Discussion:
per thread credentials
Jack Halford
2018-12-07 10:32:51 UTC
Permalink
hello,

Gandi.net has need of per-thread credentials for a file server. There
have been prior discussions in a thread[1] in 2009 and also a design[2]
has been written out on the wiki in 2011. I'm in the process of
implementing this design.

Before posting my patch to reviews I'd like know if I've missed any
discussion on the subject since the design I'm basing myself on is quite
old (some of the points are now irrelevant after 7 years). Also maybe
someone knows why this was never implemented in the first place?

[1] https://lists.freebsd.org/pipermail/freebsd-arch/2009-May/009300.html
[2] https://wiki.freebsd.org/Per-Thread%20Credentials
Conrad Meyer
2018-12-07 16:53:07 UTC
Permalink
Post by Jack Halford
hello,
Gandi.net has need of per-thread credentials for a file server. There
have been prior discussions in a thread[1] in 2009 and also a design[2]
has been written out on the wiki in 2011. I'm in the process of
implementing this design.
...
[1] https://lists.freebsd.org/pipermail/freebsd-arch/2009-May/009300.html
[2] https://wiki.freebsd.org/Per-Thread%20Credentials
Both of these came out of Isilon. I think we ended up with special
credential file descriptors, rather than using uid_t's and gid_t's
directly, because of a need for compatibility with arbitrary Windows
LDAP users ("SID"s?) not present in the local id database.

I can't speak to why it didn't land before — I wasn't really around
for that, and there's a 50-50 chance we just didn't want to put in the
effort — but we still use something similar now. Zach Loafman left
the company long ago and hasn't been an active FreeBSD committer in
quite some time, and ditto ***@. Committers at Isilon now are me,
bdrewery@, vangyzen@, dab@, rstone@, and pho@, but none of us are
really involved with what Isilon calls "AIMA" (Authentication,
Identity Management, Authorization).

The APIs we use today look like:

663 AUE_NULL STD { int modifytcred2(int fd, \
struct native_token *token, \
int flags); }
664 AUE_NULL STD { int modifytcred(int fd1, int fd2, \
int flags); }
665 AUE_NULL STD { int accesstcred(char *path, int flags, \
int fd); }
666 AUE_NULL STD { int buildtcred(struct native_token *token, \
int current); }
667 AUE_NULL STD { int gettcred(char *user, int thread); }
668 AUE_NULL STD { int settcred(int fd, int flags, \
struct native_token *token); }
669 AUE_NULL STD { int reverttcred(void); }
670 AUE_NULL STD { int restricttcred(int fd, struct
native_token *token); }

Best,
Conrad
Jack Halford
2018-12-10 13:51:30 UTC
Permalink
Post by Conrad Meyer
Both of these came out of Isilon. I think we ended up with special
credential file descriptors, rather than using uid_t's and gid_t's
directly, because of a need for compatibility with arbitrary Windows
LDAP users ("SID"s?) not present in the local id database.
Thanks for the reply, as far as i can tell we are more interested in the
design that was posted initially. So I'll go ahead and submit that for review.

Best,
Jack

Loading...