Date: Mon, 14 Apr 2003 16:47:02 +0400 From: "Michael A. Bushkov" <bushman@rsu.ru> To: freebsd-hackers@freebsd.org Cc: os@rsu.ru Subject: nsswitch implementation Message-ID: <30983F67-6E77-11D7-BB0D-000393BC13C6@rsu.ru>
next in thread | raw e-mail | index | archive | help
Greetings! We are currently working on alternate nsswitch implementation for FreeBSD. We want to make this implementation more flexible and powerful than the current one. Our idea is to make 3-level structure of nsswitch: 1) libc functions talking to the level2 daemon 2) Special daemon (nssd) accepting queries from libc, passing them to level3 (modules) and sending answers back to libc 3) DSO modules, containing functions doing real work to obtain requested information from any source or database (for example nss_files.so, nss_dns.so and so on) The daemon (level 2) should be able do dynamically open modules - we can't call dlopen() directly from libc. At the moment we have a working alpha-version of daemon, nss_files module and some rewritten libc functions. And there is one problem: behaviour of modules should be different for regular users and for root. Currently (in libc) this is done with the help of geteuid(). This is not applicable for modules since their function are called by the daemon but not the originating process itself. We see two implementable solutions: 1. Run 2 daemons to separate root and non-root queries. 2. Pass uid information to the module functions and let them use it instead of geteuid() And another 'theoretical' solution: to intersept geteuid() calls from modules. We defenitely need some suggesions and discussion. Any help will be greatly appreciated. Pleas keep CC lines in replies since we're not on the list. Michael A. Bushkov Computer Center of Rostov State University
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?30983F67-6E77-11D7-BB0D-000393BC13C6>