Endpoint Mapper: Difference between revisions

From SambaWiki
 
(6 intermediate revisions by the same user not shown)
Line 1: Line 1:
= Research =
= Research =


== General ==
== General/FreeDCE ==


=== EPM Server ===
=== EPM Server ===
Line 8: Line 8:


The endpoint mapper loads or creates a database (file). With the information it creates a in-memory structure. Then it starts a ping service to detect if an rpc service is alive. The ping services modifies the in-memory structure and the file database if one of the services died.
The endpoint mapper loads or creates a database (file). With the information it creates a in-memory structure. Then it starts a ping service to detect if an rpc service is alive. The ping services modifies the in-memory structure and the file database if one of the services died.
The reason of this is that you can restart the daemon.


==== Insert and Delete ====
==== Insert and Delete ====


These function check if the entry handle is allowed to insert or delete a rpc service. Else it would be possible for unprivileged user to add or remove services.
These function check if the entry handle is allowed to insert or delete a rpc service. Else it would be possible for unprivileged user to add or remove services.


http://www.opengroup.org/onlinepubs/9629399/apdxo.htm


==== Map and Lookup ====
==== Map and Lookup ====
Line 19: Line 23:
The rpc services are using rpc_ep_register or rpc_ep_register_no_replace to tell the endpoint mapper that they are up an running now. On shutdown rpc_ep_unregister is called to remove the entry from the enpoint mapper.
The rpc services are using rpc_ep_register or rpc_ep_register_no_replace to tell the endpoint mapper that they are up an running now. On shutdown rpc_ep_unregister is called to remove the entry from the enpoint mapper.


http://www.opengroup.org/onlinepubs/9629399/rpc_ep_register.htm
rpc_ep_register is calling the rpc client function dceprc_epm_insert.

rpc_ep_register is calling the rpc client function dceprc_epm_insert over ncalrpc (local interprocess communication).


== Microsoft ==
== Microsoft ==

This is a epmlookup for lsarpc against a win2k8 with ipv6:

<pre>
12345778-1234-abcd-ef00-0123456789ac@ncacn_http:0.0.0.0[49157]:
12345778-1234-abcd-ef00-0123456789ac@ncacn_ip_tcp:0.0.0.0[49158]:
12345678-1234-abcd-ef00-01234567cffb@ncacn_np:\\WIN-80VUET7UE3R[\pipe\lsass]:
</pre>

Latest revision as of 10:18, 17 August 2011

Research

General/FreeDCE

EPM Server

Init

The endpoint mapper loads or creates a database (file). With the information it creates a in-memory structure. Then it starts a ping service to detect if an rpc service is alive. The ping services modifies the in-memory structure and the file database if one of the services died. The reason of this is that you can restart the daemon.

Insert and Delete

These function check if the entry handle is allowed to insert or delete a rpc service. Else it would be possible for unprivileged user to add or remove services.


http://www.opengroup.org/onlinepubs/9629399/apdxo.htm

Map and Lookup

RPC Server

The rpc services are using rpc_ep_register or rpc_ep_register_no_replace to tell the endpoint mapper that they are up an running now. On shutdown rpc_ep_unregister is called to remove the entry from the enpoint mapper.

http://www.opengroup.org/onlinepubs/9629399/rpc_ep_register.htm

rpc_ep_register is calling the rpc client function dceprc_epm_insert over ncalrpc (local interprocess communication).

Microsoft

This is a epmlookup for lsarpc against a win2k8 with ipv6:

12345778-1234-abcd-ef00-0123456789ac@ncacn_http:0.0.0.0[49157]:
12345778-1234-abcd-ef00-0123456789ac@ncacn_ip_tcp:0.0.0.0[49158]:
12345678-1234-abcd-ef00-01234567cffb@ncacn_np:\\WIN-80VUET7UE3R[\pipe\lsass]: