Reading a windows registry from linux
Jelmer Vernooij
jelmer at samba.org
Sat Feb 5 23:11:05 GMT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Matt,
I've fixed this is SVN. Thanks for reporting.
Cheers,
Jelmer
Matt Cobb wrote:
| Jelmer, I sent that trace to you directly. In the mean time I decided
| to write a couple quick routines that just gets a string or a dword.
| One thing I found was that reg_key_get_value_by_name always returns the
| last value in the key, if you pass a value that doesn't exit. I think
| that is because of the following lines:
|
| if(!W_ERROR_IS_OK(error) && !W_ERROR_EQUAL(error, WERR_NO_MORE_ITEMS))
| return error;
|
| return WERR_OK;
|
| When there are not more items and the value we're looking for isn't
| found, WERR_OK is returned. However val has already been filled in by
| the call to reg_key_get_value_by_index, so the last val gets returned.
|
| Also, even when a valid key and value are passed, the type field in the
| val is not set. This could be causing the regshell problem.
|
| -MC
|
| -----Original Message-----
| From: Jelmer Vernooij [mailto:jelmer at samba.org]
| Sent: Saturday, January 29, 2005 11:29 AM
| To: Matt Cobb
| Cc: samba-technical at lists.samba.org
| Subject: Re: Reading a windows registry from linux
|
| Hi Matt,
|
| Matt Cobb wrote:
| | So I tried samba4 regshell to read the registry against a Win2003
| domain
| | controller. It seems to be able to log in, do the SMB Signing and get
| | keys. However all the Values show up as REG_NONE and null. Anyone
| else
| | seeing this? I did a svn update yesterday and made everything again
| | using the instructions in howto.txt. Here is the output from
| regshell.
| |
| | mattc-deb:/usr/local/samba/bin# ./regshell -b rpc -R
| | "ncacn_np:lab-server-1" -U "administrator"
| | Password for [TESTLAB\administrator]:
| | HKEY_CLASSES_ROOT:> predefined HKEY_LOCAL_MACHINE
| | HKEY_LOCAL_MACHINE:> ck
| "SYSTEM\CurrentControlSet\Services\lanmanserver"
| | Current path is: SYSTEM\CurrentControlSet\Services\lanmanserver
| | HKEY_LOCAL_MACHINE:SYSTEM\CurrentControlSet\Services\lanmanserver> ck
| | parametersCurrent path is:
| | SYSTEM\CurrentControlSet\Services\lanmanserver\parameters
| |
| HKEY_LOCAL_MACHINE:SYSTEM\CurrentControlSet\Services\lanmanserver\parame
| | ters> ls
| | V "autodisconnect" REG_NONE (null)
| | V "enableforcedlogoff" REG_NONE (null)
| | V "enablesecuritysignature" REG_NONE (null)
| | V "requiresecuritysignature" REG_NONE (null)
| | V "restrictnullsessaccess" REG_NONE (null)
| | V "NullSessionPipes" REG_NONE (null)
| | V "NullSessionShares" REG_NONE (null)
| | V "ServiceDll" REG_NONE (null)
| | V "Lmannounce" REG_NONE (null)
| | V "Size" REG_NONE (null)
| | V "Guid" REG_NONE (null)
| |
| | I took an ethereal trace and it shows a WINREG EnumKey request getting
| a
| | response with error: 0x0414000a. However all the WINREG EnumValues
| | have successful responses and I can see the correct values from the
| | entries on the ethereal.
| Can you please send me a trace of the successfull EnumValues responses?
| These would be either value types unknown to Samba (which seems unlikely
| to me) or a bug in reg_backend_rpc, I think.
|
| Cheers,
|
| Jelmer Vernooij
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFCBVKJPa9Uoh7vUnYRAvh1AKCMU0iYnkJDTV7EXWYe5xWO90WVDgCeL5X+
E+hTb0PCBrNJT6WteochU74=
=C+EL
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list