From owner-freebsd-hackers@FreeBSD.ORG Mon Apr 14 05:47:14 2003 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 779E937B401 for ; Mon, 14 Apr 2003 05:47:14 -0700 (PDT) Received: from asterix.rsu.ru (asterix.rsu.ru [195.208.245.250]) by mx1.FreeBSD.org (Postfix) with ESMTP id CEE4343F75 for ; Mon, 14 Apr 2003 05:47:12 -0700 (PDT) (envelope-from bushman@rsu.ru) Received: from rsu.ru (mac.cc.rsu.ru [195.208.252.173]) by asterix.rsu.ru (8.12.6p2/8.12.6) with ESMTP id h3ECl9g5071805; Mon, 14 Apr 2003 16:47:09 +0400 (MSD) (envelope-from bushman@rsu.ru) Date: Mon, 14 Apr 2003 16:47:02 +0400 Mime-Version: 1.0 (Apple Message framework v551) To: freebsd-hackers@freebsd.org From: "Michael A. Bushkov" Message-Id: <30983F67-6E77-11D7-BB0D-000393BC13C6@rsu.ru> X-Mailer: Apple Mail (2.551) Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.1 cc: and@rsu.ru cc: os@rsu.ru Subject: nsswitch implementation X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Apr 2003 12:47:15 -0000 Greetings! We are currently working on alternate nsswitch implementation for FreeBSD. We want to make this implementation more flexible and powerful than the current one. Our idea is to make 3-level structure of nsswitch: 1) libc functions talking to the level2 daemon 2) Special daemon (nssd) accepting queries from libc, passing them to level3 (modules) and sending answers back to libc 3) DSO modules, containing functions doing real work to obtain requested information from any source or database (for example nss_files.so, nss_dns.so and so on) The daemon (level 2) should be able do dynamically open modules - we can't call dlopen() directly from libc. At the moment we have a working alpha-version of daemon, nss_files module and some rewritten libc functions. And there is one problem: behaviour of modules should be different for regular users and for root. Currently (in libc) this is done with the help of geteuid(). This is not applicable for modules since their function are called by the daemon but not the originating process itself. We see two implementable solutions: 1. Run 2 daemons to separate root and non-root queries. 2. Pass uid information to the module functions and let them use it instead of geteuid() And another 'theoretical' solution: to intersept geteuid() calls from modules. We defenitely need some suggesions and discussion. Any help will be greatly appreciated. Pleas keep CC lines in replies since we're not on the list. Michael A. Bushkov Computer Center of Rostov State University