Handles in the new SAM

Andrew Bartlett abartlet at samba.org
Wed Oct 2 02:15:00 GMT 2002 

Some more PR effort...

Standalone from UNIX
====================

One of the primary tenants of the 'new SAM' is that it would not attempt
to deal with 'what unix id for that'.  This would be left to the 'SMS'
(Sid Mapping System') or SID farm, and probably administered via
winbind.  We have had constructive discussion on how 'basic' unix
accounts like 'root' would be handled, and we think this can work.  
Accounts not preexisting in unix would be served up via winbind.

This is an *optional* part, and my preferred end-game.  We have a fare
way to go before things like winbind up to it however.

Handles and Races in the new SAM
================================

One of the things that the 'new SAM' work has tried to face is both
compatibility with existing code, and a closer alignment to the SAMR
interface.  I consider SAMR to be a 'primary customer' to the this work,
because if we get alignment with that wrong, things get more, rather
than less complex.  Also, most other parts of Samba are much more
flexible with what they can allow.

In any case, that was a decision taken as to how the general design
would progress.  BTW, my understanding of SAMR may be completely flawed.

One of the most race-prone areas of the new code is the conflicting
update problem.  We have taken two approaches:  

 - 'Not conflicting' conflicts.  Due to the way usrmgr operates, it will
open a user, display all the properties and *save* them all, even if you
don't change any.
   For this, see what I've done in rpc_server/srv_samr_util.c.  I intend
to take this one step further, and operate on the 'handle' that the
values were read from.  This should mean that we only update things that
have *really* changed.

 - 'conflicting' updates:  Currently we don't deal with this (in passdb
or the new sam stuff), but the design is sufficiently flexible to 'deny'
a second update.  I don't foresee locking records however.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net

More information about the samba-technical mailing list