[jcifs] Re: Pass Through Authentication [was dcerpc.net - developer forum]
Luke Kenneth Casson Leighton
lkcl at samba-tng.org
Thu Sep 6 19:46:01 EST 2001
> Is there a spec on NDR? This would be a good little abstract piece to
> byte off and get learned.
yes, there is.
okay, go via dcerpc.net/url - look for online pubs, URL no _06.
skip the first sections, go to ... um.... chapter 3?
skim this stuff, okay? there's a _lot_ there, use it as
reference because it's about 1,000 pages all told.
> > note the function calls to rpc_api_write, rpc_api_send_rcv_pdu
> > and rpc_api_rcv_pdu? _that's_ where SMBwriteX, SMBtrans
> > and SMBreadX get called.
> I suspect when you refer to PDUs you're just talking about the breakup
> of the at most 64K transaction buffer into ~MTU sized fragments for
> transmission on the network.
ah... well... no.
the maximum DCE/RPC stream size is theoretically unlimited
when you use a DCE/RPC 'pipe'.
but when you don't use a DCE/RPC 'pipe', most implementations
limit the total NDR buffer size to about 5 megabytes or so.
you're right about the ~MTU sizes: however, the code in
freedce is a stub-hack, because it really doesn't matter
_that_ much, and it's not easy to do that in a portable
way [dce/rpc is about interoperability].
so, NT tends to negotiate a PDU size of 0x1630 bytes.
AS/U about 0x800.
freedce about 0x1000.
i know what you are referring to, though: you're referring
to the maximum SMB size, which is 64k, which has nothing
to do with DCE/RPC, here.
IPC$ - the use of SMBwriteX, SMBtrans and SMB readX, is
just like write, write+read and read, over TCP/IP or any
other socket. it's just a bit weird, that's all :)
> > you'll only need an SMBnegprot and SMBsesssetupX for
> > that. oh, and get_any_dc_name() to locate a DC from
> > the Domain name. i'm sure you have that NetBIOS/UDP
> > call available in jCIFS.
> Well, for this all we do is NbtAddress.getByName("mydc", 0x1c,
> "scope.com"). I believe 0x1c will return the domain controller.
great! that's the one. if you read the ms specs,
this will give you _one of_ the BDCs or the PDC.
if that fails, do a getByName on 0x1b, to get the PDC.
> > all best,
> > luke
> Thanks a lot Luke. I really appriciate your help. I have cc'd our list
> so that I may refer back to this information (an assure jCIFS users that
> I am looking into the pass-trough authentication functionality). It is
> clear that I need to look at the code you outlined above, take a hard
> look at the wire with your book in hand, etc. Perhaps after doing so I
> can present more focused questions.
More information about the jcifs