s3compat system for running s3 components in s4

Thu Apr 29 04:34:49 MDT 2010

On Thu, 2010-04-29 at 08:31 +0200, Volker Lendecke wrote:
> On Thu, Apr 29, 2010 at 10:28:39AM +1000, Andrew Bartlett wrote:
> > If everyone is amenable, I hope to convert the auth subsystem in Samba3
> > to use some of the structures I developed in Samba4 (just simply because
> > I continued to evolve auth/ after I switched my attentions). 
> 
> Can you give me a pointer to the major differences that have
> evolved over time? 

struct auth_usersupplied_info and struct auth_serversupplied_info are
the two that I want to start with. 

The first is mostly a simple re-mapping, and as at the layer of the auth
module, it's treated const, so should not cause to many problems.  I
just want to rename things to match what Samba4 is using as input,
because I think it's a nicer layout. 

The trouble is with the second - the 'server_info' as it is usually
referred is quite different - Samba4 does not use the passdb
abstractions, so I want to evaluate if using that in Samba3 remains the
best choice.  The Samba4 modal also has a distinct 'server_info' and
'session_info' stage, where the local groups only get added in the
second stage.  This may or may not fit well with the Samba3 modal. 

I suspect I'll try and get the inputs compatible, but may need to do
mapping on the output stage. 

> I know many of the calls and structures
> in s3 suck, but in my pretty recent attempts to modify them
> I produced a considerable amount of crashes and memleaks, so
> morphing that code to me at least is a tricky task. 

I'll keep that in mind. 

> In
> particular the non-existing proper talloc hierarchy is a
> major obstacle that needs VERY careful fixing. But that is a
> task completely separate from adding a s4 auth module.

Yeah.  

> > This will, I hope, allow me to develop a Samba3 auth module that will
> > ask Samba4 to complete the authentication.  (Removing the need for a
> > passdb.tdb). 
> 
> A separate auth module to connect to S4 (similar in spirit,
> maybe not the implmentation to the auth_netlogond module) is
> very welcome!

Thanks.  If I can't manage an easy translation between C structures then
I'll go via the NDR info3 format, but I really want to avoid that. 

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20100429/cf6ce1db/attachment.pgp>