outsourcing DCE/RPC to alternate programs - runtime config option

Luke Kenneth Casson Leighton lkcl at lkcl.net
Tue Dec 7 23:38:40 GMT 2004


dear samba team,

please could you add an option to allow "outsourcing" of dce/rpc
traffic into samba 3 and samba 4?

this is called a compromise design decision.

for example code not written by me that is in production use, you may
examine luke howard's work at:

	http://lists.samba.org/archive/samba-technical/2002-October/024614.html

an ideal solution would be to have an smb.conf option that specifies
a list of pipe names and their .so libraries in which the four
functions (or one function which returns a pointer to a table of four
functions) make_pipe, read_from, write_to and close_pipe.

this is a trivial programming exercise that can easily be written by
any competent programmer, and the benefits to the samba community are
numerous:

1) should the samba team so choose, there exists, in combination with
andrew bartlett's authentication-outsourcing system, the POSSIBILITY to
go a little further and add into samba3 the means to accept a
root-only-accessible "input" side into smbd (v3) to "input" dce/rpc
data.

with an "outsourcing" side in samba 4 on the DCE/RPC side, the benefits
are that smbd (v4) can "outsource" all its DCE/RPC traffic into a smbd
(v3) server.

clearly, this will help to reduce development time, help backwards
compatibility testing, and it will also clearly help people to make a
piece-by-piece transition (developers _and_ self-inflicting early-victim
users)

2) samba tng can consider dropping smbd from its codebase, on the basis
that users can be advised to install a plugin that smbd will load up on
all pipes

3) people wishing to develop projects such as exchange for unix
can do so without having no choice but to pick Samba TNG as the
basis because it is possible to write your own SMALL stand-alone
program rather than get to grips with 350,000 lines of code.

4) people wishing to install XAD software can do so without having to
download a patched (and possibly not up-to-date) version of samba from
the XAD site, instead they will be able to use the latest version or
a version of their own choosing.

l.

-- 
--
<a href="http://lkcl.net">http://lkcl.net</a>
--


More information about the samba-technical mailing list