reactos/ntoskrnl/config/cmparse.c

/*
 * PROJECT:         ReactOS Kernel
 * LICENSE:         GPL - See COPYING in the top level directory
 * FILE:            ntoskrnl/config/cmparse.c
 * PURPOSE:         Configuration Manager - Object Manager Parse Interface
 * PROGRAMMERS:     Alex Ionescu (alex.ionescu@reactos.org)
 */

/* INCLUDES ******************************************************************/

#include "ntoskrnl.h"
#define NDEBUG
#include "debug.h"

/* GLOBALS *******************************************************************/

/* FUNCTIONS *****************************************************************/

BOOLEAN
NTAPI
CmpGetNextName(IN OUT PUNICODE_STRING RemainingName,
               OUT PUNICODE_STRING NextName,
               OUT PBOOLEAN LastName)
{
    BOOLEAN NameValid = TRUE;

    ASSERT(RemainingName->Length % sizeof(WCHAR) == 0);

    /* Check if there's nothing left in the name */
    if (!(RemainingName->Buffer) ||
        (!RemainingName->Length) ||
        !(*RemainingName->Buffer))
    {
        /* Clear the next name and set this as last */
        *LastName = TRUE;
        NextName->Buffer = NULL;
        NextName->Length = 0;
        return TRUE;
    }

    /* Check if we have a path separator */
    while (RemainingName->Length &&
           (*RemainingName->Buffer == OBJ_NAME_PATH_SEPARATOR))
    {
        /* Skip it */
        RemainingName->Buffer++;
        RemainingName->Length -= sizeof(WCHAR);
        RemainingName->MaximumLength -= sizeof(WCHAR);
    }

    /* Start loop at where the current buffer is */
    NextName->Buffer = RemainingName->Buffer;
    while (RemainingName->Length &&
           (*RemainingName->Buffer != OBJ_NAME_PATH_SEPARATOR))
    {
        /* Move to the next character */
        RemainingName->Buffer++;
        RemainingName->Length -= sizeof(WCHAR);
        RemainingName->MaximumLength -= sizeof(WCHAR);
    }

    /* See how many chars we parsed and validate the length */
    NextName->Length = (USHORT)((ULONG_PTR)RemainingName->Buffer -
                                (ULONG_PTR)NextName->Buffer);
    if (NextName->Length > 512) NameValid = FALSE;
    NextName->MaximumLength = NextName->Length;

    /* If there's nothing left, we're last */
    *LastName = !RemainingName->Length;
    return NameValid;
}

BOOLEAN
NTAPI
CmpGetSymbolicLink(IN PHHIVE Hive,
                   IN OUT PUNICODE_STRING ObjectName,
                   IN OUT PCM_KEY_CONTROL_BLOCK SymbolicKcb,
                   IN PUNICODE_STRING RemainingName OPTIONAL)
{
    HCELL_INDEX LinkCell = HCELL_NIL;
    PCM_KEY_VALUE LinkValue = NULL;
    PWSTR LinkName = NULL;
    BOOLEAN LinkNameAllocated = FALSE;
    PWSTR NewBuffer;
    ULONG Length = 0;
    ULONG ValueLength = 0;
    BOOLEAN Result = FALSE;
    HCELL_INDEX CellToRelease = HCELL_NIL;
    PCM_KEY_NODE Node;
    UNICODE_STRING NewObjectName;

    /* Make sure we're not being deleted */
    if (SymbolicKcb->Delete) return FALSE;

    /* Get the key node */
    Node = (PCM_KEY_NODE)HvGetCell(SymbolicKcb->KeyHive, SymbolicKcb->KeyCell);
    if (!Node) goto Exit;

    /* Find the symbolic link key */
    LinkCell = CmpFindValueByName(Hive, Node, &CmSymbolicLinkValueName);
    HvReleaseCell(SymbolicKcb->KeyHive, SymbolicKcb->KeyCell);
    if (LinkCell == HCELL_NIL) goto Exit;

    /* Get the value cell */
    LinkValue = (PCM_KEY_VALUE)HvGetCell(Hive, LinkCell);
    if (!LinkValue) goto Exit;

    /* Make sure it's a registry link */
    if (LinkValue->Type != REG_LINK) goto Exit;

    /* Now read the value data */
    if (!CmpGetValueData(Hive,
                         LinkValue,
                         &ValueLength,
                         (PVOID*)&LinkName,
                         &LinkNameAllocated,
                         &CellToRelease))
    {
        /* Fail */
        goto Exit;
    }

    /* Get the length */
    Length = ValueLength + sizeof(WCHAR);

    /* Make sure we start with a slash */
    if (*LinkName != OBJ_NAME_PATH_SEPARATOR) goto Exit;

    /* Add the remaining name if needed */
    if (RemainingName) Length += RemainingName->Length + sizeof(WCHAR);

    /* Check for overflow */
    if (Length > 0xFFFF) goto Exit;

    /* Check if we need a new buffer */
    if (Length > ObjectName->MaximumLength)
    {
        /* We do -- allocate one */
        NewBuffer = ExAllocatePoolWithTag(PagedPool, Length, TAG_CM);
        if (!NewBuffer) goto Exit;

        /* Setup the new string and copy the symbolic target */
        NewObjectName.Buffer = NewBuffer;
        NewObjectName.MaximumLength = (USHORT)Length;
        NewObjectName.Length = (USHORT)ValueLength;
        RtlCopyMemory(NewBuffer, LinkName, ValueLength);

        /* Check if we need to add anything else */
        if (RemainingName)
        {
            /* Add the remaining name */
            NewBuffer[ValueLength / sizeof(WCHAR)] = OBJ_NAME_PATH_SEPARATOR;
            NewObjectName.Length += sizeof(WCHAR);
            RtlAppendUnicodeStringToString(&NewObjectName, RemainingName);
        }

        /* Free the old buffer */
        ExFreePool(ObjectName->Buffer);
        *ObjectName = NewObjectName;
    }
    else
    {
        /* The old name is large enough -- update the length */
        ObjectName->Length = (USHORT)ValueLength;
        if (RemainingName)
        {
            /* Copy the remaining name inside */
            RtlMoveMemory(&ObjectName->Buffer[(ValueLength / sizeof(WCHAR)) + 1],
                          RemainingName->Buffer,
                          RemainingName->Length);

            /* Add the slash and update the length */
            ObjectName->Buffer[ValueLength / sizeof(WCHAR)] = OBJ_NAME_PATH_SEPARATOR;
            ObjectName->Length += RemainingName->Length + sizeof(WCHAR);
        }

        /* Copy the symbolic link target name */
        RtlCopyMemory(ObjectName->Buffer, LinkName, ValueLength);
    }

    /* Null-terminate the whole thing */
    ObjectName->Buffer[ObjectName->Length / sizeof(WCHAR)] = UNICODE_NULL;
    Result = TRUE;

Exit:
    /* Free the link name */
    if (LinkNameAllocated) ExFreePool(LinkName);

    /* Check if we had a value cell */
    if (LinkValue)
    {
        /* Release it */
        ASSERT(LinkCell != HCELL_NIL);
        HvReleaseCell(Hive, LinkCell);
    }

    /* Check if we had an active cell and release it, then return the result */
    if (CellToRelease != HCELL_NIL) HvReleaseCell(Hive, CellToRelease);
    return Result;
}

NTSTATUS
NTAPI
CmpDoCreateChild(IN PHHIVE Hive,
                 IN HCELL_INDEX ParentCell,
                 IN PSECURITY_DESCRIPTOR ParentDescriptor OPTIONAL,
                 IN PACCESS_STATE AccessState,
                 IN PUNICODE_STRING Name,
                 IN KPROCESSOR_MODE AccessMode,
                 IN PCM_PARSE_CONTEXT ParseContext,
                 IN PCM_KEY_CONTROL_BLOCK ParentKcb,
                 IN ULONG Flags,
                 OUT PHCELL_INDEX KeyCell,
                 OUT PVOID *Object)
{
    NTSTATUS Status = STATUS_SUCCESS;
    PCM_KEY_BODY KeyBody;
    HCELL_INDEX ClassCell = HCELL_NIL;
    PCM_KEY_NODE KeyNode;
    PCELL_DATA CellData;
    ULONG StorageType;
    PCM_KEY_CONTROL_BLOCK Kcb;
    PSECURITY_DESCRIPTOR NewDescriptor;

    /* Get the storage type */
    StorageType = Stable;
    if (ParseContext->CreateOptions & REG_OPTION_VOLATILE) StorageType = Volatile;

    /* Allocate the child */
    *KeyCell = HvAllocateCell(Hive,
                              FIELD_OFFSET(CM_KEY_NODE, Name) +
                              CmpNameSize(Hive, Name),
                              StorageType,
                              HCELL_NIL);
    if (*KeyCell == HCELL_NIL)
    {
        /* Fail */
        Status = STATUS_INSUFFICIENT_RESOURCES;
        goto Quickie;
    }

    /* Get the key node */
    KeyNode = (PCM_KEY_NODE)HvGetCell(Hive, *KeyCell);
    if (!KeyNode)
    {
        /* Fail, this should never happen */
        ASSERT(FALSE);
        Status = STATUS_INSUFFICIENT_RESOURCES;
        goto Quickie;
    }

    /* Release the cell */
    HvReleaseCell(Hive, *KeyCell);

    /* Check if we have a class name */
    if (ParseContext->Class.Length > 0)
    {
        /* Allocate a class cell */
        ClassCell = HvAllocateCell(Hive,
                                   ParseContext->Class.Length,
                                   StorageType,
                                   HCELL_NIL);
        if (ClassCell == HCELL_NIL)
        {
            /* Fail */
            Status = STATUS_INSUFFICIENT_RESOURCES;
            goto Quickie;
        }
    }

    /* Allocate the Cm Object */
    Status = ObCreateObject(AccessMode,
                            CmpKeyObjectType,
                            NULL,
                            AccessMode,
                            NULL,
                            sizeof(CM_KEY_BODY),
                            0,
                            0,
                            Object);
    if (!NT_SUCCESS(Status)) goto Quickie;

    /* Setup the key body */
    KeyBody = (PCM_KEY_BODY)(*Object);
    KeyBody->Type = CM_KEY_BODY_TYPE;
    KeyBody->KeyControlBlock = NULL;
    KeyBody->KcbLocked = FALSE;

    /* Check if we had a class */
    if (ParseContext->Class.Length > 0)
    {
        /* Get the class cell */
        CellData = HvGetCell(Hive, ClassCell);
        if (!CellData)
        {
            /* Fail, this should never happen */
            ASSERT(FALSE);
            Status = STATUS_INSUFFICIENT_RESOURCES;
            ObDereferenceObject(*Object);
            goto Quickie;
        }

        /* Release the cell */
        HvReleaseCell(Hive, ClassCell);

        /* Copy the class data */
        RtlCopyMemory(&CellData->u.KeyString[0],
                      ParseContext->Class.Buffer,
                      ParseContext->Class.Length);
    }

    /* Fill out the key node */
    KeyNode->Signature = CM_KEY_NODE_SIGNATURE;
    KeyNode->Flags = Flags;
    KeQuerySystemTime(&KeyNode->LastWriteTime);
    KeyNode->Spare = 0;
    KeyNode->Parent = ParentCell;
    KeyNode->SubKeyCounts[Stable] = 0;
    KeyNode->SubKeyCounts[Volatile] = 0;
    KeyNode->SubKeyLists[Stable] = HCELL_NIL;
    KeyNode->SubKeyLists[Volatile] = HCELL_NIL;
    KeyNode->ValueList.Count = 0;
    KeyNode->ValueList.List = HCELL_NIL;
    KeyNode->Security = HCELL_NIL;
    KeyNode->Class = ClassCell;
    KeyNode->ClassLength = ParseContext->Class.Length;
    KeyNode->MaxValueDataLen = 0;
    KeyNode->MaxNameLen = 0;
    KeyNode->MaxValueNameLen = 0;
    KeyNode->MaxClassLen = 0;
    KeyNode->NameLength = CmpCopyName(Hive, KeyNode->Name, Name);
    if (KeyNode->NameLength < Name->Length) KeyNode->Flags |= KEY_COMP_NAME;

    /* Create the KCB */
    Kcb = CmpCreateKeyControlBlock(Hive,
                                   *KeyCell,
                                   KeyNode,
                                   ParentKcb,
                                   CMP_LOCK_HASHES_FOR_KCB,
                                   Name);
    if (!Kcb)
    {
        /* Fail */
        ObDereferenceObjectDeferDelete(*Object);
        Status = STATUS_INSUFFICIENT_RESOURCES;
        goto Quickie;
    }

    /* Sanity check */
    ASSERT(Kcb->RefCount == 1);

    /* Now fill out the Cm object */
    KeyBody->NotifyBlock = NULL;
    KeyBody->ProcessID = PsGetCurrentProcessId();
    KeyBody->KeyControlBlock = Kcb;

    /* Link it with the KCB */
    EnlistKeyBodyWithKCB(KeyBody, CMP_ENLIST_KCB_LOCKED_EXCLUSIVE);

    /* Assign security */
    Status = SeAssignSecurity(ParentDescriptor,
                              AccessState->SecurityDescriptor,
                              &NewDescriptor,
                              TRUE,
                              &AccessState->SubjectSecurityContext,
                              &CmpKeyObjectType->TypeInfo.GenericMapping,
                              CmpKeyObjectType->TypeInfo.PoolType);
    if (NT_SUCCESS(Status))
    {
        /*
         * FIXME: We must acquire a security lock when assigning
         * a security descriptor to this hive but since the
         * CmpAssignSecurityDescriptor function does nothing
         * (we lack the necessary security management implementations
         * anyway), do not do anything for now.
         */
        Status = CmpAssignSecurityDescriptor(Kcb, NewDescriptor);
    }

    /* Now that the security descriptor is copied in the hive, we can free the original */
    SeDeassignSecurity(&NewDescriptor);

    if (NT_SUCCESS(Status))
    {
        /* Send notification to registered callbacks */
        CmpReportNotify(Kcb, Hive, Kcb->KeyCell, REG_NOTIFY_CHANGE_NAME);
    }

Quickie:
    /* Check if we got here because of failure */
    if (!NT_SUCCESS(Status))
    {
        /* Free any cells we might've allocated */
        if (ParseContext->Class.Length > 0) HvFreeCell(Hive, ClassCell);
        HvFreeCell(Hive, *KeyCell);
    }

    /* Return status */
    return Status;
}

NTSTATUS
NTAPI
CmpDoCreate(IN PHHIVE Hive,
            IN HCELL_INDEX Cell,
            IN PACCESS_STATE AccessState,
            IN PUNICODE_STRING Name,
            IN KPROCESSOR_MODE AccessMode,
            IN PCM_PARSE_CONTEXT ParseContext,
            IN PCM_KEY_CONTROL_BLOCK ParentKcb,
            OUT PVOID *Object)
{
    NTSTATUS Status;
    PCELL_DATA CellData;
    HCELL_INDEX KeyCell;
    ULONG ParentType;
    PCM_KEY_BODY KeyBody;
    PSECURITY_DESCRIPTOR SecurityDescriptor = NULL;
    LARGE_INTEGER TimeStamp;
    PCM_KEY_NODE KeyNode;

    /* Make sure the KCB is locked and lock the flusher */
    CMP_ASSERT_KCB_LOCK(ParentKcb);
    CmpLockHiveFlusherShared((PCMHIVE)Hive);

    /* Bail out on read-only KCBs */
    if (ParentKcb->ExtFlags & CM_KCB_READ_ONLY_KEY)
    {
        Status = STATUS_ACCESS_DENIED;
        goto Exit;
    }

    /* Check if the parent is being deleted */
    if (ParentKcb->Delete)
    {
        /* It has, quit */
        ASSERT(FALSE);
        Status = STATUS_OBJECT_NAME_NOT_FOUND;
        goto Exit;
    }

    /* Get the parent node */
    KeyNode = (PCM_KEY_NODE)HvGetCell(Hive, Cell);
    if (!KeyNode)
    {
        /* Fail */
        ASSERT(FALSE);
        Status = STATUS_INSUFFICIENT_RESOURCES;
        goto Exit;
    }

    /* Make sure nobody added us yet */
    if (CmpFindSubKeyByName(Hive, KeyNode, Name) != HCELL_NIL)
    {
        /* Fail */
        ASSERT(FALSE);
        Status = STATUS_REPARSE;
        goto Exit;
    }

    /* Sanity check */
    ASSERT(Cell == ParentKcb->KeyCell);

    /* Get the parent type */
    ParentType = HvGetCellType(Cell);
    if ((ParentType == Volatile) &&
        !(ParseContext->CreateOptions & REG_OPTION_VOLATILE))
    {
        /* Children of volatile parents must also be volatile */
        //ASSERT(FALSE);
        Status = STATUS_CHILD_MUST_BE_VOLATILE;
        goto Exit;
    }

    /* Don't allow children under symlinks */
    if (ParentKcb->Flags & KEY_SYM_LINK)
    {
        /* Fail */
        ASSERT(FALSE);
        Status = STATUS_ACCESS_DENIED;
        goto Exit;
    }

    /* Make the cell dirty for now */
    HvMarkCellDirty(Hive, Cell, FALSE);

    /* Do the actual create operation */
    Status = CmpDoCreateChild(Hive,
                              Cell,
                              SecurityDescriptor,
                              AccessState,
                              Name,
                              AccessMode,
                              ParseContext,
                              ParentKcb,
                              0,
                              &KeyCell,
                              Object);
    if (NT_SUCCESS(Status))
    {
        /* Get the key body */
        KeyBody = (PCM_KEY_BODY)(*Object);

        /* Now add the subkey */
        if (!CmpAddSubKey(Hive, Cell, KeyCell))
        {
            /* Free the created child */
            CmpFreeKeyByCell(Hive, KeyCell, FALSE);

            /* Purge out this KCB */
            KeyBody->KeyControlBlock->Delete = TRUE;
            CmpRemoveKeyControlBlock(KeyBody->KeyControlBlock);

            /* And cleanup the key body object */
            ObDereferenceObjectDeferDelete(*Object);
            Status = STATUS_INSUFFICIENT_RESOURCES;
            goto Exit;
        }

        /* Get the key node */
        KeyNode = (PCM_KEY_NODE)HvGetCell(Hive, Cell);
        if (!KeyNode)
        {
            /* Fail, this shouldn't happen */
            CmpFreeKeyByCell(Hive, KeyCell, TRUE); // Subkey linked above

            /* Purge out this KCB */
            KeyBody->KeyControlBlock->Delete = TRUE;
            CmpRemoveKeyControlBlock(KeyBody->KeyControlBlock);

            /* And cleanup the key body object */
            ObDereferenceObjectDeferDelete(*Object);
            Status = STATUS_INSUFFICIENT_RESOURCES;
            goto Exit;
        }

        /* Clean up information on this subkey */
        CmpCleanUpSubKeyInfo(KeyBody->KeyControlBlock->ParentKcb);

        /* Sanity checks */
        ASSERT(KeyBody->KeyControlBlock->ParentKcb->KeyCell == Cell);
        ASSERT(KeyBody->KeyControlBlock->ParentKcb->KeyHive == Hive);
        ASSERT(KeyBody->KeyControlBlock->ParentKcb == ParentKcb);
        ASSERT(KeyBody->KeyControlBlock->ParentKcb->KcbMaxNameLen == KeyNode->MaxNameLen);

        /* Update the timestamp */
        KeQuerySystemTime(&TimeStamp);
        KeyNode->LastWriteTime = TimeStamp;
        KeyBody->KeyControlBlock->ParentKcb->KcbLastWriteTime = TimeStamp;

        /* Check if we need to update name maximum */
        if (KeyNode->MaxNameLen < Name->Length)
        {
            /* Do it */
            KeyNode->MaxNameLen = Name->Length;
            KeyBody->KeyControlBlock->ParentKcb->KcbMaxNameLen = Name->Length;
        }

        /* Check if we need to update class length maximum */
        if (KeyNode->MaxClassLen < ParseContext->Class.Length)
        {
            /* Update it */
            KeyNode->MaxClassLen = ParseContext->Class.Length;
        }

        /* Check if we're creating a symbolic link */
        if (ParseContext->CreateOptions & REG_OPTION_CREATE_LINK)
        {
            /* Get the cell data */
            CellData = HvGetCell(Hive, KeyCell);
            if (!CellData)
            {
                /* This shouldn't happen */
                CmpFreeKeyByCell(Hive, KeyCell, TRUE); // Subkey linked above

                /* Purge out this KCB */
                KeyBody->KeyControlBlock->Delete = TRUE;
                CmpRemoveKeyControlBlock(KeyBody->KeyControlBlock);

                /* And cleanup the key body object */
                ObDereferenceObjectDeferDelete(*Object);
                Status = STATUS_INSUFFICIENT_RESOURCES;
                goto Exit;
            }

            /* Update the flags */
            CellData->u.KeyNode.Flags |= KEY_SYM_LINK;
            KeyBody->KeyControlBlock->Flags = CellData->u.KeyNode.Flags;
            HvReleaseCell(Hive, KeyCell);
        }
    }

Exit:
    /* Release the flusher lock and return status */
    CmpUnlockHiveFlusher((PCMHIVE)Hive);
    return Status;
}

NTSTATUS
NTAPI
CmpDoOpen(IN PHHIVE Hive,
          IN HCELL_INDEX Cell,
          IN PCM_KEY_NODE Node,
          IN PACCESS_STATE AccessState,
          IN KPROCESSOR_MODE AccessMode,
          IN ULONG Attributes,
          IN PCM_PARSE_CONTEXT Context OPTIONAL,
          IN ULONG ControlFlags,
          IN OUT PCM_KEY_CONTROL_BLOCK *CachedKcb,
          IN PULONG KcbsLocked,
          IN PUNICODE_STRING KeyName,
          OUT PVOID *Object)
{
    NTSTATUS Status;
    BOOLEAN LockKcb = FALSE;
    BOOLEAN IsLockShared = FALSE;
    PCM_KEY_BODY KeyBody = NULL;
    PCM_KEY_CONTROL_BLOCK Kcb = NULL;

    /* Make sure the hive isn't locked */
    if ((Hive->HiveFlags & HIVE_IS_UNLOADING) &&
        (((PCMHIVE)Hive)->CreatorOwner != KeGetCurrentThread()))
    {
        /* It is, don't touch it */
        return STATUS_OBJECT_NAME_NOT_FOUND;
    }

    /* Check if we have a context */
    if (Context)
    {
        /* Check if this is a link create (which shouldn't be an open) */
        if (Context->CreateLink)
        {
            return STATUS_ACCESS_DENIED;
        }

        /* Check if this is symlink create attempt */
        if (Context->CreateOptions & REG_OPTION_CREATE_LINK)
        {
            /* Key already exists */
            return STATUS_OBJECT_NAME_COLLISION;
        }

        /* Set the disposition */
        Context->Disposition = REG_OPENED_EXISTING_KEY;
    }

    /* Lock the KCB on creation if asked */
    if (ControlFlags & CMP_CREATE_KCB_KCB_LOCKED)
    {
        LockKcb = TRUE;
    }

    /* Check if caller doesn't want to create a KCB */
    if (ControlFlags & CMP_OPEN_KCB_NO_CREATE)
    {
        /*
         * The caller doesn't want to create a KCB. This means the KCB
         * is already in cache and other threads may take use of it
         * so it has to be locked in share mode.
         */
        IsLockShared = TRUE;

        /* Check if this is a symlink */
        if (((*CachedKcb)->Flags & KEY_SYM_LINK) && !(Attributes & OBJ_OPENLINK))
        {
            /* Is this symlink found? */
            if ((*CachedKcb)->ExtFlags & CM_KCB_SYM_LINK_FOUND)
            {
                /* Get the real KCB, is this deleted? */
                Kcb = (*CachedKcb)->ValueCache.RealKcb;
                if (Kcb->Delete)
                {
                    /*
                     * The real KCB is gone, do a reparse. We used to lock the KCB in
                     * shared mode as others may have taken use of it but since we
                     * must do a reparse of the key the only thing that matter is us.
                     * Lock the KCB exclusively so nobody is going to mess with the KCB.
                     */
                    DPRINT1("The real KCB is deleted, attempt a reparse\n");
                    CmpUnLockKcbArray(KcbsLocked);
                    CmpAcquireKcbLockExclusiveByIndex(GET_HASH_INDEX((*CachedKcb)->ConvKey));
                    CmpCleanUpKcbValueCache(*CachedKcb);
                    KcbsLocked[0] = 1;
                    KcbsLocked[1] = GET_HASH_INDEX((*CachedKcb)->ConvKey);
                    return STATUS_REPARSE;
                }

                /*
                 * The symlink has been found. As in the similar case above,
                 * the KCB of the symlink exclusively, we don't want anybody
                 * to mess it up.
                 */
                CmpUnLockKcbArray(KcbsLocked);
                CmpAcquireKcbLockExclusiveByIndex(GET_HASH_INDEX((*CachedKcb)->ConvKey));
                KcbsLocked[0] = 1;
                KcbsLocked[1] = GET_HASH_INDEX((*CachedKcb)->ConvKey);
            }
            else
            {
                /* We must do a reparse */
                DPRINT("The symlink is not found, attempt a reparse\n");
                return STATUS_REPARSE;
            }
        }
        else
        {
            /* This is not a symlink, just give the cached KCB already */
            Kcb = *CachedKcb;
        }

        /* The caller wants to open a cached KCB */
        if (!CmpReferenceKeyControlBlock(Kcb))
        {
            /* Return failure code */
            return STATUS_INSUFFICIENT_RESOURCES;
        }
    }
    else
    {
        /*
         * The caller wants to create a new KCB. Unlike the code path above, here
         * we must check if the lock is exclusively held because in the scenario
         * where the caller doesn't want to create a KCB is because it is already
         * in the cache and it must have a shared lock instead.
         */
        ASSERT(CmpIsKcbLockedExclusive(*CachedKcb));

        /* Check if this is a symlink */
        if ((Node->Flags & KEY_SYM_LINK) && !(Attributes & OBJ_OPENLINK))
        {
            /* Create the KCB for the symlink */
            Kcb = CmpCreateKeyControlBlock(Hive,
                                           Cell,
                                           Node,
                                           *CachedKcb,
                                           LockKcb ? CMP_LOCK_HASHES_FOR_KCB : 0,
                                           KeyName);
            if (!Kcb)
            {
                /* Return failure */
                return STATUS_INSUFFICIENT_RESOURCES;
            }

            /* Make sure it's also locked, and set the pointer */
            ASSERT(CmpIsKcbLockedExclusive(Kcb));
            *CachedKcb = Kcb;

            /* Return reparse required */
            return STATUS_REPARSE;
        }

        /* Create the KCB */
        Kcb = CmpCreateKeyControlBlock(Hive,
                                       Cell,
                                       Node,
                                       *CachedKcb,
                                       LockKcb ? CMP_LOCK_HASHES_FOR_KCB : 0,
                                       KeyName);
        if (!Kcb)
        {
            /* Return failure */
            return STATUS_INSUFFICIENT_RESOURCES;
        }

        /* Make sure it's also locked, and set the pointer */
        ASSERT(CmpIsKcbLockedExclusive(Kcb));
        *CachedKcb = Kcb;
    }

    /* Allocate the key object */
    Status = ObCreateObject(AccessMode,
                            CmpKeyObjectType,
                            NULL,
                            AccessMode,
                            NULL,
                            sizeof(CM_KEY_BODY),
                            0,
                            0,
                            Object);
    if (NT_SUCCESS(Status))
    {
        /* Get the key body and fill it out */
        KeyBody = (PCM_KEY_BODY)(*Object);
        KeyBody->KeyControlBlock = Kcb;
        KeyBody->Type = CM_KEY_BODY_TYPE;
        KeyBody->ProcessID = PsGetCurrentProcessId();
        KeyBody->NotifyBlock = NULL;

        /* Link to the KCB */
        EnlistKeyBodyWithKCB(KeyBody, IsLockShared ? CMP_ENLIST_KCB_LOCKED_SHARED : CMP_ENLIST_KCB_LOCKED_EXCLUSIVE);

        /*
         * We are already holding a lock against the KCB that is assigned
         * to this key body. This is to prevent a potential deadlock on
         * CmpSecurityMethod as ObCheckObjectAccess will invoke the Object
         * Manager to call that method, of which CmpSecurityMethod would
         * attempt to acquire a lock again.
         */
        KeyBody->KcbLocked = TRUE;

        if (!ObCheckObjectAccess(*Object,
                                 AccessState,
                                 FALSE,
                                 AccessMode,
                                 &Status))
        {
            /* Access check failed */
            ObDereferenceObject(*Object);
        }

        /*
         * We are done, the lock we are holding will be released
         * once the registry parsing is done.
         */
        KeyBody->KcbLocked = FALSE;
    }
    else
    {
        /* Failed, dereference the KCB */
        CmpDereferenceKeyControlBlockWithLock(Kcb, FALSE);
    }

    /* Return status */
    return Status;
}

NTSTATUS
NTAPI
CmpCreateLinkNode(IN PHHIVE Hive,
                  IN HCELL_INDEX Cell,
                  IN PACCESS_STATE AccessState,
                  IN UNICODE_STRING Name,
                  IN KPROCESSOR_MODE AccessMode,
                  IN ULONG CreateOptions,
                  IN PCM_PARSE_CONTEXT Context,
                  IN PCM_KEY_CONTROL_BLOCK ParentKcb,
                  IN PULONG KcbsLocked,
                  OUT PVOID *Object)
{
    NTSTATUS Status;
    HCELL_INDEX KeyCell, LinkCell, ChildCell;
    PCM_KEY_BODY KeyBody;
    LARGE_INTEGER TimeStamp;
    PCM_KEY_NODE KeyNode;
    PCM_KEY_CONTROL_BLOCK Kcb = ParentKcb;

    /* Link nodes only allowed on the master */
    if (Hive != &CmiVolatileHive->Hive)
    {
        /* Fail */
        DPRINT1("Invalid link node attempt\n");
        return STATUS_ACCESS_DENIED;
    }

    /* Make sure the KCB is locked and lock the flusher */
    CMP_ASSERT_KCB_LOCK(ParentKcb);
    CmpLockHiveFlusherShared((PCMHIVE)Hive);
    CmpLockHiveFlusherShared((PCMHIVE)Context->ChildHive.KeyHive);

    /* Bail out on read-only KCBs */
    if (ParentKcb->ExtFlags & CM_KCB_READ_ONLY_KEY)
    {
        Status = STATUS_ACCESS_DENIED;
        goto Exit;
    }

    /* Check if the parent is being deleted */
    if (ParentKcb->Delete)
    {
        /* It is, quit */
        ASSERT(FALSE);
        Status = STATUS_OBJECT_NAME_NOT_FOUND;
        goto Exit;
    }

    /* Allocate a link node */
    LinkCell = HvAllocateCell(Hive,
                              FIELD_OFFSET(CM_KEY_NODE, Name) +
                              CmpNameSize(Hive, &Name),
                              Stable,
                              HCELL_NIL);
    if (LinkCell == HCELL_NIL)
    {
        /* Fail */
        Status = STATUS_INSUFFICIENT_RESOURCES;
        goto Exit;
    }

    /* Get the key cell */
    KeyCell = Context->ChildHive.KeyCell;
    if (KeyCell != HCELL_NIL)
    {
        /* Hive exists! */
        ChildCell = KeyCell;

        /* Get the node data */
        KeyNode = (PCM_KEY_NODE)HvGetCell(Context->ChildHive.KeyHive, ChildCell);
        if (!KeyNode)
        {
            /* Fail */
            ASSERT(FALSE);
            Status = STATUS_INSUFFICIENT_RESOURCES;
            goto Exit;
        }

        /* Fill out the data */
        KeyNode->Parent = LinkCell;
        KeyNode->Flags |= KEY_HIVE_ENTRY | KEY_NO_DELETE;
        HvReleaseCell(Context->ChildHive.KeyHive, ChildCell);

        /* Now open the key cell */
        KeyNode = (PCM_KEY_NODE)HvGetCell(Context->ChildHive.KeyHive, KeyCell);
        if (!KeyNode)
        {
            /* Fail */
            ASSERT(FALSE);
            Status = STATUS_INSUFFICIENT_RESOURCES;
            goto Exit;
        }

        /* Open the parent */
        Status = CmpDoOpen(Context->ChildHive.KeyHive,
                           KeyCell,
                           KeyNode,
                           AccessState,
                           AccessMode,
                           CreateOptions,
                           NULL,
                           CMP_CREATE_KCB_KCB_LOCKED,
                           &Kcb,
                           KcbsLocked,
                           &Name,
                           Object);
        HvReleaseCell(Context->ChildHive.KeyHive, KeyCell);
    }
    else
    {
        /* Do the actual create operation */
        Status = CmpDoCreateChild(Context->ChildHive.KeyHive,
                                  Cell,
                                  NULL,
                                  AccessState,
                                  &Name,
                                  AccessMode,
                                  Context,
                                  ParentKcb,
                                  KEY_HIVE_ENTRY | KEY_NO_DELETE,
                                  &ChildCell,
                                  Object);
        if (NT_SUCCESS(Status))
        {
            /* Setup root pointer */
            Context->ChildHive.KeyHive->BaseBlock->RootCell = ChildCell;
        }
    }

    /* Check if open or create suceeded */
    if (NT_SUCCESS(Status))
    {
        /* Mark the cell dirty */
        HvMarkCellDirty(Context->ChildHive.KeyHive, ChildCell, FALSE);

        /* Get the key node */
        KeyNode = (PCM_KEY_NODE)HvGetCell(Context->ChildHive.KeyHive, ChildCell);
        if (!KeyNode)
        {
            /* Fail */
            ASSERT(FALSE);
            Status = STATUS_INSUFFICIENT_RESOURCES;
            goto Exit;
        }

        /* Release it */
        HvReleaseCell(Context->ChildHive.KeyHive, ChildCell);

        /* Set the parent and flags */
        KeyNode->Parent = LinkCell;
        KeyNode->Flags |= KEY_HIVE_ENTRY | KEY_NO_DELETE;

        /* Get the link node */
        KeyNode = (PCM_KEY_NODE)HvGetCell(Hive, LinkCell);
        if (!KeyNode)
        {
            /* Fail */
            ASSERT(FALSE);
            Status = STATUS_INSUFFICIENT_RESOURCES;
            goto Exit;
        }

        /* Set it up */
        KeyNode->Signature = CM_LINK_NODE_SIGNATURE;
        KeyNode->Flags = KEY_HIVE_EXIT | KEY_NO_DELETE;
        KeyNode->Parent = Cell;
        KeyNode->NameLength = CmpCopyName(Hive, KeyNode->Name, &Name);
        if (KeyNode->NameLength < Name.Length) KeyNode->Flags |= KEY_COMP_NAME;
        KeQuerySystemTime(&TimeStamp);
        KeyNode->LastWriteTime = TimeStamp;

        /* Clear out the rest */
        KeyNode->SubKeyCounts[Stable] = 0;
        KeyNode->SubKeyCounts[Volatile] = 0;
        KeyNode->SubKeyLists[Stable] = HCELL_NIL;
        KeyNode->SubKeyLists[Volatile] = HCELL_NIL;
        KeyNode->ValueList.Count = 0;
        KeyNode->ValueList.List = HCELL_NIL;
        KeyNode->ClassLength = 0;

        /* Reference the root node */
        KeyNode->ChildHiveReference.KeyHive = Context->ChildHive.KeyHive;
        KeyNode->ChildHiveReference.KeyCell = ChildCell;
        HvReleaseCell(Hive, LinkCell);

        /* Get the parent node */
        KeyNode = (PCM_KEY_NODE)HvGetCell(Hive, Cell);
        if (!KeyNode)
        {
            /* Fail */
            ASSERT(FALSE);
            Status = STATUS_INSUFFICIENT_RESOURCES;
            goto Exit;
        }

        /* Now add the subkey */
        if (!CmpAddSubKey(Hive, Cell, LinkCell))
        {
            /* Failure! We don't handle this yet! */
            ASSERT(FALSE);
        }

        /* Get the key body */
        KeyBody = (PCM_KEY_BODY)*Object;

        /* Clean up information on this subkey */
        CmpCleanUpSubKeyInfo(KeyBody->KeyControlBlock->ParentKcb);

        /* Sanity checks */
        ASSERT(KeyBody->KeyControlBlock->ParentKcb->KeyCell == Cell);
        ASSERT(KeyBody->KeyControlBlock->ParentKcb->KeyHive == Hive);
        ASSERT(KeyBody->KeyControlBlock->ParentKcb->KcbMaxNameLen == KeyNode->MaxNameLen);

        /* Update the timestamp */
        KeQuerySystemTime(&TimeStamp);
        KeyNode->LastWriteTime = TimeStamp;
        KeyBody->KeyControlBlock->ParentKcb->KcbLastWriteTime = TimeStamp;

        /* Check if we need to update name maximum */
        if (KeyNode->MaxNameLen < Name.Length)
        {
            /* Do it */
            KeyNode->MaxNameLen = Name.Length;
            KeyBody->KeyControlBlock->ParentKcb->KcbMaxNameLen = Name.Length;
        }

        /* Check if we need to update class length maximum */
        if (KeyNode->MaxClassLen < Context->Class.Length)
        {
            /* Update it */
            KeyNode->MaxClassLen = Context->Class.Length;
        }

        /* Release the cell */
        HvReleaseCell(Hive, Cell);
    }
    else
    {
        /* Release the link cell */
        HvReleaseCell(Hive, LinkCell);
    }

Exit:
    /* Release the flusher locks and return status */
    CmpUnlockHiveFlusher((PCMHIVE)Context->ChildHive.KeyHive);
    CmpUnlockHiveFlusher((PCMHIVE)Hive);
    return Status;
}

VOID
NTAPI
CmpHandleExitNode(IN OUT PHHIVE *Hive,
                  IN OUT HCELL_INDEX *Cell,
                  IN OUT PCM_KEY_NODE *KeyNode,
                  IN OUT PHHIVE *ReleaseHive,
                  IN OUT HCELL_INDEX *ReleaseCell)
{
    /* Check if we have anything to release */
    if (*ReleaseCell != HCELL_NIL)
    {
        /* Release it */
        ASSERT(*ReleaseHive != NULL);
        HvReleaseCell(*ReleaseHive, *ReleaseCell);
    }

    /* Get the link references */
    *Hive = (*KeyNode)->ChildHiveReference.KeyHive;
    *Cell = (*KeyNode)->ChildHiveReference.KeyCell;

    /* Get the new node */
    *KeyNode = (PCM_KEY_NODE)HvGetCell(*Hive, *Cell);
    if (*KeyNode)
    {
        /* Set the new release values */
        *ReleaseCell = *Cell;
        *ReleaseHive = *Hive;
    }
    else
    {
        /* Nothing to release */
        *ReleaseCell = HCELL_NIL;
        *ReleaseHive = NULL;
    }
}

/**
 * @brief
 * Computes the hashes of each subkey in key path name
 * and stores them in a hash stack for cache lookup.
 *
 * @param[in] RemainingName
 * A Unicode string structure consisting of the remaining
 * registry key path name.
 *
 * @param[in] ConvKey
 * The hash convkey of the current KCB to be supplied.
 *
 * @param[in,out] HashCacheStack
 * An array stack. This function uses this array to store
 * all the computed hashes of a key pathname.
 *
 * @param[out] TotalSubKeys
 * The number of total subkeys that have been found, returned
 * by this function to the caller. If no subkey levels are found
 * the function returns 0.
 *
 * @return
 * Returns the number of remaining subkey levels to caller.
 * If no subkey levels are found then this function returns 0.
 */
static
ULONG
CmpComputeHashValue(
    _In_ PUNICODE_STRING RemainingName,
    _In_ ULONG ConvKey,
    _Inout_ PCM_HASH_CACHE_STACK HashCacheStack,
    _Out_ PULONG TotalSubKeys)
{
    ULONG CopyConvKey;
    ULONG SubkeysInTotal;
    ULONG RemainingSubkeysInTotal;
    PWCHAR RemainingNameBuffer;
    USHORT RemainingNameLength;
    USHORT KeyNameLength;

    /* Don't compute the hashes on a NULL remaining name */
    RemainingNameBuffer = RemainingName->Buffer;
    RemainingNameLength = RemainingName->Length;
    if (RemainingNameLength == 0)
    {
        *TotalSubKeys = 0;
        return 0;
    }

    /* Skip any leading separator */
    while (RemainingNameLength >= sizeof(WCHAR) &&
           *RemainingNameBuffer == OBJ_NAME_PATH_SEPARATOR)
    {
        RemainingNameBuffer++;
        RemainingNameLength -= sizeof(WCHAR);
    }

    /* Now set up the hash stack entries and compute the hashes */
    SubkeysInTotal = 0;
    RemainingSubkeysInTotal = 0;
    KeyNameLength = 0;
    CopyConvKey = ConvKey;
    HashCacheStack[RemainingSubkeysInTotal].NameOfKey.Buffer = RemainingNameBuffer;
    while (RemainingNameLength > 0)
    {
        /* Is this character a separator? */
        if (*RemainingNameBuffer != OBJ_NAME_PATH_SEPARATOR)
        {
            /* It's not, add it to the hash */
            CopyConvKey = COMPUTE_HASH_CHAR(CopyConvKey, *RemainingNameBuffer);

            /* Go to the next character (add up the length of the character as well) */
            RemainingNameBuffer++;
            KeyNameLength += sizeof(WCHAR);
            RemainingNameLength -= sizeof(WCHAR);

            /*
             * We are at the end of the key name path. Take into account
             * the last character and if we still have space in the hash
             * stack, add it up in the remaining list.
             */
            if (RemainingNameLength == 0)
            {
                if (RemainingSubkeysInTotal < CMP_SUBKEY_LEVELS_DEPTH_LIMIT)
                {
                    HashCacheStack[RemainingSubkeysInTotal].NameOfKey.Length = KeyNameLength;
                    HashCacheStack[RemainingSubkeysInTotal].NameOfKey.MaximumLength = KeyNameLength;
                    HashCacheStack[RemainingSubkeysInTotal].ConvKey = CopyConvKey;
                    RemainingSubkeysInTotal++;
                }

                SubkeysInTotal++;
            }
        }
        else
        {
            /* Skip any leading separator */
            while (RemainingNameLength >= sizeof(WCHAR) &&
                   *RemainingNameBuffer == OBJ_NAME_PATH_SEPARATOR)
            {
                RemainingNameBuffer++;
                RemainingNameLength -= sizeof(WCHAR);
            }

            /*
             * It would be possible that a malformed key pathname may be passed
             * to the registry parser such as a path with only separators like
             * "\\\\" for example. This would trick the function into believing
             * the key path has subkeys albeit that is not the case.
             */
            ASSERT(RemainingNameLength != 0);

            /* Take into account this subkey */
            SubkeysInTotal++;

            /* And add it up to the hash stack */
            if (RemainingSubkeysInTotal < CMP_SUBKEY_LEVELS_DEPTH_LIMIT)
            {
                HashCacheStack[RemainingSubkeysInTotal].NameOfKey.Length = KeyNameLength;
                HashCacheStack[RemainingSubkeysInTotal].NameOfKey.MaximumLength = KeyNameLength;
                HashCacheStack[RemainingSubkeysInTotal].ConvKey = CopyConvKey;

                RemainingSubkeysInTotal++;
                KeyNameLength = 0;

                /*
                 * Precaution check -- we have added up a remaining
                 * subkey above but we must ensure we still have space
                 * to hold up the new subkey for which we will compute
                 * the hashes, so that we don't blow up the hash stack.
                 */
                if (RemainingSubkeysInTotal < CMP_SUBKEY_LEVELS_DEPTH_LIMIT)
                {
                    HashCacheStack[RemainingSubkeysInTotal].NameOfKey.Buffer = RemainingNameBuffer;
                }
            }
        }
    }

    *TotalSubKeys = SubkeysInTotal;
    return RemainingSubkeysInTotal;
}

/**
 * @brief
 * Compares each subkey's hash and name with those
 * captured in the hash cache stack.
 *
 * @param[in] HashCacheStack
 * A pointer to a hash cache stack array filled with
 * subkey hashes and names for comparison.
 *
 * @param[in] CurrentKcb
 * A pointer to the currently given KCB.
 *
 * @param[in] RemainingSubkeys
 * The remaining subkey levels to be supplied.
 *
 * @param[out] ParentKcb
 * A pointer to the parent KCB returned to the caller.
 * This parameter points to the parent of the current
 * KCB if all the subkeys match, otherwise it points
 * to the actual current KCB.
 *
 * @return
 * Returns TRUE if all the subkey levels match, otherwise
 * FALSE is returned.
 */
static
BOOLEAN
CmpCompareSubkeys(
    _In_ PCM_HASH_CACHE_STACK HashCacheStack,
    _In_ PCM_KEY_CONTROL_BLOCK CurrentKcb,
    _In_ ULONG RemainingSubkeys,
    _Out_ PCM_KEY_CONTROL_BLOCK *ParentKcb)
{
    LONG HashStackIndex;
    LONG Result;
    PCM_NAME_CONTROL_BLOCK NameBlock;
    UNICODE_STRING CurrentNameBlock;

    ASSERT(CurrentKcb != NULL);

    /* Loop each hash and check that they match */
    HashStackIndex = RemainingSubkeys;
    while (HashStackIndex >= 0)
    {
        /* Does the subkey hash match? */
        if (CurrentKcb->ConvKey != HashCacheStack[HashStackIndex].ConvKey)
        {
            *ParentKcb = CurrentKcb;
            return FALSE;
        }

        /* Compare the subkey string, is the name compressed? */
        NameBlock = CurrentKcb->NameBlock;
        if (NameBlock->Compressed)
        {
            Result = CmpCompareCompressedName(&HashCacheStack[HashStackIndex].NameOfKey,
                                              NameBlock->Name,
                                              NameBlock->NameLength);
        }
        else
        {
            CurrentNameBlock.Buffer = NameBlock->Name;
            CurrentNameBlock.Length = NameBlock->NameLength;
            CurrentNameBlock.MaximumLength = NameBlock->NameLength;

            Result = RtlCompareUnicodeString(&HashCacheStack[HashStackIndex].NameOfKey,
                                             &CurrentNameBlock,
                                             TRUE);
        }

        /* Do the subkey names match? */
        if (Result)
        {
            *ParentKcb = CurrentKcb;
            return FALSE;
        }

        /* Go to the next subkey hash */
        HashStackIndex--;
    }

    /* All the subkeys match */
    *ParentKcb = CurrentKcb->ParentKcb;
    return TRUE;
}

/**
 * @brief
 * Removes the subkeys on a remaining key pathname.
 *
 * @param[in] HashCacheStack
 * A pointer to a hash cache stack array filled with
 * subkey hashes and names.
 *
 * @param[in] RemainingSubkeys
 * The remaining subkey levels to be supplied.
 *
 * @param[in,out] RemainingName
 * A Unicode string structure consisting of the remaining
 * registry key path name, where the subkeys of such path
 * are to be removed.
 */
static
VOID
CmpRemoveSubkeysInRemainingName(
    _In_ PCM_HASH_CACHE_STACK HashCacheStack,
    _In_ ULONG RemainingSubkeys,
    _Inout_ PUNICODE_STRING RemainingName)
{
    ULONG HashStackIndex = 0;

    /* Skip any leading separator on matching name */
    while (RemainingName->Length >= sizeof(WCHAR) &&
           RemainingName->Buffer[0] == OBJ_NAME_PATH_SEPARATOR)
    {
        RemainingName->Buffer++;
        RemainingName->Length -= sizeof(WCHAR);
    }

    /* Skip the subkeys as well */
    while (HashStackIndex <= RemainingSubkeys)
    {
        RemainingName->Buffer += HashCacheStack[HashStackIndex].NameOfKey.Length / sizeof(WCHAR);
        RemainingName->Length -= HashCacheStack[HashStackIndex].NameOfKey.Length;

        /* Skip any leading separator */
        while (RemainingName->Length >= sizeof(WCHAR) &&
               RemainingName->Buffer[0] == OBJ_NAME_PATH_SEPARATOR)
        {
            RemainingName->Buffer++;
            RemainingName->Length -= sizeof(WCHAR);
        }

        /* Go to the next hash */
        HashStackIndex++;
    }
}

/**
 * @brief
 * Looks up in the pool cache for key pathname that matches
 * with one in the said cache and returns a KCB pointing
 * to that name. This function performs locking of KCBs
 * during cache lookup.
 *
 * @param[in] HashCacheStack
 * A pointer to a hash cache stack array filled with
 * subkey hashes and names.
 *
 * @param[in] LockKcbsExclusive
 * If set to TRUE, the KCBs are locked exclusively by the
 * calling thread, otherwise they are locked in shared mode.
 * See Remarks for further information.
 *
 * @param[in] TotalRemainingSubkeys
 * The total remaining subkey levels to be supplied.
 *
 * @param[in,out] RemainingName
 * A Unicode string structure consisting of the remaining
 * registry key path name. The remaining name is updated
 * by the function if a key pathname is found in cache.
 *
 * @param[in,out] OuterStackArray
 * A pointer to an array that lives on the caller's stack.
 * The expected size of the array is up to 32 elements,
 * which is the imposed limit by CMP_HASH_STACK_LIMIT.
 * This limit also corresponds to the maximum depth of
 * subkey levels.
 *
 * @param[in,out] Kcb
 * A pointer to a KCB, this KCB is changed if the key pathname
 * is found in cache.
 *
 * @param[out] Hive
 * A pointer to a hive, this hive is changed if the key pathname
 * is found in cache.
 *
 * @param[out] Cell
 * A pointer to a cell, this cell is changed if the key pathname
 * is found in cache.
 *
 * @param[out] MatchRemainSubkeyLevel
 * A pointer to match subkey levels returned by the function.
 * If no match levels are found, this is 0.
 *
 * @return
 * Returns STATUS_SUCCESS if cache lookup has completed successfully.
 * STATUS_OBJECT_NAME_NOT_FOUND is returned if the current KCB of
 * the key pathname has been deleted. STATUS_RETRY is returned if
 * at least the current KCB or its parent have been deleted
 * and a cache lookup must be retried again. STATUS_UNSUCCESSFUL is
 * returned if a KCB is referenced too many times.
 *
 * @remarks
 * The function attempts to do a cache lookup with a shared lock
 * on KCBs so that other threads can simultaneously get access
 * to these KCBs. When the captured KCB is being deleted on us
 * we have to retry a lookup with exclusive look so that no other
 * threads will mess with the KCBs and perform appropriate actions
 * if a KCB is deleted.
 */
static
NTSTATUS
CmpLookInCache(
    _In_ PCM_HASH_CACHE_STACK HashCacheStack,
    _In_ BOOLEAN LockKcbsExclusive,
    _In_ ULONG TotalRemainingSubkeys,
    _Inout_ PUNICODE_STRING RemainingName,
    _Inout_ PULONG OuterStackArray,
    _Inout_ PCM_KEY_CONTROL_BLOCK *Kcb,
    _Out_ PHHIVE *Hive,
    _Out_ PHCELL_INDEX Cell,
    _Out_ PULONG MatchRemainSubkeyLevel)
{
    LONG RemainingSubkeys;
    ULONG TotalLevels;
    BOOLEAN SubkeysMatch;
    PCM_KEY_CONTROL_BLOCK CurrentKcb, ParentKcb;
    PCM_KEY_HASH HashEntry = NULL;
    BOOLEAN KeyFoundInCache = FALSE;
    PULONG LockedKcbs = NULL;

    /* Reference the KCB */
    if (!CmpReferenceKeyControlBlock(*Kcb))
    {
        /* This key is opened too many times, bail out */
        DPRINT1("Could not reference the KCB, too many references (KCB 0x%p)\n", Kcb);
        return STATUS_UNSUCCESSFUL;
    }

    /* Prepare to lock the KCBs */
    LockedKcbs = CmpBuildAndLockKcbArray(HashCacheStack,
                                         LockKcbsExclusive ? CMP_LOCK_KCB_ARRAY_EXCLUSIVE : CMP_LOCK_KCB_ARRAY_SHARED,
                                         *Kcb,
                                         OuterStackArray,
                                         TotalRemainingSubkeys,
                                         0);
    NT_ASSERT(LockedKcbs);

    /* Lookup in the cache */
    RemainingSubkeys = TotalRemainingSubkeys - 1;
    TotalLevels = TotalRemainingSubkeys + (*Kcb)->TotalLevels + 1;
    while (RemainingSubkeys >= 0)
    {
        /* Get the hash entry from the cache */
        HashEntry = GET_HASH_ENTRY(CmpCacheTable, HashCacheStack[RemainingSubkeys].ConvKey)->Entry;

        /* Take one level down as we are processing this hash entry */
        TotalLevels--;

        while (HashEntry != NULL)
        {
            /* Validate this hash and obtain the current KCB */
            ASSERT_VALID_HASH(HashEntry);
            CurrentKcb = CONTAINING_RECORD(HashEntry, CM_KEY_CONTROL_BLOCK, KeyHash);

            /* Does this KCB have matching levels? */
            if (TotalLevels == CurrentKcb->TotalLevels)
            {
                /*
                 * We have matching subkey levels but don't directly assume we have
                 * a matching key path in cache. Start comparing each subkey.
                 */
                SubkeysMatch = CmpCompareSubkeys(HashCacheStack,
                                                 CurrentKcb,
                                                 RemainingSubkeys,
                                                 &ParentKcb);
                if (SubkeysMatch)
                {
                    /* All subkeys match, now check if the base KCB matches with parent */
                    if (*Kcb == ParentKcb)
                    {
                        /* Is the KCB marked as deleted? */
                        if (CurrentKcb->Delete ||
                            CurrentKcb->ParentKcb->Delete)
                        {
                            /*
                             * Either the current or its parent KCB is marked
                             * but we had a shared lock so probably a naughty
                             * thread was deleting it. Retry doing a cache
                             * lookup again with exclusive lock.
                             */
                            if (!LockKcbsExclusive)
                            {
                                CmpUnLockKcbArray(LockedKcbs);
                                CmpDereferenceKeyControlBlock(*Kcb);
                                DPRINT1("The current KCB or its parent is deleted, retrying looking in the cache\n");
                                return STATUS_RETRY;
                            }

                            /* We're under an exclusive lock, is the KCB deleted yet? */
                            if (CurrentKcb->Delete)
                            {
                                /* The KCB is gone, the key should no longer belong in the cache */
                                CmpRemoveKeyControlBlock(CurrentKcb);
                                CmpUnLockKcbArray(LockedKcbs);
                                CmpDereferenceKeyControlBlock(*Kcb);
                                DPRINT1("The current KCB is deleted (KCB 0x%p)\n", CurrentKcb);
                                return STATUS_OBJECT_NAME_NOT_FOUND;
                            }

                            /*
                             * The parent is deleted so it must be that somebody created
                             * a fake key. Assert ourselves that is the case.
                             */
                            ASSERT(CurrentKcb->ExtFlags & CM_KCB_KEY_NON_EXIST);

                            /* Remove this KCB out of cache if someone still uses it */
                            if (CurrentKcb->RefCount != 0)
                            {
                                CurrentKcb->Delete = TRUE;
                                CmpRemoveKeyControlBlock(CurrentKcb);
                            }
                            else
                            {
                                /* Otherwise expunge it */
                                CmpRemoveFromDelayedClose(CurrentKcb);
                                CmpCleanUpKcbCacheWithLock(CurrentKcb, FALSE);
                            }

                            /* Stop looking for next hashes as the KCB is kaput */
                            break;
                        }

                        /* We finally found the key in cache, acknowledge it */
                        KeyFoundInCache = TRUE;

                        /* Remove the subkeys in the remaining name and stop looking in the cache */
                        CmpRemoveSubkeysInRemainingName(HashCacheStack, RemainingSubkeys, RemainingName);
                        break;
                    }
                }
            }

            /* Go to the next hash */
            HashEntry = HashEntry->NextHash;
        }

        /* Stop looking in cache if we found the matching key */
        if (KeyFoundInCache)
        {
            DPRINT("Key found in cache, stop looking\n");
            break;
        }

        /* Keep looking in the cache until we run out of remaining subkeys */
        RemainingSubkeys--;
    }

    /* Return the matching subkey levels */
    *MatchRemainSubkeyLevel = RemainingSubkeys + 1;

    /* We have to update the KCB if the key was found in cache */
    if (KeyFoundInCache)
    {
        /*
         * Before we change the KCB we must dereference the prior
         * KCB that we no longer need it.
         */
        CmpDereferenceKeyControlBlock(*Kcb);
        *Kcb = CurrentKcb;

        /* Reference the new KCB now */
        if (!CmpReferenceKeyControlBlock(*Kcb))
        {
            /* This key is opened too many times, bail out */
            DPRINT1("Could not reference the KCB, too many references (KCB 0x%p)\n", Kcb);
            return STATUS_UNSUCCESSFUL;
        }

        /* Update hive and cell data from current KCB */
        *Hive = CurrentKcb->KeyHive;
        *Cell = CurrentKcb->KeyCell;
    }

    /* Unlock the KCBs */
    CmpUnLockKcbArray(LockedKcbs);
    return STATUS_SUCCESS;
}

/**
 * @brief
 * Builds a hash stack cache and looks up in the
 * pool cache for a matching key pathname.
 *
 * @param[in] ParseObject
 * A pointer to a parse object, acting as a key
 * body. This parameter is unused.
 *
 * @param[in,out] Kcb
 * A pointer to a KCB. This KCB is used by the
 * registry parser after hash stack and cache
 * lookup are done. This KCB might change if the
 * key is found to be cached in the cache pool.
 *
 * @param[in] Current
 * The current remaining key pathname.
 *
 * @param[out] Hive
 * A pointer to a registry hive, returned by the caller.
 *
 * @param[out] Cell
 * A pointer to a hive cell, returned by the caller.
 *
 * @param[out] TotalRemainingSubkeys
 * A pointer to a number of total remaining subkey levels,
 * returned by the caller. This can be 0 if no subkey levels
 * have been found.
 *
 * @param[out] MatchRemainSubkeyLevel
 * A pointer to a number of remaining subkey levels that match,
 * returned by the caller. This can be 0 if no matching levels
 * are found.
 *
 * @param[out] TotalSubkeys
 * A pointer to a number of total subkeys. This can be 0 if no
 * subkey levels are found. By definition, both MatchRemainSubkeyLevel
 * and TotalRemainingSubkeys are 0 as well.
 *
 * @param[in,out] OuterStackArray
 * A pointer to an array that lives on the caller's stack.
 * The expected size of the array is up to 32 elements,
 * which is the imposed limit by CMP_HASH_STACK_LIMIT.
 * This limit also corresponds to the maximum depth of
 * subkey levels.
 *
 * @param[out] LockedKcbs
 * A pointer to an array of locked KCBs, returned by the caller.
 *
 * @return
 * Returns STATUS_SUCCESS if all the operations have succeeded without
 * problems. STATUS_NAME_TOO_LONG is returned if the key pathname has
 * too many subkey levels (more than 32 levels deep). A failure NTSTATUS
 * code is returned otherwise. Refer to CmpLookInCache documentation
 * for more information about other returned status codes.
 * STATUS_UNSUCCESSFUL is returned if a KCB is referenced too many times.
 */
NTSTATUS
NTAPI
CmpBuildHashStackAndLookupCache(
    _In_ PCM_KEY_BODY ParseObject,
    _Inout_ PCM_KEY_CONTROL_BLOCK *Kcb,
    _In_ PUNICODE_STRING Current,
    _Out_ PHHIVE *Hive,
    _Out_ PHCELL_INDEX Cell,
    _Out_ PULONG TotalRemainingSubkeys,
    _Out_ PULONG MatchRemainSubkeyLevel,
    _Out_ PULONG TotalSubkeys,
    _Inout_ PULONG OuterStackArray,
    _Out_ PULONG *LockedKcbs)
{
    NTSTATUS Status;
    ULONG ConvKey;
    ULONG SubkeysInTotal, RemainingSubkeysInTotal, MatchRemainingSubkeys;
    CM_HASH_CACHE_STACK HashCacheStack[CMP_SUBKEY_LEVELS_DEPTH_LIMIT];

    /* Make sure it's not a dead KCB */
    ASSERT((*Kcb)->RefCount > 0);

    /* Lock the registry */
    CmpLockRegistry();

    /* Calculate hash values for every subkey this key path has */
    ConvKey = (*Kcb)->ConvKey;
    RemainingSubkeysInTotal = CmpComputeHashValue(Current,
                                                  ConvKey,
                                                  HashCacheStack,
                                                  &SubkeysInTotal);

    /* This key path has too many subkeys */
    if (SubkeysInTotal > CMP_SUBKEY_LEVELS_DEPTH_LIMIT)
    {
        DPRINT1("The key path has too many subkeys - %lu\n", SubkeysInTotal);
        *LockedKcbs = NULL;
        return STATUS_NAME_TOO_LONG;
    }

    /* Return hive and cell data */
    *Hive = (*Kcb)->KeyHive;
    *Cell = (*Kcb)->KeyCell;

    /* Do we have any subkeys? */
    if (!RemainingSubkeysInTotal && !SubkeysInTotal)
    {
        /*
         * We don't have any subkeys nor remaining levels, the
         * KCB points to the actual key. Lock it.
         */
        if (!CmpReferenceKeyControlBlock(*Kcb))
        {
            /* This key is opened too many times, bail out */
            DPRINT1("Could not reference the KCB, too many references (KCB 0x%p)\n", Kcb);
            return STATUS_UNSUCCESSFUL;
        }

        CmpAcquireKcbLockSharedByIndex(GET_HASH_INDEX(ConvKey));

        /* Add this KCB in the array of locked KCBs */
        OuterStackArray[0] = 1;
        OuterStackArray[1] = GET_HASH_INDEX(ConvKey);
        *LockedKcbs = OuterStackArray;

        /* And return all the subkey level counters */
        *TotalRemainingSubkeys = RemainingSubkeysInTotal;
        *MatchRemainSubkeyLevel = 0;
        *TotalSubkeys = SubkeysInTotal;
        return STATUS_SUCCESS;
    }

    /* Lookup in the cache */
    Status = CmpLookInCache(HashCacheStack,
                            FALSE,
                            RemainingSubkeysInTotal,
                            Current,
                            OuterStackArray,
                            Kcb,
                            Hive,
                            Cell,
                            &MatchRemainingSubkeys);
    if (!NT_SUCCESS(Status))
    {
        /* Bail out if cache lookup failed for other reasons */
        if (Status != STATUS_RETRY)
        {
            DPRINT1("CmpLookInCache() failed (Status 0x%lx)\n", Status);
            *LockedKcbs = NULL;
            return Status;
        }

        /* Retry looking in the cache but with KCBs locked exclusively */
        Status = CmpLookInCache(HashCacheStack,
                                TRUE,
                                RemainingSubkeysInTotal,
                                Current,
                                OuterStackArray,
                                Kcb,
                                Hive,
                                Cell,
                                &MatchRemainingSubkeys);
        if (!NT_SUCCESS(Status))
        {
            DPRINT1("CmpLookInCache() failed after retry (Status 0x%lx)\n", Status);
            *LockedKcbs = NULL;
            return Status;
        }
    }

    /*
     * Check if we have a full match of remaining levels.
     *
     * FIXME: It is possible we can catch a fake key from the cache
     * when we did the lookup, in such case we should not do any
     * locking as such KCB does not point to any real information.
     * Currently ReactOS doesn't create fake KCBs so we are good
     * for now.
     */
    if (RemainingSubkeysInTotal == MatchRemainingSubkeys)
    {
        /*
         * Just simply lock this KCB as it points to the full
         * subkey levels in cache.
         */
        CmpAcquireKcbLockSharedByIndex(GET_HASH_INDEX((*Kcb)->ConvKey));
        OuterStackArray[0] = 1;
        OuterStackArray[1] = GET_HASH_INDEX((*Kcb)->ConvKey);
        *LockedKcbs = OuterStackArray;
    }
    else
    {
        /*
         * We only have a partial match so other subkey levels
         * have each KCB. Simply just lock them.
         */
        *LockedKcbs = CmpBuildAndLockKcbArray(HashCacheStack,
                                              CMP_LOCK_KCB_ARRAY_EXCLUSIVE,
                                              *Kcb,
                                              OuterStackArray,
                                              RemainingSubkeysInTotal,
                                              MatchRemainingSubkeys);
        NT_ASSERT(*LockedKcbs);
    }

    /* Return all the subkey level counters */
    *TotalRemainingSubkeys = RemainingSubkeysInTotal;
    *MatchRemainSubkeyLevel = MatchRemainingSubkeys;
    *TotalSubkeys = SubkeysInTotal;
    return Status;
}

NTSTATUS
NTAPI
CmpParseKey(IN PVOID ParseObject,
            IN PVOID ObjectType,
            IN OUT PACCESS_STATE AccessState,
            IN KPROCESSOR_MODE AccessMode,
            IN ULONG Attributes,
            IN OUT PUNICODE_STRING CompleteName,
            IN OUT PUNICODE_STRING RemainingName,
            IN OUT PVOID Context OPTIONAL,
            IN PSECURITY_QUALITY_OF_SERVICE SecurityQos OPTIONAL,
            OUT PVOID *Object)
{
    NTSTATUS Status;
    PCM_KEY_CONTROL_BLOCK Kcb, ParentKcb;
    PHHIVE Hive = NULL;
    PCM_KEY_NODE Node = NULL;
    HCELL_INDEX Cell = HCELL_NIL, NextCell;
    PHHIVE HiveToRelease = NULL;
    HCELL_INDEX CellToRelease = HCELL_NIL;
    UNICODE_STRING Current, NextName;
    PCM_PARSE_CONTEXT ParseContext = Context;
    ULONG TotalRemainingSubkeys = 0, MatchRemainSubkeyLevel = 0, TotalSubkeys = 0;
    ULONG LockedKcbArray[CMP_KCBS_IN_ARRAY_LIMIT];
    PULONG LockedKcbs;
    BOOLEAN IsKeyCached = FALSE;
    BOOLEAN Result, Last;
    PAGED_CODE();

    /* Loop path separators at the end */
    while (RemainingName->Length &&
           (RemainingName->Buffer[(RemainingName->Length / sizeof(WCHAR)) - 1] ==
            OBJ_NAME_PATH_SEPARATOR))
    {
        /* Remove path separator */
        RemainingName->Length -= sizeof(WCHAR);
    }

    /* Fail if this isn't a key object */
    if (ObjectType != CmpKeyObjectType) return STATUS_OBJECT_TYPE_MISMATCH;

    /* Copy the remaining name */
    Current = *RemainingName;

    /* Check if this is a create */
    if (!ParseContext || !ParseContext->CreateOperation)
    {
        /* It isn't, so no context */
        ParseContext = NULL;
    }

    /* Grab the KCB */
    Kcb = ((PCM_KEY_BODY)ParseObject)->KeyControlBlock;

    /* Sanity check */
    ASSERT(Kcb != NULL);

    /* Fail if the key was marked as deleted */
    if (Kcb->Delete)
        return STATUS_KEY_DELETED;

    /* Lookup in the cache */
    Status = CmpBuildHashStackAndLookupCache(ParseObject,
                                             &Kcb,
                                             &Current,
                                             &Hive,
                                             &Cell,
                                             &TotalRemainingSubkeys,
                                             &MatchRemainSubkeyLevel,
                                             &TotalSubkeys,
                                             LockedKcbArray,
                                             &LockedKcbs);
    CMP_ASSERT_REGISTRY_LOCK();
    if (!NT_SUCCESS(Status))
    {
        DPRINT1("Failed to look in cache, stop parsing (Status 0x%lx)\n", Status);
        ParentKcb = NULL;
        goto Quickie;
    }

    /* This is now the parent */
    ParentKcb = Kcb;

    /* Sanity check */
    ASSERT(ParentKcb != NULL);

    /* Don't do anything if we're being deleted */
    if (Kcb->Delete)
    {
        Status = STATUS_OBJECT_NAME_NOT_FOUND;
        goto Quickie;
    }

    /* Check if everything was found cached */
    if (!TotalRemainingSubkeys)
    {
        /*
         * We don't have any remaining subkey levels so we're good
         * that we have an already perfect candidate for a KCB, just
         * do the open directly.
         */
        DPRINT("No remaining subkeys, the KCB points to the actual key\n");
        IsKeyCached = TRUE;
        goto KeyCachedOpenNow;
    }

    /* Check if we have a matching level */
    if (MatchRemainSubkeyLevel)
    {
        /*
         * We have a matching level, check if that matches
         * with the total levels of subkeys. Do the open directly
         * if that is the case, because the whole subkeys levels
         * is cached.
         */
        if (MatchRemainSubkeyLevel == TotalSubkeys)
        {
            DPRINT("We have a full matching level, open the key now\n");
            IsKeyCached = TRUE;
            goto KeyCachedOpenNow;
        }

        /*
         * We only have a partial match, make sure we did not
         * get mismatched hive data.
         */
        ASSERT(Hive == Kcb->KeyHive);
        ASSERT(Cell == Kcb->KeyCell);
    }

    /*
     * FIXME: Currently the registry parser doesn't check for fake
     * KCBs. CmpCreateKeyControlBlock does have the necessary implementation
     * to create such fake keys but we don't create these fake keys anywhere.
     * When we will do, we must improve the registry parser routine to handle
     * fake keys a bit differently here.
     */

    /* Check if this is a symlink */
    if (Kcb->Flags & KEY_SYM_LINK)
    {
        /* Get the next name */
        Result = CmpGetNextName(&Current, &NextName, &Last);
        Current.Buffer = NextName.Buffer;

        /* Validate the current name string length */
        if (Current.Length + NextName.Length > MAXUSHORT)
        {
            /* too long */
            Status = STATUS_NAME_TOO_LONG;
            goto Quickie;
        }
        Current.Length += NextName.Length;

        /* Validate the current name string maximum length */
        if (Current.MaximumLength + NextName.MaximumLength > MAXUSHORT)
        {
            /* too long */
            Status = STATUS_NAME_TOO_LONG;
            goto Quickie;
        }
        Current.MaximumLength += NextName.MaximumLength;

        /* CmpGetSymbolicLink doesn't want a lock */
        CmpUnLockKcbArray(LockedKcbs);
        LockedKcbs = NULL;

        /* Parse the symlink */
        if (CmpGetSymbolicLink(Hive,
                               CompleteName,
                               Kcb,
                               &Current))
        {
            /* Symlink parse succeeded */
            Status = STATUS_REPARSE;
        }
        else
        {
            /* Couldn't find symlink */
            Status = STATUS_OBJECT_NAME_NOT_FOUND;
        }

        /* We're done */
        goto Quickie;
    }

    /* Get the key node */
    Node = (PCM_KEY_NODE)HvGetCell(Hive, Cell);
    if (!Node)
    {
        Status = STATUS_INSUFFICIENT_RESOURCES;
        goto Quickie;
    }

    /* Start parsing */
    Status = STATUS_NOT_IMPLEMENTED;
    while (TRUE)
    {
        /* Get the next component */
        Result = CmpGetNextName(&Current, &NextName, &Last);
        if (Result && NextName.Length)
        {
            /* See if this is a sym link */
            if (!(Kcb->Flags & KEY_SYM_LINK))
            {
                /* Find the subkey */
                NextCell = CmpFindSubKeyByName(Hive, Node, &NextName);
                if (NextCell != HCELL_NIL)
                {
                    /* Get the new node */
                    Cell = NextCell;
                    Node = (PCM_KEY_NODE)HvGetCell(Hive, Cell);
                    ASSERT(Node);

                    /* Check if this was the last key */
                    if (Last)
                    {
                        /* Is this an exit node */
                        if (Node->Flags & KEY_HIVE_EXIT)
                        {
                            /* Handle it */
                            CmpHandleExitNode(&Hive,
                                              &Cell,
                                              &Node,
                                              &HiveToRelease,
                                              &CellToRelease);
                            if (!Node)
                            {
                                /* Fail */
                                Status = STATUS_INSUFFICIENT_RESOURCES;
                                break;
                            }
                        }

KeyCachedOpenNow:
                        /* Do the open */
                        Status = CmpDoOpen(Hive,
                                           Cell,
                                           Node,
                                           AccessState,
                                           AccessMode,
                                           Attributes,
                                           ParseContext,
                                           IsKeyCached ? CMP_OPEN_KCB_NO_CREATE : CMP_CREATE_KCB_KCB_LOCKED,
                                           &Kcb,
                                           LockedKcbs,
                                           &NextName,
                                           Object);
                        if (Status == STATUS_REPARSE)
                        {
                            /* CmpGetSymbolicLink doesn't want a lock */
                            CmpUnLockKcbArray(LockedKcbs);
                            LockedKcbs = NULL;

                            /* Parse the symlink */
                            if (!CmpGetSymbolicLink(Hive,
                                                    CompleteName,
                                                    Kcb,
                                                    NULL))
                            {
                                /* Symlink parse failed */
                                Status = STATUS_OBJECT_NAME_NOT_FOUND;
                            }
                        }

                        /* We are done */
                        break;
                    }

                    /* Is this an exit node */
                    if (Node->Flags & KEY_HIVE_EXIT)
                    {
                        /* Handle it */
                        CmpHandleExitNode(&Hive,
                                          &Cell,
                                          &Node,
                                          &HiveToRelease,
                                          &CellToRelease);
                        if (!Node)
                        {
                            /* Fail */
                            Status = STATUS_INSUFFICIENT_RESOURCES;
                            break;
                        }
                    }

                    /* Create a KCB for this key */
                    Kcb = CmpCreateKeyControlBlock(Hive,
                                                   Cell,
                                                   Node,
                                                   ParentKcb,
                                                   CMP_LOCK_HASHES_FOR_KCB,
                                                   &NextName);
                    if (!Kcb)
                    {
                        /* Fail */
                        Status = STATUS_INSUFFICIENT_RESOURCES;
                        break;
                    }

                    /* Dereference the parent and set the new one */
                    CmpDereferenceKeyControlBlockWithLock(ParentKcb, FALSE);
                    ParentKcb = Kcb;
                }
                else
                {
                    /* Check if this was the last key for a create */
                    if (Last && ParseContext)
                    {
                        /* Check if we're doing a link node */
                        if (ParseContext->CreateLink)
                        {
                            /* The only thing we should see */
                            Status = CmpCreateLinkNode(Hive,
                                                       Cell,
                                                       AccessState,
                                                       NextName,
                                                       AccessMode,
                                                       Attributes,
                                                       ParseContext,
                                                       ParentKcb,
                                                       LockedKcbs,
                                                       Object);
                        }
                        else if (Hive == &CmiVolatileHive->Hive && CmpNoVolatileCreates)
                        {
                            /* Creating keys in the master hive is not allowed */
                            Status = STATUS_INVALID_PARAMETER;
                        }
                        else
                        {
                            /* Do the create */
                            Status = CmpDoCreate(Hive,
                                                 Cell,
                                                 AccessState,
                                                 &NextName,
                                                 AccessMode,
                                                 ParseContext,
                                                 ParentKcb,
                                                 Object);
                        }

                        /* Check for reparse (in this case, someone beat us) */
                        if (Status == STATUS_REPARSE) break;

                        /* Update disposition */
                        ParseContext->Disposition = REG_CREATED_NEW_KEY;
                        break;
                    }
                    else
                    {
                        /* Key not found */
                        Status = STATUS_OBJECT_NAME_NOT_FOUND;
                        break;
                    }
                }
            }
            else
            {
                /* Save the next name */
                Current.Buffer = NextName.Buffer;

                /* Validate the current name string length */
                if (Current.Length + NextName.Length > MAXUSHORT)
                {
                    /* too long */
                    Status = STATUS_NAME_TOO_LONG;
                    break;
                }
                Current.Length += NextName.Length;

                /* Validate the current name string maximum length */
                if (Current.MaximumLength + NextName.MaximumLength > MAXUSHORT)
                {
                    /* too long */
                    Status = STATUS_NAME_TOO_LONG;
                    break;
                }
                Current.MaximumLength += NextName.MaximumLength;

                /* CmpGetSymbolicLink doesn't want a lock */
                CmpUnLockKcbArray(LockedKcbs);
                LockedKcbs = NULL;

                /* Parse the symlink */
                if (CmpGetSymbolicLink(Hive,
                                       CompleteName,
                                       Kcb,
                                       &Current))
                {
                    /* Symlink parse succeeded */
                    Status = STATUS_REPARSE;
                }
                else
                {
                    /* Couldn't find symlink */
                    Status = STATUS_OBJECT_NAME_NOT_FOUND;
                }

                /* We're done */
                break;
            }
        }
        else if (Result && Last)
        {
            /* Opening the root. Is this an exit node? */
            if (Node->Flags & KEY_HIVE_EXIT)
            {
                /* Handle it */
                CmpHandleExitNode(&Hive,
                                  &Cell,
                                  &Node,
                                  &HiveToRelease,
                                  &CellToRelease);
                if (!Node)
                {
                    /* Fail */
                    Status = STATUS_INSUFFICIENT_RESOURCES;
                    break;
                }
            }

            /* Do the open */
            Status = CmpDoOpen(Hive,
                               Cell,
                               Node,
                               AccessState,
                               AccessMode,
                               Attributes,
                               ParseContext,
                               CMP_OPEN_KCB_NO_CREATE,
                               &Kcb,
                               LockedKcbs,
                               &NextName,
                               Object);
            if (Status == STATUS_REPARSE)
            {
                /* Nothing to do */
            }

            /* We're done */
            break;
        }
        else
        {
            /* Bogus */
            Status = STATUS_INVALID_PARAMETER;
            break;
        }
    }

Quickie:
    /* Unlock all the KCBs */
    if (LockedKcbs != NULL)
    {
        CmpUnLockKcbArray(LockedKcbs);
    }

    /* Dereference the parent if it exists */
    if (ParentKcb)
        CmpDereferenceKeyControlBlock(ParentKcb);

    /* Unlock the registry */
    CmpUnlockRegistry();
    return Status;
}