Re: [PATCH] caching daemon release and nsswitch patches

2005-08-30 Thread Michael Bushkov

On Mon, 29 Aug 2005, Dan Nelson wrote:

We can't ensure that, I guess. In the upcoming version (before the 1st of 
September), the cache would be per-user. This would solve all the security 
problems. In a little while, I'll implement the ability for cached to act 
as nscd. So you'll be able to choose the behaviour.



In the last episode (Aug 29), Michael Bushkov said:

There is some information in my project's description here:
http://wikitest.freebsd.org/moin.cgi/NsswitchAndCachingTechnicalDetails


One question that comes to mind:

It looks like the end-user application is still responsible for
performing nss lookups.  How do you ensure that one user can't poison
the cache and cause problems for other users?  Could cached do all nss
operations itself (making it more like nscd in other OSes)?

--
Dan Nelson
[EMAIL PROTECTED]



With best regards,
Michael Bushkov
Rostov State University
___
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: [PATCH] caching daemon release and nsswitch patches

2005-08-29 Thread Dan Nelson
In the last episode (Aug 29), Michael Bushkov said:
> There is some information in my project's description here:
> http://wikitest.freebsd.org/moin.cgi/NsswitchAndCachingTechnicalDetails

One question that comes to mind:

It looks like the end-user application is still responsible for
performing nss lookups.  How do you ensure that one user can't poison
the cache and cause problems for other users?  Could cached do all nss
operations itself (making it more like nscd in other OSes)?

-- 
Dan Nelson
[EMAIL PROTECTED]
___
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: [PATCH] caching daemon release and nsswitch patches

2005-08-29 Thread Michael Bushkov

Hi, Doug!
I'm not sure what guidelines were given to you when you started the project, 
but in reviewing your work the first thing I noticed was that you are not 
following the guidelines in the style(9) man page. You should read that page, 
and spend an afternoon reformatting your code to fit what is described there. 
The most common error you've made is not following the 80 column rule, which 
hopefully should be easily fixed. While one could argue with the specific 
items in that page, and quite possibly be right, the idea of having a style 
guideline is more to have a common format that we can all work towards than 
to have a perfect format that we can all agree on. By reformatting your code 
to fit this guideline you will greatly increase the chances that it will be 
welcomed into the tree with open arms.


The other style area that you should look at is your man pages. If you look 
in /usr/share/examples/mdoc you will find the FreeBSD style guidelines for 
man pages. The line wrapping issue comes into play here as well. We generally 
don't go past column 60 in man pages, since that reduces CVS repo churn for 
corrections down the road. Also, any time you have a full stop (period) at 
the end of a sentence, you should start a new line. I think that you are also 
using some macros that I'm not familiar with, although I'm not an mdoc 
expert.


Thank you very much for your suggestions - I'll reformat the code and man 
files. I've seemed to forget about style(9) in some places :(




The other area that I'm interested in is how you plan to have cached interact 
with DNS lookups, /etc/hosts, named, etc. If there was a project plan posted 
somewhere on this already and I missed it, please accept my apologies, and 
send along a reference. If not, I'm very interested to hear what your plans 
are.




There is some information in my project's description here:
http://wikitest.freebsd.org/moin.cgi/NsswitchAndCachingTechnicalDetails

The "Integrating nsswitch and caching" describes the way that I use to 
make cached work. It can actually interact with any nsswitch database. 
All we need is to supply the special structure (in patches it is usually 
called "cache_info") with 3 functions pointers (*_id_func, *_marshal_func, 
*_unmarshal_func). These functions are used by nsdispatch during the 
caching of sccessful results. id_func identifies the key - the unique 
identifier, which will identify the data in the cache. And 
marshal_func/unmarshal_func pack/unpack data into/from the (char 
*)buffer. So almost all data, that go through nsdispatch calls, can be 
cached. And "struct hostent" and "struct addrinfo" are no exceptions to 
this rule. I already have the patch with *_id_func, *_marshal and 
*_unmarshal_func implemented for the "hosts" nsswitch database. I'll send 
it to the list along with the corrected version of the cached a bit later 
(in about 12 hours).


P.S. the patched version of nsdispatch uses the functions that are 
implemented in nscache.c and nscachedcli.c files (they are present in the 
patch).


With best regards,
Michael
___
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: [PATCH] caching daemon release and nsswitch patches

2005-08-28 Thread Doug Barton

Michael Bushkov wrote:
Hi! I'm working on nsswitch improvement (during the Google Summer of 
Code program. 


First off, let me say that this is very exciting stuff! I'm particularly 
excited about caching for the services stuff, as it will finally allow us to 
bring in a more complete version of the services file. I do have some 
comments for you, and I hope that you understand that they are in no way 
critical of your work, just suggestions for improvements, and ways that you 
can better fit into the FreeBSD code base.


I'm not sure what guidelines were given to you when you started the project, 
but in reviewing your work the first thing I noticed was that you are not 
following the guidelines in the style(9) man page. You should read that 
page, and spend an afternoon reformatting your code to fit what is described 
there. The most common error you've made is not following the 80 column 
rule, which hopefully should be easily fixed. While one could argue with the 
specific items in that page, and quite possibly be right, the idea of having 
a style guideline is more to have a common format that we can all work 
towards than to have a perfect format that we can all agree on. By 
reformatting your code to fit this guideline you will greatly increase the 
chances that it will be welcomed into the tree with open arms.


The other style area that you should look at is your man pages. If you look 
in /usr/share/examples/mdoc you will find the FreeBSD style guidelines for 
man pages. The line wrapping issue comes into play here as well. We 
generally don't go past column 60 in man pages, since that reduces CVS repo 
churn for corrections down the road. Also, any time you have a full stop 
(period) at the end of a sentence, you should start a new line. I think that 
you are also using some macros that I'm not familiar with, although I'm not 
an mdoc expert.


The other area that I'm interested in is how you plan to have cached 
interact with DNS lookups, /etc/hosts, named, etc. If there was a project 
plan posted somewhere on this already and I missed it, please accept my 
apologies, and send along a reference. If not, I'm very interested to hear 
what your plans are.


Regards,

Doug


--

This .signature sanitized for your protection

___
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Re: [PATCH] caching daemon release and nsswitch patches

2005-08-27 Thread Dan Nelson
In the last episode (Aug 27), Michael Bushkov said:
> Please try the patches and send me your feedback. I also hope that
> there are no reasons not to merge changes, which were made to libc
> (they are in include.diff and libc.diff) into the CURRENT. As for the
> caching daemon (usr.sbin.diff patch) - I also think that it could be
> merged into the CURRENT.

I applied the patches to 5-stable (only minor conflicts) and I'm
getting an assertion failure in cached running "id" as root:

Assertion failed: (key_var != NULL), function ht_item_hash_func, file 
/usr/src/usr.sbin/cached/cachelib/cachelib.c, line 34.

You should probably convert cached's argument processing to use getopt,
btw.

-- 
Dan Nelson
[EMAIL PROTECTED]
___
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


[PATCH] caching daemon release and nsswitch patches

2005-08-27 Thread Michael Bushkov
Hi! I'm working on nsswitch improvement (during the Google Summer of Code 
program. And, as the deadline is close, I'd like to make some kind of 
release. Actually there would be 2 releases, this is the first.


This release includes 3 patches. They could be found in the Perforce 
repository:

http://perforce.freebsd.org/fileDownLoad.cgi?FSPC=//depot/projects/soc2005/nsswitch%5fcached/patches/include.diff&REV=1
http://perforce.freebsd.org/fileDownLoad.cgi?FSPC=//depot/projects/soc2005/nsswitch%5fcached/patches/libc.diff&REV=1
http://perforce.freebsd.org/fileDownLoad.cgi?FSPC=//depot/projects/soc2005/nsswitch%5fcached/patches/usr.sbin.diff&REV=1

or on my mirror:
http://www.rsu.ru/~bushman/cached/downloads/patchset1/include.diff
http://www.rsu.ru/~bushman/cached/downloads/patchset1/libc.diff
http://www.rsu.ru/~bushman/cached/downloads/patchset1/usr.sbin.diff

Some words on how to use and what it gives:
include.diff and libc.diff should be applied like that:
from usr/src: patch -p0 < include.diff,
from usr/src/lib: patch -p0 < libc.diff

Features, which would be added by these patches:
- services-related functions (getserv*) will use nsswitch
- rpc-related functions (getrpc*) will use nsswitch
- protocols-related functions (getproto*) will use nsswitch
- "services", "rpc" and "protocols" sources would be available in 
nsswitch.conf file


One of my major tasks was to add caching ability to the nsswitch. So, 
these patches also would do it for the following nsswitch sources:

- passwd
- group
- services
- rpc
- protocols

To make caching work, you'll require the caching daemon. It is in the 
usr.sbin patch (should be applied from usr/src: patch -p0 < 
usr.sbin.diff). The caching daemon will be in /usr/sbin folder, its 
configuration and startup files will be in /etc folder. cached(8) and 
cached.conf(5) man pages would be availabe. To enable caching, just add 
"cache" source to the appropriate nsswitch.conf line (the "cache" source 
should be the first source for the database and it can't be used with the 
"compat" source).


Please try the patches and send me your feedback. I also hope that there 
are no reasons not to merge changes, which were made to libc (they are in 
include.diff and libc.diff) into the CURRENT.
As for the caching daemon (usr.sbin.diff patch) - I also think that it 
could be merged into the CURRENT.


In the second release (will happen in 1-2 days - it needs additional 
testing) i'll add caching support for other nsswitch databases (the most 
important is the host database support, I believe).


With best regards,
Michael Bushkov
Rostov State University
___
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[EMAIL PROTECTED]"