Glue Pipe dependencies
Andrew Bartlett
abartlet at pcug.org.au
Wed Jan 9 23:58:03 GMT 2002
(Ok, lets see if I can get those addresses right this time...)
Andrew Bartlett wrote:
>
> I've been thinking about what things need to be done before the proposed
> 'glue pipes' become a reality. (For the archives: This is the proposed
> mechisim to allow TNG style RPC deamons to work on a Samba HEAD smbd).
>
> I think its a great idea, as it must be a *hell* of a job maintaining
> TNG, and I want it to be as easy as possible for people to do
> interesting things.
>
> The dependencies I can see are as follows:
>
> Boring stuff (ie not done yet, but also pretty simple):
>
> - generic module loading in samba
>
> - allow modules to take over pipes
>
> - supply modules with critical data (part lm hash, session key etc)
>
> I'm looking at making this practical for other reasons, much in the
> way TNG carts around an info3 on the vuid (it won't be an info3, but it
> will have the required info).
>
> - per-pipe module registration.
>
> - glue pipe module
>
> At this point an outside developer should be able to register their
> module/pipe and it should 'just work'.
>
> However, the modules people are interested in are from Samba-TNG, things
> like netlogond, samrd, etc... Here the dependencies begin to bite...
>
> We need a few things in HEAD before most of these modules become any use
> whatsoever:
>
> - tng_netlogond auth module.
>
> This is an authentication module that does the same job as
> 'ask_local_netlogond' does in TNG. Without this, both HEAD and TNG
> would have to use the same smbpasswd file - it would be a mess.
> Possible alternative is to do normal domain_client_validate() over
> TCP/IP but I prefer this.
>
> - plugable password change mechisnm.
>
> If you use Samba-TNG's netlogond, you must also use TNG's samrd (as
> far as I can tell, please correct me otherwise). This certainly means
> that password changes can't occur direct to HEAD's passdb. TNG has a
> mechanism to this, and a similar one (possibly based/modeled/dependent
> on the auth subsystem) needs to be written in HEAD.
>
> - lanman.c stuff. Many of the lanman.c functions depend on data that
> might be locked on the other side of the split.
>
> - and a pile of things I can't think of - TNG is a separate project
> (rather than a minor patch) for a very good reason
>
> I suppose the point is that while it will be fairly sane for new pipes,
> pipes (and functionality) already implemented in HEAD could prove
> difficult to replace. However, I feel its worth it and I'll do what I
> can to allow this to happen.
>
> Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba-technical
mailing list