Re: In-kernel Authentication Tokens (PAGs)

From: Kyle Moffett
Date: Sat Jun 12 2004 - 07:55:11 EST

Next message: stian: "Re: timer + fpu stuff locks my console race"
Previous message: Manuel Arostegui Ramirez: "Re: new kernel bug"
In reply to: Andy Lutomirski: "Re: In-kernel Authentication Tokens (PAGs)"
Next in thread: Andy Lutomirski: "Re: In-kernel Authentication Tokens (PAGs)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Jun 12, 2004, at 01:34, Andy Lutomirski wrote:

Right. But I think it would be desirable to do other things -- for example, a program might want to forward one token over to a daemon to do some work. It doesn't make much sense here to have a hierarchial structure.

So you disagree with the hierarchical structure because you believe that there are other things that are more important that conflict with it. I see no reason why both cannot be accommodated. For me, I would really desire a hierarchical structure because it would make it very simple to have a token set for the entire session and one for each instance (shell), and ones for subshells where convenient.

You want to sent a token to some daemon over a UNIX socket? Just copy the token data and write it out to the socket, the same as if you had some external token store (Like in MIT Kerberos) and wanted to send the token to somewhere without the environment variables. This system would allow several existing token cache mechanisms to be converted to this alternative store without much work at all.

Perhaps the syscalls should be changed to allow better protection against race conditions when two processes are using token groups.

sys_tokgrp_open
Returns a tokgrp_handle associated with a token group id. Implies that the tokgrp will not go away until this handle is closed

sys_tokgrp_pid_open
Returns a tokgrp_handle associated with the token group currently controlled by a given PID.

sys_tokgrp_close
Releases a tokgrp_handle

sys_tokgrp_get{parent,uid,token}
sys_tokgrp_set{parent,uid,token}
These operate the same as earlier, except on tokgrp_handles instead of tokgrp IDs.

Then perhaps we could arrange for a tokgrp_handle to be a special kind of filehandle, and perhaps the set* and get* functions could be IOCTLs or something. That would allow a tokgrp_handle to be passed around between processes, although a suitably privileged process could just run sys_tokgrp_pid_open on the PID of the other process. That way also close-on-exec and such work as expected.

BTW, does AFS even have this hierarchy, or does pagsh just create a copy? I can't find any manpage for it...

AFS in 2.4 has these magic high-numbered groups that it dynamically allocates. The way a new set of tokens is created is by changing magic groups to a new set. That whole system is just a massive hack and I'd rather it stop at 2.4 I don't know about 2.6, I think they might be ready for a beta, but I don't know how their auth tokens work.

Cheers,
Kyle Moffett

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: stian: "Re: timer + fpu stuff locks my console race"
Previous message: Manuel Arostegui Ramirez: "Re: new kernel bug"
In reply to: Andy Lutomirski: "Re: In-kernel Authentication Tokens (PAGs)"
Next in thread: Andy Lutomirski: "Re: In-kernel Authentication Tokens (PAGs)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]