How jCIFS Works #2 [was RE: [jcifs] jCIFS and Share name length?]

[Allen, Michael B (RSCH)]

> -----Original Message-----
> From:	rjw [SMTP:rob at wygand.com]
> 
> Mike,
> 
> With the URL encoding/decoding fix I made, spaces work just great.
> 
	Well, the real issue is the '@' sign.

> But I'm poking around with share name length. What I'm seeing is that 
> jCIFS doesn't even seem to get a response back containing the long share 
> names... it looks like Windows NT is preventing us from seeing them...
> 
	Right. NT is only returning 13 characters. However this is only if you use the RAP call
	NetShareEnum. RAP is another layer that runs over Named Pipes (internal ones, not the
	public interface that Paul wrote) but there's another layer called DCE/RPC which also runs
	over Named Pipes. It's quite different from RAP calls and admittedly is rather difficult to
	decipher because it's not documented. If you catch a newish workstation enumerating the
	shares on a newish server I don't think you'll see a RAP but one of these mysterious
	DCE/RPC calls instead. Ethereal won't decode them much. Not even Netmon decodes
	much more than the security block. The point is I think the share enumeration function that
	can handle shares longer than 13 characters is one of these DCE/RPC calls. jCIFS just
	doesn't do DCE/RPC.

> I'm wondering if we need to set a header field differently to masquerade 
> as something capable of seeing longer sharenames...
> 
	Don't think headers. Protocols that use headers like http are telnet based protocols. CIFS
	is a binary protocol. For example if you look at the document that describes the Remote
	Access Protocol (RAP):

	ftp://ftp.microsoft.com/developr/drg/CIFS/cifsrap2.doc

	section 5 you'll see the structure used to describe the format of the message:

	unsigned short NetShareEnum(
	   unsigned short 	sLevel;					
	  RCVBUF  	pbBuffer;					
	  RCVBUFLEN 	cbBuffer;
	  ENTCOUNT  	pcEntriesRead;					
	  unsigned short	*pcTotalAvail;
	);

	This means that the payload of the message (what you'd shoot down the Named Pipe) is a
	2 byte integer for the sLevel followed by a 16 bit integer for pbBuffer, and so on. You'll see
	section 5 says about sLevel "sLevel specifies the level of detail returned and must have the
	value of 1". So you'd have two bytes 00 01 in the first two bytes of the message
	corresponding to sLevel. To encode this part you use ServerMessageBlock.writeInt2(
	sLevel, buf, off ) to write sLevel into a byte[] array. Then you write the whole encoded
	message to the pipe and do the reverse to read the server's answer.

	Now in the case of this NetShareEnum message the RCVBUD is actually a pointer (just
	an offset from the start of the message) to a linear array of SHARE_INFO_1 structures:

	struct SHARE_INFO_1 {
		char                 shi1_netname[13]
		char                 shi1_pad;
		unsigned short  shi1_type
		char                 *shi1_remark;
	    }

	This is all in the above document BTW. As you can see the structure explicitly defines the
	share name is at most 13 characters.

	[ASIDE: This is basically how all this stuff works, SMBs, RAP, even DCE/RPC (albeit a lot
	more complicated). It's just encoding and decoding binary messages. I've worked out the
	technique pretty well actually. It's easy at this point. Just typing.]

	So to get back to the question, there are no headers and the NetShareEnum RAP does not
	have a field that allows you to specify how many characters of the share name should be
	returned. See the problem? So we're basically SOL. There are however, HUNDREDS of
	RAP calls. I've attached a list. I've only implemented 2 (NetServerEnum2 and
	NetShareEnum) because that's all I needed and I wanted to keep things simple at the time.
	However adding new ones is trivial as you can see from the NetShareEnum.java class for
	example. It is just possible that one may retrieve that extra share information in Unicode.

	Mike <<rap_codes.txt>> 


-------------- next part --------------
API_WshareEnum 0
API_WshareGetInfo 1
API_WshareSetInfo 2
API_WshareAdd 3
API_WshareDel 4
API_NetShareCheck 5
API_WsessionEnum 6
API_WsessionGetInfo 7
API_WsessionDel 8
API_WconnectionEnum 9
API_WfileEnum 10
API_WfileGetInfo 11
API_WfileClose 12
API_WserverGetInfo 13
API_WserverSetInfo 14
API_WserverDiskEnum 15
API_WserverAdminCommand 16
API_NetAuditOpen 17
API_WauditClear 18
API_NetErrorLogOpen 19
API_WerrorLogClear 20
API_NetCharDevEnum 21
API_NetCharDevGetInfo 22
API_WCharDevControl 23
API_NetCharDevQEnum 24
API_NetCharDevQGetInfo 25
API_WCharDevQSetInfo 26
API_WCharDevQPurge 27
API_WCharDevQPurgeSelf 28
API_WMessageNameEnum 29
API_WMessageNameGetInfo 30
API_WMessageNameAdd 31
API_WMessageNameDel 32
API_WMessageNameFwd 33
API_WMessageNameUnFwd 34
API_WMessageBufferSend 35
API_WMessageFileSend 36
API_WMessageLogFileSet 37
API_WMessageLogFileGet 38
API_WServiceEnum 39
API_WServiceInstall 40
API_WServiceControl 41
API_WAccessEnum 42
API_WAccessGetInfo 43
API_WAccessSetInfo 44
API_WAccessAdd 45
API_WAccessDel 46
API_WGroupEnum 47
API_WGroupAdd 48
API_WGroupDel 49
API_WGroupAddUser 50
API_WGroupDelUser 51
API_WGroupGetUsers 52
API_WUserEnum 53
API_WUserAdd 54
API_WUserDel 55
API_WUserGetInfo 56
API_WUserSetInfo 57
API_WUserPasswordSet 58
API_WUserGetGroups 59
API_DeadTableEntry 60
/*This line and number replaced a Dead Entry */
API_WWkstaSetUID 62
API_WWkstaGetInfo 63
API_WWkstaSetInfo 64
API_WUseEnum 65
API_WUseAdd 66
API_WUseDel 67
API_WUseGetInfo 68
API_WPrintQEnum 69
API_WPrintQGetInfo 70
API_WPrintQSetInfo 71
API_WPrintQAdd 72
API_WPrintQDel 73
API_WPrintQPause 74
API_WPrintQContinue 75
API_WPrintJobEnum 76
API_WPrintJobGetInfo 77
API_WPrintJobSetInfo_OLD 78
/* This line and number replaced a Dead Entry */
/* This line and number replaced a Dead Entry */
API_WPrintJobDel 81
API_WPrintJobPause 82
API_WPrintJobContinue 83
API_WPrintDestEnum 84
API_WPrintDestGetInfo 85
API_WPrintDestControl 86
API_WProfileSave 87
API_WProfileLoad 88
API_WStatisticsGet 89
API_WStatisticsClear 90
API_NetRemoteTOD 91
API_WNetBiosEnum 92
API_WNetBiosGetInfo 93
API_NetServerEnum 94
API_I_NetServerEnum 95
API_WServiceGetInfo 96
/* This line and number replaced a Dead Entry */
/* This line and number replaced a Dead Entry */
/* This line and number replaced a Dead Entry */
/* This line and number replaced a Dead Entry */
/* This line and number replaced a Dead Entry */
/* This line and number replaced a Dead Entry */
API_WPrintQPurge 103
API_NetServerEnum2 104
API_WAccessGetUserPerms 105
API_WGroupGetInfo 106
API_WGroupSetInfo 107
API_WGroupSetUsers 108
API_WUserSetGroups 109
API_WUserModalsGet 110
API_WUserModalsSet 111
API_WFileEnum2 112
API_WUserAdd2 113
API_WUserSetInfo2 114
API_WUserPasswordSet2 115
API_I_NetServerEnum2 116
API_WConfigGet2 117
API_WConfigGetAll2 118
API_WGetDCName 119
API_NetHandleGetInfo 120
API_NetHandleSetInfo 121
API_WStatisticsGet2 122
API_WBuildGetInfo 123
API_WFileGetInfo2 124
API_WFileClose2 125
API_WNetServerReqChallenge 126
API_WNetServerAuthenticate 127
API_WNetServerPasswordSet 128
API_WNetAccountDeltas 129
API_WNetAccountSync 130
API_WUserEnum2 131
API_WWkstaUserLogon 132
API_WWkstaUserLogoff 133
API_WLogonEnum 134
API_WErrorLogRead 135
API_WI_NetPathType 136
API_WI_NetPathCanonicalize 137
API_WI_NetPathCompare 138
API_WI_NetNameValidate 139
API_WI_NetNameCanonicalize 140
API_WI_NetNameCompare 141
API_WAuditRead 142
API_WPrintDestAdd 143
API_WPrintDestSetInfo 144
API_WPrintDestDel 145
API_WUserValidate2 146
API_WPrintJobSetInfo 147
API_TI_NetServerDiskEnum 148
API_TI_NetServerDiskGetInfo 149
API_TI_FTVerifyMirror 150
API_TI_FTAbortVerify 151
API_TI_FTGetInfo 152
API_TI_FTSetInfo 153
API_TI_FTLockDisk 154
API_TI_FTFixError 155
API_TI_FTAbortFix 156
API_TI_FTDiagnoseError 157
API_TI_FTGetDriveStats 158
/* This line and number replaced a Dead Entry */
API_TI_FTErrorGetInfo 160
/* This line and number replaced a Dead Entry */
/* This line and number replaced a Dead Entry */
API_NetAccessCheck 163
API_NetAlertRaise 164
API_NetAlertStart 165
API_NetAlertStop 166
API_NetAuditWrite 167
API_NetIRemoteAPI 168
API_NetServiceStatus 169
API_I_NetServerRegister 170
API_I_NetServerDeregister 171
API_I_NetSessionEntryMake 172
API_I_NetSessionEntryClear 173
API_I_NetSessionEntryGetInfo 174
API_I_NetSessionEntrySetInfo 175
API_I_NetConnectionEntryMake 176
API_I_NetConnectionEntryClear 177
API_I_NetConnectionEntrySetInfo 178
API_I_NetConnectionEntryGetInfo 179
API_I_NetFileEntryMake 180
API_I_NetFileEntryClear 181
API_I_NetFileEntrySetInfo 182
API_I_NetFileEntryGetInfo 183
API_AltSrvMessageBufferSend 184
API_AltSrvMessageFileSend 185
API_wI_NetRplWkstaEnum 186
API_wI_NetRplWkstaGetInfo 187
API_wI_NetRplWkstaSetInfo 188
API_wI_NetRplWkstaAdd 189
API_wI_NetRplWkstaDel 190
API_wI_NetRplProfileEnum 191
API_wI_NetRplProfileGetInfo 192
API_wI_NetRplProfileSetInfo 193
API_wI_NetRplProfileAdd 194
API_wI_NetRplProfileDel 195
API_wI_NetRplProfileClone 196
API_wI_NetRplBaseProfileEnum 197
/* This line and number replaced a Dead Entry */
/* This line and number replaced a Dead Entry */
/* This line and number replaced a Dead Entry */
API_WIServerSetInfo 201
/* This line and number replaced a Dead Entry */
/* This line and number replaced a Dead Entry */
/* This line and number replaced a Dead Entry */
API_WPrintDriverEnum 205
API_WPrintQProcessorEnum 206
API_WPrintPortEnum 207
API_WNetWriteUpdateLog 208
API_WNetAccountUpdate 209
API_WNetAccountConfirmUpdate 210
API_WConfigSet 211
API_WAccountsReplicate 212
/* 213 is used by WfW */
API_SamOEMChgPasswordUser2_P 214
API_NetServerEnum3 215
API_WprintDriverGetInfo 250
API_WprintDriverSetInfo 251
API_WaliasAdd 252
API_WaliasDel 253
API_WaliasGetInfo 254
API_WaliasSetInfo 255
API_WaliasEnum 256
API_WuserGetLogonAsn 257
API_WuserSetLogonAsn 258
API_WuserGetAppSel 259
API_WuserSetAppSel 260
API_WappAdd 261
API_WappDel 262
API_WappGetInfo 263
API_WappSetInfo 264
API_WappEnum 265
API_WUserDCDBInit 266
API_WDASDAdd 267
API_WDASDDel 268
API_WDASDGetInfo 269
API_WDASDSetInfo 270
API_WDASDEnum 271
API_WDASDCheck 272
API_WDASDCtl 273
API_WuserRemoteLogonCheck 274
API_WUserPasswordSet3 275
API_WCreateRIPLMachine 276
API_WDeleteRIPLMachine 277
API_WGetRIPLMachineInfo 278
API_WSetRIPLMachineInfo 279
API_WEnumRIPLMachine 280
API_WI_ShareAdd 281
API_WI_AliasEnum 282
API_WaccessApply 283
API_WPrt16Query 284
API_WPrt16Set 285
API_WUserDel100 286
API_WUserRemoteLogonCheck2 287
API_WRemoteTODSet 294
API_WprintJobMoveAll 295
API_W16AppParmAdd 296
API_W16AppParmDel 297
API_W16AppParmGet 298
API_W16AppParmSet 299
API_W16RIPLMachineCreate 300
API_W16RIPLMachineGetInfo 301
API_W16RIPLMachineSetInfo 302
API_W16RIPLMachineEnum 303
API_W16RIPLMachineListParmEnum 304
API_W16RIPLMachClassGetInfo 305
API_W16RIPLMachClassEnum 306
API_W16RIPLMachClassCreate 307
API_W16RIPLMachClassSetInfo 308
API_W16RIPLMachClassDelete 309
API_W16RIPLMachClassLPEnum 310
API_W16RIPLMachineDelete 311
API_W16WSLevelGetInfo 312
API_WserverNameAdd 313
API_WserverNameDel 314
API_WserverNameEnum 315
API_I_WDASDEnum 316
API_I_WDASDEnumTerminate 317
API_I_WDASDSetInfo2 318
MAX_API 318