[320] in Info-AFS_Redistribution

home help back first fref pref prev next nref lref last post

Re: the dangers of not using unlog

daemon@ATHENA.MIT.EDU (Wallace Colyer)
Fri Sep 20 01:01:27 1991

Date: Thu, 19 Sep 1991 23:59:37 -0400 (EDT)
From: Wallace Colyer <wally+@andrew.cmu.edu>
To: Info-AFS@transarc.com, Cal_Thixton@next.com
In-Reply-To: <9109200316.AA03346@tinman.NeXT.COM>


The following is from my somewhat limited understanding from browsing the
code in order to track down the problem I described earlier.  Please
correct me if I make mistakes.

A pag is a process authentication group.  AFS adds the system call, setpag(),
which modifies the first groups in the credential structure of your process.
AFS, also, modies the setgroups system call so that the first two groups
cannot be modifed or removed.  If you type the groups command you will
see two large numbered groups.  I am not sure what each one represents,
but I beleive both together make your pag.

When you authenticate the location used for your ticket cache in the kernel
is marked by your pag.  There is stored all tokens for all cells you 
authenticate to and connections structures to all fileservers you contact.

When you touch a file in afs the kernel checks your credential structure 
and uses the authentication associated with the pag it finds there.  

Since each subprocess gets the pag of it's parent reauthenticating or using
unlog changes the authentication for all processes associated with the
pag.  

Unfortunately, though AFS provides the ability to get a tokens from the 
kernel and set it in another process, it does not allow for a process 
even as root to set it's pag to a specific pag, so you cannot give a
process the credentials of another process in such a way that they will
be maintained over time when something is reauthentcated.  This is 
because if you want a already running process to have the credentials of
a process that is strarted from somewhere else and change as they change
over time you cannot.

The existance of pags allows the same userid on the same machine to have
different authentications to AFS which is extreamly usefull.  

One other note, the kernel enforces a 10 second wait if a setpag call has
been called in the last 10 seconds for security reasons.  This is even 
done is the caller is root causing unreasonable delays in the calls
at times on multiuser machines.

-Wallace




home help back first fref pref prev next nref lref last post