[OpenAFS] Re: retaining AFS-specific nameless group IDs (PAG) in `id' and `groups'
Chas Williams (CONTRACTOR)
chas@cmf.nrl.navy.mil
Fri, 25 Apr 2008 10:08:09 -0400
In message <871w4waj0o.fsf@rho.meyering.net>,Jim Meyering writes:
>Maybe you can help (this may save you trouble in terms of
>avoided regressions later ;-):
>
> - how can I detect (in Perl or Bourne shell) whether the
> current system is AFS-enabled?
there is currently no single method. at one point, afs patched the
syscall table to present the necessary ioctl but now it creates a
a special /proc entry, /proc/fs/openafs/afs_ioctl, when the syscall
table cant be patched.
> - is there always exactly one PAG?
currently, a process can only belong to a single PAG.
and ealier someone asked (perhaps Didi <ribalba@gmail.com>):
> If someone can provide code to determine efficiently
> whether a nameless GID is a PAG then we can probably
> make everyone happy. If that happens, I'll need to
> know if there's a standard or accepted mapping from
> GID to PAG group name. Pointers to unencumbered code
> would be welcome.
with the keyring code, PAG's are no longer exposed to the user
as a number. however, in the older group based PAG support, the
PAG id is encoded as:
('A' << 24) + (pagCounter++ & 0xffffff));
but this is split across two groups, given that most gids are
still 16 bits in most places. the relevant code here is:
g0 -= 0x3f00;
g1 -= 0x3f00;
if (g0 < 0xc000 && g1 < 0xc000) {
l = ((g0 & 0x3fff) << 14) | (g1 & 0x3fff);
h = (g0 >> 14);
h = (g1 >> 14) + h + h + h;
ret = ((h << 28) | l);
if (((ret >> 24) & 0xff) == 'A')
return ret;
}
return NOPAG;
so a pag group will be atleast > 0x3f00 and after you get the value for
ret, you should verify that the upper 8 bits are an 'A'. g0 and g1
should always be 'next' to each other in the group list.