Re: IPC nsswitch implementation (fwd)
On Fri, 5 Mar 2004, Michael Bushkov wrote: Some time ago there was a discussion concerning in-process vs. IPC nsswitch implementation. We agreed that we should develop an example of IPC implementation and ask for a discussion. We are glad to present you sample implementation of the IPC nsswitch model. can you release a new version with copyright and license information for each source file? has any further work been done since the original release? Of course we can. We will release the new version approximtely in the end of the next week. It will be under BSD license. It changed much from the original release. We added caching and ported PADL nss_ldap module (changes are minimal, and they mostly reside in bsdnss.c file, which is FreeBSD specific). We are currently working on get**ent functions. And we will include them in the new release. The new FreeBSD committer, Christian Peron also has worked on project, related to the LookupD. And we are currently discussing the future of our projects. -- Michael Bushkov Software Engineer, Rostov State University ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IPC nsswitch implementation
On Fri, 5 Mar 2004, Michael Bushkov wrote: Some time ago there was a discussion concerning in-process vs. IPC nsswitch implementation. We agreed that we should develop an example of IPC implementation and ask for a discussion. We are glad to present you sample implementation of the IPC nsswitch model. can you release a new version with copyright and license information for each source file? has any further work been done since the original release? -- ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IPC nsswitch implementation
On Fri, 5 Mar 2004, Jordan K Hubbard wrote: Why not use a UNIX domain socket as the transport and then use credential passing to pass the credentials lookupd should use to do the lookup? that was my thought.. the credential information passing must be useful for something :-) On Mar 5, 2004, at 1:27 PM, Michael Bushkov wrote: When you're using current nss-modules they work as part of your program - and geteuid functions work correctly. But when lookupd is used, euid of the process is lookupds' euid. -- Jordan Hubbard Engineering Manager, BSD Technology Group Apple Computer ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IPC nsswitch implementation
Hello! What do you mean exactly by saying not as functional? Michael Bushkov Software Engineer, Rostov State University On Fri, 5 Mar 2004, Jordan K Hubbard wrote: Sounds similar to, but not as functional as, the lookupd in Mac OS X. :) On Mar 5, 2004, at 12:45 AM, Michael Bushkov wrote: We want you to look at this lookupd. It would be great for us to know if you like or not the way we made it. And we also want to know if this project can be added to FreeBSD project. -- Jordan Hubbard Engineering Manager, BSD Technology Group Apple Computer ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IPC nsswitch implementation
[We need to pick a list and stop cross-posting. I pick [EMAIL PROTECTED]'.] On Fri, Mar 05, 2004 at 10:41:33PM +0300, Michael Bushkov wrote: The problem of using Darwin's lookupd was discussed some time ago in the freebsd-arch mailing list. It seems to me that the way to port Darwin's lookupd on FreeBSD was not found, was it? Jordan's message was the first I recall mentioning lookupd. I took a quick peek, seems neat. I'd like to take some more time to examine the APIs it presents. I also intend to look at what you have. Our implementation of lookupd is a demonstration of the approach for the FreeBSD-specific IPC implementation of nsswitch. Its architecture is flexible enough to implement all the features you have mentioned. The version that we have sent isn't a finished project. It's in the development stage and caching is currently our main task. We hope to make caching in the nearest future. We'll try to release stable and quite full version (i mean caching, LDAP module and so on) as soon as we can. You're not going to have to write your own modules (like LDAP), are you? That seems like a big drawback. Our questions are: 1) What do you think about our whole approach to the IPC implementation development? 2) Is there an opportunity to use our implementation of lookupd in the FreeBSD project? We'll be glad to hear your opinion. I'll certainly look at what you have and send comments to this list, but I'm afraid it won't be immediate. You may also want to ping NetBSD guys. Cheers, -- Jacques Vidrine / [EMAIL PROTECTED] / [EMAIL PROTECTED] / [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IPC nsswitch implementation
Sounds similar to, but not as functional as, the lookupd in Mac OS X. :) On Mar 5, 2004, at 12:45 AM, Michael Bushkov wrote: We want you to look at this lookupd. It would be great for us to know if you like or not the way we made it. And we also want to know if this project can be added to FreeBSD project. -- Jordan Hubbard Engineering Manager, BSD Technology Group Apple Computer ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
IPC nsswitch implementation
Hello! Some time ago there was a discussion concerning in-process vs. IPC nsswitch implementation. We agreed that we should develop an example of IPC implementation and ask for a discussion. We are glad to present you sample implementation of the IPC nsswitch model. http://rsu.ru/~bushman/lookupd-0.1.1.tar.gz It currently has many limitations but should be suitable for demonstration of our approach. There is a daemon and client part in this project. After executing make in daemon folder you'll get: 1) lookupd daemon - it should be run by root. And (!) you should be in the lookupd folder - daemon will search for it's modules in ./modules. 2) nsswrapper/nss_lookupd.so - a plug-in for current nsswitch implementation. It should be placed as nss_lookupd.so.1 in /usr/local/lib. lookupd.conf is the daemon configuration file. It has the same syntax as nsswitch.conf. It should be placed in /etc. Examples of lookupd.conf and nsswitch.conf (needed to use lookupd) are in the archive. Daemon uses shared modules (dns, files and so on). Currently following function can use lookupd: - passwd functions - files module - group function - files module - gethostby* functions - files and dns module. We took the code for dns modules from current libc. So it's not thread safe and can be buggy, because daemon is multi-threaded. It was made just to show module-structure capabilities. Later, we'll make normal reentrant resolver. When daemon is running, it sends a lot of info to stdout. It's the way to make you able to know, that it works. There is currently no caching functions in daemon. But it's quite easy to add them - and it will be done in the nearest future. We want you to look at this lookupd. It would be great for us to know if you like or not the way we made it. And we also want to know if this project can be added to FreeBSD project. Please keep CC line of the message, so that all of our developers could read your replies. Michael Bushkov Software Engineer, Rostov State University ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IPC nsswitch implementation
The Mac OS X lookupd does aggressive caching with cache invalidation support, supports the notion of flushing the cache on certain events (like when you reconfigure your network interfaces or switch authentication plugins), and quite a few other things. No surprise, really, given that it's been around for years. Julian was asking where to find it, and for those who get lost navigating Apple's darwin site, there's also opendarwin's cvsweb interface. Darwin's nsswitch implementation lives in Libinfo, of which lookupd is a sub-project: http://cvs.opendarwin.org/index.cgi/src/Libinfo/ - Jordan On Mar 5, 2004, at 6:46 AM, Michael Bushkov wrote: Hello! What do you mean exactly by saying not as functional? Michael Bushkov Software Engineer, Rostov State University On Fri, 5 Mar 2004, Jordan K Hubbard wrote: Sounds similar to, but not as functional as, the lookupd in Mac OS X. :) On Mar 5, 2004, at 12:45 AM, Michael Bushkov wrote: We want you to look at this lookupd. It would be great for us to know if you like or not the way we made it. And we also want to know if this project can be added to FreeBSD project. -- Jordan Hubbard Engineering Manager, BSD Technology Group Apple Computer ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-arch To unsubscribe, send any mail to [EMAIL PROTECTED] -- Jordan Hubbard Engineering Manager, BSD Technology Group Apple Computer ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IPC nsswitch implementation
The Mac OS X lookupd does aggressive caching with cache invalidation support, supports the notion of flushing the cache on certain events (like when you reconfigure your network interfaces or switch authentication plugins), and quite a few other things. No surprise, really, given that it's been around for years. Julian was asking where to find it, and for those who get lost navigating Apple's darwin site, there's also opendarwin's cvsweb interface. Darwin's nsswitch implementation lives in Libinfo, of which lookupd is a sub-project: http://cvs.opendarwin.org/index.cgi/src/Libinfo/ - Jordan The problem of using Darwin's lookupd was discussed some time ago in the freebsd-arch mailing list. It seems to me that the way to port Darwin's lookupd on FreeBSD was not found, was it? Our implementation of lookupd is a demonstration of the approach for the FreeBSD-specific IPC implementation of nsswitch. Its architecture is flexible enough to implement all the features you have mentioned. The version that we have sent isn't a finished project. It's in the development stage and caching is currently our main task. We hope to make caching in the nearest future. We'll try to release stable and quite full version (i mean caching, LDAP module and so on) as soon as we can. Our questions are: 1) What do you think about our whole approach to the IPC implementation development? 2) Is there an opportunity to use our implementation of lookupd in the FreeBSD project? We'll be glad to hear your opinion. Michael Bushkov, Software Engineer, Rostov State University ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IPC nsswitch implementation
On Fri, Mar 05, 2004 at 10:41:33PM +0300, Michael Bushkov wrote: Our implementation of lookupd is a demonstration of the approach for the FreeBSD-specific IPC implementation of nsswitch. Its architecture is flexible enough to implement all the features you have mentioned. The version that we have sent isn't a finished project. It's in the development stage and caching is currently our main task. We hope to make caching in the nearest future. We'll try to release stable and quite full version (i mean caching, LDAP module and so on) as soon as we can. Our questions are: 1) What do you think about our whole approach to the IPC implementation development? 2) Is there an opportunity to use our implementation of lookupd in the FreeBSD project? The thing that I'm most interested in is getting support for the existing NSS modules out there (nss_ldap being my personal interest). Is there a way with the IPC based model to make the existing in-process modules (I'm thinking nss_winbind and nss_ldap) work with the IPC daemon? If not, I doubt you'll get a whole lot of support for the IPC model because it will cause us to incur a maintence cost to make these other very useful modules work. -gordon pgp0.pgp Description: PGP signature
Re: IPC nsswitch implementation
I understand this. There are some problems in making current nss-modules compatible with our implementation. The main problem is process euid. When you're using current nss-modules they work as part of your program - and geteuid functions work correctly. But when lookupd is used, euid of the process is lookupds' euid. And that's a problem. There are two possible solutions, i think: 1) We can run 2 daemons. One with root euid. And one with simple user euid. Client side will choose one or another to connect. But this way is rather expensive. 2) We can try to change geteuid function in modules for our function, which will return thread-specific value, which would be set by daemon. The minus is that we, however, will need to recompile nss-modules. And another thing. When we use lookupd daemon we can optimize it work much. For example, modules can use persistent-connections. It can be very useful. But, returning to your question :) It is possible, i think. There are some disadvantages, but it's possible. Of course, using modules, developed for lookupd would be better, but as compatibility decision we can try to implement usage of current nss-modules. Michael Bushkov, Software Engineer, Rostov State University On Fri, 5 Mar 2004, Gordon Tetlow wrote: On Fri, Mar 05, 2004 at 10:41:33PM +0300, Michael Bushkov wrote: Our implementation of lookupd is a demonstration of the approach for the FreeBSD-specific IPC implementation of nsswitch. Its architecture is flexible enough to implement all the features you have mentioned. The version that we have sent isn't a finished project. It's in the development stage and caching is currently our main task. We hope to make caching in the nearest future. We'll try to release stable and quite full version (i mean caching, LDAP module and so on) as soon as we can. Our questions are: 1) What do you think about our whole approach to the IPC implementation development? 2) Is there an opportunity to use our implementation of lookupd in the FreeBSD project? The thing that I'm most interested in is getting support for the existing NSS modules out there (nss_ldap being my personal interest). Is there a way with the IPC based model to make the existing in-process modules (I'm thinking nss_winbind and nss_ldap) work with the IPC daemon? If not, I doubt you'll get a whole lot of support for the IPC model because it will cause us to incur a maintence cost to make these other very useful modules work. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IPC nsswitch implementation
Why not use a UNIX domain socket as the transport and then use credential passing to pass the credentials lookupd should use to do the lookup? On Mar 5, 2004, at 1:27 PM, Michael Bushkov wrote: When you're using current nss-modules they work as part of your program - and geteuid functions work correctly. But when lookupd is used, euid of the process is lookupds' euid. -- Jordan Hubbard Engineering Manager, BSD Technology Group Apple Computer ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]