Buffer limit on server listings.

Eric eric.glass at comcast.net
Wed Mar 31 00:28:06 GMT 2004

> I've been talking off-line with one of the Ethereal developers, and he 
> says that there are two RPC calls that cover this territory:
> - BrowserrServerEnum()
> - BrowserrServerEnumEx()
> I have not seen these used in the wild, but I haven't been looking for
> them either.  Again, these are RPCs (and the names are legit, even though
> I can't find reference to them on MSDN).

I believe these are calls directly to the "Computer Browser" service
("PIPE\browsess" I think?).

>> Basically, the 
>> NetServerEnum2 RAP is used to get the first set of servers, and 
>> NetServerEnum3 is used as a set of "tacked on" calls to get the 
>> remainder in the event that NetServerEnum2 indicates more data is
 >> available.
> Does any other Windows system use NetServerEnum3() or is it just XP?  I've
> never seen NetServerEnum3().

I get it from Win2k as well.  It requires a pretty big workgroup (as 
smaller ones would fit in a single NetServerEnum2).

>> The reason this is interesting is that the NetServerEnum function has a 
>> real old bug, in which the "resume_handle" parameter always returns 0, 
>> causing an infinite loop if you actually try to use it as intended 
>> (i.e., as the handle for the next set of results when the result = 
>> http://support.microsoft.com/support/kb/articles/q136/4/37.asp
> I just looked through my own docs
>  http://ubiqx.org/cifs/Browsing.html#BRO.4.3.1
> and I don't see how the NetServerEnum2 request packet could specify a 
> starting point for reading 'more' data.  The NetServerEnum2 reply does 
> have fields that will indicate that there is more data to be retreived, 
> but you can't retreive it with the NetServerEnum2() call.

I'm kind of fuzzy on this as well.  I'm not sure why the NetServerEnum 
API call even had the resume_handle parameter to begin with.  The 
NetServerEnum3 stuff all appears to happen on the backend, anyway (i.e., 
I never have to actually call NetServerEnumEx; the single NetServerEnum 
call does the required NetServerEnum2/NetServerEnum3s and pulls all the 
results together).

> ...and those are all RAP messages going back and forth, yes?


> ...and that still leaves questions about the BrowserrServerEnum() and 
> BrowserrServerEnumEx() RPC calls.  What are those?  Are they ever used?  
> Were they simply implemented by someone at Microsoft as an attempt to 
> replace the older RAP calls...and then forgotten?

I'm not sure if they were intended as a replacement for them or not (as
mentioned, I think they would be used in direct interaction with the
"Computer Browser" windows service).


More information about the samba-technical mailing list