[jcifs] EventLog patche question
Michael B Allen
ioplex at gmail.com
Fri Sep 25 11:44:06 MDT 2009
Raffael,
Unfortunately I simply do not have much "Free" time anymore and your
code is not even close to being correct. The MS-RPC layer of JCIFS is
not documented as it is an internal API. It is a good API and
tool-chain though. You don't need to mess around with NdrBuffer,
rpc.unicode_string and low-level stuff like that. If you just play
around with it and look at how other calls are conducted you should be
able to figure out how it works.
Mike
On Fri, Sep 25, 2009 at 12:45 PM, Raffael Maio <raffael.maio at gmail.com> wrote:
> Hi again,
>
> Thanks for your suggestion. However, I'm still stuck with it ;( Indeed, I
> try to look up in the code of jcifs.smb.SID.getServerSid() but everything
> becomes difficult without any api around ;(
>
> So I try the following code to send a message. But now, my question is about
> how to retrieve the answer of the DcerpcHandle after sending something?!?
>
> DcerpcHandle handle = null;
> LsaPolicyHandle policyHandle = null;
> //MsrpcQueryInformationPolicy rpc;
> lsarpc.LsarDomainInfo info = new lsarpc.LsarDomainInfo();
>
> handle = DcerpcHandle.getHandle("ncacn_np:10.192.57.120"+
> "[\\PIPE\\EVENTLOG]", auth);
>
>
> String s = "Application";
> NdrBuffer buffer = new NdrBuffer(s.getBytes(),0);
>
> String s1 = "10.192.57.120";
> NdrBuffer buffer2 = new NdrBuffer(s1.getBytes(),0);
>
> rpc.unicode_string logname = new rpc.unicode_string();
> logname.encode(buffer);
> rpc.unicode_string server = new rpc.unicode_string();
> server.encode(buffer2);
>
>
> eventlog.EventLogOpenEventLog event = new
> eventlog.EventLogOpenEventLog(logname,server);
> handle.sendrecv(event);
>
> -----Original Message-----
> From: Michael B Allen [mailto:ioplex at gmail.com]
> Sent: dimanche, 20. septembre 2009 16:50
> To: Raffael Maio
> Cc: jcifs at lists.samba.org
> Subject: Re: [jcifs] EventLog patche question
>
> No, but search the archives. I'm pretty sure it was just something
> someone posted to the list. The date in the patch looks like
> 2007-03-20.
>
> I just looked at the patch. Two notes:
>
> 1. It's all DCERPC. This is good because all the decoding and encoding
> stuff is done for you and the DCERPC layer is very easy and clean in
> JCIFS. You just need to create an instance of each type of call (like
> new eventlog.EventLogOpenEventLog(logname, servername)) and then run
> it with DcerpcHandle.sendrecv. There are lots of examples of this in
> the JCIFS code. The jcifs.smb.SID.getServerSid() method is probably a
> good simple example of how to use the JCIFS DCERPC layer.
>
> 2. String handling is wrong. I don't know what type of strings the
> eventlog IDL uses but the patch modifies UnicodeString handling to
> compensate which is wrong and dangerous because it could effect other
> DCERPC code that uses UnicodeString. To fix this you would need to
> figure out how strings are handled properly with the eventlog
> interface, adjust the IDL, recompile the stub with midlc and adjust
> the code as necessary. Look at the Windows Server Protocol documents
> now available from Microsoft's website. There's probably a document
> about the eventlog interface with proper IDL. That IDL will show you
> how strings are supposed to be handled.
>
> Mike
>
> On Sun, Sep 20, 2009 at 9:14 AM, Raffael Maio <raffael.maio at gmail.com>
> wrote:
>> Do you have an idea about who did the patch and who would be able to
> provide
>> some docs about this new class?
>>
>> -----Original Message-----
>> From: Michael B Allen [mailto:ioplex at gmail.com]
>> Sent: samedi, 19. septembre 2009 22:48
>> To: Raffael Maio
>> Cc: jcifs at lists.samba.org
>> Subject: Re: [jcifs] EventLog patche question
>>
>> Oh. No. I have not looked at it since the day I placed it in the
>> patches directory.
>>
>> On Sat, Sep 19, 2009 at 12:39 PM, Raffael Maio <raffael.maio at gmail.com>
>> wrote:
>>> The question was more related to the eventlog class that has been created
>> in
>>> the patch directory. Do you have any information about how to use it?
>>>
>>> 2009/9/19 Michael B Allen <ioplex at gmail.com>
>>>>
>>>> On Sat, Sep 19, 2009 at 7:47 AM, Raffael Maio <raffael.maio at gmail.com>
>>>> wrote:
>>>> > Hi all,
>>>> >
>>>> >
>>>> >
>>>> > I seen on the patches directory that there is a new class called
>>>> > eventlog.
>>>> > I recompile the project in order to use this class and it seems to
>> work.
>>>> >
>>>> >
>>>> >
>>>> > However, now I would like to use it in my test program in order to
>>>> > access
>>>> > the eventlog of a remote machine. Does someone have an idea about how
>> to
>>>> > do
>>>> > it?! As there is yet no docs available I would appreciate if you have
>>>> > already figure out this problem to share it J
>>>> >
>>>> >
>>>> >
>>>> > Previously I was trying that to access the eventlog pipe like this
>>>> > (without
>>>> > success).
>>>> >
>>>> >
>>>> >
>>>> > NtlmPasswordAuthentication auth = new
>>>> > NtlmPasswordAuthentication("TESTS;administrator:admin");
>>>> >
>>>> >
>>>> >
>>>> >
>>>> >
>>>> > SmbNamedPipe pipe = new SmbNamedPipe(
>>>> > "smb://10.192.10.10/IPC$/EVENTLOG",
>>>> >
>>>> > SmbNamedPipe.PIPE_TYPE_RDWR |
>>>> > SmbNamedPipe.PIPE_TYPE_TRANSACT
>>>> > , auth );
>>>> >
>>>> > OutputStream out = pipe.getNamedPipeOutputStream();
>>>> >
>>>> > InputStream in = pipe.getNamedPipeInputStream();
>>>> >
>>>> >
>>>> >
>>>> > What would be the new way accessing the eventlog now with the new
>>>> > classes?
>>>>
>>>> Get WireShark, capture the transaction and see if it decodes the
>>>> response. Then you can write some code to pick apart the entries.
>>>>
>>>> Mike
>>>>
>>>> --
>>>> Michael B Allen
>>>> Java Active Directory Integration
>>>> http://www.ioplex.com/
>>>
>>>
>>
>>
>>
>> --
>> Michael B Allen
>> Java Active Directory Integration
>> http://www.ioplex.com/
>>
>>
>
>
>
> --
> Michael B Allen
> Java Active Directory Integration
> http://www.ioplex.com/
>
>
--
Michael B Allen
Java Active Directory Integration
http://www.ioplex.com/
More information about the jCIFS
mailing list