The following sections specify security considerations for administrators.
Security Considerations for Implementers
Indexing implementations that index secure content should consider using the user context provided by [MS-SMB] to trim search results and return only those results accessible to the caller.
Index of Security Parameters
The only security parameter is impersonation level, section 2.1.
Appendix A: Product Behavior
The information in this specification is applicable to the following Microsoft products or supplemental software. References to product versions include released service packs.
Windows Search 4.0 is an out-of-band release that can be installed as an update to (exclusively) Windows XP operating system, Windows Vista operating system, Windows Server 2008 operating system, Windows Home Server server software, and all versions of Windows Server 2003 operating system. Windows 7 operating system and Windows Server 2008 R2 operating system cannot have Windows Search 4.0 installed. Windows Search 4.0 is the only out-of-band release of Windows Search. All other versions of Windows Search came with the operating system and can be identified as such.
With regard to Windows Search behavior, Windows Vista (without Windows Search 4.0) and Windows Server 2008 (without Windows Search 4.0) are equivalent. Windows XP, Windows Server 2003, Windows Server 2003 R2 operating system, Windows Vista, Windows Server 2008, and Windows Home Server, all with Windows Search 4.0, are equivalent. Windows 7 and Windows Server 2008 R2 are equivalent. The equivalent versions can be used interchangeably.
Windows XP
Windows Server 2003
Windows Server 2003 R2
Windows Vista
Windows Server 2008
Windows 7
Windows Server 2008 R2
Windows Home Server
Windows 8 operating system
Windows Server 2012 operating system
Windows 8.1 operating system
Windows Server 2012 R2 operating system
Windows 10 operating system
Windows Server 2016 Technical Preview operating system
Exceptions, if any, are noted below. If a service pack or Quick Fix Engineering (QFE) number appears
with the product version, behavior changed in that service pack or QFE. The new behavior also applies to subsequent service packs of the product unless otherwise specified. If a product edition appears with the product version, behavior is different in that product edition.
Unless otherwise specified, any statement of optional behavior in this specification that is prescribed using the terms SHOULD or SHOULD NOT implies product behavior in accordance with the SHOULD or SHOULD NOT prescription. Unless otherwise specified, the term MAY implies that the product does not follow the prescription.
<1> Section 1.8: Windows uses only the values specified in [MS-ERREF].
<2> Section 2.1: Applications typically interact with an OLE DB interface wrapper (as specified in [MSDN-OLEDBP]), for example, a protocol client, and not directly with the protocol.
<3> Section 2.2.1.13: In Windows Vista, the default catalog name is SystemIndex.
<4> Section 2.2.3.1: This value is usually zero, except immediately after indexing has been started or after a notification queue overflows.
<5> Section 2.2.3.2: On Windows-based clients, the
iClientVersion is set as follows.
Value
|
Meaning
|
0x00000102
|
Client OS is either 32-bit Windows Server 2008, or 32-bit Windows Vista.
|
0x00000109
|
Client OS is either 32-bit Windows XP, 32-bit Windows Server 2003, 32-bit Windows Vista with Windows Search 4.0, 32-bit Windows Server 2003 with Windows Search 4.0. All of these versions of Windows are running Windows Search 4.0.
|
0x000010102
|
64-bit version of Windows Vista or Windows Server 2008.
|
0x00010109
|
64-bit version of Windows Vista or Windows Server 2008 with Windows Search 4.0 installed.
|
<6> Section 2.2.3.2: On Windows 7 and Windows Server 2008 R2 operating system, the values are as follows.
Value
|
Meaning
|
0x00000700
|
32-bit Windows 7.
|
0x00010700
|
64-bit Windows 7 or Windows Server 2008 R2.
|
<7> Section 2.2.3.3: On Windows-based clients, the
_serverVersion is set as follows.
Value
|
Meaning
|
0x00000102
|
OS is either 32-bit Windows Server 2008, 32-bit Windows Home Server, or 32-bit Windows Vista – all without Windows Search 4.0 installed.
|
0x00000109
|
OS is either 32-bit Windows XP, 32-bit Windows Server 2003, 32-bit Windows Vista with Windows Search 4.0, 32-bit Windows Server 2003 – all with Windows Search 4.0.
|
0x00010102
|
64-bit version of Windows Vista64-bit Windows Home Server, or Windows Server 2008 – all without Windows Search 4.0 installed.
|
0x00010109
|
64-bit version of Windows Vista or Windows Server 2008 – all with Windows Search 4.0 installed.
|
<8> Section 2.2.3.3: On Windows 7 and Windows Server 2008 R2, the values are as follows.
Value
|
Meaning
|
0x00000700
|
32-bit Windows 7.
|
0x00010700
|
64-bit Windows 7 and Windows Server 2008 R2.
|
<9> Section 2.2.3.3: Introduced with Windows Vista operating system with Service Pack 2 (SP2) and included in Windows 7 and Windows Server 2008 R2.
<10> Section 2.2.3.3: Introduced with Windows Vista SP2 and included in Windows 7 and Windows Server 2008 R2.
<11> Section 2.2.3.3: Introduced with Windows Vista SP2 and included in Windows 7 and Windows Server 2008 R2.
<12> Section 2.2.3.3: Introduced with Windows Vista SP2 and included in Windows 7 and Windows Server 2008 R2.
<13> Section 2.2.3.14: Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 can return zero for this field depending, in part, on when the CPMRatioFinishedIn and CPMRatioFinishedOut messages are exchanged. When zero is returned, the client is assumed to ignore the information, as the correct information is not yet available. Note that Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 require separate installation of Windows Search 4.0 in order for this to be allowed.
<14> Section 2.2.3.15: This field (buffer size) is set in Windows to 0x00004000.
<15> Section 2.2.3.18: Windows Search 4.0 (WS 4.0) does not support CPMSendNotifyOut and does not inform the client. Do not use values of _watchNotify under WS 4.0.
<16> Section 2.2.3.19: Not implemented on Windows Vista. Not implemented on Windows XP with Windows Desktop Search 3.0. Implemented on Windows 7 and Windows Search 4.0.
<17> Section 2.2.3.21: Not implemented on Windows Vista. Not implemented on Windows XP with Windows Desktop Search 3.0. Implemented on Windows 7 and Windows Search 4.0.
<18> Section 2.2.3.23: Not implemented on Windows Vista. Not implemented on Windows XP with Windows Desktop Search 3.0. Implemented on Windows 7 and Windows Search 4.0.
<19> Section 2.2.3.27: This message was added in Windows 7 and Windows Server 2008 R2.
<20> Section 2.2.3.29: This message was added in Windows 7 and Windows Server 2008 R2.
<21> Section 2.2.3.31: This message was added in Windows 7 and Windows Server 2008 R2.
<22> Section 2.2.3.33: This message was added in Windows 7 and Windows Server 2008 R2.
<23> Section 2.2.4: The same pipe connection is used for future messages, except when the error is returned in a CPMConnectOut message. In the latter case, the pipe connection is terminated.
<24> Section 3: Windows Server 2003 can be used for client and server if Windows® Search Version 4 is installed. It can serve as a client if Windows® Desktop Search Version 3 is installed.
Windows XP can be used for client and server if Windows® Search Version 4 is installed. It can serve as a client if Windows® Desktop Search Version 3 is installed.
Windows Home Server uses MS-WSP as a server and ships with Windows® Desktop Search Version 3.
<25> Section 3.1.5.2.1: In versions before Windows 7 and Windows Server 2008 R2, the search service does not check for the existence of the catalog.
<26> Section 3.1.5.2.3: Cursor handles are not checked before Windows 7 and Windows Server 2008 R2. Before Windows 7 and Windows Server 2008 R2, invalid handles stop the search service. Otherwise, the server will return E_FAIL if the ContainsHandle output parameter is not true.
<27> Section 3.1.5.2.4: Cursor handles are not checked before Windows 7 and Windows Server 2008 R2. Before Windows 7 and Windows Server 2008 R2, invalid handles stop the search service. Otherwise, the server will return E_FAIL if the ContainsHandle output parameter is not true.
<28> Section 3.1.5.2.5: Cursor handles are not checked before Windows 7 and Windows Server 2008 R2. Before Windows 7 and Windows Server 2008 R2, invalid handles stop the search service. Otherwise, the server will return E_FAIL if the ContainsHandle output parameter is not true.
<29> Section 3.1.5.2.6: Cursor handles are not checked before Windows 7 and Windows Server 2008 R2. Before Windows 7 and Windows Server 2008 R2, invalid handles stop the search service. Otherwise, the server will return E_FAIL if the ContainsHandle output parameter is not true.
<30> Section 3.1.5.2.6: If the CPMSetBindingsIn call fails with a 32-bit client and a 64-bit server, the error returned MUST be STATUS_INVALID_PARAMETER (0xC000000D) rather than E_UNEXPECTED (0x8000FFFF).
<31> Section 3.1.5.2.8: Cursor handles are not checked before Windows 7 and Windows Server 2008 R2. Before Windows 7 and Windows Server 2008 R2, invalid handles stop the search service. Otherwise, the server will return E_FAIL if the ContainsHandle output parameter is not true.
<32> Section 3.1.5.2.8: Row width is not checked between 32-bit and 64-bit systems in Windows.
<33> Section 3.1.5.2.9: If the server version is Windows 7 or Windows Server 2008 R2 and the client is running on a WSS version: Windows XP or Windows Server 2003 or Windows Server 2003 R2 or Windows Vista or Windows Server 2008 operating system, this functionality is not implemented and the server MUST report an E_NOTIMPL error.
<34> Section 3.1.5.2.13: Windows Vista, Windows Search 4.0, and Windows Server 2008 return ERROR_INVALID_PARAMETER (0x80070057). Windows 7 and Windows Server 2008 R2 return STATUS_INVALID_PARAMETER (0xC000000D).
<35> Section 3.1.7: This is set to false on any machine running Windows 7 and on any machine running Windows Search 4.0. Otherwise, the value is as described in section 2.2.3.5.
<36> Section 3.1.7: STAT_DONE implies that the server is ready to return rows to the client. This is always set to STAT_DONE on any machine running Windows 7 and on any machine running Windows Search 4.0, because the server is always ready to return rows.
On any previous WSS version, STAT_DONE is not returned until the server is completely done processing the query. If the rows are not ready, it will return STAT_BUSY. Once it is returned, any future call to the GetRows abstract interface with the same QueryIdentifier argument will successfully return results, if any are left.
<37> Section 3.1.7: This interface is available only on Windows 7.
<38> Section 3.1.7: This is only implemented on Windows Vista, not on Windows Search 4.0 or Windows 7.
<39> Section 3.1.7: This interface is only available on Windows 7.
<40> Section 3.1.7: This interface is only available on Windows 7.
<41> Section 3.1.7: This interface is only available in Windows 7.
<42> Section 3.1.7: This interface is only available in Windows 7.
<43> Section 3.2.4.2.4: For a 32-bit client talking to a 32-bit server, or a 64-bit client talking to a 64-bit server, this value is set to a memory address of the receiving buffer in the application process. This allows for pointers received in the Rows field of CPMGetRowsOut to be correct memory pointers in a client application process. Otherwise, it is set to 0x00000000.
Change Tracking
This section identifies changes that were made to this document since the last release. Changes are classified as New, Major, Minor,
Editorial, or No change.
The revision class New means that a new document is being released.
The revision class Major means that the technical content in the document was significantly revised. Major changes affect protocol interoperability or implementation. Examples of major changes are:
A document revision that incorporates changes to interoperability requirements or functionality.
The removal of a document from the documentation set.
The revision class
Minor means that the meaning of the technical content was clarified. Minor changes do not affect protocol interoperability or implementation. Examples of minor changes are updates to clarify ambiguity at the sentence, paragraph, or table level.
The revision class Editorial means that the formatting in the technical content was changed. Editorial changes apply to grammatical, formatting, and style issues.
The revision class No change means that no new technical changes were introduced. Minor editorial and formatting changes may have been made, but the technical content of the document is identical to the last released version.
Major and minor changes can be described further using the following change types:
New content added.
Content updated.
Content removed.
New product behavior note added.
Product behavior note updated.
Product behavior note removed.
New protocol syntax added.
Protocol syntax updated.
Protocol syntax removed.
New content added due to protocol revision.
Content updated due to protocol revision.
Content removed due to protocol revision.
New protocol syntax added due to protocol revision.
Protocol syntax updated due to protocol revision.
Protocol syntax removed due to protocol revision.
Obsolete document removed.
Editorial changes are always classified
with the change type Editorially updated.
Some important terms used in the change type descriptions are defined as follows:
Protocol syntax refers to data elements (such as packets, structures, enumerations, and methods) as well as interfaces.
Protocol revision refers to changes made to a protocol that affect the bits that are sent over the wire.
The changes made to this document are listed in the following table. For more information, please contact dochelp@microsoft.com.
Section
|
Tracking number (if applicable) and description
|
Major change (Y or N)
|
Change type
|
2.1 Transport
|
72723 : Updated the value used for the ImpersonationLevel field.
|
Y
|
Content update.
|
2.2 Message Syntax
|
72772 : Updated the values of DBBMK_FIRST and DBBMK_LAST.
|
Y
|
Content update.
|
2.2.1.29 CInGroupSortAggregSet
|
72737 : Updated the datatype of the SortAggregSet field.
|
Y
|
Content update.
|
2.2.3.4 CPMCreateQueryIn
|
72737 : Updated the datatype of the SortSet field.
|
Y
|
Content update.
|
Index
A
Abstract
data model
client 201
server 165
Administration - remote 11
Applicability 12
C
CAggregSet packet 42
CAggregSortKey packet 44
CAggregSpec packet 42
Capability negotiation 12
CBaseStorageVariant packet 16
CCategorizationSet packet 38
CCategorizationSpec packet 38
CCategSpec packet 39
CCoercionRestriction packet 33
CColumnGroup packet 50
CColumnGroupArray packet 50
CColumnSet packet 38
CContentRestriction packet 23
CDbColId packet 46
CDbProp packet 46
CDbPropSet packet 48
CFeedbackRestriction packet 35
CFullPropSpec packet 22
Change tracking 229
CInGroupSortAggregSet packet 45
CInGroupSortAggregSets packet 44
CInternalPropertyRestriction packet 25
Client
abstract data model 201
higher-layer triggered events 202
overview 202
remote Windows search service catalog
management 202
query messages 202
initialization 201
local events 209
message processing
CPMCreateQueryOut response - receiving 206
CPMFetchValueOut response - receiving 207
CPMFindIndicesOut response - receiving 208
CPMFreeCursorOut response - receiving 208
CPMGetRowsetNotifyOut response - receiving 208
CPMGetRowsOut response - receiving 206
CPMGetScopeStatisticsOut response - receiving 208
CPMSetScopePrioritizationOut response - receiving 209
overview 206
other local events 209
sequencing rules
CPMCreateQueryOut response - receiving 206
CPMFetchValueOut response - receiving 207
CPMFindIndicesOut response - receiving 208
CPMFreeCursorOut response - receiving 208
CPMGetRowsetNotifyOut response - receiving 208
CPMGetRowsOut response - receiving 206
CPMGetScopeStatisticsOut response - receiving 208
CPMSetScopePrioritizationOut response - receiving 209
overview 206
timer events 209
timers 201
CNatLanguageRestriction packet 26
CNodeRestriction packet 27
CPidMapper packet 49
CPMCiStateInOut packet 59
CPMCompareBmkIn packet 81
CPMCompareBmkOut packet 82
CPMConnectIn packet 62
CPMConnectOut packet 64
CPMCreateQueryIn packet 65
CPMCreateQueryOut packet 68
CPMDisconnect packet 83
CPMFetchValueIn packet 78
CPMFetchValueOut packet 79
CPMFindIndicesIn packet 84
CPMFindIndicesOut packet 84
CPMFreeCursorIn packet 83
CPMFreeCursorOut packet 83
CPMGetApproximatePositionIn packet 81
CPMGetApproximatePositionOut packet 81
CPMGetNotify packet 80
CPMGetQueryStatusExIn packet 69
CPMGetQueryStatusExOut packet 70
CPMGetQueryStatusIn packet 68
CPMGetQueryStatusOut packet 68
CPMGetRowsetNotifyIn message 85
CPMGetRowsetNotifyOut packet 85
CPMGetRowsIn packet 72
CPMGetRowsOut packet 74
CPMGetScopeStatisticsIn message 87
CPMGetScopeStatisticsOut packet 88
CPMRatioFinishedIn packet 77
CPMRatioFinishedOut packet 78
CPMRestartPositionIn packet 83
CPMSendNotifyOut packet 80
CPMSetBindingsIn packet 71
CPMSetScopePrioritizationIn packet 87
CPMSetScopePrioritizationOut message 87
CProbRestriction packet 34
CPropertyRestriction packet 27
CRangeCategSpec packet 40
CRelDocRestriction packet 33
CRestriction packet 36
CRestrictionArray packet 35
CReuseWhere packet 30
CRowSeekAt packet 51
CRowSeekAtRatio packet 52
CRowSeekByBookmark packet 52
CRowSeekNext packet 53
CRowsetProperties packet 53
CRowVariant packet 54
CScopeRestriction packet 30
CSort packet 31
CSortAggregSet packet 44
CSortSet packet 55
CTableColumn packet 55
CVectorRestriction packet 32
D
Data model - abstract
client 201
server 165
DECIMAL packet 19
E
Errors message 88
Errors packet 88
Examples - query example 210
F
Fields - vendor-extensible 13
G
Glossary 8
H
Headers - message 58
Higher-layer triggered events
client 202
overview 202
remote Windows search service catalog
management 202
query messages 202
server 166
I
IDs - property 13
Implementer - security considerations 224
Index of security parameters 224
Informative references 10
Initialization
client 201
server 166
Introduction 8
L
Local events
client 209
server 183
M
Message Headers message 58
Message processing
client
CPMCreateQueryOut response - receiving 206
CPMFetchValueOut response - receiving 207
CPMFindIndicesOut response - receiving 208
CPMFreeCursorOut response - receiving 208
CPMGetRowsetNotifyOut response - receiving 208
CPMGetRowsOut response - receiving 206
CPMGetScopeStatisticsOut response - receiving 208
CPMSetScopePrioritizationOut response - receiving 209
overview 206
server
overview 166
remote
Windows search service
catalog management 168
querying 169
Message_Headers packet 58
Messages
descriptions 59
Errors 88
headers 58
Message Headers 58
overview 14
Standard Properties 89
Structures 14
syntax 14
transport 14
N
Normative references 10
O
Open properties 90
Other local events
client 209
server 183
Overview (synopsis) 11
P
packet 57
Parameter index - security 224
Parameters - security index 224
Preconditions 12
Prerequisites 12
Product behavior 225
Properties
open 90
query 90
standard 89
Property IDs 13
Protocol Details
overview 164
Q
Query
example 210
properties 90
Querying - remote 11
R
RANGEBOUNDARY packet 41
References 10
informative 10
normative 10
Relationship to other protocols 12
Remote administration 11
Remote querying 11
S
SAFEARRAY packet 20
SAFEARRAY2 packet 21
SAFEARRAYBOUND packet 21
Security
implementer considerations 224
overview 224
parameter index 224
Sequencing rules
client
CPMCreateQueryOut response - receiving 206
CPMFetchValueOut response - receiving 207
CPMFindIndicesOut response - receiving 208
CPMFreeCursorOut response - receiving 208
CPMGetRowsetNotifyOut response - receiving 208
CPMGetRowsOut response - receiving 206
CPMGetScopeStatisticsOut response - receiving 208
CPMSetScopePrioritizationOut response - receiving 209
overview 206
overview 164
server
overview 166
remote Windows search service
catalog management 168
querying 169
SERIALIZEDPROPERTYVALUE packet 57
Server
abstract data model 165
higher-layer triggered events 166
initialization 166
local events 183
message processing
overview 166
remote Windows search service
catalog management 168
querying 169
other local events 183
sequencing rules
overview 166
remote Windows search service
catalog management 168
querying 169
timer events 183
timers 166
SProperty packet 51
Standard properties 89
Standard Properties message 89
Standards assignments 13
Structures 14
Structures message 14
Syntax - message 14
T
Timer events
client 209
server 183
Timers
client 201
server 166
Tracking changes 229
Transport 14
Triggered events - higher-layer
client 202
overview 202
remote Windows search service catalog
management 202
query messages 202
server 166
V
Vendor-extensible fields 13
Versioning 12
VT_COMPRESSED_LPWSTR packet 22
VT_Vector packet 20
