Discussion:
Windows Search Protocol for samba share
Jean-Daniel FISCHER
2013-03-19 20:14:30 UTC
Permalink
Hi everyone,

I wish to develop Windows Search Protocol (MS-WSP) support for samba share.
I have gone through the specification and I am confident it can be done.

The protocol works on top of SMB using the named pipe MSFTEWDS according to
the specification MS provides.

I am looking for a way to declare this named pipe into samba and make all
requests made on that named pipe forward to an external program.

I have looked over samba source code, wiki and mailing list archives
during the last month, I can?t find a way to do it. Is there any way to do
this ?

Best regards,

Jean-Daniel FISCHER
Jeremy Allison
2013-03-19 22:19:01 UTC
Permalink
Post by Jean-Daniel FISCHER
Hi everyone,
I wish to develop Windows Search Protocol (MS-WSP) support for samba share.
I have gone through the specification and I am confident it can be done.
The protocol works on top of SMB using the named pipe MSFTEWDS according to
the specification MS provides.
I am looking for a way to declare this named pipe into samba and make all
requests made on that named pipe forward to an external program.
I have looked over samba source code, wiki and mailing list archives
during the last month, I can?t find a way to do it. Is there any way to do
this ?
It's not well documented, but it is possible.

Look into the spoolss code, there is some structure
there to talk to a separate daemon pool that handles
the spoolss protocol.

Simo and Andreas did a lot of work on this, look at
the make_external_rpc_pipe_p() function.

Jeremy.
Gregor Beck
2013-03-20 15:06:48 UTC
Permalink
An embedded message was scrubbed...
From: Gregor Beck <gbeck at sernet.de>
Subject: Re: Windows Search Protocol for samba share
Date: Wed, 20 Mar 2013 15:32:58 +0100
Size: 1581
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20130320/48013b5d/attachment.mht>
Jean-Daniel FISCHER
2013-03-20 20:43:17 UTC
Permalink
Hi Gregor and Jeremy,

First of all, thanks for helping me :)

@Gregor: It's seems promising and I will definitevely use it and give you
feedback as soon as I start to code the server. For now, I will focus on
declaring the named pipe in samba and forward it to external daemon.

@Jeremy: I am looking into the samba code. So far, I found the nt_open_pipe
which is the function call when a client try to open a named pipe. It calls
open_np_file, that calls np_open. At the end, this function calls
make_external_rpc_pipe_p if the pipe_mode is set
to RPC_SERVICE_MODE_EXTERNAL.

Correct me if I am wrong but that mean I need to add rpc_server:msftewds =
external into smb.conf.

In the function code, I have spotted:
socket_dir = lp_parm_const_string(
GLOBAL_SECTION_SNUM, "external_rpc_pipe", "socket_dir",
lp_ncalrpc_dir());
So socket_dir = /var/run/samba/socket_dir in smb.conf should set this value.

Which should lead to a /var/run/samba/socket_dir/np/msftewds file to
appear, am I right ? Because the directory is not created ?
Is it my external daemon that have to create the unix domain socket
exchange file ?

I have done some fast wireshark capture. It seems taht the pipe is not
opened with NT Create And X. It is accessed with a SMB_COM_TRANSACTION
(0x25) containing the sub command TRANS_WAIT_NMPIPE (0x0053). Smbd responds
with STATUS_NOT_SUPPORTED that is not indicated as a correct STATUS return
code for this command in MS-CIFS specification. Do you have any idea where
such smb message is handled in samba code ? If it is implemented ?

Best regards,

Jean-Daniel FISCHER

2013/3/20 Gregor Beck <gb at sernet.de>
---------- Message transf?r? ----------
From: Gregor Beck <gbeck at sernet.de>
To: samba-technical at lists.samba.org
Cc: Jean-Daniel FISCHER <jeandaniel.fischer at gmail.com>
Date: Wed, 20 Mar 2013 15:32:58 +0100
Subject: Re: Windows Search Protocol for samba share
Hi Jean-Daniel,
I've started hacking a wireshark dissector for MS-WSP. It is far from
complete
but might be of some help.
http://repo.or.cz/w/wireshark-wip.git/shortlog/refs/heads/ms-wsp
Any feedback is welcome ;-)
Gregor
Post by Jean-Daniel FISCHER
Hi everyone,
I wish to develop Windows Search Protocol (MS-WSP) support for samba
share.
Post by Jean-Daniel FISCHER
I have gone through the specification and I am confident it can be done.
The protocol works on top of SMB using the named pipe MSFTEWDS according
to
Post by Jean-Daniel FISCHER
the specification MS provides.
I am looking for a way to declare this named pipe into samba and make all
requests made on that named pipe forward to an external program.
I have looked over samba source code, wiki and mailing list archives
during the last month, I can?t find a way to do it. Is there any way to
do
Post by Jean-Daniel FISCHER
this ?
Best regards,
Jean-Daniel FISCHER
Volker Lendecke
2013-03-21 08:08:57 UTC
Permalink
Post by Jean-Daniel FISCHER
Hi Gregor and Jeremy,
First of all, thanks for helping me :)
@Gregor: It's seems promising and I will definitevely use it and give you
feedback as soon as I start to code the server. For now, I will focus on
declaring the named pipe in samba and forward it to external daemon.
@Jeremy: I am looking into the samba code. So far, I found the nt_open_pipe
which is the function call when a client try to open a named pipe. It calls
open_np_file, that calls np_open. At the end, this function calls
make_external_rpc_pipe_p if the pipe_mode is set
to RPC_SERVICE_MODE_EXTERNAL.
Correct me if I am wrong but that mean I need to add rpc_server:msftewds =
external into smb.conf.
socket_dir = lp_parm_const_string(
GLOBAL_SECTION_SNUM, "external_rpc_pipe", "socket_dir",
lp_ncalrpc_dir());
So socket_dir = /var/run/samba/socket_dir in smb.conf should set this value.
Which should lead to a /var/run/samba/socket_dir/np/msftewds file to
appear, am I right ? Because the directory is not created ?
Is it my external daemon that have to create the unix domain socket
exchange file ?
Yes, the external daemon has to create that pipe file.
Post by Jean-Daniel FISCHER
I have done some fast wireshark capture. It seems taht the pipe is not
opened with NT Create And X. It is accessed with a SMB_COM_TRANSACTION
(0x25) containing the sub command TRANS_WAIT_NMPIPE (0x0053). Smbd responds
with STATUS_NOT_SUPPORTED that is not indicated as a correct STATUS return
code for this command in MS-CIFS specification. Do you have any idea where
such smb message is handled in samba code ? If it is implemented ?
Can you send a debug level 10 log of smbd of that attempt,
together with a wireshark trace?

Thanks,

Volker
--
SerNet GmbH, Bahnhofsallee 1b, 37081 G?ttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG G?ttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
Alexander Lüders
2013-03-23 10:57:26 UTC
Permalink
Post by Jean-Daniel FISCHER
Hi Gregor and Jeremy,
First of all, thanks for helping me :)
@Gregor: It's seems promising and I will definitevely use it and give you
feedback as soon as I start to code the server. For now, I will focus on
declaring the named pipe in samba and forward it to external daemon.
@Jeremy: I am looking into the samba code. So far, I found the nt_open_pipe
which is the function call when a client try to open a named pipe. It calls
open_np_file, that calls np_open. At the end, this function calls
make_external_rpc_pipe_p if the pipe_mode is set
to RPC_SERVICE_MODE_EXTERNAL.
Correct me if I am wrong but that mean I need to add rpc_server:msftewds =
external into smb.conf.
socket_dir = lp_parm_const_string(
GLOBAL_SECTION_SNUM, "external_rpc_pipe", "socket_dir",
lp_ncalrpc_dir());
So socket_dir = /var/run/samba/socket_dir in smb.conf should set this value.
Which should lead to a /var/run/samba/socket_dir/np/msftewds file to
appear, am I right ? Because the directory is not created ?
Is it my external daemon that have to create the unix domain socket
exchange file ?
I have done some fast wireshark capture. It seems taht the pipe is not
opened with NT Create And X. It is accessed with a SMB_COM_TRANSACTION
(0x25) containing the sub command TRANS_WAIT_NMPIPE (0x0053). Smbd responds
with STATUS_NOT_SUPPORTED that is not indicated as a correct STATUS return
code for this command in MS-CIFS specification. Do you have any idea where
such smb message is handled in samba code ? If it is implemented ?
Best regards,
Jean-Daniel FISCHER
2013/3/20 Gregor Beck <gb at sernet.de>
---------- Message transf?r? ----------
From: Gregor Beck <gbeck at sernet.de>
To: samba-technical at lists.samba.org
Cc: Jean-Daniel FISCHER <jeandaniel.fischer at gmail.com>
Date: Wed, 20 Mar 2013 15:32:58 +0100
Subject: Re: Windows Search Protocol for samba share
Hi Jean-Daniel,
I've started hacking a wireshark dissector for MS-WSP. It is far from
complete
but might be of some help.
http://repo.or.cz/w/wireshark-wip.git/shortlog/refs/heads/ms-wsp
Any feedback is welcome ;-)
Gregor
Post by Jean-Daniel FISCHER
Hi everyone,
I wish to develop Windows Search Protocol (MS-WSP) support for samba
share.
Post by Jean-Daniel FISCHER
I have gone through the specification and I am confident it can be done.
The protocol works on top of SMB using the named pipe MSFTEWDS according
to
Post by Jean-Daniel FISCHER
the specification MS provides.
I am looking for a way to declare this named pipe into samba and make all
requests made on that named pipe forward to an external program.
I have looked over samba source code, wiki and mailing list archives
during the last month, I can?t find a way to do it. Is there any way to
do
Post by Jean-Daniel FISCHER
this ?
Best regards,
Jean-Daniel FISCHER
Hi Jean-Daniel,
Post by Jean-Daniel FISCHER
I have done some fast wireshark capture. It seems taht the pipe is not
opened with NT Create And X. It is accessed with a SMB_COM_TRANSACTION
(0x25) containing the sub command TRANS_WAIT_NMPIPE (0x0053).
I stumbled across the same problem a year ago while I was doing some
prototype implementation for my master thesis. The problem is that the
Windows Search Service relies on the pipe being opened with the
SMB_COM_NT_CREATE_ANDX command rather than the SMB_COM_OPEN command. The
former one allows the parameter 'ImpersonationLevel' being set. This is
a mandatory parameter as stated in the MS-WSP section 2.1.

At that time I did not find a suitable (rather quick) approach to handle
the problem, as it seemed to require serious changes to the Samba
Project implementation itself. Eventually I had to switch to jCIFS for
further process.

Hope this helps...

Greets
Alexander L?ders
Jean-Daniel FISCHER
2013-03-23 14:54:17 UTC
Permalink
I forget, if you want to reproduce the trace on your network, here how I am
testing so far:

Use the Windows Explorer to browse a samba share. Then type a word in the
search box.
You should see your windows client trying to open the pipe and then start
searching by browsing your entire share.

Jean-Daniel FISCHER

2013/3/23 Jean-Daniel FISCHER <jeandaniel.fischer at gmail.com>
Hi,
@Alexander: Thanks for sharing your experience. I hope, I can manage to
find some work around with the help out here :)
I joined the wireshark capture, the smbd full log and my smb.conf.
For reference: HYPERION is the Windows 8 client and GAIA is the standalone
server that host samba.
Best regards,
Jean-Daniel FISCHER
2013/3/23 Alexander L?ders <alexander.lueders at gmx.de>
Post by Jean-Daniel FISCHER
Hi Gregor and Jeremy,
Post by Jean-Daniel FISCHER
First of all, thanks for helping me :)
@Gregor: It's seems promising and I will definitevely use it and give you
feedback as soon as I start to code the server. For now, I will focus on
declaring the named pipe in samba and forward it to external daemon.
@Jeremy: I am looking into the samba code. So far, I found the nt_open_pipe
which is the function call when a client try to open a named pipe. It calls
open_np_file, that calls np_open. At the end, this function calls
make_external_rpc_pipe_p if the pipe_mode is set
to RPC_SERVICE_MODE_EXTERNAL.
Correct me if I am wrong but that mean I need to add rpc_server:msftewds =
external into smb.conf.
socket_dir = lp_parm_const_string(
GLOBAL_SECTION_SNUM, "external_rpc_pipe", "socket_dir",
lp_ncalrpc_dir());
So socket_dir = /var/run/samba/socket_dir in smb.conf should set this value.
Which should lead to a /var/run/samba/socket_dir/np/**msftewds file to
appear, am I right ? Because the directory is not created ?
Is it my external daemon that have to create the unix domain socket
exchange file ?
I have done some fast wireshark capture. It seems taht the pipe is not
opened with NT Create And X. It is accessed with a SMB_COM_TRANSACTION
(0x25) containing the sub command TRANS_WAIT_NMPIPE (0x0053). Smbd responds
with STATUS_NOT_SUPPORTED that is not indicated as a correct STATUS return
code for this command in MS-CIFS specification. Do you have any idea where
such smb message is handled in samba code ? If it is implemented ?
Best regards,
Jean-Daniel FISCHER
2013/3/20 Gregor Beck <gb at sernet.de>
---------- Message transf?r? ----------
From: Gregor Beck <gbeck at sernet.de>
To: samba-technical at lists.samba.**org <samba-technical at lists.samba.org>
Cc: Jean-Daniel FISCHER <jeandaniel.fischer at gmail.com>
Date: Wed, 20 Mar 2013 15:32:58 +0100
Subject: Re: Windows Search Protocol for samba share
Hi Jean-Daniel,
I've started hacking a wireshark dissector for MS-WSP. It is far from
complete
but might be of some help.
http://repo.or.cz/w/wireshark-**wip.git/shortlog/refs/heads/**ms-wsp<http://repo.or.cz/w/wireshark-wip.git/shortlog/refs/heads/ms-wsp>
Any feedback is welcome ;-)
Gregor
Post by Jean-Daniel FISCHER
Hi everyone,
I wish to develop Windows Search Protocol (MS-WSP) support for samba
share.
Post by Jean-Daniel FISCHER
I have gone through the specification and I am confident it can be done.
The protocol works on top of SMB using the named pipe MSFTEWDS according
to
Post by Jean-Daniel FISCHER
the specification MS provides.
I am looking for a way to declare this named pipe into samba and make all
requests made on that named pipe forward to an external program.
I have looked over samba source code, wiki and mailing list archives
during the last month, I can?t find a way to do it. Is there any way to
do
Post by Jean-Daniel FISCHER
this ?
Best regards,
Jean-Daniel FISCHER
Hi Jean-Daniel,
I have done some fast wireshark capture. It seems taht the pipe is not
Post by Jean-Daniel FISCHER
opened with NT Create And X. It is accessed with a SMB_COM_TRANSACTION
(0x25) containing the sub command TRANS_WAIT_NMPIPE (0x0053).
I stumbled across the same problem a year ago while I was doing some
prototype implementation for my master thesis. The problem is that the
Windows Search Service relies on the pipe being opened with the
SMB_COM_NT_CREATE_ANDX command rather than the SMB_COM_OPEN command. The
former one allows the parameter 'ImpersonationLevel' being set. This is a
mandatory parameter as stated in the MS-WSP section 2.1.
At that time I did not find a suitable (rather quick) approach to handle
the problem, as it seemed to require serious changes to the Samba Project
implementation itself. Eventually I had to switch to jCIFS for further
process.
Hope this helps...
Greets
Alexander L?ders
Jean-Daniel FISCHER
2013-03-23 15:03:39 UTC
Permalink
Hi,

@Alexander: Thanks for sharing your experience. I hope, I can manage to
find some work around with the help out here :)

I joined the wireshark capture, the smbd full log and my smb.conf.

For reference: HYPERION is the Windows 8 client and GAIA is the standalone
server that host samba.

Best regards,

Jean-Daniel FISCHER

PS: this time with reasonable size for log file ;)

2013/3/23 Jean-Daniel FISCHER <jeandaniel.fischer at gmail.com>
Post by Jean-Daniel FISCHER
I forget, if you want to reproduce the trace on your network, here how I
Use the Windows Explorer to browse a samba share. Then type a word in the
search box.
You should see your windows client trying to open the pipe and then start
searching by browsing your entire share.
Jean-Daniel FISCHER
2013/3/23 Jean-Daniel FISCHER <jeandaniel.fischer at gmail.com>
Hi,
@Alexander: Thanks for sharing your experience. I hope, I can manage to
find some work around with the help out here :)
I joined the wireshark capture, the smbd full log and my smb.conf.
For reference: HYPERION is the Windows 8 client and GAIA is the
standalone server that host samba.
Best regards,
Jean-Daniel FISCHER
2013/3/23 Alexander L?ders <alexander.lueders at gmx.de>
Post by Jean-Daniel FISCHER
Hi Gregor and Jeremy,
Post by Jean-Daniel FISCHER
First of all, thanks for helping me :)
@Gregor: It's seems promising and I will definitevely use it and give you
feedback as soon as I start to code the server. For now, I will focus on
declaring the named pipe in samba and forward it to external daemon.
@Jeremy: I am looking into the samba code. So far, I found the nt_open_pipe
which is the function call when a client try to open a named pipe. It calls
open_np_file, that calls np_open. At the end, this function calls
make_external_rpc_pipe_p if the pipe_mode is set
to RPC_SERVICE_MODE_EXTERNAL.
Correct me if I am wrong but that mean I need to add
rpc_server:msftewds =
external into smb.conf.
socket_dir = lp_parm_const_string(
GLOBAL_SECTION_SNUM, "external_rpc_pipe", "socket_dir",
lp_ncalrpc_dir());
So socket_dir = /var/run/samba/socket_dir in smb.conf should set this value.
Which should lead to a /var/run/samba/socket_dir/np/**msftewds file to
appear, am I right ? Because the directory is not created ?
Is it my external daemon that have to create the unix domain socket
exchange file ?
I have done some fast wireshark capture. It seems taht the pipe is not
opened with NT Create And X. It is accessed with a SMB_COM_TRANSACTION
(0x25) containing the sub command TRANS_WAIT_NMPIPE (0x0053). Smbd responds
with STATUS_NOT_SUPPORTED that is not indicated as a correct STATUS return
code for this command in MS-CIFS specification. Do you have any idea where
such smb message is handled in samba code ? If it is implemented ?
Best regards,
Jean-Daniel FISCHER
2013/3/20 Gregor Beck <gb at sernet.de>
---------- Message transf?r? ----------
From: Gregor Beck <gbeck at sernet.de>
To: samba-technical at lists.samba.**org<samba-technical at lists.samba.org>
Cc: Jean-Daniel FISCHER <jeandaniel.fischer at gmail.com>
Date: Wed, 20 Mar 2013 15:32:58 +0100
Subject: Re: Windows Search Protocol for samba share
Hi Jean-Daniel,
I've started hacking a wireshark dissector for MS-WSP. It is far from
complete
but might be of some help.
http://repo.or.cz/w/wireshark-**wip.git/shortlog/refs/heads/**ms-wsp<http://repo.or.cz/w/wireshark-wip.git/shortlog/refs/heads/ms-wsp>
Any feedback is welcome ;-)
Gregor
Post by Jean-Daniel FISCHER
Hi everyone,
I wish to develop Windows Search Protocol (MS-WSP) support for samba
share.
Post by Jean-Daniel FISCHER
I have gone through the specification and I am confident it can be done.
The protocol works on top of SMB using the named pipe MSFTEWDS according
to
Post by Jean-Daniel FISCHER
the specification MS provides.
I am looking for a way to declare this named pipe into samba and make all
requests made on that named pipe forward to an external program.
I have looked over samba source code, wiki and mailing list archives
during the last month, I can?t find a way to do it. Is there any way to
do
Post by Jean-Daniel FISCHER
this ?
Best regards,
Jean-Daniel FISCHER
Hi Jean-Daniel,
I have done some fast wireshark capture. It seems taht the pipe is not
Post by Jean-Daniel FISCHER
opened with NT Create And X. It is accessed with a SMB_COM_TRANSACTION
(0x25) containing the sub command TRANS_WAIT_NMPIPE (0x0053).
I stumbled across the same problem a year ago while I was doing some
prototype implementation for my master thesis. The problem is that the
Windows Search Service relies on the pipe being opened with the
SMB_COM_NT_CREATE_ANDX command rather than the SMB_COM_OPEN command. The
former one allows the parameter 'ImpersonationLevel' being set. This is a
mandatory parameter as stated in the MS-WSP section 2.1.
At that time I did not find a suitable (rather quick) approach to handle
the problem, as it seemed to require serious changes to the Samba Project
implementation itself. Eventually I had to switch to jCIFS for further
process.
Hope this helps...
Greets
Alexander L?ders
-------------- next part --------------
A non-text attachment was scrubbed...
Name: WSP.pcap
Type: application/octet-stream
Size: 8433 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20130323/6365d21e/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: log.hyperion
Type: application/octet-stream
Size: 10107 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20130323/6365d21e/attachment-0001.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smb.conf
Type: application/octet-stream
Size: 963 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20130323/6365d21e/attachment-0002.obj>
Volker Lendecke
2013-03-25 10:04:24 UTC
Permalink
Hi,
@Alexander: Thanks for sharing your experience. I hope, I can manage to
find some work around with the help out here :)
I joined the wireshark capture, the smbd full log and my smb.conf.
For reference: HYPERION is the Windows 8 client and GAIA is the standalone
server that host samba.
Best regards,
Jean-Daniel FISCHER
PS: this time with reasonable size for log file ;)
Sorry, but neither the log file nor the wireshark capture
contain the open attempt. Log files may be large, but they
are required to debug this issue.

With best regards,

Volker Lendecke
--
SerNet GmbH, Bahnhofsallee 1b, 37081 G?ttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG G?ttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
Jean-Daniel FISCHER
2013-03-27 19:09:46 UTC
Permalink
Hi,

With the log, I managed to trace the SMBTrans call on the pipe
<\PIPE\MsFteWds> to the function "named_pipe" in ipc.c. It appears that
the function is checking the named pipe name against a specific list
(LANMAN, WKSSVC, SRVSVC, WINREG, SAMR and LSARPC). If the pipe is not in
this list it return NT_STATUS_NOT_SUPPORTED.

I will look into developping a patch that solve my problem.

The function code :
static void named_pipe(connection_struct *conn, uint64_t vuid,
struct smb_request *req,
const char *name, uint16 *setup,
char *data, char *params,
int suwcnt, int tdscnt,int tpscnt,
int msrcnt, int mdrcnt, int mprcnt)
{
DEBUG(3,("named pipe command on <%s> name\n", name));

if (strequal(name,"LANMAN")) {
api_reply(conn, vuid, req,
data, params,
tdscnt, tpscnt,
mdrcnt, mprcnt);
return;
}

if (strequal(name,"WKSSVC") ||
strequal(name,"SRVSVC") ||
strequal(name,"WINREG") ||
strequal(name,"SAMR") ||
strequal(name,"LSARPC")) {

DEBUG(4,("named pipe command from Win95 (wow!)\n"));

api_fd_reply(conn, vuid, req,
setup, (uint8_t *)data, params,
suwcnt, tdscnt, tpscnt,
mdrcnt, mprcnt);
return;
}

if (strlen(name) < 1) {
api_fd_reply(conn, vuid, req,
setup, (uint8_t *)data,
params, suwcnt, tdscnt,
tpscnt, mdrcnt, mprcnt);
return;
}

if (setup)
DEBUG(3,("unknown named pipe: setup 0x%X setup1=%d\n",
(int)setup[0],(int)setup[1]));

reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
return;
}

Best regards,

Jean-Daniel FSICHER

2013/3/25 Volker Lendecke <Volker.Lendecke at sernet.de>
Hi,
@Alexander: Thanks for sharing your experience. I hope, I can manage to
find some work around with the help out here :)
I joined the wireshark capture, the smbd full log and my smb.conf.
For reference: HYPERION is the Windows 8 client and GAIA is the
standalone
server that host samba.
Best regards,
Jean-Daniel FISCHER
PS: this time with reasonable size for log file ;)
Sorry, but neither the log file nor the wireshark capture
contain the open attempt. Log files may be large, but they
are required to debug this issue.
With best regards,
Volker Lendecke
--
SerNet GmbH, Bahnhofsallee 1b, 37081 G?ttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG G?ttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
Jean-Daniel FISCHER
2013-04-11 21:47:54 UTC
Permalink
Hi everyone,

I have switch from SMB to SMB2. In SMB2 when WIN8 client tried to open the
WSP associated named pipe, it sends an IOCTL request with a control op code
of 0x00110018 (FSCTL_PIPE_WAIT). According to MS-SMB2 specification the
correct response is a message with op code 0x00110018 (FSCTL_PIPE_WAIT).

Going across samba code, the treatment goes to the
function smb2_ioctl_named_pipe into smb2_ioct_named_pipe.c. The function
code does not implement specific for this control op code.

I want to add needed code, here is few questions :
Function parameters are :
uint32_t ctl_code,
struct tevent_context *ev,
struct tevent_req *req,
struct smbd_smb2_ioctl_state *state
How to specified the response content ? Is there any function that will
build SMB2 Header so I will just have to specified the control op code ?
Do I need to build the entire content ?
Any documentation on this ?

Best regards,

Jean-Daniel FISCHER


2013/3/27 Jean-Daniel FISCHER <jeandaniel.fischer at gmail.com>
Post by Jean-Daniel FISCHER
Hi,
With the log, I managed to trace the SMBTrans call on the pipe
<\PIPE\MsFteWds> to the function "named_pipe" in ipc.c. It appears that
the function is checking the named pipe name against a specific list
(LANMAN, WKSSVC, SRVSVC, WINREG, SAMR and LSARPC). If the pipe is not in
this list it return NT_STATUS_NOT_SUPPORTED.
I will look into developping a patch that solve my problem.
static void named_pipe(connection_struct *conn, uint64_t vuid,
struct smb_request *req,
const char *name, uint16 *setup,
char *data, char *params,
int suwcnt, int tdscnt,int tpscnt,
int msrcnt, int mdrcnt, int mprcnt)
{
DEBUG(3,("named pipe command on <%s> name\n", name));
if (strequal(name,"LANMAN")) {
api_reply(conn, vuid, req,
data, params,
tdscnt, tpscnt,
mdrcnt, mprcnt);
return;
}
if (strequal(name,"WKSSVC") ||
strequal(name,"SRVSVC") ||
strequal(name,"WINREG") ||
strequal(name,"SAMR") ||
strequal(name,"LSARPC")) {
DEBUG(4,("named pipe command from Win95 (wow!)\n"));
api_fd_reply(conn, vuid, req,
setup, (uint8_t *)data, params,
suwcnt, tdscnt, tpscnt,
mdrcnt, mprcnt);
return;
}
if (strlen(name) < 1) {
api_fd_reply(conn, vuid, req,
setup, (uint8_t *)data,
params, suwcnt, tdscnt,
tpscnt, mdrcnt, mprcnt);
return;
}
if (setup)
DEBUG(3,("unknown named pipe: setup 0x%X setup1=%d\n",
(int)setup[0],(int)setup[1]));
reply_nterror(req, NT_STATUS_NOT_SUPPORTED);
return;
}
Best regards,
Jean-Daniel FSICHER
2013/3/25 Volker Lendecke <Volker.Lendecke at sernet.de>
Hi,
@Alexander: Thanks for sharing your experience. I hope, I can manage to
find some work around with the help out here :)
I joined the wireshark capture, the smbd full log and my smb.conf.
For reference: HYPERION is the Windows 8 client and GAIA is the
standalone
server that host samba.
Best regards,
Jean-Daniel FISCHER
PS: this time with reasonable size for log file ;)
Sorry, but neither the log file nor the wireshark capture
contain the open attempt. Log files may be large, but they
are required to debug this issue.
With best regards,
Volker Lendecke
--
SerNet GmbH, Bahnhofsallee 1b, 37081 G?ttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG G?ttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
Continue reading on narkive:
Loading...