Mime-Version: 1.0 (Apple Message framework v618)
Content-Transfer-Encoding: 7bit
Message-Id: <772741DF-BC19-11D8-888F-000393ACC76E@mac.com>
Content-Type: text/plain; charset=US-ASCII; format=flowed
To: linux-kernel@vger.kernel.org
From: Kyle Moffett <mrmacman_g4@mac.com>
Subject: In-kernel Authentication Tokens (PAGs)
Date: Fri, 11 Jun 2004 22:37:36 -0400
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1452
Lines: 48

I am working on a generic PAG subsystem for the kernel, something that
handles BLOB PAG data and could be used for OpenAFS, Coda, NFSv4, etc.
I have a patch, but it is not well tested yet.  Here is an overview of 
the
architecture:

Each process has a PAG, and each PAG has a parent PAG.  Users are
allowed to make new PAGs associated with their UID and modify ones that
are already associated with their UID.  Each PAG consists of a set of 
tokens,
each uniquely identified by an integral "type" and a string "realm."  
The
search for a token by any subsystem is done starting at the immediate 
parent
and proceeds upward.  Tokens are in kernel memory and so are not ever
swapped out.

Each PAG is represented in user-space as an integer.  Here are the 
sys-calls
that I propose:

sys_get_pag
sys_set_pag
	These manipulate the PAG associated with a given PID.

sys_get_pag_parent
sys_set_pag_parent
	These manipulate the parent PAG of a given PAG

sys_get_pag_uid
sys_set_pag_uid
	These manipulate the UID which "owns" a PAG

sys_get_pag_token
sys_set_pag_token
	These manipulate tokens within a specific PAG

sys_search_pag_token
	This executes the search process as described above

Cheers,
Kyle Moffett

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/