upcoming changes

Andrew Tridgell tridge at osdl.org
Tue Jan 11 05:37:31 GMT 2005

Just following up on these changes, both the ldb conversion to talloc
and the addition of multiple context_ids in rpc client and server code
are now finished and seem to be working well. A nice side effect of
the rpc changes is that we now support SPNEGO auth in both client and
server side RPC, due to the good design of the gensec security layer
that Andrew Bartlett has done for Samba4. This was one of the
necessary pieces for full ADS replication support, so its nice to get
that out of the way with such little pain.

Next up for me is two things:

 - the addition of NT ACLs in samdb, so that our RPC interfaces are
   finally protected against operations by unprivileged users (right
   now in Samba4 any user can delete any other user). 

 - the addition of support for "composite" async functions in the
   libcli and rpc client libraries, to make a non-threaded winbindd
   easy to write, while being efficient and easy to maintain.

The second part deserves some explanation I think. At the moment we
have async variants of nearly all our SMB client library calls, and we
have async variants of all of the auto-generated RPC functions, but
what we don't have available as async calls are:

  - the initial socket_connect() calls
  - the negprot, session setup and tconx calls
  - the smbsearch calls
  - the rpc bind and alter_context calls

Fixing this will be in in two parts. The first part is to add async
variants of each of these calls, hooked into our generic events code
just like all the other calls that are already async. The second part
will be to build some infrastructure to allow the easy combination of
multiple async calls into a single "composite" call, that behaves to
the caller just like a single async call, but internally manages the
state machine to make multiple remote calls, handle errors etc, while
hiding all those details from the caller.

Once we have this composite call infrastructure I think it will be
pretty easy to write winbindd as a Samba4 service, without having to
resort to co-routines or threads. We will just create a few composite
calls for things like rpc group lookups.

I don't yet know exactly how I am going to structure the composite
call system, I'll experiment with a few different ways and see which
provides the best approach. Expect to see some code for this in the
next few days to a week. Once some of it is done I would appreciate
some feedback on the approach.

Also, in case anyone hasn't noticed my new email address, I now work
for OSDL, who are employing me to work full time on Samba4 for a
while. IBM research was extremely kind in allowing me to spend as much
time as I did on Samba4, but I am hoping the move to OSDL will allow
me to concentrate harder on getting Samba4 finished without some of
the distractions that working for a big company inevitably brings.

Cheers, Tridge

More information about the samba-technical mailing list