[jcifs] Re: Microsoft MCPP and WSPP docs

Michael B Allen ioplex at gmail.com
Wed Mar 5 03:18:39 GMT 2008

On Tue, 04 Mar 2008 20:22:00 -0600
"Christopher R. Hertel" <crh at ubiqx.mn.org> wrote:
> >> Don't forget the newest pile of doco:  Microsoft has released the
> >> documentation they wrote for MCPP and WSPP programs.
> >>
> >>   http://forums.microsoft.com/MSDN/default.aspx?ForumGroupID=573&SiteID=1
> >>
> >> Time will tell how much better this doco is relative the previous attempts.
> >
> > Yeah, I saw this but I wasn't sure if it was ok to read it. Are there
> > still conditions attached to this stuff? I'm not just doing OSS anymore. I
> > have commercial software that I license to people.
> According to the press release, the only restriction would be patent claims.
>  They even go as far as to say they won't sue over those for non-commercial use.
> Some of the docs now actually list the relevant patents, which helps.
> I'll know more soon, but here's an article from The Reg:
>   http://www.theregister.co.uk/2008/02/21/microsoft_goes_open/
> They gave me a T-shirt that says "Reports of snowballs in hell" on the back.
> (No, really.)

Have you looked at these docs? If so, let's do a little test. Below
are three things that I'd like to know. If you're up to it, see if you
can find them.

1) Regarding the SPNEGO protocol, the initiator sends a NegTokenInit
and the acceptor sends a NegTokenResp. But the SMB_COM_NEGOTIATE
response deviates from this behavior in that it sends NegTokenInit but
it's the acceptor. The subsequent SMB_COM_SESSION_SETUP_ANDX resumes
normal behavior and sends a NegTokenInit. Is there any mention of this
SMB specific oddity in the new docs?

2) DFS clients check the authority component of a UNC to determine if
it's a domain or a server so that if it's a domain it knows to do a
referral and initiate DFS resolution. That check is a simple lookup in
what is called the "trusted domains cache" or "SPC cache". Is there
anything in the new docs about how DFS clients retrieve this list of
trusted domains?

3) There is a connectionless (UDP) LDAP request for the netlogon
attribute of the RootDSE that MSDN documentation refers to only as a
"CLDAP ping". Much like a corresponding mailslot request, it is used
to retrieve basic but very important information about a domain
controller including it's DNS domain name, NetBIOS domain name and
GUID. There appears to be at least 4 levels of information that can be
retrieved controlled by an NtVer attribute in the filter. In these new
MS docs, is there any mention of the binary blob of data returned in
this very common CLDAP netlogon attribute query?


PS: Admittedly with the exception of #2 these are fairly obscure
things that I don't expect you to find. But perhaps that's my point. I
don't believe that MS actually knows everything about their own
protocols and thus there's no way that they can possibly document
everything. I will be truly impressed when Microsoft creates an
"Office of Interoperability and Standards" with an email address where
we can send these little questions so that someone can look at the
source code and publicly release addendums.

Michael B Allen
PHP Active Directory SPNEGO SSO

More information about the jcifs mailing list