Reading a windows registry from linux
mattc at lockdownnetworks.com
Mon Jan 31 18:47:56 GMT 2005
Jelmer, I sent that trace to you directly. In the mean time I decided
to write a couple quick routines that just gets a string or a dword.
One thing I found was that reg_key_get_value_by_name always returns the
last value in the key, if you pass a value that doesn't exit. I think
that is because of the following lines:
if(!W_ERROR_IS_OK(error) && !W_ERROR_EQUAL(error, WERR_NO_MORE_ITEMS))
When there are not more items and the value we're looking for isn't
found, WERR_OK is returned. However val has already been filled in by
the call to reg_key_get_value_by_index, so the last val gets returned.
Also, even when a valid key and value are passed, the type field in the
val is not set. This could be causing the regshell problem.
From: Jelmer Vernooij [mailto:jelmer at samba.org]
Sent: Saturday, January 29, 2005 11:29 AM
To: Matt Cobb
Cc: samba-technical at lists.samba.org
Subject: Re: Reading a windows registry from linux
-----BEGIN PGP SIGNED MESSAGE-----
Matt Cobb wrote:
| So I tried samba4 regshell to read the registry against a Win2003
| controller. It seems to be able to log in, do the SMB Signing and get
| keys. However all the Values show up as REG_NONE and null. Anyone
| seeing this? I did a svn update yesterday and made everything again
| using the instructions in howto.txt. Here is the output from
| mattc-deb:/usr/local/samba/bin# ./regshell -b rpc -R
| "ncacn_np:lab-server-1" -U "administrator"
| Password for [TESTLAB\administrator]:
| HKEY_CLASSES_ROOT:> predefined HKEY_LOCAL_MACHINE
| HKEY_LOCAL_MACHINE:> ck
| Current path is: SYSTEM\CurrentControlSet\Services\lanmanserver
| HKEY_LOCAL_MACHINE:SYSTEM\CurrentControlSet\Services\lanmanserver> ck
| parametersCurrent path is:
| ters> ls
| V "autodisconnect" REG_NONE (null)
| V "enableforcedlogoff" REG_NONE (null)
| V "enablesecuritysignature" REG_NONE (null)
| V "requiresecuritysignature" REG_NONE (null)
| V "restrictnullsessaccess" REG_NONE (null)
| V "NullSessionPipes" REG_NONE (null)
| V "NullSessionShares" REG_NONE (null)
| V "ServiceDll" REG_NONE (null)
| V "Lmannounce" REG_NONE (null)
| V "Size" REG_NONE (null)
| V "Guid" REG_NONE (null)
| I took an ethereal trace and it shows a WINREG EnumKey request getting
| response with error: 0x0414000a. However all the WINREG EnumValues
| have successful responses and I can see the correct values from the
| entries on the ethereal.
Can you please send me a trace of the successfull EnumValues responses?
These would be either value types unknown to Samba (which seems unlikely
to me) or a bug in reg_backend_rpc, I think.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the samba-technical