Allow non-privileged execution

[j4m3z0r]

Hi there, I'm interested in using SMBLibrary for a project I'm working on, but I'm a bit wary of running privileged code unnecessarily. Similarly, I'm not a huge fan of running my IDE as root to be able to debug my code. However, unless I do, attempts to listen to port 139/445 fail (I'm on Linux, though I imagine it's similar on other operating systems).

Is it possible to add some kind of mechanism for allowing a non-privileged mode? I appreciate that the SMB spec requires listening on those ports, but I'm wondering if it would work to allow listening on port 1139/1445 (say), and then forward data using something like xinetd.

In terms of implementation, it looks like this might be as straightforward as making SMBServer.Start a virtual method. Or maybe making NetBiosOverTCPPort and DirectTCPPort virtual readonly rather than const (or both! :))

Thoughts?

[TalAloni]

Hi James,
I believe that using ports 139 / 445, even if it means running in privileged mode, is the most viable option to get started when using the library on those platforms with limited access to those ports.
If there is indeed a situation where you prefer using other ports (> 1023) and utilize port forwarding, it seems too specific and you should make your own changes to the code, it's not common enough for the library IMO.

[j4m3z0r]

Hi Tal,

Thanks for the thoughtful reply. I spent some more time looking at this today and realized that it's really only viable to do port forwarding for Direct TCP mode, since NetBIOS mode requires root permissions for packets sent from the server, which can't easily be forwarded.

The solution I ended up with was just to change DirectTCPPort from a const int to a virtual property. This allows inheriting from the SMBServer class and setting the port very easily, without adding any obfuscation. For what it's worth, I also looked at adding another method in my inherited class to start the server which listens on a different port, but all the fields on SMBServer are private, so that would have been a much more disruptive change.

I'll send a PR, in case you decide that a one line change is acceptable -- feel free to delete it if you like. I'm happy to fork the project if need be, but I'm not sure it's worth it for a one line diff, and this makes it much easier to work with on Unixy systems (eg: my IDE won't load when I launch it as root).

Thanks for such an awesome library! :)

[TalAloni]

Thanks James,
As the one who provide support for the library, I really want to avoid confusion about the SMB protocol.
I locked down the port selection in the first place because I saw too much evidence that programmers are not familiar with the capabilities and limitations of the SMB protocol (which are not easily understandable).
I do see the value in your change, it's practical and useful, but from an educational point of view it works against me.
It seems odd to me that your IDE won't load when launched as root, you should definitely send a PR to them :)
Seriously though, many programs require elevation to perform various functions, and IDEs (including MonoDevelop) generally can run and debug as superuser under Linux.

[JiGDk7Jb4XpiF25SQ]

Starting in Linux 4.11 you can use sysfs (/proc/sys/net/ipv4/ip_unprivileged_port_start) to override the privileged port range.

[TalAloni]

Hi James,
Thanks again for your valuable feedback, you can now use reflection to override the default port:

System.Reflection.FieldInfo directTCPPortFieldInfo = typeof(SMBLibrary.Server.SMBServer).GetField("DirectTCPPort");
directTCPPortFieldInfo.SetValue(null, 8445);