2.1 Transport

  • Article

This protocol MUST use Server Message Block (SMB) RPC protocol sequences.

This protocol MUST use "\PIPE\lsarpc" as the RPC endpoint when using RPC over SMB.<1>

RPC clients MUST use RPC over TCP/IP for the LsarOpenPolicyWithCreds method (section 3.1.4.4.10).<2>

For authentication and authorization services, both the requester and responder of this protocol MUST use the SMB transport to communicate the identity of the requester, as specified in [MS-SMB] section 3.2.4.2.4 and [MS-SMB2] section 3.2.4.2.3.

For confidentiality and tamper resistance services, the requester and responder MAY use the functionality provided by the SMB transport, as specified in [MS-SMB] sections 2.2.3.1 and 2.2.4.5.2.1 and [MS-SMB2] sections 2.2.3 and 2.2.4.<3>

The requester MUST NOT use the RPC-provided security-support-provider mechanisms (for authentication, authorization, confidentiality, or tamper-resistance services).<4>

The responder MAY use the RPC-provided security-support-provider mechanisms as specified in [MS-RPCE] section 3.2.1.4.1.1.<5>

The server SHOULD<6> reject calls that do not use an authentication level of RPC_C_AUTHN_LEVEL_NONE, RPC_C_AUTHN_LEVEL_PKT_INTEGRITY, or RPC_C_AUTHN_LEVEL_PKT_PRIVACY ([MS-RPCE] section 2.2.1.1.8).

Cryptographic operations (as specified in section 5.1) MUST utilize a session key obtained from the SMB session on the client or server.

This protocol MUST use the UUID and version number as follows:

  • UUID: See Standards Assignments in section 1.9.

  • Version number: 0.0.

The security settings used in this protocol vary depending on the role of the RPC client and RPC server, the function being used, and the specific parameters being used. Security settings are therefore specified in message processing sections for each message.

This protocol SHOULD<7> configure RPC to enforce Maximum Server Input Data Size of 1 MB. Additional details are available in [MS-RPCE] section 3.3.3.5.4. This configuration introduces additional restrictions on the upper limits for the sizes of data types defined under section 2.2 when those data types are used in RPC messages.