Coda File System

Re: ACLs, PAGs and PACs

From: Michael Poole <>
Date: Wed, 10 Dec 1997 17:50:19 -0500 (EST)
On 10 Dec 1997, Andi Kleen wrote:

> The problem exists already in the Linux kernel. smbfs (and probably ncpfs too)
> have it. smbfs currently uses the 'specify user at mount time' hack, but that's
> only a bad hack IMHO and not suitable for multiusre machines. I'm sure
> the smbfs developers are interested in solving this problem too (I cc'd
> Bill Hawes)

   So what features are needed?  Obviously, each file system will have its
own interpretation of the data needed.  It also seems to me that there
should be a default/fallback value, in case the user doesn't specify their
own authentication data.  For filesystems which allow multiple mount
points per client (eg, NFS, smbfs, but not Coda so much), one would want
to be able to look up the authentication blob by user and file system.
Listed below are some possible handles for this.

Notes on the authentication semantics:
* This only handles authetication, not authorization.
* The userid might be assumed; should it be the true or effective uid
  if implicit?
* The 'default' functions could be merged with the normal ones by handling
  certain userids specially, although the change in fs semantics caused by
  this might be undesirable.
* The 'default' functions should only be callable by the superuser.
* It's assumed that there's at least some structure to the blob; at least,
  that the length can be read out.  Another useful field would be a
  reference count for dup'ed blobs.
* These are candidates for adding to the VFS super_operations (at least,
  is_valid_mount_auth would be); that allows the fs to perform sanity
  checks on the auth data passed in.
* I'm not sure how the buffer from userspace should be passed in (ie,
  the proper types for it).

struct auth_blob {
    int refcount;
    int datalen;
    char data[];

/* returns whether or not the mount blob is valid, or maybe a reason
   it is not valid */
int is_valid_mount_auth(struct super_block *sb,
                        struct auth_blob *blob);

/* returns a status code indicating success or failure type;
   associates authentication data for that mountpoint */
int set_mount_auth_default_info(struct super_block *sb,
                                struct auth_blob *blob);
int set_mount_auth_info(struct super_block *sb,
                        __kernel_uid_t userid,
                        struct auth_blob *blob)

/* duplicates the mount point information for one mount point to another;
   for example, for distinct smbfs mounts from the same server, so the 
   user would not have to authenticate again;
   returns a status code indicating success or failure type */
int dup_mount_auth_default_info(struct super_block *to,
                                struct super_block *from);
int dup_mount_auth_info(struct super_block *to,
                        __kernel_uid_t userid,
                        struct super_block *from);

/* retrieves the mountpoint auth blob for the given user (kernel-only);
   get_mount_auth_info should probably not fall back to the default,
   but instead return some error code */
struct auth_blob * get_mount_auth_default_info(struct super_block *sb);
struct auth_blob * get_mount_auth_info(struct super_block *sb,
                                       __kernel_uid_t userid);

/* copies the authentication blobs to a userspace buffer */
asmlinkage int sys_get_mount_auth_default_info(struct super_block *sb,
                                               int buffer_length,
                                               char *buffer);
asmlinkage int sys_get_mount_auth_info(struct super_block *sb,
                                       __kernel_uid_t userid,
                                       int buffer_length,
                                       char *buffer);

/* removes the mount auth blob -- checking the blob reference count if
   using reference counts are supported */
int forget_mount_auth_default_info(struct super_block *sb);
int forget_mount_auth_info(struct super_block *sb,
                           __kernel_uid_t userid);

- Michael
Received on 1997-12-10 18:14:21