[PATCHES] Rationalizing and unifing Schannel

Andrew Bartlett abartlet at samba.org
Tue Feb 23 05:20:29 MST 2010

On Tue, 2010-02-23 at 11:11 +0100, Stefan (metze) Metzmacher wrote:
> Andrew Bartlett schrieb:
> > On Mon, 2010-02-22 at 10:53 -0500, simo wrote:
> >> I have been working on a patchset to enhance the schannel interface and
> >> also to make it possible to share this code between S3 and S4 again.
> >>
> >> The first 6 patches shouldn't be controversial.
> >> The last 2 patches remove the use of ldb and goes back to use a tdb for
> >> samba4, the comment on patch 7 explains the rationale.
> >>
> >> Unless there are objections I will push this patches during the week.
> > 
> > Except for the comments on ldb performance, which I think don't really
> > apply here (unlike sam.ldb, schannel.ldb does not load modules, and does
> > not have a very high connect rate anyway), this seems like a very
> > reasonable approach.  In particular, it's important to unify subsystems
> > like this, and the temporary nature of this DB lends itself to NDR'ed
> > structures and a single key lookup.  It's nice to be able to see the
> > details of a running server with a simple ldbsearch, but it does not
> > seem to be needed often. 
> As far as I remember the tdb code was even more verbose, by
> NDR_PRINT_DEBUG() at each step in the log files.
> I could also think about using TDB_CLEAR_IF_FIRST, it's just a runtime
> cache. We don't need a tdb_transaction for each credential step.

True.  We should just ensure it's locked over the step, so another
process on the same netbios name (not possible in Samba4 any more, with
the single RPC server) can't race with us in updating the credential

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20100223/7d425a3e/attachment.pgp>

More information about the samba-technical mailing list