On Sun, Dec 12, 2004 at 05:06:37PM +0100, Jelmer Vernooij wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Luke Kenneth Casson Leighton wrote:
> | On Sun, Dec 12, 2004 at 12:16:13PM +0000, Luke Kenneth Casson Leighton
> wrote:
> |>>| i assume the samba 4 ncalrpc implementation is
> root-only-accessible, yes?
> |>>Yes, at the moment.
> |>>
> |>>| or, did you find a solution to opening /var/ncalrpc/ local transports
> |>>| as ordinary users?
> |>>We haven't looked at that yet though we will need to in the future -
> |>>I've been working on some GUI utilities that need to talk to the local
> |>>smbd somehow - ncalrpc would fit in perfectly here.
> | summary: no it wouldn't, because ncalrpc solves a different problem.
> |
> |


> ...but a ncacn_ux or ncacn_shmem _would_ fit the scenario you envisage.


ah no it wouldn't - not entirely.

the key difference between ncacn_ux and samba tng's ncalrpc is the
ability, like ncacn_np, to inherit the callee's security context.

ncacn_ux cannot do that: it starts off as an unauthenticated transport,
and you have to _perform_ authentication over it.

that takes CPU cycles, in the case of NT authentication it takes dozens
of round-trip communications waking up four or five separate services.

... you just can't afford to let that happen all the time,
just because you're contacting another service - you could
potentially end up with disastrous recursive authentication
behaviour (and before i added sec-ctx inheritance to tng's
ncalrpc, i _did_ once get a massive number of samrd, netlogond
and lsad processes until the box fell over

hence the optimisation in samba tng's ncalrpc implementation: once you
have a security context, pass it around, in the knowledge that you are
passing it between services that are running _as_ root, over a
transport that is root-only-accessible.

saves an awful lot of time.

l.