FW: samba port 135 conflict with dce service on hpux

Andrew Bartlett abartlet at samba.org
Tue Jan 16 18:14:05 UTC 2018 

On Tue, 2018-01-16 at 09:12 -0800, Jeremy Allison wrote:
> On Tue, Jan 16, 2018 at 04:49:56AM +0000, Kumar, Arjit (SSTO) via samba-technical wrote:
> > Hi Andrew,
> > 
> > 
> > 
> > dced/rpcd provides below services depending on how it is invoked.
> > 
> > ·         Endpoint Mapper
> > 
> > ·         Local Location Broker
> > 
> > ·         Host Data Management
> > 
> > ·         Server Management
> > 
> > ·         Security Validation
> > 
> > ·         Key Table Management
> > 
> > 
> > 
> > For more details of dced or services please refer dced(1m)<http://nixdoc.net/man-pages/HP-UX/dced.1m.html>.
> 
> How hard would it be to port these services to Samba,
> so that you can use the Samba DCE-RPC implementation
> as-is ? You need the IDL plus a backend implementation
> inside Samba.
> 
> Might not be harder than doing the reverse, plus the
> DCE-RPC implementation I would bet is a lot more secure
> than the old OSF code (at least people have already
> had a go at bashing our implementation with security
> review :-).

G'Day Jeremy,

Even that much might not be needed.  To use Samba's endpoint mapper the
HP-UX services just have to be able to register with us.  This (mostly
the work to have Samba accept such registrations) might not be any more
work than having Samba use the external one.  

(The source3 endpoint mapper can accept registrations I think, but as
the source4 code never learnt how to make them it isn't used in the AD
DC). 

Thankfully the endpoint mapper is one of the most boring parts of Samba
(which is naturally why we have two of them) and likely behaves
similarly enough between the original OSF code and Samba.  The only
'special' thing on Samba's side in terms of externally visible features
would be authentication, but I can't ever recall seeing authentication
to port 135.

Beyond all that, this is simply a matter of programming (unlike say if
someone wanted to share the LDAP port...). 

I never imagined I would be actively assisting getting Samba going on
proprietary Unix, having started in this game just as Linux took off,
but we live in interesting times ;-)

Andrew Bartlett
-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba-technical mailing list