This is a discussion on Re: outsourcing DCE/RPC to alternate programs - - Samba ; On Sun, Dec 12, 2004 at 05:06:37PM +0100, Jelmer Vernooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Luke Kenneth Casson Leighton wrote: > | On Sun, Dec 12, 2004 at 12:16:13PM +0000, Luke Kenneth Casson Leighton ...
On Sun, Dec 12, 2004 at 05:06:37PM +0100, Jelmer Vernooij wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Luke Kenneth Casson Leighton wrote:
> | On Sun, Dec 12, 2004 at 12:16:13PM +0000, Luke Kenneth Casson Leighton
> |>>| i assume the samba 4 ncalrpc implementation is
> root-only-accessible, yes?
> |>>Yes, at the moment.
> |>>| or, did you find a solution to opening /var/ncalrpc/ local transports
> |>>| as ordinary users?
> |>>We haven't looked at that yet though we will need to in the future -
> |>>I've been working on some GUI utilities that need to talk to the local
> |>>smbd somehow - ncalrpc would fit in perfectly here.
> | summary: no it wouldn't, because ncalrpc solves a different problem.
> ...but a ncacn_ux or ncacn_shmem _would_ fit the scenario you envisage.
ah no it wouldn't - not entirely.
the key difference between ncacn_ux and samba tng's ncalrpc is the
ability, like ncacn_np, to inherit the callee's security context.
ncacn_ux cannot do that: it starts off as an unauthenticated transport,
and you have to _perform_ authentication over it.
that takes CPU cycles, in the case of NT authentication it takes dozens
of round-trip communications waking up four or five separate services.
... you just can't afford to let that happen all the time,
just because you're contacting another service - you could
potentially end up with disastrous recursive authentication
behaviour (and before i added sec-ctx inheritance to tng's
ncalrpc, i _did_ once get a massive number of samrd, netlogond
and lsad processes until the box fell over
hence the optimisation in samba tng's ncalrpc implementation: once you
have a security context, pass it around, in the knowledge that you are
passing it between services that are running _as_ root, over a
transport that is root-only-accessible.
saves an awful lot of time.