dynamically loadable named pipe providers

Luke Howard lukeh at PADL.COM
Thu Dec 12 11:58:01 GMT 2002

>This way you would have a lot less GPL problems :-)

Well, we're not doing it to get around the GPL per se; we just want
to use use SMB as one of many transports for RPC. As it happens, most
of the requests serviced by our RPC server come in over TCP/IP (that's
ncacn_ip_tcp for the DCE geeks).

>If I remember correctly our idea had been a bit different. The idea
>was to load dynamic objects into the main smbd. All dynamic objects
>would reside in a special directory. A pipe is to be opened, smbd
>looks into a table of already loaded objects. If it's not loaded a
>libpipe_lsass.so (or so) is looked for and loaded on demand. This way
>the security issues look a lot simpler.

This sounds similar to the IBM patch Anthony mentioned, except they
may not have interfaced at the exact same place. We use filesystem
permissions to deal with the "security issues"; SAMBA, LDAP, the KDC,
our RPC server all form part of the TCB.

-- Luke

Luke Howard | PADL Software Pty Ltd | www.padl.com

More information about the samba-technical mailing list