[cifs-protocol] [MS-ADDM] Active Directory Webservices expected lifetime of [MC-NBFSE] StringTable

Garming Sam garming at catalyst.net.nz
Tue Dec 4 23:40:41 UTC 2018


Hi,

When running AD Powershell commands, the transport is a SOAP-binary XML
format. The protocol defining this [MC-NFBSE] allows compression using a
dictionary which is appended to at runtime by sending a StringTable at
the beginning of the message.

The base dictionary has static entries at every even index, while the
runtime entries are added at every odd index. There seem to be some
ambiguities in what the lifetime of these entries are:

1) When you have two endpoints communicating (A, B), are there two
dictionaries, one on A and one of B (or is it shared)?

When Endpoint A adds entry at offset 0x1, does this mean that when
Endpoint B adds an entry it must be at offset 0x3 of a shared
dictionary? The StringTable structure only specifies a sequence of
elements to add to 'the dictionary', not its index.

2) How long are entries in the dictionary meant to live? [MC-NBFSE] 2.1
StringTable says "A consumer of this format MUST maintain this mapping
until there are no further documents to process."

It's not entirely clear what is meant by 'no further documents to
process'. For instance, the StringTable entry could only live as long as
a single SOAP request, but then it doesn't offer much in the way of
compression and I would've considered each SOAP request a 'document'.
Intuitively, I would expect the dictionary to last the session, but what
a session is depends on the underlying protocol. With Active Directory
Web Services and [MC-NMF], it should mean [Preamble] -> [EndRecord] /
disconnect. Alternatively it could be over the TCP connection, but
lasting over multiple application level communications (with different
security contexts) seems kind of wrong. In fact, a conversation may
exist over multiple ADWS endpoints and presumably connections, but I
don't think there is any way to tie these together.


Cheers,

Garming




More information about the cifs-protocol mailing list