User lists in W95 (II)

Michael Stockman pgmtekn at algonet.se
Sun Oct 18 18:02:07 GMT 1998 

Hello,

I downloaded friday's CVS version of samba (1998-10-16) which was very nice. It appears that support for usrmgr in W95 is now there. However the share dialog box doesn't seem to like it very much. I've tried to describe the course of events below for the share dialog (which fails). I'll try to compare with usrmgr.

1. A SMBTrans message on \PIPE\LSARPC with pnum = 0.
Fails because pipe pnum = 0 is invalid. Strange to use 0 if one don't have a pipe handle since INVALID_HANDLE_VALUE = -1. After that the call ends up in ipc.c:api_no_reply as an unsupported api fd command.
Usrmgr sends a SMBtrans to \PIPE\ with pnum = FFFF instead. Fails just the same.
Usrmgr sends a SMBtrans to \PIPE\SAMR with pnum = 0. Also fails.
Usrmgr jumps to point 12 (will jump back after point 15).

2. A SMBopenX message to \PIPE\LSARPC. Succeeds with pnum = 7000.
Usrmgr starts with a SMBtrans to \PIPE\LSARPC with pnum = 0 (as share dialog did above) and then sends a SMBopenX just like the share dialog in this point. Succeeds with pnum = 7004 (two open pipes now).

3. A SMBtrans message on \PIPE\LSARPC with pnum = 7000.
Uses API command 0x1 and sets state of pipe to 100.
Usrmgr does the same on pipe 7004.

4. A SMBtrans message on \PIPE\LSARPC with pnum = 7000.
API command 0x26 -> bind request \PIPE\LSARPC -> \PIPE\LSASS.
Usrmgr does the same on pipe 7004 (binds both pipes to \PIPE\LSASS(?)).

5. A SMBtrans message on \PIPE\ with pnum = 7000.
API command 0x26 -> api_rpc_command LSA_OPENPOLICY.
Usrmgr does the same.

6. A SMBtrans message on \PIPE\ with pnum = 7000.
API command 0x26 -> api_rpc_command LSA_QUERYINFOPOLICY.
Usrmgr now sends API command 0x26 -> SAMR_OPENDOMAIN to pipe 7003 (SAMR) which opens policy hnd[2].
After that usrmgr does the same on pipe 7004 (LSARPC).
Usrmgr sends API command 0x26 -> SAMR_OPEN_DOMAIN to pipe 7003 (SAMR) which opens policy hnd[3].
Usrmgr then sends a new LSA_QUERYINFOPOLICY to pipe 7004 (LSARPC).
Usrmgr repeats this SAMR_OPEN_DOMAIN, LSA_QUERYINFOPOLICY one more time.
Then the sequence changes to SAMR_OPEN_DOMAIN, SAMR_CLOSE_HND and LSA_QUERYINFOPOLICY whitch is repeated 3 times.
Then usrmgr sends a SAMR_OPEN_DOMAIN and a SAMR_CLOSE_HND (there were no more users in the smbpasswd file).
Usrmgr now sends a LSA_OPENPOLICY, LSA_CLOSE sequence 3 times.
My log continues with these calls and then stops:
SAMR_OPEN_DOMAIN, SAMR_CLOSE_HND, LSA_QUERYINFOPOLICY
SAMR_OPEN_DOMAIN, SAMR_CLOSE_HND, SAMR_QUERY_DISPINFO, SAMR_ENUM_DOMAIN_ALIASES, SAMR_OPEN_ALIAS, SAMR_QUERY_ALIASINFO, SAMR_CLOSE_HND, SAMR_ENUM_DOM_ALIASES, SAMR_OPEN_ALIAS, SAMR_QUERY_ALIASINFO, SAMR_CLOSE_HND, SAMR_ENUM_DOM_GROUPS
Then I've got no more info on the doings of usrmgr. This is probably due to usrmgr not cleaning up directly and me taking a diff on the log before usrmgr did. To justify my behaviour, usrmgr did show the usernames before I did the diff.

7. A SMBtrans message on \PIPE\ with pnum = 7000.
API command 0x26 -> api_rpc_command LSA_ENUMTRUSTDOM.

8. A SMBtrans message on \PIPE\ with pnum = 7000.
API command 0x26 -> api_rpc_command LSA_CLOSE.

9. A SMBclose message with pnum = 7000.

10. A SMBtrans on \PIPE\LANMAN.
API command 13 -> RNetServerGetInfo level 1.

11. A SMBtrans message on \PIPE\SAMR with pnum = 0.
Fails due to no pipe with pnum = 0 and unsupported API fd command (similar to point 1).

12. A SMBopenX message on \PIPE\SAMR. Succeeds with pnum = 7001.
Usrmgr sends SMBopenX to \PIPE\SAMR. Succeeds with pnum = 7003.

13. A SMBtrans message on \PIPE\ with pnum = 7001.
API command 0x1 -> SetNamedPipeHandleState to code 100.
Usrmgr does the same (except for on pipe 7003).

14. A SMBtrans message on \PIPE\ with pnum = 7001.
API command 0x26 -> bind request \PIPE\SAMR -> \PIPE\LSASS.
Usrmgr does the same

15. A SMBtrans message on \PIPE\ with pnum = 7001.
API command 0x26 -> SAMR_CONNECT_ANON. Opened policy hnd[1].
Usrmgr does a SAMR_CLOSE_HND first. Fails as no policy was opened.
Usrmgr sends a SMBtrans on \PIPE\ with pnum = FFFF. Fails as invalid handle and unsupported API fd command.
Usrmgr sends a SMBtrans on \PIPE\ with pnum = 7003. API command 0x26 -> SAMR_CONNECT_ANON. Opens policy hnd[1].
Usrmgr jumps back to point 2.

16. A SMBtrans message on \PIPE\ with pnum = 7001.
API command 0x26 -> api_samr_rpc op 0x5 - unknown. Unsupported API fd command.

17. A SMBclose message with pnum = 7001.

18. A SMBtrans message on \PIPE\SAMR with pnum = 0.
Fails "as usual" and unsupported API fd command.

19. A SMBopenX command on \PIPE\SAMR succeeds with pnum = 7002.

20. A SMBtrans message on \PIPE\ with pnmu = 7002.
API command 0x1 -> SetNamedPipeHandleState to code 100.

21. A SMBtrans message on \PIPE\ with pnum = 7002.
API command 0x26 -> bind request \PIPE\SAMR -> \PIPE\LSASS.

22. A SMBtrans message on \PIPE\ with pnum = 7002.
API command 0x26 -> SAMR_CLOSE_HND. Closed policy hnd[1].

23. A SMBclose message with pnum = 7002.

This may all be known to you already. However what seems as possible points to start at are the meaning of pnum = 0 and samr op 0x5. I'm however not in a position to get deep into this as I've only got W95 machines and the linux machine on which samba is running.

Best regards
  Michael Stockman
  pgmteln-micke at algonet.se

More information about the samba-technical mailing list