From: Michael B Allen (mba2000IOPLEX.COM)
Date: Tue Nov 11 2003 - 22:47:55 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Whaooo! This should be handy.

> Mike/Chris/All,
>
> I've set up a new project on Sourceforge, and just finished uploading
> version
> 0.0.0:
>
> http://sourceforge.net/projects/jarapac/
>
> This is a transport-independent framework for DCE/RPC in Java. Key goals
> of
> the project are:
>
> 1) Support for both client and server side RPC, both connection-oriented
> and connectionless.
>
> 2) Pluggable transport support, with provided support for the following
> transports:
>
> ncacn_ip_tcp (Connection-oriented DCE/RPC over TCP)
> ncadg_ip_udp (Connectionless DCE/RPC over UDP)
> ncacn_np (Connection-oriented DCE/RPC over SMB named pipes, using
> jCIFS
> as the transport provider)
>
> 4) Pluggable session security models, with provided support for NTLMSSP
> (and possibly Kerberos).
>
> 5) Client and server stub generation from IDL.
>
> Various parts of these are at various stages; the status and todo list is
> below. There is a (more-or-less working) usage example provided,
> demonstrating
> binding and a bogus function call. Remember that this is effectively
> pre-alpha, so your results may vary wildly ;)
>
> If you want to have a look, you can download it from:
>
> http://sourceforge.net/project/showfiles.php?group_id=94432
>
> To run the example, you would add all the jarfiles in the distribution to
> your classpath, compile *.java in the "examples" directory, and run:
>
> java Example 'ncacn_ip_tcp:SERVER[135]'
>
> which would bind to and invoke against the endpoint mapper over TCP, or:
>
> java Example 'ncacn_np:SERVER[\PIPE\epmapper]'
>
> to do the same thing over SMB named pipes. Also, take a look at the
> example.properties for setting up authenticated binds (probably necessary
> to run the named pipes example as well).
>
>
> Eric
>
>
> --------------------------------------------------------------------------------
> Overall Status:
>
> Anonymous and authenticated binds (with or without NTLM1 signing &
> sealing)
> can be done over TCP and SMB named pipes, and it is *theoretically*
> possible to hand-code working RPC client stubs and invoke them over
> those
> transports.
>
> Client-side connection-oriented framework is more or less complete.
> Client-side connectionless framework is ~40% complete.
> Server-side (both connection-oriented and connectionless) is almost
> totally
> not there.
>
> ncacn_np (Connection-oriented DCE/RPC over SMB named pipes):
>
> Client side is implemented, but somewhat poorly (should use an initial
> SMB transaction for PDUs, followed by reads and writes for overflow;
> this implementation just uses reads and writes, which means at least
> one extra roundtrip per request).
>
> ncacn_ip_tcp (Connection-oriented DCE/RPC over TCP):
>
> Client side is implemented.
>
> ncadg_ip_udp (Connectionless DCE/RPC over UDP):
>
> Client side is partially implemented; transport is mostly complete,
> but connectionless framework is only partially done.
>
> NTLM security:
>
> NTLMv1 authentication with NTLM1 session security is fully
> implemented;
> includes:
>
> Support for signing and/or sealing with user session keys, as well
> as
> 40-bit and 56-bit LAN Manager session keys (there is no 128-bit
> under
> NTLM1).
>
> Support for NTLMSSP key exchange.
>
> LMv2 authentication could maybe work, but is currently not used (there
> is some question as to the session key established; more
> experimentation
> is needed).
> NTLMv2 authentication could probably work, but isn't yet supported in
> jCIFS.
> NTLM2 session security is not yet implemented; since the algorithm
> for NTLM2 signatures under RPC isn't fully understood, there didn't
> seem
> to be much point (as sealing implies signing).
>
>
> To-Do List (in rough order):
>
> Test the NDR encoding more thoroughly (I'm fairly certain there are
> still errors).
>
> Lots of Javadoc, and documentation in general.
>
> Add big-endian support to the NDR formatter (possibly EBCDIC as well).
>
> Implement the Endpoint Mapper client stub.
>
> Finish the connectionless client-side framework.
>
> Implement the Conversation Manager client stub.
>
> Start implementing some more exciting client stubs, such as samr, etc.
>
> Design and implement the server-side connection-oriented and
> connectionless frameworks.
>
> Look at removing the NTLM dependency on jCIFS (as it would be
> neighborly
> to support other SMB client implementations without requiring jCIFS
> as well just for NTLM). It's also possible that big-endian NDR
> support
> would require an overhaul of the NTLM messages (as I'm not clear yet
> whether they are NDR structures or not).
>
> Find/write an IDL compiler to generate interface and stub classes.
> There was talk on #samba-technical surrounding an IDL compiler in
> the works which would generate intermediary XML; this would be ideal,
> as
> XML processing is fairly easy in Java.
>
> Implement the NetLogon secure channel and netlogon client stub.
>
> Experiment with NTLM2 session security.
>

--
A program should be written to model the concepts of the task it
performs rather than the physical world or a process because this
maximizes the potential for it to be applied to tasks that are
conceptually similar and, more important, to tasks that have not
yet been conceived.

----------------------------------------------------------------
Users Guide http://discuss.microsoft.com/archives/mailfaq.html
contains important info including how to unsubscribe. Save time, search
the archives at http://discuss.microsoft.com/archives/index.html

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]