Incorrect value returned by srv_reg_nt.c:_reg_enum_key

Marcin Porwit mporwit at centeris.com
Sat Jan 8 01:27:32 GMT 2005 

While doing some investigation into EventLog support, I came across a small bug in _reg_enum_key.
According to MSDN, the proper behavior for when there are no more keys to enumerate is
ERROR_NO_MORE_ITEMS (0x00000103), while current Samba3 versions return NT_STATUS_NO_MORE_ENTRIES
(0x8000001A). Getting NT_STATUS_NO_MORE_ENTRIES causes the MMC to drop all the registry keys it has
gotten up until that point, which is unfortunate, since then nothing shows up under the EventLog entry.

The proper behavior is described here: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/sysinfo/base/regenumkey.asp

According to Ethereal, this is what is going on:
WIN2K (WORKING)
No.     Time        Source                Destination           Protocol Info
    230 18.866967   10.100.1.109          10.100.1.247          WINREG   EnumKey response, Unknown error 0x020a0000[Long frame (44 bytes)]
 
Frame 230 (186 bytes on wire, 186 bytes captured)
Ethernet II, Src: 00:50:8b:c7:61:c0, Dst: 08:00:46:b6:72:71
Internet Protocol, Src Addr: 10.100.1.109 (10.100.1.109), Dst Addr: 10.100.1.247 (10.100.1.247)
Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 2142 (2142), Seq: 9766, Ack: 12241, Len: 132
    Source port: microsoft-ds (445)
    Destination port: 2142 (2142)
    Sequence number: 9766    (relative sequence number)
    Next sequence number: 9898    (relative sequence number)
    Acknowledgement number: 12241    (relative ack number)
    Header length: 20 bytes
    Flags: 0x0018 (PSH, ACK)
    Window size: 16520
    Checksum: 0x65e5 (correct)
    SEQ/ACK analysis
        This is an ACK to the segment in frame: 229
        The RTT to ACK the segment was: 0.001442000 seconds
NetBIOS Session Service
SMB (Server Message Block Protocol)
    SMB Header
        Server Component: SMB
        Response to: 229
        Time from request: 0.001442000 seconds
        SMB Command: Trans (0x25)
        NT Status: STATUS_SUCCESS (0x00000000)
        Flags: 0x98
        Flags2: 0xc807
        Process ID High: 0
        Signature: 0000000000000000
        Reserved: 0000
        Tree ID: 2048
        Process ID: 1616
        User ID: 2048
        Multiplex ID: 6080
    Trans Response (0x25)
        Word Count (WCT): 10
        Total Parameter Count: 0
        Total Data Count: 72
        Reserved: 0000
        Parameter Count: 0
        Parameter Offset: 56
        Parameter Displacement: 0
        Data Count: 72
        Data Offset: 56
        Data Displacement: 0
        Setup Count: 0
        Reserved: 00
        Byte Count (BCC): 73
        Padding: 00
SMB Pipe Protocol
    Function: TransactNmPipe (0x0026)
    FID: 0x4009
DCE RPC
    Version: 5
    Version (minor): 0
    Packet type: Response (2)
    Packet Flags: 0x03
    Data Representation: 10000000
        Byte order: Little-endian (1)
        Character: ASCII (0)
        Floating-point: IEEE (0)
    Frag Length: 72
    Auth Length: 0
    Call ID: 21
    Alloc hint: 48
    Context ID: 0
    Cancel count: 0
    Opnum: 9
    Request in frame: 229
    Time from request: 0.001442000 seconds
Microsoft Registry, EnumKey
    Operation: EnumKey (9)
    Return code: Unknown (0x020a0000)
 
0000  08 00 46 b6 72 71 00 50 8b c7 61 c0 08 00 45 00   ..F.rq.P..a...E.
0010  00 ac 58 cd 40 00 80 06 89 53 0a 64 01 6d 0a 64   ..X. at ....S.d.m.d
0020  01 f7 01 bd 08 5e bf 34 72 d8 b8 77 35 f0 50 18   .....^.4r..w5.P.
0030  40 88 65 e5 00 00 00 00 00 80 ff 53 4d 42 25 00   @.e........SMB%.
0040  00 00 00 98 07 c8 00 00 00 00 00 00 00 00 00 00   ................
0050  00 00 00 08 50 06 00 08 c0 17 0a 00 00 48 00 00   ....P........H..
0060  00 00 00 38 00 00 00 48 00 38 00 00 00 00 00 49   ...8...H.8.....I
0070  00 00 05 00 02 03 10 00 00 00 48 00 00 00 15 00   ..........H.....
0080  00 00 30 00 00 00 00 00 00 00 00 00 0a 02 d0 21   ..0............!
0090  07 00 05 01 00 00 00 00 00 00 00 00 00 00 78 94   ..............x.
00a0  07 00 00 00 00 00 00 00 00 00 84 94 07 00 c4 ef   ................
00b0  07 00 c4 ef 07 00 03 01 00 00                     ..........
 
 
SAMBA3 (BROKEN) 
No.     Time        Source                Destination           Protocol Info
    201 10.026644   10.100.1.103          10.100.1.247          WINREG   EnumKey response[Long frame (16 bytes)]
 
Frame 201 (158 bytes on wire, 158 bytes captured)
Ethernet II, Src: 00:0c:29:58:aa:14, Dst: 08:00:46:b6:72:71
Internet Protocol, Src Addr: 10.100.1.103 (10.100.1.103), Dst Addr: 10.100.1.247 (10.100.1.247)
Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 2131 (2131), Seq: 9109, Ack: 11847, Len: 104
    Source port: microsoft-ds (445)
    Destination port: 2131 (2131)
    Sequence number: 9109    (relative sequence number)
    Next sequence number: 9213    (relative sequence number)
    Acknowledgement number: 11847    (relative ack number)
    Header length: 20 bytes
    Flags: 0x0018 (PSH, ACK)
    Window size: 16080
    Checksum: 0xf205 (correct)
    SEQ/ACK analysis
        This is an ACK to the segment in frame: 200
        The RTT to ACK the segment was: 0.009952000 seconds
NetBIOS Session Service
SMB (Server Message Block Protocol)
    SMB Header
        Server Component: SMB
        Response to: 200
        Time from request: 0.009952000 seconds
        SMB Command: Trans (0x25)
        NT Status: STATUS_SUCCESS (0x00000000)
        Flags: 0x88
        Flags2: 0xc801
        Process ID High: 0
        Signature: 0000000000000000
        Reserved: 0000
        Tree ID: 1
        Process ID: 2824
        User ID: 100
        Multiplex ID: 7360
    Trans Response (0x25)
        Word Count (WCT): 10
        Total Parameter Count: 0
        Total Data Count: 44
        Reserved: 0000
        Parameter Count: 0
        Parameter Offset: 56
        Parameter Displacement: 0
        Data Count: 44
        Data Offset: 56
        Data Displacement: 0
        Setup Count: 0
        Reserved: 00
        Byte Count (BCC): 45
        Padding: 00
SMB Pipe Protocol
    Function: TransactNmPipe (0x0026)
    FID: 0x75e7
DCE RPC
    Version: 5
    Version (minor): 0
    Packet type: Response (2)
    Packet Flags: 0x03
    Data Representation: 10000000
        Byte order: Little-endian (1)
        Character: ASCII (0)
        Floating-point: IEEE (0)
    Frag Length: 44
    Auth Length: 0
    Call ID: 9
    Alloc hint: 20
    Context ID: 0
    Cancel count: 0
    Opnum: 9
    Request in frame: 200
    Time from request: 0.009952000 seconds
Microsoft Registry, EnumKey
    Operation: EnumKey (9)
    Return code: STATUS_SUCCESS (0x00000000)
 
0000  08 00 46 b6 72 71 00 0c 29 58 aa 14 08 00 45 00   ..F.rq..)X....E.
0010  00 90 77 1b 40 00 40 06 ab 27 0a 64 01 67 0a 64   ..w. at .@..'.d.g.d
0020  01 f7 01 bd 08 53 d7 c9 94 11 18 37 b1 5b 50 18   .....S.....7.[P.
0030  3e d0 f2 05 00 00 00 00 00 64 ff 53 4d 42 25 00   >........d.SMB%.
0040  00 00 00 88 01 c8 00 00 00 00 00 00 00 00 00 00   ................
0050  00 00 01 00 08 0b 64 00 c0 1c 0a 00 00 2c 00 00   ......d......,..
0060  00 00 00 38 00 00 00 2c 00 38 00 00 00 00 00 2d   ...8...,.8.....-
0070  00 00 05 00 02 03 10 00 00 00 2c 00 00 00 09 00   ..........,.....
0080  00 00 14 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0090  00 00 00 00 00 00 00 00 00 00 1a 00 00 80         ..............

The fix for this in 3.0.10 is a quick two-liner. The diffs follow:
mporwit at mporwit-linux:~> diff samba-3.0.10/source/include/nterr.h samba-3.0.10-mod/source/include/nterr.h
38a39
> #define ERROR_NO_MORE_ITEMS              NT_STATUS(0x00000103)
mporwit at mporwit-linux:~> diff samba-3.0.10/source/rpc_server/srv_reg_nt.c samba-3.0.10-mod/source/rpc_server/srv_reg_nt.c
518c518
<              status = NT_STATUS_NO_MORE_ENTRIES;
---
>              status = ERROR_NO_MORE_ITEMS;

Can this get fixed in 3.0.11?
--
Marcin Porwit
mkporwit at centeris.com

More information about the samba-technical mailing list