[jcifs] Re: Pass Through Authentication [was dcerpc.net - developer forum]

Luke Kenneth Casson Leighton lkcl at samba-tng.org
Thu Sep 6 19:46:01 EST 2001

> Is there a spec on NDR? This would be a good little abstract piece to
> byte off and get learned.

yes, there is.


okay, go via dcerpc.net/url - look for online pubs, URL no _06.

skip the first sections, go to ... um.... chapter 3?

skim this stuff, okay?  there's a _lot_ there, use it as
reference because it's about 1,000 pages all told.

> > note the function calls to rpc_api_write, rpc_api_send_rcv_pdu
> > and rpc_api_rcv_pdu?  _that's_ where SMBwriteX, SMBtrans
> > and SMBreadX get called.
> I suspect when you refer to PDUs you're just talking about the breakup
> of the at most 64K transaction buffer into ~MTU sized fragments for
> transmission on the network. 

ah... well... no.

the maximum DCE/RPC stream size is theoretically unlimited
when you use a DCE/RPC 'pipe'.

but when you don't use a DCE/RPC 'pipe', most implementations
limit the total NDR buffer size to about 5 megabytes or so.

you're right about the ~MTU sizes: however, the code in
freedce is a stub-hack, because it really doesn't matter
_that_ much, and it's not easy to do that in a portable
way [dce/rpc is about interoperability].

so, NT tends to negotiate a PDU size of 0x1630 bytes.

AS/U about 0x800.

freedce about 0x1000.

i know what you are referring to, though: you're referring
to the maximum SMB size, which is 64k, which has nothing
to do with DCE/RPC, here.

IPC$ - the use of SMBwriteX, SMBtrans and SMB readX, is
just like write, write+read and read, over TCP/IP or any
other socket.  it's just a bit weird, that's all :)

> > you'll only need an SMBnegprot and SMBsesssetupX for
> > that.  oh, and get_any_dc_name() to locate a DC from
> > the Domain name.  i'm sure you have that NetBIOS/UDP
> > call available in jCIFS.
> Well, for this all we do is NbtAddress.getByName("mydc", 0x1c,
> "scope.com"). I believe 0x1c will return the domain controller.
great!  that's the one.  if you read the ms specs,
this will give you _one of_ the BDCs or the PDC.
if that fails, do a getByName on 0x1b, to get the PDC.

> > all best,
> > 
> > luke
> Thanks a lot Luke. I really appriciate your help. I have cc'd our list
> so that I may refer back to this information (an assure jCIFS users that
> I am looking into the pass-trough authentication functionality). It is
> clear that I need to look at the code you outlined above, take a hard
> look at the wire with your book in hand, etc. Perhaps after doing so I
> can present more focused questions.
any time.


More information about the jcifs mailing list