s3compat system for running s3 components in s4
abartlet at samba.org
Thu Apr 29 04:34:49 MDT 2010
On Thu, 2010-04-29 at 08:31 +0200, Volker Lendecke wrote:
> On Thu, Apr 29, 2010 at 10:28:39AM +1000, Andrew Bartlett wrote:
> > If everyone is amenable, I hope to convert the auth subsystem in Samba3
> > to use some of the structures I developed in Samba4 (just simply because
> > I continued to evolve auth/ after I switched my attentions).
> Can you give me a pointer to the major differences that have
> evolved over time?
struct auth_usersupplied_info and struct auth_serversupplied_info are
the two that I want to start with.
The first is mostly a simple re-mapping, and as at the layer of the auth
module, it's treated const, so should not cause to many problems. I
just want to rename things to match what Samba4 is using as input,
because I think it's a nicer layout.
The trouble is with the second - the 'server_info' as it is usually
referred is quite different - Samba4 does not use the passdb
abstractions, so I want to evaluate if using that in Samba3 remains the
best choice. The Samba4 modal also has a distinct 'server_info' and
'session_info' stage, where the local groups only get added in the
second stage. This may or may not fit well with the Samba3 modal.
I suspect I'll try and get the inputs compatible, but may need to do
mapping on the output stage.
> I know many of the calls and structures
> in s3 suck, but in my pretty recent attempts to modify them
> I produced a considerable amount of crashes and memleaks, so
> morphing that code to me at least is a tricky task.
I'll keep that in mind.
> particular the non-existing proper talloc hierarchy is a
> major obstacle that needs VERY careful fixing. But that is a
> task completely separate from adding a s4 auth module.
> > This will, I hope, allow me to develop a Samba3 auth module that will
> > ask Samba4 to complete the authentication. (Removing the need for a
> > passdb.tdb).
> A separate auth module to connect to S4 (similar in spirit,
> maybe not the implmentation to the auth_netlogond module) is
> very welcome!
Thanks. If I can't manage an easy translation between C structures then
I'll go via the NDR info3 format, but I really want to avoid that.
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 190 bytes
Desc: This is a digitally signed message part
More information about the samba-technical