[jcifs] EventLog patche question

Michael B Allen ioplex at gmail.com
Sun Sep 20 08:49:59 MDT 2009


No, but search the archives. I'm pretty sure it was just something
someone posted to the list. The date in the patch looks like
2007-03-20.

I just looked at the patch. Two notes:

1. It's all DCERPC. This is good because all the decoding and encoding
stuff is done for you and the DCERPC layer is very easy and clean in
JCIFS. You just need to create an instance of each type of call (like
new eventlog.EventLogOpenEventLog(logname, servername)) and then run
it with DcerpcHandle.sendrecv. There are lots of examples of this in
the JCIFS code. The jcifs.smb.SID.getServerSid() method is probably a
good simple example of how to use the JCIFS DCERPC layer.

2. String handling is wrong. I don't know what type of strings the
eventlog IDL uses but the patch modifies UnicodeString handling to
compensate which is wrong and dangerous because it could effect other
DCERPC code that uses UnicodeString. To fix this you would need to
figure out how strings are handled properly with the eventlog
interface, adjust the IDL, recompile the stub with midlc and adjust
the code as necessary. Look at the Windows Server Protocol documents
now available from Microsoft's website. There's probably a document
about the eventlog interface with proper IDL. That IDL will show you
how strings are supposed to be handled.

Mike

On Sun, Sep 20, 2009 at 9:14 AM, Raffael Maio <raffael.maio at gmail.com> wrote:
> Do you have an idea about who did the patch and who would be able to provide
> some docs about this new class?
>
> -----Original Message-----
> From: Michael B Allen [mailto:ioplex at gmail.com]
> Sent: samedi, 19. septembre 2009 22:48
> To: Raffael Maio
> Cc: jcifs at lists.samba.org
> Subject: Re: [jcifs] EventLog patche question
>
> Oh. No. I have not looked at it since the day I placed it in the
> patches directory.
>
> On Sat, Sep 19, 2009 at 12:39 PM, Raffael Maio <raffael.maio at gmail.com>
> wrote:
>> The question was more related to the eventlog class that has been created
> in
>> the patch directory. Do you have any information about how to use it?
>>
>> 2009/9/19 Michael B Allen <ioplex at gmail.com>
>>>
>>> On Sat, Sep 19, 2009 at 7:47 AM, Raffael Maio <raffael.maio at gmail.com>
>>> wrote:
>>> > Hi all,
>>> >
>>> >
>>> >
>>> > I seen on the patches directory that there is a new class called
>>> > eventlog.
>>> > I recompile the project in order to use this class and it seems to
> work.
>>> >
>>> >
>>> >
>>> > However, now I would like to use it in my test program in order to
>>> > access
>>> > the eventlog of a remote machine. Does someone have an idea about how
> to
>>> > do
>>> > it?! As there is yet no docs available I would appreciate if you  have
>>> > already figure out this problem  to share it J
>>> >
>>> >
>>> >
>>> > Previously I was trying that to access the eventlog pipe like this
>>> > (without
>>> > success).
>>> >
>>> >
>>> >
>>> >         NtlmPasswordAuthentication auth = new
>>> > NtlmPasswordAuthentication("TESTS;administrator:admin");
>>> >
>>> >
>>> >
>>> >
>>> >
>>> >         SmbNamedPipe pipe = new SmbNamedPipe(
>>> > "smb://10.192.10.10/IPC$/EVENTLOG",
>>> >
>>> >               SmbNamedPipe.PIPE_TYPE_RDWR |
>>> > SmbNamedPipe.PIPE_TYPE_TRANSACT
>>> > , auth );
>>> >
>>> >         OutputStream out = pipe.getNamedPipeOutputStream();
>>> >
>>> >         InputStream in = pipe.getNamedPipeInputStream();
>>> >
>>> >
>>> >
>>> > What would be the new way accessing the eventlog now with the new
>>> > classes?
>>>
>>> Get WireShark, capture the transaction and see if it decodes the
>>> response. Then you can write some code to pick apart the entries.
>>>
>>> Mike
>>>
>>> --
>>> Michael B Allen
>>> Java Active Directory Integration
>>> http://www.ioplex.com/
>>
>>
>
>
>
> --
> Michael B Allen
> Java Active Directory Integration
> http://www.ioplex.com/
>
>



-- 
Michael B Allen
Java Active Directory Integration
http://www.ioplex.com/


More information about the jCIFS mailing list