没有连接限制的 SMB 命名管道
SMB named pipe with no connection restrictions
我正在尝试让一个 windows 10 VM 通过 SMB 连接到另一个 windows 10 VM。我正在尝试在 VM1 上创建一个命名管道,允许任何人以所有权限连接到它。然后我尝试将 VM2 连接到那个命名管道。
目前,我在尝试建立连接时遇到了一些关于 wireshark 的错误。以下是我的服务器、客户端和 wireshark 错误。
服务器和客户端 运行 在同一个 VM 上,连接工作正常,我按预期在服务器上收到消息。
在 VM1 上创建 SMB 命名管道并让 VM2 连接到它的最简单方法是什么?我是不是太复杂了?
运行 我的命名管道上的 accesschk 给出了这个结果,向所有人显示 read/write。
Accesschk v6.12 - Reports effective permissions for securable objects
Copyright (C) 2006-2017 Mark Russinovich
Sysinternals - www.sysinternals.com
\.\Pipe\MyTestPipe
RW Everyone
Wireshark 输出 带过滤器 tcp.port==445
No. Time Source Destination Protocol Length Info
67 13.039161 fe80::d0ab:b3ed:8e74:a86c fe80::8998:c1e0:9490:26f4 TCP 86 52601 → 445 [SYN] Seq=0 Win=64800 Len=0 MSS=1440 WS=256 SACK_PERM=1
68 13.039260 fe80::8998:c1e0:9490:26f4 fe80::d0ab:b3ed:8e74:a86c TCP 86 445 → 52601 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1440 WS=256 SACK_PERM=1
69 13.039659 fe80::d0ab:b3ed:8e74:a86c fe80::8998:c1e0:9490:26f4 TCP 74 52601 → 445 [ACK] Seq=1 Ack=1 Win=2108160 Len=0
70 13.039817 fe80::d0ab:b3ed:8e74:a86c fe80::8998:c1e0:9490:26f4 SMB 147 Negotiate Protocol Request
71 13.040240 fe80::8998:c1e0:9490:26f4 fe80::d0ab:b3ed:8e74:a86c SMB2 526 Negotiate Protocol Response
72 13.040755 fe80::d0ab:b3ed:8e74:a86c fe80::8998:c1e0:9490:26f4 SMB2 252 Negotiate Protocol Request
73 13.041052 fe80::8998:c1e0:9490:26f4 fe80::d0ab:b3ed:8e74:a86c SMB2 586 Negotiate Protocol Response
74 13.042232 fe80::d0ab:b3ed:8e74:a86c fe80::8998:c1e0:9490:26f4 SMB2 240 Session Setup Request, NTLMSSP_NEGOTIATE
75 13.042386 fe80::8998:c1e0:9490:26f4 fe80::d0ab:b3ed:8e74:a86c SMB2 410 Session Setup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE
76 13.042954 fe80::d0ab:b3ed:8e74:a86c fe80::8998:c1e0:9490:26f4 SMB2 717 Session Setup Request, NTLMSSP_AUTH, User: WINDEV1905EVAL2\User
77 13.043497 fe80::8998:c1e0:9490:26f4 fe80::d0ab:b3ed:8e74:a86c SMB2 150 Session Setup Response, Error: STATUS_ACCOUNT_RESTRICTION
78 13.043828 fe80::d0ab:b3ed:8e74:a86c fe80::8998:c1e0:9490:26f4 TCP 74 52601 → 445 [RST, ACK] Seq=1061 Ack=1377 Win=0 Len=0
SMB 服务器 C++
使用开发人员命令提示构建 > cl /EHsc smb-server-prototype.cpp /link AdvAPI32.Lib
#include <windows.h>
#include <stdio.h>
int main(void)
{
HANDLE hPipe;
char buffer[1024];
DWORD dwRead;
SECURITY_ATTRIBUTES sa;
ZeroMemory(&sa, sizeof(sa));
sa.nLength = sizeof(sa);
sa.bInheritHandle = false;
bool bInitOk = false;
bool bSetOk = false;
SECURITY_DESCRIPTOR SD;
bInitOk = InitializeSecurityDescriptor(&SD, SECURITY_DESCRIPTOR_REVISION);
if (bInitOk) {
bSetOk = SetSecurityDescriptorDacl(&SD, TRUE, (PACL)NULL, FALSE);
if (bSetOk) {
sa.lpSecurityDescriptor = &SD;
hPipe = CreateNamedPipe(TEXT("\\.\pipe\MyTestPipe"),
PIPE_ACCESS_DUPLEX,
PIPE_TYPE_BYTE | PIPE_READMODE_BYTE | PIPE_WAIT,
PIPE_UNLIMITED_INSTANCES,
1024 * 1024,
1024 * 1024,
NMPWAIT_USE_DEFAULT_WAIT,
&sa);
while (hPipe != INVALID_HANDLE_VALUE)
{
if (ConnectNamedPipe(hPipe, NULL) != FALSE) // wait for someone to connect to the pipe
{
while (ReadFile(hPipe, buffer, sizeof(buffer) - 1, &dwRead, NULL) != FALSE)
{
/* add terminating zero */
buffer[dwRead] = '[=12=]';
/* do something with data in buffer */
printf("%s", buffer);
}
}
DisconnectNamedPipe(hPipe);
}
}
}
return 0;
}
SMB 客户端 C++
使用开发人员命令提示构建 > cl /EHsc smb-client-prototype.cpp /link AdvAPI32.Lib
#include <windows.h>
#include <stdio.h>
int main(void)
{
HANDLE hPipe;
DWORD dwWritten;
hPipe = CreateFile(TEXT("\\WINDEV1905EVAL\pipe\MyTestPipe"), //WINDEV1905EVAL is the name of the VM serving the named pipe
GENERIC_READ | GENERIC_WRITE,
0,
NULL,
OPEN_EXISTING,
0,
NULL);
if (hPipe != INVALID_HANDLE_VALUE)
{
WriteFile(hPipe,
"Hello Pipe\n",
12, // = length of string + terminating '[=13=]' !!!
&dwWritten,
NULL);
CloseHandle(hPipe);
}
return (0);
}
终于找到问题了。托管命名管道的 VM 需要打开 file and print sharing
。打开它后,一切都开始工作了。
我正在尝试让一个 windows 10 VM 通过 SMB 连接到另一个 windows 10 VM。我正在尝试在 VM1 上创建一个命名管道,允许任何人以所有权限连接到它。然后我尝试将 VM2 连接到那个命名管道。
目前,我在尝试建立连接时遇到了一些关于 wireshark 的错误。以下是我的服务器、客户端和 wireshark 错误。
服务器和客户端 运行 在同一个 VM 上,连接工作正常,我按预期在服务器上收到消息。
在 VM1 上创建 SMB 命名管道并让 VM2 连接到它的最简单方法是什么?我是不是太复杂了?
运行 我的命名管道上的 accesschk 给出了这个结果,向所有人显示 read/write。
Accesschk v6.12 - Reports effective permissions for securable objects
Copyright (C) 2006-2017 Mark Russinovich
Sysinternals - www.sysinternals.com
\.\Pipe\MyTestPipe
RW Everyone
Wireshark 输出 带过滤器 tcp.port==445
No. Time Source Destination Protocol Length Info
67 13.039161 fe80::d0ab:b3ed:8e74:a86c fe80::8998:c1e0:9490:26f4 TCP 86 52601 → 445 [SYN] Seq=0 Win=64800 Len=0 MSS=1440 WS=256 SACK_PERM=1
68 13.039260 fe80::8998:c1e0:9490:26f4 fe80::d0ab:b3ed:8e74:a86c TCP 86 445 → 52601 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1440 WS=256 SACK_PERM=1
69 13.039659 fe80::d0ab:b3ed:8e74:a86c fe80::8998:c1e0:9490:26f4 TCP 74 52601 → 445 [ACK] Seq=1 Ack=1 Win=2108160 Len=0
70 13.039817 fe80::d0ab:b3ed:8e74:a86c fe80::8998:c1e0:9490:26f4 SMB 147 Negotiate Protocol Request
71 13.040240 fe80::8998:c1e0:9490:26f4 fe80::d0ab:b3ed:8e74:a86c SMB2 526 Negotiate Protocol Response
72 13.040755 fe80::d0ab:b3ed:8e74:a86c fe80::8998:c1e0:9490:26f4 SMB2 252 Negotiate Protocol Request
73 13.041052 fe80::8998:c1e0:9490:26f4 fe80::d0ab:b3ed:8e74:a86c SMB2 586 Negotiate Protocol Response
74 13.042232 fe80::d0ab:b3ed:8e74:a86c fe80::8998:c1e0:9490:26f4 SMB2 240 Session Setup Request, NTLMSSP_NEGOTIATE
75 13.042386 fe80::8998:c1e0:9490:26f4 fe80::d0ab:b3ed:8e74:a86c SMB2 410 Session Setup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE
76 13.042954 fe80::d0ab:b3ed:8e74:a86c fe80::8998:c1e0:9490:26f4 SMB2 717 Session Setup Request, NTLMSSP_AUTH, User: WINDEV1905EVAL2\User
77 13.043497 fe80::8998:c1e0:9490:26f4 fe80::d0ab:b3ed:8e74:a86c SMB2 150 Session Setup Response, Error: STATUS_ACCOUNT_RESTRICTION
78 13.043828 fe80::d0ab:b3ed:8e74:a86c fe80::8998:c1e0:9490:26f4 TCP 74 52601 → 445 [RST, ACK] Seq=1061 Ack=1377 Win=0 Len=0
SMB 服务器 C++
使用开发人员命令提示构建 > cl /EHsc smb-server-prototype.cpp /link AdvAPI32.Lib
#include <windows.h>
#include <stdio.h>
int main(void)
{
HANDLE hPipe;
char buffer[1024];
DWORD dwRead;
SECURITY_ATTRIBUTES sa;
ZeroMemory(&sa, sizeof(sa));
sa.nLength = sizeof(sa);
sa.bInheritHandle = false;
bool bInitOk = false;
bool bSetOk = false;
SECURITY_DESCRIPTOR SD;
bInitOk = InitializeSecurityDescriptor(&SD, SECURITY_DESCRIPTOR_REVISION);
if (bInitOk) {
bSetOk = SetSecurityDescriptorDacl(&SD, TRUE, (PACL)NULL, FALSE);
if (bSetOk) {
sa.lpSecurityDescriptor = &SD;
hPipe = CreateNamedPipe(TEXT("\\.\pipe\MyTestPipe"),
PIPE_ACCESS_DUPLEX,
PIPE_TYPE_BYTE | PIPE_READMODE_BYTE | PIPE_WAIT,
PIPE_UNLIMITED_INSTANCES,
1024 * 1024,
1024 * 1024,
NMPWAIT_USE_DEFAULT_WAIT,
&sa);
while (hPipe != INVALID_HANDLE_VALUE)
{
if (ConnectNamedPipe(hPipe, NULL) != FALSE) // wait for someone to connect to the pipe
{
while (ReadFile(hPipe, buffer, sizeof(buffer) - 1, &dwRead, NULL) != FALSE)
{
/* add terminating zero */
buffer[dwRead] = '[=12=]';
/* do something with data in buffer */
printf("%s", buffer);
}
}
DisconnectNamedPipe(hPipe);
}
}
}
return 0;
}
SMB 客户端 C++
使用开发人员命令提示构建 > cl /EHsc smb-client-prototype.cpp /link AdvAPI32.Lib
#include <windows.h>
#include <stdio.h>
int main(void)
{
HANDLE hPipe;
DWORD dwWritten;
hPipe = CreateFile(TEXT("\\WINDEV1905EVAL\pipe\MyTestPipe"), //WINDEV1905EVAL is the name of the VM serving the named pipe
GENERIC_READ | GENERIC_WRITE,
0,
NULL,
OPEN_EXISTING,
0,
NULL);
if (hPipe != INVALID_HANDLE_VALUE)
{
WriteFile(hPipe,
"Hello Pipe\n",
12, // = length of string + terminating '[=13=]' !!!
&dwWritten,
NULL);
CloseHandle(hPipe);
}
return (0);
}
终于找到问题了。托管命名管道的 VM 需要打开 file and print sharing
。打开它后,一切都开始工作了。