dynamically loadable named pipe providers

Luke Howard lukeh at PADL.COM
Thu Dec 12 13:25:02 GMT 2002


>> Well, we're not doing it to get around the GPL per se; we just want
>> to use use SMB as one of many transports for RPC. As it happens, most
>> of the requests serviced by our RPC server come in over TCP/IP (that's
>> ncacn_ip_tcp for the DCE geeks).
>
>I've recently tried to force Outlook 2000 to fall back to SMB. It worked :-)

Yes, I've heard that this is the case. The point I was trying to make
for the sake of argument is that one can treat SMB as transport as one
would TCP/IP.

>> This sounds similar to the IBM patch Anthony mentioned, except they
>> may not have interfaced at the exact same place. We use filesystem
>> permissions to deal with the "security issues"; SAMBA, LDAP, the KDC,
>> our RPC server all form part of the TCB.
>
>Ah, your pipe daemons don't listen on TCP, only on unix domain sockets?

The RPC server listens on ncacn_ip_tcp, ncacn_ip_udp, ncalrpc and
ncacn_np endpoints. The latter is a special case, in that (in our
implementation, obviously having no kernel support for NT named pipes)
the RPC runtime accepts a preamble before the first RPC PDU, which 
contains a delegated security context.

While we have implemetned "named pipes" on top of UNIX domain sockets,
it is important to note that they are logically distinct from raw
DCE RPC over domain sockets (ncalrpc).

Non-named pipe clients must make a DCE RPC BIND or ALTER_CONTEXT in order
to authenticate themselves to the RPC server. 

cheers,

-- Luke

--
Luke Howard | PADL Software Pty Ltd | www.padl.com



More information about the samba-technical mailing list