没有连接限制的 SMB 命名管道 [英] SMB named pipe with no connection restrictions

问题描述

我正在尝试让 Windows 10 VM 通过 SMB 连接到另一个 Windows 10 VM.我正在尝试在 VM1 上创建一个命名管道，它允许任何人使用所有权限连接到它.然后我尝试将 VM2 连接到该命名管道.

I am trying to get a windows 10 VM to connect over SMB to another windows 10 VM. I am trying to create a named pipe on VM1 that will allow anyone to connect to it with all permissions. I am then trying to connect VM2 to that named pipe.

目前，我在尝试建立连接时通过wireshark 遇到一些错误.以下是我的服务器、客户端和wireshark 错误.

Currently i am getting some errors over wireshark when trying to make the connection. Below is my server, client, and wireshark errors.

服务器和客户端都运行在同一个虚拟机上，连接工作正常，我按预期在服务器上收到消息.

在 VM1 上创建 SMB 命名管道并让 VM2 连接到它的最简单方法是什么?我把它复杂化了吗?

在我的命名管道上运行 accesschk 给出了这个结果，它向所有人显示了读/写.

Running accesschk on my named pipe gives this result, which shows read/write to everyone.

Accesschk v6.12 - Reports effective permissions for securable objects
Copyright (C) 2006-2017 Mark Russinovich
Sysinternals - www.sysinternals.com

\\.\Pipe\MyTestPipe
  RW Everyone

<小时>

Wireshark 输出 带过滤器 tcp.port==445

No. Time    Source  Destination Protocol    Length  Info
67  13.039161   fe80::d0ab:b3ed:8e74:a86c   fe80::8998:c1e0:9490:26f4   TCP 86  52601 → 445 [SYN] Seq=0 Win=64800 Len=0 MSS=1440 WS=256 SACK_PERM=1
68  13.039260   fe80::8998:c1e0:9490:26f4   fe80::d0ab:b3ed:8e74:a86c   TCP 86  445 → 52601 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1440 WS=256 SACK_PERM=1
69  13.039659   fe80::d0ab:b3ed:8e74:a86c   fe80::8998:c1e0:9490:26f4   TCP 74  52601 → 445 [ACK] Seq=1 Ack=1 Win=2108160 Len=0
70  13.039817   fe80::d0ab:b3ed:8e74:a86c   fe80::8998:c1e0:9490:26f4   SMB 147 Negotiate Protocol Request
71  13.040240   fe80::8998:c1e0:9490:26f4   fe80::d0ab:b3ed:8e74:a86c   SMB2    526 Negotiate Protocol Response
72  13.040755   fe80::d0ab:b3ed:8e74:a86c   fe80::8998:c1e0:9490:26f4   SMB2    252 Negotiate Protocol Request
73  13.041052   fe80::8998:c1e0:9490:26f4   fe80::d0ab:b3ed:8e74:a86c   SMB2    586 Negotiate Protocol Response
74  13.042232   fe80::d0ab:b3ed:8e74:a86c   fe80::8998:c1e0:9490:26f4   SMB2    240 Session Setup Request, NTLMSSP_NEGOTIATE
75  13.042386   fe80::8998:c1e0:9490:26f4   fe80::d0ab:b3ed:8e74:a86c   SMB2    410 Session Setup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE
76  13.042954   fe80::d0ab:b3ed:8e74:a86c   fe80::8998:c1e0:9490:26f4   SMB2    717 Session Setup Request, NTLMSSP_AUTH, User: WINDEV1905EVAL2\User
77  13.043497   fe80::8998:c1e0:9490:26f4   fe80::d0ab:b3ed:8e74:a86c   SMB2    150 Session Setup Response, Error: STATUS_ACCOUNT_RESTRICTION
78  13.043828   fe80::d0ab:b3ed:8e74:a86c   fe80::8998:c1e0:9490:26f4   TCP 74  52601 → 445 [RST, ACK] Seq=1061 Ack=1377 Win=0 Len=0

<小时>

SMB 服务器 C++

使用开发人员命令提示符构建 > cl/EHsc smb-server-prototype.cpp/link AdvAPI32.Lib

Build with Developer Command Prompt > cl /EHsc smb-server-prototype.cpp /link AdvAPI32.Lib

#include <windows.h>
#include <stdio.h>

int main(void)

{
    HANDLE hPipe;
    char buffer[1024];
    DWORD dwRead;

    SECURITY_ATTRIBUTES sa;
    ZeroMemory(&sa, sizeof(sa));
    sa.nLength = sizeof(sa);
    sa.bInheritHandle = false;
    bool bInitOk = false;
    bool bSetOk = false;
    SECURITY_DESCRIPTOR SD;

    bInitOk = InitializeSecurityDescriptor(&SD, SECURITY_DESCRIPTOR_REVISION);

    if (bInitOk) {
        bSetOk = SetSecurityDescriptorDacl(&SD, TRUE, (PACL)NULL, FALSE);
        if (bSetOk) {

            sa.lpSecurityDescriptor = &SD;

            hPipe = CreateNamedPipe(TEXT("\\\\.\\pipe\\MyTestPipe"),
                PIPE_ACCESS_DUPLEX,
                PIPE_TYPE_BYTE | PIPE_READMODE_BYTE | PIPE_WAIT,
                PIPE_UNLIMITED_INSTANCES,
                1024 * 1024,
                1024 * 1024,
                NMPWAIT_USE_DEFAULT_WAIT,
                &sa);
            while (hPipe != INVALID_HANDLE_VALUE)
            {
                if (ConnectNamedPipe(hPipe, NULL) != FALSE)   // wait for someone to connect to the pipe
                {
                    while (ReadFile(hPipe, buffer, sizeof(buffer) - 1, &dwRead, NULL) != FALSE)
                    {
                        /* add terminating zero */
                        buffer[dwRead] = '\0';

                        /* do something with data in buffer */
                        printf("%s", buffer);
                    }
                }

                DisconnectNamedPipe(hPipe);
            }
        }
    }



    return 0;
}

<小时>

SMB 客户端 C++

使用开发人员命令提示符构建 > cl/EHsc smb-client-prototype.cpp/link AdvAPI32.Lib

Build with Developer Command Prompt > cl /EHsc smb-client-prototype.cpp /link AdvAPI32.Lib

#include <windows.h>
#include <stdio.h>

int main(void)
{
    HANDLE hPipe;
    DWORD dwWritten;


    hPipe = CreateFile(TEXT("\\\\WINDEV1905EVAL\\pipe\\MyTestPipe"), //WINDEV1905EVAL is the name of the VM serving the named pipe
        GENERIC_READ | GENERIC_WRITE,
        0,
        NULL,
        OPEN_EXISTING,
        0,
        NULL);
    if (hPipe != INVALID_HANDLE_VALUE)
    {
        WriteFile(hPipe,
            "Hello Pipe\n",
            12,   // = length of string + terminating '\0' !!!
            &dwWritten,
            NULL);

        CloseHandle(hPipe);
    }

    return (0);
}

推荐答案

终于解决了这个问题.托管命名管道的虚拟机需要打开文件和打印共享.打开它后，一切都开始工作了.

Finally figured out the issue. The VM hosting the named pipe, needed to have file and print sharing turned on. After turning that on, everything started working.

这篇关于没有连接限制的 SMB 命名管道的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！