use Windows named pipe using cmd 2d: NT Create AndX Request

Jeremy Allison jra at
Mon Mar 14 18:15:23 MDT 2011

On Mon, Mar 14, 2011 at 12:11:03PM -0500, Josh Moore wrote:
> I'm trying to connect to a Windows named pipe that is shared over SMB.
> For context, see Windows Server code:
> A modification needed for the server (see the note about permissions at the end):
> Windows Client code:
> This all works OK in Windows. No problem.
> The Server side in my application is created in Windows by a competing company. I have no control over it (otherwise it would be a TCP server). I do have Wireshark packet captures of successful communication. And, of course, I have the bare-bones Windows server and client (above) to run on test machines.
> I want to implement the Client side in Linux using libsmbclient.
> I've started with the testread.c example. It reads text files OK on file shares, e.g. smb://
> I tried to get it to connect to the named pipe by giving it various path names, e.g. smb://$/mynamedpipe
> It starts out OK by sending a Tree Connect AndX Request to path \\\IPC$
> Then, I think I want to send a SMB packet with the SMB Command field byte having value "a2" (hexadecimal). This is an "NT Create AndX Request".
> Instead, all it seems I can send is SMB Command value "2d", "Open AndX Request".
> I tried changing "smbc_open(path, O_RDONLY, 0)" to "smbc_creat(path, 0)", but that didn't do it.
> Would it be possible to send this other type of Samba command (a2)?

Not at present. Unfortunately libsmbclient internally is using the
internal Samba API cli_open(), which uses the old DOS SMBopenX call
on the wire.

A decent patch might be to change smbc_open() and smbc_creat()
to use NtCreateX instead, or extend the libsmbclient API to
expose the cli_ntcreate() internal Samba API call.


More information about the samba-technical mailing list