Michael, I will keep you posted when the updated version of document is available.
Thanks! Hongwei -----Original Message----- From: Michael Adam [mailto:[email protected]] Sent: Wednesday, June 09, 2010 5:34 PM To: Hongwei Sun Cc: Andreas Schneider; [email protected]; [email protected]; MSSolve Case Email Subject: Re: [Pfif] [REG:110052070326491] [cifs-protocol] MS_RRP: Question on Symbolic Links Hello Hongwei, Thank you very much for your investigation and confirmation! I am curious about the updated version of the MS-RRP doc. Best regards, Michael Hongwei Sun wrote: > Michael/Andreas, > > We completed the investigation and confirmed that functionality of > deleting symbolic link's source key is not available in Windows > registry remote service(MS-RRP). > Unfortunately, there is no way for a remote client to delete > a symbolic link source key on the server. Does Samba > actually uses this feature ? I would like to know the impact of this > undesirable behavior on Samba's implementation. We will update this > behavior in MS-RRP. > > We also confirmed that the kernel mode format should be used > for "SymbolicLinkValue" value. We will update the > corresponding section of MS-RRP to reflect the change. Thanks for > bringing this into our attention and help us improve the > documentation. > > Please let me know if you have any more questions on this subject and > I will follow it up. > > Thanks! > > Hongwei > > > -----Original Message----- > From: Michael Adam [mailto:[email protected]] > Sent: Wednesday, June 02, 2010 4:17 AM > To: Hongwei Sun > Cc: Michael Adam; Andreas Schneider; [email protected]; > [email protected]; MSSolve Case Email > Subject: Re: [Pfif] [REG:110052070326491] [cifs-protocol] MS_RRP: > Question on Symbolic Links > > Hi Hongwei, > > Hongwei Sun wrote: > > Michael/Andreas, > > > > I just want to give you an update. I have reproduced locally > > the problem with deleting the symbolic link key after the > > "SymbolicLinkValue" value has been deleted. I also changed the > > function kernel_mode_registry_path() in smbtorture to return FQN to > > duplicate the behavior of following symbolic link target key in FQN. > > I have everything I need to do further debugging and provide the > > clarification. I will let you know when I am done. > > Thanks for the update! > > Please bear in mind that the original question was if one can delete the > symbolic link's source key via the remote registry protocol (and how to do so > if the answer is yes). > We did not find the procedure for deletion documented. > > The procedure to first remove the value "SymbolicLinkValue" > was just an attempt to get it done. There may be other ways, but we could not > think of one. It seemed the obvious attempt too, because any access on the > source key with present value will always work on the target, and there is no > way to delete the opened key handle via the RRP. > > Thanks - Michael > > > Thanks! > > > > Hongwei > > > > > > > > -----Original Message----- > > From: Michael Adam [mailto:[email protected]] > > Sent: Friday, May 28, 2010 9:17 AM > > To: Hongwei Sun; Andreas Schneider > > Cc: [email protected]; [email protected]; MSSolve Case Email > > Subject: Re: [Pfif] [REG:110052070326491] [cifs-protocol] MS_RRP: > > Question on Symbolic Links > > > > Hi Hongwei, > > > > Andreas Schneider wrote: > > > On Monday 24 May 2010 23:58:34 Hongwei Sun wrote: > > > > Andreas, > > > > > > Hello Hongwei, > > > > > > > When you open the key with REG_OPTION_LINK flag set, the > > > > server will return the handle to the source key. With a valid > > > > handle, client should be able to update the target of the > > > > symbolic link by changing the value of SymbolicLinkValue and also > > > > delete the key that is referenced by the > > > > handle. As explicitly pointed out in 3.1.1.11, the SymbolicLinkValue > > > > for > > > > target link should contain Fully Qualified Name(3.1.1.1.1), which is > > > > something like HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices. It is not in > > > > the kernel mode string such as \registry\machine\system\MountedDevice. > > > > > > > > How do you delete the value "SymbolocLinkVallue" ? using > > > > BaseRegDeleteValue as per 3.1.5.9 MS-RRP? What do you mean by "it > > > > didn't > > > > work" ? Do you mean that the value is not deleted or any error is > > > > returned ? > > > > > > I'm able to delete the value but not the key. > > > > Yes, this is the main question here: > > How to delete source key of the symlink. > > > > There seems to be no way to do that using the remote registry protocol, > > since I can find no (documented) call to delete an opened key (i.e. > > operating on a key handle). > > > > The internal libraries document the ZwDeleteKey / NtDeleteKey routines that > > operate on an opened KeyHandle for this purpose: > > http://msdn.microsoft.com/en-us/library/ff566437%28VS.85%29.aspx > > > > But I can't find acorresponding call in the RRP doc. > > And, as you stated, when you access the symlink source key without opening > > it with the REG_OPTION_LINK flag, then you will operate on the target of > > the symlink. Or else if the special value SymbolicLinkValue is not present, > > access simply seems to fail. > > > > The only other means of deleting a symlink source key I could > > imagine would be to change the type of the sourcekey first, removing > > the LINK type flag (3.1.1.2, > > http://msdn.microsoft.com/en-us/library/cc244886%28PROT.10%29.aspx ) > > which was set when creating the key. But this does not seem to be > > achievable, at least not with calling CreateKey with different > > options on the existing key (which was the only way I could > > imagine), since the description > > "3.1.5.7 BaseRegCreateKey (Opnum 6)" reads: > > "If the key already exists, the dwOptions parameter in the client request > > MUST be ignored." > > > > Could you please confirm this behaviour or else (preferred! :-) tell us how > > to delete the source key of a symlink using the remote registry? > > > > Cheers - Michael > > > > > I'm running this test against > > > Windows 2008. Here is some pseudo code. > > > > > > /* create link */ > > > > > > CreateKey("SOFTWARE\torture_test\target") > > > CloseKey("SOFTWARE\torture_test\target") > > > > > > CreateKey("SOFTWARE\torture_test\link", REG_OPTION_CREATE_LINK | > > > REG_OPTION_VOLATILE) > > > SetValue("SymbolicLinkValue", "SOFTWARE\torture_test\target") > > > CloseKey("SOFTWARE\torture_test\link") > > > > > > /* delete link */ > > > OpenKey("SOFTWARE\torture_test\link", REG_OPTION_OPEN_LINK | > > > REG_OPTION_VOLATILE) > > > DeleteValue("SymbolicLinkValue") > > > CloseKey("SOFTWARE\torture_test\link") > > > DeleteKey("SOFTWARE\torture_test\link") --> fails with > > > WERR_ACCESS_DENIED > > > > > > > > > Regards, > > > > > > > > > -- andreas > > > > > > _______________________________________________ > > > Pfif mailing list > > > [email protected] > > > http://lists.tridgell.net/cgi-bin/mailman/listinfo/pfif _______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
