uint32 *sec_desc, NTTIME *mod_time);
BOOL do_reg_unknown_1a(struct cli_state *cli, uint16 fnum, POLICY_HND *hnd, uint32 *unk);
BOOL do_reg_query_info(struct cli_state *cli, uint16 fnum, POLICY_HND *hnd,
- char *type, uint32 *unk_0, uint32 *unk_1);
+ const char* val_name,
+ char *type);
BOOL do_reg_set_key_sec(struct cli_state *cli, uint16 fnum, POLICY_HND *hnd,
uint32 sec_buf_size, SEC_DESC *sec_buf);
BOOL do_reg_get_key_sec(struct cli_state *cli, uint16 fnum, POLICY_HND *hnd,
uint32 buf_len, SEC_DESC_BUF *sec_buf);
BOOL reg_io_q_get_key_sec(char *desc, REG_Q_GET_KEY_SEC *r_q, prs_struct *ps, int depth);
BOOL reg_io_r_get_key_sec(char *desc, REG_R_GET_KEY_SEC *r_q, prs_struct *ps, int depth);
-BOOL make_reg_q_info(REG_Q_INFO *q_i, POLICY_HND *pol, char *product_type,
- time_t unix_time, uint8 major, uint8 minor);
+BOOL make_reg_q_info(REG_Q_INFO *q_i, POLICY_HND *pol, const char *val_name,
+ uint8 major, uint8 minor);
BOOL reg_io_q_info(char *desc, REG_Q_INFO *r_q, prs_struct *ps, int depth);
BOOL make_reg_r_info(REG_R_INFO *r_r,
- uint32 level, char *os_type,
+ uint32 type, char *buf,
uint32 status);
BOOL reg_io_r_info(char *desc, REG_R_INFO *r_r, prs_struct *ps, int depth);
BOOL make_reg_q_enum_val(REG_Q_ENUM_VALUE *q_i, POLICY_HND *pol,
REG_KEY_FN(reg_key_fn),
REG_VAL_FN(reg_val_fn));
void cmd_reg_enum(struct client_info *info);
+void cmd_reg_query_info(struct client_info *info);
void cmd_reg_query_key(struct client_info *info);
void cmd_reg_create_val(struct client_info *info);
void cmd_reg_delete_val(struct client_info *info);
typedef struct lsa_query_info
{
POLICY_HND pol; /* policy handle */
- uint16 info_class; /* info class */
+ uint16 info_class; /* info class */
} LSA_Q_QUERY_INFO;
{
POLICY_HND pol; /* policy handle */
- UNIHDR hdr_type; /* unicode product type header */
- UNISTR2 uni_type; /* unicode product type - "ProductType" */
+ UNIHDR hdr_val; /* unicode product type header */
+ UNISTR2 uni_val; /* unicode product type - "ProductType" */
- uint32 ptr1; /* pointer */
- NTTIME time; /* current time? */
- uint8 major_version1; /* 0x4 - os major version? */
- uint8 minor_version1; /* 0x1 - os minor version? */
- uint8 pad1[10]; /* padding - zeros */
+ uint32 ptr_type; /* pointer */
+ uint32 type; /* type of buffer */
- uint32 ptr2; /* pointer */
- uint8 major_version2; /* 0x4 - os major version? */
- uint8 minor_version2; /* 0x1 - os minor version? */
- uint8 pad2[2]; /* padding - zeros */
+ uint32 ptr_uni_type; /* pointer to o/s type */
+ BUFFER2 uni_type; /* unicode string o/s type - "LanmanNT" */
- uint32 ptr3; /* pointer */
- uint32 unknown; /* 0x0000 0000 */
+ uint32 ptr_max_len; /* pointer to unknown_0 */
+ uint32 buf_max_len; /* 0x12 */
+
+ uint32 ptr_len; /* pointer to unknown_1 */
+ uint32 buf_len; /* 0x12 */
} REG_Q_INFO;
/* REG_R_INFO */
typedef struct r_reg_info_info
{
- uint32 ptr1; /* buffer pointer */
- uint32 level; /* 0x1 - info level? */
+ uint32 ptr_type; /* buffer pointer */
+ uint32 type; /* 0x1 - info level? */
- uint32 ptr_type; /* pointer to o/s type */
+ uint32 ptr_uni_type; /* pointer to o/s type */
BUFFER2 uni_type; /* unicode string o/s type - "LanmanNT" */
- uint32 ptr2; /* pointer to unknown_0 */
- uint32 unknown_0; /* 0x12 */
+ uint32 ptr_max_len; /* pointer to unknown_0 */
+ uint32 buf_max_len; /* 0x12 */
- uint32 ptr3; /* pointer to unknown_1 */
- uint32 unknown_1; /* 0x12 */
+ uint32 ptr_len; /* pointer to unknown_1 */
+ uint32 buf_len; /* 0x12 */
uint32 status; /* return status */
/* put in the header */
ubuf[0] = dgram->header.msg_type;
- ubuf[1] = (((int)dgram->header.flags.node_type)<<2);
+ ubuf[1] = (((unsigned int)dgram->header.flags.node_type)<<2);
if (dgram->header.flags.more) ubuf[1] |= 1;
if (dgram->header.flags.first) ubuf[1] |= 2;
RSSVAL(ubuf,2,dgram->header.dgm_id);
***************************************************************************/
static void lsa_reply_open_policy2(prs_struct *rdata)
{
- int i;
LSA_R_OPEN_POL2 r_o;
ZERO_STRUCT(r_o);
/* set up the LSA QUERY INFO response */
- for (i = 4; i < POL_HND_SIZE; i++)
+ r_o.status = 0x0;
+
+ /* get a (unique) handle. open a policy on it. */
+ if (!open_lsa_policy_hnd(&r_o.pol))
{
- r_o.pol.data[i] = i;
+ r_o.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
}
- r_o.status = 0x0;
/* store the response in the SMB stream */
lsa_io_r_open_pol2("", &r_o, rdata, 0);
***************************************************************************/
static void lsa_reply_open_policy(prs_struct *rdata)
{
- int i;
LSA_R_OPEN_POL r_o;
ZERO_STRUCT(r_o);
/* set up the LSA QUERY INFO response */
- for (i = 4; i < POL_HND_SIZE; i++)
+ r_o.status = 0x0;
+
+ /* get a (unique) handle. open a policy on it. */
+ if (!open_lsa_policy_hnd(&r_o.pol))
{
- r_o.pol.data[i] = i;
+ r_o.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
}
- r_o.status = 0x0;
/* store the response in the SMB stream */
lsa_io_r_open_pol("", &r_o, rdata, 0);
ZERO_STRUCT(r_q);
- /* set up the LSA QUERY INFO response */
-
- r_q.undoc_buffer = 0x22000000; /* bizarre */
- r_q.info_class = q_q->info_class;
+ /* get a (unique) handle. open a policy on it. */
+ if (r_q.status == 0x0 && !open_lsa_policy_hnd(&q_q->pol))
+ {
+ r_q.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
+ }
+ else
+ {
+ /* set up the LSA QUERY INFO response */
- make_dom_query(&r_q.dom.id5, dom_name, dom_sid);
+ r_q.undoc_buffer = 0x1; /* bizarre */
+ r_q.info_class = q_q->info_class;
- r_q.status = 0x0;
+ make_dom_query(&r_q.dom.id5, dom_name, dom_sid);
+ r_q.status = 0x0;
+ }
/* store the response in the SMB stream */
lsa_io_r_query("", &r_q, rdata, 0);
}
prs_struct *rdata)
{
LSA_R_CLOSE r_c;
+ LSA_Q_CLOSE q_c;
+
+ lsa_io_q_close("", &q_c, data, 0);
ZERO_STRUCT(r_c);
+ r_c.status = 0x0;
+
+ /* find the connection policy handle. */
+ if (r_c.status == 0x0 && (find_lsa_policy_by_hnd(&(q_c.pol)) == -1))
+ {
+ r_c.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
+ }
+ if (r_c.status == 0x0)
+ {
+ close_lsa_policy_hnd(&(q_c.pol));
+ }
+
/* store the response in the SMB stream */
lsa_io_r_close("", &r_c, rdata, 0);
}
q = ascii_to_unibuf(q, my_name, outbuf+sizeof(outbuf)-q-2);
q = ascii_to_unibuf(q, global_myworkgroup, outbuf+sizeof(outbuf)-q-2);
+ ntversion = 0x01;
+
SIVAL(q, 0, ntversion);
q += 4;
SSVAL(q, 0, lmnttoken);
do a REG Query Info
****************************************************************************/
BOOL do_reg_query_info(struct cli_state *cli, uint16 fnum, POLICY_HND *hnd,
- char *type, uint32 *unk_0, uint32 *unk_1)
+ const char* val_name,
+ char *type)
{
prs_struct rbuf;
prs_struct buf;
DEBUG(4,("REG Query Info\n"));
- make_reg_q_info(&q_o, hnd, "ProductType", time(NULL), 4, 1);
+ make_reg_q_info(&q_o, hnd, val_name, 4, 0);
/* turn parameters into data stream */
reg_io_q_info("", &q_o, &buf, 0);
valid_query = True;
unibuf_to_ascii(type, (const char*)r_o.uni_type.buffer,
MIN(r_o.uni_type.buf_len, sizeof(fstring)-1));
- (*unk_0) = r_o.unknown_0;
- (*unk_1) = r_o.unknown_1;
}
}
/*******************************************************************
makes a structure.
********************************************************************/
-BOOL make_reg_q_info(REG_Q_INFO *q_i, POLICY_HND *pol, char *product_type,
- time_t unix_time, uint8 major, uint8 minor)
+BOOL make_reg_q_info(REG_Q_INFO *q_i, POLICY_HND *pol, const char *val_name,
+ uint8 major, uint8 minor)
{
- int len_type = strlen(product_type);
+ int len_type = val_name != NULL ? strlen(val_name) + 1 : 0;
if (q_i == NULL) return False;
memcpy(&(q_i->pol), pol, sizeof(q_i->pol));
- make_uni_hdr(&(q_i->hdr_type), len_type);
- make_unistr2(&(q_i->uni_type), product_type, len_type);
+ make_uni_hdr(&(q_i->hdr_val), len_type);
+ make_unistr2(&(q_i->uni_val), val_name, len_type);
- q_i->ptr1 = 1;
- unix_to_nt_time(&(q_i->time), unix_time);
- q_i->major_version1 = major;
- q_i->minor_version1 = minor;
- memset(q_i->pad1, 0, sizeof(q_i->pad1));
+ q_i->ptr_type = 1;
+ q_i->type = 0x77872314;
- q_i->ptr2 = 1;
- q_i->major_version2 = major;
- q_i->minor_version2 = minor;
- memset(q_i->pad2, 0, sizeof(q_i->pad2));
+ q_i->ptr_uni_type = 0x1;
+ q_i->uni_type.buf_max_len = 0x104;
+ q_i->uni_type.buf_len = 0x0;
+ q_i->uni_type.undoc = 0;
- q_i->ptr3 = 1;
- q_i->unknown = 0x00000000;
+ q_i->ptr_max_len = 1;
+ q_i->buf_max_len = 0x104;
+
+ q_i->ptr_len = 1;
+ q_i->buf_len = 0x0;
return True;
}
prs_align(ps);
smb_io_pol_hnd("", &(r_q->pol), ps, depth);
- smb_io_unihdr ("", &(r_q->hdr_type), ps, depth);
- smb_io_unistr2("", &(r_q->uni_type), r_q->hdr_type.buffer, ps, depth);
+ smb_io_unihdr ("", &(r_q->hdr_val), ps, depth);
+ smb_io_unistr2("", &(r_q->uni_val), r_q->hdr_val.buffer, ps, depth);
prs_align(ps);
- prs_uint32("ptr1", ps, depth, &(r_q->ptr1));
-
- if (r_q->ptr1 != 0)
+ prs_uint32("ptr_type", ps, depth, &(r_q->ptr_type));
+ if (r_q->ptr_type != 0)
{
- smb_io_time("", &(r_q->time), ps, depth);
- prs_uint8 ("major_version1", ps, depth, &(r_q->major_version1));
- prs_uint8 ("minor_version1", ps, depth, &(r_q->minor_version1));
- prs_uint8s(False, "pad1", ps, depth, r_q->pad1, sizeof(r_q->pad1));
+ prs_uint32("type", ps, depth, &(r_q->type));
}
- prs_uint32("ptr2", ps, depth, &(r_q->ptr2));
+ prs_uint32("ptr_uni_type", ps, depth, &(r_q->ptr_uni_type));
- if (r_q->ptr2 != 0)
+ smb_io_buffer2("uni_type", &(r_q->uni_type), r_q->ptr_uni_type, ps, depth);
+ prs_align(ps);
+
+ prs_uint32("ptr_max_len", ps, depth, &(r_q->ptr_max_len));
+ if (r_q->ptr_max_len != 0)
{
- prs_uint8 ("major_version2", ps, depth, &(r_q->major_version2));
- prs_uint8 ("minor_version2", ps, depth, &(r_q->minor_version2));
- prs_uint8s(False, "pad2", ps, depth, r_q->pad2, sizeof(r_q->pad2));
+ prs_uint32("buf_max_len", ps, depth, &(r_q->buf_max_len));
}
- prs_uint32("ptr3", ps, depth, &(r_q->ptr3));
-
- if (r_q->ptr3 != 0)
+ prs_uint32("ptr_len", ps, depth, &(r_q->ptr_len));
+ if (r_q->ptr_len != 0)
{
- prs_uint32("unknown", ps, depth, &(r_q->unknown));
+ prs_uint32("buf_len", ps, depth, &(r_q->buf_len));
}
return True;
creates a structure.
********************************************************************/
BOOL make_reg_r_info(REG_R_INFO *r_r,
- uint32 level, char *os_type,
+ uint32 type, char *buf,
uint32 status)
{
int len;
- if (r_r == NULL || os_type == NULL) return False;
+ if (r_r == NULL || buf == NULL) return False;
- len = strlen(os_type);
+ len = strlen(buf);
- r_r->ptr1 = 1;
- r_r->level = level;
+ r_r->ptr_type = type;
+ r_r->type = type;
- r_r->ptr_type = 1;
- make_buffer2(&(r_r->uni_type), os_type, len);
+ r_r->ptr_uni_type = 1;
+ make_buffer2(&(r_r->uni_type), buf, len);
- r_r->ptr2 = r_r->ptr3 = 1;
- r_r->unknown_0 = r_r->unknown_1 = len * 2;
+ r_r->ptr_max_len = 1;
+ r_r->buf_max_len = r_r->uni_type.buf_max_len;
+
+ r_r->ptr_len = 1;
+ r_r->buf_len = r_r->uni_type.buf_len;
r_r->status = status;
prs_align(ps);
- prs_uint32("ptr1", ps, depth, &(r_r->ptr1));
-
- if (r_r->ptr1 != 0)
+ prs_uint32("ptr_type", ps, depth, &(r_r->ptr_type));
+ if (r_r->ptr_type != 0)
{
- prs_uint32("level", ps, depth, &(r_r->level));
- prs_uint32("ptr_type", ps, depth, &(r_r->ptr_type));
-
- smb_io_buffer2("uni_type", &(r_r->uni_type), r_r->ptr_type, ps, depth);
- prs_align(ps);
-
- prs_uint32("ptr2", ps, depth, &(r_r->ptr2));
-
- if (r_r->ptr2 != 0)
- {
- prs_uint32("unknown_0", ps, depth, &(r_r->unknown_0));
- }
+ prs_uint32("type", ps, depth, &(r_r->type));
+ }
- prs_uint32("ptr3", ps, depth, &(r_r->ptr3));
+ prs_uint32("ptr_uni_type", ps, depth, &(r_r->ptr_uni_type));
+ smb_io_buffer2("uni_type", &(r_r->uni_type), r_r->ptr_uni_type, ps, depth);
+ prs_align(ps);
- if (r_r->ptr3 != 0)
- {
- prs_uint32("unknown_1", ps, depth, &(r_r->unknown_1));
- }
+ prs_uint32("ptr_max_len", ps, depth, &(r_r->ptr_max_len));
+ if (r_r->ptr_max_len != 0)
+ {
+ prs_uint32("buf_max_len", ps, depth, &(r_r->buf_max_len));
+ }
+ prs_uint32("ptr_len", ps, depth, &(r_r->ptr_len));
+ if (r_r->ptr_len != 0)
+ {
+ prs_uint32("buf_len", ps, depth, &(r_r->buf_len));
}
+
prs_uint32("status", ps, depth, &(r_r->status));
return True;
***************************************************************************/
static void lsa_reply_open_policy2(prs_struct *rdata)
{
- int i;
LSA_R_OPEN_POL2 r_o;
ZERO_STRUCT(r_o);
/* set up the LSA QUERY INFO response */
- for (i = 4; i < POL_HND_SIZE; i++)
+ r_o.status = 0x0;
+
+ /* get a (unique) handle. open a policy on it. */
+ if (!open_lsa_policy_hnd(&r_o.pol))
{
- r_o.pol.data[i] = i;
+ r_o.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
}
- r_o.status = 0x0;
/* store the response in the SMB stream */
lsa_io_r_open_pol2("", &r_o, rdata, 0);
***************************************************************************/
static void lsa_reply_open_policy(prs_struct *rdata)
{
- int i;
LSA_R_OPEN_POL r_o;
ZERO_STRUCT(r_o);
/* set up the LSA QUERY INFO response */
- for (i = 4; i < POL_HND_SIZE; i++)
+ r_o.status = 0x0;
+
+ /* get a (unique) handle. open a policy on it. */
+ if (!open_lsa_policy_hnd(&r_o.pol))
{
- r_o.pol.data[i] = i;
+ r_o.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
}
- r_o.status = 0x0;
/* store the response in the SMB stream */
lsa_io_r_open_pol("", &r_o, rdata, 0);
ZERO_STRUCT(r_q);
- /* set up the LSA QUERY INFO response */
-
- r_q.undoc_buffer = 0x22000000; /* bizarre */
- r_q.info_class = q_q->info_class;
+ /* get a (unique) handle. open a policy on it. */
+ if (r_q.status == 0x0 && !open_lsa_policy_hnd(&q_q->pol))
+ {
+ r_q.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
+ }
+ else
+ {
+ /* set up the LSA QUERY INFO response */
- make_dom_query(&r_q.dom.id5, dom_name, dom_sid);
+ r_q.undoc_buffer = 0x1; /* bizarre */
+ r_q.info_class = q_q->info_class;
- r_q.status = 0x0;
+ make_dom_query(&r_q.dom.id5, dom_name, dom_sid);
+ r_q.status = 0x0;
+ }
/* store the response in the SMB stream */
lsa_io_r_query("", &r_q, rdata, 0);
}
prs_struct *rdata)
{
LSA_R_CLOSE r_c;
+ LSA_Q_CLOSE q_c;
+
+ lsa_io_q_close("", &q_c, data, 0);
ZERO_STRUCT(r_c);
+ r_c.status = 0x0;
+
+ /* find the connection policy handle. */
+ if (r_c.status == 0x0 && (find_lsa_policy_by_hnd(&(q_c.pol)) == -1))
+ {
+ r_c.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
+ }
+ if (r_c.status == 0x0)
+ {
+ close_lsa_policy_hnd(&(q_c.pol));
+ }
+
/* store the response in the SMB stream */
lsa_io_r_close("", &r_c, rdata, 0);
}
{
DEBUG(5,("reg_open_entry: %s\n", name));
/* lkcl XXXX do a check on the name, here */
- if (!strequal(name, "SYSTEM\\CurrentControlSet\\Control\\ProductOptions") ||
- !strequal(name, "SYSTEM\\CurrentControlSet\\Services\\NETLOGON\\Parameters"))
+ if (!strequal(name, "SYSTEM\\CurrentControlSet\\Control\\ProductOptions") &&
+ !strequal(name, "SYSTEM\\CurrentControlSet\\Services\\NETLOGON\\Parameters\\"))
{
status = 0xC000000 | NT_STATUS_ACCESS_DENIED;
}
if (status == 0)
{
+ make_reg_r_info(&r_u, 1, "LanmanNT", status);
}
- make_reg_r_info(&r_u, 1, "LanmanNT", status);
/* store the response in the SMB stream */
reg_io_r_info("", &r_u, rdata, 0);
}
}
+/****************************************************************************
+nt registry query value info
+****************************************************************************/
+void cmd_reg_query_info(struct client_info *info)
+{
+ uint16 fnum;
+ BOOL res = True;
+ BOOL res1 = True;
+
+ POLICY_HND key_pol;
+ POLICY_HND pol_con;
+ fstring full_keyname;
+ fstring key_name;
+ fstring keyname;
+ fstring val_name;
+
+ /*
+ * query value info
+ */
+
+ fstring type;
+
+ type[0] = 0;
+ DEBUG(5, ("cmd_reg_enum: smb_cli->fd:%d\n", smb_cli->fd));
+
+ if (!next_token(NULL, full_keyname, NULL, sizeof(full_keyname)))
+ {
+ report(out_hnd, "regvalinfo value_name\n");
+ return;
+ }
+
+ reg_get_subkey(full_keyname, keyname, val_name);
+
+ if (keyname[0] == 0 || val_name[0] == 0)
+ {
+ report(out_hnd, "invalid value name\n");
+ return;
+ }
+
+ /* open WINREG session. */
+ res = res ? cli_nt_session_open(smb_cli, PIPE_WINREG, &fnum) : False;
+
+ /* open registry receive a policy handle */
+ res = res ? do_reg_connect(smb_cli, fnum, keyname, key_name,
+ &pol_con) : False;
+
+ if ((*key_name) != 0)
+ {
+ /* open an entry */
+ res1 = res ? do_reg_open_entry(smb_cli, fnum, &pol_con,
+ key_name, 0x02000000, &key_pol) : False;
+ }
+ else
+ {
+ memcpy(&key_pol, &pol_con, sizeof(key_pol));
+ }
+
+ /* query it */
+ res1 = res1 ? do_reg_query_info(smb_cli, fnum, &key_pol,
+ val_name, type) : False;
+
+ if (res1)
+ {
+ report(out_hnd, "type:\t%s\n", type);
+ }
+
+ /* close the handles */
+ if ((*key_name) != 0)
+ {
+ res1 = res1 ? do_reg_close(smb_cli, fnum, &key_pol) : False;
+ }
+ res = res ? do_reg_close(smb_cli, fnum, &pol_con) : False;
+
+ /* close the session */
+ cli_nt_session_close(smb_cli, fnum);
+
+ if (res && res1)
+ {
+ DEBUG(5,("cmd_reg_query: query succeeded\n"));
+ }
+ else
+ {
+ DEBUG(5,("cmd_reg_query: query failed\n"));
+ }
+}
+
/****************************************************************************
nt registry query key
****************************************************************************/
"[-m message] [-t timeout] [-r or --reboot] Server Shutdown",
{COMPL_NONE, COMPL_NONE}
},
+ {
+ "regqueryval",
+ cmd_reg_query_info,
+ "<valname> Registry Value Query",
+ {COMPL_REGKEY, COMPL_NONE}
+ },
{
"regquerykey",
cmd_reg_query_key,
git.samba.org / jra / samba / .git / commitdiff