Date: Mon, 14 Apr 2003 16:13:51 +0300 From: Danny Braniss <danny@cs.huji.ac.il> To: "Michael A. Bushkov" <bushman@rsu.ru> Cc: and@rsu.ru Subject: Re: nsswitch implementation Message-ID: <E1953mS-000EmS-00@cs.huji.ac.il> In-Reply-To: Message from "Michael A. Bushkov" <bushman@rsu.ru> <30983F67-6E77-11D7-BB0D-000393BC13C6@rsu.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Greetings 2u2! I won't go into the merrits of a new/er implementation, but i keep wondering the merrits of a different access for root/non-root. AFAIK, the only problematic issue is with the hashed-password visibility, and if that is so, then a much simpler solution should be available. danny > Greetings! > > We are currently working on alternate nsswitch implementation for > FreeBSD. We want to make this implementation more flexible and powerful > than the current one. > > Our idea is to make 3-level structure of nsswitch: > > 1) libc functions talking to the level2 daemon > > 2) Special daemon (nssd) accepting queries from > libc, passing them to level3 (modules) and sending answers > back to libc > > 3) DSO modules, containing functions doing real work > to obtain requested information from any source or > database (for example nss_files.so, nss_dns.so and so on) > > The daemon (level 2) should be able do dynamically open modules - we > can't call dlopen() directly from libc. > > At the moment we have a working alpha-version of daemon, nss_files > module and > some rewritten libc functions. And there is one problem: behaviour of > modules > should be different for regular users and for root. Currently (in libc) > this > is done with the help of geteuid(). This is not applicable for modules > since their function are called by the daemon but not the originating > process itself. > > We see two implementable solutions: > > 1. Run 2 daemons to separate root and non-root queries. > > 2. Pass uid information to the module functions and let them use it > instead of > geteuid() > > And another 'theoretical' solution: to intersept geteuid() calls from > modules. > > We defenitely need some suggesions and discussion. Any help will be > greatly > appreciated. > > Pleas keep CC lines in replies since we're not on the list. > > Michael A. Bushkov > Computer Center of Rostov State University > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1953mS-000EmS-00>