dce/rpc long buffers

Luke Kenneth Casson Leighton lkcl at regent.push.net
Sun Apr 19 17:37:39 GMT 1998

this message cross-posted to:

- samba-technical at samba.anu.edu.au
- samba-ntdom at samba.anu.edu.au
- cifs at discuss.microsoft.com

i am implementing the combination of SMBreadX / SMBtrans which is used to
transfer dce/rpc calls across an SMB IPC$ pipe.  an important observation
has been made which is kinda crucial, and simplifies implementations of
client and server quite considerably.

namely, that the file offset in the SMBreadX is totally ignored by the

if you set the file offset to 0x1000000 (in BRANCH_NTDOM's smbclient for
example) it makes absolutely no difference to the results obtained from an
NT server.  anyone else currently implementing dce/rpc over SMB (whether
under NDA or not :-) is advised to confirm this for themselves. 

presumably, as the data is transferred, an internal data offset is clocked
up by the data length contained in the SMBreadX.

the NT clients still hand out a file offset in the SMBreadXs and clock it
up when sending multiple SMBreadXs in order to obtain a dce/rpc fragment,
but they _reset_ this back to zero on the next fragment.  this is
additional but unfortunately misleading evidence, as i originally supposed
that the SMBreadX file offset was reset to zero by the client for a
reason: the offset was relative to the start of the current fragment.  not
at all: that is just coincidental.

it would have been nice to have known this four months ago.


More information about the samba-ntdom mailing list