dynamically loadable named pipe providers
Luke Howard
lukeh at PADL.COM
Wed Dec 11 22:43:00 GMT 2002
>Are you looking for loadable named pipe support or just loadable RPC
>support? We have a patch for the later but the former would be a
>slightly different implementation.
We would just like to dynamically hook in our "funnel" which replaces
the make_internal_rpc_pipe_p() and pipe I/O functions. We have our
own implementations of the RPC services on \PIPE\lsass but would
like to defer to SAMBA for printing, registry, and other RPC services.
Presently the code looks roughly like:
if (strequal(pipe_name, PIPE "lsass")) {
p->np_state = ncalrpc_make_funnel(pipe_name, conn, vuid);
...
} else {
p->np_state = namedpipe_create(pipe_name, conn, vuid);
...
}
Our (revised) funnel now works fairly closely to the TNG model, in
which a domain socket is opened to the RPC server and the security
context is passed as a preamble to the first RPC PDU. (Of course,
our security context token probably doesn't look the same as the
TNG one.)
We made some extensions to FreeDCE runtime to intercept this security
context token and "inject" it into the DCE authentication subsystem.
So, from a RPC server perspective, a named pipe client looks exactly
the same as a client that has authenticated using NTLMSSP, SPNEGO or
Kerberos.
Code is at http://www.padl.com/~lukeh/XAD/dce_funnel.tar.gz.
cheers,
-- Luke
--
Luke Howard | PADL Software Pty Ltd | www.padl.com
More information about the samba-technical
mailing list