Uploaded bycynapses
PDF, PPTX1,278 views

DCERPC and Endpoint Mapper

The document discusses DCERPC and the Endpoint Mapper. It begins with an overview of how RPC works, including the roles of client and server stubs, runtime libraries, and transports. It then covers the concepts and functions of the Endpoint Mapper, which maintains information about RPC service endpoints and listens on port 135. The document outlines some key Endpoint Mapper functions like epmInsert, epmDelete, and epmLookup. It provides context on DCERPC, RPC, and the role of the Endpoint Mapper in facilitating communication between clients and servers.

Download as PDF, PPTX
DCERPC Endpoint Mapper Samba3 RPC Server Why? DCERPC and Endpoint Mapper Andreas Schneider <asn@samba.org> Red Hat May 11th, 2011 Andreas Schneider <asn@samba.org> Red Hat DCERPC and Endpoint Mapper
DCERPC Endpoint Mapper Samba3 RPC Server Why? DCERPC and Endpoint Mapper 1 DCERPC How does RPC work? 2 Endpoint Mapper Concept Functions and Details 3 Samba3 RPC Server Overview Robustness Scalability 4 Why? Franky FreeIPA Andreas Schneider <asn@samba.org> Red Hat DCERPC and Endpoint Mapper
DCERPC Endpoint Mapper Samba3 RPC Server Why? How does RPC work? DCERPC and Endpoint Mapper 1 DCERPC How does RPC work? 2 Endpoint Mapper Concept Functions and Details 3 Samba3 RPC Server Overview Robustness Scalability 4 Why? Franky FreeIPA Andreas Schneider <asn@samba.org> Red Hat DCERPC and Endpoint Mapper
DCERPC Endpoint Mapper Samba3 RPC Server Why? How does RPC work? Abbreviations DCE: Distributed (Disturbed) Computing Environment RPC: Remote Procedure Call NDR: Network Data Representation IDL: Interface description language Andreas Schneider <asn@samba.org> Red Hat DCERPC and Endpoint Mapper
DCERPC Endpoint Mapper Samba3 RPC Server Why? How does RPC work? The RPC process Server Application Application Client Stub Server Stub RPC Library RPC Library Transport Transport Andreas Schneider <asn@samba.org> Red Hat DCERPC and Endpoint Mapper
DCERPC Endpoint Mapper Samba3 RPC Server Why? How does RPC work? Application spoolss: Printing application displaying a list of printers regedit: Display all values of a key Server Application Application Client Stub Server Stub RPC Library RPC Library Transport Transport Andreas Schneider <asn@samba.org> Red Hat DCERPC and Endpoint Mapper
DCERPC Endpoint Mapper Samba3 RPC Server Why? How does RPC work? Client Stubs spoolss: Your application calling dcerpc spoolss EnumPrinters regedit: Your application calling dcerpc winreg EnumValues Server Application Application Client Stub Server Stub RPC Library RPC Library Transport Transport Andreas Schneider <asn@samba.org> Red Hat DCERPC and Endpoint Mapper
DCERPC Endpoint Mapper Samba3 RPC Server Why? How does RPC work? Run-time Library RPC client implementation creating a RPC bind Establishes the connection Authenticates the user Server Application Application Client Stub Server Stub RPC Library RPC Library Transport Transport Andreas Schneider <asn@samba.org> Red Hat DCERPC and Endpoint Mapper
DCERPC Endpoint Mapper Samba3 RPC Server Why? How does RPC work? Transports ncacn np: SMB Named Pipes transport ncacn ip tcp: DCE/RPC over TCP/IP ncalrpc: Local interprocess communication ncacn http: DCE/RPC over HTTP ncadg ip udp, ncacn at dsp, ncacn nb ipx, ncacn dnet nsp, ... Andreas Schneider <asn@samba.org> Red Hat DCERPC and Endpoint Mapper
DCERPC Endpoint Mapper Samba3 RPC Server Why? How does RPC work? Run-time Library The RPC Server accepting a connection over a transport and creating the RPC bind After successfull authentication it calls the Server Stub Server Application Application Client Stub Server Stub RPC Library RPC Library Transport Transport Andreas Schneider <asn@samba.org> Red Hat DCERPC and Endpoint Mapper
DCERPC Endpoint Mapper Samba3 RPC Server Why? How does RPC work? Server Stubs This unmarshals the packet and calls the application implementation spoolss: spoolss EnumPrinters regedit: winreg EnumValues Server Application Application Client Stub Server Stub RPC Library RPC Library Transport Transport Andreas Schneider <asn@samba.org> Red Hat DCERPC and Endpoint Mapper
DCERPC Endpoint Mapper Samba3 RPC Server Why? Concept DCERPC and Endpoint Mapper 1 DCERPC How does RPC work? 2 Endpoint Mapper Concept Functions and Details 3 Samba3 RPC Server Overview Robustness Scalability 4 Why? Franky FreeIPA Andreas Schneider <asn@samba.org> Red Hat DCERPC and Endpoint Mapper
DCERPC Endpoint Mapper Samba3 RPC Server Why? Concept Abbreviations EPM: Endpoint Mapper UUID: Universally Unique Identifier (man uuidgen) NDR: Network Data Representation Andreas Schneider <asn@samba.org> Red Hat DCERPC and Endpoint Mapper
DCERPC Endpoint Mapper Samba3 RPC Server Why? Concept Terminology Endpoint: An endpoint could be a port or a pipe and provide several interfaces Interface: An interface is a RPC service provided by an endpoint The named pipe PIPEnetlogon can be used for netlogon and lsarpc connections. Andreas Schneider <asn@samba.org> Red Hat DCERPC and Endpoint Mapper
DCERPC Endpoint Mapper Samba3 RPC Server Why? Concept Remember: The RPC process Server Application Application Client Stub Server Stub RPC Library RPC Library Transport Transport Andreas Schneider <asn@samba.org> Red Hat DCERPC and Endpoint Mapper
DCERPC Endpoint Mapper Samba3 RPC Server Why? Concept Endpoint operations Each RPC service allocates one or more endpoints dynamically on server startup Endpoint mapper maintains information about those endpoints The Endpoint Mapper listens on port 135 TCP/IP or on PIPEepmapper Andreas Schneider <asn@samba.org> Red Hat DCERPC and Endpoint Mapper
DCERPC Endpoint Mapper Samba3 RPC Server Why? Functions and Details DCERPC and Endpoint Mapper 1 DCERPC How does RPC work? 2 Endpoint Mapper Concept Functions and Details 3 Samba3 RPC Server Overview Robustness Scalability 4 Why? Franky FreeIPA Andreas Schneider <asn@samba.org> Red Hat DCERPC and Endpoint Mapper
DCERPC Endpoint Mapper Samba3 RPC Server Why? Functions and Details Function overview The most important function of the endpoint mapper. epm Insert Add specified entries to an endpoint map. epm Delete Delete specified entries from an endpoint map. epm Lookup Lookup entries in an endpoint map. epm Map Apply some algorithm to an endpoint map to produce a list of protocol towers. (Provide an uuid and get an endpoint) epm LookupHandleFree Free an epm Lookup or epm Map entry handle. Andreas Schneider <asn@samba.org> Red Hat DCERPC and Endpoint Mapper
DCERPC Endpoint Mapper Samba3 RPC Server Why? Functions and Details Example Wireshark trace ... Andreas Schneider <asn@samba.org> Red Hat DCERPC and Endpoint Mapper
DCERPC Endpoint Mapper Samba3 RPC Server Why? Functions and Details An endpoint tower A tower has up to 6 floors, 4 at least 1 Floor1: Provides the RPC interface identifier (netlogon uuid). 2 Floor2: Transfer syntax (NDR endcoded) 3 Floor3: RPC protocol identifier (ncacn tcp ip, ncacn np, ...) 4 Floor4: Port address (e.g. TCP Port: 49156, PIPE) 5 Floor5: Transport (e.g. IP:192.168.51.10, NB:krikkit) 6 Floor6: Routing Andreas Schneider <asn@samba.org> Red Hat DCERPC and Endpoint Mapper
DCERPC Endpoint Mapper Samba3 RPC Server Why? Overview DCERPC and Endpoint Mapper 1 DCERPC How does RPC work? 2 Endpoint Mapper Concept Functions and Details 3 Samba3 RPC Server Overview Robustness Scalability 4 Why? Franky FreeIPA Andreas Schneider <asn@samba.org> Red Hat DCERPC and Endpoint Mapper
DCERPC Endpoint Mapper Samba3 RPC Server Why? Overview RPC Endpoints Added support for TCP/IP and NCALRPC Other processes can register at EPM (OpenChange) over NCALRPC Andreas Schneider <asn@samba.org> Red Hat DCERPC and Endpoint Mapper
DCERPC Endpoint Mapper Samba3 RPC Server Why? Robustness DCERPC and Endpoint Mapper 1 DCERPC How does RPC work? 2 Endpoint Mapper Concept Functions and Details 3 Samba3 RPC Server Overview Robustness Scalability 4 Why? Franky FreeIPA Andreas Schneider <asn@samba.org> Red Hat DCERPC and Endpoint Mapper
DCERPC Endpoint Mapper Samba3 RPC Server Why? Robustness Robustness Client RPC service tries to register serveral times After successful registration we do connection monitoring Server We monitor the client connection If it goes away, delete the endpoints Andreas Schneider <asn@samba.org> Red Hat DCERPC and Endpoint Mapper
DCERPC Endpoint Mapper Samba3 RPC Server Why? Scalability DCERPC and Endpoint Mapper 1 DCERPC How does RPC work? 2 Endpoint Mapper Concept Functions and Details 3 Samba3 RPC Server Overview Robustness Scalability 4 Why? Franky FreeIPA Andreas Schneider <asn@samba.org> Red Hat DCERPC and Endpoint Mapper
DCERPC Endpoint Mapper Samba3 RPC Server Why? Scalability Pre-fork We started to implement a mutex locking based pre-fork model. Parent binds all sockets and then forks a number of children Childs have a lock around the accept(3) call Prototype working for our spoolss daemon Andreas Schneider <asn@samba.org> Red Hat DCERPC and Endpoint Mapper
DCERPC Endpoint Mapper Samba3 RPC Server Why? Franky DCERPC and Endpoint Mapper 1 DCERPC How does RPC work? 2 Endpoint Mapper Concept Functions and Details 3 Samba3 RPC Server Overview Robustness Scalability 4 Why? Franky FreeIPA Andreas Schneider <asn@samba.org> Red Hat DCERPC and Endpoint Mapper
DCERPC Endpoint Mapper Samba3 RPC Server Why? Franky Franky A lot of infrastructure has been created for Franky EPM allows us to have multiple daemons Andreas Schneider <asn@samba.org> Red Hat DCERPC and Endpoint Mapper
DCERPC Endpoint Mapper Samba3 RPC Server Why? FreeIPA DCERPC and Endpoint Mapper 1 DCERPC How does RPC work? 2 Endpoint Mapper Concept Functions and Details 3 Samba3 RPC Server Overview Robustness Scalability 4 Why? Franky FreeIPA Andreas Schneider <asn@samba.org> Red Hat DCERPC and Endpoint Mapper
DCERPC Endpoint Mapper Samba3 RPC Server Why? FreeIPA FreeIPA FreeIPA is something like Active Directory but for Linux only. We want to be able to do forest trusts with Active Directory For this we need LSA and Netlogon (SAMR) pdb ipa and ’net rpc trust’ Andreas Schneider <asn@samba.org> Red Hat DCERPC and Endpoint Mapper
DCERPC Endpoint Mapper Samba3 RPC Server Why? FreeIPA Questions & Answers Slides http://www.samba.org/~asn/ Andreas Schneider <asn@samba.org> Red Hat DCERPC and Endpoint Mapper

More Related Content

PPT
Name Based Net Architectures
bywebhostingguy
 
PDF
Xtcp Performance Brochure
byTarik KUCUK
 
PPT
Course on TCP Dynamic Performance
byJavier Arauz
 
PDF
Toward an Understanding of the Processing Delay of Peer-to-Peer Relay Nodes
byAcademia Sinica
 
PDF
Sun RPC (Remote Procedure Call)
byPeter R. Egli
 
PDF
Computer network (13)
byNYversity
 
PPT
Providing Controlled Quality Assurance in Video Streaming ...
byVideoguy
 
PDF
Udp length 519 computer networks transport
byBrand Xanh
 
Name Based Net Architectures
bywebhostingguy
 
Xtcp Performance Brochure
byTarik KUCUK
 
Course on TCP Dynamic Performance
byJavier Arauz
 
Toward an Understanding of the Processing Delay of Peer-to-Peer Relay Nodes
byAcademia Sinica
 
Sun RPC (Remote Procedure Call)
byPeter R. Egli
 
Computer network (13)
byNYversity
 
Providing Controlled Quality Assurance in Video Streaming ...
byVideoguy
 
Udp length 519 computer networks transport
byBrand Xanh
 

What's hot

PDF
NoSQL afternoon in Japan Kumofs & MessagePack
bySadayuki Furuhashi
 
PDF
RIPE 80: Buffers and Protocols
byAPNIC
 
PPT
Rpc (Distributed computing)
bySri Prasanna
 
PPTX
Cs 704 d rpc
byDebasis Das
 
PPT
Sania rtp
bysaniacorreya
 
PPTX
Rtp
byKhant Oo
 
PDF
Remote Procedure Call (RPC) Server creation semantics &amp; call semantics
bysvm
 
PPT
Real-Time Streaming Protocol
byJayaprakash Nagaruru
 
PDF
CS 6390 Project design report
byRaj Gupta
 
PDF
CS 6390 Project design report
byAbhishek Datta
 
PPTX
RPC communication,thread and processes
byshraddha mane
 
PPT
RTP.ppt
byVideoguy
 
PPT
Rtp
bySamyuktha Dhinakaran
 
PPT
Rtsp
bySumit Arora
 
NoSQL afternoon in Japan Kumofs & MessagePack
bySadayuki Furuhashi
 
RIPE 80: Buffers and Protocols
byAPNIC
 
Rpc (Distributed computing)
bySri Prasanna
 
Cs 704 d rpc
byDebasis Das
 
Sania rtp
bysaniacorreya
 
Rtp
byKhant Oo
 
Remote Procedure Call (RPC) Server creation semantics &amp; call semantics
bysvm
 
Real-Time Streaming Protocol
byJayaprakash Nagaruru
 
CS 6390 Project design report
byRaj Gupta
 
CS 6390 Project design report
byAbhishek Datta
 
RPC communication,thread and processes
byshraddha mane
 
RTP.ppt
byVideoguy
 
Rtp
bySamyuktha Dhinakaran
 
Rtsp
bySumit Arora
 

Viewers also liked

PPT
Luis Hernandez Power Point
byalumniupc
 
DOC
مساله برج هانوی
byguestc0f47ed
 
PPT
Project SEANERGY Foundation Brief
byProject Seanergy Foundation
 
XLS
Key Journals (ARE)
byntuHLP
 
PDF
Perfect
byffffhjh
 
DOC
Ref Works Guide (ARE)
byntuHLP
 
DOC
Using eSearch and key databases
byntuHLP
 
PDF
Modelo Brief Creativo
byalumniupc
 
Luis Hernandez Power Point
byalumniupc
 
مساله برج هانوی
byguestc0f47ed
 
Project SEANERGY Foundation Brief
byProject Seanergy Foundation
 
Key Journals (ARE)
byntuHLP
 
Perfect
byffffhjh
 
Ref Works Guide (ARE)
byntuHLP
 
Using eSearch and key databases
byntuHLP
 
Modelo Brief Creativo
byalumniupc
 

Similar to DCERPC and Endpoint Mapper

PPT
Dce rpc
bypratosh123
 
PPT
Rpc Case Studies (Distributed computing)
bySri Prasanna
 
PPT
05 rpc-case studies
byhushu
 
PPT
Rpc
byATS SBGI MIRAJ
 
PPTX
RHCE (RED HAT CERTIFIED ENGINEERING)
bySumant Garg
 
PPTX
Introduction to Remote Procedure Call
byAbdelrahman Al-Ogail
 
PPTX
Introduction to C++ Remote Procedure Call (RPC)
byAbdelrahman Al-Ogail
 
PDF
Lecture9
bySheikh Amjad Zia
 
PPTX
Distributed, Network System and RPC.pptx
byvikrammadhad2446
 
PDF
Meeting 9 nfs network file system
bySyaiful Ahdan
 
PPT
Topic2 Understanding Middleware
bysanjoysanyal
 
PPTX
Rhel4
byYash Gulati
 
PDF
JmDNS : Service Discovery for the 21st Century
byGnu Alsonative
 
PDF
JmDNS : Service Discovery for the 21st Century
byGnu Alsonative
 
DOCX
Remote Procedure Call
byNadia Nahar
 
PPTX
Data Center: Cloud & Convergencia
byLogicalis Latam
 
PDF
pps Matters
byBangladesh Network Operators Group
 
PDF
Samba
byMd Shihab
 
PPT
FILE SERVER
byJagdeep Singh Malhi
 
PPT
File Sever
byJagdeep Singh Malhi
 
Dce rpc
bypratosh123
 
Rpc Case Studies (Distributed computing)
bySri Prasanna
 
05 rpc-case studies
byhushu
 
Rpc
byATS SBGI MIRAJ
 
RHCE (RED HAT CERTIFIED ENGINEERING)
bySumant Garg
 
Introduction to Remote Procedure Call
byAbdelrahman Al-Ogail
 
Introduction to C++ Remote Procedure Call (RPC)
byAbdelrahman Al-Ogail
 
Lecture9
bySheikh Amjad Zia
 
Distributed, Network System and RPC.pptx
byvikrammadhad2446
 
Meeting 9 nfs network file system
bySyaiful Ahdan
 
Topic2 Understanding Middleware
bysanjoysanyal
 
Rhel4
byYash Gulati
 
JmDNS : Service Discovery for the 21st Century
byGnu Alsonative
 
JmDNS : Service Discovery for the 21st Century
byGnu Alsonative
 
Remote Procedure Call
byNadia Nahar
 
Data Center: Cloud & Convergencia
byLogicalis Latam
 
pps Matters
byBangladesh Network Operators Group
 
Samba
byMd Shihab
 
FILE SERVER
byJagdeep Singh Malhi
 
File Sever
byJagdeep Singh Malhi
 

Recently uploaded

PPTX
UiPath Data Fabric From Data Silos to Unified Flows.pptx
bysuhanisingh58689
 
PPTX
RAPTOR_Intro_Exercises_Presentation.pptx
bySwatiMalik36
 
PPTX
Practical tips for keeping your C# code base clean
byDennis Doomen
 
PDF
Unlocking Access: Enriching Public Services with Location Intelligence.pdf
byPrecisely
 
PDF
Session 8 Specialized AI Associate Series: Fundamentals of Model Training
byDianaGray10
 
PPTX
2025 - AI terms & Meanings for Marketers
byashishav29
 
PDF
Fighting CVEs in Embedded Linux with the Yocto Project and OTA Updates
byLeon Anavi
 
PDF
Devfest Harare 2025 Slides [GDG Harare] - Combined Slide Deck
byGoogle Developer Group - Harare
 
PDF
Dev Dives: Unlocking Enterprise Data with UiPath Data Fabric
byUiPathCommunity
 
PDF
From Pixels to Insights: Getting Started with Imagery in FME
bySafe Software
 
PDF
Embedding sustainability: Tips for ebook and print production - Tech Forum 2025
byBookNet Canada
 
PDF
NPTEL Assignment Completed PDF FILE with ans
byadultme43
 
PDF
PromptShelf.ai Is Live: Discover, Create, and Manage AI Prompts That Actually...
byTalavera Solutions
 
PDF
Upskill to Agentic Automation - Working Smarter with AI: Real-World Tools for...
byDianaGray10
 
PDF
A Complete Beginner's Guide to Internet of Things 2025.pdf
bySecuodsoft
 
PDF
Immer vorne mit dabei sein - Roaming leicht gemacht
bypanagenda
 
PDF
Spec Driven Development with Kiro: Ensuring Quality and Traceability in the A...
byHaim Michael
 
PDF
WebXR in Android and Linux with OpenXR
byIgalia
 
PDF
How UK Employers Are Simplifying Entry-Level Hiring with Day One Jobs
byDay One Talent Solutions Ltd
 
PDF
Q8 DIGITAL IDENTITY HUB - WSO2 Oxygenate Italy 2025
byProfesia Srl, Lynx Group
 
UiPath Data Fabric From Data Silos to Unified Flows.pptx
bysuhanisingh58689
 
RAPTOR_Intro_Exercises_Presentation.pptx
bySwatiMalik36
 
Practical tips for keeping your C# code base clean
byDennis Doomen
 
Unlocking Access: Enriching Public Services with Location Intelligence.pdf
byPrecisely
 
Session 8 Specialized AI Associate Series: Fundamentals of Model Training
byDianaGray10
 
2025 - AI terms & Meanings for Marketers
byashishav29
 
Fighting CVEs in Embedded Linux with the Yocto Project and OTA Updates
byLeon Anavi
 
Devfest Harare 2025 Slides [GDG Harare] - Combined Slide Deck
byGoogle Developer Group - Harare
 
Dev Dives: Unlocking Enterprise Data with UiPath Data Fabric
byUiPathCommunity
 
From Pixels to Insights: Getting Started with Imagery in FME
bySafe Software
 
Embedding sustainability: Tips for ebook and print production - Tech Forum 2025
byBookNet Canada
 
NPTEL Assignment Completed PDF FILE with ans
byadultme43
 
PromptShelf.ai Is Live: Discover, Create, and Manage AI Prompts That Actually...
byTalavera Solutions
 
Upskill to Agentic Automation - Working Smarter with AI: Real-World Tools for...
byDianaGray10
 
A Complete Beginner's Guide to Internet of Things 2025.pdf
bySecuodsoft
 
Immer vorne mit dabei sein - Roaming leicht gemacht
bypanagenda
 
Spec Driven Development with Kiro: Ensuring Quality and Traceability in the A...
byHaim Michael
 
WebXR in Android and Linux with OpenXR
byIgalia
 
How UK Employers Are Simplifying Entry-Level Hiring with Day One Jobs
byDay One Talent Solutions Ltd
 
Q8 DIGITAL IDENTITY HUB - WSO2 Oxygenate Italy 2025
byProfesia Srl, Lynx Group
 

DCERPC and Endpoint Mapper

  • 1.
    DCERPC Endpoint Mapper Samba3 RPC Server Why? DCERPC and Endpoint Mapper Andreas Schneider <[email protected]> Red Hat May 11th, 2011 Andreas Schneider <[email protected]> Red Hat DCERPC and Endpoint Mapper
  • 2.
    DCERPC Endpoint Mapper Samba3 RPC Server Why? DCERPC and Endpoint Mapper 1 DCERPC How does RPC work? 2 Endpoint Mapper Concept Functions and Details 3 Samba3 RPC Server Overview Robustness Scalability 4 Why? Franky FreeIPA Andreas Schneider <[email protected]> Red Hat DCERPC and Endpoint Mapper
  • 3.
    DCERPC Endpoint Mapper Samba3 RPC Server Why? How does RPC work? DCERPC and Endpoint Mapper 1 DCERPC How does RPC work? 2 Endpoint Mapper Concept Functions and Details 3 Samba3 RPC Server Overview Robustness Scalability 4 Why? Franky FreeIPA Andreas Schneider <[email protected]> Red Hat DCERPC and Endpoint Mapper
  • 4.
    DCERPC Endpoint Mapper Samba3 RPC Server Why? How does RPC work? Abbreviations DCE: Distributed (Disturbed) Computing Environment RPC: Remote Procedure Call NDR: Network Data Representation IDL: Interface description language Andreas Schneider <[email protected]> Red Hat DCERPC and Endpoint Mapper
  • 5.
    DCERPC Endpoint Mapper Samba3 RPC Server Why? How does RPC work? The RPC process Server Application Application Client Stub Server Stub RPC Library RPC Library Transport Transport Andreas Schneider <[email protected]> Red Hat DCERPC and Endpoint Mapper
  • 6.
    DCERPC Endpoint Mapper Samba3 RPC Server Why? How does RPC work? Application spoolss: Printing application displaying a list of printers regedit: Display all values of a key Server Application Application Client Stub Server Stub RPC Library RPC Library Transport Transport Andreas Schneider <[email protected]> Red Hat DCERPC and Endpoint Mapper
  • 7.
    DCERPC Endpoint Mapper Samba3 RPC Server Why? How does RPC work? Client Stubs spoolss: Your application calling dcerpc spoolss EnumPrinters regedit: Your application calling dcerpc winreg EnumValues Server Application Application Client Stub Server Stub RPC Library RPC Library Transport Transport Andreas Schneider <[email protected]> Red Hat DCERPC and Endpoint Mapper
  • 8.
    DCERPC Endpoint Mapper Samba3 RPC Server Why? How does RPC work? Run-time Library RPC client implementation creating a RPC bind Establishes the connection Authenticates the user Server Application Application Client Stub Server Stub RPC Library RPC Library Transport Transport Andreas Schneider <[email protected]> Red Hat DCERPC and Endpoint Mapper
  • 9.
    DCERPC Endpoint Mapper Samba3 RPC Server Why? How does RPC work? Transports ncacn np: SMB Named Pipes transport ncacn ip tcp: DCE/RPC over TCP/IP ncalrpc: Local interprocess communication ncacn http: DCE/RPC over HTTP ncadg ip udp, ncacn at dsp, ncacn nb ipx, ncacn dnet nsp, ... Andreas Schneider <[email protected]> Red Hat DCERPC and Endpoint Mapper
  • 10.
    DCERPC Endpoint Mapper Samba3 RPC Server Why? How does RPC work? Run-time Library The RPC Server accepting a connection over a transport and creating the RPC bind After successfull authentication it calls the Server Stub Server Application Application Client Stub Server Stub RPC Library RPC Library Transport Transport Andreas Schneider <[email protected]> Red Hat DCERPC and Endpoint Mapper
  • 11.
    DCERPC Endpoint Mapper Samba3 RPC Server Why? How does RPC work? Server Stubs This unmarshals the packet and calls the application implementation spoolss: spoolss EnumPrinters regedit: winreg EnumValues Server Application Application Client Stub Server Stub RPC Library RPC Library Transport Transport Andreas Schneider <[email protected]> Red Hat DCERPC and Endpoint Mapper
  • 12.
    DCERPC Endpoint Mapper Samba3 RPC Server Why? Concept DCERPC and Endpoint Mapper 1 DCERPC How does RPC work? 2 Endpoint Mapper Concept Functions and Details 3 Samba3 RPC Server Overview Robustness Scalability 4 Why? Franky FreeIPA Andreas Schneider <[email protected]> Red Hat DCERPC and Endpoint Mapper
  • 13.
    DCERPC Endpoint Mapper Samba3 RPC Server Why? Concept Abbreviations EPM: Endpoint Mapper UUID: Universally Unique Identifier (man uuidgen) NDR: Network Data Representation Andreas Schneider <[email protected]> Red Hat DCERPC and Endpoint Mapper
  • 14.
    DCERPC Endpoint Mapper Samba3 RPC Server Why? Concept Terminology Endpoint: An endpoint could be a port or a pipe and provide several interfaces Interface: An interface is a RPC service provided by an endpoint The named pipe PIPEnetlogon can be used for netlogon and lsarpc connections. Andreas Schneider <[email protected]> Red Hat DCERPC and Endpoint Mapper
  • 15.
    DCERPC Endpoint Mapper Samba3 RPC Server Why? Concept Remember: The RPC process Server Application Application Client Stub Server Stub RPC Library RPC Library Transport Transport Andreas Schneider <[email protected]> Red Hat DCERPC and Endpoint Mapper
  • 16.
    DCERPC Endpoint Mapper Samba3 RPC Server Why? Concept Endpoint operations Each RPC service allocates one or more endpoints dynamically on server startup Endpoint mapper maintains information about those endpoints The Endpoint Mapper listens on port 135 TCP/IP or on PIPEepmapper Andreas Schneider <[email protected]> Red Hat DCERPC and Endpoint Mapper
  • 17.
    DCERPC Endpoint Mapper Samba3 RPC Server Why? Functions and Details DCERPC and Endpoint Mapper 1 DCERPC How does RPC work? 2 Endpoint Mapper Concept Functions and Details 3 Samba3 RPC Server Overview Robustness Scalability 4 Why? Franky FreeIPA Andreas Schneider <[email protected]> Red Hat DCERPC and Endpoint Mapper
  • 18.
    DCERPC Endpoint Mapper Samba3 RPC Server Why? Functions and Details Function overview The most important function of the endpoint mapper. epm Insert Add specified entries to an endpoint map. epm Delete Delete specified entries from an endpoint map. epm Lookup Lookup entries in an endpoint map. epm Map Apply some algorithm to an endpoint map to produce a list of protocol towers. (Provide an uuid and get an endpoint) epm LookupHandleFree Free an epm Lookup or epm Map entry handle. Andreas Schneider <[email protected]> Red Hat DCERPC and Endpoint Mapper
  • 19.
    DCERPC Endpoint Mapper Samba3 RPC Server Why? Functions and Details Example Wireshark trace ... Andreas Schneider <[email protected]> Red Hat DCERPC and Endpoint Mapper
  • 20.
    DCERPC Endpoint Mapper Samba3 RPC Server Why? Functions and Details An endpoint tower A tower has up to 6 floors, 4 at least 1 Floor1: Provides the RPC interface identifier (netlogon uuid). 2 Floor2: Transfer syntax (NDR endcoded) 3 Floor3: RPC protocol identifier (ncacn tcp ip, ncacn np, ...) 4 Floor4: Port address (e.g. TCP Port: 49156, PIPE) 5 Floor5: Transport (e.g. IP:192.168.51.10, NB:krikkit) 6 Floor6: Routing Andreas Schneider <[email protected]> Red Hat DCERPC and Endpoint Mapper
  • 21.
    DCERPC Endpoint Mapper Samba3 RPC Server Why? Overview DCERPC and Endpoint Mapper 1 DCERPC How does RPC work? 2 Endpoint Mapper Concept Functions and Details 3 Samba3 RPC Server Overview Robustness Scalability 4 Why? Franky FreeIPA Andreas Schneider <[email protected]> Red Hat DCERPC and Endpoint Mapper
  • 22.
    DCERPC Endpoint Mapper Samba3 RPC Server Why? Overview RPC Endpoints Added support for TCP/IP and NCALRPC Other processes can register at EPM (OpenChange) over NCALRPC Andreas Schneider <[email protected]> Red Hat DCERPC and Endpoint Mapper
  • 23.
    DCERPC Endpoint Mapper Samba3 RPC Server Why? Robustness DCERPC and Endpoint Mapper 1 DCERPC How does RPC work? 2 Endpoint Mapper Concept Functions and Details 3 Samba3 RPC Server Overview Robustness Scalability 4 Why? Franky FreeIPA Andreas Schneider <[email protected]> Red Hat DCERPC and Endpoint Mapper
  • 24.
    DCERPC Endpoint Mapper Samba3 RPC Server Why? Robustness Robustness Client RPC service tries to register serveral times After successful registration we do connection monitoring Server We monitor the client connection If it goes away, delete the endpoints Andreas Schneider <[email protected]> Red Hat DCERPC and Endpoint Mapper
  • 25.
    DCERPC Endpoint Mapper Samba3 RPC Server Why? Scalability DCERPC and Endpoint Mapper 1 DCERPC How does RPC work? 2 Endpoint Mapper Concept Functions and Details 3 Samba3 RPC Server Overview Robustness Scalability 4 Why? Franky FreeIPA Andreas Schneider <[email protected]> Red Hat DCERPC and Endpoint Mapper
  • 26.
    DCERPC Endpoint Mapper Samba3 RPC Server Why? Scalability Pre-fork We started to implement a mutex locking based pre-fork model. Parent binds all sockets and then forks a number of children Childs have a lock around the accept(3) call Prototype working for our spoolss daemon Andreas Schneider <[email protected]> Red Hat DCERPC and Endpoint Mapper
  • 27.
    DCERPC Endpoint Mapper Samba3 RPC Server Why? Franky DCERPC and Endpoint Mapper 1 DCERPC How does RPC work? 2 Endpoint Mapper Concept Functions and Details 3 Samba3 RPC Server Overview Robustness Scalability 4 Why? Franky FreeIPA Andreas Schneider <[email protected]> Red Hat DCERPC and Endpoint Mapper
  • 28.
    DCERPC Endpoint Mapper Samba3 RPC Server Why? Franky Franky A lot of infrastructure has been created for Franky EPM allows us to have multiple daemons Andreas Schneider <[email protected]> Red Hat DCERPC and Endpoint Mapper
  • 29.
    DCERPC Endpoint Mapper Samba3 RPC Server Why? FreeIPA DCERPC and Endpoint Mapper 1 DCERPC How does RPC work? 2 Endpoint Mapper Concept Functions and Details 3 Samba3 RPC Server Overview Robustness Scalability 4 Why? Franky FreeIPA Andreas Schneider <[email protected]> Red Hat DCERPC and Endpoint Mapper
  • 30.
    DCERPC Endpoint Mapper Samba3 RPC Server Why? FreeIPA FreeIPA FreeIPA is something like Active Directory but for Linux only. We want to be able to do forest trusts with Active Directory For this we need LSA and Netlogon (SAMR) pdb ipa and ’net rpc trust’ Andreas Schneider <[email protected]> Red Hat DCERPC and Endpoint Mapper
  • 31.
    DCERPC Endpoint Mapper Samba3 RPC Server Why? FreeIPA Questions & Answers Slides http://www.samba.org/~asn/ Andreas Schneider <[email protected]> Red Hat DCERPC and Endpoint Mapper