git.ipfire.org Git - thirdparty/samba.git/commit

author	John Mulligan <jmulligan@redhat.com>
	Thu, 5 Jun 2025 20:47:10 +0000 (16:47 -0400)
committer	Anoop C S <anoopcs@samba.org>
	Tue, 20 Jan 2026 05:49:35 +0000 (05:49 +0000)
commit	665ab9fd609e08b59e3062bc83f7d016a9d0b40b
tree	ada92e1b5bdd2d426694dd3308f1b952b46ddba5	tree \| snapshot
parent	27a77e908d9c12698b42d1b17478d76feefa9f8e	commit \| diff

vfs: add files to access the varlink keybridge API

Add a pair of helper files that will allow vfs modules to make use of
the keybridge - a varlink API and server that is defined by the sambacc
project. The keybridge server exists to act as a proxy between smbd and
various possible "secrets management" backends. Currently, the sambacc
keybridge server implements a "mem" backend, for testing only, and a
KMIP backend.

Using a local RPC protocol, like varlink + keybridge allows the smbd
side to be very simple and only know how to talk the keybridge API,
versus having to teach it about various other APIs that may need to
make use of things like mTLS.

Furthermore, samba already has an (currently optional) dependency on
libvarlink so adding another use of varlink seems like a fairly
minimal change to samba's set of dependencies. This feature will
not be built on if libvarlink is not enabled. The plan is to add this
to vfs_ceph_new in a future patch.

Signed-off-by: John Mulligan <jmulligan@redhat.com>
Reviewed-by: Gunther Deschner <gd@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

source3/modules/varlink_keybridge.c	[new file with mode: 0644]	blob
source3/modules/varlink_keybridge.h	[new file with mode: 0644]	blob