From 19ecd52f99e908d93ab4759e6f21e03cf79d8f68 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 12 Sep 2023 18:59:44 +1200
Subject: [PATCH 1/3] s4-rpc_server: Disable rpcecho server by default

The rpcecho server is useful in development and testing, but should never
have been allowed into production, as it includes the facility to
do a blocking sleep() in the single-threaded rpc worker.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15474
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
---
 docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml | 2 +-
 lib/param/loadparm.c                                   | 2 +-
 selftest/target/Samba4.pm                              | 2 +-
 source3/param/loadparm.c                               | 2 +-
 source4/rpc_server/wscript_build                       | 3 ++-
 5 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml b/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml
index 8a217cc7f11..c6642b795fd 100644
--- a/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml
+++ b/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml
@@ -6,6 +6,6 @@
 	<para>Specifies which DCE/RPC endpoint servers should be run.</para>
 </description>
 
-<value type="default">epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver</value>
+<value type="default">epmapper, wkssvc, samr, netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver</value>
 <value type="example">rpcecho</value>
 </samba:parameter>
diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
index 447087911b5..02eef6929d0 100644
--- a/lib/param/loadparm.c
+++ b/lib/param/loadparm.c
@@ -2730,7 +2730,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
 	lpcfg_do_global_parameter(lp_ctx, "ntvfs handler", "unixuid default");
 	lpcfg_do_global_parameter(lp_ctx, "max connections", "0");
 
-	lpcfg_do_global_parameter(lp_ctx, "dcerpc endpoint servers", "epmapper wkssvc rpcecho samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver");
+	lpcfg_do_global_parameter(lp_ctx, "dcerpc endpoint servers", "epmapper wkssvc samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver");
 	lpcfg_do_global_parameter(lp_ctx, "server services", "s3fs rpc nbt wrepl ldap cldap kdc drepl winbindd ntp_signd kcc dnsupdate dns");
 	lpcfg_do_global_parameter(lp_ctx, "kccsrv:samba_kcc", "true");
 	/* the winbind method for domain controllers is for both RODC
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index 0bd77e906d5..a10c1313322 100755
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -783,7 +783,7 @@ sub provision_raw_step1($$)
 	wins support = yes
 	server role = $ctx->{server_role}
 	server services = +echo $services
-        dcerpc endpoint servers = +winreg +srvsvc
+        dcerpc endpoint servers = +winreg +srvsvc +rpcecho
 	notify:inotify = false
 	ldb:nosync = true
 	ldap server require strong auth = yes
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 68e20729661..306528d95b3 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -883,7 +883,7 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
 
 	Globals.server_services = str_list_make_v3_const(NULL, "s3fs rpc nbt wrepl ldap cldap kdc drepl winbindd ntp_signd kcc dnsupdate dns", NULL);
 
-	Globals.dcerpc_endpoint_servers = str_list_make_v3_const(NULL, "epmapper wkssvc rpcecho samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver", NULL);
+	Globals.dcerpc_endpoint_servers = str_list_make_v3_const(NULL, "epmapper wkssvc samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver", NULL);
 
 	Globals.tls_enabled = true;
 	Globals.tls_verify_peer = TLS_VERIFY_PEER_AS_STRICT_AS_POSSIBLE;
diff --git a/source4/rpc_server/wscript_build b/source4/rpc_server/wscript_build
index 0e44a3c2bae..31ec4f60c9a 100644
--- a/source4/rpc_server/wscript_build
+++ b/source4/rpc_server/wscript_build
@@ -33,7 +33,8 @@ bld.SAMBA_MODULE('dcerpc_rpcecho',
                  source='echo/rpc_echo.c',
                  subsystem='dcerpc_server',
                  init_function='dcerpc_server_rpcecho_init',
-                 deps='ndr-standard events'
+                 deps='ndr-standard events',
+                 enabled=bld.CONFIG_GET('ENABLE_SELFTEST')
                  )
 
 
-- 
2.25.1


From 828b9347d6b2c1c17947e350dbea294801528955 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 12 Sep 2023 19:01:03 +1200
Subject: [PATCH 2/3] s3-rpc_server: Disable rpcecho for consistency with the
 AD DC

The rpcecho server in source3 does have samba the sleep() feature that
the s4 version has, but the task architecture is different, so there
is not the same impact.  Hoever equally this is not something that
should be enabled on production builds of Samba, so restrict to
selftest builds.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15474

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
---
 source3/rpc_server/wscript_build | 1 +
 1 file changed, 1 insertion(+)

diff --git a/source3/rpc_server/wscript_build b/source3/rpc_server/wscript_build
index 341df41a321..1780dd9e1e3 100644
--- a/source3/rpc_server/wscript_build
+++ b/source3/rpc_server/wscript_build
@@ -38,6 +38,7 @@ bld.SAMBA3_BINARY('rpcd_rpcecho',
                   RPC_WORKER
                   RPC_RPCECHO
                   ''',
+                  enabled=bld.CONFIG_GET('ENABLE_SELFTEST'),
                   install_path='${SAMBA_LIBEXECDIR}')
 
 bld.SAMBA3_BINARY('rpcd_classic',
-- 
2.25.1


From 9385a6973b5eb54a4c9bdb54fbd80fee8c0fb2ef Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 12 Sep 2023 19:03:10 +1200
Subject: [PATCH 3/3] s4-echo: Remove the "echo" server (port 7, RFC 862) in
 production builds

This demonstration should never be enabled in production, if
echo service is required other software is far better positioned
to provide it.  Reflection attacks on echo are a known issue.

This is removed for consistency with the removal of rpcecho, but was
never enabled in the default smb.conf so is mostly harmless.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
---
 source4/echo_server/wscript_build | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source4/echo_server/wscript_build b/source4/echo_server/wscript_build
index 8c40ec8c418..3d70f0c397a 100644
--- a/source4/echo_server/wscript_build
+++ b/source4/echo_server/wscript_build
@@ -6,5 +6,5 @@ bld.SAMBA_MODULE('ECHO',
         init_function='server_service_echo_init',
         deps='samba-hostconfig LIBTSOCKET LIBSAMBA_TSOCKET',
         local_include=False,
-        enabled=bld.AD_DC_BUILD_IS_ENABLED()
+        enabled=bld.CONFIG_GET('ENABLE_SELFTEST'),
         )
-- 
2.25.1