diff options
Diffstat (limited to 'source3/rpcclient/cmd_reg.c')
-rw-r--r-- | source3/rpcclient/cmd_reg.c | 389 |
1 files changed, 332 insertions, 57 deletions
diff --git a/source3/rpcclient/cmd_reg.c b/source3/rpcclient/cmd_reg.c index 399fb30603..48b6d385bb 100644 --- a/source3/rpcclient/cmd_reg.c +++ b/source3/rpcclient/cmd_reg.c @@ -42,9 +42,6 @@ nt registry enum ****************************************************************************/ void cmd_reg_enum(struct client_info *info) { - fstring type; - uint32 unk_0; - uint32 unk_1; BOOL res = True; BOOL res1 = True; BOOL res2 = True; @@ -57,15 +54,15 @@ void cmd_reg_enum(struct client_info *info) * query key info */ - uint32 unknown_0; - uint32 unknown_1; + fstring key_class; + uint32 max_class_len = 0; uint32 num_subkeys; uint32 max_subkeylen; - uint32 unknown_4; + uint32 max_subkeysize; uint32 num_values; uint32 max_valnamelen; uint32 max_valbufsize; - uint32 unknown_8; + uint32 sec_desc; NTTIME mod_time; /* @@ -94,28 +91,12 @@ void cmd_reg_enum(struct client_info *info) res1 = res ? do_reg_open_entry(smb_cli, &info->dom.reg_pol_connect, key_name, 0x02000000, &key_pol) : False; - /* query it */ - res1 = res1 ? do_reg_query_info(smb_cli, &key_pol, - type, &unk_0, &unk_1) : False; - - res1 = res1 ? do_reg_query_unk_10(smb_cli, + res1 = res1 ? do_reg_query_key(smb_cli, &key_pol, - &unknown_0, &unknown_1, - &num_subkeys, &max_subkeylen, - &unknown_4, &num_values, - &max_valnamelen, &max_valbufsize, - &unknown_8, &mod_time) : False; - - if (res1) - { - fprintf(out_hnd,"Registry Query Info Key\n"); - fprintf(out_hnd,"unk_0,1 : 0x%x 0x%x\n", unknown_0, unknown_1); - fprintf(out_hnd,"subkeys, max_len: %d %d\n", num_subkeys, max_subkeylen); - fprintf(out_hnd,"unk_4 : 0x%x\n", unknown_4); - fprintf(out_hnd,"vals, max_len, max_size: 0x%x 0x%x 0x%x\n", num_values, max_valnamelen, max_valbufsize); - fprintf(out_hnd,"unk_8: 0x%x\n", unknown_8); - fprintf(out_hnd,"mod time: %s\n", http_timestring(nt_time_to_unix(&mod_time))); - } + key_class, &max_class_len, + &num_subkeys, &max_subkeylen, &max_subkeysize, + &num_values, &max_valnamelen, &max_valbufsize, + &sec_desc, &mod_time) : False; for (i = 0; i < num_subkeys; i++) { @@ -194,8 +175,6 @@ void cmd_reg_enum(struct client_info *info) if (res && res1 && res2) { DEBUG(5,("cmd_reg_enum: query succeeded\n")); - fprintf(out_hnd,"Registry Enumeration\n"); - fprintf(out_hnd,"Type: %s unk_0:%x unk_1:%x\n", type, unk_0, unk_1); } else { @@ -204,6 +183,96 @@ void cmd_reg_enum(struct client_info *info) } /**************************************************************************** +nt registry query key +****************************************************************************/ +void cmd_reg_query_key(struct client_info *info) +{ + BOOL res = True; + BOOL res1 = True; + + POLICY_HND key_pol; + fstring key_name; + + /* + * query key info + */ + + fstring key_class; + uint32 key_class_len = 0; + uint32 num_subkeys; + uint32 max_subkeylen; + uint32 max_subkeysize; + uint32 num_values; + uint32 max_valnamelen; + uint32 max_valbufsize; + uint32 sec_desc; + NTTIME mod_time; + + DEBUG(5, ("cmd_reg_enum: smb_cli->fd:%d\n", smb_cli->fd)); + + if (!next_token(NULL, key_name, NULL, sizeof(key_name))) + { + fprintf(out_hnd, "regquery key_name\n"); + return; + } + + /* open WINREG session. */ + res = res ? cli_nt_session_open(smb_cli, PIPE_WINREG) : False; + + /* open registry receive a policy handle */ + res = res ? do_reg_open_policy(smb_cli, + 0x84E0, 0x02000000, + &info->dom.reg_pol_connect) : False; + + /* open an entry */ + res1 = res ? do_reg_open_entry(smb_cli, &info->dom.reg_pol_connect, + key_name, 0x02000000, &key_pol) : False; + + res1 = res1 ? do_reg_query_key(smb_cli, + &key_pol, + key_class, &key_class_len, + &num_subkeys, &max_subkeylen, &max_subkeysize, + &num_values, &max_valnamelen, &max_valbufsize, + &sec_desc, &mod_time) : False; + + if (res1 && key_class_len != 0) + { + res1 = res1 ? do_reg_query_key(smb_cli, + &key_pol, + key_class, &key_class_len, + &num_subkeys, &max_subkeylen, &max_subkeysize, + &num_values, &max_valnamelen, &max_valbufsize, + &sec_desc, &mod_time) : False; + } + + if (res1) + { + fprintf(out_hnd,"Registry Query Info Key\n"); + fprintf(out_hnd,"key class: %s\n", key_class); + fprintf(out_hnd,"subkeys, max_len, max_size: %d %d %d\n", num_subkeys, max_subkeylen, max_subkeysize); + fprintf(out_hnd,"vals, max_len, max_size: 0x%x 0x%x 0x%x\n", num_values, max_valnamelen, max_valbufsize); + fprintf(out_hnd,"sec desc: 0x%x\n", sec_desc); + fprintf(out_hnd,"mod time: %s\n", http_timestring(nt_time_to_unix(&mod_time))); + } + + /* close the handles */ + res1 = res1 ? do_reg_close(smb_cli, &key_pol) : False; + res = res ? do_reg_close(smb_cli, &info->dom.reg_pol_connect) : False; + + /* close the session */ + cli_nt_session_close(smb_cli); + + if (res && res1) + { + DEBUG(5,("cmd_reg_query: query succeeded\n")); + } + else + { + DEBUG(5,("cmd_reg_query: query failed\n")); + } +} + +/**************************************************************************** nt registry test ****************************************************************************/ void cmd_reg_test2(struct client_info *info) @@ -211,21 +280,23 @@ void cmd_reg_test2(struct client_info *info) BOOL res = True; BOOL res1 = True; BOOL res2 = True; + BOOL res3 = True; int i; /* * query key info */ - uint32 unknown_0; - uint32 unknown_1; + POLICY_HND key_pol; + fstring key_class; + uint32 max_class_len; uint32 num_subkeys; uint32 max_subkeylen; - uint32 unknown_4; + uint32 max_subkeysize; uint32 num_values; uint32 max_valnamelen; - uint32 unknown_7; - uint32 unknown_8; + uint32 max_valbufsize; + uint32 sec_desc; NTTIME mod_time; /* @@ -257,43 +328,31 @@ void cmd_reg_test2(struct client_info *info) 0x84E0, 0x02000000, &info->dom.reg_pol_unk_4 ) : False; - res2 = res1 ? do_reg_query_unk_10(smb_cli, - &info->dom.reg_pol_connect, - &unknown_0, &unknown_1, - &num_subkeys, &max_subkeylen, - &unknown_4, &num_values, - &max_valnamelen, &unknown_7, - &unknown_8, &mod_time) : False; - - if (res2) - { - fprintf(out_hnd,"Registry Query Info Key\n"); - fprintf(out_hnd,"unk_0,1 : 0x%x 0x%x\n", unknown_0, unknown_1); - fprintf(out_hnd,"subkeys, max_len: %d %d\n", num_subkeys, max_subkeylen); - fprintf(out_hnd,"unk_4 : 0x%x\n", unknown_4); - fprintf(out_hnd,"vals, max_len : 0x%x 0x%x\n", num_values, max_valnamelen); - fprintf(out_hnd,"unk_7, 8: 0x%x 0x%x\n", unknown_7, unknown_8); - fprintf(out_hnd,"mod time: %s\n", http_timestring(nt_time_to_unix(&mod_time))); - } + res2 = res1 ? do_reg_query_key(smb_cli, + &key_pol, + key_class, &max_class_len, + &num_subkeys, &max_subkeylen, &max_subkeysize, + &num_values, &max_valnamelen, &max_valbufsize, + &sec_desc, &mod_time) : False; for (i = 0; i < num_subkeys; i++) { /* unknown 1a it */ - res2 = res1 ? do_reg_unknown_1a(smb_cli, &info->dom.reg_pol_connect, + res3 = res2 ? do_reg_unknown_1a(smb_cli, &info->dom.reg_pol_connect, &unk_1a_response) : False; - if (res2) + if (res3) { fprintf(out_hnd,"Unknown 1a response: %x\n", unk_1a_response); } /* enum key */ - res2 = res2 ? do_reg_enum_key(smb_cli, &info->dom.reg_pol_connect, + res3 = res3 ? do_reg_enum_key(smb_cli, &info->dom.reg_pol_connect, i, enum_name, &enum_unk1, &enum_unk2, &key_mod_time) : False; - if (res2) + if (res3) { fprintf(out_hnd,"Enum Key: %s ", enum_name); fprintf(out_hnd,"unk (%08x %08x) ", enum_unk1, enum_unk2); @@ -302,6 +361,7 @@ void cmd_reg_test2(struct client_info *info) } /* close the handles */ + res2 = res2 ? do_reg_close(smb_cli, &key_pol ) : False; res1 = res1 ? do_reg_close(smb_cli, &info->dom.reg_pol_unk_4 ) : False; res = res ? do_reg_close(smb_cli, &info->dom.reg_pol_connect) : False; @@ -320,6 +380,221 @@ void cmd_reg_test2(struct client_info *info) } /**************************************************************************** +nt registry create value +****************************************************************************/ +void cmd_reg_create_val(struct client_info *info) +{ + BOOL res = True; + BOOL res3 = True; + BOOL res4 = True; + + POLICY_HND parent_pol; + fstring parent_name; + fstring val_name; + fstring tmp; + uint32 val_type; + BUFFER3 value; + +#if 0 + uint32 unk_0; + uint32 unk_1; + /* query it */ + res1 = res1 ? do_reg_query_info(smb_cli, &val_pol, + type, &unk_0, &unk_1) : False; +#endif + + DEBUG(5, ("cmd_reg_get_val_sec: smb_cli->fd:%d\n", smb_cli->fd)); + + if (!next_token(NULL, parent_name, NULL, sizeof(parent_name))) + { + fprintf(out_hnd, "regcreate <parent val name> <val_name> <val_type> <val>\n"); + return; + } + + if (!next_token(NULL, val_name , NULL, sizeof(val_name ))) + { + fprintf(out_hnd, "regcreate <parent val name> <val_name> <val_type> <val>\n"); + return; + } + + if (!next_token(NULL, tmp, NULL, sizeof(tmp))) + { + fprintf(out_hnd, "regcreate <parent val name> <val_name> <val_type (1|4)> <val>\n"); + return; + } + + val_type = atoi(tmp); + + if (val_type != 1 && val_type != 3 && val_type != 4) + { + fprintf(out_hnd, "val_type 1=UNISTR, 3=BYTES, 4=DWORD supported\n"); + return; + } + + if (!next_token(NULL, tmp, NULL, sizeof(tmp))) + { + fprintf(out_hnd, "regcreate <parent val name> <val_name> <val_type (1|4)> <val>\n"); + return; + } + + switch (val_type) + { + case 0x01: /* UNISTR */ + { + make_buffer3_str(&value, tmp, strlen(tmp)+1); + break; + } + case 0x03: /* BYTES */ + { + make_buffer3_hex(&value, tmp); + break; + } + case 0x04: /* DWORD */ + { + uint32 tmp_val; + if (strnequal(tmp, "0x", 2)) + { + tmp_val = strtol(tmp, (char**)NULL, 16); + } + else + { + tmp_val = strtol(tmp, (char**)NULL, 10); + } + make_buffer3_uint32(&value, tmp_val); + break; + } + default: + { + fprintf(out_hnd, "i told you i only deal with UNISTR, DWORD and BYTES!\n"); + return; + } + } + + DEBUG(10,("key data:\n")); + dump_data(10, value.buffer, value.buf_len); + + /* open WINREG session. */ + res = res ? cli_nt_session_open(smb_cli, PIPE_WINREG) : False; + + /* open registry receive a policy handle */ + res = res ? do_reg_open_policy(smb_cli, + 0x84E0, 0x02000000, + &info->dom.reg_pol_connect) : False; + + /* open an entry */ + res3 = res ? do_reg_open_entry(smb_cli, &info->dom.reg_pol_connect, + parent_name, 0x02000000, &parent_pol) : False; + + /* create an entry */ + res4 = res3 ? do_reg_create_val(smb_cli, &parent_pol, + val_name, val_type, &value) : False; + + /* close the val handle */ + res3 = res3 ? do_reg_close(smb_cli, &parent_pol) : False; + + /* close the registry handles */ + res = res ? do_reg_close(smb_cli, &info->dom.reg_pol_connect) : False; + + /* close the session */ + cli_nt_session_close(smb_cli); + + if (res && res3 && res4) + { + DEBUG(5,("cmd_reg_create_val: query succeeded\n")); + fprintf(out_hnd,"OK\n"); + } + else + { + DEBUG(5,("cmd_reg_create_val: query failed\n")); + } +} + +/**************************************************************************** +nt registry create key +****************************************************************************/ +void cmd_reg_create_key(struct client_info *info) +{ + BOOL res = True; + BOOL res3 = True; + BOOL res4 = True; + + POLICY_HND parent_pol; + POLICY_HND key_pol; + fstring parent_name; + fstring key_name; + fstring key_class; + SEC_INFO sam_access; + +#if 0 + uint32 unk_0; + uint32 unk_1; + /* query it */ + res1 = res1 ? do_reg_query_info(smb_cli, &key_pol, + type, &unk_0, &unk_1) : False; +#endif + + DEBUG(5, ("cmd_reg_create_key: smb_cli->fd:%d\n", smb_cli->fd)); + + if (!next_token(NULL, parent_name, NULL, sizeof(parent_name))) + { + fprintf(out_hnd, "regcreate <parent key name> <key_name> [key_class]\n"); + return; + } + + if (!next_token(NULL, key_name , NULL, sizeof(key_name ))) + { + fprintf(out_hnd, "regcreate <parent key name> <key_name> [key_class]\n"); + return; + } + + if (!next_token(NULL, key_class, NULL, sizeof(key_class))) + { + memset(key_class, 0, sizeof(key_class)); + } + + /* set access permissions */ + sam_access.perms = SEC_RIGHTS_READ; + + /* open WINREG session. */ + res = res ? cli_nt_session_open(smb_cli, PIPE_WINREG) : False; + + /* open registry receive a policy handle */ + res = res ? do_reg_open_policy(smb_cli, + 0x84E0, 0x02000000, + &info->dom.reg_pol_connect) : False; + + /* open an entry */ + res3 = res ? do_reg_open_entry(smb_cli, &info->dom.reg_pol_connect, + parent_name, 0x02000000, &parent_pol) : False; + + /* create an entry */ + res4 = res3 ? do_reg_create_key(smb_cli, &parent_pol, + key_name, key_class, &sam_access, &key_pol) : False; + + /* close the key handle */ + res4 = res4 ? do_reg_close(smb_cli, &key_pol) : False; + + /* close the key handle */ + res3 = res3 ? do_reg_close(smb_cli, &parent_pol) : False; + + /* close the registry handles */ + res = res ? do_reg_close(smb_cli, &info->dom.reg_pol_connect) : False; + + /* close the session */ + cli_nt_session_close(smb_cli); + + if (res && res3 && res4) + { + DEBUG(5,("cmd_reg_create_key: query succeeded\n")); + fprintf(out_hnd,"OK\n"); + } + else + { + DEBUG(5,("cmd_reg_create_key: query failed\n")); + } +} + +/**************************************************************************** nt registry security info ****************************************************************************/ void cmd_reg_get_key_sec(struct client_info *info) |