eglass1 at comcast.net
eglass1 at comcast.net
Wed Nov 12 11:32:38 EST 2003
I've set up a new project on Sourceforge, and just finished uploading version
This is a transport-independent framework for DCE/RPC in Java. Key goals of
the project are:
1) Support for both client and server side RPC, both connection-oriented
2) Pluggable transport support, with provided support for the following
ncacn_ip_tcp (Connection-oriented DCE/RPC over TCP)
ncadg_ip_udp (Connectionless DCE/RPC over UDP)
ncacn_np (Connection-oriented DCE/RPC over SMB named pipes, using jCIFS
as the transport provider)
4) Pluggable session security models, with provided support for NTLMSSP
(and possibly Kerberos).
5) Client and server stub generation from IDL.
Various parts of these are at various stages; the status and todo list is
below. There is a (more-or-less working) usage example provided, demonstrating
binding and a bogus function call. Remember that this is effectively
pre-alpha, so your results may vary wildly ;)
If you want to have a look, you can download it from:
To run the example, you would add all the jarfiles in the distribution to
your classpath, compile *.java in the "examples" directory, and run:
java Example 'ncacn_ip_tcp:SERVER'
which would bind to and invoke against the endpoint mapper over TCP, or:
java Example 'ncacn_np:SERVER[\PIPE\epmapper]'
to do the same thing over SMB named pipes. Also, take a look at the
example.properties for setting up authenticated binds (probably necessary
to run the named pipes example as well).
Anonymous and authenticated binds (with or without NTLM1 signing & sealing)
can be done over TCP and SMB named pipes, and it is *theoretically*
possible to hand-code working RPC client stubs and invoke them over those
Client-side connection-oriented framework is more or less complete.
Client-side connectionless framework is ~40% complete.
Server-side (both connection-oriented and connectionless) is almost totally
ncacn_np (Connection-oriented DCE/RPC over SMB named pipes):
Client side is implemented, but somewhat poorly (should use an initial
SMB transaction for PDUs, followed by reads and writes for overflow;
this implementation just uses reads and writes, which means at least
one extra roundtrip per request).
ncacn_ip_tcp (Connection-oriented DCE/RPC over TCP):
Client side is implemented.
ncadg_ip_udp (Connectionless DCE/RPC over UDP):
Client side is partially implemented; transport is mostly complete,
but connectionless framework is only partially done.
NTLMv1 authentication with NTLM1 session security is fully implemented;
Support for signing and/or sealing with user session keys, as well as
40-bit and 56-bit LAN Manager session keys (there is no 128-bit under
Support for NTLMSSP key exchange.
LMv2 authentication could maybe work, but is currently not used (there
is some question as to the session key established; more experimentation
NTLMv2 authentication could probably work, but isn't yet supported in
NTLM2 session security is not yet implemented; since the algorithm
for NTLM2 signatures under RPC isn't fully understood, there didn't seem
to be much point (as sealing implies signing).
To-Do List (in rough order):
Test the NDR encoding more thoroughly (I'm fairly certain there are
Lots of Javadoc, and documentation in general.
Add big-endian support to the NDR formatter (possibly EBCDIC as well).
Implement the Endpoint Mapper client stub.
Finish the connectionless client-side framework.
Implement the Conversation Manager client stub.
Start implementing some more exciting client stubs, such as samr, etc.
Design and implement the server-side connection-oriented and
Look at removing the NTLM dependency on jCIFS (as it would be neighborly
to support other SMB client implementations without requiring jCIFS
as well just for NTLM). It's also possible that big-endian NDR support
would require an overhaul of the NTLM messages (as I'm not clear yet
whether they are NDR structures or not).
Find/write an IDL compiler to generate interface and stub classes.
There was talk on #samba-technical surrounding an IDL compiler in
the works which would generate intermediary XML; this would be ideal, as
XML processing is fairly easy in Java.
Implement the NetLogon secure channel and netlogon client stub.
Experiment with NTLM2 session security.
More information about the jcifs