inspired by the web server in Samba 4

Andrew Tridgell tridge at
Wed Jun 8 02:03:45 GMT 2005


 > > Finally, I think it would be quite tricky to get the same ease of use
 > > features in a apache+python+smbd setup. The current web server
 > > auto-detects https versus http on the same port, auto-creates TLS
 > > certificates, and works with no config file at all and no sam database
 > > at all.
 > Frankly for security reasons this really scares me.

Can you be more specific? Remember that the alternative is that a
large proportion of our users don't install SSL certificates at all
and end up sending their admin passwords in clear text to the web

For those who know about setting up SSL certificates properly Samba4
supports installing them very easily. For those who don't (the
majority of our users I would guess), at least they have some
encryption by default if they have gnutls at compile time.

 > Why do you expect having to modify mod_python?

we need some way to get at internal data structures in Samba4 from the
web interface. There are two common methods of doing this:

1) call out to command line tools and parse the output. This quickly
   gets messy, and tends to handle errors very badly. It also tends to
   be quite hard to extend with new types of information in the web
   server. It is certainly possible though.

2) link some of the C code in Samba into whatever html generation
   system is being used (python, ejs, C or whatever). That is what I
   am proposing to do.

In Samba3 we have a web server written in C, with C for the html
generation and linked to internal Samba routines (also in C). This web
server can either run from inetd or as a CGI program from a separate
daemon such as apache. We support no persistent state, and essentially
work at the 'raw html' level.

The difference I am proposing (and have implemented already) in Samba4
is that we allow for the html generation and page construction logic
to be in a scripting language, with support for things like session
based persistent state. That is a huge advance over what we did in

Cheers, Tridge

More information about the samba-technical mailing list