From mboxrd@z Thu Jan  1 00:00:00 1970
From: David Howells <dhowells@redhat.com>
Subject: [RFC] New authentication management syscalls
Date: Fri, 09 May 2003 14:11:17 +0100
Sender: linux-kernel-owner@vger.kernel.org
Message-ID: <11183.1052485877@warthog.warthog>
Mime-Version: 1.0 (generated by SEMI 1.14.4 - "Hosorogi")
Content-Type: text/plain; charset=US-ASCII
Cc: dhowells@redhat.com, viro@parcelfarce.linux.theplanet.co.uk,
	drepper@redhat.com, linux-kernel@vger.kernel.org,
	linux-fsdevel@vger.kernel.org
Return-path: <linux-kernel-owner+linux-kernel=40quimby.gnus.org@vger.kernel.org>
To: Trond Myklebust <trond.myklebust@fys.uio.no>, arjanv@redhat.com
List-Id: linux-fsdevel.vger.kernel.org


Hi Trond, Arjan,

I'm trying to come up with a way of allowing userspace to present
authentication tokens to the kernel. What I've come up with involves the
addition of six system calls:

 (1) setpag()

     Put the calling process into a new process authentication group (PAG).

 (2) getpag()

     Get the PAG ID of the calling process.

 (3) settok(const char *fs, const char *key, size_t size, const void *data)

     Present data to the named filesystem as being the authentication token
     for the specified key (eg: an AFS cell). If accepted, this token should
     be stored in the PAG to which the calling process belongs.

 (4) gettok(const char *fs, const char *key, size_t size, void *buffer)

     Get a copy of an authentication token from the current PAG.

 (5) deltok(const char *fs, const char *key)

     Delete an authentication token from the current PAG.

 (6) cleartoks(const char *fs)

     Clear all the tokens belonging to a particular filesystem from the
     current process's PAG.

The kernel would need to be modified in a number of ways:

 (1) PAGs would need to be uniquely numbered managed kernel object. Each
     process should belong to a PAG. Each PAG would contain a list of tokens.

 (2) I'd like to include Trond's vfs_cred idea (move fsuid, fsgid and groups
     out of the task_struct) and make the vfs_cred point to the PAG for the
     process.

 (3) The struct file_system_type would gain at least one new entry point:

	struct file_system_type {
	        ...
		int settok(struct file_system_type *fstype,
			   const char *domain,
			   size_t size,
			   const void *data);
	};

     If this method returned 0, then the token would be added to the PAG's
     list, if it returned an error, then it'd be ignored.

David