svn commit: samba r9995 - in branches/SAMBA_4_0/source/lib/registry: .

Sat Sep 3 14:58:01 GMT 2005

Author: jelmer
Date: 2005-09-03 14:58:00 +0000 (Sat, 03 Sep 2005)
New Revision: 9995

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=9995

Log:
Add file describing the REGF file format in IDL. 
(used in reg_backend_nt4.c rewrite)

Added:
   branches/SAMBA_4_0/source/lib/registry/regf.idl


Changeset:
Added: branches/SAMBA_4_0/source/lib/registry/regf.idl
===================================================================

--- branches/SAMBA_4_0/source/lib/registry/regf.idl	2005-09-03 12:45:37 UTC (rev 9994)
+++ branches/SAMBA_4_0/source/lib/registry/regf.idl	2005-09-03 14:58:00 UTC (rev 9995)
@@ -0,0 +1,154 @@
+/*
+ Definitions for the REGF registry file format as used by 
+ Windows NT4 and above. 
+
+ Written by Jelmer Vernooij, 2005
+   
+ Based on two files from Samba 3:
+ 	regedit.c by Richard Sharpe
+    regfio.c by Jerry Carter
+ 
+ Thanks to Wilco Baan Hofman for some of the info on li and ri fields.
+*/
+
+interface regf
+{
+	typedef struct {
+		uint32 major; 
+		uint32 minor;
+		uint32 release;
+		uint32 build;
+	} regf_version;
+
+	/* 1.3.0.1 for WinNT 4
+	 * 1.5.0.1 for WinXP
+	 */
+	
+
+	/* 
+		"regf" is obviously the abbreviation for "Registry file". "regf" is the
+		signature of the header-block which is always 4kb in size, although only
+		the first 64 bytes seem to be used and a checksum is calculated over
+		the first 0x200 bytes only!
+	 */
+	
+	typedef [public] struct {
+		[charset(DOS)] uint8 REGF_ID[4];     /* 'regf' */
+		uint32 update_counter1;
+		uint32 update_counter2;
+		NTTIME modtime;
+		regf_version version;
+		uint32 data_offset;       
+		uint32 last_block;
+		[value(1)] uint32 uk7;        		/* 1 */
+		[charset(UTF16)] uint16 description[0x40];
+		uint32 padding[83]; 					/* Padding */
+		/* Checksum of first 0x200 bytes XOR-ed */
+		uint32 chksum;  
+	} regf_hdr;
+
+	/* 
+		hbin probably means hive-bin (what bin stands for I don't know)
+		This block is always a multiple
+		of 4kb in size.
+     */
+	typedef [public] struct {
+		[charset(DOS)] uint8 HBIN_ID[4]; /* hbin */
+		uint32 off_from_first; /* Offset from 1st hbin-Block */
+		uint32 off_to_next;	   /* Offset to the next hbin-Block */
+		uint32 unknown[2];
+		NTTIME last_change;
+		uint32 block_size;	   /* Block size */
+		uint8 data[block_size]; /* Filled with hbin_data blocks */
+	} hbin_block;
+
+	typedef struct {
+		uint32 length;
+		[charset(DOS)] uint8 header[2]; /* li, lh, ri, nk, vk, sk, lf or \0\0 */
+		uint8 data[length-2];
+	} hbin_data;
+
+	typedef enum { 
+		REG_ROOT_KEY = 0x20, 
+		REG_SUB_KEY = 0x2C, 
+		REG_SYM_LINK = 0x10 
+	} reg_key_type;
+
+	/*
+      The nk-record can be treated as a combination of tree-record and
+      key-record of the win 95 registry.
+	*/
+	typedef struct {
+		reg_key_type type;
+		NTTIME last_change;
+		uint32 uk1;
+		uint32 parent_offset;
+		uint32 num_subkeys;
+		uint32 uk2;
+		uint32 subkeys_offset;
+		uint32 uk3;
+		uint32 num_values;
+		uint32 values_offset;
+		uint32 sk_offset;
+		uint32 clsnam_offset;
+		uint32 unk4[5];
+		uint16 name_length;
+		uint16 clsname_length;
+		[charset(DOS)] uint8 key_name[name_length];  
+	} nk_block;
+
+	/* sk (? Security Key ?) is the ACL of the registry. */
+	typedef struct {
+		uint16 uk1;
+		uint32 prev_offset;
+		uint32 next_offset;
+		uint32 ref_cnt;
+		uint32 rec_size;
+		uint8 sec_desc[rec_size]; 
+	} sk_block;
+
+	typedef struct {
+			uint32 offset_nk;
+			uint32 base37; /* base37 of key name */
+	} lh_hash;
+	
+	typedef struct {
+		uint16 key_count;
+		lh_hash hashes[key_count];
+	} lh_block;
+
+	typedef struct {
+		uint16 key_count;
+		uint32 offset_nk[key_count];
+	} li_block;
+
+	typedef struct {
+		uint16 key_count;
+		uint32 offset[key_count]; /* li/lh offset */
+	} ri_block;
+
+	/* The vk-record consists information to a single value (value key). */
+	typedef struct {
+		uint16 name_length;
+		uint32 data_length;    /* If top-bit set, offset contains the data */
+		uint32 data_offset;
+		uint32 data_type;
+		uint16 flag;        /* =1, has name, else no name (=Default). */
+		uint16 unk1;
+		[charset(DOS)] uint8 data_name[name_length]; 
+	} vk_block;
+
+	typedef struct {
+		uint32 nk_off;
+		uint8 hash[4];
+	} hash_record;
+
+	/*
+      The lf-record is the counterpart to the RGKN-record (the
+      hash-function)
+	*/
+	typedef struct {
+		uint16 key_count;
+		hash_record hr[key_count];  /* Array of hash records, depending on key_count */
+	} lf_block;
+}

