[OpenAFS-devel] PAGs/tokens/threads
Alberto Mancini
mancini@math.unifi.it
Fri, 21 Aug 2009 14:07:41 +0200 (CEST)
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
---644446174-1158989190-1250856461=:4787
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Hi,
I think I'm almost there with a (preliminary but working in my test
machine) setag function.
It is mostly a copy of setpag code with an added parameter specifying the
keyring type (diff of src/afs/LINUX/osi_groups.c is attached) and
a few lines to store thread/process/session keyrings.
setag, to work consistently, requires the LINUX_KEYRING_SUPPORT code in
PagInCred to be moved at the beginning of PagInCred as suggested
in a previous post.
My concerns are:
1. as in previous code any preexistent keyring is replaced,
is this acceptable ?
2. is frustrating not to have exported necessary functions from
the kerel, a previous thread in this list concluded, as I
undestand, that there is no option, still true ?
3. the name of the installed keyring is ``_afs.``
nobody seems to care about the name as i know,
but the kernel code use different names for different
keryring types ... opinions ?
4. what about other architectures ?
To test the function i'm still using a syscall but i'd like to try a
new pioctl; any advice ? Really the code is not so easy so any help
would be good (e.g. where to start !)
Thank you,
Alberto.
On Fri, 7 Aug 2009, Chas Williams (CONTRACTOR) wrote:
> In message <db6e3f110908070721m27328eb9y53877daa0942f9e3@mail.gmail.com>,Derric
> k Brashear writes:
>>> What we are discussing is not a PAG but a Thread Authentication
>>> Credential which when set overrides the process credential as obtained
>>> from the PAG or uid.
>>
>> It's not necessarily a single credential; it could also be a group.
>
> i was thinking that it should be something like set_ag(.., CONTEXT,
> ...) where context is thread, session (process) or whatever. some
> operating systems will not (or currently do not) support thread context,
> so you would fall back to the next highest context, like process or session.
> anyway, i was just mention that we atleast need to drop the p since it
> isnt a process group anymore. ag feels stupid though.
>
> _______________________________________________
> OpenAFS-devel mailing list
> OpenAFS-devel@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-devel
>
---644446174-1158989190-1250856461=:4787
Content-Type: TEXT/PLAIN; charset=US-ASCII; name=diff
Content-Transfer-Encoding: BASE64
Content-ID: <Pine.LNX.4.64.0908211407410.4787@ossigeno.math.unifi.it>
Content-Description:
Content-Disposition: attachment; filename=diff
ZGlmZiAtLWdpdCBhL3NyYy9hZnMvTElOVVgvb3NpX2dyb3Vwcy5jIGIvc3Jj
L2Fmcy9MSU5VWC9vc2lfZ3JvdXBzLmMNCmluZGV4IGJmOWY4YTAuLjBhN2Fi
YzQgMTAwNjQ0DQotLS0gYS9zcmMvYWZzL0xJTlVYL29zaV9ncm91cHMuYw0K
KysrIGIvc3JjL2Fmcy9MSU5VWC9vc2lfZ3JvdXBzLmMNCkBAIC0xMSw2ICsx
MSw3IEBADQogICogSW1wbGVtZW50czoNCiAgKiBzZXRncm91cHMgKHN5c2Nh
bGwpDQogICogc2V0cGFnDQorICogc2V0YWcNCiAgKg0KICAqLw0KICNpbmNs
dWRlIDxhZnNjb25maWcuaD4NCkBAIC0yODYsNiArMjg3LDExMiBAQCBpbnN0
YWxsX3Nlc3Npb25fa2V5cmluZyhzdHJ1Y3Qga2V5ICprZXlyaW5nKQ0KIG91
dDoNCiAgICAgcmV0dXJuIGNvZGU7DQogfQ0KKw0KKw0KKw0KK3N0cnVjdCBr
ZXkgKnByZXBhcmVfa2V5cmluZyhpbnQgKnJldF9jb2RlKQ0KK3sNCisNCisg
IGNoYXIgZGVzY1syMF07DQorICB1bnNpZ25lZCBsb25nIG5vdF9pbl9xdW90
YTsNCisNCisgIGludCBjb2RlID0gLUVJTlZBTDsNCisgIHN0cnVjdCBrZXkg
KmtleXJpbmcgPSBOVUxMOw0KKyAgDQorICBpZiAoIV9fa2V5X3R5cGVfa2V5
cmluZykNCisgICAgZ290byBvdXQ7DQorICANCisNCisgIC8qIGNyZWF0ZSBh
biBlbXB0eSBrZXlyaW5nICovDQorICBub3RfaW5fcXVvdGEgPSBLRVlfQUxM
T0NfSU5fUVVPVEE7DQorDQorICAvKiB0byByZW1lbWJlciB0aGlzIGlzIGFu
IGFmc19rZXlyaW5nIDopICovDQorICBzcHJpbnRmKGRlc2MsICJfYWZzLiV1
IiwgY3VycmVudC0+dGdpZCk7DQorICANCisjaWYgZGVmaW5lZChLRVlfQUxM
T0NfTkVFRFNfU1RSVUNUX1RBU0spDQorICBrZXlyaW5nID0ga2V5X2FsbG9j
KF9fa2V5X3R5cGVfa2V5cmluZywgZGVzYywNCisJCSAgICAgIGN1cnJlbnRf
dWlkKCksIGN1cnJlbnRfZ2lkKCksIGN1cnJlbnQsDQorCQkgICAgICAoS0VZ
X1BPU19BTEwgJiB+S0VZX1BPU19TRVRBVFRSKSB8IEtFWV9VU1JfQUxMLA0K
KwkJICAgICAgbm90X2luX3F1b3RhKTsNCisjZWxpZiBkZWZpbmVkKEtFWV9B
TExPQ19ORUVEU19DUkVEKQ0KKyAga2V5cmluZyA9IGtleV9hbGxvYyhfX2tl
eV90eXBlX2tleXJpbmcsIGRlc2MsDQorCQkgICAgICBjdXJyZW50X3VpZCgp
LCBjdXJyZW50X2dpZCgpLCBjdXJyZW50X2NyZWQoKSwNCisJCSAgICAgIChL
RVlfUE9TX0FMTCAmIH5LRVlfUE9TX1NFVEFUVFIpIHwgS0VZX1VTUl9BTEws
DQorCQkgICAgICBub3RfaW5fcXVvdGEpOw0KKyNlbHNlDQorICBrZXlyaW5n
ID0ga2V5X2FsbG9jKF9fa2V5X3R5cGVfa2V5cmluZywgZGVzYywNCisJCSAg
ICAgIGN1cnJlbnRfdWlkKCksIGN1cnJlbnRfZ2lkKCksDQorCQkgICAgICAo
S0VZX1BPU19BTEwgJiB+S0VZX1BPU19TRVRBVFRSKSB8IEtFWV9VU1JfQUxM
LA0KKwkJICAgICAgbm90X2luX3F1b3RhKTsNCisjZW5kaWYNCisgIGlmIChJ
U19FUlIoa2V5cmluZykpIHsNCisgICAgY29kZSA9IFBUUl9FUlIoa2V5cmlu
Zyk7DQorICAgIGtleXJpbmcgPSBOVUxMOw0KKyAgICBnb3RvIG91dDsNCisg
IH0NCisgIA0KKyAgY29kZSA9IGtleV9pbnN0YW50aWF0ZV9hbmRfbGluayhr
ZXlyaW5nLCBOVUxMLCAwLCBOVUxMLCBOVUxMKTsNCisgIGlmIChjb2RlIDwg
MCkgew0KKyAgICBrZXlfcHV0KGtleXJpbmcpOw0KKyAgICBrZXlyaW5nID0g
TlVMTDsNCisgICAgZ290byBvdXQ7DQorICB9DQorICBjb2RlID0gMDsNCisN
Cisgb3V0Og0KKyAgKnJldF9jb2RlID0gY29kZTsNCisgIHJldHVybiBrZXly
aW5nOw0KK30NCisNCisNCisNCisNCitzdGF0aWMgaW50DQoraW5zdGFsbF9r
ZXlyaW5nKHN0cnVjdCBrZXkgKmtleXJpbmcsIGludCBhZ190eXBlKQ0KK3sN
CisgICAgc3RydWN0IGtleSAqb2xkOw0KKw0KKyAgICAvKiBpbnN0YWxsIHRo
ZSBrZXlyaW5nICovDQorDQorICAgIHN3aXRjaChhZ190eXBlKSB7DQorICAg
IGNhc2UgLTM6ICAgICAgDQorICAgICAgLyogc2Vzc2lvbiwgaW5zdGFsbF9z
ZXNzaW9uX2tleXJpbmcgY29kZSAqLw0KKyAgICAgIHNwaW5fbG9ja19pcnEo
JmN1cnJlbnQtPnNpZ2hhbmQtPnNpZ2xvY2spOw0KKyAgICAgIG9sZCA9IHRh
c2tfc2Vzc2lvbl9rZXlyaW5nKGN1cnJlbnQpOw0KKyAgICAgIHNtcF93bWIo
KTsNCisgICAgICB0YXNrX3Nlc3Npb25fa2V5cmluZyhjdXJyZW50KSA9IGtl
eXJpbmc7DQorICAgICAgc3Bpbl91bmxvY2tfaXJxKCZjdXJyZW50LT5zaWdo
YW5kLT5zaWdsb2NrKTsNCisgICAgICBicmVhazsNCisgICAgY2FzZSAtMjog
ICAgICANCisgICAgICAvKiBpbnN0YWxsX3Byb2Nlc3Nfa2V5cmluZyAgKi8N
CisgICAgICBzcGluX2xvY2tfaXJxKCZjdXJyZW50LT5zaWdoYW5kLT5zaWds
b2NrKTsNCisgICAgICBvbGQgPSB0YXNrX3Byb2Nlc3Nfa2V5cmluZyhjdXJy
ZW50KTsNCisgICAgICB0YXNrX3Byb2Nlc3Nfa2V5cmluZyhjdXJyZW50KSA9
IGtleXJpbmc7DQorICAgICAgc3Bpbl91bmxvY2tfaXJxKCZjdXJyZW50LT5z
aWdoYW5kLT5zaWdsb2NrKTsgICAgICANCisgICAgICBicmVhazsNCisgICAg
Y2FzZSAtMToNCisgICAgICAvKiBpbnN0YWxsX3RocmVhZF9rZXlyaW5nICov
DQorICAgICAgdGFza19sb2NrKGN1cnJlbnQpOw0KKyAgICAgIG9sZCA9IHRh
c2tfdGhyZWFkX2tleXJpbmcoY3VycmVudCk7DQorICAgICAgdGFza190aHJl
YWRfa2V5cmluZyhjdXJyZW50KSA9IGtleXJpbmc7DQorICAgICAgdGFza191
bmxvY2soY3VycmVudCk7DQorICAgICAgYnJlYWs7DQorICAgIGRlZmF1bHQ6
DQorICAgICAgcmV0dXJuIC1FSU5WQUw7DQorICAgIH0NCisgICAgaWYgKG9s
ZCkNCisgICAgICBrZXlfcHV0KG9sZCk7ICAgICAgICANCisNCisgICAgcmV0
dXJuIDA7DQorfQ0KKw0KKw0KKw0KKw0KKw0KKw0KKw0KKw0KICNlbmRpZiAv
KiBMSU5VWF9LRVlSSU5HX1NVUFBPUlQgKi8NCiANCiAjZWxzZQ0KQEAgLTM2
OSw2ICs0NzYsNzIgQEAgc2V0cGFnKGNyZWRfdCAqKmNyLCBhZnNfdWludDMy
IHBhZ3ZhbHVlLCBhZnNfdWludDMyICpuZXdwYWcsDQogICAgIHJldHVybiBj
b2RlOw0KIH0NCiANCitpbnQNCitzZXRhZyhjcmVkX3QgKipjciwgYWZzX3Vp
bnQzMiBwYWd2YWx1ZSwgYWZzX3VpbnQzMiAqbmV3cGFnLA0KKyAgICAgICBp
bnQgY2hhbmdlX3BhcmVudCxpbnQgYWdfdHlwZSkNCit7DQorICAgIGludCBj
b2RlOw0KKw0KKyAgICBBRlNfU1RBVENOVChzZXRwYWcpOw0KKw0KKw0KKyAg
ICAvL3ByaW50ZigiZW50ZXJpbmcgc2V0QUcgY29kZSAlZFxuIixhZ190eXBl
KTsNCisNCisgICAgaWYoYWdfdHlwZSA+IC0xIHx8IGFnX3R5cGUgPCAtMykg
DQorICAgICAgcmV0dXJuIC1FSU5WQUw7DQorDQorICAgIC8vcHJpbnRmKCJw
YWd2YWx1ZT0gJWRcbiIscGFndmFsdWUpOw0KKw0KKw0KKyAgICBjb2RlID0g
X19zZXRwYWcoY3IsIHBhZ3ZhbHVlLCBuZXdwYWcsIGNoYW5nZV9wYXJlbnQp
Ow0KKw0KKyAgICAvL3ByaW50ZigibmV3cGFnID0gJWRcbiIsKm5ld3BhZyk7
DQorDQorI2lmZGVmIExJTlVYX0tFWVJJTkdfU1VQUE9SVA0KKyAgICBpZiAo
Y29kZSA9PSAwICYmICgqY3IpLT5jcl9yZ2lkICE9IE5GU1hMQVRPUl9DUkVE
KSB7DQorICAgICAgDQorICAgICAgc3RydWN0IGtleSAqa2V5cmluZyA9IE5V
TEw7DQorDQorICAgICAga2V5cmluZyA9IHByZXBhcmVfa2V5cmluZygmY29k
ZSk7DQorICAgICAgaWYoY29kZSAhPSAwKSANCisJcmV0dXJuIGNvZGU7DQor
ICAgICAgDQorICAgICAgY29kZSA9IGluc3RhbGxfa2V5cmluZyhrZXlyaW5n
LGFnX3R5cGUpOw0KKyAgICAgIGlmKGNvZGUgIT0gMCkgDQorCXJldHVybiBj
b2RlOw0KKw0KKyAgICAgIGlmIChrZXlyaW5nKSB7DQorDQorCXN0cnVjdCBr
ZXkgKmtleTsNCisJa2V5X3Blcm1fdCBwZXJtOw0KKw0KKwkvL3ByaW50Zigi
cHJlcGFyaW5nIGtleSwga2V5cmluZyBzdG9yZWRcbiIpOw0KKwkNCisJcGVy
bSA9IEtFWV9QT1NfVklFVyB8IEtFWV9QT1NfU0VBUkNIOw0KKwlwZXJtIHw9
IEtFWV9VU1JfVklFVyB8IEtFWV9VU1JfU0VBUkNIOw0KKwkNCisjaWYgZGVm
aW5lZChLRVlfQUxMT0NfTkVFRFNfU1RSVUNUX1RBU0spDQorCWtleSA9IGtl
eV9hbGxvYygma2V5X3R5cGVfYWZzX3BhZywgIl9wYWciLCAwLCAwLCBjdXJy
ZW50LCBwZXJtLCAxKTsNCisjZWxpZiBkZWZpbmVkKEtFWV9BTExPQ19ORUVE
U19DUkVEKQ0KKwlrZXkgPSBrZXlfYWxsb2MoJmtleV90eXBlX2Fmc19wYWcs
ICJfcGFnIiwgMCwgMCwgY3VycmVudF9jcmVkKCksIHBlcm0sIDEpOw0KKyNl
bHNlDQorCWtleSA9IGtleV9hbGxvYygma2V5X3R5cGVfYWZzX3BhZywgIl9w
YWciLCAwLCAwLCBwZXJtLCAxKTsNCisjZW5kaWYNCisJDQorCWlmICghSVNf
RVJSKGtleSkpIHsNCisJICBrZXlfaW5zdGFudGlhdGVfYW5kX2xpbmsoa2V5
LCAodm9pZCAqKSBuZXdwYWcsIHNpemVvZihhZnNfdWludDMyKSwNCisJCQkJ
ICAga2V5cmluZywgTlVMTCk7DQorCSAga2V5X3B1dChrZXkpOw0KKwl9DQor
ICAgICAgfQ0KKyAgICB9DQorI2VuZGlmIC8qIExJTlVYX0tFWVJJTkdfU1VQ
UE9SVCAqLw0KKw0KKyAgICANCisgICAgLy9wcmludGYoImV4aXRpbmcgc2V0
QUcgdHlwZSAlZCBjb2RlOiAlZFxuIixhZ190eXBlLGNvZGUpOw0KKyAgICAN
CisgICAgcmV0dXJuIGNvZGU7DQorfQ0KIA0KIC8qIEludGVyY2VwdCB0aGUg
c3RhbmRhcmQgc3lzdGVtIGNhbGwuICovDQogZXh0ZXJuIGFzbWxpbmthZ2Ug
bG9uZyAoKnN5c19zZXRncm91cHNwKSAoaW50IGdpZHNldHNpemUsIGdpZF90
ICogZ3JvdXBsaXN0KTsNCmRpZmYgLS1naXQgYS9zcmMvYWZzL0xJTlVYL29z
aV9tYWNoZGVwLmggYi9zcmMvYWZzL0xJTlVYL29zaV9tYWNoZGVwLmgNCmlu
ZGV4IDczMzVjMGIuLmNlMTA0NGEgMTAwNjQ0DQotLS0gYS9zcmMvYWZzL0xJ
TlVYL29zaV9tYWNoZGVwLmgNCisrKyBiL3NyYy9hZnMvTElOVVgvb3NpX21h
Y2hkZXAuaA0KQEAgLTE5Miw4ICsxOTIsMTcgQEAgdHlwZWRlZiBzdHJ1Y3Qg
YWZzX2NyZWQgewkJLyogbWFwcyB0byB0YXNrIGZpZWxkOiAqLw0KICNkZWZp
bmUgdGFza191aWQodGFzaykgKHRhc2stPnVpZCkNCiAjZW5kaWYNCiAjZGVm
aW5lIHRhc2tfdXNlcih0YXNrKSAodGFzay0+dXNlcikNCisNCiAjZGVmaW5l
IHRhc2tfc2Vzc2lvbl9rZXlyaW5nKHRhc2spICh0YXNrLT5zaWduYWwtPnNl
c3Npb25fa2V5cmluZykNCiAjZGVmaW5lIGN1cnJlbnRfc2Vzc2lvbl9rZXly
aW5nKCkgKGN1cnJlbnQtPnNpZ25hbC0+c2Vzc2lvbl9rZXlyaW5nKQ0KKw0K
KyNkZWZpbmUgdGFza19wcm9jZXNzX2tleXJpbmcodGFzaykgKHRhc2stPnNp
Z25hbC0+cHJvY2Vzc19rZXlyaW5nKQ0KKyNkZWZpbmUgY3VycmVudF9wcm9j
ZXNzX2tleXJpbmcoKSAoY3VycmVudC0+c2lnbmFsLT5wcm9jZXNzX2tleXJp
bmcpDQorDQorI2RlZmluZSB0YXNrX3RocmVhZF9rZXlyaW5nKHRhc2spICh0
YXNrLT50aHJlYWRfa2V5cmluZykNCisjZGVmaW5lIGN1cnJlbnRfdGhyZWFk
X2tleXJpbmcoKSAoY3VycmVudC0+dGhyZWFkX2tleXJpbmcpDQorDQorDQog
I2VuZGlmDQogI2RlZmluZSBjcmhvbGQoYykgKGMpLT5jcl9yZWYrKw0KIA0K
---644446174-1158989190-1250856461=:4787--