one dce rpc server to serve them all
play

One DCE/RPC server to serve them all Samuel Cabrero - PowerPoint PPT Presentation

Aug 31, 2023 •347 likes •710 views

One DCE/RPC server to serve them all Samuel Cabrero scabrero@suse.com SUSE DCE/RPC 2 DCE / RPC DCE Distributed Computing Environment Framework and toolkit to develop client/server applications Developed by the OSF (Open Software

  1. One DCE/RPC server to serve them all Samuel Cabrero scabrero@suse.com SUSE

  2. DCE/RPC 2

  3. DCE / RPC DCE – Distributed Computing Environment • Framework and toolkit to develop client/server applications • Developed by the OSF (Open Software Foundation) in early 1990s • DCE/RPC (Remote Procedure Call) is part of the framework RPC – Remote Procedure Calls • Infrastructure to call a function on a remote server • Remote is connected over different kind of transports – SMB Named pipes → ncacn_np – TCP/IP → ncacn_ip_tcp – Others ncacn_http, ... Microsoft extensions • Documented in MS-RPCE 3

  4. Remote Procedure Calls A RPC call traverse five code blocks • Client application • Client stub • RPC runtime • Server stub • Server application Stubs are generated by compiling a description of the interface (IDL) with an IDL compiler 4

  5. IDL [ uuid("60a15ec5-4de8-11d7-a637-005056a20182"), endpoint("ncacn_np:[\\pipe\\rpcecho]", "ncacn_ip_tcp:", "ncalrpc:"), pointer_default(unique), version(1.0), helpstring("Simple echo pipe") ] interface rpcecho { /* Add one to an integer */ void echo_AddOne( [in] uint32 in_data, [out] uint32 *out_data ); } 5

  6. Client stub To make an RPC call, the client invokes a function in the client stub The stub converts local application data into network data for transmission (marshalling) Asks the RPC runtime to send the packets NTSTATUS dcerpc_echo_AddOne(struct dcerpc_binding_handle *h, TALLOC_CTX *mem_ctx, uint32_t _in_data /* [in] */, uint32_t *_out_data /* [out] [ref] */); 6

  7. Endpoints and interfaces An endpoint can be a port or a pipe and provide several interfaces • ncacn_np:[\\pipe\netlogon] serves netlogon interface and lsa A interface is the RPC service provided in an endpoint Endpoints can be dinamically allocated • The Endpoint Mapper provide information about the endpoints 7

  8. DCE/RPC in Samba 8

  9. The journey 2003 – Samba 3.0.0 – Hand written marshalling code – Only implemented what was required by windows clients 2003 – Samba 4.0 development starts 2006 – Samba 4.0.0 TP1 (Technology Preview 1) – New DCE/RPC server infrastructure, asynchronous design, single process – Marshalling code is autogenerated thanks to the new IDL compiler (PIDL) 9

  10. Why a new server for S4 Newer services require asynchronous processing • [MS-SWN] Service Witness Protocol • [MS-PAR] Print System Asynchronous Remote Protocol • [MS-FRS2] Distributed File system Replication Protocol Support for association groups Easier to maintain security • Abstracted by gensec Header signing Verification trailer Bindtime feature negotiation 10

  11. The journey 2008 – Samba 3.2 • PIDL backported, hand written marshalling code for some services replaced by autogenerated code 2009 – Samba 3.4 • Remaining hand written marshalling code replaced by autogenerated code • RPC services can be “moved” to external processes • NPA (Named Pipe Auth) abstraction use Unix sockets to implement SMB named pipes 2011 – Samba 3.6 • EPM implemented • PIDL generates one set of client stubs, common for S3 and S4, based on binding handles abstraction • Binding handles have several implementations 2012 – Samba 4.0 11

  12. Current status Two servers implementations • Samba 3 server – Runs different processing loops depending on the transport • named_pipe_packet_process • dcerpc_ncacn_packet_process – Synchronous – Services can run embedded or external (plus preforking) • Samba 4 server – Asynchronous – Single process (except netlogon) The aim is to merge the good parts of all implementations together and extend the result to be more feature complete. 12

  13. How to do it 13

  14. Proposal Extract the RPC core from S4 server and move it to a library Modify S3 initialization Modify S3 connection handlers Generate a new set of server stubs 14

  15. S3 server – Initialization • start_epmd() Samba 3 – main() • Fork a child • Fork EPMD if enabled • rpc_epmapper_init() • rpc_srv_register • Setup ncacn_ip_tcp socket • Setup ncalrpc socket • Setup ncacn_np socket 15

  16. S3 server – Initialization ● dcesrv_ep_setup() Samba 3 – main() • rpc_setup_ service () • Fork EPMD if enabled • If the service is embedded • Initialize embedded services • rpc_ service _init() • rpc_srv_register() • Load and setup RPC modules 16

  17. S3 server – Initialization • start_lsassd() Samba 3 – main() • Fork a child • Fork EPMD if enabled • rpc_lsarpc_init() • Initialize endpoints • rpc_srv_register() • Fork daemons for enabled external ● rpc_samr_init() services – LSASD (Local Security Authority) ● rpc_srv_register() – SPOOLSSD (Network printing spooler) ● rpc_netlogon_init() – FSSD (File Server Remove VSS) ● rpc_srv_register() – MDSSD (Spotlight, Metadata Search ● Setup ncacn_ip_tcp sockets Service) ● Setup ncalrpc sockets ● Setup ncacn_np sockets 17

  18. S4 server – Initialization Task initialization 1. Load RPC modules 2. Run module initialization functions – E.g. dcerpc_server_rpcecho_init 1. Register the endpoint server – dcerpc_register_ep_server 3. Initialize server context – dcesrv_init_context 1. Initialize all endpoint servers enabled in smb.conf 1. Initialization function creates and registers the declared endpoints in the server context 2. Registers the interface in the endpoints 4. Initialize endpoints – dcesrv_init_endpoints 1. Setup the sockets for each endpoint registered in the server context • dcesrv_add_ep_unix • dcesrv_add_ep_ncalrpc • dcesrv_add_ep_tcp • dcesrv_add_ep_np 18

  19. S3 server – Initialization proposal 1. Start EPMD if enabled 1. Fork 2. Register “epmapper” endpoint server 3. Initialize server context 4. Initialize “epmapper” endpoint server 1. Create and register the declared endpoints in the server context 2. Register the interface in the endpoints 5. Initialize endpoints 1. Setup the sockets for each registered endpoint in the server context 2. Initialize embedded services 3. Start daemons for external services 19

  20. S3 server – Initialization proposal 1. Start EPMD if enabled 2. Initialize embedded services 1. For each embedded service, register endpoint server 2. Load and setup RPC modules 3. Initialize server context 4. Initialize all registered endpoint servers 1. Create and register the declared endpoints in the server context 2. Register the interface in the endpoints 5. Initialize all registered endpoints in the server context 1. Setup the sockets depending on the transport 2. If transport is NCACN_NP, register in the endpoint mapper 3. Start daemons for external services 20

  21. S3 server – Initialization proposal 1. Start EPMD if enabled 2. Initialize embedded services 3. Start daemons for external services 1. Fork 2. Register required endpoint servers 3. Initialize server context 4. Initialize required endpoint servers 1. Create and register the declared endpoints in the server context 2. Register the interface in the endpoints 5. Initialize endpoints 1. Setup the sockets for each registered endpoint in the server context 21

  22. Context initialization The initialization function has a new argument, a pointer to a dcesrv_context_callbacks struct This struct hold pointers to functions whose implementation differs in S3 and S4 struct dcesrv_context_callbacks { struct { void (*successful_authz)(struct dcesrv_call_state *); } log; struct { NTSTATUS (*gensec_prepare)(TALLOC_CTX *mem_ctx, struct dcesrv_call_state *call, struct gensec_security **out); } auth; }; 22

  23. Connection handlers Socket creation functions setup a listener function • dcesrv_setup_ncalrpc_socket → dcesrv_ncalrpc_listener • dcesrv_setup_ncacn_ip_tcp_socket → dcesrv_ncacn_ip_tcp_listener • dcesrv_setup_ncacn_np_socket → dcesrv_ncacn_np_listener The listener functions accept the connection on the socket The accept handler initialize both, S3 and S4 structures • S3 dcerpc_ncacn_conn • S3 pipes_struct, stored in dcerpc_ncacn_conn • S4 dcesrv_connection • Store dcerpc_ncacn_conn in dcesrv_connection.transport.private_data Start the processing loop 23

  24. Processing loop Move required parts of S4 server to a new “core” library • Initialization code and connection handlers remain specific for each implementation • Functions called by the loop whose implementation differ called through the dcesrv_context_callbacks struct Provide a function to start the loop, dcesrv_connection_loop_start • From this point on, the processing loop is common to both S3 and S4 Write a new PIDL module to generate code compatible with S3 service implementations (ServerCompat) 24

  25. ServerCompat PIDL module Based in the S4 server stub generator Endpoint server initialization • For each declared endpoint in IDL – Registers the interface in the server context endpoints • If the service is embedded, register only in ncacn_np transport endpoint Bind • Retrieve pipes_struct from dcesrv_connection • Initialize pipes_struct handles and pipe_rpc_fns context Dispatching • Retrieve pipes_struct from dcesrv_connection • Update pipes_struct fields with dcesrv_call_state info • Become authenticated pipe user • Call S3 service implementation • Unbecome authenticated pipe user 25

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

YOU SERVE THEM. Working Together WE SERVE YOU. from First Oath, to Final Honors. TM You Serve

YOU SERVE THEM. Working Together WE SERVE YOU. from First Oath, to Final Honors. TM You Serve

NATIONAL ASSOCIATION OF VETERAN-SERVING ORGANIZATIONS YOU SERVE THEM. Working Together WE SERVE YOU. from First Oath, to Final Honors. TM You Serve Them. We Serve You. TM You Serve Them. We Serve You. TM Why? At NAVSO, we do what we do

427 views • 16 slides
NUMA Siloing in the FreeBSD Network Stack Drew Gallatin EuroBSDCon 2019 (Or how to serve

NUMA Siloing in the FreeBSD Network Stack Drew Gallatin EuroBSDCon 2019 (Or how to serve

NUMA Siloing in the FreeBSD Network Stack Drew Gallatin EuroBSDCon 2019 (Or how to serve 200Gb/s of TLS from FreeBSD) Motivation: Since 2016, Netflix has been able to serve 100Gb/s of TLS encrypted video traffic from a single server.

1.2k views • 71 slides
Evolution of the Web 1 Client Server 2 2 / 22 1 Client Server 2 2 / 22 1 Client Server

Evolution of the Web 1 Client Server 2 2 / 22 1 Client Server 2 2 / 22 1 Client Server

E LIOM Tierless Web programming from the ground up Gabriel R ADANNE Jrme V OUILLON Vincent B ALAT Vasilis P APAVASILEIOU Evolution of the Web 1 Client Server 2 2 / 22 1 Client Server 2 2 / 22 1 Client Server DOM 2 2 / 22 1

778 views • 42 slides
Server Server Server Server Server Datacenter Network (e.g., Ethernet, InfiniBand,

Server Server Server Server Server Datacenter Network (e.g., Ethernet, InfiniBand,

Chanwoo Chung , Jinhyung Koo, Junsu Im, Arvind , and Sungjin Lee DGIST and MIT NVRAMOS 19 2019.10.24 DATA -INTENSIVE COMPUTING SYSTEMS LAB ORATORY Computation Application Application Application Application Application

597 views • 48 slides
Se Seek, k, Learn rn and nd Serve ve Se Seek, k, Learn rn and nd Serve ve WELCOME TO

Se Seek, k, Learn rn and nd Serve ve Se Seek, k, Learn rn and nd Serve ve WELCOME TO

Se Seek, k, Learn rn and nd Serve ve Se Seek, k, Learn rn and nd Serve ve WELCOME TO GOOD COUNSEL PRIMARY SCHOOL Se Seek, k, Learn rn and nd Serve ve PREPARATORY YEAR 2017 PARENT MEETING Seek, Se k, Learn rn and nd Serve ve

295 views • 18 slides
1 Handling Return Traffic Handling Return Traffic URL Switching URL Switching Idea: switch

1 Handling Return Traffic Handling Return Traffic URL Switching URL Switching Idea: switch

The Server Selection Problem The Server Selection Problem server array A server farm B Which server? Server Traffic Management Server Traffic Management not-so-great solutions static client binding manual selection HTTP forwarding Jeff

810 views • 3 slides
Serve-and-Return Us Time 3-5 minutes of hard core Serve-and-Return Scheduled: At a set

Serve-and-Return Us Time 3-5 minutes of hard core Serve-and-Return Scheduled: At a set

Serve-and-Return is what the brain needs to feel secure, understand other people, and a sense of control I AM SEEN / I AM HEARD We never stop needing S&R! Serve-and-Return Us Time 3-5 minutes of hard core Serve-and-Return

367 views • 4 slides
SERVER SKY Computation in Orbit Keith Lofstrom keithl@ kl-ic.com http://server-sky.com

SERVER SKY Computation in Orbit Keith Lofstrom keithl@ kl-ic.com http://server-sky.com

SERVER SKY Computation in Orbit Keith Lofstrom keithl@ kl-ic.com http://server-sky.com 2009 September 26 Abstract It is easier to move bits than atoms or energy. Server-sats are ultralight disks of silicon that convert sunlight

269 views • 24 slides
Why y We Serve Why y We Serve LA County has the 2 nd lowest homeownership rate in the U.S.

Why y We Serve Why y We Serve LA County has the 2 nd lowest homeownership rate in the U.S.

Why y We Serve Why y We Serve LA County has the 2 nd lowest homeownership rate in the U.S. Millions continue to live in unsafe, unhealthy and substandard housing. Its clear there is a housing crisis affecting our communities. [31-second

210 views • 16 slides
Server Traffic Management Server Traffic Management Jeff Chase Duke University, Department of

Server Traffic Management Server Traffic Management Jeff Chase Duke University, Department of

Server Traffic Management Server Traffic Management Jeff Chase Duke University, Department of Computer Science CPS 212: Distributed Information Systems The Server Selection Problem The Server Selection Problem server array A server farm B

430 views • 14 slides
SERVER SKY - Computation in Orbit Keith Lofstrom keithl@ kl-ic.com http://server-sky.com

SERVER SKY - Computation in Orbit Keith Lofstrom keithl@ kl-ic.com http://server-sky.com

SERVER SKY - Computation in Orbit Keith Lofstrom keithl@ kl-ic.com http://server-sky.com 2009 September 28 Abstract It is easier to move bits than atoms or energy. Server-sats are ultra-thin disks of silicon in earth orbit, powered by

473 views • 12 slides
Binding: Connecting From Procedure to Client and Server Remote Procedure Server exports its

Binding: Connecting From Procedure to Client and Server Remote Procedure Server exports its

Binding: Connecting From Procedure to Client and Server Remote Procedure Server exports its interface Three main concerns Identifies itself to network name server Parameter passing Tells local runtime its dispatcher address Failure cases Import

115 views • 7 slides
OpenBSDs new httpd AsiaBSDCon 2015 Reyk Flter (reyk@openbsd.org)

OpenBSDs new httpd AsiaBSDCon 2015 Reyk Flter (reyk@openbsd.org)

I n t ro d u c i n g OpenBSDs new httpd AsiaBSDCon 2015 Reyk Flter (reyk@openbsd.org) ESDENERA NETWORKS GmbH Why do we need a web server in base? Serve the OpenBSD page. Why do we need a web server

264 views • 22 slides
Model and Motivation Many-server queue buffer N Many-server Queues with Abandonment / Jiheng

Model and Motivation Many-server queue buffer N Many-server Queues with Abandonment / Jiheng

F LUID M ODELS OF M ANY - SERVER Q UEUES WITH A BANDONMENT Jiheng Zhang June 10, 2010 Background Stochastic Model Fluid Model Functional LLN Approximations Model and Motivation Many-server queue buffer N Many-server Queues with

789 views • 59 slides
Installing a Web Server 1. Install a sample web server, which supports Servlets/JSPs. A light

Installing a Web Server 1. Install a sample web server, which supports Servlets/JSPs. A light

Installing a Web Server 1. Install a sample web server, which supports Servlets/JSPs. A light weight web server is Apache Tomcat server. You can get the server from http://tomcat.apache.org/ 2. Follow the installation directions and install the

199 views • 5 slides
Installing a Web Server 1. Install a sample web server, which supports Servlets/JSPs. A light

Installing a Web Server 1. Install a sample web server, which supports Servlets/JSPs. A light

Installing a Web Server 1. Install a sample web server, which supports Servlets/JSPs. A light weight web server is Apache Tomcat server. You can get the server from http://tomcat.apache.org/ 2. Follow the installation directions and install the

81 views • 5 slides
JAVA Language Mapping Java IDL (CORBA) introduced in Version 1.2 of the Java 2 platform,

JAVA Language Mapping Java IDL (CORBA) introduced in Version 1.2 of the Java 2 platform,

BR 11/05 JAVA Language Mapping Java IDL (CORBA) introduced in Version 1.2 of the Java 2 platform, provides an interface between Java programs and distributed objects and services built using the Common Object Request Broker

355 views • 31 slides
Real-Time CORBA Chenyang Lu CSE 520S CORBA Common Object Request Broker Architecture CORBA

Real-Time CORBA Chenyang Lu CSE 520S CORBA Common Object Request Broker Architecture CORBA

Real-Time CORBA Chenyang Lu CSE 520S CORBA Common Object Request Broker Architecture CORBA specifications q OMG is the standards body q Over 800 companies q CORBA defines interfaces , not implementations Object Request Brokers (ORB) allow

399 views • 35 slides
Space Missions: long term preservation of IDL-based softwares using GDL Alain Coulais 1 Sylwester

Space Missions: long term preservation of IDL-based softwares using GDL Alain Coulais 1 Sylwester

Space Missions: long term preservation of IDL-based softwares using GDL Alain Coulais 1 Sylwester Arabas 2 Marc Schellens ephane Maxime Lenoir 3 , 1 ea Noreskal 1 Erard 3 L St 1 LERMA CNRS and Paris Observatory, France GDL project

270 views • 11 slides
Macrofinancial Feedback, Bank Stress Testing and Capital Surcharges T. Adrian : J. Berrospide

Macrofinancial Feedback, Bank Stress Testing and Capital Surcharges T. Adrian : J. Berrospide

Macrofinancial Feedback, Bank Stress Testing and Capital Surcharges T. Adrian : J. Berrospide R. Lafarguette : : International Monetary Fund Federal Reserve Board Federal Reserve Stress Testing Research Conference October 8, 2020 The views

315 views • 31 slides
Summary of the IDL SIGs Student Outreach Program By Sylvia Miller Student Outreach program

Summary of the IDL SIGs Student Outreach Program By Sylvia Miller Student Outreach program

Summary of the IDL SIGs Student Outreach Program By Sylvia Miller Student Outreach program chair and STC Fellow A bit of background info. . . STCs Scholarship Task Force IDL SIGs great scholarship program more than $10,000

386 views • 19 slides
Samba4 Progress and Roadmap Andrew Tridgell tridge@osdl.org Please ask questions during the

Samba4 Progress and Roadmap Andrew Tridgell tridge@osdl.org Please ask questions during the

Samba4 Progress and Roadmap Andrew Tridgell tridge@osdl.org Please ask questions during the talk! Samba4 Progress Samba4 has made a lot of progress in the last year now used in production by some brave soles most of core

197 views • 17 slides
1 Corba Architecture Functions of ORB Communication between client and server Object Client

1 Corba Architecture Functions of ORB Communication between client and server Object Client

CS 242 Topic Interoperability Many systems built using multiple languages Fortran calls to C code, vice versa Microsoft: VBasic, C, C++ Communication between modules John Mitchell Function call with primitive-type arg and

335 views • 9 slides
Lab 2 - CORBA General Information T ask description is on the web Download example and

Lab 2 - CORBA General Information T ask description is on the web Download example and

Lab 2 - CORBA General Information T ask description is on the web Download example and assignment files from https://d3s.mff.cuni.cz/files/teaching/nswi080/labs/sources- 2.zip IDL specification, mapping to C++

199 views • 16 slides

More recommend