Explaining the new SAM

Andrew Bartlett abartlet at samba.org
Thu Oct 3 01:14:01 GMT 2002

Jean Francois Micouleau wrote:

> It's getting clear that you are reinventing something we already have.
> All your SAM api is simply the SAMR server pipe code. Why do you want to
> implement a new api as we already have one ?

I have a history of doing this - and I intend to continue...

It could be argued that the AuthRewrite was just a duplication of the
NETLOGON code.  Indeed, my original plans on that front called for the
use of NETLOGON to perform the operations.

However, I find the idea that the rest of Samba should call MS-defined
SAMR APIs less than appealing.  (As you well know, this is the approach
taken by Samba-TNG).  Instead, I prefer to construct an API that meets
the needs of the various 'users' (be it SAMR, the auth subsystem,
lanman.c etc) without using MS defined wire structures, and to which we
can add a little more flexibility.

For example, the auth subsystem allows the use of 'security=server',
which I could not force through the NETLOGON interface.  Similarly, I
expect that there will be other cases where we will want information
about a user that cannot be easily (or efficiently) extracted from SAMR

Finally, I don't think that smbpasswd etc should have to go so far out
of their way (linking our rpc client and server code) in order to
perform their operations.

I prefer to take one step back, and construct an API that is influenced
by, but not dictated by, the SAMR pipe.

Andrew Bartlett

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net

More information about the samba-technical mailing list