[Review Request] libwbclient-sssd

Sumit Bose sbose at redhat.com
Tue Jun 24 03:27:55 MDT 2014

On Thu, Jun 19, 2014 at 02:01:07PM +0200, Volker Lendecke wrote:
> On Thu, Jun 19, 2014 at 01:39:47PM +0200, Sumit Bose wrote:
> > I think this would work for the pure NSS use case because here the
> > interface is synchronous. And iirc we already agreed that this is a good
> > idea and we already have a ticket for SSSD to release the related
> > components separately https://fedorahosted.org/sssd/ticket/2240.
> Has any work been started on that? If not, maybe it would be time as part

yes and no, whenever I touch code related to coding and decoding the
requests from the PAM and NSS clients I check them for SSSD specific
parts and refactor them if needed. But I haven't started to really
extract the code from the SSSD tree.

> of this rush to implement the protocol in winbind from scratch? At least
> the non-mmap piece looks not too complicated. If sssd has no resources
> to spend, maybe someone could re-implement this in Samba proper.

My plan is to put all coding and decoding in a library so that the wire
protocol becomes opaque to the caller. I think this is easier and more
reliable in the long run than reimplementing it.

> > But for the more important and more demanding samba use case an
> > asynchronous interface would be the better choice.  This includes the
> > idmapping calls but others like e.g. informations about trusted domains
> > (which can be provider by SSSD as well, but I haven't implemented the
> > related calls in this version of libwinbind_sssd because SSSD will make
> > this data available via a different provider than the NSS provider).
> What protocol do you have in mind? Samba already implements
> an abundance of RPC-style protocols that are capable of
> async requests, maybe we can ride on one of those? The sssd

Yes, I'm sure there is a suitable one, but I'm sure as well that you and
the other members of the samba team have a much better understanding which
of them is the best here to replace the current winbind API.

> protocol header seems to have some reserved fields. Use one
> of those as a request id field?

Iirc there is only one left, nevertheless since the POSIX NSS calls are
synchronous there is not much need to make the client async here. But it
has to be thread safe because that's what people are using to get around
the POSIX NSS limitations here.

FYI for more complex queries the next SSSD release will have a new
provider called InfoPipe which uses the D-Bus protocol. But I guess this
is SSSD specific and will not have much overlaps with samba or winbind
with respect to the protocol.

> Volker
> -- 
> SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
> phone: +49-551-370000-0, fax: +49-551-370000-9
> AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
> http://www.sernet.de, mailto:kontakt at sernet.de

More information about the samba-technical mailing list