0

I am trying to get a windows 10 VM to connect over SMB to another windows 10 VM. I am trying to create a named pipe on VM1 that will allow anyone to connect to it with all permissions. I am then trying to connect VM2 to that named pipe.

Currently i am getting some errors over wireshark when trying to make the connection. Below is my server, client, and wireshark errors.

With both the server and client running on the same VM, the connection works fine and i get the message on the server as expected.

What is the simplest way to create an SMB named pipe on VM1 and have VM2 connect to it? Have i over complicated it?

Running accesschk on my named pipe gives this result, which shows read/write to everyone.

Accesschk v6.12 - Reports effective permissions for securable objects
Copyright (C) 2006-2017 Mark Russinovich
Sysinternals - www.sysinternals.com

\\.\Pipe\MyTestPipe
  RW Everyone

Wireshark Output with filter tcp.port==445

No. Time    Source  Destination Protocol    Length  Info
67  13.039161   fe80::d0ab:b3ed:8e74:a86c   fe80::8998:c1e0:9490:26f4   TCP 86  52601 → 445 [SYN] Seq=0 Win=64800 Len=0 MSS=1440 WS=256 SACK_PERM=1
68  13.039260   fe80::8998:c1e0:9490:26f4   fe80::d0ab:b3ed:8e74:a86c   TCP 86  445 → 52601 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1440 WS=256 SACK_PERM=1
69  13.039659   fe80::d0ab:b3ed:8e74:a86c   fe80::8998:c1e0:9490:26f4   TCP 74  52601 → 445 [ACK] Seq=1 Ack=1 Win=2108160 Len=0
70  13.039817   fe80::d0ab:b3ed:8e74:a86c   fe80::8998:c1e0:9490:26f4   SMB 147 Negotiate Protocol Request
71  13.040240   fe80::8998:c1e0:9490:26f4   fe80::d0ab:b3ed:8e74:a86c   SMB2    526 Negotiate Protocol Response
72  13.040755   fe80::d0ab:b3ed:8e74:a86c   fe80::8998:c1e0:9490:26f4   SMB2    252 Negotiate Protocol Request
73  13.041052   fe80::8998:c1e0:9490:26f4   fe80::d0ab:b3ed:8e74:a86c   SMB2    586 Negotiate Protocol Response
74  13.042232   fe80::d0ab:b3ed:8e74:a86c   fe80::8998:c1e0:9490:26f4   SMB2    240 Session Setup Request, NTLMSSP_NEGOTIATE
75  13.042386   fe80::8998:c1e0:9490:26f4   fe80::d0ab:b3ed:8e74:a86c   SMB2    410 Session Setup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE
76  13.042954   fe80::d0ab:b3ed:8e74:a86c   fe80::8998:c1e0:9490:26f4   SMB2    717 Session Setup Request, NTLMSSP_AUTH, User: WINDEV1905EVAL2\User
77  13.043497   fe80::8998:c1e0:9490:26f4   fe80::d0ab:b3ed:8e74:a86c   SMB2    150 Session Setup Response, Error: STATUS_ACCOUNT_RESTRICTION
78  13.043828   fe80::d0ab:b3ed:8e74:a86c   fe80::8998:c1e0:9490:26f4   TCP 74  52601 → 445 [RST, ACK] Seq=1061 Ack=1377 Win=0 Len=0

SMB Server C++

Build with Developer Command Prompt > cl /EHsc smb-server-prototype.cpp /link AdvAPI32.Lib

#include <windows.h>
#include <stdio.h>

int main(void)

{
    HANDLE hPipe;
    char buffer[1024];
    DWORD dwRead;

    SECURITY_ATTRIBUTES sa;
    ZeroMemory(&sa, sizeof(sa));
    sa.nLength = sizeof(sa);
    sa.bInheritHandle = false;
    bool bInitOk = false;
    bool bSetOk = false;
    SECURITY_DESCRIPTOR SD;

    bInitOk = InitializeSecurityDescriptor(&SD, SECURITY_DESCRIPTOR_REVISION);

    if (bInitOk) {
        bSetOk = SetSecurityDescriptorDacl(&SD, TRUE, (PACL)NULL, FALSE);
        if (bSetOk) {

            sa.lpSecurityDescriptor = &SD;

            hPipe = CreateNamedPipe(TEXT("\\\\.\\pipe\\MyTestPipe"),
                PIPE_ACCESS_DUPLEX,
                PIPE_TYPE_BYTE | PIPE_READMODE_BYTE | PIPE_WAIT,
                PIPE_UNLIMITED_INSTANCES,
                1024 * 1024,
                1024 * 1024,
                NMPWAIT_USE_DEFAULT_WAIT,
                &sa);
            while (hPipe != INVALID_HANDLE_VALUE)
            {
                if (ConnectNamedPipe(hPipe, NULL) != FALSE)   // wait for someone to connect to the pipe
                {
                    while (ReadFile(hPipe, buffer, sizeof(buffer) - 1, &dwRead, NULL) != FALSE)
                    {
                        /* add terminating zero */
                        buffer[dwRead] = '\0';

                        /* do something with data in buffer */
                        printf("%s", buffer);
                    }
                }

                DisconnectNamedPipe(hPipe);
            }
        }
    }



    return 0;
}

SMB Client C++

Build with Developer Command Prompt > cl /EHsc smb-client-prototype.cpp /link AdvAPI32.Lib

#include <windows.h>
#include <stdio.h>

int main(void)
{
    HANDLE hPipe;
    DWORD dwWritten;


    hPipe = CreateFile(TEXT("\\\\WINDEV1905EVAL\\pipe\\MyTestPipe"), //WINDEV1905EVAL is the name of the VM serving the named pipe
        GENERIC_READ | GENERIC_WRITE,
        0,
        NULL,
        OPEN_EXISTING,
        0,
        NULL);
    if (hPipe != INVALID_HANDLE_VALUE)
    {
        WriteFile(hPipe,
            "Hello Pipe\n",
            12,   // = length of string + terminating '\0' !!!
            &dwWritten,
            NULL);

        CloseHandle(hPipe);
    }

    return (0);
}
prolink007
  • 33,872
  • 24
  • 117
  • 185
  • Sounds like you need help with setting up your network, rather than with actual code. [ServerFault](https://serverfault.com/) is the place to ask those questions. – IInspectable Mar 18 '20 at 19:51
  • you need call `NetUseAdd` in client for "\\\\WINDEV1905EVAL\\IPC$" - set user name/password in `USE_INFO_2` before connect – RbMm Mar 18 '20 at 22:30
  • @RbMm I am asking for any user to be authenticated with all permissions. Not a specific user and password. Just need it to work with all to test for now. – prolink007 Mar 18 '20 at 22:35
  • i think if you call `GetLastError()` in client after create file fail - you got `ERROR_LOGON_TYPE_NOT_GRANTED` ( *A user has requested a type of logon (e.g., interactive or network) that has not been granted. An administrator has control over who may logon interactively and through the network.*) – RbMm Mar 18 '20 at 22:53
  • you need allow allow Anonymous logon – RbMm Mar 18 '20 at 22:55
  • @RbMm how do i enable the anonymous login, just to check and see if that is the issue? I can't find a way to do that. Windows 10. – prolink007 Mar 19 '20 at 02:24
  • Please check if these settings could help: [Restrict anonymous access to Named Pipes and Shares](https://learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-access-restrict-anonymous-access-to-named-pipes-and-shares) and [Named Pipes that can be accessed anonymously](https://learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-access-named-pipes-that-can-be-accessed-anonymously) – Drake Wu Mar 19 '20 at 02:33
  • @DrakeWu-MSFT I have read through both of those several times already, but can't find anywhere in that how to change these settings. They mention a location `Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options`, but i can't find that anywhere. – prolink007 Mar 19 '20 at 02:46
  • open the "Local Security Policy", then find them under Security Settings > Local Policies > Security Options – Drake Wu Mar 19 '20 at 02:52
  • @DrakeWu-MSFT thank you. However, changing both those settings did not help. Still getting the same issue. – prolink007 Mar 19 '20 at 03:00
  • Please check this link from @brian could help: https://stackoverflow.com/a/719397/10611792 – Drake Wu Mar 20 '20 at 10:07

1 Answers1

1

Finally figured out the issue. The VM hosting the named pipe, needed to have file and print sharing turned on. After turning that on, everything started working.

prolink007
  • 33,872
  • 24
  • 117
  • 185