Reading a windows registry from linux

Matt Cobb mattc at lockdownnetworks.com
Mon Jan 31 18:47:56 GMT 2005


Jelmer, I sent that trace to you directly.  In the mean time I decided
to write a couple quick routines that just gets a string or a dword.
One thing I found was that reg_key_get_value_by_name always returns the
last value in the key, if you pass a value that doesn't exit.  I think
that is because of the following lines:

if(!W_ERROR_IS_OK(error) && !W_ERROR_EQUAL(error, WERR_NO_MORE_ITEMS))
	return error;

return WERR_OK;

When there are not more items and the value we're looking for isn't
found, WERR_OK is returned.  However val has already been filled in by
the call to reg_key_get_value_by_index, so the last val gets returned.

Also, even when a valid key and value are passed, the type field in the
val is not set.  This could be causing the regshell problem.

-MC

-----Original Message-----
From: Jelmer Vernooij [mailto:jelmer at samba.org] 
Sent: Saturday, January 29, 2005 11:29 AM
To: Matt Cobb
Cc: samba-technical at lists.samba.org
Subject: Re: Reading a windows registry from linux

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Matt,

Matt Cobb wrote:
| So I tried samba4 regshell to read the registry against a Win2003
domain
| controller.  It seems to be able to log in, do the SMB Signing and get
| keys.  However all the Values show up as REG_NONE and null.  Anyone
else
| seeing this?  I did a svn update yesterday and made everything again
| using the instructions in howto.txt.  Here is the output from
regshell.
|
| mattc-deb:/usr/local/samba/bin# ./regshell -b rpc -R
| "ncacn_np:lab-server-1" -U "administrator"
| Password for [TESTLAB\administrator]:
| HKEY_CLASSES_ROOT:> predefined HKEY_LOCAL_MACHINE
| HKEY_LOCAL_MACHINE:> ck
"SYSTEM\CurrentControlSet\Services\lanmanserver"
| Current path is: SYSTEM\CurrentControlSet\Services\lanmanserver
| HKEY_LOCAL_MACHINE:SYSTEM\CurrentControlSet\Services\lanmanserver> ck
| parametersCurrent path is:
| SYSTEM\CurrentControlSet\Services\lanmanserver\parameters
|
HKEY_LOCAL_MACHINE:SYSTEM\CurrentControlSet\Services\lanmanserver\parame
| ters> ls
| V "autodisconnect" REG_NONE (null)
| V "enableforcedlogoff" REG_NONE (null)
| V "enablesecuritysignature" REG_NONE (null)
| V "requiresecuritysignature" REG_NONE (null)
| V "restrictnullsessaccess" REG_NONE (null)
| V "NullSessionPipes" REG_NONE (null)
| V "NullSessionShares" REG_NONE (null)
| V "ServiceDll" REG_NONE (null)
| V "Lmannounce" REG_NONE (null)
| V "Size" REG_NONE (null)
| V "Guid" REG_NONE (null)
|
| I took an ethereal trace and it shows a WINREG EnumKey request getting
a
| response with error:  0x0414000a.  However all the WINREG EnumValues
| have successful responses and I can see the correct values from the
| entries on the ethereal.
Can you please send me a trace of the successfull EnumValues responses?
These would be either value types unknown to Samba (which seems unlikely
to me) or a bug in reg_backend_rpc, I think.

Cheers,

Jelmer Vernooij
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFB++QAPa9Uoh7vUnYRAhdWAJ465Jh2qqCRYRBLv4P9cZ7XntT5XgCfZgb+
GbH1jGaRXF6A4NaKb2OQvkg=
=6uAr
-----END PGP SIGNATURE-----



More information about the samba-technical mailing list