net rpc shutdown - how to poweroff
Richard Sharpe
rsharpe at richardsharpe.com
Tue Dec 31 00:07:00 GMT 2002
On Tue, 31 Dec 2002, Simo Sorce wrote:
> Thank you Willi,
> unfortuately the traces is encapsulated in an ntlmssp encrypted session
> so I cannot see anything.
> Can you kindly disable ntlmssp and redo the sniff from beginning?
> feel free to send the sniff only to me if you fear information
> disclosure.
Hmmm, I would be interested in seeing that. De[l]vin posted some patches
to Ethereal that might be able to deal with that, given the key :-)
> Simo.
>
> On Tue, 2002-12-31 at 00:38, Willi Mann wrote:
> > Hi Simo!
> >
> > I've put the sniff and the script which produced the shutdown on my
> > homepage:
> >
> > http://www.wm1.at/samba/wmisniff.bin
> > http://www.wm1.at/samba/RemoteShutdown.vbs
> >
> > w2k Professional german (192.168.0.1, P4) has the sniffer and asks a w2k
> > server german (192.168.0.254, WILLI) to do the shutdown. It only works
> > if you have the same passwords on both of the two machines. Don't ask me
> > about the sense of the for--next loop.
> >
> > Willi
> >
> >
> > Simo Sorce wrote:
> >
> > >On Mon, 2002-12-30 at 01:06, Willi Mann wrote:
> > >
> > >
> > >>Hi Andrew!
> > >>
> > >>The existing net rpc shutdown function doesn't seem to be able to do a
> > >>power off. It seems to be an implementation of the
> > >>initiateSystemShutdown API-call, which is used in many freeware
> > >>closed-source shutdown applications. I've played around with the flags
> > >>in the current Samba-implementation with the following result:
> > >>If one of the first 8 bits is set to 1 the machine reboots.
> > >>The second 8 bits mark the forced shutdown but I haven't verified that
> > >>it makes a difference to non-forced shutdowns.
> > >>
> > >>
> > >
> > >the 16bit flags we show in the source are really 2 booleans in the form
> > >of two bytes imho, I'm modifying the code in samba to behave this way.
> > >
> > >I made some test and I think you are right the rpc shutdown function is
> > >equivalent to InitiateSystemShutdownEx call on windows, so no power off
> > >possible, only the 2 booleans: force shutdown and reboot on shutdown.
> > >
> > >
> > >
> > >>There is a way for a working remote power off. The WMI-framework
> > >>provides a function called win32shutdown. This function is also used by
> > >>the Management Console-Shutdown. It offers nearly all flags which are
> > >>available in the ExitWindowsEx-function. It is completely different to
> > >>the net rpc shutdown. I've modified a VBscript-example provided in the
> > >>WMI-SDK to get the shortest possible shutdown-session and sniffed it.
> > >>There are about 100 packets on the wire (incl. authentication, SYNs,
> > >>RSTs, etc.) I'll try to work out more about that in the next few days.
> > >>
> > >>
> > >
> > >If you can send me the trace (ina aformate readable by ethereal) I'm
> > >interested at looking into it and see how it is done.
> > >
> > >Simo.
> > >
> > >
> > >
>
--
Regards
-----
Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org,
sharpe[at]ethereal.com, http://www.richardsharpe.com
More information about the samba-technical
mailing list