DCERPC and Endpoint Mapper

2,065 views

Published on

This is my talk about DCERPC and Endpoint Mapper at the SambaXP conference 2011.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
2,065
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
14
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

DCERPC and Endpoint Mapper

  1. 1. DCERPC Endpoint Mapper Samba3 RPC Server Why? DCERPC and Endpoint Mapper Andreas Schneider <asn@samba.org> Red Hat May 11th, 2011Andreas Schneider <asn@samba.org> Red HatDCERPC and Endpoint Mapper
  2. 2. DCERPC Endpoint Mapper Samba3 RPC Server Why?DCERPC and Endpoint Mapper 1 DCERPC How does RPC work? 2 Endpoint Mapper Concept Functions and Details 3 Samba3 RPC Server Overview Robustness Scalability 4 Why? Franky FreeIPAAndreas Schneider <asn@samba.org> Red HatDCERPC and Endpoint Mapper
  3. 3. DCERPC Endpoint Mapper Samba3 RPC Server Why?How does RPC work?DCERPC and Endpoint Mapper 1 DCERPC How does RPC work? 2 Endpoint Mapper Concept Functions and Details 3 Samba3 RPC Server Overview Robustness Scalability 4 Why? Franky FreeIPAAndreas Schneider <asn@samba.org> Red HatDCERPC and Endpoint Mapper
  4. 4. DCERPC Endpoint Mapper Samba3 RPC Server Why?How does RPC work?Abbreviations DCE: Distributed (Disturbed) Computing Environment RPC: Remote Procedure Call NDR: Network Data Representation IDL: Interface description languageAndreas Schneider <asn@samba.org> Red HatDCERPC and Endpoint Mapper
  5. 5. DCERPC Endpoint Mapper Samba3 RPC Server Why?How does RPC work?The RPC process Server Application Application Client Stub Server Stub RPC Library RPC Library Transport TransportAndreas Schneider <asn@samba.org> Red HatDCERPC and Endpoint Mapper
  6. 6. DCERPC Endpoint Mapper Samba3 RPC Server Why?How does RPC work?Application spoolss: Printing application displaying a list of printers regedit: Display all values of a key Server Application Application Client Stub Server Stub RPC Library RPC Library Transport TransportAndreas Schneider <asn@samba.org> Red HatDCERPC and Endpoint Mapper
  7. 7. DCERPC Endpoint Mapper Samba3 RPC Server Why?How does RPC work?Client Stubs spoolss: Your application calling dcerpc spoolss EnumPrinters regedit: Your application calling dcerpc winreg EnumValues Server Application Application Client Stub Server Stub RPC Library RPC Library Transport TransportAndreas Schneider <asn@samba.org> Red HatDCERPC and Endpoint Mapper
  8. 8. DCERPC Endpoint Mapper Samba3 RPC Server Why?How does RPC work?Run-time Library RPC client implementation creating a RPC bind Establishes the connection Authenticates the user Server Application Application Client Stub Server Stub RPC Library RPC Library Transport TransportAndreas Schneider <asn@samba.org> Red HatDCERPC and Endpoint Mapper
  9. 9. DCERPC Endpoint Mapper Samba3 RPC Server Why?How does RPC work?Transports ncacn np: SMB Named Pipes transport ncacn ip tcp: DCE/RPC over TCP/IP ncalrpc: Local interprocess communication ncacn http: DCE/RPC over HTTP ncadg ip udp, ncacn at dsp, ncacn nb ipx, ncacn dnet nsp, ...Andreas Schneider <asn@samba.org> Red HatDCERPC and Endpoint Mapper
  10. 10. DCERPC Endpoint Mapper Samba3 RPC Server Why?How does RPC work?Run-time Library The RPC Server accepting a connection over a transport and creating the RPC bind After successfull authentication it calls the Server Stub Server Application Application Client Stub Server Stub RPC Library RPC Library Transport TransportAndreas Schneider <asn@samba.org> Red HatDCERPC and Endpoint Mapper
  11. 11. DCERPC Endpoint Mapper Samba3 RPC Server Why?How does RPC work?Server Stubs This unmarshals the packet and calls the application implementation spoolss: spoolss EnumPrinters regedit: winreg EnumValues Server Application Application Client Stub Server Stub RPC Library RPC Library Transport TransportAndreas Schneider <asn@samba.org> Red HatDCERPC and Endpoint Mapper
  12. 12. DCERPC Endpoint Mapper Samba3 RPC Server Why?ConceptDCERPC and Endpoint Mapper 1 DCERPC How does RPC work? 2 Endpoint Mapper Concept Functions and Details 3 Samba3 RPC Server Overview Robustness Scalability 4 Why? Franky FreeIPAAndreas Schneider <asn@samba.org> Red HatDCERPC and Endpoint Mapper
  13. 13. DCERPC Endpoint Mapper Samba3 RPC Server Why?ConceptAbbreviations EPM: Endpoint Mapper UUID: Universally Unique Identifier (man uuidgen) NDR: Network Data RepresentationAndreas Schneider <asn@samba.org> Red HatDCERPC and Endpoint Mapper
  14. 14. DCERPC Endpoint Mapper Samba3 RPC Server Why?ConceptTerminology Endpoint: An endpoint could be a port or a pipe and provide several interfaces Interface: An interface is a RPC service provided by an endpoint The named pipe PIPEnetlogon can be used for netlogon and lsarpc connections.Andreas Schneider <asn@samba.org> Red HatDCERPC and Endpoint Mapper
  15. 15. DCERPC Endpoint Mapper Samba3 RPC Server Why?ConceptRemember: The RPC process Server Application Application Client Stub Server Stub RPC Library RPC Library Transport TransportAndreas Schneider <asn@samba.org> Red HatDCERPC and Endpoint Mapper
  16. 16. DCERPC Endpoint Mapper Samba3 RPC Server Why?ConceptEndpoint operations Each RPC service allocates one or more endpoints dynamically on server startup Endpoint mapper maintains information about those endpoints The Endpoint Mapper listens on port 135 TCP/IP or on PIPEepmapperAndreas Schneider <asn@samba.org> Red HatDCERPC and Endpoint Mapper
  17. 17. DCERPC Endpoint Mapper Samba3 RPC Server Why?Functions and DetailsDCERPC and Endpoint Mapper 1 DCERPC How does RPC work? 2 Endpoint Mapper Concept Functions and Details 3 Samba3 RPC Server Overview Robustness Scalability 4 Why? Franky FreeIPAAndreas Schneider <asn@samba.org> Red HatDCERPC and Endpoint Mapper
  18. 18. DCERPC Endpoint Mapper Samba3 RPC Server Why?Functions and DetailsFunction overview The most important function of the endpoint mapper. epm Insert Add specified entries to an endpoint map. epm Delete Delete specified entries from an endpoint map. epm Lookup Lookup entries in an endpoint map. epm Map Apply some algorithm to an endpoint map to produce a list of protocol towers. (Provide an uuid and get an endpoint) epm LookupHandleFree Free an epm Lookup or epm Map entry handle.Andreas Schneider <asn@samba.org> Red HatDCERPC and Endpoint Mapper
  19. 19. DCERPC Endpoint Mapper Samba3 RPC Server Why?Functions and DetailsExample Wireshark trace ...Andreas Schneider <asn@samba.org> Red HatDCERPC and Endpoint Mapper
  20. 20. DCERPC Endpoint Mapper Samba3 RPC Server Why?Functions and DetailsAn endpoint tower A tower has up to 6 floors, 4 at least 1 Floor1: Provides the RPC interface identifier (netlogon uuid). 2 Floor2: Transfer syntax (NDR endcoded) 3 Floor3: RPC protocol identifier (ncacn tcp ip, ncacn np, ...) 4 Floor4: Port address (e.g. TCP Port: 49156, PIPE) 5 Floor5: Transport (e.g. IP:192.168.51.10, NB:krikkit) 6 Floor6: RoutingAndreas Schneider <asn@samba.org> Red HatDCERPC and Endpoint Mapper
  21. 21. DCERPC Endpoint Mapper Samba3 RPC Server Why?OverviewDCERPC and Endpoint Mapper 1 DCERPC How does RPC work? 2 Endpoint Mapper Concept Functions and Details 3 Samba3 RPC Server Overview Robustness Scalability 4 Why? Franky FreeIPAAndreas Schneider <asn@samba.org> Red HatDCERPC and Endpoint Mapper
  22. 22. DCERPC Endpoint Mapper Samba3 RPC Server Why?OverviewRPC Endpoints Added support for TCP/IP and NCALRPC Other processes can register at EPM (OpenChange) over NCALRPCAndreas Schneider <asn@samba.org> Red HatDCERPC and Endpoint Mapper
  23. 23. DCERPC Endpoint Mapper Samba3 RPC Server Why?RobustnessDCERPC and Endpoint Mapper 1 DCERPC How does RPC work? 2 Endpoint Mapper Concept Functions and Details 3 Samba3 RPC Server Overview Robustness Scalability 4 Why? Franky FreeIPAAndreas Schneider <asn@samba.org> Red HatDCERPC and Endpoint Mapper
  24. 24. DCERPC Endpoint Mapper Samba3 RPC Server Why?RobustnessRobustness Client RPC service tries to register serveral times After successful registration we do connection monitoring Server We monitor the client connection If it goes away, delete the endpointsAndreas Schneider <asn@samba.org> Red HatDCERPC and Endpoint Mapper
  25. 25. DCERPC Endpoint Mapper Samba3 RPC Server Why?ScalabilityDCERPC and Endpoint Mapper 1 DCERPC How does RPC work? 2 Endpoint Mapper Concept Functions and Details 3 Samba3 RPC Server Overview Robustness Scalability 4 Why? Franky FreeIPAAndreas Schneider <asn@samba.org> Red HatDCERPC and Endpoint Mapper
  26. 26. DCERPC Endpoint Mapper Samba3 RPC Server Why?ScalabilityPre-fork We started to implement a mutex locking based pre-fork model. Parent binds all sockets and then forks a number of children Childs have a lock around the accept(3) call Prototype working for our spoolss daemonAndreas Schneider <asn@samba.org> Red HatDCERPC and Endpoint Mapper
  27. 27. DCERPC Endpoint Mapper Samba3 RPC Server Why?FrankyDCERPC and Endpoint Mapper 1 DCERPC How does RPC work? 2 Endpoint Mapper Concept Functions and Details 3 Samba3 RPC Server Overview Robustness Scalability 4 Why? Franky FreeIPAAndreas Schneider <asn@samba.org> Red HatDCERPC and Endpoint Mapper
  28. 28. DCERPC Endpoint Mapper Samba3 RPC Server Why?FrankyFranky A lot of infrastructure has been created for Franky EPM allows us to have multiple daemonsAndreas Schneider <asn@samba.org> Red HatDCERPC and Endpoint Mapper
  29. 29. DCERPC Endpoint Mapper Samba3 RPC Server Why?FreeIPADCERPC and Endpoint Mapper 1 DCERPC How does RPC work? 2 Endpoint Mapper Concept Functions and Details 3 Samba3 RPC Server Overview Robustness Scalability 4 Why? Franky FreeIPAAndreas Schneider <asn@samba.org> Red HatDCERPC and Endpoint Mapper
  30. 30. DCERPC Endpoint Mapper Samba3 RPC Server Why?FreeIPAFreeIPA FreeIPA is something like Active Directory but for Linux only. We want to be able to do forest trusts with Active Directory For this we need LSA and Netlogon (SAMR) pdb ipa and ’net rpc trust’Andreas Schneider <asn@samba.org> Red HatDCERPC and Endpoint Mapper
  31. 31. DCERPC Endpoint Mapper Samba3 RPC Server Why?FreeIPA Questions & Answers Slides http://www.samba.org/~asn/Andreas Schneider <asn@samba.org> Red HatDCERPC and Endpoint Mapper

×