[jcifs] Re: Remote Execution and SVCCTL

Thu Sep 16 12:11:55 GMT 2004

Hi Mike,

Thanks for your help.

If you release the new version of idlc, let me know.

cheers,
Michael

On Thu, 2004-09-16 at 01:00, Michael B Allen wrote:
> Michael Melhem said:
> > HI Mike, et al.
> >
> > I have converted the the required methods from svcctl.idl into MIDL format
> > and have ran the idlc compiler to generate svcctl.java. The converted IDL
> > is attacthed to this email. I also wrote a test progam (extending from
> > svcctl.java) which does essentially the following:
> >
> > policy_handle handle = new policy_handle();
> > handle.uuid = new uuid_t();
> 
> There are a few pitfalls that are going to need some explaining. I think
> it would be better if I put that effort into some real documentation but I
> can give you some clues now.
> 
> DCE/RPC was designed with the C languange in mind. This creates some minor
> problems that need to be considered. Consider the following IDL:
> 
>         typedef struct {
>             uint32_t time_low;
>             uint16_t time_mid;
>             uint16_t time_hi_and_version;
>             uint8_t clock_seq_hi_and_reserved;
>             uint8_t clock_seq_low;
>             uint8_t node[6];
>         } uuid_t;
> 
> In C the node member is part of the uuid_t type. But in Java you have to
> explicitly allocate arrays. I think it might be necessary to do:
> 
> rpc.uuid_t uuid = new rpc.uuid_t();
> uuid.node = new byte[6];
> ...
> 
> Some wrapper classes will be in order for more common structures such as
> UUID.java, SID.java, etc that handles these little issues automatically.
> 
> 
> > OpenSCManagerW scmanager = new OpenSCManagerW("\\\\" + servername, null,
> > 0x02000000, handle);
> > call(0, scmanager);
> >
> > System.out.println( scmanager.retval + ": rtme_low" + handle.uuid.time_low
> > );
> >
> > The above seems to work fine because i get a value from
> > handle.uuid.time_low
> 
> I just picked that field at random though. For all I know a 0 value is
> valid as well. It's a crude test.
> 
> >, plus the return val is zero. Ethereal looks good
> > too. The Problem arises when I try and call openServiceW(). Note, for the
> > scmanager argument, I use handle from above (which i know presume is a
> > handle to the remote scmanager). Im guessing the SERVICE_ACCESS argument
> > (at the moment i have it set it to zero, need to find out the real values
> > for these constants from the windows header files?)
> 
> Check to see if there's an equivalent Win32 function by searching MSDN:
> 
> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dllproc/base/openservice.asp
> 
> > Here T try to get open the remote windows Telnet service..
> >
> >
> > OpenServiceW service = new OpenServiceW(handle, "Telent", 0);
> > call(0, service);
> >
> > The above causes an unknown Fault Exception returned from remote system.
> > So im not sure what is happening. When I try call(1, service) its seems to
> > get further but stills bombs out.
> >
> > Im not so privy to the internal workings of jaraparc, so im not sure what
> > the first argument of the call() method refers too.????? Usually is just
> > set to 0.
> 
> That's the "semantics" flag. It looks like it controls DCE operation
> attributes like "idempotent", "maybe", etc. You would have to look at the
> DCE specification and Jarapac to see how it really alters the behavior of
> a call. I recommend just leaving it 0.
> 
> > Another thing, the midl interface for OpenServiceW() is as follows:
> >
> > /*****************/
> >  /* Function 0x10 */
> >  [op(0x10)]
> >  int OpenServiceW([in] policy_handle *scmanager_handle,
> >              [in,string,unique] wchat_t *ServiceName,
> >              [in] uint32_t access_mask);
> >
> >
> > Note that all the arguments are all [in] arguments, so how am I meant to
> > get a handle to the service from this method???
> 
> Hmm, that's a good question. The Samba4 IDL should really only be used as
> a guide. The MSDN documentation for equivalent Win32 functions is just as
> important and if you understand MIDL well it is not uncommon to be able to
> derive the IDL entirely from the Win32 API documentation. The MSDN
> prototype is:
> 
> SC_HANDLE OpenService(
>   SC_HANDLE hSCManager,
>   LPCTSTR lpServiceName,
>   DWORD dwDesiredAccess
> );
> 
> So perhaps it's:
> 
>   [op(0x10)]
>   policy_handle *OpenServiceW([in] policy_handle *scmanager_handle,
>               [in,string,unique] wchat_t *ServiceName,
>               [in] uint32_t access_mask);
> 
> Another problem might be that the version of IDLC isn't quite right. I
> think it should handle the above just fine but I have a new version that
> you should really be using instead. It's not quite through the entire test
> suite so I have a little more work to do. I could release it tonight.
> 
> Mike