(ctx, private_data->hive, key_off); return WERR_OK; } static WERROR regf_set_sec_desc(struct hive_key *key, const struct security_descriptor *sec_desc) { const struct regf_key_data *private_data = (const struct regf_key_data *)key; struct sk_block cur_sk, sk, new_sk; struct regf_data *regf = private_data->hive; struct nk_block root; DATA_BLOB data; uint32_t sk_offset, cur_sk_offset; bool update_cur_sk = false; /* Get the root nk */ hbin_get_tdr(regf, regf->header->data_offset, regf, (tdr_pull_fn_t) tdr_pull_nk_block, &root); /* Push the security descriptor to a blob */ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_push_struct_blob(&data, regf, sec_desc, (ndr_push_flags_fn_t)ndr_push_security_descriptor))) { DEBUG(0, ("Unable to push security descriptor\n")); return WERR_GENERAL_FAILURE; } /* Get the current security descriptor for the key */ if (!hbin_get_tdr(regf, private_data->nk->sk_offset, regf, (tdr_pull_fn_t) tdr_pull_sk_block, &cur_sk)) { DEBUG(0, ("Unable to find security descriptor for current key\n")); return WERR_BADFILE; } /* If there's no change, change nothing. */ if (memcmp(data.data, cur_sk.sec_desc, MIN(data.length, cur_sk.rec_size)) == 0) { return WERR_OK; } /* Delete the current sk if only this key is using it */ if (cur_sk.ref_cnt == 1) { /* Get the previous security descriptor for the key */ if (!hbin_get_tdr(regf, cur_sk.prev_offset, regf, (tdr_pull_fn_t) tdr_pull_sk_block, &sk)) { DEBUG(0, ("Unable to find prev security descriptor for current key\n")); return WERR_BADFILE; } /* Change and store the previous security descriptor */ sk.next_offset = cur_sk.next_offset; hbin_store_tdr_resize(regf, (tdr_push_fn_t) tdr_push_sk_block, cur_sk.prev_offset, &sk); /* Get the next security descriptor for the key */ if (!hbin_get_tdr(regf, cur_sk.next_offset, regf, (tdr_pull_fn_t) tdr_pull_sk_block, &sk)) { DEBUG(0, ("Unable to find next security descriptor for current key\n")); return WERR_BADFILE; } /* Change and store the next security descriptor */ sk.prev_offset = cur_sk.prev_offset; hbin_store_tdr_resize(regf, (tdr_push_fn_t) tdr_push_sk_block, cur_sk.next_offset, &sk); hbin_free(regf, private_data->nk->sk_offset); } else { /* This key will no longer be referring to this sk */ cur_sk.ref_cnt--; update_cur_sk = true; } sk_offset = root.sk_offset; do { cur_sk_offset = sk_offset; if (!hbin_get_tdr(regf, sk_offset, regf, (tdr_pull_fn_t) tdr_pull_sk_block, &sk)) { DEBUG(0, ("Unable to find security descriptor\n")); return WERR_BADFILE; } if (memcmp(data.data, sk.sec_desc, MIN(data.length, sk.rec_size)) == 0) { private_data->nk->sk_offset = sk_offset; sk.ref_cnt++; hbin_store_tdr_resize(regf, (tdr_push_fn_t) tdr_push_sk_block, sk_offset, &sk); hbin_store_tdr_resize(regf, (tdr_push_fn_t) tdr_push_nk_block, private_data->offset, private_data->nk); return WERR_OK; } sk_offset = sk.next_offset; } while (sk_offset != root.sk_offset); ZERO_STRUCT(new_sk); new_sk.header = "sk"; new_sk.prev_offset = cur_sk_offset; new_sk.next_offset = root.sk_offset; new_sk.ref_cnt = 1; new_sk.rec_size = data.length; new_sk.sec_desc = data.data; sk_offset = hbin_store_tdr(regf, (tdr_push_fn_t) tdr_push_sk_block, &new_sk); if (sk_offset == -1) { DEBUG(0, ("Error storing sk block\n")); return WERR_GENERAL_FAILURE; } private_data->nk->sk_offset = sk_offset; if (update_cur_sk) { hbin_store_tdr_resize(regf, (tdr_push_fn_t) tdr_push_sk_block, private_data->nk->sk_offset, &cur_sk); } /* Get the previous security descriptor for the key */ if (!hbin_get_tdr(regf, new_sk.prev_offset, regf, (tdr_pull_fn_t) tdr_pull_sk_block, &sk)) { DEBUG(0, ("Unable to find security descriptor for previous key\n")); return WERR_BADFILE; } /* Change and store the previous security descriptor */ sk.next_offset = sk_offset; hbin_store_tdr_resize(regf, (tdr_push_fn_t) tdr_push_sk_block, cur_sk.prev_offset, &sk); /* Get the next security descriptor for the key (always root, as we append) */ if (!hbin_get_tdr(regf, new_sk.next_offset, regf, (tdr_pull_fn_t) tdr_pull_sk_block, &sk)) { DEBUG(0, ("Unable to find security descriptor for current key\n")); return WERR_BADFILE; } /* Change and store the next security descriptor (always root, as we append) */ sk.prev_offset = sk_offset; hbin_store_tdr_resize(regf, (tdr_push_fn_t) tdr_push_sk_block, root.sk_offset, &sk); /* Store the nk. */ hbin_store_tdr_resize(regf, (tdr_push_fn_t) tdr_push_sk_block, private_data->offset, private_data->nk); return WERR_OK; } static WERROR regf_get_sec_desc(TALLOC_CTX *ctx, const struct hive_key *key, struct security_descriptor **sd) { const struct regf_key_data *private_data = (const struct regf_key_data *)key; struct sk_block sk; struct regf_data *regf = private_data->hive; DATA_BLOB data; if (!hbin_get_tdr(regf, private_data->nk->sk_offset, ctx, (tdr_pull_fn_t) tdr_pull_sk_block, &sk)) { DEBUG(0, ("Unable to find security descriptor\n")); return WERR_GENERAL_FAILURE; } if (strcmp(sk.header, "sk") != 0) { DEBUG(0, ("Expected 'sk', got '%s'\n", sk.header)); return WERR_GENERAL_FAILURE; } *sd = talloc(ctx, struct security_descriptor); W_ERROR_HAVE_NO_MEMORY(*sd); data.data = sk.sec_desc; data.length = sk.rec_size; if (!NDR_ERR_CODE_IS_SUCCESS(ndr_pull_struct_blob(&data, ctx, *sd, (ndr_pull_flags_fn_t)ndr_pull_security_descriptor))) { DEBUG(0, ("Error parsing security descriptor\n")); return WERR_GENERAL_FAILURE; } return WERR_OK; } static WERROR regf_sl_add_entry(struct regf_data *regf, uint32_t list_offset, const char *name, uint32_t key_offset, uint32_t *ret) { DATA_BLOB data; /* Create a new key if necessary */ if (list_offset == -1) { if (regf->header->version.major != 1) { DEBUG(0, ("Can't store keys in unknown registry format\n")); return WERR_NOT_SUPPORTED; } if (regf->header->version.minor < 3) { /* Store LI */ struct li_block li; ZERO_STRUCT(li); li.header = "li"; li.key_count = 1; li.nk_offset = talloc_array(regf, uint32_t, 1); W_ERROR_HAVE_NO_MEMORY(li.nk_offset); li.nk_offset[0] = key_offset; *ret = hbin_store_tdr(regf, (tdr_push_fn_t) tdr_push_li_block, &li); talloc_free(li.nk_offset); } else if (regf->header->version.minor == 3 || regf->header->version.minor == 4) { /* Store LF */ struct lf_block lf; ZERO_STRUCT(lf); lf.header = "lf"; lf.key_count = 1; lf.hr = talloc_array(regf, struct hash_record, 1); W_ERROR_HAVE_NO_MEMORY(lf.hr); lf.hr[0].nk_offset = key_offset; lf.hr[0].hash = talloc_strndup(lf.hr, name, 4); W_ERROR_HAVE_NO_MEMORY(lf.hr[0].hash); *ret = hbin_store_tdr(regf, (tdr_push_fn_t) tdr_push_lf_block, &lf); talloc_free(lf.hr); } else if (regf->header->version.minor == 5) { /* Store LH */ struct lh_block lh; ZERO_STRUCT(lh); lh.header = "lh"; lh.key_count = 1; lh.hr = talloc_array(regf, struct lh_hash, 1); W_ERROR_HAVE_NO_MEMORY(lh.hr); lh.hr[0].nk_offset = key_offset; lh.hr[0].base37 = regf_create_lh_hash(name); *ret = hbin_store_tdr(regf, (tdr_push_fn_t) tdr_push_lh_block, &lh); talloc_free(lh.hr); } return WERR_OK; } data = hbin_get(regf, list_offset); if (!data.data) { DEBUG(0, ("Unable to find subkey list\n")); return WERR_BADFILE; } if (!strncmp((char *)data.data, "li", 2)) { struct tdr_pull *pull = tdr_pull_init(regf); struct li_block li; struct nk_block sub_nk; int32_t i, j; pull->data = data; if (NT_STATUS_IS_ERR(tdr_pull_li_block(pull, regf, &li))) { DEBUG(0, ("Error parsing LI list\n")); talloc_free(pull); return WERR_BADFILE; } talloc_free(pull); if (strncmp(li.header, "li", 2) != 0) { abort(); DEBUG(0, ("LI header corrupt\n")); return WERR_BADFILE; } /* * Find the position to store the pointer * Extensive testing reveils that at least on windows 7 subkeys * *MUST* be stored in alphabetical order */ for (i = 0; i < li.key_count; i++) { /* Get the nk */ hbin_get_tdr(regf, li.nk_offset[i], regf, (tdr_pull_fn_t) tdr_pull_nk_block, &sub_nk); if (strcasecmp(name, sub_nk.key_name) < 0) { break; } } li.nk_offset = talloc_realloc(regf, li.nk_offset, uint32_t, li.key_count+1); W_ERROR_HAVE_NO_MEMORY(li.nk_offset); /* Move everything behind this offset */ for (j = li.key_count - 1; j >= i; j--) { li.nk_offset[j+1] = li.nk_offset[j]; } li.nk_offset[i] = key_offset; li.key_count++; *ret = hbin_store_tdr_resize(regf, (tdr_push_fn_t)tdr_push_li_block, list_offset, &li); talloc_free(li.nk_offset); } else if (!strncmp((char *)data.data, "lf", 2)) { struct tdr_pull *pull = tdr_pull_init(regf); struct lf_block lf; struct nk_block sub_nk; int32_t i, j; pull->data = data; if (NT_STATUS_IS_ERR(tdr_pull_lf_block(pull, regf, &lf))) { DEBUG(0, ("Error parsing LF list\n")); talloc_free(pull); return WERR_BADFILE; } talloc_free(pull); SMB_ASSERT(!strncmp(lf.header, "lf", 2)); /* * Find the position to store the hash record * Extensive testing reveils that at least on windows 7 subkeys * *MUST* be stored in alphabetical order */ for (i = 0; i < lf.key_count; i++) { /* Get the nk */ hbin_get_tdr(regf, lf.hr[i].nk_offset, regf, (tdr_pull_fn_t) tdr_pull_nk_block, &sub_nk); if (strcasecmp(name, sub_nk.key_name) < 0) { break; } } lf.hr = talloc_realloc(regf, lf.hr, struct hash_record, lf.key_count+1); W_ERROR_HAVE_NO_MEMORY(lf.hr); /* Move everything behind this hash record */ for (j = lf.key_count - 1; j >= i; j--) { lf.hr[j+1] = lf.hr[j]; } lf.hr[i].nk_offset = key_offset; lf.hr[i].hash = talloc_strndup(lf.hr, name, 4); W_ERROR_HAVE_NO_MEMORY(lf.hr[lf.key_count].hash); lf.key_count++; *ret = hbin_store_tdr_resize(regf, (tdr_push_fn_t)tdr_push_lf_block, list_offset, &lf); talloc_free(lf.hr); } else if (!strncmp((char *)data.data, "lh", 2)) { struct tdr_pull *pull = tdr_pull_init(regf); struct lh_block lh; struct nk_block sub_nk; int32_t i, j; pull->data = data; if (NT_STATUS_IS_ERR(tdr_pull_lh_block(pull, regf, &lh))) { DEBUG(0, ("Error parsing LH list\n")); talloc_free(pull); return WERR_BADFILE; } talloc_free(pull); SMB_ASSERT(!strncmp(lh.header, "lh", 2)); /* * Find the position to store the hash record * Extensive testing reveils that at least on windows 7 subkeys * *MUST* be stored in alphabetical order */ for (i = 0; i < lh.key_count; i++) { /* Get the nk */ hbin_get_tdr(regf, lh.hr[i].nk_offset, regf, (tdr_pull_fn_t) tdr_pull_nk_block, &sub_nk); if (strcasecmp(name, sub_nk.key_name) < 0) { break; } } lh.hr = talloc_realloc(regf, lh.hr, struct lh_hash, lh.key_count+1); W_ERROR_HAVE_NO_MEMORY(lh.hr); /* Move everything behind this hash record */ for (j = lh.key_count - 1; j >= i; j--) { lh.hr[j+1] = lh.hr[j]; } lh.hr[i].nk_offset = key_offset; lh.hr[i].base37 = regf_create_lh_hash(name); lh.key_count++; *ret = hbin_store_tdr_resize(regf, (tdr_push_fn_t)tdr_push_lh_block, list_offset, &lh); talloc_free(lh.hr); } else if (!strncmp((char *)data.data, "ri", 2)) { /* FIXME */ DEBUG(0, ("Adding to 'ri' subkey list is not supported yet.\n")); return WERR_NOT_SUPPORTED; } else { DEBUG(0, ("Cannot add to unknown subkey list\n")); return WERR_BADFILE; } return WERR_OK; } static WERROR regf_sl_del_entry(struct regf_data *regf, uint32_t list_offset, uint32_t key_offset, uint32_t *ret) { DATA_BLOB data; data = hbin_get(regf, list_offset); if (!data.data) { DEBUG(0, ("Unable to find subkey list\n")); return WERR_BADFILE; } if (strncmp((char *)data.data, "li", 2) == 0) { struct li_block li; struct tdr_pull *pull = tdr_pull_init(regf); uint16_t i; bool found_offset = false; DEBUG(10, ("Subkeys in LI list\n")); pull->data = data; if (NT_STATUS_IS_ERR(tdr_pull_li_block(pull, regf, &li))) { DEBUG(0, ("Error parsing LI list\n")); talloc_free(pull); return WERR_BADFILE; } talloc_free(pull); SMB_ASSERT(!strncmp(li.header, "li", 2)); for (i = 0; i < li.key_count; i++) { if (found_offset) { li.nk_offset[i-1] = li.nk_offset[i]; } if (li.nk_offset[i] == key_offset) { found_offset = true; continue; } } if (!found_offset) { DEBUG(2, ("Subkey not found\n")); return WERR_BADFILE; } li.key_count--; /* If the there are no entries left, free the subkey list */ if (li.key_count == 0) { hbin_free(regf, list_offset); *ret = -1; } /* Store li block */ *ret = hbin_store_tdr_resize(regf, (tdr_push_fn_t) tdr_push_li_block, list_offset, &li); } else if (strncmp((char *)data.data, "lf", 2) == 0) { struct lf_block lf; struct tdr_pull *pull = tdr_pull_init(regf); uint16_t i; bool found_offset = false; DEBUG(10, ("Subkeys in LF list\n")); pull->data = data; if (NT_STATUS_IS_ERR(tdr_pull_lf_block(pull, regf, &lf))) { DEBUG(0, ("Error parsing LF list\n")); talloc_free(pull); return WERR_BADFILE; } talloc_free(pull); SMB_ASSERT(!strncmp(lf.header, "lf", 2)); for (i = 0; i < lf.key_count; i++) { if (found_offset) { lf.hr[i-1] = lf.hr[i]; continue; } if (lf.hr[i].nk_offset == key_offset) { found_offset = 1; continue; } } if (!found_offset) { DEBUG(2, ("Subkey not found\n")); return WERR_BADFILE; } lf.key_count--; /* If the there are no entries left, free the subkey list */ if (lf.key_count == 0) { hbin_free(regf, list_offset); *ret = -1; return WERR_OK; } /* Store lf block */ *ret = hbin_store_tdr_resize(regf, (tdr_push_fn_t) tdr_push_lf_block, list_offset, &lf); } else if (strncmp((char *)data.data, "lh", 2) == 0) { struct lh_block lh; struct tdr_pull *pull = tdr_pull_init(regf); uint16_t i; bool found_offset = false; DEBUG(10, ("Subkeys in LH list\n")); pull->data = data; if (NT_STATUS_IS_ERR(tdr_pull_lh_block(pull, regf, &lh))) { DEBUG(0, ("Error parsing LF list\n")); talloc_free(pull); return WERR_BADFILE; } talloc_free(pull); SMB_ASSERT(!strncmp(lh.header, "lh", 2)); for (i = 0; i < lh.key_count; i++) { if (found_offset) { lh.hr[i-1] = lh.hr[i]; continue; } if (lh.hr[i].nk_offset == key_offset) { found_offset = 1; continue; } } if (!found_offset) { DEBUG(0, ("Subkey not found\n")); return WERR_BADFILE; } lh.key_count--; /* If the there are no entries left, free the subkey list */ if (lh.key_count == 0) { hbin_free(regf, list_offset); *ret = -1; return WERR_OK; } /* Store lh block */ *ret = hbin_store_tdr_resize(regf, (tdr_push_fn_t) tdr_push_lh_block, list_offset, &lh); } else if (strncmp((char *)data.data, "ri", 2) == 0) { /* FIXME */ DEBUG(0, ("Sorry, deletion from ri block is not supported yet.\n")); return WERR_NOT_SUPPORTED; } else { DEBUG (0, ("Unknown header found in subkey list.\n")); return WERR_BADFILE; } return WERR_OK; } static WERROR regf_del_value(TALLOC_CTX *mem_ctx, struct hive_key *key, const char *name) { struct regf_key_data *private_data = (struct regf_key_data *)key; struct regf_data *regf = private_data->hive; struct nk_block *nk = private_data->nk; struct vk_block vk; uint32_t vk_offset; bool found_offset = false; DATA_BLOB values; unsigned int i; if (nk->values_offset == -1) { return WERR_BADFILE; } values = hbin_get(regf, nk->values_offset); for (i = 0; i < nk->num_values; i++) { if (found_offset) { ((uint32_t *)values.data)[i-1] = ((uint32_t *) values.data)[i]; } else { vk_offset = IVAL(values.data, i * 4); if (!hbin_get_tdr(regf, vk_offset, private_data, (tdr_pull_fn_t)tdr_pull_vk_block, &vk)) { DEBUG(0, ("Unable to get VK block at %d\n", vk_offset)); return WERR_BADFILE; } if (strcmp(vk.data_name, name) == 0) { hbin_free(regf, vk_offset); found_offset = true; } } } if (!found_offset) { return WERR_BADFILE; } else { nk->num_values--; values.length = (nk->num_values)*4; } /* Store values list and nk */ if (nk->num_values == 0) { hbin_free(regf, nk->values_offset); nk->values_offset = -1; } else { nk->values_offset = hbin_store_resize(regf, nk->values_offset, values); } hbin_store_tdr_resize(regf, (tdr_push_fn_t) tdr_push_nk_block, private_data->offset, nk); return regf_save_hbin(private_data->hive, 0); } static WERROR regf_del_key(TALLOC_CTX *mem_ctx, const struct hive_key *parent, const char *name) { const struct regf_key_data *private_data = (const struct regf_key_data *)parent; struct regf_key_data *key; struct nk_block *parent_nk; WERROR error; SMB_ASSERT(private_data); parent_nk = private_data->nk; if (parent_nk->subkeys_offset == -1) { DEBUG(4, ("Subkey list is empty, this key cannot contain subkeys.\n")); return WERR_BADFILE; } /* Find the key */ if (!W_ERROR_IS_OK(regf_get_subkey_by_name(parent_nk, parent, name, (struct hive_key **)&key))) { DEBUG(2, ("Key '%s' not found\n", name)); return WERR_BADFILE; } if (key->nk->subkeys_offset != -1) { char *sk_name; struct hive_key *sk = (struct hive_key *)key; unsigned int i = key->nk->num_subkeys; while (i--) { /* Get subkey information. */ error = regf_get_subkey_by_index(parent_nk, sk, 0, (const char **)&sk_name, NULL, NULL); if (!W_ERROR_IS_OK(error)) { DEBUG(0, ("Can't retrieve subkey by index.\n")); return error; } /* Delete subkey. */ error = regf_del_key(NULL, sk, sk_name); if (!W_ERROR_IS_OK(error)) { DEBUG(0, ("Can't delete key '%s'.\n", sk_name)); return error; } talloc_free(sk_name); } } if (key->nk->values_offset != -1) { char *val_name; struct hive_key *sk = (struct hive_key *)key; DATA_BLOB data; unsigned int i = key->nk->num_values; while (i--) { /* Get value information. */ error = regf_get_value(parent_nk, sk, 0, (const char **)&val_name, NULL, &data); if (!W_ERROR_IS_OK(error)) { DEBUG(0, ("Can't retrieve value by index.\n")); return error; } /* Delete value. */ error = regf_del_value(NULL, sk, val_name); if (!W_ERROR_IS_OK(error)) { DEBUG(0, ("Can't delete value '%s'.\n", val_name)); return error; } talloc_free(val_name); } } /* Delete it from the subkey list. */ error = regf_sl_del_entry(private_data->hive, parent_nk->subkeys_offset, key->offset, &parent_nk->subkeys_offset); if (!W_ERROR_IS_OK(error)) { DEBUG(0, ("Can't store new subkey list for parent key. Won't delete.\n")); return error; } /* Re-store parent key */ parent_nk->num_subkeys--; hbin_store_tdr_resize(private_data->hive, (tdr_push_fn_t) tdr_push_nk_block, private_data->offset, parent_nk); if (key->nk->clsname_offset != -1) { hbin_free(private_data->hive, key->nk->clsname_offset); } hbin_free(private_data->hive, key->offset); return regf_save_hbin(private_data->hive, 0); } static WERROR regf_add_key(TALLOC_CTX *ctx, const struct hive_key *parent, const char *name, const char *classname, struct security_descriptor *sec_desc, struct hive_key **ret) { const struct regf_key_data *private_data = (const struct regf_key_data *)parent; struct nk_block *parent_nk = private_data->nk, nk; struct nk_block *root; struct regf_data *regf = private_data->hive; uint32_t offset; WERROR error; nk.header = "nk"; nk.type = REG_SUB_KEY; unix_to_nt_time(&nk.last_change, time(NULL)); nk.uk1 = 0; nk.parent_offset = private_data->offset; nk.num_subkeys = 0; nk.uk2 = 0; nk.subkeys_offset = -1; nk.unknown_offset = -1; nk.num_values = 0; nk.values_offset = -1; memset(nk.unk3, 0, sizeof(nk.unk3)); nk.clsname_offset = -1; /* FIXME: fill in */ nk.clsname_length = 0; nk.key_name = name; /* Get the security descriptor of the root key */ root = talloc_zero(ctx, struct nk_block); W_ERROR_HAVE_NO_MEMORY(root); if (!hbin_get_tdr(regf, regf->header->data_offset, root, (tdr_pull_fn_t)tdr_pull_nk_block, root)) { DEBUG(0, ("Unable to find HBIN data for offset 0x%x\n", regf->header->data_offset)); return WERR_GENERAL_FAILURE; } nk.sk_offset = root->sk_offset; talloc_free(root); /* Store the new nk key */ offset = hbin_store_tdr(regf, (tdr_push_fn_t) tdr_push_nk_block, &nk); error = regf_sl_add_entry(regf, parent_nk->subkeys_offset, name, offset, &parent_nk->subkeys_offset); if (!W_ERROR_IS_OK(error)) { hbin_free(regf, offset); return error; } parent_nk->num_subkeys++; /* Since the subkey offset of the parent can change, store it again */ hbin_store_tdr_resize(regf, (tdr_push_fn_t) tdr_push_nk_block, nk.parent_offset, parent_nk); *ret = (struct hive_key *)regf_get_key(ctx, regf, offset); DEBUG(9, ("Storing key %s\n", name)); return regf_save_hbin(private_data->hive, 0); } static WERROR regf_set_value(struct hive_key *key, const char *name, uint32_t type, const DATA_BLOB data) { struct regf_key_data *private_data = (struct regf_key_data *)key; struct regf_data *regf = private_data->hive; struct nk_block *nk = private_data->nk; struct vk_block vk; uint32_t i; uint32_t tmp_vk_offset, vk_offset, old_vk_offset = (uint32_t) -1; DATA_BLOB values; ZERO_STRUCT(vk); /* find the value offset, if it exists */ if (nk->values_offset != -1) { values = hbin_get(regf, nk->values_offset); for (i = 0; i < nk->num_values; i++) { tmp_vk_offset = IVAL(values.data, i * 4); if (!hbin_get_tdr(regf, tmp_vk_offset, private_data, (tdr_pull_fn_t)tdr_pull_vk_block, &vk)) { DEBUG(0, ("Unable to get VK block at 0x%x\n", tmp_vk_offset)); return WERR_GENERAL_FAILURE; } if (strcmp(vk.data_name, name) == 0) { old_vk_offset = tmp_vk_offset; break; } } } /* If it's new, create the vk struct, if it's old, free the old data. */ if (old_vk_offset == -1) { vk.header = "vk"; vk.name_length = strlen(name); if (name != NULL && name[0] != 0) { vk.flag = 1; vk.data_name = name; } else { vk.data_name = NULL; vk.flag = 0; } } else { /* Free data, if any */ if (!(vk.data_length & 0x80000000)) { hbin_free(regf, vk.data_offset); } } /* Set the type and data */ vk.data_length = data.length; vk.data_type = type; if ((type == REG_DWORD) || (type == REG_DWORD_BIG_ENDIAN)) { if (vk.data_length != sizeof(uint32_t)) { DEBUG(0, ("DWORD or DWORD_BIG_ENDIAN value with size other than 4 byte!\n")); return WERR_NOT_SUPPORTED; } vk.data_length |= 0x80000000; vk.data_offset = IVAL(data.data, 0); } else { /* Store data somewhere */ vk.data_offset = hbin_store(regf, data); } if (old_vk_offset == -1) { /* Store new vk */ vk_offset = hbin_store_tdr(regf, (tdr_push_fn_t) tdr_push_vk_block, &vk); } else { /* Store vk at offset */ vk_offset = hbin_store_tdr_resize(regf, (tdr_push_fn_t) tdr_push_vk_block, old_vk_offset ,&vk); } /* Re-allocate the value list */ if (nk->values_offset == -1) { nk->values_offset = hbin_store_tdr(regf, (tdr_push_fn_t) tdr_push_uint32, &vk_offset); nk->num_values = 1; } else { /* Change if we're changing, otherwise we're adding the value */ if (old_vk_offset != -1) { /* Find and overwrite the offset. */ for (i = 0; i < nk->num_values; i++) { if (IVAL(values.data, i * 4) == old_vk_offset) { SIVAL(values.data, i * 4, vk_offset); break; } } } else { /* Create a new value list */ DATA_BLOB value_list; value_list.length = (nk->num_values+1)*4; value_list.data = (uint8_t *)talloc_array(private_data, uint32_t, nk->num_values+1); W_ERROR_HAVE_NO_MEMORY(value_list.data); memcpy(value_list.data, values.data, nk->num_values * 4); SIVAL(value_list.data, nk->num_values * 4, vk_offset); nk->num_values++; nk->values_offset = hbin_store_resize(regf, nk->values_offset, value_list); } } hbin_store_tdr_resize(regf, (tdr_push_fn_t) tdr_push_nk_block, private_data->offset, nk); return regf_save_hbin(private_data->hive, 0); } static WERROR regf_save_hbin(struct regf_data *regf, bool flush) { struct tdr_push *push = tdr_push_init(regf); unsigned int i; W_ERROR_HAVE_NO_MEMORY(push); /* Only write once every 5 seconds, or when flush is set */ if (!flush && regf->last_write + 5 >= time(NULL)) { return WERR_OK; } regf->last_write = time(NULL); if (lseek(regf->fd, 0, SEEK_SET) == -1) { DEBUG(0, ("Error lseeking in regf file\n")); return WERR_GENERAL_FAILURE; } /* Recompute checksum */ if (NT_STATUS_IS_ERR(tdr_push_regf_hdr(push, regf->header))) { DEBUG(0, ("Failed to push regf header\n")); return WERR_GENERAL_FAILURE; } regf->header->chksum = regf_hdr_checksum(push->data.data); talloc_free(push); if (NT_STATUS_IS_ERR(tdr_push_to_fd(regf->fd, (tdr_push_fn_t)tdr_push_regf_hdr, regf->header))) { DEBUG(0, ("Error writing registry file header\n")); return WERR_GENERAL_FAILURE; } if (lseek(regf->fd, 0x1000, SEEK_SET) == -1) { DEBUG(0, ("Error lseeking to 0x1000 in regf file\n")); return WERR_GENERAL_FAILURE; } for (i = 0; regf->hbins[i]; i++) { if (NT_STATUS_IS_ERR(tdr_push_to_fd(regf->fd, (tdr_push_fn_t)tdr_push_hbin_block, regf->hbins[i]))) { DEBUG(0, ("Error writing HBIN block\n")); return WERR_GENERAL_FAILURE; } } return WERR_OK; } WERROR reg_create_regf_file(TALLOC_CTX *parent_ctx, const char *location, int minor_version, struct hive_key **key) { struct regf_data *regf; struct regf_hdr *regf_hdr; struct nk_block nk; struct sk_block sk; WERROR error; DATA_BLOB data; struct security_descriptor *sd; uint32_t sk_offset; regf = (struct regf_data *)talloc_zero(NULL, struct regf_data); W_ERROR_HAVE_NO_MEMORY(regf); DEBUG(5, ("Attempting to create registry file\n")); /* Get the header */ regf->fd = creat(location, 0644); if (regf->fd == -1) { DEBUG(0,("Could not create file: %s, %s\n", location, strerror(errno))); talloc_free(regf); return WERR_GENERAL_FAILURE; } regf_hdr = talloc_zero(regf, struct regf_hdr); W_ERROR_HAVE_NO_MEMORY(regf_hdr); regf_hdr->REGF_ID = "regf"; unix_to_nt_time(®f_hdr->modtime, time(NULL)); regf_hdr->version.major = 1; regf_hdr->version.minor = minor_version; regf_hdr->last_block = 0x1000; /* Block size */ regf_hdr->description = talloc_strdup(regf_hdr, "Registry created by Samba 4"); W_ERROR_HAVE_NO_MEMORY(regf_hdr->description); regf_hdr->chksum = 0; regf->header = regf_hdr; /* Create all hbin blocks */ regf->hbins = talloc_array(regf, struct hbin_block *, 1); W_ERROR_HAVE_NO_MEMORY(regf->hbins); regf->hbins[0] = NULL; nk.header = "nk"; nk.type = REG_ROOT_KEY; unix_to_nt_time(&nk.last_change, time(NULL)); nk.uk1 = 0; nk.parent_offset = -1; nk.num_subkeys = 0; nk.uk2 = 0; nk.subkeys_offset = -1; nk.unknown_offset = -1; nk.num_values = 0; nk.values_offset = -1; memset(nk.unk3, 0, 5); nk.clsname_offset = -1; nk.clsname_length = 0; nk.sk_offset = 0x80; nk.key_name = "SambaRootKey"; /* * It should be noted that changing the key_name to something shorter * creates a shorter nk block, which makes the position of the sk block * change. All Windows registries I've seen have the sk at 0x80. * I therefore recommend that our regf files share that offset -- Wilco */ /* Create a security descriptor. */ sd = security_descriptor_dacl_create(regf, 0, NULL, NULL, SID_NT_AUTHENTICATED_USERS, SEC_ACE_TYPE_ACCESS_ALLOWED, SEC_GENERIC_ALL, SEC_ACE_FLAG_OBJECT_INHERIT, NULL); /* Push the security descriptor to a blob */ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_push_struct_blob(&data, regf, sd, (ndr_push_flags_fn_t)ndr_push_security_descriptor))) { DEBUG(0, ("Unable to push security descriptor\n")); return WERR_GENERAL_FAILURE; } ZERO_STRUCT(sk); sk.header = "sk"; sk.prev_offset = 0x80; sk.next_offset = 0x80; sk.ref_cnt = 1; sk.rec_size = data.length; sk.sec_desc = data.data; /* Store the new nk key */ regf->header->data_offset = hbin_store_tdr(regf, (tdr_push_fn_t)tdr_push_nk_block, &nk); /* Store the sk block */ sk_offset = hbin_store_tdr(regf, (tdr_push_fn_t) tdr_push_sk_block, &sk); if (sk_offset != 0x80) { DEBUG(0, ("Error storing sk block, should be at 0x80, stored at 0x%x\n", nk.sk_offset)); return WERR_GENERAL_FAILURE; } *key = (struct hive_key *)regf_get_key(parent_ctx, regf, regf->header->data_offset); error = regf_save_hbin(regf, 1); if (!W_ERROR_IS_OK(error)) { return error; } /* We can drop our own reference now that *key will have created one */ talloc_unlink(NULL, regf); return WERR_OK; } static WERROR regf_flush_key(struct hive_key *key) { struct regf_key_data *private_data = (struct regf_key_data *)key; struct regf_data *regf = private_data->hive; WERROR error; error = regf_save_hbin(regf, 1); if (!W_ERROR_IS_OK(error)) { DEBUG(0, ("Failed to flush regf to disk\n")); return error; } return WERR_OK; } static int regf_destruct(struct regf_data *regf) { WERROR error; /* Write to disk */ error = regf_save_hbin(regf, 1); if (!W_ERROR_IS_OK(error)) { DEBUG(0, ("Failed to flush registry to disk\n")); return -1; } /* Close file descriptor */ close(regf->fd); return 0; } WERROR reg_open_regf_file(TALLOC_CTX *parent_ctx, const char *location, struct hive_key **key) { struct regf_data *regf; struct regf_hdr *regf_hdr; struct tdr_pull *pull; unsigned int i; regf = (struct regf_data *)talloc_zero(parent_ctx, struct regf_data); W_ERROR_HAVE_NO_MEMORY(regf); talloc_set_destructor(regf, regf_destruct); DEBUG(5, ("Attempting to load registry file\n")); /* Get the header */ regf->fd = open(location, O_RDWR); if (regf->fd == -1) { DEBUG(0,("Could not load file: %s, %s\n", location, strerror(errno))); talloc_free(regf); return WERR_GENERAL_FAILURE; } pull = tdr_pull_init(regf); pull->data.data = (uint8_t*)fd_load(regf->fd, &pull->data.length, 0, regf); if (pull->data.data == NULL) { DEBUG(0, ("Error reading data\n")); talloc_free(regf); return WERR_GENERAL_FAILURE; } regf_hdr = talloc(regf, struct regf_hdr); W_ERROR_HAVE_NO_MEMORY(regf_hdr); if (NT_STATUS_IS_ERR(tdr_pull_regf_hdr(pull, regf_hdr, regf_hdr))) { talloc_free(regf); return WERR_GENERAL_FAILURE; } regf->header = regf_hdr; if (strcmp(regf_hdr->REGF_ID, "regf") != 0) { DEBUG(0, ("Unrecognized NT registry header id: %s, %s\n", regf_hdr->REGF_ID, location)); talloc_free(regf); return WERR_GENERAL_FAILURE; } /* Validate the header ... */ if (regf_hdr_checksum(pull->data.data) != regf_hdr->chksum) { DEBUG(0, ("Registry file checksum error: %s: %d,%d\n", location, regf_hdr->chksum, regf_hdr_checksum(pull->data.data))); talloc_free(regf); return WERR_GENERAL_FAILURE; } pull->offset = 0x1000; i = 0; /* Read in all hbin blocks */ regf->hbins = talloc_array(regf, struct hbin_block *, 1); W_ERROR_HAVE_NO_MEMORY(regf->hbins); regf->hbins[0] = NULL; while (pull->offset < pull->data.length && pull->offset <= regf->header->last_block) { struct hbin_block *hbin = talloc(regf->hbins, struct hbin_block); W_ERROR_HAVE_NO_MEMORY(hbin); if (NT_STATUS_IS_ERR(tdr_pull_hbin_block(pull, hbin, hbin))) { DEBUG(0, ("[%d] Error parsing HBIN block\n", i)); talloc_free(regf); return WERR_FOOBAR; } if (strcmp(hbin->HBIN_ID, "hbin") != 0) { DEBUG(0, ("[%d] Expected 'hbin', got '%s'\n", i, hbin->HBIN_ID)); talloc_free(regf); return WERR_FOOBAR; } regf->hbins[i] = hbin; i++; regf->hbins = talloc_realloc(regf, regf->hbins, struct hbin_block *, i+2); regf->hbins[i] = NULL; } talloc_free(pull); DEBUG(1, ("%d HBIN blocks read\n", i)); *key = (struct hive_key *)regf_get_key(parent_ctx, regf, regf->header->data_offset); /* We can drop our own reference now that *key will have created one */ talloc_unlink(parent_ctx, regf); return WERR_OK; } static struct hive_operations reg_backend_regf = { .name = "regf", .get_key_info = regf_get_info, .enum_key = regf_get_subkey_by_index, .get_key_by_name = regf_get_subkey_by_name, .get_value_by_name = regf_get_value_by_name, .enum_value = regf_get_value, .get_sec_desc = regf_get_sec_desc, .set_sec_desc = regf_set_sec_desc, .add_key = regf_add_key, .set_value = regf_set_value, .del_key = regf_del_key, .delete_value = regf_del_value, .flush_key = regf_flush_key };