Reading a windows registry from linux
Jelmer Vernooij
jelmer at samba.org
Tue Feb 8 17:42:03 GMT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Matt,
Matt Cobb wrote:
| I noticed that reg_key_get_value_by_name always calls
| reg_key_get_value_by_index when going RPC/SMB. This gets very chatty
| when one is scanning lots of key values. Is there a way over SMB to do
| this by name directly or is the support just not there?
Yes, there is. It's not supported (yet) though in Samba4. Should be
fairly easy to add though.
Cheers,
Jelmer
|
| Cheers,
|
| Matt
|
| -----Original Message-----
| From: Jelmer Vernooij [mailto:jelmer at samba.org]
| Sent: Saturday, February 05, 2005 3:11 PM
| To: Matt Cobb
| Cc: samba-technical at lists.samba.org
| Subject: Re: Reading a windows registry from linux
|
| Hi Matt,
|
| I've fixed this is SVN. Thanks for reporting.
|
| Cheers,
|
| Jelmer
|
| Matt Cobb wrote:
| | Jelmer, I sent that trace to you directly. In the mean time I decided
| | to write a couple quick routines that just gets a string or a dword.
| | One thing I found was that reg_key_get_value_by_name always returns
| the
| | last value in the key, if you pass a value that doesn't exit. I think
| | that is because of the following lines:
| |
| | if(!W_ERROR_IS_OK(error) && !W_ERROR_EQUAL(error, WERR_NO_MORE_ITEMS))
| | return error;
| |
| | return WERR_OK;
| |
| | When there are not more items and the value we're looking for isn't
| | found, WERR_OK is returned. However val has already been filled in by
| | the call to reg_key_get_value_by_index, so the last val gets returned.
| |
| | Also, even when a valid key and value are passed, the type field in
| the
| | val is not set. This could be causing the regshell problem.
| |
| | -MC
| |
| | -----Original Message-----
| | From: Jelmer Vernooij [mailto:jelmer at samba.org]
| | Sent: Saturday, January 29, 2005 11:29 AM
| | To: Matt Cobb
| | Cc: samba-technical at lists.samba.org
| | Subject: Re: Reading a windows registry from linux
| |
| | Hi Matt,
| |
| | Matt Cobb wrote:
| | | So I tried samba4 regshell to read the registry against a Win2003
| | domain
| | | controller. It seems to be able to log in, do the SMB Signing and
| get
| | | keys. However all the Values show up as REG_NONE and null. Anyone
| | else
| | | seeing this? I did a svn update yesterday and made everything again
| | | using the instructions in howto.txt. Here is the output from
| | regshell.
| | |
| | | mattc-deb:/usr/local/samba/bin# ./regshell -b rpc -R
| | | "ncacn_np:lab-server-1" -U "administrator"
| | | Password for [TESTLAB\administrator]:
| | | HKEY_CLASSES_ROOT:> predefined HKEY_LOCAL_MACHINE
| | | HKEY_LOCAL_MACHINE:> ck
| | "SYSTEM\CurrentControlSet\Services\lanmanserver"
| | | Current path is: SYSTEM\CurrentControlSet\Services\lanmanserver
| | | HKEY_LOCAL_MACHINE:SYSTEM\CurrentControlSet\Services\lanmanserver>
| ck
| | | parametersCurrent path is:
| | | SYSTEM\CurrentControlSet\Services\lanmanserver\parameters
| | |
| |
| HKEY_LOCAL_MACHINE:SYSTEM\CurrentControlSet\Services\lanmanserver\parame
| | | ters> ls
| | | V "autodisconnect" REG_NONE (null)
| | | V "enableforcedlogoff" REG_NONE (null)
| | | V "enablesecuritysignature" REG_NONE (null)
| | | V "requiresecuritysignature" REG_NONE (null)
| | | V "restrictnullsessaccess" REG_NONE (null)
| | | V "NullSessionPipes" REG_NONE (null)
| | | V "NullSessionShares" REG_NONE (null)
| | | V "ServiceDll" REG_NONE (null)
| | | V "Lmannounce" REG_NONE (null)
| | | V "Size" REG_NONE (null)
| | | V "Guid" REG_NONE (null)
| | |
| | | I took an ethereal trace and it shows a WINREG EnumKey request
| getting
| | a
| | | response with error: 0x0414000a. However all the WINREG EnumValues
| | | have successful responses and I can see the correct values from the
| | | entries on the ethereal.
| | Can you please send me a trace of the successfull EnumValues
| responses?
| | These would be either value types unknown to Samba (which seems
| unlikely
| | to me) or a bug in reg_backend_rpc, I think.
| |
| | Cheers,
| |
| | Jelmer Vernooij
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFCCPnrPa9Uoh7vUnYRAh8WAJ4w51HW0MoMKbnMlgFwKddffw4/mQCfUH7z
AyjmkpoJrD9NkbnNLo1f5Tw=
=dcc1
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list