Windows Search Protocol for samba share

Sat Mar 23 04:57:26 MDT 2013

Am 20.03.2013 21:43, schrieb Jean-Daniel FISCHER:
> Hi Gregor and Jeremy,
>
> First of all, thanks for helping me :)
>
> @Gregor: It's seems promising and I will definitevely use it and give you
> feedback as soon as I start to code the server. For now, I will focus on
> declaring the named pipe in samba and forward it to external daemon.
>
> @Jeremy: I am looking into the samba code. So far, I found the nt_open_pipe
> which is the function call when a client try to open a named pipe. It calls
> open_np_file, that calls np_open. At the end, this function calls
> make_external_rpc_pipe_p if the pipe_mode is set
> to RPC_SERVICE_MODE_EXTERNAL.
>
> Correct me if I am wrong but that mean I need to add rpc_server:msftewds =
> external into smb.conf.
>
> In the function code, I have spotted:
> socket_dir = lp_parm_const_string(
> GLOBAL_SECTION_SNUM, "external_rpc_pipe", "socket_dir",
> lp_ncalrpc_dir());
> So socket_dir = /var/run/samba/socket_dir in smb.conf should set this value.
>
> Which should lead to a /var/run/samba/socket_dir/np/msftewds file to
> appear, am I right ? Because the directory is not created ?
> Is it my external daemon that have to create the unix domain socket
> exchange file ?
>
> I have done some fast wireshark capture. It seems taht the pipe is not
> opened with NT Create And X. It is accessed with a SMB_COM_TRANSACTION
> (0x25) containing the sub command TRANS_WAIT_NMPIPE (0x0053). Smbd responds
> with STATUS_NOT_SUPPORTED that is not indicated as a correct STATUS return
> code for this command in MS-CIFS specification. Do you have any idea where
> such smb message is handled in samba code ? If it is implemented ?
>
> Best regards,
>
> Jean-Daniel FISCHER
>
> 2013/3/20 Gregor Beck <gb at sernet.de>
>
>>
>>
>> ---------- Message transféré ----------
>> From: Gregor Beck <gbeck at sernet.de>
>> To: samba-technical at lists.samba.org
>> Cc: Jean-Daniel FISCHER <jeandaniel.fischer at gmail.com>
>> Date: Wed, 20 Mar 2013 15:32:58 +0100
>> Subject: Re: Windows Search Protocol for samba share
>> Hi Jean-Daniel,
>>
>> I've started hacking a wireshark dissector for MS-WSP. It is far from
>> complete
>> but might be of some help.
>>
>> Check out:
>>
>> http://repo.or.cz/w/wireshark-wip.git/shortlog/refs/heads/ms-wsp
>>
>> Any feedback is welcome ;-)
>>
>> Gregor
>>
>> Am Dienstag, 19. März 2013, 20:14:30 schrieb Jean-Daniel FISCHER:
>>> Hi everyone,
>>>
>>> I wish to develop Windows Search Protocol (MS-WSP) support for samba
>> share.
>>> I have gone through the specification and I am confident it can be done.
>>>
>>> The protocol works on top of SMB using the named pipe MSFTEWDS according
>> to
>>> the specification MS provides.
>>>
>>> I am looking for a way to declare this named pipe into samba and make all
>>> requests made on that named pipe forward to an external program.
>>>
>>> I have  looked over samba source code, wiki and mailing list archives
>>> during the last month, I can’t find a way to do it. Is there any way to
>> do
>>> this ?
>>>
>>> Best regards,
>>>
>>> Jean-Daniel FISCHER
>>
>>
>

Hi Jean-Daniel,

>> I have done some fast wireshark capture. It seems taht the pipe is not
>> opened with NT Create And X. It is accessed with a SMB_COM_TRANSACTION
>> (0x25) containing the sub command TRANS_WAIT_NMPIPE (0x0053).

I stumbled across the same problem a year ago while I was doing some 
prototype implementation for my master thesis. The problem is that the 
Windows Search Service relies on the pipe being opened with the 
SMB_COM_NT_CREATE_ANDX command rather than the SMB_COM_OPEN command. The 
former one allows the parameter 'ImpersonationLevel' being set. This is 
a mandatory parameter as stated in the MS-WSP section 2.1.

At that time I did not find a suitable (rather quick) approach to handle 
the problem, as it seemed to require serious changes to the Samba 
Project implementation itself. Eventually I had to switch to jCIFS for 
further process.

Hope this helps...

Greets
Alexander Lüders