/[smeserver]/rpms/samba/sme10/samba-v4.7-config-dynamic-rpc-port-range.patch
ViewVC logotype

Annotation of /rpms/samba/sme10/samba-v4.7-config-dynamic-rpc-port-range.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.2 - (hide annotations) (download)
Wed Aug 9 04:48:55 2023 UTC (15 months, 2 weeks ago) by jpp
Branch: MAIN
CVS Tags: HEAD
Changes since 1.1: +0 -0 lines
FILE REMOVED
Initial import

1 jpp 1.1 From 1f192fad31923af2bec692ded84e46add5bde76b Mon Sep 17 00:00:00 2001
2     From: Andreas Schneider <asn@samba.org>
3     Date: Mon, 16 Jan 2017 11:43:12 +0100
4     Subject: [PATCH 1/2] rpc_server: Use the RPC TCPIP ports of Windows
5    
6     Since Windows Server 2008 Microsoft uses a different port range for RPC
7     services. Before it was 1024-65535 and they changed it to 49152-65535.
8    
9     We should use the same range as these are the ports the firewall in AD
10     networks normally allow.
11    
12     BUG: https://bugzilla.samba.org/show_bug.cgi?id=12521
13    
14     Signed-off-by: Andreas Schneider <asn@samba.org>
15     Reviewed-by: Stefan Metzmacher <metze@samba.org>
16     (cherry picked from commit 35dfa5c6e2bf60f8f1efda5eb7026cabe8bf5ba3)
17     ---
18     source3/rpc_server/rpc_server.c | 4 ++--
19     source4/smbd/service_stream.c | 4 ++--
20     2 files changed, 4 insertions(+), 4 deletions(-)
21    
22     diff --git a/source3/rpc_server/rpc_server.c b/source3/rpc_server/rpc_server.c
23     index 5effe66d9bb..37fe68fc36d 100644
24     --- a/source3/rpc_server/rpc_server.c
25     +++ b/source3/rpc_server/rpc_server.c
26     @@ -34,8 +34,8 @@
27     #include "rpc_server/srv_pipe_hnd.h"
28     #include "rpc_server/srv_pipe.h"
29    
30     -#define SERVER_TCP_LOW_PORT 1024
31     -#define SERVER_TCP_HIGH_PORT 1300
32     +#define SERVER_TCP_LOW_PORT 49152
33     +#define SERVER_TCP_HIGH_PORT 65535
34    
35     /* Creates a pipes_struct and initializes it with the information
36     * sent from the client */
37     diff --git a/source4/smbd/service_stream.c b/source4/smbd/service_stream.c
38     index f0a379acf6a..96a303fc6a9 100644
39     --- a/source4/smbd/service_stream.c
40     +++ b/source4/smbd/service_stream.c
41     @@ -30,8 +30,8 @@
42     #include "lib/util/util_net.h"
43    
44     /* the range of ports to try for dcerpc over tcp endpoints */
45     -#define SERVER_TCP_LOW_PORT 1024
46     -#define SERVER_TCP_HIGH_PORT 1300
47     +#define SERVER_TCP_LOW_PORT 49152
48     +#define SERVER_TCP_HIGH_PORT 65535
49    
50     /* size of listen() backlog in smbd */
51     #define SERVER_LISTEN_BACKLOG 10
52     --
53     2.11.0
54    
55    
56     From a48a358caa69d42191f285c1b28ba52b00d4e230 Mon Sep 17 00:00:00 2001
57     From: Andreas Schneider <asn@samba.org>
58     Date: Mon, 16 Jan 2017 12:05:09 +0100
59     Subject: [PATCH 2/2] rpc_server: Allow to configure the port range for RPC
60     services
61    
62     BUG: https://bugzilla.samba.org/show_bug.cgi?id=12521
63    
64     Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
65    
66     Signed-off-by: Andreas Schneider <asn@samba.org>
67     Signed-off-by: Stefan Metzmacher <metze@samba.org>
68     (cherry picked from commit 9d60ad53b809281a5a6f6ad82a0daea99c989f2d)
69     ---
70     docs-xml/smbdotconf/protocol/rpcserverport.xml | 14 +++++--
71     .../smbdotconf/rpc/rpcserverdynamicportrange.xml | 22 ++++++++++
72     lib/param/loadparm.c | 47 ++++++++++++++++++++++
73     lib/param/loadparm.h | 9 ++++-
74     lib/param/param.h | 3 ++
75     python/samba/tests/docs.py | 11 +++--
76     source3/include/proto.h | 2 +
77     source3/param/loadparm.c | 16 ++++++++
78     source3/rpc_server/rpc_server.c | 5 +--
79     source4/smbd/service_stream.c | 8 ++--
80     10 files changed, 120 insertions(+), 17 deletions(-)
81     create mode 100644 docs-xml/smbdotconf/rpc/rpcserverdynamicportrange.xml
82    
83     diff --git a/docs-xml/smbdotconf/protocol/rpcserverport.xml b/docs-xml/smbdotconf/protocol/rpcserverport.xml
84     index 8a70835612f..0fd87d69212 100644
85     --- a/docs-xml/smbdotconf/protocol/rpcserverport.xml
86     +++ b/docs-xml/smbdotconf/protocol/rpcserverport.xml
87     @@ -4,11 +4,19 @@
88     xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
89     <description>
90     <para>Specifies which port the server should listen on for DCE/RPC over TCP/IP traffic.</para>
91     - <para>This controls default port for all protocols, except for NETLOGON. If unset, the first available port after 1024 is used.</para>
92     - <para>The NETLOGON server will use the next available port, eg 1025. To change this port use (eg) rpc server port:netlogon = 4000.</para>
93     + <para>This controls the default port for all protocols, except for NETLOGON.</para>
94     + <para>If unset, the first available port from <smbconfoption name="rpc server dynamic port range"/> is used, e.g. 49152.</para>
95     + <para>The NETLOGON server will use the next available port, e.g. 49153. To change this port use (eg) rpc server port:netlogon = 4000.</para>
96     <para>Furthermore, all RPC servers can have the port they use specified independenty, with (for example) rpc server port:drsuapi = 5000.</para>
97    
98     + <para>This option applies currently only when
99     + <citerefentry><refentrytitle>samba</refentrytitle> <manvolnum>8</manvolnum></citerefentry>
100     + runs as an active directory domain controller.</para>
101     +
102     + <para>The default value 0 causes Samba to select the first available port from <smbconfoption name="rpc server dynamic port range"/>.</para>
103     </description>
104     -<para>The default value 0 causes Samba to select the first available port after 1024.</para>
105     +
106     +<related>rpc server dynamic port range</related>
107     +
108     <value type="default">0</value>
109     </samba:parameter>
110     diff --git a/docs-xml/smbdotconf/rpc/rpcserverdynamicportrange.xml b/docs-xml/smbdotconf/rpc/rpcserverdynamicportrange.xml
111     new file mode 100644
112     index 00000000000..a9c51d2fe41
113     --- /dev/null
114     +++ b/docs-xml/smbdotconf/rpc/rpcserverdynamicportrange.xml
115     @@ -0,0 +1,22 @@
116     +<samba:parameter name="rpc server dynamic port range"
117     + context="G"
118     + type="string"
119     + handler="handle_rpc_server_dynamic_port_range"
120     + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
121     +<description>
122     + <para>
123     + This parameter tells the RPC server which port range it is
124     + allowed to use to create a listening socket for LSA, SAM,
125     + Netlogon and others without wellknown tcp ports.
126     + The first value is the lowest number of the port
127     + range and the second the hightest.
128     + </para>
129     + <para>
130     + This applies to RPC servers in all server roles.
131     + </para>
132     +</description>
133     +
134     +<related>rpc server port</related>
135     +
136     +<value type="default">49152-65535</value>
137     +</samba:parameter>
138     diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
139     index 6aa757f7c6b..3b54ff232aa 100644
140     --- a/lib/param/loadparm.c
141     +++ b/lib/param/loadparm.c
142     @@ -83,6 +83,16 @@ struct loadparm_service *lpcfg_default_service(struct loadparm_context *lp_ctx)
143     return lp_ctx->sDefault;
144     }
145    
146     +int lpcfg_rpc_low_port(struct loadparm_context *lp_ctx)
147     +{
148     + return lp_ctx->globals->rpc_low_port;
149     +}
150     +
151     +int lpcfg_rpc_high_port(struct loadparm_context *lp_ctx)
152     +{
153     + return lp_ctx->globals->rpc_high_port;
154     +}
155     +
156     /**
157     * Convenience routine to grab string parameters into temporary memory
158     * and run standard_sub_basic on them.
159     @@ -1435,6 +1445,37 @@ bool handle_smb_ports(struct loadparm_context *lp_ctx, struct loadparm_service *
160     return true;
161     }
162    
163     +bool handle_rpc_server_dynamic_port_range(struct loadparm_context *lp_ctx,
164     + struct loadparm_service *service,
165     + const char *pszParmValue,
166     + char **ptr)
167     +{
168     + int low_port = -1, high_port = -1;
169     + int rc;
170     +
171     + if (pszParmValue == NULL || pszParmValue[0] == '\0') {
172     + return false;
173     + }
174     +
175     + rc = sscanf(pszParmValue, "%d - %d", &low_port, &high_port);
176     + if (rc != 2) {
177     + return false;
178     + }
179     +
180     + if (low_port > high_port) {
181     + return false;
182     + }
183     +
184     + if (low_port < SERVER_TCP_PORT_MIN|| high_port > SERVER_TCP_PORT_MAX) {
185     + return false;
186     + }
187     +
188     + lp_ctx->globals->rpc_low_port = low_port;
189     + lp_ctx->globals->rpc_high_port = high_port;
190     +
191     + return true;
192     +}
193     +
194     bool handle_smb2_max_credits(struct loadparm_context *lp_ctx,
195     struct loadparm_service *service,
196     const char *pszParmValue, char **ptr)
197     @@ -2498,6 +2539,8 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
198     lp_ctx->globals = talloc_zero(lp_ctx, struct loadparm_global);
199     /* This appears odd, but globals in s3 isn't a pointer */
200     lp_ctx->globals->ctx = lp_ctx->globals;
201     + lp_ctx->globals->rpc_low_port = SERVER_TCP_LOW_PORT;
202     + lp_ctx->globals->rpc_high_port = SERVER_TCP_HIGH_PORT;
203     lp_ctx->sDefault = talloc_zero(lp_ctx, struct loadparm_service);
204     lp_ctx->flags = talloc_zero_array(lp_ctx, unsigned int, num_parameters());
205    
206     @@ -2902,6 +2945,10 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
207    
208     lpcfg_do_global_parameter(lp_ctx, "kerberos encryption types", "all");
209    
210     + lpcfg_do_global_parameter(lp_ctx,
211     + "rpc server dynamic port range",
212     + "49152-65535");
213     +
214     /* Allow modules to adjust defaults */
215     for (defaults_hook = defaults_hooks; defaults_hook;
216     defaults_hook = defaults_hook->next) {
217     diff --git a/lib/param/loadparm.h b/lib/param/loadparm.h
218     index f9fb7d8d804..c63683d6b66 100644
219     --- a/lib/param/loadparm.h
220     +++ b/lib/param/loadparm.h
221     @@ -194,6 +194,11 @@ enum printing_types {PRINT_BSD,PRINT_SYSV,PRINT_AIX,PRINT_HPUX,
222     #endif /* DEVELOPER */
223     };
224    
225     +#define SERVER_TCP_LOW_PORT 49152
226     +#define SERVER_TCP_HIGH_PORT 65535
227     +
228     +#define SERVER_TCP_PORT_MIN 1024
229     +#define SERVER_TCP_PORT_MAX 65535
230    
231    
232    
233     @@ -272,7 +277,9 @@ enum inheritowner_options {
234     #define LOADPARM_EXTRA_GLOBALS \
235     struct parmlist_entry *param_opt; \
236     char *dnsdomain; \
237     - char *realm_original;
238     + char *realm_original; \
239     + int rpc_low_port; \
240     + int rpc_high_port;
241    
242     const char* server_role_str(uint32_t role);
243     int lp_find_server_role(int server_role, int security, int domain_logons, int domain_master);
244     diff --git a/lib/param/param.h b/lib/param/param.h
245     index 66037e2ef1b..e123e67a990 100644
246     --- a/lib/param/param.h
247     +++ b/lib/param/param.h
248     @@ -313,6 +313,9 @@ void lpcfg_default_kdc_policy(struct loadparm_context *lp_ctx,
249     time_t *usr_tkt_lifetime,
250     time_t *renewal_lifetime);
251    
252     +int lpcfg_rpc_port_low(struct loadparm_context *lp_ctx);
253     +int lpcfg_rpc_port_high(struct loadparm_context *lp_ctx);
254     +
255     /* The following definitions come from lib/version.c */
256    
257     const char *samba_version_string(void);
258     diff --git a/python/samba/tests/docs.py b/python/samba/tests/docs.py
259     index 22e022583f6..65df573a350 100644
260     --- a/python/samba/tests/docs.py
261     +++ b/python/samba/tests/docs.py
262     @@ -108,7 +108,7 @@ class SmbDotConfTests(TestCase):
263     'lprm command', 'lpq command', 'print command', 'template homedir',
264     'spoolss: os_major', 'spoolss: os_minor', 'spoolss: os_build',
265     'max open files', 'fss: prune stale', 'fss: sequence timeout',
266     - 'include system krb5 conf'])
267     + 'include system krb5 conf', 'rpc server dynamic port range'])
268    
269     def setUp(self):
270     super(SmbDotConfTests, self).setUp()
271     @@ -162,14 +162,16 @@ class SmbDotConfTests(TestCase):
272     exceptions = ['client lanman auth',
273     'client plaintext auth',
274     'registry shares',
275     - 'smb ports'])
276     + 'smb ports',
277     + 'rpc server dynamic port range'])
278     self._test_empty(['bin/testparm'])
279    
280     def test_default_s4(self):
281     self._test_default(['bin/samba-tool', 'testparm'])
282     self._set_defaults(['bin/samba-tool', 'testparm'])
283     self._set_arbitrary(['bin/samba-tool', 'testparm'],
284     - exceptions = ['smb ports'])
285     + exceptions = ['smb ports',
286     + 'rpc server dynamic port range'])
287     self._test_empty(['bin/samba-tool', 'testparm'])
288    
289     def _test_default(self, program):
290     @@ -178,6 +180,7 @@ class SmbDotConfTests(TestCase):
291    
292     for tuples in self.defaults:
293     param, default, context, param_type = tuples
294     +
295     if param in self.special_cases:
296     continue
297     section = None
298     @@ -206,7 +209,7 @@ class SmbDotConfTests(TestCase):
299     for tuples in self.defaults:
300     param, default, context, param_type = tuples
301    
302     - if param in ['printing']:
303     + if param in ['printing', 'rpc server dynamic port range']:
304     continue
305    
306     section = None
307     diff --git a/source3/include/proto.h b/source3/include/proto.h
308     index 642900ed67c..b3d3ca0e5d1 100644
309     --- a/source3/include/proto.h
310     +++ b/source3/include/proto.h
311     @@ -889,6 +889,8 @@ int lp_client_ipc_signing(void);
312     int lp_smb2_max_credits(void);
313     int lp_cups_encrypt(void);
314     bool lp_widelinks(int );
315     +int lp_rpc_low_port(void);
316     +int lp_rpc_high_port(void);
317    
318     int lp_wi_scan_global_parametrics(
319     const char *regex, size_t max_matches,
320     diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
321     index d8da749ccba..2c8380067f6 100644
322     --- a/source3/param/loadparm.c
323     +++ b/source3/param/loadparm.c
324     @@ -933,6 +933,12 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
325    
326     Globals.aio_max_threads = 100;
327    
328     + lpcfg_string_set(Globals.ctx,
329     + &Globals.rpc_server_dynamic_port_range,
330     + "49152-65535");
331     + Globals.rpc_low_port = SERVER_TCP_LOW_PORT;
332     + Globals.rpc_high_port = SERVER_TCP_HIGH_PORT;
333     +
334     /* Now put back the settings that were set with lp_set_cmdline() */
335     apply_lp_set_cmdline();
336     }
337     @@ -4552,6 +4558,16 @@ int lp_client_ipc_signing(void)
338     return client_ipc_signing;
339     }
340    
341     +int lp_rpc_low_port(void)
342     +{
343     + return Globals.rpc_low_port;
344     +}
345     +
346     +int lp_rpc_high_port(void)
347     +{
348     + return Globals.rpc_high_port;
349     +}
350     +
351     struct loadparm_global * get_globals(void)
352     {
353     return &Globals;
354     diff --git a/source3/rpc_server/rpc_server.c b/source3/rpc_server/rpc_server.c
355     index 37fe68fc36d..f7fb8ef5207 100644
356     --- a/source3/rpc_server/rpc_server.c
357     +++ b/source3/rpc_server/rpc_server.c
358     @@ -34,9 +34,6 @@
359     #include "rpc_server/srv_pipe_hnd.h"
360     #include "rpc_server/srv_pipe.h"
361    
362     -#define SERVER_TCP_LOW_PORT 49152
363     -#define SERVER_TCP_HIGH_PORT 65535
364     -
365     /* Creates a pipes_struct and initializes it with the information
366     * sent from the client */
367     int make_server_pipes_struct(TALLOC_CTX *mem_ctx,
368     @@ -608,7 +605,7 @@ int create_tcpip_socket(const struct sockaddr_storage *ifss, uint16_t *port)
369     if (*port == 0) {
370     uint16_t i;
371    
372     - for (i = SERVER_TCP_LOW_PORT; i <= SERVER_TCP_HIGH_PORT; i++) {
373     + for (i = lp_rpc_low_port(); i <= lp_rpc_high_port(); i++) {
374     fd = open_socket_in(SOCK_STREAM,
375     i,
376     0,
377     diff --git a/source4/smbd/service_stream.c b/source4/smbd/service_stream.c
378     index 96a303fc6a9..deb96d8d69d 100644
379     --- a/source4/smbd/service_stream.c
380     +++ b/source4/smbd/service_stream.c
381     @@ -29,10 +29,6 @@
382     #include "../lib/tsocket/tsocket.h"
383     #include "lib/util/util_net.h"
384    
385     -/* the range of ports to try for dcerpc over tcp endpoints */
386     -#define SERVER_TCP_LOW_PORT 49152
387     -#define SERVER_TCP_HIGH_PORT 65535
388     -
389     /* size of listen() backlog in smbd */
390     #define SERVER_LISTEN_BACKLOG 10
391    
392     @@ -331,7 +327,9 @@ NTSTATUS stream_setup_socket(TALLOC_CTX *mem_ctx,
393     if (!port) {
394     status = socket_listen(stream_socket->sock, socket_address, SERVER_LISTEN_BACKLOG, 0);
395     } else if (*port == 0) {
396     - for (i=SERVER_TCP_LOW_PORT;i<= SERVER_TCP_HIGH_PORT;i++) {
397     + for (i = lpcfg_rpc_low_port(lp_ctx);
398     + i <= lpcfg_rpc_high_port(lp_ctx);
399     + i++) {
400     socket_address->port = i;
401     status = socket_listen(stream_socket->sock, socket_address,
402     SERVER_LISTEN_BACKLOG, 0);
403     --
404     2.11.0
405    

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed