msrpc daemon / pid.vuid

Luke Kenneth Casson Leighton lkcl at samba.org
Fri Feb 4 18:55:59 GMT 2000 

On Fri, 4 Feb 2000, Nicolas Williams wrote:

> On Sat, Feb 05, 2000 at 05:35:52AM +1100, Luke Kenneth Casson Leighton wrote:
> > > Luke, can you make sure that smbd communicates with the MSRPC daemons in
> > > SAMBA_TNG in a way that allows the running of more than one set of
> > > daemons per host, with each set being conceptually separate as I showed
> > > above?
> > 
> > actually, i have to do that.  i am going to have to associate _one_ msrpc
> > daemon per _separate_ smb virtual user id (vuid).
> 
> Why? I don't get it. And I read your posts today and yesterday.
> 
> Why can't you pass the PID/vuid along with the DCE/RPC NDR packets to
> the msrpc daemons??

because dce/rpc pdr packets have nothing to do with PID.vuid, there's no
space for it.

you mean, in the _setup_ phase, pass over the PID.vuid?  yes, i will have
to do that.

_except_.... except, the current usage of the client-side MSRPC code only
has the server  name in it, as per DCE/RPC specifications.  remember "the
cached credentials conflict with existing credentials?"  this is to that a
DCE/RPC call with a server name (\\. or \\ip.add.re.ss or \\NETBIOSNAME)
can resolve ONE and ONLY one set of cached credentials.

there's no means in DCE/RPC to do this:

LsaOpenPolicy("lkcl@\\SERVERNAME, &policy_hnd).

and there's _definitely_ n omeans to do this:

lps_open_policy("PID.vuid@\\SERVERNAME, &policy_hnd);

so the contexst "used" to be just \\servername and _implicitly_ it used to
be smbd PID by forking() smbd.

now i have to either fork() on a vuid (no way!) OR... maintain INDEPENDENT
sets of msrpc connections on a per-vuid basis.

or, we go back to the proginal architecture in 2_0 / 3.0: call msrpc
functions _inside_ smbd, directly.  i don't want to do this, i like the
msrpcd independence.
 
> What I had in mind is that the directory containing the Unix sockets (or
> whatever it is you use for IPC) be configurable.
>
it's a single entry point.

> Of course, if each smbd forks its own msrpc daemons then there's no
> issue as far as HA goes.

yep.

More information about the samba-technical mailing list