[cifs-protocol] [REG:116102714860400] [MS-RPCE] epm_Map object uuid ignored?
Andreas Schneider
asn at samba.org
Fri Nov 11 10:58:23 UTC 2016
On Thursday, 10 November 2016 08:23:17 CET Andreas Schneider wrote:
> On Wednesday, 9 November 2016 23:36:30 CET Obaid Farooqi wrote:
> > Hi Andreas:
> > Just wanted to add to the info I sent earlier that like open group's
> > implementation, Windows also checks the obj uuid against the registered
> > interfaces.
To clarify:
"Windows also checks the obj uuid against the registered interfaces."
Here is the request with object uuid: 11111111-2222-44fc-a22c-111111111111
epm_Map: struct epm_Map
in: struct epm_Map
object : *
object : 11111111-2222-44fc-
a22c-111111111111
map_tower : *
map_tower: struct epm_twr_t
tower_length : 0x0000004b (75)
tower: struct epm_tower
num_floors : 0x0005 (5)
floors: ARRAY(5)
floors: struct epm_floor
lhs: struct epm_lhs
protocol :
EPM_PROTOCOL_UUID (13)
lhs_data : DATA_BLOB
length=18
[0000] 96 3F F0 76 FD CD FC 44 A2 2C 64 95 0A 00 12 09 .?.v...D .,d.....
[0010] 01 00 ..
rhs : union epm_rhs(case
13)
uuid: struct epm_rhs_uuid
unknown : DATA_BLOB
length=2
[0000] 00 00 ..
floors: struct epm_floor
lhs: struct epm_lhs
protocol :
EPM_PROTOCOL_UUID (13)
lhs_data : DATA_BLOB
length=18
[0000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H`
[0010] 02 00 ..
rhs : union epm_rhs(case
13)
uuid: struct epm_rhs_uuid
unknown : DATA_BLOB
length=2
[0000] 00 00 ..
floors: struct epm_floor
lhs: struct epm_lhs
protocol :
EPM_PROTOCOL_NCACN (11)
lhs_data : DATA_BLOB
length=0
rhs : union epm_rhs(case
11)
ncacn: struct epm_rhs_ncacn
minor_version : 0x0000 (0)
floors: struct epm_floor
lhs: struct epm_lhs
protocol :
EPM_PROTOCOL_TCP (7)
lhs_data : DATA_BLOB
length=0
rhs : union epm_rhs(case
7)
tcp: struct epm_rhs_tcp
port : 0x0000 (0)
floors: struct epm_floor
lhs: struct epm_lhs
protocol : EPM_PROTOCOL_IP
(9)
lhs_data : DATA_BLOB
length=0
rhs : union epm_rhs(case
9)
ip: struct epm_rhs_ip
ipaddr : 127.0.0.1
entry_handle : *
entry_handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid :
00000000-0000-0000-0000-000000000000
max_towers : 0x000001f4 (500)
A Windows server responds with:
epm_Map: struct epm_Map
out: struct epm_Map
entry_handle : *
entry_handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid :
00000000-0000-0000-0000-000000000000
num_towers : *
num_towers : 0x00000001 (1)
towers: ARRAY(1)
towers: struct epm_twr_p_t
twr : *
twr: struct epm_twr_t
tower_length : 0x0000004b (75)
tower: struct epm_tower
num_floors : 0x0005 (5)
floors: ARRAY(5)
floors: struct epm_floor
lhs: struct epm_lhs
protocol :
EPM_PROTOCOL_UUID (13)
lhs_data :
DATA_BLOB length=18
[0000] 96 3F F0 76 FD CD FC 44 A2 2C 64 95 0A 00 12 09 .?.v...D .,d.....
[0010] 01 00 ..
rhs : union
epm_rhs(case 13)
uuid: struct epm_rhs_uuid
unknown :
DATA_BLOB length=2
[0000] 00 00 ..
floors: struct epm_floor
lhs: struct epm_lhs
protocol :
EPM_PROTOCOL_UUID (13)
lhs_data :
DATA_BLOB length=18
[0000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H`
[0010] 02 00 ..
rhs : union
epm_rhs(case 13)
uuid: struct epm_rhs_uuid
unknown :
DATA_BLOB length=2
[0000] 00 00 ..
floors: struct epm_floor
lhs: struct epm_lhs
protocol :
EPM_PROTOCOL_NCACN (11)
lhs_data :
DATA_BLOB length=0
rhs : union
epm_rhs(case 11)
ncacn: struct epm_rhs_ncacn
minor_version : 0x0000
(0)
floors: struct epm_floor
lhs: struct epm_lhs
protocol :
EPM_PROTOCOL_TCP (7)
lhs_data :
DATA_BLOB length=0
rhs : union
epm_rhs(case 7)
tcp: struct epm_rhs_tcp
port : 0xc007
(49159)
floors: struct epm_floor
lhs: struct epm_lhs
protocol :
EPM_PROTOCOL_IP (9)
lhs_data :
DATA_BLOB length=0
rhs : union
epm_rhs(case 9)
ip: struct epm_rhs_ip
ipaddr : 0.0.0.0
result : 0x00000000 (0)
So we get a valid response. It seems the object uuid is just ignored, because
we send garbage and not checked against the registered interfaces.
That's what confused me and led to the following question:
> Ok, then I have an additional question :)
>
> How is the MS-PAR service then registered with endpoint mapper?
>
> The MS-PAR uuid is 76f03f96-cdfd-44fc-a22c-64950A001209, but a MS-PAR client
> is looking for the MS-PAR service using the object uuid
> 9940CA8E-512F-4C58-88A9-61098D6896BD in a epm_Map call.
>
> If the obj uuid is checked against registered interfaces then probably the
> MS- PAR service has registered using two uuids?
"Windows also checks the obj uuid against the registered interfaces."
In which context does it check against the registered interfaces?
Best regards,
Andreas
--
Andreas Schneider GPG-ID: CC014E3D
Samba Team asn at samba.org
www.samba.org
More information about the cifs-protocol
mailing list