From owner-freebsd-hackers@FreeBSD.ORG Mon Apr 14 06:13:54 2003 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BF38F37B401 for ; Mon, 14 Apr 2003 06:13:54 -0700 (PDT) Received: from cs.huji.ac.il (cs.huji.ac.il [132.65.16.30]) by mx1.FreeBSD.org (Postfix) with ESMTP id 169A443FA3 for ; Mon, 14 Apr 2003 06:13:54 -0700 (PDT) (envelope-from danny@cs.huji.ac.il) Received: from pampa.cs.huji.ac.il ([132.65.80.32] ident=danny) by cs.huji.ac.il with esmtp id 1953mS-000EmS-00; Mon, 14 Apr 2003 16:13:52 +0300 X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4 To: "Michael A. Bushkov" In-Reply-To: Message from "Michael A. Bushkov" <30983F67-6E77-11D7-BB0D-000393BC13C6@rsu.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Mon, 14 Apr 2003 16:13:51 +0300 From: Danny Braniss Message-Id: cc: freebsd-hackers@freebsd.org cc: os@rsu.ru cc: and@rsu.ru Subject: Re: nsswitch implementation X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Apr 2003 13:13:55 -0000 Greetings 2u2! I won't go into the merrits of a new/er implementation, but i keep wondering the merrits of a different access for root/non-root. AFAIK, the only problematic issue is with the hashed-password visibility, and if that is so, then a much simpler solution should be available. danny > Greetings! > > We are currently working on alternate nsswitch implementation for > FreeBSD. We want to make this implementation more flexible and powerful > than the current one. > > Our idea is to make 3-level structure of nsswitch: > > 1) libc functions talking to the level2 daemon > > 2) Special daemon (nssd) accepting queries from > libc, passing them to level3 (modules) and sending answers > back to libc > > 3) DSO modules, containing functions doing real work > to obtain requested information from any source or > database (for example nss_files.so, nss_dns.so and so on) > > The daemon (level 2) should be able do dynamically open modules - we > can't call dlopen() directly from libc. > > At the moment we have a working alpha-version of daemon, nss_files > module and > some rewritten libc functions. And there is one problem: behaviour of > modules > should be different for regular users and for root. Currently (in libc) > this > is done with the help of geteuid(). This is not applicable for modules > since their function are called by the daemon but not the originating > process itself. > > We see two implementable solutions: > > 1. Run 2 daemons to separate root and non-root queries. > > 2. Pass uid information to the module functions and let them use it > instead of > geteuid() > > And another 'theoretical' solution: to intersept geteuid() calls from > modules. > > We defenitely need some suggesions and discussion. Any help will be > greatly > appreciated. > > Pleas keep CC lines in replies since we're not on the list. > > Michael A. Bushkov > Computer Center of Rostov State University > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" >