Discussions on Samba internals

Christopher R. Hertel | 1 Aug 2004 04:06

NTCreateAndX Response with wrong WordCount.

Is it common to see an NTCreateAndX Response with an incorrect WordCount?

I'm seeing a WordCount of 42 (that's 84 bytes).  The SNIA doc says it 
should be 26 (unless EAs or SDs are included...but I'm not seeing those).

The data beyond the normal 52 byte mark *looks* like garbage--some of it
left over from the request message.

So, just wondering...

Chris -)-----

--

-- 
"Implementing CIFS - the Common Internet FileSystem" ISBN: 013047116X
Samba Team -- http://www.samba.org/     -)-----   Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/   -)-----   ubiqx development, uninq.
ubiqx Team -- http://www.ubiqx.org/     -)-----   crh <at> ubiqx.mn.org
OnLineBook -- http://ubiqx.org/cifs/    -)-----   crh <at> ubiqx.org

Michael B Allen | 1 Aug 2004 05:45

Re: NTCreateAndX Response with wrong WordCount.

On Sat, 31 Jul 2004 21:06:10 -0500
"Christopher R. Hertel" <crh <at> ubiqx.mn.org> wrote:

> Is it common to see an NTCreateAndX Response with an incorrect WordCount?
> 
> I'm seeing a WordCount of 42 (that's 84 bytes).  The SNIA doc says it 
> should be 26 (unless EAs or SDs are included...but I'm not seeing those).
> 
> The data beyond the normal 52 byte mark *looks* like garbage--some of it
> left over from the request message.
> 
> So, just wondering...

Yeah, that is odd. I never really took notice before. Maybe because I
depend so much on Ethereal which doesn't decode it. I see W2K and XP
have a WordCount of 42 whereas NT is 34. Indeed that extra 16 bytes is
the beginning of the filename in Unicode from the 6th index to the end. I
suppose that could be from the request. The offset's are even very close
(only off by 2 bytes). That means they reuse the same buffer.

Mike

--

-- 
Greedo shoots first? Not in my Star Wars.

Christopher R. Hertel | 1 Aug 2004 07:05

Re: NTCreateAndX Response with wrong WordCount.

On Sat, Jul 31, 2004 at 11:45:46PM -0400, Michael B Allen wrote:
> On Sat, 31 Jul 2004 21:06:10 -0500
> "Christopher R. Hertel" <crh <at> ubiqx.mn.org> wrote:
> 
> > Is it common to see an NTCreateAndX Response with an incorrect WordCount?
> > 
> > I'm seeing a WordCount of 42 (that's 84 bytes).  The SNIA doc says it 
> > should be 26 (unless EAs or SDs are included...but I'm not seeing those).
> > 
> > The data beyond the normal 52 byte mark *looks* like garbage--some of it
> > left over from the request message.
> > 
> > So, just wondering...
> 
> Yeah, that is odd. I never really took notice before. Maybe because I
> depend so much on Ethereal which doesn't decode it.

Ethereal seems to be using the format given in the SNIA doc, and in the 
capture I'm looking at, the decode looks correct.

> I see W2K and XP have a WordCount of 42 whereas NT is 34.

Okay, that's weird.

26 + 8 = 34
34 + 8 = 42

...and 26 is the "correct" number of bytes (per the SNIA doc).

Is this with EA's or Security Descriptors?  The supposed-correct value of

(Continue reading)

Michael B Allen | 1 Aug 2004 08:10

Re: NTCreateAndX Response with wrong WordCount.

On Sun, 1 Aug 2004 00:05:10 -0500
"Christopher R. Hertel" <crh <at> ubiqx.mn.org> wrote:
> > I see W2K and XP have a WordCount of 42 whereas NT is 34.
> 
> Okay, that's weird.
> 
> 26 + 8 = 34
> 34 + 8 = 42
> 
> ...and 26 is the "correct" number of bytes (per the SNIA doc).

The docs (SNIA and Leach v2) are incorrect. If you simply add up the sizes
of fields in the packet description it's 34 bytes. That 26 is just wrong.

As you pointed out above I think it's interesting that (34 - 26) * 2 is
16 which is how big that garbage trailer is in W2K and XP NT_CREATE_ANDX
responses. It's as if the MS developers were reviewing the code for the
next generation CIFS implementation and said "Ahh, according to the docs
this packet is 16 bytes too small, let's make it bigger!"

Mike

--

-- 
Greedo shoots first? Not in my Star Wars.

Christopher R. Hertel | 1 Aug 2004 09:58

Re: NTCreateAndX Response with wrong WordCount.

On Sun, Aug 01, 2004 at 02:10:00AM -0400, Michael B Allen wrote:
> On Sun, 1 Aug 2004 00:05:10 -0500
> "Christopher R. Hertel" <crh <at> ubiqx.mn.org> wrote:
> > > I see W2K and XP have a WordCount of 42 whereas NT is 34.
> > 
> > Okay, that's weird.
> > 
> > 26 + 8 = 34
> > 34 + 8 = 42
> > 
> > ...and 26 is the "correct" number of bytes (per the SNIA doc).
> 
> The docs (SNIA and Leach v2) are incorrect. If you simply add up the sizes
> of fields in the packet description it's 34 bytes. That 26 is just wrong.

Good point.

Yeah, I just grabbed a capture against NT4 and it does have 34 bytes, and 
it adds up properly, and the ByteCount is zero, and there's no garbage 
after it.

So you're right, and NT is right, and the SNIA doc is wrong, and W2K is 
way wrong.

> As you pointed out above I think it's interesting that (34 - 26) * 2 is
> 16 which is how big that garbage trailer is in W2K and XP NT_CREATE_ANDX
> responses.

Actually, there's 32 bytes worth of garbage in the captures I've got.  
That is, following the ByteCount field (which is correctly zero) I always

(Continue reading)

Michael B Allen | 1 Aug 2004 10:25

Re: NTCreateAndX Response with wrong WordCount.

On Sun, 1 Aug 2004 02:58:08 -0500
"Christopher R. Hertel" <crh <at> ubiqx.mn.org> wrote:
> > The docs (SNIA and Leach v2) are incorrect. If you simply add up the
> > sizes of fields in the packet description it's 34 [words]. That 26 is
> > just wrong.
> 
> Good point.
> 
> Yeah, I just grabbed a capture against NT4 and it does have 34 bytes, and 

Actually it's 34 words / 68 bytes.

> > As you pointed out above I think it's interesting that (34 - 26) * 2 is
> > 16 which is how big that garbage trailer is in W2K and XP NT_CREATE_ANDX
> > responses.
> 
> Actually, there's 32 bytes worth of garbage in the captures I've got.  
> That is, following the ByteCount field (which is correctly zero) I always 
> see 32 bytes of semi-random stuff that shouldn't be there.

16 bytes.

> So... It's wrong by 16 words.

Still multiplying by 2. It's really 8 words / 16 bytes.

> > It's as if the MS developers were reviewing the code for the
> > next generation CIFS implementation and said "Ahh, according to the docs
> > this packet is 16 bytes too small, let's make it bigger!"
>

(Continue reading)

Christopher R. Hertel | 1 Aug 2004 11:15

Re: NTCreateAndX Response with wrong WordCount.

On Sun, Aug 01, 2004 at 04:25:06AM -0400, Michael B Allen wrote:
> On Sun, 1 Aug 2004 02:58:08 -0500
> "Christopher R. Hertel" <crh <at> ubiqx.mn.org> wrote:
> > > The docs (SNIA and Leach v2) are incorrect. If you simply add up the
> > > sizes of fields in the packet description it's 34 [words]. That 26 is
> > > just wrong.
> > 
> > Good point.
> > 
> > Yeah, I just grabbed a capture against NT4 and it does have 34 bytes, and 
> 
> Actually it's 34 words / 68 bytes.

Yes.  That's a typo on my part.  s/bytes/words

> > > As you pointed out above I think it's interesting that (34 - 26) * 2 is
> > > 16 which is how big that garbage trailer is in W2K and XP NT_CREATE_ANDX
> > > responses.
> > 
> > Actually, there's 32 bytes worth of garbage in the captures I've got.  
> > That is, following the ByteCount field (which is correctly zero) I always 
> > see 32 bytes of semi-random stuff that shouldn't be there.
> 
> 16 bytes.
> 
> > So... It's wrong by 16 words.
> 
> Still multiplying by 2. It's really 8 words / 16 bytes.

No, I'm counting it up.  In my captures I am seeing 32 bytes of extra

(Continue reading)

Neil Bortnak | 1 Aug 2004 15:59

Picon

Re: [PATCH] smbcacls revision fix

Thanks Jeremy,

Worst comes to worst I'll recode it to use a command line argument.

Neil

Jeremy Allison wrote:
> On Thu, Jul 29, 2004 at 01:30:06PM +0900, Neil Bortnak wrote:
> 
>>Hi everyone,
>>
>>I started using smbcacls and it worked great for everything except the 
>>set (-S) feature.
>>
>>After some time spent with the code and a packet sniffer I found that 
>>all of the other functions read in the existing dacl, modify it and 
>>write it back. The set function creates a new one.
>>
>>The revision number on the dacl that gets read from the server is 2, 
>>while the version number in set's created dacl is 3. I changed the 
>>created dacl to 2 and it works perfectly now.
>>
>>It may or may not be relevant, but I am using and testing this against a 
>>NetApp Filer, and not a standard NT/2000 system. I also popped in a few 
>>extra snippets of code.
> 
> 
> Ok, I'll test this against a NT/2000 system as well. That's (unfortunately)
> the standard by which all other implementations are judged.
>

(Continue reading)

Jeremy Allison | 1 Aug 2004 18:57

Picon

Re: NTCreateAndX Response with wrong WordCount.

On Sun, Aug 01, 2004 at 02:10:00AM -0400, Michael B Allen wrote:
> On Sun, 1 Aug 2004 00:05:10 -0500
> "Christopher R. Hertel" <crh <at> ubiqx.mn.org> wrote:
> > > I see W2K and XP have a WordCount of 42 whereas NT is 34.
> > 
> > Okay, that's weird.
> > 
> > 26 + 8 = 34
> > 34 + 8 = 42
> > 
> > ...and 26 is the "correct" number of bytes (per the SNIA doc).
> 
> The docs (SNIA and Leach v2) are incorrect. If you simply add up the sizes
> of fields in the packet description it's 34 bytes. That 26 is just wrong.
> 
> As you pointed out above I think it's interesting that (34 - 26) * 2 is
> 16 which is how big that garbage trailer is in W2K and XP NT_CREATE_ANDX
> responses. It's as if the MS developers were reviewing the code for the
> next generation CIFS implementation and said "Ahh, according to the docs
> this packet is 16 bytes too small, let's make it bigger!"

No, actually the extra 16 bytes are the permissions given when
a client side cached file is stored on the client (among other
things). There's a couple of old messages in my inbox from Steve
French and Shirish at Veritas describing them, but I never got
around to fixing up the implementation.

Jeremy.

(Continue reading)

Jeremy Allison | 1 Aug 2004 18:58

Picon

Re: NTCreateAndX Response with wrong WordCount.

On Sun, Aug 01, 2004 at 02:58:08AM -0500, Christopher R. Hertel wrote:
> 
> So you're right, and NT is right, and the SNIA doc is wrong, and W2K is 
> way wrong.

The SNIA doc is wrong, but W2K/W2K3 just implement CSC, which the SNIA
dos doesn't describe.

Jeremy.

Group

gmane.network.samba.internals.

Search Archive

Page

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 46

Articles in period: 450

August 2004

Language

Change language

Options

Current view: Threads only / Showing only 20 lines / Not hiding cited text.
Change to All messages, whole messages, or hide cited text.

Post a message
NNTP Newsgroup
Classic Gmane web interface
XML

XML

RSS Feed
List Information

About Gmane

Recent entries

[PATCH 3/3 v3] vfs_glusterfs: Samba VFS module for glusterfs (20 May 2013)
[PATCH 2/3 v3] vfs_posixacl: expose acl_t <--> smb_acl_t converter fun (20 May 2013)
[PATCH 1/3 v3] samba.spec.tmpl: fix typo (20 May 2013)
issue with shared folder AD Samba4 (20 May 2013)
Exposing additional private symbols to OpenChange (20 May 2013)
[PATCH] Add .pc file for tevent-util public library (19 May 2013)
[PATCH 1/3] libcli/smb: Add smbXcli_conn_use_large_files (19 May 2013)
Wiki location for Samba VFS document? (19 May 2013)
Samba 4 reverting to Bind9 from the internal backend (19 May 2013)
is there a howto for roaming profiles ? (19 May 2013)
Help (15 May 2013)
Backup and Restore of Samba4 (13 May 2013)
[PROPOSAL] Remove password level (or all plaintext passwords?) for 4.1 (18 May 2013)
Quite some time on the train made me look into the code again (18 May 2013)
Is source3/include/vfs.h the correct place for Doxygen comments on the (18 May 2013)
flacky test in the samba3 testsuite (17 May 2013)
Draft for a new wiki front page - request for your comments (17 May 2013)
[PATCH] ldb_tdb: Warn when reindexing is done (17 May 2013)
[PATCH] pyldb: decrement ref counters on py_results and quiet, warning (17 May 2013)
LDB patches the return (17 May 2013)
Patches (17 May 2013)

Archives

434	May 2013
617	April 2013
501	March 2013
491	February 2013
565	January 2013
427	December 2012
752	November 2012
1197	October 2012
686	September 2012
613	August 2012
612	July 2012
978	June 2012
857	May 2012
755	April 2012
486	March 2012
424	February 2012
407	January 2012
319	December 2011
449	November 2011
501	October 2011
398	September 2011
323	August 2011
424	July 2011
500	June 2011
395	May 2011
403	April 2011
444	March 2011
422	February 2011
584	January 2011
462	December 2010
639	November 2010
560	October 2010
565	September 2010
457	August 2010
464	July 2010
464	June 2010
432	May 2010
563	April 2010
474	March 2010
550	February 2010
421	January 2010
376	December 2009
439	November 2009
405	October 2009
562	September 2009
495	August 2009
525	July 2009
385	June 2009
653	May 2009
445	April 2009
510	March 2009
402	February 2009
449	January 2009
385	December 2008
337	November 2008
349	October 2008
426	September 2008
534	August 2008
568	July 2008
517	June 2008
474	May 2008
427	April 2008
340	March 2008
398	February 2008
625	January 2008
349	December 2007
393	November 2007
650	October 2007
481	September 2007
518	August 2007
412	July 2007
596	June 2007
548	May 2007
492	April 2007
544	March 2007
716	February 2007
445	January 2007
388	December 2006
383	November 2006
577	October 2006
472	September 2006
587	August 2006
640	July 2006
474	June 2006
655	May 2006
309	April 2006
532	March 2006
596	February 2006
605	January 2006
390	December 2005
439	November 2005
570	October 2005
510	September 2005
488	August 2005
411	July 2005
582	June 2005
498	May 2005
383	April 2005
475	March 2005
348	February 2005
605	January 2005
489	December 2004
383	November 2004
380	October 2004
420	September 2004
450	August 2004
318	July 2004
345	June 2004
324	May 2004
420	April 2004
535	March 2004
412	February 2004
552	January 2004
434	December 2003
522	November 2003
563	October 2003
490	September 2003
480	August 2003
663	July 2003
554	June 2003
549	May 2003
830	April 2003
855	March 2003
705	February 2003
548	January 2003
423	December 2002
518	November 2002
844	October 2002
596	September 2002
649	August 2002
619	July 2002
689	June 2002
49	May 2002
1	April 2002
2	January 2002
1	July 2001
1	March 2000

Design

Zawodny | Right Menu | Left Menu

Your Own Design

Paste the URL of your CSS below. Download CSS template