[OpenAFS-devel] prdb format extension for extended authentication
names
Benjamin Kaduk
kaduk@MIT.EDU
Mon, 10 Jun 2013 12:24:47 -0400 (EDT)
On Thu, 30 May 2013, Benjamin Kaduk wrote:
>
> Within these considerations (and any others that come up in this discussion),
> I am working on a concrete proposal. Would people prefer to see this in the
> form of ptserver.h struct declarations and comments, or an addition to the
> prdb format writeup I have at
> https://github.com/kaduk/openafs/blob/prdb/doc/txt/prdb.txt ?
I updated the description of the existing prdb format a bit, and then
added descriptions of a format with a generic mechanism for additional
hash tables and additional types of extended data which may be attached to
an existing entry. At present I only describe extended names and the hash
table for them, but other extensions are certainly possible.
The squashed patchset is two commits at
https://github.com/kaduk/openafs/commits/prdb-squashed -- one for
describing the existing format, and another to add my proposed updates.
I have left out the idea of a UUID attached to the generic extended data
for now. I think that the main benefit from such a concept would be if
operating in a mixed environment of new and old ptservers, or if it is
necessary to revert to the old code for some reason.
If an entry has extended data added using the new code, but is deleted
using the old code, and a new entry is created with the same ID, then
the database will be corrupt, as the extended data for the old entry is
still present in the database, and a database verification script would
attach that extended data to the new entry, for which it is not actually
valid. A UUID in the extended data would detect this version skew, so
long as the new entry had valid extended data associated with it (which
would have a new UUID that did not match the old extended data). However,
if there is no extended data associated with the new entry, I don't think
the UUID would help. As such, I'm not convinced it adds value in this
database-consistency purpose. Maybe there are other reasons to have a
UUID per entry, for a new way to look up entries, perhaps, but I am not
coming up with any that are compelling.
If there are compelling reasons to include a UUID with extended data
blocks, this is pretty easy to do; we just lose some of the space for
extended data and add another hash table for lookup by UUID.
It would be nice to get some feedback before I start working on the code.
Jenkins' lookup3 hash should be just fine for the extended names, but we
will need to enforce endianness.
-Ben