FW: samba port 135 conflict with dce service on hpux

Jeremy Allison jra at samba.org
Tue Jan 16 23:48:18 UTC 2018 

On Wed, Jan 17, 2018 at 07:14:05AM +1300, Andrew Bartlett wrote:
> On Tue, 2018-01-16 at 09:12 -0800, Jeremy Allison wrote:
> > On Tue, Jan 16, 2018 at 04:49:56AM +0000, Kumar, Arjit (SSTO) via samba-technical wrote:
> > > Hi Andrew,
> > > 
> > > 
> > > 
> > > dced/rpcd provides below services depending on how it is invoked.
> > > 
> > > ·         Endpoint Mapper
> > > 
> > > ·         Local Location Broker
> > > 
> > > ·         Host Data Management
> > > 
> > > ·         Server Management
> > > 
> > > ·         Security Validation
> > > 
> > > ·         Key Table Management
> > > 
> > > 
> > > 
> > > For more details of dced or services please refer dced(1m)<http://nixdoc.net/man-pages/HP-UX/dced.1m.html>.
> > 
> > How hard would it be to port these services to Samba,
> > so that you can use the Samba DCE-RPC implementation
> > as-is ? You need the IDL plus a backend implementation
> > inside Samba.
> > 
> > Might not be harder than doing the reverse, plus the
> > DCE-RPC implementation I would bet is a lot more secure
> > than the old OSF code (at least people have already
> > had a go at bashing our implementation with security
> > review :-).
> 
> G'Day Jeremy,
> 
> Even that much might not be needed.  To use Samba's endpoint mapper the
> HP-UX services just have to be able to register with us.  This (mostly
> the work to have Samba accept such registrations) might not be any more
> work than having Samba use the external one.  
> 
> (The source3 endpoint mapper can accept registrations I think, but as
> the source4 code never learnt how to make them it isn't used in the AD
> DC). 
> 
> Thankfully the endpoint mapper is one of the most boring parts of Samba
> (which is naturally why we have two of them) and likely behaves
> similarly enough between the original OSF code and Samba.  The only
> 'special' thing on Samba's side in terms of externally visible features
> would be authentication, but I can't ever recall seeing authentication
> to port 135.
> 
> Beyond all that, this is simply a matter of programming (unlike say if
> someone wanted to share the LDAP port...). 

Oh if we already have the epm registration in source3 then
it shouldn't be too hard to fix it up in the samba daemon.

More information about the samba-technical mailing list