[OpenAFS-devel] keyring/pag support for linux

Jeffrey Hutzelman jhutz@cmu.edu
Mon, 17 Jul 2006 17:05:42 -0400 

On Sunday, July 16, 2006 12:23:23 PM -0400 chas williams 
<chas@cmf.nrl.navy.mil> wrote:

> below is a sample implementation of keyring/pag support for linux kernels.
> i had access to some previous code (thanks derrick) but some of the
> kernel interfaces used in keyring have changed since that code compiled.
> this led me down a slightly different path.
>
> it seems like a bad idea to duplicate some of the work the kernel
> already does (like installing a new session keyring), but we cant get
> access to these routines from a kernel module.  so, the only part that
> is done in the kernel is searching the keyring for an appropriate key.
> this key holds the pag and gets inserted from userspace during setpag().
> PagInCred only looks for this key when the current process doesnt have
> a pag, and reinserts the necessary groups.  this isnt strictly necessary
> but it changes the current behavior the least.
>
> pagsh uses the keyctl() to create a new anonymous session keyring before
> spawning the shell.  its not clear if this should be done in setpag().
> it would atleast need to be done in whatever login you use (login.krb5
> in my case).
>
> the drawback to this, is that you need the keyutils library (and any
> program using setpag() will need to link with the keyutils as well).

This is fine as a proof-of-concept, but for something real the existing 
setpag() and pioctl() system calls need to continue to work.  There are 
things that use these interfaces other than our own library, and IMHO it is 
not at all reasonable to break those, or require them to know about a bunch 
of Linux-specific interfaces (the /proc thing is bad enough already).

If I recall correctly, the interfaces you need that aren't exported are the 
same ones we've been waiting on for over a year at this point.  The keyring 
folks promised Derrick they'd export the required interfaces, but 
apparently never got around to actually doing so. :-(


I haven't looked at what you did in detail, but it sounds like part of 
setpag() in your model is setting a key from usermode which contains the 
PAG ID.  I'm not sure where you get the ID or what restrictions are 
enforced, but obviously a user process must not be able to set any 
arbitrary PAG ID it wants.

-- Jeff